thoughtbot-clearance 0.6.3 → 0.6.4

data/CHANGELOG.textile

@@ -1,3 +1,11 @@
+h2. 0.6.4 (05/12/2009)
+
+* Moved issue tracking to Github from Lighthouse. (Dan Croak)
+* [#7] asking higher-level questions of controllers in webrat steps, such as signed_in? instead of what's in the session. same for accessors. (Dan Croak)
+* [#11] replacing sign_in_as & sign_out shoulda macros with a stubbing (requires no dependency) approach. this will avoid dealing with the internals of current_user, such as session & cookies. added sign_in macro which signs in an email confirmed user from clearance's factories. (Dan Croak)
+* [#13] move private methods on sessions controller into Clearance::Authentication module (Dan Croak)
+* [#9] audited flash keys. (Dan Croak)
+
 h2. 0.6.3 (04/23/2009)
 
 * Scoping ClearanceMailer properly within controllers so it works in production environments. (Nick Quaranto)

data/README.textile

@@ -17,7 +17,7 @@ In config/environment.rb:
     config.gem "thoughtbot-clearance", 
       :lib     => 'clearance', 
       :source  => 'http://gems.github.com', 
-      :version => '0.6.2'
+      :version => '0.6.4'
 
 Vendor the gem:
 
@@ -32,6 +32,10 @@ A number of files will be created and instructions will be printed.
 
 You may already have some of these files. Don't worry. You'll be asked if you want to overwrite them.
 
+Run the migration:
+
+    rake db:migrate
+
 h2. Environment
 
 Define a HOST constant in your environment files.
@@ -65,15 +69,15 @@ In config/environments/test.rb:
       :source  => "http://gems.github.com", 
       :version => '1.2.1'
 
-Install nokogiri but don't vendor it (due to its native extensions):
-
-   sudo gem install nokogiri
-
 Vendor the gems:
 
     rake gems:install RAILS_ENV=test
     rake gems:unpack  RAILS_ENV=test
 
+Don't vendor nokogiri (due to its native extensions):
+
+    rm -rf vendor/gems/nokogiri-1.2.3
+
 Run the Cucumber generator (if you haven't already) and Clearance's feature generator:
 
     script/generate cucumber
@@ -87,7 +91,7 @@ All of the files generated should be new with the exception of the features/supp
       when /the sign up page/i
        new_user_path
       when /the sign in page/i
-       new_session_path 
+       new_session_path
       when /the password reset request page/i
        new_password_path
       ...
@@ -95,15 +99,15 @@ All of the files generated should be new with the exception of the features/supp
 
 h2. Authors
 
-Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's client's Rails apps. The following people have made significant contributions, suggestions, and generally improved the library. Thank you!
+Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's client's Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!
 
 Dan Croak, Mike Burns, Jason Morrison, Joe Ferris, Eugene Bolshakov, Nick Quaranto, Josh Nichols, Mike Breen, Marcel Görner, Bence Nagy, Ben Mabey, Eloy Duran, Tim Pope, Mihai Anca, Mark Cornick, & Shay Arnett.
 
 h2. Questions?
 
-* Ask the "mailing list":http://groups.google.com/group/thoughtbot-clearance
+Ask the "mailing list":http://groups.google.com/group/thoughtbot-clearance
 
-h2. Bugs?
+h2. Suggestions, Bugs, Refactoring?
 
-* Open up a "Lighthouse ticket":https://thoughtbot.lighthouseapp.com/projects/18503-clearance
+Fork away and create a "Github Issue":http://github.com/thoughtbot/clearance/issues. Please don't send pull requests.
 

data/Rakefile

@@ -3,17 +3,17 @@ require 'rake/testtask'
 require 'cucumber/rake/task'
 
 namespace :test do
-  Rake::TestTask.new(:all => ['generator:cleanup', 
-                              'generator:generate']) do |task|
-    task.libs << 'lib'
+  Rake::TestTask.new(:all => ["generator:cleanup",
+                              "generator:generate"]) do |task|
+    task.libs << "lib"
     task.libs << "test"
-    task.pattern = 'test/**/*_test.rb'
+    task.pattern = "test/**/*_test.rb"
     task.verbose = false
   end
 
   Cucumber::Rake::Task.new(:features) do |t|
-    t.cucumber_opts = "--format progress"
-    t.feature_pattern = 'test/rails_root/features/*.feature'
+    t.cucumber_opts   = "--format progress"
+    t.feature_pattern = "test/rails_root/features/*.feature"
   end
 end
 
@@ -51,7 +51,7 @@ task :default => ['test:all', 'test:features']
 
 gem_spec = Gem::Specification.new do |gem_spec|
   gem_spec.name        = "clearance"
-  gem_spec.version     = "0.6.3"
+  gem_spec.version     = "0.6.4"
   gem_spec.summary     = "Rails authentication with email & password."
   gem_spec.email       = "support@thoughtbot.com"
   gem_spec.homepage    = "http://github.com/thoughtbot/clearance"

data/app/controllers/clearance/confirmations_controller.rb

@@ -43,5 +43,4 @@ class Clearance::ConfirmationsController < ApplicationController
   def url_after_create
     root_url
   end
-
 end

data/app/controllers/clearance/passwords_controller.rb

@@ -17,7 +17,7 @@ class Clearance::PasswordsController < ApplicationController
                        "It contains instructions for changing your password."
       redirect_to url_after_create
     else
-      flash.now[:notice] = "Unknown email"
+      flash.now[:failure] = "Unknown email"
       render :template => 'passwords/new'
     end
   end
@@ -30,10 +30,11 @@ class Clearance::PasswordsController < ApplicationController
   def update
     @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
 
-    if @user.update_password(params[:user][:password], 
+    if @user.update_password(params[:user][:password],
                              params[:user][:password_confirmation])
       @user.confirm_email! unless @user.email_confirmed?
       sign_user_in(@user)
+      flash[:success] = "Signed in."
       redirect_to url_after_update
     else
       render :template => 'passwords/edit'
@@ -61,5 +62,4 @@ class Clearance::PasswordsController < ApplicationController
   def url_after_update
     root_url
   end
-
 end

data/app/controllers/clearance/sessions_controller.rb

@@ -12,13 +12,13 @@ class Clearance::SessionsController < ApplicationController
     @user = ::User.authenticate(params[:session][:email],
                               params[:session][:password])
     if @user.nil?
-      flash.now[:notice] = "Bad email or password."
+      flash.now[:failure] = "Bad email or password."
       render :template => 'sessions/new', :status => :unauthorized
     else
       if @user.email_confirmed?
-        remember(@user) if remember?
         sign_user_in(@user)
-        flash[:notice] = "Signed in successfully."
+        remember(@user) if remember?
+        flash[:success] = "Signed in."
         redirect_back_or url_after_create
       else
         ::ClearanceMailer.deliver_confirmation(@user)
@@ -29,28 +29,12 @@ class Clearance::SessionsController < ApplicationController
 
   def destroy
     forget(current_user)
-    reset_session
-    flash[:notice] = "You have been signed out."
+    flash[:success] = "Signed out."
     redirect_to url_after_destroy
   end
 
   private
 
-  def remember?
-    params[:session] && params[:session][:remember_me] == "1"
-  end
-
-  def remember(user)
-    user.remember_me!
-    cookies[:remember_token] = { :value   => user.token,
-                                 :expires => user.token_expires_at }
-  end
-
-  def forget(user)
-    user.forget_me! if user
-    cookies.delete :remember_token
-  end
-
   def url_after_create
     root_url
   end
@@ -58,5 +42,4 @@ class Clearance::SessionsController < ApplicationController
   def url_after_destroy
     new_session_url
   end
-
 end

data/app/controllers/clearance/users_controller.rb

@@ -26,5 +26,4 @@ class Clearance::UsersController < ApplicationController
   def url_after_create
     new_session_url
   end
-
 end

data/generators/clearance_features/templates/features/password_reset.feature

@@ -2,24 +2,24 @@ Feature: Password reset
   In order to sign in even if user forgot their password
   A user
   Should be able to reset it
-  
+
     Scenario: User is not signed up
       Given no user exists with an email of "email@person.com"
       When I request password reset link to be sent to "email@person.com"
       Then I should see "Unknown email"
-  
+
     Scenario: User is signed up and requests password reset
       Given I signed up with "email@person.com/password"
       When I request password reset link to be sent to "email@person.com"
       Then I should see "instructions for changing your password"
       And a password reset message should be sent to "email@person.com"
-    
+
     Scenario: User is signed up updated his password and types wrong confirmation
       Given I signed up with "email@person.com/password"
       When I follow the password reset link sent to "email@person.com"
       And I update my password with "newpassword/wrongconfirmation"
       Then I should see error messages
-      And I should not be signed in
+      And I should be signed out
 
     Scenario: User is signed up and updates his password
       Given I signed up with "email@person.com/password"
@@ -27,5 +27,7 @@ Feature: Password reset
       And I update my password with "newpassword/newpassword"
       Then I should be signed in
       When I sign out
+      Then I should be signed out
       And I sign in as "email@person.com/newpassword"
-      Then I should be signed in
+      Then I should be signed in
+

data/generators/clearance_features/templates/features/sign_in.feature

@@ -8,34 +8,35 @@ Feature: Sign in
       When I go to the sign in page
       And I sign in as "email@person.com/password"
       Then I should see "Bad email or password"
-      And I should not be signed in      
+      And I should be signed out
 
     Scenario: User is not confirmed
       Given I signed up with "email@person.com/password"
       When I go to the sign in page
       And I sign in as "email@person.com/password"
       Then I should see "User has not confirmed email"
-      And I should not be signed in
+      And I should be signed out
 
    Scenario: User enters wrong password
       Given I am signed up and confirmed as "email@person.com/password"
       When I go to the sign in page
       And I sign in as "email@person.com/wrongpassword"
       Then I should see "Bad email or password"
-      And I should not be signed in
+      And I should be signed out
 
    Scenario: User signs in successfully
       Given I am signed up and confirmed as "email@person.com/password"
       When I go to the sign in page
       And I sign in as "email@person.com/password"
-      Then I should see "Signed in successfully"
+      Then I should see "Signed in"
       And I should be signed in
 
    Scenario: User signs in and checks "remember me"
       Given I am signed up and confirmed as "email@person.com/password"
       When I go to the sign in page
       And I sign in with "remember me" as "email@person.com/password"
-      Then I should see "Signed in successfully"
-      And I should be signed in    
+      Then I should see "Signed in"
+      And I should be signed in
       When I return next time
       Then I should be signed in
+

data/generators/clearance_features/templates/features/sign_out.feature

@@ -2,21 +2,22 @@ Feature: Sign out
   To protect my account from unauthorized access
   A signed in user
   Should be able to sign out
-  
+
     Scenario: User signs out
       Given I am signed up and confirmed as "email@person.com/password"
       When I sign in as "email@person.com/password"
       Then I should be signed in
       And I sign out
-      Then I should see "You have been signed out"     
-      And I should not be signed in
-      
+      Then I should see "Signed out"
+      And I should be signed out
+
     Scenario: User who was remembered signs out
       Given I am signed up and confirmed as "email@person.com/password"
       When I sign in with "remember me" as "email@person.com/password"
       Then I should be signed in
       And I sign out
-      Then I should see "You have been signed out"     
-      And I should not be signed in
+      Then I should see "Signed out"
+      And I should be signed out
       When I return next time
-      Then I should not be signed in  
+      Then I should be signed out
+

data/generators/clearance_features/templates/features/sign_up.feature

@@ -2,7 +2,7 @@ Feature: Sign up
   In order to get access to protected sections of the site
   A user
   Should be able to sign up
-  
+
     Scenario: User signs up with invalid data
       When I go to the sign up page
       And I fill in "Email" with "invalidemail"
@@ -10,7 +10,7 @@ Feature: Sign up
       And I fill in "Confirm password" with ""
       And I press "Sign Up"
       Then I should see error messages
-      
+
     Scenario: User signs up with valid data
       When I go to the sign up page
       And I fill in "Email" with "email@person.com"
@@ -19,12 +19,10 @@ Feature: Sign up
       And I press "Sign Up"
       Then I should see "instructions for confirming"
       And a confirmation message should be sent to "email@person.com"
-      
+
     Scenario: User confirms his account
       Given I signed up with "email@person.com/password"
       When I follow the confirmation link sent to "email@person.com"
       Then I should see "Confirmed email and signed in"
-      And I should be signed in      
-      
-      
-      
+      And I should be signed in
+

data/generators/clearance_features/templates/features/step_definitions/clearance_steps.rb

