mirror of
https://github.com/heartcombo/devise.git
synced 2022-11-09 12:18:31 -05:00
592 lines
19 KiB
Text
592 lines
19 KiB
Text
* enhancements
|
|
* All controllers can now handle different mime types than html using Responders (by github.com/sikachu)
|
|
* Added reset_password_within as configuration option to send the token for recovery (by github.com/jdguyot)
|
|
* Bump password length to 128 characters (by github.com/k33l0r)
|
|
* Add :only as option to devise_for (by github.com/timoschilling)
|
|
* Allow to override path after sending password instructions (by github.com/irohiroki)
|
|
|
|
* bug fix
|
|
* Fix a bug where configuration options were being included too late
|
|
* Ensure Devise::TestHelpers can be used to tests Devise internal controllers (by github.com/jwilger)
|
|
* valid_password? should not choke on empty passwords (by github.com/mikel)
|
|
* downcase keys before validation
|
|
|
|
* backward incompatible changes
|
|
* authentication_keys are no longer considered when creating the e-mail validations, the previous behavior was buggy. You must double check if you were relying on such behavior.
|
|
|
|
== 1.2.1
|
|
|
|
* enhancements
|
|
* Improve update path messages
|
|
|
|
== 1.2.0
|
|
|
|
* bug fix
|
|
* Properly ignore path prefix on omniauthable
|
|
* Faster uniqueness queries
|
|
* Rename active? to active_for_authentication? to avoid conflicts
|
|
|
|
== 1.2.rc2
|
|
|
|
* enhancements
|
|
* Make friendly_token 20 chars long
|
|
* Use secure_compare
|
|
|
|
* bug fix
|
|
* Fix an issue causing infinite redirects in production
|
|
* rails g destroy works properly with devise generators (by github.com/andmej)
|
|
* before_failure callbacks should work on test helpers (by github.com/twinge)
|
|
* rememberable cookie now is httponly by default (by github.com/JamesFerguson)
|
|
* Add missing confirmation_keys (by github.com/JohnPlummer)
|
|
* Ensure after_* hooks are called on RegistrationsController
|
|
* When using database_authenticatable Devise will now only create an email field when appropriate (if using default authentication_keys or custom authentication_keys with email included)
|
|
* Ensure stateless token does not trigger timeout (by github.com/pixelauthority)
|
|
* Implement handle_unverified_request for Rails 3.0.4 compatibility and improve FailureApp reliance on symbols
|
|
* Consider namespaces while generating routes
|
|
* Custom failure apps no longer ignored in test mode (by github.com/jaghion)
|
|
* Do not depend on ActiveModel::Dirty
|
|
* Manual sign_in now triggers remember token
|
|
* Be sure to halt strategies on failures
|
|
* Consider SCRIPT_NAME on Omniauth paths
|
|
* Reset failed attempts when lock is expired
|
|
* Ensure there is no Mongoid injection
|
|
|
|
* deprecations
|
|
* Deprecated anybody_signed_in? in favor of signed_in? (by github.com/gavinhughes)
|
|
* Removed --haml and --slim view templates
|
|
* Devise::OmniAuth helpers were deprecated and removed in favor of Omniauth.config.test_mode
|
|
|
|
== 1.2.rc
|
|
|
|
* deprecations
|
|
* cookie_domain is deprecated in favor of cookie_options
|
|
* after_update_path_for can no longer be defined in ApplicationController
|
|
|
|
* enhancements
|
|
* Added OmniAuth support
|
|
* Added ORM adapter to abstract ORM iteraction
|
|
* sign_out_via is available in the router to configure the method used for sign out (by github.com/martinrehfeld)
|
|
* Improved Ajax requests handling in failure app (by github.com/spastorino)
|
|
* Added request_keys to easily use request specific values (like subdomain) in authentication
|
|
* Increased the size of friendly_token to 60 characters (reduces the chances of a successful brute attack)
|
|
* Ensure the friendly token does not include "_" or "-" since some e-mails may not autolink it properly (by github.com/rymai)
|
|
* Extracted encryptors into :encryptable for better bcrypt support
|
|
* :rememberable is now able to use salt as token if no remember_token is provided
