clearance 1.11.0 → 1.12.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of clearance might be problematic. Click here for more details.

Files changed (37) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +2 -2
  3. data/.yardopts +3 -0
  4. data/Gemfile.lock +60 -60
  5. data/NEWS.md +17 -0
  6. data/config/locales/clearance.en.yml +1 -0
  7. data/lib/clearance/authentication.rb +49 -0
  8. data/lib/clearance/authorization.rb +44 -1
  9. data/lib/clearance/back_door.rb +1 -0
  10. data/lib/clearance/configuration.rb +2 -1
  11. data/lib/clearance/constraints.rb +12 -0
  12. data/lib/clearance/constraints/signed_in.rb +4 -0
  13. data/lib/clearance/constraints/signed_out.rb +2 -0
  14. data/lib/clearance/controller.rb +13 -0
  15. data/lib/clearance/default_sign_in_guard.rb +17 -0
  16. data/lib/clearance/engine.rb +16 -0
  17. data/lib/clearance/password_strategies/bcrypt.rb +3 -2
  18. data/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb +9 -0
  19. data/lib/clearance/password_strategies/blowfish.rb +8 -0
  20. data/lib/clearance/password_strategies/sha1.rb +8 -0
  21. data/lib/clearance/rack_session.rb +13 -0
  22. data/lib/clearance/session.rb +45 -0
  23. data/lib/clearance/session_status.rb +7 -0
  24. data/lib/clearance/sign_in_guard.rb +65 -0
  25. data/lib/clearance/testing/controller_helpers.rb +10 -1
  26. data/lib/clearance/testing/deny_access_matcher.rb +30 -0
  27. data/lib/clearance/testing/view_helpers.rb +1 -1
  28. data/lib/clearance/token.rb +7 -0
  29. data/lib/clearance/user.rb +159 -0
  30. data/lib/clearance/version.rb +1 -1
  31. data/lib/generators/clearance/install/install_generator.rb +1 -1
  32. data/lib/generators/clearance/routes/routes_generator.rb +15 -0
  33. data/lib/generators/clearance/routes/templates/routes.rb +10 -10
  34. data/lib/generators/clearance/specs/templates/features/clearance/visitor_resets_password_spec.rb.tt +1 -1
  35. data/spec/acceptance/clearance_installation_spec.rb +2 -1
  36. data/spec/controllers/permissions_controller_spec.rb +6 -0
  37. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 6a5021a3a8f7df39932a7292ca2fe1c4156208c3
4
- data.tar.gz: 9b3370145ee988d6d3454caf60b40726b41aa891
3
+ metadata.gz: 4f19deed642e596906454bdc24af4a8a130f0da6
4
+ data.tar.gz: f0424abac9bb5dfd7a5fca4bca85896ab639931c
5
5
  SHA512:
6
- metadata.gz: 652f59e34e1b09d920c078c61bf3ebdecf6bb7d076b76b2af8318feb5661696e820bb4b6cf0a79958b05ec13295ea935a417de4eddb8a9d3c2bbf624fd832df3
7
- data.tar.gz: 07178616436a36b4572dc24501aba0b75361cf080847d5f2382459fa1bc5d917a14f003e53843febe6061f93f8f8d9dd9968249637c2f986ca5cd5bb3d176208
6
+ metadata.gz: 3fc54c3cc46fbecb48a627487c34047c3212e85f3831f4db9589c5d1c6da793d217b9cbda2f4fae71a0db37baf3bc5cd7203b11b7b34c9d69cfb1eb4fbac6bda
7
+ data.tar.gz: 887f7bf44074ef55c242c90c537c0855e5ef5790c88fece43c2067cd89007f76ab3dbf1c56b108961086605823b0c2345079158f131f66027f144cbee614ca47
@@ -6,8 +6,8 @@ language:
6
6
  rvm:
7
7
  - 1.9.3
8
8
  - 2.0.0
9
- - 2.1.6
10
- - 2.2.2
9
+ - 2.1.7
10
+ - 2.2.3
11
11
 
