clearance 2.8.0 → 2.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/tests.yml +7 -7
- data/.gitignore +4 -1
- data/Appraisals +9 -5
- data/CHANGELOG.md +8 -1
- data/Gemfile +0 -1
- data/Gemfile.lock +127 -94
- data/README.md +1 -1
- data/Rakefile +4 -7
- data/bin/setup +2 -2
- data/clearance.gemspec +7 -8
- data/gemfiles/rails_7.0.gemfile +4 -1
- data/gemfiles/rails_7.1.gemfile +0 -1
- data/gemfiles/{rails_6.1.gemfile → rails_7.2.gemfile} +1 -3
- data/lib/clearance/back_door.rb +4 -2
- data/lib/clearance/version.rb +1 -1
- data/spec/clearance/session_spec.rb +2 -2
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/assets/config/manifest.js +0 -0
- data/spec/dummy/config/application.rb +13 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/test.rb +31 -0
- data/spec/dummy/config.ru +6 -0
- data/{db → spec/dummy/db}/migrate/20110111224543_create_clearance_users.rb +3 -2
- data/spec/dummy/db/schema.rb +25 -0
- data/spec/generators/clearance/install/install_generator_spec.rb +5 -9
- data/spec/requests/backdoor_spec.rb +11 -0
- data/spec/requests/csrf_rotation_spec.rb +1 -5
- data/spec/requests/token_expiration_spec.rb +3 -3
- data/spec/spec_helper.rb +4 -11
- data/spec/support/generator_spec_helpers.rb +11 -0
- data/spec/support/html_escape_helper.rb +1 -1
- metadata +30 -18
- data/db/schema.rb +0 -28
- data/spec/dummy/application.rb +0 -33
- data/spec/support/cookies.rb +0 -74
- /data/spec/{factories.rb → factories/users.rb} +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ea787197f1c05708009b5318ed67814d74c11de000e314d87d0d2f9278722ea7
|
|
4
|
+
data.tar.gz: 9def5796663a629edecd2a9ad34aadb3b3430d4f00b4ba1017259bc929321911
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 374df1a9550bb8379625497e010c79d264e328d9763341e6c5a1e1e01a42d3085650b5872d92df32a14d06c1d88f82ae9bcb4912ab717790800bce9237847c4a
|
|
7
|
+
data.tar.gz: 370f291a30b646bb3afcf9bc27fdccf13facec4c9663e44d4efbab0006430066891849c77fe788225a8145636507a8a03ac6360d3e195d7f7f304d8270a28054
|
data/.github/workflows/tests.yml
CHANGED
|
@@ -16,20 +16,20 @@ jobs:
|
|
|
16
16
|
fail-fast: false
|
|
17
17
|
matrix:
|
|
18
18
|
gemfile:
|
|
19
|
-
- "6.1"
|
|
20
19
|
- "7.0"
|
|
21
20
|
- "7.1"
|
|
21
|
+
- "7.2"
|
|
22
22
|
ruby:
|
|
23
|
-
- "3.
|
|
24
|
-
- "3.
|
|
25
|
-
- "3.
|
|
23
|
+
- "3.1.6"
|
|
24
|
+
- "3.2.5"
|
|
25
|
+
- "3.3.5"
|
|
26
26
|
|
|
27
27
|
env:
|
|
28
28
|
BUNDLE_GEMFILE: gemfiles/rails_${{ matrix.gemfile }}.gemfile
|
|
29
29
|
RAILS_ENV: test
|
|
30
30
|
|
|
31
31
|
steps:
|
|
32
|
-
- uses: actions/checkout@
|
|
32
|
+
- uses: actions/checkout@v4
|
|
33
33
|
|
|
34
34
|
- name: "Install Ruby ${{ matrix.ruby }}"
|
|
35
35
|
uses: ruby/setup-ruby@v1
|
|
@@ -39,8 +39,8 @@ jobs:
|
|
|
39
39
|
|
|
40
40
|
- name: "Reset app database"
|
|
41
41
|
run: |
|
|
42
|
-
bundle exec rake
|
|
43
|
-
bundle exec rake
|
|
42
|
+
bundle exec rake db:drop
|
|
43
|
+
bundle exec rake db:setup
|
|
44
44
|
|
|
45
45
|
- name: "Run tests"
|
|
46
46
|
run: bundle exec rake
|
data/.gitignore
CHANGED
data/Appraisals
CHANGED
|
@@ -1,12 +1,16 @@
|
|
|
1
|
-
appraise "rails_6.1" do
|
|
2
|
-
gem "railties", "~> 6.1.0"
|
|
3
|
-
gem "net-smtp", require: false # not bundled in ruby 3.1
|
|
4
|
-
end
|
|
5
|
-
|
|
6
1
|
appraise "rails_7.0" do
|
|
7
2
|
gem "railties", "~> 7.0.0"
|
|
3
|
+
# The following gems will not be bundled with Ruby 3.4
|
|
4
|
+
gem "base64", require: false
|
|
5
|
+
gem "bigdecimal", require: false
|
|
6
|
+
gem "drb", require: false
|
|
7
|
+
gem "mutex_m", require: false
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
appraise "rails_7.1" do
|
|
11
11
|
gem "railties", "~> 7.1.0"
|
|
12
12
|
end
|
|
13
|
+
|
|
14
|
+
appraise "rails_7.2" do
|
|
15
|
+
gem "railties", "~> 7.2.0"
|
|
16
|
+
end
|
data/CHANGELOG.md
CHANGED
|
@@ -5,7 +5,14 @@ complete changelog, see the git history for each version via the version links.
|
|
|
5
5
|
|
|
6
6
|
## [Unreleased]
|
|
7
7
|
|
|
8
|
-
[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.
|
|
8
|
+
[Unreleased]: https://github.com/thoughtbot/clearance/compare/v2.9.0...main
|
|
9
|
+
|
|
10
|
+
## [2.9.0] - October 29, 2024
|
|
11
|
+
- Added Rails 7.2 and Ruby 3.3 to testing matrix
|
|
12
|
+
and overhauled dummy app (#1032) Hamed Asghari
|
|
13
|
+
- Droped support for Ruby 3.0 and Rails 6.1 (#1036)
|
|
14
|
+
|
|
15
|
+
[2.9.0]: https://github.com/thoughtbot/clearance/compare/v2.8.0...v2.9.0
|
|
9
16
|
|
|
10
17
|
## [2.8.0] - August 9, 2024
|
|
11
18
|
- Feature: Added allow_password_resets config option (#1019) Jos O'shea
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -13,49 +13,57 @@ PATH
|
|
|
13
13
|
GEM
|
|
14
14
|
remote: https://rubygems.org/
|
|
15
15
|
specs:
|
|
16
|
-
actionmailer (7.0
|
|
17
|
-
actionpack (= 7.0
|
|
18
|
-
actionview (= 7.0
|
|
19
|
-
activejob (= 7.0
|
|
20
|
-
activesupport (= 7.0
|
|
21
|
-
mail (
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
rack (
|
|
16
|
+
actionmailer (7.2.0)
|
|
17
|
+
actionpack (= 7.2.0)
|
|
18
|
+
actionview (= 7.2.0)
|
|
19
|
+
activejob (= 7.2.0)
|
|
20
|
+
activesupport (= 7.2.0)
|
|
21
|
+
mail (>= 2.8.0)
|
|
22
|
+
rails-dom-testing (~> 2.2)
|
|
23
|
+
actionpack (7.2.0)
|
|
24
|
+
actionview (= 7.2.0)
|
|
25
|
+
activesupport (= 7.2.0)
|
|
26
|
+
nokogiri (>= 1.8.5)
|
|
27
|
+
racc
|
|
28
|
+
rack (>= 2.2.4, < 3.2)
|
|
29
|
+
rack-session (>= 1.0.1)
|
|
30
30
|
rack-test (>= 0.6.3)
|
|
31
|
-
rails-dom-testing (~> 2.
|
|
32
|
-
rails-html-sanitizer (~> 1.
|
|
33
|
-
|
|
34
|
-
|
|
31
|
+
rails-dom-testing (~> 2.2)
|
|
32
|
+
rails-html-sanitizer (~> 1.6)
|
|
33
|
+
useragent (~> 0.16)
|
|
34
|
+
actionview (7.2.0)
|
|
35
|
+
activesupport (= 7.2.0)
|
|
35
36
|
builder (~> 3.1)
|
|
36
|
-
erubi (~> 1.
|
|
37
|
-
rails-dom-testing (~> 2.
|
|
38
|
-
rails-html-sanitizer (~> 1.
|
|
39
|
-
activejob (7.0
|
|
40
|
-
activesupport (= 7.0
|
|
37
|
+
erubi (~> 1.11)
|
|
38
|
+
rails-dom-testing (~> 2.2)
|
|
39
|
+
rails-html-sanitizer (~> 1.6)
|
|
40
|
+
activejob (7.2.0)
|
|
41
|
+
activesupport (= 7.2.0)
|
|
41
42
|
globalid (>= 0.3.6)
|
|
42
|
-
activemodel (7.0
|
|
43
|
-
activesupport (= 7.0
|
|
44
|
-
activerecord (7.0
|
|
45
|
-
activemodel (= 7.0
|
|
46
|
-
activesupport (= 7.0
|
|
47
|
-
|
|
48
|
-
|
|
43
|
+
activemodel (7.2.0)
|
|
44
|
+
activesupport (= 7.2.0)
|
|
45
|
+
activerecord (7.2.0)
|
|
46
|
+
activemodel (= 7.2.0)
|
|
47
|
+
activesupport (= 7.2.0)
|
|
48
|
+
timeout (>= 0.4.0)
|
|
49
|
+
activesupport (7.2.0)
|
|
50
|
+
base64
|
|
51
|
+
bigdecimal
|
|
52
|
+
concurrent-ruby (~> 1.0, >= 1.3.1)
|
|
53
|
+
connection_pool (>= 2.2.5)
|
|
54
|
+
drb
|
|
49
55
|
i18n (>= 1.6, < 2)
|
|
56
|
+
logger (>= 1.4.2)
|
|
50
57
|
minitest (>= 5.1)
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
58
|
+
securerandom (>= 0.3)
|
|
59
|
+
tzinfo (~> 2.0, >= 2.0.5)
|
|
60
|
+
addressable (2.8.7)
|
|
61
|
+
public_suffix (>= 2.0.2, < 7.0)
|
|
62
|
+
ammeter (1.1.7)
|
|
55
63
|
activesupport (>= 3.0)
|
|
56
64
|
railties (>= 3.0)
|
|
57
65
|
rspec-rails (>= 2.2)
|
|
58
|
-
appraisal (2.
|
|
66
|
+
appraisal (2.5.0)
|
|
59
67
|
bundler
|
|
60
68
|
rake
|
|
61
69
|
thor (>= 0.14.0)
|
|
@@ -63,6 +71,7 @@ GEM
|
|
|
63
71
|
ffi (~> 1.15)
|
|
64
72
|
ffi-compiler (~> 1.0)
|
|
65
73
|
ast (2.4.2)
|
|
74
|
+
base64 (0.2.0)
|
|
66
75
|
bcrypt (3.1.20)
|
|
67
76
|
better_html (2.1.1)
|
|
68
77
|
actionview (>= 6.0)
|
|
@@ -71,41 +80,44 @@ GEM
|
|
|
71
80
|
erubi (~> 1.4)
|
|
72
81
|
parser (>= 2.4)
|
|
73
82
|
smart_properties
|
|
74
|
-
|
|
75
|
-
|
|
83
|
+
bigdecimal (3.1.8)
|
|
84
|
+
builder (3.3.0)
|
|
85
|
+
capybara (3.40.0)
|
|
76
86
|
addressable
|
|
77
87
|
matrix
|
|
78
88
|
mini_mime (>= 0.1.3)
|
|
79
|
-
nokogiri (~> 1.
|
|
89
|
+
nokogiri (~> 1.11)
|
|
80
90
|
rack (>= 1.6.0)
|
|
81
91
|
rack-test (>= 0.6.3)
|
|
82
92
|
regexp_parser (>= 1.5, < 3.0)
|
|
83
93
|
xpath (~> 3.2)
|
|
84
94
|
coderay (1.1.3)
|
|
85
|
-
concurrent-ruby (1.
|
|
95
|
+
concurrent-ruby (1.3.4)
|
|
96
|
+
connection_pool (2.4.1)
|
|
86
97
|
crass (1.0.6)
|
|
87
|
-
database_cleaner (2.0.
|
|
88
|
-
database_cleaner-active_record (
|
|
89
|
-
database_cleaner-active_record (2.0
|
|
98
|
+
database_cleaner (2.0.2)
|
|
99
|
+
database_cleaner-active_record (>= 2, < 3)
|
|
100
|
+
database_cleaner-active_record (2.2.0)
|
|
90
101
|
activerecord (>= 5.a)
|
|
91
102
|
database_cleaner-core (~> 2.0.0)
|
|
92
103
|
database_cleaner-core (2.0.1)
|
|
93
104
|
date (3.3.4)
|
|
94
|
-
diff-lcs (1.5.
|
|
105
|
+
diff-lcs (1.5.1)
|
|
106
|
+
drb (2.2.1)
|
|
95
107
|
email_validator (2.2.4)
|
|
96
108
|
activemodel
|
|
97
|
-
erb_lint (0.
|
|
109
|
+
erb_lint (0.6.0)
|
|
98
110
|
activesupport
|
|
99
111
|
better_html (>= 2.0.1)
|
|
100
112
|
parser (>= 2.7.1.4)
|
|
101
113
|
rainbow
|
|
102
|
-
rubocop
|
|
114
|
+
rubocop (>= 1)
|
|
103
115
|
smart_properties
|
|
104
|
-
erubi (1.
|
|
105
|
-
factory_bot (6.
|
|
116
|
+
erubi (1.13.0)
|
|
117
|
+
factory_bot (6.4.6)
|
|
106
118
|
activesupport (>= 5.0.0)
|
|
107
|
-
factory_bot_rails (6.
