authlogic 2.0.11 → 2.0.12

data/CHANGELOG.rdoc

@@ -1,3 +1,12 @@
+== 2.0.12 release 2009-5-13
+
+* Added the ability to add a last_request_update_allowed? method in your controller to pragmatically tell Authlogic when and when not to update the last_request_at field in your database. This only takes effect if the method if present.
+* Extracted Authlogic's regular expressions into it's own module to allow easy use of them outside of Authlogic. See Authlogic::Regex for more info.
+* Made being_brute_force_protected? true for the Authlogic::Session::BruteForceProtection module.
+* Added the configuration option generalize_credentials_error_messages for the Authlogic::Session::Password module. This allows you to generalize your login / password errors messages as to not reveal was the problem was when authenticating. If enabled, when an invalid login is supplied it will use the same exact error message when an invalid password is supplied.
+* Update email regular expression to use A-Z0-9 instead of /w as to not allow for diacritical marks in an email address.
+* Changed config() convenience method to rw_config() to be more descriptive and less vague.
+
 == 2.0.11 release 2009-4-25
 
 * Fix bug when password is turned off and the SingleAccessToken module calls the after_password_set callback.

data/README.rdoc

@@ -4,33 +4,57 @@ Authlogic is a clean, simple, and unobtrusive ruby authentication solution.
 
 A code example can replace a thousand words...
 
-Authlogic introduces a new type of model. You can have as many as you want, and name them whatever you want, just like your other models. In this example we want to authenticate with the User model, which is inferred by the name:
+Authlogic introduces a new type of model. You can have as many as you want, and name them whatever you want, just like your other models. In this example, we want to authenticate with the User model, which is inferred by the name:
 
   class UserSession < Authlogic::Session::Base
+    # specify configuration here, such as:
+    # logout_on_timeout true
+    # ...many more options in the documentation
   end
 
-Log in with any of the following. Use it just like your other models:
+Log in with any of the following. Create a UserSessionsController and use it just like your other models:
 
-  UserSession.create(my_user_object)
-  UserSession.create(:login => "bjohnson", :password => "my password")
-  session = UserSession.new(:login => "bjohnson", :password => "my password"); session.save
-  UserSession.create(:openid_identifier => "identifier") # requires the authlogic-oid "add on" gem
+  UserSession.create(:login => "bjohnson", :password => "my password", :remember_me => true)
+  session = UserSession.new(:login => "bjohnson", :password => "my password", :remember_me => true); session.save
+  UserSession.create(:openid_identifier => "identifier", :remember_me => true) # requires the authlogic-oid "add on" gem
+  UserSession.create(my_user_object, true) # skip authentication and log the user in directly, the true means "remember me"
+
+The above handles the entire authentication process for you. It first authenticates, then it sets up the proper session values and cookies to persist the session. Just like you would if you rolled your own authentication solution.
+
+You can also log out / destroy the session:
+
+  session.destroy
 
 After a session has been created, you can persist it across requests. Thus keeping the user logged in:
 
   session = UserSession.find
 
-You can also log out / destroy the session:
+To get all of the nice authentication functionality in your model just do this:
 
-  session.destroy
+  class User < ActiveRecord::Base
+    acts_as_authentic do |c|
+      c.my_config_option = my_value
+    end # the configuration block is optional
+  end
+
+This handles validations, etc. It is also "smart" in the sense that it if a login field is present it will use that to authenticate, if not it will look for an email field, etc. This is all configurable, but for 99% of cases that above is all you will need to do.
+
+Also, sessions are automatically maintained. You can switch this on and off with configuration, but the following will automatically log a user in after a successful registration:
+
+  User.create(params[:user])
+
+This also updates the session when the user changes his/her password.
+
+Authlogic is very flexible, it has a strong public API and a plethora of hooks to allow you to modify behavior and extend it. Check out the helpful links below to dig deeper.
 
 == Helpful links
 
-*	<b>Documentation:</b> http://authlogic.rubyforge.org
-*	<b>Repository:</b> http://github.com/binarylogic/authlogic/tree/master
-*	<b>Live example with OpenID "add on":</b> http://authlogicexample.binarylogic.com
-*	<b>Live example repository with tutorial:</b> http://github.com/binarylogic/authlogic_example/tree/master
-*	<b>Tutorial: Reset passwords with Authlogic the RESTful way:</b> http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic
+* <b>Documentation:</b> http://authlogic.rubyforge.org
+* <b>Repository:</b> http://github.com/binarylogic/authlogic/tree/master
+* <b>Railscasts Screencast:</b> http://railscasts.com/episodes/160-authlogic
+* <b>Live example with OpenID "add on":</b> http://authlogicexample.binarylogic.com
+* <b>Live example repository with tutorial in README:</b> http://github.com/binarylogic/authlogic_example/tree/master
+* <b>Tutorial: Reset passwords with Authlogic the RESTful way:</b> http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic
 * <b>Bugs / feature suggestions:</b> http://binarylogic.lighthouseapp.com/projects/18752-authlogic
 * <b>Google group:</b> http://groups.google.com/group/authlogic
 
@@ -40,14 +64,18 @@ If you find a bug or a problem please post it on lighthouse. If you need help wi
 
 == Authlogic "add ons"
 
-*	<b>Authlogic OpenID addon:</b> http://github.com/binarylogic/authlogic_openid
-*	<b>Authlogic LDAP addon:</b> http://github.com/binarylogic/authlogic_ldap
+* <b>Authlogic OpenID addon:</b> http://github.com/binarylogic/authlogic_openid
+* <b>Authlogic LDAP addon:</b> http://github.com/binarylogic/authlogic_ldap
 
 If you create one of your own, please let me know about it so I can add it to this list. Or just fork the project, add your link, and send me a pull request.
 
+== Session bugs (please read if you are having issues with logging in / out)
+
+Apparently there is a bug with apache / passenger for v2.1.X with sessions not working properly. This is most likely your problem if you are having trouble logging in / out. This is *not* an Authlogic issue. This can be solved by updating passener or using an alternative session store solution, such as active record store.
+
 == Documentation explanation
 
-You can find anything you want about Authlogic in the {documentation}, all that you need to do is understand the basic design behind it.
+You can find anything you want about Authlogic in the {documentation}[http://authlogic.rubyforge.org], all that you need to do is understand the basic design behind it.
 
