clearance 2.9.3 → 2.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/codeql.yml +39 -0
- data/.github/workflows/standardrb.yml +19 -0
- data/.github/workflows/tests.yml +4 -8
- data/Appraisals +1 -10
- data/CHANGELOG.md +26 -1
- data/CODEOWNERS +2 -0
- data/Gemfile +17 -14
- data/Gemfile.lock +139 -105
- data/README.md +1 -2
- data/Rakefile +1 -1
- data/app/controllers/clearance/passwords_controller.rb +6 -6
- data/app/mailers/clearance_mailer.rb +1 -1
- data/clearance.gemspec +38 -38
- data/config/routes.rb +7 -7
- data/gemfiles/rails_7.1.gemfile +3 -0
- data/gemfiles/rails_7.2.gemfile +3 -0
- data/gemfiles/rails_8.0.gemfile +5 -1
- data/lib/clearance/authentication.rb +4 -0
- data/lib/clearance/back_door.rb +3 -3
- data/lib/clearance/configuration.rb +6 -6
- data/lib/clearance/constraints.rb +2 -2
- data/lib/clearance/controller.rb +2 -2
- data/lib/clearance/default_sign_in_guard.rb +1 -1
- data/lib/clearance/password_strategies/bcrypt.rb +2 -2
- data/lib/clearance/session.rb +4 -6
- data/lib/clearance/sign_in_guard.rb +1 -1
- data/lib/clearance/testing/deny_access_matcher.rb +4 -4
- data/lib/clearance/token.rb +1 -1
- data/lib/clearance/user.rb +7 -7
- data/lib/clearance/version.rb +1 -1
- data/lib/clearance.rb +10 -10
- data/lib/generators/clearance/install/install_generator.rb +15 -15
- data/lib/generators/clearance/routes/routes_generator.rb +5 -5
- data/lib/generators/clearance/routes/templates/routes.rb +10 -10
- data/lib/generators/clearance/specs/specs_generator.rb +4 -4
- data/lib/generators/clearance/views/views_generator.rb +4 -4
- data/spec/acceptance/clearance_installation_spec.rb +3 -3
- data/spec/clearance/back_door_spec.rb +5 -5
- data/spec/clearance/constraints/signed_in_spec.rb +14 -14
- data/spec/clearance/constraints/signed_out_spec.rb +4 -4
- data/spec/clearance/default_sign_in_guard_spec.rb +6 -6
- data/spec/clearance/rack_session_spec.rb +9 -9
- data/spec/clearance/session_spec.rb +60 -62
- data/spec/clearance/sign_in_guard_spec.rb +7 -7
- data/spec/clearance/testing/controller_helpers_spec.rb +15 -14
- data/spec/clearance/testing/deny_access_matcher_spec.rb +1 -1
- data/spec/clearance/testing/view_helpers_spec.rb +2 -2
- data/spec/clearance/token_spec.rb +3 -3
- data/spec/configuration_spec.rb +8 -21
- data/spec/controllers/apis_controller_spec.rb +2 -2
- data/spec/controllers/forgeries_controller_spec.rb +12 -12
- data/spec/controllers/passwords_controller_spec.rb +31 -31
- data/spec/controllers/permissions_controller_spec.rb +13 -13
- data/spec/controllers/sessions_controller_spec.rb +7 -7
- data/spec/controllers/users_controller_spec.rb +5 -5
- data/spec/dummy/config/environments/test.rb +3 -3
- data/spec/factories/users.rb +3 -3
- data/spec/generators/clearance/install/install_generator_spec.rb +11 -11
- data/spec/generators/clearance/routes/routes_generator_spec.rb +1 -1
- data/spec/generators/clearance/specs/specs_generator_spec.rb +2 -2
- data/spec/generators/clearance/views/views_generator_spec.rb +2 -2
- data/spec/mailers/clearance_mailer_spec.rb +3 -2
- data/spec/models/user_spec.rb +2 -2
- data/spec/password_strategies/argon2_spec.rb +3 -3
- data/spec/password_strategies/bcrypt_spec.rb +4 -4
- data/spec/password_strategies/password_strategies_spec.rb +1 -1
- data/spec/requests/authentication_cookie_spec.rb +3 -3
- data/spec/requests/backdoor_spec.rb +1 -1
- data/spec/requests/cookie_options_spec.rb +2 -2
- data/spec/requests/csrf_rotation_spec.rb +1 -1
- data/spec/requests/password_maintenance_spec.rb +1 -1
- data/spec/requests/token_expiration_spec.rb +2 -2
- data/spec/routing/clearance_routes_spec.rb +36 -36
- data/spec/support/clearance.rb +1 -1
- data/spec/support/fake_model_without_password_strategy.rb +5 -2
- data/spec/support/generator_spec_helpers.rb +2 -2
- data/spec/support/request_with_remember_token.rb +1 -1
