clearance 1.16.1 → 1.16.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.travis.yml +13 -24
- data/Appraisals +13 -27
- data/Gemfile +5 -5
- data/Gemfile.lock +117 -135
- data/NEWS.md +15 -0
- data/README.md +15 -5
- data/app/views/layouts/application.html.erb +0 -1
- data/clearance.gemspec +5 -2
- data/config/locales/clearance.en.yml +4 -0
- data/gemfiles/rails_4.2.gemfile +20 -0
- data/gemfiles/rails_5.0.gemfile +21 -0
- data/gemfiles/rails_5.1.gemfile +21 -0
- data/gemfiles/rails_5.2.gemfile +21 -0
- data/lib/clearance/back_door.rb +4 -0
- data/lib/clearance/configuration.rb +1 -1
- data/lib/clearance/engine.rb +1 -1
- data/lib/clearance/password_strategies/blowfish.rb +1 -1
- data/lib/clearance/session.rb +16 -12
- data/lib/clearance/user.rb +1 -0
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/install_generator.rb +4 -4
- data/lib/generators/clearance/install/templates/README +1 -1
- data/lib/generators/clearance/install/templates/db/migrate/{add_clearance_to_users.rb → add_clearance_to_users.rb.erb} +0 -0
- data/lib/generators/clearance/install/templates/db/migrate/{create_users.rb → create_users.rb.erb} +0 -0
- data/lib/generators/clearance/specs/templates/factories/clearance.rb +1 -1
- data/spec/acceptance/clearance_installation_spec.rb +13 -8
- data/spec/clearance/back_door_spec.rb +10 -0
- data/spec/clearance/session_spec.rb +1 -0
- data/spec/controllers/forgeries_controller_spec.rb +6 -2
- data/spec/controllers/passwords_controller_spec.rb +46 -24
- data/spec/controllers/sessions_controller_spec.rb +15 -5
- data/spec/controllers/users_controller_spec.rb +14 -6
- data/spec/dummy/application.rb +5 -11
- data/spec/factories.rb +4 -4
- data/spec/{user_spec.rb → models/user_spec.rb} +1 -1
- data/spec/password_strategies/blowfish_spec.rb +1 -1
- data/spec/requests/cookie_options_spec.rb +52 -0
- data/spec/requests/csrf_rotation_spec.rb +3 -1
- data/spec/requests/password_maintenance_spec.rb +18 -0
- data/spec/requests/token_expiration_spec.rb +54 -0
- data/spec/spec_helper.rb +9 -0
- data/spec/support/environment.rb +12 -0
- data/spec/support/http_method_shim.rb +13 -11
- data/spec/support/request_with_remember_token.rb +5 -0
- metadata +58 -13
- data/gemfiles/rails32.gemfile +0 -20
- data/gemfiles/rails40.gemfile +0 -22
- data/gemfiles/rails41.gemfile +0 -21
- data/gemfiles/rails42.gemfile +0 -21
- data/gemfiles/rails50.gemfile +0 -21
data/README.md
CHANGED
@@ -3,6 +3,7 @@
|
|
3
3
|
[![Build Status](https://secure.travis-ci.org/thoughtbot/clearance.svg)](http://travis-ci.org/thoughtbot/clearance?branch=master)
|
4
4
|
[![Code Climate](https://codeclimate.com/github/thoughtbot/clearance.svg)](https://codeclimate.com/github/thoughtbot/clearance)
|
5
5
|
[![Documentation Quality](https://inch-ci.org/github/thoughtbot/clearance.svg?branch=master)](https://inch-ci.org/github/thoughtbot/clearance)
|
6
|
+
[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
|
6
7
|
|
7
8
|
Rails authentication with email & password.
|
8
9
|
|
@@ -160,8 +161,14 @@ As of Clearance 1.5 it is recommended that you disable Clearance routes and take
|
|
160
161
|
full control over routing and URL design. This ensures that your app's URL design
|
161
162
|
won't be affected if the gem's routes and URL design are changed.
