authlogic 1.0.0 → 1.1.0

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb

@@ -0,0 +1,144 @@
+module Authlogic
+  module ORMAdapters
+    module ActiveRecordAdapter
+      module Credentials # :nodoc:
+        def acts_as_authentic_with_credentials(options = {})
+          acts_as_authentic_without_credentials(options)
+          
+          # The following helps extract configuration into their specific ORM adapter and allows the Session configuration to set itself based on these values
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def self.login_field
+              @login_field ||= #{options[:login_field].inspect} ||
+              (column_names.include?("login") && :login) ||
+              (column_names.include?("username") && :username) ||
+              (column_names.include?("email") && :email) ||
+              :login
+            end
+
+            def self.password_field
+              @password_field ||= #{options[:password_field].inspect} ||
+              (column_names.include?("password") && :password) ||
+              (column_names.include?("pass") && :pass) ||
+              :password
+            end
+
+            def self.crypted_password_field
+              @crypted_password_field ||= #{options[:crypted_password_field].inspect} ||
+              (column_names.include?("crypted_password") && :crypted_password) ||
+              (column_names.include?("encrypted_password") && :encrypted_password) ||
+              (column_names.include?("password_hash") && :password_hash) ||
+              (column_names.include?("pw_hash") && :pw_hash) ||
+              :crypted_password
+            end
+
+            def self.password_salt_field
+              @password_salt_field ||= #{options[:password_salt_field].inspect} ||
+              (column_names.include?("password_salt") && :password_salt) ||
+              (column_names.include?("pw_salt") && :pw_salt) ||
+              (column_names.include?("salt") && :salt) ||
+              :password_salt
+            end
+          end_eval
+          
+          # The following methods allow other focused modules to alter validation behavior, such as openid as an alternate login
+          unless respond_to?(:allow_blank_for_login_validations?)
+            def self.allow_blank_for_login_validations?
+              false
+            end
+          end
+          
+          options[:crypto_provider] ||= CryptoProviders::Sha512
+          options[:login_field_type] ||= login_field == :email ? :email : :login
+          
+          # Validations
+          case options[:login_field_type]
+          when :email
+            validates_length_of login_field, :within => 6..100
+            email_name_regex  = '[\w\.%\+\-]+'
+            domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
+            domain_tld_regex  = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'
+            options[:login_field_regex] ||= /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
+            options[:login_field_regex_message] ||= "should look like an email address."
+            validates_format_of login_field, :with => options[:login_field_regex], :message => options[:login_field_regex_message]
+          else
+            validates_length_of login_field, :within => 2..100, :allow_blank => true
+            options[:login_field_regex] ||= /\A\w[\w\.\-_@ ]+\z/
+            options[:login_field_regex_message] ||= "use only letters, numbers, spaces, and .-_@ please."
+            validates_format_of login_field, :with => options[:login_field_regex], :message => options[:login_field_regex_message]
+          end
+          
+          validates_uniqueness_of login_field, :scope => options[:scope]
+          validate :validate_password
+          
+          attr_writer "confirm_#{password_field}"
+          attr_accessor "tried_to_set_#{password_field}"
+          
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def self.crypto_provider
+              #{options[:crypto_provider]}
+            end
+            
+            def crypto_provider
+              self.class.crypto_provider
+            end
+            
+            def #{password_field}=(pass)
+              return if pass.blank?
+              self.tried_to_set_#{password_field} = true
+              @#{password_field} = pass
+              self.#{password_salt_field} = self.class.unique_token
+              self.#{crypted_password_field} = crypto_provider.encrypt(@#{password_field} + #{password_salt_field})
+            end
+            
+            def valid_#{password_field}?(attempted_password)
+              return false if attempted_password.blank? || #{crypted_password_field}.blank? || #{password_salt_field}.blank?
+              attempted_password == #{crypted_password_field} ||
+                (crypto_provider.respond_to?(:decrypt) && crypto_provider.decrypt(#{crypted_password_field}) == attempted_password + #{password_salt_field}) ||
+                (!crypto_provider.respond_to?(:decrypt) && crypto_provider.encrypt(attempted_password + #{password_salt_field}) == #{crypted_password_field})
+            end
+            
+            def #{password_field}; end
+            def confirm_#{password_field}; end
+            
+            def reset_#{password_field}
+              chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+              newpass = ""
+              1.upto(10) { |i| newpass << chars[rand(chars.size-1)] }
+              self.#{password_field} = newpass
+              self.confirm_#{password_field} = newpass
+            end
+            alias_method :randomize_password, :reset_password
+            
+            def reset_#{password_field}!
+              reset_#{password_field}
+              save_without_session_maintenance(false)
+            end
+            alias_method :randomize_password!, :reset_password!
+            
+            protected
+              def tried_to_set_password?
+                tried_to_set_password == true
+              end
+              
+              def validate_password
+                if new_record? || tried_to_set_#{password_field}?
+                  if @#{password_field}.blank?
+                    errors.add(:#{password_field}, "can not be blank")
+                  else
+                    errors.add(:confirm_#{password_field}, "did not match") if @confirm_#{password_field} != @#{password_field}
+                  end
+                end
+              end
+          end_eval
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.class_eval do
+  class << self
+    include Authlogic::ORMAdapters::ActiveRecordAdapter::Credentials
+    alias_method_chain :acts_as_authentic, :credentials
+  end
+end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb

@@ -0,0 +1,41 @@
+module Authlogic
+  module ORMAdapters
+    module ActiveRecordAdapter
+      module LoggedIn # :nodoc:
+        def acts_as_authentic_with_logged_in(options = {})
+          acts_as_authentic_without_logged_in(options)
+          
+          options[:logged_in_timeout] ||= 10.minutes
+          
+          validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
+      
+          if column_names.include?("last_request_at")
+            named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", options[:logged_in_timeout].ago]} }
+            named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", options[:logged_in_timeout].ago]} }
+          end
+          
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def self.logged_in_timeout
+              #{options[:logged_in_timeout].to_i}.seconds
+            end
+          end_eval
+      
+          if column_names.include?("last_request_at")
+            class_eval <<-"end_eval", __FILE__, __LINE__
+              def logged_in?
+                !last_request_at.nil? && last_request_at > self.class.logged_in_timeout.ago
+              end
+            end_eval
+          end
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.class_eval do
+  class << self
+    include Authlogic::ORMAdapters::ActiveRecordAdapter::LoggedIn
+    alias_method_chain :acts_as_authentic, :logged_in
+  end
+end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb

@@ -0,0 +1,62 @@
+module Authlogic
+  module ORMAdapters
+    module ActiveRecordAdapter
+      module Persistence # :nodoc:
+        def acts_as_authentic_with_persistence(options = {})
+          acts_as_authentic_without_persistence(options)
+          
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def self.remember_token_field
+              @remember_token_field ||= #{options[:remember_token_field].inspect} ||
+              (column_names.include?("remember_token") && :remember_token) ||
+              (column_names.include?("remember_key") && :remember_key) ||
+              (column_names.include?("cookie_token") && :cookie_token) ||
+              (column_names.include?("cookie_key") && :cookie_key) ||
+              :remember_token
+            end
+          end_eval
+          
+          validates_uniqueness_of remember_token_field
+          
+          def unique_token
+            # The remember token should be a unique string that is not reversible, which is what a hash is all about
+            # if you using encryption this defaults to Sha512.
+            token_class = crypto_provider.respond_to?(:decrypt) ? Authlogic::CryptoProviders::Sha512 : crypto_provider
+            token_class.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
+          end
+          
+          def forget_all!
+            # Paginate these to save on memory
+            records = nil
+            i = 0
+            begin
+              records = find(:all, :limit => 50, :offset => i)
+              records.each { |record| record.forget! }
+              i += 50
+            end while !records.blank?
+          end
+          
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def forget!
+              self.#{remember_token_field} = self.class.unique_token
+              save_without_session_maintenance(false)
+            end
+            
+            def password_with_persistence=(value)
+              self.#{remember_token_field} = self.class.unique_token
+              self.password_without_persistence = value
+            end
+            alias_method_chain :password=, :persistence
+          end_eval
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.class_eval do
+  class << self
+    include Authlogic::ORMAdapters::ActiveRecordAdapter::Persistence
+    alias_method_chain :acts_as_authentic, :persistence
+  end
+end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb

@@ -0,0 +1,83 @@
+module Authlogic
+  module ORMAdapters
+    module ActiveRecordAdapter
+      module SessionMaintenance # :nodoc:
+        def acts_as_authentic_with_session_maintenance(options = {})
+          acts_as_authentic_without_session_maintenance(options)
+          
+          options[:session_class] ||= "#{name}Session"
+          options[:session_ids] ||= [nil]
+          
+          before_save :get_session_information, :if => :update_sessions?
+          after_save :maintain_sessions!, :if => :update_sessions?
+          
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def save_without_session_maintenance(*args)
+              @skip_session_maintenance = true
+              result = save(*args)
+              @skip_session_maintenance = false
+              result
+            end
+            
+            protected
+              def update_sessions?
+                !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{remember_token_field}_changed?
+              end
+            
+              def get_session_information
+                # Need to determine if we are completely logged out, or logged in as another user
+                @_sessions = []
+                @_logged_out = true
+          
+                #{options[:session_ids].inspect}.each do |session_id|
+                  session = #{options[:session_class]}.find(*[session_id].compact)
+                  if session
+                    if !session.record.blank?
+                      @_logged_out = false
+                      @_sessions << session if session.record == self
+                    end
+                  end
+                end
+              end
+        
+              def maintain_sessions!
+                if @_logged_out
+                  create_session!
+                elsif !@_sessions.blank?
+                  update_sessions!
+                end
+              end
+        
+              def create_session!
+                # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
+                # that need to be created after logging into the main session.
+                session_id = #{options[:session_ids].inspect}.first
+          
+                # If we are already logged in, ignore this completely. All that we care about is updating ourself.
+                next if #{options[:session_class]}.find(*[session_id].compact)
+                        
+                # Log me in
+                args = [self, session_id].compact
+                #{options[:session_class]}.create(*args)
+              end
+        
+              def update_sessions!
+                # We found sessions above, let's update them with the new info
+                @_sessions.each do |stale_session|
+                  stale_session.unauthorized_record = self
+                  stale_session.save
+                end
+              end
+          end_eval
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.class_eval do
+  class << self
+    include Authlogic::ORMAdapters::ActiveRecordAdapter::SessionMaintenance
+    alias_method_chain :acts_as_authentic, :session_maintenance
+  end
+end

