clearance 2.0.0 → 2.3.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.erb-lint.yml +5 -0
- data/.github/workflows/tests.yml +52 -0
- data/Appraisals +14 -19
- data/Gemfile +11 -7
- data/Gemfile.lock +142 -87
- data/NEWS.md +94 -0
- data/README.md +4 -24
- data/RELEASING.md +25 -0
- data/Rakefile +6 -1
- data/app/controllers/clearance/base_controller.rb +8 -1
- data/app/controllers/clearance/passwords_controller.rb +16 -3
- data/app/views/clearance_mailer/change_password.html.erb +2 -2
- data/app/views/clearance_mailer/change_password.text.erb +2 -2
- data/app/views/passwords/edit.html.erb +1 -1
- data/clearance.gemspec +9 -2
- data/config/locales/clearance.en.yml +1 -0
- data/config/routes.rb +1 -1
- data/gemfiles/rails_5.0.gemfile +10 -9
- data/gemfiles/rails_5.1.gemfile +11 -10
- data/gemfiles/rails_5.2.gemfile +11 -10
- data/gemfiles/rails_6.0.gemfile +11 -10
- data/gemfiles/rails_6.1.gemfile +21 -0
- data/lib/clearance/authentication.rb +1 -1
- data/lib/clearance/back_door.rb +2 -1
- data/lib/clearance/configuration.rb +37 -18
- data/lib/clearance/password_strategies.rb +2 -5
- data/lib/clearance/password_strategies/argon2.rb +23 -0
- data/lib/clearance/rack_session.rb +5 -1
- data/lib/clearance/session.rb +40 -12
- data/lib/clearance/user.rb +12 -3
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/install_generator.rb +13 -0
- data/lib/generators/clearance/install/templates/README +10 -4
- data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb.erb +1 -1
- data/lib/generators/clearance/install/templates/db/migrate/create_users.rb.erb +1 -1
