authlogic 3.8.0 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.github/triage.md +87 -0
- data/.gitignore +2 -1
- data/.rubocop.yml +62 -6
- data/.rubocop_todo.yml +51 -267
- data/.travis.yml +4 -26
- data/CHANGELOG.md +226 -2
- data/CONTRIBUTING.md +15 -5
- data/Gemfile +2 -2
- data/README.md +183 -91
- data/Rakefile +1 -1
- data/UPGRADING.md +20 -0
- data/authlogic.gemspec +25 -16
- data/lib/authlogic.rb +45 -45
- data/lib/authlogic/acts_as_authentic/base.rb +18 -11
- data/lib/authlogic/acts_as_authentic/email.rb +32 -28
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +1 -1
- data/lib/authlogic/acts_as_authentic/login.rb +32 -42
- data/lib/authlogic/acts_as_authentic/magic_columns.rb +6 -6
- data/lib/authlogic/acts_as_authentic/password.rb +53 -31
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +18 -17
- data/lib/authlogic/acts_as_authentic/persistence_token.rb +7 -12
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +64 -0
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +11 -3
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +30 -10
- data/lib/authlogic/acts_as_authentic/single_access_token.rb +4 -4
- data/lib/authlogic/authenticates_many/association.rb +3 -3
- data/lib/authlogic/authenticates_many/base.rb +2 -2
- data/lib/authlogic/config.rb +0 -1
- data/lib/authlogic/controller_adapters/abstract_adapter.rb +11 -4
- data/lib/authlogic/controller_adapters/rack_adapter.rb +7 -3
- data/lib/authlogic/controller_adapters/rails_adapter.rb +2 -0
- data/lib/authlogic/crypto_providers/aes256.rb +1 -1
- data/lib/authlogic/crypto_providers/bcrypt.rb +1 -1
- data/lib/authlogic/crypto_providers/scrypt.rb +6 -6
- data/lib/authlogic/crypto_providers/sha1.rb +10 -5
- data/lib/authlogic/crypto_providers/sha256.rb +11 -8
- data/lib/authlogic/crypto_providers/wordpress.rb +2 -2
- data/lib/authlogic/i18n.rb +4 -2
- data/lib/authlogic/random.rb +10 -28
- data/lib/authlogic/regex.rb +11 -8
- data/lib/authlogic/session/activation.rb +6 -3
- data/lib/authlogic/session/active_record_trickery.rb +13 -9
- data/lib/authlogic/session/base.rb +15 -4
- data/lib/authlogic/session/brute_force_protection.rb +14 -7
- data/lib/authlogic/session/callbacks.rb +53 -30
- data/lib/authlogic/session/cookies.rb +57 -16
- data/lib/authlogic/session/existence.rb +21 -11
- data/lib/authlogic/session/foundation.rb +56 -10
- data/lib/authlogic/session/http_auth.rb +15 -8
- data/lib/authlogic/session/klass.rb +7 -5
- data/lib/authlogic/session/magic_columns.rb +24 -11
- data/lib/authlogic/session/magic_states.rb +11 -4
- data/lib/authlogic/session/params.rb +6 -2
- data/lib/authlogic/session/password.rb +46 -73
- data/lib/authlogic/session/persistence.rb +11 -7
- data/lib/authlogic/session/priority_record.rb +7 -4
- data/lib/authlogic/session/scopes.rb +15 -6
- data/lib/authlogic/session/session.rb +20 -10
- data/lib/authlogic/session/timeout.rb +2 -2
- data/lib/authlogic/session/unauthorized_record.rb +1 -1
- data/lib/authlogic/session/validation.rb +1 -1
- data/lib/authlogic/test_case.rb +65 -2
- data/lib/authlogic/test_case/mock_controller.rb +5 -4
- data/lib/authlogic/test_case/mock_cookie_jar.rb +11 -2
- data/lib/authlogic/test_case/mock_request.rb +5 -1
- data/lib/authlogic/test_case/rails_request_adapter.rb +3 -2
- data/lib/authlogic/version.rb +16 -0
- data/test/acts_as_authentic_test/email_test.rb +33 -34
- data/test/acts_as_authentic_test/logged_in_status_test.rb +1 -1
- data/test/acts_as_authentic_test/login_test.rb +73 -78
- data/test/acts_as_authentic_test/password_test.rb +30 -18
- data/test/acts_as_authentic_test/perishable_token_test.rb +9 -3
- data/test/acts_as_authentic_test/persistence_token_test.rb +4 -0
- data/test/acts_as_authentic_test/session_maintenance_test.rb +66 -14
- data/test/adapter_test.rb +21 -0
- data/test/gemfiles/Gemfile.rails-4.2.x +2 -2
- data/test/gemfiles/Gemfile.rails-5.0.x +2 -2
- data/test/gemfiles/Gemfile.rails-master +6 -0
- data/test/i18n_test.rb +1 -1
- data/test/libs/company.rb +2 -2
- data/test/random_test.rb +7 -37
- data/test/session_test/active_record_trickery_test.rb +4 -3
- data/test/session_test/brute_force_protection_test.rb +8 -8
- data/test/session_test/callbacks_test.rb +1 -1
- data/test/session_test/cookies_test.rb +27 -4
- data/test/session_test/existence_test.rb +15 -4
- data/test/session_test/foundation_test.rb +16 -0
- data/test/session_test/http_auth_test.rb +3 -1
- data/test/session_test/magic_columns_test.rb +10 -12
- data/test/session_test/params_test.rb +4 -1
- data/test/session_test/password_test.rb +7 -7
- data/test/session_test/persistence_test.rb +1 -0
- data/test/session_test/scopes_test.rb +7 -7
- data/test/session_test/session_test.rb +2 -2
- data/test/session_test/timeout_test.rb +1 -1
- data/test/session_test/unauthorized_record_test.rb +1 -1
- data/test/test_helper.rb +111 -103
- metadata +68 -64
- data/test/gemfiles/Gemfile.rails-3.2.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.0.x +0 -7
- data/test/gemfiles/Gemfile.rails-4.1.x +0 -7
@@ -1,17 +1,19 @@
|
|
1
1
|
module Authlogic
|
2
2
|
module Session
|
3
|
-
# Handles all authentication that deals with basic HTTP auth. Which is
|
3
|
+
# Handles all authentication that deals with basic HTTP auth. Which is
|
4
|
+
# authentication built into the HTTP protocol:
|
4
5
|
#
|
5
6
|
# http://username:password@whatever.com
|
6
7
|
#
|
7
|
-
# Also, if you are not comfortable letting users pass their raw username and
|
8
|
-
#
|
8
|
+
# Also, if you are not comfortable letting users pass their raw username and
|
9
|
+
# password you can always use the single access token. See
|
10
|
+
# Authlogic::Session::Params for more info.
|
9
11
|
module HttpAuth
|
10
12
|
def self.included(klass)
|
11
13
|
klass.class_eval do
|
12
14
|
extend Config
|
13
15
|
include InstanceMethods
|
14
|
-
persist :persist_by_http_auth, :
|
16
|
+
persist :persist_by_http_auth, if: :persist_by_http_auth?
|
15
17
|
end
|
16
18
|
end
|
17
19
|
|
@@ -19,13 +21,15 @@ module Authlogic
|
|
19
21
|
module Config
|
20
22
|
# Do you want to allow your users to log in via HTTP basic auth?
|
21
23
|
#
|
22
|
-
# I recommend keeping this enabled. The only time I feel this should be
|
23
|
-
#
|
24
|
+
# I recommend keeping this enabled. The only time I feel this should be
|
25
|
+
# disabled is if you are not comfortable having your users provide their
|
26
|
+
# raw username and password. Whatever the reason, you can disable it
|
27
|
+
# here.
|
24
28
|
#
|
25
29
|
# * <tt>Default:</tt> true
|
26
30
|
# * <tt>Accepts:</tt> Boolean
|
27
31
|
def allow_http_basic_auth(value = nil)
|
28
|
-
rw_config(:allow_http_basic_auth, value,
|
32
|
+
rw_config(:allow_http_basic_auth, value, false)
|
29
33
|
end
|
30
34
|
alias_method :allow_http_basic_auth=, :allow_http_basic_auth
|
31
35
|
|
@@ -83,7 +87,10 @@ module Authlogic
|
|
83
87
|
end
|
84
88
|
|
85
89
|
if self.class.request_http_basic_auth
|
86
|
-
controller.authenticate_or_request_with_http_basic(
|
90
|
+
controller.authenticate_or_request_with_http_basic(
|
91
|
+
self.class.http_basic_auth_realm,
|
92
|
+
&login_proc
|
93
|
+
)
|
87
94
|
else
|
88
95
|
controller.authenticate_with_http_basic(&login_proc)
|
89
96
|
end
|
@@ -16,7 +16,8 @@ module Authlogic
|
|
16
16
|
module Config
|
17
17
|
# Lets you change which model to use for authentication.
|
18
18
|
#
|
19
|
-
# * <tt>Default:</tt> inferred from the class name. UserSession would
|
19
|
+
# * <tt>Default:</tt> inferred from the class name. UserSession would
|
20
|
+
# automatically try User
|
20
21
|
# * <tt>Accepts:</tt> an ActiveRecord class
|
21
22
|
def authenticate_with(klass)
|
22
23
|
@klass_name = klass.name
|
@@ -24,9 +25,10 @@ module Authlogic
|
|
24
25
|
end
|
25
26
|
alias_method :authenticate_with=, :authenticate_with
|
26
27
|
|
27
|
-
# The name of the class that this session is authenticating with. For
|
28
|
-
#
|
29
|
-
#
|
28
|
+
# The name of the class that this session is authenticating with. For
|
29
|
+
# example, the UserSession class will authenticate with the User class
|
30
|
+
# unless you specify otherwise in your configuration. See
|
31
|
+
# authenticate_with for information on how to change this value.
|
30
32
|
def klass
|
31
33
|
@klass ||= klass_name ? klass_name.constantize : nil
|
32
34
|
end
|
@@ -48,7 +50,7 @@ module Authlogic
|
|
48
50
|
#
|
49
51
|
# session.record
|
50
52
|
def initialize(*args)
|
51
|
-
|
53
|
+
unless self.class.configured_klass_methods
|
52
54
|
self.class.send(:alias_method, klass_name.demodulize.underscore.to_sym, :record)
|
53
55
|
self.class.configured_klass_methods = true
|
54
56
|
end
|
@@ -19,10 +19,10 @@ module Authlogic
|
|
19
19
|
klass.class_eval do
|
20
20
|
extend Config
|
21
21
|
include InstanceMethods
|
22
|
-
after_persisting :set_last_request_at, :
|
22
|
+
after_persisting :set_last_request_at, if: :set_last_request_at?
|
23
23
|
validate :increase_failed_login_count
|
24
24
|
before_save :update_info
|
25
|
-
before_save :set_last_request_at, :
|
25
|
+
before_save :set_last_request_at, if: :set_last_request_at?