|
162
163
|
|
163
|
-
To disable the routes,
|
164
|
-
|
164
|
+
To disable the routes, change the `routes` configuration option to false:
|
165
|
+
|
166
|
+
```ruby
|
167
|
+
Clearance.configure do |config|
|
168
|
+
config.routes = false
|
169
|
+
end
|
170
|
+
```
|
171
|
+
You can optionally run `rails generate clearance:routes` to dump a copy of the default routes into your
|
165
172
|
application for modification.
|
166
173
|
|
167
174
|
### Controllers
|
@@ -238,8 +245,7 @@ end
|
|
238
245
|
|
239
246
|
### Translations
|
240
247
|
|
241
|
-
All flash messages and email subject lines are stored in [i18n translations]
|
242
|
-
(http://guides.rubyonrails.org/i18n.html). Override them like any other
|
248
|
+
All flash messages and email subject lines are stored in [i18n translations](http://guides.rubyonrails.org/i18n.html). Override them like any other
|
243
249
|
translation.
|
244
250
|
|
245
251
|
See [config/locales/clearance.en.yml](/config/locales/clearance.en.yml) for the
|
@@ -392,6 +398,10 @@ For `test-unit`, add this line to your `test/test_helper.rb`:
|
|
392
398
|
require "clearance/test_unit"
|
393
399
|
```
|
394
400
|
|
401
|
+
**Note for Rails 5:** the default generated controller tests are now
|
402
|
+
integration tests. You will need to use the
|
403
|
+
[backdoor middleware](#fast-feature-specs) instead.
|
404
|
+
|
395
405
|
This will make `Clearance::Controller` methods work in your controllers
|
396
406
|
during functional tests and provide access to helper methods like:
|
397
407
|
|
@@ -428,7 +438,7 @@ Thank you, [contributors]!
|
|
428
438
|
|
429
439
|
## License
|
430
440
|
|
431
|
-
Clearance is copyright © 2009 thoughtbot. It is free software, and may be
|
441
|
+
Clearance is copyright © 2009-2018 thoughtbot. It is free software, and may be
|
432
442
|
redistributed under the terms specified in the [`LICENSE`] file.
|
433
443
|
|
434
444
|
[`LICENSE`]: /LICENSE
|
data/clearance.gemspec
CHANGED
@@ -5,7 +5,10 @@ require 'date'
|
|
5
5
|
Gem::Specification.new do |s|
|
6
6
|
s.add_dependency 'bcrypt'
|
7
7
|
s.add_dependency 'email_validator', '~> 1.4'
|
8
|
-
s.add_dependency '
|
8
|
+
s.add_dependency 'railties', '>= 3.1'
|
9
|
+
s.add_dependency 'activemodel', '>= 3.1'
|
10
|
+
s.add_dependency 'activerecord', '>= 3.1'
|
11
|
+
s.add_dependency 'actionmailer', '>= 3.1'
|
9
12
|
s.authors = [
|
10
13
|
'Dan Croak',
|
11
14
|
'Eugene Bolshakov',
|
@@ -30,7 +33,7 @@ Gem::Specification.new do |s|
|
|
30
33
|
s.email = 'support@thoughtbot.com'
|
31
34
|
s.extra_rdoc_files = %w(LICENSE README.md)
|
32
35
|
s.files = `git ls-files`.split("\n")
|
33
|
-
s.homepage = '
|
36
|
+
s.homepage = 'https://github.com/thoughtbot/clearance'
|
34
37
|
s.license = 'MIT'
|
35
38
|
s.name = %q{clearance}
|
36
39
|
s.rdoc_options = ['--charset=UTF-8']
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# This file was generated by Appraisal
|
2
|
+
|
3
|
+
source "https://rubygems.org"
|
4
|
+
|
5
|
+
gem "addressable", "~> 2.6.0"
|
6
|
+
gem "appraisal"
|
7
|
+
gem "ammeter"
|
8
|
+
gem "bundler", "~> 1.3"
|
9
|
+
gem "capybara", ">= 2.6.2"
|
10
|
+
gem "database_cleaner", "~> 1.0"
|
11
|
