authlogic 0.10.4 → 1.0.0

data/lib/authlogic/active_record/authenticates_many.rb

@@ -1,6 +1,43 @@
 module Authlogic
   module ActiveRecord
+    # = Authenticates Many
+    #
+    # This allows you to scope your authentication. For example, let's say all users belong to an account, you want to make sure only users
+    # that belong to that account can actually login into that account. Simple, just do:
+    #
+    #   class Account < ActiveRecord::Base
+    #     authenticates_many :user_sessions
+    #   end
+    #
+    # Now you can scope sessions just like everything else in ActiveRecord:
+    #
+    #   @account.user_sessions.new(*args)
+    #   @account.user_sessions.create(*args)
+    #   @account.user_sessions.find(*args)
+    #   # ... etc
+    #
+    # For more information on scopes check out the scopes section in the README.
     module AuthenticatesMany
+      # Allows you set essentially set up a relationship with your sessions. See module definition above for more details.
+      #
+      # === Options
+      #
+      # * <tt>session_class:</tt> default: "#{name}Session",
+      #   This is the related session class.
+      #   
+      # * <tt>relationship_name:</tt> default: options[:session_class].klass_name.underscore.pluralize,
+      #   This is the name of the relationship you want to use to scope everything. For example an Account has many Users. There should be a relationship
+      #   called :users that you defined with a has_many. The reason we use the relationship is so you don't have to repeat yourself. The relatonship
+      #   could have all kinds of custom options. So instead of repeating yourself we essentially use the scope that the relationship creates.
+      #
+      # * <tt>find_options:</tt> default: nil,
+      #   By default the find options are created from the relationship you specify with :relationship_name. But if you want to override this and
+      #   manually specify find_options you can do it here. Specify options just as you would in ActiveRecord::Base.find.
+      #
+      # * <tt>scope_cookies:</tt> default: false
+      #   By the nature of cookies they scope theirself if you are using subdomains to access accounts. If you aren't using subdomains you need to have
+      #   separate cookies for each account, assuming a user is logging into mroe than one account. Authlogic can take care of this for you by
+      #   prefixing the name of the cookie and sessin with the model id. You just need to tell Authlogic to do this by passing this option.
       def authenticates_many(name, options = {})
         options[:session_class] ||= name.to_s.classify.constantize
         options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize

data/lib/authlogic/controller_adapters/abstract_adapter.rb

@@ -3,22 +3,20 @@ module Authlogic
     # = Abstract Adapter
     # Allows you to use Authlogic in any framework you want, not just rails. See tha RailsAdapter for an example of how to adapter Authlogic to work with your framework.
     class AbstractAdapter
-      attr_accessor :controller
-      
-      def initialize(controller)
-        self.controller = controller
-      end
-      
-      def authenticate_with_http_basic(*args, &block)
+      def authenticate_with_http_basic(&block)
+        black.call(nil, nil)
       end
       
       def cookies
+        {}
       end
       
       def request
+        nil
       end
       
       def session
+        {}
       end
     end
   end

data/lib/authlogic/controller_adapters/merb_adapter.rb

@@ -0,0 +1,55 @@
+module Authlogic
+  module ControllerAdapters
+    # = Merb Adapter
+    # Adapts authlogic to work with merb. The point is to close the gap between what authlogic expects and what the merb controller object
+    # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
+    class MerbAdapter < AbstractAdapter
+      attr_accessor :controller
+      
+      def initialize(controller)
+        self.controller = controller
+      end
+      
+      def authenticate_with_http_basic(&block)
+        @auth = Rack::Auth::Basic::Request.new(controller.request.env)
+        if @auth.provided? and @auth.basic?
+          black.call(*@auth.credentials)
+        else
+          false
+        end
+      end
+      
+      def cookies
+        controller.cookies
+      end
+      
+      def request
+        controller.request
+      end
+      
+      def session
+        controller.session
+      end
+      
+      # = Merb Implementation
+      # Lets Authlogic know about the controller object, AKA "activates" authlogic.
+      module MerbImplementation
+        def self.included(klass) # :nodoc:
+          klass.before :activate_authlogic
+        end
+
+        private
+          def activate_authlogic
+            Authlogic::Session::Base.controller = MerbAdapter.new(self)
+          end
+      end
+    end
+  end
+end
+ 
+# make sure we're running inside Merb
+if defined?(Merb::Plugins)
+  Merb::BootLoader.before_app_loads do
+    Merb::Controller.send(:include, Authlogic::ControllerAdapters::MerbAdapter::MerbImplementation)
+  end
+end

