Empact-authlogic 2.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (126) hide show
  1. data/.gitignore +9 -0
  2. data/CHANGELOG.rdoc +349 -0
  3. data/Empact-authlogic.gemspec +217 -0
  4. data/LICENSE +20 -0
  5. data/README.rdoc +246 -0
  6. data/Rakefile +42 -0
  7. data/VERSION.yml +5 -0
  8. data/generators/session/session_generator.rb +9 -0
  9. data/generators/session/templates/session.rb +2 -0
  10. data/init.rb +1 -0
  11. data/lib/authlogic/acts_as_authentic/base.rb +107 -0
  12. data/lib/authlogic/acts_as_authentic/email.rb +110 -0
  13. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +60 -0
  14. data/lib/authlogic/acts_as_authentic/login.rb +141 -0
  15. data/lib/authlogic/acts_as_authentic/magic_columns.rb +24 -0
  16. data/lib/authlogic/acts_as_authentic/password.rb +355 -0
  17. data/lib/authlogic/acts_as_authentic/perishable_token.rb +105 -0
  18. data/lib/authlogic/acts_as_authentic/persistence_token.rb +68 -0
  19. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +61 -0
  20. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +139 -0
  21. data/lib/authlogic/acts_as_authentic/single_access_token.rb +65 -0
  22. data/lib/authlogic/acts_as_authentic/validations_scope.rb +32 -0
  23. data/lib/authlogic/authenticates_many/association.rb +42 -0
  24. data/lib/authlogic/authenticates_many/base.rb +55 -0
  25. data/lib/authlogic/controller_adapters/abstract_adapter.rb +67 -0
  26. data/lib/authlogic/controller_adapters/merb_adapter.rb +30 -0
  27. data/lib/authlogic/controller_adapters/rails_adapter.rb +48 -0
  28. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +61 -0
  29. data/lib/authlogic/crypto_providers/aes256.rb +43 -0
  30. data/lib/authlogic/crypto_providers/bcrypt.rb +90 -0
  31. data/lib/authlogic/crypto_providers/md5.rb +34 -0
  32. data/lib/authlogic/crypto_providers/sha1.rb +35 -0
  33. data/lib/authlogic/crypto_providers/sha256.rb +50 -0
  34. data/lib/authlogic/crypto_providers/sha512.rb +50 -0
  35. data/lib/authlogic/crypto_providers/wordpress.rb +43 -0
  36. data/lib/authlogic/i18n/translator.rb +15 -0
  37. data/lib/authlogic/i18n.rb +83 -0
  38. data/lib/authlogic/random.rb +33 -0
  39. data/lib/authlogic/regex.rb +25 -0
  40. data/lib/authlogic/session/activation.rb +58 -0
  41. data/lib/authlogic/session/active_record_trickery.rb +64 -0
  42. data/lib/authlogic/session/base.rb +37 -0
  43. data/lib/authlogic/session/brute_force_protection.rb +96 -0
  44. data/lib/authlogic/session/callbacks.rb +99 -0
  45. data/lib/authlogic/session/cookies.rb +130 -0
  46. data/lib/authlogic/session/existence.rb +93 -0
  47. data/lib/authlogic/session/foundation.rb +63 -0
  48. data/lib/authlogic/session/http_auth.rb +58 -0
  49. data/lib/authlogic/session/id.rb +41 -0
  50. data/lib/authlogic/session/klass.rb +78 -0
  51. data/lib/authlogic/session/magic_columns.rb +95 -0
  52. data/lib/authlogic/session/magic_states.rb +59 -0
  53. data/lib/authlogic/session/params.rb +101 -0
  54. data/lib/authlogic/session/password.rb +240 -0
  55. data/lib/authlogic/session/perishable_token.rb +18 -0
  56. data/lib/authlogic/session/persistence.rb +70 -0
  57. data/lib/authlogic/session/priority_record.rb +34 -0
  58. data/lib/authlogic/session/scopes.rb +101 -0
  59. data/lib/authlogic/session/session.rb +62 -0
  60. data/lib/authlogic/session/timeout.rb +82 -0
  61. data/lib/authlogic/session/unauthorized_record.rb +50 -0
  62. data/lib/authlogic/session/validation.rb +82 -0
  63. data/lib/authlogic/test_case/mock_controller.rb +45 -0
  64. data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -0
  65. data/lib/authlogic/test_case/mock_logger.rb +10 -0
  66. data/lib/authlogic/test_case/mock_request.rb +19 -0
  67. data/lib/authlogic/test_case/rails_request_adapter.rb +30 -0
  68. data/lib/authlogic/test_case.rb +120 -0
  69. data/lib/authlogic.rb +64 -0
  70. data/rails/init.rb +1 -0
  71. data/shoulda_macros/authlogic.rb +69 -0
  72. data/test/acts_as_authentic_test/base_test.rb +18 -0
  73. data/test/acts_as_authentic_test/email_test.rb +105 -0
  74. data/test/acts_as_authentic_test/logged_in_status_test.rb +36 -0
  75. data/test/acts_as_authentic_test/login_test.rb +109 -0
  76. data/test/acts_as_authentic_test/magic_columns_test.rb +27 -0
  77. data/test/acts_as_authentic_test/password_test.rb +236 -0
  78. data/test/acts_as_authentic_test/perishable_token_test.rb +90 -0
  79. data/test/acts_as_authentic_test/persistence_token_test.rb +55 -0
  80. data/test/acts_as_authentic_test/restful_authentication_test.rb +40 -0
  81. data/test/acts_as_authentic_test/session_maintenance_test.rb +84 -0
  82. data/test/acts_as_authentic_test/single_access_test.rb +44 -0
  83. data/test/authenticates_many_test.rb +16 -0
  84. data/test/crypto_provider_test/aes256_test.rb +14 -0
  85. data/test/crypto_provider_test/bcrypt_test.rb +14 -0
  86. data/test/crypto_provider_test/sha1_test.rb +23 -0
  87. data/test/crypto_provider_test/sha256_test.rb +14 -0
  88. data/test/crypto_provider_test/sha512_test.rb +14 -0
  89. data/test/fixtures/companies.yml +5 -0
  90. data/test/fixtures/employees.yml +17 -0
  91. data/test/fixtures/projects.yml +3 -0
  92. data/test/fixtures/users.yml +24 -0
  93. data/test/i18n_test.rb +33 -0
  94. data/test/libs/affiliate.rb +7 -0
  95. data/test/libs/company.rb +6 -0
  96. data/test/libs/employee.rb +7 -0
  97. data/test/libs/employee_session.rb +2 -0
  98. data/test/libs/ldaper.rb +3 -0
  99. data/test/libs/ordered_hash.rb +9 -0
  100. data/test/libs/project.rb +3 -0
  101. data/test/libs/user.rb +5 -0
  102. data/test/libs/user_session.rb +6 -0
  103. data/test/random_test.rb +49 -0
  104. data/test/session_test/activation_test.rb +43 -0
  105. data/test/session_test/active_record_trickery_test.rb +36 -0
  106. data/test/session_test/brute_force_protection_test.rb +101 -0
  107. data/test/session_test/callbacks_test.rb +6 -0
  108. data/test/session_test/cookies_test.rb +112 -0
  109. data/test/session_test/credentials_test.rb +0 -0
  110. data/test/session_test/existence_test.rb +64 -0
  111. data/test/session_test/http_auth_test.rb +28 -0
  112. data/test/session_test/id_test.rb +17 -0
  113. data/test/session_test/klass_test.rb +40 -0
  114. data/test/session_test/magic_columns_test.rb +62 -0
  115. data/test/session_test/magic_states_test.rb +60 -0
  116. data/test/session_test/params_test.rb +53 -0
  117. data/test/session_test/password_test.rb +106 -0
  118. data/test/session_test/perishability_test.rb +15 -0
  119. data/test/session_test/persistence_test.rb +21 -0
  120. data/test/session_test/scopes_test.rb +60 -0
  121. data/test/session_test/session_test.rb +59 -0
  122. data/test/session_test/timeout_test.rb +52 -0
  123. data/test/session_test/unauthorized_record_test.rb +13 -0
  124. data/test/session_test/validation_test.rb +23 -0
  125. data/test/test_helper.rb +182 -0
  126. metadata +248 -0
data/README.rdoc ADDED
@@ -0,0 +1,246 @@
1
+ = Authlogic
2
+
3
+ Authlogic is a clean, simple, and unobtrusive ruby authentication solution.
4
+
5
+ A code example can replace a thousand words...
6
+
7
+ Authlogic introduces a new type of model. You can have as many as you want, and name them whatever you want, just like your other models. In this example, we want to authenticate with the User model, which is inferred by the name:
8
+
9
+ class UserSession < Authlogic::Session::Base
10
+ # specify configuration here, such as:
11
+ # logout_on_timeout true
12
+ # ...many more options in the documentation
13
+ end
14
+
15
+ Log in with any of the following. Create a UserSessionsController and use it just like your other models:
16
+
17
+ UserSession.create(:login => "bjohnson", :password => "my password", :remember_me => true)
18
+ session = UserSession.new(:login => "bjohnson", :password => "my password", :remember_me => true); session.save
19
+ UserSession.create(:openid_identifier => "identifier", :remember_me => true) # requires the authlogic-oid "add on" gem
20
+ UserSession.create(my_user_object, true) # skip authentication and log the user in directly, the true means "remember me"
21
+
22
+ The above handles the entire authentication process for you. It first authenticates, then it sets up the proper session values and cookies to persist the session. Just like you would if you rolled your own authentication solution.
