2011-12-04 17:58:19 -05:00
== 2.0.0 (unreleased)
2011-12-04 16:18:58 -05:00
2011-12-19 06:58:34 -05:00
Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0
2011-12-04 16:18:58 -05:00
* enhancements
* Add support for e-mail reconfirmation on change (by github.com/Mandaryn and github.com/heimidal)
2011-12-10 17:27:23 -05:00
* Redirect users to sign in page after unlock (by github.com/nashby)
2011-12-04 16:18:58 -05:00
2011-12-04 18:01:25 -05:00
* deprecation
* Devise.apply_schema is deprecated
2011-12-19 06:32:32 -05:00
* Devise migration helpers are deprecated
2011-12-11 14:39:41 -05:00
* Usage of Devise.remember_across_browsers was deprecated
* Usage of Devise.confirm_within was deprecated in favor Devise.allow_unconfirmed_access_for
2011-12-11 14:18:02 -05:00
* Usage of rememberable with remember_token was removed
* Usage of recoverable without reset_password_sent_at was removed
2011-12-11 14:39:41 -05:00
* Usage of Devise.case_insensitive_keys equals to false was removed
* Usage of Devise.stateless_token= is deprecated in favor of appending :token_auth to Devise.skip_session_storage
2011-12-04 18:01:25 -05:00
2011-12-19 06:58:34 -05:00
== 1.5.3
* bug fix
* Ensure delegator converts scope to symbol (by github.com/dmitriy-kiriyenko)
* Ensure passing :format => false to devise_for is not permanent
* Ensure path checker does not check invalid routes
2011-11-30 04:17:12 -05:00
== 1.5.2
2011-11-24 04:24:06 -05:00
* enhancements
2011-12-04 16:18:58 -05:00
* Add support for Rails 3.1 new mass assignment conventions (by github.com/kirs)
2011-12-11 14:18:02 -05:00
* Add timeout_in method to Timeoutable, it can be overridden in a model (by github.com/lest)
2011-11-24 04:24:06 -05:00
* bug fix
* OmniAuth error message now shows the proper option (:strategy_class instead of :klass)
2011-11-20 14:42:02 -05:00
== 1.5.1
* bug fix
* Devise should not attempt to load OmniAuth strategies. Strategies should be loaded before hand by the developer or explicitly given to Devise.
2011-11-13 16:16:21 -05:00
== 1.5.0
2011-09-29 06:52:56 -04:00
2011-10-25 12:43:34 -04:00
* enhancements
* Timeoutable also skips tracking if skip_trackable is given
2011-11-07 06:16:38 -05:00
* devise_for now accepts :failure_app as an option
* Models can select the proper mailer via devise_mailer method (by github.com/locomotivecms)
* Migration generator now uses the change method (by github.com/nashby)
2011-11-10 06:32:13 -05:00
* Support to markerb templates on the mailer generator (by github.com/sbounmy)
2011-11-10 15:37:31 -05:00
* Support for Omniauth 1.0 (older versions are no longer supported) (by github.com/TamiasSibiricus)
2011-10-25 12:43:34 -04:00
2011-09-29 06:52:56 -04:00
* bug fix
* Allow idempotent API requests
* Fix bug where logs did not show 401 as status code
2011-10-15 04:51:40 -04:00
* Change paranoid settings to behave as success instead of as failure
2011-11-05 17:47:58 -04:00
* Fix bug where activation messages were shown first than the credentials error message
2011-11-09 14:00:42 -05:00
* Instance variables are expired after sign out
2011-09-29 06:52:56 -04:00
2011-09-29 07:07:13 -04:00
* deprecation
* redirect_location is deprecated, please use after_sign_in_path_for
* after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it
2011-10-20 10:50:38 -04:00
== 1.4.9
* bug fix
* url helpers were not being set under some circumstances
2011-10-10 08:43:41 -04:00
== 1.4.8
* enhancements
* Add docs for assets pipeline and Heroku
* bug fix
* confirmation_url was not being set under some circumstances
2011-09-22 05:50:57 -04:00
== 1.4.7
* bug fix
* Fix backward incompatible change from 1.4.6 for those using custom controllers
2011-09-14 19:54:15 -04:00
== 1.4.6
* enhancements
* Allow devise_for :skip => :all
* Allow options to be passed to authenticate_user!
