authlogic 3.8.0 → 4.0.0

data/Rakefile

@@ -18,4 +18,4 @@ end
 require "rubocop/rake_task"
 RuboCop::RakeTask.new
 
-task :default => [:rubocop, :test]
+task default: [:rubocop, :test]

data/UPGRADING.md

@@ -0,0 +1,20 @@
+# Upgrading Authlogic
+
+Supplemental instructions to complement CHANGELOG.md.
+
+## 3.4.0
+
+In version 3.4.0, the default crypto_provider was changed from *Sha512* to *SCrypt*.
+
+If you never set a crypto_provider and are upgrading, your passwords will break unless you set the original:
+
+``` ruby
+c.crypto_provider = Authlogic::CryptoProviders::Sha512
+```
+
+And if you want to automatically upgrade from *Sha512* to *SCrypt* as users login:
+
+```ruby
+c.transition_from_crypto_providers = [Authlogic::CryptoProviders::Sha512]
+c.crypto_provider = Authlogic::CryptoProviders::SCrypt
+```

data/authlogic.gemspec

@@ -1,27 +1,36 @@
-# -*- encoding: utf-8 -*-
 $:.push File.expand_path("../lib", __FILE__)
+require "authlogic/version"
 
-Gem::Specification.new do |s|
-  s.name        = "authlogic"
-  s.version     = "3.8.0"
-  s.platform    = Gem::Platform::RUBY
-  s.authors     = ["Ben Johnson"]
-  s.email       = ["bjohnson@binarylogic.com"]
-  s.homepage    = "http://github.com/binarylogic/authlogic"
-  s.summary     = 'A clean, simple, and unobtrusive ruby authentication solution.'
-
+::Gem::Specification.new do |s|
+  s.name = "authlogic"
+  s.version = ::Authlogic.gem_version.to_s
+  s.platform = ::Gem::Platform::RUBY
+  s.authors = [
+    "Ben Johnson",
+    "Tieg Zaharia",
+    "Jared Beck"
+  ]
+  s.email = [
+    "bjohnson@binarylogic.com",
+    "tieg.zaharia@gmail.com",
+    "jared@jaredbeck.com"
+  ]
+  s.homepage = "http://github.com/binarylogic/authlogic"
+  s.summary = 'A clean, simple, and unobtrusive ruby authentication solution.'
   s.license = 'MIT'
 
-  s.add_dependency 'activerecord', ['>= 3.2', '< 5.3']
-  s.add_dependency 'activesupport', ['>= 3.2', '< 5.3']
+  s.required_ruby_version = '>= 2.2.0'
+  s.add_dependency 'activerecord', ['>= 4.2', '< 5.3']
+  s.add_dependency 'activesupport', ['>= 4.2', '< 5.3']
   s.add_dependency 'request_store', '~> 1.0'
   s.add_dependency 'scrypt', '>= 1.2', '< 4.0'
   s.add_development_dependency 'bcrypt', '~> 3.1'
+  s.add_development_dependency 'byebug', '~> 10.0'
+  s.add_development_dependency 'rubocop', '~> 0.51.0'
   s.add_development_dependency 'timecop', '~> 0.7'
-  s.add_development_dependency 'rubocop', '~> 0.41.2'
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  s.files = `git ls-files`.split("\n")
+  s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ["lib"]
 end

data/lib/authlogic.rb

@@ -9,57 +9,57 @@ require "active_record"
 path = File.dirname(__FILE__) + "/authlogic/"
 
 [
- "i18n",
- "random",
- "regex",
- "config",
+  "i18n",
+  "random",
+  "regex",
+  "config",
 
- "controller_adapters/abstract_adapter",
+  "controller_adapters/abstract_adapter",
 
- "crypto_providers",
+  "crypto_providers",
 
- "authenticates_many/base",
- "authenticates_many/association",
+  "authenticates_many/base",
+  "authenticates_many/association",
 
- "acts_as_authentic/email",
- "acts_as_authentic/logged_in_status",
- "acts_as_authentic/login",
- "acts_as_authentic/magic_columns",
- "acts_as_authentic/password",
- "acts_as_authentic/perishable_token",
- "acts_as_authentic/persistence_token",
- "acts_as_authentic/restful_authentication",
- "acts_as_authentic/session_maintenance",
- "acts_as_authentic/single_access_token",
- "acts_as_authentic/validations_scope",
- "acts_as_authentic/base",
+  "acts_as_authentic/email",
+  "acts_as_authentic/logged_in_status",
+  "acts_as_authentic/login",
+  "acts_as_authentic/magic_columns",
+  "acts_as_authentic/password",
+  "acts_as_authentic/perishable_token",
+  "acts_as_authentic/persistence_token",
+  "acts_as_authentic/restful_authentication",
+  "acts_as_authentic/session_maintenance",
+  "acts_as_authentic/single_access_token",
+  "acts_as_authentic/validations_scope",
+  "acts_as_authentic/base",
 
- "session/activation",
- "session/active_record_trickery",
- "session/brute_force_protection",
- "session/callbacks",
- "session/cookies",
- "session/existence",
- "session/foundation",
- "session/http_auth",
- "session/id",
- "session/klass",
- "session/magic_columns",
- "session/magic_states",
- "session/params",
- "session/password",
- "session/perishable_token",
- "session/persistence",
- "session/priority_record",
- "session/scopes",
- "session/session",
- "session/timeout",
- "session/unauthorized_record",
- "session/validation",
- "session/base"
+  "session/activation",
+  "session/active_record_trickery",
+  "session/brute_force_protection",
+  "session/callbacks",
+  "session/cookies",
+  "session/existence",
+  "session/foundation",
+  "session/http_auth",
+  "session/id",
+  "session/klass",
+  "session/magic_columns",
+  "session/magic_states",
+  "session/params",
+  "session/password",
+  "session/perishable_token",
+  "session/persistence",
+  "session/priority_record",
+  "session/scopes",
+  "session/session",
+  "session/timeout",
+  "session/unauthorized_record",
+  "session/validation",
+  "session/base"
 ].each do |library|
-   require path + library
- end
+  require path + library
+end
 
 require path + "controller_adapters/rails_adapter"   if defined?(Rails)
 require path + "controller_adapters/sinatra_adapter" if defined?(Sinatra)

data/lib/authlogic/acts_as_authentic/base.rb

@@ -12,8 +12,8 @@ module Authlogic
       end
 
       module Config
-        # This includes a lot of helpful methods for authenticating records which The Authlogic::Session module relies on.
-        # To use it just do:
+        # This includes a lot of helpful methods for authenticating records
+        # which the Authlogic::Session module relies on. To use it just do:
         #
         #   class User < ActiveRecord::Base
         #     acts_as_authentic
@@ -26,11 +26,11 @@ module Authlogic
         #   end
         #
         # See the various sub modules for the configuration they provide.
-        def acts_as_authentic(unsupported_options = nil, &block)
+        def acts_as_authentic(unsupported_options = nil)
           # Stop all configuration if the DB is not set up
-          return if !db_setup?
+          return unless db_setup?
 
-          if !unsupported_options.nil?
+          unless unsupported_options.nil?
             raise ArgumentError.new(
               "You are using the old v1.X.X configuration method for " \
                 "Authlogic. Instead of passing a hash of configuration " \
@@ -43,12 +43,15 @@ module Authlogic
           acts_as_authentic_modules.each { |mod| include mod }
         end
 
-        # Since this part of Authlogic deals with another class, ActiveRecord, we can't just start including things
-        # in ActiveRecord itself. A lot of these module includes need to be triggered by the acts_as_authentic method
-        # call. For example, you don't want to start adding in email validations and what not into a model that has
-        # nothing to do with Authlogic.
+        # Since this part of Authlogic deals with another class, ActiveRecord,
+        # we can't just start including things in ActiveRecord itself. A lot of
+        # these module includes need to be triggered by the acts_as_authentic
+        # method call. For example, you don't want to start adding in email
+        # validations and what not into a model that has nothing to do with
+        # Authlogic.
         #
-        # That being said, this is your tool for extending Authlogic and "hooking" into the acts_as_authentic call.
+        # That being said, this is your tool for extending Authlogic and
+        # "hooking" into the acts_as_authentic call.
         def add_acts_as_authentic_module(mod, action = :append)
           modules = acts_as_authentic_modules.clone
           case action
@@ -81,7 +84,11 @@ module Authlogic
 
           def first_column_to_exist(*columns_to_check)
             if db_setup?
-              columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
+              columns_to_check.each do |column_name|
+                if column_names.include?(column_name.to_s)
+                  return column_name.to_sym
+                end
+              end
             end
             columns_to_check.first && columns_to_check.first.to_sym
           end

data/lib/authlogic/acts_as_authentic/email.rb

@@ -1,9 +1,10 @@
 module Authlogic
   module ActsAsAuthentic
-    # Sometimes models won't have an explicit "login" or "username" field. Instead they want to use the email field.
-    # In this case, authlogic provides validations to make sure the email submited is actually a valid email. Don't worry,
-    # if you do have a login or username field, Authlogic will still validate your email field. One less thing you have to
-    # worry about.
+    # Sometimes models won't have an explicit "login" or "username" field.
+    # Instead they want to use the email field. In this case, authlogic provides
+    # validations to make sure the email submited is actually a valid email.
+    # Don't worry, if you do have a login or username field, Authlogic will
+    # still validate your email field. One less thing you have to worry about.
     module Email
       def self.included(klass)
         klass.class_eval do
@@ -32,28 +33,33 @@ module Authlogic
         end
         alias_method :validate_email_field=, :validate_email_field
 
-        # A hash of options for the validates_length_of call for the email field. Allows you to change this however you want.
+        # A hash of options for the validates_length_of call for the email
+        # field. Allows you to change this however you want.
         #
-        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
-        # merge options into it. Checkout the convenience function merge_validates_length_of_email_field_options to merge
-        # options.</b>
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as
+        # possible, so you can completely replace the hash or merge options into
+        # it. Checkout the convenience function
+        # merge_validates_length_of_email_field_options to merge options.</b>
         #
         # * <tt>Default:</tt> {:maximum => 100}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_email_field_options(value = nil)
-          rw_config(:validates_length_of_email_field_options, value, { :maximum => 100 })
+          rw_config(:validates_length_of_email_field_options, value, maximum: 100)
         end
         alias_method :validates_length_of_email_field_options=, :validates_length_of_email_field_options
 
-        # A convenience function to merge options into the validates_length_of_email_field_options. So instead of:
+        # A convenience function to merge options into the
+        # validates_length_of_email_field_options. So instead of:
         #
-        #   self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(:my_option => my_value)
+        #   self.validates_length_of_email_field_options =
+        #     validates_length_of_email_field_options.merge(:my_option => my_value)
         #
         # You can do this:
         #
         #   merge_validates_length_of_email_field_options :my_option => my_value
         def merge_validates_length_of_email_field_options(options = {})
-          self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(options)
+          self.validates_length_of_email_field_options =
+            validates_length_of_email_field_options.merge(options)
         end
 
         # A hash of options for the validates_format_of call for the email
@@ -86,22 +92,22 @@ module Authlogic
           rw_config(
             :validates_format_of_email_field_options,
             value,
-            {
-              :with => Authlogic::Regex.email,
-              :message => Proc.new do
-                I18n.t(
-                  'error_messages.email_invalid',
-                  :default => "should look like an email address."
-                )
-              end
-            }
+            with: Authlogic::Regex.email,
+            message: Proc.new do
+                       I18n.t(
+                         'error_messages.email_invalid',
+                         default: "should look like an email address."
+                       )
+                     end
           )
         end
         alias_method :validates_format_of_email_field_options=, :validates_format_of_email_field_options
 
-        # See merge_validates_length_of_email_field_options. The same thing except for validates_format_of_email_field_options.
+        # See merge_validates_length_of_email_field_options. The same thing
+        # except for validates_format_of_email_field_options.
         def merge_validates_format_of_email_field_options(options = {})
-          self.validates_format_of_email_field_options = validates_format_of_email_field_options.merge(options)
+          self.validates_format_of_email_field_options =
+            validates_format_of_email_field_options.merge(options)
         end
 
         # A hash of options for the validates_uniqueness_of call for the email
@@ -126,11 +132,9 @@ module Authlogic
           rw_config(
             :validates_uniqueness_of_email_field_options,
             value,
-            {
-              :case_sensitive => false,
-              :scope => validations_scope,
-              :if => "#{email_field}_changed?".to_sym
-            }
+            case_sensitive: false,
+            scope: validations_scope,
+            if: "#{email_field}_changed?".to_sym
           )
         end
         alias_method(

data/lib/authlogic/acts_as_authentic/logged_in_status.rb

@@ -27,7 +27,7 @@ module Authlogic
       # All methods for the logged in status feature seat.
       module Methods
         def self.included(klass)
-          return if !klass.column_names.include?("last_request_at")
+          return unless klass.column_names.include?("last_request_at")
 
           klass.class_eval do
             include InstanceMethods

data/lib/authlogic/acts_as_authentic/login.rb

@@ -1,3 +1,5 @@
+require 'authlogic/acts_as_authentic/queries/find_with_case'
+
 module Authlogic
   module ActsAsAuthentic
     # Handles everything related to the login field.
@@ -40,7 +42,7 @@ module Authlogic
         # * <tt>Default:</tt> {:within => 3..100}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_login_field_options(value = nil)
-          rw_config(:validates_length_of_login_field_options, value, { :within => 3..100 })
+          rw_config(:validates_length_of_login_field_options, value, within: 3..100)
         end
         alias_method :validates_length_of_login_field_options=, :validates_length_of_login_field_options
 
@@ -54,7 +56,8 @@ module Authlogic
         #
         #   merge_validates_length_of_login_field_options :my_option => my_value
         def merge_validates_length_of_login_field_options(options = {})
-          self.validates_length_of_login_field_options = validates_length_of_login_field_options.merge(options)
+          self.validates_length_of_login_field_options =
+            validates_length_of_login_field_options.merge(options)
         end
 
         # A hash of options for the validates_format_of call for the login
@@ -82,15 +85,13 @@ module Authlogic
           rw_config(
             :validates_format_of_login_field_options,
             value,
-            {
-              :with => Authlogic::Regex.login,
-              :message => proc do
-                I18n.t(
-                  'error_messages.login_invalid',
-                  :default => "should use only letters, numbers, spaces, and .-_@+ please."
-                )
-              end
-            }
+            with: Authlogic::Regex.login,
+            message: proc do
+                       I18n.t(
+                         'error_messages.login_invalid',
+                         default: "should use only letters, numbers, spaces, and .-_@+ please."
+                       )
+                     end
           )
         end
         alias_method :validates_format_of_login_field_options=, :validates_format_of_login_field_options
@@ -98,7 +99,8 @@ module Authlogic
         # See merge_validates_length_of_login_field_options. The same thing,
         # except for validates_format_of_login_field_options
         def merge_validates_format_of_login_field_options(options = {})
-          self.validates_format_of_login_field_options = validates_format_of_login_field_options.merge(options)
+          self.validates_format_of_login_field_options =
+            validates_format_of_login_field_options.merge(options)
         end
 
         # A hash of options for the validates_uniqueness_of call for the login
@@ -122,11 +124,9 @@ module Authlogic
           rw_config(
             :validates_uniqueness_of_login_field_options,
             value,
-            {
-              :case_sensitive => false,
-              :scope => validations_scope,
-              :if => "#{login_field}_changed?".to_sym
-            }
+            case_sensitive: false,
+            scope: validations_scope,
+            if: "#{login_field}_changed?".to_sym
           )
         end
         alias_method(
@@ -160,39 +160,29 @@ module Authlogic
         # The above also applies for using email as your login, except that you
         # need to set the :case_sensitive in
         # validates_uniqueness_of_email_field_options to false.
+        #
+        # @api public
         def find_by_smart_case_login_field(login)
           if login_field
-            find_with_case(login_field, login, validates_uniqueness_of_login_field_options[:case_sensitive] != false)
+            find_with_case(
+              login_field,
+              login,
+              validates_uniqueness_of_login_field_options[:case_sensitive] != false
+            )
           else
-            find_with_case(email_field, login, validates_uniqueness_of_email_field_options[:case_sensitive] != false)
+            find_with_case(
+              email_field,
+              login,
+              validates_uniqueness_of_email_field_options[:case_sensitive] != false
+            )
           end
         end
 
         private
 
-          def find_with_case(field, value, sensitivity = true)
-            ar_gem_version = Gem::Version.new(ActiveRecord::VERSION::STRING)
-
-            relation = if not sensitivity
-              connection.case_insensitive_comparison(arel_table, field.to_s, columns_hash[field.to_s], value)
-            elsif ar_gem_version >= Gem::Version.new('5.0')
-              connection.case_sensitive_comparison(arel_table, field.to_s, columns_hash[field.to_s], value)
-            else
-              if ar_gem_version < Gem::Version.new('4.2')
-                value = connection.case_sensitive_modifier(value)
-              else
-                value = connection.case_sensitive_modifier(value, field.to_s)
-              end
-              arel_table[field.to_s].eq(value)
-            end
-
-            # bind value in rails 5
-            if ar_gem_version >= Gem::Version.new('5')
-              bind = ActiveRecord::Relation::QueryAttribute.new(field.to_s, value, ActiveRecord::Type::Value.new)
-              where(relation, bind).first
-            else
-              where(relation).first
-            end
+          # @api private
+          def find_with_case(field, value, sensitive)
+            Queries::FindWithCase.new(self, field, value, sensitive).execute
           end
       end