v5.0.0
Breaking Changes📦 deviseView on GitHub →
⚠ 1 breaking✨ 2 features🐛 2 fixes⚡ 1 deprecations🔧 5 symbols
Summary
Version 5.0.0 introduces configuration enhancements for session duration and unconfirmed access, alongside fixing critical bugs in session handling and mailer configuration.
⚠️ Breaking Changes
- The `Devise::SessionsController#create` action no longer accepts `params[:remember_me]` directly. It must now be passed via `warden.session[:remember_me]` before calling `warden.authenticate!`.
Migration Steps
- If you relied on `params[:remember_me]` being available in `Devise::SessionsController#create`, update your session handling to set `warden.session[:remember_me]` before authentication.
- Replace all usages of `Devise.remember_me_for` with `Devise.remember_duration` in configuration files.
✨ New Features
- Added support for configuring session timeout via `Devise.remember_duration`.
- Introduced a new configuration option `Devise.allow_unconfirmed_access_for` to control how long unconfirmed users can access resources.
🐛 Bug Fixes
- Fixed an issue where users signing in with an expired token were redirected to the root path instead of the intended failure path.
- Resolved a bug where `Devise::Mailer.confirmation_instructions` was incorrectly setting the reply-to header.
Affected Symbols
⚡ Deprecations
- The `Devise.remember_me_for` configuration option is deprecated and will be removed in v6.0. Use `Devise.remember_duration` instead.