clearance 1.0.0.rc7 → 1.0.0.rc8

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    YWM2NjBlMWQ3Yjk5ZDY2OGZjYTFhZGI1YjIzZTJjNzRkYTYyMTEwMw==
-  data.tar.gz: !binary |-
-    ZmUxZWRjN2RkY2ZmNGMwNDgyNTM5ZmY4YzhiOWNjZTViNDYzMWMwNw==
-!binary "U0hBNTEy":
-  metadata.gz: !binary |-
-    YzA5YTAzMjUxOGZjNGU5MTQ3ZTQ4NjI2ZjQ0N2M2YWFjNjg4MzIwODA4YmU2
-    MTlkZTk2NjNkODE2YjI0YzQ0M2JhNjRmOTM2YzJkMzY1MThlMzJkOTU0ODY5
-    Yjc5MzBhOTc2Y2FiMzA4MzdiZDU5ZmU2OTkwYWE5OGNkYjRjOTg=
-  data.tar.gz: !binary |-
-    ZTdlZDUwN2FjYzg3ZmI4OGEzMGMwMjU1ZjY5NzY5ZDUwOTAyYjcwMjk5MGEz
-    OTZmNDZiZTMyNGMxMDNjNjlhNmUwNjkxZDI0YWM1YmU5MmZlMzI3NThjNGZi
-    Njc1Y2MxN2E0Nzc0MTg4MzQzYzQ1MzdiZjE0YWE4ZDRhZDJmMGU=
+SHA1:
+  metadata.gz: f594b3d9373f5783a6e2304f49ca636bbf7b904d
+  data.tar.gz: e2731151ddda9ff6b6a746b3f789b23f5305335e
+SHA512:
+  metadata.gz: 633e6622929f3ae73a267f607167f004915f61b679cad2867923cc0ff249eabdf6f3cb29d2dcb9f1fa2b5519f5841468f6e8c2888bd51fe9122865ef4934ce16
+  data.tar.gz: d52bc8b9c6b5e4007d9461b91721ac0db05e7df9b6c4efcb36d93a253ece3d04d09e07e68d0341b10e73128bbf23bd786a7a3b6522c69d6ac91770e3a9b629b1

data/.gitignore

@@ -1,11 +1,11 @@
+!.keep
 *.DS_Store
-*.swp
 *.swo
+*.swp
 *~
-!.keep
 .bundle
 db/*.sqlite3
+gemfiles/
 log/*.log
 pkg
 tmp/
-bin/

data/.travis.yml

@@ -1,26 +1,9 @@
 language: ruby
 rvm:
-  - 1.9.2
   - 1.9.3
   - 2.0.0
-before_install:
-  - gem update --system
-  - gem update bundler
 before_script:
   - "bundle exec rake db:migrate"
-gemfile:
-  - gemfiles/3.0.20.gemfile
-  - gemfiles/3.1.11.gemfile
-  - gemfiles/3.2.12.gemfile
-  - gemfiles/3.2.13.rc2.gemfile
-matrix:
-  exclude:
-    - rvm: 2.0.0
-      gemfile: gemfiles/3.0.20.gemfile
-    - rvm: 2.0.0
-      gemfile: gemfiles/3.1.11.gemfile
-    - rvm: 2.0.0
-      gemfile: gemfiles/3.2.12.gemfile
 branches:
   only:
     - master

data/Appraisals

@@ -1,11 +1,7 @@
-if RUBY_VERSION >= '2.0'
-  rails_versions = ['3.2.13.rc2']
-else
-  rails_versions = ['3.0.20', '3.1.11', '3.2.12']
-end
+rails_versions = ['~> 3.2.13', '~> 4.0.0']
 
 rails_versions.each do |rails_version|
-  appraise "#{rails_version}" do
+  appraise "rails#{rails_version.slice(/\d+\.\d+/)}" do
     gem 'rails', rails_version
   end
 end

data/Gemfile

@@ -1,3 +1,18 @@
-source 'http://rubygems.org'
+source 'https://rubygems.org'
 
 gemspec
+
+gem 'appraisal', '~> 0.5'
+gem 'aruba', '~> 0.5'
+gem 'bourne', '~> 1.4'
+gem 'bundler', '~> 1.3'
+gem 'capybara', '~> 2.0.3'
+gem 'cucumber-rails', '~> 1.3'
+gem 'database_cleaner', '~> 1.0'
+gem 'factory_girl_rails', '~> 4.2'
+gem 'jbuilder', '~> 1.2'
+gem 'rspec-rails', '~> 2.13'
+gem 'sdoc'
+gem 'shoulda-matchers', github: 'thoughtbot/shoulda-matchers' , branch: 'dp-rails-four'
+gem 'sqlite3', '~> 1.3'
+gem 'timecop', '~> 0.6'

data/Gemfile.lock

@@ -1,182 +1,191 @@
+GIT
+  remote: git://github.com/thoughtbot/shoulda-matchers.git
+  revision: 96e734d8946151ebf0e0d4488d05f2da30fdb59a
+  branch: dp-rails-four
+  specs:
+    shoulda-matchers (2.1.0)
+      activesupport (>= 3.0.0)
+
 PATH
   remote: .
   specs:
-    clearance (1.0.0.rc7)
+    clearance (1.0.0.rc8)
       bcrypt-ruby
-      email_validator
-      rails (>= 3.0)
+      email_validator (~> 1.4)
+      rails (>= 3.1)
 
