Changelog History
Page 1
-
v1.0.27 Changes
April 27, 2022๐ Now supports
ecto_sql
3.8.x and requires Elixir 1.11+.โจ Enhancements
- [
Pow.Ecto.Schema
] has been refactored to conform the@pow_fields
and@pow_assocs
attributes with separate migration options
- [
-
v1.0.26 Changes
November 06, 2021โจ Enhancemnets
- [
Pow.Store.Backend.MnesiaCache.Unsplit
] The unsplit module will now initialize the Mnesia cluster when nodes are connected lazily by resetting the Mnesia schema
๐ Bug fixes
- [
Pow.Store.Backend.MnesiaCache
] Now properly handles Mnesia application start errors
๐ Documentation
- Updated [api guide](guides/api.md) to use
Plug.Conn.register_before_send/2
for token writes
- [
-
v1.0.25 Changes
September 26, 2021๐ Now supports Phoenix 1.6.x, and
phoenix_html
3.x.x.โจ Enhancements
- [
Pow.Ecto.Schema.Fields
] The:password_hash
,:current_password
, and:password
fields now haveredact: true
option set - [
Pow.Phoenix.Controller
]Pow.Phoenix.Controller.action/3
now properly handles{:halt, conn}
returned in thebefore_process
callback - ๐ [
Pow.Store.Backend.EtsCache
] Now does synchronous writes unlesswrites: :async
is passed in config options - ๐ [
Pow.Store.Backend.MnesiaCache
] Now does synchronous writes unlesswrites: :async
is passed in config options
๐ Bug fixes
- [
Pow.Operations
]Pow.Operations.fetch_primary_key_values/2
now ensures that module exists and is loaded before deriving primary keys
๐ Documentation
- Updated [redis guide](guides/redis_cache_store_backend.md) to use synchronous writes unless
writes: :async
is passed in config options - Updated [redis guide](guides/redis_cache_store_backend.md) to use optimized lookups with sorted keys
- [
-
v1.0.24 Changes
May 27, 2021โจ Enhancements
- [
Pow.Store.Backend.MnesiaCache
] Now acceptsextra_db_nodes: {module, function, arguments}
to fetch nodes when MnesiaCache starts up - [
PowEmailConfirmation.Phoenix.Messages
] AddedPowEmailConfirmation.Phoenix.Messages.invalid_token/1
- โ [
Pow.Store.CredentialsCache
] Now outputs an IO warning when a:ttl
longer than 30 minutes is used
๐ Bug fixes
- [
Pow.Store.Backend.MnesiaCache
] Now handles initialization errors
- [
-
v1.0.23 Changes
March 22, 2021โจ Enhancements
- โก๏ธ [
Pow.Ecto.Context
] No longer automatically reloads the struct after insert or update - [
PowInvitation.Ecto.Schema
] AddedPowInvitation.Ecto.Schema.invitation_token_changeset/1
- [
PowInvitation.Ecto.Schema
] AddedPowInvitation.Ecto.Schema.invited_by_changeset/2
- ๐ [
Pow.Ecto.Schema.Password.Pbkdf2
] Now uses:crypto.mac/4
if available to support OTP 24 - [
PowEmailConfirmation.Phoenix.ControllerCallbacks
] Now returns:info
instead of:error
message for when the user has to confirm their email
๐ Bug fixes
- โ [
Pow.Store.Backend.MnesiaCache
] No longer triggers Elixir 1.11 dependency warnings
- โก๏ธ [
-
v1.0.22 Changes
January 27, 2021๐ This release introduces a deprecation for the default API guide implementation. Please check migration section below.
โจ Enhancements
- [
PowPersistentSession.Plug.Cookie
] Now stores the user struct instead of clauses - [
PowPersistentSession.Plug.Base
] Now includes:pow_config
in the store config - [
PowResetPassword.Plug
] Now includes:pow_config
in the store config - [
Pow.Plug.Base
] Now includes:pow_config
in the store config - [
Pow.Operations
] AddedPow.Operations.reload/2
to reload structs - โก๏ธ [
PowPersistentSession.Store.PersistentSessionCache
] UpdatePowPersistentSession.Store.PersistentSessionCache.get/2
to reload the user usingPow.Operations.reload/2
- ๐ง [
Pow.Store.CredentialsCache
] Now supportreload: true
configuration so once fetched from the cache the user object will be reloaded through the context module
๐ Documentation
- โก๏ธ Updated the [API guide](guides/api.md) as it's no longer necessary to load the user struct
Migration
โก๏ธ If you've used an API setup for previous version, you'll see the warning
PowPersistentSession.Store.PersistentSessionCache.get/2 call without `:pow_config` in second argument is deprecated, refer to the API guide.
. It's recommended to replace yourAPIAuthPlug
with the updated version in the API guide.๐จ The larger refactor of cache setup in Pow
v1.0.22
means that user struct is always expected to be passed in and returned by the stores, so it is no longer necessary to load the user in the API plug. ThePowPersistentSession.Store.PersistentSessionCache
has fallback logic to handle the deprecated clauses keyword list, and will load the user correctly. - [
-
v1.0.21 Changes
September 13, 2020โจ Enhancements
- [
Pow.Plug.Base
] Will now use the existing:pow_config
in theconn
when no plug options has been set #514 - ๐ [
PowInvitation.Phoenix.InvitationController
] Fixed bug where user was incorrectly redirected to the show action with unsigned token when user struct has no e-mail #535 - โ [
Pow.Ecto.Schema
] Now only emits warning for primitive Ecto types #541
๐ Bug fixes
- [
PowEmailConfirmation.Ecto.Schema
]PowEmailConfirmation.Ecto.Schema.changeset/3
no longer sets the email to the unconfirmed email when the same email change is set twice #515 - โ [
Pow.Extension.Phoenix.Messages
] Fixed fallback message dializer warning #520 - [
Pow.Ecto.Context
] Fixed bug where the macro didn't add:users_context
to the Pow config in the module resulting inPow.Ecto.Context.get_by/2
being called instead ofget_by/1
in the custom context #537 - ๐ [
Pow.Ecto.Schema.Changeset
] ThePow.Ecto.Schema.Changeset.validate_email/1
method has been improved per specifications to support wider unicode support, fully-qualified domain validation, and comments #565
- [
-
v1.0.20 Changes
April 22, 2020๐ Now supports Phoenix 1.5, and requires Elixir 1.7 or higher. #494
โจ Enhancements
- [
Mix.Tasks.Pow.Extension.Phoenix.Gen.Templates
]mix pow.extension.phoenix.gen.templates
now dynamically loads template list from the extension base module #461 - ๐ [
PowResetPassword.Plug
]PowResetPassword.Plug.load_user_by_token/2
now sets a:pow_reset_password_decoded_token
key inconn.private
that will be used inPowResetPassword.Plug.update_user_password/2
#464
- [
-
v1.0.19 Changes
March 13, 2020Warning: This release will now sign and verify all tokens, causing previous tokens to no longer work. Any sessions and persistent sessions will be invalidated.
