clearance 1.0.0.rc7 → 1.0.0.rc8
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +6 -14
- data/.gitignore +3 -3
- data/.travis.yml +0 -17
- data/Appraisals +2 -6
- data/Gemfile +16 -1
- data/Gemfile.lock +116 -107
- data/NEWS.md +7 -3
- data/README.md +195 -129
- data/Rakefile +5 -9
- data/app/views/layouts/application.html.erb +1 -1
- data/clearance.gemspec +20 -17
- data/config/locales/clearance.en.yml +2 -1
- data/config/routes.rb +2 -2
- data/features/add_migrations_to_project.feature +7 -37
- data/features/integration_with_rspec.feature +5 -4
- data/features/integration_with_test_unit.feature +11 -38
- data/features/step_definitions/configuration_steps.rb +94 -8
- data/features/step_definitions/gem_file_steps.rb +8 -0
- data/features/support/env.rb +7 -0
- data/lib/clearance/authorization.rb +16 -3
- data/lib/clearance/configuration.rb +2 -0
- data/lib/clearance/engine.rb +1 -1
- data/lib/clearance/session.rb +12 -11
- data/lib/clearance/testing.rb +0 -4
- data/lib/clearance/testing/application.rb +23 -24
- data/lib/clearance/testing/helpers.rb +1 -1
- data/lib/clearance/user.rb +17 -10
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/specs/templates/{integration → features}/clearance/user_signs_out_spec.rb +0 -0
- data/lib/generators/clearance/specs/templates/{integration → features}/clearance/visitor_resets_password_spec.rb +24 -0
- data/lib/generators/clearance/specs/templates/{integration → features}/clearance/visitor_signs_in_spec.rb +0 -0
- data/lib/generators/clearance/specs/templates/{integration → features}/clearance/visitor_signs_up_spec.rb +8 -0
- data/lib/generators/clearance/specs/templates/{integration → features}/clearance/visitor_updates_password_spec.rb +0 -0
- data/lib/generators/clearance/specs/templates/support/features.rb +5 -0
- data/lib/generators/clearance/specs/templates/support/{integration → features}/clearance_helpers.rb +1 -1
- data/spec/clearance/session_spec.rb +27 -0
- data/spec/controllers/apis_controller_spec.rb +36 -0
- data/spec/controllers/passwords_controller_spec.rb +13 -11
- data/spec/controllers/sessions_controller_spec.rb +13 -27
- data/spec/controllers/users_controller_spec.rb +6 -2
- data/spec/factories.rb +5 -0
- data/spec/models/user_spec.rb +13 -19
- data/spec/support/clearance.rb +9 -0
- metadata +36 -218
- data/gemfiles/3.0.20.gemfile +0 -7
- data/gemfiles/3.0.20.gemfile.lock +0 -173
- data/gemfiles/3.1.11.gemfile +0 -7
- data/gemfiles/3.1.11.gemfile.lock +0 -183
- data/gemfiles/3.2.12.gemfile +0 -7
- data/gemfiles/3.2.12.gemfile.lock +0 -182
- data/gemfiles/3.2.13.rc2.gemfile +0 -7
- data/gemfiles/3.2.13.rc2.gemfile.lock +0 -182
- data/lib/clearance/password_strategies/fake.rb +0 -23
- data/lib/generators/clearance/specs/templates/support/integration.rb +0 -6
- data/lib/generators/clearance/specs/templates/support/integration/action_mailer_helpers.rb +0 -19
checksums.yaml
CHANGED
@@ -1,15 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
metadata.gz: !binary |-
|
9
|
-
YzA5YTAzMjUxOGZjNGU5MTQ3ZTQ4NjI2ZjQ0N2M2YWFjNjg4MzIwODA4YmU2
|
10
|
-
MTlkZTk2NjNkODE2YjI0YzQ0M2JhNjRmOTM2YzJkMzY1MThlMzJkOTU0ODY5
|
11
|
-
Yjc5MzBhOTc2Y2FiMzA4MzdiZDU5ZmU2OTkwYWE5OGNkYjRjOTg=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
ZTdlZDUwN2FjYzg3ZmI4OGEzMGMwMjU1ZjY5NzY5ZDUwOTAyYjcwMjk5MGEz
|
14
|
-
OTZmNDZiZTMyNGMxMDNjNjlhNmUwNjkxZDI0YWM1YmU5MmZlMzI3NThjNGZi
|
15
|
-
Njc1Y2MxN2E0Nzc0MTg4MzQzYzQ1MzdiZjE0YWE4ZDRhZDJmMGU=