23
+
24
+ You can also log out / destroy the session:
25
+
26
+ session.destroy
27
+
28
+ After a session has been created, you can persist it across requests. Thus keeping the user logged in:
29
+
30
+ session = UserSession.find
31
+
32
+ To get all of the nice authentication functionality in your model just do this:
33
+
34
+ class User < ActiveRecord::Base
35
+ acts_as_authentic do |c|
36
+ c.my_config_option = my_value
37
+ end # the configuration block is optional
38
+ end
39
+
40
+ This handles validations, etc. It is also "smart" in the sense that it if a login field is present it will use that to authenticate, if not it will look for an email field, etc. This is all configurable, but for 99% of cases that above is all you will need to do.
41
+
42
+ Also, sessions are automatically maintained. You can switch this on and off with configuration, but the following will automatically log a user in after a successful registration:
43
+
44
+ User.create(params[:user])
45
+
46
+ This also updates the session when the user changes his/her password.
47
+
48
+ Authlogic is very flexible, it has a strong public API and a plethora of hooks to allow you to modify behavior and extend it. Check out the helpful links below to dig deeper.
49
+
50
+ == Helpful links
51
+
52
+ * <b>Documentation:</b> http://rdoc.info/projects/binarylogic/authlogic
53
+ * <b>Repository:</b> http://github.com/binarylogic/authlogic/tree/master
54
+ * <b>Railscasts Screencast:</b> http://railscasts.com/episodes/160-authlogic
55
+ * <b>Live example with OpenID "add on":</b> http://authlogicexample.binarylogic.com
56
+ * <b>Live example repository with tutorial in README:</b> http://github.com/binarylogic/authlogic_example/tree/master
57
+ * <b>Tutorial: Reset passwords with Authlogic the RESTful way:</b> http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic
58
+ * <b>Issues:</b> http://github.com/binarylogic/authlogic/issues
59
+ * <b>Google group:</b> http://groups.google.com/group/authlogic
60
+
61
+ <b>Before contacting me directly, please read:</b>
62
+
63
+ If you find a bug or a problem please post it in the issues section. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. This also benefits other people in the future with the same questions / problems. Thank you.
64
+
65
+ == Authlogic "add ons"
66
+
67
+ * <b>Authlogic OpenID addon:</b> http://github.com/binarylogic/authlogic_openid
68
+ * <b>Authlogic LDAP addon:</b> http://github.com/binarylogic/authlogic_ldap
69
+ * <b>Authlogic Facebook Connect:</b> http://github.com/kalasjocke/authlogic_facebook_connect
70
+ * <b>Authlogic OAuth (Twitter):</b> http://github.com/jrallison/authlogic_oauth
71
+ * <b>Authlogic PAM:</b> http://github.com/nbudin/authlogic_pam
72
+
73
+ If you create one of your own, please let me know about it so I can add it to this list. Or just fork the project, add your link, and send me a pull request.
74
+
75
+ == Session bugs (please read if you are having issues with logging in / out)
76
+
77
+ Apparently there is a bug with apache / passenger for v2.1.X with sessions not working properly. This is most likely your problem if you are having trouble logging in / out. This is *not* an Authlogic issue. This can be solved by updating passener or using an alternative session store solution, such as active record store.
78
+
79
+ == Documentation explanation
80
+
81
+ You can find anything you want about Authlogic in the {documentation}[http://rdoc.info/projects/binarylogic/authlogic], all that you need to do is understand the basic design behind it.
82
+
83
+ That being said, there are 2 models involved during authentication. Your Authlogic model and your ActiveRecord model:
84
+
85
+ 1. <b>Authlogic::Session</b>, your session models that extend Authlogic::Session::Base.
86
+ 2. <b>Authlogic::ActsAsAuthentic</b>, which adds in functionality to your ActiveRecord model when you call acts_as_authentic.
87
+
88
+ Each of the above has its various sub modules that contain common logic. The sub modules are responsible for including *everything* related to it: configuration, class methods, instance methods, etc.
89
+
90
+ For example, if you want to timeout users after a certain period of inactivity, you would look in <b>Authlogic::Session::Timeout</b>. To help you out, I listed the following publicly relevant modules with short descriptions. For the sake of brevity, there are more modules than listed here, the ones not listed are more for internal use, but you can easily read up on them in the {documentation}[http://rdoc.info/projects/binarylogic/authlogic].
91
+
92
+ === Authlogic::ActsAsAuthentic sub modules
93
+
94
+ These modules are for the ActiveRecord side of things, the models that call acts_as_authentic.
95
+
96
+ * <b>Authlogic::ActsAsAuthentic::Base</b> - Provides the acts_as_authentic class method and includes all of the submodules.
97
+ * <b>Authlogic::ActsAsAuthentic::Email</b> - Handles everything related to the email field.
98
+ * <b>Authlogic::ActsAsAuthentic::LoggedInStatus</b> - Provides handy named scopes and methods for determining if the user is logged in or out.
99
+ * <b>Authlogic::ActsAsAuthentic::Login</b> - Handles everything related to the login field.
