devise-edge 1.2.rc

data/CHANGELOG.rdoc

@@ -0,0 +1,500 @@
+* deprecations
+  * sign_out_all_scopes defaults to true as security measure
+  * http authenticatable is disabled by default
+  * cookie_domain is deprecated in favor of cookie_options
+
+* enhancements
+  * Added OAuth 2 support
+  * sign_out_via is available in the router to configure the method used for sign out (by github.com/martinrehfeld)
+  * Improved Ajax requests handling in failure app (by github.com/spastorino)
+  * Added request_keys to easily use request specific values (like subdomain) in authentication
+  * Increased the size of friendly_token to 60 characters (reduces the chances of a successful brute attack)
+  * Ensure the friendly token does not include "_" or "-" since some e-mails may not autolink it properly (by github.com/rymai)
+  * Extracted encryptors into :encryptable for better bcrypt support
+  * :rememberable is now able to use salt as token if no remember_token is provided
+  * Store the salt in session and expire the session if the user changes his password
+  * Allow :stateless_token to be set to true avoiding users to be stored in session through token authentication
+  * cookie_options uses session_options values by default
+
+* bugfix
+  * after_sign_in_path_for always receives a resource
+  * Do not execute Warden::Callbacks on Devise::TestHelpers (by github.com/sgronblo)
+  * Password recovery and account unlocking takes into account authentication keys (by github.com/RStankov)
+
+== 1.1.3
+
+* bugfix
+  * Add reply-to to e-mail headers by default
+  * Updated the views generator to respect the rails :template_engine option (by github.com/fredwu)
+  * Check the type of HTTP Authentication before using Basic headers
+  * Avoid invalid_salt errors by checking salt presence (by github.com/thibaudgg)
+  * Forget user deletes the right cookie before logout, not remembering the user anymore (by github.com/emtrane)
+  * Fix for failed first-ever logins on PostgreSQL where column default is nil (by github.com/bensie)
+  * :default options is now honored in migrations
+
+== 1.1.2
+
+* bugfix
+  * Compatibility with latest Rails routes schema
+
+== 1.1.1
+
+* bugfix
+  * Fix a small bug where generated locale file was empty on devise:install
+
+== 1.1.0
+
+* enhancements
+  * Rememberable module allows user to be remembered across browsers and is enabled by default (by github.com/trevorturk)
+  * Rememberable module allows you to activate the period the remember me token is extended (by github.com/trevorturk)
+  * devise_for can now be used together with scope method in routes but with a few limitations (check the documentation)
+  * Support `as` or `devise_scope` in the router to specify controller access scope
+  * HTTP Basic Auth can now be disabled/enabled for xhr(ajax) requests using http_authenticatable_on_xhr option (by github.com/pellja)
+
+* bug fix
+  * Fix a bug in Devise::TestHelpers where current_user was returning a Response object for non active accounts
+  * Devise should respect script_name and path_info contracts
+  * Fix a bug when accessing a path with (.:format) (by github.com/klacointe)
+  * Do not add unlock routes unless unlock strategy is email or both
+  * Email should be case insensitive
+  * Store classes as string in session, to avoid serialization and stale data issues
+
+* deprecations
+  * use_default_scope is deprecated and has no effect. Use :as or :devise_scope in the router instead
+
+== 1.1.rc2
+
+* enhancements
+  * Allow to set cookie domain for the remember token. (by github.com/mantas)
+  * Added navigational formats to specify when it should return a 302 and when a 401.
