clearance 0.15.0 → 0.16.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of clearance might be problematic. Click here for more details.

data/.gitignore CHANGED
@@ -1,4 +1,3 @@
1
- pkg
2
1
  *.DS_Store
3
2
  *.swp
4
3
  *.swo
@@ -7,4 +6,5 @@ pkg
7
6
  .bundle
8
7
  db/*.sqlite3
9
8
  log/*.log
9
+ pkg
10
10
  tmp/
@@ -0,0 +1,14 @@
1
+ rvm:
2
+ - ree-1.8.7
3
+ - 1.8.7
4
+ - 1.9.2
5
+ - 1.9.3
6
+ before_install:
7
+ - gem update --system
8
+ script: 'bundle exec rake appraisal spec cucumber'
9
+ gemfile:
10
+ - gemfiles/3.0.9.gemfile
11
+ - gemfiles/3.1.0.gemfile
12
+ branches:
13
+ only:
14
+ - master
@@ -7,7 +7,7 @@ GIT
7
7
  PATH
8
8
  remote: .
9
9
  specs:
10
- clearance (0.15.0)
10
+ clearance (0.16.0)
11
11
  diesel (~> 0.1.5)
12
12
  rails (>= 3.0)
13
13
 
@@ -45,7 +45,7 @@ GEM
45
45
  appraisal (0.3.8)
46
46
  bundler
47
47
  rake
48
- arel (3.0.0)
48
+ arel (3.0.2)
49
49
  aruba (0.4.6)
50
50
  bcat (>= 0.6.1)
51
51
  childprocess (>= 0.2.0)
@@ -162,7 +162,7 @@ GEM
162
162
  treetop (1.4.10)
163
163
  polyglot
164
164
  polyglot (>= 0.3.1)
165
- tzinfo (0.3.31)
165
+ tzinfo (0.3.32)
166
166
  xpath (0.1.4)
167
167
  nokogiri (~> 1.3)
168
168
 
@@ -1,15 +1,22 @@
1
- 0.14.0
2
- -------------------
1
+ New for 0.16.0:
2
+
3
+ * Blowfish password encryption strategy (Chris Dillon)
4
+
5
+ New for 0.15.0:
6
+
7
+ * The User model can be swapped out using the Clearance.configure method.
8
+ * Remove User::InstanceMethods to silence a Rails 3.2 deprecation warning.
9
+ * Bump development dependency of cucumber-rails to 1.1.1.
10
+
11
+ New for 0.14.0:
3
12
 
4
13
  * Support clearance session management from the Rack environment (Joe Ferris)
5
14
 
6
- 0.13.2
7
- -------------------
15
+ New for 0.13.2:
8
16
 
9
17
  * Fixed the denies_access matcher (Chad Pytel, Joe Ferris)
10
18
 
11
- 0.13.0
12
- -------------------
19
+ New for 0.13.0:
13
20
 
14
21
  * [#170] In Clearance's optional generated features, use pure Capybara instead of depending on Cucumber's removed web_steps, paths, and selectors. (Dan Croak)
15
22
  * [#167] Extract SHA-1-specific code out of `User` into `PasswordStrategies` module. (Vladimir Andrijevik)
@@ -17,8 +24,7 @@
17
24
  * [#165] Test against Rails 3.1. (Dan Croak) Required upgrades to Diesel and Appraisal. (Dan Croak, Mike Burns, Chad Pytel)
18
25
  * [#160] Improved README documentation for overrides. (Dan Croak)
19
26
 
20
- 0.12.0
21
- -------------------
27
+ New for 0.12.0:
22
28
 
23
29
  * [#129] Denying access redirects to root_url when signed in, sign_in_url when signed out. (Dan Croak)
24
30
  * Using flash :notice key everywhere now instead of :success and :failure. More in line with Rails conventions. (Dan Croak)
@@ -26,15 +32,13 @@
26
32
  * [#147] Resetting password no longer redirects to sign in page. It displays a message telling them to look for an email. (Dan Croak)
27
33
  * Removed redundant flash messages. ("Signed in.", "Signed out.", and "You are now signed up.") (Dan Croak)
28
34
 
29
- 0.11.2
30
- -------------------
35
+ New for 0.11.2:
31
36
 
32
37
  * Rails 3.1.rc compatible. (Prem Sichanugrist and Dan Croak)
33
38
  * Cucumber features no longer require password. (Dan Croak)
34
39
  * No more Clearance shoulda_macros. Instead providing RSpec- and Test::Unit-compliant test matchers (sign_in, sign_in_as, should deny_access, etc). (Dan Croak)
35
40
 
