authlogic 3.8.0 → 4.0.0

data/lib/authlogic/acts_as_authentic/magic_columns.rb

@@ -17,15 +17,15 @@ module Authlogic
           klass.class_eval do
             if column_names.include?("login_count")
               validates_numericality_of :login_count,
-                :only_integer => true,
-                :greater_than_or_equal_to => 0,
-                :allow_nil => true
+                only_integer: true,
+                greater_than_or_equal_to: 0,
+                allow_nil: true
             end
             if column_names.include?("failed_login_count")
               validates_numericality_of :failed_login_count,
-                :only_integer => true,
-                :greater_than_or_equal_to => 0,
-                :allow_nil => true
+                only_integer: true,
+                greater_than_or_equal_to: 0,
+                allow_nil: true
             end
           end
         end

data/lib/authlogic/acts_as_authentic/password.rb

@@ -107,7 +107,7 @@ module Authlogic
         # * <tt>Default:</tt> {:minimum => 8, :if => :require_password?}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_password_field_options(value = nil)
-          rw_config(:validates_length_of_password_field_options, value, { :minimum => 8, :if => :require_password? })
+          rw_config(:validates_length_of_password_field_options, value, minimum: 8, if: :require_password?)
         end
         alias_method :validates_length_of_password_field_options=, :validates_length_of_password_field_options
 
@@ -121,7 +121,8 @@ module Authlogic
         #
         #   merge_validates_length_of_password_field_options :my_option => my_value
         def merge_validates_length_of_password_field_options(options = {})
-          self.validates_length_of_password_field_options = validates_length_of_password_field_options.merge(options)
+          self.validates_length_of_password_field_options =
+            validates_length_of_password_field_options.merge(options)
         end
 
         # A hash of options for the validates_confirmation_of call for the password field.
@@ -135,14 +136,16 @@ module Authlogic
         # * <tt>Default:</tt> {:if => :require_password?}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_confirmation_of
         def validates_confirmation_of_password_field_options(value = nil)
-          rw_config(:validates_confirmation_of_password_field_options, value, { :if => :require_password? })
+          rw_config(:validates_confirmation_of_password_field_options, value, if: :require_password?)
         end
-        alias_method :validates_confirmation_of_password_field_options=, :validates_confirmation_of_password_field_options
+        alias_method :validates_confirmation_of_password_field_options=,
+          :validates_confirmation_of_password_field_options
 
         # See merge_validates_length_of_password_field_options. The same thing, except for
         # validates_confirmation_of_password_field_options
         def merge_validates_confirmation_of_password_field_options(options = {})
-          self.validates_confirmation_of_password_field_options = validates_confirmation_of_password_field_options.merge(options)
+          self.validates_confirmation_of_password_field_options =
+            validates_confirmation_of_password_field_options.merge(options)
         end
 
         # A hash of options for the validates_length_of call for the password_confirmation
@@ -210,33 +213,36 @@ module Authlogic
         METHODS = [
           "before_password_set", "after_password_set",
           "before_password_verification", "after_password_verification"
-        ]
+        ].freeze
 
         def self.included(klass)
           return if klass.crypted_password_field.nil?
-          klass.define_callbacks *METHODS
+          klass.define_callbacks(*METHODS)
 
           # If Rails 3, support the new callback syntax
-          if klass.send(klass.respond_to?(:singleton_class) ? :singleton_class : :metaclass).method_defined?(:set_callback)
+          singleton_class_method_name = klass.respond_to?(:singleton_class) ? :singleton_class : :metaclass
+          if klass.send(singleton_class_method_name).method_defined?(:set_callback)
             METHODS.each do |method|
-              klass.class_eval <<-"end_eval", __FILE__, __LINE__
+              klass.class_eval <<-EOS, __FILE__, __LINE__
                 def self.#{method}(*methods, &block)
                   set_callback :#{method}, *methods, &block
                 end
-              end_eval
+              EOS
             end
           end
         end
 
