authlogic 3.4.6 → 4.2.0

data/lib/authlogic/acts_as_authentic/single_access_token.rb

@@ -1,7 +1,8 @@
 module Authlogic
   module ActsAsAuthentic
-    # This module is responsible for maintaining the single_access token. For more information the single access token and how to use it,
-    # see the Authlogic::Session::Params module.
+    # This module is responsible for maintaining the single_access token. For more
+    # information the single access token and how to use it, see the
+    # Authlogic::Session::Params module.
     module SingleAccessToken
       def self.included(klass)
         klass.class_eval do
@@ -9,57 +10,72 @@ module Authlogic
           add_acts_as_authentic_module(Methods)
         end
       end
-      
+
       # All configuration for the single_access token aspect of acts_as_authentic.
+      #
+      # These methods become class methods of ::ActiveRecord::Base.
       module Config
-        # The single access token is used for authentication via URLs, such as a private feed. That being said,
-        # if the user changes their password, that token probably shouldn't change. If it did, the user would have
-        # to update all of their URLs. So be default this is option is disabled, if you need it, feel free to turn
-        # it on.
+        # The single access token is used for authentication via URLs, such as a private
+        # feed. That being said, if the user changes their password, that token probably
+        # shouldn't change. If it did, the user would have to update all of their URLs. So
+        # be default this is option is disabled, if you need it, feel free to turn it on.
         #
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
         def change_single_access_token_with_password(value = nil)
           rw_config(:change_single_access_token_with_password, value, false)
         end
-        alias_method :change_single_access_token_with_password=, :change_single_access_token_with_password
+        alias_method(
+          :change_single_access_token_with_password=,
+          :change_single_access_token_with_password
+        )
       end
-      
+
       # All method, for the single_access token aspect of acts_as_authentic.
+      #
+      # This module, as one of the `acts_as_authentic_modules`, is only included
+      # into an ActiveRecord model if that model calls `acts_as_authentic`.
       module Methods
         def self.included(klass)
-          return if !klass.column_names.include?("single_access_token")
-          
+          return unless klass.column_names.include?("single_access_token")
+
           klass.class_eval do
             include InstanceMethods
-            validates_uniqueness_of :single_access_token, :if => :single_access_token_changed?
-            before_validation :reset_single_access_token, :if => :reset_single_access_token?
-            after_password_set(:reset_single_access_token, :if => :change_single_access_token_with_password?) if respond_to?(:after_password_set)
+            validates_uniqueness_of :single_access_token, if: :single_access_token_changed?
+            before_validation :reset_single_access_token, if: :reset_single_access_token?
+            if respond_to?(:after_password_set)
+              after_password_set(
+                :reset_single_access_token,
+                if: :change_single_access_token_with_password?
+              )
+            end
           end
         end
-        
+
+        # :nodoc:
         module InstanceMethods
           # Resets the single_access_token to a random friendly token.
           def reset_single_access_token
             self.single_access_token = Authlogic::Random.friendly_token
           end
-        
+
           # same as reset_single_access_token, but then saves the record.
           def reset_single_access_token!
             reset_single_access_token
             save_without_session_maintenance
           end
-      
+
           protected
-            def reset_single_access_token?
-              single_access_token.blank?
-            end
-          
-            def change_single_access_token_with_password?
-              self.class.change_single_access_token_with_password == true
-            end
+
+          def reset_single_access_token?
+            single_access_token.blank?
+          end
+
+          def change_single_access_token_with_password?
+            self.class.change_single_access_token_with_password == true
+          end
         end
       end
     end
   end
-end
+end

data/lib/authlogic/acts_as_authentic/validations_scope.rb

@@ -1,20 +1,20 @@
 module Authlogic
   module ActsAsAuthentic
-    # Allows you to scope everything to specific fields.
-    # See the Config submodule for more info.
-    # For information on how to scope off of a parent object see Authlogic::AuthenticatesMany
+    # Allows you to scope everything to specific fields. See the Config
+    # submodule for more info. For information on how to scope off of a parent
+    # object see Authlogic::AuthenticatesMany
     module ValidationsScope
       def self.included(klass)
         klass.class_eval do
           extend Config
         end
       end
-      
+
       # All configuration for the scope feature.
       module Config
-        # Allows you to scope everything to specific field(s). Works just like validates_uniqueness_of.
-        # For example, let's say a user belongs to a company, and you want to scope everything to the
-        # company:
+        # Allows you to scope everything to specific field(s). Works just like
+        # validates_uniqueness_of. For example, let's say a user belongs to a
+        # company, and you want to scope everything to the company:
         #
         #   acts_as_authentic do |c|
         #     c.validations_scope = :company_id
@@ -29,4 +29,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/authenticates_many/association.rb

@@ -1,42 +1,50 @@
 module Authlogic
   module AuthenticatesMany
-    # An object of this class is used as a proxy for the authenticates_many relationship. It basically allows you to "save" scope details
-    # and call them on an object, which allows you to do the following:
+    # An object of this class is used as a proxy for the authenticates_many
+    # relationship. It basically allows you to "save" scope details and call
+    # them on an object, which allows you to do the following:
     #
     #   @account.user_sessions.new
     #   @account.user_sessions.find
     #   # ... etc
     #
-    # You can call all of the class level methods off of an object with a saved scope, so that calling the above methods scopes the user
-    # sessions down to that specific account. To implement this via ActiveRecord do something like:
+    # You can call all of the class level methods off of an object with a saved
+    # scope, so that calling the above methods scopes the user sessions down to
+    # that specific account. To implement this via ActiveRecord do something
+    # like:
     #
     #   class User < ActiveRecord::Base
     #     authenticates_many :user_sessions
     #   end
     class Association
       attr_accessor :klass, :find_options, :id
-      
+
+      # - id: Usually `nil`, but if the `scope_cookies` option is used, then
+      #   `id` is a string like "company_123". It may seem strange to refer
+      #   to such a string as an "id", but the naming is intentional, and
+      #   is derived from `Authlogic::Session::Id`.
       def initialize(klass, find_options, id)
         self.klass = klass
         self.find_options = find_options
         self.id = id
       end
-      
-      [:create, :create!, :find, :new].each do |method|
-        class_eval <<-"end_eval", __FILE__, __LINE__
+
+      %i[create create! find new].each do |method|
+        class_eval <<-EOS, __FILE__, __LINE__ + 1
           def #{method}(*args)
             klass.with_scope(scope_options) do
               klass.#{method}(*args)
             end
           end
-        end_eval
+        EOS
       end
       alias_method :build, :new
-    
+
       private
-        def scope_options
-          {:find_options => find_options, :id => id}
-        end
+
+      def scope_options
+        { find_options: find_options, id: id }
+      end
     end
   end
-end
+end

data/lib/authlogic/authenticates_many/base.rb

@@ -1,6 +1,7 @@
 module Authlogic
-  # This allows you to scope your authentication. For example, let's say all users belong to an account, you want to make sure only users
-  # that belong to that account can actually login into that account. Simple, just do:
+  # This allows you to scope your authentication. For example, let's say all users belong
+  # to an account, you want to make sure only users that belong to that account can
+  # actually login into that account. Simple, just do:
   #
   #   class Account < ActiveRecord::Base
   #     authenticates_many :user_sessions
@@ -16,39 +17,57 @@ module Authlogic
   # Checkout the authenticates_many method for a list of options.
   # You may also want to checkout Authlogic::ActsAsAuthentic::Scope to scope your model.
   module AuthenticatesMany
+    # These methods become class methods of ::ActiveRecord::Base.
     module Base
-      # Allows you set essentially set up a relationship with your sessions. See module definition above for more details.
+      # Allows you to set up a relationship with your sessions. See module
+      # definition above for more details.
       #
       # === Options
       #
       # * <tt>session_class:</tt> default: "#{name}Session",
       #   This is the related session class.
       #
-      # * <tt>relationship_name:</tt> default: options[:session_class].klass_name.underscore.pluralize,
-      #   This is the name of the relationship you want to use to scope everything. For example an Account has many Users. There should be a relationship
-      #   called :users that you defined with a has_many. The reason we use the relationship is so you don't have to repeat yourself. The relatonship
-      #   could have all kinds of custom options. So instead of repeating yourself we essentially use the scope that the relationship creates.
+      # * <tt>relationship_name:</tt>
+      #   default: options[:session_class].klass_name.underscore.pluralize,
+      #   This is the name of the relationship you want to use to scope
+      #   everything. For example an Account has many Users. There should be a
+      #   relationship called :users that you defined with a has_many. The
+      #   reason we use the relationship is so you don't have to repeat
+      #   yourself. The relationship could have all kinds of custom options. So
+      #   instead of repeating yourself we essentially use the scope that the
+      #   relationship creates.
       #
       # * <tt>find_options:</tt> default: nil,
-      #   By default the find options are created from the relationship you specify with :relationship_name. But if you want to override this and
-      #   manually specify find_options you can do it here. Specify options just as you would in ActiveRecord::Base.find.
+      #   By default the find options are created from the relationship you
+      #   specify with :relationship_name. But if you want to override this and
+      #   manually specify find_options you can do it here. Specify options just
+      #   as you would in ActiveRecord::Base.find.
       #
       # * <tt>scope_cookies:</tt> default: false
-      #   By the nature of cookies they scope theirself if you are using subdomains to access accounts. If you aren't using subdomains you need to have
-      #   separate cookies for each account, assuming a user is logging into mroe than one account. Authlogic can take care of this for you by
-      #   prefixing the name of the cookie and sessin with the model id. You just need to tell Authlogic to do this by passing this option.
+      #   By the nature of cookies they scope themselves if you are using
+      #   subdomains to access accounts. If you aren't using subdomains you need
+      #   to have separate cookies for each account, assuming a user is logging
+      #   into more than one account. Authlogic can take care of this for you by
+      #   prefixing the name of the cookie and session with the model id.
+      #   Because it affects both cookies names and session keys, the name
+      #   `scope_cookies` is misleading. Perhaps simply `scope` or `scoped`
+      #   would have been better.
       def authenticates_many(name, options = {})
         options[:session_class] ||= name.to_s.classify.constantize
         options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
-        class_eval <<-"end_eval", __FILE__, __LINE__
+        class_eval <<-EOS, __FILE__, __LINE__ + 1
           def #{name}
             find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.where(nil)
-            @#{name} ||= Authlogic::AuthenticatesMany::Association.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
+            @#{name} ||= Authlogic::AuthenticatesMany::Association.new(
+              #{options[:session_class]},
+              find_options,
+              #{options[:scope_cookies] ? "self.class.model_name.name.underscore + '_' + self.send(self.class.primary_key).to_s" : 'nil'}
+            )
           end
-        end_eval
+        EOS
       end
     end
 
     ::ActiveRecord::Base.extend(Base) if defined?(::ActiveRecord)
   end
-end
+end

data/lib/authlogic/config.rb

@@ -1,4 +1,3 @@
-#encoding: utf-8
 module Authlogic
   module Config
     def self.extended(klass)
@@ -9,15 +8,16 @@ module Authlogic
     end
 
     private
-      # This is a one-liner method to write a config setting, read the config
-      # setting, and also set a default value for the setting.
-      def rw_config(key, value, default_value = nil)
-        if value.nil?
-          acts_as_authentic_config.include?(key) ? acts_as_authentic_config[key] : default_value
-        else
-          self.acts_as_authentic_config = acts_as_authentic_config.merge(key => value)
-          value
-        end
+
+    # This is a one-liner method to write a config setting, read the config
+    # setting, and also set a default value for the setting.
+    def rw_config(key, value, default_value = nil)
+      if value.nil?
+        acts_as_authentic_config.include?(key) ? acts_as_authentic_config[key] : default_value
+      else
+        self.acts_as_authentic_config = acts_as_authentic_config.merge(key => value)
+        value
       end
+    end
   end
 end

data/lib/authlogic/controller_adapters/abstract_adapter.rb

@@ -3,16 +3,19 @@ module Authlogic
     # Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter
     # for an example of how to adapt Authlogic to work with your framework.
     class AbstractAdapter
+      E_COOKIE_DOMAIN_ADAPTER = "The cookie_domain method has not been " \
+        "implemented by the controller adapter".freeze
+
       attr_accessor :controller
 
       def initialize(controller)
         self.controller = controller
       end
 
-      def authenticate_with_http_basic(&block)
+      def authenticate_with_http_basic
         @auth = Rack::Auth::Basic::Request.new(controller.request.env)
-        if @auth.provided? and @auth.basic?
-          block.call(*@auth.credentials)
+        if @auth.provided? && @auth.basic?
+          yield(*@auth.credentials)
         else
           false
         end
@@ -23,7 +26,7 @@ module Authlogic
       end
 
       def cookie_domain
-        raise NotImplementedError.new("The cookie_domain method has not been implemented by the controller adapter")
+        raise NotImplementedError.new(E_COOKIE_DOMAIN_ADAPTER)
       end
 
       def params
@@ -50,18 +53,43 @@ module Authlogic
         controller.send(:single_access_allowed?)
       end
 
-      def responds_to_last_request_update_allowed?
-        controller.respond_to?(:last_request_update_allowed?, true)
+      # You can disable the updating of `last_request_at`
+      # on a per-controller basis.
+      #
+      #   # in your controller
+      #   def last_request_update_allowed?
+      #     false
+      #   end
+      #
+      # For example, what if you had a javascript function that polled the
+      # server updating how much time is left in their session before it
+      # times out. Obviously you would want to ignore this request, because
+      # then the user would never time out. So you can do something like
+      # this in your controller:
+      #
+      #   def last_request_update_allowed?
+      #     action_name != "update_session_time_left"
+      #   end
+      #
+      # See `authlogic/session/magic_columns.rb` to learn more about the
+      # `last_request_at` column itself.
+      def last_request_update_allowed?
+        if controller.respond_to?(:last_request_update_allowed?, true)
+          controller.send(:last_request_update_allowed?)
+        else
+          true
+        end
       end
 
-      def last_request_update_allowed?
-        controller.send(:last_request_update_allowed?)
+      def respond_to_missing?(*args)
+        super(*args) || controller.respond_to?(*args)
       end
 
       private
-        def method_missing(id, *args, &block)
-          controller.send(id, *args, &block)
-        end
+
+      def method_missing(id, *args, &block)
+        controller.send(id, *args, &block)
+      end
     end
   end
-end
+end

data/lib/authlogic/controller_adapters/rack_adapter.rb

@@ -37,27 +37,34 @@ module Authlogic
     #     end
     #
     class RackAdapter < AbstractAdapter
-
       def initialize(env)
         # We use the Rack::Request object as the controller object.
         # For this to work, we have to add some glue.
         request = Rack::Request.new(env)
 
         request.instance_eval do
-          def request; self; end
-          def remote_ip; self.ip; end
+          def request
+            self
+          end
+
+          def remote_ip
+            ip
+          end
         end
 
         super(request)
         Authlogic::Session::Base.controller = self
       end
 
-      # Rack Requests stores cookies with not just the value, but also with flags and expire information in the hash.
-      # Authlogic does not like this, so we drop everything except the cookie value
+      # Rack Requests stores cookies with not just the value, but also with
+      # flags and expire information in the hash. Authlogic does not like this,
+      # so we drop everything except the cookie value.
       def cookies
-        controller.cookies.map{|key, value_hash| {key => value_hash[:value]} }.inject(:merge) || {}
+        controller
+          .cookies
+          .map { |key, value_hash| { key => value_hash[:value] } }
+          .inject(:merge) || {}
       end
     end
   end
-
-end
+end

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -1,50 +1,70 @@
-require 'action_controller'
+require "action_controller"
 
 module Authlogic
   module ControllerAdapters
-    # Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object
-    # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
+    # Adapts authlogic to work with rails. The point is to close the gap between
+    # what authlogic expects and what the rails controller object provides.
+    # Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite,
+    # etc.
     class RailsAdapter < AbstractAdapter
       class AuthlogicLoadedTooLateError < StandardError; end
-      
+
       def authenticate_with_http_basic(&block)
         controller.authenticate_with_http_basic(&block)
       end
-      
+
+      # Returns a `ActionDispatch::Cookies::CookieJar`. See the AC guide
+      # http://guides.rubyonrails.org/action_controller_overview.html#cookies
       def cookies
         controller.send(:cookies)
       end
-      
+
       def cookie_domain
-        @cookie_domain_key ||= Rails::VERSION::STRING >= '2.3' ? :domain : :session_domain
+        @cookie_domain_key ||= Rails::VERSION::STRING >= "2.3" ? :domain : :session_domain
         controller.request.session_options[@cookie_domain_key]
       end
-      
+
       def request_content_type
         request.format.to_s
       end
-      
-      # Lets Authlogic know about the controller object via a before filter, AKA "activates" authlogic.
+
+      # Lets Authlogic know about the controller object via a before filter, AKA
+      # "activates" authlogic.
       module RailsImplementation
         def self.included(klass) # :nodoc:
           if defined?(::ApplicationController)
-            raise AuthlogicLoadedTooLateError.new("Authlogic is trying to prepend a before_filter in ActionController::Base to active itself" +
-              ", the problem is that ApplicationController has already been loaded meaning the before_filter won't get copied into your" +
-              " application. Generally this is due to another gem or plugin requiring your ApplicationController prematurely, such as" +
-              " the resource_controller plugin. The solution is to require Authlogic before these other gems / plugins. Please require" +
-              " authlogic first to get rid of this error.")
+            raise AuthlogicLoadedTooLateError.new(
+              <<-EOS.strip_heredoc
+                Authlogic is trying to add a callback to ActionController::Base
+                but ApplicationController has already been loaded, so the
+                callback won't be copied into your application. Generally this
+                is due to another gem or plugin requiring your
+                ApplicationController prematurely, such as the
+                resource_controller plugin. Please require Authlogic first,
+                before these other gems / plugins.
+              EOS
+            )
+          end
+
+          # In Rails 4.0.2, the *_filter methods were renamed to *_action.
+          if klass.respond_to? :prepend_before_action
+            klass.prepend_before_action :activate_authlogic
+          else
+            klass.prepend_before_filter :activate_authlogic
           end
-          
-          klass.prepend_before_filter :activate_authlogic
         end
-        
+
         private
-          def activate_authlogic
-            Authlogic::Session::Base.controller = RailsAdapter.new(self)
-          end
+
+        def activate_authlogic
+          Authlogic::Session::Base.controller = RailsAdapter.new(self)
+        end
       end
     end
   end
 end
 
-ActionController::Base.send(:include, Authlogic::ControllerAdapters::RailsAdapter::RailsImplementation)
+ActionController::Base.send(
+  :include,
+  Authlogic::ControllerAdapters::RailsAdapter::RailsImplementation
+)