Shield v0.5.0 – Login idle timeout, Pwned Passwords, and more...

Shield is a comprehensive security solution for Lucky framework. It features robust authentication and authorization, including user registrations, logins and logouts, password resets and more.

Version 0.5.0 adds the ability to automatically log a user out after a set period of inactivity. This does not require any user interaction -- Shield sends a Refresh response header to force a reload of the page after the login times out, which triggers the action pipe that terminates the session.

We added a new Avram::Validations.validate_not_pwned method that checks that given passwords do not appear in a known data breach, using the Pwned Passwords API.

https://forum.crystal-lang.org/t/shield-v0-5-0-login-idle-timeout-pwned-passwords-and-more/2723