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f594b3d9373f5783a6e2304f49ca636bbf7b904d
|
4
|
+
data.tar.gz: e2731151ddda9ff6b6a746b3f789b23f5305335e
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 633e6622929f3ae73a267f607167f004915f61b679cad2867923cc0ff249eabdf6f3cb29d2dcb9f1fa2b5519f5841468f6e8c2888bd51fe9122865ef4934ce16
|
7
|
+
data.tar.gz: d52bc8b9c6b5e4007d9461b91721ac0db05e7df9b6c4efcb36d93a253ece3d04d09e07e68d0341b10e73128bbf23bd786a7a3b6522c69d6ac91770e3a9b629b1
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
@@ -1,26 +1,9 @@
|
|
1
1
|
language: ruby
|
2
2
|
rvm:
|
3
|
-
- 1.9.2
|
4
3
|
- 1.9.3
|
5
4
|
- 2.0.0
|
6
|
-
before_install:
|
7
|
-
- gem update --system
|
8
|
-
- gem update bundler
|
9
5
|
before_script:
|
10
6
|
- "bundle exec rake db:migrate"
|
11
|
-
gemfile:
|
12
|
-
- gemfiles/3.0.20.gemfile
|
13
|
-
- gemfiles/3.1.11.gemfile
|
14
|
-
- gemfiles/3.2.12.gemfile
|
15
|
-
- gemfiles/3.2.13.rc2.gemfile
|
16
|
-
matrix:
|
17
|
-
exclude:
|
18
|
-
- rvm: 2.0.0
|
19
|
-
gemfile: gemfiles/3.0.20.gemfile
|
20
|
-
- rvm: 2.0.0
|
21
|
-
gemfile: gemfiles/3.1.11.gemfile
|
22
|
-
- rvm: 2.0.0
|
23
|
-
gemfile: gemfiles/3.2.12.gemfile
|
24
7
|
branches:
|
25
8
|
only:
|
26
9
|
- master
|
data/Appraisals
CHANGED
@@ -1,11 +1,7 @@
|
|
1
|
-
|
2
|
-
rails_versions = ['3.2.13.rc2']
|
3
|
-
else
|
4
|
-
rails_versions = ['3.0.20', '3.1.11', '3.2.12']
|
5
|
-
end
|
1
|
+
rails_versions = ['~> 3.2.13', '~> 4.0.0']
|
6
2
|
|
7
3
|
rails_versions.each do |rails_version|
|
8
|
-
appraise "#{rails_version}" do
|
4
|
+
appraise "rails#{rails_version.slice(/\d+\.\d+/)}" do
|
9
5
|
gem 'rails', rails_version
|
10
6
|
end
|
11
7
|
end
|
data/Gemfile
CHANGED
@@ -1,3 +1,18 @@
|
|
1
|
-
source '
|
1
|
+
source 'https://rubygems.org'
|
2
2
|
|
3
3
|
gemspec
|
4
|
+
|
5
|
+
gem 'appraisal', '~> 0.5'
|
6
|
+
gem 'aruba', '~> 0.5'
|
7
|
+
gem 'bourne', '~> 1.4'
|
8
|
+
gem 'bundler', '~> 1.3'
|
9
|
+
gem 'capybara', '~> 2.0.3'
|
10
|
+
gem 'cucumber-rails', '~> 1.3'
|
11
|
+
gem 'database_cleaner', '~> 1.0'
|
12
|
+
gem 'factory_girl_rails', '~> 4.2'
|
13
|
+
gem 'jbuilder', '~> 1.2'
|
14
|
+
gem 'rspec-rails', '~> 2.13'
|
15
|
+
gem 'sdoc'
|
16
|
+
gem 'shoulda-matchers', github: 'thoughtbot/shoulda-matchers' , branch: 'dp-rails-four'
|
17
|
+
gem 'sqlite3', '~> 1.3'
|
18
|
+
gem 'timecop', '~> 0.6'
|
data/Gemfile.lock
CHANGED
@@ -1,182 +1,191 @@
|
|
1
|
+
GIT
|
2
|
+
remote: git://github.com/thoughtbot/shoulda-matchers.git
|
3
|
+
revision: 96e734d8946151ebf0e0d4488d05f2da30fdb59a
|
4
|
+
branch: dp-rails-four
|
5
|
+
specs:
|
6
|
+
shoulda-matchers (2.1.0)
|
7
|
+
activesupport (>= 3.0.0)
|
8
|
+
|
1
9
|
PATH
|
2
10
|
remote: .
|
3
11
|
specs:
|
4
|
-
clearance (1.0.0.
|
12
|
+
clearance (1.0.0.rc8)
|
5
13
|
bcrypt-ruby
|
6
|
-
email_validator
|
7
|
-
rails (>= 3.
|
14
|
+
email_validator (~> 1.4)
|
15
|
+
rails (>= 3.1)
|
8
16
|
|
9
17
|
GEM
|
10
|
-
remote:
|
18
|
+
remote: https://rubygems.org/
|
11
19
|
specs:
|
12
|
-
actionmailer (3.2.
|
13
|
-
actionpack (= 3.2.
|
20
|
+
actionmailer (3.2.12)
|
21
|
+
actionpack (= 3.2.12)
|
14
22
|
mail (~> 2.4.4)
|
15
|
-
actionpack (3.2.
|
16
|
-
activemodel (= 3.2.
|
17
|
-
activesupport (= 3.2.
|
23
|
+
actionpack (3.2.12)
|
24
|
+
activemodel (= 3.2.12)
|
25
|
+
activesupport (= 3.2.12)
|
18
26
|
builder (~> 3.0.0)
|
19
27
|
erubis (~> 2.7.0)
|
20
|
-
journey (~> 1.0.
