authlogic 3.4.6 → 3.5.0

data/lib/authlogic/session/existence.rb

@@ -7,7 +7,7 @@ module Authlogic
           super("Your session is invalid and has the following errors: #{session.errors.full_messages.to_sentence}")
         end
       end
-      
+
       def self.included(klass)
         klass.class_eval do
           extend ClassMethods
@@ -15,9 +15,9 @@ module Authlogic
           attr_accessor :new_session, :record
         end
       end
-      
+
       module ClassMethods
-        # A convenince method. The same as:
+        # A convenience method. The same as:
         #
         #   session = UserSession.new(*args)
         #   session.save
@@ -30,7 +30,7 @@ module Authlogic
           session.save(&block)
           session
         end
-        
+
         # Same as create but calls create!, which raises an exception when validation fails.
         def create!(*args)
           session = new(*args)
@@ -38,9 +38,9 @@ module Authlogic
           session
         end
       end
-      
+
       module InstanceMethods
-        # Clears all errors and the associated record, you should call this terminate a session, thus requring
+        # Clears all errors and the associated record, you should call this terminate a session, thus requiring
         # the user to authenticate again if it is needed.
         def destroy
           before_destroy
@@ -50,16 +50,16 @@ module Authlogic
           after_destroy
           true
         end
-        
+
         # Returns true if the session is new, meaning no action has been taken on it and a successful save
         # has not taken place.
         def new_session?
           new_session != false
         end
-        
+
         # After you have specified all of the details for your session you can try to save it. This will
         # run validation checks and find the associated record, if all validation passes. If validation
-        # does not pass, the save will fail and the erorrs will be stored in the errors object.
+        # does not pass, the save will fail and the errors will be stored in the errors object.
         def save(&block)
           result = nil
           if valid?
@@ -90,4 +90,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/session/foundation.rb

@@ -1,8 +1,8 @@
 module Authlogic
   module Session
-    # Sort of like an interface, it sets the foundation for the class, such as the required methods. This also allows
-    # other modules to overwrite methods and call super on them. It's also a place to put "utility" methods used
-    # throughout Authlogic.
+    # Sort of like an interface, it sets the foundation for the class, such as the
+    # required methods. This also allows other modules to overwrite methods and call super
+    # on them. It's also a place to put "utility" methods used throughout Authlogic.
     module Foundation
       def self.included(klass)
         klass.class_eval do
@@ -16,12 +16,14 @@ module Authlogic
           self.credentials = args
         end
 
-        # The credentials you passed to create your session. See credentials= for more info.
+        # The credentials you passed to create your session. See credentials= for more
+        # info.
         def credentials
           []
         end
 
-        # Set your credentials before you save your session. You can pass a hash of credentials:
+        # Set your credentials before you save your session. You can pass a hash of
+        # credentials:
         #
         #   session.credentials = {:login => "my login", :password => "my password", :remember_me => true}
         #
@@ -29,8 +31,9 @@ module Authlogic
         #
         #   session.credentials = [my_user_object, true]
         #
-        # and if you need to set an id, just pass it last. This value need be the last item in the array you pass, since the id is something that
-        # you control yourself, it should never be set from a hash or a form. Examples:
+        # and if you need to set an id, just pass it last. This value need be the last
+        # item in the array you pass, since the id is something that you control yourself,
+        # it should never be set from a hash or a form. Examples:
         #
         #   session.credentials = [{:login => "my login", :password => "my password", :remember_me => true}, :my_id]
         #   session.credentials = [my_user_object, true, :my_id]
@@ -42,6 +45,7 @@ module Authlogic
         end
 
         private
+
           def build_key(last_part)
             last_part
           end

data/lib/authlogic/session/http_auth.rb

@@ -14,7 +14,7 @@ module Authlogic
           persist :persist_by_http_auth, :if => :persist_by_http_auth?
         end
       end
-      
+
       # Configuration for the HTTP basic auth feature of Authlogic.
       module Config
         # Do you want to allow your users to log in via HTTP basic auth?
@@ -64,14 +64,15 @@ module Authlogic
         end
         alias_method :http_basic_auth_realm=, :http_basic_auth_realm
       end
-      
+
       # Instance methods for the HTTP basic auth feature of authlogic.
       module InstanceMethods
         private
+
           def persist_by_http_auth?
             allow_http_basic_auth? && login_field && password_field
           end
-        
+
           def persist_by_http_auth
             login_proc = Proc.new do |login, password|
               if !login.blank? && !password.blank?
@@ -86,10 +87,10 @@ module Authlogic
             else
               controller.authenticate_with_http_basic(&login_proc)
             end
-        
+
             false
           end
-        
+
           def allow_http_basic_auth?
             self.class.allow_http_basic_auth == true
           end

data/lib/authlogic/session/id.rb

@@ -7,14 +7,14 @@ module Authlogic
           attr_writer :id
         end
       end
-      
+
       # Setting the id if it is passed in the credentials.
       def credentials=(value)
         super
         values = value.is_a?(Array) ? value : [value]
         self.id = values.last if values.last.is_a?(Symbol)
       end
-      
+
       # Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time.
       # A good example when this might be needed is when you want to have a normal user session and a "secure" user session.
       # The secure user session would be created only when they want to modify their billing information, or other sensitive
@@ -30,12 +30,13 @@ module Authlogic
       def id
         @id
       end
-      
+
       private
+
         # Used for things like cookie_key, session_key, etc.
         def build_key(last_part)
           [id, super].compact.join("_")
         end
     end
   end
-end
+end

data/lib/authlogic/session/klass.rb

@@ -56,6 +56,7 @@ module Authlogic
         end
 
         private
+
           def klass
             self.class.klass
           end
@@ -66,4 +67,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/session/magic_columns.rb

@@ -1,15 +1,19 @@
 module Authlogic
   module Session
-    # Just like ActiveRecord has "magic" columns, such as: created_at and updated_at. Authlogic has its own "magic" columns too:
+    # Just like ActiveRecord has "magic" columns, such as: created_at and updated_at.
+    # Authlogic has its own "magic" columns too:
     #
-    #   Column name           Description
-    #   login_count           Increased every time an explicit login is made. This will *NOT* increase if logging in by a session, cookie, or basic http auth
-    #   failed_login_count    This increases for each consecutive failed login. See Authlogic::Session::BruteForceProtection and the consecutive_failed_logins_limit config option for more details.
-    #   last_request_at       Updates every time the user logs in, either by explicitly logging in, or logging in by cookie, session, or http auth
-    #   current_login_at      Updates with the current time when an explicit login is made.
-    #   last_login_at         Updates with the value of current_login_at before it is reset.
-    #   current_login_ip      Updates with the request ip when an explicit login is made.
-    #   last_login_ip         Updates with the value of current_login_ip before it is reset.
+    # * login_count - Increased every time an explicit login is made. This will *NOT*
+    #   increase if logging in by a session, cookie, or basic http auth
+    # * failed_login_count - This increases for each consecutive failed login. See
+    #   Authlogic::Session::BruteForceProtection and the consecutive_failed_logins_limit
+    #   config option for more details.
+    # * last_request_at - Updates every time the user logs in, either by explicitly
+    #   logging in, or logging in by cookie, session, or http auth
+    # * current_login_at - Updates with the current time when an explicit login is made.
+    # * last_login_at - Updates with the value of current_login_at before it is reset.
+    # * current_login_ip - Updates with the request ip when an explicit login is made.
+    # * last_login_ip - Updates with the value of current_login_ip before it is reset.
     module MagicColumns
       def self.included(klass)
         klass.class_eval do
@@ -24,10 +28,12 @@ module Authlogic
 
       # Configuration for the magic columns feature.
       module Config
-        # Every time a session is found the last_request_at field for that record is updated with the current time, if that field exists.
-        # If you want to limit how frequent that field is updated specify the threshold here. For example, if your user is making a
-        # request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threshold. Set this to 1.minute.
-        # Once a minute has passed in between requests the field will be updated.
+        # Every time a session is found the last_request_at field for that record is
+        # updated with the current time, if that field exists. If you want to limit how
+        # frequent that field is updated specify the threshold here. For example, if your
+        # user is making a request every 5 seconds, and you feel this is too frequent, and
+        # feel a minute is a good threshold. Set this to 1.minute. Once a minute has
+        # passed in between requests the field will be updated.
         #
         # * <tt>Default:</tt> 0
         # * <tt>Accepts:</tt> integer representing time in seconds
@@ -40,6 +46,7 @@ module Authlogic
       # The methods available for an Authlogic::Session::Base object that make up the magic columns feature.
       module InstanceMethods
         private
+
           def increase_failed_login_count
             if invalid_password? && attempted_record.respond_to?(:failed_login_count)
               attempted_record.failed_login_count ||= 0
@@ -83,7 +90,7 @@ module Authlogic
           # You can do whatever you want with that method.
           def set_last_request_at? # :doc:
             return false if !record || !klass.column_names.include?("last_request_at")
-            return controller.last_request_update_allowed? if controller.responds_to_last_request_update_allowed?
+            return false if controller.responds_to_last_request_update_allowed? && !controller.last_request_update_allowed?
             record.last_request_at.blank? || last_request_at_threshold.to_i.seconds.ago >= record.last_request_at
           end
 

data/lib/authlogic/session/magic_states.rb

@@ -1,18 +1,25 @@
 module Authlogic
   module Session
-    # Authlogic tries to check the state of the record before creating the session. If your record responds to the following methods and any of them return false, validation will fail:
+    # Authlogic tries to check the state of the record before creating the session. If
+    # your record responds to the following methods and any of them return false,
+    # validation will fail:
     #
     #   Method name           Description
     #   active?               Is the record marked as active?
     #   approved?             Has the record been approved?
-    #   confirmed?            Has the record been conirmed?
+    #   confirmed?            Has the record been confirmed?
     #
-    # Authlogic does nothing to define these methods for you, its up to you to define what they mean. If your object responds to these methods Authlogic will use them, otherwise they are ignored.
+    # Authlogic does nothing to define these methods for you, its up to you to define what
+    # they mean. If your object responds to these methods Authlogic will use them,
+    # otherwise they are ignored.
     #
-    # What's neat about this is that these are checked upon any type of login. When logging in explicitly, by cookie, session, or basic http auth.
-    # So if you mark a user inactive in the middle of their session they wont be logged back in next time they refresh the page. Giving you complete control.
+    # What's neat about this is that these are checked upon any type of login. When
+    # logging in explicitly, by cookie, session, or basic http auth. So if you mark a user
+    # inactive in the middle of their session they wont be logged back in next time they
+    # refresh the page. Giving you complete control.
     #
-    # Need Authlogic to check your own "state"? No problem, check out the hooks section below. Add in a before_validation to do your own checking. The sky is the limit.
+    # Need Authlogic to check your own "state"? No problem, check out the hooks section
+    # below. Add in a before_validation to do your own checking. The sky is the limit.
     module MagicStates
       def self.included(klass)
         klass.class_eval do
@@ -21,12 +28,14 @@ module Authlogic
           validate :validate_magic_states, :unless => :disable_magic_states?
         end
       end
-      
+
       # Configuration for the magic states feature.
       module Config
-        # Set this to true if you want to disable the checking of active?, approved?, and confirmed? on your record. This is more or less of a
-        # convenience feature, since 99% of the time if those methods exist and return false you will not want the user logging in. You could
-        # easily accomplish this same thing with a before_validation method or other callbacks.
+        # Set this to true if you want to disable the checking of active?, approved?, and
+        # confirmed? on your record. This is more or less of a convenience feature, since
+        # 99% of the time if those methods exist and return false you will not want the
+        # user logging in. You could easily accomplish this same thing with a
+        # before_validation method or other callbacks.
         #
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
@@ -35,14 +44,16 @@ module Authlogic
         end
         alias_method :disable_magic_states=, :disable_magic_states
       end
-      
-      # The methods available for an Authlogic::Session::Base object that make up the magic states feature.
+
+      # The methods available for an Authlogic::Session::Base object that make up the
+      # magic states feature.
       module InstanceMethods
         private
+
           def disable_magic_states?
             self.class.disable_magic_states == true
           end
-        
+
           def validate_magic_states
             return true if attempted_record.nil?
             [:active, :approved, :confirmed].each do |required_status|
@@ -56,4 +67,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/session/params.rb

@@ -1,15 +1,19 @@
 module Authlogic
   module Session
-    # This module is responsible for authenticating the user via params, which ultimately allows the user to log in using a URL like the following:
+    # This module is responsible for authenticating the user via params, which ultimately
+    # allows the user to log in using a URL like the following:
     #
     #   https://www.domain.com?user_credentials=4LiXF7FiGUppIPubBPey
     #
-    # Notice the token in the URL, this is a single access token. A single access token is used for single access only, it is not persisted. Meaning the user
-    # provides it, Authlogic grants them access, and that's it. If they want access again they need to provide the token again. Authlogic will
-    # *NEVER* try to persist the session after authenticating through this method.
+    # Notice the token in the URL, this is a single access token. A single access token is
+    # used for single access only, it is not persisted. Meaning the user provides it,
+    # Authlogic grants them access, and that's it. If they want access again they need to
+    # provide the token again. Authlogic will *NEVER* try to persist the session after
+    # authenticating through this method.
     #
-    # For added security, this token is *ONLY* allowed for RSS and ATOM requests. You can change this with the configuration. You can also define if
-    # it is allowed dynamically by defining a single_access_allowed? method in your controller. For example:
+    # For added security, this token is *ONLY* allowed for RSS and ATOM requests. You can
+    # change this with the configuration. You can also define if it is allowed dynamically
+    # by defining a single_access_allowed? method in your controller. For example:
     #
     #   class UsersController < ApplicationController
     #     private
@@ -17,8 +21,9 @@ module Authlogic
     #         action_name == "index"
     #       end
     #
-    # Also, by default, this token is permanent. Meaning if the user changes their password, this token will remain the same. It will only change
-    # when it is explicitly reset.
+    # Also, by default, this token is permanent. Meaning if the user changes their
+    # password, this token will remain the same. It will only change when it is explicitly
+    # reset.
     #
     # You can modify all of this behavior with the Config sub module.
     module Params
@@ -30,15 +35,19 @@ module Authlogic
           persist :persist_by_params
         end
       end
-      
+
       # Configuration for the params / single access feature.
       module Config
-        # Works exactly like cookie_key, but for params. So a user can login via params just like a cookie or a session. Your URL would look like:
+        # Works exactly like cookie_key, but for params. So a user can login via
+        # params just like a cookie or a session. Your URL would look like:
         #
         #   http://www.domain.com?user_credentials=my_single_access_key
         #
-        # You can change the "user_credentials" key above with this configuration option. Keep in mind, just like cookie_key, if you supply an id
-        # the id will be appended to the front. Check out cookie_key for more details. Also checkout the "Single Access / Private Feeds Access" section in the README.
+        # You can change the "user_credentials" key above with this
+        # configuration option. Keep in mind, just like cookie_key, if you
+        # supply an id the id will be appended to the front. Check out
+        # cookie_key for more details. Also checkout the "Single Access /
+        # Private Feeds Access" section in the README.
         #
         # * <tt>Default:</tt> cookie_key
         # * <tt>Accepts:</tt> String
@@ -46,56 +55,62 @@ module Authlogic
           rw_config(:params_key, value, cookie_key)
         end
         alias_method :params_key=, :params_key
-        
-        # Authentication is allowed via a single access token, but maybe this is something you don't want for your application as a whole. Maybe this is
-        # something you only want for specific request types. Specify a list of allowed request types and single access authentication will only be
+
+        # Authentication is allowed via a single access token, but maybe this is
+        # something you don't want for your application as a whole. Maybe this
+        # is something you only want for specific request types. Specify a list
+        # of allowed request types and single access authentication will only be
         # allowed for the ones you specify.
         #
         # * <tt>Default:</tt> ["application/rss+xml", "application/atom+xml"]
-        # * <tt>Accepts:</tt> String of a request type, or :all or :any to allow single access authentication for any and all request types
+        # * <tt>Accepts:</tt> String of a request type, or :all or :any to
+        #   allow single access authentication for any and all request types
         def single_access_allowed_request_types(value = nil)
           rw_config(:single_access_allowed_request_types, value, ["application/rss+xml", "application/atom+xml"])
         end
         alias_method :single_access_allowed_request_types=, :single_access_allowed_request_types
       end
-      
-      # The methods available for an Authlogic::Session::Base object that make up the params / single access feature.
+
+      # The methods available for an Authlogic::Session::Base object that make
+      # up the params / single access feature.
       module InstanceMethods
         private
+
           def persist_by_params
             return false if !params_enabled?
             self.unauthorized_record = search_for_record("find_by_single_access_token", params_credentials)
             self.single_access = valid?
           end
-          
+
           def params_enabled?
             return false if !params_credentials || !klass.column_names.include?("single_access_token")
             return controller.single_access_allowed? if controller.responds_to_single_access_allowed?
-            
+
             case single_access_allowed_request_types
             when Array
-              single_access_allowed_request_types.include?(controller.request_content_type) || single_access_allowed_request_types.include?(:all)
+              single_access_allowed_request_types.include?(controller.request_content_type) ||
+                single_access_allowed_request_types.include?(:all)
             else
               [:all, :any].include?(single_access_allowed_request_types)
             end
           end
-          
+
           def params_key
             build_key(self.class.params_key)
           end
-          
+
           def single_access?
             single_access == true
           end
-          
+
           def single_access_allowed_request_types
             self.class.single_access_allowed_request_types
           end
-          
+
           def params_credentials
             controller.params[params_key]
           end
       end
     end
   end
-end
+end