100
+ * <b>Authlogic::ActsAsAuthentic::MagicColumns</b> - Handles everything related to the "magic" fields: login_count, failed_login_count, last_request_at, etc.
101
+ * <b>Authlogic::ActsAsAuthentic::Password</b> - This one is important. It handles encrypting your password, salting it, etc. It also has support for transitioning password algorithms.
102
+ * <b>Authlogic::ActsAsAuthentic::PerishableToken</b> - Handles maintaining the perishable token field, also provides a class level method for finding record using the token.
103
+ * <b>Authlogic::ActsAsAuthentic::PersistenceToken</b> - Handles maintaining the persistence token. This is the token stored in cookies and sessions to persist the users session.
104
+ * <b>Authlogic::ActsAsAuthentic::RestfulAuthentication</b> - Provides configuration options to easily migrate from the restful_authentication plugin.
105
+ * <b>Authlogic::ActsAsAuthentic::SessionMaintenance</b> - Handles automatic session maintenance. EX: a new user registers, automatically log them in. Or a user changes their password, update their session.
106
+ * <b>Authlogic::ActsAsAuthentic::SingleAccessToken</b> - Handles maintaining the single access token.
107
+ * <b>Authlogic::ActsAsAuthentic::ValidationsScope</b> - Allows you to scope all validations, etc. Just like the :scope option for validates_uniqueness_of
108
+
109
+ === Authlogic::Session sub modules
110
+
111
+ These modules are for the models that extend Authlogic::Session::Base.
112
+
113
+ * <b>Authlogic::Session::BruteForceProtection</b> - Disables accounts after a certain number of consecutive failed logins attempted.
114
+ * <b>Authlogic::Session::Callbacks</b> - Your tools to extend, change, or add onto Authlogic. Lets you hook in and do just about anything you want. Start here if you want to write a plugin or add-on for Authlogic
115
+ * <b>Authlogic::Session::Cookies</b> - Authentication via cookies.
116
+ * <b>Authlogic::Session::Existence</b> - Creating, saving, and destroying objects.
117
+ * <b>Authlogic::Session::HttpAuth</b> - Authentication via basic HTTP authentication.
118
+ * <b>Authlogic::Session::Id</b> - Allows sessions to be separated by an id, letting you have multiple sessions for a single user.
119
+ * <b>Authlogic::Session::MagicColumns</b> - Maintains "magic" database columns, similar to created_at and updated_at for ActiveRecord.
120
+ * <b>Authlogic::Session::MagicStates</b> - Automatically validates based on the records states: active?, approved?, and confirmed?. If those methods exist for the record.
121
+ * <b>Authlogic::Session::Params</b> - Authentication via params, aka single access token.
122
+ * <b>Authlogic::Session::Password</b> - Authentication via a traditional username and password.
123
+ * <b>Authlogic::Session::Persistence</b> - Persisting sessions / finding sessions.
124
+ * <b>Authlogic::Session::Session</b> - Authentication via the session, the controller session that is.
125
+ * <b>Authlogic::Session::Timeout</b> - Automatically logging out after a certain period of inactivity.
126
+ * <b>Authlogic::Session::UnauthorizedRecord</b> - Handles authentication by passing an ActiveRecord object directly.
127
+ * <b>Authlogic::Session::Validation</b> - Validation / errors.
128
+
129
+ === Miscellaneous modules
130
+
131
+ Miscellaneous modules that shared across the authentication process and are more "utility" modules and classes.
132
+
133
+ * <b>Authlogic::AuthenticatesMany</b> - Responsible for allowing you to scope sessions to a parent record. Similar to a has_many and belongs_to relationship. This lets you do the same thing with sessions.
134
+ * <b>Authlogic::CryptoProviders</b> - Contains various encryption algorithms that Authlogic uses, allowing you to choose your encryption method.
135
+ * <b>Authlogic::I18n</b> - Acts JUST LIKE the rails I18n library, and provides internationalization to Authlogic.
136
+ * <b>Authlogic::Random</b> - A simple class to generate random tokens.
137
+ * <b>Authlogic::Regex</b> - Contains regular expressions used in Authlogic. Such as those to validate the format of the log or email.
138
+ * <b>Authlogic::TestCase</b> - Various helper methods for testing frameworks to help you test your code.
139
+ * <b>Authlogic::Version</b> - A handy class for determine the version of Authlogic in a number of ways.
140
+
141
+ == Quick Rails example
142
+
143
+ What if creating sessions worked like an ORM library on the surface...
144
+
145
+ UserSession.create(params[:user_session])
146
+
147
+ What if your user sessions controller could look just like your other controllers...
148
+
149
+ class UserSessionsController < ApplicationController
150
+ def new
151
+ @user_session = UserSession.new
152
+ end
153
+
154
+ def create
155
+ @user_session = UserSession.new(params[:user_session])
156
+ if @user_session.save
157
+ redirect_to account_url
158
+ else
159
+ render :action => :new
160
+ end
161
+ end
162
+
163
+ def destroy
164
+ current_user_session.destroy
165
+ redirect_to new_user_session_url
166
+ end
167
+ end
168
+
169
+ As you can see, this fits nicely into the RESTful development pattern. What about the view...
