« Changelog History


Pow v1.0.17 Release Notes

Release Date: 2020-02-04 // about 4 years ago

  • ✨ Enhancements

    • [Pow.Ecto.Context] Calls to Pow.Ecto.Context.get_by/2 replaced with Pow.Operations.get_by/2 so custom users context module can be used. The following methods has been updated: #343
      • Pow.Ecto.Context.authenticate/2
      • PowEmailConfirmation.Ecto.Context.get_by_confirmation_token/2
      • PowInvitation.Ecto.Context.get_by_invitation_token/2
      • PowResetPassword.Ecto.Context.get_by_email/2
    • [Pow.Ecto.Schema.Changeset] Pow.Ecto.Schema.Changeset.confirm_password_changeset/3 now adds the default Ecto.Changeset.validate_confirmation/3 error instead of the previous not same as password error #380
    • [Pow.Ecto.Schema.Changeset] Pow.Ecto.Schema.Changeset.confirm_password_changeset/3 now uses the Ecto.Changeset.validate_confirmation/3 for validation and expects :password_confirmation instead of :confirm_password in params #379
    • [Pow.Ecto.Schema.Changeset] Pow.Ecto.Schema.Changeset.new_password_changeset/3 now only requires the :password_hash if there have been no previous errors set in the changeset #391
    • [Pow.Ecto.Schema] No longer adds :confirm_password virtual field #379
    • [Pow.Ecto.Schema] Now has an @after_compile callback that ensures all required fields has been defined #376
    • [PowInvitation.Phoenix.InvitationView] Now renders :password_confirmation field instead of :confirm_password #379
    • [PowResetPassword.Phoenix.ResetPasswordView] Now renders :password_confirmation field instead of :confirm_password #379
    • [Pow.Phoenix.RegistrationView] Now renders :password_confirmation field instead of :confirm_password #379
    • [PowEmailConfirmation.Ecto.Schema] No longer validates if :email has been taken before setting :unconfirmed_email #379
    • [PowEmailConfirmation.Phoenix.ControllerCallbacks] Now prevents user enumeration attack for PowInvitation.Phoenix.InvitationController.create/2 #384
    • 0️⃣ [PowPersistentSession.Plug.Cookie] Changed default cookie name to persistent_session #385
    • 🚚 [PowPersistentSession.Plug.Cookie] Removed renewal of cookie as the token will always expire #385
    • [PowPersistentSession.Plug.Cookie] No longer expires invalid cookies #390
    • [Pow.Operations] Added Pow.Operations.fetch_primary_key_values/2 #393
    • [PowPersistentSession.Plug.Base] Now registers :before_send callbacks #398
    • ⚡️ [PowPersistentSession.Plug.Cookie] Now updates cookie and backend store in :before_send callback #398
    • [Pow.Plug.Base] Now registers :before_send callbacks #398
    • ⚡️ [Pow.Plug.Session] Now updates plug session and backend store in :before_send callback #398
    • [Pow.Plug] Added Pow.Plug.create/3 #405
    • [Pow.Plug] Added Pow.Plug.delete/2 #405

    ✂ Removed

    • [PowResetPassword.Phoenix.ResetPasswordController] Will no longer prevent information leak by checking if PowEmailConfirmation or registration routes are enabled; instead it'll by default prevent user enumeration, but can be disabled if pow_prevent_user_enumeration: false is set in conn.private #384

    🐛 Bug fixes

    • [PowPersistentSession.Plug.Base] With custom :persistent_session_store now falls back to :cache_store_backend configuration option #408
    • [PowResetPassword.Plug] With custom :reset_password_token_store now falls back to :cache_store_backend configuration option #408
    • [Pow.Plug.Base] With custom :credentials_cache_store now falls back to :cache_store_backend configuration option #408

    🗄 Deprecations

    • [Pow.Ecto.Changeset] Pow.Ecto.Schema.Changeset.confirm_password_changeset/3 has deprecated use of :confirm_password in params in favor of :password_confirmation #379
    • [Pow.Plug.Session] :session_store option has been renamed to :credentials_cache_store #399
    • [Pow.Plug] Pow.Plug.clear_authenticated_user/1 deprecated in favor of Pow.Plug.delete/1 #405