authlogic 1.0.0 → 1.1.0

data/lib/authlogic/active_record/acts_as_authentic.rb

@@ -1,297 +0,0 @@
-module Authlogic
-  module ActiveRecord # :nodoc:
-    # = Acts As Authentic
-    # Provides the acts_as_authentic method to include in your models to help with authentication. See method below.
-    module ActsAsAuthentic
-      # Call this method in your model to add in basic authentication madness that your authlogic session expects.
-      #
-      # === Methods
-      # For example purposes lets assume you have a User model.
-      #
-      #   Class method name           Description
-      #   User.crypto_provider        The class that you set in your :crypto_provider option
-      #   User.forget_all!            Finds all records, loops through them, and calls forget! on each record. This is paginated to save on memory.
-      #   User.unique_token           returns unique token generated by your :crypto_provider
-      #
-      #   Named Scopes
-      #   User.logged_in              Find all users who are logged in, based on your :logged_in_timeout option.
-      #   User.logged_out             Same as above, but logged out.
-      #
-      #   Isntace method name
-      #   user.password=              Method name based on the :password_field option. This is used to set the password. Pass the *raw* password to this.
-      #   user.confirm_password=      Confirms the password, needed to change the password.
-      #   user.valid_password?(pass)  Determines if the password passed is valid. The password could be encrypted or raw.
-      #   user.reset_password!        Basically resets the password to a random password using only letters and numbers.
-      #   user.logged_in?             Based on the :logged_in_timeout option. Tells you if the user is logged in or not.
-      #   user.forget!                Changes their remember token, making their cookie and session invalid. A way to log the user out withouth changing their password.
-      #
-      # === Options
-      #
-      # * <tt>session_class:</tt> default: "#{name}Session",
-      #   This is the related session class. A lot of the configuration will be based off of the configuration values of this class.
-      #   
-      # * <tt>crypto_provider:</tt> default: Authlogic::Sha512CryptoProvider,
-      #   This is the class that provides your encryption. By default Authlogic provides its own crypto provider that uses Sha512 encrypton.
-      #   
-      # * <tt>login_field:</tt> default: options[:session_class].login_field,
-      #   The name of the field used for logging in, this is guess based on what columns are in your db. Only specify if you aren't using:
-      #   login, username, or email
-      #   
-      # * <tt>login_field_type:</tt> default: options[:login_field] == :email ? :email : :login,
-      #   Tells authlogic how to validation the field, what regex to use, etc. If the field name is email it will automatically use email,
-      #   otherwise it uses login.
-      #   
-      # * <tt>login_field_regex:</tt> default: if email then typical email regex, otherwise typical login regex.
-      #   This is used in validates_format_of for the login_field.
-      #   
-      # * <tt>login_field_regex_message:</tt> the message to use when the validates_format_of for the login field fails.
-      #   
-      # * <tt>password_field:</tt> default: options[:session_class].password_field,
-      #   This is the name of the field to set the password, *NOT* the field the encrypted password is stored.
-      #   
-      # * <tt>crypted_password_field:</tt> default: depends on which columns are present,
-      #   The name of the database field where your encrypted password is stored. If the name of the field is different from any of the following
-      #   you need to specify it with this option: crypted_password, encrypted_password, password_hash, pw_hash
-      #   
-      # * <tt>password_salt_field:</tt> default: depends on which columns are present,
-      #   This is the name of the field in your database that stores your password salt. If the name of the field is different from any of the
-      #   following then you need to specify it with this option: password_salt, pw_salt, salt
-      #   
-      # * <tt>remember_token_field:</tt> default: options[:session_class].remember_token_field,
-      #   This is the name of the field your remember_token is stored. The remember token is a unique token that is stored in the users cookie and
-      #   session. This way you have complete control of when session expire and you don't have to change passwords to expire sessions. This also
-      #   ensures that stale sessions can not be persisted. By stale, I mean sessions that are logged in using an outdated password. If the name
-      #   of the field is anything other than the following you need to specify it with this option: remember_token, remember_key, cookie_token,
-      #   cookie_key
-      #   
-      # * <tt>scope:</tt> default: nil,
-      #   This scopes validations. If all of your users belong to an account you might want to scope everything to the account. Just pass :account_id
-      #   
-      # * <tt>logged_in_timeout:</tt> default: 10.minutes,
-      #   This is really just a nifty feature to tell if a user is logged in or not. It's based on activity. So if the user in inactive longer than
-      #   the value you pass here they are assumed "logged out".
-      #
-      # * <tt>session_ids:</tt> default: [nil],
-      #   The sessions that we want to automatically reset when a user is created or updated so you don't have to worry about this. Set to [] to disable.
-      #   Should be an array of ids. See the Authlogic::Session documentation for information on ids. The order is important.
-      #   The first id should be your main session, the session they need to log into first. This is generally nil. When you don't specify an id
-      #   in your session you are really just inexplicitly saying you want to use the id of nil.
-      def acts_as_authentic(options = {})
-        # If we don't have a database, skip all of this, solves initial setup errors
-        begin
-          column_names
-        rescue Exception
-          return
-        end
-        
-        # Setup default options
-        begin
-          options[:session_class] ||= "#{name}Session".constantize
-        rescue NameError
-          raise NameError.new("You must create a #{name}Session class before a model can act_as_authentic. If that is not the name of the class pass the class constant via the :session_class option.")
-        end
-        
-        options[:crypto_provider] ||= Sha512CryptoProvider
-        options[:crypto_provider_type] ||= options[:crypto_provider].respond_to?(:decrypt) ? :encryption : :hash
-        options[:login_field] ||= options[:session_class].login_field
-        options[:login_field_type] ||= options[:login_field] == :email ? :email : :login
-        options[:password_field] ||= options[:session_class].password_field
-        options[:crypted_password_field] ||=
-          (column_names.include?("crypted_password") && :crypted_password) ||
-          (column_names.include?("encrypted_password") && :encrypted_password) ||
-          (column_names.include?("password_hash") && :password_hash) ||
-          (column_names.include?("pw_hash") && :pw_hash) ||
-          :crypted_password
-        options[:password_salt_field] ||= 
-          (column_names.include?("password_salt") && :password_salt) ||
-          (column_names.include?("pw_salt") && :pw_salt) ||
-          (column_names.include?("salt") && :salt) ||
-          :password_salt
-        options[:remember_token_field] ||= options[:session_class].remember_token_field
-        options[:logged_in_timeout] ||= 10.minutes
-        options[:session_ids] ||= [nil]
-      
-        # Validations
-        case options[:login_field_type]
-        when :email
-          validates_length_of options[:login_field], :within => 6..100
-          email_name_regex  = '[\w\.%\+\-]+'
-          domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
-          domain_tld_regex  = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'
-          options[:login_field_regex] ||= /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
-          options[:login_field_regex_message] ||= "should look like an email address."
-          validates_format_of options[:login_field], :with => options[:login_field_regex], :message => options[:login_field_regex_message]
-        else
-          validates_length_of options[:login_field], :within => 2..100
-          options[:login_field_regex] ||= /\A\w[\w\.\-_@ ]+\z/
-          options[:login_field_regex_message] ||= "use only letters, numbers, spaces, and .-_@ please."
-          validates_format_of options[:login_field], :with => options[:login_field_regex], :message => options[:login_field_regex_message]
-        end
-      
-        validates_uniqueness_of options[:login_field], :scope => options[:scope]
-        validates_uniqueness_of options[:remember_token_field]
-        validate :validate_password
-        validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
-      
-        if column_names.include?("last_request_at")
-          named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", options[:logged_in_timeout].ago]} }
-          named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", options[:logged_in_timeout].ago]} }
-        end
-      
-        before_save :get_session_information, :if => :update_sessions?
-        after_save :maintain_sessions!, :if => :update_sessions?
