authlogic 3.4.6 → 3.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (115) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/.rubocop.yml +33 -0
  4. data/.rubocop_todo.yml +427 -0
  5. data/.travis.yml +24 -3
  6. data/CHANGELOG.md +9 -2
  7. data/CONTRIBUTING.md +40 -1
  8. data/Gemfile +1 -1
  9. data/README.md +295 -0
  10. data/Rakefile +10 -2
  11. data/authlogic.gemspec +6 -5
  12. data/lib/authlogic.rb +2 -2
  13. data/lib/authlogic/acts_as_authentic/base.rb +2 -2
  14. data/lib/authlogic/acts_as_authentic/email.rb +59 -14
  15. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +4 -3
  16. data/lib/authlogic/acts_as_authentic/login.rb +62 -12
  17. data/lib/authlogic/acts_as_authentic/magic_columns.rb +17 -6
  18. data/lib/authlogic/acts_as_authentic/password.rb +107 -53
  19. data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -9
  20. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +2 -0
  21. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +48 -35
  22. data/lib/authlogic/acts_as_authentic/single_access_token.rb +19 -15
  23. data/lib/authlogic/acts_as_authentic/validations_scope.rb +2 -2
  24. data/lib/authlogic/authenticates_many/association.rb +6 -5
  25. data/lib/authlogic/authenticates_many/base.rb +22 -12
  26. data/lib/authlogic/config.rb +2 -1
  27. data/lib/authlogic/controller_adapters/abstract_adapter.rb +2 -1
  28. data/lib/authlogic/controller_adapters/rack_adapter.rb +3 -4
  29. data/lib/authlogic/controller_adapters/rails_adapter.rb +26 -14
  30. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +1 -1
  31. data/lib/authlogic/crypto_providers/aes256.rb +16 -12
  32. data/lib/authlogic/crypto_providers/bcrypt.rb +10 -4
  33. data/lib/authlogic/crypto_providers/md5.rb +7 -7
  34. data/lib/authlogic/crypto_providers/scrypt.rb +10 -2
  35. data/lib/authlogic/crypto_providers/sha1.rb +3 -3
  36. data/lib/authlogic/crypto_providers/sha256.rb +3 -3
  37. data/lib/authlogic/crypto_providers/sha512.rb +4 -4
  38. data/lib/authlogic/crypto_providers/wordpress.rb +13 -13
  39. data/lib/authlogic/i18n.rb +22 -16
  40. data/lib/authlogic/i18n/translator.rb +1 -1
  41. data/lib/authlogic/random.rb +13 -12
  42. data/lib/authlogic/regex.rb +3 -3
  43. data/lib/authlogic/session/activation.rb +7 -6
  44. data/lib/authlogic/session/active_record_trickery.rb +1 -2
  45. data/lib/authlogic/session/base.rb +7 -6
  46. data/lib/authlogic/session/brute_force_protection.rb +58 -34
  47. data/lib/authlogic/session/callbacks.rb +16 -12
  48. data/lib/authlogic/session/cookies.rb +29 -14
  49. data/lib/authlogic/session/existence.rb +10 -10
  50. data/lib/authlogic/session/foundation.rb +11 -7
  51. data/lib/authlogic/session/http_auth.rb +6 -5
  52. data/lib/authlogic/session/id.rb +5 -4
  53. data/lib/authlogic/session/klass.rb +2 -1
  54. data/lib/authlogic/session/magic_columns.rb +21 -14
  55. data/lib/authlogic/session/magic_states.rb +25 -14
  56. data/lib/authlogic/session/params.rb +41 -26
  57. data/lib/authlogic/session/password.rb +62 -40
  58. data/lib/authlogic/session/perishable_token.rb +3 -2
  59. data/lib/authlogic/session/persistence.rb +3 -3
  60. data/lib/authlogic/session/priority_record.rb +5 -4
  61. data/lib/authlogic/session/scopes.rb +20 -9
  62. data/lib/authlogic/session/session.rb +9 -4
  63. data/lib/authlogic/session/timeout.rb +40 -23
  64. data/lib/authlogic/session/unauthorized_record.rb +6 -5
  65. data/lib/authlogic/session/validation.rb +18 -9
  66. data/lib/authlogic/test_case.rb +2 -2
  67. data/lib/authlogic/test_case/mock_controller.rb +9 -9
  68. data/lib/authlogic/test_case/mock_cookie_jar.rb +2 -2
  69. data/lib/authlogic/test_case/mock_logger.rb +1 -1
  70. data/lib/authlogic/test_case/mock_request.rb +2 -1
  71. data/lib/authlogic/test_case/rails_request_adapter.rb +5 -5
  72. data/test/acts_as_authentic_test/email_test.rb +29 -17
  73. data/test/acts_as_authentic_test/logged_in_status_test.rb +9 -3
  74. data/test/acts_as_authentic_test/login_test.rb +47 -13
  75. data/test/acts_as_authentic_test/magic_columns_test.rb +4 -4
  76. data/test/acts_as_authentic_test/password_test.rb +31 -21
  77. data/test/acts_as_authentic_test/perishable_token_test.rb +15 -15
  78. data/test/acts_as_authentic_test/session_maintenance_test.rb +20 -13
  79. data/test/acts_as_authentic_test/single_access_test.rb +8 -8
  80. data/test/authenticates_many_test.rb +4 -4
  81. data/test/crypto_provider_test/aes256_test.rb +2 -2
  82. data/test/crypto_provider_test/scrypt_test.rb +1 -1
  83. data/test/crypto_provider_test/sha1_test.rb +3 -3
  84. data/test/crypto_provider_test/sha256_test.rb +1 -1
  85. data/test/crypto_provider_test/sha512_test.rb +2 -2
  86. data/test/gemfiles/Gemfile.rails-3.2.x +2 -2
  87. data/test/gemfiles/Gemfile.rails-5.0.x +6 -0
  88. data/test/i18n_test.rb +5 -5
  89. data/test/libs/affiliate.rb +2 -2
  90. data/test/libs/company.rb +1 -1
  91. data/test/libs/employee.rb +2 -2
  92. data/test/libs/employee_session.rb +1 -1
  93. data/test/libs/ldaper.rb +1 -1
  94. data/test/libs/project.rb +1 -1
  95. data/test/random_test.rb +5 -4
  96. data/test/session_test/activation_test.rb +5 -5
  97. data/test/session_test/active_record_trickery_test.rb +7 -5
  98. data/test/session_test/cookies_test.rb +8 -6
  99. data/test/session_test/existence_test.rb +19 -13
  100. data/test/session_test/http_auth_test.rb +0 -3
  101. data/test/session_test/id_test.rb +2 -2
  102. data/test/session_test/klass_test.rb +1 -1
  103. data/test/session_test/magic_columns_test.rb +0 -3
  104. data/test/session_test/magic_states_test.rb +11 -11
  105. data/test/session_test/params_test.rb +10 -10
  106. data/test/session_test/password_test.rb +4 -5
  107. data/test/session_test/perishability_test.rb +3 -3
  108. data/test/session_test/scopes_test.rb +8 -8
  109. data/test/session_test/session_test.rb +5 -4
  110. data/test/session_test/timeout_test.rb +8 -8
  111. data/test/session_test/unauthorized_record_test.rb +2 -2
  112. data/test/session_test/validation_test.rb +3 -3
  113. data/test/test_helper.rb +9 -5
  114. metadata +54 -24
  115. data/README.rdoc +0 -232
@@ -55,5 +55,5 @@ path = File.dirname(__FILE__) + "/authlogic/"
55
55
  require path + library
56
56
  end
57
57
 
58
- require path + "controller_adapters/rails_adapter" if defined?( Rails )
59
- require path + "controller_adapters/sinatra_adapter" if defined?( Sinatra )
58
+ require path + "controller_adapters/rails_adapter" if defined?(Rails)
59
+ require path + "controller_adapters/sinatra_adapter" if defined?(Sinatra)
@@ -67,11 +67,12 @@ module Authlogic
67
67
  end
68
68
 
69
69
  private
70
+
70
71
  def db_setup?
71
72
  begin
72
73
  column_names
73
74
  true
74
- rescue Exception
75
+ rescue StandardError
75
76
  false
76
77
  end
77
78
  end
@@ -99,4 +100,3 @@ end
99
100
  ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SessionMaintenance
100
101
  ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SingleAccessToken
101
102
  ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::ValidationsScope
102
-
@@ -41,11 +41,11 @@ module Authlogic
41
41
  # * <tt>Default:</tt> {:maximum => 100}
42
42
  # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
43
43
  def validates_length_of_email_field_options(value = nil)
44
- rw_config(:validates_length_of_email_field_options, value, {:maximum => 100})
44
+ rw_config(:validates_length_of_email_field_options, value, { :maximum => 100 })
45
45
  end
46
46
  alias_method :validates_length_of_email_field_options=, :validates_length_of_email_field_options
47
47
 
48
- # A convenience function to merge options into the validates_length_of_email_field_options. So intead of:
48
+ # A convenience function to merge options into the validates_length_of_email_field_options. So instead of:
49
49
  #
50
50
  # self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(:my_option => my_value)
51
51
  #
@@ -56,19 +56,46 @@ module Authlogic
56
56
  self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(options)
57
57
  end
58
58
 
