Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Jul 23, 2012
  1. @mike-burns

    Bump to 1.0.0.rc1

    mike-burns authored
Commits on Jul 22, 2012
  1. @croaky

    Upgrade dependencies

    croaky authored
    * Support Rails 3.0.15, 3.1.6, 3.2.6.
    * Apply style guidelines to test suite.
    * Be more strict about development dependencies.
  2. @croaky

    Apply style guidelines

    croaky authored
    * Use single quotes unless interpolating.
    * Do not align tokens.
    * Add a newline between lines of code and blocks.
    * Alphabetize methods and lists of attributes.
    Additional refactoring:
    * Refactor new_indexes to more appropriately use a Hash.
    * Refactor collections to use Symbol#to_proc to shorten lines.
    * Use consistent naming patterns (existing_*, new_*).
    * Remove `each` naming convention on enumerators.
    * Remove now unnecessary GOALS file.
Commits on Jul 19, 2012
  1. @mike-burns

    Remove the salt from the DB migration

    mike-burns authored
    The salt column is only needed for SHA1 and MD5 strategies, which  are
    not the default. The README contains instructions for adding the salt
    back before switching to those strategies.
Commits on Jun 29, 2012
  1. @mike-burns

    BCrypt for passwords

    Dan Croak and Gabe Berke-Williams authored mike-burns committed
    This commit makes BCrypt the default for new setups, and introduces a
    strategy for converting existing infrastructure to BCrypt.
    To switch to BCrypt now:
        Clearance.configure do |config|
          config.password_strategy = Clearance::PasswordStrategies::BCrypt
    To set the password strategy to the conversion layer:
        Clearance.configure do |config|
          config.password_strategy = Clearance::PasswordStrategies::BCryptMigrationFromSHA1
    To continue to use SHA1:
        Clearance.configure do |config|
          config.password_strategy = Clearance::PasswordStrategies::SHA1
Commits on Feb 2, 2012
  1. @gabebw
Commits on Oct 27, 2011
  1. @cmavromoustakos

    Added InstanceMethods module back so we can exclude the validations and

    cmavromoustakos authored
    only include the instance methods and callbacks.
Commits on Oct 10, 2011
  1. @croaky

    improving the README's documentation. all overrides should now be doc…

    croaky authored
    …umented clearly, with links to the engine's codebase for further exploration.
Commits on Sep 11, 2011
  1. @vandrijevik
  2. @vandrijevik

    Extract SHA1-related code to a Password Strategy.

    vandrijevik authored
    * Separates responsibility of password encryption
      from the User module into a PasswordStrategy
    * Makes password encryption on-demand instead of
      happening in ActiveRecord callbacks
Commits on Jun 14, 2011
  1. @sikachu @croaky

    Fix compatibility issue with Ruby 1.9

    sikachu authored croaky committed
    It turned out that Digest::SHA1 and SecureRandom.hex returns a US-ASCII string. We should cast it to UTF-8 to avoid problem with Sqlite3
Commits on Jun 9, 2011
  1. @croaky

    getting rid of a rails 3.1 warning regarding ActiveSupport::SecureRan…

    croaky authored
    …dom (now just SecureRandom)
Commits on Apr 30, 2011
  1. @croaky

    Removing :case_sensitive option from validates_uniqueness_of. It was …

    croaky authored
    …unnecessary and causes a small performance problem on some apps. Resolves #148
Commits on Apr 19, 2011
  1. @croaky
  2. @croaky
  3. @croaky

    remove password confirmation

    croaky authored
Commits on Apr 16, 2011
  1. @croaky

    when user tries to sign in with uppercase email, clearance allows it …

    croaky authored
    …because it will force downcasing
  2. @acconrad @croaky

    forced email to be downcase.

    acconrad authored croaky committed
Commits on Apr 14, 2011
  1. @janxious
Commits on Feb 13, 2011
  1. @croaky

    [#74] When Clearance is installed in an app that already has users,

    Dan Croak and Joe Ferris authored croaky committed
    allow old users to sign in by reseting their password. This initializes
    their salt, generates a remember token, and encrypts their password for
    the first time.
Commits on Dec 22, 2010
  1. Remove email confirmations

    Mike Burns and Harold Giménez authored Harold Giménez committed
Commits on Dec 21, 2010
  1. @RobertStevenson @mike-burns
Commits on Jun 10, 2010
  1. @joshuaclayton
Commits on Jun 1, 2010
  1. @hardbap @croaky
Commits on Apr 16, 2010
  1. @mike-burns
Commits on Feb 21, 2010
  1. @croaky

    rolling back change. doesn't fully cover edge case reported, opens up…

    croaky authored
    … a security hole for people who forget to use attr_accessible, can be handled by a rake task
  2. @croaky
Commits on Feb 17, 2010
  1. @croaky
  2. @jferris
Commits on Feb 16, 2010
  1. @rmm5t

    Added randomness to token and salt generation

    rmm5t authored
    * Improved and fixed test case that ensures different remember tokens for users created at the same time with the same password.
    * With remember_token generation occuring at creation now, the old test case was no longer valid.
  2. @rmm5t

    Reset the remember_token on sign out instead of sign in

    rmm5t authored
    * Allows for the same user to sign in from two locations at once
    * Added support for setting User#remember_token on creation
    * Addresses this thread:
  3. @rmm5t

    Removed User#initialize_confirmation_token from before_save; added #g…

    rmm5t authored
    …enerate_confirmation_token to before_create
  4. @rmm5t
Commits on Jan 19, 2010
  1. @croaky

    removing attr_accessible from Clearance::User.

    croaky authored
    this does not belong in an authentication library.
    the application developer should decide whether they want to use
Commits on Nov 13, 2009
Something went wrong with that request. Please try again.