clearance 1.10.1 → 1.17.0

data/spec/requests/password_maintenance_spec.rb

@@ -0,0 +1,18 @@
+require "spec_helper"
+
+describe "Password maintenance" do
+  context "when updating the password" do
+    it "signs the user in and redirects" do
+      user = create(:user, :with_forgotten_password)
+
+      put user_password_url(user), params: {
+        user_id: user,
+        token: user.confirmation_token,
+        password_reset: { password: "my_new_password" },
+      }
+
+      expect(response).to redirect_to(Clearance.configuration.redirect_url)
+      expect(cookies["remember_token"]).to be_present
+    end
+  end
+end

data/spec/requests/token_expiration_spec.rb

@@ -0,0 +1,54 @@
+require "spec_helper"
+
+describe "Token expiration" do
+  describe "after signing in" do
+    before do
+      create_user_and_sign_in
+      @initial_cookies = remember_token_cookies
+    end
+
+    it "should have a remember_token cookie with a future expiration" do
+      expect(first_cookie.expires).to be_between(
+        1.years.from_now - 1.second,
+        1.years.from_now,
+      )
+    end
+  end
+
+  describe "after signing in and making a followup request" do
+    before do
+      create_user_and_sign_in
+      @initial_cookies = remember_token_cookies
+
+      Timecop.travel(1.minute.from_now) do
+        get root_path
+        @followup_cookies = remember_token_cookies
+      end
+    end
+
+    it "should set a remember_token on each request with updated expiration" do
+      expect(@followup_cookies.length).to be >= 1,
+        "remember token wasn't set on second request"
+
+      expect(second_cookie.expires).to be > first_cookie.expires
+    end
+  end
+
+  def first_cookie
+    Rack::Test::Cookie.new @initial_cookies.last
+  end
+
+  def second_cookie
+    Rack::Test::Cookie.new @followup_cookies.last
+  end
+
+  def create_user_and_sign_in
+    user = create(:user, password: "password")
+
+    get sign_in_path
+
+    post session_path, params: {
+      session: { email: user.email, password: "password" },
+    }
+  end
+end

data/spec/spec_helper.rb

@@ -4,7 +4,7 @@ require "rails/all"
 require "dummy/application"
 
 require "clearance/rspec"
-require "factory_girl_rails"
+require "factory_bot_rails"
 require "rspec/rails"
 require "shoulda-matchers"
 require "timecop"
@@ -14,7 +14,7 @@ Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
 Dummy::Application.initialize!
 
 RSpec.configure do |config|
-  config.include FactoryGirl::Syntax::Methods
+  config.include FactoryBot::Syntax::Methods
   config.infer_spec_type_from_file_location!
   config.order = :random
   config.use_transactional_fixtures = true
@@ -26,9 +26,27 @@ RSpec.configure do |config|
   config.mock_with :rspec do |mocks|
     mocks.syntax = :expect
   end
+
+  config.before { restore_default_warning_free_config }
+
+  if Rails::VERSION::MAJOR >= 5
+    require 'rails-controller-testing'
+    config.include Rails::Controller::Testing::TestProcess
+    config.include Rails::Controller::Testing::TemplateAssertions
+    config.include Rails::Controller::Testing::Integration
+  end
+end
+
+Shoulda::Matchers.configure do |config|
+  config.integrate do |with|
+    with.test_framework :rspec
+    with.library :action_controller
+    with.library :active_model
+    with.library :active_record
+  end
 end
 
-def restore_default_config
+def restore_default_warning_free_config
   Clearance.configuration = nil
-  Clearance.configure {}
+  Clearance.configure { |config| config.rotate_csrf_on_sign_in = true }
 end

data/spec/support/environment.rb

@@ -0,0 +1,12 @@
+module EnvironmentSupport
+  def with_environment(replacement_env)
+    original_env = ENV.to_hash
+    ENV.update(replacement_env)
+
+    begin
+      yield
+    ensure
+      ENV.replace(original_env)
+    end
+  end
+end

data/spec/support/generator_spec_helpers.rb

@@ -9,12 +9,16 @@ module GeneratorSpecHelpers
     copy_to_generator_root("config", "routes.rb")
   end
 
+  def provide_existing_initializer
+    copy_to_generator_root("config/initializers", "clearance.rb")
+  end
+
   def provide_existing_application_controller
     copy_to_generator_root("app/controllers", "application_controller.rb")
   end
 
   def provide_existing_user_class
-    copy_to_generator_root("app/models", "user.rb")
+    copy_to_generator_root("app/models", versionize_template("user.rb"))
     allow(File).to receive(:exist?).and_call_original
     allow(File).to receive(:exist?).with("app/models/user.rb").and_return(true)
   end
@@ -28,6 +32,14 @@ module GeneratorSpecHelpers
     FileUtils.mkdir_p(destination)
     FileUtils.cp(template_file, destination)
   end
+
+  def versionize_template(template_file)
+    if Rails.version >= "5.0.0"
+      template_file = ["rails5", template_file].join("/")
+    end
+
+    template_file
+  end
 end
 
