authlogic 3.6.0 → 3.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c557e744965cb622f19c7b32421c8a6a7d35be45
-  data.tar.gz: 603d34bc61e526d460501e1417e176d559b2dbcb
+  metadata.gz: ee7fbd1206c6811c02b24031d294e7a0e3fa7634
+  data.tar.gz: c5e73e04f59d43d50056bc7cff2633d94f85758f
 SHA512:
-  metadata.gz: 699ca0bd6ec372e1705e2b74de803026cf04b9a620f17fcceaf88de768639188c5237e2ea876db4725f0002813c22e22752cc1d8b3d3ee36d21dbeed32a0fc1f
-  data.tar.gz: e70bca58e4aae93d5a8e412a1d774c80331f3fa4b2687e1db07a7c0c366a58b7de1ac97b11b343773ce92ff71337fd08cd906ec7119179dba893ff932ead4202
+  metadata.gz: 742e52297bce1666457ccf15415855bb0e29469f43abd62416744f5b2f440cdb739c487a6ffbedb3e9fe7f6c1577f1d9df4d46d9498de35147b5d18c2375da62
+  data.tar.gz: 57f380fb34a5f86dbd92558de49f145df515a57c8983e9cbcb5e024b1bc47d47cd5bc979de7861acb1f1e4076a35dc1461d8d7c9356096ee9e2d2e7e8b17942d

data/CHANGELOG.md

@@ -11,6 +11,19 @@
 * Fixed
   * None
 
+## 3.6.1 2017-09-30
+
+* Breaking Changes
+  * None
+
+* Added
+  * None
+
+* Fixed
+  * Allow tld up to 24 characters per https://data.iana.org/TLD/tlds-alpha-by-domain.txt
+  * [#561](https://github.com/binarylogic/authlogic/issues/561)
+    authenticates_many now works with scope_cookies:true
+
 ## 3.6.0 2017-04-28
 
 * Added

data/authlogic.gemspec

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "authlogic"
-  s.version     = "3.6.0"
+  s.version     = "3.6.1"
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Ben Johnson"]
   s.email       = ["bjohnson@binarylogic.com"]

data/lib/authlogic/authenticates_many/association.rb

@@ -19,6 +19,10 @@ module Authlogic
     class Association
       attr_accessor :klass, :find_options, :id
 
+      # - id: Usually `nil`, but if the `scope_cookies` option is used, then
+      #   `id` is a string like "company_123". It may seem strange to refer
+      #   to such a string as an "id", but the naming is intentional, and
+      #   is derived from `Authlogic::Session::Id`.
       def initialize(klass, find_options, id)
         self.klass = klass
         self.find_options = find_options

data/lib/authlogic/authenticates_many/base.rb

@@ -43,17 +43,18 @@ module Authlogic
       # * <tt>scope_cookies:</tt> default: false
       #   By the nature of cookies they scope themselves if you are using subdomains to
       #   access accounts. If you aren't using subdomains you need to have separate
-      #   cookies for each account, assuming a user is logging into mroe than one account.
+      #   cookies for each account, assuming a user is logging into more than one account.
       #   Authlogic can take care of this for you by prefixing the name of the cookie and
-      #   sessin with the model id. You just need to tell Authlogic to do this by passing
-      #   this option.
+      #   session with the model id. Because it affects both cookies names and session keys,
+      #   the name `scope_cookies` is misleading. Perhaps simply `scope` or `scoped`
+      #   would have been better.
       def authenticates_many(name, options = {})
         options[:session_class] ||= name.to_s.classify.constantize
         options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
         class_eval <<-"end_eval", __FILE__, __LINE__
           def #{name}
             find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.where(nil)
-            @#{name} ||= Authlogic::AuthenticatesMany::Association.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
+            @#{name} ||= Authlogic::AuthenticatesMany::Association.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
           end
         end_eval
       end

data/lib/authlogic/regex.rb

@@ -5,15 +5,16 @@ module Authlogic
   #
   #   validates_format_of :my_email_field, :with => Authlogic::Regex.email
   module Regex
-    # A general email regular expression. It allows top level domains (TLD) to be from 2 - 13 in length.
-    # The decisions behind this regular expression were made by analyzing the list of top-level domains
-    # maintained by IANA and by reading this website: http://www.regular-expressions.info/email.html,
-    # which is an excellent resource for regular expressions.
+    # A general email regular expression. It allows top level domains (TLD) to be from 2 -
+    # 24 in length. The decisions behind this regular expression were made by analyzing
+    # the list of top-level domains maintained by IANA and by reading this website:
+    # http://www.regular-expressions.info/email.html, which is an excellent resource for
+    # regular expressions.
     def self.email
       @email_regex ||= begin
         email_name_regex  = '[A-Z0-9_\.&%\+\-\']+'
         domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
-        domain_tld_regex  = '(?:[A-Z]{2,13})'
+        domain_tld_regex  = '(?:[A-Z]{2,25})'
         /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
       end
     end
@@ -33,7 +34,7 @@ module Authlogic
       @email_nonascii_regex ||= begin
         email_name_regex  = '[^[:cntrl:][@\[\]\^ \!\"#$\(\)*,/:;<=>\?`{|}~\\\]]+'
         domain_head_regex = '(?:[^[:cntrl:][@\[\]\^ \!\"#$&\(\)*,/:;<=>\?`{|}~\\\_\.%\+\']]+\.)+'
-        domain_tld_regex  = '(?:[^[:cntrl:][@\[\]\^ \!\"#$&\(\)*,/:;<=>\?`{|}~\\\_\.%\+\-\'0-9]]{2,13})'
+        domain_tld_regex  = '(?:[^[:cntrl:][@\[\]\^ \!\"#$&\(\)*,/:;<=>\?`{|}~\\\_\.%\+\-\'0-9]]{2,25})'
         /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/
       end
     end