59
- # A hash of options for the validates_format_of call for the email field. Allows you to change this however you want.
59
+ # A hash of options for the validates_format_of call for the email
60
+ # field. Allows you to change this however you want.
60
61
  #
61
- # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
62
- # merge options into it. Checkout the convenience function merge_validates_format_of_email_field_options to merge
63
- # options.</b>
62
+ # <b>Keep in mind this is ruby. I wanted to keep this as flexible as
63
+ # possible, so you can completely replace the hash or merge options into
64
+ # it. Checkout the convenience function
65
+ # merge_validates_format_of_email_field_options to merge options.</b>
66
+ #
67
+ # To validate international email addresses, enable the provided
68
+ # alternate regex:
64
69
  #
65
- # To validate international email addresses, enable the provided alternate regex:
66
70
  # * <tt>validates_format_of_email_field_options({:with => Authlogic::Regex.email_nonascii})</tt>
67
71
  #
68
- # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => Proc.new {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
72
+ # * <tt>Default:</tt>
73
+ #
74
+ # {
75
+ # :with => Authlogic::Regex.email,
76
+ # :message => Proc.new {
77
+ # I18n.t(
78
+ # 'error_messages.email_invalid',
79
+ # :default => "should look like an email address."
80
+ # )
81
+ # }
82
+ # }
83
+ #
69
84
  # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
70
85
  def validates_format_of_email_field_options(value = nil)
71
- rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => Proc.new{I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}})
86
+ rw_config(
87
+ :validates_format_of_email_field_options,
88
+ value,
89
+ {
90
+ :with => Authlogic::Regex.email,
91
+ :message => Proc.new do
92
+ I18n.t(
93
+ 'error_messages.email_invalid',
94
+ :default => "should look like an email address."
95
+ )
96
+ end
97
+ }
98
+ )
72
99
  end
73
100
  alias_method :validates_format_of_email_field_options=, :validates_format_of_email_field_options
74
101
 
@@ -77,16 +104,34 @@ module Authlogic
77
104
  self.validates_format_of_email_field_options = validates_format_of_email_field_options.merge(options)
78
105
  end
79
106
 
80
- # A hash of options for the validates_uniqueness_of call for the email field. Allows you to change this however you want.
107
+ # A hash of options for the validates_uniqueness_of call for the email
108
+ # field. Allows you to change this however you want.
81
109
  #
82
- # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
83
- # merge options into it. Checkout the convenience function merge_validates_uniqueness_of_email_field_options to merge
110
+ # <b>Keep in mind this is ruby. I wanted to keep this as flexible as
111
+ # possible, so you can completely replace the hash or merge options into
112
+ # it. Checkout the convenience function
113
+ # merge_validates_uniqueness_of_email_field_options to merge
84
114
  # options.</b>
85
115
  #
86
- # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym}
116
+ # * <tt>Default:</tt>
117
+ #
118
+ # {
119
+ # :case_sensitive => false,
120
+ # :scope => validations_scope,
121
+ # :if => "#{email_field}_changed?".to_sym
122
+ # }
123
+ #
87
124
  # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
88
125
  def validates_uniqueness_of_email_field_options(value = nil)
89
- rw_config(:validates_uniqueness_of_email_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym})
126
+ rw_config(
127
+ :validates_uniqueness_of_email_field_options,
128
+ value,
129
+ {
130
+ :case_sensitive => false,
131
+ :scope => validations_scope,
132
+ :if => "#{email_field}_changed?".to_sym
133
+ }
134
+ )
90
135
  end
91
136
  alias_method :validates_uniqueness_of_email_field_options=, :validates_uniqueness_of_email_field_options
92
137
 
@@ -31,8 +31,8 @@ module Authlogic
31
31
 
32
32
  klass.class_eval do
33
33
  include InstanceMethods
34
- scope :logged_in, lambda{ where("last_request_at > ? and current_login_at IS NOT NULL", logged_in_timeout.seconds.ago) }
35
- scope :logged_out, lambda{ where("last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago) }
34
+ scope :logged_in, lambda { where("last_request_at > ? and current_login_at IS NOT NULL", logged_in_timeout.seconds.ago) }
35
+ scope :logged_out, lambda { where("last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago) }
36
36
  end
37
37
  end
38
38
 
@@ -49,6 +49,7 @@ module Authlogic
49
49
  end
50
50
 
51
51
  private
52
+
52
53
  def logged_in_timeout
53
54
  self.class.logged_in_timeout
54
55
  end
@@ -56,4 +57,4 @@ module Authlogic
56
57
  end
57
58
  end
58
59
  end
59
- end
60
+ end
@@ -38,7 +38,7 @@ module Authlogic
38
38
  # * <tt>Default:</tt> {:within => 3..100}
39
39
  # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
40
40
  def validates_length_of_login_field_options(value = nil)
41
- rw_config(:validates_length_of_login_field_options, value, {:within => 3..100})
41
+ rw_config(:validates_length_of_login_field_options, value, { :within => 3..100 })
42
42
  end
43
43
  alias_method :validates_length_of_login_field_options=, :validates_length_of_login_field_options
44
44
 
@@ -59,10 +59,31 @@ module Authlogic
59
59
  # merge options into it. Checkout the convenience function merge_validates_format_of_login_field_options to merge
60
60
  # options.</b>
61
61
  #
62
- # * <tt>Default:</tt> {:with => Authlogic::Regex.login, :message => lambda {I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}}
62
+ # * <tt>Default:</tt>
63
+ #
64
+ # {
65
+ # :with => Authlogic::Regex.login,
66
+ # :message => lambda {
67
+ # I18n.t(
68
+ # 'error_messages.login_invalid',
69
+ # :default => "should use only letters, numbers, spaces, and .-_@+ please."
70
+ # )
71
+ # }
72
+ # }
73
+ #
63
74
  # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
64
75
  def validates_format_of_login_field_options(value = nil)
65
- rw_config(:validates_format_of_login_field_options, value, {:with => Authlogic::Regex.login, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")})
76
+ rw_config(
77
+ :validates_format_of_login_field_options,
78
+ value,
79
+ {
80
+ :with => Authlogic::Regex.login,
81
+ :message => I18n.t(
82
+ 'error_messages.login_invalid',
83
+ :default => "should use only letters, numbers, spaces, and .-_@+ please."
84
+ )
85
+ }
86
+ )
66
87
  end
67
88
  alias_method :validates_format_of_login_field_options=, :validates_format_of_login_field_options
68
89
 
@@ -71,16 +92,33 @@ module Authlogic
71
92
  self.validates_format_of_login_field_options = validates_format_of_login_field_options.merge(options)
72
93
  end
73
94
 
74
- # A hash of options for the validates_uniqueness_of call for the login field. Allows you to change this however you want.
95
+ # A hash of options for the validates_uniqueness_of call for the login
96
+ # field. Allows you to change this however you want.
75
97
  #
76
- # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
77
- # merge options into it. Checkout the convenience function merge_validates_format_of_login_field_options to merge
78
- # options.</b>
98
+ # <b>Keep in mind this is ruby. I wanted to keep this as flexible as
99
+ # possible, so you can completely replace the hash or merge options into
100
+ # it. Checkout the convenience function
101
+ # merge_validates_format_of_login_field_options to merge options.</b>
102
+ #
103
+ # * <tt>Default:</tt>
104
+ #
105
+ # {
106
+ # :case_sensitive => false,
107
+ # :scope => validations_scope,
108
+ # :if => "#{login_field}_changed?".to_sym
109
+ # }
79
110
  #
80
- # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym}
81
111
  # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
82
112
  def validates_uniqueness_of_login_field_options(value = nil)
83
- rw_config(:validates_uniqueness_of_login_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym})
113
+ rw_config(
114
+ :validates_uniqueness_of_login_field_options,
115
+ value,
116
+ {
117
+ :case_sensitive => false,
118
+ :scope => validations_scope,
119
+ :if => "#{login_field}_changed?".to_sym
120
+ }
121
+ )
84
122
  end
85
123
  alias_method :validates_uniqueness_of_login_field_options=, :validates_uniqueness_of_login_field_options
86
124
 
@@ -112,18 +150,30 @@ module Authlogic
112
150
  end
113
151
 
114
152
  private
153
+
115
154
  def find_with_case(field, value, sensitivity = true)
155
+ ar_gem_version = Gem::Version.new(ActiveRecord::VERSION::STRING)
156
+
116
157
  relation = if not sensitivity
117
158
  connection.case_insensitive_comparison(arel_table, field.to_s, columns_hash[field.to_s], value)
159
+ elsif ar_gem_version >= Gem::Version.new('5.0')
160
+ connection.case_sensitive_comparison(arel_table, field.to_s, columns_hash[field.to_s], value)
118
161
  else
119
- if Gem::Version.new(Rails.version) < Gem::Version.new('4.2')
162
+ if ar_gem_version < Gem::Version.new('4.2')
120
163
  value = connection.case_sensitive_modifier(value)
121
164
  else
122
165
  value = connection.case_sensitive_modifier(value, field.to_s)
123
166
  end
124
- relation = arel_table[field.to_s].eq(value)
167
+ arel_table[field.to_s].eq(value)
168
+ end
169
+
170
+ # bind value in rails 5
171
+ if ar_gem_version >= Gem::Version.new('5')
172
+ bind = ActiveRecord::Relation::QueryAttribute.new(field.to_s, value, ActiveRecord::Type::Value.new)
173
+ where(relation, bind).first
174
+ else
175
+ where(relation).first
125
176
  end
126
- where(relation).first
127
177
  end
128
178
  end
129
179
 
