Empact-authlogic 2.1.4

data/lib/authlogic/acts_as_authentic/persistence_token.rb

@@ -0,0 +1,68 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Maintains the persistence token, the token responsible for persisting sessions. This token
+    # gets stores in the session and the cookie.
+    module PersistenceToken
+      def self.included(klass)
+        klass.class_eval do
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+      
+      # Methods for the persistence token.
+      module Methods
+        def self.included(klass)
+          klass.class_eval do
+            extend ClassMethods
+            include InstanceMethods
+            
+            if respond_to?(:after_password_set) && respond_to?(:after_password_verification)
+              after_password_set :reset_persistence_token
+              after_password_verification :reset_persistence_token!, :if => :reset_persistence_token?
+            end
+            
+            validates_presence_of :persistence_token
+            validates_uniqueness_of :persistence_token, :if => :persistence_token_changed?
+            
+            before_validation :reset_persistence_token, :if => :reset_persistence_token?
+          end
+        end
+        
+        # Class level methods for the persistence token.
+        module ClassMethods
+          # Resets ALL persistence tokens in the database, which will require all users to reauthenticate.
+          def forget_all
+            # Paginate these to save on memory
+            records = nil
+            i = 0
+            begin
+              records = find(:all, :limit => 50, :offset => i)
+              records.each { |record| record.forget! }
+              i += 50
+            end while !records.blank?
+          end
+        end
+        
+        # Instance level methods for the persistence token.
+        module InstanceMethods
+          # Resets the persistence_token field to a random hex value.
+          def reset_persistence_token
+            self.persistence_token = Authlogic::Random.hex_token
+          end
+          
+          # Same as reset_persistence_token, but then saves the record.
+          def reset_persistence_token!
+            reset_persistence_token
+            save_without_session_maintenance(false)
+          end
+          alias_method :forget!, :reset_persistence_token!
+          
+          private
+            def reset_persistence_token?
+              persistence_token.blank?
+            end
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/restful_authentication.rb

@@ -0,0 +1,61 @@
+module Authlogic
+  module ActsAsAuthentic
+    # This module is responsible for transitioning existing applications from the restful_authentication plugin.
+    module RestfulAuthentication
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          include InstanceMethods
+        end
+      end
+      
+      module Config
+        # Switching an existing app to Authlogic from restful_authentication? No problem, just set this true and your users won't know
+        # anything changed. From your database perspective nothing will change at all. Authlogic will continue to encrypt passwords
+        # just like restful_authentication, so your app won't skip a beat. Although, might consider transitioning your users to a newer
+        # and stronger algorithm. Checkout the transition_from_restful_authentication option.
+        #
+        # * <tt>Default:</tt> false
+        # * <tt>Accepts:</tt> Boolean
+        def act_like_restful_authentication(value = nil)
+          r = rw_config(:act_like_restful_authentication, value, false)
+          set_restful_authentication_config if value
+          r
+        end
+        alias_method :act_like_restful_authentication=, :act_like_restful_authentication
+        
+        # This works just like act_like_restful_authentication except that it will start transitioning your users to the algorithm you
+        # specify with the crypto provider option. The next time they log in it will resave their password with the new algorithm
+        # and any new record will use the new algorithm as well. Make sure to update your users table if you are using the default
+        # migration since it will set crypted_password and salt columns to a maximum width of 40 characters which is not enough. 
+        def transition_from_restful_authentication(value = nil)
+          r = rw_config(:transition_from_restful_authentication, value, false)
+          set_restful_authentication_config if value
+          r
+        end
+        alias_method :transition_from_restful_authentication=, :transition_from_restful_authentication
+        
+        private
+          def set_restful_authentication_config
+            crypto_provider_key = act_like_restful_authentication ? :crypto_provider : :transition_from_crypto_providers
+            self.send("#{crypto_provider_key}=", CryptoProviders::Sha1)
+            if !defined?(::REST_AUTH_SITE_KEY) || ::REST_AUTH_SITE_KEY.nil?
+              class_eval("::REST_AUTH_SITE_KEY = ''") if !defined?(::REST_AUTH_SITE_KEY)
+              CryptoProviders::Sha1.stretches = 1
+            end
+          end
+      end
+      
+      module InstanceMethods
+        private
+          def act_like_restful_authentication?
+            self.class.act_like_restful_authentication == true
+          end
+          
+          def transition_from_restful_authentication?
+            self.class.transition_from_restful_authentication == true
+          end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/session_maintenance.rb

