thoughtbot-clearance 0.7.0 → 0.8.0

data/CHANGELOG.textile

@@ -1,3 +1,10 @@
+h2. 0.8.0 (08/31/2009)
+
+* Always remember me. Replaced session-and-remember-me authentication with
+always using a cookie with a long timeout. (Dan Croak)
+* Documented Clearance::Authentication with YARD. (Dan Croak)
+* Documented Clearance::User with YARD. (Dan Croak)
+
 h2. 0.7.0 (08/04/2009)
 
 * Redirect signed in user who clicks confirmation link again. (Dan Croak)
@@ -57,6 +64,7 @@ h2. 0.6.2 (04/22/2009)
 * World(NavigationHelpers) Cucumber 3.0 style. (Shay Arnett & Mark Cornick)
 
 h2. 0.6.1 (04/21/2009)
+
 * Scope operators are necessary to keep Rails happy. Reverting the original
 revert so they're back in the library now for constants referenced inside of
 the gem. (Nick Quaranto)

data/README.textile

@@ -4,9 +4,9 @@ Rails authentication with email & password.
 
 "We have clearance, Clarence.":http://www.youtube.com/v/mNRXJEE3Nz8
 
-h2. Wiki
+h2. Suspenders
 
-Most information regarding Clearance is on the "Github Wiki":http://wiki.github.com/thoughtbot/clearance.
+Clearance is included in "Suspenders":http://github.com/thoughtbot/suspenders, which thoughtbot uses on all of our apps. We highly recommend you try it. Suspenders is the "King Gem" in our ecosystem, representating what we think the current state-of-the-art is in Rails development.
 
 h2. Installation
 
@@ -15,10 +15,10 @@ Clearance is a Rails engine. It works with versions of Rails greater than 2.3.
 In config/environment.rb:
 
 <pre>
-config.gem "thoughtbot-clearance", 
-  :lib     => 'clearance', 
-  :source  => 'http://gems.github.com', 
-  :version => '0.6.9'
+config.gem "thoughtbot-clearance",
+  :lib     => 'clearance',
+  :source  => 'http://gems.github.com',
+  :version => '0.7.0'
 </pre>
 
 Vendor the gem:
@@ -30,7 +30,9 @@ rake gems:unpack
 
 Make sure the development database exists and run the generator:
 
-@script/generate clearance@
+<pre>
+script/generate clearance
+</pre>
 
 A number of files will be created and instructions will be printed.
 
@@ -38,51 +40,37 @@ You may already have some of these files. Don't worry. You'll be asked if you wa
 
 Run the migration:
 
-@rake db:migrate@
+<pre>
+rake db:migrate
+</pre>
+
+h2. If you aren't on Suspenders, you aren't done
 
 Define a HOST constant in your environment files.
 In config/environments/test.rb and config/environments/development.rb it can be:
 
-@HOST = "localhost"@
+<pre>
+HOST = "localhost"
+</pre>
 
 In production.rb it must be the actual host your application is deployed to.
 The constant is used by mailers to generate URLs in emails.
 
 In config/environment.rb:
 
-@DO_NOT_REPLY = "donotreply@example.com"@
-
-Define root_url to *something* in your config/routes.rb:
-
-@map.root :controller => 'home'@
-
-h2. Cucumber Features
-
-As your app evolves, you want to know that authentication still works. Clearance's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
-
-In config/environments/test.rb:
-
 <pre>
-config.gem 'webrat',
-  :version => '= 0.4.4'
-config.gem 'cucumber',
-  :version => '= 0.3.0'
-config.gem 'thoughtbot-factory_girl',
-  :lib     => 'factory_girl',
-  :source  => "http://gems.github.com", 
-  :version => '1.2.1'
+DO_NOT_REPLY = "donotreply@example.com"
 </pre>
 
-Vendor the gems:
+Define root_url to *something* in your config/routes.rb:
 
 <pre>
-rake gems:install RAILS_ENV=test
-rake gems:unpack  RAILS_ENV=test
+map.root :controller => 'home'
 </pre>
 
-We don't vendor nokogiri due to its native extensions, so install it normally on your machine:
+h2. Cucumber Features
 
-@sudo gem install nokogiri@
+As your app evolves, you want to know that authentication still works. thoughtbot's opinion is that you should test its integration with your app using "Cucumber":http://cukes.info/.
 
 Run the Cucumber generator (if you haven't already) and Clearance's feature generator:
 
@@ -107,6 +95,18 @@ def path_to(page_name)
 end
 </pre>
 
+h2. Formtastic views
+
+We have begun standardizing our forms using "Formtastic":http://github.com/justinfrench/formtastic. We highly recommend trying it. It will make your Rails view life more interesting.
+
+Clearance has another generator to generate Formastic views:
+
+<pre>
+script/generate clearance_views
+</pre>
+
+Its implementation is designed so that other view styles can be generated if the community wants it. However, we haven't needed them so you'll have to write the patch and send it back if you want other styles (such as Haml).
+
 h2. Authors
 
 Clearance was extracted out of "Hoptoad":http://hoptoadapp.com. We merged the authentication code from two of thoughtbot's clients' Rails apps and have since used it each time we need authentication. The following people have improved the library. Thank you!

data/Rakefile

@@ -80,7 +80,7 @@ task :default => ['test:basic', 'test:features',
 
 gem_spec = Gem::Specification.new do |gem_spec|
   gem_spec.name        = "clearance"
-  gem_spec.version     = "0.7.0"
+  gem_spec.version     = "0.8.0"
   gem_spec.summary     = "Rails authentication with email & password."
   gem_spec.email       = "support@thoughtbot.com"
   gem_spec.homepage    = "http://github.com/thoughtbot/clearance"

data/app/controllers/clearance/confirmations_controller.rb

@@ -13,7 +13,8 @@ class Clearance::ConfirmationsController < ApplicationController
   end
 
   def create
-    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
     @user.confirm_email!
 
     sign_in(@user)
@@ -46,7 +47,8 @@ class Clearance::ConfirmationsController < ApplicationController
   end
 
   def forbid_non_existent_user
-    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
+    unless ::User.find_by_id_and_confirmation_token(
+                  params[:user_id], params[:token])
       raise ActionController::Forbidden, "non-existent user"
     end
   end

data/app/controllers/clearance/passwords_controller.rb

@@ -22,12 +22,14 @@ class Clearance::PasswordsController < ApplicationController
   end
 
   def edit
-    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
     render :template => 'passwords/edit'
   end
 
   def update
-    @user = ::User.find_by_id_and_token(params[:user_id], params[:token])
+    @user = ::User.find_by_id_and_confirmation_token(
+                   params[:user_id], params[:token])
 
     if @user.update_password(params[:user][:password],
                              params[:user][:password_confirmation])
@@ -49,7 +51,8 @@ class Clearance::PasswordsController < ApplicationController
   end
 
   def forbid_non_existent_user
-    unless ::User.find_by_id_and_token(params[:user_id], params[:token])
+    unless ::User.find_by_id_and_confirmation_token(
+                  params[:user_id], params[:token])
       raise ActionController::Forbidden, "non-existent user"
     end
   end

data/app/controllers/clearance/sessions_controller.rb

@@ -17,7 +17,6 @@ class Clearance::SessionsController < ApplicationController
     else
       if @user.email_confirmed?
         sign_in(@user)
-        remember(@user) if remember?
         flash_success_after_create
         redirect_back_or(url_after_create)
       else
@@ -29,7 +28,7 @@ class Clearance::SessionsController < ApplicationController
   end
 
   def destroy
-    forget(current_user)
+    sign_out(current_user)
     flash_success_after_destroy
     redirect_to(url_after_destroy)
   end

data/app/views/clearance_mailer/change_password.html.erb

@@ -2,6 +2,8 @@ Someone, hopefully you, has requested that we send you a link to change your pas
 
 Here's the link:
 
-<%= edit_user_password_url(@user, :token => @user.token, :escape => false) %>
+<%= edit_user_password_url(@user,
+      :token  => @user.confirmation_token,
+      :escape => false) %>
 
 If you didn't request this, ignore this email. Don't worry. Your password hasn't been changed.

