clearance 2.0.0.beta2 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of clearance might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6c7eb11d597ee18d41e6655e608bb82c9e774baa30e0e4f05dbcd7cc99c553e5
4
- data.tar.gz: c221f519c1191b0d8487d302db40a3c69724e6a59df5b67efd9bbaffbf2f10cf
3
+ metadata.gz: fd2d43e71f4cbe272a3a1b19577f453b986a27711e6327c6050d1170c73c09d8
4
+ data.tar.gz: ba32fcfb82fa0ab33f3764e381a2d2a93484dde956189b5395fa63b759142231
5
5
  SHA512:
6
- metadata.gz: 586d54d09d31cbdae4caf13a1aa3920559806feb92701e6e9bb73d5dcf9001790c5e73e7d0f4af9a9e2e5b4cf72ae7865e1b7013bbe8ab18235353842449ca9c
7
- data.tar.gz: 2df91d418506ba30981dec2b0139074f543193e389b1b00a79163a61c48de714ce1b480a215e98e1c13a95076d09dc271ce7f4bdb34539c822d83fc2f46d61e2
6
+ metadata.gz: 89cd499f030c7bb42c044e772eda264a899f382395b15331631dd4e7b148f173ca02b99ff232cf2f6a969ecad3ae284c341fd58f3cbd19ebf23de9f4126ae657
7
+ data.tar.gz: 51d38e93bdc439337d22c7e675f3ae826991ca40225c81309fcd8b131220b9463f7df4dd1015c72421907dd6989b60592a7d3235bb49969fcbb900a2c354ef89
@@ -1,50 +1,50 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- clearance (2.0.0.beta2)
4
+ clearance (2.0.0)
5
5
  actionmailer (>= 5.0)
6
6
  activemodel (>= 5.0)
7
7
  activerecord (>= 5.0)
8
- bcrypt
8
+ bcrypt (>= 3.1.1)
9
9
  email_validator (~> 1.4)
10
10
  railties (>= 5.0)
11
11
 
12
12
  GEM
13
13
  remote: https://rubygems.org/
14
14
  specs:
15
- actionmailer (6.0.0)
16
- actionpack (= 6.0.0)
17
- actionview (= 6.0.0)
18
- activejob (= 6.0.0)
15
+ actionmailer (6.0.1)
16
+ actionpack (= 6.0.1)
17
+ actionview (= 6.0.1)
18
+ activejob (= 6.0.1)
19
19
  mail (~> 2.5, >= 2.5.4)
20
20
  rails-dom-testing (~> 2.0)
21
- actionpack (6.0.0)
22
- actionview (= 6.0.0)
23
- activesupport (= 6.0.0)
21
+ actionpack (6.0.1)
22
+ actionview (= 6.0.1)
23
+ activesupport (= 6.0.1)
24
24
  rack (~> 2.0)
25
25
  rack-test (>= 0.6.3)
26
26
  rails-dom-testing (~> 2.0)
27
27
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
28
- actionview (6.0.0)
29
- activesupport (= 6.0.0)
28
+ actionview (6.0.1)
29
+ activesupport (= 6.0.1)
30
30
  builder (~> 3.1)
31
31
  erubi (~> 1.4)
32
32
  rails-dom-testing (~> 2.0)
33
33
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
34
- activejob (6.0.0)
35
- activesupport (= 6.0.0)
34
+ activejob (6.0.1)
35
+ activesupport (= 6.0.1)
36
36
  globalid (>= 0.3.6)
37
- activemodel (6.0.0)
38
- activesupport (= 6.0.0)
39
- activerecord (6.0.0)
40
- activemodel (= 6.0.0)
41
- activesupport (= 6.0.0)
42
- activesupport (6.0.0)
37
+ activemodel (6.0.1)
38
+ activesupport (= 6.0.1)
39
+ activerecord (6.0.1)
40
+ activemodel (= 6.0.1)
41
+ activesupport (= 6.0.1)
42
+ activesupport (6.0.1)
43
43
  concurrent-ruby (~> 1.0, >= 1.0.2)
44
44
  i18n (>= 0.7, < 2)
45
45
  minitest (~> 5.1)
46
46
  tzinfo (~> 1.1)
47
- zeitwerk (~> 2.1, >= 2.1.8)
47
+ zeitwerk (~> 2.2)
48
48
  addressable (2.6.0)
49
49
  public_suffix (>= 2.0.2, < 4.0)
50
50
  ammeter (1.1.4)
@@ -67,22 +67,22 @@ GEM
67
67
  xpath (~> 3.2)
68
68
  coderay (1.1.2)
69
69
  concurrent-ruby (1.1.5)
70
- crass (1.0.4)
70
+ crass (1.0.5)
71
71
  database_cleaner (1.7.0)
72
72
  diff-lcs (1.3)
73
73
  email_validator (1.6.0)
74
74
  activemodel
75
- erubi (1.8.0)
76
- factory_bot (5.0.2)
75
+ erubi (1.9.0)
76
+ factory_bot (5.1.1)
77
77
  activesupport (>= 4.2.0)
78
- factory_bot_rails (5.0.2)
79
- factory_bot (~> 5.0.2)
78
+ factory_bot_rails (5.1.1)
79
+ factory_bot (~> 5.1.0)
80
80
  railties (>= 4.2.0)
81
81
  globalid (0.4.2)
82
82
  activesupport (>= 4.2.0)
83
- i18n (1.6.0)
83
+ i18n (1.7.0)
84
84
  concurrent-ruby (~> 1.0)
85
- loofah (2.2.3)
85
+ loofah (2.3.1)
86
86
  crass (~> 1.0.2)
87
87
  nokogiri (>= 1.5.9)
88
88
  mail (2.7.1)
@@ -90,8 +90,8 @@ GEM
90
90
  method_source (0.9.2)
91
91
  mini_mime (1.0.2)
92
92
  mini_portile2 (2.4.0)
93
- minitest (5.11.3)
94
- nokogiri (1.10.4)
93
+ minitest (5.13.0)
94
+ nokogiri (1.10.5)
95
95
  mini_portile2 (~> 2.4.0)
96
96
  pry (0.12.2)
97
97
  coderay (~> 1.1.0)
@@ -103,33 +103,33 @@ GEM
103
103
  rails-dom-testing (2.0.3)
104
104
  activesupport (>= 4.2.0)
105
105
  nokogiri (>= 1.6)
106
- rails-html-sanitizer (1.2.0)
107
- loofah (~> 2.2, >= 2.2.2)
108
- railties (6.0.0)
109
- actionpack (= 6.0.0)
110
- activesupport (= 6.0.0)
106
+ rails-html-sanitizer (1.3.0)
107
+ loofah (~> 2.3)
108
+ railties (6.0.1)
109
+ actionpack (= 6.0.1)
110
+ activesupport (= 6.0.1)
111
111
  method_source
112
112
  rake (>= 0.8.7)
113
113
  thor (>= 0.20.3, < 2.0)
114
- rake (12.3.3)
114
+ rake (13.0.1)
115
115
  regexp_parser (1.6.0)
116
- rspec-core (3.8.2)
117
- rspec-support (~> 3.8.0)
118
- rspec-expectations (3.8.4)
116
+ rspec-core (3.9.0)
117
+ rspec-support (~> 3.9.0)
118
+ rspec-expectations (3.9.0)
119
119
  diff-lcs (>= 1.2.0, < 2.0)
120
- rspec-support (~> 3.8.0)
121
- rspec-mocks (3.8.1)
120
+ rspec-support (~> 3.9.0)
121
+ rspec-mocks (3.9.0)
122
122
  diff-lcs (>= 1.2.0, < 2.0)
123
- rspec-support (~> 3.8.0)
124
- rspec-rails (3.8.2)
123
+ rspec-support (~> 3.9.0)
124
+ rspec-rails (3.9.0)
125
125
  actionpack (>= 3.0)
126
126
  activesupport (>= 3.0)
127
127
  railties (>= 3.0)
128
- rspec-core (~> 3.8.0)
129
- rspec-expectations (~> 3.8.0)
130
- rspec-mocks (~> 3.8.0)
131
- rspec-support (~> 3.8.0)
132
- rspec-support (3.8.2)
128
+ rspec-core (~> 3.9.0)
129
+ rspec-expectations (~> 3.9.0)
130
+ rspec-mocks (~> 3.9.0)
131
+ rspec-support (~> 3.9.0)
132
+ rspec-support (3.9.0)
133
133
  shoulda-matchers (4.1.2)
134
134
  activesupport (>= 4.2.0)
135
135
  thor (0.20.3)
@@ -139,7 +139,7 @@ GEM
139
139
  thread_safe (~> 0.1)
140
140
  xpath (3.2.0)
141
141
  nokogiri (~> 1.8)
142
- zeitwerk (2.1.10)
142
+ zeitwerk (2.2.1)
143
143
 
