clearance 1.17.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +8 -14
- data/Appraisals +11 -3
- data/Gemfile +3 -6
- data/Gemfile.lock +91 -87
- data/NEWS.md +233 -15
- data/README.md +54 -28
- data/app/controllers/clearance/base_controller.rb +8 -1
- data/app/controllers/clearance/passwords_controller.rb +35 -45
- data/app/controllers/clearance/sessions_controller.rb +3 -18
- data/app/controllers/clearance/users_controller.rb +2 -17
- data/clearance.gemspec +15 -9
- data/config/locales/clearance.en.yml +1 -0
- data/config/routes.rb +1 -1
- data/gemfiles/rails_5.0.gemfile +5 -6
- data/gemfiles/rails_5.1.gemfile +5 -6
- data/gemfiles/rails_5.2.gemfile +5 -6
- data/gemfiles/{rails_4.2.gemfile → rails_6.0.gemfile} +7 -7
- data/lib/clearance.rb +0 -8
- data/lib/clearance/authentication.rb +1 -9
- data/lib/clearance/authorization.rb +2 -11
- data/lib/clearance/back_door.rb +1 -1
- data/lib/clearance/configuration.rb +30 -19
- data/lib/clearance/password_strategies.rb +5 -4
- data/lib/clearance/password_strategies/argon2.rb +23 -0
- data/lib/clearance/password_strategies/bcrypt.rb +17 -11
- data/lib/clearance/rack_session.rb +5 -1
- data/lib/clearance/session.rb +40 -12
- data/lib/clearance/testing/deny_access_matcher.rb +10 -20
- data/lib/clearance/user.rb +3 -24
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/install_generator.rb +12 -12
- data/lib/generators/clearance/install/templates/README +10 -4
- data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb.erb +1 -1
- data/lib/generators/clearance/install/templates/db/migrate/create_users.rb.erb +1 -1
- data/lib/generators/clearance/routes/templates/routes.rb +1 -1
- data/spec/acceptance/clearance_installation_spec.rb +0 -4
- data/spec/app_templates/app/models/user.rb +1 -1
- data/spec/app_templates/testapp/app/controllers/home_controller.rb +1 -5
- data/spec/app_templates/testapp/app/views/layouts/application.html.erb +24 -0
- data/spec/clearance/back_door_spec.rb +12 -6
- data/spec/clearance/rack_session_spec.rb +2 -0
- data/spec/clearance/session_spec.rb +91 -47
- data/spec/clearance/testing/deny_access_matcher_spec.rb +32 -0
- data/spec/configuration_spec.rb +46 -15
- data/spec/controllers/apis_controller_spec.rb +1 -5
- data/spec/controllers/forgeries_controller_spec.rb +1 -5
- data/spec/controllers/passwords_controller_spec.rb +41 -5
- data/spec/controllers/permissions_controller_spec.rb +3 -7
- data/spec/controllers/sessions_controller_spec.rb +1 -1
- data/spec/dummy/app/controllers/application_controller.rb +1 -5
- data/spec/dummy/application.rb +7 -3
- data/spec/generators/clearance/install/install_generator_spec.rb +33 -15
- data/spec/generators/clearance/views/views_generator_spec.rb +0 -2
- data/spec/models/user_spec.rb +5 -5
- data/spec/password_strategies/argon2_spec.rb +79 -0
- data/spec/password_strategies/bcrypt_spec.rb +18 -1
- data/spec/requests/authentication_cookie_spec.rb +55 -0
- data/spec/requests/token_expiration_spec.rb +5 -0
- data/spec/spec_helper.rb +4 -7
- data/spec/support/generator_spec_helpers.rb +1 -9
- metadata +51 -33
- data/app/views/layouts/application.html.erb +0 -23
- data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +0 -77
- data/lib/clearance/password_strategies/blowfish.rb +0 -61
- data/lib/clearance/password_strategies/sha1.rb +0 -59
- data/lib/clearance/testing.rb +0 -11
- data/lib/clearance/testing/helpers.rb +0 -15
- data/spec/app_templates/app/models/rails5/user.rb +0 -5
- data/spec/password_strategies/bcrypt_migration_from_sha1_spec.rb +0 -122
- data/spec/password_strategies/blowfish_spec.rb +0 -61
- data/spec/password_strategies/sha1_spec.rb +0 -59
- data/spec/support/environment.rb +0 -12
- data/spec/support/http_method_shim.rb +0 -25
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1a6869cfdd76b965d10f6809fe4ad1639a57d242de11fd4a414ac017c515c94c
|
4
|
+
data.tar.gz: 759e38cd4bd2525c5f35ab53c1f994317d13f3e449248b2fdec521808b398346
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fb078764b744a5763476b7e0098196b9cbafe21043943591e6a0deeeeee291fb3b745cdd3ce666f4fdce031dcf5602f3d7fab42424658c726f0da3a82bfecccd
|
7
|
+
data.tar.gz: 43108490f1763fbb0a46edfde7c13dbe09af98e29998345868e96b0d7d49e02ec9788a1147c78301563e8a26ae2b659200dd2864b9ff798ca8fba99833a1bf84
|
data/.travis.yml
CHANGED
@@ -4,19 +4,16 @@ language:
|
|
4
4
|
- ruby
|
5
5
|
|
6
6
|
rvm:
|
7
|
-
- 2.
|
8
|
-
- 2.
|
9
|
-
- 2.5
|
10
|
-
- 2.
|
7
|
+
- 2.4.9
|
8
|
+
- 2.5.7
|
9
|
+
- 2.6.5
|
10
|
+
- 2.7.0
|
11
11
|
|
12
12
|
gemfile:
|
13
|
-
- gemfiles/rails_4.2.gemfile
|
14
13
|
- gemfiles/rails_5.0.gemfile
|
15
14
|
- gemfiles/rails_5.1.gemfile
|
16
15
|
- gemfiles/rails_5.2.gemfile
|
17
|
-
|
18
|
-
before_install:
|
19
|
-
- gem update --system
|
16
|
+
- gemfiles/rails_6.0.gemfile
|
20
17
|
|
21
18
|
install:
|
22
19
|
- "bin/setup"
|
@@ -24,11 +21,8 @@ install:
|
|
24
21
|
branches:
|
25
22
|
only:
|
26
23
|
- master
|
27
|
-
- 2.0
|
28
24
|
|
29
25
|
matrix:
|
30
|
-
|
31
|
-
-
|
32
|
-
|
33
|
-
|
34
|
-
sudo: false
|
26
|
+
exclude:
|
27
|
+
- rvm: 2.4.9
|
28
|
+
gemfile: gemfiles/rails_6.0.gemfile
|
data/Appraisals
CHANGED
@@ -1,15 +1,23 @@
|
|
1
1
|
rails_versions = %w(
|
2
|
-
4.2
|
3
2
|
5.0
|
4
3
|
5.1
|
5
4
|
5.2
|
5
|
+
6.0
|
6
6
|
)
|
7
7
|
|
8
8
|
rails_versions.each do |version|
|
9
9
|
appraise "rails_#{version}" do
|
10
10
|
gem "railties", "~> #{version}.0"
|
11
|
-
|
12
|
-
|
11
|
+
gem "rails-controller-testing"
|
12
|
+
|
13
|
+
if Gem::Version.new(version) >= Gem::Version.new("6.0")
|
14
|
+
# TODO - Switch to 4.0 gem once release is made
|
15
|
+
gem 'rspec-rails', '~> 4.0.0.beta3'
|
16
|
+
gem 'sqlite3', '~> 1.4.0'
|
17
|
+
else
|
18
|
+
gem 'sqlite3', '~> 1.3.13'
|
19
|
+
gem 'rspec-rails', '~> 3.1'
|
13
20
|
end
|
21
|
+
|
14
22
|
end
|
15
23
|
end
|
data/Gemfile
CHANGED
@@ -3,15 +3,12 @@ source 'https://rubygems.org'
|
|
3
3
|
gemspec
|
4
4
|
|
5
5
|
gem 'addressable', '~> 2.6.0'
|
6
|
-
gem 'appraisal'
|
7
6
|
gem 'ammeter'
|
8
|
-
gem '
|
7
|
+
gem 'appraisal'
|
9
8
|
gem 'capybara', '>= 2.6.2'
|
10
9
|
gem 'database_cleaner', '~> 1.0'
|
11
10
|
gem 'factory_bot_rails', '~> 5.0'
|
12
11
|
gem 'nokogiri', '~> 1.10.0'
|
13
|
-
gem 'rspec-rails', '~> 3.1'
|
14
|
-
gem 'shoulda-matchers', '~> 4.0'
|
15
|
-
gem 'sqlite3', '~> 1.3.13'
|
16
|
-
gem 'timecop', '~> 0.6'
|
17
12
|
gem 'pry', require: false
|
13
|
+
gem 'shoulda-matchers', '~> 4.1'
|
14
|
+
gem 'timecop', '~> 0.6'
|
data/Gemfile.lock
CHANGED
@@ -1,146 +1,153 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (
|
5
|
-
actionmailer (>=
|
6
|
-
activemodel (>=
|
7
|
-
activerecord (>=
|
8
|
-
|
9
|
-
|
10
|
-
|
4
|
+
clearance (2.2.0)
|
5
|
+
actionmailer (>= 5.0)
|
6
|
+
activemodel (>= 5.0)
|
7
|
+
activerecord (>= 5.0)
|
8
|
+
argon2 (~> 2.0, >= 2.0.2)
|
9
|
+
bcrypt (>= 3.1.1)
|
10
|
+
email_validator (~> 2.0)
|
11
|
+
railties (>= 5.0)
|
11
12
|
|
12
13
|
GEM
|
13
14
|
remote: https://rubygems.org/
|
14
15
|
specs:
|
15
|
-
actionmailer (
|
16
|
-
actionpack (=
|
17
|
-
actionview (=
|
18
|
-
activejob (=
|
16
|
+
actionmailer (6.0.3.2)
|
17
|
+
actionpack (= 6.0.3.2)
|
18
|
+
actionview (= 6.0.3.2)
|
19
|
+
activejob (= 6.0.3.2)
|
19
20
|
mail (~> 2.5, >= 2.5.4)
|
20
21
|
rails-dom-testing (~> 2.0)
|
21
|
-
actionpack (
|
22
|
-
actionview (=
|
23
|
-
activesupport (=
|
24
|
-
rack (~> 2.0)
|
22
|
+
actionpack (6.0.3.2)
|
23
|
+
actionview (= 6.0.3.2)
|
24
|
+
activesupport (= 6.0.3.2)
|
25
|
+
rack (~> 2.0, >= 2.0.8)
|
25
26
|
rack-test (>= 0.6.3)
|
26
27
|
rails-dom-testing (~> 2.0)
|
27
|
-
rails-html-sanitizer (~> 1.0, >= 1.0
|
28
|
-
actionview (
|
29
|
-
activesupport (=
|
28
|
+
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
29
|
+
actionview (6.0.3.2)
|
30
|
+
activesupport (= 6.0.3.2)
|
30
31
|
builder (~> 3.1)
|
31
32
|
erubi (~> 1.4)
|
32
33
|
rails-dom-testing (~> 2.0)
|
33
|
-
rails-html-sanitizer (~> 1.
