RubyGems - clearance - Versions diffs - 2.7.2 → 2.8.0 - Mend

clearance 2.7.2 → 2.8.0

Files changed (17) hide show

checksums.yaml +4 -4
data/.github/dependabot.yml +15 -0
data/.github/workflows/dynamic-security.yml +19 -0
data/CHANGELOG.md +9 -1
data/Gemfile.lock +3 -3
data/README.md +1 -0
data/SECURITY.md +12 -8
data/app/views/sessions/_form.html.erb +3 -1
data/clearance.gemspec +2 -1
data/config/routes.rb +5 -3
data/lib/clearance/configuration.rb +14 -0
data/lib/clearance/version.rb +1 -1
data/spec/configuration_spec.rb +15 -0
data/spec/dummy/application.rb +3 -0
data/spec/generators/clearance/install/install_generator_spec.rb +9 -5
data/spec/routing/clearance_routes_spec.rb +32 -0
metadata +6 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e9ebc10e226aa134b16da93b71b4c3a711c3f83f151446fea8efddcaa6bd732f
-  data.tar.gz: '09513f61deaff3967af0226d46e1ab26239919ed6d6ce4dcfa9883e7d2cc68f2'
+  metadata.gz: e5f7f15515653096a81f567271c72a5bc138dac396acb3d7727fb7eb95b89540
+  data.tar.gz: 61b53d47ef673fe4f171aa32c6239c80fca531c4edaa239446bb0f3d8478df18
 SHA512:
-  metadata.gz: 27db1cc19f4846fd087600086ea7d00fb99e2730ae63a09047400e1a9239b5cbc31461c48a49a053a06ec88c89e571694d96d377bf7afea05e1bb0910a69b51c
-  data.tar.gz: 5dded1584c8fa0485d60e3eeb7175f45d93b03a1c5afb9644fe3064d09af1c9e5da70eabe11e35e6bd8d31bb8ea9c997ab35537b4b72d3320da4e994250b0119
+  metadata.gz: a695e60bfb14845d6bb5a1481766f2104f68fc92149fc0de3191af403bc7719803013cb8cb4a93fa74c1d334d1190e7206ba017502d40f109d0e96fb381fb3e0
+  data.tar.gz: cc12e0563b4106d22e4d4c23a8d2f50621cc1f2a61f905ea82ea697369e1e916bc5e5d69b65900d8b146244fe9a8dbf50e54e752c9b0cbd9243c53c285011226

data/.github/dependabot.yml ADDED Viewed

@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 5
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+      time: "02:00"
+      timezone: "Etc/UTC"

data/.github/workflows/dynamic-security.yml ADDED Viewed

@@ -0,0 +1,19 @@
+name: update-security
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - SECURITY.md
+  workflow_dispatch:
+jobs:
+  update-security:
+    permissions:
+      contents: write
+      pull-requests: write
+      pages: write
+    uses: thoughtbot/templates/.github/workflows/dynamic-security.yaml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}

data/CHANGELOG.md CHANGED Viewed

@@ -5,7 +5,15 @@ complete changelog, see the git history for each version via the version links.
 ## [Unreleased]
-[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.2...main
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.8.0...main
+## [2.8.0] - August 9, 2024
+- Feature: Added allow_password_resets config option (#1019) Jos O'shea
+- Added dependabot (#1028) Karine Vieira
+- Fixed some deprecation warnings (#1018)
+- Added a dynamic workflow to update SECURITY.md
+[2.8.0]: https://github.com/thoughtbot/clearance/compare/v2.7.2...v2.8.0
 ## [2.7.2] - June 28, 2024
 - Fix method redefinition and circular require issues (#1027)

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.7.2)
+    clearance (2.8.0)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -107,7 +107,7 @@ GEM
     factory_bot_rails (6.2.0)
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
-    ffi (1.16.3)
+    ffi (1.17.0)
     ffi-compiler (1.3.2)
       ffi (>= 1.15.5)
       rake
@@ -130,7 +130,7 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.8.6)
     minitest (5.22.3)
-    net-imap (0.4.11)
+    net-imap (0.4.14)
       date
       net-protocol
     net-pop (0.1.2)

