authlogic 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of authlogic might be problematic. Click here for more details.
- data/CHANGELOG.rdoc +19 -0
- data/Manifest +29 -15
- data/README.rdoc +17 -15
- data/Rakefile +1 -1
- data/authlogic.gemspec +7 -7
- data/lib/authlogic.rb +21 -4
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +19 -4
- data/lib/authlogic/controller_adapters/merb_adapter.rb +0 -27
- data/lib/authlogic/controller_adapters/rails_adapter.rb +0 -14
- data/lib/authlogic/crypto_providers/sha1.rb +24 -0
- data/lib/authlogic/crypto_providers/sha512.rb +30 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb +89 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb +144 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb +41 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb +62 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb +83 -0
- data/lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb +58 -0
- data/lib/authlogic/{active_record/scoped_session.rb → session/authenticates_many_association.rb} +12 -3
- data/lib/authlogic/session/base.rb +63 -93
- data/lib/authlogic/session/callbacks.rb +15 -3
- data/lib/authlogic/session/config.rb +130 -26
- data/lib/authlogic/session/cookies.rb +39 -0
- data/lib/authlogic/session/openid.rb +106 -0
- data/lib/authlogic/session/params.rb +28 -0
- data/lib/authlogic/session/session.rb +33 -0
- data/lib/authlogic/testing/shoulda_macros.rb +17 -0
- data/lib/authlogic/version.rb +1 -1
- data/test/fixtures/users.yml +2 -2
- data/{test_libs → test/libs}/aes128_crypto_provider.rb +0 -0
- data/{test_libs → test/libs}/mock_controller.rb +7 -0
- data/{test_libs → test/libs}/mock_cookie_jar.rb +0 -0
- data/{test_libs → test/libs}/mock_request.rb +0 -0
- data/{test_libs → test/libs}/ordered_hash.rb +0 -0
- data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb +217 -0
- data/test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb +32 -0
- data/test/session_tests/active_record_trickery_test.rb +14 -0
- data/test/session_tests/authenticates_many_association_test.rb +20 -0
- data/test/session_tests/base_test.rb +264 -0
- data/test/session_tests/config_test.rb +165 -0
- data/test/session_tests/cookies_test.rb +32 -0
- data/test/session_tests/params_test.rb +16 -0
- data/test/session_tests/scopes_test.rb +60 -0
- data/test/session_tests/session_test.rb +45 -0
- data/test/test_helper.rb +14 -5
- metadata +57 -29
- data/lib/authlogic/active_record/acts_as_authentic.rb +0 -297
- data/lib/authlogic/active_record/authenticates_many.rb +0 -56
- data/lib/authlogic/sha512_crypto_provider.rb +0 -18
- data/test/active_record_acts_as_authentic_test.rb +0 -213
- data/test/active_record_authenticates_many_test.rb +0 -28
- data/test/user_session_active_record_trickery_test.rb +0 -12
- data/test/user_session_base_test.rb +0 -316
- data/test/user_session_config_test.rb +0 -144
- data/test/user_session_scopes_test.rb +0 -19
data/CHANGELOG.rdoc
CHANGED
@@ -1,3 +1,22 @@
|
|
1
|
+
== 1.1.0 released 2008-11-05
|
2
|
+
|
3
|
+
* Moved Rack standards into abstract_adapter for the controllers.
|
4
|
+
* Added authenticating_with_credentials?, authenticating_with_unauthorized_record?
|
5
|
+
* Fixed typo in abstract_adapter, black to block.
|
6
|
+
* Cleaned up / reorganized tests.
|
7
|
+
* Moved ActiveRecord additions to ORM Adapters name space to make way for Data Mapper.
|
8
|
+
* Reorganized and modified acts_as_authentic to be free standing and not get info from the related session.
|
9
|
+
* The session now gets its configuration from the model, since determining which fields are present is ORM specific.
|
10
|
+
* Extracted session and cookie logic into their own modules.
|
11
|
+
* Moved crypto providers into their own module and added a Sha1 provider to help with the restful_authentication transition.
|
12
|
+
* Allow the unique_token method to use the alternate crypto_provider if it is a hash algorithm, otherwise default to Sha512.
