clearance 1.8.0 → 1.16.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/.travis.yml +25 -6
- data/.yardopts +6 -0
- data/Appraisals +15 -4
- data/CONTRIBUTING.md +4 -1
- data/Gemfile +5 -3
- data/Gemfile.lock +102 -96
- data/NEWS.md +742 -311
- data/README.md +217 -339
- data/app/controllers/clearance/passwords_controller.rb +35 -21
- data/app/controllers/clearance/sessions_controller.rb +17 -4
- data/app/controllers/clearance/users_controller.rb +10 -4
- data/app/mailers/clearance_mailer.rb +2 -3
- data/app/views/clearance_mailer/change_password.html.erb +6 -3
- data/app/views/clearance_mailer/change_password.text.erb +5 -0
- data/app/views/layouts/application.html.erb +2 -2
- data/app/views/passwords/create.html.erb +1 -1
- data/app/views/passwords/edit.html.erb +2 -2
- data/app/views/passwords/new.html.erb +2 -2
- data/app/views/sessions/_form.html.erb +2 -2
- data/app/views/sessions/new.html.erb +1 -1
- data/app/views/users/new.html.erb +2 -2
- data/bin/setup +6 -2
- data/config/locales/clearance.en.yml +6 -0
- data/db/migrate/20110111224543_create_clearance_users.rb +1 -1
- data/gemfiles/{rails3.2.gemfile → rails32.gemfile} +4 -2
- data/gemfiles/{rails4.0.gemfile → rails40.gemfile} +6 -3
- data/gemfiles/{rails4.1.gemfile → rails41.gemfile} +6 -3
- data/gemfiles/{rails4.2.gemfile → rails42.gemfile} +6 -3
- data/gemfiles/rails50.gemfile +21 -0
- data/lib/clearance/authentication.rb +61 -2
- data/lib/clearance/authorization.rb +47 -4
- data/lib/clearance/back_door.rb +29 -6
- data/lib/clearance/configuration.rb +152 -15
- data/lib/clearance/constraints/signed_in.rb +21 -0
- data/lib/clearance/constraints/signed_out.rb +12 -0
- data/lib/clearance/constraints.rb +12 -0
- data/lib/clearance/controller.rb +13 -0
- data/lib/clearance/default_sign_in_guard.rb +17 -0
- data/lib/clearance/engine.rb +24 -4
- data/lib/clearance/password_strategies/bcrypt.rb +16 -21
- data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +19 -0
- data/lib/clearance/password_strategies/blowfish.rb +17 -0
- data/lib/clearance/password_strategies/sha1.rb +17 -0
- data/lib/clearance/password_strategies.rb +13 -0
- data/lib/clearance/rack_session.rb +13 -0
- data/lib/clearance/rspec.rb +15 -4
- data/lib/clearance/session.rb +46 -1
- data/lib/clearance/session_status.rb +7 -0
- data/lib/clearance/sign_in_guard.rb +65 -0
- data/lib/clearance/test_unit.rb +3 -3
- data/lib/clearance/testing/controller_helpers.rb +44 -0
- data/lib/clearance/testing/deny_access_matcher.rb +36 -2
- data/lib/clearance/testing/helpers.rb +9 -25
- data/lib/clearance/testing/view_helpers.rb +32 -0
- data/lib/clearance/token.rb +7 -0
- data/lib/clearance/user.rb +182 -4
- data/lib/clearance/version.rb +1 -1
- data/lib/clearance.rb +2 -0
- data/lib/generators/clearance/install/install_generator.rb +24 -5
- data/lib/generators/clearance/install/templates/clearance.rb +1 -0
- data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb +3 -3
- data/lib/generators/clearance/install/templates/db/migrate/create_users.rb +2 -2
- data/lib/generators/clearance/install/templates/user.rb.erb +3 -0
- data/lib/generators/clearance/routes/routes_generator.rb +23 -0
