Clearance now uses only cookies with a long expiration as its default. The effect is always remembering the user unless they ask to be signed out.
“I’ll never let go, Jack! I’ll never let go!”
A better “remember” default
A couple of weeks ago, I asked how Clearance should handle \“remember me\”
PJ Hyett’s argument won the day:
Assuming people using shared computers can’t remember to log out is insulting at best and annoying to everyone else that has exclusive access. Cookies with long expirations should always be the default.
Clearance, as of today’s 0.8.2 release, works exactly this way.
Cleaner under the hood
Fewer conditionals. No special cases. Just do one thing well.
def current_user - @_current_user ||= (user_from_cookie || user_from_session) + @_current_user ||= user_from_cookie end def user_from_cookie if token = cookies[:remember_token] - return nil unless user = ::User.find_by_remember_token(token) - return user if user.remember? + ::User.find_by_remember_token(token) end end
If you look through the recent commits, it’s a glorious sea of red as lines of code were removed.
Deprecations of shoulda macros
Originally, we had between a dozen and two dozen shoulda macros. They’re almost all deprecated now, continuing a trend over the last six months. The macros that have survived are:
sign_in_as(Factory(:email_confirmed_user)) sign_in sign_out should_deny_access should_forbid
Want to upgrade
You’ll want to:
- migrate your schema
- watch out for a cookies gotcha
- regenerate Cucumber features
- remove the “remember me” checkbox!
Migrate your schema
If you decide to upgrade, you’ll need to migrate your database
schema, as we also finally addressed the
“double duty” that
token_expires_at used to play. It is now split
confirmation_token and a
Like most things in software, this decision comes with a tradeoff. When cookies are set, they are not available until the next request.
So be careful with functional tests that depend that cookies. Try to use the
current_user method where possible.
This is a minor change. They mostly combine “remember me” scenarios into the basic scenario. If you don’t want to run the generator again, you can probably figure out what needs to be altered on your own.
As always, if you find any issues, please report them at Github Issues. Thanks and happy coding!