Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Apr 3, 2015
  1. @derekprior


    derekprior authored
  2. @derekprior

    Allow User model to be reloaded in development

    derekprior authored
    When a `user_model` is configured in a Clearance initializer, a
    reference to that class is immediately saved off. If that class is
    changed, Clearance will not know to automatically reload the class as
    Rails does automatically for classes in development.
    This change introduces a `to_prepare` block to the Engine that is
    responsible for forcing the configured user class to be reloaded.
    `to_prepare` runs once per request in development and only at startup in
    other environments.
  3. @derekprior

    Fix formatting

    derekprior authored
Commits on Mar 3, 2015
  1. @derekprior


    derekprior authored
  2. @derekprior

    Don't expose authentication methods as actions

    derekprior authored
    There were a couple of methods from the Clearance::Authentication that
    were leaking through to become routable action methods on the
    controller. We need to hide them as actions.
Commits on Jan 30, 2015
  1. @derekprior

    Add documentation for configuration options

    derekprior authored
    Added Yard configuration and documentation for
    `Clearance::Configuration`. Moving forward, we will be adding
    documentation to the rest of Clearance.
Commits on Jan 23, 2015
  1. @derekprior


    derekprior authored
Commits on Jan 22, 2015
  1. Configure remember token cookie name

    Eric Collins authored
    * Document cookie name configuration
    * Remove REMEMBER_TOKEN_COOKIE in favor of method
Commits on Jan 8, 2015
  1. @derekprior


    derekprior authored
  2. @derekprior

    Test & Support Ruby 2.2 across Rails versions

    derekprior authored
    To get the test suite to run in under 2.2, I:
    * Upgraded Cucumber to a version that supports Ruby 2.2
    * Added 2.2.0 to our Travis Matrix (Sorry, Travis)
    * Excluded Rails 3.2 under Ruby 2.2 from appraisals as it is not
      supported by rails (yet). See: rails/rails#18306
    Once that was done, it was  discovered that Rails 4.0.x requires the
    `test-unit` gem under Ruby 2.2. Adding that gem allows the test suite to
    run there.
    With that in place, I found that the `deny_access` matcher was not
    negating as expected. This is because the test-unit gem raises a
    different error when an assertion failed. I have to catch this error in
    addition to the Minitest::Assertion error we were already catching.
  3. @derekprior

    Rename `authorize` filter to `require_login`

    derekprior authored
    This name better expresses the intent of the filter and has the
    advantage of not conflicting with the `authorize` method provided by
    pundit or wading into the sometimes hairy line demarcating authorization
    from authentication.
    Clearance users should migrate from `:authorize` to `require_login` as
    the former will be removed in 2.0. Be sure to catch reference to
    `skip_before_filter :authorize` or `skip_before_action :authorize`,
    which the deprecation cannot catch.
    addresses #503, #436, and #239
Commits on Jan 7, 2015
  1. @derekprior


    derekprior authored
  2. @arthurnn @derekprior

    Don't set a blank remember token

    arthurnn authored derekprior committed
    There's no sense in setting a remember token cookie if the value of that
    cookie is nil. In fact, this causes a problem for sites that bounce
    users between HTTP and HTTPS connections for when the user is signed in
    versus signed out. Prior to this change, if Clearance's `secure_cookie`
    option was on the users remember token would be completely wiped out
    when they hit an HTTP page. Even returning to HTTPS would not restore
    the user's token. With this change in place, the HTTP response would
    simply not set a remember token cookie, but switching back to HTTPS
    would allow the client to send its previously existing cookie.
    There was an existing test for this, but it was passing incorrectly. The
    `set_cookie` matcher was not negating the way we wanted it to. On the
    test, the header values were:
    Fixes #338.
  3. @derekprior

    Fix warnings generated by Clearance

    derekprior authored
    * Instance variables should be defined in initializers before used
    * `File.exists?` is deprecated
    This does not address the "possible reference to past scope" warnings
    introduced with Ruby 2.2.0 as it appears this warning will be removed in
    2.2.1. See
Commits on Dec 23, 2014
  1. @derekprior

    Move test app into spec/dummy

    derekprior authored
    This isn't library code, it's test code. It doesn't belong in `lib`.
    Common convention in engines is to have the dummy app in `spec/dummy`.
    * Update namespace so it doesn't look like part of Clearance.
    * Update reference from `Clearance::Testing::Application` to
    * Move dummy rake tasks into the `dummy` rake namespace.
    * Update bin/setup to use the new namespace.
    * Update bin/setup to no longer clean old appraisals out.
    * Update style in Rakefile and Dummy app
Commits on Dec 22, 2014
  1. @jessieay

