clearance 1.17.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3d2b65ce30d78d380c94d95fc6fa32f1fa4340a145f6e33573ad746f5da4600e
-  data.tar.gz: a8b154b5ccfed1470fcc29155f3f57c676571539f9794c5b9a32ef2b3f4b8a20
+  metadata.gz: 1a6869cfdd76b965d10f6809fe4ad1639a57d242de11fd4a414ac017c515c94c
+  data.tar.gz: 759e38cd4bd2525c5f35ab53c1f994317d13f3e449248b2fdec521808b398346
 SHA512:
-  metadata.gz: 7ec8917dc40e39108f0ceb7333d8968d31d2cfa5d902ad1fc533a85fcc98b10d0665bd84484256ff9a3e3114f4c8d27c7bdad24c70cf72c63f6dfc3d151bac2f
-  data.tar.gz: 839701911aea43402b13d2d4ea84f13d904ccf1576a7d9bc913eeac2f48a992a08e57c0859aceb04764afc927425852f18084c0638978937db974449a5f25b4b
+  metadata.gz: fb078764b744a5763476b7e0098196b9cbafe21043943591e6a0deeeeee291fb3b745cdd3ce666f4fdce031dcf5602f3d7fab42424658c726f0da3a82bfecccd
+  data.tar.gz: 43108490f1763fbb0a46edfde7c13dbe09af98e29998345868e96b0d7d49e02ec9788a1147c78301563e8a26ae2b659200dd2864b9ff798ca8fba99833a1bf84

data/.travis.yml

@@ -4,19 +4,16 @@ language:
   - ruby
 
 rvm:
-  - 2.3.8
-  - 2.4.5
-  - 2.5.3
-  - 2.6.1
+  - 2.4.9
+  - 2.5.7
+  - 2.6.5
+  - 2.7.0
 
 gemfile:
-  - gemfiles/rails_4.2.gemfile
   - gemfiles/rails_5.0.gemfile
   - gemfiles/rails_5.1.gemfile
   - gemfiles/rails_5.2.gemfile
-
-before_install:
-  - gem update --system
+  - gemfiles/rails_6.0.gemfile
 
 install:
   - "bin/setup"
@@ -24,11 +21,8 @@ install:
 branches:
   only:
     - master
-    - 2.0
 
 matrix:
-  allow_failures:
-    - gemfile: gemfiles/rails_4.2.gemfile
-      rvm: 2.6.1
-
-sudo: false
+  exclude:
+    - rvm: 2.4.9
+      gemfile: gemfiles/rails_6.0.gemfile

data/Appraisals

@@ -1,15 +1,23 @@
 rails_versions = %w(
-  4.2
   5.0
   5.1
   5.2
+  6.0
 )
 
 rails_versions.each do |version|
   appraise "rails_#{version}" do
     gem "railties", "~> #{version}.0"
-    if Gem::Version.new(version) >= Gem::Version.new("5.0")
-      gem "rails-controller-testing"
+    gem "rails-controller-testing"
+
+    if Gem::Version.new(version) >= Gem::Version.new("6.0")
+      # TODO - Switch to 4.0 gem once release is made
+      gem 'rspec-rails', '~> 4.0.0.beta3'
+      gem 'sqlite3', '~> 1.4.0'
+    else
+      gem 'sqlite3', '~> 1.3.13'
+      gem 'rspec-rails', '~> 3.1'
     end
+
   end
 end

data/Gemfile

@@ -3,15 +3,12 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'addressable', '~> 2.6.0'
-gem 'appraisal'
 gem 'ammeter'
-gem 'bundler', '~> 1.3'
+gem 'appraisal'
 gem 'capybara', '>= 2.6.2'
 gem 'database_cleaner', '~> 1.0'
 gem 'factory_bot_rails', '~> 5.0'
 gem 'nokogiri', '~> 1.10.0'
-gem 'rspec-rails', '~> 3.1'
-gem 'shoulda-matchers', '~> 4.0'
-gem 'sqlite3', '~> 1.3.13'
-gem 'timecop', '~> 0.6'
 gem 'pry', require: false
+gem 'shoulda-matchers', '~> 4.1'
+gem 'timecop', '~> 0.6'