@@ -0,0 +1,139 @@
+module Authlogic
+  module ActsAsAuthentic
+    # This is one of my favorite features that I think is pretty cool. It's things like this that make a library great
+    # and let you know you are on the right track.
+    #
+    # Just to clear up any confusion, Authlogic stores both the record id and the persistence token in the session.
+    # Why? So stale sessions can not be persisted. It stores the id so it can quickly find the record, and the
+    # persistence token to ensure no sessions are stale. So if the persistence token changes, the user must log
+    # back in.
+    #
+    # Well, the persistence token changes with the password. What happens if the user changes his own password?
+    # He shouldn't have to log back in, he's the one that made the change.
+    #
+    # That being said, wouldn't it be nice if their session and cookie information was automatically updated?
+    # Instead of cluttering up your controller with redundant session code. The same thing goes for new
+    # registrations.
+    #
+    # That's what this module is all about. This will automatically maintain the cookie and session values as
+    # records are saved.
+    module SessionMaintenance
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+      
+      module Config
+        # This is more of a convenience method. In order to turn off automatic maintenance of sessions just
+        # set this to false, or you can also set the session_ids method to a blank array. Both accomplish
+        # the same thing. This method is a little clearer in it's intentions though.
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def maintain_sessions(value = nil)
+          rw_config(:maintain_sessions, value, true)
+        end
+        alias_method :maintain_sessions=, :maintain_sessions
+        
+        # As you may know, authlogic sessions can be separate by id (See Authlogic::Session::Base#id). You can
+        # specify here what session ids you want auto maintained. By default it is the main session, which has
+        # an id of nil.
+        #
+        # * <tt>Default:</tt> [nil]
+        # * <tt>Accepts:</tt> Array
+        def session_ids(value = nil)
+          rw_config(:session_ids, value, [nil])
+        end
+        alias_method :session_ids=, :session_ids
+        
+        # The name of the associated session class. This is inferred by the name of the model.
+        #
+        # * <tt>Default:</tt> "#{klass.name}Session".constantize
+        # * <tt>Accepts:</tt> Class
+        def session_class(value = nil)
+          const = "#{base_class.name}Session".constantize rescue nil
+          rw_config(:session_class, value, const)
+        end
+        alias_method :session_class=, :session_class
+      end
+      
+      module Methods
+        def self.included(klass)
+          klass.class_eval do
+            before_save :get_session_information, :if => :update_sessions?
+            before_save :maintain_sessions, :if => :update_sessions?
+          end
+        end
+        
+        # Save the record and skip session maintenance all together.
+        def save_without_session_maintenance(*args)
+          self.skip_session_maintenance = true
+          result = save(*args)
+          self.skip_session_maintenance = false
+          result
+        end
+        
+        private
+          def skip_session_maintenance=(value)
+            @skip_session_maintenance = value
+          end
+          
+          def skip_session_maintenance
+            @skip_session_maintenance ||= false
+          end
+          
+          def update_sessions?
+            !skip_session_maintenance && session_class && session_class.activated? && self.class.maintain_sessions == true && !session_ids.blank? && persistence_token_changed?
+          end
+          
+          def get_session_information
+            # Need to determine if we are completely logged out, or logged in as another user
+            @_sessions = []
+            
+            session_ids.each do |session_id|
+              session = session_class.find(session_id, self)
+              @_sessions << session if session && session.record
+            end
+          end
+          
+          def maintain_sessions
+            if @_sessions.empty?
+              create_session
+            else
+              update_sessions
+            end
+          end
+          
+          def create_session
+            # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
+            # that need to be created after logging into the main session.
+            session_id = session_ids.first
+            session_class.create(*[self, self, session_id].compact)
+
+            return true
+          end
+          
+          def update_sessions
+            # We found sessions above, let's update them with the new info
+            @_sessions.each do |stale_session|
+              next if stale_session.record != self
+              stale_session.unauthorized_record = self
+              stale_session.save
+            end
+
+            return true
+          end
+          
+          def session_ids
+            self.class.session_ids
+          end
+          
+          def session_class
+            self.class.session_class
+          end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/single_access_token.rb

