authlogic 3.4.6 → 4.2.0

data/Rakefile

@@ -1,13 +1,19 @@
-require 'rubygems'
-require 'bundler'
+require "rubygems"
+require "bundler"
 
 Bundler.setup
 
-require 'rake/testtask'
+require "rake/testtask"
 Rake::TestTask.new(:test) do |test|
-  test.libs << 'test'
-  test.pattern = 'test/**/*_test.rb'
-  test.verbose = true
+  test.libs << "test"
+  test.pattern = "test/**/*_test.rb"
+  test.verbose = false
+
+  # Set interpreter warning level to 2 (verbose)
+  test.ruby_opts += ["-W2"]
 end
 
-task :default => :test
+require "rubocop/rake_task"
+RuboCop::RakeTask.new
+
+task default: %i[rubocop test]

data/UPGRADING.md

@@ -0,0 +1,22 @@
+# Upgrading Authlogic
+
+Supplemental instructions to complement CHANGELOG.md.
+
+## 3.4.0
+
+In version 3.4.0, released 2014-03-03, the default crypto_provider was changed
+from *Sha512* to *SCrypt*.
+
+If you never set a crypto_provider and are upgrading, your passwords will break
+unless you specify `Sha512`.
+
+``` ruby
+c.crypto_provider = Authlogic::CryptoProviders::Sha512
+```
+
+And if you want to automatically upgrade from *Sha512* to *SCrypt* as users login:
+
+```ruby
+c.transition_from_crypto_providers = [Authlogic::CryptoProviders::Sha512]
+c.crypto_provider = Authlogic::CryptoProviders::SCrypt
+```

data/authlogic.gemspec

@@ -1,27 +1,38 @@
-# -*- encoding: utf-8 -*-
-$:.push File.expand_path("../lib", __FILE__)
+require "English"
+$LOAD_PATH.push File.expand_path("lib", __dir__)
+require "authlogic/version"
 
-Gem::Specification.new do |s|
-  s.name        = "authlogic"
-  s.version     = "3.4.6"
-  s.platform    = Gem::Platform::RUBY
-  s.authors     = ["Ben Johnson"]
-  s.email       = ["bjohnson@binarylogic.com"]
-  s.homepage    = "http://github.com/binarylogic/authlogic"
-  s.summary     = %q{A clean, simple, and unobtrusive ruby authentication solution.}
-  s.description = %q{A clean, simple, and unobtrusive ruby authentication solution.}
+::Gem::Specification.new do |s|
+  s.name = "authlogic"
+  s.version = ::Authlogic.gem_version.to_s
+  s.platform = ::Gem::Platform::RUBY
+  s.authors = [
+    "Ben Johnson",
+    "Tieg Zaharia",
+    "Jared Beck"
+  ]
+  s.email = [
+    "bjohnson@binarylogic.com",
+    "tieg.zaharia@gmail.com",
+    "jared@jaredbeck.com"
+  ]
+  s.homepage = "http://github.com/binarylogic/authlogic"
+  s.summary = "A clean, simple, and unobtrusive ruby authentication solution."
+  s.license = "MIT"
 
-  s.license = 'MIT'
+  s.required_ruby_version = ">= 2.2.0"
+  s.add_dependency "activerecord", [">= 4.2", "< 5.3"]
+  s.add_dependency "activesupport", [">= 4.2", "< 5.3"]
+  s.add_dependency "request_store", "~> 1.0"
+  s.add_dependency "scrypt", ">= 1.2", "< 4.0"
+  s.add_development_dependency "bcrypt", "~> 3.1"
+  s.add_development_dependency "byebug", "~> 10.0"
+  s.add_development_dependency "minitest-reporters", "~> 1.3"
+  s.add_development_dependency "rubocop", "~> 0.58.1"
+  s.add_development_dependency "timecop", "~> 0.7"
 
-  s.add_dependency 'activerecord', '>= 3.2'
-  s.add_dependency 'activesupport', '>= 3.2'
-  s.add_dependency 'request_store', '~> 1.0'
-  s.add_dependency 'scrypt', '>= 1.2', '< 3.0'
-  s.add_development_dependency 'bcrypt', '~> 3.1'
-  s.add_development_dependency 'timecop', '~> 0.7'
-
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.files = `git ls-files`.split("\n")
+  s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ["lib"]
 end

data/lib/authlogic.rb

@@ -1,59 +1,67 @@
+# Authlogic uses ActiveSupport's core extensions like `strip_heredoc` and
+# `squish`. ActiveRecord does not `require` these exensions, so we must.
+#
+# It's possible that we could save a few milliseconds by loading only the
+# specific core extensions we need, but `all.rb` is simpler. We can revisit this
+# decision if it becomes a problem.
+require "active_support/all"
+
 require "active_record"
 
 path = File.dirname(__FILE__) + "/authlogic/"
 
 [
- "i18n",
- "random",
- "regex",
- "config",
-
- "controller_adapters/abstract_adapter",
-
- "crypto_providers",
-
- "authenticates_many/base",
- "authenticates_many/association",
-
- "acts_as_authentic/email",
- "acts_as_authentic/logged_in_status",
- "acts_as_authentic/login",
- "acts_as_authentic/magic_columns",
- "acts_as_authentic/password",
- "acts_as_authentic/perishable_token",
- "acts_as_authentic/persistence_token",
- "acts_as_authentic/restful_authentication",
- "acts_as_authentic/session_maintenance",
- "acts_as_authentic/single_access_token",
- "acts_as_authentic/validations_scope",
- "acts_as_authentic/base",
-
- "session/activation",
- "session/active_record_trickery",
- "session/brute_force_protection",
- "session/callbacks",
- "session/cookies",
- "session/existence",
- "session/foundation",
- "session/http_auth",
- "session/id",
- "session/klass",
- "session/magic_columns",
- "session/magic_states",
- "session/params",
- "session/password",
- "session/perishable_token",
- "session/persistence",
- "session/priority_record",
- "session/scopes",
- "session/session",
- "session/timeout",
- "session/unauthorized_record",
- "session/validation",
- "session/base"
+  "i18n",
+  "random",
+  "regex",
+  "config",
+
+  "controller_adapters/abstract_adapter",
+
+  "crypto_providers",
+
+  "authenticates_many/base",
+  "authenticates_many/association",
+
+  "acts_as_authentic/email",
+  "acts_as_authentic/logged_in_status",
+  "acts_as_authentic/login",
+  "acts_as_authentic/magic_columns",
+  "acts_as_authentic/password",
+  "acts_as_authentic/perishable_token",
+  "acts_as_authentic/persistence_token",
+  "acts_as_authentic/restful_authentication",
+  "acts_as_authentic/session_maintenance",
+  "acts_as_authentic/single_access_token",
+  "acts_as_authentic/validations_scope",
+  "acts_as_authentic/base",
+
+  "session/activation",
+  "session/active_record_trickery",
+  "session/brute_force_protection",
+  "session/callbacks",
+  "session/cookies",
+  "session/existence",
+  "session/foundation",
+  "session/http_auth",
+  "session/id",
+  "session/klass",
+  "session/magic_columns",
+  "session/magic_states",
+  "session/params",
+  "session/password",
+  "session/perishable_token",
+  "session/persistence",
+  "session/priority_record",
+  "session/scopes",
+  "session/session",
+  "session/timeout",
+  "session/unauthorized_record",
+  "session/validation",
+  "session/base"
 ].each do |library|
-   require path + library
- end
+  require path + library
+end
 
-require path + "controller_adapters/rails_adapter"   if defined?( Rails   )
-require path + "controller_adapters/sinatra_adapter" if defined?( Sinatra )
+require path + "controller_adapters/rails_adapter"   if defined?(Rails)
+require path + "controller_adapters/sinatra_adapter" if defined?(Sinatra)

data/lib/authlogic/acts_as_authentic/base.rb

@@ -11,9 +11,11 @@ module Authlogic
         end
       end
 
+      # The primary configuration of a model (often, `User`) for use with
+      # authlogic. These methods become class methods of ::ActiveRecord::Base.
       module Config
-        # This includes a lot of helpful methods for authenticating records which The Authlogic::Session module relies on.
-        # To use it just do:
+        # This includes a lot of helpful methods for authenticating records
+        # which the Authlogic::Session module relies on. To use it just do:
         #
         #   class User < ActiveRecord::Base
         #     acts_as_authentic
@@ -26,14 +28,16 @@ module Authlogic
         #   end
         #
         # See the various sub modules for the configuration they provide.
-        def acts_as_authentic(unsupported_options = nil, &block)
+        def acts_as_authentic(unsupported_options = nil)
           # Stop all configuration if the DB is not set up
-          return if !db_setup?
+          return unless db_setup?
 
-          if !unsupported_options.nil?
+          unless unsupported_options.nil?
             raise ArgumentError.new(
-              "You are using the old v1.X.X configuration method for Authlogic. Instead of passing a hash of " +
-              "configuration options to acts_as_authentic, pass a block: acts_as_authentic { |c| c.my_option = my_value }"
+              "You are using the old v1.X.X configuration method for " \
+                "Authlogic. Instead of passing a hash of configuration " \
+                "options to acts_as_authentic, pass a block: " \
+                "acts_as_authentic { |c| c.my_option = my_value }"
             )
           end
 
@@ -41,12 +45,15 @@ module Authlogic
           acts_as_authentic_modules.each { |mod| include mod }
         end
 
-        # Since this part of Authlogic deals with another class, ActiveRecord, we can't just start including things
-        # in ActiveRecord itself. A lot of these module includes need to be triggered by the acts_as_authentic method
-        # call. For example, you don't want to start adding in email validations and what not into a model that has
-        # nothing to do with Authlogic.
+        # Since this part of Authlogic deals with another class, ActiveRecord,
+        # we can't just start including things in ActiveRecord itself. A lot of
+        # these module includes need to be triggered by the acts_as_authentic
+        # method call. For example, you don't want to start adding in email
+        # validations and what not into a model that has nothing to do with
+        # Authlogic.
         #
-        # That being said, this is your tool for extending Authlogic and "hooking" into the acts_as_authentic call.
+        # That being said, this is your tool for extending Authlogic and
+        # "hooking" into the acts_as_authentic call.
         def add_acts_as_authentic_module(mod, action = :append)
           modules = acts_as_authentic_modules.clone
           case action
@@ -59,7 +66,8 @@ module Authlogic
           self.acts_as_authentic_modules = modules
         end
 
-        # This is the same as add_acts_as_authentic_module, except that it removes the module from the list.
+        # This is the same as add_acts_as_authentic_module, except that it
+        # removes the module from the list.
         def remove_acts_as_authentic_module(mod)
           modules = acts_as_authentic_modules.clone
           modules.delete(mod)
@@ -67,21 +75,24 @@ module Authlogic
         end
 
         private
-          def db_setup?
-            begin
-              column_names
-              true
-            rescue Exception
-              false
-            end
-          end
 
-          def first_column_to_exist(*columns_to_check)
-            if db_setup?
-              columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
+        def db_setup?
+          column_names
+          true
+        rescue StandardError
+          false
+        end
+
+        def first_column_to_exist(*columns_to_check)
+          if db_setup?
+            columns_to_check.each do |column_name|
+              if column_names.include?(column_name.to_s)
+                return column_name.to_sym
+              end
             end
-            columns_to_check.first && columns_to_check.first.to_sym
           end
+          columns_to_check.first && columns_to_check.first.to_sym
+        end
       end
     end
   end
@@ -95,8 +106,11 @@ end
 ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Password
 ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::PerishableToken
 ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::PersistenceToken
+
+# RestfulAuthentication is deprecated. See comments in
+# acts_as_authentic/restful_authentication.rb
 ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::RestfulAuthentication
+
 ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SessionMaintenance
 ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SingleAccessToken
 ::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::ValidationsScope
-

data/lib/authlogic/acts_as_authentic/email.rb

@@ -1,9 +1,10 @@
 module Authlogic
   module ActsAsAuthentic
-    # Sometimes models won't have an explicit "login" or "username" field. Instead they want to use the email field.
-    # In this case, authlogic provides validations to make sure the email submited is actually a valid email. Don't worry,
-    # if you do have a login or username field, Authlogic will still validate your email field. One less thing you have to
-    # worry about.
+    # Sometimes models won't have an explicit "login" or "username" field.
+    # Instead they want to use the email field. In this case, authlogic provides
+    # validations to make sure the email submited is actually a valid email.
+    # Don't worry, if you do have a login or username field, Authlogic will
+    # still validate your email field. One less thing you have to worry about.
     module Email
       def self.included(klass)
         klass.class_eval do
@@ -32,67 +33,130 @@ module Authlogic
         end
         alias_method :validate_email_field=, :validate_email_field
 
-        # A hash of options for the validates_length_of call for the email field. Allows you to change this however you want.
+        # A hash of options for the validates_length_of call for the email
+        # field. Allows you to change this however you want.
         #
-        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
-        # merge options into it. Checkout the convenience function merge_validates_length_of_email_field_options to merge
-        # options.</b>
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as
+        # possible, so you can completely replace the hash or merge options into
+        # it. Checkout the convenience function
+        # merge_validates_length_of_email_field_options to merge options.</b>
         #
         # * <tt>Default:</tt> {:maximum => 100}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_email_field_options(value = nil)
-          rw_config(:validates_length_of_email_field_options, value, {:maximum => 100})
+          rw_config(:validates_length_of_email_field_options, value, maximum: 100)
         end
-        alias_method :validates_length_of_email_field_options=, :validates_length_of_email_field_options
+        alias_method(
+          :validates_length_of_email_field_options=,
+          :validates_length_of_email_field_options
+        )
 
