clearance 2.0.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.erb-lint.yml +5 -0
- data/.github/workflows/tests.yml +52 -0
- data/Appraisals +14 -19
- data/Gemfile +11 -7
- data/Gemfile.lock +142 -87
- data/NEWS.md +94 -0
- data/README.md +4 -24
- data/RELEASING.md +25 -0
- data/Rakefile +6 -1
- data/app/controllers/clearance/base_controller.rb +8 -1
- data/app/controllers/clearance/passwords_controller.rb +16 -3
- data/app/views/clearance_mailer/change_password.html.erb +2 -2
- data/app/views/clearance_mailer/change_password.text.erb +2 -2
- data/app/views/passwords/edit.html.erb +1 -1
- data/clearance.gemspec +9 -2
- data/config/locales/clearance.en.yml +1 -0
- data/config/routes.rb +1 -1
- data/gemfiles/rails_5.0.gemfile +10 -9
- data/gemfiles/rails_5.1.gemfile +11 -10
- data/gemfiles/rails_5.2.gemfile +11 -10
- data/gemfiles/rails_6.0.gemfile +11 -10
- data/gemfiles/rails_6.1.gemfile +21 -0
- data/lib/clearance/authentication.rb +1 -1
- data/lib/clearance/back_door.rb +2 -1
- data/lib/clearance/configuration.rb +37 -18
- data/lib/clearance/password_strategies.rb +2 -5
- data/lib/clearance/password_strategies/argon2.rb +23 -0
- data/lib/clearance/rack_session.rb +5 -1
- data/lib/clearance/session.rb +40 -12
- data/lib/clearance/user.rb +12 -3
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/install_generator.rb +13 -0
- data/lib/generators/clearance/install/templates/README +10 -4
- data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb.erb +1 -1
- data/lib/generators/clearance/install/templates/db/migrate/create_users.rb.erb +1 -1
- data/lib/generators/clearance/routes/templates/routes.rb +1 -1
- data/spec/acceptance/clearance_installation_spec.rb +0 -4
- data/spec/app_templates/app/models/user.rb +1 -1
- data/spec/app_templates/testapp/app/views/layouts/application.html.erb +24 -0
- data/spec/clearance/back_door_spec.rb +20 -4
- data/spec/clearance/rack_session_spec.rb +3 -2
- data/spec/clearance/session_spec.rb +154 -51
- data/spec/configuration_spec.rb +60 -14
- data/spec/controllers/passwords_controller_spec.rb +19 -5
- data/spec/dummy/app/controllers/application_controller.rb +1 -1
- data/spec/generators/clearance/install/install_generator_spec.rb +36 -1
- data/spec/generators/clearance/views/views_generator_spec.rb +0 -1
- data/spec/mailers/clearance_mailer_spec.rb +33 -0
- data/spec/models/user_spec.rb +34 -5
- data/spec/password_strategies/argon2_spec.rb +79 -0
- data/spec/requests/authentication_cookie_spec.rb +55 -0
- data/spec/spec_helper.rb +0 -1
- data/spec/support/clearance.rb +11 -0
- data/spec/support/generator_spec_helpers.rb +1 -5
- data/spec/support/request_with_remember_token.rb +8 -6
- metadata +42 -12
- data/.travis.yml +0 -32
- data/app/views/layouts/application.html.erb +0 -23
- data/spec/app_templates/app/models/rails5/user.rb +0 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 73e524b6026ced3c81ba4f5755fcc40190b5ca08e058d4297780600dc09dfa9a
|
4
|
+
data.tar.gz: 5c8fe49a083f5bddf070ed33eed1c78b5154d5da2c4f6bb3b52f5709c3db7875