170
+
171
+ <% form_for @user_session do |f| %>
172
+ <%= f.error_messages %>
173
+ <%= f.label :login %><br />
174
+ <%= f.text_field :login %><br />
175
+ <br />
176
+ <%= f.label :password %><br />
177
+ <%= f.password_field :password %><br />
178
+ <br />
179
+ <%= f.submit "Login" %>
180
+ <% end %>
181
+
182
+ Or how about persisting the session...
183
+
184
+ class ApplicationController
185
+ helper_method :current_user_session, :current_user
186
+
187
+ private
188
+ def current_user_session
189
+ return @current_user_session if defined?(@current_user_session)
190
+ @current_user_session = UserSession.find
191
+ end
192
+
193
+ def current_user
194
+ return @current_user if defined?(@current_user)
195
+ @current_user = current_user_session && current_user_session.user
196
+ end
197
+ end
198
+
199
+ == Install & Use
200
+
201
+ Install the gem / plugin (recommended)
202
+
203
+ From rubyforge:
204
+
205
+ $ sudo gem install authlogic
206
+
207
+ Or from github:
208
+
209
+ $ sudo gem install binarylogic-authlogic
210
+
211
+ Now just add the gem dependency in your projects configuration.
212
+
213
+ Or you can install this as a plugin:
214
+
215
+ script/plugin install git://github.com/binarylogic/authlogic.git
216
+
217
+ == Detailed Setup Tutorial
218
+
219
+ See the {authlogic example}[http://github.com/binarylogic/authlogic_example/tree/master] for a detailed setup tutorial. I did this because not only do you have a tutorial to go by, but you have an example app that uses the same tutorial, so you can play around with with the code. If you have problems you can compare the code to see what you are doing differently.
220
+
221
+ == Testing
222
+
223
+ I think one of the best aspects of Authlogic is testing. For one, it cuts out <b>a lot</b> of redundant tests in your applications because Authlogic is already thoroughly tested for you. It doesn't include a bunch of tests into your application, because it comes tested, just like any other library.
224
+
225
+ For example, think about ActiveRecord. You don't test the internals of ActiveRecord, because the creators of ActiveRecord have already tested the internals for you. It wouldn't make sense for ActiveRecord to copy it's hundreds of tests into your applications. The same concept applies to Authlogic. You only need to test code you write that is specific to your application, just like everything else in your application.
226
+
227
+ That being said, testing your code that uses Authlogic is easy. Since everyone uses different testing suites, I created a helpful module called Authlogic::TestCase, which is basically a set of tools for testing code using Authlogic. I explain testing Authlogic thoroughly in the {Authlogic::TestCase section of the documentation}[http://rdoc.info/rdoc/binarylogic/authlogic/blob/f2f6988d3b97e11770b00b72a7a9733df69ffa5b/Authlogic/TestCase.html]. It should answer any questions you have in regards to testing Authlogic.
228
+
229
+ == Tell me quickly how Authlogic works
230
+
231
+ Interested in how all of this all works? Think about an ActiveRecord model. A database connection must be established before you can use it. In the case of Authlogic, a controller connection must be established before you can use it. It uses that controller connection to modify cookies, the current session, login with HTTP basic, etc. It connects to the controller through a before filter that is automatically set in your controller which lets Authlogic know about the current controller object. Then Authlogic leverages that to do everything, it's a pretty simple design. Nothing crazy going on, Authlogic is just leveraging the tools your framework provides in the controller object.
232
+
233
+ == What sets Authlogic apart and why I created it
234
+
235
+ What inspired me to create Authlogic was the messiness of the current authentication solutions. Put simply, they just didn't feel right, because the logic was not organized properly. As you may know, a common misconception with the MVC design pattern is that the model "M" is only for data access logic, which is wrong. A model is a place for domain logic. This is why the RESTful design pattern and the current authentication solutions don't play nice. Authlogic solves this by placing the session maintenance logic into its own domain (aka "model"). Moving session maintenance into its own domain has its benefits:
236
+
237
+ 1. <b>It's cleaner.</b> There are no generators in Authlogic. Authlogic provides a class that you can use, it's plain and simple ruby. More importantly, the code in your app is code you write, written the way you want, nice and clean. It's code that should be in your app and is specific to your app, not a redundant authentication pattern.
238
+ 2. <b>Easier to stay up-to-date.</b> To make my point, take a look at the commits to any other authentication solution, then look at the {commits for authlogic}[http://github.com/binarylogic/authlogic/commits/master]. How many commits could you easily start using if you already had an app using that solution? With an alternate solution, very few, if any. All of those cool new features and bug fixes are going to have be manually added or wait for your next application. Which is the main reason a generator is not suitable as an authentication solution. With Authlogic you can start using the latest code with a simple update of a gem. No generators, no mess.
