clearance 2.8.0 → 2.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e5f7f15515653096a81f567271c72a5bc138dac396acb3d7727fb7eb95b89540
-  data.tar.gz: 61b53d47ef673fe4f171aa32c6239c80fca531c4edaa239446bb0f3d8478df18
+  metadata.gz: b3164482da14d878bfca32632ebbabf81635add8143adaca1be3baa7ec41cd83
+  data.tar.gz: 037f0f5a5c30f3022b0d29a9c100e40538c0b176b4935c061ec96c469d8c3ca9
 SHA512:
-  metadata.gz: a695e60bfb14845d6bb5a1481766f2104f68fc92149fc0de3191af403bc7719803013cb8cb4a93fa74c1d334d1190e7206ba017502d40f109d0e96fb381fb3e0
-  data.tar.gz: cc12e0563b4106d22e4d4c23a8d2f50621cc1f2a61f905ea82ea697369e1e916bc5e5d69b65900d8b146244fe9a8dbf50e54e752c9b0cbd9243c53c285011226
+  metadata.gz: 5b889666cb2a46f6bfdcf41b9aaf9c7f0414b986f07ab4f31bb4846d3b4ef900f3d6076d50d9f8463657033488b118472d9e8dace8c4786aadd0f2999f5b2bed
+  data.tar.gz: 0fbc755f11f689843852ef18201963d0d56be06b8bf22326e82d2c83162d092ade4af85dfff3469867e0cf3937f545351a84b83425094cfb064d3466c361dd7c

data/.github/workflows/tests.yml

@@ -16,20 +16,20 @@ jobs:
       fail-fast: false
       matrix:
         gemfile:
-          - "6.1"
           - "7.0"
           - "7.1"
+          - "7.2"
         ruby:
-          - "3.0.4"
-          - "3.1.2"
-          - "3.2.2"
+          - "3.1.6"
+          - "3.2.5"
+          - "3.3.5"
 
     env:
       BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile
       RAILS_ENV: test
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: "Install Ruby ${{ matrix.ruby  }}"
         uses: ruby/setup-ruby@v1
@@ -39,8 +39,8 @@ jobs:
 
       - name: "Reset app database"
         run: |
-          bundle exec rake dummy:db:drop
-          bundle exec rake dummy:db:setup
+          bundle exec rake db:drop
+          bundle exec rake db:setup
 
       - name: "Run tests"
         run: bundle exec rake

data/.gitignore

@@ -4,7 +4,10 @@
 *.swp
 *~
 .bundle
-db/*.sqlite3
+.idea
+.tool-versions
+spec/dummy/db/*.sqlite3*
+spec/dummy/log
 gemfiles/*.lock
 gemfiles/vendor/
 log/*.log

data/Appraisals

@@ -1,12 +1,16 @@
-appraise "rails_6.1" do
-  gem "railties", "~> 6.1.0"
-  gem "net-smtp", require: false # not bundled in ruby 3.1
-end
-
 appraise "rails_7.0" do
   gem "railties", "~> 7.0.0"
+  # The following gems will not be bundled with Ruby 3.4
+  gem "base64", require: false
+  gem "bigdecimal", require: false
+  gem "drb", require: false
+  gem "mutex_m", require: false
 end
 
 appraise "rails_7.1" do
   gem "railties", "~> 7.1.0"
 end
+
+appraise "rails_7.2" do
+  gem "railties", "~> 7.2.0"
+end

data/CHANGELOG.md

@@ -5,7 +5,17 @@ complete changelog, see the git history for each version via the version links.
 
 ## [Unreleased]
 
-[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.8.0...main
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.9.1...main
+
+## [2.9.1] - October 29, 2024
+ - Update gemspec
+
+## [2.9.0] - October 29, 2024
+- Added Rails 7.2 and Ruby 3.3 to testing matrix
+  and overhauled dummy app (#1032) Hamed Asghari
+- Droped support for Ruby 3.0 and Rails 6.1 (#1036)
+
+[2.9.0]: https://github.com/thoughtbot/clearance/compare/v2.8.0...v2.9.0
 
