clearance 2.7.2 → 2.8.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e9ebc10e226aa134b16da93b71b4c3a711c3f83f151446fea8efddcaa6bd732f
4
- data.tar.gz: '09513f61deaff3967af0226d46e1ab26239919ed6d6ce4dcfa9883e7d2cc68f2'
3
+ metadata.gz: e5f7f15515653096a81f567271c72a5bc138dac396acb3d7727fb7eb95b89540
4
+ data.tar.gz: 61b53d47ef673fe4f171aa32c6239c80fca531c4edaa239446bb0f3d8478df18
5
5
  SHA512:
6
- metadata.gz: 27db1cc19f4846fd087600086ea7d00fb99e2730ae63a09047400e1a9239b5cbc31461c48a49a053a06ec88c89e571694d96d377bf7afea05e1bb0910a69b51c
7
- data.tar.gz: 5dded1584c8fa0485d60e3eeb7175f45d93b03a1c5afb9644fe3064d09af1c9e5da70eabe11e35e6bd8d31bb8ea9c997ab35537b4b72d3320da4e994250b0119
6
+ metadata.gz: a695e60bfb14845d6bb5a1481766f2104f68fc92149fc0de3191af403bc7719803013cb8cb4a93fa74c1d334d1190e7206ba017502d40f109d0e96fb381fb3e0
7
+ data.tar.gz: cc12e0563b4106d22e4d4c23a8d2f50621cc1f2a61f905ea82ea697369e1e916bc5e5d69b65900d8b146244fe9a8dbf50e54e752c9b0cbd9243c53c285011226
@@ -0,0 +1,15 @@
1
+ version: 2
2
+
3
+ updates:
4
+ - package-ecosystem: bundler
5
+ directory: "/"
6
+ schedule:
7
+ interval: daily
8
+ open-pull-requests-limit: 5
9
+
10
+ - package-ecosystem: github-actions
11
+ directory: "/"
12
+ schedule:
13
+ interval: weekly
14
+ time: "02:00"
15
+ timezone: "Etc/UTC"
@@ -0,0 +1,19 @@
1
+ name: update-security
2
+
3
+ on:
4
+ push:
5
+ branches:
6
+ - main
7
+ paths:
8
+ - SECURITY.md
9
+ workflow_dispatch:
10
+
11
+ jobs:
12
+ update-security:
13
+ permissions:
14
+ contents: write
15
+ pull-requests: write
16
+ pages: write
17
+ uses: thoughtbot/templates/.github/workflows/dynamic-security.yaml@main
18
+ secrets:
19
+ token: ${{ secrets.GITHUB_TOKEN }}
data/CHANGELOG.md CHANGED
@@ -5,7 +5,15 @@ complete changelog, see the git history for each version via the version links.