|
13
|
+
* Added last_request_at_threshold configuration option.
|
14
|
+
* Changed Scoped class to AuthenticatesManyAssociation, like AR has HasManyAssociation, etc.
|
15
|
+
* Added should_be_authentic shoulda macro.
|
16
|
+
* Removed some magic from how sessions are initialized. See the initialize documentation, this method is a little more structured now, which was required for adding in openid.
|
17
|
+
* Added in logging via a params token, which is friendly for feed URLs. Works just like cookies and sessions when persisting the session.
|
18
|
+
* Added the option to use session.user, instead of session.record. This is based off of what model your session is authenticating with.
|
19
|
+
|
1
20
|
== 1.0.0 released 2008-11-05
|
2
21
|
|
3
22
|
* Checked for blank login counts, if a default wasnt set in the migrations.
|
data/Manifest
CHANGED
@@ -1,37 +1,51 @@
|
|
1
1
|
CHANGELOG.rdoc
|
2
2
|
init.rb
|
3
|
-
lib/authlogic/active_record/acts_as_authentic.rb
|
4
|
-
lib/authlogic/active_record/authenticates_many.rb
|
5
|
-
lib/authlogic/active_record/scoped_session.rb
|
6
3
|
lib/authlogic/controller_adapters/abstract_adapter.rb
|
7
4
|
lib/authlogic/controller_adapters/merb_adapter.rb
|
8
5
|
lib/authlogic/controller_adapters/rails_adapter.rb
|
6
|
+
lib/authlogic/crypto_providers/sha1.rb
|
7
|
+
lib/authlogic/crypto_providers/sha512.rb
|
8
|
+
lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb
|
9
|
+
lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb
|
10
|
+
lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb
|
11
|
+
lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb
|
12
|
+
lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb
|
13
|
+
lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb
|
9
14
|
lib/authlogic/session/active_record_trickery.rb
|
15
|
+
lib/authlogic/session/authenticates_many_association.rb
|
10
16
|
lib/authlogic/session/base.rb
|
11
17
|
lib/authlogic/session/callbacks.rb
|
12
18
|
lib/authlogic/session/config.rb
|
19
|
+
lib/authlogic/session/cookies.rb
|
13
20
|
lib/authlogic/session/errors.rb
|
21
|
+
lib/authlogic/session/openid.rb
|
22
|
+
lib/authlogic/session/params.rb
|
14
23
|
lib/authlogic/session/scopes.rb
|
15
|
-
lib/authlogic/
|
24
|
+
lib/authlogic/session/session.rb
|
25
|
+
lib/authlogic/testing/shoulda_macros.rb
|
16
26
|
lib/authlogic/version.rb
|
17
27
|
lib/authlogic.rb
|
18
28
|
Manifest
|
19
29
|
MIT-LICENSE
|
20
30
|
Rakefile
|
21
31
|
README.rdoc
|
22
|
-
test/active_record_acts_as_authentic_test.rb
|
23
|
-
test/active_record_authenticates_many_test.rb
|
24
32
|
test/fixtures/companies.yml
|
25
33
|
test/fixtures/employees.yml
|
26
34
|
test/fixtures/projects.yml
|
27
35
|
test/fixtures/users.yml
|
36
|
+
test/libs/aes128_crypto_provider.rb
|
37
|
+
test/libs/mock_controller.rb
|
38
|
+
test/libs/mock_cookie_jar.rb
|
39
|
+
test/libs/mock_request.rb
|
40
|
+
test/libs/ordered_hash.rb
|
41
|
+
test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb
|
42
|
+
test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb
|
43
|
+
test/session_tests/active_record_trickery_test.rb
|
44
|
+
test/session_tests/authenticates_many_association_test.rb
|
45
|
+
test/session_tests/base_test.rb
|
46
|
+
test/session_tests/config_test.rb
|
47
|
+
test/session_tests/cookies_test.rb
|
48
|
+
test/session_tests/params_test.rb
|
49
|
+
test/session_tests/scopes_test.rb
|
50
|
+
test/session_tests/session_test.rb
|
28
51
|
test/test_helper.rb
|
29
|
-
test/user_session_active_record_trickery_test.rb
|
30
|
-
test/user_session_base_test.rb
|
31
|
-
test/user_session_config_test.rb
|
32
|
-
test/user_session_scopes_test.rb
|
33
|
-
test_libs/aes128_crypto_provider.rb
|
34
|
-
test_libs/mock_controller.rb
|
35
|
-
test_libs/mock_cookie_jar.rb
|
36
|
-
test_libs/mock_request.rb
|
37
|
-
test_libs/ordered_hash.rb
|
data/README.rdoc
CHANGED
@@ -1,10 +1,12 @@
|
|
1
1
|
= Authlogic
|
2
2
|
|
3
|
-
Authlogic is a
|
3
|
+
Authlogic is a clean, simple, and unobtrusive ruby authentication solution. Put simply, its the Chuck Norris of authentication solutions for your framework of choice.
|
4
4
|
|
5
5
|
The last thing we need is another authentication solution, right? That's what I thought until I tried out some of the current solutions in both rails and merb. None of them felt right. They were either too complicated, bloated, littered my application with tons of code, or were just confusing. This is not the simple / elegant ruby we all fell in love with. We need a "ruby like" authentication solution. Authlogic is my attempt to satisfy that need...
|
6
6
|
|
7
|
-
Let's take a rails application
|
7
|
+
Let's take a rails application...
|
8
|
+
|
9
|
+
Wouldn't it be nice to keep your app up to date with the latest and greatest security techniques with a simple update of a plugin?
|
8
10
|
|
9
11
|
What if you could have authentication up and running in minutes without having to run a generator? All because it's simple, like everything else.
|
10
12
|
|
@@ -54,7 +56,7 @@ Or how about persisting the session...
|
|
54
56
|
protected
|
55
57
|
def load_user
|
56
58
|
@user_session = UserSession.find
|
57
|
-
@current_user = @user_session && @user_session.
|
59
|
+
@current_user = @user_session && @user_session.user
|
58
60
|
end
|
59
61
|
end
|
60
62
|
|
@@ -69,13 +71,16 @@ Authlogic makes this a reality. This is just the tip of the ice berg. Keep readi
|
|
69
71
|
|
70
72
|
== Install and use
|
71
73
|
|
72
|
-
Install the gem / plugin
|
74
|
+
Install the gem / plugin (recommended)
|
73
75
|
|
74
76
|
$ sudo gem install authlogic
|
75
|
-
$ cd vendor/plugins
|
76
|
-
$ sudo gem unpack authlogic
|
77
77
|
|
78
|
-
|
78
|
+
Now add the gem dependency in your config:
|
79
|
+
|
80
|
+
# config/environment.rb
|
81
|
+
config.gem :authlogic
|
82
|
+
|
83
|
+
Or you install this as a plugin (for older versions of rails)
|
79
84
|
|
80
85
|
script/plugin install git://github.com/binarylogic/authlogic.git
|
81
86
|
|
@@ -86,14 +91,14 @@ Lets assume you are setting up a session for your User model.
|
|
86
91
|
Create your user_session.rb file:
|
87
92
|
|
88
93
|
# app/models/user_session.rb
|
89
|
-
class UserSession <
|
94
|
+
class UserSession < Authlogic::Session::Base
|
90
95
|
# configuration here, just like ActiveRecord, or in an initializer
|
91
|
-
# See
|
96
|
+
# See Authlogic::Session::Config::ClassMethods for more details
|
92
97
|
end
|
93
98
|
|
94
99
|
=== Ensure proper database fields
|
95
100
|
|
96
|
-
The user model needs to have the following columns. The names of these columns can be changed with configuration. Better yet,
|
101
|
+
The user model needs to have the following columns. The names of these columns can be changed with configuration. Better yet, Authlogic tries to guess these names by checking for the existence of common names. See Authlogic::Session::Config::ClassMethods for more details, but chances are you won't have to specify any configuration for your field names, even if they aren't the same names as below.