36
- 0.11.1
37
- -------------------
41
+ New for 0.11.1:
38
42
 
39
43
  * [#146] Redirect to home page after sign up. (Dan Croak)
40
44
  * [#145] Remove dependency on dynamic_form. Replaced with flashes due to limited number of failure cases. (Dan Croak)
@@ -42,21 +46,18 @@
42
46
  * [#148] Removing :case_sensitive option from validates_uniqueness_of. It was unnecessary and causes a small performance problem on some apps. (Dan Croak)
43
47
  * Only development dependency in gemspec should be bundler. All others are derived by bundling. (Dan Croak)
44
48
 
45
- 0.11.0
46
- -------------------
49
+ New for 0.11.0:
47
50
 
48
51
  * [#141] Removing password confirmation. (Dan Croak)
49
52
  * [#143] Use ActiveSupport::Concern and ActiveSupport::SecureRandom to clean up code. (Dan Croak)
50
53
  * New controller#authenticate(params) method. Redefine username & password or other styles of authentication. (Dan Croak)
51
54
  * before_filter :authenticate API replaced with more aptly-named before_filter :authorize. (Dan Croak)
52
55
 
53
- 0.10.5
54
- -------------------
56
+ New for 0.10.5:
55
57
 
56
58
  * Closing CSRF hole for Rails >= 3.0.4 apps (Mack Earnhardt)
57
59
 
58
- 0.10.4
59
- ------------------
60
+ New for 0.10.4:
60
61
 
61
62
  * Formtastic views generator removed. (Dan Croak)
62
63
  * Emails forced to be downcased (particularly for iPhone user case). (Adam Conrad)
@@ -64,23 +65,19 @@
64
65
  * [#135] Password reset requires a password. (Joel Meador)
65
66
  * [#138] Use HTML5 email fields. (Dan Croak)
66
67
 
67
- 0.10.3.2
68
- ------------------
68
+ New for 0.10.3.2:
69
69
 
70
70
  * Fix gemspec to include all necessary files.
71
71
 
72
- 0.10.3.1
73
- ------------------
72
+ New for 0.10.3.1:
74
73
 
75
74
  * Ensure everything within features inside any engine directory is included in the gemspec
76
75
 
77
- 0.10.3
78
- ------------------
76
+ New for 0.10.3:
79
77
 
80
78
  * Include features/engines in gemspec file list so generator works as expected
81
79
 
82
- 0.10.2
83
- ------------------
80
+ New for 0.10.2:
84
81
 
85
82
  * Replaced test/rails_root & general testing strategy with Diesel. (Joe Ferris)
86
83
  * Conveniences in factories for password/confirmation.
@@ -88,14 +85,12 @@
88
85
  * Step definitions are now prefixed with visitor_ to use thoughtbot convention. (Dan Croak)
89
86
  * When Clearance installed in an app that already has users, allow old users to sign in by resetting their password.
90
87
 
91
- 0.10.1
92
- ------------------
88
+ New for 0.10.1:
93
89
 
94
90
  * replaced ActionController::Forbidden with a user-friendly flash message. (Dan Croak)
95
91
  * improved language of Cucumber steps by allowing a little more flexibility. (Dan Croak)
96
92
 
97
- 0.10.0
98
- ------------------
93
+ New for 0.10.0:
99
94
 
100
95
  * Lots of README cleanup
101
96
  * Better email validation regex
@@ -106,27 +101,23 @@
106
101
  https://github.com/rails/jquery-ujs/issues#issue/30
107
102
  http://bugs.jquery.com/ticket/7061
108
103
 
109
- 0.9.1
110
- ------------------
104
+ New for 0.9.1:
111
105
 
112
106
  Forgot to update the changelog in a while, this is going to be brief:
113
107
 
114
108
  * This release supports Rails 3, capybara, and shoulda 2.10+.
115
109
 
116
- 0.8.9
117
- ------------------
110
+ New for 0.8.9:
118
111
 
119
112
  * Removed unnecessary db index. (Rich Thornett, doctorzaius)
120
113
  * [#79] Allow customization of cookie duration. (Ron Newman, Dan Croak)
121
114
  * [#77] rake generator:cleanup needed to be... cleaned up. (Ron Newman)
122
115
 
123
- 0.8.8 (02/25/2010)
124
- ------------------
116
+ New for 0.8.8 (02/25/2010):
125
117
 
126
118
  * Fixed sign_in and sign_out not setting current_user (Joe Ferris)
127
119
 
