authlogic 3.4.6 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: e9c7f5c79c3343a9c1d2f15743ffef73e6a5a73d
-  data.tar.gz: 90c6bc0a810fbfeb410c6d5a177148dc9e802329
+SHA256:
+  metadata.gz: 3081d87618bffbf9f31777254d99aefe983f895699098458ca7583e32935ecef
+  data.tar.gz: 10bdd5b58605ce5c2081a4bc8c9ee206fe5ba679444581446469e03dfde615dc
 SHA512:
-  metadata.gz: 1b3fedace0a9232fad6ba1ad25994215f76af134a74c82496f24c1554af00c59ed00cab602ca11c480c66228e0b738e555e6612f68764c8205e10fc92e6a07d6
-  data.tar.gz: 20ca2cfb1de0d9f30b90014188e5bd7592fc087b381861c047293d9ecbc6d4084475a8409a74000b2a6ed2ab0ffea6534208e04b4496ecba555a3975b2614649
+  metadata.gz: 4c9afb5dfb70b62983cd5db0c0ae0576c4c956e8c43cc9ff9c4cdb7a803ed0eb8367e84e9978e28ad354cb7f4e443bb54b8b83a3be9fc3edd5f17426627cb9f6
+  data.tar.gz: d56d7d0629606635a73103fdd3da0424c051af48b15a3e4fd6317f7386ba42698cb970e441651bb6febbc098940f113ff4ca417eb0b0506e821bab0b69075e86

data/.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,13 @@
+Thanks for your interest in authlogic! Our volunteers' time is limited, so we
+can only respond on GitHub to bug reports and feature requests. Please ask
+usage questions on StackOverflow so that the whole community has a chance to
+answer your question.
+
+http://stackoverflow.com/questions/tagged/authlogic
+
+Do not disclose security issues in public. See our contributing guide
+for instructions.
+
+https://github.com/binarylogic/authlogic/blob/master/CONTRIBUTING.md
+
+Thanks for your contribution!

data/.github/triage.md

@@ -0,0 +1,87 @@
+# Triage
+
+Common responses to issues.
+
+## Usage question we were able to answer
+
+```
+If that doesn't answer your question, please ask a new question 
+on [stackoverflow][1]. Unfortunatley, we just don't have enough volunteers to 
+handle usage questions on github.
+
+Also, please check the [reference documentation][2]. You might find something
+there that's not in the readme.
+
+Thanks!
+
+[1]: http://stackoverflow.com/questions/tagged/authlogic
+[2]: https://github.com/binarylogic/authlogic#1c-reference-documentation
+```
+
+## Old issue, generic
+
+```
+Hello, I'm going through old authlogic issues and seeing what to do with them.
+Skimming through this, it's unclear if it's a usage question, a feature request,
+or a bug report.
+
+If this is a bug report, and you can still reproduce this issue with a clean
+install of the latest version of authlogic and rails (currently 3.6.0 and 5.1.4
+respectively), please create a git repo with a sample app that reproduces the
+problem, and open a new issue.
+
+If this is a feature request, it's still relevant, and you are committed to 
+implementing it, please open a new issue and we can discuss your implementation 
+plan.
+
+If this is a usage question, please ask it on [stackoverflow][1]. Unfortunatley,
+we just don't have enough volunteers to handle usage questions on github. Also,
+please check the [reference documentation][2]. You might find something there
+that's not in the readme.
+
+Thanks!
+
+[1]: http://stackoverflow.com/questions/tagged/authlogic
+[2]: https://github.com/binarylogic/authlogic#1c-reference-documentation
+```
+
+## Old issue, usage question / feature request
+
+```
+Hello, I'm going through old authlogic issues and seeing what to do with them.
+This one looks a bit like a usage question and a bit like a feature request.
+
+If this is a feature request, it's still relevant, and you are committed to 
+implementing it, please open a new issue and we can discuss your implementation 
+plan.
+
+If this is a usage question, please ask it on [stackoverflow][1]. Unfortunatley,
+we just don't have enough volunteers to handle usage questions on github. Also,
+please check the [reference documentation][2]. You might find something there
+that's not in the readme.
+
+Thanks!
+
+[1]: http://stackoverflow.com/questions/tagged/authlogic
+[2]: https://github.com/binarylogic/authlogic#1c-reference-documentation
+```
+
+## Old issue, bug report
+
+```
+Hello, I'm going through old authlogic issues and seeing what to do with them.
+This one looks like a bug report.
+
+If you can still reproduce this issue with a clean install of the latest 
+version of authlogic and rails (currently 3.6.0 and 5.1.4 respectively), please 
+create a git repo with a sample app that reproduces the problem, and open a new 
+issue.
+
+If this was more of a usage question than a bug report, please ask your question 
+on [stackoverflow][1]. Unfortunatley, we just don't have enough volunteers to 
+handle usage questions on github.
+
+Thanks!
+
+[1]: http://stackoverflow.com/questions/tagged/authlogic 
+```