data/Gemfile.lock

@@ -1,146 +1,153 @@
 PATH
   remote: .
   specs:
-    clearance (1.17.0)
-      actionmailer (>= 3.1)
-      activemodel (>= 3.1)
-      activerecord (>= 3.1)
-      bcrypt
-      email_validator (~> 1.4)
-      railties (>= 3.1)
+    clearance (2.2.0)
+      actionmailer (>= 5.0)
+      activemodel (>= 5.0)
+      activerecord (>= 5.0)
+      argon2 (~> 2.0, >= 2.0.2)
+      bcrypt (>= 3.1.1)
+      email_validator (~> 2.0)
+      railties (>= 5.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (5.2.3)
-      actionpack (= 5.2.3)
-      actionview (= 5.2.3)
-      activejob (= 5.2.3)
+    actionmailer (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      actionview (= 6.0.3.2)
+      activejob (= 6.0.3.2)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.3)
-      actionview (= 5.2.3)
-      activesupport (= 5.2.3)
-      rack (~> 2.0)
+    actionpack (6.0.3.2)
+      actionview (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+      rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (5.2.3)
-      activesupport (= 5.2.3)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (6.0.3.2)
+      activesupport (= 6.0.3.2)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (5.2.3)
-      activesupport (= 5.2.3)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.3.2)
+      activesupport (= 6.0.3.2)
       globalid (>= 0.3.6)
-    activemodel (5.2.3)
-      activesupport (= 5.2.3)
-    activerecord (5.2.3)
-      activemodel (= 5.2.3)
-      activesupport (= 5.2.3)
-      arel (>= 9.0)
-    activesupport (5.2.3)
+    activemodel (6.0.3.2)
+      activesupport (= 6.0.3.2)
+    activerecord (6.0.3.2)
+      activemodel (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+    activesupport (6.0.3.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
+      zeitwerk (~> 2.2, >= 2.2.2)
     addressable (2.6.0)
       public_suffix (>= 2.0.2, < 4.0)
     ammeter (1.1.4)
       activesupport (>= 3.0)
       railties (>= 3.0)
       rspec-rails (>= 2.2)
-    appraisal (2.2.0)
+    appraisal (2.3.0)
       bundler
       rake
       thor (>= 0.14.0)
-    arel (9.0.0)
-    bcrypt (3.1.12)
-    builder (3.2.3)
-    capybara (3.16.1)
+    argon2 (2.0.2)
+      ffi (~> 1.9)
+      ffi-compiler (>= 0.1)
+    bcrypt (3.1.13)
+    builder (3.2.4)
+    capybara (3.33.0)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
-      regexp_parser (~> 1.2)
+      regexp_parser (~> 1.5)
       xpath (~> 3.2)
-    coderay (1.1.2)
-    concurrent-ruby (1.1.5)
-    crass (1.0.4)
-    database_cleaner (1.7.0)
-    diff-lcs (1.3)
-    email_validator (1.6.0)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.6)
+    crass (1.0.6)
+    database_cleaner (1.8.5)
+    diff-lcs (1.4.4)
+    email_validator (2.0.1)
       activemodel
-    erubi (1.8.0)
-    factory_bot (5.0.2)
+    erubi (1.9.0)
+    factory_bot (5.2.0)
       activesupport (>= 4.2.0)
-    factory_bot_rails (5.0.1)
-      factory_bot (~> 5.0.0)
+    factory_bot_rails (5.2.0)
+      factory_bot (~> 5.2.0)
       railties (>= 4.2.0)
+    ffi (1.13.1)
+    ffi-compiler (1.0.1)
+      ffi (>= 1.0.0)
+      rake
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    i18n (1.6.0)
+    i18n (1.8.3)
       concurrent-ruby (~> 1.0)
-    loofah (2.2.3)
+    loofah (2.6.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    method_source (0.9.2)
-    mini_mime (1.0.1)
+    method_source (1.0.0)
+    mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    minitest (5.11.3)
-    nokogiri (1.10.2)
+    minitest (5.14.1)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    public_suffix (3.0.3)
-    rack (2.0.7)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (3.1.1)
+    rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.0.4)
-      loofah (~> 2.2, >= 2.2.2)
-    railties (5.2.3)
-      actionpack (= 5.2.3)
-      activesupport (= 5.2.3)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.19.0, < 2.0)
-    rake (12.3.2)
-    regexp_parser (1.4.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+      thor (>= 0.20.3, < 2.0)
+    rake (13.0.1)
+    regexp_parser (1.7.1)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-rails (3.8.2)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    shoulda-matchers (4.0.1)
+      rspec-support (~> 3.9.0)
+    rspec-rails (4.0.1)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.9)
+      rspec-expectations (~> 3.9)
+      rspec-mocks (~> 3.9)
+      rspec-support (~> 3.9)
+    rspec-support (3.9.3)
+    shoulda-matchers (4.3.0)
       activesupport (>= 4.2.0)
-    sqlite3 (1.3.13)
-    thor (0.20.3)
+    thor (1.0.1)
     thread_safe (0.3.6)
     timecop (0.9.1)
-    tzinfo (1.2.5)
+    tzinfo (1.2.7)
       thread_safe (~> 0.1)
     xpath (3.2.0)
       nokogiri (~> 1.8)
+    zeitwerk (2.3.1)
 
 PLATFORMS
   ruby
@@ -149,17 +156,14 @@ DEPENDENCIES
   addressable (~> 2.6.0)
   ammeter
   appraisal
-  bundler (~> 1.3)
   capybara (>= 2.6.2)
   clearance!
   database_cleaner (~> 1.0)
   factory_bot_rails (~> 5.0)
   nokogiri (~> 1.10.0)
   pry
-  rspec-rails (~> 3.1)
-  shoulda-matchers (~> 4.0)
-  sqlite3 (~> 1.3.13)
+  shoulda-matchers (~> 4.1)
   timecop (~> 0.6)
 
 BUNDLED WITH
-   1.17.3
+   2.1.2

data/NEWS.md

@@ -3,6 +3,93 @@
 The noteworthy changes for each Clearance version are included here. For a
 complete changelog, see the git history for each version via the version links.
 