128
- 0.8.7 (02/21/2010)
129
- ------------------
120
+ New for 0.8.7 (02/21/2010):
130
121
 
131
122
  * [#43] Fixed global sign out bug. (Ryan McGreary)
132
123
  * [#69] Allow Rails apps to before_filter :authenticate the entire app
@@ -135,8 +126,7 @@ overriding any controllers. (Claudio Poli, Dan Croak)
135
126
  * [#72] #[21] Rails3 fix for ActionController/ActionDispatch change.
136
127
  (Joseph Holsten, Peter Haza, Dan Croak)
137
128
 
138
- 0.8.6 (02/17/2010)
139
- ------------------
129
+ New for 0.8.6 (02/17/2010):
140
130
 
141
131
  * Clearance features capitalization should match view text (Bobby Wilson)
142
132
  * [#39] skip :authenticate before_filter in controllers so apps can easily
@@ -148,8 +138,7 @@ user to sign in from two locations at once. (Ryan McGeary)
148
138
  * Allow overridden user models to skip email/password validations
149
139
  conditionally. This makes username/facebook integration easier. (Joe Ferris)
150
140
 
151
- 0.8.5 (01/20/2010)
152
- ------------------
141
+ New for 0.8.5 (01/20/2010):
153
142
 
154
143
  * replaced routing hack with Clearance::Routes.draw(map) to give
155
144
  more control to the application developer. (Dan Croak)
@@ -160,42 +149,36 @@ more control to the application developer. (Dan Croak)
160
149
  * use Clearance.configure block to set mailer sender instead of
161
150
  DO_NOT_REPLY constant. (Dan Croak)
162
151
 
163
- 0.8.4 (12/08/2009)
164
- ------------------
152
+ New for 0.8.4 (12/08/2009):
165
153
 
166
154
  * [#48] remove unnecessary require 'factory_girl' in generator (Dan Croak)
167
155
  * reference gemcutter (not github) as the gem source in README (Dan Croak)
168
156
  * add IRC, rdoc.info links to README (Dan Croak)
169
157
  * move user confirmation email trigger into model (Chad Pytel)
170
158
 
171
- 0.8.3 (09/21/2009)
172
- ------------------
159
+ New for 0.8.3 (09/21/2009):
173
160
 
174
161
  * [#27] remove class_eval in Clearance::Authentication. (Anuj Dutta)
175
162
  * Avoid possible collisions in the remember me token (Joe Ferris)
176
163
 
177
- 0.8.2 (09/01/2009)
178
- ------------------
164
+ New for 0.8.2 (09/01/2009):
179
165
 
180
166
  * current_user= accessor method. (Joe Ferris, Josh Clayton)
181
167
  * set current_user in sign_in. (Jon Yurek)
182
168
 
183
- 0.8.1 (08/31/2009)
184
- ------------------
169
+ New for 0.8.1 (08/31/2009):
185
170
 
186
171
  * Removed unnecessary remember_token_expires_at column and the
187
172
  remember? and forget_me! user instance methods. (Dan Croak)
188
173
 
189
- 0.8.0 (08/31/2009)
190
- ------------------
174
+ New for 0.8.0 (08/31/2009):
191
175
 
192
176
  * Always remember me. Replaced session-and-remember-me authentication with
193
177
  always using a cookie with a long timeout. (Dan Croak)
194
178
  * Documented Clearance::Authentication with YARD. (Dan Croak)
195
179
  * Documented Clearance::User with YARD. (Dan Croak)
196
180
 
197
- 0.7.0 (08/04/2009)
198
- ------------------
181
+ New for 0.7.0 (08/04/2009):
199
182
 
200
183
  * Redirect signed in user who clicks confirmation link again. (Dan Croak)
201
184
  * Redirect signed out user who clicks confirmation link again. (Dan Croak)
@@ -204,21 +187,18 @@ Croak)
204
187
  * Added clearance_views generator. By default, creates formtastic views which
205
188
  pass all tests and features. (Dan Croak)
206
189
 
207
- 0.6.9 (07/04/2009)
208
- ------------------
190
+ New for 0.6.9 (07/04/2009):
209
191
 
210
192
  * Added timestamps to create users migration. (Dan Croak)
211
193
  * Ready for Ruby 1.9. (Jason Morrison, Nick Quaranto)
212
194
 
213
- 0.6.8 (06/24/2009)
214
- ------------------
195
+ New for 0.6.8 (06/24/2009):
215
196
 
216
197
  * Added defined? checks for various Rails constants such as ActionController
217
198
  for easier unit testing of Clearance extensions... particularly ActiveRecord
218
199
  extensions... particularly strong_password. (Dan Croak)
219
200
 
220
- 0.6.7 (06/13/2009)
221
- ------------------
201
+ New for 0.6.7 (06/13/2009):
222
202
 
223
203
  * [#30] Added sign_up, sign_in, sign_out named routes. (Dan Croak)
224
204
  * [#22] Minimizing Reek smell: Duplication in redirect_back_or. (Dan Croak)
@@ -230,19 +210,16 @@ Croak)
230
210
  * README improvements. (Dan Croak)
231
211
  * Move routes loading to separate file. (Joshua Clayton)
232
212
 
233
- 0.6.6 (05/18/2009)
234
- ------------------
213
+ New for 0.6.6 (05/18/2009):
235
214
 
236
215
  * [#14] replaced class_eval in Clearance::User with modules. This was needed
237
216
  in a thoughtbot client app so we could write our own validations. (Dan Croak)
238
217
 
239
- 0.6.5 (05/17/2009)
240
- ------------------
218
+ New for 0.6.5 (05/17/2009):
241
219
 
242
220
  * [#6] Make Clearance i18n aware. (Timur Vafin, Marcel Goerner, Eugene Bolshakov, Dan Croak)
243
221
 
244
- 0.6.4 (05/12/2009)
245
- ------------------
222
+ New for 0.6.4 (05/12/2009):
246
223
 
247
224
  * Moved issue tracking to Github from Lighthouse. (Dan Croak)
248
225
  * [#7] asking higher-level questions of controllers in webrat steps, such as signed_in? instead of what's in the session. same for accessors. (Dan Croak)
@@ -250,26 +227,22 @@ in a thoughtbot client app so we could write our own validations. (Dan Croak)
250
227
  * [#13] move private methods on sessions controller into Clearance::Authentication module (Dan Croak)
251
228
  * [#9] audited flash keys. (Dan Croak)
252
229
 
253
- 0.6.3 (04/23/2009)
254
- ------------------
230
+ New for 0.6.3 (04/23/2009):
255
231
 
256
232
  * Scoping ClearanceMailer properly within controllers so it works in production environments. (Nick Quaranto)
257
233
 
258
- 0.6.2 (04/22/2009)
259
- ------------------
234
+ New for 0.6.2 (04/22/2009):
260
235
 
261
236
  * Insert Clearance::User into User model if it exists. (Nick Quaranto)
262
237
  * World(NavigationHelpers) Cucumber 3.0 style. (Shay Arnett & Mark Cornick)
263
238
 
264
- 0.6.1 (04/21/2009)
265
- ------------------
239
+ New for 0.6.1 (04/21/2009):
266
240
 
267
241
  * Scope operators are necessary to keep Rails happy. Reverting the original
268
242
  revert so they're back in the library now for constants referenced inside of
269
243
  the gem. (Nick Quaranto)
270
244
 
271
- 0.6.0 (04/21/2009)
272
- ------------------
245
+ New for 0.6.0 (04/21/2009):
273
246
 
274
247
  * Converted Clearance to a Rails engine. (Dan Croak & Joe Ferris)
275
248
  * Include Clearance::User in User model in app. (Dan Croak & Joe Ferris)
@@ -293,39 +266,33 @@ Quaranto)
293
266
  * Made the clearance controllers unloadable to stop constant loading errors in
294
267
  development mode (Nick Quaranto)
295
268
 
296
- 0.5.6 (4/11/2009)
297
- -----------------
269
+ New for 0.5.6 (4/11/2009):
298
270
 
299
271
  * [#57] Step definition changed for "User should see error messages" so
300
272
  features won't fail for certain validations. (Nick Quaranto)
301
273
 
302
- 0.5.5 (3/23/2009)
303
- -----------------
274
+ New for 0.5.5 (3/23/2009):
304
275
 
305
276
  * Removing duplicate test to get rid of warning. (Nick Quaranto)
306
277
 
307
- 0.5.4 (3/21/2009)
308
- -----------------
278
+ New for 0.5.4 (3/21/2009):
309
279
 
310
280
  * When users fail logging in, redirect them instead of rendering. (Matt
311
281
  Jankowski)
312
282
 
313
- 0.5.3 (3/5/2009)
314
- ----------------
283
+ New for 0.5.3 (3/5/2009):
315
284
 
