thoughtbot-clearance 0.4.4 → 0.4.5

data/CHANGELOG.textile

@@ -1,3 +1,14 @@
+h2. 0.4.5 (unreleased)
+
+* [#43] Removed email downcasing. (local-part is case sensitive per RFC5321)
+* [#42] Removed dependency on Mocha.
+* Required Shoulda >= 2.9.1.
+* Added password reset feature to clearance_features generator.
+* Removed unnecessary session[:salt].
+* [#41] Only store location for session[:return_to] for GET requests.
+* Audited "sign up" naming convention. "Register" had slipped in a few places.
+* Switched to SHA1 encryption. Cypher doesn't matter much for email confirmation, password reset. Better to have shorter hashes in the emails for clients who line break on 72 chars.
+
 h2. 0.4.4 (2/2/2009)
 
 * Added a generator for Cucumber features

data/README.textile

@@ -12,24 +12,28 @@ h2. Gem installation (Rails 2.1+)
 
 In config/environment.rb:
 
-    config.gem 'mocha'
+    config.gem "thoughtbot-clearance", 
+      :lib     => 'clearance', 
+      :source  => 'http://gems.github.com', 
+      :version => '>= 0.4.3'
+
+In config/environments/test.rb:
+
     config.gem 'thoughtbot-shoulda',
       :lib     => 'shoulda',
       :source  => "http://gems.github.com", 
-      :version => '>= 2.0.6'
+      :version => '>= 2.9.1'
     config.gem 'thoughtbot-factory_girl',
       :lib     => 'factory_girl',
       :source  => "http://gems.github.com", 
       :version => '>= 1.1.5'
-    config.gem "thoughtbot-clearance", 
-      :lib     => 'clearance', 
-      :source  => 'http://gems.github.com', 
-      :version => '>= 0.3.9'
 
 Then:
 
     rake gems:install
-    rake gems:unpack
+    rake gems:unpack 
+    rake gems:install RAILS_ENV=test
+    rake gems:unpack  RAILS_ENV=test
 
 h2. The generator
 
@@ -93,7 +97,7 @@ In config/environment.rb:
 
 h2. Tests
 
-The tests use "Shoulda":http://thoughtbot.com/projects/shoulda >= 2.0.6 and "Factory Girl":http://thoughtbot.com/projects/factory_girl >= 1.1.5. There needs to be a Clearance module in your test/test_helper.rb:
+The tests use "Shoulda":http://thoughtbot.com/projects/shoulda >= 2.9.1 and "Factory Girl":http://thoughtbot.com/projects/factory_girl >= 1.1.5. There needs to be a Clearance module in your test/test_helper.rb:
 
     class Test::Unit::TestCase
       self.use_transactional_fixtures = true
@@ -108,7 +112,7 @@ h2. Usage: basic workflow
 
 Rails authentication with Clearance uses the standard approach thoughtbot and our clients have agreed upon. 
 
-Users register (UsersController) using an email address and a password (User model). They get an email (ClearanceMailer) with a confirmation link to confirm their registration (ConfirmationController).
+Users sign up (UsersController) using an email address and a password (User model). They get an email (ClearanceMailer) with a confirmation link to confirm their registration (ConfirmationController).
 
 Registered users can sign in and out (SessionsController). If they forget their password, they request an email (ClearanceMailer) containing a link to change it (PasswordsController). 
 
@@ -169,7 +173,7 @@ Actions that redirect (create, update, and destroy) in Clearance controllers are
 
 There are similar methods in other controllers as well:
 
-    UsersController#url_after_create (register)
+    UsersController#url_after_create (sign up)
     SessionsController#url_after_create (sign in)
     SessionsController#url_after_destroy (sign out)
     PasswordsController#url_after_create (password request)

data/Rakefile

@@ -50,7 +50,7 @@ task :default => ['test:all', 'test:features']
 
 gem_spec = Gem::Specification.new do |gem_spec|
   gem_spec.name        = "clearance"
-  gem_spec.version     = "0.4.4"
+  gem_spec.version     = "0.4.5"
   gem_spec.summary     = "Rails authentication for developers who write tests."
   gem_spec.email       = "support@thoughtbot.com"
   gem_spec.homepage    = "http://github.com/thoughtbot/clearance"