+## [2.2.0] - July 9, 2020
+
+### Added
+
+- Add an Argon2 password strategy
+
+### Fixed
+
+- Use strings instead of classes on guard classes, avoids Rails deprecation
+  warning.
+- Use `find_by` style for finders, improves neo4j support
+- Provide explicit case sensitivity option for email uniqueness, avoid Rails
+  deprecation warning.
+
+[2.2.0]: https://github.com/thoughtbot/clearance/compare/v2.1.0...v2.2.0
+
+## [2.1.0] - December 19, 2019
+
+### Added
+
+- Add a `parent_controller` configuration option to specify the controller that
+  Clearance's `BaseController` will inherit from. Defaults to a value of
+  `ApplicationController`.
+- Use the configured `primary_key_type` from the Active Record settings of the
+  project including Clearance, if it is set, while generating migrations. For
+  example, a setting of `:uuid` in a Rails app using Clearance will cause the
+  clearance-generated migrations to use this for the `users` table id type.
+
+### Fixed
+
+- Delete cookies correctly when a custom domain setting is being used.
+- Do not set the authorization cookie on requests which did not exercise the
+  authorization code. Reduces the chances of leaving an auth cookie in a
+  publicly cacheable page that didn't require authorization to access.
+
+### Changed
+
+- Update the `email_validator` gem to a newer version embrace the more relaxed
+  email validation options which it now defaults to.
+- When a password reset request is submitted without an email address, a flash
+  alert is now provided. Previously this continued silently as though it had
+  worked. We still proceed that way when there is an invalid (but present)
+  value, so as not to reveal existent vs. non-existent emails in the database.
+
+### Removed
+
+- Remove an unused route to `passwords#create` nested under `users`.
+- No longer include the (rarely used in practice) application layout as part of
+  the views installer; but continue to provide some stock sign-in/out and flash
+  partial code in the gem installation README output.
+
+### Deprecated
+
+- Remove the existing deprecation notice around the `rotate_csrf_on_sign_in`
+  setting, and make that setting default to true.
+
+[2.1.0]: https://github.com/thoughtbot/clearance/compare/v2.0.0...v2.1.0
+
+## [2.0.0] - November 12, 2019
+
+### Added
+
+- Add support for Rails version 6
+- Allow `cookie_domain` to be configured with a lambda for custom configuration
+- Add ability to configure BCrypt computational cost of hash calculation.
+- Add `same_site` configuration option for increased CSRF protection.
+
+### Fixed
+
+- Fix issue where invalid params could raise `NoMethodError` when updating and
+  resetting passwords.
+- The backdoor auth mechanism now supports scenarios where `Rails.env` has been
+  configured via env variables other than `RAILS_ENV` (`RACK_ENV` for example).
+
+### Removed
+
+- Removed support for Ruby versions older than 2.4
+- Removed support for Rails versions older than 5.0
+- Removed all deprecated code from Clearance 1.x
+
+### Changed
+
+- Flash messages now use `flash[:alert]` rather than `flash[:notice]` as they
+  were used as errors more often than notices.
+
+[2.0.0]: https://github.com/thoughtbot/clearance/compare/v1.17.0...v2.0.0
+
 ## [1.17.0] - April 11, 2019
 
 ### Changed
@@ -17,11 +104,13 @@ complete changelog, see the git history for each version via the version links.
 ## [1.16.2] - February 25, 2019
 
 ### Fixed
+
 - Added missing translation keys
 - Fix issue where a cookie value could be set more than once when interacting
   with the `httponly` option
 
 ### Changed
+
 - Remove Rails as a dependency so that clearance does not trigger a cascade of
   requirements as rails pulls in every framework. Instead, depend on just the
   frameworks relevant to Clearance.
@@ -32,6 +121,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.16.1] - November 2, 2017
 
 ### Fixed
+
 - Fixed issue where tokens from abandoned password reset attempts were stored in
   the session, preventing newly generated password reset tokens from working.
 - Improve compatibility with Rails API projects by calling `helper_method` only
@@ -46,6 +136,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.16.0] - January 16, 2017
 
 ### Security
+
 - Clearance users can now help prevent [session fixation attacks] by setting
   `Clearance.configuration.rotate_csrf_on_sign_in` to `true`. This will cause
   the user's CSRF token to be rotated on sign in and is recommended for all
@@ -59,6 +150,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.15.1] - October 6, 2016
 
 ### Fixed
+
 - Password reset form redirect no longer uses a named route helper, which means
   it will work for developers that have customized their routes.
 
@@ -67,15 +159,17 @@ complete changelog, see the git history for each version via the version links.
 ## [1.15.0] - September 26, 2016
 
 ### Security
+
 - Prevent possible password reset token leak to external sites linked to on the
   password reset page. See [PR #707] for more information.
 
-[PR #707]: https://github.com/thoughtbot/clearance/pull/707
+[pr #707]: https://github.com/thoughtbot/clearance/pull/707
 [1.15.0]: https://github.com/thoughtbot/clearance/compare/v1.14.2...v1.15.0
 
 ## [1.14.2] - August 10, 2016
 
 ### Fixed
+
 - Fixed incompatibility with `attr_encrypted` gem by inlining the body of the
   `encrypt` helper method used in the BCrypt password strategy.
 
@@ -84,6 +178,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.14.1] - May 12, 2016
 
 ### Fixed
+
 - Fixed insertion of `include Clearance::User` when running the install
   generator in an app that already has a `User` model.
 - Updated `deny_access` matcher to assert against configured redirect location
@@ -94,11 +189,13 @@ complete changelog, see the git history for each version via the version links.
 ## [1.14.0] - April 29, 2016
 
 ### Added
+
 - `Clearance::BackDoor` now accepts a block, allowing the user for a test to be
   looked up by a parameter other than `id` if you have overridden `to_param` for
   the `User` model.
 
 ### Fixed
+
 - We now correctly track the dirty state of `User#encrypted_password`, which
   fixes custom validations on `User#password` (e.g. validating password length)
   that were conditional on the password actually changing.
@@ -107,6 +204,7 @@ complete changelog, see the git history for each version via the version links.
   have a `User` model.
 
 ### Deprecated
+
 - `User#password_changing` is deprecated in favor of automatic dirty tracking on
   `encrypted_password` and `password`. If you are calling this in your
   application you should be able to remove it.
@@ -116,9 +214,11 @@ complete changelog, see the git history for each version via the version links.
 ## [1.13.0] - March 4, 2016
 
 ### Added
+
 - Clearance now supports Rails 5.0.0.beta3 and newer.
 
 ### Fixed
+
 - Clearance will now infer the parameter name to use when accessing user
   parameters in a request. This previously used `:user`, which was incorrect for
   customized user models.
@@ -129,14 +229,16 @@ complete changelog, see the git history for each version via the version links.
 ## [1.12.1] - January 7, 2016
 
 ### Fixed
-- Fixed the `create_users` migration generated by `rails generate
-  clearance:install` under Rails 3.x.
+
+- Fixed the `create_users` migration generated
+  by `rails generate clearance:install` under Rails 3.x.
 
