Pow changelog

Changelog History

Page 1

• v1.0.27 Changes

  April 27, 2022

  👍 Now supports ecto_sql 3.8.x and requires Elixir 1.11+.

  ✨ Enhancements

  • [Pow.Ecto.Schema] has been refactored to conform the @pow_fields and @pow_assocs attributes with separate migration options

• v1.0.26 Changes

  November 06, 2021

  ✨ Enhancemnets

  • [Pow.Store.Backend.MnesiaCache.Unsplit] The unsplit module will now initialize the Mnesia cluster when nodes are connected lazily by resetting the Mnesia schema

  🐛 Bug fixes

  • [Pow.Store.Backend.MnesiaCache] Now properly handles Mnesia application start errors

  📚 Documentation

  • Updated [api guide](guides/api.md) to use Plug.Conn.register_before_send/2 for token writes

• v1.0.25 Changes

  September 26, 2021

  👍 Now supports Phoenix 1.6.x, and phoenix_html 3.x.x.

  ✨ Enhancements

  • [Pow.Ecto.Schema.Fields] The :password_hash, :current_password, and :password fields now have redact: true option set
  • [Pow.Phoenix.Controller] Pow.Phoenix.Controller.action/3 now properly handles {:halt, conn} returned in the before_process callback
  • 🔀 [Pow.Store.Backend.EtsCache] Now does synchronous writes unless writes: :async is passed in config options
  • 🔀 [Pow.Store.Backend.MnesiaCache] Now does synchronous writes unless writes: :async is passed in config options

  🐛 Bug fixes

  • [Pow.Operations] Pow.Operations.fetch_primary_key_values/2 now ensures that module exists and is loaded before deriving primary keys

  📚 Documentation

  • Updated [redis guide](guides/redis_cache_store_backend.md) to use synchronous writes unless writes: :async is passed in config options
  • Updated [redis guide](guides/redis_cache_store_backend.md) to use optimized lookups with sorted keys

• v1.0.24 Changes

  May 27, 2021

  ✨ Enhancements

  • [Pow.Store.Backend.MnesiaCache] Now accepts extra_db_nodes: {module, function, arguments} to fetch nodes when MnesiaCache starts up
  • [PowEmailConfirmation.Phoenix.Messages] Added PowEmailConfirmation.Phoenix.Messages.invalid_token/1
  • ⚠ [Pow.Store.CredentialsCache] Now outputs an IO warning when a :ttl longer than 30 minutes is used

  🐛 Bug fixes

  • [Pow.Store.Backend.MnesiaCache] Now handles initialization errors

• v1.0.23 Changes

  March 22, 2021

  ✨ Enhancements

  • ⚡️ [Pow.Ecto.Context] No longer automatically reloads the struct after insert or update
  • [PowInvitation.Ecto.Schema] Added PowInvitation.Ecto.Schema.invitation_token_changeset/1
  • [PowInvitation.Ecto.Schema] Added PowInvitation.Ecto.Schema.invited_by_changeset/2
  • 👍 [Pow.Ecto.Schema.Password.Pbkdf2] Now uses :crypto.mac/4 if available to support OTP 24
  • [PowEmailConfirmation.Phoenix.ControllerCallbacks] Now returns :info instead of :error message for when the user has to confirm their email

  🐛 Bug fixes

  • ⚠ [Pow.Store.Backend.MnesiaCache] No longer triggers Elixir 1.11 dependency warnings

• v1.0.22 Changes

  January 27, 2021

  🚀 This release introduces a deprecation for the default API guide implementation. Please check migration section below.