 ## [2.8.0] - August 9, 2024
 - Feature: Added allow_password_resets config option (#1019) Jos O'shea

data/Gemfile

@@ -15,4 +15,3 @@ gem 'rails-controller-testing'
 gem 'rspec-rails'
 gem 'shoulda-matchers'
 gem 'sqlite3', '~> 1.7'
-gem 'timecop'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.8.0)
+    clearance (2.9.1)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -13,49 +13,57 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (7.0.3)
-      actionpack (= 7.0.3)
-      actionview (= 7.0.3)
-      activejob (= 7.0.3)
-      activesupport (= 7.0.3)
-      mail (~> 2.5, >= 2.5.4)
-      net-imap
-      net-pop
-      net-smtp
-      rails-dom-testing (~> 2.0)
-    actionpack (7.0.3)
-      actionview (= 7.0.3)
-      activesupport (= 7.0.3)
-      rack (~> 2.0, >= 2.2.0)
+    actionmailer (7.2.0)
+      actionpack (= 7.2.0)
+      actionview (= 7.2.0)
+      activejob (= 7.2.0)
+      activesupport (= 7.2.0)
+      mail (>= 2.8.0)
+      rails-dom-testing (~> 2.2)
+    actionpack (7.2.0)
+      actionview (= 7.2.0)
+      activesupport (= 7.2.0)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4, < 3.2)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (7.0.3)
-      activesupport (= 7.0.3)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+      useragent (~> 0.16)
+    actionview (7.2.0)
+      activesupport (= 7.2.0)
       builder (~> 3.1)
-      erubi (~> 1.4)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.3)
-      activesupport (= 7.0.3)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activejob (7.2.0)
+      activesupport (= 7.2.0)
       globalid (>= 0.3.6)
-    activemodel (7.0.3)
-      activesupport (= 7.0.3)
-    activerecord (7.0.3)
-      activemodel (= 7.0.3)
-      activesupport (= 7.0.3)
-    activesupport (7.0.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+    activemodel (7.2.0)
+      activesupport (= 7.2.0)
+    activerecord (7.2.0)
+      activemodel (= 7.2.0)
+      activesupport (= 7.2.0)
+      timeout (>= 0.4.0)
+    activesupport (7.2.0)
+      base64
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
       minitest (>= 5.1)
-      tzinfo (~> 2.0)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
-    ammeter (1.1.5)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    ammeter (1.1.7)
       activesupport (>= 3.0)
       railties (>= 3.0)
       rspec-rails (>= 2.2)
-    appraisal (2.4.1)
+    appraisal (2.5.0)
       bundler
       rake
       thor (>= 0.14.0)
@@ -63,6 +71,7 @@ GEM
       ffi (~> 1.15)
       ffi-compiler (~> 1.0)
     ast (2.4.2)
+    base64 (0.2.0)
     bcrypt (3.1.20)
     better_html (2.1.1)
       actionview (>= 6.0)
@@ -71,41 +80,44 @@ GEM
       erubi (~> 1.4)
       parser (>= 2.4)
       smart_properties
-    builder (3.2.4)
-    capybara (3.37.1)
+    bigdecimal (3.1.8)
+    builder (3.3.0)
+    capybara (3.40.0)
       addressable
       matrix
       mini_mime (>= 0.1.3)
-      nokogiri (~> 1.8)
+      nokogiri (~> 1.11)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     coderay (1.1.3)
-    concurrent-ruby (1.2.3)
+    concurrent-ruby (1.3.4)
+    connection_pool (2.4.1)
     crass (1.0.6)
-    database_cleaner (2.0.1)
-      database_cleaner-active_record (~> 2.0.0)
-    database_cleaner-active_record (2.0.1)
+    database_cleaner (2.0.2)
+      database_cleaner-active_record (>= 2, < 3)
+    database_cleaner-active_record (2.2.0)
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
     date (3.3.4)
-    diff-lcs (1.5.0)
+    diff-lcs (1.5.1)
+    drb (2.2.1)
     email_validator (2.2.4)
       activemodel
-    erb_lint (0.5.0)
+    erb_lint (0.6.0)
       activesupport
       better_html (>= 2.0.1)
       parser (>= 2.7.1.4)
       rainbow
-      rubocop
+      rubocop (>= 1)
       smart_properties
-    erubi (1.12.0)
-    factory_bot (6.2.1)
+    erubi (1.13.0)
+    factory_bot (6.4.6)
       activesupport (>= 5.0.0)
-    factory_bot_rails (6.2.0)