 [1.12.1]: https://github.com/thoughtbot/clearance/compare/v1.12.0...v1.12.1
 
 ## [1.12.0] - November 17, 2015
 
 ### Added
+
 - Users will now see a flash message when redirected to sign in by
   `require_login`. This I18n key for this message is
   `flashes.failure_when_not_signed_in` and defaults to "Please sign in to
@@ -144,6 +246,7 @@ complete changelog, see the git history for each version via the version links.
 - Added significant API documentation. API documentation effort is ongoing.
 
 ### Fixed
+
 - Fixed expectation in the generated `visitor_resets_password_spec.rb` file.
 - Corrected indentation of routes inserted by the routes generator.
 - Corrected indentation of `include Clearance::User` when the install generator
@@ -154,17 +257,20 @@ complete changelog, see the git history for each version via the version links.
 ## [1.11.0] - August 21, 2015
 
 ### Added
+
 - Add `sign_in` and `sign_in_as` helper methods to view specs. These helpers
   avoid errors from verified partial doubles that come from. See
   [462c009].
 
 ### Fixed
+
 - `clearance:routes` generator now properly disables internal routes in your
   Clearance initializer.
 - Clearance now accesses the cookie jar via ActionDispatch::Request rather than
   `Rack::Request`. This is more consistent with what Rails does internally.
 
 ### Deprecated
+
 - `Clearance::Testing::Helpers` has been deprecated in favor of
   `Clearance::Testing::ControllerHelpers`. Most users are accessing these
   helpers by requiring `clearance/rspec` or `clearance/test_unit` and should be
@@ -176,6 +282,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.10.1] - May 15, 2015
 
 ### Deprecated
+
 - All clearance-provided password strategies other than BCrypt have been
   deprecated. You can continue to use those strategies without a deprecation
   warning by adding `clearance-deprecated_password_strategies` to your Gemfile.
@@ -185,12 +292,14 @@ complete changelog, see the git history for each version via the version links.
 ## [1.9.0] - April 3, 2015
 
 ### Added
+
 - The change password mailer now produces a multipart message which includes a
   text part along with the previously existing HTML part. To override the text
   part, add `change_password.text.erb` alongside your `change_password.html.erb`
   file.
 
 ### Fixed
+
 - Custom `user_model` configured in a Rails initializer will now be reloaded in
   development mode.
 - Change password template now contains "Change my password" link text to
@@ -201,10 +310,12 @@ complete changelog, see the git history for each version via the version links.
 ## [1.8.1] - March 3, 2015
 
 ### Security
+
 - Enable cross-site request forgery protection on `sessions#create`. See
   [7f5d56e](https://github.com/thoughtbot/clearance/commit/7f5d56ed3a51aca14fa60247a90ca0cd11db0e0d).
 
 ### Fixed
+
 - All methods included by `Clearance::Controller` are now excluded from
   `action_methods`.
 
@@ -213,10 +324,12 @@ complete changelog, see the git history for each version via the version links.
 ## [1.8.0] - January 23, 2015
 
 ### Added
+
 - The remember token cookie name is now customizable via
   `Clearance.configuration.cookie_name`.
 
 ### Fixed
+
 - Fixed a redirect loop on the sign in page for applications that are still
   using the deprecated `authorize` filter.
 - Signed in users that attempt to visit the sign in path are now redirected. The
@@ -224,6 +337,7 @@ complete changelog, see the git history for each version via the version links.
   can be customized by overriding `passwords_controller#url_for_signed_in_users`
 
 ### Deprecated
+
 - `users_controller#avoid_sign_in` is now deprecated in favor of
   `redirect_signed_in_users` which is more accurately named.
 
@@ -232,9 +346,11 @@ complete changelog, see the git history for each version via the version links.
 ## [1.7.0] - January, 8, 2015
 
 ### Fixed
+
 - Fix the negation of the `deny_access` matcher in Rails 4.0.x on Ruby 2.2
 
 ### Deprecated
+
 - The `authorize` filter has been deprecated in favor of `require_login`. Update
   all reference to the filter including any calls to `skip_before_filter` or
   `skip_before_action`.
@@ -246,6 +362,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.6.1] - January 6, 2015
 
 ### Fixed
+
 - Secure cookies are no longer overwritten when the user visits a non-HTTPS URL.
 
 [1.6.1]: https://github.com/thoughtbot/clearance/compare/v1.6.0...v1.6.1
@@ -253,6 +370,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.6.0] - December 20, 2014
 
 ### Added
+
 - When using Rails 4.2, password reset emails are sent with the
   ActiveJob-compatible `#deliver_later` method.
 
@@ -261,6 +379,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.5.1] - December 19, 2014
 
 ### Fixed
+
 - Blowfish password strategy fixed
 - Specs generated with `rails generate clearance:specs` now work properly in
   RSpec 3 projects.
@@ -270,6 +389,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.5.0] - October 17, 2014
 
 ### Added
+
 - Disable clearance routes by setting `config.routes = false`.
 - Running `rails generate clearance:routes` will dump the default set of
   routes to your application's routes file for modification.
@@ -279,6 +399,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.4.3] - October 3, 2014
 
 ### Fixed
+
 - Routing constraints act appropriately when session data is missing.
 
 [1.4.3]: https://github.com/thoughtbot/clearance/compare/v1.4.2...v1.4.3
@@ -286,6 +407,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.4.2] - September 13, 2014
 
 ### Fixed
+
 - Eliminate deprecation message when using DenyAccess matcher with RSpec 3.
 
 [1.4.2]: https://github.com/thoughtbot/clearance/compare/v1.4.1...v1.4.2
@@ -293,6 +415,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.4.1] - September 5, 2014
 
 ### Fixed
+
 - Prevent BCrypt strategy from raising an exception when `encypted_password`
   is nil.
 
@@ -301,17 +424,20 @@ complete changelog, see the git history for each version via the version links.
 ## [1.4.0] - July 18, 2014
 
 ### Added
+
 - `user_params` method was added to `Clearance::UsersController` which provides
   a convenient place to override the parameters used when creating users.
 - Controllers now inherit from `Clearance::BaseController` to allow for easily
   adding behavior to all of them.
 