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b8f2689813bcd73ed5d8cd9f5783f3659dbf001f924af4c595c2a5470ad5d1b9d9f57126117626204f0cec9e13b989d757e4baa33e077bc7b6cfde394d6a2f3d
|
7
|
+
data.tar.gz: ac38abe61a29243c8e253954accad74c8ada5532876b53483ce4991b745124c265674a6df908814a78b3ef4d467e8abd27e9355332e9162bfd25865f8b7bea2b
|
data/.erb-lint.yml
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
name: CI Tests
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: "master"
|
6
|
+
pull_request:
|
7
|
+
branches: "*"
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
test:
|
11
|
+
name: "Ruby ${{ matrix.ruby }}, Rails ${{ matrix.gemfile }}"
|
12
|
+
|
13
|
+
runs-on: ubuntu-latest
|
14
|
+
|
15
|
+
strategy:
|
16
|
+
fail-fast: false
|
17
|
+
matrix:
|
18
|
+
gemfile:
|
19
|
+
- "5.0"
|
20
|
+
- "5.1"
|
21
|
+
- "5.2"
|
22
|
+
- "6.0"
|
23
|
+
- "6.1"
|
24
|
+
ruby:
|
25
|
+
- "2.4.9"
|
26
|
+
- "2.5.7"
|
27
|
+
- "2.6.5"
|
28
|
+
- "2.7.2"
|
29
|
+
exclude:
|
30
|
+
- gemfile: "6.0"
|
31
|
+
ruby: "2.4.9"
|
32
|
+
- gemfile: "6.1"
|
33
|
+
ruby: "2.4.9"
|
34
|
+
|
35
|
+
env:
|
36
|
+
BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile
|
37
|
+
RAILS_ENV: test
|
38
|
+
|
39
|
+
steps:
|
40
|
+
- uses: actions/checkout@v2
|
41
|
+
|
42
|
+
- name: "Install Ruby ${{ matrix.ruby }}"
|
43
|
+
uses: ruby/setup-ruby@v1
|
44
|
+
with:
|
45
|
+
ruby-version: ${{ matrix.ruby }}
|
46
|
+
bundler-cache: true
|
47
|
+
|
48
|
+
- name: "Reset app database"
|
49
|
+
run: bundle exec rake dummy:db:reset
|
50
|
+
|
51
|
+
- name: "Run tests"
|
52
|
+
run: bundle exec rake
|
data/Appraisals
CHANGED
@@ -1,23 +1,18 @@
|
|
1
|
-
|
2
|
-
5.0
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
1
|
+
appraise "rails_5.0" do
|
2
|
+
gem "railties", "~> 5.0"
|
3
|
+
gem 'rspec-rails', '~> 3.1'
|
4
|
+
gem 'capybara', '>= 2.6.2', '< 3.33.0'
|
5
|
+
gem 'sqlite3', '~> 1.3.13'
|
6
|
+
end
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
gem "rails-controller-testing"
|
8
|
+
appraise "rails_5.1" do
|
9
|
+
gem "railties", "~> 5.1"
|
10
|
+
end
|
12
11
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
gem 'sqlite3', '~> 1.4.0'
|
17
|
-
else
|
18
|
-
gem 'sqlite3', '~> 1.3.13'
|
19
|
-
gem 'rspec-rails', '~> 3.1'
|
20
|
-
end
|
12
|
+
appraise "rails_5.2" do
|
13
|
+
gem "railties", "~> 5.2"
|
14
|
+
end
|
21
15
|
|
22
|
-
|
16
|
+
appraise "rails_6.0" do
|
17
|
+
gem "railties", "~> 6.0"
|
23
18
|
end
|
data/Gemfile
CHANGED
@@ -2,13 +2,17 @@ source 'https://rubygems.org'
|
|
2
2
|
|
3
3
|
gemspec
|
4
4
|
|
5
|
-
gem 'addressable'
|
5
|
+
gem 'addressable'
|
6
6
|
gem 'ammeter'
|
7
7
|
gem 'appraisal'
|
8
|
-
gem 'capybara'
|
9
|
-
gem 'database_cleaner'
|
10
|
-
gem '
|
11
|
-
gem '
|
8
|
+
gem 'capybara'
|
9
|
+
gem 'database_cleaner'
|
10
|
+
gem 'erb_lint', require: false
|
11
|
+
gem 'factory_bot_rails'
|
12
|
+
gem 'nokogiri'
|
12
13
|
gem 'pry', require: false
|
13
|
-
gem '
|
14
|
-
gem '
|
14
|
+
gem 'rails-controller-testing'
|
15
|
+
gem 'rspec-rails'
|
16
|
+
gem 'shoulda-matchers'
|
17
|
+
gem 'sqlite3'
|
18
|
+
gem 'timecop'
|
data/Gemfile.lock
CHANGED
@@ -1,63 +1,77 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (2.
