clearance 1.8.0 → 1.13.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of clearance might be problematic. Click here for more details.

Files changed (100) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/.travis.yml +24 -6
  4. data/.yardopts +6 -0
  5. data/Appraisals +12 -4
  6. data/CONTRIBUTING.md +4 -1
  7. data/Gemfile +2 -2
  8. data/Gemfile.lock +87 -85
  9. data/NEWS.md +672 -311
  10. data/README.md +185 -330
  11. data/app/controllers/clearance/passwords_controller.rb +25 -19
  12. data/app/controllers/clearance/sessions_controller.rb +17 -4
  13. data/app/controllers/clearance/users_controller.rb +10 -4
  14. data/app/mailers/clearance_mailer.rb +2 -3
  15. data/app/views/clearance_mailer/change_password.html.erb +6 -3
  16. data/app/views/clearance_mailer/change_password.text.erb +5 -0
  17. data/app/views/layouts/application.html.erb +2 -2
  18. data/app/views/passwords/create.html.erb +1 -1
  19. data/app/views/passwords/edit.html.erb +2 -2
  20. data/app/views/passwords/new.html.erb +2 -2
  21. data/app/views/sessions/_form.html.erb +2 -2
  22. data/app/views/sessions/new.html.erb +1 -1
  23. data/app/views/users/new.html.erb +2 -2
  24. data/bin/setup +6 -2
  25. data/config/locales/clearance.en.yml +6 -0
  26. data/db/migrate/20110111224543_create_clearance_users.rb +1 -1
  27. data/gemfiles/{rails3.2.gemfile → rails32.gemfile} +1 -1
  28. data/gemfiles/{rails4.0.gemfile → rails40.gemfile} +2 -2
  29. data/gemfiles/{rails4.1.gemfile → rails41.gemfile} +2 -2
  30. data/gemfiles/{rails4.2.gemfile → rails42.gemfile} +2 -2
  31. data/gemfiles/rails50.gemfile +19 -0
  32. data/lib/clearance/authentication.rb +52 -1
  33. data/lib/clearance/authorization.rb +47 -4
  34. data/lib/clearance/back_door.rb +1 -0
  35. data/lib/clearance/configuration.rb +127 -15
  36. data/lib/clearance/constraints/signed_in.rb +21 -0
  37. data/lib/clearance/constraints/signed_out.rb +12 -0
  38. data/lib/clearance/constraints.rb +12 -0
  39. data/lib/clearance/controller.rb +13 -0
  40. data/lib/clearance/default_sign_in_guard.rb +17 -0
  41. data/lib/clearance/engine.rb +24 -4
  42. data/lib/clearance/password_strategies/bcrypt.rb +9 -2
  43. data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +19 -0
  44. data/lib/clearance/password_strategies/blowfish.rb +17 -0
  45. data/lib/clearance/password_strategies/sha1.rb +17 -0
  46. data/lib/clearance/password_strategies.rb +13 -0
  47. data/lib/clearance/rack_session.rb +13 -0
  48. data/lib/clearance/rspec.rb +15 -4
  49. data/lib/clearance/session.rb +46 -1
  50. data/lib/clearance/session_status.rb +7 -0
  51. data/lib/clearance/sign_in_guard.rb +65 -0
  52. data/lib/clearance/test_unit.rb +3 -3
  53. data/lib/clearance/testing/controller_helpers.rb +44 -0
  54. data/lib/clearance/testing/deny_access_matcher.rb +35 -1
  55. data/lib/clearance/testing/helpers.rb +9 -25
  56. data/lib/clearance/testing/view_helpers.rb +32 -0
  57. data/lib/clearance/token.rb +7 -0
  58. data/lib/clearance/user.rb +159 -0
  59. data/lib/clearance/version.rb +1 -1
  60. data/lib/clearance.rb +2 -0
  61. data/lib/generators/clearance/install/install_generator.rb +13 -3
  62. data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb +3 -3
  63. data/lib/generators/clearance/install/templates/db/migrate/create_users.rb +2 -2
  64. data/lib/generators/clearance/routes/routes_generator.rb +23 -0
  65. data/lib/generators/clearance/routes/templates/routes.rb +7 -7
  66. data/lib/generators/clearance/specs/templates/features/clearance/user_signs_out_spec.rb.tt +1 -1
  67. data/lib/generators/clearance/specs/templates/features/clearance/visitor_resets_password_spec.rb.tt +12 -2
  68. data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_in_spec.rb.tt +1 -1
  69. data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_up_spec.rb.tt +1 -1
  70. data/lib/generators/clearance/specs/templates/features/clearance/visitor_updates_password_spec.rb.tt +1 -1
  71. data/spec/acceptance/clearance_installation_spec.rb +4 -1
  72. data/spec/app_templates/config/initializers/clearance.rb +2 -0
  73. data/spec/app_templates/testapp/app/controllers/home_controller.rb +5 -1
  74. data/spec/app_templates/testapp/config/initializers/action_mailer.rb +1 -3
  75. data/spec/clearance/controller_spec.rb +11 -0
  76. data/spec/clearance/rack_session_spec.rb +5 -5
  77. data/spec/clearance/testing/{helpers_spec.rb → controller_helpers_spec.rb} +12 -12
  78. data/spec/clearance/testing/view_helpers_spec.rb +37 -0
  79. data/spec/configuration_spec.rb +24 -0
  80. data/spec/controllers/apis_controller_spec.rb +6 -2
  81. data/spec/controllers/forgeries_controller_spec.rb +6 -1
  82. data/spec/controllers/passwords_controller_spec.rb +1 -11
  83. data/spec/controllers/permissions_controller_spec.rb +13 -3
  84. data/spec/controllers/sessions_controller_spec.rb +4 -4
  85. data/spec/dummy/app/controllers/application_controller.rb +5 -1
  86. data/spec/dummy/application.rb +4 -0
  87. data/spec/generators/clearance/install/install_generator_spec.rb +15 -3
  88. data/spec/generators/clearance/routes/routes_generator_spec.rb +5 -1
  89. data/spec/generators/clearance/views/views_generator_spec.rb +11 -10
  90. data/spec/helpers/helper_helpers_spec.rb +10 -0
  91. data/spec/mailers/clearance_mailer_spec.rb +13 -19
  92. data/spec/password_strategies/bcrypt_migration_from_sha1_spec.rb +6 -0
  93. data/spec/password_strategies/blowfish_spec.rb +6 -0
  94. data/spec/password_strategies/sha1_spec.rb +6 -0
  95. data/spec/spec_helper.rb +7 -0
  96. data/spec/support/generator_spec_helpers.rb +4 -0
  97. data/spec/support/http_method_shim.rb +23 -0
  98. data/spec/user_spec.rb +9 -0
  99. data/spec/views/view_helpers_spec.rb +10 -0
  100. metadata +19 -8
data/NEWS.md CHANGED
@@ -1,506 +1,867 @@
1
- Thank you to all the [contributors](https://github.com/thoughtbot/clearance/graphs/contributors)!
1
+ # News
2
2
 
3
- New for 1.8.0 (January 23, 2015)
4
- * Fixed an issue that would cause sites that are still using the deprecated
5
- `authorize` filter to enter a redirect loop when redirecting to the sign in
6
- path.
7
- * The Clearance remember token cookie name is now customizable via
3
+ The noteworthy changes for each Clearance version are included here. For a
4
+ complete changelog, see the git history for each version via the version links.
5
+
6
+ ## [1.13.0] - March 4, 2016
7
+
8
+ ### Added
9
+ - Clearance now supports Rails 5.0.0.beta3 and newer.
10
+
11
+ ### Fixed
12
+ - Clearance will now infer the parameter name to use when accessing user
13
+ parameters in a request. This previously used `:user`, which was incorrect for
14
+ customized user models.
15
+ - Generated feature specs no longer rely on RSpec monkey patches.
16
+
17
+ [1.13.0]: https://github.com/thoughtbot/clearance/compare/v1.12.1...v1.13.0
18
+
19
+ ## [1.12.1] - January 7, 2016
20
+
21
+ ### Fixed
22
+ - Fixed the `create_users` migration generated by `rails generate
23
+ clearance:install` under Rails 3.x.
24
+
25
+ [1.12.1]: https://github.com/thoughtbot/clearance/compare/v1.12.0...v1.12.1
26
+
27
+ ## [1.12.0] - November 17, 2015
28
+
29
+ ### Added
30
+ - Users will now see a flash message when redirected to sign in by
31
+ `require_login`. This I18n key for this message is
32
+ `flashes.failure_when_not_signed_in` and defaults to "Please sign in to
33
+ continue".
34
+ - Added significant API documentation. API documentation effort is ongoing.
35
+
36
+ ### Fixed
37
+ - Fixed expectation in the generated `visitor_resets_password_spec.rb` file.
38
+ - Corrected indentation of routes inserted by the routes generator.
39
+ - Corrected indentation of `include Clearance::User` when the install generator
40
+ adds it to an existing user class.
41
+
42
+ [1.12.0]: https://github.com/thoughtbot/clearance/compare/v1.11.0...v1.12.0
43
+
44
+ ## [1.11.0] - August 21, 2015
45
+
46
+ ### Added
47
+ - Add `sign_in` and `sign_in_as` helper methods to view specs. These helpers
48
+ avoid errors from verified partial doubles that come from. See
49
+ [462c009].
50
+
51
+ ### Fixed
52
+ - `clearance:routes` generator now properly disables internal routes in your
53
+ Clearance initializer.
54
+ - Clearance now accesses the cookie jar via ActionDispatch::Request rather than
55
+ `Rack::Request`. This is more consistent with what Rails does internally.
56
+
57
+ ### Deprecated
58
+ - `Clearance::Testing::Helpers` has been deprecated in favor of
59
+ `Clearance::Testing::ControllerHelpers`. Most users are accessing these
60
+ helpers by requiring `clearance/rspec` or `clearance/test_unit` and should be
61
+ unaffected.
62
+
63
+ [462c009]: https://github.com/thoughtbot/clearance/commit/462c00965c14b2492500fbb4fecd7b84b9790bb9
64
+ [1.11.0]: https://github.com/thoughtbot/clearance/compare/v1.10.1...v1.11.0
65
+
66
+ ## [1.10.1] - May 15, 2015
67
+
68
+ ### Deprecated
69
+ - All clearance-provided password strategies other than BCrypt have been
70
+ deprecated. You can continue to use those strategies without a deprecation
71
+ warning by adding `clearance-deprecated_password_strategies` to your Gemfile.
72
+
73
+ [1.10.1]: https://github.com/thoughtbot/clearance/compare/v1.9.0...v1.10.1
74
+
75
+ ## [1.9.0] - April 3, 2015
76
+
77
+ ### Added
78
+ - The change password mailer now produces a multipart message which includes a
79
+ text part along with the previously existing HTML part. To override the text
80
+ part, add `change_password.text.erb` alongside your `change_password.html.erb`
81
+ file.
82
+
83
+ ### Fixed
84
+ - Custom `user_model` configured in a Rails initializer will now be reloaded in
85
+ development mode.
86
+ - Change password template now contains "Change my password" link text to
87
+ address an issue linking the URL in some mail clients.
88
+
89
+ [1.9.0]: https://github.com/thoughtbot/clearance/compare/v1.8.1...v1.9.0
90
+
91
+ ## [1.8.1] - March 3, 2015
92
+
93
+ ### Security
94
+ - Enable cross-site request forgery protection on `sessions#create`. See
95
+ [7f5d56e](https://github.com/thoughtbot/clearance/commit/7f5d56ed3a51aca14fa60247a90ca0cd11db0e0d).
96
+
97
+ ### Fixed
98
+ - All methods included by `Clearance::Controller` are now excluded from
99
+ `action_methods`.
100
+
101
+ [1.8.1]: https://github.com/thoughtbot/clearance/compare/v1.8.0...v1.8.1
102
+
103
+ ## [1.8.0] - January 23, 2015
104
+
105
+ ### Added
106
+ - The remember token cookie name is now customizable via
8
107
  `Clearance.configuration.cookie_name`.
9
- * Signed in users that attempt to visit the sign in path are now redirected. The
108
+
109
+ ### Fixed
110
+ - Fixed a redirect loop on the sign in page for applications that are still
111
+ using the deprecated `authorize` filter.
112
+ - Signed in users that attempt to visit the sign in path are now redirected. The
10
113
  redirect URL defaults to the same URL used for the redirect after sign in, but
11
114
  can be customized by overriding `passwords_controller#url_for_signed_in_users`
12
- * `users_controller#avoid_sign_in` is now deprecated in favor of
115
+
116
+ ### Deprecated
117
+ - `users_controller#avoid_sign_in` is now deprecated in favor of
13
118
  `redirect_signed_in_users` which is more accurately named.
14
119
 
15
- New for 1.7.0 (January, 8, 2015)
16
- * The `authorize` filter has been deprecated in favor of `require_login`. Update
120
+ [1.8.0]: https://github.com/thoughtbot/clearance/compare/v1.7.0...v1.8.0
121
+
122
+ ## [1.7.0] - January, 8, 2015
123
+
124
+ ### Fixed
125
+ - Fix the negation of the `deny_access` matcher in Rails 4.0.x on Ruby 2.2
126
+
127
+ ### Deprecated
128
+ - The `authorize` filter has been deprecated in favor of `require_login`. Update
17
129
  all reference to the filter including any calls to `skip_before_filter` or
18
130
  `skip_before_action`.
19
- * The `Clearance.root` method has been deprecated.
20
- * Fix the negation of the `deny_access` matcher in Rails 4.0.x on Ruby 2.2
131
+ - The `Clearance.root` method has been deprecated. It was used internally and
132
+ unlikely to impact external users.
133
+
134
+ [1.7.0]: https://github.com/thoughtbot/clearance/compare/v1.6.1...v1.7.0
135
+
136
+ ## [1.6.1] - January 6, 2015
137
+
138
+ ### Fixed
139
+ - Secure cookies are no longer overwritten when the user visits a non-HTTPS URL.
21
140
 
22
- New for 1.6.1 (January 6, 2015)
23
- * Secure cookies are no longer overwritten when the user visits a non-HTTPS URL.
141
+ [1.6.1]: https://github.com/thoughtbot/clearance/compare/v1.6.0...v1.6.1
24
142
 
25
- New for 1.6.0 (December 20, 2014)
26
- * When using Rails 4.2, password reset emails are sent with the
143
+ ## [1.6.0] - December 20, 2014
144
+
145
+ ### Added
146
+ - When using Rails 4.2, password reset emails are sent with the
27
147
  ActiveJob-compatible `#deliver_later` method.
28
148
 
29
- New for 1.5.1 (December 19, 2014)
30
- * Blowfish password strategy fixed
31
- * Specs generated with `rails generate clearance:specs` now work properly in
149
+ [1.6.0]: https://github.com/thoughtbot/clearance/compare/v1.5.1...v1.6.0
150
+
151
+ ## [1.5.1] - December 19, 2014
152
+
153
+ ### Fixed
154
+ - Blowfish password strategy fixed
155
+ - Specs generated with `rails generate clearance:specs` now work properly in
32
156
  RSpec 3 projects.
33
157
 
34
- New for 1.5.0 (October 17, 2014)
35
- * Disable clearance routes by setting `config.routes = false`.
36
- * Running `rails generate clearance:routes` will dump the default set of
158
+ [1.5.1]: https://github.com/thoughtbot/clearance/compare/v1.5.0...v1.5.1
159
+
160
+ ## [1.5.0] - October 17, 2014
161
+
162
+ ### Added
163
+ - Disable clearance routes by setting `config.routes = false`.
164
+ - Running `rails generate clearance:routes` will dump the default set of
37
165
  routes to your application's routes file for modification.
38
166
 
39
- New for 1.4.3 (October 3, 2014)
40
- * Routing constraints act appropriately when session data is missing.
167
+ [1.5.0]: https://github.com/thoughtbot/clearance/compare/v1.4.3...v1.5.0
41
168
 
42
- New for 1.4.2 (September 13, 2014)
43
- * Eliminate deprecation message when using DenyAccess matcher with RSpec 3.
169
+ ## [1.4.3] - October 3, 2014
44
170
 
45
- New for 1.4.1 (September 5, 2014)
46
- * Prevent BCrypt strategy from raising an exception when `encypted_password`
171
+ ### Fixed
172
+ - Routing constraints act appropriately when session data is missing.
173
+
174
+ [1.4.3]: https://github.com/thoughtbot/clearance/compare/v1.4.2...v1.4.3
175
+
176
+ ## [1.4.2] - September 13, 2014
177
+
178
+ ### Fixed
179
+ - Eliminate deprecation message when using DenyAccess matcher with RSpec 3.
180
+
181
+ [1.4.2]: https://github.com/thoughtbot/clearance/compare/v1.4.1...v1.4.2
182
+
183
+ ## [1.4.1] - September 5, 2014
184
+
185
+ ### Fixed
186
+ - Prevent BCrypt strategy from raising an exception when `encypted_password`
47
187
  is nil.
48
188
 
49
- New for 1.4.0 (July 18, 2014)
50
- * The sign out link in the default application layout has been replaced with a
189
+ [1.4.1]: https://github.com/thoughtbot/clearance/compare/v1.4.0...v1.4.1
190
+
191
+ ## [1.4.0] - July 18, 2014
192
+
193
+ ### Added
194
+ - `user_params` method was added to `Clearance::UsersController` which provides
195
+ a convenient place to override the parameters used when creating users.
196
+ - Controllers now inherit from `Clearance::BaseController` to allow for easily
197
+ adding behavior to all of them.
198
+
199
+ ### Changed
200
+ - The sign out link in the default application layout has been replaced with a
51
201
  semantically correct sign out button. This also removes an unnecessary
52
202
  JavaScript dependency.
53
- * Clearance now uses `original_fullpath` when redirecting to a saved URL after
203
+
204
+ ### Fixed
205
+ - Clearance now uses `original_fullpath` when redirecting to a saved URL after
54
206
  login. This should improve the behavior in mounted engines.
55
- * `user_params` method was added to `Clearance::UsersController` which provides
56
- a convenient place to override the parameters used when creating users.
57
- * Controllers now inherit from `Clearance::BaseController` to allow for easily
58
- adding behavior to all of them.
59
207
 
60
- New for 1.3.0 (March 14, 2014)
61
- * Installing Clearance with an existing User model will now create a migration
208
+ [1.4.0]: https://github.com/thoughtbot/clearance/compare/v1.3.0...v1.4.0
209
+
210
+ ## [1.3.0] - March 14, 2014
211
+
212
+ ### Added
213
+ - Installing Clearance with an existing User model will now create a migration
62
214
  that includes adding remember tokens to all existing user records.
63
215
 
64
- New for 1.2.1 (March 6, 2014):
65
- * Query string is now included in the redirect URL when Clearance redirects to a
216
+ [1.3.0]: https://github.com/thoughtbot/clearance/compare/v1.2.1...v1.3.0
217
+
218
+ ## [1.2.1] - March 6, 2014
219
+
220
+ ### Fixed
221
+ - Query string is now included in the redirect URL when Clearance redirects to a
66
222
  previously stored URL.
67
223
 
68
- New for 1.2.0 (February 28, 2014):
69
- * Support for Rails 4.1.0.rc1
70
- * `clearance/testing` is now deprecated. Require `clearance/rspec` or
71
- `clearance/test_unit` as appropriate.
72
- * Sign in failure message is now customized exclusively via I18n.
224
+ [1.2.1]: https://github.com/thoughtbot/clearance/compare/v1.2.0...v1.2.1
225
+
226
+ ## [1.2.0] - February 28, 2014
227
+
228
+ ### Added
229
+ - Support for Rails 4.1.0.rc1
230
+ - Sign in can now be disabled with `config.allow_sign_in = false`
231
+
232
+ ### Changed
233
+ - Sign in failure message is now customized exclusively via I18n.
73
234
  `SessionsController#flash_failure_after_create` is no longer called. To
74
235
  customize the message, change the
75
236
  `clearance.controllers.sessions.bad_email_or_password` or
76
237
  `flashes.failure_after_create` key.
77
- * Sign in can now be disabled with `config.allow_sign_in = false`
78
238
 
79
- New for 1.1.0 (November 21, 2013):
239
+ ### Deprecated
240
+ - `clearance/testing` is now deprecated. Require `clearance/rspec` or
241
+ `clearance/test_unit` as appropriate.
242
+
243
+ [1.2.0]: https://github.com/thoughtbot/clearance/compare/v1.1.0...v1.2.0
244
+
245
+ ## [1.1.0] - November 21, 2013
80
246
 
81
- * Validate email with `EmailValidator` [strict mode][strict].
82
- * The `cookie_expiration` configuration lambda can now be called with a
247
+ ### Added
248
+ - Validate email with `EmailValidator` [strict mode][strict].
249
+ - The `cookie_expiration` configuration lambda can now be called with a
83
250
  `cookies` parameter. Allows the Clearance cookie expiration to be set
84
251
  according to the value of another cookie (such as `remember_me`).
85
- * A `cookie_expiration` lambda that does not accept this `cookies`
86
- parameter has been deprecated.
87
- * Allow cookie domain and path configuration.
88
- * Add sign in guards.
89
- * Don't allow logins with blank `remember_token`.
252
+ - Allow cookie domain and path configuration.
253
+ - Add sign in guards.
90
254
 
91
255
  [strict]: https://github.com/balexand/email_validator#strict-mode
92
256
 
93
- New for 1.0.1 (August 9, 2013):
257
+ ### Fixed
258
+ - Don't allow logins with blank `remember_token`.
259
+
260
+ ### Deprecated
261
+ - A `cookie_expiration` lambda that does not accept this `cookies`
262
+ parameter has been deprecated.
94
263
 
95
- * Fix an issue when trying to sign in with `nil`
264
+ [1.1.0]: https://github.com/thoughtbot/clearance/compare/v1.0.1...v1.1.0
96
265
 
97
- New for 1.0.0 (August 1, 2013):
266
+ ## [1.0.1] - August 9, 2013
98
267
 
99
- * Support Rails 4.
100
- * Change default password strategy to BCrypt.
101
- * Speed up test suites using `::BCrypt::Engine::MIN_COST`.
102
- * Speed up integration suites with `Clearance::BackDoor`.
103
- * Replace email regular expression with `EmailValidator` gem.
104
- * Provide `BCryptMigrationFromSHA1` password strategy to help people migrate from
268
+ ### Fixed
269
+ - Fix an issue when trying to sign in with `nil`
270
+
271
+ [1.0.1]: https://github.com/thoughtbot/clearance/compare/v1.0.0...v1.1.1
272
+
273
+ ## [1.0.0] - August 1, 2013
274
+
275
+ ### Added
276
+ - Support Rails 4.
277
+ - Speed up test suites using `::BCrypt::Engine::MIN_COST`.
278
+ - Speed up integration suites with `Clearance::BackDoor`.
279
+ - Provide `BCryptMigrationFromSHA1` password strategy to help people migrate from
105
280
  SHA1 (the old default password strategy) to BCrypt (the new default).
106
- * Support Ruby 2.
107
- * Require > Ruby 1.9.
108
- * More extension points in more controllers.
109
- * The `email`, `encrypted_password`, and `remember_token` fields of the users
281
+ - Support Ruby 2.
282
+ - More extension points in more controllers.
283
+ - Add `SignedIn` and `SignedOut` routing constraints.
284
+ - Add a fake password strategy, which is useful when writing tests.
285
+ - Add `redirect_url` configuration option.
286
+ - Add `secure_cookie` configuration option.
287
+
288
+ ### Changed
289
+ - Change default password strategy to BCrypt.
290
+ - Replace email regular expression with `EmailValidator` gem.
291
+ - Require > Ruby 1.9.
292
+ - The `email`, `encrypted_password`, and `remember_token` fields of the users
110
293
  table are `NOT NULL` in the default migration.
111
- * Add `SignedIn` and `SignedOut` routing constraints.
112
- * Add a fake password strategy, which is useful when writing tests.
113
- * Improve security when changing password.
114
- * Replace Cucumber feature generator with RSpec + Capybara.
115
- * Remove Diesel dependency.
116
- * Remove deprecated methods on User: `remember_me!`, `generate_random_code`,
117
- `password_required?`.
118
- * `PasswordsController` `params[:user]` has changed to `params[:password_reset]`
294
+ - Replace Cucumber feature generator with RSpec + Capybara.
295
+ - Remove Diesel dependency.
296
+ - `PasswordsController` `params[:user]` has changed to `params[:password_reset]`
119
297
  to avoid locale conflicts.
120
- * Remove `unloadable` from controllers (Rails 4 bug fix in development
121
- environment).
122
- * Add `redirect_url` configuration option.
123
- * Add `secure_cookie` configuration option.
124
- * Unauthorized API requests return HTTP status 401 rather than a redirect
298
+
299
+ ### Fixed
300
+ - Improve security when changing password.
301
+ - Reduce extra user lookups when adding cookie to headers.
302
+ - Unauthorized API requests return HTTP status 401 rather than a redirect
125
303
  to the sign in page.
126
- * Remove support for supplying `return_to` value via request parameter.
127
- * Reduce extra user lookups when adding cookie to headers.
128
304
 
129
- New for 0.16.2 (May 11, 2012):
305
+ ### Removed
306
+ - Remove deprecated methods on User: `remember_me!`, `generate_random_code`,
307
+ `password_required?`.
308
+ - Remove `unloadable` from controllers (Rails 4 bug fix in development
309
+ environment).
310
+ - Remove support for supplying `return_to` value via request parameter.
311
+
312
+ [1.0.0]: https://github.com/thoughtbot/clearance/compare/v0.16.2...v1.0.0
313
+
314
+ ## [0.16.2] - May 11, 2012
130
315
 
131
- * Change default email sender to `deploy@example.com`.
316
+ ### Changed
317
+ - Change default email sender to `deploy@example.com`.
132
318
 
133
- New for 0.16.1 (April 16, 2012):
319
+ [0.16.2]: https://github.com/thoughtbot/clearance/compare/v0.16.1...v0.16.2
134
320
 
135
- * Behave correctly when Rails whitelist attributes mass assignment
321
+ ## [0.16.1] - April 16, 2012
322
+
323
+ ### Fixed
324
+ - Behave correctly when Rails whitelist attributes mass assignment
136
325
  protection is turned on.
137
- * Fix for Rails 3.2.x modifying the HTTP cookie headers in rack requests.
326
+ - Fix for Rails 3.2.x modifying the HTTP cookie headers in rack requests.
327
+
328
+ [0.16.1]: https://github.com/thoughtbot/clearance/compare/v0.16.0...v0.16.1
329
+
330
+ ## [0.16.0] - March 16, 2012
331
+
332
+ ### Added
333
+ - Blowfish password encryption strategy.
334
+
335
+ [0.16.0]: https://github.com/thoughtbot/clearance/compare/v0.15.0...v0.16.0
138
336
 
139
- New for 0.16.0 (March 16, 2012):
337
+ ## [0.15.0] - February 3, 2012
140
338
 
141
- * Blowfish password encryption strategy.
339
+ ### Added
340
+ - The `User` model can be swapped out using the `Clearance.configure` method.
142
341
 
143
- New for 0.15.0 (February 3, 2012):
342
+ ### Removed
343
+ - Remove `User::InstanceMethods` to silence a Rails 3.2 deprecation warning.
144
344
 
145
- * The `User` model can be swapped out using the `Clearance.configure` method.
146
- * Remove `User::InstanceMethods` to silence a Rails 3.2 deprecation warning.
147
- * Bump development dependency of cucumber-rails to 1.1.1.
345
+ [0.15.0]: https://github.com/thoughtbot/clearance/compare/v0.14.0...v0.15.0
148
346
 
149
- New for 0.14.0 (January 13, 2012):
347
+ ## [0.14.0] - January 13, 2012
150
348
 
151
- * Support clearance session management from the Rack environment.
349
+ ### Added
350
+ - Support clearance session management from the Rack environment.
152
351
 
153
- New for 0.13.2 (January 13, 2012):
352
+ [0.14.0]: https://github.com/thoughtbot/clearance/compare/v0.13.2...v0.14.0
154
353
 
155
- * Fixed the `deny_access` matcher.
354
+ ## [0.13.2] - January 13, 2012
156
355
 
157
- New for 0.13.0 (October 11, 2011):
356
+ ### Fixed
357
+ - Fixed the `deny_access` matcher.
158
358
 
159
- * In Clearance's optional generated features, use pure Capybara instead of
359
+ [0.13.2]: https://github.com/thoughtbot/clearance/compare/v0.13.0...v0.13.2
360
+
361
+ ## [0.13.0] - October 11, 2011
362
+
363
+ ### Changed
364
+ - In Clearance's optional generated features, use pure Capybara instead of
160
365
  depending on Cucumber's removed `web_steps`, paths, and selectors.
161
- * Extract SHA-1-specific code out of `User` into `PasswordStrategies` module.
162
- * Extract sign in form so that other methods can be added easily.
163
- * Test against Rails 3.1. Required upgrades to Diesel and Appraisal.
164
- * Improved README documentation for overrides.
165
-
166
- New for 0.12.0 (June 30, 2011):
167
-
168
- * Denying access redirects to `root_url` when signed in, `sign_in_url` when signed
169
- out.
170
- * Using flash `:notice` key everywhere now instead of `:success` and `:failure`. More
171
- in line with Rails conventions.
172
- * `redirect_back_or` on sign up.
173
- * Resetting password no longer redirects to sign in page. It displays a message
366
+ - Extract SHA-1-specific code out of `User` into `PasswordStrategies` module.
367
+ - Extract sign in form so that other methods can be added easily.
368
+ - Test against Rails 3.1. Required upgrades to Diesel and Appraisal.
369
+
370
+ [0.13.0]: https://github.com/thoughtbot/clearance/compare/v0.12.0...v0.13.0
371
+
372
+ ## [0.12.0] - June 30, 2011
373
+
374
+ ### Changed
375
+ - Denying access redirects to `root_url` when signed in, `sign_in_url` when
376
+ signed out.
377
+ - Using flash `:notice` key everywhere now instead of `:success` and `:failure`.
378
+ More in line with Rails conventions.
379
+ - `redirect_back_or` on sign up.
380
+ - Resetting password no longer redirects to sign in page. It displays a message
174
381
  telling them to look for an email.
175
- * Removed redundant flash messages. ("Signed in.", "Signed out.", and "You are
382
+ - Removed redundant flash messages. ("Signed in.", "Signed out.", and "You are
176
383
  now signed up.")
177
384
 
178
- New for 0.11.2 (June 29, 2011):
385
+ [0.12.0]: https://github.com/thoughtbot/clearance/compare/v0.11.2...v0.12.0
386
+
387
+ ## [0.11.2] - June 29, 2011
179
388
 
180
- * Rails 3.1.rc compatible.
181
- * Cucumber features no longer require password.
182
- * No more Clearance `shoulda_macros`. Instead providing RSpec- and
389
+ ### Added
390
+ - Rails 3.1.rc compatible.
391
+ - RSpec and Test::Unit compliant test matcher (`should deny_access`, etc)
392
+
393
+ ### Removed
394
+ - No more Clearance `shoulda_macros`. Instead providing RSpec and
183
395
  Test::Unit-compliant test matchers (`should deny_access`, etc).
184
396
 
185
- New for 0.11.1 (April 30, 2011):
397
+ [0.11.2]: https://github.com/thoughtbot/clearance/compare/v0.11.1...v0.11.2
186
398
 
187
- * Redirect to home page after sign up.
188
- * Remove dependency on `dynamic_form`. Replaced with flashes due to limited number
189
- of failure cases.
190
- * Moving `ClearanceMailer` to `app/mailers`. Moving spec to `spec/mailers`.
191
- * Removing `:case_sensitive` option from `validates_uniqueness_of`. It was
399
+ ## [0.11.1] - April 30, 2011
400
+
401
+ ### Added
402
+ - Redirect to home page after sign up.
403
+
404
+ ### Fixed
405
+ - Removing `:case_sensitive` option from `validates_uniqueness_of`. It was
192
406
  unnecessary and causes a small performance problem on some apps.
193
- * Only development dependency in `gemspec` should be `bundler`. All others are
194
- derived by bundling.
195
407
 
196
- New for 0.11.0 (April 24, 2011):
408
+ ### Removed
409
+ - Remove dependency on `dynamic_form`. Replaced with flashes due to limited number
410
+ of failure cases.
411
+
412
+ [0.11.1]: https://github.com/thoughtbot/clearance/compare/v0.11.0...v0.11.1
413
+
414
+ ## [0.11.0] - April 24, 2011
197
415
 
198
- * Removing password confirmation.
199
- * Use `ActiveSupport::Concern` and `ActiveSupport::SecureRandom` to clean up code.
200
- * New `controller#authenticate(params)` method. Redefine username & password or
416
+ ### Added
417
+ - New `controller#authenticate(params)` method. Redefine username & password or
201
418
  other styles of authentication.
202
- * `before_filter :authenticate` API replaced with more aptly-named `before_filter
419
+
420
+ ### Changed
421
+ - `before_filter :authenticate` API replaced with more aptly-named `before_filter
203
422
  :authorize`.
204
423
 
205
- New for 0.10.5 (April 19, 2011):
424
+ ### Removed
425
+ - Removing password confirmation.
426
+
427
+ [0.11.0]: https://github.com/thoughtbot/clearance/compare/v0.10.5...v0.11.0
428
+
429
+ ## [0.10.5] - April 19, 2011
430
+
431
+ ### Security
432
+ - Closing CSRF hole for Rails >= 3.0.4 apps.
433
+
434
+ [0.10.5]: https://github.com/thoughtbot/clearance/compare/v0.10.4...v0.10.5
435
+
436
+ ## [0.10.4] - April 16, 2011
437
+
438
+ ### Added
439
+ - Use HTML5 email fields.
440
+
441
+ ### Changed
442
+ - Emails forced to be downcased (particularly for iPhone user case).
443
+
444
+ ### Fixed
445
+ - Password reset requires a password.
206
446
 
207
- * Closing CSRF hole for Rails >= 3.0.4 apps.
447
+ ### Removed
448
+ - Formtastic views generator removed.
208
449
 
209
- New for 0.10.4 (April 16, 2011):
450
+ [0.10.4]: https://github.com/thoughtbot/clearance/compare/v0.10.3.2...v0.10.4
210
451
 
211
- * Formtastic views generator removed.
212
- * Emails forced to be downcased (particularly for iPhone user case).
213
- * Suite converted from test/unit to RSpec.
214
- * Password reset requires a password.
215
- * Use HTML5 email fields.
452
+ ## [0.10.3.2] - March 6, 2011
216
453
 
217
- New for 0.10.3.2 (March 6, 2011):
454
+ ### Fixed
455
+ - Fix gemspec to include all necessary files.
218
456
 
219
- * Fix gemspec to include all necessary files.
457
+ [0.10.3.2]: https://github.com/thoughtbot/clearance/compare/v0.10.3.1...v0.10.3.2
220
458
 
221
- New for 0.10.3.1 (February 20, 2011):
459
+ ## [0.10.3.1] - February 20, 2011
222
460
 
223
- * Ensure everything within features inside any engine directory is included in
461
+ ### Fixed
462
+ - Ensure everything within features inside any engine directory is included in
224
463
  the `gemspec`.
225
464
 
226
- New for 0.10.3 (February 19, 2011):
465
+ [0.10.3.1]: https://github.com/thoughtbot/clearance/compare/v0.10.3...v0.10.3.1
227
466
 
228
- * Include features/engines in `gemspec` file list so generator works as
467
+ ## [0.10.3] - February 19, 2011
468
+
469
+ ### Fixed
470
+ - Include features/engines in `gemspec` file list so generator works as
229
471
  expected.
230
472
 
231
- New for 0.10.2 (February 18, 2011):
473
+ [0.10.3]: https://github.com/thoughtbot/clearance/compare/v0.10.2...v0.10.3
232
474
 
233
- * Replaced `test/rails_root` & general testing strategy with Diesel.
234
- * Conveniences in factories for password/confirmation.
235
- * New generator command: `rails generate clearance:install`.
236
- * Step definitions are now prefixed with `visitor_` to use thoughtbot
237
- convention.
238
- * When Clearance installed in an app that already has users, allow old users to
475
+ ## [0.10.2] - February 18, 2011
476
+
477
+ ### Added
478
+ - New generator command: `rails generate clearance:install`.
479
+ - When Clearance installed in an app that already has users, allow old users to
239
480
  sign in by resetting their password.
240
481
 
241
- New for 0.10.1 (February 9, 2011):
482
+ ### Changed
483
+ - Step definitions are now prefixed with `visitor_` to use thoughtbot
484
+ convention.
485
+
486
+ [0.10.2]: https://github.com/thoughtbot/clearance/compare/v0.10.1...v0.10.2
487
+
488
+ ## [0.10.1] - February 9, 2011
242
489
 
243
- * Replaced `ActionController::Forbidden` with a user-friendly flash message.
244
- * Improved language of Cucumber steps by allowing a little more flexibility.
490
+ ### Fixed
491
+ - Replaced `ActionController::Forbidden` with a user-friendly flash message.
245
492
 
246
- New for 0.10.0 (June 29, 2010):
493
+ [0.10.1]: https://github.com/thoughtbot/clearance/compare/v0.10.0...v0.10.1
247
494
 
248
- * Better email validation regular expression.
249
- * Removed email confirmation step, was mostly a hassle and can always be added
495
+ ## [0.10.0] - June 29, 2010
496
+
497
+ ### Added
498
+ - Better email validation regular expression.
499
+
500
+ ### Removed
501
+ - Removed email confirmation step, was mostly a hassle and can always be added
250
502
  back in at the application level (instead of engine level) if necessary.
251
- * Removed `disable_with` on forms since it does not allow IE users to submit
503
+ - Removed `disable_with` on forms since it does not allow IE users to submit
252
504
  forms. [Read more](https://github.com/rails/jquery-ujs/issues#issue/30).
253
505
 
254
- New for 0.9.1 (June 29, 2010):
506
+ [0.10.0]: https://github.com/thoughtbot/clearance/compare/v0.9.1...v0.10.0
507
+
508
+ ## [0.9.1] - June 29, 2010
509
+
510
+ ### Added
511
+ - This release supports Rails 3, capybara, and shoulda 2.10+.
512
+
513
+ [0.9.1]: https://github.com/thoughtbot/clearance/compare/v0.9.0...v0.9.1
255
514
 
256
- * This release supports Rails 3, capybara, and shoulda 2.10+.
515
+ ## [0.9.0] - June 11, 2010
257
516
 
258
- New for 0.9.0 (June 11, 2010):
517
+ ### Added
518
+ - Allow customization of cookie duration.
259
519
 
260
- * Removed unnecessary db index.
261
- * Allow customization of cookie duration.
262
- * `rake generator:cleanup` needed to be... cleaned up.
520
+ ### Changed
521
+ - Removed unnecessary db index.
263
522
 
264
- New for 0.8.8 (February 25, 2010):
523
+ [0.9.0]: https://github.com/thoughtbot/clearance/compare/v0.8.8...v0.9.0
265
524
 
266
- * Fixed `sign_in` and `sign_out` not setting `current_user`.
525
+ ## [0.8.8] - February 25, 2010
267
526
 
268
- New for 0.8.7 (February 21, 2010):
527
+ ### Fixed
528
+ - Fixed `sign_in` and `sign_out` not setting `current_user`.
269
529
 
270
- * Fixed global sign out bug.
271
- * Allow Rails apps to `before_filter :authenticate` the entire app
530
+ [0.8.8]: https://github.com/thoughtbot/clearance/compare/v0.8.7...v0.8.8
531
+
532
+ ## [0.8.7] - February 21, 2010
533
+
534
+ ### Fixed
535
+ - Fixed global sign out bug.
536
+ - Allow Rails apps to `before_filter :authenticate` the entire app
272
537
  in `ApplicationController` and still have password recovery work without
273
538
  overriding any controllers.
274
- * Rails 3 fix for `ActionController`/`ActionDispatch` change.
539
+ - Rails 3 fix for `ActionController`/`ActionDispatch` change.
540
+
541
+ [0.8.7]: https://github.com/thoughtbot/clearance/compare/v0.8.6...v0.8.7
275
542
 
276
- New for 0.8.6 (February 17, 2010):
543
+ ## [0.8.6] - February 17, 2010
544
+
545
+ ### Added
546
+ - Allow overridden user models to skip email/password validations
547
+ conditionally. This makes username/facebook integration easier.
277
548
 
278
- * Clearance features capitalization should match view text.
279
- * Skip `:authenticate before_filter` in controllers so apps can easily
549
+ ### Fixed
550
+ - Clearance features capitalization should match view text.
551
+ - Skip `:authenticate before_filter` in controllers so apps can easily
280
552
  authenticate a whole site without subclassing.
281
- * Added randomness to token and salt generation,
282
- * Reset the `remember_token` on sign out instead of sign in. Allows for the same
553
+ - Added randomness to token and salt generation,
554
+ - Reset the `remember_token` on sign out instead of sign in. Allows for the same
283
555
  user to sign in from two locations at once.
284
- * Append the version number to generated update migrations.
285
- * Allow overridden user models to skip email/password validations
286
- conditionally. This makes username/facebook integration easier.
556
+ - Append the version number to generated update migrations.
287
557
 
288
- New for 0.8.5 (January 20, 2010):
558
+ [0.8.6]: https://github.com/thoughtbot/clearance/compare/v0.8.5...v0.8.6
289
559
 
290
- * Replaced routing hack with `Clearance::Routes.draw(map)` to give more control
291
- to the application developer.
292
- * Removed `attr_accessible` from `Clearance::User`.
293
- * Fixed bug in password reset feature.
294
- * Use Jeweler for gemming.
295
- * Remove dependency on `root_path`, use `'/'` instead.
296
- * Use `Clearance.configure` block to set mailer sender instead of `DO_NOT_REPLY`
560
+ ## [0.8.5] - January 20, 2010
561
+
562
+ ### Changed
563
+ - Removed `attr_accessible` from `Clearance::User`.
564
+ - Remove dependency on `root_path`, use `'/'` instead.
565
+ - Use `Clearance.configure` block to set mailer sender instead of `DO_NOT_REPLY`
297
566
  constant.
298
567
 
299
- New for 0.8.4 (December 08, 2009):
568
+ ### Fixed
569
+ - Replaced routing hack with `Clearance::Routes.draw(map)` to give more control
570
+ to the application developer.
571
+ - Fixed bug in password reset feature.
572
+
573
+ [0.8.5]: https://github.com/thoughtbot/clearance/compare/v0.8.4...v0.8.5
300
574
 
301
- * Remove unnecessary `require 'factory_girl'` in generator.
302
- * Reference gemcutter (not github) as the gem source in README.
303
- * Add IRC, rdoc.info links to README.
304
- * Move user confirmation email trigger into model.
575
+ ## [0.8.4] - December 08, 2009
305
576
 
306
- New for 0.8.3 (September 21, 2009):
577
+ ### Fixed
578
+ - Remove unnecessary `require 'factory_girl'` in generator.
307
579
 
308
- * Remove `class_eval` in `Clearance::Authentication`.
309
- * Avoid possible collisions in the remember me token.
580
+ [0.8.4]: https://github.com/thoughtbot/clearance/compare/v0.8.3...v0.8.4
310
581
 
311
- New for 0.8.2 (September 01, 2009):
582
+ ## [0.8.3] - September 21, 2009
312
583
 
313
- * `current_user= accessor` method.
314
- * Set `current_user` in `sign_in`.
584
+ ### Fixed
585
+ - Avoid possible collisions in the remember me token.
315
586
 
316
- New for 0.8.1 (August 31, 2009):
587
+ [0.8.3]: https://github.com/thoughtbot/clearance/compare/v0.8.2...v0.8.3
317
588
 
318
- * Removed unnecessary `remember_token_expires_at` column and the
319
- `remember?` and `forget_me!` user instance methods.
589
+ ## [0.8.2] - September 01, 2009
320
590
 
321
- New for 0.8.0 (August 31, 2009):
591
+ ### Added
592
+ - `current_user= accessor` method.
593
+ - Set `current_user` in `sign_in`.
322
594
 
323
- * Always remember me. Replaced session-and-remember-me authentication with
595
+ [0.8.2]: https://github.com/thoughtbot/clearance/compare/v0.8.1...v0.8.2
596
+
597
+ ## [0.8.1] - August 31, 2009
598
+
599
+ ### Changed
600
+ - Removed unnecessary `remember_token_expires_at` column.
601
+
602
+ ### Removed
603
+ - Removed `remember?` and `forget_me!` user instance methods.
604
+
605
+ [0.8.1]: https://github.com/thoughtbot/clearance/compare/v0.8.0...v0.8.1
606
+
607
+ ## [0.8.0] - August 31, 2009
608
+
609
+ ### Added
610
+ - Documented `Clearance::Authentication` with YARD.
611
+ - Documented `Clearance::User` with YARD.
612
+
613
+ ### Changed
614
+ - Always remember me. Replaced session-and-remember-me authentication with
324
615
  always using a cookie with a long timeout.
325
- * Documented `Clearance::Authentication` with YARD.
326
- * Documented `Clearance::User` with YARD.
327
616
 
328
- New for 0.7.0 (August 4, 2009):
617
+ [0.8.0]: https://github.com/thoughtbot/clearance/compare/v0.7.0...v0.8.0
618
+
619
+ ## [0.7.0] - August 4, 2009
329
620
 
330
- * Redirect signed in user who clicks confirmation link again.
331
- * Redirect signed out user who clicks confirmation link again.
332
- * Added `signed_out?` convenience method for controllers, helpers, views.
333
- * Added `clearance_views` generator. By default, creates formtastic views which
621
+ ### Added
622
+ - Added `signed_out?` convenience method for controllers, helpers, views.
623
+ - Added `clearance_views` generator. By default, creates formtastic views which
334
624
  pass all tests and features.
335
625
 
336
- New for 0.6.9 (July 4, 2009):
626
+ ### Fixed
627
+ - Redirect signed in user who clicks confirmation link again.
628
+ - Redirect signed out user who clicks confirmation link again.
629
+
630
+ [0.7.0]: https://github.com/thoughtbot/clearance/compare/v0.6.9...v0.7.0
631
+
632
+ ## [0.6.9] - July 4, 2009
633
+
634
+ ### Added
635
+ - Added timestamps to create users migration.
636
+ - Ready for Ruby 1.9.
337
637
 
338
- * Added timestamps to create users migration.
339
- * Ready for Ruby 1.9.
638
+ [0.6.9]: https://github.com/thoughtbot/clearance/compare/v0.6.8...v0.6.9
340
639
 
341
- New for 0.6.8 (June 24, 2009):
640
+ ## [0.6.8] - June 24, 2009
342
641
 
343
- * Added `defined?` checks for various Rails constants such as `ActionController`
642
+ ### Fixed
643
+ - Added `defined?` checks for various Rails constants such as `ActionController`
344
644
  for easier unit testing of Clearance extensions... particularly `ActiveRecord`
345
645
  extensions... `particularly strong_password`.
346
646
 
