clearance 0.16.3 → 1.0.0.rc1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of clearance might be problematic. Click here for more details.

Files changed (85) hide show
  1. data/.gitignore +1 -0
  2. data/.travis.yml +0 -2
  3. data/Appraisals +2 -2
  4. data/CONTRIBUTING.md +10 -19
  5. data/Gemfile +1 -1
  6. data/Gemfile.lock +81 -82
  7. data/NEWS.md +17 -4
  8. data/README.md +176 -113
  9. data/app/controllers/clearance/passwords_controller.rb +44 -31
  10. data/app/controllers/clearance/sessions_controller.rb +11 -10
  11. data/app/controllers/clearance/users_controller.rb +8 -12
  12. data/app/mailers/clearance_mailer.rb +4 -5
  13. data/app/views/clearance_mailer/change_password.html.erb +2 -4
  14. data/app/views/layouts/application.html.erb +7 -5
  15. data/app/views/passwords/edit.html.erb +8 -7
  16. data/app/views/passwords/new.html.erb +6 -5
  17. data/app/views/sessions/_form.html.erb +7 -5
  18. data/app/views/sessions/new.html.erb +3 -2
  19. data/app/views/users/_form.html.erb +4 -3
  20. data/clearance.gemspec +29 -27
  21. data/config/routes.rb +10 -13
  22. data/db/migrate/20110111224543_create_clearance_users.rb +18 -0
  23. data/db/schema.rb +4 -5
  24. data/features/engine/visitor_resets_password.feature +0 -7
  25. data/features/engine/visitor_signs_in.feature +7 -0
  26. data/features/engine/visitor_signs_up.feature +2 -2
  27. data/features/integration.feature +0 -1
  28. data/features/integration_with_test_unit.feature +43 -0
  29. data/features/step_definitions/configuration_steps.rb +8 -15
  30. data/features/step_definitions/engine/clearance_steps.rb +38 -38
  31. data/features/support/clearance.rb +1 -1
  32. data/features/support/env.rb +4 -21
  33. data/gemfiles/{3.0.12.gemfile → 3.0.15.gemfile} +1 -1
  34. data/gemfiles/{3.0.12.gemfile.lock → 3.0.15.gemfile.lock} +75 -76
  35. data/gemfiles/{3.2.3.gemfile → 3.1.6.gemfile} +1 -1
  36. data/gemfiles/{3.1.4.gemfile.lock → 3.1.6.gemfile.lock} +79 -80
  37. data/gemfiles/{3.1.4.gemfile → 3.2.6.gemfile} +1 -1
  38. data/gemfiles/{3.2.3.gemfile.lock → 3.2.6.gemfile.lock} +80 -81
  39. data/lib/clearance.rb +1 -0
  40. data/lib/clearance/authentication.rb +37 -69
  41. data/lib/clearance/configuration.rb +3 -18
  42. data/lib/clearance/constraints.rb +2 -0
  43. data/lib/clearance/constraints/signed_in.rb +28 -0
  44. data/lib/clearance/constraints/signed_out.rb +9 -0
  45. data/lib/clearance/engine.rb +4 -4
  46. data/lib/clearance/password_strategies.rb +5 -1
  47. data/lib/clearance/password_strategies/bcrypt.rb +27 -0
  48. data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +52 -0
  49. data/lib/clearance/password_strategies/blowfish.rb +11 -15
  50. data/lib/clearance/password_strategies/fake.rb +23 -0
  51. data/lib/clearance/password_strategies/sha1.rb +15 -21
  52. data/lib/clearance/session.rb +28 -20
  53. data/lib/clearance/testing.rb +8 -3
  54. data/lib/clearance/testing/assertion_error.rb +2 -7
  55. data/lib/clearance/testing/deny_access_matcher.rb +27 -32
  56. data/lib/clearance/testing/helpers.rb +7 -8
  57. data/lib/clearance/user.rb +26 -92
  58. data/lib/clearance/version.rb +1 -1
  59. data/lib/generators/clearance/install/templates/db/migrate/upgrade_clearance_to_diesel.rb +24 -26
  60. data/spec/clearance/constraints/signed_in_spec.rb +51 -0
  61. data/spec/clearance/constraints/signed_out_spec.rb +15 -0
  62. data/spec/clearance/rack_session_spec.rb +8 -7
  63. data/spec/clearance/session_spec.rb +28 -27
  64. data/spec/configuration_spec.rb +7 -6
  65. data/spec/controllers/denies_controller_spec.rb +11 -10
  66. data/spec/controllers/flashes_controller_spec.rb +5 -5
  67. data/spec/controllers/forgeries_controller_spec.rb +9 -9
  68. data/spec/controllers/passwords_controller_spec.rb +42 -55
  69. data/spec/controllers/sessions_controller_spec.rb +26 -33
  70. data/spec/controllers/users_controller_spec.rb +16 -14
  71. data/spec/factories.rb +1 -3
  72. data/spec/mailers/clearance_mailer_spec.rb +4 -4
  73. data/spec/models/bcrypt_migration_from_sha1_spec.rb +71 -0
  74. data/spec/models/bcrypt_spec.rb +40 -0
  75. data/spec/models/blowfish_spec.rb +14 -13
  76. data/spec/models/{clearance_user_spec.rb → password_strategies_spec.rb} +5 -5
  77. data/spec/models/sha1_spec.rb +18 -13
  78. data/spec/models/user_spec.rb +58 -73
  79. data/spec/spec_helper.rb +5 -6
  80. data/spec/support/clearance.rb +0 -4
  81. data/spec/support/cookies.rb +25 -27
  82. data/spec/support/request_with_remember_token.rb +19 -0
  83. metadata +95 -90
  84. data/db/migrate/20110111224543_create_diesel_clearance_users.rb +0 -19
  85. data/init.rb +0 -1
data/.gitignore CHANGED
@@ -8,3 +8,4 @@ db/*.sqlite3
8
8
  log/*.log
9
9
  pkg
10
10
  tmp/
11
+ bin/
data/.travis.yml CHANGED
@@ -1,7 +1,5 @@
1
1
  language: ruby
2
2
  rvm:
3
- - ree-1.8.7
4
- - 1.8.7
5
3
  - 1.9.2
6
4
  - 1.9.3
7
5
  before_install:
data/Appraisals CHANGED
@@ -1,5 +1,5 @@
1
- ['3.2.3', '3.1.4', '3.0.12'].each do |rails_version|
1
+ ['3.0.15', '3.1.6', '3.2.6'].each do |rails_version|
2
2
  appraise "#{rails_version}" do
3
- gem "rails", rails_version
3
+ gem 'rails', rails_version
4
4
  end
5
5
  end
data/CONTRIBUTING.md CHANGED
@@ -2,17 +2,19 @@ We love pull requests. Here's a quick guide:
2
2
 
