clearance 0.8.5 → 0.8.6

data/CHANGELOG.textile

@@ -1,9 +1,15 @@
+h2. 0.8.6 (unreleased)
+
+* Clearance features capitalization should match view text (Bobby Wilson)
+* skip :authenticate before_filter in controllers so apps can easily
+authenticate a whole site without subclassing (Matthew Ford)
+
 h2. 0.8.5 (01/20/2009)
 
 * replaced routing hack with Clearance::Routes.draw(map) to give
 more control to the application developer. (Dan Croak)
 * removed attr_accessible from Clearance::User. (Dan Croak)
-* fixed bug in password reset feature. (Dan Croak)
+* fixed bug in password reset feature. (Ben Orenstein, Dan Croak)
 * use Jeweler for gemming. (Dan Croak)
 * remove dependency on root_path, use '/' instead. (Dan Croak)
 * use Clearance.configure block to set mailer sender instead of

data/README.md

@@ -0,0 +1,129 @@
+Clearance
+=========
+
+Rails authentication with email & password.
+
+[We have clearance, Clarence.](http://www.youtube.com/v/mNRXJEE3Nz8)
+
+Help
+----
+
+* [documentation](http://rdoc.info/projects/thoughtbot/clearance)
+* [#thoughtbot](irc://irc.freenode.net/thoughtbot) IRC channel on freenode
+* [mailing list](http://groups.google.com/group/thoughtbot-clearance)
+
+Bugs, Patches
+-------------
+
+Fork away and create a [Github Issue](http://github.com/thoughtbot/clearance/issues).
+
+Installation
+------------
+
+Clearance is a Rails engine. It works with versions of Rails greater than 2.3.
+
+Install it as a gem however you like to install gems. Gem Bundler example:
+
+    gem "clearance"
+
+Make sure the development database exists and run the generator:
+
+    script/generate clearance
+
+This:
+
+* inserts Clearance::User into your User model
+* inserts Clearance::Authentication into your ApplicationController
+* inserts Clearance::Routes.draw(map) into your config.routes.rb
+* created a migration that either creates a users table or adds only missing columns
+* prints further instructions
+
+Usage
+-----
+
+If you want to authenticate users for a controller action, use the authenticate
+method in a before_filter.
+
+    class WidgetsController < ApplicationController
+      before_filter :authenticate
+      def index
+        @widgets = Widget.all
+      end
+    end
+
+Customizing
+-----------
+
+To change any of provided actions, subclass a Clearance controller...
+
+    class SessionsController < Clearance::SessionsController
+      def new
+        # my special new action
+      end
+      def url_after_create
+        my_special_path
+      end
+    end
+
+and add your route above (before) Clearance routes in config/routes.rb:
+
+    map.resource :session, :controller => 'clearance/sessions'
+
+See lib/clearance/routes.rb for all the routes Clearance provides.
+
+Actions that redirect (create, update, and destroy) in Clearance controllers
+can be overriden by re-defining url_after_(action) methods as seen above.
+
+Optional Cucumber features
+--------------------------
+
+As your app evolves, you want to know that authentication still works. Our
+opinion is that you should test its integration with your app using
+[Cucumber](http://cukes.info).
+
+Run the Cucumber generator and Clearance feature generator:
+
+    script/generate cucumber
+    script/generate clearance_features
+
+All of the files generated should be new with the exception of the
+features/support/paths.rb file. If you have not modified your paths.rb then you
+will be okay to replace it with this one. If you need to keep your paths.rb
+file then add these locations in your paths.rb manually:
+
+  def path_to(page_name)
+    case page_name
+    when /the sign up page/i
+     new_user_path
+    when /the sign in page/i
+     new_session_path
+    when /the password reset request page/i
+     new_password_path
+    end
+  end
+
+Optional Formtastic views
+-------------------------
+
+We use & recommend [Formtastic](http://github.com/justinfrench/formtastic].
+
+Clearance has another generator to generate Formastic views:
+
+    script/generate clearance_views
+
+Its implementation is designed so other view styles (Haml?) can be generated.
+
+Authors
+-------
+
+Clearance was extracted out of [Hoptoad](http://hoptoadapp.com). We merged the
+authentication code from two of thoughtbot client Rails apps and have since
+used it each time we need authentication.
+
+The following people have improved the library. Thank you!
+
+Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov,
+Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey,
+Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton,
+Mustafa Ekim, Jon Yurek, Anuj Dutta, Chad Pytel, Ben Orenstein, Bobby Wilson,
+and Matthew Ford.