    Upgrade to rspec-rails 3.1

    Derek and Jessie authored jessieay committed
    * Fix deprecation warnings in the cookie matcher
    * Fix loading of the MiniTest runner (caused by requiring
      `rails/test_help`, which we didn't need anyway.
    * Remove wrapper around MiniTest::Assertion
    * Clean up requires in `spec_helper` and `env`.
    * Remove .rspec file as the settings in there are default
    * Add appraisals to version control per
Commits on Dec 20, 2014
  1. @derekprior


    derekprior authored
  2. @derekprior

    Support Rails 4.2

    derekprior authored
    Most of the changes necessary here were test-suite-only issues. The lone
    production-impactful change was adding support for
    `ActionMailer#deliver_later` in the `PasswordsController`. This will
    automatically use the queue configured with Active Job in order to
    background the sending of email. With no queue configured, it will be
    delivered synchronously. The old `#deliver` method still works, but
    generates deprecation warnings.
    The rest of the changes were related to the test suite:
    * Add a Rails 4.2 appraisal
    * Update cucumber steps to remove unnecessary gems from generated apps.
    * Simplify appraisal dependencies thanks to the above.
    * Fixed `forgeries_controller_spec`. This is still a brittle way to test
      this functionality but at least it works across Rails versions.
    * Removed deprecation related to test suite ordering in the test app
      that is loaded.
    There remains a single (repeated) deprecation when running specs on 4.2
    which comes from RSpec and will be addressed by upgrading to
    `rspec-rails` 3.1 (see [`rspec-rails` issue]. That work will be in a
    separate pull-request.
    [`rspec-rails` issue]: rspec/rspec-rails#1187
Commits on Dec 19, 2014
  1. @derekprior


    derekprior authored
Commits on Nov 21, 2014
  1. @squarism @derekprior

    Fix blowfish password strategy

    squarism authored derekprior committed
    The Blowfish password strategy was creating passwords with encodings
    that could not be persisted to the database. Encoding the result to
    Base64 fixes this problem.
Commits on Oct 17, 2014
  1. @derekprior


    derekprior authored
  2. @derekprior

    Add a setting to disable all routes

    derekprior authored
    This setting allows clearance routes to be completely customized. Users who
    customize the routes to this level may have to edit the views and mailers as
    there are references to routes there.
Commits on Oct 3, 2014
  1. @derekprior


    derekprior authored
  2. @derekprior

    Routing constraints handle missing session data

    derekprior authored
    Routing constraints should behave appropriately when
    request.env[:clearance] is not set. That is, the SignedIn
    constraint should not match while the SignedOut constraint
Commits on Sep 13, 2014
  1. @derekprior


    derekprior authored
  2. @geoffharcourt @derekprior

    Fix deprecated matcher method on DenyAccessMatcher

    geoffharcourt authored derekprior committed
    `DenyAccessMatcher` used `#negative_failure_message`, which has been
    deprecated in favor of the newer RSpec matcher method
    `#failure_message_when_negated`. Renamed this instance variable and the
    `attr_reader` to remove RSpec 3.0 deprecation warnings when using
    `DenyAccessMatcher` in specs.
    Added aliases `failure_message_for_should` and
    `failure_message_for_should_not` to maintain RSpec 1.2+, < 3.0
Commits on Sep 5, 2014
  1. @derekprior


    derekprior authored
  2. @iwz
Commits on Jul 18, 2014
  1. @derekprior


    derekprior authored
  2. @JimiJonJimbo @derekprior

    Use original_fullpath when redirecting

    JimiJonJimbo authored derekprior committed
    original_fullpath works better than fullpath here, because fullpath doesn't play nice with mounted engines.
    For example, with rails_admin, request.fullpath is "/admin/" but request.original_fullpath is "/admin".
Commits on May 4, 2014
  1. @5vankmajer
Commits on Apr 18, 2014
  1. @jsteiner
Commits on Mar 14, 2014
  1. @derekprior

    Bump to 1.3.0

    derekprior authored
Commits on Mar 9, 2014
  1. @derekprior

    Backfill remember_token for existing user records

    derekprior authored
    The clearance migration to add clearance fields to an existing users
    table now also ensures each user has a generated remember_token.
Commits on Mar 6, 2014
  1. @derekprior

    Prepare version 1.2.1

    derekprior authored
Something went wrong with that request. Please try again.