RubyGems - clearance - Versions diffs - 1.0.0.rc4 → 1.0.0.rc6 - Mend

clearance 1.0.0.rc4 → 1.0.0.rc6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of clearance might be problematic. Click here for more details.

Files changed (58) hide show

checksums.yaml +15 -0
data/.travis.yml +14 -3
data/Appraisals +7 -1
data/Gemfile.lock +33 -26
data/LICENSE +1 -1
data/NEWS.md +13 -10
data/README.md +44 -37
data/Rakefile +3 -0
data/app/controllers/clearance/passwords_controller.rb +6 -2
data/app/views/clearance_mailer/change_password.html.erb +2 -2
data/app/views/passwords/create.html.erb +3 -1
data/app/views/passwords/edit.html.erb +15 -13
data/app/views/passwords/new.html.erb +13 -11
data/app/views/sessions/_form.html.erb +8 -3
data/app/views/sessions/new.html.erb +4 -11
data/app/views/users/_form.html.erb +2 -2
data/app/views/users/new.html.erb +14 -5
data/clearance.gemspec +5 -3
data/config/locales/clearance.en.yml +53 -23
data/config/routes.rb +3 -3
data/gemfiles/{3.0.17.gemfile → 3.0.20.gemfile} +1 -1
data/gemfiles/{3.0.17.gemfile.lock → 3.0.20.gemfile.lock} +62 -57
data/gemfiles/{3.2.8.gemfile → 3.1.11.gemfile} +1 -1
data/gemfiles/{3.1.8.gemfile.lock → 3.1.11.gemfile.lock} +70 -65
data/gemfiles/{3.1.8.gemfile → 3.2.12.gemfile} +1 -1
data/gemfiles/{3.2.8.gemfile.lock → 3.2.12.gemfile.lock} +74 -68
data/gemfiles/3.2.13.rc2.gemfile +7 -0
data/gemfiles/3.2.13.rc2.gemfile.lock +182 -0
data/lib/clearance.rb +2 -1
data/lib/clearance/authentication.rb +8 -53
data/lib/clearance/authorization.rb +62 -0
data/lib/clearance/back_door.rb +42 -0
data/lib/clearance/controller.rb +11 -0
data/lib/clearance/password_strategies/bcrypt.rb +13 -1
data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +1 -0
data/lib/clearance/password_strategies/blowfish.rb +5 -1
data/lib/clearance/password_strategies/sha1.rb +5 -1
data/lib/clearance/testing.rb +1 -1
data/lib/clearance/testing/app/controllers/application_controller.rb +1 -1
data/lib/clearance/user.rb +23 -10
data/lib/clearance/version.rb +1 -1
data/lib/generators/clearance/install/install_generator.rb +1 -1
data/lib/generators/clearance/specs/templates/support/integration.rb +2 -0
data/spec/clearance/back_door_spec.rb +39 -0
data/spec/controllers/denies_controller_spec.rb +3 -2
data/spec/controllers/flashes_controller_spec.rb +3 -3
data/spec/controllers/forgeries_controller_spec.rb +3 -2
data/spec/controllers/passwords_controller_spec.rb +14 -0
data/spec/mailers/clearance_mailer_spec.rb +9 -1
data/spec/models/bcrypt_migration_from_sha1_spec.rb +10 -9
data/spec/models/bcrypt_spec.rb +21 -7
data/spec/models/blowfish_spec.rb +1 -6
data/spec/models/password_strategies_spec.rb +9 -3
data/spec/models/sha1_spec.rb +1 -6
data/spec/models/user_spec.rb +19 -9
data/spec/support/clearance.rb +1 -1
data/spec/support/fake_model_with_password_strategy.rb +14 -0
metadata +54 -47

data/gemfiles/3.2.13.rc2.gemfile ADDED

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+source "http://rubygems.org"
+gem "rails", "3.2.13.rc2"
+gemspec :path=>"../"

