clearance 2.0.0 → 2.3.1

data/spec/support/clearance.rb

@@ -4,6 +4,17 @@ Clearance.configure do |config|
   # need an empty block to initialize the configuration object
 end
 
+# NOTE: to run the entire suite with signed cookies
+#       you can set the signed_cookie default to true
+#       and run all specs.
+#       However, to fake the actual signing process you
+#       can monkey-patch ActionDispatch so signed cookies
+#       behave like normal ones
+#
+# class ActionDispatch::Cookies::CookieJar
+#   def signed; self; end
+# end
+
 module Clearance
   module Test
     module Redirects

data/spec/support/generator_spec_helpers.rb

@@ -18,7 +18,7 @@ module GeneratorSpecHelpers
   end
 
   def provide_existing_user_class
-    copy_to_generator_root("app/models", versionize_template("user.rb"))
+    copy_to_generator_root("app/models", "user.rb")
     allow(File).to receive(:exist?).and_call_original
     allow(File).to receive(:exist?).with("app/models/user.rb").and_return(true)
   end
@@ -32,10 +32,6 @@ module GeneratorSpecHelpers
     FileUtils.mkdir_p(destination)
     FileUtils.cp(template_file, destination)
   end
-
-  def versionize_template(template_file)
-    ["rails5", template_file].join("/")
-  end
 end
 
 RSpec.configure do |config|

data/spec/support/request_with_remember_token.rb

@@ -1,11 +1,13 @@
 module RememberTokenHelpers
   def request_with_remember_token(remember_token)
-    cookies = {
-      'action_dispatch.cookies' => {
-        Clearance.configuration.cookie_name => remember_token
-      }
-    }
-    env = { clearance: Clearance::Session.new(cookies) }
+    cookies = ActionDispatch::Request.new({}).cookie_jar
+    if Clearance.configuration.signed_cookie
+      cookies.signed[Clearance.configuration.cookie_name] = remember_token
+    else
+      cookies[Clearance.configuration.cookie_name] = remember_token
+    end
+
+    env = { clearance: Clearance::Session.new(cookies.request.env) }
     Rack::Request.new env
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.3.1
 platform: ruby
 authors:
 - Dan Croak
@@ -22,10 +22,10 @@ authors:
 - Jason Morrison
 - Galen Frechette
 - Josh Steiner
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-12 00:00:00.000000000 Z
+date: 2021-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -41,20 +41,40 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.1.1
+- !ruby/object:Gem::Dependency
+  name: argon2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.2
 - !ruby/object:Gem::Dependency
   name: email_validator
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -111,7 +131,12 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '5.0'
-description: Rails authentication & authorization with email & password.
+description: |2
+      Clearance is built to support authentication and authorization via an
+      email/password sign-in mechanism in applications.
+
+      It provides some core classes commonly used for these features, along with
+      some opinionated defaults - but is intended to be easy to override.
 email: support@thoughtbot.com
 executables: []
 extensions: []
@@ -119,8 +144,9 @@ extra_rdoc_files:
 - LICENSE
 - README.md
 files:
+- ".erb-lint.yml"
+- ".github/workflows/tests.yml"
 - ".gitignore"
-- ".travis.yml"
 - ".yardopts"
 - Appraisals
 - CONTRIBUTING.md
@@ -129,6 +155,7 @@ files:
 - LICENSE
 - NEWS.md
 - README.md
+- RELEASING.md
 - Rakefile
 - app/controllers/clearance/base_controller.rb
 - app/controllers/clearance/passwords_controller.rb
@@ -137,7 +164,6 @@ files:
 - app/mailers/clearance_mailer.rb
 - app/views/clearance_mailer/change_password.html.erb
 - app/views/clearance_mailer/change_password.text.erb
-- app/views/layouts/application.html.erb
 - app/views/passwords/create.html.erb
 - app/views/passwords/edit.html.erb
 - app/views/passwords/new.html.erb
@@ -158,6 +184,7 @@ files:
 - gemfiles/rails_5.1.gemfile
 - gemfiles/rails_5.2.gemfile
 - gemfiles/rails_6.0.gemfile
+- gemfiles/rails_6.1.gemfile
 - lib/clearance.rb
 - lib/clearance/authentication.rb
 - lib/clearance/authorization.rb
@@ -170,6 +197,7 @@ files:
 - lib/clearance/default_sign_in_guard.rb
 - lib/clearance/engine.rb
 - lib/clearance/password_strategies.rb
+- lib/clearance/password_strategies/argon2.rb
 - lib/clearance/password_strategies/bcrypt.rb
 - lib/clearance/rack_session.rb
 - lib/clearance/rspec.rb
@@ -205,12 +233,12 @@ files:
 - lib/generators/clearance/views/views_generator.rb
 - spec/acceptance/clearance_installation_spec.rb
 - spec/app_templates/app/controllers/application_controller.rb
-- spec/app_templates/app/models/rails5/user.rb
 - spec/app_templates/app/models/user.rb
 - spec/app_templates/config/initializers/clearance.rb
 - spec/app_templates/config/routes.rb
 - spec/app_templates/testapp/Gemfile
 - spec/app_templates/testapp/app/controllers/home_controller.rb
+- spec/app_templates/testapp/app/views/layouts/application.html.erb
 - spec/app_templates/testapp/config/initializers/action_mailer.rb
 - spec/app_templates/testapp/config/routes.rb
 - spec/clearance/back_door_spec.rb
@@ -246,8 +274,10 @@ files:
 - spec/helpers/helper_helpers_spec.rb
 - spec/mailers/clearance_mailer_spec.rb
 - spec/models/user_spec.rb
+- spec/password_strategies/argon2_spec.rb
 - spec/password_strategies/bcrypt_spec.rb
 - spec/password_strategies/password_strategies_spec.rb
+- spec/requests/authentication_cookie_spec.rb
 - spec/requests/cookie_options_spec.rb
 - spec/requests/csrf_rotation_spec.rb
 - spec/requests/password_maintenance_spec.rb
@@ -265,7 +295,7 @@ homepage: https://github.com/thoughtbot/clearance
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--charset=UTF-8"
 require_paths:
@@ -281,8 +311,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.
 test_files: []

