clearance 1.8.0 → 1.8.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/.yardopts +3 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +25 -24
- data/NEWS.md +586 -311
- data/README.md +143 -334
- data/app/controllers/clearance/sessions_controller.rb +0 -1
- data/gemfiles/rails4.0.gemfile +1 -1
- data/gemfiles/rails4.1.gemfile +1 -1
- data/gemfiles/rails4.2.gemfile +1 -1
- data/lib/clearance.rb +2 -0
- data/lib/clearance/authentication.rb +2 -0
- data/lib/clearance/configuration.rb +106 -14
- data/lib/clearance/version.rb +1 -1
- data/spec/app_templates/testapp/config/initializers/action_mailer.rb +1 -3
- data/spec/clearance/contoller_spec.rb +11 -0
- data/spec/clearance/controller_spec.rb +11 -0
- data/spec/clearance/rack_session_spec.rb +5 -5
- data/spec/controllers/sessions_controller_spec.rb +2 -2
- metadata +5 -2
@@ -2,7 +2,6 @@ class Clearance::SessionsController < Clearance::BaseController
|
|
2
2
|
before_filter :redirect_signed_in_users, only: [:new]
|
3
3
|
skip_before_filter :require_login, only: [:create, :new, :destroy]
|
4
4
|
skip_before_filter :authorize, only: [:create, :new, :destroy]
|
5
|
-
protect_from_forgery except: :create
|
6
5
|
|
7
6
|
def create
|
8
7
|
@user = authenticate(params)
|
data/gemfiles/rails4.0.gemfile
CHANGED
@@ -9,7 +9,7 @@ gem "capybara", ">= 2.3"
|
|
9
9
|
gem "database_cleaner", "~> 1.0"
|
10
10
|
gem "factory_girl_rails", "~> 4.2"
|
11
11
|
gem "rspec-rails", "~> 3.1"
|
12
|
-
gem "shoulda-matchers", "~> 2.
|
12
|
+
gem "shoulda-matchers", "~> 2.8"
|
13
13
|
gem "sqlite3", "~> 1.3"
|
14
14
|
gem "timecop", "~> 0.6"
|
15
15
|
gem "pry", :require => false
|
data/gemfiles/rails4.1.gemfile
CHANGED
@@ -9,7 +9,7 @@ gem "capybara", ">= 2.3"
|
|
9
9
|
gem "database_cleaner", "~> 1.0"
|
10
10
|
gem "factory_girl_rails", "~> 4.2"
|
11
11
|
gem "rspec-rails", "~> 3.1"
|
12
|
-
gem "shoulda-matchers", "~> 2.
|
12
|
+
gem "shoulda-matchers", "~> 2.8"
|
13
13
|
gem "sqlite3", "~> 1.3"
|
14
14
|
gem "timecop", "~> 0.6"
|
15
15
|
gem "pry", :require => false
|
data/gemfiles/rails4.2.gemfile
CHANGED
@@ -9,7 +9,7 @@ gem "capybara", ">= 2.3"
|
|
9
9
|
gem "database_cleaner", "~> 1.0"
|
10
10
|
gem "factory_girl_rails", "~> 4.2"
|
11
11
|
gem "rspec-rails", "~> 3.1"
|
12
|
-
gem "shoulda-matchers", "~> 2.
|
12
|
+
gem "shoulda-matchers", "~> 2.8"
|
13
13
|
gem "sqlite3", "~> 1.3"
|
14
14
|
gem "timecop", "~> 0.6"
|
15
15
|
gem "pry", :require => false
|
data/lib/clearance.rb
CHANGED
@@ -10,6 +10,8 @@ require 'clearance/password_strategies'
|
|
10
10
|
require 'clearance/constraints'
