clearance 2.1.0 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a955d1866bf1879846034e89ca4f5a85cdf4602e67667e1ba93fae12ec5c832e
-  data.tar.gz: 3e2c19f661f4910f0bf6c31a12dfae58b44c4a49283750e07ae28eb33ced6d17
+  metadata.gz: bf42dbdfbd60820a6690813fef30b305ffa76ca93852ad6183ce499d1fa51413
+  data.tar.gz: 9832b513dcc54672a809b326334d0967266113027d35f4a57add919a7f222201
 SHA512:
-  metadata.gz: c8a2870d5567ae747cccbeda37a88fc6f31d5fca6cac57d2d2cbdb7016e22112f413c19a73b8f0edeb390b01ee04efe8da4633b69a2bd629bbfdfd2b6dbbbe5d
-  data.tar.gz: ed611c62911b8ac335ae12fd6af9e4eeaa36b6541451ec2322b29a07820b6eb6d2ce3232262cc75d69697e2530e93746ee0089911e9b7ff39ee9ef64961fbe15
+  metadata.gz: 6a4921201ae474f99af273a1cf524e63a76e868b4470bcf8972ea4ed368bfdd62ae7597c8a8d9b9bffe08803b62d2725fa49737b6b66319eb8b877719bf26d45
+  data.tar.gz: 9f38b6e9870112874cabe5c4402bd22984d90713d2ac2b18b157893ba7787777783452528948877e5bcf3bfe5549abce78f8e0f85877f1661a1ea11adb66248f

data/.erb-lint.yml

@@ -0,0 +1,5 @@
+---
+EnableDefaultLinters: true
+linters:
+  ErbSafety:
+    enabled: true

data/.github/workflows/tests.yml

@@ -0,0 +1,52 @@
+name: CI Tests
+
+on:
+  push:
+    branches: "master"
+  pull_request:
+    branches: "*"
+
+jobs:
+  test:
+    name: "Ruby ${{ matrix.ruby }}, Rails ${{ matrix.gemfile }}"
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        gemfile:
+          - "5.0"
+          - "5.1"
+          - "5.2"
+          - "6.0"
+          - "6.1"
+        ruby:
+          - "2.4.9"
+          - "2.5.7"
+          - "2.6.5"
+          - "2.7.2"
+        exclude:
+          - gemfile: "6.0"
+            ruby: "2.4.9"
+          - gemfile: "6.1"
+            ruby: "2.4.9"
+
+    env:
+      BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile
+      RAILS_ENV: test
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: "Install Ruby ${{ matrix.ruby  }}"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: "Reset app database"
+        run: bundle exec rake dummy:db:reset
+
+      - name: "Run tests"
+        run: bundle exec rake

data/Appraisals

@@ -1,23 +1,18 @@
-rails_versions = %w(
-  5.0
-  5.1
-  5.2
-  6.0
-)
+appraise "rails_5.0" do
+  gem "railties", "~> 5.0"
+  gem 'rspec-rails', '~> 3.1'
+  gem 'capybara', '>= 2.6.2', '< 3.33.0'
+  gem 'sqlite3', '~> 1.3.13'
+end
 
-rails_versions.each do |version|
-  appraise "rails_#{version}" do
-    gem "railties", "~> #{version}.0"
-    gem "rails-controller-testing"
+appraise "rails_5.1" do
+  gem "railties", "~> 5.1"
+end
 
-    if Gem::Version.new(version) >= Gem::Version.new("6.0")
-      # TODO - Switch to 4.0 gem once release is made
-      gem 'rspec-rails', '~> 4.0.0.beta3'
-      gem 'sqlite3', '~> 1.4.0'
-    else
-      gem 'sqlite3', '~> 1.3.13'
-      gem 'rspec-rails', '~> 3.1'
-    end
+appraise "rails_5.2" do
+  gem "railties", "~> 5.2"
+end
 
-  end
+appraise "rails_6.0" do
+  gem "railties", "~> 6.0"
 end

data/Gemfile

@@ -2,13 +2,17 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem 'addressable', '~> 2.6.0'
+gem 'addressable'
 gem 'ammeter'
 gem 'appraisal'
-gem 'capybara', '>= 2.6.2'
-gem 'database_cleaner', '~> 1.0'
-gem 'factory_bot_rails', '~> 5.0'
-gem 'nokogiri', '~> 1.10.0'
+gem 'capybara'
+gem 'database_cleaner'
+gem 'erb_lint', require: false
+gem 'factory_bot_rails'
+gem 'nokogiri'
 gem 'pry', require: false
-gem 'shoulda-matchers', '~> 4.1'
-gem 'timecop', '~> 0.6'
+gem 'rails-controller-testing'
+gem 'rspec-rails'
+gem 'shoulda-matchers'
+gem 'sqlite3'
+gem 'timecop'

data/Gemfile.lock

@@ -1,10 +1,11 @@
 PATH
   remote: .
   specs:
-    clearance (2.1.0)
+    clearance (2.4.0)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
+      argon2 (~> 2.0, >= 2.0.2)
       bcrypt (>= 3.1.1)
       email_validator (~> 2.0)
       railties (>= 5.0)
@@ -12,52 +13,65 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      actionview (= 6.0.2.1)
-      activejob (= 6.0.2.1)
+    actionmailer (6.1.3)
+      actionpack (= 6.1.3)
+      actionview (= 6.1.3)
+      activejob (= 6.1.3)
+      activesupport (= 6.1.3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.2.1)
-      actionview (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-      rack (~> 2.0, >= 2.0.8)
+    actionpack (6.1.3)
+      actionview (= 6.1.3)
+      activesupport (= 6.1.3)
+      rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.0.2.1)
-      activesupport (= 6.0.2.1)
+    actionview (6.1.3)
+      activesupport (= 6.1.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.2.1)
-      activesupport (= 6.0.2.1)
+    activejob (6.1.3)
+      activesupport (= 6.1.3)
       globalid (>= 0.3.6)
-    activemodel (6.0.2.1)
-      activesupport (= 6.0.2.1)
-    activerecord (6.0.2.1)
-      activemodel (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-    activesupport (6.0.2.1)
+    activemodel (6.1.3)
+      activesupport (= 6.1.3)
+    activerecord (6.1.3)
+      activemodel (= 6.1.3)
+      activesupport (= 6.1.3)
+    activesupport (6.1.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
     ammeter (1.1.4)
       activesupport (>= 3.0)
       railties (>= 3.0)
       rspec-rails (>= 2.2)
-    appraisal (2.2.0)
+    appraisal (2.3.0)
       bundler
       rake
       thor (>= 0.14.0)
-    bcrypt (3.1.13)
+    argon2 (2.0.3)
+      ffi (~> 1.14)
+      ffi-compiler (~> 1.0)
+    ast (2.4.2)
+    bcrypt (3.1.16)
+    better_html (1.0.16)
+      actionview (>= 4.0)
+      activesupport (>= 4.0)
+      ast (~> 2.0)
+      erubi (~> 1.4)
+      html_tokenizer (~> 0.0.6)
+      parser (>= 2.4)
+      smart_properties
     builder (3.2.4)
-    capybara (3.29.0)
+    capybara (3.33.0)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
@@ -65,97 +79,138 @@ GEM
       rack-test (>= 0.6.3)
       regexp_parser (~> 1.5)
       xpath (~> 3.2)
-    coderay (1.1.2)
-    concurrent-ruby (1.1.5)
-    crass (1.0.5)
-    database_cleaner (1.7.0)
-    diff-lcs (1.3)
-    email_validator (2.0.1)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.8)
+    crass (1.0.6)
+    database_cleaner (1.8.5)
+    diff-lcs (1.4.4)
+    email_validator (2.2.2)
       activemodel
-    erubi (1.9.0)
-    factory_bot (5.1.1)
-      activesupport (>= 4.2.0)
-    factory_bot_rails (5.1.1)
-      factory_bot (~> 5.1.0)
-      railties (>= 4.2.0)
+    erb_lint (0.0.34)
+      activesupport
+      better_html (~> 1.0.7)
+      html_tokenizer
+      rainbow
+      rubocop (~> 0.79)
+      smart_properties
+    erubi (1.10.0)
+    factory_bot (6.1.0)
+      activesupport (>= 5.0.0)
+    factory_bot_rails (6.1.0)
+      factory_bot (~> 6.1.0)
+      railties (>= 5.0.0)
+    ffi (1.14.2)
+    ffi-compiler (1.0.1)
+      ffi (>= 1.0.0)
+      rake
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    i18n (1.7.0)
+    html_tokenizer (0.0.7)
+    i18n (1.8.9)
       concurrent-ruby (~> 1.0)
-    loofah (2.4.0)
+    loofah (2.9.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    method_source (0.9.2)
+    method_source (1.0.0)
     mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.13.0)
-    nokogiri (1.10.7)
-      mini_portile2 (~> 2.4.0)
-    pry (0.12.2)
-      coderay (~> 1.1.0)
-      method_source (~> 0.9.0)
-    public_suffix (3.1.1)
-    rack (2.0.8)
+    mini_portile2 (2.5.0)
+    minitest (5.14.4)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
+    parallel (1.19.2)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
+    pry (0.13.1)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (4.0.5)
+    racc (1.5.2)
+    rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
+    rails-controller-testing (1.0.5)
+      actionpack (>= 5.0.1.rc1)
+      actionview (>= 5.0.1.rc1)
+      activesupport (>= 5.0.1.rc1)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
+    railties (6.1.3)
+      actionpack (= 6.1.3)
+      activesupport (= 6.1.3)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.20.3, < 2.0)
-    rake (13.0.1)
-    regexp_parser (1.6.0)
-    rspec-core (3.9.0)
-      rspec-support (~> 3.9.0)
-    rspec-expectations (3.9.0)
+      thor (~> 1.0)
+    rainbow (3.0.0)
+    rake (13.0.3)
+    regexp_parser (1.7.1)
+    rexml (3.2.4)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.0)
+    rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
-    rspec-rails (3.9.0)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      railties (>= 3.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-      rspec-support (~> 3.9.0)
-    rspec-support (3.9.0)
-    shoulda-matchers (4.1.2)
+    rspec-rails (4.0.1)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.9)
+      rspec-expectations (~> 3.9)
+      rspec-mocks (~> 3.9)
+      rspec-support (~> 3.9)
+    rspec-support (3.9.3)
+    rubocop (0.88.0)
+      parallel (~> 1.10)
+      parser (>= 2.7.1.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
+      rexml
+      rubocop-ast (>= 0.1.0, < 1.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.3.0)
+      parser (>= 2.7.1.4)
+    ruby-progressbar (1.10.1)
+    shoulda-matchers (4.3.0)
       activesupport (>= 4.2.0)
-    thor (1.0.1)
-    thread_safe (0.3.6)
+    smart_properties (1.15.0)
+    sqlite3 (1.4.2)
+    thor (1.1.0)
     timecop (0.9.1)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (1.7.0)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.2.2)
+    zeitwerk (2.4.2)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  addressable (~> 2.6.0)
+  addressable
   ammeter
   appraisal
-  capybara (>= 2.6.2)
+  capybara
   clearance!
-  database_cleaner (~> 1.0)
-  factory_bot_rails (~> 5.0)
-  nokogiri (~> 1.10.0)
+  database_cleaner
+  erb_lint
+  factory_bot_rails
+  nokogiri
   pry
-  shoulda-matchers (~> 4.1)
-  timecop (~> 0.6)
+  rails-controller-testing
+  rspec-rails
+  shoulda-matchers
+  sqlite3
+  timecop
 
 BUNDLED WITH
-   1.17.3
+   2.1.4

data/NEWS.md

@@ -3,6 +3,68 @@
 The noteworthy changes for each Clearance version are included here. For a
 complete changelog, see the git history for each version via the version links.
 
+## [2.4.0] - March 5, 2021
+
+### Added
+
+- Optionally use signed cookies to prevent remember token timing attacks
+
+[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
+
+## [2.3.1] - March 5, 2021
+
+### Fixed
+
+- Support for accessing Rails 6.x primary_key_type in generator.
+- Fix password reset URLs when using a custom model
+- Fix flaky test that relied on too specific time delta
+- Revert case sensitivity for email uniqueness
+- Bump nokogiri and actionview dependencies to address security vulnerabilities
+
+[2.3.1]: https://github.com/thoughtbot/clearance/compare/v2.3.0...v2.3.1
+
+## [2.3.0] - August 14, 2020
+
+### Fixed
+
+- Delete cookie correctly when a callable object is set as the custom domain
+  setting.
+- Strip `as` parameter when signing in through the back door.
+- Remove broken autoload for deprecated password strategies.
+
+### Changed
+
+- Deliver password reset email inline rather than in the background.
+- Remove unnecessary unsafe interpolation in erb templates.
+
+[2.3.0]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.3.0
+
+## [2.2.1] - August 7, 2020
+
+### Fixed
+
+- Prevent user enumeration by timing attacks. Trying to log in with an
+  unrecognized email address will now take the same amount of time as for a user
+  that does exist in the system.
+
+[2.2.1]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.2.1
+
+## [2.2.0] - July 9, 2020
+
+### Added
+
+- Add an Argon2 password strategy
+
+### Fixed
+
+- Use strings instead of classes on guard classes, avoids Rails deprecation
+  warning.
+- Use `find_by` style for finders, improves neo4j support
+- Provide explicit case sensitivity option for email uniqueness, avoid Rails
+  deprecation warning.
+
+[2.2.0]: https://github.com/thoughtbot/clearance/compare/v2.1.0...v2.2.0
+
 ## [2.1.0] - December 19, 2019
 
 ### Added