Commits on Mar 26, 2013
  1. Bump to 1.0.0.rc7

    croaky committed Mar 26, 2013
  2. Add `redirect_url` config option

    localhots committed with croaky Mar 22, 2013
    * Clarify in README that the config example shows the default values.
    * Wrap long line at 80 characters.
    * Move `redirect_to_root` from `lib/clearance/authorization.rb` to where
      it is used, in `app/controllers/clearance/sessions_controller.rb`, and
      better reveal its intent by re-naming it to `avoid_sign_in`.
    * Re-set `config.secure_cookie` to its original value in an `after`
      block in a test to teardown and avoid leakage across tests.
    * Use `_url` suffix in config name to match [RFC 2616 spec, section 14.
      which states the Location response-header field should use an absolute
      URI for 3xx responses.
    * The default value for `redirect_url` is the string path `'/'` as a
      previous compromise to make it less likely users will run into an
      issue if they don't want to define a root route. The string value avoids
      potentially confusing `NoMethodError: undefined method 'root_url'`
  3. Remove `unloadable` from controllers

    croaky committed Mar 18, 2013
    They are causing circular dependencies in Rails 4 + Ruby 2:
  4. Add option to make `remember_token` cookie secure

    mackuba committed with croaky Mar 25, 2013
    This is important if you have an app running on HTTPS, otherwise the
    auth cookie is leaked when you visit a HTTP URL and can be intercepted.
    Read more:
    * Fix documentation of `Clearance::Backdoor` (was missing namespace).
Commits on Mar 20, 2013
Commits on Mar 17, 2013
  1. Clean up

    croaky committed Mar 17, 2013
    * Replace inconsistent name credit with link to full set of contributors
      so some people aren't over-thanked and others aren't under-thanked.
    * Add dates for all releases.
    * Use more Markdown so it looks better on GitHub.
    * Wrap at 80 characters.
  2. Bump to 1.0.0.rc6

    croaky committed Mar 17, 2013
Commits on Mar 15, 2013
  1. Add Ruby 2.0 to tests/travis

    derekprior committed Mar 15, 2013
    Ruby 2.0 requires Rails 3.2.13, currently in rc. Update appraisals to
    run only that version of rails under 2.0. Update travis build matrix to
    do the same.
Commits on Mar 11, 2013
  1. Split Clearance::{Authentication,Authorization}

    croaky committed Feb 24, 2013
    There has been confusion about the `authorize` method residing in the
    `Authentication` module:
    * The `authorize` method performs authorization - it denies access to
      unauthenticated users.
    * It is assumed that controllers would override `authorize` for
      controllers that require specific authentication.
    * It's sort of strange that `Clearance::Authentication` contains a bunch
      of authorization logic.
    So, we:
    * Split `Clearance::Controller` into `Clearance::Authentication` and
      `Clearance::Authorization`, both of which get mixed into
    * Mix `Clearance::Controller` into `ApplicationController` in the install
    Read more:
  2. Add Gemnasium dependency status to README

    Arsen Gasparyan committed with croaky Mar 5, 2013
Commits on Mar 8, 2013
  1. Update to the latest bundler version

    gylaz committed Mar 8, 2013
    There was an issue where Travis build was erring because the bundler
    version was 1.2.3, and we explicitly upgrade rubygems via travis.yml.
    Thus, the result was that rubygems 2.0 is no longer compatible with
    older bundler versions. Thus let's always grab the latest version of
    bundler for Travis builds.
Commits on Mar 6, 2013
  1. Speed up tests for apps using clearance with bcrypt

    derekprior committed Mar 6, 2013
    If clearance detects that it's being run in the test environment, it
    will lower the bcyrpt cost factor (essentially, how much it will sleep)
    to the minimum.
Commits on Mar 3, 2013
  1. Update documentation