|
|
* Store the salt in session and expire the session if the user changes his password
|
|
* Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication
|
|
* cookie_options uses session_options values by default
|
|
* Sign up now check if the user is active or not and redirect him accordingly setting the inactive_signed_up message
|
|
* Use ActiveModel#to_key instead of #id
|
|
* sign_out_all_scopes now destroys the whole session
|
|
* Added case_insensitive_keys that automatically downcases the given keys, by default downcases only e-mail (by github.com/adahl)
|
|
|
|
* default behavior changes
|
|
* sign_out_all_scopes defaults to true as security measure
|
|
* http authenticatable is disabled by default
|
|
* Devise does not intercept 401 returned from applications
|
|
|
|
* bugfix
|
|
* after_sign_in_path_for always receives a resource
|
|
* Do not execute Warden::Callbacks on Devise::TestHelpers (by github.com/sgronblo)
|
|
* Allow password recovery and account unlocking to change used keys (by github.com/RStankov)
|
|
* FailureApp now properly handles nil request.format
|
|
* Fix a bug causing FailureApp to return with HTTP Auth Headers for IE7
|
|
* Ensure namespaces has proper scoped views
|
|
* Ensure Devise does not set empty flash messages (by github.com/sxross)
|
|
|
|
== 1.1.6
|
|
|
|
* Use a more secure e-mail regexp
|
|
* Implement Rails 3.0.4 handle unverified request
|
|
* Use secure_compare to compare passwords
|
|
|
|
== 1.1.5
|
|
|
|
* bugfix
|
|
* Ensure to convert keys on indifferent hash
|
|
|
|
* defaults
|
|
* Set config.http_authenticatable to false to avoid confusion
|
|
|
|
== 1.1.4
|
|
|
|
* bugfix
|
|
* Avoid session fixation attacks
|
|
|
|
== 1.1.3
|
|
|
|
* bugfix
|
|
* Add reply-to to e-mail headers by default
|
|
* Updated the views generator to respect the rails :template_engine option (by github.com/fredwu)
|
|
* Check the type of HTTP Authentication before using Basic headers
|
|
* Avoid invalid_salt errors by checking salt presence (by github.com/thibaudgg)
|
|
* Forget user deletes the right cookie before logout, not remembering the user anymore (by github.com/emtrane)
|
|
* Fix for failed first-ever logins on PostgreSQL where column default is nil (by github.com/bensie)
|
|
* :default options is now honored in migrations
|
|
|
|
== 1.1.2
|
|
|
|
* bugfix
|
|
* Compatibility with latest Rails routes schema
|
|
|
|
== 1.1.1
|
|
|
|
* bugfix
|
|
* Fix a small bug where generated locale file was empty on devise:install
|
|
|
|
== 1.1.0
|
|
|
|
* enhancements
|
|
* Rememberable module allows user to be remembered across browsers and is enabled by default (by github.com/trevorturk)
|
|
* Rememberable module allows you to activate the period the remember me token is extended (by github.com/trevorturk)
|
|
* devise_for can now be used together with scope method in routes but with a few limitations (check the documentation)
|
|
* Support `as` or `devise_scope` in the router to specify controller access scope
|
|
* HTTP Basic Auth can now be disabled/enabled for xhr(ajax) requests using http_authenticatable_on_xhr option (by github.com/pellja)
|
|
|
|
* bug fix
|
|
* Fix a bug in Devise::TestHelpers where current_user was returning a Response object for non active accounts
|
|
* Devise should respect script_name and path_info contracts
|
|
* Fix a bug when accessing a path with (.:format) (by github.com/klacointe)
|
|
* Do not add unlock routes unless unlock strategy is email or both
|
|
* Email should be case insensitive
|
|
* Store classes as string in session, to avoid serialization and stale data issues
|
|
|
|
* deprecations
|
|
* use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead
|
|
|
|
== 1.1.rc2
|
|
|
|
* enhancements
|
|
* Allow to set cookie domain for the remember token. (by github.com/mantas)
|
|
* Added navigational formats to specify when it should return a 302 and when a 401.