3
3
  1. Fork the repo.
4
4
 
5
- 2. Run the tests. We only take pull requests with passing tests, and it's great
6
- to know that you have a clean slate: `bundle && rake db:migrate && rake`
7
-
8
- 3. Add a test for your change. Only refactoring and documentation changes
9
- require no new tests. If you are adding functionality or fixing a bug, we need
10
- a test!
5
+ 2. Set up Appraisal, which helps us test against multiple Rails versions:
6
+ `rake appraisal:install`.
11
7
 
12
- 4. Make the test pass.
8
+ 3. Run the tests. We only take pull requests with passing tests, and it's great
9
+ to know that you have a clean slate: `rake`
13
10
 
14
- 5. Push to your fork and submit a pull request.
11
+ 4. Add a test for your change. Only refactoring and documentation changes
12
+ require no new tests. If you are adding functionality or fixing a bug, we need
13
+ a test!
15
14
 
15
+ 5. Make the test pass.
16
+
17
+ 6. Push to your fork and submit a pull request.
16
18
 
17
19
  At this point you're waiting on us. We like to at least comment on, if not
18
20
  accept, pull requests within three business days (and, typically, one business
@@ -25,14 +27,3 @@ taken straight from the Ruby on Rails guide:
25
27
  * Include tests that fail without your code, and pass with it
26
28
  * Update the documentation, the surrounding one, examples elsewhere, guides,
27
29
  whatever is affected by your contribution
28
-
29
- Syntax:
30
-
31
- * Two spaces, no tabs.
32
- * No trailing whitespace. Blank lines should not have any space.
33
- * Prefer &&/|| over and/or.
34
- * MyClass.my_method(my_arg) not my_method( my_arg ) or my_method my_arg.
35
- * a = b and not a=b.
36
- * Follow the conventions you see used in the source already.
37
-
38
- And in case we didn't emphasize it enough: we love tests!
data/Gemfile CHANGED
@@ -1,3 +1,3 @@
1
- source "http://rubygems.org"
1
+ source 'http://rubygems.org'
2
2
 
3
3
  gemspec
data/Gemfile.lock CHANGED
@@ -1,41 +1,42 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- clearance (0.16.3)
5
- diesel (~> 0.1.5)
4
+ clearance (1.0.0.rc1)
5
+ bcrypt-ruby
6
+ diesel (= 0.1.5)
6
7
  rails (>= 3.0)
7
8
 
