authlogic 1.4.3 → 2.0.0

data/lib/authlogic/{session/authenticates_many_association.rb → authenticates_many/association.rb}

@@ -1,15 +1,19 @@
 module Authlogic
-  module Session
-    # = Authenticates Many Association
-    #
-    # An object of this class is used as a proxy for the authenticates_many relationship. It basically allows you to "save" scope details and call them on an object, which allows you to do the following:
+  module AuthenticatesMany
+    # An object of this class is used as a proxy for the authenticates_many relationship. It basically allows you to "save" scope details
+    # and call them on an object, which allows you to do the following:
     #
     #   @account.user_sessions.new
     #   @account.user_sessions.find
     #   # ... etc
     #
-    # You can call all of the class level methods off of an object with a saved scope, so that calling the above methods scopes the user sessions down to that specific account.
-    class AuthenticatesManyAssociation # :nodoc:
+    # You can call all of the class level methods off of an object with a saved scope, so that calling the above methods scopes the user
+    # sessions down to that specific account. To implement this via ActiveRecord do something like:
+    #
+    #   class User < ActiveRecord::Base
+    #     authenticates_many :user_sessions
+    #   end
+    class Association
       attr_accessor :klass, :find_options, :id
       
       def initialize(klass, find_options, id)

data/lib/authlogic/authenticates_many/base.rb

@@ -0,0 +1,55 @@
+module Authlogic
+  # This allows you to scope your authentication. For example, let's say all users belong to an account, you want to make sure only users
+  # that belong to that account can actually login into that account. Simple, just do:
+  #
+  #   class Account < ActiveRecord::Base
+  #     authenticates_many :user_sessions
+  #   end
+  #
+  # Now you can scope sessions just like everything else in ActiveRecord:
+  #
+  #   @account.user_sessions.new(*args)
+  #   @account.user_sessions.create(*args)
+  #   @account.user_sessions.find(*args)
+  #   # ... etc
+  #
+  # Checkout the authenticates_many method for a list of options.
+  # You may also want to checkout Authlogic::ActsAsAuthentic::Scope to scope your model.
+  module AuthenticatesMany
+    module Base
+      # Allows you set essentially set up a relationship with your sessions. See module definition above for more details.
+      #
+      # === Options
+      #
+      # * <tt>session_class:</tt> default: "#{name}Session",
+      #   This is the related session class.
+      #   
+      # * <tt>relationship_name:</tt> default: options[:session_class].klass_name.underscore.pluralize,
+      #   This is the name of the relationship you want to use to scope everything. For example an Account has many Users. There should be a relationship
+      #   called :users that you defined with a has_many. The reason we use the relationship is so you don't have to repeat yourself. The relatonship
+      #   could have all kinds of custom options. So instead of repeating yourself we essentially use the scope that the relationship creates.
+      #
+      # * <tt>find_options:</tt> default: nil,
+      #   By default the find options are created from the relationship you specify with :relationship_name. But if you want to override this and
+      #   manually specify find_options you can do it here. Specify options just as you would in ActiveRecord::Base.find.
+      #
+      # * <tt>scope_cookies:</tt> default: false
+      #   By the nature of cookies they scope theirself if you are using subdomains to access accounts. If you aren't using subdomains you need to have
+      #   separate cookies for each account, assuming a user is logging into mroe than one account. Authlogic can take care of this for you by
+      #   prefixing the name of the cookie and sessin with the model id. You just need to tell Authlogic to do this by passing this option.
+      def authenticates_many(name, options = {})
+        options[:session_class] ||= name.to_s.classify.constantize
+        options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
+        class_eval <<-"end_eval", __FILE__, __LINE__
+          def #{name}
+            find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scope(:find)
+            find_options.delete_if { |key, value| ![:conditions, :include, :joins].include?(key.to_sym) || value.nil? }
+            @#{name} ||= Authlogic::AuthenticatesMany::Association.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
+          end
+        end_eval
+      end
+    end
+    
+    ::ActiveRecord::Base.extend(Base) if defined?(::ActiveRecord)
+  end
+end

