|
1 | 1 | # Changelog |
2 | 2 |
|
3 | | -## v1.0.14 (2019-10-29) |
| 3 | +## v1.1.0 (TBA) |
4 | 4 |
|
5 | 5 | ### Changes |
6 | 6 |
|
7 | | -* Changed minmum password length to 8 (OWASP/NIST recommendations) |
8 | | -* `Pow.Phoenix.Router` now only filters routes that has equal number of bindings |
9 | | -* `Pow.Phoenix.Routes.user_not_authenticated_path/1` now only puts the `:request_path` param if the request is using "GET" method |
10 | | -* The stores has been refactored so the command conforms with ETS store. This means that put commands now accept `{key, value}` record element(s), and keys may be list for easier lookup. |
11 | | - * `Pow.Store.Backend.Base` behaviour now requires to; |
12 | | - * Accept `Pow.Store.Backend.Base.record/0` values for `put/2` |
13 | | - * Accept `Pow.Store.Backend.Base.key/0` for `delete/2` and `get/2` |
14 | | - * Implement `all/2` |
15 | | - * Remove `keys/1` |
16 | | - * Remove `put/3` |
17 | | - * `Pow.Store.Backend.EtsCache` now uses `:ordered_set` instead of `:set` for efficiency |
18 | | - * `Pow.Store.Backend.MnesiaCache` now uses `:ordered_set` instead of `:set` for efficiency |
19 | | - * `Pow.Store.Backend.MnesiaCache` will delete all binary key records when initialized |
20 | | - * `Pow.Store.Base` behaviour now requires to; |
21 | | - * Accept erlang term value for keys in all methods |
22 | | - * Implement `put/3` instead of `put/4` |
23 | | - * Implement `delete/2` instead of `put/3` |
24 | | - * Implement `get/2` instead of `put/3` |
25 | | - * Remove `keys/2` |
26 | | - * `Pow.Store.Base.all/3` added |
27 | | - * `Pow.Store.Base.put/3` added |
28 | | - * `Pow.Store.Base` will use binary key rather than key list if `all/2` doesn't exist in the backend cache |
29 | | - * Added `Pow.Store.CredentialsCache.users/2` |
30 | | - * Added `Pow.Store.CredentialsCache.sessions/2` |
31 | | - * `Pow.Store.CredentialsCache` now adds a session key rather than appending to a list for the user key to prevent race condition |
32 | | -* `Pow.Plug.Session.create/3` now stores a keyword list with metadata for the session rather than just a timestamp |
33 | | -* `Pow.Plug.Session.fetch/2` and `Pow.Plug.Session.create/3` now assigns `:pow_session_metadata` in `conn.private` with the session metadata |
34 | | -* `Pow.Plug.Session.create/3` will use the metadata found in `conn.private[:pow_session_metadata]` if it exists and otherwise add a randomly unique id for `:fingerprint` |
35 | | -* `PowPersistentSession.Plug.Cookie.create/3` will use the value of `conn.private[:pow_session_metadata][:fingerprint]` if it exists as `:session_fingerprint` in the persistent session metadata |
36 | | -* `PowPersistentSession.Plug.Cookie.authenticate/2` will assign `:fingerprint` to `conn.private[:pow_session_metadata]` if it exists in the persistent session metadata |
37 | | -* `Pow.Store.CredentialsCache.put/3` will invalidate any other sessions with the same `:fingerprint` if any is set in session metadata |
38 | | -* `PowResetPassword.Phoenix.ResetPasswordController.create/2` when a user doesn't exist will now only return success message if the registration routes has been disabled, otherwise the form with an error message will be returned |
39 | | -* Added `PowResetPassword.Phoenix.Messages.user_not_found/1` |
40 | | - |
41 | | -### Bug fixes |
42 | | - |
43 | | -* Fixed bug where `Pow.Store.CredentialsCache` wasn't used due to how `Pow.Store.Base` macro worked |
