thoughtbot-clearance 0.3.8 → 0.3.9

data/README.textile

@@ -23,7 +23,8 @@ In config/environment.rb:
       :version => '>= 1.1.5'
     config.gem "thoughtbot-clearance", 
       :lib     => 'clearance', 
-      :source  => 'http://gems.github.com'
+      :source  => 'http://gems.github.com', 
+      :version => '>= 0.3.8'
 
 Then:
 
@@ -113,7 +114,7 @@ In config/environment.rb:
 
 h2. Tests
 
-The tests use "Shoulda":http://thoughtbot.com/projects/shoulda >= 2.0.4 and "Factory Girl":http://thoughtbot.com/projects/factory_girl. You need to add the Clearance module to your test/test_helper.rb:
+The tests use "Shoulda":http://thoughtbot.com/projects/shoulda >= 2.0.6 and "Factory Girl":http://thoughtbot.com/projects/factory_girl >= 1.1.5. You need to add the Clearance module to your test/test_helper.rb:
 
     class Test::Unit::TestCase
       self.use_transactional_fixtures = true
@@ -121,7 +122,7 @@ The tests use "Shoulda":http://thoughtbot.com/projects/shoulda >= 2.0.4 and "Fac
       include Clearance::Test::TestHelper
     end
 
-The generator will create a user factory in test/factories/clearance_user.rb unless
+The generator will create a user factory in test/factories/clearance.rb unless
 you have it defined somewhere else.
 
 h2. Usage: basic workflow
@@ -139,22 +140,22 @@ To protect your controllers with authentication add:
     class ProtectedController < ApplicationController
       before_filter :authenticate
 
-The filter will ensure that only authenticated users can access the controller. If someone who's not logged in tries to access a protected action: 
+The filter will ensure that only authenticated users can access the controller. If someone who's not signed in tries to access a protected action: 
 
 * the URL is stored in the session, 
 * the user is redirected to log in page, and
 * after successful authentication will be be redirected back to that URL.
 
-h2. Usage: logged_in?, current_user
+h2. Usage: signed_in?, current_user
 
 Clearance provides two methods that can be used in controllers, helpers, and views to check if current user is authenticated and get the actual user: 
 
-* logged_in?
+* signed_in?
 * current_user
 
 This may be familiar to you if you've used "restful_authentication":http://github.com/technoweenie/restful-authentication.
     
-    <% if logged_in? -%>
+    <% if signed_in? -%>
       Hello, <%= current_user.name %>!
     <% else -%>
       Please <%= link_to 'Log in', new_session_path %>
@@ -169,14 +170,14 @@ Please note that all User attributes except email, password and password_confirm
       attr_accessible :first_name, :last_name
     ...
 
-h2. Hooks and overwritables: return_to parameter
+h2. Hooks: return_to parameter
 
-If you want to specify where to redirect a user (say you want to have a login box on every page and redirect the user to the same page) after he/she signs in, you can add a "return_to" parameter to the request (thanks to "Phillippe":http://www.sivarg.com/2009/01/clearance-coming-from-where-your-were.html for the tip):
+If you want to specify where to redirect a user (say you want to have a sign in box on every page and redirect the user to the same page) after he/she signs in, you can add a "return_to" parameter to the request (thanks to "Phillippe":http://www.sivarg.com/2009/01/clearance-coming-from-where-your-were.html for the tip):
 
     <% form_for :session, :url => session_path(:return_to => request.request_uri) do |form| %> 
     ...
 
-h2. Hooks and overwritables: url_after_create, url_after_destroy
+h2. Hooks: url_after_create, url_after_destroy
     
 Actions that redirect (create and destroy) in Clearance controllers are customizable. If you want to redirect a user to a specific route after signing in, overwrite the "url_after_create" method in the SessionsController:
 
@@ -198,11 +199,11 @@ There are similar methods in other controllers as well:
     PasswordsController#url_after_create (password reset request)
     ConfirmationsController#url_after_create (confirmation)
 
-h2. Hooks and overrides: log_user_in
+h2. Hooks: log_user_in
 
-Say you want to add a last_logged_in_at attribute to your User model. You would want to update it when the User logs in.
+Say you want to add a last_signed_in_at attribute to your User model. You would want to update it when the User logs in.
 
-Clearance has a method named log_user_in that you can override with that logic. Be sure to call login(user) at the end (and write tests!).
+Clearance has a method named log_user_in that you can overwrite with that logic. Be sure to call sign_in(user) at the end (and write tests!).
 
     class ApplicationController < ActionController::Base
       include Clearance::App::Controllers::ApplicationController
@@ -210,9 +211,9 @@ Clearance has a method named log_user_in that you can override with that logic.
       private
         
         def log_user_in(user)
-          # store current time to display "last logged in at" message
-          user.update_attribute(:last_logged_in_at, Time.now)
-          login(user)
+          # store current time to display "last signed in at" message
+          user.update_attribute(:last_signed_in_at, Time.now)
+          sign_in(user)
         end
     end 
 

data/Rakefile

@@ -35,14 +35,15 @@ desc "Run the test suite"
 task :default => 'test:all'
 
 gem_spec = Gem::Specification.new do |gem_spec|
-  gem_spec.name = "clearance"
-  gem_spec.version = '0.3.8'
-  gem_spec.summary = "Simple, complete Rails authentication."
-  gem_spec.email = "support@thoughtbot.com"
-  gem_spec.homepage = "http://github.com/thoughtbot/clearance"
+  gem_spec.name        = "clearance"
+  gem_spec.version     = "0.3.9"
+  gem_spec.summary     = "Simple, complete Rails authentication."
+  gem_spec.email       = "support@thoughtbot.com"
+  gem_spec.homepage    = "http://github.com/thoughtbot/clearance"
   gem_spec.description = "Simple, complete Rails authentication scheme."
-  gem_spec.authors = ["thoughtbot, inc.", "Josh Nichols", "Mike Breen"]
-  gem_spec.files = FileList["[A-Z]*", "{generators,lib,shoulda_macros,rails}/**/*"]
+  gem_spec.authors     = ["thoughtbot, inc.", "Dan Croak", "Mike Burns", "Jason Morrison",
+                          "Eugene Bolshakov", "Josh Nichols", "Mike Breen"]
+  gem_spec.files       = FileList["[A-Z]*", "{generators,lib,shoulda_macros,rails}/**/*"]
 end
 
 desc "Generate a gemspec file"

data/TODO.textile

@@ -1,8 +1,8 @@
 (highest priority first)
 
+# refactor password controller test
 # existing_user? methods ... if salt is wrong, user may not be found b/c of invalid credentials. is :not_found the correct code to return in that use case? if not, method probably needs to be split into another conditional.
-# email confirmation is a strategy
-# forgot password is a strategy
-# salted password is a strategy
+# document shoulda macros
+# will SHA512 hashes fit in all the places they are being used? (db columns, sessions) 128 characters
 
 http://adam.speaksoutofturn.com/post/57615195/entication-vs-orization

data/generators/clearance/clearance_generator.rb

@@ -67,7 +67,7 @@ class ClearanceGenerator < Rails::Generator::Base
       end
       
       m.directory File.join("test", "factories")
-      ["test/factories/clearance_user.rb"].each do |file|
+      ["test/factories/clearance.rb"].each do |file|
         m.file file, file
       end
       

data/generators/clearance/templates/app/views/clearance_mailer/change_password.html.erb

@@ -3,6 +3,6 @@ Someone, hopefully you, has requested that we send you a link to change your pas
 Here's the link:
 <%= edit_user_password_url(@user, 
       :email    => @user.email, 
-      :password => @user.crypted_password) %>
+      :password => @user.encrypted_password) %>
 
 If you didn't request this, no need to freak out, your password hasn't been changed.  You can just ignore this email.

