RubyGems - clearance - Versions diffs - 1.7.0 → 1.8.0 - Mend

clearance 1.7.0 → 1.8.0

Potentially problematic release.

This version of clearance might be problematic. Click here for more details.

Files changed (60) hide show

checksums.yaml +4 -4
data/Gemfile +1 -3
data/Gemfile.lock +4 -28
data/NEWS.md +12 -0
data/README.md +8 -1
data/Rakefile +11 -8
data/app/controllers/clearance/passwords_controller.rb +1 -0
data/app/controllers/clearance/sessions_controller.rb +14 -2
data/app/controllers/clearance/users_controller.rb +15 -4
data/bin/appraisal +16 -0
data/bin/rake +16 -0
data/bin/rspec +16 -0
data/clearance.gemspec +1 -1
data/gemfiles/rails3.2.gemfile +1 -3
data/gemfiles/rails4.0.gemfile +1 -3
data/gemfiles/rails4.1.gemfile +1 -3
data/gemfiles/rails4.2.gemfile +1 -3
data/lib/clearance/configuration.rb +2 -0
data/lib/clearance/session.rb +12 -6
data/lib/clearance/version.rb +1 -1
data/spec/acceptance/clearance_installation_spec.rb +75 -0
data/spec/{support/app_templates → app_templates}/app/controllers/application_controller.rb +0 -0
data/spec/{support/app_templates → app_templates}/app/models/user.rb +0 -0
data/spec/{support/app_templates → app_templates}/config/routes.rb +0 -0
data/spec/app_templates/testapp/Gemfile +7 -0
data/spec/app_templates/testapp/app/controllers/home_controller.rb +5 -0
data/spec/app_templates/testapp/config/initializers/action_mailer.rb +3 -0
data/spec/app_templates/testapp/config/routes.rb +3 -0
data/spec/clearance/session_spec.rb +13 -0
data/spec/controllers/passwords_controller_spec.rb +100 -131
data/spec/controllers/sessions_controller_spec.rb +66 -52
data/spec/controllers/users_controller_spec.rb +47 -60
data/spec/dummy/app/models/user.rb +3 -0
data/spec/dummy/app/models/user_with_optional_password.rb +7 -0
data/spec/dummy/application.rb +2 -0
data/spec/factories.rb +4 -0
data/spec/{models → password_strategies}/bcrypt_migration_from_sha1_spec.rb +1 -0
data/spec/password_strategies/bcrypt_spec.rb +81 -0
data/spec/password_strategies/blowfish_spec.rb +55 -0
data/spec/password_strategies/password_strategies_spec.rb +28 -0
data/spec/password_strategies/sha1_spec.rb +53 -0
data/spec/support/clearance.rb +0 -16
data/spec/support/fake_model_with_password_strategy.rb +0 -4
data/spec/support/fake_model_without_password_strategy.rb +19 -0
data/spec/support/generator_spec_helpers.rb +1 -1
data/spec/support/request_with_remember_token.rb +1 -1
data/spec/user_spec.rb +186 -0
metadata +23 -67
data/cucumber.yml +0 -1
data/features/integration_with_rspec.feature +0 -23
data/features/integration_with_test_unit.feature +0 -16
data/features/step_definitions/configuration_steps.rb +0 -153
data/features/step_definitions/gem_file_steps.rb +0 -15
data/features/support/aruba.rb +0 -3
data/features/support/env.rb +0 -27
data/spec/models/bcrypt_spec.rb +0 -66
data/spec/models/blowfish_spec.rb +0 -42
data/spec/models/password_strategies_spec.rb +0 -41
data/spec/models/sha1_spec.rb +0 -43
data/spec/models/user_spec.rb +0 -196

data/lib/clearance/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "1.7.0"
+  VERSION = "1.8.0"
 end

