All Versions
25
Latest Version
Avg Release Cycle
37 days
Latest Release
146 days ago

Changelog History
Page 1

  • v1.0.24 Changes

    May 27, 2021

    โœจ Enhancements

    • [Pow.Store.Backend.MnesiaCache] Now accepts extra_db_nodes: {module, function, arguments} to fetch nodes when MnesiaCache starts up
    • [PowEmailConfirmation.Phoenix.Messages] Added PowEmailConfirmation.Phoenix.Messages.invalid_token/1
    • โš  [Pow.Store.CredentialsCache] Now outputs an IO warning when a :ttl longer than 30 minutes is used

    ๐Ÿ› Bug fixes

    • [Pow.Store.Backend.MnesiaCache] Now handles initialization errors
  • v1.0.23 Changes

    March 22, 2021

    โœจ Enhancements

    • โšก๏ธ [Pow.Ecto.Context] No longer automatically reloads the struct after insert or update
    • [PowInvitation.Ecto.Schema] Added PowInvitation.Ecto.Schema.invitation_token_changeset/1
    • [PowInvitation.Ecto.Schema] Added PowInvitation.Ecto.Schema.invited_by_changeset/2
    • ๐Ÿ‘ [Pow.Ecto.Schema.Password.Pbkdf2] Now uses :crypto.mac/4 if available to support OTP 24
    • [PowEmailConfirmation.Phoenix.ControllerCallbacks] Now returns :info instead of :error message for when the user has to confirm their email

    ๐Ÿ› Bug fixes

    • โš  [Pow.Store.Backend.MnesiaCache] No longer triggers Elixir 1.11 dependency warnings
  • v1.0.22 Changes

    January 27, 2021

    ๐Ÿš€ This release introduces a deprecation for the default API guide implementation. Please check migration section below.

    โœจ Enhancements

    • [PowPersistentSession.Plug.Cookie] Now stores the user struct instead of clauses
    • [PowPersistentSession.Plug.Base] Now includes :pow_config in the store config
    • [PowResetPassword.Plug] Now includes :pow_config in the store config
    • [Pow.Plug.Base] Now includes :pow_config in the store config
    • [Pow.Operations] Added Pow.Operations.reload/2 to reload structs
    • โšก๏ธ [PowPersistentSession.Store.PersistentSessionCache] Update PowPersistentSession.Store.PersistentSessionCache.get/2 to reload the user using Pow.Operations.reload/2
    • ๐Ÿ”ง [Pow.Store.CredentialsCache] Now support reload: true configuration so once fetched from the cache the user object will be reloaded through the context module

    ๐Ÿ“š Documentation

    • โšก๏ธ Updated the [API guide](guides/api.md) as it's no longer necessary to load the user struct

    Migration

    โšก๏ธ If you've used an API setup for previous version, you'll see the warning PowPersistentSession.Store.PersistentSessionCache.get/2 call without `:pow_config` in second argument is deprecated, refer to the API guide.. It's recommended to replace your APIAuthPlug with the updated version in the API guide.

    โ™ป๏ธ The larger refactor of cache setup in Pow v1.0.22 means that user struct is always expected to be passed in and returned by the stores, so it is no longer necessary to load the user in the API plug. The PowPersistentSession.Store.PersistentSessionCache has fallback logic to handle the deprecated clauses keyword list, and will load the user correctly.

  • v1.0.21 Changes

    September 13, 2020

    โœจ Enhancements

    • [Pow.Plug.Base] Will now use the existing :pow_config in the conn when no plug options has been set #514
    • ๐Ÿ›  [PowInvitation.Phoenix.InvitationController] Fixed bug where user was incorrectly redirected to the show action with unsigned token when user struct has no e-mail #535
    • โš  [Pow.Ecto.Schema] Now only emits warning for primitive Ecto types #541

    ๐Ÿ› Bug fixes

    • [PowEmailConfirmation.Ecto.Schema] PowEmailConfirmation.Ecto.Schema.changeset/3 no longer sets the email to the unconfirmed email when the same email change is set twice #515
    • โš  [Pow.Extension.Phoenix.Messages] Fixed fallback message dializer warning #520
    • [Pow.Ecto.Context] Fixed bug where the macro didn't add :users_context to the Pow config in the module resulting in Pow.Ecto.Context.get_by/2 being called instead of get_by/1 in the custom context #537
    • ๐Ÿ‘ [Pow.Ecto.Schema.Changeset] The Pow.Ecto.Schema.Changeset.validate_email/1 method has been improved per specifications to support wider unicode support, fully-qualified domain validation, and comments #565
  • v1.0.20 Changes