 ### Changed
+
 - The sign out link in the default application layout has been replaced with a
   semantically correct sign out button. This also removes an unnecessary
   JavaScript dependency.
 
 ### Fixed
+
 - Clearance now uses `original_fullpath` when redirecting to a saved URL after
   login. This should improve the behavior in mounted engines.
 
@@ -320,6 +446,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.3.0] - March 14, 2014
 
 ### Added
+
 - Installing Clearance with an existing User model will now create a migration
   that includes adding remember tokens to all existing user records.
 
@@ -328,6 +455,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.2.1] - March 6, 2014
 
 ### Fixed
+
 - Query string is now included in the redirect URL when Clearance redirects to a
   previously stored URL.
 
@@ -336,10 +464,12 @@ complete changelog, see the git history for each version via the version links.
 ## [1.2.0] - February 28, 2014
 
 ### Added
+
 - Support for Rails 4.1.0.rc1
 - Sign in can now be disabled with `config.allow_sign_in = false`
 
 ### Changed
+
 - Sign in failure message is now customized exclusively via I18n.
   `SessionsController#flash_failure_after_create` is no longer called. To
   customize the message, change the
@@ -347,6 +477,7 @@ complete changelog, see the git history for each version via the version links.
   `flashes.failure_after_create` key.
 
 ### Deprecated
+
 - `clearance/testing` is now deprecated. Require `clearance/rspec` or
   `clearance/test_unit` as appropriate.
 
@@ -355,8 +486,9 @@ complete changelog, see the git history for each version via the version links.
 ## [1.1.0] - November 21, 2013
 
 ### Added
+
 - Validate email with `EmailValidator` [strict mode][strict].
-- The `cookie_expiration` configuration lambda can now be called with  a
+- The `cookie_expiration` configuration lambda can now be called with a
   `cookies` parameter. Allows the Clearance cookie expiration to be set
   according to the value of another cookie (such as `remember_me`).
 - Allow cookie domain and path configuration.
@@ -365,9 +497,11 @@ complete changelog, see the git history for each version via the version links.
 [strict]: https://github.com/balexand/email_validator#strict-mode
 
 ### Fixed
+
 - Don't allow logins with blank `remember_token`.
 
 ### Deprecated
+
 - A `cookie_expiration` lambda that does not accept this `cookies`
   parameter has been deprecated.
 
@@ -376,6 +510,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.0.1] - August 9, 2013
 
 ### Fixed
+
 - Fix an issue when trying to sign in with `nil`
 
 [1.0.1]: https://github.com/thoughtbot/clearance/compare/v1.0.0...v1.1.1
@@ -383,6 +518,7 @@ complete changelog, see the git history for each version via the version links.
 ## [1.0.0] - August 1, 2013
 
 ### Added
+
 - Support Rails 4.
 - Speed up test suites using `::BCrypt::Engine::MIN_COST`.
 - Speed up integration suites with `Clearance::BackDoor`.
@@ -396,6 +532,7 @@ complete changelog, see the git history for each version via the version links.
 - Add `secure_cookie` configuration option.
 
 ### Changed
+
 - Change default password strategy to BCrypt.
 - Replace email regular expression with `EmailValidator` gem.
 - Require > Ruby 1.9.
@@ -407,12 +544,14 @@ complete changelog, see the git history for each version via the version links.
   to avoid locale conflicts.
 
 ### Fixed
+
 - Improve security when changing password.
 - Reduce extra user lookups when adding cookie to headers.
 - Unauthorized API requests return HTTP status 401 rather than a redirect
   to the sign in page.
 
 ### Removed
+
 - Remove deprecated methods on User: `remember_me!`, `generate_random_code`,
   `password_required?`.
 - Remove `unloadable` from controllers (Rails 4 bug fix in development
@@ -424,6 +563,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.16.2] - May 11, 2012
 
 ### Changed
+
 - Change default email sender to `deploy@example.com`.
 
 [0.16.2]: https://github.com/thoughtbot/clearance/compare/v0.16.1...v0.16.2
@@ -431,6 +571,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.16.1] - April 16, 2012
 
 ### Fixed
+
 - Behave correctly when Rails whitelist attributes mass assignment
   protection is turned on.
 - Fix for Rails 3.2.x modifying the HTTP cookie headers in rack requests.
@@ -440,6 +581,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.16.0] - March 16, 2012
 
 ### Added
+
 - Blowfish password encryption strategy.
 
 [0.16.0]: https://github.com/thoughtbot/clearance/compare/v0.15.0...v0.16.0
@@ -447,9 +589,11 @@ complete changelog, see the git history for each version via the version links.
 ## [0.15.0] - February 3, 2012
 
 ### Added
+
 - The `User` model can be swapped out using the `Clearance.configure` method.
 
 ### Removed
+
 - Remove `User::InstanceMethods` to silence a Rails 3.2 deprecation warning.
 
 [0.15.0]: https://github.com/thoughtbot/clearance/compare/v0.14.0...v0.15.0
@@ -457,6 +601,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.14.0] - January 13, 2012
 
 ### Added
+
 - Support clearance session management from the Rack environment.
 
 [0.14.0]: https://github.com/thoughtbot/clearance/compare/v0.13.2...v0.14.0
@@ -464,6 +609,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.13.2] - January 13, 2012
 
 ### Fixed
+
 - Fixed the `deny_access` matcher.
 
 [0.13.2]: https://github.com/thoughtbot/clearance/compare/v0.13.0...v0.13.2
@@ -471,6 +617,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.13.0] - October 11, 2011
 
 ### Changed
+
 - In Clearance's optional generated features, use pure Capybara instead of
   depending on Cucumber's removed `web_steps`, paths, and selectors.
 - Extract SHA-1-specific code out of `User` into `PasswordStrategies` module.
@@ -482,6 +629,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.12.0] - June 30, 2011
 
 ### Changed
+
 - Denying access redirects to `root_url` when signed in, `sign_in_url` when
   signed out.
 - Using flash `:notice` key everywhere now instead of `:success` and `:failure`.
@@ -497,10 +645,12 @@ complete changelog, see the git history for each version via the version links.
 ## [0.11.2] - June 29, 2011
 
 ### Added
+
 - Rails 3.1.rc compatible.
 - RSpec and Test::Unit compliant test matcher (`should deny_access`, etc)
 
 ### Removed
+
 - No more Clearance `shoulda_macros`. Instead providing RSpec and
   Test::Unit-compliant test matchers (`should deny_access`, etc).
 
@@ -509,13 +659,16 @@ complete changelog, see the git history for each version via the version links.
 ## [0.11.1] - April 30, 2011
 
 ### Added
+
 - Redirect to home page after sign up.
 
 ### Fixed
+
 - Removing `:case_sensitive` option from `validates_uniqueness_of`. It was
   unnecessary and causes a small performance problem on some apps.
 
 ### Removed
+
 - Remove dependency on `dynamic_form`. Replaced with flashes due to limited number
   of failure cases.
 
@@ -524,14 +677,17 @@ complete changelog, see the git history for each version via the version links.
 ## [0.11.0] - April 24, 2011
 
 ### Added
+
 - New `controller#authenticate(params)` method. Redefine username & password or
   other styles of authentication.
 
 ### Changed
-- `before_filter :authenticate` API replaced with more aptly-named `before_filter
-  :authorize`.
+
+- `before_filter :authenticate` API replaced with more
+  aptly-named `before_filter :authorize`.
 
 ### Removed
+
 - Removing password confirmation.
 
 [0.11.0]: https://github.com/thoughtbot/clearance/compare/v0.10.5...v0.11.0
@@ -539,6 +695,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.10.5] - April 19, 2011
 
 ### Security
+
 - Closing CSRF hole for Rails >= 3.0.4 apps.
 
 [0.10.5]: https://github.com/thoughtbot/clearance/compare/v0.10.4...v0.10.5
@@ -546,15 +703,19 @@ complete changelog, see the git history for each version via the version links.
 ## [0.10.4] - April 16, 2011
 
 ### Added
+
 - Use HTML5 email fields.
 
 ### Changed
+
 - Emails forced to be downcased (particularly for iPhone user case).
 
 ### Fixed
+
 - Password reset requires a password.
 
 ### Removed
+
 - Formtastic views generator removed.
 
 [0.10.4]: https://github.com/thoughtbot/clearance/compare/v0.10.3.2...v0.10.4
@@ -562,6 +723,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.10.3.2] - March 6, 2011
 
 ### Fixed
+
 - Fix gemspec to include all necessary files.
 
 [0.10.3.2]: https://github.com/thoughtbot/clearance/compare/v0.10.3.1...v0.10.3.2
@@ -569,6 +731,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.10.3.1] - February 20, 2011
 
 ### Fixed
+
 - Ensure everything within features inside any engine directory is included in
   the `gemspec`.
 
@@ -577,6 +740,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.10.3] - February 19, 2011
 
 ### Fixed
+
 - Include features/engines in `gemspec` file list so generator works as
   expected.
 
@@ -585,11 +749,13 @@ complete changelog, see the git history for each version via the version links.
 ## [0.10.2] - February 18, 2011
 
 ### Added
+
 - New generator command: `rails generate clearance:install`.
 - When Clearance installed in an app that already has users, allow old users to
   sign in by resetting their password.
 
 ### Changed
+
 - Step definitions are now prefixed with `visitor_` to use thoughtbot
   convention.
 
@@ -598,6 +764,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.10.1] - February 9, 2011
 
 ### Fixed
+
 - Replaced `ActionController::Forbidden` with a user-friendly flash message.
 
 [0.10.1]: https://github.com/thoughtbot/clearance/compare/v0.10.0...v0.10.1
@@ -605,9 +772,11 @@ complete changelog, see the git history for each version via the version links.
 ## [0.10.0] - June 29, 2010
 
 ### Added
+
 - Better email validation regular expression.
 
 ### Removed
+
 - Removed email confirmation step, was mostly a hassle and can always be added
   back in at the application level (instead of engine level) if necessary.
 - Removed `disable_with` on forms since it does not allow IE users to submit
@@ -618,6 +787,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.9.1] - June 29, 2010
 
 ### Added
+
 - This release supports Rails 3, capybara, and shoulda 2.10+.
 
 [0.9.1]: https://github.com/thoughtbot/clearance/compare/v0.9.0...v0.9.1
@@ -625,9 +795,11 @@ complete changelog, see the git history for each version via the version links.
 ## [0.9.0] - June 11, 2010
 
 ### Added
+
 - Allow customization of cookie duration.
 
 ### Changed
+
 - Removed unnecessary db index.
 
 [0.9.0]: https://github.com/thoughtbot/clearance/compare/v0.8.8...v0.9.0
@@ -635,6 +807,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.8.8] - February 25, 2010
 
 ### Fixed
+
 - Fixed `sign_in` and `sign_out` not setting `current_user`.
 
 [0.8.8]: https://github.com/thoughtbot/clearance/compare/v0.8.7...v0.8.8
@@ -642,6 +815,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.8.7] - February 21, 2010
 
 ### Fixed
+
 - Fixed global sign out bug.
 - Allow Rails apps to `before_filter :authenticate` the entire app
   in `ApplicationController` and still have password recovery work without
@@ -653,10 +827,12 @@ complete changelog, see the git history for each version via the version links.
 ## [0.8.6] - February 17, 2010
 
 ### Added
+
 - Allow overridden user models to skip email/password validations
   conditionally. This makes username/facebook integration easier.
 
 ### Fixed
+
 - Clearance features capitalization should match view text.
 - Skip `:authenticate before_filter` in controllers so apps can easily
   authenticate a whole site without subclassing.
@@ -670,12 +846,14 @@ complete changelog, see the git history for each version via the version links.
 ## [0.8.5] - January 20, 2010
 
 ### Changed
+
 - Removed `attr_accessible` from `Clearance::User`.
 - Remove dependency on `root_path`, use `'/'` instead.
 - Use `Clearance.configure` block to set mailer sender instead of `DO_NOT_REPLY`
   constant.
 
 ### Fixed
+
 - Replaced routing hack with `Clearance::Routes.draw(map)` to give more control
   to the application developer.
 - Fixed bug in password reset feature.
@@ -685,6 +863,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.8.4] - December 08, 2009
 
 ### Fixed
+
 - Remove unnecessary `require 'factory_girl'` in generator.
 
 [0.8.4]: https://github.com/thoughtbot/clearance/compare/v0.8.3...v0.8.4
@@ -692,6 +871,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.8.3] - September 21, 2009
 
 ### Fixed
+
 - Avoid possible collisions in the remember me token.
 
 [0.8.3]: https://github.com/thoughtbot/clearance/compare/v0.8.2...v0.8.3
@@ -699,6 +879,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.8.2] - September 01, 2009
 
 ### Added
+
 - `current_user= accessor` method.
 - Set `current_user` in `sign_in`.
 
@@ -707,9 +888,11 @@ complete changelog, see the git history for each version via the version links.
 ## [0.8.1] - August 31, 2009
 
 ### Changed
+
 - Removed unnecessary `remember_token_expires_at` column.
 
 ### Removed
+
 - Removed `remember?` and `forget_me!` user instance methods.
 
 [0.8.1]: https://github.com/thoughtbot/clearance/compare/v0.8.0...v0.8.1
@@ -717,10 +900,12 @@ complete changelog, see the git history for each version via the version links.
 ## [0.8.0] - August 31, 2009
 
 ### Added
+
 - Documented `Clearance::Authentication` with YARD.
 - Documented `Clearance::User` with YARD.
 
 ### Changed
+
 - Always remember me. Replaced session-and-remember-me authentication with
   always using a cookie with a long timeout.
 
@@ -729,11 +914,13 @@ complete changelog, see the git history for each version via the version links.
 ## [0.7.0] - August 4, 2009
 
 ### Added
+
 - Added `signed_out?` convenience method for controllers, helpers, views.
 - Added `clearance_views` generator. By default, creates formtastic views which
   pass all tests and features.
 
 ### Fixed
+
 - Redirect signed in user who clicks confirmation link again.
 - Redirect signed out user who clicks confirmation link again.
 
@@ -742,6 +929,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.9] - July 4, 2009
 
 ### Added
+
 - Added timestamps to create users migration.
 - Ready for Ruby 1.9.
 
@@ -750,6 +938,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.8] - June 24, 2009
 
 ### Fixed
+
 - Added `defined?` checks for various Rails constants such as `ActionController`
   for easier unit testing of Clearance extensions... particularly `ActiveRecord`
   extensions... `particularly strong_password`.
@@ -759,6 +948,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.7] - June 13, 2009
 
 ### Added
+
 - Added `sign_up`, `sign_in`, `sign_out` named routes.
 - `flash_success_after_create`, `flash_notice_after_create`,
   `flash_failure_after_create`, `flash_sucess_after_update`,
@@ -766,9 +956,11 @@ complete changelog, see the git history for each version via the version links.
 - Added `#create` to forbidden `before_filters` on confirmations controller.
 
 ### Fixed
+
 - `should_be_signed_in_as` shouldn't look in the session.
 
 ### Deprecated
+
 - Deprecated `sign_user_in`. Told developers to use `sign_in` instead.
 
 [0.6.7]: https://github.com/thoughtbot/clearance/compare/v0.6.6...v0.6.7
@@ -776,6 +968,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.6] - May 18, 2009
 
 ### Fixed
+
 - replaced `class_eval` in `Clearance::User` with modules. This was needed
   so we could write our own validations.
 
@@ -784,6 +977,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.5] - May 17, 2009
 
 ### Added
+
 - Make Clearance i18n aware.
 
 [0.6.5]: https://github.com/thoughtbot/clearance/compare/v0.6.4...v0.6.5
@@ -791,10 +985,11 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.4] - May 12, 2009
 
 ### Changed
-- Replacing `sign_in_as` & `sign_out` shoulda macros with a stubbing (requires no
-  dependency) approach. This will avoid dealing with the internals of
-  `current_user`, such as session & cookies. Added `sign_in` macro which signs in an
-  email confirmed user from clearance's factories.
+
+- Replacing `sign_in_as` & `sign_out` shoulda macros with a stubbing (requires
+  no dependency) approach. This will avoid dealing with the internals of
+  `current_user`, such as session & cookies. Added `sign_in` macro which signs
+  in an email confirmed user from clearance's factories.
 - Move private methods on sessions controller into `Clearance::Authentication`
   module.
 - Audited flash keys.
@@ -804,6 +999,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.3] - April 23, 2009
 
 ### Fixed
+
 - Scoping `ClearanceMailer` properly within controllers so it works in
   production environments.
 
@@ -812,6 +1008,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.2] - April 22, 2009
 
 ### Added
+
 - Insert `Clearance::User` into User model if it exists.
 
 [0.6.2]: https://github.com/thoughtbot/clearance/compare/v0.6.1...v0.6.2
@@ -819,6 +1016,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.1] - April 21, 2009
 
 ### Changed
+
 - Scope operators are necessary to keep Rails happy. Reverting the original
   revert so they're back in the library now for constants referenced inside of
   the gem.
@@ -828,22 +1026,23 @@ complete changelog, see the git history for each version via the version links.
 ## [0.6.0] - April 21, 2009
 
