Permalink
Commits on Sep 29, 2012
  1. Don't expose the existence of a user

    When a user resets their password, don't expose the existence of
    their email address in the instruction text. This is a security best
    practice:
    
    http://goo.gl/Ayb64
    aripollak committed with croaky Sep 29, 2012
Commits on Sep 20, 2012
  1. Clean up Github links in README

    croaky committed Sep 20, 2012
Commits on Sep 14, 2012
  1. Update LICENSE copyright years

    * Update LICENSE to agree with README.md copyright years
    Adarsh Pandit committed Sep 14, 2012
  2. Improve README

    * Generalize versions of Rails/Ruby we test against.
    * Add `bundle` line.
    * Order main API walkthrough by importance and group authorization.
    * Use Ruby 1.9 hash syntax.
    * Get closer to 80 character limit on lines with links.
    * Use Ruby . or # syntax to evoke class or instance method.
    * Add Code Climate badge.
    croaky committed Sep 14, 2012
Commits on Aug 31, 2012
  1. Appraisal droppings

    mike-burns committed Aug 31, 2012
Commits on Aug 20, 2012
Commits on Aug 14, 2012
  1. Use a released version of addressable in Gemfile.lock

    addressable 2.3.1, the version to which the Gemfile was previously
    locked, has been yanked:
    
    https://rubygems.org/gems/addressable/versions
    gabebw committed with croaky Aug 10, 2012
Commits on Jul 23, 2012
  1. Correct NEWS and README

    * You can use Clearance after you've created a Rails app or users
      table. If you have users already, you'll need to edit the default
      migration that Clearance generates.
    * We are testing against latest Rails 3.0.x, 3.1.x, and 3.2.x.
    croaky committed Jul 23, 2012
  2. Bump to 1.0.0.rc1

    mike-burns committed Jul 23, 2012
  3. Clearance cannot be added to an existing app

    Since the generated migration adds non-NULL requirements to columns, and
    since we never add Clearance to existing apps, we cannot trivially test
    the nuances involved in that situation. For now, we do not support this.
    mike-burns committed Jul 23, 2012
Commits on Jul 22, 2012
  1. Upgrade dependencies

    * Support Rails 3.0.15, 3.1.6, 3.2.6.
    * Apply style guidelines to test suite.
    * Be more strict about development dependencies.
    croaky committed Jul 22, 2012
  2. [#204] Remove flash message from users#create

    * Flash message is redundant to validation error displayed by
      libraries such as dynamic_form, simple_form, or formtastic.
    * We are not bundling one of the form libraries with Clearance
      in order to leave that decision to the developer.
    croaky committed Jul 22, 2012
  3. [#206] Improve data integrity

    By default, we want email, encrypted_password, and remember_token to
    enforce a NOT NULL constraint.
    croaky committed Jul 22, 2012
  4. Overhaul README.md

    Intention is to better communicate the API.
    croaky committed Jul 22, 2012
  5. Apply style guidelines

    * Use single quotes unless interpolating.
    * Do not align tokens.
    * Add a newline between lines of code and blocks.
    * Alphabetize methods and lists of attributes.
    
    Additional refactoring:
    
    * Refactor new_indexes to more appropriately use a Hash.
    * Refactor collections to use Symbol#to_proc to shorten lines.
    * Use consistent naming patterns (existing_*, new_*).
    * Remove `each` naming convention on enumerators.
    * Remove now unnecessary GOALS file.
    croaky committed Jul 21, 2012
Commits on Jul 21, 2012
  1. Add Appraisal install line to CONTRIBUTING.md

    * Setting up Appraisal is necessary to run the test suite.
    croaky committed Jul 21, 2012
Commits on Jul 19, 2012
  1. Remove the salt from the DB migration

    The salt column is only needed for SHA1 and MD5 strategies, which  are
    not the default. The README contains instructions for adding the salt
    back before switching to those strategies.
    mike-burns committed Jul 19, 2012
Commits on Jun 29, 2012
  1. How to hit 1.0.0

    mike-burns committed Jun 29, 2012
  2. BCrypt for passwords

    This commit makes BCrypt the default for new setups, and introduces a
    strategy for converting existing infrastructure to BCrypt.
    
    To switch to BCrypt now:
    
        Clearance.configure do |config|
          config.password_strategy = Clearance::PasswordStrategies::BCrypt
        end
    
    To set the password strategy to the conversion layer:
    
        Clearance.configure do |config|
          config.password_strategy = Clearance::PasswordStrategies::BCryptMigrationFromSHA1
        end
    
    To continue to use SHA1:
    
        Clearance.configure do |config|
          config.password_strategy = Clearance::PasswordStrategies::SHA1
        end
    Dan Croak and Gabe Berke-Williams committed with mike-burns Oct 23, 2011
  3. Provide router constraints

    Adds SignedInConstraint and SignedOutConstraint, useful from the Rails
    router. For example, to redirect admins to their admin dashboard as the
    home page:
    
        constraints(SignedInConstraint.new {|user| user.admin?}) do
          root :to => 'admins/dashboard#index'
        end
    Arun Agrawal and Gabe Berke-Williams committed with mike-burns Jun 13, 2012
Commits on Jun 18, 2012
  1. Relax bundler dependency.

    gabebw committed Jun 18, 2012
Commits on Jun 13, 2012
  1. Encourage people to sign up in the flash message

    Fixes #163.
    Arun Agrawal and Gabe Berke-Williams committed with gabebw Jun 13, 2012
  2. Remove init.rb.

    gabebw committed Jun 13, 2012
Commits on Jun 7, 2012
  1. Merge pull request #197 from jsteiner/master

    Fix a broken step definition
    gabebw committed Jun 7, 2012