authlogic 3.4.6 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (140) hide show
  1. checksums.yaml +5 -5
  2. data/.github/ISSUE_TEMPLATE.md +13 -0
  3. data/.github/triage.md +87 -0
  4. data/.gitignore +4 -0
  5. data/.rubocop.yml +127 -0
  6. data/.rubocop_todo.yml +65 -0
  7. data/.travis.yml +18 -10
  8. data/CHANGELOG.md +156 -6
  9. data/CONTRIBUTING.md +71 -3
  10. data/Gemfile +2 -2
  11. data/README.md +386 -0
  12. data/Rakefile +13 -7
  13. data/UPGRADING.md +22 -0
  14. data/authlogic.gemspec +33 -22
  15. data/lib/authlogic.rb +60 -52
  16. data/lib/authlogic/acts_as_authentic/base.rb +40 -26
  17. data/lib/authlogic/acts_as_authentic/email.rb +96 -32
  18. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +36 -12
  19. data/lib/authlogic/acts_as_authentic/login.rb +114 -49
  20. data/lib/authlogic/acts_as_authentic/magic_columns.rb +17 -6
  21. data/lib/authlogic/acts_as_authentic/password.rb +296 -139
  22. data/lib/authlogic/acts_as_authentic/perishable_token.rb +34 -20
  23. data/lib/authlogic/acts_as_authentic/persistence_token.rb +20 -24
  24. data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +67 -0
  25. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +68 -23
  26. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +128 -85
  27. data/lib/authlogic/acts_as_authentic/single_access_token.rb +41 -25
  28. data/lib/authlogic/acts_as_authentic/validations_scope.rb +8 -8
  29. data/lib/authlogic/authenticates_many/association.rb +22 -14
  30. data/lib/authlogic/authenticates_many/base.rb +35 -16
  31. data/lib/authlogic/config.rb +10 -10
  32. data/lib/authlogic/controller_adapters/abstract_adapter.rb +40 -12
  33. data/lib/authlogic/controller_adapters/rack_adapter.rb +15 -8
  34. data/lib/authlogic/controller_adapters/rails_adapter.rb +42 -22
  35. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +3 -3
  36. data/lib/authlogic/crypto_providers.rb +91 -0
  37. data/lib/authlogic/crypto_providers/aes256.rb +42 -14
  38. data/lib/authlogic/crypto_providers/bcrypt.rb +35 -20
  39. data/lib/authlogic/crypto_providers/md5.rb +11 -9
  40. data/lib/authlogic/crypto_providers/scrypt.rb +26 -13
  41. data/lib/authlogic/crypto_providers/sha1.rb +14 -8
  42. data/lib/authlogic/crypto_providers/sha256.rb +16 -12
  43. data/lib/authlogic/crypto_providers/sha512.rb +8 -24
  44. data/lib/authlogic/crypto_providers/wordpress.rb +44 -15
  45. data/lib/authlogic/i18n.rb +33 -20
  46. data/lib/authlogic/i18n/translator.rb +1 -1
  47. data/lib/authlogic/random.rb +12 -29
  48. data/lib/authlogic/regex.rb +59 -27
  49. data/lib/authlogic/session/activation.rb +36 -23
  50. data/lib/authlogic/session/active_record_trickery.rb +13 -10
  51. data/lib/authlogic/session/base.rb +20 -8
  52. data/lib/authlogic/session/brute_force_protection.rb +87 -56
  53. data/lib/authlogic/session/callbacks.rb +99 -49
  54. data/lib/authlogic/session/cookies.rb +128 -59
  55. data/lib/authlogic/session/existence.rb +29 -19
  56. data/lib/authlogic/session/foundation.rb +70 -16
  57. data/lib/authlogic/session/http_auth.rb +39 -31
  58. data/lib/authlogic/session/id.rb +27 -15
  59. data/lib/authlogic/session/klass.rb +17 -13
  60. data/lib/authlogic/session/magic_columns.rb +78 -59
  61. data/lib/authlogic/session/magic_states.rb +50 -27
  62. data/lib/authlogic/session/params.rb +79 -50
  63. data/lib/authlogic/session/password.rb +197 -118
  64. data/lib/authlogic/session/perishable_token.rb +12 -6
  65. data/lib/authlogic/session/persistence.rb +20 -14