- metadata +5 -5
- data/gemfiles/rails_7.0.gemfile +0 -24
- data/spec/support/html_escape_helper.rb +0 -13
data/spec/configuration_spec.rb
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
require "spec_helper"
|
|
2
2
|
|
|
3
|
+
MyController = Class.new
|
|
4
|
+
DummyGuard = Class.new
|
|
5
|
+
Account = Class.new(ActiveRecord::Base)
|
|
6
|
+
CustomUser = Class.new(ActiveRecord::Base)
|
|
7
|
+
ConfiguredUser = Class.new
|
|
8
|
+
MyUser = Class.new
|
|
9
|
+
|
|
3
10
|
describe Clearance::Configuration do
|
|
4
11
|
let(:config) { Clearance.configuration }
|
|
5
12
|
|
|
@@ -10,14 +17,6 @@ describe Clearance::Configuration do
|
|
|
10
17
|
end
|
|
11
18
|
|
|
12
19
|
context "when a custom user_model_name is specified" do
|
|
13
|
-
before(:each) do
|
|
14
|
-
MyUser = Class.new
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
after(:each) do
|
|
18
|
-
Object.send(:remove_const, :MyUser)
|
|
19
|
-
end
|
|
20
|
-
|
|
21
20
|
it "is used instead of User" do
|
|
22
21
|
Clearance.configure { |config| config.user_model = MyUser }
|
|
23
22
|
|
|
@@ -38,14 +37,6 @@ describe Clearance::Configuration do
|
|
|
38
37
|
end
|
|
39
38
|
|
|
40
39
|
context "when a custom parent_controller is specified" do
|
|
41
|
-
before(:each) do
|
|
42
|
-
MyController = Class.new
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
after(:each) do
|
|
46
|
-
Object.send(:remove_const, :MyController)
|
|
47
|
-
end
|
|
48
|
-
|
|
49
40
|
it "is used instead of ApplicationController" do
|
|
50
41
|
Clearance.configure { |config| config.parent_controller = MyController }
|
|
51
42
|
|
|
@@ -139,7 +130,6 @@ describe Clearance::Configuration do
|
|
|
139
130
|
|
|
140
131
|
context "when specifying sign in guards" do
|
|
141
132
|
it "returns the stack with added guards" do
|
|
142
|
-
DummyGuard = Class.new
|
|
143
133
|
Clearance.configure { |config| config.sign_in_guards = [DummyGuard] }
|
|
144
134
|
|
|
145
135
|
expect(Clearance.configuration.sign_in_guards).to eq [DummyGuard]
|
|
@@ -192,7 +182,7 @@ describe Clearance::Configuration do
|
|
|
192
182
|
expect(Clearance.configuration.allow_password_reset?).to eq true
|
|
193
183
|
end
|
|
194
184
|
end
|
|
195
|
-
end
|
|
185
|
+
end
|
|
196
186
|
|
|
197
187
|
describe "#user_actions" do
|
|
198
188
|
context "when allow_sign_up is configured to false" do
|
|
@@ -218,7 +208,6 @@ describe Clearance::Configuration do
|
|
|
218
208
|
end
|
|
219
209
|
|
|
220
210
|
it "returns the parameter key to use based on the user_model by default" do
|
|
221
|
-
Account = Class.new(ActiveRecord::Base)
|
|
222
211
|
Clearance.configure { |config| config.user_model = Account }
|
|
223
212
|
|
|
224
213
|
expect(Clearance.configuration.user_parameter).to eq :account
|
|
@@ -227,7 +216,6 @@ describe Clearance::Configuration do
|
|
|
227
216
|
|
|
228
217
|
describe "#user_id_parameter" do
|
|
229
218
|
it "returns the parameter key to use based on the user_model" do
|
|
230
|
-
CustomUser = Class.new(ActiveRecord::Base)
|
|
231
219
|
Clearance.configure { |config| config.user_model = CustomUser }
|
|
232
220
|
|
|
233
221
|
expect(Clearance.configuration.user_id_parameter).to eq :custom_user_id
|
|
@@ -247,7 +235,6 @@ describe Clearance::Configuration do
|
|
|
247
235
|
|
|
248
236
|
describe "#reload_user_model" do
|
|
249
237
|
it "returns the user model class if one has already been configured" do
|
|
250
|
-
ConfiguredUser = Class.new
|
|
251
238
|
Clearance.configure { |config| config.user_model = ConfiguredUser }
|
|
252
239
|
|
|
253
240
|
expect(Clearance.configuration.reload_user_model).to eq ConfiguredUser
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
class ApisController < ActionController::Base
|
|
4
4
|
include Clearance::Controller
|
|
@@ -21,7 +21,7 @@ describe ApisController do
|
|
|
21
21
|
Rails.application.reload_routes!
