Robust, modular, and extendable user authentication system
MIT License
Pow.Ecto.Schema.Changeset
] Fixed issue with schemas having a :data
field not being handled correctly in changeset functions #729 (thanks @oivoodoo!)Published by danschultzer 8 months ago
Pow.Phoenix.Template
] Now sets the function annotation in caller environment to prevent compile error when :debug_heex_annotations
is set to true
#726Published by danschultzer 9 months ago
Pow.Phoenix.ViewHelpers
] Now ensures format for layouts in Phoenix 1.7 is conformed to prevent conflicting layouts found
warnings #721Published by danschultzer 10 months ago
Handles Elixir 1.16 deprecations. #719
Pow.Ecto.Schema.Changeset
] Now handles MFA for :password_hash_verify
#716Pow.Ecto.Schema.Changeset
] Now handles MFA for :email_validator
#716Pow.Ecto.Schema.Changeset
] Deprecated :password_hash_methods
in favor of :password_hash_verify
#715Published by danschultzer about 1 year ago
Note: This release contains an important security fix. It is recommended to update immediately if you are using the Pow.Store.Backend.MnesiaCache
.
Pow.Store.Backend.MnesiaCache
] Fixed bug where expired cached keys are not invalidated on startupPublished by danschultzer about 1 year ago
Pow.Phoenix.Controller
] Fixed regression bug with Phoenix.View
and :namespace
option #712Pow.Phoenix.ViewHelpers
] Now falls back to view named modules to prevent upgrade issues #712Published by danschultzer about 1 year ago
Removed deprecation warnings for Elixir 1.15. #710
Pow.Phoenix.Controller
] Now uses Phoenix.View
when it's available with :namespace
option to prevent upgrade issues #709Published by danschultzer over 1 year ago
Pow.Phoenix.Mailer.Mail
] Now renders html and text correctly in fallback mode for deprecated MailView #701Published by danschultzer over 1 year ago
####Bug fixes
Pow
] Ensure the dependency is loaded before matching version in Pow.dependency_vsn_match?/2
#697Published by danschultzer over 1 year ago
This version is updated to work with Phoenix 1.7, in particular using the new template components structure. All views have been removed, and Pow no longer requires the phoenix_view
dependency.
Now requires Elixir 1.12+. #691
Pow.Phoenix.Mailer.Mail
] Revamped to conform to template component structure of Phoenix 1.7 #691Pow.Phoenix.Template
] Now renders Tailwind based template components on Phoenix 1.7 #691Pow.Phoenix.Mailer.Mail
] Deprecated :pow_mailer_layout
in favor of :pow_mailer_layouts
#691Mix.Pow.Phoenix.Mailer
] Removed Mix.Pow.Phoenix.Mailer.create_view_file/5
#691Mix.Pow.Phoenix.Mailer
] Removed Mix.Pow.Phoenix.Mailer.create_templates/4
#691Mix.Pow.Phoenix
] Removed Mix.Pow.Phoenix.create_view_file/4
#691Published by danschultzer over 1 year ago
Mix.Pow
] Mix.Pow.parse_options/3
now merges option defaults with :otp_app, :generators
configuration #668Mix.Pow.Mix.Tasks.Pow.Phoenix.Mailer.Gen.Templates
] Now injects config/config.exs
and WEB_PATH/WEB_APP.ex
#674Mix.Pow.Mix.Tasks.Pow.Phoenix.Gen.Templates
] Now injects config/config.exs
#674Mix.Tasks.Pow.Phoenix.Install
] Now injects config/config.exs
, WEB_PATH/endpoint.ex
, and WEB_PATH/router.ex
#674Pow.Phoenix.Router
] Updated to support Phoenix 1.7 breaking changes #687Pow.Phoenix.Template
] Updated to support Phoenix 1.7 verified routes #687Pow.Phoenix.Routes
] Updated to support Phoenix 1.7 verified routes #687Pow.Phoenix.ViewHelpers
] Updated to handle Phoenix 1.7 components layout #687:phoenix
removed from the compilers #684conn
for delete calls #670Published by danschultzer over 2 years ago
Now supports ecto_sql
1.8.x and requires Elixir 1.11+. #665
Pow.Ecto.Schema
] has been refactored to conform the @pow_fields
and @pow_assocs
attributes with separate migration options #665Published by danschultzer almost 3 years ago
Pow.Store.Backend.MnesiaCache.Unsplit
] The unsplit module will now initialize the Mnesia cluster when nodes are connected lazily by resetting the Mnesia schema #655Pow.Store.Backend.MnesiaCache
] Now properly handles Mnesia application start errors #654Plug.Conn.register_before_send/2
for token writes #652Published by danschultzer about 3 years ago
Now supports Phoenix 1.6.x, and phoenix_html
3.x.x. #646 #649
Pow.Ecto.Schema.Fields
] The :password_hash
, :current_password
, and :password
fields now have redact: true
option set #637Pow.Phoenix.Controller
] Pow.Phoenix.Controller.action/3
now properly handles {:halt, conn}
returned in the before_process
callback #632Pow.Store.Backend.EtsCache
] Now does synchronous writes unless writes: :async
is passed in config options #650Pow.Store.Backend.MnesiaCache
] Now does synchronous writes unless writes: :async
is passed in config options #650Pow.Operations
] Pow.Operations.fetch_primary_key_values/2
now ensures that module exists and is loaded before deriving primary keys #643writes: :async
is passed in config options #650Published by danschultzer over 3 years ago
Pow.Store.Backend.MnesiaCache
] Now accepts extra_db_nodes: {module, function, arguments}
to fetch nodes when MnesiaCache starts up #615PowEmailConfirmation.Phoenix.Messages
] Added PowEmailConfirmation.Phoenix.Messages.invalid_token/1
#618Pow.Store.CredentialsCache
] Now outputs an IO warning when a :ttl
longer than 30 minutes is used #619Pow.Store.Backend.MnesiaCache
] Now handles initialization errors #616Published by danschultzer over 3 years ago
Pow.Ecto.Context
] No longer automatically reloads the struct after insert or update #600PowInvitation.Ecto.Schema
] Added PowInvitation.Ecto.Schema.invitation_token_changeset/1
#596PowInvitation.Ecto.Schema
] Added PowInvitation.Ecto.Schema.invited_by_changeset/2
#596Pow.Ecto.Schema.Password.Pbkdf2
] Now uses :crypto.mac/4
if available to support OTP 24 #602PowEmailConfirmation.Phoenix.ControllerCallbacks
] Now returns :info
instead of :error
#612Pow.Store.Backend.MnesiaCache
] No longer triggers Elixir 1.11 dependency warnings #606Published by danschultzer over 3 years ago
This release introduces a deprecation for the default API guide implementation. Please check migration section below.
PowPersistentSession.Plug.Cookie
] Now stores the user struct instead of clauses #392PowPersistentSession.Plug.Base
] Now includes :pow_config
in the store config #392PowResetPassword.Plug
] Now includes :pow_config
in the store config #392Pow.Plug.Base
] Now includes :pow_config
in the store config #392Pow.Operations
] Added Pow.Operations.reload/2
to reload structs #392PowPersistentSession.Store.PersistentSessionCache
] Update PowPersistentSession.Store.PersistentSessionCache.get/2
to reload the user using Pow.Operations.reload/2
#392Pow.Store.CredentialsCache
] Now support reload: true
configuration so once fetched from the cache the user object will be reloaded through the context module #392If you've used an API setup for previous version, you'll see the warning PowPersistentSession.Store.PersistentSessionCache.get/2 call without `:pow_config` in second argument is deprecated, refer to the API guide.
. It's recommended to replace your APIAuthPlug
with the updated version in the API guide.
The larger refactor of cache setup in Pow v1.0.22
means that user struct is always expected to be passed in and returned by the stores, so it is no longer necessary to load the user in the API plug. The PowPersistentSession.Store.PersistentSessionCache
has fallback logic to handle the deprecated clauses keyword list, and will load the user correctly.
Published by danschultzer about 4 years ago
Pow.Plug.Base
] Will now use the existing :pow_config
in the conn
when no plug options has been set #514PowInvitation.Phoenix.InvitationController
] Fixed bug where user was incorrectly redirected to the show action with unsigned token when user struct has no e-mail #535Pow.Ecto.Schema
] Now only emits warning for primitive Ecto types #541PowEmailConfirmation.Ecto.Schema
] PowEmailConfirmation.Ecto.Schema.changeset/3
no longer sets the email to the unconfirmed email when the same email change is set twice #515Pow.Extension.Phoenix.Messages
] Fixed fallback message dializer warning #520Pow.Ecto.Context
] Fixed bug where the macro didn't add :users_context
to the Pow config in the module resulting in Pow.Ecto.Context.get_by/2
being called instead of get_by/1
in the custom context #537Pow.Ecto.Schema.Changeset
] The Pow.Ecto.Schema.Changeset.validate_email/1
method has been improved per specifications to support wider unicode support, fully-qualified domain validation, and comments #565Published by danschultzer over 4 years ago
Now supports Phoenix 1.5, and requires Elixir 1.7 or higher. #494
Mix.Tasks.Pow.Extension.Phoenix.Gen.Templates
] mix pow.extension.phoenix.gen.templates
now dynamically loads template list from the extension base module #461PowResetPassword.Plug
] PowResetPassword.Plug.load_user_by_token/2
now sets a :pow_reset_password_decoded_token
key in conn.private
that will be used in PowResetPassword.Plug.update_user_password/2
#464Published by danschultzer over 4 years ago
Warning: This release will now sign and verify all tokens, causing previous tokens to no longer work. Any sessions and persistent sessions will be invalidated.
Pow.Plug.Session
] Now sets a global lock when renewing the session #414PowPersistentSession.Plug.Cookie
] Now sets a global lock when authenticating the user #414PowEmailConfirmation.Plug
] Added PowEmailConfirmation.Plug.sign_confirmation_token/2
to sign the email_confirmation_token
to prevent timing attacks #417PowEmailConfirmation.Plug
] Added PowEmailConfirmation.Plug.load_user_by_token/2
to verify the signed email_confirmation_token
to prevent timing attacks #446PowEmailConfirmation.Plug
] Added PowEmailConfirmation.Plug.confirm_email/2
with map as second argument #446PowInvitation.Plug
] Added PowInvitation.Plug.sign_invitation_token/2
to sign the invitation_token
#417PowInvitation.Plug
] Added PowInvitation.Plug.load_invited_user_by_token/2
to verify the signed invitation_token
to prevent timing attacks #417PowResetPassword.Plug
] Changed PowResetPassword.Plug.create_reset_token/2
to sign the :token
#417PowResetPassword.Plug
] Added PowResetPassword.Plug.load_user_by_token/2
to verify the signed token to prevent timing attacks #417PowResetPassword.Plug
] Changed PowResetPassword.Plug.update_user_password/2
so it decodes the signed token #417PowPersistentSession.Plug.Cookie
] Now uses signed tokens to prevent timing attacks #417Pow.Plug.Session
] Now uses signed session ID's to prevent timing attacks #417Pow.Plug
] Added Pow.Plug.sign_token/4
to sign tokens #417Pow.Plug
] Added Pow.Plug.verify_token/4
to decode and verify signed tokens #417Pow.Plug.MessageVerifier
] Added Pow.Plug.MessageVerifier
module to sign and verify messages #417PowEmailConfirmation.Ecto.Context
] Added PowEmailConfirmation.Ecto.Context.confirm_email/3
#446PowEmailConfirmation.Ecto.Schema
] Added confirm_email_changeset/2
and pow_confirm_email_changeset/2
to the macro #446PowEmailConfirmation.Ecto.Schema
] Added PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2
#446PowInvitation.Ecto.Schema
] Added accept_invitation_changeset/2
and pow_accept_invitation_changeset/2
to the macro #446PowResetPassword.Ecto.Schema
] Added reset_password_changeset/2
and pow_reset_password_changeset/2
to the macro #446Pow.Ecto.Schema
] Now emits a warning instead of raising error with missing fields/associations #455PowEmailConfirmation.Plug
] PowEmailConfirmation.Plug.confirm_email/2
with token param as second argument has been deprecated in favor of PowEmailConfirmation.Plug.load_user_by_token/2
, and PowEmailConfirmation.Plug.confirm_email/2
with map as second argument #446PowInvitation.Plug
] PowInvitation.Plug.invited_user_from_token/2
has been deprecated in favor of PowInvitation.Plug.load_invited_user_by_token/2
#417PowInvitation.Plug
] PowInvitation.Plug.assign_invited_user/2
has been deprecated #417PowResetPassword.Plug
] PowResetPassword.Plug.user_from_token/2
has been deprecated in favor of PowResetPassword.Plug.load_user_by_token/2
#417PowResetPassword.Plug
] PowResetPassword.Plug.assign_reset_password_user/2
has been deprecated #417PowEmailConfirmation.Ecto.Context
] PowEmailConfirmation.Ecto.Context.confirm_email/2
deprecated in favor of PowEmailConfirmation.Ecto.Context.confirm_email/3
#446PowEmailConfirmation.Ecto.Schema
] PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/1
deprecated in favor of PowEmailConfirmation.Ecto.Schema.confirm_email_changeset/2
#446