347
- New for 0.6.7 (June 13, 2009):
647
+ [0.6.8]: https://github.com/thoughtbot/clearance/compare/v0.6.7...v0.6.8
348
648
 
349
- * Added `sign_up`, `sign_in`, `sign_out` named routes.
350
- * Minimizing Reek smell: Duplication in `redirect_back_or`.
351
- * Deprecated `sign_user_in`. Told developers to use `sign_in` instead.
352
- * `flash_success_after_create`, `flash_notice_after_create`,
649
+ ## [0.6.7] - June 13, 2009
650
+
651
+ ### Added
652
+ - Added `sign_up`, `sign_in`, `sign_out` named routes.
653
+ - `flash_success_after_create`, `flash_notice_after_create`,
353
654
  `flash_failure_after_create`, `flash_sucess_after_update`,
354
655
  `flash_success_after_destroy`, etc.
355
- * Added `#create` to forbidden `before_filters` on confirmations controller.
356
- * `should_be_signed_in_as` shouldn't look in the session.
357
- * README improvements.
358
- * Move routes loading to separate file.
656
+ - Added `#create` to forbidden `before_filters` on confirmations controller.
657
+
658
+ ### Fixed
659
+ - `should_be_signed_in_as` shouldn't look in the session.
660
+
661
+ ### Deprecated
662
+ - Deprecated `sign_user_in`. Told developers to use `sign_in` instead.
359
663
 
360
- New for 0.6.6 (May 18, 2009):
664
+ [0.6.7]: https://github.com/thoughtbot/clearance/compare/v0.6.6...v0.6.7
361
665
 
362
- * replaced `class_eval` in `Clearance::User` with modules. This was needed
666
+ ## [0.6.6] - May 18, 2009
667
+
668
+ ### Fixed
669
+ - replaced `class_eval` in `Clearance::User` with modules. This was needed
363
670
  so we could write our own validations.
364
671
 
365
- New for 0.6.5 (May 17, 2009):
672
+ [0.6.6]: https://github.com/thoughtbot/clearance/compare/v0.6.5...v0.6.6
673
+
674
+ ## [0.6.5] - May 17, 2009
675
+
676
+ ### Added
677
+ - Make Clearance i18n aware.
366
678
 
367
- * Make Clearance i18n aware.
679
+ [0.6.5]: https://github.com/thoughtbot/clearance/compare/v0.6.4...v0.6.5
368
680
 
369
- New for 0.6.4 (May 12, 2009):
681
+ ## [0.6.4] - May 12, 2009
370
682
 
371
- * Moved issue tracking to Github from Lighthouse.
372
- * Asking higher-level questions of controllers in webrat steps, such as
373
- `signed_in`? instead of what's in the session. same for accessors.
374
- * Replacing `sign_in_as` & `sign_out` shoulda macros with a stubbing (requires no
375
- dependency) approach. this will avoid dealing with the internals of
683
+ ### Changed
684
+ - Replacing `sign_in_as` & `sign_out` shoulda macros with a stubbing (requires no
685
+ dependency) approach. This will avoid dealing with the internals of
376
686
  `current_user`, such as session & cookies. Added `sign_in` macro which signs in an
377
687
  email confirmed user from clearance's factories.
378
- * Move private methods on sessions controller into `Clearance::Authentication`
688
+ - Move private methods on sessions controller into `Clearance::Authentication`
379
689
  module.
380
- * Audited flash keys.
690
+ - Audited flash keys.
381
691
 
382
- New for 0.6.3 (April 23, 2009):
692
+ [0.6.4]: https://github.com/thoughtbot/clearance/compare/v0.6.3...v0.6.4
383
693
 
384
- * Scoping `ClearanceMailer` properly within controllers so it works in
694
+ ## [0.6.3] - April 23, 2009
695
+
696
+ ### Fixed
697
+ - Scoping `ClearanceMailer` properly within controllers so it works in
385
698
  production environments.
386
699
 
387
- New for 0.6.2 (April 22, 2009):
700
+ [0.6.3]: https://github.com/thoughtbot/clearance/compare/v0.6.2...v0.6.3
701
+
702
+ ## [0.6.2] - April 22, 2009
703
+
704
+ ### Added
705
+ - Insert `Clearance::User` into User model if it exists.
388
706
 
389
- * Insert `Clearance::User` into User model if it exists.
390
- * `World(NavigationHelpers)` Cucumber 3.0 style.
707
+ [0.6.2]: https://github.com/thoughtbot/clearance/compare/v0.6.1...v0.6.2
391
708
 
392
- New for 0.6.1 (April 21, 2009):
709
+ ## [0.6.1] - April 21, 2009
393
710
 
394
- * Scope operators are necessary to keep Rails happy. Reverting the original
711
+ ### Changed
712
+ - Scope operators are necessary to keep Rails happy. Reverting the original
395
713
  revert so they're back in the library now for constants referenced inside of
396
714
  the gem.
397
715
 
398
- New for 0.6.0 (April 21, 2009):
716
+ [0.6.1]: https://github.com/thoughtbot/clearance/compare/v0.6.0...v0.6.1
399
717
 
400
- * Converted Clearance to a Rails engine.
401
- * Include `Clearance::User` in User model in app.
402
- * Include `Clearance::Authentication` in `ApplicationController`.
403
- * Namespace controllers under `Clearance` module.
404
- * Routes move to engine, use namespaced controllers but publicly the same.
405
- * If you want to override a controller, subclass it like `SessionsController <
718
+ ## [0.6.0] - April 21, 2009
719
+
720
+ ### Changed
721
+ - Converted Clearance to a Rails engine.
722
+ - Include `Clearance::User` in User model in app.
723
+ - Include `Clearance::Authentication` in `ApplicationController`.
724
+ - Namespace controllers under `Clearance` module.
725
+ - Routes move to engine, use namespaced controllers but publicly the same.
726
+ - If you want to override a controller, subclass it like `SessionsController <
406
727
  Clearance::SessionsController`. This gives you access to usual hooks such as
407
728
  `url_after_create`.
408
- * Controllers, mailer, model, routes all unit tested inside engine. Use
729
+ - Controllers, mailer, model, routes all unit tested inside engine. Use
409
730
  `script/generate clearance_features` to test integration of Clearance with your
410
731
  Rails app. No longer including modules in your app's test files.
411
- * Moved views to engine.
412
- * Converted generated `test/factories/clearance.rb` to use inheritence for
732
+ - Moved views to engine.
733
+ - Converted generated `test/factories/clearance.rb` to use inheritence for
413
734
  `email_confirmed_user`.
414
- * Corrected some spelling errors with methods.
415
- * Converted "I should see error messages" to use a regex in the features.
416
- * Loading clearance routes after rails routes via some monkeypatching.
417
- * Made the clearance controllers `unloadable` to stop constant loading errors in
735
+ - Corrected some spelling errors with methods.
736
+ - Loading clearance routes after rails routes via some monkeypatching.
737
+ - Made the clearance controllers `unloadable` to stop constant loading errors in
418
738
  development mode.
419
739
 
420
- New for 0.5.6 (April 11, 2009):
740
+ [0.6.0]: https://github.com/thoughtbot/clearance/compare/v0.5.6...v0.6.0
741
+
742
+ ## [0.5.6] - April 11, 2009
421
743
 
422
- * Step definition changed for "User should see error messages" so features won't
744
+ ### Fixed
745
+ - Step definition changed for "User should see error messages" so features won't
423
746
  fail for certain validations.
424
747
 
425
- New for 0.5.5 (March 23, 2009):
748
+ [0.5.6]: https://github.com/thoughtbot/clearance/compare/v0.5.5...v0.5.6
426
749
 
427
- * Removing duplicate test to get rid of warning.
750
+ ## [0.5.5] - March 23, 2009
428
751
 
429
- New for 0.5.4 (March 21, 2009):
752
+ ### Fixed
753
+ - Removing duplicate test to get rid of warning.
430
754
 