data/README.md CHANGED Viewed

@@ -49,6 +49,7 @@ Override any of these defaults in `config/initializers/clearance.rb`:
 ```ruby
 Clearance.configure do |config|
   config.allow_sign_up = true
+  config.allow_password_reset = true
   config.cookie_domain = ".example.com"
   config.cookie_expiration = lambda { |cookies| 1.year.from_now.utc }
   config.cookie_name = "remember_token"

data/SECURITY.md CHANGED Viewed

@@ -1,16 +1,20 @@
+<!-- START /templates/security.md -->
 # Security Policy
 ## Supported Versions
-We will provide security updates for the latest 3 versions.
+Only the the latest version of this project is supported at a given time. If
+you find a security issue with an older version, please try updating to the
+latest version first.
-| Version | Security updates |
-| - | - |
-| 2.7.x   | ✅ |
-| 2.6.x   | ✅ |
-| 2.5.x   | ✅ |
-| < 2.5.0 | :x: |
+If for some reason you can't update to the latest version, please let us know
+your reasons so that we can have a better understanding of your situation.
 ## Reporting a Vulnerability
-You can contact <security@thoughtbot.com>. See <https://thoughtbot.com/security> for more information about our security policy.
+For security inquiries or vulnerability reports, visit
+<https://thoughtbot.com/security>.
+If you have any suggestions to improve this policy, visit <https://thoughtbot.com/security>.
+<!-- END /templates/security.md -->

data/app/views/sessions/_form.html.erb CHANGED Viewed

@@ -17,6 +17,8 @@
     <% if Clearance.configuration.allow_sign_up? %>
       <%= link_to t(".sign_up"), sign_up_path %>
     <% end %>
-    <%= link_to t(".forgot_password"), new_password_path %>
+    <% if Clearance.configuration.allow_password_reset? %>
+      <%= link_to t(".forgot_password"), new_password_path %>
+    <% end %>
   </div>
 <% end %>

data/clearance.gemspec CHANGED Viewed

@@ -28,7 +28,8 @@ Gem::Specification.new do |s|
     'Jason Morrison',
     'Galen Frechette',
     'Josh Steiner',
-    'Dorian Marié'
+    'Dorian Marié',
+    'Sara Jackson'
   ]
   s.description = <<-DESCRIPTION
     Clearance is built to support authentication and authorization via an

data/config/routes.rb CHANGED Viewed

@@ -11,9 +11,11 @@ if Clearance.configuration.routes_enabled?
     resources :users,
       controller: 'clearance/users',
       only: Clearance.configuration.user_actions do
-        resource :password,
-          controller: 'clearance/passwords',
-          only: [:edit, :update]
+        if Clearance.configuration.allow_password_reset?
+          resource :password,
+            controller: 'clearance/passwords',
+            only: [:edit, :update]
+        end
       end
     get '/sign_in' => 'clearance/sessions#new', as: 'sign_in'

data/lib/clearance/configuration.rb CHANGED Viewed

@@ -7,6 +7,13 @@ module Clearance
     # @return [Boolean]
     attr_writer :allow_sign_up
+    # Controls whether the password reset routes are enabled
+    # Defaults to `true`. Set to False to disable password reset routes
+    # The setting is ignored if routes are disabled.
+    # @param [Boolean] value
+    # @return [Boolean]
+    attr_writer :allow_password_reset
     # The domain to use for the clearance remember token cookie.
     # Defaults to `nil`, which causes the cookie domain to default to the
     # domain of the request. For more, see
@@ -145,6 +152,7 @@ module Clearance
     def initialize
       @allow_sign_up = true
+      @allow_password_reset = true
       @allowed_backdoor_environments = ["test", "ci", "development"]
       @cookie_domain = nil
       @cookie_expiration = ->(cookies) { 1.year.from_now.utc }
@@ -195,6 +203,12 @@ module Clearance
       @allow_sign_up
     end
+    # Are the password reset routes enabled?
+    # @return [Boolean]
+    def allow_password_reset?
+      @allow_password_reset
+    end
     # Specifies which controller actions are allowed for user resources.
     # This will be `[:create]` is `allow_sign_up` is true (the default), and
     # empty otherwise.

data/lib/clearance/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.7.2".freeze
+  VERSION = "2.8.0".freeze
 end

data/spec/configuration_spec.rb CHANGED Viewed

@@ -179,6 +179,21 @@ describe Clearance::Configuration do
     end
   end
+  describe "#allow_password_reset?" do
+    context "when allow_password_reset is configured to false" do
+      it "returns false" do
+        Clearance.configure { |config| config.allow_password_reset = false }
+        expect(Clearance.configuration.allow_password_reset?).to eq false
+      end
+    end
+    context "when allow_sign_up has not been configured" do
