clearance 2.9.3 → 2.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/codeql.yml +39 -0
- data/.github/workflows/standardrb.yml +19 -0
- data/.github/workflows/tests.yml +4 -8
- data/Appraisals +1 -10
- data/CHANGELOG.md +26 -1
- data/CODEOWNERS +2 -0
- data/Gemfile +17 -14
- data/Gemfile.lock +139 -105
- data/README.md +1 -2
- data/Rakefile +1 -1
- data/app/controllers/clearance/passwords_controller.rb +6 -6
- data/app/mailers/clearance_mailer.rb +1 -1
- data/clearance.gemspec +38 -38
- data/config/routes.rb +7 -7
- data/gemfiles/rails_7.1.gemfile +3 -0
- data/gemfiles/rails_7.2.gemfile +3 -0
- data/gemfiles/rails_8.0.gemfile +5 -1
- data/lib/clearance/authentication.rb +4 -0
- data/lib/clearance/back_door.rb +3 -3
- data/lib/clearance/configuration.rb +6 -6
- data/lib/clearance/constraints.rb +2 -2
- data/lib/clearance/controller.rb +2 -2
- data/lib/clearance/default_sign_in_guard.rb +1 -1
- data/lib/clearance/password_strategies/bcrypt.rb +2 -2
- data/lib/clearance/session.rb +4 -6
- data/lib/clearance/sign_in_guard.rb +1 -1
- data/lib/clearance/testing/deny_access_matcher.rb +4 -4
- data/lib/clearance/token.rb +1 -1
- data/lib/clearance/user.rb +7 -7
- data/lib/clearance/version.rb +1 -1
- data/lib/clearance.rb +10 -10
- data/lib/generators/clearance/install/install_generator.rb +15 -15
- data/lib/generators/clearance/routes/routes_generator.rb +5 -5
- data/lib/generators/clearance/routes/templates/routes.rb +10 -10
- data/lib/generators/clearance/specs/specs_generator.rb +4 -4
- data/lib/generators/clearance/views/views_generator.rb +4 -4
- data/spec/acceptance/clearance_installation_spec.rb +3 -3
- data/spec/clearance/back_door_spec.rb +5 -5
- data/spec/clearance/constraints/signed_in_spec.rb +14 -14
- data/spec/clearance/constraints/signed_out_spec.rb +4 -4
- data/spec/clearance/default_sign_in_guard_spec.rb +6 -6
- data/spec/clearance/rack_session_spec.rb +9 -9
- data/spec/clearance/session_spec.rb +60 -62
- data/spec/clearance/sign_in_guard_spec.rb +7 -7
- data/spec/clearance/testing/controller_helpers_spec.rb +15 -14
- data/spec/clearance/testing/deny_access_matcher_spec.rb +1 -1
- data/spec/clearance/testing/view_helpers_spec.rb +2 -2
- data/spec/clearance/token_spec.rb +3 -3
- data/spec/configuration_spec.rb +8 -21
- data/spec/controllers/apis_controller_spec.rb +2 -2
- data/spec/controllers/forgeries_controller_spec.rb +12 -12
- data/spec/controllers/passwords_controller_spec.rb +31 -31
- data/spec/controllers/permissions_controller_spec.rb +13 -13
- data/spec/controllers/sessions_controller_spec.rb +7 -7
- data/spec/controllers/users_controller_spec.rb +5 -5
- data/spec/dummy/config/environments/test.rb +3 -3
- data/spec/factories/users.rb +3 -3
- data/spec/generators/clearance/install/install_generator_spec.rb +11 -11
- data/spec/generators/clearance/routes/routes_generator_spec.rb +1 -1
- data/spec/generators/clearance/specs/specs_generator_spec.rb +2 -2
- data/spec/generators/clearance/views/views_generator_spec.rb +2 -2
- data/spec/mailers/clearance_mailer_spec.rb +3 -2
- data/spec/models/user_spec.rb +2 -2
- data/spec/password_strategies/argon2_spec.rb +3 -3
- data/spec/password_strategies/bcrypt_spec.rb +4 -4
- data/spec/password_strategies/password_strategies_spec.rb +1 -1
- data/spec/requests/authentication_cookie_spec.rb +3 -3
- data/spec/requests/backdoor_spec.rb +1 -1
- data/spec/requests/cookie_options_spec.rb +2 -2
- data/spec/requests/csrf_rotation_spec.rb +1 -1
- data/spec/requests/password_maintenance_spec.rb +1 -1
- data/spec/requests/token_expiration_spec.rb +2 -2
- data/spec/routing/clearance_routes_spec.rb +36 -36
- data/spec/support/clearance.rb +1 -1
- data/spec/support/fake_model_without_password_strategy.rb +5 -2
- data/spec/support/generator_spec_helpers.rb +2 -2
