From 78262f3efbb8edba7ab404e376b5575c9f41c396 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janko=20Marohni=C4=87?= Date: Fri, 2 Aug 2024 22:34:21 +0200 Subject: [PATCH] Clear CHANGELOG.md and point it to GitHub releases I don't feel like maintaining two changelogs anymore, I want GitHub releases to be the source of truth from now on. --- CHANGELOG.md | 585 +----------------------------------------- rodauth-rails.gemspec | 6 +- 2 files changed, 4 insertions(+), 587 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b9b2c98..97112cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,584 +1 @@ -## HEAD - -* Add new `rodauth:mailer` generator (@janko) - -* Refresh `rails_account` when `account` has changed (@janko) - -* Allow overriding `rodauth.rails_url_options` in the mailer (@janko) - -* Remove duplicate index on `account_id` in JWT refresh keys table (@janko) - -* Rely on default index names in generated migrations (@thedumtechguy) - -* Avoid generating Active Record specific `convert_token_id_to_integer?` when Sequel is used - -## 1.14.1 (2024-05-15) - -* Fix matching on account status when passing Active Record object to `Rodauth::Rails.account` (@dush) - -## 1.14.0 (2024-04-09) - -* Allow declaring controller callbacks for specific Rodauth routes via `:only` and `:except` keyword arguments (@janko) - -* Instrument Rodauth controller and route name instead of `RodauthApp#call` on Rodauth requests (@janko) - -* Remove custom `#inspect` from Rodauth app middleware subclass in favour of Ruby 3.3+ `Module#set_temporary_name` (@janko) - -* Fix `data-turbo="false"` being added in the wrong place in reset password request form on login validation errors (@janko) - -* Fix format being inferred from `Accept` header instead URL path when calling `http_basic_auth` in the Rodauth middleware (@janko) - -* Retrieve auth class through the Rodauth app in generated account fixtures (@janko) - -* Use `include Rodauth::Rails.model` again in generated account model (@janko) - -* Avoid generated `convert_token_id_to_integer?` causing tokens to get silently rejected after switching to UUIDs (@janko) - -* Allow referencing custom column attributes on `rails_account` during account creation (@janko) - -* Drop support for Ruby 2.3 and 2.4 (@janko) - -## 1.13.0 (2023-12-25) :christmas_tree: - -* Add `#rodauth` method to controller test helpers (@janko) - -* When session middleware is required by Rodauth but missing, point to Rails docs instead of Roda (@janko) - -* Set `login_confirm_param` to `"email-confirm"` in default configuration for consistency (@janko) - -* Set `convert_token_id_to_integer?` in default configuration to avoid DB queries on boot (@janko) - -## 1.12.0 (2023-10-20) - -* Allow generating view template for `confirm_password` feature (igor-alexandrov) - -* Forward all requests unhandled by the Rodauth app to the Rails router (@janko) - -* Use `Rodauth::Model()` directly for including in generated account model (@janko) - -* Set `{jwt,argon2}_secret` to `hmac_secret` on `rodauth:install` with `--{jwt,argon2}` (@janko) - -* Expose `#turbo_stream` method in `Rodauth::Rails::Auth` when using turbo-rails gem (@janko) - -* Add `#rails_cookies` method for accessing the Action Dispatch cookie jar (@janko) - -## 1.11.0 (2023-08-21) - -* Exclude WebAuthn JS routes in `rodauth:routes`, since those stop being relevant with custom JS (@janko) - -* Separate HTTP verbs with `|` symbol in `rodauth:routes` for consistency with `rails routes` (@janko) - -* Include two factor manage & auth JSON POST routes in `rodauth:routes` task (@janko) - -* Make `rodauth:routes` rake task appear in `rails -T` list (@janko) - -* Accept plugin options in `Rodauth::Rails.lib` (@janko) - -* Support skipping loading Roda `render` plugin by passing `render: false` (@janko) - -## 1.10.0 (2023-07-26) - -* Add `Rodauth::Rails.lib` for easier usage of Rodauth as a library in Rails apps (@janko) - -## 1.9.0 (2023-05-22) - -* Add support for webauthn_autofill feature to the views generator (@janko) - -* Generate view templates for two_factor_base feature only if explicitly specified (@janko) - -* Set `login_param "email"` in generated Rodauth configuration (@janko) - -* Handle Trilogy adapter in generators (@janko) - -* Use `email_subject_prefix` in generated mailer (@janko) - -* Fix typo in `unlock_account` email template (@zavan) - -* Retrieve current account using `account!