Skip to content

Releases: thoughtbot/clearance

v1.4.3

11 Sep 19:58
931feaa
Compare
Choose a tag to compare

Fixed

  • Routing constraints act appropriately when session data is missing.

Full Changelog

v1.4.2

11 Sep 19:58
4235346
Compare
Choose a tag to compare

Fixed

  • Eliminate deprecation message when using DenyAccess matcher with RSpec 3.

Full Changelog

v1.4.1

11 Sep 19:58
e4208f7
Compare
Choose a tag to compare

Fixed

  • Prevent BCrypt strategy from raising an exception when encypted_password
    is nil.

Full Changelog

v1.4.0

11 Sep 19:58
Compare
Choose a tag to compare

Added

  • user_params method was added to Clearance::UsersController which provides
    a convenient place to override the parameters used when creating users.
  • Controllers now inherit from Clearance::BaseController to allow for easily
    adding behavior to all of them.

Changed

  • The sign out link in the default application layout has been replaced with a
    semantically correct sign out button. This also removes an unnecessary
    JavaScript dependency.

Fixed

  • Clearance now uses original_fullpath when redirecting to a saved URL after
    login. This should improve the behavior in mounted engines.

Full Changelog

v1.3.0

11 Sep 19:58
Compare
Choose a tag to compare

Added

  • Installing Clearance with an existing User model will now create a migration
    that includes adding remember tokens to all existing user records.

Full Changelog

v1.2.1

11 Sep 19:59
Compare
Choose a tag to compare

Fixed

  • Query string is now included in the redirect URL when Clearance redirects to a
    previously stored URL.

Full Changelog

v1.2.0

11 Sep 19:59
Compare
Choose a tag to compare

Added

  • Support for Rails 4.1.0.rc1
  • Sign in can now be disabled with config.allow_sign_in = false

Changed

  • Sign in failure message is now customized exclusively via I18n.
    SessionsController#flash_failure_after_create is no longer called. To
    customize the message, change the
    clearance.controllers.sessions.bad_email_or_password or
    flashes.failure_after_create key.

Deprecated

  • clearance/testing is now deprecated. Require clearance/rspec or
    clearance/test_unit as appropriate.

Full Changelog

v1.1.0

11 Sep 19:59
Compare
Choose a tag to compare

Added

  • Validate email with EmailValidator strict mode.
  • The cookie_expiration configuration lambda can now be called with a
    cookies parameter. Allows the Clearance cookie expiration to be set
    according to the value of another cookie (such as remember_me).
  • Allow cookie domain and path configuration.
  • Add sign in guards.

Fixed

  • Don't allow logins with blank remember_token.

Deprecated

  • A cookie_expiration lambda that does not accept this cookies
    parameter has been deprecated.

Full Changelog

v1.0.1

11 Sep 19:59
Compare
Choose a tag to compare

Fixed

  • Fix an issue when trying to sign in with nil

Full Changelog

v1.0.0

11 Sep 19:59
Compare
Choose a tag to compare

Added

  • Support Rails 4.
  • Speed up test suites using ::BCrypt::Engine::MIN_COST.
  • Speed up integration suites with Clearance::BackDoor.
  • Provide BCryptMigrationFromSHA1 password strategy to help people migrate from
    SHA1 (the old default password strategy) to BCrypt (the new default).
  • Support Ruby 2.
  • More extension points in more controllers.
  • Add SignedIn and SignedOut routing constraints.
  • Add a fake password strategy, which is useful when writing tests.
  • Add redirect_url configuration option.
  • Add secure_cookie configuration option.

Changed

  • Change default password strategy to BCrypt.
  • Replace email regular expression with EmailValidator gem.
  • Require > Ruby 1.9.
  • The email, encrypted_password, and remember_token fields of the users
    table are NOT NULL in the default migration.
  • Replace Cucumber feature generator with RSpec + Capybara.
  • Remove Diesel dependency.
  • PasswordsController params[:user] has changed to params[:password_reset]
    to avoid locale conflicts.

Fixed

  • Improve security when changing password.
  • Reduce extra user lookups when adding cookie to headers.
  • Unauthorized API requests return HTTP status 401 rather than a redirect
    to the sign in page.

Removed

  • Remove deprecated methods on User: remember_me!, generate_random_code,
    password_required?.
  • Remove unloadable from controllers (Rails 4 bug fix in development
    environment).
  • Remove support for supplying return_to value via request parameter.

Full Changelog