data/VERSION

@@ -1 +1 @@
-0.8.5
+0.8.6

data/app/controllers/clearance/confirmations_controller.rb

@@ -1,6 +1,7 @@
 class Clearance::ConfirmationsController < ApplicationController
   unloadable
 
+  skip_before_filter :authenticate,                  :only => [:new, :create]
   before_filter :redirect_signed_in_confirmed_user,  :only => [:new, :create]
   before_filter :redirect_signed_out_confirmed_user, :only => [:new, :create]
   before_filter :forbid_missing_token,               :only => [:new, :create]

data/app/controllers/clearance/passwords_controller.rb

@@ -1,6 +1,7 @@
 class Clearance::PasswordsController < ApplicationController
   unloadable
 
+  skip_before_filter :authenticate,        :only => [:edit, :update]
   before_filter :forbid_missing_token,     :only => [:edit, :update]
   before_filter :forbid_non_existent_user, :only => [:edit, :update]
   filter_parameter_logging :password, :password_confirmation

data/app/controllers/clearance/sessions_controller.rb

@@ -1,6 +1,7 @@
 class Clearance::SessionsController < ApplicationController
   unloadable
 
+  skip_before_filter :authenticate, :only => [:new, :create, :destroy]
   protect_from_forgery :except => :create
   filter_parameter_logging :password
 

data/app/controllers/clearance/users_controller.rb

@@ -1,7 +1,8 @@
 class Clearance::UsersController < ApplicationController
   unloadable
 
-  before_filter :redirect_to_root, :only => [:new, :create], :if => :signed_in?
+  skip_before_filter :authenticate, :only => [:new, :create]
+  before_filter :redirect_to_root,  :only => [:new, :create], :if => :signed_in?
   filter_parameter_logging :password
 
   def new

data/generators/clearance/clearance_generator.rb

@@ -25,9 +25,9 @@ class ClearanceGenerator < Rails::Generator::Base
       m.directory File.join("test", "factories")
       m.file "factories.rb", "test/factories/clearance.rb"
 
-      m.migration_template "migrations/#{migration_name}.rb",
+      m.migration_template "migrations/#{migration_source_name}.rb",
                            'db/migrate',
-                           :migration_file_name => "clearance_#{migration_name}"
+                           :migration_file_name => "clearance_#{migration_target_name}"
 
       m.readme "README"
     end
@@ -35,7 +35,7 @@ class ClearanceGenerator < Rails::Generator::Base
 
   private
 
-  def migration_name
+  def migration_source_name
     if ActiveRecord::Base.connection.table_exists?(:users)
       'update_users'
     else
@@ -43,4 +43,16 @@ class ClearanceGenerator < Rails::Generator::Base
     end
   end
 
+  def migration_target_name
+    if ActiveRecord::Base.connection.table_exists?(:users)
+      "update_users_to_#{schema_version}"
+    else
+      'create_users'
+    end
+  end
+
+  def schema_version
+    IO.read(File.join(File.dirname(__FILE__), '..', '..', 'VERSION')).strip.gsub(/[^\d]/, '_')
+  end
+
 end

data/generators/clearance_features/clearance_features_generator.rb

@@ -6,7 +6,6 @@ class ClearanceFeaturesGenerator < Rails::Generator::Base
       m.directory File.join("features", "support")
 