` in `#rails_account` method (@janko) - -* Drop support for Rails 4.2 (@janko) - -## 1.8.0 (2023-02-25) - -* Add table argument to `rodauth:install` generator (@janko) - -* Add `--prefix` option to `rodauth:migration` generator for choosing table prefix (@janko) - -* Add `--argon2` option to `rodauth:install` generator for configuring password hashing using Argon2 (@janko) - -* Move generated Sequel setup from initializer into the Rodauth configuration for faster boot time (@janko) - -* Use `email_to` and `email_from` Rodauth methods in generated mailer (@janko) - -* Add missing foreign key constraint in `email_auth` Active Record migration (@janko) - -* Correctly retrieve JSON request body when using Falcon (@janko) - -* Render validation error correctly in generated `webauthn_remove` Tailwind template (@janko) - -## 1.7.1 (2023-01-25) - -* Make internal_request integration work on Rack 3.x (@janko) - -* Add missing Tailwind templates for WebAuthn feature (@janko) - -* Use renamed `webauthn_credential_options_for_get` method in generated `webauthn_auth` template (@janko) - -* Fix generated `webauthn_setup` template not working with webauthn_verify_account feature (@janko) - -* Hide text fields in generated `webauthn_{setup,auth}` templates (@janko) - -* Fix loading JavaScript for WebAuthn in generated `webauthn_{setup,auth}` templates (@janko) - -* Make built-in mailer work in Rails 6.x on Ruby 3.2 (@janko) - -## 1.7.0 (2022-12-21) - -* Add Tailwind CSS templates to `rodauth:views` generator via the `--css=tailwind` option (@benkoshy, @janko) - -## 1.6.4 (2022-11-24) - -* Make `#rails_account` work on directly allocated Rodauth object with `@account` set (@janko) - -* Add commented out email configuration for `password_reset_notify` feature (@janko) - -* Design generated mailer in a way that exposes the Rodauth object (@janko) - -* Fix generated logout page always logging out globally when using active sessions feature (@janko) - -## 1.6.3 (2022-11-15) - -* Suggest passing an integer to `verify_account_grace_period` instead of `ActiveSupport::Duration` (@vlado) - -* Use `pass` plugin for forwarding other `{prefix}/*` requests when automatically routing the prefix (@janko) - -* Set minimum password length to 8 in the generated configuration, as per OWASP recommendation (@janko) - -* Set maximum password bytesize to 72 in the generated configuration, as bcrypt truncates inputs longer than 72 bytes (@janko) - -## 1.6.2 (2022-09-19) - -* Use matching precision for current timestamp default values in Active Record 7.0+ migrations on MySQL (@janko) - -## 1.6.1 (2022-09-19) - -* Fix argument error when calling `RodauthMailer` in default configuration (@janko) - -## 1.6.0 (2022-09-14) - -* Avoid creating IDENTITY columns for primary foreign keys on SQL Server with Active Record (@janko) - -* Make configuration name argument required in generated `RodauthMailer` (@janko) - -* Make the Rails integration work without Action Mailer loaded (@janko) - -* Don't redirect to login page when account is missing in `current_account` method (@janko) - -## 1.5.5 (2022-08-04) - -* Don't raise `ArgumentError` when calling `#current_account` without being logged in (@benkoshy) - -* Abort `rodauth:views` generator when unknown feature was specified (@janko) - -* Abort `rodauth:migration` generator