* Allow --skip-routes to devise generator
* Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller
2011-09-08 17:55:27 -04:00
== 1.4.5
2011-09-08 02:36:06 -04:00
* bug fix
* Failure app tries the root path if a session one does not exist
* No need to finalize Devise helpers all the time (by github.com/bradleypriest)
* Reset password shows proper message if user is not active
* `clean_up_passwords` sets the accessors to nil to skip validations
2011-08-31 10:45:12 -04:00
== 1.4.4
2011-08-31 06:02:57 -04:00
* bug fix
* Do not always skip helpers, instead provide :skip_helpers as option to trigger it manually
2011-08-30 08:35:19 -04:00
== 1.4.3
2011-08-29 08:40:10 -04:00
* enhancements
2011-08-30 08:35:19 -04:00
* Improve Rails 3.1 compatibility
2011-08-29 08:40:10 -04:00
* Use serialize_into_session and serialize_from_session in Warden serialize to improve extensibility
2011-07-01 07:23:31 -04:00
* bug fix
2011-08-30 04:50:12 -04:00
* Generator properly generates a change_table migration if a model already exists
2011-07-01 07:23:31 -04:00
* Properly deprecate setup_mail
2011-08-29 07:14:55 -04:00
* Fix encoding issues with email regexp
2011-08-29 08:31:06 -04:00
* Only generate helpers for the used mappings
* Wrap :action constraints in the proper hash
2011-08-29 07:14:55 -04:00
* deprecations
* Loosened the used email regexp to simply assert the existent of "@". If someone relies on a more strict regexp, they may use https://github.com/SixArm/sixarm_ruby_email_address_validation
2011-07-01 07:23:31 -04:00
2011-06-30 14:20:13 -04:00
== 1.4.2
2011-06-30 07:03:24 -04:00
* bug fix
2011-06-30 09:43:33 -04:00
* Provide a more robust behavior to serializers and add :force_except option
2011-06-30 07:03:24 -04:00
2011-06-27 11:16:06 -04:00
== 1.4.1
* enhancements
* Add :defaults and :format support on router
* Add simple form generators
2011-06-28 06:05:35 -04:00
* Better localization for devise_error_messages! (by github.com/zedtux)
2011-06-27 11:16:06 -04:00
2011-06-28 21:13:35 -04:00
* bug fix
2011-06-29 19:17:29 -04:00
* Ensure to_xml is properly white listened
2011-06-28 21:13:35 -04:00
* Ensure handle_unverified_request clean up any cached signed-in user
2011-06-23 08:53:05 -04:00
== 1.4.0
2011-04-19 08:24:33 -04:00
* enhancements
2011-06-23 08:42:32 -04:00
* Added authenticated and unauthenticated to the router to route the used based on his status (by github.com/sj26)
2011-04-19 08:24:33 -04:00
* Improve e-mail regexp (by github.com/rodrigoflores)
2011-06-10 05:14:08 -04:00
* Add strip_whitespace_keys and default to e-mail (by github.com/swrobel)
* Do not run format and uniqueness validations on e-mail if it hasn't changed (by github.com/Thibaut)
2011-06-22 12:01:49 -04:00
* Added update_without_password to update models but not allowing the password to change (by github.com/fschwahn)
* Added config.paranoid, check the generator for more information (by github.com/rodrigoflores)
2011-04-19 08:24:33 -04:00
2011-04-29 02:33:33 -04:00
* bug fix
* password_required? should not affect length validation
2011-04-29 02:56:35 -04:00
* User cannot access sign up and similar pages if he is already signed in through a cookie or token
2011-06-10 05:14:08 -04:00
* Do not convert booleans to strings on finders (by github.com/xavier)
2011-06-22 12:01:49 -04:00
* Run validations even if current_password fails (by github.com/crx)
* Devise now honors routes constraints (by github.com/macmartine)
2011-06-23 08:22:30 -04:00
* Do not return the user resource when requesting instructions (by github.com/rodrigoflores)
2011-04-29 02:33:33 -04:00
2011-04-29 08:17:33 -04:00
== 1.3.4
* bug fix
* Do not add formats if html or "*/*"
2011-04-21 13:20:48 -04:00
== 1.3.3
* bug fix
* Explicitly mark the token as expired if so
2011-04-21 08:00:47 -04:00
== 1.3.2
* bug fix
* Fix another regression related to reset_password_sent_at (by github.com/alexdreher)
2011-04-19 04:39:56 -04:00
== 1.3.1
2011-04-17 12:06:29 -04:00
* enhancements
* Improve failure_app responses (by github.com/indirect)
2011-04-19 04:39:56 -04:00
* sessions/new and registrations/new also respond to xml and json now
2011-04-17 12:06:29 -04:00
* bug fix
* Fix a regression that occurred if reset_password_sent_at is not present (by github.com/stevehodgkiss)
2011-04-16 07:31:50 -04:00
== 1.3.0
2011-03-30 08:10:59 -04:00
* enhancements
* All controllers can now handle different mime types than html using Responders (by github.com/sikachu)
2011-03-30 09:35:38 -04:00
* Added reset_password_within as configuration option to send the token for recovery (by github.com/jdguyot)
2011-04-15 04:58:27 -04:00
* Bump password length to 128 characters (by github.com/k33l0r)
* Add :only as option to devise_for (by github.com/timoschilling)
* Allow to override path after sending password instructions (by github.com/irohiroki)
2011-04-16 07:19:29 -04:00
* require_no_authentication has its own flash message (by github.com/jackdempsey)
2011-03-30 08:10:59 -04:00
2011-03-30 08:33:56 -04:00
* bug fix
* Fix a bug where configuration options were being included too late
2011-04-15 04:58:27 -04:00
* Ensure Devise::TestHelpers can be used to tests Devise internal controllers (by github.com/jwilger)
2011-04-16 06:54:26 -04:00
* valid_password? should not choke on empty passwords (by github.com/mikel)
2011-04-16 07:19:29 -04:00
* Calling devise more than once does not include previously added modules anymore
* downcase_keys before validation
2011-03-30 08:33:56 -04:00
* backward incompatible changes
* authentication_keys are no longer considered when creating the e-mail validations, the previous behavior was buggy. You must double check if you were relying on such behavior.