data/app/views/clearance_mailer/confirmation.html.erb

@@ -1,2 +1,5 @@
 
-<%= new_user_confirmation_url :user_id => @user, :token => @user.token, :encode => false %>
+<%= new_user_confirmation_url(
+      :user_id => @user,
+      :token   => @user.confirmation_token,
+      :encode  => false) %>

data/app/views/passwords/edit.html.erb

@@ -7,7 +7,7 @@
 <%= error_messages_for :user %>
 
 <% form_for(:user,
-            :url => user_password_path(@user, :token    => @user.token),
+            :url => user_password_path(@user, :token => @user.confirmation_token),
             :html => { :method => :put }) do |form| %>
   <div class="password_field">
     <%= form.label :password, "Choose password" %>

data/app/views/sessions/new.html.erb

@@ -3,16 +3,12 @@
 <% form_for :session, :url => session_path do |form| %>
   <div class="text_field">
     <%= form.label :email %>
-    <%= form.text_field :email %>  
+    <%= form.text_field :email %>
   </div>
   <div class="text_field">
     <%= form.label :password %>
     <%= form.password_field :password %>
   </div>
-  <div class="text_field">
-    <%= form.check_box :remember_me %>
-    <%= form.label :remember_me %>
-  </div>
   <div class="submit_field">
     <%= form.submit "Sign in", :disable_with => "Please wait..." %>
   </div>
@@ -25,4 +21,4 @@
   <li>
     <%= link_to "Forgot password?", new_password_path %>
   </li>
-</ul>
+</ul>

data/generators/clearance/templates/migrations/create_users.rb

@@ -4,15 +4,16 @@ class ClearanceCreateUsers < ActiveRecord::Migration
       t.string   :email
       t.string   :encrypted_password, :limit => 128
       t.string   :salt,               :limit => 128
-      t.string   :token,              :limit => 128
-      t.datetime :token_expires_at
+      t.string   :confirmation_token, :limit => 128
+      t.string   :remember_token,     :limit => 128
+      t.datetime :remember_token_expires_at
       t.boolean  :email_confirmed, :default => false, :null => false
       t.timestamps
     end
 
-    add_index :users, [:id, :token]
+    add_index :users, [:id, :confirmation_token]
     add_index :users, :email
-    add_index :users, :token
+    add_index :users, :remember_token
   end
 
   def self.down

data/generators/clearance/templates/migrations/update_users.rb

@@ -1,36 +1,37 @@
 class ClearanceUpdateUsers < ActiveRecord::Migration
   def self.up
-<% 
+<%
       existing_columns = ActiveRecord::Base.connection.columns(:users).collect { |each| each.name }
       columns = [
         [:email,              't.string :email'],
         [:encrypted_password, 't.string :encrypted_password, :limit => 128'],
-        [:salt,               't.string :salt, :limit => 128'],
-        [:token,              't.string :token, :limit => 128'],
-        [:token_expires_at,   't.datetime :token_expires_at'],
-        [:email_confirmed,    't.boolean :email_confirmed, :default => false, :null => false']
-      ].delete_if {|c| existing_columns.include?(c.first.to_s)} 
+        [:salt, 't.string :salt, :limit => 128'],
+        [:confirmation_token, 't.string :confirmation_token, :limit => 128'],
+        [:remember_token, 't.string :remember_token, :limit => 128'],
+        [:remember_token_expires_at, 't.datetime :remember_token_expires_at'],
+        [:email_confirmed, 't.boolean :email_confirmed, :default => false, :null => false']
+      ].delete_if {|c| existing_columns.include?(c.first.to_s)}
 -%>
     change_table(:users) do |t|
 <% columns.each do |c| -%>
       <%= c.last %>
 <% end -%>
     end
-    
+
 <%
     existing_indexes = ActiveRecord::Base.connection.indexes(:users)
     index_names = existing_indexes.collect { |each| each.name }
     new_indexes = [
-      [:index_users_on_id_and_token, 'add_index :users, [:id, :token]'],
+      [:index_users_on_id_and_confirmation_token, 'add_index :users, [:id, :confirmation_token]'],
       [:index_users_on_email,        'add_index :users, :email'],
-      [:index_users_on_token,        'add_index :users, :token']
+      [:index_users_on_remember_token,        'add_index :users, :remember_token']
     ].delete_if { |each| index_names.include?(each.first.to_s) }
 -%>
 <% new_indexes.each do |each| -%>
     <%= each.last %>
 <% end -%>
   end
-  
+
   def self.down
     change_table(:users) do |t|
 <% unless columns.empty? -%>

data/generators/clearance_features/clearance_features_generator.rb

@@ -9,7 +9,7 @@ class ClearanceFeaturesGenerator < Rails::Generator::Base
        "features/step_definitions/factory_girl_steps.rb",
        "features/support/paths.rb",
        "features/sign_in.feature",
-       "features/sign_out.feature",       
+       "features/sign_out.feature",
        "features/sign_up.feature",
        "features/password_reset.feature"].each do |file|
         m.file file, file

data/generators/clearance_features/templates/features/sign_in.feature

@@ -30,13 +30,6 @@ Feature: Sign in
       And I sign in as "email@person.com/password"
       Then I should see "Signed in"
       And I should be signed in
-
-   Scenario: User signs in and checks "remember me"
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I go to the sign in page
-      And I sign in with "remember me" as "email@person.com/password"
-      Then I should see "Signed in"
-      And I should be signed in
       When I return next time
       Then I should be signed in
 

data/generators/clearance_features/templates/features/sign_out.feature

@@ -10,14 +10,6 @@ Feature: Sign out
       And I sign out
       Then I should see "Signed out"
       And I should be signed out
-
-    Scenario: User who was remembered signs out
-      Given I am signed up and confirmed as "email@person.com/password"
-      When I sign in with "remember me" as "email@person.com/password"
-      Then I should be signed in
-      And I sign out
-      Then I should see "Signed out"
-      And I should be signed out
       When I return next time
       Then I should be signed out
 

data/generators/clearance_features/templates/features/step_definitions/clearance_steps.rb

@@ -39,6 +39,11 @@ When /^session is cleared$/ do
   controller.instance_variable_set(:@_current_user, nil)
 end
 
+Given /^I have signed in with "(.*)\/(.*)"$/ do |email, password|
+  Given %{I am signed up and confirmed as "#{email}/#{password}"}
+  And %{I sign in as "#{email}/#{password}"}
+end
+
 # Emails
 
 Then /^a confirmation message should be sent to "(.*)"$/ do |email|
@@ -46,13 +51,14 @@ Then /^a confirmation message should be sent to "(.*)"$/ do |email|
   sent = ActionMailer::Base.deliveries.first
   assert_equal [user.email], sent.to
   assert_match /confirm/i, sent.subject
-  assert !user.token.blank?
-  assert_match /#{user.token}/, sent.body
+  assert !user.confirmation_token.blank?
+  assert_match /#{user.confirmation_token}/, sent.body
 end
 
 When /^I follow the confirmation link sent to "(.*)"$/ do |email|
   user = User.find_by_email(email)
-  visit new_user_confirmation_path(:user_id => user, :token => user.token)
+  visit new_user_confirmation_path(:user_id => user,
+                                   :token   => user.confirmation_token)
 end
 
 Then /^a password reset message should be sent to "(.*)"$/ do |email|
@@ -60,13 +66,14 @@ Then /^a password reset message should be sent to "(.*)"$/ do |email|
   sent = ActionMailer::Base.deliveries.first
   assert_equal [user.email], sent.to
   assert_match /password/i, sent.subject
-  assert !user.token.blank?
-  assert_match /#{user.token}/, sent.body
+  assert !user.confirmation_token.blank?
+  assert_match /#{user.confirmation_token}/, sent.body
 end
 
 When /^I follow the password reset link sent to "(.*)"$/ do |email|
   user = User.find_by_email(email)
-  visit edit_user_password_path(:user_id => user, :token => user.token)
+  visit edit_user_password_path(:user_id => user,
+                                :token   => user.confirmation_token)
 end
 
 When /^I try to change the password of "(.*)" without token$/ do |email|
@@ -80,11 +87,10 @@ end
 
 # Actions
 
-When /^I sign in( with "remember me")? as "(.*)\/(.*)"$/ do |remember, email, password|
+When /^I sign in as "(.*)\/(.*)"$/ do |email, password|
   When %{I go to the sign in page}
   And %{I fill in "Email" with "#{email}"}
   And %{I fill in "Password" with "#{password}"}
-  And %{I check "Remember me"} if remember
   And %{I press "Sign In"}
 end
 

data/generators/clearance_views/templates/formtastic/passwords/edit.html.erb

@@ -5,7 +5,7 @@
 </p>
 
 <% semantic_form_for(:user,
-            :url  => user_password_path(@user, :token => @user.token),
+            :url  => user_password_path(@user, :token => @user.confirmation_token),
             :html => { :method => :put }) do |form| %>
   <%= form.error_messages %>
   <% form.inputs do -%>

data/generators/clearance_views/templates/formtastic/sessions/new.html.erb

@@ -4,7 +4,6 @@
   <% form.inputs do %>
     <%= form.input :email %>
     <%= form.input :password, :as => :password %>
-    <%= form.input :remember_me, :as => :boolean, :required => false %>
   <% end %>
   <% form.buttons do %>
     <%= form.commit_button "Sign in" %>

data/lib/clearance/authentication.rb

@@ -1,7 +1,7 @@
 module Clearance
   module Authentication
 
-    def self.included(controller)
+    def self.included(controller) # :nodoc:
       controller.send(:include, InstanceMethods)
 
       controller.class_eval do
@@ -11,34 +11,79 @@ module Clearance
     end
 
     module InstanceMethods
+      # User in the current cookie
+      #
+      # @return [User, nil]
       def current_user
-        @_current_user ||= (user_from_cookie || user_from_session)
+        @_current_user ||= user_from_cookie
       end
 
+      # Is the current user signed in?
+      #
+      # @return [true, false]
       def signed_in?
         ! current_user.nil?
       end
 
+      # Is the current user signed out?
+      #
+      # @return [true, false]
       def signed_out?
         current_user.nil?
       end
 
-      protected
-
+      # Deny the user access if they are signed out.
+      #
+      # @example
+      #   before_filter :authenticate
       def authenticate
         deny_access unless signed_in?
       end
 
-      def user_from_session
-        if session[:user_id]
-          return nil  unless user = ::User.find_by_id(session[:user_id])
-          return user if     user.email_confirmed?
+      # Sign user in to cookie.
+      #
+      # @param [User]
+      #
+      # @example
+      #   sign_in(@user)
+      def sign_in(user)
+        if user
+          user.remember_me!
+          cookies[:remember_token] = {
+            :value   => user.remember_token,
+            :expires => user.remember_token_expires_at
+          }
         end
       end
 
+      # Sign user out of cookie.
+      #
+      # @param [User]
+      #
+      # @example
+      #   sign_out(@user)
+      def sign_out(user)
+        user.forget_me! if user
+        cookies.delete(:remember_token)
+        reset_session
+      end
+
+      # Store the current location.
+      # Display a flash message if included.
+      # Redirect to sign in.
+      #
+      # @param [String] optional flash message to display to denied user
+      def deny_access(flash_message = nil)
+        store_location
+        flash[:failure] = flash_message if flash_message
+        redirect_to(new_session_url)
+      end
+
+      protected
+
       def user_from_cookie
         if token = cookies[:remember_token]
-          return nil  unless user = ::User.find_by_token(token)
+          return nil  unless user = ::User.find_by_remember_token(token)
           return user if     user.remember?
         end
       end
@@ -48,26 +93,8 @@ module Clearance
         sign_in(user)
       end
 
-      def sign_in(user)
-        if user
-          session[:user_id] = user.id
-        end
-      end
-
-      def remember?
-        params[:session] && params[:session][:remember_me] == "1"
-      end
-
-      def remember(user)
-        user.remember_me!
-        cookies[:remember_token] = { :value   => user.token,
-                                     :expires => user.token_expires_at }
-      end
-
-      def forget(user)
-        user.forget_me! if user
-        cookies.delete(:remember_token)
-        reset_session
+      def store_location
+        session[:return_to] = request.request_uri if request.get?
       end
 
       def redirect_back_or(default)
@@ -86,16 +113,6 @@ module Clearance
       def redirect_to_root
         redirect_to(root_url)
       end
-
-      def store_location
-        session[:return_to] = request.request_uri if request.get?
-      end
-
-      def deny_access(flash_message = nil, opts = {})
-        store_location
-        flash[:failure] = flash_message if flash_message
-        redirect_to(new_session_url)
-      end
     end
 