-      factory_bot (~> 6.2.0)
+    factory_bot_rails (6.4.3)
+      factory_bot (~> 6.4)
       railties (>= 5.0.0)
     ffi (1.17.0)
     ffi-compiler (1.3.2)
@@ -115,8 +127,13 @@ GEM
       activesupport (>= 6.1)
     i18n (1.14.5)
       concurrent-ruby (~> 1.0)
+    io-console (0.7.2)
+    irb (1.14.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
     json (2.7.2)
     language_server-protocol (3.17.0.3)
+    logger (1.6.0)
     loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
@@ -126,11 +143,11 @@ GEM
       net-pop
       net-smtp
     matrix (0.4.2)
-    method_source (1.0.0)
-    mini_mime (1.1.2)
-    mini_portile2 (2.8.6)
-    minitest (5.22.3)
-    net-imap (0.4.14)
+    method_source (1.1.0)
+    mini_mime (1.1.5)
+    mini_portile2 (2.8.7)
+    minitest (5.25.1)
+    net-imap (0.5.0)
       date
       net-protocol
     net-pop (0.1.2)
@@ -139,21 +156,28 @@ GEM
       timeout
     net-smtp (0.5.0)
       net-protocol
-    nokogiri (1.16.4)
+    nokogiri (1.16.7)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    parallel (1.24.0)
-    parser (3.3.1.0)
+    parallel (1.26.3)
+    parser (3.3.4.2)
       ast (~> 2.4.1)
       racc
-    pry (0.14.1)
+    pry (0.14.2)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.7)
-    racc (1.7.3)
-    rack (2.2.3.1)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
+    psych (5.1.2)
+      stringio
+    public_suffix (6.0.1)
+    racc (1.8.1)
+    rack (3.1.7)
+    rack-session (2.0.0)
+      rack (>= 3.0.0)
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rackup (2.1.0)
+      rack (>= 3)
+      webrick (~> 1.8)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -165,62 +189,72 @@ GEM
     rails-html-sanitizer (1.6.0)
       loofah (~> 2.21)
       nokogiri (~> 1.14)
-    railties (7.0.3)
-      actionpack (= 7.0.3)
-      activesupport (= 7.0.3)
-      method_source
+    railties (7.2.0)
+      actionpack (= 7.2.0)
+      activesupport (= 7.2.0)
+      irb (~> 1.13)
+      rackup (>= 1.0.0)
       rake (>= 12.2)
-      thor (~> 1.0)
-      zeitwerk (~> 2.5)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
     rainbow (3.1.1)
-    rake (13.1.0)
-    regexp_parser (2.9.0)
-    rexml (3.2.6)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    rake (13.2.1)
+    rdoc (6.7.0)
+      psych (>= 4.0.0)
+    regexp_parser (2.9.2)
+    reline (0.5.9)
+      io-console (~> 0.5)
+    rexml (3.3.5)
+      strscan
+    rspec-core (3.13.0)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.1)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-rails (5.1.2)
-      actionpack (>= 5.2)
-      activesupport (>= 5.2)
-      railties (>= 5.2)
-      rspec-core (~> 3.10)
-      rspec-expectations (~> 3.10)
-      rspec-mocks (~> 3.10)
-      rspec-support (~> 3.10)
-    rspec-support (3.11.0)
-    rubocop (1.63.4)
+      rspec-support (~> 3.13.0)
+    rspec-rails (6.1.4)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
+      railties (>= 6.1)
+      rspec-core (~> 3.13)
+      rspec-expectations (~> 3.13)
+      rspec-mocks (~> 3.13)
+      rspec-support (~> 3.13)
+    rspec-support (3.13.1)
+    rubocop (1.65.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
+      regexp_parser (>= 2.4, < 3.0)
       rexml (>= 3.2.5, < 4.0)
       rubocop-ast (>= 1.31.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.31.3)
+    rubocop-ast (1.32.1)
       parser (>= 3.3.1.0)
     ruby-progressbar (1.13.0)
-    shoulda-matchers (5.1.0)
+    securerandom (0.3.1)
+    shoulda-matchers (6.4.0)
       activesupport (>= 5.2.0)
     smart_properties (1.17.0)
     sqlite3 (1.7.3)
       mini_portile2 (~> 2.8.0)
-    thor (1.2.1)
-    timecop (0.9.5)
+    stringio (3.1.1)
+    strscan (3.1.0)
+    thor (1.3.1)
     timeout (0.4.1)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
+    useragent (0.16.10)
+    webrick (1.8.1)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.5.4)
+    zeitwerk (2.6.17)
 
