clearance 2.2.1 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 54c7e8cc7022fa2b109ce9834c1b27752a4b84b4acbe2f65728ecc66119ad8a1
-  data.tar.gz: d7ee7f5c36b5feeb71799e791c283ca9644984cd5eb0cdcbefdd3882f9c726ba
+  metadata.gz: d60bf1a6126821259c777a4d6c34169e0ac643d4c88f74133b13400b99c9140f
+  data.tar.gz: 42a4077da0d6bca303752a3ef9b224167b3510f3ea9649c3439148c6242591d5
 SHA512:
-  metadata.gz: 754bdef335e4cfdc4239cf96f923847ee4330053eae153a69e19be7fa91d96641e1b8465d223d2c88858758c14eab9485147a95dbe792bed23a690b54e07cbd1
-  data.tar.gz: eb2c85479b87c42ee2f5e1824a07b55b8a72104fd690d01262182257bedfec12d33ade009acd9b01320a9ca1d26a1a8b5a511585a5e45f607a695cac23d5fd9f
+  metadata.gz: a62015195770da36e79c06e228a9e368d20fb3c2e91c92f3bf168f5a2706bbaef4fc98c28bcde3cb5a80bf3eb16f2acc589cb7da920e151cb0060290cea5cc44
+  data.tar.gz: cec9f3ce0c48cadd04b43b0a5280fd34db24c532ea1f01e92b76b7acd3413220fb568f7d4e3f180b4aa80669264af0d0216da3c4806bc2d24af59276e4d50635

data/.erb-lint.yml

@@ -0,0 +1,5 @@
+---
+EnableDefaultLinters: true
+linters:
+  ErbSafety:
+    enabled: true

data/.github/workflows/tests.yml

@@ -0,0 +1,52 @@
+name: CI Tests
+
+on:
+  push:
+    branches: "main"
+  pull_request:
+    branches: "*"
+
+jobs:
+  test:
+    name: "Ruby ${{ matrix.ruby }}, Rails ${{ matrix.gemfile }}"
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        gemfile:
+          - "5.0"
+          - "5.1"
+          - "5.2"
+          - "6.0"
+          - "6.1"
+        ruby:
+          - "2.4.9"
+          - "2.5.7"
+          - "2.6.5"
+          - "2.7.2"
+        exclude:
+          - gemfile: "6.0"
+            ruby: "2.4.9"
+          - gemfile: "6.1"
+            ruby: "2.4.9"
+
+    env:
+      BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile
+      RAILS_ENV: test
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: "Install Ruby ${{ matrix.ruby  }}"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: "Reset app database"
+        run: bundle exec rake dummy:db:reset
+
+      - name: "Run tests"
+        run: bundle exec rake

data/Appraisals

@@ -1,23 +1,18 @@
-rails_versions = %w(
-  5.0
-  5.1
-  5.2
-  6.0
-)
+appraise "rails_5.0" do
+  gem "railties", "~> 5.0"
+  gem 'rspec-rails', '~> 3.1'
+  gem 'capybara', '>= 2.6.2', '< 3.33.0'
+  gem 'sqlite3', '~> 1.3.13'
+end
 
-rails_versions.each do |version|
-  appraise "rails_#{version}" do
-    gem "railties", "~> #{version}.0"
-    gem "rails-controller-testing"
+appraise "rails_5.1" do
+  gem "railties", "~> 5.1"
+end
 
-    if Gem::Version.new(version) >= Gem::Version.new("6.0")
-      # TODO - Switch to 4.0 gem once release is made
-      gem 'rspec-rails', '~> 4.0.0.beta3'
-      gem 'sqlite3', '~> 1.4.0'
-    else
-      gem 'sqlite3', '~> 1.3.13'
-      gem 'rspec-rails', '~> 3.1'
-    end
+appraise "rails_5.2" do
+  gem "railties", "~> 5.2"
+end
 
-  end
+appraise "rails_6.0" do
+  gem "railties", "~> 6.0"
 end

data/Gemfile

@@ -2,13 +2,17 @@ source 'https://rubygems.org'
 
 gemspec
 
-gem 'addressable', '~> 2.6.0'
+gem 'addressable'
 gem 'ammeter'
 gem 'appraisal'
-gem 'capybara', '>= 2.6.2'
-gem 'database_cleaner', '~> 1.0'
-gem 'factory_bot_rails', '~> 5.0'
-gem 'nokogiri', '~> 1.10.0'
+gem 'capybara'
+gem 'database_cleaner'
+gem 'erb_lint', require: false
+gem 'factory_bot_rails'
+gem 'nokogiri'
 gem 'pry', require: false
-gem 'shoulda-matchers', '~> 4.1'
-gem 'timecop', '~> 0.6'
+gem 'rails-controller-testing'
+gem 'rspec-rails'
+gem 'shoulda-matchers'
+gem 'sqlite3'
+gem 'timecop'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.2.1)
+    clearance (2.5.0)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -13,41 +13,42 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (6.0.3.2)
-      actionpack (= 6.0.3.2)
-      actionview (= 6.0.3.2)
-      activejob (= 6.0.3.2)
+    actionmailer (6.1.3)
+      actionpack (= 6.1.3)
+      actionview (= 6.1.3)
+      activejob (= 6.1.3)
+      activesupport (= 6.1.3)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.2)
-      actionview (= 6.0.3.2)
-      activesupport (= 6.0.3.2)
-      rack (~> 2.0, >= 2.0.8)
+    actionpack (6.1.3)
+      actionview (= 6.1.3)
+      activesupport (= 6.1.3)
+      rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.0.3.2)
-      activesupport (= 6.0.3.2)
+    actionview (6.1.3)
+      activesupport (= 6.1.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.2)
-      activesupport (= 6.0.3.2)
+    activejob (6.1.3)
+      activesupport (= 6.1.3)
       globalid (>= 0.3.6)
-    activemodel (6.0.3.2)
-      activesupport (= 6.0.3.2)
-    activerecord (6.0.3.2)
-      activemodel (= 6.0.3.2)
-      activesupport (= 6.0.3.2)
-    activesupport (6.0.3.2)
+    activemodel (6.1.3)
+      activesupport (= 6.1.3)
+    activerecord (6.1.3)
+      activemodel (= 6.1.3)
+      activesupport (= 6.1.3)
+    activesupport (6.1.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2, >= 2.2.2)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
     ammeter (1.1.4)
       activesupport (>= 3.0)
       railties (>= 3.0)
@@ -56,10 +57,19 @@ GEM
       bundler
       rake
       thor (>= 0.14.0)
-    argon2 (2.0.2)
-      ffi (~> 1.9)
-      ffi-compiler (>= 0.1)
-    bcrypt (3.1.13)
+    argon2 (2.0.3)
+      ffi (~> 1.14)
+      ffi-compiler (~> 1.0)
+    ast (2.4.2)
+    bcrypt (3.1.16)
+    better_html (1.0.16)
+      actionview (>= 4.0)
+      activesupport (>= 4.0)
+      ast (~> 2.0)
+      erubi (~> 1.4)
+      html_tokenizer (~> 0.0.6)
+      parser (>= 2.4)
+      smart_properties
     builder (3.2.4)
     capybara (3.33.0)
       addressable
@@ -70,57 +80,76 @@ GEM
       regexp_parser (~> 1.5)
       xpath (~> 3.2)
     coderay (1.1.3)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.8)
     crass (1.0.6)
     database_cleaner (1.8.5)
     diff-lcs (1.4.4)
-    email_validator (2.0.1)
+    email_validator (2.2.3)
       activemodel
-    erubi (1.9.0)
-    factory_bot (5.2.0)
-      activesupport (>= 4.2.0)
-    factory_bot_rails (5.2.0)
-      factory_bot (~> 5.2.0)
-      railties (>= 4.2.0)
-    ffi (1.13.1)
+    erb_lint (0.0.34)
+      activesupport
+      better_html (~> 1.0.7)
+      html_tokenizer
+      rainbow
+      rubocop (~> 0.79)
+      smart_properties
+    erubi (1.10.0)
+    factory_bot (6.1.0)
+      activesupport (>= 5.0.0)
+    factory_bot_rails (6.1.0)
+      factory_bot (~> 6.1.0)
+      railties (>= 5.0.0)
+    ffi (1.15.4)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    i18n (1.8.3)
+    globalid (0.5.2)
+      activesupport (>= 5.0)
+    html_tokenizer (0.0.7)
+    i18n (1.8.9)
       concurrent-ruby (~> 1.0)
-    loofah (2.6.0)
+    loofah (2.9.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
     method_source (1.0.0)
     mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.1)
-    nokogiri (1.10.10)
-      mini_portile2 (~> 2.4.0)
+    mini_portile2 (2.5.0)
+    minitest (5.14.4)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
+    parallel (1.19.2)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (3.1.1)
+    public_suffix (4.0.5)
+    racc (1.5.2)
     rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
+    rails-controller-testing (1.0.5)
+      actionpack (>= 5.0.1.rc1)
+      actionview (>= 5.0.1.rc1)
+      activesupport (>= 5.0.1.rc1)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.3.2)
-      actionpack (= 6.0.3.2)
-      activesupport (= 6.0.3.2)
+    railties (6.1.3)
+      actionpack (= 6.1.3)
+      activesupport (= 6.1.3)
       method_source
       rake (>= 0.8.7)
-      thor (>= 0.20.3, < 2.0)
-    rake (13.0.1)
+      thor (~> 1.0)
+    rainbow (3.0.0)
+    rake (13.0.3)
     regexp_parser (1.7.1)
+    rexml (3.2.5)
     rspec-core (3.9.2)
       rspec-support (~> 3.9.3)
     rspec-expectations (3.9.2)
@@ -138,32 +167,50 @@ GEM
       rspec-mocks (~> 3.9)
       rspec-support (~> 3.9)
     rspec-support (3.9.3)
+    rubocop (0.88.0)
+      parallel (~> 1.10)
+      parser (>= 2.7.1.1)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.7)
+      rexml
+      rubocop-ast (>= 0.1.0, < 1.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 2.0)
+    rubocop-ast (0.3.0)
+      parser (>= 2.7.1.4)
+    ruby-progressbar (1.10.1)
     shoulda-matchers (4.3.0)
       activesupport (>= 4.2.0)
-    thor (1.0.1)
-    thread_safe (0.3.6)
+    smart_properties (1.15.0)
+    sqlite3 (1.4.2)
+    thor (1.1.0)
     timecop (0.9.1)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (1.7.0)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.3.1)
+    zeitwerk (2.4.2)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  addressable (~> 2.6.0)
+  addressable
   ammeter
   appraisal
-  capybara (>= 2.6.2)
+  capybara
   clearance!
-  database_cleaner (~> 1.0)
-  factory_bot_rails (~> 5.0)
-  nokogiri (~> 1.10.0)
+  database_cleaner
+  erb_lint
+  factory_bot_rails
+  nokogiri
   pry
-  shoulda-matchers (~> 4.1)
-  timecop (~> 0.6)
+  rails-controller-testing
+  rspec-rails
+  shoulda-matchers
+  sqlite3
+  timecop
 
