clearance 2.6.1 → 2.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/dynamic-readme.yml +19 -0
- data/.github/workflows/tests.yml +5 -3
- data/Appraisals +6 -8
- data/CHANGELOG.md +24 -1
- data/CODEOWNERS +1 -0
- data/Gemfile.lock +22 -25
- data/README.md +16 -17
- data/RELEASING.md +2 -2
- data/app/controllers/clearance/sessions_controller.rb +1 -1
- data/app/controllers/clearance/users_controller.rb +1 -1
- data/bin/setup +2 -1
- data/gemfiles/rails_6.1.gemfile +1 -1
- data/gemfiles/rails_7.0.gemfile +1 -1
- data/gemfiles/{rails_5.1.gemfile → rails_7.1.gemfile} +1 -1
- data/lib/clearance/authentication.rb +6 -1
- data/lib/clearance/authorization.rb +1 -1
- data/lib/clearance/configuration.rb +16 -0
- data/lib/clearance/session.rb +2 -4
- data/lib/clearance/testing/deny_access_matcher.rb +1 -1
- data/lib/clearance/token.rb +3 -3
- data/lib/clearance/version.rb +1 -1
- data/spec/clearance/session_spec.rb +2 -1
- data/spec/configuration_spec.rb +28 -0
- data/spec/controllers/passwords_controller_spec.rb +6 -6
- data/spec/controllers/permissions_controller_spec.rb +1 -1
- data/spec/controllers/sessions_controller_spec.rb +19 -1
- data/spec/dummy/application.rb +0 -6
- data/spec/requests/cookie_options_spec.rb +1 -1
- data/spec/support/cookies.rb +1 -1
- data/spec/support/html_escape_helper.rb +13 -0
- data/spec/support/request_with_remember_token.rb +2 -1
- metadata +6 -6
- data/gemfiles/rails_5.0.gemfile +0 -21
- data/gemfiles/rails_5.2.gemfile +0 -21
- data/gemfiles/rails_6.0.gemfile +0 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f43e65fb98c36167f024899806818f771cabf396d1c1e147f4a21d1bdccb37dd
|
4
|
+
data.tar.gz: 42a88e8b50b98b5414b923fda5775e1998223791ffe2fcee00ca03163c7f9a50
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 680e0a4d6cebe218f7d8fffeadebcdcd9a160cb9a562a5cef3f876ad118556d4caa4338b40e3dd0135e3ee89e47a8034593d6131ee8eeb4ec7f47062b1aafe3a
|
7
|
+
data.tar.gz: cbc137fa5f3f722f28f99c1537909ed27b3b54e5df3aee37b4c7954e2b3e6c452a900f034239072196796171703eb27c3e859edc69b08bb35762bd260f0253a4
|
@@ -0,0 +1,19 @@
|
|
1
|
+
name: update-templates
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches:
|
6
|
+
- main
|
7
|
+
paths:
|
8
|
+
- README.md
|
9
|
+
workflow_dispatch:
|
10
|
+
|
11
|
+
jobs:
|
12
|
+
update-templates:
|
13
|
+
permissions:
|
14
|
+
contents: write
|
15
|
+
pull-requests: write
|
16
|
+
pages: write
|
17
|
+
uses: thoughtbot/templates/.github/workflows/dynamic-readme.yaml@main
|
18
|
+
secrets:
|
19
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
data/.github/workflows/tests.yml
CHANGED
@@ -16,13 +16,13 @@ jobs:
|
|
16
16
|
fail-fast: false
|
17
17
|
matrix:
|
18
18
|
gemfile:
|
19
|
-
- "6.0"
|
20
19
|
- "6.1"
|
21
20
|
- "7.0"
|
21
|
+
- "7.1"
|
22
22
|
ruby:
|
23
|
-
- "2.7.6"
|
24
23
|
- "3.0.4"
|
25
24
|
- "3.1.2"
|
25
|
+
- "3.2.2"
|
26
26
|
|
27
27
|
env:
|
28
28
|
BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile
|
@@ -38,7 +38,9 @@ jobs:
|
|
38
38
|
bundler-cache: true
|
39
39
|
|
40
40
|
- name: "Reset app database"
|
41
|
-
run:
|
41
|
+
run: |
|
42
|
+
bundle exec rake dummy:db:drop
|
43
|
+
bundle exec rake dummy:db:setup
|
42
44
|
|
43
45
|
- name: "Run tests"
|
44
46
|
run: bundle exec rake
|
data/Appraisals
CHANGED
@@ -1,14 +1,12 @@
|
|
1
|
-
appraise "rails_6.0" do
|
2
|
-
gem "railties", "~> 6.0"
|
3
|
-
gem "net-smtp", require: false # not bundled in ruby 3.1
|
4
|
-
gem "psych", "< 4" # psych 4 switched from unsafe load to safe load
|
5
|
-
end
|
6
|
-
|
7
1
|
appraise "rails_6.1" do
|
8
|
-
gem "railties", "~> 6.1"
|
2
|
+
gem "railties", "~> 6.1.0"
|
9
3
|
gem "net-smtp", require: false # not bundled in ruby 3.1
|
10
4
|
end
|
11
5
|
|
12
6
|
appraise "rails_7.0" do
|
13
|
-
gem "railties", "~> 7.0"
|
7
|
+
gem "railties", "~> 7.0.0"
|
8
|
+
end
|
9
|
+
|
10
|
+
appraise "rails_7.1" do
|
11
|
+
gem "railties", "~> 7.1.0"
|
14
12
|
end
|
data/CHANGELOG.md
CHANGED
@@ -5,7 +5,30 @@ complete changelog, see the git history for each version via the version links.
