Skip to content

New v4.12.0 created automatically from CircleCI#143

Merged
MikeDev75015 merged 4 commits into
mainfrom
develop
May 26, 2026
Merged

New v4.12.0 created automatically from CircleCI#143
MikeDev75015 merged 4 commits into
mainfrom
develop

Conversation

@MikeDev75015

Copy link
Copy Markdown
Owner
  • feat(auth): add passwordless OTP flow
    Add POST /auth/passwordless/send-code and POST /auth/passwordless/verify-code
    endpoints via new PasswordlessOptions config on useAuth.

    • OtpCode model with MongoDB TTL index (otp_codes collection, no Redis)
    • sendOtpCode: generate 6-digit code, bcrypt-hash, upsert OTP doc, call sendCodeCallback
    • verifyOtpCode: compare code, delete OTP (one-time use), return JWT tokens
    • PasswordlessGuard returns 503 when feature not configured
    • optional callback after successful verification
    • useCookie support on verify-code (same as login)
    • 100% unit coverage + 11 e2e tests all green
    • docs: new Passwordless/OTP section in authentication.md
  • refactor(auth): reduce parameter count and improve security

    • Replace Math.random() with crypto.randomInt() for OTP code generation
    • Group 8 params of createAuthServiceProvider into AuthServiceProviderOptions object
    • Group 8 params of AuthControllerMixin into AuthControllerMixinOptions object
    • Remove unnecessary 'as Entity' assertion in verifyOtpCode
    • Update all call sites and specs accordingly
  • test(auth): align createAuthServiceProvider spy assertion with new object signature

  • chore(release): 4.12.0

Mickael N. and others added 4 commits May 26, 2026 02:14
Add POST /auth/passwordless/send-code and POST /auth/passwordless/verify-code
endpoints via new PasswordlessOptions<Entity> config on useAuth.

- OtpCode model with MongoDB TTL index (otp_codes collection, no Redis)
- sendOtpCode: generate 6-digit code, bcrypt-hash, upsert OTP doc, call sendCodeCallback
- verifyOtpCode: compare code, delete OTP (one-time use), return JWT tokens
- PasswordlessGuard returns 503 when feature not configured
- optional callback after successful verification
- useCookie support on verify-code (same as login)
- 100% unit coverage + 11 e2e tests all green
- docs: new Passwordless/OTP section in authentication.md
- Replace Math.random() with crypto.randomInt() for OTP code generation
- Group 8 params of createAuthServiceProvider into AuthServiceProviderOptions object
- Group 8 params of AuthControllerMixin into AuthControllerMixinOptions object
- Remove unnecessary 'as Entity' assertion in verifyOtpCode
- Update all call sites and specs accordingly
Copilot AI review requested due to automatic review settings May 26, 2026 00:44
@sonarqubecloud

Copy link
Copy Markdown

@MikeDev75015 MikeDev75015 merged commit 02d794d into main May 26, 2026
7 of 9 checks passed
@MikeDev75015 MikeDev75015 removed the request for review from Copilot May 26, 2026 01:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant