clearance 0.10.0 → 0.10.1

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+0.10.1
+------------------
+
+* replaced ActionController::Forbidden with a user-friendly flash message.
+* improved language of Cucumber steps by allowing a little more flexibility.
+
 0.10.0
 ------------------
 

data/README.md

@@ -5,6 +5,10 @@ Rails authentication with email & password.
 
 [We have clearance, Clarence.](http://www.youtube.com/watch?v=fVq4_HhBK8Y)
 
+Clearance was extracted out of [Hoptoad](http://hoptoadapp.com). We merged the
+authentication code from two of thoughtbot's client Rails apps and have since
+used it each time we needed authentication.
+
 Help
 ----
 
@@ -118,11 +122,18 @@ Check out some of the ways people have extended Clearance:
 * [Clearance Twitter](https://github.com/thoughtbot/clearance-twitter)
 * [Clearance Admin](https://github.com/xenda/clearance-admin)
 
-Authors
+Credits
 -------
 
-Clearance was extracted out of [Hoptoad](http://hoptoadapp.com). We merged the
-authentication code from two of thoughtbot's client Rails apps and have since
-used it each time we needed authentication.
+![thoughtbot](http://thoughtbot.com/images/tm/logo.png)
+
+Clearance is maintained and funded by [thoughtbot, inc](http://thoughtbot.com/community)
 
 Thank you to all [the contributors](https://github.com/thoughtbot/clearance/contributors)!
+
+The names and logos for thoughtbot are trademarks of thoughtbot, inc.
+
+License
+-------
+
+Clearance is Copyright © 2009-2011 thoughtbot. It is free software, and may be redistributed under the terms specified in the LICENSE file.

data/VERSION

@@ -1 +1 @@
-0.10.0
+0.10.1

data/app/controllers/clearance/passwords_controller.rb

@@ -45,17 +45,25 @@ class Clearance::PasswordsController < ApplicationController
 
   def forbid_missing_token
     if params[:token].blank?
-      raise ActionController::Forbidden, "missing token"
+      flash_failure_when_forbidden
+      render :template => 'passwords/new'
     end
   end
 
   def forbid_non_existent_user
     unless ::User.find_by_id_and_confirmation_token(
                   params[:user_id], params[:token])
-      raise ActionController::Forbidden, "non-existent user"
+      flash_failure_when_forbidden
+      render :template => 'passwords/new'
     end
   end
 
+  def flash_failure_when_forbidden
+    flash.now[:failure] = translate(:forbidden,
+      :scope   => [:clearance, :controllers, :passwords],
+      :default => "Please double check the URL or try submitting the form again.")
+  end
+
   def flash_notice_after_create
     flash[:notice] = translate(:deliver_change_password,
       :scope   => [:clearance, :controllers, :passwords],
@@ -69,14 +77,14 @@ class Clearance::PasswordsController < ApplicationController
       :default => "Unknown email.")
   end
 
-  def url_after_create
-    sign_in_url
-  end
-
   def flash_success_after_update
     flash[:success] = translate(:signed_in, :default => "Signed in.")
   end
 
+  def url_after_create
+    sign_in_url
+  end
+
   def url_after_update
     '/'
   end

data/lib/clearance.rb

@@ -1,6 +1,3 @@
-require 'clearance/extensions/errors'
-require 'clearance/extensions/rescue'
-
 require 'clearance/configuration'
 require 'clearance/authentication'
 require 'clearance/user'

data/lib/clearance/shoulda_macros.rb

@@ -1,44 +1,7 @@
 module Clearance
   module Shoulda
-
     # STATE OF AUTHENTICATION
 
-    def should_be_signed_in_as(&block)
-      warn "[DEPRECATION] should_be_signed_in_as cannot be used in functional tests anymore now that it depends on cookies, which are unavailable until the next request."
-      should "be signed in as #{block.bind(self).call}" do
-        user = block.bind(self).call
-        assert_not_nil user,
-          "please pass a User. try: should_be_signed_in_as { @user }"
-        assert_equal user, @controller.send(:current_user),
-          "#{user.inspect} is not the current_user, " <<
-          "which is #{@controller.send(:current_user).inspect}"
-      end
-    end
-
-    def should_be_signed_in_and_email_confirmed_as(&block)
-      warn "[DEPRECATION] should_be_signed_in_and_email_confirmed_as: email confirmation is gone"
-      should_be_signed_in_as &block
-    end
-
-    def should_not_be_signed_in
-      warn "[DEPRECATION] should_not_be_signed_in is no longer a valid test since we now store a remember_token in cookies, not user_id in session"
-      should "not be signed in" do
-        assert_nil session[:user_id]
-      end
-    end
-
-    def should_deny_access_on(http_method, action, opts = {})
-      warn "[DEPRECATION] should_deny_access_on: use a setup & should_deny_access(:flash => ?)"
-      flash_message = opts.delete(:flash)
-      context "on #{http_method} to #{action}" do
-        setup do
-          send(http_method, action, opts)
-        end
-
-        should_deny_access(:flash => flash_message)
-      end
-    end
-
     def should_deny_access(opts = {})
       if opts[:flash]
         should set_the_flash.to(opts[:flash])
@@ -52,46 +15,7 @@ module Clearance
     # HTTP FLUENCY
 
     def should_forbid(description, &block)
-      should "forbid #{description}" do
-        assert_raises ActionController::Forbidden do
-          instance_eval(&block)
-        end
-      end
-    end
-
-    # CONTEXTS
-
-    def signed_in_user_context(&blk)
-      warn "[DEPRECATION] signed_in_user_context: creates a Mystery Guest, causes Obscure Test"
-      context "A signed in user" do
-        setup do
-          @user = Factory(:user)
-          @user.confirm_email!
-          sign_in_as @user
-        end
-        merge_block(&blk)
-      end
-    end
-
-    def public_context(&blk)
-      warn "[DEPRECATION] public_context: common case is no-op. call sign_out otherwise"
-      context "The public" do
-        setup { sign_out }
-        merge_block(&blk)
-      end
-    end
-
-    # CREATING USERS
-
-    def should_create_user_successfully
-      warn "[DEPRECATION] should_create_user_successfully: not meant to be public, no longer used internally"
-      should assign_to(:user)
-      should_change 'User.count', :by => 1
-
-      should have_sent_email.with_subject(/account confirmation/i)
-
-      should set_the_flash.to(/confirm/i)
-      should_redirect_to_url_after_create
+      warn "[DEPRECATION] should_forbid and Clearance's ActionController::Forbidden have been removed. Setting the 403 status code turned out to be an awful user experience in some browsers such as Chrome on Windows machines."
     end
 
     # RENDERING
@@ -119,87 +43,6 @@ module Clearance
     def should_redirect_to_url_already_confirmed
       should redirect_to("the already confirmed url") { @controller.send(:url_already_confirmed) }
     end
-
-    # VALIDATIONS
-
-    def should_validate_confirmation_of(attribute, opts = {})
-      warn "[DEPRECATION] should_validate_confirmation_of: not meant to be public, no longer used internally"
-      raise ArgumentError if opts[:factory].nil?
-
-      context "on save" do
-        should_validate_confirmation_is_not_blank opts[:factory], attribute
-        should_validate_confirmation_is_not_bad   opts[:factory], attribute
-      end
-    end
-
-    def should_validate_confirmation_is_not_blank(factory, attribute, opts = {})
-      warn "[DEPRECATION] should_validate_confirmation_is_not_blank: not meant to be public, no longer used internally"
-      should "validate #{attribute}_confirmation is not blank" do
-        model = Factory.build(factory, blank_confirmation_options(attribute))
-        model.save
-        assert_confirmation_error(model, attribute,
-          "#{attribute}_confirmation cannot be blank")
-      end
-    end
-
-    def should_validate_confirmation_is_not_bad(factory, attribute, opts = {})
-      warn "[DEPRECATION] should_validate_confirmation_is_not_bad: not meant to be public, no longer used internally"
-      should "validate #{attribute}_confirmation is different than #{attribute}" do
-        model = Factory.build(factory, bad_confirmation_options(attribute))
-        model.save
-        assert_confirmation_error(model, attribute, 
-          "#{attribute}_confirmation cannot be different than #{attribute}")
-      end
-    end
-
-    # FORMS
-
-    def should_display_a_password_update_form
-      warn "[DEPRECATION] should_display_a_password_update_form: not meant to be public, no longer used internally"
-      should "have a form for the user's token, password, and password confirm" do
-        update_path = ERB::Util.h(
-          user_password_path(@user, :token => @user.confirmation_token)
-        )
-
-        assert_select 'form[action=?]', update_path do
-          assert_select 'input[name=_method][value=?]', 'put'
-          assert_select 'input[name=?]', 'user[password]'
-          assert_select 'input[name=?]', 'user[password_confirmation]'
-        end
-      end
-    end
-
-    def should_display_a_sign_up_form
-      warn "[DEPRECATION] should_display_a_sign_up_form: not meant to be public, no longer used internally"
-      should "display a form to sign up" do
-        assert_select "form[action=#{users_path}][method=post]",
-        true, "There must be a form to sign up" do
-          assert_select "input[type=text][name=?]",
-            "user[email]", true, "There must be an email field"
-          assert_select "input[type=password][name=?]",
-            "user[password]", true, "There must be a password field"
-          assert_select "input[type=password][name=?]",
-            "user[password_confirmation]", true, "There must be a password confirmation field"
-          assert_select "input[type=submit]", true,
-            "There must be a submit button"
-        end
-      end
-    end
-
-    def should_display_a_sign_in_form
-      warn "[DEPRECATION] should_display_a_sign_in_form: not meant to be public, no longer used internally"
-      should 'display a "sign in" form' do
-        assert_select "form[action=#{session_path}][method=post]",
-          true, "There must be a form to sign in" do
-            assert_select "input[type=text][name=?]",
-              "session[email]", true, "There must be an email field"
-            assert_select "input[type=password][name=?]",
-              "session[password]", true, "There must be a password field"
-            assert_select "input[type=submit]", true,
-              "There must be a submit button"
-        end
-      end
-    end
   end
 end
 
