File rubygem-clearance.changes of Package rubygem-clearance
-------------------------------------------------------------------
Tue Jul 16 09:26:04 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- New upstream release 2.7.2, see bundled CHANGELOG.md
-------------------------------------------------------------------
Fri Jun 21 09:39:54 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- New upstream release 2.7.1, see bundled CHANGELOG.md
-------------------------------------------------------------------
Mon Jan 29 13:52:27 UTC 2024 - Dan Čermák <dan.cermak@posteo.net>
- New upstream release 2.6.2, see bundled CHANGELOG.md
-------------------------------------------------------------------
Mon Oct 10 13:01:14 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 2.6.1
see installed CHANGELOG.md
-------------------------------------------------------------------
Thu Aug 4 13:02:19 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 2.6.0
NEWS.md removed upstream
-------------------------------------------------------------------
Tue Jan 25 06:45:20 UTC 2022 - Stephan Kulow <coolo@suse.com>
updated to version 2.5.0
see installed NEWS.md
## [2.5.0] - September 10, 2021
### Fixed
- Fix open redirect vulnerability
### Changed
- Rename default branch to `main`
[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
-------------------------------------------------------------------
Thu Jun 24 17:11:01 UTC 2021 - Stephan Kulow <coolo@suse.com>
updated to version 2.4.0
see installed NEWS.md
## [2.4.0] - March 5, 2021
### Added
- Optionally use signed cookies to prevent remember token timing attacks
[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
## [2.3.1] - March 5, 2021
### Fixed
- Support for accessing Rails 6.x primary_key_type in generator.
- Fix password reset URLs when using a custom model
- Fix flaky test that relied on too specific time delta
- Revert case sensitivity for email uniqueness
- Bump nokogiri and actionview dependencies to address security vulnerabilities
[2.3.1]: https://github.com/thoughtbot/clearance/compare/v2.3.0...v2.3.1
-------------------------------------------------------------------
Fri Sep 25 13:46:32 UTC 2020 - Stephan Kulow <coolo@suse.com>
updated to version 2.3.0
see installed NEWS.md
## [2.3.0] - August 14, 2020
### Fixed
- Delete cookie correctly when a callable object is set as the custom domain
setting.
- Strip `as` parameter when signing in through the back door.
- Remove broken autoload for deprecated password strategies.
### Changed
- Deliver password reset email inline rather than in the background.
- Remove unnecessary unsafe interpolation in erb templates.
[2.3.0]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.3.0
## [2.2.1] - August 7, 2020
### Fixed
- Prevent user enumeration by timing attacks. Trying to log in with an
unrecognized email address will now take the same amount of time as for a user
that does exist in the system.
[2.2.1]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.2.1
## [2.2.0] - July 9, 2020
### Added
- Add an Argon2 password strategy
### Fixed
- Use strings instead of classes on guard classes, avoids Rails deprecation
warning.
- Use `find_by` style for finders, improves neo4j support
- Provide explicit case sensitivity option for email uniqueness, avoid Rails
deprecation warning.
[2.2.0]: https://github.com/thoughtbot/clearance/compare/v2.1.0...v2.2.0
-------------------------------------------------------------------
Mon Feb 10 14:20:47 UTC 2020 - Stephan Kulow <coolo@suse.com>
- updated to version 2.1.0
see installed NEWS.md
## [2.1.0] - December 19, 2019
### Added
- Add a `parent_controller` configuration option to specify the controller that
Clearance's `BaseController` will inherit from. Defaults to a value of
`ApplicationController`.
- Use the configured `primary_key_type` from the Active Record settings of the
project including Clearance, if it is set, while generating migrations. For
example, a setting of `:uuid` in a Rails app using Clearance will cause the
clearance-generated migrations to use this for the `users` table id type.
### Fixed
- Delete cookies correctly when a custom domain setting is being used.