|
34
|
-
activejob (
|
35
|
-
activesupport (=
|
34
|
+
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
35
|
+
activejob (6.0.3.2)
|
36
|
+
activesupport (= 6.0.3.2)
|
36
37
|
globalid (>= 0.3.6)
|
37
|
-
activemodel (
|
38
|
-
activesupport (=
|
39
|
-
activerecord (
|
40
|
-
activemodel (=
|
41
|
-
activesupport (=
|
42
|
-
|
43
|
-
activesupport (5.2.3)
|
38
|
+
activemodel (6.0.3.2)
|
39
|
+
activesupport (= 6.0.3.2)
|
40
|
+
activerecord (6.0.3.2)
|
41
|
+
activemodel (= 6.0.3.2)
|
42
|
+
activesupport (= 6.0.3.2)
|
43
|
+
activesupport (6.0.3.2)
|
44
44
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
45
45
|
i18n (>= 0.7, < 2)
|
46
46
|
minitest (~> 5.1)
|
47
47
|
tzinfo (~> 1.1)
|
48
|
+
zeitwerk (~> 2.2, >= 2.2.2)
|
48
49
|
addressable (2.6.0)
|
49
50
|
public_suffix (>= 2.0.2, < 4.0)
|
50
51
|
ammeter (1.1.4)
|
51
52
|
activesupport (>= 3.0)
|
52
53
|
railties (>= 3.0)
|
53
54
|
rspec-rails (>= 2.2)
|
54
|
-
appraisal (2.
|
55
|
+
appraisal (2.3.0)
|
55
56
|
bundler
|
56
57
|
rake
|
57
58
|
thor (>= 0.14.0)
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
59
|
+
argon2 (2.0.2)
|
60
|
+
ffi (~> 1.9)
|
61
|
+
ffi-compiler (>= 0.1)
|
62
|
+
bcrypt (3.1.13)
|
63
|
+
builder (3.2.4)
|
64
|
+
capybara (3.33.0)
|
62
65
|
addressable
|
63
66
|
mini_mime (>= 0.1.3)
|
64
67
|
nokogiri (~> 1.8)
|
65
68
|
rack (>= 1.6.0)
|
66
69
|
rack-test (>= 0.6.3)
|
67
|
-
regexp_parser (~> 1.
|
70
|
+
regexp_parser (~> 1.5)
|
68
71
|
xpath (~> 3.2)
|
69
|
-
coderay (1.1.
|
70
|
-
concurrent-ruby (1.1.
|
71
|
-
crass (1.0.
|
72
|
-
database_cleaner (1.
|
73
|
-
diff-lcs (1.
|
74
|
-
email_validator (
|
72
|
+
coderay (1.1.3)
|
73
|
+
concurrent-ruby (1.1.6)
|
74
|
+
crass (1.0.6)
|
75
|
+
database_cleaner (1.8.5)
|
76
|
+
diff-lcs (1.4.4)
|
77
|
+
email_validator (2.0.1)
|
75
78
|
activemodel
|
76
|
-
erubi (1.
|
77
|
-
factory_bot (5.0
|
79
|
+
erubi (1.9.0)
|
80
|
+
factory_bot (5.2.0)
|
78
81
|
activesupport (>= 4.2.0)
|
79
|
-
factory_bot_rails (5.0
|
80
|
-
factory_bot (~> 5.
|
82
|
+
factory_bot_rails (5.2.0)
|
83
|
+
factory_bot (~> 5.2.0)
|
81
84
|
railties (>= 4.2.0)
|
85
|
+
ffi (1.13.1)
|
86
|
+
ffi-compiler (1.0.1)
|
87
|
+
ffi (>= 1.0.0)
|
88
|
+
rake
|
82
89
|
globalid (0.4.2)
|
83
90
|
activesupport (>= 4.2.0)
|
84
|
-
i18n (1.
|
91
|
+
i18n (1.8.3)
|
85
92
|
concurrent-ruby (~> 1.0)
|
86
|
-
loofah (2.
|
93
|
+
loofah (2.6.0)
|
87
94
|
crass (~> 1.0.2)
|
88
95
|
nokogiri (>= 1.5.9)
|
89
96
|
mail (2.7.1)
|
90
97
|
mini_mime (>= 0.1.1)
|
91
|
-
method_source (0.
|
92
|
-
mini_mime (1.0.
|
98
|
+
method_source (1.0.0)
|
99
|
+
mini_mime (1.0.2)
|
93
100
|
mini_portile2 (2.4.0)
|
94
|
-
minitest (5.
|
95
|
-
nokogiri (1.10.
|
101
|
+
minitest (5.14.1)
|
102
|
+
nokogiri (1.10.10)
|
96
103
|
mini_portile2 (~> 2.4.0)
|
97
|
-
pry (0.
|
98
|
-
coderay (~> 1.1
|
99
|
-
method_source (~>
|
100
|
-
public_suffix (3.
|
101
|
-
rack (2.
|
104
|
+
pry (0.13.1)
|
105
|
+
coderay (~> 1.1)
|
106
|
+
method_source (~> 1.0)
|
107
|
+
public_suffix (3.1.1)
|
108
|
+
rack (2.2.3)
|
102
109
|
rack-test (1.1.0)
|
103
110
|
rack (>= 1.0, < 3)
|
104
111
|
rails-dom-testing (2.0.3)
|
105
112
|
activesupport (>= 4.2.0)
|
106
113
|
nokogiri (>= 1.6)
|
107
|
-
rails-html-sanitizer (1.0
|
108
|
-
loofah (~> 2.
|
109
|
-
railties (
|
110
|
-
actionpack (=
|
111
|
-
activesupport (=
|
114
|
+
rails-html-sanitizer (1.3.0)
|
115
|
+
loofah (~> 2.3)
|
116
|
+
railties (6.0.3.2)
|
117
|
+
actionpack (= 6.0.3.2)
|
118
|
+
activesupport (= 6.0.3.2)
|
112
119
|
method_source
|
113
120
|
rake (>= 0.8.7)
|
114
|
-
thor (>= 0.
|
115
|
-
rake (
|
116
|
-
regexp_parser (1.
|
117
|
-
rspec-core (3.
|
118
|
-
rspec-support (~> 3.
|
119
|
-
rspec-expectations (3.
|
121
|
+
thor (>= 0.20.3, < 2.0)
|
122
|
+
rake (13.0.1)
|
123
|
+
regexp_parser (1.7.1)
|
124
|
+
rspec-core (3.9.2)
|
125
|
+
rspec-support (~> 3.9.3)
|
126
|
+
rspec-expectations (3.9.2)
|
120
127
|
diff-lcs (>= 1.2.0, < 2.0)
|
121
|
-
rspec-support (~> 3.
|
122
|
-
rspec-mocks (3.
|
128
|
+
rspec-support (~> 3.9.0)
|
129
|
+
rspec-mocks (3.9.1)
|
123
130
|
diff-lcs (>= 1.2.0, < 2.0)
|
124
|
-
rspec-support (~> 3.
|
125
|
-
rspec-rails (
|
126
|
-
actionpack (>=
|
127
|
-
activesupport (>=
|
128
|
-
railties (>=
|
129
|
-
rspec-core (~> 3.
|
130
|
-
rspec-expectations (~> 3.
|
131
|
-
rspec-mocks (~> 3.
|
132
|
-
rspec-support (~> 3.
|
133
|
-
rspec-support (3.
|
134
|
-
shoulda-matchers (4.0
|
131
|
+
rspec-support (~> 3.9.0)
|
132
|
+
rspec-rails (4.0.1)
|
133
|
+
actionpack (>= 4.2)
|
134
|
+
activesupport (>= 4.2)
|
135
|
+
railties (>= 4.2)
|
136
|
+
rspec-core (~> 3.9)
|
137
|
+
rspec-expectations (~> 3.9)
|
138
|
+
rspec-mocks (~> 3.9)
|
139
|
+
rspec-support (~> 3.9)
|
140
|
+
rspec-support (3.9.3)
|
141
|
+
shoulda-matchers (4.3.0)
|
135
142
|
activesupport (>= 4.2.0)
|
136
|
-
|
137
|
-
thor (0.20.3)
|
143
|
+
thor (1.0.1)
|
138
144
|
thread_safe (0.3.6)
|
139
145
|
timecop (0.9.1)
|
140
|
-
tzinfo (1.2.
