v1.0.0-beta.4

What's Changed

SECURITY

• Password Shucking Vulnerability

Breaking Changes

• feat: User activation checks and utility functions. by @lonnieezell in #580

Fixed Bugs

• fix: remove username in $validFields by default by @kenjis in #498
• fix: UserModel cannot save an array by @kenjis in #504
• fix: TypeError when checking invalid permission by @kenjis in #510
• fix: set only validated fields to User Entity in RegisterController by @kenjis in #501
• fix: Error exception occurs when user with pending activation tries magic-link login by @kenjis in #503
• fix: withIdentities() when user not exists by @michalsn in #514
• fix: minimum password length check by @kenjis in #527
• fix: findByCredentials() returns User when email is empty string by @kenjis in #548
• bug: Call to a member function inGroup() on null after logging out by @cornejobarraza in #576
• fix: update shield:setup for correct run in CI4.3.0+ by @datamweb in #594
• Fix: groups and permissions filter redirects by @sammyskills in #589
• fix: group entity can method by @jozefrebjak in #649
• fix: Custom login fields should work for logging in. by @lonnieezell in #629

New Features

• Feat: Force password reset by @sammyskills in #601
• Feature: Banning Users by @davidnsai in #650

Enhancements

• feat: add request info to all emails by @jozefrebjak in #431
• Italian Translation by @virdb in #530
• feat: add Turkish lang file by @mcsaygili in #549
• Add filter permission and group by @lonnieezell in #535
• dev: Allow easier overriding of views in developer applications. by @lonnieezell in #565
• feat: add shield:model command by @paulbalandan in #558
• Fix: Unnamed Auth routes returns an error when inside a route group by @sammyskills in #577
• feat: customize name of Shield Tables w/o constant by @kenjis in #633

Refactoring

• refactor: use ::class constants by @kenjis in #540
• refactor: updateActiveDate query builder by @kpeu3u in #520
• refactor: remove unused Auth::class by @datamweb in #588
• refactor: remove namespace from language files by @datamweb in #619
• refactor: replace deprecated Faker property access by @kenjis in #620
• test: fix ForcePasswordResetTest::forceGlobalPasswordReset() by @kenjis in #621
• refactor: UserIdentityModel::update() throws Exception by @kenjis in #622
• refactor: use getIdentity() for improve action Email2FA by @datamweb in #625
• refactor: change return type to void by @kenjis in #626

New Contributors

• @michalsn made their first contribution in #514
• @activivan made their first contribution in #513
• @virdb made their first contribution in #530
• @mcsaygili made their first contribution in #549
• @kpeu3u made their first contribution in #520
• @cornejobarraza made their first contribution in #576
• @caosdp-rs made their first contribution in #618
• @totoprayogo1916 made their first contribution in #623
• @cijagani made their first contribution in #657

Full Changelog: v1.0.0-beta.3...v1.0.0-beta.4

v1.0.0-beta.3

Numerous bug fixes and enhancements.

What's Changed

Fixed Bugs

• fix: field name translation in validation errors by @datamweb in #350
• Load an auth helper in ActionController by @MitkoIT in #353
• fix: bootstrap column on mobile device by @MitkoIT in #366
• fix: AccessTokens throws DataException by @kenjis in #376
• fix: recordActiveDate() updates updated_at by @pjsde in #392
• fix: redirect()->withInput() causes ValidationException by @kenjis in #383
• fix: Session auth action checks by @kenjis in #391
• fix: correctly record the datetime for last_active by @datamweb in #404
• fix: add logic to skip filters if not in HTTP by @kenjis in #409
• fix: NothingPersonalValidator strip_explode too sensible by @arif-rh in #425
• fix: correct display of the error in case of change authenticatorHeader by @datamweb in #442
• fix: bug that when UserIdentity is changed, the correct user identities are not returned afterwards by @kenjis in #452
• bug: fix magic_link_message view template by @sammyskills in #462

Enhancements

• Fix email deliverability error log by @sammyskills in #345
• fix: show validate errors in magic-link by @datamweb in #351
• Spanish (Spain) translation by @treborin in #364
• Spanish (Spain) translation by @treborin in #370
• Improve setup by @kenjis in #371
• feat: update shield:setup for Security Setup by @datamweb in #384
• feat: add filter permission and group by @jlopes90 in #270
• feat: support other databases by @kenjis in #402
• ApiToken docs and filter update. by @lonnieezell in #417
• feat: notify devs when user has used magic link login. by @lonnieezell in #413
• feat: autoload helpers by Composer by @kenjis in #368

New Contributors

• @MitkoIT made their first contribution in #353
• @treborin made their first contribution in #364
• @paulbalandan made their first contribution in #378
• @arif-rh made their first contribution in #421
• @iRedds made their first contribution in #432
• @davidnsai made their first contribution in #437
• @iamsyh made their first contribution in #466

Full Changelog: v1.0.0-beta.2...v1.0.0-beta.3

v1.0.0-beta.2

Numerous bug fixes and enhancements.

Includes security fixes; please update any beta 1 instances immediately.

Requirements:

• CodeIgniter 4.2.3+
• PHP 7.4.3+

What's Changed

• refactor: update for PHPStan update by @kenjis in #206
• fix: rename testtestDisplayLoggedIn to testDisplayLoggedIn by @datamweb in #208
• feat: readable form errors if there are multiple errors by @datamweb in #209
• fix: display message magic link controller if email not send by @datamweb in #204
• fix: Debugbar error after logout by @kenjis in #211
• feat: add message after successful logout by @datamweb in #213
• chore: update rector to ^0.13.3 by @kenjis in #198
• feat: add sheild:setup command for initial setup by @kenjis in #205
• fix: redirect user if loggedIn() and called /login page by @datamweb in #215
• docs: add about minimum-stability by @kenjis in #218
• fix: RememberMe cookie does not work with Cookie prefix by @kenjis in #212
• fix: error occurs if a user deleted from the database has session User Info or RememberMe cookie by @kenjis in #222
• fix: redirect user after loggedIn() and called /login/magic-link page by @datamweb in #223
• fix: use is missing in the replaced source files by @kenjis in #220
• chore: workaroud for rector to break code by @kenjis in #230
• feat: prevent logged-in users from trying to log in again by @kenjis in #216
• Update README.md by @ageir in #236
• feat(lang): add Slovak translate by @jozefrebjak in #235
• fix: Session::logout() does not work by @kenjis in #231
• fix: workaround for email only registration/login by @kenjis in #232
• feat: add email validation in MagicLinkController by @kenjis in #239
• docs: improve installation by @kenjis in #241
• feat: allow to use custom validation rules for registration by @jozefrebjak in #244
• feat: add validation in LoginController by @jlopes90 in #242
• fix: datetime for defaultLocale set fa by @datamweb in #238
• refactor: use Time::now() by @kenjis in #261
• Update Bootstrap core CSS by @ThibautPV in #265
• Added new quickstart docs. by @lonnieezell in #255
• Use variadic passing of groups/permissions by @lonnieezell in #266
• Add French translations by @ThibautPV in #272
• chore: add language unit tests by @kenjis in #274
• docs: update out-of-dated sample code for syncGroups() by @kenjis in #278
• docs: remove incorrect description in authorization.md by @kenjis in #282
• Fix route_to issue by @parisiam in #283
• docs: fix definition actions by @datamweb in #273
• refactor: remove calling route_to() by @kenjis in #285
• docs: add missing space in concepts.md by @jozefrebjak in #290
• fix: Bootstrap column on mobile by @ThibautPV in #287
• style: run php-cs-fixer by @kenjis in #293
• feat(lang): Added Indonesian Language by @ddevsr in #288
• fix: username validation rules by @kenjis in #268
• fix: Exception structure by @kenjis in #286
• fix: shield:setup adds routes in wrong location by @kenjis in #297
• fix: UserModel::save() can't update User's email/password by @kenjis in #275
• Fix: register when logged in by @parisiam in #298
• docs: fix the way to use syncPermissions() by @datamweb in #309
• feat: add user permissions to debug-toolbar by @datamweb in #310
• fix: UserModel::findById() does not work with withIdentities() by @kenjis in #308
• docs: add explanation of methods getGroups(),getPermissions(),hasPermission() by @datamweb in #311
• Add previousLogin method by @sammyskills in #301
• fix: modify the action type in comment by @datamweb in #315
• fix: remove auth_access_tokens table by @kenjis in #317
• refactor: use startUpAction() in LoginController() by @datamweb in #316
• fix: PHP version by @kenjis in #319
• fix: remove permissions from allowedFields UserModel by @datamweb in #325
• docs: fix docs and clear description by @datamweb in #326
• Add german translation by @sba in #321
• refactor: remove unused key force_pass_reset by @kenjis in #337
• fix: Session::refreshRememberMeToken() not update row in database by @jakkepedder in #338
• fix: MySQL tests by @kenjis in #336
• docs: small update by @kenjis in #341
• fix: PostgreSQL tests by @kenjis in #339
• chore: update composer cs-fix command by @kenjis in #340
• refactor: fix incorrect types by @kenjis in #342
• chore: add issue templete by @kenjis in #344
• Change the scope of createIdentity() method by @sammyskills in #346

New Contributors

• @ageir made their first contribution in #236
• @jlopes90 made their first contribution in #242
• @ThibautPV made their first contribution in #265
• @parisiam made their first contribution in #283
• @ddevsr made their first contribution in #288
• @sba made their first contribution in #321
• @jakkepedder made their first contribution in #338

Full Changelog: v1.0.0-beta...v1.0.0-beta.2

v1.0.0-beta

This is the first release of an official authentication/authorization package for CodeIgniter ever.