       ["features/step_definitions/clearance_steps.rb",
-       "features/step_definitions/factory_girl_steps.rb",
        "features/support/paths.rb",
        "features/sign_in.feature",
        "features/sign_out.feature",

data/generators/clearance_features/templates/features/sign_up.feature

@@ -8,7 +8,7 @@ Feature: Sign up
       And I fill in "Email" with "invalidemail"
       And I fill in "Password" with "password"
       And I fill in "Confirm password" with ""
-      And I press "Sign Up"
+      And I press "Sign up"
       Then I should see error messages
 
     Scenario: User signs up with valid data
@@ -16,7 +16,7 @@ Feature: Sign up
       And I fill in "Email" with "email@person.com"
       And I fill in "Password" with "password"
       And I fill in "Confirm password" with "password"
-      And I press "Sign Up"
+      And I press "Sign up"
       Then I should see "instructions for confirming"
       And a confirmation message should be sent to "email@person.com"
 

data/generators/clearance_features/templates/features/step_definitions/clearance_steps.rb

@@ -97,7 +97,7 @@ When /^I sign in as "(.*)\/(.*)"$/ do |email, password|
   When %{I go to the sign in page}
   And %{I fill in "Email" with "#{email}"}
   And %{I fill in "Password" with "#{password}"}
-  And %{I press "Sign In"}
+  And %{I press "Sign in"}
 end
 
 When /^I sign out$/ do

data/lib/clearance/authentication.rb

@@ -62,7 +62,6 @@ module Clearance
       #   sign_in(@user)
       def sign_in(user)
         if user
-          user.remember_me!
           cookies[:remember_token] = {
             :value   => user.remember_token,
             :expires => 1.year.from_now.utc
@@ -77,6 +76,7 @@ module Clearance
       #   sign_out
       def sign_out
         cookies.delete(:remember_token)
+        current_user.reset_remember_token! if current_user
         current_user = nil
       end
 

data/lib/clearance/user.rb

@@ -49,12 +49,12 @@ module Clearance
       # :password must be present, confirmed
       def self.included(model)
         model.class_eval do
-          validates_presence_of     :email
-          validates_uniqueness_of   :email, :case_sensitive => false
-          validates_format_of       :email, :with => %r{.+@.+\..+}
+          validates_presence_of     :email, :unless => :email_optional?
+          validates_uniqueness_of   :email, :case_sensitive => false, :allow_blank => true
+          validates_format_of       :email, :with => %r{.+@.+\..+}, :allow_blank => true
 
-          validates_presence_of     :password, :if => :password_required?
-          validates_confirmation_of :password, :if => :password_required?
+          validates_presence_of     :password, :unless => :password_optional?
+          validates_confirmation_of :password, :unless => :password_optional?
         end
       end
     end
@@ -66,9 +66,9 @@ module Clearance
       def self.included(model)
         model.class_eval do
           before_save :initialize_salt,
-                      :encrypt_password,
-                      :initialize_confirmation_token
-
+                      :encrypt_password
+          before_create :generate_confirmation_token,
+                        :generate_remember_token
           after_create :send_confirmation_email, :unless => :email_confirmed?
         end
       end
@@ -87,14 +87,18 @@ module Clearance
 
       # Set the remember token.
       #
-      # @example
-      #   user.remember_me!
-      #   cookies[:remember_token] = {
-      #     :value   => user.remember_token,
-      #     :expires => 1.year.from_now.utc
-      #   }
+      # @deprecated Use {#reset_remember_token!} instead
       def remember_me!
-        self.remember_token = encrypt("--#{Time.now.utc}--#{password}--#{id}--")
+        warn "[DEPRECATION] remember_me!: use reset_remember_token! instead"
+        reset_remember_token!
+      end
+
+      # Reset the remember token.
+      #
+      # @example
+      #   user.reset_remember_token!
+      def reset_remember_token!
+        generate_remember_token
         save(false)
       end
 