|
|
5
5
|
|
6
6
|
## [Unreleased]
|
7
7
|
|
8
|
-
[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.
|
8
|
+
[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.0...main
|
9
|
+
|
10
|
+
## [2.7.0] - April 19, 2024
|
11
|
+
- Call dynamic README workflow (#1004)
|
12
|
+
- Drop Ruby 2.76 and Rails 6.0 (#1005)
|
13
|
+
- Update specs to match on translations (#1015)
|
14
|
+
- Add configuration options for failure method redirects (#1002) Dan Sharp
|
15
|
+
|
16
|
+
[2.7.0]: https://github.com/thoughtbot/clearance/compare/v2.6.2...v2.7.0
|
17
|
+
|
18
|
+
## [2.6.2] - January 15, 2024
|
19
|
+
- Fix typo in Clearance::Token docs (#1000) Gabe Berke-Williams
|
20
|
+
- Add CODEOWNERS file (#994)
|
21
|
+
- Add support for Rails 7.1 (#995) Samuel Giddens
|
22
|
+
- Fix for setup & CI for Rails 7.1 support, update "MiniTest" to "Minitest",
|
23
|
+
add handling for different versions of Rack::Utils.set_cookie_header!, remove
|
24
|
+
deprecated active record handling in application.rb (#998)
|
25
|
+
- Update argon2 to v2.2.0 (#989) Georg Leciejewski
|
26
|
+
- Prefer literal hash creation notation (#984) Ivan Marynych
|
27
|
+
- Add Ruby 3.2.2 to testing matrix (#991)
|
28
|
+
- Replace mentions of NEWS.md with CHANGELOG.md (#982)
|
29
|
+
- Fix broken thoughtbot logo on README.md
|
30
|
+
|
31
|
+
[2.6.2]: https://github.com/thoughtbot/clearance/compare/v2.6.1...v2.6.2
|
9
32
|
|
10
33
|
## [2.6.1] - September 23, 2022
|
11
34
|
- Document how to report security issues
|
data/CODEOWNERS
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
* @sej3506
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (2.
|
4
|
+
clearance (2.7.0)
|
5
5
|
actionmailer (>= 5.0)
|
6
6
|
activemodel (>= 5.0)
|
7
7
|
activerecord (>= 5.0)
|
@@ -59,11 +59,11 @@ GEM
|
|
59
59
|
bundler
|
60
60
|
rake
|
61
61
|
thor (>= 0.14.0)
|
62
|
-
argon2 (2.
|
63
|
-
ffi (~> 1.
|
62
|
+
argon2 (2.3.0)
|
63
|
+
ffi (~> 1.15)
|
64
64
|
ffi-compiler (~> 1.0)
|
65
65
|
ast (2.4.2)
|
66
|
-
bcrypt (3.1.
|
66
|
+
bcrypt (3.1.20)
|
67
67
|
better_html (1.0.16)
|
68
68
|
actionview (>= 4.0)
|
69
69
|
activesupport (>= 4.0)
|
@@ -91,9 +91,9 @@ GEM
|
|
91
91
|
activerecord (>= 5.a)
|
92
92
|
database_cleaner-core (~> 2.0.0)
|
93
93
|
database_cleaner-core (2.0.1)
|
94
|
+
date (3.3.4)
|
94
95
|
diff-lcs (1.5.0)
|
95
|
-
|
96
|
-
email_validator (2.2.3)
|
96
|
+
email_validator (2.2.4)
|
97
97
|
activemodel
|
98
98
|
erb_lint (0.1.1)
|
99
99
|
activesupport
|
@@ -109,39 +109,37 @@ GEM
|
|
109
109
|
factory_bot_rails (6.2.0)
|
110
110
|
factory_bot (~> 6.2.0)
|
111
111
|
railties (>= 5.0.0)
|
112
|
-
ffi (1.