44 | | -* Fixed bug where `PowEmailConfirmation.Phoenix.ControllerCallbacks` couldn't deliver email |
| 7 | +- Requires Elixir 1.7 or higher |
| 8 | +- Requires Ecto 3.0 or higher |
| 9 | +- Requires Phoenix 1.4.7 or higher |
45 | 10 |
|
46 | 11 | ### Deprecations |
47 | 12 |
|
48 | | -* Deprecated `Pow.Store.Backend.EtsCache.keys/1` |
49 | | -* Deprecated `Pow.Store.Backend.EtsCache.put/3` |
50 | | -* Deprecated `Pow.Store.Backend.MnesiaCache.keys/1` |
51 | | -* Deprecated `Pow.Store.Backend.MnesiaCache.put/3` |
52 | | -* Deprecated `Pow.Store.Base.keys/2` |
53 | | -* Deprecated `Pow.Store.Base.put/4` |
54 | | -* Deprecated `Pow.Store.CredentialsCache.user_session_keys/3` |
55 | | -* Deprecated `Pow.Store.CredentialsCache.sessions/3` |
56 | | - |
57 | | -## v1.0.13 (2019-08-25) |
58 | | - |
59 | | -* Updated `PowEmailConfirmation.Ecto.Schema.changeset/3` so; |
60 | | - * when `:email` is identical to `:unconfirmed_email` it won't generate new `:email_confirmation_token` |
61 | | - * when `:email` is identical to the persisted `:email` value both `:email_confirmation_token` and `:unconfirmed_email` will be set to `nil` |
62 | | - * when there is no `:email` value in the params nothing happens |
63 | | -* Updated `PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/1` so now `:email_confirmation_token` is set to `nil` |
64 | | -* Updated `Pow.Ecto.Schema.Changeset.user_id_field_changeset/3` so the e-mail validator now accepts unicode e-mails |
65 | | -* Added `PowEmailConfirmation.Ecto.Context.current_email_unconfirmed?/2` and `PowEmailConfirmation.Plug.pending_email_change?/1` |
66 | | -* Added `:email_validator` configuration option to `Pow.Ecto.Schema.Changeset` |
67 | | -* Added `Pow.Ecto.Schema.Changeset.validate_email/1` |
68 | | -* Fixed bug in `PowEmailConfirmation.Phoenix.ControllerCallbacks.send_confirmation_email/2` where the confirmation e-mail wasn't send to the updated e-mail address |
69 | | - |
70 | | -## v1.0.12 (2019-08-16) |
71 | | - |
72 | | -* Added API integration guide |
73 | | -* Added `:reset_password_token_store` configuration setting |
74 | | -* To prevent timing attacks, `Pow.Ecto.Context.authenticate/2` now verifies password on a blank user struct when no user can be found for the provided user id, but will always return nil. The blank user struct has a nil `:password_hash` value. The struct will be passed along with a blank password to the `verify_password/2` method in the user schema module. |
75 | | -* To prevent timing attacks, when `Pow.Ecto.Schema.Changeset.verify_password/3` receives a struct with a nil `:password_hash` value, it'll hash a blank password, but always return false. |
76 | | -* To prevent timing attacks, the UUID is always generated in `PowResetPassword.Plug.create_reset_token/2` whether the user exists or not. |
77 | | -* `PowPersistentSession.Plug.Base` now accepts `:persistent_session_ttl` which will pass the TTL to the cache backend and used for the max age of the sesion cookie in `PowPersistentSession.Plug.Cookie` |
78 | | -* Deprecated `:persistent_session_cookie_max_age` configuration setting |
79 | | -* `Pow.Store.Backend.MnesiaCache` can now auto join clusters |
80 | | -* `Pow.Store.Backend.MnesiaCache.Unsplit` module added for self-healing after network split |
81 | | -* Removed `:nodes` config option for `Pow.Store.Backend.MnesiaCache` |
82 | | - |
83 | | -## v1.0.11 (2019-06-13) |
84 | | - |
85 | | -* Fixed bug in router filters with Phoenix 1.4.7 |