- data/lib/generators/clearance/routes/templates/routes.rb +1 -1
- data/spec/acceptance/clearance_installation_spec.rb +0 -4
- data/spec/app_templates/app/models/user.rb +1 -1
- data/spec/app_templates/testapp/app/views/layouts/application.html.erb +24 -0
- data/spec/clearance/back_door_spec.rb +20 -4
- data/spec/clearance/rack_session_spec.rb +3 -2
- data/spec/clearance/session_spec.rb +154 -51
- data/spec/configuration_spec.rb +60 -14
- data/spec/controllers/passwords_controller_spec.rb +19 -5
- data/spec/dummy/app/controllers/application_controller.rb +1 -1
- data/spec/generators/clearance/install/install_generator_spec.rb +36 -1
- data/spec/generators/clearance/views/views_generator_spec.rb +0 -1
- data/spec/mailers/clearance_mailer_spec.rb +33 -0
- data/spec/models/user_spec.rb +34 -5
- data/spec/password_strategies/argon2_spec.rb +79 -0
- data/spec/requests/authentication_cookie_spec.rb +55 -0
- data/spec/spec_helper.rb +0 -1
- data/spec/support/clearance.rb +11 -0
- data/spec/support/generator_spec_helpers.rb +1 -5
- data/spec/support/request_with_remember_token.rb +8 -6
- metadata +42 -12
- data/.travis.yml +0 -32
- data/app/views/layouts/application.html.erb +0 -23
- data/spec/app_templates/app/models/rails5/user.rb +0 -5
data/spec/support/clearance.rb
CHANGED
@@ -4,6 +4,17 @@ Clearance.configure do |config|
|
|
4
4
|
# need an empty block to initialize the configuration object
|
5
5
|
end
|
6
6
|
|
7
|
+
# NOTE: to run the entire suite with signed cookies
|
8
|
+
# you can set the signed_cookie default to true
|
9
|
+
# and run all specs.
|
10
|
+
# However, to fake the actual signing process you
|
11
|
+
# can monkey-patch ActionDispatch so signed cookies
|
12
|
+
# behave like normal ones
|
13
|
+
#
|
14
|
+
# class ActionDispatch::Cookies::CookieJar
|
15
|
+
# def signed; self; end
|
16
|
+
# end
|
17
|
+
|
7
18
|
module Clearance
|
8
19
|
module Test
|
9
20
|
module Redirects
|
@@ -18,7 +18,7 @@ module GeneratorSpecHelpers
|
|
18
18
|
end
|
19
19
|
|
20
20
|
def provide_existing_user_class
|
21
|
-
copy_to_generator_root("app/models",
|
21
|
+
copy_to_generator_root("app/models", "user.rb")
|
22
22
|
allow(File).to receive(:exist?).and_call_original
|
23
23
|
allow(File).to receive(:exist?).with("app/models/user.rb").and_return(true)
|
24
24
|
end
|
@@ -32,10 +32,6 @@ module GeneratorSpecHelpers
|
|
32
32
|
FileUtils.mkdir_p(destination)
|
33
33
|
FileUtils.cp(template_file, destination)
|
34
34
|
end
|
35
|
-
|
36
|
-
def versionize_template(template_file)
|
37
|
-
["rails5", template_file].join("/")
|
38
|
-
end
|
39
35
|
end
|
40
36
|
|
41
37
|
RSpec.configure do |config|
|
@@ -1,11 +1,13 @@
|
|
1
1
|
module RememberTokenHelpers
|
2
2
|
def request_with_remember_token(remember_token)
|
3
|
-
cookies = {
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
3
|
+
cookies = ActionDispatch::Request.new({}).cookie_jar
|
4
|
+
if Clearance.configuration.signed_cookie
|
5
|
+
cookies.signed[Clearance.configuration.cookie_name] = remember_token
|
6
|
+
else
|
7
|
+
cookies[Clearance.configuration.cookie_name] = remember_token
|
8
|
+
end
|
9
|
+
|
10
|
+
env = { clearance: Clearance::Session.new(cookies.request.env) }
|
9
11
|
Rack::Request.new env
|
10
12
|
end
|
11
13
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clearance
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dan Croak
|
@@ -22,10 +22,10 @@ authors:
|
|
22
22
|
- Jason Morrison
|
23
23
|
- Galen Frechette
|
24
24
|
- Josh Steiner
|
25
|
-
autorequire:
|
25
|
+
autorequire:
|
26
26
|
bindir: bin
|
27
27
|
cert_chain: []
|
28
|
-
date:
|
28
|
+
date: 2021-03-05 00:00:00.000000000 Z
|
29
29
|
dependencies:
|
30
30
|
- !ruby/object:Gem::Dependency
|
31
31
|
name: bcrypt
|
@@ -41,20 +41,40 @@ dependencies:
|
|
41
41
|
- - ">="
|
42
42
|
- !ruby/object:Gem::Version
|
43
43
|
version: 3.1.1
|
44
|
+
- !ruby/object:Gem::Dependency
|
45
|
+
name: argon2
|
46
|
+
requirement: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
48
|
+
- - "~>"
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: '2.0'
|
51
|
+
- - ">="
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: 2.0.2
|
54
|
+
type: :runtime
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - "~>"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '2.0'
|
61
|
+
- - ">="
|
62
|
+
- !ruby/object:Gem::Version
|
63
|
+
version: 2.0.2
|
44
64
|
- !ruby/object:Gem::Dependency
|
45
65
|
name: email_validator
|
46
66
|
requirement: !ruby/object:Gem::Requirement
|
47
67
|
requirements:
|
48
68
|
- - "~>"
|
49
69
|
- !ruby/object:Gem::Version
|
50
|
-
version: '
|
70
|
+
version: '2.0'
|
51
71
|
type: :runtime
|
52
72
|
prerelease: false
|
53
73
|
version_requirements: !ruby/object:Gem::Requirement
|
54
74
|
requirements:
|
55
75
|
- - "~>"
|
56
76
|
- !ruby/object:Gem::Version
|
57
|
-
version: '
|
77
|
+
version: '2.0'
|
58
78
|
- !ruby/object:Gem::Dependency
|
59
79
|
name: railties
|
60
80
|
requirement: !ruby/object:Gem::Requirement
|
@@ -111,7 +131,12 @@ dependencies:
|
|
111
131
|
- - ">="
|
112
132
|
- !ruby/object:Gem::Version
|
113
133
|
version: '5.0'
|
114
|
-
description:
|
134
|
+
description: |2
|
135
|
+
Clearance is built to support authentication and authorization via an
|
136
|
+
email/password sign-in mechanism in applications.