|
|
108
|
-
factory_bot (~> 6.
|
|
119
|
+
factory_bot_rails (6.4.3)
|
|
120
|
+
factory_bot (~> 6.4)
|
|
109
121
|
railties (>= 5.0.0)
|
|
110
122
|
ffi (1.17.0)
|
|
111
123
|
ffi-compiler (1.3.2)
|
|
@@ -115,8 +127,13 @@ GEM
|
|
|
115
127
|
activesupport (>= 6.1)
|
|
116
128
|
i18n (1.14.5)
|
|
117
129
|
concurrent-ruby (~> 1.0)
|
|
130
|
+
io-console (0.7.2)
|
|
131
|
+
irb (1.14.0)
|
|
132
|
+
rdoc (>= 4.0.0)
|
|
133
|
+
reline (>= 0.4.2)
|
|
118
134
|
json (2.7.2)
|
|
119
135
|
language_server-protocol (3.17.0.3)
|
|
136
|
+
logger (1.6.0)
|
|
120
137
|
loofah (2.22.0)
|
|
121
138
|
crass (~> 1.0.2)
|
|
122
139
|
nokogiri (>= 1.12.0)
|
|
@@ -126,10 +143,10 @@ GEM
|
|
|
126
143
|
net-pop
|
|
127
144
|
net-smtp
|
|
128
145
|
matrix (0.4.2)
|
|
129
|
-
method_source (1.
|
|
130
|
-
mini_mime (1.1.
|
|
131
|
-
mini_portile2 (2.8.
|
|
132
|
-
minitest (5.
|
|
146
|
+
method_source (1.1.0)
|
|
147
|
+
mini_mime (1.1.5)
|
|
148
|
+
mini_portile2 (2.8.7)
|
|
149
|
+
minitest (5.25.1)
|
|
133
150
|
net-imap (0.4.14)
|
|
134
151
|
date
|
|
135
152
|
net-protocol
|
|
@@ -139,21 +156,28 @@ GEM
|
|
|
139
156
|
timeout
|
|
140
157
|
net-smtp (0.5.0)
|
|
141
158
|
net-protocol
|
|
142
|
-
nokogiri (1.16.
|
|
159
|
+
nokogiri (1.16.7)
|
|
143
160
|
mini_portile2 (~> 2.8.2)
|
|
144
161
|
racc (~> 1.4)
|
|
145
|
-
parallel (1.
|
|
146
|
-
parser (3.3.
|
|
162
|
+
parallel (1.26.3)
|
|
163
|
+
parser (3.3.4.2)
|
|
147
164
|
ast (~> 2.4.1)
|
|
148
165
|
racc
|
|
149
|
-
pry (0.14.
|
|
166
|
+
pry (0.14.2)
|
|
150
167
|
coderay (~> 1.1)
|
|
151
168
|
method_source (~> 1.0)
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
169
|
+
psych (5.1.2)
|
|
170
|
+
stringio
|
|
171
|
+
public_suffix (6.0.1)
|
|
172
|
+
racc (1.8.1)
|
|
173
|
+
rack (3.1.7)
|
|
174
|
+
rack-session (2.0.0)
|
|
175
|
+
rack (>= 3.0.0)
|
|
176
|
+
rack-test (2.1.0)
|
|
177
|
+
rack (>= 1.3)
|
|
178
|
+
rackup (2.1.0)
|
|
179
|
+
rack (>= 3)
|
|
180
|
+
webrick (~> 1.8)
|
|
157
181
|
rails-controller-testing (1.0.5)
|
|
158
182
|
actionpack (>= 5.0.1.rc1)
|
|
159
183
|
actionview (>= 5.0.1.rc1)
|
|
@@ -165,62 +189,72 @@ GEM
|
|
|
165
189
|
rails-html-sanitizer (1.6.0)
|
|
166
190
|
loofah (~> 2.21)
|
|
167
191
|
nokogiri (~> 1.14)
|
|
168
|
-
railties (7.0
|
|
169
|
-
actionpack (= 7.0
|
|
170
|
-
activesupport (= 7.0
|
|
171
|
-
|
|
192
|
+
railties (7.2.0)
|
|
193
|
+
actionpack (= 7.2.0)
|
|
194
|
+
activesupport (= 7.2.0)
|
|
195
|
+
irb (~> 1.13)
|
|
196
|
+
rackup (>= 1.0.0)
|
|
172
197
|
rake (>= 12.2)
|
|
173
|
-
thor (~> 1.0)
|
|
174
|
-
zeitwerk (~> 2.
|
|
198
|
+
thor (~> 1.0, >= 1.2.2)
|
|
199
|
+
zeitwerk (~> 2.6)
|
|
175
200
|
rainbow (3.1.1)
|
|
176
|
-
rake (13.1
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
201
|
+
rake (13.2.1)
|
|
202
|
+
rdoc (6.7.0)
|
|
203
|
+
psych (>= 4.0.0)
|
|
204
|
+
regexp_parser (2.9.2)
|
|
205
|
+
reline (0.5.9)
|
|
206
|
+
io-console (~> 0.5)
|
|
207
|
+
rexml (3.3.5)
|
|
208
|
+
strscan
|
|
209
|
+
rspec-core (3.13.0)
|
|
210
|
+
rspec-support (~> 3.13.0)
|
|
211
|
+
rspec-expectations (3.13.1)
|
|
182
212
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
183
|
-
rspec-support (~> 3.
|
|
184
|
-
rspec-mocks (3.
|
|
213
|
+
rspec-support (~> 3.13.0)
|
|
214
|
+
rspec-mocks (3.13.1)
|
|
185
215
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
186
|
-
rspec-support (~> 3.
|
|
187
|
-
rspec-rails (
|
|
188
|
-
actionpack (>=
|
|
189
|
-
activesupport (>=
|
|
190
|
-
railties (>=
|
|
191
|
-
rspec-core (~> 3.
|
|
192
|
-
rspec-expectations (~> 3.
|
|
193
|
-
rspec-mocks (~> 3.
|
|
194
|
-
rspec-support (~> 3.
|
|
195
|
-
rspec-support (3.
|
|
196
|
-
rubocop (1.
|
|
216
|
+
rspec-support (~> 3.13.0)
|
|
217
|
+
rspec-rails (6.1.4)
|
|
218
|
+
actionpack (>= 6.1)
|
|
219
|
+
activesupport (>= 6.1)
|
|
220
|
+
railties (>= 6.1)
|
|
221
|
+
rspec-core (~> 3.13)
|
|
222
|
+
rspec-expectations (~> 3.13)
|
|
223
|
+
rspec-mocks (~> 3.13)
|
|
224
|
+
rspec-support (~> 3.13)
|
|
225
|
+
rspec-support (3.13.1)
|
|
226
|
+
rubocop (1.65.1)
|
|
197
227
|
json (~> 2.3)
|
|
198
228
|
language_server-protocol (>= 3.17.0)
|
|
199
229
|
parallel (~> 1.10)
|
|
200
230
|
parser (>= 3.3.0.2)
|
|
201
231
|
rainbow (>= 2.2.2, < 4.0)
|
|
202
|
-
regexp_parser (>=
|
|
232
|
+
regexp_parser (>= 2.4, < 3.0)
|
|
203
233
|
rexml (>= 3.2.5, < 4.0)
|
|
204
234
|
rubocop-ast (>= 1.31.1, < 2.0)
|
|
205
235
|
ruby-progressbar (~> 1.7)
|
|
206
236
|
unicode-display_width (>= 2.4.0, < 3.0)
|
|
207
|
-
rubocop-ast (1.