data/.travis.yml

@@ -1,32 +0,0 @@
-cache: bundler
-
-language:
-  - ruby
-
-rvm:
-  - 2.4.6
-  - 2.5.5
-  - 2.6.2
-
-gemfile:
-  - gemfiles/rails_5.0.gemfile
-  - gemfiles/rails_5.1.gemfile
-  - gemfiles/rails_5.2.gemfile
-  - gemfiles/rails_6.0.gemfile
-
-before_install:
-  - gem update --system
-
-install:
-  - "bin/setup"
-
-branches:
-  only:
-    - master
-
-matrix:
-  exclude:
-    - rvm: 2.4.6
-      gemfile: gemfiles/rails_6.0.gemfile
-
-sudo: false

data/app/views/layouts/application.html.erb

@@ -1,23 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <%= csrf_meta_tag %>
-</head>
-<body>
-  <div id="header">
-    <% if signed_in? -%>
-      <%= button_to t(".sign_out"), sign_out_path, method: :delete %>
-    <% else -%>
-      <%= link_to t(".sign_in"), sign_in_path %>
-    <% end -%>
-  </div>
-
-  <div id="flash">
-    <% flash.each do |key, value| -%>
-      <div id="flash_<%= key %>"><%=h value %></div>
-    <% end %>
-  </div>
-
-  <%= yield %>
-</body>
-</html>

data/spec/app_templates/app/models/rails5/user.rb

@@ -1,5 +0,0 @@
-class User < ApplicationRecord
-  def previously_existed?
-    true
-  end
-end