clearance 1.8.0 → 1.13.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/.travis.yml +24 -6
- data/.yardopts +6 -0
- data/Appraisals +12 -4
- data/CONTRIBUTING.md +4 -1
- data/Gemfile +2 -2
- data/Gemfile.lock +87 -85
- data/NEWS.md +672 -311
- data/README.md +185 -330
- data/app/controllers/clearance/passwords_controller.rb +25 -19
- data/app/controllers/clearance/sessions_controller.rb +17 -4
- data/app/controllers/clearance/users_controller.rb +10 -4
- data/app/mailers/clearance_mailer.rb +2 -3
- data/app/views/clearance_mailer/change_password.html.erb +6 -3
- data/app/views/clearance_mailer/change_password.text.erb +5 -0
- data/app/views/layouts/application.html.erb +2 -2
- data/app/views/passwords/create.html.erb +1 -1
- data/app/views/passwords/edit.html.erb +2 -2
- data/app/views/passwords/new.html.erb +2 -2
- data/app/views/sessions/_form.html.erb +2 -2
- data/app/views/sessions/new.html.erb +1 -1
- data/app/views/users/new.html.erb +2 -2
- data/bin/setup +6 -2
- data/config/locales/clearance.en.yml +6 -0
- data/db/migrate/20110111224543_create_clearance_users.rb +1 -1
- data/gemfiles/{rails3.2.gemfile → rails32.gemfile} +1 -1
- data/gemfiles/{rails4.0.gemfile → rails40.gemfile} +2 -2
- data/gemfiles/{rails4.1.gemfile → rails41.gemfile} +2 -2
- data/gemfiles/{rails4.2.gemfile → rails42.gemfile} +2 -2
- data/gemfiles/rails50.gemfile +19 -0
- data/lib/clearance/authentication.rb +52 -1
- data/lib/clearance/authorization.rb +47 -4
- data/lib/clearance/back_door.rb +1 -0
- data/lib/clearance/configuration.rb +127 -15
- data/lib/clearance/constraints/signed_in.rb +21 -0
- data/lib/clearance/constraints/signed_out.rb +12 -0
- data/lib/clearance/constraints.rb +12 -0
- data/lib/clearance/controller.rb +13 -0
- data/lib/clearance/default_sign_in_guard.rb +17 -0
- data/lib/clearance/engine.rb +24 -4
- data/lib/clearance/password_strategies/bcrypt.rb +9 -2
- data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +19 -0
- data/lib/clearance/password_strategies/blowfish.rb +17 -0
- data/lib/clearance/password_strategies/sha1.rb +17 -0
- data/lib/clearance/password_strategies.rb +13 -0
- data/lib/clearance/rack_session.rb +13 -0
- data/lib/clearance/rspec.rb +15 -4
- data/lib/clearance/session.rb +46 -1
- data/lib/clearance/session_status.rb +7 -0
- data/lib/clearance/sign_in_guard.rb +65 -0
- data/lib/clearance/test_unit.rb +3 -3
- data/lib/clearance/testing/controller_helpers.rb +44 -0
- data/lib/clearance/testing/deny_access_matcher.rb +35 -1
- data/lib/clearance/testing/helpers.rb +9 -25
- data/lib/clearance/testing/view_helpers.rb +32 -0
- data/lib/clearance/token.rb +7 -0
- data/lib/clearance/user.rb +159 -0
- data/lib/clearance/version.rb +1 -1
- data/lib/clearance.rb +2 -0
- data/lib/generators/clearance/install/install_generator.rb +13 -3
- data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb +3 -3
- data/lib/generators/clearance/install/templates/db/migrate/create_users.rb +2 -2
- data/lib/generators/clearance/routes/routes_generator.rb +23 -0
- data/lib/generators/clearance/routes/templates/routes.rb +7 -7
- data/lib/generators/clearance/specs/templates/features/clearance/user_signs_out_spec.rb.tt +1 -1
- data/lib/generators/clearance/specs/templates/features/clearance/visitor_resets_password_spec.rb.tt +12 -2
- data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_in_spec.rb.tt +1 -1
- data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_up_spec.rb.tt +1 -1
- data/lib/generators/clearance/specs/templates/features/clearance/visitor_updates_password_spec.rb.tt +1 -1
- data/spec/acceptance/clearance_installation_spec.rb +4 -1
- data/spec/app_templates/config/initializers/clearance.rb +2 -0
- data/spec/app_templates/testapp/app/controllers/home_controller.rb +5 -1
- data/spec/app_templates/testapp/config/initializers/action_mailer.rb +1 -3
- data/spec/clearance/controller_spec.rb +11 -0
- data/spec/clearance/rack_session_spec.rb +5 -5
- data/spec/clearance/testing/{helpers_spec.rb → controller_helpers_spec.rb} +12 -12
- data/spec/clearance/testing/view_helpers_spec.rb +37 -0
- data/spec/configuration_spec.rb +24 -0
- data/spec/controllers/apis_controller_spec.rb +6 -2
- data/spec/controllers/forgeries_controller_spec.rb +6 -1
- data/spec/controllers/passwords_controller_spec.rb +1 -11
- data/spec/controllers/permissions_controller_spec.rb +13 -3
- data/spec/controllers/sessions_controller_spec.rb +4 -4
- data/spec/dummy/app/controllers/application_controller.rb +5 -1
- data/spec/dummy/application.rb +4 -0
- data/spec/generators/clearance/install/install_generator_spec.rb +15 -3
- data/spec/generators/clearance/routes/routes_generator_spec.rb +5 -1
- data/spec/generators/clearance/views/views_generator_spec.rb +11 -10
- data/spec/helpers/helper_helpers_spec.rb +10 -0
- data/spec/mailers/clearance_mailer_spec.rb +13 -19
- data/spec/password_strategies/bcrypt_migration_from_sha1_spec.rb +6 -0
- data/spec/password_strategies/blowfish_spec.rb +6 -0
- data/spec/password_strategies/sha1_spec.rb +6 -0
- data/spec/spec_helper.rb +7 -0
- data/spec/support/generator_spec_helpers.rb +4 -0
- data/spec/support/http_method_shim.rb +23 -0
- data/spec/user_spec.rb +9 -0
- data/spec/views/view_helpers_spec.rb +10 -0
- metadata +19 -8
data/NEWS.md
CHANGED
@@ -1,506 +1,867 @@
|
|
1
|
-
|
1
|
+
# News
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
3
|
+
The noteworthy changes for each Clearance version are included here. For a
|
4
|
+
complete changelog, see the git history for each version via the version links.
|
5
|
+
|
6
|
+
## [1.13.0] - March 4, 2016
|
7
|
+
|
8
|
+
### Added
|
9
|
+
- Clearance now supports Rails 5.0.0.beta3 and newer.
|
10
|
+
|
11
|
+
### Fixed
|
12
|
+
- Clearance will now infer the parameter name to use when accessing user
|
13
|
+
parameters in a request. This previously used `:user`, which was incorrect for
|
14
|
+
customized user models.
|
15
|
+
- Generated feature specs no longer rely on RSpec monkey patches.
|
16
|
+
|
17
|
+
[1.13.0]: https://github.com/thoughtbot/clearance/compare/v1.12.1...v1.13.0
|
18
|
+
|
19
|
+
## [1.12.1] - January 7, 2016
|
20
|
+
|
21
|
+
### Fixed
|
22
|
+
- Fixed the `create_users` migration generated by `rails generate
|
23
|
+
clearance:install` under Rails 3.x.