- Do not set the authorization cookie on requests which did not exercise the
authorization code. Reduces the chances of leaving an auth cookie in a
publicly cacheable page that didn't require authorization to access.
### Changed
- Update the `email_validator` gem to a newer version embrace the more relaxed
email validation options which it now defaults to.
- When a password reset request is submitted without an email address, a flash
alert is now provided. Previously this continued silently as though it had
worked. We still proceed that way when there is an invalid (but present)
value, so as not to reveal existent vs. non-existent emails in the database.
### Removed
- Remove an unused route to `passwords#create` nested under `users`.
- No longer include the (rarely used in practice) application layout as part of
the views installer; but continue to provide some stock sign-in/out and flash
partial code in the gem installation README output.
### Deprecated
- Remove the existing deprecation notice around the `rotate_csrf_on_sign_in`
setting, and make that setting default to true.
[2.1.0]: https://github.com/thoughtbot/clearance/compare/v2.0.0...v2.1.0
## [2.0.0] - November 12, 2019
### Added
- Add support for Rails version 6
- Allow `cookie_domain` to be configured with a lambda for custom configuration
- Add ability to configure BCrypt computational cost of hash calculation.
- Add `same_site` configuration option for increased CSRF protection.
### Fixed
- Fix issue where invalid params could raise `NoMethodError` when updating and
resetting passwords.
- The backdoor auth mechanism now supports scenarios where `Rails.env` has been
configured via env variables other than `RAILS_ENV` (`RACK_ENV` for example).
### Removed
- Removed support for Ruby versions older than 2.4
- Removed support for Rails versions older than 5.0
- Removed all deprecated code from Clearance 1.x
### Changed
- Flash messages now use `flash[:alert]` rather than `flash[:notice]` as they
were used as errors more often than notices.
[2.0.0]: https://github.com/thoughtbot/clearance/compare/v1.17.0...v2.0.0
-------------------------------------------------------------------
Sun May 5 09:21:58 UTC 2019 - Stephan Kulow <coolo@suse.com>
- updated to version 1.17.0
see installed NEWS.md
## [1.17.0] - April 11, 2019
### Changed
- Update the `HttpOnly` cookie setting for the remember token to default to
true, which prevents the value from being available to JavaScript.
- Add configuration option to allow the auth backdoor to work in specified
environments (defaults to `test`, `development`, `ci`).
[1.17.0]: https://github.com/thoughtbot/clearance/compare/v1.16.2...1.17.0
-------------------------------------------------------------------
Sat Mar 2 15:09:32 UTC 2019 - Stephan Kulow <coolo@suse.com>
- updated to version 1.16.2
see installed NEWS.md
## [1.16.2] - February 25, 2019
### Fixed
- Added missing translation keys
- Fix issue where a cookie value could be set more than once when interacting
with the `httponly` option
### Changed
- Remove Rails as a dependency so that clearance does not trigger a cascade of
requirements as rails pulls in every framework. Instead, depend on just the
frameworks relevant to Clearance.
- Prevent `Clearance::BackDoor` from being used outside the "test" environment.
[1.16.2]: https://github.com/thoughtbot/clearance/compare/v1.16.1...v1.16.2
-------------------------------------------------------------------
Sun Dec 3 19:13:24 UTC 2017 - coolo@suse.com
- updated to version 1.16.1
see installed NEWS.md
## [1.16.1] - November 2, 2017
### Fixed
- Fixed issue where tokens from abandoned password reset attempts were stored in
the session, preventing newly generated password reset tokens from working.
- Improve compatibility with Rails API projects by calling `helper_method` only
when it is defined.
- URL fragment in server-set `session[:return_to]` values are preserved when
redirecting to the stored value.
- Eliminated deprecation in Clearance test helpers that were related to the
renaming of FactoryGirl to FactoryBot.
