authlogic 3.8.0 → 6.0.0

data/lib/authlogic/session/timeout.rb

@@ -1,103 +0,0 @@
-module Authlogic
-  module Session
-    # Think about financial websites, if you are inactive for a certain period
-    # of time you will be asked to log back in on your next request. You can do
-    # this with Authlogic easily, there are 2 parts to this:
-    #
-    # 1. Define the timeout threshold:
-    #
-    #   acts_as_authentic do |c|
-    #     c.logged_in_timeout = 10.minutes # default is 10.minutes
-    #   end
-    #
-    # 2. Enable logging out on timeouts
-    #
-    #   class UserSession < Authlogic::Session::Base
-    #     logout_on_timeout true # default if false
-    #   end
-    #
-    # This will require a user to log back in if they are inactive for more than
-    # 10 minutes. In order for this feature to be used you must have a
-    # last_request_at datetime column in your table for whatever model you are
-    # authenticating with.
-    module Timeout
-      def self.included(klass)
-        klass.class_eval do
-          extend Config
-          include InstanceMethods
-          before_persisting :reset_stale_state
-          after_persisting :enforce_timeout
-          attr_accessor :stale_record
-        end
-      end
-
-      # Configuration for the timeout feature.
-      module Config
-        # With acts_as_authentic you get a :logged_in_timeout configuration
-        # option. If this is set, after this amount of time has passed the user
-        # will be marked as logged out. Obviously, since web based apps are on a
-        # per request basis, we have to define a time limit threshold that
-        # determines when we consider a user to be "logged out". Meaning, if
-        # they login and then leave the website, when do mark them as logged
-        # out? I recommend just using this as a fun feature on your website or
-        # reports, giving you a ballpark number of users logged in and active.
-        # This is not meant to be a dead accurate representation of a users
-        # logged in state, since there is really no real way to do this with web
-        # based apps. Think about a user that logs in and doesn't log out. There
-        # is no action that tells you that the user isn't technically still
-        # logged in and active.
-        #
-        # That being said, you can use that feature to require a new login if
-        # their session times out. Similar to how financial sites work. Just set
-        # this option to true and if your record returns true for stale? then
-        # they will be required to log back in.
-        #
-        # Lastly, UserSession.find will still return a object is the session is
-        # stale, but you will not get a record. This allows you to determine if
-        # the user needs to log back in because their session went stale, or
-        # because they just aren't logged in. Just call
-        # current_user_session.stale? as your flag.
-        #
-        # * <tt>Default:</tt> false
-        # * <tt>Accepts:</tt> Boolean
-        def logout_on_timeout(value = nil)
-          rw_config(:logout_on_timeout, value, false)
-        end
-        alias_method :logout_on_timeout=, :logout_on_timeout
-      end
-
-      # Instance methods for the timeout feature.
-      module InstanceMethods
-        # Tells you if the record is stale or not. Meaning the record has timed
-        # out. This will only return true if you set logout_on_timeout to true
-        # in your configuration. Basically how a bank website works. If you
-        # aren't active over a certain period of time your session becomes stale
-        # and requires you to log back in.
-        def stale?
-          if remember_me?
-            remember_me_expired?
-          else
-            !stale_record.nil? || (logout_on_timeout? && record && record.logged_out?)
-          end
-        end
-
-        private
-
-          def reset_stale_state
-            self.stale_record = nil
-          end
-
-          def enforce_timeout
-            if stale?
-              self.stale_record = record
-              self.record = nil
-            end
-          end
-
-          def logout_on_timeout?
-            self.class.logout_on_timeout == true
-          end
-      end
-    end
-  end
-end