316
285
  * Clearance now works with (and requires) Shoulda 2.10.0. (Mark Cornick, Joe
317
286
  Ferris, Dan Croak)
318
287
  * Prefer flat over nested contexts in sessions_controller_test. (Joe Ferris,
319
288
  Dan Croak)
320
289
 
321
- 0.5.2 (3/2/2009)
322
- ----------------
290
+ New for 0.5.2 (3/2/2009):
323
291
 
324
292
  * Fixed last remaining errors in Rails 2.3 tests. Now fully compatible. (Joe
325
293
  Ferris, Dan Croak)
326
294
 
327
- 0.5.1 (2/27/2009)
328
- -----------------
295
+ New for 0.5.1 (2/27/2009):
329
296
 
330
297
  * [#46] A user with unconfirmed email who resets password now confirms email.
331
298
  (Marcel Görner)
@@ -337,8 +304,7 @@ application.rb in Rails 2.3 apps. (Dan Croak)
337
304
  * [#42] Bug fix. Rack-based session change altered how to test remember me
338
305
  cookie. (Mihai Anca)
339
306
 
340
- 0.5.0 (2/27/2009)
341
- -----------------
307
+ New for 0.5.0 (2/27/2009):
342
308
 
343
309
  * Fixed problem with Cucumber features. (Dan Croak)
344
310
  * Fixed mising HTTP fluency use case. (Dan Croak)
@@ -346,8 +312,7 @@ cookie. (Mihai Anca)
346
312
  Croak)
347
313
  * Refactored User unit tests to be more readable. (Dan Croak)
348
314
 
349
- 0.4.9 (2/20/2009)
350
- -----------------
315
+ New for 0.4.9 (2/20/2009):
351
316
 
352
317
  * Protect passwords & confirmations actions with forbidden filters. (Dan Croak)
353
318
  * Return 403 Forbidden status code in those cases. (Tim Pope)
@@ -357,8 +322,7 @@ Croak)
357
322
  * [#45] Fixed bug that allowed anyone to edit another user's password (Marcel Görner)
358
323
  * Required Factory Girl >= 1.2.0. (Dan Croak)
359
324
 
360
- 0.4.8 (2/16/2009)
361
- -----------------
325
+ New for 0.4.8 (2/16/2009):
362
326
 
363
327
  * Added support paths for Cucumber. (Ben Mabey)
364
328
  * Added documentation for the flash. (Ben Mabey)
@@ -366,20 +330,17 @@ Croak)
366
330
  * Removed interpolated email address from flash message to make i18n easier. (Bence Nagy)
367
331
  * Standardized flash messages that refer to email delivery. (Dan Croak)
368
332
 
369
- 0.4.7 (2/12/2009)
370
- -----------------
333
+ New for 0.4.7 (2/12/2009):
371
334
 
372
335
  * Removed Clearance::Test::TestHelper so there is one less setup step. (Dan Croak)
373
336
  * All test helpers now in shoulda_macros. (Dan Croak)
374
337
 
375
- 0.4.6 (2/11/2009)
376
- -----------------
338
+ New for 0.4.6 (2/11/2009):
377
339
 
378
340
  * Made the modules behave like mixins again. (hat-tip Eloy Duran)
379
341
  * Created Actions and PrivateMethods modules on controllers for future RDoc reasons. (Dan Croak, Joe Ferris)
380
342
 
381
- 0.4.5 (2/9/2009)
382
- ----------------
343
+ New for 0.4.5 (2/9/2009):
383
344
 
384
345
  * [#43] Removed email downcasing because local-part is case sensitive per RFC5321. (Dan Croak)
385
346
  * [#42] Removed dependency on Mocha. (Dan Croak)
@@ -390,8 +351,7 @@ Croak)
390
351
  * Audited "sign up" naming convention. "Register" had slipped in a few places. (Dan Croak)
391
352
  * Switched to SHA1 encryption. Cypher doesn't matter much for email confirmation, password reset. Better to have shorter hashes in the emails for clients who line break on 72 chars. (Dan Croak)
392
353
 
393
- 0.4.4 (2/2/2009)
394
- ----------------
354
+ New for 0.4.4 (2/2/2009):
395
355
 
396
356
  * Added a generator for Cucumber features. (Joe Ferris, Dan Croak)
397
357
  * Standarized naming for "Sign up," "Sign in," and "Sign out". (Dan Croak)
data/README.md CHANGED
@@ -1,4 +1,4 @@
1
- Clearance
1
+ Clearance [![Build Status](https://secure.travis-ci.org/thoughtbot/clearance.png)](http://travis-ci.org/thoughtbot/clearance?branch=master)
2
2
  =========
3
3
 
