authlogic 1.1.0 → 1.1.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of authlogic might be problematic. Click here for more details.

Files changed (39) hide show
  1. data/CHANGELOG.rdoc +11 -2
  2. data/Manifest +9 -3
  3. data/README.rdoc +32 -7
  4. data/Rakefile +1 -1
  5. data/authlogic.gemspec +4 -7
  6. data/lib/authlogic.rb +2 -4
  7. data/lib/authlogic/controller_adapters/abstract_adapter.rb +4 -0
  8. data/lib/authlogic/controller_adapters/rails_adapter.rb +4 -0
  9. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb +2 -76
  10. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb +132 -0
  11. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb +77 -116
  12. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb +35 -24
  13. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb +51 -44
  14. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb +64 -54
  15. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb +61 -0
  16. data/lib/authlogic/session/base.rb +20 -9
  17. data/lib/authlogic/session/config.rb +54 -63
  18. data/lib/authlogic/session/cookies.rb +2 -2
  19. data/lib/authlogic/session/params.rb +9 -6
  20. data/lib/authlogic/session/session.rb +3 -3
  21. data/lib/authlogic/version.rb +1 -1
  22. data/shoulda_macros/authlogic.rb +13 -0
  23. data/test/fixtures/employees.yml +2 -2
  24. data/test/fixtures/users.yml +2 -0
  25. data/test/libs/mock_controller.rb +5 -0
  26. data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb +36 -0
  27. data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb +129 -0
  28. data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb +24 -0
  29. data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb +45 -0
  30. data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb +62 -0
  31. data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb +41 -0
  32. data/test/session_tests/base_test.rb +15 -0
  33. data/test/session_tests/config_test.rb +31 -14
  34. data/test/session_tests/params_test.rb +17 -1
  35. data/test/test_helper.rb +10 -2
  36. metadata +18 -17
  37. data/lib/authlogic/session/openid.rb +0 -106
  38. data/lib/authlogic/testing/shoulda_macros.rb +0 -17
  39. data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb +0 -217
data/CHANGELOG.rdoc CHANGED
@@ -1,4 +1,13 @@
1
- == 1.1.0 released 2008-11-05
1
+ == 1.1.1 released 2008-11-13
2
+
3
+ * Removed ActiveRecord dependency.
4
+ * Removed loading shoulda macros by default, moved to shoulda_macros dir.
5
+ * Modified how params access works. Added in single_access_token_field which params now uses. See the single access section in the README. Various configuration options added as well.
6
+ * Cleaned up acts_as_authentic configuration, added new config module to do this.
7
+ * Cleaned up acts_as_authentic tests
8
+ * Moved acts_as_authentic sub modules into the proper name spaces
9
+
10
+ == 1.1.0 released 2008-11-13
2
11
 