data/lib/authlogic/session/unauthorized_record.rb

@@ -1,51 +0,0 @@
-module Authlogic
-  module Session
-    # Allows you to create session with an object. Ex:
-    #
-    #   UserSession.create(my_user_object)
-    #
-    # Be careful with this, because Authlogic is assuming that you have already confirmed that the
-    # user is who he says he is.
-    #
-    # For example, this is the method used to persist the session internally. Authlogic finds the user with
-    # the persistence token. At this point we know the user is who he says he is, so Authlogic just creates a
-    # session with the record. This is particularly useful for 3rd party authentication methods, such as
-    # OpenID. Let that method verify the identity, once it's verified, pass the object and create a session.
-    module UnauthorizedRecord
-      def self.included(klass)
-        klass.class_eval do
-          attr_accessor :unauthorized_record
-          validate :validate_by_unauthorized_record, :if => :authenticating_with_unauthorized_record?
-        end
-      end
-
-      # Returning meaningful credentials
-      def credentials
-        if authenticating_with_unauthorized_record?
-          details = {}
-          details[:unauthorized_record] = "<protected>"
-          details
-        else
-          super
-        end
-      end
-
-      # Setting the unauthorized record if it exists in the credentials passed.
-      def credentials=(value)
-        super
-        values = value.is_a?(Array) ? value : [value]
-        self.unauthorized_record = values.first if values.first.class < ::ActiveRecord::Base
-      end
-
-      private
-
-        def authenticating_with_unauthorized_record?
-          !unauthorized_record.nil?
-        end
-
-        def validate_by_unauthorized_record
-          self.attempted_record = unauthorized_record
-        end
-    end
-  end
-end

data/lib/authlogic/session/validation.rb

@@ -1,93 +0,0 @@
-module Authlogic
-  module Session
-    # Responsible for session validation
-    module Validation
-      # The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses
-      # the exact same ActiveRecord errors class. Use it the same way:
-      #
-      #   class UserSession
-      #     validate :check_if_awesome
-      #
-      #     private
-      #       def check_if_awesome
-      #         errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
-      #         errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
-      #       end
-      #   end
-      class Errors < (defined?(::ActiveModel) ? ::ActiveModel::Errors : ::ActiveRecord::Errors)
-        unless defined?(::ActiveModel)
-          def [](key)
-            value = super
-            value.is_a?(Array) ? value : [value].compact
-          end
-        end
-      end
-
-      # You should use this as a place holder for any records that you find
-      # during validation. The main reason for this is to allow other modules to
-      # use it if needed. Take the failed_login_count feature, it needs this in
-      # order to increase the failed login count.
-      def attempted_record
-        @attempted_record
-      end
-
-      # See attempted_record
-      def attempted_record=(value)
-        @attempted_record = value
-      end
-
-      # The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses
-      # the exact same ActiveRecord errors class. Use it the same way:
-      #
-      # === Example
-      #
-      #  class UserSession
-      #    before_validation :check_if_awesome
-      #
-      #    private
-      #      def check_if_awesome
-      #        errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
-      #        errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
-      #      end
-      #  end
-      def errors
-        @errors ||= Errors.new(self)
-      end
-
-      # Determines if the information you provided for authentication is valid
-      # or not. If there is a problem with the information provided errors will
-      # be added to the errors object and this method will return false.
-      def valid?
-        errors.clear
-        self.attempted_record = nil
-
-        before_validation
-        new_session? ? before_validation_on_create : before_validation_on_update
-        validate
-        ensure_authentication_attempted
-
-        if errors.empty?
-          new_session? ? after_validation_on_create : after_validation_on_update
-          after_validation
-        end
-
-        save_record(attempted_record)
-        errors.empty?
-      end
-
-      private
-
-        def ensure_authentication_attempted
-          if errors.empty? && attempted_record.nil?
-            errors.add(
-              :base,
-              I18n.t(
-                'error_messages.no_authentication_details',
-                :default => "You did not provide any details for authentication."
-              )
-            )
-          end
-        end
-    end
-  end
-end