|
|
* Added authenticate(scope) support in routes (by github.com/wildchild)
|
|
* Added after_update_path_for to registrations controller (by github.com/thedelchop)
|
|
* Allow the mailer object to be replaced through config.mailer = "MyOwnMailer"
|
|
|
|
* bug fix
|
|
* Fix a bug where session was timing out on sign out
|
|
|
|
* deprecations
|
|
* bcrypt is now the default encryptor
|
|
* devise.mailer.confirmations_instructions now should be devise.mailer.confirmations_instructions.subject
|
|
* devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject
|
|
* Generators now use Rails 3 syntax (devise:install) instead of devise_install
|
|
|
|
== 1.1.rc1
|
|
|
|
* enhancements
|
|
* Rails 3 compatibility
|
|
* All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions"
|
|
* Devise.orm is deprecated. This reduces the required API to hook your ORM with devise
|
|
* Use metal for failure app
|
|
* HTML e-mails now have proper formatting
|
|
* Allow to give :skip and :controllers in routes
|
|
* Move trackable logic to the model
|
|
* E-mails now use any template available in the filesystem. Easy to create multipart e-mails
|
|
* E-mails asks headers_for in the model to set the proper headers
|
|
* Allow to specify haml in devise_views
|
|
* Compatibility with Mongoid
|
|
* Make config.devise available on config/application.rb
|
|
* TokenAuthenticatable now works with HTTP Basic Auth
|
|
* Allow :unlock_strategy to be :none and add :lock_strategy which can be :failed_attempts or none. Setting those values to :none means that you want to handle lock and unlocking by yourself
|
|
* No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3
|
|
* :activatable is included by default in your models
|
|
|
|
* bug fix
|
|
* Fix a bug with STI
|
|
|
|
* deprecations
|
|
* Rails 3 compatible only
|
|
* Removed support for MongoMapper
|
|
* Scoped views are no longer "sessions/users/new". Now use "users/sessions/new"
|
|
* Devise.orm is deprecated, just require "devise/orm/YOUR_ORM" instead
|
|
* Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options
|
|
* All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure
|
|
* :as and :scope in routes is deprecated. Use :path and :singular instead
|
|
|
|
== 1.0.8
|
|
|
|
* enhancements
|
|
* Support for latest MongoMapper
|
|
* Added anybody_signed_in? helper (by github.com/SSDany)
|
|
|
|
* bug fix
|
|
* confirmation_required? is properly honored on active? calls. (by github.com/paulrosania)
|
|
|
|
== 1.0.7
|
|
|
|
* bug fix
|
|
* Ensure password confirmation is always required
|
|
|
|
* deprecations
|
|
* authenticatable was deprecated and renamed to database_authenticatable
|
|
* confirmable is not included by default on generation
|
|
|
|
== 1.0.6
|
|
|
|
* bug fix
|
|
* Do not allow unlockable strategies based on time to access a controller.
|
|
* Do not send unlockable email several times.
|
|
* Allow controller to upstram custom! failures to Warden.
|
|
|
|
== 1.0.5
|
|
|
|
* bug fix
|
|
* Use prepend_before_filter in require_no_authentication.
|
|
* require_no_authentication on unlockable.
|
|
* Fix a bug when giving an association proxy to devise.
|
|
* Do not use lock! on lockable since it's part of ActiveRecord API.