@@ -0,0 +1,65 @@
+module Authlogic
+  module ActsAsAuthentic
+    # This module is responsible for maintaining the single_access token. For more information the single access token and how to use it,
+    # see the Authlogic::Session::Params module.
+    module SingleAccessToken
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+      
+      # All configuration for the single_access token aspect of acts_as_authentic.
+      module Config
+        # The single access token is used for authentication via URLs, such as a private feed. That being said,
+        # if the user changes their password, that token probably shouldn't change. If it did, the user would have
+        # to update all of their URLs. So be default this is option is disabled, if you need it, feel free to turn
+        # it on.
+        #
+        # * <tt>Default:</tt> false
+        # * <tt>Accepts:</tt> Boolean
+        def change_single_access_token_with_password(value = nil)
+          rw_config(:change_single_access_token_with_password, value, false)
+        end
+        alias_method :change_single_access_token_with_password=, :change_single_access_token_with_password
+      end
+      
+      # All method, for the single_access token aspect of acts_as_authentic.
+      module Methods
+        def self.included(klass)
+          return if !klass.column_names.include?("single_access_token")
+          
+          klass.class_eval do
+            include InstanceMethods
+            validates_uniqueness_of :single_access_token, :if => :single_access_token_changed?
+            before_validation :reset_single_access_token, :if => :reset_single_access_token?
+            after_password_set(:reset_single_access_token, :if => :change_single_access_token_with_password?) if respond_to?(:after_password_set)
+          end
+        end
+        
+        module InstanceMethods
+          # Resets the single_access_token to a random friendly token.
+          def reset_single_access_token
+            self.single_access_token = Authlogic::Random.friendly_token
+          end
+        
+          # same as reset_single_access_token, but then saves the record.
+          def reset_single_access_token!
+            reset_single_access_token
+            save_without_session_maintenance
+          end
+      
+          protected
+            def reset_single_access_token?
+              single_access_token.blank?
+            end
+          
+            def change_single_access_token_with_password?
+              self.class.change_single_access_token_with_password == true
+            end
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/validations_scope.rb

@@ -0,0 +1,32 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Allows you to scope everything to specific fields.
+    # See the Config submodule for more info.
+    # For information on how to scope off of a parent object see Authlogic::AuthenticatesMany
+    module ValidationsScope
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+        end
+      end
+      
+      # All configuration for the scope feature.
+      module Config
+        # Allows you to scope everything to specific field(s). Works just like validates_uniqueness_of.
+        # For example, let's say a user belongs to a company, and you want to scope everything to the
+        # company:
+        #
+        #   acts_as_authentic do |c|
+        #     c.validations_scope = :company_id
+        #   end
+        #
+        # * <tt>Default:</tt> nil
+        # * <tt>Accepts:</tt> Symbol or Array of symbols
+        def validations_scope(value = nil)
+          rw_config(:validations_scope, value)
+        end
+        alias_method :validations_scope=, :validations_scope
+      end
+    end
+  end
+end

data/lib/authlogic/authenticates_many/association.rb

@@ -0,0 +1,42 @@
+module Authlogic
+  module AuthenticatesMany
+    # An object of this class is used as a proxy for the authenticates_many relationship. It basically allows you to "save" scope details
+    # and call them on an object, which allows you to do the following:
+    #
+    #   @account.user_sessions.new
+    #   @account.user_sessions.find
+    #   # ... etc
+    #
+    # You can call all of the class level methods off of an object with a saved scope, so that calling the above methods scopes the user
+    # sessions down to that specific account. To implement this via ActiveRecord do something like:
+    #
+    #   class User < ActiveRecord::Base
+    #     authenticates_many :user_sessions
+    #   end
+    class Association
+      attr_accessor :klass, :find_options, :id
+      
+      def initialize(klass, find_options, id)
+        self.klass = klass
+        self.find_options = find_options
+        self.id = id
+      end
+      
+      [:create, :create!, :find, :new].each do |method|
+        class_eval <<-"end_eval", __FILE__, __LINE__
+          def #{method}(*args)
+            klass.with_scope(scope_options) do
+              klass.#{method}(*args)
+            end
+          end
+        end_eval
+      end
+      alias_method :build, :new
+    
+      private
+        def scope_options
+          {:find_options => find_options, :id => id}
+        end
+    end
+  end
+end