- data/spec/support/request_with_remember_token.rb +1 -1
- metadata +5 -5
- data/gemfiles/rails_7.0.gemfile +0 -24
- data/spec/support/html_escape_helper.rb +0 -13
|
@@ -67,10 +67,10 @@ describe "Clearance Installation" do
|
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
def successfully(command, silent = true)
|
|
70
|
-
if silent
|
|
71
|
-
|
|
70
|
+
silencer = if silent
|
|
71
|
+
"1>/dev/null"
|
|
72
72
|
else
|
|
73
|
-
|
|
73
|
+
""
|
|
74
74
|
end
|
|
75
75
|
|
|
76
76
|
return_value = system("#{command} #{silencer}")
|
|
@@ -40,8 +40,8 @@ describe Clearance::BackDoor do
|
|
|
40
40
|
|
|
41
41
|
it "can't be used outside the allowed environments" do
|
|
42
42
|
with_environment("production") do
|
|
43
|
-
expect { Clearance::BackDoor.new(mock_app) }
|
|
44
|
-
to raise_exception "Can't use auth backdoor outside of configured \
|
|
43
|
+
expect { Clearance::BackDoor.new(mock_app) }
|
|
44
|
+
.to raise_exception "Can't use auth backdoor outside of configured \
|
|
45
45
|
environments (test, ci, development).".squish
|
|
46
46
|
end
|
|
47
47
|
end
|
|
@@ -65,15 +65,15 @@ describe Clearance::BackDoor do
|
|
|
65
65
|
|
|
66
66
|
it "raises an error for a default allowed env" do
|
|
67
67
|
with_environment("test") do
|
|
68
|
-
expect { Clearance::BackDoor.new(mock_app) }
|
|
69
|
-
to raise_exception "BackDoor auth is disabled."
|
|
68
|
+
expect { Clearance::BackDoor.new(mock_app) }
|
|
69
|
+
.to raise_exception "BackDoor auth is disabled."
|
|
70
70
|
end
|
|
71
71
|
end
|
|
72
72
|
end
|
|
73
73
|
|
|
74
74
|
context "when the environments are not defaults" do
|
|
75
75
|
before do
|
|
76
|
-
Clearance.configuration.allowed_backdoor_environments = [
|
|
76
|
+
Clearance.configuration.allowed_backdoor_environments = ["demo"]
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
it "can be used with configured allowed environments" do
|
|
@@ -1,55 +1,55 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
describe Clearance::Constraints::SignedIn do
|
|
4
|
-
it
|
|
4
|
+
it "returns true when user is signed in" do
|
|
5
5
|
user = create(:user)
|
|
6
6
|
constraint = Clearance::Constraints::SignedIn.new
|
|
7
7
|
request = request_with_remember_token(user.remember_token)
|
|
8
8
|
expect(constraint.matches?(request)).to eq true
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
it
|
|
11
|
+
it "returns false when user is not signed in" do
|
|
12
12
|
constraint = Clearance::Constraints::SignedIn.new
|
|
13
13
|
request = request_without_remember_token
|
|
14
14
|
expect(constraint.matches?(request)).to eq false
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
it
|
|
17
|
+
it "returns false when clearance session data is not present" do
|
|
18
18
|
constraint = Clearance::Constraints::SignedIn.new
|
|
19
19
|
request = Rack::Request.new({})
|
|
20
20
|
expect(constraint.matches?(request)).to eq false
|
|
21
21
|
end
|
|
22
22
|
|
|
23
|
-
it
|
|
24
|
-
user = create(:user, email:
|
|
23
|
+
it "yields a signed-in user to a provided block" do
|
|
24
|
+
user = create(:user, email: "before@example.com")
|
|
25
25
|
|
|
26
26
|
constraint = Clearance::Constraints::SignedIn.new do |signed_in_user|
|
|
27
|
-
signed_in_user.update_attribute :email,
|
|
27
|
+
signed_in_user.update_attribute :email, "after@example.com"
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
constraint.matches?(request_with_remember_token(user.remember_token))
|
|
31
|
-
expect(user.reload.email).to eq
|
|
31
|
+
expect(user.reload.email).to eq "after@example.com"
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
-
it
|
|
35
|
-
user = create(:user, email:
|
|
34
|
+
it "does not yield a user if they are not signed in" do
|
|
35
|
+
user = create(:user, email: "before@example.com")