- data/lib/generators/clearance/routes/templates/routes.rb +7 -7
- data/lib/generators/clearance/specs/templates/features/clearance/user_signs_out_spec.rb.tt +1 -1
- data/lib/generators/clearance/specs/templates/features/clearance/visitor_resets_password_spec.rb.tt +12 -2
- data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_in_spec.rb.tt +1 -1
- data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_up_spec.rb.tt +1 -1
- data/lib/generators/clearance/specs/templates/features/clearance/visitor_updates_password_spec.rb.tt +1 -1
- data/spec/acceptance/clearance_installation_spec.rb +4 -1
- data/spec/app_templates/app/models/rails5/user.rb +5 -0
- data/spec/app_templates/config/initializers/clearance.rb +2 -0
- data/spec/app_templates/testapp/app/controllers/home_controller.rb +5 -1
- data/spec/app_templates/testapp/config/initializers/action_mailer.rb +1 -3
- data/spec/clearance/back_door_spec.rb +25 -6
- data/spec/clearance/controller_spec.rb +11 -0
- data/spec/clearance/rack_session_spec.rb +5 -5
- data/spec/clearance/session_spec.rb +2 -15
- data/spec/clearance/testing/{helpers_spec.rb → controller_helpers_spec.rb} +12 -12
- data/spec/clearance/testing/view_helpers_spec.rb +37 -0
- data/spec/configuration_spec.rb +94 -86
- data/spec/controllers/apis_controller_spec.rb +6 -2
- data/spec/controllers/forgeries_controller_spec.rb +6 -1
- data/spec/controllers/passwords_controller_spec.rb +17 -16
- data/spec/controllers/permissions_controller_spec.rb +13 -3
- data/spec/controllers/sessions_controller_spec.rb +4 -4
- data/spec/dummy/app/controllers/application_controller.rb +5 -1
- data/spec/dummy/application.rb +4 -0
- data/spec/generators/clearance/install/install_generator_spec.rb +29 -3
- data/spec/generators/clearance/routes/routes_generator_spec.rb +5 -1
- data/spec/generators/clearance/views/views_generator_spec.rb +11 -10
- data/spec/helpers/helper_helpers_spec.rb +10 -0
- data/spec/mailers/clearance_mailer_spec.rb +13 -19
- data/spec/password_strategies/bcrypt_migration_from_sha1_spec.rb +6 -0
- data/spec/password_strategies/blowfish_spec.rb +6 -0
- data/spec/password_strategies/sha1_spec.rb +6 -0
- data/spec/requests/csrf_rotation_spec.rb +33 -0
- data/spec/spec_helper.rb +11 -2
- data/spec/support/generator_spec_helpers.rb +13 -1
- data/spec/support/http_method_shim.rb +23 -0
- data/spec/user_spec.rb +9 -0
- data/spec/views/view_helpers_spec.rb +10 -0
- metadata +22 -9
- data/lib/generators/clearance/install/templates/user.rb +0 -3
@@ -32,15 +32,13 @@ describe Clearance::Session do
|
|
32
32
|
|
33
33
|
context "with a custom cookie name" do
|
34
34
|
it "sets a custom cookie name in the header" do
|
35
|
-
Clearance.configuration.
|
35
|
+
Clearance.configuration.cookie_name = "custom_cookie_name"
|
36
36
|
|
37
37
|
session.sign_in user
|
38
38
|
session.add_cookie_to_headers(headers)
|
39
39
|
|
40
|
-
expect(headers["Set-Cookie"]).to match(/
|
40
|
+
expect(headers["Set-Cookie"]).to match(/custom_cookie_name=.+;/)
|
41
41
|
end
|
42
|
-
|
43
|
-
after { restore_default_config }
|
44
42
|
end
|
45
43
|
|
46
44
|
