clearance 1.16.1 → 1.16.2

data/README.md

@@ -3,6 +3,7 @@
 [![Build Status](https://secure.travis-ci.org/thoughtbot/clearance.svg)](http://travis-ci.org/thoughtbot/clearance?branch=master)
 [![Code Climate](https://codeclimate.com/github/thoughtbot/clearance.svg)](https://codeclimate.com/github/thoughtbot/clearance)
 [![Documentation Quality](https://inch-ci.org/github/thoughtbot/clearance.svg?branch=master)](https://inch-ci.org/github/thoughtbot/clearance)
+[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
 
 Rails authentication with email & password.
 
@@ -160,8 +161,14 @@ As of Clearance 1.5 it is recommended that you disable Clearance routes and take
 full control over routing and URL design. This ensures that your app's URL design
 won't be affected if the gem's routes and URL design are changed.
 
-To disable the routes, set `config.routes = false`. You can optionally run
-`rails generate clearance:routes` to dump a copy of the default routes into your
+To disable the routes, change the `routes` configuration option to false: 
+
+```ruby
+Clearance.configure do |config|
+  config.routes = false
+end
+```
+You can optionally run `rails generate clearance:routes` to dump a copy of the default routes into your
 application for modification.
 
 ### Controllers
@@ -238,8 +245,7 @@ end
 
 ### Translations
 
-All flash messages and email subject lines are stored in [i18n translations]
-(http://guides.rubyonrails.org/i18n.html). Override them like any other
+All flash messages and email subject lines are stored in [i18n translations](http://guides.rubyonrails.org/i18n.html). Override them like any other
 translation.
 
