Pow v1.0.16 Release Notes

Release Date: 2020-01-07 // 18 days ago
  • Note: This release contains an important security fix.

    ✨ Enhancements

    • [PowPersistentSession.Plug.Cookie] Now supports :persistent_session_cookie_opts to customize any options that will be passed on to Plug.Conn.put_resp_cookie/4 #365
    • [PowResetPassword.Phoenix.ResetPasswordController] Now uses PowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1 with a generic response that tells the user the email has been sent only if an account was found #349
    • [PowResetPassword.Phoenix.ResetPasswordController] When a user doesn't exist will now return success message if PowEmailConfirmation extension is enabled #349
    • [PowResetPassword.Phoenix.Messages] Added PowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1 and let PowResetPassword.Phoenix.Messages.email_has_been_sent/1 fall back to it #349
    • 0️⃣ [PowEmailConfirmation.Phoenix.ControllerCallbacks] When a user tries to sign up and the email has already been taken the default e-mail confirmation required message will be shown #350
    • [Pow.Plug.Session] Now renews the Plug session each time the Pow session is created or rolled 578ffd3

    🐛 Bug fixes

    • [Pow.Ecto.Schema.Changeset] Fixed bug where Pow.Ecto.Schema.Changeset.user_id_field_changeset/3 update with nil value caused an exception to be raised #364
    • [PowPersistentSession.Plug.Cookie] Now expires the cookie 10 seconds after the last request when authenticating to prevent multiple simultaneous requests deletes the cookie immediately #366

    📚 Documentation


Previous changes from v1.0.15

  • ✨ Enhancements

    • [Pow.Extension.Base] Extensions are now expected to have a base module with compile-time information whether certain modules are available to prevent unnecessary Code.ensure_compiled?/1 calls: #335
      • Added Pow.Extension.Base module
      • Added PowEmailConfirmation module
      • Added PowInvitation module
      • Added PowPersistentSession module
      • Added PowResetPassword module
    • 📇 [PowPersistentSession.Plug.Cookie] Added support for custom metadata: #332
      • PowPersistentSession.Plug.Cookie.create/3 now stores a metadata keyword list that can be populated
      • PowPersistentSession.Plug.Cookie.create/3 will now, instead of adding :session_fingerprint to the metadata, populate the :session_metadata keyword list with :fingerprint
      • PowPersistentSession.Plug.Cookie.authenticate/2 will now populate session metadata with what exists in :session_metadata key for the persistent session metadata
      • PowPersistentSession.Plug.Cookie.create/3 now ensures to delete the previous persistent session first, if one is found in cookies
    • [Pow.Extension.Config] Added Pow.Extension.Config.extension_modules/2 #334

    🐛 Bug fixes

    • 🛠 [Router.Phoenix.Router] Fixed bug where resource routes were not filtered correctly according to the path bindings #328

    🗄 Deprecations

    • 🗄 [Pow.Extension.Config] Deprecated Pow.Extension.Config.discover_modules/2 #334