Have `OAuthEncryption.open` throw "decryption unsuccessful" on any
error to avoid allowing an attacker to break the encryption key by
observing the result of sending manipulated ciphertexts.
Add oauth-encryption and the oauthSecretKey config options to the docs
page.
Update history.
More documentation on functions.
Use `OAuth.sealSecret(...)` instead of `{seal: ...}`.
Rename OAuth._openSecret(s) to OAuth.openSecret(s).
In the readme describing how to generate a key, just use Node instead
of going through the hassle of creating a Meteor application.
Have the `oauth` package weakly depend on `oauth-encryption` for when
it's being used without accounts.
Add tips on using oauth-encryption without accounts to the readme.
Adds `Accounts.validateLoginAttempt`, `Accounts.onLogin`, and
`Accounts.onLoginFailure`.
The process for logging in a user is consolidated in accounts-base,
which is now the only package which directly accesses login tokens in
the database.
All login methods now go through `Accounts._loginMethod`, which
ensures that exceptions are captured and login hooks are called in all
cases.
The callback hook implementation code from livedata is extracted into
an internal `callback-hook` package, where it can be used by accounts.
"templating - template arg" fails before and after this merge
Conflicts:
packages/handlebars/.npm/package/npm-shrinkwrap.json
packages/handlebars/package.js
(semi-updating handlebars to shrink package size, vs deleting)
packages/minifiers/package.js
(two different new tests)
packages/minimongo/minimongo.js
(observe moved to a new file)
Document `Meteor.onConnection` instead of `Meteor.server.onConnection`.
Condense sections about when there is a session reconnect into a
single {{note}}.
Document the `stop` handle returned by `onConnect`.
Document `this.session` in Meteor.methods section.
Thus if two objects are EJSON.equals, their serialization strings will
be equal also.
(This should mean that reactive-dict could now allow objects to be
used as the key for `equal`).
Note this change does not affect livedata because livedata uses the
EJSON adjust functions to convert between JSON and EJSON (not
stringify).
Adds a couple options to EJSON.stringify:
* keyOrderSensitive: in parallel with EJSON.equals, outputs objects in
native key order (the old behavior).
* indent: pretty-prints the output.
The serialization code is based json2, which makes it easy to preserve
the indentation functionality provided by JSON.stringify. Only enough
code is included to serialize arrays and objects; serializing
primitive values such as strings is delegated to the native
JSON.stringify to reduce code and in case the native implementation is
more efficient.
Include underscore as an explicit dependency in package.js.
Document options to EJSON.equals and EJSON.stringify.