   end

data/lib/clearance/user.rb

@@ -3,6 +3,23 @@ require 'digest/sha1'
 module Clearance
   module User
 
+    # Hook for all Clearance::User modules.
+    #
+    # If you need to override parts of Clearance::User,
+    # extend and include à la carte.
+    #
+    # @example
+    #   extend ClassMethods
+    #   include InstanceMethods
+    #   include AttrAccessor
+    #   include Callbacks
+    #
+    # @see ClassMethods
+    # @see InstanceMethods
+    # @see AttrAccessible
+    # @see AttrAccessor
+    # @see Validations
+    # @see Callbacks
     def self.included(model)
       model.extend(ClassMethods)
 
@@ -14,6 +31,15 @@ module Clearance
     end
 
     module AttrAccessible
+      # Hook for attr_accessible white list.
+      #
+      # :email, :password, :password_confirmation
+      #
+      # Append other attributes that must be mass-assigned in your model.
+      #
+      # @example
+      #   include Clearance::User
+      #   attr_accessible :location, :gender
       def self.included(model)
         model.class_eval do
           attr_accessible :email, :password, :password_confirmation
@@ -22,6 +48,9 @@ module Clearance
     end
 
     module AttrAccessor
+      # Hook for attr_accessor virtual attributes.
+      #
+      # :password, :password_confirmation
       def self.included(model)
         model.class_eval do
           attr_accessor :password, :password_confirmation
@@ -30,6 +59,12 @@ module Clearance
     end
 
     module Validations
+      # Hook for validations.
+      #
+      # :email must be present, unique, formatted
+      #
+      # If password is required,
+      # :password must be present, confirmed
       def self.included(model)
         model.class_eval do
           validates_presence_of     :email
@@ -43,50 +78,93 @@ module Clearance
     end
 
     module Callbacks
+      # Hook for callbacks.
+      #
+      # salt, token, password encryption are handled before_save.
       def self.included(model)
         model.class_eval do
-          before_save :initialize_salt, :encrypt_password, :initialize_token
+          before_save :initialize_salt,
+                      :encrypt_password,
+                      :initialize_confirmation_token
         end
       end
     end
 
     module InstanceMethods
+      # Am I authenticated with given password?
+      #
+      # @param [String] plain-text password
+      # @return [true, false]
+      # @example
+      #   user.authenticated?('password')
       def authenticated?(password)
         encrypted_password == encrypt(password)
       end
 
-      def encrypt(string)
-        generate_hash("--#{salt}--#{string}--")
-      end
-
+      # Am I remembered?
+      #
+      # @return [true, false]
+      # @example
+      #   user.remember?
       def remember?
-        token_expires_at && Time.now.utc < token_expires_at
-      end
-
+        remember_token &&
+        remember_token_expires_at &&
+        Time.now.utc < remember_token_expires_at
+      end
+
+      # Remember me for a year.
+      #
+      # @example
+      #   user.remember_me!
+      #   cookies[:remember_token] = {
+      #     :value   => user.remember_token,
+      #     :expires => user.remember_token_expires_at
+      #   }
       def remember_me!
-        remember_me_until! 2.weeks.from_now.utc
+        remember_me_until! 1.year.from_now.utc
       end
 
+      # Forget me.
+      #
+      # @example
+      #   user.forget_me!
       def forget_me!
-        clear_token
+        self.remember_token            = nil
+        self.remember_token_expires_at = nil
         save(false)
       end
 
+      # Confirm my email.
+      #
+      # @example
+      #   user.confirm_email!
       def confirm_email!
-        self.email_confirmed  = true
-        self.token            = nil
+        self.email_confirmed    = true
+        self.confirmation_token = nil
         save(false)
       end
 
+      # Mark my account as forgotten password.
+      #
+      # @example
+      #   user.forgot_password!
       def forgot_password!
-        generate_token
+        generate_confirmation_token
         save(false)
       end
 