|
97
102
|
|
98
103
|
t.string :login, :null => false
|
99
104
|
t.string :crypted_password, :null => false
|
@@ -106,11 +111,9 @@ The user model needs to have the following columns. The names of these columns c
|
|
106
111
|
Make sure you have a model that you will be authenticating with. For this example let's say you have a User model:
|
107
112
|
|
108
113
|
class User < ActiveRecord::Base
|
109
|
-
acts_as_authentic # for options see documentation:
|
114
|
+
acts_as_authentic # for options see documentation: Authlogic::ActsAsAuthentic::ClassMethods
|
110
115
|
end
|
111
116
|
|
112
|
-
The options for acts_as_authentic are based on the UserSession configuration. So if you specified configuration for your UserSession model you should not have to specify any options for acts_as_authentic, unless you want them to be different.
|
113
|
-
|
114
117
|
Done! Now go use it just like you would with any other ActiveRecord model. Either glance at the code at the beginning of this readme or check out the tutorial (see above in "helpful links") for a more detailed walk through.
|
115
118
|
|
116
119
|
== Magic Columns
|
@@ -269,7 +272,6 @@ Here is basically how this is done....
|
|
269
272
|
|
270
273
|
class User < ActiveRecord::Base
|
271
274
|
after_save :maintain_sessions!
|
272
|
-
after_update :update_sessions!
|
273
275
|
|
274
276
|
private
|
275
277
|
def maintain_sessions!
|
@@ -286,7 +288,7 @@ When things come together like this I think its a sign that you are doing someth
|
|
286
288
|
|
287
289
|
I designed Authlogic to be framework agnostic, meaning it doesn't care what framework you use it in. Right out of the box it supports rails and merb. I have not had the opportunity to use other frameworks, but the only thing stopping Authlogic from being used in other frameworks is a simple adapter. Check out controller_adapters/rails_adapter, or controller_adapters/merb_adapter.
|
288
290
|
|
289
|
-
Since pretty much all of the frameworks in ruby follow the Rack conventions, the code should be very similar across adapters. You're saying "but Ben, why not just hook into Rack and avoid the need for controller adapters all together?". It's not that simple, because rails doesn't inherit from the Rack::Request class, plus there are small differences between how rack is implemented in each framework. Authlogic has to hook into your controller with a before_filter anyways, so it can "activate" itself. Why not just use the controller object?
|
291
|
+
Since pretty much all of the frameworks in ruby follow the Rack conventions, the code should be very similar across adapters. In fact that abstract adapter assumes you are using Rack. If you are using it properly there really isn't any code you should have to write. Check out the merb_adapter to see for yourself. You're saying "but Ben, why not just hook into Rack and avoid the need for controller adapters all together?". It's not that simple, because rails doesn't inherit from the Rack::Request class, plus there are small differences between how rack is implemented in each framework. Authlogic has to hook into your controller with a before_filter anyways, so it can "activate" itself. Why not just use the controller object?
|
290
292
|
|
291
293
|
The point in all of this rambling is that implementing Authlogic is as simple as creating an adapter. I created both the rails and merb adapters in under 10 minutes. If you have an adapter you created and would like to add please let me know and I will add it into the source.
|
292
294
|
|
data/Rakefile
CHANGED
@@ -8,7 +8,7 @@ Echoe.new 'authlogic' do |p|
|
|
8
8
|
p.author = "Ben Johnson of Binary Logic"
|
9
9
|
p.email = 'bjohnson@binarylogic.com'
|
10
10
|
p.project = 'authlogic'
|
11
|
-
p.summary = "
|
11
|
+
p.summary = "A clean, simple, and unobtrusive ruby authentication solution."
|
12
12
|
p.url = "http://github.com/binarylogic/authlogic"
|
13
13
|
p.dependencies = %w(activesupport activerecord)
|
14
14
|
p.include_rakefile = true
|
data/authlogic.gemspec
CHANGED
@@ -1,22 +1,22 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = %q{authlogic}
|
3
|
-
s.version = "1.
