authlogic 3.8.0 → 6.0.0

data/lib/authlogic/session/magic_column/assigns_last_request_at.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module Session
+    module MagicColumn
+      # Assigns the current time to the `last_request_at` attribute.
+      #
+      # 1. The `last_request_at` column must exist
+      # 2. Assignment can be disabled on a per-controller basis
+      # 3. Assignment will not happen more often than `last_request_at_threshold`
+      #   seconds.
+      #
+      # - current_time - a `Time`
+      # - record - eg. a `User`
+      # - controller - an `Authlogic::ControllerAdapters::AbstractAdapter`
+      # - last_request_at_threshold - integer - seconds
+      #
+      # @api private
+      class AssignsLastRequestAt
+        def initialize(current_time, record, controller, last_request_at_threshold)
+          @current_time = current_time
+          @record = record
+          @controller = controller
+          @last_request_at_threshold = last_request_at_threshold
+        end
+
+        def assign
+          return unless assign?
+          @record.last_request_at = @current_time
+        end
+
+        private
+
+        # @api private
+        def assign?
+          @record &&
+            @record.class.column_names.include?("last_request_at") &&
+            @controller.last_request_update_allowed? && (
+              @record.last_request_at.blank? ||
+              @last_request_at_threshold.to_i.seconds.ago >= @record.last_request_at
+            )
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/test_case/mock_controller.rb

@@ -1,7 +1,10 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
-    # Basically acts like a controller but doesn't do anything. Authlogic can interact with this, do it's thing and then you
-    # can look at the controller object to see if anything changed.
+    # Basically acts like a controller but doesn't do anything. Authlogic can interact
+    # with this, do it's thing and then you can look at the controller object to see if
+    # anything changed.
     class MockController < ControllerAdapters::AbstractAdapter
       attr_accessor :http_user, :http_password, :realm
       attr_writer :request_content_type
@@ -9,11 +12,11 @@ module Authlogic
       def initialize
       end
 
-      def authenticate_with_http_basic(&block)
+      def authenticate_with_http_basic
         yield http_user, http_password
       end
 
-      def authenticate_or_request_with_http_basic(realm = 'DefaultRealm', &block)
+      def authenticate_or_request_with_http_basic(realm = "DefaultRealm")
         self.realm = realm
         @http_auth_requested = true
         yield http_user, http_password

data/lib/authlogic/test_case/mock_cookie_jar.rb

@@ -1,12 +1,22 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
+    # A mock of `ActionDispatch::Cookies::CookieJar`.
     class MockCookieJar < Hash # :nodoc:
+      attr_accessor :set_cookies
+
       def [](key)
         hash = super
         hash && hash[:value]
       end
 
-      def delete(key, options = {})
+      def []=(key, options)
+        (@set_cookies ||= {})[key.to_s] = options
+        super
+      end
+
+      def delete(key, _options = {})
         super(key)
       end
 
@@ -15,6 +25,11 @@ module Authlogic
       end
     end
 
+    # A mock of `ActionDispatch::Cookies::SignedKeyRotatingCookieJar`
+    #
+    # > .. a jar that'll automatically generate a signed representation of
+    # > cookie value and verify it when reading from the cookie again.
+    # > actionpack/lib/action_dispatch/middleware/cookies.rb
     class MockSignedCookieJar < MockCookieJar
       attr_reader :parent_jar # helper for testing
 
@@ -23,8 +38,9 @@ module Authlogic
       end
 
       def [](val)
-        if signed_message = @parent_jar[val]
-          payload, signature = signed_message.split('--')
+        signed_message = @parent_jar[val]
+        if signed_message
+          payload, signature = signed_message.split("--")
           raise "Invalid signature" unless Digest::SHA1.hexdigest(payload) == signature
           payload
         end

data/lib/authlogic/test_case/mock_logger.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
     # Simple class to replace real loggers, so that we can raise any errors being logged.