    April 22, 2020

    ๐Ÿ‘ Now supports Phoenix 1.5, and requires Elixir 1.7 or higher. #494

    โœจ Enhancements

    • [Mix.Tasks.Pow.Extension.Phoenix.Gen.Templates] mix pow.extension.phoenix.gen.templates now dynamically loads template list from the extension base module #461
    • ๐Ÿ‘‰ [PowResetPassword.Plug] PowResetPassword.Plug.load_user_by_token/2 now sets a :pow_reset_password_decoded_token key in conn.private that will be used in PowResetPassword.Plug.update_user_password/2 #464
  • v1.0.19 Changes

    March 13, 2020

    Warning: This release will now sign and verify all tokens, causing previous tokens to no longer work. Any sessions and persistent sessions will be invalidated.

    โœจ Enhancements

    • ๐Ÿ”’ [Pow.Plug.Session] Now sets a global lock when renewing the session #414
    • ๐Ÿ”’ [PowPersistentSession.Plug.Cookie] Now sets a global lock when authenticating the user #414
    • [PowEmailConfirmation.Plug] Added PowEmailConfirmation.Plug.sign_confirmation_token/2 to sign the email_confirmation_token to prevent timing attacks #417
    • ๐Ÿ‘‰ [PowEmailConfirmation.Plug] Added PowEmailConfirmation.Plug.load_user_by_token/2 to verify the signed email_confirmation_token to prevent timing attacks #446
    • [PowEmailConfirmation.Plug] Added PowEmailConfirmation.Plug.confirm_email/2 with map as second argument #446
    • [PowInvitation.Plug] Added PowInvitation.Plug.sign_invitation_token/2 to sign the invitation_token #417
    • [PowInvitation.Plug] Added PowInvitation.Plug.load_invited_user_by_token/2 to verify the signed invitation_token to prevent timing attacks #417
    • [PowResetPassword.Plug] Changed PowResetPassword.Plug.create_reset_token/2 to sign the :token #417
    • ๐Ÿ‘‰ [PowResetPassword.Plug] Added PowResetPassword.Plug.load_user_by_token/2 to verify the signed token to prevent timing attacks #417
    • ๐Ÿ‘‰ [PowResetPassword.Plug] Changed PowResetPassword.Plug.update_user_password/2 so it decodes the signed token #417
    • [PowPersistentSession.Plug.Cookie] Now uses signed tokens to prevent timing attacks #417
    • [Pow.Plug.Session] Now uses signed session ID's to prevent timing attacks #417
    • [Pow.Plug] Added Pow.Plug.sign_token/4 to sign tokens #417
    • [Pow.Plug] Added Pow.Plug.verify_token/4 to decode and verify signed tokens #417
    • [Pow.Plug.MessageVerifier] Added Pow.Plug.MessageVerifier module to sign and verify messages #417
    • [PowEmailConfirmation.Ecto.Context] Added PowEmailConfirmation.Ecto.Context.confirm_email/3 #446
    • [PowEmailConfirmation.Ecto.Schema] Added confirm_email_changeset/2 and pow_confirm_email_changeset/2 to the macro #446
    • [PowEmailConfirmation.Ecto.Schema] Added PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2 #446
    • [PowInvitation.Ecto.Schema] Added accept_invitation_changeset/2 and pow_accept_invitation_changeset/2 to the macro #446
    • [PowResetPassword.Ecto.Schema] Added reset_password_changeset/2 and pow_reset_password_changeset/2 to the macro #446
    • โš  [Pow.Ecto.Schema] Now emits a warning instead of raising error with missing fields/associations #455