data/generators/clearance/templates/app/views/passwords/edit.html.erb

@@ -7,7 +7,7 @@
 <% form_for(:user,
             :url => user_password_path(@user,
                       :email    => @user.email,
-                      :password => @user.crypted_password),
+                      :password => @user.encrypted_password),
             :html => { :method => :put }) do |form| %>
   <div class="password_field">
     <%= form.label :password, 'Choose password' %>

data/generators/clearance/templates/app/views/sessions/new.html.erb

@@ -12,13 +12,13 @@
     <%= form.label :remember_me %>
   </div>
   <div class="submit_field">
-    <%= form.submit 'Login', :disable_with => 'Please wait...' %>
+    <%= form.submit 'Sign in', :disable_with => 'Please wait...' %>
   </div>
 <% end %>
 
 <ul>
   <li>
-    <%= link_to "Sign up", new_user_path %>
+    <%= link_to "Register", new_user_path %>
   </li>
   <li>
     <%= link_to "Forgot My Password", new_password_path %>

data/generators/clearance/templates/db/migrate/create_users_with_clearance_columns.rb

@@ -2,14 +2,14 @@ class CreateOrUpdateUsersWithClearanceColumns < ActiveRecord::Migration
   def self.up
     create_table(:users) do |t|
       t.string :email
-      t.string :crypted_password, :limit => 40
+      t.string :encrypted_password, :limit => 40
       t.string :salt, :limit => 40
       t.string :remember_token
       t.datetime :remember_token_expires_at
-      t.boolean :confirmed, :default => false, :null => false
+      t.boolean :email_confirmed, :default => false, :null => false
     end
 
-    add_index :users, [:email, :crypted_password]
+    add_index :users, [:email, :encrypted_password]
     add_index :users, [:id, :salt]
     add_index :users, :email
     add_index :users, :remember_token    

data/generators/clearance/templates/db/migrate/update_users_with_clearance_columns.rb

@@ -1,14 +1,14 @@
 class CreateOrUpdateUsersWithClearanceColumns < ActiveRecord::Migration
   def self.up
 <% 
-      existing_columns = ActiveRecord::Base.connection.columns(:users).map { |column| column.name }
+      existing_columns = ActiveRecord::Base.connection.columns(:users).collect { |each| each.name }
       columns = [
         [:email,                     't.string :email'],
-        [:crypted_password,          't.string :crypted_password, :limit => 40'],
+        [:encrypted_password,        't.string :encrypted_password, :limit => 40'],
         [:salt,                      't.string :salt, :limit => 40'],
         [:remember_token,            't.string :remember_token'],
         [:remember_token_expires_at, 't.datetime :remember_token_expires_at'],
-        [:confirmed,                 't.boolean :confirmed, :default => false, :null => false']
+        [:email_confirmed,           't.boolean :email_confirmed, :default => false, :null => false']
       ].delete_if {|c| existing_columns.include?(c.first.to_s)} 
 -%>
     change_table(:users) do |t|
@@ -18,23 +18,24 @@ class CreateOrUpdateUsersWithClearanceColumns < ActiveRecord::Migration
     end
     
 <%
-    existing_indexes = ActiveRecord::Base.connection.indexes(:users).map { |index| index.name }
-    indexes = [
-      [:index_users_on_email_and_crypted_password, 'add_index :users, [:email, :crypted_password]'],
-      [:index_users_on_id_and_salt,                'add_index :users, [:id, :salt]'],
-      [:index_users_on_email,                      'add_index :users, :email'],
-      [:index_users_on_remember_token,             'add_index :users, :remember_token']
-    ].delete_if {|i| existing_indexes.include?(i.first.to_s)}
+    existing_indexes = ActiveRecord::Base.connection.indexes(:users)
+    index_names = existing_indexes.collect { |each| each.name }
+    new_indexes = [
+      [:index_users_on_email_and_encrypted_password, 'add_index :users, [:email, :encrypted_password]'],
+      [:index_users_on_id_and_salt,                  'add_index :users, [:id, :salt]'],
+      [:index_users_on_email,                        'add_index :users, :email'],
+      [:index_users_on_remember_token,               'add_index :users, :remember_token']
+    ].delete_if { |each| index_names.include?(each.first.to_s) }
 -%>
-<% indexes.each do |i| -%>
-    <%= i.last %>
+<% new_indexes.each do |each| -%>
+    <%= each.last %>
 <% end -%>
   end
   