@@ -140,7 +144,7 @@ module Clearance
 
       def initialize_salt
         if new_record?
-          self.salt = generate_hash("--#{Time.now.utc}--#{password}--")
+          self.salt = generate_hash("--#{Time.now.utc}--#{password}--#{rand}--")
         end
       end
 
@@ -154,15 +158,31 @@ module Clearance
       end
 
       def generate_confirmation_token
-        self.confirmation_token = encrypt("--#{Time.now.utc}--#{password}--")
+        self.confirmation_token = encrypt("--#{Time.now.utc}--#{password}--#{rand}--")
+      end
+
+      def generate_remember_token
+        self.remember_token = encrypt("--#{Time.now.utc}--#{encrypted_password}--#{id}--#{rand}--")
+      end
+
+      # Always false. Override to allow other forms of authentication
+      # (username, facebook, etc).
+      # @return [Boolean] true if the email field be left blank for this user
+      def email_optional?
+        false
       end
 
-      def initialize_confirmation_token
-        generate_confirmation_token if new_record?
+      # True if the password has been set and the password is not being
+      # updated. Override to allow other forms of # authentication (username,
+      # facebook, etc).
+      # @return [Boolean] true if the password field can be left blank for this user
+      def password_optional?
+        encrypted_password.present? && password.blank?
       end
 
       def password_required?
-        encrypted_password.blank? || !password.blank?
+        # warn "[DEPRECATION] password_required?: use !password_optional? instead"
+        !password_optional?
       end
 
       def send_confirmation_email

data/test/controllers/sessions_controller_test.rb

@@ -35,6 +35,7 @@ class SessionsControllerTest < ActionController::TestCase
   context "on POST to #create with good credentials" do
     setup do
       @user = Factory(:email_confirmed_user)
+      @user.update_attribute(:remember_token, "old-token")
       post :create, :session => {
                       :email    => @user.email,
                       :password => @user.password }
@@ -47,8 +48,8 @@ class SessionsControllerTest < ActionController::TestCase
       assert ! cookies['remember_token'].empty?
     end
 
-    should 'set the token in users table' do
-      assert_not_nil @user.reload.remember_token
+    should "not change the remember token" do
+      assert_equal "old-token", @user.reload.remember_token
     end
   end
 
@@ -121,6 +122,7 @@ class SessionsControllerTest < ActionController::TestCase
   context "on DELETE to #destroy with a cookie" do
     setup do
       @user = Factory(:email_confirmed_user)
+      @user.update_attribute(:remember_token, "old-token")
       cookies['remember_token'] = CGI::Cookie.new('token', 'value')
       sign_in_as @user
       delete :destroy
@@ -133,8 +135,8 @@ class SessionsControllerTest < ActionController::TestCase
       assert_nil cookies['remember_token']
     end
 
-    should "delete the database token" do
-      assert_nil @user.reload.remember_token
+    should "reset the remember token" do
+      assert_not_equal "old-token", @user.reload.remember_token
     end
   end
 

data/test/models/user_test.rb

@@ -73,7 +73,7 @@ class UserTest < ActiveSupport::TestCase
   end
 
   context "When multiple users have signed up" do
-    setup { @user = Factory(:user) }
+    setup { Factory(:user) }
     should_validate_uniqueness_of :email
   end
 
@@ -120,17 +120,17 @@ class UserTest < ActiveSupport::TestCase
     end
   end
 
-  # remember me
+  # resetting remember token
 
-  context "When authenticating with remember_me!" do
+  context "When resetting authentication with reset_remember_token!" do
     setup do
       @user  = Factory(:email_confirmed_user)
-      assert_nil @user.remember_token
-      @user.remember_me!
+      @user.remember_token = "old-token"
+      @user.reset_remember_token!
     end
 
-    should "set the remember token" do
-      assert_not_nil @user.remember_token
+    should "change the remember token" do
+      assert_not_equal "old-token", @user.remember_token
     end
   end
 