4
4
  Rails authentication & authorization with email & password.
@@ -195,7 +195,7 @@ By default, Clearance uses SHA1 encryption of the user's password. You can provi
195
195
  def encrypt_password
196
196
  end
197
197
 
198
- See [lib/clearance/password_strategies/sha1.rb](https://github.com/thoughtbot/clearance/blob/master/lib/clearance/password_strategies/sha1.rb) for the default behavior.
198
+ See [lib/clearance/password_strategies/sha1.rb](https://github.com/thoughtbot/clearance/blob/master/lib/clearance/password_strategies/sha1.rb) for the default behavior. Also see [lib/clearance/password_strategies/blowfish.rb](https://github.com/thoughtbot/clearance/blob/master/lib/clearance/password_strategies/blowfish.rb) for another password strategy. Switching password strategies will cause your existing users' passwords to not work.
199
199
 
200
200
  Once you have an API-compliant module, load it with:
201
201
 
@@ -203,6 +203,14 @@ Once you have an API-compliant module, load it with:
203
203
  config.password_strategy = MyPasswordStrategy
204
204
  end
205
205
 
206
+ For example:
207
+
208
+ # default
209
+ config.password_strategy = Clearance::PasswordStrategies::SHA1
210
+ # Blowfish
211
+ config.password_strategy = Clearance::PasswordStrategies::Blowfish
212
+
213
+
206
214
  Optional Cucumber features
207
215
  --------------------------
208
216
 
data/Rakefile CHANGED
@@ -9,12 +9,12 @@ require 'diesel/tasks'
9
9
  require 'rspec/core/rake_task'
10
10
  require 'appraisal'
11
11
 
12
- desc "Default: run the specs and cucumber features"
12
+ desc 'Default: run the specs and cucumber features'
13
13
  task :default => [:all]
14
14
 
15
15
  desc 'Test the plugin under all supported Rails versions.'
16
- task :all => ["appraisal:install"] do |t|
17
- exec('rake appraisal spec cucumber')
16
+ task :all => ['appraisal:install'] do |t|
17
+ exec 'rake appraisal spec cucumber'
18
18
  end
19
19
 
20
20
  RSpec::Core::RakeTask.new(:spec)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.15.0
1
+ 0.16.0
@@ -7,7 +7,7 @@ GIT
7
7
  PATH
8
8
  remote: /home/mike/lib/clearance
9
9
  specs:
10
- clearance (0.15.0)
10
+ clearance (0.16.0)
11
11
  diesel (~> 0.1.5)
12
12
  rails (>= 3.0)
13
13
 
@@ -7,7 +7,7 @@ GIT
7
7
  PATH
8
8
  remote: /home/mike/lib/clearance
9
9
  specs:
10
- clearance (0.15.0)
10
+ clearance (0.16.0)
11
11
  diesel (~> 0.1.5)
12
12
  rails (>= 3.0)
13
13
 
@@ -1,5 +1,6 @@
1
1
  module Clearance
2
2
  module PasswordStrategies
3
3
  autoload :SHA1, 'clearance/password_strategies/sha1'
4
+ autoload :Blowfish, 'clearance/password_strategies/blowfish'
4
5
  end
5
6
  end
@@ -0,0 +1,44 @@
1
+ require 'openssl'
2
+
3
+ module Clearance
4
+ module PasswordStrategies
5
+ module Blowfish
6
+ extend ActiveSupport::Concern
7
+
8
+ # Am I authenticated with given password?
9
+ #
10
+ # @param [String] plain-text password
11
+ # @return [true, false]
12
+ # @example
13
+ # user.authenticated?('password')
14
+ def authenticated?(password)
15
+ encrypted_password == encrypt(password)
16
+ end
17
+
18
+ protected
19
+
20
+ def encrypt_password
21
+ initialize_salt_if_necessary
22
+ if password.present?
23
+ self.encrypted_password = encrypt(password)
24
+ end
25
+ end
26
+
27
+ def generate_hash(string)
28
+ cipher = OpenSSL::Cipher::Cipher.new('bf-cbc').encrypt
29
+ cipher.key = Digest::SHA256.digest(salt)
30
+ cipher.update(string) << cipher.final
31
+ end
32
+
33
+ def encrypt(string)
34
+ generate_hash("--#{salt}--#{string}--")
35
+ end
36
+
37
+ def initialize_salt_if_necessary
38
+ if salt.blank?
39
+ self.salt = generate_random_code
40
+ end
41
+ end
42
+ end
43
+ end
44
+ end
@@ -0,0 +1,45 @@
1
+ require 'spec_helper'
2
+
3
+ describe Clearance::PasswordStrategies::Blowfish do
4
+ subject do
5
+ Class.new do
6
+ attr_accessor :salt, :password, :encrypted_password
7
+ include Clearance::PasswordStrategies::Blowfish
8
+
9
+ def generate_random_code; "code"; end
10
+ end.new
11
+ end
12
+
13
+ describe "#encrypt_password" do
14
+ context "when the password is set" do
15
+ let(:salt) { "salt" }
16
+ let(:password) { "password" }
17
+
18
+ before do
19
+ subject.salt = salt
20
+ subject.password = password
21
+ subject.send(:encrypt_password)
22
+ end
23
+
24
+ it "should encrypt the password using Blowfish into encrypted_password" do
25
+ cipher = OpenSSL::Cipher::Cipher.new('bf-cbc').encrypt
26
+ cipher.key = Digest::SHA256.digest(salt)
27
+ expected = cipher.update("--#{salt}--#{password}--") << cipher.final
28
+
29
+ subject.encrypted_password.should == expected
30
+ end
31
+ end
32
+
33
+ context "when the salt is not set" do
34
+ before do
35
+ subject.salt = nil
36
+
37
+ subject.send(:encrypt_password)
38
+ end
39
+
40
+ it "should initialize the salt" do
41
+ subject.salt.should_not be_nil
42
+ end
43
+ end
44
+ end
45
+ end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clearance
3
3
  version: !ruby/object:Gem::Version
4
- hash: 35
4
+ hash: 95
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
- - 15
8
+ - 16
9
9
  - 0
10
- version: 0.15.0
10
+ version: 0.16.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Dan Croak
@@ -24,7 +24,7 @@ autorequire:
24
24
  bindir: bin
25
25
  cert_chain: []
26
26
 
27
- date: 2012-02-03 00:00:00 Z
27
+ date: 2012-03-16 00:00:00 Z
28
28
  dependencies:
29
29
  - !ruby/object:Gem::Dependency
30
30
  type: :runtime
@@ -38,9 +38,9 @@ dependencies:
38
38
  - 3
39
39
  - 0
40
40
  version: "3.0"
41
- prerelease: false
42
41
  name: rails
43
42
  version_requirements: *id001
43
+ prerelease: false
44
44
  - !ruby/object:Gem::Dependency
45
45
  type: :runtime
46
46
  requirement: &id002 !ruby/object:Gem::Requirement
@@ -54,9 +54,9 @@ dependencies:
54
54
  - 1
55
55
  - 5
56
56
  version: 0.1.5
57
- prerelease: false
58
57
  name: diesel
59
58
  version_requirements: *id002
59
+ prerelease: false
60
60
  - !ruby/object:Gem::Dependency
61
61
  type: :development
62
62
  requirement: &id003 !ruby/object:Gem::Requirement
@@ -70,9 +70,9 @@ dependencies:
70
70
  - 0
71
71
  - 0
72
72
  version: 1.0.0
73
- prerelease: false
74
73
  name: bundler
75
74
  version_requirements: *id003
75
+ prerelease: false
76
76
  - !ruby/object:Gem::Dependency
77
77
  type: :development
78
78
  requirement: &id004 !ruby/object:Gem::Requirement
@@ -86,9 +86,9 @@ dependencies:
86
86
  - 3
87
87
  - 8
88
88
  version: 0.3.8
89
- prerelease: false
90
89
  name: appraisal
91
90
  version_requirements: *id004
91
+ prerelease: false
92
92
  - !ruby/object:Gem::Dependency
93
93
  type: :development
94
94
  requirement: &id005 !ruby/object:Gem::Requirement
@@ -102,9 +102,9 @@ dependencies:
102
102
  - 1
103
103
  - 1
104
104
  version: 1.1.1
105
- prerelease: false
106
105
  name: cucumber-rails
107
106
  version_requirements: *id005
107
+ prerelease: false
108
108
  - !ruby/object:Gem::Dependency
109
109
  type: :development
110
110
  requirement: &id006 !ruby/object:Gem::Requirement
@@ -118,9 +118,9 @@ dependencies:
118
118
  - 6
119
119
  - 0
120
120
  version: 2.6.0
121
- prerelease: false
122
121
  name: rspec-rails
123
122
  version_requirements: *id006
123
+ prerelease: false
124
124
  - !ruby/object:Gem::Dependency
125
125
  type: :development
126
126
  requirement: &id007 !ruby/object:Gem::Requirement
@@ -132,9 +132,9 @@ dependencies:
132
132
  segments:
133
133
  - 0
134
134
  version: "0"
135
- prerelease: false
136
135
  name: sqlite3
137
136
  version_requirements: *id007
137
+ prerelease: false
138
138
  - !ruby/object:Gem::Dependency
139
139
  type: :development
140
140
  requirement: &id008 !ruby/object:Gem::Requirement
@@ -146,9 +146,9 @@ dependencies:
146
146
  segments:
147
147
  - 0
148
148
  version: "0"
149
- prerelease: false
150
149
  name: bourne
151
150
  version_requirements: *id008
151
+ prerelease: false
152
152
  - !ruby/object:Gem::Dependency
153
153
  type: :development
154
154
  requirement: &id009 !ruby/object:Gem::Requirement
@@ -160,9 +160,9 @@ dependencies:
160
160
  segments:
161
161
  - 0
162
162
  version: "0"
163
- prerelease: false
164
163
  name: timecop
165
164
  version_requirements: *id009
165
+ prerelease: false
166
166
  description: Rails authentication & authorization with email & password.
167
167
  email: support@thoughtbot.com
168
168
  executables: []
@@ -175,14 +175,13 @@ extra_rdoc_files:
175
175
  files:
176
176
  - .gitignore
177
177
  - .rspec
178
+ - .travis.yml
178
179
  - Appraisals
179
- - CHANGELOG.md
180
180
  - CONTRIBUTING.md
181
- - ChangeLog
182
181
  - Gemfile
183
182
  - Gemfile.lock
184
183
  - LICENSE
185
- - NEWS
184
+ - NEWS.md
186
185
  - README.md
187
186
  - Rakefile
188
187
  - VERSION
@@ -224,6 +223,7 @@ files:
224
223
  - lib/clearance/configuration.rb
225
224
  - lib/clearance/engine.rb
226
225
  - lib/clearance/password_strategies.rb
226
+ - lib/clearance/password_strategies/blowfish.rb
227
227
  - lib/clearance/password_strategies/sha1.rb
228
228
  - lib/clearance/rack_session.rb
229
229
  - lib/clearance/session.rb
@@ -250,6 +250,7 @@ files:
250
250
  - spec/controllers/users_controller_spec.rb
251
251
  - spec/factories.rb
252
252
  - spec/mailers/clearance_mailer_spec.rb
253
+ - spec/models/blowfish_spec.rb
253
254
  - spec/models/clearance_user_spec.rb
254
255
  - spec/models/sha1_spec.rb
255
256
  - spec/models/user_spec.rb
@@ -285,7 +286,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
285
286
  requirements: []
286
287
 
287
288
  rubyforge_project:
288
- rubygems_version: 1.8.11
289
+ rubygems_version: 1.8.17
289
290
  signing_key:
290
291
  specification_version: 3
291
292
  summary: Rails authentication & authorization with email & password.
data/ChangeLog DELETED
@@ -1,26 +0,0 @@
1
- 2012-02-03 Mike Burns <mburns@thoughtbot.com>
2
-
3
- * Gemfile, clearance.gemspec, 3.1.0.gemfile, 3.0.9.gemfile:
4
- Upgrade cucumber-rails, which requires use of the #steps method.
5
- * VERSION:
6
- Bump to 0.15.0
7
-
8
- 2012-02-02 Gabe Berke-Williams <gabe@thoughtbot.com>
9
-
10
- * user.rb:
11
- Remove InstanceMethods module. It's deprecated in 3.2 and unnecessary in all
12
- versions.
13
-
14
- 2012-01-16 Matthew Daubert <mdaubert@gmail.com>
15
-
16
- * clearance_steps.rb:
17
- `When` is deprecated in step definitions, changed to `step`.
18
-
19
- 2011-12-01 Dan Hodge <dan@swipely.com>
20
-
21
- * Rakefile, passwords_controller.rb, users_controller.rb, authentication.rb,
22
- configuration.rb, configuration_spec.rb, passwords_controller_spec.rb,
23
- session.rb:
24
- Optional config param 'user_model_name' added
25
- Defer user_model load so it can be a constant
26
- Find user via the configured user model class
data/NEWS DELETED
@@ -1,5 +0,0 @@
1
- New for 0.15.0:
2
-
3
- * The User model can be swapped out using the Clearance.configure method.
4
- * Remove User::InstanceMethods to silence a Rails 3.2 deprecation warning.
5
- * Bump development dependency of cucumber-rails to 1.1.1.