+      # Update my password.
+      #
+      # @param [String, String] password and password confirmation
+      # @return [true, false] password was updated or not
+      # @example
+      #   user.update_password('new-password', 'new-password')
       def update_password(new_password, new_password_confirmation)
         self.password              = new_password
         self.password_confirmation = new_password_confirmation
-        clear_token if valid?
+        if valid?
+          self.confirmation_token = nil
+        end
         save
       end
 
@@ -98,7 +176,7 @@ module Clearance
 
       def initialize_salt
         if new_record?
-          self.salt = generate_hash("--#{Time.now.utc.to_s}--#{password}--")
+          self.salt = generate_hash("--#{Time.now.utc}--#{password}--")
         end
       end
 
@@ -107,18 +185,16 @@ module Clearance
         self.encrypted_password = encrypt(password)
       end
 
-      def generate_token
-        self.token = encrypt("--#{Time.now.utc.to_s}--#{password}--")
-        self.token_expires_at = nil
+      def encrypt(string)
+        generate_hash("--#{salt}--#{string}--")
       end
 
-      def clear_token
-        self.token            = nil
-        self.token_expires_at = nil
+      def generate_confirmation_token
+        self.confirmation_token = encrypt("--#{Time.now.utc}--#{password}--")
       end
 
-      def initialize_token
-        generate_token if new_record?
+      def initialize_confirmation_token
+        generate_confirmation_token if new_record?
       end
 
       def password_required?
@@ -126,13 +202,19 @@ module Clearance
       end
 
       def remember_me_until!(time)
-        self.token_expires_at = time
-        self.token = encrypt("--#{token_expires_at}--#{password}--")
+        self.remember_token_expires_at = time
+        self.remember_token = encrypt("--#{time}--#{password}--")
         save(false)
       end
     end
 
     module ClassMethods
+      # Authenticate with email and password.
+      #
+      # @param [String, String] email and password
+      # @return [User, nil] authenticated user or nil
+      # @example
+      #   User.authenticate("email@example.com", "password")
       def authenticate(email, password)
         return nil  unless user = find_by_email(email)
         return user if     user.authenticated?(password)

data/shoulda_macros/clearance.rb

@@ -4,6 +4,7 @@ module Clearance
     # STATE OF AUTHENTICATION
 
     def should_be_signed_in_as(&block)
+      warn "[DEPRECATION] should_be_signed_in_as cannot be used in functional tests anymore now that it depends on cookies, which are unavailable until the next request."
       should "be signed in as #{block.bind(self).call}" do
         user = block.bind(self).call
         assert_not_nil user,
@@ -28,6 +29,7 @@ module Clearance
     end
 
     def should_not_be_signed_in
+      warn "[DEPRECATION] should_not_be_signed_in is no longer a valid test since we now store a remember_token in cookies, not user_id in session"
       should "not be signed in" do
         assert_nil session[:user_id]
       end
@@ -176,7 +178,7 @@ module Clearance
       warn "[DEPRECATION] should_display_a_password_update_form: not meant to be public, no longer used internally"
       should "have a form for the user's token, password, and password confirm" do
         update_path = ERB::Util.h(
-          user_password_path(@user, :token => @user.token)
+          user_password_path(@user, :token => @user.confirmation_token)
         )
 
         assert_select 'form[action=?]', update_path do
@@ -213,8 +215,6 @@ module Clearance
               "session[email]", true, "There must be an email field"
             assert_select "input[type=password][name=?]",
               "session[password]", true, "There must be a password field"
-            assert_select "input[type=checkbox][name=?]",
-              "session[remember_me]", true, "There must be a 'remember me' check box"
             assert_select "input[type=submit]", true,
               "There must be a submit button"
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: thoughtbot-clearance
 version: !ruby/object:Gem::Version 
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors: 
 - Dan Croak
@@ -24,7 +24,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-08-03 21:00:00 -07:00
+date: 2009-08-30 21:00:00 -07:00
 default_executable: 
 dependencies: []
 
@@ -115,8 +115,6 @@ files:
 - rails/init.rb
 has_rdoc: true
 homepage: http://github.com/thoughtbot/clearance
-licenses: []
-
 post_install_message: 
 rdoc_options: []
 
@@ -137,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.5
+rubygems_version: 1.2.0
 signing_key: 
 specification_version: 3
 summary: Rails authentication with email & password.