ยซ Changelog History


PowAssent v0.4.6 Release Notes

Release Date: 2020-02-16 // about 4 years ago

  • The callback flow has been changed so sessions are now stored in the backend cache with PowAssent.Store.SessionCache instead of using Plug.Session. This prevents exposure of sensitive data, as the only thing stored in the Plug session is a random UUID.

    โšก๏ธ Updated Pow requirement to ~> 1.0.17. #141

    โœจ Enhancements

    • ๐Ÿ‘‰ [PowAssent.Plug] Added PowAssent.Plug.change_user/4 #118
    • [PowAssent.Operations] Added PowAssent.Operations.user_identity_changeset/4 #118
    • [PowAssent.Phoenix.AuthorizationController] Now prevents user enumeration attack using PowEmailConfirmation.Phoenix.ControllerCallbacks when PowEmailConfirmation extension is enabled #128
    • ๐Ÿ‘‰ [PowAssent.Phoenix.AuthorizationController] Now stores :changeset in session when redirecting to :add_user_id page #137
    • [PowAssent.Phoenix.RegistrationController] Now prevents user enumeration attack using PowEmailConfirmation.Phoenix.ControllerCallbacks when PowEmailConfirmation extension is enabled #128
    • ๐Ÿ‘‰ [PowAssent.Phoenix.RegistrationController] Now uses :changeset stored in the session when rendering :add_user_id page #137
    • [PowAssent.Plug] Moved business logic away from PowAssent.Phoenix.AuthorizationController into PowAssent.Plug.callback_upsert/4 that will authenticate, upsert user identity, or create user #133
    • [PowAssent.Store.SessionCache] Added session store module #135
    • [PowAssent.Plug] Added PowAssent.Plug.init_session/1 #135
    • [PowAssent.Plug] Added PowAssent.Plug.put_session/3 #135
    • [PowAssent.Plug] Added PowAssent.Plug.delete_session/2 #135

    ๐Ÿ› Bug fixes

    • ๐Ÿ›  [PowAssent.Ecto.Schema] Fixed issue in PowAssent.Ecto.Schema.changeset/2 where confirmation token was not set thus allowing users with unconfirmed email to sign in #121

    ๐Ÿ“š Documentation