 That being said, there are 2 models involved during authentication. Your Authlogic model and your ActiveRecord model:
 
@@ -56,7 +84,7 @@ That being said, there are 2 models involved during authentication. Your Authlog
 
 Each of the above has its various sub modules that contain common logic. The sub modules are responsible for including *everything* related to it: configuration, class methods, instance methods, etc.
 
-For example, if you want to timeout users after a certain period of inactivity, you would look in <b>Authlogic::Session::Timeout</b>. To help you out, I listed the following "publicly relevant" modules with short descriptions. For the sake of brevity, there are more modules than listed here, the ones not listed are more for internal use, but you can easily read up on them in the {documentation}[http://authlogic.rubyforge.org].
+For example, if you want to timeout users after a certain period of inactivity, you would look in <b>Authlogic::Session::Timeout</b>. To help you out, I listed the following publicly relevant modules with short descriptions. For the sake of brevity, there are more modules than listed here, the ones not listed are more for internal use, but you can easily read up on them in the {documentation}[http://authlogic.rubyforge.org].
 
 === Authlogic::ActsAsAuthentic sub modules
 
@@ -66,21 +94,21 @@ These modules are for the ActiveRecord side of things, the models that call acts
 * <b>Authlogic::ActsAsAuthentic::Email</b> - Handles everything related to the email field.
 * <b>Authlogic::ActsAsAuthentic::LoggedInStatus</b> - Provides handy named scopes and methods for determining if the user is logged in or out.
 * <b>Authlogic::ActsAsAuthentic::Login</b> - Handles everything related to the login field.
-* <b>Authlogic::ActsAsAuthentic::MagicColumns</b> - Handles everything related to the "magic" fields: login_count, failed_login_count, etc.
+* <b>Authlogic::ActsAsAuthentic::MagicColumns</b> - Handles everything related to the "magic" fields: login_count, failed_login_count, last_request_at, etc.
 * <b>Authlogic::ActsAsAuthentic::Password</b> - This one is important. It handles encrypting your password, salting it, etc. It also has support for transitioning password algorithms.
 * <b>Authlogic::ActsAsAuthentic::PerishableToken</b> - Handles maintaining the perishable token field, also provides a class level method for finding record using the token.
 * <b>Authlogic::ActsAsAuthentic::PersistenceToken</b> - Handles maintaining the persistence token. This is the token stored in cookies and sessions to persist the users session.
 * <b>Authlogic::ActsAsAuthentic::RestfulAuthentication</b> - Provides configuration options to easily migrate from the restful_authentication plugin.
-* <b>Authlogic::ActsAsAuthentic::SessionMaintenance</b> - Handles automatically logging the user in. EX: a new user registers, automatically log them in.
+* <b>Authlogic::ActsAsAuthentic::SessionMaintenance</b> - Handles automatic session maintenance. EX: a new user registers, automatically log them in. Or a user changes their password, update their session.
 * <b>Authlogic::ActsAsAuthentic::SingleAccessToken</b> - Handles maintaining the single access token.
-* <b>Authlogic::ActsAsAuthentic::ValidationsScope</b> - Allows you to scope validations, etc. Just like the :scope option for validates_uniqueness_of
+* <b>Authlogic::ActsAsAuthentic::ValidationsScope</b> - Allows you to scope all validations, etc. Just like the :scope option for validates_uniqueness_of
 
 === Authlogic::Session sub modules
 
 These modules are for the models that extend Authlogic::Session::Base.
 
 * <b>Authlogic::Session::BruteForceProtection</b> - Disables accounts after a certain number of consecutive failed logins attempted.
-* <b>Authlogic::Session::Callbacks</b> - Your tools to extend, change, or add onto Authlogic. Lets you hook in and do just about anything you want. Start here if you want to write a plugin or add on for Authlogic
+* <b>Authlogic::Session::Callbacks</b> - Your tools to extend, change, or add onto Authlogic. Lets you hook in and do just about anything you want. Start here if you want to write a plugin or add-on for Authlogic
 * <b>Authlogic::Session::Cookies</b> - Authentication via cookies.
 * <b>Authlogic::Session::Existence</b> - Creating, saving, and destroying objects.
 * <b>Authlogic::Session::HttpAuth</b> - Authentication via basic HTTP authentication.
@@ -92,7 +120,7 @@ These modules are for the models that extend Authlogic::Session::Base.
 * <b>Authlogic::Session::Persistence</b> - Persisting sessions / finding sessions.
 * <b>Authlogic::Session::Session</b> - Authentication via the session, the controller session that is.
 * <b>Authlogic::Session::Timeout</b> - Automatically logging out after a certain period of inactivity.
-* <b>Authlogic::Session::UnauthorizedRecord</b> - Handles authentication by passing an ActiveRecord object.
+* <b>Authlogic::Session::UnauthorizedRecord</b> - Handles authentication by passing an ActiveRecord object directly.
 * <b>Authlogic::Session::Validation</b> - Validation / errors.
 
 === Miscellaneous modules
@@ -103,6 +131,7 @@ Miscellaneous modules that shared across the authentication process and are more
 * <b>Authlogic::CryptoProviders</b> - Contains various encryption algorithms that Authlogic uses, allowing you to choose your encryption method.
 * <b>Authlogic::I18n</b> - Acts JUST LIKE the rails I18n library, and provides internationalization to Authlogic.
 * <b>Authlogic::Random</b> - A simple class to generate random tokens.
+* <b>Authlogic::Regex</b> - Contains regular expressions used in Authlogic. Such as those to validate the format of the log or email.
 * <b>Authlogic::TestCase</b> - Various helper methods for testing frameworks to help you test your code.
 * <b>Authlogic::Version</b> - A handy class for determine the version of Authlogic in a number of ways.
 
@@ -193,7 +222,7 @@ That being said, testing your code that uses Authlogic is easy. Since everyone u
 
 == Tell me quickly how Authlogic works
 
-Interested in how all of this all works? Think about an ActiveRecord model. A database connection must be established before you can use it. In the case of Authlogic, a controller connection must be established before you can use it. It uses that controller connection to modify cookies, the current session, login with HTTP basic, etc. It connects to the controller through a before filter that is automatically set in your controller which lets Authlogic know about the current controller object. Then Authlogic leverages that to do everything, it's a pretty simple design.
+Interested in how all of this all works? Think about an ActiveRecord model. A database connection must be established before you can use it. In the case of Authlogic, a controller connection must be established before you can use it. It uses that controller connection to modify cookies, the current session, login with HTTP basic, etc. It connects to the controller through a before filter that is automatically set in your controller which lets Authlogic know about the current controller object. Then Authlogic leverages that to do everything, it's a pretty simple design. Nothing crazy going on, Authlogic is just leveraging the tools your framework provides in the controller object.
 
