Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add allow_password_resets config option #1019

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ Override any of these defaults in `config/initializers/clearance.rb`:
```ruby
Clearance.configure do |config|
config.allow_sign_up = true
config.allow_password_reset = true
config.cookie_domain = ".example.com"
config.cookie_expiration = lambda { |cookies| 1.year.from_now.utc }
config.cookie_name = "remember_token"
Expand Down
4 changes: 3 additions & 1 deletion app/views/sessions/_form.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
<% if Clearance.configuration.allow_sign_up? %>
<%= link_to t(".sign_up"), sign_up_path %>
<% end %>
<%= link_to t(".forgot_password"), new_password_path %>
<% if Clearance.configuration.allow_password_reset? %>
<%= link_to t(".forgot_password"), new_password_path %>
<% end %>
</div>
<% end %>
8 changes: 5 additions & 3 deletions config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@
resources :users,
controller: 'clearance/users',
only: Clearance.configuration.user_actions do
resource :password,
controller: 'clearance/passwords',
only: [:edit, :update]
if Clearance.configuration.allow_password_reset?
resource :password,
controller: 'clearance/passwords',
whatnotery marked this conversation as resolved.
Show resolved Hide resolved
only: [:edit, :update]
whatnotery marked this conversation as resolved.
Show resolved Hide resolved
end
end

get '/sign_in' => 'clearance/sessions#new', as: 'sign_in'
Expand Down
14 changes: 14 additions & 0 deletions lib/clearance/configuration.rb
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@ class Configuration
# @return [Boolean]
attr_writer :allow_sign_up

# Controls whether the password reset routes are enabled
# Defaults to `true`. Set to False to disable password reset routes
# The setting is ignored if routes are disabled.
# @param [Boolean] value
# @return [Boolean]
attr_writer :allow_password_reset

# The domain to use for the clearance remember token cookie.
# Defaults to `nil`, which causes the cookie domain to default to the
# domain of the request. For more, see
Expand Down Expand Up @@ -145,6 +152,7 @@ class Configuration

def initialize
@allow_sign_up = true
@allow_password_reset = true
@allowed_backdoor_environments = ["test", "ci", "development"]
@cookie_domain = nil
@cookie_expiration = ->(cookies) { 1.year.from_now.utc }
Expand Down Expand Up @@ -195,6 +203,12 @@ def allow_sign_up?
@allow_sign_up
end

# Are the password reset routes enabled?
# @return [Boolean]
def allow_password_reset?
@allow_password_reset
end

whatnotery marked this conversation as resolved.
Show resolved Hide resolved
# Specifies which controller actions are allowed for user resources.
# This will be `[:create]` is `allow_sign_up` is true (the default), and
# empty otherwise.
Expand Down
15 changes: 15 additions & 0 deletions spec/configuration_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,21 @@
end
end

describe "#allow_password_reset?" do
context "when allow_password_reset is configured to false" do
it "returns false" do
Clearance.configure { |config| config.allow_password_reset = false }
expect(Clearance.configuration.allow_password_reset?).to eq false
end
end

context "when allow_sign_up has not been configured" do
it "returns true" do
expect(Clearance.configuration.allow_password_reset?).to eq true
end
end
end
whatnotery marked this conversation as resolved.
Show resolved Hide resolved

describe "#user_actions" do
context "when allow_sign_up is configured to false" do
it "returns empty array" do
Expand Down
32 changes: 32 additions & 0 deletions spec/routing/clearance_routes_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -62,4 +62,36 @@
expect(post: 'users').to be_routable
end
end

context 'password reset disabled' do
whatnotery marked this conversation as resolved.
Show resolved Hide resolved
around do |example|
Clearance.configure { |config| config.allow_password_reset = false }
Rails.application.reload_routes!
example.run
Clearance.configuration = Clearance::Configuration.new
Rails.application.reload_routes!
end

it 'does not route password edit' do
whatnotery marked this conversation as resolved.
Show resolved Hide resolved
user = create(:user)
expect(get: "users/#{user.id}/password/edit").not_to be_routable
end

it 'does not route to clearance/passwords#update' do
whatnotery marked this conversation as resolved.
Show resolved Hide resolved
user = create(:user)
expect(patch: "/users/#{user.id}/password").not_to be_routable
end
end

context 'reset enabled' do
whatnotery marked this conversation as resolved.
Show resolved Hide resolved
it 'does route password edit' do
whatnotery marked this conversation as resolved.
Show resolved Hide resolved
user = create(:user)
expect(get: "users/#{user.id}/password/edit").to be_routable
end

it 'does route to clearance/passwords#update' do
whatnotery marked this conversation as resolved.
Show resolved Hide resolved
user = create(:user)
expect(patch: "/users/#{user.id}/password").to be_routable
end
end
end
Loading