 PLATFORMS
   ruby
@@ -240,7 +274,6 @@ DEPENDENCIES
   rspec-rails
   shoulda-matchers
   sqlite3 (~> 1.7)
-  timecop
 
 BUNDLED WITH
    2.3.15

data/README.md

@@ -18,7 +18,7 @@ monitored by contributors.
 
 ## Getting Started
 
-Clearance is a Rails engine tested against Rails `>= 6.1` and Ruby `>= 3.0.0`.
+Clearance is a Rails engine tested against Rails `>= 7.0` and Ruby `>= 3.1.6`.
 
 You can add it to your Gemfile with:
 

data/Rakefile

@@ -1,15 +1,12 @@
-require "rubygems"
 require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
 require "bundler/gem_tasks"
 
-require "rake"
 require "rspec/core/rake_task"
 
-namespace :dummy do
-  require_relative "spec/dummy/application"
-  Dummy::Application.load_tasks
-end
-
 desc "Run specs other than spec/acceptance"
 RSpec::Core::RakeTask.new("spec") do |task|
   task.exclude_pattern = "spec/acceptance/**/*_spec.rb"

data/bin/setup

@@ -12,5 +12,5 @@ if [ -z "$CI" ]; then
 fi
 
 # Set up database for the application that Clearance tests against
-RAILS_ENV=test bundle exec rake dummy:db:drop
-RAILS_ENV=test bundle exec rake dummy:db:setup
+RAILS_ENV=test bundle exec rake db:drop
+RAILS_ENV=test bundle exec rake db:setup

data/clearance.gemspec

@@ -1,5 +1,4 @@
-$LOAD_PATH.push File.expand_path('../lib', __FILE__)
-require 'clearance/version'
+require_relative 'lib/clearance/version'
 
 Gem::Specification.new do |s|
   s.add_dependency 'bcrypt', '>= 3.1.1'
@@ -46,7 +45,7 @@ Gem::Specification.new do |s|
   s.name = %q{clearance}
   s.rdoc_options = ['--charset=UTF-8']
   s.require_paths = ['lib']
-  s.required_ruby_version = Gem::Requirement.new('>= 2.4.0')
+  s.required_ruby_version = Gem::Requirement.new('>= 3.1.6')
   s.summary = 'Rails authentication & authorization with email & password.'
   s.test_files = `git ls-files -- {spec}/*`.split("\n")
   s.version = Clearance::VERSION

data/gemfiles/rails_7.0.gemfile

@@ -15,7 +15,10 @@ gem "rails-controller-testing"
 gem "rspec-rails"
 gem "shoulda-matchers"
 gem "sqlite3", "~> 1.7"
-gem "timecop"
 gem "railties", "~> 7.0.0"
+gem "base64", require: false
+gem "bigdecimal", require: false
+gem "drb", require: false
+gem "mutex_m", require: false
 
 gemspec path: "../"

data/gemfiles/rails_7.1.gemfile

@@ -15,7 +15,6 @@ gem "rails-controller-testing"
 gem "rspec-rails"
 gem "shoulda-matchers"
 gem "sqlite3", "~> 1.7"
-gem "timecop"
 gem "railties", "~> 7.1.0"
 
 gemspec path: "../"

data/gemfiles/{rails_6.1.gemfile → rails_7.2.gemfile}

@@ -15,8 +15,6 @@ gem "rails-controller-testing"
 gem "rspec-rails"
 gem "shoulda-matchers"
 gem "sqlite3", "~> 1.7"
-gem "timecop"
-gem "railties", "~> 6.1.0"
-gem "net-smtp", require: false
+gem "railties", "~> 7.2.0"
 
 gemspec path: "../"