data/lib/authlogic/authenticates_many/base.rb

@@ -0,0 +1,55 @@
+module Authlogic
+  # This allows you to scope your authentication. For example, let's say all users belong to an account, you want to make sure only users
+  # that belong to that account can actually login into that account. Simple, just do:
+  #
+  #   class Account < ActiveRecord::Base
+  #     authenticates_many :user_sessions
+  #   end
+  #
+  # Now you can scope sessions just like everything else in ActiveRecord:
+  #
+  #   @account.user_sessions.new(*args)
+  #   @account.user_sessions.create(*args)
+  #   @account.user_sessions.find(*args)
+  #   # ... etc
+  #
+  # Checkout the authenticates_many method for a list of options.
+  # You may also want to checkout Authlogic::ActsAsAuthentic::Scope to scope your model.
+  module AuthenticatesMany
+    module Base
+      # Allows you set essentially set up a relationship with your sessions. See module definition above for more details.
+      #
+      # === Options
+      #
+      # * <tt>session_class:</tt> default: "#{name}Session",
+      #   This is the related session class.
+      #   
+      # * <tt>relationship_name:</tt> default: options[:session_class].klass_name.underscore.pluralize,
+      #   This is the name of the relationship you want to use to scope everything. For example an Account has many Users. There should be a relationship
+      #   called :users that you defined with a has_many. The reason we use the relationship is so you don't have to repeat yourself. The relatonship
+      #   could have all kinds of custom options. So instead of repeating yourself we essentially use the scope that the relationship creates.
+      #
+      # * <tt>find_options:</tt> default: nil,
+      #   By default the find options are created from the relationship you specify with :relationship_name. But if you want to override this and
+      #   manually specify find_options you can do it here. Specify options just as you would in ActiveRecord::Base.find.
+      #
+      # * <tt>scope_cookies:</tt> default: false
+      #   By the nature of cookies they scope theirself if you are using subdomains to access accounts. If you aren't using subdomains you need to have
+      #   separate cookies for each account, assuming a user is logging into mroe than one account. Authlogic can take care of this for you by
+      #   prefixing the name of the cookie and sessin with the model id. You just need to tell Authlogic to do this by passing this option.
+      def authenticates_many(name, options = {})
+        options[:session_class] ||= name.to_s.classify.constantize
+        options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
+        class_eval <<-"end_eval", __FILE__, __LINE__
+          def #{name}
+            find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scope(:find)
+            find_options.delete_if { |key, value| ![:conditions, :include, :joins].include?(key.to_sym) || value.nil? }
+            @#{name} ||= Authlogic::AuthenticatesMany::Association.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
+          end
+        end_eval
+      end
+    end
+    
+    ::ActiveRecord::Base.extend(Base) if defined?(::ActiveRecord)
+  end
+end

data/lib/authlogic/controller_adapters/abstract_adapter.rb

@@ -0,0 +1,67 @@
+module Authlogic
+  module ControllerAdapters # :nodoc:
+    # Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter or MerbAdapter
+    # for an example of how to adapt Authlogic to work with your framework.
+    class AbstractAdapter
+      attr_accessor :controller
+
+      def initialize(controller)
+        self.controller = controller
+      end
+      
+      def authenticate_with_http_basic(&block)
+        @auth = Rack::Auth::Basic::Request.new(controller.request.env)
+        if @auth.provided? and @auth.basic?
+          block.call(*@auth.credentials)
+        else
+          false
+        end
+      end
+      
+      def cookies
+        controller.cookies
+      end
+      
+      def cookie_domain
+        raise NotImplementedError.new("The cookie_domain method has not been implemented by the controller adapter")
+      end
+
+      def params
+        controller.params
+      end
+
+      def request
+        controller.request
+      end
+
+      def request_content_type
+        request.content_type
+      end
+
+      def session
+        controller.session
+      end
+      
+      def responds_to_single_access_allowed?
+        controller.respond_to?(:single_access_allowed?, true)
+      end
+      
+      def single_access_allowed?
+        controller.send(:single_access_allowed?)
+      end
+      
+      def responds_to_last_request_update_allowed?
+        controller.respond_to?(:last_request_update_allowed?, true)
+      end
+      
+      def last_request_update_allowed?
+        controller.send(:last_request_update_allowed?)
+      end
+      
+      private
+        def method_missing(id, *args, &block)
+          controller.send(id, *args, &block)
+        end
+    end
+  end
+end

