clearance 2.7.1 → 2.7.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -2
- data/Gemfile.lock +2 -2
- data/README.md +16 -2
- data/SECURITY.md +16 -0
- data/lib/clearance/configuration.rb +1 -1
- data/lib/clearance/engine.rb +0 -1
- data/lib/clearance/user.rb +1 -1
- data/lib/clearance/version.rb +1 -1
- data/lib/clearance.rb +1 -1
- data/spec/models/user_spec.rb +4 -3
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e9ebc10e226aa134b16da93b71b4c3a711c3f83f151446fea8efddcaa6bd732f
|
|
4
|
+
data.tar.gz: '09513f61deaff3967af0226d46e1ab26239919ed6d6ce4dcfa9883e7d2cc68f2'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 27db1cc19f4846fd087600086ea7d00fb99e2730ae63a09047400e1a9239b5cbc31461c48a49a053a06ec88c89e571694d96d377bf7afea05e1bb0910a69b51c
|
|
7
|
+
data.tar.gz: 5dded1584c8fa0485d60e3eeb7175f45d93b03a1c5afb9644fe3064d09af1c9e5da70eabe11e35e6bd8d31bb8ea9c997ab35537b4b72d3320da4e994250b0119
|
data/CHANGELOG.md
CHANGED
|
@@ -5,9 +5,19 @@ complete changelog, see the git history for each version via the version links.
|
|
|
5
5
|
|
|
6
6
|
## [Unreleased]
|
|
7
7
|
|
|
8
|
-
[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.
|
|
8
|
+
[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.2...main
|
|
9
9
|
|
|
10
|
-
## [2.7.
|
|
10
|
+
## [2.7.2] - June 28, 2024
|
|
11
|
+
- Fix method redefinition and circular require issues (#1027)
|
|
12
|
+
- Add specs for email validator strict mode (#1001)
|
|
13
|
+
- Create SECURITY.md (#972)
|
|
14
|
+
- Fix validating email in strict mode (#976)
|
|
15
|
+
- Update the example config in README.md (#977)
|
|
16
|
+
- Remove Hound README badge (#1020)
|
|
17
|
+
|
|
18
|
+
[2.7.2]: https://github.com/thoughtbot/clearance/compare/v2.7.1...v2.7.2
|
|
19
|
+
|
|
20
|
+
## [2.7.1] - May 8, 2024
|
|
11
21
|
- Update sqlite3 and erb_lint gems (#1017) Jos O'shea
|
|
12
22
|
|
|
13
23
|
[2.7.1]: https://github.com/thoughtbot/clearance/compare/v2.7.0...v2.7.1
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
clearance (2.7.
|
|
4
|
+
clearance (2.7.2)
|
|
5
5
|
actionmailer (>= 5.0)
|
|
6
6
|
activemodel (>= 5.0)
|
|
7
7
|
activerecord (>= 5.0)
|
|
@@ -130,7 +130,7 @@ GEM
|
|
|
130
130
|
mini_mime (1.1.2)
|
|
131
131
|
mini_portile2 (2.8.6)
|
|
132
132
|
minitest (5.22.3)
|
|
133
|
-
net-imap (0.4.
|
|
133
|
+
net-imap (0.4.11)
|
|
134
134
|
date
|
|
135
135
|
net-protocol
|
|
136
136
|
net-pop (0.1.2)
|
data/README.md
CHANGED
|
@@ -3,7 +3,6 @@
|
|
|
3
3
|
[]( https://github.com/thoughtbot/clearance/actions/workflows/tests.yml?query=branch%3Amain)
|
|
4
4
|
[](https://codeclimate.com/github/thoughtbot/clearance)
|
|
5
5
|
[](https://inch-ci.org/github/thoughtbot/clearance)
|
|
6
|
-
[](https://houndci.com)
|
|
7
6
|
|
|
8
7
|
Rails authentication with email & password.
|
|
9
8
|
|
|
@@ -63,7 +62,7 @@ Clearance.configure do |config|
|
|
|
63
62
|
config.url_after_denied_access_when_signed_out = nil
|
|
64
63
|
config.rotate_csrf_on_sign_in = true
|
|
65
64
|
config.same_site = nil
|
|
66
|
-
config.secure_cookie =
|
|
65
|
+
config.secure_cookie = Rails.configuration.force_ssl
|
|
67
66
|
config.signed_cookie = false
|
|
68
67
|
config.sign_in_guards = []
|
|
69
68
|
config.user_model = "User"
|
|
@@ -497,4 +496,19 @@ redistributed under the terms specified in the [`LICENSE`] file.
|
|
|
497
496
|
[`LICENSE`]: /LICENSE
|
|
498
497
|
|
|
499
498
|
<!-- START /templates/footer.md -->
|
|
499
|
+
## About thoughtbot
|
|
500
|
+
|
|
501
|
+
|
|
502
|
+
|
|
503
|
+
This repo is maintained and funded by thoughtbot, inc.
|
|
504
|
+
The names and logos for thoughtbot are trademarks of thoughtbot, inc.
|
|
505
|
+
|
|
506
|
+
We love open source software!
|
|
507
|
+
See [our other projects][community].
|
|
508
|
+
We are [available for hire][hire].
|
|
509
|
+
|
|
510
|
+
[community]: https://thoughtbot.com/community?utm_source=github
|
|
511
|
+
[hire]: https://thoughtbot.com/hire-us?utm_source=github
|
|
512
|
+
|
|
513
|
+
|
|
500
514
|
<!-- END /templates/footer.md -->
|
data/SECURITY.md
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Supported Versions
|
|
4
|
+
|
|
5
|
+
We will provide security updates for the latest 3 versions.
|
|
6
|
+
|
|
7
|
+
| Version | Security updates |
|
|
8
|
+
| - | - |
|
|
9
|
+
| 2.7.x | ✅ |
|
|
10
|
+
| 2.6.x | ✅ |
|
|
11
|
+
| 2.5.x | ✅ |
|
|
12
|
+
| < 2.5.0 | :x: |
|
|
13
|
+
|
|
14
|
+
## Reporting a Vulnerability
|
|
15
|
+
|
|
16
|
+
You can contact <security@thoughtbot.com>. See <https://thoughtbot.com/security> for more information about our security policy.
|
|
@@ -135,7 +135,7 @@ module Clearance
|
|
|
135
135
|
# The parameter for user routes. By default this is derived from the user
|
|
136
136
|
# model.
|
|
137
137
|
# @return [Symbol]
|
|
138
|
-
|
|
138
|
+
attr_writer :user_parameter
|
|
139
139
|
|
|
140
140
|
# Controls wether users are automatically signed in after successfully
|
|
141
141
|
# resetting their password.
|
data/lib/clearance/engine.rb
CHANGED
data/lib/clearance/user.rb
CHANGED
data/lib/clearance/version.rb
CHANGED
data/lib/clearance.rb
CHANGED
|
@@ -5,9 +5,9 @@ require 'clearance/rack_session'
|
|
|
5
5
|
require 'clearance/back_door'
|
|
6
6
|
require 'clearance/controller'
|
|
7
7
|
require 'clearance/user'
|
|
8
|
-
require 'clearance/engine'
|
|
9
8
|
require 'clearance/password_strategies'
|
|
10
9
|
require 'clearance/constraints'
|
|
10
|
+
require 'clearance/engine'
|
|
11
11
|
|
|
12
12
|
module Clearance
|
|
13
13
|
end
|
data/spec/models/user_spec.rb
CHANGED
|
@@ -5,15 +5,16 @@ describe User do
|
|
|
5
5
|
it { is_expected.to have_db_index(:remember_token) }
|
|
6
6
|
it { is_expected.to validate_presence_of(:email) }
|
|
7
7
|
it { is_expected.to validate_presence_of(:password) }
|
|
8
|
-
it { is_expected.to allow_value("foo;@example.com").for(:email) }
|
|
9
|
-
it { is_expected.to allow_value("foo@.example.com").for(:email) }
|
|
10
|
-
it { is_expected.to allow_value("foo@example..com").for(:email) }
|
|
11
8
|
it { is_expected.to allow_value("foo@example.co.uk").for(:email) }
|
|
12
9
|
it { is_expected.to allow_value("foo@example.com").for(:email) }
|
|
13
10
|
it { is_expected.to allow_value("foo+bar@example.com").for(:email) }
|
|
14
11
|
it { is_expected.not_to allow_value("example.com").for(:email) }
|
|
15
12
|
it { is_expected.not_to allow_value("foo").for(:email) }
|
|
16
13
|
it { is_expected.not_to allow_value("foo@").for(:email) }
|
|
14
|
+
it { is_expected.not_to allow_value("foo@bar").for(:email) }
|
|
15
|
+
it { is_expected.not_to allow_value("foo;@example.com").for(:email) }
|
|
16
|
+
it { is_expected.not_to allow_value("foo@.example.com").for(:email) }
|
|
17
|
+
it { is_expected.not_to allow_value("foo@example..com").for(:email) }
|
|
17
18
|
|
|
18
19
|
describe "#email" do
|
|
19
20
|
it "stores email in down case and removes whitespace" do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: clearance
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.7.
|
|
4
|
+
version: 2.7.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Croak
|
|
@@ -26,7 +26,7 @@ authors:
|
|
|
26
26
|
autorequire:
|
|
27
27
|
bindir: bin
|
|
28
28
|
cert_chain: []
|
|
29
|
-
date: 2024-
|
|
29
|
+
date: 2024-06-28 00:00:00.000000000 Z
|
|
30
30
|
dependencies:
|
|
31
31
|
- !ruby/object:Gem::Dependency
|
|
32
32
|
name: bcrypt
|
|
@@ -160,6 +160,7 @@ files:
|
|
|
160
160
|
- README.md
|
|
161
161
|
- RELEASING.md
|
|
162
162
|
- Rakefile
|
|
163
|
+
- SECURITY.md
|
|
163
164
|
- app/controllers/clearance/base_controller.rb
|
|
164
165
|
- app/controllers/clearance/passwords_controller.rb
|
|
165
166
|
- app/controllers/clearance/sessions_controller.rb
|