authlogic 1.4.3 → 2.0.0

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb

@@ -1,51 +0,0 @@
-module Authlogic
-  module ORMAdapters
-    module ActiveRecordAdapter
-      module ActsAsAuthentic
-        # = Logged In
-        #
-        # Handles all logic determining if a record is logged in or not. This uses the "last_request_at" field, if this field is not present none of this will be available.
-        #
-        # === Named Scopes
-        #
-        # * <tt>logged_in</tt> - returns all records that have a last_request_at value that is > your :logged_in_timeout.ago
-        # * <tt>logged_out</tt> - same as logged in but returns users that are logged out, be careful with using this, this can return a lot of users
-        #
-        # === Instance Methods
-        #
-        # * <tt>logged_in?</tt> - same as the logged_in named scope, but returns true if the record is logged in
-        # * <tt>logged_out?</tt> - opposite of logged_in?
-        module LoggedIn
-          def acts_as_authentic_with_logged_in(options = {})
-            acts_as_authentic_without_logged_in(options)
-            
-            validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
-            
-            if column_names.include?("last_request_at")
-              class_eval <<-"end_eval", __FILE__, __LINE__
-                named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", #{options[:logged_in_timeout]}.seconds.ago]} }
-                named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", #{options[:logged_in_timeout]}.seconds.ago]} }
-                
-                def logged_in?
-                  raise "Can not determine the records login state because there is no last_request_at column" if !respond_to?(:last_request_at)
-                  !last_request_at.nil? && last_request_at > #{options[:logged_in_timeout]}.seconds.ago
-                end
-              
-                def logged_out?
-                  !logged_in?
-                end
-              end_eval
-            end
-          end
-        end
-      end
-    end
-  end
-end
-
-ActiveRecord::Base.class_eval do
-  class << self
-    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::LoggedIn
-    alias_method_chain :acts_as_authentic, :logged_in
-  end
-end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb

@@ -1,71 +0,0 @@
-module Authlogic
-  module ORMAdapters
-    module ActiveRecordAdapter
-      module ActsAsAuthentic
-        # = Perishable
-        #
-        # Handles all logic the deals with maintaining the perishable token. This token should be used to authenticate a user that is not logged in so that they
-        # can change their password, confirm their account, etc. Use it for whatever you want, but keep in mind this token is only temporary. Which
-        # is perfect for emailing, etc.
-        #
-        # === Class Methods
-        #
-        # * <tt>find_using_{options[:perishable_token_field]}(token, age = {options[:perishable_token_valid_for]})</tt> - returns the record that matches the pased token. The record's updated at column must not be older than
-        #   {age} ago. Lastly, if a blank token is passed no record will be returned.
-        #
-        # === Instance Methods
-        #
-        # * <tt>reset_#{options[:perishable_token_field]}</tt> - resets the perishable token field to a friendly unique token.
-        # * <tt>reset_#{options[:perishable_token_field]}!</tt> - same as above but saves the record afterwards.
-        module Perishability
-          def acts_as_authentic_with_perishability(options = {})
-            acts_as_authentic_without_perishability(options)
-            
-            return if options[:perishable_token_field].blank?
-            
-            class_eval <<-"end_eval", __FILE__, __LINE__
-              validates_uniqueness_of :#{options[:perishable_token_field]}, :if => :#{options[:perishable_token_field]}_changed?
-              
-              before_validation :reset_#{options[:perishable_token_field]}, :unless => :disable_#{options[:perishable_token_field]}_maintenance?
-              
-              def self.find_using_#{options[:perishable_token_field]}(token, age = #{options[:perishable_token_valid_for]})
-                return if token.blank?
-                age = age.to_i
-                
-                conditions_sql = "#{options[:perishable_token_field]} = ?"
-                conditions_subs = [token]
-                
-                if column_names.include?("updated_at") && age > 0
-                  conditions_sql += " and updated_at > ?"
-                  conditions_subs << age.seconds.ago
-                end
-                
-                find(:first, :conditions => [conditions_sql, *conditions_subs])
-              end
-              
-              def reset_#{options[:perishable_token_field]}
-                self.#{options[:perishable_token_field]} = self.class.friendly_unique_token
-              end
-              
-              def reset_#{options[:perishable_token_field]}!
-                reset_#{options[:perishable_token_field]}
-                save_without_session_maintenance(false)
-              end
-              
-              def disable_#{options[:perishable_token_field]}_maintenance?
-                #{options[:disable_perishable_token_maintenance].inspect} == true
-              end
-            end_eval
-          end
-        end
-      end
-    end
-  end
-end
-
-ActiveRecord::Base.class_eval do
-  class << self
-    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Perishability
-    alias_method_chain :acts_as_authentic, :perishability
-  end
-end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb

@@ -1,94 +0,0 @@
-module Authlogic
-  module ORMAdapters
-    module ActiveRecordAdapter
-      module ActsAsAuthentic
-        # = Persistence
-        #
-        # This is responsible for all record persistence. Basically what your Authlogic session needs to persist the record's session.
-        #
-        # === Class Methods
-        #
-        # * <tt>forget_all!</tt> - resets ALL records persistence_token to a unique value, requiring all users to re-login
-        # * <tt>unique_token</tt> - returns a pretty hardcore random token that is finally encrypted with a hash algorithm
-        #
-        # === Instance Methods
-        #
-        # * <tt>forget!</tt> - resets the record's persistence_token which requires them to re-login
-        #
-        # === Alias Method Chains
-        #
-        # * <tt>#{options[:password_field]}</tt> - adds in functionality to reset the persistence token when the password is changed
-        module Persistence
-          def acts_as_authentic_with_persistence(options = {})
-            acts_as_authentic_without_persistence(options)
-          
-            validates_presence_of options[:persistence_token_field]
-            validates_uniqueness_of options[:persistence_token_field], :if => "#{options[:persistence_token_field]}_changed?".to_sym
-            
-            before_validation "reset_#{options[:persistence_token_field]}".to_sym, :if => "reset_#{options[:persistence_token_field]}?".to_sym
-          
-            def forget_all!
-              # Paginate these to save on memory
-              records = nil
-              i = 0
-              begin
-                records = find(:all, :limit => 50, :offset => i)
-                records.each { |record| record.forget! }
-                i += 50
-              end while !records.blank?
-            end
-          
-            class_eval <<-"end_eval", __FILE__, __LINE__
-              def self.unique_token
-                Authlogic::CryptoProviders::Sha512.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
-              end
-            
-              def forget!
-                self.#{options[:persistence_token_field]} = self.class.unique_token
-                save_without_session_maintenance(false)
-              end
-            
-              def #{options[:password_field]}_with_persistence=(value)
-                reset_#{options[:persistence_token_field]} unless value.blank?
-                self.#{options[:password_field]}_without_persistence = value
-              end
-              alias_method_chain :#{options[:password_field]}=, :persistence
-              
-              def reset_#{options[:persistence_token_field]}
-                self.#{options[:persistence_token_field]} = self.class.unique_token
-              end
-              
-              def reset_#{options[:persistence_token_field]}!
-                reset_#{options[:persistence_token_field]}
-                save_without_session_maintenance(false)
-              end
-              
-              def reset_#{options[:persistence_token_field]}?
-                #{options[:persistence_token_field]}.blank?
-              end
-              
-              # When a user logs in we need to ensure they have a persistence token. Think about apps that are transitioning and
-              # never have a persistence token to begin with. When their users log in their persistence token needs to be set.
-              # The only other time persistence tokens are reset is in a before_validation on the user, and when a user is saved
-              # from the session we skip validation for performance reasons. We do save_without_session_maintenance(false), the false
-              # indicates to skip validation.
-              def valid_#{options[:password_field]}_with_persistence?(attempted_password)
-                result = valid_password_without_persistence?(attempted_password)
-                reset_#{options[:persistence_token_field]}! if result && #{options[:persistence_token_field]}.blank?
-                result
-              end
-              alias_method_chain :valid_#{options[:password_field]}?, :persistence
-            end_eval
-          end
-        end
-      end
-    end
-  end
-end
-
-ActiveRecord::Base.class_eval do
-  class << self
-    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Persistence
-    alias_method_chain :acts_as_authentic, :persistence
-  end
-end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb

@@ -1,87 +0,0 @@
-module Authlogic
-  module ORMAdapters
-    module ActiveRecordAdapter
-      module ActsAsAuthentic
-        # = Session Maintenance
-        #
-        # Responsible for maintaining the related session as the record changes. Here is what it does:
-        #
-        # 1. If the user is logged out and creates a new record, they will be logged in as that record
-        # 2. If the user is logged out and changes a record's password, they will be logged in as that record
-        # 3. If a user is logged in and changes his own password, their session will be updated accordingly. This can be done *anywhere*: the my account section, admin area, etc.
-        #
-        # === Instance Methods
-        #
-        # * <tt>save_without_session_maintenance</tt> - allows you to save the record and skip all of the session maintenance completely
-        module SessionMaintenance
-          def acts_as_authentic_with_session_maintenance(options = {})
-            acts_as_authentic_without_session_maintenance(options)
-          
-            before_save :get_session_information, :if => :update_sessions?
-            after_save :maintain_sessions!, :if => :update_sessions?
-          
-            class_eval <<-"end_eval", __FILE__, __LINE__
-              def save_without_session_maintenance(*args)
-                @skip_session_maintenance = true
-                result = save(*args)
-                @skip_session_maintenance = false
-                result
-              end
-            
-              protected
-                def update_sessions?
-                  !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{options[:persistence_token_field]}_changed?
-                end
-            
-                def get_session_information
-                  # Need to determine if we are completely logged out, or logged in as another user
-                  @_sessions = []
-                  @_logged_out = true
-          
-                  #{options[:session_ids].inspect}.each do |session_id|
-                    session = #{options[:session_class]}.find(session_id, self)
-                    if session && !session.record.blank?
-                      @_logged_out = false
-                      @_sessions << session if session.record == self
-                    end
-                  end
-                end
-        
-                def maintain_sessions!
-                  if @_logged_out
-                    create_session!
-                  elsif !@_sessions.blank?
-                    update_sessions!
-                  end
-                end
-        
-                def create_session!
-                  # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
-                  # that need to be created after logging into the main session.
-                  session_id = #{options[:session_ids].inspect}.first
-                   
-                  # Log me in, only if we aren't already logged in
-                  #{options[:session_class]}.create(*[self, session_id].compact) if !#{options[:session_class]}.find(session_id, self)
-                end
-        
-                def update_sessions!
-                  # We found sessions above, let's update them with the new info
-                  @_sessions.each do |stale_session|
-                    stale_session.unauthorized_record = self
-                    stale_session.save
-                  end
-                end
-            end_eval
-          end
-        end
-      end
-    end
-  end
-end
-
-ActiveRecord::Base.class_eval do
-  class << self
-    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::SessionMaintenance
-    alias_method_chain :acts_as_authentic, :session_maintenance
-  end
-end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb

@@ -1,61 +0,0 @@
-module Authlogic
-  module ORMAdapters
-    module ActiveRecordAdapter
-      module ActsAsAuthentic
-        # = Single Access
-        #
-        # Instead of repeating myself here, checkout the README. There is a "Tokens" section in there that goes over the single access token.
-        # Keep in mind none of this will be applied if there is not a single_access_token field supplied in the database.
-        #
-        # === Instance Methods
-        #
-        # * <tt>reset_{options[:single_access_token_field]}</tt> - resets the single access token with the friendly_unique_token
-        # * <tt>reset_{options[:single_access_token_field]}!</tt> - same as above, but saves the record afterwards
-        #
-        # === Alias Method Chains
-        #
-        # * <tt>{options[:password_field]}</tt> - if the :change_single_access_token_with_password is set to true, reset_{options[:single_access_token_field]} will be called when the password changes
-        module SingleAccess
-          def acts_as_authentic_with_single_access(options = {})
-            acts_as_authentic_without_single_access(options)
-            
-            return if options[:single_access_token_field].blank?
-            
-            class_eval <<-"end_eval", __FILE__, __LINE__
-              validates_uniqueness_of :#{options[:single_access_token_field]}, :if => :#{options[:single_access_token_field]}_changed?
-            
-              before_validation :set_#{options[:single_access_token_field]}_field
-            
-              def password_with_single_access=(value)
-                reset_#{options[:single_access_token_field]} if #{options[:change_single_access_token_with_password].inspect}
-                self.password_without_single_access = value
-              end
-              alias_method_chain :password=, :single_access
-            
-              def reset_#{options[:single_access_token_field]}
-                self.#{options[:single_access_token_field]} = self.class.friendly_unique_token
-              end
-            
-              def reset_#{options[:single_access_token_field]}!
-                reset_#{options[:single_access_token_field]}
-                save_without_session_maintenance
-              end
-            
-              protected
-                def set_#{options[:single_access_token_field]}_field
-                  reset_#{options[:single_access_token_field]} if #{options[:single_access_token_field]}.blank?
-                end
-            end_eval
-          end
-        end
-      end
-    end
-  end
-end
-
-ActiveRecord::Base.class_eval do
-  class << self
-    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::SingleAccess
-    alias_method_chain :acts_as_authentic, :single_access
-  end
-end

data/lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb

@@ -1,58 +0,0 @@
-module Authlogic
-  module ORMAdapters
-    module ActiveRecordAdapter
-      # = Authenticates Many
-      #
-      # This allows you to scope your authentication. For example, let's say all users belong to an account, you want to make sure only users
-      # that belong to that account can actually login into that account. Simple, just do:
-      #
-      #   class Account < ActiveRecord::Base
-      #     authenticates_many :user_sessions
-      #   end
-      #
-      # Now you can scope sessions just like everything else in ActiveRecord:
-      #
-      #   @account.user_sessions.new(*args)
-      #   @account.user_sessions.create(*args)
-      #   @account.user_sessions.find(*args)
-      #   # ... etc
-      #
-      # For more information on scopes check out the scopes section in the README.
-      module AuthenticatesMany
-        # Allows you set essentially set up a relationship with your sessions. See module definition above for more details.
-        #
-        # === Options
-        #
-        # * <tt>session_class:</tt> default: "#{name}Session",
-        #   This is the related session class.
-        #   
-        # * <tt>relationship_name:</tt> default: options[:session_class].klass_name.underscore.pluralize,
-        #   This is the name of the relationship you want to use to scope everything. For example an Account has many Users. There should be a relationship
-        #   called :users that you defined with a has_many. The reason we use the relationship is so you don't have to repeat yourself. The relatonship
-        #   could have all kinds of custom options. So instead of repeating yourself we essentially use the scope that the relationship creates.
-        #
-        # * <tt>find_options:</tt> default: nil,
-        #   By default the find options are created from the relationship you specify with :relationship_name. But if you want to override this and
-        #   manually specify find_options you can do it here. Specify options just as you would in ActiveRecord::Base.find.
-        #
-        # * <tt>scope_cookies:</tt> default: false
-        #   By the nature of cookies they scope theirself if you are using subdomains to access accounts. If you aren't using subdomains you need to have
-        #   separate cookies for each account, assuming a user is logging into mroe than one account. Authlogic can take care of this for you by
-        #   prefixing the name of the cookie and sessin with the model id. You just need to tell Authlogic to do this by passing this option.
-        def authenticates_many(name, options = {})
-          options[:session_class] ||= name.to_s.classify.constantize
-          options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
-          class_eval <<-"end_eval", __FILE__, __LINE__
-            def #{name}
-              find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scope(:find)
-              find_options.delete_if { |key, value| ![:conditions, :include, :joins].include?(key.to_sym) || value.nil? }
-              @#{name} ||= Authlogic::Session::AuthenticatesManyAssociation.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
-            end
-          end_eval
-        end
-      end
-    end
-  end
-end
-
-ActiveRecord::Base.extend Authlogic::ORMAdapters::ActiveRecordAdapter::AuthenticatesMany

data/lib/authlogic/session/config.rb

@@ -1,421 +0,0 @@
-module Authlogic
-  module Session
-    module Config # :nodoc:
-      def self.included(klass)
-        klass.extend(ClassMethods)
-        klass.send(:include, InstanceMethods)
-      end
-      
-      # = Session Config
-      #
-      # This deals with configuration for your session. If you are wanting to configure your model please look at Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Config
-      #
-      # Configuration for your session is simple. The configuration options are just class methods. Just put this in your config/initializers directory
-      #
-      #   UserSession.configure do |config|
-      #     config.authenticate_with = User
-      #     # ... more configuration
-      #   end
-      #
-      # or you can set your configuration in the session class directly:
-      #
-      #   class UserSession < Authlogic::Session::Base
-      #     authenticate_with User
-      #     # ... more configuration
-      #   end
-      #
-      # You can also access the values in the same fashion:
-      #
-      #   UserSession.authenticate_with
-      #
-      # See the methods belows for all configuration options.
-      module ClassMethods
-        # Lets you change which model to use for authentication.
-        #
-        # * <tt>Default:</tt> inferred from the class name. UserSession would automatically try User
-        # * <tt>Accepts:</tt> an ActiveRecord class
-        def authenticate_with(klass)
-          @klass_name = klass.name
-          @klass = klass
-        end
-        alias_method :authenticate_with=, :authenticate_with
-        
-        # Convenience method that lets you easily set configuration, see examples above
-        def configure
-          yield self
-        end
-        
-        # The name of the cookie or the key in the cookies hash. Be sure and use a unique name. If you have multiple sessions and they use the same cookie it will cause problems.
-        # Also, if a id is set it will be inserted into the beginning of the string. Exmaple:
-        #
-        #   session = UserSession.new
-        #   session.cookie_key => "user_credentials"
-        #   
-        #   session = UserSession.new(:super_high_secret)
-        #   session.cookie_key => "super_high_secret_user_credentials"
-        #
-        # * <tt>Default:</tt> "#{klass_name.underscore}_credentials"
-        # * <tt>Accepts:</tt> String
-        def cookie_key(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:cookie_key) || cookie_key("#{klass_name.underscore}_credentials")
-          else
-            write_inheritable_attribute(:cookie_key, value)
-          end
-        end
-        alias_method :cookie_key=, :cookie_key
-        
-        # Set this to true if you want to disable the checking of active?, approved?, and confirmed? on your record. This is more or less of a
-        # convenience feature, since 99% of the time if those methods exist and return false you will not want the user logging in. You could
-        # easily accomplish this same thing with a before_validation method or other callbacks.
-        #
-        # * <tt>Default:</tt> false
-        # * <tt>Accepts:</tt> Boolean
-        def disable_magic_states(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:disable_magic_states)
-          else
-            write_inheritable_attribute(:disable_magic_states, value)
-          end
-        end
-        alias_method :disable_magic_states=, :disable_magic_states
-        
-        # Authlogic tries to validate the credentials passed to it. One part of validation is actually finding the user and making sure it exists. What method it uses the do this is up to you.
-        #
-        # Let's say you have a UserSession that is authenticating a User. By default UserSession will call User.find_by_login(login). You can change what method UserSession calls by specifying it here. Then
-        # in your User model you can make that method do anything you want, giving you complete control of how users are found by the UserSession.
-        #
-        # Let's take an example: You want to allow users to login by username or email. Set this to the name of the class method that does this in the User model. Let's call it "find_by_username_or_email"
-        #
-        #   class User < ActiveRecord::Base
-        #     def self.find_by_username_or_email(login)
-        #       find_by_username(login) || find_by_email(login)
-        #     end
-        #   end
-        #
-        # * <tt>Default:</tt> "find_by_#{login_field}"
-        # * <tt>Accepts:</tt> Symbol or String
-        def find_by_login_method(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:find_by_login_method) || find_by_login_method("find_by_#{login_field}")
-          else
-            write_inheritable_attribute(:find_by_login_method, value)
-          end
-        end
-        alias_method :find_by_login_method=, :find_by_login_method
-        
-        # Calling UserSession.find tries to find the user session by session, then cookie, then params, and finally by basic http auth.
-        # This option allows you to change the order or remove any of these.
-        #
-        # * <tt>Default:</tt> [:params, :session, :cookie, :http_auth]
-        # * <tt>Accepts:</tt> Array, and can only use any of the 3 options above
-        def find_with(*values)
-          if values.blank?
-            read_inheritable_attribute(:find_with) || find_with(:params, :session, :cookie, :http_auth)
-          else
-            values.flatten!
-            write_inheritable_attribute(:find_with, values)
-          end
-        end
-        alias_method :find_with=, :find_with
-        
-        # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists. If you want to limit how frequent that field is updated specify the threshold
-        # here. For example, if your user is making a request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threashold. Set this to 1.minute. Once a minute has passed in between
-        # requests the field will be updated.
-        #
-        # * <tt>Default:</tt> 0
-        # * <tt>Accepts:</tt> integer representing time in seconds
-        def last_request_at_threshold(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:last_request_at_threshold) || last_request_at_threshold(0)
-          else
-            write_inheritable_attribute(:last_request_at_threshold, value)
-          end
-        end
-        alias_method :last_request_at_threshold=, :last_request_at_threshold
-        
-        def login_blank_message(value = nil) # :nodoc:
-          new_i18n_error
-        end
-        alias_method :login_blank_message=, :login_blank_message
-        
-        def login_not_found_message(value = nil) # :nodoc:
-          new_i18n_error
-        end
-        alias_method :login_not_found_message=, :login_not_found_message
-        
-        # The name of the method you want Authlogic to create for storing the login / username. Keep in mind this is just for your
-        # Authlogic::Session, if you want it can be something completely different than the field in your model. So if you wanted people to
-        # login with a field called "login" and then find users by email this is compeltely doable. See the find_by_login_method configuration
-        # option for more details.
-        #
-        # * <tt>Default:</tt> Uses the configuration option in your model: User.acts_as_authentic_config[:login_field]
-        # * <tt>Accepts:</tt> Symbol or String
-        def login_field(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:login_field) || login_field(klass.acts_as_authentic_config[:login_field])
-          else
-            write_inheritable_attribute(:login_field, value)
-          end
-        end
-        alias_method :login_field=, :login_field
-        
-        # With acts_as_authentic you get a :logged_in_timeout configuration option. If this is set, after this amount of time has passed the user
-        # will be marked as logged out. Obviously, since web based apps are on a per request basis, we have to define a time limit threshold that
-        # determines when we consider a user to be "logged out". Meaning, if they login and then leave the website, when do mark them as logged out?
-        # I recommend just using this as a fun feature on your website or reports, giving you a ballpark number of users logged in and active. This is
-        # not meant to be a dead accurate representation of a users logged in state, since there is really no real way to do this with web based apps.
-        # Think about a user that logs in and doesn't log out. There is no action that tells you that the user isn't technically still logged in and
-        # active.
-        #
-        # That being said, you can use that feature to require a new login if their session timesout. Similar to how financial sites work. Just set this option to
-        # true and if your record returns true for stale? then they will be required to log back in.
-        #
-        # Lastly, UserSession.find will still return a object is the session is stale, but you will not get a record. This allows you to determine if the
-        # user needs to log back in because their session went stale, or because they just aren't logged in. Just call current_user_session.stale? as your flag.
-        #
-        # * <tt>Default:</tt> false
-        # * <tt>Accepts:</tt> Boolean
-        def logout_on_timeout(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:logout_on_timeout) || logout_on_timeout(false)
-          else
-            write_inheritable_attribute(:logout_on_timeout, value)
-          end
-        end
-        alias_method :logout_on_timeout=, :logout_on_timeout
-        
-        # To help protect from brute force attacks you can set a limit on the allowed number of consecutive failed logins. By default this is 50, this is a very liberal
-        # number, and if someone fails to login after 50 tries it should be pretty obvious that it's a machine trying to login in and very likely a brute force attack.
-        #
-        # In order to enable this field your model MUST have a failed_login_count (integer) field.
-        #
-        # If you don't know what a brute force attack is, it's when a machine tries to login into a system using every combination of character possible. Thus resulting
-        # in possibly millions of attempts to log into an account.
-        #
-        # * <tt>Default:</tt> 50
-        # * <tt>Accepts:</tt> Integer, set to 0 to disable
-        def consecutive_failed_logins_limit(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:consecutive_failed_logins_limit) || consecutive_failed_logins_limit(50)
-          else
-            write_inheritable_attribute(:consecutive_failed_logins_limit, value)
-          end
-        end
-        alias_method :consecutive_failed_logins_limit=, :consecutive_failed_logins_limit
-        
-        def not_active_message(value = nil) # :nodoc:
-          new_i18n_error
-        end
-        alias_method :not_active_message=, :not_active_message
-        
-        def not_approved_message(value = nil) # :nodoc:
-          new_i18n_error
-        end
-        alias_method :not_approved_message=, :not_approved_message
-        
-        def not_confirmed_message(value = nil) # :nodoc:
-          new_i18n_error
-        end
-        alias_method :not_confirmed_message=, :not_confirmed_message
-        
-        # Works exactly like cookie_key, but for params. So a user can login via params just like a cookie or a session. Your URL would look like:
-        #
-        #   http://www.domain.com?user_credentials=my_single_access_key
-        #
-        # You can change the "user_credentials" key above with this configuration option. Keep in mind, just like cookie_key, if you supply an id
-        # the id will be appended to the front. Check out cookie_key for more details. Also checkout the "Single Access / Private Feeds Access" section in the README.
-        #
-        # * <tt>Default:</tt> cookie_key
-        # * <tt>Accepts:</tt> String
-        def params_key(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:params_key) || params_key(cookie_key)
-          else
-            write_inheritable_attribute(:params_key, value)
-          end
-        end
-        alias_method :params_key=, :params_key
-        
-        def password_blank_message(value = nil) # :nodoc:
-          new_i18n_error
-        end
-        alias_method :password_blank_message=, :password_blank_message
-        
-        # Works exactly like login_field, but for the password instead.
-        #
-        # * <tt>Default:</tt> :password
-        # * <tt>Accepts:</tt> Symbol or String
-        def password_field(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:password_field) || password_field(:password)
-          else
-            write_inheritable_attribute(:password_field, value)
-          end
-        end
-        alias_method :password_field=, :password_field
-        
-        def password_invalid_message(value = nil) # :nodoc:
-          new_i18n_error
-        end
-        alias_method :password_invalid_message=, :password_invalid_message
-        
-        # If sessions should be remembered by default or not.
-        #
-        # * <tt>Default:</tt> false
-        # * <tt>Accepts:</tt> Boolean
-        def remember_me(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:remember_me)
-          else
-            write_inheritable_attribute(:remember_me, value)
-          end
-        end
-        alias_method :remember_me=, :remember_me
-        
-        # The length of time until the cookie expires.
-        #
-        # * <tt>Default:</tt> 3.months
-        # * <tt>Accepts:</tt> Integer, length of time in seconds, such as 60 or 3.months
-        def remember_me_for(value = :_read)
-          if value == :_read
-            read_inheritable_attribute(:remember_me_for) || remember_me_for(3.months)
-          else
-            write_inheritable_attribute(:remember_me_for, value)
-          end
-        end
-        alias_method :remember_me_for=, :remember_me_for
-        
-        # Works exactly like cookie_key, but for sessions. See cookie_key for more info.
-        #
-        # * <tt>Default:</tt> cookie_key
-        # * <tt>Accepts:</tt> Symbol or String
-        def session_key(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:session_key) || session_key(cookie_key)
-          else
-            write_inheritable_attribute(:session_key, value)
-          end
-        end
-        alias_method :session_key=, :session_key
-        
-        # Authentication is allowed via a single access token, but maybe this is something you don't want for your application as a whole. Maybe this is something you only want for specific request types.
-        # Specify a list of allowed request types and single access authentication will only be allowed for the ones you specify. Checkout the "Single Access / Private Feeds Access" section in the README.
-        #
-        # * <tt>Default:</tt> "application/rss+xml", "application/atom+xml"
-        # * <tt>Accepts:</tt> String of request type, or :all to allow single access authentication for any and all request types
-        def single_access_allowed_request_types(*values)
-          if values.blank?
-            read_inheritable_attribute(:single_access_allowed_request_types) || single_access_allowed_request_types("application/rss+xml", "application/atom+xml")
-          else
-            write_inheritable_attribute(:single_access_allowed_request_types, values)
-          end
-        end
-        alias_method :single_access_allowed_request_types=, :single_access_allowed_request_types
-        
-        # The name of the method in your model used to verify the password. This should be an instance method. It should also be prepared to accept a raw password and a crytped password.
-        #
-        # * <tt>Default:</tt> "valid_#{password_field}?"
-        # * <tt>Accepts:</tt> Symbol or String
-        def verify_password_method(value = nil)
-          if value.nil?
-            read_inheritable_attribute(:verify_password_method) || verify_password_method("valid_#{password_field}?")
-          else
-            write_inheritable_attribute(:verify_password_method, value)
-          end
-        end
-        alias_method :verify_password_method=, :verify_password_method
-        
-        private
-          def new_i18n_error
-            raise NotImplementedError.new("As of v 1.4.0 Authlogic implements a new I18n solution that is much cleaner and easier. Please see Authlogic::I18n for more information on how to provide internationalization in Authlogic.")
-          end
-      end
-      
-      module InstanceMethods # :nodoc:
-        def change_single_access_token_with_password?
-          self.class.change_single_access_token_with_password == true
-        end
-        
-        def consecutive_failed_logins_limit
-          self.class.consecutive_failed_logins_limit
-        end
-        
-        def cookie_key
-          build_key(self.class.cookie_key)
-        end
-        
-        def disable_magic_states?
-          self.class.disable_magic_states == true
-        end
-        
-        def find_by_login_method
-          self.class.find_by_login_method
-        end
-        
-        def find_with
-          self.class.find_with
-        end
-        
-        def last_request_at_threshold
-          self.class.last_request_at_threshold
-        end
-      
-        def login_field
-          self.class.login_field
-        end
-        
-        def logout_on_timeout?
-          self.class.logout_on_timeout == true
-        end
-        
-        def params_allowed_request_types
-          build_key(self.class.params_allowed_request_types)
-        end
-        
-        def params_key
-          build_key(self.class.params_key)
-        end
-      
-        def password_field
-          self.class.password_field
-        end
-        
-        def perishable_token_field
-          klass.acts_as_authentic_config[:perishable_token_field]
-        end
-        
-        def remember_me_for
-          return unless remember_me?
-          self.class.remember_me_for
-        end
-        
-        def persistence_token_field
-          klass.acts_as_authentic_config[:persistence_token_field]
-        end
-        
-        def session_key
-          build_key(self.class.session_key)
-        end
-        
-        def single_access_token_field
-          klass.acts_as_authentic_config[:single_access_token_field]
-        end
-        
-        def single_access_allowed_request_types
-          self.class.single_access_allowed_request_types
-        end
-      
-        def verify_password_method
-          self.class.verify_password_method
-        end
-        
-        private
-          def build_key(last_part)
-            key_parts = [id, scope[:id], last_part].compact
-            key_parts.join("_")
-          end
-      end
-    end
-  end
-end