data/lib/authlogic/controller_adapters/abstract_adapter.rb

@@ -1,8 +1,7 @@
 module Authlogic
   module ControllerAdapters # :nodoc:
-    # = Abstract Adapter
-    #
-    # Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter or MerbAdapter for an example of how to adapt Authlogic to work with your framework.
+    # Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter or MerbAdapter
+    # for an example of how to adapt Authlogic to work with your framework.
     class AbstractAdapter
       attr_accessor :controller
 

data/lib/authlogic/controller_adapters/merb_adapter.rb

@@ -1,12 +1,8 @@
 module Authlogic
   module ControllerAdapters
-    # = Merb Adapter
-    #
     # Adapts authlogic to work with merb. The point is to close the gap between what authlogic expects and what the merb controller object
     # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
     class MerbAdapter < AbstractAdapter
-      # = Merb Implementation
-      #
       # Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
       module MerbImplementation
         def self.included(klass) # :nodoc:

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -1,7 +1,5 @@
 module Authlogic
   module ControllerAdapters
-    # = Rails Adapter
-    #
     # Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object
     # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
     class RailsAdapter < AbstractAdapter
@@ -22,8 +20,6 @@ module Authlogic
         request.format.to_s
       end
       
-      # = Rails Implementation
-      #
       # Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
       module RailsImplementation
         def self.included(klass) # :nodoc:

data/lib/authlogic/crypto_providers/aes256.rb

@@ -2,8 +2,6 @@ require "openssl"
 
 module Authlogic
   module CryptoProviders
-    # = AES256
-    #
     # This encryption method is reversible if you have the supplied key. So in order to use this encryption method you must supply it with a key first.
     # In an initializer, or before your application initializes, you should do the following:
     #

data/lib/authlogic/crypto_providers/bcrypt.rb

@@ -5,8 +5,6 @@ end
 
 module Authlogic
   module CryptoProviders
-    # = Bcrypt
-    #
     # For most apps Sha512 is plenty secure, but if you are building an app that stores nuclear launch codes you might want to consier BCrypt. This is an extremely
     # secure hashing algorithm, mainly because it is slow. A brute force attack on a BCrypt encrypted password would take much longer than a brute force attack on a
     # password encrypted with a Sha algorithm. Keep in mind you are sacrificing performance by using this, generating a password takes exponentially longer than any

data/lib/authlogic/crypto_providers/md5.rb

@@ -0,0 +1,34 @@
+require "digest/md5"
+ 
+module Authlogic
+  module CryptoProviders
+    # This class was made for the users transitioning from md5 based systems. 
+    # I highly discourage using this crypto provider as it superbly inferior 
+    # to your other options.
+    #
+    # Please use any other provider offered by Authlogic.
+    class MD5
+      class << self
+        attr_accessor :join_token
+        
+        # The number of times to loop through the encryption.
+        def stretches
+          @stretches ||= 1
+        end
+        attr_writer :stretches
+        
+        # Turns your raw password into a MD5 hash.
+        def encrypt(*tokens)
+          digest = tokens.flatten.join(join_token)
+          stretches.times { digest = Digest::MD5.hexdigest(digest) }
+          digest
+        end
+        
+        # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
+        def matches?(crypted, *tokens)
+          encrypt(*tokens) == crypted
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/crypto_providers/sha1.rb

@@ -2,8 +2,6 @@ require "digest/sha1"
 
 module Authlogic
   module CryptoProviders
-    # = Sha1
-    #
     # This class was made for the users transitioning from restful_authentication. I highly discourage using this crypto provider as it inferior to your other options.
     # Please use any other provider offered by Authlogic.
     class Sha1

data/lib/authlogic/crypto_providers/sha512.rb

@@ -1,9 +1,7 @@
 require "digest/sha2"
 
 module Authlogic
-  # = Crypto Providers
-  #
-  # The acts_as_authentic method allows you to pass a :crypto_provider option. This allows you to use any type of encryption you like.
+  # The acts_as_authentic method has a crypto_provider option. This allows you to use any type of encryption you like.
   # Just create a class with a class level encrypt and matches? method. See example below.
   #
   # === Example

data/lib/authlogic/i18n.rb

@@ -1,6 +1,4 @@
 module Authlogic
-  # I18n
-  #
   # This class allows any message in Authlogic to use internationalization. In earlier versions of Authlogic each message was translated via configuration.
   # This cluttered up the configuration and cluttered up Authlogic. So all translation has been extracted out into this class. Now all messages pass through
   # this class, making it much easier to implement in I18n library / plugin you want. Use this as a layer that sits between Authlogic and whatever I18n
@@ -40,8 +38,7 @@ module Authlogic
   #       not_active: Your account is not active
   #       not_confirmed: Your account is not confirmed
   #       not_approved: Your account is not approved
-  #       blank_record: You can not login with a blank record
-  #       new_record: You can not login with a new record
+  #       no_authentication_details: You did not provide any details for authentication.
   class I18n
     class << self
       # All message translation is passed to this method. The first argument is the key for the message. The second is options, see the rails I18n library for a list of options used.

data/lib/authlogic/random.rb

@@ -0,0 +1,33 @@
+module Authlogic
+  # Handles generating random strings. If SecureRandom is installed it will default to this and use it instead. SecureRandom comes with ActiveSupport.
+  # So if you are using this in a rails app you should have this library.
+  module Random
+    extend self
+    
+    SecureRandom = (defined?(::SecureRandom) && ::SecureRandom) || (defined?(::ActiveSupport::SecureRandom) && ::ActiveSupport::SecureRandom)
+    
+    if SecureRandom
+      def hex_token
+        SecureRandom.hex(64)
+      end
+      
+      def friendly_token
+        # use base64url as defined by RFC4648
+        SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
+      end
+    else
+      def hex_token
+        Authlogic::CryptoProviders::Sha512.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
+      end
+      
+      FRIENDLY_CHARS = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+      
+      def friendly_token
+        newpass = ""
+        1.upto(20) { |i| newpass << FRIENDLY_CHARS[rand(FRIENDLY_CHARS.size-1)] }
+        newpass
+      end
+    end
+    
+  end
+end

data/lib/authlogic/session/activation.rb

@@ -0,0 +1,56 @@
+module Authlogic
+  module Session
+    # Activating Authlogic requires that you pass it an Authlogic::ControllerAdapters::AbstractAdapter object, or a class that extends it.
+    # This is sort of like a database connection for an ORM library, Authlogic can't do anything until it is "connected" to a controller.
+    # If you are using a supported framework, Authlogic takes care of this for you.
+    module Activation
+      class NotActivatedError < ::StandardError # :nodoc:
+        def initialize(session)
+          super("You must activate the Authlogic::Session::Base.controller with a controller object before creating objects")
+        end
+      end
+      
+      def self.included(klass)
+        klass.class_eval do
+          extend ClassMethods
+          include InstanceMethods
+        end
+      end
+      
+      module ClassMethods
+        # Returns true if a controller has been set and can be used properly. This MUST be set before anything can be done.
+        # Similar to how ActiveRecord won't allow you to do anything without establishing a DB connection. In your framework
+        # environment this is done for you, but if you are using Authlogic outside of your framework, you need to assign a controller
+        # object to Authlogic via Authlogic::Session::Base.controller = obj. See the controller= method for more information.
+        def activated?
+          !controller.nil?
+        end
+        
+        # This accepts a controller object wrapped with the Authlogic controller adapter. The controller adapters close the gap
+        # between the different controllers in each framework. That being said, Authlogic is expecting your object's class to
+        # extend Authlogic::ControllerAdapters::AbstractAdapter. See Authlogic::ControllerAdapters for more info.
+        def controller=(value)
+          Thread.current[:authlogic_controller] = value
+        end
+        
+        # The current controller object
+        def controller
+          Thread.current[:authlogic_controller]
+        end
+      end
+      
+      module InstanceMethods
+        # Making sure we are activated before we start creating objects
+        def initialize(*args)
+          raise NotActivatedError.new(self) unless self.class.activated?
+          super
+        end
+        
+        private
+          def controller
+            self.class.controller
+          end
+      end
+    end
+  end
+end

data/lib/authlogic/session/active_record_trickery.rb

@@ -1,22 +1,30 @@
 module Authlogic
   module Session
-    # = ActiveRecord Trickery
-    #
-    # Authlogic looks like ActiveRecord, sounds like ActiveRecord, but its not ActiveRecord. That's the goal here. This is useful for the various rails helper methods such as form_for, error_messages_for, or any
-    # method that expects an ActiveRecord object. The point is to disguise the object as an ActiveRecord object so we have no problems.
+    # Authlogic looks like ActiveRecord, sounds like ActiveRecord, but its not ActiveRecord. That's the goal here.
+    # This is useful for the various rails helper methods such as form_for, error_messages_for, or any method that
+    # expects an ActiveRecord object. The point is to disguise the object as an ActiveRecord object so we can take
+    # advantage of the many ActiveRecord tools.
     module ActiveRecordTrickery
-      def self.included(klass) # :nodoc:
+      def self.included(klass)
         klass.extend ClassMethods
         klass.send(:include, InstanceMethods)
       end
       
-      module ClassMethods # :nodoc:
+      module ClassMethods
         def human_attribute_name(*args)
           klass.human_attribute_name(*args)
         end
+        
+        def human_name(*args)
+          klass.human_name(*args)
+        end
+        
+        def self_and_descendents_from_active_record
+          [self]
+        end
       end
       
-      module InstanceMethods # :nodoc:
+      module InstanceMethods
         def new_record?
           new_session?
         end

data/lib/authlogic/session/base.rb

@@ -1,462 +1,37 @@
 module Authlogic
   module Session # :nodoc:
-    # = Base
-    #
-    # This is the muscle behind Authlogic. For detailed information on how to use this please refer to the README. For detailed method explanations see below.
+    # This is the base class Authlogic, where all modules are included. For information on functiionality see the various
+    # sub modules.
     class Base
-      include Config
-      
-      class << self
-        attr_accessor :methods_configured
-        
-        # Returns true if a controller has been set and can be used properly. This MUST be set before anything can be done. Similar to how ActiveRecord won't allow you to do anything
-        # without establishing a DB connection. In your framework environment this is done for you, but if you are using Authlogic outside of your framework, you need to assign a controller
-        # object to Authlogic via Authlogic::Session::Base.controller = obj. See the controller= method for more information.
-        def activated?
-          !controller.nil?
-        end
-        
-        # This accepts a controller object wrapped with the Authlogic controller adapter. The controller adapters close the gap between the different controllers in each framework.
-        # That being said, Authlogic is expecting your object's class to extend Authlogic::ControllerAdapters::AbstractAdapter. See Authlogic::ControllerAdapters for more info.
-        def controller=(value)
-          Thread.current[:authlogic_controller] = value
-        end
-        
-        def controller # :nodoc:
-          Thread.current[:authlogic_controller]
-        end
-        
-        # A convenince method. The same as:
-        #
-        #   session = UserSession.new
-        #   session.create
-        def create(*args, &block)
-          session = new(*args)
-          session.save(&block)
-        end
-        
-        # Same as create but calls create!, which raises an exception when authentication fails.
-        def create!(*args)
-          session = new(*args)
-          session.save!
-        end
-        
-        # A convenience method for session.find_record. Finds your session by parameters, then session, then cookie, and finally by basic http auth.
-        # This is perfect for persisting your session:
-        #
-        #   helper_method :current_user_session, :current_user
-        #
-        #   def current_user_session
-        #     return @current_user_session if defined?(@current_user_session)
-        #     @current_user_session = UserSession.find
-        #   end
-        #
-        #   def current_user
-        #     return @current_user if defined?(@current_user)
-        #     @current_user = current_user_session && current_user_session.user
-        #   end
-        #
-        # Accepts a single parameter as the id, to find session that you marked with an id:
-        #
-        #   UserSession.find(:secure)
-        #
-        # See the id method for more information on ids.
-        def find(id = nil, priority_record = nil)
-          session = new(id)
-          session.before_find
-          if record = session.find_record
-            session.after_find
-            record.save_without_session_maintenance(false) if record.changed? && record != priority_record
-            session
-          else
-            nil
-          end
-        end
-        
-        # The name of the class that this session is authenticating with. For example, the UserSession class will authenticate with the User class
-        # unless you specify otherwise in your configuration. See authenticate_with for information on how to change this value.
-        def klass
-          @klass ||=
-            if klass_name
-              klass_name.constantize
-            else
-              nil
-            end
-        end
-        
-        # Same as klass, just returns a string instead of the actual constant.
-        def klass_name
-          @klass_name ||= 
-            if guessed_name = name.scan(/(.*)Session/)[0]
-              @klass_name = guessed_name[0]
-            end
-        end
-      end
-      
-      attr_accessor :attempted_record, :new_session, :record
-      attr_reader :unauthorized_record
-      attr_writer :authenticating_with, :id, :persisting
-    
-      # You can initialize a session by doing any of the following:
-      #
-      #   UserSession.new
-      #   UserSession.new(:login => "login", :password => "password", :remember_me => true)
-      #   UserSession.new(User.first, true)
-      #
-      # If a user has more than one session you need to pass an id so that Authlogic knows how to differentiate the sessions. The id MUST be a Symbol.
-      #
-      #   UserSession.new(:my_id)
-      #   UserSession.new({:login => "login", :password => "password", :remember_me => true}, :my_id)
-      #   UserSession.new(User.first, true, :my_id)
-      #
-      # For more information on ids see the id method.
-      #
-      # Lastly, the reason the id is separate from the first parameter hash is becuase this should be controlled by you, not by what the user passes.
-      # A user could inject their own id and things would not work as expected.
-      def initialize(*args)
-        raise NotActivated.new(self) unless self.class.activated?
-        
-        create_configurable_methods!
-        
-        self.id = args.pop if args.last.is_a?(Symbol)
-        
-        if args.first.is_a?(Hash)
-          self.credentials = args.first
-        elsif !args.first.blank? && args.first.class < ::ActiveRecord::Base
-          self.unauthorized_record = args.first
-          self.remember_me = args[1] if args.size > 1
-        end
-      end
-      
-      # A flag for how the user is logging in. Possible values:
-      #
-      # * <tt>:password</tt> - username and password
-      # * <tt>:unauthorized_record</tt> - an actual ActiveRecord object
-      #
-      # By default this is :password
-      def authenticating_with
-        @authenticating_with ||= :password
-      end
-      
-      # Returns true if logging in with credentials. Credentials mean username and password.
-      def authenticating_with_password?
-        authenticating_with == :password
-      end
-      
-      # Returns true if logging in with an unauthorized record
-      def authenticating_with_unauthorized_record?
-        authenticating_with == :unauthorized_record
-      end
-      alias_method :authenticating_with_record?, :authenticating_with_unauthorized_record?
-      
-      # Your login credentials in hash format. Usually {:login => "my login", :password => "<protected>"} depending on your configuration.
-      # Password is protected as a security measure. The raw password should never be publicly accessible.
-      def credentials
-        {login_field => send(login_field), password_field => "<Protected>"}
-      end
-      
-      # Lets you set your loging and password via a hash format. This is "params" safe. It only allows for 3 keys: your login field name, password field name, and remember me.
-      def credentials=(values)
-        return if values.blank? || !values.is_a?(Hash)
-        values.symbolize_keys!
-        values.each do |field, value|
-          next if value.blank?
-          send("#{field}=", value)
-        end
-      end
-      
-      # Resets everything, your errors, record, cookies, and session. Basically "logs out" a user.
-      def destroy
-        before_destroy
-        
-        errors.clear
-        @record = nil
-        
-        after_destroy
-        
-        true
-      end
-      
-      # The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses the exact same ActiveRecord errors class. Use it the same way:
-      #
-      # === Example
-      #
-      #  class UserSession
-      #    before_validation :check_if_awesome
-      #
-      #    private
-      #      def check_if_awesome
-      #        errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
-      #        errors.add_to_base("You must be awesome to log in") unless record.awesome?
-      #      end
-      #  end
-      def errors
-        @errors ||= Errors.new(self)
-      end
-      
-      # Attempts to find the record by params, then session, then cookie, and finally basic http auth. See the class level find method if you are wanting to use this to persist your session.
-      def find_record
-        if record
-          self.new_session = false
-          return record
-        end
-        
-        find_with.each do |find_method|
-          if send("valid_#{find_method}?")
-            self.new_session = false
-            return record
-          end
-        end
-        nil
-      end
-      
-      # Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time. A good example when this might be needed is when you want to have a normal user session
-      # and a "secure" user session. The secure user session would be created only when they want to modify their billing information, or other sensitive information. Similar to me.com. This requires 2
-      # user sessions. Just use an id for the "secure" session and you should be good.
-      #
-      # You can set the id during initialization (see initialize for more information), or as an attribute:
-      #
-      #   session.id = :my_id
-      #
-      # Just be sure and set your id before you save your session.
-      #
-      # Lastly, to retrieve your session with the id check out the find class method.
-      def id
-        @id
-      end
-      
-      def inspect # :nodoc:
-        details = {}
-        case authenticating_with
-        when :unauthorized_record
-          details[:unauthorized_record] = "<protected>"
-        else
-          details[login_field.to_sym] = send(login_field)
-          details[password_field.to_sym] = "<protected>"
-        end
-        "#<#{self.class.name} #{details.inspect}>"
-      end
-      
-      # Similar to ActiveRecord's new_record? Returns true if the session has not been saved yet.
-      def new_session?
-        new_session != false
-      end
-      
-      def persisting # :nodoc:
-        return @persisting if defined?(@persisting)
-        @persisting = true
-      end
-      
-      # Returns true if the session is being persisted. This is set to false if the session was found by the single_access_token, since logging in via a single access token should not remember the user in the
-      # session or the cookie.
-      def persisting?
-        persisting == true
-      end
-      
-      def remember_me # :nodoc:
-        return @remember_me if defined?(@remember_me)
-        @remember_me = self.class.remember_me
-      end
-      
-      # Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for "remember_me_until".
-      def remember_me=(value)
-        @remember_me = value
-      end
-      
-      # Allows users to be remembered via a cookie.
-      def remember_me?
-        remember_me == true || remember_me == "true" || remember_me == "1"
-      end
-      
-      # When to expire the cookie. See remember_me_for configuration option to change this.
-      def remember_me_until
-        return unless remember_me?
-        remember_me_for.from_now
-      end
-      
-      # Creates / updates a new user session for you. It does all of the magic:
-      #
-      # 1. validates
-      # 2. sets session
-      # 3. sets cookie
-      # 4. updates magic fields
-      def save(&block)
-        result = nil
-        if valid?
-          # hooks
-          before_save
-          new_session? ? before_create : before_update
-          new_session? ? after_create : after_update
-          after_save
-          
-          record.save_without_session_maintenance(false) if record.changed?
-          self.new_session = false
-          result = self
-        else
-          result = false
-        end
-        
-        yield result if block_given?
-        result
-      end
-      
-      # Same as save but raises an exception when authentication fails
-      def save!
-        result = save
-        raise SessionInvalid.new(self) unless result
-        result
-      end
-      
-      # This lets you create a session by passing a single object of whatever you are authenticating. Let's say User. By passing a user object you are vouching for this user and saying you can guarantee
-      # this user is who he says he is, create a session for him.
-      #
-      # This is how persistence works in Authlogic. Authlogic grabs your cookie credentials, finds a user by those credentials, and then vouches for that user and creates a session. You can do this for just about
-      # anything, which comes in handy for those unique authentication methods. Do what you need to do to authenticate the user, guarantee he is who he says he is, then pass the object here. Authlogic will do its
-      # magic: create a session and cookie. Now when the user refreshes their session will be persisted by their session and cookie.
-      def unauthorized_record=(value)
-        self.authenticating_with = :unauthorized_record
-        @unauthorized_record = value
-      end
-      
-      # Returns if the session is valid or not. Basically it means that a record could or could not be found. If the session is valid you will have a result when calling the "record" method. If it was unsuccessful
-      # you will not have a record.
-      def valid?
-        errors.clear
-        self.attempted_record = nil
-        
-        before_validation
-        new_session? ? before_validation_on_create : before_validation_on_update
-        valid_credentials?
-        validate
-        
-        if errors.empty?
-          new_session? ? after_validation_on_create : after_validation_on_update
-          after_validation
-        else
-          self.record = nil
-        end
-        
-        attempted_record.save_without_session_maintenance(false) if attempted_record && attempted_record.changed?
-        self.attempted_record = nil
-        errors.empty?
-      end
-      
-      # Tries to validate the session from information from a basic http auth, if it was provided.
-      def valid_http_auth?
-        controller.authenticate_with_http_basic do |login, password|
-          if !login.blank? && !password.blank?
-            send("#{login_field}=", login)
-            send("#{password_field}=", password)
-            return valid?
-          end
-        end
-        
-        false
-      end
-      
-      private
-        def controller
-          self.class.controller
-        end
-        
-        # The goal with Authlogic is to feel as natural as possible. As a result, this method creates methods on the fly
-        # based on the configuration set. By default the configuration is based off of the columns names in the authenticating
-        # model. Thus allowing you to call user_session.username instead of user_session.login if you have a username column
-        # instead of a login column. Since class configuration can change during initialization it makes the most sense to enforce
-        # this configuration during the first initialization. At this point, all configuration should be set.
-        #
-        # Lastly, each method is defined individually to allow the user to provide their own "custom" method and this makes sure
-        # we don't replace their method.
-        def create_configurable_methods!
-          return if self.class.methods_configured == true
-          
-          self.class.send(:alias_method, klass_name.demodulize.underscore.to_sym, :record)
-          self.class.send(:attr_writer, login_field) if !respond_to?("#{login_field}=")
-          self.class.send(:attr_reader, login_field) if !respond_to?(login_field)
-          self.class.send(:attr_writer, password_field) if !respond_to?("#{password_field}=")
-          self.class.send(:define_method, password_field) {} if !respond_to?(password_field)
-          
-          self.class.class_eval <<-"end_eval", __FILE__, __LINE__
-            def #{login_field}_with_authentication_flag=(value)
-              self.authenticating_with = :password
-              self.#{login_field}_without_authentication_flag = value
-            end
-            alias_method_chain :#{login_field}=, :authentication_flag
-            
-            def #{password_field}_with_authentication_flag=(value)
-              self.authenticating_with = :password
-              self.#{password_field}_without_authentication_flag = value
-            end
-            alias_method_chain :#{password_field}=, :authentication_flag
-            
-            private
-              # The password should not be accessible publicly. This way forms using form_for don't fill the password with the attempted password. The prevent this we just create this method that is private.
-              def protected_#{password_field}
-                @#{password_field}
-              end
-          end_eval
-          
-          self.class.methods_configured = true
-        end
-        
-        def klass
-          self.class.klass
-        end
-      
-        def klass_name
-          self.class.klass_name
-        end
-        
-        def search_for_record(method, value)
-          klass.send(method, value)
-        end
-        
-        def valid_credentials?
-          case authenticating_with
-          when :password
-            errors.add(login_field, I18n.t('error_messages.login_blank', :default => "can not be blank")) if send(login_field).blank?
-            errors.add(password_field, I18n.t('error_messages.password_blank', :default => "can not be blank")) if send("protected_#{password_field}").blank?
-            return false if errors.count > 0
-            
-            self.attempted_record = search_for_record(find_by_login_method, send(login_field))
-            
-            if attempted_record.blank?
-              errors.add(login_field, I18n.t('error_messages.login_not_found', :default => "does not exist"))
-              return false
-            end
-            
-            unless attempted_record.send(verify_password_method, send("protected_#{password_field}"))
-              errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
-              return false
-            end
-          when :unauthorized_record
-            self.attempted_record = unauthorized_record
-            
-            if attempted_record.blank?
-              errors.add_to_base(I18n.t('error_messages.blank_record', :default => "You can not login with a blank record"))
-              return false
-            end
-            
-            if attempted_record.new_record?
-              errors.add_to_base(I18n.t('error_messages.new_record', :default => "You can not login with a new record"))
-              return false
-            end
-          end
-          
-          self.record = attempted_record
-          valid_record?
-        end
-        
-        def valid_record?
-          return true if disable_magic_states?
-          [:active, :approved, :confirmed].each do |required_status|
-            if record.respond_to?("#{required_status}?") && !record.send("#{required_status}?")
-              errors.add_to_base(I18n.t("error_messages.not_#{required_status}", :default => "Your account is not #{required_status}"))
-              return false
-            end
-          end
-          true
-        end
+      include Foundation
+      include Callbacks
+      
+      # Included first so that the session resets itself to nil
+      include Timeout
+      
+      # Included in a specific order so they are tried in this order when persisting
+      include Params
+      include Cookies
+      include Session
+      include HttpAuth
+      
+      # Included in a specific order so magic states gets ran after a record is found
+      include Password
+      include UnauthorizedRecord
+      include MagicStates
+      
+      include Activation
+      include ActiveRecordTrickery
+      include BruteForceProtection
+      include Existence
+      include Klass
+      include MagicColumns
+      include PerishableToken
+      include Persistence
+      include Scopes
+      include Id
+      include Validation
+      include PriorityRecord
     end
   end
 end