RubyGems - clearance - Versions diffs - 0.8.6 → 0.8.7 - Mend

clearance 0.8.6 → 0.8.7

Potentially problematic release.

This version of clearance might be problematic. Click here for more details.

Files changed (14) hide show

data/{CHANGELOG.textile → CHANGELOG.md} +79 -32
data/README.md +2 -2
data/VERSION +1 -1
data/app/controllers/clearance/passwords_controller.rb +1 -1
data/generators/clearance/clearance_generator.rb +11 -1
data/generators/clearance/templates/migrations/update_users.rb +6 -6
data/lib/clearance/authentication.rb +1 -1
data/lib/clearance/extensions/rescue.rb +3 -1
data/lib/clearance/user.rb +3 -3
data/test/controllers/sessions_controller_test.rb +1 -2
data/test/rails_root/app/controllers/application_controller.rb +1 -0
data/test/rails_root/config/initializers/clearance_loader.rb +8 -0
data/test/rails_root/db/migrate/{20100217171349_clearance_create_users.rb → 20100221200020_clearance_create_users.rb} +0 -0
metadata +5 -4

data/{CHANGELOG.textile → CHANGELOG.md} RENAMED

@@ -1,10 +1,28 @@
-h2. 0.8.6 (unreleased)
+0.8.7 (02/21/2010)
+------------------
+* [#43] Fixed global sign out bug. (Ryan McGreary)
+* [#69] Allow Rails apps to before_filter :authenticate the entire app
+in ApplicationController and still have password recovery work without
+overriding any controllers. (Claudio Poli, Dan Croak)
+* [#72] #[21] Rails3 fix for ActionController/ActionDispatch change.
+(Joseph Holsten, Peter Haza, Dan Croak)
+0.8.6 (02/17/2010)
+------------------
 * Clearance features capitalization should match view text (Bobby Wilson)
-* skip :authenticate before_filter in controllers so apps can easily
+* [#39] skip :authenticate before_filter in controllers so apps can easily
 authenticate a whole site without subclassing (Matthew Ford)
+* [#45] Added randomness to token and salt generation (Ryan McGeary)
+* [#43] Reset the remember_token on sign out instead of sign in. Allows for the same
+user to sign in from two locations at once. (Ryan McGeary)
+* [#62] Append the version number to generated update migrations (Joe Ferris)
+ * Allow overridden user models to skip email/password validations
+conditionally. This makes username/facebook integration easier. (Joe Ferris)
-h2. 0.8.5 (01/20/2009)
+0.8.5 (01/20/2010)
+------------------
 * replaced routing hack with Clearance::Routes.draw(map) to give
 more control to the application developer. (Dan Croak)
@@ -15,36 +33,42 @@ more control to the application developer. (Dan Croak)
 * use Clearance.configure block to set mailer sender instead of
 DO_NOT_REPLY constant. (Dan Croak)
-h2. 0.8.4 (12/08/2009)
+0.8.4 (12/08/2009)
+------------------
 * [#48] remove unnecessary require 'factory_girl' in generator (Dan Croak)
 * reference gemcutter (not github) as the gem source in README (Dan Croak)
 * add IRC, rdoc.info links to README (Dan Croak)
 * move user confirmation email trigger into model (Chad Pytel)
-h2. 0.8.3 (09/21/2009)
+0.8.3 (09/21/2009)
+------------------
 * [#27] remove class_eval in Clearance::Authentication. (Anuj Dutta)
 * Avoid possible collisions in the remember me token (Joe Ferris)
-h2. 0.8.2 (09/01/2009)
+0.8.2 (09/01/2009)
+------------------
 * current_user= accessor method. (Joe Ferris, Josh Clayton)
 * set current_user in sign_in. (Jon Yurek)
-h2. 0.8.1 (08/31/2009)
+0.8.1 (08/31/2009)
+------------------
 * Removed unnecessary remember_token_expires_at column and the
 remember? and forget_me! user instance methods. (Dan Croak)
-h2. 0.8.0 (08/31/2009)
+0.8.0 (08/31/2009)
+------------------
 * Always remember me. Replaced session-and-remember-me authentication with
 always using a cookie with a long timeout. (Dan Croak)
 * Documented Clearance::Authentication with YARD. (Dan Croak)
 * Documented Clearance::User with YARD. (Dan Croak)
-h2. 0.7.0 (08/04/2009)
+0.7.0 (08/04/2009)
+------------------
 * Redirect signed in user who clicks confirmation link again. (Dan Croak)
 * Redirect signed out user who clicks confirmation link again. (Dan Croak)
@@ -53,18 +77,21 @@ Croak)
 * Added clearance_views generator. By default, creates formtastic views which
 pass all tests and features. (Dan Croak)
-h2. 0.6.9 (07/04/2009)
+0.6.9 (07/04/2009)
+------------------
 * Added timestamps to create users migration. (Dan Croak)
 * Ready for Ruby 1.9. (Jason Morrison, Nick Quaranto)
-h2. 0.6.8 (06/24/2009)
+0.6.8 (06/24/2009)
+------------------
 * Added defined? checks for various Rails constants such as ActionController
 for easier unit testing of Clearance extensions... particularly ActiveRecord
 extensions... particularly strong_password. (Dan Croak)
-h2. 0.6.7 (06/13/2009)
+0.6.7 (06/13/2009)
+------------------
 * [#30] Added sign_up, sign_in, sign_out named routes. (Dan Croak)
 * [#22] Minimizing Reek smell: Duplication in redirect_back_or. (Dan Croak)
@@ -76,16 +103,19 @@ Croak)
 * README improvements. (Dan Croak)
 * Move routes loading to separate file. (Joshua Clayton)
-h2. 0.6.6 (05/18/2009)
+0.6.6 (05/18/2009)
+------------------
 * [#14] replaced class_eval in Clearance::User with modules. This was needed
 in a thoughtbot client app so we could write our own validations. (Dan Croak)
-h2. 0.6.5 (05/17/2009)
+0.6.5 (05/17/2009)
+------------------
 * [#6] Make Clearance i18n aware. (Timur Vafin, Marcel Goerner, Eugene Bolshakov, Dan Croak)
-h2. 0.6.4 (05/12/2009)
+0.6.4 (05/12/2009)
+------------------
 * Moved issue tracking to Github from Lighthouse. (Dan Croak)
 * [#7] asking higher-level questions of controllers in webrat steps, such as signed_in? instead of what's in the session. same for accessors. (Dan Croak)
@@ -93,22 +123,26 @@ h2. 0.6.4 (05/12/2009)
 * [#13] move private methods on sessions controller into Clearance::Authentication module (Dan Croak)
 * [#9] audited flash keys. (Dan Croak)
-h2. 0.6.3 (04/23/2009)
+0.6.3 (04/23/2009)
+------------------
 * Scoping ClearanceMailer properly within controllers so it works in production environments. (Nick Quaranto)
-h2. 0.6.2 (04/22/2009)
+0.6.2 (04/22/2009)
+------------------
 * Insert Clearance::User into User model if it exists. (Nick Quaranto)
 * World(NavigationHelpers) Cucumber 3.0 style. (Shay Arnett & Mark Cornick)
-h2. 0.6.1 (04/21/2009)
+0.6.1 (04/21/2009)
+------------------
 * Scope operators are necessary to keep Rails happy. Reverting the original
 revert so they're back in the library now for constants referenced inside of
 the gem. (Nick Quaranto)
-h2. 0.6.0 (04/21/2009)
+0.6.0 (04/21/2009)
+------------------
 * Converted Clearance to a Rails engine. (Dan Croak & Joe Ferris)
 * Include Clearance::User in User model in app. (Dan Croak & Joe Ferris)
@@ -132,33 +166,39 @@ Quaranto)
 * Made the clearance controllers unloadable to stop constant loading errors in
 development mode (Nick Quaranto)
-h2. 0.5.6 (4/11/2009)
+0.5.6 (4/11/2009)
+-----------------
 * [#57] Step definition changed for "User should see error messages" so
 features won't fail for certain validations. (Nick Quaranto)
-h2. 0.5.5 (3/23/2009)
+0.5.5 (3/23/2009)
+-----------------
 * Removing duplicate test to get rid of warning. (Nick Quaranto)
-h2. 0.5.4 (3/21/2009)
+0.5.4 (3/21/2009)
+-----------------
 * When users fail logging in, redirect them instead of rendering. (Matt
 Jankowski)
-h2. 0.5.3 (3/5/2009)
+0.5.3 (3/5/2009)
+----------------
 * Clearance now works with (and requires) Shoulda 2.10.0. (Mark Cornick, Joe
 Ferris, Dan Croak)
 * Prefer flat over nested contexts in sessions_controller_test. (Joe Ferris,
 Dan Croak)
-h2. 0.5.2 (3/2/2009)
+0.5.2 (3/2/2009)
+----------------
 * Fixed last remaining errors in Rails 2.3 tests. Now fully compatible. (Joe
 Ferris, Dan Croak)
-h2. 0.5.1 (2/27/2009)
+0.5.1 (2/27/2009)
+-----------------
 * [#46] A user with unconfirmed email who resets password now confirms email.
 (Marcel Görner)
@@ -170,7 +210,8 @@ application.rb in Rails 2.3 apps. (Dan Croak)
 * [#42] Bug fix. Rack-based session change altered how to test remember me
 cookie. (Mihai Anca)
-h2. 0.5.0 (2/27/2009)
+0.5.0 (2/27/2009)
+-----------------
 * Fixed problem with Cucumber features. (Dan Croak)
 * Fixed mising HTTP fluency use case. (Dan Croak)
@@ -178,7 +219,8 @@ h2. 0.5.0 (2/27/2009)
 Croak)
 * Refactored User unit tests to be more readable. (Dan Croak)
-h2. 0.4.9 (2/20/2009)
+0.4.9 (2/20/2009)
+-----------------
 * Protect passwords & confirmations actions with forbidden filters. (Dan Croak)
 * Return 403 Forbidden status code in those cases. (Tim Pope)
@@ -188,7 +230,8 @@ h2. 0.4.9 (2/20/2009)
 * [#45] Fixed bug that allowed anyone to edit another user's password (Marcel Görner)
 * Required Factory Girl >= 1.2.0. (Dan Croak)
-h2. 0.4.8 (2/16/2009)
+0.4.8 (2/16/2009)
+-----------------
 * Added support paths for Cucumber. (Ben Mabey)
 * Added documentation for the flash. (Ben Mabey)
@@ -196,17 +239,20 @@ h2. 0.4.8 (2/16/2009)
 * Removed interpolated email address from flash message to make i18n easier. (Bence Nagy)
 * Standardized flash messages that refer to email delivery. (Dan Croak)
-h2. 0.4.7 (2/12/2009)
+0.4.7 (2/12/2009)
+-----------------
 * Removed Clearance::Test::TestHelper so there is one less setup step. (Dan Croak)
 * All test helpers now in shoulda_macros. (Dan Croak)
-h2. 0.4.6 (2/11/2009)
+0.4.6 (2/11/2009)
+-----------------
 * Made the modules behave like mixins again. (hat-tip Eloy Duran)
 * Created Actions and PrivateMethods modules on controllers for future RDoc reasons. (Dan Croak, Joe Ferris)
-h2. 0.4.5 (2/9/2009)
+0.4.5 (2/9/2009)
+----------------
 * [#43] Removed email downcasing because local-part is case sensitive per RFC5321. (Dan Croak)
 * [#42] Removed dependency on Mocha. (Dan Croak)
@@ -217,7 +263,8 @@ h2. 0.4.5 (2/9/2009)
 * Audited "sign up" naming convention. "Register" had slipped in a few places. (Dan Croak)
 * Switched to SHA1 encryption. Cypher doesn't matter much for email confirmation, password reset. Better to have shorter hashes in the emails for clients who line break on 72 chars. (Dan Croak)
-h2. 0.4.4 (2/2/2009)
+0.4.4 (2/2/2009)
+----------------
 * Added a generator for Cucumber features. (Joe Ferris, Dan Croak)
 * Standarized naming for "Sign up," "Sign in," and "Sign out". (Dan Croak)

