authlogic 3.8.0 → 4.0.0

data/lib/authlogic/acts_as_authentic/single_access_token.rb

@@ -29,14 +29,14 @@ module Authlogic
       # All method, for the single_access token aspect of acts_as_authentic.
       module Methods
         def self.included(klass)
-          return if !klass.column_names.include?("single_access_token")
+          return unless klass.column_names.include?("single_access_token")
 
           klass.class_eval do
             include InstanceMethods
-            validates_uniqueness_of :single_access_token, :if => :single_access_token_changed?
-            before_validation :reset_single_access_token, :if => :reset_single_access_token?
+            validates_uniqueness_of :single_access_token, if: :single_access_token_changed?
+            before_validation :reset_single_access_token, if: :reset_single_access_token?
             if respond_to?(:after_password_set)
-              after_password_set(:reset_single_access_token, :if => :change_single_access_token_with_password?)
+              after_password_set(:reset_single_access_token, if: :change_single_access_token_with_password?)
             end
           end
         end

data/lib/authlogic/authenticates_many/association.rb

@@ -30,20 +30,20 @@ module Authlogic
       end
 
       [:create, :create!, :find, :new].each do |method|
-        class_eval <<-"end_eval", __FILE__, __LINE__
+        class_eval <<-EOS, __FILE__, __LINE__
           def #{method}(*args)
             klass.with_scope(scope_options) do
               klass.#{method}(*args)
             end
           end
-        end_eval
+        EOS
       end
       alias_method :build, :new
 
       private
 
         def scope_options
-          { :find_options => find_options, :id => id }
+          { find_options: find_options, id: id }
         end
     end
   end

data/lib/authlogic/authenticates_many/base.rb

@@ -51,12 +51,12 @@ module Authlogic
       def authenticates_many(name, options = {})
         options[:session_class] ||= name.to_s.classify.constantize
         options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
-        class_eval <<-"end_eval", __FILE__, __LINE__
+        class_eval <<-EOS, __FILE__, __LINE__
           def #{name}
             find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.where(nil)
             @#{name} ||= Authlogic::AuthenticatesMany::Association.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
           end
-        end_eval
+        EOS
       end
     end
 

data/lib/authlogic/config.rb

@@ -1,4 +1,3 @@
-# encoding: utf-8
 module Authlogic
   module Config
     def self.extended(klass)

data/lib/authlogic/controller_adapters/abstract_adapter.rb

@@ -3,16 +3,19 @@ module Authlogic
     # Allows you to use Authlogic in any framework you want, not just rails. See the RailsAdapter
     # for an example of how to adapt Authlogic to work with your framework.
     class AbstractAdapter
+      E_COOKIE_DOMAIN_ADAPTER = "The cookie_domain method has not been " \
+        "implemented by the controller adapter".freeze
+
       attr_accessor :controller
 
       def initialize(controller)
         self.controller = controller
       end
 
-      def authenticate_with_http_basic(&block)
+      def authenticate_with_http_basic
         @auth = Rack::Auth::Basic::Request.new(controller.request.env)
-        if @auth.provided? and @auth.basic?
-          block.call(*@auth.credentials)
+        if @auth.provided? && @auth.basic?
+          yield(*@auth.credentials)
         else
           false
         end
@@ -23,7 +26,7 @@ module Authlogic
       end
 
       def cookie_domain
-        raise NotImplementedError.new("The cookie_domain method has not been implemented by the controller adapter")
+        raise NotImplementedError.new(E_COOKIE_DOMAIN_ADAPTER)
       end
 
       def params
@@ -58,6 +61,10 @@ module Authlogic
         controller.send(:last_request_update_allowed?)
       end
 
+      def respond_to_missing?(*args)
+        super(*args) || controller.respond_to?(*args)
+      end
+
       private
 
         def method_missing(id, *args, &block)

data/lib/authlogic/controller_adapters/rack_adapter.rb

@@ -56,10 +56,14 @@ module Authlogic
         Authlogic::Session::Base.controller = self
       end
 
-      # Rack Requests stores cookies with not just the value, but also with flags and expire information in the hash.
-      # Authlogic does not like this, so we drop everything except the cookie value
+      # Rack Requests stores cookies with not just the value, but also with
+      # flags and expire information in the hash. Authlogic does not like this,
+      # so we drop everything except the cookie value.
       def cookies
-        controller.cookies.map { |key, value_hash| { key => value_hash[:value] } }.inject(:merge) || {}
+        controller
+          .cookies
+          .map { |key, value_hash| { key => value_hash[:value] } }
+          .inject(:merge) || {}
       end
     end
   end

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -13,6 +13,8 @@ module Authlogic
         controller.authenticate_with_http_basic(&block)
       end
 
+      # Returns a `ActionDispatch::Cookies::CookieJar`. See the AC guide
+      # http://guides.rubyonrails.org/action_controller_overview.html#cookies
       def cookies
         controller.send(:cookies)
       end

data/lib/authlogic/crypto_providers/aes256.rb

@@ -6,7 +6,7 @@ module Authlogic
     # use this encryption method you must supply it with a key first. In an initializer,
     # or before your application initializes, you should do the following:
     #
-    #   Authlogic::CryptoProviders::AES256.key = "my really long and unique key, preferably a bunch of random characters"
+    #   Authlogic::CryptoProviders::AES256.key = "long, unique, and random key"
     #
     # My final comment is that this is a strong encryption method, but its main weakness
     # is that it's reversible. If you do not need to reverse the hash then you should

data/lib/authlogic/crypto_providers/bcrypt.rb

@@ -66,7 +66,7 @@ module Authlogic
 
         # Creates a BCrypt hash for the password passed.
         def encrypt(*tokens)
-          ::BCrypt::Password.create(join_tokens(tokens), :cost => cost)
+          ::BCrypt::Password.create(join_tokens(tokens), cost: cost)
         end
 
         # Does the hash match the tokens? Uses the same tokens that were used to

data/lib/authlogic/crypto_providers/scrypt.rb

@@ -19,7 +19,7 @@ module Authlogic
     #   end
     class SCrypt
       class << self
-        DEFAULTS = { :key_len => 32, :salt_size => 8, :max_time => 0.2, :max_mem => 1024 * 1024, :max_memfrac => 0.5 }
+        DEFAULTS = { key_len: 32, salt_size: 8, max_time: 0.2, max_mem: 1024 * 1024, max_memfrac: 0.5 }.freeze
 
         attr_writer :key_len, :salt_size, :max_time, :max_mem, :max_memfrac
         # Key length - length in bytes of generated key, from 16 to 512.
@@ -51,11 +51,11 @@ module Authlogic
         def encrypt(*tokens)
           ::SCrypt::Password.create(
             join_tokens(tokens),
-            :key_len => key_len,
-            :salt_size => salt_size,
-            :max_mem => max_mem,
-            :max_memfrac => max_memfrac,
-            :max_time => max_time
+            key_len: key_len,
+            salt_size: salt_size,
+            max_mem: max_mem,
+            max_memfrac: max_memfrac,
+            max_time: max_time
           )
         end
 

data/lib/authlogic/crypto_providers/sha1.rb

@@ -2,8 +2,9 @@ require "digest/sha1"
 
 module Authlogic
   module CryptoProviders
-    # This class was made for the users transitioning from restful_authentication. I highly discourage using this
-    # crypto provider as it is far inferior to your other options. Please use any other provider offered by Authlogic.
+    # This class was made for the users transitioning from restful_authentication. I
+    # highly discourage using this crypto provider as it is far inferior to your other
+    # options. Please use any other provider offered by Authlogic.
     class Sha1
       class << self
         def join_token
@@ -11,7 +12,8 @@ module Authlogic
         end
         attr_writer :join_token
 
-        # The number of times to loop through the encryption. This is ten because that is what restful_authentication defaults to.
+        # The number of times to loop through the encryption. This is ten because that is
+        # what restful_authentication defaults to.
         def stretches
           @stretches ||= 10
         end
@@ -21,11 +23,14 @@ module Authlogic
         def encrypt(*tokens)
           tokens = tokens.flatten
           digest = tokens.shift
-          stretches.times { digest = Digest::SHA1.hexdigest([digest, *tokens].join(join_token)) }
+          stretches.times do
+            digest = Digest::SHA1.hexdigest([digest, *tokens].join(join_token))
+          end
           digest
         end
 
-        # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
+        # Does the crypted password match the tokens? Uses the same tokens that were used
+        # to encrypt.
         def matches?(crypted, *tokens)
           encrypt(*tokens) == crypted
         end

data/lib/authlogic/crypto_providers/sha256.rb

@@ -1,22 +1,25 @@
 require "digest/sha2"
 
