A Time-Based One-Time Password (TOTP) Authentication Strategy for Remix-Auth.
Full Changelog: https://github.com/dev-xo/remix-auth-totp/compare/v3.2.0...v3.3.0
This release is focused on bringing enhanced security improvements.
A quick summary of the changes and updates applied:
v3.2.0
have been deprecated.Example Templates have also been updated reflecting these new changes.
Huge thanks to @ryan0x44 who let us know about a critical security issue this release has fixed. And as always, a million thanks to @mw10013 for the time invested and the effort put into the library itself.
Full Changelog: https://github.com/dev-xo/remix-auth-totp/compare/v3.1.0...v3.2.0
AppLoadContext
as context to sendTOTP
and verify by @ryan0x44 in https://github.com/dev-xo/remix-auth-totp/pull/53
maxAge
unit from milliseconds to seconds. by @lean-dev in https://github.com/dev-xo/remix-auth-totp/pull/51
Full Changelog: https://github.com/dev-xo/remix-auth-totp/compare/v3.0.0...v3.1.0
Remix Auth TOTP v3 is here! 🎉
This major release centers on eliminating the reliance on the database and simplifying the overall Strategy. Learn more about it from the official PR: https://github.com/dev-xo/remix-auth-totp/pull/45
coerce
utilityTOTPPayload
structuregenerateAndSendTOTP
validateTOTP
totpFieldKey
to codeFieldKey
MagicLinkGenerationOptions
form
and request
from SendTOTPOptions
code
, magicLink
, form
, and request
from TOTPVerifyParams
SendTOTPOptions
with request
and formData
TOTPVerifyParams
with request
and formData
v3.0.0
Special thanks to @mw10013 for taking responsibility of the entire release, including implementation, tests, migration documents, and all the care and effort put into it! 🙏
That's all for this release. Happy coding, folks!
Remix Auth TOTP v2 is here! 🎄
This major release focuses on splitting and introducing key improvements, enhancing both functionality and simplicity for developers and maintainers. You can learn more about it from the following PR: https://github.com/dev-xo/remix-auth-totp/pull/37
TOTPData
and CRUD interfaces, laying a solid foundation for more structured and efficient TOTP operations.handleTOTP
: We've divided handleTOTP
into two distinct functions: readTOTP
and updateTOTP
.expiresAt
: We've removed the setting of expiresAt from handleTOTP
. Now, expiresAt is only relevant at the time of creation, reducing complexity and potential errors.storeTOTP
: Simplifying the overall codebase.sendTOTP
wrapper: In our pursuit of simplicity, the sendTOTP wrapper wasn't adding much value to the overall codebase.v1
to v2
migrations.v2.0.0
.Special thanks to @mw10013 for taking responsibility for the entire release, including implementation, tests, migration documents, and all the care and effort put into it!
Merry Christmas, folks!
Implemented a solution for generating magic links using the request's origin instead of the host in the request headers when hostUrl
is not provided. This addresses issues in environments like Cloudflare local development (wrangler/miniflare), ensuring the correct cookies are used. See https://github.com/dev-xo/remix-auth-totp/pull/29 for more details.
hostUrl
is not provided.getHostUrl
and its respective tests, along with HOST
constant and its calls in test headers.v1.4.1
.Special thanks to @mw10013 for issuing this and for taking the time to look into it!
That's all for this release. Happy coding, folks!
Introducing Cloudflare Support! 🎉
This has been achieved this by switching from jsonwebtoken
library to jose
, enhancing our support for JSON Web Tokens (JWT) - Issued https://github.com/dev-xo/remix-auth-totp/issues/28
jsonwebtoken
with jose
, adapting the codebase accordingly - https://github.com/dev-xo/remix-auth-totp/issues/28
v1.4.0
.Special thanks to @mw10013 for issuing this and for taking the time to test the codebase updates.
That's all for this release. Happy coding, folks!
This update focuses on simplifying our codebase with a couple of refactors, such as removing the generic User type from sendTOTP
calls and the TOTPStrategyOptions
interface. We've also updated dependencies to resolve issues with the latest version of vitest
.
sendTOTP
calls — Issue resolved https://github.com/dev-xo/remix-auth-totp/issues/27.TOTPStrategyOptions
interface — No longer necessary, related to https://github.com/dev-xo/remix-auth-totp/issues/27.1.0.0-beta.3
version of vitest.That's it for this release. Happy coding folks!
This release mostly concentrates on minor internal fixes and documentation updates. Also made some type adjustments and added Husky for better Git hooks.
expiresAt
field is no longer Number
type, instead Date
or String
types.maxAttempts
property from TOTPGenerationOptions
set as optional.pre-commit
and pre-push
hooks.That's it for this release. Happy coding folks!
This release focuses on new example integrations and feature enhancements. We've also done some housekeeping, improving documentation and updating dependencies.
expiresAt
database field for better data management. Ref: https://github.com/dev-xo/remix-auth-totp/issues/23
CODE_OF_CONDUCT.md
That wraps it up for this Release. Happy coding folks!