|
21
|
-
rack (~> 1.4.
|
28
|
+
journey (~> 1.0.4)
|
29
|
+
rack (~> 1.4.5)
|
22
30
|
rack-cache (~> 1.2)
|
23
31
|
rack-test (~> 0.6.1)
|
24
|
-
sprockets (~> 2.1
|
25
|
-
activemodel (3.2.
|
26
|
-
activesupport (= 3.2.
|
32
|
+
sprockets (~> 2.2.1)
|
33
|
+
activemodel (3.2.12)
|
34
|
+
activesupport (= 3.2.12)
|
27
35
|
builder (~> 3.0.0)
|
28
|
-
activerecord (3.2.
|
29
|
-
activemodel (= 3.2.
|
30
|
-
activesupport (= 3.2.
|
36
|
+
activerecord (3.2.12)
|
37
|
+
activemodel (= 3.2.12)
|
38
|
+
activesupport (= 3.2.12)
|
31
39
|
arel (~> 3.0.2)
|
32
40
|
tzinfo (~> 0.3.29)
|
33
|
-
activeresource (3.2.
|
34
|
-
activemodel (= 3.2.
|
35
|
-
activesupport (= 3.2.
|
36
|
-
activesupport (3.2.
|
41
|
+
activeresource (3.2.12)
|
42
|
+
activemodel (= 3.2.12)
|
43
|
+
activesupport (= 3.2.12)
|
44
|
+
activesupport (3.2.12)
|
37
45
|
i18n (~> 0.6)
|
38
46
|
multi_json (~> 1.0)
|
39
|
-
|
40
|
-
appraisal (0.4.1)
|
47
|
+
appraisal (0.5.2)
|
41
48
|
bundler
|
42
49
|
rake
|
43
50
|
arel (3.0.2)
|
44
|
-
aruba (0.
|
45
|
-
childprocess (>= 0.
|
51
|
+
aruba (0.5.3)
|
52
|
+
childprocess (>= 0.3.6)
|
46
53
|
cucumber (>= 1.1.1)
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
mocha (= 0.13.0)
|
54
|
+
rspec-expectations (>= 2.7.0)
|
55
|
+
bcrypt-ruby (3.1.1)
|
56
|
+
bourne (1.4.0)
|
57
|
+
mocha (~> 0.13.2)
|
52
58
|
builder (3.0.4)
|
53
|
-
capybara (
|
59
|
+
capybara (2.0.3)
|
54
60
|
mime-types (>= 1.16)
|
55
61
|
nokogiri (>= 1.3.3)
|
56
62
|
rack (>= 1.0.0)
|
57
63
|
rack-test (>= 0.5.4)
|
58
64
|
selenium-webdriver (~> 2.0)
|
59
|
-
xpath (~> 0.
|
60
|
-
childprocess (0.3.
|
61
|
-
ffi (~> 1.0, >= 1.0.
|
62
|
-
cucumber (1.2
|
65
|
+
xpath (~> 1.0.0)
|
66
|
+
childprocess (0.3.9)
|
67
|
+
ffi (~> 1.0, >= 1.0.11)
|
68
|
+
cucumber (1.3.2)
|
63
69
|
builder (>= 2.1.2)
|
64
70
|
diff-lcs (>= 1.1.3)
|
65
|
-
gherkin (~> 2.
|
66
|
-
|
67
|
-
cucumber-rails (1.
|
68
|
-
capybara (>= 1.1.
|
69
|
-
cucumber (>= 1.
|
71
|
+
gherkin (~> 2.12.0)
|
72
|
+
multi_json (~> 1.3)
|
73
|
+
cucumber-rails (1.3.1)
|
74
|
+
capybara (>= 1.1.2)
|
75
|
+
cucumber (>= 1.2.0)
|
70
76
|
nokogiri (>= 1.5.0)
|
71
|
-
|
72
|
-
|
73
|
-
|
77
|
+
rails (~> 3.0)
|
78
|
+
database_cleaner (1.0.1)
|
79
|
+
diff-lcs (1.2.4)
|
80
|
+
email_validator (1.4.0)
|
74
81
|
activemodel
|
75
82
|
erubis (2.7.0)
|
76
|
-
factory_girl (
|
83
|
+
factory_girl (4.2.0)
|
77
84
|
activesupport (>= 3.0.0)
|
78
|
-
factory_girl_rails (
|
79
|
-
factory_girl (~>
|
85
|
+
factory_girl_rails (4.2.1)
|
86
|
+
factory_girl (~> 4.2.0)
|
80
87
|
railties (>= 3.0.0)
|
81
|
-
ffi (1.
|
82
|
-
gherkin (2.
|
83
|
-
|
84
|
-
hike (1.2.
|
85
|
-
i18n (0.6.
|
88
|
+
ffi (1.9.0)
|
89
|
+
gherkin (2.12.0)
|
90
|
+
multi_json (~> 1.3)
|
91
|
+
hike (1.2.3)
|
92
|
+
i18n (0.6.4)
|
93
|
+
jbuilder (1.4.2)
|
94
|
+
activesupport (>= 3.0.0)
|
95
|
+
multi_json (>= 1.2.0)
|
86
96
|
journey (1.0.4)
|
87
|
-
json (1.
