authlogic 0.10.4 → 1.0.0

data/lib/authlogic/session/callbacks.rb

@@ -7,7 +7,7 @@ module Authlogic
       CALLBACKS = %w(before_create after_create before_destroy after_destroy before_save after_save before_update after_update before_validation after_validation)
 
       def self.included(base) #:nodoc:
-        [:destroy, :save, :valid?, :validate_credentials].each do |method|
+        [:destroy, :save, :validate].each do |method|
           base.send :alias_method_chain, method, :callbacks
         end
 
@@ -15,41 +15,57 @@ module Authlogic
         base.define_callbacks *CALLBACKS
       end
       
-      def destroy_with_callbacks # :nodoc:
+      # Run the following callbacks:
+      #
+      #   before_destroy
+      #   destroy
+      #   after_destroy # only if destroy is successful
+      def destroy_with_callbacks
         run_callbacks(:before_destroy)
         result = destroy_without_callbacks
         run_callbacks(:after_destroy) if result
         result
       end
       
-      def save_with_callbacks # :nodoc:
+      # Runs the following callbacks:
+      #
+      #   before_save
+      #   before_create # only if new_session? == true
+      #   before_update # only if new_session? == false
+      #   save
+      #   # the following are only run is save is successful
+      #   after_save
+      #   before_update # only if new_session? == false
+      #   before_create # only if new_session? == true
+      def save_with_callbacks
+        run_callbacks(:before_save)
         if new_session?
           run_callbacks(:before_create)
         else
           run_callbacks(:before_update)
         end
-        run_callbacks(:before_save)
         result = save_without_callbacks
         if result
+          run_callbacks(:after_save)
+          
           if new_session?
             run_callbacks(:after_create)
           else
             run_callbacks(:after_update)
           end
-          run_callbacks(:after_save)
         end
         result
       end
       
-      def valid_with_callbacks?
-        result = valid_without_callbacks?
-        run_callbacks(:after_validation) if result
-        result
-      end
-      
-      def validate_credentials_with_callbacks # :nodoc:
+      # Runs the following callbacks:
+      #
+      #   before_validation
+      #   validate
+      #   after_validation # only if errors.empty?
+      def validate_with_callbacks
         run_callbacks(:before_validation)
-        validate_credentials_without_callbacks
+        validate_without_callbacks
+        run_callbacks(:after_validation) if errors.empty?
       end
     end
   end

data/lib/authlogic/session/config.rb

@@ -22,6 +22,10 @@ module Authlogic
       #     # ... more configuration
       #   end
       #
+      # You can also access the values in the same fashion:
+      #
+      #   UserSession.authenticate_with
+      #
       # See the methods belows for all configuration options.
       module ClassMethods
         # Lets you change which model to use for authentication.
@@ -84,7 +88,7 @@ module Authlogic
             read_inheritable_attribute(:find_with) || find_with(:session, :cookie, :http_auth)
           else
             values.flatten!
-            write_inheritable_array(:find_with, values)
+            write_inheritable_attribute(:find_with, values)
           end
         end
         alias_method :find_with=, :find_with

data/lib/authlogic/session/scopes.rb

@@ -0,0 +1,101 @@
+module Authlogic
+  module Session
+    # = Scopes
+    #
+    # Authentication can be scoped, but scoping authentication can get a little tricky. Checkout the section "Scoping" in the readme for more details.
+    #
+    # What with_scopes focuses on is scoping the query when finding the object and the name of the cookie / session. It works very similar to
+    # ActiveRecord::Base#with_scopes. It accepts a hash with any of the following options:
+    #
+    # * <tt>find_options:</tt> any options you can pass into ActiveRecord::Base.find. This is used when trying to find the record.
+    # * <tt>id:</tt> The id of the session, this gets merged with the real id. For information ids see the id method.
+    #
+    # Here is how you use it:
+    #
+    #   UserSession.with_scope(:find_options => {:conditions => "account_id = 2"}, :id => "account_2") do
+    #     UserSession.find
+    #   end
+    #
+    # Eseentially what the above does is scope the searching of the object with the sql you provided. So instead of:
+    #
+    #   User.find(:first, :conditions => "login = 'ben'")
+    #
+    # it would be:
+    #
+    #   User.find(:first, :conditions => "login = 'ben' and account_id = 2")
+    #
+    # You will also notice the :id option. This works just like the id method. It scopes your cookies. So the name of your cookie will be:
+    #
+    #   account_2_user_credentials
+    #
+    # instead of:
+    #
+    #   user_credentials
+    #
+    # What is also nifty about scoping with an :id is that it merges your id's. So if you do:
+    #
+    #   UserSession.with_scope(:find_options => {:conditions => "account_id = 2"}, :id => "account_2") do
+    #     session = UserSession.new
+    #     session.id = :secure
+    #   end
+    #
+    # The name of your cookies will be:
+    #
+    #   secure_account_2_user_credentials
+    module Scopes # :nodoc:
+      def self.included(klass)
+        klass.extend(ClassMethods)
+        klass.send(:include, InstanceMethods)
+        klass.class_eval do
+          attr_writer :scope
+          alias_method_chain :initialize, :scopes
+          alias_method_chain :search_for_record, :scopes
+        end
+      end
+      
+      # = Scopes
+      module ClassMethods
+        # The current scope set, should be used in the block passed to with_scope.
+        def scope
+          scopes[Thread.current]
+        end
+        
+        # See the documentation for this class for more information on how to use this method.
+        def with_scope(options = {}, &block)
+          raise ArgumentError.new("You must provide a block") unless block_given?
+          self.scope = options
+          result = yield
+          self.scope = nil
+          result
+        end
+        
+        private
+          def scope=(value)
+            scopes[Thread.current] = value
+          end
+          
+          def scopes
+            @scopes ||= {}
+          end
+      end
+      
+      module InstanceMethods
+        def initialize_with_scopes(*args) # :nodoc:
+          self.scope = self.class.scope
+          initialize_without_scopes(*args)
+        end
+        
+        # See the documentation for this class for more information on how to use this method.
+        def scope
+          @scope ||= {}
+        end
+        
+        def search_for_record_with_scopes(*args) # :nodoc:
+          klass.send(:with_scope, :find => (scope[:find_options] || {})) do
+            search_for_record_without_scopes(*args)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/version.rb