โจ Enhancements
- ๐ [
Pow.Plug.Session
] Now sets a global lock when renewing the session #414 - ๐ [
PowPersistentSession.Plug.Cookie
] Now sets a global lock when authenticating the user #414 - [
PowEmailConfirmation.Plug
] AddedPowEmailConfirmation.Plug.sign_confirmation_token/2
to sign theemail_confirmation_token
to prevent timing attacks #417 - ๐ [
PowEmailConfirmation.Plug
] AddedPowEmailConfirmation.Plug.load_user_by_token/2
to verify the signedemail_confirmation_token
to prevent timing attacks #446 - [
PowEmailConfirmation.Plug
] AddedPowEmailConfirmation.Plug.confirm_email/2
with map as second argument #446 - [
PowInvitation.Plug
] AddedPowInvitation.Plug.sign_invitation_token/2
to sign theinvitation_token
#417 - [
PowInvitation.Plug
] AddedPowInvitation.Plug.load_invited_user_by_token/2
to verify the signedinvitation_token
to prevent timing attacks #417 - [
PowResetPassword.Plug
] ChangedPowResetPassword.Plug.create_reset_token/2
to sign the:token
#417 - ๐ [
PowResetPassword.Plug
] AddedPowResetPassword.Plug.load_user_by_token/2
to verify the signed token to prevent timing attacks #417 - ๐ [
PowResetPassword.Plug
] ChangedPowResetPassword.Plug.update_user_password/2
so it decodes the signed token #417 - [
PowPersistentSession.Plug.Cookie
] Now uses signed tokens to prevent timing attacks #417 - [
Pow.Plug.Session
] Now uses signed session ID's to prevent timing attacks #417 - [
Pow.Plug
] AddedPow.Plug.sign_token/4
to sign tokens #417 - [
Pow.Plug
] AddedPow.Plug.verify_token/4
to decode and verify signed tokens #417 - [
Pow.Plug.MessageVerifier
] AddedPow.Plug.MessageVerifier
module to sign and verify messages #417 - [
PowEmailConfirmation.Ecto.Context
] AddedPowEmailConfirmation.Ecto.Context.confirm_email/3
#446 - [
PowEmailConfirmation.Ecto.Schema
] Addedconfirm_email_changeset/2
andpow_confirm_email_changeset/2
to the macro #446 - [
PowEmailConfirmation.Ecto.Schema
] AddedPowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2
#446 - [
PowInvitation.Ecto.Schema
] Addedaccept_invitation_changeset/2
andpow_accept_invitation_changeset/2
to the macro #446 - [
PowResetPassword.Ecto.Schema
] Addedreset_password_changeset/2
andpow_reset_password_changeset/2
to the macro #446 - โ [
Pow.Ecto.Schema
] Now emits a warning instead of raising error with missing fields/associations #455
๐ Deprecations
- ๐ [
PowEmailConfirmation.Plug
]PowEmailConfirmation.Plug.confirm_email/2
with token param as second argument has been deprecated in favor ofPowEmailConfirmation.Plug.load_user_by_token/2
, andPowEmailConfirmation.Plug.confirm_email/2
with map as second argument #446 - ๐ [
PowInvitation.Plug
]PowInvitation.Plug.invited_user_from_token/2
has been deprecated in favor ofPowInvitation.Plug.load_invited_user_by_token/2
#417 - [
PowInvitation.Plug
]PowInvitation.Plug.assign_invited_user/2
has been deprecated #417 - [
PowResetPassword.Plug
]PowResetPassword.Plug.user_from_token/2
has been deprecated in favor ofPowResetPassword.Plug.load_user_by_token/2
#417 - [
PowResetPassword.Plug
]PowResetPassword.Plug.assign_reset_password_user/2
has been deprecated #417 - ๐ [
PowEmailConfirmation.Ecto.Context
]PowEmailConfirmation.Ecto.Context.confirm_email/2
deprecated in favor ofPowEmailConfirmation.Ecto.Context.confirm_email/3
#446 - [
PowEmailConfirmation.Ecto.Schema
]PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/1
deprecated in favor ofPowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2
#446
๐ Documentation
- ๐ [
-
v1.0.18 Changes
February 14, 2020๐ Bug fixes
- ๐ [
Pow.Phoenix.Routes
] Fixed bug where callback route methods is not using the overridden method #418 - [
PowPersistentSession.Plug.Cookie
]PowPersistentSession.Plug.Cookie.delete/2
now correctly pulls token during:before_send
callback #420 - ๐ [
Pow.Plug.Session
]Pow.Plug.Session.delete/2
now correctly pulls session id during:before_send
callback soPowEmailConfirmation
will remove set session #420
- ๐ [