Skip to content

Releases: pow-auth/pow_assent

v0.4.8

20 May 05:44
@danschultzer danschultzer
v0.4.8
1216621
This commit was signed with the committer’s verified signature. The key has expired.
danschultzer Dan Schultzer
GPG key ID: 398EE094F9A269F7
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.4.8

Enhancements

  • [PowAssent.Plug] Added PowAssent.Plug.put_create_session_callback/2 #178
  • [PowAssent.Plug] Added PowAssent.Plug.fetch_config/1 #178
  • [PowAssent.Plug] Now calls create session callbacks set with PowAssent.Plug.put_create_session_callback/2 when a session is created #178
  • [PowAssent.Plug.Reauthorization] Added plug to enable reauthorization #178
  • [PowAssent.Phoenix.AuthorizationController] Now instead of raising an exception for strategy errors, the user is redirected to the sign in page with a generic error message #179
  • [PowAssent.Config] Added PowAssent.Config.merge_provider_config/3 #166
  • [PowAssent.Plug] Added PowAssent.Plug.merge_provider_config/3 #166
Assets 2
Loading

v0.4.7

22 Apr 19:27
@danschultzer danschultzer
v0.4.7
c1cbf1f
This commit was signed with the committer’s verified signature. The key has expired.
danschultzer Dan Schultzer
GPG key ID: 398EE094F9A269F7
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.4.7

Now support Phoenix 1.5 and requires Pow ~> 1.0.19 and Elixir 1.7.

Assets 2
Loading

v0.4.6

16 Feb 22:31
@danschultzer danschultzer
v0.4.6
8c96885
Compare
Choose a tag to compare
v0.4.6

The callback flow has been changed so sessions are now stored in the backend cache with PowAssent.Store.SessionCache instead of using Plug.Session. This prevents exposure of sensitive data, as the only thing stored in the Plug session is a random UUID.

Updated Pow requirement to ~> 1.0.17. #141

Enhancements

  • [PowAssent.Plug] Added PowAssent.Plug.change_user/4 #118
  • [PowAssent.Operations] Added PowAssent.Operations.user_identity_changeset/4 #118
  • [PowAssent.Phoenix.AuthorizationController] Now prevents user enumeration attack using PowEmailConfirmation.Phoenix.ControllerCallbacks when PowEmailConfirmation extension is enabled #128
  • [PowAssent.Phoenix.AuthorizationController] Now stores :changeset in session when redirecting to :add_user_id page #137
  • [PowAssent.Phoenix.RegistrationController] Now prevents user enumeration attack using PowEmailConfirmation.Phoenix.ControllerCallbacks when PowEmailConfirmation extension is enabled #128
  • [PowAssent.Phoenix.RegistrationController] Now uses :changeset stored in the session when rendering :add_user_id page #137
  • [PowAssent.Plug] Moved business logic away from PowAssent.Phoenix.AuthorizationController into PowAssent.Plug.callback_upsert/4 that will authenticate, upsert user identity, or create user #133
  • [PowAssent.Store.SessionCache] Added session store module #135
  • [PowAssent.Plug] Added PowAssent.Plug.init_session/1 #135
  • [PowAssent.Plug] Added PowAssent.Plug.put_session/3 #135
  • [PowAssent.Plug] Added PowAssent.Plug.delete_session/2 #135

Bug fixes

  • [PowAssent.Ecto.Schema] Fixed issue in PowAssent.Ecto.Schema.changeset/2 where confirmation token was not set thus allowing users with unconfirmed email to sign in #121

Documentation

Assets 2
Loading

v0.4.5

06 Dec 21:23
@danschultzer danschultzer
v0.4.5
4c98c58
Compare
Choose a tag to compare
v0.4.5
  • [PowAssent.Phoenix.AuthorizationController] Now supports :request_path param so the user will be redirected back to :request_path after successful authorization #110
  • [PowAssent.Phoenix.ViewHelpers] PowAssent.Phoenix.ViewHelpers.authorization_link/3 now adds :request_path to the query param if assigned to the conn #110
  • [PowAssent.Phoenix.ViewHelpers] PowAssent.Phoenix.ViewHelpers.authorization_link/3, PowAssent.Phoenix.ViewHelpers.deauthorization_link/3, and PowAssent.Phoenix.ViewHelpers.provider_links/2 now accepts keyword list with options to be passed on to the link generation #112
Assets 2
Loading

v0.4.4

23 Nov 00:32
@danschultzer danschultzer
v0.4.4
8b1d062
Compare
Choose a tag to compare
v0.4.4

Note: This release contains an important security fix.