 GEM
-  remote: http://rubygems.org/
+  remote: https://rubygems.org/
   specs:
-    actionmailer (3.2.6)
-      actionpack (= 3.2.6)
+    actionmailer (3.2.12)
+      actionpack (= 3.2.12)
       mail (~> 2.4.4)
-    actionpack (3.2.6)
-      activemodel (= 3.2.6)
-      activesupport (= 3.2.6)
+    actionpack (3.2.12)
+      activemodel (= 3.2.12)
+      activesupport (= 3.2.12)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
-      journey (~> 1.0.1)
-      rack (~> 1.4.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
-      sprockets (~> 2.1.3)
-    activemodel (3.2.6)
-      activesupport (= 3.2.6)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.12)
+      activesupport (= 3.2.12)
       builder (~> 3.0.0)
-    activerecord (3.2.6)
-      activemodel (= 3.2.6)
-      activesupport (= 3.2.6)
+    activerecord (3.2.12)
+      activemodel (= 3.2.12)
+      activesupport (= 3.2.12)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activeresource (3.2.6)
-      activemodel (= 3.2.6)
-      activesupport (= 3.2.6)
-    activesupport (3.2.6)
+    activeresource (3.2.12)
+      activemodel (= 3.2.12)
+      activesupport (= 3.2.12)
+    activesupport (3.2.12)
       i18n (~> 0.6)
       multi_json (~> 1.0)
-    addressable (2.3.2)
-    appraisal (0.4.1)
+    appraisal (0.5.2)
       bundler
       rake
     arel (3.0.2)
-    aruba (0.4.11)
-      childprocess (>= 0.2.3)
+    aruba (0.5.3)
+      childprocess (>= 0.3.6)
       cucumber (>= 1.1.1)
-      ffi (>= 1.0.11)
-      rspec (>= 2.7.0)
-    bcrypt-ruby (3.0.1)
-    bourne (1.3.0)
-      mocha (= 0.13.0)
+      rspec-expectations (>= 2.7.0)
+    bcrypt-ruby (3.1.1)
+    bourne (1.4.0)
+      mocha (~> 0.13.2)
     builder (3.0.4)
-    capybara (1.1.2)
+    capybara (2.0.3)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
       selenium-webdriver (~> 2.0)
-      xpath (~> 0.1.4)
-    childprocess (0.3.4)
-      ffi (~> 1.0, >= 1.0.6)
-    cucumber (1.2.1)
+      xpath (~> 1.0.0)
+    childprocess (0.3.9)
+      ffi (~> 1.0, >= 1.0.11)
+    cucumber (1.3.2)
       builder (>= 2.1.2)
       diff-lcs (>= 1.1.3)
-      gherkin (~> 2.11.0)
-      json (>= 1.4.6)
-    cucumber-rails (1.1.1)
-      capybara (>= 1.1.1)
-      cucumber (>= 1.1.0)
+      gherkin (~> 2.12.0)
+      multi_json (~> 1.3)
+    cucumber-rails (1.3.1)
+      capybara (>= 1.1.2)
+      cucumber (>= 1.2.0)
       nokogiri (>= 1.5.0)
-    database_cleaner (0.8.0)
-    diff-lcs (1.1.3)
-    email_validator (1.3.0)
+      rails (~> 3.0)
+    database_cleaner (1.0.1)
+    diff-lcs (1.2.4)
+    email_validator (1.4.0)
       activemodel
     erubis (2.7.0)
-    factory_girl (3.5.0)
+    factory_girl (4.2.0)
       activesupport (>= 3.0.0)
-    factory_girl_rails (3.5.0)
-      factory_girl (~> 3.5.0)
+    factory_girl_rails (4.2.1)
+      factory_girl (~> 4.2.0)
       railties (>= 3.0.0)
-    ffi (1.1.0)
-    gherkin (2.11.1)
-      json (>= 1.4.6)
-    hike (1.2.1)
-    i18n (0.6.1)
+    ffi (1.9.0)
+    gherkin (2.12.0)
+      multi_json (~> 1.3)
+    hike (1.2.3)
+    i18n (0.6.4)
+    jbuilder (1.4.2)
+      activesupport (>= 3.0.0)
+      multi_json (>= 1.2.0)
     journey (1.0.4)
-    json (1.7.6)
-    libwebsocket (0.1.4)
-      addressable
+    json (1.8.0)
     mail (2.4.4)
       i18n (>= 0.4.0)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
     metaclass (0.0.1)
-    mime-types (1.19)
-    mocha (0.13.0)
+    mime-types (1.23)
+    mini_portile (0.5.0)
+    mocha (0.13.3)
       metaclass (~> 0.0.1)
-    multi_json (1.5.0)
-    nokogiri (1.5.5)
+    multi_json (1.7.7)
+    nokogiri (1.6.0)
+      mini_portile (~> 0.5.0)
     polyglot (0.3.3)
-    psych (1.3.4)
-    rack (1.4.4)
+    rack (1.4.5)
     rack-cache (1.2)
       rack (>= 0.4)
     rack-ssl (1.3.3)
       rack
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (3.2.6)
-      actionmailer (= 3.2.6)
-      actionpack (= 3.2.6)
-      activerecord (= 3.2.6)
-      activeresource (= 3.2.6)
-      activesupport (= 3.2.6)
+    rails (3.2.12)
+      actionmailer (= 3.2.12)
+      actionpack (= 3.2.12)
+      activerecord (= 3.2.12)
+      activeresource (= 3.2.12)
+      activesupport (= 3.2.12)
       bundler (~> 1.0)
-      railties (= 3.2.6)
-    railties (3.2.6)
-      actionpack (= 3.2.6)
-      activesupport (= 3.2.6)
+      railties (= 3.2.12)
+    railties (3.2.12)
+      actionpack (= 3.2.12)
+      activesupport (= 3.2.12)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
-    rake (10.0.3)
-    rdoc (3.12)
+    rake (10.1.0)
+    rdoc (3.12.2)
       json (~> 1.4)
-    rspec (2.12.0)
-      rspec-core (~> 2.12.0)
-      rspec-expectations (~> 2.12.0)
-      rspec-mocks (~> 2.12.0)
-    rspec-core (2.12.2)
-    rspec-expectations (2.12.1)
-      diff-lcs (~> 1.1.3)
-    rspec-mocks (2.12.2)
-    rspec-rails (2.12.2)
+    rspec-core (2.13.1)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.1)
+    rspec-rails (2.13.2)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       railties (>= 3.0)
-      rspec-core (~> 2.12.0)
-      rspec-expectations (~> 2.12.0)
-      rspec-mocks (~> 2.12.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
     rubyzip (0.9.9)
-    selenium-webdriver (2.25.0)
+    sdoc (0.3.20)
+      json (>= 1.1.3)
+      rdoc (~> 3.10)
+    selenium-webdriver (2.33.0)
       childprocess (>= 0.2.5)
-      libwebsocket (~> 0.1.3)
       multi_json (~> 1.0)
       rubyzip
-    shoulda-matchers (1.2.0)
-      activesupport (>= 3.0.0)
-    sprockets (2.1.3)
+      websocket (~> 1.0.4)
+    sprockets (2.2.2)
       hike (~> 1.2)
+      multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
     sqlite3 (1.3.6)
-    thor (0.17.0)
-    tilt (1.3.3)
-    timecop (0.3.5)
-    treetop (1.4.12)
+    thor (0.18.1)
+    tilt (1.4.1)
+    timecop (0.6.1)
+    treetop (1.4.14)
       polyglot
       polyglot (>= 0.3.1)
     tzinfo (0.3.37)
-    xpath (0.1.4)
+    websocket (1.0.7)
+    xpath (1.0.0)
       nokogiri (~> 1.3)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  appraisal (= 0.4.1)
-  aruba (= 0.4.11)
-  bourne (= 1.3.0)
-  bundler (~> 1.1)
-  capybara (= 1.1.2)
+  appraisal (~> 0.5)
+  aruba (~> 0.5)
+  bourne (~> 1.4)
+  bundler (~> 1.3)
+  capybara (~> 2.0.3)
   clearance!
-  cucumber-rails (= 1.1.1)
-  database_cleaner (= 0.8.0)
-  factory_girl_rails (= 3.5.0)
-  psych (~> 1.3.4)
-  rspec-rails (= 2.12.2)
-  shoulda-matchers (= 1.2.0)
-  sqlite3 (= 1.3.6)
-  timecop (= 0.3.5)
+  cucumber-rails (~> 1.3)
+  database_cleaner (~> 1.0)
+  factory_girl_rails (~> 4.2)
+  jbuilder (~> 1.2)
+  rspec-rails (~> 2.13)
+  sdoc
+  shoulda-matchers!
+  sqlite3 (~> 1.3)
+  timecop (~> 0.6)

data/NEWS.md

@@ -1,13 +1,15 @@
-Thank you to all the [contributors](https://github.com/thoughtbot/clearance/contributors)!
+Thank you to all the [contributors](https://github.com/thoughtbot/clearance/graphs/contributors)!
 
 New for 1.0.0:
 
+* Support Rails 4.
 * Change default password strategy to BCrypt.
 * Speed up test suites using `::BCrypt::Engine::MIN_COST`.
 * Speed up integration suites with `Clearance::BackDoor`.
 * Replace email regular expression with `EmailValidator` gem.
 * Provide `BCryptMigrationFromSHA1` password strategy to help people migrate from
   SHA1 (the old default password strategy) to BCrypt (the new default).
+* Support Ruby 2.
 * Require > Ruby 1.9.
 * More extension points in more controllers.
 * The `email`, `encrypted_password`, and `remember_token` fields of the users
@@ -21,12 +23,14 @@ New for 1.0.0:
   `password_required?`.
 * `PasswordsController` `params[:user]` has changed to `params[:password_reset]`
   to avoid locale conflicts.
-* Prepare for Rails 4.
-* Prepare for Ruby 2.
 * Remove `unloadable` from controllers (Rails 4 bug fix in development
   environment).
 * Add `redirect_url` configuration option.
 * Add `secure_cookie` configuration option.
+* Unauthorized API requests return HTTP status 401 rather than a redirect
+  to the sign in page.
+* Remove support for supplying `return_to` value via request parameter.
+* Reduce extra user lookups when adding cookie to headers.
 
 New for 0.16.2 (May 11, 2012):
 

data/README.md

@@ -1,10 +1,8 @@
 Clearance
 =========
 
-[![Build
-Status](https://secure.travis-ci.org/thoughtbot/clearance.png)](http://travis-ci.org/thoughtbot/clearance?branch=master)
-[![Code
-Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/thoughtbot/clearance)
+[![Build Status](https://secure.travis-ci.org/thoughtbot/clearance.png)](http://travis-ci.org/thoughtbot/clearance?branch=master)
+[![Code Climate](https://codeclimate.com/github/thoughtbot/clearance.png)](https://codeclimate.com/github/thoughtbot/clearance)
 [![Dependency Status](https://gemnasium.com/thoughtbot/clearance.png)](https://gemnasium.com/thoughtbot/clearance)
 
 Rails authentication with email & password.
@@ -19,12 +17,14 @@ Read [CONTRIBUTING.md](/CONTRIBUTING.md) to contribute.
 Install
 -------
 
-Clearance is a Rails engine tested against [Rails 3.x](/Appraisals) on Ruby
-1.9.x and Ruby 2.0.x.
+Clearance is a Rails engine tested against Rails `>= 3.2` and Ruby `>= 1.9.3`.
+It works with Rails 4 and Ruby 2.
 
 Include the gem in your Gemfile:
 
-    gem 'clearance', '1.0.0.rc7'
+```ruby
+gem 'clearance', '1.0.0.rc7'
+```
 
 Bundle:
 
@@ -53,14 +53,17 @@ Configure
 
 Override any of these defaults in `config/initializers/clearance.rb`:
 
-    Clearance.configure do |config|
-      config.cookie_expiration = lambda { 1.year.from_now.utc }
-      config.secure_cookie = false
-      config.mailer_sender = 'reply@example.com'
-      config.password_strategy = Clearance::PasswordStrategies::BCrypt
-      config.user_model = User
-      config.redirect_path = '/'
-    end
+```ruby
+Clearance.configure do |config|
+  config.cookie_expiration = lambda { 1.year.from_now.utc }
+  config.httponly = false
+  config.secure_cookie = false
+  config.mailer_sender = 'reply@example.com'
+  config.password_strategy = Clearance::PasswordStrategies::BCrypt
+  config.user_model = User
+  config.redirect_url = '/'
+end
+```
 
 Use
 ---
@@ -68,66 +71,78 @@ Use
 Use `current_user`, `signed_in?`, and `signed_out?` in controllers, views, and
 helpers. For example:
 
-    - if signed_in?
-      = current_user.email
-      = link_to 'Sign out', sign_out_path, method: :delete
-    - else
-      = link_to 'Sign in', sign_in_path
+```haml
+- if signed_in?
+  = current_user.email
+  = link_to 'Sign out', sign_out_path, method: :delete
+- else
+  = link_to 'Sign in', sign_in_path
+```
 
 To authenticate a user elsewhere than `sessions/new` (like in an API):
 
-    User.authenticate 'email@example.com', 'password'
+```ruby
+User.authenticate 'email@example.com', 'password'
+```
 
 When a user resets their password, Clearance delivers them an email. So, you
 should change the `mailer_sender` default, used in the email's "from" header:
 
-    Clearance.configure do |config|
-      config.mailer_sender = 'reply@example.com'
-    end
+```ruby
+Clearance.configure do |config|
+  config.mailer_sender = 'reply@example.com'
+end
+```
 
 Use `authorize` to control access in controllers:
 
-    class ArticlesController < ApplicationController
-      before_filter :authorize
+```ruby
+class ArticlesController < ApplicationController
+  before_filter :authorize
 
-      def index
-        current_user.articles
-      end
-    end
+  def index
+    current_user.articles
+  end
+end
+```
 
 Or, you can authorize users in `config/routes.rb`:
 
-    Blog::Application.routes.draw do
-      constraints Clearance::Constraints::SignedIn.new { |user| user.admin? } do
-        root to: 'admin'
-      end
+```ruby
+Blog::Application.routes.draw do
+  constraints Clearance::Constraints::SignedIn.new { |user| user.admin? } do
+    root to: 'admin'
+  end
 
-      constraints Clearance::Constraints::SignedIn.new do
-        root to: 'dashboard'
-      end
+  constraints Clearance::Constraints::SignedIn.new do
+    root to: 'dashboard'
+  end
 
-      constraints Clearance::Constraints::SignedOut.new do
-        root to: 'marketing'
-      end
-    end
+  constraints Clearance::Constraints::SignedOut.new do
+    root to: 'marketing'
+  end
+end
+```
 
 Clearance adds its session to the Rack environment hash so middleware and other
 Rack applications can interact with it:
 
-    class Bubblegum::Middleware
-      def initialize(app)
-        @app = app
-      end
-
-      def call(env)
-        if env[:clearance].signed_in?
-          env[:clearance].current_user.bubble_gum
-        end
+```ruby
+class Bubblegum::Middleware
+  def initialize(app)
+    @app = app
+  end
 
-        @app.call(env)
-      end
+  def call(env)
+    if env[:clearance].signed_in?
+      env[:clearance].current_user.bubble_gum
     end
 
+    @app.call(env)
+  end
+end
+```
+
 Overriding routes
 -----------------
 
@@ -135,7 +150,9 @@ See [config/routes.rb](/config/routes.rb) for the default behavior.
 
 To override a Clearance route, redefine it:
 
-    resource :session, controller: 'sessions'
+```ruby
+resource :session, controller: 'sessions'
+```
 
 Overriding controllers
 ----------------------
@@ -145,9 +162,11 @@ behavior.
 
 To override a Clearance controller, subclass it:
 
-    class PasswordsController < Clearance::PasswordsController
-    class SessionsController < Clearance::SessionsController
-    class UsersController < Clearance::UsersController
+```ruby
+class PasswordsController < Clearance::PasswordsController
+class SessionsController < Clearance::SessionsController
+class UsersController < Clearance::UsersController
+```
 
 Then, override public methods:
 
@@ -181,6 +200,21 @@ Or, override private methods:
     users#url_after_create
     users#user_from_params
 
+All of these controller methods redirect to `'/'` by default:
+
+    passwords#url_after_update
+    sessions#url_after_create
+    users#url_after_create
+    application#url_after_denied_access_when_signed_in
+
+To override them all at once, change the global configuration:
+
+```ruby
+Clearance.configure do |config|
+  config.redirect_url = '/overriden'
+end
+```
+
 Overriding translations
 -----------------------
 
@@ -218,18 +252,18 @@ See [lib/clearance/user.rb](/lib/clearance/user.rb) for the default behavior.
 
 To override the model, redefine public methods:
 
-    .authenticate(email, password)
-    #forgot_password!
-    #reset_remember_token!
-    #update_password(new_password)
+    User.authenticate(email, password)
+    User#forgot_password!
+    User#reset_remember_token!
+    User#update_password(new_password)
 
 Or, redefine private methods:
 
-    #email_optional?
-    #generate_confirmation_token
-    #generate_remember_token
-    #normalize_email
-    #password_optional?
+    User#email_optional?
+    User#generate_confirmation_token
+    User#generate_remember_token
+    User#normalize_email
+    User#password_optional?
 
 Overriding the password strategy
 --------------------------------
@@ -242,16 +276,20 @@ for the default behavior.
 
 Change your password strategy in `config/initializers/clearance.rb:`
 
-    Clearance.configure do |config|
-      config.password_strategy = Clearance::PasswordStrategies::SHA1
-    end
+```ruby
+Clearance.configure do |config|
+  config.password_strategy = Clearance::PasswordStrategies::SHA1
+end
+```
 
 Clearance provides the following strategies:
 
-    config.password_strategy = Clearance::PasswordStrategies::BCrypt
-    config.password_strategy = Clearance::PasswordStrategies::BCryptMigrationFromSHA1
-    config.password_strategy = Clearance::PasswordStrategies::Blowfish
-    config.password_strategy = Clearance::PasswordStrategies::SHA1
+```ruby
+Clearance::PasswordStrategies::BCrypt
+Clearance::PasswordStrategies::BCryptMigrationFromSHA1
+Clearance::PasswordStrategies::Blowfish
+Clearance::PasswordStrategies::SHA1
+```
 
 The previous default password strategy was SHA1.
 
@@ -268,67 +306,66 @@ switch to BCrypt transparently, use
 The SHA1 and Blowfish password strategies require an additional `salt` column in
 the `users` table. Run this migration before switching to SHA or Blowfish:
 
-    class AddSaltToUsers < ActiveRecord::Migration
-      def change
-        add_column :users, :salt, :string, limit: 128
-      end
-    end
+```ruby
+class AddSaltToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :salt, :string, limit: 128
+  end
+end
+```
 
 You can write a custom password strategy that has two instance methods:
 
-    module CustomPasswordStrategy
-      def authenticated?
-      end
+```ruby
+module CustomPasswordStrategy
+  def authenticated?
+  end
 
-      def password=(new_password)
-      end
-    end
+  def password=(new_password)
+  end
+end
 
-    Clearance.configure do |config|
-      config.password_strategy = CustomPasswordStrategy
-    end
+Clearance.configure do |config|
+  config.password_strategy = CustomPasswordStrategy
+end
+```
 
-Optional Integration tests
---------------------------
+Optional feature specs
+----------------------
 
-Clearance's integration tests are dependent on:
+You can generate feature specs to help prevent regressions in Clearance's
+integration with your Rails app over time.
 
-* Capybara
-* Factory Girl
-* RSpec
+Edit your `Gemfile` to include the dependencies:
 
-As your app evolves, you want to know that authentication still works. We
-include support for RSpec integration tests.
+```ruby
+gem 'capybara', '~> 2.0'
+gem 'factory_girl_rails', '~> 4.2'
+gem 'rspec-rails', '~> 2.13'
+```
 
-If you've installed [RSpec](https://github.com/rspec/rspec) in your app:
+Generate RSpec files:
 
     rails generate rspec:install
 
-Then, you can use the Clearance specs generator:
+Generate Clearance specs:
 
     rails generate clearance:specs
 
-Edit your Gemfile to include:
-
-    gem 'factory_girl_rails'
-
-Edit `config/enviroments/test.rb` to include the following:
-
-    config.action_mailer.default_url_options = { host: 'localhost:3000' }
-
-Then run your tests!
+Run the specs:
 
     rake
 
-Testing
--------
-
-If you want to write Rails functional tests or controller specs with Clearance,
-you'll need to require the included test helpers and matchers.
+Testing authorized controller actions
+-------------------------------------
 
-For example, in `spec/support/clearance.rb` or `test/test_helper.rb`:
+To test controller actions that are protected by `before_filter :authorize`,
+include Clearance's test helpers and matchers in `spec/support/clearance.rb` or
+`test/test_helper.rb`:
 
-    require 'clearance/testing'
+```ruby
+require 'clearance/testing'
+```
 
 This will make `Clearance::Controller` methods work in your controllers
 during functional tests and provide access to helper methods like:
@@ -343,28 +380,57 @@ And matchers like:
 
 Example:
 
-    context 'a guest' do
-      before do
-        get :show
-      end
+```ruby
+context 'a guest' do
+  before do
+    get :show
+  end
 
-      it { should deny_access }
-    end
+  it { should deny_access }
+end
 
-    context 'a user' do
-      before do
-        sign_in
-        get :show
-      end
+context 'a user' do
+  before do
+    sign_in
+    get :show
+  end
 
-      it { should respond_with(:success) }
-    end
+  it { should respond_with(:success) }
+end
+```
 
 You may want to customize the tests:
 
-    it { should deny_access  }
-    it { should deny_access(flash: 'Denied access.')  }
-    it { should deny_access(redirect: sign_in_url)  }
+```ruby
+it { should deny_access  }
+it { should deny_access(flash: 'Denied access.')  }
+it { should deny_access(redirect: sign_in_url)  }
+```
+
+Faster tests
+------------
+
+Clearance includes middleware that avoids wasting time spent visiting, loading,
+and submitting the sign in form. It instead signs in the designated
+user directly. The speed increase can be
+[substantial](http://robots.thoughtbot.com/post/37907699673/faster-tests-sign-in-through-the-back-door).
+
+Configuration:
+
+```ruby
+# config/environments/test.rb
+MyRailsApp::Application.configure do
+  # ...
+  config.middleware.use Clearance::BackDoor
+  # ...
+end
+```
+
+Usage:
+
+```ruby
+visit root_path(as: user)
+```
 
 Credits
 -------
@@ -372,7 +438,7 @@ Credits
 ![thoughtbot](http://thoughtbot.com/images/tm/logo.png)
 
 Clearance is maintained by [thoughtbot, inc](http://thoughtbot.com/community)
-and [contributors](/thoughtbot/clearance/contributors) like you. Thank you!
+and [contributors](/thoughtbot/clearance/graphs/contributors) like you. Thank you!
 
 License
 -------