diff --git a/.changeset/adapter-non-json-response.md b/.changeset/adapter-non-json-response.md deleted file mode 100644 index 17c6d0b..0000000 --- a/.changeset/adapter-non-json-response.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -"@seamless-auth/core": patch -"@seamless-auth/express": patch ---- - -Don't crash on non-JSON upstream responses. `authFetch` now parses response bodies -defensively, so a plain-text error (e.g. a rate-limited `429 Too many requests`) or an -empty body (`204`) no longer throws in handlers that read the body before checking the -status — which previously surfaced as an unhandled rejection that took down the adapter -process. Non-JSON bodies are returned as `{ message: }`; empty bodies as -`undefined`. Fixes #41. diff --git a/.changeset/registration-session-cookie.md b/.changeset/registration-session-cookie.md deleted file mode 100644 index 9a5b010..0000000 --- a/.changeset/registration-session-cookie.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -"@seamless-auth/core": minor -"@seamless-auth/express": patch ---- - -Issue a session on OTP-based registration. Registration now starts with just an -email, and verifying the registration email OTP completes sign-up and returns a -session. The adapter previously proxied `/otp/verify-email-otp` and -`/otp/verify-phone-otp` without setting cookies, so browser users finished -registration unauthenticated. A new `verifyRegistrationOtpHandler` (core) plus a -`verifyRegistrationOtp` express handler now set the session cookies on these -routes (tolerating a phone-first step that returns no session yet), mirroring the -login OTP verify handlers. diff --git a/.changeset/sharp-breads-stop.md b/.changeset/sharp-breads-stop.md deleted file mode 100644 index e2aa9ca..0000000 --- a/.changeset/sharp-breads-stop.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@seamless-auth/express": patch -"@seamless-auth/core": patch ---- - -fix: updates core implementation to supply the authorization value during polling for magic links diff --git a/.changeset/tough-nights-stop.md b/.changeset/tough-nights-stop.md deleted file mode 100644 index d8767e4..0000000 --- a/.changeset/tough-nights-stop.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -"@seamless-auth/express": patch -"@seamless-auth/core": patch ---- - -Fixes for deleting users as an admin, and internal auth events summary route token handling diff --git a/packages/core/CHANGELOG.md b/packages/core/CHANGELOG.md index dfaa37e..2609954 100644 --- a/packages/core/CHANGELOG.md +++ b/packages/core/CHANGELOG.md @@ -1,5 +1,29 @@ # @seamless-auth/core +## 0.6.0 + +### Minor Changes + +- 3cf132e: Issue a session on OTP-based registration. Registration now starts with just an + email, and verifying the registration email OTP completes sign-up and returns a + session. The adapter previously proxied `/otp/verify-email-otp` and + `/otp/verify-phone-otp` without setting cookies, so browser users finished + registration unauthenticated. A new `verifyRegistrationOtpHandler` (core) plus a + `verifyRegistrationOtp` express handler now set the session cookies on these + routes (tolerating a phone-first step that returns no session yet), mirroring the + login OTP verify handlers. + +### Patch Changes + +- e52ff77: Don't crash on non-JSON upstream responses. `authFetch` now parses response bodies + defensively, so a plain-text error (e.g. a rate-limited `429 Too many requests`) or an + empty body (`204`) no longer throws in handlers that read the body before checking the + status — which previously surfaced as an unhandled rejection that took down the adapter + process. Non-JSON bodies are returned as `{ message: }`; empty bodies as + `undefined`. Fixes #41. +- 39f7aad: fix: updates core implementation to supply the authorization value during polling for magic links +- 46f4f02: Fixes for deleting users as an admin, and internal auth events summary route token handling + ## 0.5.4 ### Patch Changes diff --git a/packages/core/package.json b/packages/core/package.json index 3189013..05c1605 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -1,6 +1,6 @@ { "name": "@seamless-auth/core", - "version": "0.5.4", + "version": "0.6.0", "description": "Framework-agnostic core authentication logic for SeamlessAuth", "license": "AGPL-3.0-only", "author": "Fells Code, LLC", diff --git a/packages/express/CHANGELOG.md b/packages/express/CHANGELOG.md index de9f812..743f5b9 100644 --- a/packages/express/CHANGELOG.md +++ b/packages/express/CHANGELOG.md @@ -1,5 +1,31 @@ # @seamless-auth/express +## 0.6.0 + +### Patch Changes + +- e52ff77: Don't crash on non-JSON upstream responses. `authFetch` now parses response bodies + defensively, so a plain-text error (e.g. a rate-limited `429 Too many requests`) or an + empty body (`204`) no longer throws in handlers that read the body before checking the + status — which previously surfaced as an unhandled rejection that took down the adapter + process. Non-JSON bodies are returned as `{ message: }`; empty bodies as + `undefined`. Fixes #41. +- 3cf132e: Issue a session on OTP-based registration. Registration now starts with just an + email, and verifying the registration email OTP completes sign-up and returns a + session. The adapter previously proxied `/otp/verify-email-otp` and + `/otp/verify-phone-otp` without setting cookies, so browser users finished + registration unauthenticated. A new `verifyRegistrationOtpHandler` (core) plus a + `verifyRegistrationOtp` express handler now set the session cookies on these + routes (tolerating a phone-first step that returns no session yet), mirroring the + login OTP verify handlers. +- 39f7aad: fix: updates core implementation to supply the authorization value during polling for magic links +- 46f4f02: Fixes for deleting users as an admin, and internal auth events summary route token handling +- Updated dependencies [e52ff77] +- Updated dependencies [3cf132e] +- Updated dependencies [39f7aad] +- Updated dependencies [46f4f02] + - @seamless-auth/core@0.6.0 + ## 0.5.4 ### Patch Changes diff --git a/packages/express/package.json b/packages/express/package.json index d578648..6d7cb9f 100644 --- a/packages/express/package.json +++ b/packages/express/package.json @@ -1,6 +1,6 @@ { "name": "@seamless-auth/express", - "version": "0.5.4", + "version": "0.6.0", "description": "Express adapter for Seamless Auth passwordless authentication", "license": "AGPL-3.0-only", "type": "module",