clearance 1.8.0 → 1.16.0

data/spec/clearance/session_spec.rb

@@ -32,15 +32,13 @@ describe Clearance::Session do
 
   context "with a custom cookie name" do
     it "sets a custom cookie name in the header" do
-      Clearance.configuration.cookie_domain = "custom_token"
+      Clearance.configuration.cookie_name = "custom_cookie_name"
 
       session.sign_in user
       session.add_cookie_to_headers(headers)
 
-      expect(headers["Set-Cookie"]).to match(/custom_token/)
+      expect(headers["Set-Cookie"]).to match(/custom_cookie_name=.+;/)
     end
-
-    after { restore_default_config }
   end
 
   describe '#sign_in' do
@@ -113,7 +111,6 @@ describe Clearance::Session do
         expect(session.current_user).to be_nil
       end
 
-
       def stub_sign_in_guard(options)
         session_status = stub_status(options.fetch(:succeed))
 
@@ -159,8 +156,6 @@ describe Clearance::Session do
 
       expect(headers['Set-Cookie']).to match(/remember_token=.+; HttpOnly/)
     end
-
-    after { restore_default_config }
   end
 
   context 'if httponly is not set' do
@@ -270,8 +265,6 @@ describe Clearance::Session do
 
         expect(headers['Set-Cookie']).to match(/remember_token=.+; secure/)
       end
-
-      after { restore_default_config }
     end
   end
 
@@ -287,8 +280,6 @@ describe Clearance::Session do
 
         expect(headers['Set-Cookie']).to match(/domain=\.example\.com; path/)
       end
-
-      after { restore_default_config }
     end
 
     context 'when not set' do
@@ -324,8 +315,6 @@ describe Clearance::Session do
 
         expect(headers['Set-Cookie']).to match(/path=\/user; expires/)
       end
-
-      after { restore_default_config }
     end
   end
 
@@ -375,7 +364,5 @@ describe Clearance::Session do
   def with_custom_expiration(custom_duration)
     Clearance.configuration.cookie_expiration = custom_duration
     yield
-  ensure
-    restore_default_config
   end
 end

data/spec/clearance/testing/{helpers_spec.rb → controller_helpers_spec.rb}

@@ -1,20 +1,20 @@
-require 'spec_helper'
+require "spec_helper"
 
-describe Clearance::Testing::Helpers do
+describe Clearance::Testing::ControllerHelpers do
   class TestClass
-    include Clearance::Testing::Helpers
+    include Clearance::Testing::ControllerHelpers
 
     def initialize
-      @controller = Controller.new
-    end
-
-    class Controller
-      def sign_in(user); end
+      @request = Class.new do
+        def env
+          { clearance: Clearance::Session.new({}) }
+        end
+      end.new
     end
   end
 
-  describe '#sign_in' do
-    it 'creates an instance of the clearance user model with FactoryGirl' do
+  describe "#sign_in" do
+    it "creates an instance of the clearance user model with FactoryGirl" do
       MyUserModel = Class.new
       allow(FactoryGirl).to receive(:create)
       allow(Clearance.configuration).to receive(:user_model).
@@ -26,8 +26,8 @@ describe Clearance::Testing::Helpers do
     end
   end
 
-  describe '#sign_in_as' do
-    it 'returns the user if signed in successfully' do
+  describe "#sign_in_as" do
+    it "returns the user if signed in successfully" do
       user = build(:user)
 
       returned_user = TestClass.new.sign_in_as user

data/spec/clearance/testing/view_helpers_spec.rb

@@ -0,0 +1,37 @@
+require "spec_helper"
+
+describe Clearance::Testing::ViewHelpers do
+  describe "#sign_in" do
+    it "sets the signed in user to a new user object" do
+      user_model = Class.new
+      allow(Clearance.configuration).to receive(:user_model).
+        and_return(user_model)
+
+      view = test_view_class.new
+      view.sign_in
+
+      expect(view.current_user).to be_an_instance_of(user_model)
+    end
+  end
+
+  describe "#sign_in_as" do
+    it "sets the signed in user to the object provided" do
+      user = double("User")
+
+      view = test_view_class.new
+      view.sign_in_as(user)
+
+      expect(view.current_user).to eq user
+    end
+  end
+
+  def test_view_class
+    Class.new do
+      include Clearance::Testing::ViewHelpers
+
+      def view
+        @view ||= extend Clearance::Testing::ViewHelpers::CurrentUser
+      end
+    end
+  end
+end

data/spec/configuration_spec.rb

@@ -1,150 +1,117 @@
-require 'spec_helper'
+require "spec_helper"
 
 describe Clearance::Configuration do
-  after { restore_default_config }
-
-  context 'when no user_model_name is specified' do
-    before do
-      Clearance.configure do |config|
-      end
-    end
-
-    it 'defaults to User' do
+  context "when no user_model_name is specified" do
+    it "defaults to User" do
       expect(Clearance.configuration.user_model).to eq ::User
     end
   end
 
-  context 'when a custom user_model_name is specified' do
-    before do
+  context "when a custom user_model_name is specified" do
+    it "is used instead of User" do
       MyUser = Class.new
+      Clearance.configure { |config| config.user_model = MyUser }
 
-      Clearance.configure do |config|
-        config.user_model = MyUser
-      end
-    end
-
-    it 'is used instead of User' do
       expect(Clearance.configuration.user_model).to eq ::MyUser
     end
   end
 
-  context 'when secure_cookie is set to true' do
-    before do
-      Clearance.configure do |config|
-        config.secure_cookie = true
-      end
-    end
-
-    it 'returns true' do
+  context "when secure_cookie is set to true" do
+    it "returns true" do
+      Clearance.configure { |config| config.secure_cookie = true }
       expect(Clearance.configuration.secure_cookie).to eq true
     end
   end
 
-  context 'when secure_cookie is not specified' do
-    before do
-      Clearance.configure do |config|
-      end
-    end
-
-    it 'defaults to false' do
+  context "when secure_cookie is not specified" do
+    it "defaults to false" do
       expect(Clearance.configuration.secure_cookie).to eq false
     end
   end
 
-  context 'when no redirect URL specified' do
+  context "when no redirect URL specified" do
     it 'returns "/" as redirect URL' do
-      expect(Clearance::Configuration.new.redirect_url).to eq '/'
+      expect(Clearance::Configuration.new.redirect_url).to eq "/"
     end
   end
 
-  context 'when redirect URL is specified' do
-    let(:new_redirect_url) { '/admin' }
-
-    before do
-      Clearance.configure do |config|
-        config.redirect_url = new_redirect_url
-      end
-    end
+  context "when redirect URL is specified" do
+    it "returns new redirect URL" do
+      new_redirect_url = "/admin"
+      Clearance.configure { |config| config.redirect_url = new_redirect_url }
 
-    it 'returns new redirect URL' do
       expect(Clearance.configuration.redirect_url).to eq new_redirect_url
     end
   end
 
-  context 'when specifying sign in guards' do
-    DummyGuard = Class.new
+  context "when specifying sign in guards" do
+    it "returns the stack with added guards" do
+      DummyGuard = Class.new
+      Clearance.configure { |config| config.sign_in_guards = [DummyGuard] }
 
-    before do
-      Clearance.configure do |config|
-        config.sign_in_guards = [DummyGuard]
-      end
-    end
-
-    it 'returns the stack with added guards' do
       expect(Clearance.configuration.sign_in_guards).to eq [DummyGuard]
     end
   end
 
-  context 'when cookie domain is specified' do
-    let(:domain) { '.example.com' }
+  context "when cookie domain is specified" do
+    it "returns configured value" do
+      domain = ".example.com"
+      Clearance.configure { |config| config.cookie_domain = domain }
 
-    before do
-      Clearance.configure do |config|
-        config.cookie_domain = domain
-      end
-    end
-
-    it 'returns configured value' do
       expect(Clearance.configuration.cookie_domain).to eq domain
     end
   end
 
-  context 'when cookie path is specified' do
-    let(:path) { '/user' }
-
-    before do
-      Clearance.configure do |config|
-        config.cookie_path = path
-      end
-    end
+  context "when cookie path is specified" do
+    it "returns configured value" do
+      path = "/user"
+      Clearance.configure { |config| config.cookie_path = path }
 
-    it 'returns configured value' do
       expect(Clearance.configuration.cookie_path).to eq path
     end
   end
 
-  describe '#allow_sign_up?' do
-    context 'when allow_sign_up is configured to false' do
-      it 'returns false' do
+  describe "#allow_sign_up?" do
+    context "when allow_sign_up is configured to false" do
+      it "returns false" do
         Clearance.configure { |config| config.allow_sign_up = false }
         expect(Clearance.configuration.allow_sign_up?).to eq false
       end
     end
 
-    context 'when allow_sign_up has not been configured' do
-      it 'returns true' do
+    context "when allow_sign_up has not been configured" do
+      it "returns true" do
         expect(Clearance.configuration.allow_sign_up?).to eq true
       end
     end
   end
 
-  describe '#user_actions' do
-    context 'when allow_sign_up is configured to false' do
-      it 'returns empty array' do
+  describe "#user_actions" do
+    context "when allow_sign_up is configured to false" do
+      it "returns empty array" do
         Clearance.configure { |config| config.allow_sign_up = false }
         expect(Clearance.configuration.user_actions).to eq []
       end
     end
 
-    context 'when sign_up has not been configured' do
-      it 'returns create' do
+    context "when sign_up has not been configured" do
+      it "returns create" do
         expect(Clearance.configuration.user_actions).to eq [:create]
       end
     end
   end
 
-  describe '#user_id_parameter' do
-    it 'returns the parameter key to use based on the user_model' do
+  describe "#user_parameter" do
+    it "returns the parameter key to use based on the user_model" do
+      Account = Class.new(ActiveRecord::Base)
+      Clearance.configure { |config| config.user_model = Account }
+
+      expect(Clearance.configuration.user_parameter).to eq :account
+    end
+  end
+
+  describe "#user_id_parameter" do
+    it "returns the parameter key to use based on the user_model" do
       CustomUser = Class.new(ActiveRecord::Base)
       Clearance.configure { |config| config.user_model = CustomUser }
 
@@ -152,14 +119,55 @@ describe Clearance::Configuration do
     end
   end
 
-  describe '#routes_enabled?' do
-    it 'is true by default' do
+  describe "#routes_enabled?" do
+    it "is true by default" do
       expect(Clearance.configuration.routes_enabled?).to be true
     end
 
-    it 'is false when routes are set to false' do
+    it "is false when routes are set to false" do
       Clearance.configure { |config| config.routes = false }
       expect(Clearance.configuration.routes_enabled?).to be false
     end
   end
+
+  describe "#reload_user_model" do
+    it "returns the user model class if one has already been configured" do
+      ConfiguredUser = Class.new
+      Clearance.configure { |config| config.user_model = ConfiguredUser }
+
+      expect(Clearance.configuration.reload_user_model).to eq ConfiguredUser
+    end
+
+    it "returns nil if the user_model has not been configured" do
+      Clearance.configuration = Clearance::Configuration.new
+
+      expect(Clearance.configuration.reload_user_model).to be_nil
+    end
+  end
+
+  describe "#rotate_csrf_on_sign_in?" do
+    it "defaults to falsey and warns" do
+      Clearance.configuration = Clearance::Configuration.new
+      allow(Clearance.configuration).to receive(:warn)
+
+      expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be_falsey
+      expect(Clearance.configuration).to have_received(:warn)
+    end
+
+    it "is true and does not warn when `rotate_csrf_on_sign_in` is true" do
+      Clearance.configure { |config| config.rotate_csrf_on_sign_in = true }
+      allow(Clearance.configuration).to receive(:warn)
+
+      expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be true
+      expect(Clearance.configuration).not_to have_received(:warn)
+    end
+
+    it "is false and does not warn when `rotate_csrf_on_sign_in` is false" do
+      Clearance.configure { |config| config.rotate_csrf_on_sign_in = false }
+      allow(Clearance.configuration).to receive(:warn)
+
+      expect(Clearance.configuration.rotate_csrf_on_sign_in?).to be false
+      expect(Clearance.configuration).not_to have_received(:warn)
+    end
+  end
 end

data/spec/controllers/apis_controller_spec.rb

@@ -3,10 +3,14 @@ require 'spec_helper'
 class ApisController < ActionController::Base
   include Clearance::Controller
 
-  before_filter :require_login
+  if respond_to?(:before_action)
+    before_action :require_login
+  else
+    before_filter :require_login
+  end
 
   def show
-    render text: 'response'
+    head :ok
   end
 end
 

data/spec/controllers/forgeries_controller_spec.rb

@@ -4,7 +4,12 @@ class ForgeriesController < ActionController::Base
   include Clearance::Controller
 
   protect_from_forgery
-  before_filter :require_login
+
+  if respond_to?(:before_action)
+    before_action :require_login
+  else
+    before_filter :require_login
+  end
 
   # This is off in test by default, but we need it for this test
   self.allow_forgery_protection = true

data/spec/controllers/passwords_controller_spec.rb

@@ -5,9 +5,7 @@ describe Clearance::PasswordsController do
 
   describe "#new" do
     it "renders the password reset form" do
-      user = create(:user)
-
-      get :new, user_id: user
+      get :new
 
       expect(response).to be_success
       expect(response).to render_template(:new)
@@ -57,12 +55,25 @@ describe Clearance::PasswordsController do
   end
 
   describe "#edit" do
-    context "valid id and token are supplied" do
-      it "renders the password form for the user" do
+    context "valid id and token are supplied in url" do
+      it "redirects to the edit page with token now removed from url" do
         user = create(:user, :with_forgotten_password)
 
         get :edit, user_id: user, token: user.confirmation_token
 
+        expect(response).to be_redirect
+        expect(response).to redirect_to edit_user_password_url(user)
+        expect(session[:password_reset_token]).to eq user.confirmation_token
+      end
+    end
+
+    context "valid id in url and valid token in session" do
+      it "renders the password reset form" do
+        user = create(:user, :with_forgotten_password)
+
+        request.session[:password_reset_token] = user.confirmation_token
+        get :edit, user_id: user
+
         expect(response).to be_success
         expect(response).to render_template(:edit)
         expect(assigns(:user)).to eq user
@@ -101,16 +112,6 @@ describe Clearance::PasswordsController do
         expect(user.reload.encrypted_password).not_to eq old_encrypted_password
       end
 
-      it "sets the remember token and clears the confirmation token" do
-        user = create(:user, :with_forgotten_password)
-
-        put :update, update_parameters(user, new_password: "my_new_password")
-
-        user.reload
-        expect(user.remember_token).not_to be_nil
-        expect(user.confirmation_token).to be_nil
-      end
-
       it "signs the user in and redirects" do
         user = create(:user, :with_forgotten_password)
 
@@ -121,7 +122,7 @@ describe Clearance::PasswordsController do
       end
     end
 
-    context "no password provided" do
+    context "password update fails" do
       it "does not update the password" do
         user = create(:user, :with_forgotten_password)
         old_encrypted_password = user.encrypted_password

data/spec/controllers/permissions_controller_spec.rb

@@ -3,14 +3,18 @@ require 'spec_helper'
 class PermissionsController < ActionController::Base
   include Clearance::Controller
 
-  before_filter :require_login, only: :show
+  if respond_to?(:before_action)
+    before_action :require_login, only: :show
+  else
+    before_filter :require_login, only: :show
+  end
 
   def new
-    render text: 'New page'
+    head :ok
   end
 
   def show
-    render text: 'Show page'
+    head :ok
   end
 end
 
@@ -54,6 +58,12 @@ describe PermissionsController do
 
       expect(subject).to deny_access(redirect: sign_in_url)
     end
+
+    it "denies access to show and display a flash message" do
+      get :show
+
+      expect(flash[:notice]).to match(/^Please sign in to continue/)
+    end
   end
 
   context 'when remember_token is blank' do

data/spec/controllers/sessions_controller_spec.rb

@@ -9,7 +9,7 @@ describe Clearance::SessionsController do
 
       it { should respond_with(:success) }
       it { should render_template(:new) }
-      it { should_not set_the_flash }
+      it { should_not set_flash }
     end
 
     context "when a user is signed in" do
@@ -19,7 +19,7 @@ describe Clearance::SessionsController do
       end
 
       it { should redirect_to(Clearance.configuration.redirect_url) }
-      it { should_not set_the_flash }
+      it { should_not set_flash }
     end
   end
 
@@ -45,7 +45,7 @@ describe Clearance::SessionsController do
       it { should redirect_to_url_after_create }
 
       it "sets the user in the clearance session" do
-        expect(controller.current_user).to eq @user
+        expect(request.env[:clearance].current_user).to eq @user
       end
 
       it "should not change the remember token" do
@@ -92,7 +92,7 @@ describe Clearance::SessionsController do
       end
 
       it "should unset the current user" do
-        expect(@controller.current_user).to be_nil
+        expect(request.env[:clearance].current_user).to be_nil
       end
     end
   end

data/spec/dummy/app/controllers/application_controller.rb

@@ -2,6 +2,10 @@ class ApplicationController < ActionController::Base
   include Clearance::Controller
 
   def show
-    render text: '', layout: 'application'
+    if Rails::VERSION::MAJOR >= 5
+      render html: "", layout: "application"
+    else
+      render text: "", layout: "application"
+    end
   end
 end

data/spec/dummy/application.rb

@@ -37,6 +37,10 @@ module Dummy
       config.paths.add "config/routes", with: "#{APP_ROOT}/config/routes.rb"
     end
 
+    if config.respond_to?(:active_job)
+      config.active_job.queue_adapter = :inline
+    end
+
     def require_environment!
       initialize!
     end

data/spec/generators/clearance/install/install_generator_spec.rb

@@ -37,6 +37,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
 
         expect(user_class).to exist
         expect(user_class).to have_correct_syntax
+        expect(user_class).to contain_models_inherit_from
         expect(user_class).to contain("include Clearance::User")
       end
     end
@@ -51,6 +52,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
 
         expect(user_class).to exist
         expect(user_class).to have_correct_syntax
+        expect(user_class).to contain_models_inherit_from
         expect(user_class).to contain("include Clearance::User")
         expect(user_class).to have_method("previously_existed?")
       end
@@ -61,9 +63,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
     context "users table does not exist" do
       it "creates a migration to create the users table" do
         provide_existing_application_controller
-        allow(ActiveRecord::Base.connection).to receive(:table_exists?).
-          with(:users).
-          and_return(false)
+        table_does_not_exist(:users)
 
         run_generator
         migration = migration_file("db/migrate/create_users.rb")
@@ -115,4 +115,30 @@ describe Clearance::Generators::InstallGenerator, :generator do
       end
     end
   end
+
+  def table_does_not_exist(name)
+    connection = ActiveRecord::Base.connection
+
+    if connection.respond_to?(:data_source_exists?)
+      allow(connection).to receive(:data_source_exists?).
+        with(name).
+        and_return(false)
+    else
+      allow(connection).to receive(:table_exists?).
+        with(name).
+        and_return(false)
+    end
+  end
+
+  def contain_models_inherit_from
+    contain "< #{models_inherit_from}\n"
+  end
+
+  def models_inherit_from
+    if Rails.version >= "5.0.0"
+      "ApplicationRecord"
+    else
+      "ActiveRecord::Base"
+    end
+  end
 end

data/spec/generators/clearance/routes/routes_generator_spec.rb

@@ -4,14 +4,18 @@ require "generators/clearance/routes/routes_generator"
 describe Clearance::Generators::RoutesGenerator, :generator do
   it "adds clearance routes to host application routes" do
     provide_existing_routes_file
+    provide_existing_initializer
 
     routes = file("config/routes.rb")
+    initializer = file("config/initializers/clearance.rb")
 
     run_generator
 
+    expect(initializer).to have_correct_syntax
+    expect(initializer).to contain("config.routes = false")
     expect(routes).to have_correct_syntax
     expect(routes).to contain(
-      "get '/sign_in' => 'clearance/sessions#new', as: 'sign_in'"
+      'get "/sign_in" => "clearance/sessions#new", as: "sign_in"'
     )
   end
 end