authgasm 0.10.2 → 0.10.3

data/CHANGELOG.rdoc

@@ -1,3 +1,11 @@
+== 0.10.3 released 2008-10-31
+
+* Instead of raising an error when extra fields are passed in credentials=, just ignore them.
+* Added remember_me config option to set the default value.
+* Only call credential methods if an argument was passed.
+* More unit tests
+* Hardened automatic session updating. Also automatically log the user in if they change their password when logged out.
+
 == 0.10.2 released 2008-10-24
 
 * Added in stretches to the default Sha512 encryption algorithm.

data/README.rdoc

@@ -2,7 +2,7 @@
 
 Authgasm is "rails authentication done right"
 
-The last thing we need is another authentication solution for rails, right? That's what I thought. It was disappointing to find that all of the current solutions were overly complicated, bloated, poorly written, littered my application with code, or were just plain confusing. They felt very Microsoftish. It's like some Microsoft .NET engineers decided to dabble in ruby / rails for a day and their project was to write an authentication solution. This is not the simple / elegant rails we all fell in love with. It's time someone makes a "rails like" authentication solution. So I give you Authgasm...
+The last thing we need is another authentication solution for rails, right? That's what I thought until I tried out some of the current solutions. None of them felt right. They were either too complicated, bloated, littered my application with tons of code, or were just confusing. This is not the simple / elegant rails we all fell in love with. We need a "rails like" authentication solution. Authgasm is my attempt to satisfy that need...
 
 What if you could have authentication up and running in minutes without having to run a generator? All because it's simple, like everything else in rails.
 
@@ -95,7 +95,7 @@ It is important to set your configuration for your session before you set the co
 
 === Ensure proper database fields
 
-The user model needs to have the following columns. The names of these columns can be changed with configuration. Better yet, Authgasm tries to guess these names by checking for the existence of common names. See Authgasm::Session::Config::ClassMethods for more details, but chances are you won't have to specify any configuration for your field names.
+The user model needs to have the following columns. The names of these columns can be changed with configuration. Better yet, Authgasm tries to guess these names by checking for the existence of common names. See Authgasm::Session::Config::ClassMethods for more details, but chances are you won't have to specify any configuration for your field names, even if they aren't the same names as below.
 
     t.string    :login, :null => false
     t.string    :crypted_password, :null => false
@@ -238,19 +238,25 @@ From there it is pretty simple. When you try to create a new session the record
 
 You probably don't care, but I think releasing the millionth authentication solution for a framework that has been around for over 4 years requires a little explanation.
 
-I don't necessarily think the current solutions are "wrong", nor am I saying Authgasm is the answer to our prayers. But the current solutions were pretty disappointing. Especially when the rails community is full of brilliant programmers, and the best we could come up with was the "restful-authentication" plugin. This was just sad, and frankly kind of irritated me. Here's why...
+I don't necessarily think the current solutions are "wrong", nor am I saying Authgasm is the answer to your prayers. But, to me, the current solutions were lacking something. Here's what I came up with...
 
 === Generators are not the answer
 
-Generators have their place, and it certainly is not to add authentication to a rails app. It doesn't make sense. Generators are meant to be a starting point for repetitive tasks that have no sustainable pattern. Take controllers, the set up is the same thing over and over, but they eventually evolve to a point where there is no clear cut pattern. Trying to extract a pattern out into a library would be extremely hard, messy, and overly complicated. As a result, generators make sense here.
+Generators have their place, and it is not to add authentication to a rails app. It doesn't make sense. Generators are meant to be a starting point for repetitive tasks that have no sustainable pattern. Take controllers, the set up is the same thing over and over, but they eventually evolve to a point where there is no clear cut pattern. Trying to extract a pattern out into a library would be extremely hard, messy, and overly complicated. As a result, generators make sense here.
 
-Authentication is a one time set up process for your app. It's the same thing over and over and the pattern never really changes. The only time it changes is to conform with newer / stricter security techniques. This is exactly why generators should not be an authentication solution. Generators litter your application with code that you get to maintain. You get to make sure it stays up with the latest and greatest security techniques. How fun! Oh, and when the plugin you used releases some major update, you can't just re-run the generator, you get to sift through the code to see what changed! Awesome! The cherry on top is the fact that you get to go through every app you've made and apply this update. You don't really have a choice either, because you can't ignore security updates.
+Authentication is a one time set up process for your app. It's the same thing over and over and the pattern never really changes. The only time it changes is to conform with newer / stricter security techniques. This is exactly why generators should not be an authentication solution. Generators add code to your application, once code crosses that line, you are responsible for maintaining it. You get to make sure it stays up with the latest and greatest security techniques. And when the plugin you used releases some major update, you can't just re-run the generator, you get to sift through the code to see what changed. You don't really have a choice either, because you can't ignore security updates.
 
-Security moves fast, and hackers make sure of this. As a result, it should be easy to update. Doesn't it make sense to leverage a library to handle this functionality for you? This way, when some new security technique is released, or a bug with your authentication system is found, you can fix it with a simple update. Just like everything else in ruby / rails.
+Using a library that hundreds of other people use has it advantages. Probably one of the biggest advantages if that you get to benefit from other people using the same code. When Bob in California figures out a new awesome security technique and adds it into Authgasm, you get to benefit from that with a single update. The catch is that this benefit is limited to code that is not "generated" or added into your app. As I said above, once code is "generated" and added into your app, it's your responsibility.
+
+Lastly, there is a pattern here, why clutter up all of your applications with the same code? I recently switched over one of my apps to Authgasm and its amazing how much cleaner my app feels.
 
 === Limited to a single authentication
 
 I recently had an app where you could log in as a user and also log in as an employee. I won't go into the specifics of the app, but it made the most sense to do it this way. So I had two sessions in one app. None of the current solutions I found easily supported this. They all assumed a single session. One session was messy enough, adding another just put me over the edge and eventually forced me to write Authgasm. Authgasm can support 100 different sessions easily and in a clean format. Just like an app can support 100 different models and 100 different records of each model.
 
+=== Too presumptuous
+
+A lot of them forced me to name my password column as "this", or the key of my cookie had to be "this". They were a little too presumptuous. I am probably overly picky, but little details like that should be configurable. This also made it very hard to implement into an existing app.
+
 
 Copyright (c) 2008 Ben Johnson of [Binary Logic](http://www.binarylogic.com), released under the MIT license

data/authgasm.gemspec

@@ -1,184 +1,38 @@
+Gem::Specification.new do |s|
+  s.name = %q{authgasm}
+  s.version = "0.10.3"
 
-# Gem::Specification for Authgasm-0.10.2
-# Originally generated by Echoe
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Ben Johnson of Binary Logic"]
+  s.date = %q{2008-10-31}
+  s.description = %q{Rails authentication done right}
+  s.email = %q{bjohnson@binarylogic.com}
+  s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authgasm/acts_as_authentic.rb", "lib/authgasm/controller_adapters/abstract_adapter.rb", "lib/authgasm/controller_adapters/rails_adapter.rb", "lib/authgasm/session/active_record_trickery.rb", "lib/authgasm/session/base.rb", "lib/authgasm/session/callbacks.rb", "lib/authgasm/session/config.rb", "lib/authgasm/session/errors.rb", "lib/authgasm/sha512_crypto_provider.rb", "lib/authgasm/version.rb", "lib/authgasm.rb", "README.rdoc"]
+  s.files = ["CHANGELOG.rdoc", "init.rb", "lib/authgasm/acts_as_authentic.rb", "lib/authgasm/controller_adapters/abstract_adapter.rb", "lib/authgasm/controller_adapters/rails_adapter.rb", "lib/authgasm/session/active_record_trickery.rb", "lib/authgasm/session/base.rb", "lib/authgasm/session/callbacks.rb", "lib/authgasm/session/config.rb", "lib/authgasm/session/errors.rb", "lib/authgasm/sha512_crypto_provider.rb", "lib/authgasm/version.rb", "lib/authgasm.rb", "Manifest", "MIT-LICENSE", "Rakefile", "README.rdoc", "test_app/app/controllers/application.rb", "test_app/app/controllers/user_sessions_controller.rb", "test_app/app/controllers/users_controller.rb", "test_app/app/helpers/application_helper.rb", "test_app/app/helpers/user_sessions_helper.rb", "test_app/app/helpers/users_helper.rb", "test_app/app/models/user.rb", "test_app/app/models/user_session.rb", "test_app/app/views/layouts/application.html.erb", "test_app/app/views/user_sessions/new.html.erb", "test_app/app/views/users/_form.erb", "test_app/app/views/users/edit.html.erb", "test_app/app/views/users/new.html.erb", "test_app/app/views/users/show.html.erb", "test_app/config/boot.rb", "test_app/config/database.yml", "test_app/config/environment.rb", "test_app/config/environments/development.rb", "test_app/config/environments/production.rb", "test_app/config/environments/test.rb", "test_app/config/initializers/inflections.rb", "test_app/config/initializers/mime_types.rb", "test_app/config/initializers/new_rails_defaults.rb", "test_app/config/routes.rb", "test_app/db/development.sqlite3", "test_app/db/migrate/20081023040052_create_users.rb", "test_app/db/schema.rb", "test_app/db/test.sqlite3", "test_app/doc/README_FOR_APP", "test_app/public/404.html", "test_app/public/422.html", "test_app/public/500.html", "test_app/public/dispatch.cgi", "test_app/public/dispatch.fcgi", "test_app/public/dispatch.rb", "test_app/public/favicon.ico", "test_app/public/images/rails.png", "test_app/public/javascripts/application.js", "test_app/public/javascripts/controls.js", "test_app/public/javascripts/dragdrop.js", "test_app/public/javascripts/effects.js", "test_app/public/javascripts/prototype.js", "test_app/public/robots.txt", "test_app/public/stylesheets/scaffold.css", "test_app/Rakefile", "test_app/README", "test_app/script/about", "test_app/script/console", "test_app/script/dbconsole", "test_app/script/destroy", "test_app/script/generate", "test_app/script/performance/benchmarker", "test_app/script/performance/profiler", "test_app/script/performance/request", "test_app/script/plugin", "test_app/script/process/inspector", "test_app/script/process/reaper", "test_app/script/process/spawner", "test_app/script/runner", "test_app/script/server", "test_app/test/fixtures/users.yml", "test_app/test/functional/user_sessions_controller_test.rb", "test_app/test/functional/users_controller_test.rb", "test_app/test/integration/user_sesion_stories_test.rb", "test_app/test/integration/user_session_test.rb", "test_app/test/test_helper.rb", "test_app/test/unit/user_test.rb", "authgasm.gemspec"]
+  s.has_rdoc = true
+  s.homepage = %q{http://github.com/binarylogic/authgasm}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Authgasm", "--main", "README.rdoc"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{authgasm}
+  s.rubygems_version = %q{1.2.0}
+  s.summary = %q{Rails authentication done right}
 
---- !ruby/object:Gem::Specification 
-name: authgasm
-version: !ruby/object:Gem::Version 
-  version: 0.10.2
-platform: ruby
-authors: 
-- Ben Johnson of Binary Logic
-autorequire: 
-bindir: bin
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
 
-date: 2008-10-29 00:00:00 -04:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
-  name: activesupport
-  type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
-    version: 
-- !ruby/object:Gem::Dependency 
-  name: activerecord
-  type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
-    version: 
-- !ruby/object:Gem::Dependency 
-  name: echoe
-  type: :development
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
-    version: 
-description: Rails authentication done right
-email: bjohnson@binarylogic.com
-executables: []
-
-extensions: []
-
-extra_rdoc_files: 
-- CHANGELOG.rdoc
-- lib/authgasm/acts_as_authentic.rb
-- lib/authgasm/controller_adapters/abstract_adapter.rb
-- lib/authgasm/controller_adapters/rails_adapter.rb
-- lib/authgasm/session/active_record_trickery.rb
-- lib/authgasm/session/base.rb
-- lib/authgasm/session/callbacks.rb
-- lib/authgasm/session/config.rb
-- lib/authgasm/session/errors.rb
-- lib/authgasm/sha512_crypto_provider.rb
-- lib/authgasm/version.rb
-- lib/authgasm.rb
-- README.rdoc
-files: 
-- CHANGELOG.rdoc
-- init.rb
-- lib/authgasm/acts_as_authentic.rb
-- lib/authgasm/controller_adapters/abstract_adapter.rb
-- lib/authgasm/controller_adapters/rails_adapter.rb
-- lib/authgasm/session/active_record_trickery.rb
-- lib/authgasm/session/base.rb
-- lib/authgasm/session/callbacks.rb
-- lib/authgasm/session/config.rb
-- lib/authgasm/session/errors.rb
-- lib/authgasm/sha512_crypto_provider.rb
-- lib/authgasm/version.rb
-- lib/authgasm.rb
-- Manifest
-- MIT-LICENSE
-- Rakefile
-- README.rdoc
-- test_app/app/controllers/application.rb
-- test_app/app/controllers/user_sessions_controller.rb
-- test_app/app/controllers/users_controller.rb
-- test_app/app/helpers/application_helper.rb
-- test_app/app/helpers/user_sessions_helper.rb
-- test_app/app/helpers/users_helper.rb
-- test_app/app/models/user.rb
-- test_app/app/models/user_session.rb
-- test_app/app/views/layouts/application.html.erb
-- test_app/app/views/user_sessions/new.html.erb
-- test_app/app/views/users/_form.erb
-- test_app/app/views/users/edit.html.erb
-- test_app/app/views/users/new.html.erb
-- test_app/app/views/users/show.html.erb
-- test_app/config/boot.rb
-- test_app/config/database.yml
-- test_app/config/environment.rb
-- test_app/config/environments/development.rb
-- test_app/config/environments/production.rb
-- test_app/config/environments/test.rb
-- test_app/config/initializers/inflections.rb
-- test_app/config/initializers/mime_types.rb
-- test_app/config/initializers/new_rails_defaults.rb
-- test_app/config/routes.rb
-- test_app/db/development.sqlite3
-- test_app/db/migrate/20081023040052_create_users.rb
-- test_app/db/schema.rb
-- test_app/db/test.sqlite3
-- test_app/doc/README_FOR_APP
-- test_app/public/404.html
-- test_app/public/422.html
-- test_app/public/500.html
-- test_app/public/dispatch.cgi
-- test_app/public/dispatch.fcgi
-- test_app/public/dispatch.rb
-- test_app/public/favicon.ico
-- test_app/public/images/rails.png
-- test_app/public/javascripts/application.js
-- test_app/public/javascripts/controls.js
-- test_app/public/javascripts/dragdrop.js
-- test_app/public/javascripts/effects.js
-- test_app/public/javascripts/prototype.js
-- test_app/public/robots.txt
-- test_app/public/stylesheets/scaffold.css
-- test_app/Rakefile
-- test_app/README
-- test_app/script/about
-- test_app/script/console
-- test_app/script/dbconsole
-- test_app/script/destroy
-- test_app/script/generate
-- test_app/script/performance/benchmarker
-- test_app/script/performance/profiler
-- test_app/script/performance/request
-- test_app/script/plugin
-- test_app/script/process/inspector
-- test_app/script/process/reaper
-- test_app/script/process/spawner
-- test_app/script/runner
-- test_app/script/server
-- test_app/test/fixtures/users.yml
-- test_app/test/functional/user_sessions_controller_test.rb
-- test_app/test/functional/users_controller_test.rb
-- test_app/test/integration/user_sesion_stories_test.rb
-- test_app/test/integration/user_session_test.rb
-- test_app/test/test_helper.rb
-- test_app/test/unit/user_test.rb
-- authgasm.gemspec
-has_rdoc: true
-homepage: http://github.com/binarylogic/authgasm
-post_install_message: 
-rdoc_options: 
-- --line-numbers
-- --inline-source
-- --title
-- Authgasm
-- --main
-- README.rdoc
-require_paths: 
-- lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-  version: 
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "1.2"
-  version: 
-requirements: []
-
-rubyforge_project: authgasm
-rubygems_version: 1.2.0
-specification_version: 2
-summary: Rails authentication done right
-test_files: []
+    if current_version >= 3 then
+      s.add_runtime_dependency(%q<activesupport>, [">= 0"])
+      s.add_runtime_dependency(%q<activerecord>, [">= 0"])
+      s.add_development_dependency(%q<echoe>, [">= 0"])
+    else
+      s.add_dependency(%q<activesupport>, [">= 0"])
+      s.add_dependency(%q<activerecord>, [">= 0"])
+      s.add_dependency(%q<echoe>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<activesupport>, [">= 0"])
+    s.add_dependency(%q<activerecord>, [">= 0"])
+    s.add_dependency(%q<echoe>, [">= 0"])
+  end
+end

data/lib/authgasm/acts_as_authentic.rb

@@ -31,7 +31,7 @@ module Authgasm
       #   user.password=              Method name based on the :password_field option. This is used to set the password. Pass the *raw* password to this.
       #   user.confirm_password=      Confirms the password, needed to change the password.
       #   user.valid_password?(pass)  Determines if the password passed is valid. The password could be encrypted or raw.
-      #   user.randomize_password!    Basically resets the password to a random password using only letters and numbers.
+      #   user.reset_password!        Basically resets the password to a random password using only letters and numbers.
       #   user.logged_in?             Based on the :logged_in_timeout option. Tells you if the user is logged in or not.
       #   user.forget!                Changes their remember token, making their cookie and session invalid. A way to log the user out withouth changing their password.
       #
@@ -89,14 +89,13 @@ module Authgasm
         validate :validate_password
         validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
         
-        if column_names.include?("last_click_at")
-          named_scope :logged_in, lambda { {:conditions => ["last_click_at > ?", options[:logged_in_timeout].ago]} }
-          named_scope :logged_out, lambda { {:conditions => ["last_click_at <= ?", options[:logged_in_timeout].ago]} }
+        if column_names.include?("last_request_at")
+          named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", options[:logged_in_timeout].ago]} }
+          named_scope :logged_out, lambda { {:conditions => ["last_request_at <= ?", options[:logged_in_timeout].ago]} }
         end
         
-        after_create :create_sessions!
-        before_update :find_my_sessions
-        after_update :update_sessions!
+        before_save :get_session_information, :if => :update_sessions?
+        after_save :maintain_sessions!, :if => :update_sessions?
         
         # Attributes
         attr_writer "confirm_#{options[:password_field]}"
@@ -125,10 +124,10 @@ module Authgasm
         end_eval
         
         # Instance methods
-        if column_names.include?("last_click_at")
+        if column_names.include?("last_request_at")
           class_eval <<-"end_eval", __FILE__, __LINE__
             def logged_in?
-              !last_click_at.nil? && last_click_at > #{options[:logged_in_timeout].to_i}.seconds.ago
+              !last_request_at.nil? && last_request_at > #{options[:logged_in_timeout].to_i}.seconds.ago
             end
           end_eval
         end
@@ -176,62 +175,75 @@ module Authgasm
           end
           
           def forget!
-            update_attribute(:#{options[:remember_token_field]}, self.class.unique_token)
+            self.#{options[:remember_token_field]} = self.class.unique_token
+            save_without_session_maintenance(false)
           end
           
-          def randomize_#{options[:password_field]}!
+          def reset_#{options[:password_field]}!
             chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
             newpass = ""
             1.upto(10) { |i| newpass << chars[rand(chars.size-1)] }
             self.#{options[:password_field]} = newpass
             self.confirm_#{options[:password_field]} = newpass
+            save_without_session_maintenance(false)
           end
+          alias_method :randomize_password!, :reset_password!
           
-          def save_from_session(*args)
-            @saving_from_session = true
+          def save_without_session_maintenance(*args)
+            @skip_session_maintenance = true
             result = save(*args)
-            @saving_from_session = false
+            @skip_session_maintenance = false
             result
           end
           
           protected
-            def create_sessions!
-              return if !#{options[:session_class]}.activated? || #{options[:session_ids].inspect}.blank?
+            def update_sessions?
+              !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{options[:remember_token_field]}_changed?
+            end
+            
+            def get_session_information
+              # Need to determine if we are completely logged out, or logged in as another user
+              @_sessions = []
+              @_logged_out = true
               
+              #{options[:session_ids].inspect}.each do |session_id|
+                session = #{options[:session_class]}.find(*[session_id].compact)
+                if session
+                  if !session.record.blank?
+                    @_logged_out = false
+                    @_sessions << session if session.record == self
+                  end
+                end
+              end
+            end
+            
+            def maintain_sessions!
+              if @_logged_out
+                create_session!
+              elsif !@_sessions.blank?
+                update_sessions!
+              end
+            end
+            
+            def create_session!
               # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
               # that need to be created after logging into the main session.
               session_id = #{options[:session_ids].inspect}.first
               
               # If we are already logged in, ignore this completely. All that we care about is updating ourself.
               next if #{options[:session_class]}.find(*[session_id].compact)
-              
+                            
               # Log me in
               args = [self, session_id].compact
               #{options[:session_class]}.create(*args)
             end
             
-            def find_my_sessions
-              return if @saving_from_session || !#{options[:session_class]}.activated? || #{options[:session_ids].inspect}.blank?
-              
-              @my_sessions = []
-              #{options[:session_ids].inspect}.each do |session_id|
-                session = #{options[:session_class]}.find(*[session_id].compact)
-                
-                # Ignore if we can't find the session or the session isn't this record
-                next if !session || session.record != self
-                
-                @my_sessions << session
-              end
-            end
-            
             def update_sessions!
-              return if @saving_from_session || @my_sessions.blank?
-              
-              @my_sessions.each do |stale_session|
+              # We found sessions above, let's update them with the new info
+              @_sessions.each do |stale_session|
                 stale_session.unauthorized_record = self
                 stale_session.save
               end
-              @my_sessions = nil
             end
             
             def tried_to_set_password?

data/lib/authgasm/session/base.rb

@@ -54,7 +54,7 @@ module Authgasm
             if session.send("valid_#{find_method}?")
               if session.record.class.column_names.include?("last_request_at")
                 session.record.last_request_at = Time.now
-                session.record.save_from_session(false)
+                session.record.save_without_session_maintenance(false)
               end
               return session
             end
@@ -84,7 +84,7 @@ module Authgasm
           end
       end
     
-      attr_accessor :login_with, :new_session, :remember_me
+      attr_accessor :login_with, :new_session
       attr_reader :record, :unauthorized_record
       attr_writer :id
     
@@ -93,12 +93,14 @@ module Authgasm
       #   UserSession.new
       #   UserSession.new(login, password)
       #   UserSession.new(:login => login, :password => password)
+      #   UserSession.new(User.first)
       #
       # If a user has more than one session you need to pass an id so that Authgasm knows how to differentiate the sessions. The id MUST be a Symbol.
       #
       #   UserSession.new(:my_id)
       #   UserSession.new(login, password, :my_id)
       #   UserSession.new({:login => loing, :password => password}, :my_id)
+      #   UserSession.new(User.first, :my_id)
       #
       # Ids are rarely used, but they can be useful. For example, what if users allow other users to login into their account via proxy? Now that user can "technically" be logged into 2 accounts at once.
       # To solve this just pass a id called :proxy, or whatever you want. Authgasm will separate everything out.
@@ -119,9 +121,9 @@ module Authgasm
             self.unauthorized_record = credentials_or_record
           end
         else
-          send("#{login_field}=", args[0])
-          send("#{password_field}=", args[1])
-          self.remember_me = args[2]
+          send("#{login_field}=", args[0]) if args.size > 0
+          send("#{password_field}=", args[1]) if args.size > 1
+          self.remember_me = args[2] if args.size > 2
         end
       end
       
@@ -131,11 +133,14 @@ module Authgasm
         {login_field => send(login_field), password_field => "<Protected>"}
       end
       
-      # Lets you set your loging and password via a hash format.
+      # Lets you set your loging and password via a hash format. This is "params" safe. It only allows for 3 keys: your login field name, password field name, and remember me.
       def credentials=(values)
         return if values.blank? || !values.is_a?(Hash)
-        raise(ArgumentError, "Only 2 credentials are allowed: #{login_field} and #{password_field}") if (values.keys - [login_field.to_sym, login_field.to_s, password_field.to_sym, password_field.to_s]).size > 0
-        values.each { |field, value| send("#{field}=", value) }
+        values.symbolize_keys!
+        [login_field.to_sym, password_field.to_sym, :remember_me].each do |field|
+          next if !values.key?(field)
+          send("#{field}=", values[field])
+        end
       end
       
       # Resets everything, your errors, record, cookies, and session. Basically "logs out" a user.
@@ -192,11 +197,22 @@ module Authgasm
         "#<#{self.class.name} #{details.inspect}>"
       end
       
-      
+      # Similar to ActiveRecord's new_record? Returns true if the session has not been saved yet.
       def new_session?
         new_session != false
       end
       
+      def remember_me # :nodoc:
+        return @remember_me if @set_remember_me
+        @remember_me ||= self.class.remember_me
+      end
+      
+      # Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for "remember_me_until".
+      def remember_me=(value)
+        @set_remember_me = true
+        @remember_me = value
+      end
+      
       # Allows users to be remembered via a cookie.
       def remember_me?
         remember_me == true || remember_me == "true" || remember_me == "1"
@@ -234,7 +250,7 @@ module Authgasm
             record.current_login_ip = controller.request.remote_ip
           end
           
-          record.save_from_session(false)
+          record.save_without_session_maintenance(false)
           
           self.new_session = false
           self

data/lib/authgasm/session/config.rb

@@ -104,6 +104,15 @@ module Authgasm
         end
         attr_writer :password_field
         
+        # If sessions should be remembered by default or not.
+        #
+        # * <tt>Default:</tt> false
+        # * <tt>Accepts:</tt> Boolean
+        def remember_me
+          @remember_me
+        end
+        attr_writer :remember_me
+        
         # The length of time until the cookie expires.
         #
         # * <tt>Default:</tt> 3.months

data/lib/authgasm/version.rb

@@ -44,7 +44,7 @@ module Authgasm # :nodoc:
 
     MAJOR = 0
     MINOR = 10
-    TINY  = 2
+    TINY  = 3
 
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/test_app/app/controllers/users_controller.rb

@@ -1,6 +1,7 @@
 class UsersController < ApplicationController
   before_filter :require_no_user, :only => [:new, :create]
-  before_filter :require_user, :only => [:show, :edit, :update]
+  before_filter :require_user, :only => [:edit, :update]
+  before_filter :load_user, :except => [:new, :create]
   
   def new
     @user = User.new
@@ -17,11 +18,24 @@ class UsersController < ApplicationController
   end
   
   def show
-    @user = @current_user
+    if @user
+      @user.update_attribute(:profile_views, @user.profile_views + 1) if @user && params[:id]
+    else
+      flash[:notice] = "We're sorry, but no user was found"
+      redirect_to new_user_session_url
+    end
   end
   
-  def edit
-    @user = @current_user
+  # This is a method created for tests only, to make sure users logged out get logged in when changing passwords
+  def reset_password
+    if @user
+      @user.password = "saweet"
+      @user.confirm_password = "saweet"
+      @user.save
+    else
+      flash[:notice] = "We're sorry, but no user was found"
+      redirect_to new_user_session_url
+    end
   end
   
   def update
@@ -34,4 +48,14 @@ class UsersController < ApplicationController
       render :action => :edit
     end
   end
+  
+  private
+    def load_user
+      if params[:id]
+        @user = User.find_by_id(params[:id])
+        @user.update_attribute(:profile_views, @user.profile_views + 1) if @user
+      else
+        @user = @current_user
+      end
+    end
 end

data/test_app/app/models/user_session.rb

@@ -1,3 +1,3 @@
 class UserSession < Authgasm::Session::Base
-  
+  self.remember_me = true
 end

data/test_app/app/views/user_sessions/new.html.erb

@@ -9,5 +9,7 @@
   <%= f.label :password %><br />
   <%= f.password_field :password %><br />
   <br />
+  <%= f.check_box :remember_me %><%= f.label :remember_me %><br />
+  <br />
   <%= f.submit "Login" %>
 <% end %>

data/test_app/app/views/users/show.html.erb

@@ -1,23 +1,29 @@
-<h1><%= @current_user.login %></h1>
+<h1><%= @user.login %></h1>
 
 <table>
   <tr>
     <td>Login:</td>
-    <td><%= @current_user.login %></td>
+    <td><%= @user.login %></td>
   </tr>
   <tr>
     <td>Login count:</td>
-    <td><%= @current_user.login_count %></td>
+    <td><%= @user.login_count %></td>
+  </tr>
+  <tr>
+    <td>Profile views:</td>
+    <td><%= @user.profile_views %></td>
   </tr>
   <tr>
     <td>First name:</td>
-    <td><%= @current_user.first_name %></td>
+    <td><%= @user.first_name %></td>
   </tr>
   <tr>
     <td>Last name:</td>
-    <td><%= @current_user.last_name %></td>
+    <td><%= @user.last_name %></td>
   </tr>
 </table>
 <br />
 
-<%= link_to "Edit", edit_account_path %><br />
+<% if @user == @current_user %>
+  <%= link_to "Edit", edit_account_path %><br />
+<% end %>

data/test_app/config/routes.rb

@@ -1,5 +1,6 @@
 ActionController::Routing::Routes.draw do |map|
   map.resource :user_session
   map.resource :account, :controller => "users"
+  map.resources :users, :member => {:reset_password => :get}
   map.default "/", :controller => "user_sessions", :action => "new"
 end

data/test_app/db/migrate/20081023040052_create_users.rb

@@ -2,13 +2,15 @@ class CreateUsers < ActiveRecord::Migration
   def self.up
     create_table :users do |t|
       t.timestamps
-      t.integer :login_count, :null => false, :default => 0
       t.string :login, :null => false
       t.string :crypted_password
       t.string :password_salt
       t.string :remember_token
       t.string :first_name
       t.string :last_name
+      t.integer :login_count, :null => false, :default => 0
+      t.datetime :last_request_at
+      t.integer :profile_views, :null => false, :default => 0
     end
   end
 