239
+ 3. <b>It ties everything together on the domain level.</b> Take a new user registration for example, no reason to manually log the user in, authlogic handles this for you via callbacks. The same applies to a user changing their password. Authlogic handles maintaining the session for you.
240
+ 4. <b>No redundant tests.</b> Because Authlogic doesn't use generators, #1 also applies to tests. Authlogic is *thoroughly* tested for you. You don't go and test the internals of ActiveRecord in each of your apps do you? So why do the same for Authlogic? Your application tests should be for application specific code. Get rid of the noise and make your tests focused and concise, no reason to copy tests from app to app.
241
+ 5. <b>Framework agnostic</b>. Authlogic can be used in *any* ruby framework you want: Rails, Merb, Sinatra, Mack, your own framework, whatever. It's not tied down to Rails. It does this by abstracting itself from these framework's controllers by using a controller adapter. Thanks to {Rack}[http://rack.rubyforge.org/], there is a defined standard for controller structure, and that's what Authlogic's abstract adapter follows. So if your controller follows the rack standards, you don't need to do anything. Any place it deviates from this is solved by a simple adapter for your framework that closes these gaps. For an example, checkout the Authlogic::ControllerAdapters::MerbAdapter.
242
+ 5. <b>You are not restricted to a single session.</b> Think about Apple's me.com, where they need you to authenticate a second time before changing your billing information. Why not just create a second session for this? It works just like your initial session. Then your billing controller can require an "ultra secure" session.
243
+ 6. <b>Easily extendable.</b> One of the distinct advantages of using a library is the ability to use its API, assuming it has one. Authlogic has an *excellent* public API, meaning it can easily be extended and grow beyond the core library. Checkout the "add ons" list above to see what I mean.
244
+
245
+
246
+ Copyright (c) 2009 {Ben Johnson of Binary Logic}[http://www.binarylogic.com], released under the MIT license
data/Rakefile ADDED
@@ -0,0 +1,42 @@
1
+ require 'rubygems'
2
+ require 'rake'
3
+
4
+ begin
5
+ require 'jeweler'
6
+ Jeweler::Tasks.new do |gem|
7
+ gem.name = "Empact-authlogic"
8
+ gem.summary = "A clean, simple, and unobtrusive ruby authentication solution."
9
+ gem.email = "bjohnson@binarylogic.com"
10
+ gem.homepage = "http://github.com/binarylogic/authlogic"
11
+ gem.authors = ["Ben Johnson of Binary Logic", "Ben Woosley"]
12
+ gem.rubyforge_project = "authlogic"
13
+ gem.add_dependency "activesupport"
14
+ end
15
+ Jeweler::RubyforgeTasks.new
16
+ rescue LoadError
17
+ puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
18
+ end
19
+
20
+ require 'rake/testtask'
21
+ Rake::TestTask.new(:test) do |test|
22
+ test.libs << 'test'
23
+ test.pattern = 'test/**/*_test.rb'
24
+ test.verbose = true
25
+ end
26
+
27
+ begin
28
+ require 'rcov/rcovtask'
29
+ Rcov::RcovTask.new do |test|
30
+ test.libs << 'test'
31
+ test.pattern = 'test/**/*_test.rb'
32
+ test.verbose = true
33
+ end
34
+ rescue LoadError
35
+ task :rcov do
36
+ abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
37
+ end
38
+ end
39
+
40
+ task :test => :check_dependencies
41
+
42
+ task :default => :test
data/VERSION.yml ADDED
@@ -0,0 +1,5 @@
1
+ ---
2
+ :patch: 4
3
+ :major: 2
4
+ :build:
5
+ :minor: 1
@@ -0,0 +1,9 @@
1
+ class SessionGenerator < Rails::Generator::NamedBase
2
+ def manifest
3
+ record do |m|
4
+ m.class_collisions class_name
5
+ m.directory File.join('app/models', class_path)
6
+ m.template 'session.rb', File.join('app/models', class_path, "#{file_name}.rb")
7
+ end
8
+ end
9
+ end
@@ -0,0 +1,2 @@
1
+ class <%= class_name %> < Authlogic::Session::Base
2
+ end
data/init.rb ADDED
@@ -0,0 +1 @@
1
+ require File.dirname(__FILE__) + "/rails/init.rb"
@@ -0,0 +1,107 @@
1
+ module Authlogic
2
+ module ActsAsAuthentic
3
+ # Provides the base functionality for acts_as_authentic
4
+ module Base
5
+ def self.included(klass)
6
+ klass.class_eval do
7
+ extend Config
8
+ end
9
+ end
10
+
11
+ module Config
12
+ # This includes a lot of helpful methods for authenticating records which The Authlogic::Session module relies on.
13
+ # To use it just do:
14
+ #
15
+ # class User < ActiveRecord::Base
16
+ # acts_as_authentic
17
+ # end
18
+ #
19
+ # Configuration is easy:
20
+ #
21
+ # acts_as_authentic do |c|
22
+ # c.my_configuration_option = my_value
23
+ # end
24
+ #
25
+ # See the various sub modules for the configuration they provide.