|
|
36
36
|
|
|
37
37
|
constraint = Clearance::Constraints::SignedIn.new do |signed_in_user|
|
|
38
|
-
signed_in_user.update_attribute :email,
|
|
38
|
+
signed_in_user.update_attribute :email, "after@example.com"
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
constraint.matches?(request_without_remember_token)
|
|
42
|
-
expect(user.reload.email).to eq
|
|
42
|
+
expect(user.reload.email).to eq "before@example.com"
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
-
it
|
|
45
|
+
it "matches if the user-provided block returns true" do
|
|
46
46
|
user = create(:user)
|
|
47
47
|
constraint = Clearance::Constraints::SignedIn.new { true }
|
|
48
48
|
request = request_with_remember_token(user.remember_token)
|
|
49
49
|
expect(constraint.matches?(request)).to eq true
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
it
|
|
52
|
+
it "does not match if the user-provided block returns false" do
|
|
53
53
|
user = create(:user)
|
|
54
54
|
constraint = Clearance::Constraints::SignedIn.new { false }
|
|
55
55
|
request = request_with_remember_token(user.remember_token)
|
|
@@ -1,20 +1,20 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
describe Clearance::Constraints::SignedOut do
|
|
4
|
-
it
|
|
4
|
+
it "returns true when user is signed out" do
|
|
5
5
|
constraint = Clearance::Constraints::SignedOut.new
|
|
6
6
|
request = request_without_remember_token
|
|
7
7
|
expect(constraint.matches?(request)).to eq true
|
|
8
8
|
end
|
|
9
9
|
|
|
10
|
-
it
|
|
10
|
+
it "returns false when user is not signed out" do
|
|
11
11
|
user = create(:user)
|
|
12
12
|
constraint = Clearance::Constraints::SignedOut.new
|
|
13
13
|
request = request_with_remember_token(user.remember_token)
|
|
14
14
|
expect(constraint.matches?(request)).to eq false
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
it
|
|
17
|
+
it "returns true when clearance info is missing from request" do
|
|
18
18
|
constraint = Clearance::Constraints::SignedOut.new
|
|
19
19
|
request = Rack::Request.new({})
|
|
20
20
|
expect(constraint.matches?(request)).to eq true
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
describe Clearance::DefaultSignInGuard do
|
|
4
|
-
context
|
|
5
|
-
it
|
|
4
|
+
context "session is signed in" do
|
|
5
|
+
it "returns success" do
|
|
6
6
|
session = double("Session", signed_in?: true)
|
|
7
7
|
guard = Clearance::DefaultSignInGuard.new(session)
|
|
8
8
|
|
|
@@ -10,8 +10,8 @@ describe Clearance::DefaultSignInGuard do
|
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
context
|
|
14
|
-
it
|
|
13
|
+
context "session is not signed in" do
|
|
14
|
+
it "returns failure" do
|
|
15
15
|
session = double("Session", signed_in?: false)
|
|
16
16
|
guard = Clearance::DefaultSignInGuard.new(session)
|
|
17
17
|
|
|
@@ -23,6 +23,6 @@ describe Clearance::DefaultSignInGuard do
|
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def default_failure_message
|
|
26
|
-
I18n.t(
|
|
26
|
+
I18n.t("flashes.failure_after_create").html_safe
|
|
27
27
|
end
|
|
28
28
|
end
|
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
describe Clearance::RackSession do
|
|
4
|
-
it
|
|
5
|
-
headers = {
|
|
4
|
+
it "injects a clearance session into the environment" do
|
|
5
|
+
headers = {"X-Roaring-Lobster" => "Red"}
|
|
6
6
|
app = Rack::Builder.new do
|
|
7
7
|
use Clearance::RackSession
|
|
8
8
|
run lambda { |env| Rack::Response.new(env[:clearance], 200, headers).finish }
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
env = Rack::MockRequest.env_for(
|
|
11
|
+
env = Rack::MockRequest.env_for("/")
|
|
12
12
|
expected_session = "the session"
|
|
13
13
|
allow(expected_session).to receive(:add_cookie_to_headers)
|
|
14
|
-
allow(expected_session).to receive(:authentication_successful?)
