Skip to content

Commit e25774e

Browse files
SandPodSandPod
authored
chore: Bumps version to 2.7.0 (#280)
1 parent 432f41d commit e25774e

File tree

109 files changed

+11591
-253
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

109 files changed

+11591
-253
lines changed

docs/06-concepts/11-authentication/01-setup.md

Lines changed: 30 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -89,35 +89,35 @@ void run(List<String> args) async {
8989
9090
```
9191

92-
| **Property** | **Description** | **Default** |
93-
|:-------------|:----------------|:-----------:|
94-
| **allowUnsecureRandom** | True if unsecure random number generation is allowed. If set to false, an error will be thrown if the platform does not support secure random number generation. | false |
95-
| **emailSignInFailureResetTime** | The reset period for email sign in attempts. Defaults to 5 minutes. | 5min |
96-
| **enableUserImages** | True if user images are enabled. | true |
97-
| **extraSaltyHash** | True if the server should use the accounts email address as part of the salt when storing password hashes (strongly recommended). | true |
98-
| **firebaseServiceAccountKeyJson** | Firebase service account key JSON file. Generate and download from the Firebase console. | - |
99-
| **importUserImagesFromGoogleSignIn** | True if user images should be imported when signing in with Google. | true |
100-
| **legacyUserSignOutBehavior** | Defines the default behavior for the deprecated `signOut` method used in the status endpoint. This setting controls whether users are signed out from all active devices (`SignOutOption.allDevices`) or just the current device (`SignOutOption.currentDevice`). | `SignOutOption.allDevices` |
101-
| **maxAllowedEmailSignInAttempts** | Max allowed failed email sign in attempts within the reset period. | 5 |
102-
| **maxPasswordLength** | The maximum length of passwords when signing up with email. | 128 |
103-
| **minPasswordLength** | The minimum length of passwords when signing up with email. | 8 |
104-
| **onUserCreated** | Called after a user has been created. Listen to this callback if you need to do additional setup. | - |
105-
| **onUserUpdated** | Called whenever a user has been updated. This can be when the user name is changed or if the user uploads a new profile picture. | - |
106-
| **onUserWillBeCreated** | Called when a user is about to be created, gives a chance to abort the creation by returning false. | - |
107-
| **passwordResetExpirationTime** | The time for password resets to be valid. | 24h |
108-
| **sendPasswordResetEmail** | Called when a user should be sent a reset code by email. | - |
109-
| **sendValidationEmail** | Called when a user should be sent a validation code on account setup. | - |
110-
| **userCanEditFullName** | True if users can edit their full name. | false |
111-
| **userCanEditUserImage** | True if users can update their profile images. | true |
112-
| **userCanEditUserName** | True if users can edit their user names. | true |
113-
| **userCanSeeFullName** | True if users can view their full name. | true |
114-
| **userCanSeeUserName** | True if users can view their user name. | true |
115-
| **userImageFormat** | The format used to store user images. | jpg |
116-
| **userImageGenerator** | Generator used to produce default user images. | - |
117-
| **userImageQuality** | The quality setting for images if JPG format is used. | 70 |
118-
| **userImageSize** | The size of user images. | 256 |
119-
| **userInfoCacheLifetime** | The duration which user infos are cached locally in the server. | 1min |
120-
| **validationCodeLength** | The length of the validation code used in the authentication process. This value determines the number of digits in the validation code. Setting this value to less than 3 reduces security. | 8 |
92+
| **Property** | **Description** | **Default** |
93+
| :----------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------: |
94+
