[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-7822":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":16,"stars30d":17,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":28,"readmeContent":29,"aiSummary":30,"trendingCount":16,"starSnapshotCount":16,"syncStatus":31,"lastSyncTime":32,"discoverSource":33},7822,"clearance","thoughtbot\u002Fclearance","thoughtbot","Rails authentication with email & password.","https:\u002F\u002Fthoughtbot.com",null,"Ruby",3735,465,64,27,0,1,30.01,"MIT License",false,"main",true,[5,24,25,26,27,7],"rails","rails-authentication","ruby","rubygem","2026-06-12 02:01:45","# Clearance\n\n[![Build Status](https:\u002F\u002Fgithub.com\u002Fthoughtbot\u002Fclearance\u002Factions\u002Fworkflows\u002Ftests.yml\u002Fbadge.svg)]( https:\u002F\u002Fgithub.com\u002Fthoughtbot\u002Fclearance\u002Factions\u002Fworkflows\u002Ftests.yml?query=branch%3Amain)\n[![Documentation Quality](https:\u002F\u002Finch-ci.org\u002Fgithub\u002Fthoughtbot\u002Fclearance.svg?branch=main)](https:\u002F\u002Finch-ci.org\u002Fgithub\u002Fthoughtbot\u002Fclearance)\n\nRails authentication with email & password.\n\nClearance is intended to be small, simple, and well-tested. It has opinionated\ndefaults but is intended to be easy to override.\n\nPlease use [GitHub Issues] to report bugs. If you have a question about the\nlibrary, please use the `clearance` tag on [Stack Overflow]. This tag is\nmonitored by contributors.\n\n[GitHub Issues]: https:\u002F\u002Fgithub.com\u002Fthoughtbot\u002Fclearance\u002Fissues\n[Stack Overflow]: http:\u002F\u002Fstackoverflow.com\u002Fquestions\u002Ftagged\u002Fclearance\n\n## Getting Started\n\nClearance is a Rails engine tested against Rails `>= 7.2` and Ruby `>= 3.3.11`.\n\nYou can add it to your Gemfile with:\n\n```sh\ngem \"clearance\"\n```\n\nRun the bundle command to install it.\n\nAfter you install Clearance, you need to run the generator:\n\n```shell\nrails generate clearance:install\n```\n\nThe Clearance install generator:\n\n* Inserts `Clearance::User` into your `User` model\n* Inserts `Clearance::Controller` into your `ApplicationController`\n* Creates an initializer file to allow further configuration.\n* Creates a migration file that either create a users table or adds any necessary\n  columns to the existing table.\n\n## Configure\n\nOverride any of these defaults in `config\u002Finitializers\u002Fclearance.rb`:\n\n```ruby\nClearance.configure do |config|\n  config.allow_sign_up = true\n  config.allow_password_reset = true\n  config.cookie_domain = \".example.com\"\n  config.cookie_expiration = lambda { |cookies| 1.year.from_now.utc }\n  config.cookie_name = \"remember_token\"\n  config.cookie_path = \"\u002F\"\n  config.routes = true\n  config.httponly = true\n  config.mailer_sender = \"reply@example.com\"\n  config.password_strategy = Clearance::PasswordStrategies::BCrypt\n  config.redirect_url = \"\u002F\"\n  config.url_after_destroy = nil\n  config.url_after_denied_access_when_signed_out = nil\n  config.rotate_csrf_on_sign_in = true\n  config.same_site = nil\n  config.secure_cookie = Rails.configuration.force_ssl\n  config.signed_cookie = false\n  config.sign_in_guards = []\n  config.user_model = \"User\"\n  config.parent_controller = \"ApplicationController\"\n  config.sign_in_on_password_reset = false\nend\n```\n\n## Use\n\n### Access Control\n\nUse the `require_login` filter to control access to controller actions.\n\n```ruby\nclass ArticlesController \u003C ApplicationController\n  before_action :require_login\n\n  def index\n    current_user.articles\n  end\nend\n```\n\nClearance also provides routing constraints that can be used to control access\nat the routing layer:\n\n```ruby\nBlog::Application.routes.draw do\n  constraints Clearance::Constraints::SignedIn.new { |user| user.admin? } do\n    root to: \"admin\u002Fdashboards#show\", as: :admin_root\n  end\n\n  constraints Clearance::Constraints::SignedIn.new do\n    root to: \"dashboards#show\", as: :signed_in_root\n  end\n\n  constraints Clearance::Constraints::SignedOut.new do\n    root to: \"marketing#index\"\n  end\nend\n```\n\n### Helper Methods\n\nUse `current_user`, `signed_in?`, and `signed_out?