describe '#sign_in' do
|
@@ -113,7 +111,6 @@ describe Clearance::Session do
|
|
113
111
|
expect(session.current_user).to be_nil
|
114
112
|
end
|
115
113
|
|
116
|
-
|
117
114
|
def stub_sign_in_guard(options)
|
118
115
|
session_status = stub_status(options.fetch(:succeed))
|
119
116
|
|
@@ -159,8 +156,6 @@ describe Clearance::Session do
|
|
159
156
|
|
160
157
|
expect(headers['Set-Cookie']).to match(/remember_token=.+; HttpOnly/)
|
161
158
|
end
|
162
|
-
|
163
|
-
after { restore_default_config }
|
164
159
|
end
|
165
160
|
|
166
161
|
context 'if httponly is not set' do
|
@@ -270,8 +265,6 @@ describe Clearance::Session do
|
|
270
265
|
|
271
266
|
expect(headers['Set-Cookie']).to match(/remember_token=.+; secure/)
|
272
267
|
end
|
273
|
-
|
274
|
-
after { restore_default_config }
|
275
268
|
end
|
276
269
|
end
|
277
270
|
|
@@ -287,8 +280,6 @@ describe Clearance::Session do
|
|
287
280
|
|
288
281
|
expect(headers['Set-Cookie']).to match(/domain=\.example\.com; path/)
|
289
282
|
end
|
290
|
-
|
291
|
-
after { restore_default_config }
|
292
283
|
end
|
293
284
|
|
294
285
|
context 'when not set' do
|
@@ -324,8 +315,6 @@ describe Clearance::Session do
|
|
324
315
|
|
325
316
|
expect(headers['Set-Cookie']).to match(/path=\/user; expires/)
|
326
317
|
end
|
327
|
-
|
328
|
-
after { restore_default_config }
|
329
318
|
end
|
330
319
|
end
|
331
320
|
|
@@ -375,7 +364,5 @@ describe Clearance::Session do
|
|
375
364
|
def with_custom_expiration(custom_duration)
|
376
365
|
Clearance.configuration.cookie_expiration = custom_duration
|
377
366
|
yield
|
378
|
-
ensure
|
379
|
-
restore_default_config
|
380
367
|
end
|
381
368
|
end
|
@@ -1,20 +1,20 @@
|
|
1
|
-
require
|
1
|
+
require "spec_helper"
|
2
2
|
|
3
|
-
describe Clearance::Testing::
|
3
|
+
describe Clearance::Testing::ControllerHelpers do
|
4
4
|
class TestClass
|
5
|
-
include Clearance::Testing::
|
5
|
+
include Clearance::Testing::ControllerHelpers
|
6
6
|
|
7
7
|
def initialize
|
8
|
-
@
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
8
|
+
@request = Class.new do
|
9
|
+
def env
|
10
|
+
{ clearance: Clearance::Session.new({}) }
|
11
|
+
end
|
12
|
+
end.new
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
16
|
-
describe
|
17
|
-
it
|
16
|
+
describe "#sign_in" do
|
17
|
+
it "creates an instance of the clearance user model with FactoryGirl" do
|
18
18
|
MyUserModel = Class.new
|
19
19
|
allow(FactoryGirl).to receive(:create)
|
20
20
|
allow(Clearance.configuration).to receive(:user_model).
|
@@ -26,8 +26,8 @@ describe Clearance::Testing::Helpers do
|
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
29
|
-
describe
|
30
|
-
it
|
29
|
+
describe "#sign_in_as" do
|
30
|
+
it "returns the user if signed in successfully" do
|
31
31
|
user = build(:user)
|
32
32
|
|
33
33
|
returned_user = TestClass.new.sign_in_as user
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe Clearance::Testing::ViewHelpers do
|
4
|
+
describe "#sign_in" do
|
5
|
+
it "sets the signed in user to a new user object" do
|
6
|
+
user_model = Class.new
|
7
|
+
allow(Clearance.configuration).to receive(:user_model).
