Skip to content
This repository

Apr 02, 2014

  1. Greg Lazarev

    Introduce Clearance::UsersConteroller#user_params

    This makes it easier to overwrite `user_params` when needing to provide extra
    fields during signup.
    
    For example, with `strong_parameter`:
    ```ruby
    class UsersController < Clearance::UsersController
      private
    
      def user_params
        params.require(:user).permit(:email, :password, :first_name, :last_name)
      end
    end
    ```
    authored April 01, 2014

Mar 28, 2014

  1. Luís Ferreira

    Controllers inherit from Clearance::BaseController

    This allows clearance controllers to share functionality such as filters,
    layouts, and helper methods. `BaseController` has no methods defined and
    is in place to allow customization through re-opening the class.
    authored March 11, 2014 derekprior committed March 28, 2014

Mar 04, 2014

  1. Rich Rines

    Update Hash Syntax

    * Update to ruby 1.9+ hash syntax
    authored February 28, 2014

Feb 07, 2014

  1. Derek Prior

    Get user_model id parameter from configuration

    The password reset controller was previously assuming that the id
    parameter would be available as 'user_id', but if you have customized
    the user model this won't be the case. Get the proper name from the
    configuration.
    
    Supersedes #377
    authored February 07, 2014
  2. Derek Prior

    Remove SessionsController failure message override

    Since the introduction of the `SignInGaurd` stack, this method was no
    longer being called. I moved it's implementation into the failure
    message used by the `DefaultSignInGuard`. Customizing the message is
    done entirely via I18n.
    
    Resolves #378
    authored February 07, 2014

Nov 01, 2013

  1. Matthew Mongeau

    Added sign in guards.

    Sign in guards provide you with fine-grained control over the process of
    signing in a user. Each guard is run in order and will hand the session
    off to the next guard in the process. Any guard may also choose to fail
    the sign in process and provide a message explaining why. Additionally
    you could immediately determine the sign in process was a success and
    skip running additional guards.
    authored October 18, 2013

Mar 26, 2013

  1. Gregory Eremin

    Add `redirect_url` config option

    * Clarify in README that the config example shows the default values.
    * Wrap long line at 80 characters.
    * Move `redirect_to_root` from `lib/clearance/authorization.rb` to where
      it is used, in `app/controllers/clearance/sessions_controller.rb`, and
      better reveal its intent by re-naming it to `avoid_sign_in`.
    * Re-set `config.secure_cookie` to its original value in an `after`
      block in a test to teardown and avoid leakage across tests.
    * Use `_url` suffix in config name to match [RFC 2616 spec, section 14.
      14.30](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30),
      which states the Location response-header field should use an absolute
      URI for 3xx responses.
    * The default value for `redirect_url` is the string path `'/'` as a
      previous compromise to make it less likely users will run into an
      issue if they don't want to define a root route. The string value avoids
      potentially confusing `NoMethodError: undefined method 'root_url'`
      errors.
    
    #281
    authored March 22, 2013 croaky committed March 26, 2013
  2. Dan Croak

    Remove `unloadable` from controllers

    They are causing circular dependencies in Rails 4 + Ruby 2:
    
    #276
    authored March 17, 2013

Feb 22, 2013

  1. Scott Albertson

    Move password email delivery to private method

    * The password email delivery can now be overridden
    authored February 22, 2013
  2. Aaron Graves

    Make PasswordsController#create case-insensitive

    * Centralize email normalization logic in `User.normalize_email`.
    * Implement `User.find_by_normalized_email`.
    authored February 12, 2013 croaky committed February 21, 2013

Oct 18, 2012

  1. Harlow Ward

    Added debrecation warning to passwords controller

    authored October 18, 2012

Oct 17, 2012

  1. Harlow Ward

    Move all application text to locales

    + Updated views, and flashes to use I18n
    + Updated News file
    + Updated specs to use I18n
    authored October 17, 2012

Sep 29, 2012

  1. Ari Pollak

    Don't expose the existence of a user

    When a user resets their password, don't expose the existence of
    their email address in the instruction text. This is a security best
    practice:
    
    http://goo.gl/Ayb64
    authored September 29, 2012 croaky committed September 29, 2012

Jul 22, 2012

  1. Dan Croak

    [#204] Remove flash message from users#create

    * Flash message is redundant to validation error displayed by
      libraries such as dynamic_form, simple_form, or formtastic.
    * We are not bundling one of the form libraries with Clearance
      in order to leave that decision to the developer.
    authored July 22, 2012
  2. Dan Croak

    Apply style guidelines

    * Use single quotes unless interpolating.
    * Do not align tokens.
    * Add a newline between lines of code and blocks.
    * Alphabetize methods and lists of attributes.
    