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -4,8 +4,14 @@ module Authlogic
     # Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object
     # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
     class RailsAdapter < AbstractAdapter
-      def authenticate_with_http_basic(*args, &block)
-        controller.authenticate_with_http_basic(*args, &block)
+      attr_accessor :controller
+      
+      def initialize(controller)
+        self.controller = controller
+      end
+      
+      def authenticate_with_http_basic(&block)
+        controller.authenticate_with_http_basic(&block)
       end
       
       def cookies
@@ -19,21 +25,21 @@ module Authlogic
       def session
         controller.session
       end
-    end
-    
-    # = Rails Implementation
-    # Lets Authlogic know about the controller object, AKA "activates" authlogic.
-    module RailsImplementation
-      def self.included(klass) # :nodoc:
-        klass.prepend_before_filter :set_controller
-      end
-
-      private
-        def set_controller
-          Authlogic::Session::Base.controller = RailsAdapter.new(self)
+      
+      # = Rails Implementation
+      # Lets Authlogic know about the controller object, AKA "activates" authlogic.
+      module RailsImplementation
+        def self.included(klass) # :nodoc:
+          klass.prepend_before_filter :activate_authlogic
         end
+
+        private
+          def activate_authlogic
+            Authlogic::Session::Base.controller = RailsAdapter.new(self)
+          end
+      end
     end
   end
 end
 
-ActionController::Base.send(:include, Authlogic::ControllerAdapters::RailsImplementation)
+ActionController::Base.send(:include, Authlogic::ControllerAdapters::RailsAdapter::RailsImplementation)

data/lib/authlogic/session/base.rb

@@ -22,6 +22,10 @@ module Authlogic
           controllers[Thread.current]
         end
         
+        def reset_controllers!
+          @@controllers = {}
+        end
+        
         # A convenince method. The same as:
         #
         #   session = UserSession.new
@@ -70,77 +74,15 @@ module Authlogic
             end
         end
         
-        # The current scope set, should be used in the block passed to with_scope.
-        def scope
-          scopes[Thread.current]
-        end
-        
-        # Authentication can be scoped, but scoping authentication can get a little tricky. Checkout the section "Scoping" in the readme for more details.
-        #
-        # What with_scopes focuses on is scoping the query when finding the object and the name of the cookies.
-        #
-        # with_scope accepts a hash with any of the following options:
-        #
-        # * <tt>find_options:</tt> any options you can pass into ActiveRecord::Base.find. This is used when trying to find the record.
-        # * <tt>id:</tt> see the id method above
-        #
-        # So you use it just like an ActiveRecord scope, essentially:
-        #
-        #   UserSession.with_scope(:find_options => {:conditions => "account_id = 2"}, :id => "account_2") do
-        #     UserSession.find
-        #   end
-        #
-        # Eseentially what the above does is scope the searching of the object with the sql you provided. So instead of:
-        #
-        #   User.find(:first, :conditions => "login = 'ben'")
-        #
-        # it would be:
-        #
-        #   User.find(:first, :conditions => "login = 'ben' and account_id = 2")
-        #
-        # You will also notice the :id option. This works just like the id method. It scopes your cookies. So the name of your cookie will be:
-        #
-        #   account_2_user_credentials
-        #
-        # instead of:
-        #
-        #   user_credentials
-        #
-        # What is also nifty about scoping with an :id is that it merges your id's. So if you do:
-        #
-        #   UserSession.with_scope(:find_options => {:conditions => "account_id = 2"}, :id => "account_2") do
-        #     session = UserSession.new
-        #     session.id = :secure
-        #   end
-        #
-        # The name of your cookies will be:
-        #
-        #   secure_account_2_user_credentials
-        def with_scope(options = {}, &block)
-          raise ArgumentError.new("You must provide a block") unless block_given?
-          self.scope = options
-          result = yield
-          self.scope = nil
-          result
-        end
-        
         private
           def controllers
             @@controllers ||= {}
           end
-          
-          def scope=(value)
-            scopes[Thread.current] = value
-          end
-          
-          def scopes
-            @scopes ||= {}
-          end
       end
     
       attr_accessor :login_with, :new_session
       attr_reader :record, :unauthorized_record
-      attr_writer :id, :scope
+      attr_writer :id
     
       # You can initialize a session by doing any of the following:
       #
@@ -163,22 +105,18 @@ module Authlogic
         
         create_configurable_methods!
         