|
113
|
-
ffi-compiler (1.
|
114
|
-
ffi (>= 1.
|
112
|
+
ffi (1.16.3)
|
113
|
+
ffi-compiler (1.3.2)
|
114
|
+
ffi (>= 1.15.5)
|
115
115
|
rake
|
116
|
-
globalid (1.
|
117
|
-
activesupport (>=
|
116
|
+
globalid (1.2.1)
|
117
|
+
activesupport (>= 6.1)
|
118
118
|
html_tokenizer (0.0.7)
|
119
119
|
i18n (1.10.0)
|
120
120
|
concurrent-ruby (~> 1.0)
|
121
121
|
loofah (2.18.0)
|
122
122
|
crass (~> 1.0.2)
|
123
123
|
nokogiri (>= 1.5.9)
|
124
|
-
mail (2.
|
124
|
+
mail (2.8.1)
|
125
125
|
mini_mime (>= 0.1.1)
|
126
|
+
net-imap
|
127
|
+
net-pop
|
128
|
+
net-smtp
|
126
129
|
matrix (0.4.2)
|
127
130
|
method_source (1.0.0)
|
128
131
|
mini_mime (1.1.2)
|
129
132
|
mini_portile2 (2.8.0)
|
130
133
|
minitest (5.15.0)
|
131
|
-
net-imap (0.
|
132
|
-
|
134
|
+
net-imap (0.4.10)
|
135
|
+
date
|
133
136
|
net-protocol
|
134
|
-
|
135
|
-
net-pop (0.1.1)
|
136
|
-
digest
|
137
|
+
net-pop (0.1.2)
|
137
138
|
net-protocol
|
139
|
+
net-protocol (0.2.2)
|
138
140
|
timeout
|
139
|
-
net-
|
140
|
-
timeout
|
141
|
-
net-smtp (0.3.1)
|
142
|
-
digest
|
141
|
+
net-smtp (0.5.0)
|
143
142
|
net-protocol
|
144
|
-
timeout
|
145
143
|
nokogiri (1.13.6)
|
146
144
|
mini_portile2 (~> 2.8.0)
|
147
145
|
racc (~> 1.4)
|
@@ -173,7 +171,7 @@ GEM
|
|
173
171
|
thor (~> 1.0)
|
174
172
|
zeitwerk (~> 2.5)
|
175
173
|
rainbow (3.1.1)
|
176
|
-
rake (13.0
|
174
|
+
rake (13.1.0)
|
177
175
|
regexp_parser (2.5.0)
|
178
176
|
rexml (3.2.5)
|
179
177
|
rspec-core (3.11.0)
|
@@ -209,10 +207,9 @@ GEM
|
|
209
207
|
activesupport (>= 5.2.0)
|
210
208
|
smart_properties (1.17.0)
|
211
209
|
sqlite3 (1.4.2)
|
212
|
-
strscan (3.0.3)
|
213
210
|
thor (1.2.1)
|
214
211
|
timecop (0.9.5)
|
215
|
-
timeout (0.
|
212
|
+
timeout (0.4.1)
|
216
213
|
tzinfo (2.0.4)
|
217
214
|
concurrent-ruby (~> 1.0)
|
218
215
|
unicode-display_width (2.1.0)
|
data/README.md
CHANGED
@@ -19,7 +19,7 @@ monitored by contributors.
|
|
19
19
|
|
20
20
|
## Getting Started
|
21
21
|
|
22
|
-
Clearance is a Rails engine tested against Rails `>= 6.
|
22
|
+
Clearance is a Rails engine tested against Rails `>= 6.1` and Ruby `>= 3.0.0`.
