clearance 1.11.0 → 1.12.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.travis.yml +2 -2
- data/.yardopts +3 -0
- data/Gemfile.lock +60 -60
- data/NEWS.md +17 -0
- data/config/locales/clearance.en.yml +1 -0
- data/lib/clearance/authentication.rb +49 -0
- data/lib/clearance/authorization.rb +44 -1
- data/lib/clearance/back_door.rb +1 -0
- data/lib/clearance/configuration.rb +2 -1
- data/lib/clearance/constraints.rb +12 -0
- data/lib/clearance/constraints/signed_in.rb +4 -0
- data/lib/clearance/constraints/signed_out.rb +2 -0
- data/lib/clearance/controller.rb +13 -0
- data/lib/clearance/default_sign_in_guard.rb +17 -0
- data/lib/clearance/engine.rb +16 -0
- data/lib/clearance/password_strategies/bcrypt.rb +3 -2
- data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +9 -0
- data/lib/clearance/password_strategies/blowfish.rb +8 -0
- data/lib/clearance/password_strategies/sha1.rb +8 -0
- data/lib/clearance/rack_session.rb +13 -0
- data/lib/clearance/session.rb +45 -0
- data/lib/clearance/session_status.rb +7 -0
- data/lib/clearance/sign_in_guard.rb +65 -0
- data/lib/clearance/testing/controller_helpers.rb +10 -1
- data/lib/clearance/testing/deny_access_matcher.rb +30 -0
- data/lib/clearance/testing/view_helpers.rb +1 -1
- data/lib/clearance/token.rb +7 -0
- data/lib/clearance/user.rb +159 -0
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/install_generator.rb +1 -1
- data/lib/generators/clearance/routes/routes_generator.rb +15 -0
- data/lib/generators/clearance/routes/templates/routes.rb +10 -10
- data/lib/generators/clearance/specs/templates/features/clearance/visitor_resets_password_spec.rb.tt +1 -1
- data/spec/acceptance/clearance_installation_spec.rb +2 -1
- data/spec/controllers/permissions_controller_spec.rb +6 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4f19deed642e596906454bdc24af4a8a130f0da6
|
4
|
+
data.tar.gz: f0424abac9bb5dfd7a5fca4bca85896ab639931c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3fc54c3cc46fbecb48a627487c34047c3212e85f3831f4db9589c5d1c6da793d217b9cbda2f4fae71a0db37baf3bc5cd7203b11b7b34c9d69cfb1eb4fbac6bda
|
7
|
+
data.tar.gz: 887f7bf44074ef55c242c90c537c0855e5ef5790c88fece43c2067cd89007f76ab3dbf1c56b108961086605823b0c2345079158f131f66027f144cbee614ca47
|
data/.travis.yml
CHANGED
data/.yardopts
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (1.
|
4
|
+
clearance (1.12.0)
|
5
5
|
bcrypt
|
6
6
|
email_validator (~> 1.4)
|
7
7
|
rails (>= 3.1)
|
@@ -9,42 +9,42 @@ PATH
|
|
9
9
|
GEM
|
10
10
|
remote: https://rubygems.org/
|
11
11
|
specs:
|
12
|
-
actionmailer (4.2.
|
13
|
-
actionpack (= 4.2.
|
14
|
-
actionview (= 4.2.
|
15
|
-
activejob (= 4.2.
|
12
|
+
actionmailer (4.2.5)
|
13
|
+
actionpack (= 4.2.5)
|
14
|
+
actionview (= 4.2.5)
|
15
|
+
activejob (= 4.2.5)
|
16
16
|
mail (~> 2.5, >= 2.5.4)
|
17
17
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
18
|
-
actionpack (4.2.
|
19
|
-
actionview (= 4.2.
|
20
|
-
activesupport (= 4.2.
|
18
|
+
actionpack (4.2.5)
|
19
|
+
actionview (= 4.2.5)
|
20
|
+
activesupport (= 4.2.5)
|
21
21
|
rack (~> 1.6)
|
22
22
|
rack-test (~> 0.6.2)
|
23
23
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
24
|
-
rails-html-sanitizer (~> 1.0, >= 1.0.