data/test/acts_as_authentic_test/base_test.rb

@@ -1,25 +0,0 @@
-require 'test_helper'
-
-module ActsAsAuthenticTest
-  class BaseTest < ActiveSupport::TestCase
-    def test_acts_as_authentic
-      assert_nothing_raised do
-        User.acts_as_authentic do
-        end
-      end
-    end
-
-    def test_acts_as_authentic_with_old_config
-      assert_raise(ArgumentError) do
-        User.acts_as_authentic({})
-      end
-    end
-
-    def test_acts_as_authentic_with_no_table
-      klass = Class.new(ActiveRecord::Base)
-      assert_nothing_raised do
-        klass.acts_as_authentic
-      end
-    end
-  end
-end

data/test/acts_as_authentic_test/email_test.rb

@@ -1,240 +0,0 @@
-# encoding: utf-8
-require 'test_helper'
-
-module ActsAsAuthenticTest
-  class EmailTest < ActiveSupport::TestCase
-    GOOD_ASCII_EMAILS = [
-      "a@a.com",
-      "damien+test1...etc..@mydomain.com",
-      "dakota.dux+1@gmail.com",
-      "dakota.d'ux@gmail.com",
-      "a&b@c.com",
-      "someuser@somedomain.travelersinsurance"
-    ]
-
-    BAD_ASCII_EMAILS = [
-      "",
-      "aaaaaaaaaaaaa",
-      "question?mark@gmail.com",
-      "backslash@g\\mail.com",
-      "<script>alert(123);</script>\nnobody@example.com",
-      "someuser@somedomain.isreallytoolongandimeanreallytoolong"
-    ]
-
-    # http://en.wikipedia.org/wiki/ISO/IEC_8859-1#Codepage_layout
-    GOOD_ISO88591_EMAILS = [
-      "töm.öm@dömain.fi",  # https://github.com/binarylogic/authlogic/issues/176
-      "Pelé@examplé.com",  # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-    ]
-
-    BAD_ISO88591_EMAILS = [
-      "",
-      "öm(@ava.fi",      # L paren
-      "é)@domain.com",   # R paren
-      "é[@example.com",  # L bracket
-      "question?mark@gmail.com",  # question mark
-      "back\\slash@gmail.com",    # backslash
-    ]
-
-    GOOD_UTF8_EMAILS = [
-      "δκιμή@παράδεγμα.δοκμή",            # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-      "我本@屋企.香港",                     # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-      "甲斐@黒川.日買",                     # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
-      "чебурша@ящик-с-пельнами.рф",       # Contains dashes in domain head
-      "企斐@黒川.みんな",                                              #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
-    ]
-
-    BAD_UTF8_EMAILS = [
-      "",
-              ".みんな",                                                    #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
-      'δκιμή@παράδεγμα.δ',          # short TLD
-      "öm(@ava.fi",                 # L paren
-      "é)@domain.com",              # R paren
-      "é[@example.com",             # L bracket
-      "δ]@πράιγμα.δοκμή",           # R bracket
-      "我\.香港",                    # slash
-      "甲;.日本",                    # semicolon
-      "ч:@ящик-с-пельнами.рф",      # colon
-      "斐,.みんな",                                           #  comma
-      "香<.香港",                    # less than
-      "我>.香港",                    # greater than
-      "我?本@屋企.香港",              # question mark
-      "чебурша@ьн\\ами.рф",         # backslash
-      "user@domain.com%0A<script>alert('hello')</script>"
-    ]
-
-    def test_email_field_config
-      assert_equal :email, User.email_field
-      assert_equal :email, Employee.email_field
-
-      User.email_field = :nope
-      assert_equal :nope, User.email_field
-      User.email_field :email
-      assert_equal :email, User.email_field
-    end
-
-    def test_validate_email_field_config
-      assert User.validate_email_field
-      assert Employee.validate_email_field
-
-      User.validate_email_field = false
-      refute User.validate_email_field
-      User.validate_email_field true
-      assert User.validate_email_field
-    end
-
-    def test_validates_length_of_email_field_options_config
-      assert_equal({ :maximum => 100 }, User.validates_length_of_email_field_options)
-      assert_equal({ :maximum => 100 }, Employee.validates_length_of_email_field_options)
-
-      User.validates_length_of_email_field_options = { :yes => "no" }
-      assert_equal({ :yes => "no" }, User.validates_length_of_email_field_options)
-      User.validates_length_of_email_field_options({ :within => 6..100 })
-      assert_equal({ :within => 6..100 }, User.validates_length_of_email_field_options)
-    end
-
-    def test_validates_format_of_email_field_options_config
-      default = {
-        :with => Authlogic::Regex.email,
-        :message => proc do
-          I18n.t(