-      
-        # Attributes
-        attr_writer "confirm_#{options[:password_field]}"
-        attr_accessor "tried_to_set_#{options[:password_field]}"
-      
-        # Class methods
-        class_eval <<-"end_eval", __FILE__, __LINE__
-          def self.unique_token
-            # Force using the Sha512 because all that we are doing is creating a unique token, a hash is perfect for this
-            Authlogic::Sha512CryptoProvider.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
-          end
-        
-          def self.crypto_provider
-            #{options[:crypto_provider]}
-          end
-        
-          def self.forget_all!
-            # Paginate these to save on memory
-            records = nil
-            i = 0
-            begin
-              records = find(:all, :limit => 50, :offset => i)
-              records.each { |record| record.forget! }
-              i += 50
-            end while !records.blank?
-          end
-        end_eval
-      
-        # Instance methods
-        if column_names.include?("last_request_at")
-          class_eval <<-"end_eval", __FILE__, __LINE__
-            def logged_in?
-              !last_request_at.nil? && last_request_at > #{options[:logged_in_timeout].to_i}.seconds.ago
-            end
-          end_eval
-        end
-      
-        class_eval <<-"end_eval", __FILE__, __LINE__
-          def #{options[:password_field]}=(pass)
-            return if pass.blank?
-            self.tried_to_set_#{options[:password_field]} = true
-            @#{options[:password_field]} = pass
-            self.#{options[:remember_token_field]} = self.class.unique_token
-            self.#{options[:password_salt_field]} = self.class.unique_token
-            self.#{options[:crypted_password_field]} = crypto_provider.encrypt(@#{options[:password_field]} + #{options[:password_salt_field]})
-          end
-        
-          def valid_#{options[:password_field]}?(attempted_password)
-            return false if attempted_password.blank? || #{options[:crypted_password_field]}.blank? || #{options[:password_salt_field]}.blank?
-            attempted_password == #{options[:crypted_password_field]} ||
-              (crypto_provider.respond_to?(:decrypt) && crypto_provider.decrypt(#{options[:crypted_password_field]}) == attempted_password + #{options[:password_salt_field]}) ||
-              (!crypto_provider.respond_to?(:decrypt) && crypto_provider.encrypt(attempted_password + #{options[:password_salt_field]}) == #{options[:crypted_password_field]})
-          end
-        end_eval
-      
-        class_eval <<-"end_eval", __FILE__, __LINE__
-          def #{options[:password_field]}; end
-          def confirm_#{options[:password_field]}; end
-        
-          def crypto_provider
-            self.class.crypto_provider
-          end
-        
-          def forget!
-            self.#{options[:remember_token_field]} = self.class.unique_token
-            save_without_session_maintenance(false)
-          end
-        
-          def reset_#{options[:password_field]}!
-            chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
-            newpass = ""
-            1.upto(10) { |i| newpass << chars[rand(chars.size-1)] }
-            self.#{options[:password_field]} = newpass
-            self.confirm_#{options[:password_field]} = newpass
-            save_without_session_maintenance(false)
-          end
-          alias_method :randomize_password!, :reset_password!
-        
-          def save_without_session_maintenance(*args)
-            @skip_session_maintenance = true
-            result = save(*args)
-            @skip_session_maintenance = false
-            result
-          end
-        
-          protected
-            def update_sessions?
-              !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{options[:remember_token_field]}_changed?
-            end
-          
-            def get_session_information
-              # Need to determine if we are completely logged out, or logged in as another user
-              @_sessions = []
-              @_logged_out = true
-            
-              #{options[:session_ids].inspect}.each do |session_id|
-                session = #{options[:session_class]}.find(*[session_id].compact)
-                if session
-                  if !session.record.blank?
-                    @_logged_out = false
-                    @_sessions << session if session.record == self
-                  end
-                end
-              end
-            end
-          
-            def maintain_sessions!
-              if @_logged_out
-                create_session!
-              elsif !@_sessions.blank?
-                update_sessions!
-              end
-            end
-          
-            def create_session!