144
144
  PLATFORMS
145
145
  ruby
data/NEWS.md CHANGED
@@ -3,15 +3,19 @@
3
3
  The noteworthy changes for each Clearance version are included here. For a
4
4
  complete changelog, see the git history for each version via the version links.
5
5
 
6
- ## [2.0.0.beta2] - September 17, 2019
6
+ ## [2.0.0] - November 12, 2019
7
7
 
8
8
  ### Added
9
9
 
10
10
  - Add support for Rails version 6
11
11
  - Allow `cookie_domain` to be configured with a lambda for custom configuration
12
+ - Add ability to configure BCrypt computational cost of hash calculation.
13
+ - Add `same_site` configuration option for increased CSRF protection.
12
14
 
13
15
  ### Fixed
14
16
 
17
+ - Fix issue where invalid params could raise `NoMethodError` when updating and
18
+ resetting passwords.
15
19
  - The backdoor auth mechanism now supports scenarios where `Rails.env` has been
16
20
  configured via env variables other than `RAILS_ENV` (`RACK_ENV` for example).
17
21
 
@@ -19,15 +23,6 @@ complete changelog, see the git history for each version via the version links.
19
23
 
20
24
  - Removed support for Ruby versions older than 2.4
21
25
  - Removed support for Rails versions older than 5.0
22
-
23
- [2.0.0.beta2]: https://github.com/thoughtbot/clearance/compare/v2.0.0.beta1...v2.0.0.beta2
24
-
25
- ## [2.0.0.beta1] - April 12, 2019
26
-
27
- ### Removed
28
-
29
- - Removed support for Ruby versions older than 2.3
30
- - Removed support for Rails versions older than 4.2
31
26
  - Removed all deprecated code from Clearance 1.x
32
27
 
33
28
  ### Changed
@@ -35,7 +30,7 @@ complete changelog, see the git history for each version via the version links.
35
30
  - Flash messages now use `flash[:alert]` rather than `flash[:notice]` as they
36
31
  were used as errors more often than notices.
37
32
 
38
- [2.0.0.beta1]: https://github.com/thoughtbot/clearance/compare/v1.17.0...v2.0.0.beta1
33
+ [2.0.0]: https://github.com/thoughtbot/clearance/compare/v1.17.0...v2.0.0
39
34
 
40
35
  ## [1.17.0] - April 11, 2019
41
36
 
data/README.md CHANGED
@@ -19,7 +19,7 @@ monitored by contributors.
19
19
 
20
20
  ## Getting Started
21
21
 
22
- Clearance is a Rails engine tested against Rails `>= 3.2` and Ruby `>= 1.9.3`.
22
+ Clearance is a Rails engine tested against Rails `>= 5.0` and Ruby `>= 2.4.0`.
23
23
 
24
24
  You can add it to your Gemfile with:
25
25
 
@@ -281,6 +281,13 @@ for access to additional, user-contributed translations.
281
281
  See [lib/clearance/user.rb](/lib/clearance/user.rb) for the default behavior.
282
282
  You can override those methods as needed.
283
283
 
284
+ Note that there are some model-level validations (see above link for detail)
285
+ which the `Clearance::User` module will add to the configured model class and
286
+ which may conflict with or duplicate already present validations on the `email`
287
+ and `password` attributes. Over-riding the `email_optional?` or
288
+ `skip_password_validation?` methods to return `true` will disable those
289
+ validations from being added.
290
+
284
291
  ### Deliver Email in Background Job
285
292
 
286
293
  Clearance has a password reset mailer. If you are using Rails 4.2 and Clearance
@@ -31,7 +31,7 @@ class Clearance::PasswordsController < Clearance::BaseController
31
31
  def update
32
32
  @user = find_user_for_update
33
33
 
34
- if @user.update_password password_reset_params
34
+ if @user.update_password(password_from_password_reset_params)
35
35
  sign_in @user
36
36
  redirect_to url_after_update
37
37
  session[:password_reset_token] = nil
@@ -48,8 +48,8 @@ class Clearance::PasswordsController < Clearance::BaseController
48
48
  mail.deliver_later
49
49
  end
50
50
 
51
- def password_reset_params
52
- params[:password_reset][:password]
51
+ def password_from_password_reset_params
52
+ params.dig(:password_reset, :password)
53
53
  end
54
54
 