data/test/acts_as_authentic_test/email_test.rb

@@ -8,7 +8,8 @@ module ActsAsAuthenticTest
       "damien+test1...etc..@mydomain.com",
       "dakota.dux+1@gmail.com",
       "dakota.d'ux@gmail.com",
-      "a&b@c.com"
+      "a&b@c.com",
+      "someuser@somedomain.travelersinsurance"
     ]
 
     BAD_ASCII_EMAILS = [
@@ -16,7 +17,8 @@ module ActsAsAuthenticTest
       "aaaaaaaaaaaaa",
       "question?mark@gmail.com",
       "backslash@g\\mail.com",
-      "<script>alert(123);</script>\nnobody@example.com"
+      "<script>alert(123);</script>\nnobody@example.com",
+      "someuser@somedomain.isreallytoolongandimeanreallytoolong"
     ]
 
     # http://en.wikipedia.org/wiki/ISO/IEC_8859-1#Codepage_layout

data/test/authenticates_many_test.rb

@@ -1,16 +1,31 @@
 require 'test_helper'
 
 class AuthenticatesManyTest < ActiveSupport::TestCase
-  def test_scoping
-    zack = users(:zack)
-    ben = users(:ben)
+  def test_employee_sessions
     binary_logic = companies(:binary_logic)
-    set_session_for(zack)
 
-    refute binary_logic.user_sessions.find
+    # Drew is a binary_logic employee, authentication succeeds
+    drew = employees(:drew)
+    set_session_for(drew)
+    assert binary_logic.employee_sessions.find
+
+    # Jennifer is not a binary_logic employee, authentication fails
+    jennifer = employees(:jennifer)
+    set_session_for(jennifer)
+    refute binary_logic.employee_sessions.find
+  end
 
-    set_session_for(ben)
+  def test_user_sessions
+    binary_logic = companies(:binary_logic)
 
+    # Ben is a binary_logic user, authentication succeeds
+    ben = users(:ben)
+    set_session_for(ben, binary_logic)
     assert binary_logic.user_sessions.find
+
+    # Zack is not a binary_logic user, authentication fails
+    zack = users(:zack)
+    set_session_for(zack, binary_logic)
+    refute binary_logic.user_sessions.find
   end
 end

data/test/libs/company.rb

@@ -1,6 +1,6 @@
 class Company < ActiveRecord::Base
   authenticates_many :employee_sessions
-  authenticates_many :user_sessions
+  authenticates_many :user_sessions, scope_cookies: true
   has_many :employees, :dependent => :destroy
   has_many :users, :dependent => :destroy
 end

data/test/test_helper.rb

@@ -199,9 +199,28 @@ class ActiveSupport::TestCase
       controller.request_content_type = nil
     end
 
-    def set_session_for(user)
-      controller.session["user_credentials"] = user.persistence_token
-      controller.session["user_credentials_id"] = user.id
+    def session_credentials_prefix(scope_record)
+      if scope_record.nil?
+        ""
+      else
+        format(
+          "%s_%d_",
+          scope_record.class.model_name.name.underscore,
+          scope_record.id
+        )
+      end
+    end
+
+    # Sets the session variables that `record` (eg. a `User`) would have after
+    # logging in.
+    #
+    # If `record` belongs to an `authenticates_many` association that uses the
+    # `scope_cookies` option, then a `scope_record` can be provided.
+    def set_session_for(record, scope_record = nil)
+      prefix = session_credentials_prefix(scope_record)
+      record_class_name = record.class.model_name.name.underscore
+      controller.session["#{prefix}#{record_class_name}_credentials"] = record.persistence_token
+      controller.session["#{prefix}#{record_class_name}_credentials_id"] = record.id
     end
 
     def unset_session

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 3.6.0
+  version: 3.6.1
 platform: ruby
 authors:
 - Ben Johnson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-28 00:00:00.000000000 Z
+date: 2017-09-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord