clearance 1.17.0 → 2.2.0

data/spec/clearance/testing/deny_access_matcher_spec.rb

@@ -0,0 +1,32 @@
+require "spec_helper"
+
+class PretendFriendsController < ActionController::Base
+  include Clearance::Controller
+  before_action :require_login
+
+  def index
+  end
+end
+
+describe PretendFriendsController, type: :controller do
+  before do
+    Rails.application.routes.draw do
+      resources :pretend_friends, only: :index
+      get "/sign_in"  => "clearance/sessions#new", as: "sign_in"
+    end
+  end
+
+  after do
+    Rails.application.reload_routes!
+  end
+
+  it "checks contents of deny access flash" do
+    get :index
+
+    expect(subject).to deny_access(flash: failure_message)
+  end
+
+  def failure_message
+    I18n.t("flashes.failure_when_not_signed_in")
+  end
+end

data/spec/configuration_spec.rb

@@ -1,6 +1,8 @@
 require "spec_helper"
 
 describe Clearance::Configuration do
+  let(:config) { Clearance.configuration }
+
   context "when no user_model_name is specified" do
     it "defaults to User" do
       expect(Clearance.configuration.user_model).to eq ::User
@@ -8,12 +10,47 @@ describe Clearance::Configuration do
   end
 
   context "when a custom user_model_name is specified" do
-    it "is used instead of User" do
+    before(:each) do
       MyUser = Class.new
+    end
+
+    after(:each) do
+      Object.send(:remove_const, :MyUser)
+    end
+
+    it "is used instead of User" do
       Clearance.configure { |config| config.user_model = MyUser }
 
       expect(Clearance.configuration.user_model).to eq ::MyUser
     end
+
+    it "can be specified as a string to avoid triggering autoloading" do
+      Clearance.configure { |config| config.user_model = "MyUser" }
+
+      expect(Clearance.configuration.user_model).to eq ::MyUser
+    end
+  end
+
+  context "when no parent_controller is specified" do
+    it "defaults to ApplicationController" do
+      expect(config.parent_controller).to eq ::ApplicationController
+    end
+  end
+
+  context "when a custom parent_controller is specified" do
+    before(:each) do
+      MyController = Class.new
+    end
+
+    after(:each) do
+      Object.send(:remove_const, :MyController)
+    end
+
+    it "is used instead of ApplicationController" do
+      Clearance.configure { |config| config.parent_controller = MyController }
+
+      expect(config.parent_controller).to eq ::MyController
+    end
   end
 
   context "when secure_cookie is set to true" do
@@ -146,28 +183,22 @@ describe Clearance::Configuration do
   end
 
   describe "#rotate_csrf_on_sign_in?" do
-    it "defaults to falsey and warns" do
-      Clearance.configuration = Clearance::Configuration.new
-      allow(Clearance.configuration).to receive(:warn)
-
-      expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be_falsey
-      expect(Clearance.configuration).to have_received(:warn)
-    end
-
-    it "is true and does not warn when `rotate_csrf_on_sign_in` is true" do
+    it "is true when `rotate_csrf_on_sign_in` is set to true" do
       Clearance.configure { |config| config.rotate_csrf_on_sign_in = true }
-      allow(Clearance.configuration).to receive(:warn)
 
       expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be true
-      expect(Clearance.configuration).not_to have_received(:warn)
     end
 
-    it "is false and does not warn when `rotate_csrf_on_sign_in` is false" do
+    it "is false when `rotate_csrf_on_sign_in` is set to false" do
       Clearance.configure { |config| config.rotate_csrf_on_sign_in = false }
-      allow(Clearance.configuration).to receive(:warn)
 
       expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be false
-      expect(Clearance.configuration).not_to have_received(:warn)
+    end
+
+    it "is false when `rotate_csrf_on_sign_in` is set to nil" do
+      Clearance.configure { |config| config.rotate_csrf_on_sign_in = nil }
+
+      expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be false
     end
   end
 end

data/spec/controllers/apis_controller_spec.rb

@@ -3,11 +3,7 @@ require 'spec_helper'
 class ApisController < ActionController::Base
   include Clearance::Controller
 
