clearance 1.16.0 → 1.16.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of clearance might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4600924513a7c46fd73ebf5028b704bbff640f50
4
- data.tar.gz: cb14d831486ab789f5a05e57787b3bcf7bd86be3
3
+ metadata.gz: c55f04f730c07adadee693dd2f707d07840e04ec
4
+ data.tar.gz: 87f6f73dd8258afb514ee7b0b2e6e7fde98d5c27
5
5
  SHA512:
6
- metadata.gz: a3badd570870c53b355ea9bbd915bfc283064fdbd06cc97947bd6b01bf514b2f8fa4395545d4b9487fb8c0cb3eaf0f5e86487abb227cdf36d09ef57d1d104dfa
7
- data.tar.gz: 61d3af42b4d82470966ad8b0f805ec656e6afb98f4c1ad5c0db5398f7b85e71a8c2f5bbb49cf838aff67e43255223791e9e86bc6741865e0b572bb5f0937899b
6
+ metadata.gz: 2084452e4def60daed56e01ccd543532f0073148dd58f6bc23da861e296985addd1e66d4ab44e30e519435cf7eba618e028de77ed7772cf3db6f91976f006ad1
7
+ data.tar.gz: 0c54e951be1f20610ca47a1184c0af2b9eec61180872e19fa51d2e1180ec84209f0b783ef1d0da34934c9f5e348eefd7f3138b3e1ece07c65e1705b7617c54a4
@@ -30,6 +30,10 @@ matrix:
30
30
  - rvm: 2.3.0
31
31
  gemfile: gemfiles/rails32.gemfile
32
32
 
33
+ before_install:
34
+ - gem update --system
35
+ - gem update bundler
36
+
33
37
  install:
34
38
  - "bin/setup"
35
39
 
data/Gemfile CHANGED
@@ -8,7 +8,7 @@ gem 'ammeter'
8
8
  gem 'bundler', '~> 1.3'
9
9
  gem 'capybara', '>= 2.6.2'
10
10
  gem 'database_cleaner', '~> 1.0'
11
- gem 'factory_girl_rails', '~> 4.2'
11
+ gem 'factory_bot_rails', '~> 4.8'
12
12
  gem 'nokogiri', '~> 1.6.8'
13
13
  gem 'rspec-rails', '~> 3.1'
14
14
  gem 'shoulda-matchers', '~> 2.8'
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- clearance (1.16.0)
4
+ clearance (1.16.1)
5
5
  bcrypt
6
6
  email_validator (~> 1.4)
7
7
  rails (>= 3.1)
@@ -64,29 +64,30 @@ GEM
64
64
  rack-test (>= 0.5.4)
65
65
  xpath (~> 2.0)
66
66
  coderay (1.1.1)
67
- concurrent-ruby (1.0.4)
67
+ concurrent-ruby (1.0.5)
68
68
  database_cleaner (1.5.3)
69
69
  diff-lcs (1.2.5)
70
70
  email_validator (1.6.0)
71
71
  activemodel
72
72
  erubis (2.7.0)
73
- factory_girl (4.7.0)
73
+ factory_bot (4.8.2)
74
74
  activesupport (>= 3.0.0)
75
- factory_girl_rails (4.7.0)
76
- factory_girl (~> 4.7.0)
75
+ factory_bot_rails (4.8.2)
76
+ factory_bot (~> 4.8.2)
77
77
  railties (>= 3.0.0)
78
- globalid (0.3.7)
79
- activesupport (>= 4.1.0)
78
+ globalid (0.4.1)
79
+ activesupport (>= 4.2.0)
80
80
  i18n (0.7.0)
81
81
  json (1.8.6)
82
82
  loofah (2.0.3)
83
83
  nokogiri (>= 1.5.9)
84
- mail (2.6.4)
85
- mime-types (>= 1.16, < 4)
84
+ mail (2.7.0)
85
+ mini_mime (>= 0.1.1)
86
86
  method_source (0.8.2)
87
87
  mime-types (3.1)
88
88
  mime-types-data (~> 3.2015)
89
89
  mime-types-data (3.2016.0521)
90
+ mini_mime (0.1.4)
90
91
  mini_portile2 (2.1.0)
91
92
  minitest (5.10.1)
92
93
  nokogiri (1.6.8.1)
@@ -146,7 +147,7 @@ GEM
146
147
  sprockets (3.7.1)
147
148
  concurrent-ruby (~> 1.0)
148
149
  rack (> 1, < 3)
149
- sprockets-rails (3.2.0)
150
+ sprockets-rails (3.2.1)
150
151
  actionpack (>= 4.0)
151
152
  activesupport (>= 4.0)
152
153
  sprockets (>= 3.0.0)
@@ -170,7 +171,7 @@ DEPENDENCIES
170
171
  capybara (>= 2.6.2)
171
172
  clearance!
172
173
  database_cleaner (~> 1.0)
173
- factory_girl_rails (~> 4.2)
174
+ factory_bot_rails (~> 4.8)
174
175
  nokogiri (~> 1.6.8)
175
176
  pry
176
177
  rspec-rails (~> 3.1)
@@ -179,4 +180,4 @@ DEPENDENCIES
179
180
  timecop (~> 0.6)
180
181
 
181
182
  BUNDLED WITH
182
- 1.10.6
183
+ 1.15.4
data/NEWS.md CHANGED
@@ -3,6 +3,20 @@
3
3
  The noteworthy changes for each Clearance version are included here. For a
4
4
  complete changelog, see the git history for each version via the version links.
5
5
 
6
+ ## [1.16.1] - November 2, 2017
7
+
8
+ ### Fixed
9
+ - Fixed issue where tokens from abandoned password reset attempts were stored in
10
+ the session, preventing newly generated password reset tokens from working.
11
+ - Improve compatibility with Rails API projects by calling `helper_method` only
12
+ when it is defined.
13
+ - URL fragment in server-set `session[:return_to]` values are preserved when
14
+ redirecting to the stored value.
15
+ - Eliminated deprecation in Clearance test helpers that were related to the
16
+ renaming of FactoryGirl to FactoryBot.
17
+
18
+ [1.16.1]: https://github.com/thoughtbot/clearance/compare/v1.16.0...v1.16.1
19
+
6
20
  ## [1.16.0] - January 16, 2017
7
21
 
8
22
  ### Security
data/README.md CHANGED
@@ -226,12 +226,14 @@ $ rails generate clearance:views
226
226
 
227
227
  By default, Clearance uses your application's default layout. If you would like
228
228
  to change the layout that Clearance uses when rendering its views, simply
229
- specify the layout in an initializer.
229
+ specify the layout in the `config/application.rb`
230
230
 
231
231
  ```ruby
232
- Clearance::PasswordsController.layout "my_passwords_layout"
233
- Clearance::SessionsController.layout "my_sessions_layout"
234
- Clearance::UsersController.layout "my_admin_layout"
232
+ config.to_prepare do
233
+ Clearance::PasswordsController.layout "my_passwords_layout"
234
+ Clearance::SessionsController.layout "my_sessions_layout"
235
+ Clearance::UsersController.layout "my_admin_layout"
236
+ end
235
237
  ```
236
238
 
237
239
  ### Translations
@@ -364,7 +366,7 @@ end
364
366
 
365
367
  If you're using RSpec, you can generate feature specs to help prevent
366
368
  regressions in Clearance's integration with your Rails app over time. These
367
- feature specs, will also require `factory_girl_rails`.
369
+ feature specs, will also require `factory_bot_rails`.
368
370
 
369
371
  To Generate the clearance specs, run:
370
372
 
@@ -433,7 +435,7 @@ redistributed under the terms specified in the [`LICENSE`] file.
433
435
 
434
436
  ## About thoughtbot
435
437
 
436
- ![thoughtbot](https://thoughtbot.com/logo.png)
438
+ ![thoughtbot](http://presskit.thoughtbot.com/images/thoughtbot-logo-for-readmes.svg)
437
439
 
438
440
  Clearance is maintained and funded by thoughtbot, inc.
439
441
  The names and logos for thoughtbot are trademarks of thoughtbot, inc.
@@ -78,7 +78,7 @@ class Clearance::PasswordsController < Clearance::BaseController
78
78
 
79
79
  def find_user_by_id_and_confirmation_token
80
80
  user_param = Clearance.configuration.user_id_parameter
81
- token = session[:password_reset_token] || params[:token]
81
+ token = params[:token] || session[:password_reset_token]
82
82
 
83
83
  Clearance.configuration.user_model.
84
84
  find_by_id_and_confirmation_token params[user_param], token.to_s
@@ -8,7 +8,7 @@ gem "ammeter"
8
8
  gem "bundler", "~> 1.3"
9
9
  gem "capybara", ">= 2.6.2"
10
10
  gem "database_cleaner", "~> 1.0"
11
- gem "factory_girl_rails", "~> 4.2"
11
+ gem "factory_bot_rails", "~> 4.8"
12
12
  gem "nokogiri", "~> 1.6.8"
13
13
  gem "rspec-rails", "~> 3.1"
14
14
  gem "shoulda-matchers", "~> 2.8"
@@ -8,7 +8,7 @@ gem "ammeter"
8
8
  gem "bundler", "~> 1.3"
9
9
  gem "capybara", ">= 2.6.2"
10
10
  gem "database_cleaner", "~> 1.0"
11
- gem "factory_girl_rails", "~> 4.2"
11
+ gem "factory_bot_rails", "~> 4.8"
12
12
  gem "nokogiri", "~> 1.6.8"
13
13
  gem "rspec-rails", "~> 3.1"
14
14
  gem "shoulda-matchers", "~> 2.8"
@@ -8,7 +8,7 @@ gem "ammeter"
8
8
  gem "bundler", "~> 1.3"
9
9
  gem "capybara", ">= 2.6.2"
10
10
  gem "database_cleaner", "~> 1.0"
11
- gem "factory_girl_rails", "~> 4.2"
11
+ gem "factory_bot_rails", "~> 4.8"
12
12
  gem "nokogiri", "~> 1.6.8"
13
13
  gem "rspec-rails", "~> 3.1"
14
14
  gem "shoulda-matchers", "~> 2.8"
@@ -8,7 +8,7 @@ gem "ammeter"
8
8
  gem "bundler", "~> 1.3"
9
9
  gem "capybara", ">= 2.6.2"
10
10
  gem "database_cleaner", "~> 1.0"
11
- gem "factory_girl_rails", "~> 4.2"
11
+ gem "factory_bot_rails", "~> 4.8"
12
12
  gem "nokogiri", "~> 1.6.8"
13
13
  gem "rspec-rails", "~> 3.1"
14
14
  gem "shoulda-matchers", "~> 2.8"
@@ -8,7 +8,7 @@ gem "ammeter"
8
8
  gem "bundler", "~> 1.3"
9
9
  gem "capybara", ">= 2.6.2"
10
10
  gem "database_cleaner", "~> 1.0"
11
- gem "factory_girl_rails", "~> 4.2"
11
+ gem "factory_bot_rails", "~> 4.8"
12
12
  gem "nokogiri", "~> 1.6.8"
13
13
  gem "rspec-rails", "~> 3.5.0.beta1"
14
14
  gem "shoulda-matchers", "~> 2.8"
@@ -3,7 +3,10 @@ module Clearance
3
3
  extend ActiveSupport::Concern
4
4
 
5
5
  included do
6
- helper_method :current_user, :signed_in?, :signed_out?
6
+ if respond_to?(:helper_method)
7
+ helper_method :current_user, :signed_in?, :signed_out?
8
+ end
9
+
7
10
  private(
8
11
  :authenticate,
9
12
  :current_user,
@@ -95,7 +95,7 @@ module Clearance
95
95
  def return_to
96
96
  if return_to_url
97
97
  uri = URI.parse(return_to_url)
98
- "#{uri.path}?#{uri.query}".chomp('?')
98
+ "#{uri.path}?#{uri.query}".chomp("?") + "##{uri.fragment}".chomp("#")
99
99
  end
100
100
  end
101
101
 
@@ -163,13 +163,13 @@ module Clearance
163
163
  def rotate_csrf_on_sign_in?
164
164
  if rotate_csrf_on_sign_in.nil?
165
165
  warn <<-EOM.squish
166
- Clearance's `rotate_csrf_on_sign_in` configration setting is unset and
166
+ Clearance's `rotate_csrf_on_sign_in` configuration setting is unset and
167
167
  will be treated as `false`. Setting this value to `true` is
168
168
  recommended to avoid session fixation attacks and will be the default
169
169
  in Clearance 2.0. It is recommended that you opt-in to this setting
170
170
  now and test your application. To silence this warning, set
171
171
  `rotate_csrf_on_sign_in` to `true` or `false` in Clearance's
172
- inializer.
172
+ initializer.
173
173
 
174
174
  For more information on session fixation, see:
175
175
  https://www.owasp.org/index.php/Session_fixation
@@ -17,12 +17,10 @@ module Clearance
17
17
  #
18
18
  # @raise [RuntimeError] if FactoryGirl is not defined.
19
19
  def sign_in
20
- unless defined?(FactoryGirl)
21
- raise("Clearance's `sign_in` helper requires factory_girl")
22
- end
20
+ constructor = factory_module("sign_in")
23
21
 
24
22
  factory = Clearance.configuration.user_model.to_s.underscore.to_sym
25
- sign_in_as FactoryGirl.create(factory)
23
+ sign_in_as constructor.create(factory)
26
24
  end
27
25
 
28
26
  # Signs in the provided user.
@@ -39,6 +37,21 @@ module Clearance
39
37
  def sign_out
40
38
  @request.env[:clearance].sign_out
41
39
  end
40
+
41
+ # Determines the appropriate factory library
42
+ #
43
+ # @api private
44
+ # @raise [RuntimeError] if both FactoryGirl and FactoryBot are not
45
+ # defined.
46
+ def factory_module(provider)
47
+ if defined?(FactoryBot)
48
+ FactoryBot
49
+ elsif defined?(FactoryGirl)
50
+ FactoryGirl
51
+ else
52
+ raise("Clearance's `#{provider}` helper requires factory_bot")
53
+ end
54
+ end
42
55
  end
43
56
  end
44
57
  end
@@ -1,3 +1,3 @@
1
1
  module Clearance
2
- VERSION = "1.16.0".freeze
2
+ VERSION = "1.16.1".freeze
3
3
  end
@@ -1,4 +1,4 @@
1
- FactoryGirl.define do
1
+ FactoryBot.define do
2
2
  sequence :email do |n|
3
3
  "user#{n}@example.com"
4
4
  end
@@ -42,7 +42,7 @@ RSpec.feature "Visitor resets password" do
42
42
  expect_mailer_to_have_delivery(
43
43
  user.email,
44
44
  "password",
45
- user.confirmation_token
45
+ user.confirmation_token,
46
46
  )
47
47
  end
48
48
 
@@ -34,12 +34,12 @@ RSpec.feature "Visitor signs in" do
34
34
  private
35
35
 
36
36
  def create_user(email, password)
37
- FactoryGirl.create(:user, email: email, password: password)
37
+ FactoryBot.create(:user, email: email, password: password)
38
38
  end
39
39
 
40
40
  def expect_page_to_display_sign_in_error
41
41
  expect(page.body).to include(
42
- I18n.t("flashes.failure_after_create", sign_up_path: sign_up_path)
42
+ I18n.t("flashes.failure_after_create", sign_up_path: sign_up_path),
43
43
  )
44
44
  end
45
45
  end
@@ -37,7 +37,7 @@ RSpec.feature "Visitor updates password" do
37
37
  def visit_password_reset_page_for(user)
38
38
  visit edit_user_password_path(
39
39
  user_id: user,
40
- token: user.confirmation_token
40
+ token: user.confirmation_token,
41
41
  )
42
42
  end
43
43
 
@@ -8,7 +8,7 @@ module Features
8
8
 
9
9
  def sign_in
10
10
  password = "password"
11
- user = FactoryGirl.create(:user, password: password)
11
+ user = FactoryBot.create(:user, password: password)
12
12
  sign_in_with user.email, password
13
13
  end
14
14
 
@@ -40,7 +40,7 @@ module Features
40
40
  end
41
41
 
42
42
  def user_with_reset_password
43
- user = FactoryGirl.create(:user)
43
+ user = FactoryBot.create(:user)
44
44
  reset_password_for user.email
45
45
  user.reload
46
46
  end
@@ -2,6 +2,6 @@ gem "rails"
2
2
  gem "sqlite3"
3
3
  gem "rspec-rails"
4
4
  gem "capybara"
5
- gem "factory_girl_rails"
5
+ gem "factory_bot_rails"
6
6
  gem "database_cleaner"
7
7
  gem "clearance", path: "../.."
@@ -14,15 +14,15 @@ describe Clearance::Testing::ControllerHelpers do
14
14
  end
15
15
 
16
16
  describe "#sign_in" do
17
- it "creates an instance of the clearance user model with FactoryGirl" do
17
+ it "creates an instance of the clearance user model with FactoryBot" do
18
18
  MyUserModel = Class.new
19
- allow(FactoryGirl).to receive(:create)
19
+ allow(FactoryBot).to receive(:create)
20
20
  allow(Clearance.configuration).to receive(:user_model).
21
21
  and_return(MyUserModel)
22
22
 
23
23
  TestClass.new.sign_in
24
24
 
25
- expect(FactoryGirl).to have_received(:create).with(:my_user_model)
25
+ expect(FactoryBot).to have_received(:create).with(:my_user_model)
26
26
  end
27
27
  end
28
28
 
@@ -99,6 +99,19 @@ describe Clearance::PasswordsController do
99
99
  expect(flash.now[:notice]).to match(/double check the URL/i)
100
100
  end
101
101
  end
102
+
103
+ context "old token in session and recent token in params" do
104
+ it "updates password reset session and redirect to edit page" do
105
+ user = create(:user, :with_forgotten_password)
106
+ request.session[:password_reset_token] = user.confirmation_token
107
+
108
+ user.forgot_password!
109
+ get :edit, user_id: user.id, token: user.reload.confirmation_token
110
+
111
+ expect(response).to redirect_to(edit_user_password_url(user))
112
+ expect(session[:password_reset_token]).to eq(user.confirmation_token)
113
+ end
114
+ end
102
115
  end
103
116
 