-              # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
-              # that need to be created after logging into the main session.
-              session_id = #{options[:session_ids].inspect}.first
-            
-              # If we are already logged in, ignore this completely. All that we care about is updating ourself.
-              next if #{options[:session_class]}.find(*[session_id].compact)
-                          
-              # Log me in
-              args = [self, session_id].compact
-              #{options[:session_class]}.create(*args)
-            end
-          
-            def update_sessions!
-              # We found sessions above, let's update them with the new info
-              @_sessions.each do |stale_session|
-                stale_session.unauthorized_record = self
-                stale_session.save
-              end
-            end
-          
-            def tried_to_set_password?
-              tried_to_set_password == true
-            end
-          
-            def validate_password
-              if new_record? || tried_to_set_#{options[:password_field]}?
-                if @#{options[:password_field]}.blank?
-                  errors.add(:#{options[:password_field]}, "can not be blank")
-                else
-                  errors.add(:confirm_#{options[:password_field]}, "did not match") if @confirm_#{options[:password_field]} != @#{options[:password_field]}
-                end
-              end
-            end
-        end_eval
-      end
-    end
-  end
-end
-
-ActiveRecord::Base.extend Authlogic::ActiveRecord::ActsAsAuthentic

data/lib/authlogic/active_record/authenticates_many.rb

@@ -1,56 +0,0 @@
-module Authlogic
-  module ActiveRecord
-    # = Authenticates Many
-    #
-    # This allows you to scope your authentication. For example, let's say all users belong to an account, you want to make sure only users
-    # that belong to that account can actually login into that account. Simple, just do:
-    #
-    #   class Account < ActiveRecord::Base
-    #     authenticates_many :user_sessions
-    #   end
-    #
-    # Now you can scope sessions just like everything else in ActiveRecord:
-    #
-    #   @account.user_sessions.new(*args)
-    #   @account.user_sessions.create(*args)
-    #   @account.user_sessions.find(*args)
-    #   # ... etc
-    #
-    # For more information on scopes check out the scopes section in the README.
-    module AuthenticatesMany
-      # Allows you set essentially set up a relationship with your sessions. See module definition above for more details.
-      #
-      # === Options
-      #
-      # * <tt>session_class:</tt> default: "#{name}Session",
-      #   This is the related session class.
-      #   
-      # * <tt>relationship_name:</tt> default: options[:session_class].klass_name.underscore.pluralize,
-      #   This is the name of the relationship you want to use to scope everything. For example an Account has many Users. There should be a relationship
-      #   called :users that you defined with a has_many. The reason we use the relationship is so you don't have to repeat yourself. The relatonship
-      #   could have all kinds of custom options. So instead of repeating yourself we essentially use the scope that the relationship creates.
-      #
-      # * <tt>find_options:</tt> default: nil,
-      #   By default the find options are created from the relationship you specify with :relationship_name. But if you want to override this and
-      #   manually specify find_options you can do it here. Specify options just as you would in ActiveRecord::Base.find.
-      #
-      # * <tt>scope_cookies:</tt> default: false
-      #   By the nature of cookies they scope theirself if you are using subdomains to access accounts. If you aren't using subdomains you need to have
-      #   separate cookies for each account, assuming a user is logging into mroe than one account. Authlogic can take care of this for you by
-      #   prefixing the name of the cookie and sessin with the model id. You just need to tell Authlogic to do this by passing this option.
-      def authenticates_many(name, options = {})
-        options[:session_class] ||= name.to_s.classify.constantize
-        options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
-        class_eval <<-"end_eval", __FILE__, __LINE__
-          def #{name}
-            find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scope(:find)
-            find_options.delete_if { |key, value| ![:conditions, :include, :joins].include?(key.to_sym) || value.nil? }
-            @#{name} ||= Authlogic::ActiveRecord::ScopedSession.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
-          end
-        end_eval
-      end
-    end
-  end
-end
-
-ActiveRecord::Base.extend Authlogic::ActiveRecord::AuthenticatesMany

data/lib/authlogic/sha512_crypto_provider.rb

@@ -1,18 +0,0 @@
-require "digest/sha2"
-
-module Authlogic
-  # = Sha512 Crypto Provider
-  #
-  # The acts_as_authentic method allows you to pass a :crypto_provider option. This allows you to use any type of encryption you like. Just create a class with a class level encrypt and decrypt method.