data/lib/clearance/back_door.rb

@@ -48,11 +48,13 @@ module Clearance
 
     # @api private
     def sign_in_through_the_back_door(env)
-      params = Rack::Utils.parse_query(env["QUERY_STRING"])
+      params = Rack::Utils.parse_query(env[Rack::QUERY_STRING])
       user_param = params.delete("as")
 
       if user_param.present?
-        env["QUERY_STRING"] = Rack::Utils.build_query(params)
+        query_string = Rack::Utils.build_query(params)
+        env[Rack::QUERY_STRING] = query_string
+        env[Rack::RACK_REQUEST_QUERY_STRING] = query_string
         user = find_user(user_param)
         env[:clearance].sign_in(user)
       end

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.8.0".freeze
+  VERSION = "2.9.1".freeze
 end

data/spec/clearance/session_spec.rb

@@ -1,8 +1,8 @@
 require 'spec_helper'
 
 describe Clearance::Session do
-  before { Timecop.freeze }
-  after { Timecop.return }
+  before { freeze_time }
+  after { unfreeze_time }
 
   let(:session) { Clearance::Session.new(env_without_remember_token) }
   let(:user) { create(:user) }

data/spec/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require_relative "config/application"
+
+Rails.application.load_tasks

data/spec/dummy/config/application.rb

@@ -0,0 +1,13 @@
+require_relative "boot"
+
+require "rails/all"
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require(*Rails.groups)
+
+module Dummy
+  class Application < Rails::Application
+    config.load_defaults Rails::VERSION::STRING.to_f
+  end
+end

data/spec/dummy/config/boot.rb

@@ -0,0 +1,5 @@
+# Set up gems listed in the Gemfile.
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../../Gemfile", __dir__)
+
+require "bundler/setup" if File.exist?(ENV["BUNDLE_GEMFILE"])
+$LOAD_PATH.unshift File.expand_path("../../../lib", __dir__)

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require_relative "application"
+
+# Initialize the Rails application.
+Rails.application.initialize!

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,31 @@
+require "active_support/core_ext/integer/time"
+
+Rails.application.configure do
+  config.enable_reloading = false
+
+  config.eager_load = ENV["CI"].present?
+
+  config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{1.hour.to_i}" }
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local = true
+  config.action_controller.perform_caching = false
+  config.cache_store = :null_store
+
+  config.action_dispatch.show_exceptions = :rescuable
+
+  config.action_controller.allow_forgery_protection = false
+
+  config.action_mailer.perform_caching = false
+  config.action_mailer.delivery_method = :test
+
+  config.action_mailer.default_url_options = { host: "www.example.com" }
+
+  config.active_support.deprecation = :stderr
+  config.active_support.disallowed_deprecation = :raise
+  config.active_support.disallowed_deprecation_warnings = []
+
+  config.factory_bot.definition_file_paths = [File.expand_path('../../../factories', __dir__)]
+
+  config.middleware.use Clearance::BackDoor
+end

data/spec/dummy/config.ru

@@ -0,0 +1,6 @@
+# This file is used by Rack-based servers to start the application.
+
+require_relative "config/environment"
+
+run Rails.application
+Rails.application.load_server

data/{db → spec/dummy/db}/migrate/20110111224543_create_clearance_users.rb

@@ -1,4 +1,4 @@
-class CreateClearanceUsers < ActiveRecord::Migration
+class CreateClearanceUsers < ActiveRecord::Migration[Rails::VERSION::STRING.to_f]
   def self.up
     create_table :users do |t|
       t.timestamps null: false
@@ -9,7 +9,8 @@ class CreateClearanceUsers < ActiveRecord::Migration
     end
 
     add_index :users, :email
-    add_index :users, :remember_token
+    add_index :users, :confirmation_token, unique: true
+    add_index :users, :remember_token, unique: true
   end
 
   def self.down

data/spec/dummy/db/schema.rb

@@ -0,0 +1,25 @@
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# This file is the source Rails uses to define your schema when running `bin/rails
+# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 2011_01_11_224543) do
+  create_table "users", force: :cascade do |t|
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.string "email", null: false
+    t.string "encrypted_password", limit: 128, null: false
+    t.string "confirmation_token", limit: 128
+    t.string "remember_token", limit: 128, null: false
+    t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
+    t.index ["email"], name: "index_users_on_email"
+    t.index ["remember_token"], name: "index_users_on_remember_token", unique: true
+  end
+end

