clearance 1.0.1 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +4 -0
- data/Appraisals +1 -1
- data/CONTRIBUTING.md +2 -2
- data/Gemfile +2 -4
- data/Gemfile.lock +13 -19
- data/NEWS.md +14 -0
- data/README.md +69 -9
- data/app/controllers/clearance/sessions_controller.rb +7 -6
- data/app/views/users/new.html.erb +1 -1
- data/config/locales/clearance.en.yml +2 -0
- data/lib/clearance.rb +1 -0
- data/lib/clearance/authentication.rb +4 -2
- data/lib/clearance/configuration.rb +7 -2
- data/lib/clearance/default_sign_in_guard.rb +19 -0
- data/lib/clearance/session.rb +66 -16
- data/lib/clearance/session_status.rb +19 -0
- data/lib/clearance/sign_in_guard.rb +36 -0
- data/lib/clearance/testing/application.rb +2 -1
- data/lib/clearance/user.rb +1 -1
- data/lib/clearance/version.rb +1 -1
- data/spec/clearance/session_spec.rb +207 -35
- data/spec/clearance/sign_in_guard_spec.rb +29 -0
- data/spec/configuration_spec.rb +51 -27
- data/spec/controllers/apis_controller_spec.rb +0 -6
- data/spec/controllers/permissions_controller_spec.rb +70 -0
- data/spec/controllers/sessions_controller_spec.rb +1 -1
- data/spec/models/user_spec.rb +2 -0
- metadata +10 -5
- data/spec/controllers/denies_controller_spec.rb +0 -62
@@ -0,0 +1,70 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
class PermissionsController < ActionController::Base
|
4
|
+
include Clearance::Controller
|
5
|
+
|
6
|
+
before_filter :authorize, only: :show
|
7
|
+
|
8
|
+
def new
|
9
|
+
render text: 'New page'
|
10
|
+
end
|
11
|
+
|
12
|
+
def show
|
13
|
+
render text: 'Show page'
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
describe PermissionsController do
|
18
|
+
before do
|
19
|
+
Rails.application.routes.draw do
|
20
|
+
resource :permission, only: [:new, :show]
|
21
|
+
get '/sign_in' => 'clearance/sessions#new', as: 'sign_in'
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
after do
|
26
|
+
Rails.application.reload_routes!
|
27
|
+
end
|
28
|
+
|
29
|
+
context 'with signed in user' do
|
30
|
+
before { sign_in }
|
31
|
+
|
32
|
+
it 'allows access to new' do
|
33
|
+
get :new
|
34
|
+
|
35
|
+
subject.should_not deny_access
|
36
|
+
end
|
37
|
+
|
38
|
+
it 'allows access to show' do
|
39
|
+
get :show
|
40
|
+
|
41
|
+
subject.should_not deny_access
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
context 'with visitor' do
|
46
|
+
it 'allows access to new' do
|
47
|
+
get :new
|
48
|
+
|
49
|
+
subject.should_not deny_access
|
50
|
+
end
|
51
|
+
|
52
|
+
it 'denies access to show' do
|
53
|
+
get :show
|
54
|
+
|
55
|
+
subject.should deny_access(redirect: sign_in_url)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
context 'when remember_token is blank' do
|
60
|
+
it 'denies acess to show' do
|
61
|
+
user = create(:user)
|
62
|
+
user.update_attributes(remember_token: '')
|
63
|
+
cookies[:remember_token] = ''
|
64
|
+
|
65
|
+
get :show
|
66
|
+
|
67
|
+
subject.should deny_access
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
@@ -17,7 +17,7 @@ describe Clearance::SessionsController do
|
|
17
17
|
post :create, session: { email: user.email, password: user.password }
|
18
18
|
|
19
19
|
expect(response).to render_template(:new)
|
20
|
-
expect(flash[:notice]).to match
|
20
|
+
expect(flash[:notice]).to match(/^Bad email or password/)
|
21
21
|
end
|
22
22
|
end
|
23
23
|
end
|
data/spec/models/user_spec.rb
CHANGED
@@ -9,11 +9,13 @@ describe User do
|
|
9
9
|
it { should validate_presence_of(:password) }
|
10
10
|
it { should allow_value('foo@example.co.uk').for(:email) }
|
11
11
|
it { should allow_value('foo@example.com').for(:email) }
|
12
|
+
it { should allow_value('foo+bar@example.com').for(:email) }
|
12
13
|
it { should_not allow_value('foo@').for(:email) }
|
13
14
|
it { should_not allow_value('foo@example..com').for(:email) }
|
14
15
|
it { should_not allow_value('foo@.example.com').for(:email) }
|
15
16
|
it { should_not allow_value('foo').for(:email) }
|
16
17
|
it { should_not allow_value('example.com').for(:email) }
|
18
|
+
it { should_not allow_value('foo;@example.com').for(:email) }
|
17
19
|
|
18
20
|
it 'stores email in down case and removes whitespace' do
|
19
21
|
user = create(:user, :email => 'Jo hn.Do e @exa mp le.c om')
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clearance
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dan Croak
|
@@ -25,7 +25,7 @@ authors:
|
|
25
25
|
autorequire:
|
26
26
|
bindir: bin
|
27
27
|
cert_chain: []
|
28
|
-
date: 2013-
|
28
|
+
date: 2013-11-21 00:00:00.000000000 Z
|
29
29
|
dependencies:
|
30
30
|
- !ruby/object:Gem::Dependency
|
31
31
|
name: bcrypt-ruby
|
@@ -123,6 +123,7 @@ files:
|
|
123
123
|
- lib/clearance/constraints/signed_in.rb
|
124
124
|
- lib/clearance/constraints/signed_out.rb
|
125
125
|
- lib/clearance/controller.rb
|
126
|
+
- lib/clearance/default_sign_in_guard.rb
|
126
127
|
- lib/clearance/engine.rb
|
127
128
|
- lib/clearance/password_strategies.rb
|
128
129
|
- lib/clearance/password_strategies/bcrypt.rb
|
@@ -131,6 +132,8 @@ files:
|
|
131
132
|
- lib/clearance/password_strategies/sha1.rb
|
132
133
|
- lib/clearance/rack_session.rb
|
133
134
|
- lib/clearance/session.rb
|
135
|
+
- lib/clearance/session_status.rb
|
136
|
+
- lib/clearance/sign_in_guard.rb
|
134
137
|
- lib/clearance/testing.rb
|
135
138
|
- lib/clearance/testing/app/controllers/application_controller.rb
|
136
139
|
- lib/clearance/testing/application.rb
|
@@ -167,12 +170,13 @@ files:
|
|
167
170
|
- spec/clearance/constraints/signed_out_spec.rb
|
168
171
|
- spec/clearance/rack_session_spec.rb
|
169
172
|
- spec/clearance/session_spec.rb
|
173
|
+
- spec/clearance/sign_in_guard_spec.rb
|
170
174
|
- spec/configuration_spec.rb
|
171
175
|
- spec/controllers/apis_controller_spec.rb
|
172
|
-
- spec/controllers/denies_controller_spec.rb
|
173
176
|
- spec/controllers/flashes_controller_spec.rb
|
174
177
|
- spec/controllers/forgeries_controller_spec.rb
|
175
178
|
- spec/controllers/passwords_controller_spec.rb
|
179
|
+
- spec/controllers/permissions_controller_spec.rb
|
176
180
|
- spec/controllers/sessions_controller_spec.rb
|
177
181
|
- spec/controllers/users_controller_spec.rb
|
178
182
|
- spec/factories.rb
|
@@ -209,7 +213,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
209
213
|
version: '0'
|
210
214
|
requirements: []
|
211
215
|
rubyforge_project:
|
212
|
-
rubygems_version: 2.0.
|
216
|
+
rubygems_version: 2.0.5
|
213
217
|
signing_key:
|
214
218
|
specification_version: 4
|
215
219
|
summary: Rails authentication & authorization with email & password.
|
@@ -226,12 +230,13 @@ test_files:
|
|
226
230
|
- spec/clearance/constraints/signed_out_spec.rb
|
227
231
|
- spec/clearance/rack_session_spec.rb
|
228
232
|
- spec/clearance/session_spec.rb
|
233
|
+
- spec/clearance/sign_in_guard_spec.rb
|
229
234
|
- spec/configuration_spec.rb
|
230
235
|
- spec/controllers/apis_controller_spec.rb
|
231
|
-
- spec/controllers/denies_controller_spec.rb
|
232
236
|
- spec/controllers/flashes_controller_spec.rb
|
233
237
|
- spec/controllers/forgeries_controller_spec.rb
|
234
238
|
- spec/controllers/passwords_controller_spec.rb
|
239
|
+
- spec/controllers/permissions_controller_spec.rb
|
235
240
|
- spec/controllers/sessions_controller_spec.rb
|
236
241
|
- spec/controllers/users_controller_spec.rb
|
237
242
|
- spec/factories.rb
|
@@ -1,62 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
class DeniesController < ActionController::Base
|
4
|
-
include Clearance::Controller
|
5
|
-
|
6
|
-
before_filter :authorize, :only => :show
|
7
|
-
|
8
|
-
def new
|
9
|
-
render :text => 'New page'
|
10
|
-
end
|
11
|
-
|
12
|
-
def show
|
13
|
-
render :text => 'Show page'
|
14
|
-
end
|
15
|
-
|
16
|
-
protected
|
17
|
-
|
18
|
-
def authorize
|
19
|
-
deny_access 'Access denied.'
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
describe DeniesController do
|
24
|
-
before do
|
25
|
-
Rails.application.routes.draw do
|
26
|
-
resource :deny, :only => [:new, :show]
|
27
|
-
get '/sign_in' => 'clearance/sessions#new', :as => 'sign_in'
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
after do
|
32
|
-
Rails.application.reload_routes!
|
33
|
-
end
|
34
|
-
|
35
|
-
context 'signed in user' do
|
36
|
-
before { sign_in }
|
37
|
-
|
38
|
-
it 'allows access to new' do
|
39
|
-
get :new
|
40
|
-
subject.should_not deny_access
|
41
|
-
end
|
42
|
-
|
43
|
-
it 'denies access to show' do
|
44
|
-
get :show
|
45
|
-
subject.should deny_access(:redirect => '/')
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
context 'visitor' do
|
50
|
-
it 'allows access to new' do
|
51
|
-
get :new
|
52
|
-
subject.should_not deny_access
|
53
|
-
end
|
54
|
-
|
55
|
-
it 'denies access to show' do
|
56
|
-
get :show
|
57
|
-
subject.should deny_access
|
58
|
-
subject.should deny_access(:redirect => sign_in_url,
|
59
|
-
:flash => 'Access denied.')
|
60
|
-
end
|
61
|
-
end
|
62
|
-
end
|