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
-
it
|
|
24
|
+
it "responds with HTTP status code 401 when denied" do
|
|
25
25
|
get :show, format: :js
|
|
26
26
|
expect(subject).to respond_with(:unauthorized)
|
|
27
27
|
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
class ForgeriesController < ActionController::Base
|
|
4
4
|
include Clearance::Controller
|
|
@@ -11,43 +11,43 @@ class ForgeriesController < ActionController::Base
|
|
|
11
11
|
self.allow_forgery_protection = true
|
|
12
12
|
|
|
13
13
|
def create
|
|
14
|
-
redirect_to action:
|
|
14
|
+
redirect_to action: "index"
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
describe ForgeriesController do
|
|
19
|
-
context
|
|
19
|
+
context "signed in user" do
|
|
20
20
|
before do
|
|
21
21
|
Rails.application.routes.draw do
|
|
22
22
|
resources :forgeries
|
|
23
|
-
get
|
|
23
|
+
get "/sign_in" => "clearance/sessions#new", :as => "sign_in"
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
@user = create(:user)
|
|
27
|
-
@user.update_attribute(:remember_token,
|
|
28
|
-
@request.cookies[
|
|
27
|
+
@user.update_attribute(:remember_token, "old-token")
|
|
28
|
+
@request.cookies["remember_token"] = "old-token"
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
after do
|
|
32
32
|
Rails.application.reload_routes!
|
|
33
33
|
end
|
|
34
34
|
|
|
35
|
-
it
|
|
35
|
+
it "succeeds with authentic token" do
|
|
36
36
|
token = controller.send(:form_authenticity_token)
|
|
37
37
|
post :create, params: {
|
|
38
|
-
authenticity_token: token
|
|
38
|
+
authenticity_token: token
|
|
39
39
|
}
|
|
40
|
-
expect(subject).to redirect_to(action:
|
|
40
|
+
expect(subject).to redirect_to(action: "index")
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
-
it
|
|
43
|
+
it "fails with invalid token" do
|
|
44
44
|
post :create, params: {
|
|
45
|
-
authenticity_token: "hax0r"
|
|
45
|
+
authenticity_token: "hax0r"
|
|
46
46
|
}
|
|
47
47
|
expect(subject).to deny_access
|
|
48
48
|
end
|
|
49
49
|
|
|
50
|
-
it
|
|
50
|
+
it "fails with no token" do
|
|
51
51
|
post :create
|
|
52
52
|
expect(subject).to deny_access
|
|
53
53
|
end
|
|
@@ -18,7 +18,7 @@ describe Clearance::PasswordsController do
|
|
|
18
18
|
user = create(:user)
|
|
19
19
|
|
|
20
20
|
post :create, params: {
|
|
21
|
-
password: {
|
|
21
|
+
password: {email: user.email.upcase}
|
|
22
22
|
}
|
|
23
23
|
|
|
24
24
|
expect(user.reload.confirmation_token).not_to be_nil
|
|
@@ -29,18 +29,18 @@ describe Clearance::PasswordsController do
|
|
|
29
29
|
user = create(:user)
|
|
30
30
|
|
|
31
31
|
post :create, params: {
|
|
32
|
-
password: {
|
|
32
|
+
password: {email: user.email}
|
|
33
33
|
}
|
|
34
34
|
|
|
35
35
|
email = ActionMailer::Base.deliveries.last
|
|
36
|
-
expect(email.subject).to match(
|
|
36
|
+
expect(email.subject).to match(I18n.t("passwords.edit.title"))
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
it "re-renders the page when turbo is enabled" do
|
|
40
40
|
user = create(:user)
|
|
41
41
|
|
|
42
42
|
post :create, params: {
|
|
43
|
-
password: {
|
|
43
|
+
password: {email: user.email.upcase}
|
|
44
44
|
}
|
|
45
45
|
|
|
46
46
|
expect(response).to have_http_status(:accepted)
|
|
@@ -50,16 +50,16 @@ describe Clearance::PasswordsController do
|
|
|
50
50
|
context "email param is missing" do
|
|
51
51
|
it "displays flash error on new page" do
|
|
52
52
|
post :create, params: {
|
|
53
|
-
password: {}
|
|
53
|
+
password: {}
|
|
54
54
|
}
|
|
55
55
|
|
|
56
|
-
expect(flash.now[:alert]).to match(
|
|
56
|
+
expect(flash.now[:alert]).to match(I18n.t("flashes.failure_when_missing_email"))
|
|
57
57
|
expect(response).to render_template(:new)
|
|
58
58
|
end
|
|
59
59
|
|
|
60
60
|
it "re-renders the page when turbo is enabled" do
|
|
61
61
|
post :create, params: {
|
|
62
|
-
password: {}
|
|
62
|
+
password: {}
|
|
63
63
|
}
|
|
64
64
|
|
|
65
65
|
expect(response).to have_http_status(:unprocessable_entity)
|
|
@@ -70,19 +70,19 @@ describe Clearance::PasswordsController do
|
|
|
70
70
|
it "displays flash error on new page" do
|
|
71
71
|
post :create, params: {
|
|
72
72
|
password: {
|
|
73
|
-
email: ""
|
|
74
|
-
}
|
|
73
|
+
email: ""
|
|
74
|
+
}
|
|
75
75
|
}
|
|
76
76
|
|
|
77
|
-
expect(flash.now[:alert]).to match(
|
|
77
|
+
expect(flash.now[:alert]).to match(I18n.t("flashes.failure_when_missing_email"))
|
|
78
78
|
expect(response).to render_template(:new)
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
it "re-renders the page when turbo is enabled" do
|
|
82
82
|
post :create, params: {
|
|
83
83
|
password: {
|
|
84
|
-
email: ""
|
|
85
|
-
}
|
|
84
|
+
email: ""
|
|
85
|
+
}
|
|
86
86
|
}
|
|
87
87
|
|
|
88
88
|
expect(response).to have_http_status(:unprocessable_entity)
|
|
@@ -95,7 +95,7 @@ describe Clearance::PasswordsController do
|
|
|
95
95
|
email = "this_user_does_not_exist@non_existent_domain.com"
|
|
96
96
|
|
|
97
97
|
post :create, params: {
|
|
98
|
-
password: {
|
|
98
|
+
password: {email: email}
|
|
99
99
|
}
|
|
100
100
|
|
|
101
101
|
expect(ActionMailer::Base.deliveries).to be_empty
|
|
@@ -105,7 +105,7 @@ describe Clearance::PasswordsController do
|
|
|
105
105
|
email = "this_user_does_not_exist@non_existent_domain.com"
|
|
106
106
|
|
|
107
107
|
post :create, params: {
|
|
108
|
-
password: {
|
|
108
|
+
password: {email: email}
|
|
109
109
|
}
|
|
110
110
|
|
|
111
111
|
expect(response).to be_successful
|
|
@@ -116,7 +116,7 @@ describe Clearance::PasswordsController do
|
|
|
116
116
|
email = "this_user_does_not_exist@non_existent_domain.com"
|
|
117
117
|
|
|
118
118
|
post :create, params: {
|
|
119
|
-
password: {
|
|
119
|
+
password: {email: email}
|
|
120
120
|
}
|
|
121
121
|
|
|
122
122
|
expect(response).to have_http_status(:accepted)
|
|
@@ -131,7 +131,7 @@ describe Clearance::PasswordsController do
|
|
|
131
131
|
|
|
132
132
|
get :edit, params: {
|
|
133
133
|
user_id: user,
|
|
134
|
-
token: user.confirmation_token
|
|
134
|
+
token: user.confirmation_token
|
|
135
135
|
}
|
|
136
136
|
|
|
137
137
|
expect(response).to be_redirect
|
|
@@ -147,7 +147,7 @@ describe Clearance::PasswordsController do
|
|
|
147
147
|
|
|
148
148
|
request.session[:password_reset_token] = user.confirmation_token
|
|
149
149
|
get :edit, params: {
|
|
150
|
-
user_id: user
|
|
150
|
+
user_id: user
|
|
151
151
|
}
|
|
152
152
|
|
|
153
153
|
expect(response).to be_successful
|
|
@@ -160,11 +160,11 @@ describe Clearance::PasswordsController do
|
|
|
160
160
|
it "renders the new password reset form with a flash alert" do
|
|
161
161
|
get :edit, params: {
|
|
162
162
|
user_id: 1,
|
|
163
|
-
token: ""
|
|
163
|
+
token: ""
|
|
164
164
|
}
|
|
165
165
|
|
|
166
166
|
expect(response).to render_template(:new)
|
|
167
|
-
expect(flash.now[:alert]).to match(
|
|
167
|
+
expect(flash.now[:alert]).to match(I18n.t("flashes.failure_when_forbidden"))
|
|
168
168
|
end
|
|
169
169
|
end
|
|
170
170
|
|
|
@@ -174,11 +174,11 @@ describe Clearance::PasswordsController do
|
|
|
174
174
|
|
|
175
175
|
get :edit, params: {
|
|
176
176
|
user_id: 1,
|
|
177
|
-
token: user.confirmation_token + "a"
|
|
177
|
+
token: user.confirmation_token + "a"
|
|
178
178
|
}
|
|
179
179
|
|
|
180
180
|
expect(response).to render_template(:new)
|
|
181
|
-
expect(flash.now[:alert]).to match(
|
|
181
|
+
expect(flash.now[:alert]).to match(I18n.t("flashes.failure_when_forbidden"))
|
|
182
182
|
end
|
|
183
183
|
end
|
|
184
184
|
|
|
@@ -190,7 +190,7 @@ describe Clearance::PasswordsController do
|
|
|
190
190
|
user.forgot_password!
