clearance 1.8.0 → 1.16.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of clearance might be problematic. Click here for more details.

Files changed (107) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +3 -0
  3. data/.travis.yml +25 -6
  4. data/.yardopts +6 -0
  5. data/Appraisals +15 -4
  6. data/CONTRIBUTING.md +4 -1
  7. data/Gemfile +5 -3
  8. data/Gemfile.lock +102 -96
  9. data/NEWS.md +742 -311
  10. data/README.md +217 -339
  11. data/app/controllers/clearance/passwords_controller.rb +35 -21
  12. data/app/controllers/clearance/sessions_controller.rb +17 -4
  13. data/app/controllers/clearance/users_controller.rb +10 -4
  14. data/app/mailers/clearance_mailer.rb +2 -3
  15. data/app/views/clearance_mailer/change_password.html.erb +6 -3
  16. data/app/views/clearance_mailer/change_password.text.erb +5 -0
  17. data/app/views/layouts/application.html.erb +2 -2
  18. data/app/views/passwords/create.html.erb +1 -1
  19. data/app/views/passwords/edit.html.erb +2 -2
  20. data/app/views/passwords/new.html.erb +2 -2
  21. data/app/views/sessions/_form.html.erb +2 -2
  22. data/app/views/sessions/new.html.erb +1 -1
  23. data/app/views/users/new.html.erb +2 -2
  24. data/bin/setup +6 -2
  25. data/config/locales/clearance.en.yml +6 -0
  26. data/db/migrate/20110111224543_create_clearance_users.rb +1 -1
  27. data/gemfiles/{rails3.2.gemfile → rails32.gemfile} +4 -2
  28. data/gemfiles/{rails4.0.gemfile → rails40.gemfile} +6 -3
  29. data/gemfiles/{rails4.1.gemfile → rails41.gemfile} +6 -3
  30. data/gemfiles/{rails4.2.gemfile → rails42.gemfile} +6 -3
  31. data/gemfiles/rails50.gemfile +21 -0
  32. data/lib/clearance/authentication.rb +61 -2
  33. data/lib/clearance/authorization.rb +47 -4
  34. data/lib/clearance/back_door.rb +29 -6
  35. data/lib/clearance/configuration.rb +152 -15
  36. data/lib/clearance/constraints/signed_in.rb +21 -0
  37. data/lib/clearance/constraints/signed_out.rb +12 -0
  38. data/lib/clearance/constraints.rb +12 -0
  39. data/lib/clearance/controller.rb +13 -0
  40. data/lib/clearance/default_sign_in_guard.rb +17 -0
  41. data/lib/clearance/engine.rb +24 -4
  42. data/lib/clearance/password_strategies/bcrypt.rb +16 -21
  43. data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +19 -0
  44. data/lib/clearance/password_strategies/blowfish.rb +17 -0
  45. data/lib/clearance/password_strategies/sha1.rb +17 -0
  46. data/lib/clearance/password_strategies.rb +13 -0
  47. data/lib/clearance/rack_session.rb +13 -0
  48. data/lib/clearance/rspec.rb +15 -4
  49. data/lib/clearance/session.rb +46 -1
  50. data/lib/clearance/session_status.rb +7 -0
  51. data/lib/clearance/sign_in_guard.rb +65 -0
  52. data/lib/clearance/test_unit.rb +3 -3
  53. data/lib/clearance/testing/controller_helpers.rb +44 -0
  54. data/lib/clearance/testing/deny_access_matcher.rb +36 -2
  55. data/lib/clearance/testing/helpers.rb +9 -25
  56. data/lib/clearance/testing/view_helpers.rb +32 -0
  57. data/lib/clearance/token.rb +7 -0
  58. data/lib/clearance/user.rb +182 -4
  59. data/lib/clearance/version.rb +1 -1
  60. data/lib/clearance.rb +2 -0
  61. data/lib/generators/clearance/install/install_generator.rb +24 -5