-        private
-
-          METHODS.each do |method|
-            class_eval <<-"end_eval", __FILE__, __LINE__
-              def #{method}
-                run_callbacks(:#{method}) { |result, object| result == false }
-              end
-            end_eval
-          end
+        # TODO: Ideally, once this module is included, the included copies of
+        # the following methods would be private. This cannot be accomplished
+        # by using calling `private` here in the module. Maybe we can set the
+        # privacy inside `included`?
+        METHODS.each do |method|
+          class_eval <<-EOS, __FILE__, __LINE__
+            def #{method}
+              run_callbacks(:#{method}) { |result, object| result == false }
+            end
+          EOS
+        end
       end
 
       # The methods related to the password field.
@@ -251,8 +257,14 @@ module Authlogic
               validates_length_of :password, validates_length_of_password_field_options
 
               if require_password_confirmation
-                validates_confirmation_of :password, validates_confirmation_of_password_field_options
-                validates_length_of :password_confirmation, validates_length_of_password_confirmation_field_options
+                validates_confirmation_of(
+                  :password,
+                  validates_confirmation_of_password_field_options
+                )
+                validates_length_of(
+                  :password_confirmation,
+                  validates_length_of_password_confirmation_field_options
+                )
               end
             end
 
@@ -300,7 +312,7 @@ module Authlogic
 
             crypto_providers.each_with_index do |encryptor, index|
               if encryptor_matches?(crypted, encryptor, index, attempted_password, check_against_database)
-                if transition_password?(index, encryptor, crypted, check_against_database)
+                if transition_password?(index, encryptor, check_against_database)
                   transition_password(attempted_password)
                 end
                 after_password_verification
@@ -322,7 +334,7 @@ module Authlogic
           # Resets the password to a random friendly token and then saves the record.
           def reset_password!
             reset_password
-            save_without_session_maintenance(:validate => false)
+            save_without_session_maintenance(validate: false)
           end
           alias_method :randomize_password!, :reset_password!
 
@@ -373,18 +385,28 @@ module Authlogic
             end
 
             # Determines if we need to transition the password.
-            # If the index > 0 then we are using an "transition from" crypto provider.
-            # If the encryptor has a cost and the cost it outdated.
-            # If we aren't using database values
-            # If we are using database values, only if the password hasn't changed so we don't overwrite any changes
-            def transition_password?(index, encryptor, crypted, check_against_database)
-              (index > 0 || (encryptor.respond_to?(:cost_matches?) && !encryptor.cost_matches?(send(crypted_password_field)))) &&
-                (!check_against_database || !send("#{crypted_password_field}_changed?"))
+            #
+            # - If the index > 0 then we are using an "transition from" crypto
+            #   provider.
+            # - If the encryptor has a cost and the cost it outdated.
+            # - If we aren't using database values
+            # - If we are using database values, only if the password hasn't
+            #   changed so we don't overwrite any changes
+            def transition_password?(index, encryptor, check_against_database)
+              (
+                index > 0 ||
+                (encryptor.respond_to?(:cost_matches?) &&
+                !encryptor.cost_matches?(send(crypted_password_field)))
+              ) &&
+                (
+                  !check_against_database ||
+                  !send("#{crypted_password_field}_changed?")
+                )
             end
 
             def transition_password(attempted_password)
               self.password = attempted_password
-              save(:validate => false)
+              save(validate: false)
             end
 
             def require_password?

data/lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -1,13 +1,15 @@
 module Authlogic
   module ActsAsAuthentic
-    # This provides a handy token that is "perishable". Meaning the token is
-    # only good for a certain amount of time. This is perfect for resetting
-    # password, confirming accounts, etc. Typically during these actions you
-    # send them this token in via their email. Once they use the token and do
-    # what they need to do, that token should expire. Don't worry about
-    # maintaining this, changing it, or expiring it yourself. Authlogic does all
-    # of this for you. See the sub modules for all of the tools Authlogic
-    # provides to you.
+    # This provides a handy token that is "perishable", meaning the token is
+    # only good for a certain amount of time.
+    #
+    # This is useful for resetting password, confirming accounts, etc. Typically
+    # during these actions you send them this token in an email. Once they use
+    # the token and do what they need to do, that token should expire.
+    #
+    # Don't worry about maintaining the token, changing it, or expiring it
+    # yourself. Authlogic does all of this for you. See the sub modules for all
+    # of the tools Authlogic provides to you.
     module PerishableToken
       def self.included(klass)
         klass.class_eval do
@@ -16,7 +18,7 @@ module Authlogic
         end
       end
 
