authlogic 3.4.6 → 4.2.0

data/lib/authlogic/session/perishable_token.rb

@@ -1,18 +1,24 @@
 module Authlogic
   module Session
-    # Maintains the perishable token, which is helpful for confirming records or authorizing records to reset their password. All that this
-    # module does is reset it after a session have been saved, just keep it changing. The more it changes, the tighter the security.
+    # Maintains the perishable token, which is helpful for confirming records or
+    # authorizing records to reset their password. All that this module does is
+    # reset it after a session have been saved, just keep it changing. The more
+    # it changes, the tighter the security.
     #
     # See Authlogic::ActsAsAuthentic::PerishableToken for more information.
     module PerishableToken
       def self.included(klass)
         klass.after_save :reset_perishable_token!
       end
-      
+
       private
-        def reset_perishable_token!
-          record.reset_perishable_token if record.respond_to?(:reset_perishable_token) && !record.disable_perishable_token_maintenance?
+
+      def reset_perishable_token!
+        if record.respond_to?(:reset_perishable_token) &&
+            !record.disable_perishable_token_maintenance?
+          record.reset_perishable_token
         end
+      end
     end
   end
-end
+end

data/lib/authlogic/session/persistence.rb

@@ -8,11 +8,12 @@ module Authlogic
           include InstanceMethods
         end
       end
-      
+
       module ClassMethods
-        # This is how you persist a session. This finds the record for the current session using
-        # a variety of methods. It basically tries to "log in" the user without the user having
-        # to explicitly log in. Check out the other Authlogic::Session modules for more information.
+        # This is how you persist a session. This finds the record for the
+        # current session using a variety of methods. It basically tries to "log
+        # in" the user without the user having to explicitly log in. Check out
+        # the other Authlogic::Session modules for more information.
         #
         # The best way to use this method is something like:
         #
@@ -28,30 +29,35 @@ module Authlogic
         #     @current_user = current_user_session && current_user_session.user
         #   end
         #
-        # Also, this method accepts a single parameter as the id, to find session that you marked with an id:
+        # Also, this method accepts a single parameter as the id, to find
+        # session that you marked with an id:
         #
         #   UserSession.find(:secure)
         #
         # See the id method for more information on ids.
         def find(id = nil, priority_record = nil)
-          session = new({:priority_record => priority_record}, id)
+          session = new({ priority_record: priority_record }, id)
           session.priority_record = priority_record
           if session.persisting?
             session
-          else
-            nil
           end
         end
       end
-      
+
       module InstanceMethods
-        # Let's you know if the session is being persisted or not, meaning the user does not have to explicitly log in
-        # in order to be logged in. If the session has no associated record, it will try to find a record and persist
-        # the session. This is the method that the class level method find uses to ultimately persist the session.
+        # Returns boolean indicating if the session is being persisted or not,
+        # meaning the user does not have to explicitly log in in order to be
+        # logged in.
+        #
+        # If the session has no associated record, it will try to find a record
+        # and persist the session.
+        #
+        # This is the method that the class level method find uses to ultimately
+        # persist the session.
         def persisting?
-          return true if !record.nil?
+          return true unless record.nil?
           self.attempted_record = nil
-          self.remember_me = !cookie_credentials.nil? && !cookie_credentials[2].nil?
+          self.remember_me = cookie_credentials_remember_me?
           before_persisting
           persist
           ensure_authentication_attempted

data/lib/authlogic/session/priority_record.rb

@@ -1,16 +1,19 @@
 module Authlogic
   module Session
-    # The point of this module is to avoid the StaleObjectError raised when lock_version is implemented in ActiveRecord.
-    # We accomplish this by using a "priority record". Meaning this record is used if possible, it gets priority.
-    # This way we don't save a record behind the scenes thus making an object being used stale.
+    # The point of this module is to avoid the StaleObjectError raised when
+    # lock_version is implemented in ActiveRecord. We accomplish this by using a
+    # "priority record". Meaning this record is used if possible, it gets
+    # priority. This way we don't save a record behind the scenes thus making an
+    # object being used stale.
     module PriorityRecord
       def self.included(klass)
         klass.class_eval do
           attr_accessor :priority_record
         end
       end
-      
-      # Setting priority record if it is passed. The only way it can be passed is through an array:
+
+      # Setting priority record if it is passed. The only way it can be passed
+      # is through an array:
       #
       #   session.credentials = [real_user_object, priority_user_object]
       def credentials=(value)
@@ -18,17 +21,18 @@ module Authlogic
         values = value.is_a?(Array) ? value : [value]
         self.priority_record = values[1] if values[1].class < ::ActiveRecord::Base
       end
-      
+
       private
-        def attempted_record=(value)
-          value = priority_record if value == priority_record
-          super
-        end
-        
-        def save_record(alternate_record = nil)
-          r = alternate_record || record
-          super if r != priority_record
-        end
+
+      def attempted_record=(value)
+        value = priority_record if value == priority_record
+        super
+      end
+
+      def save_record(alternate_record = nil)
+        r = alternate_record || record
+        super if r != priority_record
+      end
     end
   end
-end
+end