  ✨ Enhancements

  • [PowPersistentSession.Plug.Cookie] Now stores the user struct instead of clauses
  • [PowPersistentSession.Plug.Base] Now includes :pow_config in the store config
  • [PowResetPassword.Plug] Now includes :pow_config in the store config
  • [Pow.Plug.Base] Now includes :pow_config in the store config
  • [Pow.Operations] Added Pow.Operations.reload/2 to reload structs
  • ⚡️ [PowPersistentSession.Store.PersistentSessionCache] Update PowPersistentSession.Store.PersistentSessionCache.get/2 to reload the user using Pow.Operations.reload/2
  • 🔧 [Pow.Store.CredentialsCache] Now support reload: true configuration so once fetched from the cache the user object will be reloaded through the context module

  📚 Documentation

  • ⚡️ Updated the [API guide](guides/api.md) as it's no longer necessary to load the user struct

  Migration

  ⚡️ If you've used an API setup for previous version, you'll see the warning PowPersistentSession.Store.PersistentSessionCache.get/2 call without `:pow_config` in second argument is deprecated, refer to the API guide.. It's recommended to replace your APIAuthPlug with the updated version in the API guide.

  🔨 The larger refactor of cache setup in Pow v1.0.22 means that user struct is always expected to be passed in and returned by the stores, so it is no longer necessary to load the user in the API plug. The PowPersistentSession.Store.PersistentSessionCache has fallback logic to handle the deprecated clauses keyword list, and will load the user correctly.

• v1.0.21 Changes

  September 13, 2020

  ✨ Enhancements

  • [Pow.Plug.Base] Will now use the existing :pow_config in the conn when no plug options has been set #514
  • 🛠 [PowInvitation.Phoenix.InvitationController] Fixed bug where user was incorrectly redirected to the show action with unsigned token when user struct has no e-mail #535
  • ⚠ [Pow.Ecto.Schema] Now only emits warning for primitive Ecto types #541

  🐛 Bug fixes

  • [PowEmailConfirmation.Ecto.Schema] PowEmailConfirmation.Ecto.Schema.changeset/3 no longer sets the email to the unconfirmed email when the same email change is set twice #515
  • ⚠ [Pow.Extension.Phoenix.Messages] Fixed fallback message dializer warning #520
  • [Pow.Ecto.Context] Fixed bug where the macro didn't add :users_context to the Pow config in the module resulting in Pow.Ecto.Context.get_by/2 being called instead of get_by/1 in the custom context #537
  • 👍 [Pow.Ecto.Schema.Changeset] The Pow.Ecto.Schema.Changeset.validate_email/1 method has been improved per specifications to support wider unicode support, fully-qualified domain validation, and comments #565

• v1.0.20 Changes

  April 22, 2020

  👍 Now supports Phoenix 1.5, and requires Elixir 1.7 or higher. #494

  ✨ Enhancements

  • [Mix.Tasks.Pow.Extension.Phoenix.Gen.Templates] mix pow.extension.phoenix.gen.templates now dynamically loads template list from the extension base module #461
  • 👉 [PowResetPassword.Plug] PowResetPassword.Plug.load_user_by_token/2 now sets a :pow_reset_password_decoded_token key in conn.private that will be used in PowResetPassword.Plug.update_user_password/2 #464

• v1.0.19 Changes

  March 13, 2020

  Warning: This release will now sign and verify all tokens, causing previous tokens to no longer work. Any sessions and persistent sessions will be invalidated.