 See [config/locales/clearance.en.yml](/config/locales/clearance.en.yml) for the
@@ -392,6 +398,10 @@ For `test-unit`, add this line to your `test/test_helper.rb`:
 require "clearance/test_unit"
 ```
 
+**Note for Rails 5:** the default generated controller tests are now
+integration tests. You will need to use the
+[backdoor middleware](#fast-feature-specs) instead.
+
 This will make `Clearance::Controller` methods work in your controllers
 during functional tests and provide access to helper methods like:
 
@@ -428,7 +438,7 @@ Thank you, [contributors]!
 
 ## License
 
-Clearance is copyright © 2009 thoughtbot. It is free software, and may be
+Clearance is copyright © 2009-2018 thoughtbot. It is free software, and may be
 redistributed under the terms specified in the [`LICENSE`] file.
 
 [`LICENSE`]: /LICENSE

data/app/views/layouts/application.html.erb

@@ -1,7 +1,6 @@
 <!DOCTYPE html>
 <html>
 <head>
-  <%= javascript_include_tag 'application' %>
   <%= csrf_meta_tag %>
 </head>
 <body>

data/clearance.gemspec

@@ -5,7 +5,10 @@ require 'date'
 Gem::Specification.new do |s|
   s.add_dependency 'bcrypt'
   s.add_dependency 'email_validator', '~> 1.4'
-  s.add_dependency 'rails', '>= 3.1'
+  s.add_dependency 'railties', '>= 3.1'
+  s.add_dependency 'activemodel', '>= 3.1'
+  s.add_dependency 'activerecord', '>= 3.1'
+  s.add_dependency 'actionmailer', '>= 3.1'
   s.authors = [
     'Dan Croak',
     'Eugene Bolshakov',
@@ -30,7 +33,7 @@ Gem::Specification.new do |s|
   s.email = 'support@thoughtbot.com'
   s.extra_rdoc_files = %w(LICENSE README.md)
   s.files = `git ls-files`.split("\n")
-  s.homepage = 'http://github.com/thoughtbot/clearance'
+  s.homepage = 'https://github.com/thoughtbot/clearance'
   s.license = 'MIT'
   s.name = %q{clearance}
   s.rdoc_options = ['--charset=UTF-8']

data/config/locales/clearance.en.yml

@@ -23,6 +23,10 @@ en:
         email: Email address
       password_reset:
         password: Choose password
+      session:
+        password: Password
+      user:
+        password: Password
     submit:
       password:
         submit: Reset password

data/gemfiles/rails_4.2.gemfile

@@ -0,0 +1,20 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "addressable", "~> 2.6.0"
+gem "appraisal"
+gem "ammeter"
+gem "bundler", "~> 1.3"
+gem "capybara", ">= 2.6.2"
+gem "database_cleaner", "~> 1.0"
+gem "factory_bot_rails", "~> 5.0"
+gem "nokogiri", "~> 1.10.0"
+gem "rspec-rails", "~> 3.1"
+gem "shoulda-matchers", "~> 4.0"
+gem "sqlite3", "~> 1.3.13"
+gem "timecop", "~> 0.6"
+gem "pry", require: false
+gem "railties", "~> 4.2.0"
+
+gemspec path: "../"

data/gemfiles/rails_5.0.gemfile

@@ -0,0 +1,21 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "addressable", "~> 2.6.0"
+gem "appraisal"
+gem "ammeter"
+gem "bundler", "~> 1.3"
+gem "capybara", ">= 2.6.2"
+gem "database_cleaner", "~> 1.0"
+gem "factory_bot_rails", "~> 5.0"
+gem "nokogiri", "~> 1.10.0"
+gem "rspec-rails", "~> 3.1"
+gem "shoulda-matchers", "~> 4.0"
+gem "sqlite3", "~> 1.3.13"
+gem "timecop", "~> 0.6"
+gem "pry", require: false
+gem "railties", "~> 5.0.0"
+gem "rails-controller-testing"
+
+gemspec path: "../"

data/gemfiles/rails_5.1.gemfile

@@ -0,0 +1,21 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "addressable", "~> 2.6.0"
+gem "appraisal"
+gem "ammeter"
+gem "bundler", "~> 1.3"
+gem "capybara", ">= 2.6.2"
+gem "database_cleaner", "~> 1.0"
+gem "factory_bot_rails", "~> 5.0"
+gem "nokogiri", "~> 1.10.0"
+gem "rspec-rails", "~> 3.1"
+gem "shoulda-matchers", "~> 4.0"
+gem "sqlite3", "~> 1.3.13"
+gem "timecop", "~> 0.6"
+gem "pry", require: false
+gem "railties", "~> 5.1.0"
+gem "rails-controller-testing"
+
+gemspec path: "../"

data/gemfiles/rails_5.2.gemfile

@@ -0,0 +1,21 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "addressable", "~> 2.6.0"
+gem "appraisal"
+gem "ammeter"
+gem "bundler", "~> 1.3"
+gem "capybara", ">= 2.6.2"
+gem "database_cleaner", "~> 1.0"
+gem "factory_bot_rails", "~> 5.0"
+gem "nokogiri", "~> 1.10.0"
+gem "rspec-rails", "~> 3.1"
+gem "shoulda-matchers", "~> 4.0"
+gem "sqlite3", "~> 1.3.13"
+gem "timecop", "~> 0.6"
+gem "pry", require: false
+gem "railties", "~> 5.2.0"
+gem "rails-controller-testing"
+
+gemspec path: "../"

data/lib/clearance/back_door.rb

@@ -31,6 +31,10 @@ module Clearance
   #   visit new_feedback_path(as: user)
   class BackDoor
     def initialize(app, &block)
