RubyGems - authlogic - Versions diffs - 1.1.0 → 1.1.1 - Mend

authlogic 1.1.0 → 1.1.1

Potentially problematic release.

This version of authlogic might be problematic. Click here for more details.

Files changed (39) hide show

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb CHANGED Viewed

@@ -1,135 +1,96 @@
 module Authlogic
   module ORMAdapters
     module ActiveRecordAdapter
-      module Credentials # :nodoc:
-        def acts_as_authentic_with_credentials(options = {})
-          acts_as_authentic_without_credentials(options)
+      module ActsAsAuthentic
+        # = Credentials
+        #
+        # Handles any credential specific code, such as validating the login, encrpyting the password, etc.
+        #
+        # === Class Methods
+        #
+        # * <tt>friendly_unique_token</tt> - returns a random string of 20 alphanumeric characters. Used when resetting the password. This is a more user friendly token then a long Sha512 hash.
+        #
+        # === Instance Methods
+        #
+        # * <tt>{options[:password_field]}=(value)</tt> - encrypts a raw password and sets it to your crypted_password_field. Also sets the password_salt to a random token.
+        # * <tt>valid_{options[:password_field]}?(password_to_check)</tt> - checks is the password is valid. The password passed can be the raw password or the encrypted password.
+        # * <tt>reset_{options[:password_field]}</tt> - resets the password using the friendly_unique_token class method
+        # * <tt>reset_{options[:password_field]}!</tt> - calls reset_password and then saves the record
+        module Credentials
+          def acts_as_authentic_with_credentials(options = {})
+            acts_as_authentic_without_credentials(options)
-          # The following helps extract configuration into their specific ORM adapter and allows the Session configuration to set itself based on these values
-          class_eval <<-"end_eval", __FILE__, __LINE__
-            def self.login_field
-              @login_field ||= #{options[:login_field].inspect} ||
-              (column_names.include?("login") && :login) ||
-              (column_names.include?("username") && :username) ||
-              (column_names.include?("email") && :email) ||
-              :login
+            # Validations
+            case options[:login_field_type]
+            when :email
+              validates_length_of options[:login_field], :within => 6..100
+              validates_format_of options[:login_field], :with => options[:login_field_regex], :message => options[:login_field_regex_failed_message]
+            else
+              validates_length_of options[:login_field], :within => 2..100, :allow_blank => true
+              validates_format_of options[:login_field], :with => options[:login_field_regex], :message => options[:login_field_regex_failed_message]
             end
-            def self.password_field
-              @password_field ||= #{options[:password_field].inspect} ||
-              (column_names.include?("password") && :password) ||
-              (column_names.include?("pass") && :pass) ||
-              :password
-            end
-            def self.crypted_password_field
-              @crypted_password_field ||= #{options[:crypted_password_field].inspect} ||
-              (column_names.include?("crypted_password") && :crypted_password) ||
-              (column_names.include?("encrypted_password") && :encrypted_password) ||
-              (column_names.include?("password_hash") && :password_hash) ||
-              (column_names.include?("pw_hash") && :pw_hash) ||
-              :crypted_password
-            end
-            def self.password_salt_field
-              @password_salt_field ||= #{options[:password_salt_field].inspect} ||
-              (column_names.include?("password_salt") && :password_salt) ||
-              (column_names.include?("pw_salt") && :pw_salt) ||
-              (column_names.include?("salt") && :salt) ||
-              :password_salt
-            end
-          end_eval
-          # The following methods allow other focused modules to alter validation behavior, such as openid as an alternate login
-          unless respond_to?(:allow_blank_for_login_validations?)
-            def self.allow_blank_for_login_validations?
-              false
-            end
-          end
-          options[:crypto_provider] ||= CryptoProviders::Sha512
-          options[:login_field_type] ||= login_field == :email ? :email : :login
-          # Validations
-          case options[:login_field_type]
-          when :email
-            validates_length_of login_field, :within => 6..100
-            email_name_regex  = '[\w\.%\+\-]+'
-            domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
-            domain_tld_regex  = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'
-            options[:login_field_regex] ||= /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
-            options[:login_field_regex_message] ||= "should look like an email address."
-            validates_format_of login_field, :with => options[:login_field_regex], :message => options[:login_field_regex_message]
-          else
-            validates_length_of login_field, :within => 2..100, :allow_blank => true
-            options[:login_field_regex] ||= /\A\w[\w\.\-_@ ]+\z/
-            options[:login_field_regex_message] ||= "use only letters, numbers, spaces, and .-_@ please."
-            validates_format_of login_field, :with => options[:login_field_regex], :message => options[:login_field_regex_message]
-          end
+            validates_uniqueness_of options[:login_field], :scope => options[:scope]
+            validate :validate_password
-          validates_uniqueness_of login_field, :scope => options[:scope]
-          validate :validate_password
+            attr_writer "confirm_#{options[:password_field]}"
+            attr_accessor "tried_to_set_#{options[:password_field]}"
-          attr_writer "confirm_#{password_field}"
-          attr_accessor "tried_to_set_#{password_field}"
-          class_eval <<-"end_eval", __FILE__, __LINE__
-            def self.crypto_provider
-              #{options[:crypto_provider]}
-            end
-            def crypto_provider
-              self.class.crypto_provider
-            end
-            def #{password_field}=(pass)
-              return if pass.blank?
-              self.tried_to_set_#{password_field} = true
-              @#{password_field} = pass
-              self.#{password_salt_field} = self.class.unique_token
-              self.#{crypted_password_field} = crypto_provider.encrypt(@#{password_field} + #{password_salt_field})
-            end
+            class_eval <<-"end_eval", __FILE__, __LINE__
+              def self.friendly_unique_token
+                chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+                newpass = ""
+                1.upto(20) { |i| newpass << chars[rand(chars.size-1)] }
+                newpass
+              end
-            def valid_#{password_field}?(attempted_password)
-              return false if attempted_password.blank? || #{crypted_password_field}.blank? || #{password_salt_field}.blank?
-              attempted_password == #{crypted_password_field} ||
-                (crypto_provider.respond_to?(:decrypt) && crypto_provider.decrypt(#{crypted_password_field}) == attempted_password + #{password_salt_field}) ||
-                (!crypto_provider.respond_to?(:decrypt) && crypto_provider.encrypt(attempted_password + #{password_salt_field}) == #{crypted_password_field})
-            end
+              def #{options[:password_field]}=(pass)
+                return if pass.blank?
+                self.tried_to_set_#{options[:password_field]} = true
+                @#{options[:password_field]} = pass
+                self.#{options[:password_salt_field]} = self.class.unique_token
+                self.#{options[:crypted_password_field]} = #{options[:crypto_provider]}.encrypt(@#{options[:password_field]} + #{options[:password_salt_field]})
+              end
-            def #{password_field}; end
-            def confirm_#{password_field}; end
+              def valid_#{options[:password_field]}?(attempted_password)
+                return false if attempted_password.blank? || #{options[:crypted_password_field]}.blank? || #{options[:password_salt_field]}.blank?
+                attempted_password == #{options[:crypted_password_field]} ||
+                  (#{options[:crypto_provider]}.respond_to?(:decrypt) && #{options[:crypto_provider]}.decrypt(#{options[:crypted_password_field]}) == attempted_password + #{options[:password_salt_field]}) ||
+                  (!#{options[:crypto_provider]}.respond_to?(:decrypt) && #{options[:crypto_provider]}.encrypt(attempted_password + #{options[:password_salt_field]}) == #{options[:crypted_password_field]})
+              end
-            def reset_#{password_field}
-              chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
-              newpass = ""
-              1.upto(10) { |i| newpass << chars[rand(chars.size-1)] }
-              self.#{password_field} = newpass
-              self.confirm_#{password_field} = newpass
-            end
-            alias_method :randomize_password, :reset_password
+              def #{options[:password_field]}; end
+              def confirm_#{options[:password_field]}; end
-            def reset_#{password_field}!
-              reset_#{password_field}
-              save_without_session_maintenance(false)
-            end
-            alias_method :randomize_password!, :reset_password!
+              def reset_#{options[:password_field]}
+                friendly_token = self.class.friendly_unique_token
+                self.#{options[:password_field]} = friendly_token
+                self.confirm_#{options[:password_field]} = friendly_token
+              end
+              alias_method :randomize_password, :reset_password
-            protected
-              def tried_to_set_password?
-                tried_to_set_password == true
+              def reset_#{options[:password_field]}!
+                reset_#{options[:password_field]}
+                save_without_session_maintenance(false)
               end
+              alias_method :randomize_password!, :reset_password!
+              protected
+                def tried_to_set_password?
+                  tried_to_set_password == true
+                end
-              def validate_password
-                if new_record? || tried_to_set_#{password_field}?
-                  if @#{password_field}.blank?
-                    errors.add(:#{password_field}, "can not be blank")
-                  else
-                    errors.add(:confirm_#{password_field}, "did not match") if @confirm_#{password_field} != @#{password_field}
+                def validate_password
+                  if new_record? || tried_to_set_#{options[:password_field]}?
+                    if @#{options[:password_field]}.blank?
+                      errors.add(:#{options[:password_field]}, #{options[:password_blank_message].inspect})
+                    else
+                      errors.add(:confirm_#{options[:password_field]}, #{options[:confirm_password_did_not_match_message].inspect}) if @confirm_#{options[:password_field]} != @#{options[:password_field]}
+                    end
                   end
                 end
-              end
-          end_eval
+            end_eval
+          end
         end
       end
     end
@@ -138,7 +99,7 @@ end
 ActiveRecord::Base.class_eval do
   class << self
-    include Authlogic::ORMAdapters::ActiveRecordAdapter::Credentials
+    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Credentials
     alias_method_chain :acts_as_authentic, :credentials
   end
 end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb CHANGED Viewed

@@ -1,31 +1,42 @@
 module Authlogic
   module ORMAdapters
     module ActiveRecordAdapter
-      module LoggedIn # :nodoc:
-        def acts_as_authentic_with_logged_in(options = {})
-          acts_as_authentic_without_logged_in(options)
+      module ActsAsAuthentic
+        # = Logged In
+        #
+        # Handles all logic determining if a record is logged in or not. This uses the "last_request_at" field, if this field is not present none of this will be available.
+        #
+        # === Named Scopes
+        #
+        # * <tt>logged_in</tt> - returns all records that have a last_request_at value that is > your :logged_in_timeout.ago
+        # * <tt>logged_out</tt> - same as logged in but returns users that are logged out, be careful with using this, this can return a lot of users
+        #
+        # === Instance Methods
+        #
+        # * <tt>logged_in?</tt> - same as the logged_in named scope, but returns true if the record is logged in
+        # * <tt>logged_out?</tt> - opposite of logged_in?
+        module LoggedIn
+          def acts_as_authentic_with_logged_in(options = {})
+            acts_as_authentic_without_logged_in(options)
-          options[:logged_in_timeout] ||= 10.minutes
-          validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
-          if column_names.include?("last_request_at")
-            named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", options[:logged_in_timeout].ago]} }
-            named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", options[:logged_in_timeout].ago]} }
-          end
-          class_eval <<-"end_eval", __FILE__, __LINE__
-            def self.logged_in_timeout
-              #{options[:logged_in_timeout].to_i}.seconds
+            validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
+            if column_names.include?("last_request_at")
+              named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", options[:logged_in_timeout].ago]} }
+              named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", options[:logged_in_timeout].ago]} }
+            end
+            if column_names.include?("last_request_at")
+              class_eval <<-"end_eval", __FILE__, __LINE__
+                def logged_in?
+                  !last_request_at.nil? && last_request_at > #{options[:logged_in_timeout]}.seconds.ago
+                end
+                def logged_out?
+                  !logged_in?
+                end
+              end_eval
             end
-          end_eval
-          if column_names.include?("last_request_at")
-            class_eval <<-"end_eval", __FILE__, __LINE__
-              def logged_in?
-                !last_request_at.nil? && last_request_at > self.class.logged_in_timeout.ago
-              end
-            end_eval
           end
         end
       end
@@ -35,7 +46,7 @@ end
 ActiveRecord::Base.class_eval do
   class << self
-    include Authlogic::ORMAdapters::ActiveRecordAdapter::LoggedIn
+    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::LoggedIn
     alias_method_chain :acts_as_authentic, :logged_in
   end
 end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb CHANGED Viewed