  62. data/lib/generators/clearance/install/templates/clearance.rb +1 -0
  63. data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb +3 -3
  64. data/lib/generators/clearance/install/templates/db/migrate/create_users.rb +2 -2
  65. data/lib/generators/clearance/install/templates/user.rb.erb +3 -0
  66. data/lib/generators/clearance/routes/routes_generator.rb +23 -0
  67. data/lib/generators/clearance/routes/templates/routes.rb +7 -7
  68. data/lib/generators/clearance/specs/templates/features/clearance/user_signs_out_spec.rb.tt +1 -1
  69. data/lib/generators/clearance/specs/templates/features/clearance/visitor_resets_password_spec.rb.tt +12 -2
  70. data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_in_spec.rb.tt +1 -1
  71. data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_up_spec.rb.tt +1 -1
  72. data/lib/generators/clearance/specs/templates/features/clearance/visitor_updates_password_spec.rb.tt +1 -1
  73. data/spec/acceptance/clearance_installation_spec.rb +4 -1
  74. data/spec/app_templates/app/models/rails5/user.rb +5 -0
  75. data/spec/app_templates/config/initializers/clearance.rb +2 -0
  76. data/spec/app_templates/testapp/app/controllers/home_controller.rb +5 -1
  77. data/spec/app_templates/testapp/config/initializers/action_mailer.rb +1 -3
  78. data/spec/clearance/back_door_spec.rb +25 -6
  79. data/spec/clearance/controller_spec.rb +11 -0
  80. data/spec/clearance/rack_session_spec.rb +5 -5
  81. data/spec/clearance/session_spec.rb +2 -15
  82. data/spec/clearance/testing/{helpers_spec.rb → controller_helpers_spec.rb} +12 -12
  83. data/spec/clearance/testing/view_helpers_spec.rb +37 -0
  84. data/spec/configuration_spec.rb +94 -86
  85. data/spec/controllers/apis_controller_spec.rb +6 -2
  86. data/spec/controllers/forgeries_controller_spec.rb +6 -1
  87. data/spec/controllers/passwords_controller_spec.rb +17 -16
  88. data/spec/controllers/permissions_controller_spec.rb +13 -3
  89. data/spec/controllers/sessions_controller_spec.rb +4 -4
  90. data/spec/dummy/app/controllers/application_controller.rb +5 -1
  91. data/spec/dummy/application.rb +4 -0
  92. data/spec/generators/clearance/install/install_generator_spec.rb +29 -3
  93. data/spec/generators/clearance/routes/routes_generator_spec.rb +5 -1
  94. data/spec/generators/clearance/views/views_generator_spec.rb +11 -10
  95. data/spec/helpers/helper_helpers_spec.rb +10 -0
  96. data/spec/mailers/clearance_mailer_spec.rb +13 -19
  97. data/spec/password_strategies/bcrypt_migration_from_sha1_spec.rb +6 -0
  98. data/spec/password_strategies/blowfish_spec.rb +6 -0
  99. data/spec/password_strategies/sha1_spec.rb +6 -0
  100. data/spec/requests/csrf_rotation_spec.rb +33 -0
  101. data/spec/spec_helper.rb +11 -2
  102. data/spec/support/generator_spec_helpers.rb +13 -1
  103. data/spec/support/http_method_shim.rb +23 -0
  104. data/spec/user_spec.rb +9 -0
  105. data/spec/views/view_helpers_spec.rb +10 -0
  106. metadata +22 -9
  107. data/lib/generators/clearance/install/templates/user.rb +0 -3
@@ -6,18 +6,19 @@ describe Clearance::Generators::ViewsGenerator, :generator do
6
6
  run_generator
7
7
 
