CHANGES.md

3.1.0 (2021-10-26)

• #70 Support URL-encoded PEMs to support new Puma header requirements. (@drcapulet)

3.0.0 (2020-08-10)

• #68 Remove ca_file and require_cert options to the config builder as we no longer verify the certificate chain. (@drcapulet)

• #67 Remove ca_file, require_cert, and truststore options to X509 middleware as we no longer verify the certificate chain. (@drcapulet)

2.2.2 (2020-07-02)

• #65 Fix error when passing truststore instead of ca_file to X509 middleware. (@drcapulet)

2.2.1 (2020-01-08)

• #63 Fix FrozenError in permit matcher description. (@drcapulet)

2.2.0 (2019-12-05)

• #55 Allow dynamic injection of credentials. (@drcapulet)

• #59 Expose X.509 Subject Alternative Name extension in the Rails::Auth::X509::Certificate and provide a convenience method spiffe_id to expose SPIFFE ID. (@mbyczkowski)

• #57 Add support for latest versions of Ruby, JRuby and Bundler 2. (@mbyczkowski)

2.1.4 (2018-07-12)

• #51 Fix bug in permit custom matcher so that a description is rendered. (@yellow-beard)

2.1.3 (2017-08-04)

• #44 Normalize abnormal whitespace in PEM certificates for Passenger 5. (@drcapulet)

2.1.2 (2017-01-27)

• #42 Don't leak credentials between requests in test / development. (@nerdrew)

2.1.1 (2016-09-24)

• #41 Fix Rails router constraint for checking rails-auth is installed. (@drcapulet)

2.1.0 (2016-09-24)

• #40 Add Rails router constraint for checking rails-auth is installed. (@drcapulet)

2.0.3 (2016-07-20)

• #39 Make credentials idempotent. (@tarcieri)

• #38 Monitor callback must respond to :call. (@tarcieri)

2.0.2 (2016-07-19)

• #37 Forward #each on Rails::Auth::Credentials and make it Enumerable. (@tarcieri)

2.0.1 (2016-07-16)

• #36 Extract Rack environment manipulation into the Rails::Auth::Env class. (@tarcieri)

• #35 Make allowed_by a mandatory argument of Rails::Auth.authorized! (@tarcieri)

2.0.0 (2016-07-16; yanked in favor of 2.0.1)

• #34 Rails::Auth.allowed_by stores the matcher used to authorize the request in the Rack environment. (@tarcieri)

• #33 Rails::Auth::Monitor::Middleware provides callbacks for authorization success/failure for logging or monitoring purposes. (@tarcieri)

• #32 Rails::Auth::ConfigBuilder provides a simplified config API for Rails apps. (@tarcieri)

1.3.0 (2016-07-16)

• #30 Render JSON error responses from Rails::Auth::ErrorPage. (@tarcieri)

1.2.0 (2016-07-11)

• #28 Add a attr_reader for Rails::Auth::ACL#resources. (@tarcieri)

• #27 Handle javax.servlet.request.X509Certificate arrays. (@tarcieri)

1.1.0 (2016-06-23)

• #26 Make add_credential idempotent. (@ewr)

• #25 Allow outside middleware to mark a request as authorized. (@ewr)

1.0.0 (2016-05-03)

• Initial 1.0 release!

0.5.3 (2016-04-28)

• #22 Use explicit HTTP_METHODS whitelist when 'ALL' method is used. (@tarcieri)

0.5.2 (2016-04-27)

• #21 Send correct Content-Type on ErrorPage middleware. (@tarcieri)

0.5.1 (2016-04-24)

• #20 Handle X5.09 filter exceptions. (@tarcieri)

0.5.0 (2016-04-24)

• #19 Add Rails::Auth::Credentials::InjectorMiddleware. (@tarcieri)

0.4.1 (2016-04-23)

• #17 Use PATH_INFO instead of REQUEST_PATH. (@tarcieri)

• #15 Check types more thoroughly when parsing ACLs. (@tarcieri)

0.4.0 (2016-03-14)

• #14 Support for optionally matching hostnames in ACL resources. (@tarcieri)

• #13 Add #attributes method to matchers and X.509 certs. (@tarcieri)

0.3.0 (2016-03-12)

• #12 Add Rails::Auth::ErrorPage::DebugMiddleware. (@tarcieri)

0.2.0 (2016-03-11)

• #10 Add Rails::Auth::ControllerMethods and #credentials method for accessing rails-auth.credentials from a Rails controller. (@tarcieri)

0.1.0 (2016-02-10)

• #6: Rename principals to credentials and Rails::Auth::X509::Principals to Rails::Auth::X509::Certificates. (@tarcieri)

• #5: Add Rails::Auth::ErrorPage::Middleware. (@tarcieri)

0.0.1 (2016-01-26)

• #1: Initial implementation. (@tarcieri)

0.0.0 (2016-01-04)

• Vaporware release to claim the "rails-auth" gem name