clearance 1.10.1 → 1.11.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +59 -56
- data/NEWS.md +23 -1
- data/README.md +26 -12
- data/app/controllers/clearance/passwords_controller.rb +8 -16
- data/lib/clearance/configuration.rb +2 -2
- data/lib/clearance/constraints/signed_in.rb +17 -0
- data/lib/clearance/constraints/signed_out.rb +10 -0
- data/lib/clearance/password_strategies.rb +13 -0
- data/lib/clearance/password_strategies/bcrypt.rb +6 -0
- data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +1 -0
- data/lib/clearance/password_strategies/blowfish.rb +1 -0
- data/lib/clearance/password_strategies/sha1.rb +1 -0
- data/lib/clearance/rspec.rb +15 -4
- data/lib/clearance/session.rb +1 -1
- data/lib/clearance/test_unit.rb +3 -3
- data/lib/clearance/testing/controller_helpers.rb +35 -0
- data/lib/clearance/testing/helpers.rb +9 -25
- data/lib/clearance/testing/view_helpers.rb +32 -0
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb +1 -1
- data/lib/generators/clearance/install/templates/db/migrate/create_users.rb +3 -4
- data/lib/generators/clearance/routes/routes_generator.rb +8 -0
- data/lib/generators/clearance/routes/templates/routes.rb +10 -10
- data/spec/acceptance/clearance_installation_spec.rb +4 -1
- data/spec/app_templates/config/initializers/clearance.rb +2 -0
- data/spec/clearance/testing/{helpers_spec.rb → controller_helpers_spec.rb} +7 -7
- data/spec/clearance/testing/view_helpers_spec.rb +37 -0
- data/spec/controllers/passwords_controller_spec.rb +1 -11
- data/spec/generators/clearance/routes/routes_generator_spec.rb +5 -1
- data/spec/helpers/helper_helpers_spec.rb +10 -0
- data/spec/support/generator_spec_helpers.rb +4 -0
- data/spec/user_spec.rb +9 -0
- data/spec/views/view_helpers_spec.rb +10 -0
- metadata +9 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6a5021a3a8f7df39932a7292ca2fe1c4156208c3
|
4
|
+
data.tar.gz: 9b3370145ee988d6d3454caf60b40726b41aa891
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 652f59e34e1b09d920c078c61bf3ebdecf6bb7d076b76b2af8318feb5661696e820bb4b6cf0a79958b05ec13295ea935a417de4eddb8a9d3c2bbf624fd832df3
|
7
|
+
data.tar.gz: 07178616436a36b4572dc24501aba0b75361cf080847d5f2382459fa1bc5d917a14f003e53843febe6061f93f8f8d9dd9968249637c2f986ca5cd5bb3d176208
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (1.
|
4
|
+
clearance (1.11.0)
|
5
5
|
bcrypt
|
6
6
|
email_validator (~> 1.4)
|
7
7
|
rails (>= 3.1)
|
@@ -9,36 +9,36 @@ PATH
|
|
9
9
|
GEM
|
10
10
|
remote: https://rubygems.org/
|
11
11
|
specs:
|
12
|
-
actionmailer (4.2.
|
13
|
-
actionpack (= 4.2.
|
14
|
-
actionview (= 4.2.
|
15
|
-
activejob (= 4.2.
|
12
|
+
actionmailer (4.2.1)
|
13
|
+
actionpack (= 4.2.1)
|
14
|
+
actionview (= 4.2.1)
|
15
|
+
activejob (= 4.2.1)
|
16
16
|
mail (~> 2.5, >= 2.5.4)
|
17
17
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
18
|
-
actionpack (4.2.
|
19
|
-
actionview (= 4.2.
|
20
|
-
activesupport (= 4.2.
|
21
|
-
rack (~> 1.6
|
18
|
+
actionpack (4.2.1)
|
19
|
+
actionview (= 4.2.1)
|
20
|
+
activesupport (= 4.2.1)
|
21
|
+
rack (~> 1.6)
|
22
22
|
rack-test (~> 0.6.2)
|
23
23
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
24
24
|
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
25
|
-
actionview (4.2.
|
26
|
-
activesupport (= 4.2.
|
25
|
+
actionview (4.2.1)
|
26
|
+
activesupport (= 4.2.1)
|
27
27
|
builder (~> 3.1)
|
28
28
|
erubis (~> 2.7.0)
|
29
29
|
rails-dom-testing (~> 1.0, >= 1.0.5)
|
30
30
|
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
31
|
-
activejob (4.2.
|
32
|
-
activesupport (= 4.2.
|
31
|
+
activejob (4.2.1)
|
32
|
+
activesupport (= 4.2.1)
|
33
33
|
globalid (>= 0.3.0)
|
34
|
-
activemodel (4.2.
|
35
|
-
activesupport (= 4.2.
|
34
|
+
activemodel (4.2.1)
|
35
|
+
activesupport (= 4.2.1)
|
36
36
|
builder (~> 3.1)
|
37
|
-
activerecord (4.2.
|
38
|
-
activemodel (= 4.2.
|
39
|
-
activesupport (= 4.2.
|
37
|
+
activerecord (4.2.1)
|
38
|
+
activemodel (= 4.2.1)
|
39
|
+
activesupport (= 4.2.1)
|
40
40
|
arel (~> 6.0)
|
41
|
-
activesupport (4.2.
|
41
|
+
activesupport (4.2.1)
|
42
42
|
i18n (~> 0.7)
|
43
43
|
json (~> 1.7, >= 1.7.7)
|
44
44
|
minitest (~> 5.1)
|
@@ -48,11 +48,11 @@ GEM
|
|
48
48
|
activesupport (>= 3.0)
|
49
49
|
railties (>= 3.0)
|
50
50
|
rspec-rails (>= 2.2)
|
51
|
-
appraisal (1.0.
|
51
|
+
appraisal (1.0.3)
|
52
52
|
bundler
|
53
53
|
rake
|
54
54
|
thor (>= 0.14.0)
|
55
|
-
arel (6.0.
|
55
|
+
arel (6.0.3)
|
56
56
|
bcrypt (3.1.10)
|
57
57
|
builder (3.2.2)
|
58
58
|
capybara (2.4.4)
|
@@ -62,7 +62,7 @@ GEM
|
|
62
62
|
rack-test (>= 0.5.4)
|
63
63
|
xpath (~> 2.0)
|
64
64
|
coderay (1.1.0)
|
65
|
-
database_cleaner (1.
|
65
|
+
database_cleaner (1.4.1)
|
66
66
|
diff-lcs (1.2.5)
|
67
67
|
email_validator (1.6.0)
|
68
68
|
activemodel
|
@@ -72,18 +72,18 @@ GEM
|
|
72
72
|
factory_girl_rails (4.5.0)
|
73
73
|
factory_girl (~> 4.5.0)
|
74
74
|
railties (>= 3.0.0)
|
75
|
-
globalid (0.3.
|
75
|
+
globalid (0.3.6)
|
76
76
|
activesupport (>= 4.1.0)
|
77
77
|
i18n (0.7.0)
|
78
|
-
json (1.8.
|
78
|
+
json (1.8.3)
|
79
79
|
loofah (2.0.2)
|
80
80
|
nokogiri (>= 1.5.9)
|
81
81
|
mail (2.6.3)
|
82
82
|
mime-types (>= 1.16, < 3)
|
83
83
|
method_source (0.8.2)
|
84
|
-
mime-types (2.
|
84
|
+
mime-types (2.6.1)
|
85
85
|
mini_portile (0.6.2)
|
86
|
-
minitest (5.
|
86
|
+
minitest (5.7.0)
|
87
87
|
nokogiri (1.6.6.2)
|
88
88
|
mini_portile (~> 0.6.0)
|
89
89
|
pry (0.10.1)
|
@@ -93,16 +93,16 @@ GEM
|
|
93
93
|
rack (1.6.1)
|
94
94
|
rack-test (0.6.3)
|
95
95
|
rack (>= 1.0)
|
96
|
-
rails (4.2.
|
97
|
-
actionmailer (= 4.2.
|
98
|
-
actionpack (= 4.2.
|
99
|
-
actionview (= 4.2.
|
100
|
-
activejob (= 4.2.
|
101
|
-
activemodel (= 4.2.
|
102
|
-
activerecord (= 4.2.
|
103
|
-
activesupport (= 4.2.
|
96
|
+
rails (4.2.1)
|
97
|
+
actionmailer (= 4.2.1)
|
98
|
+
actionpack (= 4.2.1)
|
99
|
+
actionview (= 4.2.1)
|
100
|
+
activejob (= 4.2.1)
|
101
|
+
activemodel (= 4.2.1)
|
102
|
+
activerecord (= 4.2.1)
|
103
|
+
activesupport (= 4.2.1)
|
104
104
|
bundler (>= 1.3.0, < 2.0)
|
105
|
-
railties (= 4.2.
|
105
|
+
railties (= 4.2.1)
|
106
106
|
sprockets-rails
|
107
107
|
rails-deprecated_sanitizer (1.0.3)
|
108
108
|
activesupport (>= 4.2.0.alpha)
|
@@ -112,42 +112,42 @@ GEM
|
|
112
112
|
rails-deprecated_sanitizer (>= 1.0.1)
|
113
113
|
rails-html-sanitizer (1.0.2)
|
114
114
|
loofah (~> 2.0)
|
115
|
-
railties (4.2.
|
116
|
-
actionpack (= 4.2.
|
117
|
-
activesupport (= 4.2.
|
115
|
+
railties (4.2.1)
|
116
|
+
actionpack (= 4.2.1)
|
117
|
+
activesupport (= 4.2.1)
|
118
118
|
rake (>= 0.8.7)
|
119
119
|
thor (>= 0.18.1, < 2.0)
|
120
120
|
rake (10.4.2)
|
121
|
-
rspec-core (3.
|
122
|
-
rspec-support (~> 3.
|
123
|
-
rspec-expectations (3.
|
121
|
+
rspec-core (3.3.0)
|
122
|
+
rspec-support (~> 3.3.0)
|
123
|
+
rspec-expectations (3.3.0)
|
124
124
|
diff-lcs (>= 1.2.0, < 2.0)
|
125
|
-
rspec-support (~> 3.
|
126
|
-
rspec-mocks (3.
|
125
|
+
rspec-support (~> 3.3.0)
|
126
|
+
rspec-mocks (3.3.0)
|
127
127
|
diff-lcs (>= 1.2.0, < 2.0)
|
128
|
-
rspec-support (~> 3.
|
129
|
-
rspec-rails (3.
|
130
|
-
actionpack (>= 3.0,
|
131
|
-
activesupport (>= 3.0,
|
132
|
-
railties (>= 3.0,
|
133
|
-
rspec-core (~> 3.
|
134
|
-
rspec-expectations (~> 3.
|
135
|
-
rspec-mocks (~> 3.
|
136
|
-
rspec-support (~> 3.
|
137
|
-
rspec-support (3.
|
128
|
+
rspec-support (~> 3.3.0)
|
129
|
+
rspec-rails (3.3.0)
|
130
|
+
actionpack (>= 3.0, < 4.3)
|
131
|
+
activesupport (>= 3.0, < 4.3)
|
132
|
+
railties (>= 3.0, < 4.3)
|
133
|
+
rspec-core (~> 3.3.0)
|
134
|
+
rspec-expectations (~> 3.3.0)
|
135
|
+
rspec-mocks (~> 3.3.0)
|
136
|
+
rspec-support (~> 3.3.0)
|
137
|
+
rspec-support (3.3.0)
|
138
138
|
shoulda-matchers (2.8.0)
|
139
139
|
activesupport (>= 3.0.0)
|
140
140
|
slop (3.6.0)
|
141
|
-
sprockets (3.
|
141
|
+
sprockets (3.2.0)
|
142
142
|
rack (~> 1.0)
|
143
|
-
sprockets-rails (2.3.
|
143
|
+
sprockets-rails (2.3.2)
|
144
144
|
actionpack (>= 3.0)
|
145
145
|
activesupport (>= 3.0)
|
146
146
|
sprockets (>= 2.8, < 4.0)
|
147
147
|
sqlite3 (1.3.10)
|
148
148
|
thor (0.19.1)
|
149
149
|
thread_safe (0.3.5)
|
150
|
-
timecop (0.7.
|
150
|
+
timecop (0.7.4)
|
151
151
|
tzinfo (1.2.2)
|
152
152
|
thread_safe (~> 0.1)
|
153
153
|
xpath (2.0.0)
|
@@ -169,3 +169,6 @@ DEPENDENCIES
|
|
169
169
|
shoulda-matchers (~> 2.8)
|
170
170
|
sqlite3 (~> 1.3)
|
171
171
|
timecop (~> 0.6)
|
172
|
+
|
173
|
+
BUNDLED WITH
|
174
|
+
1.10.5
|
data/NEWS.md
CHANGED
@@ -1,7 +1,29 @@
|
|
1
1
|
# News
|
2
2
|
|
3
3
|
The noteworthy changes for each Clearance version are included here. For a
|
4
|
-
complete changelog, see the git history.
|
4
|
+
complete changelog, see the git history for each version via the version links.
|
5
|
+
|
6
|
+
## [1.11.0] - August 21, 2015
|
7
|
+
|
8
|
+
### Added
|
9
|
+
- Add `sign_in` and `sign_in_as` helper methods to view specs. These helpers
|
10
|
+
avoid errors from verified partial doubles that come from. See
|
11
|
+
[462c009].
|
12
|
+
|
13
|
+
### Fixed
|
14
|
+
- `clearance:routes` generator now properly disables internal routes in your
|
15
|
+
Clearance initializer.
|
16
|
+
- Clearance now accesses the cookie jar via ActionDispatch::Request rather than
|
17
|
+
`Rack::Request`. This is more consistent with what Rails does internally.
|
18
|
+
|
19
|
+
### Deprecated
|
20
|
+
- `Clearance::Testing::Helpers` has been deprecated in favor of
|
21
|
+
`Clearance::Testing::ControllerHelpers`. Most users are accessing these
|
22
|
+
helpers by requiring `clearance/rspec` or `clearance/test_unit` and should be
|
23
|
+
unaffected.
|
24
|
+
|
25
|
+
[462c009]: https://github.com/thoughtbot/clearance/commit/462c00965c14b2492500fbb4fecd7b84b9790bb9
|
26
|
+
[1.11.0]: https://github.com/thoughtbot/clearance/compare/v1.10.1...v1.11.0
|
5
27
|
|
6
28
|
## [1.10.1] - May 15, 2015
|
7
29
|
|
data/README.md
CHANGED
@@ -165,7 +165,9 @@ class UsersController < Clearance::UsersController
|
|
165
165
|
```
|
166
166
|
|
167
167
|
### Redirects
|
168
|
-
|
168
|
+
|
169
|
+
All of these controller methods redirect to
|
170
|
+
`Clearance.configuration.redirect_url` (which is `/` by default):
|
169
171
|
|
170
172
|
```
|
171
173
|
passwords#url_after_update
|
@@ -173,10 +175,13 @@ sessions#url_after_create
|
|
173
175
|
sessions#url_for_signed_in_users
|
174
176
|
users#url_after_create
|
175
177
|
application#url_after_denied_access_when_signed_in
|
176
|
-
application#url_after_denied_access_when_signed_out
|
177
178
|
```
|
178
179
|
|
179
180
|
To override them all at once, change the global configuration of `redirect_url`.
|
181
|
+
To change individual URLs, override the appropriate method.
|
182
|
+
|
183
|
+
`application#url_after_denied_access_when_signed_out` defaults to `sign_in_url`.
|
184
|
+
Override this method to change this.
