Merge branch 'development'

Author: lmajano

box.json

@@ -1,6 +1,6 @@
 {
     "name":"ColdBox Security",
-    "version":"2.4.0",
+    "version":"2.5.0",
     "location":"https://downloads.ortussolutions.com/ortussolutions/coldbox-modules/cbsecurity/@build.version@/cbsecurity-@build.version@.zip",
     "author":"Ortus Solutions.com <info@ortussolutions.com>",
     "slug":"cbsecurity",
@@ -29,8 +29,8 @@
     ],
     "dependencies":{
         "jwt-cfml":"^1.0.0",
-		"cbauth":"^4.0.0",
-		"cbcsrf":"^2.0.0"
+        "cbauth":"^5.0.0",
+        "cbcsrf":"^2.0.0"
     },
     "scripts":{
         "toMaster":"recipe build/toMaster.boxr",

changelog.md

@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## 2.5.0
+
+* `Feature` : Upgraded to `cbAuth` @ 5.x
+
 ## 2.4.0
 
 * `Feature` : We now include the `cbcsrf` module to allow for protections of cross site request forgery vectors. Please see all the features included in this module here: https://github.com/coldbox-modules/cbcsrf

interfaces/IAuthService.cfc

@@ -9,8 +9,9 @@ interface{
     /**
      * Get the authenticated user
      *
+	 * @throws NoUserLoggedIn : If the user is not logged in
+	 *
      * @return User that implements IAuthUser
-     * @throws NoUserLoggedIn
      */
     any function getUser();
 
@@ -20,20 +21,24 @@ interface{
     boolean function isLoggedIn();
 
     /**
-     * Attemps to log in a user
+     * Try to authenticate a user into the system. If the authentication fails an exception is thrown, else the logged in user object is returned
      *
      * @username The username to log in with
      * @password The password to log in with
      *
      * @throws InvalidCredentials
+	 *
+	 * @return User : The logged in user object
      */
-    boolean function authenticate( required username, required password );
+    any function authenticate( required username, required password );
 
     /**
-     * Logs a user into the system
-     *
-     * @user The user object that implements IAuthUser
-     */
+	 * Login a user into our persistent scopes
+	 *
+	 * @user The user object to log in
+	 *
+	 * @return The same user object so you can do functional goodness
+	 */
     function login( required user );
 
     /**

models/jwt/JwtService.cfc

@@ -136,15 +136,12 @@ component accessors="true" singleton {
 		required password,
 		struct customClaims = {}
 	){
-		var auth = cbSecurity.getAuthService();
-
-		if ( auth.authenticate( arguments.username, arguments.password ) ) {
-			// Create it
-			return fromUser( auth.getUser(), arguments.customClaims );
-		} else {
-			// Can't do anything if the authenticate is false.
-			throw( message = "The credentials are invalid!", type = "InvalidCredentials" );
-		}
+		var oUser = cbSecurity
+			.getAuthService()
+			.authenticate( arguments.username, arguments.password );
+
+		// Create it
+		return fromUser( oUser, arguments.customClaims );
 	}
 
 	/**

test-harness/box.json

@@ -7,7 +7,7 @@
     "dependencies":{
         "coldbox":"^5.0.0",
         "testbox":"be",
-        "cbauth":"^4.0.0",
+        "cbauth":"^5.0.0",
         "BCrypt":"^2.5.0-snapshot",
         "jwt-cfml":"^1.0.0",
         "cbcsrf":"^2.0.0+21"