View Source Changelog
v1.0.36 (2024-02-07)
Bug fixes
- [
Pow.Phoenix.ViewHelpers
] Now ensures format for layouts in Phoenix 1.7 is conformed to preventconflicting layouts found
warnings
v1.0.35 (2024-01-04)
Handles Elixir 1.16 deprecations.
Enhancements
- [
Pow.Ecto.Schema.Changeset
] Now handles MFA for:password_hash_verify
- [
Pow.Ecto.Schema.Changeset
] Now handles MFA for:email_validator
Deprecations
- [
Pow.Ecto.Schema.Changeset
] Deprecated:password_hash_methods
in favor of:password_hash_verify
v1.0.34 (2023-09-18)
Note: This release contains an important security fix. It is recommended to update immediately if you are using the Pow.Store.Backend.MnesiaCache
.
Bug fixes
- [
Pow.Store.Backend.MnesiaCache
] Fixed bug where expired cached keys are not invalidated on startup
v1.0.33 (2023-09-05)
Bug fixes
- [
Pow.Phoenix.Controller
] Fixed regression bug withPhoenix.View
and:namespace
option - [
Pow.Phoenix.ViewHelpers
] Now falls back to view named modules to prevent upgrade issues
v1.0.32 (2023-08-30)
Removed deprecation warnings for Elixir 1.15.
Bug fixes
- [
Pow.Phoenix.Controller
] Now usesPhoenix.View
when it's available with:namespace
option to prevent upgrade issues
v1.0.31 (2023-06-09)
Bug fixes
- [
Pow.Phoenix.Mailer.Mail
] Now renders html and text correctly in fallback mode for deprecated MailView
v1.0.30 (2023-04-28)
Bug fixes
- [
Pow
] Ensure the dependency is loaded before matching version inPow.dependency_vsn_match?/2
v1.0.29 (2023-03-21)
This version is updated to work with Phoenix 1.7, in particular using the new template components structure. All views have been removed, and Pow no longer requires the phoenix_view
dependency.
Now requires Elixir 1.12+.
Enhancements
- [
Pow.Phoenix.Mailer.Mail
] Revamped to conform to template component structure of Phoenix 1.7 - [
Pow.Phoenix.Template
] Now renders Tailwind based template components on Phoenix 1.7
Deprecations
- [
Pow.Phoenix.Mailer.Mail
] Deprecated:pow_mailer_layout
in favor of:pow_mailer_layouts
- [
Mix.Pow.Phoenix.Mailer
] RemovedMix.Pow.Phoenix.Mailer.create_view_file/5
- [
Mix.Pow.Phoenix.Mailer
] RemovedMix.Pow.Phoenix.Mailer.create_templates/4
- [
Mix.Pow.Phoenix
] RemovedMix.Pow.Phoenix.create_view_file/4
v1.0.28 (2023-03-17)
Enhancements
- [
Mix.Pow
]Mix.Pow.parse_options/3
now merges option defaults with:otp_app, :generators
configuration - [
Mix.Pow.Mix.Tasks.Pow.Phoenix.Mailer.Gen.Templates
] Now injectsconfig/config.exs
andWEB_PATH/WEB_APP.ex
- [
Mix.Pow.Mix.Tasks.Pow.Phoenix.Gen.Templates
] Now injectsconfig/config.exs
- [
Mix.Tasks.Pow.Phoenix.Install
] Now injectsconfig/config.exs
,WEB_PATH/endpoint.ex
, andWEB_PATH/router.ex
- [
Pow.Phoenix.Router
] Updated to support Phoenix 1.7 breaking changes - [
Pow.Phoenix.Template
] Updated to support Phoenix 1.7 verified routes - [
Pow.Phoenix.Routes
] Updated to support Phoenix 1.7 verified routes - [
Pow.Phoenix.ViewHelpers
] Updated to handle Phoenix 1.7 components layout
Bug fixes
:phoenix
removed from the compilers
Documentation
- Updated api guide to correctly return updated
conn
for delete calls
v1.0.27 (2022-04-27)
Now supports ecto_sql
3.8.x and requires Elixir 1.11+.
