clearance 2.0.0.beta2 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.erb-lint.yml +5 -0
- data/.travis.yml +5 -9
- data/Appraisals +14 -19
- data/Gemfile +11 -7
- data/Gemfile.lock +137 -84
- data/NEWS.md +90 -11
- data/README.md +11 -24
- data/RELEASING.md +25 -0
- data/Rakefile +6 -1
- data/app/controllers/clearance/base_controller.rb +8 -1
- data/app/controllers/clearance/passwords_controller.rb +24 -7
- data/app/views/clearance_mailer/change_password.html.erb +2 -2
- data/app/views/clearance_mailer/change_password.text.erb +2 -2
- data/clearance.gemspec +10 -3
- data/config/locales/clearance.en.yml +1 -0
- data/config/routes.rb +1 -1
- data/gemfiles/rails_5.0.gemfile +10 -9
- data/gemfiles/rails_5.1.gemfile +11 -10
- data/gemfiles/rails_5.2.gemfile +11 -10
- data/gemfiles/rails_6.0.gemfile +11 -10
- data/lib/clearance/authentication.rb +1 -1
- data/lib/clearance/back_door.rb +2 -1
- data/lib/clearance/configuration.rb +29 -18
- data/lib/clearance/password_strategies.rb +2 -5
- data/lib/clearance/password_strategies/argon2.rb +23 -0
- data/lib/clearance/password_strategies/bcrypt.rb +17 -11
- data/lib/clearance/rack_session.rb +5 -1
- data/lib/clearance/session.rb +19 -2
- data/lib/clearance/testing/deny_access_matcher.rb +1 -5
- data/lib/clearance/user.rb +12 -3
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/install_generator.rb +10 -0
- data/lib/generators/clearance/install/templates/README +10 -4
- data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb.erb +1 -1
- data/lib/generators/clearance/install/templates/db/migrate/create_users.rb.erb +1 -1
- data/lib/generators/clearance/routes/templates/routes.rb +1 -1
- data/spec/acceptance/clearance_installation_spec.rb +0 -4
- data/spec/app_templates/app/models/user.rb +1 -1
- data/spec/app_templates/testapp/app/views/layouts/application.html.erb +24 -0
- data/spec/clearance/back_door_spec.rb +20 -4
- data/spec/clearance/rack_session_spec.rb +2 -0
- data/spec/clearance/session_spec.rb +88 -8
- data/spec/clearance/testing/deny_access_matcher_spec.rb +32 -0
- data/spec/configuration_spec.rb +32 -14
- data/spec/controllers/passwords_controller_spec.rb +36 -0
- data/spec/dummy/app/controllers/application_controller.rb +1 -1
- data/spec/generators/clearance/install/install_generator_spec.rb +30 -1
- data/spec/generators/clearance/views/views_generator_spec.rb +0 -1
- data/spec/models/user_spec.rb +34 -5
- data/spec/password_strategies/argon2_spec.rb +79 -0
- data/spec/password_strategies/bcrypt_spec.rb +18 -1
- data/spec/requests/authentication_cookie_spec.rb +55 -0
- data/spec/spec_helper.rb +0 -1
- data/spec/support/generator_spec_helpers.rb +1 -5
- metadata +45 -15
- data/app/views/layouts/application.html.erb +0 -23
- data/spec/app_templates/app/models/rails5/user.rb +0 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 777ea26a3647f9d843995457a9fc073036fe60c7e3119c97a063345fbe85a7df
|
4
|
+
data.tar.gz: c57adcad1e84434b6ffc9dc6e4af275d14b1c4844736536ecf32ee00180f4429
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fb8a5c80c163df705026f5ebbfde61ed51475abe3ce24681dce56bbdb4394b37cf491e4ec8aecf33c00d4cc11f1a8826afd45c49a3465864d825da5b651d8e64
|
7
|
+
data.tar.gz: 3f24bdba4f83baf3a62ec80457a62e4d8dccec82f1f5b2f37d4b9514badffde150dc2b85b6e207a91a875264a85e679da49a9fb38e22c898bcfb1d200f537161
|
data/.erb-lint.yml
ADDED
data/.travis.yml
CHANGED
@@ -4,9 +4,10 @@ language:
|
|
4
4
|
- ruby
|
5
5
|
|
6
6
|
rvm:
|
7
|
-
- 2.4.