+  * Added authenticate(scope) support in routes (by github.com/wildchild)
+  * Added after_update_path_for to registrations controller (by github.com/thedelchop)
+  * Allow the mailer object to be replaced through config.mailer = "MyOwnMailer"
+
+* bug fix
+  * Fix a bug where session was timing out on sign out
+
+* deprecations
+  * bcrypt is now the default encryptor
+  * devise.mailer.confirmations_instructions now should be devise.mailer.confirmations_instructions.subject
+  * devise.mailer.user.confirmations_instructions now should be devise.mailer.confirmations_instructions.user_subject
+  * Generators now use Rails 3 syntax (devise:install) instead of devise_install
+
+== 1.1.rc1
+
+* enhancements
+  * Rails 3 compatibility
+  * All controllers and views are namespaced, for example: Devise::SessionsController and "devise/sessions"
+  * Devise.orm is deprecated. This reduces the required API to hook your ORM with devise
+  * Use metal for failure app
+  * HTML e-mails now have proper formatting
+  * Allow to give :skip and :controllers in routes
+  * Move trackable logic to the model
+  * E-mails now use any template available in the filesystem. Easy to create multipart e-mails
+  * E-mails asks headers_for in the model to set the proper headers
+  * Allow to specify haml in devise_views
+  * Compatibility with Mongoid
+  * Make config.devise available on config/application.rb
+  * TokenAuthenticatable now works with HTTP Basic Auth
+  * Allow :unlock_strategy to be :none and add :lock_strategy which can be :failed_attempts or none. Setting those values to :none means that you want to handle lock and unlocking by yourself
+  * No need to append ?unauthenticated=true in URLs anymore since Flash was moved to a middleware in Rails 3
+  * :activatable is included by default in your models
+
+* bug fix
+  * Fix a bug with STI
+
+* deprecations
+  * Rails 3 compatible only
+  * Removed support for MongoMapper
+  * Scoped views are no longer "sessions/users/new". Now use "users/sessions/new"
+  * Devise.orm is deprecated, just require "devise/orm/YOUR_ORM" instead
+  * Devise.default_url_options is deprecated, just modify ApplicationController.default_url_options
+  * All messages under devise.sessions, except :signed_in and :signed_out, should be moved to devise.failure
+  * :as and :scope in routes is deprecated. Use :path and :singular instead
+
+== 1.0.8
+
+* enhancements
+  * Support for latest MongoMapper
+  * Added anybody_signed_in? helper (by github.com/SSDany)
+
+* bug fix
+  * confirmation_required? is properly honored on active? calls. (by github.com/paulrosania)
+
+== 1.0.7
+
+* bug fix
+  * Ensure password confirmation is always required
+
+* deprecations
+  * authenticatable was deprecated and renamed to database_authenticatable
+  * confirmable is not included by default on generation
+
+== 1.0.6
+
+* bug fix
+  * Do not allow unlockable strategies based on time to access a controller.
+  * Do not send unlockable email several times.
+  * Allow controller to upstram custom! failures to Warden.
+
+== 1.0.5
+
+* bug fix
+  * Use prepend_before_filter in require_no_authentication.
+  * require_no_authentication on unlockable.
+  * Fix a bug when giving an association proxy to devise.
+  * Do not use lock! on lockable since it's part of ActiveRecord API.
+
+== 1.0.4
+
+* bug fix
+  * Fixed a bug when deleting an account with rememberable
+  * Fixed a bug with custom controllers
+
+== 1.0.3
+
+* enhancements
+  * HTML e-mails now have proper formatting
+  * Do not remove MongoMapper options in find
+
+== 1.0.2
+
+* enhancements
+  * Allows you set mailer content type (by github.com/glennr)
+
+* bug fix
+  * Uses the same content type as request on http authenticatable 401 responses
+
+== 1.0.1
+
+* enhancements
+  * HttpAuthenticatable is not added by default automatically.
+  * Avoid mass assignment error messages with current password.
+
+* bug fix
+  * Fixed encryptors autoload
+
+== 1.0.0
+
+* deprecation
+  * :old_password in update_with_password is deprecated, use :current_password instead
+
+* enhancements
+  * Added Registerable
+  * Added Http Basic Authentication support
+  * Allow scoped_views to be customized per controller/mailer class
+  * [#99] Allow authenticatable to used in change_table statements
+
+== 0.9.2
+
+* bug fix
+  * Ensure inactive user cannot sign in
+  * Ensure redirect to proper url after sign up
+
+* enhancements
+  * Added gemspec to repo
+  * Added token authenticatable (by github.com/grimen)
+
+== 0.9.1
+
+* bug fix
+  * Allow bigger salt size (by github.com/jgeiger)
+  * Fix relative url root
+
+== 0.9.0
+
+* deprecation
+  * devise :all is deprecated
+  * :success and :failure flash messages are now :notice and :alert
+
+* enhancements
+  * Added devise lockable (by github.com/mhfs)
+  * Warden 0.9.0 compatibility
+  * Mongomapper 0.6.10 compatibility
+  * Added Devise.add_module as hooks for extensions (by github.com/grimen)
+  * Ruby 1.9.1 compatibility (by github.com/grimen)
+
+* bug fix
+  * Accept path prefix not starting with slash
+  * url helpers should rely on find_scope!