8
9
  GEM
9
10
  remote: http://rubygems.org/
10
11
  specs:
11
- actionmailer (3.2.1)
12
- actionpack (= 3.2.1)
13
- mail (~> 2.4.0)
14
- actionpack (3.2.1)
15
- activemodel (= 3.2.1)
16
- activesupport (= 3.2.1)
12
+ actionmailer (3.2.6)
13
+ actionpack (= 3.2.6)
14
+ mail (~> 2.4.4)
15
+ actionpack (3.2.6)
16
+ activemodel (= 3.2.6)
17
+ activesupport (= 3.2.6)
17
18
  builder (~> 3.0.0)
18
19
  erubis (~> 2.7.0)
19
20
  journey (~> 1.0.1)
20
21
  rack (~> 1.4.0)
21
- rack-cache (~> 1.1)
22
+ rack-cache (~> 1.2)
22
23
  rack-test (~> 0.6.1)
23
- sprockets (~> 2.1.2)
24
- activemodel (3.2.1)
25
- activesupport (= 3.2.1)
24
+ sprockets (~> 2.1.3)
25
+ activemodel (3.2.6)
26
+ activesupport (= 3.2.6)
26
27
  builder (~> 3.0.0)
27
- activerecord (3.2.1)
28
- activemodel (= 3.2.1)
29
- activesupport (= 3.2.1)
30
- arel (~> 3.0.0)
28
+ activerecord (3.2.6)
29
+ activemodel (= 3.2.6)
30
+ activesupport (= 3.2.6)
31
+ arel (~> 3.0.2)
31
32
  tzinfo (~> 0.3.29)
32
- activeresource (3.2.1)
33
- activemodel (= 3.2.1)
34
- activesupport (= 3.2.1)
35
- activesupport (3.2.1)
33
+ activeresource (3.2.6)
34
+ activemodel (= 3.2.6)
35
+ activesupport (= 3.2.6)
36
+ activesupport (3.2.6)
36
37
  i18n (~> 0.6)
37
38
  multi_json (~> 1.0)
38
- addressable (2.2.6)
39
+ addressable (2.3.1)
39
40
  appraisal (0.4.1)
40
41
  bundler
41
42
  rake
@@ -45,6 +46,7 @@ GEM
45
46
  cucumber (>= 1.1.1)
46
47
  ffi (>= 1.0.11)
47
48
  rspec (>= 2.7.0)
49
+ bcrypt-ruby (3.0.1)
48
50
  bourne (1.1.2)
49
51
  mocha (= 0.10.5)
50
52
  builder (3.0.0)
@@ -55,47 +57,46 @@ GEM
55
57
  rack-test (>= 0.5.4)
56
58
  selenium-webdriver (~> 2.0)
57
59
  xpath (~> 0.1.4)
58
- childprocess (0.3.0)
59
- ffi (~> 1.0.6)
60
- cucumber (1.1.4)
60
+ childprocess (0.3.4)
61
+ ffi (~> 1.0, >= 1.0.6)
62
+ cucumber (1.2.1)
61
63
  builder (>= 2.1.2)
62
- diff-lcs (>= 1.1.2)
63
- gherkin (~> 2.7.1)
64
+ diff-lcs (>= 1.1.3)
65
+ gherkin (~> 2.11.0)
64
66
  json (>= 1.4.6)
65
- term-ansicolor (>= 1.0.6)
66
67
  cucumber-rails (1.1.1)
67
68
  capybara (>= 1.1.1)
68
69
  cucumber (>= 1.1.0)
69
70
  nokogiri (>= 1.5.0)
70
- database_cleaner (0.7.1)
71
+ database_cleaner (0.8.0)
71
72
  diesel (0.1.5)
72
73
  railties
73
74
  diff-lcs (1.1.3)
74
75
  erubis (2.7.0)
75
- factory_girl (3.1.1)
76
+ factory_girl (3.5.0)
76
77
  activesupport (>= 3.0.0)
77
- factory_girl_rails (3.1.0)
78
- factory_girl (~> 3.1.0)
78
+ factory_girl_rails (3.5.0)
79
+ factory_girl (~> 3.5.0)
79
80
  railties (>= 3.0.0)
80
- ffi (1.0.11)
81
- gherkin (2.7.6)
81
+ ffi (1.1.0)
82
+ gherkin (2.11.1)
82
83
  json (>= 1.4.6)
83
84
  hike (1.2.1)
84
85
  i18n (0.6.0)
85
- journey (1.0.3)
86
- json (1.6.6)
87
- launchy (2.0.5)
88
- addressable (~> 2.2.6)
86
+ journey (1.0.4)
87
+ json (1.7.3)
88
+ libwebsocket (0.1.4)
89
+ addressable
89
90
  mail (2.4.4)
90
91
  i18n (>= 0.4.0)
91
92
  mime-types (~> 1.16)
92
93
  treetop (~> 1.4.8)
93
94
  metaclass (0.0.1)
94
- mime-types (1.17.2)
95
+ mime-types (1.19)
95
96
  mocha (0.10.5)
96
97
  metaclass (~> 0.0.1)
97
- multi_json (1.0.4)
98
- nokogiri (1.5.0)
98
+ multi_json (1.3.6)
99
+ nokogiri (1.5.5)
99
100
  polyglot (0.3.3)
100
101
  rack (1.4.1)
101
102
  rack-cache (1.2)
@@ -104,52 +105,51 @@ GEM
104
105
  rack
105
106
  rack-test (0.6.1)
106
107
  rack (>= 1.0)
107
- rails (3.2.1)
108
- actionmailer (= 3.2.1)
109
- actionpack (= 3.2.1)
110
- activerecord (= 3.2.1)
111
- activeresource (= 3.2.1)
112
- activesupport (= 3.2.1)
108
+ rails (3.2.6)
109
+ actionmailer (= 3.2.6)
110
+ actionpack (= 3.2.6)
111
+ activerecord (= 3.2.6)
112
+ activeresource (= 3.2.6)
113
+ activesupport (= 3.2.6)
113
114
  bundler (~> 1.0)
114
- railties (= 3.2.1)
115
- railties (3.2.1)
116
- actionpack (= 3.2.1)
117
- activesupport (= 3.2.1)
115
+ railties (= 3.2.6)
116
+ railties (3.2.6)
117
+ actionpack (= 3.2.6)
118
+ activesupport (= 3.2.6)
118
119
  rack-ssl (~> 1.3.2)
119
120
  rake (>= 0.8.7)
120
121
  rdoc (~> 3.4)
121
- thor (~> 0.14.6)
122
+ thor (>= 0.14.6, < 2.0)
122
123
  rake (0.9.2.2)
123
124
  rdoc (3.12)
124
125
  json (~> 1.4)
125
- rspec (2.9.0)
126
- rspec-core (~> 2.9.0)
127
- rspec-expectations (~> 2.9.0)
128
- rspec-mocks (~> 2.9.0)
129
- rspec-core (2.9.0)
130
- rspec-expectations (2.9.1)
126
+ rspec (2.11.0)
127
+ rspec-core (~> 2.11.0)
128
+ rspec-expectations (~> 2.11.0)
129
+ rspec-mocks (~> 2.11.0)
130
+ rspec-core (2.11.1)
131
+ rspec-expectations (2.11.1)
131
132
  diff-lcs (~> 1.1.3)
132
- rspec-mocks (2.9.0)
133
- rspec-rails (2.9.0)
133
+ rspec-mocks (2.11.1)
134
+ rspec-rails (2.11.0)
134
135
  actionpack (>= 3.0)
135
136
  activesupport (>= 3.0)
136
137
  railties (>= 3.0)
137
- rspec (~> 2.9.0)
138
- rubyzip (0.9.5)
139
- selenium-webdriver (2.18.0)
138
+ rspec (~> 2.11.0)
139
+ rubyzip (0.9.9)
140
+ selenium-webdriver (2.25.0)
140
141
  childprocess (>= 0.2.5)
141
- ffi (~> 1.0.9)
142
- multi_json (~> 1.0.4)
142
+ libwebsocket (~> 0.1.3)
143
+ multi_json (~> 1.0)
143
144
  rubyzip
144
- shoulda-matchers (1.1.0)
145
+ shoulda-matchers (1.2.0)
145
146
  activesupport (>= 3.0.0)
146
- sprockets (2.1.2)
147
+ sprockets (2.1.3)
147
148
  hike (~> 1.2)
148
149
  rack (~> 1.0)
149
150
  tilt (~> 1.1, != 1.3.0)
150
- sqlite3 (1.3.5)
151
- term-ansicolor (1.0.7)
152
- thor (0.14.6)
151
+ sqlite3 (1.3.6)
152
+ thor (0.15.4)
153
153
  tilt (1.3.3)
154
154
  timecop (0.3.5)
155
155
  treetop (1.4.10)
@@ -163,17 +163,16 @@ PLATFORMS
163
163
  ruby
164
164
 
