clearance 1.8.0 → 1.8.1

data/app/controllers/clearance/sessions_controller.rb

@@ -2,7 +2,6 @@ class Clearance::SessionsController < Clearance::BaseController
   before_filter :redirect_signed_in_users, only: [:new]
   skip_before_filter :require_login, only: [:create, :new, :destroy]
   skip_before_filter :authorize, only: [:create, :new, :destroy]
-  protect_from_forgery except: :create
 
   def create
     @user = authenticate(params)

data/gemfiles/rails4.0.gemfile

@@ -9,7 +9,7 @@ gem "capybara", ">= 2.3"
 gem "database_cleaner", "~> 1.0"
 gem "factory_girl_rails", "~> 4.2"
 gem "rspec-rails", "~> 3.1"
-gem "shoulda-matchers", "~> 2.4"
+gem "shoulda-matchers", "~> 2.8"
 gem "sqlite3", "~> 1.3"
 gem "timecop", "~> 0.6"
 gem "pry", :require => false

data/gemfiles/rails4.1.gemfile

@@ -9,7 +9,7 @@ gem "capybara", ">= 2.3"
 gem "database_cleaner", "~> 1.0"
 gem "factory_girl_rails", "~> 4.2"
 gem "rspec-rails", "~> 3.1"
-gem "shoulda-matchers", "~> 2.4"
+gem "shoulda-matchers", "~> 2.8"
 gem "sqlite3", "~> 1.3"
 gem "timecop", "~> 0.6"
 gem "pry", :require => false

data/gemfiles/rails4.2.gemfile

@@ -9,7 +9,7 @@ gem "capybara", ">= 2.3"
 gem "database_cleaner", "~> 1.0"
 gem "factory_girl_rails", "~> 4.2"
 gem "rspec-rails", "~> 3.1"
-gem "shoulda-matchers", "~> 2.4"
+gem "shoulda-matchers", "~> 2.8"
 gem "sqlite3", "~> 1.3"
 gem "timecop", "~> 0.6"
 gem "pry", :require => false

data/lib/clearance.rb

@@ -10,6 +10,8 @@ require 'clearance/password_strategies'
 require 'clearance/constraints'
 
 module Clearance
+  # @deprecated Use `Gem::Specification` API if you need to access Clearance's
+  #   Gem root.
   def self.root
     warn "#{Kernel.caller.first}: [DEPRECATION] `Clearance.root` is " +
       "deprecated and will be removed in the next major release. If you need " +

data/lib/clearance/authentication.rb

@@ -5,8 +5,10 @@ module Clearance
     included do
       helper_method :current_user, :signed_in?, :signed_out?
       hide_action(
+        :authenticate,
         :current_user,
         :current_user=,
+        :handle_unverified_request,
         :sign_in,
         :sign_out,
         :signed_in?,