+
+== 0.8.2
+
+* enhancements
+  * Allow Devise.mailer_sender to be a proc (by github.com/grimen)
+
+* bug fix
+  * Fix bug with passenger, update is required to anyone deploying on passenger (by github.com/dvdpalm)
+
+== 0.8.1
+
+* enhancements
+  * Move salt to encryptors
+  * Devise::Lockable
+  * Moved view links into partial and I18n'ed them
+
+* bug fix
+  * Bcrypt generator was not being loaded neither setting the proper salt
+
+== 0.8.0
+
+* enhancements
+  * Warden 0.8.0 compatibility
+  * Add an easy for map.connect "sign_in", :controller => "sessions", :action => "new" to work
+  * Added :bcrypt encryptor (by github.com/capotej)
+
+* bug fix
+  * sign_in_count is also increased when user signs in via password change, confirmation, etc..
+  * More DataMapper compatibility (by github.com/lancecarlson)
+
+* deprecation
+  * Removed DeviseMailer.sender
+
+== 0.7.5
+
+* enhancements
+  * Set a default value for mailer to avoid find_template issues
+  * Add models configuration to MongoMapper::EmbeddedDocument as well
+
+== 0.7.4
+
+* enhancements
+  * Extract Activatable from Confirmable
+  * Decouple Serializers from Devise modules
+
+== 0.7.3
+
+* bug fix
+  * Give scope to the proper model validation
+
+* enhancements
+  * Mail views are scoped as well
+  * Added update_with_password for authenticatable
+  * Allow render_with_scope to accept :controller option
+
+== 0.7.2
+
+* deprecation
+  * Renamed reset_confirmation! to resend_confirmation!
+  * Copying locale is part of the installation process
+
+* bug fix
+  * Fixed render_with_scope to work with all controllers
+  * Allow sign in with two different users in Devise::TestHelpers
+
+== 0.7.1
+
+* enhancements
+  * Small enhancements for other plugins compatibility (by github.com/grimen)
+
+== 0.7.0
+
+* deprecations
+  * :authenticatable is not included by default anymore
+
+* enhancements
+  * Improve loading process
+  * Extract SessionSerializer from Authenticatable
+
+== 0.6.3
+
+* bug fix
+  * Added trackable to migrations
+  * Allow inflections to work
+
+== 0.6.2
+
+* enhancements
+  * More DataMapper compatibility
+  * Devise::Trackable - track sign in count, timestamps and ips
+
+== 0.6.1
+
+* enhancements
+  * Devise::Timeoutable - timeout sessions without activity
+  * DataMapper now accepts conditions
+
+== 0.6.0
+
+* deprecations
+  * :authenticatable is still included by default, but yields a deprecation warning
+
+* enhancements
+  * Added DataMapper support
+  * Remove store_location from authenticatable strategy and add it to failure app
+  * Allow a strategy to be placed after authenticatable
+  * [#45] Do not rely attribute? methods, since they are not added on Datamapper
+
+== 0.5.6
+
+* enhancements
+  * [#42] Do not send nil to build (DataMapper compatibility)
+  * [#44] Allow to have scoped views
+
+== 0.5.5
+
+* enhancements
+  * Allow overwriting find for authentication method
+  * [#38] Remove Ruby 1.8.7 dependency
+
+== 0.5.4
+
+* deprecations
+  * Deprecate :singular in devise_for and use :scope instead
+
+* enhancements
+  * [#37] Create after_sign_in_path_for and after_sign_out_path_for hooks to be
+    overwriten in ApplicationController
+  * Create sign_in_and_redirect and sign_out_and_redirect helpers
+  * Warden::Manager.default_scope is automatically configured to the first given scope
+
+== 0.5.3
+
+* bug fix
+  * MongoMapper now converts DateTime to Time
+  * Ensure all controllers are unloadable
+
+* enhancements
+  * [#35] Moved friendly_token to Devise
+  * Added Devise.all, so you can freeze your app strategies
+  * Added Devise.apply_schema, so you can turn it to false in Datamapper or MongoMapper
+    in cases you don't want it be handlded automatically
+
+== 0.5.2
+
+* enhancements
+  * [#28] Improved sign_in and sign_out helpers to accepts resources
+  * [#28] Added stored_location_for as a helper
