clearance 1.0.0.rc4 → 1.0.0.rc6

data/gemfiles/3.2.13.rc2.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "http://rubygems.org"
+
+gem "rails", "3.2.13.rc2"
+
+gemspec :path=>"../"

data/gemfiles/3.2.13.rc2.gemfile.lock

@@ -0,0 +1,182 @@
+PATH
+  remote: ../
+  specs:
+    clearance (1.0.0.rc5)
+      bcrypt-ruby
+      email_validator
+      rails (>= 3.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.2.13.rc2)
+      actionpack (= 3.2.13.rc2)
+      mail (~> 2.5.3)
+    actionpack (3.2.13.rc2)
+      activemodel (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      builder (~> 3.0.0)
+    activerecord (3.2.13.rc2)
+      activemodel (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.13.rc2)
+      activemodel (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+    activesupport (3.2.13.rc2)
+      i18n (= 0.6.1)
+      multi_json (~> 1.0)
+    appraisal (0.4.1)
+      bundler
+      rake
+    arel (3.0.2)
+    aruba (0.4.11)
+      childprocess (>= 0.2.3)
+      cucumber (>= 1.1.1)
+      ffi (>= 1.0.11)
+      rspec (>= 2.7.0)
+    bcrypt-ruby (3.0.1)
+    bourne (1.3.0)
+      mocha (= 0.13.0)
+    builder (3.0.4)
+    capybara (1.1.2)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      selenium-webdriver (~> 2.0)
+      xpath (~> 0.1.4)
+    childprocess (0.3.9)
+      ffi (~> 1.0, >= 1.0.11)
+    cucumber (1.2.3)
+      builder (>= 2.1.2)
+      diff-lcs (>= 1.1.3)
+      gherkin (~> 2.11.6)
+      multi_json (~> 1.3)
+    cucumber-rails (1.1.1)
+      capybara (>= 1.1.1)
+      cucumber (>= 1.1.0)
+      nokogiri (>= 1.5.0)
+    database_cleaner (0.8.0)
+    diff-lcs (1.1.3)
+    email_validator (1.3.0)
+      activemodel
+    erubis (2.7.0)
+    factory_girl (3.5.0)
+      activesupport (>= 3.0.0)
+    factory_girl_rails (3.5.0)
+      factory_girl (~> 3.5.0)
+      railties (>= 3.0.0)
+    ffi (1.4.0)
+    gherkin (2.11.6)
+      json (>= 1.7.6)
+    hike (1.2.1)
+    i18n (0.6.1)
+    journey (1.0.4)
+    json (1.7.7)
+    mail (2.5.3)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    metaclass (0.0.1)
+    mime-types (1.21)
+    mocha (0.13.0)
+      metaclass (~> 0.0.1)
+    multi_json (1.6.1)
+    nokogiri (1.5.6)
+    polyglot (0.3.3)
+    psych (1.3.4)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.3)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (3.2.13.rc2)
+      actionmailer (= 3.2.13.rc2)
+      actionpack (= 3.2.13.rc2)
+      activerecord (= 3.2.13.rc2)
+      activeresource (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      bundler (~> 1.0)
+      railties (= 3.2.13.rc2)
+    railties (3.2.13.rc2)
+      actionpack (= 3.2.13.rc2)
+      activesupport (= 3.2.13.rc2)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (10.0.3)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rspec (2.12.0)
+      rspec-core (~> 2.12.0)
+      rspec-expectations (~> 2.12.0)
+      rspec-mocks (~> 2.12.0)
+    rspec-core (2.12.2)
+    rspec-expectations (2.12.1)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.12.2)
+    rspec-rails (2.12.2)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 2.12.0)
+      rspec-expectations (~> 2.12.0)
+      rspec-mocks (~> 2.12.0)
+    rubyzip (0.9.9)
+    selenium-webdriver (2.31.0)
+      childprocess (>= 0.2.5)
+      multi_json (~> 1.0)
+      rubyzip
+      websocket (~> 1.0.4)
+    shoulda-matchers (1.2.0)
+      activesupport (>= 3.0.0)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.6)
+    thor (0.17.0)
+    tilt (1.3.5)
+    timecop (0.3.5)
+    treetop (1.4.12)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.37)
+    websocket (1.0.7)
+    xpath (0.1.4)
+      nokogiri (~> 1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  appraisal (= 0.4.1)
+  aruba (= 0.4.11)
+  bourne (= 1.3.0)
+  bundler (~> 1.1)
+  capybara (= 1.1.2)
+  clearance!
+  cucumber-rails (= 1.1.1)
+  database_cleaner (= 0.8.0)
+  factory_girl_rails (= 3.5.0)
+  psych (~> 1.3.4)
+  rails (= 3.2.13.rc2)
+  rspec-rails (= 2.12.2)
+  shoulda-matchers (= 1.2.0)
+  sqlite3 (= 1.3.6)
+  timecop (= 0.3.5)

data/lib/clearance.rb

@@ -1,7 +1,8 @@
 require 'clearance/configuration'
 require 'clearance/session'
 require 'clearance/rack_session'
-require 'clearance/authentication'
+require 'clearance/back_door'
+require 'clearance/controller'
 require 'clearance/user'
 require 'clearance/engine'
 require 'clearance/password_strategies'

data/lib/clearance/authentication.rb

@@ -4,8 +4,14 @@ module Clearance
 
     included do
       helper_method :current_user, :signed_in?, :signed_out?
-      hide_action :authorize, :current_user, :current_user=, :deny_access,
-        :sign_in, :sign_out, :signed_in?, :signed_out?
+      hide_action(
+        :current_user,
+        :current_user=,
+        :sign_in,
+        :sign_out,
+        :signed_in?,
+        :signed_out?
+      )
     end
 
     def authenticate(params)
@@ -14,12 +20,6 @@ module Clearance
       )
     end
 
-    def authorize
-      unless signed_in?
-        deny_access
-      end
-    end
-
     def current_user
       clearance_session.current_user
     end
@@ -28,20 +28,6 @@ module Clearance
       clearance_session.sign_in user
     end
 
