Releases: thoughtbot/clearance
Releases · thoughtbot/clearance
v1.14.2
Fixed
- Fixed incompatibility with
attr_encrypted
gem by inlining the body of the
encrypt
helper method used in the BCrypt password strategy.
v1.14.1
Fixed
- Fixed insertion of
include Clearance::User
when running the install
generator in an app that already has aUser
model. - Updated
deny_access
matcher to assert against configured redirect location
rather than hard coded/
.
v1.14.0
Added
Clearance::BackDoor
now accepts a block, allowing the user for a test to be
looked up by a parameter other thanid
if you have overriddento_param
for
theUser
model.
Fixed
- We now correctly track the dirty state of
User#encrypted_password
, which
fixes custom validations onUser#password
(e.g. validating password length)
that were conditional on the password actually changing. - The
clearance:install
generator will now generate aUser
model that
inherits fromApplicationRecord
if run on a Rails 5 app that doesn't already
have aUser
model.
Deprecated
User#password_changing
is deprecated in favor of automatic dirty tracking on
encrypted_password
andpassword
. If you are calling this in your
application you should be able to remove it.
v1.13.0
Added
- Clearance now supports Rails 5.0.0.beta3 and newer.
Fixed
- Clearance will now infer the parameter name to use when accessing user
parameters in a request. This previously used:user
, which was incorrect for
customized user models. - Generated feature specs no longer rely on RSpec monkey patches.
v1.12.1
Fixed
- Fixed the
create_users
migration generated byrails generate clearance:install
under Rails 3.x.
v1.12.0
Added
- Users will now see a flash message when redirected to sign in by
require_login
. This I18n key for this message is
flashes.failure_when_not_signed_in
and defaults to "Please sign in to
continue". - Added significant API documentation. API documentation effort is ongoing.
Fixed
- Fixed expectation in the generated
visitor_resets_password_spec.rb
file. - Corrected indentation of routes inserted by the routes generator.
- Corrected indentation of
include Clearance::User
when the install generator
adds it to an existing user class.
v1.11.0
Added
- Add
sign_in
andsign_in_as
helper methods to view specs. These helpers
avoid errors from verified partial doubles that come from. See
462c009.
Fixed
clearance:routes
generator now properly disables internal routes in your
Clearance initializer.- Clearance now accesses the cookie jar via ActionDispatch::Request rather than
Rack::Request
. This is more consistent with what Rails does internally.
Deprecated
Clearance::Testing::Helpers
has been deprecated in favor of
Clearance::Testing::ControllerHelpers
. Most users are accessing these
helpers by requiringclearance/rspec
orclearance/test_unit
and should be
unaffected.
v1.10.1
Deprecated
- All clearance-provided password strategies other than BCrypt have been
deprecated. You can continue to use those strategies without a deprecation
warning by addingclearance-deprecated_password_strategies
to your Gemfile.
v1.9.0
Added
- The change password mailer now produces a multipart message which includes a
text part along with the previously existing HTML part. To override the text
part, addchange_password.text.erb
alongside yourchange_password.html.erb
file.
Fixed
- Custom
user_model
configured in a Rails initializer will now be reloaded in
development mode. - Change password template now contains "Change my password" link text to
address an issue linking the URL in some mail clients.
v1.8.1
Security
- Enable cross-site request forgery protection on
sessions#create
. See
7f5d56e.
Fixed
- All methods included by
Clearance::Controller
are now excluded from
action_methods
.