authlogic 3.8.0 → 4.5.0

data/lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -1,13 +1,15 @@
 module Authlogic
   module ActsAsAuthentic
-    # This provides a handy token that is "perishable". Meaning the token is
-    # only good for a certain amount of time. This is perfect for resetting
-    # password, confirming accounts, etc. Typically during these actions you
-    # send them this token in via their email. Once they use the token and do
-    # what they need to do, that token should expire. Don't worry about
-    # maintaining this, changing it, or expiring it yourself. Authlogic does all
-    # of this for you. See the sub modules for all of the tools Authlogic
-    # provides to you.
+    # This provides a handy token that is "perishable", meaning the token is
+    # only good for a certain amount of time.
+    #
+    # This is useful for resetting password, confirming accounts, etc. Typically
+    # during these actions you send them this token in an email. Once they use
+    # the token and do what they need to do, that token should expire.
+    #
+    # Don't worry about maintaining the token, changing it, or expiring it
+    # yourself. Authlogic does all of this for you. See the sub modules for all
+    # of the tools Authlogic provides to you.
     module PerishableToken
       def self.included(klass)
         klass.class_eval do
@@ -16,7 +18,7 @@ module Authlogic
         end
       end
 
-      # Change how the perishable token works.
+      # Configure the perishable token.
       module Config
         # When using the find_using_perishable_token method the token can
         # expire. If the token is expired, no record will be returned. Use this
@@ -25,14 +27,17 @@ module Authlogic
         # * <tt>Default:</tt> 10.minutes
         # * <tt>Accepts:</tt> Fixnum
         def perishable_token_valid_for(value = nil)
-          rw_config(:perishable_token_valid_for, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
+          rw_config(
+            :perishable_token_valid_for,
+            (!value.nil? && value.to_i) || value,
+            10.minutes.to_i
+          )
         end
         alias_method :perishable_token_valid_for=, :perishable_token_valid_for
 
         # Authlogic tries to expire and change the perishable token as much as
-        # possible, without compromising it's purpose. This is for security
-        # reasons. If you want to manage it yourself, you can stop Authlogic
-        # from getting your in way by setting this to true.
+        # possible, without compromising its purpose. If you want to manage it
+        # yourself, set this to true.
         #
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean
@@ -45,18 +50,18 @@ module Authlogic
       # All methods relating to the perishable token.
       module Methods
         def self.included(klass)
-          return if !klass.column_names.include?("perishable_token")
+          return unless klass.column_names.include?("perishable_token")
 
           klass.class_eval do
             extend ClassMethods
             include InstanceMethods
 
-            validates_uniqueness_of :perishable_token, :if => :perishable_token_changed?
-            before_save :reset_perishable_token, :unless => :disable_perishable_token_maintenance?
+            validates_uniqueness_of :perishable_token, if: :perishable_token_changed?
+            before_save :reset_perishable_token, unless: :disable_perishable_token_maintenance?
           end
         end
 
-        # Class level methods for the perishable token
+        # Class methods for the perishable token
         module ClassMethods
           # Use this method to find a record with a perishable token. This
           # method does 2 things for you:
@@ -68,7 +73,7 @@ module Authlogic
           # second parameter:
           #
           #   User.find_using_perishable_token(token, 1.hour)
-          def find_using_perishable_token(token, age = self.perishable_token_valid_for)
+          def find_using_perishable_token(token, age = perishable_token_valid_for)
             return if token.blank?
             age = age.to_i
 
@@ -99,7 +104,7 @@ module Authlogic
           # Same as reset_perishable_token, but then saves the record afterwards.
           def reset_perishable_token!
             reset_perishable_token
-            save_without_session_maintenance(:validate => false)
+            save_without_session_maintenance(validate: false)
           end
 
           # A convenience method based on the

data/lib/authlogic/acts_as_authentic/persistence_token.rb

@@ -18,28 +18,23 @@ module Authlogic
 
             if respond_to?(:after_password_set) && respond_to?(:after_password_verification)
               after_password_set :reset_persistence_token
-              after_password_verification :reset_persistence_token!, :if => :reset_persistence_token?
+              after_password_verification :reset_persistence_token!, if: :reset_persistence_token?
             end
 
             validates_presence_of :persistence_token
-            validates_uniqueness_of :persistence_token, :if => :persistence_token_changed?
+            validates_uniqueness_of :persistence_token, if: :persistence_token_changed?
 