` in controllers, views, and\nhelpers. For example:\n\n```erb\n\u003C% if signed_in? %>\n  \u003C%= current_user.email %>\n  \u003C%= button_to \"Sign out\", sign_out_path, method: :delete %>\n\u003C% else %>\n  \u003C%= link_to \"Sign in\", sign_in_path %>\n\u003C% end %>\n```\n\n### Password Resets\n\nWhen a user resets their password, Clearance delivers them an email. You\nshould change the `mailer_sender` default, used in the email's \"from\" header:\n\n```ruby\nClearance.configure do |config|\n  config.mailer_sender = \"reply@example.com\"\nend\n```\n\n### Multiple Domain Support\n\nYou can support multiple domains, or other special domain configurations by\noptionally setting `cookie_domain` as a callable object. The first argument\npassed to the method is an ActionDispatch::Request object.\n\n```ruby\nClearance.configure do |config|\n  config.cookie_domain = lambda { |request| request.host }\nend\n```\n\n### Integrating with Rack Applications\n\nClearance adds its session to the Rack environment hash so middleware and other\nRack applications can interact with it:\n\n```ruby\nclass Bubblegum::Middleware\n  def initialize(app)\n    @app = app\n  end\n\n  def call(env)\n    if env[:clearance].signed_in?\n      env[:clearance].current_user.bubble_gum\n    end\n\n    @app.call(env)\n  end\nend\n```\n\n## Overriding Clearance\n\n### Routes\n\nSee [config\u002Froutes.rb](\u002Fconfig\u002Froutes.rb) for the default set of routes.\n\nAs of Clearance 1.5 it is recommended that you disable Clearance routes and take\nfull control over routing and URL design. This ensures that your app's URL design\nwon't be affected if the gem's routes and URL design are changed.\n\nTo disable the routes, change the `routes` configuration option to false:\n\n```ruby\nClearance.configure do |config|\n  config.routes = false\nend\n```\n\nYou can optionally run `rails generate clearance:routes` to dump a copy of the\ndefault routes into your application for modification.\n\n### Controllers\n\nSee [app\u002Fcontrollers\u002Fclearance](\u002Fapp\u002Fcontrollers\u002Fclearance) for the default\nbehavior. Many protected methods were extracted in these controllers in an\nattempt to make overrides and hooks simpler.\n\nTo override a Clearance controller, subclass it and update the routes to\npoint to your new controller (see the \"Routes\" section).\n\n```ruby\nclass PasswordsController \u003C Clearance::PasswordsController\nclass SessionsController \u003C Clearance::SessionsController\nclass UsersController \u003C Clearance::UsersController\n```\n\n### Redirects\n\nThe post-action redirects in Clearance are simple methods which can be\noverridden one by one, or configured globally.\n\nThese \"success\" methods are called for signed in users, and redirect to\n`Clearance.configuration.redirect_url` (which is `\u002F` by default):\n\n- `passwords#url_after_update`\n- `sessions#url_after_create`\n- `sessions#url_for_signed_in_users`\n- `users#url_after_create`\n- `application#url_after_denied_access_when_signed_in`\n\nTo override them all at once, change the global configuration of `redirect_url`.\nTo change individual URLs, override the appropriate method in your subclassed\ncontroller.\n\nThese \"failure\" methods are called for signed out sessions:\n\n- `application#url_after_denied_access_when_signed_out`\n- `sessions#url_after_destroy`\n\nYou can override the appropriate method in your subclassed controller or you\ncan set a configuration value for either of these URLs:\n\n- `Clearance.configuration.url_after_denied_access_when_signed_out`\n- `Clearance.configuration.url_after_destroy`\n\nBoth configurations default to `nil` and if not set will default to\n`sign_in_url` in `sessions_controller.rb` and `authorization.rb` for backwards\ncompatibility.\n\n\n### Views\n\nSee [app\u002Fviews](\u002Fapp\u002Fviews) for the default behavior.\n\nTo override a view, create your own copy of it:\n\n```\napp\u002Fviews\u002Fclearance_mailer\u002Fchange_password.html.erb\napp\u002Fviews\u002Fpasswords\u002Fcreate.html.erb\napp\u002Fviews\u002Fpasswords\u002Fedit.html.erb\napp\u002Fviews\u002Fpasswords\u002Fnew.html.erb\napp\u002Fviews\u002Fsessions\u002F_form.html.erb\napp\u002Fviews\u002Fsessions\u002Fnew.html.erb\napp\u002Fviews\u002Fusers\u002F_form.html.erb\napp\u002Fviews\u002Fusers\u002Fnew.html.erb\n```\n\nYou can use the Clearance views generator to copy the default views to your\napplication for modification.