@@ -218,24 +61,6 @@ module Clearance
       def sign_out
         @controller.current_user = nil
       end
-
-      def blank_confirmation_options(attribute)
-        warn "[DEPRECATION] blank_confirmation_options: not meant to be public, no longer used internally"
-        opts = { attribute => attribute.to_s }
-        opts.merge("#{attribute}_confirmation".to_sym => "")
-      end
-
-      def bad_confirmation_options(attribute)
-        warn "[DEPRECATION] bad_confirmation_options: not meant to be public, no longer used internally"
-        opts = { attribute => attribute.to_s }
-        opts.merge("#{attribute}_confirmation".to_sym => "not_#{attribute}")
-      end
-
-      def assert_confirmation_error(model, attribute, message = "confirmation error")
-        warn "[DEPRECATION] assert_confirmation_error: not meant to be public, no longer used internally"
-        assert model.errors[attribute].include?("doesn't match confirmation"),
-          message
-      end
     end
   end
 end

data/lib/rails/generators/clearance_features_templates/features/password_reset.feature

@@ -1,7 +1,8 @@
 Feature: Password reset
-  In order to sign in even if user forgot their password
-  A user
-  Should be able to reset it
+
+  In order to sign in even if I forgot my password
+  As a user
+  I want to reset my password
 
     Scenario: User is not signed up
       Given no user exists with an email of "email@person.com"

data/lib/rails/generators/clearance_features_templates/features/sign_in.feature

@@ -1,7 +1,8 @@
 Feature: Sign in
+
   In order to get access to protected sections of the site
-  A user
-  Should be able to sign in
+  As a user
+  I want to sign in
 
     Scenario: User is not signed up
       Given no user exists with an email of "email@person.com"

data/lib/rails/generators/clearance_features_templates/features/sign_out.feature

@@ -1,7 +1,8 @@
 Feature: Sign out
-  To protect my account from unauthorized access
-  A signed in user
-  Should be able to sign out
+
+  In order to protect my account from unauthorized access
+  As a signed in user
+  I want to sign out
 
     Scenario: User signs out
       Given I am signed up as "email@person.com/password"

data/lib/rails/generators/clearance_features_templates/features/sign_up.feature

@@ -1,7 +1,8 @@
 Feature: Sign up
+
   In order to get access to protected sections of the site
-  A user
-  Should be able to sign up
+  As a user
+  I want to sign up
 
     Scenario: User signs up with invalid data
       When I go to the sign up page

data/lib/rails/generators/clearance_features_templates/features/step_definitions/clearance_steps.rb

@@ -14,17 +14,13 @@ Given /^no user exists with an email of "(.*)"$/ do |email|
   assert_nil User.find_by_email(email)
 end
 
-Given /^I signed up with "(.*)\/(.*)"$/ do |email, password|
+Given /^(?:I am|I have|I) signed up (?:as|with) "(.*)\/(.*)"$/ do |email, password|
   Factory(:user,
           :email                 => email,
           :password              => password,
           :password_confirmation => password)
 end
 
-Given /^I am signed up as "([^"]+)"$/ do |email_password|
-  Given %{I signed up with "#{email_password}"}
-end
-
 # Session
 
 Then /^I should be signed in$/ do
@@ -44,7 +40,7 @@ When /^session is cleared$/ do
   #controller.instance_variable_set(:@_current_user, nil)
 end
 
-Given /^I have signed in with "(.*)\/(.*)"$/ do |email, password|
+Given /^(?:I am|I have|I) signed in (?:with|as) "(.*)\/(.*)"$/ do |email, password|
   Given %{I am signed up as "#{email}/#{password}"}
   And %{I sign in as "#{email}/#{password}"}
 end
@@ -79,10 +75,6 @@ When /^I try to change the password of "(.*)" without token$/ do |email|
   visit edit_user_password_path(:user_id => user)
 end
 
-Then /^I should be forbidden$/ do
-  assert_response :forbidden
-end
-
 # Actions
 