@@ -42,9 +42,9 @@ module Authlogic # :nodoc:
       [@major, @minor, @tiny]
     end
 
-    MAJOR = 0
-    MINOR = 10
-    TINY  = 4
+    MAJOR = 1
+    MINOR = 0
+    TINY  = 0
 
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/test/active_record_acts_as_authentic_test.rb

@@ -0,0 +1,213 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class ActiveRecordActsAsAuthenticTest < ActiveSupport::TestCase
+  def test_user_validations
+    user = User.new
+    assert !user.valid?
+    assert user.errors.on(:login)
+    assert user.errors.on(:password)
+    
+    user.login = "a"
+    assert !user.valid?
+    assert user.errors.on(:login)
+    assert user.errors.on(:password)
+    
+    user.login = "%ben*"
+    assert !user.valid?
+    assert user.errors.on(:login)
+    assert user.errors.on(:password)
+    
+    user.login = "bjohnson"
+    assert !user.valid?
+    assert user.errors.on(:login)
+    assert user.errors.on(:password)
+    
+    user.login = "my login"
+    assert !user.valid?
+    assert !user.errors.on(:login)
+    assert user.errors.on(:password)
+    
+    user.password = "my pass"
+    assert !user.valid?
+    assert !user.errors.on(:password)
+    assert user.errors.on(:confirm_password)
+    
+    user.confirm_password = "my pizass"
+    assert !user.valid?
+    assert !user.errors.on(:password)
+    assert user.errors.on(:confirm_password)
+    
+    user.confirm_password = "my pass"
+    assert user.valid?
+  end
+  
+  def test_employee_validations
+    employee = Employee.new
+    employee.password = "pass"
+    employee.confirm_password = "pass"
+    
+    assert !employee.valid?
+    assert employee.errors.on(:email)
+    
+    employee.email = "fdsf"
+    assert !employee.valid?
+    assert employee.errors.on(:email)
+    
+    employee.email = "fake@email.fake"
+    assert !employee.valid?
+    assert employee.errors.on(:email)
+    
+    employee.email = "notfake@email.com"
+    assert employee.valid?
+  end
+  
+  def test_named_scopes
+    assert_equal 0, User.logged_in.count
+    assert_equal User.count, User.logged_out.count
+    http_basic_auth_for(users(:ben)) { UserSession.find }
+    assert_equal 1, User.logged_in.count
+    assert_equal User.count - 1, User.logged_out.count
+  end
+  
+  def test_unique_token
+    assert_equal 128, User.unique_token.length
+    assert_equal 128, Employee.unique_token.length # make sure encryptions use hashes also
+    
+    unique_tokens = []
+    1000.times { unique_tokens << User.unique_token }
+    unique_tokens.uniq!
+    
+    assert_equal 1000, unique_tokens.size
+  end
+  
+  def test_crypto_provider
+    assert_equal Authlogic::Sha512CryptoProvider, User.crypto_provider
+    assert_equal AES128CryptoProvider, Employee.crypto_provider
+  end
+  
+  def test_forget_all
+    http_basic_auth_for(users(:ben)) { UserSession.find }
+    http_basic_auth_for(users(:zack)) { UserSession.find(:ziggity_zack) }
+    assert UserSession.find
+    assert UserSession.find(:ziggity_zack)
+    User.forget_all!
+    assert !UserSession.find
+    assert !UserSession.find(:ziggity_zack)
+  end
+  
+  def test_logged_in
+    ben = users(:ben)
+    assert !ben.logged_in?
+    http_basic_auth_for(ben) { UserSession.find }
+    assert ben.reload.logged_in?
+  end
+  
+  def test_password
+    user = User.new
+    user.password = "sillywilly"
+    assert user.crypted_password
+    assert user.password_salt
+    assert user.remember_token
+    assert_equal true, user.tried_to_set_password
+    assert_equal nil, user.password
+    
+    employee = Employee.new
+    employee.password = "awesome"
+    assert employee.crypted_password
+    assert employee.remember_token
+    assert_equal true, employee.tried_to_set_password
+    assert_equal nil, employee.password
+  end
+  
+  def test_valid_password
+    ben = users(:ben)
+    assert ben.valid_password?("benrocks")
+    assert ben.valid_password?(ben.crypted_password)
+    
+    drew = employees(:drew)
+    assert drew.valid_password?("drewrocks")