|
25
|
-
actionview (4.2.
|
26
|
-
activesupport (= 4.2.
|
24
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
25
|
+
actionview (4.2.5)
|
26
|
+
activesupport (= 4.2.5)
|
27
27
|
builder (~> 3.1)
|
28
28
|
erubis (~> 2.7.0)
|
29
29
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
30
|
-
rails-html-sanitizer (~> 1.0, >= 1.0.
|
31
|
-
activejob (4.2.
|
32
|
-
activesupport (= 4.2.
|
30
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
31
|
+
activejob (4.2.5)
|
32
|
+
activesupport (= 4.2.5)
|
33
33
|
globalid (>= 0.3.0)
|
34
|
-
activemodel (4.2.
|
35
|
-
activesupport (= 4.2.
|
34
|
+
activemodel (4.2.5)
|
35
|
+
activesupport (= 4.2.5)
|
36
36
|
builder (~> 3.1)
|
37
|
-
activerecord (4.2.
|
38
|
-
activemodel (= 4.2.
|
39
|
-
activesupport (= 4.2.
|
37
|
+
activerecord (4.2.5)
|
38
|
+
activemodel (= 4.2.5)
|
39
|
+
activesupport (= 4.2.5)
|
40
40
|
arel (~> 6.0)
|
41
|
-
activesupport (4.2.
|
41
|
+
activesupport (4.2.5)
|
42
42
|
i18n (~> 0.7)
|
43
43
|
json (~> 1.7, >= 1.7.7)
|
44
44
|
minitest (~> 5.1)
|
45
45
|
thread_safe (~> 0.3, >= 0.3.4)
|
46
46
|
tzinfo (~> 1.1)
|
47
|
-
ammeter (1.1.
|
47
|
+
ammeter (1.1.3)
|
48
48
|
activesupport (>= 3.0)
|
49
49
|
railties (>= 3.0)
|
50
50
|
rspec-rails (>= 2.2)
|
@@ -55,14 +55,14 @@ GEM
|
|
55
55
|
arel (6.0.3)
|
56
56
|
bcrypt (3.1.10)
|
57
57
|
builder (3.2.2)
|
58
|
-
capybara (2.
|
58
|
+
capybara (2.5.0)
|
59
59
|
mime-types (>= 1.16)
|
60
60
|
nokogiri (>= 1.3.3)
|
61
61
|
rack (>= 1.0.0)
|
62
62
|
rack-test (>= 0.5.4)
|
63
63
|
xpath (~> 2.0)
|
64
64
|
coderay (1.1.0)
|
65
|
-
database_cleaner (1.
|
65
|
+
database_cleaner (1.5.1)
|
66
66
|
diff-lcs (1.2.5)
|
67
67
|
email_validator (1.6.0)
|
68
68
|
activemodel
|
@@ -76,78 +76,78 @@ GEM
|
|
76
76
|
activesupport (>= 4.1.0)
|
77
77
|
i18n (0.7.0)
|
78
78
|
json (1.8.3)
|
79
|
-
loofah (2.0.
|
79
|
+
loofah (2.0.3)
|
80
80
|
nokogiri (>= 1.5.9)
|
81
81
|
mail (2.6.3)
|
82
82
|
mime-types (>= 1.16, < 3)
|
83
83
|
method_source (0.8.2)
|
84
|
-
mime-types (2.6.
|
84
|
+
mime-types (2.6.2)
|
85
85
|
mini_portile (0.6.2)
|
86
|
-
minitest (5.
|
87
|
-
nokogiri (1.6.6.
|
86
|
+
minitest (5.8.3)
|
87
|
+
nokogiri (1.6.6.3)
|
88
88
|
mini_portile (~> 0.6.0)
|
89
|
-
pry (0.10.
