All Versions
Latest Version
Avg Release Cycle
85 days
Latest Release
127 days ago

Changelog History
Page 2

  • v4.4.1

    January 23, 2018
    • ๐Ÿ› bug fixes
      • Ensure Gemspec is loaded as utf-8. (by @segiddins)
      • Fix ActiveRecord check on Confirmable. (by @tegon)
      • Fix signed_in? docs without running auth hooks. by (@machty)
  • v4.4.0

    December 29, 2017
    • โœจ enhancements

      • Add frozen_string_literal pragma comment to all Ruby files. (by @pat)
      • Use set_flash_method! instead of set_flash_method in Devise::OmniauthCallbacksController#failure. (by @saichander17)
      • Clarify how store_location_for modifies URIs. (by @olivierlacan)
      • Move failed_attempts increment into its own function. by (@mobilutz)
      • Add autocomplete="email" to email fields. by (@MikeRogers0)
      • Add the ability to change the default migrations path introduced in Rails 5.0.3. (by @alexhifer)
      • Delete unnecessary condition for helper method. (by @davydovanton)
      • Support id: :uuid option for migrations. (by @filip373)
    • ๐Ÿ› bug fixes

      • Fix syntax for MRI 2.5.0. (by @pat)
      • Validations were being ignored on singup in the Trackable#update_tracked_fields! method. (by @AshleyFoster)
      • Do not modify options for #serializable_hash. (by @guigs)
      • Email confirmations were being sent on sign in/sign out for application using mongoid and mongoid-paperclip gems. This is because previously we were checking if a model is from Active Record by checking if the method after_commit was defined - since mongoid doesn' have one - but mongoid-paperclip gem does define one, which cause this issue. (by @fjg)
  • v4.3.0

    May 15, 2017
    • โœจ Enhancements
      • Dependency support added for Rails 5.1.x.
  • v4.2.1

    March 15, 2017
    • removals
      • Devise::Mailer#scope_name and Devise::Mailer#resource are now protected methods instead of public.
    • ๐Ÿ› bug fixes
      • Attempt to reset password without the password field in the request now results in a :blank validation error. Before this change, Devise would accept the reset password request and log the user in, without validating/changing the password. (by @victor-am)
      • Confirmation links now expire based on UTC time, working properly when using different timezones. (by @jjuliano)
    • โœจ enhancements
      • Notify the original email when it is changed with a new Devise.send_email_changed_notification setting. When using reconfirmable, the notification will be sent right away instead of when the unconfirmed email is confirmed. (original change by @ethirajsrinivasan)
  • v4.2.0

    July 01, 2016
    • removals
      • Remove the deprecated Devise::ParameterSanitizer API from Devise 3. Please use the #permit and #sanitize methods over #for.
      • Remove the deprecated OmniAuth URL helpers. Use the fully qualified helpers (user_facebook_omniauth_authorize_path) over the scope based helpers ( user_omniauth_authorize_path(:facebook)).
      • Remove the Devise.bcrypt method, use Devise::Encryptor.digest instead.
      • Remove the Devise::Models::Confirmable#confirm! method, use confirm instead.
      • Remove the Devise::Models::Recoverable#reset_password! method, use reset_password instead.
      • Remove the Devise::Models::Recoverable#after_password_reset method.
    • ๐Ÿ› bug fixes
      • Fix an ActionDispatch::IllegalStateError when testing controllers with Rails 5 rc 2(by @hamadata).
      • Use ActiveSupport.on_load hooks to include Devise on ActiveRecord and Mongoid, avoiding autoloading these constants too soon (by @lucasmazza, @rafaelfranca).
    • โœจ enhancements
      • Display the minimum password length on registrations/edit view (by @Yanchek99).
      • You can disable Devise's routes reloading on boot by through the reload_routes = false config. This can reduce the time taken to boot the application but it might trigger some errors if you application (mostly your controllers) requires that Devise mappings be loaded during boot time (by @sidonath).
      • Added Devise::Test::IntegrationHelpers to bypass the sign in process using Warden test API (by @lucasmazza).
      • Define inspect in Devise::Models::Authenticatable to help ensure password hashes aren't included in exceptions or otherwise accidentally serialized (by @tkrajcar).
      • Add missing support of Rails.application.config.action_controller.relative_url_root (by @kosdiamantis).
    • ๐Ÿ—„ deprecations
      • Devise::TestHelpers is deprecated in favor of Devise::Test::ControllerHelpers (by @lucasmazza).
      • The sign_in test helper has changed to use keyword arguments when passing a scope. sign_in :admin, users(:alice) should be rewritten as sign_in users(:alice), scope: :admin (by @lucasmazza).
      • The option bypass of Devise::Controllers::SignInOut#sign_in method is deprecated in favor of Devise::Controllers::SignInOut#bypass_sign_in method (by @ulissesalmeida).
  • v4.1.1

    May 15, 2016
    • ๐Ÿ› bug fixes
      • Fix overwriting the remember_token when a valid one already exists (by @ralinchimev).
  • v4.1.0

    • ๐Ÿ› bug fixes

      • Fix race condition of sending the confirmation instructions e-mail using background jobs. Using the previous after_create callback, the e-mail can be sent before the record be committed on database, generating a ActiveRecord::NotFound error. Now the confirmation e-mail will be only sent after the database commit, using the after_commit callback. It may break your test suite on Rails 4 if you are testing the sent e-mails or enqueued jobs using transactional fixtures enabled or DatabaseCleaner with transaction strategy. You can easily fix your test suite using the gem test_after_commit. For example, put in your Gemfile:
        gem 'test_after_commit', :group => :test

      On Rails 5 after_commit callbacks are triggered even using transactional fixtures, then this fix will not break your test suite. If you are using DatabaseCleaner with the deletion or truncation strategies it may not break your tests. (by @allenwq)

      • Fix strategy checking in Lockable#unlock_strategy_enabled? for :none and :undefined strategies. (by @f3ndot)
    • ๐Ÿ”‹ features

      • Humanize authentication keys in failure flash message (by @byzg) When you are configuring the translations of devise.failure.invalid, the authentication_keys is translated now.
    • ๐Ÿ—„ deprecations

      • Remove code supporting old session serialization format (by @fphilipe).
      • Now the email_regexp default uses a more permissive regex: /\A[^@\s][email protected][^@\s]+\z/ (by @kimgb)
      • Now the strip_whitespace_keys default is [:email] (by @ulissesalmeida)
      • Now the reconfirmable default is true (by @ulissesalmeida)
      • Now the skip_session_storage default is [:http_auth] (by @ulissesalmeida)
      • Now the sign_out_via default is :delete (by @ulissesalmeida)
    • ๐Ÿ‘Œ improvements

      • Avoids extra computation of friendly token for confirmation token (by @sbc100)
  • v4.0.3

    May 15, 2016
    • bug fixes
      • Fix overwriting the remember_token when a valid one already exists (by @ralinchimev).
  • v4.0.2

    May 02, 2016
    • ๐Ÿ› bug fixes
      • Fix strategy checking in Lockable#unlock_strategy_enabled? for :none and :undefined strategies. (by @f3ndot)
  • v4.0.1

    April 25, 2016
    • ๐Ÿ› bug fixes
      • Fix the e-mail confirmation instructions send when a user updates the email address from nil. (by @lmduc)
      • Remove unnecessary attribute_will_change! call. (by @cadejscroggins)
      • Consistent permit! check. (by @ulissesalmeida)