authlogic 3.4.6 → 4.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/ISSUE_TEMPLATE.md +13 -0
- data/.github/triage.md +87 -0
- data/.gitignore +4 -0
- data/.rubocop.yml +127 -0
- data/.rubocop_todo.yml +65 -0
- data/.travis.yml +18 -10
- data/CHANGELOG.md +156 -6
- data/CONTRIBUTING.md +71 -3
- data/Gemfile +2 -2
- data/README.md +386 -0
- data/Rakefile +13 -7
- data/UPGRADING.md +22 -0
- data/authlogic.gemspec +33 -22
- data/lib/authlogic.rb +60 -52
- data/lib/authlogic/acts_as_authentic/base.rb +40 -26
- data/lib/authlogic/acts_as_authentic/email.rb +96 -32
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +36 -12
- data/lib/authlogic/acts_as_authentic/login.rb +114 -49
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +17 -6
- data/lib/authlogic/acts_as_authentic/password.rb +296 -139
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +34 -20
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +20 -24
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +67 -0
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +68 -23
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +128 -85
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +41 -25
- data/lib/authlogic/acts_as_authentic/validations_scope.rb +8 -8
- data/lib/authlogic/authenticates_many/association.rb +22 -14
- data/lib/authlogic/authenticates_many/base.rb +35 -16
- data/lib/authlogic/config.rb +10 -10
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +40 -12
- data/lib/authlogic/controller_adapters/rack_adapter.rb +15 -8
- data/lib/authlogic/controller_adapters/rails_adapter.rb +42 -22
- data/lib/authlogic/controller_adapters/sinatra_adapter.rb +3 -3
- data/lib/authlogic/crypto_providers.rb +91 -0
- data/lib/authlogic/crypto_providers/aes256.rb +42 -14
- data/lib/authlogic/crypto_providers/bcrypt.rb +35 -20
- data/lib/authlogic/crypto_providers/md5.rb +11 -9
- data/lib/authlogic/crypto_providers/scrypt.rb +26 -13
- data/lib/authlogic/crypto_providers/sha1.rb +14 -8
- data/lib/authlogic/crypto_providers/sha256.rb +16 -12
- data/lib/authlogic/crypto_providers/sha512.rb +8 -24
- data/lib/authlogic/crypto_providers/wordpress.rb +44 -15
- data/lib/authlogic/i18n.rb +33 -20
- data/lib/authlogic/i18n/translator.rb +1 -1
- data/lib/authlogic/random.rb +12 -29
- data/lib/authlogic/regex.rb +59 -27
- data/lib/authlogic/session/activation.rb +36 -23
- data/lib/authlogic/session/active_record_trickery.rb +13 -10
- data/lib/authlogic/session/base.rb +20 -8
- data/lib/authlogic/session/brute_force_protection.rb +87 -56
- data/lib/authlogic/session/callbacks.rb +99 -49
- data/lib/authlogic/session/cookies.rb +128 -59
- data/lib/authlogic/session/existence.rb +29 -19
- data/lib/authlogic/session/foundation.rb +70 -16
- data/lib/authlogic/session/http_auth.rb +39 -31
- data/lib/authlogic/session/id.rb +27 -15
- data/lib/authlogic/session/klass.rb +17 -13
- data/lib/authlogic/session/magic_columns.rb +78 -59
- data/lib/authlogic/session/magic_states.rb +50 -27
- data/lib/authlogic/session/params.rb +79 -50
- data/lib/authlogic/session/password.rb +197 -118
- data/lib/authlogic/session/perishable_token.rb +12 -6
- data/lib/authlogic/session/persistence.rb +20 -14
- data/lib/authlogic/session/priority_record.rb +20 -16
- data/lib/authlogic/session/scopes.rb +63 -33
- data/lib/authlogic/session/session.rb +40 -25
- data/lib/authlogic/session/timeout.rb +51 -34
- data/lib/authlogic/session/unauthorized_record.rb +24 -18
- data/lib/authlogic/session/validation.rb +32 -21
- data/lib/authlogic/test_case.rb +123 -35
- data/lib/authlogic/test_case/mock_controller.rb +14 -13
- data/lib/authlogic/test_case/mock_cookie_jar.rb +14 -5
- data/lib/authlogic/test_case/mock_logger.rb +1 -1
- data/lib/authlogic/test_case/mock_request.rb +9 -4
- data/lib/authlogic/test_case/rails_request_adapter.rb +8 -7
- data/lib/authlogic/version.rb +21 -0
- data/test/acts_as_authentic_test/base_test.rb +1 -1
- data/test/acts_as_authentic_test/email_test.rb +80 -63
- data/test/acts_as_authentic_test/logged_in_status_test.rb +14 -8
- data/test/acts_as_authentic_test/login_test.rb +91 -49
- data/test/acts_as_authentic_test/magic_columns_test.rb +13 -13
- data/test/acts_as_authentic_test/password_test.rb +82 -60
- data/test/acts_as_authentic_test/perishable_token_test.rb +31 -25
- data/test/acts_as_authentic_test/persistence_token_test.rb +9 -5
- data/test/acts_as_authentic_test/restful_authentication_test.rb +18 -9
- data/test/acts_as_authentic_test/session_maintenance_test.rb +86 -22
- data/test/acts_as_authentic_test/single_access_test.rb +15 -15
- data/test/adapter_test.rb +21 -0
- data/test/authenticates_many_test.rb +26 -11
- data/test/config_test.rb +9 -9
- data/test/crypto_provider_test/aes256_test.rb +3 -3
- data/test/crypto_provider_test/bcrypt_test.rb +1 -1
- data/test/crypto_provider_test/scrypt_test.rb +2 -2
- data/test/crypto_provider_test/sha1_test.rb +4 -4
- data/test/crypto_provider_test/sha256_test.rb +2 -2
- data/test/crypto_provider_test/sha512_test.rb +3 -3
- data/test/crypto_provider_test/wordpress_test.rb +24 -0
- data/test/gemfiles/Gemfile.rails-4.2.x +2 -2
- data/test/gemfiles/Gemfile.rails-5.0.x +6 -0
- data/test/gemfiles/Gemfile.rails-5.1.x +6 -0
- data/test/gemfiles/Gemfile.rails-5.2.x +6 -0
- data/test/gemfiles/Gemfile.rails-master +6 -0
- data/test/i18n_test.rb +9 -9
- data/test/libs/affiliate.rb +2 -2
- data/test/libs/company.rb +4 -4
- data/test/libs/employee.rb +2 -2
- data/test/libs/employee_session.rb +1 -1
- data/test/libs/ldaper.rb +1 -1
- data/test/libs/project.rb +1 -1
- data/test/libs/user_session.rb +2 -2
- data/test/random_test.rb +9 -38
- data/test/session_test/activation_test.rb +7 -7
- data/test/session_test/active_record_trickery_test.rb +9 -6
- data/test/session_test/brute_force_protection_test.rb +26 -21
- data/test/session_test/callbacks_test.rb +10 -4
- data/test/session_test/cookies_test.rb +54 -20
- data/test/session_test/existence_test.rb +45 -23
- data/test/session_test/foundation_test.rb +17 -1
- data/test/session_test/http_auth_test.rb +11 -12
- data/test/session_test/id_test.rb +3 -3
- data/test/session_test/klass_test.rb +2 -2
- data/test/session_test/magic_columns_test.rb +15 -17
- data/test/session_test/magic_states_test.rb +17 -19
- data/test/session_test/params_test.rb +26 -20
- data/test/session_test/password_test.rb +11 -12
- data/test/session_test/perishability_test.rb +5 -5
- data/test/session_test/persistence_test.rb +4 -3
- data/test/session_test/scopes_test.rb +15 -9
- data/test/session_test/session_test.rb +7 -6
- data/test/session_test/timeout_test.rb +16 -14
- data/test/session_test/unauthorized_record_test.rb +3 -3
- data/test/session_test/validation_test.rb +5 -5