data/lib/authlogic/session/scopes.rb

@@ -1,11 +1,14 @@
-require 'request_store'
+require "request_store"
 
 module Authlogic
   module Session
-    # Authentication can be scoped, and it's easy, you just need to define how you want to scope everything. This should help you:
+    # Authentication can be scoped, and it's easy, you just need to define how you want to
+    # scope everything. This should help you:
     #
-    # 1. Want to scope by a parent object? Ex: An account has many users. Checkout Authlogic::AuthenticatesMany
-    # 2. Want to scope the validations in your model? Ex: 2 users can have the same login under different accounts. See Authlogic::ActsAsAuthentic::Scope
+    # 1. Want to scope by a parent object? Ex: An account has many users.
+    #    Checkout Authlogic::AuthenticatesMany
+    # 2. Want to scope the validations in your model? Ex: 2 users can have the same login
+    #    under different accounts. See Authlogic::ActsAsAuthentic::Scope
     module Scopes # :nodoc:
       def self.included(klass)
         klass.class_eval do
@@ -22,27 +25,39 @@ module Authlogic
           RequestStore.store[:authlogic_scope]
         end
 
-        # What with_scopes focuses on is scoping the query when finding the object and the name of the cookie / session. It works very similar to
-        # ActiveRecord::Base#with_scopes. It accepts a hash with any of the following options:
+        # What with_scopes focuses on is scoping the query when finding the
+        # object and the name of the cookie / session. It works very similar to
+        # ActiveRecord::Base#with_scopes. It accepts a hash with any of the
+        # following options:
         #
-        # * <tt>find_options:</tt> any options you can pass into ActiveRecord::Base.find. This is used when trying to find the record.
-        # * <tt>id:</tt> The id of the session, this gets merged with the real id. For information ids see the id method.
+        # * <tt>find_options:</tt> any options you can pass into ActiveRecord::Base.find.
+        #   This is used when trying to find the record.
+        # * <tt>id:</tt> The id of the session, this gets merged with the real id. For
+        #   information ids see the id method.
         #
         # Here is how you use it:
         #
-        #   UserSession.with_scope(:find_options => {:conditions => "account_id = 2"}, :id => "account_2") do
-        #     UserSession.find
-        #   end
+        # ```
+        # UserSession.with_scope(find_options: {conditions: "account_id = 2"}, id: "account_2") do
+        #   UserSession.find
+        # end
+        # ```
         #
-        # Eseentially what the above does is scope the searching of the object with the sql you provided. So instead of:
+        # Essentially what the above does is scope the searching of the object
+        # with the sql you provided. So instead of:
         #
-        #   User.where("login = 'ben'").first
+        # ```
+        # User.where("login = 'ben'").first
+        # ```
         #
         # it would be:
         #
-        #   User.where("login = 'ben' and account_id = 2").first
+        # ```
+        # User.where("login = 'ben' and account_id = 2").first
+        # ```
         #
-        # You will also notice the :id option. This works just like the id method. It scopes your cookies. So the name of your cookie will be:
+        # You will also notice the :id option. This works just like the id
+        # method. It scopes your cookies. So the name of your cookie will be:
         #
         #   account_2_user_credentials
         #
@@ -50,9 +65,13 @@ module Authlogic
         #
         #   user_credentials
         #
-        # What is also nifty about scoping with an :id is that it merges your id's. So if you do:
+        # What is also nifty about scoping with an :id is that it merges your
+        # id's. So if you do:
         #
-        #   UserSession.with_scope(:find_options => {:conditions => "account_id = 2"}, :id => "account_2") do
+        #   UserSession.with_scope(
+        #     find_options: { conditions: "account_id = 2"},
+        #     id: "account_2"
+        #   ) do
         #     session = UserSession.new
         #     session.id = :secure
         #   end
@@ -60,7 +79,7 @@ module Authlogic
         # The name of your cookies will be:
         #
         #   secure_account_2_user_credentials
-        def with_scope(options = {}, &block)
+        def with_scope(options = {})
           raise ArgumentError.new("You must provide a block") unless block_given?
           self.scope = options
           result = yield
@@ -69,9 +88,10 @@ module Authlogic
         end
 
         private
-          def scope=(value)
-            RequestStore.store[:authlogic_scope] = value
-          end
+
+        def scope=(value)
+          RequestStore.store[:authlogic_scope] = value
+        end
       end
 
       module InstanceMethods
@@ -87,21 +107,31 @@ module Authlogic
         end
 
         private
-          # Used for things like cookie_key, session_key, etc.
-          def build_key(last_part)
-            [scope[:id], super].compact.join("_")
+
+        # Used for things like cookie_key, session_key, etc.
+        def build_key(last_part)
+          [scope[:id], super].compact.join("_")
+        end
+
+        # `args[0]` is the name of an AR method, like
+        # `find_by_single_access_token`.
+        def search_for_record(*args)
+          search_scope.scoping do
+            klass.send(*args)
           end
+        end
 
-          def search_for_record(*args)
-            session_scope = if scope[:find_options].is_a?(ActiveRecord::Relation)
-              scope[:find_options]
-            else
-              klass.send(:where, scope[:find_options] && scope[:find_options][:conditions] || {})
-            end
-            session_scope.scoping do
-              klass.send(*args)
-            end
+        # Returns an AR relation representing the scope of the search. The
+        # relation is either provided directly by, or defined by
+        # `find_options`.
+        def search_scope
+          if scope[:find_options].is_a?(ActiveRecord::Relation)
+            scope[:find_options]
+          else
+            conditions = scope[:find_options] && scope[:find_options][:conditions] || {}
+            klass.send(:where, conditions)
           end
+        end
       end
     end
   end

data/lib/authlogic/session/session.rb

@@ -1,6 +1,7 @@
 module Authlogic
   module Session
-    # Handles all parts of authentication that deal with sessions. Such as persisting a session and saving / destroy a session.
+    # Handles all parts of authentication that deal with sessions. Such as persisting a
+    # session and saving / destroy a session.
     module Session
       def self.included(klass)
         klass.class_eval do
@@ -9,7 +10,7 @@ module Authlogic
           persist :persist_by_session
           after_save :update_session
           after_destroy :update_session
-          after_persisting :update_session, :unless => :single_access?
+          after_persisting :update_session, unless: :single_access?
         end
       end
 
@@ -28,35 +29,49 @@ module Authlogic
       # Instance methods for the session feature.
       module InstanceMethods
         private
-          # Tries to validate the session from information in the session
-          def persist_by_session
-            persistence_token, record_id = session_credentials
-            if !persistence_token.nil?
-              # Allow finding by persistence token, because when records are created the session is maintained in a before_save, when there is no id.
-              # This is done for performance reasons and to save on queries.
-              record = record_id.nil? ?
-                search_for_record("find_by_persistence_token", persistence_token.to_s) :
-                search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
-              self.unauthorized_record = record if record && record.persistence_token == persistence_token
-              valid?
-            else
-              false
+
+        # Tries to validate the session from information in the session
+        def persist_by_session
+          persistence_token, record_id = session_credentials
+          if !persistence_token.nil?
+            record = persist_by_session_search(persistence_token, record_id)
+            if record && record.persistence_token == persistence_token
+              self.unauthorized_record = record
             end
+            valid?
+          else
+            false
           end
+        end
 
-          def session_credentials
-            [controller.session[session_key], controller.session["#{session_key}_#{klass.primary_key}"]].collect { |i| i.nil? ? i : i.to_s }.compact
+        # Allow finding by persistence token, because when records are created
+        # the session is maintained in a before_save, when there is no id.
+        # This is done for performance reasons and to save on queries.
+        def persist_by_session_search(persistence_token, record_id)
+          if record_id.nil?
+            search_for_record("find_by_persistence_token", persistence_token.to_s)
+          else
+            search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
           end
+        end
 
-          def session_key
-            build_key(self.class.session_key)
-          end
+        def session_credentials
+          [
+            controller.session[session_key],
+            controller.session["#{session_key}_#{klass.primary_key}"]
+          ].collect { |i| i.nil? ? i : i.to_s }.compact
+        end
 
-          def update_session
-            controller.session[session_key] = record && record.persistence_token
-            controller.session["#{session_key}_#{klass.primary_key}"] = record && record.send(record.class.primary_key)
-          end
+        def session_key
+          build_key(self.class.session_key)
+        end
+
+        def update_session
+          controller.session[session_key] = record && record.persistence_token
+          compound_key = "#{session_key}_#{klass.primary_key}"
+          controller.session[compound_key] = record && record.send(record.class.primary_key)
+        end
       end
     end
   end
-end
+end