Enhancements
- [
Pow.Ecto.Schema
] has been refactored to conform the@pow_fields
and@pow_assocs
attributes with separate migration options
v1.0.26 (2021-11-06)
Enhancemnets
- [
Pow.Store.Backend.MnesiaCache.Unsplit
] The unsplit module will now initialize the Mnesia cluster when nodes are connected lazily by resetting the Mnesia schema
Bug fixes
- [
Pow.Store.Backend.MnesiaCache
] Now properly handles Mnesia application start errors
Documentation
- Updated api guide to use
Plug.Conn.register_before_send/2
for token writes
v1.0.25 (2021-09-26)
Now supports Phoenix 1.6.x, and phoenix_html
3.x.x.
Enhancements
- [
Pow.Ecto.Schema.Fields
] The:password_hash
,:current_password
, and:password
fields now haveredact: true
option set - [
Pow.Phoenix.Controller
]Pow.Phoenix.Controller.action/3
now properly handles{:halt, conn}
returned in thebefore_process
callback - [
Pow.Store.Backend.EtsCache
] Now does synchronous writes unlesswrites: :async
is passed in config options - [
Pow.Store.Backend.MnesiaCache
] Now does synchronous writes unlesswrites: :async
is passed in config options
Bug fixes
- [
Pow.Operations
]Pow.Operations.fetch_primary_key_values/2
now ensures that module exists and is loaded before deriving primary keys
Documentation
- Updated redis guide to use synchronous writes unless
writes: :async
is passed in config options - Updated redis guide to use optimized lookups with sorted keys
v1.0.24 (2021-05-27)
Enhancements
- [
Pow.Store.Backend.MnesiaCache
] Now acceptsextra_db_nodes: {module, function, arguments}
to fetch nodes when MnesiaCache starts up - [
PowEmailConfirmation.Phoenix.Messages
] AddedPowEmailConfirmation.Phoenix.Messages.invalid_token/1
- [
Pow.Store.CredentialsCache
] Now outputs an IO warning when a:ttl
longer than 30 minutes is used
Bug fixes
- [
Pow.Store.Backend.MnesiaCache
] Now handles initialization errors
v1.0.23 (2021-03-22)
Enhancements
- [
Pow.Ecto.Context
] No longer automatically reloads the struct after insert or update - [
PowInvitation.Ecto.Schema
] AddedPowInvitation.Ecto.Schema.invitation_token_changeset/1
- [
PowInvitation.Ecto.Schema
] AddedPowInvitation.Ecto.Schema.invited_by_changeset/2
- [
Pow.Ecto.Schema.Password.Pbkdf2
] Now uses:crypto.mac/4
if available to support OTP 24 - [
PowEmailConfirmation.Phoenix.ControllerCallbacks
] Now returns:info
instead of:error
message for when the user has to confirm their email
Bug fixes
- [
Pow.Store.Backend.MnesiaCache
] No longer triggers Elixir 1.11 dependency warnings
v1.0.22 (2021-01-27)
This release introduces a deprecation for the default API guide implementation. Please check migration section below.
Enhancements
- [
PowPersistentSession.Plug.Cookie
] Now stores the user struct instead of clauses - [
PowPersistentSession.Plug.Base
] Now includes:pow_config
in the store config - [
PowResetPassword.Plug
] Now includes:pow_config
in the store config - [
Pow.Plug.Base
] Now includes:pow_config
in the store config - [
Pow.Operations
] AddedPow.Operations.reload/2
to reload structs - [
PowPersistentSession.Store.PersistentSessionCache
] UpdatePowPersistentSession.Store.PersistentSessionCache.get/2
to reload the user usingPow.Operations.reload/2
- [
Pow.Store.CredentialsCache
] Now supportreload: true
configuration so once fetched from the cache the user object will be reloaded through the context module
Documentation
- Updated the API guide as it's no longer necessary to load the user struct
Migration
If you've used an API setup for previous version, you'll see the warning PowPersistentSession.Store.PersistentSessionCache.get/2 call without `:pow_config` in second argument is deprecated, refer to the API guide.
. It's recommended to replace your APIAuthPlug
with the updated version in the API guide.
