2016-05-02 22:51:49 -04:00
### 4.1.0
2016-02-10 19:45:18 -05:00
2016-05-02 21:33:51 -04:00
* bug fixes
* Fix race condition of sending the confirmation instructions e-mail using background jobs.
Using the previous `after_create` callback, the e-mail can be sent before
the record be committed on database, generating a `ActiveRecord::NotFound` error.
Now the confirmation e-mail will be only sent after the database commit,
using the `after_commit` callback.
It may break your test suite on Rails 4 if you are testing the sent e-mails
or enqueued jobs using transactional fixtures enabled or `DatabaseCleaner` with `transaction` strategy.
You can easily fix your test suite using the gem
[test_after_commit ](https://github.com/grosser/test_after_commit ). For example, put in your Gemfile:
```ruby
gem 'test_after_commit', :group => :test
```
On Rails 5 `after_commit` callbacks are triggered even using transactional
fixtures, then this fix will not break your test suite. If you are using `DatabaseCleaner` with the `deletion` or `truncation` strategies it may not break your tests. (by @allenwq )
* Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none` and
`:undefined` strategies. (by @f3ndot )
2016-04-26 10:32:15 -04:00
* features
* Humanize authentication keys in failure flash message (by @byzg )
When you are configuring the translations of `devise.failure.invalid` , the
`authentication_keys` is translated now.
* deprecations
* Remove code supporting old session serialization format (by @fphilipe ).
* Now the `email_regexp` default uses a more permissive regex:
`/\A[^@\s]+@[^@\s]+\z/` (by @kimgb )
2016-05-02 21:33:51 -04:00
* Now the `strip_whitespace_keys` default is `[:email]` (by @ulissesalmeida )
* Now the `reconfirmable` default is `true` (by @ulissesalmeida )
* Now the `skip_session_storage` default is `[:http_auth]` (by @ulissesalmeida )
* Now the `sign_out_via` default is `:delete` (by @ulissesalmeida )
* improvements
* Avoids extra computation of friendly token for confirmation token (by @sbc100 )
2016-04-26 10:10:55 -04:00
2016-05-02 22:51:49 -04:00
### 4.0.2 - 2016-05-02
* bug fixes
* Fix strategy checking in `Lockable#unlock_strategy_enabled?` for `:none`
and `:undefined` strategies. (by @f3ndot )
2016-04-25 16:06:05 -04:00
### 4.0.1 - 2016-04-25
* bug fixes
* Fix the e-mail confirmation instructions send when a user updates the email
address from nil. (by @lmduc )
* Remove unnecessary `attribute_will_change!` call. (by @cadejscroggins )
* Consistent `permit!` check. (by @ulissesalmeida )
2016-04-18 10:52:49 -04:00
### 4.0.0 - 2016-04-18
2016-04-18 10:46:21 -04:00
* bug fixes
* Fix the `extend_remember_period` configuration. When set to `false` it does
not update the cookie expiration anymore.(by @ulissesalmeida )
2016-03-23 14:57:56 -04:00
* deprecations
2016-04-18 10:46:21 -04:00
* Added a warning of default value change in Devise 4.1 for users that uses
the the default configuration of the following configurations: (by @ulissesalmeida )
* `strip_whitespace_keys` - The default will be `[:email]` .
* `skip_session_storage` - The default will be `[:http_auth]` .
* `sign_out_via` - The default will be `:delete` .
* `reconfirmable` - The default will be `true` .
* `email_regexp` - The default will be `/\A[^@\s]+@[^@\s]+\z/` .
* Removed deprecated argument of `Devise::Models::Rememberable#remember_me!` (by @ulissesalmeida )
* Removed deprecated private method Devise::Controllers::Helpers#expire_session_data_after_sign_in!
2016-03-23 14:57:56 -04:00
(by @bogdanvlviv )
2016-03-09 09:34:14 -05:00
### 4.0.0.rc2 - 2016-03-09
2016-02-10 19:45:18 -05:00
* enhancements
2016-02-15 07:19:08 -05:00
* Introduced `DeviseController#set_flash_message!` for conditional flash
messages setting to reduce complexity.
* `rails g devise:install` will fail if the app does not have a ORM configured
(by @arjunsharma )
2016-03-09 09:00:04 -05:00
* Support to Rails 5 versioned migrations added.
* deprecations
* omniauth routes are no longer defined with a wildcard `:provider` parameter,
and provider specific routes are defined instead, so route helpers like `user_omniauth_authorize_path(:github)` are deprecated in favor of `user_github_authorize_path` .
You can still use `omniauth_authorize_path(:user, :github)` if you need to
call the helpers dynamically.
2016-02-10 19:45:18 -05:00
2016-02-01 06:20:42 -05:00
### 4.0.0.rc1 - 2016-01-02
2015-06-24 12:13:06 -04:00
2015-12-15 08:48:41 -05:00
* Support added to Rails 5 (by @twalpole ).
* Devise no longer supports Rails 3.2 and 4.0.
* Devise no longer supports Ruby 1.9 and 2.0.
2015-12-10 11:36:34 -05:00
2016-02-01 06:20:42 -05:00
* deprecations
* The `devise_parameter_sanitize` API has changed:
The `for` method was deprecated in favor of `permit` :
```ruby
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) < < :subscribe_newsletter
# Should become the following.
devise_parameter_sanitizer.permit(:sign_up, keys: [:subscribe_newsletter])
end
```
The customization through instance methods on the sanitizer implementation
should be done through it's `initialize` method:
```ruby
class User::ParameterSanitizer < Devise::ParameterSanitizer
def sign_up
default_params.permit(:username, :email)
end
end
# The `sign_up` method can be a `permit` call on the sanitizer `initialize` .
class User::ParameterSanitizer < Devise::ParameterSanitizer
def initialize(*)
super
permit(:sign_up, keys: [:username, :email])
end
end
```
You can check more examples and explanations on the [README section ](/plataformatec/devise#strong-parameters )
and on the [ParameterSanitizer docs ](lib/devise/parameter_sanitizer.rb ).
Please check [3-stable ](https://github.com/plataformatec/devise/blob/3-stable/CHANGELOG.md )
for previous changes.