|
|
237
|
+
rubocop-ast (1.32.1)
|
|
208
238
|
parser (>= 3.3.1.0)
|
|
209
239
|
ruby-progressbar (1.13.0)
|
|
210
|
-
|
|
240
|
+
securerandom (0.3.1)
|
|
241
|
+
shoulda-matchers (6.4.0)
|
|
211
242
|
activesupport (>= 5.2.0)
|
|
212
243
|
smart_properties (1.17.0)
|
|
213
244
|
sqlite3 (1.7.3)
|
|
214
245
|
mini_portile2 (~> 2.8.0)
|
|
215
|
-
|
|
216
|
-
|
|
246
|
+
stringio (3.1.1)
|
|
247
|
+
strscan (3.1.0)
|
|
248
|
+
thor (1.3.1)
|
|
217
249
|
timeout (0.4.1)
|
|
218
250
|
tzinfo (2.0.6)
|
|
219
251
|
concurrent-ruby (~> 1.0)
|
|
220
252
|
unicode-display_width (2.5.0)
|
|
253
|
+
useragent (0.16.10)
|
|
254
|
+
webrick (1.8.1)
|
|
221
255
|
xpath (3.2.0)
|
|
222
256
|
nokogiri (~> 1.8)
|
|
223
|
-
zeitwerk (2.
|
|
257
|
+
zeitwerk (2.6.17)
|
|
224
258
|
|
|
225
259
|
PLATFORMS
|
|
226
260
|
ruby
|
|
@@ -240,7 +274,6 @@ DEPENDENCIES
|
|
|
240
274
|
rspec-rails
|
|
241
275
|
shoulda-matchers
|
|
242
276
|
sqlite3 (~> 1.7)
|
|
243
|
-
timecop
|
|
244
277
|
|
|
245
278
|
BUNDLED WITH
|
|
246
279
|
2.3.15
|
data/README.md
CHANGED
|
@@ -18,7 +18,7 @@ monitored by contributors.
|
|
|
18
18
|
|
|
19
19
|
## Getting Started
|
|
20
20
|
|
|
21
|
-
Clearance is a Rails engine tested against Rails `>=
|
|
21
|
+
Clearance is a Rails engine tested against Rails `>= 7.0` and Ruby `>= 3.1.6`.
|
|
22
22
|
|
|
23
23
|
You can add it to your Gemfile with:
|
|
24
24
|
|
data/Rakefile
CHANGED
|
@@ -1,15 +1,12 @@
|
|
|
1
|
-
require "rubygems"
|
|
2
1
|
require "bundler/setup"
|
|
2
|
+
|
|
3
|
+
APP_RAKEFILE = File.expand_path("spec/dummy/Rakefile", __dir__)
|
|
4
|
+
load "rails/tasks/engine.rake"
|
|
5
|
+
|
|
3
6
|
require "bundler/gem_tasks"
|
|
4
7
|
|
|
5
|
-
require "rake"
|
|
6
8
|
require "rspec/core/rake_task"
|
|
7
9
|
|
|
8
|
-
namespace :dummy do
|
|
9
|
-
require_relative "spec/dummy/application"
|
|
10
|
-
Dummy::Application.load_tasks
|
|
11
|
-
end
|
|
12
|
-
|
|
13
10
|
desc "Run specs other than spec/acceptance"
|
|
14
11
|
RSpec::Core::RakeTask.new("spec") do |task|
|
|
15
12
|
task.exclude_pattern = "spec/acceptance/**/*_spec.rb"
|
data/bin/setup
CHANGED
|
@@ -12,5 +12,5 @@ if [ -z "$CI" ]; then
|
|
|
12
12
|
fi
|
|
13
13
|
|
|
14
14
|
# Set up database for the application that Clearance tests against
|
|
15
|
-
RAILS_ENV=test bundle exec rake
|
|
16
|
-
RAILS_ENV=test bundle exec rake
|
|
15
|
+
RAILS_ENV=test bundle exec rake db:drop
|
|
16
|
+
RAILS_ENV=test bundle exec rake db:setup
|
data/clearance.gemspec
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
|
-
|
|
2
|
-
require 'clearance/version'
|
|
1
|
+
require_relative 'lib/clearance/version'
|
|
3
2
|
|
|
4
3
|
Gem::Specification.new do |s|
|
|
5
|
-
s.add_dependency 'bcrypt', '>= 3.1.1'
|
|
4
|
+
s.add_dependency 'bcrypt', '~> 3.1', '>= 3.1.1'
|
|
6
5
|
s.add_dependency 'argon2', '~> 2.0', '>= 2.0.2'
|
|
7
6
|
s.add_dependency 'email_validator', '~> 2.0'
|
|
8
|
-
s.add_dependency 'railties', '
|
|
9
|
-
s.add_dependency 'activemodel', '
|
|
10
|
-
s.add_dependency 'activerecord', '
|
|
11
|
-
s.add_dependency 'actionmailer', '
|
|
7
|
+
s.add_dependency 'railties', '~> 5.0'
|
|
8
|
+
s.add_dependency 'activemodel', '~> 5.0'
|
|
9
|
+
s.add_dependency 'activerecord', '~> 5.0'
|
|
10
|
+
s.add_dependency 'actionmailer', '~> 5.0'
|
|
12
11
|
s.authors = [
|
|
13
12
|
'Dan Croak',
|
|
14
13
|
'Eugene Bolshakov',
|
|
@@ -46,7 +45,7 @@ Gem::Specification.new do |s|
|
|
|
46
45
|
s.name = %q{clearance}
|
|
47
46
|
s.rdoc_options = ['--charset=UTF-8']
|
|
48
47
|
s.require_paths = ['lib']
|
|
49
|
-
s.required_ruby_version = Gem::Requirement.new('>=
|
|
48
|
+
s.required_ruby_version = Gem::Requirement.new('>= 3.1.6')
|
|
50
49
|
s.summary = 'Rails authentication & authorization with email & password.'
|
|
51
50
|
s.test_files = `git ls-files -- {spec}/*`.split("\n")
|
|
52
51
|
s.version = Clearance::VERSION
|
data/gemfiles/rails_7.0.gemfile
CHANGED
|
@@ -15,7 +15,10 @@ gem "rails-controller-testing"
|
|
|
15
15
|
gem "rspec-rails"
|
|
16
16
|
gem "shoulda-matchers"
|
|
17
17
|
gem "sqlite3", "~> 1.7"
|
|
18
|
-
gem "timecop"
|
|
19
18
|
gem "railties", "~> 7.0.0"
|
|
19
|
+
gem "base64", require: false
|
|
20
|
+
gem "bigdecimal", require: false
|
|
21
|
+
gem "drb", require: false
|
|
22
|
+
gem "mutex_m", require: false
|
|
20
23
|
|
|
21
24
|
gemspec path: "../"
|
data/gemfiles/rails_7.1.gemfile
CHANGED
data/lib/clearance/back_door.rb
CHANGED
|
@@ -48,11 +48,13 @@ module Clearance
|
|
|
48
48
|
|
|
49
49
|
# @api private
|
|
50
50
|
def sign_in_through_the_back_door(env)
|
|
51
|
-
params = Rack::Utils.parse_query(env[
|
|
51
|
+
params = Rack::Utils.parse_query(env[Rack::QUERY_STRING])
|
|
52
52
|
user_param = params.delete("as")
|
|
53
53
|
|
|
54
54
|
if user_param.present?
|
|
55
|
-
|
|
55
|
+
query_string = Rack::Utils.build_query(params)
|
|
56
|
+
env[Rack::QUERY_STRING] = query_string
|
|
57
|
+
env[Rack::RACK_REQUEST_QUERY_STRING] = query_string
|
|
56
58
|
user = find_user(user_param)
|
|
57
59
|
env[:clearance].sign_in(user)
|
|
58
60
|
end
|
data/lib/clearance/version.rb
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe Clearance::Session do
|
|
4
|
-
before {
|
|
5
|
-
after {
|
|
4
|
+
before { freeze_time }
|
|
5
|
+
after { unfreeze_time }
|
|
6
6
|
|
|
7
7
|
let(:session) { Clearance::Session.new(env_without_remember_token) }
|
|
8
8
|
let(:user) { create(:user) }
|
data/spec/dummy/Rakefile
ADDED
|
File without changes
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require_relative "boot"
|
|
2
|
+
|
|
3
|
+
require "rails/all"
|
|
4
|
+
|
|
5
|
+
# Require the gems listed in Gemfile, including any gems
|
|
6
|
+
# you've limited to :test, :development, or :production.
|
|
7
|
+
Bundler.require(*Rails.groups)
|
|
8
|
+
|
|
9
|
+
module Dummy
|
|
10
|
+
class Application < Rails::Application
|
|
11
|
+
config.load_defaults Rails::VERSION::STRING.to_f
|
|
12
|
+
end
|
|
13
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
require "active_support/core_ext/integer/time"
|
|
2
|
+
|
|
3
|
+
Rails.application.configure do
|
|
4
|
+
config.enable_reloading = false
|
|
5
|
+
|
|
6
|
+
config.eager_load = ENV["CI"].present?
|
|
7
|
+
|
|
8
|
+
config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{1.hour.to_i}" }
|
|
9
|
+
|
|
10
|
+
# Show full error reports and disable caching.
|
|
11
|
+
config.consider_all_requests_local = true
|
|
12
|
+
config.action_controller.perform_caching = false
|
|
13
|
+
config.cache_store = :null_store
|
|
14
|
+
|
|
15
|
+
config.action_dispatch.show_exceptions = :rescuable
|
|
16
|
+
|
|
17
|
+
config.action_controller.allow_forgery_protection = false
|
|
18
|
+
|
|
19
|
+
config.action_mailer.perform_caching = false
|
|
20
|
+
config.action_mailer.delivery_method = :test
|
|
21
|
+
|
|
22
|
+
config.action_mailer.default_url_options = { host: "www.example.com" }
|
|
23
|
+
|
|
24
|
+
config.active_support.deprecation = :stderr
|
|
25
|
+
config.active_support.disallowed_deprecation = :raise
|
|
26
|
+
config.active_support.disallowed_deprecation_warnings = []
|
|
27
|
+
|
|
28
|
+
config.factory_bot.definition_file_paths = [File.expand_path('../../../factories', __dir__)]
|
|
29
|
+
|
|
30
|
+
config.middleware.use Clearance::BackDoor
|
|
31
|
+
end
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class CreateClearanceUsers < ActiveRecord::Migration
|
|
1
|
+
class CreateClearanceUsers < ActiveRecord::Migration[Rails::VERSION::STRING.to_f]
|
|
2
2
|
def self.up
|
|
3
3
|
create_table :users do |t|
|
|
4
4
|
t.timestamps null: false
|
|
@@ -9,7 +9,8 @@ class CreateClearanceUsers < ActiveRecord::Migration
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
add_index :users, :email
|
|
12
|
-
add_index :users, :
|
|
12
|
+
add_index :users, :confirmation_token, unique: true
|
|
13
|
+
add_index :users, :remember_token, unique: true
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
def self.down
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# This file is auto-generated from the current state of the database. Instead