|
4
|
+
clearance (2.3.1)
|
5
5
|
actionmailer (>= 5.0)
|
6
6
|
activemodel (>= 5.0)
|
7
7
|
activerecord (>= 5.0)
|
8
|
+
argon2 (~> 2.0, >= 2.0.2)
|
8
9
|
bcrypt (>= 3.1.1)
|
9
|
-
email_validator (~>
|
10
|
+
email_validator (~> 2.0)
|
10
11
|
railties (>= 5.0)
|
11
12
|
|
12
13
|
GEM
|
13
14
|
remote: https://rubygems.org/
|
14
15
|
specs:
|
15
|
-
actionmailer (6.
|
16
|
-
actionpack (= 6.
|
17
|
-
actionview (= 6.
|
18
|
-
activejob (= 6.
|
16
|
+
actionmailer (6.1.3)
|
17
|
+
actionpack (= 6.1.3)
|
18
|
+
actionview (= 6.1.3)
|
19
|
+
activejob (= 6.1.3)
|
20
|
+
activesupport (= 6.1.3)
|
19
21
|
mail (~> 2.5, >= 2.5.4)
|
20
22
|
rails-dom-testing (~> 2.0)
|
21
|
-
actionpack (6.
|
22
|
-
actionview (= 6.
|
23
|
-
activesupport (= 6.
|
24
|
-
rack (~> 2.0)
|
23
|
+
actionpack (6.1.3)
|
24
|
+
actionview (= 6.1.3)
|
25
|
+
activesupport (= 6.1.3)
|
26
|
+
rack (~> 2.0, >= 2.0.9)
|
25
27
|
rack-test (>= 0.6.3)
|
26
28
|
rails-dom-testing (~> 2.0)
|
27
29
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
28
|
-
actionview (6.
|
29
|
-
activesupport (= 6.
|
30
|
+
actionview (6.1.3)
|
31
|
+
activesupport (= 6.1.3)
|
30
32
|
builder (~> 3.1)
|
31
33
|
erubi (~> 1.4)
|
32
34
|
rails-dom-testing (~> 2.0)
|
33
35
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
34
|
-
activejob (6.
|
35
|
-
activesupport (= 6.
|
36
|
+
activejob (6.1.3)
|
37
|
+
activesupport (= 6.1.3)
|
36
38
|
globalid (>= 0.3.6)
|
37
|
-
activemodel (6.
|
38
|
-
activesupport (= 6.
|
39
|
-
activerecord (6.
|
40
|
-
activemodel (= 6.
|
41
|
-
activesupport (= 6.
|
42
|
-
activesupport (6.
|
39
|
+
activemodel (6.1.3)
|
40
|
+
activesupport (= 6.1.3)
|
41
|
+
activerecord (6.1.3)
|
42
|
+
activemodel (= 6.1.3)
|
43
|
+
activesupport (= 6.1.3)
|
44
|
+
activesupport (6.1.3)
|
43
45
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
44
|
-
i18n (>=
|
45
|
-
minitest (
|
46
|
-
tzinfo (~>
|
47
|
-
zeitwerk (~> 2.
