clearance 2.3.1 → 2.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/tests.yml +5 -13
- data/Appraisals +9 -13
- data/{NEWS.md → CHANGELOG.md} +42 -1
- data/Gemfile.lock +122 -94
- data/README.md +34 -4
- data/app/controllers/clearance/passwords_controller.rb +6 -6
- data/app/controllers/clearance/sessions_controller.rb +1 -1
- data/app/controllers/clearance/users_controller.rb +1 -1
- data/app/views/passwords/new.html.erb +1 -1
- data/app/views/sessions/_form.html.erb +1 -1
- data/app/views/users/_form.html.erb +1 -1
- data/clearance.gemspec +2 -1
- data/db/schema.rb +2 -2
- data/gemfiles/rails_6.0.gemfile +2 -0
- data/gemfiles/rails_6.1.gemfile +1 -0
- data/gemfiles/rails_7.0.gemfile +21 -0
- data/lib/clearance/authentication.rb +3 -1
- data/lib/clearance/authorization.rb +9 -3
- data/lib/clearance/configuration.rb +18 -1
- data/lib/clearance/sign_in_guard.rb +2 -2
- data/lib/clearance/user.rb +2 -2
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/install_generator.rb +10 -6
- data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb.erb +15 -12
- data/lib/generators/clearance/install/templates/db/migrate/create_users.rb.erb +2 -1
- data/lib/generators/clearance/specs/templates/support/features/clearance_helpers.rb +1 -0
- data/spec/acceptance/clearance_installation_spec.rb +1 -0
- data/spec/app_templates/testapp/Gemfile +2 -0
- data/spec/configuration_spec.rb +8 -1
- data/spec/controllers/passwords_controller_spec.rb +86 -3
- data/spec/controllers/sessions_controller_spec.rb +22 -0
- data/spec/controllers/users_controller_spec.rb +14 -0
- data/spec/dummy/application.rb +6 -21
- data/spec/dummy/db/.keep +0 -0
- data/spec/generators/clearance/install/install_generator_spec.rb +6 -0
- data/spec/requests/password_maintenance_spec.rb +1 -0
- data/spec/spec_helper.rb +1 -5
- metadata +7 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cd4f8ec16fd316714fb0f5020e634855d109e260bd164f7b68947f3e36f9d7c7
|
4
|
+
data.tar.gz: 5a78cfeca3fc95dee50bba6bd81026f32692de107d6be1d7aca4541837f5d579
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6cdabe74719baedad2e9f8c221fd0abdd377856936fee0aa5b1572dd67c6a5b7925f01641116e0213ed2fcbe07cda870582acebd198aa57228fe4c0a2f90af9c
|
7
|
+
data.tar.gz: d0c1c9298dfdc961798bb65170f0b9b43d5eb6a25c956428cfa12ab7375be820e405d72e2c4ad34ed15c487bf7912bb6c17bb311e4a7768f302b6276f85e5920
|
data/.github/workflows/tests.yml
CHANGED
@@ -2,7 +2,7 @@ name: CI Tests
|
|
2
2
|
|
3
3
|
on:
|
4
4
|
push:
|
5
|
-
branches: "
|
5
|
+
branches: "main"
|
6
6
|
pull_request:
|
7
7
|
branches: "*"
|
8
8
|
|
@@ -16,21 +16,13 @@ jobs:
|
|
16
16
|
fail-fast: false
|
17
17
|
matrix:
|
18
18
|
gemfile:
|
19
|
-
- "5.0"
|
20
|
-
- "5.1"
|
21
|
-
- "5.2"
|
22
19
|
- "6.0"
|
23
20
|
- "6.1"
|
21
|
+
- "7.0"
|
24
22
|
ruby:
|
25
|
-
- "2.