5
5
 
6
6
  ## [Unreleased]
7
7
 
8
- [Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.2...main
8
+ [Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.8.0...main
9
+
10
+ ## [2.8.0] - August 9, 2024
11
+ - Feature: Added allow_password_resets config option (#1019) Jos O'shea
12
+ - Added dependabot (#1028) Karine Vieira
13
+ - Fixed some deprecation warnings (#1018)
14
+ - Added a dynamic workflow to update SECURITY.md
15
+
16
+ [2.8.0]: https://github.com/thoughtbot/clearance/compare/v2.7.2...v2.8.0
9
17
 
10
18
  ## [2.7.2] - June 28, 2024
11
19
  - Fix method redefinition and circular require issues (#1027)
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- clearance (2.7.2)
4
+ clearance (2.8.0)
5
5
  actionmailer (>= 5.0)
6
6
  activemodel (>= 5.0)
7
7
  activerecord (>= 5.0)
@@ -107,7 +107,7 @@ GEM
107
107
  factory_bot_rails (6.2.0)
108
108
  factory_bot (~> 6.2.0)
109
109
  railties (>= 5.0.0)
110
- ffi (1.16.3)
110
+ ffi (1.17.0)
111
111
  ffi-compiler (1.3.2)
112
112
  ffi (>= 1.15.5)
113
113
  rake
@@ -130,7 +130,7 @@ GEM
130
130
  mini_mime (1.1.2)
131
131
  mini_portile2 (2.8.6)
132
132
  minitest (5.22.3)
133
- net-imap (0.4.11)
133
+ net-imap (0.4.14)
134
134
  date
135
135
  net-protocol
136
136
  net-pop (0.1.2)
data/README.md CHANGED
@@ -49,6 +49,7 @@ Override any of these defaults in `config/initializers/clearance.rb`:
49
49
  ```ruby
50
50
  Clearance.configure do |config|
51
51
  config.allow_sign_up = true
52
+ config.allow_password_reset = true
52
53
  config.cookie_domain = ".example.com"
53
54
  config.cookie_expiration = lambda { |cookies| 1.year.from_now.utc }
54
55
  config.cookie_name = "remember_token"
data/SECURITY.md CHANGED
@@ -1,16 +1,20 @@
1
+ <!-- START /templates/security.md -->
1
2
  # Security Policy
2
3
 
3
4
  ## Supported Versions
4
5
 
5
- We will provide security updates for the latest 3 versions.
6
+ Only the the latest version of this project is supported at a given time. If
7
+ you find a security issue with an older version, please try updating to the
8
+ latest version first.
6
9
 
7
- | Version | Security updates |
8
- | - | - |
9
- | 2.7.x | ✅ |
10
- | 2.6.x | ✅ |
11
- | 2.5.x | ✅ |
12
- | < 2.5.0 | :x: |
10
+ If for some reason you can't update to the latest version, please let us know
11
+ your reasons so that we can have a better understanding of your situation.
13
12
 
14
13
  ## Reporting a Vulnerability
15
14
 
16
- You can contact <security@thoughtbot.com>. See <https://thoughtbot.com/security> for more information about our security policy.
15
+ For security inquiries or vulnerability reports, visit
16
+ <https://thoughtbot.com/security>.
17
+
18
+ If you have any suggestions to improve this policy, visit <https://thoughtbot.com/security>.
19
+
20
+ <!-- END /templates/security.md -->
@@ -17,6 +17,8 @@
17
17
  <% if Clearance.configuration.allow_sign_up? %>
18
18
  <%= link_to t(".sign_up"), sign_up_path %>
19
19
  <% end %>
20
- <%= link_to t(".forgot_password"), new_password_path %>
20
+ <% if Clearance.configuration.allow_password_reset? %>
21
+ <%= link_to t(".forgot_password"), new_password_path %>
22
+ <% end %>
21
23
  </div>
22
24
  <% end %>
data/clearance.gemspec CHANGED
@@ -28,7 +28,8 @@ Gem::Specification.new do |s|
28
28
  'Jason Morrison',
29
29
  'Galen Frechette',
30
30
  'Josh Steiner',
31
- 'Dorian Marié'
31
+ 'Dorian Marié',
32
+ 'Sara Jackson'
32
33
  ]
33
34
  s.description = <<-DESCRIPTION
34
35
  Clearance is built to support authentication and authorization via an
data/config/routes.rb CHANGED
@@ -11,9 +11,11 @@ if Clearance.configuration.routes_enabled?
11
11
  resources :users,
12
12
  controller: 'clearance/users',
13
13
  only: Clearance.configuration.user_actions do
14
- resource :password,
15
- controller: 'clearance/passwords',
16
- only: [:edit, :update]
14
+ if Clearance.configuration.allow_password_reset?