12
12
  install:
13
13
  - "travis_retry bin/setup"
data/.yardopts CHANGED
@@ -1,3 +1,6 @@
1
+ --protected
2
+ --private
3
+ --hide-api private
1
4
  --exclude templates
2
5
  --markup markdown
3
6
  --markup-provider redcarpet
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- clearance (1.11.0)
4
+ clearance (1.12.0)
5
5
  bcrypt
6
6
  email_validator (~> 1.4)
7
7
  rails (>= 3.1)
@@ -9,42 +9,42 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- actionmailer (4.2.1)
13
- actionpack (= 4.2.1)
14
- actionview (= 4.2.1)
15
- activejob (= 4.2.1)
12
+ actionmailer (4.2.5)
13
+ actionpack (= 4.2.5)
14
+ actionview (= 4.2.5)
15
+ activejob (= 4.2.5)
16
16
  mail (~> 2.5, >= 2.5.4)
17
17
  rails-dom-testing (~> 1.0, >= 1.0.5)
18
- actionpack (4.2.1)
19
- actionview (= 4.2.1)
20
- activesupport (= 4.2.1)
18
+ actionpack (4.2.5)
19
+ actionview (= 4.2.5)
20
+ activesupport (= 4.2.5)
21
21
  rack (~> 1.6)
22
22
  rack-test (~> 0.6.2)
23
23
  rails-dom-testing (~> 1.0, >= 1.0.5)
24
- rails-html-sanitizer (~> 1.0, >= 1.0.1)
25
- actionview (4.2.1)
26
- activesupport (= 4.2.1)
24
+ rails-html-sanitizer (~> 1.0, >= 1.0.2)
25
+ actionview (4.2.5)
26
+ activesupport (= 4.2.5)
27
27
  builder (~> 3.1)
28
28
  erubis (~> 2.7.0)
29
29
  rails-dom-testing (~> 1.0, >= 1.0.5)
30
- rails-html-sanitizer (~> 1.0, >= 1.0.1)
31
- activejob (4.2.1)
32
- activesupport (= 4.2.1)
30
+ rails-html-sanitizer (~> 1.0, >= 1.0.2)
31
+ activejob (4.2.5)
32
+ activesupport (= 4.2.5)
33
33
  globalid (>= 0.3.0)
34
- activemodel (4.2.1)
35
- activesupport (= 4.2.1)
34
+ activemodel (4.2.5)
35
+ activesupport (= 4.2.5)
36
36
  builder (~> 3.1)
37
- activerecord (4.2.1)
38
- activemodel (= 4.2.1)
39
- activesupport (= 4.2.1)
37
+ activerecord (4.2.5)
38
+ activemodel (= 4.2.5)
39
+ activesupport (= 4.2.5)
40
40
  arel (~> 6.0)
41
- activesupport (4.2.1)
41
+ activesupport (4.2.5)
42
42
  i18n (~> 0.7)
43
43
  json (~> 1.7, >= 1.7.7)
44
44
  minitest (~> 5.1)
45
45
  thread_safe (~> 0.3, >= 0.3.4)
46
46
  tzinfo (~> 1.1)
47
- ammeter (1.1.2)
47
+ ammeter (1.1.3)
48
48
  activesupport (>= 3.0)
49
49
  railties (>= 3.0)
50
50
  rspec-rails (>= 2.2)
@@ -55,14 +55,14 @@ GEM
55
55
  arel (6.0.3)
56
56
  bcrypt (3.1.10)
57
57
  builder (3.2.2)
58
- capybara (2.4.4)
58
+ capybara (2.5.0)
59
59
  mime-types (>= 1.16)
60
60
  nokogiri (>= 1.3.3)
61
61
  rack (>= 1.0.0)
62
62
  rack-test (>= 0.5.4)
63
63
  xpath (~> 2.0)
64
64
  coderay (1.1.0)
65
- database_cleaner (1.4.1)
65
+ database_cleaner (1.5.1)
66
66
  diff-lcs (1.2.5)
67
67
  email_validator (1.6.0)
68
68
  activemodel
@@ -76,78 +76,78 @@ GEM
76
76
  activesupport (>= 4.1.0)
77
77
  i18n (0.7.0)
78
78
  json (1.8.3)
79
- loofah (2.0.2)
79
+ loofah (2.0.3)
80
80
  nokogiri (>= 1.5.9)
81
81
  mail (2.6.3)
82
82
  mime-types (>= 1.16, < 3)
83
83
  method_source (0.8.2)
84
- mime-types (2.6.1)
84
+ mime-types (2.6.2)
85
85
  mini_portile (0.6.2)
86
- minitest (5.7.0)
87
