clearance 2.7.0 → 2.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f43e65fb98c36167f024899806818f771cabf396d1c1e147f4a21d1bdccb37dd
-  data.tar.gz: 42a88e8b50b98b5414b923fda5775e1998223791ffe2fcee00ca03163c7f9a50
+  metadata.gz: e9ebc10e226aa134b16da93b71b4c3a711c3f83f151446fea8efddcaa6bd732f
+  data.tar.gz: '09513f61deaff3967af0226d46e1ab26239919ed6d6ce4dcfa9883e7d2cc68f2'
 SHA512:
-  metadata.gz: 680e0a4d6cebe218f7d8fffeadebcdcd9a160cb9a562a5cef3f876ad118556d4caa4338b40e3dd0135e3ee89e47a8034593d6131ee8eeb4ec7f47062b1aafe3a
-  data.tar.gz: cbc137fa5f3f722f28f99c1537909ed27b3b54e5df3aee37b4c7954e2b3e6c452a900f034239072196796171703eb27c3e859edc69b08bb35762bd260f0253a4
+  metadata.gz: 27db1cc19f4846fd087600086ea7d00fb99e2730ae63a09047400e1a9239b5cbc31461c48a49a053a06ec88c89e571694d96d377bf7afea05e1bb0910a69b51c
+  data.tar.gz: 5dded1584c8fa0485d60e3eeb7175f45d93b03a1c5afb9644fe3064d09af1c9e5da70eabe11e35e6bd8d31bb8ea9c997ab35537b4b72d3320da4e994250b0119

data/CHANGELOG.md

@@ -5,7 +5,22 @@ complete changelog, see the git history for each version via the version links.
 
 ## [Unreleased]
 
-[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.0...main
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.2...main
+
+## [2.7.2] - June 28, 2024
+- Fix method redefinition and circular require issues (#1027)
+- Add specs for email validator strict mode (#1001)
+- Create SECURITY.md (#972)
+- Fix validating email in strict mode (#976)
+- Update the example config in README.md (#977)
+- Remove Hound README badge (#1020)
+
+[2.7.2]: https://github.com/thoughtbot/clearance/compare/v2.7.1...v2.7.2
+
+## [2.7.1] - May 8, 2024
+- Update sqlite3 and erb_lint gems (#1017) Jos O'shea
+
+[2.7.1]: https://github.com/thoughtbot/clearance/compare/v2.7.0...v2.7.1
 