|
|
15
|
-
and_return(true)
|
|
16
|
-
allow(Clearance::Session).to receive(:new)
|
|
17
|
-
with(env)
|
|
18
|
-
and_return(expected_session)
|
|
14
|
+
allow(expected_session).to receive(:authentication_successful?)
|
|
15
|
+
.and_return(true)
|
|
16
|
+
allow(Clearance::Session).to receive(:new)
|
|
17
|
+
.with(env)
|
|
18
|
+
.and_return(expected_session)
|
|
19
19
|
|
|
20
20
|
response = Rack::MockResponse.new(*app.call(env))
|
|
21
21
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
describe Clearance::Session do
|
|
4
4
|
before { freeze_time }
|
|
@@ -7,7 +7,7 @@ describe Clearance::Session do
|
|
|
7
7
|
let(:session) { Clearance::Session.new(env_without_remember_token) }
|
|
8
8
|
let(:user) { create(:user) }
|
|
9
9
|
|
|
10
|
-
it
|
|
10
|
+
it "finds a user from a cookie" do
|
|
11
11
|
user = create(:user)
|
|
12
12
|
env = env_with_remember_token(user.remember_token)
|
|
13
13
|
session = Clearance::Session.new(env)
|
|
@@ -16,15 +16,15 @@ describe Clearance::Session do
|
|
|
16
16
|
expect(session.current_user).to eq user
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
it
|
|
20
|
-
env = env_with_remember_token(
|
|
19
|
+
it "returns nil for an unknown user" do
|
|
20
|
+
env = env_with_remember_token("bogus")
|
|
21
21
|
session = Clearance::Session.new(env)
|
|
22
22
|
|
|
23
23
|
expect(session).to be_signed_out
|
|
24
24
|
expect(session.current_user).to be_nil
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
-
it
|
|
27
|
+
it "returns nil without a remember token" do
|
|
28
28
|
expect(session).to be_signed_out
|
|
29
29
|
expect(session.current_user).to be_nil
|
|
30
30
|
end
|
|
@@ -71,7 +71,7 @@ describe Clearance::Session do
|
|
|
71
71
|
|
|
72
72
|
context "signed cookie exists" do
|
|
73
73
|
it "uses cookies.signed[remember_token]" do
|
|
74
|
-
cookie_jar = {
|
|
74
|
+
cookie_jar = {"remember_token" => "signed cookie"}
|
|
75
75
|
expect(session).to receive(:cookies).and_return(cookie_jar)
|
|
76
76
|
expect(cookie_jar).to receive(:signed).and_return(cookie_jar)
|
|
77
77
|
|
|
@@ -81,7 +81,7 @@ describe Clearance::Session do
|
|
|
81
81
|
|
|
82
82
|
context "signed cookie does not exist yet" do
|
|
83
83
|
it "uses cookies[remember_token] instead" do
|
|
84
|
-
cookie_jar = {
|
|
84
|
+
cookie_jar = {"remember_token" => "signed cookie"}
|
|
85
85
|
# first call will try to get the signed cookie
|
|
86
86
|
expect(session).to receive(:cookies).and_return(cookie_jar)
|
|
87
87
|
# ... but signed_cookie doesn't exist
|
|
@@ -94,8 +94,8 @@ describe Clearance::Session do
|
|
|
94
94
|
end
|
|
95
95
|
end
|
|
96
96
|
|
|
97
|
-
describe
|
|
98
|
-
it
|
|
97
|
+
describe "#sign_in" do
|
|
98
|
+
it "sets current_user" do
|
|
99
99
|
user = build(:user)
|
|
100
100
|
|
|
101
101
|
session.sign_in user
|
|
@@ -103,8 +103,8 @@ describe Clearance::Session do
|
|
|
103
103
|
expect(session.current_user).to eq user
|
|
104
104
|
end
|
|
105
105
|
|
|
106
|
-
context
|
|
107
|
-
it
|
|
106
|
+
context "with a block" do
|
|
107
|
+
it "passes the success status to the block when sign in succeeds" do
|
|
108
108
|
success_status = stub_status(Clearance::SuccessStatus, true)
|
|
109
109
|
success_lambda = stub_callable
|
|
