authlogic 0.10.4

data/Rakefile

@@ -0,0 +1,15 @@
+require 'rubygems'
+require 'echoe'
+
+require File.dirname(__FILE__) << "/lib/authlogic/version"
+
+Echoe.new 'authlogic' do |p|
+  p.version = Authlogic::Version::STRING
+  p.author = "Ben Johnson of Binary Logic"
+  p.email  = 'bjohnson@binarylogic.com'
+  p.project = 'authlogic'
+  p.summary = "Rails authentication done right"
+  p.url = "http://github.com/binarylogic/authlogic"
+  p.dependencies = %w(activesupport activerecord)
+  p.include_rakefile = true
+end

data/authlogic.gemspec

@@ -0,0 +1,38 @@
+Gem::Specification.new do |s|
+  s.name = %q{authlogic}
+  s.version = "0.10.4"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Ben Johnson of Binary Logic"]
+  s.date = %q{2008-11-03}
+  s.description = %q{Rails authentication done right}
+  s.email = %q{bjohnson@binarylogic.com}
+  s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authlogic/active_record/acts_as_authentic.rb", "lib/authlogic/active_record/authenticates_many.rb", "lib/authlogic/active_record/scoped_session.rb", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/sha512_crypto_provider.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "README.rdoc"]
+  s.files = ["CHANGELOG.rdoc", "init.rb", "lib/authlogic/active_record/acts_as_authentic.rb", "lib/authlogic/active_record/authenticates_many.rb", "lib/authlogic/active_record/scoped_session.rb", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/sha512_crypto_provider.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "Manifest", "MIT-LICENSE", "Rakefile", "README.rdoc", "test_app/app/controllers/application.rb", "test_app/app/controllers/companies_controller.rb", "test_app/app/controllers/user_sessions_controller.rb", "test_app/app/controllers/users_controller.rb", "test_app/app/helpers/application_helper.rb", "test_app/app/helpers/companies_helper.rb", "test_app/app/helpers/user_sessions_helper.rb", "test_app/app/helpers/users_helper.rb", "test_app/app/models/company.rb", "test_app/app/models/project.rb", "test_app/app/models/user.rb", "test_app/app/models/user_session.rb", "test_app/app/views/layouts/application.html.erb", "test_app/app/views/user_sessions/new.html.erb", "test_app/app/views/users/_form.erb", "test_app/app/views/users/edit.html.erb", "test_app/app/views/users/new.html.erb", "test_app/app/views/users/show.html.erb", "test_app/config/boot.rb", "test_app/config/database.yml", "test_app/config/environment.rb", "test_app/config/environments/development.rb", "test_app/config/environments/production.rb", "test_app/config/environments/test.rb", "test_app/config/initializers/inflections.rb", "test_app/config/initializers/mime_types.rb", "test_app/config/initializers/new_rails_defaults.rb", "test_app/config/routes.rb", "test_app/db/development.sqlite3", "test_app/db/migrate/20081023040052_create_users.rb", "test_app/db/migrate/20081103003828_create_companies.rb", "test_app/db/migrate/20081103003834_create_projects.rb", "test_app/db/schema.rb", "test_app/db/test.sqlite3", "test_app/doc/README_FOR_APP", "test_app/public/404.html", "test_app/public/422.html", "test_app/public/500.html", "test_app/public/dispatch.cgi", "test_app/public/dispatch.fcgi", "test_app/public/dispatch.rb", "test_app/public/favicon.ico", "test_app/public/images/rails.png", "test_app/public/javascripts/application.js", "test_app/public/javascripts/controls.js", "test_app/public/javascripts/dragdrop.js", "test_app/public/javascripts/effects.js", "test_app/public/javascripts/prototype.js", "test_app/public/robots.txt", "test_app/public/stylesheets/scaffold.css", "test_app/Rakefile", "test_app/README", "test_app/script/about", "test_app/script/console", "test_app/script/dbconsole", "test_app/script/destroy", "test_app/script/generate", "test_app/script/performance/benchmarker", "test_app/script/performance/profiler", "test_app/script/performance/request", "test_app/script/plugin", "test_app/script/process/inspector", "test_app/script/process/reaper", "test_app/script/process/spawner", "test_app/script/runner", "test_app/script/server", "test_app/test/fixtures/companies.yml", "test_app/test/fixtures/projects.yml", "test_app/test/fixtures/users.yml", "test_app/test/functional/companies_controller_test.rb", "test_app/test/functional/user_sessions_controller_test.rb", "test_app/test/functional/users_controller_test.rb", "test_app/test/integration/company_user_session_stories_test.rb", "test_app/test/integration/user_sesion_stories_test.rb", "test_app/test/integration/user_session_config_test.rb", "test_app/test/integration/user_session_test.rb", "test_app/test/test_helper.rb", "test_app/test/unit/account_test.rb", "test_app/test/unit/company_test.rb", "test_app/test/unit/project_test.rb", "test_app/test/unit/user_test.rb", "authlogic.gemspec"]
+  s.has_rdoc = true
+  s.homepage = %q{http://github.com/binarylogic/authlogic}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Authlogic", "--main", "README.rdoc"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{authlogic}
+  s.rubygems_version = %q{1.2.0}
+  s.summary = %q{Rails authentication done right}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
+
+    if current_version >= 3 then
+      s.add_runtime_dependency(%q<activesupport>, [">= 0"])
+      s.add_runtime_dependency(%q<activerecord>, [">= 0"])
+      s.add_development_dependency(%q<echoe>, [">= 0"])
+    else
+      s.add_dependency(%q<activesupport>, [">= 0"])
+      s.add_dependency(%q<activerecord>, [">= 0"])
+      s.add_dependency(%q<echoe>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<activesupport>, [">= 0"])
+    s.add_dependency(%q<activerecord>, [">= 0"])
+    s.add_dependency(%q<echoe>, [">= 0"])
+  end
+end

data/init.rb

@@ -0,0 +1 @@
+require "authlogic"

data/lib/authlogic.rb

@@ -0,0 +1,25 @@
+require File.dirname(__FILE__) + "/authlogic/version"
+
+require File.dirname(__FILE__) + "/authlogic/controller_adapters/abstract_adapter"
+require File.dirname(__FILE__) + "/authlogic/controller_adapters/rails_adapter" if defined?(Rails)
+
+require File.dirname(__FILE__) + "/authlogic/sha512_crypto_provider"
+
+require File.dirname(__FILE__) + "/authlogic/active_record/acts_as_authentic"
+require File.dirname(__FILE__) + "/authlogic/active_record/authenticates_many"
+require File.dirname(__FILE__) + "/authlogic/active_record/scoped_session"
+
+require File.dirname(__FILE__) + "/authlogic/session/active_record_trickery"
+require File.dirname(__FILE__) + "/authlogic/session/callbacks"
+require File.dirname(__FILE__) + "/authlogic/session/config"
+require File.dirname(__FILE__) + "/authlogic/session/errors"
+require File.dirname(__FILE__) + "/authlogic/session/base"
+
+module Authlogic
+  module Session
+    class Base
+      include ActiveRecordTrickery
+      include Callbacks
+    end
+  end
+end

data/lib/authlogic/active_record/acts_as_authentic.rb

@@ -0,0 +1,265 @@
+module Authlogic
+  module ActiveRecord # :nodoc:
+    # = Acts As Authentic
+    # Provides and "acts_as" method to include in your models to help with authentication. See method below.
+    module ActsAsAuthentic
+        # Call this method in your model to add in basic authentication madness that your authlogic session expects.
+      #
+      # <b>Please keep in mind</b> that based on your configuration the method names could change. For example, if you pass the option:
+      #
+      #   :password_field => :pass
+      #
+      # The method will not be password=, it will be pass=. Same with valid_password?, it will be valid_pass?, etc.
+      #
+      # === Methods
+      # For example purposes lets assume you have a User model.
+      #
+      #   Class method name           Description
+      #   User.crypto_provider        The class that you set in your :crypto_provider option
+      #   User.forget_all!            Finds all records, loops through them, and calls forget! on each record. This is paginated to save on memory.
+      #   User.unique_token           returns unique token generated by your :crypto_provider
+      #
+      #   Named Scopes
+      #   User.logged_in              Find all users who are logged in, based on your :logged_in_timeout option.
+      #   User.logged_out             Same as above, but logged out.
+      #
+      #   Isntace method name
+      #   user.password=              Method name based on the :password_field option. This is used to set the password. Pass the *raw* password to this.
+      #   user.confirm_password=      Confirms the password, needed to change the password.
+      #   user.valid_password?(pass)  Determines if the password passed is valid. The password could be encrypted or raw.
+      #   user.reset_password!        Basically resets the password to a random password using only letters and numbers.
+      #   user.logged_in?             Based on the :logged_in_timeout option. Tells you if the user is logged in or not.
+      #   user.forget!                Changes their remember token, making their cookie and session invalid. A way to log the user out withouth changing their password.
+      #
+      # === Options
+      # * <tt>session_class:</tt> default: "#{name}Session", the related session class. Used so that you don't have to repeat yourself here. A lot of the configuration will be based off of the configuration values of this class.
+      # * <tt>crypto_provider:</tt> default: Authlogic::Sha512CryptoProvider, class that provides Sha512 encryption. What ultimately encrypts your password.
+      # * <tt>crypto_provider_type:</tt> default: options[:crypto_provider].respond_to?(:decrypt) ? :encryption : :hash. You can explicitly set this if you wish. Since encryptions and hashes are handled different this is the flag Authlogic uses.
+      # * <tt>login_field:</tt> default: options[:session_class].login_field, the name of the field used for logging in
+      # * <tt>login_field_type:</tt> default: options[:login_field] == :email ? :email : :login, tells authlogic how to validation the field, what regex to use, etc.
+      # * <tt>password_field:</tt> default: options[:session_class].password_field, the name of the field to set the password, *NOT* the field the encrypted password is stored
+      # * <tt>crypted_password_field:</tt> default: depends on which columns are present, checks: crypted_password, encrypted_password, password_hash, pw_hash, if none are present defaults to crypted_password. This is the name of column that your encrypted password is stored.
+      # * <tt>password_salt_field:</tt> default: depends on which columns are present, checks: password_salt, pw_salt, salt, if none are present defaults to password_salt. This is the name of the field your salt is stored, only relevant for a hash crypto provider.
+      # * <tt>remember_token_field:</tt> default: options[:session_class].remember_token_field, the name of the field your remember token is stored. What the cookie stores so the session can be "remembered"
+      # * <tt>scope:</tt> default: nil, if all of your users belong to an account you might want to scope everything to the account. Just pass :account_id
+      # * <tt>logged_in_timeout:</tt> default: 10.minutes, this allows you to specify a time the determines if a user is logged in or out. Useful if you want to count how many users are currently logged in.
+      # * <tt>session_ids:</tt> default: [nil], the sessions that we want to automatically reset when a user is created or updated so you don't have to worry about this. Set to [] to disable. Should be an array of ids. See Authlogic::Session::Base#initialize for information on ids. The order is important. The first id should be your main session, the session they need to log into first. This is generally nil, meaning so explicitly set id.
+      def acts_as_authentic(options = {})
+        # Setup default options
+        options[:session_class] ||= "#{name}Session".constantize
+        options[:crypto_provider] ||= Sha512CryptoProvider
+        options[:crypto_provider_type] ||= options[:crypto_provider].respond_to?(:decrypt) ? :encryption : :hash
+        options[:login_field] ||= options[:session_class].login_field
+        options[:login_field_type] ||= options[:login_field] == :email ? :email : :login
+        options[:password_field] ||= options[:session_class].password_field
+        options[:crypted_password_field] ||=
+          (column_names.include?("crypted_password") && :crypted_password) ||
+          (column_names.include?("encrypted_password") && :encrypted_password) ||
+          (column_names.include?("password_hash") && :password_hash) ||
+          (column_names.include?("pw_hash") && :pw_hash) ||
+          :crypted_password
+        options[:password_salt_field] ||= 
+          (column_names.include?("password_salt") && :password_salt) ||
+          (column_names.include?("pw_salt") && :pw_salt) ||
+          (column_names.include?("salt") && :salt) ||
+          :password_salt
+        options[:remember_token_field] ||= options[:session_class].remember_token_field
+        options[:logged_in_timeout] ||= 10.minutes
+        options[:session_ids] ||= [nil]
+      
+        # Validations
+        case options[:login_field_type]
+        when :email
+          validates_length_of options[:login_field], :within => 6..100
+          email_name_regex  = '[\w\.%\+\-]+'
+          domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
+          domain_tld_regex  = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'
+          email_regex       = /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
+          validates_format_of options[:login_field], :with => email_regex, :message => "should look like an email address."
+        else
+          validates_length_of options[:login_field], :within => 2..100
+          validates_format_of options[:login_field], :with => /\A\w[\w\.\-_@]+\z/, :message => "use only letters, numbers, and .-_@ please."
+        end
+      
+        validates_uniqueness_of options[:login_field], :scope => options[:scope]
+        validates_uniqueness_of options[:remember_token_field]
+        validate :validate_password
+        validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
+      
+        if column_names.include?("last_request_at")
+          named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", options[:logged_in_timeout].ago]} }
+          named_scope :logged_out, lambda { {:conditions => ["last_request_at <= ?", options[:logged_in_timeout].ago]} }
+        end
+      
+        before_save :get_session_information, :if => :update_sessions?
+        after_save :maintain_sessions!, :if => :update_sessions?
+      
+        # Attributes
+        attr_writer "confirm_#{options[:password_field]}"
+        attr_accessor "tried_to_set_#{options[:password_field]}"
+      
+        # Class methods
+        class_eval <<-"end_eval", __FILE__, __LINE__
+          def self.unique_token
+            crypto_provider.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
+          end
+        
+          def self.crypto_provider
+            #{options[:crypto_provider]}
+          end
+        
+          def self.forget_all!
+            # Paginate these to save on memory
+            records = nil
+            i = 0
+            begin
+              records = find(:all, :limit => 50, :offset => i)
+              records.each { |record| record.forget! }
+              i += 50
+            end while !records.blank?
+          end
+        end_eval
+      
+        # Instance methods
+        if column_names.include?("last_request_at")
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def logged_in?
+              !last_request_at.nil? && last_request_at > #{options[:logged_in_timeout].to_i}.seconds.ago
+            end
+          end_eval
+        end
+      
+        case options[:crypto_provider_type]
+        when :hash
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def #{options[:password_field]}=(pass)
+              return if pass.blank?
+              self.tried_to_set_#{options[:password_field]} = true
+              @#{options[:password_field]} = pass
+              self.#{options[:remember_token_field]} = self.class.unique_token
+              self.#{options[:password_salt_field]} = self.class.unique_token
+              self.#{options[:crypted_password_field]} = crypto_provider.encrypt(@#{options[:password_field]} + #{options[:password_salt_field]})
+            end
+          
+            def valid_#{options[:password_field]}?(attempted_password)
+              return false if attempted_password.blank?
+              attempted_password == #{options[:crypted_password_field]} || #{options[:crypted_password_field]} == crypto_provider.encrypt(attempted_password + #{options[:password_salt_field]})
+            end
+          end_eval
+        when :encryption
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def #{options[:password_field]}=(pass)
+              return if pass.blank?
+              self.tried_to_set_#{options[:password_field]} = true
+              @#{options[:password_field]} = pass
+              self.#{options[:remember_token_field]} = self.class.unique_token
+              self.#{options[:crypted_password_field]} = crypto_provider.encrypt(@#{options[:password_field]})
+            end
+        
+            def valid_#{options[:password_field]}?(attemtped_password)
+              return false if attempted_password.blank?
+              attempted_password == #{options[:crypted_password_field]} || #{options[:crypted_password_field]} = crypto_provider.decrypt(attempted_password)
+            end
+          end_eval
+        end
+      
+        class_eval <<-"end_eval", __FILE__, __LINE__
+          def #{options[:password_field]}; end
+          def confirm_#{options[:password_field]}; end
+        
+          def crypto_provider
+            self.class.crypto_provider
+          end
+        
+          def forget!
+            self.#{options[:remember_token_field]} = self.class.unique_token
+            save_without_session_maintenance(false)
+          end
+        
+          def reset_#{options[:password_field]}!
+            chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+            newpass = ""
+            1.upto(10) { |i| newpass << chars[rand(chars.size-1)] }
+            self.#{options[:password_field]} = newpass
+            self.confirm_#{options[:password_field]} = newpass
+            save_without_session_maintenance(false)
+          end
+          alias_method :randomize_password!, :reset_password!
+        
+          def save_without_session_maintenance(*args)
+            @skip_session_maintenance = true
+            result = save(*args)
+            @skip_session_maintenance = false
+            result
+          end
+        
+          protected
+            def update_sessions?
+              !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{options[:remember_token_field]}_changed?
+            end
+          
+            def get_session_information
+              # Need to determine if we are completely logged out, or logged in as another user
+              @_sessions = []
+              @_logged_out = true
+            
+              #{options[:session_ids].inspect}.each do |session_id|
+                session = #{options[:session_class]}.find(*[session_id].compact)
+                if session
+                  if !session.record.blank?
+                    @_logged_out = false
+                    @_sessions << session if session.record == self
+                  end
+                end
+              end
+            end
+          
+            def maintain_sessions!
+              if @_logged_out
+                create_session!
+              elsif !@_sessions.blank?
+                update_sessions!
+              end
+            end
+          
+            def create_session!
+              # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
+              # that need to be created after logging into the main session.
+              session_id = #{options[:session_ids].inspect}.first
+            
+              # If we are already logged in, ignore this completely. All that we care about is updating ourself.
+              next if #{options[:session_class]}.find(*[session_id].compact)
+                          
+              # Log me in
+              args = [self, session_id].compact
+              #{options[:session_class]}.create(*args)
+            end
+          
+            def update_sessions!
+              # We found sessions above, let's update them with the new info
+              @_sessions.each do |stale_session|
+                stale_session.unauthorized_record = self
+                stale_session.save
+              end
+            end
+          
+            def tried_to_set_password?
+              tried_to_set_password == true
+            end
+          
+            def validate_password
+              if new_record? || tried_to_set_#{options[:password_field]}?
+                if @#{options[:password_field]}.blank?
+                  errors.add(:#{options[:password_field]}, "can not be blank")
+                else
+                  errors.add(:confirm_#{options[:password_field]}, "did not match") if @confirm_#{options[:password_field]} != @#{options[:password_field]}
+                end
+              end
+            end
+        end_eval
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.extend Authlogic::ActiveRecord::ActsAsAuthentic