 ## [2.7.0] - April 19, 2024
 - Call dynamic README workflow (#1004)

data/Gemfile

@@ -14,5 +14,5 @@ gem 'pry', require: false
 gem 'rails-controller-testing'
 gem 'rspec-rails'
 gem 'shoulda-matchers'
-gem 'sqlite3'
+gem 'sqlite3', '~> 1.7'
 gem 'timecop'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.7.0)
+    clearance (2.7.2)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -64,12 +64,11 @@ GEM
       ffi-compiler (~> 1.0)
     ast (2.4.2)
     bcrypt (3.1.20)
-    better_html (1.0.16)
-      actionview (>= 4.0)
-      activesupport (>= 4.0)
+    better_html (2.1.1)
+      actionview (>= 6.0)
+      activesupport (>= 6.0)
       ast (~> 2.0)
       erubi (~> 1.4)
-      html_tokenizer (~> 0.0.6)
       parser (>= 2.4)
       smart_properties
     builder (3.2.4)
@@ -83,7 +82,7 @@ GEM
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     coderay (1.1.3)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.3)
     crass (1.0.6)
     database_cleaner (2.0.1)
       database_cleaner-active_record (~> 2.0.0)
@@ -95,15 +94,14 @@ GEM
     diff-lcs (1.5.0)
     email_validator (2.2.4)
       activemodel
-    erb_lint (0.1.1)
+    erb_lint (0.5.0)
       activesupport
-      better_html (~> 1.0.7)
-      html_tokenizer
+      better_html (>= 2.0.1)
       parser (>= 2.7.1.4)
       rainbow
       rubocop
       smart_properties
-    erubi (1.10.0)
+    erubi (1.12.0)
     factory_bot (6.2.1)
       activesupport (>= 5.0.0)
     factory_bot_rails (6.2.0)
@@ -115,12 +113,13 @@ GEM
       rake
     globalid (1.2.1)
       activesupport (>= 6.1)
-    html_tokenizer (0.0.7)
-    i18n (1.10.0)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
-    loofah (2.18.0)
+    json (2.7.2)
+    language_server-protocol (3.17.0.3)
+    loofah (2.22.0)
       crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
+      nokogiri (>= 1.12.0)
     mail (2.8.1)
       mini_mime (>= 0.1.1)
       net-imap
@@ -129,9 +128,9 @@ GEM
     matrix (0.4.2)
     method_source (1.0.0)
     mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
-    minitest (5.15.0)
-    net-imap (0.4.10)
+    mini_portile2 (2.8.6)
+    minitest (5.22.3)
+    net-imap (0.4.11)
       date
       net-protocol
     net-pop (0.1.2)
@@ -140,17 +139,18 @@ GEM
       timeout
     net-smtp (0.5.0)
       net-protocol
-    nokogiri (1.13.6)
-      mini_portile2 (~> 2.8.0)
+    nokogiri (1.16.4)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    parallel (1.22.1)
-    parser (3.1.2.0)
+    parallel (1.24.0)
+    parser (3.3.1.0)
       ast (~> 2.4.1)
+      racc
     pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
     public_suffix (4.0.7)
-    racc (1.6.0)
+    racc (1.7.3)
     rack (2.2.3.1)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
@@ -158,11 +158,13 @@ GEM
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
       activesupport (>= 5.0.1.rc1)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.3)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
     railties (7.0.3)
       actionpack (= 7.0.3)
       activesupport (= 7.0.3)
@@ -172,8 +174,8 @@ GEM
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.1.0)
-    regexp_parser (2.5.0)
-    rexml (3.2.5)
+    regexp_parser (2.9.0)
+    rexml (3.2.6)
     rspec-core (3.11.0)
       rspec-support (~> 3.11.0)
     rspec-expectations (3.11.0)
@@ -191,28 +193,31 @@ GEM
       rspec-mocks (~> 3.10)
       rspec-support (~> 3.10)
     rspec-support (3.11.0)
-    rubocop (1.30.1)
+    rubocop (1.63.4)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.1.0.0)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.18.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.18.0)
-      parser (>= 3.1.1.0)
-    ruby-progressbar (1.11.0)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.31.3)
+      parser (>= 3.3.1.0)
+    ruby-progressbar (1.13.0)
     shoulda-matchers (5.1.0)
       activesupport (>= 5.2.0)
     smart_properties (1.17.0)
-    sqlite3 (1.4.2)
+    sqlite3 (1.7.3)
+      mini_portile2 (~> 2.8.0)
     thor (1.2.1)
     timecop (0.9.5)
     timeout (0.4.1)
-    tzinfo (2.0.4)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.1.0)
+    unicode-display_width (2.5.0)
     xpath (3.2.0)
       nokogiri (~> 1.8)
     zeitwerk (2.5.4)
@@ -234,7 +239,7 @@ DEPENDENCIES
   rails-controller-testing
   rspec-rails
   shoulda-matchers
-  sqlite3
+  sqlite3 (~> 1.7)
   timecop
 
 BUNDLED WITH

data/README.md

@@ -3,7 +3,6 @@
 [![Build Status](https://github.com/thoughtbot/clearance/actions/workflows/tests.yml/badge.svg)]( https://github.com/thoughtbot/clearance/actions/workflows/tests.yml?query=branch%3Amain)
 [![Code Climate](https://codeclimate.com/github/thoughtbot/clearance.svg)](https://codeclimate.com/github/thoughtbot/clearance)
 [![Documentation Quality](https://inch-ci.org/github/thoughtbot/clearance.svg?branch=main)](https://inch-ci.org/github/thoughtbot/clearance)
-[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
 
 Rails authentication with email & password.
 
@@ -63,7 +62,7 @@ Clearance.configure do |config|
   config.url_after_denied_access_when_signed_out = nil
   config.rotate_csrf_on_sign_in = true
   config.same_site = nil
-  config.secure_cookie = false
+  config.secure_cookie = Rails.configuration.force_ssl
   config.signed_cookie = false
   config.sign_in_guards = []
   config.user_model = "User"
@@ -497,4 +496,19 @@ redistributed under the terms specified in the [`LICENSE`] file.
 [`LICENSE`]: /LICENSE
 
 <!-- START /templates/footer.md -->
+## About thoughtbot
+
+![thoughtbot](https://thoughtbot.com/thoughtbot-logo-for-readmes.svg)
+
+This repo is maintained and funded by thoughtbot, inc.
+The names and logos for thoughtbot are trademarks of thoughtbot, inc.
+
+We love open source software!
+See [our other projects][community].
+We are [available for hire][hire].
+
+[community]: https://thoughtbot.com/community?utm_source=github
+[hire]: https://thoughtbot.com/hire-us?utm_source=github
+
+
 <!-- END /templates/footer.md -->

data/SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+We will provide security updates for the latest 3 versions.
+
+| Version | Security updates |
+| - | - |
+| 2.7.x   | ✅ |
+| 2.6.x   | ✅ |
+| 2.5.x   | ✅ |
+| < 2.5.0 | :x: |
+
+## Reporting a Vulnerability
+
+You can contact <security@thoughtbot.com>. See <https://thoughtbot.com/security> for more information about our security policy.

data/gemfiles/rails_6.1.gemfile

@@ -14,7 +14,7 @@ gem "pry", require: false
 gem "rails-controller-testing"
 gem "rspec-rails"
 gem "shoulda-matchers"
-gem "sqlite3"
+gem "sqlite3", "~> 1.7"
 gem "timecop"
 gem "railties", "~> 6.1.0"
 gem "net-smtp", require: false

data/gemfiles/rails_7.0.gemfile

@@ -14,7 +14,7 @@ gem "pry", require: false
 gem "rails-controller-testing"
 gem "rspec-rails"
 gem "shoulda-matchers"
-gem "sqlite3"
+gem "sqlite3", "~> 1.7"
 gem "timecop"
 gem "railties", "~> 7.0.0"
 

data/gemfiles/rails_7.1.gemfile

@@ -14,7 +14,7 @@ gem "pry", require: false
 gem "rails-controller-testing"
 gem "rspec-rails"
 gem "shoulda-matchers"
-gem "sqlite3"
+gem "sqlite3", "~> 1.7"
 gem "timecop"
 gem "railties", "~> 7.1.0"
 

data/lib/clearance/configuration.rb

@@ -135,7 +135,7 @@ module Clearance
     # The parameter for user routes. By default this is derived from the user
     # model.
     # @return [Symbol]
-    attr_accessor :user_parameter
+    attr_writer :user_parameter
 
     # Controls wether users are automatically signed in after successfully
     # resetting their password.

data/lib/clearance/engine.rb

@@ -1,4 +1,3 @@
-require "clearance"
 require "rails/engine"
 
 module Clearance

data/lib/clearance/user.rb

@@ -150,7 +150,7 @@ module Clearance
 
       included do
         validates :email,
-          email: { strict_mode: true },
+          email: { mode: :strict },
           presence: true,
           uniqueness: { allow_blank: true, case_sensitive: true },
           unless: :email_optional?

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.7.0".freeze
+  VERSION = "2.7.2".freeze
 end

data/lib/clearance.rb

@@ -5,9 +5,9 @@ require 'clearance/rack_session'
 require 'clearance/back_door'
 require 'clearance/controller'
 require 'clearance/user'
-require 'clearance/engine'
 require 'clearance/password_strategies'
 require 'clearance/constraints'
+require 'clearance/engine'
 
 module Clearance
 end

data/spec/models/user_spec.rb

@@ -5,15 +5,16 @@ describe User do
   it { is_expected.to have_db_index(:remember_token) }
   it { is_expected.to validate_presence_of(:email) }
   it { is_expected.to validate_presence_of(:password) }
-  it { is_expected.to allow_value("foo;@example.com").for(:email) }
-  it { is_expected.to allow_value("foo@.example.com").for(:email) }
-  it { is_expected.to allow_value("foo@example..com").for(:email) }
   it { is_expected.to allow_value("foo@example.co.uk").for(:email) }
   it { is_expected.to allow_value("foo@example.com").for(:email) }
   it { is_expected.to allow_value("foo+bar@example.com").for(:email) }
   it { is_expected.not_to allow_value("example.com").for(:email) }
   it { is_expected.not_to allow_value("foo").for(:email) }
   it { is_expected.not_to allow_value("foo@").for(:email) }
+  it { is_expected.not_to allow_value("foo@bar").for(:email) }
+  it { is_expected.not_to allow_value("foo;@example.com").for(:email) }
+  it { is_expected.not_to allow_value("foo@.example.com").for(:email) }
+  it { is_expected.not_to allow_value("foo@example..com").for(:email) }
 
   describe "#email" do
     it "stores email in down case and removes whitespace" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.7.0
+  version: 2.7.2
 platform: ruby
 authors:
 - Dan Croak
@@ -26,7 +26,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-19 00:00:00.000000000 Z
+date: 2024-06-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -160,6 +160,7 @@ files:
 - README.md
 - RELEASING.md
 - Rakefile
+- SECURITY.md
 - app/controllers/clearance/base_controller.rb
 - app/controllers/clearance/passwords_controller.rb
 - app/controllers/clearance/sessions_controller.rb