431
- * When users fail logging in, redirect them instead of rendering.
755
+ [0.5.5]: https://github.com/thoughtbot/clearance/compare/v0.5.4...v0.5.5
432
756
 
433
- New for 0.5.3 (March 5, 2009):
757
+ ## [0.5.4] - March 21, 2009
434
758
 
435
- * Clearance now works with (and requires) Shoulda 2.10.0.
436
- * Prefer flat over nested contexts in `sessions_controller_test`.
759
+ ### Changed
760
+ - When users fail logging in, redirect them instead of rendering.
437
761
 
438
- New for 0.5.2 (March 2, 2009):
762
+ [0.5.4]: https://github.com/thoughtbot/clearance/compare/v0.5.3...v0.5.4
439
763
 
440
- * Fixed last remaining errors in Rails 2.3 tests. Now fully compatible.
764
+ ## [0.5.3] - March 5, 2009
441
765
 
442
- New for 0.5.1 (February 27, 2009):
766
+ ### Changed
767
+ - Clearance now works with (and requires) Shoulda 2.10.0.
443
768
 
444
- * A user with unconfirmed email who resets password now confirms email.
445
- * Refactored `user_from_cookie`, `user_from_session`, `User#authenticate` to use
446
- more direct return code instead of ugly, harder to read ternary.
447
- * Switch order of cookies and sessions to take advantage of Rails 2.3's
769
+ [0.5.3]: https://github.com/thoughtbot/clearance/compare/v0.5.2...v0.5.3
770
+
771
+ ## [0.5.2] - March 2, 2009
772
+
773
+ ### Added
774
+ - Full compatible with Rails 2.3 (all tests pass)
775
+
776
+ [0.5.2]: https://github.com/thoughtbot/clearance/compare/v0.5.1...v0.5.2
777
+
778
+ ## [0.5.1] - February 27, 2009
779
+
780
+ ### Changed
781
+ - A user with unconfirmed email who resets password now confirms email.
782
+ - Switch order of cookies and sessions to take advantage of Rails 2.3's
448
783
  "Rack-based lazy-loaded sessions",
449
- * Altered generator to interact with `application_controller.rb` instead of
784
+ - Altered generator to interact with `application_controller.rb` instead of
450
785
  `application.rb` in Rails 2.3 apps.
451
- * Bug fix. Rack-based session change altered how to test remember me cookie.
452
786
 
453
- New for 0.5.0 (February 27, 2009):
787
+ ### Fixed
788
+ - Rack-based session change altered how to test remember me cookie.
789
+
790
+ [0.5.1]: https://github.com/thoughtbot/clearance/compare/v0.5.0...v0.5.1
791
+
792
+ ## [0.5.0] - February 27, 2009
793
+
794
+ ### Fixed
795
+ - Fixed problem with Cucumber features.
796
+ - Fixed missing HTTP fluency use case.
797
+
798
+ [0.5.0]: https://github.com/thoughtbot/clearance/compare/v0.4.9...v0.5.0
799
+
800
+ ## [0.4.9] - February 20, 2009
801
+
802
+ ### Changed
803
+ - Protect passwords & confirmations actions with forbidden filters.
804
+ - Return 403 Forbidden status code in those cases.
454
805
 
455
- * Fixed problem with Cucumber features.
456
- * Fixed mising HTTP fluency use case.
457
- * Refactored `User#update_password` to take just parameters it needs.
458
- * Refactored `User` unit tests to be more readable.
806
+ ### Security
807
+ - Fixed bug that allowed anyone to edit another user's password.
459
808
 
460
- New for 0.4.9 (February 20, 2009):
809
+ [0.4.9]: https://github.com/thoughtbot/clearance/compare/v0.4.8...v0.4.9
461
810
 
462
- * Protect passwords & confirmations actions with forbidden filters.
463
- * Return 403 Forbidden status code in those cases.
464
- * Test 403 Forbidden status code in Cucumber feature.
465
- * Raise custom `ActionController::Forbidden` error internally.
466
- * Test `ActionController::Forbidden` error is raised in functional test.
467
- * Fixed bug that allowed anyone to edit another user's password.
468
- * Required Factory Girl >= 1.2.0.
811
+ ## [0.4.8] - February 16, 2009
469
812
 
470
- New for 0.4.8 (February 16, 2009):
813
+ ### Added
814
+ - Added documentation for the flash.
815
+ - Generators `require 'test_helper'` instead of `File.join` for RR
816
+ compatibility.
471
817
 
472
- * Added support paths for Cucumber.
473
- * Added documentation for the flash.
474
- * Generators `require 'test_helper'` instead of `File.join` for RR compatibility.
475
- * Removed interpolated email address from flash message to make i18n easier.
476
- * Standardized flash messages that refer to email delivery.
818
+ ### Changed
819
+ - Removed interpolated email address from flash message to make i18n easier.
820
+ - Standardized flash messages that refer to email delivery.
477
821
 
478
- New for 0.4.7 (February 12, 2009):
822
+ [0.4.8]: https://github.com/thoughtbot/clearance/compare/v0.4.7...v0.4.8
479
823
 
480
- * Removed `Clearance::Test::TestHelper` so there is one less setup step.
481
- * All test helpers now in `shoulda_macros`.
824
+ ## [0.4.7] - February 12, 2009
482
825
 
483
- New for 0.4.6 (February 11, 2009):
826
+ ### Changed
827
+ - Removed `Clearance::Test::TestHelper` so there is one less setup step.
828
+ - All test helpers now in `shoulda_macros`.
484
829
 
485
- * Made the modules behave like mixins again.
486
- * Created `Actions` and `PrivateMethods` modules on controllers for future RDoc
830
+ [0.4.7]: https://github.com/thoughtbot/clearance/compare/v0.4.7...v0.4.7
831
+
832
+ ## [0.4.6] - February 11, 2009
833
+
834
+ ### Added
835
+ - Created `Actions` and `PrivateMethods` modules on controllers for future RDoc
487
836
  reasons.
488
837
 
489
- New for 0.4.5 (February 9, 2009):
838
+ [0.4.6]: https://github.com/thoughtbot/clearance/compare/v0.4.5...v0.4.6
490
839
 
491
- * Removed email downcasing because local-part is case sensitive per
492
- RFC5321.
493
- * Removed dependency on Mocha.
494
- * Required Shoulda >= 2.9.1.
495
- * Added password reset feature to `clearance_features` generator.
496
- * Removed unnecessary `session[:salt]`.
497
- * Only store location for `session[:return_to]` for GET requests.
498
- * Audited "sign up" naming convention. "Register" had slipped in a few places.
499
- * Switched to `SHA1` encryption. Cypher doesn't matter much for email
840
+ ## [0.4.5] - February 9, 2009
841
+
842
+ ### Added
843
+ - Added password reset feature to `clearance_features` generator.
844
+
845
+ ### Changed
846
+ - Only store location for `session[:return_to]` for GET requests.
847
+ - Audited "sign up" naming convention. "Register" had slipped in a few places.
848
+ - Switched to `SHA1` encryption. Cypher doesn't matter much for email
500
849
  confirmation, password reset. Better to have shorter hashes in the emails for
501
850
  clients who line break on 72 chars.
502
851
 
503
- New for 0.4.4 (February 2, 2009):
852
+ ### Removed
853
+ - Removed email downcasing because local-part is case sensitive per
854
+ RFC5321.
855
+ - Removed unnecessary `session[:salt]`.
856
+
857
+ [0.4.5]: https://github.com/thoughtbot/clearance/compare/v0.4.4...v0.4.5
858
+
859
+ ## [0.4.4] - February 2, 2009
860
+
861
+ ### Added
862
+ - Added a generator for Cucumber features.
863
+
864
+ ### Changed
865
+ - Standardized naming for "Sign up," "Sign in," and "Sign out".
504
866
 
505
- * Added a generator for Cucumber features.
506
- * Standardized naming for "Sign up," "Sign in," and "Sign out".
867
+ [0.4.4]: https://github.com/thoughtbot/clearance/compare/v0.3.7...v0.4.4