clearance 2.5.0 → 2.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d60bf1a6126821259c777a4d6c34169e0ac643d4c88f74133b13400b99c9140f
-  data.tar.gz: 42a4077da0d6bca303752a3ef9b224167b3510f3ea9649c3439148c6242591d5
+  metadata.gz: cd4f8ec16fd316714fb0f5020e634855d109e260bd164f7b68947f3e36f9d7c7
+  data.tar.gz: 5a78cfeca3fc95dee50bba6bd81026f32692de107d6be1d7aca4541837f5d579
 SHA512:
-  metadata.gz: a62015195770da36e79c06e228a9e368d20fb3c2e91c92f3bf168f5a2706bbaef4fc98c28bcde3cb5a80bf3eb16f2acc589cb7da920e151cb0060290cea5cc44
-  data.tar.gz: cec9f3ce0c48cadd04b43b0a5280fd34db24c532ea1f01e92b76b7acd3413220fb568f7d4e3f180b4aa80669264af0d0216da3c4806bc2d24af59276e4d50635
+  metadata.gz: 6cdabe74719baedad2e9f8c221fd0abdd377856936fee0aa5b1572dd67c6a5b7925f01641116e0213ed2fcbe07cda870582acebd198aa57228fe4c0a2f90af9c
+  data.tar.gz: d0c1c9298dfdc961798bb65170f0b9b43d5eb6a25c956428cfa12ab7375be820e405d72e2c4ad34ed15c487bf7912bb6c17bb311e4a7768f302b6276f85e5920

data/.github/workflows/tests.yml

@@ -16,21 +16,13 @@ jobs:
       fail-fast: false
       matrix:
         gemfile:
-          - "5.0"
-          - "5.1"
-          - "5.2"
           - "6.0"
           - "6.1"
+          - "7.0"
         ruby:
-          - "2.4.9"
-          - "2.5.7"
-          - "2.6.5"
-          - "2.7.2"
-        exclude:
-          - gemfile: "6.0"
-            ruby: "2.4.9"
-          - gemfile: "6.1"
-            ruby: "2.4.9"
+          - "2.7.6"
+          - "3.0.4"
+          - "3.1.2"
 
     env:
       BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile

data/Appraisals

@@ -1,18 +1,14 @@
-appraise "rails_5.0" do
-  gem "railties", "~> 5.0"
-  gem 'rspec-rails', '~> 3.1'
-  gem 'capybara', '>= 2.6.2', '< 3.33.0'
-  gem 'sqlite3', '~> 1.3.13'
-end
-
-appraise "rails_5.1" do
-  gem "railties", "~> 5.1"
+appraise "rails_6.0" do
+  gem "railties", "~> 6.0"
+  gem "net-smtp", require: false # not bundled in ruby 3.1
+  gem "psych", "< 4" # psych 4 switched from unsafe load to safe load
 end
 
-appraise "rails_5.2" do
-  gem "railties", "~> 5.2"
+appraise "rails_6.1" do
+  gem "railties", "~> 6.1"
+  gem "net-smtp", require: false # not bundled in ruby 3.1
 end
 
-appraise "rails_6.0" do
-  gem "railties", "~> 6.0"
+appraise "rails_7.0" do
+  gem "railties", "~> 7.0"
 end

data/{NEWS.md → CHANGELOG.md}

@@ -1,8 +1,27 @@
-# News
+# CHANGELOG
 
 The noteworthy changes for each Clearance version are included here. For a
 complete changelog, see the git history for each version via the version links.
 
+## [Unreleased]
+
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.6.0...main
+
+## [2.6.0] - June 12, 2022
+
+- Drops support for Rails 5.0, 5.1 and 5.2, see https://endoflife.date/rails #964
+- Drops support for Ruby 2.4, 2.5 and 2.6, see https://endoflife.date/ruby #964
+- Adds support for Turbo with appropriate status codes #965
+- Adds unique constraints on `remember_token` and `confirmation_token` #966
+- Allows `user_parameter` to be configuration, e.g. `params[:custom_id]` instead of
+  `params[:user_id]` #782 (Bryan Marble)
+- Updates SignInGuard documentation #950 (Matthew LS)
+- Forward options in redirect_back_or helper (#968) (Matthew LS)
+- Add configuration option to disable sign in after password reset (#969) (Till
+  Prochaska)
+
+[2.6.0]: https://github.com/thoughtbot/clearance/compare/v2.5.0...v2.6.0
+
 ## [2.5.0] - September 10, 2021
 