-  # The password will be passed as the single parameter to each of these methods so you can do your magic.
-  #
-  # If you are encrypting via a hash just don't include a decrypt method, since hashes can't be decrypted. Authlogic will notice this adjust accordingly.
-  class Sha512CryptoProvider
-    STRETCHES = 20
-    def self.encrypt(pass)
-      digest = pass
-      STRETCHES.times { digest = Digest::SHA512.hexdigest(digest) }
-      digest
-    end
-  end
-end

data/test/active_record_acts_as_authentic_test.rb

@@ -1,213 +0,0 @@
-require File.dirname(__FILE__) + '/test_helper.rb'
-
-class ActiveRecordActsAsAuthenticTest < ActiveSupport::TestCase
-  def test_user_validations
-    user = User.new
-    assert !user.valid?
-    assert user.errors.on(:login)
-    assert user.errors.on(:password)
-    
-    user.login = "a"
-    assert !user.valid?
-    assert user.errors.on(:login)
-    assert user.errors.on(:password)
-    
-    user.login = "%ben*"
-    assert !user.valid?
-    assert user.errors.on(:login)
-    assert user.errors.on(:password)
-    
-    user.login = "bjohnson"
-    assert !user.valid?
-    assert user.errors.on(:login)
-    assert user.errors.on(:password)
-    
-    user.login = "my login"
-    assert !user.valid?
-    assert !user.errors.on(:login)
-    assert user.errors.on(:password)
-    
-    user.password = "my pass"
-    assert !user.valid?
-    assert !user.errors.on(:password)
-    assert user.errors.on(:confirm_password)
-    
-    user.confirm_password = "my pizass"
-    assert !user.valid?
-    assert !user.errors.on(:password)
-    assert user.errors.on(:confirm_password)
-    
-    user.confirm_password = "my pass"
-    assert user.valid?
-  end
-  
-  def test_employee_validations
-    employee = Employee.new
-    employee.password = "pass"
-    employee.confirm_password = "pass"
-    
-    assert !employee.valid?
-    assert employee.errors.on(:email)
-    
-    employee.email = "fdsf"
-    assert !employee.valid?
-    assert employee.errors.on(:email)
-    
-    employee.email = "fake@email.fake"
-    assert !employee.valid?
-    assert employee.errors.on(:email)
-    
-    employee.email = "notfake@email.com"
-    assert employee.valid?
-  end
-  
-  def test_named_scopes
-    assert_equal 0, User.logged_in.count
-    assert_equal User.count, User.logged_out.count
-    http_basic_auth_for(users(:ben)) { UserSession.find }
-    assert_equal 1, User.logged_in.count
-    assert_equal User.count - 1, User.logged_out.count
-  end
-  
-  def test_unique_token
-    assert_equal 128, User.unique_token.length
-    assert_equal 128, Employee.unique_token.length # make sure encryptions use hashes also
-    
-    unique_tokens = []
-    1000.times { unique_tokens << User.unique_token }
-    unique_tokens.uniq!
-    
-    assert_equal 1000, unique_tokens.size
-  end
-  
-  def test_crypto_provider
-    assert_equal Authlogic::Sha512CryptoProvider, User.crypto_provider
-    assert_equal AES128CryptoProvider, Employee.crypto_provider
-  end
-  
-  def test_forget_all
-    http_basic_auth_for(users(:ben)) { UserSession.find }
-    http_basic_auth_for(users(:zack)) { UserSession.find(:ziggity_zack) }
-    assert UserSession.find
-    assert UserSession.find(:ziggity_zack)
-    User.forget_all!