data/gemfiles/3.2.13.rc2.gemfile.lock ADDED

@@ -0,0 +1,182 @@
+PATH
+  remote: ../
+  specs:
+    clearance (1.0.0.rc5)
+      bcrypt-ruby
+      email_validator
+      rails (>= 3.0)
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.2.13.rc2)
+      actionpack (= 3.2.13.rc2)
+      mail (~> 2.5.3)
+    actionpack (3.2.13.rc2)
+      activemodel (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      builder (~> 3.0.0)
+    activerecord (3.2.13.rc2)
+      activemodel (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.13.rc2)
+      activemodel (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+    activesupport (3.2.13.rc2)
+      i18n (= 0.6.1)
+      multi_json (~> 1.0)
+    appraisal (0.4.1)
+      bundler
+      rake
+    arel (3.0.2)
+    aruba (0.4.11)
+      childprocess (>= 0.2.3)
+      cucumber (>= 1.1.1)
+      ffi (>= 1.0.11)
+      rspec (>= 2.7.0)
+    bcrypt-ruby (3.0.1)
+    bourne (1.3.0)
+      mocha (= 0.13.0)
+    builder (3.0.4)
+    capybara (1.1.2)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      selenium-webdriver (~> 2.0)
+      xpath (~> 0.1.4)
+    childprocess (0.3.9)
+      ffi (~> 1.0, >= 1.0.11)
+    cucumber (1.2.3)
+      builder (>= 2.1.2)
+      diff-lcs (>= 1.1.3)
+      gherkin (~> 2.11.6)
+      multi_json (~> 1.3)
+    cucumber-rails (1.1.1)
+      capybara (>= 1.1.1)
+      cucumber (>= 1.1.0)
+      nokogiri (>= 1.5.0)
+    database_cleaner (0.8.0)
+    diff-lcs (1.1.3)
+    email_validator (1.3.0)
+      activemodel
+    erubis (2.7.0)
+    factory_girl (3.5.0)
+      activesupport (>= 3.0.0)
+    factory_girl_rails (3.5.0)
+      factory_girl (~> 3.5.0)
+      railties (>= 3.0.0)
+    ffi (1.4.0)
+    gherkin (2.11.6)
+      json (>= 1.7.6)
+    hike (1.2.1)
+    i18n (0.6.1)
+    journey (1.0.4)
+    json (1.7.7)
+    mail (2.5.3)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    metaclass (0.0.1)
+    mime-types (1.21)
+    mocha (0.13.0)
+      metaclass (~> 0.0.1)
+    multi_json (1.6.1)
+    nokogiri (1.5.6)
+    polyglot (0.3.3)
+    psych (1.3.4)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.3)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (3.2.13.rc2)
+      actionmailer (= 3.2.13.rc2)
+      actionpack (= 3.2.13.rc2)
+      activerecord (= 3.2.13.rc2)
+      activeresource (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      bundler (~> 1.0)
+      railties (= 3.2.13.rc2)
+    railties (3.2.13.rc2)
+      actionpack (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (10.0.3)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rspec (2.12.0)
+      rspec-core (~> 2.12.0)
+      rspec-expectations (~> 2.12.0)
+      rspec-mocks (~> 2.12.0)
+    rspec-core (2.12.2)
+    rspec-expectations (2.12.1)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.12.2)
+    rspec-rails (2.12.2)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 2.12.0)
+      rspec-expectations (~> 2.12.0)
+      rspec-mocks (~> 2.12.0)
+    rubyzip (0.9.9)
+    selenium-webdriver (2.31.0)
+      childprocess (>= 0.2.5)
+      multi_json (~> 1.0)
+      rubyzip
+      websocket (~> 1.0.4)
+    shoulda-matchers (1.2.0)
+      activesupport (>= 3.0.0)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.6)
+    thor (0.17.0)
+    tilt (1.3.5)
+    timecop (0.3.5)
+    treetop (1.4.12)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.37)
+    websocket (1.0.7)
+    xpath (0.1.4)
+      nokogiri (~> 1.3)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  appraisal (= 0.4.1)
+  aruba (= 0.4.11)
+  bourne (= 1.3.0)
+  bundler (~> 1.1)
+  capybara (= 1.1.2)
+  clearance!
+  cucumber-rails (= 1.1.1)
+  database_cleaner (= 0.8.0)
+  factory_girl_rails (= 3.5.0)
+  psych (~> 1.3.4)
+  rails (= 3.2.13.rc2)
+  rspec-rails (= 2.12.2)
+  shoulda-matchers (= 1.2.0)
+  sqlite3 (= 1.3.6)
+  timecop (= 0.3.5)

data/lib/clearance.rb CHANGED

@@ -1,7 +1,8 @@
 require 'clearance/configuration'
 require 'clearance/session'
 require 'clearance/rack_session'
-require 'clearance/authentication'
+require 'clearance/back_door'
+require 'clearance/controller'
 require 'clearance/user'
 require 'clearance/engine'
 require 'clearance/password_strategies'

