All Versions
Latest Version
Avg Release Cycle
54 days
Latest Release
139 days ago

Changelog History
Page 3

  • v1.2.0

    June 15, 2016
    • ➕ Add otp_drift configuration method to otp plugin, setting number of seconds of allowed drift (jeremyevans)

    • Don't allow setting passwords containing the ASCII NUL character, as bcrypt truncates at that point (jeremyevans) (#4)

  • v1.1.0

    May 13, 2016
    • 👌 Support :csrf=>false and :flash=>false plugin options (jeremyevans)
  • v1.0.0

    April 15, 2016
    • ✂ Remove invalid remember cookies to prevent unnecessary future database checks (jeremyevans)

    • Extend remember deadline in cookie in addition to database (jeremyevans)

    • 👉 Make tokens work with string account ids (jeremyevans)

    • 🔄 Add verify_change_login feature for requiring account reverification on login changes (jeremyevans)

    • Set correct cookie expiration in the remember feature (jeremyevans)

    • Split confirm_password feature from remember feature (jeremyevans)

    • Add verify_account_grace_period feature, for allowing logins into unverified accounts for a certain period after creation (jeremyevans)

    • 🚚 Move login/password requirements settings to login password requirements base feature (jeremyevans)

    • ➕ Add session_expiration feature, expiring sessions based on inactivity and max lifetime checks (jeremyevans)

    • Add password_grace_period feature, for not requiring password entry if password was recently entered (jeremyevans)

    • 0️⃣ Make create/verify account autologin true by default (jeremyevans)

    • ⚡️ Optimize routing using a hash table, disallow per-request routes (jeremyevans)

    • ➕ Add ability to turn off login/password confirmations (jeremyevans)

    • Don't allow changing login to the same as the current login (jeremyevans)

    • Only allow requesting account unlocks if the account is current locked out (jeremyevans)

    • 👉 Use separate routes for unlock account/reset password/verify account requests (jeremyevans)

    • 👉 Use separate routes for confirming passwords and changing remember settings (jeremyevans)

    • ➕ Add JWT feature for JSON API support using JWT tokens (jeremyevans)

    • 🔧 Add account_select configuration option for setting which columns to select from accounts_table (jeremyevans)

    • Execute get_block and post_block in the Rodauth::Auth instance scope (jeremyevans)

    • Store field errors in the rodauth object instead of instance variables in the Roda scope (jeremyevans)

    • ➕ Add rodauth.redirect to abstract redirection code (jeremyevans)

    • Only use flash notices for successful requests, other requests that redirect now use an error flash (jeremyevans)

    • 🔧 The before_* configuration methods now run directly before making the related database changes (jeremyevans)

    • Before hooks run before routes now use before_route instead of before configuration methods (jeremyevans)

    • 🔧 Add token_separator configuration method to replace the default of _ (jeremyevans)

    • Rename account_id_value to account_id (jeremyevans)

    • Rename account_id to account_id_column and account_session_id to account_session_column (jeremyevans)

    • Make skip_status_checks? default to true unless loading verify_account or close_account features (jeremyevans)

    • Replace account_model with accounts_table and db, removing use of Sequel models (jeremyevans)

    • Extract shared email-related code into email_base feature (jeremyevans)

    • Add auth_class_eval to configuration block for adding custom methods (jeremyevans)

    • ➕ Add configuration_eval to feature definitions for adding custom configuration methods (jeremyevans)

    • 👍 Allow close_account feature to optionally delete accounts (jeremyevans)

    • Make close_account feature work when skipping status checks or when using account_password_hash_column (jeremyevans)

    • ➕ Add sms_codes feature, for codes received via SMS that can be used if TOTP authentication is not available (jeremyevans)

    • Attempt to handle unique constraint violations raised in race conditions where possible (jeremyevans)

    • Add _before and _after internal methods, make ununderscored methods only for users (jeremyevans)

    • ➕ Add single_session feature, for only allowing a single active session per account (jeremyevans)

    • ➕ Add account_expiration feature, for disallowing access to accounts after an amount of time since last login/activity (jeremyevans)

    • 🔌 Check account status in rodauth.load_memory in remember plugin (jeremyevans)

    • 🔌 Use csrf plugin automatically, depend on Roda >=2.6.0 (jeremyevans)

    • 👉 Make bcrypt and mail development dependencies instead of runtime dependencies in the gem (jeremyevans)

    • ➕ Add password_expiration feature, requiring users to change their password after a given amount of time (jeremyevans)

    • Add disallow_password_reuse feature, checking that a new password doesn't match previous passwords (jeremyevans)

    • ➕ Add password_complexity feature, allowing more sophisticated password complexity checks (jeremyevans)

    • Add rodauth.remember_param and .remember_confirm_param for overriding parameter names (jeremyevans)

    • Check that new password is not the same as existing password in change password and reset password features (jeremyevans)

    • Add rodauth.login_meets_requirements? for checking if a login is valid, by default a valid email address (jeremyevans)

    • 👍 Allow unlock account to optionally require the user's current password (jeremyevans)

    • ➕ Add support for running on Microsoft SQL Server with database functions for authentication (jeremyevans)

    • 0️⃣ Make change password, change login, and close account require the user's current password by default (jeremyevans)

    • ➕ Add rodauth.csrf_tag to make it easy to replace the CSRF tag implementation (jeremyevans)

    • Switch unlock_account_autologin? to be true by default (jeremyevans)

    • ➕ Add rodauth.authenticated? and .require_authentication (jeremyevans)

    • ➕ Add recovery_codes feature, for single use codes that can be used if TOTP authentication is not available (jeremyevans)

    • ➕ Add otp feature, for 2 factor authentication via TOTP (jeremyevans)

    • ➕ Add support for running on MySQL with database functions for authentication (jeremyevans)

    • Add *_interval and set_deadline_values? methods for setting deadline intervals on a per-request basis (jeremyevans)

    • Add remember_deadline_column method for overriding the column used for storing the deadline (jeremyevans)

    • ➕ Add rodauth/migrations file for DRYing up the database function creation (jeremyevans)

    • ➕ Add Rodauth.version for getting the version (jeremyevans)

    • 🔌 External features should now be requirable via rodauth/features/feature_name instead of roda/plugins/rodauth/feature_name (jeremyevans)

    • 🔌 Make Rodauth top level module instead of under Roda::RodaPlugins (jeremyevans)

    • 🔧 Require mail at configure time instead of run time if using a feature that sends email, use require_mail? false to disable (jeremyevans)

    • 🔧 Require bcrypt at configure time instead of run time, use require_bcrypt? false to disable (jeremyevans)

    • Always require securerandom (jeremyevans)

    • 👉 Make remember, password reset, and lockout features work on non-PostgreSQL databases (jeremyevans)

    • 👌 Support authentication without database functions when password hashes are stored in separate table (jeremyevans)

    • ✂ Remove overriding of route/get/post blocks (jeremyevans)

    • ⚡️ Make lockout feature work on databases not supporting UPDATE RETURNING (jeremyevans)

    • ➕ Add timing safe comparison of tokens (jeremyevans)

  • v0.10.0

    February 17, 2016
    • Retrieve salt from database and compute hash client side, instead of computing hash on server (jeremyevans)
  • v0.9.1

    August 13, 2015
    • 🔌 Don't use csrf plugin automatically (jeremyevans)
  • v0.9.0

    August 12, 2015
    • 🎉 Initial public release