clearance 2.7.1 → 2.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f0877a789add508c0031bbccf949369fa360271e2f42d9bfb32f16259b9135a3
-  data.tar.gz: 9ca1d73291bd91c1811edbfc69f3acef51d35edad753743badfb38341687d20b
+  metadata.gz: e9ebc10e226aa134b16da93b71b4c3a711c3f83f151446fea8efddcaa6bd732f
+  data.tar.gz: '09513f61deaff3967af0226d46e1ab26239919ed6d6ce4dcfa9883e7d2cc68f2'
 SHA512:
-  metadata.gz: 67e231abb3b4ee087b0da4c258fab6ba07190945a365b7c3ac37577a9e84a2982fedfccb6578d6d661e8301fb293d061ddcad67af17da1faf8254e31bc336f3e
-  data.tar.gz: 4bede194d2b6adc4cab0caaf4297435440df9967075a167aca064a3dd9dfa4ebc648f5fdc0588a2c1364f3c43c29aeefcff882e031d02c65e9cf5f0e517eb934
+  metadata.gz: 27db1cc19f4846fd087600086ea7d00fb99e2730ae63a09047400e1a9239b5cbc31461c48a49a053a06ec88c89e571694d96d377bf7afea05e1bb0910a69b51c
+  data.tar.gz: 5dded1584c8fa0485d60e3eeb7175f45d93b03a1c5afb9644fe3064d09af1c9e5da70eabe11e35e6bd8d31bb8ea9c997ab35537b4b72d3320da4e994250b0119

data/CHANGELOG.md

@@ -5,9 +5,19 @@ complete changelog, see the git history for each version via the version links.
 
 ## [Unreleased]
 
-[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.1...main
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.2...main
 
-## [2.7.1] May 8, 2024
+## [2.7.2] - June 28, 2024
+- Fix method redefinition and circular require issues (#1027)
+- Add specs for email validator strict mode (#1001)
+- Create SECURITY.md (#972)
+- Fix validating email in strict mode (#976)
+- Update the example config in README.md (#977)
+- Remove Hound README badge (#1020)
+
+[2.7.2]: https://github.com/thoughtbot/clearance/compare/v2.7.1...v2.7.2
+
+## [2.7.1] - May 8, 2024
 - Update sqlite3 and erb_lint gems (#1017) Jos O'shea
 
 [2.7.1]: https://github.com/thoughtbot/clearance/compare/v2.7.0...v2.7.1

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.7.0)
+    clearance (2.7.2)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -130,7 +130,7 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.8.6)
     minitest (5.22.3)
-    net-imap (0.4.10)
+    net-imap (0.4.11)
       date
       net-protocol
     net-pop (0.1.2)

data/README.md

@@ -3,7 +3,6 @@
 [![Build Status](https://github.com/thoughtbot/clearance/actions/workflows/tests.yml/badge.svg)]( https://github.com/thoughtbot/clearance/actions/workflows/tests.yml?query=branch%3Amain)
 [![Code Climate](https://codeclimate.com/github/thoughtbot/clearance.svg)](https://codeclimate.com/github/thoughtbot/clearance)
 [![Documentation Quality](https://inch-ci.org/github/thoughtbot/clearance.svg?branch=main)](https://inch-ci.org/github/thoughtbot/clearance)
-[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
 
 Rails authentication with email & password.
 
@@ -63,7 +62,7 @@ Clearance.configure do |config|
   config.url_after_denied_access_when_signed_out = nil
   config.rotate_csrf_on_sign_in = true
   config.same_site = nil
-  config.secure_cookie = false
+  config.secure_cookie = Rails.configuration.force_ssl
   config.signed_cookie = false
   config.sign_in_guards = []
   config.user_model = "User"
@@ -497,4 +496,19 @@ redistributed under the terms specified in the [`LICENSE`] file.
 [`LICENSE`]: /LICENSE
 
 <!-- START /templates/footer.md -->
+## About thoughtbot
+
+![thoughtbot](https://thoughtbot.com/thoughtbot-logo-for-readmes.svg)
+
+This repo is maintained and funded by thoughtbot, inc.
+The names and logos for thoughtbot are trademarks of thoughtbot, inc.
+
+We love open source software!
+See [our other projects][community].
+We are [available for hire][hire].
+
+[community]: https://thoughtbot.com/community?utm_source=github
+[hire]: https://thoughtbot.com/hire-us?utm_source=github
+
+
 <!-- END /templates/footer.md -->

data/SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+We will provide security updates for the latest 3 versions.
+
+| Version | Security updates |
+| - | - |
+| 2.7.x   | ✅ |
+| 2.6.x   | ✅ |
+| 2.5.x   | ✅ |
+| < 2.5.0 | :x: |
+
+## Reporting a Vulnerability
+
+You can contact <security@thoughtbot.com>. See <https://thoughtbot.com/security> for more information about our security policy.

data/lib/clearance/configuration.rb

@@ -135,7 +135,7 @@ module Clearance
     # The parameter for user routes. By default this is derived from the user
     # model.
     # @return [Symbol]
-    attr_accessor :user_parameter
+    attr_writer :user_parameter
 
     # Controls wether users are automatically signed in after successfully
     # resetting their password.

data/lib/clearance/engine.rb

@@ -1,4 +1,3 @@
-require "clearance"
 require "rails/engine"
 
 module Clearance

data/lib/clearance/user.rb

@@ -150,7 +150,7 @@ module Clearance
 
       included do
         validates :email,
-          email: { strict_mode: true },
+          email: { mode: :strict },
           presence: true,
           uniqueness: { allow_blank: true, case_sensitive: true },
           unless: :email_optional?

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.7.1".freeze
+  VERSION = "2.7.2".freeze
 end

data/lib/clearance.rb

@@ -5,9 +5,9 @@ require 'clearance/rack_session'
 require 'clearance/back_door'
 require 'clearance/controller'
 require 'clearance/user'
-require 'clearance/engine'
 require 'clearance/password_strategies'
 require 'clearance/constraints'
+require 'clearance/engine'
 
 module Clearance
 end

data/spec/models/user_spec.rb

@@ -5,15 +5,16 @@ describe User do
   it { is_expected.to have_db_index(:remember_token) }
   it { is_expected.to validate_presence_of(:email) }
   it { is_expected.to validate_presence_of(:password) }
-  it { is_expected.to allow_value("foo;@example.com").for(:email) }
-  it { is_expected.to allow_value("foo@.example.com").for(:email) }
-  it { is_expected.to allow_value("foo@example..com").for(:email) }
   it { is_expected.to allow_value("foo@example.co.uk").for(:email) }
   it { is_expected.to allow_value("foo@example.com").for(:email) }
   it { is_expected.to allow_value("foo+bar@example.com").for(:email) }
   it { is_expected.not_to allow_value("example.com").for(:email) }
   it { is_expected.not_to allow_value("foo").for(:email) }
   it { is_expected.not_to allow_value("foo@").for(:email) }
+  it { is_expected.not_to allow_value("foo@bar").for(:email) }
+  it { is_expected.not_to allow_value("foo;@example.com").for(:email) }
+  it { is_expected.not_to allow_value("foo@.example.com").for(:email) }
+  it { is_expected.not_to allow_value("foo@example..com").for(:email) }
 
   describe "#email" do
     it "stores email in down case and removes whitespace" do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.7.1
+  version: 2.7.2
 platform: ruby
 authors:
 - Dan Croak
@@ -26,7 +26,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-08 00:00:00.000000000 Z
+date: 2024-06-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -160,6 +160,7 @@ files:
 - README.md
 - RELEASING.md
 - Rakefile
+- SECURITY.md
 - app/controllers/clearance/base_controller.rb
 - app/controllers/clearance/passwords_controller.rb
 - app/controllers/clearance/sessions_controller.rb