|
|
2
|
+
# of editing this file, please use the migrations feature of Active Record to
|
|
3
|
+
# incrementally modify your database, and then regenerate this schema definition.
|
|
4
|
+
#
|
|
5
|
+
# This file is the source Rails uses to define your schema when running `bin/rails
|
|
6
|
+
# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to
|
|
7
|
+
# be faster and is potentially less error prone than running all of your
|
|
8
|
+
# migrations from scratch. Old migrations may fail to apply correctly if those
|
|
9
|
+
# migrations use external dependencies or application code.
|
|
10
|
+
#
|
|
11
|
+
# It's strongly recommended that you check this file into your version control system.
|
|
12
|
+
|
|
13
|
+
ActiveRecord::Schema.define(version: 2011_01_11_224543) do
|
|
14
|
+
create_table "users", force: :cascade do |t|
|
|
15
|
+
t.datetime "created_at", null: false
|
|
16
|
+
t.datetime "updated_at", null: false
|
|
17
|
+
t.string "email", null: false
|
|
18
|
+
t.string "encrypted_password", limit: 128, null: false
|
|
19
|
+
t.string "confirmation_token", limit: 128
|
|
20
|
+
t.string "remember_token", limit: 128, null: false
|
|
21
|
+
t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
|
|
22
|
+
t.index ["email"], name: "index_users_on_email"
|
|
23
|
+
t.index ["remember_token"], name: "index_users_on_remember_token", unique: true
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -2,10 +2,6 @@ require "spec_helper"
|
|
|
2
2
|
require "generators/clearance/install/install_generator"
|
|
3
3
|
|
|
4
4
|
describe Clearance::Generators::InstallGenerator, :generator do
|
|
5
|
-
def get_migration(path)
|
|
6
|
-
Pathname.new(migration_file(path))
|
|
7
|
-
end
|
|
8
|
-
|
|
9
5
|
describe "initializer" do
|
|
10
6
|
it "is copied to the application" do
|
|
11
7
|
provide_existing_application_controller
|
|
@@ -70,7 +66,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
|
70
66
|
table_does_not_exist(:users)
|
|
71
67
|
|
|
72
68
|
run_generator
|
|
73
|
-
migration =
|
|
69
|
+
migration = migration_file("db/migrate/create_users.rb")
|
|
74
70
|
|
|
75
71
|
expect(migration).to exist
|
|
76
72
|
expect(migration).to have_correct_syntax
|
|
@@ -92,7 +88,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
|
92
88
|
table_does_not_exist(:users)
|
|
93
89
|
|
|
94
90
|
run_generator
|
|
95
|
-
migration =
|
|
91
|
+
migration = migration_file("db/migrate/create_users.rb")
|
|
96
92
|
|
|
97
93
|
expect(migration).to exist
|
|
98
94
|
expect(migration).to have_correct_syntax
|
|
@@ -106,8 +102,8 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
|
106
102
|
provide_existing_application_controller
|
|
107
103
|
|
|
108
104
|
run_generator
|
|
109
|
-
create_migration =
|
|
110
|
-
add_migration =
|
|
105
|
+
create_migration = migration_file("db/migrate/create_users.rb")
|
|
106
|
+
add_migration = migration_file("db/migrate/add_clearance_to_users.rb")
|
|
111
107
|
|
|
112
108
|
expect(create_migration).not_to exist
|
|
113
109
|
expect(add_migration).not_to exist
|
|
@@ -130,7 +126,7 @@ describe Clearance::Generators::InstallGenerator, :generator do
|
|
|
130
126
|
and_return(existing_indexes)
|
|
131
127
|
|
|
132
128
|
run_generator
|
|
133
|
-
migration =
|
|
129
|
+
migration = migration_file("db/migrate/add_clearance_to_users.rb")
|
|
134
130
|
|
|
135
131
|
expect(migration).to exist
|
|
136
132
|
expect(migration).to have_correct_syntax
|
|
@@ -16,7 +16,7 @@ describe "CSRF Rotation" do
|
|
|
16
16
|
original_token = csrf_token
|
|
17
17
|
|
|
18
18
|
post session_path, params: {
|
|
19
|
-
session:
|
|
19
|
+
authenticity_token: csrf_token, session: { email: user.email, password: "password" }
|
|
20
20
|
}
|
|
21
21
|
|
|
22
22
|
expect(csrf_token).not_to eq original_token
|
|
@@ -28,8 +28,4 @@ describe "CSRF Rotation" do
|
|
|
28
28
|
def csrf_token
|
|
29
29
|
session[:_csrf_token]
|
|
30
30
|
end
|
|
31
|
-
|
|
32
|
-
def session_params(user, password)
|
|
33
|
-
{ email: user.email, password: password, authenticity_token: csrf_token }
|
|
34
|
-
end
|
|
35
31
|
end
|
|
@@ -3,13 +3,13 @@ require "spec_helper"
|
|
|
3
3
|
describe "Token expiration" do
|
|
4
4
|
describe "after signing in" do
|
|
5
5
|
before do
|
|
6
|
-
|
|
6
|
+
freeze_time
|
|
7
7
|
create_user_and_sign_in
|
|
8
8
|
@initial_cookies = remember_token_cookies
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
after do
|
|
12
|
-
|
|
12
|
+
unfreeze_time
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
it "should have a remember_token cookie with a future expiration" do
|
|
@@ -25,7 +25,7 @@ describe "Token expiration" do
|
|
|
25
25
|
create_user_and_sign_in
|
|
26
26
|
@initial_cookies = remember_token_cookies
|
|
27
27
|
|
|
28
|
-
|
|
28
|
+
travel_to(1.minute.from_now) do
|
|
29
29
|
get root_path
|
|
30
30
|
@followup_cookies = remember_token_cookies
|
|
31
31
|
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -1,20 +1,13 @@
|
|
|
1
1
|
ENV["RAILS_ENV"] ||= "test"
|
|
2
|
+
require_relative "dummy/config/environment"
|
|
2
3
|
|
|
3
|
-
require "rails/all"
|
|
4
|
-
require "dummy/application"
|
|
5
|
-
|
|
6
|
-
require "clearance/rspec"
|
|
7
|
-
require "factory_bot_rails"
|
|
8
|
-
require "rails-controller-testing"
|
|
9
4
|
require "rspec/rails"
|
|
10
|
-
require "
|
|
11
|
-
require "timecop"
|
|
12
|
-
|
|
13
|
-
Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
|
|
5
|
+
require "clearance/rspec"
|
|
14
6
|
|
|
15
|
-
|
|
7
|
+
Dir[File.expand_path("spec/support/**/*.rb")].each { |f| require f }
|
|
16
8
|
|
|
17
9
|
RSpec.configure do |config|
|
|
10
|
+
config.include ActiveSupport::Testing::TimeHelpers
|
|
18
11
|
config.include FactoryBot::Syntax::Methods
|
|
19
12
|
config.infer_spec_type_from_file_location!
|
|
20
13
|
config.order = :random
|
|
@@ -3,6 +3,16 @@ require "ammeter/rspec/generator/matchers.rb"
|
|
|
3
3
|
require "ammeter/init"
|
|
4
4
|
|
|
5
5
|
module GeneratorSpecHelpers
|
|
6
|
+
module FileMethods
|
|
7
|
+
def file(path)
|
|
8
|
+
Pathname.new(super)
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def migration_file(path)
|
|
12
|
+
Pathname.new(super)
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
6
16
|
TEMPLATE_PATH = File.expand_path("../../app_templates", __FILE__)
|
|
7
17
|
|
|
8
18
|
def provide_existing_routes_file
|
|
@@ -36,6 +46,7 @@ end
|
|
|
36
46
|
|
|
37
47
|
RSpec.configure do |config|
|
|
38
48
|