110
110
|
|
|
@@ -113,7 +113,7 @@ describe Clearance::Session do
|
|
|
113
113
|
expect(success_lambda).to have_been_called.with(success_status)
|
|
114
114
|
end
|
|
115
115
|
|
|
116
|
-
it
|
|
116
|
+
it "passes the failure status to the block when sign in fails" do
|
|
117
117
|
failure_status = stub_status(Clearance::FailureStatus, false)
|
|
118
118
|
failure_lambda = stub_callable
|
|
119
119
|
|
|
@@ -135,17 +135,16 @@ describe Clearance::Session do
|
|
|
135
135
|
end
|
|
136
136
|
end
|
|
137
137
|
|
|
138
|
-
context
|
|
139
|
-
it
|
|
138
|
+
context "with nil argument" do
|
|
139
|
+
it "assigns current_user" do
|
|
140
140
|
session.sign_in nil
|
|
141
141
|
|
|
142
142
|
expect(session.current_user).to be_nil
|
|
143
143
|
end
|
|
144
144
|
end
|
|
145
145
|
|
|
146
|
-
context
|
|
147
|
-
|
|
148
|
-
it 'runs the first guard' do
|
|
146
|
+
context "with a sign in stack" do
|
|
147
|
+
it "runs the first guard" do
|
|
149
148
|
guard = stub_sign_in_guard(succeed: true)
|
|
150
149
|
user = build(:user)
|
|
151
150
|
|
|
@@ -154,13 +153,13 @@ describe Clearance::Session do
|
|
|
154
153
|
expect(guard).to have_received(:call)
|
|
155
154
|
end
|
|
156
155
|
|
|
157
|
-
it
|
|
156
|
+
it "will not sign in the user if the guard stack fails" do
|
|
158
157
|
stub_sign_in_guard(succeed: false)
|
|
159
158
|
user = build(:user)
|
|
160
159
|
|
|
161
160
|
session.sign_in user
|
|
162
161
|
|
|
163
|
-
expect(session.instance_variable_get(
|
|
162
|
+
expect(session.instance_variable_get(:@cookies)).to be_nil
|
|
164
163
|
expect(session.current_user).to be_nil
|
|
165
164
|
end
|
|
166
165
|
|
|
@@ -174,23 +173,23 @@ describe Clearance::Session do
|
|
|
174
173
|
|
|
175
174
|
def stub_default_sign_in_guard
|
|
176
175
|
double("default_sign_in_guard").tap do |sign_in_guard|
|
|
177
|
-
allow(Clearance::DefaultSignInGuard).to receive(:new)
|
|
178
|
-
with(session)
|
|
179
|
-
and_return(sign_in_guard)
|
|
176
|
+
allow(Clearance::DefaultSignInGuard).to receive(:new)
|
|
177
|
+
.with(session)
|
|
178
|
+
.and_return(sign_in_guard)
|
|
180
179
|
end
|
|
181
180
|
end
|
|
182
181
|
|
|
183
182
|
def stub_guard_class(guard)
|
|
184
183
|
double("guard_class").tap do |guard_class|
|
|
185
|
-
allow(guard_class).to receive(:to_s)
|
|
186
|
-
and_return(guard_class)
|
|
184
|
+
allow(guard_class).to receive(:to_s)
|
|
185
|
+
.and_return(guard_class)
|
|
187
186
|
|
|
188
|
-
allow(guard_class).to receive(:constantize)
|
|
189
|
-
and_return(guard_class)
|
|
187
|
+
allow(guard_class).to receive(:constantize)
|
|
188
|
+
.and_return(guard_class)
|
|
190
189
|
|
|
191
|
-
allow(guard_class).to receive(:new)
|
|
192
|
-
with(session, stub_default_sign_in_guard)
|
|
193
|
-
and_return(guard)
|
|
190
|
+
allow(guard_class).to receive(:new)
|
|
191
|
+
.with(session, stub_default_sign_in_guard)
|
|
192
|
+
.and_return(guard)
|
|
194
193
|
end
|
|
195
194
|
end
|
|
196
195
|
|
|
@@ -204,25 +203,25 @@ describe Clearance::Session do
|
|
|
204
203
|
end
|
|
205
204
|
end
|
|
206
205
|
|
|
207
|
-
context
|
|
206
|
+
context "if httponly is set" do
|
|
208
207
|
before do
|
|
209
208
|
session.sign_in(user)
|
|
210
209
|
end
|
|
211
210
|
|
|
212
|
-
it
|
|
211
|
+
it "sets a httponly cookie" do
|
|
213
212
|
session.add_cookie_to_headers
|
|
214
213
|
|
|
215
214
|
expect(remember_token_cookie(session)[:httponly]).to be_truthy
|
|
216
215
|
end
|
|
217
216
|
end
|
|
218
217
|
|
|
219
|
-
context
|
|
218
|
+
context "if httponly is not set" do
|
|
220
219
|
before do
|
|
221
220
|
Clearance.configuration.httponly = false
|
|
222
221
|
session.sign_in(user)
|
|
223
222
|
end
|
|
224
223
|
|
|
225
|
-
it
|
|
224
|
+
it "sets a standard cookie" do
|
|
226
225
|
session.add_cookie_to_headers
|
|
227
226
|
|
|
228
227
|
expect(remember_token_cookie(session)[:httponly]).to be_falsey
|
|
@@ -254,9 +253,9 @@ describe Clearance::Session do
|
|
|
254
253
|
end
|
|
255
254
|
end
|
|
256
255
|
|
|
257
|
-
describe
|
|
258
|
-
context
|
|
259
|
-
it
|
|
256
|
+
describe "remember token cookie expiration" do
|
|
257
|
+
context "default configuration" do
|
|
258
|
+
it "is set to 1 year from now" do
|
|
260
259
|
user = double("User", remember_token: "123abc")
|
|
261
260
|
session = Clearance::Session.new(env_without_remember_token)
|
|
262
261
|
session.sign_in user
|
|
@@ -266,15 +265,15 @@ describe Clearance::Session do
|
|
|
266
265
|
end
|
|
267
266
|
end
|
|
268
267
|
|
|
269
|
-
context
|
|
270
|
-
it
|
|
268
|
+
context "configured with lambda taking one argument" do
|
|
269
|
+
it "it can use other cookies to set the value of the expires token" do
|
|
271
270
|
remembered_expires = 12.hours.from_now
|
|
272
271
|
expires_at = ->(cookies) do
|
|
273
|
-
cookies[
|
|
272
|
+
cookies["remember_me"] ? remembered_expires : nil
|
|
274
273
|
end
|
|
275
274
|
with_custom_expiration expires_at do
|
|
276
275
|
user = double("User", remember_token: "123abc")
|
|
277
|
-
environment = env_with_cookies(remember_me:
|
|
276
|
+
environment = env_with_cookies(remember_me: "true")
|
|
278
277
|
session = Clearance::Session.new(environment)
|
|
279
278
|
session.sign_in user
|
|
280
279
|
session.add_cookie_to_headers
|
|
@@ -287,26 +286,26 @@ describe Clearance::Session do
|
|
|
287
286
|
end
|
|
288
287
|
end
|
|
289
288
|
|
|
290
|
-
describe
|
|
291
|
-
context
|
|
289
|
+
describe "secure cookie option" do
|
|
290
|
+
context "when not set" do
|
|
292
291
|
before do
|
|
293
292
|
session.sign_in(user)
|
|
294
293
|
end
|
|
295
294
|
|
|
296
|
-
it
|
|
295
|
+
it "sets a standard cookie" do
|
|
297
296
|
session.add_cookie_to_headers
|
|
298
297
|
|
|
299
298
|
expect(remember_token_cookie(session)[:secure]).to be_falsey
|
|
300
299
|
end
|
|
301
300
|
end
|
|
302
301
|
|
|
303
|
-
context
|
|
302
|
+
context "when set" do
|
|
304
303
|
before do
|
|
305
304
|
Clearance.configuration.secure_cookie = true
|
|
306
305
|
session.sign_in(user)
|
|
307
306
|
end
|
|
308
307
|
|
|
309
|
-
it
|
|
308
|
+
it "sets a secure cookie" do
|
|
310
309
|
session.add_cookie_to_headers
|
|
311
310
|
|
|
312
311
|
expect(remember_token_cookie(session)[:secure]).to be_truthy
|
|
@@ -342,10 +341,10 @@ describe Clearance::Session do
|
|
|
342
341
|
end
|
|
343
342
|
end
|
|
344
343
|
|
|
345
|
-
context
|
|
344
|
+
context "when not set" do
|
|
346
345
|
before { session.sign_in(user) }
|
|
347
346
|
|
|
348
|
-
it
|
|
347
|
+
it "sets a standard cookie" do
|
