clearance 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f4e6710b70b803fe467aabe7d840cbfa3f18c0d4
-  data.tar.gz: b8728d50e2609028e65810667d3853aebc975b71
+  metadata.gz: f0e5c1ad076dc7b6d2437299cd7888a0112eb892
+  data.tar.gz: fbe33eb3eca23b455dd535d7d6c7df5af9e85d53
 SHA512:
-  metadata.gz: 472bd52036488dd09691f23a4065f0394bdfb48c3784d56824871861a1ff6f6497b1d5d8863c021e4a656479314bb08c74a311aca22cca057fea44ee5a952cc0
-  data.tar.gz: 05ba71e0e4e71104e181487c010e30a827b482b4a000c3b7ef9a1c3e90e4b3df6004247fbd59d01af70c7957dc8284163396c2343ecc5e2f8ec0c95277df18ca
+  metadata.gz: 3c34b9bb7f111bc599149e006fbee5e3a98e6c7bbf00797469781585b9a846ae4900d1deed564795ef3da81f62dfe7a691f69f14b574c17091a2e158f2fa3956
+  data.tar.gz: 66f14e544e08dbf94d16ca3066750abe3d444280ff2dae2dc6782e90790efc6ce066234bc2592bffb0e5c4c01f1c3578c69d9529afc75411eca24fe2f95291dc

data/.travis.yml

@@ -5,6 +5,10 @@ rvm:
   - 1.9.3
   - 2.0.0
 
+before_install:
+  - "sudo apt-get install ca-certificates"
+  - "gem update --system"
+
 install:
   - "bundle install"
 

data/Appraisals

@@ -1,4 +1,4 @@
-rails_versions = ['~> 3.2.13', '~> 4.0.0']
+rails_versions = ['~> 3.2.15', '~> 4.0.0']
 
 rails_versions.each do |rails_version|
   appraise "rails#{rails_version.slice(/\d+\.\d+/)}" do

data/CONTRIBUTING.md

@@ -9,8 +9,8 @@ We love pull requests. Here's a quick guide:
    to know that you have a clean slate: `rake`
 
 4. Add a test for your change. Only refactoring and documentation changes
-   require no new tests. If you are adding functionality or fixing a bug, we need
-   a test!
+   require no new tests. If you are adding functionality or fixing a
+   bug, we need a test!
 
 5. Make the test pass.
 

data/Gemfile

@@ -7,14 +7,12 @@ gem 'aruba', '~> 0.5'
 gem 'bourne', '~> 1.4'
 gem 'bundler', '~> 1.3'
 gem 'capybara', '~> 2.0.3'
-gem 'cucumber-rails', '~> 1.3'
+gem 'cucumber-rails', '~> 1.3', require: false
 gem 'database_cleaner', '~> 1.0'
 gem 'factory_girl_rails', '~> 4.2'
 gem 'jbuilder', '~> 1.2'
 gem 'rspec-rails', '~> 2.13'
 gem 'sdoc'
-gem 'shoulda-matchers',
-  github: 'thoughtbot/shoulda-matchers',
-  branch: 'dp-rails-four'
+gem 'shoulda-matchers', '~> 2.4'
 gem 'sqlite3', '~> 1.3'
 gem 'timecop', '~> 0.6'