|
146
|
+
tzinfo (1.2.7)
|
141
147
|
thread_safe (~> 0.1)
|
142
148
|
xpath (3.2.0)
|
143
149
|
nokogiri (~> 1.8)
|
150
|
+
zeitwerk (2.3.1)
|
144
151
|
|
145
152
|
PLATFORMS
|
146
153
|
ruby
|
@@ -149,17 +156,14 @@ DEPENDENCIES
|
|
149
156
|
addressable (~> 2.6.0)
|
150
157
|
ammeter
|
151
158
|
appraisal
|
152
|
-
bundler (~> 1.3)
|
153
159
|
capybara (>= 2.6.2)
|
154
160
|
clearance!
|
155
161
|
database_cleaner (~> 1.0)
|
156
162
|
factory_bot_rails (~> 5.0)
|
157
163
|
nokogiri (~> 1.10.0)
|
158
164
|
pry
|
159
|
-
|
160
|
-
shoulda-matchers (~> 4.0)
|
161
|
-
sqlite3 (~> 1.3.13)
|
165
|
+
shoulda-matchers (~> 4.1)
|
162
166
|
timecop (~> 0.6)
|
163
167
|
|
164
168
|
BUNDLED WITH
|
165
|
-
1.
|
169
|
+
2.1.2
|
data/NEWS.md
CHANGED
@@ -3,6 +3,93 @@
|
|
3
3
|
The noteworthy changes for each Clearance version are included here. For a
|
4
4
|
complete changelog, see the git history for each version via the version links.
|
5
5
|
|
6
|
+
## [2.2.0] - July 9, 2020
|
7
|
+
|
8
|
+
### Added
|
9
|
+
|
10
|
+
- Add an Argon2 password strategy
|
11
|
+
|
12
|
+
### Fixed
|
13
|
+
|
14
|
+
- Use strings instead of classes on guard classes, avoids Rails deprecation
|
15
|
+
warning.
|
16
|
+
- Use `find_by` style for finders, improves neo4j support
|
17
|
+
- Provide explicit case sensitivity option for email uniqueness, avoid Rails
|
18
|
+
deprecation warning.
|
19
|
+
|
20
|
+
[2.2.0]: https://github.com/thoughtbot/clearance/compare/v2.1.0...v2.2.0
|
21
|
+
|
22
|
+
## [2.1.0] - December 19, 2019
|
23
|
+
|
24
|
+
### Added
|
25
|
+
|
26
|
+
- Add a `parent_controller` configuration option to specify the controller that
|
27
|
+
Clearance's `BaseController` will inherit from. Defaults to a value of
|
28
|
+
`ApplicationController`.
|
29
|
+
- Use the configured `primary_key_type` from the Active Record settings of the
|
30
|
+
project including Clearance, if it is set, while generating migrations. For
|
31
|
+
example, a setting of `:uuid` in a Rails app using Clearance will cause the
|
32
|
+
clearance-generated migrations to use this for the `users` table id type.
|
33
|
+
|
34
|
+
### Fixed
|
35
|
+
|
36
|
+
- Delete cookies correctly when a custom domain setting is being used.
|
37
|
+
- Do not set the authorization cookie on requests which did not exercise the
|
38
|
+
authorization code. Reduces the chances of leaving an auth cookie in a
|
39
|
+
publicly cacheable page that didn't require authorization to access.
|
40
|
+
|
41
|
+
### Changed
|
42
|
+
|
43
|
+
- Update the `email_validator` gem to a newer version embrace the more relaxed
|
44
|
+
email validation options which it now defaults to.
|
45
|
+
- When a password reset request is submitted without an email address, a flash
|
46
|
+
alert is now provided. Previously this continued silently as though it had
|
47
|
+
worked. We still proceed that way when there is an invalid (but present)
|
48
|
+
value, so as not to reveal existent vs. non-existent emails in the database.
|
49
|
+
|
50
|
+
### Removed
|
51
|
+
|
52
|
+
- Remove an unused route to `passwords#create` nested under `users`.
|
53
|
+
- No longer include the (rarely used in practice) application layout as part of
|
54
|
+
the views installer; but continue to provide some stock sign-in/out and flash
|
55
|
+
partial code in the gem installation README output.
|
56
|
+
|
57
|
+
### Deprecated
|
58
|
+
|
59
|
+
- Remove the existing deprecation notice around the `rotate_csrf_on_sign_in`
|
60
|
+
setting, and make that setting default to true.
|
61
|
+
|
62
|
+
[2.1.0]: https://github.com/thoughtbot/clearance/compare/v2.0.0...v2.1.0
|
63
|
+
|
64
|
+
## [2.0.0] - November 12, 2019
|
65
|
+
|
66
|
+
### Added
|
67
|
+
|
68
|
+
- Add support for Rails version 6
|
69
|
+
- Allow `cookie_domain` to be configured with a lambda for custom configuration
|
70
|
+
- Add ability to configure BCrypt computational cost of hash calculation.
|
71
|
+
- Add `same_site` configuration option for increased CSRF protection.
|
72
|
+
|
73
|
+
### Fixed
|
74
|
+
|
75
|
+
- Fix issue where invalid params could raise `NoMethodError` when updating and
|
76
|
+
resetting passwords.
|
77
|
+
- The backdoor auth mechanism now supports scenarios where `Rails.env` has been
|
78
|
+
configured via env variables other than `RAILS_ENV` (`RACK_ENV` for example).
|
79
|
+
|
80
|
+
### Removed
|
81
|
+
|
82
|
+
- Removed support for Ruby versions older than 2.4
|
83
|
+
- Removed support for Rails versions older than 5.0
|
84
|
+
- Removed all deprecated code from Clearance 1.x
|
85
|
+
|
86
|
+
### Changed
|
87
|
+
|
88
|
+
- Flash messages now use `flash[:alert]` rather than `flash[:notice]` as they
|
89
|
+
were used as errors more often than notices.
|
90
|
+
|
91
|
+
[2.0.0]: https://github.com/thoughtbot/clearance/compare/v1.17.0...v2.0.0
|
92
|
+
|
6
93
|
## [1.17.0] - April 11, 2019
|
7
94
|
|
8
95
|
### Changed
|
@@ -17,11 +104,13 @@ complete changelog, see the git history for each version via the version links.
|
|
17
104
|
## [1.16.2] - February 25, 2019
|
18
105
|
|
19
106
|
### Fixed
|
107
|
+
|
20
108
|
- Added missing translation keys
|
21
109
|
- Fix issue where a cookie value could be set more than once when interacting
|
22
110
|
with the `httponly` option
|
23
111
|
|
24
112
|
### Changed
|
113
|
+
|
25
114
|
- Remove Rails as a dependency so that clearance does not trigger a cascade of
|
26
115
|
requirements as rails pulls in every framework. Instead, depend on just the
|
27
116
|
frameworks relevant to Clearance.
|
@@ -32,6 +121,7 @@ complete changelog, see the git history for each version via the version links.
|
|
32
121
|
## [1.16.1] - November 2, 2017
|
33
122
|
|
34
123
|
### Fixed
|
124
|
+
|
35
125
|
- Fixed issue where tokens from abandoned password reset attempts were stored in
|
36
126
|
the session, preventing newly generated password reset tokens from working.
|
37
127
|
- Improve compatibility with Rails API projects by calling `helper_method` only
|
@@ -46,6 +136,7 @@ complete changelog, see the git history for each version via the version links.
|
|
46
136
|
## [1.16.0] - January 16, 2017
|
47
137
|
|
48
138
|
### Security
|
139
|
+
|
49
140
|
- Clearance users can now help prevent [session fixation attacks] by setting
|
50
141
|
`Clearance.configuration.rotate_csrf_on_sign_in` to `true`. This will cause
|
51
142
|
the user's CSRF token to be rotated on sign in and is recommended for all
|
@@ -59,6 +150,7 @@ complete changelog, see the git history for each version via the version links.
|
|
59
150
|
## [1.15.1] - October 6, 2016
|
60
151
|
|
61
152
|
### Fixed
|
153
|
+
|
62
154
|
- Password reset form redirect no longer uses a named route helper, which means
|
63
155
|
it will work for developers that have customized their routes.
|
64
156
|
|
@@ -67,15 +159,17 @@ complete changelog, see the git history for each version via the version links.
|
|
67
159
|
## [1.15.0] - September 26, 2016
|
68
160
|
|
69
161
|
### Security
|
162
|
+
|
70
163
|
- Prevent possible password reset token leak to external sites linked to on the
|
71
164
|
password reset page. See [PR #707] for more information.
|
72
165
|
|
73
|
-
[
|
166
|
+
[pr #707]: https://github.com/thoughtbot/clearance/pull/707
|
74
167
|
[1.15.0]: https://github.com/thoughtbot/clearance/compare/v1.14.2...v1.15.0
|
75
168
|
|
76
169
|
## [1.14.2] - August 10, 2016
|
77
170
|
|
78
171
|
### Fixed
|
172
|
+
|
79
173
|
- Fixed incompatibility with `attr_encrypted` gem by inlining the body of the
|
80
174
|
`encrypt` helper method used in the BCrypt password strategy.
|
81
175
|
|
@@ -84,6 +178,7 @@ complete changelog, see the git history for each version via the version links.