|
3
|
+
s.version = "1.1.0"
|
4
4
|
|
5
5
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
6
6
|
s.authors = ["Ben Johnson of Binary Logic"]
|
7
|
-
s.date = %q{2008-11-
|
8
|
-
s.description = %q{
|
7
|
+
s.date = %q{2008-11-13}
|
8
|
+
s.description = %q{A clean, simple, and unobtrusive ruby authentication solution.}
|
9
9
|
s.email = %q{bjohnson@binarylogic.com}
|
10
|
-
s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authlogic/
|
11
|
-
s.files = ["CHANGELOG.rdoc", "init.rb", "lib/authlogic/
|
10
|
+
s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/openid.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/testing/shoulda_macros.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "README.rdoc"]
|
11
|
+
s.files = ["CHANGELOG.rdoc", "init.rb", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/openid.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/testing/shoulda_macros.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "Manifest", "MIT-LICENSE", "Rakefile", "README.rdoc", "test/fixtures/companies.yml", "test/fixtures/employees.yml", "test/fixtures/projects.yml", "test/fixtures/users.yml", "test/libs/aes128_crypto_provider.rb", "test/libs/mock_controller.rb", "test/libs/mock_cookie_jar.rb", "test/libs/mock_request.rb", "test/libs/ordered_hash.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb", "authlogic.gemspec"]
|
12
12
|
s.has_rdoc = true
|
13
13
|
s.homepage = %q{http://github.com/binarylogic/authlogic}
|
14
14
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Authlogic", "--main", "README.rdoc"]
|
15
15
|
s.require_paths = ["lib"]
|
16
16
|
s.rubyforge_project = %q{authlogic}
|
17
17
|
s.rubygems_version = %q{1.2.0}
|
18
|
-
s.summary = %q{
|
19
|
-
s.test_files = ["test/
|
18
|
+
s.summary = %q{A clean, simple, and unobtrusive ruby authentication solution.}
|
19
|
+
s.test_files = ["test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb"]
|
20
20
|
|
21
21
|
if s.respond_to? :specification_version then
|
22
22
|
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
data/lib/authlogic.rb
CHANGED
@@ -6,24 +6,41 @@ require File.dirname(__FILE__) + "/authlogic/controller_adapters/abstract_adapte
|
|
6
6
|
require File.dirname(__FILE__) + "/authlogic/controller_adapters/rails_adapter" if defined?(Rails)
|
7
7
|
require File.dirname(__FILE__) + "/authlogic/controller_adapters/merb_adapter" if defined?(Merb)
|
8
8
|
|
9
|
-
require File.dirname(__FILE__) + "/authlogic/
|
9
|
+
require File.dirname(__FILE__) + "/authlogic/crypto_providers/sha1"
|
10
|
+
require File.dirname(__FILE__) + "/authlogic/crypto_providers/sha512"
|
10
11
|
|
11
|
-
|
12
|
-
require File.dirname(__FILE__) + "/authlogic/
|
13
|
-
require File.dirname(__FILE__) + "/authlogic/
|
12
|
+
if defined?(ActiveRecord)
|
13
|
+
require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic"
|
14
|
+
require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials"
|
15
|
+
require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in"
|
16
|
+
require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence"
|
17
|
+
require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance"
|
18
|
+
require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/authenticates_many"
|
19
|
+
end
|
14
20
|
|
21
|
+
require File.dirname(__FILE__) + "/authlogic/session/authenticates_many_association"
|
15
22
|
require File.dirname(__FILE__) + "/authlogic/session/active_record_trickery"
|
16
23
|
require File.dirname(__FILE__) + "/authlogic/session/callbacks"
|
17
24
|
require File.dirname(__FILE__) + "/authlogic/session/config"
|
25
|
+
require File.dirname(__FILE__) + "/authlogic/session/cookies"
|
18
26
|
require File.dirname(__FILE__) + "/authlogic/session/errors"
|
27
|
+
#require File.dirname(__FILE__) + "/authlogic/session/openid"
|
28
|
+
require File.dirname(__FILE__) + "/authlogic/session/params"
|
29
|
+
require File.dirname(__FILE__) + "/authlogic/session/session"
|
19
30
|
require File.dirname(__FILE__) + "/authlogic/session/scopes"
|
20
31
|
require File.dirname(__FILE__) + "/authlogic/session/base"
|
21
32
|
|
33
|
+
require File.dirname(__FILE__) + "/authlogic/testing/shoulda_macros"
|
34
|
+
|
22
35
|
module Authlogic
|
23
36
|
module Session
|
24
37
|
class Base
|
25
38
|
include ActiveRecordTrickery
|
26
39
|
include Callbacks
|
40
|
+
include Cookies
|
41
|
+
#include OpenID
|
42
|
+
include Params
|
43
|
+
include Session
|
27
44
|
include Scopes
|
28
45
|
end
|
29
46
|
end
|
@@ -3,20 +3,35 @@ module Authlogic
|
|
3
3
|
# = Abstract Adapter
|
4
4
|
# Allows you to use Authlogic in any framework you want, not just rails. See tha RailsAdapter for an example of how to adapter Authlogic to work with your framework.