|
8
|
-
- 2.5.
|
9
|
-
- 2.6.
|
7
|
+
- 2.4.9
|
8
|
+
- 2.5.7
|
9
|
+
- 2.6.5
|
10
|
+
- 2.7.0
|
10
11
|
|
11
12
|
gemfile:
|
12
13
|
- gemfiles/rails_5.0.gemfile
|
@@ -14,9 +15,6 @@ gemfile:
|
|
14
15
|
- gemfiles/rails_5.2.gemfile
|
15
16
|
- gemfiles/rails_6.0.gemfile
|
16
17
|
|
17
|
-
before_install:
|
18
|
-
- gem update --system
|
19
|
-
|
20
18
|
install:
|
21
19
|
- "bin/setup"
|
22
20
|
|
@@ -26,7 +24,5 @@ branches:
|
|
26
24
|
|
27
25
|
matrix:
|
28
26
|
exclude:
|
29
|
-
- rvm: 2.4.
|
27
|
+
- rvm: 2.4.9
|
30
28
|
gemfile: gemfiles/rails_6.0.gemfile
|
31
|
-
|
32
|
-
sudo: false
|
data/Appraisals
CHANGED
@@ -1,23 +1,18 @@
|
|
1
|
-
|
2
|
-
5.0
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
1
|
+
appraise "rails_5.0" do
|
2
|
+
gem "railties", "~> 5.0"
|
3
|
+
gem 'rspec-rails', '~> 3.1'
|
4
|
+
gem 'capybara', '>= 2.6.2', '< 3.33.0'
|
5
|
+
gem 'sqlite3', '~> 1.3.13'
|
6
|
+
end
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
gem "rails-controller-testing"
|
8
|
+
appraise "rails_5.1" do
|
9
|
+
gem "railties", "~> 5.1"
|
10
|
+
end
|
12
11
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
gem 'sqlite3', '~> 1.4.0'
|
17
|
-
else
|
18
|
-
gem 'sqlite3', '~> 1.3.13'
|
19
|
-
gem 'rspec-rails', '~> 3.1'
|
20
|
-
end
|
12
|
+
appraise "rails_5.2" do
|
13
|
+
gem "railties", "~> 5.2"
|
14
|
+
end
|
21
15
|
|
22
|
-
|
16
|
+
appraise "rails_6.0" do
|
17
|
+
gem "railties", "~> 6.0"
|
23
18
|
end
|
data/Gemfile
CHANGED
@@ -2,13 +2,17 @@ source 'https://rubygems.org'
|
|
2
2
|
|
3
3
|
gemspec
|
4
4
|
|
5
|
-
gem 'addressable'
|
5
|
+
gem 'addressable'
|
6
6
|
gem 'ammeter'
|
7
7
|
gem 'appraisal'
|
8
|
-
gem 'capybara'
|
9
|
-
gem 'database_cleaner'
|
10
|
-
gem '
|
11
|
-
gem '
|
8
|
+
gem 'capybara'
|
9
|
+
gem 'database_cleaner'
|
10
|
+
gem 'erb_lint', require: false
|
11
|
+
gem 'factory_bot_rails'
|
12
|
+
gem 'nokogiri'
|
12
13
|
gem 'pry', require: false
|
13
|
-
gem '
|
14
|
-
gem '
|
14
|
+
gem 'rails-controller-testing'
|
15
|
+
gem 'rspec-rails'
|
16
|
+
gem 'shoulda-matchers'
|
17
|
+
gem 'sqlite3'
|
18
|
+
gem 'timecop'
|
data/Gemfile.lock
CHANGED
@@ -1,63 +1,76 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (2.