  66. data/lib/authlogic/session/priority_record.rb +20 -16
  67. data/lib/authlogic/session/scopes.rb +63 -33
  68. data/lib/authlogic/session/session.rb +40 -25
  69. data/lib/authlogic/session/timeout.rb +51 -34
  70. data/lib/authlogic/session/unauthorized_record.rb +24 -18
  71. data/lib/authlogic/session/validation.rb +32 -21
  72. data/lib/authlogic/test_case.rb +123 -35
  73. data/lib/authlogic/test_case/mock_controller.rb +14 -13
  74. data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -5
  75. data/lib/authlogic/test_case/mock_logger.rb +1 -1
  76. data/lib/authlogic/test_case/mock_request.rb +9 -4
  77. data/lib/authlogic/test_case/rails_request_adapter.rb +8 -7
  78. data/lib/authlogic/version.rb +21 -0
  79. data/test/acts_as_authentic_test/base_test.rb +1 -1
  80. data/test/acts_as_authentic_test/email_test.rb +80 -63
  81. data/test/acts_as_authentic_test/logged_in_status_test.rb +14 -8
  82. data/test/acts_as_authentic_test/login_test.rb +91 -49
  83. data/test/acts_as_authentic_test/magic_columns_test.rb +13 -13
  84. data/test/acts_as_authentic_test/password_test.rb +82 -60
  85. data/test/acts_as_authentic_test/perishable_token_test.rb +31 -25
  86. data/test/acts_as_authentic_test/persistence_token_test.rb +9 -5
  87. data/test/acts_as_authentic_test/restful_authentication_test.rb +18 -9
  88. data/test/acts_as_authentic_test/session_maintenance_test.rb +86 -22
  89. data/test/acts_as_authentic_test/single_access_test.rb +15 -15
  90. data/test/adapter_test.rb +21 -0
  91. data/test/authenticates_many_test.rb +26 -11
  92. data/test/config_test.rb +9 -9
  93. data/test/crypto_provider_test/aes256_test.rb +3 -3
  94. data/test/crypto_provider_test/bcrypt_test.rb +1 -1
  95. data/test/crypto_provider_test/scrypt_test.rb +2 -2
  96. data/test/crypto_provider_test/sha1_test.rb +4 -4
  97. data/test/crypto_provider_test/sha256_test.rb +2 -2
  98. data/test/crypto_provider_test/sha512_test.rb +3 -3
  99. data/test/crypto_provider_test/wordpress_test.rb +24 -0
  100. data/test/gemfiles/Gemfile.rails-4.2.x +2 -2
  101. data/test/gemfiles/Gemfile.rails-5.0.x +6 -0
  102. data/test/gemfiles/Gemfile.rails-5.1.x +6 -0
  103. data/test/gemfiles/Gemfile.rails-5.2.x +6 -0
  104. data/test/gemfiles/Gemfile.rails-master +6 -0
  105. data/test/i18n_test.rb +9 -9
  106. data/test/libs/affiliate.rb +2 -2
  107. data/test/libs/company.rb +4 -4
  108. data/test/libs/employee.rb +2 -2
  109. data/test/libs/employee_session.rb +1 -1
  110. data/test/libs/ldaper.rb +1 -1
  111. data/test/libs/project.rb +1 -1
  112. data/test/libs/user_session.rb +2 -2
  113. data/test/random_test.rb +9 -38
  114. data/test/session_test/activation_test.rb +7 -7
  115. data/test/session_test/active_record_trickery_test.rb +9 -6
  116. data/test/session_test/brute_force_protection_test.rb +26 -21
  117. data/test/session_test/callbacks_test.rb +10 -4
  118. data/test/session_test/cookies_test.rb +54 -20
  119. data/test/session_test/existence_test.rb +45 -23
  120. data/test/session_test/foundation_test.rb +17 -1
  121. data/test/session_test/http_auth_test.rb +11 -12
  122. data/test/session_test/id_test.rb +3 -3
  123. data/test/session_test/klass_test.rb +2 -2
  124. data/test/session_test/magic_columns_test.rb +15 -17
  125. data/test/session_test/magic_states_test.rb +17 -19
  126. data/test/session_test/params_test.rb +26 -20
  127. data/test/session_test/password_test.rb +11 -12
  128. data/test/session_test/perishability_test.rb +5 -5
  129. data/test/session_test/persistence_test.rb +4 -3