data/lib/clearance/configuration.rb

@@ -1,23 +1,94 @@
 module Clearance
   class Configuration
-    attr_writer :allow_sign_up, :routes
-
-    attr_accessor \
-      :cookie_domain,
-      :cookie_expiration,
-      :cookie_name,
-      :cookie_path,
-      :httponly,
-      :mailer_sender,
-      :password_strategy,
-      :redirect_url,
-      :secure_cookie,
-      :sign_in_guards,
-      :user_model
+    # Controls whether the sign up route is enabled.
+    # Defaults to `true`. Set to `false` to disable user creation routes.
+    # The setting is ignored if routes are disabled.
+    # @param [Boolean] value
+    # @return [Boolean]
+    attr_writer :allow_sign_up
+
+    # The domain to use for the clearance remember token cookie.
+    # Defaults to `nil`, which causes the cookie domain to default to the
+    # domain of the request. For more, see
+    # [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.2.3).
+    # @return [String]
+    attr_accessor :cookie_domain
+
+    # A lambda called to set the remember token cookie expires attribute.
+    # The lambda accepts the collection of cookies as an argument which
+    # allows for changing the expiration according to those cookies.
+    # This could be used, for example, to set a session cookie unless
+    # a `remember_me` cookie was also present. By default, cookie expiration
+    # is one year. For more on cookie expiration see
+    # [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.2.1).
+    # @return [Lambda]
+    attr_accessor :cookie_expiration
+
+    # The name of Clearance's remember token cookie.
+    # Defaults to `remember_token`.
+    # @return [String]
+    attr_accessor :cookie_name
+
+    # Controls which paths the remember token cookie is valid for.
+    # Defaults to `"/"` for the entire domain. For more, see
+    # [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.1.4).
+    # @return [String]
+    attr_accessor :cookie_path
+
+    # Controls whether the  HttpOnly flag should be set on the remember token
+    # cookie. Defaults to `false`. If `true`, the cookie will not be made
+    # available to JavaScript. For more see
+    # [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.2.6).
+    # @return [Boolean]
+    attr_accessor :httponly
+
+    # Controls the address the password reset email is sent from.
+    # Defaults to reply@example.com.
+    # @return [String]
+    attr_accessor :mailer_sender
+
+    # The password strategy to use when authenticating and setting passwords.
+    # Defaults to `Clearance::PasswordStrategies::BCrypt`.
+    # @return [Class #authenticated? #password=]
+    attr_accessor :password_strategy
+
+    # The default path Clearance will redirect signed in users to.
+    # Defaults to `"/"`. This can often be overridden for specific scenarios by
+    # overriding controller methods that rely on it.
+    # @return [String]
+    attr_accessor :redirect_url
+
+    # Set to `false` to disable Clearance's built-in routes.
+    # Defaults to `true`. When set to false, your app is responsible for all
+    # routes. You can dump a copy of Clearance's default routes with
+    # `rails generate clearance:routes`.
+    # @return [Boolean]
+    attr_writer :routes
+
+    # Controls the secure setting on the remember token cookie.
+    # Defaults to `false`. When set, the browser will only send the
+    # cookie to the server over HTTPS. You should set this value to true in
+    # live environments to prevent session hijacking. For more, see
+    # [RFC6265](http://tools.ietf.org/html/rfc6265#section-5.2.5).
+    # @return [Boolean]
+    attr_accessor :secure_cookie
+
+    # The array of sign in guards to run when signing a user in.
+    # Defaults to an empty array. Sign in guards respond to `call` and are
+    # initialized with a session and the current stack. Each guard can decide
+    # to fail the sign in, yield to the next guard, or allow the sign in.
+    # @return [Array<#call>]
+    attr_accessor :sign_in_guards
+
+    # The ActiveRecord class that represents users in your application.
+    # Defualts to `::User`.
+    # @return [ActiveRecord::Base]
+    attr_accessor :user_model
 
     def initialize
       @allow_sign_up = true
       @cookie_expiration = ->(cookies) { 1.year.from_now.utc }
+      @cookie_domain = nil
       @cookie_path = '/'
       @cookie_name = "remember_token"
       @httponly = false
@@ -32,10 +103,16 @@ module Clearance
       @user_model ||= ::User
     end
 
+    # Is the user sign up route enabled?
+    # @return [Boolean]
     def allow_sign_up?
       @allow_sign_up
     end
 
+    # Specifies which controller actions are allowed for user resources.
+    # This will be `[:create]` is `allow_sign_up` is true (the default), and
+    # empty otherwise.
+    # @return [Array<Symbol>]
     def  user_actions
       if allow_sign_up?
         [:create]
@@ -44,23 +121,38 @@ module Clearance
       end
     end
 
+    # The name of foreign key parameter for the configured user model.
+    # This is derived from the `model_name` of the `user_model` setting.
+    # In the default configuration, this is `user_id`.
+    # @return [Symbol]
     def user_id_parameter
       "#{user_model.model_name.singular}_id".to_sym
     end
 
+    # @return [Boolean] are Clearance's built-in routes enabled?
     def routes_enabled?
       @routes
     end
   end
 
+  # @return [Clearance::Configuration] Clearance's current configuration
   def self.configuration
     @configuration ||= Configuration.new
   end
 
