authlogic 3.4.6 → 3.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (115) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +2 -0
  3. data/.rubocop.yml +33 -0
  4. data/.rubocop_todo.yml +427 -0
  5. data/.travis.yml +24 -3
  6. data/CHANGELOG.md +9 -2
  7. data/CONTRIBUTING.md +40 -1
  8. data/Gemfile +1 -1
  9. data/README.md +295 -0
  10. data/Rakefile +10 -2
  11. data/authlogic.gemspec +6 -5
  12. data/lib/authlogic.rb +2 -2
  13. data/lib/authlogic/acts_as_authentic/base.rb +2 -2
  14. data/lib/authlogic/acts_as_authentic/email.rb +59 -14
  15. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +4 -3
  16. data/lib/authlogic/acts_as_authentic/login.rb +62 -12
  17. data/lib/authlogic/acts_as_authentic/magic_columns.rb +17 -6
  18. data/lib/authlogic/acts_as_authentic/password.rb +107 -53
  19. data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -9
  20. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +2 -0
  21. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +48 -35
  22. data/lib/authlogic/acts_as_authentic/single_access_token.rb +19 -15
  23. data/lib/authlogic/acts_as_authentic/validations_scope.rb +2 -2
  24. data/lib/authlogic/authenticates_many/association.rb +6 -5
  25. data/lib/authlogic/authenticates_many/base.rb +22 -12
  26. data/lib/authlogic/config.rb +2 -1
  27. data/lib/authlogic/controller_adapters/abstract_adapter.rb +2 -1
  28. data/lib/authlogic/controller_adapters/rack_adapter.rb +3 -4
  29. data/lib/authlogic/controller_adapters/rails_adapter.rb +26 -14
  30. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +1 -1
  31. data/lib/authlogic/crypto_providers/aes256.rb +16 -12
  32. data/lib/authlogic/crypto_providers/bcrypt.rb +10 -4
  33. data/lib/authlogic/crypto_providers/md5.rb +7 -7
  34. data/lib/authlogic/crypto_providers/scrypt.rb +10 -2
  35. data/lib/authlogic/crypto_providers/sha1.rb +3 -3
  36. data/lib/authlogic/crypto_providers/sha256.rb +3 -3
  37. data/lib/authlogic/crypto_providers/sha512.rb +4 -4
  38. data/lib/authlogic/crypto_providers/wordpress.rb +13 -13
  39. data/lib/authlogic/i18n.rb +22 -16
  40. data/lib/authlogic/i18n/translator.rb +1 -1
  41. data/lib/authlogic/random.rb +13 -12
  42. data/lib/authlogic/regex.rb +3 -3
  43. data/lib/authlogic/session/activation.rb +7 -6
  44. data/lib/authlogic/session/active_record_trickery.rb +1 -2
  45. data/lib/authlogic/session/base.rb +7 -6
  46. data/lib/authlogic/session/brute_force_protection.rb +58 -34
  47. data/lib/authlogic/session/callbacks.rb +16 -12
  48. data/lib/authlogic/session/cookies.rb +29 -14
  49. data/lib/authlogic/session/existence.rb +10 -10
  50. data/lib/authlogic/session/foundation.rb +11 -7
  51. data/lib/authlogic/session/http_auth.rb +6 -5
  52. data/lib/authlogic/session/id.rb +5 -4
  53. data/lib/authlogic/session/klass.rb +2 -1
  54. data/lib/authlogic/session/magic_columns.rb +21 -14
  55. data/lib/authlogic/session/magic_states.rb +25 -14
  56. data/lib/authlogic/session/params.rb +41 -26
  57. data/lib/authlogic/session/password.rb +62 -40
  58. data/lib/authlogic/session/perishable_token.rb +3 -2
  59. data/lib/authlogic/session/persistence.rb +3 -3
  60. data/lib/authlogic/session/priority_record.rb +5 -4
  61. data/lib/authlogic/session/scopes.rb +20 -9
  62. data/lib/authlogic/session/session.rb +9 -4
  63. data/lib/authlogic/session/timeout.rb +40 -23
  64. data/lib/authlogic/session/unauthorized_record.rb +6 -5
  65. data/lib/authlogic/session/validation.rb +18 -9
  66. data/lib/authlogic/test_case.rb +2 -2
  67. data/lib/authlogic/test_case/mock_controller.rb +9 -9
  68. data/lib/authlogic/test_case/mock_cookie_jar.rb +2 -2
  69. data/lib/authlogic/test_case/mock_logger.rb +1 -1
  70. data/lib/authlogic/test_case/mock_request.rb +2 -1
  71. data/lib/authlogic/test_case/rails_request_adapter.rb +5 -5
  72. data/test/acts_as_authentic_test/email_test.rb +29 -17
  73. data/test/acts_as_authentic_test/logged_in_status_test.rb +9 -3
  74. data/test/acts_as_authentic_test/login_test.rb +47 -13
  75. data/test/acts_as_authentic_test/magic_columns_test.rb +4 -4
  76. data/test/acts_as_authentic_test/password_test.rb +31 -21
  77. data/test/acts_as_authentic_test/perishable_token_test.rb +15 -15
  78. data/test/acts_as_authentic_test/session_maintenance_test.rb +20 -13