26
+ def acts_as_authentic(unsupported_options = nil, &block)
27
+ # Stop all configuration if the DB is not set up
28
+ return if !db_setup?
29
+
30
+ raise ArgumentError.new("You are using the old v1.X.X configuration method for Authlogic. Instead of " +
31
+ "passing a hash of configuration options to acts_as_authentic, pass a block: acts_as_authentic { |c| c.my_option = my_value }") if !unsupported_options.nil?
32
+
33
+ yield self if block_given?
34
+ acts_as_authentic_modules.each { |mod| include mod }
35
+ end
36
+
37
+ # Since this part of Authlogic deals with another class, ActiveRecord, we can't just start including things
38
+ # in ActiveRecord itself. A lot of these module includes need to be triggered by the acts_as_authentic method
39
+ # call. For example, you don't want to start adding in email validations and what not into a model that has
40
+ # nothing to do with Authlogic.
41
+ #
42
+ # That being said, this is your tool for extending Authlogic and "hooking" into the acts_as_authentic call.
43
+ def add_acts_as_authentic_module(mod, action = :append)
44
+ modules = acts_as_authentic_modules
45
+ case action
46
+ when :append
47
+ modules << mod
48
+ when :prepend
49
+ modules = [mod] + modules
50
+ end
51
+ modules.uniq!
52
+ write_inheritable_attribute(:acts_as_authentic_modules, modules)
53
+ end
54
+
55
+ # This is the same as add_acts_as_authentic_module, except that it removes the module from the list.
56
+ def remove_acts_as_authentic_module(mod)
57
+ acts_as_authentic_modules.delete(mod)
58
+ acts_as_authentic_modules
59
+ end
60
+
61
+ private
62
+ def acts_as_authentic_modules
63
+ key = :acts_as_authentic_modules
64
+ inheritable_attributes.include?(key) ? read_inheritable_attribute(key) : []
65
+ end
66
+
67
+ def db_setup?
68
+ begin
69
+ column_names
70
+ true
71
+ rescue Exception
72
+ false
73
+ end
74
+ end
75
+
76
+ def rw_config(key, value, default_value = nil, read_value = nil)
77
+ if value == read_value
78
+ inheritable_attributes.include?(key) ? read_inheritable_attribute(key) : default_value
79
+ else
80
+ write_inheritable_attribute(key, value)
81
+ end
82
+ end
83
+
84
+ def first_column_to_exist(*columns_to_check)
85
+ if db_setup?
86
+ columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
87
+ end
88
+ columns_to_check.first && columns_to_check.first.to_sym
89
+ end
90
+ end
91
+ end
92
+ end
93
+ end
94
+
95
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Base
96
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Email
97
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::LoggedInStatus
98
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Login
99
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::MagicColumns
100
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Password
101
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::PerishableToken
102
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::PersistenceToken
103
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::RestfulAuthentication
104
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SessionMaintenance
105
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SingleAccessToken
106
+ ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::ValidationsScope
107
+
@@ -0,0 +1,110 @@
1
+ module Authlogic
2
+ module ActsAsAuthentic
3
+ # Sometimes models won't have an explicit "login" or "username" field. Instead they want to use the email field.
4
+ # In this case, authlogic provides validations to make sure the email submited is actually a valid email. Don't worry,
5
+ # if you do have a login or username field, Authlogic will still validate your email field. One less thing you have to
6
+ # worry about.
7
+ module Email
8
+ def self.included(klass)
9
+ klass.class_eval do
10
+ extend Config
11
+ add_acts_as_authentic_module(Methods)
12
+ end
13
+ end
14
+
15
+ # Configuration to modify how Authlogic handles the email field.
16
+ module Config
17
+ # The name of the field that stores email addresses.
18
+ #
19
+ # * <tt>Default:</tt> :email, if it exists
20
+ # * <tt>Accepts:</tt> Symbol
21
+ def email_field(value = nil)
22
+ rw_config(:email_field, value, first_column_to_exist(nil, :email, :email_address))
23
+ end
24
+ alias_method :email_field=, :email_field
25
+
26
+ # Toggles validating the email field or not.
27
+ #
28
+ # * <tt>Default:</tt> true
29
+ # * <tt>Accepts:</tt> Boolean
30
+ def validate_email_field(value = nil)
31
+ rw_config(:validate_email_field, value, true)
32
+ end
33
+ alias_method :validate_email_field=, :validate_email_field
34
+
35
+ # A hash of options for the validates_length_of call for the email field. Allows you to change this however you want.