data/Gemfile.lock

@@ -1,15 +1,7 @@
-GIT
-  remote: git://github.com/thoughtbot/shoulda-matchers.git
-  revision: 2b452d5d3970e7319d0d4ea82942960616e05453
-  branch: dp-rails-four
-  specs:
-    shoulda-matchers (2.2.0)
-      activesupport (>= 3.0.0)
-
 PATH
   remote: .
   specs:
-    clearance (1.0.1)
+    clearance (1.1.0)
       bcrypt-ruby
       email_validator (~> 1.4)
       rails (>= 3.1)
@@ -44,13 +36,13 @@ GEM
     appraisal (0.5.2)
       bundler
       rake
-    arel (4.0.0)
+    arel (4.0.1)
     aruba (0.5.3)
       childprocess (>= 0.3.6)
       cucumber (>= 1.1.1)
       rspec-expectations (>= 2.7.0)
-    atomic (1.1.10)
-    bcrypt-ruby (3.1.1)
+    atomic (1.1.14)
+    bcrypt-ruby (3.1.2)
     bourne (1.5.0)
       mocha (>= 0.13.2, < 0.15)
     builder (3.1.4)
@@ -87,7 +79,7 @@ GEM
     gherkin (2.12.0)
       multi_json (~> 1.3)
     hike (1.2.3)
-    i18n (0.6.4)
+    i18n (0.6.5)
     jbuilder (1.5.0)
       activesupport (>= 3.0.0)
       multi_json (>= 1.2.0)
@@ -101,7 +93,7 @@ GEM
     minitest (4.7.5)
     mocha (0.14.0)
       metaclass (~> 0.0.1)
-    multi_json (1.7.7)
+    multi_json (1.7.9)
     multi_test (0.0.2)
     nokogiri (1.6.0)
       mini_portile (~> 0.5.0)
@@ -145,25 +137,27 @@ GEM
       multi_json (~> 1.0)
       rubyzip
       websocket (~> 1.0.4)
+    shoulda-matchers (2.4.0)
+      activesupport (>= 3.0.0)
     sprockets (2.10.0)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.0.0)
+    sprockets-rails (2.0.1)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       sprockets (~> 2.8)
     sqlite3 (1.3.7)
     thor (0.18.1)
-    thread_safe (0.1.2)
+    thread_safe (0.1.3)
       atomic
     tilt (1.4.1)
     timecop (0.6.2.2)
-    treetop (1.4.14)
+    treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.37)
+    tzinfo (0.3.38)
     websocket (1.0.7)
     xpath (1.0.0)
       nokogiri (~> 1.3)
@@ -184,6 +178,6 @@ DEPENDENCIES
   jbuilder (~> 1.2)
   rspec-rails (~> 2.13)
   sdoc
-  shoulda-matchers!
+  shoulda-matchers (~> 2.4)
   sqlite3 (~> 1.3)
   timecop (~> 0.6)

data/NEWS.md

@@ -1,5 +1,19 @@
 Thank you to all the [contributors](https://github.com/thoughtbot/clearance/graphs/contributors)!
 
+New for 1.1.0 (November 21, 2013):
+
+* Validate email with `EmailValidator` [strict mode][strict].
+* The `cookie_expiration` configuration lambda can now be called with  a
+  `cookies` parameter. allows the Clearance cookie expiration to be set
+  according to the value of another cookie (such as `remember_me`).
+* A `cookie_expiration` lambda that does not accept this `cookies`
+  parameter has been deprecated.
+* Allow cookie domain and path configuration.
+* Add sign in guards.
+* Don't allow logins with blank `remember_token`.
+
+[strict]: https://github.com/balexand/email_validator#strict-mode
+
 New for 1.0.1 (August 9, 2013):
 
 * Fix an issue when trying to sign in with `nil`

data/README.md

@@ -8,9 +8,10 @@ Clearance
 Rails authentication with email & password.
 
 Clearance was extracted out of [Airbrake](http://airbrake.io/). It is intended
-to be small, simple, well-tested, with easy to override defaults.
+to be small, simple, and well-tested. It is intended to be easy to override
+defaults.
 
-Use [Github Issues](https://github.com/thoughtbot/clearance/issues) for help.
+Use [GitHub Issues](https://github.com/thoughtbot/clearance/issues) for help.
 
 Read [CONTRIBUTING.md](/CONTRIBUTING.md) to contribute.
 
@@ -23,7 +24,7 @@ It works with Rails 4 and Ruby 2.
 Include the gem in your Gemfile:
 
 ```ruby
-gem 'clearance', '1.0.0'
+gem 'clearance'
 ```
 
 Bundle:
@@ -43,10 +44,11 @@ The generator:
 
 Then, follow the instructions output from the generator.
 
-Use Clearance [0.8.8](https://github.com/thoughtbot/clearance/tree/v0.8.8)
-series for Rails 2 apps.
+Use Clearance [0.8.8](https://github.com/thoughtbot/clearance/tree/v0.8.8) for
+Rails 2 apps.
 
-Use [0.16.3](http://rubygems.org/gems/clearance/versions/0.16.3) for Ruby 1.8.7.
+Use Clearance [0.16.3](http://rubygems.org/gems/clearance/versions/0.16.3) for
+Ruby 1.8.7 apps.
 