 == What sets Authlogic apart and why I created it
 
@@ -203,6 +232,7 @@ What inspired me to create Authlogic was the messiness of the current authentica
 2. <b>Easier to stay up-to-date.</b> To make my point, take a look at the commits to any other authentication solution, then look at the {commits for authlogic}[http://github.com/binarylogic/authlogic/commits/master]. How many commits could you easily start using if you already had an app using that solution? With an alternate solution, very few, if any. All of those cool new features and bug fixes are going to have be manually added or wait for your next application. Which is the main reason a generator is not suitable as an authentication solution. With Authlogic you can start using the latest code with a simple update of a gem. No generators, no mess.
 3. <b>It ties everything together on the domain level.</b> Take a new user registration for example, no reason to manually log the user in, authlogic handles this for you via callbacks. The same applies to a user changing their password. Authlogic handles maintaining the session for you.
 4. <b>No redundant tests.</b> Because Authlogic doesn't use generators, #1 also applies to tests. Authlogic is *thoroughly* tested for you. You don't go and test the internals of ActiveRecord in each of your apps do you? So why do the same for Authlogic? Your application tests should be for application specific code. Get rid of the noise and make your tests focused and concise, no reason to copy tests from app to app.
+5. <b>Framework agnostic</b>. Authlogic can be used in *any* ruby framework you want: Rails, Merb, Sinatra, Mack, your own framework, whatever. It's not tied down to Rails. It does this by abstracting itself from these framework's controllers by using a controller adapter. Thanks to {Rack}[http://rack.rubyforge.org/], there is a defined standard for controller structure, and that's what Authlogic's abstract adapter follows. So if your controller follows the rack standards, you don't need to do anything. Any place it deviates from this is solved by a simple adapter for your framework that closes these gaps. For an example, checkout the Authlogic::ControllerAdapters::MerbAdapter.
 5. <b>You are not restricted to a single session.</b> Think about Apple's me.com, where they need you to authenticate a second time before changing your billing information. Why not just create a second session for this? It works just like your initial session. Then your billing controller can require an "ultra secure" session.
 6. <b>Easily extendable.</b> One of the distinct advantages of using a library is the ability to use it's API, assuming it has one. Authlogic has an *excellent* public API, meaning it can easily be extended and grow beyond the core library. Checkout the "add ons" list above to see what I mean.
 

data/init.rb

@@ -1 +1 @@
-require "authlogic"
+require File.dirname(__FILE__) + "/rails/init.rb"

data/lib/authlogic.rb

@@ -3,6 +3,7 @@ require "active_support"
 require File.dirname(__FILE__) + "/authlogic/version"
 require File.dirname(__FILE__) + "/authlogic/i18n"
 require File.dirname(__FILE__) + "/authlogic/random"
+require File.dirname(__FILE__) + "/authlogic/regex"
 
 require File.dirname(__FILE__) + "/authlogic/controller_adapters/abstract_adapter"
 require File.dirname(__FILE__) + "/authlogic/controller_adapters/rails_adapter" if defined?(Rails)

data/lib/authlogic/acts_as_authentic/base.rb

@@ -68,7 +68,7 @@ module Authlogic
             inheritable_attributes.include?(key) ? read_inheritable_attribute(key) : []
           end
           
-          def config(key, value, default_value = nil, read_value = nil)
+          def rw_config(key, value, default_value = nil, read_value = nil)
             if value == read_value
               inheritable_attributes.include?(key) ? read_inheritable_attribute(key) : default_value
             else

data/lib/authlogic/acts_as_authentic/email.rb

@@ -19,7 +19,7 @@ module Authlogic
         # * <tt>Default:</tt> :email, if it exists
         # * <tt>Accepts:</tt> Symbol
         def email_field(value = nil)
-          config(:email_field, value, first_column_to_exist(nil, :email, :email_address))
+          rw_config(:email_field, value, first_column_to_exist(nil, :email, :email_address))
         end
         alias_method :email_field=, :email_field
         
@@ -28,7 +28,7 @@ module Authlogic
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
         def validate_email_field(value = nil)
-          config(:validate_email_field, value, true)
+          rw_config(:validate_email_field, value, true)
         end
         alias_method :validate_email_field=, :validate_email_field
         
@@ -41,7 +41,7 @@ module Authlogic
         # * <tt>Default:</tt> {:within => 6..100}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_email_field_options(value = nil)
-          config(:validates_length_of_email_field_options, value, {:within => 6..100})
+          rw_config(:validates_length_of_email_field_options, value, {:within => 6..100})
         end
         alias_method :validates_length_of_email_field_options=, :validates_length_of_email_field_options
         
@@ -62,10 +62,10 @@ module Authlogic
         # merge options into it. Checkout the convenience function merge_validates_format_of_email_field_options to merge
         # options.</b>
         #
-        # * <tt>Default:</tt> {:with => email_regex, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}
+        # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
         def validates_format_of_email_field_options(value = nil)
-          config(:validates_format_of_email_field_options, value, {:with => email_regex, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")})
+          rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")})
         end
         alias_method :validates_format_of_email_field_options=, :validates_format_of_email_field_options
         
@@ -83,7 +83,7 @@ module Authlogic
         # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
         def validates_uniqueness_of_email_field_options(value = nil)
-          config(:validates_uniqueness_of_email_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym})
+          rw_config(:validates_uniqueness_of_email_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym})
         end
         alias_method :validates_uniqueness_of_email_field_options=, :validates_uniqueness_of_email_field_options
         
@@ -91,15 +91,6 @@ module Authlogic
         def merge_validates_uniqueness_of_email_field_options(options = {})
           self.validates_uniqueness_of_email_field_options = validates_uniqueness_of_email_field_options.merge(options)
         end
-        
-        private
-          def email_regex
-            return @email_regex if @email_regex
-            email_name_regex  = '[\w\.%\+\-]+'
-            domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
-            domain_tld_regex  = '(?:[A-Z]{2,4}|museum|travel)'
-            @email_regex = /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
-          end
       end
       
