This makes it easier to overwrite `user_params` when needing to provide extra fields during signup. For example, with `strong_parameter`: ```ruby class UsersController < Clearance::UsersController private def user_params params.require(:user).permit(:email, :password, :first_name, :last_name) end end ```
This allows clearance controllers to share functionality such as filters, layouts, and helper methods. `BaseController` has no methods defined and is in place to allow customization through re-opening the class.
The password reset controller was previously assuming that the id parameter would be available as 'user_id', but if you have customized the user model this won't be the case. Get the proper name from the configuration. Supersedes #377
Since the introduction of the `SignInGaurd` stack, this method was no longer being called. I moved it's implementation into the failure message used by the `DefaultSignInGuard`. Customizing the message is done entirely via I18n. Resolves #378
Sign in guards provide you with fine-grained control over the process of signing in a user. Each guard is run in order and will hand the session off to the next guard in the process. Any guard may also choose to fail the sign in process and provide a message explaining why. Additionally you could immediately determine the sign in process was a success and skip running additional guards.
* Clarify in README that the config example shows the default values. * Wrap long line at 80 characters. * Move `redirect_to_root` from `lib/clearance/authorization.rb` to where it is used, in `app/controllers/clearance/sessions_controller.rb`, and better reveal its intent by re-naming it to `avoid_sign_in`. * Re-set `config.secure_cookie` to its original value in an `after` block in a test to teardown and avoid leakage across tests. * Use `_url` suffix in config name to match [RFC 2616 spec, section 14. 14.30](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30), which states the Location response-header field should use an absolute URI for 3xx responses. * The default value for `redirect_url` is the string path `'/'` as a previous compromise to make it less likely users will run into an issue if they don't want to define a root route. The string value avoids potentially confusing `NoMethodError: undefined method 'root_url'` errors. #281
They are causing circular dependencies in Rails 4 + Ruby 2: #276
* The password email delivery can now be overridden
* Centralize email normalization logic in `User.normalize_email`. * Implement `User.find_by_normalized_email`.
+ Updated views, and flashes to use I18n + Updated News file + Updated specs to use I18n
When a user resets their password, don't expose the existence of their email address in the instruction text. This is a security best practice: http://goo.gl/Ayb64
* Flash message is redundant to validation error displayed by libraries such as dynamic_form, simple_form, or formtastic. * We are not bundling one of the form libraries with Clearance in order to leave that decision to the developer.
* Use single quotes unless interpolating. * Do not align tokens. * Add a newline between lines of code and blocks. * Alphabetize methods and lists of attributes. Additional refactoring: * Refactor new_indexes to more appropriately use a Hash. * Refactor collections to use Symbol#to_proc to shorten lines. * Use consistent naming patterns (existing_*, new_*). * Remove `each` naming convention on enumerators. * Remove now unnecessary GOALS file.
…You are now signed up.")
…plays a message telling them to look for an email.
…re. More in line with Rails conventions.
…ed number of failure cases. Resolves #145.
…tion, it no longer makes sense to redirect to sign in after sign up, because you're already signed in. most apps we've been working on redirect to the home page after sign in so we're merging that change in upstream to clearance. resolves #146.
… overriden for cases like switching to username & password, requiring fewer files to change. this breaks the before_filter :authenticate API that used to exist, which has been replaced with the more aptly-named before_filter :authorize.
Setting the 403 status code turned out to be a bad user experience in some browsers such as Chrome on Windows machines.
…real gem for tests
in ApplicationController and still have password recovery work without overriding any controllers. (Claudio Poli, Dan Croak)
…nes. updated CHANGELOG
So that you can use before_filter :authenticate in your application_controller without having to override the Clearance controllers
… instead of implementation-specific sessions and users. nicer interface in the browser bar for users, a little encapsulation for developers.