authlogic 3.5.0 → 3.6.0

data/lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -1,9 +1,13 @@
 module Authlogic
   module ActsAsAuthentic
-    # This provides a handy token that is "perishable". Meaning the token is only good for a certain amount of time. This is perfect for
-    # resetting password, confirming accounts, etc. Typically during these actions you send them this token in via their email. Once they
-    # use the token and do what they need to do, that token should expire. Don't worry about maintaining this, changing it, or expiring it
-    # yourself. Authlogic does all of this for you. See the sub modules for all of the tools Authlogic provides to you.
+    # This provides a handy token that is "perishable". Meaning the token is
+    # only good for a certain amount of time. This is perfect for resetting
+    # password, confirming accounts, etc. Typically during these actions you
+    # send them this token in via their email. Once they use the token and do
+    # what they need to do, that token should expire. Don't worry about
+    # maintaining this, changing it, or expiring it yourself. Authlogic does all
+    # of this for you. See the sub modules for all of the tools Authlogic
+    # provides to you.
     module PerishableToken
       def self.included(klass)
         klass.class_eval do
@@ -14,8 +18,9 @@ module Authlogic
 
       # Change how the perishable token works.
       module Config
-        # When using the find_using_perishable_token method the token can expire. If the token is expired, no
-        # record will be returned. Use this option to specify how long the token is valid for.
+        # When using the find_using_perishable_token method the token can
+        # expire. If the token is expired, no record will be returned. Use this
+        # option to specify how long the token is valid for.
         #
         # * <tt>Default:</tt> 10.minutes
         # * <tt>Accepts:</tt> Fixnum
@@ -24,9 +29,10 @@ module Authlogic
         end
         alias_method :perishable_token_valid_for=, :perishable_token_valid_for
 
-        # Authlogic tries to expire and change the perishable token as much as possible, without compromising
-        # it's purpose. This is for security reasons. If you want to manage it yourself, you can stop
-        # Authlogic from getting your in way by setting this to true.
+        # Authlogic tries to expire and change the perishable token as much as
+        # possible, without compromising it's purpose. This is for security
+        # reasons. If you want to manage it yourself, you can stop Authlogic
+        # from getting your in way by setting this to true.
         #
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
@@ -52,12 +58,14 @@ module Authlogic
 
         # Class level methods for the perishable token
         module ClassMethods
-          # Use this method to find a record with a perishable token. This method does 2 things for you:
+          # Use this method to find a record with a perishable token. This
+          # method does 2 things for you:
           #
           # 1. It ignores blank tokens
           # 2. It enforces the perishable_token_valid_for configuration option.
           #
-          # If you want to use a different timeout value, just pass it as the second parameter:
+          # If you want to use a different timeout value, just pass it as the
+          # second parameter:
           #
           #   User.find_using_perishable_token(token, 1.hour)
           def find_using_perishable_token(token, age = self.perishable_token_valid_for)
@@ -94,7 +102,8 @@ module Authlogic
             save_without_session_maintenance(:validate => false)
           end
 
-          # A convenience method based on the disable_perishable_token_maintenance configuration option.
+          # A convenience method based on the
+          # disable_perishable_token_maintenance configuration option.
           def disable_perishable_token_maintenance?
             self.class.disable_perishable_token_maintenance == true
           end

data/lib/authlogic/acts_as_authentic/restful_authentication.rb

@@ -1,6 +1,7 @@
 module Authlogic
   module ActsAsAuthentic
-    # This module is responsible for transitioning existing applications from the restful_authentication plugin.
+    # This module is responsible for transitioning existing applications from
+    # the restful_authentication plugin.
     module RestfulAuthentication
       def self.included(klass)
         klass.class_eval do
@@ -10,10 +11,13 @@ module Authlogic
       end
 
       module Config
-        # Switching an existing app to Authlogic from restful_authentication? No problem, just set this true and your users won't know
-        # anything changed. From your database perspective nothing will change at all. Authlogic will continue to encrypt passwords
-        # just like restful_authentication, so your app won't skip a beat. Although, might consider transitioning your users to a newer
-        # and stronger algorithm. Checkout the transition_from_restful_authentication option.
+        # Switching an existing app to Authlogic from restful_authentication? No
+        # problem, just set this true and your users won't know anything
+        # changed. From your database perspective nothing will change at all.
+        # Authlogic will continue to encrypt passwords just like
+        # restful_authentication, so your app won't skip a beat. Although, might
+        # consider transitioning your users to a newer and stronger algorithm.
+        # Checkout the transition_from_restful_authentication option.
         #
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
@@ -24,10 +28,13 @@ module Authlogic
         end
         alias_method :act_like_restful_authentication=, :act_like_restful_authentication
 
-        # This works just like act_like_restful_authentication except that it will start transitioning your users to the algorithm you
-        # specify with the crypto provider option. The next time they log in it will resave their password with the new algorithm
-        # and any new record will use the new algorithm as well. Make sure to update your users table if you are using the default
-        # migration since it will set crypted_password and salt columns to a maximum width of 40 characters which is not enough.
+        # This works just like act_like_restful_authentication except that it
+        # will start transitioning your users to the algorithm you specify with
+        # the crypto provider option. The next time they log in it will resave
+        # their password with the new algorithm and any new record will use the
+        # new algorithm as well. Make sure to update your users table if you are
+        # using the default migration since it will set crypted_password and
+        # salt columns to a maximum width of 40 characters which is not enough.
         def transition_from_restful_authentication(value = nil)
           r = rw_config(:transition_from_restful_authentication, value, false)
           set_restful_authentication_config if value

data/lib/authlogic/acts_as_authentic/session_maintenance.rb

@@ -102,7 +102,8 @@ module Authlogic
           end
 
           def get_session_information
-            # Need to determine if we are completely logged out, or logged in as another user
+            # Need to determine if we are completely logged out, or logged in as
+            # another user.
             @_sessions = []
 
             session_ids.each do |session_id|
@@ -120,8 +121,9 @@ module Authlogic
           end
 
           def create_session
-            # We only want to automatically login into the first session, since this is the main session. The other sessions are sessions
-            # that need to be created after logging into the main session.
+            # We only want to automatically login into the first session, since
+            # this is the main session. The other sessions are sessions that
+            # need to be created after logging into the main session.
             session_id = session_ids.first
             session_class.create(*[self, self, session_id].compact)
 

data/lib/authlogic/authenticates_many/association.rb

@@ -1,14 +1,17 @@
 module Authlogic
   module AuthenticatesMany
-    # An object of this class is used as a proxy for the authenticates_many relationship. It basically allows you to "save" scope details
-    # and call them on an object, which allows you to do the following:
+    # An object of this class is used as a proxy for the authenticates_many
+    # relationship. It basically allows you to "save" scope details and call
+    # them on an object, which allows you to do the following:
     #
     #   @account.user_sessions.new
     #   @account.user_sessions.find
     #   # ... etc
     #
-    # You can call all of the class level methods off of an object with a saved scope, so that calling the above methods scopes the user
-    # sessions down to that specific account. To implement this via ActiveRecord do something like:
+    # You can call all of the class level methods off of an object with a saved
+    # scope, so that calling the above methods scopes the user sessions down to
+    # that specific account. To implement this via ActiveRecord do something
+    # like:
     #
     #   class User < ActiveRecord::Base
     #     authenticates_many :user_sessions

data/lib/authlogic/controller_adapters/rack_adapter.rb

@@ -43,9 +43,13 @@ module Authlogic
         request = Rack::Request.new(env)
 
         request.instance_eval do
-          def request; self; end
+          def request
+            self
+          end
 
-          def remote_ip; self.ip; end
+          def remote_ip
+            self.ip
+          end
         end
 
         super(request)

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -2,8 +2,10 @@ require 'action_controller'
 
 module Authlogic
   module ControllerAdapters
-    # Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object
-    # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
+    # Adapts authlogic to work with rails. The point is to close the gap between
+    # what authlogic expects and what the rails controller object provides.
+    # Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite,
+    # etc.
     class RailsAdapter < AbstractAdapter
       class AuthlogicLoadedTooLateError < StandardError; end
 