104
117
  describe "#update" do
@@ -54,15 +54,34 @@ describe Clearance::SessionsController do
54
54
  end
55
55
 
56
56
  context "with good credentials and a session return url" do
57
- before do
58
- @user = create(:user)
59
- @return_url = "/url_in_the_session?foo=bar"
60
- @request.session[:return_to] = @return_url
61
- post :create, session: { email: @user.email, password: @user.password }
57
+ it "redirects to the return URL maintaining query and fragment" do
58
+ user = create(:user)
59
+ return_url = "/url_in_the_session?foo=bar#baz"
60
+ request.session[:return_to] = return_url
61
+
62
+ post :create, session: { email: user.email, password: user.password }
63
+
64
+ should redirect_to(return_url)
65
+ end
66
+
67
+ it "redirects to the return URL maintaining query without fragment" do
68
+ user = create(:user)
69
+ return_url = "/url_in_the_session?foo=bar"
70
+ request.session[:return_to] = return_url
71
+
72
+ post :create, session: { email: user.email, password: user.password }
73
+
74
+ should redirect_to(return_url)
62
75
  end
63
76
 
64
- it "redirects to the return URL" do
65
- should redirect_to(@return_url)
77
+ it "redirects to the return URL without query or fragment" do
78
+ user = create(:user)
79
+ return_url = "/url_in_the_session"
80
+ request.session[:return_to] = return_url
81
+
82
+ post :create, session: { email: user.email, password: user.password }
83
+
84
+ should redirect_to(return_url)
66
85
  end
67
86
  end
68
87
  end
@@ -36,7 +36,7 @@ describe Clearance::UsersController do
36
36
  context "when signed out" do
37
37
  context "with valid attributes" do
38
38
  it "assigns and creates a user then redirects to the redirect_url" do
39
- user_attributes = FactoryGirl.attributes_for(:user)
39
+ user_attributes = FactoryBot.attributes_for(:user)
40
40
  old_user_count = User.count
41
41
 
42
42
  post :create, user: user_attributes
@@ -49,7 +49,7 @@ describe Clearance::UsersController do
49
49
 
50
50
  context "with valid attributes and a session return url" do
51
51
  it "assigns and creates a user then redirects to the return_url" do
52
- user_attributes = FactoryGirl.attributes_for(:user)
52
+ user_attributes = FactoryBot.attributes_for(:user)
53
53
  old_user_count = User.count
54
54
  return_url = "/url_in_the_session"
55
55
  @request.session[:return_to] = return_url
@@ -1,4 +1,4 @@
1
- FactoryGirl.define do
1
+ FactoryBot.define do
2
2
  sequence :email do |n|
3
3
  "user#{n}@example.com"
4
4
  end
@@ -4,7 +4,7 @@ require "rails/all"
4
4
  require "dummy/application"
5
5
 
6
6
  require "clearance/rspec"
7
- require "factory_girl_rails"
7
+ require "factory_bot_rails"
8
8
  require "rspec/rails"
9
9
  require "shoulda-matchers"
10
10
  require "timecop"
@@ -14,7 +14,7 @@ Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
14
14
  Dummy::Application.initialize!
15
15
 
16
16
  RSpec.configure do |config|
17
- config.include FactoryGirl::Syntax::Methods
17
+ config.include FactoryBot::Syntax::Methods
18
18
  config.infer_spec_type_from_file_location!
19
19
  config.order = :random
20
20
  config.use_transactional_fixtures = true
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: clearance
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.16.0
4
+ version: 1.16.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dan Croak
@@ -25,7 +25,7 @@ authors:
25
25
  autorequire:
26
26
  bindir: bin
27
27
  cert_chain: []
28
- date: 2017-01-16 00:00:00.000000000 Z
28
+ date: 2017-11-02 00:00:00.000000000 Z
29
29
  dependencies:
30
30
  - !ruby/object:Gem::Dependency
31
31
  name: bcrypt
@@ -246,7 +246,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
246
246
  version: '0'
247
247
  requirements: []
248
248
  rubyforge_project:
249
- rubygems_version: 2.4.8
249
+ rubygems_version: 2.6.14
250
250
  signing_key:
251
251
  specification_version: 4
252
252
  summary: Rails authentication & authorization with email & password.