15
+ resource :password,
16
+ controller: 'clearance/passwords',
17
+ only: [:edit, :update]
18
+ end
17
19
  end
18
20
 
19
21
  get '/sign_in' => 'clearance/sessions#new', as: 'sign_in'
@@ -7,6 +7,13 @@ module Clearance
7
7
  # @return [Boolean]
8
8
  attr_writer :allow_sign_up
9
9
 
10
+ # Controls whether the password reset routes are enabled
11
+ # Defaults to `true`. Set to False to disable password reset routes
12
+ # The setting is ignored if routes are disabled.
13
+ # @param [Boolean] value
14
+ # @return [Boolean]
15
+ attr_writer :allow_password_reset
16
+
10
17
  # The domain to use for the clearance remember token cookie.
11
18
  # Defaults to `nil`, which causes the cookie domain to default to the
12
19
  # domain of the request. For more, see
@@ -145,6 +152,7 @@ module Clearance
145
152
 
146
153
  def initialize
147
154
  @allow_sign_up = true
155
+ @allow_password_reset = true
148
156
  @allowed_backdoor_environments = ["test", "ci", "development"]
149
157
  @cookie_domain = nil
150
158
  @cookie_expiration = ->(cookies) { 1.year.from_now.utc }
@@ -195,6 +203,12 @@ module Clearance
195
203
  @allow_sign_up
196
204
  end
197
205
 
206
+ # Are the password reset routes enabled?
207
+ # @return [Boolean]
208
+ def allow_password_reset?
209
+ @allow_password_reset
210
+ end
211
+
198
212
  # Specifies which controller actions are allowed for user resources.
199
213
  # This will be `[:create]` is `allow_sign_up` is true (the default), and
200
214
  # empty otherwise.
@@ -1,3 +1,3 @@
1
1
  module Clearance
2
- VERSION = "2.7.2".freeze
2
+ VERSION = "2.8.0".freeze
3
3
  end
@@ -179,6 +179,21 @@ describe Clearance::Configuration do
179
179
  end
180
180
  end
181
181
 
182
+ describe "#allow_password_reset?" do
183
+ context "when allow_password_reset is configured to false" do
184
+ it "returns false" do
185
+ Clearance.configure { |config| config.allow_password_reset = false }
186
+ expect(Clearance.configuration.allow_password_reset?).to eq false
187
+ end
188
+ end
189
+
190
+ context "when allow_sign_up has not been configured" do
191
+ it "returns true" do
192
+ expect(Clearance.configuration.allow_password_reset?).to eq true
193
+ end
194
+ end
195
+ end
196
+
182
197
  describe "#user_actions" do
183
198
  context "when allow_sign_up is configured to false" do
184
199
  it "returns empty array" do
@@ -9,6 +9,9 @@ module Dummy
9
9
  config.action_controller.perform_caching = false
10
10
  config.action_mailer.default_url_options = { host: "dummy.example.com" }
11
11
  config.action_mailer.delivery_method = :test
12
+ if Rails.version.match?(/(6.1|7.0)/)
13
+ config.active_record.legacy_connection_handling = false
14
+ end
12
15
  config.active_support.deprecation = :stderr
13
16
  config.eager_load = false
14
17
 
@@ -2,6 +2,10 @@ require "spec_helper"
2
2
  require "generators/clearance/install/install_generator"
3
3
 
4
4
  describe Clearance::Generators::InstallGenerator, :generator do
5
+ def get_migration(path)
6
+ Pathname.new(migration_file(path))
7
+ end
8
+
5
9
  describe "initializer" do
6
10
  it "is copied to the application" do
7
11
  provide_existing_application_controller
@@ -66,7 +70,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
66
70
  table_does_not_exist(:users)
67
71
 
68
72
  run_generator
69
- migration = migration_file("db/migrate/create_users.rb")
73
+ migration = get_migration("db/migrate/create_users.rb")
70
74
 
71
75
  expect(migration).to exist
72
76
  expect(migration).to have_correct_syntax
@@ -88,7 +92,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