+      it "returns true" do
+        expect(Clearance.configuration.allow_password_reset?).to eq true
+      end
+    end
+  end
   describe "#user_actions" do
     context "when allow_sign_up is configured to false" do
       it "returns empty array" do

data/spec/dummy/application.rb CHANGED Viewed

@@ -9,6 +9,9 @@ module Dummy
     config.action_controller.perform_caching = false
     config.action_mailer.default_url_options = { host: "dummy.example.com" }
     config.action_mailer.delivery_method = :test
+    if Rails.version.match?(/(6.1|7.0)/)
+      config.active_record.legacy_connection_handling = false
+    end
     config.active_support.deprecation = :stderr
     config.eager_load = false

data/spec/generators/clearance/install/install_generator_spec.rb CHANGED Viewed

@@ -2,6 +2,10 @@ require "spec_helper"
 require "generators/clearance/install/install_generator"
 describe Clearance::Generators::InstallGenerator, :generator do
+  def get_migration(path)
+    Pathname.new(migration_file(path))
+  end
   describe "initializer" do
     it "is copied to the application" do
       provide_existing_application_controller
@@ -66,7 +70,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
         table_does_not_exist(:users)
         run_generator
-        migration = migration_file("db/migrate/create_users.rb")
+        migration = get_migration("db/migrate/create_users.rb")
         expect(migration).to exist
         expect(migration).to have_correct_syntax
@@ -88,7 +92,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
           table_does_not_exist(:users)
           run_generator
-          migration = migration_file("db/migrate/create_users.rb")
+          migration = get_migration("db/migrate/create_users.rb")
           expect(migration).to exist
           expect(migration).to have_correct_syntax
@@ -102,8 +106,8 @@ describe Clearance::Generators::InstallGenerator, :generator do
         provide_existing_application_controller
         run_generator
-        create_migration = migration_file("db/migrate/create_users.rb")
-        add_migration = migration_file("db/migrate/add_clearance_to_users.rb")
+        create_migration = get_migration("db/migrate/create_users.rb")
+        add_migration = get_migration("db/migrate/add_clearance_to_users.rb")
         expect(create_migration).not_to exist
         expect(add_migration).not_to exist
@@ -126,7 +130,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
           and_return(existing_indexes)
         run_generator
-        migration = migration_file("db/migrate/add_clearance_to_users.rb")
+        migration = get_migration("db/migrate/add_clearance_to_users.rb")
         expect(migration).to exist
         expect(migration).to have_correct_syntax

data/spec/routing/clearance_routes_spec.rb CHANGED Viewed

@@ -62,4 +62,36 @@ describe 'routes for Clearance' do
       expect(post: 'users').to be_routable
     end
   end
+  context 'password reset disabled' do
+    around do |example|
+      Clearance.configure { |config| config.allow_password_reset = false }
+      Rails.application.reload_routes!
+      example.run
+      Clearance.configuration = Clearance::Configuration.new
+      Rails.application.reload_routes!
+    end
+    it 'does not route password edit' do
+      user = create(:user)
+      expect(get: "users/#{user.id}/password/edit").not_to be_routable
+    end
+    it 'does not route to clearance/passwords#update' do
+      user = create(:user)
+      expect(patch: "/users/#{user.id}/password").not_to be_routable
+    end
+  end
+  context 'reset enabled' do
+    it 'does route password edit' do
+      user = create(:user)
+      expect(get: "users/#{user.id}/password/edit").to be_routable
+    end
+    it 'does route to clearance/passwords#update' do
+      user = create(:user)
+      expect(patch: "/users/#{user.id}/password").to be_routable
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.7.2
+  version: 2.8.0
 platform: ruby
 authors:
 - Dan Croak
@@ -23,10 +23,11 @@ authors:
 - Galen Frechette
 - Josh Steiner
 - Dorian Marié
+- Sara Jackson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-28 00:00:00.000000000 Z
+date: 2024-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -146,7 +147,9 @@ extra_rdoc_files:
 - README.md
 files:
 - ".erb-lint.yml"
+- ".github/dependabot.yml"
 - ".github/workflows/dynamic-readme.yml"
+- ".github/workflows/dynamic-security.yml"
 - ".github/workflows/tests.yml"
 - ".gitignore"
 - ".yardopts"
@@ -315,7 +318,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.5.15
 signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.