- We don't need to add
config.action_mailer.default_url_optionsanymore - Make gem add bcrypt more resilient
- Remove dependency on redis / kredis for sudoable
- Fix --webauthn option. (add @github/webauthn-json)
- Update application_controller to rails 8
- Remove --ratelimit option
- Remove rate limit from api generator
- Remove system tests
- Use native rate_limit for lockable
- Copy web_authn_controller.js instead of depend on stimulus-web-authn
- Fix bug where token is not expired/invalid
- Use the new normalizes API
- Use the new password_challenge API
- Use the new authenticate_by API
- Use the new generates_token_for API
- Adjust relationship so that account has many users
- Adjust relationship so that account has one user
- Add account to user by default when tenantable
- Refactor account middleware for account scoping
- Remove raising exception when Current.account is nil in AccountScoped
- Add multi-tenant artifacts that you can use. (--tenantable)
- Replaced session with session_record, it has a conflict on rails 7.1 (bug-fix)
- Add new option to refresh otp secret
- Remove otp secret from client
- Add two factor authentication using a hardware security key (--webauthn)
- Move two factor authentication to new namespaces
- Use session to store the token for the 2fa challenge
- Add recovery codes to two factor auth
- Removed code-verifiable strategy
- Respond password reset edit api with no_content
- Add sign-in as button functionallity (--masqueradable)
- Remove password requirements
- Rubocop compliant
- Brakeman compliant
- Enable resend invitation
- Refactor first_or_initialize -> find_or_initialize_by
- Bring back --sudoable, just for html and you should set before_action yourself
- Bring back --ratelimit
- Removed signed in email notification
- Added sending invitation
- Remove password challenge for 2FA
- Remove lock from sign in
- Verify email using identity/email_verification?sid=xxx instead of identity/email_verification/edit?sid=xxx
- Remove passwordless from api template
- Remove sudoable, I want to make things simple for new users, and it will became even simpler with the new rails 7.1 "password challenge api"
- Revoke all password reset tokens (security enhancement)
- Sign in without password (new feature)
- Increase attemps for lockable sign-in
- Require lock for sign in when lockable
- Remove api documentation and reference for api docs from README
- Remove bundle install instruction
- Dont require sudo for omniauth users
- Add gems instead of uncomment gemfile lines
- Fix home view
- Safe navigation for email normalization
- Fix omniauth not verifying user
- Generate home controller
- Add default_url_options to environments
- Migrate tokens to a table structure
- Refactor lockable to a controller method
- Remove model option from generator
- Remove sudo from default generator
- Remove sudo_at from database
- Implement sudoable using redis
- Implement two-factor
- Implement trackable
- Organize controllers in identity and sessions namespaces
- Implemented omniauth
- Implemented ratelimit
- Implemented pwned
- Implemented lockable
- Implemented sudo
- Destroy sessions after change password
- On system tests, assert_current_path in sign_in