data/lib/authlogic/test_case/mock_request.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
     class MockRequest # :nodoc:
@@ -8,13 +10,16 @@ module Authlogic
       end
 
       def ip
-        (controller && controller.respond_to?(:env) && controller.env.is_a?(Hash) && controller.env['REMOTE_ADDR']) || "1.1.1.1"
+        controller&.respond_to?(:env) &&
+          controller.env.is_a?(Hash) &&
+          controller.env["REMOTE_ADDR"] ||
+          "1.1.1.1"
       end
 
       private
 
-        def method_missing(*args, &block)
-        end
+      def method_missing(*args, &block)
+      end
     end
   end
 end

data/lib/authlogic/test_case/rails_request_adapter.rb

@@ -1,7 +1,10 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
-    # Adapts authlogic to work with the @request object when testing. This way Authlogic can set cookies and what not before
-    # a request is made, ultimately letting you log in users in functional tests.
+    # Adapts authlogic to work with the @request object when testing. This way Authlogic
+    # can set cookies and what not before a request is made, ultimately letting you log in
+    # users in functional tests.
     class RailsRequestAdapter < ControllerAdapters::AbstractAdapter
       def authenticate_with_http_basic(&block)
       end

data/lib/authlogic/test_case.rb

@@ -1,9 +1,12 @@
+# frozen_string_literal: true
+
 require File.dirname(__FILE__) + "/test_case/rails_request_adapter"
 require File.dirname(__FILE__) + "/test_case/mock_cookie_jar"
 require File.dirname(__FILE__) + "/test_case/mock_controller"
 require File.dirname(__FILE__) + "/test_case/mock_logger"
 require File.dirname(__FILE__) + "/test_case/mock_request"
 
+# :nodoc:
 module Authlogic
   # This module is a collection of methods and classes that help you easily test
   # Authlogic. In fact, I use these same tools to test the internals of
@@ -50,7 +53,7 @@ module Authlogic
   #   ben:
   #     email: whatever@whatever.com
   #     password_salt: <%= salt = Authlogic::Random.hex_token %>
-  #     crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
+  #     crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("benrocks" + salt) %>
   #     persistence_token: <%= Authlogic::Random.hex_token %>
   #     single_access_token: <%= Authlogic::Random.friendly_token %>
   #     perishable_token: <%= Authlogic::Random.friendly_token %>
@@ -113,7 +116,73 @@ module Authlogic
   #
   # See how I am checking that Authlogic is interacting with the controller
   # properly? That's the idea here.
+  #
+  # === Testing with Rails 5
+  #
+  # Rails 5 has [deprecated classic controller tests](https://goo.gl/4zmt6y).
+  # Controller tests now inherit from `ActionDispatch::IntegrationTest` making
+  # them plain old integration tests now. You have two options for testing
+  # AuthLogic in Rails 5:
+  #
+  # * Add the `rails-controller-testing` gem to bring back the original
+  #   controller testing usage
+  # * Go full steam ahead with integration testing and actually log a user in
+  #   by submitting a form in the integration test.
+  #
+  # Naturally DHH recommends the second method and this is
+  # [what he does in his own tests](https://goo.gl/Ar6p0u). This is useful
+  # for testing not only AuthLogic itself (submitting login credentials to a
+  # UserSessionsController, for example) but any controller action that is
+  # behind a login wall. Add a helper method and use that before testing your
+  # actual controller action:
+  #
+  #   # test/test_helper.rb
+  #   def login(user)
+  #     post user_sessions_url, :params => { :email => user.email, :password => 'password' }
+  #   end
+  #
+  #   # test/controllers/posts_controller_test.rb
+  #   test "#create requires a user to be logged in
+  #     post posts_url, :params => { :body => 'Lorem ipsum' }
+  #
+  #     assert_redirected_to new_user_session_url
+  #   end
+  #
+  #   test "#create lets a logged in user create a new post" do
+  #     login(users(:admin))
+  #
+  #     assert_difference 'Posts.count' do
+  #       post posts_url, :params => { :body => 'Lorem ipsum' }
+  #     end
+  #
+  #     assert_redirected_to posts_url
+  #   end
+  #
+  # You still have access to the `session` helper in an integration test and so
+  # you can still test to see if a user is logged in. A couple of helper methods
+  # might look like:
+  #
+  #   # test/test_helper.rb
+  #   def assert_logged_in
+  #     assert session[:user_credentials].present?
+  #   end
+  #
+  #   def assert_not_logged_in
+  #     assert session[:user_credentials].blank?
+  #   end
+  #
+  #   # test/user_sessions_controller_test.rb
+  #   test "#create logs in a user" do
+  #     login(users(:admin))
+  #
+  #     assert_logged_in
+  #   end
   module TestCase
+    def initialize(*args)
+      @request = nil
+      super
+    end
+
     # Activates authlogic so that you can use it in your tests. You should call
     # this method in your test's setup. Ex:
     #
@@ -125,7 +194,9 @@ module Authlogic
         end
       end
 