  130. data/test/session_test/scopes_test.rb +15 -9
  131. data/test/session_test/session_test.rb +7 -6
  132. data/test/session_test/timeout_test.rb +16 -14
  133. data/test/session_test/unauthorized_record_test.rb +3 -3
  134. data/test/session_test/validation_test.rb +5 -5
  135. data/test/test_helper.rb +115 -49
  136. metadata +107 -36
  137. data/README.rdoc +0 -232
  138. data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
  139. data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
  140. data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
@@ -1,10 +1,78 @@
1
+ # Contributing to Authlogic
2
+
3
+ ## Issues
4
+
5
+ ### Security Issues
6
+
7
+ **Do not disclose security issues in public.** Instead, please email:
8
+
9
+ ```
10
+ Ben Johnson <bjohnson@binarylogic.com>,
11
+ Tieg Zaharia <tieg.zaharia@gmail.com>
12
+ Jared Beck <jared@jaredbeck.com>
13
+ ```
14
+
15
+ We will review security issues promptly.
16
+
17
+ ### Non-Security Issues
18
+
19
+ Please use github issues only for bug reports and feature requests.
20
+
21
+ ### Usage Questions
22
+
23
+ Please ask usage questions on
24
+ [stackoverflow](http://stackoverflow.com/questions/tagged/authlogic).
25
+
26
+ ## Development
27
+
28
+ Most local development should be done using the oldest supported version of
29
+ ruby. See `required_ruby_version` in the gemspec.
1
30
 
2
31
  ### Testing
3
32
 
4
- Tests can be ran against different versions of Rails like so:
33
+ Tests can be run against different versions of Rails like so:
5
34
 
6
35
  ```
7
- BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-3.2.x bundle install
8
- BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-3.2.x bundle exec rake test
36
+ BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-4.2.x bundle install
37
+ BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-4.2.x bundle exec rake
38
+ ```
39
+
40
+ To run a single test:
41
+
9
42
  ```
43
+ BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-4.2.x \
44
+ bundle exec ruby -I test path/to/test.rb
45
+ ```
46
+
47
+ Bundler can be omitted, and the latest installed version of a gem dependency
48
+ will be used. This is only suitable for certain unit tests.
49
+
50
+ ```
51
+ ruby –I test path/to/test.rb
52
+ ```
53
+
54
+ ### Linting
55
+
56
+ Running `rake` also runs a linter, rubocop. Contributions must pass both
57
+ the linter and the tests. The linter can be run on its own.
58
+
59
+ ```
60
+ BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-4.2.x bundle exec rubocop
61
+ ```
62
+
63
+ To run the tests without linting, use `rake test`.
64
+
65
+ ```
66
+ BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-4.2.x bundle exec rake test
67
+ ```
68
+
69
+ ### Release
10
70
 
71
+ 1. Update version number in lib/authlogic/version.rb
72
+ 1. Add release date to changelog entry
73
+ 1. Add a new "Unreleased" section at top of changelog
74
+ 1. Commit with message like "Release 3.6.0"
75
+ 1. git tag -a -m "v3.6.0" "v3.6.0" # or whatever number
76
+ 1. git push --tags origin 3-stable # or whatever branch
77
+ 1. gem build authlogic.gemspec
78
+ 1. gem push authlogic-3.6.0
data/Gemfile CHANGED
@@ -1,5 +1,5 @@
1
1
  source "https://rubygems.org"
2
2
  gemspec
3
3
 
4
- gem 'activerecord-jdbcsqlite3-adapter', :platforms => :jruby
5
- gem 'sqlite3', :platforms => :ruby
4
+ gem "activerecord-jdbcsqlite3-adapter", platforms: :jruby
5
+ gem "sqlite3", platforms: :ruby
@@ -0,0 +1,386 @@
1
+ # Authlogic
2
+
3
+ A clean, simple, and unobtrusive ruby authentication solution.
