clearance 2.2.1 → 2.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.erb-lint.yml +5 -0
- data/.github/workflows/tests.yml +52 -0
- data/Appraisals +14 -19
- data/Gemfile +11 -7
- data/Gemfile.lock +112 -65
- data/NEWS.md +48 -0
- data/README.md +25 -14
- data/RELEASING.md +25 -0
- data/Rakefile +6 -1
- data/app/controllers/clearance/passwords_controller.rb +1 -2
- data/app/views/clearance_mailer/change_password.html.erb +2 -2
- data/app/views/clearance_mailer/change_password.text.erb +2 -2
- data/app/views/passwords/edit.html.erb +1 -1
- data/gemfiles/rails_5.0.gemfile +10 -9
- data/gemfiles/rails_5.1.gemfile +11 -10
- data/gemfiles/rails_5.2.gemfile +11 -10
- data/gemfiles/rails_6.0.gemfile +11 -10
- data/gemfiles/rails_6.1.gemfile +21 -0
- data/lib/clearance/authorization.rb +7 -1
- data/lib/clearance/back_door.rb +2 -1
- data/lib/clearance/configuration.rb +19 -0
- data/lib/clearance/password_strategies.rb +0 -4
- data/lib/clearance/rack_session.rb +1 -1
- data/lib/clearance/session.rb +24 -12
- data/lib/clearance/user.rb +1 -1
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/install_generator.rb +4 -1
- data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb.erb +5 -1
- data/spec/clearance/back_door_spec.rb +20 -4
- data/spec/clearance/rack_session_spec.rb +1 -2
- data/spec/clearance/session_spec.rb +116 -43
- data/spec/configuration_spec.rb +28 -0
- data/spec/controllers/sessions_controller_spec.rb +13 -0
- data/spec/generators/clearance/install/install_generator_spec.rb +8 -2
- data/spec/mailers/clearance_mailer_spec.rb +33 -0
- data/spec/models/user_spec.rb +2 -2
- data/spec/support/clearance.rb +11 -0
- data/spec/support/request_with_remember_token.rb +8 -6
- metadata +7 -4
- data/.travis.yml +0 -28
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d60bf1a6126821259c777a4d6c34169e0ac643d4c88f74133b13400b99c9140f
|
4
|
+
data.tar.gz: 42a4077da0d6bca303752a3ef9b224167b3510f3ea9649c3439148c6242591d5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a62015195770da36e79c06e228a9e368d20fb3c2e91c92f3bf168f5a2706bbaef4fc98c28bcde3cb5a80bf3eb16f2acc589cb7da920e151cb0060290cea5cc44
|
7
|
+
data.tar.gz: cec9f3ce0c48cadd04b43b0a5280fd34db24c532ea1f01e92b76b7acd3413220fb568f7d4e3f180b4aa80669264af0d0216da3c4806bc2d24af59276e4d50635
|
data/.erb-lint.yml
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
name: CI Tests
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: "main"
|
6
|
+
pull_request:
|
7
|
+
branches: "*"
|
8
|
+
|
9
|
+
jobs:
|
10
|
+
test:
|
11
|
+
name: "Ruby ${{ matrix.ruby }}, Rails ${{ matrix.gemfile }}"
|
12
|
+
|
13
|
+
runs-on: ubuntu-latest
|
14
|
+
|
15
|
+
strategy:
|
16
|
+
fail-fast: false
|
17
|
+
matrix:
|
18
|
+
gemfile:
|
19
|
+
- "5.0"
|
20
|
+
- "5.1"
|
21
|
+
- "5.2"
|
22
|
+
- "6.0"
|
23
|
+
- "6.1"
|
24
|
+
ruby:
|
25
|
+
- "2.4.9"
|
26
|
+
- "2.5.7"
|
27
|
+
- "2.6.5"
|
28
|
+
- "2.7.2"
|
29
|
+
exclude:
|
30
|
+
- gemfile: "6.0"
|
31
|
+
ruby: "2.4.9"
|
32
|
+
- gemfile: "6.1"
|
33
|
+