 ### Fixed
@@ -13,7 +32,7 @@ complete changelog, see the git history for each version via the version links.
 
 - Rename default branch to `main`
 
-[2.4.0]: https://github.com/thoughtbot/clearance/compare/v2.3.1...v2.4.0
+[2.5.0]: https://github.com/thoughtbot/clearance/compare/v2.4.0...v2.5.0
 
 ## [2.4.0] - March 5, 2021
 

data/Gemfile.lock

@@ -13,55 +13,57 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (6.1.3)
-      actionpack (= 6.1.3)
-      actionview (= 6.1.3)
-      activejob (= 6.1.3)
-      activesupport (= 6.1.3)
+    actionmailer (7.0.3)
+      actionpack (= 7.0.3)
+      actionview (= 7.0.3)
+      activejob (= 7.0.3)
+      activesupport (= 7.0.3)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.3)
-      actionview (= 6.1.3)
-      activesupport (= 6.1.3)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.0.3)
+      actionview (= 7.0.3)
+      activesupport (= 7.0.3)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.1.3)
-      activesupport (= 6.1.3)
+    actionview (7.0.3)
+      activesupport (= 7.0.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.3)
-      activesupport (= 6.1.3)
+    activejob (7.0.3)
+      activesupport (= 7.0.3)
       globalid (>= 0.3.6)
-    activemodel (6.1.3)
-      activesupport (= 6.1.3)
-    activerecord (6.1.3)
-      activemodel (= 6.1.3)
-      activesupport (= 6.1.3)
-    activesupport (6.1.3)
+    activemodel (7.0.3)
+      activesupport (= 7.0.3)
+    activerecord (7.0.3)
+      activemodel (= 7.0.3)
+      activesupport (= 7.0.3)
+    activesupport (7.0.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
-    addressable (2.7.0)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    ammeter (1.1.4)
+    ammeter (1.1.5)
       activesupport (>= 3.0)
       railties (>= 3.0)
       rspec-rails (>= 2.2)
-    appraisal (2.3.0)
+    appraisal (2.4.1)
       bundler
       rake
       thor (>= 0.14.0)
-    argon2 (2.0.3)
+    argon2 (2.1.1)
       ffi (~> 1.14)
       ffi-compiler (~> 1.0)
     ast (2.4.2)
-    bcrypt (3.1.16)
+    bcrypt (3.1.18)
     better_html (1.0.16)
       actionview (>= 4.0)
       activesupport (>= 4.0)
@@ -71,64 +73,87 @@ GEM
       parser (>= 2.4)
       smart_properties
     builder (3.2.4)
-    capybara (3.33.0)
+    capybara (3.37.1)
       addressable
+      matrix
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
-      regexp_parser (~> 1.5)
+      regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     coderay (1.1.3)
-    concurrent-ruby (1.1.8)
+    concurrent-ruby (1.1.10)
     crass (1.0.6)
-    database_cleaner (1.8.5)
-    diff-lcs (1.4.4)
+    database_cleaner (2.0.1)
+      database_cleaner-active_record (~> 2.0.0)
+    database_cleaner-active_record (2.0.1)
+      activerecord (>= 5.a)
+      database_cleaner-core (~> 2.0.0)
+    database_cleaner-core (2.0.1)
+    diff-lcs (1.5.0)
+    digest (3.1.0)
     email_validator (2.2.3)
       activemodel
-    erb_lint (0.0.34)
+    erb_lint (0.1.1)
       activesupport
       better_html (~> 1.0.7)
       html_tokenizer
+      parser (>= 2.7.1.4)
       rainbow
-      rubocop (~> 0.79)
+      rubocop
       smart_properties
     erubi (1.10.0)
-    factory_bot (6.1.0)
+    factory_bot (6.2.1)
       activesupport (>= 5.0.0)
-    factory_bot_rails (6.1.0)
-      factory_bot (~> 6.1.0)
+    factory_bot_rails (6.2.0)
+      factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
-    ffi (1.15.4)
+    ffi (1.15.5)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