[1.16.1]: https://github.com/thoughtbot/clearance/compare/v1.16.0...v1.16.1
-------------------------------------------------------------------
Tue Jan 17 05:30:42 UTC 2017 - coolo@suse.com
- updated to version 1.16.0
see installed NEWS.md
## [1.16.0] - January 16, 2017
### Security
- Clearance users can now help prevent [session fixation attacks] by setting
`Clearance.configuration.rotate_csrf_on_sign_in` to `true`. This will cause
the user's CSRF token to be rotated on sign in and is recommended for all
Clearance applications. This setting will default to `true` in Clearance 2.0.
Clearance will emit a warning on each sign in until this configuration setting
is explicitly set to `true` or `false`.
[session fixation attacks]: https://www.owasp.org/index.php/Session_fixation
[1.16.0]: https://github.com/thoughtbot/clearance/compare/v1.15.1...v1.16.0
-------------------------------------------------------------------
Sat Oct 8 04:30:32 UTC 2016 - coolo@suse.com
- updated to version 1.15.1
see installed NEWS.md
## [1.15.1] - October 6, 2016
### Fixed
- Password reset form redirect no longer uses a named route helper, which means
it will work for developers that have customized their routes.
[1.15.1]: https://github.com/thoughtbot/clearance/compare/v1.15.0...v1.15.1
-------------------------------------------------------------------
Tue Sep 27 04:35:08 UTC 2016 - coolo@suse.com
- updated to version 1.15.0
see installed NEWS.md
## [1.15.0] - September 26, 2016
### Security
- Prevent possible password reset token leak to external sites linked to on the
password reset page. See [PR #707] for more information.
[PR #707]: https://github.com/thoughtbot/clearance/pull/707
[1.15.0]: https://github.com/thoughtbot/clearance/compare/v1.14.2...v1.15.0
-------------------------------------------------------------------
Thu Aug 11 04:32:41 UTC 2016 - coolo@suse.com
- updated to version 1.14.2
see installed NEWS.md
## [1.14.2] - August 10, 2016
### Fixed
- Fixed incompatibility with `attr_encrypted` gem by inlining the body of the
`encrypt` helper method used in the BCrypt password strategy.
[1.14.2]: https://github.com/thoughtbot/clearance/compare/v1.14.1...v1.14.2
-------------------------------------------------------------------
Sat May 21 04:30:54 UTC 2016 - coolo@suse.com
- updated to version 1.14.1
see installed NEWS.md
## [1.14.1] - May 12, 2016
### Fixed
- Fixed insertion of `include Clearance::User` when running the install
generator in an app that already has a `User` model.
- Updated `deny_access` matcher to assert against configured redirect location
rather than hard coded `/`.
[1.14.1]: https://github.com/thoughtbot/clearance/compare/v1.14.0...v1.14.1
-------------------------------------------------------------------
Sat Apr 30 04:30:55 UTC 2016 - coolo@suse.com
- updated to version 1.14.0
see installed NEWS.md
## [1.14.0] - April 29, 2016
### Added
- `Clearance::BackDoor` now accepts a block, allowing the user for a test to be
looked up by a parameter other than `id` if you have overridden `to_param` for
the `User` model.
### Fixed
- We now correctly track the dirty state of `User#encrypted_password`, which
fixes custom validations on `User#password` (e.g. validating password length)
that were conditional on the password actually changing.
- The `clearance:install` generator will now generate a `User` model that
inherits from `ApplicationRecord` if run on a Rails 5 app that doesn't already
have a `User` model.
### Deprecated
- `User#password_changing` is deprecated in favor of automatic dirty tracking on
`encrypted_password` and `password`. If you are calling this in your
application you should be able to remove it.
[1.14.0]: https://github.com/thoughtbot/clearance/compare/v1.13.0...v1.14.0
-------------------------------------------------------------------
Sun Mar 6 05:28:22 UTC 2016 - coolo@suse.com
- updated to version 1.13.0
see installed NEWS.md
## [1.13.0] - March 4, 2016
### Added
- Clearance now supports Rails 5.0.0.beta3 and newer.