88
92
  table_does_not_exist(:users)
89
93
 
90
94
  run_generator
91
- migration = migration_file("db/migrate/create_users.rb")
95
+ migration = get_migration("db/migrate/create_users.rb")
92
96
 
93
97
  expect(migration).to exist
94
98
  expect(migration).to have_correct_syntax
@@ -102,8 +106,8 @@ describe Clearance::Generators::InstallGenerator, :generator do
102
106
  provide_existing_application_controller
103
107
 
104
108
  run_generator
105
- create_migration = migration_file("db/migrate/create_users.rb")
106
- add_migration = migration_file("db/migrate/add_clearance_to_users.rb")
109
+ create_migration = get_migration("db/migrate/create_users.rb")
110
+ add_migration = get_migration("db/migrate/add_clearance_to_users.rb")
107
111
 
108
112
  expect(create_migration).not_to exist
109
113
  expect(add_migration).not_to exist
@@ -126,7 +130,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
126
130
  and_return(existing_indexes)
127
131
 
128
132
  run_generator
129
- migration = migration_file("db/migrate/add_clearance_to_users.rb")
133
+ migration = get_migration("db/migrate/add_clearance_to_users.rb")
130
134
 
131
135
  expect(migration).to exist
132
136
  expect(migration).to have_correct_syntax
@@ -62,4 +62,36 @@ describe 'routes for Clearance' do
62
62
  expect(post: 'users').to be_routable
63
63
  end
64
64
  end
65
+
66
+ context 'password reset disabled' do
67
+ around do |example|
68
+ Clearance.configure { |config| config.allow_password_reset = false }
69
+ Rails.application.reload_routes!
70
+ example.run
71
+ Clearance.configuration = Clearance::Configuration.new
72
+ Rails.application.reload_routes!
73
+ end
74
+
75
+ it 'does not route password edit' do
76
+ user = create(:user)
77
+ expect(get: "users/#{user.id}/password/edit").not_to be_routable
78
+ end
79
+
80
+ it 'does not route to clearance/passwords#update' do
81
+ user = create(:user)
82
+ expect(patch: "/users/#{user.id}/password").not_to be_routable
83
+ end
84
+ end
85
+
86
+ context 'reset enabled' do
87
+ it 'does route password edit' do
88
+ user = create(:user)
89
+ expect(get: "users/#{user.id}/password/edit").to be_routable
90
+ end
91
+
92
+ it 'does route to clearance/passwords#update' do
93
+ user = create(:user)
94
+ expect(patch: "/users/#{user.id}/password").to be_routable
95
+ end
96
+ end
65
97
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clearance
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.7.2
4
+ version: 2.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dan Croak
@@ -23,10 +23,11 @@ authors:
23
23
  - Galen Frechette
24
24
  - Josh Steiner
25
25
  - Dorian Marié
26
+ - Sara Jackson
26
27
  autorequire:
27
28
  bindir: bin
28
29
  cert_chain: []
29
- date: 2024-06-28 00:00:00.000000000 Z
30
+ date: 2024-08-09 00:00:00.000000000 Z
30
31
  dependencies:
31
32
  - !ruby/object:Gem::Dependency
32
33
  name: bcrypt
@@ -146,7 +147,9 @@ extra_rdoc_files:
146
147
  - README.md
147
148
  files:
148
149
  - ".erb-lint.yml"
150
+ - ".github/dependabot.yml"
149
151
  - ".github/workflows/dynamic-readme.yml"
152
+ - ".github/workflows/dynamic-security.yml"
150
153
  - ".github/workflows/tests.yml"
151
154
  - ".gitignore"
152
155
  - ".yardopts"
@@ -315,7 +318,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
315
318
  - !ruby/object:Gem::Version
316
319
  version: '0'
317
320
  requirements: []
318
- rubygems_version: 3.3.7
321
+ rubygems_version: 3.5.15
319
322
  signing_key:
320
323
  specification_version: 4
321
324
  summary: Rails authentication & authorization with email & password.