    ๐Ÿ—„ Deprecations

    • ๐Ÿ—„ [PowEmailConfirmation.Plug] PowEmailConfirmation.Plug.confirm_email/2 with token param as second argument has been deprecated in favor of PowEmailConfirmation.Plug.load_user_by_token/2, and PowEmailConfirmation.Plug.confirm_email/2 with map as second argument #446
    • ๐Ÿ‘‰ [PowInvitation.Plug] PowInvitation.Plug.invited_user_from_token/2 has been deprecated in favor of PowInvitation.Plug.load_invited_user_by_token/2 #417
    • [PowInvitation.Plug] PowInvitation.Plug.assign_invited_user/2 has been deprecated #417
    • [PowResetPassword.Plug] PowResetPassword.Plug.user_from_token/2 has been deprecated in favor of PowResetPassword.Plug.load_user_by_token/2 #417
    • [PowResetPassword.Plug] PowResetPassword.Plug.assign_reset_password_user/2 has been deprecated #417
    • ๐Ÿ—„ [PowEmailConfirmation.Ecto.Context] PowEmailConfirmation.Ecto.Context.confirm_email/2 deprecated in favor of PowEmailConfirmation.Ecto.Context.confirm_email/3 #446
    • [PowEmailConfirmation.Ecto.Schema] PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/1 deprecated in favor of PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2 #446

    ๐Ÿ“š Documentation

  • v1.0.18 Changes

    February 14, 2020

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  [Pow.Phoenix.Routes] Fixed bug where callback route methods is not using the overridden method #418
    • [PowPersistentSession.Plug.Cookie] PowPersistentSession.Plug.Cookie.delete/2 now correctly pulls token during :before_send callback #420
    • ๐Ÿšš [Pow.Plug.Session] Pow.Plug.Session.delete/2 now correctly pulls session id during :before_send callback so PowEmailConfirmation will remove set session #420
  • v1.0.17 Changes

    February 04, 2020

    โœจ Enhancements

    • [Pow.Ecto.Context] Calls to Pow.Ecto.Context.get_by/2 replaced with Pow.Operations.get_by/2 so custom users context module can be used. The following methods has been updated: #343
      • Pow.Ecto.Context.authenticate/2
      • PowEmailConfirmation.Ecto.Context.get_by_confirmation_token/2
      • PowInvitation.Ecto.Context.get_by_invitation_token/2
      • PowResetPassword.Ecto.Context.get_by_email/2
    • [Pow.Ecto.Schema.Changeset] Pow.Ecto.Schema.Changeset.confirm_password_changeset/3 now adds the default Ecto.Changeset.validate_confirmation/3 error instead of the previous not same as password error #380
    • [Pow.Ecto.Schema.Changeset] Pow.Ecto.Schema.Changeset.confirm_password_changeset/3 now uses the Ecto.Changeset.validate_confirmation/3 for validation and expects :password_confirmation instead of :confirm_password in params #379
    • [Pow.Ecto.Schema.Changeset] Pow.Ecto.Schema.Changeset.new_password_changeset/3 now only requires the :password_hash if there have been no previous errors set in the changeset #391
    • [Pow.Ecto.Schema] No longer adds :confirm_password virtual field #379
    • [Pow.Ecto.Schema] Now has an @after_compile callback that ensures all required fields has been defined #376
    • [PowInvitation.Phoenix.InvitationView] Now renders :password_confirmation field instead of :confirm_password #379
    • [PowResetPassword.Phoenix.ResetPasswordView] Now renders :password_confirmation field instead of :confirm_password #379
    • [Pow.Phoenix.RegistrationView] Now renders :password_confirmation field instead of :confirm_password #379
    • [PowEmailConfirmation.Ecto.Schema] No longer validates if :email has been taken before setting :unconfirmed_email #379
    • [PowEmailConfirmation.Phoenix.ControllerCallbacks] Now prevents user enumeration attack for PowInvitation.Phoenix.InvitationController.create/2 #384
    • 0๏ธโƒฃ [PowPersistentSession.Plug.Cookie] Changed default cookie name to persistent_session #385
    • ๐Ÿšš [PowPersistentSession.Plug.Cookie] Removed renewal of cookie as the token will always expire #385
    • [PowPersistentSession.Plug.Cookie] No longer expires invalid cookies #390
    • [Pow.Operations] Added Pow.Operations.fetch_primary_key_values/2 #393
    • [PowPersistentSession.Plug.Base] Now registers :before_send callbacks #398
    • โšก๏ธ [PowPersistentSession.Plug.Cookie] Now updates cookie and backend store in :before_send callback #398
    • [Pow.Plug.Base] Now registers :before_send callbacks #398
    • โšก๏ธ [Pow.Plug.Session] Now updates plug session and backend store in :before_send callback #398
    • [Pow.Plug] Added Pow.Plug.create/3 #405
    • [Pow.Plug] Added Pow.Plug.delete/2 #405