55
55
  def find_user_by_id_and_confirmation_token
@@ -60,9 +60,13 @@ class Clearance::PasswordsController < Clearance::BaseController
60
60
  find_by_id_and_confirmation_token params[user_param], token.to_s
61
61
  end
62
62
 
63
+ def email_from_password_params
64
+ params.dig(:password, :email)
65
+ end
66
+
63
67
  def find_user_for_create
64
68
  Clearance.configuration.user_model.
65
- find_by_normalized_email params[:password][:email]
69
+ find_by_normalized_email(email_from_password_params)
66
70
  end
67
71
 
68
72
  def find_user_for_edit
@@ -2,7 +2,7 @@ $LOAD_PATH.push File.expand_path('../lib', __FILE__)
2
2
  require 'clearance/version'
3
3
 
4
4
  Gem::Specification.new do |s|
5
- s.add_dependency 'bcrypt'
5
+ s.add_dependency 'bcrypt', '>= 3.1.1'
6
6
  s.add_dependency 'email_validator', '~> 1.4'
7
7
  s.add_dependency 'railties', '>= 5.0'
8
8
  s.add_dependency 'activemodel', '>= 5.0'
@@ -42,6 +42,16 @@ module Clearance
42
42
  # @return [Boolean]
43
43
  attr_accessor :httponly
44
44
 
45
+ # Same-site cookies ("First-Party-Only" or "First-Party") allow servers to
46
+ # mitigate the risk of CSRF and information leakage attacks by asserting
47
+ # that a particular cookie should only be sent with requests initiated from
48
+ # the same registrable domain.
49
+ # Defaults to `nil`. For more, see
50
+ # [RFC6265](https://tools.ietf.org/html/draft-west-first-party-cookies-06#section-4.1.1).
51
+ # and https://github.com/rack/rack/blob/6eda04886e3a57918ca2d6a482fda02a678fef0a/lib/rack/utils.rb#L232-L244
52
+ # @return [String]
53
+ attr_accessor :same_site
54
+
45
55
  # Controls the address the password reset email is sent from.
46
56
  # Defaults to reply@example.com.
47
57
  # @return [String]
@@ -103,6 +113,7 @@ module Clearance
103
113
  @cookie_name = "remember_token"
104
114
  @cookie_path = '/'
105
115
  @httponly = true
116
+ @same_site = nil
106
117
  @mailer_sender = 'reply@example.com'
107
118
  @redirect_url = '/'
108
119
  @rotate_csrf_on_sign_in = nil
@@ -2,10 +2,14 @@ module Clearance
2
2
  module PasswordStrategies
3
3
  # Uses BCrypt to authenticate users and store encrypted passwords.
4
4
  #
5
- # The BCrypt cost (the measure of how many key expansion iterations BCrypt
6
- # will perform) is automatically set to the minimum allowed value when
7
- # Rails is operating in the test environment and the default cost in all
8
- # other envionments. This provides a speed boost in tests.
5
+ # BCrypt has a `cost` argument which determines how computationally
6
+ # expensive the hash is to calculate. The higher the cost, the harder it is
7
+ # for attackers to crack passwords even if they posess a database dump of
8
+ # the encrypted passwords. Clearance uses the `bcrypt-ruby` default cost
9
+ # except in the test environment, where it uses the minimum cost value for
10
+ # speed. If you wish to increase the cost over the default, you can do so
11
+ # by setting a higher cost in an initializer:
12
+ # `BCrypt::Engine.cost = 12`
9
13
  module BCrypt
10
14
  require 'bcrypt'
11
15
 
@@ -19,18 +23,20 @@ module Clearance
19
23
  @password = new_password
20
24
 
21
25
  if new_password.present?
22
- cost = if defined?(::Rails) && ::Rails.env.test?
23
- ::BCrypt::Engine::MIN_COST
24
- else
25
- ::BCrypt::Engine::DEFAULT_COST
26
- end
27
-
28
26
  self.encrypted_password = ::BCrypt::Password.create(
29
27
  new_password,
30
- cost: cost,
28
+ cost: configured_bcrypt_cost,
31
29
  )
32
30
  end
33
31
  end
32
+
33
+ def configured_bcrypt_cost
34
+ if defined?(::Rails) && ::Rails.env.test?
35
+ ::BCrypt::Engine::MIN_COST
36
+ else
37
+ ::BCrypt::Engine.cost
38
+ end
39
+ end
34
40
  end
35
41
  end
36
42
  end
@@ -147,7 +147,7 @@ module Clearance
147
147
  guards = Clearance.configuration.sign_in_guards
148
148
 