|
11
11
|
|
12
12
|
module Clearance
|
13
|
+
# @deprecated Use `Gem::Specification` API if you need to access Clearance's
|
14
|
+
# Gem root.
|
13
15
|
def self.root
|
14
16
|
warn "#{Kernel.caller.first}: [DEPRECATION] `Clearance.root` is " +
|
15
17
|
"deprecated and will be removed in the next major release. If you need " +
|
@@ -1,23 +1,94 @@
|
|
1
1
|
module Clearance
|
2
2
|
class Configuration
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
3
|
+
# Controls whether the sign up route is enabled.
|
4
|
+
# Defaults to `true`. Set to `false` to disable user creation routes.
|
5
|
+
# The setting is ignored if routes are disabled.
|
6
|
+
# @param [Boolean] value
|
7
|
+
# @return [Boolean]
|
8
|
+
attr_writer :allow_sign_up
|
9
|
+
|
10
|
+
# The domain to use for the clearance remember token cookie.
|
11
|
+
# Defaults to `nil`, which causes the cookie domain to default to the
|
12
|
+
# domain of the request. For more, see
|
13
|
+
# [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.2.3).
|
14
|
+
# @return [String]
|
15
|
+
attr_accessor :cookie_domain
|
16
|
+
|
17
|
+
# A lambda called to set the remember token cookie expires attribute.
|
18
|
+
# The lambda accepts the collection of cookies as an argument which
|
19
|
+
# allows for changing the expiration according to those cookies.
|
20
|
+
# This could be used, for example, to set a session cookie unless
|
21
|
+
# a `remember_me` cookie was also present. By default, cookie expiration
|
22
|
+
# is one year. For more on cookie expiration see
|
23
|
+
# [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.2.1).
|
24
|
+
# @return [Lambda]
|
25
|
+
attr_accessor :cookie_expiration
|
26
|
+
|
27
|
+
# The name of Clearance's remember token cookie.
|
28
|
+
# Defaults to `remember_token`.
|
29
|
+
# @return [String]
|
30
|
+
attr_accessor :cookie_name
|
31
|
+
|
32
|
+
# Controls which paths the remember token cookie is valid for.
|
33
|
+
# Defaults to `"/"` for the entire domain. For more, see
|
34
|
+
# [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.1.4).
|
35
|
+
# @return [String]
|
36
|
+
attr_accessor :cookie_path
|
37
|
+
|
38
|
+
# Controls whether the HttpOnly flag should be set on the remember token
|
39
|
+
# cookie. Defaults to `false`. If `true`, the cookie will not be made
|
40
|
+
# available to JavaScript. For more see
|
41
|
+
# [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.2.6).
|
42
|
+
# @return [Boolean]
|
43
|
+
attr_accessor :httponly
|
44
|
+
|
45
|
+
# Controls the address the password reset email is sent from.
|
46
|
+
# Defaults to reply@example.com.
|
47
|
+
# @return [String]
|
48
|
+
attr_accessor :mailer_sender
|
49
|
+
|
50
|
+
# The password strategy to use when authenticating and setting passwords.
|
51
|
+
# Defaults to `Clearance::PasswordStrategies::BCrypt`.
|
52
|
+
# @return [Class #authenticated? #password=]
|
53
|
+
attr_accessor :password_strategy
|
54
|
+
|
55
|
+
