v1.14.2

Fixed

• Fixed incompatibility with attr_encrypted gem by inlining the body of the
  encrypt helper method used in the BCrypt password strategy.

Full Changelog

v1.14.1

Fixed

• Fixed insertion of include Clearance::User when running the install
  generator in an app that already has a User model.
• Updated deny_access matcher to assert against configured redirect location
  rather than hard coded /.

Full Changelog

v1.14.0

Added

• Clearance::BackDoor now accepts a block, allowing the user for a test to be
  looked up by a parameter other than id if you have overridden to_param for
  the User model.

Fixed

• We now correctly track the dirty state of User#encrypted_password, which
  fixes custom validations on User#password (e.g. validating password length)
  that were conditional on the password actually changing.
• The clearance:install generator will now generate a User model that
  inherits from ApplicationRecord if run on a Rails 5 app that doesn't already
  have a User model.

Deprecated

• User#password_changing is deprecated in favor of automatic dirty tracking on
  encrypted_password and password. If you are calling this in your
  application you should be able to remove it.

Full Changelog

v1.13.0

Added

• Clearance now supports Rails 5.0.0.beta3 and newer.

Fixed

• Clearance will now infer the parameter name to use when accessing user
  parameters in a request. This previously used :user, which was incorrect for
  customized user models.
• Generated feature specs no longer rely on RSpec monkey patches.

Full Changelog

v1.12.1

Fixed

• Fixed the create_users migration generated by rails generate clearance:install under Rails 3.x.

Full Changelog

v1.12.0

Added

• Users will now see a flash message when redirected to sign in by
  require_login. This I18n key for this message is
  flashes.failure_when_not_signed_in and defaults to "Please sign in to
  continue".
• Added significant API documentation. API documentation effort is ongoing.

Fixed

• Fixed expectation in the generated visitor_resets_password_spec.rb file.
• Corrected indentation of routes inserted by the routes generator.
• Corrected indentation of include Clearance::User when the install generator
  adds it to an existing user class.

Full Changelog

v1.11.0

Added

• Add sign_in and sign_in_as helper methods to view specs. These helpers
  avoid errors from verified partial doubles that come from. See
  462c009.

Fixed

• clearance:routes generator now properly disables internal routes in your
  Clearance initializer.
• Clearance now accesses the cookie jar via ActionDispatch::Request rather than
  Rack::Request. This is more consistent with what Rails does internally.

Deprecated

• Clearance::Testing::Helpers has been deprecated in favor of
  Clearance::Testing::ControllerHelpers. Most users are accessing these
  helpers by requiring clearance/rspec or clearance/test_unit and should be
  unaffected.

Full Changelog

v1.10.1

Deprecated

• All clearance-provided password strategies other than BCrypt have been
  deprecated. You can continue to use those strategies without a deprecation
  warning by adding clearance-deprecated_password_strategies to your Gemfile.

Full Changelog

v1.9.0

Added

• The change password mailer now produces a multipart message which includes a
  text part along with the previously existing HTML part. To override the text
  part, add change_password.text.erb alongside your change_password.html.erb
  file.

Fixed

• Custom user_model configured in a Rails initializer will now be reloaded in
  development mode.
• Change password template now contains "Change my password" link text to
  address an issue linking the URL in some mail clients.

Full Changelog

v1.8.1

Security

• Enable cross-site request forgery protection on sessions#create. See
  7f5d56e.

Fixed

• All methods included by Clearance::Controller are now excluded from
  action_methods.

Full Changelog