All Versions
16
Latest Version
Avg Release Cycle
225 days
Latest Release
1039 days ago

Changelog History
Page 1

  • v0.6.0 Changes

    May 20, 2022

    โž• Added

    • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

    ๐Ÿ”„ Changed

    • req#login() and req#logout() regenerate the the session and clear session 0๏ธโƒฃ information by default.
    • req#logout() is now an asynchronous function and requires a callback function as the last argument.

    ๐Ÿ”’ Security

    • ๐Ÿ‘Œ Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

  • v0.5.3 Changes

    May 16, 2022

    ๐Ÿ›  Fixed

    • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions โช again, reverting change from 0.5.1.

  • v0.5.2 Changes

    December 16, 2021

    ๐Ÿ›  Fixed

    • Introduced a compatibility layer for strategies that depend directly on [email protected] or earlier (such as passport-azure-ad), which were broken by the removal of private variables in [email protected].

  • v0.5.1 Changes

    December 15, 2021

    โž• Added

    • ๐Ÿ‘ Informative error message in session strategy if session support is not available.

    ๐Ÿ”„ Changed

    • authenticate() middleware, rather than initialize() middleware, extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

  • v0.5.0 Changes

    September 23, 2021

    ๐Ÿ”„ Changed

    • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions.

    โœ‚ Removed

    • login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions no longer added to http.IncomingMessage.prototype.

    ๐Ÿ›  Fixed

    • userProperty option to initialize() middleware only affects the current request, rather than all requests processed via singleton Passport instance, eliminating a race condition in situations where initialize() middleware is ๐Ÿ‘‰ used multiple times in an application with userProperty set to different values.

    ๐Ÿš€ [Unreleased]: https://github.com/jaredhanson/passport/compare/v0.6.0...HEAD

  • v0.4.1

    December 09, 2019

  • v0.4.0

    August 11, 2017

  • v0.3.2

    November 09, 2015

  • v0.3.1

    November 09, 2015

  • v0.3.0

    August 20, 2015