The larger refactor of cache setup in Pow v1.0.22
means that user struct is always expected to be passed in and returned by the stores, so it is no longer necessary to load the user in the API plug. The PowPersistentSession.Store.PersistentSessionCache
has fallback logic to handle the deprecated clauses keyword list, and will load the user correctly.
v1.0.21 (2020-09-13)
Enhancements
- [
Pow.Plug.Base
] Will now use the existing:pow_config
in theconn
when no plug options has been set - [
PowInvitation.Phoenix.InvitationController
] Fixed bug where user was incorrectly redirected to the show action with unsigned token when user struct has no e-mail - [
Pow.Ecto.Schema
] Now only emits warning for primitive Ecto types
Bug fixes
- [
PowEmailConfirmation.Ecto.Schema
]PowEmailConfirmation.Ecto.Schema.changeset/3
no longer sets the email to the unconfirmed email when the same email change is set twice - [
Pow.Extension.Phoenix.Messages
] Fixed fallback message dializer warning - [
Pow.Ecto.Context
] Fixed bug where the macro didn't add:users_context
to the Pow config in the module resulting inPow.Ecto.Context.get_by/2
being called instead ofget_by/1
in the custom context - [
Pow.Ecto.Schema.Changeset
] ThePow.Ecto.Schema.Changeset.validate_email/1
method has been improved per specifications to support wider unicode support, fully-qualified domain validation, and comments
v1.0.20 (2020-04-22)
Now supports Phoenix 1.5, and requires Elixir 1.7 or higher.
Enhancements
- [
Mix.Tasks.Pow.Extension.Phoenix.Gen.Templates
]mix pow.extension.phoenix.gen.templates
now dynamically loads template list from the extension base module - [
PowResetPassword.Plug
]PowResetPassword.Plug.load_user_by_token/2
now sets a:pow_reset_password_decoded_token
key inconn.private
that will be used inPowResetPassword.Plug.update_user_password/2
v1.0.19 (2020-03-13)
Warning: This release will now sign and verify all tokens, causing previous tokens to no longer work. Any sessions and persistent sessions will be invalidated.
Enhancements
- [
Pow.Plug.Session
] Now sets a global lock when renewing the session - [
PowPersistentSession.Plug.Cookie
] Now sets a global lock when authenticating the user - [
PowEmailConfirmation.Plug
] AddedPowEmailConfirmation.Plug.sign_confirmation_token/2
to sign theemail_confirmation_token
to prevent timing attacks - [
PowEmailConfirmation.Plug
] AddedPowEmailConfirmation.Plug.load_user_by_token/2
to verify the signedemail_confirmation_token
to prevent timing attacks - [
PowEmailConfirmation.Plug
] AddedPowEmailConfirmation.Plug.confirm_email/2
with map as second argument - [
PowInvitation.Plug
] AddedPowInvitation.Plug.sign_invitation_token/2
to sign theinvitation_token
- [
PowInvitation.Plug
] AddedPowInvitation.Plug.load_invited_user_by_token/2
to verify the signedinvitation_token
to prevent timing attacks - [
PowResetPassword.Plug
] ChangedPowResetPassword.Plug.create_reset_token/2
to sign the:token
- [
PowResetPassword.Plug
] AddedPowResetPassword.Plug.load_user_by_token/2
to verify the signed token to prevent timing attacks - [
PowResetPassword.Plug
] ChangedPowResetPassword.Plug.update_user_password/2
so it decodes the signed token - [
PowPersistentSession.Plug.Cookie
] Now uses signed tokens to prevent timing attacks - [
Pow.Plug.Session
] Now uses signed session ID's to prevent timing attacks - [
Pow.Plug
] AddedPow.Plug.sign_token/4
to sign tokens - [
Pow.Plug
] AddedPow.Plug.verify_token/4
to decode and verify signed tokens - [
Pow.Plug.MessageVerifier
] AddedPow.Plug.MessageVerifier
module to sign and verify messages - [
PowEmailConfirmation.Ecto.Context
] AddedPowEmailConfirmation.Ecto.Context.confirm_email/3
- [
PowEmailConfirmation.Ecto.Schema
] Addedconfirm_email_changeset/2
andpow_confirm_email_changeset/2
to the macro - [
PowEmailConfirmation.Ecto.Schema
] AddedPowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2
- [
PowInvitation.Ecto.Schema
] Addedaccept_invitation_changeset/2
andpow_accept_invitation_changeset/2