|
89
|
+
pry (0.10.3)
|
90
90
|
coderay (~> 1.1.0)
|
91
91
|
method_source (~> 0.8.1)
|
92
92
|
slop (~> 3.4)
|
93
|
-
rack (1.6.
|
93
|
+
rack (1.6.4)
|
94
94
|
rack-test (0.6.3)
|
95
95
|
rack (>= 1.0)
|
96
|
-
rails (4.2.
|
97
|
-
actionmailer (= 4.2.
|
98
|
-
actionpack (= 4.2.
|
99
|
-
actionview (= 4.2.
|
100
|
-
activejob (= 4.2.
|
101
|
-
activemodel (= 4.2.
|
102
|
-
activerecord (= 4.2.
|
103
|
-
activesupport (= 4.2.
|
96
|
+
rails (4.2.5)
|
97
|
+
actionmailer (= 4.2.5)
|
98
|
+
actionpack (= 4.2.5)
|
99
|
+
actionview (= 4.2.5)
|
100
|
+
activejob (= 4.2.5)
|
101
|
+
activemodel (= 4.2.5)
|
102
|
+
activerecord (= 4.2.5)
|
103
|
+
activesupport (= 4.2.5)
|
104
104
|
bundler (>= 1.3.0, < 2.0)
|
105
|
-
railties (= 4.2.
|
105
|
+
railties (= 4.2.5)
|
106
106
|
sprockets-rails
|
107
107
|
rails-deprecated_sanitizer (1.0.3)
|
108
108
|
activesupport (>= 4.2.0.alpha)
|
109
|
-
rails-dom-testing (1.0.
|
109
|
+
rails-dom-testing (1.0.7)
|
110
110
|
activesupport (>= 4.2.0.beta, < 5.0)
|
111
111
|
nokogiri (~> 1.6.0)
|
112
112
|
rails-deprecated_sanitizer (>= 1.0.1)
|
113
113
|
rails-html-sanitizer (1.0.2)
|
114
114
|
loofah (~> 2.0)
|
115
|
-
railties (4.2.
|
116
|
-
actionpack (= 4.2.
|
117
|
-
activesupport (= 4.2.
|
115
|
+
railties (4.2.5)
|
116
|
+
actionpack (= 4.2.5)
|
117
|
+
activesupport (= 4.2.5)
|
118
118
|
rake (>= 0.8.7)
|
119
119
|
thor (>= 0.18.1, < 2.0)
|
120
120
|
rake (10.4.2)
|
121
|
-
rspec-core (3.
|
122
|
-
rspec-support (~> 3.
|
123
|
-
rspec-expectations (3.
|
121
|
+
rspec-core (3.4.0)
|
122
|
+
rspec-support (~> 3.4.0)
|
123
|
+
rspec-expectations (3.4.0)
|
124
124
|
diff-lcs (>= 1.2.0, < 2.0)
|
125
|
-
rspec-support (~> 3.
|
126
|
-
rspec-mocks (3.
|
125
|
+
rspec-support (~> 3.4.0)
|
126
|
+
rspec-mocks (3.4.0)
|
127
127
|
diff-lcs (>= 1.2.0, < 2.0)
|
128
|
-
rspec-support (~> 3.
|
129
|
-
rspec-rails (3.
|
128
|
+
rspec-support (~> 3.4.0)
|
129
|
+
rspec-rails (3.4.0)
|
130
130
|
actionpack (>= 3.0, < 4.3)
|
131
131
|
activesupport (>= 3.0, < 4.3)
|
132
132
|
railties (>= 3.0, < 4.3)
|
133
|
-
rspec-core (~> 3.
|
134
|
-
rspec-expectations (~> 3.
|
135
|
-
rspec-mocks (~> 3.
|
136
|
-
rspec-support (~> 3.
|
137
|
-
rspec-support (3.