@@ -1,53 +1,60 @@
 module Authlogic
   module ORMAdapters
     module ActiveRecordAdapter
-      module Persistence # :nodoc:
-        def acts_as_authentic_with_persistence(options = {})
-          acts_as_authentic_without_persistence(options)
+      module ActsAsAuthentic
+        # = Persistence
+        #
+        # This is responsible for all record persistence. Basically what your Authlogic session needs to persist the record's session.
+        #
+        # === Class Methods
+        #
+        # * <tt>forget_all!</tt> - resets ALL records remember_token to a unique value, requiring all users to re-login
+        # * <tt>unique_token</tt> - returns a pretty hardcore random token that is finally encrypted with a hash algorithm
+        #
+        # === Instance Methods
+        #
+        # * <tt>forget!</tt> - resets the record's remember_token which requires them to re-login
+        #
+        # === Alias Method Chains
+        #
+        # * <tt>#{options[:password_field]}</tt> - adds in functionality to reset the remember token when the password is changed
+        module Persistence
+          def acts_as_authentic_with_persistence(options = {})
+            acts_as_authentic_without_persistence(options)
-          class_eval <<-"end_eval", __FILE__, __LINE__
-            def self.remember_token_field
-              @remember_token_field ||= #{options[:remember_token_field].inspect} ||
-              (column_names.include?("remember_token") && :remember_token) ||
-              (column_names.include?("remember_key") && :remember_key) ||
-              (column_names.include?("cookie_token") && :cookie_token) ||
-              (column_names.include?("cookie_key") && :cookie_key) ||
-              :remember_token
-            end
-          end_eval
-          validates_uniqueness_of remember_token_field
-          def unique_token
-            # The remember token should be a unique string that is not reversible, which is what a hash is all about
-            # if you using encryption this defaults to Sha512.
-            token_class = crypto_provider.respond_to?(:decrypt) ? Authlogic::CryptoProviders::Sha512 : crypto_provider
-            token_class.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
-          end
-          def forget_all!
-            # Paginate these to save on memory
-            records = nil
-            i = 0
-            begin
-              records = find(:all, :limit => 50, :offset => i)
-              records.each { |record| record.forget! }
-              i += 50
-            end while !records.blank?
-          end
+            validates_uniqueness_of options[:remember_token_field]
-          class_eval <<-"end_eval", __FILE__, __LINE__
-            def forget!
-              self.#{remember_token_field} = self.class.unique_token
-              save_without_session_maintenance(false)
+            def forget_all!
+              # Paginate these to save on memory
+              records = nil
+              i = 0
+              begin
+                records = find(:all, :limit => 50, :offset => i)
+                records.each { |record| record.forget! }
+                i += 50
+              end while !records.blank?
             end
+            class_eval <<-"end_eval", __FILE__, __LINE__
+              def self.unique_token
+                # The remember token should be a unique string that is not reversible, which is what a hash is all about
+                # if you using encryption this defaults to Sha512.
+                token_class = #{options[:crypto_provider].respond_to?(:decrypt) ? Authlogic::CryptoProviders::Sha512 : options[:crypto_provider]}
+                token_class.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
+              end
-            def password_with_persistence=(value)
-              self.#{remember_token_field} = self.class.unique_token
-              self.password_without_persistence = value
-            end
-            alias_method_chain :password=, :persistence
-          end_eval
+              def forget!
+                self.#{options[:remember_token_field]} = self.class.unique_token
+                save_without_session_maintenance(false)
+              end
+              def #{options[:password_field]}_with_persistence=(value)
+                self.#{options[:remember_token_field]} = self.class.unique_token
+                self.#{options[:password_field]}_without_persistence = value
+              end
+              alias_method_chain :#{options[:password_field]}=, :persistence
+            end_eval
+          end
         end
       end
     end
@@ -56,7 +63,7 @@ end
 ActiveRecord::Base.class_eval do
   class << self
-    include Authlogic::ORMAdapters::ActiveRecordAdapter::Persistence
+    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Persistence
     alias_method_chain :acts_as_authentic, :persistence
   end
 end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb CHANGED Viewed