when unknown feature was specified (@janko) - -## 1.5.4 (2022-07-21) - -* Generate account fixtures in `spec/fixtures` directory when using RSpec (@benkoshy) - -* Generate account fixtures in `test/fixtures` directory instead of `app/test/fixtures` (@benkoshy) - -* Use string status column values in generated accounts fixture (@janko) - -* Create integer status column in generated Sequel migration (@janko) - -* Store password hash in accounts table in generated Sequel migration (@janko) - -## 1.5.3 (2022-07-21) - -*Yanked* - -## 1.5.2 (2022-07-03) - -* Bump Rodauth dependency version to 2.25+ (@janko) - -* Generate fixture file for accounts on `rodauth:install` (@benkoshy) - -* Fix error about undefined `controller_path` method in `newrelic_rpm` gem instrumentation (@janko) - -* Don't display disabled routes in `rodauth:routes` (@janko) - -* Display HTTP verbs of endpoints in `rodauth:routes` rake task (@janko) - -## 1.5.1 (2022-06-19) - -* Fix syntax for creating `citext` PG extension in Sequel base migration (@Empact) - -## 1.5.0 (2022-06-11) - -* Remove `content_for` calls from generated view templates (@janko) - -* Set title instance variable to `@page_title` in generated configuration (@janko) - -* Set title instance variable on the controller when `title_instance_variable` is set (@HoneyryderChuck) - -## 1.4.2 (2022-05-15) - -* Stop passing email addresses in mailer arguments on verifying login change (@janko) - -* Extract finding account into a method in the generated mailer (@janko) - -* Make generated Action Mailer integration work with secondary Rodauth configurations (@janko) - -* Include `Rodauth::Rails.model` in generated Sequel account model as well (@janko) - -## 1.4.1 (2022-05-08) - -* Deprecate `Rodauth::Rails::Model` constant (@janko) - -* Remove `Rodauth::Rails::Auth#associations` in favour of new association registration API (@janko) - -* Extract model mixin into the rodauth-model gem (@janko) - -## 1.4.0 (2022-05-04) - -* Move association definitions to `#associations` Rodauth method, allowing external features to extend them (@janko) - -* Add Sequel support for generating database migrations, model, and mailer (@janko) - -* Skip calling Rodauth app on asset requests when using Sprockets or Propshaft (@janko) - -## 1.3.1 (2022-04-22) - -* Ensure response status is logged when calling a halting rodauth method inside a controller (@janko) - -## 1.3.0 (2022-04-01) - -* Store password hash on the `accounts` table in generated Rodauth migration and configuration (@janko) - -* Add support for controller testing with Minitest or RSpec (@janko) - -* Fix `enum` declaration in generated `Account` model for Active Record < 7.0 (@janko) - -* Ensure `require_login_redirect` points to the login page even if the login route changes (@janko) - -## 1.2.2 (2022-02-22) - -* Fix flash messages not being preserved through consecutive redirects (@janko) - -## 1.2.1 (2022-02-19) - -* Change `accounts.status` column type from string to integer (@zhongsheng) - -## 1.2.0 (2022-02-11) - -* Work around Active Record 4.2 not supporting procs for literal SQL column default (@janko) - -* Avoid re-fetching the account in `#current_account` when it has already been fetched by Rodauth (@janko) - -* Extract `#current_account` helper functionality into `#rails_account` Rodauth method (@janko) - -* Use default account status values in generated configuration, with enum on `Account` model (@janko) - -## 1.1.0 (2022-01-16) - -* Automatically route the path prefix in `r.rodauth` if one has been set (@janko) - -## 1.0.0 (2021-12-25) - -* Set Rodauth's email subject in the generated mailer (@janko) - -* Raise error when outside of a request and `config.action_mailer.default_url_options` is unset (@janko) - -* Avoid method re-definition warnings with named auth classes caused by `post_configure` being called twice (@janko) - -* Don't modify `config.action_mailer.default_url_options` when `:protocol` is missing (@janko) - -* Move `Rodauth::Rails.url_options` into `Rodauth::Auth#rails_url_options` (@janko) - -* Generate named auth classes in `rodauth:install` generator (@janko) - -* Generate `rodauth_app.rb` in `app/misc` directory (@janko) - -* Add `--name` option to `rodauth:migration` generator (@janko) - -* Disable Turbo in all built-in and generated views (@janko) - -* Modify generated mailer integration to generate URLs according to `default_url_options` (@janko) - -* Skip Active Record files in `rodauth:install` if `ActiveRecord::Railtie` is not defined (@janko) - -* Stop loading `pass` plugin in `Rodauth::Rails::App` (@janko) - -* Remove deprecated `:query` and `:form` options in `Rodauth::Rails.rodauth` (@janko) - -* Require internal_request feature to be enabled in `Rodauth::Rails.rodauth` (@janko) - -## 0.18.1 (2021-12-16) - -* Loosen Rails gem dependency to allow Rails 7.x (Intrepidd) - -## 0.18.0 (2021-11-05) - -* Disable Turbo on the generated login form (@janko) - -* Generate controller views with `form_with` helper on Rails 5.1+ (@janko) - -* Fix missing layout error when rendering Rodauth's built-in templates when using Turbo on Rails 6.0+ (@janko) - -* Fix `Rodauth::Rails.middleware` config not actually affecting middleware insertion (@janko) - -* Set page titles in generated view templates (@janko) - -* Merge field and button partials into view templates (@janko) - -* Raise error for unknown configuration in `Rodauth::Rails.model` (@janko) - -* Generate views for all enabled features by default in `rodauth:views` generator (@janko) - -* Add `Rodauth::Rails::App.rodauth!` which raises an error for unknown configuration (@janko) - -* Remove deprecated `--features` option from `rodauth:views` generator (@janko) - -* Inline `_recovery_codes_form.html.erb` partial into `recovery_codes.html.erb` (@janko) - -* Use Rodauth helper methods for texts in generated views, for easier i18n (@janko) - -* Allow setting passing a `Sequel::Model` to `:account` in `Rodauth::Rails.rodauth` (@janko) - -## 0.17.1 (2021-10-20) - -* Skip checking CSRF when request forgery protection wasn't loaded on the controller (@janko) - -* Create partial unique index for `accounts.email` column when using `sqlite3` adapter (@janko) - -* Revert setting `delete_account_on_close?` to `true` in generated `rodauth_app.rb` (@janko) - -* Disable Turbo in `_recovery_codes_form.html.erb`, since viewing recovery codes isn't Turbo-compatible (@janko) - -* Generate JSON configuration on `rodauth:install` for API-only with sessions enabled (@janko) - -* Generate JWT configuration on `rodauth:install` only for API-only apps without sessions enabled (@janko) - -* Don't generate JWT configuration when `rodauth:install --json` was run in API-only app (@janko) - -* Use `config.action_mailer.default_url_options` in path_class_methods feature (@janko) - -## 0.17.0 (2021-10-05) - -* Set `delete_account_on_close?` to `true` in generated `rodauth_app.rb` (@janko) - -* Change default `:dependent` option for associations to `:delete`/`:delete_all` (@janko) - -* Add `rails_account_model` configuration method for when the account model cannot be inferred (@janko) - -## 0.16.0 (2021-09-26) - -* Add `#current_account` to methods defined on `ActionController::Base` (@janko) - -* Add missing template for verify_login_change feature to `rodauth:views` generator (@janko) - -* Add `#rodauth_response` controller method for converting rodauth responses into controller responses (@janko) - -## 0.15.0 (2021-07-29) - -* Add `Rodauth::Rails::Model` mixin that defines password attribute and associations on the model (@janko) - -* Add support for the new internal_request feature (@janko) - -* Implement `Rodauth::Rails.rodauth` in terms of the internal_request feature (@janko) - -## 