clearance 2.6.0 → 2.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cd4f8ec16fd316714fb0f5020e634855d109e260bd164f7b68947f3e36f9d7c7
-  data.tar.gz: 5a78cfeca3fc95dee50bba6bd81026f32692de107d6be1d7aca4541837f5d579
+  metadata.gz: 830820687a4cbb2e63c535692a8bbc1bfee75f747ef351362df0142317251e56
+  data.tar.gz: 559bc151b6cf7669f13c113c16e4275dbd687fe4c3daf77bb17e288bd982548e
 SHA512:
-  metadata.gz: 6cdabe74719baedad2e9f8c221fd0abdd377856936fee0aa5b1572dd67c6a5b7925f01641116e0213ed2fcbe07cda870582acebd198aa57228fe4c0a2f90af9c
-  data.tar.gz: d0c1c9298dfdc961798bb65170f0b9b43d5eb6a25c956428cfa12ab7375be820e405d72e2c4ad34ed15c487bf7912bb6c17bb311e4a7768f302b6276f85e5920
+  metadata.gz: d68f58f9428536f29d68348baaa4e616bd39f713933e986bff2977f5afce6d1fdf42a783f475de869d564a384b1414e737b2e34e63bf8bdb35dee53a1e234bf6
+  data.tar.gz: 26f780a332edc0358289d87e924749078366d08e9490574e7a5943a61abbe19f16a4cd13dc947f10bddf6733aff3c405aa2e94e33787dd618b9218dd3cc334cb

data/.github/workflows/tests.yml

@@ -19,10 +19,12 @@ jobs:
           - "6.0"
           - "6.1"
           - "7.0"
+          - "7.1"
         ruby:
           - "2.7.6"
           - "3.0.4"
           - "3.1.2"
+          - "3.2.2"
 
     env:
       BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile
@@ -38,7 +40,9 @@ jobs:
           bundler-cache: true
 
       - name: "Reset app database"
-        run: bundle exec rake dummy:db:reset
+        run: |
+          bundle exec rake dummy:db:drop
+          bundle exec rake dummy:db:setup
 
       - name: "Run tests"
         run: bundle exec rake

data/Appraisals

@@ -1,14 +1,18 @@
 appraise "rails_6.0" do
-  gem "railties", "~> 6.0"
+  gem "railties", "~> 6.0.0"
   gem "net-smtp", require: false # not bundled in ruby 3.1
   gem "psych", "< 4" # psych 4 switched from unsafe load to safe load
 end
 
 appraise "rails_6.1" do
-  gem "railties", "~> 6.1"
+  gem "railties", "~> 6.1.0"
   gem "net-smtp", require: false # not bundled in ruby 3.1
 end
 
 appraise "rails_7.0" do
-  gem "railties", "~> 7.0"
+  gem "railties", "~> 7.0.0"
+end
+
+appraise "rails_7.1" do
+  gem "railties", "~> 7.1.0"
 end

data/CHANGELOG.md

@@ -5,7 +5,27 @@ complete changelog, see the git history for each version via the version links.
 
 ## [Unreleased]
 
-[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.0...main
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.2...main
+
+## [2.6.2] January 15, 2024
+- Fix typo in Clearance::Token docs (#1000) Gabe Berke-Williams
+- Add CODEOWNERS file (#994)
+- Add support for Rails 7.1 (#995) Samuel Giddens
+- Fix for setup & CI for Rails 7.1 support, update "MiniTest" to "Minitest",
+add handling for different versions of Rack::Utils.set_cookie_header!, remove
+deprecated active record handling in application.rb (#998)
+- Update argon2 to v2.2.0 (#989) Georg Leciejewski
+- Prefer literal hash creation notation (#984) Ivan Marynych
+- Add Ruby 3.2.2 to testing matrix (#991)
+- Replace mentions of NEWS.md with CHANGELOG.md (#982)
+- Fix broken thoughtbot logo on README.md
+
+## [2.6.1] - September 23, 2022
+- Document how to report security issues
+- Only update the `env["QUERY_STRING"]` if the `as` parameter is present in
+  backdoor middleware
+
+[2.6.1]: https://github.com/thoughtbot/clearance/compare/v2.6.0...v2.6.1
 