@@ -1,74 +1,84 @@
 module Authlogic
   module ORMAdapters
     module ActiveRecordAdapter
-      module SessionMaintenance # :nodoc:
-        def acts_as_authentic_with_session_maintenance(options = {})
-          acts_as_authentic_without_session_maintenance(options)
+      module ActsAsAuthentic
+        # = Session Maintenance
+        #
+        # Responsible for maintaining the related session as the record changes. Here is what it does:
+        #
+        # 1. If the user is logged out and creates a new record, they will be logged in as that record
+        # 2. If the user is logged out and changes a record's password, they will be logged in as that record
+        # 3. If a user is logged in and changes his own password, their session will be updated accordingly. This can be done *anywhere*: the my account section, admin area, etc.
+        #
+        # === Instance Methods
+        #
+        # * <tt>save_without_session_maintenance</tt> - allows you to save the record and skip all of the session maintenance completely
+        module SessionMaintenance
+          def acts_as_authentic_with_session_maintenance(options = {})
+            acts_as_authentic_without_session_maintenance(options)
-          options[:session_class] ||= "#{name}Session"
-          options[:session_ids] ||= [nil]
+            before_save :get_session_information, :if => :update_sessions?
+            after_save :maintain_sessions!, :if => :update_sessions?
-          before_save :get_session_information, :if => :update_sessions?
-          after_save :maintain_sessions!, :if => :update_sessions?
-          class_eval <<-"end_eval", __FILE__, __LINE__
-            def save_without_session_maintenance(*args)
-              @skip_session_maintenance = true
-              result = save(*args)
-              @skip_session_maintenance = false
-              result
-            end
-            protected
-              def update_sessions?
-                !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{remember_token_field}_changed?
+            class_eval <<-"end_eval", __FILE__, __LINE__
+              def save_without_session_maintenance(*args)
+                @skip_session_maintenance = true
+                result = save(*args)
+                @skip_session_maintenance = false
+                result
               end
-              def get_session_information
-                # Need to determine if we are completely logged out, or logged in as another user
-                @_sessions = []
-                @_logged_out = true
+              protected
+                def update_sessions?
+                  !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{options[:remember_token_field]}_changed?
+                end
+                def get_session_information
+                  # Need to determine if we are completely logged out, or logged in as another user
+                  @_sessions = []
+                  @_logged_out = true
-                #{options[:session_ids].inspect}.each do |session_id|
-                  session = #{options[:session_class]}.find(*[session_id].compact)
-                  if session
-                    if !session.record.blank?
-                      @_logged_out = false
-                      @_sessions << session if session.record == self
+                  #{options[:session_ids].inspect}.each do |session_id|
+                    session = #{options[:session_class]}.find(*[session_id].compact)
+                    if session
+                      if !session.record.blank?
+                        @_logged_out = false
+                        @_sessions << session if session.record == self
+                      end
                     end
                   end
                 end
-              end
-              def maintain_sessions!
-                if @_logged_out
-                  create_session!
-                elsif !@_sessions.blank?
-                  update_sessions!
+                def maintain_sessions!
+                  if @_logged_out
+                    create_session!
+                  elsif !@_sessions.blank?
+                    update_sessions!
+                  end
                 end
-              end
-              def create_session!
-                # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
-                # that need to be created after logging into the main session.
-                session_id = #{options[:session_ids].inspect}.first
+                def create_session!
+                  # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
+                  # that need to be created after logging into the main session.
+                  session_id = #{options[:session_ids].inspect}.first
-                # If we are already logged in, ignore this completely. All that we care about is updating ourself.
-                next if #{options[:session_class]}.find(*[session_id].compact)
+                  # If we are already logged in, ignore this completely. All that we care about is updating ourself.
+                  next if #{options[:session_class]}.find(*[session_id].compact)
-                # Log me in
-                args = [self, session_id].compact
-                #{options[:session_class]}.create(*args)
-              end
+                  # Log me in
+                  args = [self, session_id].compact
+                  #{options[:session_class]}.create(*args)
+                end
-              def update_sessions!
-                # We found sessions above, let's update them with the new info
-                @_sessions.each do |stale_session|
-                  stale_session.unauthorized_record = self
-                  stale_session.save
+                def update_sessions!
+                  # We found sessions above, let's update them with the new info
+                  @_sessions.each do |stale_session|
+                    stale_session.unauthorized_record = self
+                    stale_session.save
+                  end
                 end
-              end
-          end_eval
+            end_eval
+          end
         end
       end
     end
@@ -77,7 +87,7 @@ end
 ActiveRecord::Base.class_eval do
   class << self
-    include Authlogic::ORMAdapters::ActiveRecordAdapter::SessionMaintenance
+    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::SessionMaintenance
     alias_method_chain :acts_as_authentic, :session_maintenance
   end
 end