data/.gitignore

@@ -1,5 +1,6 @@
 .DS_Store
 .swp
+*.gem
 *.log
 *.sqlite3
 pkg/*
@@ -10,3 +11,6 @@ benchmarks/*
 test/gemfiles/Gemfile*.lock
 .bundle
 Gemfile.lock
+.ruby-gemset
+.ruby-version
+.byebug_history

data/.rubocop.yml

@@ -0,0 +1,127 @@
+inherit_from: .rubocop_todo.yml
+
+AllCops:
+  # You can run the authlogic test suite with any supported version of MRI, but the
+  # linter will only care about this `TargetRubyVersion`. This should be set to the
+  # lowest version of MRI that authlogic supports.
+  TargetRubyVersion: 2.2
+
+# Please use normal indentation when aligning parameters.
+#
+# Good:
+#
+#     method_call(
+#       a,
+#       b
+#     )
+#
+#     method_call(a,
+#       b
+#     )
+#
+# Bad:
+#
+#     method_call(a,
+#                 b)
+#
+# The latter is harder to maintain and uses too much horizontal space.
+Layout/AlignParameters:
+  EnforcedStyle: with_fixed_indentation
+
+Layout/MultilineMethodCallIndentation:
+  EnforcedStyle: indented
+
+Layout/MultilineOperationIndentation:
+  EnforcedStyle: indented
+
+Metrics/AbcSize:
+  Exclude:
+    # crypto_providers/wordpress is deprecated so we will not attempt to
+    # improve its quality.
+    - lib/authlogic/crypto_providers/wordpress.rb
+    # In an ideal world tests would be held to the same ABC metric as production
+    # code. In practice, time spent doing so is not nearly as valuable as
+    # spending the same time improving production code.
+    - test/**/*
+
+# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
+Metrics/BlockLength:
+  Enabled: false
+
+# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
+Metrics/ClassLength:
+  Enabled: false
+
+Metrics/CyclomaticComplexity:
+  Exclude:
+    # crypto_providers/wordpress is deprecated so we will not attempt to
+    # improve its quality.
+    - lib/authlogic/crypto_providers/wordpress.rb
+
+# Aim for 80, but 100 is OK.
+Metrics/LineLength:
+  Max: 100
+
+# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
+Metrics/MethodLength:
+  Enabled: false
+
+# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
+Metrics/ModuleLength:
+  Enabled: false
+
+# Sometimes prefixing a method name with get_ or set_ is a reasonable choice.
+Naming/AccessorMethodName:
+  Enabled: false
+
+# Having a consistent delimiter, like EOS, improves reading speed. The delimiter
+# is syntactic noise, just like a quotation mark, and inconsistent naming would
+# hurt reading speed, just as inconsistent quoting would.
+Naming/HeredocDelimiterNaming:
+  Enabled: false
+
+# Avoid single-line method definitions.
+Style/EmptyMethod:
+  EnforcedStyle: expanded
+
+# Avoid annotated tokens except in desperately complicated format strings.
+# In 99% of format strings they actually make it less readable.
+Style/FormatStringToken:
+  Enabled: false
+
+# Too subtle to lint. Guard clauses are great, use them if they help.
+Style/GuardClause:
+  Enabled: false
+
+# Too subtle to lint. A multi-line conditional may improve readability, even if
+# a postfix conditional would satisfy `Metrics/LineLength`.
+Style/IfUnlessModifier:
+  Enabled: false
+
+# Too subtle to lint. Use semantic style, but prefer `}.x` over `end.x`.
+Style/BlockDelimiters:
+  Enabled: false
+
+# Use the nested style because it is safer. It is easier to make mistakes with
+# the compact style.
+Style/ClassAndModuleChildren:
+  EnforcedStyle: nested
+
+# Both `module_function` and `extend_self` are legitimate. Most importantly,
+# they are different (http://bit.ly/2hSQAGm)
+Style/ModuleFunction:
+  Enabled: false
+
+# The decision of when to use slashes `/foo/` or percent-r `%r{foo}` is too
+# subtle to lint. Use whichever requires fewer backslash escapes.
+Style/RegexpLiteral:
+  AllowInnerSlashes: true
+
+# We use words, like `$LOAD_PATH`, because they are much less confusing that
+# arcane symbols like `$:`. Unfortunately, we must then `require "English"` in
+# a few places, but it's worth it so that we can read our code.
+Style/SpecialGlobalVars:
+  EnforcedStyle: use_english_names
+
+Style/StringLiterals:
+  EnforcedStyle: double_quotes

data/.rubocop_todo.yml

@@ -0,0 +1,65 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2018-05-22 23:50:03 -0400 using RuboCop version 0.56.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 10
+Metrics/AbcSize:
+  Max: 18.5
+
+# Offense count: 59
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: prefer_alias, prefer_alias_method
+Style/Alias:
+  Enabled: false
+
+# Offense count: 5
+Style/ClassVars:
+  Exclude:
+    - 'lib/authlogic/i18n.rb'
+
+# Offense count: 22
+Style/Documentation:
+  Exclude:
+    # Permanent
+    - 'test/**/*'
+
+    # TODO
+    - 'lib/authlogic/config.rb'
+    - 'lib/authlogic/controller_adapters/sinatra_adapter.rb'
+    - 'lib/authlogic/crypto_providers.rb'
+    - 'lib/authlogic/i18n/translator.rb'
+    - 'lib/authlogic/session/activation.rb'
+    - 'lib/authlogic/session/active_record_trickery.rb'
+    - 'lib/authlogic/session/existence.rb'
+    - 'lib/authlogic/session/foundation.rb'
+    - 'lib/authlogic/session/klass.rb'
+    - 'lib/authlogic/session/persistence.rb'
+    - 'lib/authlogic/session/scopes.rb'
+    - 'lib/authlogic/test_case.rb'
+    - 'lib/authlogic/test_case/mock_cookie_jar.rb'
+    - 'lib/authlogic/version.rb'
+
+# Offense count: 4
+Style/MethodMissingSuper:
+  Exclude:
+    - 'lib/authlogic/controller_adapters/abstract_adapter.rb'
+    - 'lib/authlogic/controller_adapters/sinatra_adapter.rb'
+    - 'lib/authlogic/test_case/mock_request.rb'
+
+# Offense count: 3
+Style/MissingRespondToMissing:
+  Exclude:
+    - 'lib/authlogic/controller_adapters/sinatra_adapter.rb'
+    - 'lib/authlogic/test_case/mock_request.rb'
+
+# Offense count: 10
+# Cop supports --auto-correct.
+# Configuration parameters: .
+# SupportedStyles: compact, exploded
+Style/RaiseArgs:
+  EnforcedStyle: compact

data/.travis.yml

@@ -1,18 +1,26 @@
 language: ruby
+
+# cache: bundler
+# We would like to enable travis' bundler cache (cache: bundler) but for some reason
+# travis installs our bundle under the test directory (test/vendor/bundle/*) and, as a
+# result, travis tries to run all of the tests of all of our dependencies!
+# TODO: There's probably a way to configure the bundle path
+
+before_install:
+  - gem update --system
+  - gem update bundler
+
 rvm:
-  - 1.9.3
-  - 2.0.0
-  - 2.1.0
-  - jruby
+  - 2.2.9
+  - 2.5.0
 
 gemfile:
-  - test/gemfiles/Gemfile.rails-3.2.x
-  - test/gemfiles/Gemfile.rails-4.0.x
-  - test/gemfiles/Gemfile.rails-4.1.x
   - test/gemfiles/Gemfile.rails-4.2.x
+  - test/gemfiles/Gemfile.rails-5.0.x
+  - test/gemfiles/Gemfile.rails-5.1.x
+  - test/gemfiles/Gemfile.rails-5.2.x
 
 matrix:
-  exclude:
-    - rvm: 1.9.3
-      gemfile: test/gemfiles/Gemfile.rails-4.1.x
   fast_finish: true
+
+sudo: false

data/CHANGELOG.md

@@ -1,9 +1,155 @@
 # Changelog
 
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
 ## Unreleased
 
+* Breaking Changes
+  * None
+* Added
+  * None
+* Fixed
+  * None
+
+## 4.2.0 (2018-07-18)
+
+* Breaking Changes
+  * None
+* Added
+  * [#611](https://github.com/binarylogic/authlogic/pull/611) -  Deprecate
+    AES256, guide users to choose a better crypto provider
+* Fixed
+  * None
+
+## 4.1.1 (2018-05-23)
+
+* Breaking Changes
+  * None
+* Added
+  * None
+* Fixed
+  * [#606](https://github.com/binarylogic/authlogic/pull/606) - Interpreter
+    warnings about undefined instance variables
+
+## 4.1.0 (2018-04-24)
+
+* Breaking Changes
+  * None
+* Added
+  * None
+* Fixed
+  * None
+* Deprecated
+  * crypto_providers/wordpress.rb, without replacement
+  * restful_authentication, without replacement
+
+## 4.0.1 (2018-03-20)
+
+* Breaking Changes
+  * None
+* Added
+  * None
+* Fixed
+  * [#590](https://github.com/binarylogic/authlogic/pull/590) -
+    Fix "cannot modify frozen gem" re: ActiveRecord.gem_version
+
+## 4.0.0 (2018-03-18)
+
+* Breaking Changes, Major
+  * Drop support for ruby < 2.2
+  * Drop support for rails < 4.2
+  * HTTP Basic Auth is now disabled by default (use allow_http_basic_auth to enable)
+  * 'httponly' and 'secure' cookie options are enabled by default now
+  * maintain_sessions config has been removed. It has been split into 2 new options:
+    log_in_after_create & log_in_after_password_change (@lucasminissale)
+  * [#558](https://github.com/binarylogic/authlogic/pull/558) Passing an
+    ActionController::Parameters into authlogic will now raise an error
+
+* Breaking Changes, Minor
+  * Methods in Authlogic::Random are now module methods, and are no longer
+    instance methods. Previously, there were both. Do not use Authlogic::Random
+    as a mixin.
+  * Our mutable constants (e.g. arrays, hashes) are now frozen.
+
+* Added
+  * `Authlogic.gem_version`
+  * [#586](https://github.com/binarylogic/authlogic/pull/586) Support for SameSite cookies
+  * [#581](https://github.com/binarylogic/authlogic/pull/581) Support for rails 5.2
+  * Support for ruby 2.4, specifically openssl gem 2.0
+  * [#98](https://github.com/binarylogic/authlogic/issues/98)
+    I18n for invalid session error message. (@eugenebolshakov)
+
+* Fixed
+  * Random.friendly_token (used for e.g. perishable token) now returns strings
+    of consistent length, and conforms better to RFC-4648
+  * ensure that login field validation uses correct locale (@sskirby)
+  * add a respond_to_missing? in AbstractAdapter that also checks controller respond_to?
+  * [#561](https://github.com/binarylogic/authlogic/issues/561) authenticates_many now works with scope_cookies:true
+  * Allow tld up to 24 characters per https://data.iana.org/TLD/tlds-alpha-by-domain.txt
+
+## 3.8.0 2018-02-07
+
+* Breaking Changes
+  * None
+
+* Added
+  * [#582](https://github.com/binarylogic/authlogic/pull/582) Support rails 5.2
+  * [#583](https://github.com/binarylogic/authlogic/pull/583) Support openssl gem 2.0
+
+* Fixed
+  * None
+
+## 3.7.0 2018-02-07
+
+* Breaking Changes
+  * None
+
+* Added
+  * [#580](https://github.com/binarylogic/authlogic/pull/580) Deprecated
+    `ActionController::Parameters`, will be removed in 4.0.0
+
+* Fixed
+  * None
+
+## 3.6.1 2017-09-30
+
+* Breaking Changes
+  * None
+
+* Added
+  * None
+
+* Fixed
+  * Allow TLD up to 24 characters per
+    https://data.iana.org/TLD/tlds-alpha-by-domain.txt
+  * [#561](https://github.com/binarylogic/authlogic/issues/561)
+    authenticates_many now works with scope_cookies:true
+
+## 3.6.0 2017-04-28
+
+* Breaking Changes
+  * None
+
+* Added
+  * Support rails 5.1
+
+* Fixed
+  * ensure that login field validation uses correct locale (@sskirby)
+
+## 3.5.0 2016-08-29
+
+* new
+  * Rails 5.0 support! Thanks to all reporters and contributors.
+
 * changes
-  * ...
+  * increased default minimum password length to 8 (@iainbeeston)
+  * bind parameters in where statement for rails 5 support
+  * change callback for rails 5 support
+  * converts the ActionController::Parameters to a Hash for rails 5 support
+  * check last_request_at_threshold even if last_request_at_update_allowed returns true (@rofreg)
 
 ## 3.4.6 2015
 
@@ -49,16 +195,20 @@
 
 ## 3.4.0 2014-03-03
 
-* new
+* Breaking Changes
+  * made scrypt the default crypto provider from SHA512
+    (https://github.com/binarylogic/authlogic#upgrading-to-authlogic-340)
+    See UPGRADING.md.
+
+* Added
+  * officially support rails 4 (still supporting rails 3)
   * added cookie signing
   * added request store for better concurency for threaded environments
+  * added a rack adapter for Rack middleware support
 
-* changes
-  * BREAKING CHANGE: made scrypt the default crypto provider from SHA512 (https://github.com/binarylogic/authlogic#upgrading-to-authlogic-340)
+* Fixed
   * ditched appraisal
-  * officially support rails 4 (still supporting rails 3)
   * improved find_with_case default performance
-  * added a rack adapter for Rack middleware support
   * added travis ci support
 
 ## 3.3.0 2014-04-04