data/lib/authlogic/controller_adapters/merb_adapter.rb

@@ -0,0 +1,30 @@
+module Authlogic
+  module ControllerAdapters
+    # Adapts authlogic to work with merb. The point is to close the gap between what authlogic expects and what the merb controller object
+    # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
+    class MerbAdapter < AbstractAdapter
+      # Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
+      module MerbImplementation
+        def self.included(klass) # :nodoc:
+          klass.before :activate_authlogic
+        end
+        
+        def cookie_domain
+          Merb::Config[:session_cookie_domain]
+        end
+
+        private
+          def activate_authlogic
+            Authlogic::Session::Base.controller = MerbAdapter.new(self)
+          end
+      end
+    end
+  end
+end
+ 
+# make sure we're running inside Merb
+if defined?(Merb::Plugins)
+  Merb::BootLoader.before_app_loads do
+    Merb::Controller.send(:include, Authlogic::ControllerAdapters::MerbAdapter::MerbImplementation)
+  end
+end

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -0,0 +1,48 @@
+module Authlogic
+  module ControllerAdapters
+    # Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object
+    # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
+    class RailsAdapter < AbstractAdapter
+      class AuthlogicLoadedTooLateError < StandardError; end
+      
+      def authenticate_with_http_basic(&block)
+        controller.authenticate_with_http_basic(&block)
+      end
+      
+      def cookies
+        controller.send(:cookies)
+      end
+      
+      def cookie_domain
+        @cookie_domain_key ||= Rails::VERSION::STRING >= '2.3' ? :domain : :session_domain
+        ActionController::Base.session_options[@cookie_domain_key]
+      end
+      
+      def request_content_type
+        request.format.to_s
+      end
+      
+      # Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
+      module RailsImplementation
+        def self.included(klass) # :nodoc:
+          if defined?(::ApplicationController)
+            raise AuthlogicLoadedTooLateError.new("Authlogic is trying to prepend a before_filter in ActionController::Base to active itself" +
+              ", the problem is that ApplicationController has already been loaded meaning the before_filter won't get copied into your" +
+              " application. Generally this is due to another gem or plugin requiring your ApplicationController prematurely, such as" +
+              " the resource_controller plugin. The solution is to require Authlogic before these other gems / plugins. Please require" +
+              " authlogic first to get rid of this error.")
+          end
+          
+          klass.prepend_before_filter :activate_authlogic
+        end
+        
+        private
+          def activate_authlogic
+            Authlogic::Session::Base.controller = RailsAdapter.new(self)
+          end
+      end
+    end
+  end
+end
+
+ActionController::Base.send(:include, Authlogic::ControllerAdapters::RailsAdapter::RailsImplementation)

data/lib/authlogic/controller_adapters/sinatra_adapter.rb

@@ -0,0 +1,61 @@
+# Authlogic bridge for Sinatra
+module Authlogic
+  module ControllerAdapters
+    module SinatraAdapter
+      class Cookies
+        attr_reader :request, :response
+
+        def initialize(request, response)
+          @request = request
+          @response = response
+        end
+
+        def delete(key, options = {})
+          @request.cookies.delete(key)
+        end
+
+        def []=(key, options)
+          @response.set_cookie(key, options)
+        end
+
+        def method_missing(meth, *args, &block)
+          @request.cookies.send(meth, *args, &block)
+        end
+      end
+
+      class Controller
+        attr_reader :request, :response, :cookies
+
+        def initialize(request, response)
+          @request = request
+          @cookies = Cookies.new(request, response)
+        end
+
+        def session
+          env['rack.session']
+        end
+
+        def method_missing(meth, *args, &block)
+          @request.send meth, *args, &block
+        end
+      end
+
+      class Adapter < AbstractAdapter
+        def cookie_domain
+          env['SERVER_NAME']
+        end
+
+        module Implementation
+          def self.included(klass)
+            klass.send :before do
+              controller = Controller.new(request, response)
+              Authlogic::Session::Base.controller = Adapter.new(controller)
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+Sinatra::Request.send(:include, Authlogic::ControllerAdapters::SinatraAdapter::Adapter::Implementation)