data/lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb

@@ -0,0 +1,58 @@
+module Authlogic
+  module ORMAdapters
+    module ActiveRecordAdapter
+      # = Authenticates Many
+      #
+      # This allows you to scope your authentication. For example, let's say all users belong to an account, you want to make sure only users
+      # that belong to that account can actually login into that account. Simple, just do:
+      #
+      #   class Account < ActiveRecord::Base
+      #     authenticates_many :user_sessions
+      #   end
+      #
+      # Now you can scope sessions just like everything else in ActiveRecord:
+      #
+      #   @account.user_sessions.new(*args)
+      #   @account.user_sessions.create(*args)
+      #   @account.user_sessions.find(*args)
+      #   # ... etc
+      #
+      # For more information on scopes check out the scopes section in the README.
+      module AuthenticatesMany
+        # Allows you set essentially set up a relationship with your sessions. See module definition above for more details.
+        #
+        # === Options
+        #
+        # * <tt>session_class:</tt> default: "#{name}Session",
+        #   This is the related session class.
+        #   
+        # * <tt>relationship_name:</tt> default: options[:session_class].klass_name.underscore.pluralize,
+        #   This is the name of the relationship you want to use to scope everything. For example an Account has many Users. There should be a relationship
+        #   called :users that you defined with a has_many. The reason we use the relationship is so you don't have to repeat yourself. The relatonship
+        #   could have all kinds of custom options. So instead of repeating yourself we essentially use the scope that the relationship creates.
+        #
+        # * <tt>find_options:</tt> default: nil,
+        #   By default the find options are created from the relationship you specify with :relationship_name. But if you want to override this and
+        #   manually specify find_options you can do it here. Specify options just as you would in ActiveRecord::Base.find.
+        #
+        # * <tt>scope_cookies:</tt> default: false
+        #   By the nature of cookies they scope theirself if you are using subdomains to access accounts. If you aren't using subdomains you need to have
+        #   separate cookies for each account, assuming a user is logging into mroe than one account. Authlogic can take care of this for you by
+        #   prefixing the name of the cookie and sessin with the model id. You just need to tell Authlogic to do this by passing this option.
+        def authenticates_many(name, options = {})
+          options[:session_class] ||= name.to_s.classify.constantize
+          options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
+          class_eval <<-"end_eval", __FILE__, __LINE__
+            def #{name}
+              find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scope(:find)
+              find_options.delete_if { |key, value| ![:conditions, :include, :joins].include?(key.to_sym) || value.nil? }
+              @#{name} ||= Authlogic::Session::AuthenticatesManyAssociation.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
+            end
+          end_eval
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.extend Authlogic::ORMAdapters::ActiveRecordAdapter::AuthenticatesMany

data/lib/authlogic/{active_record/scoped_session.rb → session/authenticates_many_association.rb}

@@ -1,6 +1,15 @@
 module Authlogic
-  module ActiveRecord
-    class ScopedSession # :nodoc:
+  module Session
+    # = Authenticates Many Association
+    #
+    # An object of this class is used as a proxy for the authenticates_many relationship. It basically allows you to "save" scope details and call them on an object, which allows you to do the following:
+    #
+    #   @account.user_sessions.new
+    #   @account.user_sessions.find
+    #   # ... etc
+    #
+    # You can call all of the class level methods off of an object with a saved scope, so that calling the above methods scopes the user sessions down to that specific account.
+    class AuthenticatesManyAssociation # :nodoc:
       attr_accessor :klass, :find_options, :id
       
       def initialize(klass, find_options, id)
@@ -18,7 +27,7 @@ module Authlogic
           end
         end_eval
       end
-      
+    
       private
         def scope_options
           {:find_options => find_options, :id => id}

data/lib/authlogic/session/base.rb

@@ -47,7 +47,7 @@ module Authlogic
         #
         #   def load_user
         #     @user_session = UserSession.find
-        #     @current_user = @user_session && @user_session.record
+        #     @current_user = @user_session && @user_session.user
         #   end
         #
         # Accepts a single parameter as the id. See initialize for more information on ids. Lastly, how it finds the session can be modified via configuration.
@@ -80,26 +80,28 @@ module Authlogic
           end
       end
     
-      attr_accessor :login_with, :new_session
+      attr_accessor :new_session
       attr_reader :record, :unauthorized_record
-      attr_writer :id
+      attr_writer :authenticating_with, :id
     
       # You can initialize a session by doing any of the following:
       #
       #   UserSession.new
-      #   UserSession.new(login, password)
-      #   UserSession.new(:login => login, :password => password)
-      #   UserSession.new(User.first)
+      #   UserSession.new(:login => "login", :password => "password", :remember_me => true)
+      #   UserSession.new(:openid => "identity url", :remember_me => true)
+      #   UserSession.new(User.first, true)
       #
       # If a user has more than one session you need to pass an id so that Authlogic knows how to differentiate the sessions. The id MUST be a Symbol.
       #
       #   UserSession.new(:my_id)
-      #   UserSession.new(login, password, :my_id)
-      #   UserSession.new({:login => loing, :password => password}, :my_id)
-      #   UserSession.new(User.first, :my_id)
+      #   UserSession.new({:login => "login", :password => "password", :remember_me => true}, :my_id)
+      #   UserSession.new({:openid => "identity url", :remember_me => true}, :my_id)
+      #   UserSession.new(User.first, true, :my_id)
       #
       # Ids are rarely used, but they can be useful. For example, what if users allow other users to login into their account via proxy? Now that user can "technically" be logged into 2 accounts at once.
       # To solve this just pass a id called :proxy, or whatever you want. Authlogic will separate everything out.
+      #
+      # The reason the id is separate from the first parameter hash is becuase this should be controlled by you, not by what the user passes. A usr could inject their own id and things would not work as expected.
       def initialize(*args)
         raise NotActivated.new(self) unless self.class.activated?
         
