Skip to content

v1.0.19
Compare
Choose a tag to compare
@danschultzer danschultzer released this 13 Mar 19:09
v1.0.19
76475d7

Warning: This release will now sign and verify all tokens, causing previous tokens to no longer work. Any sessions and persistent sessions will be invalidated.

Enhancements

  • [Pow.Plug.Session] Now sets a global lock when renewing the session #414
  • [PowPersistentSession.Plug.Cookie] Now sets a global lock when authenticating the user #414
  • [PowEmailConfirmation.Plug] Added PowEmailConfirmation.Plug.sign_confirmation_token/2 to sign the email_confirmation_token to prevent timing attacks #417
  • [PowEmailConfirmation.Plug] Added PowEmailConfirmation.Plug.load_user_by_token/2 to verify the signed email_confirmation_token to prevent timing attacks #446
  • [PowEmailConfirmation.Plug] Added PowEmailConfirmation.Plug.confirm_email/2 with map as second argument #446
  • [PowInvitation.Plug] Added PowInvitation.Plug.sign_invitation_token/2 to sign the invitation_token #417
  • [PowInvitation.Plug] Added PowInvitation.Plug.load_invited_user_by_token/2 to verify the signed invitation_token to prevent timing attacks #417
  • [PowResetPassword.Plug] Changed PowResetPassword.Plug.create_reset_token/2 to sign the :token #417
  • [PowResetPassword.Plug] Added PowResetPassword.Plug.load_user_by_token/2 to verify the signed token to prevent timing attacks #417
  • [PowResetPassword.Plug] Changed PowResetPassword.Plug.update_user_password/2 so it decodes the signed token #417
  • [PowPersistentSession.Plug.Cookie] Now uses signed tokens to prevent timing attacks #417
  • [Pow.Plug.Session] Now uses signed session ID's to prevent timing attacks #417
  • [Pow.Plug] Added Pow.Plug.sign_token/4 to sign tokens #417
  • [Pow.Plug] Added Pow.Plug.verify_token/4 to decode and verify signed tokens #417
  • [Pow.Plug.MessageVerifier] Added Pow.Plug.MessageVerifier module to sign and verify messages #417
  • [PowEmailConfirmation.Ecto.Context] Added PowEmailConfirmation.Ecto.Context.confirm_email/3 #446
  • [PowEmailConfirmation.Ecto.Schema] Added confirm_email_changeset/2 and pow_confirm_email_changeset/2 to the macro #446
  • [PowEmailConfirmation.Ecto.Schema] Added PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2 #446
  • [PowInvitation.Ecto.Schema] Added accept_invitation_changeset/2 and pow_accept_invitation_changeset/2 to the macro #446
  • [PowResetPassword.Ecto.Schema] Added reset_password_changeset/2 and pow_reset_password_changeset/2 to the macro #446
  • [Pow.Ecto.Schema] Now emits a warning instead of raising error with missing fields/associations #455

Deprecations

  • [PowEmailConfirmation.Plug] PowEmailConfirmation.Plug.confirm_email/2 with token param as second argument has been deprecated in favor of PowEmailConfirmation.Plug.load_user_by_token/2, and PowEmailConfirmation.Plug.confirm_email/2 with map as second argument #446
  • [PowInvitation.Plug] PowInvitation.Plug.invited_user_from_token/2 has been deprecated in favor of PowInvitation.Plug.load_invited_user_by_token/2 #417
  • [PowInvitation.Plug] PowInvitation.Plug.assign_invited_user/2 has been deprecated #417
  • [PowResetPassword.Plug] PowResetPassword.Plug.user_from_token/2 has been deprecated in favor of PowResetPassword.Plug.load_user_by_token/2 #417
  • [PowResetPassword.Plug] PowResetPassword.Plug.assign_reset_password_user/2 has been deprecated #417
  • [PowEmailConfirmation.Ecto.Context] PowEmailConfirmation.Ecto.Context.confirm_email/2 deprecated in favor of PowEmailConfirmation.Ecto.Context.confirm_email/3 #446
  • [PowEmailConfirmation.Ecto.Schema] PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/1 deprecated in favor of PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2 #446

Documentation

Assets 2
Loading