Shield v0.5.0 – Login idle timeout, Pwned Passwords, and more...

Shield is a comprehensive security solution for Lucky framework. It features robust authentication and authorization, including user registrations, logins and logouts, password resets and more.

Version 0.5.0 adds the ability to automatically log a user out after a set period of inactivity. This does not require any user interaction -- Shield sends a Refresh response header to force a reload of the page after the login times out, which triggers the action pipe that terminates the session.

We added a new Avram::Validations.validate_not_pwned method that checks that given passwords do not appear in a known data breach, using the Pwned Passwords API.

https://forum.crystal-lang.org/t/shield-v0-5-0-login-idle-timeout-pwned-passwords-and-more/2723

Shield v0.4.0 Presents RFC 6750 Bearer Logins (API Tokens)

Shield is a comprehensive security solution for Lucky framework. It features robust authentication and authorization, including user registrations, logins and logouts, password resets and more.

Version 0.4.0 enables authentication via access tokens, per RFC 6750. Any registered user may create bearer logins, and delegate some or all of their rights to them in the form of scopes...

https://forum.crystal-lang.org/t/shield-v0-4-0-presents-rfc-6750-bearer-logins-api-tokens/2678