- nokogiri (1.6.6.2)
86
+ minitest (5.8.3)
87
+ nokogiri (1.6.6.3)
88
88
  mini_portile (~> 0.6.0)
89
- pry (0.10.1)
89
+ pry (0.10.3)
90
90
  coderay (~> 1.1.0)
91
91
  method_source (~> 0.8.1)
92
92
  slop (~> 3.4)
93
- rack (1.6.1)
93
+ rack (1.6.4)
94
94
  rack-test (0.6.3)
95
95
  rack (>= 1.0)
96
- rails (4.2.1)
97
- actionmailer (= 4.2.1)
98
- actionpack (= 4.2.1)
99
- actionview (= 4.2.1)
100
- activejob (= 4.2.1)
101
- activemodel (= 4.2.1)
102
- activerecord (= 4.2.1)
103
- activesupport (= 4.2.1)
96
+ rails (4.2.5)
97
+ actionmailer (= 4.2.5)
98
+ actionpack (= 4.2.5)
99
+ actionview (= 4.2.5)
100
+ activejob (= 4.2.5)
101
+ activemodel (= 4.2.5)
102
+ activerecord (= 4.2.5)
103
+ activesupport (= 4.2.5)
104
104
  bundler (>= 1.3.0, < 2.0)
105
- railties (= 4.2.1)
105
+ railties (= 4.2.5)
106
106
  sprockets-rails
107
107
  rails-deprecated_sanitizer (1.0.3)
108
108
  activesupport (>= 4.2.0.alpha)
109
- rails-dom-testing (1.0.6)
109
+ rails-dom-testing (1.0.7)
110
110
  activesupport (>= 4.2.0.beta, < 5.0)
111
111
  nokogiri (~> 1.6.0)
112
112
  rails-deprecated_sanitizer (>= 1.0.1)
113
113
  rails-html-sanitizer (1.0.2)
114
114
  loofah (~> 2.0)
115
- railties (4.2.1)
116
- actionpack (= 4.2.1)
117
- activesupport (= 4.2.1)
115
+ railties (4.2.5)
116
+ actionpack (= 4.2.5)
117
+ activesupport (= 4.2.5)
118
118
  rake (>= 0.8.7)
119
119
  thor (>= 0.18.1, < 2.0)
120
120
  rake (10.4.2)
121
- rspec-core (3.3.0)
122
- rspec-support (~> 3.3.0)
123
- rspec-expectations (3.3.0)
121
+ rspec-core (3.4.0)
122
+ rspec-support (~> 3.4.0)
123
+ rspec-expectations (3.4.0)
124
124
  diff-lcs (>= 1.2.0, < 2.0)
125
- rspec-support (~> 3.3.0)
126
- rspec-mocks (3.3.0)
125
+ rspec-support (~> 3.4.0)
126
+ rspec-mocks (3.4.0)
127
127
  diff-lcs (>= 1.2.0, < 2.0)
128
- rspec-support (~> 3.3.0)
129
- rspec-rails (3.3.0)
128
+ rspec-support (~> 3.4.0)
129
+ rspec-rails (3.4.0)
130
130
  actionpack (>= 3.0, < 4.3)
131
131
  activesupport (>= 3.0, < 4.3)
132
132
  railties (>= 3.0, < 4.3)
133
- rspec-core (~> 3.3.0)
134
- rspec-expectations (~> 3.3.0)
135
- rspec-mocks (~> 3.3.0)
136
- rspec-support (~> 3.3.0)
137
- rspec-support (3.3.0)
133
+ rspec-core (~> 3.4.0)
134
+ rspec-expectations (~> 3.4.0)
135
+ rspec-mocks (~> 3.4.0)
136
+ rspec-support (~> 3.4.0)
137
+ rspec-support (3.4.0)
138
138
  shoulda-matchers (2.8.0)
139
139
  activesupport (>= 3.0.0)
140
140
  slop (3.6.0)
141
- sprockets (3.2.0)
142
- rack (~> 1.0)
143
- sprockets-rails (2.3.2)
141
+ sprockets (3.4.0)
142
+ rack (> 1, < 3)
143
+ sprockets-rails (2.3.3)
144
144
  actionpack (>= 3.0)
145
145
  activesupport (>= 3.0)
146
146
  sprockets (>= 2.8, < 4.0)
147
- sqlite3 (1.3.10)
147
+ sqlite3 (1.3.11)
148
148
  thor (0.19.1)
149
149
  thread_safe (0.3.5)
150
- timecop (0.7.4)
150
+ timecop (0.8.0)
151
151
  tzinfo (1.2.2)
152
152
  thread_safe (~> 0.1)
153
153
  xpath (2.0.0)
@@ -171,4 +171,4 @@ DEPENDENCIES
171
171
  timecop (~> 0.6)
172
172
 