@@ -107,19 +109,36 @@ module Authlogic
         
         self.id = args.pop if args.last.is_a?(Symbol)
         
-        case args.first
-        when Hash
+        if args.first.is_a?(Hash)
           self.credentials = args.first
-        when String
-          send("#{login_field}=", args[0]) if args.size > 0
-          send("#{password_field}=", args[1]) if args.size > 1
-          self.remember_me = args[2] if args.size > 2
-        else
+        elsif !args.first.blank? && args.first.class < ::ActiveRecord::Base
           self.unauthorized_record = args.first
           self.remember_me = args[1] if args.size > 1
         end
       end
       
+      # A flag for how the user is logging in. Possible values:
+      #
+      # * :password - username and password
+      # * :unauthorized_record - an actual ActiveRecord object
+      # * :openid - OpenID
+      #
+      # By default this is :password
+      def authenticating_with
+        @authenticating_with ||= :password
+      end
+      
+      # Returns true if logging in with credentials. Credentials mean username and password.
+      def authenticating_with_password?
+        authenticating_with == :password
+      end
+      
+      # Returns true if logging in with an unauthorized record
+      def authenticating_with_unauthorized_record?
+        authenticating_with == :unauthorized_record
+      end
+      alias_method :authenticating_with_record?, :authenticating_with_unauthorized_record?
+      
       # Your login credentials in hash format. Usually {:login => "my login", :password => "<protected>"} depending on your configuration.
       # Password is protected as a security measure. The raw password should never be publicly accessible.
       def credentials
@@ -131,7 +150,7 @@ module Authlogic
         return if values.blank? || !values.is_a?(Hash)
         values.symbolize_keys!
         [login_field.to_sym, password_field.to_sym, :remember_me].each do |field|
-          next if !values.key?(field)
+          next if values[field].blank?
           send("#{field}=", values[field])
         end
       end
@@ -140,8 +159,6 @@ module Authlogic
       def destroy
         errors.clear
         @record = nil
-        controller.cookies.delete cookie_key
-        controller.session[session_key] = nil
         true
       end
       
@@ -164,13 +181,20 @@ module Authlogic
       
       # Attempts to find the record by session, then cookie, and finally basic http auth. See the class level find method if you are wanting to use this in a before_filter to persist your session.
       def find_record
-        return record if record
+        if record
+          self.new_session = false
+          return record
+        end
+        
         find_with.each do |find_method|
           if send("valid_#{find_method}?")
-            if record.class.column_names.include?("last_request_at")
+            self.new_session = false
+            
+            if record.class.column_names.include?("last_request_at") && (record.last_request_at.blank? || last_request_at_threshold.ago >= record.last_request_at)
               record.last_request_at = Time.now
               record.save_without_session_maintenance(false)
             end
+            
             return record
           end
         end
@@ -195,7 +219,7 @@ module Authlogic
       
       def inspect # :nodoc:
         details = {}
-        case login_with
+        case authenticating_with
         when :unauthorized_record
           details[:unauthorized_record] = "<protected>"
         else
@@ -240,12 +264,6 @@ module Authlogic
       # 4. updates magic fields
       def save
         if valid?
-          update_session!
-          controller.cookies[cookie_key] = {
-            :value => record.send(remember_token_field),
-            :expires => remember_me_until
-          }
-          
           record.login_count = (record.login_count.blank? ? 1 : record.login_count + 1) if record.respond_to?(:login_count)
           