 module Authlogic
-  # The acts_as_authentic method has a crypto_provider option. This allows you to use any type of encryption you like.
-  # Just create a class with a class level encrypt and matches? method. See example below.
+  # The acts_as_authentic method has a crypto_provider option. This allows you
+  # to use any type of encryption you like. Just create a class with a class
+  # level encrypt and matches? method. See example below.
   #
   # === Example
   #
   #   class MyAwesomeEncryptionMethod
   #     def self.encrypt(*tokens)
-  #       # the tokens passed will be an array of objects, what type of object is irrelevant,
-  #       # just do what you need to do with them and return a single encrypted string.
-  #       # for example, you will most likely join all of the objects into a single string and then encrypt that string
+  #       # the tokens passed will be an array of objects, what type of object
+  #       # is irrelevant, just do what you need to do with them and return a
+  #       # single encrypted string. for example, you will most likely join all
+  #       # of the objects into a single string and then encrypt that string
   #     end
   #
   #     def self.matches?(crypted, *tokens)
-  #       # return true if the crypted string matches the tokens.
-  #       # depending on your algorithm you might decrypt the string then compare it to the token, or you might
-  #       # encrypt the tokens and make sure it matches the crypted string, its up to you
+  #       # return true if the crypted string matches the tokens. Depending on
+  #       # your algorithm you might decrypt the string then compare it to the
+  #       # token, or you might encrypt the tokens and make sure it matches the
+  #       # crypted string, its up to you.
   #     end
   #   end
   module CryptoProviders

data/lib/authlogic/crypto_providers/wordpress.rb

@@ -3,13 +3,13 @@ module Authlogic
   module CryptoProviders
     class Wordpress
       class << self
-        ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+        ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.freeze
 
         def matches?(crypted, *tokens)
           stretches = 1 << ITOA64.index(crypted[3, 1])
           plain, salt = *tokens
           hashed = Digest::MD5.digest(salt + plain)
-          stretches.times do |i|
+          stretches.times do
             hashed = Digest::MD5.digest(hashed + plain)
           end
           crypted[0, 12] + encode_64(hashed, 16) == crypted

data/lib/authlogic/i18n.rb

@@ -36,7 +36,8 @@ module Authlogic
   #       login_blank: can not be blank
   #       login_not_found: is not valid
   #       login_invalid: should use only letters, numbers, spaces, and .-_@+ please.
-  #       consecutive_failed_logins_limit_exceeded: Consecutive failed logins limit exceeded, account is disabled.
+  #       consecutive_failed_logins_limit_exceeded: >
+  #         Consecutive failed logins limit exceeded, account is disabled.
   #       email_invalid: should look like an email address.
   #       email_invalid_international: should look like an international email address.
   #       password_blank: can not be blank
@@ -46,6 +47,7 @@ module Authlogic
   #       not_approved: Your account is not approved
   #       no_authentication_details: You did not provide any details for authentication.
   #       general_credentials_error: Login/Password combination is not valid
+  #       session_invalid: Your session is invalid and has the following errors:
   #     models:
   #       user_session: UserSession (or whatever name you are using)
   #     attributes:
@@ -83,7 +85,7 @@ module Authlogic
       # for the message. The second is options, see the rails I18n library for a list of
       # options used.
       def translate(key, options = {})
-        translator.translate key, { :scope => I18n.scope }.merge(options)
+        translator.translate key, { scope: I18n.scope }.merge(options)
       end
       alias :t :translate
     end

data/lib/authlogic/random.rb

@@ -1,34 +1,16 @@
+require "securerandom"
+
 module Authlogic
-  # Handles generating random strings. If SecureRandom is installed it will default to
-  # this and use it instead. SecureRandom comes with ActiveSupport. So if you are using
-  # this in a rails app you should have this library.
+  # Generates random strings using ruby's SecureRandom library.
   module Random
-    extend self
-
-    SecureRandom = (defined?(::SecureRandom) && ::SecureRandom) ||
-      (defined?(::ActiveSupport::SecureRandom) && ::ActiveSupport::SecureRandom)
-
-    if SecureRandom
-      def hex_token
-        SecureRandom.hex(64)
-      end
-
-      def friendly_token
-        # use base64url as defined by RFC4648
-        SecureRandom.base64(15).tr('+/=', '').strip.delete("\n")
-      end
-    else
-      def hex_token
-        Authlogic::CryptoProviders::Sha512.encrypt(Time.now.to_s + (1..10).collect { rand.to_s }.join)
-      end
-
-      FRIENDLY_CHARS = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+    def self.hex_token
+      SecureRandom.hex(64)
+    end
 
-      def friendly_token
-        newpass = ""
-        1.upto(20) { |i| newpass << FRIENDLY_CHARS[rand(FRIENDLY_CHARS.size - 1)] }
-        newpass
-      end
+    # Returns a string in base64url format as defined by RFC-3548 and RFC-4648.
+    # We call this a "friendly" token because it is short and safe for URLs.
+    def self.friendly_token
+      SecureRandom.urlsafe_base64(15)
     end
   end
 end

data/lib/authlogic/regex.rb

@@ -1,7 +1,7 @@
-# encoding: utf-8
 module Authlogic
-  # This is a module the contains regular expressions used throughout Authlogic. The point of extracting
-  # them out into their own module is to make them easily available to you for other uses. Ex:
+  # This is a module the contains regular expressions used throughout Authlogic. The point
+  # of extracting them out into their own module is to make them easily available to you
+  # for other uses. Ex:
   #
   #   validates_format_of :my_email_field, :with => Authlogic::Regex.email
   module Regex
@@ -19,12 +19,15 @@ module Authlogic
       end
     end
 
-    # A draft regular expression for internationalized email addresses.
-    # Given that the standard may be in flux, this simply emulates @email_regex but rather than
-    # allowing specific characters for each part, it instead disallows the complement set of characters:
+    # A draft regular expression for internationalized email addresses. Given that the
+    # standard may be in flux, this simply emulates @email_regex but rather than allowing
+    # specific characters for each part, it instead disallows the complement set of
+    # characters:
+    #
     # - email_name_regex disallows: @[]^ !"#$()*,/:;<=>?`{|}~\ and control characters
     # - domain_head_regex disallows: _%+ and all characters in email_name_regex
     # - domain_tld_regex disallows: 0123456789- and all characters in domain_head_regex
+    #
     # http://en.wikipedia.org/wiki/Email_address#Internationalization
     # http://tools.ietf.org/html/rfc6530
     # http://www.unicode.org/faq/idn.html
@@ -39,8 +42,8 @@ module Authlogic
       end
     end
 
-    # A simple regular expression that only allows for letters, numbers, spaces, and .-_@+. Just a standard login / username
-    # regular expression.
+    # A simple regular expression that only allows for letters, numbers, spaces, and
+    # .-_@+. Just a standard login / username regular expression.
     def self.login
       /\A[a-zA-Z0-9_][a-zA-Z0-9\.+\-_@ ]+\z/
     end

data/lib/authlogic/session/activation.rb

@@ -9,8 +9,11 @@ module Authlogic
     # you are using a supported framework, Authlogic takes care of this for you.
     module Activation
       class NotActivatedError < ::StandardError # :nodoc:
-        def initialize(session)
-          super("You must activate the Authlogic::Session::Base.controller with a controller object before creating objects")
+        def initialize
+          super(
+            "You must activate the Authlogic::Session::Base.controller with " \
+              "a controller object before creating objects"
+          )
         end
       end
 
@@ -55,7 +58,7 @@ module Authlogic
       module InstanceMethods
         # Making sure we are activated before we start creating objects
         def initialize(*args)
-          raise NotActivatedError.new(self) unless self.class.activated?
+          raise NotActivatedError unless self.class.activated?
           super
         end
 

data/lib/authlogic/session/active_record_trickery.rb

@@ -1,16 +1,18 @@
 module Authlogic
   module Session
-    # Authlogic looks like ActiveRecord, sounds like ActiveRecord, but its not ActiveRecord. That's the goal here.
-    # This is useful for the various rails helper methods such as form_for, error_messages_for, or any method that
-    # expects an ActiveRecord object. The point is to disguise the object as an ActiveRecord object so we can take
-    # advantage of the many ActiveRecord tools.
+    # Authlogic looks like ActiveRecord, sounds like ActiveRecord, but its not
+    # ActiveRecord. That's the goal here. This is useful for the various rails
+    # helper methods such as form_for, error_messages_for, or any method that
+    # expects an ActiveRecord object. The point is to disguise the object as an
+    # ActiveRecord object so we can take advantage of the many ActiveRecord
+    # tools.
     module ActiveRecordTrickery
       def self.included(klass)
         klass.extend ActiveModel::Naming
         klass.extend ActiveModel::Translation
 
         # Support ActiveModel::Name#name for Rails versions before 4.0.
-        if !klass.model_name.respond_to?(:name)
+        unless klass.model_name.respond_to?(:name)
           ActiveModel::Name.module_eval do
             alias_method :name, :to_s
           end
@@ -21,11 +23,12 @@ module Authlogic
       end
 
       module ClassMethods
-        # How to name the class, works JUST LIKE ActiveRecord, except it uses the following namespace:
+        # How to name the class, works JUST LIKE ActiveRecord, except it uses
+        # the following namespace:
         #
         #   authlogic.models.user_session
-        def human_name(*args)
-          I18n.t("models.#{name.underscore}", { :count => 1, :default => name.humanize })
+        def human_name(*)
+          I18n.t("models.#{name.underscore}", count: 1, default: name.humanize)
         end
 
         def i18n_scope
@@ -34,7 +37,8 @@ module Authlogic
       end
 
       module InstanceMethods
-        # Don't use this yourself, this is to just trick some of the helpers since this is the method it calls.
+        # Don't use this yourself, this is to just trick some of the helpers
+        # since this is the method it calls.
         def new_record?
           new_session?
         end