RubyGems - clearance - Versions diffs - 2.7.2 → 2.8.0 - Mend

clearance 2.7.2 → 2.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/.github/dependabot.yml +15 -0
data/.github/workflows/dynamic-security.yml +19 -0
data/CHANGELOG.md +9 -1
data/Gemfile.lock +3 -3
data/README.md +1 -0
data/SECURITY.md +12 -8
data/app/views/sessions/_form.html.erb +3 -1
data/clearance.gemspec +2 -1
data/config/routes.rb +5 -3
data/lib/clearance/configuration.rb +14 -0
data/lib/clearance/version.rb +1 -1
data/spec/configuration_spec.rb +15 -0
data/spec/dummy/application.rb +3 -0
data/spec/generators/clearance/install/install_generator_spec.rb +9 -5
data/spec/routing/clearance_routes_spec.rb +32 -0
metadata +6 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e9ebc10e226aa134b16da93b71b4c3a711c3f83f151446fea8efddcaa6bd732f
-  data.tar.gz: '09513f61deaff3967af0226d46e1ab26239919ed6d6ce4dcfa9883e7d2cc68f2'
+  metadata.gz: e5f7f15515653096a81f567271c72a5bc138dac396acb3d7727fb7eb95b89540
+  data.tar.gz: 61b53d47ef673fe4f171aa32c6239c80fca531c4edaa239446bb0f3d8478df18
 SHA512:
-  metadata.gz: 27db1cc19f4846fd087600086ea7d00fb99e2730ae63a09047400e1a9239b5cbc31461c48a49a053a06ec88c89e571694d96d377bf7afea05e1bb0910a69b51c
-  data.tar.gz: 5dded1584c8fa0485d60e3eeb7175f45d93b03a1c5afb9644fe3064d09af1c9e5da70eabe11e35e6bd8d31bb8ea9c997ab35537b4b72d3320da4e994250b0119
+  metadata.gz: a695e60bfb14845d6bb5a1481766f2104f68fc92149fc0de3191af403bc7719803013cb8cb4a93fa74c1d334d1190e7206ba017502d40f109d0e96fb381fb3e0
+  data.tar.gz: cc12e0563b4106d22e4d4c23a8d2f50621cc1f2a61f905ea82ea697369e1e916bc5e5d69b65900d8b146244fe9a8dbf50e54e752c9b0cbd9243c53c285011226

data/.github/dependabot.yml ADDED Viewed

@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 5
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
+      time: "02:00"
+      timezone: "Etc/UTC"

data/.github/workflows/dynamic-security.yml ADDED Viewed

@@ -0,0 +1,19 @@
+name: update-security
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - SECURITY.md
+  workflow_dispatch:
+jobs:
+  update-security:
+    permissions:
+      contents: write
+      pull-requests: write
+      pages: write
+    uses: thoughtbot/templates/.github/workflows/dynamic-security.yaml@main
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}

data/CHANGELOG.md CHANGED Viewed

@@ -5,7 +5,15 @@ complete changelog, see the git history for each version via the version links.
 ## [Unreleased]
-[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.7.2...main
+[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.8.0...main
+## [2.8.0] - August 9, 2024
+- Feature: Added allow_password_resets config option (#1019) Jos O'shea
+- Added dependabot (#1028) Karine Vieira
+- Fixed some deprecation warnings (#1018)
+- Added a dynamic workflow to update SECURITY.md
+[2.8.0]: https://github.com/thoughtbot/clearance/compare/v2.7.2...v2.8.0
 ## [2.7.2] - June 28, 2024
 - Fix method redefinition and circular require issues (#1027)

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    clearance (2.7.2)
+    clearance (2.8.0)
       actionmailer (>= 5.0)
       activemodel (>= 5.0)
       activerecord (>= 5.0)
@@ -107,7 +107,7 @@ GEM
     factory_bot_rails (6.2.0)
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
-    ffi (1.16.3)
+    ffi (1.17.0)
     ffi-compiler (1.3.2)
       ffi (>= 1.15.5)
       rake
@@ -130,7 +130,7 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.8.6)
     minitest (5.22.3)
-    net-imap (0.4.11)
+    net-imap (0.4.14)
       date
       net-protocol
     net-pop (0.1.2)

data/README.md CHANGED Viewed

@@ -49,6 +49,7 @@ Override any of these defaults in `config/initializers/clearance.rb`:
 ```ruby
 Clearance.configure do |config|
   config.allow_sign_up = true
+  config.allow_password_reset = true
   config.cookie_domain = ".example.com"
   config.cookie_expiration = lambda { |cookies| 1.year.from_now.utc }
   config.cookie_name = "remember_token"

data/SECURITY.md CHANGED Viewed

@@ -1,16 +1,20 @@
+<!-- START /templates/security.md -->
 # Security Policy
 ## Supported Versions
-We will provide security updates for the latest 3 versions.
+Only the the latest version of this project is supported at a given time. If
+you find a security issue with an older version, please try updating to the
+latest version first.
-| Version | Security updates |
-| - | - |
-| 2.7.x   | ✅ |
-| 2.6.x   | ✅ |
-| 2.5.x   | ✅ |
-| < 2.5.0 | :x: |
+If for some reason you can't update to the latest version, please let us know
+your reasons so that we can have a better understanding of your situation.
 ## Reporting a Vulnerability
-You can contact <security@thoughtbot.com>. See <https://thoughtbot.com/security> for more information about our security policy.
+For security inquiries or vulnerability reports, visit
+<https://thoughtbot.com/security>.
+If you have any suggestions to improve this policy, visit <https://thoughtbot.com/security>.
+<!-- END /templates/security.md -->

data/app/views/sessions/_form.html.erb CHANGED Viewed

@@ -17,6 +17,8 @@
     <% if Clearance.configuration.allow_sign_up? %>
       <%= link_to t(".sign_up"), sign_up_path %>
     <% end %>
-    <%= link_to t(".forgot_password"), new_password_path %>
+    <% if Clearance.configuration.allow_password_reset? %>
+      <%= link_to t(".forgot_password"), new_password_path %>
+    <% end %>
   </div>
 <% end %>

data/clearance.gemspec CHANGED Viewed

@@ -28,7 +28,8 @@ Gem::Specification.new do |s|
     'Jason Morrison',
     'Galen Frechette',
     'Josh Steiner',
-    'Dorian Marié'
+    'Dorian Marié',
+    'Sara Jackson'
   ]
   s.description = <<-DESCRIPTION
     Clearance is built to support authentication and authorization via an

data/config/routes.rb CHANGED Viewed

@@ -11,9 +11,11 @@ if Clearance.configuration.routes_enabled?
     resources :users,
       controller: 'clearance/users',
       only: Clearance.configuration.user_actions do
-        resource :password,
-          controller: 'clearance/passwords',
-          only: [:edit, :update]
+        if Clearance.configuration.allow_password_reset?
+          resource :password,
+            controller: 'clearance/passwords',
+            only: [:edit, :update]
+        end
       end
     get '/sign_in' => 'clearance/sessions#new', as: 'sign_in'

data/lib/clearance/configuration.rb CHANGED Viewed

@@ -7,6 +7,13 @@ module Clearance
     # @return [Boolean]
     attr_writer :allow_sign_up
+    # Controls whether the password reset routes are enabled
+    # Defaults to `true`. Set to False to disable password reset routes
+    # The setting is ignored if routes are disabled.
+    # @param [Boolean] value
+    # @return [Boolean]
+    attr_writer :allow_password_reset
     # The domain to use for the clearance remember token cookie.
     # Defaults to `nil`, which causes the cookie domain to default to the
     # domain of the request. For more, see
@@ -145,6 +152,7 @@ module Clearance
     def initialize
       @allow_sign_up = true
+      @allow_password_reset = true
       @allowed_backdoor_environments = ["test", "ci", "development"]
       @cookie_domain = nil
       @cookie_expiration = ->(cookies) { 1.year.from_now.utc }
@@ -195,6 +203,12 @@ module Clearance
       @allow_sign_up
     end
+    # Are the password reset routes enabled?
+    # @return [Boolean]
+    def allow_password_reset?
+      @allow_password_reset
+    end
     # Specifies which controller actions are allowed for user resources.
     # This will be `[:create]` is `allow_sign_up` is true (the default), and
     # empty otherwise.

data/lib/clearance/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Clearance
-  VERSION = "2.7.2".freeze
+  VERSION = "2.8.0".freeze
 end

data/spec/configuration_spec.rb CHANGED Viewed

@@ -179,6 +179,21 @@ describe Clearance::Configuration do
     end
   end
+  describe "#allow_password_reset?" do
+    context "when allow_password_reset is configured to false" do
+      it "returns false" do
+        Clearance.configure { |config| config.allow_password_reset = false }
+        expect(Clearance.configuration.allow_password_reset?).to eq false
+      end
+    end
+    context "when allow_sign_up has not been configured" do
+      it "returns true" do