|
|
84
178
|
## [1.14.1] - May 12, 2016
|
85
179
|
|
86
180
|
### Fixed
|
181
|
+
|
87
182
|
- Fixed insertion of `include Clearance::User` when running the install
|
88
183
|
generator in an app that already has a `User` model.
|
89
184
|
- Updated `deny_access` matcher to assert against configured redirect location
|
@@ -94,11 +189,13 @@ complete changelog, see the git history for each version via the version links.
|
|
94
189
|
## [1.14.0] - April 29, 2016
|
95
190
|
|
96
191
|
### Added
|
192
|
+
|
97
193
|
- `Clearance::BackDoor` now accepts a block, allowing the user for a test to be
|
98
194
|
looked up by a parameter other than `id` if you have overridden `to_param` for
|
99
195
|
the `User` model.
|
100
196
|
|
101
197
|
### Fixed
|
198
|
+
|
102
199
|
- We now correctly track the dirty state of `User#encrypted_password`, which
|
103
200
|
fixes custom validations on `User#password` (e.g. validating password length)
|
104
201
|
that were conditional on the password actually changing.
|
@@ -107,6 +204,7 @@ complete changelog, see the git history for each version via the version links.
|
|
107
204
|
have a `User` model.
|
108
205
|
|
109
206
|
### Deprecated
|
207
|
+
|
110
208
|
- `User#password_changing` is deprecated in favor of automatic dirty tracking on
|
111
209
|
`encrypted_password` and `password`. If you are calling this in your
|
112
210
|
application you should be able to remove it.
|
@@ -116,9 +214,11 @@ complete changelog, see the git history for each version via the version links.
|
|
116
214
|
## [1.13.0] - March 4, 2016
|
117
215
|
|
118
216
|
### Added
|
217
|
+
|
119
218
|
- Clearance now supports Rails 5.0.0.beta3 and newer.
|
120
219
|
|
121
220
|
### Fixed
|
221
|
+
|
122
222
|
- Clearance will now infer the parameter name to use when accessing user
|
123
223
|
parameters in a request. This previously used `:user`, which was incorrect for
|
124
224
|
customized user models.
|
@@ -129,14 +229,16 @@ complete changelog, see the git history for each version via the version links.
|
|
129
229
|
## [1.12.1] - January 7, 2016
|
130
230
|
|
131
231
|
### Fixed
|
132
|
-
|
133
|
-
|
232
|
+
|
233
|
+
- Fixed the `create_users` migration generated
|
234
|
+
by `rails generate clearance:install` under Rails 3.x.
|
134
235
|
|
135
236
|
[1.12.1]: https://github.com/thoughtbot/clearance/compare/v1.12.0...v1.12.1
|
136
237
|
|
137
238
|
## [1.12.0] - November 17, 2015
|
138
239
|
|
139
240
|
### Added
|
241
|
+
|
140
242
|
- Users will now see a flash message when redirected to sign in by
|
141
243
|
`require_login`. This I18n key for this message is
|
142
244
|
`flashes.failure_when_not_signed_in` and defaults to "Please sign in to
|
@@ -144,6 +246,7 @@ complete changelog, see the git history for each version via the version links.
|
|
144
246
|
- Added significant API documentation. API documentation effort is ongoing.
|
145
247
|
|
146
248
|
### Fixed
|
249
|
+
|
147
250
|
- Fixed expectation in the generated `visitor_resets_password_spec.rb` file.
|
148
251
|
- Corrected indentation of routes inserted by the routes generator.
|
149
252
|
- Corrected indentation of `include Clearance::User` when the install generator
|
@@ -154,17 +257,20 @@ complete changelog, see the git history for each version via the version links.
|
|
154
257
|
## [1.11.0] - August 21, 2015
|
155
258
|
|
156
259
|
### Added
|
260
|
+
|
157
261
|
- Add `sign_in` and `sign_in_as` helper methods to view specs. These helpers
|
158
262
|
avoid errors from verified partial doubles that come from. See
|
159
263
|
[462c009].
|
160
264
|
|
161
265
|
### Fixed
|
266
|
+
|
162
267
|
- `clearance:routes` generator now properly disables internal routes in your
|
163
268
|
Clearance initializer.
|
164
269
|
- Clearance now accesses the cookie jar via ActionDispatch::Request rather than
|
165
270
|
`Rack::Request`. This is more consistent with what Rails does internally.
|
166
271
|
|
167
272
|
### Deprecated
|
273
|
+
|
168
274
|
- `Clearance::Testing::Helpers` has been deprecated in favor of
|
169
275
|
`Clearance::Testing::ControllerHelpers`. Most users are accessing these
|
170
276
|
helpers by requiring `clearance/rspec` or `clearance/test_unit` and should be
|
@@ -176,6 +282,7 @@ complete changelog, see the git history for each version via the version links.
|
|
176
282
|
## [1.10.1] - May 15, 2015
|
177
283
|
|
178
284
|
### Deprecated
|
285
|
+
|
179
286
|
- All clearance-provided password strategies other than BCrypt have been
|
180
287
|
deprecated. You can continue to use those strategies without a deprecation
|
181
288
|
warning by adding `clearance-deprecated_password_strategies` to your Gemfile.
|
@@ -185,12 +292,14 @@ complete changelog, see the git history for each version via the version links.
|
|
185
292
|
## [1.9.0] - April 3, 2015
|
186
293
|
|
187
294
|
### Added
|
295
|
+
|
188
296
|
- The change password mailer now produces a multipart message which includes a
|
189
297
|
text part along with the previously existing HTML part. To override the text
|
190
298
|
part, add `change_password.text.erb` alongside your `change_password.html.erb`
|
191
299
|
file.
|
192
300
|
|
193
301
|
### Fixed
|
302
|
+
|
194
303
|
- Custom `user_model` configured in a Rails initializer will now be reloaded in
|
195
304
|
development mode.
|
196
305
|
- Change password template now contains "Change my password" link text to
|
@@ -201,10 +310,12 @@ complete changelog, see the git history for each version via the version links.
|
|
201
310
|
## [1.8.1] - March 3, 2015
|
202
311
|
|
203
312
|
### Security
|
313
|
+
|
204
314
|
- Enable cross-site request forgery protection on `sessions#create`. See
|
205
315
|
[7f5d56e](https://github.com/thoughtbot/clearance/commit/7f5d56ed3a51aca14fa60247a90ca0cd11db0e0d).
|
206
316
|
|
207
317
|
### Fixed
|
318
|
+
|
208
319
|
- All methods included by `Clearance::Controller` are now excluded from
|
209
320
|
`action_methods`.
|
210
321
|
|
@@ -213,10 +324,12 @@ complete changelog, see the git history for each version via the version links.
|
|
213
324
|
## [1.8.0] - January 23, 2015
|
214
325
|
|
215
326
|
### Added
|
327
|
+
|
216
328
|
- The remember token cookie name is now customizable via
|
217
329
|
`Clearance.configuration.cookie_name`.
|
218
330
|
|
219
331
|
### Fixed
|
332
|
+
|
220
333
|
- Fixed a redirect loop on the sign in page for applications that are still
|
221
334
|
using the deprecated `authorize` filter.
|
222
335
|
- Signed in users that attempt to visit the sign in path are now redirected. The
|
@@ -224,6 +337,7 @@ complete changelog, see the git history for each version via the version links.
|
|
224
337
|
can be customized by overriding `passwords_controller#url_for_signed_in_users`
|
225
338
|
|
226
339
|
### Deprecated
|
340
|
+
|
227
341
|
- `users_controller#avoid_sign_in` is now deprecated in favor of
|
228
342
|
`redirect_signed_in_users` which is more accurately named.
|
229
343
|
|
@@ -232,9 +346,11 @@ complete changelog, see the git history for each version via the version links.
|
|
232
346
|
## [1.7.0] - January, 8, 2015
|
233
347
|
|
234
348
|
### Fixed
|
349
|
+
|
235
350
|
- Fix the negation of the `deny_access` matcher in Rails 4.0.x on Ruby 2.2
|
236
351
|
|
237
352
|
### Deprecated
|
353
|
+
|
238
354
|
- The `authorize` filter has been deprecated in favor of `require_login`. Update
|
239
355
|
all reference to the filter including any calls to `skip_before_filter` or
|
240
356
|
`skip_before_action`.
|
@@ -246,6 +362,7 @@ complete changelog, see the git history for each version via the version links.
|
|
246
362
|
## [1.6.1] - January 6, 2015
|
247
363
|
|
248
364
|
### Fixed
|
365
|
+
|
249
366
|
- Secure cookies are no longer overwritten when the user visits a non-HTTPS URL.
|
250
367
|
|
251
368
|
[1.6.1]: https://github.com/thoughtbot/clearance/compare/v1.6.0...v1.6.1
|
@@ -253,6 +370,7 @@ complete changelog, see the git history for each version via the version links.
|
|
253
370
|
## [1.6.0] - December 20, 2014
|
254
371
|
|
255
372
|
### Added
|
373
|
+
|
256
374
|
- When using Rails 4.2, password reset emails are sent with the
|
257
375
|
ActiveJob-compatible `#deliver_later` method.
|
258
376
|
|
@@ -261,6 +379,7 @@ complete changelog, see the git history for each version via the version links.
|
|
261
379
|
## [1.5.1] - December 19, 2014
|
262
380
|
|
263
381
|
### Fixed
|
382
|
+
|
264
383
|
- Blowfish password strategy fixed
|
265
384
|
- Specs generated with `rails generate clearance:specs` now work properly in
|
266
385
|
RSpec 3 projects.
|
@@ -270,6 +389,7 @@ complete changelog, see the git history for each version via the version links.