data/spec/generators/clearance/install/install_generator_spec.rb

@@ -2,10 +2,6 @@ require "spec_helper"
 require "generators/clearance/install/install_generator"
 
 describe Clearance::Generators::InstallGenerator, :generator do
-  def get_migration(path)
-    Pathname.new(migration_file(path))
-  end
-
   describe "initializer" do
     it "is copied to the application" do
       provide_existing_application_controller
@@ -70,7 +66,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
         table_does_not_exist(:users)
 
         run_generator
-        migration = get_migration("db/migrate/create_users.rb")
+        migration = migration_file("db/migrate/create_users.rb")
 
         expect(migration).to exist
         expect(migration).to have_correct_syntax
@@ -92,7 +88,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
           table_does_not_exist(:users)
 
           run_generator
-          migration = get_migration("db/migrate/create_users.rb")
+          migration = migration_file("db/migrate/create_users.rb")
 
           expect(migration).to exist
           expect(migration).to have_correct_syntax
@@ -106,8 +102,8 @@ describe Clearance::Generators::InstallGenerator, :generator do
         provide_existing_application_controller
 
         run_generator
-        create_migration = get_migration("db/migrate/create_users.rb")
-        add_migration = get_migration("db/migrate/add_clearance_to_users.rb")
+        create_migration = migration_file("db/migrate/create_users.rb")
+        add_migration = migration_file("db/migrate/add_clearance_to_users.rb")
 
         expect(create_migration).not_to exist
         expect(add_migration).not_to exist
@@ -130,7 +126,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
           and_return(existing_indexes)
 
         run_generator
-        migration = get_migration("db/migrate/add_clearance_to_users.rb")
+        migration = migration_file("db/migrate/add_clearance_to_users.rb")
 
         expect(migration).to exist
         expect(migration).to have_correct_syntax

data/spec/requests/backdoor_spec.rb

@@ -0,0 +1,11 @@
+require "spec_helper"
+
+describe "Backdoor Middleware" do
+  it "allows signing in using query parameter" do
+    user = create(:user)
+
+    get root_path(as: user.to_param)
+
+    expect(cookies["remember_token"]).to eq user.remember_token
+  end
+end

data/spec/requests/csrf_rotation_spec.rb

@@ -16,7 +16,7 @@ describe "CSRF Rotation" do
         original_token = csrf_token
 
         post session_path, params: {
-          session: session_params(user, "password"),
+          authenticity_token: csrf_token, session: { email: user.email, password: "password" }
         }
 
         expect(csrf_token).not_to eq original_token
@@ -28,8 +28,4 @@ describe "CSRF Rotation" do
   def csrf_token
     session[:_csrf_token]
   end
-
-  def session_params(user, password)
-    { email: user.email, password: password, authenticity_token: csrf_token }
-  end
 end

data/spec/requests/token_expiration_spec.rb

@@ -3,13 +3,13 @@ require "spec_helper"
 describe "Token expiration" do
   describe "after signing in" do
     before do
-      Timecop.freeze
+      freeze_time
       create_user_and_sign_in
       @initial_cookies = remember_token_cookies
     end
 
     after do
-      Timecop.return
+      unfreeze_time
     end
 
     it "should have a remember_token cookie with a future expiration" do
@@ -25,7 +25,7 @@ describe "Token expiration" do
       create_user_and_sign_in
       @initial_cookies = remember_token_cookies
 
-      Timecop.travel(1.minute.from_now) do
+      travel_to(1.minute.from_now) do
         get root_path
         @followup_cookies = remember_token_cookies
       end

data/spec/spec_helper.rb

@@ -1,20 +1,13 @@
 ENV["RAILS_ENV"] ||= "test"
+require_relative "dummy/config/environment"
 
-require "rails/all"
-require "dummy/application"
-
-require "clearance/rspec"
-require "factory_bot_rails"
-require "rails-controller-testing"
 require "rspec/rails"
-require "shoulda-matchers"
-require "timecop"
-
-Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
+require "clearance/rspec"
 
-Dummy::Application.initialize!
+Dir[File.expand_path("spec/support/**/*.rb")].each { |f| require f }
 