0.14.0 (2021-07-10) - -* Speed up template rendering by only searching formats accepted by the request (@janko) - -* Add `--name` option to `rodauth:views` generator for specifying different rodauth configuration (@janko) - -* Infer correct template path from configured controller in `rodauth:views` generator (@janko) - -* Raise `ArgumentError` if undefined rodauth configuration is passed to `Rodauth::Rails.app` (@janko) - -* Make `#rails_controller` method on the rodauth instance public (@janko) - -* Remove `--directory` option from `rodauth:views` generator (@janko) - -* Remove `#features` and `#routes` writer and `#configuration` reader from `Rodauth::Rails::Auth` (@janko) - -## 0.13.0 (2021-06-10) - -* Add `:query`, `:form`, `:session`, `:account`, and `:env` options to `Rodauth::Rails.rodauth` (@janko) - -## 0.12.0 (2021-05-15) - -* Include total view render time in logs for Rodauth requests (@janko) - -* Instrument redirects (@janko) - -* Instrument Rodauth requests on `action_controller` namespace (@janko) - -* Update templates for Boostrap 5 compatibility (@janko) - -* Log request parameters for Rodauth requests (@janko) - -## 0.11.0 (2021-05-06) - -* Add controller-like logging for requests to Rodauth endpoints (@janko) - -* Add `#rails_routes` to Roda and Rodauth instance for accessing Rails route helpers (@janko) - -* Add `#rails_request` to Roda and Rodauth instance for retrieving an `ActionDispatch::Request` instance (@janko) - -## 0.10.0 (2021-03-23) - -* Add `Rodauth::Rails::Auth` superclass for moving configurations into separate files (@janko) - -* Load the `pass` Roda plugin and recommend calling `r.pass` on prefixed routes (@janko) - -* Improve Roda middleware inspect output (@janko) - -* Create `RodauthMailer` and email templates in `rodauth:install`, and remove `rodauth:mailer` (@janko) - -* Raise `KeyError` in `#rodauth` method when the Rodauth instance doesn't exist (@janko) - -* Add `Rodauth::Rails.authenticated` routing constraint for requiring authentication (@janko) - -## 0.9.1 (2021-02-10) - -* Fix flash integration being loaded for API-only apps and causing an error (@dmitryzuev) - -* Change account status column default to `unverified` in migration to match Rodauth's default (@basabin54) - -## 0.9.0 (2021-02-07) - -* Load Roda's JSON support by default, so that enabling `json`/`jwt` feature is all that's needed (@janko) - -* Bump Rodauth dependency to 2.9+ (@janko) - -* Add `--json` option for `rodauth:install` generator for configuring `json` feature (@janko) - -* Add `--jwt` option for `rodauth:install` generator for configuring `jwt` feature (@janko) - -* Remove the `--api` option from `rodauth:install` generator (@janko) - -## 0.8.2 (2021-01-10) - -* Reset Rails session on `#clear_session`, protecting from potential session fixation attacks (@janko) - -## 0.8.1 (2021-01-04) - -* Fix blank email body when `json: true` and `ActionController::API` descendant are used (@janko) - -* Make view and email rendering work when there are multiple configurations and one is `json: :only` (@janko) - -* Don't attempt to protect against forgery when `ActionController::API` descendant is used (@janko) - -* Mark content of rodauth built-in partials as HTML-safe (@janko) - -## 0.8.0 (2021-01-03) - -* Add `--api` option to `rodauth:install` generator for choosing JSON-only configuration (@janko) - -* Don't blow up when a Rodauth request is made using an unsupported HTTP verb (@janko) - -## 0.7.0 (2020-11-27) - -* Add `#rails_controller_eval` method for running code in context of a controller instance (@janko) - -* Detect `secret_key_base` from credentials and `$SECRET_KEY_BASE` environment variable (@janko) - -## 0.6.1 (2020-11-25) - -* Generate the Rodauth controller for API-only Rails apps as well (@janko) - -* Fix remember cookie deadline not extending in remember feature (@janko) - -## 