|
|
270
389
|
## [1.5.0] - October 17, 2014
|
271
390
|
|
272
391
|
### Added
|
392
|
+
|
273
393
|
- Disable clearance routes by setting `config.routes = false`.
|
274
394
|
- Running `rails generate clearance:routes` will dump the default set of
|
275
395
|
routes to your application's routes file for modification.
|
@@ -279,6 +399,7 @@ complete changelog, see the git history for each version via the version links.
|
|
279
399
|
## [1.4.3] - October 3, 2014
|
280
400
|
|
281
401
|
### Fixed
|
402
|
+
|
282
403
|
- Routing constraints act appropriately when session data is missing.
|
283
404
|
|
284
405
|
[1.4.3]: https://github.com/thoughtbot/clearance/compare/v1.4.2...v1.4.3
|
@@ -286,6 +407,7 @@ complete changelog, see the git history for each version via the version links.
|
|
286
407
|
## [1.4.2] - September 13, 2014
|
287
408
|
|
288
409
|
### Fixed
|
410
|
+
|
289
411
|
- Eliminate deprecation message when using DenyAccess matcher with RSpec 3.
|
290
412
|
|
291
413
|
[1.4.2]: https://github.com/thoughtbot/clearance/compare/v1.4.1...v1.4.2
|
@@ -293,6 +415,7 @@ complete changelog, see the git history for each version via the version links.
|
|
293
415
|
## [1.4.1] - September 5, 2014
|
294
416
|
|
295
417
|
### Fixed
|
418
|
+
|
296
419
|
- Prevent BCrypt strategy from raising an exception when `encypted_password`
|
297
420
|
is nil.
|
298
421
|
|
@@ -301,17 +424,20 @@ complete changelog, see the git history for each version via the version links.
|
|
301
424
|
## [1.4.0] - July 18, 2014
|
302
425
|
|
303
426
|
### Added
|
427
|
+
|
304
428
|
- `user_params` method was added to `Clearance::UsersController` which provides
|
305
429
|
a convenient place to override the parameters used when creating users.
|
306
430
|
- Controllers now inherit from `Clearance::BaseController` to allow for easily
|
307
431
|
adding behavior to all of them.
|
308
432
|
|
309
433
|
### Changed
|
434
|
+
|
310
435
|
- The sign out link in the default application layout has been replaced with a
|
311
436
|
semantically correct sign out button. This also removes an unnecessary
|
312
437
|
JavaScript dependency.
|
313
438
|
|
314
439
|
### Fixed
|
440
|
+
|
315
441
|
- Clearance now uses `original_fullpath` when redirecting to a saved URL after
|
316
442
|
login. This should improve the behavior in mounted engines.
|
317
443
|
|
@@ -320,6 +446,7 @@ complete changelog, see the git history for each version via the version links.
|
|
320
446
|
## [1.3.0] - March 14, 2014
|
321
447
|
|
322
448
|
### Added
|
449
|
+
|
323
450
|
- Installing Clearance with an existing User model will now create a migration
|
324
451
|
that includes adding remember tokens to all existing user records.
|
325
452
|
|
@@ -328,6 +455,7 @@ complete changelog, see the git history for each version via the version links.
|
|
328
455
|
## [1.2.1] - March 6, 2014
|
329
456
|
|
330
457
|
### Fixed
|
458
|
+
|
331
459
|
- Query string is now included in the redirect URL when Clearance redirects to a
|
332
460
|
previously stored URL.
|
333
461
|
|
@@ -336,10 +464,12 @@ complete changelog, see the git history for each version via the version links.
|
|
336
464
|
## [1.2.0] - February 28, 2014
|
337
465
|
|
338
466
|
### Added
|
467
|
+
|
339
468
|
- Support for Rails 4.1.0.rc1
|
340
469
|
- Sign in can now be disabled with `config.allow_sign_in = false`
|
341
470
|
|
342
471
|
### Changed
|
472
|
+
|
343
473
|
- Sign in failure message is now customized exclusively via I18n.
|
344
474
|
`SessionsController#flash_failure_after_create` is no longer called. To
|
345
475
|
customize the message, change the
|
@@ -347,6 +477,7 @@ complete changelog, see the git history for each version via the version links.
|
|
347
477
|
`flashes.failure_after_create` key.
|
348
478
|
|
349
479
|
### Deprecated
|
480
|
+
|
350
481
|
- `clearance/testing` is now deprecated. Require `clearance/rspec` or
|
351
482
|
`clearance/test_unit` as appropriate.
|
352
483
|
|
@@ -355,8 +486,9 @@ complete changelog, see the git history for each version via the version links.
|
|
355
486
|
## [1.1.0] - November 21, 2013
|
356
487
|
|
357
488
|
### Added
|
489
|
+
|
358
490
|
- Validate email with `EmailValidator` [strict mode][strict].
|
359
|
-
- The `cookie_expiration` configuration lambda can now be called with
|
491
|
+
- The `cookie_expiration` configuration lambda can now be called with a
|
360
492
|
`cookies` parameter. Allows the Clearance cookie expiration to be set
|
361
493
|
according to the value of another cookie (such as `remember_me`).
|
362
494
|
- Allow cookie domain and path configuration.
|
@@ -365,9 +497,11 @@ complete changelog, see the git history for each version via the version links.
|
|
365
497
|
[strict]: https://github.com/balexand/email_validator#strict-mode
|
366
498
|
|
367
499
|
### Fixed
|
500
|
+
|
368
501
|
- Don't allow logins with blank `remember_token`.
|
369
502
|
|
370
503
|
### Deprecated
|
504
|
+
|
371
505
|
- A `cookie_expiration` lambda that does not accept this `cookies`
|
372
506
|
parameter has been deprecated.
|
373
507
|
|
@@ -376,6 +510,7 @@ complete changelog, see the git history for each version via the version links.
|
|
376
510
|
## [1.0.1] - August 9, 2013
|
377
511
|
|
378
512
|
### Fixed
|
513
|
+
|
379
514
|
- Fix an issue when trying to sign in with `nil`
|
380
515
|
|
381
516
|
[1.0.1]: https://github.com/thoughtbot/clearance/compare/v1.0.0...v1.1.1
|
@@ -383,6 +518,7 @@ complete changelog, see the git history for each version via the version links.
|
|
383
518
|
## [1.0.0] - August 1, 2013
|
384
519
|
|
385
520
|
### Added
|
521
|
+
|
386
522
|
- Support Rails 4.
|
387
523
|
- Speed up test suites using `::BCrypt::Engine::MIN_COST`.
|
388
524
|
- Speed up integration suites with `Clearance::BackDoor`.
|
@@ -396,6 +532,7 @@ complete changelog, see the git history for each version via the version links.
|
|
396
532
|
- Add `secure_cookie` configuration option.
|
397
533
|
|
398
534
|
### Changed
|
535
|
+
|
399
536
|
- Change default password strategy to BCrypt.
|
400
537
|
- Replace email regular expression with `EmailValidator` gem.
|
401
538
|
- Require > Ruby 1.9.
|
@@ -407,12 +544,14 @@ complete changelog, see the git history for each version via the version links.
|
|
407
544
|
to avoid locale conflicts.
|
408
545
|
|
409
546
|
### Fixed
|
547
|
+
|
410
548
|
- Improve security when changing password.
|
411
549
|
- Reduce extra user lookups when adding cookie to headers.
|
412
550
|
- Unauthorized API requests return HTTP status 401 rather than a redirect
|
413
551
|
to the sign in page.
|
414
552
|
|
415
553
|
### Removed
|
554
|
+
|
416
555
|
- Remove deprecated methods on User: `remember_me!`, `generate_random_code`,
|
417
556
|
`password_required?`.
|
418
557
|
- Remove `unloadable` from controllers (Rails 4 bug fix in development
|
@@ -424,6 +563,7 @@ complete changelog, see the git history for each version via the version links.
|
|
424
563
|
## [0.16.2] - May 11, 2012
|
425
564
|
|
426
565
|
### Changed
|
566
|
+
|
427
567
|
- Change default email sender to `deploy@example.com`.
|
428
568
|
|
429
569
|
[0.16.2]: https://github.com/thoughtbot/clearance/compare/v0.16.1...v0.16.2
|
@@ -431,6 +571,7 @@ complete changelog, see the git history for each version via the version links.
|
|
431
571
|
## [0.16.1] - April 16, 2012
|
432
572
|
|
433
573
|
### Fixed
|
574
|
+
|
434
575
|
- Behave correctly when Rails whitelist attributes mass assignment
|
435
576
|
protection is turned on.
|
436
577
|
- Fix for Rails 3.2.x modifying the HTTP cookie headers in rack requests.
|
@@ -440,6 +581,7 @@ complete changelog, see the git history for each version via the version links.
|
|
440
581
|
## [0.16.0] - March 16, 2012
|
441
582
|
|
442
583
|
### Added
|
584
|
+
|
443
585
|
- Blowfish password encryption strategy.
|
444
586
|
|
445
587
|
[0.16.0]: https://github.com/thoughtbot/clearance/compare/v0.15.0...v0.16.0
|
@@ -447,9 +589,11 @@ complete changelog, see the git history for each version via the version links.
|
|
447
589
|
## [0.15.0] - February 3, 2012
|
448
590
|
|
449
591
|
### Added
|
592
|
+
|
450
593
|
- The `User` model can be swapped out using the `Clearance.configure` method.
|
451
594
|
|
452
595
|
### Removed
|
596
|
+
|
453
597
|
- Remove `User::InstanceMethods` to silence a Rails 3.2 deprecation warning.