3
12
  * Moved Rack standards into abstract_adapter for the controllers.
4
13
  * Added authenticating_with_credentials?, authenticating_with_unauthorized_record?
@@ -7,7 +16,7 @@
7
16
  * Moved ActiveRecord additions to ORM Adapters name space to make way for Data Mapper.
8
17
  * Reorganized and modified acts_as_authentic to be free standing and not get info from the related session.
9
18
  * The session now gets its configuration from the model, since determining which fields are present is ORM specific.
10
- * Extracted session and cookie logic into their own modules.
19
+ * Extracted session and cookie logic into their own modules for Session.
11
20
  * Moved crypto providers into their own module and added a Sha1 provider to help with the restful_authentication transition.
12
21
  * Allow the unique_token method to use the alternate crypto_provider if it is a hash algorithm, otherwise default to Sha512.
13
22
  * Added last_request_at_threshold configuration option.
data/Manifest CHANGED
@@ -5,10 +5,12 @@ lib/authlogic/controller_adapters/merb_adapter.rb
5
5
  lib/authlogic/controller_adapters/rails_adapter.rb
6
6
  lib/authlogic/crypto_providers/sha1.rb
7
7
  lib/authlogic/crypto_providers/sha512.rb
8
+ lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb
8
9
  lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb
9
10
  lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb
10
11
  lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb
11
12
  lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb
13
+ lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb
12
14
  lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb
13
15
  lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb
14
16
  lib/authlogic/session/active_record_trickery.rb
@@ -18,17 +20,16 @@ lib/authlogic/session/callbacks.rb
18
20
  lib/authlogic/session/config.rb
19
21
  lib/authlogic/session/cookies.rb
20
22
  lib/authlogic/session/errors.rb
21
- lib/authlogic/session/openid.rb
22
23
  lib/authlogic/session/params.rb
23
24
  lib/authlogic/session/scopes.rb
24
25
  lib/authlogic/session/session.rb
25
- lib/authlogic/testing/shoulda_macros.rb
26
26
  lib/authlogic/version.rb
27
27
  lib/authlogic.rb
28
28
  Manifest
29
29
  MIT-LICENSE
30
30
  Rakefile
31
31
  README.rdoc
32
+ shoulda_macros/authlogic.rb
32
33
  test/fixtures/companies.yml
33
34
  test/fixtures/employees.yml
34
35
  test/fixtures/projects.yml
@@ -38,7 +39,12 @@ test/libs/mock_controller.rb
38
39
  test/libs/mock_cookie_jar.rb
39
40
  test/libs/mock_request.rb
40
41
  test/libs/ordered_hash.rb
41
- test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb
42
+ test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb
43
+ test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb
44
+ test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb
45
+ test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb
46
+ test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb
47
+ test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb
42
48
  test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb
43
49
  test/session_tests/active_record_trickery_test.rb
44
50
  test/session_tests/authenticates_many_association_test.rb
data/README.rdoc CHANGED
@@ -31,7 +31,7 @@ What if your user sessions controller could look just like your other controller
31
31
  end
32
32
 
33
33
  def destroy
34
- @user_session.destroy
34
+ current_user_session.destroy
35
35
  end
36
36
  end
37
37
 
@@ -51,12 +51,17 @@ Look familiar? If you didn't know any better, you would think UserSession was an
51
51
  Or how about persisting the session...
52
52
 
53
53
  class ApplicationController
54
- before_filter :load_user
54
+ helper_method :current_user_session, :current_user
55
55
 
56
56
  protected
57
- def load_user
58
- @user_session = UserSession.find
59
- @current_user = @user_session && @user_session.user
57
+ def current_user_session
58
+ return @current_user_session if defined?(@current_user_session)
59
+ @current_user_session = UserSession.find
60
+ end
61
+
62
+ end current_user
63
+ return @current_user if defined?(@current_user)
64
+ @current_user = current_user_session && current_user_session.user
60
65
  end
61
66
  end
62
67
 
@@ -78,7 +83,7 @@ Install the gem / plugin (recommended)
78
83
  Now add the gem dependency in your config:
79
84
 
80
85
  # config/environment.rb
81
- config.gem :authlogic
86
+ config.gem "authlogic"
82
87
 
83
88
  Or you install this as a plugin (for older versions of rails)
84
89
 
@@ -111,7 +116,7 @@ The user model needs to have the following columns. The names of these columns c
111
116
  Make sure you have a model that you will be authenticating with. For this example let's say you have a User model:
112
117
 
113
118
  class User < ActiveRecord::Base
114
- acts_as_authentic # for options see documentation: Authlogic::ActsAsAuthentic::ClassMethods
119
+ acts_as_authentic # for options see documentation: Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Config
115
120
  end
116
121
 
117
122
  Done! Now go use it just like you would with any other ActiveRecord model. Either glance at the code at the beginning of this readme or check out the tutorial (see above in "helpful links") for a more detailed walk through.
@@ -179,6 +184,26 @@ This will keep everything separate. The :secure session will store its info in a
179
184
 
180
185
  For more information on ids checkout Authlogic::Session::Base#initialize
181
186
 