+
gem "factory_bot_rails", "~> 5.0"
|
12
|
+
gem "nokogiri", "~> 1.10.0"
|
13
|
+
gem "rspec-rails", "~> 3.1"
|
14
|
+
gem "shoulda-matchers", "~> 4.0"
|
15
|
+
gem "sqlite3", "~> 1.3.13"
|
16
|
+
gem "timecop", "~> 0.6"
|
17
|
+
gem "pry", require: false
|
18
|
+
gem "railties", "~> 4.2.0"
|
19
|
+
|
20
|
+
gemspec path: "../"
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# This file was generated by Appraisal
|
2
|
+
|
3
|
+
source "https://rubygems.org"
|
4
|
+
|
5
|
+
gem "addressable", "~> 2.6.0"
|
6
|
+
gem "appraisal"
|
7
|
+
gem "ammeter"
|
8
|
+
gem "bundler", "~> 1.3"
|
9
|
+
gem "capybara", ">= 2.6.2"
|
10
|
+
gem "database_cleaner", "~> 1.0"
|
11
|
+
gem "factory_bot_rails", "~> 5.0"
|
12
|
+
gem "nokogiri", "~> 1.10.0"
|
13
|
+
gem "rspec-rails", "~> 3.1"
|
14
|
+
gem "shoulda-matchers", "~> 4.0"
|
15
|
+
gem "sqlite3", "~> 1.3.13"
|
16
|
+
gem "timecop", "~> 0.6"
|
17
|
+
gem "pry", require: false
|
18
|
+
gem "railties", "~> 5.0.0"
|
19
|
+
gem "rails-controller-testing"
|
20
|
+
|
21
|
+
gemspec path: "../"
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# This file was generated by Appraisal
|
2
|
+
|
3
|
+
source "https://rubygems.org"
|
4
|
+
|
5
|
+
gem "addressable", "~> 2.6.0"
|
6
|
+
gem "appraisal"
|
7
|
+
gem "ammeter"
|
8
|
+
gem "bundler", "~> 1.3"
|
9
|
+
gem "capybara", ">= 2.6.2"
|
10
|
+
gem "database_cleaner", "~> 1.0"
|
11
|
+
gem "factory_bot_rails", "~> 5.0"
|
12
|
+
gem "nokogiri", "~> 1.10.0"
|
13
|
+
gem "rspec-rails", "~> 3.1"
|
14
|
+
gem "shoulda-matchers", "~> 4.0"
|
15
|
+
gem "sqlite3", "~> 1.3.13"
|
16
|
+
gem "timecop", "~> 0.6"
|
17
|
+
gem "pry", require: false
|
18
|
+
gem "railties", "~> 5.1.0"
|
19
|
+
gem "rails-controller-testing"
|
20
|
+
|
21
|
+
gemspec path: "../"
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# This file was generated by Appraisal
|
2
|
+
|
3
|
+
source "https://rubygems.org"
|
4
|
+
|
5
|
+
gem "addressable", "~> 2.6.0"
|
6
|
+
gem "appraisal"
|
7
|
+
gem "ammeter"
|
8
|
+
gem "bundler", "~> 1.3"
|
9
|
+
gem "capybara", ">= 2.6.2"
|
10
|
+
gem "database_cleaner", "~> 1.0"
|
11
|
+
gem "factory_bot_rails", "~> 5.0"
|
12
|
+
gem "nokogiri", "~> 1.10.0"
|
13
|
+
gem "rspec-rails", "~> 3.1"
|
14
|
+
gem "shoulda-matchers", "~> 4.0"
|
15
|
+
gem "sqlite3", "~> 1.3.13"
|
16
|
+
gem "timecop", "~> 0.6"
|
17
|
+
gem "pry", require: false
|
18
|
+
gem "railties", "~> 5.2.0"
|
19
|
+
gem "rails-controller-testing"
|
20
|
+
|
21
|
+
gemspec path: "../"
|
data/lib/clearance/back_door.rb
CHANGED
data/lib/clearance/engine.rb
CHANGED
@@ -40,7 +40,7 @@ module Clearance
|
|
40
40
|
# @api private
|
41
41
|
def generate_hash(string)
|
42
42
|
cipher = OpenSSL::Cipher::Cipher.new('bf-cbc').encrypt
|
43
|
-
cipher.key = Digest::SHA256.digest(salt)
|
43
|
+
cipher.key = Digest::SHA256.digest(salt).first(16)
|
44
44
|
hash = cipher.update(string) << cipher.final
|
45
45
|
Base64.encode64(hash).encode('utf-8')
|
46
46
|
end
|
data/lib/clearance/session.rb
CHANGED
@@ -15,11 +15,13 @@ module Clearance
|
|
15
15
|
#
|
16
16
|
# @return [void]
|
17
17
|
def add_cookie_to_headers(headers)
|
18
|
-
if
|
18
|
+
if signed_in_with_remember_token?
