Merge branches 'master' and 'development' of github.com:ColdBox/cbox-security

Author: lmajano

.github/workflows/ci.yml

@@ -74,13 +74,16 @@ jobs:
 
       - name: Start ${{ matrix.cfengine }} Server
         working-directory: ./test-harness
-        run: |
-          box server start serverConfigFile="server-${{ matrix.cfengine }}.json" --noSaveSettings --debug
-          # Install Adobe 2021 cfpm modules
-          if [[ "${{ matrix.cfengine }}" == "adobe@2021" ]] ; then
-            box run-script install:2021
-          fi
-          curl http://127.0.0.1:60299
+        run: box server start serverConfigFile="server-${{ matrix.cfengine }}.json" --noSaveSettings --debug
+
+      - name: CFPM Setup
+        if: ${{ matrix.cfengine == 'adobe@2021' }}
+        working-directory: ./test-harness
+        run: box run-script install:2021
+
+      - name: Prime ${{ matrix.cfengine }} server
+        working-directory: ./test-harness
+        run: curl http://127.0.0.1:60299
 
       - name: Run Tests
         working-directory: ./test-harness

.github/workflows/pr.yml

@@ -60,9 +60,16 @@ jobs:
 
       - name: Start ${{ matrix.cfengine }} Server
         working-directory: ./test-harness
-        run: |
-          box server start serverConfigFile="server-${{ matrix.cfengine }}.json" --noSaveSettings --debug
-          curl http://127.0.0.1:60299
+        run: box server start serverConfigFile="server-${{ matrix.cfengine }}.json" --noSaveSettings --debug
+
+      - name: CFPM Setup
+        if: ${{ matrix.cfengine == 'adobe@2021' }}
+        working-directory: ./test-harness
+        run: box run-script install:2021
+
+      - name: Prime ${{ matrix.cfengine }} server
+        working-directory: ./test-harness
+        run: curl http://127.0.0.1:60299
 
       - name: Run Tests
         working-directory: ./test-harness

box.json

@@ -1,6 +1,6 @@
 {
     "name":"ColdBox Security",
-    "version":"2.14.0",
+    "version":"2.15.0",
     "location":"https://downloads.ortussolutions.com/ortussolutions/coldbox-modules/cbsecurity/@build.version@/[email protected]@.zip",
     "author":"Ortus Solutions.com <[email protected]>",
     "slug":"cbsecurity",
@@ -35,7 +35,7 @@
     },
     "scripts":{
         "release":"recipe build/release.boxr",
-        "format":"cfformat run handlers/,interceptors/,models/,test-harness/tests/specs,ModuleConfig.cfc",
+        "format":"cfformat run handlers/,interceptors/,models/,test-harness/tests/specs,ModuleConfig.cfc --overwrite",
         "format:watch":"cfformat watch handlers/,interceptors/,models/,test-harness/tests/specs,ModuleConfig.cfc ./.cfformat.json",
         "format:check":"cfformat check handlers/,interceptors/,models/,test-harness/tests/specs,ModuleConfig.cfc"
     }

changelog.md

@@ -7,6 +7,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ----
 
+## [2.15.0] => 2021-DEC-10
+
+### :rocket: Added
+
+* Pass custom claims from `refreshToken( token, customClaims)` method when refreshing tokens
+* Pass in the current jwt payload in to `getJWTCustomClaims( payload )`
+* The auto refresh token features now will auto refresh not only on expired tokens, but on invalid and missing tokens as well. Thanks to @elpete
+
+### :bug: Fixed
+
+* Timeout in token storage is now the token timeout
+
+----
+
 ## [2.14.0] => 2021-OCT-07
 
 ### Added
@@ -217,7 +231,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * If a rule is matched, we will store it in the `prc` as `cbSecurity_matchedRule` so you can see which security rule was used for processing invalid access actions.
 * If a rule is matched we will store the validator results in `prc` as `cbSecurity_validatorResults`
 * Ability for modules to register cbSecurity rules and setting overrides by registering a `settings.cbSecurity` key.
-* Ability for modules to override the `validator` setting. So each module can have their own security validator schema. 
+* Ability for modules to override the `validator` setting. So each module can have their own security validator schema.
 * New security rule visualizer for graphically seeing you rules and configuration.  Can be locked down via the `enableSecurityVisualizer` setting. Disabled by default.
 
 ```json
@@ -296,7 +310,7 @@ settings = {
 ## [1.0.2]
 
 * Removed `getPlugin()` deprecated calls to new approach.
-* https://ortussolutions.atlassian.net/browse/CCM-26 cbsecurity ocm rules not ColdBox 4 compat 
+* https://ortussolutions.atlassian.net/browse/CCM-26 cbsecurity ocm rules not ColdBox 4 compat
 
 ## [1.0.1]