authlogic 3.4.6 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (140) hide show
  1. checksums.yaml +5 -5
  2. data/.github/ISSUE_TEMPLATE.md +13 -0
  3. data/.github/triage.md +87 -0
  4. data/.gitignore +4 -0
  5. data/.rubocop.yml +127 -0
  6. data/.rubocop_todo.yml +65 -0
  7. data/.travis.yml +18 -10
  8. data/CHANGELOG.md +156 -6
  9. data/CONTRIBUTING.md +71 -3
  10. data/Gemfile +2 -2
  11. data/README.md +386 -0
  12. data/Rakefile +13 -7
  13. data/UPGRADING.md +22 -0
  14. data/authlogic.gemspec +33 -22
  15. data/lib/authlogic.rb +60 -52
  16. data/lib/authlogic/acts_as_authentic/base.rb +40 -26
  17. data/lib/authlogic/acts_as_authentic/email.rb +96 -32
  18. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +36 -12
  19. data/lib/authlogic/acts_as_authentic/login.rb +114 -49
  20. data/lib/authlogic/acts_as_authentic/magic_columns.rb +17 -6
  21. data/lib/authlogic/acts_as_authentic/password.rb +296 -139
  22. data/lib/authlogic/acts_as_authentic/perishable_token.rb +34 -20
  23. data/lib/authlogic/acts_as_authentic/persistence_token.rb +20 -24
  24. data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +67 -0
  25. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +68 -23
  26. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +128 -85
  27. data/lib/authlogic/acts_as_authentic/single_access_token.rb +41 -25
  28. data/lib/authlogic/acts_as_authentic/validations_scope.rb +8 -8
  29. data/lib/authlogic/authenticates_many/association.rb +22 -14
  30. data/lib/authlogic/authenticates_many/base.rb +35 -16
  31. data/lib/authlogic/config.rb +10 -10
  32. data/lib/authlogic/controller_adapters/abstract_adapter.rb +40 -12
  33. data/lib/authlogic/controller_adapters/rack_adapter.rb +15 -8
  34. data/lib/authlogic/controller_adapters/rails_adapter.rb +42 -22
  35. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +3 -3
  36. data/lib/authlogic/crypto_providers.rb +91 -0
  37. data/lib/authlogic/crypto_providers/aes256.rb +42 -14
  38. data/lib/authlogic/crypto_providers/bcrypt.rb +35 -20
  39. data/lib/authlogic/crypto_providers/md5.rb +11 -9
  40. data/lib/authlogic/crypto_providers/scrypt.rb +26 -13
  41. data/lib/authlogic/crypto_providers/sha1.rb +14 -8
  42. data/lib/authlogic/crypto_providers/sha256.rb +16 -12
  43. data/lib/authlogic/crypto_providers/sha512.rb +8 -24
  44. data/lib/authlogic/crypto_providers/wordpress.rb +44 -15
  45. data/lib/authlogic/i18n.rb +33 -20
  46. data/lib/authlogic/i18n/translator.rb +1 -1
  47. data/lib/authlogic/random.rb +12 -29
  48. data/lib/authlogic/regex.rb +59 -27
  49. data/lib/authlogic/session/activation.rb +36 -23
  50. data/lib/authlogic/session/active_record_trickery.rb +13 -10
  51. data/lib/authlogic/session/base.rb +20 -8
  52. data/lib/authlogic/session/brute_force_protection.rb +87 -56
  53. data/lib/authlogic/session/callbacks.rb +99 -49
  54. data/lib/authlogic/session/cookies.rb +128 -59
  55. data/lib/authlogic/session/existence.rb +29 -19
  56. data/lib/authlogic/session/foundation.rb +70 -16
  57. data/lib/authlogic/session/http_auth.rb +39 -31
  58. data/lib/authlogic/session/id.rb +27 -15
  59. data/lib/authlogic/session/klass.rb +17 -13
  60. data/lib/authlogic/session/magic_columns.rb +78 -59
  61. data/lib/authlogic/session/magic_states.rb +50 -27
  62. data/lib/authlogic/session/params.rb +79 -50
  63. data/lib/authlogic/session/password.rb +197 -118
  64. data/lib/authlogic/session/perishable_token.rb +12 -6
  65. data/lib/authlogic/session/persistence.rb +20 -14
  66. data/lib/authlogic/session/priority_record.rb +20 -16
  67. data/lib/authlogic/session/scopes.rb +63 -33
  68. data/lib/authlogic/session/session.rb +40 -25
  69. data/lib/authlogic/session/timeout.rb +51 -34
  70. data/lib/authlogic/session/unauthorized_record.rb +24 -18
  71. data/lib/authlogic/session/validation.rb +32 -21
  72. data/lib/authlogic/test_case.rb +123 -35
  73. data/lib/authlogic/test_case/mock_controller.rb +14 -13