|
24
|
+
|
25
|
+
[1.12.1]: https://github.com/thoughtbot/clearance/compare/v1.12.0...v1.12.1
|
26
|
+
|
27
|
+
## [1.12.0] - November 17, 2015
|
28
|
+
|
29
|
+
### Added
|
30
|
+
- Users will now see a flash message when redirected to sign in by
|
31
|
+
`require_login`. This I18n key for this message is
|
32
|
+
`flashes.failure_when_not_signed_in` and defaults to "Please sign in to
|
33
|
+
continue".
|
34
|
+
- Added significant API documentation. API documentation effort is ongoing.
|
35
|
+
|
36
|
+
### Fixed
|
37
|
+
- Fixed expectation in the generated `visitor_resets_password_spec.rb` file.
|
38
|
+
- Corrected indentation of routes inserted by the routes generator.
|
39
|
+
- Corrected indentation of `include Clearance::User` when the install generator
|
40
|
+
adds it to an existing user class.
|
41
|
+
|
42
|
+
[1.12.0]: https://github.com/thoughtbot/clearance/compare/v1.11.0...v1.12.0
|
43
|
+
|
44
|
+
## [1.11.0] - August 21, 2015
|
45
|
+
|
46
|
+
### Added
|
47
|
+
- Add `sign_in` and `sign_in_as` helper methods to view specs. These helpers
|
48
|
+
avoid errors from verified partial doubles that come from. See
|
49
|
+
[462c009].
|
50
|
+
|
51
|
+
### Fixed
|
52
|
+
- `clearance:routes` generator now properly disables internal routes in your
|
53
|
+
Clearance initializer.
|
54
|
+
- Clearance now accesses the cookie jar via ActionDispatch::Request rather than
|
55
|
+
`Rack::Request`. This is more consistent with what Rails does internally.
|
56
|
+
|
57
|
+
### Deprecated
|
58
|
+
- `Clearance::Testing::Helpers` has been deprecated in favor of
|
59
|
+
`Clearance::Testing::ControllerHelpers`. Most users are accessing these
|
60
|
+
helpers by requiring `clearance/rspec` or `clearance/test_unit` and should be
|
61
|
+
unaffected.
|
62
|
+
|
63
|
+
[462c009]: https://github.com/thoughtbot/clearance/commit/462c00965c14b2492500fbb4fecd7b84b9790bb9
|
64
|
+
[1.11.0]: https://github.com/thoughtbot/clearance/compare/v1.10.1...v1.11.0
|
65
|
+
|
66
|
+
## [1.10.1] - May 15, 2015
|
67
|
+
|
68
|
+
### Deprecated
|
69
|
+
- All clearance-provided password strategies other than BCrypt have been
|
70
|
+
deprecated. You can continue to use those strategies without a deprecation
|
71
|
+
warning by adding `clearance-deprecated_password_strategies` to your Gemfile.
|
72
|
+
|
73
|
+
[1.10.1]: https://github.com/thoughtbot/clearance/compare/v1.9.0...v1.10.1
|
74
|
+
|
75
|
+
## [1.9.0] - April 3, 2015
|
76
|
+
|
77
|
+
### Added
|
78
|
+
- The change password mailer now produces a multipart message which includes a
|
79
|
+
text part along with the previously existing HTML part. To override the text
|
80
|
+
part, add `change_password.text.erb` alongside your `change_password.html.erb`
|
81
|
+
file.
|
82
|
+
|
83
|
+
### Fixed
|
84
|
+
- Custom `user_model` configured in a Rails initializer will now be reloaded in
|
85
|
+
development mode.
|
86
|
+
- Change password template now contains "Change my password" link text to
|
87
|
+
address an issue linking the URL in some mail clients.
|
88
|
+
|
89
|
+
[1.9.0]: https://github.com/thoughtbot/clearance/compare/v1.8.1...v1.9.0
|
90
|
+
|
91
|
+
## [1.8.1] - March 3, 2015
|
92
|
+
|
93
|
+
### Security
|
94
|
+
- Enable cross-site request forgery protection on `sessions#create`. See
|
95
|
+
[7f5d56e](https://github.com/thoughtbot/clearance/commit/7f5d56ed3a51aca14fa60247a90ca0cd11db0e0d).
|
96
|
+
|
97
|
+
### Fixed
|
98
|
+
- All methods included by `Clearance::Controller` are now excluded from
|
99
|
+
`action_methods`.
|
100
|
+
|
101
|
+
[1.8.1]: https://github.com/thoughtbot/clearance/compare/v1.8.0...v1.8.1
|
102
|
+
|
103
|
+
## [1.8.0] - January 23, 2015
|
104
|
+
|
105
|
+
### Added
|
106
|
+
- The remember token cookie name is now customizable via
|
8
107
|
`Clearance.configuration.cookie_name`.
|
9
|
-
|
108
|
+
|
109
|
+
### Fixed
|
110
|
+
- Fixed a redirect loop on the sign in page for applications that are still
|
111
|
+
using the deprecated `authorize` filter.
|
112
|
+
- Signed in users that attempt to visit the sign in path are now redirected. The
|
10
113
|
redirect URL defaults to the same URL used for the redirect after sign in, but
|
11
114
|
can be customized by overriding `passwords_controller#url_for_signed_in_users`
|
12
|
-
|
115
|
+
|
116
|
+
### Deprecated
|
117
|
+
- `users_controller#avoid_sign_in` is now deprecated in favor of
|
13
118
|
`redirect_signed_in_users` which is more accurately named.
|
14
119
|
|
15
|
-
|
16
|
-
|
120
|
+
[1.8.0]: https://github.com/thoughtbot/clearance/compare/v1.7.0...v1.8.0
|
121
|
+
|
122
|
+
## [1.7.0] - January, 8, 2015
|
123
|
+
|
124
|
+
### Fixed
|
125
|
+
- Fix the negation of the `deny_access` matcher in Rails 4.0.x on Ruby 2.2
|
126
|
+
|
127
|
+
### Deprecated
|
128
|
+
- The `authorize` filter has been deprecated in favor of `require_login`. Update
|
17
129
|
all reference to the filter including any calls to `skip_before_filter` or
|
18
130
|
`skip_before_action`.
|
19
|
-
|
20
|
-
|
131
|
+
- The `Clearance.root` method has been deprecated. It was used internally and
|
132
|
+
unlikely to impact external users.
|
133
|
+
|
134
|
+
[1.7.0]: https://github.com/thoughtbot/clearance/compare/v1.6.1...v1.7.0
|
135
|
+
|
136
|
+
## [1.6.1] - January 6, 2015
|
137
|
+
|
138
|
+
### Fixed
|
139
|
+
- Secure cookies are no longer overwritten when the user visits a non-HTTPS URL.
|
21
140
|
|
22
|
-
|
23
|
-
* Secure cookies are no longer overwritten when the user visits a non-HTTPS URL.
|
141
|
+
[1.6.1]: https://github.com/thoughtbot/clearance/compare/v1.6.0...v1.6.1
|
24
142
|
|
25
|
-
|
26
|
-
|
143
|
+
## [1.6.0] - December 20, 2014
|
144
|
+
|
145
|
+
### Added
|
146
|
+
- When using Rails 4.2, password reset emails are sent with the
|
27
147
|
ActiveJob-compatible `#deliver_later` method.
|
28
148
|
|
29
|
-
|
30
|
-
|
31
|
-
|
149
|
+
[1.6.0]: https://github.com/thoughtbot/clearance/compare/v1.5.1...v1.6.0
|
150
|
+
|
151
|
+
## [1.5.1] - December 19, 2014
|
152
|
+
|
153
|
+
### Fixed
|
154
|
+
- Blowfish password strategy fixed
|
155
|
+
- Specs generated with `rails generate clearance:specs` now work properly in
|
32
156
|
RSpec 3 projects.
|
33
157
|
|
34
|
-
|
35
|
-
|
36
|
-
|
158
|
+
[1.5.1]: https://github.com/thoughtbot/clearance/compare/v1.5.0...v1.5.1
|
159
|
+
|
160
|
+
## [1.5.0] - October 17, 2014
|
161
|
+
|
162
|
+
### Added
|
163
|
+
- Disable clearance routes by setting `config.routes = false`.
|
164
|
+
- Running `rails generate clearance:routes` will dump the default set of
|
37
165
|
routes to your application's routes file for modification.
|
38
166
|
|
39
|
-
|
40
|
-
* Routing constraints act appropriately when session data is missing.
|
167
|
+
[1.5.0]: https://github.com/thoughtbot/clearance/compare/v1.4.3...v1.5.0
|
41
168
|
|
42
|
-
|
43
|
-
* Eliminate deprecation message when using DenyAccess matcher with RSpec 3.
|
169
|
+
## [1.4.3] - October 3, 2014
|
44
170
|
|
45
|
-
|
46
|
-
|
171
|
+
### Fixed
|
172
|
+
- Routing constraints act appropriately when session data is missing.
|
173
|
+
|
174
|
+
[1.4.3]: https://github.com/thoughtbot/clearance/compare/v1.4.2...v1.4.3
|
175
|
+
|
176
|
+
## [1.4.2] - September 13, 2014
|
177
|
+
|
178
|
+
### Fixed
|
179
|
+
- Eliminate deprecation message when using DenyAccess matcher with RSpec 3.
|
180
|
+
|
181
|
+
[1.4.2]: https://github.com/thoughtbot/clearance/compare/v1.4.1...v1.4.2
|
182
|
+
|
183
|
+
## [1.4.1] - September 5, 2014
|
184
|
+
|
185
|
+
### Fixed
|
186
|
+
- Prevent BCrypt strategy from raising an exception when `encypted_password`
|
47
187
|
is nil.
|
48
188
|
|
49
|
-
|
50
|
-
|
189
|
+
[1.4.1]: https://github.com/thoughtbot/clearance/compare/v1.4.0...v1.4.1
|
190
|
+
|
191
|
+
## [1.4.0] - July 18, 2014
|
192
|
+
|
193
|
+
### Added
|
194
|
+
- `user_params` method was added to `Clearance::UsersController` which provides
|
195
|
+
a convenient place to override the parameters used when creating users.
|
196
|
+
- Controllers now inherit from `Clearance::BaseController` to allow for easily
|
197
|
+
adding behavior to all of them.
|
198
|
+
|
199
|
+
### Changed
|
200
|
+
- The sign out link in the default application layout has been replaced with a
|
51
201
|
semantically correct sign out button. This also removes an unnecessary
|
52
202
|
JavaScript dependency.
|
53
|
-
|
203
|
+
|
204
|
+
### Fixed
|
205
|
+
- Clearance now uses `original_fullpath` when redirecting to a saved URL after
|
54
206
|
login. This should improve the behavior in mounted engines.
|
55
|
-
* `user_params` method was added to `Clearance::UsersController` which provides
|
56
|
-
a convenient place to override the parameters used when creating users.
|
57
|
-
* Controllers now inherit from `Clearance::BaseController` to allow for easily
|
58
|
-
adding behavior to all of them.
|
59
207
|
|
60
|
-
|
61
|
-
|
208
|
+
[1.4.0]: https://github.com/thoughtbot/clearance/compare/v1.3.0...v1.4.0
|
209
|
+
|
210
|
+
## [1.3.0] - March 14, 2014
|
211
|
+
|
212
|
+
### Added
|
213
|
+
- Installing Clearance with an existing User model will now create a migration
|
62
214
|
that includes adding remember tokens to all existing user records.
|
63
215
|
|
64
|
-
|
65
|
-
|
216
|
+
[1.3.0]: https://github.com/thoughtbot/clearance/compare/v1.2.1...v1.3.0
|
217
|
+
|
218
|
+
## [1.2.1] - March 6, 2014
|
219
|
+
|
220
|
+
### Fixed
|
221
|
+
- Query string is now included in the redirect URL when Clearance redirects to a
|
66
222
|
previously stored URL.
|
67
223
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
224
|
+
[1.2.1]: https://github.com/thoughtbot/clearance/compare/v1.2.0...v1.2.1
|
225
|
+
|
226
|
+
## [1.2.0] - February 28, 2014
|
227
|
+
|
228
|
+
### Added
|
229
|
+
- Support for Rails 4.1.0.rc1
|
230
|
+
- Sign in can now be disabled with `config.allow_sign_in = false`
|
231
|
+
|
232
|
+
### Changed
|
233
|
+
- Sign in failure message is now customized exclusively via I18n.
|
73
234
|
`SessionsController#flash_failure_after_create` is no longer called. To
|
74
235
|
customize the message, change the
|
75
236
|
`clearance.controllers.sessions.bad_email_or_password` or
|
76
237
|
`flashes.failure_after_create` key.
|
77
|
-
* Sign in can now be disabled with `config.allow_sign_in = false`
|
78
238
|
|
79
|
-
|
239
|
+
### Deprecated
|
240
|
+
- `clearance/testing` is now deprecated. Require `clearance/rspec` or
|
241
|
+
`clearance/test_unit` as appropriate.
|
242
|
+
|
243
|
+
[1.2.0]: https://github.com/thoughtbot/clearance/compare/v1.1.0...v1.2.0
|
244
|
+
|
245
|
+
## [1.1.0] - November 21, 2013
|
80
246
|
|
81
|
-
|
82
|
-
|
247
|
+
### Added
|
248
|
+
- Validate email with `EmailValidator` [strict mode][strict].
|
249
|
+
- The `cookie_expiration` configuration lambda can now be called with a
|
83
250
|
`cookies` parameter. Allows the Clearance cookie expiration to be set
|
84
251
|
according to the value of another cookie (such as `remember_me`).
|
85
|
-
|
86
|
-
|
87
|
-
* Allow cookie domain and path configuration.
|
88
|
-
* Add sign in guards.
|
89
|
-
* Don't allow logins with blank `remember_token`.
|
252
|
+
- Allow cookie domain and path configuration.
|
253
|
+
- Add sign in guards.
|
90
254
|
|
91
255
|
[strict]: https://github.com/balexand/email_validator#strict-mode
|
92
256
|
|
93
|
-
|
257
|
+
### Fixed
|
258
|
+
- Don't allow logins with blank `remember_token`.
|
259
|
+
|
260
|
+
### Deprecated
|
261
|
+
- A `cookie_expiration` lambda that does not accept this `cookies`
|
262
|
+
parameter has been deprecated.
|
94
263
|
|
95
|
-
|
264
|
+
[1.1.0]: https://github.com/thoughtbot/clearance/compare/v1.0.1...v1.1.0
|
96
265
|
|
97
|
-
|
266
|
+
## [1.0.1] - August 9, 2013
|
98
267
|
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
268
|
+
### Fixed
|
269
|
+
- Fix an issue when trying to sign in with `nil`
|
270
|
+
|
271
|
+
[1.0.1]: https://github.com/thoughtbot/clearance/compare/v1.0.0...v1.1.1
|
272
|
+
|
273
|
+
## [1.0.0] - August 1, 2013
|
274
|
+
|
275
|
+
### Added
|
276
|
+
- Support Rails 4.
|
277
|
+
- Speed up test suites using `::BCrypt::Engine::MIN_COST`.
|
278
|
+
- Speed up integration suites with `Clearance::BackDoor`.
|
279
|
+
- Provide `BCryptMigrationFromSHA1` password strategy to help people migrate from
|
105
280
|
SHA1 (the old default password strategy) to BCrypt (the new default).
