v3.0 - Switch to Laravel Auth library

This version introduces support with the Laravel auth package that ships with October CMS v3.6 and beyond. Use the upgrade guide to see the differences and upgrade process.

• Upgrading from User v2 to v3

Use the following guide to determine your compatible version:

October CMS Version	User Version
1.0, 1.1, 2.0, 2.1, 2.2, 2.3	^1.7
3.0, 3.1, 3.2, 3.3, 3.4, 3.5	^2.1
3.6	^3.0

Enjoy!

v2.1 - Support for Bearer Tokens (JWT)

The User plugin has been updated to improve support for working with APIs and bearer tokens.

Auth::getBearerToken(): string

Returns a bearer token (JWT) that can be used to authenticate the current user for 1 hour.

public function token()
{
    return Auth::getBearerToken();
}

Auth::checkBearerToken(string $token): bool

Verifies a supplied bearer token, and if valid, sets the authenticated user.

function onStart()
{
    if ($jwtToken = Request::bearerToken()) {
        Auth::checkBearerToken($jwtToken);
    }
}

Session Component

Now includes a token() method for generating a new token for the signed in user.

url = "/api/login"

[account]
[session]
==
{% do response(
    ajaxHandler('onSignin').withVars({
        token: session.token()
    })
) %}

The checkToken property is used to verify the token in the headers (Authorization: Bearer <TOKEN>).

url = "/api/login/renew"

[session]
checkToken = 1
==
{% do response({
    data: {
        token: session.token()
    }
}) %}

v2.0 - Compatibility with October CMS 3.1

This version moves towards only supporting October v3.1 and beyond so developers need not worry about breaking legacy versions with new contributions and features.

October CMS Version	User Version
1.0, 1.1, 2.0, 2.1, 2.2, 3.0	1.x
3.1	2.x

No upgrade guide is required for this version. There is only one new feature in v2:

• Introduces a "Password Policy" tab to the settings area

Support October CMS 2.0

This version (1.6) release signifies the beginning of support with October CMS v2.0. All changes should remain compatible with v1.0 in this release. Otherwise, this plugin will get bumped to v2.0 as well.

Enjoy!

v1.5.4

Changes

• Users can now be unsuspended from the preview page when viewing a user. (#430)
• A confirmation message is now shown on registration if administrators must approve new registrations. (#429)
• The User plugin now uses GitHub Actions for testing. (#446)

Bug fixes

• The User model no longer uses guarded attributes (#434). Fixes rainlab/userplus-plugin#34.

Translation updates

• Added Taiwanese translations. (#454)
• Added Slovenian translations. (#431)
• Updated Russian translations. (#450)
• Updated Turkish translations. (#445)
• Updated Dutch translations. (#439)
• Updated Spanish translations. (#425)

For more information on this release, please review the milestone:
https://github.com/rainlab/user-plugin/milestone/5?closed=1

v1.5.3

Changes

• Users who have been banned are now highlighted in red in the Users list. (#404)
• The registration component now uses the same validation rules that are specified with the User model, as opposed to its own custom set of validation rules. (7307e99)

Bug fixes

• Fixed an issue where the user update was prevented by a missing password index error if no password is provided. This occurred in setups where people allow users to change profile details without a "change password" field. (#420)

Translation updates

• Improved Indonesian translations. (#405)
• Improved Hungarian translations. (#408)

For more information on this release, please review the milestone:
https://github.com/rainlab/user-plugin/milestone/4?closed=1

v1.5.2

Changes

• The username of the user is now available to be added to the Reset Password mail templates. This must be added to the template manually. (#403)

Bug Fixes

• Whitespace from the start and end of usernames is now stripped on the login form. This fixes login issues for people who mistakenly put in spacing at login, eg. copying and pasting a username. (#399)

For more information about this release, please review the milestone:
https://github.com/rainlab/user-plugin/milestone/3?closed=1

v1.5.1

New Features

• Registration throttling functionality has been implemented, limiting registrations to 3 per hour per IP address. You can enable it via the User Settings administration panel. (#397)
• User logins can now be remembered, allowing people to stay logged in for extended periods of time. This too is controlled in the User Settings administration panel. (#312)

Changes

• Added a new Account component setting to require the user to enter in their current password when changing their account information. (#303, 49dfee2)
• Updated Russian translations. (#394)

Bug Fixes

• Fixed an issue where the wrong password validation message was shown when updating a user. (#371, octobercms/october@610e0c3)

For more information about this release, please review the milestone:
https://github.com/rainlab/user-plugin/milestone/2?closed=1

v1.5.0

Breaking Changes

• To improve the security of this plugin, user passwords must now be at least 8 characters by default. This is configurable by the admin (see below). This change does not affect current passwords, which will continue to work. (#354)

New Features

• The minimum length of passwords is now configurable via the User settings screen in the Backend. By default this is set to 8 characters. (#354)

Changes

• The CSRF token is now inserted to the default User component templates. (#388)

Bug Fixes

• The "no redirect" and "refresh page" options for the Redirect property in the User Component should now work correctly. (ba27e63)
• Fixed issue where users could not be reactivated by an admin after being deactivated. (9edc955)

For more information about this release, please review the milestone:
https://github.com/rainlab/user-plugin/milestone/1?closed=1