|
180
185
|
|
181
186
|
### Views
|
182
187
|
|
@@ -363,6 +368,23 @@ sign_in_as(user)
|
|
363
368
|
sign_out
|
364
369
|
```
|
365
370
|
|
371
|
+
### View and Helper Spec Helpers
|
372
|
+
|
373
|
+
Does the view or helper you're testing reference `signed_in?`, `signed_out?` or
|
374
|
+
`current_user`? If you `require 'clearance/rspec'`, you will have the following
|
375
|
+
helpers available in your view specs:
|
376
|
+
|
377
|
+
```ruby
|
378
|
+
sign_in
|
379
|
+
sign_in_as(user)
|
380
|
+
```
|
381
|
+
|
382
|
+
These will make the clearance view helpers work as expected by signing in either
|
383
|
+
a new instance of your user model (`sign_in`) or the object you pass to
|
384
|
+
`sign_in_as`. If you do not call one of these sign in helpers or otherwise set
|
385
|
+
`current_user` in your view specs, your view will behave as if there is no
|
386
|
+
current user: `signed_in?` will be false and `signed_out?` will be true.
|
387
|
+
|
366
388
|
## Contributing
|
367
389
|
|
368
390
|
Please see [CONTRIBUTING.md].
|
@@ -371,12 +393,6 @@ Thank you, [contributors]!
|
|
371
393
|
[CONTRIBUTING.md]: /CONTRIBUTING.md
|
372
394
|
[contributors]: https://github.com/thoughtbot/clearance/graphs/contributors
|
373
395
|
|
374
|
-
## Need Help?
|
375
|
-
|
376
|
-
We offer 1-on-1 coaching. We can help you set up Clearance, write authentication
|
377
|
-
and authorization extensions for your application, and work out a permission and
|
378
|
-
role model which works for you. [Get in touch][coaching].
|
379
|
-
|
380
396
|
## License
|
381
397
|
|
382
398
|
Clearance is copyright © 2009 thoughtbot. It is free software, and may be
|
@@ -392,10 +408,8 @@ Clearance is maintained and funded by thoughtbot, inc.
|
|
392
408
|
The names and logos for thoughtbot are trademarks of thoughtbot, inc.
|
393
409
|
|
394
410
|
We love open source software!
|
395
|
-
See [our other projects][community]
|
396
|
-
[hire us][hire] to design, develop, and grow your product
|
397
|
-
or get in touch about [1-on-1 coaching][coaching].
|
411
|
+
See [our other projects][community] or
|
412
|
+
[hire us][hire] to design, develop, and grow your product.
|
398
413
|
|
399
414
|
[community]: https://thoughtbot.com/community?utm_source=github
|
400
415
|
[hire]: https://thoughtbot.com/hire-us?utm_source=github
|
401
|
-
[coaching]: http://coaching.thoughtbot.com/rails/?utm_source=github
|
@@ -3,8 +3,7 @@ require 'active_support/deprecation'
|
|
3
3
|
class Clearance::PasswordsController < Clearance::BaseController
|
4
4
|
skip_before_filter :require_login, only: [:create, :edit, :new, :update]
|
5
5
|
skip_before_filter :authorize, only: [:create, :edit, :new, :update]
|
6
|
-
before_filter :
|
7
|
-
before_filter :forbid_non_existent_user, only: [:edit, :update]
|
6
|
+
before_filter :ensure_existing_user, only: [:edit, :update]
|
8
7
|
|
9
8
|
def create
|
10
9
|
if user = find_user_for_create
|
@@ -76,6 +75,13 @@ class Clearance::PasswordsController < Clearance::BaseController
|
|
76
75
|
find_user_by_id_and_confirmation_token
|
77
76
|
end
|
78
77
|
|
78
|
+
def ensure_existing_user
|
79
|
+
unless find_user_by_id_and_confirmation_token
|
80
|
+
flash_failure_when_forbidden
|
81
|
+
render template: "passwords/new"
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
79
85
|
def flash_failure_when_forbidden
|
80
86
|
flash.now[:notice] = translate(:forbidden,
|
81
87
|
scope: [:clearance, :controllers, :passwords],
|
@@ -88,20 +94,6 @@ class Clearance::PasswordsController < Clearance::BaseController
|
|
88
94
|
default: t('flashes.failure_after_update'))
|
89
95
|
end
|
90
96
|
|
91
|
-
def forbid_missing_token
|
92
|
-
if params[:token].to_s.blank?
|
93
|
-
flash_failure_when_forbidden
|
94
|
-
render template: 'passwords/new'
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
98
|
-
def forbid_non_existent_user
|
99
|
-
unless find_user_by_id_and_confirmation_token
|
100
|
-
flash_failure_when_forbidden
|
101
|
-
render template: 'passwords/new'
