diff --git a/README.md b/README.md index dacab181..7d071463 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,8 @@ Clearance.configure do |config| config.mailer_sender = "reply@example.com" config.password_strategy = Clearance::PasswordStrategies::BCrypt config.redirect_url = "/" + config.url_after_destroy = nil + config.url_after_denied_access_when_signed_out = nil config.rotate_csrf_on_sign_in = true config.same_site = nil config.secure_cookie = false @@ -222,8 +224,16 @@ These "failure" methods are called for signed out sessions: - `application#url_after_denied_access_when_signed_out` - `sessions#url_after_destroy` -They both default to `sign_in_url`. Override this method to change both of their -behavior, or override them individually to just change one. +You can override the appropriate method in your subclassed controller or you +can set a configuration value for either of these URLs: + +- `Clearance.configuration.url_after_denied_access_when_signed_out` +- `Clearance.configuration.url_after_destroy` + +Both configurations default to `nil` and if not set will default to +`sign_in_url` in `sessions_controller.rb` and `authorization.rb` for backwards +compatibility. + ### Views diff --git a/app/controllers/clearance/sessions_controller.rb b/app/controllers/clearance/sessions_controller.rb index 5b32809f..98a5e473 100644 --- a/app/controllers/clearance/sessions_controller.rb +++ b/app/controllers/clearance/sessions_controller.rb @@ -37,7 +37,7 @@ def url_after_create end def url_after_destroy - sign_in_url + Clearance.configuration.url_after_destroy || sign_in_url end def url_for_signed_in_users diff --git a/lib/clearance/authorization.rb b/lib/clearance/authorization.rb index 7e2c8044..87c3c3eb 100644 --- a/lib/clearance/authorization.rb +++ b/lib/clearance/authorization.rb @@ -114,7 +114,7 @@ def url_after_denied_access_when_signed_in # # @return [String] def url_after_denied_access_when_signed_out - sign_in_url + Clearance.configuration.url_after_denied_access_when_signed_out || sign_in_url end end end diff --git a/lib/clearance/configuration.rb b/lib/clearance/configuration.rb index cb5bc17a..b5f21eeb 100644 --- a/lib/clearance/configuration.rb +++ b/lib/clearance/configuration.rb @@ -68,6 +68,20 @@ class Configuration # @return [String] attr_accessor :redirect_url + # The default path Clearance will redirect signed out users to. + # Defaults to `nil` so that the controller will use `sign_in_url` + # for backwards compatibility. This can be set here instead of overriding + # the method via an overridden session controller. + # @return [String] + attr_accessor :url_after_destroy + + # The default path Clearance will redirect non-users to when denied access. + # Defaults to `nil` so that the authorization module will use `sign_in_url` + # for backwards compatibility. This can be set here instead of overriding + # the method via an overridden authorization module. + # @return [String] + attr_accessor :url_after_denied_access_when_signed_out + # Controls whether Clearance will rotate the CSRF token on sign in. # Defaults to `nil` which generates a warning. Will default to true in # Clearance 2.0. @@ -140,6 +154,8 @@ def initialize @same_site = nil @mailer_sender = 'reply@example.com' @redirect_url = '/' + @url_after_destroy = nil + @url_after_denied_access_when_signed_out = nil @rotate_csrf_on_sign_in = true @routes = true @secure_cookie = false diff --git a/spec/configuration_spec.rb b/spec/configuration_spec.rb index 1abad939..44636502 100644 --- a/spec/configuration_spec.rb +++ b/spec/configuration_spec.rb @@ -109,6 +109,34 @@ end end + context "when no url_after_destroy value specified" do + it "returns nil as the default" do + expect(Clearance::Configuration.new.url_after_destroy).to be_nil + end + end + + context "when url_after_destroy value is specified" do + it "returns the url_after_destroy value" do + Clearance.configure { |config| config.url_after_destroy = "/redirect" } + + expect(Clearance.configuration.url_after_destroy).to eq "/redirect" + end + end + + context "when no url_after_denied_access_when_signed_out value specified" do + it "returns nil as the default" do + expect(Clearance::Configuration.new.url_after_denied_access_when_signed_out).to be_nil + end + end + + context "when url_after_denied_access_when_signed_out value is specified" do + it "returns the url_after_denied_access_when_signed_out value" do + Clearance.configure { |config| config.url_after_denied_access_when_signed_out = "/redirect" } + + expect(Clearance.configuration.url_after_denied_access_when_signed_out).to eq "/redirect" + end + end + context "when specifying sign in guards" do it "returns the stack with added guards" do DummyGuard = Class.new diff --git a/spec/controllers/sessions_controller_spec.rb b/spec/controllers/sessions_controller_spec.rb index 9f3f11ca..8465f3a0 100644 --- a/spec/controllers/sessions_controller_spec.rb +++ b/spec/controllers/sessions_controller_spec.rb @@ -118,6 +118,12 @@ end describe "on DELETE to #destroy" do + let(:configured_redirect_url) { nil } + + before do + Clearance.configure { |config| config.url_after_destroy = configured_redirect_url } + end + context "given a signed out user" do before do sign_out @@ -126,6 +132,12 @@ it { should redirect_to_url_after_destroy } it { expect(response).to have_http_status(:see_other) } + + context "when the custom redirect URL is set" do + let(:configured_redirect_url) { "/redirected" } + + it { should redirect_to(configured_redirect_url) } + end end context "with a cookie" do @@ -145,6 +157,12 @@ it "should unset the current user" do expect(request.env[:clearance].current_user).to be_nil end + + context "when the custom redirect URL is set" do + let(:configured_redirect_url) { "/redirected" } + + it { should redirect_to(configured_redirect_url) } + end end end end