149
149
  guards.inject(default_guard) do |stack, guard_class|
150
- guard_class.new(self, stack)
150
+ guard_class.to_s.constantize.new(self, stack)
151
151
  end
152
152
  end
153
153
 
@@ -157,6 +157,7 @@ module Clearance
157
157
  domain: domain,
158
158
  expires: remember_token_expires,
159
159
  httponly: Clearance.configuration.httponly,
160
+ same_site: Clearance.configuration.same_site,
160
161
  path: Clearance.configuration.cookie_path,
161
162
  secure: Clearance.configuration.secure_cookie,
162
163
  value: remember_token,
@@ -78,12 +78,8 @@ module Clearance
78
78
  @controller.request.env[:clearance]
79
79
  end
80
80
 
81
- def flash_alert
82
- @controller.flash[:alert]
83
- end
84
-
85
81
  def flash_alert_value
86
- flash_alert.values.first
82
+ @controller.flash[:alert]
87
83
  end
88
84
 
89
85
  def redirects_to_url?
@@ -1,3 +1,3 @@
1
1
  module Clearance
2
- VERSION = "2.0.0.beta2".freeze
2
+ VERSION = "2.0.0".freeze
3
3
  end
@@ -129,6 +129,12 @@ describe Clearance::Session do
129
129
 
130
130
  def stub_guard_class(guard)
131
131
  double("guard_class").tap do |guard_class|
132
+ allow(guard_class).to receive(:to_s).
133
+ and_return(guard_class)
134
+
135
+ allow(guard_class).to receive(:constantize).
136
+ and_return(guard_class)
137
+
132
138
  allow(guard_class).to receive(:new).
133
139
  with(session, stub_default_sign_in_guard).
134
140
  and_return(guard)
@@ -170,6 +176,31 @@ describe Clearance::Session do
170
176
  end
171
177
  end
172
178
 
179
+ context "if same_site is set" do
180
+ before do
181
+ Clearance.configuration.same_site = :lax
182
+ session.sign_in(user)
183
+ end
184
+
185
+ it "sets a same-site cookie" do
186
+ session.add_cookie_to_headers(headers)
187
+
188
+ expect(headers["Set-Cookie"]).to match(/remember_token=.+; SameSite/)
189
+ end
190
+ end
191
+
192
+ context "if same_site is not set" do
193
+ before do
194
+ session.sign_in(user)
195
+ end
196
+
197
+ it "sets a standard cookie" do
198
+ session.add_cookie_to_headers(headers)
199
+
200
+ expect(headers["Set-Cookie"]).to_not match(/remember_token=.+; SameSite/)
201
+ end
202
+ end
203
+
173
204
  describe 'remember token cookie expiration' do
174
205
  context 'default configuration' do
175
206
  it 'is set to 1 year from now' do
@@ -0,0 +1,32 @@
1
+ require "spec_helper"
2
+
3
+ class PretendFriendsController < ActionController::Base
4
+ include Clearance::Controller
5
+ before_action :require_login
6
+
7
+ def index
8
+ end
9
+ end
10
+
11
+ describe PretendFriendsController, type: :controller do
12
+ before do
13
+ Rails.application.routes.draw do
14
+ resources :pretend_friends, only: :index
15
+ get "/sign_in" => "clearance/sessions#new", as: "sign_in"
16
+ end
17
+ end
18
+
19
+ after do
20
+ Rails.application.reload_routes!
21
+ end
22
+
23
+ it "checks contents of deny access flash" do
24
+ get :index
25
+
26
+ expect(subject).to deny_access(flash: failure_message)
27
+ end
28
+
29
+ def failure_message
30
+ I18n.t("flashes.failure_when_not_signed_in")
31
+ end
32
+ end
@@ -37,6 +37,16 @@ describe Clearance::PasswordsController do
37
37
  end
38
38
  end
39
39
 
