Fixed:

• Session authentication middleware now correctly short-circuits if authentication already succeeded (#68, #69)

Fix issue where people taking the latest release would get compile errors from pulling in incorrect Vapor version

Fixed:

• Fixed an issue where a new, empty session would be created after unauthenticating a user and destroying the session at the same time. (#60, #59)

Fixed:

• Moved HTTP bearer and basic auth helpers to vapor/http package. (#54)
• req.unauthenticate(...) now correctly destroys session. (#52)

Auth 2.0 is here 🎉 👤 Authentication and Authorization framework for Fluent (Authorization coming soon).

The Auth API Template has also been updated:

vapor new Hello --template=auth-template

Docs: https://docs.vapor.codes/3.0/auth/getting-started/

API Docs: https://api.vapor.codes/auth/latest/Authentication

Fixed:

• Updated to latest Fluent RCs.

Fixed:

• Token authentication middleware no longer throws if not authenticated. (#42)
• Fixed an issue where UserIDType typealias was required. (#41)

New:

• Added GuardAuthenticationMiddleware. Authentication middlewares will no longer fail if they cannot authenticate a user. This allows the package's middlewares to be composed together to do multiple authentication types on a single route.

Use Authenticatable.guardAuthMiddleware() to restore this error throwing behavior.

let protected = router.grouped(
    User.basicAuthMiddleware(...),
    User.guardAuthMiddleware()
)
protected.get("test") { req in
    return "This route is protected"
}

note: calling requireAuthenticated will always throw an error if User is not authed, regardless of the presence of GuardAuthenticationMiddleware.

Fixed:

• Authenticatable protocols have had Model requirements removed. Free conformance still applies where Model conformance exists.
• Crypto module is now being exported by default.

Milestone: 2.0.0-rc.4

New:

• Added req.unauthenticate(...) method to unauth the user for the lifetime of the request.

Fixed:

• Using http dependency now.

New:

• Vapor is now running on Swift NIO!

Fixed:

• Fixed some issues with session persistence using MemorySessions.

Milestone

PRs:

• #25 - UserIDKey typealias
• #26 - add ability to log out and tidy up database connections

Breaking changes:

• SessionAuthenticatable is now required to enable session authentication for Users with cookies

New:

• Update to latest Fluent beta.
• Loosen ReferenceWritableKeyPath requirements to WritableKeyPath

Fixed:

• Updates dependency maximum to latest betas.

Fixed:

• Updated to Vapor Beta 2

Fixed:

• Fixed basic auth separator parsing.

Milestone

New:

• Swift 4 support

Milestone

New:

• Add AuthorizationHeader initializers.

Milestone

Authentication and Authorization layer for Fluent.

New:

• PR #6

The signature for verifying passwords in the PasswordVerifier has been changed to make it nicer to call and to fit in with real implementations.

When verifying your password it now looks like:

let passwordVerified = passwordVerifier.verify(password: password, matches: hash)

They verify function now takes Bytes as the default argument but there is an extension for anything conforming to BytesConvertible.

New:

• Updated readme + CI
• Use latest Fluent

New:

• Use Beta packages

New:

• Add an add(permission: ...) convenience
• Readme

Simplified authentication and authorization layer on top of Fluent.