-    globalid (0.5.2)
+    globalid (1.0.0)
       activesupport (>= 5.0)
     html_tokenizer (0.0.7)
-    i18n (1.8.9)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
-    loofah (2.9.0)
+    loofah (2.18.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
+    matrix (0.4.2)
     method_source (1.0.0)
-    mini_mime (1.0.2)
-    mini_portile2 (2.5.0)
-    minitest (5.14.4)
-    nokogiri (1.11.1)
-      mini_portile2 (~> 2.5.0)
+    mini_mime (1.1.2)
+    mini_portile2 (2.8.0)
+    minitest (5.15.0)
+    net-imap (0.2.3)
+      digest
+      net-protocol
+      strscan
+    net-pop (0.1.1)
+      digest
+      net-protocol
+      timeout
+    net-protocol (0.1.3)
+      timeout
+    net-smtp (0.3.1)
+      digest
+      net-protocol
+      timeout
+    nokogiri (1.13.6)
+      mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
-    parallel (1.19.2)
-    parser (3.0.0.0)
+    parallel (1.22.1)
+    parser (3.1.2.0)
       ast (~> 2.4.1)
-    pry (0.13.1)
+    pry (0.14.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (4.0.5)
-    racc (1.5.2)
-    rack (2.2.3)
+    public_suffix (4.0.7)
+    racc (1.6.0)
+    rack (2.2.3.1)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails-controller-testing (1.0.5)
@@ -138,59 +163,62 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
+    rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
-    railties (6.1.3)
-      actionpack (= 6.1.3)
-      activesupport (= 6.1.3)
+    railties (7.0.3)
+      actionpack (= 7.0.3)
+      activesupport (= 7.0.3)
       method_source
-      rake (>= 0.8.7)
+      rake (>= 12.2)
       thor (~> 1.0)
-    rainbow (3.0.0)
-    rake (13.0.3)
-    regexp_parser (1.7.1)
+      zeitwerk (~> 2.5)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    regexp_parser (2.5.0)
     rexml (3.2.5)
-    rspec-core (3.9.2)
-      rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.2)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-rails (4.0.1)
-      actionpack (>= 4.2)
-      activesupport (>= 4.2)
-      railties (>= 4.2)
-      rspec-core (~> 3.9)
-      rspec-expectations (~> 3.9)
-      rspec-mocks (~> 3.9)
-      rspec-support (~> 3.9)
-    rspec-support (3.9.3)
-    rubocop (0.88.0)
+      rspec-support (~> 3.11.0)
+    rspec-rails (5.1.2)
+      actionpack (>= 5.2)
+      activesupport (>= 5.2)
+      railties (>= 5.2)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
+    rspec-support (3.11.0)
+    rubocop (1.30.1)
       parallel (~> 1.10)
-      parser (>= 2.7.1.1)
+      parser (>= 3.1.0.0)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.7)
-      rexml
-      rubocop-ast (>= 0.1.0, < 1.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.18.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (0.3.0)
-      parser (>= 2.7.1.4)
-    ruby-progressbar (1.10.1)
-    shoulda-matchers (4.3.0)
-      activesupport (>= 4.2.0)
-    smart_properties (1.15.0)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.18.0)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    shoulda-matchers (5.1.0)
+      activesupport (>= 5.2.0)
+    smart_properties (1.17.0)
     sqlite3 (1.4.2)
-    thor (1.1.0)
-    timecop (0.9.1)
+    strscan (3.0.3)
+    thor (1.2.1)
+    timecop (0.9.5)
+    timeout (0.3.0)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (1.7.0)
+    unicode-display_width (2.1.0)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.4.2)
+    zeitwerk (2.5.4)
 
 PLATFORMS
   ruby
@@ -213,4 +241,4 @@ DEPENDENCIES
   timecop
 
 BUNDLED WITH
-   2.1.4
+   2.3.15

data/README.md

@@ -19,7 +19,7 @@ monitored by contributors.
 
 ## Getting Started
 
-Clearance is a Rails engine tested against Rails `>= 5.0` and Ruby `>= 2.4.0`.
+Clearance is a Rails engine tested against Rails `>= 6.0` and Ruby `>= 2.7.0`.
 
 You can add it to your Gemfile with:
 
@@ -66,6 +66,7 @@ Clearance.configure do |config|
   config.sign_in_guards = []
   config.user_model = "User"
   config.parent_controller = "ApplicationController"
+  config.sign_in_on_password_reset = false
 end
 ```
 
@@ -349,6 +350,7 @@ end
 ```
 
 ```ruby
+# app/guards/email_confirmation_guard.rb
 class EmailConfirmationGuard < Clearance::SignInGuard
   def call
     if unconfirmed?

data/app/controllers/clearance/passwords_controller.rb

@@ -15,7 +15,7 @@ class Clearance::PasswordsController < Clearance::BaseController
       deliver_email(user)
     end
 
-    render template: "passwords/create"
+    render template: "passwords/create", status: :accepted
   end
 
   def edit
@@ -33,12 +33,12 @@ class Clearance::PasswordsController < Clearance::BaseController
     @user = find_user_for_update
 
     if @user.update_password(password_from_password_reset_params)
-      sign_in @user
-      redirect_to url_after_update
+      sign_in @user if Clearance.configuration.sign_in_on_password_reset?
+      redirect_to url_after_update, status: :see_other
       session[:password_reset_token] = nil
     else
       flash_failure_after_update
-      render template: "passwords/edit"
+      render template: "passwords/edit", status: :unprocessable_entity
     end
   end
 
@@ -80,14 +80,14 @@ class Clearance::PasswordsController < Clearance::BaseController
   def ensure_email_present
     if email_from_password_params.blank?
       flash_failure_when_missing_email
-      render template: "passwords/new"
+      render template: "passwords/new", status: :unprocessable_entity
     end
   end
 
   def ensure_existing_user
     unless find_user_by_id_and_confirmation_token
       flash_failure_when_forbidden
-      render template: "passwords/new"
+      render template: "passwords/new", status: :unprocessable_entity
     end
   end
 

data/app/controllers/clearance/sessions_controller.rb

@@ -17,7 +17,7 @@ class Clearance::SessionsController < Clearance::BaseController
 
   def destroy
     sign_out
-    redirect_to url_after_destroy
+    redirect_to url_after_destroy, status: :see_other
   end
 
   def new

data/app/controllers/clearance/users_controller.rb

@@ -14,7 +14,7 @@ class Clearance::UsersController < Clearance::BaseController
       sign_in @user
       redirect_back_or url_after_create
     else
-      render template: "users/new"
+      render template: "users/new", status: :unprocessable_entity
     end
   end
 

data/app/views/passwords/new.html.erb

@@ -6,7 +6,7 @@
   <%= form_for :password, url: passwords_path do |form| %>
     <div class="text-field">
       <%= form.label :email %>
-      <%= form.text_field :email, type: 'email' %>
+      <%= form.email_field :email %>
     </div>
 
     <div class="submit-field">

data/app/views/sessions/_form.html.erb

@@ -1,7 +1,7 @@
 <%= form_for :session, url: session_path do |form| %>
   <div class="text-field">
     <%= form.label :email %>
-    <%= form.text_field :email, type: 'email' %>
+    <%= form.email_field :email %>
   </div>
 
   <div class="password-field">

data/app/views/users/_form.html.erb

@@ -1,6 +1,6 @@
 <div class="text-field">
   <%= form.label :email %>
-  <%= form.text_field :email, type: 'email' %>
+  <%= form.email_field :email %>
 </div>
 
 <div class="password-field">

data/clearance.gemspec

@@ -27,7 +27,8 @@ Gem::Specification.new do |s|
     'Derek Prior',
     'Jason Morrison',
     'Galen Frechette',
-    'Josh Steiner'
+    'Josh Steiner',
+    'Dorian Marié'
   ]
   s.description = <<-DESCRIPTION
     Clearance is built to support authentication and authorization via an

data/db/schema.rb

@@ -23,6 +23,6 @@ ActiveRecord::Schema.define(version: 20110111224543) do
   end
 
   add_index "users", ["email"], name: "index_users_on_email"
-  add_index "users", ["remember_token"], name: "index_users_on_remember_token"
-
+  add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
+  add_index "users", ["remember_token"], name: "index_users_on_remember_token", unique: true
 end

data/gemfiles/rails_6.0.gemfile

@@ -17,5 +17,7 @@ gem "shoulda-matchers"
 gem "sqlite3"
 gem "timecop"
 gem "railties", "~> 6.0"
+gem "net-smtp", require: false
+gem "psych", "< 4"
 
 gemspec path: "../"

data/gemfiles/rails_6.1.gemfile

@@ -17,5 +17,6 @@ gem "shoulda-matchers"
 gem "sqlite3"
 gem "timecop"
 gem "railties", "~> 6.1"
+gem "net-smtp", require: false
 
 gemspec path: "../"