-            before_validation :reset_persistence_token, :if => :reset_persistence_token?
+            before_validation :reset_persistence_token, if: :reset_persistence_token?
           end
         end
 
         # Class level methods for the persistence token.
         module ClassMethods
-          # Resets ALL persistence tokens in the database, which will require all users to reauthenticate.
+          # Resets ALL persistence tokens in the database, which will require
+          # all users to re-authenticate.
           def forget_all
             # Paginate these to save on memory
-            records = nil
-            i = 0
-            begin
-              records = limit(50).offset(i)
-              records.each { |record| record.forget! }
-              i += 50
-            end while !records.blank?
+            find_each(batch_size: 50, &:forget!)
           end
         end
 
@@ -53,15 +48,15 @@ module Authlogic
           # Same as reset_persistence_token, but then saves the record.
           def reset_persistence_token!
             reset_persistence_token
-            save_without_session_maintenance(:validate => false)
+            save_without_session_maintenance(validate: false)
           end
           alias_method :forget!, :reset_persistence_token!
 
           private
 
-            def reset_persistence_token?
-              persistence_token.blank?
-            end
+          def reset_persistence_token?
+            persistence_token.blank?
+          end
         end
       end
     end

data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module ActsAsAuthentic
+    module Queries
+      # The query used by public-API method `find_by_smart_case_login_field`.
+      # @api private
+      class FindWithCase
+        # Dup ActiveRecord.gem_version before freezing, in case someone
+        # else wants to modify it. Freezing modifies an object in place.
+        # https://github.com/binarylogic/authlogic/pull/590
+        AR_GEM_VERSION = ActiveRecord.gem_version.dup.freeze
+
+        # @api private
+        def initialize(model_class, field, value, sensitive)
+          @model_class = model_class
+          @field = field.to_s
+          @value = value
+          @sensitive = sensitive
+        end
+
+        # @api private
+        def execute
+          bind(relation).first
+        end
+
+        private
+
+        # @api private
+        def bind(relation)
+          if AR_GEM_VERSION >= Gem::Version.new("5")
+            bind = ActiveRecord::Relation::QueryAttribute.new(
+              @field,
+              @value,
+              ActiveRecord::Type::Value.new
+            )
+            @model_class.where(relation, bind)
+          else
+            @model_class.where(relation)
+          end
+        end
+
+        # @api private
+        def relation
+          if !@sensitive
+            @model_class.connection.case_insensitive_comparison(
+              @model_class.arel_table,
+              @field,
+              @model_class.columns_hash[@field],
+              @value
+            )
+          elsif AR_GEM_VERSION >= Gem::Version.new("5.0")
+            @model_class.connection.case_sensitive_comparison(
+              @model_class.arel_table,
+              @field,
+              @model_class.columns_hash[@field],
+              @value
+            )
+          else
+            value = @model_class.connection.case_sensitive_modifier(@value, @field)
+            @model_class.arel_table[@field].eq(value)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/restful_authentication.rb

@@ -10,7 +10,18 @@ module Authlogic
         end
       end
 
+      # Configures the restful_authentication aspect of acts_as_authentic.
+      # These methods become class methods of ::ActiveRecord::Base.
       module Config
+        DPR_MSG = <<~STR.squish
+          Support for transitioning to authlogic from restful_authentication
+          (%s) is deprecated without replacement. restful_authentication is no
+          longer used in the ruby community, and the transition away from it is
+          complete. There is only one version of restful_authentication on
+          rubygems.org, it was released in 2009, and it's only compatible with
+          rails 2.3. It has been nine years since it was released.
+        STR
+
         # Switching an existing app to Authlogic from restful_authentication? No
         # problem, just set this true and your users won't know anything
         # changed. From your database perspective nothing will change at all.
@@ -26,7 +37,14 @@ module Authlogic
           set_restful_authentication_config if value
           r
         end
-        alias_method :act_like_restful_authentication=, :act_like_restful_authentication
+
+        def act_like_restful_authentication=(value = nil)
+          ::ActiveSupport::Deprecation.warn(
+            format(DPR_MSG, "act_like_restful_authentication="),
+            caller(1)
+          )
+          act_like_restful_authentication(value)
+        end
 