|
4
|
+
clearance (2.3.0)
|
5
5
|
actionmailer (>= 5.0)
|
6
6
|
activemodel (>= 5.0)
|
7
7
|
activerecord (>= 5.0)
|
8
|
-
|
9
|
-
|
8
|
+
argon2 (~> 2.0, >= 2.0.2)
|
9
|
+
bcrypt (>= 3.1.1)
|
10
|
+
email_validator (~> 2.0)
|
10
11
|
railties (>= 5.0)
|
11
12
|
|
12
13
|
GEM
|
13
14
|
remote: https://rubygems.org/
|
14
15
|
specs:
|
15
|
-
actionmailer (6.0.
|
16
|
-
actionpack (= 6.0.
|
17
|
-
actionview (= 6.0.
|
18
|
-
activejob (= 6.0.
|
16
|
+
actionmailer (6.0.3.2)
|
17
|
+
actionpack (= 6.0.3.2)
|
18
|
+
actionview (= 6.0.3.2)
|
19
|
+
activejob (= 6.0.3.2)
|
19
20
|
mail (~> 2.5, >= 2.5.4)
|
20
21
|
rails-dom-testing (~> 2.0)
|
21
|
-
actionpack (6.0.
|
22
|
-
actionview (= 6.0.
|
23
|
-
activesupport (= 6.0.
|
24
|
-
rack (~> 2.0)
|
22
|
+
actionpack (6.0.3.2)
|
23
|
+
actionview (= 6.0.3.2)
|
24
|
+
activesupport (= 6.0.3.2)
|
25
|
+
rack (~> 2.0, >= 2.0.8)
|
25
26
|
rack-test (>= 0.6.3)
|
26
27
|
rails-dom-testing (~> 2.0)
|
27
28
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
28
|
-
actionview (6.0.
|
29
|
-
activesupport (= 6.0.
|
29
|
+
actionview (6.0.3.2)
|
30
|
+
activesupport (= 6.0.3.2)
|
30
31
|
builder (~> 3.1)
|
31
32
|
erubi (~> 1.4)
|
32
33
|
rails-dom-testing (~> 2.0)
|
33
34
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
34
|
-
activejob (6.0.
|
35
|
-
activesupport (= 6.0.
|
35
|
+
activejob (6.0.3.2)
|
36
|
+
activesupport (= 6.0.3.2)
|
36
37
|
globalid (>= 0.3.6)
|
37
|
-
activemodel (6.0.
|
38
|
-
activesupport (= 6.0.
|
39
|
-
activerecord (6.0.
|
40
|
-
activemodel (= 6.0.
|
41
|
-
activesupport (= 6.0.
|
42
|
-
activesupport (6.0.
|
38
|
+
activemodel (6.0.3.2)
|
39
|
+
activesupport (= 6.0.3.2)
|
40
|
+
activerecord (6.0.3.2)
|
41
|
+
activemodel (= 6.0.3.2)
|
42
|
+
activesupport (= 6.0.3.2)
|
43
|
+
activesupport (6.0.3.2)
|
43
44
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
44
45
|
i18n (>= 0.7, < 2)
|
45
46
|
minitest (~> 5.1)
|
46
47
|
tzinfo (~> 1.1)
|
47
|
-
zeitwerk (~> 2.
|
48
|
-
addressable (2.
|
49
|
-
public_suffix (>= 2.0.2, <
|
48
|
+
zeitwerk (~> 2.2, >= 2.2.2)
|
49
|
+
addressable (2.7.0)
|
50
|
+
public_suffix (>= 2.0.2, < 5.0)
|
50
51
|
ammeter (1.1.4)
|
51
52
|
activesupport (>= 3.0)
|
52
53
|
railties (>= 3.0)
|
53
54
|
rspec-rails (>= 2.2)
|
54
|
-
appraisal (2.