data/gemfiles/rails_7.0.gemfile

@@ -0,0 +1,21 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "addressable"
+gem "ammeter"
+gem "appraisal"
+gem "capybara"
+gem "database_cleaner"
+gem "erb_lint", require: false
+gem "factory_bot_rails"
+gem "nokogiri"
+gem "pry", require: false
+gem "rails-controller-testing"
+gem "rspec-rails"
+gem "shoulda-matchers"
+gem "sqlite3"
+gem "timecop"
+gem "railties", "~> 7.0"
+
+gemspec path: "../"

data/lib/clearance/authentication.rb

@@ -24,8 +24,10 @@ module Clearance
     #   `params[:session][:password]` are required.
     # @return [User, nil] The user or nil if authentication fails.
     def authenticate(params)
+      session_params = params.require(:session)
+
       Clearance.configuration.user_model.authenticate(
-        params[:session][:email], params[:session][:password]
+        session_params[:email], session_params[:password]
       )
     end
 

data/lib/clearance/authorization.rb

@@ -77,8 +77,8 @@ module Clearance
     end
 
     # @api private
-    def redirect_back_or(default)
-      redirect_to(return_to || default)
+    def redirect_back_or(default, **options)
+      redirect_to(return_to || default, **options)
       clear_return_to
     end
 

data/lib/clearance/configuration.rb

@@ -118,6 +118,17 @@ module Clearance
     # @return [Array<String>]
     attr_accessor :allowed_backdoor_environments
 
+    # The parameter for user routes. By default this is derived from the user
+    # model.
+    # @return [Symbol]
+    attr_accessor :user_parameter
+
+    # Controls wether users are automatically signed in after successfully
+    # resetting their password.
+    # Defaults to `true`.
+    # @return [Boolean]
+    attr_writer :sign_in_on_password_reset
+
     def initialize
       @allow_sign_up = true
       @allowed_backdoor_environments = ["test", "ci", "development"]
@@ -134,6 +145,8 @@ module Clearance
       @secure_cookie = false
       @signed_cookie = false
       @sign_in_guards = []
+      @user_parameter = nil
+      @sign_in_on_password_reset = true
     end
 
     def signed_cookie=(value)
@@ -183,7 +196,7 @@ module Clearance
     # In the default configuration, this is `user`.
     # @return [Symbol]
     def user_parameter
-      user_model.model_name.singular.to_sym
+      @user_parameter ||= user_model.model_name.singular.to_sym
     end
 
     # The name of foreign key parameter for the configured user model.
@@ -214,6 +227,10 @@ module Clearance
     def rotate_csrf_on_sign_in?
       !!rotate_csrf_on_sign_in
     end
+
+    def sign_in_on_password_reset?
+      @sign_in_on_password_reset
+    end
   end
 
   # @return [Clearance::Configuration] Clearance's current configuration

data/lib/clearance/sign_in_guard.rb

@@ -16,10 +16,10 @@ module Clearance
   #
   #     # in config/initializers/clearance.rb
   #     Clearance.configure do |config|
-  #       config.sign_in_guards = [ConfirmationGuard]
+  #       config.sign_in_guards = ["ConfirmationGuard"]
   #     end
   #
-  #     # in lib/guards/confirmation_guard.rb
+  #     # in app/guards/confirmation_guard.rb
   #     class ConfirmationGuard < Clearance::SignInGuard
   #       def call
   #         if signed_in? && current_user.email_confirmed?

data/lib/clearance/user.rb

@@ -234,7 +234,7 @@ module Clearance
     # Always false. Override this method in your user model to allow for other
     # forms of user authentication (username, Facebook, etc).
     #
-    # @return [false]
+    # @return [Boolean]
     def email_optional?
       false
     end
@@ -242,7 +242,7 @@ module Clearance
     # Always false. Override this method in your user model to allow for other
     # forms of user authentication (username, Facebook, etc).
     #
-    # @return [false]
+    # @return [Boolean]
     def password_optional?
       false
     end

data/lib/clearance/version.rb

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.5.0".freeze
+  VERSION = "2.6.0".freeze
 end

data/lib/generators/clearance/install/install_generator.rb

@@ -73,17 +73,21 @@ module Clearance
 
       def new_columns
         @new_columns ||= {
-          email: 't.string :email',
-          encrypted_password: 't.string :encrypted_password, limit: 128',
-          confirmation_token: 't.string :confirmation_token, limit: 128',
-          remember_token: 't.string :remember_token, limit: 128'
+          email: "t.string :email",
+          encrypted_password: "t.string :encrypted_password, limit: 128",
+          confirmation_token: "t.string :confirmation_token, limit: 128",
+          remember_token: "t.string :remember_token, limit: 128",
         }.reject { |column| existing_users_columns.include?(column.to_s) }
       end
 
       def new_indexes
         @new_indexes ||= {
-          index_users_on_email: 'add_index :users, :email',
-          index_users_on_remember_token: 'add_index :users, :remember_token'
+          index_users_on_email:
+            "add_index :users, :email",
+          index_users_on_confirmation_token:
+            "add_index :users, :confirmation_token, unique: true",
+          index_users_on_remember_token:
+            "add_index :users, :remember_token, unique: true",
         }.reject { |index| existing_users_indexes.include?(index.to_s) }
       end
 

data/lib/generators/clearance/install/templates/db/migrate/add_clearance_to_users.rb.erb

@@ -1,35 +1,34 @@
 class AddClearanceToUsers < ActiveRecord::Migration<%= migration_version %>
   def self.up
+<% if config[:new_columns].any? -%>
     change_table :users do |t|
 <% config[:new_columns].values.each do |column| -%>
       <%= column %>
 <% end -%>
     end
-
+<% end -%>
+<% if config[:new_indexes].any? -%>
 <% config[:new_indexes].values.each do |index| -%>
     <%= index %>
 <% end -%>
-
-    users = select_all("SELECT id FROM users WHERE remember_token IS NULL")
-
-    users.each do |user|
-      update <<-SQL.squish
-        UPDATE users
-        SET remember_token = '#{Clearance::Token.new}'
-        WHERE id = '#{user['id']}'
-      SQL
+<% end -%>
+<% if config[:new_columns].keys.include?(:remember_token) -%>
+    Clearance.configuration.user_model.where(remember_token: nil).each do |user|
+      user.update_columns(remember_token: Clearance::Token.new)
     end
+<% end -%>
   end
 
-  def self.down                     
+  def self.down
 <% config[:new_indexes].values.each do |index| -%>
-    <%= index.gsub("add_index", "remove_index") %>
+    <%= index.sub("add_index", "remove_index") %>
 <% end -%>
-           
-    change_table :users do |t|
 <% if config[:new_columns].any? -%>
-      t.remove <%= new_columns.keys.map { |column| ":#{column}" }.join(", ") %>
+    change_table :users do |t|
+<% config[:new_columns].keys.each do |key| -%>
+      t.remove <%= key.inspect %>
 <% end -%>
     end
+<% end -%>
   end
 end

data/lib/generators/clearance/install/templates/db/migrate/create_users.rb.erb

@@ -9,6 +9,7 @@ class CreateUsers < ActiveRecord::Migration<%= migration_version %>
     end
 
     add_index :users, :email
-    add_index :users, :remember_token
+    add_index :users, :confirmation_token, unique: true
+    add_index :users, :remember_token, unique: true
   end
 end

data/lib/generators/clearance/specs/templates/support/features/clearance_helpers.rb

@@ -36,6 +36,7 @@ module Features
     end
 
     def expect_user_to_be_signed_out
+      visit root_path
       expect(page).to have_content I18n.t("layouts.application.sign_in")
     end
 

data/spec/acceptance/clearance_installation_spec.rb

@@ -35,6 +35,7 @@ describe "Clearance Installation" do
        --skip-javascript
        --skip-keeps
        --skip-sprockets
+       --skip-asset-pipeline
     CMD
   end
 

data/spec/app_templates/testapp/Gemfile

@@ -1,3 +1,5 @@
+source "https://rubygems.org"
+
 gem "rails"
 gem "sqlite3"
 gem "rspec-rails"

data/spec/configuration_spec.rb

@@ -167,7 +167,14 @@ describe Clearance::Configuration do
   end
 
   describe "#user_parameter" do
-    it "returns the parameter key to use based on the user_model" do
+    context "when user_parameter is configured" do
+      it "returns the configured parameter" do
+        Clearance.configure { |config| config.user_parameter = :custom_param }
+        expect(Clearance.configuration.user_parameter).to eq :custom_param
+      end
+    end
+
+    it "returns the parameter key to use based on the user_model by default" do
       Account = Class.new(ActiveRecord::Base)
       Clearance.configure { |config| config.user_model = Account }
 

data/spec/controllers/passwords_controller_spec.rb

@@ -35,6 +35,16 @@ describe Clearance::PasswordsController do
         email = ActionMailer::Base.deliveries.last
         expect(email.subject).to match(/change your password/i)
       end
+
+      it "re-renders the page when turbo is enabled" do
+        user = create(:user)
+
+        post :create, params: {
+          password: { email: user.email.upcase },
+        }
+
+        expect(response).to have_http_status(:accepted)
+      end
     end
 
     context "email param is missing" do
@@ -46,6 +56,14 @@ describe Clearance::PasswordsController do
         expect(flash.now[:alert]).to match(/email can't be blank/i)
         expect(response).to render_template(:new)
       end
+
+      it "re-renders the page when turbo is enabled" do
+        post :create, params: {
+          password: {},
+        }
+
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
     end
 
     context "email param is blank" do
@@ -53,12 +71,22 @@ describe Clearance::PasswordsController do
         post :create, params: {
           password: {
             email: "",
-          }
+          },
         }
 
         expect(flash.now[:alert]).to match(/email can't be blank/i)
         expect(response).to render_template(:new)
       end
+
+      it "re-renders the page when turbo is enabled" do
+        post :create, params: {
+          password: {
+            email: "",
+          },
+        }
+
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
     end
 
     context "email does not belong to an existing user" do
@@ -73,7 +101,7 @@ describe Clearance::PasswordsController do
         expect(ActionMailer::Base.deliveries).to be_empty
       end
 
-      it "still responds with success so as not to leak registered users" do
+      it "still responds with error so as not to leak registered users" do
         email = "this_user_does_not_exist@non_existent_domain.com"
 
         post :create, params: {
@@ -83,6 +111,16 @@ describe Clearance::PasswordsController do
         expect(response).to be_successful
         expect(response).to render_template "passwords/create"
       end
+
+      it "has the same status code as a successful request" do
+        email = "this_user_does_not_exist@non_existent_domain.com"
+
+        post :create, params: {
+          password: { email: email },
+        }
+
+        expect(response).to have_http_status(:accepted)
+      end
     end
   end
 
@@ -97,6 +135,7 @@ describe Clearance::PasswordsController do
         }
 
         expect(response).to be_redirect
+        expect(response).to have_http_status(:found)
         expect(response).to redirect_to edit_user_password_url(user)
         expect(session[:password_reset_token]).to eq user.confirmation_token
       end
@@ -172,6 +211,35 @@ describe Clearance::PasswordsController do
         )
 
         expect(user.reload.encrypted_password).not_to eq old_encrypted_password
+        expect(response).to have_http_status(:see_other)
+      end
+
+      it "signs in the user" do
+        user = create(:user, :with_forgotten_password)
+
+        put :update, params: update_parameters(
+          user,
+          new_password: "my_new_password",
+        )
+
+        expect(current_user).to eq(user)
+      end
+
+      context "when Clearance is configured to not sign in the user" do
+        it "doesn't sign in the user" do
+          Clearance.configure do |config|
+            config.sign_in_on_password_reset = false
+          end
+
+          user = create(:user, :with_forgotten_password)
+
+          put :update, params: update_parameters(
+            user,
+            new_password: "my_new_password",
+          )
+
+          expect(current_user).to be_nil
+        end
       end
     end
 
@@ -211,8 +279,19 @@ describe Clearance::PasswordsController do
         )
 
         expect(flash.now[:alert]).to match(/password can't be blank/i)
+        expect(response).to have_http_status(:unprocessable_entity)
         expect(response).to render_template(:edit)
-        expect(cookies[:remember_token]).to be_nil
+      end
+
+      it "doesn't sign in the user" do
+        user = create(:user, :with_forgotten_password)
+
+        put :update, params: update_parameters(
+          user,
+          new_password: "",
+        )
+
+        expect(current_user).to be_nil
       end
     end
   end
@@ -226,4 +305,8 @@ describe Clearance::PasswordsController do
       password_reset: { password: new_password }
     }
   end
+
+  def current_user
+    request.env[:clearance].current_user
+  end
 end

data/spec/controllers/sessions_controller_spec.rb

@@ -24,6 +24,14 @@ describe Clearance::SessionsController do
   end
 
   describe "on POST to #create" do
+    context "when missing parameters" do
+      it "raises an error" do
+        expect do
+          post :create
+        end.to raise_error(ActionController::ParameterMissing)
+      end
+    end
+
     context "when password is optional" do
       it "renders the page with error" do
         user = create(:user_with_optional_password)
@@ -117,6 +125,7 @@ describe Clearance::SessionsController do
       end
 
       it { should redirect_to_url_after_destroy }
+      it { expect(response).to have_http_status(:see_other) }
     end
 
     context "with a cookie" do

data/spec/controllers/users_controller_spec.rb

@@ -67,6 +67,20 @@ describe Clearance::UsersController do
           expect(response).to redirect_to(return_url)
         end
       end
+
+      context "with invalid attributes" do
+        it "renders the page with error" do
+          user_attributes = FactoryBot.attributes_for(:user, email: nil)
+          old_user_count = User.count
+
+          post :create, params: {
+            user: user_attributes,
+          }
+
+          expect(User.count).to eq old_user_count
+          expect(response).to have_http_status(:unprocessable_entity)
