Pow v1.0.14 Release Notes

Release Date: 2019-10-29 // over 4 years ago
  • ๐Ÿ”„ Changes

    • ๐Ÿ”„ Changed minmum password length to 8 (OWASP/NIST recommendations) #274
    • Pow.Phoenix.Router now only filters routes that has equal number of bindings #292
    • Pow.Phoenix.Routes.user_not_authenticated_path/1 now only puts the :request_path param if the request is using "GET" method #303
    • ๐Ÿ”จ The stores has been refactored so the command conforms with ETS store. This means that put commands now accept {key, value} record element(s), and keys may be list for easier lookup. #304
      • Pow.Store.Backend.Base behaviour now requires to;
      • Accept Pow.Store.Backend.Base.record/0 values for put/2
      • Accept Pow.Store.Backend.Base.key/0 for delete/2 and get/2
      • Implement all/2
      • Remove keys/1
      • Remove put/3
      • Pow.Store.Backend.EtsCache now uses :ordered_set instead of :set for efficiency
      • Pow.Store.Backend.MnesiaCache now uses :ordered_set instead of :set for efficiency
      • Pow.Store.Backend.MnesiaCache will delete all binary key records when initialized
      • Pow.Store.Base behaviour now requires to;
      • Accept erlang term value for keys in all methods
      • Implement put/3 instead of put/4
      • Implement delete/2 instead of put/3
      • Implement get/2 instead of put/3
      • Remove keys/2
      • Pow.Store.Base.all/3 added
      • Pow.Store.Base.put/3 added
      • Pow.Store.Base will use binary key rather than key list if all/2 doesn't exist in the backend cache
      • Added Pow.Store.CredentialsCache.users/2
      • Added Pow.Store.CredentialsCache.sessions/2
      • Pow.Store.CredentialsCache now adds a session key rather than appending to a list for the user key to prevent race condition
    • ๐Ÿ“‡ Pow.Plug.Session.create/3 now stores a keyword list with metadata for the session rather than just a timestamp #286
    • Pow.Plug.Session.fetch/2 and Pow.Plug.Session.create/3 now assigns :pow_session_metadata in conn.private with the session metadata #287
    • Pow.Plug.Session.create/3 will use the metadata found in conn.private[:pow_session_metadata] if it exists and otherwise add a randomly unique id for :fingerprint #287
    • PowPersistentSession.Plug.Cookie.create/3 will use the value of conn.private[:pow_session_metadata][:fingerprint] if it exists as :session_fingerprint in the persistent session metadata #287
    • PowPersistentSession.Plug.Cookie.authenticate/2 will assign :fingerprint to conn.private[:pow_session_metadata] if it exists in the persistent session metadata #287
    • ๐Ÿ“‡ Pow.Store.CredentialsCache.put/3 will invalidate any other sessions with the same :fingerprint if any is set in session metadata #287
    • PowResetPassword.Phoenix.ResetPasswordController.create/2 when a user doesn't exist will now only return success message if the registration routes has been disabled, otherwise the form with an error message will be returned #314
    • Added PowResetPassword.Phoenix.Messages.user_not_found/1 #314

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  Fixed bug where Pow.Store.CredentialsCache wasn't used due to how Pow.Store.Base macro worked #286
    • ๐Ÿ›  Fixed bug where PowEmailConfirmation.Phoenix.ControllerCallbacks couldn't deliver email #309

    ๐Ÿ—„ Deprecations

    • ๐Ÿ—„ Deprecated Pow.Store.Backend.EtsCache.keys/1 #304
    • ๐Ÿ—„ Deprecated Pow.Store.Backend.EtsCache.put/3 #304
    • ๐Ÿ—„ Deprecated Pow.Store.Backend.MnesiaCache.keys/1 #304
    • ๐Ÿ—„ Deprecated Pow.Store.Backend.MnesiaCache.put/3 #304
    • ๐Ÿ—„ Deprecated Pow.Store.Base.keys/2 #304
    • ๐Ÿ—„ Deprecated Pow.Store.Base.put/4 #304
    • Deprecated Pow.Store.CredentialsCache.user_session_keys/3 #304
    • ๐Ÿ—„ Deprecated Pow.Store.CredentialsCache.sessions/3 #304