RubyGems - authlogic - Versions diffs - 1.2.0 → 1.2.1 - Mend

authlogic 1.2.0 → 1.2.1

Potentially problematic release.

This version of authlogic might be problematic. Click here for more details.

Files changed (34) hide show

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb CHANGED

@@ -8,21 +8,21 @@ module Authlogic
         #
         # === Class Methods
         #
-        # * <tt>forget_all!</tt> - resets ALL records remember_token to a unique value, requiring all users to re-login
+        # * <tt>forget_all!</tt> - resets ALL records persistence_token to a unique value, requiring all users to re-login
         # * <tt>unique_token</tt> - returns a pretty hardcore random token that is finally encrypted with a hash algorithm
         #
         # === Instance Methods
         #
-        # * <tt>forget!</tt> - resets the record's remember_token which requires them to re-login
+        # * <tt>forget!</tt> - resets the record's persistence_token which requires them to re-login
         #
         # === Alias Method Chains
         #
-        # * <tt>#{options[:password_field]}</tt> - adds in functionality to reset the remember token when the password is changed
+        # * <tt>#{options[:password_field]}</tt> - adds in functionality to reset the persistence token when the password is changed
         module Persistence
           def acts_as_authentic_with_persistence(options = {})
             acts_as_authentic_without_persistence(options)
-            validates_uniqueness_of options[:remember_token_field]
+            validates_uniqueness_of options[:persistence_token_field]
             def forget_all!
               # Paginate these to save on memory
@@ -37,19 +37,19 @@ module Authlogic
             class_eval <<-"end_eval", __FILE__, __LINE__
               def self.unique_token
-                # The remember token should be a unique string that is not reversible, which is what a hash is all about
+                # The persistence token should be a unique string that is not reversible, which is what a hash is all about
                 # if you using encryption this defaults to Sha512.
                 token_class = #{options[:crypto_provider].respond_to?(:decrypt) ? Authlogic::CryptoProviders::Sha512 : options[:crypto_provider]}
                 token_class.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
               end
               def forget!
-                self.#{options[:remember_token_field]} = self.class.unique_token
+                self.#{options[:persistence_token_field]} = self.class.unique_token
                 save_without_session_maintenance(false)
               end
               def #{options[:password_field]}_with_persistence=(value)
-                self.#{options[:remember_token_field]} = self.class.unique_token
+                self.#{options[:persistence_token_field]} = self.class.unique_token
                 self.#{options[:password_field]}_without_persistence = value
               end
               alias_method_chain :#{options[:password_field]}=, :persistence

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb CHANGED

@@ -30,7 +30,7 @@ module Authlogic
               protected
                 def update_sessions?
-                  !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{options[:remember_token_field]}_changed?
+                  !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{options[:persistence_token_field]}_changed?
                 end
                 def get_session_information

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb CHANGED

@@ -4,8 +4,8 @@ module Authlogic
       module ActsAsAuthentic
         # = Single Access
         #
-        # Instead of repeating myself here, checkout the README. There is a "Single Access" section in there that goes over this. Keep in mind none of this will be applied if there
-        # is not a single_access_token field supplied in the database.
+        # Instead of repeating myself here, checkout the README. There is a "Tokens" section in there that goes over the single access token.
+        # Keep in mind none of this will be applied if there is not a single_access_token field supplied in the database.
         #
         # === Instance Methods
         #

data/lib/authlogic/session/authenticates_many_association.rb CHANGED

@@ -27,6 +27,7 @@ module Authlogic
           end
         end_eval
       end
+      alias_method :build, :new
       private
         def scope_options

data/lib/authlogic/session/config.rb CHANGED

@@ -389,8 +389,8 @@ module Authlogic
           self.class.password_invalid_message
         end
-        def password_reset_token_field
-          klass.acts_as_authentic_config[:password_reset_token_field]
+        def perishable_token_field
+          klass.acts_as_authentic_config[:perishable_token_field]
         end
         def remember_me_for
@@ -398,8 +398,8 @@ module Authlogic
           self.class.remember_me_for
         end
-        def remember_token_field
-          klass.acts_as_authentic_config[:remember_token_field]
+        def persistence_token_field
+          klass.acts_as_authentic_config[:persistence_token_field]
         end
         def session_key

data/lib/authlogic/session/cookies.rb CHANGED

@@ -12,7 +12,7 @@ module Authlogic
       # Tries to validate the session from information in the cookie
       def valid_cookie?
         if cookie_credentials
-          self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", cookie_credentials)
+          self.unauthorized_record = search_for_record("find_by_#{persistence_token_field}", cookie_credentials)
           return valid?
         end
@@ -26,7 +26,7 @@ module Authlogic
         def save_cookie
           controller.cookies[cookie_key] = {
-            :value => record.send(remember_token_field),
+            :value => record.send(persistence_token_field),
             :expires => remember_me_until
           }
         end

data/lib/authlogic/session/params.rb CHANGED

@@ -7,8 +7,8 @@ module Authlogic
     #
     #   https://www.domain.com?user_credentials=[insert single access token here]
     #
-    # Wait, what is a single access token? It is all explained in the README. Checkout the "Single Access" section in the README. For security reasons, this type of authentication
-    # is ONLY available via single access tokens, you can NOT pass your remember token.
+    # Wait, what is a single access token? It is all explained in the README. Checkout the "Tokens" section in the README, there is section about
+    # single access tokens. For security reasons, this type of authentication is ONLY available via single access tokens, you can NOT pass your persistence token.
     module Params
       # Tries to validate the session from information in the params token
       def valid_params?

data/lib/authlogic/session/perishability.rb ADDED

@@ -0,0 +1,18 @@
+module Authlogic
+  module Session
+    # = Perishability
+    #
+    # Maintains the perishable token, which is helpful for confirming records or authorizing records to reset their password. All that this
+    # module does is reset it after a session have been saved, just keep it changing. The more it changes, the tighter the security.
+    module Perishability
+      def self.included(klass)
+        klass.after_save :reset_perishable_token!
+      end
+      private
+        def reset_perishable_token!
+          record.send("reset_#{perishable_token_field}!") if record.respond_to?("reset_#{perishable_token_field}!")
+        end
+    end
+  end
+end

data/lib/authlogic/session/session.rb CHANGED

@@ -13,7 +13,7 @@ module Authlogic
       # Tries to validate the session from information in the session
       def valid_session?
         if session_credentials
-          self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", session_credentials)
+          self.unauthorized_record = search_for_record("find_by_#{persistence_token_field}", session_credentials)
           return valid?
         end
@@ -26,7 +26,7 @@ module Authlogic
         end
         def update_session!
-          controller.session[session_key] = record && record.send(remember_token_field)
+          controller.session[session_key] = record && record.send(persistence_token_field)
         end
     end
   end

data/lib/authlogic/version.rb CHANGED

@@ -44,7 +44,7 @@ module Authlogic # :nodoc:
     MAJOR = 1
     MINOR = 2
-    TINY  = 0
+    TINY  = 1
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/test/fixtures/employees.yml CHANGED

@@ -3,7 +3,7 @@ drew:
   email: dgainor@binarylogic.com
   password_salt: <%= salt = Employee.unique_token %>
   crypted_password: "<%= Employee.acts_as_authentic_config[:crypto_provider].encrypt("drewrocks" + salt) %>"
-  remember_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
+  persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
   first_name: Drew
   last_name: Gainor
@@ -12,6 +12,6 @@ jennifer:
   email: jjohnson@logicoverdata.com
   password_salt: <%= salt = Employee.unique_token %>
   crypted_password: "<%= Employee.acts_as_authentic_config[:crypto_provider].encrypt("jenniferocks" + salt) %>"
-  remember_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
+  persistence_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
   first_name: Jennifer
   last_name: Johnson

data/test/fixtures/users.yml CHANGED

@@ -4,9 +4,9 @@ ben:
   login: bjohnson
   password_salt: <%= salt = User.unique_token %>
   crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
-  remember_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
+  persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
   single_access_token: <%= User.friendly_unique_token %>
-  password_reset_token: <%= User.friendly_unique_token %>
+  perishable_token: <%= User.friendly_unique_token %>
   email: bjohnson@binarylogic.com
   first_name: Ben
   last_name: Johnson
@@ -17,7 +17,7 @@ zack:
   login: zham
   password_salt: <%= salt = User.unique_token %>
   crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
-  remember_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
+  persistence_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
   single_access_token: <%= User.friendly_unique_token %>
   email: zham@ziggityzack.com
   first_name: Zack

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb CHANGED

@@ -17,12 +17,12 @@ module ORMAdaptersTests
             :login_field_regex => /\A\w[\w\.\-_@ ]+\z/,
             :session_ids => [nil],
             :login_field_regex_failed_message => "use only letters, numbers, spaces, and .-_@ please.",
-            :remember_token_field => :remember_token,
+            :persistence_token_field => :persistence_token,
             :password_field => :password,
             :logged_in_timeout => 600,
             :password_salt_field => :password_salt,
-            :password_reset_token_valid_for => 600,
-            :password_reset_token_field => :password_reset_token,
+            :perishable_token_valid_for => 600,
+            :perishable_token_field => :perishable_token,
             :login_field_type => :login,
             :crypto_provider => Authlogic::CryptoProviders::Sha512,
             :password_blank_message => "can not be blank",
@@ -31,7 +31,11 @@ module ORMAdaptersTests
             :login_field => :login,
             :email_field => :email,
             :email_field_regex => /\A[\w\.%\+\-]+@(?:[A-Z0-9\-]+\.)+(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)\z/i,
-            :email_field_regex_failed_message=>"should look like an email address."
+            :email_field_regex_failed_message=>"should look like an email address.",
+            :validate_fields => true,
+            :validate_login_field => true,
+            :validate_email_field => true,
+            :validate_password_field => true
           }
           assert_equal default_config, User.acts_as_authentic_config
         end

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb CHANGED

@@ -94,14 +94,14 @@ module ORMAdaptersTests
           user.password = "sillywilly"
           assert user.crypted_password
           assert user.password_salt
-          assert user.remember_token
+          assert user.persistence_token
           assert_equal true, user.tried_to_set_password
           assert_nil user.password
           employee = Employee.new
           employee.password = "awesome"
           assert employee.crypted_password
-          assert employee.remember_token
+          assert employee.persistence_token
           assert_equal true, employee.tried_to_set_password
           assert_nil employee.password
         end
@@ -123,18 +123,18 @@ module ORMAdaptersTests
           old_password = ben.crypted_password
           old_salt = ben.password_salt
-          old_remember_token = ben.remember_token
+          old_persistence_token = ben.persistence_token
           ben.reset_password
           assert_not_equal old_password, ben.crypted_password
           assert_not_equal old_salt, ben.password_salt
-          assert_not_equal old_remember_token, ben.remember_token
+          assert_not_equal old_persistence_token, ben.persistence_token
           assert UserSession.find
           ben.reset_password!
           ben.reload
           assert_not_equal old_password, ben.crypted_password
           assert_not_equal old_salt, ben.password_salt
-          assert_not_equal old_remember_token, ben.remember_token
+          assert_not_equal old_persistence_token, ben.persistence_token
           assert !UserSession.find
         end
       end

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/perishability_test.rb ADDED

@@ -0,0 +1,41 @@
+require File.dirname(__FILE__) + '/../../../test_helper.rb'
+module ORMAdaptersTests
+  module ActiveRecordAdapterTests
+    module ActsAsAuthenticTests
+      class PerishabilityTest < ActiveSupport::TestCase
+        def test_before_validation
+          ben = users(:ben)
+          old_perishable_token = ben.perishable_token
+          assert ben.valid?
+          assert_not_equal old_perishable_token, ben.perishable_token
+          ben.reload
+          assert_equal old_perishable_token, ben.perishable_token
+          assert ben.save
+          assert_not_equal old_perishable_token, ben.perishable_token
+        end
+        def test_find_using_perishable_token
+          ben = users(:ben)
+          assert_nil User.find_using_perishable_token("")
+          assert_equal ben, User.find_using_perishable_token(ben.perishable_token)
+          assert ben.class.connection.execute("update users set updated_at = '#{10.minutes.ago.to_s(:db)}' where id = '#{ben.id}';")
+          assert_nil User.find_using_perishable_token(ben.perishable_token)
+          assert_equal ben, User.find_using_perishable_token(ben.perishable_token, 20.minutes)
+        end
+        def test_reset_perishable_token
+          ben = users(:ben)
+          old_perishable_token = ben.perishable_token
+          ben.reset_perishable_token
+          assert_not_equal old_perishable_token, ben.perishable_token
+          ben.reload
+          assert_equal old_perishable_token, ben.perishable_token
+          ben.reset_perishable_token!
+          ben.reload
+          assert_not_equal old_perishable_token, ben.perishable_token
+        end
+      end
+    end
+  end
+end

data/test/session_tests/authenticates_many_association_test.rb CHANGED

@@ -16,5 +16,13 @@ module SessionTests
       assert_equal ben, session.unauthorized_record
       assert_equal({:find_options => {:conditions => ["1 = ?", 1]}, :id => :some_id}, session.scope)
     end
+    def test_build
+      binary_logic = companies(:binary_logic)
+      ben = users(:ben)
+      session = binary_logic.user_sessions.build(ben)
+      assert_equal ben, session.unauthorized_record
+      assert_equal({:find_options => {:conditions => "\"users\".company_id = #{binary_logic.id}"}, :id => nil}, session.scope)
+    end
   end
 end

data/test/session_tests/base_test.rb CHANGED

@@ -55,10 +55,10 @@ module SessionTests
       assert UserSession.find
       last_request_at = ben.reload.last_request_at
-      sleep(1)
+      sleep(1.1)
       assert UserSession.find
       assert_equal last_request_at, ben.reload.last_request_at
-      sleep(1)
+      sleep(1.1)
       assert UserSession.find
       assert_not_equal last_request_at, ben.reload.last_request_at
@@ -157,10 +157,10 @@ module SessionTests
     def test_inspect
       session = UserSession.new
-      assert_equal "#<UserSession {:login=>nil, :password=>\"<protected>\"}>", session.inspect
+      assert_equal "#<UserSession #{{:login=>nil, :password=>"<protected>"}.inspect}>", session.inspect
       session.login = "login"
       session.password = "pass"
-      assert "#<UserSession {:login=>\"login\", :password=>\"<protected>\"}>" == session.inspect || "#<UserSession {:password=>\"<protected>\", :login=>\"login\"}>" == session.inspect
+      assert "#<UserSession #{{:login=>"login", :password=>"<protected>"}.inspect}>" == session.inspect
     end
     def test_new_session

data/test/session_tests/cookies_test.rb CHANGED

@@ -17,7 +17,7 @@ module SessionTests
       ben = users(:ben)
       session = UserSession.new(ben)
       assert session.save
-      assert_equal ben.remember_token, @controller.cookies["user_credentials"]
+      assert_equal ben.persistence_token, @controller.cookies["user_credentials"]
     end
     def test_destroy

data/test/session_tests/{password_reset_test.rb → perishability_test.rb} RENAMED

@@ -1,12 +1,12 @@
 require File.dirname(__FILE__) + '/../test_helper.rb'
 module SessionTests
-  class PasswordResetTest < ActiveSupport::TestCase
+  class PerishabilityTest < ActiveSupport::TestCase
     def test_after_save
       ben = users(:ben)
-      old_password_reset_token = ben.password_reset_token
+      old_perishable_token = ben.perishable_token
       session = UserSession.create(ben)
-      assert_not_equal old_password_reset_token, ben.password_reset_token
+      assert_not_equal old_perishable_token, ben.perishable_token
       drew = employees(:drew)
       assert UserSession.create(drew)

data/test/session_tests/session_test.rb CHANGED

@@ -12,7 +12,7 @@ module SessionTests
       assert session.valid_session?
       assert session.find_record
       assert_equal ben, session.record
-      assert_equal ben.remember_token, @controller.session["user_credentials"]
+      assert_equal ben.persistence_token, @controller.session["user_credentials"]
       assert_equal ben, session.unauthorized_record
       assert !session.new_session?
     end
@@ -22,13 +22,13 @@ module SessionTests
       session = UserSession.new(ben)
       assert @controller.session["user_credentials"].blank?
       assert session.save
-      assert_equal ben.remember_token, @controller.session["user_credentials"]
+      assert_equal ben.persistence_token, @controller.session["user_credentials"]
     end
     def test_destroy
       ben = users(:ben)
       set_session_for(ben)
-      assert_equal ben.remember_token, @controller.session["user_credentials"]
+      assert_equal ben.persistence_token, @controller.session["user_credentials"]
       session = UserSession.find
       assert session.destroy
       assert @controller.session["user_credentials"].blank?
@@ -39,7 +39,7 @@ module SessionTests
       set_cookie_for(ben)
       assert @controller.session["user_credentials"].blank?
       assert UserSession.find
-      assert_equal ben.remember_token, @controller.session["user_credentials"]
+      assert_equal ben.persistence_token, @controller.session["user_credentials"]
     end
   end
 end

data/test/test_helper.rb CHANGED

@@ -38,9 +38,9 @@ ActiveRecord::Schema.define(:version => 1) do
     t.string    :login
     t.string    :crypted_password
     t.string    :password_salt
-    t.string    :remember_token
+    t.string    :persistence_token
     t.string    :single_access_token
-    t.string    :password_reset_token
+    t.string    :perishable_token
     t.string    :email
     t.string    :first_name
     t.string    :last_name
@@ -59,7 +59,7 @@ ActiveRecord::Schema.define(:version => 1) do
     t.string    :email
     t.string    :crypted_password
     t.string    :password_salt
-    t.string    :remember_token
+    t.string    :persistence_token
     t.string    :first_name
     t.string    :last_name
     t.integer   :login_count
@@ -132,7 +132,7 @@ class Test::Unit::TestCase
     end
     def set_cookie_for(user, id = nil)
-      @controller.cookies["user_credentials"] = {:value => user.remember_token, :expires => nil}
+      @controller.cookies["user_credentials"] = {:value => user.persistence_token, :expires => nil}
     end
     def unset_cookie
@@ -156,7 +156,7 @@ class Test::Unit::TestCase
     end
     def set_session_for(user, id = nil)
-      @controller.session["user_credentials"] = user.remember_token
+      @controller.session["user_credentials"] = user.persistence_token
     end
     def unset_session