|
|
191
191
|
get :edit, params: {
|
|
192
192
|
user_id: user.id,
|
|
193
|
-
token: user.reload.confirmation_token
|
|
193
|
+
token: user.reload.confirmation_token
|
|
194
194
|
}
|
|
195
195
|
|
|
196
196
|
expect(response).to redirect_to(edit_user_password_url(user))
|
|
@@ -207,7 +207,7 @@ describe Clearance::PasswordsController do
|
|
|
207
207
|
|
|
208
208
|
put :update, params: update_parameters(
|
|
209
209
|
user,
|
|
210
|
-
new_password: "my_new_password"
|
|
210
|
+
new_password: "my_new_password"
|
|
211
211
|
)
|
|
212
212
|
|
|
213
213
|
expect(user.reload.encrypted_password).not_to eq old_encrypted_password
|
|
@@ -219,7 +219,7 @@ describe Clearance::PasswordsController do
|
|
|
219
219
|
|
|
220
220
|
put :update, params: update_parameters(
|
|
221
221
|
user,
|
|
222
|
-
new_password: "my_new_password"
|
|
222
|
+
new_password: "my_new_password"
|
|
223
223
|
)
|
|
224
224
|
|
|
225
225
|
expect(current_user).to eq(user)
|
|
@@ -235,7 +235,7 @@ describe Clearance::PasswordsController do
|
|
|
235
235
|
|
|
236
236
|
put :update, params: update_parameters(
|
|
237
237
|
user,
|
|
238
|
-
new_password: "my_new_password"
|
|
238
|
+
new_password: "my_new_password"
|
|
239
239
|
)
|
|
240
240
|
|
|
241
241
|
expect(current_user).to be_nil
|
|
@@ -250,7 +250,7 @@ describe Clearance::PasswordsController do
|
|
|
250
250
|
|
|
251
251
|
put :update, params: update_parameters(
|
|
252
252
|
user,
|
|
253
|
-
new_password: ""
|
|
253
|
+
new_password: ""
|
|
254
254
|
)
|
|
255
255
|
|
|
256
256
|
user.reload
|
|
@@ -265,7 +265,7 @@ describe Clearance::PasswordsController do
|
|
|
265
265
|
put :update, params: {
|
|
266
266
|
user_id: user,
|
|
267
267
|
token: user.confirmation_token,
|
|
268
|
-
password_reset: {}
|
|
268
|
+
password_reset: {}
|
|
269
269
|
}
|
|
270
270
|
end.not_to raise_error
|
|
271
271
|
end
|
|
@@ -275,10 +275,10 @@ describe Clearance::PasswordsController do
|
|
|
275
275
|
|
|
276
276
|
put :update, params: update_parameters(
|
|
277
277
|
user,
|
|
278
|
-
new_password: ""
|
|
278
|
+
new_password: ""
|
|
279
279
|
)
|
|
280
280
|
|
|
281
|
-
expect(flash.now[:alert]).to match(
|
|
281
|
+
expect(flash.now[:alert]).to match(I18n.t("flashes.failure_after_update"))
|
|
282
282
|
expect(response).to have_http_status(:unprocessable_entity)
|
|
283
283
|
expect(response).to render_template(:edit)
|
|
284
284
|
end
|
|
@@ -288,7 +288,7 @@ describe Clearance::PasswordsController do
|
|
|
288
288
|
|
|
289
289
|
put :update, params: update_parameters(
|
|
290
290
|
user,
|
|
291
|
-
new_password: ""
|
|
291
|
+
new_password: ""
|
|
292
292
|
)
|
|
293
293
|
|
|
294
294
|
expect(current_user).to be_nil
|
|
@@ -302,7 +302,7 @@ describe Clearance::PasswordsController do
|
|
|
302
302
|
{
|
|
303
303
|
user_id: user,
|
|
304
304
|
token: user.confirmation_token,
|
|
305
|
-
password_reset: {
|
|
305
|
+
password_reset: {password: new_password}
|
|
306
306
|
}
|
|
307
307
|
end
|
|
308
308
|
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
require
|
|
1
|
+
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
class PermissionsController < ActionController::Base
|
|
4
4
|
include Clearance::Controller
|
|
@@ -18,7 +18,7 @@ describe PermissionsController do
|
|
|
18
18
|
before do
|
|
19
19
|
Rails.application.routes.draw do
|
|
20
20
|
resource :permission, only: [:new, :show]
|
|
21
|
-
get
|
|
21
|
+
get "/sign_in" => "clearance/sessions#new", :as => "sign_in"
|
|
22
22
|
end
|
|
23
23
|
end
|
|
24
24
|
|
|
@@ -26,30 +26,30 @@ describe PermissionsController do
|
|
|
26
26
|
Rails.application.reload_routes!