# The default path Clearance will redirect signed in users to.
|
56
|
+
# Defaults to `"/"`. This can often be overridden for specific scenarios by
|
57
|
+
# overriding controller methods that rely on it.
|
58
|
+
# @return [String]
|
59
|
+
attr_accessor :redirect_url
|
60
|
+
|
61
|
+
# Set to `false` to disable Clearance's built-in routes.
|
62
|
+
# Defaults to `true`. When set to false, your app is responsible for all
|
63
|
+
# routes. You can dump a copy of Clearance's default routes with
|
64
|
+
# `rails generate clearance:routes`.
|
65
|
+
# @return [Boolean]
|
66
|
+
attr_writer :routes
|
67
|
+
|
68
|
+
# Controls the secure setting on the remember token cookie.
|
69
|
+
# Defaults to `false`. When set, the browser will only send the
|
70
|
+
# cookie to the server over HTTPS. You should set this value to true in
|
71
|
+
# live environments to prevent session hijacking. For more, see
|
72
|
+
# [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.2.5).
|
73
|
+
# @return [Boolean]
|
74
|
+
attr_accessor :secure_cookie
|
75
|
+
|
76
|
+
# The array of sign in guards to run when signing a user in.
|
77
|
+
# Defaults to an empty array. Sign in guards respond to `call` and are
|
78
|
+
# initialized with a session and the current stack. Each guard can decide
|
79
|
+
# to fail the sign in, yield to the next guard, or allow the sign in.
|
80
|
+
# @return [Array<#call>]
|
81
|
+
attr_accessor :sign_in_guards
|
82
|
+
|
83
|
+
# The ActiveRecord class that represents users in your application.
|
84
|
+
# Defualts to `::User`.
|
85
|
+
# @return [ActiveRecord::Base]
|
86
|
+
attr_accessor :user_model
|
17
87
|
|
18
88
|
def initialize
|
19
89
|
@allow_sign_up = true
|
20
90
|
@cookie_expiration = ->(cookies) { 1.year.from_now.utc }
|
91
|
+
@cookie_domain = nil
|
21
92
|
@cookie_path = '/'
|
22
93
|
@cookie_name = "remember_token"
|
23
94
|
@httponly = false
|
@@ -32,10 +103,16 @@ module Clearance
|
|
32
103
|
@user_model ||= ::User
|
33
104
|
end
|
34
105
|
|
106
|
+
# Is the user sign up route enabled?
|
107
|
+
# @return [Boolean]
|
35
108
|
def allow_sign_up?
|
36
109
|
@allow_sign_up
|
37
110
|
end
|
38
111
|
|
112
|
+
# Specifies which controller actions are allowed for user resources.
|
113
|
+
# This will be `[:create]` is `allow_sign_up` is true (the default), and
|
114
|
+
# empty otherwise.
|
115
|
+
# @return [Array<Symbol>]
|
39
116
|
def user_actions
|
40
117
|
if allow_sign_up?
|
41
118
|
[:create]
|
@@ -44,23 +121,38 @@ module Clearance
|
|
44
121
|
end
|
45
122
|
end
|
46
123
|
|
124
|
+
# The name of foreign key parameter for the configured user model.
|
125
|
+
# This is derived from the `model_name` of the `user_model` setting.
|
126
|
+
# In the default configuration, this is `user_id`.
|
127
|
+
# @return [Symbol]
|
47
128
|
def user_id_parameter
|
48
129
|
"#{user_model.model_name.singular}_id".to_sym
|
49
130
|
end
|
50
131
|
|
132
|
+
# @return [Boolean] are Clearance's built-in routes enabled?
|
51
133
|
def routes_enabled?