86 | | - |
87 | | -## v1.0.10 (2019-06-09) |
88 | | - |
89 | | -* Prevent browser cache of `Pow.Phoenix.SessionController.new/2`, `Pow.Phoenix.RegistrationController.new/2` and `PowInvitation.Phoenix.InvitationController.edit/2` by setting "Cache-Control" header unless it already has been customized |
90 | | -* All links in docs generated with `mix docs` and on [hexdocs.pm](http://hexdocs.pm/pow/) now works |
91 | | -* Generated docs now uses lower case file name except for `README`, `CONTRIBUTING` and `CHANGELOG` |
92 | | -* Removed duplicate call for `Pow.Plug.Session.delete/2` in `Pow.Plug.Sesssion.create/3` |
93 | | - |
94 | | -## v1.0.9 (2019-06-04) |
95 | | - |
96 | | -### Changes |
97 | | - |
98 | | -* `Pow.Phoenix.Router` will now only add specific routes if there is no matching route already defined |
99 | | -* Added `Pow.Plug.get_plug/1` and instead of `:mod`, `:plug` is used in config |
100 | | -* `Pow.Ecto.Context.authenticate/2` now returns nil if user id or password is nil |
101 | | - |
102 | | -### Bug fixes |
103 | | - |
104 | | -* Fixed bug with exception raised in `Pow.Ecto.Schema.normalize_user_id_field_value/1` when calling `Pow.Ecto.Context.get_by/2` with a non binary user id |
105 | | -* Fixed bug with exception raised in `Pow.Ecto.Schema.normalize_user_id_field_value/1` when calling `Pow.Ecto.Context.authenticate/2` with a non binary user id |
106 | | - |
107 | | -### Deprecations |
108 | | - |
109 | | -* Deprecated `Pow.Plug.get_mod/1` |
110 | | -* Removed call to `Pow.Ecto.Context.repo/1` |
111 | | - |
112 | | -## v1.0.8 (2019-05-24) |
113 | | - |
114 | | -### Changes |
115 | | - |
116 | | -* Added support for layout in mails with `Pow.Phoenix.Mailer.Mail` by setting `conn.private[:pow_mailer_layout]` same way as the Phoenix layout with `conn.private[:phoenix_layout]` |
117 | | -* Added `:prefix` repo opts support to use in multitenant apps |
118 | | -* Removed `@changeset.data.__struct__.pow_user_id_field()` in template in favor of using `Pow.Ecto.Schema.user_id_field/1` |
119 | | - |
120 | | -### Bug fixes |
121 | | - |
122 | | -* Fixed bug in `Pow.Ecto.Schema.Changeset.current_password_changeset/3` where an exception would be thrown if the virtual `:current_password` field of the user struct was set and either the `:current_password` change was blank or identical |
123 | | - |
124 | | -### Deprecations |
125 | | - |
126 | | -* Deprecated `Mix.Pow.Ecto.Migration.create_migration_files/3` and moved it to `Mix.Pow.Ecto.Migration.create_migration_file/3` |
127 | | -* Deprecated `Pow.Ecto.Context.repo/1` and moved it to `Pow.Config.repo!/1` |
128 | | -* Deprecated `Pow.Ecto.Context.user_schema_mod/1` and moved it to `Pow.Config.user!/1` |
129 | | - |
130 | | -## v1.0.7 (2019-05-01) |
131 | | - |
132 | | -* Fixed bug with Phoenix 1.4.4 scoped routes |
133 | | - |
134 | | -## v1.0.6 (2019-04-19) |
135 | | - |
136 | | -* Fixed bug where custom layout setting raised exception in `Pow.Phoenix.ViewHelpers.layout/1` |
137 | | -* Prevent users from changing their email to one already taken when the PowEmailConfirmation extension has been enabled |
138 | | - |
139 | | -## v1.0.5 (2019-04-09) |
140 | | - |
141 | | -* Added `extension_messages/1` to extension controllers and callbacks |
142 | | -* Improved feedback for when no templates are generated for an extension with `mix pow.extension.phoenix.gen.templates` and `mix pow.extension.phoenix.mailer.gen.templates` tasks |