data/lib/clearance/authentication.rb CHANGED

@@ -4,8 +4,14 @@ module Clearance
     included do
       helper_method :current_user, :signed_in?, :signed_out?
-      hide_action :authorize, :current_user, :current_user=, :deny_access,
-        :sign_in, :sign_out, :signed_in?, :signed_out?
+      hide_action(
+        :current_user,
+        :current_user=,
+        :sign_in,
+        :sign_out,
+        :signed_in?,
+        :signed_out?
+      )
     end
     def authenticate(params)
@@ -14,12 +20,6 @@ module Clearance
       )
     end
-    def authorize
-      unless signed_in?
-        deny_access
-      end
-    end
     def current_user
       clearance_session.current_user
     end
@@ -28,20 +28,6 @@ module Clearance
       clearance_session.sign_in user
     end
-    def deny_access(flash_message = nil)
-      store_location
-      if flash_message
-        flash[:notice] = flash_message
-      end
-      if signed_in?
-        redirect_to url_after_denied_access_when_signed_in
-      else
-        redirect_to url_after_denied_access_when_signed_out
-      end
-    end
     def sign_in(user)
       clearance_session.sign_in user
     end
@@ -67,39 +53,8 @@ module Clearance
     protected
-    def clear_return_to
-      session[:return_to] = nil
-    end
     def clearance_session
       request.env[:clearance]
     end
-    def store_location
-      if request.get?
-        session[:return_to] = request.fullpath
-      end
-    end
-    def redirect_back_or(default)
-      redirect_to(return_to || default)
-      clear_return_to
-    end
-    def redirect_to_root
-      redirect_to('/')
-    end
-    def return_to
-      session[:return_to] || params[:return_to]
-    end
-    def url_after_denied_access_when_signed_in
-      '/'
-    end
-    def url_after_denied_access_when_signed_out
-      sign_in_url
-    end
   end
 end

data/lib/clearance/authorization.rb ADDED

@@ -0,0 +1,62 @@
+module Clearance
+  module Authorization
+    extend ActiveSupport::Concern
+    included do
+      hide_action :authorize, :deny_access
+    end
+    def authorize
+      unless signed_in?
+        deny_access
+      end
+    end
+    def deny_access(flash_message = nil)
+      store_location
+      if flash_message
+        flash[:notice] = flash_message
+      end
+      if signed_in?
+        redirect_to url_after_denied_access_when_signed_in
+      else
+        redirect_to url_after_denied_access_when_signed_out
+      end
+    end
+    protected
+    def clear_return_to
+      session[:return_to] = nil
+    end
+    def store_location
+      if request.get?
+        session[:return_to] = request.fullpath
+      end
+    end
+    def redirect_back_or(default)
+      redirect_to(return_to || default)
+      clear_return_to
+    end
+    def redirect_to_root
+      redirect_to('/')
+    end
+    def return_to
+      session[:return_to] || params[:return_to]
+    end
+    def url_after_denied_access_when_signed_in
+      '/'
+    end
+    def url_after_denied_access_when_signed_out
+      sign_in_url
+    end
+  end
+end

data/lib/clearance/back_door.rb ADDED

@@ -0,0 +1,42 @@
+module Clearance
+  # Middleware which allows signing in by passing as=USER_ID in a query
+  # parameter.
+  #
+  # Designed to eliminate time in integration tests wasted by visiting and
+  # submitting the sign in form.
+  #
+  # Configuration:
+  #
+  #   # config/environments/test.rb
+  #   MyRailsApp::Application.configure do
+  #     # ...
+  #     config.middleware.use ClearanceBackDoor
+  #     # ...
+  #   end
+  #
+  # Usage:
+  #
+  #   visit new_feedback_path(as: user)
+  class BackDoor
+    def initialize(app)
+      @app = app
+    end
+    def call(env)
+      sign_in_through_the_back_door(env)
+      @app.call(env)
+    end
+    private
+    def sign_in_through_the_back_door(env)
+      params = Rack::Utils.parse_query(env['QUERY_STRING'])
+      user_id = params['as']
+      if user_id.present?
+        user = Clearance.configuration.user_model.find(user_id)
+        env[:clearance].sign_in(user)
+      end
+    end
+  end
+end

data/lib/clearance/controller.rb ADDED

@@ -0,0 +1,11 @@
+require 'clearance/authentication'
+require 'clearance/authorization'
+module Clearance
+  module Controller
+    extend ActiveSupport::Concern
+    include Clearance::Authentication
+    include Clearance::Authorization
+  end
+end

data/lib/clearance/password_strategies/bcrypt.rb CHANGED

@@ -20,7 +20,19 @@ module Clearance
       private
       def encrypt(password)
-        ::BCrypt::Password.create(password)
+        ::BCrypt::Password.create(password, :cost => cost)
+      end
+      def cost
+        if test_environment?
+          ::BCrypt::Engine::MIN_COST
+        else
+          ::BCrypt::Engine::DEFAULT_COST
+        end
+      end
+      def test_environment?
+        defined?(::Rails) && ::Rails.env.test?
       end
     end
   end

data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb CHANGED

@@ -44,6 +44,7 @@ module Clearance
         if sha1_password?
           if SHA1User.new(self).authenticated? password
             self.password = password
+            self.save
             true
           end
         end

data/lib/clearance/password_strategies/blowfish.rb CHANGED

@@ -30,9 +30,13 @@ module Clearance
       def initialize_salt_if_necessary
         if salt.blank?
-          self.salt = generate_random_code
+          self.salt = generate_salt
         end
       end
+      def generate_salt
+        SecureRandom.hex(20).encode('UTF-8')
+      end
     end
   end
 end