Empact-authlogic 2.1.5 → 3.0.3

data/lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -11,7 +11,7 @@ module Authlogic
           add_acts_as_authentic_module(Methods)
         end
       end
-      
+
       # Change how the perishable token works.
       module Config
         # When using the find_using_perishable_token method the token can expire. If the token is expired, no
@@ -23,7 +23,7 @@ module Authlogic
           rw_config(:perishable_token_valid_for, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
         end
         alias_method :perishable_token_valid_for=, :perishable_token_valid_for
-        
+
         # Authlogic tries to expire and change the perishable token as much as possible, without comprising
         # it's purpose. This is for security reasons. If you want to manage it yourself, you can stop
         # Authlogic from getting your in way by setting this to true.
@@ -35,21 +35,21 @@ module Authlogic
         end
         alias_method :disable_perishable_token_maintenance=, :disable_perishable_token_maintenance
       end
-      
+
       # All methods relating to the perishable token.
       module Methods
         def self.included(klass)
           return if !klass.column_names.include?("perishable_token")
-          
+
           klass.class_eval do
             extend ClassMethods
             include InstanceMethods
-            
+
             validates_uniqueness_of :perishable_token, :if => :perishable_token_changed?
             before_save :reset_perishable_token, :unless => :disable_perishable_token_maintenance?
           end
         end
-        
+
         # Class level methods for the perishable token
         module ClassMethods
           # Use this methdo to find a record with a perishable token. This method does 2 things for you:
@@ -63,37 +63,37 @@ module Authlogic
           def find_using_perishable_token(token, age = self.perishable_token_valid_for)
             return if token.blank?
             age = age.to_i
-            
+
             conditions_sql = "perishable_token = ?"
             conditions_subs = [token]
-            
+
             if column_names.include?("updated_at") && age > 0
               conditions_sql += " and updated_at > ?"
               conditions_subs << age.seconds.ago
             end
-            
-            find(:first, :conditions => [conditions_sql, *conditions_subs])
+
+            where(conditions_sql, *conditions_subs).first
           end
-          
+
           # This method will raise ActiveRecord::NotFound if no record is found.
           def find_using_perishable_token!(token, age = perishable_token_valid_for)
             find_using_perishable_token(token, age) || raise(ActiveRecord::RecordNotFound)
           end
         end
-        
+
         # Instance level methods for the perishable token.
         module InstanceMethods
           # Resets the perishable token to a random friendly token.
           def reset_perishable_token
             self.perishable_token = Random.friendly_token
           end
-          
+
           # Same as reset_perishable_token, but then saves the record afterwards.
           def reset_perishable_token!
             reset_perishable_token
-            save_without_session_maintenance(false)
+            save_without_session_maintenance(:validate => false)
           end
-          
+
           # A convenience method based on the disable_perishable_token_maintenance configuration option.
           def disable_perishable_token_maintenance?
             self.class.disable_perishable_token_maintenance == true

data/lib/authlogic/acts_as_authentic/persistence_token.rb

@@ -53,7 +53,7 @@ module Authlogic
           # Same as reset_persistence_token, but then saves the record.
           def reset_persistence_token!
             reset_persistence_token
-            save_without_session_maintenance(false)
+            save_without_session_maintenance(:validate => false)
           end
           alias_method :forget!, :reset_persistence_token!
           

data/lib/authlogic/authenticates_many/base.rb

@@ -23,7 +23,7 @@ module Authlogic
       #
       # * <tt>session_class:</tt> default: "#{name}Session",
       #   This is the related session class.
-      #   
+      #
       # * <tt>relationship_name:</tt> default: options[:session_class].klass_name.underscore.pluralize,
       #   This is the name of the relationship you want to use to scope everything. For example an Account has many Users. There should be a relationship
       #   called :users that you defined with a has_many. The reason we use the relationship is so you don't have to repeat yourself. The relatonship
@@ -42,14 +42,13 @@ module Authlogic
         options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
         class_eval <<-"end_eval", __FILE__, __LINE__
           def #{name}
-            find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scope(:find)
-            find_options.delete_if { |key, value| ![:conditions, :include, :joins].include?(key.to_sym) || value.nil? }
+            find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scoped
             @#{name} ||= Authlogic::AuthenticatesMany::Association.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
           end
         end_eval
       end
     end
-    
+
     ::ActiveRecord::Base.extend(Base) if defined?(::ActiveRecord)
   end
 end

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -15,7 +15,7 @@ module Authlogic
       
       def cookie_domain
         @cookie_domain_key ||= Rails::VERSION::STRING >= '2.3' ? :domain : :session_domain
-        ActionController::Base.session_options[@cookie_domain_key]
+        controller.request.session_options[@cookie_domain_key]
       end
       
       def request_content_type

data/lib/authlogic/random.rb

@@ -13,7 +13,7 @@ module Authlogic
       
       def friendly_token
         # use base64url as defined by RFC4648
-        SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
+        SecureRandom.base64(15).tr('+/=', '').strip.delete("\n")
       end
     else
       def hex_token

data/lib/authlogic/session/active_record_trickery.rb

@@ -46,6 +46,14 @@ module Authlogic
             ::ActiveSupport::ModelName.new(self.to_s)
           end
         end
+
+        def i18n_scope
+          I18n.scope
+        end
+
+        def lookup_ancestors
+          ancestors.select { |x| x.respond_to?(:model_name) }
+        end
       end
       
       module InstanceMethods

data/lib/authlogic/session/callbacks.rb

@@ -66,7 +66,7 @@ module Authlogic
         base.define_callbacks *METHODS
         
         # If Rails 3, support the new callback syntax
-        if base.singleton_class.method_defined?(:set_callback)
+        if base.send(base.respond_to?(:singleton_class) ? :singleton_class : :metaclass).method_defined?(:set_callback)
           METHODS.each do |method|
             base.class_eval <<-"end_eval", __FILE__, __LINE__
               def self.#{method}(*methods, &block)
@@ -92,7 +92,7 @@ module Authlogic
         
         def save_record(alternate_record = nil)
           r = alternate_record || record
-          r.save_without_session_maintenance(false) if r && r.changed? && !r.readonly?
+          r.save_without_session_maintenance(:validate => false) if r && r.changed? && !r.readonly?
         end
     end
   end

data/lib/authlogic/session/cookies.rb

@@ -47,6 +47,24 @@ module Authlogic
           rw_config(:remember_me_for, value, 3.months, :_read)
         end
         alias_method :remember_me_for=, :remember_me_for
+
+        # Should the cookie be set as secure?  If true, the cookie will only be sent over SSL connections
+        #
+        # * <tt>Default:</tt> false
+        # * <tt>Accepts:</tt> Boolean
+        def secure(value = nil)
+          rw_config(:secure, value, false)
+        end
+        alias_method :secure=, :secure
+
+        # Should the cookie be set as httponly?  If true, the cookie will not be accessable from javascript
+        #
+        # * <tt>Default:</tt> false
+        # * <tt>Accepts:</tt> Boolean
+        def httponly(value = nil)
+          rw_config(:httponly, value, false)
+        end
+        alias_method :httponly=, :httponly
       end
       
       # The methods available for an Authlogic::Session::Base object that make up the cookie feature set.
@@ -91,7 +109,39 @@ module Authlogic
           return unless remember_me?
           remember_me_for.from_now
         end
-        
+
+        # If the cookie should be marked as secure (SSL only)
+        def secure
+          return @secure if defined?(@secure)
+          @secure = self.class.secure
+        end
+
+        # Accepts a boolean as to whether the cookie should be marked as secure.  If true the cookie will only ever be sent over an SSL connection.
+        def secure=(value)
+          @secure = value
+        end
+
+        # See secure
+        def secure?
+          secure == true || secure == "true" || secure == "1"
+        end
+
+        # If the cookie should be marked as httponly (not accessable via javascript)
+        def httponly
+          return @httponly if defined?(@httponly)
+          @httponly = self.class.httponly
+        end
+
+        # Accepts a boolean as to whether the cookie should be marked as httponly.  If true, the cookie will not be accessable from javascript
+        def httponly=(value)
+          @httponly = value
+        end
+
+        # See httponly
+        def httponly?
+          httponly == true || httponly == "true" || httponly == "1"
+        end
+
         private
           def cookie_key
             build_key(self.class.cookie_key)
@@ -117,6 +167,8 @@ module Authlogic
             controller.cookies[cookie_key] = {
               :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
               :expires => remember_me_until,
+              :secure => secure,
+              :httponly => httponly,
               :domain => controller.cookie_domain
             }
           end
@@ -127,4 +179,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/session/foundation.rb

@@ -6,6 +6,9 @@ module Authlogic
     module Foundation
       def self.included(klass)
         klass.class_eval do
+          class_attribute :acts_as_authentic_config
+          self.acts_as_authentic_config  ||= {}
+          
           extend ClassMethods
           include InstanceMethods
         end
@@ -15,10 +18,13 @@ module Authlogic
         private
           def rw_config(key, value, default_value = nil, read_value = nil)
             if value == read_value
-              return read_inheritable_attribute(key) if inheritable_attributes.include?(key)
-              write_inheritable_attribute(key, default_value)
+              return acts_as_authentic_config[key] if acts_as_authentic_config.include?(key)
+              rw_config(key, default_value)
             else
-              write_inheritable_attribute(key, value)
+              config = acts_as_authentic_config.clone
+              config[key] = value
+              self.acts_as_authentic_config = config
+              value
             end
           end
       end
@@ -53,6 +59,14 @@ module Authlogic
           "#<#{self.class.name}: #{credentials.blank? ? "no credentials provided" : credentials.inspect}>"
         end
         
