clearance 1.17.0 → 2.0.0.beta1

data/lib/clearance/password_strategies/sha1.rb

@@ -1,59 +0,0 @@
-module Clearance
-  module PasswordStrategies
-    # @deprecated Use {BCrypt} or `clearance-deprecated_password_strategies` gem
-    module SHA1
-      require 'digest/sha1'
-
-      DEPRECATION_MESSAGE = "[DEPRECATION] The SHA1 password strategy " \
-        "has been deprecated and will be removed from Clearance 2.0. BCrypt " \
-        "is the only officially supported strategy, though you are free to " \
-        "provide your own. To continue using this strategy add " \
-        "clearance-deprecated_password_strategies to your Gemfile."
-
-      extend ActiveSupport::Concern
-
-      # @deprecated Use {BCrypt} or `clearance-deprecated_password_strategies`
-      #   gem
-      def authenticated?(password)
-        warn "#{Kernel.caller.first}: #{DEPRECATION_MESSAGE}"
-        encrypted_password == encrypt(password)
-      end
-
-      # @deprecated Use {BCrypt} or `clearance-deprecated_password_strategies`
-      #   gem
-      def password=(new_password)
-        warn "#{Kernel.caller.first}: #{DEPRECATION_MESSAGE}"
-        @password = new_password
-        initialize_salt_if_necessary
-
-        if new_password.present?
-          self.encrypted_password = encrypt(new_password)
-        end
-      end
-
-      private
-
-      # @api private
-      def encrypt(string)
-        generate_hash "--#{salt}--#{string}--"
-      end
-
-      # @api private
-      def generate_hash(string)
-        Digest::SHA1.hexdigest(string).encode 'UTF-8'
-      end
-
-      # @api private
-      def initialize_salt_if_necessary
-        if salt.blank?
-          self.salt = generate_salt
-        end
-      end
-
-      # @api private
-      def generate_salt
-        SecureRandom.hex(20).encode('UTF-8')
-      end
-    end
-  end
-end

data/lib/clearance/testing.rb

@@ -1,11 +0,0 @@
-if defined?(RSpec)
-  require 'clearance/rspec'
-elsif defined?(ActionController::TestCase)
-  require 'clearance/test_unit'
-end
-
-warn(
-  "#{Kernel.caller.first} [DEPRECATION] Requiring `clearance/testing` in " +
-  '`spec/spec_helper.rb` (or in `test/test_helper.rb`) is deprecated. ' +
-  'Require `clearance/rspec` or `clearance/test_unit` instead.'
-)

data/lib/clearance/testing/helpers.rb

@@ -1,15 +0,0 @@
-require "clerance/testing/controller_helpers"
-
-module Clearance
-  module Testing
-    # @deprecated Use Clearance::Testing::ControllerHelpers
-    module Helpers
-      warn(
-        "#{Kernel.caller.first} [DEPRECATION] Clearance::Testing::Helpers is "\
-        "deprecated and has been replaced with " \
-        "Clearance::Testing::ControllerHelpers. Require " \
-        "clearance/testing/controller_helpers instead."
-      )
-    end
-  end
-end

data/spec/password_strategies/bcrypt_migration_from_sha1_spec.rb

@@ -1,122 +0,0 @@
-require "spec_helper"
-include FakeModelWithPasswordStrategy
-
-describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
-  around do |example|
-    silence_warnings do
-      example.run
-    end
-  end
-
-  describe "#password=" do
-    it "encrypts the password into a BCrypt-encrypted encrypted_password" do
-      stub_bcrypt_password
-
-      expect(model_instance.encrypted_password).to eq encrypted_password
-    end
-
-    it "encrypts with BCrypt" do
-      stub_bcrypt_password
-
-      expect(BCrypt::Password).to have_received(:create).
-        with(password, anything)
-    end
-
-    it "sets the pasword on the subject" do
-      stub_bcrypt_password
-
-      expect(model_instance.password).to be_present
-    end
-
-    def stub_bcrypt_password
-      model_instance.salt = salt
-      digestable = "--#{salt}--#{password}--"
-      model_instance.encrypted_password = Digest::SHA1.hexdigest(digestable)
-      allow(BCrypt::Password).to receive(:create).and_return(encrypted_password)
-      model_instance.password = password
-    end
-
-    def encrypted_password
-      @encrypted_password ||= double("encrypted password")
-    end
-  end
-
-  describe "#authenticated?" do
-    context "with a SHA1-encrypted password" do
-      it "is authenticated" do
-        model_instance.salt = salt
-        model_instance.encrypted_password = sha1_hash
-        allow(model_instance).to receive(:save)
-
-        expect(model_instance).to be_authenticated(password)
-      end
-
-      it "changes the hash into a BCrypt-encrypted one" do
-        model_instance.salt = salt
-        model_instance.encrypted_password = sha1_hash
-        allow(model_instance).to receive(:save)
-
-        model_instance.authenticated? password
-
-        expect(model_instance.encrypted_password).not_to eq sha1_hash
-      end
-
-      it "does not raise a BCrypt error for invalid passwords" do
-        model_instance.salt = salt
-        model_instance.encrypted_password = sha1_hash
-
-        expect do
-          model_instance.authenticated? "bad" + password
-        end.not_to raise_error
-      end
-
-      it "saves the subject to database" do
-        model_instance.salt = salt
-        model_instance.encrypted_password = sha1_hash
-        allow(model_instance).to receive(:save)
-
-        model_instance.authenticated? password
-
-        expect(model_instance).to have_received(:save)
-      end
-
-      def sha1_hash
-        Digest::SHA1.hexdigest("--#{salt}--#{password}--")
-      end
-    end
-
-    context "with a BCrypt-encrypted password" do
-      it "is authenticated" do
-        model_instance.encrypted_password = bcrypt_hash
-
-        expect(model_instance).to be_authenticated(password)
-      end
-
-      it "does not change the hash" do
-        model_instance.encrypted_password = bcrypt_hash
-
-        model_instance.authenticated? password
-
-        expect(model_instance.encrypted_password.to_s).to eq bcrypt_hash.to_s
-      end
-
-      def bcrypt_hash
-        @bcrypt_hash ||= ::BCrypt::Password.create(password)
-      end
-    end
-  end
-
-  def model_instance
-    @model_instance ||= fake_model_with_password_strategy(
-      Clearance::PasswordStrategies::BCryptMigrationFromSHA1
-    )
-  end
-
-  def salt
-    "salt"
-  end
-
-  def password
-    "password"
-  end
-end

data/spec/password_strategies/blowfish_spec.rb

@@ -1,61 +0,0 @@
-require "spec_helper"
-include FakeModelWithPasswordStrategy
-
-describe Clearance::PasswordStrategies::Blowfish do
-  around do |example|
-    silence_warnings do
-      example.run
-    end
-  end
-
-  describe "#password=" do
-    context "when the password is set" do
-      it "does not initialize the salt" do
-        model_instance = fake_model_with_blowfish_strategy
-        model_instance.salt = salt
-        model_instance.password = password
-
-        expect(model_instance.salt).to eq salt
-      end
-
-      it "encrypts the password using Blowfish and the existing salt" do
-        model_instance = fake_model_with_blowfish_strategy
-        model_instance.salt = salt
-        model_instance.salt = salt
-        model_instance.password = password
-        cipher = OpenSSL::Cipher::Cipher.new("bf-cbc").encrypt
-        cipher.key = Digest::SHA256.digest(salt).first(16)
-        expected = cipher.update("--#{salt}--#{password}--") << cipher.final
-
-        encrypted_password = Base64.decode64(model_instance.encrypted_password)
-
-        expect(encrypted_password).to eq expected
-      end
-    end
-
-    context "when the salt is not set" do
-      it "should initialize the salt" do
-        model_instance = fake_model_with_blowfish_strategy
-        model_instance.salt = salt
-        model_instance.salt = nil
-        model_instance.password = password
-
-        expect(model_instance.salt).not_to be_nil
-      end
-    end
-  end
-
-  def fake_model_with_blowfish_strategy
-    @model_instance ||= fake_model_with_password_strategy(
-      Clearance::PasswordStrategies::Blowfish
-    )
-  end
-
-  def salt
-    "salt"
-  end
-
-  def password
-    "password"
-  end
-end

data/spec/password_strategies/sha1_spec.rb

@@ -1,59 +0,0 @@
-require "spec_helper"
-include FakeModelWithPasswordStrategy
-
-describe Clearance::PasswordStrategies::SHA1 do
-  around do |example|
-    silence_warnings do
-      example.run
-    end
-  end
-
-  describe "#password=" do
-    context "when the salt is set" do
-      it "does not initialize the salt when assigned" do
-        model_instance = fake_model_with_sha1_strategy
-
-        model_instance.salt = salt
-
-        expect(model_instance.salt).to eq salt
-      end
-
-      it "encrypts the password using SHA1 and the existing salt" do
-        model_instance = fake_model_with_sha1_strategy
-        model_instance.salt = salt
-        model_instance.password = password
-
-        expected = Digest::SHA1.hexdigest("--#{salt}--#{password}--")
-
-        expect(model_instance.encrypted_password).to eq expected
-      end
-    end
-
-    context "when the salt is set" do
-      it "generates the salt" do
-        model_instance = fake_model_with_sha1_strategy
-        model_instance.password = ""
-
-        expect(model_instance.salt).not_to be_nil
-      end
-
-      it "doesn't encrypt the password" do
-        model_instance = fake_model_with_sha1_strategy
-
-        expect(model_instance.encrypted_password).to be_nil
-      end
-    end
-  end
-
-  def fake_model_with_sha1_strategy
-    fake_model_with_password_strategy(Clearance::PasswordStrategies::SHA1)
-  end
-
-  def salt
-    "salt"
-  end
-
-  def password
-    "password"
-  end
-end