165
165
  DEPENDENCIES
166
- appraisal (~> 0.4.1)
167
- aruba (~> 0.4.11)
168
- bourne (~> 1.1.2)
169
- bundler (~> 1.1.0)
170
- capybara (~> 1.1.2)
166
+ appraisal (= 0.4.1)
167
+ aruba (= 0.4.11)
168
+ bourne (= 1.1.2)
169
+ bundler (= 1.1.3)
170
+ capybara (= 1.1.2)
171
171
  clearance!
172
- cucumber-rails (~> 1.1.1)
173
- database_cleaner
174
- factory_girl_rails (~> 3.1.0)
175
- launchy
176
- rspec-rails (~> 2.9.0)
177
- shoulda-matchers (~> 1.1.0)
178
- sqlite3
179
- timecop
172
+ cucumber-rails (= 1.1.1)
173
+ database_cleaner (= 0.8.0)
174
+ factory_girl_rails (= 3.5.0)
175
+ rspec-rails (= 2.11.0)
176
+ shoulda-matchers (= 1.2.0)
177
+ sqlite3 (= 1.3.6)
178
+ timecop (= 0.3.5)
data/NEWS.md CHANGED
@@ -1,7 +1,20 @@
1
- New for 0.17.0:
2
-
3
- * Handle the security issue found in Rails by Ben Murphy. Some details
4
- can be found on the Rails commit: https://github.com/rails/rails/commit/5f91ea3dc1ed3fa1c6be2cff7de1d1663990b0c3
1
+ New for 1.0.0:
2
+
3
+ * Change default password strategy to BCrypt.
4
+ * Provide BCryptMigrationFromSHA1 password strategy to help people migrate from
5
+ SHA1 (the old default password strategy) to BCrypt (the new default).
6
+ * Require Ruby 1.9.2.
7
+ * A revamped, more descriptive README.
8
+ * More extension points in more controllers.
9
+ * The email, encrypted_password, and remember_token fields of the users
10
+ table cannot be NULL.
11
+ * We do not support adding Clearance after-the-fact.
12
+ * We support Test::Unit.
13
+ * Drop Rails plugin support.
14
+ * Add SignedIn and SignedOut routing constraints.
15
+ * Add a fake password strategy, which is useful when writing tests.
16
+ * Remove deprecated methods on User: remember_me!, generate_random_code,
17
+ password_required?.
5
18
 