|
349
348
|
session.add_cookie_to_headers
|
|
350
349
|
|
|
351
350
|
expect(remember_token_cookie(session)[:domain]).to be_nil
|
|
@@ -353,24 +352,24 @@ describe Clearance::Session do
|
|
|
353
352
|
end
|
|
354
353
|
end
|
|
355
354
|
|
|
356
|
-
describe
|
|
357
|
-
context
|
|
355
|
+
describe "cookie path option" do
|
|
356
|
+
context "when not set" do
|
|
358
357
|
before { session.sign_in(user) }
|
|
359
358
|
|
|
360
|
-
it
|
|
359
|
+
it "sets a standard cookie" do
|
|
361
360
|
session.add_cookie_to_headers
|
|
362
361
|
|
|
363
362
|
expect(remember_token_cookie(session)[:domain]).to be_nil
|
|
364
363
|
end
|
|
365
364
|
end
|
|
366
365
|
|
|
367
|
-
context
|
|
366
|
+
context "when set" do
|
|
368
367
|
before do
|
|
369
|
-
Clearance.configuration.cookie_path =
|
|
368
|
+
Clearance.configuration.cookie_path = "/user"
|
|
370
369
|
session.sign_in(user)
|
|
371
370
|
end
|
|
372
371
|
|
|
373
|
-
it
|
|
372
|
+
it "sets a standard cookie" do
|
|
374
373
|
session.add_cookie_to_headers
|
|
375
374
|
|
|
376
375
|
expect(remember_token_cookie(session)[:path]).to eq("/user")
|
|
@@ -378,7 +377,7 @@ describe Clearance::Session do
|
|
|
378
377
|
end
|
|
379
378
|
end
|
|
380
379
|
|
|
381
|
-
it
|
|
380
|
+
it "does not set a remember token when signed out" do
|
|
382
381
|
session = Clearance::Session.new(env_without_remember_token)
|
|
383
382
|
session.add_cookie_to_headers
|
|
384
383
|
expect(remember_token_cookie(session)).to be_nil
|
|
@@ -411,7 +410,7 @@ describe Clearance::Session do
|
|
|
411
410
|
user = create(:user)
|
|
412
411
|
env = env_with_remember_token(
|
|
413
412
|
value: user.remember_token,
|
|
414
|
-
domain: domain
|
|
413
|
+
domain: domain
|
|
415
414
|
)
|
|
416
415
|
session = Clearance::Session.new(env)
|
|
417
416
|
cookie_jar = ActionDispatch::Request.new(env).cookie_jar
|
|
@@ -423,9 +422,9 @@ describe Clearance::Session do
|
|
|
423
422
|
end
|
|
424
423
|
end
|
|
425
424
|
|
|
426
|
-
context
|
|
427
|
-
it
|
|
428
|
-
domain =
|
|
425
|
+
context "with callable cookie domain" do
|
|
426
|
+
it "clears cookie" do
|
|
427
|
+
domain = ".example.com"
|
|
429
428
|
Clearance.configuration.cookie_domain = ->(_) { domain }
|
|
430
429
|
user = create(:user)
|
|
431
430
|
env = env_with_remember_token(
|
|
@@ -454,11 +453,11 @@ describe Clearance::Session do
|
|
|
454
453
|
end
|
|
455
454
|
|
|
456
455
|
def env_with_cookies(cookies)
|
|
457
|
-
Rack::MockRequest.env_for
|
|
456
|
+
Rack::MockRequest.env_for "/", "HTTP_COOKIE" => serialize_cookies(cookies)
|
|
458
457
|
end
|
|
459
458
|
|
|
460
459
|
def env_with_remember_token(token)
|
|
461
|
-
env_with_cookies
|
|
460
|
+
env_with_cookies "remember_token" => token
|
|
462
461
|
end
|
|
463
462
|
|
|
464
463
|
def env_without_remember_token
|
|
@@ -472,8 +471,7 @@ describe Clearance::Session do
|
|
|
472
471
|
Rack::Utils.set_cookie_header! header, key, value
|
|
473
472
|
end
|
|
474
473
|
|
|
475
|
-
|
|
476
|
-
cookie
|
|
474
|
+
header["set-cookie"] || header["Set-Cookie"]
|
|
477
475
|
end
|
|
478
476
|
|
|
479
477
|
def have_been_called
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
module Clearance
|
|
4
4
|
describe SignInGuard do
|
|
5
|
-
it
|
|
5
|
+
