clearance 1.7.0 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4a379553672fd5a49ba2e23f23f3179d0e023b8b
-  data.tar.gz: 51022e7a675360f0c142a9812d753fa2a6cf240b
+  metadata.gz: df978f0510867a2d80c064924da2b102af823b5e
+  data.tar.gz: be638b6207733d3a873c344f40dbbe540616805a
 SHA512:
-  metadata.gz: 562072cad198bc2e707fbf163ffc279e7b5f6abdc70fc98b777df0f669b33026e6924954429fdabf888512f58535ebe3a80999edb9f79cf92ea711cbde96a0cf
-  data.tar.gz: a19e25467230e87006d4dd1d08932333df4ef47814d60a51766f0648475e8ca67d4a15b86c87b7baaddb739897aa9f5468be7df77bfcaa53c1e87faf99548117
+  metadata.gz: 4d3edea1ae4ce2ff2e47e6a9c747349a58978642c72b46862c303b6c0510a888cfd58668e881dfdf974369ea05c7b316a74795643c89a26059210f2f20ae8911
+  data.tar.gz: c31439f8e17dacb54727dd968ff6e840129ceb1e0f3fa6fb9bc99c3f4bf71a2d4bff43d98d9d22e37dba36a38d4d4bebb8e743d6a7a827cf0025e5ddde6e0b1a

data/Gemfile

@@ -4,10 +4,8 @@ gemspec
 
 gem 'appraisal', '~> 1.0'
 gem 'ammeter'
-gem 'aruba', '~> 0.5'
 gem 'bundler', '~> 1.3'
-gem 'capybara', '~> 2.2.0'
-gem 'cucumber-rails', '~> 1.3', require: false
+gem 'capybara', '>= 2.3'
 gem 'database_cleaner', '~> 1.0'
 gem 'factory_girl_rails', '~> 4.2'
 gem 'rspec-rails', '~> 3.1'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (1.7.0)
+    clearance (1.8.0)
       bcrypt
       email_validator (~> 1.4)
       rails (>= 3.1)
@@ -53,33 +53,15 @@ GEM
       rake
       thor (>= 0.14.0)
     arel (6.0.0)
-    aruba (0.6.1)
-      childprocess (>= 0.3.6)
-      cucumber (>= 1.1.1)
-      rspec-expectations (>= 2.7.0)
     bcrypt (3.1.9)
     builder (3.2.2)
-    capybara (2.2.1)
+    capybara (2.4.4)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
       xpath (~> 2.0)
-    childprocess (0.5.5)
-      ffi (~> 1.0, >= 1.0.11)
     coderay (1.1.0)
-    cucumber (1.3.18)
-      builder (>= 2.1.2)
-      diff-lcs (>= 1.1.3)
-      gherkin (~> 2.12)
-      multi_json (>= 1.7.5, < 2.0)
-      multi_test (>= 0.1.1)
-    cucumber-rails (1.4.2)
-      capybara (>= 1.1.2, < 3)
-      cucumber (>= 1.3.8, < 2)
-      mime-types (>= 1.16, < 3)
-      nokogiri (~> 1.5)
-      rails (>= 3, < 5)
     database_cleaner (1.3.0)
     diff-lcs (1.2.5)
     email_validator (1.5.0)
@@ -90,9 +72,6 @@ GEM
     factory_girl_rails (4.5.0)
       factory_girl (~> 4.5.0)
       railties (>= 3.0.0)
-    ffi (1.9.6)
-    gherkin (2.12.2)
-      multi_json (~> 1.3)
     globalid (0.3.0)
       activesupport (>= 4.1.0)
     hike (1.2.3)
@@ -107,7 +86,6 @@ GEM
     mini_portile (0.6.2)
     minitest (5.5.0)
     multi_json (1.10.1)
-    multi_test (0.1.1)
     nokogiri (1.6.5)
       mini_portile (~> 0.6.0)
     pry (0.10.1)
@@ -115,7 +93,7 @@ GEM
       method_source (~> 0.8.1)
       slop (~> 3.4)
     rack (1.6.0)
-    rack-test (0.6.2)
+    rack-test (0.6.3)
       rack (>= 1.0)
     rails (4.2.0)
       actionmailer (= 4.2.0)
@@ -186,11 +164,9 @@ PLATFORMS
 DEPENDENCIES
   ammeter
   appraisal (~> 1.0)
-  aruba (~> 0.5)
   bundler (~> 1.3)
-  capybara (~> 2.2.0)
+  capybara (>= 2.3)
   clearance!
-  cucumber-rails (~> 1.3)
   database_cleaner (~> 1.0)
   factory_girl_rails (~> 4.2)
   pry

data/NEWS.md

@@ -1,5 +1,17 @@
 Thank you to all the [contributors](https://github.com/thoughtbot/clearance/graphs/contributors)!
 