4
+
5
+ [![Gem Version][5]][6] [![Build Status][1]][2] [![Code Climate][7]][8] [![Dependency Status][3]][4]
6
+
7
+ ## Sponsors
8
+
9
+ [![Timber Logging](http://res.cloudinary.com/timber/image/upload/v1490556810/pricing/sponsorship.png)](https://timber.io?utm_source=github&utm_medium=authlogic)
10
+
11
+ [Tail Authlogic users](https://timber.io/docs/app/console/tail-a-user) in your logs!
12
+
13
+ ## Documentation
14
+
15
+ | Version | Documentation |
16
+ | ----------- | ------------- |
17
+ | Unreleased | https://github.com/binarylogic/authlogic/blob/master/README.md |
18
+ | 3.7.0 | https://github.com/binarylogic/authlogic/blob/v3.7.0/README.md |
19
+ | 2.1.11 | https://github.com/binarylogic/authlogic/blob/v2.1.11/README.rdoc |
20
+ | 1.4.3 | https://github.com/binarylogic/authlogic/blob/v1.4.3/README.rdoc |
21
+
22
+ ## Table of Contents
23
+
24
+ - [1. Introduction](#1-introduction)
25
+ - [1.a. Compatibility](#1a-compatibility)
26
+ - [1.b. Overview](#1b-overview)
27
+ - [1.c. Reference Documentation](#1c-reference-documentation)
28
+ - [2. Rails](#2-rails)
29
+ - [2.a. The users table](#2a-the-users-table)
30
+ - [2.b. Controller](#2b-controller)
31
+ - [2.c. View](#2c-view)
32
+ - [2.d. CSRF Protection](#2d-csrf-protection)
33
+ - [3. Testing](#3-testing)
34
+ - [4. Helpful links](#4-helpful-links)
35
+ - [5. Add-ons](#5-add-ons)
36
+ - [6. Internals](#6-internals)
37
+
38
+ ## 1. Introduction
39
+
40
+ ### 1.a. Compatibility
41
+
42
+ | Version | branches | tag | ruby | activerecord |
43
+ | ---------- | ---------------- | ------- | -------- | ------------- |
44
+ | Unreleased | master, 4-stable | | >= 2.2.0 | >= 4.2, < 5.3 |
45
+ | 3 | 3-stable | v3.6.0 | >= 1.9.3 | >= 3.2, < 5.2 |
46
+ | 2 | rails2 | v2.1.11 | >= 1.9.3 | ~> 2.3.0 |
47
+ | 1 | ? | v1.4.3 | ? | ? |
48
+
49
+ ### 1.b. Overview
50
+
51
+ Authlogic introduces a new type of model. You can have as many as you want, and
52
+ name them whatever you want, just like your other models. In this example, we
53
+ want to authenticate with our `User` model, which is inferred from the name:
54
+
55
+ ```ruby
56
+ class UserSession < Authlogic::Session::Base
57
+ # specify configuration here, such as:
58
+ # logout_on_timeout true
59
+ # ...many more options in the documentation
60
+ end
61
+ ```
62
+
63
+ In a `UserSessionsController`, login the user by using it just like your other models:
64
+
65
+ ```ruby
66
+ UserSession.create(:login => "bjohnson", :password => "my password", :remember_me => true)
67
+
68
+ session = UserSession.new(:login => "bjohnson", :password => "my password", :remember_me => true)
69
+ session.save
70
+
71
+ # requires the authlogic-oid "add on" gem
72
+ UserSession.create(:openid_identifier => "identifier", :remember_me => true)
73
+
74
+ # skip authentication and log the user in directly, the true means "remember me"
75
+ UserSession.create(my_user_object, true)
76
+ ```
77
+
78
+ The above handles the entire authentication process for you by:
79
+
80
+ 1. authenticating (i.e. **validating** the record)
81
+ 2. sets up the proper session values and cookies to persist the session (i.e. **saving** the record).
