All notable changes to this project will be documented in this file. This project adheres to Semantic Versioning.
- Add Rails 8 support - @OskarEichler
1.18.1 - 2023-01-03
- Fix a regression introduced by #402, that caused hooks not to be invoked - @dmke
1.18.0 - 2022-12-27
- Add Rails 7 support - @OskarEichler
- Undesirable override of hooks by (no-op) default implementation - @Startouf
1.17.0 - 2019-09-21
- Add Rails 6 support for Mongoid adapter - @unused
1.16.0 - 2019-08-20
- Add Rails 6 support - @MatthiasRMS
- Removed the
Gemfile.lock
- mostly to acknowledge that it was used only in development and is not really needed.
1.15.1 - 2017-01-26
- Work around jbuilder issues caused by the Rails API adapter - @IvRRimum with help from @Pepan
1.15.0 - 2017-01-14
- Support for hooks, specifically
after_successful_token_authentication
for now - A Contributor Code of Conduct to ensure everyone feels safe contributing
1.14.0 - 2016-07-09
- Rails 5 support - with help from @chrisvel, @fighterii and @jblac
- Travis CI now only relies on Appraisal for dependency management
1.13.0 - 2016-04-20
- Support for Devise 4
- This change log : )
- The Travis CI build matrix to improve the regression testing coverage
- The migration suggestion to make it safer - by @halilim
1.12.0 - 2016-01-06
- Rails Metal support, using the public adapter interface : ) - @singfoom
1.11.0 - 2015-12-14
- Support for the Devise custom finders, Simple Token Authentication now uses the customizable
find_for_authentication
method to retrieve records. - @lowjoel
- The license identifier format to match the SPDX guidelines
1.10.1 - 2015-11-10
- The
NoAdapterAvailableError
now provides details about its cause and hints to solve it. - A Testing section to the
README
- John Mosesman
- An unnecessary Ruby 2.0 requirement caused by an indirect dependency, let's keep backward compatibility as long as possible
- A couple of typos - @eliotsykes and @jtperreault
1.10.0 - 2015-06-03
- The fallback option, and support for the
fallback: :exception
which mimics the Devise behaviour when authentication fails
- The fallback_to_devise option to
fallback: :devise
andfallback: :none
to get more flexibility and be able to supportfallback: :exception
. The older syntax is not officially deprecated, but using the fallback option is completely equivalent, and recommended.
1.9.1 - 2015-04-28
- The Mongoid adapter loading (which I did break when refactoring v1.9.0) - fixed with help from @krsyoung
1.9.0 - 2015-04-24
- More filters to scope
acts_as_token_authentication_handler_for
::if
and:unless
, expected to be used with a Proc. - Alias names for token authenticatable classes can now be defined (in the token authentication handlers declarations): e.g.
acts_as_token_authentication_handler_for Vehicle::User, as: pilot
- Errors defining namespaced classes as token authenticatable, by allowing aliases to be defined for them - with help from @joshblour, @jessesandford, @ivan-kolmychek and @bbuchalter
1.8.0 - 2015-02-21
- Custom identifiers option, using other fileds than
:email
to identify records is now possible. When this option is in use, the default header names are updated acordingly. - @nicolo - The skip_devise_trackable option - @nMustaki
- A typo - @joelparkerhenderson
1.7.0 - 2014-11-27
- Rails API support, controllers which inherit from
ActionController::API
can now be token Authentication handlers! - with help from @DeepAnchor - Integration with Devise case-insensitive keys, keys configured to be case insensitive in Devise are now automatically case insensitive in Simple Token Authentication as well - @munkius
- Some important inline documentation
1.6.0 - 2014-10-24
- Mongoid support, using the adapter interface : )
1.5.2 - 2014-10-21
- Public specification of the adapter interface
- Documentation about the new specs and how to contribute
- The option header_names can now also be used to set a single custom header, either for the identifier (e.g.
user_email
) or the token (e.g.user_token
). Previously, setting both at once was required. - Memoization implementation error in several class methods. The bug didn't modify the public behaviour of the gem, but did create bunches of instances of
EntityManager
andFallbackAuthenticationHandler
without necessity.
- The Cucumber features, in favor of faster and more flexible RSpec specs
- The internal syntax for the fallabck_to_devise option is now
fallback: :devise
andfallback: :none
for added flexibility. The change is transparent for end users, and will only be made official if new fallback mechanisms are introduced. - Refactored heavily the code base to allow the introduction of the RSpec test suite, contributing should now be a lot easier
- Optional dependencies (e.g. ActiveRecord, ActionController) are now encapsulated into independent adapters
1.5.1 - 2014-09-18
- Support for Devise 3.3 - @prabode
1.5.0 - 2014-05-31
- Support for multiple Devise scopes per token authentication handler, a single controller can now independently handle token authentication for
User
andAdminUser
for example - @donbobka
1.4.0 - 2014-05-24
- Filters to scope
acts_as_token_authentication_handler_for
::only
and:except
, so token authentication handling can be restricted to a set of controller actions - @donbobka
- The authentication token condition of existence for improved readability - @lenart
1.3.0 - 2014-05-17
- The fallback_to_devise option allows to disable the default fallback to Devise authentication when token authentication fails - @donbobka
- Add documentation: the fallback to Devise MUST be disabled when CSRF protection is disabled (often the case for API controllers)
1.2.1 - 2014-04-26
- The integration with Devise trackable, the sign in count is no longer increased when token authentication succeeds - @adamniedzielski
- A typo - @nickveys
1.2.0 - 2014-02-24
- Configuration framework, allows Simple Token Authentication to be configured using an initializer - @krsyoung and @joel
- The sign_in_token option allows to create persistent sessions when token authentiation succeeds (can be used to sign in users from a link in an e-mail, for example) - @krsyoung
- The header_names option allows to define custom names for HTTP headers, e.g.
X-User-Authentication-Token
1.1.1 - 2014-02-20
- The Travis CI build is now testing the correct release, I did make a mistake when releasing v1.1.0
1.1.0 - 2014-02-20
- Add support for multiple token authenticatable classes, any model known to Devise can now be made token authenticatable, not only
User
- @invernizzi
1.0.1 - 2014-01-26
- Nothing, this is a replacement for v1.0.0 (because I messed up with Rubygems)
1.0.0 - 2014-01-26 [YANKED]
- A test suite, using Cucumber : )
1.0.0.pre.5 - 2014-01-09
- Authentication was required as soon as the gem was loaded - reported by @pdobb and @AhmedAttyah
- Use the Bundler-friendly format for version numbers instead of follwing strictly the Semantic Versionning specification
1.0.0-beta.4 - 2013-12-26
- The user record is now fetched using
find_by_email
whenfind_by
is not present (Rails 3.2) - with help from @AhmedAttyah
1.0.0-beta.3 - 2013-12-17
- Redundant dependencies: Simple Token Authentication only depends on ActionMailer and ActiveRecord, not Rails
1.0.0-beta.2 - 2013-12-16
- Explicit dependency on Devise
- Documentation
This gist did refactor the Jose Valim's code into an ActiveSupport::Concern
.
Thanks to @nTraum for pointing me at http://keepachangelog.com and to @olivierlacan for writing it in the first place!