Category Selected:

coldbox-mvc

Blog

cbSecurity 2.2 Released

Luis Majano |  February 13, 2020

Today we bring you a minor release for cbSecurity packed with features! Version 2.2 brings a complete overhaul of our jwt library and we have now switched over to the jwtcfml (https://forgebox.io/view/jwt-cfml) library which has given us a huge boost in capabilities especially supporting RS and ES algorithms. Check out their ForgeBox entry page to see all the features we inherit by using it.

We have also focused on improving our JWT and API security on this release, so check out the release notes for all the goodness!

# Install
install cbsecurity

# Update
update cbsecurity
Read More

cbValidation 2.x Released

Luis Majano |  February 13, 2020

We are so excited to bring you a major release for cbValidation! cbValidation has been around for quite some time and it was about time to give a major boost in development. We have also completely rewritten the documentation to make it more attractive and user-friendly (https://coldbox-validation.ortusbooks.com/). Enjoy!

# Install
install cbvalidation

# Update
update cbvalidation
Read More

Mementifier v2.x Released!

Luis Majano |  February 13, 2020

We are so excited to bring a major version release of our Mementifier Module. For those of you who do not know what Mementifier is, here is a small synopsis.

What is Mementifier?

This module will transform your business objects into native ColdFusion (CFML) data structures with :rocket speed. It will inject itself into ORM objects and/or business objects alike and give them a nice getMemento() function to transform their properties and relationships (state) into a consumable structure or array of structures. It can even detect ORM entities and you don't even have to write the default includes manually, it will auto-detect all properties. No more building transformations by hand! No more inconsistencies! No more repeating yourself! Best of all, it is lightning fast!

Read More

Build Secure MVC ColdFusion Applications - PRE CFSummit East 2020 Workshop

Luis Majano |  January 21, 2020

We are excited to bring our training Bootcamp series back to the DC area before CFSummit East on April 20th and April 21st. This training series will be led by Box creator Luis Majano at the Regus Franklin Square 5 minute walk from the conference center. Register as soon as possible as space is very limited!

Read More

ColdBox Security v2.0.0 Released!

Luis Majano |  September 27, 2019

We are so excited to release The ColdBox Security Module version 2.0.0. It has been quite a few years since we did a major version of our security module, but it is worth the wait. It is just easier to say we completely rewrote it in modern CFML and introduced modern Security practices, HMVC security to modules, annotation driven security and JWT token services. Never again write API security, we got you covered! We also completelty rewrote the documentation and now we have yet another awesome security book: https://coldbox-security.ortusbooks.com/

install cbsecurity
update cbsecurity

There are just too many things to talk about in this release, so we will just list out the major features and you can visit our docs for the complete rundown of ColdBox Security 2.0.0.

Introduction

The ColdBox cbsecurity module will enhance your ColdBox applications by providing out of the box security in the form of:

  • A security rule engine for incoming requests
  • Annotation driven security for handlers and actions
  • JWT (Json Web Tokens) generator, decoder and authentication services

Features

  • Ability to have global security rules
  • Ability for modules to add their own security rules and action overrides
  • Ability to distinguish between authentication and authorization issues
  • Annotation driven cascading security for handlers and actions
  • Security rules can exist in:
    • XML File
    • JSON File
    • Database
    • Models
  • The rules can be configured to use regular expressions or simple snippets
  • Can use ColdFusion authentication security
  • Can leverage any custom authentication provider
  • Plug any Authentication service or can leverage cbauth by default
  • Capability to distinguish between invalid authentication and invalid authorization and determine an outcome of the process.
  • Ability to load/unload security rules from contributing modules.
  • Ability for each module to define it's own validator
Read More

swagger SDK and cbSwagger v2 Released!

Luis Majano September 03, 2019

Spread the word

Luis Majano

September 03, 2019

Spread the word


Share your thoughts

We are very excited to finally update our swagger modules to version 2: swagger-sdk, cbSwagger. This major version has tons of new features and improvements when documenting ColdBox APIs. However, the biggest features are that we now support the latest Open API Spec => v3.0.2 and we can export your documentation in either JSON or YAML. Check out the release notes below to see all the great new improvements.