|
48
|
-
addressable (2.
|
49
|
-
public_suffix (>= 2.0.2, <
|
46
|
+
i18n (>= 1.6, < 2)
|
47
|
+
minitest (>= 5.1)
|
48
|
+
tzinfo (~> 2.0)
|
49
|
+
zeitwerk (~> 2.3)
|
50
|
+
addressable (2.7.0)
|
51
|
+
public_suffix (>= 2.0.2, < 5.0)
|
50
52
|
ammeter (1.1.4)
|
51
53
|
activesupport (>= 3.0)
|
52
54
|
railties (>= 3.0)
|
53
55
|
rspec-rails (>= 2.2)
|
54
|
-
appraisal (2.
|
56
|
+
appraisal (2.3.0)
|
55
57
|
bundler
|
56
58
|
rake
|
57
59
|
thor (>= 0.14.0)
|
58
|
-
|
59
|
-
|
60
|
-
|
60
|
+
argon2 (2.0.3)
|
61
|
+
ffi (~> 1.14)
|
62
|
+
ffi-compiler (~> 1.0)
|
63
|
+
ast (2.4.2)
|
64
|
+
bcrypt (3.1.16)
|
65
|
+
better_html (1.0.16)
|
66
|
+
actionview (>= 4.0)
|
67
|
+
activesupport (>= 4.0)
|
68
|
+
ast (~> 2.0)
|
69
|
+
erubi (~> 1.4)
|
70
|
+
html_tokenizer (~> 0.0.6)
|
71
|
+
parser (>= 2.4)
|
72
|
+
smart_properties
|
73
|
+
builder (3.2.4)
|
74
|
+
capybara (3.33.0)
|
61
75
|
addressable
|
62
76
|
mini_mime (>= 0.1.3)
|
63
77
|
nokogiri (~> 1.8)
|
@@ -65,97 +79,138 @@ GEM
|
|
65
79
|
rack-test (>= 0.6.3)
|
66
80
|
regexp_parser (~> 1.5)
|
67
81
|
xpath (~> 3.2)
|
68
|
-
coderay (1.1.
|
69
|
-
concurrent-ruby (1.1.
|
70
|
-
crass (1.0.
|
71
|
-
database_cleaner (1.
|
72
|
-
diff-lcs (1.
|
73
|
-
email_validator (
|
82
|
+
coderay (1.1.3)
|
83
|
+
concurrent-ruby (1.1.8)
|
84
|
+
crass (1.0.6)
|
85
|
+
database_cleaner (1.8.5)
|
86
|
+
diff-lcs (1.4.4)
|
87
|
+
email_validator (2.2.2)
|
74
88
|
activemodel
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
89
|
+
erb_lint (0.0.34)
|
90
|
+
activesupport
|
91
|
+
better_html (~> 1.0.7)
|
92
|
+
html_tokenizer
|
93
|
+
rainbow
|
94
|
+
rubocop (~> 0.79)
|
95
|
+
smart_properties
|
96
|
+
erubi (1.10.0)
|
97
|
+
factory_bot (6.1.0)
|
98
|
+
activesupport (>= 5.0.0)
|
99
|
+
factory_bot_rails (6.1.0)
|
100
|
+
factory_bot (~> 6.1.0)
|
101
|
+
railties (>= 5.0.0)
|
102
|
+
ffi (1.14.2)
|
103
|
+
ffi-compiler (1.0.1)
|
104
|
+
ffi (>= 1.0.0)
|
105
|
+
rake
|
81
106
|
globalid (0.4.2)
|
82
107
|
activesupport (>= 4.2.0)
|
83
|
-
|
108
|
+
html_tokenizer (0.0.7)
|
109
|
+
i18n (1.8.9)
|
84
110
|
concurrent-ruby (~> 1.0)
|
85
|
-
loofah (2.
|
111
|
+
loofah (2.9.0)
|
86
112
|
crass (~> 1.0.2)
|
87
113
|
nokogiri (>= 1.5.9)
|
88
114
|
mail (2.7.1)
|
89
115
|
mini_mime (>= 0.1.1)
|
90
|
-
method_source (0.
|
116
|
+
method_source (1.0.0)
|
91
117
|
mini_mime (1.0.2)
|
92
|
-
mini_portile2 (2.
|
93
|
-
minitest (5.
|
94
|
-
nokogiri (1.
|
95
|
-
mini_portile2 (~> 2.
