clearance 2.7.2 → 2.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +15 -0
- data/.github/workflows/dynamic-security.yml +19 -0
- data/.github/workflows/tests.yml +7 -7
- data/.gitignore +4 -1
- data/Appraisals +9 -5
- data/CHANGELOG.md +16 -1
- data/Gemfile +0 -1
- data/Gemfile.lock +130 -97
- data/README.md +2 -1
- data/Rakefile +4 -7
- data/SECURITY.md +12 -8
- data/app/views/sessions/_form.html.erb +3 -1
- data/bin/setup +2 -2
- data/clearance.gemspec +9 -9
- data/config/routes.rb +5 -3
- data/gemfiles/rails_7.0.gemfile +4 -1
- data/gemfiles/rails_7.1.gemfile +0 -1
- data/gemfiles/{rails_6.1.gemfile → rails_7.2.gemfile} +1 -3
- data/lib/clearance/back_door.rb +4 -2
- data/lib/clearance/configuration.rb +14 -0
- data/lib/clearance/version.rb +1 -1
- data/spec/clearance/session_spec.rb +2 -2
- data/spec/configuration_spec.rb +15 -0
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/assets/config/manifest.js +0 -0
- data/spec/dummy/config/application.rb +13 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/test.rb +31 -0
- data/spec/dummy/config.ru +6 -0
- data/{db → spec/dummy/db}/migrate/20110111224543_create_clearance_users.rb +3 -2
- data/spec/dummy/db/schema.rb +25 -0
- data/spec/requests/backdoor_spec.rb +11 -0
- data/spec/requests/csrf_rotation_spec.rb +1 -5
- data/spec/requests/token_expiration_spec.rb +3 -3
- data/spec/routing/clearance_routes_spec.rb +32 -0
- data/spec/spec_helper.rb +4 -11
- data/spec/support/generator_spec_helpers.rb +11 -0
- data/spec/support/html_escape_helper.rb +1 -1
- metadata +33 -18
- data/db/schema.rb +0 -28
- data/spec/dummy/application.rb +0 -30
- data/spec/support/cookies.rb +0 -74
- /data/spec/{factories.rb → factories/users.rb} +0 -0
data/spec/support/cookies.rb
DELETED
@@ -1,74 +0,0 @@
|
|
1
|
-
RSpec::Matchers.define :set_cookie do |name, expected_value, expected_expires_at|
|
2
|
-
failure_message do
|
3
|
-
"Expected #{expectation} got #{result}"
|
4
|
-
end
|
5
|
-
|
6
|
-
match do |subject|
|
7
|
-
@headers = subject
|
8
|
-
@expected_name = name
|
9
|
-
@expected_value = expected_value
|
10
|
-
@expected_expires_at = expected_expires_at
|
11
|
-
extract_cookies
|
12
|
-
find_expected_cookie
|
13
|
-
parse_expiration
|
14
|
-
parse_value
|
15
|
-
parse_path
|
16
|
-
ensure_cookie_set
|
17
|
-
ensure_expiration_correct
|
18
|
-
ensure_path_is_correct
|
19
|
-
end
|
20
|
-
|
21
|
-
def ensure_cookie_set
|
22
|
-
expect(@value).to eq @expected_value
|
23
|
-
end
|
24
|
-
|
25
|
-
def ensure_expiration_correct
|
26
|
-
expect(@expires_at).not_to be_nil
|
27
|
-
expect(@expires_at).to be_within(100).of(@expected_expires_at)
|
28
|
-
end
|
29
|
-
|
30
|
-
def ensure_path_is_correct
|
31
|
-
expect(@path).to eq '/'
|
32
|
-
end
|
33
|
-
|
34
|
-
def expectation
|
35
|
-
"a cookie named #{@expected_name} with value #{@expected_value.inspect} expiring at #{@expected_expires_at.inspect}"
|
36
|
-
end
|
37
|
-
|
38
|
-
def extract_cookies
|
39
|
-
@cookie_headers = @headers["Set-Cookie"] || @headers["set-cookie"] || []
|
40
|
-
@cookie_headers = [@cookie_headers] if @cookie_headers.respond_to?(:to_str)
|
41
|
-
end
|
42
|
-
|
43
|
-
def find_expected_cookie
|
44
|
-
@cookie = @cookie_headers.detect do |header|
|
45
|
-
header =~ /^#{@expected_name}=[^;]*(;|$)/
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
def parse_expiration
|
50
|
-
if @cookie && result = @cookie.match(/; expires=(.*?)(;|$)/)
|
51
|
-
@expires_at = Time.parse(result[1])
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
def parse_path
|
56
|
-
if @cookie && result = @cookie.match(/; path=(.*?)(;|$)/)
|
57
|
-
@path = result[1]
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
def parse_value
|
62
|
-
if @cookie && result = @cookie.match(/=(.*?)(?:;|$)/)
|
63
|
-
@value = result[1]
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
def result
|
68
|
-
if @cookie
|
69
|
-
@cookie
|
70
|
-
else
|
71
|
-
@cookie_headers.join("; ")
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
File without changes
|