   def self.down
     change_table(:users) do |t|
 <% unless columns.empty? -%>
-      t.remove <%= columns.collect {|c| ":#{c.first}" }.join(',') %>
+      t.remove <%= columns.collect { |each| ":#{each.first}" }.join(',') %>
 <% end -%>
     end
   end

data/generators/clearance/templates/test/factories/clearance.rb

@@ -0,0 +1,16 @@
+Factory.sequence :email do |n|
+  "user#{n}@example.com"
+end
+
+Factory.define :registered_user, :class => 'user' do |user|
+  user.email                 { Factory.next :email }
+  user.password              { "password" }
+  user.password_confirmation { "password" }
+end
+
+Factory.define :email_confirmed_user, :class => 'user' do |user|
+  user.email                 { Factory.next :email }
+  user.password              { "password" }
+  user.password_confirmation { "password" }
+  user.email_confirmed       { true }
+end

data/lib/clearance/app/controllers/application_controller.rb

@@ -5,47 +5,57 @@ module Clearance
     
         def self.included(controller)
           controller.class_eval do
+            
             helper_method :current_user
-            helper_method :logged_in?
+            helper_method :signed_in?
         
             def current_user
               user_from_session || user_from_cookie
             end
 
-            def logged_in?
+            def signed_in?
               ! current_user.nil?
             end
             
             protected
             
             def authenticate
-              deny_access unless logged_in?
+              deny_access unless signed_in?
             end
 
             def user_from_session
-              User.find_by_id session[:user_id]
+              if session[:user_id] && session[:salt]
+                user = User.find_by_id_and_salt(session[:user_id], session[:salt])
+              end
+              user && user.email_confirmed? ? user : nil
             end
 
             def user_from_cookie
-              if cookies[:auth_token]
-                user = User.find_by_remember_token(cookies[:auth_token])
+              if cookies[:remember_token]
+                user = User.find_by_remember_token(cookies[:remember_token])
               end
-              user && user.remember_token? ? user : nil
+              user && user.remember? ? user : nil
             end
 
-            # Level of indirection so you can easily overwrite this method
-            # but also call #login .
+            # Hook
             def log_user_in(user)
-              login(user)
+              sign_in(user)
             end
 
-            def login(user)
-              session[:user_id] = user.id if user
+            def sign_in(user)
+              if user
+                session[:user_id] = user.id
+                session[:salt]    = user.salt
+              end
             end
 
             def redirect_back_or(default)
               session[:return_to] ||= params[:return_to]
-              session[:return_to] ? redirect_to(session[:return_to]) : redirect_to(default)
+              if session[:return_to] 
+                redirect_to(session[:return_to])
+              else 
+                redirect_to(default)
+              end
               session[:return_to] = nil
             end
 
@@ -60,10 +70,12 @@ module Clearance
             def deny_access(flash_message = nil, opts = {})
               store_location
               flash[:failure] = flash_message if flash_message
-              render :template => "/sessions/new",:status => :unauthorized 
+              render :template => "/sessions/new", :status => :unauthorized 
             end
+            
           end
         end
+        
       end
     end
   end

data/lib/clearance/app/controllers/confirmations_controller.rb

@@ -5,15 +5,17 @@ module Clearance
     
         def self.included(controller)
           controller.class_eval do
+            
             before_filter :existing_user?, :only => :new
+            filter_parameter_logging :salt
         
             def new
               create
             end
 
             def create
-              @user.confirm!
-              session[:user_id] = @user.id
+              @user.confirm_email!
+              log_user_in(@user)
               redirect_to url_after_create
             end
         
@@ -31,7 +33,8 @@ module Clearance
             end
             
           end
-        end    
+        end
+        
       end
     end
   end

data/lib/clearance/app/controllers/passwords_controller.rb

@@ -5,6 +5,7 @@ module Clearance
 
         def self.included(controller)
           controller.class_eval do
+            
             before_filter :existing_user?, :only => [:edit, :update]
             filter_parameter_logging :password, :password_confirmation
             
@@ -14,7 +15,7 @@ module Clearance
             def create
               user = User.find_by_email(params[:password][:email])
               if user.nil?
-                flash.now[:warning] = 'Unknown email'
+                flash.now[:notice] = 'Unknown email'
                 render :action => :new
               else
                 ClearanceMailer.deliver_change_password user
@@ -25,16 +26,16 @@ module Clearance
             end
 
             def edit
-              @user = User.find_by_email_and_crypted_password(params[:email],
-                                                              params[:password])
+              @user = User.find_by_email_and_encrypted_password(params[:email],
+                                                                params[:password])
             end
 
             def update
-              @user = User.find_by_email_and_crypted_password(params[:email],
-                                                              params[:password])
+              @user = User.find_by_email_and_encrypted_password(params[:email],
+                                                                params[:password])
               if @user.update_attributes params[:user]
-                session[:user_id] = @user.id
-                redirect_to @user
+                log_user_in(@user)
+                redirect_to url_after_update
               else
                 render :action => :edit
               end
@@ -43,8 +44,8 @@ module Clearance
             private
             
             def existing_user?
-              user = User.find_by_email_and_crypted_password(params[:email],
-                                                             params[:password])
+              user = User.find_by_email_and_encrypted_password(params[:email],
+                                                               params[:password])
               if user.nil?
                 render :nothing => true, :status => :not_found
               end
@@ -54,8 +55,13 @@ module Clearance
               new_session_url
             end
             
+            def url_after_update
+              root_url
+            end
+            
           end
         end
+        
       end
     end
   end

data/lib/clearance/app/controllers/sessions_controller.rb

@@ -5,23 +5,22 @@ module Clearance
 
         def self.included(controller)
           controller.class_eval do
-            skip_before_filter :authenticate
+            
             protect_from_forgery :except => :create
             filter_parameter_logging :password
         
             def create
-              @user = User.authenticate(params[:session][:email], params[:session][:password])
+              @user = User.authenticate(params[:session][:email], 
+                                        params[:session][:password])
               if @user.nil?
-                login_failure
+                sign_in_failure
               else
-                if @user.confirmed?
-                  remember_me = params[:session][:remember_me] if params[:session]
-                  remember(@user) if remember_me == '1'
+                if @user.email_confirmed?
+                  remember(@user) if remember?
                   log_user_in(@user)
-                  login_successful
+                  sign_in_successful
                 else
-                  ClearanceMailer.deliver_confirmation(@user)
-                  deny_access('Account not confirmed. Confirmation email sent.')
+                  deny_access("User has not confirmed email.")
                 end
               end
             end
@@ -29,31 +28,35 @@ module Clearance
             def destroy
               forget(current_user)
               reset_session
-              flash[:notice] = 'You have been logged out.'
+              flash[:notice] = "You have been signed out."
               redirect_to url_after_destroy
             end
         
             private
             
-            def login_successful
-              flash[:notice] = 'Logged in successfully'
+            def sign_in_successful(message = "Signed in successfully")
+              flash[:notice] = message
               redirect_back_or url_after_create
             end
 
-            def login_failure(message = "Bad email or password.")
+            def sign_in_failure(message = "Bad email or password.")
               flash.now[:notice] = message
               render :action => :new
             end
 
+            def remember?
+              params[:session] && params[:session][:remember_me] == "1"
+            end
+            
             def remember(user)
               user.remember_me!
-              cookies[:auth_token] = { :value   => user.remember_token, 
-                                       :expires => user.remember_token_expires_at }
+              cookies[:remember_token] = { :value   => user.remember_token, 
+                                           :expires => user.remember_token_expires_at }
             end
 
             def forget(user)
               user.forget_me! if user
-              cookies.delete :auth_token
+              cookies.delete :remember_token
             end
 
             def url_after_create
@@ -65,7 +68,8 @@ module Clearance
             end
             
           end
-        end        
+        end
+          
       end
     end
   end