187
+ == Single Access / Private Feeds Access
188
+
189
+ Need to provide a single / one time access to an account where the session does NOT get persisted? Take a private feed for example, if everyone followed standards basic http auth should work just fine, but since we live in a world where following standards is a hard concept (*cough* Microsoft *cough*), the feed url needs to have some sort of "credentials" to log the user in and get their user specific feed items. This is easy, Authlogic has a nifty little feature for doing just this. All that you need to do is add the following field in your table:
190
+
191
+ t.string :single_access_token, :null => false # or call it feeds_token or feed_token
192
+
193
+ Authlogic will notice you have this and adjust accordingly. You have the follow configuration options for your session (Authlogic::Session::Config) to customize how this works:
194
+
195
+ 1. <tt>params_key:</tt> params_key is the key Authlogic will look for when trying to find your session. It works just like your cookie and session key, except this is for params. Take a UserSession: http://www.mydomin.com?user_credentials=single_access_token
196
+ 2. <tt>single_access_allowed_request_types:</tt> Single access needs to be handled with care, after all, it gives the user access to their account. But maybe you don't want to allow this for your entire application. Maybe you only want to allow this for certain request types, such as application/rss+xml or application/atom+xml. By default single access is only allowed for these requests types.
197
+ 3. <tt>single_access_token_field:</tt> This works just like remember_token_field. It basically allows you to name the column that the single_access_token is stored in.
198
+ 4. change_single_access_token_with_password
199
+
200
+ You also have the following options when calling acts_as_authentic (Authlogic::ORMAdapters::ActiveRecordAdapter::Config):
201
+
202
+ 1. <tt>single_access_token_field:</tt> Works the same as remember_token field.
203
+ 2. <tt>change_single_access_token_with_password:</tt> If the user changes their password do you want to change the single access token as well? This will require that they re-add the feed with the new token, as their old URL will not longer work. It's really up to you if you want to do this. The other alternative is to provide an option when they are changing their password to change their "feed token" as well. You can call user.reset_single_access_token to do this yourself.
204
+
205
+ Please use this with care and make sure you warn your users that the URL you provide them is to remain private. Even if Billy 13 year old gets this URL and tries to log in, the only way he can login is through a GET or POST parameter with an rss or atom request. Billy can't create a cookie with this token and Billy wont have access to anything else on the site, unless you change the above configuration.
206
+
182
207
  == Scoping
183
208
 
184
209
  Scoping with authentication is a little tricky because it can come in many different flavors:
data/Rakefile CHANGED
@@ -10,6 +10,6 @@ Echoe.new 'authlogic' do |p|
10
10
  p.project = 'authlogic'
11
11
  p.summary = "A clean, simple, and unobtrusive ruby authentication solution."
12
12
  p.url = "http://github.com/binarylogic/authlogic"
13
- p.dependencies = %w(activesupport activerecord)
13
+ p.dependencies = %w(activesupport)
14
14
  p.include_rakefile = true
15
15
  end
data/authlogic.gemspec CHANGED
@@ -1,14 +1,14 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = %q{authlogic}
3
- s.version = "1.1.0"
3
+ s.version = "1.1.1"
4
4
 
5
5
  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
6
6
  s.authors = ["Ben Johnson of Binary Logic"]
7
7
  s.date = %q{2008-11-13}
8
8
  s.description = %q{A clean, simple, and unobtrusive ruby authentication solution.}
9
9
  s.email = %q{bjohnson@binarylogic.com}
10
- s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/openid.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/testing/shoulda_macros.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "README.rdoc"]
11
- s.files = ["CHANGELOG.rdoc", "init.rb", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/openid.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/testing/shoulda_macros.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "Manifest", "MIT-LICENSE", "Rakefile", "README.rdoc", "test/fixtures/companies.yml", "test/fixtures/employees.yml", "test/fixtures/projects.yml", "test/fixtures/users.yml", "test/libs/aes128_crypto_provider.rb", "test/libs/mock_controller.rb", "test/libs/mock_cookie_jar.rb", "test/libs/mock_request.rb", "test/libs/ordered_hash.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb", "authlogic.gemspec"]
10
+ s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "README.rdoc"]
11
+ s.files = ["CHANGELOG.rdoc", "init.rb", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "Manifest", "MIT-LICENSE", "Rakefile", "README.rdoc", "shoulda_macros/authlogic.rb", "test/fixtures/companies.yml", "test/fixtures/employees.yml", "test/fixtures/projects.yml", "test/fixtures/users.yml", "test/libs/aes128_crypto_provider.rb", "test/libs/mock_controller.rb", "test/libs/mock_cookie_jar.rb", "test/libs/mock_request.rb", "test/libs/ordered_hash.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb", "authlogic.gemspec"]
12
12
  s.has_rdoc = true
13
13
  s.homepage = %q{http://github.com/binarylogic/authlogic}
14
14
  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Authlogic", "--main", "README.rdoc"]
@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
16
16
  s.rubyforge_project = %q{authlogic}
17
17
  s.rubygems_version = %q{1.2.0}
18
18
  s.summary = %q{A clean, simple, and unobtrusive ruby authentication solution.}
19
- s.test_files = ["test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb"]
19
+ s.test_files = ["test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb"]
20
20
 
21
21
  if s.respond_to? :specification_version then
22
22
  current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
@@ -24,16 +24,13 @@ Gem::Specification.new do |s|
24
24
 
25
25
  if current_version >= 3 then
26
26
  s.add_runtime_dependency(%q<activesupport>, [">= 0"])
27
- s.add_runtime_dependency(%q<activerecord>, [">= 0"])
28
27
  s.add_development_dependency(%q<echoe>, [">= 0"])
29
28
  else
30
29
  s.add_dependency(%q<activesupport>, [">= 0"])
31
- s.add_dependency(%q<activerecord>, [">= 0"])
32
30
  s.add_dependency(%q<echoe>, [">= 0"])
33
31
  end
34
32
  else
35
33
  s.add_dependency(%q<activesupport>, [">= 0"])
36
- s.add_dependency(%q<activerecord>, [">= 0"])
37
34
  s.add_dependency(%q<echoe>, [">= 0"])
38
35
  end
39
36
  end
data/lib/authlogic.rb CHANGED
@@ -15,6 +15,8 @@ if defined?(ActiveRecord)
15
15
  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in"
16
16
  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence"
17
17
  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance"
18
+ require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access"
19
+ require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config" # call this last so the configuration options are passed down the chain
18
20
  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/authenticates_many"
19
21
  end
20
22
 
@@ -24,21 +26,17 @@ require File.dirname(__FILE__) + "/authlogic/session/callbacks"
24
26
  require File.dirname(__FILE__) + "/authlogic/session/config"
25
27
  require File.dirname(__FILE__) + "/authlogic/session/cookies"
26
28
  require File.dirname(__FILE__) + "/authlogic/session/errors"
27
- #require File.dirname(__FILE__) + "/authlogic/session/openid"
28
29
  require File.dirname(__FILE__) + "/authlogic/session/params"
29
30
  require File.dirname(__FILE__) + "/authlogic/session/session"
30
31
  require File.dirname(__FILE__) + "/authlogic/session/scopes"
31
32
  require File.dirname(__FILE__) + "/authlogic/session/base"
32
33
 
33
- require File.dirname(__FILE__) + "/authlogic/testing/shoulda_macros"
34
-
35
34
  module Authlogic
36
35
  module Session
37
36
  class Base
38
37
  include ActiveRecordTrickery
39
38
  include Callbacks
40
39
  include Cookies
41
- #include OpenID
42
40
  include Params
43
41
  include Session
44
42
  include Scopes
@@ -30,6 +30,10 @@ module Authlogic
30
30
  controller.request
31
31
  end
32
32
 
33
+ def request_content_type
34
+ request.content_type
35
+ end
36
+
33
37
  def session
34
38
  controller.session
35
39
  end
@@ -12,6 +12,10 @@ module Authlogic
12
12
  controller.send(:cookies)
13
13
  end
14
14
 
