authlogic 3.4.6 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (115) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/.rubocop.yml +33 -0
  4. data/.rubocop_todo.yml +427 -0
  5. data/.travis.yml +24 -3
  6. data/CHANGELOG.md +9 -2
  7. data/CONTRIBUTING.md +40 -1
  8. data/Gemfile +1 -1
  9. data/README.md +295 -0
  10. data/Rakefile +10 -2
  11. data/authlogic.gemspec +6 -5
  12. data/lib/authlogic.rb +2 -2
  13. data/lib/authlogic/acts_as_authentic/base.rb +2 -2
  14. data/lib/authlogic/acts_as_authentic/email.rb +59 -14
  15. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +4 -3
  16. data/lib/authlogic/acts_as_authentic/login.rb +62 -12
  17. data/lib/authlogic/acts_as_authentic/magic_columns.rb +17 -6
  18. data/lib/authlogic/acts_as_authentic/password.rb +107 -53
  19. data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -9
  20. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +2 -0
  21. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +48 -35
  22. data/lib/authlogic/acts_as_authentic/single_access_token.rb +19 -15
  23. data/lib/authlogic/acts_as_authentic/validations_scope.rb +2 -2
  24. data/lib/authlogic/authenticates_many/association.rb +6 -5
  25. data/lib/authlogic/authenticates_many/base.rb +22 -12
  26. data/lib/authlogic/config.rb +2 -1
  27. data/lib/authlogic/controller_adapters/abstract_adapter.rb +2 -1
  28. data/lib/authlogic/controller_adapters/rack_adapter.rb +3 -4
  29. data/lib/authlogic/controller_adapters/rails_adapter.rb +26 -14
  30. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +1 -1
  31. data/lib/authlogic/crypto_providers/aes256.rb +16 -12
  32. data/lib/authlogic/crypto_providers/bcrypt.rb +10 -4
  33. data/lib/authlogic/crypto_providers/md5.rb +7 -7
  34. data/lib/authlogic/crypto_providers/scrypt.rb +10 -2
  35. data/lib/authlogic/crypto_providers/sha1.rb +3 -3
  36. data/lib/authlogic/crypto_providers/sha256.rb +3 -3
  37. data/lib/authlogic/crypto_providers/sha512.rb +4 -4
  38. data/lib/authlogic/crypto_providers/wordpress.rb +13 -13
  39. data/lib/authlogic/i18n.rb +22 -16
  40. data/lib/authlogic/i18n/translator.rb +1 -1
  41. data/lib/authlogic/random.rb +13 -12
  42. data/lib/authlogic/regex.rb +3 -3
  43. data/lib/authlogic/session/activation.rb +7 -6
  44. data/lib/authlogic/session/active_record_trickery.rb +1 -2
  45. data/lib/authlogic/session/base.rb +7 -6
  46. data/lib/authlogic/session/brute_force_protection.rb +58 -34
  47. data/lib/authlogic/session/callbacks.rb +16 -12
  48. data/lib/authlogic/session/cookies.rb +29 -14
  49. data/lib/authlogic/session/existence.rb +10 -10
  50. data/lib/authlogic/session/foundation.rb +11 -7
  51. data/lib/authlogic/session/http_auth.rb +6 -5
  52. data/lib/authlogic/session/id.rb +5 -4
  53. data/lib/authlogic/session/klass.rb +2 -1
  54. data/lib/authlogic/session/magic_columns.rb +21 -14
  55. data/lib/authlogic/session/magic_states.rb +25 -14
  56. data/lib/authlogic/session/params.rb +41 -26
  57. data/lib/authlogic/session/password.rb +62 -40
  58. data/lib/authlogic/session/perishable_token.rb +3 -2
  59. data/lib/authlogic/session/persistence.rb +3 -3
  60. data/lib/authlogic/session/priority_record.rb +5 -4
  61. data/lib/authlogic/session/scopes.rb +20 -9
  62. data/lib/authlogic/session/session.rb +9 -4
  63. data/lib/authlogic/session/timeout.rb +40 -23
  64. data/lib/authlogic/session/unauthorized_record.rb +6 -5
  65. data/lib/authlogic/session/validation.rb +18 -9
  66. data/lib/authlogic/test_case.rb +2 -2
  67. data/lib/authlogic/test_case/mock_controller.rb +9 -9
  68. data/lib/authlogic/test_case/mock_cookie_jar.rb +2 -2
  69. data/lib/authlogic/test_case/mock_logger.rb +1 -1
  70. data/lib/authlogic/test_case/mock_request.rb +2 -1
  71. data/lib/authlogic/test_case/rails_request_adapter.rb +5 -5
  72. data/test/acts_as_authentic_test/email_test.rb +29 -17
  73. data/test/acts_as_authentic_test/logged_in_status_test.rb +9 -3
  74. data/test/acts_as_authentic_test/login_test.rb +47 -13
  75. data/test/acts_as_authentic_test/magic_columns_test.rb +4 -4
  76. data/test/acts_as_authentic_test/password_test.rb +31 -21
  77. data/test/acts_as_authentic_test/perishable_token_test.rb +15 -15
  78. data/test/acts_as_authentic_test/session_maintenance_test.rb +20 -13
  79. data/test/acts_as_authentic_test/single_access_test.rb +8 -8
  80. data/test/authenticates_many_test.rb +4 -4
  81. data/test/crypto_provider_test/aes256_test.rb +2 -2
  82. data/test/crypto_provider_test/scrypt_test.rb +1 -1
  83. data/test/crypto_provider_test/sha1_test.rb +3 -3
  84. data/test/crypto_provider_test/sha256_test.rb +1 -1
  85. data/test/crypto_provider_test/sha512_test.rb +2 -2
  86. data/test/gemfiles/Gemfile.rails-3.2.x +2 -2
  87. data/test/gemfiles/Gemfile.rails-5.0.x +6 -0
  88. data/test/i18n_test.rb +5 -5
  89. data/test/libs/affiliate.rb +2 -2
  90. data/test/libs/company.rb +1 -1
  91. data/test/libs/employee.rb +2 -2
  92. data/test/libs/employee_session.rb +1 -1
  93. data/test/libs/ldaper.rb +1 -1
  94. data/test/libs/project.rb +1 -1
  95. data/test/random_test.rb +5 -4
  96. data/test/session_test/activation_test.rb +5 -5
  97. data/test/session_test/active_record_trickery_test.rb +7 -5
  98. data/test/session_test/cookies_test.rb +8 -6
  99. data/test/session_test/existence_test.rb +19 -13
  100. data/test/session_test/http_auth_test.rb +0 -3
  101. data/test/session_test/id_test.rb +2 -2
  102. data/test/session_test/klass_test.rb +1 -1
  103. data/test/session_test/magic_columns_test.rb +0 -3
  104. data/test/session_test/magic_states_test.rb +11 -11
  105. data/test/session_test/params_test.rb +10 -10
  106. data/test/session_test/password_test.rb +4 -5
  107. data/test/session_test/perishability_test.rb +3 -3
  108. data/test/session_test/scopes_test.rb +8 -8
  109. data/test/session_test/session_test.rb +5 -4
  110. data/test/session_test/timeout_test.rb +8 -8
  111. data/test/session_test/unauthorized_record_test.rb +2 -2
  112. data/test/session_test/validation_test.rb +3 -3
  113. data/test/test_helper.rb +9 -5
  114. metadata +54 -24
  115. data/README.rdoc +0 -232
@@ -1,7 +1,7 @@
1
1
  module Authlogic
2
2
  module I18n
3
3
  class Translator
4
- # If the I18n gem is present, calls +I18n.translate+ passing all
4
+ # If the I18n gem is present, calls +I18n.translate+ passing all
5
5
  # arguments, else returns +options[:default]+.
6
6
  def translate(key, options = {})
7
7
  if defined?(::I18n)
@@ -1,33 +1,34 @@
1
1
  module Authlogic
2
- # Handles generating random strings. If SecureRandom is installed it will default to this and use it instead. SecureRandom comes with ActiveSupport.
3
- # So if you are using this in a rails app you should have this library.
2
+ # Handles generating random strings. If SecureRandom is installed it will default to
3
+ # this and use it instead. SecureRandom comes with ActiveSupport. So if you are using
4
+ # this in a rails app you should have this library.
4
5
  module Random
5
6
  extend self
6
-
7
- SecureRandom = (defined?(::SecureRandom) && ::SecureRandom) || (defined?(::ActiveSupport::SecureRandom) && ::ActiveSupport::SecureRandom)
8
-
7
+
8
+ SecureRandom = (defined?(::SecureRandom) && ::SecureRandom) ||
9
+ (defined?(::ActiveSupport::SecureRandom) && ::ActiveSupport::SecureRandom)
10
+
9
11
  if SecureRandom
10
12
  def hex_token
11
13
  SecureRandom.hex(64)
12
14
  end
13
-
15
+
14
16
  def friendly_token
15
17
  # use base64url as defined by RFC4648
16
18
  SecureRandom.base64(15).tr('+/=', '').strip.delete("\n")
17
19
  end
18
20
  else
19
21
  def hex_token
20
- Authlogic::CryptoProviders::Sha512.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
22
+ Authlogic::CryptoProviders::Sha512.encrypt(Time.now.to_s + (1..10).collect { rand.to_s }.join)
21
23
  end
22
-
24
+
23
25
  FRIENDLY_CHARS = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
24
-
26
+
25
27
  def friendly_token
26
28
  newpass = ""
27
- 1.upto(20) { |i| newpass << FRIENDLY_CHARS[rand(FRIENDLY_CHARS.size-1)] }
29
+ 1.upto(20) { |i| newpass << FRIENDLY_CHARS[rand(FRIENDLY_CHARS.size - 1)] }
28
30
  newpass
29
31
  end
30
32
  end
31
-
32
33
  end
33
- end
34
+ end
@@ -1,4 +1,4 @@
1
- #encoding: utf-8
1
+ # encoding: utf-8
2
2
  module Authlogic
3
3
  # This is a module the contains regular expressions used throughout Authlogic. The point of extracting
4
4
  # them out into their own module is to make them easily available to you for other uses. Ex:
@@ -38,10 +38,10 @@ module Authlogic
38
38
  end
39
39
  end
40
40
 
41
- # A simple regular expression that only allows for letters, numbers, spaces, and .-_@. Just a standard login / username
41
+ # A simple regular expression that only allows for letters, numbers, spaces, and .-_@+. Just a standard login / username
42
42
  # regular expression.
43
43
  def self.login
44
- /\A\w[\w\.+\-_@ ]+\z/
44
+ /\A[a-zA-Z0-9_][a-zA-Z0-9\.+\-_@ ]+\z/
45
45
  end
46
46
  end
47
47
  end
@@ -11,14 +11,14 @@ module Authlogic
11
11
  super("You must activate the Authlogic::Session::Base.controller with a controller object before creating objects")
12
12
  end
13
13
  end
14
-
14
+
15
15
  def self.included(klass)
16
16
  klass.class_eval do
17
17
  extend ClassMethods
18
18
  include InstanceMethods
19
19
  end
20
20
  end
21
-
21
+
22
22
  module ClassMethods
23
23
  # Returns true if a controller has been set and can be used properly. This MUST be set before anything can be done.
24
24
  # Similar to how ActiveRecord won't allow you to do anything without establishing a DB connection. In your framework
@@ -27,7 +27,7 @@ module Authlogic
27
27
  def activated?
28
28
  !controller.nil?
29
29
  end
30
-
30
+
31
31
  # This accepts a controller object wrapped with the Authlogic controller adapter. The controller adapters close the gap
32
32
  # between the different controllers in each framework. That being said, Authlogic is expecting your object's class to
33
33
  # extend Authlogic::ControllerAdapters::AbstractAdapter. See Authlogic::ControllerAdapters for more info.
@@ -36,21 +36,22 @@ module Authlogic
36
36
  def controller=(value)
37
37
  RequestStore.store[:authlogic_controller] = value
38
38
  end
39
-
39
+
40
40
  # The current controller object
41
41
  def controller
42
42
  RequestStore.store[:authlogic_controller]
43
43
  end
44
44
  end
45
-
45
+
46
46
  module InstanceMethods
47
47
  # Making sure we are activated before we start creating objects
48
48
  def initialize(*args)
49
49
  raise NotActivatedError.new(self) unless self.class.activated?
50
50
  super
51
51
  end
52
-
52
+
53
53
  private
54
+
54
55
  def controller
55
56
  self.class.controller
56
57
  end
@@ -25,13 +25,12 @@ module Authlogic
25
25
  #
26
26
  # authlogic.models.user_session
27
27
  def human_name(*args)
28
- I18n.t("models.#{name.underscore}", {:count => 1, :default => name.humanize})
28
+ I18n.t("models.#{name.underscore}", { :count => 1, :default => name.humanize })
29
29
  end
30
30
 
31
31
  def i18n_scope
32
32
  I18n.scope
33
33
  end
34
-
35
34
  end
36
35
 
37
36
  module InstanceMethods
@@ -1,25 +1,26 @@
1
1
  module Authlogic
2
2
  module Session # :nodoc:
3
- # This is the base class Authlogic, where all modules are included. For information on functiionality see the various
3
+ # This is the base class Authlogic, where all modules are included. For information on functionality see the various
4
4
  # sub modules.
5
5
  class Base
6
6
  include Foundation
7
7
  include Callbacks
8
-
8
+
9
9
  # Included first so that the session resets itself to nil
10
10
  include Timeout
11
-
11
+
12
12
  # Included in a specific order so they are tried in this order when persisting
13
13
  include Params
14
14
  include Cookies
15
15
  include Session
16
16
  include HttpAuth
17
-
17
+
18
18
  # Included in a specific order so magic states gets ran after a record is found
19
+ # TODO: What does "magic states gets ran" mean? Be specific.
19
20
  include Password
20
21
  include UnauthorizedRecord
21
22
  include MagicStates
22
-
23
+
23
24
  include Activation
24
25
  include ActiveRecordTrickery
25
26
  include BruteForceProtection
@@ -34,4 +35,4 @@ module Authlogic
34
35
  include PriorityRecord
35
36
  end
36
37
  end
37
- end
38
+ end
@@ -1,15 +1,21 @@
1
1
  module Authlogic
2
2
  module Session
3
- # A brute force attacks is executed by hammering a login with as many password combinations as possible, until one works. A brute force attacked is
4
- # generally combated with a slow hasing algorithm such as BCrypt. You can increase the cost, which makes the hash generation slower, and ultimately
5
- # increases the time it takes to execute a brute force attack. Just to put this into perspective, if a hacker was to gain access to your server
6
- # and execute a brute force attack locally, meaning there is no network lag, it would probably take decades to complete. Now throw in network lag
7
- # and it would take MUCH longer.
3
+ # A brute force attacks is executed by hammering a login with as many password
4
+ # combinations as possible, until one works. A brute force attacked is generally
5
+ # combated with a slow hashing algorithm such as BCrypt. You can increase the cost,
6
+ # which makes the hash generation slower, and ultimately increases the time it takes
7
+ # to execute a brute force attack. Just to put this into perspective, if a hacker was
8
+ # to gain access to your server and execute a brute force attack locally, meaning
9
+ # there is no network lag, it would probably take decades to complete. Now throw in
10
+ # network lag and it would take MUCH longer.
8
11
  #
9
- # But for those that are extra paranoid and can't get enough protection, why not stop them as soon as you realize something isn't right? That's
10
- # what this module is all about. By default the consecutive_failed_logins_limit configuration option is set to 50, if someone consecutively fails to login
11
- # after 50 attempts their account will be suspended. This is a very liberal number and at this point it should be obvious that something is not right.
12
- # If you wish to lower this number just set the configuration to a lower number:
12
+ # But for those that are extra paranoid and can't get enough protection, why not stop
13
+ # them as soon as you realize something isn't right? That's what this module is all
14
+ # about. By default the consecutive_failed_logins_limit configuration option is set to
15
+ # 50, if someone consecutively fails to login after 50 attempts their account will be
16
+ # suspended. This is a very liberal number and at this point it should be obvious that
17
+ # something is not right. If you wish to lower this number just set the configuration
18
+ # to a lower number:
13
19
  #
14
20
  # class UserSession < Authlogic::Session::Base
15
21
  # consecutive_failed_logins_limit 10
@@ -23,16 +29,22 @@ module Authlogic
23
29
  validate :validate_failed_logins, :if => :being_brute_force_protected?
24
30
  end
25
31
  end
26
-
32
+
27
33
  # Configuration for the brute force protection feature.
28
34
  module Config
29
- # To help protect from brute force attacks you can set a limit on the allowed number of consecutive failed logins. By default this is 50, this is a very liberal
30
- # number, and if someone fails to login after 50 tries it should be pretty obvious that it's a machine trying to login in and very likely a brute force attack.
35
+ # To help protect from brute force attacks you can set a limit on the
36
+ # allowed number of consecutive failed logins. By default this is 50,
37
+ # this is a very liberal number, and if someone fails to login after 50
38
+ # tries it should be pretty obvious that it's a machine trying to login
39
+ # in and very likely a brute force attack.
31
40
  #
32
- # In order to enable this field your model MUST have a failed_login_count (integer) field.
41
+ # In order to enable this field your model MUST have a
42
+ # failed_login_count (integer) field.
33
43
  #
34
- # If you don't know what a brute force attack is, it's when a machine tries to login into a system using every combination of character possible. Thus resulting
35
- # in possibly millions of attempts to log into an account.
44
+ # If you don't know what a brute force attack is, it's when a machine
45
+ # tries to login into a system using every combination of character
46
+ # possible. Thus resulting in possibly millions of attempts to log into
47
+ # an account.
36
48
  #
37
49
  # * <tt>Default:</tt> 50
38
50
  # * <tt>Accepts:</tt> Integer, set to 0 to disable
@@ -40,8 +52,9 @@ module Authlogic
40
52
  rw_config(:consecutive_failed_logins_limit, value, 50)
41
53
  end
42
54
  alias_method :consecutive_failed_logins_limit=, :consecutive_failed_logins_limit
43
-
44
- # Once the failed logins limit has been exceed, how long do you want to ban the user? This can be a temporary or permanent ban.
55
+
56
+ # Once the failed logins limit has been exceed, how long do you want to
57
+ # ban the user? This can be a temporary or permanent ban.
45
58
  #
46
59
  # * <tt>Default:</tt> 2.hours
47
60
  # * <tt>Accepts:</tt> Fixnum, set to 0 for permanent ban
@@ -50,47 +63,58 @@ module Authlogic
50
63
  end
51
64
  alias_method :failed_login_ban_for=, :failed_login_ban_for
52
65
  end
53
-
54
- # The methods available for an Authlogic::Session::Base object that make up the brute force protection feature.
66
+
67
+ # The methods available for an Authlogic::Session::Base object that make
68
+ # up the brute force protection feature.
55
69
  module InstanceMethods
56
- # Returns true when the consecutive_failed_logins_limit has been exceeded and is being temporarily banned.
57
- # Notice the word temporary, the user will not be permanently banned unless you choose to do so with configuration.
58
- # By default they will be banned for 2 hours. During that 2 hour period this method will return true.
70
+ # Returns true when the consecutive_failed_logins_limit has been
71
+ # exceeded and is being temporarily banned. Notice the word temporary,
72
+ # the user will not be permanently banned unless you choose to do so
73
+ # with configuration. By default they will be banned for 2 hours. During
74
+ # that 2 hour period this method will return true.
59
75
  def being_brute_force_protected?
60
76
  exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 ||
61
77
  (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago))
62
78
  end
63
-
79
+
64
80
  private
81
+
65
82
  def exceeded_failed_logins_limit?
66
83
  !attempted_record.nil? && attempted_record.respond_to?(:failed_login_count) && consecutive_failed_logins_limit > 0 &&
67
84
  attempted_record.failed_login_count && attempted_record.failed_login_count >= consecutive_failed_logins_limit
68
85
  end
69
-
86
+
70
87
  def reset_failed_login_count?
71
88
  exceeded_failed_logins_limit? && !being_brute_force_protected?
72
89
  end
73
-
90
+
74
91
  def reset_failed_login_count
75
92
  attempted_record.failed_login_count = 0
76
93
  end
77
-
94
+
78
95
  def validate_failed_logins
79
- errors.clear # Clear all other error messages, as they are irrelevant at this point and can only provide additional information that is not needed
80
- errors.add(:base, I18n.t(
81
- 'error_messages.consecutive_failed_logins_limit_exceeded',
82
- :default => "Consecutive failed logins limit exceeded, account has been" + (failed_login_ban_for == 0 ? "" : " temporarily") + " disabled."
83
- ))
96
+ # Clear all other error messages, as they are irrelevant at this point and can
97
+ # only provide additional information that is not needed
98
+ errors.clear
99
+ errors.add(
100
+ :base,
101
+ I18n.t(
102
+ 'error_messages.consecutive_failed_logins_limit_exceeded',
103
+ :default => "Consecutive failed logins limit exceeded, account has been" +
104
+ (failed_login_ban_for == 0 ? "" : " temporarily") +
105
+ " disabled."
106
+ )
107
+ )
84
108
  end
85
-
109
+
86
110
  def consecutive_failed_logins_limit
87
111
  self.class.consecutive_failed_logins_limit
88
112
  end
89
-
113
+
90
114
  def failed_login_ban_for
91
115
  self.class.failed_login_ban_for
92
116
  end
93
117
  end
94
118
  end
95
119
  end
96
- end
120
+ end
@@ -1,6 +1,6 @@
1
1
  module Authlogic
2
2
  module Session
3
- # Between these callsbacks and the configuration, this is the contract between me and you to safely
3
+ # Between these callbacks and the configuration, this is the contract between me and you to safely
4
4
  # modify Authlogic's behavior. I will do everything I can to make sure these do not change.
5
5
  #
6
6
  # Check out the sub modules of Authlogic::Session. They are very concise, clear, and to the point. More
@@ -15,7 +15,7 @@ module Authlogic
15
15
  # persist
16
16
  # after_persisting
17
17
  # [save record if record.changed?]
18
- #
18
+ #
19
19
  # before_validation
20
20
  # before_validation_on_create
21
21
  # before_validation_on_update
@@ -24,7 +24,7 @@ module Authlogic
24
24
  # after_validation_on_create
25
25
  # after_validation
26
26
  # [save record if record.changed?]
27
- #
27
+ #
28
28
  # before_save
29
29
  # before_create
30
30
  # before_update
@@ -32,7 +32,7 @@ module Authlogic
32
32
  # after_create
33
33
  # after_save
34
34
  # [save record if record.changed?]
35
- #
35
+ #
36
36
  # before_destroy
37
37
  # [save record if record.changed?]
38
38
  # destroy
@@ -60,15 +60,18 @@ module Authlogic
60
60
  "before_save", "before_create", "before_update", "after_update", "after_create", "after_save",
61
61
  "before_destroy", "after_destroy"
62
62
  ]
63
-
63
+
64
64
  def self.included(base) #:nodoc:
65
65
  base.send :include, ActiveSupport::Callbacks
66
- if ActiveSupport::VERSION::STRING >= '4.1'
67
- base.define_callbacks *METHODS + [{:terminator => ->(target, result){ result == false } }]
68
- base.define_callbacks *['persist', {:terminator => ->(target, result){ result == true } }]
66
+ if Gem::Version.new(ActiveSupport::VERSION::STRING) >= Gem::Version.new('5')
67
+ base.define_callbacks *METHODS + [{ :terminator => ->(target, result_lambda) { result_lambda.call == false } }]
68
+ base.define_callbacks *['persist', { :terminator => ->(target, result_lambda) { result_lambda.call == true } }]
69
+ elsif Gem::Version.new(ActiveSupport::VERSION::STRING) >= Gem::Version.new('4.1')
70
+ base.define_callbacks *METHODS + [{ :terminator => ->(target, result) { result == false } }]
71
+ base.define_callbacks *['persist', { :terminator => ->(target, result) { result == true } }]
69
72
  else
70
- base.define_callbacks *METHODS + [{:terminator => 'result == false'}]
71
- base.define_callbacks *['persist', {:terminator => 'result == true'}]
73
+ base.define_callbacks *METHODS + [{ :terminator => 'result == false' }]
74
+ base.define_callbacks *['persist', { :terminator => 'result == true' }]
72
75
  end
73
76
 
74
77
  # If Rails 3, support the new callback syntax
@@ -82,8 +85,9 @@ module Authlogic
82
85
  end
83
86
  end
84
87
  end
85
-
88
+
86
89
  private
90
+
87
91
  METHODS.each do |method|
88
92
  class_eval <<-"end_eval", __FILE__, __LINE__
89
93
  def #{method}
@@ -91,7 +95,7 @@ module Authlogic
91
95
  end
92
96
  end_eval
93
97
  end
94
-
98
+
95
99
  def save_record(alternate_record = nil)
96
100
  r = alternate_record || record
97
101
  r.save_without_session_maintenance(:validate => false) if r && r.changed? && !r.readonly?
@@ -1,6 +1,7 @@
1
1
  module Authlogic
2
2
  module Session
3
- # Handles all authentication that deals with cookies, such as persisting, saving, and destroying.
3
+ # Handles all authentication that deals with cookies, such as persisting,
4
+ # saving, and destroying.
4
5
  module Cookies
5
6
  def self.included(klass)
6
7
  klass.class_eval do
@@ -14,8 +15,10 @@ module Authlogic
14
15
 
15
16
  # Configuration for the cookie feature set.
16
17
  module Config
17
- # The name of the cookie or the key in the cookies hash. Be sure and use a unique name. If you have multiple sessions and they use the same cookie it will cause problems.
18
- # Also, if a id is set it will be inserted into the beginning of the string. Exmaple:
18
+ # The name of the cookie or the key in the cookies hash. Be sure and use
19
+ # a unique name. If you have multiple sessions and they use the same
20
+ # cookie it will cause problems. Also, if a id is set it will be
21
+ # inserted into the beginning of the string. Example:
19
22
  #
20
23
  # session = UserSession.new
21
24
  # session.cookie_key => "user_credentials"
@@ -48,7 +51,8 @@ module Authlogic
48
51
  end
49
52
  alias_method :remember_me_for=, :remember_me_for
50
53
 
51
- # Should the cookie be set as secure? If true, the cookie will only be sent over SSL connections
54
+ # Should the cookie be set as secure? If true, the cookie will only be sent over
55
+ # SSL connections
52
56
  #
53
57
  # * <tt>Default:</tt> false
54
58
  # * <tt>Accepts:</tt> Boolean
@@ -57,7 +61,8 @@ module Authlogic
57
61
  end
58
62
  alias_method :secure=, :secure
59
63
 
60
- # Should the cookie be set as httponly? If true, the cookie will not be accessable from javascript
64
+ # Should the cookie be set as httponly? If true, the cookie will not be
65
+ # accessible from javascript
61
66
  #
62
67
  # * <tt>Default:</tt> false
63
68
  # * <tt>Accepts:</tt> Boolean
@@ -66,7 +71,8 @@ module Authlogic
66
71
  end
67
72
  alias_method :httponly=, :httponly
68
73
 
69
- # Should the cookie be signed? If the controller adapter supports it, this is a measure against cookie tampering.
74
+ # Should the cookie be signed? If the controller adapter supports it, this is a
75
+ # measure against cookie tampering.
70
76
  def sign_cookie(value = nil)
71
77
  if value && !controller.cookies.respond_to?(:signed)
72
78
  raise "Signed cookies not supported with #{controller.class}!"
@@ -76,7 +82,8 @@ module Authlogic
76
82
  alias_method :sign_cookie=, :sign_cookie
77
83
  end
78
84
 
79
- # The methods available for an Authlogic::Session::Base object that make up the cookie feature set.
85
+ # The methods available for an Authlogic::Session::Base object that make up the
86
+ # cookie feature set.
80
87
  module InstanceMethods
81
88
  # Allows you to set the remember_me option when passing credentials.
82
89
  def credentials=(value)
@@ -97,7 +104,9 @@ module Authlogic
97
104
  @remember_me = self.class.remember_me
98
105
  end
99
106
 
100
- # Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for "remember_me_until".
107
+ # Accepts a boolean as a flag to remember the session or not. Basically
108
+ # to expire the cookie at the end of the session or keep it for
109
+ # "remember_me_until".
101
110
  def remember_me=(value)
102
111
  @remember_me = value
103
112
  end
@@ -107,13 +116,15 @@ module Authlogic
107
116
  remember_me == true || remember_me == "true" || remember_me == "1"
108
117
  end
109
118
 
110
- # How long to remember the user if remember_me is true. This is based on the class level configuration: remember_me_for
119
+ # How long to remember the user if remember_me is true. This is based on the class
120
+ # level configuration: remember_me_for
111
121
  def remember_me_for
112
122
  return unless remember_me?
113
123
  self.class.remember_me_for
114
124
  end
115
125
 
116
- # When to expire the cookie. See remember_me_for configuration option to change this.
126
+ # When to expire the cookie. See remember_me_for configuration option to change
127
+ # this.
117
128
  def remember_me_until
118
129
  return unless remember_me?
119
130
  remember_me_for.from_now
@@ -131,7 +142,8 @@ module Authlogic
131
142
  @secure = self.class.secure
132
143
  end
133
144
 
134
- # Accepts a boolean as to whether the cookie should be marked as secure. If true the cookie will only ever be sent over an SSL connection.
145
+ # Accepts a boolean as to whether the cookie should be marked as secure. If true
146
+ # the cookie will only ever be sent over an SSL connection.
135
147
  def secure=(value)
136
148
  @secure = value
137
149
  end
@@ -141,13 +153,14 @@ module Authlogic
141
153
  secure == true || secure == "true" || secure == "1"
142
154
  end
143
155
 
144
- # If the cookie should be marked as httponly (not accessable via javascript)
156
+ # If the cookie should be marked as httponly (not accessible via javascript)
145
157
  def httponly
146
158
  return @httponly if defined?(@httponly)
147
159
  @httponly = self.class.httponly
148
160
  end
149
161
 
150
- # Accepts a boolean as to whether the cookie should be marked as httponly. If true, the cookie will not be accessable from javascript
162
+ # Accepts a boolean as to whether the cookie should be marked as
163
+ # httponly. If true, the cookie will not be accessible from javascript
151
164
  def httponly=(value)
152
165
  @httponly = value
153
166
  end
@@ -163,7 +176,8 @@ module Authlogic
163
176
  @sign_cookie = self.class.sign_cookie
164
177
  end
165
178
 
166
- # Accepts a boolean as to whether the cookie should be signed. If true the cookie will be saved and verified using a signature.
179
+ # Accepts a boolean as to whether the cookie should be signed. If true
180
+ # the cookie will be saved and verified using a signature.
167
181
  def sign_cookie=(value)
168
182
  @sign_cookie = value
169
183
  end
@@ -174,6 +188,7 @@ module Authlogic
174
188
  end
175
189
 
176
190
  private
191
+
177
192
  def cookie_key
178
193
  build_key(self.class.cookie_key)
179
194
  end