 ## [2.6.0] - June 12, 2022
 

data/CODEOWNERS

@@ -0,0 +1 @@
+*       @sej3506

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.5.0)
+    clearance (2.6.2)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -59,11 +59,11 @@ GEM
       bundler
       rake
       thor (>= 0.14.0)
-    argon2 (2.1.1)
-      ffi (~> 1.14)
+    argon2 (2.3.0)
+      ffi (~> 1.15)
       ffi-compiler (~> 1.0)
     ast (2.4.2)
-    bcrypt (3.1.18)
+    bcrypt (3.1.20)
     better_html (1.0.16)
       actionview (>= 4.0)
       activesupport (>= 4.0)
@@ -91,9 +91,9 @@ GEM
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
+    date (3.3.4)
     diff-lcs (1.5.0)
-    digest (3.1.0)
-    email_validator (2.2.3)
+    email_validator (2.2.4)
       activemodel
     erb_lint (0.1.1)
       activesupport
@@ -109,39 +109,37 @@ GEM
     factory_bot_rails (6.2.0)
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
-    ffi (1.15.5)
+    ffi (1.16.3)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
-    globalid (1.0.0)
-      activesupport (>= 5.0)
+    globalid (1.2.1)
+      activesupport (>= 6.1)
     html_tokenizer (0.0.7)
     i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     loofah (2.18.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.1)
+    mail (2.8.1)
       mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
     matrix (0.4.2)
     method_source (1.0.0)
     mini_mime (1.1.2)
     mini_portile2 (2.8.0)
     minitest (5.15.0)
-    net-imap (0.2.3)
-      digest
+    net-imap (0.4.9)
+      date
       net-protocol
-      strscan
-    net-pop (0.1.1)
-      digest
+    net-pop (0.1.2)
       net-protocol
+    net-protocol (0.2.2)
       timeout
-    net-protocol (0.1.3)
-      timeout
-    net-smtp (0.3.1)
-      digest
+    net-smtp (0.4.0)
       net-protocol
-      timeout
     nokogiri (1.13.6)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
@@ -209,10 +207,9 @@ GEM
       activesupport (>= 5.2.0)
     smart_properties (1.17.0)
     sqlite3 (1.4.2)
-    strscan (3.0.3)
     thor (1.2.1)
     timecop (0.9.5)
-    timeout (0.3.0)
+    timeout (0.4.1)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.1.0)

data/README.md

@@ -475,6 +475,10 @@ Thank you, [contributors]!
 [CONTRIBUTING.md]: /CONTRIBUTING.md
 [contributors]: https://github.com/thoughtbot/clearance/graphs/contributors
 
+## Security
+
+For security issues it's better to contact <security@thoughtbot.com> (See <https://thoughtbot.com/security>)
+
 ## License
 
 Clearance is copyright © 2009-2019 thoughtbot. It is free software, and may be
@@ -484,7 +488,7 @@ redistributed under the terms specified in the [`LICENSE`] file.
 
 ## About thoughtbot
 
-![thoughtbot](http://presskit.thoughtbot.com/images/thoughtbot-logo-for-readmes.svg)
+![thoughtbot](https://thoughtbot.com/brand_assets/93:44.svg)
 
 Clearance is maintained and funded by thoughtbot, inc.
 The names and logos for thoughtbot are trademarks of thoughtbot, inc.

