clearance 2.7.2 → 2.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +15 -0
  3. data/.github/workflows/dynamic-security.yml +19 -0
  4. data/.github/workflows/tests.yml +7 -7
  5. data/.gitignore +4 -1
  6. data/Appraisals +9 -5
  7. data/CHANGELOG.md +16 -1
  8. data/Gemfile +0 -1
  9. data/Gemfile.lock +130 -97
  10. data/README.md +2 -1
  11. data/Rakefile +4 -7
  12. data/SECURITY.md +12 -8
  13. data/app/views/sessions/_form.html.erb +3 -1
  14. data/bin/setup +2 -2
  15. data/clearance.gemspec +9 -9
  16. data/config/routes.rb +5 -3
  17. data/gemfiles/rails_7.0.gemfile +4 -1
  18. data/gemfiles/rails_7.1.gemfile +0 -1
  19. data/gemfiles/{rails_6.1.gemfile → rails_7.2.gemfile} +1 -3
  20. data/lib/clearance/back_door.rb +4 -2
  21. data/lib/clearance/configuration.rb +14 -0
  22. data/lib/clearance/version.rb +1 -1
  23. data/spec/clearance/session_spec.rb +2 -2
  24. data/spec/configuration_spec.rb +15 -0
  25. data/spec/dummy/Rakefile +6 -0
  26. data/spec/dummy/app/assets/config/manifest.js +0 -0
  27. data/spec/dummy/config/application.rb +13 -0
  28. data/spec/dummy/config/boot.rb +5 -0
  29. data/spec/dummy/config/environment.rb +5 -0
  30. data/spec/dummy/config/environments/test.rb +31 -0
  31. data/spec/dummy/config.ru +6 -0
  32. data/{db → spec/dummy/db}/migrate/20110111224543_create_clearance_users.rb +3 -2
  33. data/spec/dummy/db/schema.rb +25 -0
  34. data/spec/requests/backdoor_spec.rb +11 -0
  35. data/spec/requests/csrf_rotation_spec.rb +1 -5
  36. data/spec/requests/token_expiration_spec.rb +3 -3
  37. data/spec/routing/clearance_routes_spec.rb +32 -0
  38. data/spec/spec_helper.rb +4 -11
  39. data/spec/support/generator_spec_helpers.rb +11 -0
  40. data/spec/support/html_escape_helper.rb +1 -1
  41. metadata +33 -18
  42. data/db/schema.rb +0 -28
  43. data/spec/dummy/application.rb +0 -30
  44. data/spec/support/cookies.rb +0 -74
  45. /data/spec/{factories.rb → factories/users.rb} +0 -0
@@ -1,74 +0,0 @@
1
- RSpec::Matchers.define :set_cookie do |name, expected_value, expected_expires_at|
2
- failure_message do
3
- "Expected #{expectation} got #{result}"
4
- end
5
-
6
- match do |subject|
7
- @headers = subject
8
- @expected_name = name
9
- @expected_value = expected_value
10
- @expected_expires_at = expected_expires_at
11
- extract_cookies
12
- find_expected_cookie
13
- parse_expiration
14
- parse_value
15
- parse_path
16
- ensure_cookie_set
17
- ensure_expiration_correct
18
- ensure_path_is_correct
19
- end
20
-
21
- def ensure_cookie_set
22
- expect(@value).to eq @expected_value
23
- end
24
-
25
- def ensure_expiration_correct
26
- expect(@expires_at).not_to be_nil
27
- expect(@expires_at).to be_within(100).of(@expected_expires_at)
28
- end
29
-
30
- def ensure_path_is_correct
31
- expect(@path).to eq '/'
32
- end
33
-
34
- def expectation
35
- "a cookie named #{@expected_name} with value #{@expected_value.inspect} expiring at #{@expected_expires_at.inspect}"
36
- end
37
-
38
- def extract_cookies
39
- @cookie_headers = @headers["Set-Cookie"] || @headers["set-cookie"] || []
40
- @cookie_headers = [@cookie_headers] if @cookie_headers.respond_to?(:to_str)
41
- end
42
-
43
- def find_expected_cookie
44
- @cookie = @cookie_headers.detect do |header|
45
- header =~ /^#{@expected_name}=[^;]*(;|$)/
46
- end
47
- end
48
-
49
- def parse_expiration
50
- if @cookie && result = @cookie.match(/; expires=(.*?)(;|$)/)
51
- @expires_at = Time.parse(result[1])
52
- end
53
- end
54
-
55
- def parse_path
56
- if @cookie && result = @cookie.match(/; path=(.*?)(;|$)/)
57
- @path = result[1]
58
- end
59
- end
60
-
61
- def parse_value
62
- if @cookie && result = @cookie.match(/=(.*?)(?:;|$)/)
63
- @value = result[1]
64
- end
65
- end
66
-
67
- def result
68
- if @cookie
69
- @cookie
70
- else
71
- @cookie_headers.join("; ")
72
- end
73
- end
74
- end
File without changes