data/README.md CHANGED

@@ -67,7 +67,7 @@ To change any of provided actions, subclass a Clearance controller...
 and add your route above (before) Clearance routes in config/routes.rb:
-    map.resource :session, :controller => 'clearance/sessions'
+    map.resource :session, :controller => 'sessions'
 See lib/clearance/routes.rb for all the routes Clearance provides.
@@ -126,4 +126,4 @@ Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov,
 Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey,
 Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, Shay Arnett, Joshua Clayton,
 Mustafa Ekim, Jon Yurek, Anuj Dutta, Chad Pytel, Ben Orenstein, Bobby Wilson,
-and Matthew Ford.
+Matthew Ford, Ryan McGeary, Claudio Poli, Joseph Holsten, and Peter Haza.

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 0.8.6
1	+ 0.8.7

data/app/controllers/clearance/passwords_controller.rb CHANGED

@@ -1,7 +1,7 @@
 class Clearance::PasswordsController < ApplicationController
   unloadable
-  skip_before_filter :authenticate,        :only => [:edit, :update]
+  skip_before_filter :authenticate,        :only => [:new, :create, :edit, :update]
   before_filter :forbid_missing_token,     :only => [:edit, :update]
   before_filter :forbid_non_existent_user, :only => [:edit, :update]
   filter_parameter_logging :password, :password_confirmation

data/generators/clearance/clearance_generator.rb CHANGED

@@ -33,6 +33,12 @@ class ClearanceGenerator < Rails::Generator::Base
     end
   end
+  def schema_version_constant
+    if upgrading_clearance_again?
+      "To#{schema_version.gsub('_', '')}"
+    end
+  end
   private
   def migration_source_name
@@ -44,7 +50,7 @@ class ClearanceGenerator < Rails::Generator::Base
   end
   def migration_target_name
-    if ActiveRecord::Base.connection.table_exists?(:users)
+    if upgrading_clearance_again?
       "update_users_to_#{schema_version}"
     else
       'create_users'
@@ -55,4 +61,8 @@ class ClearanceGenerator < Rails::Generator::Base
     IO.read(File.join(File.dirname(__FILE__), '..', '..', 'VERSION')).strip.gsub(/[^\d]/, '_')
   end
+  def upgrading_clearance_again?
+    ActiveRecord::Base.connection.table_exists?(:users)
+  end
 end

data/generators/clearance/templates/migrations/update_users.rb CHANGED

@@ -1,14 +1,14 @@
-class ClearanceUpdateUsers < ActiveRecord::Migration
+class ClearanceUpdateUsers<%= schema_version_constant %> < ActiveRecord::Migration
   def self.up
 <%
       existing_columns = ActiveRecord::Base.connection.columns(:users).collect { |each| each.name }
       columns = [
         [:email,              't.string :email'],
         [:encrypted_password, 't.string :encrypted_password, :limit => 128'],
-        [:salt, 't.string :salt, :limit => 128'],
+        [:salt,               't.string :salt, :limit => 128'],
         [:confirmation_token, 't.string :confirmation_token, :limit => 128'],
-        [:remember_token, 't.string :remember_token, :limit => 128'],
-        [:email_confirmed, 't.boolean :email_confirmed, :default => false, :null => false']
+        [:remember_token,     't.string :remember_token, :limit => 128'],
+        [:email_confirmed,    't.boolean :email_confirmed, :default => false, :null => false']
       ].delete_if {|c| existing_columns.include?(c.first.to_s)}
 -%>
     change_table(:users) do |t|
@@ -22,8 +22,8 @@ class ClearanceUpdateUsers < ActiveRecord::Migration
     index_names = existing_indexes.collect { |each| each.name }
     new_indexes = [
       [:index_users_on_id_and_confirmation_token, 'add_index :users, [:id, :confirmation_token]'],
-      [:index_users_on_email,        'add_index :users, :email'],
-      [:index_users_on_remember_token,        'add_index :users, :remember_token']
+      [:index_users_on_email,                     'add_index :users, :email'],
+      [:index_users_on_remember_token,            'add_index :users, :remember_token']
     ].delete_if { |each| index_names.include?(each.first.to_s) }
 -%>
 <% new_indexes.each do |each| -%>

data/lib/clearance/authentication.rb CHANGED

@@ -75,8 +75,8 @@ module Clearance
       # @example
       #   sign_out
       def sign_out
-        cookies.delete(:remember_token)
         current_user.reset_remember_token! if current_user
+        cookies.delete(:remember_token)
         current_user = nil
       end

data/lib/clearance/extensions/rescue.rb CHANGED

@@ -1,3 +1,5 @@
-if defined?(ActionController::Base)
+if defined?(ActionDispatch::ShowExceptions) # Rails 3
+  ActionDispatch::ShowExceptions.rescue_responses.update('ActionController::Forbidden' => :forbidden)
+elsif defined?(ActionController::Base)
   ActionController::Base.rescue_responses.update('ActionController::Forbidden' => :forbidden)
 end

data/lib/clearance/user.rb CHANGED

@@ -65,11 +65,11 @@ module Clearance
       # salt, token, password encryption are handled before_save.
       def self.included(model)
         model.class_eval do
-          before_save :initialize_salt,
-                      :encrypt_password
+          before_save   :initialize_salt,
+                        :encrypt_password
           before_create :generate_confirmation_token,
                         :generate_remember_token
-          after_create :send_confirmation_email, :unless => :email_confirmed?
+          after_create  :send_confirmation_email, :unless => :email_confirmed?
         end
       end
     end

data/test/controllers/sessions_controller_test.rb CHANGED

@@ -123,8 +123,7 @@ class SessionsControllerTest < ActionController::TestCase
     setup do
       @user = Factory(:email_confirmed_user)
       @user.update_attribute(:remember_token, "old-token")
-      cookies['remember_token'] = CGI::Cookie.new('token', 'value')
-      sign_in_as @user
+      @request.cookies["remember_token"] = "old-token"
       delete :destroy
     end

data/test/rails_root/app/controllers/application_controller.rb CHANGED

@@ -2,4 +2,5 @@ class ApplicationController < ActionController::Base
   helper :all
   protect_from_forgery
   include Clearance::Authentication
+  before_filter :authenticate
 end

data/test/rails_root/config/initializers/clearance_loader.rb ADDED

@@ -0,0 +1,8 @@
+# This simulates loading the clearance gem, but without relying on
+# vendor/gems
+clearance_path = File.join(File.dirname(__FILE__), *%w(.. .. .. ..))
+clearance_lib_path = File.join(clearance_path, "lib")
+$LOAD_PATH.unshift(clearance_lib_path)
+load File.join(clearance_path, 'rails', 'init.rb')

data/test/rails_root/db/migrate/{20100217171349_clearance_create_users.rb → 20100221200020_clearance_create_users.rb} RENAMED

File without changes

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 0.8.6
+  version: 0.8.7
 platform: ruby
 authors:
 - Dan Croak
@@ -26,7 +26,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-02-17 00:00:00 -05:00
+date: 2010-02-21 00:00:00 -05:00
 default_executable:
 dependencies: []
@@ -40,7 +40,7 @@ extra_rdoc_files:
 - LICENSE
 - README.md
 files:
-- CHANGELOG.textile
+- CHANGELOG.md
 - LICENSE
 - README.md
 - Rakefile
@@ -138,12 +138,13 @@ test_files:
 - test/rails_root/config/environments/production.rb
 - test/rails_root/config/environments/test.rb
 - test/rails_root/config/initializers/clearance.rb
+- test/rails_root/config/initializers/clearance_loader.rb
 - test/rails_root/config/initializers/inflections.rb
 - test/rails_root/config/initializers/mime_types.rb
 - test/rails_root/config/initializers/requires.rb
 - test/rails_root/config/initializers/time_formats.rb
 - test/rails_root/config/routes.rb
-- test/rails_root/db/migrate/20100217171349_clearance_create_users.rb
+- test/rails_root/db/migrate/20100221200020_clearance_create_users.rb
 - test/rails_root/features/step_definitions/clearance_steps.rb
 - test/rails_root/features/step_definitions/factory_girl_steps.rb
 - test/rails_root/features/step_definitions/web_steps.rb