6
19
  New for 0.16.2:
7
20
 
data/README.md CHANGED
@@ -3,25 +3,21 @@ Clearance [![Build Status](https://secure.travis-ci.org/thoughtbot/clearance.png
3
3
 
4
4
  Rails authentication & authorization with email & password.
5
5
 
6
- [We have clearance, Clarence.](http://www.youtube.com/watch?v=fVq4_HhBK8Y)
6
+ Clearance was extracted out of [Airbrake](http://airbrakeapp.com/). It is intended to be small, simple, well-tested, and easy to override defaults.
7
7
 
8
- Clearance was extracted out of [Airbrake](http://airbrakeapp.com/).
8
+ Use [Github Issues](http://github.com/thoughtbot/clearance/issues) for help.
9
9
 
10
- Help
11
- ----
10
+ Read [CONTRIBUTING.md](https://github.com/thoughtbot/clearance/blob/master/config/routes.rb) to contribute.
12
11
 
13
- * [Documentation](http://rdoc.info/gems/clearance) at RDoc.info.
14
- * [Patches and bugs](http://github.com/thoughtbot/clearance/issues) at Github Issues.
15
- * [Mailing list](http://groups.google.com/group/thoughtbot-clearance) at Google Groups.
16
-
17
- Installation
18
- ------------
12
+ Install
13
+ -------
19
14
 
20
- Clearance is a Rails engine for Rails 3. It is currently tested against Rails 3.0.12 and Rails 3.1.4.
15
+ Clearance is a Rails engine for Rails 3 on Ruby 1.9.2. It is currently
16
+ tested against Rails 3.0.12, 3.1.4, and 3.2.3.
21
17
 
22
18
  Include the gem in your Gemfile:
23
19
 
24
- gem "clearance"
20
+ gem 'clearance'
25
21
 
26
22
  Make sure the development database exists, then run the generator:
27
23
 
@@ -38,57 +34,70 @@ Follow the instructions that are output from the generator.
38
34
  Use the [0.8.x](https://github.com/thoughtbot/clearance/tree/v0.8.8)
39
35
  series of Clearance if you have a Rails 2 app.
40
36
 
41
- Usage
42
- -----
37
+ Use version [0.16.3](http://rubygems.org/gems/clearance/versions/0.16.3)
38
+ for Ruby 1.8.7.
39
+
40
+ Configure
41
+ ---------
42
+
43
+ Override any of the defaults in `config/initializers/clearance.rb`:
44
+
45
+ Clearance.configure do |config|
46
+ config.cookie_expiration = lambda { 1.year.from_now.utc }
47
+ config.mailer_sender = 'reply@example.com'
48
+ config.password_strategy = Clearance::PasswordStrategies::BCrypt
49
+ config.user_model = User
50
+ end
51
+
52
+ Use
53
+ ---
43
54
 