Swagger SDK v2.0

This module allows for software development using the Swagger/OpenAPI specification.

box install swagger-sdk

v2.0.0

  • Open API 3.02 support instead of swagger
  • New template layout
  • Engine removals: lucee4.5, ACF10, ACF11
  • Upgraded jackson-core to latest v2.9.9
  • Upgraded snakeyaml to latest v1.24
  • Added more tests
  • Added ability to chain methods on all methods that where void before.
  • document.asYAML() is not fully implemented so you can convert the document to yaml.
  • Upgraded createLinkedHashMap() to use new ACF structNew( "ordered" ) instead.

cbSwagger v2.0

This module automatically generates OpenAPI documenation from your configured application and module routes in either JSON or YAML by simply visiting /cbSwagger in your URL. Focus on building your APIs and document them with ease by simply annotating your handlers.

box install cbSwagger

v2.0.0

  • feature: Upgraded to swagger-sdk 2.0.0 to support OpenAPI 3.0.x. A great guide on migrating is here: https://blog.readme.io/an-example-filled-guide-to-swagger-3-2/

  • Migrated cbSwagger settings to the moduleSettings struct instead of top-level in the config/ColdBox.cfc. Make sure you move your settings.

  • feature : You can now pass a format to the /cbSwagger endpoint to either get the OpenAPI doc as json or yml. Eg: /cbswagger?format=yml

  • feature : You have two distinct routes for the json and yml formats: /cbSwagger/json and /cbSwagger/yml

  • You can choose your default output format via the module settings: defaultFormat setting. Valid options are json and yml

  • features : Support for ColdBox 5 event routing and response routing.

  • improvement : You can now tag your handlers with a displayName that will be used for operation ID building

  • improvement : Improved the way operation Ids are reported so they can be unique when reusing handler actions.

  • improvement : Refactored createLinkedHashMap() -> structNew( "ordered" )

  • improvement: Removed lucee 4.5, acf11 support.

Luis Majano

August 16, 2019

Spread the word


Share your thoughts

We are very excited to announce the release of ColdBox version 5.6.0 alongside all the companion standalone libraries: WireBox, LogBox and CacheBox.

What's New With 5.6.0

ColdBox 5.6.0 is a minor version update with lots of fixes, improvements, performance enhancements and some nice new features. Below are the major areas of improvement and the full release notes. To update ColdBox or any of the standalone libraries just leverage CommandBox:

  • update coldbox
  • update logbox
  • update wirebox
  • update cachebox

Major Updates

Performance

We had two specific tickets that have resulted in extreme performance improvements for ALL ColdBox requests. You will feel and see the difference:

  • [COLDBOX-799] - Event Handler Bean: Single instance per handler action for major performance improvements

This ticket was contributed by Dom Watson (https://twitter.com/dom_watson) one of the lead engineers of the amazing PresideCMS project built on top of ColdBox. We worked together to avoid the creation of handler beans on each runnable event. We now cache each event handler bean representation which results in an extreme boost in performance. Thanks Dom!

  • [COLDBOX-810] - Remove afterInstanceAutowire interceptor in handlerService as afterHandlerCreation is now officially removed.

Thanks to our local mad scientist Brad Wood, he reported that the handler services still listened to ALL CFC creations in an application in order to relay an afterHandlerCreation interception point from the good 'ol 2.6 days. This has been finally removed and boom, another big boost in performance!

Better Bug Reports

We have enhanced the bug reporting templates to include much more information when dealing with exceptions:

  • Show SQL error details on Adobe CF
  • Current route, params and debug info
  • Contributing module for the current routed URL

Merging of HTTP Verbs

Thanks to our very own Eric Peterson, you can now merge HTTP verbs on the same route pattern, which you could not do before:

router
    .post( "photos/", "photos.create" )
    .get( "photos/", "photos.index" )
    .delete( "photos/", "photos.remove" );

ColdBox Core Release Notes

Bugs

  • [COLDBOX-778] - ModuleService to add default route doesn't work correctly
  • [COLDBOX-794] - Fix default bug report to show SQL error detail for adobe SQL exceptions
  • [COLDBOX-796] - When doing package resolving if you are in a module it still tries to resolve a module
  • [COLDBOX-806] - Error in HTML helper WRAPPERATTRS doesn't exist in argument scope
  • [COLDBOX-811] - Include the colon for non 80 or 443 port numbers #419 in github

New Features

  • [COLDBOX-812] - Allow merging of HTTP verbs when doing separate verbs for the same route
  • [COLDBOX-813] - Update cfconfig to use env variables instead of inline mixins, modernizeOrDie

Improvements

  • [COLDBOX-795] - Add more current route information to the BugReport.cfm template
  • [COLDBOX-797] - Ability for bug reports and app to know which module contributed the incoming URL route.
  • [COLDBOX-798] - Use of .keyExists() can needlessly use memory in requests, suggest StructKeyExists() instead
  • [COLDBOX-799] - Event Handler Bean: Single instance per handler action for major performance improvements
  • [COLDBOX-800] - HandlerService.cfc$newHandler(): declares variables that are never used
  • [COLDBOX-810] - Remove afterInstanceAutowire interceptor in handlerService as afterHandlerCreation is now officially removed.

