### Added

- Official Adobe 2023 Support
- Gitflows for testing all engines and all versions of ColdBox
- Added `transientCache=false` to auth `User` to avoid any issues when doing security operations
- Added population control for auth `User` for extra security

### Fixed

- `User` auth was not serializing the `id` of the user in the mementifier config

Author: lmajano

changelog.md

@@ -13,6 +13,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Official Adobe 2023 Support
 - Gitflows for testing all engines and all versions of ColdBox
+- Added `transientCache=false` to auth `User` to avoid any issues when doing security operations
+- Added population control for auth `User` for extra security
+
+### Fixed
+
+- `User` auth was not serializing the `id` of the user in the mementifier config
 
 ## [3.3.0] => 2023-MAR-31
 

models/auth/User.cfc

@@ -10,13 +10,18 @@
  */
 component
 	accessors="true"
-	delegates="Auth@cbSecurity,
-			Authorizable@cbSecurity,
-			JwtSubject@cbSecurity"
+	transientCache="false"
+	delegates="
+		Auth@cbSecurity,
+		Authorizable@cbSecurity,
+		JwtSubject@cbSecurity
+	"
 {
 
 	/**
+	 * --------------------------------------------------------------------------
 	 * Properties
+	 * --------------------------------------------------------------------------
 	 */
 	property name="id";
 	property name="firstName";
@@ -27,7 +32,9 @@ component
 	property name="roles";
 
 	/**
+	 * --------------------------------------------------------------------------
 	 * Validation constraints
+	 * --------------------------------------------------------------------------
 	 * https://coldbox-validation.ortusbooks.com/overview/valid-constraints
 	 */
 	this.constraints = {
@@ -38,18 +45,23 @@ component
 	};
 
 	/**
+	 * --------------------------------------------------------------------------
 	 * Validation profiles
+	 * --------------------------------------------------------------------------
 	 * https://coldbox-validation.ortusbooks.com/overview/validating-constraints/validating-with-profiles
 	 */
 	this.constraintProfiles = { "update" : "firstName,lastName,username" };
 
 	/**
-	 * Mementifier serialization
+	 * --------------------------------------------------------------------------
+	 * Mementifier Serialization
+	 * --------------------------------------------------------------------------
 	 * https://forgebox.io/view/mementifier
 	 */
 	this.memento = {
 		// Default properties to serialize
 		defaultIncludes : [
+			"id",
 			"firstName",
 			"lastName",
 			"username",
@@ -62,6 +74,17 @@ component
 		neverInclude    : [ "password" ]
 	};
 
+	/**
+	 * --------------------------------------------------------------------------
+	 * Population Control
+	 * --------------------------------------------------------------------------
+	 * https://coldbox.ortusbooks.com/readme/release-history/whats-new-with-7.0.0#population-enhancements
+	 */
+	this.population = {
+		include : [], // if empty, tries to include them all
+		exclude : [ "permissions", "roles" ] // These are not mass assignable
+	}
+
 	/**
 	 * Constructor
 	 */