Clearance v2.1.0 Release Notes

Release Date: 2019-12-19 // 8 months ago
  • ➕ Added

    • ➕ Add a parent_controller configuration option to specify the controller that
      0️⃣ Clearance's BaseController will inherit from. Defaults to a value of
    • Use the configured primary_key_type from the Active Record settings of the
      project including Clearance, if it is set, while generating migrations. For
      🚅 example, a setting of :uuid in a Rails app using Clearance will cause the
      clearance-generated migrations to use this for the users table id type.

    🛠 Fixed

    • ✂ Delete cookies correctly when a custom domain setting is being used.
    • Do not set the authorization cookie on requests which did not exercise the
      authorization code. Reduces the chances of leaving an auth cookie in a
      publicly cacheable page that didn't require authorization to access.

    🔄 Changed

    • ⚡️ Update the email_validator gem to a newer version embrace the more relaxed
      0️⃣ email validation options which it now defaults to.
    • When a password reset request is submitted without an email address, a flash
      alert is now provided. Previously this continued silently as though it had
      worked. We still proceed that way when there is an invalid (but present)
      value, so as not to reveal existent vs. non-existent emails in the database.

    ✂ Removed

    • ✂ Remove an unused route to passwords#create nested under users.
    • No longer include the (rarely used in practice) application layout as part of
      the views installer; but continue to provide some stock sign-in/out and flash
      partial code in the gem installation README output.

    🗄 Deprecated

    • Remove the existing deprecation notice around the rotate_csrf_on_sign_in
      0️⃣ setting, and make that setting default to true.

Previous changes from v2.0.0

  • ➕ Added

    • ➕ Add support for Rails version 6
    • 👍 Allow cookie_domain to be configured with a lambda for custom configuration
    • ➕ Add ability to configure BCrypt computational cost of hash calculation.
    • ➕ Add same_site configuration option for increased CSRF protection.

    🛠 Fixed

    • 🛠 Fix issue where invalid params could raise NoMethodError when updating and
      resetting passwords.
    • 🚅 The backdoor auth mechanism now supports scenarios where Rails.env has been
      configured via env variables other than RAILS_ENV (RACK_ENV for example).

    ✂ Removed

    • ✂ Removed support for Ruby versions older than 2.4
    • ✂ Removed support for Rails versions older than 5.0
    • ✂ Removed all deprecated code from Clearance 1.x

    🔄 Changed

    • Flash messages now use flash[:alert] rather than flash[:notice] as they
      were used as errors more often than notices.