data/RELEASING.md

@@ -2,7 +2,7 @@
 
 1. Update version file accordingly.
 1. Run `bundle install` to update Gemfile.lock
-1. Update `NEWS.md` to reflect the changes since last release.
+1. Update `CHANGELOG.md` to reflect the changes since last release.
 1. Commit changes.
    There shouldn't be code changes,
    and thus CI doesn't need to run,
@@ -16,7 +16,7 @@
     gem build clearance.gemspec
     gem push clearance-*.gem
     ```
-1. Add a new GitHub release using the recent `NEWS.md` as the content. Sample
+1. Add a new GitHub release using the recent `CHANGELOG.md` as the content. Sample
    URL: https://github.com/thoughtbot/clearance/releases/new?tag=vVERSION
 1. Announce the new release,
    making sure to say "thank you" to the contributors

data/app/controllers/clearance/users_controller.rb

@@ -41,6 +41,6 @@ class Clearance::UsersController < Clearance::BaseController
   end
 
   def user_params
-    params[Clearance.configuration.user_parameter] || Hash.new
+    params[Clearance.configuration.user_parameter] || {}
   end
 end

data/bin/setup

@@ -12,4 +12,5 @@ if [ -z "$CI" ]; then
 fi
 
 # Set up database for the application that Clearance tests against
-RAILS_ENV=test bundle exec rake dummy:db:reset
+RAILS_ENV=test bundle exec rake dummy:db:drop
+RAILS_ENV=test bundle exec rake dummy:db:setup

data/gemfiles/rails_6.0.gemfile

@@ -16,7 +16,7 @@ gem "rspec-rails"
 gem "shoulda-matchers"
 gem "sqlite3"
 gem "timecop"
-gem "railties", "~> 6.0"
+gem "railties", "~> 6.0.0"
 gem "net-smtp", require: false
 gem "psych", "< 4"
 

data/gemfiles/rails_6.1.gemfile

@@ -16,7 +16,7 @@ gem "rspec-rails"
 gem "shoulda-matchers"
 gem "sqlite3"
 gem "timecop"
-gem "railties", "~> 6.1"
+gem "railties", "~> 6.1.0"
 gem "net-smtp", require: false
 
 gemspec path: "../"

data/gemfiles/rails_7.0.gemfile

@@ -16,6 +16,6 @@ gem "rspec-rails"
 gem "shoulda-matchers"
 gem "sqlite3"
 gem "timecop"
-gem "railties", "~> 7.0"
+gem "railties", "~> 7.0.0"
 
 gemspec path: "../"

data/gemfiles/rails_7.1.gemfile

@@ -0,0 +1,21 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "addressable"
+gem "ammeter"
+gem "appraisal"
+gem "capybara"
+gem "database_cleaner"
+gem "erb_lint", require: false
+gem "factory_bot_rails"
+gem "nokogiri"
+gem "pry", require: false
+gem "rails-controller-testing"
+gem "rspec-rails"
+gem "shoulda-matchers"
+gem "sqlite3"
+gem "timecop"
+gem "railties", "~> 7.1.0"
+
+gemspec path: "../"

data/lib/clearance/authentication.rb

@@ -66,7 +66,12 @@ module Clearance
       clearance_session.sign_in(user, &block)
 
       if signed_in? && Clearance.configuration.rotate_csrf_on_sign_in?
-        session.delete(:_csrf_token)
+        if request.respond_to?(:reset_csrf_token)
+          # Rails 7.1+
+          request.reset_csrf_token
+        else
+          request.session.try(:delete, :_csrf_token)
+        end
         form_authenticity_token
       end
     end

data/lib/clearance/back_door.rb

@@ -50,9 +50,9 @@ module Clearance
     def sign_in_through_the_back_door(env)
       params = Rack::Utils.parse_query(env["QUERY_STRING"])
       user_param = params.delete("as")
-      env["QUERY_STRING"] = Rack::Utils.build_query(params)
 
       if user_param.present?
+        env["QUERY_STRING"] = Rack::Utils.build_query(params)
         user = find_user(user_param)
         env[:clearance].sign_in(user)
       end

data/lib/clearance/session.rb

@@ -185,10 +185,8 @@ module Clearance
 
     # @api private
     def delete_cookie_options
-      Hash.new.tap do |options|
-        if configured_cookie_domain
-          options[:domain] = domain
-        end
+      {}.tap do |options|
+        options[:domain] = domain if configured_cookie_domain
       end
     end
 