|
88
|
-
libwebsocket (0.1.4)
|
89
|
-
addressable
|
97
|
+
json (1.8.0)
|
90
98
|
mail (2.4.4)
|
91
99
|
i18n (>= 0.4.0)
|
92
100
|
mime-types (~> 1.16)
|
93
101
|
treetop (~> 1.4.8)
|
94
102
|
metaclass (0.0.1)
|
95
|
-
mime-types (1.
|
96
|
-
|
103
|
+
mime-types (1.23)
|
104
|
+
mini_portile (0.5.0)
|
105
|
+
mocha (0.13.3)
|
97
106
|
metaclass (~> 0.0.1)
|
98
|
-
multi_json (1.
|
99
|
-
nokogiri (1.
|
107
|
+
multi_json (1.7.7)
|
108
|
+
nokogiri (1.6.0)
|
109
|
+
mini_portile (~> 0.5.0)
|
100
110
|
polyglot (0.3.3)
|
101
|
-
|
102
|
-
rack (1.4.4)
|
111
|
+
rack (1.4.5)
|
103
112
|
rack-cache (1.2)
|
104
113
|
rack (>= 0.4)
|
105
114
|
rack-ssl (1.3.3)
|
106
115
|
rack
|
107
116
|
rack-test (0.6.2)
|
108
117
|
rack (>= 1.0)
|
109
|
-
rails (3.2.
|
110
|
-
actionmailer (= 3.2.
|
111
|
-
actionpack (= 3.2.
|
112
|
-
activerecord (= 3.2.
|
113
|
-
activeresource (= 3.2.
|
114
|
-
activesupport (= 3.2.
|
118
|
+
rails (3.2.12)
|
119
|
+
actionmailer (= 3.2.12)
|
120
|
+
actionpack (= 3.2.12)
|
121
|
+
activerecord (= 3.2.12)
|
122
|
+
activeresource (= 3.2.12)
|
123
|
+
activesupport (= 3.2.12)
|
115
124
|
bundler (~> 1.0)
|
116
|
-
railties (= 3.2.
|
117
|
-
railties (3.2.
|
118
|
-
actionpack (= 3.2.
|
119
|
-
activesupport (= 3.2.
|
125
|
+
railties (= 3.2.12)
|
126
|
+
railties (3.2.12)
|
127
|
+
actionpack (= 3.2.12)
|
128
|
+
activesupport (= 3.2.12)
|
120
129
|
rack-ssl (~> 1.3.2)
|
121
130
|
rake (>= 0.8.7)
|
122
131
|
rdoc (~> 3.4)
|
123
132
|
thor (>= 0.14.6, < 2.0)
|
124
|
-
rake (10.0
|
125
|
-
rdoc (3.12)
|
133
|
+
rake (10.1.0)
|
134
|
+
rdoc (3.12.2)
|
126
135
|
json (~> 1.4)
|
127
|
-
rspec (2.
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
rspec-
|
132
|
-
rspec-expectations (2.12.1)
|
133
|
-
diff-lcs (~> 1.1.3)
|
134
|
-
rspec-mocks (2.12.2)
|
135
|
-
rspec-rails (2.12.2)
|
136
|
+
rspec-core (2.13.1)
|
137
|
+
rspec-expectations (2.13.0)
|
138
|
+
diff-lcs (>= 1.1.3, < 2.0)
|
139
|
+
rspec-mocks (2.13.1)
|
140
|
+
rspec-rails (2.13.2)
|
136
141
|
actionpack (>= 3.0)
|
137
142
|
activesupport (>= 3.0)
|
138
143
|
railties (>= 3.0)
|
139
|
-
rspec-core (~> 2.
|
140
|
-
rspec-expectations (~> 2.
|
141
|
-
rspec-mocks (~> 2.
|
144
|
+
rspec-core (~> 2.13.0)
|
145
|
+
rspec-expectations (~> 2.13.0)
|
146
|
+
rspec-mocks (~> 2.13.0)
|
142
147
|
rubyzip (0.9.9)
|
143
|
-
|
148
|
+
sdoc (0.3.20)
|
149
|
+
json (>= 1.1.3)
|
150
|
+
rdoc (~> 3.10)
|
151
|
+
selenium-webdriver (2.33.0)
|
144
152
|
childprocess (>= 0.2.5)
|
145
|
-
libwebsocket (~> 0.1.3)
|
146
153
|
multi_json (~> 1.0)
|
147
154
|
rubyzip
|
148
|
-
|
149
|
-
|
150
|
-
sprockets (2.1.3)
|
155
|
+
websocket (~> 1.0.4)
|
156
|
+
sprockets (2.2.2)
|
151
157
|
hike (~> 1.2)
|
158
|
+
multi_json (~> 1.0)
|
152
159
|
rack (~> 1.0)
|
153
160
|
tilt (~> 1.1, != 1.3.0)
|
154
161
|
sqlite3 (1.3.6)
|
155
|
-
thor (0.
|
156
|
-
tilt (1.
|
157
|
-
timecop (0.
|
158
|
-
treetop (1.4.
|
162
|
+
thor (0.18.1)
|
163
|
+
tilt (1.4.1)
|
164
|
+
timecop (0.6.1)
|
165
|
+
treetop (1.4.14)
|
159
166
|
polyglot
|
160
167
|
polyglot (>= 0.3.1)
|
161
168
|
tzinfo (0.3.37)
|
162
|
-
|
169
|
+
websocket (1.0.7)
|
170
|
+
xpath (1.0.0)
|
163
171
|
nokogiri (~> 1.3)
|
164
172
|
|
165
173
|
PLATFORMS
|
166
174
|
ruby
|
167
175
|
|
168
176
|
DEPENDENCIES
|
169
|
-
appraisal (
|
170
|
-
aruba (
|
171
|
-
bourne (
|
172
|
-
bundler (~> 1.
|
173
|
-
capybara (
|
177
|
+
appraisal (~> 0.5)
|
178
|
+
aruba (~> 0.5)
|
179
|
+
bourne (~> 1.4)
|
180
|
+
bundler (~> 1.3)
|
181
|
+
capybara (~> 2.0.3)
|
174
182
|
clearance!
|
175
|
-
cucumber-rails (
|
176
|
-
database_cleaner (
|
177
|
-
factory_girl_rails (
|
178
|
-
|
179
|
-
rspec-rails (
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
+
cucumber-rails (~> 1.3)
|
184
|
+
database_cleaner (~> 1.0)
|
185
|
+
factory_girl_rails (~> 4.2)
|
186
|
+
jbuilder (~> 1.2)
|
187
|
+
rspec-rails (~> 2.13)
|
188
|
+
sdoc
|
189
|
+
shoulda-matchers!
|
190
|
+
sqlite3 (~> 1.3)
|
191
|
+
timecop (~> 0.6)
|
data/NEWS.md
CHANGED
@@ -1,13 +1,15 @@
|
|
1
|
-
Thank you to all the [contributors](https://github.com/thoughtbot/clearance/contributors)!
|
1
|
+
Thank you to all the [contributors](https://github.com/thoughtbot/clearance/graphs/contributors)!
|
2
2
|
|
3
3
|
New for 1.0.0:
|
4
4
|
|
5
|
+
* Support Rails 4.
|
5
6
|
* Change default password strategy to BCrypt.
|
6
7
|
* Speed up test suites using `::BCrypt::Engine::MIN_COST`.
|
7
8
|
* Speed up integration suites with `Clearance::BackDoor`.
|
8
9
|
* Replace email regular expression with `EmailValidator` gem.
|
9
10
|
* Provide `BCryptMigrationFromSHA1` password strategy to help people migrate from
|
10
11
|
SHA1 (the old default password strategy) to BCrypt (the new default).
|
12
|
+
* Support Ruby 2.
|
11
13
|
* Require > Ruby 1.9.
|
12
14
|
* More extension points in more controllers.
|
13
15
|
* The `email`, `encrypted_password`, and `remember_token` fields of the users
|
@@ -21,12 +23,14 @@ New for 1.0.0:
|
|
21
23
|
`password_required?`.
|
22
24
|
* `PasswordsController` `params[:user]` has changed to `params[:password_reset]`
|
23
25
|
to avoid locale conflicts.
|
24
|
-
* Prepare for Rails 4.
|
25
|
-
* Prepare for Ruby 2.
|
26
26
|
* Remove `unloadable` from controllers (Rails 4 bug fix in development
|
27
27
|
environment).
|
28
28
|
* Add `redirect_url` configuration option.
|
29
29
|
* Add `secure_cookie` configuration option.
|
30
|
+
* Unauthorized API requests return HTTP status 401 rather than a redirect
|
31
|
+
to the sign in page.
|
32
|
+
* Remove support for supplying `return_to` value via request parameter.
|
33
|
+
* Reduce extra user lookups when adding cookie to headers.
|
30
34
|
|
31
35
|
New for 0.16.2 (May 11, 2012):
|
32
36
|
|
data/README.md
CHANGED
@@ -1,10 +1,8 @@
|
|
1
1
|
Clearance
|
2
2
|
=========
|
3
3
|
|
4
|
-
[![Build
|
5
|
-
|
6
|
-
[![Code
|
7
|
-
Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/thoughtbot/clearance)
|
4
|
+
[![Build Status](https://secure.travis-ci.org/thoughtbot/clearance.png)](http://travis-ci.org/thoughtbot/clearance?branch=master)
|
5
|
+
[![Code Climate](https://codeclimate.com/github/thoughtbot/clearance.png)](https://codeclimate.com/github/thoughtbot/clearance)
|
8
6
|
[![Dependency Status](https://gemnasium.com/thoughtbot/clearance.png)](https://gemnasium.com/thoughtbot/clearance)
|
9
7
|
|
10
8
|
Rails authentication with email & password.
|
@@ -19,12 +17,14 @@ Read [CONTRIBUTING.md](/CONTRIBUTING.md) to contribute.
|
|
19
17
|
Install
|
20
18
|
-------
|
21
19
|
|
22
|
-
Clearance is a Rails engine tested against
|
23
|
-
|
20
|
+
Clearance is a Rails engine tested against Rails `>= 3.2` and Ruby `>= 1.9.3`.
