-
Notifications
You must be signed in to change notification settings - Fork 227
Changelog
Fixed typo in initializer - MUST be "config.user_class = User"
Fixed #3 and #4 - Modular Sinatra apps work now, and User model isn't cached in development mode.
Fixed bug in reset_password - after reset can't login due to bad salt creation. Affected only Mongoid.
Added support for Mongoid! (still buggy and not recommended for serious use)
'reset_password!(:password => new_password)' changed into 'change_password!(new_password)'
Added test helpers for Rails 3 & Sinatra.
Fixing Rails app name in initializer.
Changed the way Sorcery is configured. Now inside the model only add:
authenticates_with_sorcery!
In the controller no code is needed! All configuration is done in an initializer. Added a rake task to create it.
rake sorcery:bootstrap
Renamed "oauth" module to "external" and made API prettier.
auth_at_provider(provider) => login_at(provider)
login_from_access_token(provider) => login_from(provider)
create_from_provider!(provider) => create_from(provider)
Added Sinatra support!
Added Rails 3 generator for migrations
Fixed bug with OAuth submodule - oauth gems were not required properly in gem.
Fixed bug with OAuth submodule - Authentications class was not passed between model and controller in all cases resulting in Nil exception.
Added OAuth submodule.
- OAuth1 and OAuth2 support (currently twitter & facebook)
- configurable db field names and authentications table.
Some bug fixes: 'return_to' feature, brute force permanent ban.
Added activity logging submodule.
- automatic logging of last login, last logout and last activity time.
- an easy method of collecting the list of currently logged in users.
- configurable timeout by which to decide whether to include a user in the list of logged in users.
Fixed bug in basic_auth - it didn't set the session[:user_id] on successful login and tried to relogin from basic_auth on every action.
Added Reset Password hammering protection and updated the API.
Totally rewritten Brute Force Protection submodule.
Added support for Basic HTTP Auth.
Separated mailers between user_activation and password_reset and updated readme.
Fixed bug with BCrypt not being used properly by the lib and thus not working for authentication.
- login/logout, optional redirect on login to where the user tried to reach before, configurable redirect for non-logged-in users.
- password encryption, algorithms: bcrypt(default), md5, sha1, sha256, sha512, aes256, custom(yours!), none. Configurable stretches and salt.
- configurable attribute names for username, password and email.
- User activation by email with optional success email.
- configurable attribute names.
- configurable mailer.
- Optionally prevent active users to login.
- Reset password with email verification.
- configurable mailer, method name, and attribute name.
- Remember me with configurable expiration.
- configurable attribute names.
- Configurable session timeout.
- Optionally session timeout will be calculated from last user action.
- Brute force login hammering protection.
- configurable logins before ban, logins within time period before ban, ban time and ban action.
Meta
Using Sorcery
- Activity Logging
- Brute Force Protection
- DataMapper Support
- DelayedJob Integration
- Distinguish login failure reasons
- External
- External---Microsoft-Graph-authentication
- Fetching Currently Active Users
- HTTP Basic Auth
- Integration Testing
- OAuth Landing Page
- Password-less Activation
- Remember Me
- Reset Password
- Routes Constraints
- Session Timeout
- Simple Password Authentication
- Single Table Inheritance Support
- Testing Rails
- User Activation
Contributing to Sorcery