|
|
|
|
== 1.0.4
|
|
|
|
* bug fix
|
|
* Fixed a bug when deleting an account with rememberable
|
|
* Fixed a bug with custom controllers
|
|
|
|
== 1.0.3
|
|
|
|
* enhancements
|
|
* HTML e-mails now have proper formatting
|
|
* Do not remove MongoMapper options in find
|
|
|
|
== 1.0.2
|
|
|
|
* enhancements
|
|
* Allows you set mailer content type (by github.com/glennr)
|
|
|
|
* bug fix
|
|
* Uses the same content type as request on http authenticatable 401 responses
|
|
|
|
== 1.0.1
|
|
|
|
* enhancements
|
|
* HttpAuthenticatable is not added by default automatically.
|
|
* Avoid mass assignment error messages with current password.
|
|
|
|
* bug fix
|
|
* Fixed encryptors autoload
|
|
|
|
== 1.0.0
|
|
|
|
* deprecation
|
|
* :old_password in update_with_password is deprecated, use :current_password instead
|
|
|
|
* enhancements
|
|
* Added Registerable
|
|
* Added Http Basic Authentication support
|
|
* Allow scoped_views to be customized per controller/mailer class
|
|
* [#99] Allow authenticatable to used in change_table statements
|
|
|
|
== 0.9.2
|
|
|
|
* bug fix
|
|
* Ensure inactive user cannot sign in
|
|
* Ensure redirect to proper url after sign up
|
|
|
|
* enhancements
|
|
* Added gemspec to repo
|
|
* Added token authenticatable (by github.com/grimen)
|
|
|
|
== 0.9.1
|
|
|
|
* bug fix
|
|
* Allow bigger salt size (by github.com/jgeiger)
|
|
* Fix relative url root
|
|
|
|
== 0.9.0
|
|
|
|
* deprecation
|
|
* devise :all is deprecated
|
|
* :success and :failure flash messages are now :notice and :alert
|
|
|
|
* enhancements
|
|
* Added devise lockable (by github.com/mhfs)
|
|
* Warden 0.9.0 compatibility
|
|
* Mongomapper 0.6.10 compatibility
|
|
* Added Devise.add_module as hooks for extensions (by github.com/grimen)
|
|
* Ruby 1.9.1 compatibility (by github.com/grimen)
|
|
|
|
* bug fix
|
|
* Accept path prefix not starting with slash
|
|
* url helpers should rely on find_scope!
|
|
|
|
== 0.8.2
|
|
|
|
* enhancements
|
|
* Allow Devise.mailer_sender to be a proc (by github.com/grimen)
|
|
|
|
* bug fix
|
|
* Fix bug with passenger, update is required to anyone deploying on passenger (by github.com/dvdpalm)
|
|
|
|
== 0.8.1
|
|
|
|
* enhancements
|
|
* Move salt to encryptors
|
|
* Devise::Lockable
|
|
* Moved view links into partial and I18n'ed them
|
|
|
|
* bug fix
|
|
* Bcrypt generator was not being loaded neither setting the proper salt
|
|
|
|
== 0.8.0
|
|
|
|
* enhancements
|
|
* Warden 0.8.0 compatibility
|
|
* Add an easy for map.connect "sign_in", :controller => "sessions", :action => "new" to work
|
|
* Added :bcrypt encryptor (by github.com/capotej)
|
|
|
|
* bug fix
|
|
* sign_in_count is also increased when user signs in via password change, confirmation, etc..
|
|
* More DataMapper compatibility (by github.com/lancecarlson)
|
|
|
|
* deprecation
|
|
* Removed DeviseMailer.sender
|
|
|
|
== 0.7.5
|
|
|
|
* enhancements
|
|
* Set a default value for mailer to avoid find_template issues
|
|
* Add models configuration to MongoMapper::EmbeddedDocument as well
|
|
|
|
== 0.7.4
|
|
|
|
* enhancements
|
|
* Extract Activatable from Confirmable
|
|
* Decouple Serializers from Devise modules
|
|
|
|
== 0.7.3
|
|
|
|
* bug fix
|
|
* Give scope to the proper model validation
|
|
|
|
* enhancements
|
|
* Mail views are scoped as well
|
|
* Added update_with_password for authenticatable
|
|
* Allow render_with_scope to accept :controller option
|
|
|
|
== 0.7.2
|
|
|
|
* deprecation
|
|
* Renamed reset_confirmation! to resend_confirmation!
