v1.4.2

Fixed

• Eliminate deprecation message when using DenyAccess matcher with RSpec 3.

Full Changelog

v1.4.1

Fixed

• Prevent BCrypt strategy from raising an exception when encypted_password
  is nil.

Full Changelog

v1.4.0

Added

• user_params method was added to Clearance::UsersController which provides
  a convenient place to override the parameters used when creating users.
• Controllers now inherit from Clearance::BaseController to allow for easily
  adding behavior to all of them.

Changed

• The sign out link in the default application layout has been replaced with a
  semantically correct sign out button. This also removes an unnecessary
  JavaScript dependency.

Fixed

• Clearance now uses original_fullpath when redirecting to a saved URL after
  login. This should improve the behavior in mounted engines.

Full Changelog

v1.3.0

Added

• Installing Clearance with an existing User model will now create a migration
  that includes adding remember tokens to all existing user records.

Full Changelog

v1.2.1

Fixed

• Query string is now included in the redirect URL when Clearance redirects to a
  previously stored URL.

Full Changelog

v1.2.0

Added

• Support for Rails 4.1.0.rc1
• Sign in can now be disabled with config.allow_sign_in = false

Changed

• Sign in failure message is now customized exclusively via I18n.
  SessionsController#flash_failure_after_create is no longer called. To
  customize the message, change the
  clearance.controllers.sessions.bad_email_or_password or
  flashes.failure_after_create key.

Deprecated

• clearance/testing is now deprecated. Require clearance/rspec or
  clearance/test_unit as appropriate.

Full Changelog

v1.1.0

Added

• Validate email with EmailValidator strict mode.
• The cookie_expiration configuration lambda can now be called with a
  cookies parameter. Allows the Clearance cookie expiration to be set
  according to the value of another cookie (such as remember_me).
• Allow cookie domain and path configuration.
• Add sign in guards.

Fixed

• Don't allow logins with blank remember_token.

Deprecated

• A cookie_expiration lambda that does not accept this cookies
  parameter has been deprecated.

Full Changelog

v1.0.1

Fixed

• Fix an issue when trying to sign in with nil

Full Changelog

v1.0.0

Added

• Support Rails 4.
• Speed up test suites using ::BCrypt::Engine::MIN_COST.
• Speed up integration suites with Clearance::BackDoor.
• Provide BCryptMigrationFromSHA1 password strategy to help people migrate from
  SHA1 (the old default password strategy) to BCrypt (the new default).
• Support Ruby 2.
• More extension points in more controllers.
• Add SignedIn and SignedOut routing constraints.
• Add a fake password strategy, which is useful when writing tests.
• Add redirect_url configuration option.
• Add secure_cookie configuration option.

Changed

• Change default password strategy to BCrypt.
• Replace email regular expression with EmailValidator gem.
• Require > Ruby 1.9.
• The email, encrypted_password, and remember_token fields of the users
  table are NOT NULL in the default migration.
• Replace Cucumber feature generator with RSpec + Capybara.
• Remove Diesel dependency.
• PasswordsController params[:user] has changed to params[:password_reset]
  to avoid locale conflicts.

Fixed

• Improve security when changing password.
• Reduce extra user lookups when adding cookie to headers.
• Unauthorized API requests return HTTP status 401 rather than a redirect
  to the sign in page.

Removed

• Remove deprecated methods on User: remember_me!, generate_random_code,
  password_required?.
• Remove unloadable from controllers (Rails 4 bug fix in development
  environment).
• Remove support for supplying return_to value via request parameter.

Full Changelog

v0.16.2

Changed

• Change default email sender to deploy@example.com.

Full Changelog