All Versions
Latest Version
Avg Release Cycle
34 days
Latest Release
24 days ago

Changelog History
Page 4

  • v1.21.0 Changes

    July 24, 2019
    • ๐Ÿ‘Œ Support rotp 5.1 in the otp feature (jeremyevans)

    • ๐ŸŒฒ Log user out when locking out OTP account if no fallback options available (jeremyevans)

  • v1.20.0 Changes

    June 07, 2019
    • ๐Ÿ‘Œ Support rotp 5 in the otp feature (jeremyevans)

    • โž• Add jwt_refresh feature to allow shorter lived JWTs with a refresh token for creating new JWTs (allavena, jeremyevans) (#28)

    • Fix disallow_password_reuse feature when account_password_hash_column is not set and verify_account feature is not used (cptaffe) (#59)

    • Rename no_matching_email_auth_key_message to no_matching_email_auth_key_error_flash for consistency (jeremyevans)

    • Rename no_matching_verify_login_change_key_message to no_matching_verify_login_change_key_error_flash for consistency (jeremyevans)

    • Rename attempt_to_login_to_unverified_account_notice_message to attempt_to_login_to_unverified_account_error_flash for consistency (jeremyevans)

    • Rename attempt_to_create_unverified_account_notice_message to attempt_to_create_unverified_account_error_flash for consistency (jeremyevans)

    • Rename no_matching_verify_account_key_message to no_matching_verify_account_key_error_flash for consistency (jeremyevans)

    • Rename no_matching_unlock_account_key_message to no_matching_unlock_account_key_error_flash for consistency (jeremyevans)

    • Rename no_matching_reset_password_key_message to no_matching_reset_password_key_error_flash for consistency (jeremyevans)

    • Add otp_keys_use_hmac? and otp_setup_raw_param configuration methods to the otp feature for configuring use of HMACs with OTP authentication (jeremyevans)

    • Do not set a previous account password before password has been set when using disallow_password_reuse with verify_account_set_password? (jeremyevans)

    • Add allow_raw_single_session_key? to single_session feature to allow raw single single session tokens, for graceful transition (jeremyevans)

    • Add raw_remember_token_deadline to remember feature to allow raw remember tokens before given deadline, for graceful transition (jeremyevans)

    • Add allow_raw_email_token? configuration method to email_base feature to allow raw tokens when email_token_hmac_secret is set, for graceful transition (jeremyevans)

    • โž• Add hmac_secret configuration method, used for additional security using HMACs (jeremyevans)

    • ๐Ÿ’Ž Use urlsafe base64 for new token keys on Ruby 1.8 (jeremyevans)

    • Add login_input_type configuration method for setting the input type for login inputs (jeremyevans)

    • Add formatted_field_error configuration method for formatting error messages (jeremyevans)

    • Add field_error_attributes configuration method for configuring attributes for fields with errors (jeremyevans)

    • โž• Add field_attributes configuration method for configuring attributes for specific fields (jeremyevans)

    • Add default_field_attributes configuration method to set default attributes for all input fields (jeremyevans)

    • 0๏ธโƒฃ Make error handling accessible by default using aria-invalid and aria-describedby attributes (jeremyevans)

    • Add mark_input_fields_as_required? configuration method for whether inputs should use the required attribute (jeremyevans)

    • Add input_field_error_message_class configuration method for the CSS class used for error messages (jeremyevans)

    • ๐Ÿ’… Wrap all error messages in a span so they can be styled (jeremyevans)

    • Add input_field_error_class configuration method for customizing CSS class to use for inputs with errors (jeremyevans)

    • Add input_field_label_suffix configuration method for suffixing all input labels, useful for labeling fields as required (jeremyevans)

    • Add verify_account_resend_explanatory_text configuration method to verify_account feature for configuring text (jeremyevans)

    • Add unlock_account_explanatory_text and unlock_account_request_explanatory_text configuration methods to lockout feature for configuring text (jeremyevans)

    • Add reset_password_explanatory_text configuration method to reset_password feature for configuring text (jeremyevans)

    • Add otp_provisioning_uri_label and otp_secret_label configuration methods to otp feature for configuring labels displayed during OTP setup (jeremyevans)

    • Add add_recovery_codes_heading configuration method to recovery_codes feature for configuring heading text (jeremyevans)

    • Use define_method instead of instance_exec for route dispatching for better performance (jeremyevans)

    • Add already_an_account_with_this_login_message configuration method (1gor) (#54)

  • v1.19.1 Changes

    November 16, 2018
    • ๐Ÿ‘Œ Support rotp 4 in the otp feature (jeremyevans)
  • v1.19.0 Changes

    November 16, 2018
    • ๐Ÿ‘ Avoid unneeded database queries in the two factor authentication support (jeremyevans)

    • ๐Ÿ‘Œ Add {before,after}_verify_login_change_email configuration methods, called around sending the verify login change email (jeremyevans)

    • Add after_account_lockout configuration method, called after locking out an account (jeremyevans)

    • Add default_post_email_redirect configuration method, setting default for all redirects after emailing when not logged in (jeremyevans)

    • Gracefully handle failure when new login is already taken in the verify_login_change feature (jeremyevans)

    • ๐Ÿ‘Œ Support optional email rate limiting in the lockout, reset password, and verify account features (jeremyevans)

    • Make MySQL rodauth_get_salt function handle accounts without password hashes (jeremyevans)

    • โž• Add email_auth feature, for authentication using links sent via email (jeremyevans)

    • Deprecate before_otp_authentication_route, users should switch to before_otp_auth_route (jeremyevans)

    • Add use_multi_phase_login? configuration method to login feature, separating login entry from password entry (jeremyevans)

    • Don't disable use of date_arithmetic extension on !MySQL when using lockout, remember, or reset password features (jeremyevans)

  • v1.18.0 Changes

    July 18, 2018
    • Add confirm_password_redirect_session_key configuration method to confirm_password feature (jeremyevans)

    • ๐Ÿ”Œ Work with Roda sessions plugin, using string keys for session information if that is used (jeremyevans)

    • Add flash_error_key and flash_notice_key configuration for setting keys used in flash (jeremyevans)

  • v1.17.0 Changes

    June 11, 2018
    • ๐Ÿ‘Œ Support Roda route_csrf plugin for request-specific CSRF tokens (jeremyevans)
  • v1.16.0 Changes

    March 09, 2018
    • Add disallow_common_passwords feature, for disallowing the usage of the most common passwords (jeremyevans)

    • โœ‚ Remove calling request [] method to get request param values, as it is deprecated in the current version of rack (jeremyevans)

  • v1.15.0 Changes

    January 29, 2018
    • Add create_account_set_password? and verify_account_set_password? methods to delay setting password until account verification (jeremyevans)
  • v1.14.0 Changes

    December 19, 2017
    • Don't allow unlocking expired accounts when using account_expiration and lockout features (jeremyevans)

    • Don't allow resetting passwords for expired accounts when using account_expiration and reset_password features (jeremyevans)

    • Add change_password_notify feature for emailing when user uses change password feature (jeremyevans)

  • v1.13.0 Changes

    November 21, 2017
    • Add json_response_body(hash) configuration method to jwt feature (jeremyevans)

    • Support invalid_previous_password_message configuration method in change_password feature (jeremyevans)

    • Use custom error statuses if only_json? and json_response_custom_error_status? are true even if request isn't in json format (jeremyevans)

    • โž• Add cache_templates configuration method for disabling caching of templates (adam12, jeremyevans) (#46)