All Versions
15
Latest Version
Avg Release Cycle
25 days
Latest Release
15 days ago

Changelog History
Page 1

  • v1.0.14

    October 29, 2019

    🔄 Changes

    • 🔄 Changed minmum password length to 8 (OWASP/NIST recommendations) #274
    • Pow.Phoenix.Router now only filters routes that has equal number of bindings #292
    • Pow.Phoenix.Routes.user_not_authenticated_path/1 now only puts the :request_path param if the request is using "GET" method #303
    • ♻️ The stores has been refactored so the command conforms with ETS store. This means that put commands now accept {key, value} record element(s), and keys may be list for easier lookup. #304
      • Pow.Store.Backend.Base behaviour now requires to;
      • Accept Pow.Store.Backend.Base.record/0 values for put/2
      • Accept Pow.Store.Backend.Base.key/0 for delete/2 and get/2
      • Implement all/2
      • Remove keys/1
      • Remove put/3
      • Pow.Store.Backend.EtsCache now uses :ordered_set instead of :set for efficiency
      • Pow.Store.Backend.MnesiaCache now uses :ordered_set instead of :set for efficiency
      • Pow.Store.Backend.MnesiaCache will delete all binary key records when initialized
      • Pow.Store.Base behaviour now requires to;
      • Accept erlang term value for keys in all methods
      • Implement put/3 instead of put/4
      • Implement delete/2 instead of put/3
      • Implement get/2 instead of put/3
      • Remove keys/2
      • Pow.Store.Base.all/3 added
      • Pow.Store.Base.put/3 added
      • Pow.Store.Base will use binary key rather than key list if all/2 doesn't exist in the backend cache
      • Added Pow.Store.CredentialsCache.users/2
      • Added Pow.Store.CredentialsCache.sessions/2
      • Pow.Store.CredentialsCache now adds a session key rather than appending to a list for the user key to prevent race condition
    • 📇 Pow.Plug.Session.create/3 now stores a keyword list with metadata for the session rather than just a timestamp #286
    • Pow.Plug.Session.fetch/2 and Pow.Plug.Session.create/3 now assigns :pow_session_metadata in conn.private with the session metadata #287
    • Pow.Plug.Session.create/3 will use the metadata found in conn.private[:pow_session_metadata] if it exists and otherwise add a randomly unique id for :fingerprint #287
    • PowPersistentSession.Plug.Cookie.create/3 will use the value of conn.private[:pow_session_metadata][:fingerprint] if it exists as :session_fingerprint in the persistent session metadata #287
    • PowPersistentSession.Plug.Cookie.authenticate/2 will assign :fingerprint to conn.private[:pow_session_metadata] if it exists in the persistent session metadata #287
    • 📇 Pow.Store.CredentialsCache.put/3 will invalidate any other sessions with the same :fingerprint if any is set in session metadata #287
    • PowResetPassword.Phoenix.ResetPasswordController.create/2 when a user doesn't exist will now only return success message if the registration routes has been disabled, otherwise the form with an error message will be returned #314
    • Added PowResetPassword.Phoenix.Messages.user_not_found/1 #314

    🐛 Bug fixes

    • 🛠 Fixed bug where Pow.Store.CredentialsCache wasn't used due to how Pow.Store.Base macro worked #286
    • 🛠 Fixed bug where PowEmailConfirmation.Phoenix.ControllerCallbacks couldn't deliver email #309

    🗄 Deprecations

    • 🗄 Deprecated Pow.Store.Backend.EtsCache.keys/1 #304
    • 🗄 Deprecated Pow.Store.Backend.EtsCache.put/3 #304
    • 🗄 Deprecated Pow.Store.Backend.MnesiaCache.keys/1 #304
    • 🗄 Deprecated Pow.Store.Backend.MnesiaCache.put/3 #304
    • 🗄 Deprecated Pow.Store.Base.keys/2 #304
    • 🗄 Deprecated Pow.Store.Base.put/4 #304
    • Deprecated Pow.Store.CredentialsCache.user_session_keys/3 #304
    • 🗄 Deprecated Pow.Store.CredentialsCache.sessions/3 #304
  • v1.0.13

    August 25, 2019

    🔄 Changes

    • ⚡️ Updated PowEmailConfirmation.Ecto.Schema.changeset/3 so; (#259)
      • when :email is identical to :unconfirmed_email it won't generate new :email_confirmation_token
      • when :email is identical to the persisted :email value both :email_confirmation_token and :unconfirmed_email will be set to nil
      • when there is no :email value in the params nothing happens
    • Updated PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/1 so now :email_confirmation_token is set to nil (#259)
    • Updated Pow.Ecto.Schema.Changeset.user_id_field_changeset/3 so the e-mail validator now accepts unicode e-mails (#257)
    • Added PowEmailConfirmation.Ecto.Context.current_email_unconfirmed?/2 and PowEmailConfirmation.Plug.pending_email_change?/1 (#256)
    • ➕ Added :email_validator configuration option to Pow.Ecto.Schema.Changeset (#257)
    • ➕ Added Pow.Ecto.Schema.Changeset.validate_email/1 (#257)
    • Fixed bug in PowEmailConfirmation.Phoenix.ControllerCallbacks.send_confirmation_email/2 where the confirmation e-mail wasn't send to the updated e-mail address (#256)
  • v1.0.12