44
- If you want to authorize users for a controller action, use the authorize
45
- method in a before_filter.
55
+ Use `authorize` and `current_user` in controllers:
46
56
 
47
- class WidgetsController < ApplicationController
57
+ class ArticlesController < ApplicationController
48
58
  before_filter :authorize
49
59
 
50
60
  def index
51
- @widgets = Widget.all
61
+ current_user.articles
52
62
  end
53
63
  end
54
64
 
55
- If you want to reference the current user in a controller, view, or helper, use
56
- the current_user method.
65
+ Use `signed_in?` and `signed_out?` in controllers, views, or helpers. For example,
66
+ you might want this in a layout:
57
67
 
58
- def index
59
- current_user.articles
60
- end
68
+ - if signed_in?
69
+ = current_user.email
70
+ = link_to 'Sign out', sign_out_path, :method => :delete
71
+ - else
72
+ = link_to 'Sign in', sign_in_path
61
73
 
62
- If you want to know whether the current user is signed in or out, you can use
63
- these methods in controllers, views, or helpers:
74
+ If you want to authenticate a user elsewhere than sessions/new, like in an API:
64
75
 
65
- signed_in?
66
- signed_out?
76
+ User.authenticate 'email@example.com', 'password'
67
77
 
68
- Typically, you want to have something like this in your app, maybe in a layout:
78
+ When a user resets their password, Clearance delivers them an email on. Therefore,
79
+ you should change the default email address in `config/initializers/clearance.rb`:
69
80
 
70
- <% if signed_in? %>
71
- <%= current_user.email %>
72
- <%= link_to "Sign out", sign_out_path, :method => :delete %>
73
- <% else %>
74
- <%= link_to "Sign in", sign_in_path %>
75
- <% end %>
81
+ Clearance.configure do |config|
82
+ config.mailer_sender = 'reply@example.com'
83
+ end
76
84
 
77
- If you ever want to authenticate the user some place other than sessions/new,
78
- maybe in an API:
85
+ You can authorize users at the route level:
79
86
 
80
- User.authenticate("email@example.com", "password")
87
+ Blog::Application.routes.draw do
88
+ constraints Clearance::Constraints::SignedIn.new { |user| user.admin? } do
89
+ root :to => 'admin'
90
+ end
81
91
 
82
- Clearance will deliver one email on your app's behalf: when a user resets their password. Therefore, you should change the default email address that email comes from:
92
+ constraints Clearance::Constraints::SignedIn.new do
93
+ root :to => 'dashboard'
94
+ end
83
95
 
84
- # config/initializers/clearance.rb
85
- Clearance.configure do |config|
86
- config.mailer_sender = "me@example.com"
96
+ constraints Clearance::Constraints::SignedOut.new do
97
+ root :to => 'marketing'
98
+ end
87
99
  end
88
100
 
89
- Rack
90
- ----
91
-
92
101
  Clearance adds its session to the Rack environment hash so middleware and other
93
102
  Rack applications can interact with it:
94
103
 
@@ -101,16 +110,11 @@ Rack applications can interact with it:
101
110
  if env[:clearance].signed_in?
102
111
  env[:clearance].current_user.bubble_gum
103
112
  end
113
+
104
114
  @app.call(env)
105
115
  end
106
116
  end
107
117
 
108
-
109
- Overriding defaults
110
- -------------------
111
-
112
- Clearance is intended to be small, simple, well-tested, and easy to override defaults.
113
-
114
118
  Overriding routes
115
119
  -----------------
116
120
 
@@ -127,43 +131,65 @@ See [app/controllers/clearance](https://github.com/thoughtbot/clearance/tree/mas
127
131
 
128
132
  To override a Clearance controller, subclass it:
129
133
 
134
+ class PasswordsController < Clearance::PasswordsController
130
135
  class SessionsController < Clearance::SessionsController
131
- def new
132
- # my special new action
133
- end
134
-
135
- def url_after_create
136
- my_special_path
137
- end
138
- end
139
-
140
- You may want to override entire actions:
141
-
142
- def new
143
- end
144
-
145
- Or, you may want to override private methods that actions use:
146
-
147
- url_after_create
148
- url_after_update
149
- url_after_destroy
150
- flash_failure_after_create
151
- flash_failure_after_update
152
- flash_failure_when_forbidden
153
- forbid_missing_token
154
- forbid_non_existent_user
136
+ class UsersController < Clearance::UsersController
137
+
138
+ Then, override public methods:
139
+
140
+ passwords#create
141
+ passwords#edit
142
+ passwords#new
143
+ passwords#update
144
+ sessions#create
145
+ sessions#destroy
146
+ sessions#new
147
+ users#new
148
+ users#create
149
+
150
+ Or, override private methods:
151
+
152
+ passwords#find_user_by_id_and_confirmation_token
153
+ passwords#find_user_for_create
154
+ passwords#find_user_for_edit
155
+ passwords#find_user_for_update
156
+ passwords#flash_failure_when_forbidden
157
+ passwords#flash_failure_after_create
158
+ passwords#flash_failure_after_update
159
+ passwords#forbid_missing_token
160
+ passwords#forbid_non_existent_user
161
+ passwords#url_after_create
162
+ passwords#url_after_update
163
+ sessions#flash_failure_after_create
164
+ sessions#url_after_create
165
+ sessions#url_after_destroy
166
+ users#flash_failure_after_create
167
+ users#url_after_create
168
+ users#user_from_params
155
169
 
156
170
  Overriding translations
157
171
  -----------------------
158
172
 
159
- All flash messages and email subject lines are stored in [i18n translations](http://guides.rubyonrails.org/i18n.html). Override them like any other translation.
173
+ All flash messages and email subject lines are stored in
174
+ [i18n translations](http://guides.rubyonrails.org/i18n.html).
175
+ Override them like any other translation.
160
176
 
161
177
  Overriding views
162
178
  ----------------
163
179
 
164
- See [app/views](https://github.com/thoughtbot/clearance/tree/master/app/views) for the default behavior.
180
+ See [app/views](https://github.com/thoughtbot/clearance/tree/master/app/views)
181
+ for the default behavior.
182
+
183
+ To override a view, create your own:
165
184
 
166
- To override those **views**, create them in your own `app/views` directory.
185
+ app/views/clearance_mailer/change_password.html.erb
186
+ app/views/passwords/create.html.erb
187
+ app/views/passwords/edit.html.erb
188
+ app/views/passwords/new.html.erb
189
+ app/views/sessions/_form.html.erb
190
+ app/views/sessions/new.html.erb
191
+ app/views/users/_form.html.erb
192
+ app/views/users/new.html.erb
167
193
 
168
194
  There is a shortcut to copy all Clearance views into your app:
169
195
 
@@ -172,44 +198,78 @@ There is a shortcut to copy all Clearance views into your app:
172
198
  Overriding the model
173
199
  --------------------
174
200
 
175
- If you want to override the **model** behavior, you can include sub-modules of `Clearance::User`:
201
+ See [lib/clearance/user.rb](https://github.com/thoughtbot/clearance/tree/master/lib/clearance/user.rb)
202
+ for the default behavior.
176
203
 
177
- extend Clearance::User::ClassMethods
178
- include Clearance::User::Validations
179
- include Clearance::User::Callbacks
204
+ To override the model, redefine public methods:
180
205
 
181
- `ClassMethods` contains the `User.authenticate(email, password)` method.
206
+ self.authenticate(email, password)
207
+ forgot_password!
208
+ reset_remember_token!
209
+ update_password(new_password)
182
210
 
183
- `Validations` contains validations for email and password.
211
+ Or, redefine private methods:
184
212
 
185
- `Callbacks` contains `ActiveRecord` callbacks downcasing the email and generating a remember token.
213
+ downcase_email
214
+ email_optional?
215
+ generate_confirmation_token
216
+ generate_remember_token
217
+ password_optional?
186
218
 
187
219
  Overriding the password strategy
188
220
  --------------------------------
189
221
 
190
- By default, Clearance uses SHA1 encryption of the user's password. You can provide your own password strategy by creating a module that conforms to an API of two instance methods:
222
+ By default, Clearance uses BCrypt encryption of the user's password.
191
223
 
192
- def authenticated?
193
- end
224
+ See [lib/clearance/password_strategies/bcrypt.rb](https://github.com/thoughtbot/clearance/blob/master/lib/clearance/password_strategies/bcrypt.rb) for the default behavior.
225
+
226
+ Change your password strategy in `config/initializers/clearance.rb:`
194
227
 
195
- def encrypt_password
228
+ Clearance.configure do |config|
229
+ config.password_strategy = Clearance::PasswordStrategies::SHA1
196
230
  end
197
231
 
198
- See [lib/clearance/password_strategies/sha1.rb](https://github.com/thoughtbot/clearance/blob/master/lib/clearance/password_strategies/sha1.rb) for the default behavior. Also see [lib/clearance/password_strategies/blowfish.rb](https://github.com/thoughtbot/clearance/blob/master/lib/clearance/password_strategies/blowfish.rb) for another password strategy. Switching password strategies will cause your existing users' passwords to not work.
232
+ Clearance provides the following strategies:
233
+
234
+ config.password_strategy = Clearance::PasswordStrategies::BCrypt
235
+ config.password_strategy = Clearance::PasswordStrategies::BCryptMigrationFromSHA1
236
+ config.password_strategy = Clearance::PasswordStrategies::Blowfish
237
+ config.password_strategy = Clearance::PasswordStrategies::SHA1
199
238
 