 BUNDLED WITH
-   2.1.2
+   2.1.4

data/NEWS.md

@@ -3,6 +3,54 @@
 The noteworthy changes for each Clearance version are included here. For a
 complete changelog, see the git history for each version via the version links.
 
+## [2.5.0] - September 10, 2021
+
+### Fixed
+
+- Fix open redirect vulnerability
+
+### Changed
+
+- Rename default branch to `main`
+
+[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
+
+## [2.4.0] - March 5, 2021
+
+### Added
+
+- Optionally use signed cookies to prevent remember token timing attacks
+
+[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
+
+## [2.3.1] - March 5, 2021
+
+### Fixed
+
+- Support for accessing Rails 6.x primary_key_type in generator.
+- Fix password reset URLs when using a custom model
+- Fix flaky test that relied on too specific time delta
+- Revert case sensitivity for email uniqueness
+- Bump nokogiri and actionview dependencies to address security vulnerabilities
+
+[2.3.1]: https://github.com/thoughtbot/clearance/compare/v2.3.0...v2.3.1
+
+## [2.3.0] - August 14, 2020
+
+### Fixed
+
+- Delete cookie correctly when a callable object is set as the custom domain
+  setting.
+- Strip `as` parameter when signing in through the back door.
+- Remove broken autoload for deprecated password strategies.
+
+### Changed
+
+- Deliver password reset email inline rather than in the background.
+- Remove unnecessary unsafe interpolation in erb templates.
+
+[2.3.0]: https://github.com/thoughtbot/clearance/compare/v2.2.0...v2.3.0
+
 ## [2.2.1] - August 7, 2020
 
 ### Fixed