143 | | -* Error flash is no longer overridden in `Pow.Phoenix.PlugErrorHandler` if the error message is nil |
144 | | -* Fixed bug in the migration generator where `references/2` wasn't called with options |
145 | | -* Support any `:plug` version below `2.0.0` |
146 | | -* Deprecated `Pow.Extension.Ecto.Context.Base` |
147 | | - |
148 | | -## v1.0.4 (2019-03-13) |
149 | | - |
150 | | -* Added `PowInvitation` to the `mix pow.extension.phoenix.gen.templates` and `mix pow.extension.phoenix.mailer.gen.templates` tasks |
151 | | -* Fixed issue in umbrella projects where extensions wasn't found in environment configuration |
152 | | -* Fixed so `:namespace` environment config can be used as web app module name |
153 | | -* Shell instructions will only be printed if the configuration is missing |
154 | | -* Now requires that `:ecto` or `:phoenix` are included in the dependency list for the app to run respective mix tasks |
155 | | -* Deprecated `Mix.Pow.context_app/0` |
156 | | -* Deprecated `Mix.Pow.ensure_dep!/3` |
157 | | -* Deprecated `Mix.Pow.context_base/1` |
158 | | - |
159 | | -## v1.0.3 (2019-03-09) |
160 | | - |
161 | | -### Changes |
162 | | - |
163 | | -* Added `PowInvitation` extension |
164 | | -* Added support in `Pow.Ecto.Schema` for Ecto associations fields |
165 | | -* Added support for adding custom methods with `Pow.Extension.Ecto.Schema` through `__using__/1` macro in extension ecto schema module |
166 | | -* Help information raised with invalid schema arguments for `pow.install`, `pow.ecto.install`, `pow.ecto.gen.migration`, and `pow.ecto.gen.schema` mix tasks |
167 | | -* `PowEmailConfirmation` now redirects unconfirmed users to `after_registration_path/1` or `after_sign_in_path/1` rather than `pow_session_path(conn, :new)` |
168 | | - |
169 | | -### Bug fixes |
170 | | - |
171 | | -* Correct shell instructions for `mix pow.install` task with custom schema |
172 | | -* Fixed bug in `Pow.Extension.Phoenix.Router.Base` and `Pow.Extension.Phoenix.Messages` where the full extension name wasn't used to namespace methods |
173 | | - |
174 | | -### Deprecations |
175 | | - |
176 | | -* Deprecated `Pow.Extension.Config.underscore_extension/1` |
177 | | -* Deprecated `PowResetPassword.Ecto.Context.password_changeset/2` |
178 | | -* Deprecated `Pow.Ecto.Schema.filter_new_fields/2` |
179 | | -* Deprecated `:messages_backend_fallback` setting for extension controllers |
180 | | -* Removed deprecated macro `router_helpers/1` in `Pow.Phoenix.Controller` |
181 | | - |
182 | | -## v1.0.2 (2019-02-28) |
183 | | - |
184 | | -* Added flash error message about e-mail confirmation for when user changes e-mail with PowEmailConfirmation enabled |
185 | | -* Added `new_password_changeset/3` and `confirm_password_changeset/3` to `Pow.Ecto.Schema.Changeset` |
186 | | -* Redis cache store backend guide |
187 | | -* Correct shell instructions for `mix pow.phoenix.gen.templates` task |
188 | | -* Only load environment config in `Pow.Config.get/3` when no key is set in the provided config |
189 | | -* Fixed issue in `Pow.Store.Backend.MnesiaCache.keys/1` and `Pow.Store.Backend.EtsCache.keys/1` so they now return keys without namespace |
190 | | -* `Pow.Store.Backend.MnesiaCache.put/3` now raises an error if TTL is not provided |
191 | | - |
192 | | -### Breaking changes |
193 | | - |
194 | | -* `PowResetPassword.Plug.reset_password_token/1` has been removed |
195 | | - |
196 | | -## v1.0.1 (2019-01-27) |
