- Render files the Rails 6 way #66
- Syntax updates so included factories work with newer versions of FactoryBot
- Adding
User.find_or_create_from_access_token_request
to support access_token-based Pundit authorization
- Adding
User.current_client_urn
to better support Pundit authorization
- Support rails 5.2 green field apps, including fixes for setting the default secret key and removing an unnecessary jquery dependency ([#55][#55])
- Added support for factory_bot_rails while deprecating support for factory_girl_rails. Existing projects that use FactoryGirl will continue to work with the auth test helpers, but we recommend upgrading to factory_bot at your earliest convenience.
- Backwards incompatible changes
- Dropped support for rails < 4.1
- The
:g5_authenticatable_user
factory no longer assigns a default role to the user. If you specifically need a user with a global viewer role, use the new:g5_authenticatable_viewer
factory instead.
- Deprecations
- The
has_global_role?
method onG5Authenticatable::BasePolicy
andG5Authenticatable::BasePolicy::BaseScope
has been deprecated in favor ofglobal_role?
- The
- Bug fixes
- Fixed problem with route generation in devise failure app
- Enhancements
- Extend session timeout to 12 hours for client applications
- Add support for rails 5.x and ruby 2.4
- Refactor custom mapping logic into devise_g5_authenticatable callbacks (#47)
- Location role policies (#46)
- Fixes bug that granted higher permissions when the resource for a scoped roles didn't exist.
- Adds Impersonate (Assume) Devise Strategy and Concern to handle access to session stored values
- Handles the ability and rules to impersonate a user providing his unique ID
- Adds the UID from the session and request to be used by the Auth Workflow when present
- Upgrade to devise_g5_authenticatable to fix regression bug G5/devise_g5_authenticatable#23
- Upgrade to omniauth_g5 to fix regression bug G5/omniauth-g5#10
- Removed pinned g5_updatalbe version from 0.6.0 to > 0.6.0
- Fixed bug when listing clients
- Add convenience methods to
G5Authenticatable::User
, as well as aG5Updatable::ClientPolicy
for authorizing access to clients based on roles (#37)
- Add support for resource-scoped roles (#35)
- Upgraded dependency on devise_g5_authenticatable to pick up compatibility fixes for devise v3.5.1 (#34)
- Removed custom
G5Authenticatable::FailureApp
, as the fix to devise itself was released (#25)
- Added user roles. Requires running
rails g g5_authenticatable:install
andrake db:migrate
(#33) - Added user attributes. Requires running
rails g g5_authenticatable:install
andrake db:migrate
(#32) - Updated documentation around test helper dependencies and incompatibilities (#30)
- Override
Devise::FailureApp
with fix for compatibility with Rails 4.2 (#26)
- Fix test helpers when strict token validation is enabled during testing (#24)
- Several fixes around sign-out, including accepting GET requests and enabling strict token validation (#21)
- Improved documentation around controller test helpers (#22)
- Added
g5_authenticatable:purge_users
rake task to purge local user data; primarily used for configuring demo/dev environments built on a production clone or DB dump (#23)
- First open source release to RubyGems
- Controller test helpers
- Update dependency on g5_authenticatable_api for bug fix to ignore password credential configuration during token validation.
- Remove auth client defaults in favor of env variables
- Set
G5_AUTH_USERNAME
andG5_AUTH_PASSWORD
on auth client defaults
- Update dependency on g5_authenticatable_api to include new Rails API helpers.
- Fix shared test helpers for client applications that do not mixin the FactoryGirl syntax methods in their RSpec config.
- Integrate g5_authenticatable_api for securing API methods.
- Test helpers and shared context for integration tests in client applications.
- Bump version for devise_g5_authenticatable to pick up PostgreSQL fix.
- Initial release