authlogic 1.1.2 → 1.2.0

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb

@@ -18,34 +18,34 @@ module Authlogic
         module SingleAccess
           def acts_as_authentic_with_single_access(options = {})
             acts_as_authentic_without_single_access(options)
-          
-            if options[:single_access_token_field]
-              class_eval <<-"end_eval", __FILE__, __LINE__
-                validates_uniqueness_of :#{options[:single_access_token_field]}
-              
-                before_validation :set_#{options[:single_access_token_field]}_field
-              
-                def password_with_single_access=(value)
-                  reset_#{options[:single_access_token_field]} if #{options[:change_single_access_token_with_password].inspect}
-                  self.password_without_single_access = value
+            
+            return if options[:single_access_token_field].blank?
+            
+            class_eval <<-"end_eval", __FILE__, __LINE__
+              validates_uniqueness_of :#{options[:single_access_token_field]}
+            
+              before_validation :set_#{options[:single_access_token_field]}_field
+            
+              def password_with_single_access=(value)
+                reset_#{options[:single_access_token_field]} if #{options[:change_single_access_token_with_password].inspect}
+                self.password_without_single_access = value
+              end
+              alias_method_chain :password=, :single_access
+            
+              def reset_#{options[:single_access_token_field]}
+                self.#{options[:single_access_token_field]} = self.class.friendly_unique_token
+              end
+            
+              def reset_#{options[:single_access_token_field]}!
+                reset_#{options[:single_access_token_field]}
+                save_without_session_maintenance
+              end
+            
+              protected
+                def set_#{options[:single_access_token_field]}_field
+                  reset_#{options[:single_access_token_field]} if #{options[:single_access_token_field]}.blank?
                 end
-                alias_method_chain :password=, :single_access
-              
-                def reset_#{options[:single_access_token_field]}
-                  self.#{options[:single_access_token_field]} = self.class.friendly_unique_token
-                end
-              
-                def reset_#{options[:single_access_token_field]}!
-                  reset_#{options[:single_access_token_field]}
-                  save_without_session_maintenance
-                end
-              
-                protected
-                  def set_#{options[:single_access_token_field]}_field
-                    reset_#{options[:single_access_token_field]} if #{options[:single_access_token_field]}.blank?
-                  end
-              end_eval
-            end
+            end_eval
           end
         end
       end

data/lib/authlogic/session/base.rb

@@ -8,22 +8,18 @@ module Authlogic
       
       class << self
         # Returns true if a controller have been set and can be used properly. This MUST be set before anything can be done. Similar to how ActiveRecord won't allow you to do anything
-        # without establishing a DB connection. By default this is done for you automatically, but if you are using Authlogic in a unique way outside of rails, you need to assign a controller
+        # without establishing a DB connection. In your framework environment this is done for you, but if you are using Authlogic outside of your frameword, you need to assign a controller
         # object to Authlogic via Authlogic::Session::Base.controller = obj.
         def activated?
           !controller.blank?
         end
         
         def controller=(value) # :nodoc:
-          controllers[Thread.current] = value
+          Thread.current[:authlogic_controller] = value
         end
         
         def controller # :nodoc:
-          controllers[Thread.current]
-        end
-        
-        def reset_controllers!
-          @@controllers = {}
+          Thread.current[:authlogic_controller]
         end
         
         # A convenince method. The same as:
@@ -41,16 +37,26 @@ module Authlogic
           session.save!
         end
         
-        # A convenience method for session.find_record. Finds your session by session, then cookie, and finally basic http auth. Perfect for that global before_filter to find your logged in user:
+        # A convenience method for session.find_record. Finds your session by parameters, then session, then cookie, and finally by basic http auth.
+        # This is perfect for persisting your session:
+        #
+        #   helper_method :current_user_session, :current_user
         #
-        #   before_filter :load_user
+        #   def current_user_session
+        #     return @current_user_session if defined?(@current_user_session)
+        #     @current_user_session = UserSession.find
+        #   end
         #
-        #   def load_user
-        #     @user_session = UserSession.find
-        #     @current_user = @user_session && @user_session.user
+        #   def current_user
+        #     return @current_user if defined?(@current_user)
+        #     @current_user = current_user_session && current_user_session.user
         #   end
         #
-        # Accepts a single parameter as the id. See initialize for more information on ids. Lastly, how it finds the session can be modified via configuration.
+        # Accepts a single parameter as the id, to find session that you marked with an id:
+        #
+        #   UserSession.find(:secure)
+        #
+        # See the id method for more information on ids.
         def find(id = nil)
           args = [id].compact
           session = new(*args)
@@ -58,7 +64,9 @@ module Authlogic
           nil
         end
         
-        def klass # :nodoc:
+        # The name of the class that this session is authenticating with. For example, the UserSession class will authenticate with the User class
+        # unless you specify otherwise in your configuration.
+        def klass
           @klass ||=
             if klass_name
               klass_name.constantize
@@ -67,17 +75,13 @@ module Authlogic
             end
         end
         
-        def klass_name # :nodoc:
+        # Same as klass, just returns a string instead of the actual constant.
+        def klass_name
           @klass_name ||= 
             if guessed_name = name.scan(/(.*)Session/)[0]
               @klass_name = guessed_name[0]
             end
         end
-        
-        private
-          def controllers
-            @@controllers ||= {}
-          end
       end
     
       attr_accessor :new_session
@@ -96,10 +100,10 @@ module Authlogic
       #   UserSession.new({:login => "login", :password => "password", :remember_me => true}, :my_id)
       #   UserSession.new(User.first, true, :my_id)
       #
-      # Ids are rarely used, but they can be useful. For example, what if users allow other users to login into their account via proxy? Now that user can "technically" be logged into 2 accounts at once.
-      # To solve this just pass a id called :proxy, or whatever you want. Authlogic will separate everything out.
+      # For more information on ids see the id method.
       #
-      # The reason the id is separate from the first parameter hash is becuase this should be controlled by you, not by what the user passes. A usr could inject their own id and things would not work as expected.
+      # Lastly, the reason the id is separate from the first parameter hash is becuase this should be controlled by you, not by what the user passes.
+      # A user could inject their own id and things would not work as expected.
       def initialize(*args)
         raise NotActivated.new(self) unless self.class.activated?
         
@@ -117,8 +121,8 @@ module Authlogic
       
       # A flag for how the user is logging in. Possible values:
       #
-      # * :password - username and password
-      # * :unauthorized_record - an actual ActiveRecord object
+      # * <tt>:password</tt> - username and password
+      # * <tt>:unauthorized_record</tt> - an actual ActiveRecord object
       #
       # By default this is :password
       def authenticating_with
@@ -176,7 +180,7 @@ module Authlogic
         @errors ||= Errors.new(self)
       end
       
-      # Attempts to find the record by session, then cookie, and finally basic http auth. See the class level find method if you are wanting to use this in a before_filter to persist your session.
+      # Attempts to find the record by params, then session, then cookie, and finally basic http auth. See the class level find method if you are wanting to use this to persist your session.
       def find_record
         if record
           self.new_session = false
@@ -202,14 +206,13 @@ module Authlogic
       # and a "secure" user session. The secure user session would be created only when they want to modify their billing information, or other sensative information. Similar to me.com. This requires 2
       # user sessions. Just use an id for the "secure" session and you should be good.
       #
-      # You can set the id a number of ways:
+      # You can set the id during initialization (see initialize for more information), or as an attribute:
+      #
+      #   session.id = :my_id
       #
-      #   session = Session.new(:secure)
-      #   session = Session.new("username", "password", :secure)
-      #   session = Session.new({:username => "username", :password => "password"}, :secure)
-      #   session.id = :secure
+      # Just be sure and set your id before you save your session.
       #
-      # Just be sure and set your id before you validate / create / update your session.
+      # Lastly, to retrieve your session with the id check out the find class method.
       def id
         @id
       end
@@ -393,26 +396,26 @@ module Authlogic
           
           case authenticating_with
           when :password
-            errors.add(login_field, "can not be blank") if send(login_field).blank?
-            errors.add(password_field, "can not be blank") if send("protected_#{password_field}").blank?
+            errors.add(login_field, login_blank_message) if send(login_field).blank?
+            errors.add(password_field, password_blank_message) if send("protected_#{password_field}").blank?
             return false if errors.count > 0
             
             unchecked_record = search_for_record(find_by_login_method, send(login_field))
             
             if unchecked_record.blank?
-              errors.add(login_field, "was not found")
+              errors.add(login_field, login_not_found_message)
               return false
             end
             
             unless unchecked_record.send(verify_password_method, send("protected_#{password_field}"))
-              errors.add(password_field, "is invalid")
+              errors.add(password_field, password_invalid_message)
               return false
             end
           when :unauthorized_record
             unchecked_record = unauthorized_record
             
             if unchecked_record.blank?
-              errors.add_to_base("The record could not be found and did not match the requirements.")
+              errors.add_to_base("You can not login with a blank record.")
               return false
             end
             
@@ -429,7 +432,7 @@ module Authlogic
         def valid_record?
           [:active, :approved, :confirmed].each do |required_status|
             if record.respond_to?("#{required_status}?") && !record.send("#{required_status}?")
-              errors.add_to_base("Your account has not been marked as #{required_status}")
+              errors.add_to_base(send("not_#{required_status}_message"))
               return false
             end
           end

data/lib/authlogic/session/config.rb

@@ -92,7 +92,7 @@ module Authlogic
         # Calling UserSession.find tries to find the user session by session, then cookie, then params, and finally by basic http auth.
         # This option allows you to change the order or remove any of these.
         #
-        # * <tt>Default:</tt> [:session, :cookie, :params, :http_auth]
+        # * <tt>Default:</tt> [:params, :session, :cookie, :http_auth]
         # * <tt>Accepts:</tt> Array, and can only use any of the 3 options above
         def find_with(*values)
           if values.blank?
@@ -119,6 +119,32 @@ module Authlogic
         end
         alias_method :last_request_at_threshold=, :last_request_at_threshold
         
+        # The error message used when the login is left blank.
+        #
+        # * <tt>Default:</tt> "can not be blank"
+        # * <tt>Accepts:</tt> String
+        def login_blank_message(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:login_blank_message) || login_blank_message("can not be blank")
+          else
+            write_inheritable_attribute(:login_blank_message, value)
+          end
+        end
+        alias_method :login_blank_message=, :login_blank_message
+        
+        # The error message used when the login could not be found in the database.
+        #
+        # * <tt>Default:</tt> "does not exist"
+        # * <tt>Accepts:</tt> String
+        def login_not_found_message(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:login_not_found_message) || login_not_found_message("does not exist")
+          else
+            write_inheritable_attribute(:login_not_found_message, value)
+          end
+        end
+        alias_method :login_not_found_message=, :login_not_found_message
+        
         # The name of the method you want Authlogic to create for storing the login / username. Keep in mind this is just for your
         # Authlogic::Session, if you want it can be something completely different than the field in your model. So if you wanted people to
         # login with a field called "login" and then find users by email this is compeltely doable. See the find_by_login_method configuration
@@ -135,6 +161,45 @@ module Authlogic
         end
         alias_method :login_field=, :login_field
         
+        # The error message used when the record returns false to active?
+        #
+        # * <tt>Default:</tt> "Your account is not active"
+        # * <tt>Accepts:</tt> String
+        def not_active_message(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:not_active_message) || not_active_message("Your account is not active")
+          else
+            write_inheritable_attribute(:not_active_message, value)
+          end
+        end
+        alias_method :not_active_message=, :not_active_message
+        
+        # The error message used when the record returns false to approved?
+        #
+        # * <tt>Default:</tt> "Your account is not approved"
+        # * <tt>Accepts:</tt> String
+        def not_approved_message(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:not_approved_message) || not_active_message("Your account is not approved")
+          else
+            write_inheritable_attribute(:not_approved_message, value)
+          end
+        end
+        alias_method :not_approved_message=, :not_approved_message
+        
+        # The error message used when the record returns false to confirmed?
+        #
+        # * <tt>Default:</tt> "Your account is not confirmed"
+        # * <tt>Accepts:</tt> String
+        def not_confirmed_message(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:not_confirmed_message) || not_active_message("Your account is not confirmed")
+          else
+            write_inheritable_attribute(:not_confirmed_message, value)
+          end
+        end
+        alias_method :not_confirmed_message=, :not_confirmed_message
+        
         # Works exactly like cookie_key, but for params. So a user can login via params just like a cookie or a session. Your URL would look like:
         #
         #   http://www.domain.com?user_credentials=my_single_access_key
@@ -153,6 +218,18 @@ module Authlogic
         end
         alias_method :params_key=, :params_key
         
+        # The error message used when the password is left blank.
+        #
+        # * <tt>Default:</tt> "can not be blank"
+        # * <tt>Accepts:</tt> String
+        def password_blank_message(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:password_blank_message) || password_blank_message("can not be blank")
+          else
+            write_inheritable_attribute(:password_blank_message, value)
+          end
+        end
+        alias_method :password_blank_message=, :password_blank_message
         
         # Works exactly like login_field, but for the password instead.
         #
@@ -167,6 +244,19 @@ module Authlogic
         end
         alias_method :password_field=, :password_field
         
+        # The error message used when the password is invalid.
+        #
+        # * <tt>Default:</tt> "is invalid"
+        # * <tt>Accepts:</tt> String
+        def password_invalid_message(value = nil)
+          if value.nil?
+            read_inheritable_attribute(:password_invalid_message) || login_not_found_message("is invalid")
+          else
+            write_inheritable_attribute(:password_invalid_message, value)
+          end
+        end
+        alias_method :password_invalid_message=, :password_invalid_message
+        
         # If sessions should be remembered by default or not.
         #
         # * <tt>Default:</tt> false
@@ -193,21 +283,6 @@ module Authlogic
         end
         alias_method :remember_me_for=, :remember_me_for
         
-        # The name of the field that the remember token is stored. This is for cookies. Let's say you set up your app and want all users to be remembered for 6 months. Then you realize that might be a little too
-        # long. Well they already have a cookie set to expire in 6 months. Without a token you would have to reset their password, which obviously isn't feasible. So instead of messing with their password
-        # just reset their remember token. Next time they access the site and try to login via a cookie it will be rejected and they will have to relogin.
-        #
-        # * <tt>Default:</tt> Uses the configuration option in your model: User.acts_as_authentic_config[:remember_token_field]
-        # * <tt>Accepts:</tt> Symbol or String
-        def remember_token_field(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:remember_token_field) || remember_token_field(klass.acts_as_authentic_config[:remember_token_field])
-          else
-            write_inheritable_attribute(:remember_token_field, value)
-          end
-        end
-        alias_method :remember_token_field=, :remember_token_field
-        
         # Works exactly like cookie_key, but for sessions. See cookie_key for more info.
         #
         # * <tt>Default:</tt> cookie_key
@@ -235,20 +310,6 @@ module Authlogic
         end
         alias_method :single_access_allowed_request_types=, :single_access_allowed_request_types
         
-        # This is a separate token for logging with single access. It works just the the remember_token but it does NOT persist. Meaning if a record is found with the single_access_token it will not set
-        # the session or the cookie and "remember" the user. Checkout the "Single Access / Private Feeds Access" section in the README.
-        #
-        # * <tt>Default:</tt> Uses the configuration option in your model: User.acts_as_authentic_config[:single_access_token]
-        # * <tt>Accepts:</tt> Symbol or String
-        def single_access_token_field(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:single_access_token_field) || single_access_token_field(klass.acts_as_authentic_config[:single_access_token_field])
-          else
-            write_inheritable_attribute(:single_access_token_field, value)
-          end
-        end
-        alias_method :single_access_token_field=, :single_access_token_field
-        
         # The name of the method in your model used to verify the password. This should be an instance method. It should also be prepared to accept a raw password and a crytped password.
         #
         # * <tt>Default:</tt> "valid_#{password_field}?"
@@ -283,11 +344,31 @@ module Authlogic
         def last_request_at_threshold
           self.class.last_request_at_threshold
         end
+        
+        def login_blank_message
+          self.class.login_blank_message
+        end
+        
+        def login_not_found_message
+          self.class.login_not_found_message
+        end
       
         def login_field
           self.class.login_field
         end
         
+        def not_active_message
+          self.class.not_active_message
+        end
+        
+        def not_approved_message
+          self.class.not_approved_message
+        end
+        
+        def not_confirmed_message
+          self.class.not_confirmed_message
+        end
+        
         def params_allowed_request_types
           build_key(self.class.params_allowed_request_types)
         end
@@ -295,18 +376,30 @@ module Authlogic
         def params_key
           build_key(self.class.params_key)
         end
+        
+        def password_blank_message
+          self.class.password_blank_message
+        end
       
         def password_field
           self.class.password_field
         end
         
+        def password_invalid_message
+          self.class.password_invalid_message
+        end
+        
+        def password_reset_token_field
+          klass.acts_as_authentic_config[:password_reset_token_field]
+        end
+        
         def remember_me_for
           return unless remember_me?
           self.class.remember_me_for
         end
         
         def remember_token_field
-          self.class.remember_token_field
+          klass.acts_as_authentic_config[:remember_token_field]
         end
         
         def session_key
@@ -314,7 +407,7 @@ module Authlogic
         end
         
         def single_access_token_field
-          self.class.single_access_token_field
+          klass.acts_as_authentic_config[:single_access_token_field]
         end
         
         def single_access_allowed_request_types