@@ -11,15 +11,15 @@ Given /^no user exists with an email of "(.*)"$/ do |email|
 end
 
 Given /^I signed up with "(.*)\/(.*)"$/ do |email, password|
-  user = Factory :user, 
-    :email                 => email, 
+  user = Factory :user,
+    :email                 => email,
     :password              => password,
     :password_confirmation => password
 end 
 
 Given /^I am signed up and confirmed as "(.*)\/(.*)"$/ do |email, password|
   user = Factory :email_confirmed_user,
-    :email                 => email, 
+    :email                 => email,
     :password              => password,
     :password_confirmation => password
 end
@@ -27,15 +27,16 @@ end
 # Session
 
 Then /^I should be signed in$/ do
-  assert_not_nil request.session[:user_id]
+  assert controller.signed_in?
 end
 
-Then /^I should not be signed in$/ do
-  assert_nil request.session[:user_id]
+Then /^I should be signed out$/ do
+  assert ! controller.signed_in?
 end
 
 When /^session is cleared$/ do
-  request.session[:user_id] = nil
+  request.reset_session
+  controller.instance_variable_set(:@_current_user, nil)
 end
 
 # Emails
@@ -77,7 +78,6 @@ Then /^I should be forbidden$/ do
   assert_response :forbidden
 end
 
-
 # Actions
 
 When /^I sign in( with "remember me")? as "(.*)\/(.*)"$/ do |remember, email, password|

data/lib/clearance/authentication.rb

@@ -51,6 +51,22 @@ module Clearance
         end
       end
 
+      def remember?
+        params[:session] && params[:session][:remember_me] == "1"
+      end
+
+      def remember(user)
+        user.remember_me!
+        cookies[:remember_token] = { :value   => user.token,
+                                     :expires => user.token_expires_at }
+      end
+
+      def forget(user)
+        user.forget_me! if user
+        cookies.delete :remember_token
+        reset_session
+      end
+
       def redirect_back_or(default)
         session[:return_to] ||= params[:return_to]
         if session[:return_to]

data/lib/clearance.rb

@@ -6,10 +6,14 @@ require 'clearance/user'
 
 class ActionController::Routing::RouteSet
   def load_routes_with_clearance!
-    clearance_routes = File.join(File.dirname(__FILE__), *%w[.. config clearance_routes.rb])
-    add_configuration_file(clearance_routes) unless configuration_files.include? clearance_routes
+    lib_path = File.dirname(__FILE__)
+    clearance_routes = File.join(lib_path, *%w[.. config clearance_routes.rb])
+    unless configuration_files.include?(clearance_routes)
+      add_configuration_file(clearance_routes)
+    end
     load_routes_without_clearance!
   end
 
   alias_method_chain :load_routes!, :clearance
 end
+

data/shoulda_macros/clearance.rb

@@ -14,6 +14,7 @@ module Clearance
     end
 
     def should_be_signed_in_and_email_confirmed_as(&block)
+      warn "[DEPRECATION] questionable usefulness"
       should_be_signed_in_as &block
 
       should "have confirmed email" do
@@ -31,10 +32,8 @@ module Clearance
       end
     end
 
-    # Examples:
-    #   should_deny_access_on :get, :index, :flash => /not authorized/i
-    #   should_deny_access_on :get, :show, :id => '1'
     def should_deny_access_on(http_method, action, opts = {})
+      warn "[DEPRECATION] use a setup & should_deny_access(:flash => ?)"
       flash_message = opts.delete(:flash)
       context "on #{http_method} to #{action}" do
         setup do
@@ -68,6 +67,7 @@ module Clearance
     # CONTEXTS
 
     def signed_in_user_context(&blk)
+      warn "[DEPRECATION] creates a Mystery Guest, causes Obscure Test"
       context "A signed in user" do
         setup do
           @user = Factory(:user)
@@ -79,6 +79,7 @@ module Clearance
     end
 
     def public_context(&blk)
+      warn "[DEPRECATION] common case is no-op. call sign_out otherwise"
       context "The public" do
         setup { sign_out }
         merge_block(&blk)
@@ -88,6 +89,7 @@ module Clearance
     # CREATING USERS
 
     def should_create_user_successfully
+      warn "[DEPRECATION] not meant to be public, no longer used internally"
       should_assign_to :user
       should_change 'User.count', :by => 1
 