+        end
+      end
     end
 
     context "when signed in" do

data/spec/dummy/application.rb

@@ -1,50 +1,35 @@
 require "rails/all"
+
 require "clearance"
 
 module Dummy
   APP_ROOT = File.expand_path("..", __FILE__).freeze
 
-  I18n.enforce_available_locales = true
-
   class Application < Rails::Application
-    config.action_controller.allow_forgery_protection = false
     config.action_controller.perform_caching = false
-    config.action_dispatch.show_exceptions = false
     config.action_mailer.default_url_options = { host: "dummy.example.com" }
     config.action_mailer.delivery_method = :test
     config.active_support.deprecation = :stderr
-    config.active_support.test_order = :random
-    config.cache_classes = true
-    config.consider_all_requests_local = true
     config.eager_load = false
-    config.encoding = "utf-8"
+
     config.paths["app/controllers"] << "#{APP_ROOT}/app/controllers"
     config.paths["app/models"] << "#{APP_ROOT}/app/models"
     config.paths["app/views"] << "#{APP_ROOT}/app/views"
     config.paths["config/database"] = "#{APP_ROOT}/config/database.yml"
     config.paths["log"] = "tmp/log/development.log"
-
     config.paths.add "config/routes.rb", with: "#{APP_ROOT}/config/routes.rb"
-    config.secret_key_base = "SECRET_KEY_BASE"
 
-    if config.active_record.sqlite3.respond_to?(:represent_boolean_as_integer)
-      if Rails::VERSION::MAJOR < 6
-        config.active_record.sqlite3.represent_boolean_as_integer = true
-      end
+    if Rails.version.match?(/^6.0/)
+      config.active_record.sqlite3.represent_boolean_as_integer = true
+    else
+      config.active_record.legacy_connection_handling = false
     end
 
-    if Rails::VERSION::MAJOR >= 6
-      config.action_mailer.delivery_job = "ActionMailer::MailDeliveryJob"
-    end
-
-    config.active_job.queue_adapter = :inline
-
     def require_environment!
       initialize!
     end
 
     def initialize!(&block)
-      FileUtils.mkdir_p(Rails.root.join("db").to_s)
       super unless @initialized
     end
   end

data/spec/generators/clearance/install/install_generator_spec.rb

@@ -135,6 +135,12 @@ describe Clearance::Generators::InstallGenerator, :generator do
         expect(migration).to contain("add_index :users, :email")
         expect(migration).not_to contain("t.string :remember_token")
         expect(migration).not_to contain("add_index :users, :remember_token")
+        expect(migration).to(
+          contain("add_index :users, :confirmation_token, unique: true"),
+        )
+        expect(migration).to(
+          contain("remove_index :users, :confirmation_token, unique: true"),
+        )
       end
     end
   end

data/spec/requests/password_maintenance_spec.rb

@@ -12,6 +12,7 @@ describe "Password maintenance" do
       }
 
       expect(response).to redirect_to(Clearance.configuration.redirect_url)
+      expect(response).to have_http_status(:see_other)
       expect(cookies["remember_token"]).to be_present
     end
   end

data/spec/spec_helper.rb

@@ -5,6 +5,7 @@ require "dummy/application"
 
 require "clearance/rspec"
 require "factory_bot_rails"
+require "rails-controller-testing"
 require "rspec/rails"
 require "shoulda-matchers"
 require "timecop"
@@ -28,11 +29,6 @@ RSpec.configure do |config|
   end
 
   config.before { restore_default_warning_free_config }
-
-  require 'rails-controller-testing'
-  config.include Rails::Controller::Testing::TestProcess
-  config.include Rails::Controller::Testing::TemplateAssertions
-  config.include Rails::Controller::Testing::Integration
 end
 
 Shoulda::Matchers.configure do |config|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.5.0
+  version: 2.6.0
 platform: ruby
 authors:
 - Dan Croak
@@ -22,10 +22,11 @@ authors:
 - Jason Morrison
 - Galen Frechette
 - Josh Steiner
+- Dorian Marié
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-10 00:00:00.000000000 Z
+date: 2022-06-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -149,11 +150,11 @@ files:
 - ".gitignore"
 - ".yardopts"
 - Appraisals
+- CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile
 - Gemfile.lock
 - LICENSE
-- NEWS.md
 - README.md
 - RELEASING.md
 - Rakefile
@@ -185,6 +186,7 @@ files:
 - gemfiles/rails_5.2.gemfile
 - gemfiles/rails_6.0.gemfile
 - gemfiles/rails_6.1.gemfile
+- gemfiles/rails_7.0.gemfile
 - lib/clearance.rb
 - lib/clearance/authentication.rb
 - lib/clearance/authorization.rb
@@ -266,6 +268,7 @@ files:
 - spec/dummy/application.rb
 - spec/dummy/config/database.yml
 - spec/dummy/config/routes.rb
+- spec/dummy/db/.keep
 - spec/factories.rb
 - spec/generators/clearance/install/install_generator_spec.rb
 - spec/generators/clearance/routes/routes_generator_spec.rb
@@ -311,7 +314,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.