200
- Once you have an API-compliant module, load it with:
239
+ The previous default password strategy was SHA1.
201
240
 
202
- Clearance.configure do |config|
203
- config.password_strategy = MyPasswordStrategy
241
+ Switching password strategies may cause your existing users to not be able to sign in.
242
+
243
+ If you have an existing app that used the old `SHA1` strategy and you
244
+ want to stay with SHA1, use
245
+ [Clearance::PasswordStrategies::SHA1](https://github.com/thoughtbot/clearance/blob/master/lib/clearance/password_strategies/sha1.rb).
246
+
247
+ If you have an existing app that used the old `SHA1` strategy and you
248
+ want to switch to BCrypt transparently, use
249
+ [Clearance::PasswordStrategies::BCryptMigrationFromSHA1](https://github.com/thoughtbot/clearance/blob/master/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb).
250
+
251
+ The SHA1 and Blowfish password strategies require an additional `salt` column in
252
+ the `users` table. Run this migration before switching to SHA or Blowfish:
253
+
254
+ class AddSaltToUsers < ActiveRecord::Migration
255
+ def change
256
+ add_column :users, :salt, :string, :limit => 128
257
+ end
204
258
  end
205
259
 
206
- For example:
260
+ You can write a custom password strategy that has two instance methods:
207
261
 
208
- # default
209
- config.password_strategy = Clearance::PasswordStrategies::SHA1
210
- # Blowfish
211
- config.password_strategy = Clearance::PasswordStrategies::Blowfish
212
-
262
+ module CustomPasswordStrategy
263
+ def authenticated?
264
+ end
265
+
266
+ def password=(new_password)
267
+ end
268
+ end
269
+
270
+ Clearance.configure do |config|
271
+ config.password_strategy = CustomPasswordStrategy
272
+ end
213
273
 
214
274
  Optional Cucumber features
215
275
  --------------------------
@@ -246,13 +306,13 @@ Testing
246
306
  -------
247
307
 
248
308
  If you want to write Rails functional tests or controller specs with Clearance,
249
- you'll need to require the included test helpers and matchers.
309
+ you'll need to require the included test helpers and matchers.
250
310
 
251
- For example, in spec/support/clearance.rb or test/test_helper.rb:
311
+ For example, in `spec/support/clearance.rb` or `test/test_helper.rb`:
252
312
 
253
313
  require 'clearance/testing'
254
314
 
255
- This will make Clearance::Authentication methods work in your controllers
315
+ This will make `Clearance::Authentication` methods work in your controllers
256
316
  during functional tests and provide access to helper methods like:
257
317
 
258
318
  sign_in
@@ -265,12 +325,15 @@ And matchers like:
265
325
 
266
326
  Example:
267
327
 
268
- context "a visitor" do
269
- before { get :show }
270
- it { should deny_access }
328
+ context 'a visitor' do
329
+ before do
330
+ get :show
331
+ end
332
+
333
+ it { should deny_access }
271
334
  end
272
335
 
273
- context "a user" do
336
+ context 'a user' do
274
337
  before do
275
338
  sign_in
276
339
  get :show
@@ -279,23 +342,23 @@ Example:
279
342
  it { should respond_with(:success) }
280
343
  end
281
344
 
282
- Contributing
283
- ------------
345
+ You may want to customize the tests:
284
346
 
285
- Please see CONTRIBUTING.md for details.
347
+ it { should deny_access }
348
+ it { should deny_access(:flash => 'Denied access.') }
349
+ it { should deny_access(:redirect => sign_in_url) }
286
350
 
287
351
  Credits
288
352
  -------
289
353
 
290
354
  ![thoughtbot](http://thoughtbot.com/images/tm/logo.png)
291
355
 
292
- Clearance is maintained and funded by [thoughtbot, inc](http://thoughtbot.com/community)
293
-
356
+ Clearance is maintained by [thoughtbot, inc](http://thoughtbot.com/community).
294
357
  Thank you to all [the contributors](https://github.com/thoughtbot/clearance/contributors)!
295
358
 
296
- The names and logos for thoughtbot are trademarks of thoughtbot, inc.
297
-
298
359
  License
299
360
  -------
300
361
 
301
- Clearance is Copyright © 2009-2011 thoughtbot. It is free software, and may be redistributed under the terms specified in the LICENSE file.
362
+ Clearance is copyright © 2009-2012 thoughtbot. It is free software, and may be redistributed under the terms specified in the LICENSE file.
363
+
364
+ The names and logos for thoughtbot are trademarks of thoughtbot, inc.