|
102
|
-
end
|
103
|
-
end
|
104
|
-
|
105
97
|
def url_after_create
|
106
98
|
sign_in_url
|
107
99
|
end
|
@@ -48,8 +48,8 @@ module Clearance
|
|
48
48
|
attr_accessor :mailer_sender
|
49
49
|
|
50
50
|
# The password strategy to use when authenticating and setting passwords.
|
51
|
-
# Defaults to
|
52
|
-
# @return [
|
51
|
+
# Defaults to {Clearance::PasswordStrategies::BCrypt}.
|
52
|
+
# @return [Module #authenticated? #password=]
|
53
53
|
attr_accessor :password_strategy
|
54
54
|
|
55
55
|
# The default path Clearance will redirect signed in users to.
|
@@ -1,5 +1,22 @@
|
|
1
1
|
module Clearance
|
2
2
|
module Constraints
|
3
|
+
# Can be applied to make a set of routes visible only to users that are
|
4
|
+
# signed in.
|
5
|
+
#
|
6
|
+
# # config/routes.rb
|
7
|
+
# constraints Clearance::Constraints::SignedIn.new do
|
8
|
+
# resources :posts
|
9
|
+
# end
|
10
|
+
#
|
11
|
+
# In the example above, requests to `/posts` from users that are not signed
|
12
|
+
# in will result in a 404. You can make additional assertions about the user
|
13
|
+
# by passing a block. For instance, if you want to require that the
|
14
|
+
# signed-in user be an admin:
|
15
|
+
#
|
16
|
+
# # config/routes.rb
|
17
|
+
# constraints Clearance::Constraints::SignedIn.new { |user| user.admin? } do
|
18
|
+
# resources :posts
|
19
|
+
# end
|
3
20
|
class SignedIn
|
4
21
|
def initialize(&block)
|
5
22
|
@block = block || lambda { |user| true }
|
@@ -1,5 +1,15 @@
|
|
1
1
|
module Clearance
|
2
2
|
module Constraints
|
3
|
+
# Can be applied to make a set of routes visible only to users that are
|
4
|
+
# signed out.
|
5
|
+
#
|
6
|
+
# # config/routes.rb
|
7
|
+
# constraints Clearance::Constraints::SignedOut.new do
|
8
|
+
# resources :registrations, only: [:new, :create]
|
9
|
+
# end
|
10
|
+
#
|
11
|
+
# In the example above, requests to `/registrations/new` from users that are
|
12
|
+
# signed in will result in a 404.
|
3
13
|
class SignedOut
|
4
14
|
def matches?(request)
|
5
15
|
@request = request
|
@@ -1,4 +1,17 @@
|
|
1
1
|
module Clearance
|
2
|
+
# Control how users are authenticated and how passwords are stored.
|
3
|
+
#
|
4
|
+
# The default password strategy is {Clearance::PasswordStrategies::BCrypt},
|
5
|
+
# but this can be overridden in {Clearance::Configuration}.
|
6
|
+
#
|
7
|
+
# You can supply your own password strategy by implementing a module that
|
8
|
+
# responds to the proper interface methods. Once this module is configured as
|
9
|
+
# your password strategy, Clearance will mix it into your Clearance User
|
10
|
+
# class. Thus, your module can access any methods or attributes on User.
|
11
|
+
#
|
12
|
+
# Password strategies need to respond to `authenticated?(password)` and
|
13
|
+
# `password=(new_password)`. For an example of how to implement these methods,
|
14
|
+
# see {Clearance::PasswordStrategies::BCrypt}.
|
2
15
|
module PasswordStrategies
|
3
16
|
autoload :BCrypt, 'clearance/password_strategies/bcrypt'
|
4
17
|
autoload :BCryptMigrationFromSHA1,
|
@@ -1,5 +1,11 @@
|
|
1
1
|
module Clearance
|
2
2
|
module PasswordStrategies
|
3
|
+
# Uses BCrypt to authenticate users and store encrypted passwords.
|
4
|
+
#
|
5
|
+
# The BCrypt cost (the measure of how many key expansion iterations BCrypt
|
6
|
+
# will perform) is automatically set to the minimum allowed value when
|
7
|
+
# Rails is operating in the test environment and the default cost in all
|
8
|
+
# other envionments. This provides a speed boost in tests.
|
3
9
|
module BCrypt
|
4
10
|
require 'bcrypt'
|
5
11
|
|
@@ -1,5 +1,6 @@
|
|
1
1
|
module Clearance
|
2
2
|
module PasswordStrategies
|
3
|
+
# @deprecated Use {BCrypt} or `clearance-deprecated_password_strategies` gem
|
3
4
|
module BCryptMigrationFromSHA1
|
4
5
|
DEPRECATION_MESSAGE = "[DEPRECATION] The BCryptMigrationFromSha1 " \
|
5
6
|
"password strategy has been deprecated and will be removed from " \
|
@@ -3,6 +3,7 @@ require 'base64'
|
|
3
3
|
|
4
4
|
module Clearance
|
5
5
|
module PasswordStrategies
|
6
|
+
# @deprecated Use {BCrypt} or `clearance-deprecated_password_strategies` gem
|
6
7
|
module Blowfish
|
7
8
|
DEPRECATION_MESSAGE = "[DEPRECATION] The Blowfish password strategy " \
|
8
9
|
"has been deprecated and will be removed from Clearance 2.0. BCrypt " \
|
data/lib/clearance/rspec.rb
CHANGED
@@ -1,8 +1,19 @@
|
|
1
|
-
require
|
2
|
-
require
|
3
|
-
require
|
1
|
+
require "rspec/rails"
|
2
|
+
require "clearance/testing/deny_access_matcher"
|
3
|
+
require "clearance/testing/controller_helpers"
|
4
|
+
require "clearance/testing/view_helpers"
|
4
5
|
|
5
6
|
RSpec.configure do |config|
|
6
7
|
config.include Clearance::Testing::Matchers, type: :controller
|
7
|
-
config.include Clearance::Testing::
|
8
|
+
config.include Clearance::Testing::ControllerHelpers, type: :controller
|
9
|
+
config.include Clearance::Testing::ViewHelpers, type: :view
|
10
|
+
config.include Clearance::Testing::ViewHelpers, type: :helper
|
11
|
+
|
12
|
+
config.before(:each, type: :view) do
|
13
|
+
view.extend Clearance::Testing::ViewHelpers::CurrentUser
|
14
|
+
end
|
15
|
+
|
16
|
+
config.before(:each, type: :helper) do
|
17
|
+
view.extend Clearance::Testing::ViewHelpers::CurrentUser
|
18
|
+
end
|
8
19
|
end
|
data/lib/clearance/session.rb
CHANGED
data/lib/clearance/test_unit.rb
CHANGED
@@ -1,8 +1,8 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "clearance/testing/deny_access_matcher"
|
2
|
+
require "clearance/testing/controller_helpers"
|
3
3
|
|
4
4
|
ActionController::TestCase.extend Clearance::Testing::Matchers
|
5
5
|
|
6
6
|
class ActionController::TestCase
|
7
|
-
include Clearance::Testing::
|
7
|
+
include Clearance::Testing::ControllerHelpers
|
8
8
|
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
module Clearance
|
2
|
+
module Testing
|
3
|
+
module ControllerHelpers
|
4
|
+
# @private
|
5
|
+
def setup_controller_request_and_response
|
6
|
+
super
|
7
|
+
@request.env[:clearance] = Clearance::Session.new(@request.env)