|
26
|
-
- "
|
27
|
-
- "
|
28
|
-
- "2.7.2"
|
29
|
-
exclude:
|
30
|
-
- gemfile: "6.0"
|
31
|
-
ruby: "2.4.9"
|
32
|
-
- gemfile: "6.1"
|
33
|
-
ruby: "2.4.9"
|
23
|
+
- "2.7.6"
|
24
|
+
- "3.0.4"
|
25
|
+
- "3.1.2"
|
34
26
|
|
35
27
|
env:
|
36
28
|
BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile
|
data/Appraisals
CHANGED
@@ -1,18 +1,14 @@
|
|
1
|
-
appraise "
|
2
|
-
gem "railties", "~>
|
3
|
-
gem
|
4
|
-
gem
|
5
|
-
gem 'sqlite3', '~> 1.3.13'
|
6
|
-
end
|
7
|
-
|
8
|
-
appraise "rails_5.1" do
|
9
|
-
gem "railties", "~> 5.1"
|
1
|
+
appraise "rails_6.0" do
|
2
|
+
gem "railties", "~> 6.0"
|
3
|
+
gem "net-smtp", require: false # not bundled in ruby 3.1
|
4
|
+
gem "psych", "< 4" # psych 4 switched from unsafe load to safe load
|
10
5
|
end
|
11
6
|
|
12
|
-
appraise "
|
13
|
-
gem "railties", "~>
|
7
|
+
appraise "rails_6.1" do
|
8
|
+
gem "railties", "~> 6.1"
|
9
|
+
gem "net-smtp", require: false # not bundled in ruby 3.1
|
14
10
|
end
|
15
11
|
|
16
|
-
appraise "
|
17
|
-
gem "railties", "~>
|
12
|
+
appraise "rails_7.0" do
|
13
|
+
gem "railties", "~> 7.0"
|
18
14
|
end
|
data/{NEWS.md → CHANGELOG.md}
RENAMED
@@ -1,8 +1,47 @@
|
|
1
|
-
#
|
1
|
+
# CHANGELOG
|
2
2
|
|
3
3
|
The noteworthy changes for each Clearance version are included here. For a
|
4
4
|
complete changelog, see the git history for each version via the version links.
|
5
5
|
|
6
|
+
## [Unreleased]
|
7
|
+
|
8
|
+
[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.0...main
|
9
|
+
|
10
|
+
## [2.6.0] - June 12, 2022
|
11
|
+
|
12
|
+
- Drops support for Rails 5.0, 5.1 and 5.2, see https://endoflife.date/rails #964
|
13
|
+
- Drops support for Ruby 2.4, 2.5 and 2.6, see https://endoflife.date/ruby #964
|
14
|
+
- Adds support for Turbo with appropriate status codes #965
|
15
|
+
- Adds unique constraints on `remember_token` and `confirmation_token` #966
|
16
|
+
- Allows `user_parameter` to be configuration, e.g. `params[:custom_id]` instead of
|
17
|
+
`params[:user_id]` #782 (Bryan Marble)
|
18
|
+
- Updates SignInGuard documentation #950 (Matthew LS)
|
19
|
+
- Forward options in redirect_back_or helper (#968) (Matthew LS)
|
20
|
+
- Add configuration option to disable sign in after password reset (#969) (Till
|
21
|
+
Prochaska)
|
22
|
+
|
23
|
+
[2.6.0]: https://github.com/thoughtbot/clearance/compare/v2.5.0...v2.6.0
|
24
|
+
|
25
|
+
## [2.5.0] - September 10, 2021
|
26
|
+
|
27
|
+
### Fixed
|
28
|
+
|
29
|
+
- Fix open redirect vulnerability
|
30
|
+
|
31
|
+
### Changed
|
32
|
+
|
33
|
+
- Rename default branch to `main`
|
34
|
+
|
35
|
+
[2.5.0]: https://github.com/thoughtbot/clearance/compare/v2.4.0...v2.5.0
|
36
|
+
|
37
|
+
## [2.4.0] - March 5, 2021
|
38
|
+
|
39
|
+
### Added
|
40
|
+
|
41
|
+
- Optionally use signed cookies to prevent remember token timing attacks
|
42
|
+
|
43
|
+
[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
|
44
|
+
|
6
45
|
## [2.3.1] - March 5, 2021
|
7
46
|
|
8
47
|
### Fixed
|
@@ -13,6 +52,8 @@ complete changelog, see the git history for each version via the version links.
|
|
13
52
|
- Revert case sensitivity for email uniqueness
|
14
53
|
- Bump nokogiri and actionview dependencies to address security vulnerabilities
|
15
54
|
|
55
|
+
[2.3.1]: https://github.com/thoughtbot/clearance/compare/v2.3.0...v2.3.1
|
56
|
+
|
16
57
|
## [2.3.0] - August 14, 2020
|
17
58
|
|
18
59
|
### Fixed
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (2.