|
52
134
|
@routes
|
53
135
|
end
|
54
136
|
end
|
55
137
|
|
138
|
+
# @return [Clearance::Configuration] Clearance's current configuration
|
56
139
|
def self.configuration
|
57
140
|
@configuration ||= Configuration.new
|
58
141
|
end
|
59
142
|
|
143
|
+
# Set Clearance's configuration
|
144
|
+
# @param config [Clearance::Configuration]
|
60
145
|
def self.configuration=(config)
|
61
146
|
@configuration = config
|
62
147
|
end
|
63
148
|
|
149
|
+
# Modify Clearance's current configuration
|
150
|
+
# @yieldparam [Clearance::Configuration] config current Clearance config
|
151
|
+
# ```
|
152
|
+
# Clearance.configure do |config|
|
153
|
+
# config.routes = false
|
154
|
+
# end
|
155
|
+
# ```
|
64
156
|
def self.configure
|
65
157
|
yield configuration
|
66
158
|
end
|
data/lib/clearance/version.rb
CHANGED
@@ -0,0 +1,11 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe "Clearance::Controller", type: :controller do
|
4
|
+
controller(ActionController::Base) do
|
5
|
+
include Clearance::Controller
|
6
|
+
end
|
7
|
+
|
8
|
+
it "does not expose any action_methods" do
|
9
|
+
expect(controller.action_methods).to be_empty
|
10
|
+
end
|
11
|
+
end
|
@@ -2,21 +2,21 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Clearance::RackSession do
|
4
4
|
it 'injects a clearance session into the environment' do
|
5
|
-
expected_session = 'the session'
|
6
|
-
allow(expected_session).to receive(:add_cookie_to_headers)
|
7
|
-
allow(Clearance::Session).to receive(:new).and_return(expected_session)
|
8
5
|
headers = { 'X-Roaring-Lobster' => 'Red' }
|
9
|
-
|
10
6
|
app = Rack::Builder.new do
|
11
7
|
use Clearance::RackSession
|
12
8
|
run lambda { |env| Rack::Response.new(env[:clearance], 200, headers).finish }
|
13
9
|
end
|
14
10
|
|
15
11
|
env = Rack::MockRequest.env_for('/')
|
12
|
+
expected_session = "the session"
|
13
|
+
allow(expected_session).to receive(:add_cookie_to_headers)
|
14
|
+
allow(Clearance::Session).to receive(:new).
|
15
|
+
with(env).
|
16
|
+
and_return(expected_session)
|
16
17
|
|
17
18
|
response = Rack::MockResponse.new(*app.call(env))
|
18
19
|
|
19
|
-
expect(Clearance::Session).to have_received(:new).with(env)
|
20
20
|
expect(response.body).to eq expected_session
|
21
21
|
expect(expected_session).to have_received(:add_cookie_to_headers).
|
22
22
|
with(hash_including(headers))
|
@@ -9,7 +9,7 @@ describe Clearance::SessionsController do
|
|
9
9
|
|
10
10
|
it { should respond_with(:success) }
|
11
11
|
it { should render_template(:new) }
|
12
|
-
it { should_not
|
12
|
+
it { should_not set_flash }
|
13
13
|
end
|
14
14
|
|
15
15
|
context "when a user is signed in" do
|
@@ -19,7 +19,7 @@ describe Clearance::SessionsController do
|
|
19
19
|
end
|
20
20
|
|
21
21
|
it { should redirect_to(Clearance.configuration.redirect_url) }
|
22
|
-
it { should_not
|
22
|
+
it { should_not set_flash }
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clearance
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.8.
|
4
|
+
version: 1.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dan Croak
|
@@ -25,7 +25,7 @@ authors:
|
|
25
25
|
autorequire:
|
26
26
|
bindir: bin
|
27
27
|
cert_chain: []
|
28
|
-
date: 2015-
|
28
|
+
date: 2015-03-03 00:00:00.000000000 Z
|
29
29
|
dependencies:
|
30
30
|
- !ruby/object:Gem::Dependency
|
31
31
|
name: bcrypt
|
@@ -79,6 +79,7 @@ extra_rdoc_files:
|
|
79
79
|
files:
|
80
80
|
- ".gitignore"
|
81
81
|
- ".travis.yml"
|
82
|
+
- ".yardopts"
|
82
83
|
- Appraisals
|
83
84
|
- CONTRIBUTING.md
|
84
85
|
- Gemfile
|
@@ -173,6 +174,8 @@ files:
|
|
173
174
|
- spec/clearance/back_door_spec.rb
|
174
175
|
- spec/clearance/constraints/signed_in_spec.rb
|
175
176
|
- spec/clearance/constraints/signed_out_spec.rb
|
177
|
+
- spec/clearance/contoller_spec.rb
|
178
|
+
- spec/clearance/controller_spec.rb
|
176
179
|
- spec/clearance/default_sign_in_guard_spec.rb
|
177
180
|
- spec/clearance/rack_session_spec.rb
|
178
181
|
- spec/clearance/session_spec.rb
|