CacheBox Release Notes

Bugs

  • [CACHEBOX-56] - AbstractCacheProvider.getOrSet(): local var unscoped when checking if null

Eric Peterson

August 16, 2019

Spread the word


Share your thoughts

You know what's tedious? Authentication. Every project I start needs some sort of authentication system. And every project I start basically from scratch.

I noticed this pattern a while ago and created some libraries to help. You may have used them before.

cbauth is a library that handles creating user sessions for you app while giving enough customization to use different authentication methods and session storages.

auth.authenticate( username, password );
auth.isLoggedIn();
auth.getUser();
auth.logout();

While cbauth manages user sessions, it doesn't protect handlers or actions from being accessed by logged out or unauthorized users. cbguard was created for this purpose providing a way to restrict access to certain handlers and/or actions using annotations.

component secured {

    function index( event, rc, prc ) { /* ... */ }

    function create( event, rc, prc ) secured="create_posts" { /* ... */ }

}

Part of the reason for this customization is that there is not just one way to handle user persistance. Not only is there not just one way, there is not a default way. This can be considered a strength or a weakness of the community, but instead of debating that, I've decided to finally fill that gap using some hand picked libraries.

For data persistance I chose Quick, a ColdBox ORM engine. Unlike Hibernate, Quick is written in CFML and so can be contributed to and by any CFML developer. It also avoids the obscure Hibernate error messages that CF ORM is known for. For example, here's our User component:

component extends="quick.models.BaseEntity" {

    property name="bcrypt" inject="@BCrypt" persistent="false";

    property name="id";
    property name="email";
    property name="password";

    public User function setPassword( required string password ) {
        return assignAttribute(
            "password",
            bcrypt.hashPassword( arguments.password )
        );
    }

    public boolean function hasPermission( required string permission ) {
        return true;
    }

    public boolean function isValidCredentials(
        required string email,
        required string password
    ) {
        var user = newEntity().where( "email", arguments.email ).first();
        if ( ! user.isLoaded() ) {
            return false;
        }
        return bcrypt.checkPassword( arguments.password, user.getPassword() );
    }

    public User function retrieveUserByUsername( required string email ) {
        return newEntity()
            .where( "email", arguments.email )
            .firstOrFail();
    }

    public User function retrieveUserById( required numeric id ) {
        return newEntity().findOrFail( arguments.id );
    }

    public struct function getMemento() {
        return {
            "email": variables.getEmail()
        }
    }

}

This User entity is used both to represent a User in our system as well as handle intergrating with cbauth and cbguard. Properties are mapped to columns. The plural component name is used as the table name. A fluent syntax based off of qb is used to create, retrieve, update, and delete records. I think you'll find it a joy to work with.

There are plenty of other modules added and configured:

  • cbValidation is used to make sure all the data used is valid.
  • bCrypt is used to hash passwords in the database.
  • commandbox-dotenv and commandbox-cfconfig are installed to start up our servers with the correct settings.
  • A users table migration is provided and commandbox-migrations is installed to apply it.
  • Form submissions are automatically checked for a CSRF token with verify-csrf-interceptor.
  • Even niceties like redirectBack and a custom UniqueInDatabase validator are provided to completely show how I would start off an authentication system using ColdBox and Quick.
  • And last, but not least, code formatting is handled automatically using commandbox-cfformat.

The best part, this is just the starting point! Is this good enough for you? Get going on the rest of your app. Need some more information for your users? Add a migration, modify the form, and update the entity component. Have a different authentication system like LDAP or OAuth? Update your authenticationService with cbauth in your config/ColdBox.cfc file.

You can get started today using this new skeleton in your coldbox create app command:

coldbox create app skeleton=cbtemplate-quick-with-auth

Edit your .env file and server start!

I hope this gets you up and going faster than ever creating your awesome ColdBox applications!

ColdBox 5.5.0 Released!

Luis Majano |  June 14, 2019

What's New With v5.5.0

We are very excited to bring you ColdBox Platform v5.5.0! This is a minor release packed with a punch of improvements and some cool new features. The major libraries upgraded are ColdBox MVC and WireBox in this release.

Read More

Support Open Source via new Patreon Levels and Rewards

Luis Majano |  June 13, 2019

At Ortus Solutions we are known for building open source projects for the ColdFusion (CFML) community such as ColdBox, CommandBox, ContentBox Modular CMS, ForgeBox and many more. All of those products are licensed under the Apache 2 license and are completely FREE to use and extend.

Read More