| **allowUnsecureRandom** | True if unsecure random number generation is allowed. If set to false, an error will be thrown if the platform does not support secure random number generation. | false |
95+
| **emailSignInFailureResetTime** | The reset period for email sign in attempts. Defaults to 5 minutes. | 5min |
96+
| **enableUserImages** | True if user images are enabled. | true |
97+
| **extraSaltyHash** | True if the server should use the accounts email address as part of the salt when storing password hashes (strongly recommended). | true |
98+
| **firebaseServiceAccountKeyJson** | Firebase service account key JSON file. Generate and download from the Firebase console. | - |
99+
| **importUserImagesFromGoogleSignIn** | True if user images should be imported when signing in with Google. | true |
100+
| **legacyUserSignOutBehavior** | Defines the default behavior for the deprecated `signOut` method used in the status endpoint. This setting controls whether users are signed out from all active devices (`SignOutOption.allDevices`) or just the current device (`SignOutOption.currentDevice`). | `SignOutOption.allDevices` |
101+
| **maxAllowedEmailSignInAttempts** | Max allowed failed email sign in attempts within the reset period. | 5 |
102+
| **maxPasswordLength** | The maximum length of passwords when signing up with email. | 128 |
103+
| **minPasswordLength** | The minimum length of passwords when signing up with email. | 8 |
104+
| **onUserCreated** | Called after a user has been created. Listen to this callback if you need to do additional setup. | - |
105+
| **onUserUpdated** | Called whenever a user has been updated. This can be when the user name is changed or if the user uploads a new profile picture. | - |
106+
| **onUserWillBeCreated** | Called when a user is about to be created, gives a chance to abort the creation by returning false. | - |
107+
| **passwordResetExpirationTime** | The time for password resets to be valid. | 24h |
108+
| **sendPasswordResetEmail** | Called when a user should be sent a reset code by email. | - |
109+
| **sendValidationEmail** | Called when a user should be sent a validation code on account setup. | - |
110+
| **userCanEditFullName** | True if users can edit their full name. | false |
111+
| **userCanEditUserImage** | True if users can update their profile images. | true |
112+
| **userCanEditUserName** | True if users can edit their user names. | true |
113+
| **userCanSeeFullName** | True if users can view their full name. | true |
114+
| **userCanSeeUserName** | True if users can view their user name. | true |
115+
| **userImageFormat** | The format used to store user images. | jpg |
116+
| **userImageGenerator** | Generator used to produce default user images. | - |
117+
| **userImageQuality** | The quality setting for images if JPG format is used. | 70 |
118+
| **userImageSize** | The size of user images. | 256 |
119+
| **userInfoCacheLifetime** | The duration which user infos are cached locally in the server. | 1min |
120+
| **validationCodeLength** | The length of the validation code used in the authentication process. This value determines the number of digits in the validation code. Setting this value to less than 3 reduces security. | 8 |
121121

122122
## Client setup
123123

@@ -247,7 +247,7 @@ Returns `true` if the user is successfully signed out from all devices, or `fals
247247

248248
:::info
249249

250-
The `signOut` method is deprecated. This method calls the deprecated `signOut` status endpoint. For additional details, see the [deprecated signout endpoint](basics#deprecated-signout-endpoint) section. Use `signOutDevice` or `signOutAllDevices` instead.
250+
The `signOut` method is deprecated. This method calls the deprecated `signOut` status endpoint. For additional details, see the [deprecated signout endpoint](basics#sign-out-all-devices) section. Use `signOutDevice` or `signOutAllDevices` instead.
251251

252252
```dart
253253
await sessionManager.signOut(); // Deprecated

