Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

86 lines (67 sloc) 4.911 kb

1.1.1 released 2008-11-13

  • Removed ActiveRecord dependency.

  • Removed loading shoulda macros by default, moved to shoulda_macros dir.

  • Modified how params access works. Added in single_access_token_field which params now uses. See the single access section in the README. Various configuration options added as well.

  • Cleaned up acts_as_authentic configuration, added new config module to do this.

  • Cleaned up acts_as_authentic tests

  • Moved acts_as_authentic sub modules into the proper name spaces

1.1.0 released 2008-11-13

  • Moved Rack standards into abstract_adapter for the controllers.

  • Added authenticating_with_credentials?, authenticating_with_unauthorized_record?

  • Fixed typo in abstract_adapter, black to block.

  • Cleaned up / reorganized tests.

  • Moved ActiveRecord additions to ORM Adapters name space to make way for Data Mapper.

  • Reorganized and modified acts_as_authentic to be free standing and not get info from the related session.

  • The session now gets its configuration from the model, since determining which fields are present is ORM specific.

  • Extracted session and cookie logic into their own modules for Session.

  • Moved crypto providers into their own module and added a Sha1 provider to help with the restful_authentication transition.

  • Allow the unique_token method to use the alternate crypto_provider if it is a hash algorithm, otherwise default to Sha512.

  • Added last_request_at_threshold configuration option.

  • Changed Scoped class to AuthenticatesManyAssociation, like AR has HasManyAssociation, etc.

  • Added should_be_authentic shoulda macro.

  • Removed some magic from how sessions are initialized. See the initialize documentation, this method is a little more structured now, which was required for adding in openid.

  • Added in logging via a params token, which is friendly for feed URLs. Works just like cookies and sessions when persisting the session.

  • Added the option to use session.user, instead of session.record. This is based off of what model your session is authenticating with.

1.0.0 released 2008-11-05

  • Checked for blank login counts, if a default wasnt set in the migrations.

  • Added check for database table in acts_as_authentic to avoid errors in initial setup.

  • Completely rewrote tests to be more conventional and thorough tests, removed test_app.

  • Modified how validations work so that a validate method was added as well as callbacks for that method.

  • Extracted scope support into its own module to help organize code better.

  • Added in salt for encryption, just like hashes and removed :crypto_provider_type option for acts_as_authentic.

  • Added merb adapters.

  • Improved documentation throughout.

0.10.4 released 2008-10-31

  • Changed configuration to use inheritable attributes

  • Cleaned up requires to be in their proper files

  • Added in scope support.

0.10.3 released 2008-10-31

  • Instead of raising an error when extra fields are passed in credentials=, just ignore them.

  • Added remember_me config option to set the default value.

  • Only call credential methods if an argument was passed.

  • More unit tests

  • Hardened automatic session updating. Also automatically log the user in if they change their password when logged out.

0.10.2 released 2008-10-24

  • Added in stretches to the default Sha512 encryption algorithm.

  • Use column_names instead of columns when determining if a column is present.

  • Improved validation callbacks. after_validation should only be run if valid? = true. Also clear errors before the “before_validation” callback.

0.10.1 released 2008-10-24

  • Sessions now store the “remember token” instead of the id. This is much safer and guarantees all “sessions” that are logged in are logged in with a valid password. This way stale sessions can't be persisted.

  • Bumped security to Sha512 from Sha256.

  • Remove attr_protected call in acts_as_authentic

  • protected_password should use pasword_field configuration value

  • changed magic state “inactive” to “active”

0.10.0 released 2008-10-24

  • Do not allow instantiation if the session has not been activated with a controller object. Just like ActiveRecord won't let you do anything without a DB connection.

  • Abstracted controller implementation to allow for rails, merb, etc adapters. So this is not confined to the rails framework.

  • Removed create and update methods and added save, like ActiveRecord.

  • after_validation should be able to change the result if it adds errors on callbacks.

  • Completed tests.

0.9.1 released 2008-10-24

  • Changed scope to id. Makes more sense to call it an id and fits better with the ActiveRecord model.

  • Removed saving_from_session flag, apparently it is not needed.

  • Fixed updating sessions to make more sense and be stricter.

  • change last_click_at to last_request_at

  • Only run “after” callbacks if the result is successful.

0.9.0 released 2008-10-24

  • Initial release.

Jump to Line
Something went wrong with that request. Please try again.