RubyGems - clearance - Versions diffs - 1.8.0 → 1.16.0 - Mend

clearance 1.8.0 → 1.16.0

Potentially problematic release.

This version of clearance might be problematic. Click here for more details.

Files changed (107) hide show

checksums.yaml +4 -4
data/.gitignore +3 -0
data/.travis.yml +25 -6
data/.yardopts +6 -0
data/Appraisals +15 -4
data/CONTRIBUTING.md +4 -1
data/Gemfile +5 -3
data/Gemfile.lock +102 -96
data/NEWS.md +742 -311
data/README.md +217 -339
data/app/controllers/clearance/passwords_controller.rb +35 -21
data/app/controllers/clearance/sessions_controller.rb +17 -4
data/app/controllers/clearance/users_controller.rb +10 -4
data/app/mailers/clearance_mailer.rb +2 -3
data/app/views/clearance_mailer/change_password.html.erb +6 -3
data/app/views/clearance_mailer/change_password.text.erb +5 -0
data/app/views/layouts/application.html.erb +2 -2
data/app/views/passwords/create.html.erb +1 -1
data/app/views/passwords/edit.html.erb +2 -2
data/app/views/passwords/new.html.erb +2 -2
data/app/views/sessions/_form.html.erb +2 -2
data/app/views/sessions/new.html.erb +1 -1
data/app/views/users/new.html.erb +2 -2
data/bin/setup +6 -2
data/config/locales/clearance.en.yml +6 -0
data/db/migrate/20110111224543_create_clearance_users.rb +1 -1
data/gemfiles/{rails3.2.gemfile → rails32.gemfile} +4 -2
data/gemfiles/{rails4.0.gemfile → rails40.gemfile} +6 -3
data/gemfiles/{rails4.1.gemfile → rails41.gemfile} +6 -3
data/gemfiles/{rails4.2.gemfile → rails42.gemfile} +6 -3
data/gemfiles/rails50.gemfile +21 -0
data/lib/clearance/authentication.rb +61 -2
data/lib/clearance/authorization.rb +47 -4
data/lib/clearance/back_door.rb +29 -6
data/lib/clearance/configuration.rb +152 -15
data/lib/clearance/constraints/signed_in.rb +21 -0
data/lib/clearance/constraints/signed_out.rb +12 -0
data/lib/clearance/constraints.rb +12 -0
data/lib/clearance/controller.rb +13 -0
data/lib/clearance/default_sign_in_guard.rb +17 -0
data/lib/clearance/engine.rb +24 -4
data/lib/clearance/password_strategies/bcrypt.rb +16 -21
data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +19 -0
data/lib/clearance/password_strategies/blowfish.rb +17 -0
data/lib/clearance/password_strategies/sha1.rb +17 -0
data/lib/clearance/password_strategies.rb +13 -0
data/lib/clearance/rack_session.rb +13 -0
data/lib/clearance/rspec.rb +15 -4
data/lib/clearance/session.rb +46 -1
data/lib/clearance/session_status.rb +7 -0
data/lib/clearance/sign_in_guard.rb +65 -0
data/lib/clearance/test_unit.rb +3 -3
data/lib/clearance/testing/controller_helpers.rb +44 -0
data/lib/clearance/testing/deny_access_matcher.rb +36 -2
data/lib/clearance/testing/helpers.rb +9 -25
data/lib/clearance/testing/view_helpers.rb +32 -0
data/lib/clearance/token.rb +7 -0
data/lib/clearance/user.rb +182 -4
data/lib/clearance/version.rb +1 -1
data/lib/clearance.rb +2 -0
data/lib/generators/clearance/install/install_generator.rb +24 -5
data/lib/generators/clearance/install/templates/clearance.rb +1 -0
data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb +3 -3
data/lib/generators/clearance/install/templates/db/migrate/create_users.rb +2 -2
data/lib/generators/clearance/install/templates/user.rb.erb +3 -0
data/lib/generators/clearance/routes/routes_generator.rb +23 -0
data/lib/generators/clearance/routes/templates/routes.rb +7 -7
data/lib/generators/clearance/specs/templates/features/clearance/user_signs_out_spec.rb.tt +1 -1
data/lib/generators/clearance/specs/templates/features/clearance/visitor_resets_password_spec.rb.tt +12 -2
data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_in_spec.rb.tt +1 -1
data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_up_spec.rb.tt +1 -1
data/lib/generators/clearance/specs/templates/features/clearance/visitor_updates_password_spec.rb.tt +1 -1
data/spec/acceptance/clearance_installation_spec.rb +4 -1
data/spec/app_templates/app/models/rails5/user.rb +5 -0
data/spec/app_templates/config/initializers/clearance.rb +2 -0
data/spec/app_templates/testapp/app/controllers/home_controller.rb +5 -1
data/spec/app_templates/testapp/config/initializers/action_mailer.rb +1 -3
data/spec/clearance/back_door_spec.rb +25 -6
data/spec/clearance/controller_spec.rb +11 -0
data/spec/clearance/rack_session_spec.rb +5 -5
data/spec/clearance/session_spec.rb +2 -15
data/spec/clearance/testing/{helpers_spec.rb → controller_helpers_spec.rb} +12 -12
data/spec/clearance/testing/view_helpers_spec.rb +37 -0
data/spec/configuration_spec.rb +94 -86
data/spec/controllers/apis_controller_spec.rb +6 -2
data/spec/controllers/forgeries_controller_spec.rb +6 -1
data/spec/controllers/passwords_controller_spec.rb +17 -16
data/spec/controllers/permissions_controller_spec.rb +13 -3
data/spec/controllers/sessions_controller_spec.rb +4 -4
data/spec/dummy/app/controllers/application_controller.rb +5 -1
data/spec/dummy/application.rb +4 -0
data/spec/generators/clearance/install/install_generator_spec.rb +29 -3
data/spec/generators/clearance/routes/routes_generator_spec.rb +5 -1
data/spec/generators/clearance/views/views_generator_spec.rb +11 -10
data/spec/helpers/helper_helpers_spec.rb +10 -0
data/spec/mailers/clearance_mailer_spec.rb +13 -19
data/spec/password_strategies/bcrypt_migration_from_sha1_spec.rb +6 -0
data/spec/password_strategies/blowfish_spec.rb +6 -0
data/spec/password_strategies/sha1_spec.rb +6 -0
data/spec/requests/csrf_rotation_spec.rb +33 -0
data/spec/spec_helper.rb +11 -2
data/spec/support/generator_spec_helpers.rb +13 -1
data/spec/support/http_method_shim.rb +23 -0
data/spec/user_spec.rb +9 -0
data/spec/views/view_helpers_spec.rb +10 -0
metadata +22 -9
data/lib/generators/clearance/install/templates/user.rb +0 -3