- data/test/test_helper.rb +115 -49
- metadata +107 -36
- data/README.rdoc +0 -232
- data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
@@ -1,7 +1,8 @@
|
|
1
1
|
module Authlogic
|
2
2
|
module ActsAsAuthentic
|
3
|
-
# This module is responsible for maintaining the single_access token. For more
|
4
|
-
#
|
3
|
+
# This module is responsible for maintaining the single_access token. For more
|
4
|
+
# information the single access token and how to use it, see the
|
5
|
+
# Authlogic::Session::Params module.
|
5
6
|
module SingleAccessToken
|
6
7
|
def self.included(klass)
|
7
8
|
klass.class_eval do
|
@@ -9,57 +10,72 @@ module Authlogic
|
|
9
10
|
add_acts_as_authentic_module(Methods)
|
10
11
|
end
|
11
12
|
end
|
12
|
-
|
13
|
+
|
13
14
|
# All configuration for the single_access token aspect of acts_as_authentic.
|
15
|
+
#
|
16
|
+
# These methods become class methods of ::ActiveRecord::Base.
|
14
17
|
module Config
|
15
|
-
# The single access token is used for authentication via URLs, such as a private
|
16
|
-
# if the user changes their password, that token probably
|
17
|
-
#
|
18
|
-
# it on.
|
18
|
+
# The single access token is used for authentication via URLs, such as a private
|
19
|
+
# feed. That being said, if the user changes their password, that token probably
|
20
|
+
# shouldn't change. If it did, the user would have to update all of their URLs. So
|
21
|
+
# be default this is option is disabled, if you need it, feel free to turn it on.
|
19
22
|
#
|
20
23
|
# * <tt>Default:</tt> false
|
21
24
|
# * <tt>Accepts:</tt> Boolean
|
22
25
|
def change_single_access_token_with_password(value = nil)
|
23
26
|
rw_config(:change_single_access_token_with_password, value, false)
|
24
27
|
end
|
25
|
-
alias_method
|
28
|
+
alias_method(
|
29
|
+
:change_single_access_token_with_password=,
|
30
|
+
:change_single_access_token_with_password
|
31
|
+
)
|
26
32
|
end
|
27
|
-
|
33
|
+
|
28
34
|
# All method, for the single_access token aspect of acts_as_authentic.
|
35
|
+
#
|
36
|
+
# This module, as one of the `acts_as_authentic_modules`, is only included
|
37
|
+
# into an ActiveRecord model if that model calls `acts_as_authentic`.
|
29
38
|
module Methods
|
30
39
|
def self.included(klass)
|
31
|
-
return
|
32
|
-
|
40
|
+
return unless klass.column_names.include?("single_access_token")
|
41
|
+
|
33
42
|
klass.class_eval do
|
34
43
|
include InstanceMethods
|
35
|
-
validates_uniqueness_of :single_access_token, :
|
36
|
-
before_validation :reset_single_access_token, :
|
37
|
-
|
44
|
+
validates_uniqueness_of :single_access_token, if: :single_access_token_changed?
|
45
|
+
before_validation :reset_single_access_token, if: :reset_single_access_token?
|
46
|
+
if respond_to?(:after_password_set)
|
47
|
+
after_password_set(
|
48
|
+
:reset_single_access_token,
|
49
|
+
if: :change_single_access_token_with_password?
|
50
|
+
)
|
51
|
+
end
|
38
52
|
end
|
39
53
|
end
|
40
|
-
|
54
|
+
|
55
|
+
# :nodoc:
|
41
56
|
module InstanceMethods
|
42
57
|
# Resets the single_access_token to a random friendly token.
|
43
58
|
def reset_single_access_token
|
44
59
|
self.single_access_token = Authlogic::Random.friendly_token
|
45
60
|
end
|
46
|
-
|
61
|
+
|
47
62
|
# same as reset_single_access_token, but then saves the record.
|
48
63
|
def reset_single_access_token!
|
49
64
|
reset_single_access_token
|
50
65
|
save_without_session_maintenance
|
51
66
|
end
|
52
|
-
|
67
|
+
|
53
68
|
protected
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
69
|
+
|
70
|
+
def reset_single_access_token?
|
71
|
+
single_access_token.blank?
|
72
|
+
end
|
73
|
+
|
74
|
+
def change_single_access_token_with_password?
|
75
|
+
self.class.change_single_access_token_with_password == true
|
76
|
+
end
|
61
77
|
end
|
62
78
|
end
|
63
79
|
end
|
64
80
|
end
|
65
|
-
end
|
81
|
+
end
|
@@ -1,20 +1,20 @@
|
|
1
1
|
module Authlogic
|
2
2
|
module ActsAsAuthentic
|
3
|
-
# Allows you to scope everything to specific fields.
|
4
|
-
#
|
5
|
-
#
|
3
|
+
# Allows you to scope everything to specific fields. See the Config
|
4
|
+
# submodule for more info. For information on how to scope off of a parent
|
5
|
+
# object see Authlogic::AuthenticatesMany
|
6
6
|
module ValidationsScope
|
7
7
|
def self.included(klass)
|
8
8
|
klass.class_eval do
|
9
9
|
extend Config
|
10
10
|
end
|
11
11
|
end
|
12
|
-
|
12
|
+
|
13
13
|
# All configuration for the scope feature.
|
14
14
|
module Config
|
15
|
-
# Allows you to scope everything to specific field(s). Works just like
|
16
|
-
# For example, let's say a user belongs to a
|
17
|
-
# company:
|
15
|
+
# Allows you to scope everything to specific field(s). Works just like
|
16
|
+
# validates_uniqueness_of. For example, let's say a user belongs to a
|
17
|
+
# company, and you want to scope everything to the company:
|
18
18
|
#
|
19
19
|
# acts_as_authentic do |c|
|
20
20
|
# c.validations_scope = :company_id
|
@@ -29,4 +29,4 @@ module Authlogic
|
|
29
29
|
end
|
30
30
|
end
|
31
31
|
end
|
32
|
-
end
|
32
|
+
end
|
@@ -1,42 +1,50 @@
|
|
1
1
|
module Authlogic
|
2
2
|
module AuthenticatesMany
|
3
|
-
# An object of this class is used as a proxy for the authenticates_many
|
4
|
-
#
|
3
|
+
# An object of this class is used as a proxy for the authenticates_many
|
4
|
+
# relationship. It basically allows you to "save" scope details and call
|
5
|
+
# them on an object, which allows you to do the following:
|
5
6
|
#
|
6
7
|
# @account.user_sessions.new
|
7
8
|
# @account.user_sessions.find
|
8
9
|
# # ... etc
|
9
10
|
#
|
10
|
-
# You can call all of the class level methods off of an object with a saved
|
11
|
-
#
|
11
|
+
# You can call all of the class level methods off of an object with a saved
|
12
|
+
# scope, so that calling the above methods scopes the user sessions down to
|
13
|
+
# that specific account. To implement this via ActiveRecord do something
|
14
|
+
# like:
|
12
15
|
#
|
13
16
|
# class User < ActiveRecord::Base
|
14
17
|
# authenticates_many :user_sessions
|
15
18
|
# end
|
16
19
|
class Association
|
17
20
|
attr_accessor :klass, :find_options, :id
|
18
|
-
|
21
|
+
|
22
|
+
# - id: Usually `nil`, but if the `scope_cookies` option is used, then
|
23
|
+
# `id` is a string like "company_123". It may seem strange to refer
|
24
|
+
# to such a string as an "id", but the naming is intentional, and
|
25
|
+
# is derived from `Authlogic::Session::Id`.
|
19
26
|
def initialize(klass, find_options, id)
|
20
27
|
self.klass = klass
|
21
28
|
self.find_options = find_options
|
22
29
|
self.id = id
|
23
30
|
end
|
24
|
-
|
25
|
-
[
|
26
|
-
class_eval <<-
|
31
|
+
|
32
|
+
%i[create create! find new].each do |method|
|
33
|
+
class_eval <<-EOS, __FILE__, __LINE__ + 1
|
27
34
|
def #{method}(*args)
|
28
35
|
klass.with_scope(scope_options) do
|
29
36
|
klass.#{method}(*args)
|
30
37
|
end
|
31
38
|
end
|
32
|
-
|
39
|
+
EOS
|
33
40
|
end
|
34
41
|
alias_method :build, :new
|
35
|
-
|
42
|
+
|
36
43
|
private
|
37
|
-
|
38
|
-
|
39
|
-
|
44
|
+
|
45
|
+
def scope_options
|
46
|
+
{ find_options: find_options, id: id }
|
47
|
+
end
|
40
48
|
end
|
41
49
|
end
|
42
|
-
end
|
50
|
+
end
|
@@ -1,6 +1,7 @@
|
|
1
1
|
module Authlogic
|
2
|
-
# This allows you to scope your authentication. For example, let's say all users belong
|
3
|
-
#
|
2
|
+
# This allows you to scope your authentication. For example, let's say all users belong
|
3
|
+
# to an account, you want to make sure only users that belong to that account can
|
4
|
+
# actually login into that account. Simple, just do:
|
4
5
|
#
|
5
6
|
# class Account < ActiveRecord::Base
|
6
7
|
# authenticates_many :user_sessions
|
@@ -16,39 +17,57 @@ module Authlogic
|
|
16
17
|
# Checkout the authenticates_many method for a list of options.
|
17
18
|
# You may also want to checkout Authlogic::ActsAsAuthentic::Scope to scope your model.
|
18
19
|
module AuthenticatesMany
|
20
|
+
# These methods become class methods of ::ActiveRecord::Base.
|
19
21
|
module Base
|
20
|
-
# Allows you
|
22
|
+
# Allows you to set up a relationship with your sessions. See module
|
23
|
+
# definition above for more details.
|
21
24
|
#
|
22
25
|
# === Options
|
23
26
|
#
|
24
27
|
# * <tt>session_class:</tt> default: "#{name}Session",
|
25
28
|
# This is the related session class.
|
26
29
|
#
|
27
|
-
# * <tt>relationship_name:</tt>
|
28
|
-
#
|
29
|
-
#
|
30
|
-
#
|
30
|
+
# * <tt>relationship_name:</tt>
|
31
|
+
# default: options[:session_class].klass_name.underscore.pluralize,
|
32
|
+
# This is the name of the relationship you want to use to scope
|
33
|
+
# everything. For example an Account has many Users. There should be a
|
34
|
+
# relationship called :users that you defined with a has_many. The
|
35
|
+
# reason we use the relationship is so you don't have to repeat
|
36
|
+
# yourself. The relationship could have all kinds of custom options. So
|
37
|
+
# instead of repeating yourself we essentially use the scope that the
|
38
|
+
# relationship creates.
|
31
39
|
#
|
32
40
|
# * <tt>find_options:</tt> default: nil,
|
33
|
-
# By default the find options are created from the relationship you
|
34
|
-
#
|
41
|
+
# By default the find options are created from the relationship you
|
42
|
+
# specify with :relationship_name. But if you want to override this and
|
43
|
+
# manually specify find_options you can do it here. Specify options just
|
44
|
+
# as you would in ActiveRecord::Base.find.
|
35
45
|
#
|
36
46
|
# * <tt>scope_cookies:</tt> default: false
|
37
|
-
# By the nature of cookies they scope
|
38
|
-
#
|
39
|
-
#
|
47
|
+
# By the nature of cookies they scope themselves if you are using
|
48
|
+
# subdomains to access accounts. If you aren't using subdomains you need
|
49
|
+
# to have separate cookies for each account, assuming a user is logging
|
50
|
+
# into more than one account. Authlogic can take care of this for you by
|
51
|
+
# prefixing the name of the cookie and session with the model id.
|
52
|
+
# Because it affects both cookies names and session keys, the name
|
53
|
+
# `scope_cookies` is misleading. Perhaps simply `scope` or `scoped`
|
54
|
+
# would have been better.
|
40
55
|
def authenticates_many(name, options = {})
|
41
56
|
options[:session_class] ||= name.to_s.classify.constantize
|
42
57
|
options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
|
43
|
-
class_eval <<-
|
58
|
+
class_eval <<-EOS, __FILE__, __LINE__ + 1
|
44
59
|
def #{name}
|
45
60
|
find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.where(nil)
|
46
|
-
@#{name} ||= Authlogic::AuthenticatesMany::Association.new(
|
61
|
+
@#{name} ||= Authlogic::AuthenticatesMany::Association.new(
|
62
|
+
#{options[:session_class]},
|
63
|
+
find_options,
|
64
|
+
#{options[:scope_cookies] ? "self.class.model_name.name.underscore + '_' + self.send(self.class.primary_key).to_s" : 'nil'}
|
65
|
+
)
|
47
66
|
end
|
48
|
-
|
67
|
+
EOS
|
49
68
|
end
|
50
69
|
end
|
51
70
|
|
52
71
|
::ActiveRecord::Base.extend(Base) if defined?(::ActiveRecord)
|
53
72
|
end
|
54
|
-
end
|
73
|
+
end
|
data/lib/authlogic/config.rb
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
#encoding: utf-8
|
2
1
|
module Authlogic
|
3
2
|
module Config
|
4
3
|
def self.extended(klass)
|
@@ -9,15 +8,16 @@ module Authlogic
|
|
9
8
|
end
|
10
9
|
|
11
10
|
private
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
11
|
+
|
12
|
+
# This is a one-liner method to write a config setting, read the config
|
13
|
+
# setting, and also set a default value for the setting.
|
14
|
+
def rw_config(key, value, default_value = nil)
|
15
|
+
if value.nil?
|
16
|
+
acts_as_authentic_config.include?(key) ? acts_as_authentic_config[key] : default_value
|
17
|
+
else
|
18
|
+
self.acts_as_authentic_config = acts_as_authentic_config.merge(key => value)
|
19
|
+
value
|
21
20
|
end
|
21
|
+
end
|
22
22
|
end
|
23
23
|
end
|
@@ -3,16 +3,19 @@ module Authlogic
|
|
3
3
|
# Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter
|
4
4
|
# for an example of how to adapt Authlogic to work with your framework.
|
5
5
|
class AbstractAdapter
|
6
|
+
E_COOKIE_DOMAIN_ADAPTER = "The cookie_domain method has not been " \
|
7
|
+
"implemented by the controller adapter".freeze
|
8
|
+
|
6
9
|
attr_accessor :controller
|
7
10
|
|
8
11
|
def initialize(controller)
|
9
12
|
self.controller = controller
|
10
13
|
end
|
11
14
|
|
12
|
-
def authenticate_with_http_basic
|
15
|
+
def authenticate_with_http_basic
|
13
16
|
@auth = Rack::Auth::Basic::Request.new(controller.request.env)
|
14
|
-
if @auth.provided?
|
15
|
-
|
17
|
+
if @auth.provided? && @auth.basic?
|
18
|
+
yield(*@auth.credentials)
|
16
19
|
else
|
17
20
|
false
|
18
21
|
end
|
@@ -23,7 +26,7 @@ module Authlogic
|
|
23
26
|
end
|
24
27
|
|
25
28
|
def cookie_domain
|
26
|
-
raise NotImplementedError.new(
|
29
|
+
raise NotImplementedError.new(E_COOKIE_DOMAIN_ADAPTER)
|
27
30
|
end
|
28
31
|
|
29
32
|
def params
|
@@ -50,18 +53,43 @@ module Authlogic
|
|
50
53
|
controller.send(:single_access_allowed?)
|
51
54
|
end
|
52
55
|
|
53
|
-
|
54
|
-
|
56
|
+
# You can disable the updating of `last_request_at`
|
57
|
+
# on a per-controller basis.
|
58
|
+
#
|
59
|
+
# # in your controller
|
60
|
+
# def last_request_update_allowed?
|
61
|
+
# false
|
62
|
+
# end
|
63
|
+
#
|
64
|
+
# For example, what if you had a javascript function that polled the
|
65
|
+
# server updating how much time is left in their session before it
|
66
|
+
# times out. Obviously you would want to ignore this request, because
|
67
|
+
# then the user would never time out. So you can do something like
|
68
|
+
# this in your controller:
|
69
|
+
#
|
70
|
+
# def last_request_update_allowed?
|
71
|
+
# action_name != "update_session_time_left"
|
72
|
+
# end
|
73
|
+
#
|
74
|
+
# See `authlogic/session/magic_columns.rb` to learn more about the
|
75
|
+
# `last_request_at` column itself.
|
76
|
+
def last_request_update_allowed?
|
77
|
+
if controller.respond_to?(:last_request_update_allowed?, true)
|
78
|
+
controller.send(:last_request_update_allowed?)
|
79
|
+
else
|
80
|
+
true
|
81
|
+
end
|
55
82
|
end
|
56
83
|
|
57
|
-
def
|
58
|
-
controller.
|
84
|
+
def respond_to_missing?(*args)
|
85
|
+
super(*args) || controller.respond_to?(*args)
|
59
86
|
end
|
60
87
|
|
61
88
|
private
|
62
|
-
|
63
|
-
|
64
|
-
|
89
|
+
|
90
|
+
def method_missing(id, *args, &block)
|
91
|
+
controller.send(id, *args, &block)
|
92
|
+
end
|
65
93
|
end
|
66
94
|
end
|
67
|
-
end
|
95
|
+
end
|
@@ -37,27 +37,34 @@ module Authlogic
|
|
37
37
|
# end
|
38
38
|
#
|
39
39
|
class RackAdapter < AbstractAdapter
|
40
|
-
|
41
40
|
def initialize(env)
|
42
41
|
# We use the Rack::Request object as the controller object.
|
43
42
|
# For this to work, we have to add some glue.
|
44
43
|
request = Rack::Request.new(env)
|
45
44
|
|
46
45
|
request.instance_eval do
|
47
|
-
def request
|
48
|
-
|
46
|
+
def request
|
47
|
+
self
|
48
|
+
end
|
49
|
+
|
50
|
+
def remote_ip
|
51
|
+
ip
|
52
|
+
end
|
49
53
|
end
|
50
54
|
|
51
55
|
super(request)
|
52
56
|
Authlogic::Session::Base.controller = self
|
53
57
|
end
|
54
58
|
|
55
|
-
# Rack Requests stores cookies with not just the value, but also with
|
56
|
-
#
|
59
|
+
# Rack Requests stores cookies with not just the value, but also with
|
60
|
+
# flags and expire information in the hash. Authlogic does not like this,
|
61
|
+
# so we drop everything except the cookie value.
|
57
62
|
def cookies
|
58
|
-
controller
|
63
|
+
controller
|
64
|
+
.cookies
|
65
|
+
.map { |key, value_hash| { key => value_hash[:value] } }
|
66
|
+
.inject(:merge) || {}
|
59
67
|
end
|
60
68
|
end
|
61
69
|
end
|
62
|
-
|
63
|
-
end
|
70
|
+
end
|
@@ -1,50 +1,70 @@
|
|
1
|
-
require
|
1
|
+
require "action_controller"