|
23
23
|
|
24
24
|
You can add it to your Gemfile with:
|
25
25
|
|
@@ -59,6 +59,8 @@ Clearance.configure do |config|
|
|
59
59
|
config.mailer_sender = "reply@example.com"
|
60
60
|
config.password_strategy = Clearance::PasswordStrategies::BCrypt
|
61
61
|
config.redirect_url = "/"
|
62
|
+
config.url_after_destroy = nil
|
63
|
+
config.url_after_denied_access_when_signed_out = nil
|
62
64
|
config.rotate_csrf_on_sign_in = true
|
63
65
|
config.same_site = nil
|
64
66
|
config.secure_cookie = false
|
@@ -222,8 +224,16 @@ These "failure" methods are called for signed out sessions:
|
|
222
224
|
- `application#url_after_denied_access_when_signed_out`
|
223
225
|
- `sessions#url_after_destroy`
|
224
226
|
|
225
|
-
|
226
|
-
|
227
|
+
You can override the appropriate method in your subclassed controller or you
|
228
|
+
can set a configuration value for either of these URLs:
|
229
|
+
|
230
|
+
- `Clearance.configuration.url_after_denied_access_when_signed_out`
|
231
|
+
- `Clearance.configuration.url_after_destroy`
|
232
|
+
|
233
|
+
Both configurations default to `nil` and if not set will default to
|
234
|
+
`sign_in_url` in `sessions_controller.rb` and `authorization.rb` for backwards
|
235
|
+
compatibility.
|
236
|
+
|
227
237
|
|
228
238
|
### Views
|
229
239
|
|
@@ -481,21 +491,10 @@ For security issues it's better to contact <security@thoughtbot.com> (See <https
|
|
481
491
|
|
482
492
|
## License
|
483
493
|
|
484
|
-
Clearance is copyright © 2009
|
494
|
+
Clearance is copyright © 2009 thoughtbot. It is free software, and may be
|
485
495
|
redistributed under the terms specified in the [`LICENSE`] file.
|
486
496
|
|
487
497
|
[`LICENSE`]: /LICENSE
|
488
498
|
|
489
|
-
|
490
|
-
|
491
|
-
![thoughtbot](http://presskit.thoughtbot.com/images/thoughtbot-logo-for-readmes.svg)
|
492
|
-
|
493
|
-
Clearance is maintained and funded by thoughtbot, inc.
|
494
|
-
The names and logos for thoughtbot are trademarks of thoughtbot, inc.
|
495
|
-
|
496
|
-
We love open source software!
|
497
|
-
See [our other projects][community] or
|
498
|
-
[hire us][hire] to design, develop, and grow your product.
|
499
|
-
|
500
|
-
[community]: https://thoughtbot.com/community?utm_source=github
|
501
|
-
[hire]: https://thoughtbot.com/hire-us?utm_source=github
|
499
|
+
<!-- START /templates/footer.md -->
|
500
|
+
<!-- END /templates/footer.md -->
|
data/RELEASING.md
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
1. Update version file accordingly.
|
4
4
|
1. Run `bundle install` to update Gemfile.lock
|
5
|
-
1. Update `
|
5
|
+
1. Update `CHANGELOG.md` to reflect the changes since last release.
|
6
6
|
1. Commit changes.
|
7
7
|
There shouldn't be code changes,
|
8
8
|
and thus CI doesn't need to run,
|
@@ -16,7 +16,7 @@
|
|
16
16
|
gem build clearance.gemspec
|
17
17
|
gem push clearance-*.gem
|
18
18
|
```
|
19
|
-
1. Add a new GitHub release using the recent `
|
19
|
+
1. Add a new GitHub release using the recent `CHANGELOG.md` as the content. Sample
|
20
20
|
URL: https://github.com/thoughtbot/clearance/releases/new?tag=vVERSION
|
21
21
|
1. Announce the new release,
|
22
22
|
making sure to say "thank you" to the contributors
|
data/bin/setup
CHANGED
data/gemfiles/rails_6.1.gemfile
CHANGED
data/gemfiles/rails_7.0.gemfile
CHANGED
@@ -66,7 +66,12 @@ module Clearance
|
|
66
66
|
clearance_session.sign_in(user, &block)
|
67
67
|
|
68
68
|
if signed_in? && Clearance.configuration.rotate_csrf_on_sign_in?