8
8
  views = %w(
9
- clearance_mailer/change_password
10
- layouts/application
11
- passwords/create
12
- passwords/edit
13
- passwords/new
14
- sessions/_form
15
- sessions/new
16
- users/_form
17
- users/new
9
+ clearance_mailer/change_password.html.erb
10
+ clearance_mailer/change_password.text.erb
11
+ layouts/application.html.erb
12
+ passwords/create.html.erb
13
+ passwords/edit.html.erb
14
+ passwords/new.html.erb
15
+ sessions/_form.html.erb
16
+ sessions/new.html.erb
17
+ users/_form.html.erb
18
+ users/new.html.erb
18
19
  )
19
20
 
20
- view_files = views.map { |view| file("app/views/#{view}.html.erb") }
21
+ view_files = views.map { |view| file("app/views/#{view}") }
21
22
 
22
23
  view_files.each do |each|
23
24
  expect(each).to exist
@@ -0,0 +1,10 @@
1
+ require "spec_helper"
2
+
3
+ describe "Clearance RSpec helper spec configuration", type: :helper do
4
+ it "lets me use clearance's helper methods in helper specs" do
5
+ user = double("User")
6
+ sign_in_as(user)
7
+
8
+ expect(helper.current_user).to eq user
9
+ end
10
+ end
@@ -19,18 +19,6 @@ describe ClearanceMailer do
19
19
  expect(email.to.first).to eq(user.email)
20
20
  end
21
21
 
22
- it "contains a link to edit the password" do
23
- user = create(:user)
24
- user.forgot_password!
25
- host = ActionMailer::Base.default_url_options[:host]
26
- link = "http://#{host}/users/#{user.id}/password/edit" \
27
- "?token=#{user.confirmation_token}"
28
-
29
- email = ClearanceMailer.change_password(user)
30
-
31
- expect(email.body.to_s).to include(link)
32
- end
33
-
34
22
  it "sets its subject" do
35
23
  user = create(:user)
36
24
  user.forgot_password!
@@ -40,25 +28,31 @@ describe ClearanceMailer do
40
28
  expect(email.subject).to include("Change your password")
41
29
  end
42
30
 
43
- it "contains opening text in the body" do
31
+ it "has html and plain text parts" do
44
32
  user = create(:user)
45
33
  user.forgot_password!
46
34
 
47
35
  email = ClearanceMailer.change_password(user)
48
36
 
49
- expect(email.body).to include(
50
- I18n.t("clearance_mailer.change_password.opening")
51
- )
37
+ expect(email.body.parts.length).to eq 2
38
+ expect(email.text_part).to be_present
39
+ expect(email.html_part).to be_present
52
40
  end
53
41
 
54
- it "contains closing text in the body" do
42
+ it "contains a link to edit the password" do
55
43
  user = create(:user)
56
44
  user.forgot_password!
45
+ host = ActionMailer::Base.default_url_options[:host]
46
+ link = "http://#{host}/users/#{user.id}/password/edit" \
47
+ "?token=#{user.confirmation_token}"
57
48
 
58
49
  email = ClearanceMailer.change_password(user)
59
50
 
60
- expect(email.body.raw_source).to include(
61
- I18n.t("clearance_mailer.change_password.closing")
51
+ expect(email.text_part.body).to include(link)
52
+ expect(email.html_part.body).to include(link)
53
+ expect(email.html_part.body).to have_css(
54
+ "a",
55
+ text: I18n.t("clearance_mailer.change_password.link_text")
62
56
  )
63
57
  end
64
58
  end
@@ -2,6 +2,12 @@ require "spec_helper"
2
2
  include FakeModelWithPasswordStrategy
3
3
 
4
4
  describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
5
+ around do |example|
6
+ silence_warnings do
7
+ example.run
8
+ end
9
+ end
10
+
5
11
  describe "#password=" do
6
12
  it "encrypts the password into a BCrypt-encrypted encrypted_password" do
7
13
  stub_bcrypt_password
@@ -2,6 +2,12 @@ require "spec_helper"
2
2
  include FakeModelWithPasswordStrategy
3
3
 
4
4
  describe Clearance::PasswordStrategies::Blowfish do
5
+ around do |example|
6
+ silence_warnings do
7
+ example.run
8
+ end
9
+ end
10
+
5
11
  describe "#password=" do
6
12
  context "when the password is set" do
7
13
  it "does not initialize the salt" do
@@ -2,6 +2,12 @@ require "spec_helper"
2
2
  include FakeModelWithPasswordStrategy
3
3
 