-    def deny_access(flash_message = nil)
-      store_location
-
-      if flash_message
-        flash[:notice] = flash_message
-      end
-
-      if signed_in?
-        redirect_to url_after_denied_access_when_signed_in
-      else
-        redirect_to url_after_denied_access_when_signed_out
-      end
-    end
-
     def sign_in(user)
       clearance_session.sign_in user
     end
@@ -67,39 +53,8 @@ module Clearance
 
     protected
 
-    def clear_return_to
-      session[:return_to] = nil
-    end
-
     def clearance_session
       request.env[:clearance]
     end
-
-    def store_location
-      if request.get?
-        session[:return_to] = request.fullpath
-      end
-    end
-
-    def redirect_back_or(default)
-      redirect_to(return_to || default)
-      clear_return_to
-    end
-
-    def redirect_to_root
-      redirect_to('/')
-    end
-
-    def return_to
-      session[:return_to] || params[:return_to]
-    end
-
-    def url_after_denied_access_when_signed_in
-      '/'
-    end
-
-    def url_after_denied_access_when_signed_out
-      sign_in_url
-    end
   end
 end

data/lib/clearance/authorization.rb

@@ -0,0 +1,62 @@
+module Clearance
+  module Authorization
+    extend ActiveSupport::Concern
+
+    included do
+      hide_action :authorize, :deny_access
+    end
+
+    def authorize
+      unless signed_in?
+        deny_access
+      end
+    end
+
+    def deny_access(flash_message = nil)
+      store_location
+
+      if flash_message
+        flash[:notice] = flash_message
+      end
+
+      if signed_in?
+        redirect_to url_after_denied_access_when_signed_in
+      else
+        redirect_to url_after_denied_access_when_signed_out
+      end
+    end
+
+    protected
+
+    def clear_return_to
+      session[:return_to] = nil
+    end
+
+    def store_location
+      if request.get?
+        session[:return_to] = request.fullpath
+      end
+    end
+
+    def redirect_back_or(default)
+      redirect_to(return_to || default)
+      clear_return_to
+    end
+
+    def redirect_to_root
+      redirect_to('/')
+    end
+
+    def return_to
+      session[:return_to] || params[:return_to]
+    end
+
+    def url_after_denied_access_when_signed_in
+      '/'
+    end
+
+    def url_after_denied_access_when_signed_out
+      sign_in_url
+    end
+  end
+end

data/lib/clearance/back_door.rb

@@ -0,0 +1,42 @@
+module Clearance
+  # Middleware which allows signing in by passing as=USER_ID in a query
+  # parameter.
+  #
+  # Designed to eliminate time in integration tests wasted by visiting and
+  # submitting the sign in form.
+  #
+  # Configuration:
+  #
+  #   # config/environments/test.rb
+  #   MyRailsApp::Application.configure do
+  #     # ...
+  #     config.middleware.use ClearanceBackDoor
+  #     # ...
+  #   end
+  #
+  # Usage:
+  #
+  #   visit new_feedback_path(as: user)
+  class BackDoor
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      sign_in_through_the_back_door(env)
+      @app.call(env)
+    end
+
+    private
+
+    def sign_in_through_the_back_door(env)
+      params = Rack::Utils.parse_query(env['QUERY_STRING'])
+      user_id = params['as']
+
+      if user_id.present?
+        user = Clearance.configuration.user_model.find(user_id)
+        env[:clearance].sign_in(user)
+      end
+    end
+  end
+end

data/lib/clearance/controller.rb

@@ -0,0 +1,11 @@
+require 'clearance/authentication'
+require 'clearance/authorization'
+
+module Clearance
+  module Controller
+    extend ActiveSupport::Concern
+
+    include Clearance::Authentication
+    include Clearance::Authorization
+  end
+end

data/lib/clearance/password_strategies/bcrypt.rb

@@ -20,7 +20,19 @@ module Clearance
       private
 
       def encrypt(password)
-        ::BCrypt::Password.create(password)
+        ::BCrypt::Password.create(password, :cost => cost)
+      end
+
+      def cost
+        if test_environment?
+          ::BCrypt::Engine::MIN_COST
+        else
+          ::BCrypt::Engine::DEFAULT_COST
+        end
+      end
+
+      def test_environment?
+        defined?(::Rails) && ::Rails.env.test?
       end
     end
   end

data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb

@@ -44,6 +44,7 @@ module Clearance
         if sha1_password?
           if SHA1User.new(self).authenticated? password
             self.password = password
+            self.save
             true
           end
         end

data/lib/clearance/password_strategies/blowfish.rb

@@ -30,9 +30,13 @@ module Clearance
 
       def initialize_salt_if_necessary
         if salt.blank?
-          self.salt = generate_random_code
+          self.salt = generate_salt
         end
       end
+
+      def generate_salt
+        SecureRandom.hex(20).encode('UTF-8')
+      end
     end
   end
 end