-
Changed configuration to use inheritable attributes
-
Cleaned up requires to be in their proper files
-
Added in scope support.
-
Instead of raising an error when extra fields are passed in credentials=, just ignore them.
-
Added remember_me config option to set the default value.
-
Only call credential methods if an argument was passed.
-
More unit tests
-
Hardened automatic session updating. Also automatically log the user in if they change their password when logged out.
-
Added in stretches to the default Sha512 encryption algorithm.
-
Use column_names instead of columns when determining if a column is present.
-
Improved validation callbacks. after_validation should only be run if valid? = true. Also clear errors before the “before_validation” callback.
-
Sessions now store the “remember token” instead of the id. This is much safer and guarantees all “sessions” that are logged in are logged in with a valid password. This way stale sessions can’t be persisted.
-
Bumped security to Sha512 from Sha256.
-
Remove attr_protected call in acts_as_authentic
-
protected_password should use pasword_field configuration value
-
changed magic state “inactive” to “active”
-
Do not allow instantiation if the session has not been activated with a controller object. Just like ActiveRecord won’t let you do anything without a DB connection.
-
Abstracted controller implementation to allow for rails, merb, etc adapters. So this is not confined to the rails framework.
-
Removed create and update methods and added save, like ActiveRecord.
-
after_validation should be able to change the result if it adds errors on callbacks.
-
Completed tests.
-
Changed scope to id. Makes more sense to call it an id and fits better with the ActiveRecord model.
-
Removed saving_from_session flag, apparently it is not needed.
-
Fixed updating sessions to make more sense and be stricter.
-
change last_click_at to last_request_at
-
Only run “after” callbacks if the result is successful.
-
Initial release.