|
21
|
+
It works with Rails 4 and Ruby 2.
|
24
22
|
|
25
23
|
Include the gem in your Gemfile:
|
26
24
|
|
27
|
-
|
25
|
+
```ruby
|
26
|
+
gem 'clearance', '1.0.0.rc7'
|
27
|
+
```
|
28
28
|
|
29
29
|
Bundle:
|
30
30
|
|
@@ -53,14 +53,17 @@ Configure
|
|
53
53
|
|
54
54
|
Override any of these defaults in `config/initializers/clearance.rb`:
|
55
55
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
56
|
+
```ruby
|
57
|
+
Clearance.configure do |config|
|
58
|
+
config.cookie_expiration = lambda { 1.year.from_now.utc }
|
59
|
+
config.httponly = false
|
60
|
+
config.secure_cookie = false
|
61
|
+
config.mailer_sender = 'reply@example.com'
|
62
|
+
config.password_strategy = Clearance::PasswordStrategies::BCrypt
|
63
|
+
config.user_model = User
|
64
|
+
config.redirect_url = '/'
|
65
|
+
end
|
66
|
+
```
|
64
67
|
|
65
68
|
Use
|
66
69
|
---
|
@@ -68,66 +71,78 @@ Use
|
|
68
71
|
Use `current_user`, `signed_in?`, and `signed_out?` in controllers, views, and
|
69
72
|
helpers. For example:
|
70
73
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
74
|
+
```haml
|
75
|
+
- if signed_in?
|
76
|
+
= current_user.email
|
77
|
+
= link_to 'Sign out', sign_out_path, method: :delete
|
78
|
+
- else
|
79
|
+
= link_to 'Sign in', sign_in_path
|
80
|
+
```
|
76
81
|
|
77
82
|
To authenticate a user elsewhere than `sessions/new` (like in an API):
|
78
83
|
|
79
|
-
|
84
|
+
```ruby
|
85
|
+
User.authenticate 'email@example.com', 'password'
|
86
|
+
```
|
80
87
|
|
81
88
|
When a user resets their password, Clearance delivers them an email. So, you
|
82
89
|
should change the `mailer_sender` default, used in the email's "from" header:
|
83
90
|
|
84
|
-
|
85
|
-
|
86
|
-
|
91
|
+
```ruby
|
92
|
+
Clearance.configure do |config|
|
93
|
+
config.mailer_sender = 'reply@example.com'
|
94
|
+
end
|
95
|
+
```
|
87
96
|
|
88
97
|
Use `authorize` to control access in controllers:
|
89
98
|
|
90
|
-
|
91
|
-
|
99
|
+
```ruby
|
100
|
+
class ArticlesController < ApplicationController
|
101
|
+
before_filter :authorize
|
92
102
|
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
103
|
+
def index
|
104
|
+
current_user.articles
|
105
|
+
end
|
106
|
+
end
|
107
|
+
```
|
97
108
|
|
98
109
|
Or, you can authorize users in `config/routes.rb`:
|
99
110
|
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
111
|
+
```ruby
|
112
|
+
Blog::Application.routes.draw do
|
113
|
+
constraints Clearance::Constraints::SignedIn.new { |user| user.admin? } do
|
114
|
+
root to: 'admin'
|
115
|
+
end
|
104
116
|
|
105
|
-
|
106
|
-
|
107
|
-
|
117
|
+
constraints Clearance::Constraints::SignedIn.new do
|
118
|
+
root to: 'dashboard'
|
119
|
+
end
|
108
120
|
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
121
|
+
constraints Clearance::Constraints::SignedOut.new do
|
122
|
+
root to: 'marketing'
|
123
|
+
end
|
124
|
+
end
|
125
|
+
```
|
113
126
|
|
114
127
|
Clearance adds its session to the Rack environment hash so middleware and other
|
115
128
|
Rack applications can interact with it:
|
116
129
|
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
def call(env)
|
123
|
-
if env[:clearance].signed_in?
|
124
|
-
env[:clearance].current_user.bubble_gum
|
125
|
-
end
|
130
|
+
```ruby
|
131
|
+
class Bubblegum::Middleware
|
132
|
+
def initialize(app)
|
133
|
+
@app = app
|
134
|
+
end
|
126
135
|
|
127
|
-
|
128
|
-
|
136
|
+
def call(env)
|
137
|
+
if env[:clearance].signed_in?
|
138
|
+
env[:clearance].current_user.bubble_gum
|
129
139
|
end
|
130
140
|
|
141
|
+
@app.call(env)
|
142
|
+
end
|
143
|
+
end
|
144
|
+
```
|
145
|
+
|
131
146
|
Overriding routes
|
132
147
|
-----------------
|
133
148
|
|
@@ -135,7 +150,9 @@ See [config/routes.rb](/config/routes.rb) for the default behavior.
|
|
135
150
|
|
136
151
|
To override a Clearance route, redefine it:
|
137
152
|
|
138
|
-
|
153
|
+
```ruby
|
154
|
+
resource :session, controller: 'sessions'
|
155
|
+
```
|
139
156
|
|
140
157
|
Overriding controllers
|
141
158
|
----------------------
|
@@ -145,9 +162,11 @@ behavior.
|
|
145
162
|
|
146
163
|
To override a Clearance controller, subclass it:
|
147
164
|
|
148
|
-
|
149
|
-
|
150
|
-
|
165
|
+
```ruby
|
166
|
+
class PasswordsController < Clearance::PasswordsController
|
167
|
+
class SessionsController < Clearance::SessionsController
|
168
|
+
class UsersController < Clearance::UsersController
|
169
|
+
```
|
151
170
|
|
152
171
|
Then, override public methods:
|
153
172
|
|
@@ -181,6 +200,21 @@ Or, override private methods:
|
|
181
200
|
users#url_after_create
|
182
201
|
users#user_from_params
|
183
202
|
|
203
|
+
All of these controller methods redirect to `'/'` by default:
|
204
|
+
|
205
|
+
passwords#url_after_update
|
206
|
+
sessions#url_after_create
|
207
|
+
users#url_after_create
|
208
|
+
application#url_after_denied_access_when_signed_in
|
209
|
+
|
210
|
+
To override them all at once, change the global configuration:
|
211
|
+
|
212
|
+
```ruby
|
213
|
+
Clearance.configure do |config|
|
214
|
+
config.redirect_url = '/overriden'
|
215
|
+
end
|
216
|
+
```
|
217
|
+
|
184
218
|
Overriding translations
|
185
219
|
-----------------------
|
186
220
|
|
@@ -218,18 +252,18 @@ See [lib/clearance/user.rb](/lib/clearance/user.rb) for the default behavior.
|
|
218
252
|
|
219
253
|
To override the model, redefine public methods:
|
220
254
|
|
221
|
-
.authenticate(email, password)
|
222
|
-
#forgot_password!
|
223
|
-
#reset_remember_token!
|
224
|
-
#update_password(new_password)
|
255
|
+
User.authenticate(email, password)
|
256
|
+
User#forgot_password!
|
257
|
+
User#reset_remember_token!
|
258
|
+
User#update_password(new_password)
|
225
259
|
|
226
260
|
Or, redefine private methods:
|
227
261
|
|
228
|
-
#email_optional?
|
229
|
-
#generate_confirmation_token
|
230
|
-
#generate_remember_token
|
231
|
-
#normalize_email
|
232
|
-
#password_optional?
|
262
|
+
User#email_optional?
|
263
|
+
User#generate_confirmation_token
|
264
|
+
User#generate_remember_token
|
265
|
+
User#normalize_email
|
266
|
+
User#password_optional?
|
233
267
|
|
234
268
|
Overriding the password strategy
|
235
269
|
--------------------------------
|
@@ -242,16 +276,20 @@ for the default behavior.
|
|
242
276
|
|
243
277
|
Change your password strategy in `config/initializers/clearance.rb:`
|
244
278
|
|
245
|
-
|
246
|
-
|
247
|
-
|
279
|
+
```ruby
|
280
|
+
Clearance.configure do |config|
|
281
|
+
config.password_strategy = Clearance::PasswordStrategies::SHA1
|
282
|
+
end
|
283
|
+
```
|
248
284
|
|
249
285
|
Clearance provides the following strategies:
|
250
286
|
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
|
287
|
+
```ruby
|
288
|
+
Clearance::PasswordStrategies::BCrypt
|
289
|
+
Clearance::PasswordStrategies::BCryptMigrationFromSHA1
|
290
|
+
Clearance::PasswordStrategies::Blowfish
|
291
|
+
Clearance::PasswordStrategies::SHA1
|
292
|
+
```
|
255
293
|
|
256
294
|
The previous default password strategy was SHA1.
|
257
295
|
|
@@ -268,67 +306,66 @@ switch to BCrypt transparently, use
|
|
268
306
|
The SHA1 and Blowfish password strategies require an additional `salt` column in
|
269
307
|
the `users` table. Run this migration before switching to SHA or Blowfish:
|
270
308
|
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
309
|
+
```ruby
|
310
|
+
class AddSaltToUsers < ActiveRecord::Migration
|
311
|
+
def change
|
312
|
+
add_column :users, :salt, :string, limit: 128
|
313
|
+
end
|
314
|
+
end
|
315
|
+
```
|
276
316
|
|
277
317
|
You can write a custom password strategy that has two instance methods:
|
278
318
|
|
279
|
-
|
280
|
-
|
281
|
-
|
319
|
+
```ruby
|
320
|
+
module CustomPasswordStrategy
|
321
|
+
def authenticated?
|
322
|
+
end
|
282
323
|
|
283
|
-
|
284
|
-
|
285
|
-
|
324
|
+
def password=(new_password)
|
325
|
+
end
|
326
|
+
end
|
286
327
|
|
287
|
-
|
288
|
-
|
289
|
-
|
328
|
+
Clearance.configure do |config|
|
329
|
+
config.password_strategy = CustomPasswordStrategy
|
330
|
+
end
|
331
|
+
```
|
290
332
|
|
291
|
-
Optional
|
292
|
-
|
333
|
+
Optional feature specs
|
334
|
+
----------------------
|
293
335
|
|
294
|
-
|
336
|
+
You can generate feature specs to help prevent regressions in Clearance's
|
337
|
+
integration with your Rails app over time.
|
295
338
|
|
296
|
-
|
297
|
-
* Factory Girl
|
298
|
-
* RSpec
|
339
|
+
Edit your `Gemfile` to include the dependencies:
|
299
340
|
|
300
|
-
|
301
|
-
|
341
|
+
```ruby
|
342
|
+
gem 'capybara', '~> 2.0'
|
343
|
+
gem 'factory_girl_rails', '~> 4.2'
|
344
|
+
gem 'rspec-rails', '~> 2.13'
|
345
|
+
```
|
302
346
|
|
303
|
-
|
347
|
+
Generate RSpec files:
|
304
348
|
|
305
349
|
rails generate rspec:install
|
306
350
|
|
307
|
-
|
351
|
+
Generate Clearance specs:
|
308
352
|
|
309
353
|
rails generate clearance:specs
|
310
354
|
|
311
|
-
|
312
|
-
|
313
|
-
gem 'factory_girl_rails'
|
314
|
-
|
315
|
-
Edit `config/enviroments/test.rb` to include the following:
|
316
|
-
|
317
|
-
config.action_mailer.default_url_options = { host: 'localhost:3000' }
|
318
|
-
|
319
|
-
Then run your tests!
|
355
|
+
Run the specs:
|
320
356
|
|
321
357
|
rake
|
322
358
|
|
323
|
-
Testing
|
324
|
-
|
325
|
-
|
326
|
-
If you want to write Rails functional tests or controller specs with Clearance,
|
327
|
-
you'll need to require the included test helpers and matchers.
|
359
|
+
Testing authorized controller actions
|
360
|
+
-------------------------------------
|
328
361
|
|
329
|
-
|
362
|
+
To test controller actions that are protected by `before_filter :authorize`,
|
363
|
+
include Clearance's test helpers and matchers in `spec/support/clearance.rb` or
|
364
|
+
`test/test_helper.rb`:
|
330
365
|
|
331
|
-
|
366
|
+
```ruby
|
367
|
+
require 'clearance/testing'
|
368
|
+
```
|
332
369
|
|
333
370
|
This will make `Clearance::Controller` methods work in your controllers
|
334
371
|
during functional tests and provide access to helper methods like:
|
@@ -343,28 +380,57 @@ And matchers like:
|
|
343
380
|
|
344
381
|
Example:
|
345
382
|
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
383
|
+
```ruby
|
384
|
+
context 'a guest' do
|
385
|
+
before do
|
386
|
+
get :show
|
387
|
+
end
|
350
388
|
|
351
|
-
|
352
|
-
|
389
|
+
it { should deny_access }
|
390
|
+
end
|
353
391
|
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
392
|
+
context 'a user' do
|
393
|
+
before do
|
394
|
+
sign_in
|
395
|
+
get :show
|
396
|
+
end
|
359
397
|
|
360
|
-
|
361
|
-
|
398
|
+
it { should respond_with(:success) }
|
399
|
+
end
|
400
|
+
```
|
362
401
|
|
363
402
|
You may want to customize the tests:
|
364
403
|
|
365
|
-
|
366
|
-
|
367
|
-
|
404
|
+
```ruby
|
405
|
+
it { should deny_access }
|
406
|
+
it { should deny_access(flash: 'Denied access.') }
|
407
|
+
it { should deny_access(redirect: sign_in_url) }
|
408
|
+
```
|
409
|
+
|
410
|
+
Faster tests
|
411
|
+
------------
|
412
|
+
|
413
|
+
Clearance includes middleware that avoids wasting time spent visiting, loading,
|
414
|
+
and submitting the sign in form. It instead signs in the designated
|
415
|
+
user directly. The speed increase can be
|
416
|
+
[substantial](http://robots.thoughtbot.com/post/37907699673/faster-tests-sign-in-through-the-back-door).
|
417
|
+
|
418
|
+
Configuration:
|
419
|
+
|
420
|
+
```ruby
|
421
|
+
# config/environments/test.rb
|
422
|
+
MyRailsApp::Application.configure do
|
423
|
+
# ...
|
424
|
+
config.middleware.use Clearance::BackDoor
|
425
|
+
# ...
|
426
|
+
end
|
427
|
+
```
|
428
|
+
|
429
|
+
Usage:
|
430
|
+
|
431
|
+
```ruby
|
432
|
+
visit root_path(as: user)
|
433
|
+
```
|
368
434
|
|
369
435
|
Credits
|
370
436
|
-------
|
@@ -372,7 +438,7 @@ Credits
|
|
372
438
|
![thoughtbot](http://thoughtbot.com/images/tm/logo.png)
|
373
439
|
|
374
440
|
Clearance is maintained by [thoughtbot, inc](http://thoughtbot.com/community)
|
375
|
-
and [contributors](/thoughtbot/clearance/contributors) like you. Thank you!
|
441
|
+
and [contributors](/thoughtbot/clearance/graphs/contributors) like you. Thank you!
|
376
442
|
|
377
443
|
License
|
378
444
|
-------
|