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
118
|
+
mini_portile2 (2.5.0)
|
119
|
+
minitest (5.14.4)
|
120
|
+
nokogiri (1.11.1)
|
121
|
+
mini_portile2 (~> 2.5.0)
|
122
|
+
racc (~> 1.4)
|
123
|
+
parallel (1.19.2)
|
124
|
+
parser (3.0.0.0)
|
125
|
+
ast (~> 2.4.1)
|
126
|
+
pry (0.13.1)
|
127
|
+
coderay (~> 1.1)
|
128
|
+
method_source (~> 1.0)
|
129
|
+
public_suffix (4.0.5)
|
130
|
+
racc (1.5.2)
|
131
|
+
rack (2.2.3)
|
101
132
|
rack-test (1.1.0)
|
102
133
|
rack (>= 1.0, < 3)
|
134
|
+
rails-controller-testing (1.0.5)
|
135
|
+
actionpack (>= 5.0.1.rc1)
|
136
|
+
actionview (>= 5.0.1.rc1)
|
137
|
+
activesupport (>= 5.0.1.rc1)
|
103
138
|
rails-dom-testing (2.0.3)
|
104
139
|
activesupport (>= 4.2.0)
|
105
140
|
nokogiri (>= 1.6)
|
106
141
|
rails-html-sanitizer (1.3.0)
|
107
142
|
loofah (~> 2.3)
|
108
|
-
railties (6.
|
109
|
-
actionpack (= 6.
|
110
|
-
activesupport (= 6.
|
143
|
+
railties (6.1.3)
|
144
|
+
actionpack (= 6.1.3)
|
145
|
+
activesupport (= 6.1.3)
|
111
146
|
method_source
|
112
147
|
rake (>= 0.8.7)
|
113
|
-
thor (
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
rspec-
|
148
|
+
thor (~> 1.0)
|
149
|
+
rainbow (3.0.0)
|
150
|
+
rake (13.0.3)
|
151
|
+
regexp_parser (1.7.1)
|
152
|
+
rexml (3.2.4)
|
153
|
+
rspec-core (3.9.2)
|
154
|
+
rspec-support (~> 3.9.3)
|
155
|
+
rspec-expectations (3.9.2)
|
119
156
|
diff-lcs (>= 1.2.0, < 2.0)
|
120
157
|
rspec-support (~> 3.9.0)
|
121
|
-
rspec-mocks (3.9.
|
158
|
+
rspec-mocks (3.9.1)
|
122
159
|
diff-lcs (>= 1.2.0, < 2.0)
|
123
160
|
rspec-support (~> 3.9.0)
|
124
|
-
rspec-rails (
|
125
|
-
actionpack (>=
|
126
|
-
activesupport (>=
|
127
|
-
railties (>=
|
128
|
-
rspec-core (~> 3.9
|
129
|
-
rspec-expectations (~> 3.9
|
130
|
-
rspec-mocks (~> 3.9
|
131
|
-
rspec-support (~> 3.9
|
132
|
-
rspec-support (3.9.
|
133
|
-
|
161
|
+
rspec-rails (4.0.1)
|
162
|
+
actionpack (>= 4.2)
|
163
|
+
activesupport (>= 4.2)
|
164
|
+
railties (>= 4.2)
|
165
|
+
rspec-core (~> 3.9)
|
166
|
+
rspec-expectations (~> 3.9)
|
167
|
+
rspec-mocks (~> 3.9)
|
168
|
+
rspec-support (~> 3.9)
|
169
|
+
rspec-support (3.9.3)
|
170
|
+
rubocop (0.88.0)
|
171
|
+
parallel (~> 1.10)
|
172
|
+
parser (>= 2.7.1.1)
|
173
|
+
rainbow (>= 2.2.2, < 4.0)
|
174
|
+
regexp_parser (>= 1.7)
|
175
|
+
rexml
|
176
|
+
rubocop-ast (>= 0.1.0, < 1.0)
|
177
|
+
ruby-progressbar (~> 1.7)
|
178
|
+
unicode-display_width (>= 1.4.0, < 2.0)
|
179
|
+
rubocop-ast (0.3.0)
|
180
|
+
parser (>= 2.7.1.4)
|
181
|
+
ruby-progressbar (1.10.1)
|
182
|
+
shoulda-matchers (4.3.0)
|
134
183
|
activesupport (>= 4.2.0)
|
135
|
-
|
136
|
-
|
184
|
+
smart_properties (1.15.0)
|
185
|
+
sqlite3 (1.4.2)
|
186
|
+
thor (1.1.0)
|
137
187
|
timecop (0.9.1)
|
138
|
-
tzinfo (
|
139
|
-
|
188
|
+
tzinfo (2.0.4)
|
189
|
+
concurrent-ruby (~> 1.0)
|
190
|
+
unicode-display_width (1.7.0)
|
140
191
|
xpath (3.2.0)
|
141
192
|
nokogiri (~> 1.8)
|
142
|
-
zeitwerk (2.2
|
193
|
+
zeitwerk (2.4.2)
|
143
194
|
|
144
195
|
PLATFORMS
|
145
196
|
ruby
|
146
197
|
|
147
198
|
DEPENDENCIES
|
148
|
-
addressable
|
199
|
+
addressable
|
149
200
|
ammeter
|
150
201
|
appraisal
|
151
|
-
capybara
|
202
|
+
capybara
|
152
203
|
clearance!
|
153
|
-
database_cleaner
|
154
|
-
|
155
|
-
|
204
|
+
database_cleaner
|
205
|
+
erb_lint
|
206
|
+
factory_bot_rails
|
207
|
+
nokogiri
|
156
208
|
pry
|
157
|
-
|
158
|
-
|
209
|
+
rails-controller-testing
|
210
|
+
rspec-rails
|
211
|
+
shoulda-matchers
|
212
|
+
sqlite3
|
213
|
+
timecop
|
159
214
|
|
160
215
|
BUNDLED WITH
|
161
|
-
1.
|
216
|
+
2.1.4
|
data/NEWS.md
CHANGED
@@ -3,6 +3,100 @@
|
|
3
3
|
The noteworthy changes for each Clearance version are included here. For a
|
4
4
|
complete changelog, see the git history for each version via the version links.
|
5
5
|
|
6
|
+
## [2.3.1] - March 5, 2021
|
7
|
+
|
8
|
+
### Fixed
|
9
|
+
|
10
|
+
- Support for accessing Rails 6.x primary_key_type in generator.
|
11
|
+
- Fix password reset URLs when using a custom model
|
12
|
+
- Fix flaky test that relied on too specific time delta
|
13
|
+
- Revert case sensitivity for email uniqueness
|
14
|
+
- Bump nokogiri and actionview dependencies to address security vulnerabilities
|
15
|
+
|
16
|
+
## [2.3.0] - August 14, 2020
|
17
|
+
|
18
|
+
### Fixed
|
19
|
+
|
20
|
+
- Delete cookie correctly when a callable object is set as the custom domain
|
21
|
+
setting.
|
22
|
+
- Strip `as` parameter when signing in through the back door.
|
23
|
+
- Remove broken autoload for deprecated password strategies.