|
133
|
+
rspec-core (~> 3.4.0)
|
134
|
+
rspec-expectations (~> 3.4.0)
|
135
|
+
rspec-mocks (~> 3.4.0)
|
136
|
+
rspec-support (~> 3.4.0)
|
137
|
+
rspec-support (3.4.0)
|
138
138
|
shoulda-matchers (2.8.0)
|
139
139
|
activesupport (>= 3.0.0)
|
140
140
|
slop (3.6.0)
|
141
|
-
sprockets (3.
|
142
|
-
rack (
|
143
|
-
sprockets-rails (2.3.
|
141
|
+
sprockets (3.4.0)
|
142
|
+
rack (> 1, < 3)
|
143
|
+
sprockets-rails (2.3.3)
|
144
144
|
actionpack (>= 3.0)
|
145
145
|
activesupport (>= 3.0)
|
146
146
|
sprockets (>= 2.8, < 4.0)
|
147
|
-
sqlite3 (1.3.
|
147
|
+
sqlite3 (1.3.11)
|
148
148
|
thor (0.19.1)
|
149
149
|
thread_safe (0.3.5)
|
150
|
-
timecop (0.
|
150
|
+
timecop (0.8.0)
|
151
151
|
tzinfo (1.2.2)
|
152
152
|
thread_safe (~> 0.1)
|
153
153
|
xpath (2.0.0)
|
@@ -171,4 +171,4 @@ DEPENDENCIES
|
|
171
171
|
timecop (~> 0.6)
|
172
172
|
|
173
173
|
BUNDLED WITH
|
174
|
-
1.10.
|
174
|
+
1.10.6
|
data/NEWS.md
CHANGED
@@ -3,6 +3,23 @@
|
|
3
3
|
The noteworthy changes for each Clearance version are included here. For a
|
4
4
|
complete changelog, see the git history for each version via the version links.
|
5
5
|
|
6
|
+
## [1.12.0] - November 17, 2015
|
7
|
+
|
8
|
+
### Added
|
9
|
+
- Users will now see a flash message when redirected to sign in by
|
10
|
+
`require_login`. This I18n key for this message is
|
11
|
+
`flashes.failure_when_not_signed_in` and defaults to "Please sign in to
|
12
|
+
continue".
|
13
|
+
- Added significant API documentation. API documentation effort is ongoing.
|
14
|
+
|
15
|
+
### Fixed
|
16
|
+
- Fixed expectation in the generated `visitor_resets_password_spec.rb` file.
|
17
|
+
- Corrected indentation of routes inserted by the routes generator.
|
18
|
+
- Corrected indentation of `include Clearance::User` when the install generator
|
19
|
+
adds it to an existing user class.
|
20
|
+
|
21
|
+
[1.12.0]: https://github.com/thoughtbot/clearance/compare/v1.11.0...v1.12.0
|
22
|
+
|
6
23
|
## [1.11.0] - August 21, 2015
|
7
24
|
|
8
25
|
### Added
|
@@ -16,40 +16,88 @@ module Clearance
|
|
16
16
|
)
|
17
17
|
end
|
18
18
|
|
19
|
+
# Authenticate a user with a provided email and password
|
20
|
+
# @param [ActionController::Parameters] params The parameters from the
|
21
|
+
# sign in form. `params[:session][:email]` and
|
22
|
+
# `params[:session][:password]` are required.
|
23
|
+
# @return [User, nil] The user or nil if authentication fails.
|
19
24
|
def authenticate(params)
|
20
25
|
Clearance.configuration.user_model.authenticate(
|
21
26
|
params[:session][:email], params[:session][:password]
|
22
27
|
)
|
23
28
|
end
|
24
29
|
|
30
|
+
# Get the user from the current clearance session. Exposed as a
|
31
|
+
# `helper_method`, making it visible to views. Prefer {#signed_in?} or
|
32
|
+
# {#signed_out?} if you only want to check for the presence of a current
|
33
|
+
# user rather than access the actual user.
|
34
|
+
#
|
35
|
+
# @return [User, nil] The user if one is signed in or nil otherwise.
|
25
36
|
def current_user
|
26
37
|
clearance_session.current_user
|
27
38
|
end
|
28
39
|
|
40
|
+
# @deprecated Use the {#sign_in} method instead.
|
29
41
|
def current_user=(user)
|
30
42
|
warn "#{Kernel.caller.first}: [DEPRECATION] " +
|
31
43
|
'Assigning the current_user has been deprecated. Use the sign_in method instead.'