|
19
19
|
Rack::Utils.set_cookie_header!(
|
20
20
|
headers,
|
21
21
|
remember_token_cookie,
|
22
|
-
|
22
|
+
cookie_options.merge(
|
23
|
+
value: current_user.remember_token,
|
24
|
+
),
|
23
25
|
)
|
24
26
|
end
|
25
27
|
end
|
@@ -54,7 +56,9 @@ module Clearance
|
|
54
56
|
status = run_sign_in_stack
|
55
57
|
|
56
58
|
if status.success?
|
57
|
-
|
59
|
+
# Sign in succeeded, and when {RackSession} is run and calls
|
60
|
+
# {#add_cookie_to_headers} it will set the cookie with the
|
61
|
+
# remember_token for the current_user
|
58
62
|
else
|
59
63
|
@current_user = nil
|
60
64
|
end
|
@@ -119,6 +123,11 @@ module Clearance
|
|
119
123
|
end
|
120
124
|
end
|
121
125
|
|
126
|
+
# @api private
|
127
|
+
def signed_in_with_remember_token?
|
128
|
+
current_user&.remember_token
|
129
|
+
end
|
130
|
+
|
122
131
|
# @api private
|
123
132
|
def remember_token_cookie
|
124
133
|
Clearance.configuration.cookie_name.freeze
|
@@ -151,20 +160,15 @@ module Clearance
|
|
151
160
|
end
|
152
161
|
|
153
162
|
# @api private
|
154
|
-
def
|
155
|
-
|
163
|
+
def cookie_options
|
164
|
+
{
|
165
|
+
domain: Clearance.configuration.cookie_domain,
|
156
166
|
expires: remember_token_expires,
|
157
167
|
httponly: Clearance.configuration.httponly,
|
158
168
|
path: Clearance.configuration.cookie_path,
|
159
169
|
secure: Clearance.configuration.secure_cookie,
|
160
|
-
value: remember_token
|
170
|
+
value: remember_token,
|
161
171
|
}
|
162
|
-
|
163
|
-
if Clearance.configuration.cookie_domain.present?
|
164
|
-
value[:domain] = Clearance.configuration.cookie_domain
|
165
|
-
end
|
166
|
-
|
167
|
-
value
|
168
172
|
end
|
169
173
|
end
|
170
174
|
end
|
data/lib/clearance/user.rb
CHANGED
data/lib/clearance/version.rb
CHANGED
@@ -36,7 +36,7 @@ module Clearance
|
|
36
36
|
if users_table_exists?