15
+ def request_content_type
16
+ request.format.to_s
17
+ end
18
+
15
19
  # = Rails Implementation
16
20
  # Lets Authlogic know about the controller object, AKA "activates" authlogic.
17
21
  module RailsImplementation
@@ -2,84 +2,10 @@ module Authlogic
2
2
  module ORMAdapters # :nodoc:
3
3
  module ActiveRecordAdapter # :nodoc:
4
4
  # = Acts As Authentic
5
- # Provides the acts_as_authentic method to include in your models to help with authentication. See method below.
5
+ # Provides the acts_as_authentic method to include in your models to help with authentication. See sub modules for more information.
6
6
  module ActsAsAuthentic
7
- # Call this method in your model to add in basic authentication madness that your authlogic session expects.
8
- #
9
- # === Methods
10
- # For example purposes lets assume you have a User model.
11
- #
12
- # Class method name Description
13
- # User.crypto_provider The class that you set in your :crypto_provider option
14
- # User.forget_all! Finds all records, loops through them, and calls forget! on each record. This is paginated to save on memory.
15
- # User.unique_token returns unique token generated by your :crypto_provider
16
- #
17
- # Named Scopes
18
- # User.logged_in Find all users who are logged in, based on your :logged_in_timeout option.
19
- # User.logged_out Same as above, but logged out.
20
- #
21
- # Isntace method name
22
- # user.password= Method name based on the :password_field option. This is used to set the password. Pass the *raw* password to this.
23
- # user.confirm_password= Confirms the password, needed to change the password.
24
- # user.valid_password?(pass) Determines if the password passed is valid. The password could be encrypted or raw.
25
- # user.reset_password Resets the password to a random password using only letters and numbers.
26
- # user.reset_password! The same as reset_password but saves the record.
27
- # user.logged_in? Based on the :logged_in_timeout option. Tells you if the user is logged in or not.
28
- # user.forget! Changes their remember token, making their cookie and session invalid. A way to log the user out withouth changing their password.
29
- #
30
- # === Options
31
- #
32
- # * <tt>session_class:</tt> default: "#{name}Session",
33
- # This is the related session class. A lot of the configuration will be based off of the configuration values of this class.
34
- #
35
- # * <tt>crypto_provider:</tt> default: Authlogic::CryptoProviders::Sha512,
36
- # This is the class that provides your encryption. By default Authlogic provides its own crypto provider that uses Sha512 encrypton.
37
- #
38
- # * <tt>login_field:</tt> default: options[:session_class].login_field,
39
- # The name of the field used for logging in, this is guess based on what columns are in your db. Only specify if you aren't using:
40
- # login, username, or email
41
- #
42
- # * <tt>login_field_type:</tt> default: options[:login_field] == :email ? :email : :login,
43
- # Tells authlogic how to validation the field, what regex to use, etc. If the field name is email it will automatically use email,
44
- # otherwise it uses login.
45
- #
46
- # * <tt>login_field_regex:</tt> default: if email then typical email regex, otherwise typical login regex.
47
- # This is used in validates_format_of for the login_field.
48
- #
49
- # * <tt>login_field_regex_message:</tt> the message to use when the validates_format_of for the login field fails.
50
- #
51
- # * <tt>password_field:</tt> default: options[:session_class].password_field,
52
- # This is the name of the field to set the password, *NOT* the field the encrypted password is stored.
53
- #
54
- # * <tt>crypted_password_field:</tt> default: depends on which columns are present,
55
- # The name of the database field where your encrypted password is stored. If the name of the field is different from any of the following
56
- # you need to specify it with this option: crypted_password, encrypted_password, password_hash, pw_hash
57
- #
58
- # * <tt>password_salt_field:</tt> default: depends on which columns are present,
59
- # This is the name of the field in your database that stores your password salt. If the name of the field is different from any of the
60
- # following then you need to specify it with this option: password_salt, pw_salt, salt
61
- #
62
- # * <tt>remember_token_field:</tt> default: options[:session_class].remember_token_field,
63
- # This is the name of the field your remember_token is stored. The remember token is a unique token that is stored in the users cookie and
64
- # session. This way you have complete control of when session expire and you don't have to change passwords to expire sessions. This also
65