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
@@ -47,6 +47,12 @@ module Authlogic
|
|
47
47
|
module InstanceMethods
|
48
48
|
private
|
49
49
|
|
50
|
+
def clear_failed_login_count
|
51
|
+
if record.respond_to?(:failed_login_count)
|
52
|
+
record.failed_login_count = 0
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
50
56
|
def increase_failed_login_count
|
51
57
|
if invalid_password? && attempted_record.respond_to?(:failed_login_count)
|
52
58
|
attempted_record.failed_login_count ||= 0
|
@@ -54,24 +60,31 @@ module Authlogic
|
|
54
60
|
end
|
55
61
|
end
|
56
62
|
|
57
|
-
def
|
63
|
+
def increment_login_cout
|
58
64
|
if record.respond_to?(:login_count)
|
59
65
|
record.login_count = (record.login_count.blank? ? 1 : record.login_count + 1)
|
60
66
|
end
|
67
|
+
end
|
61
68
|
|
62
|
-
|
63
|
-
|
69
|
+
def update_info
|
70
|
+
increment_login_cout
|
71
|
+
clear_failed_login_count
|
72
|
+
update_login_timestamps
|
73
|
+
update_login_ip_addresses
|
74
|
+
end
|
75
|
+
|
76
|
+
def update_login_ip_addresses
|
77
|
+
if record.respond_to?(:current_login_ip)
|
78
|
+
record.last_login_ip = record.current_login_ip if record.respond_to?(:last_login_ip)
|
79
|
+
record.current_login_ip = controller.request.ip
|
64
80
|
end
|
81
|
+
end
|
65
82
|
|
83
|
+
def update_login_timestamps
|
66
84
|
if record.respond_to?(:current_login_at)
|
67
85
|
record.last_login_at = record.current_login_at if record.respond_to?(:last_login_at)
|
68
86
|
record.current_login_at = klass.default_timezone == :utc ? Time.now.utc : Time.now
|
69
87
|
end
|
70
|
-
|
71
|
-
if record.respond_to?(:current_login_ip)
|
72
|
-
record.last_login_ip = record.current_login_ip if record.respond_to?(:last_login_ip)
|
73
|
-
record.current_login_ip = controller.request.ip
|
74
|
-
end
|
75
88
|
end
|
76
89
|
|
77
90
|
# This method lets authlogic know whether it should allow the
|
@@ -92,7 +105,7 @@ module Authlogic
|
|
92
105
|
# end
|
93
106
|
#
|
94
107
|
# You can do whatever you want with that method.
|
95
|
-
def set_last_request_at?
|
108
|
+
def set_last_request_at?
|
96
109
|
if !record || !klass.column_names.include?("last_request_at")
|
97
110
|
return false
|
98
111
|
end
|
@@ -25,7 +25,7 @@ module Authlogic
|
|
25
25
|
klass.class_eval do
|
26
26
|
extend Config
|
27
27
|
include InstanceMethods
|
28
|
-
validate :validate_magic_states, :
|
28
|
+
validate :validate_magic_states, unless: :disable_magic_states?
|
29
29
|
end
|
30
30
|
end
|
31
31
|
|
@@ -54,15 +54,22 @@ module Authlogic
|
|
54
54
|
self.class.disable_magic_states == true
|
55
55
|
end
|
56
56
|
|
57
|
+
# @api private
|
58
|
+
def required_magic_states_for(record)
|
59
|
+
[:active, :approved, :confirmed].select { |state|
|
60
|
+
record.respond_to?("#{state}?")
|
61
|
+
}
|
62
|
+
end
|
63
|
+
|
57
64
|
def validate_magic_states
|
58
65
|
return true if attempted_record.nil?
|
59
|
-
|
60
|
-
|
66
|
+
required_magic_states_for(attempted_record).each do |required_status|
|
67
|
+
unless attempted_record.send("#{required_status}?")
|
61
68
|
errors.add(
|
62
69
|
:base,
|
63
70
|
I18n.t(
|
64
71
|
"error_messages.not_#{required_status}",
|
65
|
-
:
|
72
|
+
default: "Your account is not #{required_status}"
|
66
73
|
)
|
67
74
|
)
|
68
75
|
return false
|
@@ -66,7 +66,11 @@ module Authlogic
|
|
66
66
|
# * <tt>Accepts:</tt> String of a request type, or :all or :any to
|
67
67
|
# allow single access authentication for any and all request types
|
68
68
|
def single_access_allowed_request_types(value = nil)
|
69
|
-
rw_config(
|
69
|
+
rw_config(
|
70
|
+
:single_access_allowed_request_types,
|
71
|
+
value,
|
72
|
+
["application/rss+xml", "application/atom+xml"]
|
73
|
+
)
|
70
74
|
end
|
71
75
|
alias_method :single_access_allowed_request_types=, :single_access_allowed_request_types
|
72
76
|
end
|
@@ -77,7 +81,7 @@ module Authlogic
|
|
77
81
|
private
|
78
82
|
|
79
83
|
def persist_by_params
|
80
|
-
return false
|
84
|
+
return false unless params_enabled?
|
81
85
|
self.unauthorized_record = search_for_record("find_by_single_access_token", params_credentials)
|
82
86
|
self.single_access = valid?
|
83
87
|
end
|
@@ -6,7 +6,7 @@ module Authlogic
|
|
6
6
|
klass.class_eval do
|
7
7
|
extend Config
|
8
8
|
include InstanceMethods
|
9
|
-
validate :validate_by_password, :
|
9
|
+
validate :validate_by_password, if: :authenticating_with_password?
|
10
10
|
|
11
11
|
class << self
|
12
12
|
attr_accessor :configured_password_methods
|
@@ -127,42 +127,10 @@ module Authlogic
|
|
127
127
|
alias_method :verify_password_method=, :verify_password_method
|
128
128
|
end
|
129
129
|
|
130
|
-
# Password
|
130
|
+
# Password related instance methods
|
131
131
|
module InstanceMethods
|
132
|
-
E_AC_PARAMETERS = <<-STR.strip_heredoc.freeze
|
133
|
-
You have passed an ActionController::Parameters to Authlogic 3. That's
|
134
|
-
OK for now, but in Authlogic 4, it will raise an error. Please
|
135
|
-
replace:
|
136
|
-
|
137
|
-
UserSession.new(user_session_params)
|
138
|
-
UserSession.create(user_session_params)
|
139
|
-
|
140
|
-
with
|
141
|
-
|
142
|
-
UserSession.new(user_session_params.to_h)
|
143
|
-
UserSession.create(user_session_params.to_h)
|
144
|
-
|
145
|
-
And don't forget to `permit`!
|
146
|
-
|
147
|
-
During the transition of rails to Strong Parameters, it has been
|
148
|
-
common for Authlogic users to forget to `permit` their params. They
|
149
|
-
would pass their params into Authlogic, we'd call `to_h`, and they'd
|
150
|
-
be surprised when authentication failed.
|
151
|
-
|
152
|
-
In 2018, people are still making this mistake. We'd like to help them
|
153
|
-
and make authlogic a little simpler at the same time, so in Authlogic
|
154
|
-
3.7.0, we deprecated the use of ActionController::Parameters.
|
155
|
-
|
156
|
-
We discussed this issue thoroughly between late 2016 and early
|
157
|
-
2018. Notable discussions include:
|
158
|
-
|
159
|
-
- https://github.com/binarylogic/authlogic/issues/512
|
160
|
-
- https://github.com/binarylogic/authlogic/pull/558
|
161
|
-
- https://github.com/binarylogic/authlogic/pull/577
|
162
|
-
STR
|
163
|
-
|
164
132
|
def initialize(*args)
|
165
|
-
|
133
|
+
unless self.class.configured_password_methods
|
166
134
|
configure_password_methods
|
167
135
|
self.class.configured_password_methods = true
|
168
136
|
end
|
@@ -184,14 +152,19 @@ module Authlogic
|
|
184
152
|
|
185
153
|
# Accepts the login_field / password_field credentials combination in
|
186
154
|
# hash form.
|
155
|
+
#
|
156
|
+
# You must pass an actual Hash, `ActionController::Parameters` is
|
157
|
+
# specifically not allowed.
|
158
|
+
#
|
159
|
+
# See `Authlogic::Session::Foundation#credentials=` for an overview of
|
160
|
+
# all method signatures.
|
187
161
|
def credentials=(value)
|
188
162
|
super
|
189
|
-
values =
|
190
|
-
|
163
|
+
values = Array.wrap(value)
|
191
164
|
if values.first.is_a?(Hash)
|
192
|
-
values.first.with_indifferent_access.slice(login_field, password_field).each do |field,
|
193
|
-
next if
|
194
|
-
send("#{field}=",
|
165
|
+
values.first.with_indifferent_access.slice(login_field, password_field).each do |field, val|
|
166
|
+
next if val.blank?
|
167
|
+
send("#{field}=", val)
|
195
168
|
end
|
196
169
|
end
|
197
170
|
end
|
@@ -202,26 +175,42 @@ module Authlogic
|
|
202
175
|
|
203
176
|
private
|
204
177
|
|
178
|
+
def add_invalid_password_error
|
179
|
+
if generalize_credentials_error_messages?
|
180
|
+
add_general_credentials_error
|
181
|
+
else
|
182
|
+
errors.add(password_field, I18n.t('error_messages.password_invalid', default: "is not valid"))
|
183
|
+
end
|
184
|
+
end
|
185
|
+
|
186
|
+
def add_login_not_found_error
|
187
|
+
if generalize_credentials_error_messages?
|
188
|
+
add_general_credentials_error
|
189
|
+
else
|
190
|
+
errors.add(login_field, I18n.t('error_messages.login_not_found', default: "is not valid"))
|
191
|
+
end
|
192
|
+
end
|
193
|
+
|
205
194
|
def configure_password_methods
|
206
195
|
if login_field
|
207
|
-
self.class.send(:attr_writer, login_field)
|
208
|
-
self.class.send(:attr_reader, login_field)
|
196
|
+
self.class.send(:attr_writer, login_field) unless respond_to?("#{login_field}=")
|
197
|
+
self.class.send(:attr_reader, login_field) unless respond_to?(login_field)
|
209
198
|
end
|
210
199
|
|
211
200
|
if password_field
|
212
|
-
self.class.send(:attr_writer, password_field)
|
213
|
-
self.class.send(:define_method, password_field) {}
|
201
|
+
self.class.send(:attr_writer, password_field) unless respond_to?("#{password_field}=")
|
202
|
+
self.class.send(:define_method, password_field) {} unless respond_to?(password_field)
|
214
203
|
|
215
204
|
# The password should not be accessible publicly. This way forms
|
216
205
|
# using form_for don't fill the password with the attempted
|
217
206
|
# password. To prevent this we just create this method that is
|
218
207
|
# private.
|
219
|
-
self.class.class_eval <<-
|
208
|
+
self.class.class_eval <<-EOS, __FILE__, __LINE__
|
220
209
|
private
|
221
210
|
def protected_#{password_field}
|
222
211
|
@#{password_field}
|
223
212
|
end
|
224
|
-
|
213
|
+
EOS
|
225
214
|
end
|
226
215
|
end
|
227
216
|
|
@@ -234,27 +223,23 @@ module Authlogic
|
|
234
223
|
|
235
224
|
# check for blank fields
|
236
225
|
if send(login_field).blank?
|
237
|
-
errors.add(login_field, I18n.t('error_messages.login_blank', :
|
226
|
+
errors.add(login_field, I18n.t('error_messages.login_blank', default: "cannot be blank"))
|
238
227
|
end
|
239
228
|
if send("protected_#{password_field}").blank?
|
240
|
-
errors.add(password_field, I18n.t('error_messages.password_blank', :
|
229
|
+
errors.add(password_field, I18n.t('error_messages.password_blank', default: "cannot be blank"))
|
241
230
|
end
|
242
231
|
return if errors.count > 0
|
243
232
|
|
244
233
|
self.attempted_record = search_for_record(find_by_login_method, send(login_field))
|
245
234
|
if attempted_record.blank?
|
246
|
-
|
247
|
-
add_general_credentials_error :
|
248
|
-
errors.add(login_field, I18n.t('error_messages.login_not_found', :default => "is not valid"))
|
235
|
+
add_login_not_found_error
|
249
236
|
return
|
250
237
|
end
|
251
238
|
|
252
239
|
# check for invalid password
|
253
|
-
|
240
|
+
unless attempted_record.send(verify_password_method, send("protected_#{password_field}"))
|
254
241
|
self.invalid_password = true
|
255
|
-
|
256
|
-
add_general_credentials_error :
|
257
|
-
errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
|
242
|
+
add_invalid_password_error
|
258
243
|
return
|
259
244
|
end
|
260
245
|
end
|
@@ -271,12 +256,12 @@ module Authlogic
|
|
271
256
|
|
272
257
|
def add_general_credentials_error
|
273
258
|
error_message =
|
274
|
-
|
275
|
-
|
276
|
-
|
277
|
-
|
278
|
-
|
279
|
-
errors.add(:base, I18n.t('error_messages.general_credentials_error', :
|
259
|
+
if self.class.generalize_credentials_error_messages.is_a? String
|
260
|
+
self.class.generalize_credentials_error_messages
|
261
|
+
else
|
262
|
+
"#{login_field.to_s.humanize}/Password combination is not valid"
|
263
|
+
end
|
264
|
+
errors.add(:base, I18n.t('error_messages.general_credentials_error', default: error_message))
|
280
265
|
end
|
281
266
|
|
282
267
|
def generalize_credentials_error_messages?
|
@@ -290,18 +275,6 @@ module Authlogic
|
|
290
275
|
def verify_password_method
|
291
276
|
self.class.verify_password_method
|
292
277
|
end
|
293
|
-
|
294
|
-
# In Rails 5 the ActionController::Parameters no longer inherits from HashWithIndifferentAccess.
|
295
|
-
# See: http://guides.rubyonrails.org/upgrading_ruby_on_rails.html#actioncontroller-parameters-no-longer-inherits-from-hashwithindifferentaccess
|
296
|
-
# This method converts the ActionController::Parameters to a Hash
|
297
|
-
def parse_param_val(value)
|
298
|
-
if value.first.class.name == "ActionController::Parameters"
|
299
|
-
ActiveSupport::Deprecation.warn(E_AC_PARAMETERS)
|
300
|
-
[value.first.to_h]
|
301
|
-
else
|
302
|
-
value.is_a?(Array) ? value : [value]
|
303
|
-
end
|
304
|
-
end
|
305
278
|
end
|
306
279
|
end
|
307
280
|
end
|
@@ -34,22 +34,26 @@ module Authlogic
|
|
34
34
|
#
|
35
35
|
# See the id method for more information on ids.
|
36
36
|
def find(id = nil, priority_record = nil)
|
37
|
-
session = new({ :
|
37
|
+
session = new({ priority_record: priority_record }, id)
|
38
38
|
session.priority_record = priority_record
|
39
39
|
if session.persisting?
|
40
40
|
session
|
41
|
-
else
|
42
|
-
nil
|
43
41
|
end
|
44
42
|
end
|
45
43
|
end
|
46
44
|
|
47
45
|
module InstanceMethods
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
46
|
+
# Returns boolean indicating if the session is being persisted or not,
|
47
|
+
# meaning the user does not have to explicitly log in in order to be
|
48
|
+
# logged in.
|
49
|
+
#
|
50
|
+
# If the session has no associated record, it will try to find a record
|
51
|
+
# and persist the session.
|
52
|
+
#
|
53
|
+
# This is the method that the class level method find uses to ultimately
|
54
|
+
# persist the session.
|
51
55
|
def persisting?
|
52
|
-
return true
|
56
|
+
return true unless record.nil?
|
53
57
|
self.attempted_record = nil
|
54
58
|
self.remember_me = !cookie_credentials.nil? && !cookie_credentials[2].nil?
|
55
59
|
before_persisting
|
@@ -1,8 +1,10 @@
|
|
1
1
|
module Authlogic
|
2
2
|
module Session
|
3
|
-
# The point of this module is to avoid the StaleObjectError raised when
|
4
|
-
# We accomplish this by using a
|
5
|
-
#
|
3
|
+
# The point of this module is to avoid the StaleObjectError raised when
|
4
|
+
# lock_version is implemented in ActiveRecord. We accomplish this by using a
|
5
|
+
# "priority record". Meaning this record is used if possible, it gets
|
6
|
+
# priority. This way we don't save a record behind the scenes thus making an
|
7
|
+
# object being used stale.
|
6
8
|
module PriorityRecord
|
7
9
|
def self.included(klass)
|
8
10
|
klass.class_eval do
|
@@ -10,7 +12,8 @@ module Authlogic
|
|
10
12
|
end
|
11
13
|
end
|
12
14
|
|
13
|
-
# Setting priority record if it is passed. The only way it can be passed
|
15
|
+
# Setting priority record if it is passed. The only way it can be passed
|
16
|
+
# is through an array:
|
14
17
|
#
|
15
18
|
# session.credentials = [real_user_object, priority_user_object]
|
16
19
|
def credentials=(value)
|