 When /^I sign in as "(.*)\/(.*)"$/ do |email, password|

data/spec/rails_root/Gemfile.lock

@@ -0,0 +1,143 @@
+PATH
+  remote: ../..
+  specs:
+    clearance (0.9.0.rc9)
+      rails (~> 3.0.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    abstract (1.0.0)
+    actionmailer (3.0.0)
+      actionpack (= 3.0.0)
+      mail (~> 2.2.5)
+    actionpack (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+      builder (~> 2.1.2)
+      erubis (~> 2.6.6)
+      i18n (~> 0.4.1)
+      rack (~> 1.2.1)
+      rack-mount (~> 0.6.12)
+      rack-test (~> 0.5.4)
+      tzinfo (~> 0.3.23)
+    activemodel (3.0.0)
+      activesupport (= 3.0.0)
+      builder (~> 2.1.2)
+      i18n (~> 0.4.1)
+    activerecord (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+      arel (~> 1.0.0)
+      tzinfo (~> 0.3.23)
+    activeresource (3.0.0)
+      activemodel (= 3.0.0)
+      activesupport (= 3.0.0)
+    activesupport (3.0.0)
+    arel (1.0.1)
+      activesupport (~> 3.0.0)
+    builder (2.1.2)
+    capybara (0.4.0)
+      celerity (>= 0.7.9)
+      culerity (>= 0.2.4)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      selenium-webdriver (>= 0.0.27)
+      xpath (~> 0.1.2)
+    celerity (0.8.6)
+    childprocess (0.1.4)
+      ffi (~> 0.6.3)
+    configuration (1.1.0)
+    cucumber (0.10.0)
+      builder (>= 2.1.2)
+      diff-lcs (~> 1.1.2)
+      gherkin (~> 2.3.2)
+      json (~> 1.4.6)
+      term-ansicolor (~> 1.0.5)
+    cucumber-rails (0.3.2)
+      cucumber (>= 0.8.0)
+    culerity (0.2.13)
+    diff-lcs (1.1.2)
+    erubis (2.6.6)
+      abstract (>= 1.0.0)
+    factory_girl (1.3.2)
+    factory_girl_rails (1.0)
+      factory_girl (~> 1.3)
+      rails (>= 3.0.0.beta4)
+    ffi (0.6.3)
+      rake (>= 0.8.7)
+    formtastic (1.1.0.beta)
+      actionpack (>= 2.3.0)
+      activesupport (>= 2.3.0)
+      i18n (>= 0.4.0)
+    gherkin (2.3.2)
+      json (~> 1.4.6)
+      term-ansicolor (~> 1.0.5)
+    i18n (0.4.1)
+    json (1.4.6)
+    json_pure (1.4.6)
+    launchy (0.3.7)
+      configuration (>= 0.0.5)
+      rake (>= 0.8.1)
+    mail (2.2.5)
+      activesupport (>= 2.3.6)
+      mime-types
+      treetop (>= 1.4.5)
+    mime-types (1.16)
+    mocha (0.9.8)
+      rake
+    nokogiri (1.4.1)
+    polyglot (0.3.1)
+    rack (1.2.1)
+    rack-mount (0.6.13)
+      rack (>= 1.0.0)
+    rack-test (0.5.4)
+      rack (>= 1.0)
+    rails (3.0.0)
+      actionmailer (= 3.0.0)
+      actionpack (= 3.0.0)
+      activerecord (= 3.0.0)
+      activeresource (= 3.0.0)
+      activesupport (= 3.0.0)
+      bundler (~> 1.0.0)
+      railties (= 3.0.0)
+    railties (3.0.0)
+      actionpack (= 3.0.0)
+      activesupport (= 3.0.0)
+      rake (>= 0.8.4)
+      thor (~> 0.14.0)
+    rake (0.8.7)
+    rubyzip (0.9.4)
+    selenium-webdriver (0.1.1)
+      childprocess (= 0.1.4)
+      ffi (~> 0.6.3)
+      json_pure
+      rubyzip
+    shoulda (2.11.3)
+    sqlite3-ruby (1.3.1)
+    term-ansicolor (1.0.5)
+    thor (0.14.0)
+    treetop (1.4.8)
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.23)
+    xpath (0.1.2)
+      nokogiri (~> 1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  capybara (= 0.4.0)
+  clearance!
+  cucumber (= 0.10.0)
+  cucumber-rails (= 0.3.2)
+  factory_girl_rails (= 1.0)
+  formtastic (= 1.1.0.beta)
+  launchy (= 0.3.7)
+  mocha (= 0.9.8)
+  nokogiri (= 1.4.1)
+  rails (= 3.0.0)
+  shoulda (= 2.11.3)
+  sqlite3-ruby