Shield v0.5.0 Release Notes
Release Date: 2020-12-01 // almost 4 years ago-
➕ Added
- Integrate Pwned Passwords
- ➕ Add login idle timeout
- Validate the existence of records for foreign keys in save operations
- Add
Avram::Validations.validate_not_pwned
- Add
Avram::Validations.validate_http_url
- Add
Avram::Validations.validate_domain_label
- ➕ Add
Avram::Validations.validate_slug
- Add
Avram::Validations.validate_exists_by_id
- Add
Avram::Validations.validate_positive_number
- Add
Avram::Validations.validate_negative_number
- ➕ Add
Shield::SetToken
operation mixin - ➕ Add
Shield::AuthenticationColumns#inactive?
🔄 Changed
- Split action helpers and pipes into modules that may be used independently
- Rename
Avram::Validations.validate_subdomain
to.validate_domain_label
- Rename
bearer_login_id
attributes in basic operations toid
- Rename
email_confirmation_id
attributes in basic operations toid
- 📇 Rename
login_id
attributes in basic operations toid
- Rename
password_reset_id
attributes in basic operations toid
- 📇 Rename
user_id
attributes in basic operations toid
- Convert
Shield::DeleteSession(U)
to a non-genericShield::DeleteSession
Previous changes from v0.4.0
-
In memory of Flt. Lt. J. J. Rawlings, who passed away today. May his soul rest in peace.
➕ Added
- Add Bearer authentication (RFC 6750).
- Add more Avram validation helpers
- ➕ Add documentation on integration with third-party authorization shards
- ➕ Add
Shield::SetSession
andShield::DeleteSession
operation mixins - ➕ Add
Shield::IpAddressColumn
model mixin - ➕ Add
Shield::NotifyLogin
operation mixin - ➕ Add
Shield::NotifyPasswordChange
operation mixin - ➕ Add
Shield::HasManyBearerLogins
model association mixin - ➕ Add
Shield::HasManyLogins
model association mixin - ➕ Add
Shield::HasManyPasswordResets
model association mixin - ➕ Add
Shield::HasOneUserOptions
model association mixin - ➕ Add
Shield::BelongsToUser
model association mixin - ➕ Add
Shield::HasOneCreateSaveUserOptions
andShield::HasOneUpdateSaveUserOptions
operation mixins - ➕ Add
Shield::NeverExpires
operation mixin - ➕ Add modules to delete authentication records, as an alternative to revoking them.
🛠 Fixed
- 🛠 Fix wrong flash type used when deleting user fails
- 🛠 Fix
#redirect_back
going back past the previous page sometimes - 🛠 Fix other users logged out when a given user's password changes
🔄 Changed
- Convert email confirmation into a database model
- ⬆️ Upgrade default hash for message encryptor/verifier from
SHA1
toSHA256
- ➕ Add
user : User
parameter toShield::AuthorizationPipes#authorize?
- 0️⃣ Return
403
status code, by default, for denied requests. - 📇 Rename
Shield::Logins
toShield::CurrentLogin
- Convert
EmailConfirmation#url
to a class method. - ✂ Remove required
id
param from password reset URL. - ⚙ Remove the second parameter from all
#do_run_operation_failed
action methods. - In development and test, automatically click email confirmation and password reset links.
✂ Removed
- ✂ Remove
password_confirmation
fields - ✂ Remove
status
column from authentication models - ✂ Remove
Shield::Error