data/spec/generators/clearance/views/views_generator_spec.rb CHANGED Viewed

@@ -6,18 +6,19 @@ describe Clearance::Generators::ViewsGenerator, :generator do
     run_generator
     views = %w(
-      clearance_mailer/change_password
-      layouts/application
-      passwords/create
-      passwords/edit
-      passwords/new
-      sessions/_form
-      sessions/new
-      users/_form
-      users/new
+      clearance_mailer/change_password.html.erb
+      clearance_mailer/change_password.text.erb
+      layouts/application.html.erb
+      passwords/create.html.erb
+      passwords/edit.html.erb
+      passwords/new.html.erb
+      sessions/_form.html.erb
+      sessions/new.html.erb
+      users/_form.html.erb
+      users/new.html.erb
     )
-    view_files = views.map { |view| file("app/views/#{view}.html.erb") }
+    view_files = views.map { |view| file("app/views/#{view}") }
     view_files.each do |each|
       expect(each).to exist

data/spec/helpers/helper_helpers_spec.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require "spec_helper"
+describe "Clearance RSpec helper spec configuration", type: :helper do
+  it "lets me use clearance's helper methods in helper specs" do
+    user = double("User")
+    sign_in_as(user)
+    expect(helper.current_user).to eq user
+  end
+end