config.include GeneratorSpecHelpers
|
|
49
|
+
config.prepend GeneratorSpecHelpers::FileMethods
|
|
39
50
|
|
|
40
51
|
config.before(:example, :generator) do
|
|
41
52
|
destination File.expand_path("../../../tmp", __FILE__)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: clearance
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dan Croak
|
|
@@ -27,12 +27,15 @@ authors:
|
|
|
27
27
|
autorequire:
|
|
28
28
|
bindir: bin
|
|
29
29
|
cert_chain: []
|
|
30
|
-
date: 2024-
|
|
30
|
+
date: 2024-10-29 00:00:00.000000000 Z
|
|
31
31
|
dependencies:
|
|
32
32
|
- !ruby/object:Gem::Dependency
|
|
33
33
|
name: bcrypt
|
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
|
35
35
|
requirements:
|
|
36
|
+
- - "~>"
|
|
37
|
+
- !ruby/object:Gem::Version
|
|
38
|
+
version: '3.1'
|
|
36
39
|
- - ">="
|
|
37
40
|
- !ruby/object:Gem::Version
|
|
38
41
|
version: 3.1.1
|
|
@@ -40,6 +43,9 @@ dependencies:
|
|
|
40
43
|
prerelease: false
|
|
41
44
|
version_requirements: !ruby/object:Gem::Requirement
|
|
42
45
|
requirements:
|
|
46
|
+
- - "~>"
|
|
47
|
+
- !ruby/object:Gem::Version
|
|
48
|
+
version: '3.1'
|
|
43
49
|
- - ">="
|
|
44
50
|
- !ruby/object:Gem::Version
|
|
45
51
|
version: 3.1.1
|
|
@@ -81,56 +87,56 @@ dependencies:
|
|
|
81
87
|
name: railties
|
|
82
88
|
requirement: !ruby/object:Gem::Requirement
|
|
83
89
|
requirements:
|
|
84
|
-
- - "
|
|
90
|
+
- - "~>"
|
|
85
91
|
- !ruby/object:Gem::Version
|
|
86
92
|
version: '5.0'
|
|
87
93
|
type: :runtime
|
|
88
94
|
prerelease: false
|
|
89
95
|
version_requirements: !ruby/object:Gem::Requirement
|
|
90
96
|
requirements:
|
|
91
|
-
- - "
|
|
97
|
+
- - "~>"
|
|
92
98
|
- !ruby/object:Gem::Version
|
|
93
99
|
version: '5.0'
|
|
94
100
|
- !ruby/object:Gem::Dependency
|
|
95
101
|
name: activemodel
|
|
96
102
|
requirement: !ruby/object:Gem::Requirement
|
|
97
103
|
requirements:
|
|
98
|
-
- - "
|
|
104
|
+
- - "~>"
|
|
99
105
|
- !ruby/object:Gem::Version
|
|
100
106
|
version: '5.0'
|
|
101
107
|
type: :runtime
|
|
102
108
|
prerelease: false
|
|
103
109
|
version_requirements: !ruby/object:Gem::Requirement
|
|
104
110
|
requirements:
|
|
105
|
-
- - "
|
|
111
|
+
- - "~>"
|
|
106
112
|
- !ruby/object:Gem::Version
|
|
107
113
|
version: '5.0'
|
|
108
114
|
- !ruby/object:Gem::Dependency
|
|
109
115
|
name: activerecord
|
|
110
116
|
requirement: !ruby/object:Gem::Requirement
|
|
111
117
|
requirements:
|
|
112
|
-
- - "
|
|
118
|
+
- - "~>"
|
|
113
119
|
- !ruby/object:Gem::Version
|
|
114
120
|
version: '5.0'
|
|
115
121
|
type: :runtime
|
|
116
122
|
prerelease: false
|
|
117
123
|
version_requirements: !ruby/object:Gem::Requirement
|
|
118
124
|
requirements:
|
|
119
|
-
- - "
|
|
125
|
+
- - "~>"
|
|
120
126
|
- !ruby/object:Gem::Version
|
|
121
127
|
version: '5.0'
|
|
122
128
|
- !ruby/object:Gem::Dependency
|
|
123
129
|
name: actionmailer
|
|
124
130
|
requirement: !ruby/object:Gem::Requirement
|
|
125
131
|
requirements:
|
|
126
|
-
- - "
|
|
132
|
+
- - "~>"
|
|
127
133
|
- !ruby/object:Gem::Version
|
|
128
134
|
version: '5.0'
|
|
129
135
|
type: :runtime
|
|
130
136
|
prerelease: false
|
|
131
137
|
version_requirements: !ruby/object:Gem::Requirement
|
|
132
138
|
requirements:
|
|
133
|
-
- - "
|
|
139
|
+
- - "~>"
|
|
134
140
|
- !ruby/object:Gem::Version
|
|
135
141
|
version: '5.0'
|
|
136
142
|
description: |2
|
|
@@ -185,11 +191,9 @@ files:
|
|
|
185
191
|
- clearance.gemspec
|
|
186
192
|
- config/locales/clearance.en.yml
|
|
187
193
|
- config/routes.rb
|
|
188
|
-
- db/migrate/20110111224543_create_clearance_users.rb
|
|
189
|
-
- db/schema.rb
|
|
190
|
-
- gemfiles/rails_6.1.gemfile
|
|
191
194
|
- gemfiles/rails_7.0.gemfile
|
|
192
195
|
- gemfiles/rails_7.1.gemfile
|
|
196
|
+
- gemfiles/rails_7.2.gemfile
|
|
193
197
|
- lib/clearance.rb
|
|
194
198
|
- lib/clearance/authentication.rb
|
|
195
199
|
- lib/clearance/authorization.rb
|
|
@@ -265,14 +269,22 @@ files:
|
|
|
265
269
|
- spec/controllers/permissions_controller_spec.rb
|
|
266
270
|
- spec/controllers/sessions_controller_spec.rb
|
|
267
271
|
- spec/controllers/users_controller_spec.rb
|
|
272
|
+
- spec/dummy/Rakefile
|
|
273
|
+
- spec/dummy/app/assets/config/manifest.js
|
|
268
274
|
- spec/dummy/app/controllers/application_controller.rb
|
|
269
275
|
- spec/dummy/app/models/user.rb
|
|
270
276
|
- spec/dummy/app/models/user_with_optional_password.rb
|
|
271
|
-
- spec/dummy/
|
|
277
|
+
- spec/dummy/config.ru
|
|
278
|
+
- spec/dummy/config/application.rb
|
|
279
|
+
- spec/dummy/config/boot.rb
|
|
272
280
|
- spec/dummy/config/database.yml
|
|
281
|
+
- spec/dummy/config/environment.rb
|
|
282
|
+
- spec/dummy/config/environments/test.rb
|
|
273
283
|
- spec/dummy/config/routes.rb
|
|
274
284
|
- spec/dummy/db/.keep
|
|
275
|
-
- spec/
|
|
285
|
+
- spec/dummy/db/migrate/20110111224543_create_clearance_users.rb
|
|
286
|
+
- spec/dummy/db/schema.rb
|
|
287
|
+
- spec/factories/users.rb
|
|
276
288
|
- spec/generators/clearance/install/install_generator_spec.rb
|
|
277
289
|
- spec/generators/clearance/routes/routes_generator_spec.rb
|
|
278
290
|
- spec/generators/clearance/specs/specs_generator_spec.rb
|
|
@@ -284,6 +296,7 @@ files:
|
|
|
284
296
|
- spec/password_strategies/bcrypt_spec.rb
|
|
285
297
|
- spec/password_strategies/password_strategies_spec.rb
|
|
286
298
|
- spec/requests/authentication_cookie_spec.rb
|
|
299
|
+
- spec/requests/backdoor_spec.rb
|
|
287
300
|
- spec/requests/cookie_options_spec.rb
|
|
288
301
|
- spec/requests/csrf_rotation_spec.rb
|
|
289
302
|
- spec/requests/password_maintenance_spec.rb
|
|
@@ -291,7 +304,6 @@ files:
|
|
|
291
304
|
- spec/routing/clearance_routes_spec.rb
|
|
292
305
|
- spec/spec_helper.rb
|
|
293
306
|
- spec/support/clearance.rb
|
|
294
|
-
- spec/support/cookies.rb
|
|
295
307
|
- spec/support/fake_model_with_password_strategy.rb
|
|
296
308
|
- spec/support/fake_model_without_password_strategy.rb
|
|
297
309
|
- spec/support/generator_spec_helpers.rb
|
|
@@ -311,14 +323,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
311
323
|
requirements:
|
|
312
324
|
- - ">="
|
|
313
325
|
- !ruby/object:Gem::Version
|
|
314
|
-
version:
|
|
326
|
+
version: 3.1.6
|
|
315
327
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
316
328
|
requirements:
|
|
317
329
|
- - ">="
|
|
318
330
|
- !ruby/object:Gem::Version
|
|
319
331
|
version: '0'
|
|
320
332
|
requirements: []
|
|
321
|
-
rubygems_version: 3.5.