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
281
|
+
- Support Ruby 2.
|
282
|
+
- More extension points in more controllers.
|
283
|
+
- Add `SignedIn` and `SignedOut` routing constraints.
|
284
|
+
- Add a fake password strategy, which is useful when writing tests.
|
285
|
+
- Add `redirect_url` configuration option.
|
286
|
+
- Add `secure_cookie` configuration option.
|
287
|
+
|
288
|
+
### Changed
|
289
|
+
- Change default password strategy to BCrypt.
|
290
|
+
- Replace email regular expression with `EmailValidator` gem.
|
291
|
+
- Require > Ruby 1.9.
|
292
|
+
- The `email`, `encrypted_password`, and `remember_token` fields of the users
|
110
293
|
table are `NOT NULL` in the default migration.
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
* Replace Cucumber feature generator with RSpec + Capybara.
|
115
|
-
* Remove Diesel dependency.
|
116
|
-
* Remove deprecated methods on User: `remember_me!`, `generate_random_code`,
|
117
|
-
`password_required?`.
|
118
|
-
* `PasswordsController` `params[:user]` has changed to `params[:password_reset]`
|
294
|
+
- Replace Cucumber feature generator with RSpec + Capybara.
|
295
|
+
- Remove Diesel dependency.
|
296
|
+
- `PasswordsController` `params[:user]` has changed to `params[:password_reset]`
|
119
297
|
to avoid locale conflicts.
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
298
|
+
|
299
|
+
### Fixed
|
300
|
+
- Improve security when changing password.
|
301
|
+
- Reduce extra user lookups when adding cookie to headers.
|
302
|
+
- Unauthorized API requests return HTTP status 401 rather than a redirect
|
125
303
|
to the sign in page.
|
126
|
-
* Remove support for supplying `return_to` value via request parameter.
|
127
|
-
* Reduce extra user lookups when adding cookie to headers.
|
128
304
|
|
129
|
-
|
305
|
+
### Removed
|
306
|
+
- Remove deprecated methods on User: `remember_me!`, `generate_random_code`,
|
307
|
+
`password_required?`.
|
308
|
+
- Remove `unloadable` from controllers (Rails 4 bug fix in development
|
309
|
+
environment).
|
310
|
+
- Remove support for supplying `return_to` value via request parameter.
|
311
|
+
|
312
|
+
[1.0.0]: https://github.com/thoughtbot/clearance/compare/v0.16.2...v1.0.0
|
313
|
+
|
314
|
+
## [0.16.2] - May 11, 2012
|
130
315
|
|
131
|
-
|
316
|
+
### Changed
|
317
|
+
- Change default email sender to `deploy@example.com`.
|
132
318
|
|
133
|
-
|
319
|
+
[0.16.2]: https://github.com/thoughtbot/clearance/compare/v0.16.1...v0.16.2
|
134
320
|
|
135
|
-
|
321
|
+
## [0.16.1] - April 16, 2012
|
322
|
+
|
323
|
+
### Fixed
|
324
|
+
- Behave correctly when Rails whitelist attributes mass assignment
|
136
325
|
protection is turned on.
|
137
|
-
|
326
|
+
- Fix for Rails 3.2.x modifying the HTTP cookie headers in rack requests.
|
327
|
+
|
328
|
+
[0.16.1]: https://github.com/thoughtbot/clearance/compare/v0.16.0...v0.16.1
|
329
|
+
|
330
|
+
## [0.16.0] - March 16, 2012
|
331
|
+
|
332
|
+
### Added
|
333
|
+
- Blowfish password encryption strategy.
|
334
|
+
|
335
|
+
[0.16.0]: https://github.com/thoughtbot/clearance/compare/v0.15.0...v0.16.0
|
138
336
|
|
139
|
-
|
337
|
+
## [0.15.0] - February 3, 2012
|
140
338
|
|
141
|
-
|
339
|
+
### Added
|
340
|
+
- The `User` model can be swapped out using the `Clearance.configure` method.
|
142
341
|
|
143
|
-
|
342
|
+
### Removed
|
343
|
+
- Remove `User::InstanceMethods` to silence a Rails 3.2 deprecation warning.
|
144
344
|
|
145
|
-
|
146
|
-
* Remove `User::InstanceMethods` to silence a Rails 3.2 deprecation warning.
|
147
|
-
* Bump development dependency of cucumber-rails to 1.1.1.
|
345
|
+
[0.15.0]: https://github.com/thoughtbot/clearance/compare/v0.14.0...v0.15.0
|
148
346
|
|
149
|
-
|
347
|
+
## [0.14.0] - January 13, 2012
|
150
348
|
|
151
|
-
|
349
|
+
### Added
|
350
|
+
- Support clearance session management from the Rack environment.
|
152
351
|
|
153
|
-
|
352
|
+
[0.14.0]: https://github.com/thoughtbot/clearance/compare/v0.13.2...v0.14.0
|
154
353
|
|
155
|
-
|
354
|
+
## [0.13.2] - January 13, 2012
|
156
355
|
|
157
|
-
|
356
|
+
### Fixed
|
357
|
+
- Fixed the `deny_access` matcher.
|
158
358
|
|
159
|
-
|
359
|
+
[0.13.2]: https://github.com/thoughtbot/clearance/compare/v0.13.0...v0.13.2
|
360
|
+
|
361
|
+
## [0.13.0] - October 11, 2011
|
362
|
+
|
363
|
+
### Changed
|
364
|
+
- In Clearance's optional generated features, use pure Capybara instead of
|
160
365
|
depending on Cucumber's removed `web_steps`, paths, and selectors.
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
366
|
+
- Extract SHA-1-specific code out of `User` into `PasswordStrategies` module.
|
367
|
+
- Extract sign in form so that other methods can be added easily.
|
368
|
+
- Test against Rails 3.1. Required upgrades to Diesel and Appraisal.
|
369
|
+
|
370
|
+
[0.13.0]: https://github.com/thoughtbot/clearance/compare/v0.12.0...v0.13.0
|
371
|
+
|
372
|
+
## [0.12.0] - June 30, 2011
|
373
|
+
|
374
|
+
### Changed
|
375
|
+
- Denying access redirects to `root_url` when signed in, `sign_in_url` when
|
376
|
+
signed out.
|
377
|
+
- Using flash `:notice` key everywhere now instead of `:success` and `:failure`.
|
378
|
+
More in line with Rails conventions.
|
379
|
+
- `redirect_back_or` on sign up.
|
380
|
+
- Resetting password no longer redirects to sign in page. It displays a message
|
174
381
|
telling them to look for an email.
|
175
|
-
|
382
|
+
- Removed redundant flash messages. ("Signed in.", "Signed out.", and "You are
|
176
383
|
now signed up.")
|
177
384
|
|
178
|
-
|
385
|
+
[0.12.0]: https://github.com/thoughtbot/clearance/compare/v0.11.2...v0.12.0
|
386
|
+
|
387
|
+
## [0.11.2] - June 29, 2011
|
179
388
|
|
180
|
-
|
181
|
-
|
182
|
-
|
389
|
+
### Added
|
390
|
+
- Rails 3.1.rc compatible.
