v1.2.0

Added

• Support for Rails 4.1.0.rc1
• Sign in can now be disabled with config.allow_sign_in = false

Changed

• Sign in failure message is now customized exclusively via I18n.
  SessionsController#flash_failure_after_create is no longer called. To
  customize the message, change the
  clearance.controllers.sessions.bad_email_or_password or
  flashes.failure_after_create key.

Deprecated

• clearance/testing is now deprecated. Require clearance/rspec or
  clearance/test_unit as appropriate.

Full Changelog

v1.1.0

Added

• Validate email with EmailValidator strict mode.
• The cookie_expiration configuration lambda can now be called with a
  cookies parameter. Allows the Clearance cookie expiration to be set
  according to the value of another cookie (such as remember_me).
• Allow cookie domain and path configuration.
• Add sign in guards.

Fixed

• Don't allow logins with blank remember_token.

Deprecated

• A cookie_expiration lambda that does not accept this cookies
  parameter has been deprecated.

Full Changelog

v1.0.1

Fixed

• Fix an issue when trying to sign in with nil

Full Changelog

v1.0.0

Added

• Support Rails 4.
• Speed up test suites using ::BCrypt::Engine::MIN_COST.
• Speed up integration suites with Clearance::BackDoor.
• Provide BCryptMigrationFromSHA1 password strategy to help people migrate from
  SHA1 (the old default password strategy) to BCrypt (the new default).
• Support Ruby 2.
• More extension points in more controllers.
• Add SignedIn and SignedOut routing constraints.
• Add a fake password strategy, which is useful when writing tests.
• Add redirect_url configuration option.
• Add secure_cookie configuration option.

Changed

• Change default password strategy to BCrypt.
• Replace email regular expression with EmailValidator gem.
• Require > Ruby 1.9.
• The email, encrypted_password, and remember_token fields of the users
  table are NOT NULL in the default migration.
• Replace Cucumber feature generator with RSpec + Capybara.
• Remove Diesel dependency.
• PasswordsController params[:user] has changed to params[:password_reset]
  to avoid locale conflicts.

Fixed

• Improve security when changing password.
• Reduce extra user lookups when adding cookie to headers.
• Unauthorized API requests return HTTP status 401 rather than a redirect
  to the sign in page.

Removed

• Remove deprecated methods on User: remember_me!, generate_random_code,
  password_required?.
• Remove unloadable from controllers (Rails 4 bug fix in development
  environment).
• Remove support for supplying return_to value via request parameter.

Full Changelog

v0.16.2

Changed

• Change default email sender to deploy@example.com.

Full Changelog

v0.16.0

Added

• Blowfish password encryption strategy.

Full Changelog

v0.15.0

Added

• The User model can be swapped out using the Clearance.configure method.

Removed

• Remove User::InstanceMethods to silence a Rails 3.2 deprecation warning.

Full Changelog

v0.14.0

Added

• Support clearance session management from the Rack environment.

Full Changelog

v0.13.2

Fixed

• Fixed the deny_access matcher.

Full Changelog

v0.13.0

Changed

• In Clearance's optional generated features, use pure Capybara instead of
  depending on Cucumber's removed web_steps, paths, and selectors.
• Extract SHA-1-specific code out of User into PasswordStrategies module.
• Extract sign in form so that other methods can be added easily.
• Test against Rails 3.1. Required upgrades to Diesel and Appraisal.

Full Changelog