When a `user_model` is configured in a Clearance initializer, a reference to that class is immediately saved off. If that class is changed, Clearance will not know to automatically reload the class as Rails does automatically for classes in development. This change introduces a `to_prepare` block to the Engine that is responsible for forcing the configured user class to be reloaded. `to_prepare` runs once per request in development and only at startup in other environments.
To get the test suite to run in under 2.2, I: * Upgraded Cucumber to a version that supports Ruby 2.2 * Added 2.2.0 to our Travis Matrix (Sorry, Travis) * Excluded Rails 3.2 under Ruby 2.2 from appraisals as it is not supported by rails (yet). See: rails/rails#18306 Once that was done, it was discovered that Rails 4.0.x requires the `test-unit` gem under Ruby 2.2. Adding that gem allows the test suite to run there. With that in place, I found that the `deny_access` matcher was not negating as expected. This is because the test-unit gem raises a different error when an assertion failed. I have to catch this error in addition to the Minitest::Assertion error we were already catching.
This name better expresses the intent of the filter and has the advantage of not conflicting with the `authorize` method provided by pundit or wading into the sometimes hairy line demarcating authorization from authentication. Clearance users should migrate from `:authorize` to `require_login` as the former will be removed in 2.0. Be sure to catch reference to `skip_before_filter :authorize` or `skip_before_action :authorize`, which the deprecation cannot catch. addresses #503, #436, and #239
There's no sense in setting a remember token cookie if the value of that cookie is nil. In fact, this causes a problem for sites that bounce users between HTTP and HTTPS connections for when the user is signed in versus signed out. Prior to this change, if Clearance's `secure_cookie` option was on the users remember token would be completely wiped out when they hit an HTTP page. Even returning to HTTPS would not restore the user's token. With this change in place, the HTTP response would simply not set a remember token cookie, but switching back to HTTPS would allow the client to send its previously existing cookie. There was an existing test for this, but it was passing incorrectly. The `set_cookie` matcher was not negating the way we wanted it to. On the test, the header values were: Fixes #338.
* Instance variables should be defined in initializers before used * `File.exists?` is deprecated This does not address the "possible reference to past scope" warnings introduced with Ruby 2.2.0 as it appears this warning will be removed in 2.2.1. See https://bugs.ruby-lang.org/issues/10661
This isn't library code, it's test code. It doesn't belong in `lib`. Common convention in engines is to have the dummy app in `spec/dummy`. * Update namespace so it doesn't look like part of Clearance. * Update reference from `Clearance::Testing::Application` to `Dummy::Application`. * Move dummy rake tasks into the `dummy` rake namespace. * Update bin/setup to use the new namespace. * Update bin/setup to no longer clean old appraisals out. * Update style in Rakefile and Dummy app
* Fix deprecation warnings in the cookie matcher * Fix loading of the MiniTest runner (caused by requiring `rails/test_help`, which we didn't need anyway. * Remove wrapper around MiniTest::Assertion * Clean up requires in `spec_helper` and `env`. * Remove .rspec file as the settings in there are default * Add appraisals to version control per https://github.com/thoughtbot/appraisal#version-control
Most of the changes necessary here were test-suite-only issues. The lone production-impactful change was adding support for `ActionMailer#deliver_later` in the `PasswordsController`. This will automatically use the queue configured with Active Job in order to background the sending of email. With no queue configured, it will be delivered synchronously. The old `#deliver` method still works, but generates deprecation warnings. The rest of the changes were related to the test suite: * Add a Rails 4.2 appraisal * Update cucumber steps to remove unnecessary gems from generated apps. * Simplify appraisal dependencies thanks to the above. * Fixed `forgeries_controller_spec`. This is still a brittle way to test this functionality but at least it works across Rails versions. * Removed deprecation related to test suite ordering in the test app that is loaded. There remains a single (repeated) deprecation when running specs on 4.2 which comes from RSpec and will be addressed by upgrading to `rspec-rails` 3.1 (see [`rspec-rails` issue]. That work will be in a separate pull-request. [`rspec-rails` issue]: rspec/rspec-rails#1187
`DenyAccessMatcher` used `#negative_failure_message`, which has been deprecated in favor of the newer RSpec matcher method `#failure_message_when_negated`. Renamed this instance variable and the `attr_reader` to remove RSpec 3.0 deprecation warnings when using `DenyAccessMatcher` in specs. Added aliases `failure_message_for_should` and `failure_message_for_should_not` to maintain RSpec 1.2+, < 3.0 compatibility.