  74. data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -5
  75. data/lib/authlogic/test_case/mock_logger.rb +1 -1
  76. data/lib/authlogic/test_case/mock_request.rb +9 -4
  77. data/lib/authlogic/test_case/rails_request_adapter.rb +8 -7
  78. data/lib/authlogic/version.rb +21 -0
  79. data/test/acts_as_authentic_test/base_test.rb +1 -1
  80. data/test/acts_as_authentic_test/email_test.rb +80 -63
  81. data/test/acts_as_authentic_test/logged_in_status_test.rb +14 -8
  82. data/test/acts_as_authentic_test/login_test.rb +91 -49
  83. data/test/acts_as_authentic_test/magic_columns_test.rb +13 -13
  84. data/test/acts_as_authentic_test/password_test.rb +82 -60
  85. data/test/acts_as_authentic_test/perishable_token_test.rb +31 -25
  86. data/test/acts_as_authentic_test/persistence_token_test.rb +9 -5
  87. data/test/acts_as_authentic_test/restful_authentication_test.rb +18 -9
  88. data/test/acts_as_authentic_test/session_maintenance_test.rb +86 -22
  89. data/test/acts_as_authentic_test/single_access_test.rb +15 -15
  90. data/test/adapter_test.rb +21 -0
  91. data/test/authenticates_many_test.rb +26 -11
  92. data/test/config_test.rb +9 -9
  93. data/test/crypto_provider_test/aes256_test.rb +3 -3
  94. data/test/crypto_provider_test/bcrypt_test.rb +1 -1
  95. data/test/crypto_provider_test/scrypt_test.rb +2 -2
  96. data/test/crypto_provider_test/sha1_test.rb +4 -4
  97. data/test/crypto_provider_test/sha256_test.rb +2 -2
  98. data/test/crypto_provider_test/sha512_test.rb +3 -3
  99. data/test/crypto_provider_test/wordpress_test.rb +24 -0
  100. data/test/gemfiles/Gemfile.rails-4.2.x +2 -2
  101. data/test/gemfiles/Gemfile.rails-5.0.x +6 -0
  102. data/test/gemfiles/Gemfile.rails-5.1.x +6 -0
  103. data/test/gemfiles/Gemfile.rails-5.2.x +6 -0
  104. data/test/gemfiles/Gemfile.rails-master +6 -0
  105. data/test/i18n_test.rb +9 -9
  106. data/test/libs/affiliate.rb +2 -2
  107. data/test/libs/company.rb +4 -4
  108. data/test/libs/employee.rb +2 -2
  109. data/test/libs/employee_session.rb +1 -1
  110. data/test/libs/ldaper.rb +1 -1
  111. data/test/libs/project.rb +1 -1
  112. data/test/libs/user_session.rb +2 -2
  113. data/test/random_test.rb +9 -38
  114. data/test/session_test/activation_test.rb +7 -7
  115. data/test/session_test/active_record_trickery_test.rb +9 -6
  116. data/test/session_test/brute_force_protection_test.rb +26 -21
  117. data/test/session_test/callbacks_test.rb +10 -4
  118. data/test/session_test/cookies_test.rb +54 -20
  119. data/test/session_test/existence_test.rb +45 -23
  120. data/test/session_test/foundation_test.rb +17 -1
  121. data/test/session_test/http_auth_test.rb +11 -12
  122. data/test/session_test/id_test.rb +3 -3
  123. data/test/session_test/klass_test.rb +2 -2
  124. data/test/session_test/magic_columns_test.rb +15 -17
  125. data/test/session_test/magic_states_test.rb +17 -19
  126. data/test/session_test/params_test.rb +26 -20
  127. data/test/session_test/password_test.rb +11 -12
  128. data/test/session_test/perishability_test.rb +5 -5
  129. data/test/session_test/persistence_test.rb +4 -3
  130. data/test/session_test/scopes_test.rb +15 -9
  131. data/test/session_test/session_test.rb +7 -6
  132. data/test/session_test/timeout_test.rb +16 -14
  133. data/test/session_test/unauthorized_record_test.rb +3 -3
  134. data/test/session_test/validation_test.rb +5 -5
  135. data/test/test_helper.rb +115 -49
  136. metadata +107 -36
  137. data/README.rdoc +0 -232
  138. data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
  139. data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
  140. data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
@@ -1,18 +1,24 @@
1
1
  module Authlogic
2
2
  module Session
3
- # Maintains the perishable token, which is helpful for confirming records or authorizing records to reset their password. All that this
4
- # module does is reset it after a session have been saved, just keep it changing. The more it changes, the tighter the security.