ruby: "2.4.9"
|
34
|
+
|
35
|
+
env:
|
36
|
+
BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile
|
37
|
+
RAILS_ENV: test
|
38
|
+
|
39
|
+
steps:
|
40
|
+
- uses: actions/checkout@v2
|
41
|
+
|
42
|
+
- name: "Install Ruby ${{ matrix.ruby }}"
|
43
|
+
uses: ruby/setup-ruby@v1
|
44
|
+
with:
|
45
|
+
ruby-version: ${{ matrix.ruby }}
|
46
|
+
bundler-cache: true
|
47
|
+
|
48
|
+
- name: "Reset app database"
|
49
|
+
run: bundle exec rake dummy:db:reset
|
50
|
+
|
51
|
+
- name: "Run tests"
|
52
|
+
run: bundle exec rake
|
data/Appraisals
CHANGED
@@ -1,23 +1,18 @@
|
|
1
|
-
|
2
|
-
5.0
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
1
|
+
appraise "rails_5.0" do
|
2
|
+
gem "railties", "~> 5.0"
|
3
|
+
gem 'rspec-rails', '~> 3.1'
|
4
|
+
gem 'capybara', '>= 2.6.2', '< 3.33.0'
|
5
|
+
gem 'sqlite3', '~> 1.3.13'
|
6
|
+
end
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
gem "rails-controller-testing"
|
8
|
+
appraise "rails_5.1" do
|
9
|
+
gem "railties", "~> 5.1"
|
10
|
+
end
|
12
11
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
gem 'sqlite3', '~> 1.4.0'
|
17
|
-
else
|
18
|
-
gem 'sqlite3', '~> 1.3.13'
|
19
|
-
gem 'rspec-rails', '~> 3.1'
|
20
|
-
end
|
12
|
+
appraise "rails_5.2" do
|
13
|
+
gem "railties", "~> 5.2"
|
14
|
+
end
|
21
15
|
|
22
|
-
|
16
|
+
appraise "rails_6.0" do
|
17
|
+
gem "railties", "~> 6.0"
|
23
18
|
end
|
data/Gemfile
CHANGED
@@ -2,13 +2,17 @@ source 'https://rubygems.org'
|
|
2
2
|
|
3
3
|
gemspec
|
4
4
|
|
5
|
-
gem 'addressable'
|
5
|
+
gem 'addressable'
|
6
6
|
gem 'ammeter'
|
7
7
|
gem 'appraisal'
|
8
|
-
gem 'capybara'
|
9
|
-
gem 'database_cleaner'
|
10
|
-
gem '
|
11
|
-
gem '
|
8
|
+
gem 'capybara'
|
9
|
+
gem 'database_cleaner'
|
10
|
+
gem 'erb_lint', require: false
|
11
|
+
gem 'factory_bot_rails'
|
12
|
+
gem 'nokogiri'
|
12
13
|
gem 'pry', require: false
|
13
|
-
gem '
|
14
|
-
gem '
|
14
|
+
gem 'rails-controller-testing'
|
15
|
+
gem 'rspec-rails'
|
16
|
+
gem 'shoulda-matchers'
|
17
|
+
gem 'sqlite3'
|
18
|
+
gem 'timecop'
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (2.
|
4
|
+
clearance (2.5.0)
|
5
5
|
actionmailer (>= 5.0)
|
6
6
|
activemodel (>= 5.0)
|
7
7
|
activerecord (>= 5.0)
|
@@ -13,41 +13,42 @@ PATH
|
|
13
13
|
GEM
|
14
14
|
remote: https://rubygems.org/
|
15
15
|
specs:
|
16
|
-
actionmailer (6.
|
17
|
-
actionpack (= 6.
|
18
|
-
actionview (= 6.
|
19
|
-
activejob (= 6.
|
16
|
+
actionmailer (6.1.3)
|
17
|
+
actionpack (= 6.1.3)
|
18
|
+
actionview (= 6.1.3)
|
19
|
+
activejob (= 6.1.3)
|
20
|
+
activesupport (= 6.1.3)
|
20
21
|
mail (~> 2.5, >= 2.5.4)
|
21
22
|
rails-dom-testing (~> 2.0)
|
22
|
-
actionpack (6.
|
23
|
-
actionview (= 6.
|
24
|
-
activesupport (= 6.
|
25
|
-
rack (~> 2.0, >= 2.0.
|
23
|
+
actionpack (6.1.3)
|
24
|
+
actionview (= 6.1.3)
|
25
|
+
activesupport (= 6.1.3)
|
26
|
+
rack (~> 2.0, >= 2.0.9)
|
26
27
|
rack-test (>= 0.6.3)
|
27
28
|
rails-dom-testing (~> 2.0)
|
28
29
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
29
|
-
actionview (6.