|
8
|
+
end
|
9
|
+
|
10
|
+
# Signs in a user that is created using FactoryGirl.
|
11
|
+
# The factory name is derrived from your `user_class` Clearance
|
12
|
+
# configuration.
|
13
|
+
# @raise [RuntimeError] if FactoryGirl is not defined.
|
14
|
+
def sign_in
|
15
|
+
unless defined?(FactoryGirl)
|
16
|
+
raise("Clearance's `sign_in` helper requires factory_girl")
|
17
|
+
end
|
18
|
+
|
19
|
+
factory = Clearance.configuration.user_model.to_s.underscore.to_sym
|
20
|
+
sign_in_as FactoryGirl.create(factory)
|
21
|
+
end
|
22
|
+
|
23
|
+
# Signs in the provided user.
|
24
|
+
def sign_in_as(user)
|
25
|
+
@controller.sign_in user
|
26
|
+
user
|
27
|
+
end
|
28
|
+
|
29
|
+
# Signs out a user that may be signed in.
|
30
|
+
def sign_out
|
31
|
+
@controller.sign_out
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -1,31 +1,15 @@
|
|
1
|
+
require "clerance/testing/controller_helpers"
|
2
|
+
|
1
3
|
module Clearance
|
2
4
|
module Testing
|
5
|
+
# @deprecated Use Clearance::Testing::ControllerHelpers
|
3
6
|
module Helpers
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
unless defined?(FactoryGirl)
|
11
|
-
raise(
|
12
|
-
RuntimeError,
|
13
|
-
"Clearance's `sign_in` helper requires factory_girl"
|
14
|
-
)
|
15
|
-
end
|
16
|
-
|
17
|
-
factory = Clearance.configuration.user_model.to_s.underscore.to_sym
|
18
|
-
sign_in_as FactoryGirl.create(factory)
|
19
|
-
end
|
20
|
-
|
21
|
-
def sign_in_as(user)
|
22
|
-
@controller.sign_in user
|
23
|
-
user
|
24
|
-
end
|
25
|
-
|
26
|
-
def sign_out
|
27
|
-
@controller.sign_out
|
28
|
-
end
|
7
|
+
warn(
|
8
|
+
"#{Kernel.caller.first} [DEPRECATION] Clearance::Testing::Helpers is "\
|
9
|
+
"deprecated and has been replaced with " \
|
10
|
+
"Clearance::Testing::ControllerHelpers. Require " \
|
11
|
+
"clearance/testing/controller_helpers instead."
|
12
|
+
)
|
29
13
|
end
|
30
14
|
end
|
31
15
|
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module Clearance
|
2
|
+
module Testing
|
3
|
+
# Provides helpers to your view and helper specs.
|
4
|
+
# Using these helpers makes `current_user`, `signed_in?` and `signed_out?`
|
5
|
+
# behave properly in view and helper specs.
|
6
|
+
module ViewHelpers
|
7
|
+
# Sets current_user on the view under test to a new instance of your user
|
8
|
+
# model.
|
9
|
+
def sign_in
|
10
|
+
view.current_user = Clearance.configuration.user_model.new
|
11
|
+
end
|
12
|
+
|
13
|
+
# Sets current_user on the view under test to the supplied user.
|
14
|
+
def sign_in_as(user)
|
15
|
+
view.current_user = user
|
16
|
+
end
|
17
|
+
|
18
|
+
# @private
|
19
|
+
module CurrentUser
|
20
|
+
attr_accessor :current_user
|
21
|
+
|
22
|
+
def signed_in?
|
23
|
+
current_user.present?
|
24
|
+
end
|
25
|
+
|
26
|
+
def signed_out?
|
27
|
+
!signed_in?
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
data/lib/clearance/version.rb
CHANGED
@@ -1,14 +1,13 @@
|
|
1
1
|
class CreateUsers < ActiveRecord::Migration
|
2
2
|
def change
|
3
|
-
create_table :users
|
3
|
+
create_table :users do |t|
|
4
4
|
t.timestamps null: false
|
5
5
|
t.string :email, null: false
|
6
6
|
t.string :encrypted_password, limit: 128, null: false
|
7
7
|
t.string :confirmation_token, limit: 128
|
8
8
|
t.string :remember_token, limit: 128, null: false
|
9
|
+
t.index :email
|
10
|
+
t.index :remember_token
|
9
11
|
end
|
10
|
-
|
11
|
-
add_index :users, :email
|
12
|
-
add_index :users, :remember_token
|
13
12
|
end
|
14
13
|
end
|
@@ -9,6 +9,14 @@ module Clearance
|
|
9
9
|
route(clearance_routes)
|
10
10
|
end
|
11
11
|
|
12
|
+
def disable_clearance_internal_routes
|
13
|
+
inject_into_file(
|
14
|
+
"config/initializers/clearance.rb",
|
15
|
+
" config.routes = false\n",
|
16
|
+
after: "Clearance.configure do |config|\n",
|
17
|
+
)
|
18
|
+
end
|
19
|
+
|
12
20
|
private
|
13
21
|
|
14
22
|
def clearance_routes
|
@@ -1,12 +1,12 @@
|
|
1
|
-
resources :passwords, controller:
|
2
|
-
|
1
|
+
resources :passwords, controller: "clearance/passwords", only: [:create, :new]
|
2
|
+
resource :session, controller: "clearance/sessions", only: [:create]
|
3
3
|
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
4
|
+
resources :users, controller: "clearance/users", only: [:create] do
|
5
|
+
resource :password,
|
6
|
+
controller: "clearance/passwords",
|
7
|
+
only: [:create, :edit, :update]
|
8
|
+
end
|
9
9
|
|
10
|
-
|
11
|
-
|
12
|
-
|
10
|
+
get "/sign_in" => "clearance/sessions#new", as: "sign_in"
|
11
|
+
delete "/sign_out" => "clearance/sessions#destroy", as: "sign_out"
|
12
|
+
get "/sign_up" => "clearance/users#new", as: "sign_up"
|
@@ -69,7 +69,10 @@ describe "Clearance Installation" do
|
|
69
69
|
silencer = ""
|
70
70
|
end
|
71
71
|
|
72
|
-
return_value =
|
72
|
+
return_value = Bundler.with_clean_env do
|
73
|
+
system("#{command} #{silencer}")
|
74
|
+
end
|
75
|
+
|
73
76
|
expect(return_value).to eq true
|
74
77
|
end
|
75
78
|
end
|
@@ -1,8 +1,8 @@
|
|
1
|
-
require
|
1
|
+
require "spec_helper"
|
2
2
|
|
3
|
-
describe Clearance::Testing::
|
3
|
+
describe Clearance::Testing::ControllerHelpers do
|
4
4
|
class TestClass
|
5
|
-
include Clearance::Testing::
|
5
|
+
include Clearance::Testing::ControllerHelpers
|
6
6
|
|
7
7
|
def initialize
|
8
8
|
@controller = Controller.new
|
@@ -13,8 +13,8 @@ describe Clearance::Testing::Helpers do
|
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
16
|
-
describe
|
17
|
-
it
|
16
|
+
describe "#sign_in" do
|
17
|
+
it "creates an instance of the clearance user model with FactoryGirl" do
|
18
18
|
MyUserModel = Class.new
|
19
19
|
allow(FactoryGirl).to receive(:create)
|
20
20
|
allow(Clearance.configuration).to receive(:user_model).
|
@@ -26,8 +26,8 @@ describe Clearance::Testing::Helpers do
|
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
29
|
-
describe
|
30
|
-
it
|
29
|
+
describe "#sign_in_as" do
|
30
|
+
it "returns the user if signed in successfully" do
|
31
31
|
user = build(:user)
|
32
32
|
|
33
33
|
returned_user = TestClass.new.sign_in_as user
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe Clearance::Testing::ViewHelpers do
|
4
|
+
describe "#sign_in" do
|
5
|
+
it "sets the signed in user to a new user object" do
|
6
|
+
user_model = Class.new
|
7
|
+
allow(Clearance.configuration).to receive(:user_model).
|
8
|
+
and_return(user_model)
|
9
|
+
|
10
|
+
view = test_view_class.new
|
11
|
+
view.sign_in
|
12
|
+
|
13
|
+
expect(view.current_user).to be_an_instance_of(user_model)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
describe "#sign_in_as" do
|
18
|
+
it "sets the signed in user to the object provided" do
|
19
|
+
user = double("User")
|
20
|
+
|
21
|
+
view = test_view_class.new
|
22
|
+
view.sign_in_as(user)
|
23
|
+
|
24
|
+
expect(view.current_user).to eq user
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_view_class
|
29
|
+
Class.new do
|
30
|
+
include Clearance::Testing::ViewHelpers
|
31
|
+
|
32
|
+
def view
|
33
|
+
@view ||= extend Clearance::Testing::ViewHelpers::CurrentUser
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -101,16 +101,6 @@ describe Clearance::PasswordsController do
|
|
101
101
|
expect(user.reload.encrypted_password).not_to eq old_encrypted_password
|
102
102
|
end
|
103
103
|
|
104
|
-
it "sets the remember token and clears the confirmation token" do
|
105
|
-
user = create(:user, :with_forgotten_password)
|
106
|
-
|
107
|
-
put :update, update_parameters(user, new_password: "my_new_password")
|
108
|
-
|
109
|
-
user.reload
|
110
|
-
expect(user.remember_token).not_to be_nil
|
111
|
-