|
5
5
|
class AbstractAdapter
|
6
|
+
attr_accessor :controller
|
7
|
+
|
8
|
+
def initialize(controller)
|
9
|
+
self.controller = controller
|
10
|
+
end
|
11
|
+
|
6
12
|
def authenticate_with_http_basic(&block)
|
7
|
-
|
13
|
+
@auth = Rack::Auth::Basic::Request.new(controller.request.env)
|
14
|
+
if @auth.provided? and @auth.basic?
|
15
|
+
block.call(*@auth.credentials)
|
16
|
+
else
|
17
|
+
false
|
18
|
+
end
|
8
19
|
end
|
9
20
|
|
10
21
|
def cookies
|
11
|
-
|
22
|
+
controller.cookies
|
23
|
+
end
|
24
|
+
|
25
|
+
def params
|
26
|
+
controller.params
|
12
27
|
end
|
13
28
|
|
14
29
|
def request
|
15
|
-
|
30
|
+
controller.request
|
16
31
|
end
|
17
32
|
|
18
33
|
def session
|
19
|
-
|
34
|
+
controller.session
|
20
35
|
end
|
21
36
|
end
|
22
37
|
end
|
@@ -4,33 +4,6 @@ module Authlogic
|
|
4
4
|
# Adapts authlogic to work with merb. The point is to close the gap between what authlogic expects and what the merb controller object
|
5
5
|
# provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
|
6
6
|
class MerbAdapter < AbstractAdapter
|
7
|
-
attr_accessor :controller
|
8
|
-
|
9
|
-
def initialize(controller)
|
10
|
-
self.controller = controller
|
11
|
-
end
|
12
|
-
|
13
|
-
def authenticate_with_http_basic(&block)
|
14
|
-
@auth = Rack::Auth::Basic::Request.new(controller.request.env)
|
15
|
-
if @auth.provided? and @auth.basic?
|
16
|
-
black.call(*@auth.credentials)
|
17
|
-
else
|
18
|
-
false
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
def cookies
|
23
|
-
controller.cookies
|
24
|
-
end
|
25
|
-
|
26
|
-
def request
|
27
|
-
controller.request
|
28
|
-
end
|
29
|
-
|
30
|
-
def session
|
31
|
-
controller.session
|
32
|
-
end
|
33
|
-
|
34
7
|
# = Merb Implementation
|
35
8
|
# Lets Authlogic know about the controller object, AKA "activates" authlogic.
|
36
9
|
module MerbImplementation
|
@@ -4,12 +4,6 @@ module Authlogic
|
|
4
4
|
# Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object
|
5
5
|
# provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
|
6
6
|
class RailsAdapter < AbstractAdapter
|
7
|
-
attr_accessor :controller
|
8
|
-
|
9
|
-
def initialize(controller)
|
10
|
-
self.controller = controller
|
11
|
-
end
|
12
|
-
|
13
7
|
def authenticate_with_http_basic(&block)
|
14
8
|
controller.authenticate_with_http_basic(&block)
|
15
9
|
end
|
@@ -18,14 +12,6 @@ module Authlogic
|
|
18
12
|
controller.send(:cookies)