 RSpec.configure do |config|

data/spec/support/http_method_shim.rb

@@ -0,0 +1,25 @@
+# Rails 5 deprecates calling HTTP action methods with positional arguments
+# in favor of keyword arguments. However, the keyword argument form is only
+# supported in Rails 5+. Since we support 4.2, we must give it a shim to massage
+# the params into the previous style!
+
+module PreRailsFiveHTTPMethodShim
+  def get(path, params: {}, headers: {}, format: :html)
+    super(path, params.merge(format: format), headers)
+  end
+
+  def put(path, params: {}, headers: {}, format: :html)
+    super(path, params.merge(format: format), headers)
+  end
+
+  def post(path, params: {}, headers: {}, format: :html)
+    super(path, params.merge(format: format), headers)
+  end
+end
+
+if Rails::VERSION::MAJOR < 5
+  RSpec.configure do |config|
+    config.include PreRailsFiveHTTPMethodShim, type: :controller
+    config.include PreRailsFiveHTTPMethodShim, type: :request
+  end
+end

data/spec/support/request_with_remember_token.rb

@@ -12,6 +12,11 @@ module RememberTokenHelpers
   def request_without_remember_token
     request_with_remember_token nil
   end
+
+  def remember_token_cookies
+    cookie_lines = headers["Set-Cookie"].lines.map(&:chomp)
+    cookie_lines.select { |name| name =~ /^remember_token/ }
+  end
 end
 
 RSpec.configure do |config|

data/spec/views/view_helpers_spec.rb

@@ -0,0 +1,10 @@
+require "spec_helper"
+
+describe "Clearance RSpec view spec configuration", type: :view do
+  it "lets me use clearance's helper methods in view specs" do
+    user = double("User")
+    sign_in_as(user)
+
+    expect(view.current_user).to eq user
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 1.10.1
+  version: 1.17.0
 platform: ruby
 authors:
 - Dan Croak
@@ -25,7 +25,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-15 00:00:00.000000000 Z
+date: 2019-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -56,7 +56,49 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.4'
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: actionmailer
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -112,10 +154,10 @@ files:
 - config/routes.rb
 - db/migrate/20110111224543_create_clearance_users.rb
 - db/schema.rb
-- gemfiles/rails3.2.gemfile
-- gemfiles/rails4.0.gemfile
-- gemfiles/rails4.1.gemfile
-- gemfiles/rails4.2.gemfile
+- gemfiles/rails_4.2.gemfile
+- gemfiles/rails_5.0.gemfile
+- gemfiles/rails_5.1.gemfile
+- gemfiles/rails_5.2.gemfile
 - lib/clearance.rb
 - lib/clearance/authentication.rb
 - lib/clearance/authorization.rb
@@ -139,17 +181,19 @@ files:
 - lib/clearance/sign_in_guard.rb
 - lib/clearance/test_unit.rb
 - lib/clearance/testing.rb
+- lib/clearance/testing/controller_helpers.rb
 - lib/clearance/testing/deny_access_matcher.rb
 - lib/clearance/testing/helpers.rb
+- lib/clearance/testing/view_helpers.rb
 - lib/clearance/token.rb
 - lib/clearance/user.rb
 - lib/clearance/version.rb
 - lib/generators/clearance/install/install_generator.rb
 - lib/generators/clearance/install/templates/README
 - lib/generators/clearance/install/templates/clearance.rb
-- lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb
-- lib/generators/clearance/install/templates/db/migrate/create_users.rb
-- lib/generators/clearance/install/templates/user.rb
+- lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb.erb
+- lib/generators/clearance/install/templates/db/migrate/create_users.rb.erb
+- lib/generators/clearance/install/templates/user.rb.erb
 - lib/generators/clearance/routes/routes_generator.rb
 - lib/generators/clearance/routes/templates/routes.rb
 - lib/generators/clearance/specs/USAGE
@@ -166,7 +210,9 @@ files:
 - lib/generators/clearance/views/views_generator.rb
 - spec/acceptance/clearance_installation_spec.rb
 - spec/app_templates/app/controllers/application_controller.rb
+- spec/app_templates/app/models/rails5/user.rb
 - spec/app_templates/app/models/user.rb
+- spec/app_templates/config/initializers/clearance.rb
 - spec/app_templates/config/routes.rb
 - spec/app_templates/testapp/Gemfile
 - spec/app_templates/testapp/app/controllers/home_controller.rb
@@ -180,7 +226,8 @@ files:
 - spec/clearance/rack_session_spec.rb
 - spec/clearance/session_spec.rb
 - spec/clearance/sign_in_guard_spec.rb
-- spec/clearance/testing/helpers_spec.rb
+- spec/clearance/testing/controller_helpers_spec.rb
+- spec/clearance/testing/view_helpers_spec.rb
 - spec/clearance/token_spec.rb
 - spec/configuration_spec.rb
 - spec/controllers/apis_controller_spec.rb
@@ -200,22 +247,30 @@ files:
 - spec/generators/clearance/routes/routes_generator_spec.rb
 - spec/generators/clearance/specs/specs_generator_spec.rb
 - spec/generators/clearance/views/views_generator_spec.rb
+- spec/helpers/helper_helpers_spec.rb
 - spec/mailers/clearance_mailer_spec.rb
+- spec/models/user_spec.rb
 - spec/password_strategies/bcrypt_migration_from_sha1_spec.rb
 - spec/password_strategies/bcrypt_spec.rb
 - spec/password_strategies/blowfish_spec.rb
 - spec/password_strategies/password_strategies_spec.rb
 - spec/password_strategies/sha1_spec.rb
+- spec/requests/cookie_options_spec.rb
+- spec/requests/csrf_rotation_spec.rb
+- spec/requests/password_maintenance_spec.rb
+- spec/requests/token_expiration_spec.rb
 - spec/routing/clearance_routes_spec.rb
 - spec/spec_helper.rb
 - spec/support/clearance.rb
 - spec/support/cookies.rb
+- spec/support/environment.rb
 - spec/support/fake_model_with_password_strategy.rb
 - spec/support/fake_model_without_password_strategy.rb
 - spec/support/generator_spec_helpers.rb
+- spec/support/http_method_shim.rb
 - spec/support/request_with_remember_token.rb
-- spec/user_spec.rb
-homepage: http://github.com/thoughtbot/clearance
+- spec/views/view_helpers_spec.rb
+homepage: https://github.com/thoughtbot/clearance
 licenses:
 - MIT
 metadata: {}
@@ -235,8 +290,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Rails authentication & authorization with email & password.

data/gemfiles/rails3.2.gemfile

@@ -1,18 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", "~> 1.0"
-gem "ammeter"
-gem "bundler", "~> 1.3"
-gem "capybara", ">= 2.3"
-gem "database_cleaner", "~> 1.0"
-gem "factory_girl_rails", "~> 4.2"
-gem "rspec-rails", "~> 3.1"
-gem "shoulda-matchers", "~> 2.8"
-gem "sqlite3", "~> 1.3"
-gem "timecop", "~> 0.6"
-gem "pry", :require => false
-gem "rails", "~> 3.2.21"
-
-gemspec :path => "../"

data/gemfiles/rails4.0.gemfile

@@ -1,19 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", "~> 1.0"
-gem "ammeter"
-gem "bundler", "~> 1.3"
-gem "capybara", ">= 2.3"
-gem "database_cleaner", "~> 1.0"
-gem "factory_girl_rails", "~> 4.2"
-gem "rspec-rails", "~> 3.1"
-gem "shoulda-matchers", "~> 2.8"
-gem "sqlite3", "~> 1.3"
-gem "timecop", "~> 0.6"
-gem "pry", :require => false
-gem "rails", "~> 4.0.13"
-gem "test-unit"
-
-gemspec :path => "../"

data/gemfiles/rails4.1.gemfile

@@ -1,18 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", "~> 1.0"
-gem "ammeter"
-gem "bundler", "~> 1.3"
-gem "capybara", ">= 2.3"
-gem "database_cleaner", "~> 1.0"
-gem "factory_girl_rails", "~> 4.2"
-gem "rspec-rails", "~> 3.1"
-gem "shoulda-matchers", "~> 2.8"
-gem "sqlite3", "~> 1.3"
-gem "timecop", "~> 0.6"
-gem "pry", :require => false
-gem "rails", "~> 4.1.9"
-
-gemspec :path => "../"

data/gemfiles/rails4.2.gemfile

@@ -1,18 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", "~> 1.0"
-gem "ammeter"
-gem "bundler", "~> 1.3"
-gem "capybara", ">= 2.3"
-gem "database_cleaner", "~> 1.0"
-gem "factory_girl_rails", "~> 4.2"
-gem "rspec-rails", "~> 3.1"
-gem "shoulda-matchers", "~> 2.8"
-gem "sqlite3", "~> 1.3"
-gem "timecop", "~> 0.6"
-gem "pry", :require => false
-gem "rails", "~> 4.2.0"
-
-gemspec :path => "../"

data/lib/generators/clearance/install/templates/user.rb

@@ -1,3 +0,0 @@
-class User < ActiveRecord::Base
-  include Clearance::User
-end

data/spec/clearance/testing/helpers_spec.rb

@@ -1,38 +0,0 @@
-require 'spec_helper'
-
-describe Clearance::Testing::Helpers do
-  class TestClass
-    include Clearance::Testing::Helpers
-
-    def initialize
-      @controller = Controller.new
-    end
-
-    class Controller
-      def sign_in(user); end
-    end
-  end
-
-  describe '#sign_in' do
-    it 'creates an instance of the clearance user model with FactoryGirl' do
-      MyUserModel = Class.new
-      allow(FactoryGirl).to receive(:create)
-      allow(Clearance.configuration).to receive(:user_model).
-        and_return(MyUserModel)
-
-      TestClass.new.sign_in
-
-      expect(FactoryGirl).to have_received(:create).with(:my_user_model)
-    end
-  end
-
-  describe '#sign_in_as' do
-    it 'returns the user if signed in successfully' do
-      user = build(:user)
-
-      returned_user = TestClass.new.sign_in_as user
-
-      expect(returned_user).to eq user
-    end
-  end
-end