+  * [#20] Added test helpers
+
+== 0.5.1
+
+* enhancements
+  * Added serializers based on Warden ones
+  * Allow authentication keys to be set
+
+== 0.5.0
+
+* bug fix
+  * Fixed a bug where remember me module was not working properly
+
+* enhancements
+  * Moved encryption strategy into the Encryptors module to allow several algorithms (by github.com/mhfs)
+  * Implemented encryptors for Clearance, Authlogic and Restful-Authentication (by github.com/mhfs)
+  * Added support for MongoMapper (by github.com/shingara)
+
+== 0.4.3
+
+* bug fix
+  * [#29] Authentication just fails if user cannot be serialized from session, without raising errors;
+  * Default configuration values should not overwrite user values;
+
+== 0.4.2
+
+* deprecations
+  * Renamed mail_sender to mailer_sender
+
+* enhancements
+  * skip_before_filter added in Devise controllers
+  * Use home_or_root_path on require_no_authentication as well
+  * Added devise_controller?, useful to select or reject filters in ApplicationController
+  * Allow :path_prefix to be given to devise_for
+  * Allow default_url_options to be configured through devise (:path_prefix => "/:locale" is now supported)
+
+== 0.4.1
+
+* bug fix
+  * [#21] Ensure options can be set even if models were not loaded
+
+== 0.4.0
+
+* deprecations
+  * Notifier is deprecated, use DeviseMailer instead. Remember to rename
+    app/views/notifier to app/views/devise_mailer and I18n key from
+    devise.notifier to devise.mailer
+  * :authenticable calls are deprecated, use :authenticatable instead
+
+* enhancements
+  * [#16] Allow devise to be more agnostic and do not require ActiveRecord to be loaded
+  * Allow Warden::Manager to be configured through Devise
+  * Created a generator which creates an initializer
+
+== 0.3.0
+
+* bug fix
+  * [#15] Allow yml messages to be configured by not using engine locales
+
+* deprecations
+  * Renamed confirm_in to confirm_within
+  * [#14] Do not send confirmation messages when user changes his e-mail
+  * [#13] Renamed authenticable to authenticatable and added deprecation warnings
+
+== 0.2.3
+
+* enhancements
+  * Ensure fail! works inside strategies
+  * [#12] Make unauthenticated message (when you haven't signed in) different from invalid message
+
+* bug fix
+  * Do not redirect on invalid authenticate
+  * Allow model configuration to be set to nil
+
+== 0.2.2
+
+* bug fix
+  * [#9] Fix a bug when using customized resources
+
+== 0.2.1
+
+* refactor
+  * Clean devise_views generator to use devise existing views
+
+* enhancements
+  * [#7] Create instance variables (like @user) for each devise controller
+  * Use Devise::Controller::Helpers only internally
+
+* bug fix
+  * [#6] Fix a bug with Mongrel and Ruby 1.8.6
+
+== 0.2.0
+
+* enhancements
+  * [#4] Allow option :null => true in authenticable migration
+  * [#3] Remove attr_accessible calls from devise modules
+  * Customizable time frame for rememberable with :remember_for config
+  * Customizable time frame for confirmable with :confirm_in config
+  * Generators for creating a resource and copy views
+
+* optimize
+  * Do not load hooks or strategies if they are not used
+
+* bug fixes
+  * [#2] Fixed requiring devise strategies
+
+== 0.1.1
+
+* bug fixes
+  * [#1] Fixed requiring devise mapping
+
+== 0.1.0
+
+* Devise::Authenticable
+* Devise::Confirmable
+* Devise::Recoverable
+* Devise::Validatable
+* Devise::Migratable
+* Devise::Rememberable
+
+* SessionsController
+* PasswordsController
+* ConfirmationsController
+
+* Create an example app
+* devise :all, :except => :rememberable
+* Use sign_in and sign_out in SessionsController
+
+* Mailer subjects namespaced by model
+* Allow stretches and pepper per model
+
+* Store session[:return_to] in session
+* Sign user in automatically after confirming or changing it's password