 ### Changed
+
 - Converted Clearance to a Rails engine.
 - Include `Clearance::User` in User model in app.
 - Include `Clearance::Authentication` in `ApplicationController`.
 - Namespace controllers under `Clearance` module.
 - Routes move to engine, use namespaced controllers but publicly the same.
-- If you want to override a controller, subclass it like `SessionsController <
-  Clearance::SessionsController`. This gives you access to usual hooks such as
-  `url_after_create`.
+- If you want to override a controller, subclass it like
+  `SessionsController < Clearance::SessionsController`. This gives you access to
+  usual hooks such as `url_after_create`.
 - Controllers, mailer, model, routes all unit tested inside engine. Use
   `script/generate clearance_features` to test integration of Clearance with your
   Rails app. No longer including modules in your app's test files.
 - Moved views to engine.
-- Converted generated `test/factories/clearance.rb` to use inheritence for
+- Converted generated `test/factories/clearance.rb` to use inheritance for
   `email_confirmed_user`.
 - Corrected some spelling errors with methods.
-- Loading clearance routes after rails routes via some monkeypatching.
+- Loading clearance routes after rails routes via some monkey patching.
 - Made the clearance controllers `unloadable` to stop constant loading errors in
   development mode.
 
@@ -852,6 +1051,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.5.6] - April 11, 2009
 
 ### Fixed
+
 - Step definition changed for "User should see error messages" so features won't
   fail for certain validations.
 
@@ -860,6 +1060,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.5.5] - March 23, 2009
 
 ### Fixed
+
 - Removing duplicate test to get rid of warning.
 
 [0.5.5]: https://github.com/thoughtbot/clearance/compare/v0.5.4...v0.5.5
@@ -867,6 +1068,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.5.4] - March 21, 2009
 
 ### Changed
+
 - When users fail logging in, redirect them instead of rendering.
 
 [0.5.4]: https://github.com/thoughtbot/clearance/compare/v0.5.3...v0.5.4
@@ -874,6 +1076,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.5.3] - March 5, 2009
 
 ### Changed
+
 - Clearance now works with (and requires) Shoulda 2.10.0.
 
 [0.5.3]: https://github.com/thoughtbot/clearance/compare/v0.5.2...v0.5.3
@@ -881,6 +1084,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.5.2] - March 2, 2009
 
 ### Added
+
 - Full compatible with Rails 2.3 (all tests pass)
 
 [0.5.2]: https://github.com/thoughtbot/clearance/compare/v0.5.1...v0.5.2
@@ -888,6 +1092,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.5.1] - February 27, 2009
 
 ### Changed
+
 - A user with unconfirmed email who resets password now confirms email.
 - Switch order of cookies and sessions to take advantage of Rails 2.3's
   "Rack-based lazy-loaded sessions",
@@ -895,6 +1100,7 @@ complete changelog, see the git history for each version via the version links.
   `application.rb` in Rails 2.3 apps.
 
 ### Fixed
+
 - Rack-based session change altered how to test remember me cookie.
 
 [0.5.1]: https://github.com/thoughtbot/clearance/compare/v0.5.0...v0.5.1
@@ -902,6 +1108,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.5.0] - February 27, 2009
 
 ### Fixed
+
 - Fixed problem with Cucumber features.
 - Fixed missing HTTP fluency use case.
 
@@ -910,10 +1117,12 @@ complete changelog, see the git history for each version via the version links.
 ## [0.4.9] - February 20, 2009
 
 ### Changed
+
 - Protect passwords & confirmations actions with forbidden filters.
 - Return 403 Forbidden status code in those cases.
 
 ### Security
+
 - Fixed bug that allowed anyone to edit another user's password.
 
 [0.4.9]: https://github.com/thoughtbot/clearance/compare/v0.4.8...v0.4.9
@@ -921,11 +1130,13 @@ complete changelog, see the git history for each version via the version links.
 ## [0.4.8] - February 16, 2009
 
 ### Added
+
 - Added documentation for the flash.
 - Generators `require 'test_helper'` instead of `File.join` for RR
   compatibility.
 
 ### Changed
+
 - Removed interpolated email address from flash message to make i18n easier.
 - Standardized flash messages that refer to email delivery.
 
@@ -934,6 +1145,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.4.7] - February 12, 2009
 
 ### Changed
+
 - Removed `Clearance::Test::TestHelper` so there is one less setup step.
 - All test helpers now in `shoulda_macros`.
 
@@ -942,6 +1154,7 @@ complete changelog, see the git history for each version via the version links.
 ## [0.4.6] - February 11, 2009
 
 ### Added
+
 - Created `Actions` and `PrivateMethods` modules on controllers for future RDoc
   reasons.
 
@@ -950,9 +1163,11 @@ complete changelog, see the git history for each version via the version links.
 ## [0.4.5] - February 9, 2009
 
 ### Added
+
 - Added password reset feature to `clearance_features` generator.
 
 ### Changed
+
 - Only store location for `session[:return_to]` for GET requests.
 - Audited "sign up" naming convention. "Register" had slipped in a few places.
 - Switched to `SHA1` encryption. Cypher doesn't matter much for email
@@ -960,6 +1175,7 @@ complete changelog, see the git history for each version via the version links.
   clients who line break on 72 chars.
 
 ### Removed
+
 - Removed email downcasing because local-part is case sensitive per
   RFC5321.
 - Removed unnecessary `session[:salt]`.
@@ -969,9 +1185,11 @@ complete changelog, see the git history for each version via the version links.
 ## [0.4.4] - February 2, 2009
 
 ### Added
+
 - Added a generator for Cucumber features.
 
 ### Changed
+
 - Standardized naming for "Sign up," "Sign in," and "Sign out".
 
 [0.4.4]: https://github.com/thoughtbot/clearance/compare/v0.3.7...v0.4.4