-    assert !UserSession.find
-    assert !UserSession.find(:ziggity_zack)
-  end
-  
-  def test_logged_in
-    ben = users(:ben)
-    assert !ben.logged_in?
-    http_basic_auth_for(ben) { UserSession.find }
-    assert ben.reload.logged_in?
-  end
-  
-  def test_password
-    user = User.new
-    user.password = "sillywilly"
-    assert user.crypted_password
-    assert user.password_salt
-    assert user.remember_token
-    assert_equal true, user.tried_to_set_password
-    assert_equal nil, user.password
-    
-    employee = Employee.new
-    employee.password = "awesome"
-    assert employee.crypted_password
-    assert employee.remember_token
-    assert_equal true, employee.tried_to_set_password
-    assert_equal nil, employee.password
-  end
-  
-  def test_valid_password
-    ben = users(:ben)
-    assert ben.valid_password?("benrocks")
-    assert ben.valid_password?(ben.crypted_password)
-    
-    drew = employees(:drew)
-    assert drew.valid_password?("drewrocks")
-    assert drew.valid_password?(drew.crypted_password)
-  end
-  
-  def test_forget
-    ben = users(:ben)
-    zack = users(:zack)
-    http_basic_auth_for(ben) { UserSession.find }
-    http_basic_auth_for(zack) { UserSession.find(:ziggity_zack) }
-    
-    assert ben.reload.logged_in?
-    assert zack.reload.logged_in?
-    
-    ben.forget!
-    
-    assert !UserSession.find
-    assert UserSession.find(:ziggity_zack)
-  end
-  
-  def test_reset_password
-    ben = users(:ben)
-    UserSession.create(ben)
-    old_password = ben.crypted_password
-    old_salt = ben.password_salt
-    old_remember_token = ben.remember_token
-    ben.reset_password!
-    ben.reload
-    assert_not_equal old_password, ben.crypted_password
-    assert_not_equal old_salt, ben.password_salt
-    assert_not_equal old_remember_token, ben.remember_token
-    assert !UserSession.find
-  end
-  
-  def test_login_after_create
-    assert User.create(:login => "awesome", :password => "saweet", :confirm_password => "saweet")
-    assert UserSession.find
-  end
-  
-  def test_update_session_after_password_modify
-    ben = users(:ben)
-    UserSession.create(ben)
-    old_session_key = @controller.session["user_credentials"]
-    old_cookie_key = @controller.cookies["user_credentials"]
-    ben.password = "newpass"
-    ben.confirm_password = "newpass"
-    ben.save
-    assert @controller.session["user_credentials"]
-    assert @controller.cookies["user_credentials"]
-    assert_not_equal @controller.session["user_credentials"], old_session_key
-    assert_not_equal @controller.cookies["user_credentials"], old_cookie_key
-  end
-  
-  def test_no_session_update_after_modify
-    ben = users(:ben)
-    UserSession.create(ben)
-    old_session_key = @controller.session["user_credentials"]
-    old_cookie_key = @controller.cookies["user_credentials"]
-    ben.first_name = "Ben"
-    ben.save
-    assert_equal @controller.session["user_credentials"], old_session_key
-    assert_equal @controller.cookies["user_credentials"], old_cookie_key
-  end
-  
-  def test_updating_other_user
-    ben = users(:ben)
-    UserSession.create(ben)
-    old_session_key = @controller.session["user_credentials"]
-    old_cookie_key = @controller.cookies["user_credentials"]
-    zack = users(:zack)
-    zack.password = "newpass"
-    zack.confirm_password = "newpass"
-    zack.save
-    assert_equal @controller.session["user_credentials"], old_session_key
-    assert_equal @controller.cookies["user_credentials"], old_cookie_key
-  end
-  
-  def test_resetting_password_when_logged_out
-    ben = users(:ben)
-    assert !UserSession.find
-    ben.password = "newpass"
-    ben.confirm_password = "newpass"
-    ben.save
-    assert UserSession.find
-    assert_equal ben, UserSession.find.record
-  end
-end