|
69
|
-
|
69
|
+
if request.respond_to?(:reset_csrf_token)
|
70
|
+
# Rails 7.1+
|
71
|
+
request.reset_csrf_token
|
72
|
+
else
|
73
|
+
request.session.try(:delete, :_csrf_token)
|
74
|
+
end
|
70
75
|
form_authenticity_token
|
71
76
|
end
|
72
77
|
end
|
@@ -68,6 +68,20 @@ module Clearance
|
|
68
68
|
# @return [String]
|
69
69
|
attr_accessor :redirect_url
|
70
70
|
|
71
|
+
# The default path Clearance will redirect signed out users to.
|
72
|
+
# Defaults to `nil` so that the controller will use `sign_in_url`
|
73
|
+
# for backwards compatibility. This can be set here instead of overriding
|
74
|
+
# the method via an overridden session controller.
|
75
|
+
# @return [String]
|
76
|
+
attr_accessor :url_after_destroy
|
77
|
+
|
78
|
+
# The default path Clearance will redirect non-users to when denied access.
|
79
|
+
# Defaults to `nil` so that the authorization module will use `sign_in_url`
|
80
|
+
# for backwards compatibility. This can be set here instead of overriding
|
81
|
+
# the method via an overridden authorization module.
|
82
|
+
# @return [String]
|
83
|
+
attr_accessor :url_after_denied_access_when_signed_out
|
84
|
+
|
71
85
|
# Controls whether Clearance will rotate the CSRF token on sign in.
|
72
86
|
# Defaults to `nil` which generates a warning. Will default to true in
|
73
87
|
# Clearance 2.0.
|
@@ -140,6 +154,8 @@ module Clearance
|
|
140
154
|
@same_site = nil
|
141
155
|
@mailer_sender = 'reply@example.com'
|
142
156
|
@redirect_url = '/'
|
157
|
+
@url_after_destroy = nil
|
158
|
+
@url_after_denied_access_when_signed_out = nil
|
143
159
|
@rotate_csrf_on_sign_in = true
|
144
160
|
@routes = true
|
145
161
|
@secure_cookie = false
|
data/lib/clearance/session.rb
CHANGED
@@ -185,10 +185,8 @@ module Clearance
|
|
185
185
|
|
186
186
|
# @api private
|
187
187
|
def delete_cookie_options
|
188
|
-
|
189
|
-
if configured_cookie_domain
|
190
|
-
options[:domain] = domain
|
191
|
-
end
|
188
|
+
{}.tap do |options|
|
189
|
+
options[:domain] = domain if configured_cookie_domain
|
192
190
|
end
|
193
191
|
end
|
194
192
|
|
@@ -90,7 +90,7 @@ module Clearance
|
|
90
90
|
@failure_message_when_negated <<
|
91
91
|
"Didn't expect to redirect to #{@url}."
|
92
92
|
true
|
93
|
-
rescue
|
93
|
+
rescue ::Minitest::Assertion, ::Test::Unit::AssertionFailedError
|
94
94
|
@failure_message << "Expected to redirect to #{@url} but did not."
|
95
95
|
false
|
96
96
|
end
|
data/lib/clearance/token.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
module Clearance
|
2
2
|
# Random token used for password reset and remember tokens.
|
3
|
-
# Clearance tokens are also public API and are
|
4
|
-
# need a random token to correspond to a given user (e.g. you added an
|
5
|
-
# confirmation token).
|
3
|
+
# Clearance tokens are also public API and are intended to be used anywhere
|
4
|
+
# you need a random token to correspond to a given user (e.g. you added an
|
5
|
+
# email confirmation token).
|
6
6
|
class Token
|
7
7
|
# Generate a new random, 20 byte hex token.
|
8
8
|
#
|
data/lib/clearance/version.rb
CHANGED
data/spec/configuration_spec.rb
CHANGED
@@ -109,6 +109,34 @@ describe Clearance::Configuration do
|
|
109
109
|
end
|
110
110
|
end
|
111
111
|
|
112
|
+
context "when no url_after_destroy value specified" do
|
113
|
+
it "returns nil as the default" do
|
114
|
+
expect(Clearance::Configuration.new.url_after_destroy).to be_nil
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
context "when url_after_destroy value is specified" do
|
119
|
+