to the macro - [
PowResetPassword.Ecto.Schema
] Addedreset_password_changeset/2
andpow_reset_password_changeset/2
to the macro - [
Pow.Ecto.Schema
] Now emits a warning instead of raising error with missing fields/associations
Deprecations
- [
PowEmailConfirmation.Plug
]PowEmailConfirmation.Plug.confirm_email/2
with token param as second argument has been deprecated in favor ofPowEmailConfirmation.Plug.load_user_by_token/2
, andPowEmailConfirmation.Plug.confirm_email/2
with map as second argument - [
PowInvitation.Plug
]PowInvitation.Plug.invited_user_from_token/2
has been deprecated in favor ofPowInvitation.Plug.load_invited_user_by_token/2
- [
PowInvitation.Plug
]PowInvitation.Plug.assign_invited_user/2
has been deprecated - [
PowResetPassword.Plug
]PowResetPassword.Plug.user_from_token/2
has been deprecated in favor ofPowResetPassword.Plug.load_user_by_token/2
- [
PowResetPassword.Plug
]PowResetPassword.Plug.assign_reset_password_user/2
has been deprecated - [
PowEmailConfirmation.Ecto.Context
]PowEmailConfirmation.Ecto.Context.confirm_email/2
deprecated in favor ofPowEmailConfirmation.Ecto.Context.confirm_email/3
- [
PowEmailConfirmation.Ecto.Schema
]PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/1
deprecated in favor ofPowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2
Documentation
- Updated the API guide with signed tokens
v1.0.18 (2020-02-14)
Bug fixes
- [
Pow.Phoenix.Routes
] Fixed bug where callback route methods is not using the overridden method - [
PowPersistentSession.Plug.Cookie
]PowPersistentSession.Plug.Cookie.delete/2
now correctly pulls token during:before_send
callback - [
Pow.Plug.Session
]Pow.Plug.Session.delete/2
now correctly pulls session id during:before_send
callback soPowEmailConfirmation
will remove set session
v1.0.17 (2020-02-04)
Enhancements
- [
Pow.Ecto.Context
] Calls toPow.Ecto.Context.get_by/2
replaced withPow.Operations.get_by/2
so custom users context module can be used. The following methods has been updated:Pow.Ecto.Context.authenticate/2
PowEmailConfirmation.Ecto.Context.get_by_confirmation_token/2
PowInvitation.Ecto.Context.get_by_invitation_token/2
PowResetPassword.Ecto.Context.get_by_email/2
- [
Pow.Ecto.Schema.Changeset
]Pow.Ecto.Schema.Changeset.confirm_password_changeset/3
now adds the defaultEcto.Changeset.validate_confirmation/3
error instead of the previousnot same as password
error - [
Pow.Ecto.Schema.Changeset
]Pow.Ecto.Schema.Changeset.confirm_password_changeset/3
now uses theEcto.Changeset.validate_confirmation/3
for validation and expects:password_confirmation
instead of:confirm_password
in params - [
Pow.Ecto.Schema.Changeset
]Pow.Ecto.Schema.Changeset.new_password_changeset/3
now only requires the:password_hash
if there have been no previous errors set in the changeset - [
Pow.Ecto.Schema
] No longer adds:confirm_password
virtual field - [
Pow.Ecto.Schema
] Now has an@after_compile
callback that ensures all required fields has been defined - [
PowInvitation.Phoenix.InvitationView
] Now renders:password_confirmation
field instead of:confirm_password
- [
PowResetPassword.Phoenix.ResetPasswordView
] Now renders:password_confirmation
field instead of:confirm_password
- [
Pow.Phoenix.RegistrationView
] Now renders:password_confirmation
field instead of:confirm_password
- [
PowEmailConfirmation.Ecto.Schema
] No longer validates if:email
has been taken before setting:unconfirmed_email
- [
PowEmailConfirmation.Phoenix.ControllerCallbacks
] Now prevents user enumeration forPowInvitation.Phoenix.InvitationController.create/2
- [
PowPersistentSession.Plug.Cookie
] Changed default cookie name topersistent_session
- [
PowPersistentSession.Plug.Cookie
] Removed renewal of cookie as the token will always expire - [
PowPersistentSession.Plug.Cookie
] No longer expires invalid cookies - [
Pow.Operations
] AddedPow.Operations.fetch_primary_key_values/2
- [
PowPersistentSession.Plug.Base
] Now registers:before_send
callbacks - [
PowPersistentSession.Plug.Cookie