data/test_app/db/schema.rb

@@ -14,13 +14,15 @@ ActiveRecord::Schema.define(:version => 20081023040052) do
   create_table "users", :force => true do |t|
     t.datetime "created_at"
     t.datetime "updated_at"
-    t.integer  "login_count",      :default => 0, :null => false
     t.string   "login",                           :null => false
     t.string   "crypted_password"
     t.string   "password_salt"
     t.string   "remember_token"
     t.string   "first_name"
     t.string   "last_name"
+    t.integer  "login_count",      :default => 0, :null => false
+    t.datetime "last_request_at"
+    t.integer  "profile_views",    :default => 0, :null => false
   end
 
 end

data/test_app/test/fixtures/users.yml

@@ -6,3 +6,12 @@ ben:
   remember_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
   first_name: Ben
   last_name: Johnson
+  
+zack:
+  id: 2
+  login: zham
+  password_salt: <%= salt = User.unique_token %>
+  crypted_password: <%= Authgasm::Sha512CryptoProvider.encrypt("zackrocks" + salt) %>
+  remember_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
+  first_name: Zack
+  last_name: Ham

data/test_app/test/integration/user_sesion_stories_test.rb

@@ -17,8 +17,8 @@ class UserSessionStoriesTest < ActionController::IntegrationTest
     post account_url, {:user => {:login => "binarylogic", :password => "pass", :confirm_password => "pass", :first_name => "Ben", :last_name => "Johnson"}}
     assert_redirected_to account_url
     assert flash.key?(:notice)
-    
-    access_account(User.find(2))
+        
+    assert_account_access(User.last)
   end
   
   def test_login_process
@@ -29,9 +29,9 @@ class UserSessionStoriesTest < ActionController::IntegrationTest
     assert flash.key?(:notice)
     assert_template "user_sessions/new"
     
-    login_unsuccessfully
-    login_unsuccessfully("bjohnson", "badpassword")
-    login_successfully("bjohnson", "benrocks")
+    assert_unsuccessful_login
+    assert_unsuccessful_login("bjohnson", "badpassword")
+    assert_successful_login("bjohnson", "benrocks")
     
     # Try to log in again after a successful login
     get new_user_session_url
@@ -47,8 +47,8 @@ class UserSessionStoriesTest < ActionController::IntegrationTest
     assert flash.key?(:notice)
     assert_template "users/show"
     
-    access_account
-    logout(new_account_url) # before I tried to register, it stored my location
+    assert_account_access
+    assert_successful_logout(new_account_url) # before I tried to register, it stored my location
     
     # Try to access my account again
     get account_url
@@ -58,7 +58,7 @@ class UserSessionStoriesTest < ActionController::IntegrationTest
   
   def test_changing_password
     # Try logging in with correct credentials
-    login_successfully("bjohnson", "benrocks")
+    assert_successful_login("bjohnson", "benrocks")
     
     # Go to edit form
     get edit_account_path
@@ -71,15 +71,35 @@ class UserSessionStoriesTest < ActionController::IntegrationTest
     assert flash.key?(:notice)
     assert_template "users/show"
     
-    access_account
-    logout
+    assert_account_access
+    assert_successful_logout
     
     # Try to access my account again
     get account_url
     assert_redirected_to new_user_session_url
     assert flash.key?(:notice)
     
-    login_successfully("bjohnson", "sillywilly")
-    access_account
+    assert_successful_login("bjohnson", "sillywilly")
+    assert_account_access
+  end
+  
+  def test_updating_user_with_no_password_change
+    ben = users(:ben)
+    profile_views = ben.profile_views
+    assert_no_account_access
+    get user_url(ben)
+    ben.reload
+    assert ben.profile_views > profile_views
+    assert_no_account_access
+  end
+  
+  def test_updating_user_with_password_change
+    ben = users(:ben)
+    crypted_password = ben.crypted_password
+    assert_no_account_access
+    get reset_password_user_url(ben)
+    ben.reload
+    assert_not_equal crypted_password, ben.crypted_password
+    assert_account_access
   end
 end

data/test_app/test/integration/user_session_test.rb

@@ -26,7 +26,7 @@ class UserSessionTest < ActionController::IntegrationTest
   
   def test_find
     assert_equal nil, UserSession.find
-    login_successfully("bjohnson", "benrocks")
+    assert_successful_login("bjohnson", "benrocks")
     assert UserSession.find
   end
   
@@ -89,7 +89,7 @@ class UserSessionTest < ActionController::IntegrationTest
     assert_equal({:login => "ben", :password => "<Protected>"}, session.credentials)
     
     session = UserSession.new
-    assert_raise(ArgumentError) { session.credentials = {:login => "ben", :random_field => "test"} }
+    assert_nothing_raised { session.credentials = {:login => "ben", :random_field => "test"} }
     
     session = UserSession.new
     session.credentials = {:login => "ben", :password => "awesome"}
@@ -105,6 +105,9 @@ class UserSessionTest < ActionController::IntegrationTest
     # don't need to go crazy here since we are using ActiveRecord's error class, which has been thorough tested there
     session = UserSession.new
     assert !session.valid?
+    session.login = ""
+    session.password = ""
+    assert !session.valid?
     assert session.errors.on(:login)
     assert session.errors.on(:password)
   end
@@ -136,7 +139,7 @@ class UserSessionTest < ActionController::IntegrationTest
     session.save
     assert !session.new_session?
     