@@ -132,6 +134,7 @@ module Clearance
     # VALIDATIONS
 
     def should_validate_confirmation_of(attribute, opts = {})
+      warn "[DEPRECATION] not meant to be public, no longer used internally"
       raise ArgumentError if opts[:factory].nil?
 
       context "on save" do
@@ -141,6 +144,7 @@ module Clearance
     end
 
     def should_validate_confirmation_is_not_blank(factory, attribute, opts = {})
+      warn "[DEPRECATION] not meant to be public, no longer used internally"
       should "validate #{attribute}_confirmation is not blank" do
         model = Factory.build(factory, blank_confirmation_options(attribute))
         model.save
@@ -150,6 +154,7 @@ module Clearance
     end
 
     def should_validate_confirmation_is_not_bad(factory, attribute, opts = {})
+      warn "[DEPRECATION] not meant to be public, no longer used internally"
       should "validate #{attribute}_confirmation is different than #{attribute}" do
         model = Factory.build(factory, bad_confirmation_options(attribute))
         model.save
@@ -161,6 +166,7 @@ module Clearance
     # FORMS
 
     def should_display_a_password_update_form
+      warn "[DEPRECATION] not meant to be public, no longer used internally"
       should "have a form for the user's token, password, and password confirm" do
         update_path = ERB::Util.h(
           user_password_path(@user, :token => @user.token)
@@ -175,6 +181,7 @@ module Clearance
     end
 
     def should_display_a_sign_up_form
+      warn "[DEPRECATION] not meant to be public, no longer used internally"
       should "display a form to sign up" do
         assert_select "form[action=#{users_path}][method=post]",
         true, "There must be a form to sign up" do
@@ -191,6 +198,7 @@ module Clearance
     end
 
     def should_display_a_sign_in_form
+      warn "[DEPRECATION] not meant to be public, no longer used internally"
       should 'display a "sign in" form' do
         assert_select "form[action=#{session_path}][method=post]",
           true, "There must be a form to sign in" do
@@ -211,30 +219,35 @@ end
 module Clearance
   module Shoulda
     module Helpers
-      def sign_in_as(user = nil)
-        unless user
-          user = Factory(:user)
-          user.confirm_email!
-        end
-        @request.session[:user_id] = user.id
+      def sign_in_as(user)
+        @controller.class_eval { attr_accessor :current_user }
+        @controller.current_user = user
         return user
       end
 
+      def sign_in
+        sign_in_as Factory(:email_confirmed_user)
+      end
+
       def sign_out
-        @request.session[:user_id] = nil
+        @controller.class_eval { attr_accessor :current_user }
+        @controller.current_user = nil
       end
 
       def blank_confirmation_options(attribute)
+        warn "[DEPRECATION] not meant to be public, no longer used internally"
         opts = { attribute => attribute.to_s }
         opts.merge("#{attribute}_confirmation".to_sym => "")
       end
 
       def bad_confirmation_options(attribute)
+        warn "[DEPRECATION] not meant to be public, no longer used internally"
         opts = { attribute => attribute.to_s }
         opts.merge("#{attribute}_confirmation".to_sym => "not_#{attribute}")
       end
 
       def assert_confirmation_error(model, attribute, message = "confirmation error")
+        warn "[DEPRECATION] not meant to be public, no longer used internally"
         assert model.errors.on(attribute).include?("doesn't match confirmation"),
           message
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: thoughtbot-clearance
 version: !ruby/object:Gem::Version 
-  version: 0.6.3
+  version: 0.6.4
 platform: ruby
 authors: 
 - Dan Croak
@@ -24,7 +24,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-04-22 21:00:00 -07:00
+date: 2009-05-11 21:00:00 -07:00
 default_executable: 
 dependencies: []