         # This works just like act_like_restful_authentication except that it
         # will start transitioning your users to the algorithm you specify with
@@ -40,30 +58,48 @@ module Authlogic
           set_restful_authentication_config if value
           r
         end
-        alias_method :transition_from_restful_authentication=, :transition_from_restful_authentication
+
+        def transition_from_restful_authentication=(value = nil)
+          ::ActiveSupport::Deprecation.warn(
+            format(DPR_MSG, "transition_from_restful_authentication="),
+            caller(1)
+          )
+          transition_from_restful_authentication(value)
+        end
 
         private
 
-          def set_restful_authentication_config
-            crypto_provider_key = act_like_restful_authentication ? :crypto_provider : :transition_from_crypto_providers
-            self.send("#{crypto_provider_key}=", CryptoProviders::Sha1)
-            if !defined?(::REST_AUTH_SITE_KEY) || ::REST_AUTH_SITE_KEY.nil?
-              class_eval("::REST_AUTH_SITE_KEY = ''") if !defined?(::REST_AUTH_SITE_KEY)
-              CryptoProviders::Sha1.stretches = 1
+        def set_restful_authentication_config
+          self.restful_auth_crypto_provider = CryptoProviders::Sha1
+          if !defined?(::REST_AUTH_SITE_KEY) || ::REST_AUTH_SITE_KEY.nil?
+            unless defined?(::REST_AUTH_SITE_KEY)
+              class_eval("::REST_AUTH_SITE_KEY = ''", __FILE__, __LINE__)
             end
+            CryptoProviders::Sha1.stretches = 1
           end
+        end
+
+        # @api private
+        def restful_auth_crypto_provider=(provider)
+          if act_like_restful_authentication
+            self.crypto_provider = provider
+          else
+            self.transition_from_crypto_providers = provider
+          end
+        end
       end
 
+      # :nodoc:
       module InstanceMethods
         private
 
-          def act_like_restful_authentication?
-            self.class.act_like_restful_authentication == true
-          end
+        def act_like_restful_authentication?
+          self.class.act_like_restful_authentication == true
+        end
 
-          def transition_from_restful_authentication?
-            self.class.transition_from_restful_authentication == true
-          end
+        def transition_from_restful_authentication?
+          self.class.transition_from_restful_authentication == true
+        end
       end
     end
   end

data/lib/authlogic/acts_as_authentic/session_maintenance.rb

@@ -29,18 +29,28 @@ module Authlogic
         end
       end
 
+      # Configuration for the session maintenance aspect of acts_as_authentic.
+      # These methods become class methods of ::ActiveRecord::Base.
       module Config
-        # This is more of a convenience method. In order to turn off automatic
-        # maintenance of sessions just set this to false, or you can also set
-        # the session_ids method to a blank array. Both accomplish the same
-        # thing. This method is a little clearer in it's intentions though.
+        # In order to turn off automatic maintenance of sessions
+        # after create, just set this to false.
         #
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
-        def maintain_sessions(value = nil)
-          rw_config(:maintain_sessions, value, true)
+        def log_in_after_create(value = nil)
+          rw_config(:log_in_after_create, value, true)
         end
-        alias_method :maintain_sessions=, :maintain_sessions
+        alias_method :log_in_after_create=, :log_in_after_create
+
+        # In order to turn off automatic maintenance of sessions when updating
+        # the password, just set this to false.
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def log_in_after_password_change(value = nil)
+          rw_config(:log_in_after_password_change, value, true)
+        end
+        alias_method :log_in_after_password_change=, :log_in_after_password_change
 
         # As you may know, authlogic sessions can be separate by id (See
         # Authlogic::Session::Base#id). You can specify here what session ids
@@ -60,17 +70,23 @@ module Authlogic
         # * <tt>Default:</tt> "#{klass.name}Session".constantize
         # * <tt>Accepts:</tt> Class
         def session_class(value = nil)
-          const = "#{base_class.name}Session".constantize rescue nil
+          const = begin
+                    "#{base_class.name}Session".constantize
+                  rescue NameError
+                    nil
+                  end
           rw_config(:session_class, value, const)
         end
         alias_method :session_class=, :session_class
       end
 