+  # Set Clearance's configuration
+  # @param config [Clearance::Configuration]
   def self.configuration=(config)
     @configuration = config
   end
 
+  # Modify Clearance's current configuration
+  # @yieldparam [Clearance::Configuration] config current Clearance config
+  # ```
+  # Clearance.configure do |config|
+  #   config.routes = false
+  # end
+  # ```
   def self.configure
     yield configuration
   end

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "1.8.0"
+  VERSION = "1.8.1"
 end

data/spec/app_templates/testapp/config/initializers/action_mailer.rb

@@ -1,3 +1 @@
-Rails.application.config.action_mailer.default_url_options = {
-  host: "localhost"
-}
+ActionMailer::Base.default_url_options[:host] = "localhost"

data/spec/clearance/contoller_spec.rb

@@ -0,0 +1,11 @@
+require "spec_helper"
+
+describe "Clearance::Controller", type: :controller do
+  controller(ActionController::Base) do
+    include Clearance::Controller
+  end
+
+  it "does not expose any action_methods" do
+    expect(controller.action_methods).to be_empty
+  end
+end

data/spec/clearance/controller_spec.rb

@@ -0,0 +1,11 @@
+require "spec_helper"
+
+describe Clearance::Controller, type: :controller do
+  controller(ActionController::Base) do
+    include Clearance::Controller
+  end
+
+  it "exposes no action methods" do
+    expect(controller.action_methods).to be_empty
+  end
+end

data/spec/clearance/rack_session_spec.rb

@@ -2,21 +2,21 @@ require 'spec_helper'
 
 describe Clearance::RackSession do
   it 'injects a clearance session into the environment' do
-    expected_session = 'the session'
-    allow(expected_session).to receive(:add_cookie_to_headers)
-    allow(Clearance::Session).to receive(:new).and_return(expected_session)
     headers = { 'X-Roaring-Lobster' => 'Red' }
-
     app = Rack::Builder.new do
       use Clearance::RackSession
       run lambda { |env| Rack::Response.new(env[:clearance], 200, headers).finish }
     end
 
     env = Rack::MockRequest.env_for('/')
+    expected_session = "the session"
+    allow(expected_session).to receive(:add_cookie_to_headers)
+    allow(Clearance::Session).to receive(:new).
+      with(env).
+      and_return(expected_session)
 
     response = Rack::MockResponse.new(*app.call(env))
 
-    expect(Clearance::Session).to have_received(:new).with(env)
     expect(response.body).to eq expected_session
     expect(expected_session).to have_received(:add_cookie_to_headers).
       with(hash_including(headers))

data/spec/controllers/sessions_controller_spec.rb

@@ -9,7 +9,7 @@ describe Clearance::SessionsController do
 
       it { should respond_with(:success) }
       it { should render_template(:new) }
-      it { should_not set_the_flash }
+      it { should_not set_flash }
     end
 
     context "when a user is signed in" do
@@ -19,7 +19,7 @@ describe Clearance::SessionsController do
       end
 
       it { should redirect_to(Clearance.configuration.redirect_url) }
-      it { should_not set_the_flash }
+      it { should_not set_flash }
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.8.1
 platform: ruby
 authors:
 - Dan Croak
@@ -25,7 +25,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-23 00:00:00.000000000 Z
+date: 2015-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -79,6 +79,7 @@ extra_rdoc_files:
 files:
 - ".gitignore"
 - ".travis.yml"
+- ".yardopts"
 - Appraisals
 - CONTRIBUTING.md
 - Gemfile
@@ -173,6 +174,8 @@ files:
 - spec/clearance/back_door_spec.rb
 - spec/clearance/constraints/signed_in_spec.rb
 - spec/clearance/constraints/signed_out_spec.rb
+- spec/clearance/contoller_spec.rb
+- spec/clearance/controller_spec.rb
 - spec/clearance/default_sign_in_guard_spec.rb
 - spec/clearance/rack_session_spec.rb
 - spec/clearance/session_spec.rb