0.6.0 (2020-11-22) - -* Add `Rodauth::Rails.rodauth` method for retrieving Rodauth instance outside of request context (@janko) - -* Add default Action Dispatch response headers in Rodauth responses (@janko) - -* Run controller rescue handlers around Rodauth actions (@janko) - -* Run controller action callbacks around Rodauth actions (@janko) - -## 0.5.0 (2020-11-16) - -* Support more Active Record adapters in `rodauth:install` generator (@janko) - -* Add `rodauth:migration` generator for creating tables of specified features (@janko) - -* Use UUIDs for primary keys if so configured in Rails generators (@janko) - -* Add `rodauth:routes` rake task for printing routes handled by Rodauth middleware (@janko) - -## 0.4.2 (2020-11-08) - -* Drop support for Ruby 2.2 (@janko) - -* Bump `sequel-activerecord_connection` dependency to 1.1+ (@janko) - -* Set default bcrypt hash cost to `1` in tests (@janko) - -* Call `AR::Base.connection_db_config` on Rails 6.1+ in `rodauth:install` generator (@janko) - -## 0.4.1 (2020-11-02) - -* Don't generate `RodauthController` in API-only mode (@janko) - -* Pass `test: false` to Sequel in the `sequel.rb` initializer (@janko) - -## 0.4.0 (2020-11-02) - -* Support Rails API-only mode (@janko) - -* Make `rodauth:install` create `rodauth_app.rb` in `app/lib/` directory (@janko) - -## 0.3.1 (2020-10-25) - -* Depend on sequel-activerecord_connection 1.0+ (@janko) - -## 0.3.0 (2020-09-18) - -* Handle custom configured database migration paths in install generator (@janko) - -* Allow specifying features as plain arguments in `rodauth:views` generator (@janko) - -* Add some missing foreign key constraints in generated migration file (@janko) - -## 0.2.1 (2020-07-26) - -* Fix incorrect JDBC connect syntax in `sequel.rb` template on JRuby (@janko) - -## 0.2.0 (2020-07-26) - -* Drop support for Rodauth 1.x (@janko) - -* Change `rodauth_app.rb` template to send emails in the background after transaction commit (@janko) - -* Bump `sequel-activerecord_connection` dependency to `~> 0.3` (@janko) - -* Use the JDBC adapter in sequel.rb initializer when on JRuby (@janko) - -## 0.1.3 (2020-07-04) - -* Remove insecure MFA integration with remember feature suggestion in `lib/rodauth_app.rb` (@janko, @nicolas-besnard) - -* Use correct password autocomplete value on Rodauth 2.1+ (@janko) - -* Enable skipping CSRF protection on Rodauth 2.1+ by overriding `#check_csrf?` (@janko) - -* Don't generate Sequel initializer if Sequel connection exists (@janko) - -* Fix typo in remember view template (@nicolas-besnard) - -* Fix some more typos in `lib/rodauth_app.rb` (@janko) - -## 0.1.2 (2020-05-14) - -* Fix some typos in comment suggestions in `lib/rodauth_app.rb` (@janko) - -## 0.1.1 (2020-05-09) - -* Include view templates in the gem (@janko) -* Use `Login` labels to be consistent with Rodauth (@janko) +The changelog is tracked in [GitHub releases](https://github.com/janko/rodauth-rails/releases). diff --git a/rodauth-rails.gemspec b/rodauth-rails.gemspec index 3fd4163..b8dc2bb 100644 --- a/rodauth-rails.gemspec +++ b/rodauth-rails.gemspec @@ -6,14 +6,14 @@ Gem::Specification.new do |spec| spec.authors = ["Janko Marohnić"] spec.email = ["janko.marohnic@gmail.com"] - spec.summary = %q{Provides Rails integration for Rodauth.} - spec.description = %q{Provides Rails integration for Rodauth.} + spec.summary = %q{Provides Rails integration for Rodauth authentication framework.} + spec.description = %q{Provides Rails integration for Rodauth authentication framework.} spec.homepage = "https://github.com/janko/rodauth-rails" spec.license = "MIT" spec.required_ruby_version = ">= 2.5" - spec.files = Dir["README.md", "LICENSE.txt", "CHANGELOG.md", "lib/**/*", "*.gemspec"] + spec.files = Dir["README.md", "LICENSE.txt", "lib/**/*", "*.gemspec"] spec.require_paths = ["lib"] spec.add_dependency "railties", ">= 5.0", "< 8"