8.1.0

Security Enhancements

• Added URL validation for redirects through session.returnTo (CWE-601).
• Fixed OAuth state parameter generation and handling to address CSRF attack vectors in the OAuth workflow.
• Added additional sanitization for user input in database queries using $eq in MongoDB.

API and Integration:

• Unified formatting for authentication parameters in route definitions and passport.js configuration.
• Refactored common code for OAuth 2 token processing in passport strategies to improve maintainability.
• Reworked the GitHub and Twitch API integration examples with additional data from the APIs.
• Reworked the Twilio API integration example to use Twilio’s sandbox servers and test phone numbers.
• Upgraded the Pinterest API example to use v5 calls instead of the broken v1.
• Reworked the Tumblr API integration example with additional data from the API.
• Added a properly working OAuth 1.0a integration for Tumblr.
• Removed sign-in by Snapchat due to increased difficulty for developers and a focus on hackathon participants.
• Removed Foursquare OAuth authorization and updated the API demo with new examples.
• Renamed Twitter to X (Some of the backend and code still reference Twitter due to upstream dependencies, and the login button is using Twitter colors pending X addition to bootstrap-social).

Update/Upgrades:

• Dropped support for Nodejs < 22 due to ESM module import issues prior to that version.
• Migrated from the unmaintained passport-linkedin-oauth2 to a passport-openidconnect strategy.
  --- Added support and examples for openid-client.
• Migrated from the deprecated paypal-rest-sdk to an example without the SDK, providing OAuth calls depending on the page state.
• Migrated from the unmaintained bootstrap-social to a fork that can be easily patched and updated.
• Migrated eslint to v9, and its new config format (breaking change).
• Migrated Husky to v9, and its new config format (breaking change). Fixed Windows commit issue.
• Updated dependencies.
• Added temporary patch files for connect-flash and passport-openidconnect based on pending pull requests or issues on GitHub.

Other:

• Fixed a bug that prevented profile pictures from being displayed.
• Added authentication link/unlink options to the user profile page for all OAuth/Identity providers.
• Fixed typos, broken links, and minor formatting alignment issues on various pages.
• Fixed spelling errors in startup information displayed in the console.
• Refactored URL validation in unit tests for Gravatar generation to conform with CodeQL rules. Even though CodeQL does vulnerability checks, this is not a security issue since it is unit tests.
• Updated the placeholder main.js to use the current format (not deprecated JS).
• Updated the GitHub repo worker/runner configs to use proper permissions
• Return exit code 1 if there is a database connection issue at startup.
• Added the --trace-deprecation flag to startup to provide better information on runtime deprecation warnings.
• .gitignore file to exclude the uploads path.
• Updated the copyright year.
• Updated documentation.

8.0.0

8.0.0 (July 28, 2023)

• Security: Renamed the cookie and set secure attribute for cookie transmission when https is present

• Security: Migrated off known deprecated, vulnerable or unmaintained dependencies

• Security: Added express rate limiter

• Added additional sanitization and validation for external inputs. Lusca provides input protection. The additional sanitization and validation are to add another layer of protection.

• Added patch-package for temporary patching dependencies

• Temporary patch for passportjs to handle logout failures

• Temporary patch for passport-oauth2: better auth failure reporting

• Removed broken Instagram oauth support as Meta no longer supports it

• Added handler for 404(page not found) to avoid 500 errors when a route is not found

• Fixed unhandled error during logout

• Fixed pug tags with multiple attributes (thanks to @soundz77)

• Added Lint-stage and Husky to lint all commits

• Fix req.logout for passport 0.6

• Fix broken unit test

• Update default gravatar

• Visual UI improvements

• Added Github Actions: NodeJS CI check unit test and lint

• Upgrade nodejs for docker

• Removed express-handlebars npm package as it was not used and is not that popular compared to pug (breaking change)

• Removed chalk npm package as it was not used (breaking change)

• Updated documentation

• Upgraded to mongoose 7 (breaking change)

• Upgraded to popper2

• Migrated from googleapis npm package to @googleapis/drive and @googleapis/sheets to reduce size and improve performance (breaking change)

• Migrated from passport-twitch-new to twitch-passport (breaking change)

• Migrated from lob to @lob/lob-typescript-sdk (breaking change)

• Migrated from deprecated node-sass to Dart Sass

• Migrated off passport-openid (breaking change)

• Migrated off nodemailer-sendgrid (breaking change)

• Migrated off passport-twitter and twitter-lite (breaking change)

• Migrated off node-quickbooks (breaking change)

• Updated dependencies

• Removed travis.yml

API example changes:

• Removed the twitter API example as the APIs are actively changing and mostly not free (breaking change)
• Removed the Instagram API example as it was broken and Meta has significantly reduced the API scope and availablity for devs
• Improved the Chartjs+AlphaVantage to handle API failures
• Fix minor formatting issues and missing images
• Tumblr - Fixed the Tumblr example and moved off tumblrjs (breaking change)
• Added missing parameters for the Lob's new API requirements
• Improved the Last.fm API example as the artist image is no longer vended by last.fm

7.0.0

• Dropped support for Node.js <16
• Switched to Bootstrap 5
• Removed older Bootstrap 4 themes
• Updated dependencies