@@ -31,12 +33,13 @@ module Authlogic
           if defined?(::ApplicationController)
             raise AuthlogicLoadedTooLateError.new(
               <<-EOS.strip_heredoc
-                Authlogic is trying to add a callback to ActionController::Base but
-                ApplicationController has already been loaded, so the callback won't
-                be copied into your application. Generally this is due to another gem or
-                plugin requiring your ApplicationController prematurely, such as the
-                resource_controller plugin. Please require Authlogic first, before these
-                other gems / plugins.
+                Authlogic is trying to add a callback to ActionController::Base
+                but ApplicationController has already been loaded, so the
+                callback won't be copied into your application. Generally this
+                is due to another gem or plugin requiring your
+                ApplicationController prematurely, such as the
+                resource_controller plugin. Please require Authlogic first,
+                before these other gems / plugins.
               EOS
             )
           end

data/lib/authlogic/crypto_providers/bcrypt.rb

@@ -56,7 +56,10 @@ module Authlogic
 
         def cost=(val)
           if val < ::BCrypt::Engine::MIN_COST
-            raise ArgumentError.new("Authlogic's bcrypt cost cannot be set below the engine's min cost (#{::BCrypt::Engine::MIN_COST})")
+            raise ArgumentError.new(
+              "Authlogic's bcrypt cost cannot be set below the engine's " \
+                "min cost (#{::BCrypt::Engine::MIN_COST})"
+            )
           end
           @cost = val
         end

data/lib/authlogic/crypto_providers/sha512.rb

@@ -1,22 +1,25 @@
 require "digest/sha2"
 
 module Authlogic
-  # The acts_as_authentic method has a crypto_provider option. This allows you to use any type of encryption you like.
-  # Just create a class with a class level encrypt and matches? method. See example below.
+  # The acts_as_authentic method has a crypto_provider option. This allows you
+  # to use any type of encryption you like. Just create a class with a class
+  # level encrypt and matches? method. See example below.
   #
   # === Example
   #
   #   class MyAwesomeEncryptionMethod
   #     def self.encrypt(*tokens)
-  #       # the tokens passed will be an array of objects, what type of object is irrelevant,
-  #       # just do what you need to do with them and return a single encrypted string.
-  #       # for example, you will most likely join all of the objects into a single string and then encrypt that string
+  #       # The tokens passed will be an array of objects, what type of object
+  #       # is irrelevant, just do what you need to do with them and return a
+  #       # single encrypted string. For example, you will most likely join all
+  #       # of the objects into a single string and then encrypt that string.
   #     end
   #
   #     def self.matches?(crypted, *tokens)
-  #       # return true if the crypted string matches the tokens.
-  #       # depending on your algorithm you might decrypt the string then compare it to the token, or you might
-  #       # encrypt the tokens and make sure it matches the crypted string, its up to you
+  #       # Return true if the crypted string matches the tokens. Depending on
+  #       # your algorithm you might decrypt the string then compare it to the
+  #       # token, or you might encrypt the tokens and make sure it matches the
+  #       # crypted string, its up to you.
   #     end
   #   end
   module CryptoProviders
@@ -27,7 +30,8 @@ module Authlogic
       class << self
         attr_accessor :join_token
 
-        # The number of times to loop through the encryption. This is twenty because that is what restful_authentication defaults to.
+        # The number of times to loop through the encryption. This is twenty
+        # because that is what restful_authentication defaults to.
         def stretches
           @stretches ||= 20
         end
@@ -40,7 +44,8 @@ module Authlogic
           digest
         end
 
-        # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
+        # Does the crypted password match the tokens? Uses the same tokens that
+        # were used to encrypt.
         def matches?(crypted, *tokens)
           encrypt(*tokens) == crypted
         end

data/lib/authlogic/session/activation.rb

@@ -2,9 +2,11 @@ require 'request_store'
 
 module Authlogic
   module Session
-    # Activating Authlogic requires that you pass it an Authlogic::ControllerAdapters::AbstractAdapter object, or a class that extends it.
-    # This is sort of like a database connection for an ORM library, Authlogic can't do anything until it is "connected" to a controller.
-    # If you are using a supported framework, Authlogic takes care of this for you.
+    # Activating Authlogic requires that you pass it an
+    # Authlogic::ControllerAdapters::AbstractAdapter object, or a class that
+    # extends it. This is sort of like a database connection for an ORM library,
+    # Authlogic can't do anything until it is "connected" to a controller. If
+    # you are using a supported framework, Authlogic takes care of this for you.
     module Activation
       class NotActivatedError < ::StandardError # :nodoc:
         def initialize(session)
@@ -20,17 +22,24 @@ module Authlogic
       end
 
       module ClassMethods
-        # Returns true if a controller has been set and can be used properly. This MUST be set before anything can be done.
-        # Similar to how ActiveRecord won't allow you to do anything without establishing a DB connection. In your framework
-        # environment this is done for you, but if you are using Authlogic outside of your framework, you need to assign a controller
-        # object to Authlogic via Authlogic::Session::Base.controller = obj. See the controller= method for more information.
+        # Returns true if a controller has been set and can be used properly.
+        # This MUST be set before anything can be done. Similar to how
+        # ActiveRecord won't allow you to do anything without establishing a DB
+        # connection. In your framework environment this is done for you, but if
+        # you are using Authlogic outside of your framework, you need to assign
+        # a controller object to Authlogic via
+        # Authlogic::Session::Base.controller = obj. See the controller= method
+        # for more information.
         def activated?
           !controller.nil?
         end
 
-        # This accepts a controller object wrapped with the Authlogic controller adapter. The controller adapters close the gap
-        # between the different controllers in each framework. That being said, Authlogic is expecting your object's class to
-        # extend Authlogic::ControllerAdapters::AbstractAdapter. See Authlogic::ControllerAdapters for more info.
+        # This accepts a controller object wrapped with the Authlogic controller
+        # adapter. The controller adapters close the gap between the different
+        # controllers in each framework. That being said, Authlogic is expecting
+        # your object's class to extend
+        # Authlogic::ControllerAdapters::AbstractAdapter. See
+        # Authlogic::ControllerAdapters for more info.
         #
         # Lastly, this is thread safe.
         def controller=(value)

data/lib/authlogic/session/cookies.rb

@@ -91,7 +91,9 @@ module Authlogic
           values = value.is_a?(Array) ? value : [value]
           case values.first
           when Hash
-            self.remember_me = values.first.with_indifferent_access[:remember_me] if values.first.with_indifferent_access.key?(:remember_me)
+            if values.first.with_indifferent_access.key?(:remember_me)
+              self.remember_me = values.first.with_indifferent_access[:remember_me]
+            end
           else
             r = values.find { |value| value.is_a?(TrueClass) || value.is_a?(FalseClass) }
             self.remember_me = r if !r.nil?

data/lib/authlogic/session/id.rb

@@ -1,6 +1,7 @@
 module Authlogic
   module Session
-    # Allows you to separate sessions with an id, ultimately letting you create multiple sessions for the same user.
+    # Allows you to separate sessions with an id, ultimately letting you create
+    # multiple sessions for the same user.
     module Id
       def self.included(klass)
         klass.class_eval do
@@ -15,18 +16,23 @@ module Authlogic
         self.id = values.last if values.last.is_a?(Symbol)
       end
 
-      # Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time.
-      # A good example when this might be needed is when you want to have a normal user session and a "secure" user session.
-      # The secure user session would be created only when they want to modify their billing information, or other sensitive
-      # information. Similar to me.com. This requires 2 user sessions. Just use an id for the "secure" session and you should be good.
+      # Allows you to set a unique identifier for your session, so that you can
+      # have more than 1 session at a time. A good example when this might be
+      # needed is when you want to have a normal user session and a "secure"
+      # user session. The secure user session would be created only when they
+      # want to modify their billing information, or other sensitive
+      # information. Similar to me.com. This requires 2 user sessions. Just use
+      # an id for the "secure" session and you should be good.
       #
-      # You can set the id during initialization (see initialize for more information), or as an attribute:
+      # You can set the id during initialization (see initialize for more
+      # information), or as an attribute:
       #
       #   session.id = :my_id
       #
       # Just be sure and set your id before you save your session.
       #
-      # Lastly, to retrieve your session with the id check out the find class method.
+      # Lastly, to retrieve your session with the id check out the find class
+      # method.
       def id
         @id
       end