- # ensures that stale sessions can not be persisted. By stale, I mean sessions that are logged in using an outdated password. If the name
66
- # of the field is anything other than the following you need to specify it with this option: remember_token, remember_key, cookie_token,
67
- # cookie_key
68
- #
69
- # * <tt>scope:</tt> default: nil,
70
- # This scopes validations. If all of your users belong to an account you might want to scope everything to the account. Just pass :account_id
71
- #
72
- # * <tt>logged_in_timeout:</tt> default: 10.minutes,
73
- # This is really just a nifty feature to tell if a user is logged in or not. It's based on activity. So if the user in inactive longer than
74
- # the value you pass here they are assumed "logged out".
75
- #
76
- # * <tt>session_ids:</tt> default: [nil],
77
- # The sessions that we want to automatically reset when a user is created or updated so you don't have to worry about this. Set to [] to disable.
78
- # Should be an array of ids. See the Authlogic::Session documentation for information on ids. The order is important.
79
- # The first id should be your main session, the session they need to log into first. This is generally nil. When you don't specify an id
80
- # in your session you are really just inexplicitly saying you want to use the id of nil.
7
+ # All logic for this method is split up into sub modules. This a stub to create a method chain off of and provide documentation. See sub modules for more details.
81
8
  def acts_as_authentic(options = {})
82
- # All logic for this method is split up into sub modules. This a stub to create a method chain off of and provide documentation.
83
9
  end
84
10
  end
85
11
  end
@@ -0,0 +1,132 @@
1
+ module Authlogic
2
+ module ORMAdapters
3
+ module ActiveRecordAdapter
4
+ module ActsAsAuthentic
5
+ # = Config
6
+ #
7
+ # Allows you to set various configuration when calling acts_as_authentic. Pass your configuration like the following:
8
+ #
9
+ # class User < ActiveRecord::Base
10
+ # acts_as_authentic :my_option => "my value"
11
+ # end
12
+ #
13
+ # === Class Methods
14
+ #
15
+ # * <tt>acts_as_authentic_config</tt> - returns a hash of the acts_as_authentic configuration, including the defaults
16
+ #
17
+ # === Options
18
+ #
19
+ # * <tt>session_class</tt> - default: "#{name}Session",
20
+ # This is the related session class. A lot of the configuration will be based off of the configuration values of this class.
21
+ #
22
+ # * <tt>crypto_provider</tt> - default: Authlogic::CryptoProviders::Sha512,
23
+ # This is the class that provides your encryption. By default Authlogic provides its own crypto provider that uses Sha512 encrypton.
24
+ #
25
+ # * <tt>login_field</tt> - default: :login, :username, or :email, depending on which column is present, if none are present defaults to :login
26
+ # The name of the field used for logging in. Only specify if you aren't using any of the defaults.
27
+ #
28
+ # * <tt>login_field_type</tt> - default: options[:login_field] == :email ? :email : :login,
29
+ # Tells authlogic how to validation the field, what regex to use, etc. If the field name is email it will automatically use :email,
30
+ # otherwise it uses :login.
31
+ #
32
+ # * <tt>login_field_regex</tt> - default: if :login_field_type is :email then typical email regex, otherwise typical login regex.
33
+ # This is used in validates_format_of for the :login_field.
34
+ #
35
+ # * <tt>login_field_regex_failed_message</tt> - the message to use when the validates_format_of for the login field fails. This depends on if you are
36
+ # performing :email or :login regex.
37
+ #
38
+ # * <tt>change_single_access_token_with_password</tt> - default: false,
39
+ # When a user changes their password do you want the single access token to change as well? That's what this configuration option is all about.
40
+ #
41
+ # * <tt>single_access_token_field</tt> - default: :single_access_token, :feed_token, or :feeds_token, depending on which column is present,
42
+ # This is the name of the field to login with single access, mainly used for private feed access. Only specify if the name of the field is different
43
+ # then the defaults. See the "Single Access" section in the README for more details on how single access works.
44
+ #
45
+ # * <tt>password_field</tt> - default: :password,
46
+ # This is the name of the field to set the password, *NOT* the field the encrypted password is stored. Defaults the what the configuration
47
+ #
48
+ # * <tt>crypted_password_field</tt> - default: depends on which columns are present,
49
+ # The name of the database field where your encrypted password is stored. If the name of the field is different from any of the following
50
+ # you need to specify it with this option: crypted_password, encrypted_password, password_hash, pw_hash