+        def persisted?
+          !(new_record? || destroyed?)
+        end
+        
+        def to_key
+          new_record? ? nil : [ self.send(self.class.primary_key) ]
+        end
+        
         private
           def build_key(last_part)
             last_part

data/lib/authlogic/session/http_auth.rb

@@ -28,6 +28,41 @@ module Authlogic
           rw_config(:allow_http_basic_auth, value, true)
         end
         alias_method :allow_http_basic_auth=, :allow_http_basic_auth
+
+        # Whether or not to request HTTP authentication
+        #
+        # If set to true and no HTTP authentication credentials are sent with
+        # the request, the Rails controller method
+        # authenticate_or_request_with_http_basic will be used and a '401
+        # Authorization Required' header will be sent with the response.  In
+        # most cases, this will cause the classic HTTP authentication popup to
+        # appear in the users browser.
+        #
+        # If set to false, the Rails controller method
+        # authenticate_with_http_basic is used and no 401 header is sent.
+        #
+        # Note: This parameter has no effect unless allow_http_basic_auth is
+        # true
+        #
+        # * <tt>Default:</tt> false
+        # * <tt>Accepts:</tt> Boolean
+        def request_http_basic_auth(value = nil)
+          rw_config(:request_http_basic_auth, value, false)
+        end
+        alias_method :request_http_basic_auth=, :request_http_basic_auth
+
+        # HTTP authentication realm
+        #
+        # Sets the HTTP authentication realm.
+        #
+        # Note: This option has no effect unless request_http_basic_auth is true
+        #
+        # * <tt>Default:</tt> 'Application'
+        # * <tt>Accepts:</tt> String
+        def http_basic_auth_realm(value = nil)
+          rw_config(:http_basic_auth_realm, value, 'Application')
+        end
+        alias_method :http_basic_auth_realm=, :http_basic_auth_realm
       end
       
       # Instance methods for the HTTP basic auth feature of authlogic.
@@ -38,13 +73,19 @@ module Authlogic
           end
         
           def persist_by_http_auth
-            controller.authenticate_with_http_basic do |login, password|
+            login_proc = Proc.new do |login, password|
               if !login.blank? && !password.blank?
                 send("#{login_field}=", login)
                 send("#{password_field}=", password)
                 return valid?
               end
             end
+
+            if self.class.request_http_basic_auth
+              controller.authenticate_or_request_with_http_basic(self.class.http_basic_auth_realm, &login_proc)
+            else
+              controller.authenticate_with_http_basic(&login_proc)
+            end
         
             false
           end
@@ -55,4 +96,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/session/scopes.rb

@@ -12,14 +12,14 @@ module Authlogic
           attr_writer :scope
         end
       end
-      
+
       # = Scopes
       module ClassMethods
         # The current scope set, should be used in the block passed to with_scope.
         def scope
           Thread.current[:authlogic_scope]
         end
-        
+
         # What with_scopes focuses on is scoping the query when finding the object and the name of the cookie / session. It works very similar to
         # ActiveRecord::Base#with_scopes. It accepts a hash with any of the following options:
         #
@@ -34,11 +34,11 @@ module Authlogic
         #
         # Eseentially what the above does is scope the searching of the object with the sql you provided. So instead of:
         #
-        #   User.find(:first, :conditions => "login = 'ben'")
+        #   User.where("login = 'ben'").first
         #
         # it would be:
         #
-        #   User.find(:first, :conditions => "login = 'ben' and account_id = 2")
+        #   User.where("login = 'ben' and account_id = 2").first
         #
         # You will also notice the :id option. This works just like the id method. It scopes your cookies. So the name of your cookie will be:
         #
@@ -65,31 +65,31 @@ module Authlogic
           self.scope = nil
           result
         end
-        
+
         private
           def scope=(value)
             Thread.current[:authlogic_scope] = value
           end
       end
-      
+
       module InstanceMethods
         # Setting the scope if it exists upon instantiation.
         def initialize(*args)
           self.scope = self.class.scope
           super
         end
-        
+
         # The scope of the current object
         def scope
           @scope ||= {}
         end
-        
+
         private
           # Used for things like cookie_key, session_key, etc.
           def build_key(last_part)
             [scope[:id], super].compact.join("_")
           end
-          
+
           def search_for_record(*args)
             klass.send(:with_scope, :find => (scope[:find_options] || {})) do
               klass.send(*args)

data/lib/authlogic/test_case/mock_controller.rb

@@ -3,7 +3,7 @@ module Authlogic
     # Basically acts like a controller but doesn't do anything. Authlogic can interact with this, do it's thing and then you
     # can look at the controller object to see if anything changed.
     class MockController < ControllerAdapters::AbstractAdapter
-      attr_accessor :http_user, :http_password
+      attr_accessor :http_user, :http_password, :realm
       attr_writer :request_content_type
   
       def initialize
@@ -13,6 +13,12 @@ module Authlogic
         yield http_user, http_password
       end
   
+      def authenticate_or_request_with_http_basic(realm = 'DefaultRealm', &block)
+        self.realm = realm
+        @http_auth_requested = true
+        yield http_user, http_password
+      end
+
       def cookies
         @cookies ||= MockCookieJar.new
       end
@@ -40,6 +46,10 @@ module Authlogic
       def session
         @session ||= {}
       end
+
+      def http_auth_requested?
+        @http_auth_requested ||= false
+      end
     end
   end
-end
+end