-      # Change how the perishable token works.
+      # Configure the perishable token.
       module Config
         # When using the find_using_perishable_token method the token can
         # expire. If the token is expired, no record will be returned. Use this
@@ -30,9 +32,8 @@ module Authlogic
         alias_method :perishable_token_valid_for=, :perishable_token_valid_for
 
         # Authlogic tries to expire and change the perishable token as much as
-        # possible, without compromising it's purpose. This is for security
-        # reasons. If you want to manage it yourself, you can stop Authlogic
-        # from getting your in way by setting this to true.
+        # possible, without compromising its purpose. If you want to manage it
+        # yourself, set this to true.
         #
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
@@ -45,18 +46,18 @@ module Authlogic
       # All methods relating to the perishable token.
       module Methods
         def self.included(klass)
-          return if !klass.column_names.include?("perishable_token")
+          return unless klass.column_names.include?("perishable_token")
 
           klass.class_eval do
             extend ClassMethods
             include InstanceMethods
 
-            validates_uniqueness_of :perishable_token, :if => :perishable_token_changed?
-            before_save :reset_perishable_token, :unless => :disable_perishable_token_maintenance?
+            validates_uniqueness_of :perishable_token, if: :perishable_token_changed?
+            before_save :reset_perishable_token, unless: :disable_perishable_token_maintenance?
           end
         end
 
-        # Class level methods for the perishable token
+        # Class methods for the perishable token
         module ClassMethods
           # Use this method to find a record with a perishable token. This
           # method does 2 things for you:
@@ -99,7 +100,7 @@ module Authlogic
           # Same as reset_perishable_token, but then saves the record afterwards.
           def reset_perishable_token!
             reset_perishable_token
-            save_without_session_maintenance(:validate => false)
+            save_without_session_maintenance(validate: false)
           end
 
           # A convenience method based on the

data/lib/authlogic/acts_as_authentic/persistence_token.rb

@@ -18,28 +18,23 @@ module Authlogic
 
             if respond_to?(:after_password_set) && respond_to?(:after_password_verification)
               after_password_set :reset_persistence_token
-              after_password_verification :reset_persistence_token!, :if => :reset_persistence_token?
+              after_password_verification :reset_persistence_token!, if: :reset_persistence_token?
             end
 
             validates_presence_of :persistence_token
-            validates_uniqueness_of :persistence_token, :if => :persistence_token_changed?
+            validates_uniqueness_of :persistence_token, if: :persistence_token_changed?
 
-            before_validation :reset_persistence_token, :if => :reset_persistence_token?
+            before_validation :reset_persistence_token, if: :reset_persistence_token?
           end
         end
 
         # Class level methods for the persistence token.
         module ClassMethods
-          # Resets ALL persistence tokens in the database, which will require all users to reauthenticate.
+          # Resets ALL persistence tokens in the database, which will require
+          # all users to re-authenticate.
           def forget_all
             # Paginate these to save on memory
-            records = nil
-            i = 0
-            begin
-              records = limit(50).offset(i)
-              records.each { |record| record.forget! }
-              i += 50
-            end while !records.blank?
+            find_each(batch_size: 50) { |record| record.forget! }
           end
         end
 
@@ -53,7 +48,7 @@ module Authlogic
           # Same as reset_persistence_token, but then saves the record.
           def reset_persistence_token!
             reset_persistence_token
-            save_without_session_maintenance(:validate => false)
+            save_without_session_maintenance(validate: false)
           end
           alias_method :forget!, :reset_persistence_token!
 

data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module ActsAsAuthentic
+    module Queries
+      # The query used by public-API method `find_by_smart_case_login_field`.
+      # @api private
+      class FindWithCase
+        AR_GEM_VERSION = ActiveRecord.gem_version.freeze
+
+        # @api private
+        def initialize(model_class, field, value, sensitive)
+          @model_class = model_class
+          @field = field.to_s
+          @value = value
+          @sensitive = sensitive
+        end
+
+        # @api private
+        def execute
+          bind(relation).first
+        end
+
+        private
+
+          # @api private
+          def bind(relation)
+            if AR_GEM_VERSION >= Gem::Version.new('5')
+              bind = ActiveRecord::Relation::QueryAttribute.new(
+                @field,
+                @value,
+                ActiveRecord::Type::Value.new
+              )
+              @model_class.where(relation, bind)
+            else
+              @model_class.where(relation)
+            end
+          end
+
+          # @api private
+          def relation
+            if !@sensitive
+              @model_class.connection.case_insensitive_comparison(
+                @model_class.arel_table,
+                @field,
+                @model_class.columns_hash[@field],
+                @value
+              )
+            elsif AR_GEM_VERSION >= Gem::Version.new('5.0')
+              @model_class.connection.case_sensitive_comparison(
+                @model_class.arel_table,
+                @field,
+                @model_class.columns_hash[@field],
+                @value
+              )
+            else
+              value = @model_class.connection.case_sensitive_modifier(@value, @field)
+              @model_class.arel_table[@field].eq(value)
+            end
+          end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/restful_authentication.rb