] Now updates cookie and backend store in:before_send
callback - [
Pow.Plug.Base
] Now registers:before_send
callbacks - [
Pow.Plug.Session
] Now updates plug session and backend store in:before_send
callback - [
Pow.Plug
] AddedPow.Plug.create/3
- [
Pow.Plug
] AddedPow.Plug.delete/2
Removed
- [
PowResetPassword.Phoenix.ResetPasswordController
] Will no longer prevent information leak by checking ifPowEmailConfirmation
or registration routes are enabled; instead it'll by default prevent user enumeration, but can be disabled ifpow_prevent_user_enumeration: false
is set inconn.private
Bug fixes
- [
PowPersistentSession.Plug.Base
] With custom:persistent_session_store
now falls back to:cache_store_backend
configuration option - [
PowResetPassword.Plug
] With custom:reset_password_token_store
now falls back to:cache_store_backend
configuration option - [
Pow.Plug.Base
] With custom:credentials_cache_store
now falls back to:cache_store_backend
configuration option
Deprecations
- [
Pow.Ecto.Changeset
]Pow.Ecto.Schema.Changeset.confirm_password_changeset/3
has deprecated use of:confirm_password
in params in favor of:password_confirmation
- [
Pow.Plug.Session
]:session_store
option has been renamed to:credentials_cache_store
- [
Pow.Plug
]Pow.Plug.clear_authenticated_user/1
deprecated in favor ofPow.Plug.delete/1
v1.0.16 (2020-01-07)
Note: This release contains an important security fix.
Enhancements
- [
PowPersistentSession.Plug.Cookie
] Now supports:persistent_session_cookie_opts
to customize any options that will be passed on toPlug.Conn.put_resp_cookie/4
- [
PowResetPassword.Phoenix.ResetPasswordController
] Now usesPowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1
with a generic response that tells the user the email has been sent only if an account was found - [
PowResetPassword.Phoenix.ResetPasswordController
] When a user doesn't exist will now return success message ifPowEmailConfirmation
extension is enabled - [
PowResetPassword.Phoenix.Messages
] AddedPowResetPassword.Phoenix.Messages.maybe_email_has_been_sent/1
and letPowResetPassword.Phoenix.Messages.email_has_been_sent/1
fall back to it - [
PowEmailConfirmation.Phoenix.ControllerCallbacks
] When a user tries to sign up and the email has already been taken the default e-mail confirmation required message will be shown - [
Pow.Plug.Session
] Now renews the Plug session each time the Pow session is created or rolled
Bug fixes
- [
Pow.Ecto.Schema.Changeset
] Fixed bug wherePow.Ecto.Schema.Changeset.user_id_field_changeset/3
update withnil
value caused an exception to be raised - [
PowPersistentSession.Plug.Cookie
] Now expires the cookie 10 seconds after the last request when authenticating to prevent multiple simultaneous requests deletes the cookie immediately
Documentation
- Added mailer rate limitation section to production checklist guide
- [
Pow.Plug.Session
] Added section on session expiration to the docs - Updated instructions in umbrella project guide to Elixir 1.9
- [
Pow.Store.Backend.Base
] Updated usage example with Cachex - Added security practices page
v1.0.15 (2019-11-20)
Enhancements
- [
Pow.Extension.Base
] Extensions are now expected to have a base module with compile-time information whether certain modules are available to prevent unnecessaryCode.ensure_compiled?/1
calls:- Added
Pow.Extension.Base
module - Added
PowEmailConfirmation
module - Added
PowInvitation
module - Added
PowPersistentSession
module - Added
PowResetPassword
module
- Added
- [
PowPersistentSession.Plug.Cookie
] Added support for custom metadata:PowPersistentSession.Plug.Cookie.create/3
now stores a metadata keyword list that can be populatedPowPersistentSession.Plug.Cookie.create/3
will now, instead of adding:session_fingerprint
to the metadata, populate the:session_metadata
keyword list with:fingerprint
PowPersistentSession.Plug.Cookie.authenticate/2
will now populate session metadata with what exists in:session_metadata
key for the persistent session metadataPowPersistentSession.Plug.Cookie.create/3