data/spec/mailers/clearance_mailer_spec.rb CHANGED Viewed

@@ -19,18 +19,6 @@ describe ClearanceMailer do
     expect(email.to.first).to eq(user.email)
   end
-  it "contains a link to edit the password" do
-    user = create(:user)
-    user.forgot_password!
-    host = ActionMailer::Base.default_url_options[:host]
-    link = "http://#{host}/users/#{user.id}/password/edit" \
-      "?token=#{user.confirmation_token}"
-    email = ClearanceMailer.change_password(user)
-    expect(email.body.to_s).to include(link)
-  end
   it "sets its subject" do
     user = create(:user)
     user.forgot_password!
@@ -40,25 +28,31 @@ describe ClearanceMailer do
     expect(email.subject).to include("Change your password")
   end
-  it "contains opening text in the body" do
+  it "has html and plain text parts" do
     user = create(:user)
     user.forgot_password!
     email = ClearanceMailer.change_password(user)
-    expect(email.body).to include(
-      I18n.t("clearance_mailer.change_password.opening")
-    )
+    expect(email.body.parts.length).to eq 2
+    expect(email.text_part).to be_present
+    expect(email.html_part).to be_present
   end
-  it "contains closing text in the body" do
+  it "contains a link to edit the password" do
     user = create(:user)
     user.forgot_password!
+    host = ActionMailer::Base.default_url_options[:host]
+    link = "http://#{host}/users/#{user.id}/password/edit" \
+      "?token=#{user.confirmation_token}"
     email = ClearanceMailer.change_password(user)
-    expect(email.body.raw_source).to include(
-      I18n.t("clearance_mailer.change_password.closing")
+    expect(email.text_part.body).to include(link)
+    expect(email.html_part.body).to include(link)
+    expect(email.html_part.body).to have_css(
+      "a",
+      text: I18n.t("clearance_mailer.change_password.link_text")
     )
   end
 end

data/spec/password_strategies/bcrypt_migration_from_sha1_spec.rb CHANGED Viewed

@@ -2,6 +2,12 @@ require "spec_helper"
 include FakeModelWithPasswordStrategy
 describe Clearance::PasswordStrategies::BCryptMigrationFromSHA1 do
+  around do |example|
+    silence_warnings do
+      example.run
+    end
+  end
   describe "#password=" do
     it "encrypts the password into a BCrypt-encrypted encrypted_password" do
       stub_bcrypt_password

data/spec/password_strategies/blowfish_spec.rb CHANGED Viewed

@@ -2,6 +2,12 @@ require "spec_helper"
 include FakeModelWithPasswordStrategy
 describe Clearance::PasswordStrategies::Blowfish do
+  around do |example|
+    silence_warnings do
+      example.run
+    end
+  end
   describe "#password=" do
     context "when the password is set" do
       it "does not initialize the salt" do

data/spec/password_strategies/sha1_spec.rb CHANGED Viewed

@@ -2,6 +2,12 @@ require "spec_helper"
 include FakeModelWithPasswordStrategy
 describe Clearance::PasswordStrategies::SHA1 do
+  around do |example|
+    silence_warnings do
+      example.run
+    end
+  end
   describe "#password=" do
     context "when the salt is set" do
       it "does not initialize the salt when assigned" do

data/spec/requests/csrf_rotation_spec.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require "spec_helper"
+describe "CSRF Rotation" do
+  around do |example|
+    ActionController::Base.allow_forgery_protection = true
+    example.run
+    ActionController::Base.allow_forgery_protection = false
+  end
+  context "Clearance is configured to rotate CSRF token on sign in" do
+    describe "sign in" do
+      it "rotates the CSRF token" do
+        Clearance.configure { |config| config.rotate_csrf_on_sign_in = true }
+        get sign_in_path
+        user = create(:user, password: "password")
+        original_token = csrf_token
+        post session_path, session: session_params(user, "password")
+        expect(csrf_token).not_to eq original_token
+        expect(csrf_token).to be_present
+      end
+    end
+  end
+  def csrf_token
+    session[:_csrf_token]
+  end
+  def session_params(user, password)
+    { email: user.email, password: password, authenticity_token: csrf_token }
+  end
+end