-      Authlogic::Session::Base.controller = (@request && Authlogic::TestCase::RailsRequestAdapter.new(@request)) || controller
+      Authlogic::Session::Base.controller = @request &&
+        Authlogic::TestCase::RailsRequestAdapter.new(@request) ||
+        controller
     end
 
     # The Authlogic::TestCase::MockController object passed to Authlogic to
@@ -136,6 +207,7 @@ module Authlogic
     end
   end
 
+  # TODO: Why are these lines inside the `Authlogic` module? Should be outside?
   ::Test::Unit::TestCase.send(:include, TestCase) if defined?(::Test::Unit::TestCase)
   ::MiniTest::Unit::TestCase.send(:include, TestCase) if defined?(::MiniTest::Unit::TestCase)
   ::MiniTest::Test.send(:include, TestCase) if defined?(::MiniTest::Test)

data/lib/authlogic/version.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require "rubygems"
+
+# :nodoc:
+module Authlogic
+  # Returns a `::Gem::Version`, the version number of the authlogic gem.
+  #
+  # It is preferable for a library to provide a `gem_version` method, rather
+  # than a `VERSION` string, because `::Gem::Version` is easier to use in a
+  # comparison.
+  #
+  # We cannot return a frozen `Version`, because rubygems will try to modify it.
+  # https://github.com/binarylogic/authlogic/pull/590
+  #
+  # Added in 4.0.0
+  #
+  # @api public
+  def self.gem_version
+    ::Gem::Version.new("6.0.0")
+  end
+end

data/lib/authlogic.rb

@@ -1,7 +1,11 @@
-# Authlogic uses ActiveSupport's core extensions like `strip_heredoc`, which
-# ActiveRecord does not `require`. It's possible that we could save a few
-# milliseconds by loading only the specific core extensions we need, but
-# `all.rb` is simpler. We can revisit this decision if it becomes a problem.
+# frozen_string_literal: true
+
+# Authlogic uses ActiveSupport's core extensions like `strip_heredoc` and
+# `squish`. ActiveRecord does not `require` these exensions, so we must.
+#
+# It's possible that we could save a few milliseconds by loading only the
+# specific core extensions we need, but `all.rb` is simpler. We can revisit this
+# decision if it becomes a problem.
 require "active_support/all"
 
 require "active_record"
@@ -9,57 +13,32 @@ require "active_record"
 path = File.dirname(__FILE__) + "/authlogic/"
 
 [
- "i18n",
- "random",
- "regex",
- "config",
-
- "controller_adapters/abstract_adapter",
-
- "crypto_providers",
-
- "authenticates_many/base",
- "authenticates_many/association",
-
- "acts_as_authentic/email",
- "acts_as_authentic/logged_in_status",
- "acts_as_authentic/login",
- "acts_as_authentic/magic_columns",
- "acts_as_authentic/password",
- "acts_as_authentic/perishable_token",
- "acts_as_authentic/persistence_token",
- "acts_as_authentic/restful_authentication",
- "acts_as_authentic/session_maintenance",
- "acts_as_authentic/single_access_token",
- "acts_as_authentic/validations_scope",
- "acts_as_authentic/base",
-
- "session/activation",
- "session/active_record_trickery",
- "session/brute_force_protection",
- "session/callbacks",
- "session/cookies",
- "session/existence",
- "session/foundation",
- "session/http_auth",
- "session/id",
- "session/klass",
- "session/magic_columns",
- "session/magic_states",
- "session/params",
- "session/password",
- "session/perishable_token",
- "session/persistence",
- "session/priority_record",
- "session/scopes",
- "session/session",
- "session/timeout",
- "session/unauthorized_record",
- "session/validation",
- "session/base"
+  "errors",
+  "i18n",
+  "random",
+  "config",
+
+  "controller_adapters/abstract_adapter",
+  "cookie_credentials",
+
+  "crypto_providers",
+
+  "acts_as_authentic/email",
+  "acts_as_authentic/logged_in_status",
+  "acts_as_authentic/login",
+  "acts_as_authentic/magic_columns",
+  "acts_as_authentic/password",
+  "acts_as_authentic/perishable_token",
+  "acts_as_authentic/persistence_token",
+  "acts_as_authentic/session_maintenance",
+  "acts_as_authentic/single_access_token",
+  "acts_as_authentic/base",
+
+  "session/magic_column/assigns_last_request_at",
+  "session/base"
 ].each do |library|
-   require path + library
- end
+  require path + library
+end
 
 require path + "controller_adapters/rails_adapter"   if defined?(Rails)
 require path + "controller_adapters/sinatra_adapter" if defined?(Sinatra)