authlogic 1.4.3 → 2.0.0

data/Rakefile

@@ -1,13 +1,20 @@
-require 'rubygems'
+ENV['RDOCOPT'] = "-S -f html -T hanna"
+
+require "rubygems"
+require "hoe"
 require File.dirname(__FILE__) << "/lib/authlogic/version"
-require 'echoe'
-  
-Echoe.new 'authlogic' do |p|
-  p.version = Authlogic::Version::STRING
+
+Hoe.new("Authlogic", Authlogic::Version::STRING) do |p|
+  p.name = "authlogic"
   p.author = "Ben Johnson of Binary Logic"
   p.email  = 'bjohnson@binarylogic.com'
-  p.project = 'authlogic'
   p.summary = "A clean, simple, and unobtrusive ruby authentication solution."
+  p.description = "A clean, simple, and unobtrusive ruby authentication solution."
   p.url = "http://github.com/binarylogic/authlogic"
-  p.dependencies = %w(activesupport echoe)
+  p.history_file = "CHANGELOG.rdoc"
+  p.readme_file = "README.rdoc"
+  p.extra_rdoc_files = ["CHANGELOG.rdoc", "README.rdoc"]
+  p.test_globs = ["test/*/test_*.rb", "test/*/*_test.rb"]
+  p.extra_deps = %w(activesupport)
+  p.post_install_message = "Version 2.0 introduces some changes that break backwards compatibility. The big change is how acts_as_authentic accepts configuration options. Instead of a hash, it now accepts a block: acts_as_authentic { |c| c.my_config_option = my_value}. See the docs for more details."
 end

data/lib/authlogic.rb

@@ -2,56 +2,54 @@ require "active_support"
 
 require File.dirname(__FILE__) + "/authlogic/version"
 require File.dirname(__FILE__) + "/authlogic/i18n"
+require File.dirname(__FILE__) + "/authlogic/random"
 
 require File.dirname(__FILE__) + "/authlogic/controller_adapters/abstract_adapter"
 require File.dirname(__FILE__) + "/authlogic/controller_adapters/rails_adapter" if defined?(Rails)
 require File.dirname(__FILE__) + "/authlogic/controller_adapters/merb_adapter" if defined?(Merb)
 
+require File.dirname(__FILE__) + "/authlogic/crypto_providers/md5"
 require File.dirname(__FILE__) + "/authlogic/crypto_providers/sha1"
 require File.dirname(__FILE__) + "/authlogic/crypto_providers/sha512"
 require File.dirname(__FILE__) + "/authlogic/crypto_providers/bcrypt"
 require File.dirname(__FILE__) + "/authlogic/crypto_providers/aes256"
 
-if defined?(ActiveRecord)
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/base"
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials"
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in"
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability"
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence"
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance"
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access"
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config" # call this last so the configuration options are passed down the chain
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/authenticates_many"
-end
+require File.dirname(__FILE__) + "/authlogic/authenticates_many/base"
+require File.dirname(__FILE__) + "/authlogic/authenticates_many/association"
 
-require File.dirname(__FILE__) + "/authlogic/session/authenticates_many_association"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/email"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/logged_in_status"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/login"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/magic_columns"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/password"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/perishable_token"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/persistence_token"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/restful_authentication"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/session_maintenance"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/single_access_token"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/validations_scope"
+require File.dirname(__FILE__) + "/authlogic/acts_as_authentic/base"
+
+require File.dirname(__FILE__) + "/authlogic/session/activation"
 require File.dirname(__FILE__) + "/authlogic/session/active_record_trickery"
 require File.dirname(__FILE__) + "/authlogic/session/brute_force_protection"
 require File.dirname(__FILE__) + "/authlogic/session/callbacks"
-require File.dirname(__FILE__) + "/authlogic/session/config"
 require File.dirname(__FILE__) + "/authlogic/session/cookies"
-require File.dirname(__FILE__) + "/authlogic/session/errors"
+require File.dirname(__FILE__) + "/authlogic/session/existence"
+require File.dirname(__FILE__) + "/authlogic/session/foundation"
+require File.dirname(__FILE__) + "/authlogic/session/http_auth"
+require File.dirname(__FILE__) + "/authlogic/session/id"
+require File.dirname(__FILE__) + "/authlogic/session/klass"
+require File.dirname(__FILE__) + "/authlogic/session/magic_columns"
+require File.dirname(__FILE__) + "/authlogic/session/magic_states"
 require File.dirname(__FILE__) + "/authlogic/session/params"
-require File.dirname(__FILE__) + "/authlogic/session/perishability"
-require File.dirname(__FILE__) + "/authlogic/session/record_info"
-require File.dirname(__FILE__) + "/authlogic/session/session"
+require File.dirname(__FILE__) + "/authlogic/session/password"
+require File.dirname(__FILE__) + "/authlogic/session/perishable_token"
+require File.dirname(__FILE__) + "/authlogic/session/persistence"
+require File.dirname(__FILE__) + "/authlogic/session/priority_record"
 require File.dirname(__FILE__) + "/authlogic/session/scopes"
+require File.dirname(__FILE__) + "/authlogic/session/session"
 require File.dirname(__FILE__) + "/authlogic/session/timeout"
-require File.dirname(__FILE__) + "/authlogic/session/base"
-
-module Authlogic
-  module Session
-    class Base
-      include ActiveRecordTrickery
-      include Callbacks
-      include BruteForceProtection
-      include Cookies
-      include Params
-      include Perishability
-      include RecordInfo
-      include Session
-      include Scopes
-      include Timeout
-    end
-  end
-end
+require File.dirname(__FILE__) + "/authlogic/session/unauthorized_record"
+require File.dirname(__FILE__) + "/authlogic/session/validation"
+require File.dirname(__FILE__) + "/authlogic/session/base"

data/lib/authlogic/acts_as_authentic/base.rb

@@ -0,0 +1,91 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Provides the base functionality for acts_as_authentic
+    module Base
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+        end
+      end
+      
+      module Config
+        # This includes a lot of helpful methods for authenticating records which The Authlogic::Session module relies on.
+        # To use it just do:
+        #
+        #   class User < ActiveRecord::Base
+        #     acts_as_authentic
+        #   end
+        #
+        # Configuration is easy:
+        #
+        #   acts_as_authentic do |c|
+        #     c.my_configuration_option = my_value
+        #   end
+        #
+        # See the various sub modules for the configuration they provide.
+        def acts_as_authentic(&block)
+          yield self if block_given?
+          acts_as_authentic_modules.each { |mod| include mod }
+        end
+        
+        # Since this part of Authlogic deals with another class, ActiveRecord, we can't just start including things
+        # in ActiveRecord itself. A lot of these module includes need to be triggered by the acts_as_authentic method
+        # call. For example, you don't want to start adding in email validations and what not into a model that has
+        # nothing to do with Authlogic.
+        #
+        # That being said, this is your tool for extending Authlogic and "hooking" into the acts_as_authentic call.
+        def add_acts_as_authentic_module(mod)
+          modules = acts_as_authentic_modules
+          modules << mod
+          modules.uniq!
+          write_inheritable_attribute(:acts_as_authentic_modules, modules)
+        end
+        
+        # This is the same as add_acts_as_authentic_module, except that it removes the module from the list.
+        def remove_acts_as_authentic_module(mod)
+          acts_as_authentic_modules.delete(mod)
+          acts_as_authentic_modules
+        end
+      
+        private
+          def acts_as_authentic_modules
+            key = :acts_as_authentic_modules
+            inheritable_attributes.include?(key) ? read_inheritable_attribute(key) : []
+          end
+        
+          def config(key, value, default_value = nil, read_value = nil)
+            if value == read_value
+              return read_inheritable_attribute(key) if inheritable_attributes.include?(key)
+              write_inheritable_attribute(key, default_value)
+            else
+              write_inheritable_attribute(key, value)
+            end
+          end
+
+          def first_column_to_exist(*columns_to_check) # :nodoc:
+            columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
+            columns_to_check.first ? columns_to_check.first.to_sym : nil
+          end
+      end
+    end
+  end
+end
+
+if defined?(::ActiveRecord)
+  module ::ActiveRecord
+    class Base
+      include Authlogic::ActsAsAuthentic::Base
+      include Authlogic::ActsAsAuthentic::Email
+      include Authlogic::ActsAsAuthentic::LoggedInStatus
+      include Authlogic::ActsAsAuthentic::Login
+      include Authlogic::ActsAsAuthentic::MagicColumns
+      include Authlogic::ActsAsAuthentic::Password
+      include Authlogic::ActsAsAuthentic::PerishableToken
+      include Authlogic::ActsAsAuthentic::PersistenceToken
+      include Authlogic::ActsAsAuthentic::RestfulAuthentication
+      include Authlogic::ActsAsAuthentic::SessionMaintenance
+      include Authlogic::ActsAsAuthentic::SingleAccessToken
+      include Authlogic::ActsAsAuthentic::ValidationsScope
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/email.rb

@@ -0,0 +1,77 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Sometimes models won't have an explicit "login" or "username" field. Instead they want to use the email field.
+    # In this case, authlogic provides validations to make sure the email submited is actually a valid email. Don't worry,
+    # if you do have a login or username field, Authlogic will still validate your email field. One less thing you have to
+    # worry about.
+    module Email
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+      
+      # Configuration to modify how Authlogic handles the email field.
+      module Config
+        # The name of the field that stores email addresses.
+        #
+        # * <tt>Default:</tt> :email, if it exists
+        # * <tt>Accepts:</tt> Symbol
+        def email_field(value = nil)
+          config(:email_field, value, first_column_to_exist(nil, :email))
+        end
+        alias_method :email_field=, :email_field
+        
+        # Toggles validating the email field or not.
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def validate_email_field(value = nil)
+          config(:validate_email_field, value, true)
+        end
+        alias_method :validate_email_field=, :validate_email_field
+        
+        # A hash of options for the validates_length_of call for the email field. Allows you to change this however you want.
+        #
+        # * <tt>Default:</tt> {:within => 6..100}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
+        def validates_length_of_email_field_options(value = nil)
+          config(:validates_length_of_email_field_options, value, {:within => 6..100})
+        end
+        alias_method :validates_length_of_email_field_options=, :validates_length_of_email_field_options
+        
+        # A hash of options for the validates_format_of call for the email field. Allows you to change this however you want.
+        #
+        # * <tt>Default:</tt> {:with => email_regex, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
+        def validates_format_of_email_field_options(value = nil)
+          config(:validates_format_of_email_field_options, value, {:with => email_regex, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")})
+        end
+        alias_method :validates_format_of_email_field_options=, :validates_format_of_email_field_options
+        
+        private
+          def email_regex
+            return @email_regex if @email_regex
+            email_name_regex  = '[\w\.%\+\-]+'
+            domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
+            domain_tld_regex  = '(?:[A-Z]{2}|aero|ag|asia|at|be|biz|ca|cc|cn|com|de|edu|eu|fm|gov|gs|jobs|jp|in|info|me|mil|mobi|museum|ms|name|net|nu|nz|org|tc|tw|tv|uk|us|vg|ws)'
+            @email_regex = /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
+          end
+      end
+      
+      # All methods relating to the email field
+      module Methods
+        def self.included(klass)
+          klass.class_eval do
+            if validate_email_field && email_field
+              validates_length_of email_field, validates_length_of_email_field_options
+              validates_format_of email_field, validates_format_of_email_field_options
+              validates_uniqueness_of email_field, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/logged_in_status.rb

@@ -0,0 +1,54 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Since web applications are stateless there is not sure fire way to tell if a user is logged in or not,
+    # from the database perspective. The best way to do this is to provide a "timeout" based on inactivity.
+    # So if that user is inactive for a certain amount of time we assume they are logged out. That's what this
+    # module is all about.
+    module LoggedInStatus
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+      
+      # All configuration for the logged in status feature set.
+      module Config
+        # The timeout to determine when a user is logged in or not.
+        #
+        # * <tt>Default:</tt> 10.minutes
+        # * <tt>Accepts:</tt> Fixnum
+        def logged_in_timeout(value = nil)
+          config(:logged_in_timeout, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
+        end
+        alias_method :logged_in_timeout=, :logged_in_timeout
+      end
+      
+      # All methods for the logged in status feature seat.
+      module Methods
+        def self.included(klass)
+          klass.class_eval do
+            named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", logged_in_timeout.seconds.ago]} }
+            named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago]} }
+          end
+        end
+        
+        # Returns true if the last_request_at > logged_in_timeout.
+        def logged_in?
+          raise "Can not determine the records login state because there is no last_request_at column" if !respond_to?(:last_request_at)
+          !last_request_at.nil? && last_request_at > logged_in_timeout.seconds.ago
+        end
+        
+        # Opposite of logged_in?
+        def logged_out?
+          !logged_in?
+        end
+        
+        private
+          def logged_in_timeout
+            self.class.logged_in_timeout
+          end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/login.rb

@@ -0,0 +1,65 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Handles everything related to the login field.
+    module Login
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+      
+      # Confguration for the login field.
+      module Config
+        # The name of the login field in the database.
+        #
+        # * <tt>Default:</tt> :login or :username, if they exist
+        # * <tt>Accepts:</tt> Symbol
+        def login_field(value = nil)
+          config(:login_field, value, first_column_to_exist(nil, :login, :username))
+        end
+        alias_method :login_field=, :login_field
+        
+        # Whether or not the validate the login field
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def validate_login_field(value = nil)
+          config(:validate_login_field, value, true)
+        end
+        alias_method :validate_login_field=, :validate_login_field
+        
+        # A hash of options for the validates_length_of call for the login field. Allows you to change this however you want.
+        #
+        # * <tt>Default:</tt> {:within => 6..100}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
+        def validates_length_of_login_field_options(value = nil)
+          config(:validates_length_of_login_field_options, value, {:within => 3..100})
+        end
+        alias_method :validates_length_of_login_field_options=, :validates_length_of_login_field_options
+        
+        # A hash of options for the validates_format_of call for the email field. Allows you to change this however you want.
+        #
+        # * <tt>Default:</tt> {:with => /\A\w[\w\.\-_@ ]+\z/, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
+        def validates_format_of_login_field_options(value = nil)
+          config(:validates_format_of_login_field_options, value, {:with => /\A\w[\w\.\-_@ ]+\z/, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")})
+        end
+        alias_method :validates_format_of_login_field_options=, :validates_format_of_login_field_options
+      end
+      
+      # All methods relating to the login field
+      module Methods
+        def self.included(klass)
+          klass.class_eval do
+            if validate_login_field && login_field
+              validates_length_of login_field, validates_length_of_login_field_options
+              validates_format_of login_field, validates_format_of_login_field_options
+              validates_uniqueness_of login_field, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/magic_columns.rb

@@ -0,0 +1,24 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Magic columns are like ActiveRecord's created_at and updated_at columns. They are "magically" maintained for
+    # you. Authlogic has the same thing, but these are maintained on the session side. Please see Authlogic::Session::MagicColumns
+    # for more details. This module merely adds validations for the magic columns if they exist.
+    module MagicColumns
+      def self.included(klass)
+        klass.class_eval do
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+      
+      # Methods relating to the magic columns
+      module Methods
+        def self.included(klass)
+          klass.class_eval do
+            validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
+            validates_numericality_of :failed_login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("failed_login_count")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/password.rb

@@ -0,0 +1,215 @@
+module Authlogic
+  module ActsAsAuthentic
+    # This module has a lot of neat functionality. It is responsible for encrypting your password, salting it, and verifying it.
+    # It can also help you transition to a new encryption algorithm. See the Config sub module for configuration options.
+    module Password
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          add_acts_as_authentic_module(Callbacks)
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+      
+      # All configuration for the password aspect of acts_as_authentic.
+      module Config
+        # The name of the crypted_password field in the database.
+        #
+        # * <tt>Default:</tt> :crypted_password, :encrypted_password, :password_hash, or :pw_hash
+        # * <tt>Accepts:</tt> Symbol
+        def crypted_password_field(value = nil)
+          config(:crypted_password_field, value, first_column_to_exist(:crypted_password, :encrypted_password, :password_hash, :pw_hash))
+        end
+        alias_method :crypted_password_field=, :crypted_password_field
+        
+        # The name of the password_salt field in the database.
+        #
+        # * <tt>Default:</tt> :password_salt, :pw_salt, :salt, nil if none exist
+        # * <tt>Accepts:</tt> Symbol
+        def password_salt_field(value = nil)
+          config(:password_salt_field, value, first_column_to_exist(nil, :password_salt, :pw_salt, :salt))
+        end
+        alias_method :password_salt_field=, :password_salt_field
+        
+        # Whether or not to validate the password field.
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def validate_password_field(value = nil)
+          config(:validate_password_field, value, true)
+        end
+        alias_method :validate_password_field=, :validate_password_field
+        
+        # A hash of options for the validates_confirmation_of call for the password field. Allows you to change this however you want.
+        #
+        # * <tt>Default:</tt> {:minimum => 4, :if => "#{password_salt_field}_changed?".to_sym}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_confirmation_of
+        def validates_confirmation_of_password_field_options(value = nil)
+          config(:validates_confirmation_of_password_field_options, value, {:minimum => 4, :if => (password_salt_field ? "#{password_salt_field}_changed?".to_sym : nil)})
+        end
+        alias_method :validates_confirmation_of_password_field_options=, :validates_confirmation_of_password_field_options
+        
+        # A hash of options for the validates_length_of call for the password_confirmation field. Allows you to change this however you want.
+        #
+        # * <tt>Default:</tt> {:minimum => 4, :if => :require_password_confirmation?}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
+        def validates_length_of_password_confirmation_field_options(value = nil)
+          config(:validates_length_of_password_confirmation_field_options, value, {:minimum => 4, :if => :require_password_confirmation?})
+        end
+        alias_method :validates_length_of_password_confirmation_field_options=, :validates_length_of_password_confirmation_field_options
+        
+        # The class you want to use to encrypt and verify your encrypted passwords. See the Authlogic::CryptoProviders module for more info
+        # on the available methods and how to create your own.
+        #
+        # * <tt>Default:</tt> CryptoProviders::Sha512
+        # * <tt>Accepts:</tt> Class
+        def crypto_provider(value = nil)
+          config(:crypto_provider, value, CryptoProviders::Sha512)
+        end
+        alias_method :crypto_provider=, :crypto_provider
+        
+        # Let's say you originally encrypted your passwords with Sha1. Sha1 is starting to join the party with MD5 and you want to switch
+        # to something stronger. No problem, just specify your new and improved algorithm with the crypt_provider option and then let
+        # Authlogic know you are transitioning from Sha1 using this option. Authlogic will take care of everything, including transitioning
+        # your users to the new algorithm. The next time a user logs in, they will be granted access using the old algorithm and their
+        # password will be resaved with the new algorithm. All new users will obviously use the new algorithm as well.
+        #
+        # Lastly, if you want to transition again, you can pass an array of crypto providers. So you can transition from as many algorithms
+        # as you want.
+        #
+        # * <tt>Default:</tt> nil
+        # * <tt>Accepts:</tt> Class or Array
+        def transition_from_crypto_providers(value = nil)
+          config(:transition_from_crypto_providers, (!value.nil? && [value].flatten.compact) || value, [])
+        end
+        alias_method :transition_from_crypto_providers=, :transition_from_crypto_providers
+      end
+      
+      # Callbacks / hooks to allow other modules to modify the behavior of this module.
+      module Callbacks
+        METHODS = [
+          "before_password_set", "after_password_set",
+          "before_password_verification", "after_password_verification"
+        ]
+        
+        def self.included(klass)
+          klass.define_callbacks *METHODS
+        end
+        
+        private
+          METHODS.each do |method|
+            class_eval <<-"end_eval", __FILE__, __LINE__
+              def #{method}
+                run_callbacks(:#{method}) { |result, object| result == false }
+              end
+            end_eval
+          end
+      end
+      
+      # The methods related to the password field.
+      module Methods
+        def self.included(klass)
+          klass.class_eval do
+            if validate_password_field
+              validates_confirmation_of :password, validates_confirmation_of_password_field_options
+              validates_length_of :password_confirmation, validates_length_of_password_confirmation_field_options
+            end
+          end
+        end
+        
+        # The password
+        def password
+          @password
+        end
+        
+        # This is a virtual method. Once a password is passed to it, it will create new password salt as well as encrypt
+        # the password.
+        def password=(pass)
+          return if pass.blank?
+          before_password_set
+          @password = pass
+          send("#{password_salt_field}=", Authlogic::Random.friendly_token) if password_salt_field
+          send("#{crypted_password_field}=", crypto_provider.encrypt(*encrypt_arguments(@password, act_like_restful_authentication? ? :restful_authentication : nil)))
+          after_password_set
+        end
+        
+        # Accepts a raw password to determine if it is the correct password or not.
+        def valid_password?(attempted_password)
+          return false if attempted_password.blank? || send(crypted_password_field).blank?
+          
+          before_password_verification
+          
+          crypto_providers = [crypto_provider] + transition_from_crypto_providers
+          crypto_providers.each_with_index do |encryptor, index|
+            # The arguments_type of for the transitioning from restful_authentication
+            arguments_type = (act_like_restful_authentication? && index == 0) ||
+              (transition_from_restful_authentication? && index > 0 && encryptor == Authlogic::CryptoProviders::Sha1) ?
+              :restful_authentication : nil
+            
+            if encryptor.matches?(send(crypted_password_field), *encrypt_arguments(attempted_password, arguments_type))
+              # If we are transitioning from an older encryption algorithm and the password is still using the old algorithm
+              # then let's reset the password using the new algorithm. If the algorithm has a cost (BCrypt) and the cost has changed, update the password with
+              # the new cost.
+              if index > 0 || (encryptor.respond_to?(:cost_matches?) && !encryptor.cost_matches?(send(crypted_password_field)))
+                self.password = attempted_password
+                save(false)
+              end
+              
+              after_password_verification
+              
+              return true
+            end
+          end
+          
+          false
+        end
+        
+        # Resets the password to a random friendly token.
+        def reset_password
+          friendly_token = Authlogic::Random.friendly_token
+          self.password = friendly_token
+          self.password_confirmation = friendly_token
+        end
+        alias_method :randomize_password, :reset_password
+        
+        # Resets the password to a random friendly token and then saves the record.
+        def reset_password!
+          reset_password
+          save_without_session_maintenance(false)
+        end
+        alias_method :randomize_password!, :reset_password!
+        
+        private
+          def encrypt_arguments(raw_password, arguments_type = nil)
+            salt = password_salt_field ? send(password_salt_field) : nil
+            case arguments_type
+            when :restful_authentication
+              [REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact
+            else
+              [raw_password, salt].compact
+            end
+          end
+          
+          def require_password_confirmation?
+            new_record? || (password_salt_field && send("#{password_salt_field}_changed?")) || send(crypted_password_field).blank?
+          end
+          
+          def crypted_password_field
+            self.class.crypted_password_field
+          end
+          
+          def password_salt_field
+            self.class.password_salt_field
+          end
+          
+          def crypto_provider
+            self.class.crypto_provider
+          end
+          
+          def transition_from_crypto_providers
+            self.class.transition_from_crypto_providers
+          end
+      end
+    end
+  end
+end