|
8
|
+
and_return(user_model)
|
9
|
+
|
10
|
+
view = test_view_class.new
|
11
|
+
view.sign_in
|
12
|
+
|
13
|
+
expect(view.current_user).to be_an_instance_of(user_model)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
describe "#sign_in_as" do
|
18
|
+
it "sets the signed in user to the object provided" do
|
19
|
+
user = double("User")
|
20
|
+
|
21
|
+
view = test_view_class.new
|
22
|
+
view.sign_in_as(user)
|
23
|
+
|
24
|
+
expect(view.current_user).to eq user
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_view_class
|
29
|
+
Class.new do
|
30
|
+
include Clearance::Testing::ViewHelpers
|
31
|
+
|
32
|
+
def view
|
33
|
+
@view ||= extend Clearance::Testing::ViewHelpers::CurrentUser
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
data/spec/configuration_spec.rb
CHANGED
@@ -1,150 +1,117 @@
|
|
1
|
-
require
|
1
|
+
require "spec_helper"
|
2
2
|
|
3
3
|
describe Clearance::Configuration do
|
4
|
-
|
5
|
-
|
6
|
-
context 'when no user_model_name is specified' do
|
7
|
-
before do
|
8
|
-
Clearance.configure do |config|
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
it 'defaults to User' do
|
4
|
+
context "when no user_model_name is specified" do
|
5
|
+
it "defaults to User" do
|
13
6
|
expect(Clearance.configuration.user_model).to eq ::User
|
14
7
|
end
|
15
8
|
end
|
16
9
|
|
17
|
-
context
|
18
|
-
|
10
|
+
context "when a custom user_model_name is specified" do
|
11
|
+
it "is used instead of User" do
|
19
12
|
MyUser = Class.new
|
13
|
+
Clearance.configure { |config| config.user_model = MyUser }
|
20
14
|
|
21
|
-
Clearance.configure do |config|
|
22
|
-
config.user_model = MyUser
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
it 'is used instead of User' do
|
27
15
|
expect(Clearance.configuration.user_model).to eq ::MyUser
|
28
16
|
end
|
29
17
|
end
|
30
18
|
|
31
|
-
context
|
32
|
-
|
33
|
-
Clearance.configure
|
34
|
-
config.secure_cookie = true
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
it 'returns true' do
|
19
|
+
context "when secure_cookie is set to true" do
|
20
|
+
it "returns true" do
|
21
|
+
Clearance.configure { |config| config.secure_cookie = true }
|
39
22
|
expect(Clearance.configuration.secure_cookie).to eq true
|
40
23
|
end
|
41
24
|
end
|
42
25
|
|
43
|
-
context
|
44
|
-
|
45
|
-
Clearance.configure do |config|
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
it 'defaults to false' do
|
26
|
+
context "when secure_cookie is not specified" do
|
27
|
+
it "defaults to false" do
|
50
28
|
expect(Clearance.configuration.secure_cookie).to eq false
|
51
29
|
end
|
52
30
|
end
|
53
31
|
|
54
|
-
context
|
32
|
+
context "when no redirect URL specified" do
|
55
33
|
it 'returns "/" as redirect URL' do
|
56
|
-
expect(Clearance::Configuration.new.redirect_url).to eq
|
34
|
+
expect(Clearance::Configuration.new.redirect_url).to eq "/"
|
57
35
|
end
|
58
36
|
end
|
59
37
|
|
60
|
-
context
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
Clearance.configure do |config|
|
65
|
-
config.redirect_url = new_redirect_url
|
66
|
-
end
|
67
|
-
end
|
38
|
+
context "when redirect URL is specified" do
|
39
|
+
it "returns new redirect URL" do
|
40
|
+
new_redirect_url = "/admin"
|
41
|
+
Clearance.configure { |config| config.redirect_url = new_redirect_url }
|
68
42
|
|
69
|
-
it 'returns new redirect URL' do
|
70
43
|
expect(Clearance.configuration.redirect_url).to eq new_redirect_url
|
71
44
|
end
|
72
45
|
end
|
73
46
|
|
74
|
-
context
|
75
|
-
|
47
|
+
context "when specifying sign in guards" do
|
48
|
+
it "returns the stack with added guards" do