-            'error_messages.email_invalid',
-            :default => "should look like an email address."
-          )
-        end
-      }
-      default_message = default.delete(:message).call
-
-      options = User.validates_format_of_email_field_options
-      message = options.delete(:message)
-      assert message.is_a?(Proc)
-      assert_equal default_message, message.call
-      assert_equal default, options
-
-      options = Employee.validates_format_of_email_field_options
-      message = options.delete(:message)
-      assert message.is_a?(Proc)
-      assert_equal default_message, message.call
-      assert_equal default, options
-
-      User.validates_format_of_email_field_options = { :yes => "no" }
-      assert_equal({ :yes => "no" }, User.validates_format_of_email_field_options)
-      User.validates_format_of_email_field_options default
-      assert_equal default, User.validates_format_of_email_field_options
-
-      with_email_nonascii = {
-        :with => Authlogic::Regex.email_nonascii,
-        :message => Proc.new do
-          I18n.t(
-            'error_messages.email_invalid_international',
-            :default => "should look like an international email address."
-          )
-        end
-      }
-      User.validates_format_of_email_field_options = with_email_nonascii
-      assert_equal(with_email_nonascii, User.validates_format_of_email_field_options)
-      User.validates_format_of_email_field_options with_email_nonascii
-      assert_equal with_email_nonascii, User.validates_format_of_email_field_options
-    end
-
-    def test_deferred_error_message_translation
-      # ensure we successfully loaded the test locale
-      assert I18n.available_locales.include?(:lol), "Test locale failed to load"
-
-      I18n.with_locale('lol') do
-        message = I18n.t("authlogic.error_messages.email_invalid")
-
-        cat = User.new
-        cat.email = 'meow'
-        cat.valid?
-
-        # filter duplicate error messages
-        error = cat.errors[:email]
-        error = error.first if error.is_a?(Array)
-
-        assert_equal message, error
-      end
-    end
-
-    def test_validates_uniqueness_of_email_field_options_config
-      default = {
-        :case_sensitive => false,
-        :scope => Employee.validations_scope,
-        :if => "#{Employee.email_field}_changed?".to_sym
-      }
-      assert_equal default, Employee.validates_uniqueness_of_email_field_options
-
-      Employee.validates_uniqueness_of_email_field_options = { :yes => "no" }
-      assert_equal({ :yes => "no" }, Employee.validates_uniqueness_of_email_field_options)
-      Employee.validates_uniqueness_of_email_field_options default
-      assert_equal default, Employee.validates_uniqueness_of_email_field_options
-    end
-
-    def test_validates_length_of_email_field
-      u = User.new
-      u.email = "a@a.a"
-      refute u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "a@a.com"
-      refute u.valid?
-      assert u.errors[:email].empty?
-    end
-
-    def test_validates_format_of_email_field
-      u = User.new
-      u.email = "aaaaaaaaaaaaa"
-      u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "a@a.com"
-      u.valid?
-      assert u.errors[:email].empty?
-
-      u.email = "damien+test1...etc..@mydomain.com"
-      u.valid?
-      assert u.errors[:email].empty?
-
-      u.email = "dakota.dux+1@gmail.com"
-      u.valid?
-      assert u.errors[:email].empty?
-
-      u.email = "dakota.d'ux@gmail.com"
-      u.valid?
-      assert u.errors[:email].empty?
-
-      u.email = "<script>alert(123);</script>\nnobody@example.com"
-      refute u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "a&b@c.com"
-      u.valid?
-      assert u.errors[:email].empty?
-    end
-
-    def test_validates_format_of_nonascii_email_field
-      (GOOD_ASCII_EMAILS + GOOD_ISO88591_EMAILS + GOOD_UTF8_EMAILS).each do |e|
-        assert e =~  Authlogic::Regex.email_nonascii, "Good email should validate: #{e}"
-      end
-
-      (BAD_ASCII_EMAILS + BAD_ISO88591_EMAILS + BAD_UTF8_EMAILS).each do |e|
-        assert e !~  Authlogic::Regex.email_nonascii, "Bad email should not validate: #{e}"
-      end
-    end
-
-    def test_validates_uniqueness_of_email_field
-      u = User.new
-      u.email = "bjohnson@binarylogic.com"
-      refute u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "BJOHNSON@binarylogic.com"
-      refute u.valid?
-      refute u.errors[:email].empty?
-
-      u.email = "a@a.com"
-      refute u.valid?
-      assert u.errors[:email].empty?
-    end
-  end
-end

