Releases: thoughtbot/clearance
Releases · thoughtbot/clearance
v1.4.3
v1.4.2
v1.4.1
Fixed
- Prevent BCrypt strategy from raising an exception when
encypted_password
is nil.
v1.4.0
Added
user_params
method was added toClearance::UsersController
which provides
a convenient place to override the parameters used when creating users.- Controllers now inherit from
Clearance::BaseController
to allow for easily
adding behavior to all of them.
Changed
- The sign out link in the default application layout has been replaced with a
semantically correct sign out button. This also removes an unnecessary
JavaScript dependency.
Fixed
- Clearance now uses
original_fullpath
when redirecting to a saved URL after
login. This should improve the behavior in mounted engines.
v1.3.0
Added
- Installing Clearance with an existing User model will now create a migration
that includes adding remember tokens to all existing user records.
v1.2.1
Fixed
- Query string is now included in the redirect URL when Clearance redirects to a
previously stored URL.
v1.2.0
Added
- Support for Rails 4.1.0.rc1
- Sign in can now be disabled with
config.allow_sign_in = false
Changed
- Sign in failure message is now customized exclusively via I18n.
SessionsController#flash_failure_after_create
is no longer called. To
customize the message, change the
clearance.controllers.sessions.bad_email_or_password
or
flashes.failure_after_create
key.
Deprecated
clearance/testing
is now deprecated. Requireclearance/rspec
or
clearance/test_unit
as appropriate.
v1.1.0
Added
- Validate email with
EmailValidator
strict mode. - The
cookie_expiration
configuration lambda can now be called with a
cookies
parameter. Allows the Clearance cookie expiration to be set
according to the value of another cookie (such asremember_me
). - Allow cookie domain and path configuration.
- Add sign in guards.
Fixed
- Don't allow logins with blank
remember_token
.
Deprecated
- A
cookie_expiration
lambda that does not accept thiscookies
parameter has been deprecated.
v1.0.1
v1.0.0
Added
- Support Rails 4.
- Speed up test suites using
::BCrypt::Engine::MIN_COST
. - Speed up integration suites with
Clearance::BackDoor
. - Provide
BCryptMigrationFromSHA1
password strategy to help people migrate from
SHA1 (the old default password strategy) to BCrypt (the new default). - Support Ruby 2.
- More extension points in more controllers.
- Add
SignedIn
andSignedOut
routing constraints. - Add a fake password strategy, which is useful when writing tests.
- Add
redirect_url
configuration option. - Add
secure_cookie
configuration option.
Changed
- Change default password strategy to BCrypt.
- Replace email regular expression with
EmailValidator
gem. - Require > Ruby 1.9.
- The
email
,encrypted_password
, andremember_token
fields of the users
table areNOT NULL
in the default migration. - Replace Cucumber feature generator with RSpec + Capybara.
- Remove Diesel dependency.
PasswordsController
params[:user]
has changed toparams[:password_reset]
to avoid locale conflicts.
Fixed
- Improve security when changing password.
- Reduce extra user lookups when adding cookie to headers.
- Unauthorized API requests return HTTP status 401 rather than a redirect
to the sign in page.
Removed
- Remove deprecated methods on User:
remember_me!
,generate_random_code
,
password_required?
. - Remove
unloadable
from controllers (Rails 4 bug fix in development
environment). - Remove support for supplying
return_to
value via request parameter.