|
55
|
+
appraisal (2.3.0)
|
55
56
|
bundler
|
56
57
|
rake
|
57
58
|
thor (>= 0.14.0)
|
58
|
-
|
59
|
-
|
60
|
-
|
59
|
+
argon2 (2.0.2)
|
60
|
+
ffi (~> 1.9)
|
61
|
+
ffi-compiler (>= 0.1)
|
62
|
+
ast (2.4.1)
|
63
|
+
bcrypt (3.1.15)
|
64
|
+
better_html (1.0.15)
|
65
|
+
actionview (>= 4.0)
|
66
|
+
activesupport (>= 4.0)
|
67
|
+
ast (~> 2.0)
|
68
|
+
erubi (~> 1.4)
|
69
|
+
html_tokenizer (~> 0.0.6)
|
70
|
+
parser (>= 2.4)
|
71
|
+
smart_properties
|
72
|
+
builder (3.2.4)
|
73
|
+
capybara (3.33.0)
|
61
74
|
addressable
|
62
75
|
mini_mime (>= 0.1.3)
|
63
76
|
nokogiri (~> 1.8)
|
@@ -65,97 +78,137 @@ GEM
|
|
65
78
|
rack-test (>= 0.6.3)
|
66
79
|
regexp_parser (~> 1.5)
|
67
80
|
xpath (~> 3.2)
|
68
|
-
coderay (1.1.
|
69
|
-
concurrent-ruby (1.1.
|
70
|
-
crass (1.0.
|
71
|
-
database_cleaner (1.
|
72
|
-
diff-lcs (1.
|
73
|
-
email_validator (
|
81
|
+
coderay (1.1.3)
|
82
|
+
concurrent-ruby (1.1.6)
|
83
|
+
crass (1.0.6)
|
84
|
+
database_cleaner (1.8.5)
|
85
|
+
diff-lcs (1.4.4)
|
86
|
+
email_validator (2.0.1)
|
74
87
|
activemodel
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
88
|
+
erb_lint (0.0.34)
|
89
|
+
activesupport
|
90
|
+
better_html (~> 1.0.7)
|
91
|
+
html_tokenizer
|
92
|
+
rainbow
|
93
|
+
rubocop (~> 0.79)
|
94
|
+
smart_properties
|
95
|
+
erubi (1.9.0)
|
96
|
+
factory_bot (6.1.0)
|
97
|
+
activesupport (>= 5.0.0)
|
98
|
+
factory_bot_rails (6.1.0)
|
99
|
+
factory_bot (~> 6.1.0)
|
100
|
+
railties (>= 5.0.0)
|
101
|
+
ffi (1.13.1)
|
102
|
+
ffi-compiler (1.0.1)
|
103
|
+
ffi (>= 1.0.0)
|
104
|
+
rake
|
81
105
|
globalid (0.4.2)
|
82
106
|
activesupport (>= 4.2.0)
|
83
|
-
|
107
|
+
html_tokenizer (0.0.7)
|
108
|
+
i18n (1.8.5)
|
84
109
|
concurrent-ruby (~> 1.0)
|
85
|
-
loofah (2.
|
110
|
+
loofah (2.6.0)
|
86
111
|
crass (~> 1.0.2)
|
87
112
|
nokogiri (>= 1.5.9)
|
88
113
|
mail (2.7.1)
|
89
114
|
mini_mime (>= 0.1.1)
|
90
|
-
method_source (0.
|
115
|
+
method_source (1.0.0)
|
91
116
|
mini_mime (1.0.2)
|
92
117
|
mini_portile2 (2.4.0)
|
93
|
-
minitest (5.
|
94
|
-
nokogiri (1.10.
|
118
|
+
minitest (5.14.1)
|
119
|
+
nokogiri (1.10.10)
|
95
120
|
mini_portile2 (~> 2.4.0)
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
121
|
+
parallel (1.19.2)
|
122
|
+
parser (2.7.1.4)
|
123
|
+
ast (~> 2.4.1)
|
124
|
+
pry (0.13.1)
|
125
|
+
coderay (~> 1.1)
|
126
|
+
method_source (~> 1.0)
|
127
|
+
public_suffix (4.0.5)
|
128
|
+
rack (2.2.3)
|
101
129
|
rack-test (1.1.0)
|
102
130
|
rack (>= 1.0, < 3)
|
131
|
+
rails-controller-testing (1.0.5)
|
132
|
+
actionpack (>= 5.0.1.rc1)
|
133
|
+
actionview (>= 5.0.1.rc1)
|
134
|
+
activesupport (>= 5.0.1.rc1)
|
103
135
|
rails-dom-testing (2.0.3)
|
104
136
|
activesupport (>= 4.2.0)
|
105
137
|
nokogiri (>= 1.6)
|
106
|
-
rails-html-sanitizer (1.
|
107
|
-
loofah (~> 2.
|
108
|
-
railties (6.0.
|
109
|
-
actionpack (= 6.0.
|
110
|
-
activesupport (= 6.0.
|
138
|
+
rails-html-sanitizer (1.3.0)
|
139
|
+
loofah (~> 2.3)
|
140
|
+
railties (6.0.3.2)
|
141
|
+
actionpack (= 6.0.3.2)
|
142
|
+
activesupport (= 6.0.3.2)
|
111
143
|
method_source
|
112
144
|
rake (>= 0.8.7)
|
113
145
|
thor (>= 0.20.3, < 2.0)
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
rspec-
|
146
|
+
rainbow (3.0.0)
|
147
|
+
rake (13.0.1)
|
148
|
+
regexp_parser (1.7.1)
|
149
|
+
rexml (3.2.4)
|
150
|
+
rspec-core (3.9.2)
|
151
|
+
rspec-support (~> 3.9.3)
|
152
|
+
rspec-expectations (3.9.2)
|
119
153
|
diff-lcs (>= 1.2.0, < 2.0)
|
120
|
-
rspec-support (~> 3.
|
121
|
-
rspec-mocks (3.
|
154
|
+
rspec-support (~> 3.9.0)
|
155
|
+
rspec-mocks (3.9.1)
|
122
156
|
diff-lcs (>= 1.2.0, < 2.0)
|
123
|
-
rspec-support (~> 3.
|
124
|
-
rspec-rails (
|
125
|
-
actionpack (>=
|
126
|
-
activesupport (>=
|
127
|
-
railties (>=
|
128
|
-
rspec-core (~> 3.
|
129
|
-
rspec-expectations (~> 3.
|
130
|
-
rspec-mocks (~> 3.
|
131
|
-
rspec-support (~> 3.
|
132
|
-
rspec-support (3.
|
133
|
-
|
157
|
+
rspec-support (~> 3.9.0)
|
158
|
+
rspec-rails (4.0.1)
|
159
|
+
actionpack (>= 4.2)
|
160
|
+
activesupport (>= 4.2)
|
161
|
+
railties (>= 4.2)
|
162
|
+
rspec-core (~> 3.9)
|
163
|
+
rspec-expectations (~> 3.9)
|
164
|
+
rspec-mocks (~> 3.9)
|
165
|
+
rspec-support (~> 3.9)
|
166
|
+
rspec-support (3.9.3)
|
167
|
+
rubocop (0.88.0)
|
168
|
+
parallel (~> 1.10)
|
169
|
+
parser (>= 2.7.1.1)
|
170
|
+
rainbow (>= 2.2.2, < 4.0)
|
171
|
+
regexp_parser (>= 1.7)
|
172
|
+
rexml
|
173
|
+
rubocop-ast (>= 0.1.0, < 1.0)
|
174
|
+
ruby-progressbar (~> 1.7)
|
175
|
+
unicode-display_width (>= 1.4.0, < 2.0)
|
176
|
+
rubocop-ast (0.3.0)
|
177
|
+
parser (>= 2.7.1.4)
|
178
|
+
ruby-progressbar (1.10.1)
|
179
|
+
shoulda-matchers (4.3.0)
|
134
180
|
activesupport (>= 4.2.0)
|
135
|
-
|
181
|
+
smart_properties (1.15.0)
|
182
|
+
sqlite3 (1.4.2)
|
183
|
+
thor (1.0.1)
|
136
184
|
thread_safe (0.3.6)
|
137
185
|
timecop (0.9.1)
|
138
|
-
tzinfo (1.2.
