This major release of Passwordless changes a lot of things and it is almost guaranteed that you will need to change your code to upgrade to this version.
Note that there is no need to upgrade. The previous versions of Passwordless will continue to work for the foreseeable future.
From 1.0 the flow is:
- User enters email
- User is presented with a token input page
- User enters token OR clicks link in email
- User is signed in
If you're already running Passwordless, you'll need to update your database schema.
$ bin/rails g migration UpgradePassswordlessclass UpgradePasswordless < ActiveRecord::Migration[7.0]
def change
# Encrypted tokens
add_column(:passwordless_sessions, :token_digest, :string)
add_index(:passwordless_sessions, :token_digest)
remove_column(:passwordless_sessions, :token, :string, null: false)
# UUID
add_column(:passwordless_sessions, :identifier, :string)
add_index(:passwordless_sessions, :identifier, unique: true)
# Remove PII
remove_column(:passwordless_sessions, :user_agent, :string, null: false)
remove_column(:passwordless_sessions, :remote_addr, :string, null: false)
end
endPasswordless is now configured like this. In config/initializers/passwordless.rb:
Passwordless.configure do |config|
config.default_from_address = "[email protected]"
endThe existing views have changed and a new one has been added. Regenerate them using rails generate passwordless:views.
Passwordless no longer isolates namespace.
- Change all your links with eg.
users.sign_in_pathtousers_sign_in_path - Change all links with
main_app.whatever_pathto justwhatever_path
Passwordless no longer collects users' IP addresses. If you need this information, you can
add it to your after_session_save callback.
Tokens are encrypted at rest in the database. This means that any tokens that were generated with a previous version of Passwordless will no longer work.
Removes authenticate_by_cookie and upgrade_passwordless_cookie from controller helpers.