it "returns the url_after_destroy value" do
|
120
|
+
Clearance.configure { |config| config.url_after_destroy = "/redirect" }
|
121
|
+
|
122
|
+
expect(Clearance.configuration.url_after_destroy).to eq "/redirect"
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
context "when no url_after_denied_access_when_signed_out value specified" do
|
127
|
+
it "returns nil as the default" do
|
128
|
+
expect(Clearance::Configuration.new.url_after_denied_access_when_signed_out).to be_nil
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
context "when url_after_denied_access_when_signed_out value is specified" do
|
133
|
+
it "returns the url_after_denied_access_when_signed_out value" do
|
134
|
+
Clearance.configure { |config| config.url_after_denied_access_when_signed_out = "/redirect" }
|
135
|
+
|
136
|
+
expect(Clearance.configuration.url_after_denied_access_when_signed_out).to eq "/redirect"
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
112
140
|
context "when specifying sign in guards" do
|
113
141
|
it "returns the stack with added guards" do
|
114
142
|
DummyGuard = Class.new
|
@@ -33,7 +33,7 @@ describe Clearance::PasswordsController do
|
|
33
33
|
}
|
34
34
|
|
35
35
|
email = ActionMailer::Base.deliveries.last
|
36
|
-
expect(email.subject).to match(
|
36
|
+
expect(email.subject).to match(translated_string("passwords.edit.title"))
|
37
37
|
end
|
38
38
|
|
39
39
|
it "re-renders the page when turbo is enabled" do
|
@@ -53,7 +53,7 @@ describe Clearance::PasswordsController do
|
|
53
53
|
password: {},
|
54
54
|
}
|
55
55
|
|
56
|
-
expect(flash.now[:alert]).to match(
|
56
|
+
expect(flash.now[:alert]).to match(translated_string("flashes.failure_when_missing_email"))
|
57
57
|
expect(response).to render_template(:new)
|
58
58
|
end
|
59
59
|
|
@@ -74,7 +74,7 @@ describe Clearance::PasswordsController do
|
|
74
74
|
},
|
75
75
|
}
|
76
76
|
|
77
|
-
expect(flash.now[:alert]).to match(
|
77
|
+
expect(flash.now[:alert]).to match(translated_string("flashes.failure_when_missing_email"))
|
78
78
|
expect(response).to render_template(:new)
|
79
79
|
end
|
80
80
|
|
@@ -164,7 +164,7 @@ describe Clearance::PasswordsController do
|
|
164
164
|
}
|
165
165
|
|
166
166
|
expect(response).to render_template(:new)
|
167
|
-
expect(flash.now[:alert]).to match(
|
167
|
+
expect(flash.now[:alert]).to match(translated_string("flashes.failure_when_forbidden"))
|
168
168
|
end
|
169
169
|
end
|
170
170
|
|
@@ -178,7 +178,7 @@ describe Clearance::PasswordsController do
|
|
178
178
|
}
|
179
179
|
|
180
180
|
expect(response).to render_template(:new)
|
181
|
-
expect(flash.now[:alert]).to match(
|
181
|
+
expect(flash.now[:alert]).to match(translated_string("flashes.failure_when_forbidden"))
|
182
182
|
end
|
183
183
|
end
|
184
184
|
|
@@ -278,7 +278,7 @@ describe Clearance::PasswordsController do
|
|
278
278
|
new_password: "",
|
279
279
|
)
|
280
280
|
|
281
|
-
expect(flash.now[:alert]).to match(
|
281
|
+
expect(flash.now[:alert]).to match(translated_string("flashes.failure_after_update"))
|
282
282
|
expect(response).to have_http_status(:unprocessable_entity)
|
283
283
|
expect(response).to render_template(:edit)
|
284
284
|
end
|
@@ -58,7 +58,7 @@ describe PermissionsController do
|
|
58
58
|
it "denies access to show and display a flash message" do
|
59
59
|
get :show
|
60
60
|
|
61
|
-
expect(flash[:alert]).to match(
|
61
|
+
expect(flash[:alert]).to match(translated_string("flashes.failure_when_not_signed_in"))
|
62
62
|
end
|
63
63
|
end
|
64
64
|
|
@@ -41,7 +41,7 @@ describe Clearance::SessionsController do