2011-03-30 08:10:59 -04:00
== 1.2.1
* enhancements
* Improve update path messages
2011-03-25 10:53:59 -04:00
== 1.2.0
2011-03-14 13:35:06 -04:00
* bug fix
* Properly ignore path prefix on omniauthable
2011-03-15 07:52:53 -04:00
* Faster uniqueness queries
2011-03-25 10:40:21 -04:00
* Rename active? to active_for_authentication? to avoid conflicts
2011-03-14 13:35:06 -04:00
2011-03-11 14:56:50 -05:00
== 1.2.rc2
2010-12-25 05:11:56 -05:00
* enhancements
2011-02-15 03:45:37 -05:00
* Make friendly_token 20 chars long
2011-02-15 05:35:24 -05:00
* Use secure_compare
2010-12-25 05:11:56 -05:00
2010-12-18 03:39:55 -05:00
* bug fix
* Fix an issue causing infinite redirects in production
2010-12-25 05:11:56 -05:00
* rails g destroy works properly with devise generators (by github.com/andmej)
2010-12-25 05:41:14 -05:00
* before_failure callbacks should work on test helpers (by github.com/twinge)
2010-12-25 06:04:04 -05:00
* rememberable cookie now is httponly by default (by github.com/JamesFerguson)
2011-02-09 04:13:08 -05:00
* Add missing confirmation_keys (by github.com/JohnPlummer)
2011-02-15 03:45:37 -05:00
* Ensure after_* hooks are called on RegistrationsController
2011-02-15 04:07:08 -05:00
* When using database_authenticatable Devise will now only create an email field when appropriate (if using default authentication_keys or custom authentication_keys with email included)
* Ensure stateless token does not trigger timeout (by github.com/pixelauthority)
2011-02-15 04:59:41 -05:00
* Implement handle_unverified_request for Rails 3.0.4 compatibility and improve FailureApp reliance on symbols
2011-02-24 15:58:51 -05:00
* Consider namespaces while generating routes
* Custom failure apps no longer ignored in test mode (by github.com/jaghion)
* Do not depend on ActiveModel::Dirty
* Manual sign_in now triggers remember token
2011-02-24 16:31:48 -05:00
* Be sure to halt strategies on failures
2011-02-25 12:20:12 -05:00
* Consider SCRIPT_NAME on Omniauth paths
2011-02-25 15:59:27 -05:00
* Reset failed attempts when lock is expired
2011-03-11 14:56:50 -05:00
* Ensure there is no Mongoid injection
2010-12-18 03:39:55 -05:00
2010-11-27 11:10:44 -05:00
* deprecations
* Deprecated anybody_signed_in? in favor of signed_in? (by github.com/gavinhughes)
2011-02-15 03:49:11 -05:00
* Removed --haml and --slim view templates
2011-02-24 15:58:51 -05:00
* Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode
2010-11-27 11:10:44 -05:00
2010-11-26 06:18:21 -05:00
== 1.2.rc
2010-08-23 08:18:39 -04:00
* deprecations
2010-09-25 15:13:54 -04:00
* cookie_domain is deprecated in favor of cookie_options
2010-09-30 03:12:00 -04:00
* after_update_path_for can no longer be defined in ApplicationController
2010-08-23 08:18:39 -04:00
2010-07-26 14:39:31 -04:00
* enhancements
2010-10-15 02:33:23 -04:00
* Added OmniAuth support
* Added ORM adapter to abstract ORM iteraction
2010-08-23 08:02:57 -04:00
* sign_out_via is available in the router to configure the method used for sign out (by github.com/martinrehfeld)
2010-08-31 17:55:25 -04:00
* Improved Ajax requests handling in failure app (by github.com/spastorino)
2010-09-25 10:10:59 -04:00
* Added request_keys to easily use request specific values (like subdomain) in authentication
2010-09-25 05:51:54 -04:00
* Increased the size of friendly_token to 60 characters (reduces the chances of a successful brute attack)
* Ensure the friendly token does not include "_" or "-" since some e-mails may not autolink it properly (by github.com/rymai)
2010-09-25 10:10:59 -04:00
* Extracted encryptors into :encryptable for better bcrypt support
* :rememberable is now able to use salt as token if no remember_token is provided
2010-09-25 11:24:42 -04:00
* Store the salt in session and expire the session if the user changes his password
2010-09-25 14:28:14 -04:00
* Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication
2010-09-25 15:13:54 -04:00
* cookie_options uses session_options values by default
2010-09-30 03:12:00 -04:00
* Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message
2010-10-10 10:46:41 -04:00
* Use ActiveModel#to_key instead of #id
* sign_out_all_scopes now destroys the whole session
