-
Notifications
You must be signed in to change notification settings - Fork 97
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
5fb50f2
commit 34df1bf
Showing
3 changed files
with
49 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| === master | ||
| === 2.31.0 (2023-08-22) | ||
|
|
||
| * Make clear_session work correctly for internal requests (janko) (#359) | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| = New Features | ||
|
|
||
| * The internal_request feature now supports WebAuthn, using | ||
| the following methods: | ||
|
|
||
| * With the webauthn feature: | ||
| * webauthn_setup_params | ||
| * webauthn_setup | ||
| * webauthn_auth_params | ||
| * webauthn_auth | ||
| * webauthn_remove | ||
|
|
||
| * With the webauthn_login feature: | ||
| * webauthn_login_params | ||
| * webauthn_login | ||
|
|
||
| * A webauthn_login_user_verification_additional_factor? configuration | ||
| method has been added to the webauthn_login feature. By default, | ||
| this method returns false. If you configure the method to return | ||
| true, and the WebAuthn credential provided specifies that it | ||
| verified the user, then this will treat the user verification as | ||
| a second factor, so the user will be considered multifactor | ||
| authenticated after successful login. You should only set this | ||
| method to true if you consider the WebAuthn user verification | ||
| strong enough to be a independent factor. | ||
|
|
||
| * A json_response_error? configuration method has been added to the | ||
| json feature. This should return whether the current response | ||
| should be treated as an error by the json feature. By default, | ||
| it is true if json_response_error_key is set in the response, | ||
| since that is the default place that Rodauth stores errors when | ||
| using the json feature. | ||
|
|
||
| * A webauthn_invalid_webauthn_id_message configuration method has | ||
| been added for customizing the error message used for invalid | ||
| WebAuthn IDs. | ||
|
|
||
| = Other Improvements | ||
|
|
||
| * The argon2 feature now supports setting the Argon2 p_cost if | ||
| argon2 2.1+ is installed. | ||
|
|
||
| * An :invalid_webauthn_id error reason is now used for invalid | ||
| WebAuthn IDs. | ||
|
|
||
| * The clear_session method now works as expected for internal | ||
| requests. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters