clearance 2.3.1 → 2.4.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of clearance might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 73e524b6026ced3c81ba4f5755fcc40190b5ca08e058d4297780600dc09dfa9a
4
- data.tar.gz: 5c8fe49a083f5bddf070ed33eed1c78b5154d5da2c4f6bb3b52f5709c3db7875
3
+ metadata.gz: bf42dbdfbd60820a6690813fef30b305ffa76ca93852ad6183ce499d1fa51413
4
+ data.tar.gz: 9832b513dcc54672a809b326334d0967266113027d35f4a57add919a7f222201
5
5
  SHA512:
6
- metadata.gz: b8f2689813bcd73ed5d8cd9f5783f3659dbf001f924af4c595c2a5470ad5d1b9d9f57126117626204f0cec9e13b989d757e4baa33e077bc7b6cfde394d6a2f3d
7
- data.tar.gz: ac38abe61a29243c8e253954accad74c8ada5532876b53483ce4991b745124c265674a6df908814a78b3ef4d467e8abd27e9355332e9162bfd25865f8b7bea2b
6
+ metadata.gz: 6a4921201ae474f99af273a1cf524e63a76e868b4470bcf8972ea4ed368bfdd62ae7597c8a8d9b9bffe08803b62d2725fa49737b6b66319eb8b877719bf26d45
7
+ data.tar.gz: 9f38b6e9870112874cabe5c4402bd22984d90713d2ac2b18b157893ba7787777783452528948877e5bcf3bfe5549abce78f8e0f85877f1661a1ea11adb66248f
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- clearance (2.3.1)
4
+ clearance (2.4.0)
5
5
  actionmailer (>= 5.0)
6
6
  activemodel (>= 5.0)
7
7
  activerecord (>= 5.0)
data/NEWS.md CHANGED
@@ -3,6 +3,14 @@
3
3
  The noteworthy changes for each Clearance version are included here. For a
4
4
  complete changelog, see the git history for each version via the version links.
5
5
 
6
+ ## [2.4.0] - March 5, 2021
7
+
8
+ ### Added
9
+
10
+ - Optionally use signed cookies to prevent remember token timing attacks
11
+
12
+ [2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
13
+
6
14
  ## [2.3.1] - March 5, 2021
7
15
 
8
16
  ### Fixed
@@ -13,6 +21,8 @@ complete changelog, see the git history for each version via the version links.
13
21
  - Revert case sensitivity for email uniqueness
14
22
  - Bump nokogiri and actionview dependencies to address security vulnerabilities
15
23
 
24
+ [2.3.1]: https://github.com/thoughtbot/clearance/compare/v2.3.0...v2.3.1
25
+
16
26
  ## [2.3.0] - August 14, 2020
17
27
 
18
28
  ### Fixed
data/README.md CHANGED
@@ -62,6 +62,7 @@ Clearance.configure do |config|
62
62
  config.rotate_csrf_on_sign_in = true
63
63
  config.same_site = nil
64
64
  config.secure_cookie = false
65
+ config.signed_cookie = false
65
66
  config.sign_in_guards = []
66
67
  config.user_model = "User"
67
68
  config.parent_controller = "ApplicationController"
@@ -286,6 +287,33 @@ and `password` attributes. Over-riding the `email_optional?` or
286
287
  `skip_password_validation?` methods to return `true` will disable those
287
288
  validations from being added.
288
289
 
290
+ ### Signed Cookies
291
+
292
+ By default, Clearance uses unsigned cookies. If you would like to use signed
293
+ cookies you can do so by overriding the default in an initializer like so:
294
+
295
+ ```ruby
296
+ Clearance.configure do |config|
297
+ # ... other overrides
298
+ config.signed_cookie = true
299
+ end
300
+ ```
301
+
302
+ If you are currently not using unsigned cookies but would like to migrate your
303
+ users over to them without breaking current sessions, you can do so by passing
304
+ in `:migrate` rather than `true` as so:
305
+
306
+ ```ruby
307
+ Clearance.configure do |config|
308
+ # ... other overrides
309
+ config.signed_cookie = :migrate
310
+ end
311
+ ```
312
+
313
+ You can read more about signed cookies in Clearance and why they are a good idea
314
+ in the [pull request that added them](https://github.com/thoughtbot/clearance/pull/917).
315
+
316
+
289
317
  ## Extending Sign In
290
318
 
291
319
  By default, Clearance will sign in any user with valid credentials. If you need
@@ -1,3 +1,3 @@
1
1
  module Clearance
2
- VERSION = "2.3.1".freeze
2
+ VERSION = "2.4.0".freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clearance
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.1
4
+ version: 2.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dan Croak
@@ -22,10 +22,10 @@ authors:
22
22
  - Jason Morrison
23
23
  - Galen Frechette
24
24
  - Josh Steiner
25
- autorequire:
25
+ autorequire:
26
26
  bindir: bin
27
27
  cert_chain: []
28
- date: 2021-03-05 00:00:00.000000000 Z
28
+ date: 2021-04-09 00:00:00.000000000 Z
29
29
  dependencies:
30
30
  - !ruby/object:Gem::Dependency
31
31
  name: bcrypt
@@ -295,7 +295,7 @@ homepage: https://github.com/thoughtbot/clearance
295
295
  licenses:
296
296
  - MIT
297
297
  metadata: {}
298
- post_install_message:
298
+ post_install_message:
299
299
  rdoc_options:
300
300
  - "--charset=UTF-8"
301
301
  require_paths:
@@ -312,7 +312,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
312
312
  version: '0'
313
313
  requirements: []
314
314
  rubygems_version: 3.1.2
315
- signing_key:
315
+ signing_key:
316
316
  specification_version: 4
317
317
  summary: Rails authentication & authorization with email & password.
318
318
  test_files: []