clearance 1.16.0 → 1.16.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4600924513a7c46fd73ebf5028b704bbff640f50
-  data.tar.gz: cb14d831486ab789f5a05e57787b3bcf7bd86be3
+  metadata.gz: c55f04f730c07adadee693dd2f707d07840e04ec
+  data.tar.gz: 87f6f73dd8258afb514ee7b0b2e6e7fde98d5c27
 SHA512:
-  metadata.gz: a3badd570870c53b355ea9bbd915bfc283064fdbd06cc97947bd6b01bf514b2f8fa4395545d4b9487fb8c0cb3eaf0f5e86487abb227cdf36d09ef57d1d104dfa
-  data.tar.gz: 61d3af42b4d82470966ad8b0f805ec656e6afb98f4c1ad5c0db5398f7b85e71a8c2f5bbb49cf838aff67e43255223791e9e86bc6741865e0b572bb5f0937899b
+  metadata.gz: 2084452e4def60daed56e01ccd543532f0073148dd58f6bc23da861e296985addd1e66d4ab44e30e519435cf7eba618e028de77ed7772cf3db6f91976f006ad1
+  data.tar.gz: 0c54e951be1f20610ca47a1184c0af2b9eec61180872e19fa51d2e1180ec84209f0b783ef1d0da34934c9f5e348eefd7f3138b3e1ece07c65e1705b7617c54a4

data/.travis.yml

@@ -30,6 +30,10 @@ matrix:
     - rvm: 2.3.0
       gemfile: gemfiles/rails32.gemfile
 
+before_install:
+  - gem update --system
+  - gem update bundler
+
 install:
   - "bin/setup"
 

data/Gemfile

@@ -8,7 +8,7 @@ gem 'ammeter'
 gem 'bundler', '~> 1.3'
 gem 'capybara', '>= 2.6.2'
 gem 'database_cleaner', '~> 1.0'
-gem 'factory_girl_rails', '~> 4.2'
+gem 'factory_bot_rails', '~> 4.8'
 gem 'nokogiri', '~> 1.6.8'
 gem 'rspec-rails', '~> 3.1'
 gem 'shoulda-matchers', '~> 2.8'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (1.16.0)
+    clearance (1.16.1)
       bcrypt
       email_validator (~> 1.4)
       rails (>= 3.1)
@@ -64,29 +64,30 @@ GEM
       rack-test (>= 0.5.4)
       xpath (~> 2.0)
     coderay (1.1.1)
-    concurrent-ruby (1.0.4)
+    concurrent-ruby (1.0.5)
     database_cleaner (1.5.3)
     diff-lcs (1.2.5)
     email_validator (1.6.0)
       activemodel
     erubis (2.7.0)
-    factory_girl (4.7.0)
+    factory_bot (4.8.2)
       activesupport (>= 3.0.0)
-    factory_girl_rails (4.7.0)
-      factory_girl (~> 4.7.0)
+    factory_bot_rails (4.8.2)
+      factory_bot (~> 4.8.2)
       railties (>= 3.0.0)
-    globalid (0.3.7)
-      activesupport (>= 4.1.0)
+    globalid (0.4.1)
+      activesupport (>= 4.2.0)
     i18n (0.7.0)
     json (1.8.6)
     loofah (2.0.3)
       nokogiri (>= 1.5.9)
-    mail (2.6.4)
-      mime-types (>= 1.16, < 4)
+    mail (2.7.0)
+      mini_mime (>= 0.1.1)
     method_source (0.8.2)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
+    mini_mime (0.1.4)
     mini_portile2 (2.1.0)
     minitest (5.10.1)
     nokogiri (1.6.8.1)
@@ -146,7 +147,7 @@ GEM
     sprockets (3.7.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
-    sprockets-rails (3.2.0)
+    sprockets-rails (3.2.1)
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
@@ -170,7 +171,7 @@ DEPENDENCIES
   capybara (>= 2.6.2)
   clearance!
   database_cleaner (~> 1.0)
-  factory_girl_rails (~> 4.2)
+  factory_bot_rails (~> 4.8)
   nokogiri (~> 1.6.8)
   pry
   rspec-rails (~> 3.1)
@@ -179,4 +180,4 @@ DEPENDENCIES
   timecop (~> 0.6)
 
 BUNDLED WITH
-   1.10.6
+   1.15.4

data/NEWS.md

@@ -3,6 +3,20 @@
 The noteworthy changes for each Clearance version are included here. For a
 complete changelog, see the git history for each version via the version links.
 
+## [1.16.1] - November 2, 2017
+
+### Fixed
+- Fixed issue where tokens from abandoned password reset attempts were stored in
+  the session, preventing newly generated password reset tokens from working.
+- Improve compatibility with Rails API projects by calling `helper_method` only
+  when it is defined.
+- URL fragment in server-set `session[:return_to]` values are preserved when
+  redirecting to the stored value.
+- Eliminated deprecation in Clearance test helpers that were related to the
+  renaming of FactoryGirl to FactoryBot.
+
+[1.16.1]: https://github.com/thoughtbot/clearance/compare/v1.16.0...v1.16.1
+
 ## [1.16.0] - January 16, 2017
 
 ### Security

data/README.md

@@ -226,12 +226,14 @@ $ rails generate clearance:views
 
 By default, Clearance uses your application's default layout. If you would like
 to change the layout that Clearance uses when rendering its views, simply
-specify the layout in an initializer.
+specify the layout in the `config/application.rb`
 
 ```ruby
-Clearance::PasswordsController.layout "my_passwords_layout"
-Clearance::SessionsController.layout "my_sessions_layout"
-Clearance::UsersController.layout "my_admin_layout"
+config.to_prepare do
+  Clearance::PasswordsController.layout "my_passwords_layout"
+  Clearance::SessionsController.layout "my_sessions_layout"
+  Clearance::UsersController.layout "my_admin_layout"
+end
 ```
 
 ### Translations
@@ -364,7 +366,7 @@ end
 
 If you're using RSpec, you can generate feature specs to help prevent
 regressions in Clearance's integration with your Rails app over time. These
-feature specs, will also require `factory_girl_rails`.
+feature specs, will also require `factory_bot_rails`.
 
 To Generate the clearance specs, run:
 
@@ -433,7 +435,7 @@ redistributed under the terms specified in the [`LICENSE`] file.
 
 ## About thoughtbot
 
-![thoughtbot](https://thoughtbot.com/logo.png)
+![thoughtbot](http://presskit.thoughtbot.com/images/thoughtbot-logo-for-readmes.svg)
 
 Clearance is maintained and funded by thoughtbot, inc.
 The names and logos for thoughtbot are trademarks of thoughtbot, inc.

data/app/controllers/clearance/passwords_controller.rb

@@ -78,7 +78,7 @@ class Clearance::PasswordsController < Clearance::BaseController
 
   def find_user_by_id_and_confirmation_token
     user_param = Clearance.configuration.user_id_parameter
-    token = session[:password_reset_token] || params[:token]
+    token = params[:token] || session[:password_reset_token]
 
     Clearance.configuration.user_model.
       find_by_id_and_confirmation_token params[user_param], token.to_s

data/gemfiles/rails32.gemfile

@@ -8,7 +8,7 @@ gem "ammeter"
 gem "bundler", "~> 1.3"
 gem "capybara", ">= 2.6.2"
 gem "database_cleaner", "~> 1.0"
-gem "factory_girl_rails", "~> 4.2"
+gem "factory_bot_rails", "~> 4.8"
 gem "nokogiri", "~> 1.6.8"
 gem "rspec-rails", "~> 3.1"
 gem "shoulda-matchers", "~> 2.8"