4
4
  describe Clearance::PasswordStrategies::SHA1 do
5
+ around do |example|
6
+ silence_warnings do
7
+ example.run
8
+ end
9
+ end
10
+
5
11
  describe "#password=" do
6
12
  context "when the salt is set" do
7
13
  it "does not initialize the salt when assigned" do
@@ -0,0 +1,33 @@
1
+ require "spec_helper"
2
+
3
+ describe "CSRF Rotation" do
4
+ around do |example|
5
+ ActionController::Base.allow_forgery_protection = true
6
+ example.run
7
+ ActionController::Base.allow_forgery_protection = false
8
+ end
9
+
10
+ context "Clearance is configured to rotate CSRF token on sign in" do
11
+ describe "sign in" do
12
+ it "rotates the CSRF token" do
13
+ Clearance.configure { |config| config.rotate_csrf_on_sign_in = true }
14
+ get sign_in_path
15
+ user = create(:user, password: "password")
16
+ original_token = csrf_token
17
+
18
+ post session_path, session: session_params(user, "password")
19
+
20
+ expect(csrf_token).not_to eq original_token
21
+ expect(csrf_token).to be_present
22
+ end
23
+ end
24
+ end
25
+
26
+ def csrf_token
27
+ session[:_csrf_token]
28
+ end
29
+
30
+ def session_params(user, password)
31
+ { email: user.email, password: password, authenticity_token: csrf_token }
32
+ end
33
+ end
data/spec/spec_helper.rb CHANGED
@@ -26,9 +26,18 @@ RSpec.configure do |config|
26
26
  config.mock_with :rspec do |mocks|
27
27
  mocks.syntax = :expect
28
28
  end
29
+
30
+ config.before { restore_default_warning_free_config }
31
+
32
+ if Rails::VERSION::MAJOR >= 5
33
+ require 'rails-controller-testing'
34
+ config.include Rails::Controller::Testing::TestProcess
35
+ config.include Rails::Controller::Testing::TemplateAssertions
36
+ config.include Rails::Controller::Testing::Integration
37
+ end
29
38
  end
30
39
 
31
- def restore_default_config
40
+ def restore_default_warning_free_config
32
41
  Clearance.configuration = nil
33
- Clearance.configure {}
42
+ Clearance.configure { |config| config.rotate_csrf_on_sign_in = true }
34
43
  end
@@ -9,12 +9,16 @@ module GeneratorSpecHelpers
9
9
  copy_to_generator_root("config", "routes.rb")
10
10
  end
11
11
 
12
+ def provide_existing_initializer
13
+ copy_to_generator_root("config/initializers", "clearance.rb")
14
+ end
15
+
12
16
  def provide_existing_application_controller
13
17
  copy_to_generator_root("app/controllers", "application_controller.rb")
14
18
  end
15
19
 
16
20
  def provide_existing_user_class
17
- copy_to_generator_root("app/models", "user.rb")
21
+ copy_to_generator_root("app/models", versionize_template("user.rb"))
18
22
  allow(File).to receive(:exist?).and_call_original
19
23
  allow(File).to receive(:exist?).with("app/models/user.rb").and_return(true)
20
24
  end
@@ -28,6 +32,14 @@ module GeneratorSpecHelpers
28
32
  FileUtils.mkdir_p(destination)
29
33
  FileUtils.cp(template_file, destination)
30
34
  end
35
+
36
+ def versionize_template(template_file)
37
+ if Rails.version >= "5.0.0"
38
+ template_file = ["rails5", template_file].join("/")
39
+ end
40
+
41
+ template_file
42
+ end
31
43
  end
32
44
 