-        self.scope = self.class.scope
         self.id = args.pop if args.last.is_a?(Symbol)
         
-        case args.size
-        when 1
-          credentials_or_record = args.first
-          case credentials_or_record
-          when Hash
-            self.credentials = credentials_or_record
-          else
-            self.unauthorized_record = credentials_or_record
-          end
-        else
+        case args.first
+        when Hash
+          self.credentials = args.first
+        when String
           send("#{login_field}=", args[0]) if args.size > 0
           send("#{password_field}=", args[1]) if args.size > 1
           self.remember_me = args[2] if args.size > 2
+        else
+          self.unauthorized_record = args.first
+          self.remember_me = args[1] if args.size > 1
         end
       end
       
@@ -294,11 +232,6 @@ module Authlogic
         remember_me_for.from_now
       end
       
-      # See the class level with_scope method on information on scopes. with_scope essentialls sets this scope with the options passed and unsets it after the block executes.
-      def scope
-        @scope ||= {}
-      end
-      
       # Creates / updates a new user session for you. It does all of the magic:
       #
       # 1. validates
@@ -313,7 +246,7 @@ module Authlogic
             :expires => remember_me_until
           }
           
-          record.login_count = record.login_count + 1 if record.respond_to?(:login_count)
+          record.login_count = (record.login_count.blank? ? 1 : record.login_count + 1) if record.respond_to?(:login_count)
           
           if record.respond_to?(:current_login_at)
             record.last_login_at = record.current_login_at if record.respond_to?(:last_login_at)
@@ -350,11 +283,12 @@ module Authlogic
       # you will not have a record.
       def valid?
         errors.clear
-        temp_record = validate_credentials
-        if errors.empty?
-          @record = temp_record
-          return true
+        if valid_credentials?
+          validate
+          return true if errors.empty?
         end
+        
+        self.record = nil
         false
       end
       
@@ -362,11 +296,12 @@ module Authlogic
       def valid_http_auth?
         controller.authenticate_with_http_basic do |login, password|
           if !login.blank? && !password.blank?
-            send("#{login_method}=", login)
-            send("#{password_method}=", password)
+            send("#{login_field}=", login)
+            send("#{password_field}=", password)
             result = valid?
             if result
               update_session!
+              self.new_session = false
               return result
             end
           end
@@ -404,6 +339,10 @@ module Authlogic
         false
       end
       
+      # Overwite this method to add your own validation, or use callbacks: before_validation, after_validation
+      def validate
+      end
+      
       private
         def controller
           self.class.controller
@@ -439,12 +378,6 @@ module Authlogic
           end_eval
         end
         
-        def search_for_record(method, value)
-          klass.send(:with_scope, :find => (scope[:find_options] || {})) do
-            klass.send(method, value)
-          end
-        end
-        
         def klass
           self.class.klass
         end
@@ -453,6 +386,18 @@ module Authlogic
           self.class.klass_name
         end
         
+        def record=(value)
+          @record = value
+        end
+        
+        def search_for_record(method, value)
+          begin
+            klass.send(method, value)
+          rescue Exception
+            raise method.inspect + "     " + value.inspect
+          end
+        end
+        
         def session_credentials
           controller.session[session_key]
         end
@@ -461,49 +406,52 @@ module Authlogic
           controller.session[session_key] = record && record.send(remember_token_field)
         end
         
-        def validate_credentials
-          temp_record = unauthorized_record
-
+        def valid_credentials?
+          unchecked_record = nil
+          
           case login_with
           when :credentials
             errors.add(login_field, "can not be blank") if send(login_field).blank?
             errors.add(password_field, "can not be blank") if send("protected_#{password_field}").blank?
-            return if errors.count > 0
-
-            temp_record = search_for_record(find_by_login_method, send(login_field))
-
-            if temp_record.blank?
+            return false if errors.count > 0
+            
+            unchecked_record = search_for_record(find_by_login_method, send(login_field))
+            
+            if unchecked_record.blank?
               errors.add(login_field, "was not found")
-              return
+              return false
             end
-
-            unless temp_record.send(verify_password_method, send("protected_#{password_field}"))
+            
+            unless unchecked_record.send(verify_password_method, send("protected_#{password_field}"))
               errors.add(password_field, "is invalid")
-              return
+              return false
             end
           when :unauthorized_record
-            if temp_record.blank?
-              errors.add_to_base("You can not log in with a blank record.")
-              return
+            unchecked_record = unauthorized_record
+            
+            if unchecked_record.blank?
+              errors.add_to_base("The record could not be found and did not match the requirements.")
+              return false
             end
-
-            if temp_record.new_record?
-              errors.add_to_base("You can not login with a new record.") if temp_record.new_record?
-              return
+            
+            if unchecked_record.new_record?
+              errors.add_to_base("You can not login with a new record.")
+              return false
             end
           else
             errors.add_to_base("You must provide some form of credentials before logging in.")
-            return
+            return false
           end
-
+          
           [:active, :approved, :confirmed].each do |required_status|
-            if temp_record.respond_to?("#{required_status}?") && !temp_record.send("#{required_status}?") 
+            if unchecked_record.respond_to?("#{required_status}?") && !unchecked_record.send("#{required_status}?") 
               errors.add_to_base("Your account has not been marked as #{required_status}")       
-              return
+              return false
             end
           end
           
-          temp_record
+          self.record = unchecked_record
+          true
         end
     end
   end