v1.11.0

Added

• Add sign_in and sign_in_as helper methods to view specs. These helpers
  avoid errors from verified partial doubles that come from. See
  462c009.

Fixed

• clearance:routes generator now properly disables internal routes in your
  Clearance initializer.
• Clearance now accesses the cookie jar via ActionDispatch::Request rather than
  Rack::Request. This is more consistent with what Rails does internally.

Deprecated

• Clearance::Testing::Helpers has been deprecated in favor of
  Clearance::Testing::ControllerHelpers. Most users are accessing these
  helpers by requiring clearance/rspec or clearance/test_unit and should be
  unaffected.

Full Changelog

v1.10.1

Deprecated

• All clearance-provided password strategies other than BCrypt have been
  deprecated. You can continue to use those strategies without a deprecation
  warning by adding clearance-deprecated_password_strategies to your Gemfile.

Full Changelog

v1.9.0

Added

• The change password mailer now produces a multipart message which includes a
  text part along with the previously existing HTML part. To override the text
  part, add change_password.text.erb alongside your change_password.html.erb
  file.

Fixed

• Custom user_model configured in a Rails initializer will now be reloaded in
  development mode.
• Change password template now contains "Change my password" link text to
  address an issue linking the URL in some mail clients.

Full Changelog

v1.8.1

Security

• Enable cross-site request forgery protection on sessions#create. See
  7f5d56e.

Fixed

• All methods included by Clearance::Controller are now excluded from
  action_methods.

Full Changelog

v1.8.0

Added

• The remember token cookie name is now customizable via
  Clearance.configuration.cookie_name.

Fixed

• Fixed a redirect loop on the sign in page for applications that are still
  using the deprecated authorize filter.
• Signed in users that attempt to visit the sign in path are now redirected. The
  redirect URL defaults to the same URL used for the redirect after sign in, but
  can be customized by overriding passwords_controller#url_for_signed_in_users

Deprecated

• users_controller#avoid_sign_in is now deprecated in favor of
  redirect_signed_in_users which is more accurately named.

Full Changelog

v1.7.0

Fixed

• Fix the negation of the deny_access matcher in Rails 4.0.x on Ruby 2.2

Deprecated

• The authorize filter has been deprecated in favor of require_login. Update
  all reference to the filter including any calls to skip_before_filter or
  skip_before_action.
• The Clearance.root method has been deprecated. It was used internally and
  unlikely to impact external users.

Full Changelog

v1.6.1

Fixed

• Secure cookies are no longer overwritten when the user visits a non-HTTPS URL.

Full Changelog

v1.6.0

Added

• When using Rails 4.2, password reset emails are sent with the
  ActiveJob-compatible #deliver_later method.

Full Changelog

v1.5.1

Fixed

• Blowfish password strategy fixed
• Specs generated with rails generate clearance:specs now work properly in
  RSpec 3 projects.

Full Changelog

v1.5.0

Added

• Disable clearance routes by setting config.routes = false.
• Running rails generate clearance:routes will dump the default set of
  routes to your application's routes file for modification.

Full Changelog