data/generators/clearance_features/clearance_features_generator.rb

@@ -7,7 +7,8 @@ class ClearanceFeaturesGenerator < Rails::Generator::Base
       ["features/step_definitions/clearance_steps.rb",
        "features/sign_in.feature",
        "features/sign_out.feature",       
-       "features/sign_up.feature"].each do |file|
+       "features/sign_up.feature",
+       "features/password_reset.feature"].each do |file|
         m.file file, file
        end
     end

data/generators/clearance_features/templates/features/password_reset.feature

@@ -3,7 +3,7 @@ Fature: Password Reset
   A user
   Should be able to reset it
   
-    Scenario: User is not registered
+    Scenario: User is not signed up
       Given there is no user with "email@person.com"
       When I request password reset link to be sent to "email@person.com"
       Then I should see "Unknown email"

data/generators/clearance_features/templates/features/sign_in.feature

@@ -1,9 +1,9 @@
 Feature: Sign in
   In order to get access to protected sections of the site
-  A registered user
+  A user
   Should be able to sign in
   
-   Scenario User is not registered
+   Scenario User is not signed up
       Given there is no user with "email@person.com"
       When I go to the sign in page
       And I sign in as "email@person.com/password"

data/generators/clearance_features/templates/features/step_definitions/clearance_steps.rb

@@ -28,17 +28,14 @@ end
 
 Then /^I should be signed in$/ do
   assert_not_nil request.session[:user_id]
-  assert_not_nil request.session[:salt]
 end
 
 Then /^I should not be signed in$/ do
   assert_nil request.session[:user_id]
-  assert_nil request.session[:salt]
 end
 
 When /^session is cleared$/ do
   request.session[:user_id] = nil
-  request.session[:salt]    = nil
 end
 
 # Emails

data/lib/clearance/app/controllers/application_controller.rb

@@ -26,8 +26,8 @@ module Clearance
             end
 
             def user_from_session
-              if session[:user_id] && session[:salt]
-                user = User.find_by_id_and_salt(session[:user_id], session[:salt])
+              if session[:user_id]
+                user = User.find_by_id(session[:user_id])
                 user && user.email_confirmed? ? user : nil                
               end
             end
@@ -47,7 +47,6 @@ module Clearance
             def sign_in(user)
               if user
                 session[:user_id] = user.id
-                session[:salt]    = user.salt
               end
             end
 
@@ -66,7 +65,7 @@ module Clearance
             end
 
             def store_location
-              session[:return_to] = request.request_uri
+              session[:return_to] = request.request_uri if request.get?
             end
 
             def deny_access(flash_message = nil, opts = {})

data/lib/clearance/app/models/user.rb

@@ -1,4 +1,4 @@
-require 'digest/sha2'
+require 'digest/sha1'
 
 module Clearance
   module App
@@ -17,10 +17,10 @@ module Clearance
             validates_uniqueness_of   :email, :case_sensitive => false
             validates_format_of       :email, :with => %r{.+@.+\..+}
 
-            before_save :initialize_salt, :encrypt_password, :initialize_token, :downcase_email
+            before_save :initialize_salt, :encrypt_password, :initialize_token
         
             def self.authenticate(email, password)
-              user = find(:first, :conditions => ['LOWER(email) = ?', email.to_s.downcase])
+              user = find(:first, :conditions => ['email = ?', email.to_s])
               user && user.authenticated?(password) ? user : nil
             end
 
@@ -72,7 +72,7 @@ module Clearance
             protected
             
             def generate_hash(string)
-              Digest::SHA512.hexdigest(string)
+              Digest::SHA1.hexdigest(string)
             end
 
             def initialize_salt
@@ -104,10 +104,6 @@ module Clearance
               encrypted_password.blank? || !password.blank?
             end
             
-            def downcase_email
-              self.email = email.to_s.downcase
-            end
-        
           end
         end
   

data/lib/clearance/test/test_helper.rb

@@ -11,13 +11,11 @@ module Clearance
               user.confirm_email!
             end
             @request.session[:user_id] = user.id
-            @request.session[:salt]    = user.salt
             return user
           end
 
           def sign_out 
             @request.session[:user_id] = nil
-            @request.session[:salt]    = nil
           end
           
         end

data/lib/clearance/test/unit/user_test.rb

@@ -6,14 +6,14 @@ module Clearance
         def self.included(unit_test)
           unit_test.class_eval do
           
-            should_protect_attributes :email_confirmed, 
+            should_not_allow_mass_assignment_of :email_confirmed, 
               :salt, :encrypted_password, 
               :token, :token_expires_at
             