data/test/acts_as_authentic_test/logged_in_status_test.rb

@@ -1,62 +0,0 @@
-require 'test_helper'
-
-module ActsAsAuthenticTest
-  class LoggedInStatusTest < ActiveSupport::TestCase
-    ERROR_MSG = 'Multiple calls to %s should result in different relations'
-
-    def test_logged_in_timeout_config
-      assert_equal 10.minutes.to_i, User.logged_in_timeout
-      assert_equal 10.minutes.to_i, Employee.logged_in_timeout
-
-      User.logged_in_timeout = 1.hour
-      assert_equal 1.hour.to_i, User.logged_in_timeout
-      User.logged_in_timeout 10.minutes
-      assert_equal 10.minutes.to_i, User.logged_in_timeout
-    end
-
-    def test_named_scope_logged_in
-      # Testing that the scope returned differs, because the time it was called should be
-      # slightly different. This is an attempt to make sure the scope is lambda wrapped
-      # so that it is re-evaluated every time its called. My biggest concern is that the
-      # test happens so fast that the test fails... I just don't know a better way to test it!
-
-      # for rails 5 I've changed the where_values to to_sql to compare
-
-      query1 = User.logged_in.to_sql
-      sleep 0.1
-      query2 = User.logged_in.to_sql
-      assert query1 != query2, ERROR_MSG % '#logged_in'
-
-      assert_equal 0, User.logged_in.count
-      user = User.first
-      user.last_request_at = Time.now
-      user.current_login_at = Time.now
-      user.save!
-      assert_equal 1, User.logged_in.count
-    end
-
-    def test_named_scope_logged_out
-      # Testing that the scope returned differs, because the time it was called should be
-      # slightly different. This is an attempt to make sure the scope is lambda wrapped
-      # so that it is re-evaluated every time its called. My biggest concern is that the
-      # test happens so fast that the test fails... I just don't know a better way to test it!
-
-      # for rails 5 I've changed the where_values to to_sql to compare
-
-      assert User.logged_in.to_sql != User.logged_out.to_sql, ERROR_MSG % '#logged_out'
-
-      assert_equal 3, User.logged_out.count
-      User.first.update_attribute(:last_request_at, Time.now)
-      assert_equal 2, User.logged_out.count
-    end
-
-    def test_logged_in_logged_out
-      u = User.first
-      refute u.logged_in?
-      assert u.logged_out?
-      u.last_request_at = Time.now
-      assert u.logged_in?
-      refute u.logged_out?
-    end
-  end
-end