|
4
|
+
clearance (2.5.0)
|
5
5
|
actionmailer (>= 5.0)
|
6
6
|
activemodel (>= 5.0)
|
7
7
|
activerecord (>= 5.0)
|
@@ -13,55 +13,57 @@ PATH
|
|
13
13
|
GEM
|
14
14
|
remote: https://rubygems.org/
|
15
15
|
specs:
|
16
|
-
actionmailer (
|
17
|
-
actionpack (=
|
18
|
-
actionview (=
|
19
|
-
activejob (=
|
20
|
-
activesupport (=
|
16
|
+
actionmailer (7.0.3)
|
17
|
+
actionpack (= 7.0.3)
|
18
|
+
actionview (= 7.0.3)
|
19
|
+
activejob (= 7.0.3)
|
20
|
+
activesupport (= 7.0.3)
|
21
21
|
mail (~> 2.5, >= 2.5.4)
|
22
|
+
net-imap
|
23
|
+
net-pop
|
24
|
+
net-smtp
|
22
25
|
rails-dom-testing (~> 2.0)
|
23
|
-
actionpack (
|
24
|
-
actionview (=
|
25
|
-
activesupport (=
|
26
|
-
rack (~> 2.0, >= 2.0
|
26
|
+
actionpack (7.0.3)
|
27
|
+
actionview (= 7.0.3)
|
28
|
+
activesupport (= 7.0.3)
|
29
|
+
rack (~> 2.0, >= 2.2.0)
|
27
30
|
rack-test (>= 0.6.3)
|
28
31
|
rails-dom-testing (~> 2.0)
|
29
32
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
30
|
-
actionview (
|
31
|
-
activesupport (=
|
33
|
+
actionview (7.0.3)
|
34
|
+
activesupport (= 7.0.3)
|
32
35
|
builder (~> 3.1)
|
33
36
|
erubi (~> 1.4)
|
34
37
|
rails-dom-testing (~> 2.0)
|
35
38
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
36
|
-
activejob (
|
37
|
-
activesupport (=
|
39
|
+
activejob (7.0.3)
|
40
|
+
activesupport (= 7.0.3)
|
38
41
|
globalid (>= 0.3.6)
|
39
|
-
activemodel (
|
40
|
-
activesupport (=
|
41
|
-
activerecord (
|
42
|
-
activemodel (=
|
43
|
-
activesupport (=
|
44
|
-
activesupport (
|
42
|
+
activemodel (7.0.3)
|
43
|
+
activesupport (= 7.0.3)
|
44
|
+
activerecord (7.0.3)
|
45
|
+
activemodel (= 7.0.3)
|
46
|
+
activesupport (= 7.0.3)
|
47
|
+
activesupport (7.0.3)
|
45
48
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
46
49
|
i18n (>= 1.6, < 2)
|
47
50
|
minitest (>= 5.1)
|
48
51
|
tzinfo (~> 2.0)
|
49
|
-
|
50
|
-
addressable (2.7.0)
|
52
|
+
addressable (2.8.0)
|
51
53
|
public_suffix (>= 2.0.2, < 5.0)
|
52
|
-
ammeter (1.1.
|
54
|
+
ammeter (1.1.5)
|
53
55
|
activesupport (>= 3.0)
|
54
56
|
railties (>= 3.0)
|
55
57
|
rspec-rails (>= 2.2)
|
56
|
-
appraisal (2.
|
58
|
+
appraisal (2.4.1)
|
57
59
|
bundler
|
58
60
|
rake
|
59
61
|
thor (>= 0.14.0)
|
60
|
-
argon2 (2.
|
62
|
+
argon2 (2.1.1)
|
61
63
|
ffi (~> 1.14)
|
62
64
|
ffi-compiler (~> 1.0)
|
63
65
|
ast (2.4.2)
|
64
|
-
bcrypt (3.1.
|
66
|
+
bcrypt (3.1.18)
|
65
67
|
better_html (1.0.16)
|
66
68
|
actionview (>= 4.0)
|
67
69
|
activesupport (>= 4.0)
|
@@ -71,64 +73,87 @@ GEM
|
|
71
73
|
parser (>= 2.4)
|
72
74
|
smart_properties
|
73
75
|
builder (3.2.4)
|
74
|
-
capybara (3.
