From a81ada7c3db10548e841ac50d45a0359c6ff2d85 Mon Sep 17 00:00:00 2001 From: Jos O'shea Date: Wed, 8 May 2024 11:27:57 -0400 Subject: [PATCH 1/3] update sqlite3 and erb_lint --- Gemfile | 2 +- Gemfile.lock | 79 ++++++++++++++++++++------------------ gemfiles/rails_6.1.gemfile | 2 +- gemfiles/rails_7.0.gemfile | 2 +- gemfiles/rails_7.1.gemfile | 2 +- 5 files changed, 46 insertions(+), 41 deletions(-) diff --git a/Gemfile b/Gemfile index 4ba9929a6..49ffd7f05 100644 --- a/Gemfile +++ b/Gemfile @@ -14,5 +14,5 @@ gem 'pry', require: false gem 'rails-controller-testing' gem 'rspec-rails' gem 'shoulda-matchers' -gem 'sqlite3' +gem 'sqlite3', "~> 1.7" gem 'timecop' diff --git a/Gemfile.lock b/Gemfile.lock index c45f24299..ad29af056 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -64,12 +64,11 @@ GEM ffi-compiler (~> 1.0) ast (2.4.2) bcrypt (3.1.20) - better_html (1.0.16) - actionview (>= 4.0) - activesupport (>= 4.0) + better_html (2.1.1) + actionview (>= 6.0) + activesupport (>= 6.0) ast (~> 2.0) erubi (~> 1.4) - html_tokenizer (~> 0.0.6) parser (>= 2.4) smart_properties builder (3.2.4) @@ -83,7 +82,7 @@ GEM regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) coderay (1.1.3) - concurrent-ruby (1.1.10) + concurrent-ruby (1.2.3) crass (1.0.6) database_cleaner (2.0.1) database_cleaner-active_record (~> 2.0.0) @@ -95,15 +94,14 @@ GEM diff-lcs (1.5.0) email_validator (2.2.4) activemodel - erb_lint (0.1.1) + erb_lint (0.5.0) activesupport - better_html (~> 1.0.7) - html_tokenizer + better_html (>= 2.0.1) parser (>= 2.7.1.4) rainbow rubocop smart_properties - erubi (1.10.0) + erubi (1.12.0) factory_bot (6.2.1) activesupport (>= 5.0.0) factory_bot_rails (6.2.0) @@ -115,12 +113,13 @@ GEM rake globalid (1.2.1) activesupport (>= 6.1) - html_tokenizer (0.0.7) - i18n (1.10.0) + i18n (1.14.5) concurrent-ruby (~> 1.0) - loofah (2.18.0) + json (2.7.2) + language_server-protocol (3.17.0.3) + loofah (2.22.0) crass (~> 1.0.2) - nokogiri (>= 1.5.9) + nokogiri (>= 1.12.0) mail (2.8.1) mini_mime (>= 0.1.1) net-imap @@ -129,8 +128,8 @@ GEM matrix (0.4.2) method_source (1.0.0) mini_mime (1.1.2) - mini_portile2 (2.8.0) - minitest (5.15.0) + mini_portile2 (2.8.6) + minitest (5.22.3) net-imap (0.4.10) date net-protocol @@ -140,17 +139,18 @@ GEM timeout net-smtp (0.5.0) net-protocol - nokogiri (1.13.6) - mini_portile2 (~> 2.8.0) + nokogiri (1.16.4) + mini_portile2 (~> 2.8.2) racc (~> 1.4) - parallel (1.22.1) - parser (3.1.2.0) + parallel (1.24.0) + parser (3.3.1.0) ast (~> 2.4.1) + racc pry (0.14.1) coderay (~> 1.1) method_source (~> 1.0) public_suffix (4.0.7) - racc (1.6.0) + racc (1.7.3) rack (2.2.3.1) rack-test (1.1.0) rack (>= 1.0, < 3) @@ -158,11 +158,13 @@ GEM actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) activesupport (>= 5.0.1.rc1) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + rails-dom-testing (2.2.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.4.3) - loofah (~> 2.3) + rails-html-sanitizer (1.6.0) + loofah (~> 2.21) + nokogiri (~> 1.14) railties (7.0.3) actionpack (= 7.0.3) activesupport (= 7.0.3) @@ -172,8 +174,8 @@ GEM zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.1.0) - regexp_parser (2.5.0) - rexml (3.2.5) + regexp_parser (2.9.0) + rexml (3.2.6) rspec-core (3.11.0) rspec-support (~> 3.11.0) rspec-expectations (3.11.0) @@ -191,28 +193,31 @@ GEM rspec-mocks (~> 3.10) rspec-support (~> 3.10) rspec-support (3.11.0) - rubocop (1.30.1) + rubocop (1.63.4) + json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 3.1.0.0) + parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.18.0, < 2.0) + rubocop-ast (>= 1.31.1, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.18.0) - parser (>= 3.1.1.0) - ruby-progressbar (1.11.0) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.31.3) + parser (>= 3.3.1.0) + ruby-progressbar (1.13.0) shoulda-matchers (5.1.0) activesupport (>= 5.2.0) smart_properties (1.17.0) - sqlite3 (1.4.2) + sqlite3 (1.7.3) + mini_portile2 (~> 2.8.0) thor (1.2.1) timecop (0.9.5) timeout (0.4.1) - tzinfo (2.0.4) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) - unicode-display_width (2.1.0) + unicode-display_width (2.5.0) xpath (3.2.0) nokogiri (~> 1.8) zeitwerk (2.5.4) @@ -234,7 +239,7 @@ DEPENDENCIES rails-controller-testing rspec-rails shoulda-matchers - sqlite3 + sqlite3 (~> 1.7) timecop BUNDLED WITH diff --git a/gemfiles/rails_6.1.gemfile b/gemfiles/rails_6.1.gemfile index 1db7a9f3a..fa52260cf 100644 --- a/gemfiles/rails_6.1.gemfile +++ b/gemfiles/rails_6.1.gemfile @@ -14,7 +14,7 @@ gem "pry", require: false gem "rails-controller-testing" gem "rspec-rails" gem "shoulda-matchers" -gem "sqlite3" +gem "sqlite3", "~> 1.7" gem "timecop" gem "railties", "~> 6.1.0" gem "net-smtp", require: false diff --git a/gemfiles/rails_7.0.gemfile b/gemfiles/rails_7.0.gemfile index 349636f7e..5b6bc25d9 100644 --- a/gemfiles/rails_7.0.gemfile +++ b/gemfiles/rails_7.0.gemfile @@ -14,7 +14,7 @@ gem "pry", require: false gem "rails-controller-testing" gem "rspec-rails" gem "shoulda-matchers" -gem "sqlite3" +gem "sqlite3", "~> 1.7" gem "timecop" gem "railties", "~> 7.0.0" diff --git a/gemfiles/rails_7.1.gemfile b/gemfiles/rails_7.1.gemfile index 8726d5604..a39b7c9c2 100644 --- a/gemfiles/rails_7.1.gemfile +++ b/gemfiles/rails_7.1.gemfile @@ -14,7 +14,7 @@ gem "pry", require: false gem "rails-controller-testing" gem "rspec-rails" gem "shoulda-matchers" -gem "sqlite3" +gem "sqlite3", "~> 1.7" gem "timecop" gem "railties", "~> 7.1.0" From 24de559bfb78b9575d835e1e7a450b13a4ef5a53 Mon Sep 17 00:00:00 2001 From: Jos O'shea Date: Wed, 8 May 2024 11:37:47 -0400 Subject: [PATCH 2/3] correct linting error --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 49ffd7f05..973a4ccc9 100644 --- a/Gemfile +++ b/Gemfile @@ -14,5 +14,5 @@ gem 'pry', require: false gem 'rails-controller-testing' gem 'rspec-rails' gem 'shoulda-matchers' -gem 'sqlite3', "~> 1.7" +gem 'sqlite3', '~> 1.7' gem 'timecop' From 31a44d470e921596852b237d4a90ba35c3d89d50 Mon Sep 17 00:00:00 2001 From: Jos O'shea Date: Wed, 8 May 2024 14:20:24 -0400 Subject: [PATCH 3/3] add password reset enable config option --- README.md | 1 + app/views/sessions/_form.html.erb | 4 +++- config/routes.rb | 8 ++++--- lib/clearance/configuration.rb | 14 ++++++++++++ spec/configuration_spec.rb | 15 +++++++++++++ spec/routing/clearance_routes_spec.rb | 32 +++++++++++++++++++++++++++ 6 files changed, 70 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bdce3e7f8..94b38f4e9 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ Override any of these defaults in `config/initializers/clearance.rb`: ```ruby Clearance.configure do |config| config.allow_sign_up = true + config.allow_password_reset = true config.cookie_domain = ".example.com" config.cookie_expiration = lambda { |cookies| 1.year.from_now.utc } config.cookie_name = "remember_token" diff --git a/app/views/sessions/_form.html.erb b/app/views/sessions/_form.html.erb index 31dc415ac..8fb2e9abe 100644 --- a/app/views/sessions/_form.html.erb +++ b/app/views/sessions/_form.html.erb @@ -17,6 +17,8 @@ <% if Clearance.configuration.allow_sign_up? %> <%= link_to t(".sign_up"), sign_up_path %> <% end %> - <%= link_to t(".forgot_password"), new_password_path %> + <% if Clearance.configuration.allow_password_reset? %> + <%= link_to t(".forgot_password"), new_password_path %> + <% end %> <% end %> diff --git a/config/routes.rb b/config/routes.rb