Releases: thoughtbot/clearance
Releases · thoughtbot/clearance
v1.2.0
Added
- Support for Rails 4.1.0.rc1
- Sign in can now be disabled with
config.allow_sign_in = false
Changed
- Sign in failure message is now customized exclusively via I18n.
SessionsController#flash_failure_after_create
is no longer called. To
customize the message, change the
clearance.controllers.sessions.bad_email_or_password
or
flashes.failure_after_create
key.
Deprecated
clearance/testing
is now deprecated. Requireclearance/rspec
or
clearance/test_unit
as appropriate.
v1.1.0
Added
- Validate email with
EmailValidator
strict mode. - The
cookie_expiration
configuration lambda can now be called with a
cookies
parameter. Allows the Clearance cookie expiration to be set
according to the value of another cookie (such asremember_me
). - Allow cookie domain and path configuration.
- Add sign in guards.
Fixed
- Don't allow logins with blank
remember_token
.
Deprecated
- A
cookie_expiration
lambda that does not accept thiscookies
parameter has been deprecated.
v1.0.1
v1.0.0
Added
- Support Rails 4.
- Speed up test suites using
::BCrypt::Engine::MIN_COST
. - Speed up integration suites with
Clearance::BackDoor
. - Provide
BCryptMigrationFromSHA1
password strategy to help people migrate from
SHA1 (the old default password strategy) to BCrypt (the new default). - Support Ruby 2.
- More extension points in more controllers.
- Add
SignedIn
andSignedOut
routing constraints. - Add a fake password strategy, which is useful when writing tests.
- Add
redirect_url
configuration option. - Add
secure_cookie
configuration option.
Changed
- Change default password strategy to BCrypt.
- Replace email regular expression with
EmailValidator
gem. - Require > Ruby 1.9.
- The
email
,encrypted_password
, andremember_token
fields of the users
table areNOT NULL
in the default migration. - Replace Cucumber feature generator with RSpec + Capybara.
- Remove Diesel dependency.
PasswordsController
params[:user]
has changed toparams[:password_reset]
to avoid locale conflicts.
Fixed
- Improve security when changing password.
- Reduce extra user lookups when adding cookie to headers.
- Unauthorized API requests return HTTP status 401 rather than a redirect
to the sign in page.
Removed
- Remove deprecated methods on User:
remember_me!
,generate_random_code
,
password_required?
. - Remove
unloadable
from controllers (Rails 4 bug fix in development
environment). - Remove support for supplying
return_to
value via request parameter.
v0.16.2
v0.16.0
v0.15.0
Added
- The
User
model can be swapped out using theClearance.configure
method.
Removed
- Remove
User::InstanceMethods
to silence a Rails 3.2 deprecation warning.
v0.14.0
v0.13.2
v0.13.0
Changed
- In Clearance's optional generated features, use pure Capybara instead of
depending on Cucumber's removedweb_steps
, paths, and selectors. - Extract SHA-1-specific code out of
User
intoPasswordStrategies
module. - Extract sign in form so that other methods can be added easily.
- Test against Rails 3.1. Required upgrades to Diesel and Appraisal.