docs/06-concepts/11-authentication/02-basics.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,6 @@ await client.modules.auth.status.signOutAllDevices();
132132
This status endpoint retrieves the user ID from session's authentication information, then revokes all authentication keys related to that user.
133133

134134
:::info
135-
<span id="deprecated-signout-endpoint"></span>
136135
The `signOut` status endpoint is deprecated. Use `signOutDevice` or `signOutAllDevices` instead.
137136

138137
```dart

docs/06-concepts/15-streams.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ Authentication is seamlessly integrated into streaming method calls. When a clie
7777

7878
Authentication is validated when the stream is first established, utilizing the authentication data stored in the `Session` object. If a user's authentication is subsequently revoked—requiring denial of access to the stream—the stream will be promptly closed, and an exception will be thrown.
7979

80-
For more details on handling revoked authentication, refer to the section on [handling revoked authentication](authentication/custom-overrides#Handling-revoked-authentication).
80+
For more details on handling revoked authentication, refer to the section on [handling revoked authentication](authentication/custom-overrides#handling-revoked-authentication).
8181

8282
### Error handling
8383

docs/06-concepts/16-server-events.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,13 @@ The event message system is accessed on the `Session` object through the field `
88

99
Here is a quick reference to the key messaging methods:
1010

11-
| Method | Description |
12-
|--------|---------|
13-
| `postMessage` | Send a message to a channel. |
14-
| `addListener` | Add a listener to a channel. |
15-
| `removeListener` | Remove a listener from a channel. |
16-
| `createStream` | Create a stream that listens to a channel. |
17-
| `revokeAuthentication` | Revoke authentication tokens. |
11+
| Method | Description |
12+
| ---------------------- | ------------------------------------------ |
13+
| `postMessage` | Send a message to a channel. |
14+
| `addListener` | Add a listener to a channel. |
15+
| `removeListener` | Remove a listener from a channel. |
16+
| `createStream` | Create a stream that listens to a channel. |
17+
| `revokeAuthentication` | Revoke authentication tokens. |
1818

1919
## Sending messages
2020

@@ -107,4 +107,4 @@ In the above example, the listener is first added and then removed from the `use
107107

108108
## Revoke authentication
109109

110-
The messaging interface also exposes a method for revoking authentication. For more details on handling revoked authentication, refer to the section on [handling revoked authentication](authentication/custom-overrides#Handling-revoked-authentication).
110+
The messaging interface also exposes a method for revoking authentication. For more details on handling revoked authentication, refer to the section on [handling revoked authentication](authentication/custom-overrides#handling-revoked-authentication).

docusaurus.config.js

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ const config = {
1212
url: 'https://serverpod.github.io',
1313
baseUrl: '/',
1414
onBrokenLinks: 'throw',
15+
onBrokenAnchors: 'throw',
1516
onBrokenMarkdownLinks: 'warn',
1617
favicon: 'img/favicon.png',
1718
organizationName: 'serverpod', // Usually your GitHub org/user name.
@@ -186,19 +187,14 @@ const config = {
186187
to: '/contribute',
187188
},
188189
{
189-
// Moved in version 2.5.0+2
190+
// Moved in version 2.7.0
190191
from: ['/get-started'],
191-
to: '/get-started/overview',
192-
},
193-
{
194-
// Moved in version 2.5.0+2
195-
from: ['/get-started-with-mini'],
196-
to: '/get-started/get-started-with-mini',
192+
to: '/get-started/creating-endpoints',
197193
},
198194
],
199195
},
200196
],
201197
],
202198
};
203199

204-
module.exports = config;
200+
module.exports = config;

versioned_docs/version-2.1.0/06-concepts/11-authentication/05-custom-overrides.md

Lines changed: 38 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ When running a custom auth integration it is up to you to build the authenticati
88

99
### Token validation
1010

11-
The token validation is performed by providing a custom `authenticationHandler` callback when initializing Serverpod. The callback should return an `AuthenticationInfo` object if the token is valid, otherwise `null`.
11+
The token validation is performed by providing a custom `AuthenticationHandler` callback when initializing Serverpod. The callback should return an `AuthenticationInfo` object if the token is valid, otherwise `null`.
1212

1313
```dart
1414
// Initialize Serverpod and connect it with your generated code.
@@ -31,6 +31,10 @@ In the above example, the `authenticationHandler` callback is overridden with a
3131
In the authenticationHandler callback the `authenticated` field on the session will always be `null` as it is the authenticationHandler that figures out who the user is.
3232
:::
3333

34+
:::info
35+
By specifying the optional `authId` field in the `AuthenticationInfo` object you can link the user to a specific authentication id. This is useful when revoking authentication for a specific device.
36+
:::
37+
3438
#### Scopes
3539

3640
The scopes returned from the `authenticationHandler` is used to grant access to scope restricted endpoints. The `Scope` class is a simple wrapper around a nullable `String` in dart. This means that you can format your scopes however you want as long as they are in a String format.
@@ -42,6 +46,39 @@ List<String> scopes = extractScopes(token);
4246
Set<Scope> userScopes = scopes.map((scope) => Scope(scope)).toSet();
4347
```
4448

49+
### Handling revoked authentication
50+
51+
When a user's authentication is revoked, the server must be notified to respect the changes (e.g. to close method streams). Invoke the `session.messages.authenticationRevoked` method and raise the appropriate event to notify the server.
52+
53+
```dart
54+
var userId = 1;
55+
var revokedScopes = ['write'];
56+
var message = RevokedAuthenticationScope(
57+
scopes: revokedScopes,
58+
);
59+
60+
await session.messages.authenticationRevoked(
61+
userId,
62+
message,
63+
);
64+
```
65+
66+
##### Parameters
67+
68+
- `userId` - The user id belonging to the `AuthenticationInfo` object to be revoked.
69+
- `message` - The revoked authentication event message. See below for the different type of messages.
70+
71+
#### Revoked authentication messages
72+
There are three types of `RevokedAuthentication` messages that are used to specify the extent of the authentication revocation:
73+
74+
| Message type | Description |
75+
|-----------|-------------|
76+
| `RevokedAuthenticationUser` | All authentication is revoked for a user. |
77+
| `RevokedAuthenticationAuthId` | A single authentication id is revoked for the user. This should match the `authId` field in the `AuthenticationInfo` object. |
78+
| `RevokedAuthenticationScope` | List of scopes that have been revoked for a user. |
79+
80+
Each message type provides a tailored approach to revoke authentication based on different needs.
81+
4582
### Send token to client
4683

4784
You are responsible for implementing the endpoints to authenticate/authorize the user. But as an example such an endpoint could look like the following.

0 commit comments

Comments
 (0)