    โœ‚ Removed

    • [PowResetPassword.Phoenix.ResetPasswordController] Will no longer prevent information leak by checking if PowEmailConfirmation or registration routes are enabled; instead it'll by default prevent user enumeration, but can be disabled if pow_prevent_user_enumeration: false is set in conn.private #384

    ๐Ÿ› Bug fixes

    • [PowPersistentSession.Plug.Base] With custom :persistent_session_store now falls back to :cache_store_backend configuration option #408
    • [PowResetPassword.Plug] With custom :reset_password_token_store now falls back to :cache_store_backend configuration option #408
    • [Pow.Plug.Base] With custom :credentials_cache_store now falls back to :cache_store_backend configuration option #408

    ๐Ÿ—„ Deprecations

    • [Pow.Ecto.Changeset] Pow.Ecto.Schema.Changeset.confirm_password_changeset/3 has deprecated use of :confirm_password in params in favor of :password_confirmation #379
    • [Pow.Plug.Session] :session_store option has been renamed to :credentials_cache_store #399
    • [Pow.Plug] Pow.Plug.clear_authenticated_user/1 deprecated in favor of Pow.Plug.delete/1 #405
  • v1.0.16 Changes

    January 07, 2020

    Note: This release contains an important security fix.

    โœจ Enhancements

    • [PowPersistentSession.Plug.Cookie] Now supports :persistent_session_cookie_opts to customize any options that will be passed on to Plug.Conn.put_resp_cookie/4 #365
    • [PowResetPassword.Phoenix.ResetPasswordController] Now uses PowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1 with a generic response that tells the user the email has been sent only if an account was found #349
    • [PowResetPassword.Phoenix.ResetPasswordController] When a user doesn't exist will now return success message if PowEmailConfirmation extension is enabled #349
    • [PowResetPassword.Phoenix.Messages] Added PowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1 and let PowResetPassword.Phoenix.Messages.email_has_been_sent/1 fall back to it #349
    • 0๏ธโƒฃ [PowEmailConfirmation.Phoenix.ControllerCallbacks] When a user tries to sign up and the email has already been taken the default e-mail confirmation required message will be shown #350
    • [Pow.Plug.Session] Now renews the Plug session each time the Pow session is created or rolled 578ffd3

    ๐Ÿ› Bug fixes

    • [Pow.Ecto.Schema.Changeset] Fixed bug where Pow.Ecto.Schema.Changeset.user_id_field_changeset/3 update with nil value caused an exception to be raised #364
    • [PowPersistentSession.Plug.Cookie] Now expires the cookie 10 seconds after the last request when authenticating to prevent multiple simultaneous requests deletes the cookie immediately #366

    ๐Ÿ“š Documentation

  • v1.0.15 Changes

    November 20, 2019

    โœจ Enhancements

    • [Pow.Extension.Base] Extensions are now expected to have a base module with compile-time information whether certain modules are available to prevent unnecessary Code.ensure_compiled?/1 calls: #335
      • Added Pow.Extension.Base module
      • Added PowEmailConfirmation module
      • Added PowInvitation module
      • Added PowPersistentSession module
      • Added PowResetPassword module
    • ๐Ÿ“‡ [PowPersistentSession.Plug.Cookie] Added support for custom metadata: #332
      • PowPersistentSession.Plug.Cookie.create/3 now stores a metadata keyword list that can be populated
      • PowPersistentSession.Plug.Cookie.create/3 will now, instead of adding :session_fingerprint to the metadata, populate the :session_metadata keyword list with :fingerprint
      • PowPersistentSession.Plug.Cookie.authenticate/2 will now populate session metadata with what exists in :session_metadata key for the persistent session metadata
      • PowPersistentSession.Plug.Cookie.create/3 now ensures to delete the previous persistent session first, if one is found in cookies
    • [Pow.Extension.Config] Added Pow.Extension.Config.extension_modules/2 #334

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  [Router.Phoenix.Router] Fixed bug where resource routes were not filtered correctly according to the path bindings #328

    ๐Ÿ—„ Deprecations

    • ๐Ÿ—„ [Pow.Extension.Config] Deprecated Pow.Extension.Config.discover_modules/2 #334