    August 16, 2019

    🔄 Changes

    • ➕ Added API integration guide #247
    • Added :reset_password_token_store configuration setting #245
    • To prevent timing attacks, Pow.Ecto.Context.authenticate/2 now verifies password on a blank user struct when no user can be found for the provided user id, but will always return nil. The blank user struct has a nil :password_hash value. The struct will be passed along with a blank password to the verify_password/2 method in the user schema module. #239
    • To prevent timing attacks, when Pow.Ecto.Schema.Changeset.verify_password/3 receives a struct with a nil :password_hash value, it'll hash a blank password, but always return false. #239
    • To prevent timing attacks, the UUID is always generated in PowResetPassword.Plug.create_reset_token/2 whether the user exists or not. #239
    • PowPersistentSession.Plug.Base now accepts :persistent_session_ttl which will pass the TTL to the cache backend and used for the max age of the sesion cookie in PowPersistentSession.Plug.Cookie #236
    • Deprecated :persistent_session_cookie_max_age configuration setting #236
    • Pow.Store.Backend.MnesiaCache can now auto join clusters #233
    • Pow.Store.Backend.MnesiaCache.Unsplit module added for self-healing after network split #233
    • ✂ Removed :nodes config option for Pow.Store.Backend.MnesiaCache #233
  • v1.0.11

    June 14, 2019

    🔄 Changes

    • 🛠 Fixed bug in router filters with Phoenix 1.4.7 #224
  • v1.0.10

    June 09, 2019

    🔄 Changes

    • 💻 Prevent browser cache of Pow.Phoenix.SessionController.new/2, Pow.Phoenix.RegistrationController.new/2 and PowInvitation.Phoenix.InvitationController.edit/2 by setting "Cache-Control" header unless it already has been customized #213
    • 📄 All links in docs generated with mix docs and on hexdocs.pm now works #211
    • 📄 Generated docs now uses lower case file name except for README, CONTRIBUTING and CHANGELOG #211
    • ✂ Removed duplicate call for Pow.Plug.Session.delete/2 in Pow.Plug.Sesssion.create/3 (a91de81)
  • v1.0.9

    June 04, 2019

    🔄 Changes

    • Pow.Phoenix.Router will now only add specific routes if there is no matching route already defined #199
    • ➕ Added Pow.Plug.get_plug/1 and instead of :mod, :plug is used in config #207
    • Pow.Ecto.Context.authenticate/2 now returns nil if user id or password is nil #201

    🐛 Bug fixes

    • 👉 Fixed bug with exception raised in Pow.Ecto.Schema.normalize_user_id_field_value/1 when calling Pow.Ecto.Context.get_by/2 with a non binary user id #201
    • 👉 Fixed bug with exception raised in Pow.Ecto.Schema.normalize_user_id_field_value/1 when calling Pow.Ecto.Context.authenticate/2 with a non binary user id #201

    🗄 Deprecations

    • 🗄 Deprecated Pow.Plug.get_mod/1 #207
    • ✂ Removed call to Pow.Ecto.Context.repo/1 b66912f
  • v1.0.8

    May 24, 2019

    🔄 Changes

    • Added support for layout in mails with Pow.Phoenix.Mailer.Mail by setting conn.private[:pow_mailer_layout] same way as the Phoenix layout with conn.private[:phoenix_layout] #191
    • ➕ Added :prefix repo opts support to use in multitenant apps #147
    • Removed @changeset.data. __struct__.pow_user_id_field() in template in favor of using Pow.Ecto.Schema.user_id_field/1 #192

    🐛 Bug fixes

    • Fixed bug in Pow.Ecto.Schema.Changeset.current_password_changeset/3 where an exception would be thrown if the virtual :current_password field of the user struct was set and either the :current_password change was blank or identical #177

    🗄 Deprecations

    • Deprecated Mix.Pow.Ecto.Migration.create_migration_files/3 and moved it to Mix.Pow.Ecto.Migration.create_migration_file/3 #184
    • 🚚 Deprecated Pow.Ecto.Context.repo/1 and moved it to Pow.Config.repo!/1 #184
    • Deprecated Pow.Ecto.Context.user_schema_mod/1 and moved it to Pow.Config.user!/1 #184
  • v1.0.7

    May 01, 2019

    🔄 Changes

    • 🛠 Fixed bug with Phoenix 1.4.4 scoped routes #175
  • v1.0.6

    April 19, 2019

    🔄 Changes

    • 🛠 Fixed bug where custom layout setting raised exception in Pow.Phoenix.ViewHelpers.layout/1 #160
    • Prevent users from changing their email to one already taken when the PowEmailConfirmation extension has been enabled #161
  • v1.0.5

    April 09, 2019

    🔄 Changes

    • ➕ Added extension_messages/1 to extension controllers and callbacks #142
    • 👌 Improved feedback for when no templates are generated for an extension with mix pow.extension.phoenix.gen.templates and mix pow.extension.phoenix.mailer.gen.templates tasks #145
    • Error flash is no longer overridden in Pow.Phoenix.PlugErrorHandler if the error message is nil #156
    • 🛠 Fixed bug in the migration generator where references/2 wasn't called with options #150
    • 👌 Support any :plug version below 2.0.0 #155
    • 🗄 Deprecated Pow.Extension.Ecto.Context.Base #146