@@ -1,21 +1,32 @@
1
1
  module Authlogic
2
2
  module ActsAsAuthentic
3
- # Magic columns are like ActiveRecord's created_at and updated_at columns. They are "magically" maintained for
4
- # you. Authlogic has the same thing, but these are maintained on the session side. Please see Authlogic::Session::MagicColumns
5
- # for more details. This module merely adds validations for the magic columns if they exist.
3
+ # Magic columns are like ActiveRecord's created_at and updated_at columns. They are
4
+ # "magically" maintained for you. Authlogic has the same thing, but these are
5
+ # maintained on the session side. Please see Authlogic::Session::MagicColumns for more
6
+ # details. This module merely adds validations for the magic columns if they exist.
6
7
  module MagicColumns
7
8
  def self.included(klass)
8
9
  klass.class_eval do
9
10
  add_acts_as_authentic_module(Methods)
10
11
  end
11
12
  end
12
-
13
+
13
14
  # Methods relating to the magic columns
14
15
  module Methods
15
16
  def self.included(klass)
16
17
  klass.class_eval do
17
- validates_numericality_of :login_count, :only_integer => true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
18
- validates_numericality_of :failed_login_count, :only_integer => true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("failed_login_count")
18
+ if column_names.include?("login_count")
19
+ validates_numericality_of :login_count,
20
+ :only_integer => true,
21
+ :greater_than_or_equal_to => 0,
22
+ :allow_nil => true
23
+ end
24
+ if column_names.include?("failed_login_count")
25
+ validates_numericality_of :failed_login_count,
26
+ :only_integer => true,
27
+ :greater_than_or_equal_to => 0,
28
+ :allow_nil => true
29
+ end
19
30
  end
20
31
  end
21
32
  end
@@ -1,7 +1,8 @@
1
1
  module Authlogic
2
2
  module ActsAsAuthentic
3
- # This module has a lot of neat functionality. It is responsible for encrypting your password, salting it, and verifying it.
4
- # It can also help you transition to a new encryption algorithm. See the Config sub module for configuration options.
3
+ # This module has a lot of neat functionality. It is responsible for encrypting your
4
+ # password, salting it, and verifying it. It can also help you transition to a new
5
+ # encryption algorithm. See the Config sub module for configuration options.
5
6
  module Password
6
7
  def self.included(klass)
7
8
  klass.class_eval do
@@ -18,7 +19,11 @@ module Authlogic
18
19
  # * <tt>Default:</tt> :crypted_password, :encrypted_password, :password_hash, or :pw_hash
19
20
  # * <tt>Accepts:</tt> Symbol
20
21
  def crypted_password_field(value = nil)
21
- rw_config(:crypted_password_field, value, first_column_to_exist(nil, :crypted_password, :encrypted_password, :password_hash, :pw_hash))
22
+ rw_config(
23
+ :crypted_password_field,
24
+ value,
25
+ first_column_to_exist(nil, :crypted_password, :encrypted_password, :password_hash, :pw_hash)
26
+ )
22
27
  end
23
28
  alias_method :crypted_password_field=, :crypted_password_field
24
29
 
@@ -27,12 +32,16 @@ module Authlogic
27
32
  # * <tt>Default:</tt> :password_salt, :pw_salt, :salt, nil if none exist
28
33
  # * <tt>Accepts:</tt> Symbol
29
34
  def password_salt_field(value = nil)
30
- rw_config(:password_salt_field, value, first_column_to_exist(nil, :password_salt, :pw_salt, :salt))
35
+ rw_config(
36
+ :password_salt_field,
37
+ value,
38
+ first_column_to_exist(nil, :password_salt, :pw_salt, :salt)
39
+ )
31
40
  end
32
41
  alias_method :password_salt_field=, :password_salt_field
33
42
 
34
- # Whether or not to require a password confirmation. If you don't want your users to confirm their password
35
- # just set this to false.
43
+ # Whether or not to require a password confirmation. If you don't want your users
44
+ # to confirm their password just set this to false.
36
45
  #
37
46
  # * <tt>Default:</tt> true
38
47
  # * <tt>Accepts:</tt> Boolean
@@ -41,14 +50,17 @@ module Authlogic
41
50
  end
42
51
  alias_method :require_password_confirmation=, :require_password_confirmation
43
52
 
44
- # By default passwords are required when a record is new or the crypted_password is blank, but if both of these things
45
- # are met a password is not required. In this case, blank passwords are ignored.
53
+ # By default passwords are required when a record is new or the crypted_password
54
+ # is blank, but if both of these things are met a password is not required. In
55
+ # this case, blank passwords are ignored.
46
56
  #
47
- # Think about a profile page, where the user can edit all of their information, including changing their password.
48
- # If they do not want to change their password they just leave the fields blank. This will try to set the password to
49
- # a blank value, in which case is incorrect behavior. As such, Authlogic ignores this. But let's say you have a completely
50
- # separate page for resetting passwords, you might not want to ignore blank passwords. If this is the case for you, then
51
- # just set this value to false.
57
+ # Think about a profile page, where the user can edit all of their information,
58
+ # including changing their password. If they do not want to change their password
59
+ # they just leave the fields blank. This will try to set the password to a blank
60
+ # value, in which case is incorrect behavior. As such, Authlogic ignores this. But
61
+ # let's say you have a completely separate page for resetting passwords, you might
62
+ # not want to ignore blank passwords. If this is the case for you, then just set
63
+ # this value to false.
52
64
  #
53
65
  # * <tt>Default:</tt> true
54
66
  # * <tt>Accepts:</tt> Boolean
@@ -57,15 +69,16 @@ module Authlogic
57
69
  end
58
70
  alias_method :ignore_blank_passwords=, :ignore_blank_passwords
59
71
 
60
- # When calling valid_password?("some pass") do you want to check that password against what's in that object or whats in
61
- # the database. Take this example:
72
+ # When calling valid_password?("some pass") do you want to check that password
73
+ # against what's in that object or whats in the database. Take this example:
62
74
  #
63
75
  # u = User.first
64
76
  # u.password = "new pass"
65
77
  # u.valid_password?("old pass")
66
78
  #
67
- # Should the last line above return true or false? The record hasn't been saved yet, so most would assume true.
68
- # Other would assume false. So I let you decide by giving you this option.
79
+ # Should the last line above return true or false? The record hasn't been saved
80
+ # yet, so most would assume true. Other would assume false. So I let you decide by
81
+ # giving you this option.
69
82
  #
70
83
  # * <tt>Default:</tt> true
71
84
  # * <tt>Accepts:</tt> Boolean
@@ -83,22 +96,26 @@ module Authlogic
83
96
  end
84
97
  alias_method :validate_password_field=, :validate_password_field
85
98
 
86
- # A hash of options for the validates_length_of call for the password field. Allows you to change this however you want.
99
+ # A hash of options for the validates_length_of call for the password field.
100
+ # Allows you to change this however you want.
87
101
  #
88
- # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
89
- # merge options into it. Checkout the convenience function merge_validates_length_of_password_field_options to merge
102
+ # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so
103
+ # you can completely replace the hash or merge options into it. Checkout the
104
+ # convenience function merge_validates_length_of_password_field_options to merge
90
105
  # options.</b>
91
106
  #
92
- # * <tt>Default:</tt> {:minimum => 4, :if => :require_password?}
107
+ # * <tt>Default:</tt> {:minimum => 8, :if => :require_password?}
93
108
  # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
94
109
  def validates_length_of_password_field_options(value = nil)
95
- rw_config(:validates_length_of_password_field_options, value, {:minimum => 4, :if => :require_password?})
110
+ rw_config(:validates_length_of_password_field_options, value, { :minimum => 8, :if => :require_password? })
96
111
  end
97
112
  alias_method :validates_length_of_password_field_options=, :validates_length_of_password_field_options
98
113
 
99
- # A convenience function to merge options into the validates_length_of_login_field_options. So intead of:
114
+ # A convenience function to merge options into the
115
+ # validates_length_of_login_field_options. So instead of:
100
116
  #
101
- # self.validates_length_of_password_field_options = validates_length_of_password_field_options.merge(:my_option => my_value)
117
+ # self.validates_length_of_password_field_options =
118
+ # validates_length_of_password_field_options.merge(:my_option => my_value)
102
119
  #
103
120
  # You can do this:
104
121
  #
@@ -107,44 +124,56 @@ module Authlogic
107
124
  self.validates_length_of_password_field_options = validates_length_of_password_field_options.merge(options)
108
125
  end
109
126
 
110
- # A hash of options for the validates_confirmation_of call for the password field. Allows you to change this however you want.
127
+ # A hash of options for the validates_confirmation_of call for the password field.
128
+ # Allows you to change this however you want.
111
129
  #
112
- # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
113
- # merge options into it. Checkout the convenience function merge_validates_length_of_password_field_options to merge
130
+ # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so
131
+ # you can completely replace the hash or merge options into it. Checkout the
132
+ # convenience function merge_validates_length_of_password_field_options to merge
114
133
  # options.</b>
115
134
  #
116
135
  # * <tt>Default:</tt> {:if => :require_password?}
117
136
  # * <tt>Accepts:</tt> Hash of options accepted by validates_confirmation_of
118
137
  def validates_confirmation_of_password_field_options(value = nil)
119
- rw_config(:validates_confirmation_of_password_field_options, value, {:if => :require_password?})
138
+ rw_config(:validates_confirmation_of_password_field_options, value, { :if => :require_password? })
120
139
  end
121
140
  alias_method :validates_confirmation_of_password_field_options=, :validates_confirmation_of_password_field_options
122
141
 
123
- # See merge_validates_length_of_password_field_options. The same thing, except for validates_confirmation_of_password_field_options
142
+ # See merge_validates_length_of_password_field_options. The same thing, except for
143
+ # validates_confirmation_of_password_field_options
124
144
  def merge_validates_confirmation_of_password_field_options(options = {})
125
145
  self.validates_confirmation_of_password_field_options = validates_confirmation_of_password_field_options.merge(options)
126
146
  end
127
147
 
128
- # A hash of options for the validates_length_of call for the password_confirmation field. Allows you to change this however you want.
148
+ # A hash of options for the validates_length_of call for the password_confirmation
149
+ # field. Allows you to change this however you want.
129
150
  #
130
- # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
131
- # merge options into it. Checkout the convenience function merge_validates_length_of_password_field_options to merge
151
+ # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so
152
+ # you can completely replace the hash or merge options into it. Checkout the
153
+ # convenience function merge_validates_length_of_password_field_options to merge
132
154
  # options.</b>
133
155
  #
134
156
  # * <tt>Default:</tt> validates_length_of_password_field_options
135
157
  # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
136
158
  def validates_length_of_password_confirmation_field_options(value = nil)
137
- rw_config(:validates_length_of_password_confirmation_field_options, value, validates_length_of_password_field_options)
159
+ rw_config(
160
+ :validates_length_of_password_confirmation_field_options,
161
+ value,
162
+ validates_length_of_password_field_options
163
+ )
138
164
  end
139
165
  alias_method :validates_length_of_password_confirmation_field_options=, :validates_length_of_password_confirmation_field_options
140
166
 
141
- # See merge_validates_length_of_password_field_options. The same thing, except for validates_length_of_password_confirmation_field_options
167
+ # See merge_validates_length_of_password_field_options. The same thing, except for
168
+ # validates_length_of_password_confirmation_field_options
142
169
  def merge_validates_length_of_password_confirmation_field_options(options = {})
143
- self.validates_length_of_password_confirmation_field_options = validates_length_of_password_confirmation_field_options.merge(options)
170
+ self.validates_length_of_password_confirmation_field_options =
171
+ validates_length_of_password_confirmation_field_options.merge(options)
144
172
  end
145
173
 
146
- # The class you want to use to encrypt and verify your encrypted passwords. See the Authlogic::CryptoProviders module for more info
147
- # on the available methods and how to create your own.
174
+ # The class you want to use to encrypt and verify your encrypted passwords. See
175
+ # the Authlogic::CryptoProviders module for more info on the available methods and
176
+ # how to create your own.
148
177
  #
149
178
  # * <tt>Default:</tt> CryptoProviders::SCrypt
150
179
  # * <tt>Accepts:</tt> Class
@@ -153,14 +182,17 @@ module Authlogic
153
182
  end
154
183
  alias_method :crypto_provider=, :crypto_provider
155
184
 
156
- # Let's say you originally encrypted your passwords with Sha1. Sha1 is starting to join the party with MD5 and you want to switch
157
- # to something stronger. No problem, just specify your new and improved algorithm with the crypt_provider option and then let
158
- # Authlogic know you are transitioning from Sha1 using this option. Authlogic will take care of everything, including transitioning
159
- # your users to the new algorithm. The next time a user logs in, they will be granted access using the old algorithm and their
160
- # password will be resaved with the new algorithm. All new users will obviously use the new algorithm as well.
185
+ # Let's say you originally encrypted your passwords with Sha1. Sha1 is starting to
186
+ # join the party with MD5 and you want to switch to something stronger. No
187
+ # problem, just specify your new and improved algorithm with the crypt_provider
188
+ # option and then let Authlogic know you are transitioning from Sha1 using this
189
+ # option. Authlogic will take care of everything, including transitioning your
190
+ # users to the new algorithm. The next time a user logs in, they will be granted
191
+ # access using the old algorithm and their password will be resaved with the new
192
+ # algorithm. All new users will obviously use the new algorithm as well.
161
193
  #
162
- # Lastly, if you want to transition again, you can pass an array of crypto providers. So you can transition from as many algorithms
163
- # as you want.
194
+ # Lastly, if you want to transition again, you can pass an array of crypto
195
+ # providers. So you can transition from as many algorithms as you want.
164
196
  #
165
197
  # * <tt>Default:</tt> nil
166
198
  # * <tt>Accepts:</tt> Class or Array
@@ -194,6 +226,7 @@ module Authlogic
194
226
  end
195
227
 
196
228
  private
229
+
197
230
  METHODS.each do |method|
198
231
  class_eval <<-"end_eval", __FILE__, __LINE__
199
232
  def #{method}
@@ -230,23 +263,36 @@ module Authlogic
230
263
  @password
231
264
  end
232
265
 
233
- # This is a virtual method. Once a password is passed to it, it will create new password salt as well as encrypt
234
- # the password.
266
+ # This is a virtual method. Once a password is passed to it, it will
267
+ # create new password salt as well as encrypt the password.
235
268
  def password=(pass)
236
269
  return if ignore_blank_passwords? && pass.blank?
237
270
  before_password_set
238
271
  @password = pass
239
272
  send("#{password_salt_field}=", Authlogic::Random.friendly_token) if password_salt_field
240
- send("#{crypted_password_field}=", crypto_provider.encrypt(*encrypt_arguments(@password, false, act_like_restful_authentication? ? :restful_authentication : nil)))
273
+ send(
274
+ "#{crypted_password_field}=",
275
+ crypto_provider.encrypt(
276
+ *encrypt_arguments(@password, false, act_like_restful_authentication? ? :restful_authentication : nil)
277
+ )
278
+ )
241
279
  @password_changed = true
242
280
  after_password_set
243
281
  end
244
282
 
245
- # Accepts a raw password to determine if it is the correct password or not. Notice the second argument. That defaults to the value of
246
- # check_passwords_against_database. See that method for more information, but basically it just tells Authlogic to check the password
247
- # against the value in the database or the value in the object.
283
+ # Accepts a raw password to determine if it is the correct password or not.
284
+ # Notice the second argument. That defaults to the value of
285
+ # check_passwords_against_database. See that method for more information, but
286
+ # basically it just tells Authlogic to check the password against the value in
287
+ # the database or the value in the object.
248
288
  def valid_password?(attempted_password, check_against_database = check_passwords_against_database?)
249
- crypted = check_against_database && send("#{crypted_password_field}_changed?") ? send("#{crypted_password_field}_was") : send(crypted_password_field)
289
+ crypted =
290
+ if check_against_database && send("#{crypted_password_field}_changed?")
291
+ send("#{crypted_password_field}_was")
292
+ else
293
+ send(crypted_password_field)
294
+ end
295
+
250
296
  return false if attempted_password.blank? || crypted.blank?
251
297
  before_password_verification
252
298
 
@@ -282,6 +328,7 @@ module Authlogic
282
328
  alias_method :randomize_password!, :reset_password!
283
329
 
284
330
  private
331
+
285
332
  def check_passwords_against_database?
286
333
  self.class.check_passwords_against_database == true
287
334
  end
@@ -292,7 +339,14 @@ module Authlogic
292
339
 
293
340
  def encrypt_arguments(raw_password, check_against_database, arguments_type = nil)
294
341
  salt = nil
295
- salt = (check_against_database && send("#{password_salt_field}_changed?") ? send("#{password_salt_field}_was") : send(password_salt_field)) if password_salt_field
342
+ if password_salt_field
343
+ salt =
344
+ if check_against_database && send("#{password_salt_field}_changed?")
345
+ send("#{password_salt_field}_was")
346
+ else
347
+ send(password_salt_field)
348
+ end
349
+ end
296
350
 
297
351
  case arguments_type
298
352
  when :restful_authentication
@@ -302,7 +356,7 @@ module Authlogic
302
356
  end
303
357
  end
304
358
 
305
- # Determines if we need to tranisiton the password.
359
+ # Determines if we need to transition the password.
306
360
  # If the index > 0 then we are using an "transition from" crypto provider.
307
361
  # If the encryptor has a cost and the cost it outdated.
308
362
  # If we aren't using database values