- Route generation with :as option (#174)
- Test helper route generation (#174)
- Fix sessions/new label for attribute (#172)
- Adds
autocomplete: 'off'to token field (#173) - Adds sessions/show "Confirm" to locale definition (#173)
This major release of Passwordless changes a lot of things and it is almost guaranteed that you will need to change your code to upgrade to this version.
(Note that there is no need to upgrade. The previous versions of Passwordless will continue to work for the foreseeable future.)
See Upgrading to Passwordless 1.0 for more details.
- Added an option to set a custom controller for
passwordless_forroutes (#152) - Added
ControllerHelpers#create_passwordless_session(#161)
- Tokens are now encrypted in the database (#145)
- Un-isolate namespace (#146)
- Move configuration to
Passwordless.config(#155)
- Added option
redirect_to_response_options(#142)
- Replaced
form_forwithform_within view template (#128) - Added frontend validation for email presence in views (#128)
- Always redirect magic link requests back to the sign_in page and render generic flash (#120)
- Fix
Passwordless#ControllerHelpersto be used outside controllers (#124)
- Reset session at sign_in to protect from session fixation attacks (#108)
- Fixed support for Turbo Drive (#116)
- Option to customize mailer inheritance with a new configuration
parent_mailer(#82)
- Calls
stripon passwordless field param
- Customizable redirects (#69)
- Fixes session availability wrongly determined by timeout not expiry (#61)
- Fixes an issue with using a resource class not named
User(#58)
This version moves from storing the session information in the cookies to the session.
Your users will therefore have to sign in again after upgrading.
To provide a smoother experience, you can use the provided session upgrade helper like this:
def current_user
@current_user ||=
authenticate_by_session(User) ||
upgrade_passwordless_cookie(User)
end- Deprecates
authenticate_by_cookie, useauthenticate_by_session.(#56)
restrict_token_reusedisables session reuse (#51)
- Optionally pass
requesttoafter_session_save(#49) - Sign in via
Passwordless::Sessioninstead of authenticatable and store it insessioninstead ofcookies(#56) sign_inhelper now expects aPasswordless::Session.
- Option to customize callback (eg. send e-mail, sms, whatever) (#39)
- Use
timeout_atinstead ofexpires_atwhen signing in (#43)
- Option to set custom expiration and timeout durations (#37)
- Allow overriding the lookup method of the user resource (#33)
- Fixed: Support models using Single Table Inheritance (#26)
- Fixed: Missing
as:on session associationhas_many(#23)
- Added: Include main app's routes in passwordless views
- Fixed: Authenticatable (User) lookup is case-insentive
- Added: Support for I18n (Thanks @mftaff)
- Fixed: Actually expire sessions (Thanks @mftaff)
- Added:
build_passwordless_sessioncontroller helper
- Added: Documentation! (Thanks to @mftaff)
- Fixed: Case-insensitive email lookup
- Fixed: Post-sign in redirect destination is scoped to model
- Added: Redirect to previous destination post sign in
- Added: Added
#passwordless_controller? - Fixed: Inherit from main app's ApplicationController
- Fixed: Removed Gemfile.lock
- Added: An option to provide a custom token generator
- Added: Changelog