data/spec/acceptance/clearance_installation_spec.rb ADDED Viewed

@@ -0,0 +1,75 @@
+require "spec_helper"
+describe "Clearance Installation" do
+  around do |example|
+    Dir.chdir("tmp") do
+      FileUtils.rm_rf("testapp")
+      example.run
+    end
+  end
+  it "can successfully run specs" do
+    app_name = "testapp"
+    generate_test_app(app_name)
+    Dir.chdir(app_name) do
+      configure_test_app
+      install_dependencies
+      configure_rspec
+      install_clearance
+      run_specs
+    end
+  end
+  def generate_test_app(app_name)
+    successfully "bundle exec rails new #{app_name} \
+       --skip-gemfile \
+       --skip-bundle \
+       --skip-git \
+       --skip-javascript \
+       --skip-sprockets \
+       --skip-keeps"
+    FileUtils.rm_f("public/index.html")
+    FileUtils.rm_f("app/views/layouts/application.html.erb")
+  end
+  def testapp_templates
+    File.expand_path("../../app_templates/testapp/", __FILE__)
+  end
+  def configure_test_app
+    FileUtils.rm_f("public/index.html")
+    FileUtils.rm_f("app/views/layouts/application.html.erb")
+    FileUtils.cp_r(testapp_templates, "..")
+  end
+  def install_dependencies
+    successfully "bundle install --local"
+  end
+  def configure_rspec
+    successfully "bundle exec rails generate rspec:install"
+  end
+  def install_clearance
+    successfully "bundle exec rails generate clearance:install"
+    successfully "bundle exec rails generate clearance:specs"
+    successfully "bundle exec rake db:migrate db:test:prepare"
+  end
+  def run_specs
+    successfully "bundle exec rspec", false
+  end
+  def successfully(command, silent = true)
+    if silent
+      silencer = "1>/dev/null"
+    else
+      silencer = ""
+    end
+    return_value = system("#{command} #{silencer}")
+    expect(return_value).to eq true
+  end
+end

data/spec/{support/app_templates → app_templates}/app/controllers/application_controller.rb RENAMED Viewed

File without changes

data/spec/{support/app_templates → app_templates}/app/models/user.rb RENAMED Viewed

File without changes

data/spec/{support/app_templates → app_templates}/config/routes.rb RENAMED Viewed

File without changes

data/spec/app_templates/testapp/Gemfile ADDED Viewed

@@ -0,0 +1,7 @@
+gem "rails"
+gem "sqlite3"
+gem "rspec-rails"
+gem "capybara"
+gem "factory_girl_rails"
+gem "database_cleaner"
+gem "clearance", path: "../.."

data/spec/app_templates/testapp/app/controllers/home_controller.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class HomeController < ApplicationController
+  def show
+    render text: "", layout: "application"
+  end
+end

data/spec/app_templates/testapp/config/initializers/action_mailer.rb ADDED Viewed

@@ -0,0 +1,3 @@
+Rails.application.config.action_mailer.default_url_options = {
+  host: "localhost"
+}

data/spec/app_templates/testapp/config/routes.rb ADDED Viewed

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  root to: "home#show"
+end

data/spec/clearance/session_spec.rb CHANGED Viewed

@@ -30,6 +30,19 @@ describe Clearance::Session do
     expect(session.current_user).to be_nil
   end
+  context "with a custom cookie name" do
+    it "sets a custom cookie name in the header" do
+      Clearance.configuration.cookie_domain = "custom_token"
+      session.sign_in user
+      session.add_cookie_to_headers(headers)
+      expect(headers["Set-Cookie"]).to match(/custom_token/)
+    end
+    after { restore_default_config }
+  end
   describe '#sign_in' do
     it 'sets current_user' do
       user = build(:user)