-        # A convenience function to merge options into the validates_length_of_email_field_options. So intead of:
+        # A convenience function to merge options into the
+        # validates_length_of_email_field_options. So instead of:
         #
-        #   self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(:my_option => my_value)
+        #   self.validates_length_of_email_field_options =
+        #     validates_length_of_email_field_options.merge(:my_option => my_value)
         #
         # You can do this:
         #
         #   merge_validates_length_of_email_field_options :my_option => my_value
         def merge_validates_length_of_email_field_options(options = {})
-          self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(options)
+          self.validates_length_of_email_field_options =
+            validates_length_of_email_field_options.merge(options)
         end
 
-        # A hash of options for the validates_format_of call for the email field. Allows you to change this however you want.
+        # A hash of options for the validates_format_of call for the email
+        # field. Allows you to change this however you want.
         #
-        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
-        # merge options into it. Checkout the convenience function merge_validates_format_of_email_field_options to merge
-        # options.</b>
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as
+        # possible, so you can completely replace the hash or merge options into
+        # it. Checkout the convenience function
+        # merge_validates_format_of_email_field_options to merge options.</b>
+        #
+        # To validate international email addresses, enable the provided
+        # alternate regex:
+        #
+        # ```
+        # validates_format_of_email_field_options(
+        #   with: Authlogic::Regex.email_nonascii
+        # )
+        # ```
         #
-        # To validate international email addresses, enable the provided alternate regex:
-        # * <tt>validates_format_of_email_field_options({:with => Authlogic::Regex.email_nonascii})</tt>
+        # * <tt>Default:</tt>
+        #
+        #         {
+        #           :with => Authlogic::Regex.email,
+        #           :message => Proc.new {
+        #             I18n.t(
+        #               'error_messages.email_invalid',
+        #               :default => "should look like an email address."
+        #             )
+        #           }
+        #         }
         #
-        # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => Proc.new {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
         def validates_format_of_email_field_options(value = nil)
-          rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => Proc.new{I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}})
+          rw_config(
+            :validates_format_of_email_field_options,
+            value,
+            with: Authlogic::Regex::EMAIL,
+            message: proc do
+                       I18n.t(
+                         "error_messages.email_invalid",
+                         default: "should look like an email address."
+                       )
+                     end
+          )
         end
-        alias_method :validates_format_of_email_field_options=, :validates_format_of_email_field_options
+        alias_method(
+          :validates_format_of_email_field_options=,
+          :validates_format_of_email_field_options
+        )
 
-        # See merge_validates_length_of_email_field_options. The same thing except for validates_format_of_email_field_options.
+        # See merge_validates_length_of_email_field_options. The same thing
+        # except for validates_format_of_email_field_options.
         def merge_validates_format_of_email_field_options(options = {})
-          self.validates_format_of_email_field_options = validates_format_of_email_field_options.merge(options)
+          self.validates_format_of_email_field_options =
+            validates_format_of_email_field_options.merge(options)
         end
 
-        # A hash of options for the validates_uniqueness_of call for the email field. Allows you to change this however you want.
+        # A hash of options for the validates_uniqueness_of call for the email
+        # field. Allows you to change this however you want.
         #
-        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
-        # merge options into it. Checkout the convenience function merge_validates_uniqueness_of_email_field_options to merge
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as
+        # possible, so you can completely replace the hash or merge options into
+        # it. Checkout the convenience function
+        # merge_validates_uniqueness_of_email_field_options to merge
         # options.</b>
         #
-        # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym}
+        # * <tt>Default:</tt>
+        #
+        #         {
+        #           :case_sensitive => false,
+        #           :scope => validations_scope,
+        #           :if => "#{email_field}_changed?".to_sym
+        #         }
+        #
         # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
         def validates_uniqueness_of_email_field_options(value = nil)
-          rw_config(:validates_uniqueness_of_email_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym})
+          rw_config(
+            :validates_uniqueness_of_email_field_options,
+            value,
+            case_sensitive: false,
+            scope: validations_scope,
+            if: "#{email_field}_changed?".to_sym
+          )
         end
-        alias_method :validates_uniqueness_of_email_field_options=, :validates_uniqueness_of_email_field_options
+        alias_method(
+          :validates_uniqueness_of_email_field_options=,
+          :validates_uniqueness_of_email_field_options
+        )
 
-        # See merge_validates_length_of_email_field_options. The same thing except for validates_uniqueness_of_email_field_options.
+        # See merge_validates_length_of_email_field_options. The same thing
+        # except for validates_uniqueness_of_email_field_options.
         def merge_validates_uniqueness_of_email_field_options(options = {})
-          self.validates_uniqueness_of_email_field_options = validates_uniqueness_of_email_field_options.merge(options)
+          self.validates_uniqueness_of_email_field_options =
+            validates_uniqueness_of_email_field_options.merge(options)
         end
       end