173
173
  BUNDLED WITH
174
- 1.10.5
174
+ 1.10.6
data/NEWS.md CHANGED
@@ -3,6 +3,23 @@
3
3
  The noteworthy changes for each Clearance version are included here. For a
4
4
  complete changelog, see the git history for each version via the version links.
5
5
 
6
+ ## [1.12.0] - November 17, 2015
7
+
8
+ ### Added
9
+ - Users will now see a flash message when redirected to sign in by
10
+ `require_login`. This I18n key for this message is
11
+ `flashes.failure_when_not_signed_in` and defaults to "Please sign in to
12
+ continue".
13
+ - Added significant API documentation. API documentation effort is ongoing.
14
+
15
+ ### Fixed
16
+ - Fixed expectation in the generated `visitor_resets_password_spec.rb` file.
17
+ - Corrected indentation of routes inserted by the routes generator.
18
+ - Corrected indentation of `include Clearance::User` when the install generator
19
+ adds it to an existing user class.
20
+
21
+ [1.12.0]: https://github.com/thoughtbot/clearance/compare/v1.11.0...v1.12.0
22
+
6
23
  ## [1.11.0] - August 21, 2015
7
24
 
8
25
  ### Added
@@ -12,6 +12,7 @@ en:
12
12
  failure_after_update: Password can't be blank.
13
13
  failure_when_forbidden: Please double check the URL or try submitting
14
14
  the form again.
15
+ failure_when_not_signed_in: Please sign in to continue.
15
16
  helpers:
16
17
  label:
17
18
  password:
@@ -16,40 +16,88 @@ module Clearance
16
16
  )
17
17
  end
18
18
 
19
+ # Authenticate a user with a provided email and password
20
+ # @param [ActionController::Parameters] params The parameters from the
21
+ # sign in form. `params[:session][:email]` and
22
+ # `params[:session][:password]` are required.
23
+ # @return [User, nil] The user or nil if authentication fails.
19
24
  def authenticate(params)
20
25
  Clearance.configuration.user_model.authenticate(
21
26
  params[:session][:email], params[:session][:password]
22
27
  )
23
28
  end
24
29
 
30
+ # Get the user from the current clearance session. Exposed as a
31
+ # `helper_method`, making it visible to views. Prefer {#signed_in?} or
32
+ # {#signed_out?} if you only want to check for the presence of a current
33
+ # user rather than access the actual user.
34
+ #
35
+ # @return [User, nil] The user if one is signed in or nil otherwise.
25
36
  def current_user
26
37
  clearance_session.current_user
27
38
  end
28
39
 
40
+ # @deprecated Use the {#sign_in} method instead.
29
41
  def current_user=(user)
30
42
  warn "#{Kernel.caller.first}: [DEPRECATION] " +
31
43
  'Assigning the current_user has been deprecated. Use the sign_in method instead.'
32
44
  clearance_session.sign_in user
33
45
  end
34
46
 
47
+ # Sign in the provided user.
48
+ # @param [User] user
49
+ #
50
+ # Signing in will run the stack of {Configuration#sign_in_guards}.
51
+ #
52
+ # You can provide a block to this method to handle the result of that stack.
53
+ # Your block will receive either a {SuccessStatus} or {FailureStatus}
54
+ #
55
+ # sign_in(user) do |status|
56
+ # if status.success?
57
+ # # ...
58
+ # else
59
+ # # ...
60
+ # end
61
+ # end
62
+ #
63
+ # For an example of how clearance uses this internally, see
64
+ # {SessionsController#create}.
35
65
  def sign_in(user, &block)
36
66
  clearance_session.sign_in user, &block
37
67
  end
38
68
 
69
+ # Destroy the current user's Clearance session.
70
+ # See {Session#sign_out} for specifics.
39
71
  def sign_out
40
72
  clearance_session.sign_out
41
73
  end
42
74
 
75
+ # True if there is a currently-signed-in user. Exposed as a `helper_method`,
76
+ # making it available to views.
77
+ #
78
+ # Using `signed_in?` is preferable to checking {#current_user} against nil
79
+ # as it will allow you to introduce a null user object more simply at a
80
+ # later date.
81
+ #
82
+ # @return [Boolean]
43
83
  def signed_in?
44
84
  clearance_session.signed_in?
45
85
  end
46
86
 