  • [PowAssent.Plug] Now uses String.to_existing_atom/1 in PowAssent.Plug.providers_for_current_user/1
  • [PowAssent.Plug] Fixed security issue by removing String.to_atom/1 for user provided binary in PowAssent.Plug.authorize_url/3 and PowAssent.Plug.callback/4
  • [PowAssent.Config] PowAssent.Config.get_provider_config/2 now accepts binary provider
Assets 2
Loading

v0.4.3

20 Nov 23:29
@danschultzer danschultzer
v0.4.3
41127fa
Compare
Choose a tag to compare
v0.4.3

Changes

  • Removed :phoenix_html dependency requirement #104
  • Added Pow minimum requirement ~> 1.0.15 #107
  • Use Pow.Extension.Base macro for new extension setup #107
Assets 2
Loading

v0.4.2

13 Nov 17:27
@danschultzer danschultzer
v0.4.2
6bb4957
Compare
Choose a tag to compare
v0.4.2

Changes

  • Added support for POST callback from provider: #101
    • Added pow_assent_authorization_post_callback_routes/0 macro to PowAssent.Phoenix.Router
    • Added :skip_csrf_protection pipeline example and scope with pow_assent_authorization_post_callback_routes/0 call to the docs
    • Use Pow.Phoenix.Router macros to dynamically filter duplicate routes
Assets 2
Loading

v0.4.1

08 Oct 14:43
@danschultzer danschultzer
v0.4.1
9c81bf1
Compare
Choose a tag to compare
v0.4.1

Changes

  • Use Assent v0.1.2 and set :redirect_uri in config for OAuth 2.0 callback phase #97
Assets 2
Loading

v0.4.0

06 Oct 15:16
@danschultzer danschultzer
v0.4.0
0b9aa95
Compare
Choose a tag to compare
v0.4.0

This release consists of major breaking changes.

You'll have to change the :strategy setting in your provider configurations. For the most part it would just consists of renaming PowAssent.Strategy.STRATEGY to Assent.Strategy.STRATEGY.

If you have custom built strategies, you should can use Assent.Strategy.normalize_userinfo/2 to conform the userinfo response from the API. sub is now expected instead of uid.

Changes

Ref: #95

  • Use :assent package for strategies. The following modules has been removed in favor of Assent modules:

    • PowAssent.CallbackError
    • PowAssent.CallbackCSRFError
    • PowAssent.RequestError
    • PowAssent.ConfigurationError
    • PowAssent.HTTPAdapter
    • PowAssent.HTTPAdapter.Httpc
    • PowAssent.HTTPAdapter.Mint
    • PowAssent.Strategy.Auth0
    • PowAssent.Strategy.AzureOAuth2
    • PowAssent.Strategy.Basecamp
    • PowAssent.Strategy.Discord
    • PowAssent.Strategy.Facebook
    • PowAssent.Strategy.Github
    • PowAssent.Strategy.Gitlab
    • PowAssent.Strategy.Google
    • PowAssent.Strategy.Instagram
    • PowAssent.Strategy.OAuth
    • PowAssent.Strategy.OAuth.Base
    • PowAssent.Strategy.OAuth2
    • PowAssent.Strategy.OAuth2.Base
    • PowAssent.Strategy.Slack
    • PowAssent.Strategy.Twitter
    • PowAssent.Strategy.VK
    • PowAssent.Strategy

  • Callback params now conforms to OpenID Connect Core 1.0 Standard Claims spec. During the callback phase, the following param keys will be renamed:

    • sub to uid
    • preferred_username to username

  • The e-mail is no longer considered confirmed unless the callback params has an email_verified key set to true

  • PowAssent.Plug.authorize_url/3 generates a random nonce if nonce: true is set in the provider configuration

  • Support for OpenID Connect and Apple Sign In through Assent

Assets 2
Loading

v0.3.2

25 Aug 22:36
@danschultzer danschultzer
v0.3.2
a0b804c
Compare
Choose a tag to compare
v0.3.2

Changes

  • All links in docs generated with mix docs and on hexdocs.pm now works (7d66e11)
  • Generated docs now uses lower case file name except for README and CHANGELOG (7d66e11)
  • Added Auth0 strategy #81
  • Added Gitlab strategy #83
Assets 2
Loading