data/gemfiles/rails40.gemfile

@@ -8,7 +8,7 @@ gem "ammeter"
 gem "bundler", "~> 1.3"
 gem "capybara", ">= 2.6.2"
 gem "database_cleaner", "~> 1.0"
-gem "factory_girl_rails", "~> 4.2"
+gem "factory_bot_rails", "~> 4.8"
 gem "nokogiri", "~> 1.6.8"
 gem "rspec-rails", "~> 3.1"
 gem "shoulda-matchers", "~> 2.8"

data/gemfiles/rails41.gemfile

@@ -8,7 +8,7 @@ gem "ammeter"
 gem "bundler", "~> 1.3"
 gem "capybara", ">= 2.6.2"
 gem "database_cleaner", "~> 1.0"
-gem "factory_girl_rails", "~> 4.2"
+gem "factory_bot_rails", "~> 4.8"
 gem "nokogiri", "~> 1.6.8"
 gem "rspec-rails", "~> 3.1"
 gem "shoulda-matchers", "~> 2.8"

data/gemfiles/rails42.gemfile

@@ -8,7 +8,7 @@ gem "ammeter"
 gem "bundler", "~> 1.3"
 gem "capybara", ">= 2.6.2"
 gem "database_cleaner", "~> 1.0"
-gem "factory_girl_rails", "~> 4.2"
+gem "factory_bot_rails", "~> 4.8"
 gem "nokogiri", "~> 1.6.8"
 gem "rspec-rails", "~> 3.1"
 gem "shoulda-matchers", "~> 2.8"

data/gemfiles/rails50.gemfile

@@ -8,7 +8,7 @@ gem "ammeter"
 gem "bundler", "~> 1.3"
 gem "capybara", ">= 2.6.2"
 gem "database_cleaner", "~> 1.0"
-gem "factory_girl_rails", "~> 4.2"
+gem "factory_bot_rails", "~> 4.8"
 gem "nokogiri", "~> 1.6.8"
 gem "rspec-rails", "~> 3.5.0.beta1"
 gem "shoulda-matchers", "~> 2.8"

data/lib/clearance/authentication.rb

@@ -3,7 +3,10 @@ module Clearance
     extend ActiveSupport::Concern
 
     included do
-      helper_method :current_user, :signed_in?, :signed_out?
+      if respond_to?(:helper_method)
+        helper_method :current_user, :signed_in?, :signed_out?
+      end
+
       private(
         :authenticate,
         :current_user,

data/lib/clearance/authorization.rb

@@ -95,7 +95,7 @@ module Clearance
     def return_to
       if return_to_url
         uri = URI.parse(return_to_url)
-        "#{uri.path}?#{uri.query}".chomp('?')
+        "#{uri.path}?#{uri.query}".chomp("?") + "##{uri.fragment}".chomp("#")
       end
     end
 

data/lib/clearance/configuration.rb

@@ -163,13 +163,13 @@ module Clearance
     def rotate_csrf_on_sign_in?
       if rotate_csrf_on_sign_in.nil?
         warn <<-EOM.squish
-          Clearance's `rotate_csrf_on_sign_in` configration setting is unset and
+          Clearance's `rotate_csrf_on_sign_in` configuration setting is unset and
           will be treated as `false`. Setting this value to `true` is
           recommended to avoid session fixation attacks and will be the default
           in Clearance 2.0. It is recommended that you opt-in to this setting
           now and test your application. To silence this warning, set
           `rotate_csrf_on_sign_in` to `true` or `false` in Clearance's
-          inializer.
+          initializer.
 
           For more information on session fixation, see:
             https://www.owasp.org/index.php/Session_fixation

data/lib/clearance/testing/controller_helpers.rb

@@ -17,12 +17,10 @@ module Clearance
       #
       # @raise [RuntimeError] if FactoryGirl is not defined.
       def sign_in
-        unless defined?(FactoryGirl)
-          raise("Clearance's `sign_in` helper requires factory_girl")
-        end
+        constructor = factory_module("sign_in")
 
         factory = Clearance.configuration.user_model.to_s.underscore.to_sym
-        sign_in_as FactoryGirl.create(factory)
+        sign_in_as constructor.create(factory)
       end
 
       # Signs in the provided user.
@@ -39,6 +37,21 @@ module Clearance
       def sign_out
         @request.env[:clearance].sign_out
       end
+
+      # Determines the appropriate factory library
+      #
+      # @api private
+      # @raise [RuntimeError] if both FactoryGirl and FactoryBot are not
+      #   defined.
+      def factory_module(provider)
+        if defined?(FactoryBot)
+          FactoryBot
+        elsif defined?(FactoryGirl)
+          FactoryGirl
+        else
+          raise("Clearance's `#{provider}` helper requires factory_bot")
+        end
+      end
     end
   end
 end

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "1.16.0".freeze
+  VERSION = "1.16.1".freeze
 end

data/lib/generators/clearance/specs/templates/factories/clearance.rb

@@ -1,4 +1,4 @@
-FactoryGirl.define do
+FactoryBot.define do
   sequence :email do |n|
     "user#{n}@example.com"
   end

data/lib/generators/clearance/specs/templates/features/clearance/visitor_resets_password_spec.rb.tt

@@ -42,7 +42,7 @@ RSpec.feature "Visitor resets password" do
     expect_mailer_to_have_delivery(
       user.email,
       "password",
-      user.confirmation_token
+      user.confirmation_token,
     )
   end
 

data/lib/generators/clearance/specs/templates/features/clearance/visitor_signs_in_spec.rb.tt

@@ -34,12 +34,12 @@ RSpec.feature "Visitor signs in" do
   private
 
   def create_user(email, password)
-    FactoryGirl.create(:user, email: email, password: password)
+    FactoryBot.create(:user, email: email, password: password)
   end
 
   def expect_page_to_display_sign_in_error
     expect(page.body).to include(
-      I18n.t("flashes.failure_after_create", sign_up_path: sign_up_path)
+      I18n.t("flashes.failure_after_create", sign_up_path: sign_up_path),
     )
   end
 end

data/lib/generators/clearance/specs/templates/features/clearance/visitor_updates_password_spec.rb.tt

@@ -37,7 +37,7 @@ RSpec.feature "Visitor updates password" do
   def visit_password_reset_page_for(user)
     visit edit_user_password_path(
       user_id: user,
-      token: user.confirmation_token
+      token: user.confirmation_token,
     )
   end
 

data/lib/generators/clearance/specs/templates/support/features/clearance_helpers.rb

@@ -8,7 +8,7 @@ module Features
 
     def sign_in
       password = "password"
-      user = FactoryGirl.create(:user, password: password)
+      user = FactoryBot.create(:user, password: password)
       sign_in_with user.email, password
     end
 
@@ -40,7 +40,7 @@ module Features
     end
 
     def user_with_reset_password
-      user = FactoryGirl.create(:user)
+      user = FactoryBot.create(:user)
       reset_password_for user.email
       user.reload
     end

data/spec/app_templates/testapp/Gemfile

@@ -2,6 +2,6 @@ gem "rails"
 gem "sqlite3"
 gem "rspec-rails"
 gem "capybara"
-gem "factory_girl_rails"
+gem "factory_bot_rails"
 gem "database_cleaner"
 gem "clearance", path: "../.."

data/spec/clearance/testing/controller_helpers_spec.rb

@@ -14,15 +14,15 @@ describe Clearance::Testing::ControllerHelpers do
   end
 
   describe "#sign_in" do
-    it "creates an instance of the clearance user model with FactoryGirl" do
+    it "creates an instance of the clearance user model with FactoryBot" do
       MyUserModel = Class.new
-      allow(FactoryGirl).to receive(:create)
+      allow(FactoryBot).to receive(:create)
       allow(Clearance.configuration).to receive(:user_model).
         and_return(MyUserModel)
 
       TestClass.new.sign_in
 
-      expect(FactoryGirl).to have_received(:create).with(:my_user_model)
+      expect(FactoryBot).to have_received(:create).with(:my_user_model)
     end
   end
 

data/spec/controllers/passwords_controller_spec.rb

@@ -99,6 +99,19 @@ describe Clearance::PasswordsController do
         expect(flash.now[:notice]).to match(/double check the URL/i)
       end
     end
+
+    context "old token in session and recent token in params" do
+      it "updates password reset session and redirect to edit page" do
+        user = create(:user, :with_forgotten_password)
+        request.session[:password_reset_token] = user.confirmation_token
+
+        user.forgot_password!
+        get :edit, user_id: user.id, token: user.reload.confirmation_token
+
+        expect(response).to redirect_to(edit_user_password_url(user))
+        expect(session[:password_reset_token]).to eq(user.confirmation_token)
+      end
+    end
   end
 
   describe "#update" do

data/spec/controllers/sessions_controller_spec.rb

@@ -54,15 +54,34 @@ describe Clearance::SessionsController do
     end
 
     context "with good credentials and a session return url" do
-      before do
-        @user = create(:user)
-        @return_url = "/url_in_the_session?foo=bar"
-        @request.session[:return_to] = @return_url
-        post :create, session: { email: @user.email, password: @user.password }
+      it "redirects to the return URL maintaining query and fragment" do
+        user = create(:user)
+        return_url = "/url_in_the_session?foo=bar#baz"
+        request.session[:return_to] = return_url
+
+        post :create, session: { email: user.email, password: user.password }
+
+        should redirect_to(return_url)
+      end
+
+      it "redirects to the return URL maintaining query without fragment" do
+        user = create(:user)
+        return_url = "/url_in_the_session?foo=bar"
+        request.session[:return_to] = return_url
+
+        post :create, session: { email: user.email, password: user.password }
+
+        should redirect_to(return_url)
       end
 
-      it "redirects to the return URL" do
-        should redirect_to(@return_url)
+      it "redirects to the return URL without query or fragment" do
+        user = create(:user)
+        return_url = "/url_in_the_session"
+        request.session[:return_to] = return_url
+
+        post :create, session: { email: user.email, password: user.password }
+
+        should redirect_to(return_url)
       end
     end
   end

data/spec/controllers/users_controller_spec.rb

@@ -36,7 +36,7 @@ describe Clearance::UsersController do
     context "when signed out" do
       context "with valid attributes" do
         it "assigns and creates a user then redirects to the redirect_url" do
-          user_attributes = FactoryGirl.attributes_for(:user)
+          user_attributes = FactoryBot.attributes_for(:user)
           old_user_count = User.count
 
           post :create, user: user_attributes
@@ -49,7 +49,7 @@ describe Clearance::UsersController do
 
       context "with valid attributes and a session return url" do
         it "assigns and creates a user then redirects to the return_url" do
-          user_attributes = FactoryGirl.attributes_for(:user)
+          user_attributes = FactoryBot.attributes_for(:user)
           old_user_count = User.count
           return_url = "/url_in_the_session"
           @request.session[:return_to] = return_url

data/spec/factories.rb

@@ -1,4 +1,4 @@
-FactoryGirl.define do
+FactoryBot.define do
   sequence :email do |n|
     "user#{n}@example.com"
   end

data/spec/spec_helper.rb

@@ -4,7 +4,7 @@ require "rails/all"
 require "dummy/application"
 
 require "clearance/rspec"
-require "factory_girl_rails"
+require "factory_bot_rails"
 require "rspec/rails"
 require "shoulda-matchers"
 require "timecop"
@@ -14,7 +14,7 @@ Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
 Dummy::Application.initialize!
 
 RSpec.configure do |config|
-  config.include FactoryGirl::Syntax::Methods
+  config.include FactoryBot::Syntax::Methods
   config.infer_spec_type_from_file_location!
   config.order = :random
   config.use_transactional_fixtures = true

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 1.16.0
+  version: 1.16.1
 platform: ruby
 authors:
 - Dan Croak
@@ -25,7 +25,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-16 00:00:00.000000000 Z
+date: 2017-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -246,7 +246,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: Rails authentication & authorization with email & password.