82
+
83
+ You can also log out (i.e. **destroying** the session):
84
+
85
+ ``` ruby
86
+ session.destroy
87
+ ```
88
+
89
+ After a session has been created, you can persist it (i.e. **finding** the
90
+ record) across requests. Thus keeping the user logged in:
91
+
92
+ ``` ruby
93
+ session = UserSession.find
94
+ ```
95
+
96
+ To get all of the nice authentication functionality in your model just do this:
97
+
98
+ ```ruby
99
+ class User < ActiveRecord::Base
100
+ acts_as_authentic do |c|
101
+ c.my_config_option = my_value
102
+ end # the configuration block is optional
103
+ end
104
+ ```
105
+
106
+ This handles validations, etc. It is also "smart" in the sense that it if a
107
+ login field is present it will use that to authenticate, if not it will look for
108
+ an email field, etc. This is all configurable, but for 99% of cases that above
109
+ is all you will need to do.
110
+
111
+ You may specify how passwords are cryptographically hashed (or encrypted) by
112
+ setting the Authlogic::CryptoProvider option:
113
+
114
+ ``` ruby
115
+ c.crypto_provider = Authlogic::CryptoProviders::BCrypt
116
+ ```
117
+
118
+ You may validate international email addresses by enabling the provided alternate regex:
119
+
120
+ ``` ruby
121
+ c.validates_format_of_email_field_options = {:with => Authlogic::Regex.email_nonascii}
122
+ ```
123
+
124
+ Also, sessions are automatically maintained. You can switch this on and off with
125
+ configuration, but the following will automatically log a user in after a
126
+ successful registration:
127
+
128
+ ``` ruby
129
+ User.create(params[:user])
130
+ ```
131
+
132
+ You can switch this on and off with the following configuration:
133
+
134
+ ```ruby
135
+ class User < ActiveRecord::Base
136
+ acts_as_authentic do |c|
137
+ c.log_in_after_create = false
138
+ end # the configuration block is optional
139
+ end
140
+ ```
141
+
142
+ Authlogic also updates the session when the user changes his/her password. You can also switch this on and off with the following configuration:
143
+
144
+ ```ruby
145
+ class User < ActiveRecord::Base
146
+ acts_as_authentic do |c|
147
+ c.log_in_after_password_change = false
148
+ end # the configuration block is optional
149
+ end
150
+ ```
151
+
152
+ Authlogic is very flexible, it has a strong public API and a plethora of hooks
153
+ to allow you to modify behavior and extend it. Check out the helpful links below
154
+ to dig deeper.
155
+
156
+ ### 1.c. Reference Documentation
157
+
158
+ This README is just an introduction, but we also have [reference
159
+ documentation](http://www.rubydoc.info/github/binarylogic/authlogic).
160
+
161
+ **To use the reference documentation, you must understand how Authlogic's
162
+ code is organized.** There are 2 models, your Authlogic model and your
163
+ ActiveRecord model:
164
+
165
+ 1. **Authlogic::Session**, your session models that
166
+ extend `Authlogic::Session::Base`.
167
+ 2. **Authlogic::ActsAsAuthentic**, which adds in functionality to your
168
+ ActiveRecord model when you call `acts_as_authentic`.
169
+
170
+ Each of the above has various modules that are organized by topic: passwords,
171
+ cookies, etc. For example, if you want to timeout users after a certain period
172
+ of inactivity, you would look in `Authlogic::Session::Timeout`.
173
+
174
+ ## 2. Rails
175
+
176
+ Let's walk through a typical rails setup.
177
+
178
+ ### 2.a. The users table
179
+
180
+ If you want to enable all the features of Authlogic, a migration to create a
181
+ `User` model might look like this:
182
+
183
+ ``` ruby
184
+ class CreateUser < ActiveRecord::Migration
185
+ def change
186
+ create_table :users do |t|
187
+ # Authlogic::ActsAsAuthentic::Email
188
+ t.string :email
189
+
190
+ # Authlogic::ActsAsAuthentic::Password
191
+ t.string :crypted_password
192
+ t.string :password_salt
193
+
194
+ # Authlogic::ActsAsAuthentic::PersistenceToken
195
+ t.string :persistence_token
196
+ t.index :persistence_token, unique: true
197
+
198
+ # Authlogic::ActsAsAuthentic::SingleAccessToken
199
+ t.string :single_access_token
200
+ t.index :single_access_token, unique: true
201
+
202
+ # Authlogic::ActsAsAuthentic::PerishableToken
203
+ t.string :perishable_token
204
+ t.index :perishable_token, unique: true
205
+
206
+ # Authlogic::Session::MagicColumns
207
+ t.integer :login_count, default: 0, null: false
208
+ t.integer :failed_login_count, default: 0, null: false
209
+ t.datetime :last_request_at
210
+ t.datetime :current_login_at
211
+ t.datetime :last_login_at
212
+ t.string :current_login_ip
213
+ t.string :last_login_ip
214
+
215
+ # Authlogic::Session::MagicStates
216
+ t.boolean :active, default: false
217
+ t.boolean :approved, default: false
218
+ t.boolean :confirmed, default: false
219
+
220
+ t.timestamps
221
+ end
222
+ end
223
+ end
224
+ ```
225
+
226
+ ### 2.b. Controller
227
+
228
+ Your sessions controller will look just like your other controllers.
229
+
230
+ ```ruby
231
+ class UserSessionsController < ApplicationController
232
+ def new
233
+ @user_session = UserSession.new
234
+ end
235
+
236
+ def create
237
+ @user_session = UserSession.new(user_session_params)
238
+ if @user_session.save
239
+ redirect_to account_url
240
+ else
241
+ render :action => :new
242
+ end
243
+ end
244
+
245
+ def destroy
246
+ current_user_session.destroy
247
+ redirect_to new_user_session_url
248
+ end
249
+
250
+ private
251
+
252
+ def user_session_params
253
+ params.require(:user_session).permit(:email, :password, :remember_me)
254
+ end
255
+ end
256
+ ```
257
+
258
+ As you can see, this fits nicely into the [conventional controller methods][9].
259
+
260
+ #### 2.b.1. Helper Methods
261
+
262
+ ```ruby
263
+ class ApplicationController
264
+ helper_method :current_user_session, :current_user
265
+
266
+ private
267
+ def current_user_session
268
+ return @current_user_session if defined?(@current_user_session)
269
+ @current_user_session = UserSession.find
270
+ end
271
+
272
+ def current_user
273
+ return @current_user if defined?(@current_user)
274
+ @current_user = current_user_session && current_user_session.user
275
+ end
276
+ end
277
+ ```
278
+
279
+ ### 2.c. View
280
+
281
+ ```erb
282
+ <%= form_for @user_session do |f| %>
283
+ <% if @user_session.errors.any? %>
284
+ <div id="error_explanation">
285
+ <h2><%= pluralize(@user_session.errors.count, "error") %> prohibited:</h2>
286
+ <ul>
287
+ <% @user_session.errors.full_messages.each do |msg| %>
288
+ <li><%= msg %></li>
289
+ <% end %>
290
+ </ul>
291
+ </div>
292
+ <% end %>
293
+ <%= f.label :login %><br />
294
+ <%= f.text_field :login %><br />
295
+ <br />
296
+ <%= f.label :password %><br />
297
+ <%= f.password_field :password %><br />
298
+ <br />
299
+ <%= f.submit "Login" %>
300
+ <% end %>
301
+ ```
302
+
303
+ ### 2.d. CSRF Protection
304
+
305
+ Because Authlogic introduces its own methods for storing user sessions, the CSRF
306
+ (Cross Site Request Forgery) protection that is built into Rails will not work
307
+ out of the box.
308
+
309
+ No generally applicable mitigation by the authlogic library is possible, because
310
+ the instance variable you use to store a reference to the user session in `def
311
+ current_user_session` will not be known to authlogic.
312
+
313
+ You will need to override `ActionController::Base#handle_unverified_request` to
314
+ do something appropriate to how your app handles user sessions, e.g.:
315
+
316
+ ```ruby
317
+ class ApplicationController < ActionController::Base
318
+ ...