3
+ # Maintains the perishable token, which is helpful for confirming records or
4
+ # authorizing records to reset their password. All that this module does is
5
+ # reset it after a session have been saved, just keep it changing. The more
6
+ # it changes, the tighter the security.
5
7
  #
6
8
  # See Authlogic::ActsAsAuthentic::PerishableToken for more information.
7
9
  module PerishableToken
8
10
  def self.included(klass)
9
11
  klass.after_save :reset_perishable_token!
10
12
  end
11
-
13
+
12
14
  private
13
- def reset_perishable_token!
14
- record.reset_perishable_token if record.respond_to?(:reset_perishable_token) && !record.disable_perishable_token_maintenance?
15
+
16
+ def reset_perishable_token!
17
+ if record.respond_to?(:reset_perishable_token) &&
18
+ !record.disable_perishable_token_maintenance?
19
+ record.reset_perishable_token
15
20
  end
21
+ end
16
22
  end
17
23
  end
18
- end
24
+ end
@@ -8,11 +8,12 @@ module Authlogic
8
8
  include InstanceMethods
9
9
  end
10
10
  end
11
-
11
+
12
12
  module ClassMethods
13
- # This is how you persist a session. This finds the record for the current session using
14
- # a variety of methods. It basically tries to "log in" the user without the user having
15
- # to explicitly log in. Check out the other Authlogic::Session modules for more information.
13
+ # This is how you persist a session. This finds the record for the
14
+ # current session using a variety of methods. It basically tries to "log
15
+ # in" the user without the user having to explicitly log in. Check out
16
+ # the other Authlogic::Session modules for more information.
16
17
  #
17
18
  # The best way to use this method is something like:
18
19
  #
@@ -28,30 +29,35 @@ module Authlogic
28
29
  # @current_user = current_user_session && current_user_session.user
29
30
  # end
30
31
  #
31
- # Also, this method accepts a single parameter as the id, to find session that you marked with an id:
32
+ # Also, this method accepts a single parameter as the id, to find
33
+ # session that you marked with an id:
32
34
  #
33
35
  # UserSession.find(:secure)
34
36
  #
35
37
  # See the id method for more information on ids.
36
38
  def find(id = nil, priority_record = nil)
37
- session = new({:priority_record => priority_record}, id)
39
+ session = new({ priority_record: priority_record }, id)
38
40
  session.priority_record = priority_record
39
41
  if session.persisting?
40
42
  session
41
- else
42
- nil
43
43
  end
44
44
  end
45
45
  end
46
-
46
+
47
47
  module InstanceMethods
48
- # Let's you know if the session is being persisted or not, meaning the user does not have to explicitly log in
49
- # in order to be logged in. If the session has no associated record, it will try to find a record and persist
50
- # the session. This is the method that the class level method find uses to ultimately persist the session.
48
+ # Returns boolean indicating if the session is being persisted or not,
49
+ # meaning the user does not have to explicitly log in in order to be
50
+ # logged in.
51
+ #
52
+ # If the session has no associated record, it will try to find a record
53
+ # and persist the session.
54
+ #
55
+ # This is the method that the class level method find uses to ultimately
56
+ # persist the session.
51
57
  def persisting?
52
- return true if !record.nil?
58
+ return true unless record.nil?
53
59
  self.attempted_record = nil
54
- self.remember_me = !cookie_credentials.nil? && !cookie_credentials[2].nil?
60
+ self.remember_me = cookie_credentials_remember_me?
55
61
  before_persisting
56
62
  persist
57
63
  ensure_authentication_attempted
@@ -1,16 +1,19 @@
1
1
  module Authlogic
2
2
  module Session
3
- # The point of this module is to avoid the StaleObjectError raised when lock_version is implemented in ActiveRecord.
4
- # We accomplish this by using a "priority record". Meaning this record is used if possible, it gets priority.
5
- # This way we don't save a record behind the scenes thus making an object being used stale.
3
+ # The point of this module is to avoid the StaleObjectError raised when
4
+ # lock_version is implemented in ActiveRecord. We accomplish this by using a
5
+ # "priority record". Meaning this record is used if possible, it gets
6
+ # priority. This way we don't save a record behind the scenes thus making an
7
+ # object being used stale.
6
8
  module PriorityRecord
7
9
  def self.included(klass)
8
10
  klass.class_eval do
9
11
  attr_accessor :priority_record
10
12
  end
11
13
  end
12
-
13
- # Setting priority record if it is passed. The only way it can be passed is through an array:
14
+
15
+ # Setting priority record if it is passed. The only way it can be passed
16
+ # is through an array:
14
17
  #
15
18
  # session.credentials = [real_user_object, priority_user_object]
16
19
  def credentials=(value)
@@ -18,17 +21,18 @@ module Authlogic
18
21
  values = value.is_a?(Array) ? value : [value]
19
22
  self.priority_record = values[1] if values[1].class < ::ActiveRecord::Base
20
23
  end
21
-
24
+
22
25
  private
23
- def attempted_record=(value)
24
- value = priority_record if value == priority_record
25
- super
26
- end
27
-
28
- def save_record(alternate_record = nil)
29
- r = alternate_record || record
30
- super if r != priority_record
31
- end
26
+
27
+ def attempted_record=(value)
28
+ value = priority_record if value == priority_record
29
+ super
30
+ end
31
+
32
+ def save_record(alternate_record = nil)
33
+ r = alternate_record || record
34
+ super if r != priority_record
35
+ end
32
36
  end
33
37
  end
34
- end
38
+ end
@@ -1,11 +1,14 @@
1
- require 'request_store'
1
+ require "request_store"
2
2
 
3
3
  module Authlogic
4
4
  module Session
5
- # Authentication can be scoped, and it's easy, you just need to define how you want to scope everything. This should help you:
5
+ # Authentication can be scoped, and it's easy, you just need to define how you want to
6
+ # scope everything. This should help you:
6
7
  #
7
- # 1. Want to scope by a parent object? Ex: An account has many users. Checkout Authlogic::AuthenticatesMany
8
- # 2. Want to scope the validations in your model? Ex: 2 users can have the same login under different accounts. See Authlogic::ActsAsAuthentic::Scope
8
+ # 1. Want to scope by a parent object? Ex: An account has many users.
9
+ # Checkout Authlogic::AuthenticatesMany
10
+ # 2. Want to scope the validations in your model? Ex: 2 users can have the same login
11
+ # under different accounts. See Authlogic::ActsAsAuthentic::Scope
9
12
  module Scopes # :nodoc:
10
13
  def self.included(klass)
11
14
  klass.class_eval do
@@ -22,27 +25,39 @@ module Authlogic
22
25
  RequestStore.store[:authlogic_scope]
23
26
  end
24
27
 
25
- # What with_scopes focuses on is scoping the query when finding the object and the name of the cookie / session. It works very similar to
26
- # ActiveRecord::Base#with_scopes. It accepts a hash with any of the following options:
28
+ # What with_scopes focuses on is scoping the query when finding the
29
+ # object and the name of the cookie / session. It works very similar to
30
+ # ActiveRecord::Base#with_scopes. It accepts a hash with any of the
31
+ # following options:
27
32
  #
28
- # * <tt>find_options:</tt> any options you can pass into ActiveRecord::Base.find. This is used when trying to find the record.
29
- # * <tt>id:</tt> The id of the session, this gets merged with the real id. For information ids see the id method.
33
+ # * <tt>find_options:</tt> any options you can pass into ActiveRecord::Base.find.
34
+ # This is used when trying to find the record.
35
+ # * <tt>id:</tt> The id of the session, this gets merged with the real id. For
36
+ # information ids see the id method.
30
37
  #
31
38
  # Here is how you use it:
32
39
  #
33
- # UserSession.with_scope(:find_options => {:conditions => "account_id = 2"}, :id => "account_2") do
34
- # UserSession.find
35
- # end
40
+ # ```
41
+ # UserSession.with_scope(find_options: {conditions: "account_id = 2"}, id: "account_2") do
42
+ # UserSession.find
43
+ # end
44
+ # ```
36
45
  #
37
- # Eseentially what the above does is scope the searching of the object with the sql you provided. So instead of:
46
+ # Essentially what the above does is scope the searching of the object
47
+ # with the sql you provided. So instead of:
38
48
  #
39
- # User.where("login = 'ben'").first
49
+ # ```
50
+ # User.where("login = 'ben'").first
51
+ # ```
40
52
  #
41
53
  # it would be:
42
54
  #
43
- # User.where("login = 'ben' and account_id = 2").first
55
+ # ```
56
+ # User.where("login = 'ben' and account_id = 2").first
57
+ # ```
44
58
  #
45
- # You will also notice the :id option. This works just like the id method. It scopes your cookies. So the name of your cookie will be:
59
+ # You will also notice the :id option. This works just like the id
60
+ # method. It scopes your cookies. So the name of your cookie will be:
46
61
  #
47
62
  # account_2_user_credentials
48
63
  #
@@ -50,9 +65,13 @@ module Authlogic
50
65
  #
51
66
  # user_credentials
52
67
  #
53
- # What is also nifty about scoping with an :id is that it merges your id's. So if you do:
68
+ # What is also nifty about scoping with an :id is that it merges your
69
+ # id's. So if you do:
54
70
  #
55
- # UserSession.with_scope(:find_options => {:conditions => "account_id = 2"}, :id => "account_2") do
71
+ # UserSession.with_scope(
72
+ # find_options: { conditions: "account_id = 2"},
73
+ # id: "account_2"
74
+ # ) do
56
75
  # session = UserSession.new
57
76
  # session.id = :secure
58
77
  # end
@@ -60,7 +79,7 @@ module Authlogic
60
79
  # The name of your cookies will be:
61
80
  #
62
81
  # secure_account_2_user_credentials
63
- def with_scope(options = {}, &block)
82
+ def with_scope(options = {})
64
83
  raise ArgumentError.new("You must provide a block") unless block_given?
65
84
  self.scope = options
66
85
  result = yield
@@ -69,9 +88,10 @@ module Authlogic
69
88
  end
70
89
 
71
90
  private
72
- def scope=(value)
73
- RequestStore.store[:authlogic_scope] = value
74
- end
91
+
92
+ def scope=(value)
93
+ RequestStore.store[:authlogic_scope] = value
94
+ end
75
95
  end
76
96
 
77
97
  module InstanceMethods
@@ -87,21 +107,31 @@ module Authlogic
87
107
  end
88
108
 
89
109
  private
90
- # Used for things like cookie_key, session_key, etc.
91
- def build_key(last_part)
92
- [scope[:id], super].compact.join("_")
110
+
111
+ # Used for things like cookie_key, session_key, etc.
112
+ def build_key(last_part)
113
+ [scope[:id], super].compact.join("_")
114
+ end
115
+
116
+ # `args[0]` is the name of an AR method, like
117
+ # `find_by_single_access_token`.
118
+ def search_for_record(*args)
119
+ search_scope.scoping do
120
+ klass.send(*args)
93
121
  end
122
+ end
94
123
 
95
- def search_for_record(*args)
96
- session_scope = if scope[:find_options].is_a?(ActiveRecord::Relation)
97
- scope[:find_options]
98
- else
99
- klass.send(:where, scope[:find_options] && scope[:find_options][:conditions] || {})
100
- end
101
- session_scope.scoping do
102
- klass.send(*args)
103
- end
124
+ # Returns an AR relation representing the scope of the search. The
125
+ # relation is either provided directly by, or defined by
126
+ # `find_options`.
127
+ def search_scope
128
+ if scope[:find_options].is_a?(ActiveRecord::Relation)
129
+ scope[:find_options]
130
+ else
131
+ conditions = scope[:find_options] && scope[:find_options][:conditions] || {}
132
+ klass.send(:where, conditions)
104
133
  end
134
+ end
105
135
  end
106
136
  end
107
137
  end
@@ -1,6 +1,7 @@
1
1
  module Authlogic
2
2
  module Session
3
- # Handles all parts of authentication that deal with sessions. Such as persisting a session and saving / destroy a session.
3
+ # Handles all parts of authentication that deal with sessions. Such as persisting a
4
+ # session and saving / destroy a session.
4
5
  module Session
5
6
  def self.included(klass)
6
7
  klass.class_eval do
@@ -9,7 +10,7 @@ module Authlogic
9
10
  persist :persist_by_session
10
11
  after_save :update_session
11
12
  after_destroy :update_session
12
- after_persisting :update_session, :unless => :single_access?