data/lib/clearance/testing/deny_access_matcher.rb

@@ -90,7 +90,7 @@ module Clearance
             @failure_message_when_negated <<
               "Didn't expect to redirect to #{@url}."
             true
-          rescue MiniTest::Assertion, ::Test::Unit::AssertionFailedError
+          rescue ::Minitest::Assertion, ::Test::Unit::AssertionFailedError
             @failure_message << "Expected to redirect to #{@url} but did not."
             false
           end

data/lib/clearance/token.rb

@@ -1,8 +1,8 @@
 module Clearance
   # Random token used for password reset and remember tokens.
-  # Clearance tokens are also public API and are inteded to be used anywhere you
-  # need a random token to correspond to a given user (e.g. you added an email
-  # confirmation token).
+  # Clearance tokens are also public API and are intended to be used anywhere
+  # you need a random token to correspond to a given user (e.g. you added an
+  # email confirmation token).
   class Token
     # Generate a new random, 20 byte hex token.
     #

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.6.0".freeze
+  VERSION = "2.6.2".freeze
 end

data/spec/clearance/session_spec.rb

@@ -472,7 +472,8 @@ describe Clearance::Session do
       Rack::Utils.set_cookie_header! header, key, value
     end
 
-    header['Set-Cookie']
+    cookie = header["set-cookie"] || header["Set-Cookie"]
+    cookie
   end
 
   def have_been_called

data/spec/dummy/application.rb

@@ -19,12 +19,6 @@ module Dummy
     config.paths["log"] = "tmp/log/development.log"
     config.paths.add "config/routes.rb", with: "#{APP_ROOT}/config/routes.rb"
 
-    if Rails.version.match?(/^6.0/)
-      config.active_record.sqlite3.represent_boolean_as_integer = true
-    else
-      config.active_record.legacy_connection_handling = false
-    end
-
     def require_environment!
       initialize!
     end

data/spec/requests/cookie_options_spec.rb

@@ -40,7 +40,7 @@ describe "Cookie options" do
       it { should_have_one_remember_token }
 
       it "should have the httponly flag set" do
-        expect(remember_token_cookies.last).to match(/HttpOnly/)
+        expect(remember_token_cookies.last.downcase).to match(/httponly/)
       end
     end
   end

data/spec/support/cookies.rb

@@ -36,7 +36,7 @@ RSpec::Matchers.define :set_cookie do |name, expected_value, expected_expires_at
   end
 
   def extract_cookies
-    @cookie_headers = @headers['Set-Cookie'] || []
+    @cookie_headers = @headers["Set-Cookie"] || @headers["set-cookie"] || []
     @cookie_headers = [@cookie_headers] if @cookie_headers.respond_to?(:to_str)
   end
 

data/spec/support/request_with_remember_token.rb

@@ -16,7 +16,8 @@ module RememberTokenHelpers
   end
 
   def remember_token_cookies
-    cookie_lines = headers["Set-Cookie"].lines.map(&:chomp)
+    set_cookie_header = headers["Set-Cookie"] || headers["set-cookie"]
+    cookie_lines = Array(set_cookie_header).join("\n").lines.map(&:chomp)
     cookie_lines.select { |name| name =~ /^remember_token/ }
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.6.0
+  version: 2.6.2
 platform: ruby
 authors:
 - Dan Croak
@@ -26,7 +26,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-12 00:00:00.000000000 Z
+date: 2024-01-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -151,6 +151,7 @@ files:
 - ".yardopts"
 - Appraisals
 - CHANGELOG.md
+- CODEOWNERS
 - CONTRIBUTING.md
 - Gemfile
 - Gemfile.lock
@@ -187,6 +188,7 @@ files:
 - gemfiles/rails_6.0.gemfile
 - gemfiles/rails_6.1.gemfile
 - gemfiles/rails_7.0.gemfile
+- gemfiles/rails_7.1.gemfile
 - lib/clearance.rb
 - lib/clearance/authentication.rb
 - lib/clearance/authorization.rb