clearance 1.16.1 → 1.16.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of clearance might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.travis.yml +13 -24
- data/Appraisals +13 -27
- data/Gemfile +5 -5
- data/Gemfile.lock +117 -135
- data/NEWS.md +15 -0
- data/README.md +15 -5
- data/app/views/layouts/application.html.erb +0 -1
- data/clearance.gemspec +5 -2
- data/config/locales/clearance.en.yml +4 -0
- data/gemfiles/rails_4.2.gemfile +20 -0
- data/gemfiles/rails_5.0.gemfile +21 -0
- data/gemfiles/rails_5.1.gemfile +21 -0
- data/gemfiles/rails_5.2.gemfile +21 -0
- data/lib/clearance/back_door.rb +4 -0
- data/lib/clearance/configuration.rb +1 -1
- data/lib/clearance/engine.rb +1 -1
- data/lib/clearance/password_strategies/blowfish.rb +1 -1
- data/lib/clearance/session.rb +16 -12
- data/lib/clearance/user.rb +1 -0
- data/lib/clearance/version.rb +1 -1
- data/lib/generators/clearance/install/install_generator.rb +4 -4
- data/lib/generators/clearance/install/templates/README +1 -1
- data/lib/generators/clearance/install/templates/db/migrate/{add_clearance_to_users.rb → add_clearance_to_users.rb.erb} +0 -0
- data/lib/generators/clearance/install/templates/db/migrate/{create_users.rb → create_users.rb.erb} +0 -0
- data/lib/generators/clearance/specs/templates/factories/clearance.rb +1 -1
- data/spec/acceptance/clearance_installation_spec.rb +13 -8
- data/spec/clearance/back_door_spec.rb +10 -0
- data/spec/clearance/session_spec.rb +1 -0
- data/spec/controllers/forgeries_controller_spec.rb +6 -2
- data/spec/controllers/passwords_controller_spec.rb +46 -24
- data/spec/controllers/sessions_controller_spec.rb +15 -5
- data/spec/controllers/users_controller_spec.rb +14 -6
- data/spec/dummy/application.rb +5 -11
- data/spec/factories.rb +4 -4
- data/spec/{user_spec.rb → models/user_spec.rb} +1 -1
- data/spec/password_strategies/blowfish_spec.rb +1 -1
- data/spec/requests/cookie_options_spec.rb +52 -0
- data/spec/requests/csrf_rotation_spec.rb +3 -1
- data/spec/requests/password_maintenance_spec.rb +18 -0
- data/spec/requests/token_expiration_spec.rb +54 -0
- data/spec/spec_helper.rb +9 -0
- data/spec/support/environment.rb +12 -0
- data/spec/support/http_method_shim.rb +13 -11
- data/spec/support/request_with_remember_token.rb +5 -0
- metadata +58 -13
- data/gemfiles/rails32.gemfile +0 -20
- data/gemfiles/rails40.gemfile +0 -22
- data/gemfiles/rails41.gemfile +0 -21
- data/gemfiles/rails42.gemfile +0 -21
- data/gemfiles/rails50.gemfile +0 -21
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: eee44dd7c0385116b9826c9bb14cfddf034a0a9aa46ee2535af2da1f6ee77094
|
4
|
+
data.tar.gz: cfe86952de1ec17473707638dfe70858790d0567c7ec5cf90fc486b2da6824b9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d1b61514574a5b9d164aad8bac7b1e33eb00aed80a53362fbfe84b8f8ae8279d4b902c212616571f1f6cd7d1e2133e26edd3b2ff2991d48edeedddac84644e93
|
7
|
+
data.tar.gz: 60b43d39aaa046e6962557d83a95199da5190df3114a958a8938e632530c6dd8500b41eb5d026f0210a8c24078e20792cc57e032ebaf08772a54c4750646788a
|
data/.travis.yml
CHANGED
@@ -4,35 +4,19 @@ language:
|
|
4
4
|
- ruby
|
5
5
|
|
6
6
|
rvm:
|
7
|
-
-
|
8
|
-
- 2.
|
9
|
-
- 2.
|
10
|
-
- 2.
|
11
|
-
- 2.3.0
|
7
|
+
- 2.3.8
|
8
|
+
- 2.4.5
|
9
|
+
- 2.5.3
|
10
|
+
- 2.6.1
|
12
11
|
|
13
12
|
gemfile:
|
14
|
-
- gemfiles/
|
15
|
-
- gemfiles/
|
16
|
-
- gemfiles/
|
17
|
-
- gemfiles/
|
18
|
-
- gemfiles/rails50.gemfile
|
19
|
-
|
20
|
-
matrix:
|
21
|
-
exclude:
|
22
|
-
- rvm: 1.9.3
|
23
|
-
gemfile: gemfiles/rails50.gemfile
|
24
|
-
- rvm: 2.0.0
|
25
|
-
gemfile: gemfiles/rails50.gemfile
|
26
|
-
- rvm: 2.1.8
|
27
|
-
gemfile: gemfiles/rails50.gemfile
|
28
|
-
- rvm: 2.2.4
|
29
|
-
gemfile: gemfiles/rails32.gemfile
|
30
|
-
- rvm: 2.3.0
|
31
|
-
gemfile: gemfiles/rails32.gemfile
|
13
|
+
- gemfiles/rails_4.2.gemfile
|
14
|
+
- gemfiles/rails_5.0.gemfile
|
15
|
+
- gemfiles/rails_5.1.gemfile
|
16
|
+
- gemfiles/rails_5.2.gemfile
|
32
17
|
|
33
18
|
before_install:
|
34
19
|
- gem update --system
|
35
|
-
- gem update bundler
|
36
20
|
|
37
21
|
install:
|
38
22
|
- "bin/setup"
|
@@ -42,4 +26,9 @@ branches:
|
|
42
26
|
- master
|
43
27
|
- 2.0
|
44
28
|
|
29
|
+
matrix:
|
30
|
+
allow_failures:
|
31
|
+
- gemfile: gemfiles/rails_4.2.gemfile
|
32
|
+
rvm: 2.6.1
|
33
|
+
|
45
34
|
sudo: false
|
data/Appraisals
CHANGED
@@ -1,29 +1,15 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
gem 'rails', '~> 4.1.9'
|
15
|
-
gem 'mime-types', '~> 2.99'
|
16
|
-
end
|
17
|
-
|
18
|
-
appraise 'rails42' do
|
19
|
-
gem 'rails', '~> 4.2.0'
|
20
|
-
gem 'mime-types', '~> 2.99'
|
21
|
-
end
|
22
|
-
|
23
|
-
if RUBY_VERSION >= "2.2.0"
|
24
|
-
appraise "rails50" do
|
25
|
-
gem "rails", "~> 5.0.0.beta3"
|
26
|
-
gem "rails-controller-testing"
|
27
|
-
gem "rspec-rails", "~> 3.5.0.beta1"
|
1
|
+
rails_versions = %w(
|
2
|
+
4.2
|
3
|
+
5.0
|
4
|
+
5.1
|
5
|
+
5.2
|
6
|
+
)
|
7
|
+
|
8
|
+
rails_versions.each do |version|
|
9
|
+
appraise "rails_#{version}" do
|
10
|
+
gem "railties", "~> #{version}.0"
|
11
|
+
if Gem::Version.new(version) >= Gem::Version.new("5.0")
|
12
|
+
gem "rails-controller-testing"
|
13
|
+
end
|
28
14
|
end
|
29
15
|
end
|
data/Gemfile
CHANGED
@@ -2,16 +2,16 @@ source 'https://rubygems.org'
|
|
2
2
|
|
3
3
|
gemspec
|
4
4
|
|
5
|
-
gem 'addressable', '~> 2.
|
5
|
+
gem 'addressable', '~> 2.6.0'
|
6
6
|
gem 'appraisal'
|
7
7
|
gem 'ammeter'
|
8
8
|
gem 'bundler', '~> 1.3'
|
9
9
|
gem 'capybara', '>= 2.6.2'
|
10
10
|
gem 'database_cleaner', '~> 1.0'
|
11
|
-
gem 'factory_bot_rails', '~>
|
12
|
-
gem 'nokogiri', '~> 1.
|
11
|
+
gem 'factory_bot_rails', '~> 5.0'
|
12
|
+
gem 'nokogiri', '~> 1.10.0'
|
13
13
|
gem 'rspec-rails', '~> 3.1'
|
14
|
-
gem 'shoulda-matchers', '~>
|
15
|
-
gem 'sqlite3', '~> 1.3'
|
14
|
+
gem 'shoulda-matchers', '~> 4.0'
|
15
|
+
gem 'sqlite3', '~> 1.3.13'
|
16
16
|
gem 'timecop', '~> 0.6'
|
17
17
|
gem 'pry', require: false
|
data/Gemfile.lock
CHANGED
@@ -1,183 +1,165 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
clearance (1.16.
|
4
|
+
clearance (1.16.2)
|
5
|
+
actionmailer (>= 3.1)
|
6
|
+
activemodel (>= 3.1)
|
7
|
+
activerecord (>= 3.1)
|
5
8
|
bcrypt
|
6
9
|
email_validator (~> 1.4)
|
7
|
-
|
10
|
+
railties (>= 3.1)
|
8
11
|
|
9
12
|
GEM
|
10
13
|
remote: https://rubygems.org/
|
11
14
|
specs:
|
12
|
-
actionmailer (
|
13
|
-
actionpack (=
|
14
|
-
actionview (=
|
15
|
-
activejob (=
|
15
|
+
actionmailer (5.2.2)
|
16
|
+
actionpack (= 5.2.2)
|
17
|
+
actionview (= 5.2.2)
|
18
|
+
activejob (= 5.2.2)
|
16
19
|
mail (~> 2.5, >= 2.5.4)
|
17
|
-
rails-dom-testing (~>
|
18
|
-
actionpack (
|
19
|
-
actionview (=
|
20
|
-
activesupport (=
|
21
|
-
rack (~>
|
22
|
-
rack-test (
|
23
|
-
rails-dom-testing (~>
|
20
|
+
rails-dom-testing (~> 2.0)
|
21
|
+
actionpack (5.2.2)
|
22
|
+
actionview (= 5.2.2)
|
23
|
+
activesupport (= 5.2.2)
|
24
|
+
rack (~> 2.0)
|
25
|
+
rack-test (>= 0.6.3)
|
26
|
+
rails-dom-testing (~> 2.0)
|
24
27
|
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
25
|
-
actionview (
|
26
|
-
activesupport (=
|
28
|
+
actionview (5.2.2)
|
29
|
+
activesupport (= 5.2.2)
|
27
30
|
builder (~> 3.1)
|
28
|
-
|
29
|
-
rails-dom-testing (~>
|
30
|
-
rails-html-sanitizer (~> 1.0, >= 1.0.
|
31
|
-
activejob (
|
32
|
-
activesupport (=
|
33
|
-
globalid (>= 0.3.
|
34
|
-
activemodel (
|
35
|
-
activesupport (=
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
i18n (
|
43
|
-
json (~> 1.7, >= 1.7.7)
|
31
|
+
erubi (~> 1.4)
|
32
|
+
rails-dom-testing (~> 2.0)
|
33
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.3)
|
34
|
+
activejob (5.2.2)
|
35
|
+
activesupport (= 5.2.2)
|
36
|
+
globalid (>= 0.3.6)
|
37
|
+
activemodel (5.2.2)
|
38
|
+
activesupport (= 5.2.2)
|
39
|
+
activerecord (5.2.2)
|
40
|
+
activemodel (= 5.2.2)
|
41
|
+
activesupport (= 5.2.2)
|
42
|
+
arel (>= 9.0)
|
43
|
+
activesupport (5.2.2)
|
44
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
45
|
+
i18n (>= 0.7, < 2)
|
44
46
|
minitest (~> 5.1)
|
45
|
-
thread_safe (~> 0.3, >= 0.3.4)
|
46
47
|
tzinfo (~> 1.1)
|
47
|
-
addressable (2.
|
48
|
-
|
48
|
+
addressable (2.6.0)
|
49
|
+
public_suffix (>= 2.0.2, < 4.0)
|
50
|
+
ammeter (1.1.4)
|
49
51
|
activesupport (>= 3.0)
|
50
52
|
railties (>= 3.0)
|
51
53
|
rspec-rails (>= 2.2)
|
52
|
-
appraisal (2.
|
54
|
+
appraisal (2.2.0)
|
53
55
|
bundler
|
54
56
|
rake
|
55
57
|
thor (>= 0.14.0)
|
56
|
-
arel (
|
57
|
-
bcrypt (3.1.
|
58
|
+
arel (9.0.0)
|
59
|
+
bcrypt (3.1.12)
|
58
60
|
builder (3.2.3)
|
59
|
-
capybara (
|
61
|
+
capybara (3.13.2)
|
60
62
|
addressable
|
61
|
-
|
62
|
-
nokogiri (
|
63
|
-
rack (>= 1.
|
64
|
-
rack-test (>= 0.
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
63
|
+
mini_mime (>= 0.1.3)
|
64
|
+
nokogiri (~> 1.8)
|
65
|
+
rack (>= 1.6.0)
|
66
|
+
rack-test (>= 0.6.3)
|
67
|
+
regexp_parser (~> 1.2)
|
68
|
+
xpath (~> 3.2)
|
69
|
+
coderay (1.1.2)
|
70
|
+
concurrent-ruby (1.1.4)
|
71
|
+
crass (1.0.4)
|
72
|
+
database_cleaner (1.7.0)
|
73
|
+
diff-lcs (1.3)
|
70
74
|
email_validator (1.6.0)
|
71
75
|
activemodel
|
72
|
-
|
73
|
-
factory_bot (
|
74
|
-
activesupport (>=
|
75
|
-
factory_bot_rails (
|
76
|
-
factory_bot (~>
|
77
|
-
railties (>=
|
78
|
-
globalid (0.4.
|
76
|
+
erubi (1.8.0)
|
77
|
+
factory_bot (5.0.2)
|
78
|
+
activesupport (>= 4.2.0)
|
79
|
+
factory_bot_rails (5.0.1)
|
80
|
+
factory_bot (~> 5.0.0)
|
81
|
+
railties (>= 4.2.0)
|
82
|
+
globalid (0.4.2)
|
79
83
|
activesupport (>= 4.2.0)
|
80
|
-
i18n (
|
81
|
-
|
82
|
-
loofah (2.
|
84
|
+
i18n (1.5.3)
|
85
|
+
concurrent-ruby (~> 1.0)
|
86
|
+
loofah (2.2.3)
|
87
|
+
crass (~> 1.0.2)
|
83
88
|
nokogiri (>= 1.5.9)
|
84
|
-
mail (2.7.
|
89
|
+
mail (2.7.1)
|
85
90
|
mini_mime (>= 0.1.1)
|
86
|
-
method_source (0.
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
nokogiri (1.6.8.1)
|
94
|
-
mini_portile2 (~> 2.1.0)
|
95
|
-
pry (0.10.3)
|
91
|
+
method_source (0.9.2)
|
92
|
+
mini_mime (1.0.1)
|
93
|
+
mini_portile2 (2.4.0)
|
94
|
+
minitest (5.11.3)
|
95
|
+
nokogiri (1.10.1)
|
96
|
+
mini_portile2 (~> 2.4.0)
|
97
|
+
pry (0.12.2)
|
96
98
|
coderay (~> 1.1.0)
|
97
|
-
method_source (~> 0.
|
98
|
-
|
99
|
-
rack (
|
100
|
-
rack-test (
|
101
|
-
rack (>= 1.0)
|
102
|
-
rails (
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
activesupport (=
|
110
|
-
|
111
|
-
railties (= 4.2.7.1)
|
112
|
-
sprockets-rails
|
113
|
-
rails-deprecated_sanitizer (1.0.3)
|
114
|
-
activesupport (>= 4.2.0.alpha)
|
115
|
-
rails-dom-testing (1.0.8)
|
116
|
-
activesupport (>= 4.2.0.beta, < 5.0)
|
117
|
-
nokogiri (~> 1.6)
|
118
|
-
rails-deprecated_sanitizer (>= 1.0.1)
|
119
|
-
rails-html-sanitizer (1.0.3)
|
120
|
-
loofah (~> 2.0)
|
121
|
-
railties (4.2.7.1)
|
122
|
-
actionpack (= 4.2.7.1)
|
123
|
-
activesupport (= 4.2.7.1)
|
99
|
+
method_source (~> 0.9.0)
|
100
|
+
public_suffix (3.0.3)
|
101
|
+
rack (2.0.6)
|
102
|
+
rack-test (1.1.0)
|
103
|
+
rack (>= 1.0, < 3)
|
104
|
+
rails-dom-testing (2.0.3)
|
105
|
+
activesupport (>= 4.2.0)
|
106
|
+
nokogiri (>= 1.6)
|
107
|
+
rails-html-sanitizer (1.0.4)
|
108
|
+
loofah (~> 2.2, >= 2.2.2)
|
109
|
+
railties (5.2.2)
|
110
|
+
actionpack (= 5.2.2)
|
111
|
+
activesupport (= 5.2.2)
|
112
|
+
method_source
|
124
113
|
rake (>= 0.8.7)
|
125
|
-
thor (>= 0.
|
126
|
-
rake (12.
|
127
|
-
|
128
|
-
|
129
|
-
|
114
|
+
thor (>= 0.19.0, < 2.0)
|
115
|
+
rake (12.3.2)
|
116
|
+
regexp_parser (1.3.0)
|
117
|
+
rspec-core (3.8.0)
|
118
|
+
rspec-support (~> 3.8.0)
|
119
|
+
rspec-expectations (3.8.2)
|
130
120
|
diff-lcs (>= 1.2.0, < 2.0)
|
131
|
-
rspec-support (~> 3.
|
132
|
-
rspec-mocks (3.
|
121
|
+
rspec-support (~> 3.8.0)
|
122
|
+
rspec-mocks (3.8.0)
|
133
123
|
diff-lcs (>= 1.2.0, < 2.0)
|
134
|
-
rspec-support (~> 3.
|
135
|
-
rspec-rails (3.
|
136
|
-
actionpack (>= 3.0
|
137
|
-
activesupport (>= 3.0
|
138
|
-
railties (>= 3.0
|
139
|
-
rspec-core (~> 3.
|
140
|
-
rspec-expectations (~> 3.
|
141
|
-
rspec-mocks (~> 3.
|
142
|
-
rspec-support (~> 3.
|
143
|
-
rspec-support (3.
|
144
|
-
shoulda-matchers (
|
145
|
-
activesupport (>=
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
actionpack (>= 4.0)
|
152
|
-
activesupport (>= 4.0)
|
153
|
-
sprockets (>= 3.0.0)
|
154
|
-
sqlite3 (1.3.11)
|
155
|
-
thor (0.19.4)
|
156
|
-
thread_safe (0.3.5)
|
157
|
-
timecop (0.8.1)
|
158
|
-
tzinfo (1.2.2)
|
124
|
+
rspec-support (~> 3.8.0)
|
125
|
+
rspec-rails (3.8.2)
|
126
|
+
actionpack (>= 3.0)
|
127
|
+
activesupport (>= 3.0)
|
128
|
+
railties (>= 3.0)
|
129
|
+
rspec-core (~> 3.8.0)
|
130
|
+
rspec-expectations (~> 3.8.0)
|
131
|
+
rspec-mocks (~> 3.8.0)
|
132
|
+
rspec-support (~> 3.8.0)
|
133
|
+
rspec-support (3.8.0)
|
134
|
+
shoulda-matchers (4.0.0)
|
135
|
+
activesupport (>= 4.2.0)
|
136
|
+
sqlite3 (1.3.13)
|
137
|
+
thor (0.20.3)
|
138
|
+
thread_safe (0.3.6)
|
139
|
+
timecop (0.9.1)
|
140
|
+
tzinfo (1.2.5)
|
159
141
|
thread_safe (~> 0.1)
|
160
|
-
xpath (2.0
|
161
|
-
nokogiri (~> 1.
|
142
|
+
xpath (3.2.0)
|
143
|
+
nokogiri (~> 1.8)
|
162
144
|
|
163
145
|
PLATFORMS
|
164
146
|
ruby
|
165
147
|
|
166
148
|
DEPENDENCIES
|
167
|
-
addressable (~> 2.
|
149
|
+
addressable (~> 2.6.0)
|
168
150
|
ammeter
|
169
151
|
appraisal
|
170
152
|
bundler (~> 1.3)
|
171
153
|
capybara (>= 2.6.2)
|
172
154
|
clearance!
|
173
155
|
database_cleaner (~> 1.0)
|
174
|
-
factory_bot_rails (~>
|
175
|
-
nokogiri (~> 1.
|
156
|
+
factory_bot_rails (~> 5.0)
|
157
|
+
nokogiri (~> 1.10.0)
|
176
158
|
pry
|
177
159
|
rspec-rails (~> 3.1)
|
178
|
-
shoulda-matchers (~>
|
179
|
-
sqlite3 (~> 1.3)
|
160
|
+
shoulda-matchers (~> 4.0)
|
161
|
+
sqlite3 (~> 1.3.13)
|
180
162
|
timecop (~> 0.6)
|
181
163
|
|
182
164
|
BUNDLED WITH
|
183
|
-
1.
|
165
|
+
1.17.3
|
data/NEWS.md
CHANGED
@@ -3,6 +3,21 @@
|
|
3
3
|
The noteworthy changes for each Clearance version are included here. For a
|
4
4
|
complete changelog, see the git history for each version via the version links.
|
5
5
|
|
6
|
+
## [1.16.2] - February 25, 2019
|
7
|
+
|
8
|
+
### Fixed
|
9
|
+
- Added missing translation keys
|
10
|
+
- Fix issue where a cookie value could be set more than once when interacting
|
11
|
+
with the `httponly` option
|
12
|
+
|
13
|
+
### Changed
|
14
|
+
- Remove Rails as a dependency so that clearance does not trigger a cascade of
|
15
|
+
requirements as rails pulls in every framework. Instead, depend on just the
|
16
|
+
frameworks relevant to Clearance.
|
17
|
+
- Prevent `Clearance::BackDoor` from being used outside the "test" environment.
|
18
|
+
|
19
|
+
[1.16.2]: https://github.com/thoughtbot/clearance/compare/v1.16.1...v1.16.2
|
20
|
+
|
6
21
|
## [1.16.1] - November 2, 2017
|
7
22
|
|
8
23
|
### Fixed
|