13
+ after_persisting :update_session, unless: :single_access?
13
14
  end
14
15
  end
15
16
 
@@ -28,35 +29,49 @@ module Authlogic
28
29
  # Instance methods for the session feature.
29
30
  module InstanceMethods
30
31
  private
31
- # Tries to validate the session from information in the session
32
- def persist_by_session
33
- persistence_token, record_id = session_credentials
34
- if !persistence_token.nil?
35
- # Allow finding by persistence token, because when records are created the session is maintained in a before_save, when there is no id.
36
- # This is done for performance reasons and to save on queries.
37
- record = record_id.nil? ?
38
- search_for_record("find_by_persistence_token", persistence_token.to_s) :
39
- search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
40
- self.unauthorized_record = record if record && record.persistence_token == persistence_token
41
- valid?
42
- else
43
- false
32
+
33
+ # Tries to validate the session from information in the session
34
+ def persist_by_session
35
+ persistence_token, record_id = session_credentials
36
+ if !persistence_token.nil?
37
+ record = persist_by_session_search(persistence_token, record_id)
38
+ if record && record.persistence_token == persistence_token
39
+ self.unauthorized_record = record
44
40
  end
41
+ valid?
42
+ else
43
+ false
45
44
  end
45
+ end
46
46
 
47
- def session_credentials
48
- [controller.session[session_key], controller.session["#{session_key}_#{klass.primary_key}"]].collect { |i| i.nil? ? i : i.to_s }.compact
47
+ # Allow finding by persistence token, because when records are created
48
+ # the session is maintained in a before_save, when there is no id.
49
+ # This is done for performance reasons and to save on queries.
50
+ def persist_by_session_search(persistence_token, record_id)
51
+ if record_id.nil?
52
+ search_for_record("find_by_persistence_token", persistence_token.to_s)
53
+ else
54
+ search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
49
55
  end
56
+ end
50
57
 
51
- def session_key
52
- build_key(self.class.session_key)
53
- end
58
+ def session_credentials
59
+ [
60
+ controller.session[session_key],
61
+ controller.session["#{session_key}_#{klass.primary_key}"]
62
+ ].collect { |i| i.nil? ? i : i.to_s }.compact
63
+ end
54
64
 
55
- def update_session
56
- controller.session[session_key] = record && record.persistence_token
57
- controller.session["#{session_key}_#{klass.primary_key}"] = record && record.send(record.class.primary_key)
58
- end
65
+ def session_key
66
+ build_key(self.class.session_key)
67
+ end
68
+
69
+ def update_session
70
+ controller.session[session_key] = record && record.persistence_token
71
+ compound_key = "#{session_key}_#{klass.primary_key}"
72
+ controller.session[compound_key] = record && record.send(record.class.primary_key)
73
+ end
59
74
  end
60
75
  end
61
76
  end
62
- end
77
+ end
@@ -1,7 +1,8 @@
1
1
  module Authlogic
2
2
  module Session
3
- # Think about financial websites, if you are inactive for a certain period of time you will be asked to
4
- # log back in on your next request. You can do this with Authlogic easily, there are 2 parts to this:
3
+ # Think about financial websites, if you are inactive for a certain period
4
+ # of time you will be asked to log back in on your next request. You can do
5
+ # this with Authlogic easily, there are 2 parts to this:
5
6
  #
6
7
  # 1. Define the timeout threshold:
7
8
  #
@@ -15,9 +16,10 @@ module Authlogic
15
16
  # logout_on_timeout true # default if false
16
17
  # end
17
18
  #
18
- # This will require a user to log back in if they are inactive for more than 10 minutes. In order for
19
- # this feature to be used you must have a last_request_at datetime column in your table for whatever model
20
- # you are authenticating with.
19
+ # This will require a user to log back in if they are inactive for more than
20
+ # 10 minutes. In order for this feature to be used you must have a
21
+ # last_request_at datetime column in your table for whatever model you are
22
+ # authenticating with.
21
23
  module Timeout
22
24
  def self.included(klass)
23
25
  klass.class_eval do
@@ -28,22 +30,33 @@ module Authlogic
28
30
  attr_accessor :stale_record
29
31
  end
30
32
  end
31
-
33
+
32
34
  # Configuration for the timeout feature.
33
35
  module Config
34
- # With acts_as_authentic you get a :logged_in_timeout configuration option. If this is set, after this amount of time has passed the user
35
- # will be marked as logged out. Obviously, since web based apps are on a per request basis, we have to define a time limit threshold that
36
- # determines when we consider a user to be "logged out". Meaning, if they login and then leave the website, when do mark them as logged out?
37
- # I recommend just using this as a fun feature on your website or reports, giving you a ballpark number of users logged in and active. This is
38
- # not meant to be a dead accurate representation of a users logged in state, since there is really no real way to do this with web based apps.
39
- # Think about a user that logs in and doesn't log out. There is no action that tells you that the user isn't technically still logged in and
40
- # active.
36
+ # With acts_as_authentic you get a :logged_in_timeout configuration
37
+ # option. If this is set, after this amount of time has passed the user
38
+ # will be marked as logged out. Obviously, since web based apps are on a
39
+ # per request basis, we have to define a time limit threshold that
40
+ # determines when we consider a user to be "logged out". Meaning, if
41
+ # they login and then leave the website, when do mark them as logged
42
+ # out? I recommend just using this as a fun feature on your website or
43
+ # reports, giving you a ballpark number of users logged in and active.
44
+ # This is not meant to be a dead accurate representation of a user's
45
+ # logged in state, since there is really no real way to do this with web
46
+ # based apps. Think about a user that logs in and doesn't log out. There
47
+ # is no action that tells you that the user isn't technically still
48
+ # logged in and active.
41
49
  #
42
- # That being said, you can use that feature to require a new login if their session timesout. Similar to how financial sites work. Just set this option to
43
- # true and if your record returns true for stale? then they will be required to log back in.
50
+ # That being said, you can use that feature to require a new login if
51
+ # their session times out. Similar to how financial sites work. Just set
52
+ # this option to true and if your record returns true for stale? then
53
+ # they will be required to log back in.
44
54
  #
45
- # Lastly, UserSession.find will still return a object is the session is stale, but you will not get a record. This allows you to determine if the
46
- # user needs to log back in because their session went stale, or because they just aren't logged in. Just call current_user_session.stale? as your flag.
55
+ # Lastly, UserSession.find will still return an object if the session is
56
+ # stale, but you will not get a record. This allows you to determine if
57
+ # the user needs to log back in because their session went stale, or
58
+ # because they just aren't logged in. Just call
59
+ # current_user_session.stale? as your flag.
47
60
  #
48
61
  # * <tt>Default:</tt> false
49
62
  # * <tt>Accepts:</tt> Boolean
@@ -52,11 +65,14 @@ module Authlogic
52
65
  end
53
66
  alias_method :logout_on_timeout=, :logout_on_timeout
54
67
  end
55
-
68
+
56
69
  # Instance methods for the timeout feature.
57
70
  module InstanceMethods
58
- # Tells you if the record is stale or not. Meaning the record has timed out. This will only return true if you set logout_on_timeout to true in your configuration.
59
- # Basically how a bank website works. If you aren't active over a certain period of time your session becomes stale and requires you to log back in.
71
+ # Tells you if the record is stale or not. Meaning the record has timed
72
+ # out. This will only return true if you set logout_on_timeout to true
73
+ # in your configuration. Basically how a bank website works. If you
74
+ # aren't active over a certain period of time your session becomes stale
75
+ # and requires you to log back in.
60
76
  def stale?
61
77
  if remember_me?
62
78
  remember_me_expired?
@@ -64,22 +80,23 @@ module Authlogic
64
80
  !stale_record.nil? || (logout_on_timeout? && record && record.logged_out?)
65
81
  end
66
82
  end
67
-
83
+
68
84
  private
69
- def reset_stale_state
70
- self.stale_record = nil
71
- end
72
-
73
- def enforce_timeout
74
- if stale?
75
- self.stale_record = record
76
- self.record = nil
77
- end
78
- end
79
-
80
- def logout_on_timeout?
81
- self.class.logout_on_timeout == true
85
+
86
+ def reset_stale_state
87
+ self.stale_record = nil
88
+ end
89
+
90
+ def enforce_timeout
91
+ if stale?
92
+ self.stale_record = record
93
+ self.record = nil
82
94
  end
95
+ end
96
+
97
+ def logout_on_timeout?
98
+ self.class.logout_on_timeout == true
99
+ end
83
100
  end
84
101
  end
85
102
  end