\n\n```shell\nrails generate clearance:views\n```\n\n### Layouts\n\nBy default, Clearance uses your application's default layout. If you would like\nto change the layout that Clearance uses when rendering its views, simply\nspecify the layout in the `config\u002Fapplication.rb`\n\n```ruby\nconfig.to_prepare do\n  Clearance::PasswordsController.layout \"my_passwords_layout\"\n  Clearance::SessionsController.layout \"my_sessions_layout\"\n  Clearance::UsersController.layout \"my_admin_layout\"\nend\n```\n\n### Translations\n\nAll flash messages and email subject lines are stored in [i18n translations].\nOverride them like any other translation.\n\n[i18n translations]: http:\u002F\u002Fguides.rubyonrails.org\u002Fi18n.html\n\nSee [config\u002Flocales\u002Fclearance.en.yml](\u002Fconfig\u002Flocales\u002Fclearance.en.yml) for the\ndefault behavior.\n\nYou can also install [clearance-i18n](https:\u002F\u002Fgithub.com\u002Fthoughtbot\u002Fclearance-i18n)\nfor access to additional, user-contributed translations.\n\n### User Model\n\nSee [lib\u002Fclearance\u002Fuser.rb](\u002Flib\u002Fclearance\u002Fuser.rb) for the default behavior.\nYou can override those methods as needed.\n\nNote that there are some model-level validations (see above link for detail)\nwhich the `Clearance::User` module will add to the configured model class and\nwhich may conflict with or duplicate already present validations on the `email`\nand `password` attributes. Over-riding the `email_optional?` or\n`skip_password_validation?` methods to return `true` will disable those\nvalidations from being added.\n\n### Signed Cookies\n\nBy default, Clearance uses unsigned cookies. If you would like to use signed\ncookies you can do so by overriding the default in an initializer like so:\n\n```ruby\nClearance.configure do |config|\n  # ... other overrides\n  config.signed_cookie = true\nend\n```\n\nIf you are currently not using signed cookies but would like to migrate your\nusers over to them without breaking current sessions, you can do so by passing\nin `:migrate` rather than `true` as so:\n\n```ruby\nClearance.configure do |config|\n  # ... other overrides\n  config.signed_cookie = :migrate\nend\n```\n\nYou can read more about signed cookies in Clearance and why they are a good idea\nin the [pull request that added them](https:\u002F\u002Fgithub.com\u002Fthoughtbot\u002Fclearance\u002Fpull\u002F917).\n\n\n## Extending Sign In\n\nBy default, Clearance will sign in any user with valid credentials. If you need\nto support additional checks during the sign in process then you can use the\nSignInGuard stack. For example, using the SignInGuard stack, you could prevent\nsuspended users from signing in, or require that users confirm their email\naddress before accessing the site.\n\n`SignInGuard`s offer fine-grained control over the process of\nsigning in a user. Each guard is run in order and hands the session off to\nthe next guard in the stack.\n\nA `SignInGuard` is an object that responds to `call`. It is initialized with a\nsession and the current stack.\n\nOn success, a guard should call the next guard or return `SuccessStatus.new` if\nyou don't want any subsequent guards to run.\n\nOn failure, a guard should call `FailureStatus.new(failure_message)`. It can\nprovide a message explaining the failure.\n\nFor convenience, a [SignInGuard](lib\u002Fclearance\u002Fsign_in_guard.rb) class has been\nprovided and can be inherited from. The convenience class provides a few methods\nto help make writing guards simple: `success`, `failure`, `next_guard`,\n`signed_in?`, and `current_user`.\n\nHere's an example custom guard to handle email confirmation:\n\n```ruby\nClearance.configure do |config|\n  config.sign_in_guards = [\"EmailConfirmationGuard\"]\nend\n```\n\n```ruby\n# app\u002Fguards\u002Femail_confirmation_guard.rb\nclass EmailConfirmationGuard \u003C Clearance::SignInGuard\n  def call\n    if unconfirmed?\n      failure(\"You must confirm your email address.\")\n    else\n      next_guard\n    end\n  end\n\n  def unconfirmed?