|
30
|
-
activesupport (= 6.
|
30
|
+
actionview (6.1.3)
|
31
|
+
activesupport (= 6.1.3)
|
31
32
|
builder (~> 3.1)
|
32
33
|
erubi (~> 1.4)
|
33
34
|
rails-dom-testing (~> 2.0)
|
34
35
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
35
|
-
activejob (6.
|
36
|
-
activesupport (= 6.
|
36
|
+
activejob (6.1.3)
|
37
|
+
activesupport (= 6.1.3)
|
37
38
|
globalid (>= 0.3.6)
|
38
|
-
activemodel (6.
|
39
|
-
activesupport (= 6.
|
40
|
-
activerecord (6.
|
41
|
-
activemodel (= 6.
|
42
|
-
activesupport (= 6.
|
43
|
-
activesupport (6.
|
39
|
+
activemodel (6.1.3)
|
40
|
+
activesupport (= 6.1.3)
|
41
|
+
activerecord (6.1.3)
|
42
|
+
activemodel (= 6.1.3)
|
43
|
+
activesupport (= 6.1.3)
|
44
|
+
activesupport (6.1.3)
|
44
45
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
45
|
-
i18n (>=
|
46
|
-
minitest (
|
47
|
-
tzinfo (~>
|
48
|
-
zeitwerk (~> 2.
|
49
|
-
addressable (2.
|
50
|
-
public_suffix (>= 2.0.2, <
|
46
|
+
i18n (>= 1.6, < 2)
|
47
|
+
minitest (>= 5.1)
|
48
|
+
tzinfo (~> 2.0)
|
49
|
+
zeitwerk (~> 2.3)
|
50
|
+
addressable (2.7.0)
|
51
|
+
public_suffix (>= 2.0.2, < 5.0)
|
51
52
|
ammeter (1.1.4)
|
52
53
|
activesupport (>= 3.0)
|
53
54
|
railties (>= 3.0)
|
@@ -56,10 +57,19 @@ GEM
|
|
56
57
|
bundler
|
57
58
|
rake
|
58
59
|
thor (>= 0.14.0)
|
59
|
-
argon2 (2.0.
|
60
|
-
ffi (~> 1.
|
61
|
-
ffi-compiler (
|
62
|
-
|
60
|
+
argon2 (2.0.3)
|
61
|
+
ffi (~> 1.14)
|
62
|
+
ffi-compiler (~> 1.0)
|
63
|
+
ast (2.4.2)
|
64
|
+
bcrypt (3.1.16)
|
65
|
+
better_html (1.0.16)
|
66
|
+
actionview (>= 4.0)
|
67
|
+
activesupport (>= 4.0)
|
68
|
+
ast (~> 2.0)
|
69
|
+
erubi (~> 1.4)
|
70
|
+
html_tokenizer (~> 0.0.6)
|
71
|
+
parser (>= 2.4)
|
72
|
+
smart_properties
|
63
73
|
builder (3.2.4)
|
64
74
|
capybara (3.33.0)
|
65
75
|
addressable
|
@@ -70,57 +80,76 @@ GEM
|
|
70
80
|
regexp_parser (~> 1.5)
|
71
81
|
xpath (~> 3.2)
|
72
82
|
coderay (1.1.3)
|
73
|
-
concurrent-ruby (1.1.
|
83
|
+
concurrent-ruby (1.1.8)
|
74
84
|
crass (1.0.6)
|
75
85
|
database_cleaner (1.8.5)
|
76
86
|
diff-lcs (1.4.4)
|
77
|
-
email_validator (2.
|
87
|
+
email_validator (2.2.3)
|
78
88
|
activemodel
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
89
|
+
erb_lint (0.0.34)
|
90
|
+
activesupport
|
91
|
+
better_html (~> 1.0.7)
|
92
|
+
html_tokenizer
|
93
|
+
rainbow
|
94
|
+
rubocop (~> 0.79)
|
95
|
+
smart_properties
|
96
|
+
erubi (1.10.0)
|
97
|
+
factory_bot (6.1.0)
|
98
|
+
activesupport (>= 5.0.0)
|
99
|
+
factory_bot_rails (6.1.0)
|
100
|
+
factory_bot (~> 6.1.0)
|
101
|
+
railties (>= 5.0.0)
|
102
|
+
ffi (1.15.4)
|
86
103
|
ffi-compiler (1.0.1)
|
87
104
|
ffi (>= 1.0.0)
|
88
105
|
rake
|
89
|
-
globalid (0.
|
90
|
-
activesupport (>=
|
91
|
-
|
106
|
+
globalid (0.5.2)
|
107
|
+
activesupport (>= 5.0)
|
108
|
+
html_tokenizer (0.0.7)
|
109
|
+
i18n (1.8.9)
|
92
110
|
concurrent-ruby (~> 1.0)
|
93
|
-
loofah (2.
|
111
|
+
loofah (2.9.0)
|
94
112
|
crass (~> 1.0.2)
|
95
113
|
nokogiri (>= 1.5.9)
|
96
114
|
mail (2.7.1)
|
97
115
|
mini_mime (>= 0.1.1)
|
98
116
|
method_source (1.0.0)
|
99
117
|
mini_mime (1.0.2)
|
100
|
-
mini_portile2 (2.
|
101
|
-
minitest (5.14.
|
102
|
-
nokogiri (1.
|
103
|
-
mini_portile2 (~> 2.
|
118
|
+
mini_portile2 (2.5.0)
|
119
|
+
minitest (5.14.4)
|
120
|
+
nokogiri (1.11.1)
|
121
|
+
mini_portile2 (~> 2.5.0)
|
122
|
+
racc (~> 1.4)
|
123
|
+
parallel (1.19.2)
|
124
|
+
parser (3.0.0.0)
|
125
|
+
ast (~> 2.4.1)
|
104
126
|
pry (0.13.1)
|
105
127
|
coderay (~> 1.1)
|
106
128
|
method_source (~> 1.0)
|
107
|
-
public_suffix (
|
129
|
+
public_suffix (4.0.5)
|
130
|
+
racc (1.5.2)
|
108
131
|
rack (2.2.3)
|
109
132
|
rack-test (1.1.0)
|
110
133
|
rack (>= 1.0, < 3)
|
134
|
+
rails-controller-testing (1.0.5)
|
135
|
+
actionpack (>= 5.0.1.rc1)
|
136
|
+
actionview (>= 5.0.1.rc1)
|
137
|
+
activesupport (>= 5.0.1.rc1)
|
111
138
|
rails-dom-testing (2.0.3)
|
112
139
|
activesupport (>= 4.2.0)
|
113
140
|
nokogiri (>= 1.6)
|
114
141
|
rails-html-sanitizer (1.3.0)
|
115
142
|
loofah (~> 2.3)
|
116
|
-
railties (6.
|
117
|
-
actionpack (= 6.
|
118
|
-
activesupport (= 6.
|
143
|
+
railties (6.1.3)
|
144
|
+
actionpack (= 6.1.3)
|
145
|
+
activesupport (= 6.1.3)
|
119
146
|
method_source
|
120
147
|
rake (>= 0.8.7)
|
121
|
-
thor (
|
122
|
-
|
148
|
+
thor (~> 1.0)
|
149
|
+
rainbow (3.0.0)
|
150
|
+
rake (13.0.3)
|
123
151
|
regexp_parser (1.7.1)
|
152
|
+
rexml (3.2.5)
|
124
153
|
rspec-core (3.9.2)
|
125
154
|
rspec-support (~> 3.9.3)
|
126
155
|
rspec-expectations (3.9.2)
|
@@ -138,32 +167,50 @@ GEM
|
|
138
167
|
rspec-mocks (~> 3.9)
|
139
168
|
rspec-support (~> 3.9)
|
140
169
|
rspec-support (3.9.3)
|
170
|
+
rubocop (0.88.0)
|
171
|
+
parallel (~> 1.10)
|
172
|
+
parser (>= 2.7.1.1)
|
173
|
+
rainbow (>= 2.2.2, < 4.0)
|
174
|
+
regexp_parser (>= 1.7)
|
175
|
+
rexml
|
176
|
+
rubocop-ast (>= 0.1.0, < 1.0)
|
177
|
+
ruby-progressbar (~> 1.7)
|
178
|
+
unicode-display_width (>= 1.4.0, < 2.0)
|
179
|
+
rubocop-ast (0.3.0)
|
180
|
+
parser (>= 2.7.1.4)
|
181
|
+
ruby-progressbar (1.10.1)
|
141
182
|
shoulda-matchers (4.3.0)
|
142
183
|
activesupport (>= 4.2.0)
|
143
|
-
|
144
|
-
|
184
|
+
smart_properties (1.15.0)
|
185
|
+
sqlite3 (1.4.2)
|
186
|
+
thor (1.1.0)
|
145
187
|
timecop (0.9.1)
|
146
|
-
tzinfo (
|
147
|
-
|
188
|
+
tzinfo (2.0.4)
|
189
|
+
concurrent-ruby (~> 1.0)
|
190
|
+
unicode-display_width (1.7.0)
|
148
191
|
xpath (3.2.0)
|
149
192
|
nokogiri (~> 1.8)
|
150
|
-
zeitwerk (2.
|
193
|
+
zeitwerk (2.4.2)
|
151
194
|
|
152
195
|
PLATFORMS
|
153
196
|
ruby
|
154
197
|
|
155
198
|
DEPENDENCIES
|
156
|
-
addressable
|
199
|
+
addressable
|
157
200
|
ammeter
|
158
201
|
appraisal
|
159
|
-
capybara
|
202
|
+
capybara
|
160
203
|
clearance!
|
161
|
-
database_cleaner
|
162
|
-
|
163
|
-
|
204
|
+
database_cleaner
|
205
|
+
erb_lint
|
206
|
+
factory_bot_rails
|
207
|
+
nokogiri
|
164
208
|
pry
|
165
|
-
|
166
|
-
|
209
|
+
rails-controller-testing
|
210
|
+
rspec-rails
|
211
|
+
shoulda-matchers
|
212
|
+
sqlite3
|
213
|
+
timecop
|
167
214
|
|
168
215
|
BUNDLED WITH
|
169
|
-
2.1.
|
216
|
+
2.1.4
|
data/NEWS.md
CHANGED
@@ -3,6 +3,54 @@
|
|
3
3
|
The noteworthy changes for each Clearance version are included here. For a
|
4
4
|
complete changelog, see the git history for each version via the version links.
|
5
5
|
|
6
|
+
## [2.5.0] - September 10, 2021
|
7
|
+
|
8
|
+
### Fixed
|
9
|
+
|
10
|
+
- Fix open redirect vulnerability
|
11
|
+
|
12
|
+
### Changed
|
13
|
+
|
14
|
+
- Rename default branch to `main`
|
15
|
+
|
16
|
+
[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
|
17
|
+
|
18
|
+
## [2.4.0] - March 5, 2021
|
19
|
+
|
20
|
+
### Added
|
21
|
+
|
22
|
+
- Optionally use signed cookies to prevent remember token timing attacks
|
23
|
+
|
24
|
+
[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
|
25
|
+
|
26
|
+
## [2.3.1] - March 5, 2021
|
27
|
+
|
28
|
+
### Fixed
|
29
|
+
|
30
|
+
- Support for accessing Rails 6.x primary_key_type in generator.
|
31
|
+
- Fix password reset URLs when using a custom model
|
32
|
+
- Fix flaky test that relied on too specific time delta
|
33
|
+
- Revert case sensitivity for email uniqueness
|
34
|
+
- Bump nokogiri and actionview dependencies to address security vulnerabilities
|
35
|
+
|
36
|
+
[2.3.1]: https://github.com/thoughtbot/clearance/compare/v2.3.0...v2.3.1
|
37
|
+
|
38
|
+
## [2.3.0] - August 14, 2020
|
39
|
+
|
40
|
+
### Fixed
|
41
|
+
|
42
|
+
- Delete cookie correctly when a callable object is set as the custom domain
|
43
|
+
setting.
|
44
|
+
- Strip `as` parameter when signing in through the back door.
|
45
|
+
- Remove broken autoload for deprecated password strategies.
|
46
|
+
|
47
|
+
### Changed
|
48
|
+
|
49
|
+
- Deliver password reset email inline rather than in the background.
|
50
|
+
- Remove unnecessary unsafe interpolation in erb templates.
|
51
|
+
|
52
|
+
[2.3.0]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.3.0
|
53
|
+
|
6
54
|
## [2.2.1] - August 7, 2020
|
7
55
|
|
8
56
|
### Fixed
|