@@ -155,6 +155,7 @@ class UserTest < ActiveSupport::TestCase
   end
 
   should "not generate the same remember token for users with the same password at the same time" do
+    Time.stubs(:now => Time.now)
     password    = 'secret'
     first_user  = Factory(:email_confirmed_user,
                           :password              => password,
@@ -163,10 +164,6 @@ class UserTest < ActiveSupport::TestCase
                           :password              => password,
                           :password_confirmation => password)
 
-    Time.stubs(:now => Time.now)
-    first_user.remember_me!
-    second_user.remember_me!
-
     assert_not_equal first_user.remember_token, second_user.remember_token
   end
 
@@ -224,4 +221,35 @@ class UserTest < ActiveSupport::TestCase
 
   end
 
+  # optional email/password fields
+  context "a user with an optional email" do
+    setup do
+      @user = User.new
+      class << @user
+        def email_optional?
+          true
+        end
+      end
+    end
+
+    subject { @user }
+
+    should_allow_values_for :email, nil, ""
+  end
+
+  context "a user with an optional password" do
+    setup do
+      @user = User.new
+      class << @user
+        def password_optional?
+          true
+        end
+      end
+    end
+
+    subject { @user }
+
+    should_allow_values_for :password, nil, ""
+  end
+
 end

data/test/rails_root/features/step_definitions/clearance_steps.rb

@@ -97,7 +97,7 @@ When /^I sign in as "(.*)\/(.*)"$/ do |email, password|
   When %{I go to the sign in page}
   And %{I fill in "Email" with "#{email}"}
   And %{I fill in "Password" with "#{password}"}
-  And %{I press "Sign In"}
+  And %{I press "Sign in"}
 end
 
 When /^I sign out$/ do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: clearance
 version: !ruby/object:Gem::Version 
-  version: 0.8.5
+  version: 0.8.6
 platform: ruby
 authors: 
 - Dan Croak
@@ -26,7 +26,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-01-20 00:00:00 -05:00
+date: 2010-02-17 00:00:00 -05:00
 default_executable: 
 dependencies: []
 
@@ -38,11 +38,11 @@ extensions: []
 
 extra_rdoc_files: 
 - LICENSE
-- README.textile
+- README.md
 files: 
 - CHANGELOG.textile
 - LICENSE
-- README.textile
+- README.md
 - Rakefile
 - VERSION
 - app/controllers/clearance/confirmations_controller.rb
@@ -74,7 +74,6 @@ files:
 - generators/clearance_features/templates/features/sign_out.feature
 - generators/clearance_features/templates/features/sign_up.feature
 - generators/clearance_features/templates/features/step_definitions/clearance_steps.rb
-- generators/clearance_features/templates/features/step_definitions/factory_girl_steps.rb
 - generators/clearance_features/templates/features/support/paths.rb
 - generators/clearance_views/USAGE
 - generators/clearance_views/clearance_views_generator.rb
@@ -139,13 +138,12 @@ test_files:
 - test/rails_root/config/environments/production.rb
 - test/rails_root/config/environments/test.rb
 - test/rails_root/config/initializers/clearance.rb
-- test/rails_root/config/initializers/clearance_loader.rb
 - test/rails_root/config/initializers/inflections.rb
 - test/rails_root/config/initializers/mime_types.rb
 - test/rails_root/config/initializers/requires.rb
 - test/rails_root/config/initializers/time_formats.rb
 - test/rails_root/config/routes.rb
-- test/rails_root/db/migrate/20100120045223_clearance_create_users.rb
+- test/rails_root/db/migrate/20100217171349_clearance_create_users.rb
 - test/rails_root/features/step_definitions/clearance_steps.rb
 - test/rails_root/features/step_definitions/factory_girl_steps.rb
 - test/rails_root/features/step_definitions/web_steps.rb

data/README.textile

@@ -1,108 +0,0 @@
-h1. Clearance
-
-Rails authentication with email & password.
-
-"We have clearance, Clarence.":http://www.youtube.com/v/mNRXJEE3Nz8
-
-h2. Help
-
-* "#thoughtbot":irc://irc.freenode.net/thoughtbot IRC channel on freenode
-* "documentation":http://rdoc.info/projects/thoughtbot/clearance
-* "mailing list":http://groups.google.com/group/thoughtbot-clearance
-
-h2. Bugs, Patches
-
-Fork away and create a "Github Issue":http://github.com/thoughtbot/clearance/issues.
-
-h2. Installation
-
-Clearance is a Rails engine. It works with versions of Rails greater than 2.3.
-
-Install it as a gem however you like to install gems. Gem Bundler example:
-
-<pre>
-gem "clearance"
-</pre>
-
-Make sure the development database exists and run the generator:
-
-<pre>
-script/generate clearance
-</pre>
-
-This:
-
-* inserts Clearance::User into your User model
-* inserts Clearance::Authentication into your ApplicationController
-* inserts Clearance::Routes.draw(map) into your config.routes.rb
-* created a migration that either creates a users table or adds only missing columns
-* prints further instructions
-
-h2. Usage
-
-If you want to authenticate users for a controller action, use the authenticate method in a before_filter.
-
-    class WidgetsController < ApplicationController
-      before_filter :authenticate
-
-      def index
-        @widgets = Widget.all
-      end
-    end
-
-Subclass and override any Clearance-provided controller as needed:
-
-    class SessionsController < Clearance::SessionsController
-      def url_after_create
-        new_blog_post_path
-      end
-    end
-
-Actions that redirect (create, update, and destroy) in Clearance controllers
-can be overriden by re-defining url_after_(action) methods as seen above.
-
-h2. Optional Cucumber features
-
-As your app evolves, you want to know that authentication still works. thoughtbot's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
-
-Run the Cucumber generator (if you haven't already) and Clearance's feature generator:
-
-<pre>
-script/generate cucumber
-script/generate clearance_features
-</pre>
-
-All of the files generated should be new with the exception of the features/support/paths.rb file. If you have not modified your paths.rb then you will be okay to replace it with this one. If you need to keep your paths.rb file then add these locations in your paths.rb manually:
-
-<pre>
-def path_to(page_name)
-  case page_name
-   ...
-  when /the sign up page/i
-   new_user_path
-  when /the sign in page/i
-   new_session_path
-  when /the password reset request page/i
-   new_password_path
-  ...
-end
-</pre>
-
-h2. Optional Formtastic views
-
-We have begun standardizing our forms using "Formtastic":http://github.com/justinfrench/formtastic. We highly recommend trying it. It will make your Rails view life more interesting.
-
-Clearance has another generator to generate Formastic views:
-
-<pre>
-script/generate clearance_views
-</pre>
-
-Its implementation is designed so that other view styles can be generated if the community wants it. However, we haven't needed them so you'll have to write the patch and send it back if you want other styles (such as Haml).
-
-h2. Authors
-
-Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's clients' Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!
-
-Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov, Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey, Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton, Mustafa Ekim, Jon Yurek, Anuj Dutta, and Chad Pytel.
-

data/generators/clearance_features/templates/features/step_definitions/factory_girl_steps.rb

@@ -1,5 +0,0 @@
-Factory.factories.each do |name, factory|
-  Given /^an? #{name} exists with an? (.*) of "([^"]*)"$/ do |attr, value|
-    Factory(name, attr.gsub(' ', '_') => value)
-  end
-end

data/test/rails_root/config/initializers/clearance_loader.rb

@@ -1,8 +0,0 @@
-# This simulates loading the clearance gem, but without relying on
-# vendor/gems
-
-clearance_path = File.join(File.dirname(__FILE__), *%w(.. .. .. ..))
-clearance_lib_path = File.join(clearance_path, "lib")
-
-$LOAD_PATH.unshift(clearance_lib_path)
-load File.join(clearance_path, 'rails', 'init.rb')