|
76
|
+
capybara (3.37.1)
|
75
77
|
addressable
|
78
|
+
matrix
|
76
79
|
mini_mime (>= 0.1.3)
|
77
80
|
nokogiri (~> 1.8)
|
78
81
|
rack (>= 1.6.0)
|
79
82
|
rack-test (>= 0.6.3)
|
80
|
-
regexp_parser (
|
83
|
+
regexp_parser (>= 1.5, < 3.0)
|
81
84
|
xpath (~> 3.2)
|
82
85
|
coderay (1.1.3)
|
83
|
-
concurrent-ruby (1.1.
|
86
|
+
concurrent-ruby (1.1.10)
|
84
87
|
crass (1.0.6)
|
85
|
-
database_cleaner (
|
86
|
-
|
87
|
-
|
88
|
+
database_cleaner (2.0.1)
|
89
|
+
database_cleaner-active_record (~> 2.0.0)
|
90
|
+
database_cleaner-active_record (2.0.1)
|
91
|
+
activerecord (>= 5.a)
|
92
|
+
database_cleaner-core (~> 2.0.0)
|
93
|
+
database_cleaner-core (2.0.1)
|
94
|
+
diff-lcs (1.5.0)
|
95
|
+
digest (3.1.0)
|
96
|
+
email_validator (2.2.3)
|
88
97
|
activemodel
|
89
|
-
erb_lint (0.
|
98
|
+
erb_lint (0.1.1)
|
90
99
|
activesupport
|
91
100
|
better_html (~> 1.0.7)
|
92
101
|
html_tokenizer
|
102
|
+
parser (>= 2.7.1.4)
|
93
103
|
rainbow
|
94
|
-
rubocop
|
104
|
+
rubocop
|
95
105
|
smart_properties
|
96
106
|
erubi (1.10.0)
|
97
|
-
factory_bot (6.1
|
107
|
+
factory_bot (6.2.1)
|
98
108
|
activesupport (>= 5.0.0)
|
99
|
-
factory_bot_rails (6.
|
100
|
-
factory_bot (~> 6.
|
109
|
+
factory_bot_rails (6.2.0)
|
110
|
+
factory_bot (~> 6.2.0)
|
101
111
|
railties (>= 5.0.0)
|
102
|
-
ffi (1.
|
112
|
+
ffi (1.15.5)
|
103
113
|
ffi-compiler (1.0.1)
|
104
114
|
ffi (>= 1.0.0)
|
105
115
|
rake
|
106
|
-
globalid (0.
|
107
|
-
activesupport (>=
|
116
|
+
globalid (1.0.0)
|
117
|
+
activesupport (>= 5.0)
|
108
118
|
html_tokenizer (0.0.7)
|
109
|
-
i18n (1.
|
119
|
+
i18n (1.10.0)
|
110
120
|
concurrent-ruby (~> 1.0)
|
111
|
-
loofah (2.
|
121
|
+
loofah (2.18.0)
|
112
122
|
crass (~> 1.0.2)
|
113
123
|
nokogiri (>= 1.5.9)
|
114
124
|
mail (2.7.1)
|
115
125
|
mini_mime (>= 0.1.1)
|
126
|
+
matrix (0.4.2)
|
116
127
|
method_source (1.0.0)
|
117
|
-
mini_mime (1.
|
118
|
-
mini_portile2 (2.
|
119
|
-
minitest (5.
|
120
|
-
|
121
|
-
|
128
|
+
mini_mime (1.1.2)
|
129
|
+
mini_portile2 (2.8.0)
|
130
|
+
minitest (5.15.0)
|
131
|
+
net-imap (0.2.3)
|
132
|
+
digest
|
133
|
+
net-protocol
|
134
|
+
strscan
|
135
|
+
net-pop (0.1.1)
|
136
|
+
digest
|
137
|
+
net-protocol
|
138
|
+
timeout
|
139
|
+
net-protocol (0.1.3)
|
140
|
+
timeout
|
141
|
+
net-smtp (0.3.1)
|
142
|
+
digest
|
143
|
+
net-protocol
|
144
|
+
timeout
|
145
|
+
nokogiri (1.13.6)
|
146
|
+
mini_portile2 (~> 2.8.0)
|
122
147
|
racc (~> 1.4)
|
123
|
-
parallel (1.
|
124
|
-
parser (3.
|
148
|
+
parallel (1.22.1)
|
149
|
+
parser (3.1.2.0)
|
125
150
|
ast (~> 2.4.1)
|
126
|
-
pry (0.
|
151
|
+
pry (0.14.1)
|
127
152
|
coderay (~> 1.1)
|
128
153
|
method_source (~> 1.0)
|
129
|
-
public_suffix (4.0.
|
130
|
-
racc (1.
|
131
|
-
rack (2.2.3)
|
154
|
+
public_suffix (4.0.7)
|
155
|
+
racc (1.6.0)
|
156
|
+
rack (2.2.3.1)
|
132
157
|
rack-test (1.1.0)
|
133
158
|
rack (>= 1.0, < 3)
|
134
159
|
rails-controller-testing (1.0.5)
|
@@ -138,59 +163,62 @@ GEM
|
|
138
163
|
rails-dom-testing (2.0.3)
|
139
164
|
activesupport (>= 4.2.0)
|
140
165
|
nokogiri (>= 1.6)
|
141
|
-
rails-html-sanitizer (1.3
|
166
|
+
rails-html-sanitizer (1.4.3)
|
142
167
|
loofah (~> 2.3)
|
143
|
-
railties (
|
144
|
-
actionpack (=
|
145
|
-
activesupport (=
|
168
|
+
railties (7.0.3)
|
169
|
+
actionpack (= 7.0.3)
|
170
|
+
activesupport (= 7.0.3)
|
146
171
|
method_source
|
147
|
-
rake (>=
|
172
|
+
rake (>= 12.2)
|
148
173
|
thor (~> 1.0)
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
174
|
+
zeitwerk (~> 2.5)
|
175
|
+
rainbow (3.1.1)
|
176
|
+
rake (13.0.6)
|
177
|
+
regexp_parser (2.5.0)
|
178
|
+
rexml (3.2.5)
|
179
|
+
rspec-core (3.11.0)
|
180
|
+
rspec-support (~> 3.11.0)
|
181
|
+
rspec-expectations (3.11.0)
|
156
182
|
diff-lcs (>= 1.2.0, < 2.0)
|
157
|
-
rspec-support (~> 3.
|
158
|
-
rspec-mocks (3.
|
183
|
+
rspec-support (~> 3.11.0)
|
184
|
+
rspec-mocks (3.11.1)
|
159
185
|
diff-lcs (>= 1.2.0, < 2.0)
|
160
|
-
rspec-support (~> 3.
|
161
|
-
rspec-rails (
|
162
|
-
actionpack (>=
|
163
|
-
activesupport (>=
|
164
|
-
railties (>=
|
165
|
-
rspec-core (~> 3.
|
166
|
-
rspec-expectations (~> 3.
|
167
|
-
rspec-mocks (~> 3.
|
168
|
-
rspec-support (~> 3.
|
169
|
-
rspec-support (3.
|
170
|
-
rubocop (
|
186
|
+
rspec-support (~> 3.11.0)
|
187
|
+
rspec-rails (5.1.2)
|
188
|
+
actionpack (>= 5.2)
|
189
|
+
activesupport (>= 5.2)
|
190
|
+
railties (>= 5.2)
|
191
|
+
rspec-core (~> 3.10)
|
192
|
+
rspec-expectations (~> 3.10)
|
193
|
+
rspec-mocks (~> 3.10)
|
194
|
+
rspec-support (~> 3.10)
|
195
|
+
rspec-support (3.11.0)
|
196
|
+
rubocop (1.30.1)
|
171
197
|
parallel (~> 1.10)
|
172
|
-
parser (>=
|
198
|
+
parser (>= 3.1.0.0)
|
173
199
|
rainbow (>= 2.2.2, < 4.0)
|
174
|
-
regexp_parser (>= 1.
|
175
|
-
rexml
|
176
|
-
rubocop-ast (>=
|
200
|
+
regexp_parser (>= 1.8, < 3.0)
|
201
|
+
rexml (>= 3.2.5, < 4.0)
|
202
|
+
rubocop-ast (>= 1.18.0, < 2.0)
|
177
203
|
ruby-progressbar (~> 1.7)
|
178
|
-
unicode-display_width (>= 1.4.0, <
|
179
|
-
rubocop-ast (
|
180
|
-
parser (>=
|
181
|
-
ruby-progressbar (1.