|
37
37
|
create_add_columns_migration
|
38
38
|
else
|
39
|
-
copy_migration
|
39
|
+
copy_migration "create_users"
|
40
40
|
end
|
41
41
|
end
|
42
42
|
|
@@ -53,15 +53,15 @@ module Clearance
|
|
53
53
|
new_indexes: new_indexes
|
54
54
|
}
|
55
55
|
|
56
|
-
copy_migration(
|
56
|
+
copy_migration("add_clearance_to_users", config)
|
57
57
|
end
|
58
58
|
end
|
59
59
|
|
60
60
|
def copy_migration(migration_name, config = {})
|
61
61
|
unless migration_exists?(migration_name)
|
62
62
|
migration_template(
|
63
|
-
"db/migrate/#{migration_name}",
|
64
|
-
"db/migrate/#{migration_name}",
|
63
|
+
"db/migrate/#{migration_name}.rb.erb",
|
64
|
+
"db/migrate/#{migration_name}.rb",
|
65
65
|
config.merge(migration_version: migration_version),
|
66
66
|
)
|
67
67
|
end
|
File without changes
|
data/lib/generators/clearance/install/templates/db/migrate/{create_users.rb → create_users.rb.erb}
RENAMED
File without changes
|
@@ -23,14 +23,19 @@ describe "Clearance Installation" do
|
|
23
23
|
end
|
24
24
|
|
25
25
|
def generate_test_app(app_name)
|
26
|
-
successfully
|
27
|
-
|
28
|
-
--
|
29
|
-
--skip-
|
30
|
-
--skip-
|
31
|
-
--skip-
|
32
|
-
--skip-
|
33
|
-
--
|
26
|
+
successfully <<-CMD.squish
|
27
|
+
bundle exec rails new #{app_name}
|
28
|
+
--no-rc
|
29
|
+
--skip-action-cable
|
30
|
+
--skip-active-storage
|
31
|
+
--skip-bootsnap
|
32
|
+
--skip-bundle
|
33
|
+
--skip-gemfile
|
34
|
+
--skip-git
|
35
|
+
--skip-javascript
|
36
|
+
--skip-keeps
|
37
|
+
--skip-sprockets
|
38
|
+
CMD
|
34
39
|
|
35
40
|
FileUtils.rm_f("public/index.html")
|
36
41
|
FileUtils.rm_f("app/views/layouts/application.html.erb")
|
@@ -1,6 +1,9 @@
|
|
1
1
|
require "spec_helper"
|
2
|
+
require "support/environment"
|
2
3
|
|
3
4
|
describe Clearance::BackDoor do
|
5
|
+
include EnvironmentSupport
|
6
|
+
|
4
7
|
it "signs in as a given user" do
|
5
8
|
user_id = "123"
|
6
9
|
user = double("user")
|
@@ -38,6 +41,13 @@ describe Clearance::BackDoor do
|
|
38
41
|
expect(result).to eq mock_app.call(env)
|
39
42
|
end
|
40
43
|
|
44
|
+
it "can't be used outside the test environment" do
|
45
|
+
with_environment("RAILS_ENV" => "production") do
|
46
|
+
expect { Clearance::BackDoor.new(mock_app) }.
|
47
|
+
to raise_exception "Can't use backdoor outside test environment"
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
41
51
|
def env_without_user_id
|
42
52
|
env_for_user_id("")
|
43
53
|
end
|
@@ -191,6 +191,7 @@ describe Clearance::Session do
|
|
191
191
|
expiration = -> { Time.now }
|
192
192
|
with_custom_expiration expiration do
|
193
193
|
session = Clearance::Session.new(env_without_remember_token)
|
194
|
+
session.sign_in user
|
194
195
|
allow(session).to receive(:warn)
|
195
196
|
session.add_cookie_to_headers headers
|
196
197
|
|
@@ -38,12 +38,16 @@ describe ForgeriesController do
|
|
38
38
|
|
39
39
|
it 'succeeds with authentic token' do
|
40
40
|
token = controller.send(:form_authenticity_token)
|
41
|
-
post :create,
|
41
|
+
post :create, params: {
|
42
|
+
authenticity_token: token,
|
43
|
+
}
|
42
44
|
expect(subject).to redirect_to(action: 'index')
|
43
45
|
end
|
44
46
|
|
45
47
|
it 'fails with invalid token' do
|
46
|
-
post :create,
|
48
|
+
post :create, params: {
|
49
|
+
authenticity_token: "hax0r",
|
50
|
+
}
|
47
51
|
expect(subject).to deny_access
|
48
52
|
end
|
49
53
|
|
@@ -7,7 +7,7 @@ describe Clearance::PasswordsController do
|
|
7
7
|
it "renders the password reset form" do
|
8
8
|
get :new
|
9
9
|
|
10
|
-
expect(response).to
|
10
|
+
expect(response).to be_successful
|
11
11
|
expect(response).to render_template(:new)
|
12
12
|
end
|
13
13
|
end
|
@@ -17,7 +17,9 @@ describe Clearance::PasswordsController do
|
|
17
17
|
it "generates a password change token" do
|
18
18
|
user = create(:user)
|
19
19
|
|
20
|
-
post :create,
|
20
|
+
post :create, params: {
|
21
|
+
password: { email: user.email.upcase },
|
22
|
+
}
|
21
23
|
|
22
24
|
expect(user.reload.confirmation_token).not_to be_nil
|
23
25
|
end
|
@@ -26,7 +28,9 @@ describe Clearance::PasswordsController do
|
|
26
28
|
ActionMailer::Base.deliveries.clear
|
27
29
|
user = create(:user)
|
28
30
|
|
29
|
-
post :create,
|
31
|
+
post :create, params: {
|
32
|
+
password: { email: user.email },
|
33
|
+
}
|
30
34
|
|
31
35
|
email = ActionMailer::Base.deliveries.last
|
32
36
|
expect(email.subject).to match(/change your password/i)
|
@@ -38,7 +42,9 @@ describe Clearance::PasswordsController do
|
|
38
42
|
ActionMailer::Base.deliveries.clear
|
39
43
|
email = "this_user_does_not_exist@non_existent_domain.com"
|
40
44
|
|
41
|
-
post :create,
|
45
|
+
post :create, params: {
|
46
|
+
password: { email: email },
|
47
|
+
}
|
42
48
|
|
43
49
|
expect(ActionMailer::Base.deliveries).to be_empty
|
44
50
|
end
|
@@ -46,9 +52,11 @@ describe Clearance::PasswordsController do
|
|
46
52
|
it "still responds with success so as not to leak registered users" do
|
47
53
|
email = "this_user_does_not_exist@non_existent_domain.com"
|
48
54
|
|
49
|
-
post :create,
|
55
|
+
post :create, params: {
|
56
|
+
password: { email: email },
|
57
|
+
}
|
50
58
|
|
51
|
-
expect(response).to
|
59
|
+
expect(response).to be_successful
|
52
60
|
expect(response).to render_template "passwords/create"
|
53
61
|
end
|
54
62
|
end
|
@@ -59,7 +67,10 @@ describe Clearance::PasswordsController do
|
|
59
67
|
it "redirects to the edit page with token now removed from url" do
|
60
68
|
user = create(:user, :with_forgotten_password)
|
61
69
|
|
62
|
-
get :edit,
|
70
|
+
get :edit, params: {
|
71
|
+
user_id: user,
|
72
|
+
token: user.confirmation_token,
|
73
|
+
}
|
63
74
|
|
64
75
|
expect(response).to be_redirect
|
65
76
|
expect(response).to redirect_to edit_user_password_url(user)
|
@@ -72,9 +83,11 @@ describe Clearance::PasswordsController do
|
|
72
83
|
user = create(:user, :with_forgotten_password)
|
73
84
|
|
74
85
|
request.session[:password_reset_token] = user.confirmation_token
|
75
|
-
get :edit,
|
86
|
+
get :edit, params: {
|
87
|
+
user_id: user,
|
88
|
+
}
|
76
89
|
|
77
|
-
expect(response).to
|
90
|
+
expect(response).to be_successful
|
78
91
|
expect(response).to render_template(:edit)
|
79
92
|
expect(assigns(:user)).to eq user
|
80
93
|
end
|
@@ -82,7 +95,10 @@ describe Clearance::PasswordsController do
|
|
82
95
|
|
83
96
|
context "blank token is supplied" do