|
49
|
+
DummyGuard = Class.new
|
50
|
+
Clearance.configure { |config| config.sign_in_guards = [DummyGuard] }
|
76
51
|
|
77
|
-
before do
|
78
|
-
Clearance.configure do |config|
|
79
|
-
config.sign_in_guards = [DummyGuard]
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
|
-
it 'returns the stack with added guards' do
|
84
52
|
expect(Clearance.configuration.sign_in_guards).to eq [DummyGuard]
|
85
53
|
end
|
86
54
|
end
|
87
55
|
|
88
|
-
context
|
89
|
-
|
56
|
+
context "when cookie domain is specified" do
|
57
|
+
it "returns configured value" do
|
58
|
+
domain = ".example.com"
|
59
|
+
Clearance.configure { |config| config.cookie_domain = domain }
|
90
60
|
|
91
|
-
before do
|
92
|
-
Clearance.configure do |config|
|
93
|
-
config.cookie_domain = domain
|
94
|
-
end
|
95
|
-
end
|
96
|
-
|
97
|
-
it 'returns configured value' do
|
98
61
|
expect(Clearance.configuration.cookie_domain).to eq domain
|
99
62
|
end
|
100
63
|
end
|
101
64
|
|
102
|
-
context
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
Clearance.configure do |config|
|
107
|
-
config.cookie_path = path
|
108
|
-
end
|
109
|
-
end
|
65
|
+
context "when cookie path is specified" do
|
66
|
+
it "returns configured value" do
|
67
|
+
path = "/user"
|
68
|
+
Clearance.configure { |config| config.cookie_path = path }
|
110
69
|
|
111
|
-
it 'returns configured value' do
|
112
70
|
expect(Clearance.configuration.cookie_path).to eq path
|
113
71
|
end
|
114
72
|
end
|
115
73
|
|
116
|
-
describe
|
117
|
-
context
|
118
|
-
it
|
74
|
+
describe "#allow_sign_up?" do
|
75
|
+
context "when allow_sign_up is configured to false" do
|
76
|
+
it "returns false" do
|
119
77
|
Clearance.configure { |config| config.allow_sign_up = false }
|
120
78
|
expect(Clearance.configuration.allow_sign_up?).to eq false
|
121
79
|
end
|
122
80
|
end
|
123
81
|
|
124
|
-
context
|
125
|
-
it
|
82
|
+
context "when allow_sign_up has not been configured" do
|
83
|
+
it "returns true" do
|
126
84
|
expect(Clearance.configuration.allow_sign_up?).to eq true
|
127
85
|
end
|
128
86
|
end
|
129
87
|
end
|
130
88
|
|
131
|
-
describe
|
132
|
-
context
|
133
|
-
it
|
89
|
+
describe "#user_actions" do
|
90
|
+
context "when allow_sign_up is configured to false" do
|
91
|
+
it "returns empty array" do
|
134
92
|
Clearance.configure { |config| config.allow_sign_up = false }
|
135
93
|
expect(Clearance.configuration.user_actions).to eq []
|
136
94
|
end
|
137
95
|
end
|
138
96
|
|
139
|
-
context
|
140
|
-
it
|
97
|
+
context "when sign_up has not been configured" do
|
98
|
+
it "returns create" do
|
141
99
|
expect(Clearance.configuration.user_actions).to eq [:create]
|
142
100
|
end
|
143
101
|
end
|
144
102
|
end
|
145
103
|
|
146
|
-
describe
|
147
|
-
it
|
104
|
+
describe "#user_parameter" do
|
105
|
+
it "returns the parameter key to use based on the user_model" do
|
106
|
+
Account = Class.new(ActiveRecord::Base)
|
107
|
+
Clearance.configure { |config| config.user_model = Account }
|
108
|
+
|
109
|
+
expect(Clearance.configuration.user_parameter).to eq :account
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
describe "#user_id_parameter" do
|
114
|
+
it "returns the parameter key to use based on the user_model" do
|
148
115
|
CustomUser = Class.new(ActiveRecord::Base)
|
149
116
|
Clearance.configure { |config| config.user_model = CustomUser }
|
150
117
|
|
@@ -152,14 +119,55 @@ describe Clearance::Configuration do
|
|
152
119
|
end
|
153
120
|
end
|
154
121
|
|
155
|
-
describe
|
156
|
-
it
|
122
|
+
describe "#routes_enabled?" do
|
123
|
+
it "is true by default" do
|
157
124
|
expect(Clearance.configuration.routes_enabled?).to be true
|
158
125
|
end
|
159
126
|
|
160
|
-
it
|
127
|
+
it "is false when routes are set to false" do
|
161
128
|
Clearance.configure { |config| config.routes = false }
|
162
129
|
expect(Clearance.configuration.routes_enabled?).to be false
|
163
130
|
end
|
164
131
|
end
|
132
|
+
|
133
|
+
describe "#reload_user_model" do
|
134
|
+
it "returns the user model class if one has already been configured" do
|
135
|
+
ConfiguredUser = Class.new
|
136
|
+
Clearance.configure { |config| config.user_model = ConfiguredUser }
|
137
|
+
|
138
|
+
expect(Clearance.configuration.reload_user_model).to eq ConfiguredUser
|
139
|
+
end
|
140
|
+
|
141
|
+
it "returns nil if the user_model has not been configured" do
|
142
|
+
Clearance.configuration = Clearance::Configuration.new
|
143
|
+
|
144
|
+
expect(Clearance.configuration.reload_user_model).to be_nil
|
145
|
+
end
|
146
|
+
end
|
147
|
+
|
148
|
+
describe "#rotate_csrf_on_sign_in?" do
|
149
|
+
it "defaults to falsey and warns" do
|
150
|
+
Clearance.configuration = Clearance::Configuration.new
|
151
|
+
allow(Clearance.configuration).to receive(:warn)
|
152
|
+
|
153
|
+
expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be_falsey
|
154
|
+
expect(Clearance.configuration).to have_received(:warn)
|
155
|
+
end
|
156
|
+
|
157
|
+
it "is true and does not warn when `rotate_csrf_on_sign_in` is true" do
|
158
|
+
Clearance.configure { |config| config.rotate_csrf_on_sign_in = true }
|
159
|
+
allow(Clearance.configuration).to receive(:warn)
|
160
|
+
|
161
|
+
expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be true
|
162
|
+
expect(Clearance.configuration).not_to have_received(:warn)
|
163
|
+
end
|
164
|
+
|
165
|
+
it "is false and does not warn when `rotate_csrf_on_sign_in` is false" do
|
166
|
+
Clearance.configure { |config| config.rotate_csrf_on_sign_in = false }
|
167
|
+
allow(Clearance.configuration).to receive(:warn)
|
168
|
+
|
169
|
+
expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be false
|
170
|
+
expect(Clearance.configuration).not_to have_received(:warn)
|
171
|
+
end
|
172
|
+
end
|
165
173
|
end
|
@@ -3,10 +3,14 @@ require 'spec_helper'
|
|
3
3
|
class ApisController < ActionController::Base
|
4
4
|
include Clearance::Controller
|
5
5
|
|
6
|
-
|
6
|
+
if respond_to?(:before_action)
|
7
|
+
before_action :require_login
|
8
|
+
else
|
9
|
+
before_filter :require_login
|
10
|
+
end
|
7
11
|
|
8
12
|
def show
|
9
|
-
|
13
|
+
head :ok
|
10
14
|
end
|
11
15
|
end
|
12
16
|
|
@@ -4,7 +4,12 @@ class ForgeriesController < ActionController::Base
|
|
4
4
|
include Clearance::Controller
|
5
5
|
|
6
6
|
protect_from_forgery
|
7
|
-
|
7
|
+
|
8
|
+
if respond_to?(:before_action)
|
9
|
+
before_action :require_login
|
10
|
+
else
|
11
|
+
before_filter :require_login
|
12
|
+
end
|
8
13
|
|
9
14
|
# This is off in test by default, but we need it for this test
|
10
15
|
self.allow_forgery_protection = true
|
@@ -5,9 +5,7 @@ describe Clearance::PasswordsController do
|
|
5
5
|
|
6
6
|
describe "#new" do
|
7
7
|
it "renders the password reset form" do
|
8
|
-
|
9
|
-
|
10
|
-
get :new, user_id: user
|
8
|
+
get :new
|
11
9
|
|
12
10
|
expect(response).to be_success
|
13
11
|
expect(response).to render_template(:new)
|
@@ -57,12 +55,25 @@ describe Clearance::PasswordsController do
|
|
57
55
|
end
|
58
56
|
|
59
57
|
describe "#edit" do
|
60
|
-
context "valid id and token are supplied" do
|
61
|
-
it "
|
58
|
+
context "valid id and token are supplied in url" do
|
59
|
+
it "redirects to the edit page with token now removed from url" do
|
62
60
|
user = create(:user, :with_forgotten_password)
|
63
61
|
|
64
62
|
get :edit, user_id: user, token: user.confirmation_token
|
65
63
|
|
64
|
+
expect(response).to be_redirect
|
65
|
+
expect(response).to redirect_to edit_user_password_url(user)
|
66
|
+
expect(session[:password_reset_token]).to eq user.confirmation_token
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
context "valid id in url and valid token in session" do
|
71
|
+
it "renders the password reset form" do
|
72
|
+
user = create(:user, :with_forgotten_password)
|
73
|
+
|
74
|
+
request.session[:password_reset_token] = user.confirmation_token
|
75
|
+
get :edit, user_id: user
|
76
|
+
|
66
77
|
expect(response).to be_success
|
67
78
|
expect(response).to render_template(:edit)
|
68
79
|
expect(assigns(:user)).to eq user
|
@@ -101,16 +112,6 @@ describe Clearance::PasswordsController do
|
|
101
112
|
expect(user.reload.encrypted_password).not_to eq old_encrypted_password
|
102
113
|
end
|
103
114
|
|
104
|
-
it "sets the remember token and clears the confirmation token" do
|
105
|
-
user = create(:user, :with_forgotten_password)
|
106
|
-
|
107
|
-
put :update, update_parameters(user, new_password: "my_new_password")
|
108
|
-
|
109
|
-
user.reload
|
110
|
-
expect(user.remember_token).not_to be_nil
|
111
|
-
expect(user.confirmation_token).to be_nil
|
112
|
-
end
|
113
|
-
|
114
115
|
it "signs the user in and redirects" do
|
115
116
|
user = create(:user, :with_forgotten_password)
|
116
117
|
|
@@ -121,7 +122,7 @@ describe Clearance::PasswordsController do
|
|
121
122
|
end
|
122
123
|
end
|
123
124
|
|
124
|
-
context "
|
125
|
+
context "password update fails" do
|
125
126
|
it "does not update the password" do
|
126
127
|
user = create(:user, :with_forgotten_password)
|
127
128
|
old_encrypted_password = user.encrypted_password
|
@@ -3,14 +3,18 @@ require 'spec_helper'
|
|
3
3
|
class PermissionsController < ActionController::Base
|
4
4
|
include Clearance::Controller
|
5
5
|
|
6
|
-
|
6
|
+
if respond_to?(:before_action)
|
7
|
+
before_action :require_login, only: :show
|
8
|
+
else
|
9
|
+
before_filter :require_login, only: :show
|
10
|
+
end
|
7
11
|
|
8
12
|
def new
|
9
|
-
|
13
|
+
head :ok
|
10
14
|
end
|
11
15
|
|
12
16
|
def show
|
13
|
-
|
17
|
+
head :ok
|
14
18
|
end
|
15
19
|
end
|
16
20
|
|
@@ -54,6 +58,12 @@ describe PermissionsController do
|
|
54
58
|
|
55
59
|
expect(subject).to deny_access(redirect: sign_in_url)
|
56
60
|
end
|
61
|
+
|
62
|
+
it "denies access to show and display a flash message" do
|
63
|
+
get :show
|
64
|
+
|
65
|
+
expect(flash[:notice]).to match(/^Please sign in to continue/)
|
66
|
+
end
|
57
67
|
end
|
58
68
|
|
59
69
|
context 'when remember_token is blank' do
|
@@ -9,7 +9,7 @@ describe Clearance::SessionsController do
|
|
9
9
|
|
10
10
|
it { should respond_with(:success) }
|
11
11
|
it { should render_template(:new) }
|
12
|
-
it { should_not
|
12
|
+
it { should_not set_flash }
|
13
13
|
end
|
14
14
|
|
15
15
|
context "when a user is signed in" do
|
@@ -19,7 +19,7 @@ describe Clearance::SessionsController do
|
|
19
19
|
end
|
20
20
|
|
21
21
|
it { should redirect_to(Clearance.configuration.redirect_url) }
|
22
|
-
it { should_not
|
22
|
+
it { should_not set_flash }
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
@@ -45,7 +45,7 @@ describe Clearance::SessionsController do
|
|
45
45
|
it { should redirect_to_url_after_create }
|
46
46
|
|
47
47
|
it "sets the user in the clearance session" do
|
48
|
-
expect(
|
48
|
+
expect(request.env[:clearance].current_user).to eq @user
|
49
49
|
end
|
50
50
|
|
51
51
|
it "should not change the remember token" do
|
@@ -92,7 +92,7 @@ describe Clearance::SessionsController do
|
|
92
92
|
end
|
93
93
|
|
94
94
|
it "should unset the current user" do
|
95
|
-
expect(
|
95
|
+
expect(request.env[:clearance].current_user).to be_nil
|
96
96
|
end
|
97
97
|
end
|
98
98
|
end
|
@@ -2,6 +2,10 @@ class ApplicationController < ActionController::Base
|
|
2
2
|
include Clearance::Controller
|
3
3
|
|
4
4
|
def show
|
5
|
-
|
5
|
+
if Rails::VERSION::MAJOR >= 5
|
6
|
+
render html: "", layout: "application"
|
7
|
+
else
|
8
|
+
render text: "", layout: "application"
|
9
|
+
end
|
6
10
|
end
|
7
11
|
end
|
data/spec/dummy/application.rb
CHANGED
@@ -37,6 +37,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
37
37
|
|
38
38
|
expect(user_class).to exist
|
39
39
|
expect(user_class).to have_correct_syntax
|
40
|
+
expect(user_class).to contain_models_inherit_from
|
40
41
|
expect(user_class).to contain("include Clearance::User")
|
41
42
|
end
|
42
43
|
end
|
@@ -51,6 +52,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
51
52
|
|
52
53
|
expect(user_class).to exist
|
53
54
|
expect(user_class).to have_correct_syntax
|
55
|
+
expect(user_class).to contain_models_inherit_from
|
54
56
|
expect(user_class).to contain("include Clearance::User")
|
55
57
|
expect(user_class).to have_method("previously_existed?")
|
56
58
|
end
|
@@ -61,9 +63,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
61
63
|
context "users table does not exist" do
|
62
64
|
it "creates a migration to create the users table" do
|
63
65
|
provide_existing_application_controller
|
64
|
-
|
65
|
-
with(:users).
|
66
|
-
and_return(false)
|
66
|
+
table_does_not_exist(:users)
|
67
67
|
|
68
68
|
run_generator
|
69
69
|
migration = migration_file("db/migrate/create_users.rb")
|
@@ -115,4 +115,30 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
115
115
|
end
|
116
116
|
end
|
117
117
|
end
|
118
|
+
|
119
|
+
def table_does_not_exist(name)
|
120
|
+
connection = ActiveRecord::Base.connection
|
121
|
+
|
122
|
+
if connection.respond_to?(:data_source_exists?)
|
123
|
+
allow(connection).to receive(:data_source_exists?).
|
124
|
+
with(name).
|
125
|
+
and_return(false)
|
126
|
+
else
|
127
|
+
allow(connection).to receive(:table_exists?).
|
128
|
+
with(name).
|
129
|
+
and_return(false)
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
def contain_models_inherit_from
|
134
|
+
contain "< #{models_inherit_from}\n"
|
135
|
+
end
|
136
|
+
|
137
|
+
def models_inherit_from
|
138
|
+
if Rails.version >= "5.0.0"
|
139
|
+
"ApplicationRecord"
|
140
|
+
else
|
141
|
+
"ActiveRecord::Base"
|
142
|
+
end
|
143
|
+
end
|
118
144
|
end
|
@@ -4,14 +4,18 @@ require "generators/clearance/routes/routes_generator"
|
|
4
4
|
describe Clearance::Generators::RoutesGenerator, :generator do
|
5
5
|
it "adds clearance routes to host application routes" do
|
6
6
|
provide_existing_routes_file
|
7
|
+
provide_existing_initializer
|
7
8
|
|
8
9
|
routes = file("config/routes.rb")
|
10
|
+
initializer = file("config/initializers/clearance.rb")
|
9
11
|
|
10
12
|
run_generator
|
11
13
|
|
14
|
+
expect(initializer).to have_correct_syntax
|
15
|
+
expect(initializer).to contain("config.routes = false")
|
12
16
|
expect(routes).to have_correct_syntax
|
13
17
|
expect(routes).to contain(
|
14
|
-
|
18
|
+
'get "/sign_in" => "clearance/sessions#new", as: "sign_in"'
|
15
19
|
)
|
16
20
|
end
|
17
21
|
end
|