Clearance v2.1.0 Release NotesRelease Date: 2019-12-19 // 8 months ago
- ➕ Add a
parent_controllerconfiguration option to specify the controller that
BaseControllerwill inherit from. Defaults to a value of
- Use the configured
primary_key_typefrom the Active Record settings of the
project including Clearance, if it is set, while generating migrations. For
🚅 example, a setting of
:uuidin a Rails app using Clearance will cause the
clearance-generated migrations to use this for the
userstable id type.
- ✂ Delete cookies correctly when a custom domain setting is being used.
- Do not set the authorization cookie on requests which did not exercise the
authorization code. Reduces the chances of leaving an auth cookie in a
publicly cacheable page that didn't require authorization to access.
- ⚡️ Update the
email_validatorgem to a newer version embrace the more relaxed
0️⃣ email validation options which it now defaults to.
- When a password reset request is submitted without an email address, a flash
alert is now provided. Previously this continued silently as though it had
worked. We still proceed that way when there is an invalid (but present)
value, so as not to reveal existent vs. non-existent emails in the database.
- ✂ Remove an unused route to
- No longer include the (rarely used in practice) application layout as part of
the views installer; but continue to provide some stock sign-in/out and flash
partial code in the gem installation README output.
- Remove the existing deprecation notice around the
0️⃣ setting, and make that setting default to true.
- ➕ Add a
Previous changes from v2.0.0
- ➕ Add support for Rails version 6
- 👍 Allow
cookie_domainto be configured with a lambda for custom configuration
- ➕ Add ability to configure BCrypt computational cost of hash calculation.
- ➕ Add
same_siteconfiguration option for increased CSRF protection.
- 🛠 Fix issue where invalid params could raise
NoMethodErrorwhen updating and
- 🚅 The backdoor auth mechanism now supports scenarios where
configured via env variables other than
- ✂ Removed support for Ruby versions older than 2.4
- ✂ Removed support for Rails versions older than 5.0
- ✂ Removed all deprecated code from Clearance 1.x
- Flash messages now use
were used as errors more often than notices.