* Support Rails 3.0.15, 3.1.6, 3.2.6. * Apply style guidelines to test suite. * Be more strict about development dependencies.
* Use single quotes unless interpolating. * Do not align tokens. * Add a newline between lines of code and blocks. * Alphabetize methods and lists of attributes. Additional refactoring: * Refactor new_indexes to more appropriately use a Hash. * Refactor collections to use Symbol#to_proc to shorten lines. * Use consistent naming patterns (existing_*, new_*). * Remove `each` naming convention on enumerators. * Remove now unnecessary GOALS file.
The salt column is only needed for SHA1 and MD5 strategies, which are not the default. The README contains instructions for adding the salt back before switching to those strategies.
This commit makes BCrypt the default for new setups, and introduces a strategy for converting existing infrastructure to BCrypt. To switch to BCrypt now: Clearance.configure do |config| config.password_strategy = Clearance::PasswordStrategies::BCrypt end To set the password strategy to the conversion layer: Clearance.configure do |config| config.password_strategy = Clearance::PasswordStrategies::BCryptMigrationFromSHA1 end To continue to use SHA1: Clearance.configure do |config| config.password_strategy = Clearance::PasswordStrategies::SHA1 end
… in all versions.
only include the instance methods and callbacks.
…umented clearly, with links to the engine's codebase for further exploration.
* Separates responsibility of password encryption from the User module into a PasswordStrategy * Makes password encryption on-demand instead of happening in ActiveRecord callbacks
It turned out that Digest::SHA1 and SecureRandom.hex returns a US-ASCII string. We should cast it to UTF-8 to avoid problem with Sqlite3
…dom (now just SecureRandom)
…unnecessary and causes a small performance problem on some apps. Resolves #148
… hashing methods.
…because it will force downcasing
allow old users to sign in by reseting their password. This initializes their salt, generates a remember token, and encrypts their password for the first time.
…he conditional is implied
… a security hole for people who forget to use attr_accessible, can be handled by a rake task
* Improved and fixed test case that ensures different remember tokens for users created at the same time with the same password. * With remember_token generation occuring at creation now, the old test case was no longer valid.
* Allows for the same user to sign in from two locations at once * Added support for setting User#remember_token on creation * Addresses this thread: http://groups.google.com/group/thoughtbot-clearance/browse_thread/thread/d071ae84573e40ff
…enerate_confirmation_token to before_create
this does not belong in an authentication library. the application developer should decide whether they want to use attr_accessible