40
+ context "email param is missing" do
41
+ it "does not raise error" do
42
+ expect do
43
+ post :create, params: {
44
+ password: {},
45
+ }
46
+ end.not_to raise_error
47
+ end
48
+ end
49
+
40
50
  context "email does not belong to an existing user" do
41
51
  it "does not deliver an email" do
42
52
  ActionMailer::Base.deliveries.clear
@@ -166,6 +176,18 @@ describe Clearance::PasswordsController do
166
176
  expect(user.confirmation_token).to be_present
167
177
  end
168
178
 
179
+ it "does not raise NoMethodError from incomplete password_reset params" do
180
+ user = create(:user, :with_forgotten_password)
181
+
182
+ expect do
183
+ put :update, params: {
184
+ user_id: user,
185
+ token: user.confirmation_token,
186
+ password_reset: {},
187
+ }
188
+ end.not_to raise_error
189
+ end
190
+
169
191
  it "re-renders the password edit form" do
170
192
  user = create(:user, :with_forgotten_password)
171
193
 
@@ -22,10 +22,23 @@ describe Clearance::PasswordStrategies::BCrypt do
22
22
 
23
23
  expect(BCrypt::Password).to have_received(:create).with(
24
24
  password,
25
- cost: ::BCrypt::Engine::DEFAULT_COST
25
+ cost: ::BCrypt::Engine::DEFAULT_COST,
26
26
  )
27
27
  end
28
28
 
29
+ it "uses an explicity configured BCrypt cost" do
30
+ stub_bcrypt_cost(8)
31
+ bcrypt_password = BCrypt::Password.create(password, cost: nil)
32
+
33
+ expect(bcrypt_password.cost).to eq(8)
34
+ end
35
+
36
+ it "uses the default BCrypt cost value implicitly" do
37
+ bcrypt_password = BCrypt::Password.create(password, cost: nil)
38
+
39
+ expect(bcrypt_password.cost).to eq(BCrypt::Engine::DEFAULT_COST)
40
+ end
41
+
29
42
  it "encrypts with BCrypt using minimum cost in test environment" do
30
43
  stub_bcrypt_password
31
44
  model_instance = fake_model_with_bcrypt_strategy
@@ -42,6 +55,10 @@ describe Clearance::PasswordStrategies::BCrypt do
42
55
  allow(BCrypt::Password).to receive(:create).and_return(encrypted_password)
43
56
  end
44
57
 
58
+ def stub_bcrypt_cost(cost)
59
+ allow(BCrypt::Engine).to receive(:cost).and_return(cost)
60
+ end
61
+
45
62
  def encrypted_password
46
63
  @encrypted_password ||= double("encrypted password")
47
64
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clearance
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0.beta2
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dan Croak
@@ -25,7 +25,7 @@ authors:
25
25
  autorequire:
26
26
  bindir: bin
27
27
  cert_chain: []
28
- date: 2019-09-17 00:00:00.000000000 Z
28
+ date: 2019-11-12 00:00:00.000000000 Z
29
29
  dependencies:
30
30
  - !ruby/object:Gem::Dependency
31
31
  name: bcrypt
@@ -33,14 +33,14 @@ dependencies:
33
33
  requirements:
34
34
  - - ">="
35
35
  - !ruby/object:Gem::Version
36
- version: '0'
36
+ version: 3.1.1
37
37
  type: :runtime
38
38
  prerelease: false
39
39
  version_requirements: !ruby/object:Gem::Requirement
40
40
  requirements:
41
41
  - - ">="
42
42
  - !ruby/object:Gem::Version
43
- version: '0'
43
+ version: 3.1.1
44
44
  - !ruby/object:Gem::Dependency
45
45
  name: email_validator
46
46
  requirement: !ruby/object:Gem::Requirement
@@ -222,6 +222,7 @@ files:
222
222
  - spec/clearance/session_spec.rb
223
223
  - spec/clearance/sign_in_guard_spec.rb
224
224
  - spec/clearance/testing/controller_helpers_spec.rb
225
+ - spec/clearance/testing/deny_access_matcher_spec.rb
225
226
  - spec/clearance/testing/view_helpers_spec.rb
226
227
  - spec/clearance/token_spec.rb
227
228
  - spec/configuration_spec.rb
@@ -276,9 +277,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
276
277
  version: 2.4.0
277
278
  required_rubygems_version: !ruby/object:Gem::Requirement
278
279
  requirements:
279
- - - ">"
280
+ - - ">="
280
281
  - !ruby/object:Gem::Version
281
- version: 1.3.1
282
+ version: '0'
282
283
  requirements: []
283
284
  rubygems_version: 3.0.3
284
285
  signing_key: