authlogic 3.4.6 → 3.5.0

data/lib/authlogic/controller_adapters/abstract_adapter.rb

@@ -59,9 +59,10 @@ module Authlogic
       end
 
       private
+
         def method_missing(id, *args, &block)
           controller.send(id, *args, &block)
         end
     end
   end
-end
+end

data/lib/authlogic/controller_adapters/rack_adapter.rb

@@ -37,7 +37,6 @@ module Authlogic
     #     end
     #
     class RackAdapter < AbstractAdapter
-
       def initialize(env)
         # We use the Rack::Request object as the controller object.
         # For this to work, we have to add some glue.
@@ -45,6 +44,7 @@ module Authlogic
 
         request.instance_eval do
           def request; self; end
+
           def remote_ip; self.ip; end
         end
 
@@ -55,9 +55,8 @@ module Authlogic
       # Rack Requests stores cookies with not just the value, but also with flags and expire information in the hash.
       # Authlogic does not like this, so we drop everything except the cookie value
       def cookies
-        controller.cookies.map{|key, value_hash| {key => value_hash[:value]} }.inject(:merge) || {}
+        controller.cookies.map { |key, value_hash| { key => value_hash[:value] } }.inject(:merge) || {}
       end
     end
   end
-
-end
+end

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -6,39 +6,51 @@ module Authlogic
     # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
     class RailsAdapter < AbstractAdapter
       class AuthlogicLoadedTooLateError < StandardError; end
-      
+
       def authenticate_with_http_basic(&block)
         controller.authenticate_with_http_basic(&block)
       end
-      
+
       def cookies
         controller.send(:cookies)
       end
-      
+
       def cookie_domain
         @cookie_domain_key ||= Rails::VERSION::STRING >= '2.3' ? :domain : :session_domain
         controller.request.session_options[@cookie_domain_key]
       end
-      
+
       def request_content_type
         request.format.to_s
       end
-      
-      # Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
+
+      # Lets Authlogic know about the controller object via a before filter, AKA
+      # "activates" authlogic.
       module RailsImplementation
         def self.included(klass) # :nodoc:
           if defined?(::ApplicationController)
-            raise AuthlogicLoadedTooLateError.new("Authlogic is trying to prepend a before_filter in ActionController::Base to active itself" +
-              ", the problem is that ApplicationController has already been loaded meaning the before_filter won't get copied into your" +
-              " application. Generally this is due to another gem or plugin requiring your ApplicationController prematurely, such as" +
-              " the resource_controller plugin. The solution is to require Authlogic before these other gems / plugins. Please require" +
-              " authlogic first to get rid of this error.")
+            raise AuthlogicLoadedTooLateError.new(
+              <<-EOS.strip_heredoc
+                Authlogic is trying to add a callback to ActionController::Base but
+                ApplicationController has already been loaded, so the callback won't
+                be copied into your application. Generally this is due to another gem or
+                plugin requiring your ApplicationController prematurely, such as the
+                resource_controller plugin. Please require Authlogic first, before these
+                other gems / plugins.
+              EOS
+            )
+          end
+
+          # In Rails 4.0.2, the *_filter methods were renamed to *_action.
+          if klass.respond_to? :prepend_before_action
+            klass.prepend_before_action :activate_authlogic
+          else
+            klass.prepend_before_filter :activate_authlogic
           end
-          
-          klass.prepend_before_filter :activate_authlogic
         end
-        
+
         private
+
           def activate_authlogic
             Authlogic::Session::Base.controller = RailsAdapter.new(self)
           end

data/lib/authlogic/controller_adapters/sinatra_adapter.rb

@@ -58,4 +58,4 @@ module Authlogic
   end
 end
 
-Sinatra::Base.send(:include, Authlogic::ControllerAdapters::SinatraAdapter::Adapter::Implementation)
+Sinatra::Base.send(:include, Authlogic::ControllerAdapters::SinatraAdapter::Adapter::Implementation)

data/lib/authlogic/crypto_providers/aes256.rb

@@ -2,28 +2,31 @@ require "openssl"
 
 module Authlogic
   module CryptoProviders
-    # This encryption method is reversible if you have the supplied key. So in order to use this encryption method you must supply it with a key first.
-    # In an initializer, or before your application initializes, you should do the following:
+    # This encryption method is reversible if you have the supplied key. So in order to
+    # use this encryption method you must supply it with a key first. In an initializer,
+    # or before your application initializes, you should do the following:
     #
-    #   Authlogic::CryptoProviders::AES256.key = "my really long and unique key, preferrably a bunch of random characters"
+    #   Authlogic::CryptoProviders::AES256.key = "my really long and unique key, preferably a bunch of random characters"
     #
-    # My final comment is that this is a strong encryption method, but its main weakness is that it's reversible. If you do not need to reverse the hash
-    # then you should consider Sha512 or BCrypt instead.
+    # My final comment is that this is a strong encryption method, but its main weakness
+    # is that it's reversible. If you do not need to reverse the hash then you should
+    # consider Sha512 or BCrypt instead.
     #
-    # Keep your key in a safe place, some even say the key should be stored on a separate server.
-    # This won't hurt performance because the only time it will try and access the key on the separate server is during initialization, which only
-    # happens once. The reasoning behind this is if someone does compromise your server they won't have the key also. Basically, you don't want to
-    # store the key with the lock.
+    # Keep your key in a safe place, some even say the key should be stored on a separate
+    # server. This won't hurt performance because the only time it will try and access the
+    # key on the separate server is during initialization, which only happens once. The
+    # reasoning behind this is if someone does compromise your server they won't have the
+    # key also. Basically, you don't want to store the key with the lock.
     class AES256
       class << self
         attr_writer :key
-    
+
         def encrypt(*tokens)
           aes.encrypt
           aes.key = @key
           [aes.update(tokens.join) + aes.final].pack("m").chomp
         end
-    
+
         def matches?(crypted, *tokens)
           aes.decrypt
           aes.key = @key
@@ -31,8 +34,9 @@ module Authlogic
         rescue OpenSSL::CipherError
           false
         end
-    
+
         private
+
           def aes
             raise ArgumentError.new("You must provide a key like #{name}.key = my_key before using the #{name}") if @key.blank?
             @aes ||= OpenSSL::Cipher::Cipher.new("AES-256-ECB")

data/lib/authlogic/crypto_providers/bcrypt.rb

@@ -45,8 +45,11 @@ module Authlogic
     # You are good to go!
     class BCrypt
       class << self
-        # This is the :cost option for the BCrpyt library. The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
-        # Set this to any value >= the engine's minimum (currently 4), play around with it to get that perfect balance between security and performance.
+        # This is the :cost option for the BCrpyt library. The higher the cost
+        # the more secure it is and the longer is take the generate a hash. By
+        # default this is 10. Set this to any value >= the engine's minimum
+        # (currently 4), play around with it to get that perfect balance between
+        # security and performance.
         def cost
           @cost ||= 10
         end
@@ -63,14 +66,16 @@ module Authlogic
           ::BCrypt::Password.create(join_tokens(tokens), :cost => cost)
         end
 
-        # Does the hash match the tokens? Uses the same tokens that were used to encrypt.
+        # Does the hash match the tokens? Uses the same tokens that were used to
+        # encrypt.
         def matches?(hash, *tokens)
           hash = new_from_hash(hash)
           return false if hash.blank?
           hash == join_tokens(tokens)
         end
 
-        # This method is used as a flag to tell Authlogic to "resave" the password upon a successful login, using the new cost
+        # This method is used as a flag to tell Authlogic to "resave" the
+        # password upon a successful login, using the new cost
         def cost_matches?(hash)
           hash = new_from_hash(hash)
           if hash.blank?
@@ -81,6 +86,7 @@ module Authlogic
         end
 
         private
+
           def join_tokens(tokens)
             tokens.flatten.join
           end

data/lib/authlogic/crypto_providers/md5.rb

@@ -1,29 +1,29 @@
 require "digest/md5"
- 
+
 module Authlogic
   module CryptoProviders
-    # This class was made for the users transitioning from md5 based systems. 
-    # I highly discourage using this crypto provider as it superbly inferior 
+    # This class was made for the users transitioning from md5 based systems.
+    # I highly discourage using this crypto provider as it superbly inferior
     # to your other options.
     #
     # Please use any other provider offered by Authlogic.
     class MD5
       class << self
         attr_accessor :join_token
-        
+
         # The number of times to loop through the encryption.
         def stretches
           @stretches ||= 1
         end
         attr_writer :stretches
-        
+
         # Turns your raw password into a MD5 hash.
         def encrypt(*tokens)
           digest = tokens.flatten.join(join_token)
           stretches.times { digest = Digest::MD5.hexdigest(digest) }
           digest
         end
-        
+
         # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
         def matches?(crypted, *tokens)
           encrypt(*tokens) == crypted
@@ -31,4 +31,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/crypto_providers/scrypt.rb

@@ -19,7 +19,7 @@ module Authlogic
     #   end
     class SCrypt
       class << self
-        DEFAULTS = {:key_len => 32, :salt_size => 8, :max_time => 0.2, :max_mem => 1024 * 1024, :max_memfrac => 0.5}
+        DEFAULTS = { :key_len => 32, :salt_size => 8, :max_time => 0.2, :max_mem => 1024 * 1024, :max_memfrac => 0.5 }
 
         attr_writer :key_len, :salt_size, :max_time, :max_mem, :max_memfrac
         # Key length - length in bytes of generated key, from 16 to 512.
@@ -49,7 +49,14 @@ module Authlogic
 
         # Creates an SCrypt hash for the password passed.
         def encrypt(*tokens)
-          ::SCrypt::Password.create(join_tokens(tokens), :key_len => key_len, :salt_size => salt_size, :max_mem => max_mem, :max_memfrac => max_memfrac, :max_time => max_time)
+          ::SCrypt::Password.create(
+            join_tokens(tokens),
+            :key_len => key_len,
+            :salt_size => salt_size,
+            :max_mem => max_mem,
+            :max_memfrac => max_memfrac,
+            :max_time => max_time
+          )
         end
 
         # Does the hash match the tokens? Uses the same tokens that were used to encrypt.
@@ -60,6 +67,7 @@ module Authlogic
         end
 
         private
+
           def join_tokens(tokens)
             tokens.flatten.join
           end

data/lib/authlogic/crypto_providers/sha1.rb

@@ -10,13 +10,13 @@ module Authlogic
           @join_token ||= "--"
         end
         attr_writer :join_token
-        
+
         # The number of times to loop through the encryption. This is ten because that is what restful_authentication defaults to.
         def stretches
           @stretches ||= 10
         end
         attr_writer :stretches
-        
+
         # Turns your raw password into a Sha1 hash.
         def encrypt(*tokens)
           tokens = tokens.flatten
@@ -24,7 +24,7 @@ module Authlogic
           stretches.times { digest = Digest::SHA1.hexdigest([digest, *tokens].join(join_token)) }
           digest
         end
-        
+
         # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
         def matches?(crypted, *tokens)
           encrypt(*tokens) == crypted

data/lib/authlogic/crypto_providers/sha256.rb

@@ -26,20 +26,20 @@ module Authlogic
     class Sha256
       class << self
         attr_accessor :join_token
-        
+
         # The number of times to loop through the encryption.
         def stretches
           @stretches ||= 20
         end
         attr_writer :stretches
-        
+
         # Turns your raw password into a Sha256 hash.
         def encrypt(*tokens)
           digest = tokens.flatten.join(join_token)
           stretches.times { digest = Digest::SHA256.hexdigest(digest) }
           digest
         end
-        
+
         # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
         def matches?(crypted, *tokens)
           encrypt(*tokens) == crypted

data/lib/authlogic/crypto_providers/sha512.rb

@@ -26,20 +26,20 @@ module Authlogic
     class Sha512
       class << self
         attr_accessor :join_token
-        
+
         # The number of times to loop through the encryption. This is twenty because that is what restful_authentication defaults to.
         def stretches
           @stretches ||= 20
         end
         attr_writer :stretches
-        
+
         # Turns your raw password into a Sha512 hash.
         def encrypt(*tokens)
           digest = tokens.flatten.join(join_token)
           stretches.times { digest = Digest::SHA512.hexdigest(digest) }
           digest
         end
-        
+
         # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
         def matches?(crypted, *tokens)
           encrypt(*tokens) == crypted
@@ -47,4 +47,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/crypto_providers/wordpress.rb

@@ -3,37 +3,37 @@ module Authlogic
   module CryptoProviders
     class Wordpress
       class << self
-        ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+        ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 
         def matches?(crypted, *tokens)
-          stretches = 1 << ITOA64.index(crypted[3,1])
-          plain, salt = *tokens 
-          hashed = Digest::MD5.digest(salt+plain)
+          stretches = 1 << ITOA64.index(crypted[3, 1])
+          plain, salt = *tokens
+          hashed = Digest::MD5.digest(salt + plain)
           stretches.times do |i|
-            hashed = Digest::MD5.digest(hashed+plain)
+            hashed = Digest::MD5.digest(hashed + plain)
           end
-          crypted[0,12]+encode_64(hashed, 16) == crypted
+          crypted[0, 12] + encode_64(hashed, 16) == crypted
         end
 
         def encode_64(input, length)
-          output = "" 
+          output = ""
           i = 0
           while i < length
-            value = input[i] 
-            i+=1
+            value = input[i]
+            i += 1
             break if value.nil?
             output += ITOA64[value & 0x3f, 1]
             value |= input[i] << 8 if i < length
             output += ITOA64[(value >> 6) & 0x3f, 1]
 
-            i+=1
+            i += 1
             break if i >= length
             value |= input[i] << 16 if i < length
-            output += ITOA64[(value >> 12) & 0x3f,1]
+            output += ITOA64[(value >> 12) & 0x3f, 1]
 
-            i+=1
+            i += 1
             break if i >= length
-            output += ITOA64[(value >> 18) & 0x3f,1]
+            output += ITOA64[(value >> 18) & 0x3f, 1]
           end
           output
         end

data/lib/authlogic/i18n.rb

@@ -1,28 +1,32 @@
 require "authlogic/i18n/translator"
 
 module Authlogic
-  # This class allows any message in Authlogic to use internationalization. In earlier versions of Authlogic each message was translated via configuration.
-  # This cluttered up the configuration and cluttered up Authlogic. So all translation has been extracted out into this class. Now all messages pass through
-  # this class, making it much easier to implement in I18n library / plugin you want. Use this as a layer that sits between Authlogic and whatever I18n
-  # library you want to use.
+  # This class allows any message in Authlogic to use internationalization. In earlier
+  # versions of Authlogic each message was translated via configuration. This cluttered up
+  # the configuration and cluttered up Authlogic. So all translation has been extracted
+  # out into this class. Now all messages pass through this class, making it much easier
+  # to implement in I18n library / plugin you want. Use this as a layer that sits between
+  # Authlogic and whatever I18n library you want to use.
   #
-  # By default this uses the rails I18n library, if it exists. If it doesnt exist it just returns the default english message. The Authlogic I18n class
-  # works EXACTLY like the rails I18n class. This is because the arguments are delegated to this class.
+  # By default this uses the rails I18n library, if it exists. If it doesn't exist it just
+  # returns the default English message. The Authlogic I18n class works EXACTLY like the
+  # rails I18n class. This is because the arguments are delegated to this class.
   #
   # Here is how all messages are translated internally with Authlogic:
   #
   #   Authlogic::I18n.t('error_messages.password_invalid', :default => "is invalid")
   #
-  # If you use a different I18n library just replace the build-in I18n::Translator class with your own. For example:
+  # If you use a different I18n library just replace the build-in I18n::Translator class
+  # with your own. For example:
   #
   #   class MyAuthlogicI18nTranslator
   #     def translate(key, options = {})
   #       # you will have key which will be something like: "error_messages.password_invalid"
-  #       # you will also have options[:default], which will be the default english version of the message
+  #       # you will also have options[:default], which will be the default English version of the message
   #       # do whatever you want here with the arguments passed to you.
   #     end
   #   end
-  #   
+  #
   #   Authlogic::I18n.translator = MyAuthlogicI18nTranslator.new
   #
   # That it's! Here is a complete list of the keys that are passed. Just define these however you wish:
@@ -31,7 +35,7 @@ module Authlogic
   #     error_messages:
   #       login_blank: can not be blank
   #       login_not_found: is not valid
-  #       login_invalid: should use only letters, numbers, spaces, and .-_@ please.
+  #       login_invalid: should use only letters, numbers, spaces, and .-_@+ please.
   #       consecutive_failed_logins_limit_exceeded: Consecutive failed logins limit exceeded, account is disabled.
   #       email_invalid: should look like an email address.
   #       email_invalid_international: should look like an international email address.
@@ -53,29 +57,31 @@ module Authlogic
   module I18n
     @@scope = :authlogic
     @@translator = nil
-    
+
     class << self
       # Returns the current scope. Defaults to :authlogic
       def scope
         @@scope
       end
-   
+
       # Sets the current scope. Used to set a custom scope.
       def scope=(scope)
         @@scope = scope
       end
-      
+
       # Returns the current translator. Defaults to +Translator+.
       def translator
         @@translator ||= Translator.new
       end
-      
+
       # Sets the current translator. Used to set a custom translator.
       def translator=(translator)
         @@translator = translator
       end
-    
-      # All message translation is passed to this method. The first argument is the key for the message. The second is options, see the rails I18n library for a list of options used.
+
+      # All message translation is passed to this method. The first argument is the key
+      # for the message. The second is options, see the rails I18n library for a list of
+      # options used.
       def translate(key, options = {})
         translator.translate key, { :scope => I18n.scope }.merge(options)
       end