51
+ #
52
+ # * <tt>password_blank_message</tt> - default: "can not be blank",
53
+ # The error message used when the password is left blank.
54
+ #
55
+ # * <tt>confirm_password_did_not_match_message</tt> - default: "did not match",
56
+ # The error message used when the confirm password does not match the password
57
+ #
58
+ # * <tt>password_salt_field</tt> - default: :password_salt, :pw_salt, or :salt, depending on which column is present, defaults to :password_salt if none are present,
59
+ # This is the name of the field in your database that stores your password salt.
60
+ #
61
+ # * <tt>remember_token_field</tt> - default: :remember_token, :remember_key, :cookie_tokien, or :cookie_key, depending on which column is present, defaults to :remember_token if none are present,
62
+ # This is the name of the field your remember_token is stored. The remember token is a unique token that is stored in the users cookie and
63
+ # session. This way you have complete control of when sessions expire and you don't have to change passwords to expire sessions. This also
64
+ # ensures that stale sessions can not be persisted. By stale, I mean sessions that are logged in using an outdated password.
65
+ #
66
+ # * <tt>scope</tt> - default: nil,
67
+ # This scopes validations. If all of your users belong to an account you might want to scope everything to the account. Just pass :account_id
68
+ #
69
+ # * <tt>logged_in_timeout</tt> - default: 10.minutes,
70
+ # This is a nifty feature to tell if a user is logged in or not. It's based on activity. So if the user in inactive longer than
71
+ # the value passed here they are assumed "logged out". This uses the last_request_at field, this field must be present for this option to take effect.
72
+ #
73
+ # * <tt>session_ids</tt> - default: [nil],
74
+ # The sessions that we want to automatically reset when a user is created or updated so you don't have to worry about this. Set to [] to disable.
75
+ # Should be an array of ids. See the Authlogic::Session documentation for information on ids. The order is important.
76
+ # The first id should be your main session, the session they need to log into first. This is generally nil. When you don't specify an id
77
+ # in your session you are really just inexplicitly saying you want to use the id of nil.
78
+ module Config
79
+ def first_column_to_exist(*columns_to_check) # :nodoc:
80
+ columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
81
+ columns_to_check.first ? columns_to_check.first.to_sym : nil
82
+ end
83
+
84
+ def acts_as_authentic_with_config(options = {})
85
+ options[:session_class] ||= "#{name}Session"
86
+ options[:crypto_provider] ||= CryptoProviders::Sha512
87
+ options[:login_field] ||= first_column_to_exist(:login, :username, :email)
88
+ options[:login_field_type] ||= options[:login_field] == :email ? :email : :login
89
+
90
+ case options[:login_field_type]
91
+ when :email
92
+ email_name_regex = '[\w\.%\+\-]+'
93
+ domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
94
+ domain_tld_regex = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'
95
+ options[:login_field_regex] ||= /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
96
+ options[:login_field_regex_failed_message] ||= "should look like an email address."
97
+ else
98
+ options[:login_field_regex] ||= /\A\w[\w\.\-_@ ]+\z/
99
+ options[:login_field_regex_failed_message] ||= "use only letters, numbers, spaces, and .-_@ please."
100
+ end
101
+
102
+ options[:password_field] ||= :password
103
+ options[:password_blank_message] ||= "can not be blank"
104
+ options[:confirm_password_did_not_match_message] ||= "did not match"
105
+ options[:crypted_password_field] ||= first_column_to_exist(:crypted_password, :encrypted_password, :password_hash, :pw_hash)
106
+ options[:password_salt_field] ||= first_column_to_exist(:password_salt, :pw_salt, :salt)
107
+ options[:remember_token_field] ||= first_column_to_exist(:remember_token, :remember_key, :cookie_token, :cookiey_key)
108
+ options[:single_access_token_field] ||= first_column_to_exist(nil, :single_access_token, :feed_token, :feeds_token)
109
+ options[:logged_in_timeout] ||= 10.minutes
110
+ options[:logged_in_timeout] = options[:logged_in_timeout].to_i
111
+ options[:session_ids] ||= [nil]
112
+
113
+ class_eval <<-"end_eval", __FILE__, __LINE__
114
+ def self.acts_as_authentic_config
115
+ #{options.inspect}
116
+ end
117
+ end_eval
118
+
119
+ acts_as_authentic_without_config(options)
120
+ end
121
+ end
122
+ end
123
+ end
124
+ end
125
+ end
126
+
127
+ ActiveRecord::Base.class_eval do
128
+ class << self
129
+ include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Config
130
+ alias_method_chain :acts_as_authentic, :config
131
+ end
132
+ end