|
32
44
|
clearance_session.sign_in user
|
33
45
|
end
|
34
46
|
|
47
|
+
# Sign in the provided user.
|
48
|
+
# @param [User] user
|
49
|
+
#
|
50
|
+
# Signing in will run the stack of {Configuration#sign_in_guards}.
|
51
|
+
#
|
52
|
+
# You can provide a block to this method to handle the result of that stack.
|
53
|
+
# Your block will receive either a {SuccessStatus} or {FailureStatus}
|
54
|
+
#
|
55
|
+
# sign_in(user) do |status|
|
56
|
+
# if status.success?
|
57
|
+
# # ...
|
58
|
+
# else
|
59
|
+
# # ...
|
60
|
+
# end
|
61
|
+
# end
|
62
|
+
#
|
63
|
+
# For an example of how clearance uses this internally, see
|
64
|
+
# {SessionsController#create}.
|
35
65
|
def sign_in(user, &block)
|
36
66
|
clearance_session.sign_in user, &block
|
37
67
|
end
|
38
68
|
|
69
|
+
# Destroy the current user's Clearance session.
|
70
|
+
# See {Session#sign_out} for specifics.
|
39
71
|
def sign_out
|
40
72
|
clearance_session.sign_out
|
41
73
|
end
|
42
74
|
|
75
|
+
# True if there is a currently-signed-in user. Exposed as a `helper_method`,
|
76
|
+
# making it available to views.
|
77
|
+
#
|
78
|
+
# Using `signed_in?` is preferable to checking {#current_user} against nil
|
79
|
+
# as it will allow you to introduce a null user object more simply at a
|
80
|
+
# later date.
|
81
|
+
#
|
82
|
+
# @return [Boolean]
|
43
83
|
def signed_in?
|
44
84
|
clearance_session.signed_in?
|
45
85
|
end
|
46
86
|
|
87
|
+
# True if there is no currently-signed-in user. Exposed as a
|
88
|
+
# `helper_method`, making it available to views.
|
89
|
+
#
|
90
|
+
# Usings `signed_out?` is preferable to checking for presence of
|
91
|
+
# {#current_user} as it will allow you to introduce a null user object more
|
92
|
+
# simply at a later date.
|
47
93
|
def signed_out?
|
48
94
|
!signed_in?
|
49
95
|
end
|
50
96
|
|
51
97
|
# CSRF protection in Rails >= 3.0.4
|
98
|
+
#
|
52
99
|
# http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
|
100
|
+
# @private
|
53
101
|
def handle_unverified_request
|
54
102
|
super
|
55
103
|
sign_out
|
@@ -57,6 +105,7 @@ module Clearance
|
|
57
105
|
|
58
106
|
protected
|
59
107
|
|
108
|
+
# @api private
|
60
109
|
def clearance_session
|
61
110
|
request.env[:clearance]
|
62
111
|
end
|
@@ -6,12 +6,24 @@ module Clearance
|
|
6
6
|
hide_action :authorize, :deny_access, :require_login
|
7
7
|
end
|
8
8
|
|
9
|
+
# Use as a `before_action` to require a user be signed in to proceed.
|
10
|
+
# {Authentication#signed_in?} is used to determine if there is a signed in
|
11
|
+
# user or not.
|
12
|
+
#
|
13
|
+
# class PostsController < ApplicationController
|
14
|
+
# before_action :require_login
|
15
|
+
#
|
16
|
+
# def index
|
17
|
+
# # ...
|
18
|
+
# end
|
19
|
+
# end
|
9
20
|
def require_login
|
10
21
|
unless signed_in?