\n    signed_in? && !current_user.confirmed_at\n  end\nend\n```\n\n## Testing\n\n### Fast Feature Specs\n\nClearance includes middleware that avoids wasting time spent visiting, loading,\nand submitting the sign in form. It instead signs in the designated user\ndirectly. The speed increase can be [substantial][backdoor].\n\n[backdoor]: http:\u002F\u002Frobots.thoughtbot.com\u002Fpost\u002F37907699673\u002Ffaster-tests-sign-in-through-the-back-door\n\nEnable the Middleware in Test:\n\n```ruby\n# config\u002Fenvironments\u002Ftest.rb\nMyRailsApp::Application.configure do\n  # ...\n  config.middleware.use Clearance::BackDoor\n  # ...\nend\n```\n\nUsage:\n\n```ruby\nvisit root_path(as: user)\n```\n\nAdditionally, if `User#to_param` is overridden, you can pass a block in\norder to override the default behavior:\n\n```ruby\n# config\u002Fenvironments\u002Ftest.rb\nMyRailsApp::Application.configure do\n  # ...\n  config.middleware.use Clearance::BackDoor do |username|\n    Clearance.configuration.user_model.find_by(username: username)\n  end\n  # ...\nend\n```\n\n### Ready Made Feature Specs\n\nIf you're using RSpec, you can generate feature specs to help prevent\nregressions in Clearance's integration with your Rails app over time. These\nfeature specs, will also require `factory_bot_rails`.\n\nTo Generate the clearance specs, run:\n\n```shell\nrails generate clearance:specs\n```\n\n### Controller Test Helpers\n\nTo test controller actions that are protected by `before_action :require_login`,\nrequire Clearance's test helpers in your test suite.\n\nFor `rspec`, add the following line to your `spec\u002Frails_helper.rb` or\n`spec\u002Fspec_helper` if `rails_helper` does not exist:\n\n```ruby\nrequire \"clearance\u002Frspec\"\n```\n\nFor `test-unit`, add this line to your `test\u002Ftest_helper.rb`:\n\n```ruby\nrequire \"clearance\u002Ftest_unit\"\n```\n\n**Note for Rails 5:** the default generated controller tests are now\nintegration tests. You will need to use the\n[backdoor middleware](#fast-feature-specs) instead.\n\nThis will make `Clearance::Controller` methods work in your controllers\nduring functional tests and provide access to helper methods like:\n\n```ruby\nsign_in\nsign_in_as(user)\nsign_out\n```\n\n### View and Helper Spec Helpers\n\nDoes the view or helper you're testing reference `signed_in?`, `signed_out?` or\n`current_user`? If you `require 'clearance\u002Frspec'`, you will have the following\nhelpers available in your view specs:\n\n```ruby\nsign_in\nsign_in_as(user)\n```\n\nThese will make the clearance view helpers work as expected by signing in either\na new instance of your user model (`sign_in`) or the object you pass to\n`sign_in_as`. If you do not call one of these sign in helpers or otherwise set\n`current_user` in your view specs, your view will behave as if there is no\ncurrent user: `signed_in?` will be false and `signed_out?` will be true.\n\n## Contributing\n\nPlease see [CONTRIBUTING.md].\nThank you, [contributors]!\n\n[CONTRIBUTING.md]: \u002FCONTRIBUTING.md\n[contributors]: https:\u002F\u002Fgithub.com\u002Fthoughtbot\u002Fclearance\u002Fgraphs\u002Fcontributors\n\n## Security\n\nFor security issues it's better to contact \u003Csecurity@thoughtbot.com> (See \u003Chttps:\u002F\u002Fthoughtbot.com\u002Fsecurity>)\n\n## License\n\nClearance is copyright © 2009 thoughtbot. It is free software, and may be\nredistributed under the terms specified in the [`LICENSE`] file.\n\n[`LICENSE`]: \u002FLICENSE\n\n\u003C!-- START \u002Ftemplates\u002Ffooter.md -->\n## About thoughtbot\n\n![thoughtbot](https:\u002F\u002Fthoughtbot.com\u002Fthoughtbot-logo-for-readmes.svg)\n\nThis repo is maintained and funded by thoughtbot, inc.\nThe names and logos for thoughtbot are trademarks of thoughtbot, inc.\n\nWe love open source software!\nSee [our other projects][community].\nWe are [available for hire][hire].\n\n[community]: https:\u002F\u002Fthoughtbot.com\u002Fcommunity?utm_source=github\n[hire]: https:\u002F\u002Fthoughtbot.com\u002Fhire-us?utm_source=github\n\n\u003C!-- END \u002Ftemplates\u002Ffooter.md -->\n","Clearance 是一个用于 Rails 应用的邮箱和密码认证解决方案。它提供了用户注册、登录、密码重置等核心功能，并且易于配置和扩展，支持自定义用户模型和控制器。Clearance 以简洁、小巧和经过充分测试著称，适合需要快速集成身份验证机制的 Rails 项目使用。通过简单的 Gem 安装与生成器命令即可完成基本设置，同时开发者可以轻松地在初始化文件中调整各项配置来满足特定需求，如会话管理、邮件发送者地址以及密码策略等。",2,"2026-06-11 03:14:34","top_language"]