|
137
|
+
|
138
|
+
It provides some core classes commonly used for these features, along with
|
139
|
+
some opinionated defaults - but is intended to be easy to override.
|
115
140
|
email: support@thoughtbot.com
|
116
141
|
executables: []
|
117
142
|
extensions: []
|
@@ -119,8 +144,9 @@ extra_rdoc_files:
|
|
119
144
|
- LICENSE
|
120
145
|
- README.md
|
121
146
|
files:
|
147
|
+
- ".erb-lint.yml"
|
148
|
+
- ".github/workflows/tests.yml"
|
122
149
|
- ".gitignore"
|
123
|
-
- ".travis.yml"
|
124
150
|
- ".yardopts"
|
125
151
|
- Appraisals
|
126
152
|
- CONTRIBUTING.md
|
@@ -129,6 +155,7 @@ files:
|
|
129
155
|
- LICENSE
|
130
156
|
- NEWS.md
|
131
157
|
- README.md
|
158
|
+
- RELEASING.md
|
132
159
|
- Rakefile
|
133
160
|
- app/controllers/clearance/base_controller.rb
|
134
161
|
- app/controllers/clearance/passwords_controller.rb
|
@@ -137,7 +164,6 @@ files:
|
|
137
164
|
- app/mailers/clearance_mailer.rb
|
138
165
|
- app/views/clearance_mailer/change_password.html.erb
|
139
166
|
- app/views/clearance_mailer/change_password.text.erb
|
140
|
-
- app/views/layouts/application.html.erb
|
141
167
|
- app/views/passwords/create.html.erb
|
142
168
|
- app/views/passwords/edit.html.erb
|
143
169
|
- app/views/passwords/new.html.erb
|
@@ -158,6 +184,7 @@ files:
|
|
158
184
|
- gemfiles/rails_5.1.gemfile
|
159
185
|
- gemfiles/rails_5.2.gemfile
|
160
186
|
- gemfiles/rails_6.0.gemfile
|
187
|
+
- gemfiles/rails_6.1.gemfile
|
161
188
|
- lib/clearance.rb
|
162
189
|
- lib/clearance/authentication.rb
|
163
190
|
- lib/clearance/authorization.rb
|
@@ -170,6 +197,7 @@ files:
|
|
170
197
|
- lib/clearance/default_sign_in_guard.rb
|
171
198
|
- lib/clearance/engine.rb
|
172
199
|
- lib/clearance/password_strategies.rb
|
200
|
+
- lib/clearance/password_strategies/argon2.rb
|
173
201
|
- lib/clearance/password_strategies/bcrypt.rb
|
174
202
|
- lib/clearance/rack_session.rb
|
175
203
|
- lib/clearance/rspec.rb
|
@@ -205,12 +233,12 @@ files:
|
|
205
233
|
- lib/generators/clearance/views/views_generator.rb
|
206
234
|
- spec/acceptance/clearance_installation_spec.rb
|
207
235
|
- spec/app_templates/app/controllers/application_controller.rb
|
208
|
-
- spec/app_templates/app/models/rails5/user.rb
|
209
236
|
- spec/app_templates/app/models/user.rb
|
210
237
|
- spec/app_templates/config/initializers/clearance.rb
|
211
238
|
- spec/app_templates/config/routes.rb
|
212
239
|
- spec/app_templates/testapp/Gemfile
|
213
240
|
- spec/app_templates/testapp/app/controllers/home_controller.rb
|
241
|
+
- spec/app_templates/testapp/app/views/layouts/application.html.erb
|
214
242
|
- spec/app_templates/testapp/config/initializers/action_mailer.rb