|
|
27
27
|
end
|
|
28
28
|
|
|
29
|
-
context
|
|
29
|
+
context "with signed in user" do
|
|
30
30
|
before { sign_in }
|
|
31
31
|
|
|
32
|
-
it
|
|
32
|
+
it "allows access to new" do
|
|
33
33
|
get :new
|
|
34
34
|
|
|
35
35
|
expect(subject).not_to deny_access
|
|
36
36
|
end
|
|
37
37
|
|
|
38
|
-
it
|
|
38
|
+
it "allows access to show" do
|
|
39
39
|
get :show
|
|
40
40
|
|
|
41
41
|
expect(subject).not_to deny_access
|
|
42
42
|
end
|
|
43
43
|
end
|
|
44
44
|
|
|
45
|
-
context
|
|
46
|
-
it
|
|
45
|
+
context "with visitor" do
|
|
46
|
+
it "allows access to new" do
|
|
47
47
|
get :new
|
|
48
48
|
|
|
49
49
|
expect(subject).not_to deny_access
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
it
|
|
52
|
+
it "denies access to show" do
|
|
53
53
|
get :show
|
|
54
54
|
|
|
55
55
|
expect(subject).to deny_access(redirect: sign_in_url)
|
|
@@ -58,15 +58,15 @@ describe PermissionsController do
|
|
|
58
58
|
it "denies access to show and display a flash message" do
|
|
59
59
|
get :show
|
|
60
60
|
|
|
61
|
-
expect(flash[:alert]).to match(
|
|
61
|
+
expect(flash[:alert]).to match(I18n.t("flashes.failure_when_not_signed_in"))
|
|
62
62
|
end
|
|
63
63
|
end
|
|
64
64
|
|
|
65
|
-
context
|
|
66
|
-
it
|
|
65
|
+
context "when remember_token is blank" do
|
|
66
|
+
it "denies acess to show" do
|
|
67
67
|
user = create(:user)
|
|
68
|
-
user.update(remember_token:
|
|
69
|
-
cookies[:remember_token] =
|
|
68
|
+
user.update(remember_token: "")
|
|
69
|
+
cookies[:remember_token] = ""
|
|
70
70
|
|
|
71
71
|
get :show
|
|
72
72
|
|
|
@@ -37,11 +37,11 @@ describe Clearance::SessionsController do
|
|
|
37
37
|
user = create(:user_with_optional_password)
|
|
38
38
|
|
|
39
39
|
post :create, params: {
|
|
40
|
-
session: {
|
|
40
|
+
session: {email: user.email, password: user.password}
|
|
41
41
|
}
|
|
42
42
|
|
|
43
43
|
expect(response).to render_template(:new)
|
|
44
|
-
expect(flash[:alert]).to match(
|
|
44
|
+
expect(flash[:alert]).to match(I18n.t("flashes.failure_after_create"))
|
|
45
45
|
end
|
|
46
46
|
end
|
|
47
47
|
|
|
@@ -50,7 +50,7 @@ describe Clearance::SessionsController do
|
|
|
50
50
|
@user = create(:user)
|
|
51
51
|
@user.update_attribute :remember_token, "old-token"
|
|
52
52
|
post :create, params: {
|
|
53
|
-
session: {
|
|
53
|
+
session: {email: @user.email, password: @user.password}
|
|
54
54
|
}
|
|
55
55
|
end
|
|
56
56
|
|
|
@@ -73,7 +73,7 @@ describe Clearance::SessionsController do
|
|
|
73
73
|
request.session[:return_to] = return_url
|
|
74
74
|
|
|
75
75
|
post :create, params: {
|
|
76
|
-
session: {
|
|
76
|
+
session: {email: user.email, password: user.password}
|
|
77
77
|
}
|
|
78
78
|
|
|
79
79
|
should redirect_to(url)
|
|