data/lib/authlogic/session/magic_columns.rb

@@ -74,14 +74,18 @@ module Authlogic
             end
           end
 
-          # This method lets authlogic know whether it should allow the last_request_at field to be updated
-          # with the current time (Time.now). One thing to note here is that it also checks for the existence of a
-          # last_request_update_allowed? method in your controller. This allows you to control this method pragmatically
-          # in your controller.
+          # This method lets authlogic know whether it should allow the
+          # last_request_at field to be updated with the current time
+          # (Time.now). One thing to note here is that it also checks for the
+          # existence of a last_request_update_allowed? method in your
+          # controller. This allows you to control this method pragmatically in
+          # your controller.
           #
-          # For example, what if you had a javascript function that polled the server updating how much time is left in their
-          # session before it times out. Obviously you would want to ignore this request, because then the user would never time out.
-          # So you can do something like this in your controller:
+          # For example, what if you had a javascript function that polled the
+          # server updating how much time is left in their session before it
+          # times out. Obviously you would want to ignore this request, because
+          # then the user would never time out. So you can do something like
+          # this in your controller:
           #
           #   def last_request_update_allowed?
           #     action_name != "update_session_time_left"
@@ -89,9 +93,14 @@ module Authlogic
           #
           # You can do whatever you want with that method.
           def set_last_request_at? # :doc:
-            return false if !record || !klass.column_names.include?("last_request_at")
-            return false if controller.responds_to_last_request_update_allowed? && !controller.last_request_update_allowed?
-            record.last_request_at.blank? || last_request_at_threshold.to_i.seconds.ago >= record.last_request_at
+            if !record || !klass.column_names.include?("last_request_at")
+              return false
+            end
+            if controller.responds_to_last_request_update_allowed? && !controller.last_request_update_allowed?
+              return false
+            end
+            record.last_request_at.blank? ||
+              last_request_at_threshold.to_i.seconds.ago >= record.last_request_at
           end
 
           def set_last_request_at

data/lib/authlogic/session/magic_states.rb

@@ -58,7 +58,13 @@ module Authlogic
             return true if attempted_record.nil?
             [:active, :approved, :confirmed].each do |required_status|
               if attempted_record.respond_to?("#{required_status}?") && !attempted_record.send("#{required_status}?")
-                errors.add(:base, I18n.t("error_messages.not_#{required_status}", :default => "Your account is not #{required_status}"))
+                errors.add(
+                  :base,
+                  I18n.t(
+                    "error_messages.not_#{required_status}",
+                    :default => "Your account is not #{required_status}"
+                  )
+                )
                 return false
               end
             end

data/lib/authlogic/session/password.rb

@@ -16,16 +16,19 @@ module Authlogic
 
       # Password configuration
       module Config
-        # Authlogic tries to validate the credentials passed to it. One part of validation is actually finding the user and
-        # making sure it exists. What method it uses the do this is up to you.
+        # Authlogic tries to validate the credentials passed to it. One part of
+        # validation is actually finding the user and making sure it exists.
+        # What method it uses the do this is up to you.
         #
-        # Let's say you have a UserSession that is authenticating a User. By default UserSession will call User.find_by_login(login).
-        # You can change what method UserSession calls by specifying it here. Then in your User model you can make that method do
-        # anything you want, giving you complete control of how users are found by the UserSession.
+        # Let's say you have a UserSession that is authenticating a User. By
+        # default UserSession will call User.find_by_login(login). You can
+        # change what method UserSession calls by specifying it here. Then in
+        # your User model you can make that method do anything you want, giving
+        # you complete control of how users are found by the UserSession.
         #
-        # Let's take an example: You want to allow users to login by username or email.
-        # Set this to the name of the class method that does this in the User model. Let's
-        # call it "find_by_username_or_email"
+        # Let's take an example: You want to allow users to login by username or
+        # email. Set this to the name of the class method that does this in the
+        # User model. Let's call it "find_by_username_or_email"
         #
         #   class User < ActiveRecord::Base
         #     def self.find_by_username_or_email(login)
@@ -33,10 +36,10 @@ module Authlogic
         #     end
         #   end
         #
-        # Now just specify the name of this method for this configuration option and you
-        # are all set. You can do anything you want here. Maybe you allow users to have
-        # multiple logins and you want to search a has_many relationship, etc. The sky is
-        # the limit.
+        # Now just specify the name of this method for this configuration option
+        # and you are all set. You can do anything you want here. Maybe you
+        # allow users to have multiple logins and you want to search a has_many
+        # relationship, etc. The sky is the limit.
         #
         # * <tt>Default:</tt> "find_by_smart_case_login_field"
         # * <tt>Accepts:</tt> Symbol or String
@@ -45,10 +48,11 @@ module Authlogic
         end
         alias_method :find_by_login_method=, :find_by_login_method
 