data/spec/controllers/passwords_controller_spec.rb CHANGED Viewed

@@ -1,188 +1,157 @@
-require 'spec_helper'
+require "spec_helper"
 describe Clearance::PasswordsController do
   it { is_expected.to be_a Clearance::BaseController }
-  describe 'a signed up user' do
-    before do
-      @user = create(:user)
-    end
+  describe "#new" do
+    it "renders the password reset form" do
+      user = create(:user)
-    describe 'on GET to #new' do
-      before { get :new, user_id: @user.to_param }
+      get :new, user_id: user
-      it { is_expected.to respond_with(:success) }
-      it { is_expected.to render_template(:new) }
+      expect(response).to be_success
+      expect(response).to render_template(:new)
     end
+  end
-    describe 'on POST to #create' do
-      describe 'with correct email address' do
-        before do
-          ActionMailer::Base.deliveries.clear
-          post :create, password: { email: @user.email }
-        end
-        it 'should generate a token for the change your password email' do
-          expect(@user.reload.confirmation_token).not_to be_nil
-        end
+  describe "#create" do
+    context "email corresponds to an existing user" do
+      it "generates a password change token" do
+        user = create(:user)
-        it 'sends an email with relevant subject' do
-          email = ActionMailer::Base.deliveries.last
-          expect(email.subject).to match(/change your password/i)
-        end
+        post :create, password: { email: user.email.upcase }
-        it { is_expected.to respond_with(:success) }
+        expect(user.reload.confirmation_token).not_to be_nil
       end
-      describe 'with correct email address capitalized differently' do
-        before do
-          ActionMailer::Base.deliveries.clear
-          post :create, password: { email: @user.email.upcase }
-        end
-        it 'should generate a token for the change your password email' do
-          expect(@user.reload.confirmation_token).not_to be_nil
-        end
+      it "sends the password reset email" do
+        ActionMailer::Base.deliveries.clear
+        user = create(:user)
-        it 'sends an email with relevant subject' do
-          email = ActionMailer::Base.deliveries.last
-          expect(email.subject).to match(/change your password/i)
-        end
+        post :create, password: { email: user.email }
-        it { is_expected.to respond_with(:success) }
+        email = ActionMailer::Base.deliveries.last
+        expect(email.subject).to match(/change your password/i)
       end
+    end
-      describe 'with incorrect email address' do
-        before do
-          email = 'user1@example.com'
-          user = Clearance.configuration.user_model.exists?(email: email)
-          expect(user).not_to be_present
+    context "email does not belong to an existing user" do
+      it "does not deliver an email" do
+        ActionMailer::Base.deliveries.clear
+        email = "this_user_does_not_exist@non_existent_domain.com"
-          ActionMailer::Base.deliveries.clear
-          expect(@user.reload.confirmation_token).to eq @user.confirmation_token
+        post :create, password: { email: email }
-          post :create, password: { email: email }
-        end
+        expect(ActionMailer::Base.deliveries).to be_empty
+      end
-        it 'should not generate a token for the change your password email' do
-          expect(@user.reload.confirmation_token).to eq @user.confirmation_token
-        end
+      it "still responds with success so as not to leak registered users" do
+        email = "this_user_does_not_exist@non_existent_domain.com"
-        it 'should not send a password reminder email' do
-          expect(ActionMailer::Base.deliveries).to be_empty
-        end
+        post :create, password: { email: email }
-        it { is_expected.to render_template(:create) }
+        expect(response).to be_success
+        expect(response).to render_template "passwords/create"
       end
     end
   end
-  describe 'a signed up user and forgotten password' do
-    before do
-      @user = create(:user)
-      @user.forgot_password!
-    end
+  describe "#edit" do
+    context "valid id and token are supplied" do
+      it "renders the password form for the user" do
+        user = create(:user, :with_forgotten_password)
-    describe 'on GET to #edit with correct id and token' do
-      before do
-        get :edit,
-            user_id: @user.to_param,
-            token: @user.confirmation_token
-      end
+        get :edit, user_id: user, token: user.confirmation_token
-      it 'should find the user' do
-        expect(assigns(:user)).to eq @user
+        expect(response).to be_success
+        expect(response).to render_template(:edit)
+        expect(assigns(:user)).to eq user
       end
-      it { is_expected.to respond_with(:success) }
-      it { is_expected.to render_template(:edit) }
     end
-    describe 'on GET to #edit with correct id but blank token' do
-      before do
-        get :edit, user_id: @user.to_param, token: ''
-      end
+    context "blank token is supplied" do
+      it "renders the new password reset form with a flash notice" do
+        get :edit, user_id: 1, token: ""
-      it { is_expected.to set_the_flash.to(/double check the URL/i).now }
-      it { is_expected.to render_template(:new) }
+        expect(response).to render_template(:new)
+        expect(flash.now[:notice]).to match(/double check the URL/i)
+      end
     end
-    describe 'on GET to #edit with correct id but no token' do
-      before do
-        get :edit, user_id: @user.to_param
-      end
+    context "invalid token is supplied" do
+      it "renders the new password reset form with a flash notice" do
+        user = create(:user, :with_forgotten_password)
-      it { is_expected.to set_the_flash.to(/double check the URL/i).now }
-      it { is_expected.to render_template(:new) }
+        get :edit, user_id: 1, token: user.confirmation_token + "a"
+        expect(response).to render_template(:new)
+        expect(flash.now[:notice]).to match(/double check the URL/i)
+      end
     end
+  end
-    describe 'on PUT to #update with password' do
-      before do
-        @new_password = 'new_password'
-        @old_encrypted_password = @user.encrypted_password
+  describe "#update" do
+    context "valid id, token, and new password provided" do
+      it "updates the user's password" do
+        user = create(:user, :with_forgotten_password)
+        old_encrypted_password = user.encrypted_password
-        put :update, user_id: @user, token: @user.confirmation_token,
-          password_reset: { password: @new_password }
-        @user.reload
-      end
+        put :update, update_parameters(user, new_password: "my_new_password")
-      it 'should update password' do
-        expect(@user.encrypted_password.to_s).not_to eq @old_encrypted_password
+        expect(user.reload.encrypted_password).not_to eq old_encrypted_password
       end
-      it 'should clear confirmation token' do
-        expect(@user.confirmation_token).to be_nil
-      end
+      it "sets the remember token and clears the confirmation token" do
+        user = create(:user, :with_forgotten_password)
-      it 'should set remember token' do
-        expect(@user.remember_token).not_to be_nil
+        put :update, update_parameters(user, new_password: "my_new_password")
+        user.reload
+        expect(user.remember_token).not_to be_nil
+        expect(user.confirmation_token).to be_nil
       end
-      it { is_expected.to redirect_to_url_after_update }
-    end
+      it "signs the user in and redirects" do
+        user = create(:user, :with_forgotten_password)
-    describe 'on PUT to #update with blank password' do
-      before do
-        put :update, user_id: @user.to_param, token: @user.confirmation_token,
-          password_reset: { password: '' }
-        @user.reload
-      end
+        put :update, update_parameters(user, new_password: "my_new_password")
-      it 'should not update password to be blank' do
-        expect(@user.encrypted_password).not_to be_blank
+        expect(response).to redirect_to(Clearance.configuration.redirect_url)
+        expect(cookies[:remember_token]).to be_present
       end
+    end
-      it 'should not clear token' do
-        expect(@user.confirmation_token).not_to be_nil
-      end
+    context "no password provided" do
+      it "does not update the password" do
+        user = create(:user, :with_forgotten_password)
+        old_encrypted_password = user.encrypted_password
-      it 'should not be signed in' do
-        expect(cookies[:remember_token]).to be_nil
+        put :update, update_parameters(user, new_password: "")
+        user.reload
+        expect(user.encrypted_password).to eq old_encrypted_password
+        expect(user.confirmation_token).to be_present
       end
-      it { is_expected.to set_the_flash.to(/password can't be blank/i).now }
-      it { is_expected.to respond_with(:success) }
-      it { is_expected.to render_template(:edit) }
-    end
+      it "re-renders the password edit form" do
+        user = create(:user, :with_forgotten_password)
-    describe 'on PUT to #update with an empty token after the user sets a password' do
-      before do
-        put :update, user_id: @user.to_param, token: @user.confirmation_token,
-          password_reset: { password: 'good password' }
-        put :update, user_id: @user.to_param, token: [nil],
-          password_reset: { password: 'new password' }
-      end
+        put :update, update_parameters(user, new_password: "")
-      it { is_expected.to set_the_flash.to(/double check the URL/i).now }
-      it { is_expected.to render_template(:new) }
+        expect(flash.now[:notice]).to match(/password can't be blank/i)
+        expect(response).to render_template(:edit)
+        expect(cookies[:remember_token]).to be_nil
+      end
     end
   end
-  describe 'given two users and user one signs in' do
-    before do
-      @user_one = create(:user)
-      @user_two = create(:user)
-      sign_in_as @user_one
-    end
+  def update_parameters(user, options = {})
+    new_password = options.fetch(:new_password)
+    {
+      user_id: user,
+      token: user.confirmation_token,
+      password_reset: { password: new_password }
+    }
   end
 end

data/spec/controllers/sessions_controller_spec.rb CHANGED Viewed

@@ -1,19 +1,31 @@
-require 'spec_helper'
+require "spec_helper"
 describe Clearance::SessionsController do
   it { should be_a Clearance::BaseController }
-  describe 'on GET to /sessions/new' do
-    before { get :new }
+  describe "on GET to #new" do
+    context "when a user is not signed in" do
+      before { get :new }
-    it { should respond_with(:success) }
-    it { should render_template(:new) }
-    it { should_not set_the_flash }
+      it { should respond_with(:success) }
+      it { should render_template(:new) }
+      it { should_not set_the_flash }
+    end
+    context "when a user is signed in" do
+      before do
+        sign_in
+        get :new
+      end
+      it { should redirect_to(Clearance.configuration.redirect_url) }
+      it { should_not set_the_flash }
+    end
   end
-  context 'when password is optional' do
-    describe 'POST create' do
-      it 'renders the page with error' do
+  describe "on POST to #create" do
+    context "when password is optional" do
+      it "renders the page with error" do
         user = create(:user_with_optional_password)
         post :create, session: { email: user.email, password: user.password }
@@ -22,64 +34,66 @@ describe Clearance::SessionsController do
         expect(flash[:notice]).to match(/^Bad email or password/)
       end
     end
-  end
-  describe 'on POST to #create with good credentials' do
-    before do
-      @user = create(:user)
-      @user.update_attribute :remember_token, 'old-token'
-      post :create, session: { email: @user.email, password: @user.password }
-    end
+    context "with good credentials" do
+      before do
+        @user = create(:user)
+        @user.update_attribute :remember_token, "old-token"
+        post :create, session: { email: @user.email, password: @user.password }
+      end
-    it { should redirect_to_url_after_create }
+      it { should redirect_to_url_after_create }
-    it 'sets the user in the clearance session' do
-      expect(controller.current_user).to eq @user
-    end
+      it "sets the user in the clearance session" do
+        expect(controller.current_user).to eq @user
+      end
-    it 'should not change the remember token' do
-      expect(@user.reload.remember_token).to eq 'old-token'
+      it "should not change the remember token" do
+        expect(@user.reload.remember_token).to eq "old-token"
+      end
     end
-  end
-  describe 'on POST to #create with good credentials and a session return url' do
-    before do
-      @user = create(:user)
-      @return_url = '/url_in_the_session?foo=bar'
-      @request.session[:return_to] = @return_url
-      post :create, session: { email: @user.email, password: @user.password }
-    end
+    context "with good credentials and a session return url" do
+      before do
+        @user = create(:user)
+        @return_url = "/url_in_the_session?foo=bar"
+        @request.session[:return_to] = @return_url
+        post :create, session: { email: @user.email, password: @user.password }
+      end
-    it 'redirects to the return URL' do
-      should redirect_to(@return_url)
+      it "redirects to the return URL" do
+        should redirect_to(@return_url)
+      end
     end
   end
-  describe 'on DELETE to #destroy given a signed out user' do
-    before do
-      sign_out
-      delete :destroy
-    end
-    it { should redirect_to_url_after_destroy }
-  end
+  describe "on DELETE to #destroy" do
+    context "given a signed out user" do
+      before do
+        sign_out
+        delete :destroy
+      end
-  describe 'on DELETE to #destroy with a cookie' do
-    before do
-      @user = create(:user)
-      @user.update_attribute :remember_token, 'old-token'
-      @request.cookies['remember_token'] = 'old-token'
-      delete :destroy
+      it { should redirect_to_url_after_destroy }
     end
-    it { should redirect_to_url_after_destroy }
+    context "with a cookie" do
+      before do
+        @user = create(:user)
+        @user.update_attribute :remember_token, "old-token"
+        @request.cookies["remember_token"] = "old-token"
+        delete :destroy
+      end
-    it 'should reset the remember token' do
-      expect(@user.reload.remember_token).not_to eq 'old-token'
-    end
+      it { should redirect_to_url_after_destroy }
-    it 'should unset the current user' do
-      expect(@controller.current_user).to be_nil
+      it "should reset the remember token" do
+        expect(@user.reload.remember_token).not_to eq "old-token"
+      end
+      it "should unset the current user" do
+        expect(@controller.current_user).to be_nil
+      end
     end
   end
 end