Releases · not-ai-yet/meteor-mfa

20 Jun 18:36

v0.1.0

8c087dd

0.1.0: Updates to verifyChallenge Latest

Latest

This release contains security-related updates. All users should immediately update

Security Updates:
Previous versions contained an issue with verifyChallenge, where in certain situations a challenge solved for User A could be used in place of a challenge solved by User B. This issue could render MFA useless in applicable situations. This vulnerability does not apply to logging in.

This vulnerability applies to:

Reset Password
Use of MFA.verifyChallenge, where the userId returned by MFA.verifyChallenge is not validated to be the same as this.userId.

Breaking Changes:

MFA.verifyChallenge's arguments now take the format (userId, type, connectionHash, solvedChallenge)

Assets 2

23 May 16:09

not-ai-yet

v0.0.13

aaa6dea

0.0.13: Passwordless

New Features:

Passwordless

Breaking Changes:
None - Passwordless has been added as an opt-in feature (config.passwordless defaults to false)

Server Changelog:

Add MFA. disablePasswordless(userId), which disables passwordless (but maintains MFA) for a user
MFA.disableMFA will also disable passwordless if user has it enabled

Client Changelog:

Add MFA.loginWithPasswordless
Add params for MFA.registerU2F, that allows enabling passwordless ({passwordless:true, password:"..."})

Assets 2

21 May 18:45

not-ai-yet

v0.0.13-rc

3133b30

Passwordless Release Candidate Pre-release

Pre-release

Breaking Changes:
None - Passwordless has been added as an opt-in feature (config.passwordless defaults to false)

Server Changelog:

Add MFA. disablePasswordless(userId), which disables passwordless (but maintains MFA) for a user
MFA.disableMFA will also disable passwordless if user has it enabled

Client Changelog:

Add MFA.loginWithPasswordless
Add params for MFA.registerU2F, that allows enabling passwordless ({passwordless:true, password:"..."})

Assets 2

20 May 16:56

not-ai-yet

v0.0.12-rc

edfdb61

Passwordless Release Candidate Pre-release

Pre-release

Breaking Changes:
None - Passwordless has been added as an opt-in feature (config.passwordless defaults to false)

Server Changelog:

Add MFA. disablePasswordless(userId), which disables passwordless (but maintains MFA) for a user
MFA.disableMFA will also disable passwordless if user has it enabled

Client Changelog:

Add MFA.loginWithPasswordless
Add params for MFA.registerU2F, that allows enabling passwordless ({passwordless:true, password:"..."})

Assets 2

20 May 16:22

not-ai-yet

0.0.11

e2993e2

Add Authorization Feature

Add "Authorization" Feature.

Breaking Changes:
None

Client Changelog:

Add MFA.authorizeAction
Add MFA.useU2FAuthorizationCode
Add MFA.supportsU2FLogin (allows you to check whether the current device supports U2F)

Server Changelog:

Add config.allowU2FAuthorization (default: true), which controls whether the authorization feature (MFA.authorizeAction method) is enabled
Add config. authorizationDisabledMethods (default: []), which is an array of challenge types that cannot be authorized (e.g., set to ["login"] to prevent MFA.authorizeAction("login"))

Assets 2

14 May 05:45

not-ai-yet

v0.0.8

c7afc99

0.0.8

v0.0.8

MFA 0.0.8: Add Authorization Feature

Assets 2

07 May 20:41

not-ai-yet

v0.0.7

573072f

0.0.7

Fix issue where challenges were not being invalidated

Assets 2

05 May 16:48

not-ai-yet

v0.0.6

f5542d2

0.0.6

Merge pull request #2 from TheRealNate/docs-update

MFA: 0.0.6

Assets 2

Releases: not-ai-yet/meteor-mfa

0.1.0: Updates to verifyChallenge

Uh oh!

0.0.13: Passwordless

Uh oh!

Passwordless Release Candidate

Uh oh!

Passwordless Release Candidate

Uh oh!

Add Authorization Feature

Uh oh!

0.0.8

Uh oh!

0.0.7

Uh oh!

0.0.6

Uh oh!