|
|
41
41
|
}
|
42
42
|
|
43
43
|
expect(response).to render_template(:new)
|
44
|
-
expect(flash[:alert]).to match(
|
44
|
+
expect(flash[:alert]).to match(translated_string("flashes.failure_after_create"))
|
45
45
|
end
|
46
46
|
end
|
47
47
|
|
@@ -118,6 +118,12 @@ describe Clearance::SessionsController do
|
|
118
118
|
end
|
119
119
|
|
120
120
|
describe "on DELETE to #destroy" do
|
121
|
+
let(:configured_redirect_url) { nil }
|
122
|
+
|
123
|
+
before do
|
124
|
+
Clearance.configure { |config| config.url_after_destroy = configured_redirect_url }
|
125
|
+
end
|
126
|
+
|
121
127
|
context "given a signed out user" do
|
122
128
|
before do
|
123
129
|
sign_out
|
@@ -126,6 +132,12 @@ describe Clearance::SessionsController do
|
|
126
132
|
|
127
133
|
it { should redirect_to_url_after_destroy }
|
128
134
|
it { expect(response).to have_http_status(:see_other) }
|
135
|
+
|
136
|
+
context "when the custom redirect URL is set" do
|
137
|
+
let(:configured_redirect_url) { "/redirected" }
|
138
|
+
|
139
|
+
it { should redirect_to(configured_redirect_url) }
|
140
|
+
end
|
129
141
|
end
|
130
142
|
|
131
143
|
context "with a cookie" do
|
@@ -145,6 +157,12 @@ describe Clearance::SessionsController do
|
|
145
157
|
it "should unset the current user" do
|
146
158
|
expect(request.env[:clearance].current_user).to be_nil
|
147
159
|
end
|
160
|
+
|
161
|
+
context "when the custom redirect URL is set" do
|
162
|
+
let(:configured_redirect_url) { "/redirected" }
|
163
|
+
|
164
|
+
it { should redirect_to(configured_redirect_url) }
|
165
|
+
end
|
148
166
|
end
|
149
167
|
end
|
150
168
|
end
|
data/spec/dummy/application.rb
CHANGED
@@ -19,12 +19,6 @@ module Dummy
|
|
19
19
|
config.paths["log"] = "tmp/log/development.log"
|
20
20
|
config.paths.add "config/routes.rb", with: "#{APP_ROOT}/config/routes.rb"
|
21
21
|
|
22
|
-
if Rails.version.match?(/^6.0/)
|
23
|
-
config.active_record.sqlite3.represent_boolean_as_integer = true
|
24
|
-
else
|
25
|
-
config.active_record.legacy_connection_handling = false
|
26
|
-
end
|
27
|
-
|
28
22
|
def require_environment!
|
29
23
|
initialize!
|
30
24
|
end
|
@@ -40,7 +40,7 @@ describe "Cookie options" do
|
|
40
40
|
it { should_have_one_remember_token }
|
41
41
|
|
42
42
|
it "should have the httponly flag set" do
|
43
|
-
expect(remember_token_cookies.last).to match(/
|
43
|
+
expect(remember_token_cookies.last.downcase).to match(/httponly/)
|
44
44
|
end
|
45
45
|
end
|
46
46
|
end
|
data/spec/support/cookies.rb
CHANGED
@@ -36,7 +36,7 @@ RSpec::Matchers.define :set_cookie do |name, expected_value, expected_expires_at
|
|
36
36
|
end
|
37
37
|
|
38
38
|
def extract_cookies
|
39
|
-
@cookie_headers = @headers[
|
39
|
+
@cookie_headers = @headers["Set-Cookie"] || @headers["set-cookie"] || []
|
40
40
|
@cookie_headers = [@cookie_headers] if @cookie_headers.respond_to?(:to_str)
|
41
41
|
end
|
42
42
|
|
@@ -16,7 +16,8 @@ module RememberTokenHelpers
|
|
16
16
|
end
|
17
17
|
|
18
18
|
def remember_token_cookies
|
19
|
-
|
19
|
+
set_cookie_header = headers["Set-Cookie"] || headers["set-cookie"]
|
20
|
+
cookie_lines = Array(set_cookie_header).join("\n").lines.map(&:chomp)
|
20
21
|
cookie_lines.select { |name| name =~ /^remember_token/ }
|
21
22
|
end
|
22
23
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clearance
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dan Croak
|
@@ -26,7 +26,7 @@ authors:
|
|
26
26
|
autorequire:
|
27
27
|
bindir: bin
|
28
28
|
cert_chain: []
|
29
|
-
date:
|
29
|
+
date: 2024-04-19 00:00:00.000000000 Z