data/lib/authlogic/session/timeout.rb

@@ -1,7 +1,8 @@
 module Authlogic
   module Session
-    # Think about financial websites, if you are inactive for a certain period of time you will be asked to
-    # log back in on your next request. You can do this with Authlogic easily, there are 2 parts to this:
+    # Think about financial websites, if you are inactive for a certain period
+    # of time you will be asked to log back in on your next request. You can do
+    # this with Authlogic easily, there are 2 parts to this:
     #
     # 1. Define the timeout threshold:
     #
@@ -15,9 +16,10 @@ module Authlogic
     #     logout_on_timeout true # default if false
     #   end
     #
-    # This will require a user to log back in if they are inactive for more than 10 minutes. In order for
-    # this feature to be used you must have a last_request_at datetime column in your table for whatever model
-    # you are authenticating with.
+    # This will require a user to log back in if they are inactive for more than
+    # 10 minutes. In order for this feature to be used you must have a
+    # last_request_at datetime column in your table for whatever model you are
+    # authenticating with.
     module Timeout
       def self.included(klass)
         klass.class_eval do
@@ -28,22 +30,33 @@ module Authlogic
           attr_accessor :stale_record
         end
       end
-      
+
       # Configuration for the timeout feature.
       module Config
-        # With acts_as_authentic you get a :logged_in_timeout configuration option. If this is set, after this amount of time has passed the user
-        # will be marked as logged out. Obviously, since web based apps are on a per request basis, we have to define a time limit threshold that
-        # determines when we consider a user to be "logged out". Meaning, if they login and then leave the website, when do mark them as logged out?
-        # I recommend just using this as a fun feature on your website or reports, giving you a ballpark number of users logged in and active. This is
-        # not meant to be a dead accurate representation of a users logged in state, since there is really no real way to do this with web based apps.
-        # Think about a user that logs in and doesn't log out. There is no action that tells you that the user isn't technically still logged in and
-        # active.
+        # With acts_as_authentic you get a :logged_in_timeout configuration
+        # option. If this is set, after this amount of time has passed the user
+        # will be marked as logged out. Obviously, since web based apps are on a
+        # per request basis, we have to define a time limit threshold that
+        # determines when we consider a user to be "logged out". Meaning, if
+        # they login and then leave the website, when do mark them as logged
+        # out? I recommend just using this as a fun feature on your website or
+        # reports, giving you a ballpark number of users logged in and active.
+        # This is not meant to be a dead accurate representation of a user's
+        # logged in state, since there is really no real way to do this with web
+        # based apps. Think about a user that logs in and doesn't log out. There
+        # is no action that tells you that the user isn't technically still
+        # logged in and active.
         #
-        # That being said, you can use that feature to require a new login if their session timesout. Similar to how financial sites work. Just set this option to
-        # true and if your record returns true for stale? then they will be required to log back in.
+        # That being said, you can use that feature to require a new login if
+        # their session times out. Similar to how financial sites work. Just set
+        # this option to true and if your record returns true for stale? then
+        # they will be required to log back in.
         #
-        # Lastly, UserSession.find will still return a object is the session is stale, but you will not get a record. This allows you to determine if the
-        # user needs to log back in because their session went stale, or because they just aren't logged in. Just call current_user_session.stale? as your flag.
+        # Lastly, UserSession.find will still return an object if the session is
+        # stale, but you will not get a record. This allows you to determine if
+        # the user needs to log back in because their session went stale, or
+        # because they just aren't logged in. Just call
+        # current_user_session.stale? as your flag.
         #
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
@@ -52,11 +65,14 @@ module Authlogic
         end
         alias_method :logout_on_timeout=, :logout_on_timeout
       end
-      
+
       # Instance methods for the timeout feature.
       module InstanceMethods
-        # Tells you if the record is stale or not. Meaning the record has timed out. This will only return true if you set logout_on_timeout to true in your configuration.
-        # Basically how a bank website works. If you aren't active over a certain period of time your session becomes stale and requires you to log back in.
+        # Tells you if the record is stale or not. Meaning the record has timed
+        # out. This will only return true if you set logout_on_timeout to true
+        # in your configuration. Basically how a bank website works. If you
+        # aren't active over a certain period of time your session becomes stale
+        # and requires you to log back in.
         def stale?
           if remember_me?
             remember_me_expired?
@@ -64,22 +80,23 @@ module Authlogic
             !stale_record.nil? || (logout_on_timeout? && record && record.logged_out?)
           end
         end
-    
+
         private
-          def reset_stale_state
-            self.stale_record = nil
-          end
-          
-          def enforce_timeout
-            if stale?
-              self.stale_record = record
-              self.record = nil
-            end
-          end
-          
-          def logout_on_timeout?
-            self.class.logout_on_timeout == true
+
+        def reset_stale_state
+          self.stale_record = nil
+        end
+
+        def enforce_timeout
+          if stale?
+            self.stale_record = record
+            self.record = nil
           end
+        end
+
+        def logout_on_timeout?
+          self.class.logout_on_timeout == true
+        end
       end
     end
   end