|
454
598
|
|
455
599
|
[0.15.0]: https://github.com/thoughtbot/clearance/compare/v0.14.0...v0.15.0
|
@@ -457,6 +601,7 @@ complete changelog, see the git history for each version via the version links.
|
|
457
601
|
## [0.14.0] - January 13, 2012
|
458
602
|
|
459
603
|
### Added
|
604
|
+
|
460
605
|
- Support clearance session management from the Rack environment.
|
461
606
|
|
462
607
|
[0.14.0]: https://github.com/thoughtbot/clearance/compare/v0.13.2...v0.14.0
|
@@ -464,6 +609,7 @@ complete changelog, see the git history for each version via the version links.
|
|
464
609
|
## [0.13.2] - January 13, 2012
|
465
610
|
|
466
611
|
### Fixed
|
612
|
+
|
467
613
|
- Fixed the `deny_access` matcher.
|
468
614
|
|
469
615
|
[0.13.2]: https://github.com/thoughtbot/clearance/compare/v0.13.0...v0.13.2
|
@@ -471,6 +617,7 @@ complete changelog, see the git history for each version via the version links.
|
|
471
617
|
## [0.13.0] - October 11, 2011
|
472
618
|
|
473
619
|
### Changed
|
620
|
+
|
474
621
|
- In Clearance's optional generated features, use pure Capybara instead of
|
475
622
|
depending on Cucumber's removed `web_steps`, paths, and selectors.
|
476
623
|
- Extract SHA-1-specific code out of `User` into `PasswordStrategies` module.
|
@@ -482,6 +629,7 @@ complete changelog, see the git history for each version via the version links.
|
|
482
629
|
## [0.12.0] - June 30, 2011
|
483
630
|
|
484
631
|
### Changed
|
632
|
+
|
485
633
|
- Denying access redirects to `root_url` when signed in, `sign_in_url` when
|
486
634
|
signed out.
|
487
635
|
- Using flash `:notice` key everywhere now instead of `:success` and `:failure`.
|
@@ -497,10 +645,12 @@ complete changelog, see the git history for each version via the version links.
|
|
497
645
|
## [0.11.2] - June 29, 2011
|
498
646
|
|
499
647
|
### Added
|
648
|
+
|
500
649
|
- Rails 3.1.rc compatible.
|
501
650
|
- RSpec and Test::Unit compliant test matcher (`should deny_access`, etc)
|
502
651
|
|
503
652
|
### Removed
|
653
|
+
|
504
654
|
- No more Clearance `shoulda_macros`. Instead providing RSpec and
|
505
655
|
Test::Unit-compliant test matchers (`should deny_access`, etc).
|
506
656
|
|
@@ -509,13 +659,16 @@ complete changelog, see the git history for each version via the version links.
|
|
509
659
|
## [0.11.1] - April 30, 2011
|
510
660
|
|
511
661
|
### Added
|
662
|
+
|
512
663
|
- Redirect to home page after sign up.
|
513
664
|
|
514
665
|
### Fixed
|
666
|
+
|
515
667
|
- Removing `:case_sensitive` option from `validates_uniqueness_of`. It was
|
516
668
|
unnecessary and causes a small performance problem on some apps.
|
517
669
|
|
518
670
|
### Removed
|
671
|
+
|
519
672
|
- Remove dependency on `dynamic_form`. Replaced with flashes due to limited number
|
520
673
|
of failure cases.
|
521
674
|
|
@@ -524,14 +677,17 @@ complete changelog, see the git history for each version via the version links.
|
|
524
677
|
## [0.11.0] - April 24, 2011
|
525
678
|
|
526
679
|
### Added
|
680
|
+
|
527
681
|
- New `controller#authenticate(params)` method. Redefine username & password or
|
528
682
|
other styles of authentication.
|
529
683
|
|
530
684
|
### Changed
|
531
|
-
|
532
|
-
|
685
|
+
|
686
|
+
- `before_filter :authenticate` API replaced with more
|
687
|
+
aptly-named `before_filter :authorize`.
|
533
688
|
|
534
689
|
### Removed
|
690
|
+
|
535
691
|
- Removing password confirmation.
|
536
692
|
|
537
693
|
[0.11.0]: https://github.com/thoughtbot/clearance/compare/v0.10.5...v0.11.0
|
@@ -539,6 +695,7 @@ complete changelog, see the git history for each version via the version links.
|
|
539
695
|
## [0.10.5] - April 19, 2011
|
540
696
|
|
541
697
|
### Security
|
698
|
+
|
542
699
|
- Closing CSRF hole for Rails >= 3.0.4 apps.
|
543
700
|
|
544
701
|
[0.10.5]: https://github.com/thoughtbot/clearance/compare/v0.10.4...v0.10.5
|
@@ -546,15 +703,19 @@ complete changelog, see the git history for each version via the version links.
|
|
546
703
|
## [0.10.4] - April 16, 2011
|
547
704
|
|
548
705
|
### Added
|
706
|
+
|
549
707
|
- Use HTML5 email fields.
|
550
708
|
|
551
709
|
### Changed
|
710
|
+
|
552
711
|
- Emails forced to be downcased (particularly for iPhone user case).
|
553
712
|
|
554
713
|
### Fixed
|
714
|
+
|
555
715
|
- Password reset requires a password.
|
556
716
|
|
557
717
|
### Removed
|
718
|
+
|
558
719
|
- Formtastic views generator removed.
|
559
720
|
|
560
721
|
[0.10.4]: https://github.com/thoughtbot/clearance/compare/v0.10.3.2...v0.10.4
|
@@ -562,6 +723,7 @@ complete changelog, see the git history for each version via the version links.
|
|
562
723
|
## [0.10.3.2] - March 6, 2011
|
563
724
|
|
564
725
|
### Fixed
|
726
|
+
|
565
727
|
- Fix gemspec to include all necessary files.
|
566
728
|
|
567
729
|
[0.10.3.2]: https://github.com/thoughtbot/clearance/compare/v0.10.3.1...v0.10.3.2
|
@@ -569,6 +731,7 @@ complete changelog, see the git history for each version via the version links.
|
|
569
731
|
## [0.10.3.1] - February 20, 2011
|
570
732
|
|
571
733
|
### Fixed
|
734
|
+
|
572
735
|
- Ensure everything within features inside any engine directory is included in
|
573
736
|
the `gemspec`.
|
574
737
|
|
@@ -577,6 +740,7 @@ complete changelog, see the git history for each version via the version links.
|
|
577
740
|
## [0.10.3] - February 19, 2011
|
578
741
|
|
579
742
|
### Fixed
|
743
|
+
|
580
744
|
- Include features/engines in `gemspec` file list so generator works as
|
581
745
|
expected.
|
582
746
|
|
@@ -585,11 +749,13 @@ complete changelog, see the git history for each version via the version links.
|
|
585
749
|
## [0.10.2] - February 18, 2011
|
586
750
|
|
587
751
|
### Added
|
752
|
+
|
588
753
|
- New generator command: `rails generate clearance:install`.
|
589
754
|
- When Clearance installed in an app that already has users, allow old users to
|
590
755
|
sign in by resetting their password.
|
591
756
|
|
592
757
|
### Changed
|
758
|
+
|
593
759
|
- Step definitions are now prefixed with `visitor_` to use thoughtbot
|
594
760
|
convention.
|
595
761
|
|
@@ -598,6 +764,7 @@ complete changelog, see the git history for each version via the version links.
|
|
598
764
|
## [0.10.1] - February 9, 2011
|
599
765
|
|
600
766
|
### Fixed
|
767
|
+
|
601
768
|
- Replaced `ActionController::Forbidden` with a user-friendly flash message.
|
602
769
|
|
603
770
|
[0.10.1]: https://github.com/thoughtbot/clearance/compare/v0.10.0...v0.10.1
|
@@ -605,9 +772,11 @@ complete changelog, see the git history for each version via the version links.
|
|
605
772
|
## [0.10.0] - June 29, 2010
|
606
773
|
|
607
774
|
### Added
|
775
|
+
|
608
776
|
- Better email validation regular expression.
|
609
777
|
|
610
778
|
### Removed
|
779
|
+
|
611
780
|
- Removed email confirmation step, was mostly a hassle and can always be added
|
612
781
|
back in at the application level (instead of engine level) if necessary.
|
613
782
|
- Removed `disable_with` on forms since it does not allow IE users to submit
|
@@ -618,6 +787,7 @@ complete changelog, see the git history for each version via the version links.
|
|
618
787
|
## [0.9.1] - June 29, 2010
|
619
788
|
|
620
789
|
### Added
|
790
|
+
|
621
791
|
- This release supports Rails 3, capybara, and shoulda 2.10+.
|
622
792
|
|
623
793
|
[0.9.1]: https://github.com/thoughtbot/clearance/compare/v0.9.0...v0.9.1
|
@@ -625,9 +795,11 @@ complete changelog, see the git history for each version via the version links.
|
|
625
795
|
## [0.9.0] - June 11, 2010
|
626
796
|
|
627
797
|
### Added
|
798
|
+
|
628
799
|
- Allow customization of cookie duration.
|
629
800
|
|
630
801
|
### Changed
|
802
|
+
|
631
803
|
- Removed unnecessary db index.
|
632
804
|
|
633
805
|
[0.9.0]: https://github.com/thoughtbot/clearance/compare/v0.8.8...v0.9.0
|
@@ -635,6 +807,7 @@ complete changelog, see the git history for each version via the version links.
|
|
635
807
|
## [0.8.8] - February 25, 2010
|
636
808
|
|
637
809
|
### Fixed
|
810
|
+
|
638
811
|
- Fixed `sign_in` and `sign_out` not setting `current_user`.
|
639
812
|
|
640
813
|
[0.8.8]: https://github.com/thoughtbot/clearance/compare/v0.8.7...v0.8.8
|
@@ -642,6 +815,7 @@ complete changelog, see the git history for each version via the version links.
|
|
642
815
|
## [0.8.7] - February 21, 2010
|
643
816
|
|
644
817
|
### Fixed
|
818
|
+
|
645
819
|
- Fixed global sign out bug.
|
646
820
|
- Allow Rails apps to `before_filter :authenticate` the entire app
|
647
821
|
in `ApplicationController` and still have password recovery work without
|
@@ -653,10 +827,12 @@ complete changelog, see the git history for each version via the version links.
|
|
653
827
|
## [0.8.6] - February 17, 2010
|
654
828
|
|
655
829
|
### Added
|
830
|
+
|
656
831
|
- Allow overridden user models to skip email/password validations
|
657
832
|
conditionally. This makes username/facebook integration easier.
|
658
833
|
|
659
834
|
### Fixed
|
835
|
+
|
660
836
|
- Clearance features capitalization should match view text.
|
661
837
|
- Skip `:authenticate before_filter` in controllers so apps can easily
|
662
838
|
authenticate a whole site without subclassing.
|
@@ -670,12 +846,14 @@ complete changelog, see the git history for each version via the version links.
|
|
670
846
|
## [0.8.5] - January 20, 2010
|
671
847
|
|
672
848
|
### Changed
|
849
|
+
|
673
850
|
- Removed `attr_accessible` from `Clearance::User`.
|
674
851
|
- Remove dependency on `root_path`, use `'/'` instead.
|
675
852
|
- Use `Clearance.configure` block to set mailer sender instead of `DO_NOT_REPLY`
|
676
853
|
constant.
|
677
854
|
|
678
855
|
### Fixed
|
856
|
+
|
679
857
|
- Replaced routing hack with `Clearance::Routes.draw(map)` to give more control
|
680
858
|
to the application developer.
|
681
859
|
- Fixed bug in password reset feature.
|
@@ -685,6 +863,7 @@ complete changelog, see the git history for each version via the version links.
|
|
685
863
|
## [0.8.4] - December 08, 2009
|
686
864
|
|
687
865
|
### Fixed
|
866
|
+
|
688
867
|
- Remove unnecessary `require 'factory_girl'` in generator.
|
689
868
|
|
690
869
|
[0.8.4]: https://github.com/thoughtbot/clearance/compare/v0.8.3...v0.8.4
|
@@ -692,6 +871,7 @@ complete changelog, see the git history for each version via the version links.
|
|
692
871
|
## [0.8.3] - September 21, 2009
|
693
872
|
|
694
873
|
### Fixed
|
874
|
+
|
695
875
|
- Avoid possible collisions in the remember me token.
|
696
876
|
|
697
877
|
[0.8.3]: https://github.com/thoughtbot/clearance/compare/v0.8.2...v0.8.3
|
@@ -699,6 +879,7 @@ complete changelog, see the git history for each version via the version links.
|
|
699
879
|
## [0.8.2] - September 01, 2009
|
700
880
|
|
701
881
|
### Added
|
882
|
+
|
702
883
|
- `current_user= accessor` method.
|
703
884
|
- Set `current_user` in `sign_in`.
|
704
885
|
|
@@ -707,9 +888,11 @@ complete changelog, see the git history for each version via the version links.
|
|
707
888
|
## [0.8.1] - August 31, 2009
|
708
889
|
|
709
890
|
### Changed
|
891
|
+
|
710
892
|
- Removed unnecessary `remember_token_expires_at` column.
|
711
893
|
|
712
894
|
### Removed
|
895
|
+
|
713
896
|
- Removed `remember?` and `forget_me!` user instance methods.
|
714
897
|
|
715
898
|
[0.8.1]: https://github.com/thoughtbot/clearance/compare/v0.8.0...v0.8.1
|
@@ -717,10 +900,12 @@ complete changelog, see the git history for each version via the version links.
|
|
717
900
|
## [0.8.0] - August 31, 2009
|
718
901
|
|
719
902
|
### Added
|
903
|
+
|
720
904
|
- Documented `Clearance::Authentication` with YARD.
|
721
905
|
- Documented `Clearance::User` with YARD.
|
722
906
|
|
723
907
|
### Changed
|
908
|
+
|
724
909
|
- Always remember me. Replaced session-and-remember-me authentication with
|
725
910
|
always using a cookie with a long timeout.
|
726
911
|
|
@@ -729,11 +914,13 @@ complete changelog, see the git history for each version via the version links.
|
|
729
914
|
## [0.7.0] - August 4, 2009
|
730
915
|
|
731
916
|
### Added
|
917
|
+
|
732
918
|
- Added `signed_out?` convenience method for controllers, helpers, views.
|
733
919
|
- Added `clearance_views` generator. By default, creates formtastic views which
|
734
920
|
pass all tests and features.
|
735
921
|
|
736
922
|
### Fixed
|
923
|
+
|
737
924
|
- Redirect signed in user who clicks confirmation link again.
|
738
925
|
- Redirect signed out user who clicks confirmation link again.
|
739
926
|
|
@@ -742,6 +929,7 @@ complete changelog, see the git history for each version via the version links.
|
|
742
929
|
## [0.6.9] - July 4, 2009
|
743
930
|
|
744
931
|
### Added
|
932
|
+
|
745
933
|
- Added timestamps to create users migration.
|
746
934
|
- Ready for Ruby 1.9.
|
747
935
|
|
@@ -750,6 +938,7 @@ complete changelog, see the git history for each version via the version links.
|
|
750
938
|
## [0.6.8] - June 24, 2009
|
751
939
|
|
752
940
|
### Fixed
|
941
|
+
|
753
942
|
- Added `defined?` checks for various Rails constants such as `ActionController`
|
754
943
|
for easier unit testing of Clearance extensions... particularly `ActiveRecord`
|
755
944
|
extensions... `particularly strong_password`.
|
@@ -759,6 +948,7 @@ complete changelog, see the git history for each version via the version links.
|
|
759
948
|
## [0.6.7] - June 13, 2009
|
760
949
|
|
761
950
|
### Added
|
951
|
+
|
762
952
|
- Added `sign_up`, `sign_in`, `sign_out` named routes.
|
763
953
|
- `flash_success_after_create`, `flash_notice_after_create`,
|
764
954
|
`flash_failure_after_create`, `flash_sucess_after_update`,
|
@@ -766,9 +956,11 @@ complete changelog, see the git history for each version via the version links.
|
|
766
956
|
- Added `#create` to forbidden `before_filters` on confirmations controller.
|
767
957
|
|
768
958
|
### Fixed
|
959
|
+
|
769
960
|
- `should_be_signed_in_as` shouldn't look in the session.
|
770
961
|
|
771
962
|
### Deprecated
|
963
|
+
|
772
964
|
- Deprecated `sign_user_in`. Told developers to use `sign_in` instead.
|
773
965
|
|
774
966
|
[0.6.7]: https://github.com/thoughtbot/clearance/compare/v0.6.6...v0.6.7
|
@@ -776,6 +968,7 @@ complete changelog, see the git history for each version via the version links.
|
|
776
968
|
## [0.6.6] - May 18, 2009
|
777
969
|
|
778
970
|
### Fixed
|
971
|
+
|
779
972
|
- replaced `class_eval` in `Clearance::User` with modules. This was needed
|
780
973
|
so we could write our own validations.
|
781
974
|
|
@@ -784,6 +977,7 @@ complete changelog, see the git history for each version via the version links.
|
|
784
977
|
## [0.6.5] - May 17, 2009
|
785
978
|
|
786
979
|
### Added
|
980
|
+
|
787
981
|
- Make Clearance i18n aware.
|
788
982
|
|
789
983
|
[0.6.5]: https://github.com/thoughtbot/clearance/compare/v0.6.4...v0.6.5
|
@@ -791,10 +985,11 @@ complete changelog, see the git history for each version via the version links.
|
|
791
985
|
## [0.6.4] - May 12, 2009
|
792
986
|
|
793
987
|
### Changed
|
794
|
-
|
795
|
-
|
796
|
-
|
797
|
-
|
988
|
+
|
989
|
+
- Replacing `sign_in_as` & `sign_out` shoulda macros with a stubbing (requires
|
990
|
+
no dependency) approach. This will avoid dealing with the internals of
|
991
|
+
`current_user`, such as session & cookies. Added `sign_in` macro which signs
|
992
|
+
in an email confirmed user from clearance's factories.
|
798
993
|
- Move private methods on sessions controller into `Clearance::Authentication`
|
799
994
|
module.
|
800
995
|
- Audited flash keys.
|
@@ -804,6 +999,7 @@ complete changelog, see the git history for each version via the version links.
|
|
804
999
|
## [0.6.3] - April 23, 2009
|
805
1000
|
|
806
1001
|
### Fixed
|
1002
|
+
|
807
1003
|
- Scoping `ClearanceMailer` properly within controllers so it works in
|
808
1004
|
production environments.
|
809
1005
|
|
@@ -812,6 +1008,7 @@ complete changelog, see the git history for each version via the version links.
|
|
812
1008
|
## [0.6.2] - April 22, 2009
|
813
1009
|
|
814
1010
|
### Added
|
1011
|
+
|
815
1012
|
- Insert `Clearance::User` into User model if it exists.
|
816
1013
|
|
817
1014
|
[0.6.2]: https://github.com/thoughtbot/clearance/compare/v0.6.1...v0.6.2
|
@@ -819,6 +1016,7 @@ complete changelog, see the git history for each version via the version links.
|
|
819
1016
|
## [0.6.1] - April 21, 2009
|
820
1017
|
|
821
1018
|
### Changed
|
1019
|
+
|
822
1020
|
- Scope operators are necessary to keep Rails happy. Reverting the original
|
823
1021
|
revert so they're back in the library now for constants referenced inside of
|
824
1022
|
the gem.
|
@@ -828,22 +1026,23 @@ complete changelog, see the git history for each version via the version links.
|
|
828
1026
|
## [0.6.0] - April 21, 2009
|
829
1027
|
|
830
1028
|
### Changed
|
1029
|
+
|
831
1030
|
- Converted Clearance to a Rails engine.
|
832
1031
|
- Include `Clearance::User` in User model in app.
|
833
1032
|
- Include `Clearance::Authentication` in `ApplicationController`.
|
834
1033
|
- Namespace controllers under `Clearance` module.
|
835
1034
|
- Routes move to engine, use namespaced controllers but publicly the same.
|
836
|
-
- If you want to override a controller, subclass it like
|
837
|
-
Clearance::SessionsController`. This gives you access to
|
838
|
-
`url_after_create`.
|
1035
|
+
- If you want to override a controller, subclass it like
|
1036
|
+
`SessionsController < Clearance::SessionsController`. This gives you access to
|
1037
|
+
usual hooks such as `url_after_create`.
|
839
1038
|
- Controllers, mailer, model, routes all unit tested inside engine. Use
|
840
1039
|
`script/generate clearance_features` to test integration of Clearance with your
|
841
1040
|
Rails app. No longer including modules in your app's test files.
|
842
1041
|
- Moved views to engine.
|
843
|
-
- Converted generated `test/factories/clearance.rb` to use
|
1042
|
+
- Converted generated `test/factories/clearance.rb` to use inheritance for
|
844
1043
|
`email_confirmed_user`.
|
845
1044
|
- Corrected some spelling errors with methods.
|
846
|
-
- Loading clearance routes after rails routes via some
|
1045
|
+
- Loading clearance routes after rails routes via some monkey patching.
|
847
1046
|
- Made the clearance controllers `unloadable` to stop constant loading errors in
|
848
1047
|
development mode.
|
849
1048
|
|
@@ -852,6 +1051,7 @@ complete changelog, see the git history for each version via the version links.
|
|
852
1051
|
## [0.5.6] - April 11, 2009
|
853
1052
|
|
854
1053
|
### Fixed
|
1054
|
+
|
855
1055
|
- Step definition changed for "User should see error messages" so features won't
|
856
1056
|
fail for certain validations.
|
857
1057
|
|
@@ -860,6 +1060,7 @@ complete changelog, see the git history for each version via the version links.
|
|
860
1060
|
## [0.5.5] - March 23, 2009
|
861
1061
|
|
862
1062
|
### Fixed
|
1063
|
+
|
863
1064
|
- Removing duplicate test to get rid of warning.
|
864
1065
|
|
865
1066
|
[0.5.5]: https://github.com/thoughtbot/clearance/compare/v0.5.4...v0.5.5
|
@@ -867,6 +1068,7 @@ complete changelog, see the git history for each version via the version links.
|
|
867
1068
|
## [0.5.4] - March 21, 2009
|
868
1069
|
|
869
1070
|
### Changed
|
1071
|
+
|
870
1072
|
- When users fail logging in, redirect them instead of rendering.
|
871
1073
|
|
872
1074
|
[0.5.4]: https://github.com/thoughtbot/clearance/compare/v0.5.3...v0.5.4
|
@@ -874,6 +1076,7 @@ complete changelog, see the git history for each version via the version links.
|
|
874
1076
|
## [0.5.3] - March 5, 2009
|
875
1077
|
|
876
1078
|
### Changed
|
1079
|
+
|
877
1080
|
- Clearance now works with (and requires) Shoulda 2.10.0.
|
878
1081
|
|
879
1082
|
[0.5.3]: https://github.com/thoughtbot/clearance/compare/v0.5.2...v0.5.3
|
@@ -881,6 +1084,7 @@ complete changelog, see the git history for each version via the version links.
|
|
881
1084
|
## [0.5.2] - March 2, 2009
|
882
1085
|
|
883
1086
|
### Added
|
1087
|
+
|
884
1088
|
- Full compatible with Rails 2.3 (all tests pass)
|
885
1089
|
|
886
1090
|
[0.5.2]: https://github.com/thoughtbot/clearance/compare/v0.5.1...v0.5.2
|
@@ -888,6 +1092,7 @@ complete changelog, see the git history for each version via the version links.
|
|
888
1092
|
## [0.5.1] - February 27, 2009
|
889
1093
|
|
890
1094
|
### Changed
|
1095
|
+
|
891
1096
|
- A user with unconfirmed email who resets password now confirms email.
|
892
1097
|
- Switch order of cookies and sessions to take advantage of Rails 2.3's
|
893
1098
|
"Rack-based lazy-loaded sessions",
|
@@ -895,6 +1100,7 @@ complete changelog, see the git history for each version via the version links.
|
|
895
1100
|
`application.rb` in Rails 2.3 apps.
|
896
1101
|
|
897
1102
|
### Fixed
|
1103
|
+
|
898
1104
|
- Rack-based session change altered how to test remember me cookie.
|
899
1105
|
|
900
1106
|
[0.5.1]: https://github.com/thoughtbot/clearance/compare/v0.5.0...v0.5.1
|
@@ -902,6 +1108,7 @@ complete changelog, see the git history for each version via the version links.
|
|
902
1108
|
## [0.5.0] - February 27, 2009
|
903
1109
|
|
904
1110
|
### Fixed
|
1111
|
+
|
905
1112
|
- Fixed problem with Cucumber features.
|
906
1113
|
- Fixed missing HTTP fluency use case.
|
907
1114
|
|
@@ -910,10 +1117,12 @@ complete changelog, see the git history for each version via the version links.
|
|
910
1117
|
## [0.4.9] - February 20, 2009
|
911
1118
|
|
912
1119
|
### Changed
|
1120
|
+
|
913
1121
|
- Protect passwords & confirmations actions with forbidden filters.
|
914
1122
|
- Return 403 Forbidden status code in those cases.
|
915
1123
|
|
916
1124
|
### Security
|
1125
|
+
|
917
1126
|
- Fixed bug that allowed anyone to edit another user's password.
|
918
1127
|
|
919
1128
|
[0.4.9]: https://github.com/thoughtbot/clearance/compare/v0.4.8...v0.4.9
|
@@ -921,11 +1130,13 @@ complete changelog, see the git history for each version via the version links.
|
|
921
1130
|
## [0.4.8] - February 16, 2009
|
922
1131
|
|
923
1132
|
### Added
|
1133
|
+
|
924
1134
|
- Added documentation for the flash.
|
925
1135
|
- Generators `require 'test_helper'` instead of `File.join` for RR
|
926
1136
|
compatibility.
|
927
1137
|
|
928
1138
|
### Changed
|
1139
|
+
|
929
1140
|
- Removed interpolated email address from flash message to make i18n easier.
|
930
1141
|
- Standardized flash messages that refer to email delivery.
|
931
1142
|
|
@@ -934,6 +1145,7 @@ complete changelog, see the git history for each version via the version links.
|
|
934
1145
|
## [0.4.7] - February 12, 2009
|
935
1146
|
|
936
1147
|
### Changed
|
1148
|
+
|
937
1149
|
- Removed `Clearance::Test::TestHelper` so there is one less setup step.
|
938
1150
|
- All test helpers now in `shoulda_macros`.
|
939
1151
|
|
@@ -942,6 +1154,7 @@ complete changelog, see the git history for each version via the version links.
|
|
942
1154
|
## [0.4.6] - February 11, 2009
|
943
1155
|
|
944
1156
|
### Added
|
1157
|
+
|
945
1158
|
- Created `Actions` and `PrivateMethods` modules on controllers for future RDoc
|
946
1159
|
reasons.
|
947
1160
|
|
@@ -950,9 +1163,11 @@ complete changelog, see the git history for each version via the version links.
|
|
950
1163
|
## [0.4.5] - February 9, 2009
|
951
1164
|
|
952
1165
|
### Added
|
1166
|
+
|
953
1167
|
- Added password reset feature to `clearance_features` generator.
|
954
1168
|
|
955
1169
|
### Changed
|
1170
|
+
|
956
1171
|
- Only store location for `session[:return_to]` for GET requests.
|
957
1172
|
- Audited "sign up" naming convention. "Register" had slipped in a few places.
|
958
1173
|
- Switched to `SHA1` encryption. Cypher doesn't matter much for email
|
@@ -960,6 +1175,7 @@ complete changelog, see the git history for each version via the version links.
|
|
960
1175
|
clients who line break on 72 chars.
|
961
1176
|
|
962
1177
|
### Removed
|
1178
|
+
|
963
1179
|
- Removed email downcasing because local-part is case sensitive per
|
964
1180
|
RFC5321.
|
965
1181
|
- Removed unnecessary `session[:salt]`.
|
@@ -969,9 +1185,11 @@ complete changelog, see the git history for each version via the version links.
|
|
969
1185
|
## [0.4.4] - February 2, 2009
|
970
1186
|
|
971
1187
|
### Added
|
1188
|
+
|
972
1189
|
- Added a generator for Cucumber features.
|
973
1190
|
|
974
1191
|
### Changed
|
1192
|
+
|
975
1193
|
- Standardized naming for "Sign up," "Sign in," and "Sign out".
|
976
1194
|
|
977
1195
|
[0.4.4]: https://github.com/thoughtbot/clearance/compare/v0.3.7...v0.4.4
|