|
19
13
|
end
|
20
14
|
|
21
|
-
def request
|
22
|
-
controller.request
|
23
|
-
end
|
24
|
-
|
25
|
-
def session
|
26
|
-
controller.session
|
27
|
-
end
|
28
|
-
|
29
15
|
# = Rails Implementation
|
30
16
|
# Lets Authlogic know about the controller object, AKA "activates" authlogic.
|
31
17
|
module RailsImplementation
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require "digest/sha1"
|
2
|
+
|
3
|
+
module Authlogic
|
4
|
+
module CryptoProviders
|
5
|
+
# = Sha1
|
6
|
+
#
|
7
|
+
# Uses the Sha1 hash algorithm to encrypt passwords. This class is useful if you are migrating from restful_authentication. This uses the
|
8
|
+
# exact same excryption algorithm with 10 stretches, just like restful_authentication.
|
9
|
+
class Sha1
|
10
|
+
class << self
|
11
|
+
def stretches
|
12
|
+
@stretches ||= 10
|
13
|
+
end
|
14
|
+
attr_writer :stretches
|
15
|
+
|
16
|
+
def encrypt(pass)
|
17
|
+
digest = pass
|
18
|
+
stretches.times { digest = Digest::SHA1.hexdigest(digest) }
|
19
|
+
digest
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require "digest/sha2"
|
2
|
+
|
3
|
+
module Authlogic
|
4
|
+
# = Crypto Providers
|
5
|
+
#
|
6
|
+
# The acts_as_authentic method allows you to pass a :crypto_provider option. This allows you to use any type of encryption you like.
|
7
|
+
# Just create a class with a class level encrypt and decrypt method. The password will be passed as the single parameter to each of these
|
8
|
+
# methods so you can do your magic.
|
9
|
+
#
|
10
|
+
# If you are encrypting via a hash just don't include a decrypt method, since hashes can't be decrypted. Authlogic will notice this adjust accordingly.
|
11
|
+
module CryptoProviders
|
12
|
+
# = Sha512
|
13
|
+
#
|
14
|
+
# Uses the Sha512 hash algorithm to encrypt passwords.
|
15
|
+
class Sha512
|
16
|
+
class << self
|
17
|
+
def stretches
|
18
|
+
@stretches ||= 20
|
19
|
+
end
|
20
|
+
attr_writer :stretches
|
21
|
+
|
22
|
+
def encrypt(pass)
|
23
|
+
digest = pass
|
24
|
+
stretches.times { digest = Digest::SHA512.hexdigest(digest) }
|
25
|
+
digest
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,89 @@
|
|
1
|
+
module Authlogic
|
2
|
+
module ORMAdapters # :nodoc:
|
3
|
+
module ActiveRecordAdapter # :nodoc:
|
4
|
+
# = Acts As Authentic
|
5
|
+
# Provides the acts_as_authentic method to include in your models to help with authentication. See method below.
|
6
|
+
module ActsAsAuthentic
|
7
|
+
# Call this method in your model to add in basic authentication madness that your authlogic session expects.
|
8
|
+
#
|
9
|
+
# === Methods
|
10
|
+
# For example purposes lets assume you have a User model.
|
11
|
+
#
|
12
|
+
# Class method name Description
|
13
|
+
# User.crypto_provider The class that you set in your :crypto_provider option
|
14
|
+
# User.forget_all! Finds all records, loops through them, and calls forget! on each record. This is paginated to save on memory.
|
15
|
+
# User.unique_token returns unique token generated by your :crypto_provider
|
16
|
+
#
|
17
|
+
# Named Scopes
|
18
|
+
# User.logged_in Find all users who are logged in, based on your :logged_in_timeout option.
|
19
|
+
# User.logged_out Same as above, but logged out.
|
20
|
+
#
|
21
|
+
# Isntace method name
|
22
|
+
# user.password= Method name based on the :password_field option. This is used to set the password. Pass the *raw* password to this.
|
23
|
+
# user.confirm_password= Confirms the password, needed to change the password.
|
24
|
+
# user.valid_password?(pass) Determines if the password passed is valid. The password could be encrypted or raw.
|
25
|
+
# user.reset_password Resets the password to a random password using only letters and numbers.
|
26
|
+
# user.reset_password! The same as reset_password but saves the record.
|
27
|
+
# user.logged_in? Based on the :logged_in_timeout option. Tells you if the user is logged in or not.
|
28
|
+
# user.forget! Changes their remember token, making their cookie and session invalid. A way to log the user out withouth changing their password.