+      # This module, as one of the `acts_as_authentic_modules`, is only included
+      # into an ActiveRecord model if that model calls `acts_as_authentic`.
       module Methods
         def self.included(klass)
           klass.class_eval do
-            before_save :get_session_information, :if => :update_sessions?
-            before_save :maintain_sessions, :if => :update_sessions?
+            before_save :get_session_information, if: :update_sessions?
+            before_save :maintain_sessions, if: :update_sessions?
           end
         end
 
@@ -84,70 +100,82 @@ module Authlogic
 
         private
 
-          def skip_session_maintenance=(value)
-            @skip_session_maintenance = value
-          end
+        def skip_session_maintenance=(value)
+          @skip_session_maintenance = value
+        end
 
-          def skip_session_maintenance
-            @skip_session_maintenance ||= false
-          end
+        def skip_session_maintenance
+          @skip_session_maintenance ||= false
+        end
 
-          def update_sessions?
-            !skip_session_maintenance &&
-              session_class &&
-              session_class.activated? &&
-              self.class.maintain_sessions == true &&
-              !session_ids.blank? &&
-              persistence_token_changed?
-          end
+        def update_sessions?
+          !skip_session_maintenance &&
+            session_class &&
+            session_class.activated? &&
+            maintain_session? &&
+            !session_ids.blank? &&
+            persistence_token_changed?
+        end
+
+        def maintain_session?
+          log_in_after_create? || log_in_after_password_change?
+        end
 
-          def get_session_information
-            # Need to determine if we are completely logged out, or logged in as
-            # another user.
-            @_sessions = []
+        def get_session_information
+          # Need to determine if we are completely logged out, or logged in as
+          # another user.
+          @_sessions = []
 
-            session_ids.each do |session_id|
-              session = session_class.find(session_id, self)
-              @_sessions << session if session && session.record
-            end
+          session_ids.each do |session_id|
+            session = session_class.find(session_id, self)
+            @_sessions << session if session&.record
           end
+        end
 
-          def maintain_sessions
-            if @_sessions.empty?
-              create_session
-            else
-              update_sessions
-            end
+        def maintain_sessions
+          if @_sessions.empty?
+            create_session
+          else
+            update_sessions
           end
+        end
 
-          def create_session
-            # We only want to automatically login into the first session, since
-            # this is the main session. The other sessions are sessions that
-            # need to be created after logging into the main session.
-            session_id = session_ids.first
-            session_class.create(*[self, self, session_id].compact)
+        def create_session
+          # We only want to automatically login into the first session, since
+          # this is the main session. The other sessions are sessions that
+          # need to be created after logging into the main session.
+          session_id = session_ids.first
+          session_class.create(*[self, self, session_id].compact)
+
+          true
+        end
 
-            return true
+        def update_sessions
+          # We found sessions above, let's update them with the new info
+          @_sessions.each do |stale_session|
+            next if stale_session.record != self
+            stale_session.unauthorized_record = self
+            stale_session.save
           end
 
-          def update_sessions
-            # We found sessions above, let's update them with the new info
-            @_sessions.each do |stale_session|
-              next if stale_session.record != self
-              stale_session.unauthorized_record = self
-              stale_session.save
-            end
+          true
+        end
 
-            return true
-          end
+        def session_ids
+          self.class.session_ids
+        end
 
-          def session_ids
-            self.class.session_ids
-          end
+        def session_class
+          self.class.session_class
+        end
 
-          def session_class
-            self.class.session_class
-          end
+        def log_in_after_create?
+          new_record? && self.class.log_in_after_create
+        end
+
+        def log_in_after_password_change?
+          persistence_token_changed? && self.class.log_in_after_password_change
+        end
       end
     end
   end

data/lib/authlogic/acts_as_authentic/single_access_token.rb

@@ -12,6 +12,8 @@ module Authlogic
       end
 
       # All configuration for the single_access token aspect of acts_as_authentic.
+      #
+      # These methods become class methods of ::ActiveRecord::Base.
       module Config
         # The single access token is used for authentication via URLs, such as a private
         # feed. That being said, if the user changes their password, that token probably
@@ -23,24 +25,34 @@ module Authlogic
         def change_single_access_token_with_password(value = nil)
           rw_config(:change_single_access_token_with_password, value, false)
         end
-        alias_method :change_single_access_token_with_password=, :change_single_access_token_with_password
+        alias_method(
+          :change_single_access_token_with_password=,
+          :change_single_access_token_with_password
+        )
       end
 
