Skip to content

v1.0.17
Compare
Choose a tag to compare
@danschultzer danschultzer released this 04 Feb 15:13
v1.0.17
164537f

Enhancements

  • [Pow.Ecto.Context] Calls to Pow.Ecto.Context.get_by/2 replaced with Pow.Operations.get_by/2 so custom users context module can be used. The following methods has been updated: #343
    • Pow.Ecto.Context.authenticate/2
    • PowEmailConfirmation.Ecto.Context.get_by_confirmation_token/2
    • PowInvitation.Ecto.Context.get_by_invitation_token/2
    • PowResetPassword.Ecto.Context.get_by_email/2
  • [Pow.Ecto.Schema.Changeset] Pow.Ecto.Schema.Changeset.confirm_password_changeset/3 now adds the default Ecto.Changeset.validate_confirmation/3 error instead of the previous not same as password error #380
  • [Pow.Ecto.Schema.Changeset] Pow.Ecto.Schema.Changeset.confirm_password_changeset/3 now uses the Ecto.Changeset.validate_confirmation/3 for validation and expects :password_confirmation instead of :confirm_password in params #379
  • [Pow.Ecto.Schema.Changeset] Pow.Ecto.Schema.Changeset.new_password_changeset/3 now only requires the :password_hash if there have been no previous errors set in the changeset #391
  • [Pow.Ecto.Schema] No longer adds :confirm_password virtual field #379
  • [Pow.Ecto.Schema] Now has an @after_compile callback that ensures all required fields has been defined #376
  • [PowInvitation.Phoenix.InvitationView] Now renders :password_confirmation field instead of :confirm_password #379
  • [PowResetPassword.Phoenix.ResetPasswordView] Now renders :password_confirmation field instead of :confirm_password #379
  • [Pow.Phoenix.RegistrationView] Now renders :password_confirmation field instead of :confirm_password #379
  • [PowEmailConfirmation.Ecto.Schema] No longer validates if :email has been taken before setting :unconfirmed_email #379
  • [PowEmailConfirmation.Phoenix.ControllerCallbacks] Now prevents user enumeration attack for PowInvitation.Phoenix.InvitationController.create/2 #384
  • [PowPersistentSession.Plug.Cookie] Changed default cookie name to persistent_session #385
  • [PowPersistentSession.Plug.Cookie] Removed renewal of cookie as the token will always expire #385
  • [PowPersistentSession.Plug.Cookie] No longer expires invalid cookies #390
  • [Pow.Operations] Added Pow.Operations.fetch_primary_key_values/2 #393
  • [PowPersistentSession.Plug.Base] Now registers :before_send callbacks #398
  • [PowPersistentSession.Plug.Cookie] Now updates cookie and backend store in :before_send callback #398
  • [Pow.Plug.Base] Now registers :before_send callbacks #398
  • [Pow.Plug.Session] Now updates plug session and backend store in :before_send callback #398
  • [Pow.Plug] Added Pow.Plug.create/3 #405
  • [Pow.Plug] Added Pow.Plug.delete/2 #405

Removed

  • [PowResetPassword.Phoenix.ResetPasswordController] Will no longer prevent information leak by checking if PowEmailConfirmation or registration routes are enabled; instead it'll by default prevent user enumeration, but can be disabled if pow_prevent_user_enumeration: false is set in conn.private #384

Bug fixes

  • [PowPersistentSession.Plug.Base] With custom :persistent_session_store now falls back to :cache_store_backend configuration option #408
  • [PowResetPassword.Plug] With custom :reset_password_token_store now falls back to :cache_store_backend configuration option #408
  • [Pow.Plug.Base] With custom :credentials_cache_store now falls back to :cache_store_backend configuration option #408

Deprecations

  • [Pow.Ecto.Changeset] Pow.Ecto.Schema.Changeset.confirm_password_changeset/3 has deprecated use of :confirm_password in params in favor of :password_confirmation #379
  • [Pow.Plug.Session] :session_store option has been renamed to :credentials_cache_store #399
  • [Pow.Plug] Pow.Plug.clear_authenticated_user/1 deprecated in favor of Pow.Plug.delete/1 #405
Assets 2
Loading