|
|
333
|
+
rubygems_version: 3.5.16
|
|
322
334
|
signing_key:
|
|
323
335
|
specification_version: 4
|
|
324
336
|
summary: Rails authentication & authorization with email & password.
|
data/db/schema.rb
DELETED
|
@@ -1,28 +0,0 @@
|
|
|
1
|
-
# encoding: UTF-8
|
|
2
|
-
# This file is auto-generated from the current state of the database. Instead
|
|
3
|
-
# of editing this file, please use the migrations feature of Active Record to
|
|
4
|
-
# incrementally modify your database, and then regenerate this schema definition.
|
|
5
|
-
#
|
|
6
|
-
# Note that this schema.rb definition is the authoritative source for your
|
|
7
|
-
# database schema. If you need to create the application database on another
|
|
8
|
-
# system, you should be using db:schema:load, not running all the migrations
|
|
9
|
-
# from scratch. The latter is a flawed and unsustainable approach (the more migrations
|
|
10
|
-
# you'll amass, the slower it'll run and the greater likelihood for issues).
|
|
11
|
-
#
|
|
12
|
-
# It's strongly recommended that you check this file into your version control system.
|
|
13
|
-
|
|
14
|
-
ActiveRecord::Schema.define(version: 20110111224543) do
|
|
15
|
-
|
|
16
|
-
create_table "users", force: true do |t|
|
|
17
|
-
t.datetime "created_at", null: false
|
|
18
|
-
t.datetime "updated_at", null: false
|
|
19
|
-
t.string "email", null: false
|
|
20
|
-
t.string "encrypted_password", limit: 128, null: false
|
|
21
|
-
t.string "confirmation_token", limit: 128
|
|
22
|
-
t.string "remember_token", limit: 128, null: false
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
add_index "users", ["email"], name: "index_users_on_email"
|
|
26
|
-
add_index "users", ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
|
|
27
|
-
add_index "users", ["remember_token"], name: "index_users_on_remember_token", unique: true
|
|
28
|
-
end
|
data/spec/dummy/application.rb
DELETED
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
require "rails/all"
|
|
2
|
-
|
|
3
|
-
require "clearance"
|
|
4
|
-
|
|
5
|
-
module Dummy
|
|
6
|
-
APP_ROOT = File.expand_path("..", __FILE__).freeze
|
|
7
|
-
|
|
8
|
-
class Application < Rails::Application
|
|
9
|
-
config.action_controller.perform_caching = false
|
|
10
|
-
config.action_mailer.default_url_options = { host: "dummy.example.com" }
|
|
11
|
-
config.action_mailer.delivery_method = :test
|
|
12
|
-
if Rails.version.match?(/(6.1|7.0)/)
|
|
13
|
-
config.active_record.legacy_connection_handling = false
|
|
14
|
-
end
|
|
15
|
-
config.active_support.deprecation = :stderr
|
|
16
|
-
config.eager_load = false
|
|
17
|
-
|
|
18
|
-
config.paths["app/controllers"] << "#{APP_ROOT}/app/controllers"
|
|
19
|
-
config.paths["app/models"] << "#{APP_ROOT}/app/models"
|
|
20
|
-
config.paths["app/views"] << "#{APP_ROOT}/app/views"
|
|
21
|
-
config.paths["config/database"] = "#{APP_ROOT}/config/database.yml"
|
|
22
|
-
config.paths["log"] = "tmp/log/development.log"
|
|
23
|
-
config.paths.add "config/routes.rb", with: "#{APP_ROOT}/config/routes.rb"
|
|
24
|
-
|
|
25
|
-
def require_environment!
|
|
26
|
-
initialize!
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def initialize!(&block)
|
|
30
|
-
super unless @initialized
|
|
31
|
-
end
|
|
32
|
-
end
|
|
33
|
-
end
|
data/spec/support/cookies.rb
DELETED
|
@@ -1,74 +0,0 @@
|
|
|
1
|
-
RSpec::Matchers.define :set_cookie do |name, expected_value, expected_expires_at|
|
|
2
|
-
failure_message do
|
|
3
|
-
"Expected #{expectation} got #{result}"
|
|
4
|
-
end
|
|
5
|
-
|
|
6
|
-
match do |subject|
|
|
7
|
-
@headers = subject
|
|
8
|
-
@expected_name = name
|
|
9
|
-
@expected_value = expected_value
|
|
10
|
-
@expected_expires_at = expected_expires_at
|
|
11
|
-
extract_cookies
|
|
12
|
-
find_expected_cookie
|
|
13
|
-
parse_expiration
|
|
14
|
-
parse_value
|
|
15
|
-
parse_path
|
|
16
|
-
ensure_cookie_set
|
|
17
|
-
ensure_expiration_correct
|
|
18
|
-
ensure_path_is_correct
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def ensure_cookie_set
|
|
22
|
-
expect(@value).to eq @expected_value
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def ensure_expiration_correct
|
|
26
|
-
expect(@expires_at).not_to be_nil
|
|
27
|
-
expect(@expires_at).to be_within(100).of(@expected_expires_at)
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def ensure_path_is_correct
|
|
31
|
-
expect(@path).to eq '/'
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
def expectation
|
|
35
|
-
"a cookie named #{@expected_name} with value #{@expected_value.inspect} expiring at #{@expected_expires_at.inspect}"
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
def extract_cookies
|
|
39
|
-
@cookie_headers = @headers["Set-Cookie"] || @headers["set-cookie"] || []
|
|
40
|
-
@cookie_headers = [@cookie_headers] if @cookie_headers.respond_to?(:to_str)
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
def find_expected_cookie
|
|
44
|
-
@cookie = @cookie_headers.detect do |header|
|
|
45
|
-
header =~ /^#{@expected_name}=[^;]*(;|$)/
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
def parse_expiration
|
|
50
|
-
if @cookie && result = @cookie.match(/; expires=(.*?)(;|$)/)
|
|
51
|
-
@expires_at = Time.parse(result[1])
|
|
52
|
-
end
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
def parse_path
|
|
56
|
-
if @cookie && result = @cookie.match(/; path=(.*?)(;|$)/)
|
|
57
|
-
@path = result[1]
|
|
58
|
-
end
|
|
59
|
-
end
|
|
60
|
-
|
|
61
|
-
def parse_value
|
|
62
|
-
if @cookie && result = @cookie.match(/=(.*?)(?:;|$)/)
|
|
63
|
-
@value = result[1]
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
def result
|
|
68
|
-
if @cookie
|
|
69
|
-
@cookie
|
|
70
|
-
else
|
|
71
|
-
@cookie_headers.join("; ")
|
|
72
|
-
end
|
|
73
|
-
end
|
|
74
|
-
end
|
|
File without changes
|