-
‘Oath.config.sign_in_notice` should now be a callable object in order for I18n to work correctly
- DEPRECATED
-
you should no longer set ‘Oath.config.sign_in_notice` to a string value
-
Wrap helper_method calls in respond_to?(:helper_method)
-
param_transformations now correctly use string keys
-
Do not perform lookup if no params are passed to lookup
-
Add param transformer for sanitizing and normalizing
-
Extend private interface for services
-
Warden serialization is now configurable
-
Updated documentation for test helpers
-
Updated documentation for using oath in console
-
Fixed bug with failure app now allowing actual http auth to occur
-
‘sign_in` test helper now returns the user
-
‘authenticate_session` arguments are coerced to Hash
-
Oath::BackDoor can be configured with a block
-
Document validation suggestions
-
Document locale suggestions
-
Deprecate usage of Oath.user_class in favor of Oath.config.user_class
-
Make warden strategy configurable via Oath.config.authentication_strategy
-
Extract warden setup into the WardenSetup class
-
Document layout suggestions
-
Link to Rubydoc in documentation
-
Fix header in documentation
-
Fix no_login_redirect to default to a properly named controller
-
Fix documentation reference to sign_up to mention user_params instead of user
-
Fix PasswordStrategy to use configuration options
-
Documentation
-
Renamed encryption to hashing
-
Renamed encrypted to digested
-
Renamed unencrypted to undigested
-
A configuration for ‘no_login_redirect` was added. This accepts anything that can be passed to `redirect_to` and is used when `require_login` is called with no logged in user.
-
A configuration for ‘no_login_handler` was added. This allows developers to completely customize the response when `require_login` is called with no logged in user.
-
Delegate user_class correctly so that config returns class
-
Fixed issue authenticate session not allowing for multiple fields
-
Do not hardcode User class
-
Add signed out routing constraint
-
Backfill NEWS.md
-
Encryption of empty string is empty string.
-
Remove last trace of generators.
-
Oath requires Rails 4+.
-
Move generators to the oath-generators gem.
-
Ensure forms can’t be tampered with by providing no username.
-
Prevent hashing of empty string passwords.
-
Memoize the configuration.
-
Add ‘Oath::Backdoor` for easier tests.
-
Add Oath::Test::ControllerHelpers for controller specs.
-
Depend on the bcrypt gem, not the bcrypt-ruby gem.
-
Make user creation method configurable.
-
Redirect to SessionsController#new, ignoring namespace.
-
Add ‘Oath.config.creation_method`.
-
Now configurable via ‘Oath.configure`:
-
sign in service
-
sign up service
-
authentication service
-
user_token_store_field
-
user_token_field
-
-
Add PasswordReset service.
-
Rename controller_helpers to services.
-
Allos blocks to be passed into sign_in and sign_up.
-
Fix error on trying to respond with HTTP 401.
-
Oath does not generate a User model for you.
-
Add ‘Oath.test_mode!` and `Oath.test_reset!`.
-
Add a lot of tests.
-
Check for Rails 4 or the strong_parameters gem, not just the strong_parameters gem
- FIX
-
require_login should use controller and action for routing.
- FIX
-
Scaffolded SessionsController should have respond_to.
- FIX
-
SignUp should get the value instead of slicing.
-
Cleaned up generated controllers.
-
Use find_by_id instead of find so invalid sessions don’t cause apps to crash.
-
Hashes passed in are no longer mutated via delete.
-
Fixed bug where password wasn’t deleted from session params which would cause lookup to fail.