33
45
  RSpec.configure do |config|
@@ -0,0 +1,23 @@
1
+ # Rails 5 deprecates calling HTTP action methods with positional arguments
2
+ # in favor of keyword arguments. However, the keyword argument form is only
3
+ # supported in Rails 5+. Since we support back to 3.1, we need some sort of shim
4
+ # to avoid super noisy deprecations when running tests.
5
+ module HTTPMethodShim
6
+ def get(path, params=nil, headers=nil)
7
+ super(path, params: params, headers: headers)
8
+ end
9
+
10
+ def put(path, params=nil, headers=nil)
11
+ super(path, params: params, headers: headers)
12
+ end
13
+
14
+ def post(path, params=nil, headers=nil)
15
+ super(path, params: params, headers: headers)
16
+ end
17
+ end
18
+
19
+ if Rails::VERSION::MAJOR >= 5
20
+ RSpec.configure do |config|
21
+ config.include HTTPMethodShim, type: :controller
22
+ end
23
+ end
data/spec/user_spec.rb CHANGED
@@ -85,6 +85,15 @@ describe User do
85
85
 
86
86
  expect(user.confirmation_token).to be_nil
87
87
  end
88
+
89
+ it "sets the remember token" do
90
+ user = create(:user, :with_forgotten_password)
91
+
92
+ user.update_password("my_new_password")
93
+
94
+ user.reload
95
+ expect(user.remember_token).not_to be_nil
96
+ end
88
97
  end
89
98
 