+        expect(Clearance.configuration.allow_password_reset?).to eq true
+      end
+    end
+  end
   describe "#user_actions" do
     context "when allow_sign_up is configured to false" do
       it "returns empty array" do

data/spec/dummy/application.rb CHANGED Viewed

@@ -9,6 +9,9 @@ module Dummy
     config.action_controller.perform_caching = false
     config.action_mailer.default_url_options = { host: "dummy.example.com" }
     config.action_mailer.delivery_method = :test
+    if Rails.version.match?(/(6.1|7.0)/)
+      config.active_record.legacy_connection_handling = false
+    end
     config.active_support.deprecation = :stderr
     config.eager_load = false

data/spec/generators/clearance/install/install_generator_spec.rb CHANGED Viewed

@@ -2,6 +2,10 @@ require "spec_helper"
 require "generators/clearance/install/install_generator"
 describe Clearance::Generators::InstallGenerator, :generator do
+  def get_migration(path)
+    Pathname.new(migration_file(path))
+  end
   describe "initializer" do
     it "is copied to the application" do
       provide_existing_application_controller
@@ -66,7 +70,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
         table_does_not_exist(:users)
         run_generator
-        migration = migration_file("db/migrate/create_users.rb")
+        migration = get_migration("db/migrate/create_users.rb")
         expect(migration).to exist
         expect(migration).to have_correct_syntax
@@ -88,7 +92,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
           table_does_not_exist(:users)
           run_generator
-          migration = migration_file("db/migrate/create_users.rb")
+          migration = get_migration("db/migrate/create_users.rb")
           expect(migration).to exist
           expect(migration).to have_correct_syntax
@@ -102,8 +106,8 @@ describe Clearance::Generators::InstallGenerator, :generator do
         provide_existing_application_controller
         run_generator
-        create_migration = migration_file("db/migrate/create_users.rb")
-        add_migration = migration_file("db/migrate/add_clearance_to_users.rb")
+        create_migration = get_migration("db/migrate/create_users.rb")
+        add_migration = get_migration("db/migrate/add_clearance_to_users.rb")
         expect(create_migration).not_to exist
         expect(add_migration).not_to exist
@@ -126,7 +130,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
           and_return(existing_indexes)
         run_generator
-        migration = migration_file("db/migrate/add_clearance_to_users.rb")
+        migration = get_migration("db/migrate/add_clearance_to_users.rb")
         expect(migration).to exist
         expect(migration).to have_correct_syntax

data/spec/routing/clearance_routes_spec.rb CHANGED Viewed

@@ -62,4 +62,36 @@ describe 'routes for Clearance' do
       expect(post: 'users').to be_routable
     end
   end
+  context 'password reset disabled' do
+    around do |example|
+      Clearance.configure { |config| config.allow_password_reset = false }
+      Rails.application.reload_routes!
+      example.run
+      Clearance.configuration = Clearance::Configuration.new
+      Rails.application.reload_routes!
+    end
+    it 'does not route password edit' do
+      user = create(:user)
+      expect(get: "users/#{user.id}/password/edit").not_to be_routable
+    end
+    it 'does not route to clearance/passwords#update' do
+      user = create(:user)
+      expect(patch: "/users/#{user.id}/password").not_to be_routable
+    end
+  end
+  context 'reset enabled' do
+    it 'does route password edit' do
+      user = create(:user)
+      expect(get: "users/#{user.id}/password/edit").to be_routable
+    end
+    it 'does route to clearance/passwords#update' do
+      user = create(:user)
+      expect(patch: "/users/#{user.id}/password").to be_routable
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: clearance
 version: !ruby/object:Gem::Version
-  version: 2.7.2
+  version: 2.8.0
 platform: ruby
 authors:
 - Dan Croak
@@ -23,10 +23,11 @@ authors:
 - Galen Frechette
 - Josh Steiner
 - Dorian Marié
+- Sara Jackson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-28 00:00:00.000000000 Z
+date: 2024-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -146,7 +147,9 @@ extra_rdoc_files:
 - README.md
 files:
 - ".erb-lint.yml"
+- ".github/dependabot.yml"
 - ".github/workflows/dynamic-readme.yml"
+- ".github/workflows/dynamic-security.yml"
 - ".github/workflows/tests.yml"
 - ".gitignore"
 - ".yardopts"
@@ -315,7 +318,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.5.15
 signing_key:
 specification_version: 4
 summary: Rails authentication & authorization with email & password.