  79. data/test/acts_as_authentic_test/single_access_test.rb +8 -8
  80. data/test/authenticates_many_test.rb +4 -4
  81. data/test/crypto_provider_test/aes256_test.rb +2 -2
  82. data/test/crypto_provider_test/scrypt_test.rb +1 -1
  83. data/test/crypto_provider_test/sha1_test.rb +3 -3
  84. data/test/crypto_provider_test/sha256_test.rb +1 -1
  85. data/test/crypto_provider_test/sha512_test.rb +2 -2
  86. data/test/gemfiles/Gemfile.rails-3.2.x +2 -2
  87. data/test/gemfiles/Gemfile.rails-5.0.x +6 -0
  88. data/test/i18n_test.rb +5 -5
  89. data/test/libs/affiliate.rb +2 -2
  90. data/test/libs/company.rb +1 -1
  91. data/test/libs/employee.rb +2 -2
  92. data/test/libs/employee_session.rb +1 -1
  93. data/test/libs/ldaper.rb +1 -1
  94. data/test/libs/project.rb +1 -1
  95. data/test/random_test.rb +5 -4
  96. data/test/session_test/activation_test.rb +5 -5
  97. data/test/session_test/active_record_trickery_test.rb +7 -5
  98. data/test/session_test/cookies_test.rb +8 -6
  99. data/test/session_test/existence_test.rb +19 -13
  100. data/test/session_test/http_auth_test.rb +0 -3
  101. data/test/session_test/id_test.rb +2 -2
  102. data/test/session_test/klass_test.rb +1 -1
  103. data/test/session_test/magic_columns_test.rb +0 -3
  104. data/test/session_test/magic_states_test.rb +11 -11
  105. data/test/session_test/params_test.rb +10 -10
  106. data/test/session_test/password_test.rb +4 -5
  107. data/test/session_test/perishability_test.rb +3 -3
  108. data/test/session_test/scopes_test.rb +8 -8
  109. data/test/session_test/session_test.rb +5 -4
  110. data/test/session_test/timeout_test.rb +8 -8
  111. data/test/session_test/unauthorized_record_test.rb +2 -2
  112. data/test/session_test/validation_test.rb +3 -3
  113. data/test/test_helper.rb +9 -5
  114. metadata +54 -24
  115. data/README.rdoc +0 -232
@@ -1,7 +1,7 @@
1
1
  module Authlogic
2
2
  module I18n
3
3
  class Translator
4
- # If the I18n gem is present, calls +I18n.translate+ passing all
4
+ # If the I18n gem is present, calls +I18n.translate+ passing all
5
5
  # arguments, else returns +options[:default]+.
6
6
  def translate(key, options = {})
7
7
  if defined?(::I18n)
@@ -1,33 +1,34 @@
1
1
  module Authlogic
2
- # Handles generating random strings. If SecureRandom is installed it will default to this and use it instead. SecureRandom comes with ActiveSupport.
3
- # So if you are using this in a rails app you should have this library.
2
+ # Handles generating random strings. If SecureRandom is installed it will default to
3
+ # this and use it instead. SecureRandom comes with ActiveSupport. So if you are using
4
+ # this in a rails app you should have this library.
4
5
  module Random
5
6
  extend self
6
-
7
- SecureRandom = (defined?(::SecureRandom) && ::SecureRandom) || (defined?(::ActiveSupport::SecureRandom) && ::ActiveSupport::SecureRandom)
8
-
7
+
8
+ SecureRandom = (defined?(::SecureRandom) && ::SecureRandom) ||
9
+ (defined?(::ActiveSupport::SecureRandom) && ::ActiveSupport::SecureRandom)
10
+
9
11
  if SecureRandom
10
12
  def hex_token
11
13
  SecureRandom.hex(64)
12
14
  end
13
-
15
+
14
16
  def friendly_token
15
17
  # use base64url as defined by RFC4648
16
18
  SecureRandom.base64(15).tr('+/=', '').strip.delete("\n")
17
19
  end
18
20
  else
19
21
  def hex_token
20
- Authlogic::CryptoProviders::Sha512.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
22
+ Authlogic::CryptoProviders::Sha512.encrypt(Time.now.to_s + (1..10).collect { rand.to_s }.join)
21
23
  end
22
-
24
+
23
25
  FRIENDLY_CHARS = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
24
-
26
+
25
27
  def friendly_token
26
28
  newpass = ""
27
- 1.upto(20) { |i| newpass << FRIENDLY_CHARS[rand(FRIENDLY_CHARS.size-1)] }
29
+ 1.upto(20) { |i| newpass << FRIENDLY_CHARS[rand(FRIENDLY_CHARS.size - 1)] }
28
30
  newpass
29
31
  end
30
32
  end
31
-
32
33
  end
33
- end
34
+ end
@@ -1,4 +1,4 @@
1
- #encoding: utf-8
1
+ # encoding: utf-8
2
2
  module Authlogic
3
3
  # This is a module the contains regular expressions used throughout Authlogic. The point of extracting
4
4
  # them out into their own module is to make them easily available to you for other uses. Ex:
@@ -38,10 +38,10 @@ module Authlogic
38
38
  end
39
39
  end
40
40
 
41
- # A simple regular expression that only allows for letters, numbers, spaces, and .-_@. Just a standard login / username
41
+ # A simple regular expression that only allows for letters, numbers, spaces, and .-_@+. Just a standard login / username
42
42
  # regular expression.
43
43
  def self.login
44
- /\A\w[\w\.+\-_@ ]+\z/
44
+ /\A[a-zA-Z0-9_][a-zA-Z0-9\.+\-_@ ]+\z/
45
45
  end
46
46
  end
47
47
  end
@@ -11,14 +11,14 @@ module Authlogic
11
11
  super("You must activate the Authlogic::Session::Base.controller with a controller object before creating objects")
12
12
  end
13
13
  end
14
-
14
+
15
15
  def self.included(klass)
16
16
  klass.class_eval do
17
17
  extend ClassMethods
18
18
  include InstanceMethods
19
19
  end
20
20
  end
21
-
21
+
22
22
  module ClassMethods
23
23
  # Returns true if a controller has been set and can be used properly. This MUST be set before anything can be done.
24
24
  # Similar to how ActiveRecord won't allow you to do anything without establishing a DB connection. In your framework
@@ -27,7 +27,7 @@ module Authlogic
27
27
  def activated?
28
28
  !controller.nil?
29
29
  end
30
-
30
+
31
31
  # This accepts a controller object wrapped with the Authlogic controller adapter. The controller adapters close the gap
32
32
  # between the different controllers in each framework. That being said, Authlogic is expecting your object's class to
33
33
  # extend Authlogic::ControllerAdapters::AbstractAdapter. See Authlogic::ControllerAdapters for more info.
@@ -36,21 +36,22 @@ module Authlogic
36
36
  def controller=(value)
37
37
  RequestStore.store[:authlogic_controller] = value
38
38
  end
39
-
39
+
40
40
  # The current controller object
41
41
  def controller
42
42
  RequestStore.store[:authlogic_controller]
43
43
  end
44
44
  end
45
-
45
+
46
46
  module InstanceMethods
47
47
  # Making sure we are activated before we start creating objects
48
48
  def initialize(*args)
49
49
  raise NotActivatedError.new(self) unless self.class.activated?
50
50
  super
51
51
  end
52
-
52
+
53
53
  private
54
+
54
55
  def controller
55
56
  self.class.controller
56
57
  end
@@ -25,13 +25,12 @@ module Authlogic
25
25
  #
26
26
  # authlogic.models.user_session
27
27
  def human_name(*args)
28
- I18n.t("models.#{name.underscore}", {:count => 1, :default => name.humanize})
28
+ I18n.t("models.#{name.underscore}", { :count => 1, :default => name.humanize })
29
29
  end
30
30
 
31
31
  def i18n_scope
32
32
  I18n.scope
33
33
  end
34
-
35
34
  end
36
35
 
37
36
  module InstanceMethods
@@ -1,25 +1,26 @@
1
1
  module Authlogic
2
2
  module Session # :nodoc:
3
- # This is the base class Authlogic, where all modules are included. For information on functiionality see the various
3
+ # This is the base class Authlogic, where all modules are included. For information on functionality see the various
4
4
  # sub modules.
5
5
  class Base
6
6
  include Foundation
7
7
  include Callbacks
8
-
8
+
9
9
  # Included first so that the session resets itself to nil
10
10
  include Timeout
11
-
11
+
12
12
  # Included in a specific order so they are tried in this order when persisting
13
13
  include Params
14
14
  include Cookies
15
15
  include Session
16
16
  include HttpAuth
17
-
17
+
18
18
  # Included in a specific order so magic states gets ran after a record is found
19
+ # TODO: What does "magic states gets ran" mean? Be specific.
19
20
  include Password
20
21
  include UnauthorizedRecord
21
22
  include MagicStates
22
-
23
+
23
24
  include Activation
24
25
  include ActiveRecordTrickery
25
26
  include BruteForceProtection
@@ -34,4 +35,4 @@ module Authlogic
34
35
  include PriorityRecord
35
36
  end
36
37
  end
37
- end
38
+ end
@@ -1,15 +1,21 @@
1
1
  module Authlogic
2
2
  module Session
3
- # A brute force attacks is executed by hammering a login with as many password combinations as possible, until one works. A brute force attacked is
4
- # generally combated with a slow hasing algorithm such as BCrypt. You can increase the cost, which makes the hash generation slower, and ultimately
5
- # increases the time it takes to execute a brute force attack. Just to put this into perspective, if a hacker was to gain access to your server
6
- # and execute a brute force attack locally, meaning there is no network lag, it would probably take decades to complete. Now throw in network lag
7
- # and it would take MUCH longer.
3
+ # A brute force attacks is executed by hammering a login with as many password
4
+ # combinations as possible, until one works. A brute force attacked is generally
5
+ # combated with a slow hashing algorithm such as BCrypt. You can increase the cost,
6
+ # which makes the hash generation slower, and ultimately increases the time it takes
7
+ # to execute a brute force attack. Just to put this into perspective, if a hacker was
8
+ # to gain access to your server and execute a brute force attack locally, meaning
9
+ # there is no network lag, it would probably take decades to complete. Now throw in
10
+ # network lag and it would take MUCH longer.
8
11
  #
9
- # But for those that are extra paranoid and can't get enough protection, why not stop them as soon as you realize something isn't right? That's
10
- # what this module is all about. By default the consecutive_failed_logins_limit configuration option is set to 50, if someone consecutively fails to login
11
- # after 50 attempts their account will be suspended. This is a very liberal number and at this point it should be obvious that something is not right.
12
- # If you wish to lower this number just set the configuration to a lower number:
12
+ # But for those that are extra paranoid and can't get enough protection, why not stop
13
+ # them as soon as you realize something isn't right? That's what this module is all
14
+ # about. By default the consecutive_failed_logins_limit configuration option is set to
15
+ # 50, if someone consecutively fails to login after 50 attempts their account will be
16
+ # suspended. This is a very liberal number and at this point it should be obvious that
17
+ # something is not right. If you wish to lower this number just set the configuration
18
+ # to a lower number:
13
19
  #
14
20
  # class UserSession < Authlogic::Session::Base
15
21
  # consecutive_failed_logins_limit 10
@@ -23,16 +29,22 @@ module Authlogic
23
29
  validate :validate_failed_logins, :if => :being_brute_force_protected?
24
30
  end
25
31
  end
26
-
32
+
27
33
  # Configuration for the brute force protection feature.
28
34
  module Config
29
- # To help protect from brute force attacks you can set a limit on the allowed number of consecutive failed logins. By default this is 50, this is a very liberal
30
- # number, and if someone fails to login after 50 tries it should be pretty obvious that it's a machine trying to login in and very likely a brute force attack.
35
+ # To help protect from brute force attacks you can set a limit on the
36
+ # allowed number of consecutive failed logins. By default this is 50,
37
+ # this is a very liberal number, and if someone fails to login after 50
38
+ # tries it should be pretty obvious that it's a machine trying to login
39
+ # in and very likely a brute force attack.
31
40
  #
32
- # In order to enable this field your model MUST have a failed_login_count (integer) field.
41
+ # In order to enable this field your model MUST have a
42
+ # failed_login_count (integer) field.
33
43
  #
34
- # If you don't know what a brute force attack is, it's when a machine tries to login into a system using every combination of character possible. Thus resulting
35
- # in possibly millions of attempts to log into an account.
44
+ # If you don't know what a brute force attack is, it's when a machine
45
+ # tries to login into a system using every combination of character
46
+ # possible. Thus resulting in possibly millions of attempts to log into
47
+ # an account.
36
48
  #
37
49
  # * <tt>Default:</tt> 50
38
50
  # * <tt>Accepts:</tt> Integer, set to 0 to disable
@@ -40,8 +52,9 @@ module Authlogic
40
52
  rw_config(:consecutive_failed_logins_limit, value, 50)
41
53
  end
42
54
  alias_method :consecutive_failed_logins_limit=, :consecutive_failed_logins_limit
43
-
44
- # Once the failed logins limit has been exceed, how long do you want to ban the user? This can be a temporary or permanent ban.
55
+
56
+ # Once the failed logins limit has been exceed, how long do you want to
57
+ # ban the user? This can be a temporary or permanent ban.
45
58
  #
46
59
  # * <tt>Default:</tt> 2.hours
47
60
  # * <tt>Accepts:</tt> Fixnum, set to 0 for permanent ban
@@ -50,47 +63,58 @@ module Authlogic
50
63
  end
51
64
  alias_method :failed_login_ban_for=, :failed_login_ban_for
52
65
  end
53
-
54
- # The methods available for an Authlogic::Session::Base object that make up the brute force protection feature.
66
+
67
+ # The methods available for an Authlogic::Session::Base object that make
68
+ # up the brute force protection feature.
55
69
  module InstanceMethods
56
- # Returns true when the consecutive_failed_logins_limit has been exceeded and is being temporarily banned.
57
- # Notice the word temporary, the user will not be permanently banned unless you choose to do so with configuration.
58
- # By default they will be banned for 2 hours. During that 2 hour period this method will return true.
70
+ # Returns true when the consecutive_failed_logins_limit has been
71
+ # exceeded and is being temporarily banned. Notice the word temporary,
72
+ # the user will not be permanently banned unless you choose to do so
73
+ # with configuration. By default they will be banned for 2 hours. During
74
+ # that 2 hour period this method will return true.
59
75
  def being_brute_force_protected?
60
76
  exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 ||
61
77
  (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago))
62
78
  end
63
-
79
+
64
80
  private
81
+
65
82
  def exceeded_failed_logins_limit?
66
83
  !attempted_record.nil? && attempted_record.respond_to?(:failed_login_count) && consecutive_failed_logins_limit > 0 &&
67
84
  attempted_record.failed_login_count && attempted_record.failed_login_count >= consecutive_failed_logins_limit
68
85
  end
69
-
86
+
70
87
  def reset_failed_login_count?
71
88
  exceeded_failed_logins_limit? && !being_brute_force_protected?
72
89
  end
73
-
90
+
74
91
  def reset_failed_login_count
75
92
  attempted_record.failed_login_count = 0
76
93
  end
77
-
94
+
78
95
  def validate_failed_logins
79
- errors.clear # Clear all other error messages, as they are irrelevant at this point and can only provide additional information that is not needed
80
- errors.add(:base, I18n.t(
81
- 'error_messages.consecutive_failed_logins_limit_exceeded',
82
- :default => "Consecutive failed logins limit exceeded, account has been" + (failed_login_ban_for == 0 ? "" : " temporarily") + " disabled."
83
- ))
96
+ # Clear all other error messages, as they are irrelevant at this point and can
97
+ # only provide additional information that is not needed
98
+ errors.clear
99
+ errors.add(
100
+ :base,
101
+ I18n.t(
102
+ 'error_messages.consecutive_failed_logins_limit_exceeded',
103
+ :default => "Consecutive failed logins limit exceeded, account has been" +
104
+ (failed_login_ban_for == 0 ? "" : " temporarily") +
105
+ " disabled."
106
+ )
107
+ )
84
108
  end
85
-
109
+
86
110
  def consecutive_failed_logins_limit
87
111
  self.class.consecutive_failed_logins_limit
88
112
  end
89
-
113
+
90
114
  def failed_login_ban_for
91
115
  self.class.failed_login_ban_for
92
116
  end
93
117
  end
94
118
  end
95
119
  end
96
- end
120
+ end
@@ -1,6 +1,6 @@
1
1
  module Authlogic
2
2
  module Session
3
- # Between these callsbacks and the configuration, this is the contract between me and you to safely
3
+ # Between these callbacks and the configuration, this is the contract between me and you to safely
4
4
  # modify Authlogic's behavior. I will do everything I can to make sure these do not change.
5
5
  #
6
6
  # Check out the sub modules of Authlogic::Session. They are very concise, clear, and to the point. More
@@ -15,7 +15,7 @@ module Authlogic
15
15
  # persist
16
16
  # after_persisting
17
17
  # [save record if record.changed?]
18
- #
18
+ #
19
19
  # before_validation
20
20
  # before_validation_on_create
21
21
  # before_validation_on_update
@@ -24,7 +24,7 @@ module Authlogic
24
24
  # after_validation_on_create
25
25
  # after_validation
26
26
  # [save record if record.changed?]
27
- #
27
+ #
28
28
  # before_save
29
29
  # before_create
30
30
  # before_update
@@ -32,7 +32,7 @@ module Authlogic
32
32
  # after_create
33
33
  # after_save
34
34
  # [save record if record.changed?]
35
- #
35
+ #
36
36
  # before_destroy
37
37
  # [save record if record.changed?]
38
38
  # destroy
@@ -60,15 +60,18 @@ module Authlogic
60
60
  "before_save", "before_create", "before_update", "after_update", "after_create", "after_save",
61
61
  "before_destroy", "after_destroy"
62
62
  ]
63
-
63
+
64
64
  def self.included(base) #:nodoc:
65
65
  base.send :include, ActiveSupport::Callbacks
66
- if ActiveSupport::VERSION::STRING >= '4.1'
67
- base.define_callbacks *METHODS + [{:terminator => ->(target, result){ result == false } }]
68
- base.define_callbacks *['persist', {:terminator => ->(target, result){ result == true } }]
66
+ if Gem::Version.new(ActiveSupport::VERSION::STRING) >= Gem::Version.new('5')
67
+ base.define_callbacks *METHODS + [{ :terminator => ->(target, result_lambda) { result_lambda.call == false } }]
68
+ base.define_callbacks *['persist', { :terminator => ->(target, result_lambda) { result_lambda.call == true } }]
69
+ elsif Gem::Version.new(ActiveSupport::VERSION::STRING) >= Gem::Version.new('4.1')
70
+ base.define_callbacks *METHODS + [{ :terminator => ->(target, result) { result == false } }]
71
+ base.define_callbacks *['persist', { :terminator => ->(target, result) { result == true } }]
69
72
  else
70
- base.define_callbacks *METHODS + [{:terminator => 'result == false'}]
71
- base.define_callbacks *['persist', {:terminator => 'result == true'}]
73
+ base.define_callbacks *METHODS + [{ :terminator => 'result == false' }]
74
+ base.define_callbacks *['persist', { :terminator => 'result == true' }]
72
75
  end
73
76
 
74
77
  # If Rails 3, support the new callback syntax
@@ -82,8 +85,9 @@ module Authlogic
82
85
  end
83
86
  end
84
87
  end
85
-
88
+
86
89
  private
90
+
87
91
  METHODS.each do |method|
88
92
  class_eval <<-"end_eval", __FILE__, __LINE__
89
93
  def #{method}
@@ -91,7 +95,7 @@ module Authlogic
91
95
  end
92
96
  end_eval
93
97
  end
94
-
98
+
95
99
  def save_record(alternate_record = nil)
96
100
  r = alternate_record || record
97
101
  r.save_without_session_maintenance(:validate => false) if r && r.changed? && !r.readonly?
@@ -1,6 +1,7 @@
1
1
  module Authlogic
2
2
  module Session
3
- # Handles all authentication that deals with cookies, such as persisting, saving, and destroying.
3
+ # Handles all authentication that deals with cookies, such as persisting,
4
+ # saving, and destroying.
4
5
  module Cookies
5
6
  def self.included(klass)
6
7
  klass.class_eval do
@@ -14,8 +15,10 @@ module Authlogic
14
15
 
15
16
  # Configuration for the cookie feature set.
16
17
  module Config
17
- # The name of the cookie or the key in the cookies hash. Be sure and use a unique name. If you have multiple sessions and they use the same cookie it will cause problems.
18
- # Also, if a id is set it will be inserted into the beginning of the string. Exmaple:
18
+ # The name of the cookie or the key in the cookies hash. Be sure and use
19
+ # a unique name. If you have multiple sessions and they use the same
20
+ # cookie it will cause problems. Also, if a id is set it will be
21
+ # inserted into the beginning of the string. Example:
19
22
  #
20
23
  # session = UserSession.new
21
24
  # session.cookie_key => "user_credentials"
@@ -48,7 +51,8 @@ module Authlogic
48
51
  end
49
52
  alias_method :remember_me_for=, :remember_me_for
50
53
 
51
- # Should the cookie be set as secure? If true, the cookie will only be sent over SSL connections
54
+ # Should the cookie be set as secure? If true, the cookie will only be sent over
55
+ # SSL connections
52
56
  #
53
57
  # * <tt>Default:</tt> false
54
58
  # * <tt>Accepts:</tt> Boolean
@@ -57,7 +61,8 @@ module Authlogic
57
61
  end
58
62
  alias_method :secure=, :secure
59
63
 
60
- # Should the cookie be set as httponly? If true, the cookie will not be accessable from javascript
64
+ # Should the cookie be set as httponly? If true, the cookie will not be
65
+ # accessible from javascript
61
66
  #
62
67
  # * <tt>Default:</tt> false
63
68
  # * <tt>Accepts:</tt> Boolean
@@ -66,7 +71,8 @@ module Authlogic
66
71
  end
67
72
  alias_method :httponly=, :httponly
68
73
 
69
- # Should the cookie be signed? If the controller adapter supports it, this is a measure against cookie tampering.
74
+ # Should the cookie be signed? If the controller adapter supports it, this is a
75
+ # measure against cookie tampering.
70
76
  def sign_cookie(value = nil)
71
77
  if value && !controller.cookies.respond_to?(:signed)
72
78
  raise "Signed cookies not supported with #{controller.class}!"
@@ -76,7 +82,8 @@ module Authlogic
76
82
  alias_method :sign_cookie=, :sign_cookie
77
83
  end
78
84
 
79
- # The methods available for an Authlogic::Session::Base object that make up the cookie feature set.
85
+ # The methods available for an Authlogic::Session::Base object that make up the
86
+ # cookie feature set.
80
87
  module InstanceMethods
81
88
  # Allows you to set the remember_me option when passing credentials.
82
89
  def credentials=(value)
@@ -97,7 +104,9 @@ module Authlogic
97
104
  @remember_me = self.class.remember_me
98
105
  end
99
106
 
100
- # Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for "remember_me_until".
107
+ # Accepts a boolean as a flag to remember the session or not. Basically
108
+ # to expire the cookie at the end of the session or keep it for
109
+ # "remember_me_until".
101
110
  def remember_me=(value)
102
111
  @remember_me = value
103
112
  end
@@ -107,13 +116,15 @@ module Authlogic
107
116
  remember_me == true || remember_me == "true" || remember_me == "1"
108
117
  end
109
118
 
110
- # How long to remember the user if remember_me is true. This is based on the class level configuration: remember_me_for
119
+ # How long to remember the user if remember_me is true. This is based on the class
120
+ # level configuration: remember_me_for
111
121
  def remember_me_for
112
122
  return unless remember_me?
113
123
  self.class.remember_me_for
114
124
  end
115
125
 
116
- # When to expire the cookie. See remember_me_for configuration option to change this.
126
+ # When to expire the cookie. See remember_me_for configuration option to change
127
+ # this.
117
128
  def remember_me_until
118
129
  return unless remember_me?
119
130
  remember_me_for.from_now
@@ -131,7 +142,8 @@ module Authlogic
131
142
  @secure = self.class.secure
132
143
  end
133
144
 
134
- # Accepts a boolean as to whether the cookie should be marked as secure. If true the cookie will only ever be sent over an SSL connection.
145
+ # Accepts a boolean as to whether the cookie should be marked as secure. If true
146
+ # the cookie will only ever be sent over an SSL connection.
135
147
  def secure=(value)
136
148
  @secure = value
137
149
  end
@@ -141,13 +153,14 @@ module Authlogic
141
153
  secure == true || secure == "true" || secure == "1"
142
154
  end
143
155
 
144
- # If the cookie should be marked as httponly (not accessable via javascript)
156
+ # If the cookie should be marked as httponly (not accessible via javascript)
145
157
  def httponly
146
158
  return @httponly if defined?(@httponly)
147
159
  @httponly = self.class.httponly
148
160
  end
149
161
 
150
- # Accepts a boolean as to whether the cookie should be marked as httponly. If true, the cookie will not be accessable from javascript
162
+ # Accepts a boolean as to whether the cookie should be marked as
163
+ # httponly. If true, the cookie will not be accessible from javascript
151
164
  def httponly=(value)
152
165
  @httponly = value
153
166
  end
@@ -163,7 +176,8 @@ module Authlogic
163
176
  @sign_cookie = self.class.sign_cookie
164
177
  end
165
178
 
166
- # Accepts a boolean as to whether the cookie should be signed. If true the cookie will be saved and verified using a signature.
179
+ # Accepts a boolean as to whether the cookie should be signed. If true
180
+ # the cookie will be saved and verified using a signature.
167
181
  def sign_cookie=(value)
168
182
  @sign_cookie = value
169
183
  end
@@ -174,6 +188,7 @@ module Authlogic
174
188
  end
175
189
 
176
190
  private
191
+
177
192
  def cookie_key
178
193
  build_key(self.class.cookie_key)
179
194
  end