Shield is a comprehensive security solution for Lucky framework. It features robust authentication and authorization, including user registrations, logins and logouts, password resets and more.
Version 0.5.0 adds the ability to automatically log a user out after a set period of inactivity. This does not require any user interaction -- Shield sends a
Refresh response header to force a reload of the page after the login times out, which triggers the action pipe that terminates the session.
We added a new
Avram::Validations.validate_not_pwned method that checks that given passwords do not appear in a known data breach, using the Pwned Passwords API.