|
186
|
+
tzinfo (1.2.7)
|
139
187
|
thread_safe (~> 0.1)
|
188
|
+
unicode-display_width (1.7.0)
|
140
189
|
xpath (3.2.0)
|
141
190
|
nokogiri (~> 1.8)
|
142
|
-
zeitwerk (2.
|
191
|
+
zeitwerk (2.4.0)
|
143
192
|
|
144
193
|
PLATFORMS
|
145
194
|
ruby
|
146
195
|
|
147
196
|
DEPENDENCIES
|
148
|
-
addressable
|
197
|
+
addressable
|
149
198
|
ammeter
|
150
199
|
appraisal
|
151
|
-
capybara
|
200
|
+
capybara
|
152
201
|
clearance!
|
153
|
-
database_cleaner
|
154
|
-
|
155
|
-
|
202
|
+
database_cleaner
|
203
|
+
erb_lint
|
204
|
+
factory_bot_rails
|
205
|
+
nokogiri
|
156
206
|
pry
|
157
|
-
|
158
|
-
|
207
|
+
rails-controller-testing
|
208
|
+
rspec-rails
|
209
|
+
shoulda-matchers
|
210
|
+
sqlite3
|
211
|
+
timecop
|
159
212
|
|
160
213
|
BUNDLED WITH
|
161
|
-
1.
|
214
|
+
2.1.4
|
data/NEWS.md
CHANGED
@@ -3,15 +3,103 @@
|
|
3
3
|
The noteworthy changes for each Clearance version are included here. For a
|
4
4
|
complete changelog, see the git history for each version via the version links.
|
5
5
|
|
6
|
-
## [2.
|
6
|
+
## [2.3.0] - August 14, 2020
|
7
|
+
|
8
|
+
### Fixed
|
9
|
+
|
10
|
+
- Delete cookie correctly when a callable object is set as the custom domain
|
11
|
+
setting.
|
12
|
+
- Strip `as` parameter when signing in through the back door.
|
13
|
+
- Remove broken autoload for deprecated password strategies.
|
14
|
+
|
15
|
+
### Changed
|
16
|
+
|
17
|
+
- Deliver password reset email inline rather than in the background.
|
18
|
+
- Remove unnecessary unsafe interpolation in erb templates.
|
19
|
+
|
20
|
+
[2.3.0]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.3.0
|
21
|
+
|
22
|
+
## [2.2.1] - August 7, 2020
|
23
|
+
|
24
|
+
### Fixed
|
25
|
+
|
26
|
+
- Prevent user enumeration by timing attacks. Trying to log in with an
|
27
|
+
unrecognized email address will now take the same amount of time as for a user
|
28
|
+
that does exist in the system.
|
29
|
+
|
30
|
+
[2.2.1]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.2.1
|
31
|
+
|
32
|
+
## [2.2.0] - July 9, 2020
|
33
|
+
|
34
|
+
### Added
|
35
|
+
|
36
|
+
- Add an Argon2 password strategy
|
37
|
+
|
38
|
+
### Fixed
|
39
|
+
|
40
|
+
- Use strings instead of classes on guard classes, avoids Rails deprecation
|
41
|
+
warning.
|
42
|
+
- Use `find_by` style for finders, improves neo4j support
|
43
|
+
- Provide explicit case sensitivity option for email uniqueness, avoid Rails
|
44
|
+
deprecation warning.
|
45
|
+
|
46
|
+
[2.2.0]: https://github.com/thoughtbot/clearance/compare/v2.1.0...v2.2.0
|
47
|
+
|
48
|
+
## [2.1.0] - December 19, 2019
|
49
|
+
|
50
|
+
### Added
|
51
|
+
|
52
|
+
- Add a `parent_controller` configuration option to specify the controller that
|
53
|
+
Clearance's `BaseController` will inherit from. Defaults to a value of
|
54
|
+
`ApplicationController`.
|
55
|
+
- Use the configured `primary_key_type` from the Active Record settings of the
|
56
|
+
project including Clearance, if it is set, while generating migrations. For
|
57
|
+
example, a setting of `:uuid` in a Rails app using Clearance will cause the
|
58
|
+
clearance-generated migrations to use this for the `users` table id type.