+      unless ENV["RAILS_ENV"] == "test"
+        raise "Can't use backdoor outside test environment"
+      end
+
       @app = app
       @block = block
     end

data/lib/clearance/configuration.rb

@@ -86,7 +86,7 @@ module Clearance
     attr_accessor :sign_in_guards
 
     # The ActiveRecord class that represents users in your application.
-    # Defualts to `::User`.
+    # Defaults to `::User`.
     # @return [ActiveRecord::Base]
     attr_accessor :user_model
 

data/lib/clearance/engine.rb

@@ -1,5 +1,5 @@
 require "clearance"
-require "rails"
+require "rails/engine"
 
 module Clearance
   # Makes Clearance behavior available to Rails apps on initialization. By using

data/lib/clearance/password_strategies/blowfish.rb

@@ -40,7 +40,7 @@ module Clearance
       # @api private
       def generate_hash(string)
         cipher = OpenSSL::Cipher::Cipher.new('bf-cbc').encrypt
-        cipher.key = Digest::SHA256.digest(salt)
+        cipher.key = Digest::SHA256.digest(salt).first(16)
         hash = cipher.update(string) << cipher.final
         Base64.encode64(hash).encode('utf-8')
       end

data/lib/clearance/session.rb

@@ -15,11 +15,13 @@ module Clearance
     #
     # @return [void]
     def add_cookie_to_headers(headers)
-      if cookie_value[:value].present?
+      if signed_in_with_remember_token?
         Rack::Utils.set_cookie_header!(
           headers,
           remember_token_cookie,
-          cookie_value
+          cookie_options.merge(
+            value: current_user.remember_token,
+          ),
         )
       end
     end
@@ -54,7 +56,9 @@ module Clearance
       status = run_sign_in_stack
 
       if status.success?
-        cookies[remember_token_cookie] = user && user.remember_token
+        # Sign in succeeded, and when {RackSession} is run and calls
+        # {#add_cookie_to_headers} it will set the cookie with the
+        # remember_token for the current_user
       else
         @current_user = nil
       end
@@ -119,6 +123,11 @@ module Clearance
       end
     end
 
+    # @api private
+    def signed_in_with_remember_token?
+      current_user&.remember_token
+    end
+
     # @api private
     def remember_token_cookie
       Clearance.configuration.cookie_name.freeze
@@ -151,20 +160,15 @@ module Clearance
     end
 
     # @api private
-    def cookie_value
-      value = {
+    def cookie_options
+      {
+        domain: Clearance.configuration.cookie_domain,
         expires: remember_token_expires,
         httponly: Clearance.configuration.httponly,
         path: Clearance.configuration.cookie_path,
         secure: Clearance.configuration.secure_cookie,
-        value: remember_token
+        value: remember_token,
       }
-
-      if Clearance.configuration.cookie_domain.present?
-        value[:domain] = Clearance.configuration.cookie_domain
-      end
-
-      value
     end
   end
 end

data/lib/clearance/user.rb

@@ -1,4 +1,5 @@
 require 'digest/sha1'
+require 'active_model'
 require 'email_validator'
 require 'clearance/token'
 

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "1.16.1".freeze
+  VERSION = "1.16.2".freeze
 end

data/lib/generators/clearance/install/install_generator.rb

@@ -36,7 +36,7 @@ module Clearance
         if users_table_exists?
           create_add_columns_migration
         else
-          copy_migration 'create_users.rb'
+          copy_migration "create_users"
         end
       end
 
@@ -53,15 +53,15 @@ module Clearance
             new_indexes: new_indexes
           }
 
-          copy_migration('add_clearance_to_users.rb', config)
+          copy_migration("add_clearance_to_users", config)
         end
       end
 
       def copy_migration(migration_name, config = {})
         unless migration_exists?(migration_name)
           migration_template(
-            "db/migrate/#{migration_name}",
-            "db/migrate/#{migration_name}",
+            "db/migrate/#{migration_name}.rb.erb",
+            "db/migrate/#{migration_name}.rb",
             config.merge(migration_version: migration_version),
           )
         end

data/lib/generators/clearance/install/templates/README

@@ -27,6 +27,6 @@ Next steps:
 
 3. Migrate:
 
-    rake db:migrate
+    rails db:migrate
 
 *******************************************************************************

data/lib/generators/clearance/specs/templates/factories/clearance.rb

@@ -5,6 +5,6 @@ FactoryBot.define do
 
   factory :user do
     email
-    password "password"
+    password { "password" }
   end
 end

data/spec/acceptance/clearance_installation_spec.rb

@@ -23,14 +23,19 @@ describe "Clearance Installation" do
   end
 
   def generate_test_app(app_name)
-    successfully "bundle exec rails new #{app_name} \
-       --skip-gemfile \
-       --skip-bundle \
-       --skip-git \
-       --skip-javascript \
-       --skip-sprockets \
-       --skip-keeps \
-       --no-rc"
+    successfully <<-CMD.squish
+      bundle exec rails new #{app_name}
+       --no-rc
+       --skip-action-cable
+       --skip-active-storage
+       --skip-bootsnap
+       --skip-bundle
+       --skip-gemfile
+       --skip-git
+       --skip-javascript
+       --skip-keeps
+       --skip-sprockets
+    CMD
 
     FileUtils.rm_f("public/index.html")
     FileUtils.rm_f("app/views/layouts/application.html.erb")

data/spec/clearance/back_door_spec.rb

@@ -1,6 +1,9 @@
 require "spec_helper"
+require "support/environment"
 
 describe Clearance::BackDoor do
+  include EnvironmentSupport
+
   it "signs in as a given user" do
     user_id = "123"
     user = double("user")
@@ -38,6 +41,13 @@ describe Clearance::BackDoor do
     expect(result).to eq mock_app.call(env)
   end
 
+  it "can't be used outside the test environment" do
+    with_environment("RAILS_ENV" => "production") do
+      expect { Clearance::BackDoor.new(mock_app) }.
+        to raise_exception "Can't use backdoor outside test environment"
+    end
+  end
+
   def env_without_user_id
     env_for_user_id("")
   end

data/spec/clearance/session_spec.rb

@@ -191,6 +191,7 @@ describe Clearance::Session do
         expiration = -> { Time.now }
         with_custom_expiration expiration do
           session = Clearance::Session.new(env_without_remember_token)
+          session.sign_in user
           allow(session).to receive(:warn)
           session.add_cookie_to_headers headers
 

data/spec/controllers/forgeries_controller_spec.rb

@@ -38,12 +38,16 @@ describe ForgeriesController do
 
     it 'succeeds with authentic token' do
       token = controller.send(:form_authenticity_token)
-      post :create, authenticity_token: token
+      post :create, params: {
+        authenticity_token: token,
+      }
       expect(subject).to redirect_to(action: 'index')
     end
 
     it 'fails with invalid token' do
-      post :create, authenticity_token: 'hax0r'
+      post :create, params: {
+        authenticity_token: "hax0r",
+      }
       expect(subject).to deny_access
     end
 

data/spec/controllers/passwords_controller_spec.rb

@@ -7,7 +7,7 @@ describe Clearance::PasswordsController do
     it "renders the password reset form" do
       get :new
 
-      expect(response).to be_success
+      expect(response).to be_successful
       expect(response).to render_template(:new)
     end
   end
@@ -17,7 +17,9 @@ describe Clearance::PasswordsController do
       it "generates a password change token" do
         user = create(:user)
 
-        post :create, password: { email: user.email.upcase }
+        post :create, params: {
+          password: { email: user.email.upcase },
+        }
 
         expect(user.reload.confirmation_token).not_to be_nil
       end
@@ -26,7 +28,9 @@ describe Clearance::PasswordsController do
         ActionMailer::Base.deliveries.clear
         user = create(:user)
 
-        post :create, password: { email: user.email }
+        post :create, params: {
+          password: { email: user.email },
+        }
 
         email = ActionMailer::Base.deliveries.last
         expect(email.subject).to match(/change your password/i)
@@ -38,7 +42,9 @@ describe Clearance::PasswordsController do
         ActionMailer::Base.deliveries.clear
         email = "this_user_does_not_exist@non_existent_domain.com"
 
-        post :create, password: { email: email }
+        post :create, params: {
+          password: { email: email },
+        }
 
         expect(ActionMailer::Base.deliveries).to be_empty
       end
@@ -46,9 +52,11 @@ describe Clearance::PasswordsController do
       it "still responds with success so as not to leak registered users" do
         email = "this_user_does_not_exist@non_existent_domain.com"
 
-        post :create, password: { email: email }
+        post :create, params: {
+          password: { email: email },
+        }
 
-        expect(response).to be_success
+        expect(response).to be_successful
         expect(response).to render_template "passwords/create"
       end
     end
@@ -59,7 +67,10 @@ describe Clearance::PasswordsController do
       it "redirects to the edit page with token now removed from url" do
         user = create(:user, :with_forgotten_password)
 
-        get :edit, user_id: user, token: user.confirmation_token
+        get :edit, params: {
+          user_id: user,
+          token: user.confirmation_token,
+        }
 
         expect(response).to be_redirect
         expect(response).to redirect_to edit_user_password_url(user)
@@ -72,9 +83,11 @@ describe Clearance::PasswordsController do
         user = create(:user, :with_forgotten_password)
 
         request.session[:password_reset_token] = user.confirmation_token
-        get :edit, user_id: user
+        get :edit, params: {
+          user_id: user,
+        }
 
-        expect(response).to be_success
+        expect(response).to be_successful
         expect(response).to render_template(:edit)
         expect(assigns(:user)).to eq user
       end
@@ -82,7 +95,10 @@ describe Clearance::PasswordsController do
 
     context "blank token is supplied" do
       it "renders the new password reset form with a flash notice" do
-        get :edit, user_id: 1, token: ""
+        get :edit, params: {
+          user_id: 1,
+          token: "",
+        }
 
         expect(response).to render_template(:new)
         expect(flash.now[:notice]).to match(/double check the URL/i)
@@ -93,7 +109,10 @@ describe Clearance::PasswordsController do
       it "renders the new password reset form with a flash notice" do
         user = create(:user, :with_forgotten_password)
 
-        get :edit, user_id: 1, token: user.confirmation_token + "a"
+        get :edit, params: {
+          user_id: 1,
+          token: user.confirmation_token + "a",
+        }
 
         expect(response).to render_template(:new)
         expect(flash.now[:notice]).to match(/double check the URL/i)
@@ -106,7 +125,10 @@ describe Clearance::PasswordsController do
         request.session[:password_reset_token] = user.confirmation_token
 
         user.forgot_password!
-        get :edit, user_id: user.id, token: user.reload.confirmation_token
+        get :edit, params: {
+          user_id: user.id,
+          token: user.reload.confirmation_token,
+        }
 
         expect(response).to redirect_to(edit_user_password_url(user))
         expect(session[:password_reset_token]).to eq(user.confirmation_token)
@@ -120,19 +142,13 @@ describe Clearance::PasswordsController do
         user = create(:user, :with_forgotten_password)
         old_encrypted_password = user.encrypted_password
 
-        put :update, update_parameters(user, new_password: "my_new_password")
+        put :update, params: update_parameters(
+          user,
+          new_password: "my_new_password",
+        )
 
         expect(user.reload.encrypted_password).not_to eq old_encrypted_password
       end
-
-      it "signs the user in and redirects" do
-        user = create(:user, :with_forgotten_password)
-
-        put :update, update_parameters(user, new_password: "my_new_password")
-
-        expect(response).to redirect_to(Clearance.configuration.redirect_url)
-        expect(cookies[:remember_token]).to be_present
-      end
     end
 
     context "password update fails" do
@@ -140,7 +156,10 @@ describe Clearance::PasswordsController do
         user = create(:user, :with_forgotten_password)
         old_encrypted_password = user.encrypted_password
 
-        put :update, update_parameters(user, new_password: "")
+        put :update, params: update_parameters(
+          user,
+          new_password: "",
+        )
 
         user.reload
         expect(user.encrypted_password).to eq old_encrypted_password
@@ -150,7 +169,10 @@ describe Clearance::PasswordsController do
       it "re-renders the password edit form" do
         user = create(:user, :with_forgotten_password)
 
-        put :update, update_parameters(user, new_password: "")
+        put :update, params: update_parameters(
+          user,
+          new_password: "",
+        )
 
         expect(flash.now[:notice]).to match(/password can't be blank/i)
         expect(response).to render_template(:edit)