+    assert drew.valid_password?(drew.crypted_password)
+  end
+  
+  def test_forget
+    ben = users(:ben)
+    zack = users(:zack)
+    http_basic_auth_for(ben) { UserSession.find }
+    http_basic_auth_for(zack) { UserSession.find(:ziggity_zack) }
+    
+    assert ben.reload.logged_in?
+    assert zack.reload.logged_in?
+    
+    ben.forget!
+    
+    assert !UserSession.find
+    assert UserSession.find(:ziggity_zack)
+  end
+  
+  def test_reset_password
+    ben = users(:ben)
+    UserSession.create(ben)
+    old_password = ben.crypted_password
+    old_salt = ben.password_salt
+    old_remember_token = ben.remember_token
+    ben.reset_password!
+    ben.reload
+    assert_not_equal old_password, ben.crypted_password
+    assert_not_equal old_salt, ben.password_salt
+    assert_not_equal old_remember_token, ben.remember_token
+    assert !UserSession.find
+  end
+  
+  def test_login_after_create
+    assert User.create(:login => "awesome", :password => "saweet", :confirm_password => "saweet")
+    assert UserSession.find
+  end
+  
+  def test_update_session_after_password_modify
+    ben = users(:ben)
+    UserSession.create(ben)
+    old_session_key = @controller.session["user_credentials"]
+    old_cookie_key = @controller.cookies["user_credentials"]
+    ben.password = "newpass"
+    ben.confirm_password = "newpass"
+    ben.save
+    assert @controller.session["user_credentials"]
+    assert @controller.cookies["user_credentials"]
+    assert_not_equal @controller.session["user_credentials"], old_session_key
+    assert_not_equal @controller.cookies["user_credentials"], old_cookie_key
+  end
+  
+  def test_no_session_update_after_modify
+    ben = users(:ben)
+    UserSession.create(ben)
+    old_session_key = @controller.session["user_credentials"]
+    old_cookie_key = @controller.cookies["user_credentials"]
+    ben.first_name = "Ben"
+    ben.save
+    assert_equal @controller.session["user_credentials"], old_session_key
+    assert_equal @controller.cookies["user_credentials"], old_cookie_key
+  end
+  
+  def test_updating_other_user
+    ben = users(:ben)
+    UserSession.create(ben)
+    old_session_key = @controller.session["user_credentials"]
+    old_cookie_key = @controller.cookies["user_credentials"]
+    zack = users(:zack)
+    zack.password = "newpass"
+    zack.confirm_password = "newpass"
+    zack.save
+    assert_equal @controller.session["user_credentials"], old_session_key
+    assert_equal @controller.cookies["user_credentials"], old_cookie_key
+  end
+  
+  def test_resetting_password_when_logged_out
+    ben = users(:ben)
+    assert !UserSession.find
+    ben.password = "newpass"
+    ben.confirm_password = "newpass"
+    ben.save
+    assert UserSession.find
+    assert_equal ben, UserSession.find.record
+  end
+end

data/test/active_record_authenticates_many_test.rb

@@ -0,0 +1,28 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class ActiveRecordAuthenticatesManyTest < ActiveSupport::TestCase
+  def test_authenticates_many_new
+    binary_logic = companies(:binary_logic)
+    user_session = binary_logic.user_sessions.new
+    assert_equal({:find_options => {:conditions => "\"users\".company_id = #{binary_logic.id}"}, :id => nil}, user_session.scope)
+    
+    employee_session = binary_logic.employee_sessions.new
+    assert_equal({:find_options => {:conditions => "\"employees\".company_id = #{binary_logic.id}"}, :id => nil}, employee_session.scope)
+  end
+  
+  def test_authenticates_many_create_and_find
+    binary_logic = companies(:binary_logic)
+    logic_over_data = companies(:logic_over_data)
+    ben = users(:ben)
+    zack = users(:zack)
+    
+    assert !binary_logic.user_sessions.find
+    assert !logic_over_data.user_sessions.find
+    assert logic_over_data.user_sessions.create(zack)
+    assert !binary_logic.user_sessions.find
+    assert logic_over_data.user_sessions.find
+    assert binary_logic.user_sessions.create(ben)
+    assert binary_logic.user_sessions.find
+    assert !logic_over_data.user_sessions.find
+  end
+end