authlogic 3.8.0 → 4.0.0

data/lib/authlogic/session/scopes.rb

@@ -69,7 +69,7 @@ module Authlogic
         # The name of your cookies will be:
         #
         #   secure_account_2_user_credentials
-        def with_scope(options = {}, &block)
+        def with_scope(options = {})
           raise ArgumentError.new("You must provide a block") unless block_given?
           self.scope = options
           result = yield
@@ -103,14 +103,23 @@ module Authlogic
             [scope[:id], super].compact.join("_")
           end
 
+          # `args[0]` is the name of an AR method, like
+          # `find_by_single_access_token`.
           def search_for_record(*args)
-            session_scope = if scope[:find_options].is_a?(ActiveRecord::Relation)
+            search_scope.scoping do
+              klass.send(*args)
+            end
+          end
+
+          # Returns an AR relation representing the scope of the search. The
+          # relation is either provided directly by, or defined by
+          # `find_options`.
+          def search_scope
+            if scope[:find_options].is_a?(ActiveRecord::Relation)
               scope[:find_options]
             else
-              klass.send(:where, scope[:find_options] && scope[:find_options][:conditions] || {})
-            end
-            session_scope.scoping do
-              klass.send(*args)
+              conditions = scope[:find_options] && scope[:find_options][:conditions] || {}
+              klass.send(:where, conditions)
             end
           end
       end

data/lib/authlogic/session/session.rb

@@ -1,6 +1,7 @@
 module Authlogic
   module Session
-    # Handles all parts of authentication that deal with sessions. Such as persisting a session and saving / destroy a session.
+    # Handles all parts of authentication that deal with sessions. Such as persisting a
+    # session and saving / destroy a session.
     module Session
       def self.included(klass)
         klass.class_eval do
@@ -9,7 +10,7 @@ module Authlogic
           persist :persist_by_session
           after_save :update_session
           after_destroy :update_session
-          after_persisting :update_session, :unless => :single_access?
+          after_persisting :update_session, unless: :single_access?
         end
       end
 
@@ -33,19 +34,27 @@ module Authlogic
           def persist_by_session
             persistence_token, record_id = session_credentials
             if !persistence_token.nil?
-              # Allow finding by persistence token, because when records are created the
-              # session is maintained in a before_save, when there is no id. This is done
-              # for performance reasons and to save on queries.
-              record = record_id.nil? ?
-                search_for_record("find_by_persistence_token", persistence_token.to_s) :
-                search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
-              self.unauthorized_record = record if record && record.persistence_token == persistence_token
+              record = persist_by_session_search(persistence_token, record_id)
+              if record && record.persistence_token == persistence_token
+                self.unauthorized_record = record
+              end
               valid?
             else
               false
             end
           end
 
+          # Allow finding by persistence token, because when records are created
+          # the session is maintained in a before_save, when there is no id.
+          # This is done for performance reasons and to save on queries.
+          def persist_by_session_search(persistence_token, record_id)
+            if record_id.nil?
+              search_for_record("find_by_persistence_token", persistence_token.to_s)
+            else
+              search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
+            end
+          end
+
           def session_credentials
             [
               controller.session[session_key],
@@ -59,7 +68,8 @@ module Authlogic
 
           def update_session
             controller.session[session_key] = record && record.persistence_token
-            controller.session["#{session_key}_#{klass.primary_key}"] = record && record.send(record.class.primary_key)
+            compound_key = "#{session_key}_#{klass.primary_key}"
+            controller.session[compound_key] = record && record.send(record.class.primary_key)
           end
       end
     end

data/lib/authlogic/session/timeout.rb

@@ -41,7 +41,7 @@ module Authlogic
         # they login and then leave the website, when do mark them as logged
         # out? I recommend just using this as a fun feature on your website or
         # reports, giving you a ballpark number of users logged in and active.
-        # This is not meant to be a dead accurate representation of a users
+        # This is not meant to be a dead accurate representation of a user's
         # logged in state, since there is really no real way to do this with web
         # based apps. Think about a user that logs in and doesn't log out. There
         # is no action that tells you that the user isn't technically still
@@ -52,7 +52,7 @@ module Authlogic
         # this option to true and if your record returns true for stale? then
         # they will be required to log back in.
         #
-        # Lastly, UserSession.find will still return a object is the session is
+        # Lastly, UserSession.find will still return an object if the session is
         # stale, but you will not get a record. This allows you to determine if
         # the user needs to log back in because their session went stale, or
         # because they just aren't logged in. Just call

data/lib/authlogic/session/unauthorized_record.rb

@@ -15,7 +15,7 @@ module Authlogic
       def self.included(klass)
         klass.class_eval do
           attr_accessor :unauthorized_record
-          validate :validate_by_unauthorized_record, :if => :authenticating_with_unauthorized_record?
+          validate :validate_by_unauthorized_record, if: :authenticating_with_unauthorized_record?
         end
       end
 

data/lib/authlogic/session/validation.rb

@@ -83,7 +83,7 @@ module Authlogic
               :base,
               I18n.t(
                 'error_messages.no_authentication_details',
-                :default => "You did not provide any details for authentication."
+                default: "You did not provide any details for authentication."
               )
             )
           end

data/lib/authlogic/test_case.rb

@@ -50,7 +50,7 @@ module Authlogic
   #   ben:
   #     email: whatever@whatever.com
   #     password_salt: <%= salt = Authlogic::Random.hex_token %>
-  #     crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
+  #     crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("benrocks" + salt) %>
   #     persistence_token: <%= Authlogic::Random.hex_token %>
   #     single_access_token: <%= Authlogic::Random.friendly_token %>
   #     perishable_token: <%= Authlogic::Random.friendly_token %>
@@ -113,6 +113,67 @@ module Authlogic
   #
   # See how I am checking that Authlogic is interacting with the controller
   # properly? That's the idea here.
+  #
+  # === Testing with Rails 5
+  #
+  # Rails 5 has [deprecated classic controller tests](https://goo.gl/4zmt6y).
+  # Controller tests now inherit from `ActionDispatch::IntegrationTest` making
+  # them plain old integration tests now. You have two options for testing
+  # AuthLogic in Rails 5:
+  #
+  # * Add the `rails-controller-testing` gem to bring back the original
+  #   controller testing usage
+  # * Go full steam ahead with integration testing and actually log a user in
+  #   by submitting a form in the integration test.
+  #
+  # Naturally DHH recommends the second method and this is
+  # [what he does in his own tests](https://goo.gl/Ar6p0u). This is useful
+  # for testing not only AuthLogic itself (submitting login credentials to a
+  # UserSessionsController, for example) but any controller action that is
+  # behind a login wall. Add a helper method and use that before testing your
+  # actual controller action:
+  #
+  #   # test/test_helper.rb
+  #   def login(user)
+  #     post user_sessions_url, :params => { :email => user.email, :password => 'password' }
+  #   end
+  #
+  #   # test/controllers/posts_controller_test.rb
+  #   test "#create requires a user to be logged in
+  #     post posts_url, :params => { :body => 'Lorem ipsum' }
+  #
+  #     assert_redirected_to new_user_session_url
+  #   end
+  #
+  #   test "#create lets a logged in user create a new post" do
+  #     login(users(:admin))
+  #
+  #     assert_difference 'Posts.count' do
+  #       post posts_url, :params => { :body => 'Lorem ipsum' }
+  #     end
+  #
+  #     assert_redirected_to posts_url
+  #   end
+  #
+  # You still have access to the `session` helper in an integration test and so
+  # you can still test to see if a user is logged in. A couple of helper methods
+  # might look like:
+  #
+  #   # test/test_helper.rb
+  #   def assert_logged_in
+  #     assert session[:user_credentials].present?
+  #   end
+  #
+  #   def assert_not_logged_in
+  #     assert session[:user_credentials].blank?
+  #   end
+  #
+  #   # test/user_sessions_controller_test.rb
+  #   test "#create logs in a user" do
+  #     login(users(:admin))
+  #
+  #     assert_logged_in
+  #   end
   module TestCase
     # Activates authlogic so that you can use it in your tests. You should call
     # this method in your test's setup. Ex:
@@ -125,7 +186,9 @@ module Authlogic
         end
       end
 
-      Authlogic::Session::Base.controller = (@request && Authlogic::TestCase::RailsRequestAdapter.new(@request)) || controller
+      Authlogic::Session::Base.controller = @request &&
+        Authlogic::TestCase::RailsRequestAdapter.new(@request) ||
+        controller
     end
 
     # The Authlogic::TestCase::MockController object passed to Authlogic to

data/lib/authlogic/test_case/mock_controller.rb

@@ -1,7 +1,8 @@
 module Authlogic
   module TestCase
-    # Basically acts like a controller but doesn't do anything. Authlogic can interact with this, do it's thing and then you
-    # can look at the controller object to see if anything changed.
+    # Basically acts like a controller but doesn't do anything. Authlogic can interact
+    # with this, do it's thing and then you can look at the controller object to see if
+    # anything changed.
     class MockController < ControllerAdapters::AbstractAdapter
       attr_accessor :http_user, :http_password, :realm
       attr_writer :request_content_type
@@ -9,11 +10,11 @@ module Authlogic
       def initialize
       end
 
-      def authenticate_with_http_basic(&block)
+      def authenticate_with_http_basic
         yield http_user, http_password
       end
 
-      def authenticate_or_request_with_http_basic(realm = 'DefaultRealm', &block)
+      def authenticate_or_request_with_http_basic(realm = 'DefaultRealm')
         self.realm = realm
         @http_auth_requested = true
         yield http_user, http_password

data/lib/authlogic/test_case/mock_cookie_jar.rb

@@ -1,12 +1,20 @@
 module Authlogic
   module TestCase
+    # A mock of `ActionDispatch::Cookies::CookieJar`.
     class MockCookieJar < Hash # :nodoc:
+      attr_accessor :set_cookies
+
       def [](key)
         hash = super
         hash && hash[:value]
       end
 
-      def delete(key, options = {})
+      def []=(key, options)
+        (@set_cookies ||= {})[key.to_s] = options
+        super
+      end
+
+      def delete(key, _options = {})
         super(key)
       end
 
@@ -23,7 +31,8 @@ module Authlogic
       end
 
       def [](val)
-        if signed_message = @parent_jar[val]
+        signed_message = @parent_jar[val]
+        if signed_message
           payload, signature = signed_message.split('--')
           raise "Invalid signature" unless Digest::SHA1.hexdigest(payload) == signature
           payload

data/lib/authlogic/test_case/mock_request.rb

@@ -8,7 +8,11 @@ module Authlogic
       end
 
       def ip
-        (controller && controller.respond_to?(:env) && controller.env.is_a?(Hash) && controller.env['REMOTE_ADDR']) || "1.1.1.1"
+        controller &&
+          controller.respond_to?(:env) &&
+          controller.env.is_a?(Hash) &&
+          controller.env['REMOTE_ADDR'] ||
+          "1.1.1.1"
       end
 
       private

data/lib/authlogic/test_case/rails_request_adapter.rb

@@ -1,7 +1,8 @@
 module Authlogic
   module TestCase
-    # Adapts authlogic to work with the @request object when testing. This way Authlogic can set cookies and what not before
-    # a request is made, ultimately letting you log in users in functional tests.
+    # Adapts authlogic to work with the @request object when testing. This way Authlogic
+    # can set cookies and what not before a request is made, ultimately letting you log in
+    # users in functional tests.
     class RailsRequestAdapter < ControllerAdapters::AbstractAdapter
       def authenticate_with_http_basic(&block)
       end

data/lib/authlogic/version.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require "rubygems"
+
+module Authlogic
+  # Returns a `::Gem::Version`, the version number of the authlogic gem.
+  #
+  # It is preferable for a library to provide a `gem_version` method, rather
+  # than a `VERSION` string, because `::Gem::Version` is easier to use in a
+  # comparison.
+  #
+  # @api public
+  def self.gem_version
+    ::Gem::Version.new('4.0.0')
+  end
+end

data/test/acts_as_authentic_test/email_test.rb

@@ -1,4 +1,3 @@
-# encoding: utf-8
 require 'test_helper'
 
 module ActsAsAuthenticTest
@@ -10,7 +9,7 @@ module ActsAsAuthenticTest
       "dakota.d'ux@gmail.com",
       "a&b@c.com",
       "someuser@somedomain.travelersinsurance"
-    ]
+    ].freeze
 
     BAD_ASCII_EMAILS = [
       "",
@@ -19,13 +18,13 @@ module ActsAsAuthenticTest
       "backslash@g\\mail.com",
       "<script>alert(123);</script>\nnobody@example.com",
       "someuser@somedomain.isreallytoolongandimeanreallytoolong"
-    ]
+    ].freeze
 
     # http://en.wikipedia.org/wiki/ISO/IEC_8859-1#Codepage_layout
     GOOD_ISO88591_EMAILS = [
       "töm.öm@dömain.fi",  # https://github.com/binarylogic/authlogic/issues/176
       "Pelé@examplé.com",  # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-    ]
+    ].freeze
 
     BAD_ISO88591_EMAILS = [
       "",
@@ -34,19 +33,19 @@ module ActsAsAuthenticTest
       "é[@example.com",  # L bracket
       "question?mark@gmail.com",  # question mark
       "back\\slash@gmail.com",    # backslash
-    ]
+    ].freeze
 
     GOOD_UTF8_EMAILS = [
-      "δκιμή@παράδεγμα.δοκμή",            # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
+      "δκιμή@παράδεγμα.δοκμή", # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
       "我本@屋企.香港",                     # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
       "甲斐@黒川.日買",                     # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-      "чебурша@ящик-с-пельнами.рф",       # Contains dashes in domain head
-      "企斐@黒川.みんな",                                              #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
-    ]
+      "чебурша@ящик-с-пельнами.рф", # Contains dashes in domain head
+      "企斐@黒川.みんな", #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
+    ].freeze
 
     BAD_UTF8_EMAILS = [
       "",
-              ".みんな",                                                    #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
+      ".みんな", #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
       'δκιμή@παράδεγμα.δ',          # short TLD
       "öm(@ava.fi",                 # L paren
       "é)@domain.com",              # R paren
@@ -54,14 +53,14 @@ module ActsAsAuthenticTest
       "δ]@πράιγμα.δοκμή",           # R bracket
       "我\.香港",                    # slash
       "甲;.日本",                    # semicolon
-      "ч:@ящик-с-пельнами.рф",      # colon
-      "斐,.みんな",                                           #  comma
+      "ч:@ящик-с-пельнами.рф", # colon
+      "斐,.みんな", #  comma
       "香<.香港",                    # less than
       "我>.香港",                    # greater than
-      "我?本@屋企.香港",              # question mark
-      "чебурша@ьн\\ами.рф",         # backslash
+      "我?本@屋企.香港", # question mark
+      "чебурша@ьн\\ами.рф", # backslash
       "user@domain.com%0A<script>alert('hello')</script>"
-    ]
+    ].freeze
 
     def test_email_field_config
       assert_equal :email, User.email_field
@@ -84,22 +83,22 @@ module ActsAsAuthenticTest
     end
 
     def test_validates_length_of_email_field_options_config
-      assert_equal({ :maximum => 100 }, User.validates_length_of_email_field_options)
-      assert_equal({ :maximum => 100 }, Employee.validates_length_of_email_field_options)
+      assert_equal({ maximum: 100 }, User.validates_length_of_email_field_options)
+      assert_equal({ maximum: 100 }, Employee.validates_length_of_email_field_options)
 
-      User.validates_length_of_email_field_options = { :yes => "no" }
-      assert_equal({ :yes => "no" }, User.validates_length_of_email_field_options)
-      User.validates_length_of_email_field_options({ :within => 6..100 })
-      assert_equal({ :within => 6..100 }, User.validates_length_of_email_field_options)
+      User.validates_length_of_email_field_options = { yes: "no" }
+      assert_equal({ yes: "no" }, User.validates_length_of_email_field_options)
+      User.validates_length_of_email_field_options(within: 6..100)
+      assert_equal({ within: 6..100 }, User.validates_length_of_email_field_options)
     end
 
     def test_validates_format_of_email_field_options_config
       default = {
-        :with => Authlogic::Regex.email,
-        :message => proc do
+        with: Authlogic::Regex.email,
+        message: proc do
           I18n.t(
             'error_messages.email_invalid',
-            :default => "should look like an email address."
+            default: "should look like an email address."
           )
         end
       }
@@ -117,17 +116,17 @@ module ActsAsAuthenticTest
       assert_equal default_message, message.call
       assert_equal default, options
 
-      User.validates_format_of_email_field_options = { :yes => "no" }
-      assert_equal({ :yes => "no" }, User.validates_format_of_email_field_options)
+      User.validates_format_of_email_field_options = { yes: "no" }
+      assert_equal({ yes: "no" }, User.validates_format_of_email_field_options)
       User.validates_format_of_email_field_options default
       assert_equal default, User.validates_format_of_email_field_options
 
       with_email_nonascii = {
-        :with => Authlogic::Regex.email_nonascii,
-        :message => Proc.new do
+        with: Authlogic::Regex.email_nonascii,
+        message: Proc.new do
           I18n.t(
             'error_messages.email_invalid_international',
-            :default => "should look like an international email address."
+            default: "should look like an international email address."
           )
         end
       }
@@ -158,14 +157,14 @@ module ActsAsAuthenticTest
 
     def test_validates_uniqueness_of_email_field_options_config
       default = {
-        :case_sensitive => false,
-        :scope => Employee.validations_scope,
-        :if => "#{Employee.email_field}_changed?".to_sym
+        case_sensitive: false,
+        scope: Employee.validations_scope,
+        if: "#{Employee.email_field}_changed?".to_sym
       }
       assert_equal default, Employee.validates_uniqueness_of_email_field_options
 
-      Employee.validates_uniqueness_of_email_field_options = { :yes => "no" }
-      assert_equal({ :yes => "no" }, Employee.validates_uniqueness_of_email_field_options)
+      Employee.validates_uniqueness_of_email_field_options = { yes: "no" }
+      assert_equal({ yes: "no" }, Employee.validates_uniqueness_of_email_field_options)
       Employee.validates_uniqueness_of_email_field_options default
       assert_equal default, Employee.validates_uniqueness_of_email_field_options
     end