Shield v0.5.0 Release Notes

Release Date: 2020-12-01 // 6 months ago
  • ➕ Added

    • Integrate Pwned Passwords
    • ➕ Add login idle timeout
    • Validate the existence of records for foreign keys in save operations
    • Add Avram::Validations.validate_not_pwned
    • Add Avram::Validations.validate_http_url
    • Add Avram::Validations.validate_domain_label
    • ➕ Add Avram::Validations.validate_slug
    • Add Avram::Validations.validate_exists_by_id
    • Add Avram::Validations.validate_positive_number
    • Add Avram::Validations.validate_negative_number
    • ➕ Add Shield::SetToken operation mixin
    • ➕ Add Shield::AuthenticationColumns#inactive?

    🔄 Changed

    • Split action helpers and pipes into modules that may be used independently
    • Rename Avram::Validations.validate_subdomain to .validate_domain_label
    • Rename bearer_login_id attributes in basic operations to id
    • Rename email_confirmation_id attributes in basic operations to id
    • 📇 Rename login_id attributes in basic operations to id
    • Rename password_reset_id attributes in basic operations to id
    • 📇 Rename user_id attributes in basic operations to id
    • Convert Shield::DeleteSession(U) to a non-generic Shield::DeleteSession

Previous changes from v0.4.0

  • In memory of Flt. Lt. J. J. Rawlings, who passed away today. May his soul rest in peace.

    ➕ Added

    • Add Bearer authentication (RFC 6750).
    • Add more Avram validation helpers
    • ➕ Add documentation on integration with third-party authorization shards
    • ➕ Add Shield::SetSession and Shield::DeleteSession operation mixins
    • ➕ Add Shield::IpAddressColumn model mixin
    • ➕ Add Shield::NotifyLogin operation mixin
    • ➕ Add Shield::NotifyPasswordChange operation mixin
    • ➕ Add Shield::HasManyBearerLogins model association mixin
    • ➕ Add Shield::HasManyLogins model association mixin
    • ➕ Add Shield::HasManyPasswordResets model association mixin
    • ➕ Add Shield::HasOneUserOptions model association mixin
    • ➕ Add Shield::BelongsToUser model association mixin
    • ➕ Add Shield::HasOneCreateSaveUserOptions and Shield::HasOneUpdateSaveUserOptions operation mixins
    • ➕ Add Shield::NeverExpires operation mixin
    • ➕ Add modules to delete authentication records, as an alternative to revoking them.

    🛠 Fixed

    • 🛠 Fix wrong flash type used when deleting user fails
    • 🛠 Fix #redirect_back going back past the previous page sometimes
    • 🛠 Fix other users logged out when a given user's password changes

    🔄 Changed

    • Convert email confirmation into a database model
    • ⬆️ Upgrade default hash for message encryptor/verifier from SHA1 to SHA256
    • ➕ Add user : User parameter to Shield::AuthorizationPipes#authorize?
    • 0️⃣ Return 403 status code, by default, for denied requests.
    • 📇 Rename Shield::Logins to Shield::CurrentLogin
    • Convert EmailConfirmation#url to a class method.
    • ✂ Remove required id param from password reset URL.
    • ⚙ Remove the second parameter from all #do_run_operation_failed action methods.
    • In development and test, automatically click email confirmation and password reset links.

    ✂ Removed

    • ✂ Remove password_confirmation fields
    • ✂ Remove status column from authentication models
    • ✂ Remove Shield::Error