### Fixed
- Clearance will now infer the parameter name to use when accessing user
parameters in a request. This previously used `:user`, which was incorrect for
customized user models.
- Generated feature specs no longer rely on RSpec monkey patches.
[1.13.0]: https://github.com/thoughtbot/clearance/compare/v1.12.1...v1.13.0
-------------------------------------------------------------------
Thu Jan 21 05:31:37 UTC 2016 - coolo@suse.com
- updated to version 1.12.1
see installed NEWS.md
## [1.12.1] - January 7, 2016
### Fixed
- Fixed the `create_users` migration generated by `rails generate
clearance:install` under Rails 3.x.
-------------------------------------------------------------------
Wed Nov 18 05:33:13 UTC 2015 - coolo@suse.com
- updated to version 1.12.0
see installed NEWS.md
## [1.12.0] - November 17, 2015
### Added
- Users will now see a flash message when redirected to sign in by
`require_login`. This I18n key for this message is
`flashes.failure_when_not_signed_in` and defaults to "Please sign in to
continue".
- Added significant API documentation. API documentation effort is ongoing.
### Fixed
- Fixed expectation in the generated `visitor_resets_password_spec.rb` file.
- Corrected indentation of routes inserted by the routes generator.
- Corrected indentation of `include Clearance::User` when the install generator
adds it to an existing user class.
[1.12.0]: https://github.com/thoughtbot/clearance/compare/v1.11.0...v1.12.0
-------------------------------------------------------------------
Sat Aug 22 04:30:49 UTC 2015 - coolo@suse.com
- updated to version 1.11.0
see installed NEWS.md
-------------------------------------------------------------------
Sat May 16 04:28:57 UTC 2015 - coolo@suse.com
- updated to version 1.10.1
see installed NEWS.md
## [1.10.1] - May 15, 2015
### Deprecated
- All clearance-provided password strategies other than BCrypt have been
deprecated. You can continue to use those strategies without a deprecation
warning by adding `clearance-deprecated_password_strategies` to your Gemfile.
[1.10.1]: https://github.com/thoughtbot/clearance/compare/v1.9.0...v1.10.1
-------------------------------------------------------------------
Sun Apr 5 04:32:02 UTC 2015 - coolo@suse.com
- updated to version 1.9.0
-------------------------------------------------------------------
Wed Mar 4 05:29:30 UTC 2015 - coolo@suse.com
- updated to version 1.8.1
-------------------------------------------------------------------
Tue Feb 10 17:30:33 UTC 2015 - coolo@suse.com
- updated to version 1.8.0
-------------------------------------------------------------------
Mon Oct 13 05:47:50 UTC 2014 - coolo@suse.com
- adapt to new rubygem packaging
-------------------------------------------------------------------
Mon Jul 21 08:11:02 UTC 2014 - coolo@suse.com
- updated to version 1.4.0
* The sign out link in the default application layout has been replaced with a
semantically correct sign out button. This also removes an unnecessary
JavaScript dependency.
* Clearance now uses `original_fullpath` when redirecting to a saved URL after
login. This should improve the behavior in mounted engines.
* `user_params` method was added to `Clearance::UsersController` which provides
a convenient place to override the parameters used when creating users.
* Controllers now inherit from `Clearance::BaseController` to allow for easily
adding behavior to all of them.
-------------------------------------------------------------------
Sat Mar 15 18:46:01 UTC 2014 - coolo@suse.com
- updated to version 1.3.0
* Installing Clearance with an existing User model will now create a migration
that includes adding remember tokens to all existing user records.
New for 1.2.1 (March 6, 2014):
* Query string is now included in the redirect URL when Clearance redirects to a
previously stored URL.
New for 1.2.0 (February 28, 2014):
* Support for Rails 4.1.0.rc1
* `clearance/testing` is now deprecated. Require `clearance/rspec` or
`clearance/test_unit` as appropriate.
