-
Added build method to authenticates_many association to act like AR association collections.
-
Added validation boolean configuration options for acts_as_authentic: validate_field, validate_login_field, validate_password_field, validate_email_field. This turns on and off validations for their respective fields.
-
Renamed all password_reset_token terms to perishable_token, including configuration, etc. I still allow for the old configurations so this will not break compatibility, but perishable token is a better name and can be used for account confirmation as well as a password reset token, or anything else you want.
-
Renamed all remember_token instances to persistence_token, the term “remember token” doesn’t really make sense. I still allow for the old configuration, so this will not break backwards compatibility: persistence_token fits better and makes more sense.
-
Added check for database set up in acts_as_authentic to prevent errors during migrations.
-
Forced logged_in and logged_out named scopes to use seconds.
-
Hardened valid_password? method to only allow raw passwords.
-
controllers and scopes are no longer stored in class variables but in the Thread.current hash so their instances die out with the thread, which frees up memory.
-
Removed single_access_token_field and remember_token_field from Sesson::Config, they are not needed there.
-
Added password_reset_token to assist in resetting passwords.
-
Added email_field, email_field_regex, email_field_regex_failed_message configuration options to acts_as_authentic. So that you can validate emails as well as a login, instead of the either-or approach.
-
Added configuration for all validation messages for the session so that you can modify them and provide I18n support.
-
Removed ActiveRecord dependency.
-
Removed loading shoulda macros by default, moved to shoulda_macros dir.
-
Modified how params access works. Added in single_access_token_field which params now uses. See the single access section in the README. Various configuration options added as well.
-
Cleaned up acts_as_authentic configuration, added new config module to do this.
-
Cleaned up acts_as_authentic tests
-
Moved acts_as_authentic sub modules into the proper name spaces
-
Moved Rack standards into abstract_adapter for the controllers.
-
Added authenticating_with_credentials?, authenticating_with_unauthorized_record?
-
Fixed typo in abstract_adapter, black to block.
-
Cleaned up / reorganized tests.
-
Moved ActiveRecord additions to ORM Adapters name space to make way for Data Mapper.
-
Reorganized and modified acts_as_authentic to be free standing and not get info from the related session.
-
The session now gets its configuration from the model, since determining which fields are present is ORM specific.
-
Extracted session and cookie logic into their own modules for Session.
-
Moved crypto providers into their own module and added a Sha1 provider to help with the restful_authentication transition.
-
Allow the unique_token method to use the alternate crypto_provider if it is a hash algorithm, otherwise default to Sha512.
-
Added last_request_at_threshold configuration option.
-
Changed Scoped class to AuthenticatesManyAssociation, like AR has HasManyAssociation, etc.
-
Added should_be_authentic shoulda macro.
-
Removed some magic from how sessions are initialized. See the initialize documentation, this method is a little more structured now, which was required for adding in openid.
-
Added in logging via a params token, which is friendly for feed URLs. Works just like cookies and sessions when persisting the session.
-
Added the option to use session.user, instead of session.record. This is based off of what model your session is authenticating with.
-
Checked for blank login counts, if a default wasnt set in the migrations.
-
Added check for database table in acts_as_authentic to avoid errors in initial setup.
-
Completely rewrote tests to be more conventional and thorough tests, removed test_app.
-
Modified how validations work so that a validate method was added as well as callbacks for that method.
-
Extracted scope support into its own module to help organize code better.
-
Added in salt for encryption, just like hashes and removed :crypto_provider_type option for acts_as_authentic.
-
Added merb adapters.
-
Improved documentation throughout.
-
Changed configuration to use inheritable attributes
-
Cleaned up requires to be in their proper files
-
Added in scope support.
-
Instead of raising an error when extra fields are passed in credentials=, just ignore them.
-
Added remember_me config option to set the default value.
-
Only call credential methods if an argument was passed.
-
More unit tests
-
Hardened automatic session updating. Also automatically log the user in if they change their password when logged out.
-
Added in stretches to the default Sha512 encryption algorithm.
-
Use column_names instead of columns when determining if a column is present.
-
Improved validation callbacks. after_validation should only be run if valid? = true. Also clear errors before the “before_validation” callback.
-
Sessions now store the “remember token” instead of the id. This is much safer and guarantees all “sessions” that are logged in are logged in with a valid password. This way stale sessions can’t be persisted.
-
Bumped security to Sha512 from Sha256.
-
Remove attr_protected call in acts_as_authentic
-
protected_password should use pasword_field configuration value
-
changed magic state “inactive” to “active”
-
Do not allow instantiation if the session has not been activated with a controller object. Just like ActiveRecord won’t let you do anything without a DB connection.
-
Abstracted controller implementation to allow for rails, merb, etc adapters. So this is not confined to the rails framework.
-
Removed create and update methods and added save, like ActiveRecord.
-
after_validation should be able to change the result if it adds errors on callbacks.
-
Completed tests.
-
Changed scope to id. Makes more sense to call it an id and fits better with the ActiveRecord model.
-
Removed saving_from_session flag, apparently it is not needed.
-
Fixed updating sessions to make more sense and be stricter.
-
change last_click_at to last_request_at
-
Only run “after” callbacks if the result is successful.
-
Initial release.