|
|
* Copying locale is part of the installation process
|
|
|
|
* bug fix
|
|
* Fixed render_with_scope to work with all controllers
|
|
* Allow sign in with two different users in Devise::TestHelpers
|
|
|
|
== 0.7.1
|
|
|
|
* enhancements
|
|
* Small enhancements for other plugins compatibility (by github.com/grimen)
|
|
|
|
== 0.7.0
|
|
|
|
* deprecations
|
|
* :authenticatable is not included by default anymore
|
|
|
|
* enhancements
|
|
* Improve loading process
|
|
* Extract SessionSerializer from Authenticatable
|
|
|
|
== 0.6.3
|
|
|
|
* bug fix
|
|
* Added trackable to migrations
|
|
* Allow inflections to work
|
|
|
|
== 0.6.2
|
|
|
|
* enhancements
|
|
* More DataMapper compatibility
|
|
* Devise::Trackable - track sign in count, timestamps and ips
|
|
|
|
== 0.6.1
|
|
|
|
* enhancements
|
|
* Devise::Timeoutable - timeout sessions without activity
|
|
* DataMapper now accepts conditions
|
|
|
|
== 0.6.0
|
|
|
|
* deprecations
|
|
* :authenticatable is still included by default, but yields a deprecation warning
|
|
|
|
* enhancements
|
|
* Added DataMapper support
|
|
* Remove store_location from authenticatable strategy and add it to failure app
|
|
* Allow a strategy to be placed after authenticatable
|
|
* [#45] Do not rely attribute? methods, since they are not added on Datamapper
|
|
|
|
== 0.5.6
|
|
|
|
* enhancements
|
|
* [#42] Do not send nil to build (DataMapper compatibility)
|
|
* [#44] Allow to have scoped views
|
|
|
|
== 0.5.5
|
|
|
|
* enhancements
|
|
* Allow overwriting find for authentication method
|
|
* [#38] Remove Ruby 1.8.7 dependency
|
|
|
|
== 0.5.4
|
|
|
|
* deprecations
|
|
* Deprecate :singular in devise_for and use :scope instead
|
|
|
|
* enhancements
|
|
* [#37] Create after_sign_in_path_for and after_sign_out_path_for hooks to be
|
|
overwriten in ApplicationController
|
|
* Create sign_in_and_redirect and sign_out_and_redirect helpers
|
|
* Warden::Manager.default_scope is automatically configured to the first given scope
|
|
|
|
== 0.5.3
|
|
|
|
* bug fix
|
|
* MongoMapper now converts DateTime to Time
|
|
* Ensure all controllers are unloadable
|
|
|
|
* enhancements
|
|
* [#35] Moved friendly_token to Devise
|
|
* Added Devise.all, so you can freeze your app strategies
|
|
* Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper
|
|
in cases you don't want it be handlded automatically
|
|
|
|
== 0.5.2
|
|
|
|
* enhancements
|
|
* [#28] Improved sign_in and sign_out helpers to accepts resources
|
|
* [#28] Added stored_location_for as a helper
|
|
* [#20] Added test helpers
|
|
|
|
== 0.5.1
|
|
|
|
* enhancements
|
|
* Added serializers based on Warden ones
|
|
* Allow authentication keys to be set
|
|
|
|
== 0.5.0
|
|
|
|
* bug fix
|
|
* Fixed a bug where remember me module was not working properly
|
|
|
|
* enhancements
|
|
* Moved encryption strategy into the Encryptors module to allow several algorithms (by github.com/mhfs)
|
|
* Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by github.com/mhfs)
|
|
* Added support for MongoMapper (by github.com/shingara)
|
|
|
|
== 0.4.3
|
|
|
|
* bug fix
|
|
* [#29] Authentication just fails if user cannot be serialized from session, without raising errors;
|
|
* Default configuration values should not overwrite user values;
|
|
|