-    login_successfully("bjohnson", "benrocks")
+    assert_successful_login("bjohnson", "benrocks")
     session = UserSession.find
     assert !session.new_session?
   end

data/test_app/test/test_helper.rb

@@ -45,21 +45,32 @@ class ActionController::IntegrationTest
   end
   
   private
-    def login_successfully(login, password)
+    def assert_successful_login(login, password)
       post user_session_url, :user_session => {:login => login, :password => password}
       assert_redirected_to account_url
       follow_redirect!
       assert_template "users/show"
     end
   
-    def login_unsuccessfully(login = nil, password = nil)
+    def assert_unsuccessful_login(login = nil, password = nil)
       params = (login || password) ? {:user_session => {:login => login, :password => password}} : nil
       post user_session_url, params
       assert_template "user_sessions/new"
     end
+    
+    def assert_successful_logout(alt_redirect = nil)
+      redirecting_to = alt_redirect || new_user_session_url
+      delete user_session_url
+      assert_redirected_to redirecting_to # because I tried to access registration above, and it stored it
+      follow_redirect!
+      assert flash.key?(:notice)
+      assert_equal nil, session["user_credentials"]
+      assert_equal "", cookies["user_credentials"]
+      assert_template redirecting_to.gsub("http://www.example.com/", "").gsub("user_session", "user_sessions").gsub("account", "users")
+    end
   
-    def access_account(user = nil)
-      user ||= users(:ben)
+    def assert_account_access(user = nil)
+      user ||= users(:ben).reload
       # Perform multiple requests to make sure the session is persisting properly, just being anal here
       3.times do
         get account_url
@@ -69,15 +80,9 @@ class ActionController::IntegrationTest
         assert_template "users/show"
       end
     end
-  
-    def logout(alt_redirect = nil)
-      redirecting_to = alt_redirect || new_user_session_url
-      delete user_session_url
-      assert_redirected_to redirecting_to # because I tried to access registration above, and it stored it
-      follow_redirect!
-      assert flash.key?(:notice)
-      assert_equal nil, session["user_credentials"]
-      assert_equal "", cookies["user_credentials"]
-      assert_template redirecting_to.gsub("http://www.example.com/", "").gsub("user_session", "user_sessions").gsub("account", "users")
+    
+    def assert_no_account_access(alt_redirect = nil)
+      get account_url
+      assert_redirected_to alt_redirect || new_user_session_url
     end
 end

data/test_app/test/unit/user_test.rb

@@ -1,8 +1,80 @@
 require 'test_helper'
 
 class UserTest < ActiveSupport::TestCase
-  # Replace this with your real tests.
-  def test_truth
-    assert true
+  def test_validations
+    user = User.new
+    assert !user.valid?
+    assert user.errors.on(:login)
+    user.login = "^fds#%"
+    assert !user.valid?
+    assert user.errors.on(:login)
+    user.login = "bjohnson"
+    assert !user.valid?
+    assert user.errors.on(:login)
+    user.login = "unique"
+    assert !user.valid?
+    assert user.errors.on(:password)
+    user.password = "awesome"
+    assert !user.valid?
+    assert user.errors.on(:confirm_password)
+    user.confirm_password = "awesome"
+    assert user.valid?
+  end
+  
+  def test_unique_token
+    tokens = []
+    100.times { tokens << User.unique_token }
+    assert_equal 100, tokens.uniq.size
+  end
+  
+  def test_crypto_provider
+    assert_equal Authgasm::Sha512CryptoProvider, User.crypto_provider
+  end
+  
+  def test_forget_all
+    bens_token = users(:ben).remember_token
+    zacks_token = users(:zack).remember_token
+    User.forget_all!
+    assert_not_equal bens_token, users(:ben).reload.remember_token
+    assert_not_equal zacks_token, users(:zack).reload.remember_token
+  end
+  
+  def test_logged_in
+    ben = users(:ben)
+    assert !ben.logged_in?
+    ben.update_attribute(:last_request_at, Time.now)
+    assert ben.logged_in?
+  end
+  
+  def test_password
+    user = User.new
+    user.password = "test"
+    assert user.password_salt
+    assert_equal User.crypto_provider.encrypt("test" + user.password_salt), user.crypted_password
+    assert user.remember_token
+  end
+  
+  def test_valid_password
+    ben = users(:ben)
+    assert ben.valid_password?("benrocks")
+    assert ben.valid_password?(User.crypto_provider.encrypt("benrocks" + ben.password_salt))
+  end
+  
+  def test_forget
+    ben = users(:ben)
+    token = ben.remember_token
+    ben.forget!
+    ben.reload
+    assert_not_equal token, ben.remember_token
+  end
+  
+  def test_randomize_password
+    ben = users(:ben)
+    crypted_password = ben.crypted_password
+    password_salt = ben.password_salt
+    ben.randomize_password!
+    ben.reload
+    assert_not_equal crypted_password, ben.crypted_password
+    assert_not_equal password_salt, ben.password_salt
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: authgasm
 version: !ruby/object:Gem::Version 
-  version: 0.10.2
+  version: 0.10.3
 platform: ruby
 authors: 
 - Ben Johnson of Binary Logic
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-10-29 00:00:00 -04:00
+date: 2008-10-31 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency