clearance 2.10.0 → 2.11.0

data/spec/mailers/clearance_mailer_spec.rb

@@ -1,5 +1,7 @@
 require "spec_helper"
 
+Person = Class.new(User)
+
 describe ClearanceMailer do
   it "is from DO_NOT_REPLY" do
     user = create(:user)
@@ -59,7 +61,6 @@ describe ClearanceMailer do
   context "when using a custom model" do
     it "contains a link for a custom model" do
       define_people_routes
-      Person = Class.new(User)
       person = Person.new(email: "person@example.com", password: "password")
 
       person.forgot_password!
@@ -82,7 +83,7 @@ describe ClearanceMailer do
           resource(
             :password,
             controller: "clearance/passwords",
-            only: %i[edit update],
+            only: %i[edit update]
           )
         end
       end

data/spec/models/user_spec.rb

@@ -60,7 +60,7 @@ describe User do
         User.authenticate("bad_email@example.com", password)
       end
 
-      expect(user_does_not_exist_time). to be_within(0.01).of(user_exists_time)
+      expect(user_does_not_exist_time).to be_within(0.01).of(user_exists_time)
     end
 
     it "takes the same amount of time to fail authentication regardless of whether user exists" do
@@ -74,7 +74,7 @@ describe User do
         User.authenticate("bad_email@example.com", "bad_password")
       end
 
-      expect(user_does_not_exist_time). to be_within(0.01).of(user_exists_time)
+      expect(user_does_not_exist_time).to be_within(0.01).of(user_exists_time)
     end
 
     it "is retrieved via a case-insensitive search" do

data/spec/password_strategies/argon2_spec.rb

@@ -16,8 +16,8 @@ describe Clearance::PasswordStrategies::Argon2 do
     it "encrypts with Argon2 using default cost in non test environments" do
       hasher = stub_argon2_password
       model_instance = fake_model_with_argon2_strategy
-      allow(Rails).to receive(:env).
-        and_return(ActiveSupport::StringInquirer.new("production"))
+      allow(Rails).to receive(:env)
+        .and_return(ActiveSupport::StringInquirer.new("production"))
 
       model_instance.password = password
 
@@ -69,7 +69,7 @@ describe Clearance::PasswordStrategies::Argon2 do
 
   def fake_model_with_argon2_strategy
     @fake_model_with_argon2_strategy ||= fake_model_with_password_strategy(
-      Clearance::PasswordStrategies::Argon2,
+      Clearance::PasswordStrategies::Argon2
     )
   end
 

data/spec/password_strategies/bcrypt_spec.rb

@@ -1,7 +1,7 @@
 require "spec_helper"
-include FakeModelWithPasswordStrategy
 
 describe Clearance::PasswordStrategies::BCrypt do
+  include FakeModelWithPasswordStrategy
   describe "#password=" do
     it "encrypts the password into encrypted_password" do
       stub_bcrypt_password
@@ -15,14 +15,14 @@ describe Clearance::PasswordStrategies::BCrypt do
     it "encrypts with BCrypt using default cost in non test environments" do
       stub_bcrypt_password
       model_instance = fake_model_with_bcrypt_strategy
-      allow(Rails).to receive(:env).
-        and_return(ActiveSupport::StringInquirer.new("production"))
+      allow(Rails).to receive(:env)
+        .and_return(ActiveSupport::StringInquirer.new("production"))
 
       model_instance.password = password
 
       expect(BCrypt::Password).to have_received(:create).with(
         password,
-        cost: ::BCrypt::Engine::DEFAULT_COST,
+        cost: ::BCrypt::Engine::DEFAULT_COST
       )
     end
 

data/spec/password_strategies/password_strategies_spec.rb

@@ -1,7 +1,7 @@
 require "spec_helper"
-include FakeModelWithoutPasswordStrategy
 
 describe "Password strategy configuration" do
+  include FakeModelWithoutPasswordStrategy
   describe "when Clearance.configuration.password_strategy is set" do
     it "includes the value it is set to" do
       mock_password_strategy = Module.new

data/spec/requests/authentication_cookie_spec.rb

@@ -39,8 +39,8 @@ describe "Authentication cookies in the response" do
 
   def draw_test_routes
     Rails.application.routes.draw do
-      get "/private" => "pages#private", as: :private
-      get "/public" => "pages#public", as: :public
+      get "/private" => "pages#private", :as => :private
+      get "/public" => "pages#public", :as => :public
       resource :session, controller: "clearance/sessions", only: [:create]
     end
   end
@@ -49,7 +49,7 @@ describe "Authentication cookies in the response" do
     user = create(:user, password: "password")
 
     post session_path, params: {
-      session: { email: user.email, password: "password" },
+      session: {email: user.email, password: "password"}
     }
   end
 end

data/spec/requests/backdoor_spec.rb

@@ -12,7 +12,7 @@ describe "Backdoor Middleware" do
   it "removes the `as` param but leaves other parameters unchanged" do
     user = create(:user)
 
-    get root_path(as: user.to_param, foo: 'bar')
+    get root_path(as: user.to_param, foo: "bar")
 
     expect(response.body).to include('{"foo":"bar","controller":"application","action":"show"}')
   end

data/spec/requests/cookie_options_spec.rb

@@ -13,7 +13,7 @@ describe "Cookie options" do
         get sign_in_path
 
         post session_path, params: {
-          session: { email: user.email, password: "password" },
+          session: {email: user.email, password: "password"}
         }
       end
 
@@ -33,7 +33,7 @@ describe "Cookie options" do
         get sign_in_path
 
         post session_path, params: {
-          session: { email: user.email, password: "password" },
+          session: {email: user.email, password: "password"}
         }
       end
 

data/spec/requests/csrf_rotation_spec.rb

@@ -16,7 +16,7 @@ describe "CSRF Rotation" do
         original_token = csrf_token
 
         post session_path, params: {
-          authenticity_token: csrf_token, session: { email: user.email, password: "password" }
+          authenticity_token: csrf_token, session: {email: user.email, password: "password"}
         }
 
         expect(csrf_token).not_to eq original_token

data/spec/requests/password_maintenance_spec.rb

@@ -8,7 +8,7 @@ describe "Password maintenance" do
       put user_password_url(user), params: {
         user_id: user,
         token: user.confirmation_token,
-        password_reset: { password: "my_new_password" },
+        password_reset: {password: "my_new_password"}
       }
 
       expect(response).to redirect_to(Clearance.configuration.redirect_url)

data/spec/requests/token_expiration_spec.rb

@@ -15,7 +15,7 @@ describe "Token expiration" do
     it "should have a remember_token cookie with a future expiration" do
       expect(first_cookie.expires).to be_between(
         1.years.from_now - 1.second,
-        1.years.from_now,
+        1.years.from_now
       )
     end
   end
@@ -53,7 +53,7 @@ describe "Token expiration" do
     get sign_in_path
 
     post session_path, params: {
-      session: { email: user.email, password: "password" },
+      session: {email: user.email, password: "password"}
     }
   end
 end

data/spec/routing/clearance_routes_spec.rb

@@ -1,18 +1,18 @@
-require 'spec_helper'
+require "spec_helper"
 
-describe 'routes for Clearance' do
-  context 'routes enabled' do
-    it 'draws the default routes' do
-      expect(get: 'sign_up').to be_routable
-      expect(get: 'sign_in').to be_routable
-      expect(get: 'passwords/new').to be_routable
-      expect(post: 'session').to be_routable
-      expect(post: 'passwords').to be_routable
-      expect(post: 'users').to be_routable
+describe "routes for Clearance" do
+  context "routes enabled" do
+    it "draws the default routes" do
+      expect(get: "sign_up").to be_routable
+      expect(get: "sign_in").to be_routable
+      expect(get: "passwords/new").to be_routable
+      expect(post: "session").to be_routable
+      expect(post: "passwords").to be_routable
+      expect(post: "users").to be_routable
     end
   end
 
-  context 'routes disabled' do
+  context "routes disabled" do
     around do |example|
       Clearance.configure { |config| config.routes = false }
       Rails.application.reload_routes!
@@ -21,17 +21,17 @@ describe 'routes for Clearance' do
       Rails.application.reload_routes!
     end
 
-    it 'does not draw any routes' do
-      expect(get: 'sign_up').not_to be_routable
-      expect(get: 'sign_in').not_to be_routable
-      expect(get: 'passwords/new').not_to be_routable
-      expect(post: 'session').not_to be_routable
-      expect(post: 'passwords').not_to be_routable
-      expect(post: 'users').not_to be_routable
+    it "does not draw any routes" do
+      expect(get: "sign_up").not_to be_routable
+      expect(get: "sign_in").not_to be_routable
+      expect(get: "passwords/new").not_to be_routable
+      expect(post: "session").not_to be_routable
+      expect(post: "passwords").not_to be_routable
+      expect(post: "users").not_to be_routable
     end
   end
 
-  context 'signup disabled' do
+  context "signup disabled" do
     around do |example|
       Clearance.configure { |config| config.allow_sign_up = false }
       Rails.application.reload_routes!
@@ -40,30 +40,30 @@ describe 'routes for Clearance' do
       Rails.application.reload_routes!
     end
 
-    it 'does not route sign_up' do
-      expect(get: 'sign_up').not_to be_routable
+    it "does not route sign_up" do
+      expect(get: "sign_up").not_to be_routable
     end
 
-    it 'does not route to users#create' do
-      expect(post: 'users').not_to be_routable
+    it "does not route to users#create" do
+      expect(post: "users").not_to be_routable
     end
 
-    it 'does not route to users#new' do
-      expect(get: 'users/new').not_to be_routable
+    it "does not route to users#new" do
+      expect(get: "users/new").not_to be_routable
     end
   end
 
-  context 'signup enabled' do
-    it 'does route sign_up' do
-      expect(get: 'sign_up').to be_routable
+  context "signup enabled" do
+    it "does route sign_up" do
+      expect(get: "sign_up").to be_routable
     end
 
-    it 'does route to users#create' do
-      expect(post: 'users').to be_routable
+    it "does route to users#create" do
+      expect(post: "users").to be_routable
     end
   end
 
-  context 'password reset disabled' do
+  context "password reset disabled" do
     around do |example|
       Clearance.configure { |config| config.allow_password_reset = false }
       Rails.application.reload_routes!
@@ -72,24 +72,24 @@ describe 'routes for Clearance' do
       Rails.application.reload_routes!
     end
 
-    it 'does not route password edit' do
+    it "does not route password edit" do
       user = create(:user)
       expect(get: "users/#{user.id}/password/edit").not_to be_routable
     end
 
-    it 'does not route to clearance/passwords#update' do
+    it "does not route to clearance/passwords#update" do
       user = create(:user)
       expect(patch: "/users/#{user.id}/password").not_to be_routable
     end
   end
 
-  context 'reset enabled' do
-    it 'does route password edit' do
+  context "reset enabled" do
+    it "does route password edit" do
       user = create(:user)
       expect(get: "users/#{user.id}/password/edit").to be_routable
     end
 
-    it 'does route to clearance/passwords#update' do
+    it "does route to clearance/passwords#update" do
       user = create(:user)
       expect(patch: "/users/#{user.id}/password").to be_routable
     end

data/spec/support/clearance.rb

@@ -1,4 +1,4 @@
-require 'clearance'
+require "clearance"
 
 Clearance.configure do |config|
   # need an empty block to initialize the configuration object

data/spec/support/fake_model_without_password_strategy.rb

@@ -5,8 +5,11 @@ module FakeModelWithoutPasswordStrategy
 
       validates_with UniquenessValidator
 
-      def self.before_validation(*); end
-      def self.before_create(*); end
+      def self.before_validation(*)
+      end
+
+      def self.before_create(*)
+      end
 
       include Clearance::User
     end.new

data/spec/support/generator_spec_helpers.rb

@@ -1,5 +1,5 @@
-require "ammeter/rspec/generator/example.rb"
-require "ammeter/rspec/generator/matchers.rb"
+require "ammeter/rspec/generator/example"
+require "ammeter/rspec/generator/matchers"
 require "ammeter/init"
 
 module GeneratorSpecHelpers

data/spec/support/request_with_remember_token.rb

@@ -7,7 +7,7 @@ module RememberTokenHelpers
       cookies[Clearance.configuration.cookie_name] = remember_token
     end
 
-    env = { clearance: Clearance::Session.new(cookies.request.env) }
+    env = {clearance: Clearance::Session.new(cookies.request.env)}
     Rack::Request.new env
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.10.0
+  version: 2.11.0
 platform: ruby
 authors:
 - Dan Croak
@@ -27,7 +27,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-28 00:00:00.000000000 Z
+date: 2025-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -148,8 +148,10 @@ extra_rdoc_files:
 files:
 - ".erb_lint.yml"
 - ".github/dependabot.yml"
+- ".github/workflows/codeql.yml"
 - ".github/workflows/dynamic-readme.yml"
 - ".github/workflows/dynamic-security.yml"
+- ".github/workflows/standardrb.yml"
 - ".github/workflows/tests.yml"
 - ".gitignore"
 - ".yardopts"
@@ -323,7 +325,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.22
+rubygems_version: 3.4.19
 signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.