diff --git a/CHANGELOG.md b/CHANGELOG.md index d81d2a70..a5247ec8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,9 @@ -== 3.2.0-dev +### 3.2.0-dev * enhancements * Previously deprecated token authenticatable and insecure lookups have been removed -== 3.1.0 +### 3.1.0 Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-with-more-secure-defaults/ @@ -26,12 +26,12 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/devise-3-1-now-w * Do not compare directly against confirmation, unlock and reset password tokens * Skip storage for cookies on unverified requests -== 3.0.2 +### 3.0.2 * bug fix * Skip storage for cookies on unverified requests -== 3.0.1 +### 3.0.1 Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixation-attacks-in-devise/ @@ -42,7 +42,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * When using rails 3.2, the generator adds 'attr_accessible' to the model (by @jcoyne) * Clean up CSRF token after authentication (by @homakov). Notice this change will clean up the CSRF Token after authentication (sign in, sign up, etc). So if you are using AJAX for such features, you will need to fetch a new CSRF token from the server. -== 3.0.0 +### 3.0.0 * enhancements * Rails 4 and Strong Parameters compatibility (by @carlosantoniodasilva, @josevalim, @latortuga, @lucasmazza, @nashby, @rafaelfranca, @spastorino) @@ -55,7 +55,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * backwards incompatible changes * Changes on session storage will expire all existing sessions on upgrade. For those storing the session in the DB, they can be upgraded according to this gist: https://gist.github.com/moll/6417606 -== 2.2.4 +### 2.2.4 * enhancements * Add `destroy_with_password` to `DatabaseAuthenticatable`. Allows destroying a record when `:current_password` matches, similarly to how `update_with_password` works. (by @michiel3) @@ -71,25 +71,25 @@ Security announcement: http://blog.plataformatec.com.br/2013/08/csrf-token-fixat * Fix inheriting mailer templates from `Devise::Mailer` * Fix a bug when procs are used as default mailer in Devise (by @tomasv) -== 2.2.3 +### 2.2.3 Security announcement: http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/ * bug fix * Require string conversion for all values -== 2.2.2 +### 2.2.2 * bug fix * Fix bug when checking for reconfirmable in templates -== 2.2.1 +### 2.2.1 * bug fix * Fix regression with case_insensitive_keys * Fix regression when password is blank when it is invalid -== 2.2.0 +### 2.2.0 * backwards incompatible changes * `headers_for` is deprecated, customize the mailer directly instead @@ -120,7 +120,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * `update_with_password` doesn't change encrypted password when it is invalid (by @nashby) * Properly handle namespaced models on Active Record generator (by @nashby) -== 2.1.2 +### 2.1.2 * enhancements * Handle backwards incompatibility between Rails 3.2.6 and Thor 0.15.x @@ -128,7 +128,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * bug fix * Fix regression on strategy validation on previous release -== 2.1.1 (yanked) +### 2.1.1 (yanked) * enhancements * `sign_out_all_scopes` now locks warden and does not allow new logins in the same action @@ -145,7 +145,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * deprecations * Strategy#validate() no longer validates nil resources -== 2.1.0 +### 2.1.0 * enhancements * Add `check_fields!(model_class)` method on Devise::Models to check if the model includes the fields that Devise uses @@ -172,7 +172,7 @@ Security announcement: http://blog.plataformatec.com.br/2013/01/security-announc * Return `head :no_content` in SessionsController now that most JS libraries handle it (by @julianvargasalvarez) * Reverted moving devise/shared/_links.erb to devise/_links.erb -== 2.0.4 +### 2.0.4 Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0 @@ -180,7 +180,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fix when :host is used with devise_for (by @mreinsch) * Fix a regression that caused Warden to be initialized too late -== 2.0.3 (yanked) +### 2.0.3 (yanked) * bug fix * Ensure warning is not shown by mistake on apps with mounted engines @@ -188,7 +188,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure serializable_hash does not depend on accessible attributes * Ensure that timeout callback does not run on sign out action -== 2.0.2 +### 2.0.2 * enhancements * Add devise_i18n_options to customize I18n message @@ -200,7 +200,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Show a warning in case someone gives a pluralized name to devise generator * Fix test behavior for rspec subject requests (by @sj26) -== 2.0.1 +### 2.0.1 * enhancements * Improved error messages on deprecation warnings @@ -209,7 +209,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Removed tmp and log files from gem -== 2.0.0 +### 2.0.0 * enhancements * Add support for e-mail reconfirmation on change (by @Mandaryn and @heimidal) @@ -235,14 +235,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Deprecated support to devise.registrations.reasons and devise.registrations.inactive_signed_up in favor of devise.registrations.signed_up_but_* * Protected method render_with_scope was removed. -== 1.5.3 +### 1.5.3 * bug fix * Ensure delegator converts scope to symbol (by @dmitriy-kiriyenko) * Ensure passing :format => false to devise_for is not permanent * Ensure path checker does not check invalid routes -== 1.5.2 +### 1.5.2 * enhancements * Add support for Rails 3.1 new mass assignment conventions (by @kirs) @@ -251,12 +251,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * OmniAuth error message now shows the proper option (:strategy_class instead of :klass) -== 1.5.1 +### 1.5.1 * bug fix * Devise should not attempt to load OmniAuth strategies. Strategies should be loaded before hand by the developer or explicitly given to Devise. -== 1.5.0 +### 1.5.0 * enhancements * Timeoutable also skips tracking if skip_trackable is given @@ -277,12 +277,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * redirect_location is deprecated, please use after_sign_in_path_for * after_sign_in_path_for now redirects to session[scope_return_to] if any value is stored in it -== 1.4.9 +### 1.4.9 * bug fix * url helpers were not being set under some circumstances -== 1.4.8 +### 1.4.8 * enhancements * Add docs for assets pipeline and Heroku @@ -290,12 +290,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * confirmation_url was not being set under some circumstances -== 1.4.7 +### 1.4.7 * bug fix * Fix backward incompatible change from 1.4.6 for those using custom controllers -== 1.4.6 (yanked) +### 1.4.6 (yanked) * enhancements * Allow devise_for :skip => :all @@ -303,7 +303,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow --skip-routes to devise generator * Add allow_params_authentication! to make it explicit when params authentication is allowed in a controller -== 1.4.5 +### 1.4.5 * bug fix * Failure app tries the root path if a session one does not exist @@ -311,12 +311,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Reset password shows proper message if user is not active * `clean_up_passwords` sets the accessors to nil to skip validations -== 1.4.4 +### 1.4.4 * bug fix * Do not always skip helpers, instead provide :skip_helpers as option to trigger it manually -== 1.4.3 +### 1.4.3 * enhancements * Improve Rails 3.1 compatibility @@ -332,12 +332,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecations * Loosened the used email regexp to simply assert the existent of "@". If someone relies on a more strict regexp, they may use https://github.com/SixArm/sixarm_ruby_email_address_validation -== 1.4.2 +### 1.4.2 * bug fix * Provide a more robust behavior to serializers and add :force_except option -== 1.4.1 +### 1.4.1 * enhancements * Add :defaults and :format support on router @@ -348,7 +348,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure to_xml is properly white listened * Ensure handle_unverified_request clean up any cached signed-in user -== 1.4.0 +### 1.4.0 * enhancements * Added authenticated and unauthenticated to the router to route the used based on his status (by @sj26) @@ -366,22 +366,22 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Devise now honors routes constraints (by @macmartine) * Do not return the user resource when requesting instructions (by @rodrigoflores) -== 1.3.4 +### 1.3.4 * bug fix * Do not add formats if html or "*/*" -== 1.3.3 +### 1.3.3 * bug fix * Explicitly mark the token as expired if so -== 1.3.2 +### 1.3.2 * bug fix * Fix another regression related to reset_password_sent_at (by @alexdreher) -== 1.3.1 +### 1.3.1 * enhancements * Improve failure_app responses (by @indirect) @@ -390,7 +390,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fix a regression that occurred if reset_password_sent_at is not present (by @stevehodgkiss) -== 1.3.0 +### 1.3.0 * enhancements * All controllers can now handle different mime types than html using Responders (by @sikachu) @@ -410,19 +410,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * backward incompatible changes * authentication_keys are no longer considered when creating the e-mail validations, the previous behavior was buggy. You must double check if you were relying on such behavior. -== 1.2.1 +### 1.2.1 * enhancements * Improve update path messages -== 1.2.0 +### 1.2.0 * bug fix * Properly ignore path prefix on omniauthable * Faster uniqueness queries * Rename active? to active_for_authentication? to avoid conflicts -== 1.2.rc2 +### 1.2.rc2 * enhancements * Make friendly_token 20 chars long @@ -452,7 +452,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Removed --haml and --slim view templates * Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode -== 1.2.rc +### 1.2.rc * deprecations * cookie_domain is deprecated in favor of cookie_options @@ -490,13 +490,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Ensure namespaces has proper scoped views * Ensure Devise does not set empty flash messages (by @sxross) -== 1.1.6 +### 1.1.6 * Use a more secure e-mail regexp * Implement Rails 3.0.4 handle unverified request * Use secure_compare to compare passwords -== 1.1.5 +### 1.1.5 * bugfix * Ensure to convert keys on indifferent hash @@ -504,12 +504,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * defaults * Set config.http_authenticatable to false to avoid confusion -== 1.1.4 +### 1.1.4 * bugfix * Avoid session fixation attacks -== 1.1.3 +### 1.1.3 * bugfix * Add reply-to to e-mail headers by default @@ -520,17 +520,17 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fix for failed first-ever logins on PostgreSQL where column default is nil (by @bensie) * :default options is now honored in migrations -== 1.1.2 +### 1.1.2 * bugfix * Compatibility with latest Rails routes schema -== 1.1.1 +### 1.1.1 * bugfix * Fix a small bug where generated locale file was empty on devise:install -== 1.1.0 +### 1.1.0 * enhancements * Rememberable module allows user to be remembered across browsers and is enabled by default (by @trevorturk) @@ -550,7 +550,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecations * use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead -== 1.1.rc2 +### 1.1.rc2 * enhancements * Allow to set cookie domain for the remember token. (by @mantas) @@ -568,7 +568,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject * Generators now use Rails 3 syntax (devise:install) instead of devise_install -== 1.1.rc1 +### 1.1.rc1 * enhancements * Rails 3 compatibility @@ -600,7 +600,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure * :as and :scope in routes is deprecated. Use :path and :singular instead -== 1.0.8 +### 1.0.8 * enhancements * Support for latest MongoMapper @@ -609,7 +609,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * confirmation_required? is properly honored on active? calls. (by @paulrosania) -== 1.0.7 +### 1.0.7 * bug fix * Ensure password confirmation is always required @@ -618,14 +618,14 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * authenticatable was deprecated and renamed to database_authenticatable * confirmable is not included by default on generation -== 1.0.6 +### 1.0.6 * bug fix * Do not allow unlockable strategies based on time to access a controller. * Do not send unlockable email several times. * Allow controller to upstram custom! failures to Warden. -== 1.0.5 +### 1.0.5 * bug fix * Use prepend_before_filter in require_no_authentication. @@ -633,19 +633,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fix a bug when giving an association proxy to devise. * Do not use lock! on lockable since it's part of ActiveRecord API. -== 1.0.4 +### 1.0.4 * bug fix * Fixed a bug when deleting an account with rememberable * Fixed a bug with custom controllers -== 1.0.3 +### 1.0.3 * enhancements * HTML e-mails now have proper formatting * Do not remove MongoMapper options in find -== 1.0.2 +### 1.0.2 * enhancements * Allows you set mailer content type (by @glennr) @@ -653,7 +653,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Uses the same content type as request on http authenticatable 401 responses -== 1.0.1 +### 1.0.1 * enhancements * HttpAuthenticatable is not added by default automatically. @@ -662,7 +662,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fixed encryptors autoload -== 1.0.0 +### 1.0.0 * deprecation * :old_password in update_with_password is deprecated, use :current_password instead @@ -673,7 +673,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow scoped_views to be customized per controller/mailer class * Allow authenticatable to used in change_table statements -== 0.9.2 +### 0.9.2 * bug fix * Ensure inactive user cannot sign in @@ -683,13 +683,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added gemspec to repo * Added token authenticatable (by @grimen) -== 0.9.1 +### 0.9.1 * bug fix * Allow bigger salt size (by @jgeiger) * Fix relative url root -== 0.9.0 +### 0.9.0 * deprecation * devise :all is deprecated @@ -706,7 +706,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Accept path prefix not starting with slash * url helpers should rely on find_scope! -== 0.8.2 +### 0.8.2 * enhancements * Allow Devise.mailer_sender to be a proc (by @grimen) @@ -714,7 +714,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fix bug with passenger, update is required to anyone deploying on passenger (by @dvdpalm) -== 0.8.1 +### 0.8.1 * enhancements * Move salt to encryptors @@ -724,7 +724,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Bcrypt generator was not being loaded neither setting the proper salt -== 0.8.0 +### 0.8.0 * enhancements * Warden 0.8.0 compatibility @@ -738,19 +738,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * deprecation * Removed DeviseMailer.sender -== 0.7.5 +### 0.7.5 * enhancements * Set a default value for mailer to avoid