|
== 0.4.2
|
|
|
|
* deprecations
|
|
* Renamed mail_sender to mailer_sender
|
|
|
|
* enhancements
|
|
* skip_before_filter added in Devise controllers
|
|
* Use home_or_root_path on require_no_authentication as well
|
|
* Added devise_controller?, useful to select or reject filters in ApplicationController
|
|
* Allow :path_prefix to be given to devise_for
|
|
* Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported)
|
|
|
|
== 0.4.1
|
|
|
|
* bug fix
|
|
* [#21] Ensure options can be set even if models were not loaded
|
|
|
|
== 0.4.0
|
|
|
|
* deprecations
|
|
* Notifier is deprecated, use DeviseMailer instead. Remember to rename
|
|
app/views/notifier to app/views/devise_mailer and I18n key from
|
|
devise.notifier to devise.mailer
|
|
* :authenticable calls are deprecated, use :authenticatable instead
|
|
|
|
* enhancements
|
|
* [#16] Allow devise to be more agnostic and do not require ActiveRecord to be loaded
|
|
* Allow Warden::Manager to be configured through Devise
|
|
* Created a generator which creates an initializer
|
|
|
|
== 0.3.0
|
|
|
|
* bug fix
|
|
* [#15] Allow yml messages to be configured by not using engine locales
|
|
|
|
* deprecations
|
|
* Renamed confirm_in to confirm_within
|
|
* [#14] Do not send confirmation messages when user changes his e-mail
|
|
* [#13] Renamed authenticable to authenticatable and added deprecation warnings
|
|
|
|
== 0.2.3
|
|
|
|
* enhancements
|
|
* Ensure fail! works inside strategies
|
|
* [#12] Make unauthenticated message (when you haven't signed in) different from invalid message
|
|
|
|
* bug fix
|
|
* Do not redirect on invalid authenticate
|
|
* Allow model configuration to be set to nil
|
|
|
|
== 0.2.2
|
|
|
|
* bug fix
|
|
* [#9] Fix a bug when using customized resources
|
|
|
|
== 0.2.1
|
|
|
|
* refactor
|
|
* Clean devise_views generator to use devise existing views
|
|
|
|
* enhancements
|
|
* [#7] Create instance variables (like @user) for each devise controller
|
|
* Use Devise::Controller::Helpers only internally
|
|
|
|
* bug fix
|
|
* [#6] Fix a bug with Mongrel and Ruby 1.8.6
|
|
|
|
== 0.2.0
|
|
|
|
* enhancements
|
|
* [#4] Allow option :null => true in authenticable migration
|
|
* [#3] Remove attr_accessible calls from devise modules
|
|
* Customizable time frame for rememberable with :remember_for config
|
|
* Customizable time frame for confirmable with :confirm_in config
|
|
* Generators for creating a resource and copy views
|
|
|
|
* optimize
|
|
* Do not load hooks or strategies if they are not used
|
|
|
|
* bug fixes
|
|
* [#2] Fixed requiring devise strategies
|
|
|
|
== 0.1.1
|
|
|
|
* bug fixes
|
|
* [#1] Fixed requiring devise mapping
|
|
|
|
== 0.1.0
|
|
|
|
* Devise::Authenticable
|
|
* Devise::Confirmable
|
|
* Devise::Recoverable
|
|
* Devise::Validatable
|
|
* Devise::Migratable
|
|
* Devise::Rememberable
|
|
|
|
* SessionsController
|
|
* PasswordsController
|
|
* ConfirmationsController
|
|
|
|
* Create an example app
|
|
* devise :all, :except => :rememberable
|
|
* Use sign_in and sign_out in SessionsController
|
|
|
|
* Mailer subjects namespaced by model
|
|
* Allow stretches and pepper per model
|
|
|
|
* Store session[:return_to] in session
|
|
* Sign user in automatically after confirming or changing it's password
|