Pow v1.0.17 Release Notes
Release Date: 2020-02-04 // about 4 years ago-
✨ Enhancements
- [
Pow.Ecto.Context
] Calls toPow.Ecto.Context.get_by/2
replaced withPow.Operations.get_by/2
so custom users context module can be used. The following methods has been updated: #343Pow.Ecto.Context.authenticate/2
PowEmailConfirmation.Ecto.Context.get_by_confirmation_token/2
PowInvitation.Ecto.Context.get_by_invitation_token/2
PowResetPassword.Ecto.Context.get_by_email/2
- [
Pow.Ecto.Schema.Changeset
]Pow.Ecto.Schema.Changeset.confirm_password_changeset/3
now adds the defaultEcto.Changeset.validate_confirmation/3
error instead of the previousnot same as password
error #380 - [
Pow.Ecto.Schema.Changeset
]Pow.Ecto.Schema.Changeset.confirm_password_changeset/3
now uses theEcto.Changeset.validate_confirmation/3
for validation and expects:password_confirmation
instead of:confirm_password
in params #379 - [
Pow.Ecto.Schema.Changeset
]Pow.Ecto.Schema.Changeset.new_password_changeset/3
now only requires the:password_hash
if there have been no previous errors set in the changeset #391 - [
Pow.Ecto.Schema
] No longer adds:confirm_password
virtual field #379 - [
Pow.Ecto.Schema
] Now has an@after_compile
callback that ensures all required fields has been defined #376 - [
PowInvitation.Phoenix.InvitationView
] Now renders:password_confirmation
field instead of:confirm_password
#379 - [
PowResetPassword.Phoenix.ResetPasswordView
] Now renders:password_confirmation
field instead of:confirm_password
#379 - [
Pow.Phoenix.RegistrationView
] Now renders:password_confirmation
field instead of:confirm_password
#379 - [
PowEmailConfirmation.Ecto.Schema
] No longer validates if:email
has been taken before setting:unconfirmed_email
#379 - [
PowEmailConfirmation.Phoenix.ControllerCallbacks
] Now prevents user enumeration attack forPowInvitation.Phoenix.InvitationController.create/2
#384 - 0️⃣ [
PowPersistentSession.Plug.Cookie
] Changed default cookie name topersistent_session
#385 - 🚚 [
PowPersistentSession.Plug.Cookie
] Removed renewal of cookie as the token will always expire #385 - [
PowPersistentSession.Plug.Cookie
] No longer expires invalid cookies #390 - [
Pow.Operations
] AddedPow.Operations.fetch_primary_key_values/2
#393 - [
PowPersistentSession.Plug.Base
] Now registers:before_send
callbacks #398 - ⚡️ [
PowPersistentSession.Plug.Cookie
] Now updates cookie and backend store in:before_send
callback #398 - [
Pow.Plug.Base
] Now registers:before_send
callbacks #398 - ⚡️ [
Pow.Plug.Session
] Now updates plug session and backend store in:before_send
callback #398 - [
Pow.Plug
] AddedPow.Plug.create/3
#405 - [
Pow.Plug
] AddedPow.Plug.delete/2
#405
✂ Removed
- [
PowResetPassword.Phoenix.ResetPasswordController
] Will no longer prevent information leak by checking ifPowEmailConfirmation
or registration routes are enabled; instead it'll by default prevent user enumeration, but can be disabled ifpow_prevent_user_enumeration: false
is set inconn.private
#384
🐛 Bug fixes
- [
PowPersistentSession.Plug.Base
] With custom:persistent_session_store
now falls back to:cache_store_backend
configuration option #408 - [
PowResetPassword.Plug
] With custom:reset_password_token_store
now falls back to:cache_store_backend
configuration option #408 - [
Pow.Plug.Base
] With custom:credentials_cache_store
now falls back to:cache_store_backend
configuration option #408
🗄 Deprecations
- [
Pow.Ecto.Changeset
]Pow.Ecto.Schema.Changeset.confirm_password_changeset/3
has deprecated use of:confirm_password
in params in favor of:password_confirmation
#379 - [
Pow.Plug.Session
]:session_store
option has been renamed to:credentials_cache_store
#399 - [
Pow.Plug
]Pow.Plug.clear_authenticated_user/1
deprecated in favor ofPow.Plug.delete/1
#405
- [