|
11
|
-
deny_access
|
22
|
+
deny_access(I18n.t("flashes.failure_when_not_signed_in"))
|
12
23
|
end
|
13
24
|
end
|
14
25
|
|
26
|
+
# @deprecated use {#require_login}
|
15
27
|
def authorize
|
16
28
|
warn "[DEPRECATION] Clearance's `authorize` before_filter is " +
|
17
29
|
"deprecated. Use `require_login` instead. Be sure to update any " +
|
@@ -20,6 +32,23 @@ module Clearance
|
|
20
32
|
require_login
|
21
33
|
end
|
22
34
|
|
35
|
+
# Responds to unauthorized requests in a manner fitting the request format.
|
36
|
+
# `js`, `json`, and `xml` requests will receive a 401 with no body. All
|
37
|
+
# other formats will be redirected appropriately and can optionally have the
|
38
|
+
# flash message set.
|
39
|
+
#
|
40
|
+
# When redirecting, the originally requested url will be stored in the
|
41
|
+
# session (`session[:return_to]`), allowing it to be used as a redirect url
|
42
|
+
# once the user has successfully signed in.
|
43
|
+
#
|
44
|
+
# If there is a signed in user, the request will be redirected according to
|
45
|
+
# the value returned from {#url_after_denied_access_when_signed_in}.
|
46
|
+
#
|
47
|
+
# If there is no signed in user, the request will be redirected according to
|
48
|
+
# the value returned from {#url_after_denied_access_when_signed_out}.
|
49
|
+
# For the exact redirect behavior, see {#redirect_request}.
|
50
|
+
#
|
51
|
+
# @param [String] flash_message
|
23
52
|
def deny_access(flash_message = nil)
|
24
53
|
respond_to do |format|
|
25
54
|
format.any(:js, :json, :xml) { head :unauthorized }
|
@@ -29,6 +58,7 @@ module Clearance
|
|
29
58
|
|
30
59
|
protected
|
31
60
|
|
61
|
+
# @api private
|
32
62
|
def redirect_request(flash_message)
|
33
63
|
store_location
|
34
64
|
|
@@ -43,21 +73,25 @@ module Clearance
|
|
43
73
|
end
|
44
74
|
end
|
45
75
|
|
76
|
+
# @api private
|
46
77
|
def clear_return_to
|
47
78
|
session[:return_to] = nil
|
48
79
|
end
|
49
80
|
|
81
|
+
# @api private
|
50
82
|
def store_location
|
51
83
|
if request.get?
|
52
84
|
session[:return_to] = request.original_fullpath
|
53
85
|
end
|
54
86
|
end
|
55
87
|
|
88
|
+
# @api private
|
56
89
|
def redirect_back_or(default)
|
57
90
|
redirect_to(return_to || default)
|
58
91
|
clear_return_to
|
59
92
|
end
|
60
93
|
|
94
|
+
# @api private
|
61
95
|
def return_to
|
62
96
|
if return_to_url
|
63
97
|
uri = URI.parse(return_to_url)
|
@@ -65,14 +99,23 @@ module Clearance
|
|
65
99
|
end
|
66
100
|
end
|
67
101
|
|
102
|
+
# @api private
|
68
103
|
def return_to_url
|
69
104
|
session[:return_to]
|
70
105
|
end
|
71
106
|
|
107
|
+
# Used as the redirect location when {#deny_access} is called and there is a
|
108
|
+
# currently signed in user.
|
109
|
+
#
|
110
|
+
# @return [String]
|
72
111
|
def url_after_denied_access_when_signed_in
|
73
112
|
Clearance.configuration.redirect_url
|
74
113
|
end
|
75
114
|
|
115
|
+
# Used as the redirect location when {#deny_access} is called and there is
|
116
|
+
# no currently signed in user.
|
117
|
+
#
|
118
|
+
# @return [String]
|
76
119
|
def url_after_denied_access_when_signed_out
|
77
120
|
sign_in_url
|
78
121
|
end
|