PowAssent v0.4.6 Release Notes
Release Date: 2020-02-16 // about 4 years ago-
The callback flow has been changed so sessions are now stored in the backend cache with
PowAssent.Store.SessionCache
instead of usingPlug.Session
. This prevents exposure of sensitive data, as the only thing stored in the Plug session is a random UUID.โก๏ธ Updated Pow requirement to
~> 1.0.17
. #141โจ Enhancements
- ๐ [
PowAssent.Plug
] AddedPowAssent.Plug.change_user/4
#118 - [
PowAssent.Operations
] AddedPowAssent.Operations.user_identity_changeset/4
#118 - [
PowAssent.Phoenix.AuthorizationController
] Now prevents user enumeration attack usingPowEmailConfirmation.Phoenix.ControllerCallbacks
whenPowEmailConfirmation
extension is enabled #128 - ๐ [
PowAssent.Phoenix.AuthorizationController
] Now stores:changeset
in session when redirecting to:add_user_id
page #137 - [
PowAssent.Phoenix.RegistrationController
] Now prevents user enumeration attack usingPowEmailConfirmation.Phoenix.ControllerCallbacks
whenPowEmailConfirmation
extension is enabled #128 - ๐ [
PowAssent.Phoenix.RegistrationController
] Now uses:changeset
stored in the session when rendering:add_user_id
page #137 - [
PowAssent.Plug
] Moved business logic away fromPowAssent.Phoenix.AuthorizationController
intoPowAssent.Plug.callback_upsert/4
that will authenticate, upsert user identity, or create user #133 - [
PowAssent.Store.SessionCache
] Added session store module #135 - [
PowAssent.Plug
] AddedPowAssent.Plug.init_session/1
#135 - [
PowAssent.Plug
] AddedPowAssent.Plug.put_session/3
#135 - [
PowAssent.Plug
] AddedPowAssent.Plug.delete_session/2
#135
๐ Bug fixes
- ๐ [
PowAssent.Ecto.Schema
] Fixed issue inPowAssent.Ecto.Schema.changeset/2
where confirmation token was not set thus allowing users with unconfirmed email to sign in #121
๐ Documentation
- Added legacy migration guide #129
- Added API guide #143
- ๐ [