       # All methods relating to the email field

data/lib/authlogic/acts_as_authentic/logged_in_status.rb

@@ -19,7 +19,7 @@ module Authlogic
         # * <tt>Default:</tt> 10.minutes
         # * <tt>Accepts:</tt> Fixnum
         def logged_in_timeout(value = nil)
-          config(:logged_in_timeout, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
+          rw_config(:logged_in_timeout, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
         end
         alias_method :logged_in_timeout=, :logged_in_timeout
       end

data/lib/authlogic/acts_as_authentic/login.rb

@@ -16,7 +16,7 @@ module Authlogic
         # * <tt>Default:</tt> :login or :username, if they exist
         # * <tt>Accepts:</tt> Symbol
         def login_field(value = nil)
-          config(:login_field, value, first_column_to_exist(nil, :login, :username))
+          rw_config(:login_field, value, first_column_to_exist(nil, :login, :username))
         end
         alias_method :login_field=, :login_field
         
@@ -25,7 +25,7 @@ module Authlogic
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
         def validate_login_field(value = nil)
-          config(:validate_login_field, value, true)
+          rw_config(:validate_login_field, value, true)
         end
         alias_method :validate_login_field=, :validate_login_field
         
@@ -38,7 +38,7 @@ module Authlogic
         # * <tt>Default:</tt> {:within => 3..100}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_login_field_options(value = nil)
-          config(:validates_length_of_login_field_options, value, {:within => 3..100})
+          rw_config(:validates_length_of_login_field_options, value, {:within => 3..100})
         end
         alias_method :validates_length_of_login_field_options=, :validates_length_of_login_field_options
         
@@ -59,10 +59,10 @@ module Authlogic
         # merge options into it. Checkout the convenience function merge_validates_format_of_login_field_options to merge
         # options.</b>
         #
-        # * <tt>Default:</tt> {:with => /\A\w[\w\.\-_@ ]+\z/, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}
+        # * <tt>Default:</tt> {:with => Authlogic::Regex.login, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
         def validates_format_of_login_field_options(value = nil)
-          config(:validates_format_of_login_field_options, value, {:with => /\A\w[\w\.+-_@ ]+\z/, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")})
+          rw_config(:validates_format_of_login_field_options, value, {:with => Authlogic::Regex.login, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")})
         end
         alias_method :validates_format_of_login_field_options=, :validates_format_of_login_field_options
         
@@ -80,7 +80,7 @@ module Authlogic
         # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
         def validates_uniqueness_of_login_field_options(value = nil)
-          config(:validates_uniqueness_of_login_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym})
+          rw_config(:validates_uniqueness_of_login_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym})
         end
         alias_method :validates_uniqueness_of_login_field_options=, :validates_uniqueness_of_login_field_options
         

data/lib/authlogic/acts_as_authentic/password.rb

@@ -18,7 +18,7 @@ module Authlogic
         # * <tt>Default:</tt> :crypted_password, :encrypted_password, :password_hash, or :pw_hash
         # * <tt>Accepts:</tt> Symbol
         def crypted_password_field(value = nil)
-          config(:crypted_password_field, value, first_column_to_exist(nil, :crypted_password, :encrypted_password, :password_hash, :pw_hash))
+          rw_config(:crypted_password_field, value, first_column_to_exist(nil, :crypted_password, :encrypted_password, :password_hash, :pw_hash))
         end
         alias_method :crypted_password_field=, :crypted_password_field
         
@@ -27,7 +27,7 @@ module Authlogic
         # * <tt>Default:</tt> :password_salt, :pw_salt, :salt, nil if none exist
         # * <tt>Accepts:</tt> Symbol
         def password_salt_field(value = nil)
-          config(:password_salt_field, value, first_column_to_exist(nil, :password_salt, :pw_salt, :salt))
+          rw_config(:password_salt_field, value, first_column_to_exist(nil, :password_salt, :pw_salt, :salt))
         end
         alias_method :password_salt_field=, :password_salt_field
         
@@ -37,7 +37,7 @@ module Authlogic
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
         def require_password_confirmation(value = nil)
-          config(:require_password_confirmation, value, true)
+          rw_config(:require_password_confirmation, value, true)
         end
         alias_method :require_password_confirmation=, :require_password_confirmation
         
@@ -53,7 +53,7 @@ module Authlogic
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
         def ignore_blank_passwords(value = nil)
-          config(:ignore_blank_passwords, value, true)
+          rw_config(:ignore_blank_passwords, value, true)
         end
         alias_method :ignore_blank_passwords=, :ignore_blank_passwords
         
@@ -70,7 +70,7 @@ module Authlogic
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
         def check_passwords_against_database(value = nil)
-          config(:check_passwords_against_database, value, true)
+          rw_config(:check_passwords_against_database, value, true)
         end
         alias_method :check_passwords_against_database=, :check_passwords_against_database
         
@@ -79,7 +79,7 @@ module Authlogic
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
         def validate_password_field(value = nil)
-          config(:validate_password_field, value, true)
+          rw_config(:validate_password_field, value, true)
         end
         alias_method :validate_password_field=, :validate_password_field
         
@@ -92,7 +92,7 @@ module Authlogic
         # * <tt>Default:</tt> {:minimum => 4, :if => :require_password?}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_password_field_options(value = nil)
-          config(:validates_length_of_password_field_options, value, {:minimum => 4, :if => :require_password?})
+          rw_config(:validates_length_of_password_field_options, value, {:minimum => 4, :if => :require_password?})
         end
         alias_method :validates_length_of_password_field_options=, :validates_length_of_password_field_options
         
@@ -110,13 +110,13 @@ module Authlogic
         # A hash of options for the validates_confirmation_of call for the password field. Allows you to change this however you want.
         #
         # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
-        # merge options into it. Checkout the convenience function merge_validates_length_of_login_field_options to merge
+        # merge options into it. Checkout the convenience function merge_validates_length_of_password_field_options to merge
         # options.</b>
         #
-        # * <tt>Default:</tt> {:minimum => 4, :if => "#{password_salt_field}_changed?".to_sym}
+        # * <tt>Default:</tt> {:if => :require_password?}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_confirmation_of
         def validates_confirmation_of_password_field_options(value = nil)
-          config(:validates_confirmation_of_password_field_options, value, {:minimum => 4, :if => :require_password?})
+          rw_config(:validates_confirmation_of_password_field_options, value, {:if => :require_password?})
         end
         alias_method :validates_confirmation_of_password_field_options=, :validates_confirmation_of_password_field_options
         