 RSpec.configure do |config|
+  config.include ActiveSupport::Testing::TimeHelpers
   config.include FactoryBot::Syntax::Methods
   config.infer_spec_type_from_file_location!
   config.order = :random

data/spec/support/generator_spec_helpers.rb

@@ -3,6 +3,16 @@ require "ammeter/rspec/generator/matchers.rb"
 require "ammeter/init"
 
 module GeneratorSpecHelpers
+  module FileMethods
+    def file(path)
+      Pathname.new(super)
+    end
+
+    def migration_file(path)
+      Pathname.new(super)
+    end
+  end
+
   TEMPLATE_PATH = File.expand_path("../../app_templates", __FILE__)
 
   def provide_existing_routes_file
@@ -36,6 +46,7 @@ end
 
 RSpec.configure do |config|
   config.include GeneratorSpecHelpers
+  config.prepend GeneratorSpecHelpers::FileMethods
 
   config.before(:example, :generator) do
     destination File.expand_path("../../../tmp", __FILE__)

data/spec/support/html_escape_helper.rb

@@ -1,6 +1,6 @@
 module HTMLEscapeHelper
   def translated_string(key)
-    if Rails.version >= "7.0"
+    if [7.0].include?(Rails::VERSION::STRING.to_f)
       ERB::Util.html_escape_once(I18n.t(key))
     else
       I18n.t(key)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.8.0
+  version: 2.9.1
 platform: ruby
 authors:
 - Dan Croak
@@ -27,7 +27,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-08-09 00:00:00.000000000 Z
+date: 2024-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -185,11 +185,9 @@ files:
 - clearance.gemspec
 - config/locales/clearance.en.yml
 - config/routes.rb
-- db/migrate/20110111224543_create_clearance_users.rb
-- db/schema.rb
-- gemfiles/rails_6.1.gemfile
 - gemfiles/rails_7.0.gemfile
 - gemfiles/rails_7.1.gemfile
+- gemfiles/rails_7.2.gemfile
 - lib/clearance.rb
 - lib/clearance/authentication.rb
 - lib/clearance/authorization.rb
@@ -265,14 +263,22 @@ files:
 - spec/controllers/permissions_controller_spec.rb
 - spec/controllers/sessions_controller_spec.rb
 - spec/controllers/users_controller_spec.rb
+- spec/dummy/Rakefile
+- spec/dummy/app/assets/config/manifest.js
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/models/user.rb
 - spec/dummy/app/models/user_with_optional_password.rb
-- spec/dummy/application.rb
+- spec/dummy/config.ru
+- spec/dummy/config/application.rb
+- spec/dummy/config/boot.rb
 - spec/dummy/config/database.yml
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/test.rb
 - spec/dummy/config/routes.rb
 - spec/dummy/db/.keep
-- spec/factories.rb
+- spec/dummy/db/migrate/20110111224543_create_clearance_users.rb
+- spec/dummy/db/schema.rb
+- spec/factories/users.rb
 - spec/generators/clearance/install/install_generator_spec.rb
 - spec/generators/clearance/routes/routes_generator_spec.rb
 - spec/generators/clearance/specs/specs_generator_spec.rb
@@ -284,6 +290,7 @@ files:
 - spec/password_strategies/bcrypt_spec.rb
 - spec/password_strategies/password_strategies_spec.rb
 - spec/requests/authentication_cookie_spec.rb
+- spec/requests/backdoor_spec.rb
 - spec/requests/cookie_options_spec.rb
 - spec/requests/csrf_rotation_spec.rb
 - spec/requests/password_maintenance_spec.rb
@@ -291,7 +298,6 @@ files:
 - spec/routing/clearance_routes_spec.rb
 - spec/spec_helper.rb
 - spec/support/clearance.rb
-- spec/support/cookies.rb
 - spec/support/fake_model_with_password_strategy.rb
 - spec/support/fake_model_without_password_strategy.rb
 - spec/support/generator_spec_helpers.rb
@@ -311,14 +317,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 3.1.6
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.15
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.