|
29
|
+
#
|
30
|
+
# === Options
|
31
|
+
#
|
32
|
+
# * <tt>session_class:</tt> default: "#{name}Session",
|
33
|
+
# This is the related session class. A lot of the configuration will be based off of the configuration values of this class.
|
34
|
+
#
|
35
|
+
# * <tt>crypto_provider:</tt> default: Authlogic::CryptoProviders::Sha512,
|
36
|
+
# This is the class that provides your encryption. By default Authlogic provides its own crypto provider that uses Sha512 encrypton.
|
37
|
+
#
|
38
|
+
# * <tt>login_field:</tt> default: options[:session_class].login_field,
|
39
|
+
# The name of the field used for logging in, this is guess based on what columns are in your db. Only specify if you aren't using:
|
40
|
+
# login, username, or email
|
41
|
+
#
|
42
|
+
# * <tt>login_field_type:</tt> default: options[:login_field] == :email ? :email : :login,
|
43
|
+
# Tells authlogic how to validation the field, what regex to use, etc. If the field name is email it will automatically use email,
|
44
|
+
# otherwise it uses login.
|
45
|
+
#
|
46
|
+
# * <tt>login_field_regex:</tt> default: if email then typical email regex, otherwise typical login regex.
|
47
|
+
# This is used in validates_format_of for the login_field.
|
48
|
+
#
|
49
|
+
# * <tt>login_field_regex_message:</tt> the message to use when the validates_format_of for the login field fails.
|
50
|
+
#
|
51
|
+
# * <tt>password_field:</tt> default: options[:session_class].password_field,
|
52
|
+
# This is the name of the field to set the password, *NOT* the field the encrypted password is stored.
|
53
|
+
#
|
54
|
+
# * <tt>crypted_password_field:</tt> default: depends on which columns are present,
|
55
|
+
# The name of the database field where your encrypted password is stored. If the name of the field is different from any of the following
|
56
|
+
# you need to specify it with this option: crypted_password, encrypted_password, password_hash, pw_hash
|
57
|
+
#
|
58
|
+
# * <tt>password_salt_field:</tt> default: depends on which columns are present,
|
59
|
+
# This is the name of the field in your database that stores your password salt. If the name of the field is different from any of the
|
60
|
+
# following then you need to specify it with this option: password_salt, pw_salt, salt
|
61
|
+
#
|
62
|
+
# * <tt>remember_token_field:</tt> default: options[:session_class].remember_token_field,
|
63
|
+
# This is the name of the field your remember_token is stored. The remember token is a unique token that is stored in the users cookie and
|
64
|
+
# session. This way you have complete control of when session expire and you don't have to change passwords to expire sessions. This also
|
65
|
+
# ensures that stale sessions can not be persisted. By stale, I mean sessions that are logged in using an outdated password. If the name
|
66
|
+
# of the field is anything other than the following you need to specify it with this option: remember_token, remember_key, cookie_token,
|
67
|
+
# cookie_key
|
68
|
+
#
|
69
|
+
# * <tt>scope:</tt> default: nil,
|
70
|
+
# This scopes validations. If all of your users belong to an account you might want to scope everything to the account. Just pass :account_id
|
71
|
+
#
|
72
|
+
# * <tt>logged_in_timeout:</tt> default: 10.minutes,
|
73
|
+
# This is really just a nifty feature to tell if a user is logged in or not. It's based on activity. So if the user in inactive longer than
|
74
|
+
# the value you pass here they are assumed "logged out".
|
75
|
+
#
|
76
|
+
# * <tt>session_ids:</tt> default: [nil],
|
77
|
+
# The sessions that we want to automatically reset when a user is created or updated so you don't have to worry about this. Set to [] to disable.
|
78
|
+
# Should be an array of ids. See the Authlogic::Session documentation for information on ids. The order is important.
|
79
|
+
# The first id should be your main session, the session they need to log into first. This is generally nil. When you don't specify an id
|
80
|
+
# in your session you are really just inexplicitly saying you want to use the id of nil.
|
81
|
+
def acts_as_authentic(options = {})
|
82
|
+
# All logic for this method is split up into sub modules. This a stub to create a method chain off of and provide documentation.
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
ActiveRecord::Base.extend Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic
|