@@ -45,13 +45,21 @@ module Authlogic
         private
 
           def set_restful_authentication_config
-            crypto_provider_key = act_like_restful_authentication ? :crypto_provider : :transition_from_crypto_providers
-            self.send("#{crypto_provider_key}=", CryptoProviders::Sha1)
+            self.restful_auth_crypto_provider = CryptoProviders::Sha1
             if !defined?(::REST_AUTH_SITE_KEY) || ::REST_AUTH_SITE_KEY.nil?
-              class_eval("::REST_AUTH_SITE_KEY = ''") if !defined?(::REST_AUTH_SITE_KEY)
+              class_eval("::REST_AUTH_SITE_KEY = ''") unless defined?(::REST_AUTH_SITE_KEY)
               CryptoProviders::Sha1.stretches = 1
             end
           end
+
+          # @api private
+          def restful_auth_crypto_provider=(provider)
+            if act_like_restful_authentication
+              self.crypto_provider = provider
+            else
+              self.transition_from_crypto_providers = provider
+            end
+          end
       end
 
       module InstanceMethods

data/lib/authlogic/acts_as_authentic/session_maintenance.rb

@@ -30,17 +30,25 @@ module Authlogic
       end
 
       module Config
-        # This is more of a convenience method. In order to turn off automatic
-        # maintenance of sessions just set this to false, or you can also set
-        # the session_ids method to a blank array. Both accomplish the same
-        # thing. This method is a little clearer in it's intentions though.
+        # In order to turn off automatic maintenance of sessions
+        # after create, just set this to false.
         #
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
-        def maintain_sessions(value = nil)
-          rw_config(:maintain_sessions, value, true)
+        def log_in_after_create(value = nil)
+          rw_config(:log_in_after_create, value, true)
         end
-        alias_method :maintain_sessions=, :maintain_sessions
+        alias_method :log_in_after_create=, :log_in_after_create
+
+        # In order to turn off automatic maintenance of sessions when updating
+        # the password, just set this to false.
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def log_in_after_password_change(value = nil)
+          rw_config(:log_in_after_password_change, value, true)
+        end
+        alias_method :log_in_after_password_change=, :log_in_after_password_change
 
         # As you may know, authlogic sessions can be separate by id (See
         # Authlogic::Session::Base#id). You can specify here what session ids
@@ -69,8 +77,8 @@ module Authlogic
       module Methods
         def self.included(klass)
           klass.class_eval do
-            before_save :get_session_information, :if => :update_sessions?
-            before_save :maintain_sessions, :if => :update_sessions?
+            before_save :get_session_information, if: :update_sessions?
+            before_save :maintain_sessions, if: :update_sessions?
           end
         end
 
@@ -96,11 +104,15 @@ module Authlogic
             !skip_session_maintenance &&
               session_class &&
               session_class.activated? &&
-              self.class.maintain_sessions == true &&
+              maintain_session? &&
               !session_ids.blank? &&
               persistence_token_changed?
           end
 
+          def maintain_session?
+            log_in_after_create? || log_in_after_password_change?
+          end
+
           def get_session_information
             # Need to determine if we are completely logged out, or logged in as
             # another user.
@@ -148,6 +160,14 @@ module Authlogic
           def session_class
             self.class.session_class
           end
+
+          def log_in_after_create?
+            new_record? && self.class.log_in_after_create
+          end
+
+          def log_in_after_password_change?
+            persistence_token_changed? && self.class.log_in_after_password_change
+          end
       end
     end
   end