v1.0.0

Added

• Support Rails 4.
• Speed up test suites using ::BCrypt::Engine::MIN_COST.
• Speed up integration suites with Clearance::BackDoor.
• Provide BCryptMigrationFromSHA1 password strategy to help people migrate from
  SHA1 (the old default password strategy) to BCrypt (the new default).
• Support Ruby 2.
• More extension points in more controllers.
• Add SignedIn and SignedOut routing constraints.
• Add a fake password strategy, which is useful when writing tests.
• Add redirect_url configuration option.
• Add secure_cookie configuration option.

Changed

• Change default password strategy to BCrypt.
• Replace email regular expression with EmailValidator gem.
• Require > Ruby 1.9.
• The email, encrypted_password, and remember_token fields of the users
  table are NOT NULL in the default migration.
• Replace Cucumber feature generator with RSpec + Capybara.
• Remove Diesel dependency.
• PasswordsController params[:user] has changed to params[:password_reset]
  to avoid locale conflicts.

Fixed

• Improve security when changing password.
• Reduce extra user lookups when adding cookie to headers.
• Unauthorized API requests return HTTP status 401 rather than a redirect
  to the sign in page.

Removed

• Remove deprecated methods on User: remember_me!, generate_random_code,
  password_required?.
• Remove unloadable from controllers (Rails 4 bug fix in development
  environment).
• Remove support for supplying return_to value via request parameter.

Full Changelog