197 | | - |
198 | | -* `pow.extension.ecto.gen.migrations` mix task will output warning when a migration file won't be generated for any particular extension |
199 | | -* Leading and trailing whitespace is removed from the user id field value (in addition to forced lower case) |
200 | | -* An exception is raised when `pow_routes/0` or `pow_extension_routes/0` are used inside router scopes with aliases |
201 | | -* Mail view templates assigns now has `[user: user, conn: conn]` along with the template specific assigns |
202 | | -* Mail view subject methods now gets the same assigns passed as mail view template assigns instead of only `[conn: conn]` |
203 | | -* Added `pow_registration_routes/0`, `pow_session_routes/0` and `pow_scope/1` macros to the router module |
204 | | -* Added guide on how to disable registration |
205 | | - |
206 | | -## v1.0.0 (2018-11-18) |
207 | | - |
208 | | -* Phoenix 1.4 support |
209 | | -* Ecto 3.0 support |
| 13 | +- Removed deprecated method `PowResetPassword.Ecto.Context.password_changeset/2` |
| 14 | +- Removed deprecated method `Pow.Extension.Config.underscore_extension/1` |
| 15 | +- Removed deprecated method `Mix.Pow.context_app/0` |
| 16 | +- Removed deprecated method `Mix.Pow.ensure_dep!/3` |
| 17 | +- Removed deprecated method `Mix.Pow.context_base/1` |
| 18 | +- Removed deprecated method `Mix.Pow.Ecto.Migration.create_migration_files/3` |
| 19 | +- Removed deprecated method `Pow.Ecto.Context.repo/1` |
| 20 | +- Removed deprecated method `Pow.Ecto.Context.user_schema_mod/1` |
| 21 | +- Removed deprecated method `Pow.Plug.get_mod/1` |
| 22 | +- Removed deprecated method `Pow.Store.Backend.EtsCache.put/3` |
| 23 | +- Removed deprecated method `Pow.Store.Backend.EtsCache.keys/1` |
| 24 | +- Removed deprecated method `Pow.Store.Backend.MnesiaCache.put/3` |
| 25 | +- Removed deprecated method `Pow.Store.Backend.MnesiaCache.keys/1` |
| 26 | +- Removed deprecated method `Pow.Store.Base.keys/2` |
| 27 | +- Removed deprecated method `Pow.Store.Base.put/4` |
| 28 | +- Removed deprecated method `Pow.Store.CredentialsCache.sessions/3` |
| 29 | +- Removed deprecated method `Pow.Store.CredentialsCache.user_session_keys/3` |
| 30 | +- Config fallback set with `:messages_backend_fallback` configuration option removed in `Pow.Extension.Phoenix.Controller.Base` |
| 31 | +- Removed `Pow.Phoenix.Router` no longer has backwards compatibility for routes generated with Phoenix `<= 1.4.6` |
| 32 | +- Removed deprecated Bootstrap support in `Pow.Phoenix.HTML.FormTemplate` |
| 33 | +- Removed deprecated module `Pow.Extension.Ecto.Context.Base` |
| 34 | +- `:mod` in the `:pow_config` private plug key no longer set in `Pow.Plug.Base` |
| 35 | +- Removed deprecated `:persistent_session_cookie_max_age` config option for `PowPersistentSession.Plug.Cookie` |
| 36 | +- Removed deprecated `:nodes` config option for `Pow.Store.Backend.MnesiaCache` |
| 37 | +- `Pow.Plug.Session` no longer has backwards compatibility with `<= 1.0.13` session values |
| 38 | +- `Pow.Store.Base` macro no longer adds or supports overriding the following methods: |
| 39 | + - `put/4` |
| 40 | + - `delete/3` |
| 41 | + - `get/3` |
| 42 | +- `Pow.Store.Backend.MnesiaCache` no longer removes old deprecated records |
| 43 | +- `Pow.Store.CredentialsCache` no longer handles deletion of deprecated records |
| 44 | +- `Pow.Store.Base` no longer has backwards compability with binary key cache backends |
0 commit comments