data/spec/spec_helper.rb CHANGED Viewed

@@ -26,9 +26,18 @@ RSpec.configure do |config|
   config.mock_with :rspec do |mocks|
     mocks.syntax = :expect
   end
+  config.before { restore_default_warning_free_config }
+  if Rails::VERSION::MAJOR >= 5
+    require 'rails-controller-testing'
+    config.include Rails::Controller::Testing::TestProcess
+    config.include Rails::Controller::Testing::TemplateAssertions
+    config.include Rails::Controller::Testing::Integration
+  end
 end
-def restore_default_config
+def restore_default_warning_free_config
   Clearance.configuration = nil
-  Clearance.configure {}
+  Clearance.configure { |config| config.rotate_csrf_on_sign_in = true }
 end

data/spec/support/generator_spec_helpers.rb CHANGED Viewed

@@ -9,12 +9,16 @@ module GeneratorSpecHelpers
     copy_to_generator_root("config", "routes.rb")
   end
+  def provide_existing_initializer
+    copy_to_generator_root("config/initializers", "clearance.rb")
+  end
   def provide_existing_application_controller
     copy_to_generator_root("app/controllers", "application_controller.rb")
   end
   def provide_existing_user_class
-    copy_to_generator_root("app/models", "user.rb")
+    copy_to_generator_root("app/models", versionize_template("user.rb"))
     allow(File).to receive(:exist?).and_call_original
     allow(File).to receive(:exist?).with("app/models/user.rb").and_return(true)
   end
@@ -28,6 +32,14 @@ module GeneratorSpecHelpers
     FileUtils.mkdir_p(destination)
     FileUtils.cp(template_file, destination)
   end
+  def versionize_template(template_file)
+    if Rails.version >= "5.0.0"
+      template_file = ["rails5", template_file].join("/")
+    end
+    template_file
+  end
 end
 RSpec.configure do |config|

data/spec/support/http_method_shim.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# Rails 5 deprecates calling HTTP action methods with positional arguments
+# in favor of keyword arguments. However, the keyword argument form is only
+# supported in Rails 5+. Since we support back to 3.1, we need some sort of shim
+# to avoid super noisy deprecations when running tests.
+module HTTPMethodShim
+  def get(path, params=nil, headers=nil)
+    super(path, params: params, headers: headers)
+  end
+  def put(path, params=nil, headers=nil)
+    super(path, params: params, headers: headers)
+  end
+  def post(path, params=nil, headers=nil)
+    super(path, params: params, headers: headers)
+  end
+end
+if Rails::VERSION::MAJOR >= 5
+  RSpec.configure do |config|
+    config.include HTTPMethodShim, type: :controller
+  end
+end

data/spec/user_spec.rb CHANGED Viewed

@@ -85,6 +85,15 @@ describe User do
         expect(user.confirmation_token).to be_nil
       end
+      it "sets the remember token" do
+        user = create(:user, :with_forgotten_password)
+        user.update_password("my_new_password")
+        user.reload
+        expect(user.remember_token).not_to be_nil
+      end
     end
     context "with blank password" do