data/db/schema.rb

@@ -1,28 +0,0 @@
-# encoding: UTF-8
-# This file is auto-generated from the current state of the database. Instead
-# of editing this file, please use the migrations feature of Active Record to
-# incrementally modify your database, and then regenerate this schema definition.
-#
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
-#
-# It's strongly recommended that you check this file into your version control system.
-
-ActiveRecord::Schema.define(version: 20110111224543) do
-
-  create_table "users", force: true do |t|
-    t.datetime "created_at",                     null: false
-    t.datetime "updated_at",                     null: false
-    t.string   "email",                          null: false
-    t.string   "encrypted_password", limit: 128, null: false
-    t.string   "confirmation_token", limit: 128
-    t.string   "remember_token",     limit: 128, null: false
-  end
-
-  add_index "users", ["email"], name: "index_users_on_email"
-  add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
-  add_index "users", ["remember_token"], name: "index_users_on_remember_token", unique: true
-end

data/spec/dummy/application.rb

@@ -1,33 +0,0 @@
-require "rails/all"
-
-require "clearance"
-
-module Dummy
-  APP_ROOT = File.expand_path("..", __FILE__).freeze
-
-  class Application < Rails::Application
-    config.action_controller.perform_caching = false
-    config.action_mailer.default_url_options = { host: "dummy.example.com" }
-    config.action_mailer.delivery_method = :test
-    if Rails.version.match?(/(6.1|7.0)/)
-      config.active_record.legacy_connection_handling = false
-    end
-    config.active_support.deprecation = :stderr
-    config.eager_load = false
-
-    config.paths["app/controllers"] << "#{APP_ROOT}/app/controllers"
-    config.paths["app/models"] << "#{APP_ROOT}/app/models"
-    config.paths["app/views"] << "#{APP_ROOT}/app/views"
-    config.paths["config/database"] = "#{APP_ROOT}/config/database.yml"
-    config.paths["log"] = "tmp/log/development.log"
-    config.paths.add "config/routes.rb", with: "#{APP_ROOT}/config/routes.rb"
-
-    def require_environment!
-      initialize!
-    end
-
-    def initialize!(&block)
-      super unless @initialized
-    end
-  end
-end

data/spec/support/cookies.rb

@@ -1,74 +0,0 @@
-RSpec::Matchers.define :set_cookie do |name, expected_value, expected_expires_at|
-  failure_message do
-    "Expected #{expectation} got #{result}"
-  end
-
-  match do |subject|
-    @headers = subject
-    @expected_name = name
-    @expected_value = expected_value
-    @expected_expires_at = expected_expires_at
-    extract_cookies
-    find_expected_cookie
-    parse_expiration
-    parse_value
-    parse_path
-    ensure_cookie_set
-    ensure_expiration_correct
-    ensure_path_is_correct
-  end
-
-  def ensure_cookie_set
-    expect(@value).to eq @expected_value
-  end
-
-  def ensure_expiration_correct
-    expect(@expires_at).not_to be_nil
-    expect(@expires_at).to be_within(100).of(@expected_expires_at)
-  end
-
-  def ensure_path_is_correct
-    expect(@path).to eq '/'
-  end
-
-  def expectation
-    "a cookie named #{@expected_name} with value #{@expected_value.inspect} expiring at #{@expected_expires_at.inspect}"
-  end
-
-  def extract_cookies
-    @cookie_headers = @headers["Set-Cookie"] || @headers["set-cookie"] || []
-    @cookie_headers = [@cookie_headers] if @cookie_headers.respond_to?(:to_str)
-  end
-
-  def find_expected_cookie
-    @cookie = @cookie_headers.detect do |header|
-      header =~ /^#{@expected_name}=[^;]*(;|$)/
-    end
-  end
-
-  def parse_expiration
-    if @cookie && result = @cookie.match(/; expires=(.*?)(;|$)/)
-      @expires_at = Time.parse(result[1])
-    end
-  end
-
-  def parse_path
-    if @cookie && result = @cookie.match(/; path=(.*?)(;|$)/)
-      @path = result[1]
-    end
-  end
-
-  def parse_value
-    if @cookie && result = @cookie.match(/=(.*?)(?:;|$)/)
-      @value = result[1]
-    end
-  end
-
-  def result
-    if @cookie
-      @cookie
-    else
-      @cookie_headers.join("; ")
-    end
-  end
-end