2010-11-21 08:25:37 -05:00
* Added case_insensitive_keys that automatically downcases the given keys, by default downcases only e-mail (by github.com/adahl)
2010-09-30 03:12:00 -04:00
* default behavior changes
* sign_out_all_scopes defaults to true as security measure
* http authenticatable is disabled by default
2010-11-09 17:42:14 -05:00
* Devise does not intercept 401 returned from applications
2010-08-23 08:02:57 -04:00
* bugfix
* after_sign_in_path_for always receives a resource
2010-09-21 04:52:24 -04:00
* Do not execute Warden::Callbacks on Devise::TestHelpers (by github.com/sgronblo)
2010-12-28 17:00:23 -05:00
* Allow password recovery and account unlocking to change used keys (by github.com/RStankov)
2010-11-09 17:31:35 -05:00
* FailureApp now properly handles nil request.format
* Fix a bug causing FailureApp to return with HTTP Auth Headers for IE7
2010-11-20 15:41:26 -05:00
* Ensure namespaces has proper scoped views
2010-11-20 15:44:53 -05:00
* Ensure Devise does not set empty flash messages (by github.com/sxross)
2010-09-24 03:43:40 -04:00
2011-02-15 05:35:24 -05:00
== 1.1.6
* Use a more secure e-mail regexp
* Implement Rails 3.0.4 handle unverified request
* Use secure_compare to compare passwords
== 1.1.5
* bugfix
* Ensure to convert keys on indifferent hash
* defaults
* Set config.http_authenticatable to false to avoid confusion
2010-11-20 17:18:41 -05:00
== 1.1.4
* bugfix
* Avoid session fixation attacks
2010-09-24 03:43:40 -04:00
== 1.1.3
* bugfix
* Add reply-to to e-mail headers by default
* Updated the views generator to respect the rails :template_engine option (by github.com/fredwu)
* Check the type of HTTP Authentication before using Basic headers
2010-09-21 06:09:53 -04:00
* Avoid invalid_salt errors by checking salt presence (by github.com/thibaudgg)
2010-09-23 23:15:00 -04:00
* Forget user deletes the right cookie before logout, not remembering the user anymore (by github.com/emtrane)
2010-09-24 03:43:40 -04:00
* Fix for failed first-ever logins on PostgreSQL where column default is nil (by github.com/bensie)
* :default options is now honored in migrations
2010-07-26 14:39:31 -04:00
2010-08-25 07:52:04 -04:00
== 1.1.2
* bugfix
* Compatibility with latest Rails routes schema
2010-07-27 10:31:49 -04:00
== 1.1.1
* bugfix
* Fix a small bug where generated locale file was empty on devise:install
2010-07-26 14:25:28 -04:00
== 1.1.0
2010-07-04 11:34:33 -04:00
2010-06-29 22:07:08 -04:00
* enhancements
2010-06-30 06:49:41 -04:00
* Rememberable module allows user to be remembered across browsers and is enabled by default (by github.com/trevorturk)
2010-07-26 05:52:05 -04:00
* Rememberable module allows you to activate the period the remember me token is extended (by github.com/trevorturk)
2010-06-30 06:49:41 -04:00
* devise_for can now be used together with scope method in routes but with a few limitations (check the documentation)
2010-07-26 05:52:05 -04:00
* Support `as` or `devise_scope` in the router to specify controller access scope
* HTTP Basic Auth can now be disabled/enabled for xhr(ajax) requests using http_authenticatable_on_xhr option (by github.com/pellja)
2010-06-30 06:49:41 -04:00
2010-06-29 05:52:02 -04:00
* bug fix
2010-07-01 07:58:08 -04:00
* Fix a bug in Devise::TestHelpers where current_user was returning a Response object for non active accounts
* Devise should respect script_name and path_info contracts
2010-07-02 02:12:00 -04:00
* Fix a bug when accessing a path with (.:format) (by github.com/klacointe)
2010-07-12 01:24:21 -04:00
* Do not add unlock routes unless unlock strategy is email or both
2010-07-12 01:29:45 -04:00
* Email should be case insensitive
2010-07-12 01:47:20 -04:00
* Store classes as string in session, to avoid serialization and stale data issues
2010-06-29 05:52:02 -04:00
2010-07-05 19:27:20 -04:00
* deprecations
* use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead
2010-06-23 06:27:00 -04:00
== 1.1.rc2
2010-06-12 08:46:55 -04:00
* enhancements
* Allow to set cookie domain for the remember token. (by github.com/mantas)
* Added navigational formats to specify when it should return a 302 and when a 401.