             # signing up
             
             context "When signing up" do
-              should_require_attributes        :email, :password
+              should_validate_presence_of      :email, :password
               should_allow_values_for          :email, "foo@example.com"
               should_not_allow_values_for      :email, "foo"
               should_not_allow_values_for      :email, "example.com"
@@ -33,13 +33,13 @@ module Clearance
               context "encrypt password" do
                 setup do
                   @salt = "salt"
-                  User.any_instance.stubs(:initialize_salt)
-
-                  @user     = Factory(:user, :salt => @salt)
+                  @user = Factory.build(:user, :salt => @salt)
+                  def @user.initialize_salt; end
+                  @user.save!
                   @password = @user.password
 
                   @user.encrypt(@password)
-                  @expected = Digest::SHA512.hexdigest("--#{@salt}--#{@password}--")
+                  @expected = Digest::SHA1.hexdigest("--#{@salt}--#{@password}--")
                 end
 
                 should "create an encrypted password using SHA512 encryption" do
@@ -48,16 +48,16 @@ module Clearance
                 end
               end
               
-              should "store email in lower case" do
+              should "store email in exact case" do
                 user = Factory(:user, :email => "John.Doe@example.com")
-                assert_equal "john.doe@example.com", user.email
+                assert_equal "John.Doe@example.com", user.email
               end
             end
             
             context "When multiple users have signed up" do
               setup { @user = Factory(:user) }
               
-              should_require_unique_attributes :email
+              should_validate_uniqueness_of :email
             end
             
             # confirming email
@@ -97,11 +97,6 @@ module Clearance
                 assert @user.authenticated?(@password)
               end
               
-              should "authenticate with good credentials, email in uppercase" do
-                assert User.authenticate(@user.email.upcase, @password)
-                assert @user.authenticated?(@password)
-              end
-              
               should "not authenticate with bad credentials" do
                 assert ! User.authenticate(@user.email, 'horribly_wrong_password')
                 assert ! @user.authenticated?('horribly_wrong_password')
@@ -185,6 +180,7 @@ module Clearance
                   assert_nil @user.token
                   @user.forgot_password!                  
                 end
+                
                 should "generate token" do
                   assert_not_nil @user.token
                 end
@@ -199,17 +195,20 @@ module Clearance
                     end
                     
                     should_change "@user.encrypted_password"
+                    
                     should "clear token" do
                       assert_nil @user.token
                     end                  
                   end
+                  
                   context 'with a password without a confirmation' do
                     setup do
                       @user.update_password(
                         :password              => "new_password",
                         :password_confirmation => ""
                       )                      
-                    end                  
+                    end 
+                                    
                     should "not clear token" do
                       assert_not_nil @user.token
                     end                                      

data/shoulda_macros/clearance.rb

@@ -10,8 +10,6 @@ module Clearance
           "please pass a User. try: should_be_signed_in_as { @user }"
         assert_equal user.id,   session[:user_id], 
           "session[:user_id] is not set to User's id"
-        assert_equal user.salt, session[:salt], 
-          "session[:salt] is not set to User's salt"
       end
     end
 
@@ -30,7 +28,6 @@ module Clearance
     def should_not_be_signed_in
       should "not be signed in" do
         assert_nil session[:user_id]
-        assert_nil session[:salt]
       end
     end
 
@@ -167,7 +164,6 @@ module Clearance
       end        
     end
     
-    
     # FORMS
     
     def should_display_a_password_update_form

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: thoughtbot-clearance
 version: !ruby/object:Gem::Version 
-  version: 0.4.4
+  version: 0.4.5
 platform: ruby
 authors: 
 - thoughtbot, inc.
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-02-01 21:00:00 -08:00
+date: 2009-02-08 21:00:00 -08:00
 default_executable: 
 dependencies: []
 
@@ -32,7 +32,6 @@ files:
 - LICENSE
 - Rakefile
 - README.textile
-- TODO.textile
 - generators/clearance
 - generators/clearance/clearance_generator.rb
 - generators/clearance/lib

data/TODO.textile

@@ -1,8 +0,0 @@
-(highest priority first)
-
-# refactor password controller test
-# existing_user? methods ... if salt is wrong, user may not be found b/c of invalid credentials. is :not_found the correct code to return in that use case? if not, method probably needs to be split into another conditional.
-# document shoulda macros
-# will SHA512 hashes fit in all the places they are being used? (db columns - fit now, sessions) 128 characters
-
-http://adam.speaksoutofturn.com/post/57615195/entication-vs-orization