 Configure
 ---------
@@ -55,12 +57,15 @@ Override any of these defaults in `config/initializers/clearance.rb`:
 
 ```ruby
 Clearance.configure do |config|
-  config.cookie_expiration = lambda { 1.year.from_now.utc }
+  config.cookie_domain = '.example.com'
+  config.cookie_expiration = lambda { |cookies| 1.year.from_now.utc }
+  config.cookie_path = '/'
   config.httponly = false
   config.mailer_sender = 'reply@example.com'
   config.password_strategy = Clearance::PasswordStrategies::BCrypt
   config.redirect_url = '/'
   config.secure_cookie = false
+  config.sign_in_guards = []
   config.user_model = User
 end
 ```
@@ -314,15 +319,25 @@ class AddSaltToUsers < ActiveRecord::Migration
 end
 ```
 
-You can write a custom password strategy that has two instance methods:
+You can write a custom password strategy that has two instance methods.
+In your `authenticated?` method, encrypt the password with your desired
+strategy, and then compare it to the `encrypted_password` that is provided by
+Clearance.
 
 ```ruby
 module CustomPasswordStrategy
-  def authenticated?
+  def authenticated?(password)
+    encrypted_password == encrypt(password)
   end
 
   def password=(new_password)
   end
+
+  private
+
+  def encrypt
+    # your encryption strategy
+  end
 end
 