@@ -85,7 +85,7 @@ describe Clearance::SessionsController do
|
|
|
85
85
|
request.session[:return_to] = return_url
|
|
86
86
|
|
|
87
87
|
post :create, params: {
|
|
88
|
-
session: {
|
|
88
|
+
session: {email: user.email, password: user.password}
|
|
89
89
|
}
|
|
90
90
|
|
|
91
91
|
should redirect_to(return_url)
|
|
@@ -97,7 +97,7 @@ describe Clearance::SessionsController do
|
|
|
97
97
|
request.session[:return_to] = return_url
|
|
98
98
|
|
|
99
99
|
post :create, params: {
|
|
100
|
-
session: {
|
|
100
|
+
session: {email: user.email, password: user.password}
|
|
101
101
|
}
|
|
102
102
|
|
|
103
103
|
should redirect_to(return_url)
|
|
@@ -109,7 +109,7 @@ describe Clearance::SessionsController do
|
|
|
109
109
|
request.session[:return_to] = return_url
|
|
110
110
|
|
|
111
111
|
post :create, params: {
|
|
112
|
-
session: {
|
|
112
|
+
session: {email: user.email, password: user.password}
|
|
113
113
|
}
|
|
114
114
|
|
|
115
115
|
should redirect_to(return_url)
|
|
@@ -14,7 +14,7 @@ describe Clearance::UsersController do
|
|
|
14
14
|
|
|
15
15
|
it "defaults email field to the value provided in the query string" do
|
|
16
16
|
get :new, params: {
|
|
17
|
-
user: {
|
|
17
|
+
user: {email: "a@example.com"}
|
|
18
18
|
}
|
|
19
19
|
|
|
20
20
|
expect(assigns(:user).email).to eq "a@example.com"
|
|
@@ -42,7 +42,7 @@ describe Clearance::UsersController do
|
|
|
42
42
|
old_user_count = User.count
|
|
43
43
|
|
|
44
44
|
post :create, params: {
|
|
45
|
-
user: user_attributes
|
|
45
|
+
user: user_attributes
|
|
46
46
|
}
|
|
47
47
|
|
|
48
48
|
expect(assigns(:user)).to be_present
|
|
@@ -59,7 +59,7 @@ describe Clearance::UsersController do
|
|
|
59
59
|
@request.session[:return_to] = return_url
|
|
60
60
|
|
|
61
61
|
post :create, params: {
|
|
62
|
-
user: user_attributes
|
|
62
|
+
user: user_attributes
|
|
63
63
|
}
|
|
64
64
|
|
|
65
65
|
expect(assigns(:user)).to be_present
|
|
@@ -74,7 +74,7 @@ describe Clearance::UsersController do
|
|
|
74
74
|
old_user_count = User.count
|
|
75
75
|
|
|
76
76
|
post :create, params: {
|
|
77
|
-
user: user_attributes
|
|
77
|
+
user: user_attributes
|
|
78
78
|
}
|
|
79
79
|
|
|
80
80
|
expect(User.count).to eq old_user_count
|
|
@@ -88,7 +88,7 @@ describe Clearance::UsersController do
|
|
|
88
88
|
sign_in
|
|
89
89
|
|
|
90
90
|
post :create, params: {
|
|
91
|
-
user: {}
|
|
91
|
+
user: {}
|
|
92
92
|
}
|
|
93
93
|
|
|
94
94
|
expect(response).to redirect_to(Clearance.configuration.redirect_url)
|
|
@@ -5,7 +5,7 @@ Rails.application.configure do
|
|
|
5
5
|
|
|
6
6
|
config.eager_load = ENV["CI"].present?
|
|
7
7
|
|
|
8
|
-
config.public_file_server.headers = {
|
|
8
|
+
config.public_file_server.headers = {"Cache-Control" => "public, max-age=#{1.hour.to_i}"}