|
391
|
+
- RSpec and Test::Unit compliant test matcher (`should deny_access`, etc)
|
392
|
+
|
393
|
+
### Removed
|
394
|
+
- No more Clearance `shoulda_macros`. Instead providing RSpec and
|
183
395
|
Test::Unit-compliant test matchers (`should deny_access`, etc).
|
184
396
|
|
185
|
-
|
397
|
+
[0.11.2]: https://github.com/thoughtbot/clearance/compare/v0.11.1...v0.11.2
|
186
398
|
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
399
|
+
## [0.11.1] - April 30, 2011
|
400
|
+
|
401
|
+
### Added
|
402
|
+
- Redirect to home page after sign up.
|
403
|
+
|
404
|
+
### Fixed
|
405
|
+
- Removing `:case_sensitive` option from `validates_uniqueness_of`. It was
|
192
406
|
unnecessary and causes a small performance problem on some apps.
|
193
|
-
* Only development dependency in `gemspec` should be `bundler`. All others are
|
194
|
-
derived by bundling.
|
195
407
|
|
196
|
-
|
408
|
+
### Removed
|
409
|
+
- Remove dependency on `dynamic_form`. Replaced with flashes due to limited number
|
410
|
+
of failure cases.
|
411
|
+
|
412
|
+
[0.11.1]: https://github.com/thoughtbot/clearance/compare/v0.11.0...v0.11.1
|
413
|
+
|
414
|
+
## [0.11.0] - April 24, 2011
|
197
415
|
|
198
|
-
|
199
|
-
|
200
|
-
* New `controller#authenticate(params)` method. Redefine username & password or
|
416
|
+
### Added
|
417
|
+
- New `controller#authenticate(params)` method. Redefine username & password or
|
201
418
|
other styles of authentication.
|
202
|
-
|
419
|
+
|
420
|
+
### Changed
|
421
|
+
- `before_filter :authenticate` API replaced with more aptly-named `before_filter
|
203
422
|
:authorize`.
|
204
423
|
|
205
|
-
|
424
|
+
### Removed
|
425
|
+
- Removing password confirmation.
|
426
|
+
|
427
|
+
[0.11.0]: https://github.com/thoughtbot/clearance/compare/v0.10.5...v0.11.0
|
428
|
+
|
429
|
+
## [0.10.5] - April 19, 2011
|
430
|
+
|
431
|
+
### Security
|
432
|
+
- Closing CSRF hole for Rails >= 3.0.4 apps.
|
433
|
+
|
434
|
+
[0.10.5]: https://github.com/thoughtbot/clearance/compare/v0.10.4...v0.10.5
|
435
|
+
|
436
|
+
## [0.10.4] - April 16, 2011
|
437
|
+
|
438
|
+
### Added
|
439
|
+
- Use HTML5 email fields.
|
440
|
+
|
441
|
+
### Changed
|
442
|
+
- Emails forced to be downcased (particularly for iPhone user case).
|
443
|
+
|
444
|
+
### Fixed
|
445
|
+
- Password reset requires a password.
|
206
446
|
|
207
|
-
|
447
|
+
### Removed
|
448
|
+
- Formtastic views generator removed.
|
208
449
|
|
209
|
-
|
450
|
+
[0.10.4]: https://github.com/thoughtbot/clearance/compare/v0.10.3.2...v0.10.4
|
210
451
|
|
211
|
-
|
212
|
-
* Emails forced to be downcased (particularly for iPhone user case).
|
213
|
-
* Suite converted from test/unit to RSpec.
|
214
|
-
* Password reset requires a password.
|
215
|
-
* Use HTML5 email fields.
|
452
|
+
## [0.10.3.2] - March 6, 2011
|
216
453
|
|
217
|
-
|
454
|
+
### Fixed
|
455
|
+
- Fix gemspec to include all necessary files.
|
218
456
|
|
219
|
-
|
457
|
+
[0.10.3.2]: https://github.com/thoughtbot/clearance/compare/v0.10.3.1...v0.10.3.2
|
220
458
|
|
221
|
-
|
459
|
+
## [0.10.3.1] - February 20, 2011
|
222
460
|
|
223
|
-
|
461
|
+
### Fixed
|
462
|
+
- Ensure everything within features inside any engine directory is included in
|
224
463
|
the `gemspec`.
|
225
464
|
|
226
|
-
|
465
|
+
[0.10.3.1]: https://github.com/thoughtbot/clearance/compare/v0.10.3...v0.10.3.1
|
227
466
|
|
228
|
-
|
467
|
+
## [0.10.3] - February 19, 2011
|
468
|
+
|
469
|
+
### Fixed
|
470
|
+
- Include features/engines in `gemspec` file list so generator works as
|
229
471
|
expected.
|
230
472
|
|
231
|
-
|
473
|
+
[0.10.3]: https://github.com/thoughtbot/clearance/compare/v0.10.2...v0.10.3
|
232
474
|
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
* When Clearance installed in an app that already has users, allow old users to
|
475
|
+
## [0.10.2] - February 18, 2011
|
476
|
+
|
477
|
+
### Added
|
478
|
+
- New generator command: `rails generate clearance:install`.
|
479
|
+
- When Clearance installed in an app that already has users, allow old users to
|
239
480
|
sign in by resetting their password.
|
240
481
|
|
241
|
-
|
482
|
+
### Changed
|
483
|
+
- Step definitions are now prefixed with `visitor_` to use thoughtbot
|
484
|
+
convention.
|
485
|
+
|
486
|
+
[0.10.2]: https://github.com/thoughtbot/clearance/compare/v0.10.1...v0.10.2
|
487
|
+
|
488
|
+
## [0.10.1] - February 9, 2011
|
242
489
|
|
243
|
-
|
244
|
-
|
490
|
+
### Fixed
|
491
|
+
- Replaced `ActionController::Forbidden` with a user-friendly flash message.
|
245
492
|
|
246
|
-
|
493
|
+
[0.10.1]: https://github.com/thoughtbot/clearance/compare/v0.10.0...v0.10.1
|
247
494
|
|
248
|
-
|
249
|
-
|
495
|
+
## [0.10.0] - June 29, 2010
|
496
|
+
|
497
|
+
### Added
|
498
|
+
- Better email validation regular expression.
|
499
|
+
|
500
|
+
### Removed
|
501
|
+
- Removed email confirmation step, was mostly a hassle and can always be added
|
250
502
|
back in at the application level (instead of engine level) if necessary.
|
251
|
-
|
503
|
+
- Removed `disable_with` on forms since it does not allow IE users to submit
|
252
504
|
forms. [Read more](https://github.com/rails/jquery-ujs/issues#issue/30).
|
253
505
|
|
254
|
-
|
506
|
+
[0.10.0]: https://github.com/thoughtbot/clearance/compare/v0.9.1...v0.10.0
|
507
|
+
|
508
|
+
## [0.9.1] - June 29, 2010
|
509
|
+
|
510
|
+
### Added
|
511
|
+
- This release supports Rails 3, capybara, and shoulda 2.10+.
|
512
|
+
|
513
|
+
[0.9.1]: https://github.com/thoughtbot/clearance/compare/v0.9.0...v0.9.1
|
255
514
|
|
256
|
-
|
515
|
+
## [0.9.0] - June 11, 2010
|
257
516
|
|
258
|
-
|
517
|
+
### Added
|
518
|
+
- Allow customization of cookie duration.
|
259
519
|
|
260
|
-
|
261
|
-
|
262
|
-
* `rake generator:cleanup` needed to be... cleaned up.
|
520
|
+
### Changed
|
521
|
+
- Removed unnecessary db index.
|
263
522
|
|
264
|
-
|
523
|
+
[0.9.0]: https://github.com/thoughtbot/clearance/compare/v0.8.8...v0.9.0
|
265
524
|
|
266
|
-
|
525
|
+
## [0.8.8] - February 25, 2010
|
267
526
|
|
268
|
-
|
527
|
+
### Fixed
|
528
|
+
- Fixed `sign_in` and `sign_out` not setting `current_user`.
|
269
529
|
|
270
|
-
|
271
|
-
|
530
|
+
[0.8.8]: https://github.com/thoughtbot/clearance/compare/v0.8.7...v0.8.8
|
531
|
+
|
532
|
+
## [0.8.7] - February 21, 2010
|
533
|
+
|
534
|
+
### Fixed
|
535
|
+
- Fixed global sign out bug.
|
536
|
+
- Allow Rails apps to `before_filter :authenticate` the entire app
|
272
537
|
in `ApplicationController` and still have password recovery work without
|
273
538
|
overriding any controllers.
|
274
|
-
|
539
|
+
- Rails 3 fix for `ActionController`/`ActionDispatch` change.
|
540
|
+
|
541
|
+
[0.8.7]: https://github.com/thoughtbot/clearance/compare/v0.8.6...v0.8.7
|
275
542
|
|
276
|
-
|
543
|
+
## [0.8.6] - February 17, 2010
|
544
|
+
|
545
|
+
### Added
|
546
|
+
- Allow overridden user models to skip email/password validations
|
547
|
+
conditionally. This makes username/facebook integration easier.
|
277
548
|
|
278
|
-
|
279
|
-
|
549
|
+
### Fixed
|
550
|
+
- Clearance features capitalization should match view text.
|
551
|
+
- Skip `:authenticate before_filter` in controllers so apps can easily
|
280
552
|
authenticate a whole site without subclassing.
|
281
|
-
|
282
|
-
|
553
|
+
- Added randomness to token and salt generation,
|
554
|
+
- Reset the `remember_token` on sign out instead of sign in. Allows for the same
|
283
555
|
user to sign in from two locations at once.
|
284
|
-
|
285
|
-
* Allow overridden user models to skip email/password validations
|
286
|
-
conditionally. This makes username/facebook integration easier.
|
556
|
+
- Append the version number to generated update migrations.
|
287
557
|
|
288
|
-
|
558
|
+
[0.8.6]: https://github.com/thoughtbot/clearance/compare/v0.8.5...v0.8.6
|
289
559
|
|
290
|
-
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
295
|
-
|
296
|
-
* Use `Clearance.configure` block to set mailer sender instead of `DO_NOT_REPLY`
|
560
|
+
## [0.8.5] - January 20, 2010
|
561
|
+
|
562
|
+
### Changed
|
563
|
+
- Removed `attr_accessible` from `Clearance::User`.
|
564
|
+
- Remove dependency on `root_path`, use `'/'` instead.
|
565
|
+
- Use `Clearance.configure` block to set mailer sender instead of `DO_NOT_REPLY`
|
297
566
|
constant.
|
298
567
|
|
299
|
-
|
568
|
+
### Fixed
|
569
|
+
- Replaced routing hack with `Clearance::Routes.draw(map)` to give more control
|
570
|
+
to the application developer.
|
571
|
+
- Fixed bug in password reset feature.
|
572
|
+
|
573
|
+
[0.8.5]: https://github.com/thoughtbot/clearance/compare/v0.8.4...v0.8.5
|
300
574
|
|
301
|
-
|
302
|
-
* Reference gemcutter (not github) as the gem source in README.
|
303
|
-
* Add IRC, rdoc.info links to README.
|
304
|
-
* Move user confirmation email trigger into model.
|
575
|
+
## [0.8.4] - December 08, 2009
|
305
576
|
|
306
|
-
|
577
|
+
### Fixed
|
578
|
+
- Remove unnecessary `require 'factory_girl'` in generator.
|
307
579
|
|
308
|
-
|
309
|
-
* Avoid possible collisions in the remember me token.
|
580
|
+
[0.8.4]: https://github.com/thoughtbot/clearance/compare/v0.8.3...v0.8.4
|
310
581
|
|
311
|
-
|
582
|
+
## [0.8.3] - September 21, 2009
|
312
583
|
|
313
|
-
|
314
|
-
|
584
|
+
### Fixed
|
585
|
+
- Avoid possible collisions in the remember me token.
|
315
586
|
|
316
|
-
|
587
|
+
[0.8.3]: https://github.com/thoughtbot/clearance/compare/v0.8.2...v0.8.3
|
317
588
|
|
318
|
-
|
319
|
-
`remember?` and `forget_me!` user instance methods.
|
589
|
+
## [0.8.2] - September 01, 2009
|
320
590
|
|
321
|
-
|
591
|
+
### Added
|
592
|
+
- `current_user= accessor` method.
|
593
|
+
- Set `current_user` in `sign_in`.
|
322
594
|
|
323
|
-
|
595
|
+
[0.8.2]: https://github.com/thoughtbot/clearance/compare/v0.8.1...v0.8.2
|
596
|
+
|
597
|
+
## [0.8.1] - August 31, 2009
|
598
|
+
|
599
|
+
### Changed
|
600
|
+
- Removed unnecessary `remember_token_expires_at` column.
|
601
|
+
|
602
|
+
### Removed
|
603
|
+
- Removed `remember?` and `forget_me!` user instance methods.
|
604
|
+
|
605
|
+
[0.8.1]: https://github.com/thoughtbot/clearance/compare/v0.8.0...v0.8.1
|
606
|
+
|
607
|
+
## [0.8.0] - August 31, 2009
|
608
|
+
|
609
|
+
### Added
|
610
|
+
- Documented `Clearance::Authentication` with YARD.
|
611
|
+
- Documented `Clearance::User` with YARD.
|
612
|
+
|
613
|
+
### Changed
|
614
|
+
- Always remember me. Replaced session-and-remember-me authentication with
|
324
615
|
always using a cookie with a long timeout.
|
325
|
-
* Documented `Clearance::Authentication` with YARD.
|
326
|
-
* Documented `Clearance::User` with YARD.
|
327
616
|
|
328
|
-
|
617
|
+
[0.8.0]: https://github.com/thoughtbot/clearance/compare/v0.7.0...v0.8.0
|
618
|
+
|
619
|
+
## [0.7.0] - August 4, 2009
|
329
620
|
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
* Added `clearance_views` generator. By default, creates formtastic views which
|
621
|
+
### Added
|
622
|
+
- Added `signed_out?` convenience method for controllers, helpers, views.
|
623
|
+
- Added `clearance_views` generator. By default, creates formtastic views which
|
334
624
|
pass all tests and features.
|
335
625
|
|
336
|
-
|
626
|
+
### Fixed
|
627
|
+
- Redirect signed in user who clicks confirmation link again.
|
628
|
+
- Redirect signed out user who clicks confirmation link again.
|
629
|
+
|
630
|
+
[0.7.0]: https://github.com/thoughtbot/clearance/compare/v0.6.9...v0.7.0
|
631
|
+
|
632
|
+
## [0.6.9] - July 4, 2009
|
633
|
+
|
634
|
+
### Added
|
635
|
+
- Added timestamps to create users migration.
|
636
|
+
- Ready for Ruby 1.9.
|
337
637
|
|
338
|
-
|
339
|
-
* Ready for Ruby 1.9.
|
638
|
+
[0.6.9]: https://github.com/thoughtbot/clearance/compare/v0.6.8...v0.6.9
|
340
639
|
|
341
|
-
|
640
|
+
## [0.6.8] - June 24, 2009
|
342
641
|
|
343
|
-
|
642
|
+
### Fixed
|
643
|
+
- Added `defined?` checks for various Rails constants such as `ActionController`
|
344
644
|
for easier unit testing of Clearance extensions... particularly `ActiveRecord`
|
345
645
|
extensions... `particularly strong_password`.
|
346
646
|
|
347
|
-
|
647
|
+
[0.6.8]: https://github.com/thoughtbot/clearance/compare/v0.6.7...v0.6.8
|
348
648
|
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
649
|
+
## [0.6.7] - June 13, 2009
|
650
|
+
|
651
|
+
### Added
|
652
|
+
- Added `sign_up`, `sign_in`, `sign_out` named routes.
|
653
|
+
- `flash_success_after_create`, `flash_notice_after_create`,
|
353
654
|
`flash_failure_after_create`, `flash_sucess_after_update`,
|
354
655
|
`flash_success_after_destroy`, etc.
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
656
|
+
- Added `#create` to forbidden `before_filters` on confirmations controller.
|
657
|
+
|
658
|
+
### Fixed
|
659
|
+
- `should_be_signed_in_as` shouldn't look in the session.
|
660
|
+
|
661
|
+
### Deprecated
|
662
|
+
- Deprecated `sign_user_in`. Told developers to use `sign_in` instead.
|
359
663
|
|
360
|
-
|
664
|
+
[0.6.7]: https://github.com/thoughtbot/clearance/compare/v0.6.6...v0.6.7
|
361
665
|
|
362
|
-
|
666
|
+
## [0.6.6] - May 18, 2009
|
667
|
+
|
668
|
+
### Fixed
|
669
|
+
- replaced `class_eval` in `Clearance::User` with modules. This was needed
|
363
670
|
so we could write our own validations.
|
364
671
|
|
365
|
-
|
672
|
+
[0.6.6]: https://github.com/thoughtbot/clearance/compare/v0.6.5...v0.6.6
|
673
|
+
|
674
|
+
## [0.6.5] - May 17, 2009
|
675
|
+
|
676
|
+
### Added
|
677
|
+
- Make Clearance i18n aware.
|
366
678
|
|
367
|
-
|
679
|
+
[0.6.5]: https://github.com/thoughtbot/clearance/compare/v0.6.4...v0.6.5
|
368
680
|
|
369
|
-
|
681
|
+
## [0.6.4] - May 12, 2009
|
370
682
|
|
371
|
-
|
372
|
-
|
373
|
-
|
374
|
-
* Replacing `sign_in_as` & `sign_out` shoulda macros with a stubbing (requires no
|
375
|
-
dependency) approach. this will avoid dealing with the internals of
|
683
|
+
### Changed
|
684
|
+
- Replacing `sign_in_as` & `sign_out` shoulda macros with a stubbing (requires no
|
685
|
+
dependency) approach. This will avoid dealing with the internals of
|
376
686
|
`current_user`, such as session & cookies. Added `sign_in` macro which signs in an
|
377
687
|
email confirmed user from clearance's factories.
|
378
|
-
|
688
|
+
- Move private methods on sessions controller into `Clearance::Authentication`
|
379
689
|
module.
|
380
|
-
|
690
|
+
- Audited flash keys.
|
381
691
|
|
382
|
-
|
692
|
+
[0.6.4]: https://github.com/thoughtbot/clearance/compare/v0.6.3...v0.6.4
|
383
693
|
|
384
|
-
|
694
|
+
## [0.6.3] - April 23, 2009
|
695
|
+
|
696
|
+
### Fixed
|
697
|
+
- Scoping `ClearanceMailer` properly within controllers so it works in
|
385
698
|
production environments.
|
386
699
|
|
387
|
-
|
700
|
+
[0.6.3]: https://github.com/thoughtbot/clearance/compare/v0.6.2...v0.6.3
|
701
|
+
|
702
|
+
## [0.6.2] - April 22, 2009
|
703
|
+
|
704
|
+
### Added
|
705
|
+
- Insert `Clearance::User` into User model if it exists.
|
388
706
|
|
389
|
-
|
390
|
-
* `World(NavigationHelpers)` Cucumber 3.0 style.
|
707
|
+
[0.6.2]: https://github.com/thoughtbot/clearance/compare/v0.6.1...v0.6.2
|
391
708
|
|
392
|
-
|
709
|
+
## [0.6.1] - April 21, 2009
|
393
710
|
|
394
|
-
|
711
|
+
### Changed
|
712
|
+
- Scope operators are necessary to keep Rails happy. Reverting the original
|
395
713
|
revert so they're back in the library now for constants referenced inside of
|
396
714
|
the gem.
|
397
715
|
|
398
|
-
|
716
|
+
[0.6.1]: https://github.com/thoughtbot/clearance/compare/v0.6.0...v0.6.1
|
399
717
|
|
400
|
-
|
401
|
-
|
402
|
-
|
403
|
-
|
404
|
-
|
405
|
-
|
718
|
+
## [0.6.0] - April 21, 2009
|
719
|
+
|
720
|
+
### Changed
|
721
|
+
- Converted Clearance to a Rails engine.
|
722
|
+
- Include `Clearance::User` in User model in app.
|
723
|
+
- Include `Clearance::Authentication` in `ApplicationController`.
|
724
|
+
- Namespace controllers under `Clearance` module.
|
725
|
+
- Routes move to engine, use namespaced controllers but publicly the same.
|
726
|
+
- If you want to override a controller, subclass it like `SessionsController <
|
406
727
|
Clearance::SessionsController`. This gives you access to usual hooks such as
|
407
728
|
`url_after_create`.
|
408
|
-
|
729
|
+
- Controllers, mailer, model, routes all unit tested inside engine. Use
|
409
730
|
`script/generate clearance_features` to test integration of Clearance with your
|
410
731
|
Rails app. No longer including modules in your app's test files.
|
411
|
-
|
412
|
-
|
732
|
+
- Moved views to engine.
|
733
|
+
- Converted generated `test/factories/clearance.rb` to use inheritence for
|
413
734
|
`email_confirmed_user`.
|
414
|
-
|
415
|
-
|
416
|
-
|
417
|
-
* Made the clearance controllers `unloadable` to stop constant loading errors in
|
735
|
+
- Corrected some spelling errors with methods.
|
736
|
+
- Loading clearance routes after rails routes via some monkeypatching.
|
737
|
+
- Made the clearance controllers `unloadable` to stop constant loading errors in
|
418
738
|
development mode.
|
419
739
|
|
420
|
-
|
740
|
+
[0.6.0]: https://github.com/thoughtbot/clearance/compare/v0.5.6...v0.6.0
|
741
|
+
|
742
|
+
## [0.5.6] - April 11, 2009
|
421
743
|
|
422
|
-
|
744
|
+
### Fixed
|
745
|
+
- Step definition changed for "User should see error messages" so features won't
|
423
746
|
fail for certain validations.
|
424
747
|
|
425
|
-
|
748
|
+
[0.5.6]: https://github.com/thoughtbot/clearance/compare/v0.5.5...v0.5.6
|
426
749
|
|
427
|
-
|
750
|
+
## [0.5.5] - March 23, 2009
|
428
751
|
|
429
|
-
|
752
|
+
### Fixed
|
753
|
+
- Removing duplicate test to get rid of warning.
|
430
754
|
|
431
|
-
|
755
|
+
[0.5.5]: https://github.com/thoughtbot/clearance/compare/v0.5.4...v0.5.5
|
432
756
|
|
433
|
-
|
757
|
+
## [0.5.4] - March 21, 2009
|
434
758
|
|
435
|
-
|
436
|
-
|
759
|
+
### Changed
|
760
|
+
- When users fail logging in, redirect them instead of rendering.
|
437
761
|
|
438
|
-
|
762
|
+
[0.5.4]: https://github.com/thoughtbot/clearance/compare/v0.5.3...v0.5.4
|
439
763
|
|
440
|
-
|
764
|
+
## [0.5.3] - March 5, 2009
|
441
765
|
|
442
|
-
|
766
|
+
### Changed
|
767
|
+
- Clearance now works with (and requires) Shoulda 2.10.0.
|
443
768
|
|
444
|
-
|
445
|
-
|
446
|
-
|
447
|
-
|
769
|
+
[0.5.3]: https://github.com/thoughtbot/clearance/compare/v0.5.2...v0.5.3
|
770
|
+
|
771
|
+
## [0.5.2] - March 2, 2009
|
772
|
+
|
773
|
+
### Added
|
774
|
+
- Full compatible with Rails 2.3 (all tests pass)
|
775
|
+
|
776
|
+
[0.5.2]: https://github.com/thoughtbot/clearance/compare/v0.5.1...v0.5.2
|
777
|
+
|
778
|
+
## [0.5.1] - February 27, 2009
|
779
|
+
|
780
|
+
### Changed
|
781
|
+
- A user with unconfirmed email who resets password now confirms email.
|
782
|
+
- Switch order of cookies and sessions to take advantage of Rails 2.3's
|
448
783
|
"Rack-based lazy-loaded sessions",
|
449
|
-
|
784
|
+
- Altered generator to interact with `application_controller.rb` instead of
|
450
785
|
`application.rb` in Rails 2.3 apps.
|
451
|
-
* Bug fix. Rack-based session change altered how to test remember me cookie.
|
452
786
|
|
453
|
-
|
787
|
+
### Fixed
|
788
|
+
- Rack-based session change altered how to test remember me cookie.
|
789
|
+
|
790
|
+
[0.5.1]: https://github.com/thoughtbot/clearance/compare/v0.5.0...v0.5.1
|
791
|
+
|
792
|
+
## [0.5.0] - February 27, 2009
|
793
|
+
|
794
|
+
### Fixed
|
795
|
+
- Fixed problem with Cucumber features.
|
796
|
+
- Fixed missing HTTP fluency use case.
|
797
|
+
|
798
|
+
[0.5.0]: https://github.com/thoughtbot/clearance/compare/v0.4.9...v0.5.0
|
799
|
+
|
800
|
+
## [0.4.9] - February 20, 2009
|
801
|
+
|
802
|
+
### Changed
|
803
|
+
- Protect passwords & confirmations actions with forbidden filters.
|
804
|
+
- Return 403 Forbidden status code in those cases.
|
454
805
|
|
455
|
-
|
456
|
-
|
457
|
-
* Refactored `User#update_password` to take just parameters it needs.
|
458
|
-
* Refactored `User` unit tests to be more readable.
|
806
|
+
### Security
|
807
|
+
- Fixed bug that allowed anyone to edit another user's password.
|
459
808
|
|
460
|
-
|
809
|
+
[0.4.9]: https://github.com/thoughtbot/clearance/compare/v0.4.8...v0.4.9
|
461
810
|
|
462
|
-
|
463
|
-
* Return 403 Forbidden status code in those cases.
|
464
|
-
* Test 403 Forbidden status code in Cucumber feature.
|
465
|
-
* Raise custom `ActionController::Forbidden` error internally.
|
466
|
-
* Test `ActionController::Forbidden` error is raised in functional test.
|
467
|
-
* Fixed bug that allowed anyone to edit another user's password.
|
468
|
-
* Required Factory Girl >= 1.2.0.
|
811
|
+
## [0.4.8] - February 16, 2009
|
469
812
|
|
470
|
-
|
813
|
+
### Added
|
814
|
+
- Added documentation for the flash.
|
815
|
+
- Generators `require 'test_helper'` instead of `File.join` for RR
|
816
|
+
compatibility.
|
471
817
|
|
472
|
-
|
473
|
-
|
474
|
-
|
475
|
-
* Removed interpolated email address from flash message to make i18n easier.
|
476
|
-
* Standardized flash messages that refer to email delivery.
|
818
|
+
### Changed
|
819
|
+
- Removed interpolated email address from flash message to make i18n easier.
|
820
|
+
- Standardized flash messages that refer to email delivery.
|
477
821
|
|
478
|
-
|
822
|
+
[0.4.8]: https://github.com/thoughtbot/clearance/compare/v0.4.7...v0.4.8
|
479
823
|
|
480
|
-
|
481
|
-
* All test helpers now in `shoulda_macros`.
|
824
|
+
## [0.4.7] - February 12, 2009
|
482
825
|
|
483
|
-
|
826
|
+
### Changed
|
827
|
+
- Removed `Clearance::Test::TestHelper` so there is one less setup step.
|
828
|
+
- All test helpers now in `shoulda_macros`.
|
484
829
|
|
485
|
-
|
486
|
-
|
830
|
+
[0.4.7]: https://github.com/thoughtbot/clearance/compare/v0.4.7...v0.4.7
|
831
|
+
|
832
|
+
## [0.4.6] - February 11, 2009
|
833
|
+
|
834
|
+
### Added
|
835
|
+
- Created `Actions` and `PrivateMethods` modules on controllers for future RDoc
|
487
836
|
reasons.
|
488
837
|
|
489
|
-
|
838
|
+
[0.4.6]: https://github.com/thoughtbot/clearance/compare/v0.4.5...v0.4.6
|
490
839
|
|
491
|
-
|
492
|
-
|
493
|
-
|
494
|
-
|
495
|
-
|
496
|
-
|
497
|
-
|
498
|
-
|
499
|
-
|
840
|
+
## [0.4.5] - February 9, 2009
|
841
|
+
|
842
|
+
### Added
|
843
|
+
- Added password reset feature to `clearance_features` generator.
|
844
|
+
|
845
|
+
### Changed
|
846
|
+
- Only store location for `session[:return_to]` for GET requests.
|
847
|
+
- Audited "sign up" naming convention. "Register" had slipped in a few places.
|
848
|
+
- Switched to `SHA1` encryption. Cypher doesn't matter much for email
|
500
849
|
confirmation, password reset. Better to have shorter hashes in the emails for
|
501
850
|
clients who line break on 72 chars.
|
502
851
|
|
503
|
-
|
852
|
+
### Removed
|
853
|
+
- Removed email downcasing because local-part is case sensitive per
|
854
|
+
RFC5321.
|
855
|
+
- Removed unnecessary `session[:salt]`.
|
856
|
+
|
857
|
+
[0.4.5]: https://github.com/thoughtbot/clearance/compare/v0.4.4...v0.4.5
|
858
|
+
|
859
|
+
## [0.4.4] - February 2, 2009
|
860
|
+
|
861
|
+
### Added
|
862
|
+
- Added a generator for Cucumber features.
|
863
|
+
|
864
|
+
### Changed
|
865
|
+
- Standardized naming for "Sign up," "Sign in," and "Sign out".
|
504
866
|
|
505
|
-
|
506
|
-
* Standardized naming for "Sign up," "Sign in," and "Sign out".
|
867
|
+
[0.4.4]: https://github.com/thoughtbot/clearance/compare/v0.3.7...v0.4.4
|