36
+ #
37
+ # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
38
+ # merge options into it. Checkout the convenience function merge_validates_length_of_email_field_options to merge
39
+ # options.</b>
40
+ #
41
+ # * <tt>Default:</tt> {:within => 6..100}
42
+ # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
43
+ def validates_length_of_email_field_options(value = nil)
44
+ rw_config(:validates_length_of_email_field_options, value, {:within => 6..100})
45
+ end
46
+ alias_method :validates_length_of_email_field_options=, :validates_length_of_email_field_options
47
+
48
+ # A convenience function to merge options into the validates_length_of_email_field_options. So intead of:
49
+ #
50
+ # self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(:my_option => my_value)
51
+ #
52
+ # You can do this:
53
+ #
54
+ # merge_validates_length_of_email_field_options :my_option => my_value
55
+ def merge_validates_length_of_email_field_options(options = {})
56
+ self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(options)
57
+ end
58
+
59
+ # A hash of options for the validates_format_of call for the email field. Allows you to change this however you want.
60
+ #
61
+ # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
62
+ # merge options into it. Checkout the convenience function merge_validates_format_of_email_field_options to merge
63
+ # options.</b>
64
+ #
65
+ # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}
66
+ # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
67
+ def validates_format_of_email_field_options(value = nil)
68
+ rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")})
69
+ end
70
+ alias_method :validates_format_of_email_field_options=, :validates_format_of_email_field_options
71
+
72
+ # See merge_validates_length_of_email_field_options. The same thing except for validates_format_of_email_field_options.
73
+ def merge_validates_format_of_email_field_options(options = {})
74
+ self.validates_format_of_email_field_options = validates_format_of_email_field_options.merge(options)
75
+ end
76
+
77
+ # A hash of options for the validates_uniqueness_of call for the email field. Allows you to change this however you want.
78
+ #
79
+ # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
80
+ # merge options into it. Checkout the convenience function merge_validates_uniqueness_of_email_field_options to merge
81
+ # options.</b>
82
+ #
83
+ # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym}
84
+ # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
85
+ def validates_uniqueness_of_email_field_options(value = nil)
86
+ rw_config(:validates_uniqueness_of_email_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym})
87
+ end
88
+ alias_method :validates_uniqueness_of_email_field_options=, :validates_uniqueness_of_email_field_options
89
+
90
+ # See merge_validates_length_of_email_field_options. The same thing except for validates_uniqueness_of_email_field_options.
91
+ def merge_validates_uniqueness_of_email_field_options(options = {})
92
+ self.validates_uniqueness_of_email_field_options = validates_uniqueness_of_email_field_options.merge(options)
93
+ end
94
+ end
95
+
96
+ # All methods relating to the email field
97
+ module Methods
98
+ def self.included(klass)
99
+ klass.class_eval do
100
+ if validate_email_field && email_field
101
+ validates_length_of email_field, validates_length_of_email_field_options
102
+ validates_format_of email_field, validates_format_of_email_field_options
103
+ validates_uniqueness_of email_field, validates_uniqueness_of_email_field_options
104
+ end
105
+ end
106
+ end
107
+ end
108
+ end
109
+ end
110
+ end
@@ -0,0 +1,60 @@
1
+ module Authlogic
2
+ module ActsAsAuthentic
3
+ # Since web applications are stateless there is not sure fire way to tell if a user is logged in or not,
4
+ # from the database perspective. The best way to do this is to provide a "timeout" based on inactivity.
5
+ # So if that user is inactive for a certain amount of time we assume they are logged out. That's what this
6
+ # module is all about.
7
+ module LoggedInStatus
8
+ def self.included(klass)
9
+ klass.class_eval do
10
+ extend Config
11
+ add_acts_as_authentic_module(Methods)
12
+ end
13
+ end
14
+
15
+ # All configuration for the logged in status feature set.
16
+ module Config
17
+ # The timeout to determine when a user is logged in or not.
18
+ #
19
+ # * <tt>Default:</tt> 10.minutes
20
+ # * <tt>Accepts:</tt> Fixnum
21
+ def logged_in_timeout(value = nil)
22
+ rw_config(:logged_in_timeout, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
23
+ end
24
+ alias_method :logged_in_timeout=, :logged_in_timeout
25
+ end
26
+
27
+ # All methods for the logged in status feature seat.
28
+ module Methods
29
+ def self.included(klass)
30
+ return if !klass.column_names.include?("last_request_at")
31
+
32
+ klass.class_eval do
33
+ include InstanceMethods
34
+
35
+ named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", logged_in_timeout.seconds.ago]} }
36
+ named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago]} }
37
+ end
38
+ end
39
+
40
+ module InstanceMethods
41
+ # Returns true if the last_request_at > logged_in_timeout.
42
+ def logged_in?
43
+ raise "Can not determine the records login state because there is no last_request_at column" if !respond_to?(:last_request_at)
44
+ !last_request_at.nil? && last_request_at > logged_in_timeout.seconds.ago
45
+ end
46
+
47
+ # Opposite of logged_in?
48
+ def logged_out?
49
+ !logged_in?
50
+ end
51
+
52
+ private
53
+ def logged_in_timeout
54
+ self.class.logged_in_timeout
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end
60
+ end