       # All method, for the single_access token aspect of acts_as_authentic.
+      #
+      # This module, as one of the `acts_as_authentic_modules`, is only included
+      # into an ActiveRecord model if that model calls `acts_as_authentic`.
       module Methods
         def self.included(klass)
-          return if !klass.column_names.include?("single_access_token")
+          return unless klass.column_names.include?("single_access_token")
 
           klass.class_eval do
             include InstanceMethods
-            validates_uniqueness_of :single_access_token, :if => :single_access_token_changed?
-            before_validation :reset_single_access_token, :if => :reset_single_access_token?
+            validates_uniqueness_of :single_access_token, if: :single_access_token_changed?
+            before_validation :reset_single_access_token, if: :reset_single_access_token?
             if respond_to?(:after_password_set)
-              after_password_set(:reset_single_access_token, :if => :change_single_access_token_with_password?)
+              after_password_set(
+                :reset_single_access_token,
+                if: :change_single_access_token_with_password?
+              )
             end
           end
         end
 
+        # :nodoc:
         module InstanceMethods
           # Resets the single_access_token to a random friendly token.
           def reset_single_access_token
@@ -55,13 +67,13 @@ module Authlogic
 
           protected
 
-            def reset_single_access_token?
-              single_access_token.blank?
-            end
+          def reset_single_access_token?
+            single_access_token.blank?
+          end
 
-            def change_single_access_token_with_password?
-              self.class.change_single_access_token_with_password == true
-            end
+          def change_single_access_token_with_password?
+            self.class.change_single_access_token_with_password == true
+          end
         end
       end
     end

data/lib/authlogic/acts_as_authentic/validations_scope.rb

@@ -1,8 +1,8 @@
 module Authlogic
   module ActsAsAuthentic
-    # Allows you to scope everything to specific fields.
-    # See the Config submodule for more info.
-    # For information on how to scope off of a parent object see Authlogic::AuthenticatesMany
+    # Allows you to scope everything to specific fields. See the Config
+    # submodule for more info. For information on how to scope off of a parent
+    # object see Authlogic::AuthenticatesMany
     module ValidationsScope
       def self.included(klass)
         klass.class_eval do
@@ -12,9 +12,9 @@ module Authlogic
 
       # All configuration for the scope feature.
       module Config
-        # Allows you to scope everything to specific field(s). Works just like validates_uniqueness_of.
-        # For example, let's say a user belongs to a company, and you want to scope everything to the
-        # company:
+        # Allows you to scope everything to specific field(s). Works just like
+        # validates_uniqueness_of. For example, let's say a user belongs to a
+        # company, and you want to scope everything to the company:
         #
         #   acts_as_authentic do |c|
         #     c.validations_scope = :company_id
@@ -22,7 +22,10 @@ module Authlogic
         #
         # * <tt>Default:</tt> nil
         # * <tt>Accepts:</tt> Symbol or Array of symbols
+        #
+        # @deprecated
         def validations_scope(value = nil)
+          deprecate_authlogic_config("validations_scope") if value
           rw_config(:validations_scope, value)
         end
         alias_method :validations_scope=, :validations_scope

data/lib/authlogic/authenticates_many/association.rb

@@ -13,7 +13,7 @@ module Authlogic
     # that specific account. To implement this via ActiveRecord do something
     # like:
     #
-    #   class User < ActiveRecord::Base
+    #   class User < ApplicationRecord
     #     authenticates_many :user_sessions
     #   end
     class Association
@@ -29,22 +29,22 @@ module Authlogic
         self.id = id
       end
 
-      [:create, :create!, :find, :new].each do |method|
-        class_eval <<-"end_eval", __FILE__, __LINE__
+      %i[create create! find new].each do |method|
+        class_eval <<-EOS, __FILE__, __LINE__ + 1
           def #{method}(*args)
             klass.with_scope(scope_options) do
               klass.#{method}(*args)
             end
           end
-        end_eval
+        EOS
       end
       alias_method :build, :new
 
       private
 
-        def scope_options
-          { :find_options => find_options, :id => id }
-        end
+      def scope_options
+        { find_options: find_options, id: id }
+      end
     end
   end
 end