clearance 2.3.1 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/NEWS.md +10 -0
- data/README.md +28 -0
- data/lib/clearance/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bf42dbdfbd60820a6690813fef30b305ffa76ca93852ad6183ce499d1fa51413
|
|
4
|
+
data.tar.gz: 9832b513dcc54672a809b326334d0967266113027d35f4a57add919a7f222201
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6a4921201ae474f99af273a1cf524e63a76e868b4470bcf8972ea4ed368bfdd62ae7597c8a8d9b9bffe08803b62d2725fa49737b6b66319eb8b877719bf26d45
|
|
7
|
+
data.tar.gz: 9f38b6e9870112874cabe5c4402bd22984d90713d2ac2b18b157893ba7787777783452528948877e5bcf3bfe5549abce78f8e0f85877f1661a1ea11adb66248f
|
data/Gemfile.lock
CHANGED
data/NEWS.md
CHANGED
|
@@ -3,6 +3,14 @@
|
|
|
3
3
|
The noteworthy changes for each Clearance version are included here. For a
|
|
4
4
|
complete changelog, see the git history for each version via the version links.
|
|
5
5
|
|
|
6
|
+
## [2.4.0] - March 5, 2021
|
|
7
|
+
|
|
8
|
+
### Added
|
|
9
|
+
|
|
10
|
+
- Optionally use signed cookies to prevent remember token timing attacks
|
|
11
|
+
|
|
12
|
+
[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
|
|
13
|
+
|
|
6
14
|
## [2.3.1] - March 5, 2021
|
|
7
15
|
|
|
8
16
|
### Fixed
|
|
@@ -13,6 +21,8 @@ complete changelog, see the git history for each version via the version links.
|
|
|
13
21
|
- Revert case sensitivity for email uniqueness
|
|
14
22
|
- Bump nokogiri and actionview dependencies to address security vulnerabilities
|
|
15
23
|
|
|
24
|
+
[2.3.1]: https://github.com/thoughtbot/clearance/compare/v2.3.0...v2.3.1
|
|
25
|
+
|
|
16
26
|
## [2.3.0] - August 14, 2020
|
|
17
27
|
|
|
18
28
|
### Fixed
|
data/README.md
CHANGED
|
@@ -62,6 +62,7 @@ Clearance.configure do |config|
|
|
|
62
62
|
config.rotate_csrf_on_sign_in = true
|
|
63
63
|
config.same_site = nil
|
|
64
64
|
config.secure_cookie = false
|
|
65
|
+
config.signed_cookie = false
|
|
65
66
|
config.sign_in_guards = []
|
|
66
67
|
config.user_model = "User"
|
|
67
68
|
config.parent_controller = "ApplicationController"
|
|
@@ -286,6 +287,33 @@ and `password` attributes. Over-riding the `email_optional?` or
|
|
|
286
287
|
`skip_password_validation?` methods to return `true` will disable those
|
|
287
288
|
validations from being added.
|
|
288
289
|
|
|
290
|
+
### Signed Cookies
|
|
291
|
+
|
|
292
|
+
By default, Clearance uses unsigned cookies. If you would like to use signed
|
|
293
|
+
cookies you can do so by overriding the default in an initializer like so:
|
|
294
|
+
|
|
295
|
+
```ruby
|
|
296
|
+
Clearance.configure do |config|
|
|
297
|
+
# ... other overrides
|
|
298
|
+
config.signed_cookie = true
|
|
299
|
+
end
|
|
300
|
+
```
|
|
301
|
+
|
|
302
|
+
If you are currently not using unsigned cookies but would like to migrate your
|
|
303
|
+
users over to them without breaking current sessions, you can do so by passing
|
|
304
|
+
in `:migrate` rather than `true` as so:
|
|
305
|
+
|
|
306
|
+
```ruby
|
|
307
|
+
Clearance.configure do |config|
|
|
308
|
+
# ... other overrides
|
|
309
|
+
config.signed_cookie = :migrate
|
|
310
|
+
end
|
|
311
|
+
```
|
|
312
|
+
|
|
313
|
+
You can read more about signed cookies in Clearance and why they are a good idea
|
|
314
|
+
in the [pull request that added them](https://github.com/thoughtbot/clearance/pull/917).
|
|
315
|
+
|
|
316
|
+
|
|
289
317
|
## Extending Sign In
|
|
290
318
|
|
|
291
319
|
By default, Clearance will sign in any user with valid credentials. If you need
|
data/lib/clearance/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: clearance
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Croak
|
|
@@ -22,10 +22,10 @@ authors:
|
|
|
22
22
|
- Jason Morrison
|
|
23
23
|
- Galen Frechette
|
|
24
24
|
- Josh Steiner
|
|
25
|
-
autorequire:
|
|
25
|
+
autorequire:
|
|
26
26
|
bindir: bin
|
|
27
27
|
cert_chain: []
|
|
28
|
-
date: 2021-
|
|
28
|
+
date: 2021-04-09 00:00:00.000000000 Z
|
|
29
29
|
dependencies:
|
|
30
30
|
- !ruby/object:Gem::Dependency
|
|
31
31
|
name: bcrypt
|
|
@@ -295,7 +295,7 @@ homepage: https://github.com/thoughtbot/clearance
|
|
|
295
295
|
licenses:
|
|
296
296
|
- MIT
|
|
297
297
|
metadata: {}
|
|
298
|
-
post_install_message:
|
|
298
|
+
post_install_message:
|
|
299
299
|
rdoc_options:
|
|
300
300
|
- "--charset=UTF-8"
|
|
301
301
|
require_paths:
|
|
@@ -312,7 +312,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
312
312
|
version: '0'
|
|
313
313
|
requirements: []
|
|
314
314
|
rubygems_version: 3.1.2
|
|
315
|
-
signing_key:
|
|
315
|
+
signing_key:
|
|
316
316
|
specification_version: 4
|
|
317
317
|
summary: Rails authentication & authorization with email & password.
|
|
318
318
|
test_files: []
|