Our cursor interface has no nextObject method, so there's no point in
having a rewind method. Its major effect is ensuring that
fetch/forEach/map return no documents if you've already called one of
them once. It's not clear why this is actually useful to anybody.
rewind is kept around as a no-op; if we later implement nextObject, we
can make rewind do something, but we still presumably would auto-rewind
before fetch/forEach/map.
In minimongo, remove the db_objects cache inside each cursor. The only
actual use of this cache was that if you called count multiple times, it
would return the same number without re-running the query, and you could
share the query work between N calls to count and one call to
fetch/forEach/map (but only one call! future calls would return
nothing!) While there's a minor performance hit from getting rid of
this cache, it should also use a little less memory, and enable use
cases like
{{#with someCursor}}
{{#if count}}
{{#each this}}
...
{{/each}}
{{/if}}
{{/with}}
which didn't work before because even the deps invalidation didn't
rewind the cursor.
Also, as a minor optimization, skip an EJSON.clone if there's a
projection, because projection functions are guaranteed to clone.
Fixes#2114
Have `OAuthEncryption.open` throw "decryption unsuccessful" on any
error to avoid allowing an attacker to break the encryption key by
observing the result of sending manipulated ciphertexts.
Add oauth-encryption and the oauthSecretKey config options to the docs
page.
Update history.
More documentation on functions.
Use `OAuth.sealSecret(...)` instead of `{seal: ...}`.
Rename OAuth._openSecret(s) to OAuth.openSecret(s).
In the readme describing how to generate a key, just use Node instead
of going through the hassle of creating a Meteor application.
Have the `oauth` package weakly depend on `oauth-encryption` for when
it's being used without accounts.
Add tips on using oauth-encryption without accounts to the readme.
Adds `Accounts.validateLoginAttempt`, `Accounts.onLogin`, and
`Accounts.onLoginFailure`.
The process for logging in a user is consolidated in accounts-base,
which is now the only package which directly accesses login tokens in
the database.
All login methods now go through `Accounts._loginMethod`, which
ensures that exceptions are captured and login hooks are called in all
cases.
The callback hook implementation code from livedata is extracted into
an internal `callback-hook` package, where it can be used by accounts.
"templating - template arg" fails before and after this merge
Conflicts:
packages/handlebars/.npm/package/npm-shrinkwrap.json
packages/handlebars/package.js
(semi-updating handlebars to shrink package size, vs deleting)
packages/minifiers/package.js
(two different new tests)
packages/minimongo/minimongo.js
(observe moved to a new file)
Document `Meteor.onConnection` instead of `Meteor.server.onConnection`.
Condense sections about when there is a session reconnect into a
single {{note}}.
Document the `stop` handle returned by `onConnect`.
Document `this.session` in Meteor.methods section.
- Remove starter-browser-policy and replace it with
BrowserPolicy.enableContentSecurityPolicy(), which gives you the starter
policy and allows you to use the other BrowserPolicy functions to configure
it. This is motivated by the fact that the API isn't very intuitive without a
well-defined starting policy. ex: if the package starts off without a policy,
and then the user calls allowAllContentSameOrigin(), that will result in
turning off inline scripts, which is probably not what they wanted.
- AllContent functions do more of what you'd expect now;
i.e. BrowserPolicy.disallowAllContent() actually disallows all content,
instead of setting default-src to 'none', which will allow other types of
content that have previously had srcs set for them.
- Add some tests
