Release Notes

Unreleased

v1.21.2 - 2024-04-25

[1.x] Bacon QR 3.0 support by @eshimischi in #534

v1.21.1 - 2024-03-19

Specify return type array type by @santigarcor in #525
[1.x] Make commands lazy by @timacdonald in #527

v1.21.0 - 2024-03-08

[1.x] Adds fortify:install Artisan command by @nunomaduro in #524

v1.20.1 - 2024-02-08

Don't overwrite an already two factor secret unless force = true by @danmatthews in #518
Use Date facade for storing the password confirmation timestamp by @chrisvanlier2005 in #520

v1.20.0 - 2024-01-15

[1.x] Merges develop by @nunomaduro in #515

v1.19.1 - 2023-12-11

Deprecate the password rule and use illuminate password rule by @ricklambrechts in #511

v1.19.0 - 2023-11-27

Add new event by @taylorotwell in https://github.com/laravel/fortify/commit/2da721fead1f3bc18af983e4903c4e1df67177e7

v1.18.1 - 2023-10-18

Fix paths in default config using nested arrays by @sebj54 in #501

v1.18.0 - 2023-09-12

Added case-sensitivity option for usernames by @Radiergummi in #485
Added response contract for email verification notification by @m-thalmann in #489

v1.17.6 - 2023-09-04

Update logout to invalidate and regenerate session only if session is present (Issue #486) by @karmendra in #487

v1.17.5 - 2023-08-02

[1.x] Laravel Pint fixes by @iruoy in #480

v1.17.4 - 2023-06-18

Port security fixes to default login rate limiter by @staudenmeir in #473

v1.17.3 - 2023-06-02

Fix contract implementation by @jessarcher in #472

v1.17.2 - 2023-04-26

Revert "Add rate limiter for a registration" by @taylorotwell in #465

v1.17.1 - 2023-04-19

Add rate limiter for a registration by @trbsi in #460

v1.17.0 - 2023-04-17

Add ability to override routes with custom paths by @stephenglass in #458

v1.16.0 - 2023-01-06

Added

Laravel v10 Support by @driesvints in #435

v1.15.0 - 2023-01-03

Changed

Update PrepareAuthenticatedSession.php by @francoism90 in #434
Uses PHP Native Type Declarations 🐘 by @nunomaduro in #421

Fixed

Fix error while preparing PasswordResetResponse with views turned off by @leonkllr0 in #433

v1.14.1 - 2022-12-09

Changed

Only fire event when actually updating the database to disable two factor authentication by @taylorotwell in https://github.com/laravel/fortify/commit/04b4b9c20e421c415d0427904a72e08a21bdec27

v1.14.0 - 2022-11-23

Added

Add more Response contract bindings by @bdsumon4u in #425

v1.13.7 - 2022-11-04

Changed

Update parameter order for hash_equals function in TwoFactorLoginRequest by @jayan-blutui in #422

Fixed

Use boolean rather than filled for remember by @Codeatron5000 in #423

v1.13.6 - 2022-11-01

Fixed

Fix error message when entering invalid 2fa code by @emargareten in #415
Use Fortify username method on ConfirmPassword action by @jayan-blutui in #420

v1.13.5 - 2022-10-21

Changed

Add and use constants for session flashes by @dwightwatson in #409
Use current_password rule when changing password by @dwightwatson in #410
Parameters order with hash_equals by @chivincent in #411

v1.13.4 - 2022-09-30

Fixed

Only save user if need to by @taylorotwell in https://github.com/laravel/fortify/commit/9a68cf2deb37d1796b6e2fd97d3c61f086868914

v1.13.3 - 2022-08-16

Changed

Return recovery errors under the recovery_code key by @jessarcher in #401

v1.13.2 - 2022-08-09

Fixed

Fix second usage of 2FA code by @xwillq in #399

v1.13.1 - 2022-07-05

Fixed

Call FailedTwoFactorLoginResponse::toResponse with TwoFactorLoginRequest by @ricklambrechts in #395

v1.13.0 - 2022-05-05

Added

Added config option for custom OTP window by @robtesch in #385

v1.12.0 - 2022-03-29

Changed

2FA setup key by @ps-sean in #371
Enable 2FA confirmation by default by @taylorotwell in https://github.com/laravel/fortify/commit/a6caadc80e348755de0e1da221a6253d9f2c48f9

Fixed

Fix double error message for failed 2FA response by @driesvints in #369

v1.11.2 - 2022-03-08

Fixed

Ensures route password.confirm is defined when not using views by @Frozire in #368

Security

Cache 2FA token timestamp by @driesvints in #366

v1.11.1 - 2022-02-24

Fixed

Fix Exception when sending empty 2FA confirmation code by @srdante in #361
Unsupported operand types on rollback migration by @Jackpump in #362

v1.11.0 - 2022-02-22

Changed

Include the otpauth url when retrieving the QR svg by @JanMisker in #356
Confirmable 2FA by @taylorotwell in #358

Fixed

Fix incorrect key for error bag by @vaibhavpandeyvpz in #360

v1.10.2 - 2022-02-08

Changed

Prevent new login after 2FA challenge (#353)

Security

Fix throttle bypass exploit (#354)

v1.10.1 - 2022-02-01

Changed

Fix VerifyEmailResponse resolving (#349)

v1.10.0 (2022-01-25)

Added

Add VerifyEmailResponse contract (#347)

Changed

Switch to anonymous migrations (#348)

v1.9.0 (2022-01-12)

Changed

Add 2fa Events (#338)
Laravel 9 support (#340)

v1.8.6 (2021-12-22)

Changed

Customise the auth middleware name (#335)

Fixed

Check if authenticated user has 2FA enabled (#334)

v1.8.5 (2021-12-07)

Fixed

Fix an issue with array to string conversion (#333)

v1.8.4 (2021-11-23)

Changed

Use boolean rather than filled for remember (#328)

v1.8.3 (2021-11-02)

Changed

Add a check for two factor auth being enabled (#323)

v1.8.2 (2021-09-07)

Changed

Allow verification rate limiter to be configurable (#313)

v1.8.1 (2021-08-24)

Changed

Allow reset password redirect (#307)

v1.8.0 (2021-08-10)

Added

Redirection customization (#298)
Add ReplacedRecoveryCode event (#301)

Fixed

Fix auth guard (#296)

v1.7.14 (2021-06-29)

Changed

Add password update custom response (#290, e2a16f6)

v1.7.13 (2021-05-25)

Changed

Cleanup code (#261)
Returns JSON response (#267)
Naming 2FA routes (#269)

v1.7.12 (2021-04-27)

Changed

Restrict guest Middleware to Fortify's guard (#258)

v1.7.11 (2021-04-20)

Fixed

Remove password confirmation requirement for reset password (#254)

v1.7.10 (2021-04-13)

Fixed

Better way of validating credentials (#248)
Use configured username property for qr code url (#249)

v1.7.9 (2021-03-30)

Fixed

Require password and confirmation (#245)

v1.7.8 (2021-03-09)

Fixed

Fix two factor form without user (#233, 67d7743, #235)

v1.7.7 (2021-02-23)

Fixed

Redirect to intended URL after registration (#222)

v1.7.6 (2021-02-16)

Fixed

Fix password rule (#211)
Adds a missing scenario for the password rule (#213)

v1.7.5 (2021-01-19)

Fixed

Move route outside $enableViews (#203)

v1.7.4 (2021-01-07)

Fixed

Fix missing current password (#194)

Security

Revert "Retrieve user through provider" (#195)

v1.7.3 (2021-01-05)

Changed

Retrieve user through provider (#189)

Fixed

Tweak how rate limiting is implemented (8609af2)
Fix Two Factor prepare auth session (#181)

v1.7.2 (2020-11-24)

Fixed

Fix route prefix (#152)
Fire Failed events (#154)

v1.7.1 (2020-11-13)

Changed

Add the prefix and domain configuration options (#143)
Change how feature options are stored to work with config caching (b2430958)

Fixed

Fix 2FA disabled routes via views config (#142)

v1.7.0 (2020-11-03)

Added

PHP 8 Support (#130)
Add views config option (#133, ff155d0)

v1.6.2 (2020-10-20)

Changed

Redirect to intended URL after email verification (#119)
Only use two factor action when enabled (#127)

v1.6.1 (2020-10-05)

Added

Add FailedTwoFactorLoginResponse contract (#106)

Changed

Redirect to intended after two factor login (#105)
Allow Fortify views to accept Responsable objects (#107)
Use the Rule::unique for new user validation (#108)

v1.6.0 (2020-09-29)

Added

Add attempts method to rate limiter (#85)
Add name to Profile update and Password update routes (#89)

Fixed

Fix for empty password during confirmation (#87)

v1.5.0 (2020-09-22)

Added

Add option to force the password to have a special character (#65)

Fixed

Allow 'confirmPasswordView' to use view prefixes (#71)
Send JSON response if request is an AJAX request (#75)

v1.4.3 (2020-09-20)

Fixed

Fix flawed logic in the UpdateUserProfileInformation action (#68, fea6473, 91518af)

v1.4.2 (2020-09-20)

Changed

Remove unnecessary bag (85a7dfb)

Fixed

Fix test bug when use sqlite database (#69)

v1.4.1 (2020-09-18)

Added

Allow the expected email address request variable to be changed (#28)
Update configuration stub with middleware option (#55)

Changed

Make routes more dynamic (#41)
Add illuminate/support dependency (#46)
Resend email verification after user update (#52, 951d943)

Fixed

Only register two-factor-challenge routes if TFA feature enabled (#44)
Added missing request to the throwFailedAuthenticationException method (#61)

v1.4.0 (2020-09-14)

Added

Confirmed password status controller (fe5821f)
Configurable password timeout (f0a6477, 2b4fa36)

Changed

Switch the TwoFactorLoginResponse for a contract bound in container (#34)
Enable password confirmation (9e9d154)

v1.3.1 (2020-09-11)

Changed

Extract ConfirmPassword action (a9e68f2)

Fixed

Update what is passed to custom callback (9215e54)

v1.3.0 (2020-09-11)

Added

Google2fa v8 support (#25)
Add support for password confirmation (#6, 3ed5e87, 865ed4f, c58a2fb)

v1.2.1 (2020-09-10)

Fixed

Pass request through to the callback (#21)

v1.2.0 (2020-09-10)

Added

Allow granular authentication customization (cd8b6aa)

v1.1.0 (2020-09-10)

Added

Allow full customization of authentication pipeline (6c36b08)

v1.0.1 (2020-09-08)

Changed

Use PasswordValidationRules trait in CreateNewUser action (#18)
Callable customization of any view (661d726)

v1.0.0 (2020-09-08)

Initial stable release.