Releases: dev-xo/remix-auth-totp
v3.4.2
What's Changed
- Replace Buffer with equivalent
Uint8Arrayandcryptowith Web Crypto by @bitofbreeze in #74
New Contributors
- @bitofbreeze made their first contribution in #74
Full Changelog: v3.4.1...v3.4.2
Contributors
Assets 2
v3.4.1
v3.4.0
What's Changed
- [ Feat ] Add error for magic link in another Browser Instance by @AndrewJudson in #67
New Contributors
- @AndrewJudson made their first contribution in #67
Full Changelog: v3.3.0...v3.4.0
Contributors
Assets 2
v3.3.0
What's Changed
- [ Docs ] Update README.md by @brianbancroft in #59
- [ Fix ] Update documentation. by @mw10013 in #61
- [ Fix ] Update code examples. by @brianbancroft in #62
- [ Feat ]: Pass a pre-read FormData object via context. by @themkvz @mw10013 in #64
New Contributors
- @brianbancroft made their first contribution in #59
- @themkvz made their first contribution in #60
Full Changelog: v3.2.0...v3.3.0
Contributors
Assets 2
v3.2.0
What's Changed
This release is focused on bringing enhanced security improvements.
A quick summary of the changes and updates applied:
- Improved security through the use of JWE encryption for hashing algorithms.
- Expanded character set and updated default hashing algorithm to SHA256.
- Removed the default TOTP generation secret, which was never used in practice.
- Implemented various refactoring efforts to improve code maintainability and readability.
- Older versions below
v3.2.0have been deprecated.
Example Templates have also been updated reflecting these new changes.
Huge thanks to @ryan0x44 who let us know about a critical security issue this release has fixed. And as always, a million thanks to @mw10013 for the time invested and the effort put into the library itself.
Full Changelog: v3.1.0...v3.2.0
Contributors
Assets 2
v3.1.0
What's Changed
- feat: Support passing
AppLoadContextas context tosendTOTPand verify by @ryan0x44 in #53 - docs: Fix
maxAgeunit from milliseconds to seconds. by @lean-dev in #51 - docs: Minor documentation updates.
New Contributors
Full Changelog: v3.0.0...v3.1.0
Contributors
Assets 2
v3.0.0
What's Changed
Remix Auth TOTP v3 is here! 🎉
This major release centers on eliminating the reliance on the database and simplifying the overall Strategy. Learn more about it from the official PR: #45
⭐ Summary
- Add
coerceutility - Add
TOTPPayloadstructure - Add tests for the 1st authentication phase
- Add tests for stale magic-link and login attempts
- Add test for custom error scenarios
- Refactor: Rename function to
generateAndSendTOTP - Refactor: Rename function to
validateTOTP - Refactor: Rename variable
totpFieldKeytocodeFieldKey - Refactor: Remove CRUD operations
- Refactor: Remove unused constants
- Refactor: Remove
MagicLinkGenerationOptions - Refactor: Remove
formandrequestfromSendTOTPOptions - Refactor: Remove
code,magicLink,form, andrequestfromTOTPVerifyParams - Update
SendTOTPOptionswithrequestandformData - Update
TOTPVerifyParamswithrequestandformData - Update documentation
- Update dependencies
- Bump module version to
v3.0.0
Special thanks to @mw10013 for taking responsibility of the entire release, including implementation, tests, migration documents, and all the care and effort put into it! 🙏
That's all for this release. Happy coding, folks!
Contributors
Assets 2
v2.0.0
What's Changed
Remix Auth TOTP v2 is here! 🎄
This major release focuses on splitting and introducing key improvements, enhancing both functionality and simplicity for developers and maintainers. You can learn more about it from the following PR: #37
⭐ Features
- Introduced
TOTPDataand CRUD interfaces, laying a solid foundation for more structured and efficient TOTP operations.
🧯 Refactor
- Split
handleTOTP: We've dividedhandleTOTPinto two distinct functions:readTOTPandupdateTOTP. - Simplified
expiresAt: We've removed the setting of expiresAt fromhandleTOTP. Now, expiresAt is only relevant at the time of creation, reducing complexity and potential errors. - Removed
storeTOTP: Simplifying the overall codebase. - Removed
sendTOTPwrapper: In our pursuit of simplicity, the sendTOTP wrapper wasn't adding much value to the overall codebase.
👷♂️ Chores
- Added Migration Documentation: A new document has been added to assist with
v1tov2migrations. - Updated Documentation: Reflecting the recent changes.
- Updated Tests: Ensuring the robustness and reliability of the recent changes.
- Updated Dependencies.
- Bumped module version to
v2.0.0.
Special thanks to @mw10013 for taking responsibility for the entire release, including implementation, tests, migration documents, and all the care and effort put into it!
Merry Christmas, folks!
Contributors
Assets 2
v1.4.1
What's Changed
Implemented a solution for generating magic links using the request's origin instead of the host in the request headers when hostUrl is not provided. This addresses issues in environments like Cloudflare local development (wrangler/miniflare), ensuring the correct cookies are used. See #29 for more details.
Refactor 🛠️
- Use request origin for magic link if
hostUrlis not provided.
Chores 👷♂️
- Minor test name rearrangement.
- Remove
getHostUrland its respective tests, along withHOSTconstant and its calls in test headers. - Bumped module version to
v1.4.1.
Special thanks to @mw10013 for issuing this and for taking the time to look into it!
That's all for this release. Happy coding, folks!
Contributors
Assets 2
v1.4.0
What's Changed
Introducing Cloudflare Support! 🎉
This has been achieved this by switching from jsonwebtoken library to jose, enhancing our support for JSON Web Tokens (JWT) - Issued #28
Refactor 🛠️
- Replaced
jsonwebtokenwithjose, adapting the codebase accordingly - #28 - Updated and adapted tests to align with the new library.
Chores 👷♂️
- Updated dependencies.
- Formatted the repository.
- Bumped module version to
v1.4.0.
Special thanks to @mw10013 for issuing this and for taking the time to test the codebase updates.
That's all for this release. Happy coding, folks!