Pow v1.0.14 Release Notes
Release Date: 2019-10-29 // over 4 years ago-
๐ Changes
- ๐ Changed minmum password length to 8 (OWASP/NIST recommendations) #274
Pow.Phoenix.Router
now only filters routes that has equal number of bindings #292Pow.Phoenix.Routes.user_not_authenticated_path/1
now only puts the:request_path
param if the request is using "GET" method #303- ๐จ The stores has been refactored so the command conforms with ETS store. This means that put commands now accept
{key, value}
record element(s), and keys may be list for easier lookup. #304Pow.Store.Backend.Base
behaviour now requires to;- Accept
Pow.Store.Backend.Base.record/0
values forput/2
- Accept
Pow.Store.Backend.Base.key/0
fordelete/2
andget/2
- Implement
all/2
- Remove
keys/1
- Remove
put/3
Pow.Store.Backend.EtsCache
now uses:ordered_set
instead of:set
for efficiencyPow.Store.Backend.MnesiaCache
now uses:ordered_set
instead of:set
for efficiencyPow.Store.Backend.MnesiaCache
will delete all binary key records when initializedPow.Store.Base
behaviour now requires to;- Accept erlang term value for keys in all methods
- Implement
put/3
instead ofput/4
- Implement
delete/2
instead ofput/3
- Implement
get/2
instead ofput/3
- Remove
keys/2
Pow.Store.Base.all/3
addedPow.Store.Base.put/3
addedPow.Store.Base
will use binary key rather than key list ifall/2
doesn't exist in the backend cache- Added
Pow.Store.CredentialsCache.users/2
- Added
Pow.Store.CredentialsCache.sessions/2
Pow.Store.CredentialsCache
now adds a session key rather than appending to a list for the user key to prevent race condition
- ๐
Pow.Plug.Session.create/3
now stores a keyword list with metadata for the session rather than just a timestamp #286 Pow.Plug.Session.fetch/2
andPow.Plug.Session.create/3
now assigns:pow_session_metadata
inconn.private
with the session metadata #287Pow.Plug.Session.create/3
will use the metadata found inconn.private[:pow_session_metadata]
if it exists and otherwise add a randomly unique id for:fingerprint
#287PowPersistentSession.Plug.Cookie.create/3
will use the value ofconn.private[:pow_session_metadata][:fingerprint]
if it exists as:session_fingerprint
in the persistent session metadata #287PowPersistentSession.Plug.Cookie.authenticate/2
will assign:fingerprint
toconn.private[:pow_session_metadata]
if it exists in the persistent session metadata #287- ๐
Pow.Store.CredentialsCache.put/3
will invalidate any other sessions with the same:fingerprint
if any is set in session metadata #287 PowResetPassword.Phoenix.ResetPasswordController.create/2
when a user doesn't exist will now only return success message if the registration routes has been disabled, otherwise the form with an error message will be returned #314- Added
PowResetPassword.Phoenix.Messages.user_not_found/1
#314
๐ Bug fixes
- ๐ Fixed bug where
Pow.Store.CredentialsCache
wasn't used due to howPow.Store.Base
macro worked #286 - ๐ Fixed bug where
PowEmailConfirmation.Phoenix.ControllerCallbacks
couldn't deliver email #309
๐ Deprecations
- ๐ Deprecated
Pow.Store.Backend.EtsCache.keys/1
#304 - ๐ Deprecated
Pow.Store.Backend.EtsCache.put/3
#304 - ๐ Deprecated
Pow.Store.Backend.MnesiaCache.keys/1
#304 - ๐ Deprecated
Pow.Store.Backend.MnesiaCache.put/3
#304 - ๐ Deprecated
Pow.Store.Base.keys/2
#304 - ๐ Deprecated
Pow.Store.Base.put/4
#304 - Deprecated
Pow.Store.CredentialsCache.user_session_keys/3
#304 - ๐ Deprecated
Pow.Store.CredentialsCache.sessions/3
#304