-  if respond_to?(:before_action)
-    before_action :require_login
-  else
-    before_filter :require_login
-  end
+  before_action :require_login
 
   def show
     head :ok

data/spec/controllers/forgeries_controller_spec.rb

@@ -5,11 +5,7 @@ class ForgeriesController < ActionController::Base
 
   protect_from_forgery
 
-  if respond_to?(:before_action)
-    before_action :require_login
-  else
-    before_filter :require_login
-  end
+  before_action :require_login
 
   # This is off in test by default, but we need it for this test
   self.allow_forgery_protection = true

data/spec/controllers/passwords_controller_spec.rb

@@ -37,6 +37,30 @@ describe Clearance::PasswordsController do
       end
     end
 
+    context "email param is missing" do
+      it "displays flash error on new page" do
+        post :create, params: {
+          password: {},
+        }
+
+        expect(flash.now[:alert]).to match(/email can't be blank/i)
+        expect(response).to render_template(:new)
+      end
+    end
+
+    context "email param is blank" do
+      it "displays flash error on new page" do
+        post :create, params: {
+          password: {
+            email: "",
+          }
+        }
+
+        expect(flash.now[:alert]).to match(/email can't be blank/i)
+        expect(response).to render_template(:new)
+      end
+    end
+
     context "email does not belong to an existing user" do
       it "does not deliver an email" do
         ActionMailer::Base.deliveries.clear
@@ -94,19 +118,19 @@ describe Clearance::PasswordsController do
     end
 
     context "blank token is supplied" do
-      it "renders the new password reset form with a flash notice" do
+      it "renders the new password reset form with a flash alert" do
         get :edit, params: {
           user_id: 1,
           token: "",
         }
 
         expect(response).to render_template(:new)
-        expect(flash.now[:notice]).to match(/double check the URL/i)
+        expect(flash.now[:alert]).to match(/double check the URL/i)
       end
     end
 
     context "invalid token is supplied" do
-      it "renders the new password reset form with a flash notice" do
+      it "renders the new password reset form with a flash alert" do
         user = create(:user, :with_forgotten_password)
 
         get :edit, params: {
@@ -115,7 +139,7 @@ describe Clearance::PasswordsController do
         }
 
         expect(response).to render_template(:new)
-        expect(flash.now[:notice]).to match(/double check the URL/i)
+        expect(flash.now[:alert]).to match(/double check the URL/i)
       end
     end
 
@@ -166,6 +190,18 @@ describe Clearance::PasswordsController do
         expect(user.confirmation_token).to be_present
       end
 
+      it "does not raise NoMethodError from incomplete password_reset params" do
+        user = create(:user, :with_forgotten_password)
+
+        expect do
+          put :update, params: {
+            user_id: user,
+            token: user.confirmation_token,
+            password_reset: {},
+          }
+        end.not_to raise_error
+      end
+
       it "re-renders the password edit form" do
         user = create(:user, :with_forgotten_password)
 
@@ -174,7 +210,7 @@ describe Clearance::PasswordsController do
           new_password: "",
         )
 
-        expect(flash.now[:notice]).to match(/password can't be blank/i)
+        expect(flash.now[:alert]).to match(/password can't be blank/i)
         expect(response).to render_template(:edit)
         expect(cookies[:remember_token]).to be_nil
       end

data/spec/controllers/permissions_controller_spec.rb

@@ -3,11 +3,7 @@ require 'spec_helper'
 class PermissionsController < ActionController::Base
   include Clearance::Controller
 
-  if respond_to?(:before_action)
-    before_action :require_login, only: :show
-  else
-    before_filter :require_login, only: :show
-  end
+  before_action :require_login, only: :show
 
   def new
     head :ok
@@ -62,14 +58,14 @@ describe PermissionsController do
     it "denies access to show and display a flash message" do
       get :show
 
-      expect(flash[:notice]).to match(/^Please sign in to continue/)
+      expect(flash[:alert]).to match(/^Please sign in to continue/)
     end
   end
 
   context 'when remember_token is blank' do
     it 'denies acess to show' do
       user = create(:user)
-      user.update_attributes(remember_token: '')
+      user.update(remember_token: '')
       cookies[:remember_token] = ''
 
       get :show

data/spec/controllers/sessions_controller_spec.rb

@@ -33,7 +33,7 @@ describe Clearance::SessionsController do
         }
 
         expect(response).to render_template(:new)
-        expect(flash[:notice]).to match(/^Bad email or password/)
+        expect(flash[:alert]).to match(/^Bad email or password/)
       end
     end
 

data/spec/dummy/app/controllers/application_controller.rb

@@ -2,10 +2,6 @@ class ApplicationController < ActionController::Base
   include Clearance::Controller
 
   def show
-    if Rails::VERSION::MAJOR >= 5
-      render html: "", layout: "application"
-    else
-      render text: "", layout: "application"
-    end
+    render inline: "Hello user #<%= current_user.id %>", layout: false
   end
 end

data/spec/dummy/application.rb

@@ -28,13 +28,17 @@ module Dummy
     config.secret_key_base = "SECRET_KEY_BASE"
 
     if config.active_record.sqlite3.respond_to?(:represent_boolean_as_integer)
-      config.active_record.sqlite3.represent_boolean_as_integer = true
+      if Rails::VERSION::MAJOR < 6
+        config.active_record.sqlite3.represent_boolean_as_integer = true
+      end
     end
 
-    if config.respond_to?(:active_job)
-      config.active_job.queue_adapter = :inline
+    if Rails::VERSION::MAJOR >= 6
+      config.action_mailer.delivery_job = "ActionMailer::MailDeliveryJob"
     end
 
+    config.active_job.queue_adapter = :inline
+
     def require_environment!
       initialize!
     end

data/spec/generators/clearance/install/install_generator_spec.rb

@@ -70,7 +70,30 @@ describe Clearance::Generators::InstallGenerator, :generator do
 
         expect(migration).to exist
         expect(migration).to have_correct_syntax
-        expect(migration).to contain("create_table :users")
+        expect(migration).to contain("create_table :users do")
+      end
+
+      context "active record configured for uuid" do
+        around do |example|
+          preserve_original_primary_key_type_setting do
+            Rails.application.config.generators do |g|
+              g.orm :active_record, primary_key_type: :uuid
+            end
+            example.run
+          end
+        end
+
+        it "creates a migration to create the users table with key type set" do
+          provide_existing_application_controller
+          table_does_not_exist(:users)
+
+          run_generator
+          migration = migration_file("db/migrate/create_users.rb")
+
+          expect(migration).to exist
+          expect(migration).to have_correct_syntax
+          expect(migration).to contain("create_table :users, id: :uuid do")
+        end
       end
     end
 
@@ -118,16 +141,15 @@ describe Clearance::Generators::InstallGenerator, :generator do
 
   def table_does_not_exist(name)
     connection = ActiveRecord::Base.connection
+    allow(connection).to receive(:data_source_exists?).
+      with(name).
+      and_return(false)
+  end
 
-    if connection.respond_to?(:data_source_exists?)
-      allow(connection).to receive(:data_source_exists?).
-        with(name).
-        and_return(false)
-    else
-      allow(connection).to receive(:table_exists?).
-        with(name).
-        and_return(false)
-    end
+  def preserve_original_primary_key_type_setting
+    original = Rails.configuration.generators.active_record[:primary_key_type]
+    yield
+    Rails.configuration.generators.active_record[:primary_key_type] = original
   end
 
   def contain_models_inherit_from
@@ -135,10 +157,6 @@ describe Clearance::Generators::InstallGenerator, :generator do
   end
 
   def models_inherit_from
-    if Rails.version >= "5.0.0"
-      "ApplicationRecord"
-    else
-      "ActiveRecord::Base"
-    end
+    "ApplicationRecord"
   end
 end

data/spec/generators/clearance/views/views_generator_spec.rb

@@ -8,7 +8,6 @@ describe Clearance::Generators::ViewsGenerator, :generator do
     views = %w(
       clearance_mailer/change_password.html.erb
       clearance_mailer/change_password.text.erb
-      layouts/application.html.erb
       passwords/create.html.erb
       passwords/edit.html.erb
       passwords/new.html.erb
@@ -22,7 +21,6 @@ describe Clearance::Generators::ViewsGenerator, :generator do
 
     view_files.each do |each|
       expect(each).to exist
-      expect(each).to have_correct_syntax
     end
   end
 

data/spec/models/user_spec.rb

@@ -5,15 +5,15 @@ describe User do
   it { is_expected.to have_db_index(:remember_token) }
   it { is_expected.to validate_presence_of(:email) }
   it { is_expected.to validate_presence_of(:password) }
+  it { is_expected.to allow_value("foo;@example.com").for(:email) }
+  it { is_expected.to allow_value("foo@.example.com").for(:email) }
+  it { is_expected.to allow_value("foo@example..com").for(:email) }
   it { is_expected.to allow_value("foo@example.co.uk").for(:email) }
   it { is_expected.to allow_value("foo@example.com").for(:email) }
   it { is_expected.to allow_value("foo+bar@example.com").for(:email) }
-  it { is_expected.not_to allow_value("foo@").for(:email) }
-  it { is_expected.not_to allow_value("foo@example..com").for(:email) }
-  it { is_expected.not_to allow_value("foo@.example.com").for(:email) }
-  it { is_expected.not_to allow_value("foo").for(:email) }
   it { is_expected.not_to allow_value("example.com").for(:email) }
-  it { is_expected.not_to allow_value("foo;@example.com").for(:email) }
+  it { is_expected.not_to allow_value("foo").for(:email) }
+  it { is_expected.not_to allow_value("foo@").for(:email) }
 
   describe "#email" do
     it "stores email in down case and removes whitespace" do

data/spec/password_strategies/argon2_spec.rb

@@ -0,0 +1,79 @@
+require "spec_helper"
+
+describe Clearance::PasswordStrategies::Argon2 do
+  include FakeModelWithPasswordStrategy
+
+  describe "#password=" do
+    it "encrypts the password into encrypted_password" do
+      stub_argon2_password
+      model_instance = fake_model_with_argon2_strategy
+
+      model_instance.password = password
+
+      expect(model_instance.encrypted_password).to eq encrypted_password
+    end
+
+    it "encrypts with Argon2 using default cost in non test environments" do
+      hasher = stub_argon2_password
+      model_instance = fake_model_with_argon2_strategy
+      allow(Rails).to receive(:env).
+        and_return(ActiveSupport::StringInquirer.new("production"))
+
+      model_instance.password = password
+
+      expect(hasher).to have_received(:create).with(password)
+    end
+
+    it "encrypts with Argon2 using minimum cost in test environment" do
+      hasher = stub_argon2_password
+      model_instance = fake_model_with_argon2_strategy
+
+      model_instance.password = password
+
+      expect(hasher).to have_received(:create).with(password)
+    end
+
+    def stub_argon2_password
+      hasher = double(Argon2::Password)
+      allow(hasher).to receive(:create).and_return(encrypted_password)
+      allow(Argon2::Password).to receive(:new).and_return(hasher)
+      hasher
+    end
+
+    def encrypted_password
+      @encrypted_password ||= double("encrypted password")
+    end
+  end
+
+  describe "#authenticated?" do
+    context "given a password" do
+      it "is authenticated with Argon2" do
+        model_instance = fake_model_with_argon2_strategy
+
+        model_instance.password = password
+
+        expect(model_instance).to be_authenticated(password)
+      end
+    end
+
+    context "given no password" do
+      it "is not authenticated" do
+        model_instance = fake_model_with_argon2_strategy
+
+        password = nil
+
+        expect(model_instance).not_to be_authenticated(password)
+      end
+    end
+  end
+
+  def fake_model_with_argon2_strategy
+    @fake_model_with_argon2_strategy ||= fake_model_with_password_strategy(
+      Clearance::PasswordStrategies::Argon2,
+    )
+  end
+
+  def password
+    "password"
+  end
+end