data/spec/views/view_helpers_spec.rb ADDED Viewed

@@ -0,0 +1,10 @@
+require "spec_helper"
+describe "Clearance RSpec view spec configuration", type: :view do
+  it "lets me use clearance's helper methods in view specs" do
+    user = double("User")
+    sign_in_as(user)
+    expect(view.current_user).to eq user
+  end
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.16.0
 platform: ruby
 authors:
 - Dan Croak
@@ -25,7 +25,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-01-23 00:00:00.000000000 Z
+date: 2017-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -79,6 +79,7 @@ extra_rdoc_files:
 files:
 - ".gitignore"
 - ".travis.yml"
+- ".yardopts"
 - Appraisals
 - CONTRIBUTING.md
 - Gemfile
@@ -93,6 +94,7 @@ files:
 - app/controllers/clearance/users_controller.rb
 - app/mailers/clearance_mailer.rb
 - app/views/clearance_mailer/change_password.html.erb
+- app/views/clearance_mailer/change_password.text.erb
 - app/views/layouts/application.html.erb
 - app/views/passwords/create.html.erb
 - app/views/passwords/edit.html.erb
@@ -110,10 +112,11 @@ files:
 - config/routes.rb
 - db/migrate/20110111224543_create_clearance_users.rb
 - db/schema.rb
-- gemfiles/rails3.2.gemfile
-- gemfiles/rails4.0.gemfile
-- gemfiles/rails4.1.gemfile
-- gemfiles/rails4.2.gemfile
+- gemfiles/rails32.gemfile
+- gemfiles/rails40.gemfile
+- gemfiles/rails41.gemfile
+- gemfiles/rails42.gemfile
+- gemfiles/rails50.gemfile
 - lib/clearance.rb
 - lib/clearance/authentication.rb
 - lib/clearance/authorization.rb
@@ -137,8 +140,10 @@ files:
 - lib/clearance/sign_in_guard.rb
 - lib/clearance/test_unit.rb
 - lib/clearance/testing.rb
+- lib/clearance/testing/controller_helpers.rb
 - lib/clearance/testing/deny_access_matcher.rb
 - lib/clearance/testing/helpers.rb
+- lib/clearance/testing/view_helpers.rb
 - lib/clearance/token.rb
 - lib/clearance/user.rb
 - lib/clearance/version.rb
@@ -147,7 +152,7 @@ files:
 - lib/generators/clearance/install/templates/clearance.rb
 - lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb
 - lib/generators/clearance/install/templates/db/migrate/create_users.rb
-- lib/generators/clearance/install/templates/user.rb
+- lib/generators/clearance/install/templates/user.rb.erb
 - lib/generators/clearance/routes/routes_generator.rb
 - lib/generators/clearance/routes/templates/routes.rb
 - lib/generators/clearance/specs/USAGE
@@ -164,7 +169,9 @@ files:
 - lib/generators/clearance/views/views_generator.rb
 - spec/acceptance/clearance_installation_spec.rb
 - spec/app_templates/app/controllers/application_controller.rb
+- spec/app_templates/app/models/rails5/user.rb
 - spec/app_templates/app/models/user.rb
+- spec/app_templates/config/initializers/clearance.rb
 - spec/app_templates/config/routes.rb
 - spec/app_templates/testapp/Gemfile
 - spec/app_templates/testapp/app/controllers/home_controller.rb
@@ -173,11 +180,13 @@ files:
 - spec/clearance/back_door_spec.rb
 - spec/clearance/constraints/signed_in_spec.rb
 - spec/clearance/constraints/signed_out_spec.rb
+- spec/clearance/controller_spec.rb
 - spec/clearance/default_sign_in_guard_spec.rb
 - spec/clearance/rack_session_spec.rb
 - spec/clearance/session_spec.rb
 - spec/clearance/sign_in_guard_spec.rb
-- spec/clearance/testing/helpers_spec.rb
+- spec/clearance/testing/controller_helpers_spec.rb
+- spec/clearance/testing/view_helpers_spec.rb
 - spec/clearance/token_spec.rb
 - spec/configuration_spec.rb
 - spec/controllers/apis_controller_spec.rb
@@ -197,12 +206,14 @@ files:
 - spec/generators/clearance/routes/routes_generator_spec.rb
 - spec/generators/clearance/specs/specs_generator_spec.rb
 - spec/generators/clearance/views/views_generator_spec.rb
+- spec/helpers/helper_helpers_spec.rb
 - spec/mailers/clearance_mailer_spec.rb
 - spec/password_strategies/bcrypt_migration_from_sha1_spec.rb
 - spec/password_strategies/bcrypt_spec.rb
 - spec/password_strategies/blowfish_spec.rb
 - spec/password_strategies/password_strategies_spec.rb
 - spec/password_strategies/sha1_spec.rb
+- spec/requests/csrf_rotation_spec.rb
 - spec/routing/clearance_routes_spec.rb
 - spec/spec_helper.rb
 - spec/support/clearance.rb
@@ -210,8 +221,10 @@ files:
 - spec/support/fake_model_with_password_strategy.rb
 - spec/support/fake_model_without_password_strategy.rb
 - spec/support/generator_spec_helpers.rb
+- spec/support/http_method_shim.rb
 - spec/support/request_with_remember_token.rb
 - spec/user_spec.rb
+- spec/views/view_helpers_spec.rb
 homepage: http://github.com/thoughtbot/clearance
 licenses:
 - MIT
@@ -233,7 +246,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.5
+rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.

data/lib/generators/clearance/install/templates/user.rb DELETED Viewed

@@ -1,3 +0,0 @@
-class User < ActiveRecord::Base
-  include Clearance::User
-end