find_template issues * Add models configuration to MongoMapper::EmbeddedDocument as well -== 0.7.4 +### 0.7.4 * enhancements * Extract Activatable from Confirmable * Decouple Serializers from Devise modules -== 0.7.3 +### 0.7.3 * bug fix * Give scope to the proper model validation @@ -760,7 +760,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added update_with_password for authenticatable * Allow render_with_scope to accept :controller option -== 0.7.2 +### 0.7.2 * deprecation * Renamed reset_confirmation! to resend_confirmation! @@ -770,12 +770,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Fixed render_with_scope to work with all controllers * Allow sign in with two different users in Devise::TestHelpers -== 0.7.1 +### 0.7.1 * enhancements * Small enhancements for other plugins compatibility (by @grimen) -== 0.7.0 +### 0.7.0 * deprecations * :authenticatable is not included by default anymore @@ -784,25 +784,25 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Improve loading process * Extract SessionSerializer from Authenticatable -== 0.6.3 +### 0.6.3 * bug fix * Added trackable to migrations * Allow inflections to work -== 0.6.2 +### 0.6.2 * enhancements * More DataMapper compatibility * Devise::Trackable - track sign in count, timestamps and ips -== 0.6.1 +### 0.6.1 * enhancements * Devise::Timeoutable - timeout sessions without activity * DataMapper now accepts conditions -== 0.6.0 +### 0.6.0 * deprecations * :authenticatable is still included by default, but yields a deprecation warning @@ -813,19 +813,19 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow a strategy to be placed after authenticatable * Do not rely attribute? methods, since they are not added on Datamapper -== 0.5.6 +### 0.5.6 * enhancements * Do not send nil to build (DataMapper compatibility) * Allow to have scoped views -== 0.5.5 +### 0.5.5 * enhancements * Allow overwriting find for authentication method * Remove Ruby 1.8.7 dependency -== 0.5.4 +### 0.5.4 * deprecations * Deprecate :singular in devise_for and use :scope instead @@ -836,7 +836,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Create sign_in_and_redirect and sign_out_and_redirect helpers * Warden::Manager.default_scope is automatically configured to the first given scope -== 0.5.3 +### 0.5.3 * bug fix * MongoMapper now converts DateTime to Time @@ -848,20 +848,20 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper in cases you don't want it be handlded automatically -== 0.5.2 +### 0.5.2 * enhancements * Improved sign_in and sign_out helpers to accepts resources * Added stored_location_for as a helper * Added test helpers -== 0.5.1 +### 0.5.1 * enhancements * Added serializers based on Warden ones * Allow authentication keys to be set -== 0.5.0 +### 0.5.0 * bug fix * Fixed a bug where remember me module was not working properly @@ -871,13 +871,13 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by @mhfs) * Added support for MongoMapper (by @shingara) -== 0.4.3 +### 0.4.3 * bug fix * Authentication just fails if user cannot be serialized from session, without raising errors; * Default configuration values should not overwrite user values; -== 0.4.2 +### 0.4.2 * deprecations * Renamed mail_sender to mailer_sender @@ -889,12 +889,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow :path_prefix to be given to devise_for * Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported) -== 0.4.1 +### 0.4.1 * bug fix * Ensure options can be set even if models were not loaded -== 0.4.0 +### 0.4.0 * deprecations * Notifier is deprecated, use DeviseMailer instead. Remember to rename @@ -907,7 +907,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Allow Warden::Manager to be configured through Devise * Created a generator which creates an initializer -== 0.3.0 +### 0.3.0 * bug fix * Allow yml messages to be configured by not using engine locales @@ -917,7 +917,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Do not send confirmation messages when user changes his e-mail * Renamed authenticable to authenticatable and added deprecation warnings -== 0.2.3 +### 0.2.3 * enhancements * Ensure fail! works inside strategies @@ -927,12 +927,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * Do not redirect on invalid authenticate * Allow model configuration to be set to nil -== 0.2.2 +### 0.2.2 * bug fix * Fix a bug when using customized resources -== 0.2.1 +### 0.2.1 * refactor * Clean devise_views generator to use devise existing views @@ -944,7 +944,7 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fix * Fix a bug with Mongrel and Ruby 1.8.6 -== 0.2.0 +### 0.2.0 * enhancements * Allow option :null => true in authenticable migration @@ -959,12 +959,12 @@ Notes: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2. * bug fixes * Fixed requiring devise strategies -== 0.1.1 +### 0.1.1 * bug fixes * Fixed requiring devise mapping -== 0.1.0 +### 0.1.0 * Devise::Authenticable * Devise::Confirmable