|
182
|
-
shoulda-matchers (
|
183
|
-
activesupport (>=
|
184
|
-
smart_properties (1.
|
204
|
+
unicode-display_width (>= 1.4.0, < 3.0)
|
205
|
+
rubocop-ast (1.18.0)
|
206
|
+
parser (>= 3.1.1.0)
|
207
|
+
ruby-progressbar (1.11.0)
|
208
|
+
shoulda-matchers (5.1.0)
|
209
|
+
activesupport (>= 5.2.0)
|
210
|
+
smart_properties (1.17.0)
|
185
211
|
sqlite3 (1.4.2)
|
186
|
-
|
187
|
-
|
212
|
+
strscan (3.0.3)
|
213
|
+
thor (1.2.1)
|
214
|
+
timecop (0.9.5)
|
215
|
+
timeout (0.3.0)
|
188
216
|
tzinfo (2.0.4)
|
189
217
|
concurrent-ruby (~> 1.0)
|
190
|
-
unicode-display_width (1.
|
218
|
+
unicode-display_width (2.1.0)
|
191
219
|
xpath (3.2.0)
|
192
220
|
nokogiri (~> 1.8)
|
193
|
-
zeitwerk (2.4
|
221
|
+
zeitwerk (2.5.4)
|
194
222
|
|
195
223
|
PLATFORMS
|
196
224
|
ruby
|
@@ -213,4 +241,4 @@ DEPENDENCIES
|
|
213
241
|
timecop
|
214
242
|
|
215
243
|
BUNDLED WITH
|
216
|
-
2.
|
244
|
+
2.3.15
|
data/README.md
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
# Clearance
|
2
2
|
|
3
|
-
[![Build Status](https://
|
3
|
+
[![Build Status](https://github.com/thoughtbot/clearance/actions/workflows/tests.yml/badge.svg)]( https://github.com/thoughtbot/clearance/actions/workflows/tests.yml?query=branch%3Amain)
|
4
4
|
[![Code Climate](https://codeclimate.com/github/thoughtbot/clearance.svg)](https://codeclimate.com/github/thoughtbot/clearance)
|
5
|
-
[![Documentation Quality](https://inch-ci.org/github/thoughtbot/clearance.svg?branch=
|
5
|
+
[![Documentation Quality](https://inch-ci.org/github/thoughtbot/clearance.svg?branch=main)](https://inch-ci.org/github/thoughtbot/clearance)
|
6
6
|
[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
|
7
7
|
|
8
8
|
Rails authentication with email & password.
|
@@ -19,7 +19,7 @@ monitored by contributors.
|
|
19
19
|
|
20
20
|
## Getting Started
|
21
21
|
|
22
|
-
Clearance is a Rails engine tested against Rails `>=
|
22
|
+
Clearance is a Rails engine tested against Rails `>= 6.0` and Ruby `>= 2.7.0`.
|
23
23
|
|
24
24
|
You can add it to your Gemfile with:
|
25
25
|
|
@@ -55,16 +55,18 @@ Clearance.configure do |config|
|
|
55
55
|
config.cookie_name = "remember_token"
|
56
56
|
config.cookie_path = "/"
|
57
57
|
config.routes = true
|
58
|
-
config.httponly =
|
58
|
+
config.httponly = true
|
59
59
|
config.mailer_sender = "reply@example.com"
|
60
60
|
config.password_strategy = Clearance::PasswordStrategies::BCrypt
|
61
61
|
config.redirect_url = "/"
|
62
62
|
config.rotate_csrf_on_sign_in = true
|
63
63
|
config.same_site = nil
|
64
64
|
config.secure_cookie = false
|
65
|
+
config.signed_cookie = false
|
65
66
|
config.sign_in_guards = []
|
66
67
|
config.user_model = "User"
|
67
68
|
config.parent_controller = "ApplicationController"
|
69
|
+
config.sign_in_on_password_reset = false
|
68
70
|
end
|
69
71
|
```
|
70
72
|
|
@@ -286,6 +288,33 @@ and `password` attributes. Over-riding the `email_optional?` or
|
|
286
288
|
`skip_password_validation?` methods to return `true` will disable those
|
287
289
|
validations from being added.