+New for 1.8.0 (January 23, 2015)
+* Fixed an issue that would cause sites that are still using the deprecated
+ `authorize` filter to enter a redirect loop when redirecting to the sign in
+  path.
+* The Clearance remember token cookie name is now customizable via
+  `Clearance.configuration.cookie_name`.
+* Signed in users that attempt to visit the sign in path are now redirected. The
+  redirect URL defaults to the same URL used for the redirect after sign in, but
+  can be customized by overriding `passwords_controller#url_for_signed_in_users`
+* `users_controller#avoid_sign_in` is now deprecated in favor of
+  `redirect_signed_in_users` which is more accurately named.
+
 New for 1.7.0 (January, 8, 2015)
 * The `authorize` filter has been deprecated in favor of `require_login`. Update
   all reference to the filter including any calls to `skip_before_filter` or

data/README.md

@@ -10,7 +10,12 @@ Clearance was extracted out of [Airbrake](http://airbrake.io/). It is intended
 to be small, simple, and well-tested. It is intended to be easy to override
 defaults.
 
-Use [GitHub Issues](https://github.com/thoughtbot/clearance/issues) for help.
+Please use [GitHub Issues] to report bugs. If you have a question about the
+library, please use the `clearance` tag on [Stack Overflow]. This tag is
+monitored by contributors.
+
+[GitHub Issues]: https://github.com/thoughtbot/clearance/issues
+[Stack Overflow]: http://stackoverflow.com/questions/tagged/clearance
 
 Read [CONTRIBUTING.md](/CONTRIBUTING.md) to contribute.
 
@@ -59,6 +64,7 @@ Clearance.configure do |config|
   config.allow_sign_up = true
   config.cookie_domain = '.example.com'
   config.cookie_expiration = lambda { |cookies| 1.year.from_now.utc }
+  config.cookie_name = 'remember_token'
   config.cookie_path = '/'
   config.routes = true
   config.httponly = false
@@ -216,6 +222,7 @@ All of these controller methods redirect to `'/'` by default:
 
     passwords#url_after_update
     sessions#url_after_create
+    sessions#url_for_signed_in_users
     users#url_after_create
     application#url_after_denied_access_when_signed_in
 

data/Rakefile

@@ -1,10 +1,8 @@
-# encoding: utf-8
 require "rubygems"
 require "bundler/setup"
 require "bundler/gem_tasks"
 
 require "rake"
-require "cucumber/rake/task"
 require "rspec/core/rake_task"
 
 namespace :dummy do
@@ -12,12 +10,17 @@ namespace :dummy do
   Dummy::Application.load_tasks
 end
 
-desc "Default"
-task default: [:spec, :cucumber]
+desc "Run specs other than spec/acceptance"
+RSpec::Core::RakeTask.new("spec") do |task|
+  task.exclude_pattern = "spec/acceptance/**/*_spec.rb"
+  task.verbose = false
+end
 
-Cucumber::Rake::Task.new(:cucumber) do |t|
-  t.fork = false
-  t.cucumber_opts = ["--format", (ENV["CUCUMBER_FORMAT"] || "progress")]
+desc "Run acceptance specs in spec/acceptance"
+RSpec::Core::RakeTask.new("spec:acceptance") do |task|
+  task.pattern = "spec/acceptance/**/*_spec.rb"
+  task.verbose = false
 end
 
-RSpec::Core::RakeTask.new(:spec)
+desc "Run the specs and acceptance tests"
+task default: %w(spec spec:acceptance)

data/app/controllers/clearance/passwords_controller.rb

@@ -2,6 +2,7 @@ require 'active_support/deprecation'
 
 class Clearance::PasswordsController < Clearance::BaseController
   skip_before_filter :require_login, only: [:create, :edit, :new, :update]
+  skip_before_filter :authorize, only: [:create, :edit, :new, :update]
   before_filter :forbid_missing_token, only: [:edit, :update]
   before_filter :forbid_non_existent_user, only: [:edit, :update]
 

data/app/controllers/clearance/sessions_controller.rb

@@ -1,5 +1,7 @@
 class Clearance::SessionsController < Clearance::BaseController
+  before_filter :redirect_signed_in_users, only: [:new]
   skip_before_filter :require_login, only: [:create, :new, :destroy]
+  skip_before_filter :authorize, only: [:create, :new, :destroy]
   protect_from_forgery except: :create
 
   def create
@@ -10,7 +12,7 @@ class Clearance::SessionsController < Clearance::BaseController
         redirect_back_or url_after_create
       else
         flash.now.notice = status.failure_message
-        render template: 'sessions/new', status: :unauthorized
+        render template: "sessions/new", status: :unauthorized
       end
     end
   end
@@ -21,11 +23,17 @@ class Clearance::SessionsController < Clearance::BaseController
   end
 
   def new
-    render template: 'sessions/new'
+    render template: "sessions/new"
   end
 
   private
 
+  def redirect_signed_in_users
+    if signed_in?
+      redirect_to url_for_signed_in_users
+    end
+  end
+
   def url_after_create
     Clearance.configuration.redirect_url
   end
@@ -33,4 +41,8 @@ class Clearance::SessionsController < Clearance::BaseController
   def url_after_destroy
     sign_in_url
   end
+
+  def url_for_signed_in_users
+    url_after_create
+  end
 end

data/app/controllers/clearance/users_controller.rb

@@ -1,10 +1,11 @@
 class Clearance::UsersController < Clearance::BaseController
+  before_filter :redirect_signed_in_users, only: [:create, :new]
   skip_before_filter :require_login, only: [:create, :new]
-  before_filter :avoid_sign_in, only: [:create, :new], if: :signed_in?
+  skip_before_filter :authorize, only: [:create, :new]
 
   def new
     @user = user_from_params
-    render template: 'users/new'
+    render template: "users/new"
   end
 
   def create
@@ -14,14 +15,24 @@ class Clearance::UsersController < Clearance::BaseController
       sign_in @user
       redirect_back_or url_after_create
     else
-      render template: 'users/new'
+      render template: "users/new"
     end
   end
 
   private
 
   def avoid_sign_in
-    redirect_to Clearance.configuration.redirect_url
+    warn "[DEPRECATION] Clearance's `avoid_sign_in` before_filter is " +
+      "deprecated. Use `redirect_signed_in_users` instead. " +
+      "Be sure to update any instances of `skip_before_filter :avoid_sign_in`" +
+      " or `skip_before_action :avoid_sign_in` as well"
+    redirect_signed_in_users
+  end
+
+  def redirect_signed_in_users
+    if signed_in?
+      redirect_to Clearance.configuration.redirect_url
+    end
   end
 
   def url_after_create

data/bin/appraisal

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'appraisal' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('appraisal', 'appraisal')

data/bin/rake

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'rake' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rake', 'rake')

data/bin/rspec

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'rspec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('rspec-core', 'rspec')

data/clearance.gemspec

@@ -37,6 +37,6 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib']
   s.required_ruby_version = Gem::Requirement.new('>= 1.9.2')
   s.summary = 'Rails authentication & authorization with email & password.'
-  s.test_files = `git ls-files -- {features,spec}/*`.split("\n")
+  s.test_files = `git ls-files -- {spec}/*`.split("\n")
   s.version = Clearance::VERSION
 end

data/gemfiles/rails3.2.gemfile

@@ -4,10 +4,8 @@ source "https://rubygems.org"
 
 gem "appraisal", "~> 1.0"
 gem "ammeter"
-gem "aruba", "~> 0.5"
 gem "bundler", "~> 1.3"
-gem "capybara", "~> 2.2.0"
-gem "cucumber-rails", "~> 1.3", :require => false
+gem "capybara", ">= 2.3"
 gem "database_cleaner", "~> 1.0"
 gem "factory_girl_rails", "~> 4.2"
 gem "rspec-rails", "~> 3.1"

data/gemfiles/rails4.0.gemfile

@@ -4,10 +4,8 @@ source "https://rubygems.org"
 
 gem "appraisal", "~> 1.0"
 gem "ammeter"
-gem "aruba", "~> 0.5"
 gem "bundler", "~> 1.3"
-gem "capybara", "~> 2.2.0"
-gem "cucumber-rails", "~> 1.3", :require => false
+gem "capybara", ">= 2.3"
 gem "database_cleaner", "~> 1.0"
 gem "factory_girl_rails", "~> 4.2"
 gem "rspec-rails", "~> 3.1"

data/gemfiles/rails4.1.gemfile

@@ -4,10 +4,8 @@ source "https://rubygems.org"
 
 gem "appraisal", "~> 1.0"
 gem "ammeter"
-gem "aruba", "~> 0.5"
 gem "bundler", "~> 1.3"
-gem "capybara", "~> 2.2.0"
-gem "cucumber-rails", "~> 1.3", :require => false
+gem "capybara", ">= 2.3"
 gem "database_cleaner", "~> 1.0"
 gem "factory_girl_rails", "~> 4.2"
 gem "rspec-rails", "~> 3.1"

data/gemfiles/rails4.2.gemfile

@@ -4,10 +4,8 @@ source "https://rubygems.org"
 
 gem "appraisal", "~> 1.0"
 gem "ammeter"
-gem "aruba", "~> 0.5"
 gem "bundler", "~> 1.3"
-gem "capybara", "~> 2.2.0"
-gem "cucumber-rails", "~> 1.3", :require => false
+gem "capybara", ">= 2.3"
 gem "database_cleaner", "~> 1.0"
 gem "factory_girl_rails", "~> 4.2"
 gem "rspec-rails", "~> 3.1"

data/lib/clearance/configuration.rb

@@ -5,6 +5,7 @@ module Clearance
     attr_accessor \
       :cookie_domain,
       :cookie_expiration,
+      :cookie_name,
       :cookie_path,
       :httponly,
       :mailer_sender,
@@ -18,6 +19,7 @@ module Clearance
       @allow_sign_up = true
       @cookie_expiration = ->(cookies) { 1.year.from_now.utc }
       @cookie_path = '/'
+      @cookie_name = "remember_token"
       @httponly = false
       @mailer_sender = 'reply@example.com'
       @redirect_url = '/'

data/lib/clearance/session.rb

@@ -2,8 +2,6 @@ require 'clearance/default_sign_in_guard'
 
 module Clearance
   class Session
-    REMEMBER_TOKEN_COOKIE = 'remember_token'.freeze
-
     def initialize(env)
       @env = env
       @current_user = nil
@@ -12,7 +10,11 @@ module Clearance
 
     def add_cookie_to_headers(headers)
       if cookie_value[:value].present?
-        Rack::Utils.set_cookie_header!(headers, REMEMBER_TOKEN_COOKIE, cookie_value)
+        Rack::Utils.set_cookie_header!(
+          headers,
+          remember_token_cookie,
+          cookie_value
+        )
       end
     end
 
@@ -29,7 +31,7 @@ module Clearance
       status = run_sign_in_stack
 
       if status.success?
-        cookies[REMEMBER_TOKEN_COOKIE] = user && user.remember_token
+        cookies[remember_token_cookie] = user && user.remember_token
       else
         @current_user = nil
       end
@@ -45,7 +47,7 @@ module Clearance
       end
 
       @current_user = nil
-      cookies.delete REMEMBER_TOKEN_COOKIE
+      cookies.delete remember_token_cookie
     end
 
     def signed_in?
@@ -63,7 +65,7 @@ module Clearance
     end
 
     def remember_token
-      cookies[REMEMBER_TOKEN_COOKIE]
+      cookies[remember_token_cookie]
     end
 
     def remember_token_expires
@@ -78,6 +80,10 @@ module Clearance
       end
     end
 
+    def remember_token_cookie
+      Clearance.configuration.cookie_name.freeze
+    end
+
     def expires_configuration
       Clearance.configuration.cookie_expiration
     end