it "handles success" do
|
|
6
6
|
sign_in_guard = SignInGuard.new(double("session"))
|
|
7
7
|
status = double("status")
|
|
8
8
|
allow(SuccessStatus).to receive(:new).and_return(status)
|
|
@@ -10,18 +10,18 @@ module Clearance
|
|
|
10
10
|
expect(sign_in_guard.success).to eq(status)
|
|
11
11
|
end
|
|
12
12
|
|
|
13
|
-
it
|
|
13
|
+
it "handles failure" do
|
|
14
14
|
sign_in_guard = SignInGuard.new(double("session"))
|
|
15
15
|
status = double("status")
|
|
16
16
|
failure_message = "Failed"
|
|
17
|
-
allow(FailureStatus).to receive(:new)
|
|
18
|
-
with(failure_message)
|
|
19
|
-
and_return(status)
|
|
17
|
+
allow(FailureStatus).to receive(:new)
|
|
18
|
+
.with(failure_message)
|
|
19
|
+
.and_return(status)
|
|
20
20
|
|
|
21
21
|
expect(sign_in_guard.failure(failure_message)).to eq(status)
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
-
it
|
|
24
|
+
it "can proceed to the next guard" do
|
|
25
25
|
guards = double("guards", call: true)
|
|
26
26
|
sign_in_guard = SignInGuard.new(double("session"), guards)
|
|
27
27
|
sign_in_guard.next_guard
|
|
@@ -1,24 +1,25 @@
|
|
|
1
1
|
require "spec_helper"
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
end.new
|
|
13
|
-
end
|
|
3
|
+
class TestClass
|
|
4
|
+
include Clearance::Testing::ControllerHelpers
|
|
5
|
+
|
|
6
|
+
def initialize
|
|
7
|
+
@request = Class.new do
|
|
8
|
+
def env
|
|
9
|
+
{clearance: Clearance::Session.new({})}
|
|
10
|
+
end
|
|
11
|
+
end.new
|
|
14
12
|
end
|
|
13
|
+
end
|
|
15
14
|
|
|
15
|
+
MyUserModel = Class.new
|
|
16
|
+
|
|
17
|
+
describe Clearance::Testing::ControllerHelpers do
|
|
16
18
|
describe "#sign_in" do
|
|
17
19
|
it "creates an instance of the clearance user model with FactoryBot" do
|
|
18
|
-
MyUserModel = Class.new
|
|
19
20
|
allow(FactoryBot).to receive(:create)
|
|
20
|
-
allow(Clearance.configuration).to receive(:user_model)
|
|
21
|
-
and_return(MyUserModel)
|
|
21
|
+
allow(Clearance.configuration).to receive(:user_model)
|
|
22
|
+
.and_return(MyUserModel)
|
|
22
23
|
|
|
23
24
|
TestClass.new.sign_in
|
|
24
25
|
|
|
@@ -12,7 +12,7 @@ describe PretendFriendsController, type: :controller do
|
|
|
12
12
|
before do
|
|
13
13
|
Rails.application.routes.draw do
|
|
14
14
|
resources :pretend_friends, only: :index
|
|
15
|
-
get "/sign_in"
|
|
15
|
+
get "/sign_in" => "clearance/sessions#new", :as => "sign_in"
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
|
|
@@ -4,8 +4,8 @@ describe Clearance::Testing::ViewHelpers do
|
|
|
4
4
|
describe "#sign_in" do
|
|
5
5
|
it "sets the signed in user to a new user object" do
|
|
6
6
|
user_model = Class.new
|
|
7
|
-
allow(Clearance.configuration).to receive(:user_model)
|
|
8
|
-
and_return(user_model)
|
|
7
|
+
allow(Clearance.configuration).to receive(:user_model)
|
|
8
|
+
.and_return(user_model)
|
|
9
9
|
|
|
10
10
|
view = test_view_class.new
|
|
11
11
|
view.sign_in
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
describe Clearance::Token do
|
|
4
|
-
it
|
|
5
|
-
token =
|
|
4
|
+
it "is a random hex string" do
|
|
5
|
+
token = "my_token"
|
|
6
6
|
allow(SecureRandom).to receive(:hex).with(20).and_return(token)
|
|
7
7
|
|
|
8
8
|
expect(Clearance::Token.new).to eq token
|