All Versions
20
Latest Version
Avg Release Cycle
33 days
Latest Release
96 days ago

Changelog History
Page 1

  • v0.4.10

    November 24, 2020

    โœจ Enhancements

    • [PowAssent.Plug] Fixed bug where the :cache_store_backend was not being loaded from the application environment correctly #198
  • v0.4.9

    October 18, 2020

    โœจ Enhancements

    • [PowAssent.Plug] Now stores a session cookie instead of using Plug.Session to prevent SameSite policy issue in form_post flow #190
    • [PowAssent.Plug] PowAssent.Plug.callback/4 now adds the userinfo with claims to the user identity params #160
  • v0.4.8

    May 18, 2020

    โœจ Enhancements

    • [PowAssent.Plug] Added PowAssent.Plug.put_create_session_callback/2 #178
    • [PowAssent.Plug] Added PowAssent.Plug.fetch_config/1 #178
    • [PowAssent.Plug] Now calls create session callbacks set with PowAssent.Plug.put_create_session_callback/2 when a session is created #178
    • [PowAssent.Plug.Reauthorization] Added plug to enable reauthorization #178
    • ๐Ÿ‘ป [PowAssent.Phoenix.AuthorizationController] Now instead of raising an exception for strategy errors, the user is redirected to the sign in page with a generic error message #179
    • [PowAssent.Config] Added PowAssent.Config.merge_provider_config/3 #166
    • [PowAssent.Plug] Added PowAssent.Plug.merge_provider_config/3 #166
  • v0.4.7

    April 22, 2020

    ๐Ÿ‘ Now support Phoenix 1.5 and requires Pow ~> 1.0.19 and Elixir 1.7.

  • v0.4.6

    February 16, 2020

    The callback flow has been changed so sessions are now stored in the backend cache with PowAssent.Store.SessionCache instead of using Plug.Session. This prevents exposure of sensitive data, as the only thing stored in the Plug session is a random UUID.

    โšก๏ธ Updated Pow requirement to ~> 1.0.17. #141

    โœจ Enhancements

    • ๐Ÿ‘‰ [PowAssent.Plug] Added PowAssent.Plug.change_user/4 #118
    • [PowAssent.Operations] Added PowAssent.Operations.user_identity_changeset/4 #118
    • [PowAssent.Phoenix.AuthorizationController] Now prevents user enumeration attack using PowEmailConfirmation.Phoenix.ControllerCallbacks when PowEmailConfirmation extension is enabled #128
    • ๐Ÿ‘‰ [PowAssent.Phoenix.AuthorizationController] Now stores :changeset in session when redirecting to :add_user_id page #137
    • [PowAssent.Phoenix.RegistrationController] Now prevents user enumeration attack using PowEmailConfirmation.Phoenix.ControllerCallbacks when PowEmailConfirmation extension is enabled #128
    • ๐Ÿ‘‰ [PowAssent.Phoenix.RegistrationController] Now uses :changeset stored in the session when rendering :add_user_id page #137
    • [PowAssent.Plug] Moved business logic away from PowAssent.Phoenix.AuthorizationController into PowAssent.Plug.callback_upsert/4 that will authenticate, upsert user identity, or create user #133
    • [PowAssent.Store.SessionCache] Added session store module #135
    • [PowAssent.Plug] Added PowAssent.Plug.init_session/1 #135
    • [PowAssent.Plug] Added PowAssent.Plug.put_session/3 #135
    • [PowAssent.Plug] Added PowAssent.Plug.delete_session/2 #135

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  [PowAssent.Ecto.Schema] Fixed issue in PowAssent.Ecto.Schema.changeset/2 where confirmation token was not set thus allowing users with unconfirmed email to sign in #121

    ๐Ÿ“š Documentation

  • v0.4.5

    December 06, 2019
    • [PowAssent.Phoenix.AuthorizationController] Now supports :request_path param so the user will be redirected back to :request_path after successful authorization #110
    • ๐Ÿ”— [PowAssent.Phoenix.ViewHelpers] PowAssent.Phoenix.ViewHelpers.authorization_link/3 now adds :request_path to the query param if assigned to the conn #110
    • ๐Ÿ”— [PowAssent.Phoenix.ViewHelpers] PowAssent.Phoenix.ViewHelpers.authorization_link/3, PowAssent.Phoenix.ViewHelpers.deauthorization_link/3, and PowAssent.Phoenix.ViewHelpers.provider_links/2 now accepts keyword list with options to be passed on to the link generation #112
  • v0.4.4

    November 22, 2019

    Note: This release contains an important security fix.

    • [PowAssent.Plug] Now uses String.to_existing_atom/1 in PowAssent.Plug.providers_for_current_user/1
    • [PowAssent.Plug] Fixed security issue by removing String.to_atom/1 for user provided binary in PowAssent.Plug.authorize_url/3 and PowAssent.Plug.callback/4
    • [PowAssent.Config] PowAssent.Config.get_provider_config/2 now accepts binary provider
  • v0.4.3

    November 20, 2019

    ๐Ÿ”„ Changes

    • Removed :phoenix_html dependency requirement #104
    • โž• Added Pow minimum requirement ~> 1.0.15 #107
    • ๐Ÿ‘‰ Use Pow.Extension.Base macro for new extension setup #107
  • v0.4.2

    November 13, 2019

    ๐Ÿ”„ Changes

    • โž• Added support for POST callback from provider: #101
      • Added pow_assent_authorization_post_callback_routes/0 macro to PowAssent.Phoenix.Router
      • Added :skip_csrf_protection pipeline example and scope with pow_assent_authorization_post_callback_routes/0 call to the docs
      • Use Pow.Phoenix.Router macros to dynamically filter duplicate routes
  • v0.4.1

    October 08, 2019

    ๐Ÿ”„ Changes

    • Use Assent v0.1.2 and set :redirect_uri in config for OAuth 2.0 callback phase #97