87
+ # True if there is no currently-signed-in user. Exposed as a
88
+ # `helper_method`, making it available to views.
89
+ #
90
+ # Usings `signed_out?` is preferable to checking for presence of
91
+ # {#current_user} as it will allow you to introduce a null user object more
92
+ # simply at a later date.
47
93
  def signed_out?
48
94
  !signed_in?
49
95
  end
50
96
 
51
97
  # CSRF protection in Rails >= 3.0.4
98
+ #
52
99
  # http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
100
+ # @private
53
101
  def handle_unverified_request
54
102
  super
55
103
  sign_out
@@ -57,6 +105,7 @@ module Clearance
57
105
 
58
106
  protected
59
107
 
108
+ # @api private
60
109
  def clearance_session
61
110
  request.env[:clearance]
62
111
  end
@@ -6,12 +6,24 @@ module Clearance
6
6
  hide_action :authorize, :deny_access, :require_login
7
7
  end
8
8
 
9
+ # Use as a `before_action` to require a user be signed in to proceed.
10
+ # {Authentication#signed_in?} is used to determine if there is a signed in
11
+ # user or not.
12
+ #
13
+ # class PostsController < ApplicationController
14
+ # before_action :require_login
15
+ #
16
+ # def index
17
+ # # ...
18
+ # end
19
+ # end
9
20
  def require_login
10
21
  unless signed_in?
11
- deny_access
22
+ deny_access(I18n.t("flashes.failure_when_not_signed_in"))
12
23
  end
13
24
  end
14
25
 
26
+ # @deprecated use {#require_login}
15
27
  def authorize
16
28
  warn "[DEPRECATION] Clearance's `authorize` before_filter is " +
17
29
  "deprecated. Use `require_login` instead. Be sure to update any " +
@@ -20,6 +32,23 @@ module Clearance
20
32
  require_login
21
33
  end
22
34
 
35
+ # Responds to unauthorized requests in a manner fitting the request format.
36
+ # `js`, `json`, and `xml` requests will receive a 401 with no body. All
37
+ # other formats will be redirected appropriately and can optionally have the
38
+ # flash message set.
39
+ #
40
+ # When redirecting, the originally requested url will be stored in the
41
+ # session (`session[:return_to]`), allowing it to be used as a redirect url
42
+ # once the user has successfully signed in.
43
+ #
44
+ # If there is a signed in user, the request will be redirected according to
45
+ # the value returned from {#url_after_denied_access_when_signed_in}.
46
+ #
47
+ # If there is no signed in user, the request will be redirected according to
48
+ # the value returned from {#url_after_denied_access_when_signed_out}.
49
+ # For the exact redirect behavior, see {#redirect_request}.
50
+ #
51
+ # @param [String] flash_message
23
52
  def deny_access(flash_message = nil)
24
53
  respond_to do |format|
25
54
  format.any(:js, :json, :xml) { head :unauthorized }
@@ -29,6 +58,7 @@ module Clearance
29
58
 
30
59
  protected
31
60
 
61
+ # @api private
32
62
  def redirect_request(flash_message)
33
63
  store_location
34
64
 
@@ -43,21 +73,25 @@ module Clearance
43
73
  end
44
74
  end
45
75
 
76
+ # @api private
46
77
  def clear_return_to
47
78
  session[:return_to] = nil
48
79
  end
49
80
 
81
+ # @api private
50
82
  def store_location
51
83
  if request.get?
52
84
  session[:return_to] = request.original_fullpath
53
85
  end
54
86
  end
55
87
 
88
+ # @api private
56
89
  def redirect_back_or(default)
57
90
  redirect_to(return_to || default)
58
91
  clear_return_to
59
92
  end
60
93
 
94
+ # @api private
61
95
  def return_to
62
96
  if return_to_url
63
97
  uri = URI.parse(return_to_url)
@@ -65,14 +99,23 @@ module Clearance
65
99
  end
66
100
  end
67
101
 
102
+ # @api private
68
103
  def return_to_url
69
104
  session[:return_to]
70
105
  end
71
106
 
107
+ # Used as the redirect location when {#deny_access} is called and there is a
108
+ # currently signed in user.
109
+ #
110
+ # @return [String]
72
111
  def url_after_denied_access_when_signed_in
73
112
  Clearance.configuration.redirect_url
74
113
  end
75
114
 
115
+ # Used as the redirect location when {#deny_access} is called and there is
116
+ # no currently signed in user.
117
+ #
118
+ # @return [String]
76
119
  def url_after_denied_access_when_signed_out
77
120
  sign_in_url
78
121
  end