|
|
9
9
|
|
|
10
10
|
# Show full error reports and disable caching.
|
|
11
11
|
config.consider_all_requests_local = true
|
|
@@ -19,13 +19,13 @@ Rails.application.configure do
|
|
|
19
19
|
config.action_mailer.perform_caching = false
|
|
20
20
|
config.action_mailer.delivery_method = :test
|
|
21
21
|
|
|
22
|
-
config.action_mailer.default_url_options = {
|
|
22
|
+
config.action_mailer.default_url_options = {host: "www.example.com"}
|
|
23
23
|
|
|
24
24
|
config.active_support.deprecation = :stderr
|
|
25
25
|
config.active_support.disallowed_deprecation = :raise
|
|
26
26
|
config.active_support.disallowed_deprecation_warnings = []
|
|
27
27
|
|
|
28
|
-
config.factory_bot.definition_file_paths = [File.expand_path(
|
|
28
|
+
config.factory_bot.definition_file_paths = [File.expand_path("../../../factories", __dir__)]
|
|
29
29
|
|
|
30
30
|
config.middleware.use Clearance::BackDoor
|
|
31
31
|
end
|
data/spec/factories/users.rb
CHANGED
|
@@ -5,15 +5,15 @@ FactoryBot.define do
|
|
|
5
5
|
|
|
6
6
|
factory :user do
|
|
7
7
|
email
|
|
8
|
-
password {
|
|
8
|
+
password { "password" }
|
|
9
9
|
|
|
10
10
|
trait :with_forgotten_password do
|
|
11
11
|
confirmation_token { Clearance::Token.new }
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
factory :user_with_optional_password, class:
|
|
14
|
+
factory :user_with_optional_password, class: "UserWithOptionalPassword" do
|
|
15
15
|
password { nil }
|
|
16
|
-
encrypted_password {
|
|
16
|
+
encrypted_password { "" }
|
|
17
17
|
end
|
|
18
18
|
end
|
|
19
19
|
end
|
|
@@ -117,13 +117,13 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
|
117
117
|
existing_columns = [Struct::Named.new("remember_token")]
|
|
118
118
|
existing_indexes = [Struct::Named.new("index_users_on_remember_token")]
|
|
119
119
|
|
|
120
|
-
allow(ActiveRecord::Base.connection).to receive(:columns)
|
|
121
|
-
with(:users)
|
|
122
|
-
and_return(existing_columns)
|
|
120
|
+
allow(ActiveRecord::Base.connection).to receive(:columns)
|
|
121
|
+
.with(:users)
|
|
122
|
+
.and_return(existing_columns)
|
|
123
123
|
|
|
124
|
-
allow(ActiveRecord::Base.connection).to receive(:indexes)
|
|
125
|
-
with(:users)
|
|
126
|
-
and_return(existing_indexes)
|
|
124
|
+
allow(ActiveRecord::Base.connection).to receive(:indexes)
|
|
125
|
+
.with(:users)
|
|
126
|
+
.and_return(existing_indexes)
|
|
127
127
|
|
|
128
128
|
run_generator
|
|
129
129
|
migration = migration_file("db/migrate/add_clearance_to_users.rb")
|
|
@@ -136,10 +136,10 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
|
136
136
|
expect(migration).not_to contain("t.string :remember_token")
|
|
137
137
|
expect(migration).not_to contain("add_index :users, :remember_token")
|
|
138
138
|
expect(migration).to(
|
|
139
|
-
contain("add_index :users, :confirmation_token, unique: true")
|
|
139
|
+
contain("add_index :users, :confirmation_token, unique: true")
|
|
140
140
|
)
|
|
141
141
|
expect(migration).to(
|
|
142
|
-
contain("remove_index :users, :confirmation_token, unique: true")
|
|
142
|
+
contain("remove_index :users, :confirmation_token, unique: true")
|
|
143
143
|
)
|
|
144
144
|
end
|
|
145
145
|
end
|
|
@@ -147,9 +147,9 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
|
147
147
|
|
|
148
148
|
def table_does_not_exist(name)
|
|
149
149
|
connection = ActiveRecord::Base.connection
|
|
150
|
-
allow(connection).to receive(:data_source_exists?)
|
|
151
|
-
with(name)
|
|
152
|
-
and_return(false)
|
|
150
|
+
allow(connection).to receive(:data_source_exists?)
|
|
151
|
+
.with(name)
|
|
152
|
+
.and_return(false)
|
|
153
153
|
end
|
|
154
154
|
|
|
155
155
|
def preserve_original_primary_key_type_setting
|
|
@@ -15,7 +15,7 @@ describe Clearance::Generators::RoutesGenerator, :generator do
|
|
|
15
15
|
expect(initializer).to contain("config.routes = false")
|
|
16
16
|
expect(routes).to have_correct_syntax
|
|
17
17
|
expect(routes).to contain(
|
|
18
|
-
'get "/sign_in" => "clearance/sessions#new", as
|
|
18
|
+
'get "/sign_in" => "clearance/sessions#new", :as => "sign_in"'
|
|
19
19
|
)
|
|
20
20
|
end
|
|
21
21
|
end
|
|
@@ -5,7 +5,7 @@ describe Clearance::Generators::SpecsGenerator, :generator do
|
|
|
5
5
|
it "copies specs to host app" do
|
|
6
6
|
run_generator
|
|
7
7
|
|
|
8
|
-
specs = %w
|
|
8
|
+
specs = %w[
|
|
9
9
|
factories/clearance
|
|
10
10
|
features/clearance/user_signs_out_spec
|
|
11
11
|
features/clearance/visitor_resets_password_spec
|
|
@@ -14,7 +14,7 @@ describe Clearance::Generators::SpecsGenerator, :generator do
|
|
|
14
14
|
features/clearance/visitor_updates_password_spec
|
|
15
15
|
support/clearance
|
|
16
16
|
support/features/clearance_helpers
|
|
17
|
-
|
|
17
|
+
]
|
|
18
18
|
|
|
19
19
|
spec_files = specs.map { |spec| file("spec/#{spec}.rb") }
|
|
20
20
|
|