|
288
290
|
|
291
|
+
### Signed Cookies
|
292
|
+
|
293
|
+
By default, Clearance uses unsigned cookies. If you would like to use signed
|
294
|
+
cookies you can do so by overriding the default in an initializer like so:
|
295
|
+
|
296
|
+
```ruby
|
297
|
+
Clearance.configure do |config|
|
298
|
+
# ... other overrides
|
299
|
+
config.signed_cookie = true
|
300
|
+
end
|
301
|
+
```
|
302
|
+
|
303
|
+
If you are currently not using signed cookies but would like to migrate your
|
304
|
+
users over to them without breaking current sessions, you can do so by passing
|
305
|
+
in `:migrate` rather than `true` as so:
|
306
|
+
|
307
|
+
```ruby
|
308
|
+
Clearance.configure do |config|
|
309
|
+
# ... other overrides
|
310
|
+
config.signed_cookie = :migrate
|
311
|
+
end
|
312
|
+
```
|
313
|
+
|
314
|
+
You can read more about signed cookies in Clearance and why they are a good idea
|
315
|
+
in the [pull request that added them](https://github.com/thoughtbot/clearance/pull/917).
|
316
|
+
|
317
|
+
|
289
318
|
## Extending Sign In
|
290
319
|
|
291
320
|
By default, Clearance will sign in any user with valid credentials. If you need
|
@@ -321,6 +350,7 @@ end
|
|
321
350
|
```
|
322
351
|
|
323
352
|
```ruby
|
353
|
+
# app/guards/email_confirmation_guard.rb
|
324
354
|
class EmailConfirmationGuard < Clearance::SignInGuard
|
325
355
|
def call
|
326
356
|
if unconfirmed?
|
@@ -15,7 +15,7 @@ class Clearance::PasswordsController < Clearance::BaseController
|
|
15
15
|
deliver_email(user)
|
16
16
|
end
|
17
17
|
|
18
|
-
render template: "passwords/create"
|
18
|
+
render template: "passwords/create", status: :accepted
|
19
19
|
end
|
20
20
|
|
21
21
|
def edit
|
@@ -33,12 +33,12 @@ class Clearance::PasswordsController < Clearance::BaseController
|
|
33
33
|
@user = find_user_for_update
|
34
34
|
|
35
35
|
if @user.update_password(password_from_password_reset_params)
|
36
|
-
sign_in @user
|
37
|
-
redirect_to url_after_update
|
36
|
+
sign_in @user if Clearance.configuration.sign_in_on_password_reset?
|
37
|
+
redirect_to url_after_update, status: :see_other
|
38
38
|
session[:password_reset_token] = nil
|
39
39
|
else
|
40
40
|
flash_failure_after_update
|
41
|
-
render template: "passwords/edit"
|
41
|
+
render template: "passwords/edit", status: :unprocessable_entity
|
42
42
|
end
|
43
43
|
end
|
44
44
|
|
@@ -80,14 +80,14 @@ class Clearance::PasswordsController < Clearance::BaseController
|
|
80
80
|
def ensure_email_present
|
81
81
|
if email_from_password_params.blank?
|
82
82
|
flash_failure_when_missing_email
|
83
|
-
render template: "passwords/new"
|
83
|
+
render template: "passwords/new", status: :unprocessable_entity
|
84
84
|
end
|
85
85
|
end
|
86
86
|
|
87
87
|
def ensure_existing_user
|
88
88
|
unless find_user_by_id_and_confirmation_token
|
89
89
|
flash_failure_when_forbidden
|
90
|
-
render template: "passwords/new"
|
90
|
+
render template: "passwords/new", status: :unprocessable_entity
|
91
91
|
end
|
92
92
|
end
|
93
93
|
|
data/clearance.gemspec
CHANGED
data/db/schema.rb
CHANGED
@@ -23,6 +23,6 @@ ActiveRecord::Schema.define(version: 20110111224543) do
|
|
23
23
|
end
|
24
24
|
|
25
25
|
add_index "users", ["email"], name: "index_users_on_email"
|
26
|
-
add_index "users", ["
|
27
|
-
|
26
|
+
add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
|
27
|
+
add_index "users", ["remember_token"], name: "index_users_on_remember_token", unique: true
|
28
28
|
end
|
data/gemfiles/rails_6.0.gemfile
CHANGED