  ✨ Enhancements

  • 🔒 [Pow.Plug.Session] Now sets a global lock when renewing the session #414
  • 🔒 [PowPersistentSession.Plug.Cookie] Now sets a global lock when authenticating the user #414
  • [PowEmailConfirmation.Plug] Added PowEmailConfirmation.Plug.sign_confirmation_token/2 to sign the email_confirmation_token to prevent timing attacks #417
  • 👉 [PowEmailConfirmation.Plug] Added PowEmailConfirmation.Plug.load_user_by_token/2 to verify the signed email_confirmation_token to prevent timing attacks #446
  • [PowEmailConfirmation.Plug] Added PowEmailConfirmation.Plug.confirm_email/2 with map as second argument #446
  • [PowInvitation.Plug] Added PowInvitation.Plug.sign_invitation_token/2 to sign the invitation_token #417
  • [PowInvitation.Plug] Added PowInvitation.Plug.load_invited_user_by_token/2 to verify the signed invitation_token to prevent timing attacks #417
  • [PowResetPassword.Plug] Changed PowResetPassword.Plug.create_reset_token/2 to sign the :token #417
  • 👉 [PowResetPassword.Plug] Added PowResetPassword.Plug.load_user_by_token/2 to verify the signed token to prevent timing attacks #417
  • 👉 [PowResetPassword.Plug] Changed PowResetPassword.Plug.update_user_password/2 so it decodes the signed token #417
  • [PowPersistentSession.Plug.Cookie] Now uses signed tokens to prevent timing attacks #417
  • [Pow.Plug.Session] Now uses signed session ID's to prevent timing attacks #417
  • [Pow.Plug] Added Pow.Plug.sign_token/4 to sign tokens #417
  • [Pow.Plug] Added Pow.Plug.verify_token/4 to decode and verify signed tokens #417
  • [Pow.Plug.MessageVerifier] Added Pow.Plug.MessageVerifier module to sign and verify messages #417
  • [PowEmailConfirmation.Ecto.Context] Added PowEmailConfirmation.Ecto.Context.confirm_email/3 #446
  • [PowEmailConfirmation.Ecto.Schema] Added confirm_email_changeset/2 and pow_confirm_email_changeset/2 to the macro #446
  • [PowEmailConfirmation.Ecto.Schema] Added PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2 #446
  • [PowInvitation.Ecto.Schema] Added accept_invitation_changeset/2 and pow_accept_invitation_changeset/2 to the macro #446
  • [PowResetPassword.Ecto.Schema] Added reset_password_changeset/2 and pow_reset_password_changeset/2 to the macro #446
  • ⚠ [Pow.Ecto.Schema] Now emits a warning instead of raising error with missing fields/associations #455

  🗄 Deprecations

  • 🗄 [PowEmailConfirmation.Plug] PowEmailConfirmation.Plug.confirm_email/2 with token param as second argument has been deprecated in favor of PowEmailConfirmation.Plug.load_user_by_token/2, and PowEmailConfirmation.Plug.confirm_email/2 with map as second argument #446
  • 👉 [PowInvitation.Plug] PowInvitation.Plug.invited_user_from_token/2 has been deprecated in favor of PowInvitation.Plug.load_invited_user_by_token/2 #417
  • [PowInvitation.Plug] PowInvitation.Plug.assign_invited_user/2 has been deprecated #417
  • [PowResetPassword.Plug] PowResetPassword.Plug.user_from_token/2 has been deprecated in favor of PowResetPassword.Plug.load_user_by_token/2 #417
  • [PowResetPassword.Plug] PowResetPassword.Plug.assign_reset_password_user/2 has been deprecated #417
  • 🗄 [PowEmailConfirmation.Ecto.Context] PowEmailConfirmation.Ecto.Context.confirm_email/2 deprecated in favor of PowEmailConfirmation.Ecto.Context.confirm_email/3 #446
  • [PowEmailConfirmation.Ecto.Schema] PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/1 deprecated in favor of PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2 #446

  📚 Documentation

  • ⚡️ Updated the API guide with signed tokens #417

• v1.0.18 Changes

  February 14, 2020

  🐛 Bug fixes

  • 🛠 [Pow.Phoenix.Routes] Fixed bug where callback route methods is not using the overridden method #418
  • [PowPersistentSession.Plug.Cookie] PowPersistentSession.Plug.Cookie.delete/2 now correctly pulls token during :before_send callback #420
  • 🚚 [Pow.Plug.Session] Pow.Plug.Session.delete/2 now correctly pulls session id during :before_send callback so PowEmailConfirmation will remove set session #420

• 1
• 2
• 3
• Next ›
• Last »