6.0.0

6.0.0 (January 2, 2020)

• Dropped support for NodeJS 8.x, due to its EOL
• Use HTML5 native client form validation (thanks to @peterblazejewicz)
• Fix navbar rendering issues when using themes (thanks to @peterblazejewicz)
• Fix button formatting issues when applying themes (thanks to @peterblazejewicz)
• Fixed drop down menu to show correct formatting from the theme (thanks to @jonasroslund)
• Config mongoose to use the new Server Discovery and Monitoring
• Fix validation bug in Twitter, Pinterest, and Twilio API examples
• Fix HERE icon in the API examples
• Fix minor issues in Stripe and Lob API examples
• Update dependencies
• Update documentation (thanks in part to @noftaly, @yanivm)

5.2.0

5.2.0 (July 28, 2019)

• Added API example: Google Drive (thanks to @tanaydin)
• Added Google Sheets API example (thanks to @clarkngo)
• Added HERE Maps API example
• Added support for Intuit Quickbooks API
• Improved Lob.com API example
• Added support for email verification
• Added support for refreshing OAuth tokens
• Fixed bug when users attempt to login by email for accounts that are created with a sign in provider
• Fixed bug in the password reset
• Added CSRF check to the File Upload API example -- security improvement -- breaking change
• Added validation check to password reset token -- security improvement
• Fixed missing await in the Foursquare API example
• Fixed Google Oauth2 profile picture (thanks to @tanaydin)
• Removed deprecated Instagram API calls -- breaking change
• Upgrade to login by LinkedIn v2, remove LinkedIn API example -- breaking change
• Removed express-validator in favor of validator.js -- breaking change
• Removed Aviary API example since the service has been shutdown
• Added additional unit tests for the user model (thanks to @Tolsee)
• Updated Steam's logo
• Updated dependencies
• Updated documentation (thanks in part to @TheMissingNTLDR, @Coteh)

5.1.4 b

Re-release of 5.1.4 since the original released missed to include "Adding Node.js 12 to the Travis build"

5.1.4

5.1.4 (May 14, 2019)

• Migrate from requestjs to axios (thanks to @FX-Wood)
• Enable page templates to add items to the HTML head element
• Fix bold font issue on macs (thanks to @neighlyd)
• Use BASE_URL for github
• Update min node engine to require Feb 2019 NodeJS security release
• Add Node.js 12 to the travis build
• Update dependencies
• Update documentation (thanks in part to @anubhavsrivastava, @Fullchee, @luckymurari)

5.1.3

5.1.3 (April 7, 2019)

• Update Steam API Integration
• Upgrade flatly theme files to 4.3.1
• Migrate from bcrypt-nodejs to bcrypt
• Use BASE_URL for twitter and facebook callbacks
• Add a ChartJS example in combination with Alpha Vantage API usage (thanks to @T-travis)
• Improve Github integration – use the user’s private email address if there is no public email listed (thanks to @danielhunt)
• Improve the error handling for the NYT API Example
• Add lodash 4.7
• Fixed gender radio buttons spacing
• Fixed alignment Issue for login / sign in buttons at certain screen widths. (thanks to @eric-sciberras)
• Remove Mozilla Persona information from README since it has been deprecated
• Remove utils
• Remove GSDK since it does not support Bootstrap 4(thanks to @laurenquinn5924)
• Adding additional tests to cover some of the API examples
• Add prod-checklist.md
• Update dependencies
• Update documentation (thanks in part to @GregBrimble)

5.1.2

5.1.2 (January 13, 2019)

• Added Login by Snapchat (thanks to @nicholasgonzalezsc)
• Migrate the Foursquare API example to use Axios calls instead of the npm library.
• Fixed minor visual issue in the web scraping example.
• Fixed issue with Popper.js integration (thanks to @binarymax and @Furchin)
• Fixed wrapping issues in the navbar and logo indentation (thanks to @estevanmaito)
• Fixed MongoDB deprecation warnings
• Add production error handler middleware that returns 500 to handle errors. Also, handle server errors in the lastfm API example (thanks to @jagatfx)
• Added autocomplete properties to the views to address Chrome warnings (thanks to @peterblazejewicz)
• Fixed issues in the unit tests.
• Fixed issues in the modern theme variables and imports to be consistent (thanks to @monkeywithacupcake)
• Upgraded to Fontawesome to the latest version (thanks in part to @gesa)
• Upgraded eslint to v5.
• Updated dependencies
• Updated copyright year to include 2019
• Minor code formatting improvements
• Replaced mLab instructions with MongoDB Atlas instructions (thanks to @mgautam98)
• Fixed issues in the readme (thanks to @nero-adaware , @empurium, @aschwtzr)

5.1.1

5.1.1 (July 5, 2018)

• Upgraded FontAwesome to FontAwesome v5.1 - FontAwsome is now integrated using its npm package
• Fixed bug with JS libraries missing in Windows Dev envs
• Enabled autofocus in the Contact view when the user is logged in
• Fixed Home always being active (@dkimot)
• Modified Lob example to address recent API changes
• Updated Twilio API (@garretthogan)
• Fixed Twitter API (@garretthogan)
• Dependency updates