-        # The text used to identify credentials (username/password) combination when a bad
-        # login attempt occurs. When you show error messages for a bad login, it's
-        # considered good security practice to hide which field the user has entered
-        # incorrectly (the login field or the password field). For a full explanation, see
+        # The text used to identify credentials (username/password) combination
+        # when a bad login attempt occurs. When you show error messages for a
+        # bad login, it's considered good security practice to hide which field
+        # the user has entered incorrectly (the login field or the password
+        # field). For a full explanation, see
         # http://www.gnucitizen.org/blog/username-enumeration-vulnerabilities/
         #
         # Example of use:
@@ -57,7 +61,8 @@ module Authlogic
         #     generalize_credentials_error_messages true
         #   end
         #
-        #   This would make the error message for bad logins and bad passwords look identical:
+        #   This would make the error message for bad logins and bad passwords
+        #   look identical:
         #
         #   Login/Password combination is not valid
         #
@@ -69,12 +74,14 @@ module Authlogic
         #
         #   This will instead show your custom error message when the UserSession is invalid.
         #
-        # The downside to enabling this is that is can be too vague for a user that has a hard time remembering
-        # their username and password combinations. It also disables the ability to to highlight the field
+        # The downside to enabling this is that is can be too vague for a user
+        # that has a hard time remembering their username and password
+        # combinations. It also disables the ability to to highlight the field
         # with the error when you use form_for.
         #
-        # If you are developing an app where security is an extreme priority (such as a financial application),
-        # then you should enable this. Otherwise, leaving this off is fine.
+        # If you are developing an app where security is an extreme priority
+        # (such as a financial application), then you should enable this.
+        # Otherwise, leaving this off is fine.
         #
         # * <tt>Default</tt> false
         # * <tt>Accepts:</tt> Boolean
@@ -83,12 +90,13 @@ module Authlogic
         end
         alias_method :generalize_credentials_error_messages=, :generalize_credentials_error_messages
 
-        # The name of the method you want Authlogic to create for storing the login /
-        # username. Keep in mind this is just for your Authlogic::Session, if you want it
-        # can be something completely different than the field in your model. So if you
-        # wanted people to login with a field called "login" and then find users by email
-        # this is completely doable. See the find_by_login_method configuration option for
-        # more details.
+        # The name of the method you want Authlogic to create for storing the
+        # login / username. Keep in mind this is just for your
+        # Authlogic::Session, if you want it can be something completely
+        # different than the field in your model. So if you wanted people to
+        # login with a field called "login" and then find users by email this is
+        # completely doable. See the find_by_login_method configuration option
+        # for more details.
         #
         # * <tt>Default:</tt> klass.login_field || klass.email_field
         # * <tt>Accepts:</tt> Symbol or String
@@ -97,7 +105,8 @@ module Authlogic
         end
         alias_method :login_field=, :login_field
 
-        # Works exactly like login_field, but for the password instead. Returns :password if a login_field exists.
+        # Works exactly like login_field, but for the password instead. Returns
+        # :password if a login_field exists.
         #
         # * <tt>Default:</tt> :password
         # * <tt>Accepts:</tt> Symbol or String
@@ -106,8 +115,9 @@ module Authlogic
         end
         alias_method :password_field=, :password_field
 
-        # The name of the method in your model used to verify the password. This should be an instance method. It should also
-        # be prepared to accept a raw password and a crytped password.
+        # The name of the method in your model used to verify the password. This
+        # should be an instance method. It should also be prepared to accept a
+        # raw password and a crytped password.
         #
         # * <tt>Default:</tt> "valid_password?"
         # * <tt>Accepts:</tt> Symbol or String
@@ -127,7 +137,8 @@ module Authlogic
           super
         end
 
-        # Returns the login_field / password_field credentials combination in hash form.
+        # Returns the login_field / password_field credentials combination in
+        # hash form.
         def credentials
           if authenticating_with_password?
             details = {}
@@ -139,7 +150,8 @@ module Authlogic
           end
         end
 
-        # Accepts the login_field / password_field credentials combination in hash form.
+        # Accepts the login_field / password_field credentials combination in
+        # hash form.
         def credentials=(value)
           super
           values = parse_param_val(value) # add strong parameters check
@@ -168,10 +180,12 @@ module Authlogic
               self.class.send(:attr_writer, password_field) if !respond_to?("#{password_field}=")
               self.class.send(:define_method, password_field) {} if !respond_to?(password_field)
 
+              # The password should not be accessible publicly. This way forms
+              # using form_for don't fill the password with the attempted
+              # password. To prevent this we just create this method that is
+              # private.
               self.class.class_eval <<-"end_eval", __FILE__, __LINE__
                 private
-                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the
-                  # attempted password. To prevent this we just create this method that is private.
                   def protected_#{password_field}
                     @#{password_field}
                   end