|
84
97
|
it "renders the new password reset form with a flash notice" do
|
85
|
-
get :edit,
|
98
|
+
get :edit, params: {
|
99
|
+
user_id: 1,
|
100
|
+
token: "",
|
101
|
+
}
|
86
102
|
|
87
103
|
expect(response).to render_template(:new)
|
88
104
|
expect(flash.now[:notice]).to match(/double check the URL/i)
|
@@ -93,7 +109,10 @@ describe Clearance::PasswordsController do
|
|
93
109
|
it "renders the new password reset form with a flash notice" do
|
94
110
|
user = create(:user, :with_forgotten_password)
|
95
111
|
|
96
|
-
get :edit,
|
112
|
+
get :edit, params: {
|
113
|
+
user_id: 1,
|
114
|
+
token: user.confirmation_token + "a",
|
115
|
+
}
|
97
116
|
|
98
117
|
expect(response).to render_template(:new)
|
99
118
|
expect(flash.now[:notice]).to match(/double check the URL/i)
|
@@ -106,7 +125,10 @@ describe Clearance::PasswordsController do
|
|
106
125
|
request.session[:password_reset_token] = user.confirmation_token
|
107
126
|
|
108
127
|
user.forgot_password!
|
109
|
-
get :edit,
|
128
|
+
get :edit, params: {
|
129
|
+
user_id: user.id,
|
130
|
+
token: user.reload.confirmation_token,
|
131
|
+
}
|
110
132
|
|
111
133
|
expect(response).to redirect_to(edit_user_password_url(user))
|
112
134
|
expect(session[:password_reset_token]).to eq(user.confirmation_token)
|
@@ -120,19 +142,13 @@ describe Clearance::PasswordsController do
|
|
120
142
|
user = create(:user, :with_forgotten_password)
|
121
143
|
old_encrypted_password = user.encrypted_password
|
122
144
|
|
123
|
-
put :update, update_parameters(
|
145
|
+
put :update, params: update_parameters(
|
146
|
+
user,
|
147
|
+
new_password: "my_new_password",
|
148
|
+
)
|
124
149
|
|
125
150
|
expect(user.reload.encrypted_password).not_to eq old_encrypted_password
|
126
151
|
end
|
127
|
-
|
128
|
-
it "signs the user in and redirects" do
|
129
|
-
user = create(:user, :with_forgotten_password)
|
130
|
-
|
131
|
-
put :update, update_parameters(user, new_password: "my_new_password")
|
132
|
-
|
133
|
-
expect(response).to redirect_to(Clearance.configuration.redirect_url)
|
134
|
-
expect(cookies[:remember_token]).to be_present
|
135
|
-
end
|
136
152
|
end
|
137
153
|
|
138
154
|
context "password update fails" do
|
@@ -140,7 +156,10 @@ describe Clearance::PasswordsController do
|
|
140
156
|
user = create(:user, :with_forgotten_password)
|
141
157
|
old_encrypted_password = user.encrypted_password
|
142
158
|
|
143
|
-
put :update, update_parameters(
|
159
|
+
put :update, params: update_parameters(
|
160
|
+
user,
|
161
|
+
new_password: "",
|
162
|
+
)
|
144
163
|
|
145
164
|
user.reload
|
146
165
|
expect(user.encrypted_password).to eq old_encrypted_password
|
@@ -150,7 +169,10 @@ describe Clearance::PasswordsController do
|
|
150
169
|
it "re-renders the password edit form" do
|
151
170
|
user = create(:user, :with_forgotten_password)
|
152
171
|
|
153
|
-
put :update, update_parameters(
|
172
|
+
put :update, params: update_parameters(
|
173
|
+
user,
|
174
|
+
new_password: "",
|
175
|
+
)
|
154
176
|
|
155
177
|
expect(flash.now[:notice]).to match(/password can't be blank/i)
|
156
178
|
expect(response).to render_template(:edit)
|