CHANGELOG.md

GraphQL Authentication Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

1.5.0 - 2021-02-24

Added

• Added ability to set JWT Secret Key and Social app IDs/secrets via environment variables (thanks to @dorineal for the pull request!)

1.4.4 - 2021-02-20

Fixed

• Fixed issue with users not being activated through the setPassword mutation (#38 via @magicspon)

1.4.3 - 2021-02-11

Fixed

• Fixed issue with tokens being removed before they had expired

1.4.2 - 2021-02-01

Changed

• Improved performance of clearing expired tokens
• Removed deprecated getUser and updateUser – use viewer and updateViewer instead
• User types/fragments now need to be spread in authentication responses (see here)

Fixed

• Fixed issue with entry/category/asset fields not saving on register or updateViewer mutations (#35 via @howells)
• Fixed compatibility issue with Craft 3.6.x (#36 via @benrnorman)

1.4.1 - 2021-01-19

Fixed

• Fixed issue with refreshToken mutation not always working in production environments

1.4.0 - 2020-12-30

Added

• Added support for Sign in with Apple (#14)
• Added support for limiting user groups to Craft multi-site sites
• Added viewer query (#30 via @tam)
• Added updateViewer mutation (#30 via @tam)

Changed

• Removed support for non-JWT tokens (note: this is a breaking change)
• Deprecated getUser query (this will be removed in a future release) (#30 via @tam)
• Deprecated updateUser mutation (this will be removed in a future release) (#30 via @tam)
• Improved error handling, production environments now return useful error messages and codes instead of Internal server error (#31 via @tam)

Fixed

• Fixed issue with authorId restrictions sometimes causing incorrect results to be returned (#34 via @daltonrooney)
• Fixed issue with users being able to assign themselves schemas, using social mutations (via @daltonrooney)

1.3.3 - 2020-12-10

Changed

• jwtExpiresAt and refreshTokenExpiresAt are now returned in milliseconds to make JS validation simpler (this will always end in 000 as token expiry is stored in seconds in the database)

1.3.2 - 2020-12-08

Fixed

• Actually fix Invalid Authorization Header on queries/mutations against the public schema (#23 via @approached)
• Fix issue where tokens decoded from JWTs weren't being passed to the GraphQL API controller properly (#28 via @daltonrooney)

1.3.1 - 2020-12-07

Fixed

• Ensure isGraphiqlRequest detects GraphiQL requests properly (#23 via @approached)

1.3.0 - 2020-12-06

Added

• Much improved documentation!
• Added JWT and refresh token support (#3 thanks to @timkelty)
• Added support for Log in with Twitter
• Added support for Facebook login
• Added ability to customise response and error messages

Changed

• Deprecated non-JWT tokens, these will be removed in version 1.4.0. JWTs provide greater flexibility and security

Fixed

• Fixed an issue where non-user tokens were being restricted (#19 via @menberg)
• Fixed an issue where family_name might not be defined in Google Sign-In (#25 via @daltonrooney)
• Fixed an issue where the plugin settings screen would error if a deleted schema was assigned to a user group (#26 via @daltonrooney)

1.2.2 - 2020-12-01

Fixed

• Fixed issue with Auth GQL type not registering properly in production mode

1.2.1 - 2020-12-01

Fixed

• Fixed issue with requests against the public schema throwing Invalid Authorization Header

1.2.0 - 2020-11-26

Added

• Added ability to disable user registration
• Added per user group schema assignment, user group assignment, and granular schema permissions (a register mutation is added for each group, if enabled)
• Added Google Sign-In support (adds a single googleSignIn mutation, or mutations per user group, depending on settings)
• Added SameSite cookie policy control
• Added unique, per user caching, to ensure users never see each other's cached queries
• Added a schema field to the authentication mutation responses

Changed

• Reworked the plugins settings into a tabbed interface
• The register mutation now listens to the requireEmailVerification setting in user settings – creating users in a pending state, and sending an activation email
• Tokens are now created using microtime() instead of time() to avoid any name conflicts

Fixed

• Fixed some deprecation errors

Misc

• Lots of under-the-hood tidying to make maintenance a lot easier

1.1.8 - 2020-11-14

Fixed

• Fixed issue with saving token expiry as 'never'

1.1.7 - 2020-11-13

Fixed

• Fixed issue with trailing commas in function calls causing an error on environments running PHP <7.3

1.1.6 - 2020-11-11

Fixed

• Fixed issue with updatePassword mutation failing validation
• Fixed issue with custom fields on users not setting correct values on register and updateUser mutations

1.1.5 - 2020-11-10

Fixed

• Fixed issue with project config sync throwing Calling unknown method: craft\console\Request::getBodyParam()

1.1.4 - 2020-11-09

Improved

• Improved isGraphiqlRequest detection

1.1.3 - 2020-11-09

Fixed

• Fixed issues with non-user tokens throwing Invalid Authorization Header. Previously it was always trying to validate queries against user permissions, but this was causing conflicts with tokens that will only be used server-side (i.e. in Next.js SSG requests)

1.1.2 - 2020-11-09

Fixed

• Added empty fallback to Craft::$app->getRequest()->getReferrer(), to fix error if referrer is blank

1.1.1 - 2020-11-09

Fixed

• Fixed issue with isGraphiqlRequest always returning true, breaking Craft's GraphiQL explorer

1.1.0 - 2020-11-04

Added

• Added support for HTTP-Only cookie tokens, improving security (thanks @timkelty)

1.0.1 - 2020-11-03

Added

• Update lastLoginDate on users when running authenticate/register mutations

1.0.0 - 2020-11-03

Added

• Initial release