|
59
|
+
|
60
|
+
### Fixed
|
61
|
+
|
62
|
+
- Delete cookies correctly when a custom domain setting is being used.
|
63
|
+
- Do not set the authorization cookie on requests which did not exercise the
|
64
|
+
authorization code. Reduces the chances of leaving an auth cookie in a
|
65
|
+
publicly cacheable page that didn't require authorization to access.
|
66
|
+
|
67
|
+
### Changed
|
68
|
+
|
69
|
+
- Update the `email_validator` gem to a newer version embrace the more relaxed
|
70
|
+
email validation options which it now defaults to.
|
71
|
+
- When a password reset request is submitted without an email address, a flash
|
72
|
+
alert is now provided. Previously this continued silently as though it had
|
73
|
+
worked. We still proceed that way when there is an invalid (but present)
|
74
|
+
value, so as not to reveal existent vs. non-existent emails in the database.
|
75
|
+
|
76
|
+
### Removed
|
77
|
+
|
78
|
+
- Remove an unused route to `passwords#create` nested under `users`.
|
79
|
+
- No longer include the (rarely used in practice) application layout as part of
|
80
|
+
the views installer; but continue to provide some stock sign-in/out and flash
|
81
|
+
partial code in the gem installation README output.
|
82
|
+
|
83
|
+
### Deprecated
|
84
|
+
|
85
|
+
- Remove the existing deprecation notice around the `rotate_csrf_on_sign_in`
|
86
|
+
setting, and make that setting default to true.
|
87
|
+
|
88
|
+
[2.1.0]: https://github.com/thoughtbot/clearance/compare/v2.0.0...v2.1.0
|
89
|
+
|
90
|
+
## [2.0.0] - November 12, 2019
|
7
91
|
|
8
92
|
### Added
|
9
93
|
|
10
94
|
- Add support for Rails version 6
|
11
95
|
- Allow `cookie_domain` to be configured with a lambda for custom configuration
|
96
|
+
- Add ability to configure BCrypt computational cost of hash calculation.
|
97
|
+
- Add `same_site` configuration option for increased CSRF protection.
|
12
98
|
|
13
99
|
### Fixed
|
14
100
|
|
101
|
+
- Fix issue where invalid params could raise `NoMethodError` when updating and
|
102
|
+
resetting passwords.
|
15
103
|
- The backdoor auth mechanism now supports scenarios where `Rails.env` has been
|
16
104
|
configured via env variables other than `RAILS_ENV` (`RACK_ENV` for example).
|
17
105
|
|
@@ -19,15 +107,6 @@ complete changelog, see the git history for each version via the version links.
|
|
19
107
|
|
20
108
|
- Removed support for Ruby versions older than 2.4
|
21
109
|
- Removed support for Rails versions older than 5.0
|
22
|
-
|
23
|
-
[2.0.0.beta2]: https://github.com/thoughtbot/clearance/compare/v2.0.0.beta1...v2.0.0.beta2
|
24
|
-
|
25
|
-
## [2.0.0.beta1] - April 12, 2019
|
26
|
-
|
27
|
-
### Removed
|
28
|
-
|
29
|
-
- Removed support for Ruby versions older than 2.3
|
30
|
-
- Removed support for Rails versions older than 4.2
|
31
110
|
- Removed all deprecated code from Clearance 1.x
|
32
111
|
|
33
112
|
### Changed
|
@@ -35,7 +114,7 @@ complete changelog, see the git history for each version via the version links.
|
|
35
114
|
- Flash messages now use `flash[:alert]` rather than `flash[:notice]` as they
|
36
115
|
were used as errors more often than notices.
|
37
116
|
|
38
|
-
[2.0.0
|
117
|
+
[2.0.0]: https://github.com/thoughtbot/clearance/compare/v1.17.0...v2.0.0
|
39
118
|
|
40
119
|
## [1.17.0] - April 11, 2019
|
41
120
|
|