    Nick Slocum committed with croaky Mar 3, 2013
    Use more recent gem version that includes the integration tests
Commits on Feb 27, 2013
  1. Fix error in Blowfish, SHA1 password strategies

    croaky committed Feb 13, 2013
    * Bug report:
    * Remove duplication in spec suite.
    * Extract `fake_model_with_password_strategy` spec helper method.
  2. Replace email regex with EmailValidator gem

    croaky committed Feb 24, 2013
    * Use Rails 3 `validates` method.
    * Use Ruby 1.9 hash syntax.
Commits on Feb 25, 2013
  1. Rename i18n keys for password email

    gylaz committed with croaky Feb 24, 2013
    * Take off _paragraph prefix because text does not contian <p> tags
    * Change password text copy to be more clear.
    * Sort i18n keys alphabetically.
    * Resolves #248
  2. Fix broken links in README

    croaky committed Feb 24, 2013
    * GitHub changed how links work in Markdown files:
    * Link to i18n translations in README so it is clear what the key
      hierarchy is that can be overriden.
    * Break long lines after 80 characters.
    * Order lists alphabetically.
Commits on Feb 23, 2013
  1. Include certain helpers only for controller specs

    gylaz committed Feb 23, 2013
    Travis CI was failing because of the conflict between the `sign_out` method
    meant for integration tests and the `sign_out` method used for controller specs.
    Example failure:
Commits on Feb 22, 2013
  1. Move password email delivery to private method

    salbertson committed Feb 22, 2013
    * The password email delivery can now be overridden
  2. Removes duplicated sign up and forgot password links

    Galen Frechette committed with croaky Feb 16, 2013
  3. Make PasswordsController#create case-insensitive

    agraves committed with croaky Feb 12, 2013
    * Centralize email normalization logic in `User.normalize_email`.
    * Implement `User.find_by_normalized_email`.
Commits on Feb 21, 2013
  1. Add psych as development dependency

    jferris committed Feb 21, 2013
    * Eliminates warnings and errors when psych is installed
Commits on Feb 14, 2013
  1. Improve UX of password reset

    croaky committed Feb 14, 2013
    As reported on:
    By default, the text on the password reset page read:
    > We will email you a link to reset your password.
    This implies that the system is already in the process of sending an
    and that no further action is required by the user. We have had multiple
    users of our application fail to complete the password reset flow
    because of
    this confusion.
    Here's how these users got stuck:
    * Visit the login page.
    * Enter their email address and an incorrect password.
    * The application denies login with "Bad email or password" error.
    * User gives up and clicks "Forgot password?" link.
    * Reset password page loads with the text "We will email you a link to
     reset your password.". User thinks they are done. (After all, they
     already provided their email address on the login page.)
    * User never completes the reset password form. Telephones support
     complaining their password is not being reset.
    Our fix was to change the password reset text to:
    > To be emailed a link to reset your password, please enter your email
    > address.
  2. Improve readability of locales

    croaky committed Feb 13, 2013
Commits on Feb 13, 2013
  1. Persis BCrypt password during SHA1 migration

    edouard committed with croaky Nov 15, 2012
    A full description of the issue this resolves is here:
  2. Prepare Clearance for Rails 4

    geoffharcourt committed with croaky Jan 31, 2013
    * Change routes to use `get` instead of `match`.
    * Don't allow multiline strings for email format.
    * Rails 4 issues an exception when validates_format_of encounters regex
      that uses ^ and $ rather than /A and /Z. See this pull request:
    * `sign_out` should use DELETE, not GET.
    * Remove irrelevant spec for testing regex.
    * Test against latest security-patched Rails versions.
  3. Add "#clearance" wrapper to markup

    Galen Frechette committed with croaky Feb 11, 2013
  4. Improve markup and style sheets

    Galen Frechette committed with croaky Feb 11, 2013
    * Fixes inconsistency with input wrapper classes.
    * Improves markup for secondary links. Adds sign in link to sign up form
      for better navigation.
Commits on Jan 29, 2013
Commits on Jan 18, 2013
  1. Strip whitespace from User#email

    amrit committed with croaky Dec 29, 2012
    * Rename downcase_email to normalize_email.
Commits on Jan 4, 2013