    Additional refactoring:
    
    * Refactor new_indexes to more appropriately use a Hash.
    * Refactor collections to use Symbol#to_proc to shorten lines.
    * Use consistent naming patterns (existing_*, new_*).
    * Remove `each` naming convention on enumerators.
    * Remove now unnecessary GOALS file.
    authored July 21, 2012

Jun 13, 2012

  1. Encourage people to sign up in the flash message

    Fixes #163.
    authored June 13, 2012 gabebw committed June 13, 2012

Jun 01, 2012

  1. Mike Burns

    Handle nil tokens

    authored June 01, 2012

Apr 06, 2012

  1. Matt Jankowski

    when whitelist attributes is turned on we need to explicitly assign t…

    …he params
    authored April 04, 2012

Dec 01, 2011

  1. danhodge

    Optional config param 'user_model_name' added

    authored December 01, 2011

Jun 30, 2011

  1. Dan Croak

    Removed redundant flash messages. ("Signed in.", "Signed out.", and "…

    …You are now signed up.")
    authored June 30, 2011
  2. Dan Croak

    [#147] Resetting password no longer redirects to sign in page. It dis…

    …plays a message telling them to look for an email.
    authored June 30, 2011
  3. Dan Croak

    [#149] redirect_back_or on sign up.

    authored June 30, 2011
  4. Dan Croak

    Using flash :notice key everywhere now instead of :success and :failu…

    …re. More in line with Rails conventions.
    authored June 30, 2011

Apr 30, 2011

  1. Dan Croak

    Remove dependency on dynamic_form. Replaced with flashes due to limit…

    …ed number of failure cases. Resolves #145.
    authored April 30, 2011
  2. Dan Croak

    redirect to '/' after sign up. since we no longer have email confirma…

    …tion, it no longer makes sense to redirect to sign in after sign up, because you're already signed in. most apps we've been working on redirect to the home page after sign in so we're merging that change in upstream to clearance. resolves #146.
    authored April 30, 2011

Apr 25, 2011

  1. Dan Croak

    adding a new #authenticate method at the controller level that can be…

    … overriden for cases like switching to username & password, requiring fewer files to change. this breaks the before_filter :authenticate API that used to exist, which has been replaced with the more aptly-named before_filter :authorize.
    authored April 24, 2011

Apr 19, 2011

  1. Dan Croak

    remove password confirmation

    authored April 16, 2011

Jan 23, 2011

  1. Dan Croak

    replaced ActionController::Forbidden with a user-friendly flash message.

    Setting the 403 status code turned out to be a bad user experience in some browsers
    such as Chrome on Windows machines.
    authored January 16, 2011

Dec 22, 2010

  1. Remove email confirmations

    authored December 21, 2010 Harold Giménez committed December 21, 2010

Jul 17, 2010

  1. Nick Quaranto

    Move filter_parameters into engine initializer, using clearance as a …

    …real gem for tests
    authored July 17, 2010

Jun 10, 2010

  1. Joshua Clayton

    Update clearance and tests to Rails3-style syntax

Feb 21, 2010

  1. Dan Croak

    [#69] Allow Rails apps to before_filter :authenticate the entire app

    in ApplicationController and still have password recovery work without
    overriding any controllers. (Claudio Poli, Dan Croak)
    authored February 21, 2010

Feb 15, 2010

  1. Dan Croak

    scope skip_before_filter :authenticate to only actions Clearance defi…

    …nes. updated CHANGELOG
    authored February 15, 2010
  2. Matthew Ford

    adding skip_before_filter :authenticate

    So that you can use before_filter :authenticate
    in your application_controller without having to
    override the Clearance controllers
    authored September 17, 2009 croaky committed February 16, 2010

Jan 20, 2010

  1. Dan Croak

    use convenience paths (sign_up_path, sign_in_path, and sign_out_path)…

    … instead of implementation-specific sessions and users. nicer interface in the browser bar for users, a little encapsulation for developers.
    authored January 19, 2010
Something went wrong with that request. Please try again.