 Clearance.configure do |config|
@@ -354,6 +369,51 @@ Then, override the route:
 resources :passwords, only: [:create]
 ```
 
+Using the SignInGuard stack
+-------------------
+
+`SignInGuard`s offer fine-grained control over the process of
+signing in a user. Each guard is run in order and hands the session off to
+the next guard in the stack.
+
+A `SignInGuard` is an object that responds to `call`. It is initialized with a
+session and the current stack.
+
+On success, a guard should call the next guard or return `SuccessStatus.new` if
+you don't want any subsequent guards to run.
+
+On failure, a guard should call `FailureStatus.new(failure_message)`. It can
+provide a message explaining the failure.
+
+For convenience, a [SignInGuard](lib/clearance/sign_in_guard.rb) class has been
+provided and can be inherited from. The convenience class provides a few methods
+to help make writing guards simple: `success`, `failure`, `next_guard`,
+`signed_in?`, and `current_user`.
+
+Here's an example custom guard to handle email confirmation:
+
+```ruby
+Clearance.configure do |config|
+  config.sign_in_guards = [EmailConfirmationGuard]
+end
+```
+
+```ruby
+class EmailConfirmationGuard < Clearance::SignInGuard
+  def call
+    if unconfirmed?
+      failure("You must confirm your email address.")
+    else
+      next_guard
+    end
+  end
+
+  def unconfirmed?
+    signed_in? && !current_user.confirmed_at
+  end
+end
+```
+
 Optional feature specs
 ----------------------
 

data/app/controllers/clearance/sessions_controller.rb

@@ -5,12 +5,13 @@ class Clearance::SessionsController < ApplicationController
   def create
     @user = authenticate(params)
 
-    if @user.nil?
-      flash_failure_after_create
-      render :template => 'sessions/new', :status => :unauthorized
-    else
-      sign_in @user
-      redirect_back_or url_after_create
+    sign_in(@user) do |status|
+      if status.success?
+        redirect_back_or url_after_create
+      else
+        flash.now.notice = status.failure_message
+        render :template => 'sessions/new', :status => :unauthorized
+      end
     end
   end
 

data/app/views/users/new.html.erb

@@ -1,5 +1,5 @@
 <div id='clearance' class='sign-up'>
-  <h2>Sign up</h2>
+  <h2><%= t('.title') %></h2>
 
   <%= form_for @user do |form| %>
     <%= render :partial => '/users/form', :object => form %>

data/config/locales/clearance.en.yml

@@ -69,5 +69,7 @@ en:
         'Sign in'
   users:
     new:
+      title:
+        'Sign up'
       sign_in:
         'Sign in'

data/lib/clearance.rb

@@ -1,4 +1,5 @@
 require 'clearance/configuration'
+require 'clearance/sign_in_guard'
 require 'clearance/session'
 require 'clearance/rack_session'
 require 'clearance/back_door'

data/lib/clearance/authentication.rb

@@ -25,11 +25,13 @@ module Clearance
     end
 
     def current_user=(user)
+      warn 'DEPRECATION WARNING: Assigning the current_user this way has been' +
+      ' deprecated. You should instead use the sign_in method.'
       clearance_session.sign_in user
     end
 
-    def sign_in(user)
-      clearance_session.sign_in user
+    def sign_in(user, &block)
+      clearance_session.sign_in user, &block
     end
 
     def sign_out

data/lib/clearance/configuration.rb

@@ -1,20 +1,25 @@
 module Clearance
   class Configuration
     attr_accessor \
+      :cookie_domain,
       :cookie_expiration,
+      :cookie_path,
       :httponly,
       :mailer_sender,
       :password_strategy,
       :redirect_url,
       :secure_cookie,
+      :sign_in_guards,
       :user_model
 
     def initialize
-      @cookie_expiration = lambda { 1.year.from_now.utc }
+      @cookie_expiration = ->(cookies) { 1.year.from_now.utc }
+      @cookie_path = '/'
       @httponly = false
       @mailer_sender = 'reply@example.com'
-      @secure_cookie = false
       @redirect_url = '/'
+      @secure_cookie = false
+      @sign_in_guards = []
     end
 
     def user_model

data/lib/clearance/default_sign_in_guard.rb

@@ -0,0 +1,19 @@
+module Clearance
+  class DefaultSignInGuard < SignInGuard
+    def call
+      if session.signed_in?
+        success
+      else
+        failure default_failure_message.html_safe
+      end
+    end
+
+    def default_failure_message
+      I18n.t("flashes.failure_after_create", :sign_up_path => sign_up_path)
+    end
+
+    def sign_up_path
+      Rails.application.routes.url_helpers.sign_up_path
+    end
+  end
+end

data/lib/clearance/session.rb

@@ -1,3 +1,5 @@
+require 'clearance/default_sign_in_guard'
+
 module Clearance
   class Session
     REMEMBER_TOKEN_COOKIE = 'remember_token'.freeze
@@ -7,26 +9,30 @@ module Clearance
     end
 
     def add_cookie_to_headers(headers)
-      Rack::Utils.set_cookie_header!(
-        headers,
-        REMEMBER_TOKEN_COOKIE,
-        :value => remember_token,
-        :expires => Clearance.configuration.cookie_expiration.call,
-        :secure => Clearance.configuration.secure_cookie,
-        :httponly => Clearance.configuration.httponly,
-        :path => '/'
-      )
+      Rack::Utils.set_cookie_header!(headers, REMEMBER_TOKEN_COOKIE, cookie_value)
     end
 
     def current_user
-      @current_user ||= with_remember_token do |token|
-        Clearance.configuration.user_model.find_by_remember_token token
+      if remember_token.present?
+        @current_user ||= user_from_remember_token(remember_token)
       end
+
+      @current_user
     end
 
-    def sign_in(user)
-      cookies[REMEMBER_TOKEN_COOKIE] = user && user.remember_token
+    def sign_in(user, &block)
       @current_user = user
+      status = run_sign_in_stack
+
+      if status.success?
+        cookies[REMEMBER_TOKEN_COOKIE] = user && user.remember_token
+      else
+        @current_user = nil
+      end
+
+      if block_given?
+        block.call(status)
+      end
     end
 
     def sign_out
@@ -56,10 +62,54 @@ module Clearance
       cookies[REMEMBER_TOKEN_COOKIE]
     end
 
-    def with_remember_token
-      if remember_token
-        yield remember_token
+    def remember_token_expires
+      if expires_configuration.arity == 1
+        expires_configuration.call(cookies)
+      else
+        warn 'DEPRECATION WARNING: Clearance.configuration.cookie_expiration' +
+          'lambda with no parameters has been deprecated and will be removed' +
+          ' from a future release. The lambda should accept the collection' +
+          ' of previously set cookies.'
+        expires_configuration.call
       end
     end
+
+    def expires_configuration
+      Clearance.configuration.cookie_expiration
+    end
+
+    def user_from_remember_token(token)
+      Clearance.configuration.user_model.where(remember_token: token).first
+    end
+
+    def run_sign_in_stack
+      @stack ||= initialize_sign_in_guard_stack
+      @stack.call
+    end
+
+    def initialize_sign_in_guard_stack
+      default_guard = DefaultSignInGuard.new(self)
+      guards = Clearance.configuration.sign_in_guards
+
+      guards.inject(default_guard) do |stack, guard_class|
+        guard_class.new(self, stack)
+      end
+    end
+
+    def cookie_value
+      value = {
+        :expires => remember_token_expires,
+        :httponly => Clearance.configuration.httponly,
+        :path => Clearance.configuration.cookie_path,
+        :secure => Clearance.configuration.secure_cookie,
+        :value => remember_token
+      }
+
+      if Clearance.configuration.cookie_domain.present?
+        value[:domain] = Clearance.configuration.cookie_domain
+      end
+
+      value
+    end
   end
 end