|
24
|
+
|
25
|
+
### Changed
|
26
|
+
|
27
|
+
- Deliver password reset email inline rather than in the background.
|
28
|
+
- Remove unnecessary unsafe interpolation in erb templates.
|
29
|
+
|
30
|
+
[2.3.0]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.3.0
|
31
|
+
|
32
|
+
## [2.2.1] - August 7, 2020
|
33
|
+
|
34
|
+
### Fixed
|
35
|
+
|
36
|
+
- Prevent user enumeration by timing attacks. Trying to log in with an
|
37
|
+
unrecognized email address will now take the same amount of time as for a user
|
38
|
+
that does exist in the system.
|
39
|
+
|
40
|
+
[2.2.1]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.2.1
|
41
|
+
|
42
|
+
## [2.2.0] - July 9, 2020
|
43
|
+
|
44
|
+
### Added
|
45
|
+
|
46
|
+
- Add an Argon2 password strategy
|
47
|
+
|
48
|
+
### Fixed
|
49
|
+
|
50
|
+
- Use strings instead of classes on guard classes, avoids Rails deprecation
|
51
|
+
warning.
|
52
|
+
- Use `find_by` style for finders, improves neo4j support
|
53
|
+
- Provide explicit case sensitivity option for email uniqueness, avoid Rails
|
54
|
+
deprecation warning.
|
55
|
+
|
56
|
+
[2.2.0]: https://github.com/thoughtbot/clearance/compare/v2.1.0...v2.2.0
|
57
|
+
|
58
|
+
## [2.1.0] - December 19, 2019
|
59
|
+
|
60
|
+
### Added
|
61
|
+
|
62
|
+
- Add a `parent_controller` configuration option to specify the controller that
|
63
|
+
Clearance's `BaseController` will inherit from. Defaults to a value of
|
64
|
+
`ApplicationController`.
|
65
|
+
- Use the configured `primary_key_type` from the Active Record settings of the
|
66
|
+
project including Clearance, if it is set, while generating migrations. For
|
67
|
+
example, a setting of `:uuid` in a Rails app using Clearance will cause the
|
68
|
+
clearance-generated migrations to use this for the `users` table id type.
|
69
|
+
|
70
|
+
### Fixed
|
71
|
+
|
72
|
+
- Delete cookies correctly when a custom domain setting is being used.
|
73
|
+
- Do not set the authorization cookie on requests which did not exercise the
|
74
|
+
authorization code. Reduces the chances of leaving an auth cookie in a
|
75
|
+
publicly cacheable page that didn't require authorization to access.
|
76
|
+
|
77
|
+
### Changed
|
78
|
+
|
79
|
+
- Update the `email_validator` gem to a newer version embrace the more relaxed
|
80
|
+
email validation options which it now defaults to.
|
81
|
+
- When a password reset request is submitted without an email address, a flash
|
82
|
+
alert is now provided. Previously this continued silently as though it had
|
83
|
+
worked. We still proceed that way when there is an invalid (but present)
|
84
|
+
value, so as not to reveal existent vs. non-existent emails in the database.
|
85
|
+
|
86
|
+
### Removed
|
87
|
+
|
88
|
+
- Remove an unused route to `passwords#create` nested under `users`.
|
89
|
+
- No longer include the (rarely used in practice) application layout as part of
|
90
|
+
the views installer; but continue to provide some stock sign-in/out and flash
|
91
|
+
partial code in the gem installation README output.
|
92
|
+
|
93
|
+
### Deprecated
|
94
|
+
|
95
|
+
- Remove the existing deprecation notice around the `rotate_csrf_on_sign_in`
|
96
|
+
setting, and make that setting default to true.
|
97
|
+
|
98
|
+
[2.1.0]: https://github.com/thoughtbot/clearance/compare/v2.0.0...v2.1.0
|
99
|
+
|
6
100
|
## [2.0.0] - November 12, 2019
|
7
101
|
|
8
102
|
### Added
|