319
+ protected
320
+
321
+ def handle_unverified_request
322
+ # raise an exception
323
+ fail ActionController::InvalidAuthenticityToken
324
+ # or destroy session, redirect
325
+ if current_user_session
326
+ current_user_session.destroy
327
+ end
328
+ redirect_to root_url
329
+ end
330
+ end
331
+ ```
332
+
333
+ ## 3. Testing
334
+
335
+ See [Authlogic::TestCase](https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/test_case.rb)
336
+
337
+ ## 4. Helpful links
338
+
339
+ * <b>API Reference:</b> http://www.rubydoc.info/github/binarylogic/authlogic
340
+ * <b>Repository:</b> https://github.com/binarylogic/authlogic/tree/master
341
+ * <b>Railscasts Screencast:</b> http://railscasts.com/episodes/160-authlogic
342
+ * <b>Example repository with tutorial in README:</b> https://github.com/binarylogic/authlogic_example/tree/master
343
+ * <b>Tutorial</b>: Rails Authentication with Authlogic https://www.sitepoint.com/rails-authentication-with-authlogic
344
+ * <b>Issues:</b> https://github.com/binarylogic/authlogic/issues
345
+ * <b>Chrome is not logging out on browser close</b> https://productforums.google.com/forum/#!topic/chrome/9l-gKYIUg50/discussion
346
+
347
+ ## 5. Add-ons
348
+
349
+ * <b>Authlogic OpenID addon:</b> https://github.com/binarylogic/authlogic_openid
350
+ * <b>Authlogic LDAP addon:</b> https://github.com/binarylogic/authlogic_ldap
351
+ * <b>Authlogic Facebook Connect:</b> https://github.com/kalasjocke/authlogic-facebook-connect
352
+ * <b>Authlogic Facebook Connect (New JS API):</b> https://github.com/studybyte/authlogic_facebook_connect
353
+ * <b>Authlogic Facebook Shim</b> https://github.com/james2m/authlogic_facebook_shim
354
+ * <b>Authlogic OAuth (Twitter):</b> https://github.com/jrallison/authlogic_oauth
355
+ * <b>Authlogic Oauth and OpenID:</b> https://github.com/lancejpollard/authlogic-connect
356
+ * <b>Authlogic PAM:</b> https://github.com/nbudin/authlogic_pam
357
+ * <b>Authlogic x509:</b> https://github.com/auth-scc/authlogic_x509
358
+
359
+ If you create one of your own, please let us know about it so we can add it to
360
+ this list. Or just fork the project, add your link, and send us a pull request.
361
+
362
+ ## 6. Internals
363
+
364
+ Interested in how all of this all works? Think about an ActiveRecord model. A
365
+ database connection must be established before you can use it. In the case of
366
+ Authlogic, a controller connection must be established before you can use it. It
367
+ uses that controller connection to modify cookies, the current session, login
368
+ with HTTP basic, etc. It connects to the controller through a before filter that
369
+ is automatically set in your controller which lets Authlogic know about the
370
+ current controller object. Then Authlogic leverages that to do everything, it's
371
+ a pretty simple design. Nothing crazy going on, Authlogic is just leveraging the
372
+ tools your framework provides in the controller object.
373
+
374
+ ## Intellectual Property
375
+
376
+ Copyright (c) 2012 Ben Johnson of Binary Logic, released under the MIT license
377
+
378
+ [1]: https://api.travis-ci.org/binarylogic/authlogic.svg?branch=master
379
+ [2]: https://travis-ci.org/binarylogic/authlogic
380
+ [3]: https://gemnasium.com/badges/github.com/binarylogic/authlogic.svg
381
+ [4]: https://gemnasium.com/binarylogic/authlogic
382
+ [5]: https://badge.fury.io/rb/authlogic.png
383
+ [6]: http://badge.fury.io/rb/authlogic
384
+ [7]: https://codeclimate.com/github/binarylogic/authlogic.png
385
+ [8]: https://codeclimate.com/github/binarylogic/authlogic
386
+ [9]: http://guides.rubyonrails.org/routing.html#resource-routing-the-rails-default