clearance 2.7.1 → 2.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -2
- data/Gemfile.lock +2 -2
- data/README.md +16 -2
- data/SECURITY.md +16 -0
- data/lib/clearance/configuration.rb +1 -1
- data/lib/clearance/engine.rb +0 -1
- data/lib/clearance/user.rb +1 -1
- data/lib/clearance/version.rb +1 -1
- data/lib/clearance.rb +1 -1
- data/spec/models/user_spec.rb +4 -3
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e9ebc10e226aa134b16da93b71b4c3a711c3f83f151446fea8efddcaa6bd732f
|
4
|
+
data.tar.gz: '09513f61deaff3967af0226d46e1ab26239919ed6d6ce4dcfa9883e7d2cc68f2'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 27db1cc19f4846fd087600086ea7d00fb99e2730ae63a09047400e1a9239b5cbc31461c48a49a053a06ec88c89e571694d96d377bf7afea05e1bb0910a69b51c
|
7
|
+
data.tar.gz: 5dded1584c8fa0485d60e3eeb7175f45d93b03a1c5afb9644fe3064d09af1c9e5da70eabe11e35e6bd8d31bb8ea9c997ab35537b4b72d3320da4e994250b0119
|
data/CHANGELOG.md
CHANGED
@@ -5,9 +5,19 @@ complete changelog, see the git history for each version via the version links.
|
|
5
5
|
|
6
6
|
## [Unreleased]
|
7
7
|
|
8
|
-
[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.
|
8
|
+
[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.2...main
|
9
9
|
|
10
|
-
## [2.7.
|
10
|
+
## [2.7.2] - June 28, 2024
|
11
|
+
- Fix method redefinition and circular require issues (#1027)
|
12
|
+
- Add specs for email validator strict mode (#1001)
|
13
|
+
- Create SECURITY.md (#972)
|
14
|
+
- Fix validating email in strict mode (#976)
|
15
|
+
- Update the example config in README.md (#977)
|
16
|
+
- Remove Hound README badge (#1020)
|
17
|
+
|
18
|
+
[2.7.2]: https://github.com/thoughtbot/clearance/compare/v2.7.1...v2.7.2
|
19
|
+
|
20
|
+
## [2.7.1] - May 8, 2024
|
11
21
|
- Update sqlite3 and erb_lint gems (#1017) Jos O'shea
|
12
22
|
|
13
23
|
[2.7.1]: https://github.com/thoughtbot/clearance/compare/v2.7.0...v2.7.1
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (2.7.
|
4
|
+
clearance (2.7.2)
|
5
5
|
actionmailer (>= 5.0)
|
6
6
|
activemodel (>= 5.0)
|
7
7
|
activerecord (>= 5.0)
|
@@ -130,7 +130,7 @@ GEM
|
|
130
130
|
mini_mime (1.1.2)
|
131
131
|
mini_portile2 (2.8.6)
|
132
132
|
minitest (5.22.3)
|
133
|
-
net-imap (0.4.
|
133
|
+
net-imap (0.4.11)
|
134
134
|
date
|
135
135
|
net-protocol
|
136
136
|
net-pop (0.1.2)
|
data/README.md
CHANGED
@@ -3,7 +3,6 @@
|
|
3
3
|
[]( https://github.com/thoughtbot/clearance/actions/workflows/tests.yml?query=branch%3Amain)
|
4
4
|
[](https://codeclimate.com/github/thoughtbot/clearance)
|
5
5
|
[](https://inch-ci.org/github/thoughtbot/clearance)
|
6
|
-
[](https://houndci.com)
|
7
6
|
|
8
7
|
Rails authentication with email & password.
|
9
8
|
|
@@ -63,7 +62,7 @@ Clearance.configure do |config|
|
|
63
62
|
config.url_after_denied_access_when_signed_out = nil
|
64
63
|
config.rotate_csrf_on_sign_in = true
|
65
64
|
config.same_site = nil
|
66
|
-
config.secure_cookie =
|
65
|
+
config.secure_cookie = Rails.configuration.force_ssl
|
67
66
|
config.signed_cookie = false
|
68
67
|
config.sign_in_guards = []
|
69
68
|
config.user_model = "User"
|
@@ -497,4 +496,19 @@ redistributed under the terms specified in the [`LICENSE`] file.
|
|
497
496
|
[`LICENSE`]: /LICENSE
|
498
497
|
|
499
498
|
<!-- START /templates/footer.md -->
|
499
|
+
## About thoughtbot
|
500
|
+
|
501
|
+

|
502
|
+
|
503
|
+
This repo is maintained and funded by thoughtbot, inc.
|
504
|
+
The names and logos for thoughtbot are trademarks of thoughtbot, inc.
|
505
|
+
|
506
|
+
We love open source software!
|
507
|
+
See [our other projects][community].
|
508
|
+
We are [available for hire][hire].
|
509
|
+
|
510
|
+
[community]: https://thoughtbot.com/community?utm_source=github
|
511
|
+
[hire]: https://thoughtbot.com/hire-us?utm_source=github
|
512
|
+
|
513
|
+
|
500
514
|
<!-- END /templates/footer.md -->
|
data/SECURITY.md
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
We will provide security updates for the latest 3 versions.
|
6
|
+
|
7
|
+
| Version | Security updates |
|
8
|
+
| - | - |
|
9
|
+
| 2.7.x | ✅ |
|
10
|
+
| 2.6.x | ✅ |
|
11
|
+
| 2.5.x | ✅ |
|
12
|
+
| < 2.5.0 | :x: |
|
13
|
+
|
14
|
+
## Reporting a Vulnerability
|
15
|
+
|
16
|
+
You can contact <security@thoughtbot.com>. See <https://thoughtbot.com/security> for more information about our security policy.
|
@@ -135,7 +135,7 @@ module Clearance
|
|
135
135
|
# The parameter for user routes. By default this is derived from the user
|
136
136
|
# model.
|
137
137
|
# @return [Symbol]
|
138
|
-
|
138
|
+
attr_writer :user_parameter
|
139
139
|
|
140
140
|
# Controls wether users are automatically signed in after successfully
|
141
141
|
# resetting their password.
|
data/lib/clearance/engine.rb
CHANGED
data/lib/clearance/user.rb
CHANGED
data/lib/clearance/version.rb
CHANGED
data/lib/clearance.rb
CHANGED
@@ -5,9 +5,9 @@ require 'clearance/rack_session'
|
|
5
5
|
require 'clearance/back_door'
|
6
6
|
require 'clearance/controller'
|
7
7
|
require 'clearance/user'
|
8
|
-
require 'clearance/engine'
|
9
8
|
require 'clearance/password_strategies'
|
10
9
|
require 'clearance/constraints'
|
10
|
+
require 'clearance/engine'
|
11
11
|
|
12
12
|
module Clearance
|
13
13
|
end
|
data/spec/models/user_spec.rb
CHANGED
@@ -5,15 +5,16 @@ describe User do
|
|
5
5
|
it { is_expected.to have_db_index(:remember_token) }
|
6
6
|
it { is_expected.to validate_presence_of(:email) }
|
7
7
|
it { is_expected.to validate_presence_of(:password) }
|
8
|
-
it { is_expected.to allow_value("foo;@example.com").for(:email) }
|
9
|
-
it { is_expected.to allow_value("foo@.example.com").for(:email) }
|
10
|
-
it { is_expected.to allow_value("foo@example..com").for(:email) }
|
11
8
|
it { is_expected.to allow_value("foo@example.co.uk").for(:email) }
|
12
9
|
it { is_expected.to allow_value("foo@example.com").for(:email) }
|
13
10
|
it { is_expected.to allow_value("foo+bar@example.com").for(:email) }
|
14
11
|
it { is_expected.not_to allow_value("example.com").for(:email) }
|
15
12
|
it { is_expected.not_to allow_value("foo").for(:email) }
|
16
13
|
it { is_expected.not_to allow_value("foo@").for(:email) }
|
14
|
+
it { is_expected.not_to allow_value("foo@bar").for(:email) }
|
15
|
+
it { is_expected.not_to allow_value("foo;@example.com").for(:email) }
|
16
|
+
it { is_expected.not_to allow_value("foo@.example.com").for(:email) }
|
17
|
+
it { is_expected.not_to allow_value("foo@example..com").for(:email) }
|
17
18
|
|
18
19
|
describe "#email" do
|
19
20
|
it "stores email in down case and removes whitespace" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clearance
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.7.
|
4
|
+
version: 2.7.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dan Croak
|
@@ -26,7 +26,7 @@ authors:
|
|
26
26
|
autorequire:
|
27
27
|
bindir: bin
|
28
28
|
cert_chain: []
|
29
|
-
date: 2024-
|
29
|
+
date: 2024-06-28 00:00:00.000000000 Z
|
30
30
|
dependencies:
|
31
31
|
- !ruby/object:Gem::Dependency
|
32
32
|
name: bcrypt
|
@@ -160,6 +160,7 @@ files:
|
|
160
160
|
- README.md
|
161
161
|
- RELEASING.md
|
162
162
|
- Rakefile
|
163
|
+
- SECURITY.md
|
163
164
|
- app/controllers/clearance/base_controller.rb
|
164
165
|
- app/controllers/clearance/passwords_controller.rb
|
165
166
|
- app/controllers/clearance/sessions_controller.rb
|