|
215
243
|
- spec/app_templates/testapp/config/routes.rb
|
216
244
|
- spec/clearance/back_door_spec.rb
|
@@ -246,8 +274,10 @@ files:
|
|
246
274
|
- spec/helpers/helper_helpers_spec.rb
|
247
275
|
- spec/mailers/clearance_mailer_spec.rb
|
248
276
|
- spec/models/user_spec.rb
|
277
|
+
- spec/password_strategies/argon2_spec.rb
|
249
278
|
- spec/password_strategies/bcrypt_spec.rb
|
250
279
|
- spec/password_strategies/password_strategies_spec.rb
|
280
|
+
- spec/requests/authentication_cookie_spec.rb
|
251
281
|
- spec/requests/cookie_options_spec.rb
|
252
282
|
- spec/requests/csrf_rotation_spec.rb
|
253
283
|
- spec/requests/password_maintenance_spec.rb
|
@@ -265,7 +295,7 @@ homepage: https://github.com/thoughtbot/clearance
|
|
265
295
|
licenses:
|
266
296
|
- MIT
|
267
297
|
metadata: {}
|
268
|
-
post_install_message:
|
298
|
+
post_install_message:
|
269
299
|
rdoc_options:
|
270
300
|
- "--charset=UTF-8"
|
271
301
|
require_paths:
|
@@ -281,8 +311,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
281
311
|
- !ruby/object:Gem::Version
|
282
312
|
version: '0'
|
283
313
|
requirements: []
|
284
|
-
rubygems_version: 3.
|
285
|
-
signing_key:
|
314
|
+
rubygems_version: 3.1.2
|
315
|
+
signing_key:
|
286
316
|
specification_version: 4
|
287
317
|
summary: Rails authentication & authorization with email & password.
|
288
318
|
test_files: []
|
data/.travis.yml
DELETED
@@ -1,32 +0,0 @@
|
|
1
|
-
cache: bundler
|
2
|
-
|
3
|
-
language:
|
4
|
-
- ruby
|
5
|
-
|
6
|
-
rvm:
|
7
|
-
- 2.4.6
|
8
|
-
- 2.5.5
|
9
|
-
- 2.6.2
|
10
|
-
|
11
|
-
gemfile:
|
12
|
-
- gemfiles/rails_5.0.gemfile
|
13
|
-
- gemfiles/rails_5.1.gemfile
|
14
|
-
- gemfiles/rails_5.2.gemfile
|
15
|
-
- gemfiles/rails_6.0.gemfile
|
16
|
-
|
17
|
-
before_install:
|
18
|
-
- gem update --system
|
19
|
-
|
20
|
-
install:
|
21
|
-
- "bin/setup"
|
22
|
-
|
23
|
-
branches:
|
24
|
-
only:
|
25
|
-
- master
|
26
|
-
|
27
|
-
matrix:
|
28
|
-
exclude:
|
29
|
-
- rvm: 2.4.6
|
30
|
-
gemfile: gemfiles/rails_6.0.gemfile
|
31
|
-
|
32
|
-
sudo: false
|
@@ -1,23 +0,0 @@
|
|
1
|
-
<!DOCTYPE html>
|
2
|
-
<html>
|
3
|
-
<head>
|
4
|
-
<%= csrf_meta_tag %>
|
5
|
-
</head>
|
6
|
-
<body>
|
7
|
-
<div id="header">
|
8
|
-
<% if signed_in? -%>
|
9
|
-
<%= button_to t(".sign_out"), sign_out_path, method: :delete %>
|
10
|
-
<% else -%>
|
11
|
-
<%= link_to t(".sign_in"), sign_in_path %>
|
12
|
-
<% end -%>
|
13
|
-
</div>
|
14
|
-
|
15
|
-
<div id="flash">
|
16
|
-
<% flash.each do |key, value| -%>
|
17
|
-
<div id="flash_<%= key %>"><%=h value %></div>
|
18
|
-
<% end %>
|
19
|
-
</div>
|
20
|
-
|
21
|
-
<%= yield %>
|
22
|
-
</body>
|
23
|
-
</html>
|