* Added authenticate(scope) support in routes (by github.com/wildchild)
* Added after_update_path_for to registrations controller (by github.com/thedelchop)
2010-06-12 14:56:55 -04:00
* Allow the mailer object to be replaced through config.mailer = "MyOwnMailer"
2010-06-12 08:46:55 -04:00
* bug fix
2010-06-13 07:04:24 -04:00
* Fix a bug where session was timing out on sign out
2010-06-12 08:46:55 -04:00
* deprecations
* bcrypt is now the default encryptor
2010-06-12 14:29:43 -04:00
* devise.mailer.confirmations_instructions now should be devise.mailer.confirmations_instructions.subject
* devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject
2010-06-13 07:04:24 -04:00
* Generators now use Rails 3 syntax (devise:install) instead of devise_install
2010-06-12 08:46:55 -04:00
2010-06-29 05:52:02 -04:00
== 1.1.rc1
2010-02-16 08:31:49 -05:00
2010-02-17 06:25:20 -05:00
* enhancements
2010-06-23 06:27:00 -04:00
* Rails 3 compatibility
* All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions"
* Devise.orm is deprecated. This reduces the required API to hook your ORM with devise
* Use metal for failure app
* HTML e-mails now have proper formatting
* Allow to give :skip and :controllers in routes
* Move trackable logic to the model
* E-mails now use any template available in the filesystem. Easy to create multipart e-mails
* E-mails asks headers_for in the model to set the proper headers
* Allow to specify haml in devise_views
2010-07-04 11:22:57 -04:00
* Compatibility with Mongoid
2010-06-23 06:27:00 -04:00
* Make config.devise available on config/application.rb
* TokenAuthenticatable now works with HTTP Basic Auth
* Allow :unlock_strategy to be :none and add :lock_strategy which can be :failed_attempts or none. Setting those values to :none means that you want to handle lock and unlocking by yourself
* No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3
* :activatable is included by default in your models
2010-02-17 06:25:20 -05:00
2010-04-15 02:34:49 -04:00
* bug fix
2010-06-23 06:27:00 -04:00
* Fix a bug with STI
2010-04-15 02:34:49 -04:00
2010-02-17 06:25:20 -05:00
* deprecations
2010-06-23 06:27:00 -04:00
* Rails 3 compatible only
* Removed support for MongoMapper
* Scoped views are no longer "sessions/users/new". Now use "users/sessions/new"
* Devise.orm is deprecated, just require "devise/orm/YOUR_ORM" instead
* Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options
* All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure
* :as and :scope in routes is deprecated. Use :path and :singular instead
== 1.0.8
* enhancements
* Support for latest MongoMapper
* Added anybody_signed_in? helper (by github.com/SSDany)
* bug fix
* confirmation_required? is properly honored on active? calls. (by github.com/paulrosania)
2010-02-16 08:31:49 -05:00
2010-05-03 07:57:57 -04:00
== 1.0.7
* bug fix
* Ensure password confirmation is always required
* deprecations
* authenticatable was deprecated and renamed to database_authenticatable
* confirmable is not included by default on generation
2010-04-03 07:27:17 -04:00
== 1.0.6
* bug fix
* Do not allow unlockable strategies based on time to access a controller.
* Do not send unlockable email several times.
* Allow controller to upstram custom! failures to Warden.
2010-03-28 17:15:45 -04:00
== 1.0.5
* bug fix
* Use prepend_before_filter in require_no_authentication.
* require_no_authentication on unlockable.
* Fix a bug when giving an association proxy to devise.
* Do not use lock! on lockable since it's part of ActiveRecord API.
2010-03-03 06:25:28 -05:00
== 1.0.4
* bug fix
* Fixed a bug when deleting an account with rememberable
* Fixed a bug with custom controllers
2010-02-23 09:51:29 -05:00
== 1.0.3
* enhancements
* HTML e-mails now have proper formatting
* Do not remove MongoMapper options in find
2010-02-17 15:40:01 -05:00
== 1.0.2
* enhancements
* Allows you set mailer content type (by github.com/glennr)
* bug fix
* Uses the same content type as request on http authenticatable 401 responses
2010-02-15 08:15:24 -05:00
== 1.0.1
* enhancements
* HttpAuthenticatable is not added by default automatically.
* Avoid mass assignment error messages with current password.
* bug fix
* Fixed encryptors autoload
2010-02-08 20:17:20 -05:00
== 1.0.0
2010-02-08 14:38:47 -05:00
* deprecation
* :old_password in update_with_password is deprecated, use :current_password instead
2010-02-06 04:06:22 -05:00
* enhancements
2010-02-08 11:33:22 -05:00
* Added Registerable
2010-02-06 04:06:22 -05:00
* Added Http Basic Authentication support
2010-02-08 11:33:22 -05:00
* Allow scoped_views to be customized per controller/mailer class
2010-02-08 18:26:26 -05:00
* [#99] Allow authenticatable to used in change_table statements
2010-02-06 04:06:22 -05:00
2010-02-05 15:37:28 -05:00
== 0.9.2
* bug fix
* Ensure inactive user cannot sign in
* Ensure redirect to proper url after sign up
2010-02-02 07:21:00 -05:00
* enhancements
* Added gemspec to repo
* Added token authenticatable (by github.com/grimen)
2010-01-25 14:19:47 -05:00
== 0.9.1
* bug fix
* Allow bigger salt size (by github.com/jgeiger)
* Fix relative url root
2010-01-21 09:30:13 -05:00
== 0.9.0
2010-01-13 13:51:20 -05:00
* deprecation
* devise :all is deprecated
2010-01-21 03:15:07 -05:00
* :success and :failure flash messages are now :notice and :alert
2010-01-13 13:51:20 -05:00
2010-01-13 12:27:26 -05:00
* enhancements
2010-01-21 03:15:07 -05:00
* Added devise lockable (by github.com/mhfs)
2010-01-14 09:53:17 -05:00
* Warden 0.9.0 compatibility
2010-01-16 05:22:09 -05:00
* Mongomapper 0.6.10 compatibility
2010-01-21 03:15:07 -05:00
* Added Devise.add_module as hooks for extensions (by github.com/grimen)
* Ruby 1.9.1 compatibility (by github.com/grimen)
2010-01-13 12:27:26 -05:00
2010-01-16 08:39:05 -05:00
* bug fix
* Accept path prefix not starting with slash
2010-01-19 11:19:40 -05:00
* url helpers should rely on find_scope!
2010-01-16 08:39:05 -05:00
2010-01-13 11:46:16 -05:00
== 0.8.2
* enhancements
2010-01-21 03:15:07 -05:00
* Allow Devise.mailer_sender to be a proc (by github.com/grimen)
2010-01-13 11:46:16 -05:00
2010-01-13 11:45:02 -05:00
* bug fix
2010-01-21 03:15:07 -05:00
* Fix bug with passenger, update is required to anyone deploying on passenger (by github.com/dvdpalm)
2010-01-13 11:45:02 -05:00
2010-01-12 10:54:58 -05:00
== 0.8.1
2010-01-08 17:19:57 -05:00
* enhancements
* Move salt to encryptors
2010-01-09 08:41:28 -05:00
* Devise::Lockable
2010-01-09 10:36:04 -05:00
* Moved view links into partial and I18n'ed them
2010-01-08 17:19:57 -05:00
* bug fix
* Bcrypt generator was not being loaded neither setting the proper salt
== 0.8.0
2010-01-05 10:01:16 -05:00
* enhancements
* Warden 0.8.0 compatibility
2010-01-07 16:37:47 -05:00
* Add an easy for map.connect "sign_in", :controller => "sessions", :action => "new" to work
* Added :bcrypt encryptor (by github.com/capotej)
2010-01-05 10:01:16 -05:00
2010-01-07 16:50:01 -05:00
* bug fix
* sign_in_count is also increased when user signs in via password change, confirmation, etc..
* More DataMapper compatibility (by github.com/lancecarlson)
2010-01-05 10:01:16 -05:00
* deprecation
* Removed DeviseMailer.sender
2010-01-02 04:12:04 -05:00
== 0.7.5
* enhancements
* Set a default value for mailer to avoid find_template issues
* Add models configuration to MongoMapper::EmbeddedDocument as well
== 0.7.4
2009-12-20 07:53:53 -05:00
* enhancements
* Extract Activatable from Confirmable
* Decouple Serializers from Devise modules
2009-12-15 19:29:19 -05:00
== 0.7.3
2009-12-15 19:28:43 -05:00
* bug fix
* Give scope to the proper model validation
2009-12-14 19:20:59 -05:00
* enhancements
2009-12-14 19:32:40 -05:00
* Mail views are scoped as well
2009-12-14 20:03:56 -05:00
* Added update_with_password for authenticatable
2009-12-15 12:48:51 -05:00
* Allow render_with_scope to accept :controller option
2009-12-14 19:20:59 -05:00
2009-12-14 19:05:46 -05:00
== 0.7.2
2009-12-14 19:04:47 -05:00
* deprecation
* Renamed reset_confirmation! to resend_confirmation!
* Copying locale is part of the installation process
2009-12-14 16:48:15 -05:00
* bug fix
* Fixed render_with_scope to work with all controllers
* Allow sign in with two different users in Devise::TestHelpers
2009-12-08 17:39:38 -05:00
== 0.7.1
* enhancements
* Small enhancements for other plugins compatibility (by github.com/grimen)
2009-12-07 18:00:44 -05:00
== 0.7.0
* deprecations
* :authenticatable is not included by default anymore
* enhancements
* Improve loading process
* Extract SessionSerializer from Authenticatable
2009-12-02 13:41:00 -05:00
== 0.6.3
* bug fix
* Added trackable to migrations
2009-12-02 14:51:34 -05:00
* Allow inflections to work
2009-12-02 13:41:00 -05:00
2009-11-24 20:20:35 -05:00
== 0.6.2
2009-11-24 12:29:46 -05:00
* enhancements
2009-11-24 20:20:35 -05:00
* More DataMapper compatibility
2009-11-24 12:29:46 -05:00
* Devise::Trackable - track sign in count, timestamps and ips
2009-11-23 21:09:34 -05:00
== 0.6.1
2009-11-23 20:56:57 -05:00
* enhancements
* Devise::Timeoutable - timeout sessions without activity
2009-11-23 21:09:34 -05:00
* DataMapper now accepts conditions
2009-11-23 20:56:57 -05:00
2009-11-22 20:14:45 -05:00
== 0.6.0
* deprecations
2009-12-07 18:00:44 -05:00
* :authenticatable is still included by default, but yields a deprecation warning
2009-11-22 20:14:45 -05:00
2009-11-21 21:24:34 -05:00
* enhancements
2009-11-22 06:14:58 -05:00
* Added DataMapper support
2009-11-21 21:49:23 -05:00
* Remove store_location from authenticatable strategy and add it to failure app
* Allow a strategy to be placed after authenticatable
2009-11-21 21:24:34 -05:00
* [#45] Do not rely attribute? methods, since they are not added on Datamapper
2009-11-21 17:08:14 -05:00
== 0.5.6
2009-11-21 08:58:02 -05:00
* enhancements
* [#42] Do not send nil to build (DataMapper compatibility)
2009-11-21 17:07:37 -05:00
* [#44] Allow to have scoped views
2009-11-21 08:58:02 -05:00
2009-11-19 17:55:40 -05:00
== 0.5.5
* enhancements
* Allow overwriting find for authentication method
* [#38] Remove Ruby 1.8.7 dependency
2009-11-19 10:14:02 -05:00
== 0.5.4
2009-11-19 10:09:05 -05:00
* deprecations
* Deprecate :singular in devise_for and use :scope instead
2009-11-19 08:16:31 -05:00
* enhancements
* [#37] Create after_sign_in_path_for and after_sign_out_path_for hooks to be
overwriten in ApplicationController
* Create sign_in_and_redirect and sign_out_and_redirect helpers
2009-11-19 10:09:05 -05:00
* Warden::Manager.default_scope is automatically configured to the first given scope
2009-11-19 08:16:31 -05:00
2009-11-18 08:22:35 -05:00
== 0.5.3
2009-11-18 06:41:42 -05:00
* bug fix
* MongoMapper now converts DateTime to Time
2009-11-18 08:22:35 -05:00
* Ensure all controllers are unloadable
2009-11-18 06:41:42 -05:00
2009-11-18 06:26:47 -05:00
* enhancements
* [#35] Moved friendly_token to Devise
* Added Devise.all, so you can freeze your app strategies
2009-11-18 06:41:42 -05:00
* Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper
in cases you don't want it be handlded automatically
2009-11-18 06:26:47 -05:00
2009-11-16 12:08:53 -05:00
== 0.5.2
2009-11-15 09:19:16 -05:00
* enhancements
* [#28] Improved sign_in and sign_out helpers to accepts resources
* [#28] Added stored_location_for as a helper
2009-11-16 11:58:14 -05:00
* [#20] Added test helpers
2009-11-15 09:19:16 -05:00
2009-11-15 07:41:42 -05:00
== 0.5.1
2009-11-15 00:31:13 -05:00
* enhancements
2009-11-16 11:58:14 -05:00
* Added serializers based on Warden ones
* Allow authentication keys to be set
2009-11-15 00:31:13 -05:00
2009-11-13 19:34:50 -05:00
== 0.5.0
2009-11-13 19:33:00 -05:00
* bug fix
* Fixed a bug where remember me module was not working properly
2009-11-10 10:42:52 -05:00
* enhancements
2009-11-10 15:55:13 -05:00
* Moved encryption strategy into the Encryptors module to allow several algorithms (by github.com/mhfs)
* Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by github.com/mhfs)
2009-11-13 19:34:50 -05:00
* Added support for MongoMapper (by github.com/shingara)
2009-11-10 10:42:52 -05:00
2009-11-09 21:00:40 -05:00
== 0.4.3
* bug fix
2009-11-15 07:41:42 -05:00
* [#29] Authentication just fails if user cannot be serialized from session, without raising errors;
2009-11-09 21:00:40 -05:00
* Default configuration values should not overwrite user values;
2009-11-06 11:56:06 -05:00
== 0.4.2
2009-11-06 06:40:38 -05:00
* deprecations
* Renamed mail_sender to mailer_sender
2009-11-06 06:33:18 -05:00
* enhancements
* skip_before_filter added in Devise controllers
* Use home_or_root_path on require_no_authentication as well
* Added devise_controller?, useful to select or reject filters in ApplicationController
2009-11-19 11:00:15 -05:00
* Allow :path_prefix to be given to devise_for
2009-11-06 17:59:36 -05:00
* Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported)
2009-11-06 06:33:18 -05:00
2009-11-03 19:34:37 -05:00
== 0.4.1
* bug fix
* [#21] Ensure options can be set even if models were not loaded
== 0.4.0
2009-10-30 19:51:50 -04:00
* deprecations
2009-11-02 20:14:27 -05:00
* Notifier is deprecated, use DeviseMailer instead. Remember to rename
app/views/notifier to app/views/devise_mailer and I18n key from
devise.notifier to devise.mailer
2009-11-03 07:20:22 -05:00
* :authenticable calls are deprecated, use :authenticatable instead
2009-10-30 19:51:50 -04:00
2009-11-03 07:20:22 -05:00
* enhancements
2009-11-03 19:34:37 -05:00
* [#16] Allow devise to be more agnostic and do not require ActiveRecord to be loaded
2009-11-03 07:11:36 -05:00
* Allow Warden::Manager to be configured through Devise
* Created a generator which creates an initializer
2009-11-02 20:14:27 -05:00
2009-10-30 19:51:50 -04:00
== 0.3.0
2009-10-30 05:33:55 -04:00
* bug fix
* [#15] Allow yml messages to be configured by not using engine locales
2009-10-30 05:23:47 -04:00
* deprecations
* Renamed confirm_in to confirm_within
2009-10-30 05:49:18 -04:00
* [#14] Do not send confirmation messages when user changes his e-mail
2009-10-30 06:29:10 -04:00
* [#13] Renamed authenticable to authenticatable and added deprecation warnings
2009-10-30 05:23:47 -04:00
2009-10-29 11:10:13 -04:00
== 0.2.3
2009-10-29 06:29:31 -04:00
* enhancements
* Ensure fail! works inside strategies
2009-10-29 11:10:13 -04:00
* [#12] Make unauthenticated message (when you haven't signed in) different from invalid message
2009-10-29 06:29:31 -04:00
* bug fix
* Do not redirect on invalid authenticate
2009-10-29 06:31:14 -04:00
* Allow model configuration to be set to nil
2009-10-29 06:29:31 -04:00
2009-10-28 06:33:20 -04:00
== 0.2.2
* bug fix
* [#9] Fix a bug when using customized resources
2009-10-27 20:12:49 -04:00
== 0.2.1
* refactor
* Clean devise_views generator to use devise existing views
* enhancements
* [#7] Create instance variables (like @user) for each devise controller
* Use Devise::Controller::Helpers only internally
* bug fix
* [#6] Fix a bug with Mongrel and Ruby 1.8.6
2009-10-24 19:05:30 -04:00
== 0.2.0
2009-10-22 06:45:18 -04:00
2009-10-23 08:13:23 -04:00
* enhancements
* [#4] Allow option :null => true in authenticable migration
* [#3] Remove attr_accessible calls from devise modules
* Customizable time frame for rememberable with :remember_for config
* Customizable time frame for confirmable with :confirm_in config
2009-10-23 09:21:47 -04:00
* Generators for creating a resource and copy views
2009-10-22 06:45:18 -04:00
2009-10-22 15:30:00 -04:00
* optimize
* Do not load hooks or strategies if they are not used
2009-10-23 08:13:23 -04:00
* bug fixes
* [#2] Fixed requiring devise strategies
2009-10-22 18:25:29 -04:00
2009-10-22 06:45:18 -04:00
== 0.1.1
* bug fixes
2009-10-23 08:13:23 -04:00
* [#1] Fixed requiring devise mapping
2009-10-22 06:45:18 -04:00
== 0.1.0
2009-10-22 15:30:00 -04:00
* Devise::Authenticable
* Devise::Confirmable
* Devise::Recoverable
* Devise::Validatable
* Devise::Migratable
* Devise::Rememberable
* SessionsController
* PasswordsController
* ConfirmationsController
* Create an example app
* devise :all, :except => :rememberable
* Use sign_in and sign_out in SessionsController
* Mailer subjects namespaced by model
* Allow stretches and pepper per model
* Store session[:return_to] in session
* Sign user in automatically after confirming or changing it's password