data/lib/authlogic/active_record/authenticates_many.rb

@@ -0,0 +1,19 @@
+module Authlogic
+  module ActiveRecord
+    module AuthenticatesMany
+      def authenticates_many(name, options = {})
+        options[:session_class] ||= name.to_s.classify.constantize
+        options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
+        class_eval <<-"end_eval", __FILE__, __LINE__
+          def #{name}
+            find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scope(:find)
+            find_options.delete_if { |key, value| ![:conditions, :include, :joins].include?(key.to_sym) || value.nil? }
+            @#{name} ||= Authlogic::ActiveRecord::ScopedSession.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
+          end
+        end_eval
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.extend Authlogic::ActiveRecord::AuthenticatesMany

data/lib/authlogic/active_record/scoped_session.rb

@@ -0,0 +1,28 @@
+module Authlogic
+  module ActiveRecord
+    class ScopedSession # :nodoc:
+      attr_accessor :klass, :find_options, :id
+      
+      def initialize(klass, find_options, id)
+        self.klass = klass
+        self.find_options = find_options
+        self.id = id
+      end
+      
+      [:create, :create!, :find, :new].each do |method|
+        class_eval <<-"end_eval", __FILE__, __LINE__
+          def #{method}(*args)
+            klass.with_scope(scope_options) do
+              klass.#{method}(*args)
+            end
+          end
+        end_eval
+      end
+      
+      private
+        def scope_options
+          {:find_options => find_options, :id => id}
+        end
+    end
+  end
+end

data/lib/authlogic/controller_adapters/abstract_adapter.rb

@@ -0,0 +1,25 @@
+module Authlogic
+  module ControllerAdapters # :nodoc:
+    # = Abstract Adapter
+    # Allows you to use Authlogic in any framework you want, not just rails. See tha RailsAdapter for an example of how to adapter Authlogic to work with your framework.
+    class AbstractAdapter
+      attr_accessor :controller
+      
+      def initialize(controller)
+        self.controller = controller
+      end
+      
+      def authenticate_with_http_basic(*args, &block)
+      end
+      
+      def cookies
+      end
+      
+      def request
+      end
+      
+      def session
+      end
+    end
+  end
+end

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -0,0 +1,39 @@
+module Authlogic
+  module ControllerAdapters
+    # = Rails Adapter
+    # Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object
+    # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
+    class RailsAdapter < AbstractAdapter
+      def authenticate_with_http_basic(*args, &block)
+        controller.authenticate_with_http_basic(*args, &block)
+      end
+      
+      def cookies
+        controller.send(:cookies)
+      end
+      
+      def request
+        controller.request
+      end
+      
+      def session
+        controller.session
+      end
+    end
+    
+    # = Rails Implementation
+    # Lets Authlogic know about the controller object, AKA "activates" authlogic.
+    module RailsImplementation
+      def self.included(klass) # :nodoc:
+        klass.prepend_before_filter :set_controller
+      end
+
+      private
+        def set_controller
+          Authlogic::Session::Base.controller = RailsAdapter.new(self)
+        end
+    end
+  end
+end
+
+ActionController::Base.send(:include, Authlogic::ControllerAdapters::RailsImplementation)