expect(user.confirmation_token).to be_nil
|
112
|
-
end
|
113
|
-
|
114
104
|
it "signs the user in and redirects" do
|
115
105
|
user = create(:user, :with_forgotten_password)
|
116
106
|
|
@@ -121,7 +111,7 @@ describe Clearance::PasswordsController do
|
|
121
111
|
end
|
122
112
|
end
|
123
113
|
|
124
|
-
context "
|
114
|
+
context "password update fails" do
|
125
115
|
it "does not update the password" do
|
126
116
|
user = create(:user, :with_forgotten_password)
|
127
117
|
old_encrypted_password = user.encrypted_password
|
@@ -4,14 +4,18 @@ require "generators/clearance/routes/routes_generator"
|
|
4
4
|
describe Clearance::Generators::RoutesGenerator, :generator do
|
5
5
|
it "adds clearance routes to host application routes" do
|
6
6
|
provide_existing_routes_file
|
7
|
+
provide_existing_initializer
|
7
8
|
|
8
9
|
routes = file("config/routes.rb")
|
10
|
+
initializer = file("config/initializers/clearance.rb")
|
9
11
|
|
10
12
|
run_generator
|
11
13
|
|
14
|
+
expect(initializer).to have_correct_syntax
|
15
|
+
expect(initializer).to contain("config.routes = false")
|
12
16
|
expect(routes).to have_correct_syntax
|
13
17
|
expect(routes).to contain(
|
14
|
-
|
18
|
+
'get "/sign_in" => "clearance/sessions#new", as: "sign_in"'
|
15
19
|
)
|
16
20
|
end
|
17
21
|
end
|
@@ -9,6 +9,10 @@ module GeneratorSpecHelpers
|
|
9
9
|
copy_to_generator_root("config", "routes.rb")
|
10
10
|
end
|
11
11
|
|
12
|
+
def provide_existing_initializer
|
13
|
+
copy_to_generator_root("config/initializers", "clearance.rb")
|
14
|
+
end
|
15
|
+
|
12
16
|
def provide_existing_application_controller
|
13
17
|
copy_to_generator_root("app/controllers", "application_controller.rb")
|
14
18
|
end
|
data/spec/user_spec.rb
CHANGED
@@ -85,6 +85,15 @@ describe User do
|
|
85
85
|
|
86
86
|
expect(user.confirmation_token).to be_nil
|
87
87
|
end
|
88
|
+
|
89
|
+
it "sets the remember token" do
|
90
|
+
user = create(:user, :with_forgotten_password)
|
91
|
+
|
92
|
+
user.update_password("my_new_password")
|
93
|
+
|
94
|
+
user.reload
|
95
|
+
expect(user.remember_token).not_to be_nil
|
96
|
+
end
|
88
97
|
end
|
89
98
|
|
90
99
|
context "with blank password" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: clearance
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dan Croak
|
@@ -25,7 +25,7 @@ authors:
|
|
25
25
|
autorequire:
|
26
26
|
bindir: bin
|
27
27
|
cert_chain: []
|
28
|
-
date: 2015-
|
28
|
+
date: 2015-08-21 00:00:00.000000000 Z
|
29
29
|
dependencies:
|
30
30
|
- !ruby/object:Gem::Dependency
|
31
31
|
name: bcrypt
|
@@ -139,8 +139,10 @@ files:
|
|
139
139
|
- lib/clearance/sign_in_guard.rb
|
140
140
|
- lib/clearance/test_unit.rb
|
141
141
|
- lib/clearance/testing.rb
|
142
|
+
- lib/clearance/testing/controller_helpers.rb
|
142
143
|
- lib/clearance/testing/deny_access_matcher.rb
|
143
144
|
- lib/clearance/testing/helpers.rb
|
145
|
+
- lib/clearance/testing/view_helpers.rb
|
144
146
|
- lib/clearance/token.rb
|
145
147
|
- lib/clearance/user.rb
|
146
148
|
- lib/clearance/version.rb
|
@@ -167,6 +169,7 @@ files:
|
|
167
169
|
- spec/acceptance/clearance_installation_spec.rb
|
168
170
|
- spec/app_templates/app/controllers/application_controller.rb
|
169
171
|
- spec/app_templates/app/models/user.rb
|
172
|
+
- spec/app_templates/config/initializers/clearance.rb
|
170
173
|
- spec/app_templates/config/routes.rb
|
171
174
|
- spec/app_templates/testapp/Gemfile
|
172
175
|
- spec/app_templates/testapp/app/controllers/home_controller.rb
|
@@ -180,7 +183,8 @@ files:
|
|
180
183
|
- spec/clearance/rack_session_spec.rb
|
181
184
|
- spec/clearance/session_spec.rb
|
182
185
|
- spec/clearance/sign_in_guard_spec.rb
|
183
|
-
- spec/clearance/testing/
|
186
|
+
- spec/clearance/testing/controller_helpers_spec.rb
|
187
|
+
- spec/clearance/testing/view_helpers_spec.rb
|
184
188
|
- spec/clearance/token_spec.rb
|
185
189
|
- spec/configuration_spec.rb
|
186
190
|
- spec/controllers/apis_controller_spec.rb
|
@@ -200,6 +204,7 @@ files:
|
|
200
204
|
- spec/generators/clearance/routes/routes_generator_spec.rb
|
201
205
|
- spec/generators/clearance/specs/specs_generator_spec.rb
|
202
206
|
- spec/generators/clearance/views/views_generator_spec.rb
|
207
|
+
- spec/helpers/helper_helpers_spec.rb
|
203
208
|
- spec/mailers/clearance_mailer_spec.rb
|
204
209
|
- spec/password_strategies/bcrypt_migration_from_sha1_spec.rb
|
205
210
|
- spec/password_strategies/bcrypt_spec.rb
|
@@ -215,6 +220,7 @@ files:
|
|
215
220
|
- spec/support/generator_spec_helpers.rb
|
216
221
|
- spec/support/request_with_remember_token.rb
|
217
222
|
- spec/user_spec.rb
|
223
|
+
- spec/views/view_helpers_spec.rb
|
218
224
|
homepage: http://github.com/thoughtbot/clearance
|
219
225
|
licenses:
|
220
226
|
- MIT
|