now ensures to delete the previous persistent session first, if one is found in cookies
- [
Pow.Extension.Config
] AddedPow.Extension.Config.extension_modules/2
Bug fixes
- [
Router.Phoenix.Router
] Fixed bug where resource routes were not filtered correctly according to the path bindings
Deprecations
v1.0.14 (2019-10-29)
Changes
- Changed minmum password length to 8 (OWASP/NIST recommendations)
Pow.Phoenix.Router
now only filters routes that has equal number of bindingsPow.Phoenix.Routes.user_not_authenticated_path/1
now only puts the:request_path
param if the request is using "GET" method- The stores has been refactored so the command conforms with ETS store. This means that put commands now accept
{key, value}
record element(s), and keys may be list for easier lookup.Pow.Store.Backend.Base
behaviour now requires to;- Accept
Pow.Store.Backend.Base.record/0
values forput/2
- Accept
Pow.Store.Backend.Base.key/0
fordelete/2
andget/2
- Implement
all/2
- Remove
keys/1
- Remove
put/3
- Accept
Pow.Store.Backend.EtsCache
now uses:ordered_set
instead of:set
for efficiencyPow.Store.Backend.MnesiaCache
now uses:ordered_set
instead of:set
for efficiencyPow.Store.Backend.MnesiaCache
will delete all binary key records when initializedPow.Store.Base
behaviour now requires to;- Accept erlang term value for keys in all methods
- Implement
put/3
instead ofput/4
- Implement
delete/2
instead ofput/3
- Implement
get/2
instead ofput/3
- Remove
keys/2
Pow.Store.Base.all/3
addedPow.Store.Base.put/3
addedPow.Store.Base
will use binary key rather than key list ifall/2
doesn't exist in the backend cache- Added
Pow.Store.CredentialsCache.users/2
- Added
Pow.Store.CredentialsCache.sessions/2
Pow.Store.CredentialsCache
now adds a session key rather than appending to a list for the user key to prevent race condition
Pow.Plug.Session.create/3
now stores a keyword list with metadata for the session rather than just a timestampPow.Plug.Session.fetch/2
andPow.Plug.Session.create/3
now assigns:pow_session_metadata
inconn.private
with the session metadataPow.Plug.Session.create/3
will use the metadata found inconn.private[:pow_session_metadata]
if it exists and otherwise add a randomly unique id for:fingerprint
PowPersistentSession.Plug.Cookie.create/3
will use the value ofconn.private[:pow_session_metadata][:fingerprint]
if it exists as:session_fingerprint
in the persistent session metadataPowPersistentSession.Plug.Cookie.authenticate/2
will assign:fingerprint
toconn.private[:pow_session_metadata]
if it exists in the persistent session metadataPow.Store.CredentialsCache.put/3
will invalidate any other sessions with the same:fingerprint
if any is set in session metadataPowResetPassword.Phoenix.ResetPasswordController.create/2
when a user doesn't exist will now only return success message if the registration routes has been disabled, otherwise the form with an error message will be returned- Added
PowResetPassword.Phoenix.Messages.user_not_found/1
Bug fixes
- Fixed bug where
Pow.Store.CredentialsCache
wasn't used due to howPow.Store.Base
macro worked - Fixed bug where
PowEmailConfirmation.Phoenix.ControllerCallbacks
couldn't deliver email
Deprecations
- Deprecated
Pow.Store.Backend.EtsCache.keys/1
- Deprecated
Pow.Store.Backend.EtsCache.put/3
- Deprecated
Pow.Store.Backend.MnesiaCache.keys/1
- Deprecated
Pow.Store.Backend.MnesiaCache.put/3
- Deprecated
Pow.Store.Base.keys/2
- Deprecated
Pow.Store.Base.put/4
- Deprecated
Pow.Store.CredentialsCache.user_session_keys/3
- Deprecated
Pow.Store.CredentialsCache.sessions/3
v1.0.13 (2019-08-25)
- Updated
PowEmailConfirmation.Ecto.Schema.changeset/3
so;- when
:email
is identical to:unconfirmed_email
it won't generate new:email_confirmation_token
- when
:email
is identical to the persisted:email
value both:email_confirmation_token
and:unconfirmed_email
will be set tonil
- when there is no
:email
value in the params nothing happens
- when
- Updated
PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/1
so now:email_confirmation_token
is set tonil
- Updated
Pow.Ecto.Schema.Changeset.user_id_field_changeset/3
so the e-mail validator now accepts unicode e-mails - Added
PowEmailConfirmation.Ecto.Context.current_email_unconfirmed?/2
andPowEmailConfirmation.Plug.pending_email_change?/1
- Added
:email_validator
configuration option toPow.Ecto.Schema.Changeset
- Added
Pow.Ecto.Schema.Changeset.validate_email/1
- Fixed bug in
PowEmailConfirmation.Phoenix.ControllerCallbacks.send_confirmation_email/2
where the confirmation e-mail wasn't send to the updated e-mail address
v1.0.12 (2019-08-16)
- Added API integration guide
- Added
:reset_password_token_store
configuration setting - To prevent timing attacks,
Pow.Ecto.Context.authenticate/2
now verifies password on a blank user struct when no user can be found for the provided user id, but will always return nil. The blank user struct has a nil:password_hash
value. The struct will be passed along with a blank password to theverify_password/2
method in the user schema module. - To prevent timing attacks, when
Pow.Ecto.Schema.Changeset.verify_password/3
receives a struct with a nil:password_hash
value, it'll hash a blank password, but always return false. - To prevent timing attacks, the UUID is always generated in
PowResetPassword.Plug.create_reset_token/2
whether the user exists or not. PowPersistentSession.Plug.Base
now accepts:persistent_session_ttl
which will pass the TTL to the cache backend and used for the max age of the sesion cookie inPowPersistentSession.Plug.Cookie
- Deprecated
:persistent_session_cookie_max_age
configuration setting Pow.Store.Backend.MnesiaCache
can now auto join clustersPow.Store.Backend.MnesiaCache.Unsplit
module added for self-healing after network split- Removed
:nodes
config option forPow.Store.Backend.MnesiaCache
v1.0.11 (2019-06-13)
- Fixed bug in router filters with Phoenix 1.4.7
v1.0.10 (2019-06-09)
- Prevent browser cache of
Pow.Phoenix.SessionController.new/2
,Pow.Phoenix.RegistrationController.new/2
andPowInvitation.Phoenix.InvitationController.edit/2
by setting "Cache-Control" header unless it already has been customized - All links in docs generated with
mix docs
and on hexdocs.pm now works - Generated docs now uses lower case file name except for
README
,CONTRIBUTING
andCHANGELOG
- Removed duplicate call for
Pow.Plug.Session.delete/2
inPow.Plug.Sesssion.create/3
v1.0.9 (2019-06-04)
Changes
Pow.Phoenix.Router
will now only add specific routes if there is no matching route already defined- Added
Pow.Plug.get_plug/1
and instead of:mod
,:plug
is used in config Pow.Ecto.Context.authenticate/2
now returns nil if user id or password is nil
Bug fixes
- Fixed bug with exception raised in
Pow.Ecto.Schema.normalize_user_id_field_value/1
when callingPow.Ecto.Context.get_by/2
with a non binary user id - Fixed bug with exception raised in
Pow.Ecto.Schema.normalize_user_id_field_value/1
when callingPow.Ecto.Context.authenticate/2
with a non binary user id
Deprecations
- Deprecated
Pow.Plug.get_mod/1
- Removed call to
Pow.Ecto.Context.repo/1
v1.0.8 (2019-05-24)
Changes
- Added support for layout in mails with
Pow.Phoenix.Mailer.Mail
by settingconn.private[:pow_mailer_layout]
same way as the Phoenix layout withconn.private[:phoenix_layout]
- Added
:prefix
repo opts support to use in multitenant apps - Removed
@changeset.data.__struct__.pow_user_id_field()
in template in favor of usingPow.Ecto.Schema.user_id_field/1
Bug fixes
- Fixed bug in
Pow.Ecto.Schema.Changeset.current_password_changeset/3
where an exception would be thrown if the virtual:current_password
field of the user struct was set and either the:current_password
change was blank or identical
Deprecations
- Deprecated
Mix.Pow.Ecto.Migration.create_migration_files/3
and moved it toMix.Pow.Ecto.Migration.create_migration_file/3
- Deprecated
Pow.Ecto.Context.repo/1
and moved it toPow.Config.repo!/1
- Deprecated
Pow.Ecto.Context.user_schema_mod/1
and moved it toPow.Config.user!/1
v1.0.7 (2019-05-01)
- Fixed bug with Phoenix 1.4.4 scoped routes
v1.0.6 (2019-04-19)
- Fixed bug where custom layout setting raised exception in
Pow.Phoenix.ViewHelpers.layout/1
- Prevent users from changing their email to one already taken when the PowEmailConfirmation extension has been enabled
v1.0.5 (2019-04-09)
- Added
extension_messages/1
to extension controllers and callbacks - Improved feedback for when no templates are generated for an extension with
mix pow.extension.phoenix.gen.templates
andmix pow.extension.phoenix.mailer.gen.templates
tasks - Error flash is no longer overridden in
Pow.Phoenix.PlugErrorHandler
if the error message is nil - Fixed bug in the migration generator where
references/2
wasn't called with options - Support any
:plug
version below2.0.0
- Deprecated
Pow.Extension.Ecto.Context.Base
v1.0.4 (2019-03-13)
- Added
PowInvitation
to themix pow.extension.phoenix.gen.templates
andmix pow.extension.phoenix.mailer.gen.templates
tasks - Fixed issue in umbrella projects where extensions wasn't found in environment configuration
- Fixed so
:namespace
environment config can be used as web app module name - Shell instructions will only be printed if the configuration is missing
- Now requires that
:ecto
or:phoenix
are included in the dependency list for the app to run respective mix tasks - Deprecated
Mix.Pow.context_app/0
- Deprecated
Mix.Pow.ensure_dep!/3
- Deprecated
Mix.Pow.context_base/1
v1.0.3 (2019-03-09)
Changes
- Added
PowInvitation
extension - Added support in
Pow.Ecto.Schema
for Ecto associations fields - Added support for adding custom methods with
Pow.Extension.Ecto.Schema
through__using__/1
macro in extension ecto schema module - Help information raised with invalid schema arguments for
pow.install
,pow.ecto.install
,pow.ecto.gen.migration
, andpow.ecto.gen.schema
mix tasks PowEmailConfirmation
now redirects unconfirmed users toafter_registration_path/1
orafter_sign_in_path/1
rather thanpow_session_path(conn, :new)
Bug fixes
- Correct shell instructions for
mix pow.install
task with custom schema - Fixed bug in
Pow.Extension.Phoenix.Router.Base
andPow.Extension.Phoenix.Messages
where the full extension name wasn't used to namespace methods
Deprecations
- Deprecated
Pow.Extension.Config.underscore_extension/1
- Deprecated
PowResetPassword.Ecto.Context.password_changeset/2
- Deprecated
Pow.Ecto.Schema.filter_new_fields/2
- Deprecated
:messages_backend_fallback
setting for extension controllers - Removed deprecated macro
router_helpers/1
inPow.Phoenix.Controller
v1.0.2 (2019-02-28)
- Added flash error message about e-mail confirmation for when user changes e-mail with PowEmailConfirmation enabled
- Added
new_password_changeset/3
andconfirm_password_changeset/3
toPow.Ecto.Schema.Changeset
- Redis cache store backend guide
- Correct shell instructions for
mix pow.phoenix.gen.templates
task - Only load environment config in
Pow.Config.get/3
when no key is set in the provided config - Fixed issue in
Pow.Store.Backend.MnesiaCache.keys/1
andPow.Store.Backend.EtsCache.keys/1
so they now return keys without namespace Pow.Store.Backend.MnesiaCache.put/3
now raises an error if TTL is not provided
Breaking changes
PowResetPassword.Plug.reset_password_token/1
has been removed
v1.0.1 (2019-01-27)
pow.extension.ecto.gen.migrations
mix task will output warning when a migration file won't be generated for any particular extension- Leading and trailing whitespace is removed from the user id field value (in addition to forced lower case)
- An exception is raised when
pow_routes/0
orpow_extension_routes/0
are used inside router scopes with aliases - Mail view templates assigns now has
[user: user, conn: conn]
along with the template specific assigns - Mail view subject methods now gets the same assigns passed as mail view template assigns instead of only
[conn: conn]
- Added
pow_registration_routes/0
,pow_session_routes/0
andpow_scope/1
macros to the router module - Added guide on how to disable registration
v1.0.0 (2018-11-18)
- Phoenix 1.4 support
- Ecto 3.0 support