|
30
30
|
dependencies:
|
31
31
|
- !ruby/object:Gem::Dependency
|
32
32
|
name: bcrypt
|
@@ -146,11 +146,13 @@ extra_rdoc_files:
|
|
146
146
|
- README.md
|
147
147
|
files:
|
148
148
|
- ".erb-lint.yml"
|
149
|
+
- ".github/workflows/dynamic-readme.yml"
|
149
150
|
- ".github/workflows/tests.yml"
|
150
151
|
- ".gitignore"
|
151
152
|
- ".yardopts"
|
152
153
|
- Appraisals
|
153
154
|
- CHANGELOG.md
|
155
|
+
- CODEOWNERS
|
154
156
|
- CONTRIBUTING.md
|
155
157
|
- Gemfile
|
156
158
|
- Gemfile.lock
|
@@ -181,12 +183,9 @@ files:
|
|
181
183
|
- config/routes.rb
|
182
184
|
- db/migrate/20110111224543_create_clearance_users.rb
|
183
185
|
- db/schema.rb
|
184
|
-
- gemfiles/rails_5.0.gemfile
|
185
|
-
- gemfiles/rails_5.1.gemfile
|
186
|
-
- gemfiles/rails_5.2.gemfile
|
187
|
-
- gemfiles/rails_6.0.gemfile
|
188
186
|
- gemfiles/rails_6.1.gemfile
|
189
187
|
- gemfiles/rails_7.0.gemfile
|
188
|
+
- gemfiles/rails_7.1.gemfile
|
190
189
|
- lib/clearance.rb
|
191
190
|
- lib/clearance/authentication.rb
|
192
191
|
- lib/clearance/authorization.rb
|
@@ -292,6 +291,7 @@ files:
|
|
292
291
|
- spec/support/fake_model_with_password_strategy.rb
|
293
292
|
- spec/support/fake_model_without_password_strategy.rb
|
294
293
|
- spec/support/generator_spec_helpers.rb
|
294
|
+
- spec/support/html_escape_helper.rb
|
295
295
|
- spec/support/request_with_remember_token.rb
|
296
296
|
- spec/views/view_helpers_spec.rb
|
297
297
|
homepage: https://github.com/thoughtbot/clearance
|
data/gemfiles/rails_5.0.gemfile
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
# This file was generated by Appraisal
|
2
|
-
|
3
|
-
source "https://rubygems.org"
|
4
|
-
|
5
|
-
gem "addressable"
|
6
|
-
gem "ammeter"
|
7
|
-
gem "appraisal"
|
8
|
-
gem "capybara", ">= 2.6.2", "< 3.33.0"
|
9
|
-
gem "database_cleaner"
|
10
|
-
gem "erb_lint", require: false
|
11
|
-
gem "factory_bot_rails"
|
12
|
-
gem "nokogiri"
|
13
|
-
gem "pry", require: false
|
14
|
-
gem "rails-controller-testing"
|
15
|
-
gem "rspec-rails", "~> 3.1"
|
16
|
-
gem "shoulda-matchers"
|
17
|
-
gem "sqlite3", "~> 1.3.13"
|
18
|
-
gem "timecop"
|
19
|
-
gem "railties", "~> 5.0"
|
20
|
-
|
21
|
-
gemspec path: "../"
|
data/gemfiles/rails_5.2.gemfile
DELETED
@@ -1,21 +0,0 @@
|
|
1
|
-
# This file was generated by Appraisal
|
2
|
-
|
3
|
-
source "https://rubygems.org"
|
4
|
-
|
5
|
-
gem "addressable"
|
6
|
-
gem "ammeter"
|
7
|
-
gem "appraisal"
|
8
|
-
gem "capybara"
|
9
|
-
gem "database_cleaner"
|
10
|
-
gem "erb_lint", require: false
|
11
|
-
gem "factory_bot_rails"
|
12
|
-
gem "nokogiri"
|
13
|
-
gem "pry", require: false
|
14
|
-
gem "rails-controller-testing"
|
15
|
-
gem "rspec-rails"
|
16
|
-
gem "shoulda-matchers"
|
17
|
-
gem "sqlite3"
|
18
|
-
gem "timecop"
|
19
|
-
gem "railties", "~> 5.2"
|
20
|
-
|
21
|
-
gemspec path: "../"
|
data/gemfiles/rails_6.0.gemfile
DELETED
@@ -1,23 +0,0 @@
|
|
1
|
-
# This file was generated by Appraisal
|
2
|
-
|
3
|
-
source "https://rubygems.org"
|
4
|
-
|
5
|
-
gem "addressable"
|
6
|
-
gem "ammeter"
|
7
|
-
gem "appraisal"
|
8
|
-
gem "capybara"
|
9
|
-
gem "database_cleaner"
|
10
|
-
gem "erb_lint", require: false
|
11
|
-
gem "factory_bot_rails"
|
12
|
-
gem "nokogiri"
|
13
|
-
gem "pry", require: false
|
14
|
-
gem "rails-controller-testing"
|
15
|
-
gem "rspec-rails"
|
16
|
-
gem "shoulda-matchers"
|
17
|
-
gem "sqlite3"
|
18
|
-
gem "timecop"
|
19
|
-
gem "railties", "~> 6.0"
|
20
|
-
gem "net-smtp", require: false
|
21
|
-
gem "psych", "< 4"
|
22
|
-
|
23
|
-
gemspec path: "../"
|