           if record.respond_to?(:current_login_at)
@@ -275,7 +293,7 @@ module Authlogic
       # Sometimes you don't want to create a session via credentials (login and password). Maybe you already have the record. Just set this record to this and it will be authenticated when you try to validate
       # the session. Basically this is another form of credentials, you are just skipping username and password validation.
       def unauthorized_record=(value)
-        self.login_with = :unauthorized_record
+        self.authenticating_with = :unauthorized_record
         @unauthorized_record = value
       end
       
@@ -285,6 +303,7 @@ module Authlogic
         errors.clear
         if valid_credentials?
           validate
+          valid_record?
           return true if errors.empty?
         end
         
@@ -298,41 +317,7 @@ module Authlogic
           if !login.blank? && !password.blank?
             send("#{login_field}=", login)
             send("#{password_field}=", password)
-            result = valid?
-            if result
-              update_session!
-              self.new_session = false
-              return result
-            end
-          end
-        end
-        
-        false
-      end
-      
-      # Tries to validate the session from information in the cookie
-      def valid_cookie?
-        if cookie_credentials
-          self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", cookie_credentials)
-          result = valid?
-          if result
-            update_session!
-            self.new_session = false
-            return result
-          end
-        end
-        
-        false
-      end
-      
-      # Tries to validate the session from information in the session
-      def valid_session?
-        if session_credentials
-          self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", session_credentials)
-          result = valid?
-          if result
-            self.new_session = false
-            return result
+            return valid?
           end
         end
         
@@ -348,23 +333,21 @@ module Authlogic
           self.class.controller
         end
         
-        def cookie_credentials
-          controller.cookies[cookie_key]
-        end
-        
         def create_configurable_methods!
           return if respond_to?(login_field) # already created these methods
           
           self.class.class_eval <<-"end_eval", __FILE__, __LINE__
+            alias_method :#{klass_name.underscore}, :record
+            
             attr_reader :#{login_field}
             
             def #{login_field}=(value)
-              self.login_with = :credentials
+              self.authenticating_with = :password
               @#{login_field} = value
             end
             
             def #{password_field}=(value)
-              self.login_with = :credentials
+              self.authenticating_with = :password
               @#{password_field} = value
             end
 
@@ -391,26 +374,14 @@ module Authlogic
         end
         
         def search_for_record(method, value)
-          begin
-            klass.send(method, value)
-          rescue Exception
-            raise method.inspect + "     " + value.inspect
-          end
-        end
-        
-        def session_credentials
-          controller.session[session_key]
-        end
-        
-        def update_session!
-          controller.session[session_key] = record && record.send(remember_token_field)
+          klass.send(method, value)
         end
         
         def valid_credentials?
           unchecked_record = nil
           
-          case login_with
-          when :credentials
+          case authenticating_with
+          when :password
             errors.add(login_field, "can not be blank") if send(login_field).blank?
             errors.add(password_field, "can not be blank") if send("protected_#{password_field}").blank?
             return false if errors.count > 0
@@ -438,20 +409,19 @@ module Authlogic
               errors.add_to_base("You can not login with a new record.")
               return false
             end
-          else
-            errors.add_to_base("You must provide some form of credentials before logging in.")
-            return false
           end
           
+          self.record = unchecked_record
+          true
+        end
+        
+        def valid_record?
           [:active, :approved, :confirmed].each do |required_status|
-            if unchecked_record.respond_to?("#{required_status}?") && !unchecked_record.send("#{required_status}?") 
-              errors.add_to_base("Your account has not been marked as #{required_status}")       
+            if record.respond_to?("#{required_status}?") && !record.send("#{required_status}?")
+              errors.add_to_base("Your account has not been marked as #{required_status}")
               return false
             end
           end
-          
-          self.record = unchecked_record
-          true
         end
     end
   end