* Sign in failure message is now customized exclusively via I18n.
`SessionsController#flash_failure_after_create` is no longer called. To
customize the message, change the
`clearance.controllers.sessions.bad_email_or_password` or
`flashes.failure_after_create` key.
* Sign in can now be disabled with `config.allow_sign_in = false`
-------------------------------------------------------------------
Fri Nov 22 08:40:35 UTC 2013 - coolo@suse.com
- updated to version 1.1.0
* Validate email with `EmailValidator` [strict mode][strict].
* The `cookie_expiration` configuration lambda can now be called with a
`cookies` parameter. allows the Clearance cookie expiration to be set
according to the value of another cookie (such as `remember_me`).
* A `cookie_expiration` lambda that does not accept this `cookies`
parameter has been deprecated.
* Allow cookie domain and path configuration.
* Add sign in guards.
* Don't allow logins with blank `remember_token`.
[strict]: https://github.com/balexand/email_validator#strict-mode
-------------------------------------------------------------------
Fri Aug 30 10:00:25 UTC 2013 - coolo@suse.com
- updated to version 1.0.1
* Fix an issue when trying to sign in with `nil`
-------------------------------------------------------------------
Tue Aug 6 17:45:15 UTC 2013 - coolo@suse.com
- updated to version 1.0.0
-------------------------------------------------------------------
Wed Aug 1 05:02:53 UTC 2012 - coolo@suse.com
- updated to version 0.16.3
-------------------------------------------------------------------
Thu Sep 23 20:46:05 UTC 2010 - fcastelli@novell.com
- fixed a packaging error: one of test files was looking for ruby
under mac ports path. That caused an unsolved dependency.
-------------------------------------------------------------------
Fri Jun 11 14:11:16 UTC 2010 - mrueckert@suse.de
- update to version 0.8.8
* Fixed sign_in and sign_out not setting current_user (Joe Ferris)
- additional changes from version 0.8.7 (02/21/2010)
* [#43] Fixed global sign out bug. (Ryan McGreary)
* [#69] Allow Rails apps to before_filter :authenticate the
entire app in ApplicationController and still have password
recovery work without overriding any controllers.
(Claudio Poli, Dan Croak)
* [#72] #[21] Rails3 fix for ActionController/ActionDispatch
change. (Joseph Holsten, Peter Haza, Dan Croak)
- additional changes from version 0.8.6 (02/17/2010)
* Clearance features capitalization should match view text
(Bobby Wilson)
* [#39] skip :authenticate before_filter in controllers so apps
can easily authenticate a whole site without subclassing
(Matthew Ford)
* [#45] Added randomness to token and salt generation
(Ryan McGeary)
* [#43] Reset the remember_token on sign out instead of sign in.
Allows for the same user to sign in from two locations at once.
(Ryan McGeary)
* [#62] Append the version number to generated update migrations
(Joe Ferris)
* Allow overridden user models to skip email/password validations
conditionally. This makes username/facebook integration easier.
(Joe Ferris)
- additional changes from version 0.8.5 (01/20/2010)
* replaced routing hack with Clearance::Routes.draw(map) to give
more control to the application developer. (Dan Croak)
* removed attr_accessible from Clearance::User. (Dan Croak)
* fixed bug in password reset feature. (Ben Orenstein, Dan Croak)
* use Jeweler for gemming. (Dan Croak)
* remove dependency on root_path, use '/' instead. (Dan Croak)
* use Clearance.configure block to set mailer sender instead of
DO_NOT_REPLY constant. (Dan Croak)
-------------------------------------------------------------------
Fri Jun 11 10:00:01 UTC 2010 - mrueckert@suse.de
- use rubygems_requires macro
-------------------------------------------------------------------
Mon Dec 21 19:00:17 UTC 2009 - prusnak@suse.cz
- created package