90
99
  context "with blank password" do
@@ -0,0 +1,10 @@
1
+ require "spec_helper"
2
+
3
+ describe "Clearance RSpec view spec configuration", type: :view do
4
+ it "lets me use clearance's helper methods in view specs" do
5
+ user = double("User")
6
+ sign_in_as(user)
7
+
8
+ expect(view.current_user).to eq user
9
+ end
10
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clearance
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.8.0
4
+ version: 1.16.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dan Croak
@@ -25,7 +25,7 @@ authors:
25
25
  autorequire:
26
26
  bindir: bin
27
27
  cert_chain: []
28
- date: 2015-01-23 00:00:00.000000000 Z
28
+ date: 2017-01-16 00:00:00.000000000 Z
29
29
  dependencies:
30
30
  - !ruby/object:Gem::Dependency
31
31
  name: bcrypt
@@ -79,6 +79,7 @@ extra_rdoc_files:
79
79
  files:
80
80
  - ".gitignore"
81
81
  - ".travis.yml"
82
+ - ".yardopts"
82
83
  - Appraisals
83
84
  - CONTRIBUTING.md
84
85
  - Gemfile
@@ -93,6 +94,7 @@ files:
93
94
  - app/controllers/clearance/users_controller.rb
94
95
  - app/mailers/clearance_mailer.rb
95
96
  - app/views/clearance_mailer/change_password.html.erb
97
+ - app/views/clearance_mailer/change_password.text.erb
96
98
  - app/views/layouts/application.html.erb
97
99
  - app/views/passwords/create.html.erb
98
100
  - app/views/passwords/edit.html.erb
@@ -110,10 +112,11 @@ files:
110
112
  - config/routes.rb
111
113
  - db/migrate/20110111224543_create_clearance_users.rb
112
114
  - db/schema.rb
113
- - gemfiles/rails3.2.gemfile
114
- - gemfiles/rails4.0.gemfile
115
- - gemfiles/rails4.1.gemfile
116
- - gemfiles/rails4.2.gemfile
115
+ - gemfiles/rails32.gemfile
116
+ - gemfiles/rails40.gemfile
117
+ - gemfiles/rails41.gemfile
118
+ - gemfiles/rails42.gemfile
119
+ - gemfiles/rails50.gemfile
117
120
  - lib/clearance.rb
118
121
  - lib/clearance/authentication.rb
119
122
  - lib/clearance/authorization.rb
@@ -137,8 +140,10 @@ files:
137
140
  - lib/clearance/sign_in_guard.rb
138
141
  - lib/clearance/test_unit.rb
139
142
  - lib/clearance/testing.rb
143
+ - lib/clearance/testing/controller_helpers.rb
140
144
  - lib/clearance/testing/deny_access_matcher.rb
141
145
  - lib/clearance/testing/helpers.rb
146
+ - lib/clearance/testing/view_helpers.rb
142
147
  - lib/clearance/token.rb
143
148
  - lib/clearance/user.rb
144
149
  - lib/clearance/version.rb
@@ -147,7 +152,7 @@ files:
147
152
  - lib/generators/clearance/install/templates/clearance.rb
148
153
  - lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb
149
154
  - lib/generators/clearance/install/templates/db/migrate/create_users.rb
150
- - lib/generators/clearance/install/templates/user.rb
155
+ - lib/generators/clearance/install/templates/user.rb.erb
151
156
  - lib/generators/clearance/routes/routes_generator.rb
152
157
  - lib/generators/clearance/routes/templates/routes.rb
153
158
  - lib/generators/clearance/specs/USAGE
@@ -164,7 +169,9 @@ files:
164
169
  - lib/generators/clearance/views/views_generator.rb
165
170
  - spec/acceptance/clearance_installation_spec.rb
166
171
  - spec/app_templates/app/controllers/application_controller.rb
172
+ - spec/app_templates/app/models/rails5/user.rb
167
173
  - spec/app_templates/app/models/user.rb
174
+ - spec/app_templates/config/initializers/clearance.rb
168
175
  - spec/app_templates/config/routes.rb
169
176
  - spec/app_templates/testapp/Gemfile
170
177
  - spec/app_templates/testapp/app/controllers/home_controller.rb
@@ -173,11 +180,13 @@ files:
173
180
  - spec/clearance/back_door_spec.rb
174
181
  - spec/clearance/constraints/signed_in_spec.rb
175
182
  - spec/clearance/constraints/signed_out_spec.rb
183
+ - spec/clearance/controller_spec.rb
176
184
  - spec/clearance/default_sign_in_guard_spec.rb
177
185
  - spec/clearance/rack_session_spec.rb
178
186
  - spec/clearance/session_spec.rb
179
187
  - spec/clearance/sign_in_guard_spec.rb
180
- - spec/clearance/testing/helpers_spec.rb
188
+ - spec/clearance/testing/controller_helpers_spec.rb
189
+ - spec/clearance/testing/view_helpers_spec.rb
181
190
  - spec/clearance/token_spec.rb
182
191
  - spec/configuration_spec.rb
183
192
  - spec/controllers/apis_controller_spec.rb
@@ -197,12 +206,14 @@ files:
197
206
  - spec/generators/clearance/routes/routes_generator_spec.rb
198
207
  - spec/generators/clearance/specs/specs_generator_spec.rb
199
208
  - spec/generators/clearance/views/views_generator_spec.rb
209
+ - spec/helpers/helper_helpers_spec.rb
200
210
  - spec/mailers/clearance_mailer_spec.rb
201
211
  - spec/password_strategies/bcrypt_migration_from_sha1_spec.rb
202
212
  - spec/password_strategies/bcrypt_spec.rb
203
213
  - spec/password_strategies/blowfish_spec.rb
204
214
  - spec/password_strategies/password_strategies_spec.rb
205
215
  - spec/password_strategies/sha1_spec.rb
216
+ - spec/requests/csrf_rotation_spec.rb
206
217
  - spec/routing/clearance_routes_spec.rb
207
218
  - spec/spec_helper.rb
208
219
  - spec/support/clearance.rb
@@ -210,8 +221,10 @@ files:
210
221
  - spec/support/fake_model_with_password_strategy.rb
211
222
  - spec/support/fake_model_without_password_strategy.rb
212
223
  - spec/support/generator_spec_helpers.rb
224
+ - spec/support/http_method_shim.rb
213
225
  - spec/support/request_with_remember_token.rb
214
226
  - spec/user_spec.rb
227
+ - spec/views/view_helpers_spec.rb
215
228
  homepage: http://github.com/thoughtbot/clearance
216
229
  licenses:
217
230
  - MIT
@@ -233,7 +246,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
233
246
  version: '0'
234
247
  requirements: []
235
248
  rubyforge_project:
236
- rubygems_version: 2.4.5
249
+ rubygems_version: 2.4.8
237
250
  signing_key:
238
251
  specification_version: 4
239
252
  summary: Rails authentication & authorization with email & password.
@@ -1,3 +0,0 @@
1
- class User < ActiveRecord::Base
2
- include Clearance::User
3
- end