@@ -128,13 +128,13 @@ module Authlogic
         # A hash of options for the validates_length_of call for the password_confirmation field. Allows you to change this however you want.
         #
         # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
-        # merge options into it. Checkout the convenience function merge_validates_length_of_login_field_options to merge
+        # merge options into it. Checkout the convenience function merge_validates_length_of_password_field_options to merge
         # options.</b>
         #
         # * <tt>Default:</tt> validates_length_of_password_field_options
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_password_confirmation_field_options(value = nil)
-          config(:validates_length_of_password_confirmation_field_options, value, validates_length_of_password_field_options)
+          rw_config(:validates_length_of_password_confirmation_field_options, value, validates_length_of_password_field_options)
         end
         alias_method :validates_length_of_password_confirmation_field_options=, :validates_length_of_password_confirmation_field_options
         
@@ -149,7 +149,7 @@ module Authlogic
         # * <tt>Default:</tt> CryptoProviders::Sha512
         # * <tt>Accepts:</tt> Class
         def crypto_provider(value = nil)
-          config(:crypto_provider, value, CryptoProviders::Sha512)
+          rw_config(:crypto_provider, value, CryptoProviders::Sha512)
         end
         alias_method :crypto_provider=, :crypto_provider
         
@@ -165,7 +165,7 @@ module Authlogic
         # * <tt>Default:</tt> nil
         # * <tt>Accepts:</tt> Class or Array
         def transition_from_crypto_providers(value = nil)
-          config(:transition_from_crypto_providers, (!value.nil? && [value].flatten.compact) || value, [])
+          rw_config(:transition_from_crypto_providers, (!value.nil? && [value].flatten.compact) || value, [])
         end
         alias_method :transition_from_crypto_providers=, :transition_from_crypto_providers
       end

data/lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -20,7 +20,7 @@ module Authlogic
         # * <tt>Default:</tt> 10.minutes
         # * <tt>Accepts:</tt> Fixnum
         def perishable_token_valid_for(value = nil)
-          config(:perishable_token_valid_for, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
+          rw_config(:perishable_token_valid_for, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
         end
         alias_method :perishable_token_valid_for=, :perishable_token_valid_for
         
@@ -31,7 +31,7 @@ module Authlogic
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
         def disable_perishable_token_maintenance(value = nil)
-          config(:disable_perishable_token_maintenance, value, false)
+          rw_config(:disable_perishable_token_maintenance, value, false)
         end
         alias_method :disable_perishable_token_maintenance=, :disable_perishable_token_maintenance
       end

data/lib/authlogic/acts_as_authentic/restful_authentication.rb

@@ -18,7 +18,7 @@ module Authlogic
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
         def act_like_restful_authentication(value = nil)
-          r = config(:act_like_restful_authentication, value, false)
+          r = rw_config(:act_like_restful_authentication, value, false)
           set_restful_authentication_config if value
           r
         end
@@ -26,9 +26,10 @@ module Authlogic
         
         # This works just like act_like_restful_authentication except that it will start transitioning your users to the algorithm you
         # specify with the crypto provider option. The next time they log in it will resave their password with the new algorithm
-        # and any new record will use the new algorithm as well.
+        # and any new record will use the new algorithm as well. Make sure to update your users table if you are using the default
+        # migration since it will set crypted_password and salt columns to a maximum width of 40 characters which is not enough. 
         def transition_from_restful_authentication(value = nil)
-          r = config(:transition_from_restful_authentication, value, false)
+          r = rw_config(:transition_from_restful_authentication, value, false)
           set_restful_authentication_config if value
           r
         end

data/lib/authlogic/acts_as_authentic/session_maintenance.rb

@@ -33,7 +33,7 @@ module Authlogic
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
         def maintain_sessions(value = nil)
-          config(:maintain_sessions, value, true)
+          rw_config(:maintain_sessions, value, true)
         end
         alias_method :maintain_sessions=, :maintain_sessions
         
@@ -44,7 +44,7 @@ module Authlogic
         # * <tt>Default:</tt> [nil]
         # * <tt>Accepts:</tt> Array
         def session_ids(value = nil)
-          config(:session_ids, value, [nil])
+          rw_config(:session_ids, value, [nil])
         end
         alias_method :session_ids=, :session_ids
         
@@ -54,7 +54,7 @@ module Authlogic
         # * <tt>Accepts:</tt> Class
         def session_class(value = nil)
           const = "#{base_class.name}Session".constantize rescue nil
-          config(:session_class, value, const)
+          rw_config(:session_class, value, const)
         end
         alias_method :session_class=, :session_class
       end

data/lib/authlogic/acts_as_authentic/single_access_token.rb

@@ -20,7 +20,7 @@ module Authlogic
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
         def change_single_access_token_with_password(value = nil)
-          config(:change_single_access_token_with_password, value, false)
+          rw_config(:change_single_access_token_with_password, value, false)
         end
         alias_method :change_single_access_token_with_password=, :change_single_access_token_with_password
       end

data/lib/authlogic/acts_as_authentic/validations_scope.rb

@@ -23,7 +23,7 @@ module Authlogic
         # * <tt>Default:</tt> nil
         # * <tt>Accepts:</tt> Symbol or Array of symbols
         def validations_scope(value = nil)
-          config(:validations_scope, value)
+          rw_config(:validations_scope, value)
         end
         alias_method :validations_scope=, :validations_scope
       end

data/lib/authlogic/controller_adapters/abstract_adapter.rb

@@ -50,6 +50,14 @@ module Authlogic
         controller.send(:single_access_allowed?)
       end
       
+      def responds_to_last_request_update_allowed?
+        controller.respond_to?(:last_request_update_allowed?, true)
+      end
+      
+      def last_request_update_allowed?
+        controller.send(:last_request_update_allowed?)
+      end
+      
       private
         def method_missing(id, *args, &block)
           controller.send(id, *args, &block)

data/lib/authlogic/i18n.rb

@@ -29,7 +29,7 @@ module Authlogic
   #   authlogic:
   #     error_messages:
   #       login_blank: can not be blank
-  #       login_not_found: does not exist
+  #       login_not_found: is not valid
   #       login_invalid: should use only letters, numbers, spaces, and .-_@ please.
   #       consecutive_failed_logins_limit_exceeded: Consecutive failed logins limit exceeded, account is disabled.
   #       email_invalid: should look like an email address.

data/lib/authlogic/session/brute_force_protection.rb

@@ -37,7 +37,7 @@ module Authlogic
         # * <tt>Default:</tt> 50
         # * <tt>Accepts:</tt> Integer, set to 0 to disable
         def consecutive_failed_logins_limit(value = nil)
-          config(:consecutive_failed_logins_limit, value, 50)
+          rw_config(:consecutive_failed_logins_limit, value, 50)
         end
         alias_method :consecutive_failed_logins_limit=, :consecutive_failed_logins_limit
         
@@ -46,23 +46,26 @@ module Authlogic
         # * <tt>Default:</tt> 2.hours
         # * <tt>Accepts:</tt> Fixnum, set to 0 for permanent ban
         def failed_login_ban_for(value = nil)
-          config(:failed_login_ban_for, (!value.nil? && value) || value, 2.hours.to_i)
+          rw_config(:failed_login_ban_for, (!value.nil? && value) || value, 2.hours.to_i)
         end
         alias_method :failed_login_ban_for=, :failed_login_ban_for
       end
       
       # The methods available for an Authlogic::Session::Base object that make up the brute force protection feature.
       module InstanceMethods
+        # Returns true when the consecutive_failed_logins_limit has been exceeded and is being temporarily banned.
+        # Notice the word temporary, the user will not be permanently banned unless you choose to do so with configuration.
+        # By default they will be banned for 2 hours. During that 2 hour period this method will return true.
+        def being_brute_force_protected?
+          exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 || (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago))
+        end
+        
         private
           def exceeded_failed_logins_limit?
             !attempted_record.nil? && attempted_record.respond_to?(:failed_login_count) && consecutive_failed_logins_limit > 0 &&
               attempted_record.failed_login_count && attempted_record.failed_login_count >= consecutive_failed_logins_limit
           end
           
-          def being_brute_force_protected?
-            exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 || (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago))
-          end
-          
           def reset_failed_login_count?
             exceeded_failed_logins_limit? && !being_brute_force_protected?
           end

data/lib/authlogic/session/cookies.rb

@@ -26,7 +26,7 @@ module Authlogic
         # * <tt>Default:</tt> "#{klass_name.underscore}_credentials"
         # * <tt>Accepts:</tt> String
         def cookie_key(value = nil)
-          config(:cookie_key, value, "#{klass_name.underscore}_credentials")
+          rw_config(:cookie_key, value, "#{klass_name.underscore}_credentials")
         end
         alias_method :cookie_key=, :cookie_key
         
@@ -35,7 +35,7 @@ module Authlogic
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
         def remember_me(value = nil)
-          config(:remember_me, value, false)
+          rw_config(:remember_me, value, false)
         end
         alias_method :remember_me=, :remember_me
         
@@ -44,7 +44,7 @@ module Authlogic
         # * <tt>Default:</tt> 3.months
         # * <tt>Accepts:</tt> Integer, length of time in seconds, such as 60 or 3.months
         def remember_me_for(value = :_read)
-          config(:remember_me_for, value, 3.months, :_read)
+          rw_config(:remember_me_for, value, 3.months, :_read)
         end
         alias_method :remember_me_for=, :remember_me_for
       end

data/lib/authlogic/session/foundation.rb

@@ -13,7 +13,7 @@ module Authlogic
       
       module ClassMethods
         private
-          def config(key, value, default_value = nil, read_value = nil)
+          def rw_config(key, value, default_value = nil, read_value = nil)
             if value == read_value
               return read_inheritable_attribute(key) if inheritable_attributes.include?(key)
               write_inheritable_attribute(key, default_value)

data/lib/authlogic/session/http_auth.rb

@@ -25,7 +25,7 @@ module Authlogic
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
         def allow_http_basic_auth(value = nil)
-          config(:allow_http_basic_auth, value, true)
+          rw_config(:allow_http_basic_auth, value, true)
         end
         alias_method :allow_http_basic_auth=, :allow_http_basic_auth
       end

data/lib/authlogic/session/magic_columns.rb

@@ -31,7 +31,7 @@ module Authlogic
         # * <tt>Default:</tt> 0
         # * <tt>Accepts:</tt> integer representing time in seconds
         def last_request_at_threshold(value = nil)
-          config(:last_request_at_threshold, value, 0)
+          rw_config(:last_request_at_threshold, value, 0)
         end
         alias_method :last_request_at_threshold=, :last_request_at_threshold
       end
@@ -61,8 +61,24 @@ module Authlogic
             end
           end
           
-          def set_last_request_at?
-            record && record.class.column_names.include?("last_request_at") && (record.last_request_at.blank? || last_request_at_threshold.to_i.seconds.ago >= record.last_request_at)
+          # This method lets authlogic know whether it should allow the last_request_at field to be updated
+          # with the current time (Time.now). One thing to note here is that it also checks for the existence of a
+          # last_request_update_allowed? method in your controller. This allows you to control this method pragmatically
+          # in your controller.
+          #
+          # For example, what if you had a javascript function that polled the server updating how much time is left in their
+          # session before it times out. Obviously you would want to ignore this request, because then the user would never time out.
+          # So you can do something like this in your controller:
+          #
+          #   def last_request_update_allowed?
+          #     action_name =! "update_session_time_left"
+          #   end
+          #
+          # You can do whatever you want with that method.
+          def set_last_request_at? # :doc:
+            return false if !record || !klass.column_names.include?("last_request_at")
+            return controller.last_request_update_allowed? if controller.responds_to_last_request_update_allowed?
+            record.last_request_at.blank? || last_request_at_threshold.to_i.seconds.ago >= record.last_request_at
           end
         
           def set_last_request_at

data/lib/authlogic/session/magic_states.rb

@@ -30,7 +30,7 @@ module Authlogic
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
         def disable_magic_states(value = nil)
-          config(:disable_magic_states, value, false)
+          rw_config(:disable_magic_states, value, false)
         end
         alias_method :disable_magic_states=, :disable_magic_states
       end

data/lib/authlogic/session/params.rb

@@ -43,7 +43,7 @@ module Authlogic
         # * <tt>Default:</tt> cookie_key
         # * <tt>Accepts:</tt> String
         def params_key(value = nil)
-          config(:params_key, value, cookie_key)
+          rw_config(:params_key, value, cookie_key)
         end
         alias_method :params_key=, :params_key
         
@@ -53,7 +53,7 @@ module Authlogic
         # * <tt>Default:</tt> ["application/rss+xml", "application/atom+xml"]
         # * <tt>Accepts:</tt> String of a request type, or :all or :any to allow single access authentication for any and all request types
         def single_access_allowed_request_types(value = nil)
-          config(:single_access_allowed_request_types, value, ["application/rss+xml", "application/atom+xml"])
+          rw_config(:single_access_allowed_request_types, value, ["application/rss+xml", "application/atom+xml"])
         end
         alias_method :single_access_allowed_request_types=, :single_access_allowed_request_types
       end

data/lib/authlogic/session/password.rb

@@ -29,16 +29,45 @@ module Authlogic
         #     end
         #   end
         #
-        # Now just specifcy the name of this method for this configuration option and you are all set. You can do anything you want here. Maybe you allow users to have multiple logins
+        # Now just specify the name of this method for this configuration option and you are all set. You can do anything you want here. Maybe you allow users to have multiple logins
         # and you want to search a has_many relationship, etc. The sky is the limit.
         #
         # * <tt>Default:</tt> "find_by_smart_case_login_field"
         # * <tt>Accepts:</tt> Symbol or String
         def find_by_login_method(value = nil)
-          config(:find_by_login_method, value, "find_by_smart_case_login_field")
+          rw_config(:find_by_login_method, value, "find_by_smart_case_login_field")
         end
         alias_method :find_by_login_method=, :find_by_login_method
         
+        # The text used to identify credentials (username/password) combination when a bad login attempt occurs.
+        # When you show error messages for a bad login, it's considered good security practice to hide which field
+        # the user has entered incorrectly (the login field or the password field). For a full explanation, see
+        # http://www.gnucitizen.org/blog/username-enumeration-vulnerabilities/
+        #
+        # Example of use:
+        #
+        #   class UserSession < Authlogic::Session::Base
+        #     generalize_credentials_error_messages true
+        #   end
+        #
+        # This would make the error message for bad logins and bad passwords look identical:
+        #
+        #   Login/Password combination is not valid
+        #
+        # The downside to enabling this is that is can be too vague for a user that has a hard time remembering
+        # their username and password combinations. It also disables the ability to to highlight the field
+        # with the error when you use form_for.
+        #
+        # If you are developing an app where security is an extreme priority (such as a financial application),
+        # then you should enable this. Otherwise, leaving this off is fine.
+        # 
+        # * <tt>Default</tt> false
+        # * <tt>Accepts:</tt> Boolean
+        def generalize_credentials_error_messages(value = nil)
+          rw_config(:generalize_credentials_error_messages, value, false)
+        end
+        alias_method :generalize_credentials_error_messages=, :generalize_credentials_error_messages
+        
         # The name of the method you want Authlogic to create for storing the login / username. Keep in mind this is just for your
         # Authlogic::Session, if you want it can be something completely different than the field in your model. So if you wanted people to
         # login with a field called "login" and then find users by email this is compeltely doable. See the find_by_login_method configuration
@@ -47,7 +76,7 @@ module Authlogic
         # * <tt>Default:</tt> klass.login_field || klass.email_field
         # * <tt>Accepts:</tt> Symbol or String
         def login_field(value = nil)
-          config(:login_field, value, klass.login_field || klass.email_field)
+          rw_config(:login_field, value, klass.login_field || klass.email_field)
         end
         alias_method :login_field=, :login_field
         
@@ -56,7 +85,7 @@ module Authlogic
         # * <tt>Default:</tt> :password
         # * <tt>Accepts:</tt> Symbol or String
         def password_field(value = nil)
-          config(:password_field, value, login_field && :password)
+          rw_config(:password_field, value, login_field && :password)
         end
         alias_method :password_field=, :password_field
         
@@ -65,7 +94,7 @@ module Authlogic
         # * <tt>Default:</tt> "valid_#{password_field}?"
         # * <tt>Accepts:</tt> Symbol or String
         def verify_password_method(value = nil)
-          config(:verify_password_method, value, "valid_#{password_field}?")
+          rw_config(:verify_password_method, value, "valid_#{password_field}?")
         end
         alias_method :verify_password_method=, :verify_password_method
       end
@@ -85,7 +114,7 @@ module Authlogic
 
               self.class.class_eval <<-"end_eval", __FILE__, __LINE__
                 private
-                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the attempted password. The prevent this we just create this method that is private.
+                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the attempted password. To prevent this we just create this method that is private.
                   def protected_#{password_field}
                     @#{password_field}
                   end
@@ -98,6 +127,7 @@ module Authlogic
           super
         end
         
+        # Returns the login_field / password_field credentials combination in hash form.
         def credentials
           if authenticating_with_password?
             details = {}
@@ -109,6 +139,7 @@ module Authlogic
           end
         end
         
+        # Accepts the login_field / password_field credentials combination in hash form.
         def credentials=(value)
           super
           values = value.is_a?(Array) ? value : [value]
@@ -126,19 +157,19 @@ module Authlogic
           end
           
           def validate_by_password
-            errors.add(login_field, I18n.t('error_messages.login_blank', :default => "can not be blank")) if send(login_field).blank?
-            errors.add(password_field, I18n.t('error_messages.password_blank', :default => "can not be blank")) if send("protected_#{password_field}").blank?
+            errors.add(login_field, I18n.t('error_messages.login_blank', :default => "cannot be blank")) if send(login_field).blank?
+            errors.add(password_field, I18n.t('error_messages.password_blank', :default => "cannot be blank")) if send("protected_#{password_field}").blank?
             return if errors.count > 0
 
             self.attempted_record = search_for_record(find_by_login_method, send(login_field))
 
             if attempted_record.blank?
-              errors.add(login_field, I18n.t('error_messages.login_not_found', :default => "does not exist"))
+              generalize_credentials_error_messages? ? add_general_credentials_error : errors.add(login_field, I18n.t('error_messages.login_not_found', :default => "is not valid"))
               return
             end
 
             if !attempted_record.send(verify_password_method, send("protected_#{password_field}"))
-              errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
+              generalize_credentials_error_messages? ? add_general_credentials_error : errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
               return
             end
           end
@@ -151,6 +182,14 @@ module Authlogic
             self.class.login_field
           end
           
+          def add_general_credentials_error
+            errors.add_to_base(I18n.t('error_messages.general_credentials_error', :default => "#{login_field.to_s.humanize}/Password combination is not valid"))
+          end
+          
+          def generalize_credentials_error_messages?
+            self.class.generalize_credentials_error_messages == true
+          end
+          
           def password_field
             self.class.password_field
           end

data/lib/authlogic/session/session.rb

@@ -20,7 +20,7 @@ module Authlogic
         # * <tt>Default:</tt> cookie_key
         # * <tt>Accepts:</tt> Symbol or String
         def session_key(value = nil)
-          config(:session_key, value, cookie_key)
+          rw_config(:session_key, value, cookie_key)
         end
         alias_method :session_key=, :session_key
       end

data/lib/authlogic/session/timeout.rb

@@ -48,7 +48,7 @@ module Authlogic
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
         def logout_on_timeout(value = nil)
-          config(:logout_on_timeout, value, false)
+          rw_config(:logout_on_timeout, value, false)
         end
         alias_method :logout_on_timeout=, :logout_on_timeout
       end

data/lib/authlogic/test_case.rb

@@ -35,6 +35,20 @@ module Authlogic
   # Authlogic::Session::Activation::NotActivatedError any time you try to instantiate an object without a "connection".
   # So before you do anything with Authlogic, you need to activate / connect Authlogic. Let's walk through how to do this in tests:
   #
+  # === Fixtures / Factories
+  #
+  # Creating users via fixtures / factories is easy. Here's an example of a fixture:
+  #
+  #   ben:
+  #     email: whatever@whatever.com
+  #     password_salt: <%= salt = Authlogic::Random.hex_token %>
+  #     crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
+  #     persistence_token: <%= Authlogic::Random.hex_token %>
+  #     single_access_token: <%= Authlogic::Random.friendly_token %>
+  #     perishable_token: <%= Authlogic::Random.friendly_token %>
+  #
+  # Notice the crypted_password value. Just supplement that with whatever crypto provider you are using, if you are not using the default.
+  #
   # === Functional tests
   #
   # Activating Authlogic isn't a problem here, because making a request will activate Authlogic for you. The problem is

data/lib/authlogic/test_case/mock_request.rb

@@ -12,7 +12,7 @@ module Authlogic
       end
       
       private
-        def method_missiing(*args, &block)
+        def method_missing(*args, &block)
         end
     end
   end

data/lib/authlogic/version.rb

@@ -41,7 +41,7 @@ module Authlogic # :nodoc:
 
     MAJOR = 2
     MINOR = 0
-    TINY  = 11
+    TINY  = 12
 
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/test/acts_as_authentic_test/email_test.rb

@@ -33,7 +33,7 @@ module ActsAsAuthenticTest
     end
     
     def test_validates_format_of_email_field_options_config
-      default = {:with => User.send(:email_regex), :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}
+      default = {:with => Authlogic::Regex.email, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}
       assert_equal default, User.validates_format_of_email_field_options
       assert_equal default, Employee.validates_format_of_email_field_options
       

data/test/acts_as_authentic_test/login_test.rb

@@ -33,7 +33,7 @@ module ActsAsAuthenticTest
     end
     
     def test_validates_format_of_login_field_options_config
-      default = {:with => /\A\w[\w\.+-_@ ]+\z/, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}
+      default = {:with => /\A\w[\w\.+\-_@ ]+\z/, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}
       assert_equal default, User.validates_format_of_login_field_options
       assert_equal default, Employee.validates_format_of_login_field_options
       

data/test/acts_as_authentic_test/password_test.rb

@@ -62,7 +62,7 @@ module ActsAsAuthenticTest
     end
     
     def test_validates_confirmation_of_password_field_options_config
-      default = {:minimum => 4, :if => :require_password?}
+      default = {:if => :require_password?}
       assert_equal default, User.validates_confirmation_of_password_field_options
       assert_equal default, Employee.validates_confirmation_of_password_field_options
       
@@ -129,9 +129,6 @@ module ActsAsAuthenticTest
     def test_validates_length_of_password_confirmation
       u = User.new
       
-      assert !u.valid?
-      assert u.errors.on(:password_confirmation)
-      
       u.password = "test"
       u.password_confirmation = ""
       assert !u.valid?

data/test/session_test/password_test.rb

@@ -19,6 +19,14 @@ module SessionTest
         assert_equal "valid_password?", UserSession.verify_password_method
       end
     
+      def test_generalize_credentials_error_messages
+        UserSession.generalize_credentials_error_messages = true
+        assert UserSession.generalize_credentials_error_messages
+    
+        UserSession.generalize_credentials_error_messages false
+        assert !UserSession.generalize_credentials_error_messages
+      end
+      
       def test_login_field
         UserSession.configured_password_methods = false
         UserSession.login_field = :saweet

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: authlogic
 version: !ruby/object:Gem::Version 
-  version: 2.0.11
+  version: 2.0.12
 platform: ruby
 authors: 
 - Ben Johnson of Binary Logic
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-04-25 00:00:00 -04:00
+date: 2009-05-13 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -30,7 +30,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.12.1
+        version: 1.12.2
     version: 
 description: A clean, simple, and unobtrusive ruby authentication solution.
 email: bjohnson@binarylogic.com
@@ -161,6 +161,8 @@ files:
 - test/test_helper.rb
 has_rdoc: true
 homepage: http://github.com/binarylogic/authlogic
+licenses: []
+
 post_install_message: 
 rdoc_options: 
 - --main
@@ -182,9 +184,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: authlogic
-rubygems_version: 1.3.1
+rubygems_version: 1.3.3
 signing_key: 
-specification_version: 2
+specification_version: 3
 summary: A clean, simple, and unobtrusive ruby authentication solution.
 test_files: 
 - test/authenticates_many_test.rb