|
2
2
|
|
3
3
|
module Authlogic
|
4
4
|
module ControllerAdapters
|
5
|
-
# Adapts authlogic to work with rails. The point is to close the gap between
|
6
|
-
#
|
5
|
+
# Adapts authlogic to work with rails. The point is to close the gap between
|
6
|
+
# what authlogic expects and what the rails controller object provides.
|
7
|
+
# Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite,
|
8
|
+
# etc.
|
7
9
|
class RailsAdapter < AbstractAdapter
|
8
10
|
class AuthlogicLoadedTooLateError < StandardError; end
|
9
|
-
|
11
|
+
|
10
12
|
def authenticate_with_http_basic(&block)
|
11
13
|
controller.authenticate_with_http_basic(&block)
|
12
14
|
end
|
13
|
-
|
15
|
+
|
16
|
+
# Returns a `ActionDispatch::Cookies::CookieJar`. See the AC guide
|
17
|
+
# http://guides.rubyonrails.org/action_controller_overview.html#cookies
|
14
18
|
def cookies
|
15
19
|
controller.send(:cookies)
|
16
20
|
end
|
17
|
-
|
21
|
+
|
18
22
|
def cookie_domain
|
19
|
-
@cookie_domain_key ||= Rails::VERSION::STRING >=
|
23
|
+
@cookie_domain_key ||= Rails::VERSION::STRING >= "2.3" ? :domain : :session_domain
|
20
24
|
controller.request.session_options[@cookie_domain_key]
|
21
25
|
end
|
22
|
-
|
26
|
+
|
23
27
|
def request_content_type
|
24
28
|
request.format.to_s
|
25
29
|
end
|
26
|
-
|
27
|
-
# Lets Authlogic know about the controller object via a before filter, AKA
|
30
|
+
|
31
|
+
# Lets Authlogic know about the controller object via a before filter, AKA
|
32
|
+
# "activates" authlogic.
|
28
33
|
module RailsImplementation
|
29
34
|
def self.included(klass) # :nodoc:
|
30
35
|
if defined?(::ApplicationController)
|
31
|
-
raise AuthlogicLoadedTooLateError.new(
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
+
raise AuthlogicLoadedTooLateError.new(
|
37
|
+
<<-EOS.strip_heredoc
|
38
|
+
Authlogic is trying to add a callback to ActionController::Base
|
39
|
+
but ApplicationController has already been loaded, so the
|
40
|
+
callback won't be copied into your application. Generally this
|
41
|
+
is due to another gem or plugin requiring your
|
42
|
+
ApplicationController prematurely, such as the
|
43
|
+
resource_controller plugin. Please require Authlogic first,
|
44
|
+
before these other gems / plugins.
|
45
|
+
EOS
|
46
|
+
)
|
47
|
+
end
|
48
|
+
|
49
|
+
# In Rails 4.0.2, the *_filter methods were renamed to *_action.
|
50
|
+
if klass.respond_to? :prepend_before_action
|
51
|
+
klass.prepend_before_action :activate_authlogic
|
52
|
+
else
|
53
|
+
klass.prepend_before_filter :activate_authlogic
|
36
54
|
end
|
37
|
-
|
38
|
-
klass.prepend_before_filter :activate_authlogic
|
39
55
|
end
|
40
|
-
|
56
|
+
|
41
57
|
private
|
42
|
-
|
43
|
-
|
44
|
-
|
58
|
+
|
59
|
+
def activate_authlogic
|
60
|
+
Authlogic::Session::Base.controller = RailsAdapter.new(self)
|
61
|
+
end
|
45
62
|
end
|
46
63
|
end
|
47
64
|
end
|
48
65
|
end
|
49
66
|
|
50
|
-
ActionController::Base.send(
|
67
|
+
ActionController::Base.send(
|
68
|
+
:include,
|
69
|
+
Authlogic::ControllerAdapters::RailsAdapter::RailsImplementation
|
70
|
+
)
|