index 700f7b3e0..08de03e34 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -11,9 +11,11 @@ resources :users, controller: 'clearance/users', only: Clearance.configuration.user_actions do - resource :password, - controller: 'clearance/passwords', - only: [:edit, :update] + if Clearance.configuration.allow_password_reset? + resource :password, + controller: 'clearance/passwords', + only: [:edit, :update] + end end get '/sign_in' => 'clearance/sessions#new', as: 'sign_in' diff --git a/lib/clearance/configuration.rb b/lib/clearance/configuration.rb index b5f21eeb3..61f0b3800 100644 --- a/lib/clearance/configuration.rb +++ b/lib/clearance/configuration.rb @@ -7,6 +7,13 @@ class Configuration # @return [Boolean] attr_writer :allow_sign_up + # Controls whether the password reset routes are enabled + # Defaults to `true`. Set to False to disable password reset routes + # The setting is ignored if routes are disabled. + # @param [Boolean] value + # @return [Boolean] + attr_writer :allow_password_reset + # The domain to use for the clearance remember token cookie. # Defaults to `nil`, which causes the cookie domain to default to the # domain of the request. For more, see @@ -145,6 +152,7 @@ class Configuration def initialize @allow_sign_up = true + @allow_password_reset = true @allowed_backdoor_environments = ["test", "ci", "development"] @cookie_domain = nil @cookie_expiration = ->(cookies) { 1.year.from_now.utc } @@ -195,6 +203,12 @@ def allow_sign_up? @allow_sign_up end + # Are the password reset routes enabled? + # @return [Boolean] + def allow_password_reset? + @allow_password_reset + end + # Specifies which controller actions are allowed for user resources. # This will be `[:create]` is `allow_sign_up` is true (the default), and # empty otherwise. diff --git a/spec/configuration_spec.rb b/spec/configuration_spec.rb index 446365023..c6436ece7 100644 --- a/spec/configuration_spec.rb +++ b/spec/configuration_spec.rb @@ -179,6 +179,21 @@ end end + describe "#allow_password_reset?" do + context "when allow_password_reset is configured to false" do + it "returns false" do + Clearance.configure { |config| config.allow_password_reset = false } + expect(Clearance.configuration.allow_password_reset?).to eq false + end + end + + context "when allow_sign_up has not been configured" do + it "returns true" do + expect(Clearance.configuration.allow_password_reset?).to eq true + end + end + end + describe "#user_actions" do context "when allow_sign_up is configured to false" do it "returns empty array" do diff --git a/spec/routing/clearance_routes_spec.rb b/spec/routing/clearance_routes_spec.rb index 960c1ba90..633824b95 100644 --- a/spec/routing/clearance_routes_spec.rb +++ b/spec/routing/clearance_routes_spec.rb @@ -62,4 +62,36 @@ expect(post: 'users').to be_routable end end + + context 'password reset disabled' do + around do |example| + Clearance.configure { |config| config.allow_password_reset = false } + Rails.application.reload_routes! + example.run + Clearance.configuration = Clearance::Configuration.new + Rails.application.reload_routes! + end + + it 'does not route password edit' do + user = create(:user) + expect(get: "users/#{user.id}/password/edit").not_to be_routable + end + + it 'does not route to clearance/passwords#update' do + user = create(:user) + expect(patch: "/users/#{user.id}/password").not_to be_routable + end + end + + context 'reset enabled' do + it 'does route password edit' do + user = create(:user) + expect(get: "users/#{user.id}/password/edit").to be_routable + end + + it 'does route to clearance/passwords#update' do + user = create(:user) + expect(patch: "/users/#{user.id}/password").to be_routable + end + end end