authlogic 4.0.1 → 4.1.0

data/lib/authlogic/acts_as_authentic/logged_in_status.rb

@@ -1,9 +1,10 @@
 module Authlogic
   module ActsAsAuthentic
-    # Since web applications are stateless there is not sure fire way to tell if a user is logged in or not,
-    # from the database perspective. The best way to do this is to provide a "timeout" based on inactivity.
-    # So if that user is inactive for a certain amount of time we assume they are logged out. That's what this
-    # module is all about.
+    # Since web applications are stateless there is not sure fire way to tell if
+    # a user is logged in or not, from the database perspective. The best way to
+    # do this is to provide a "timeout" based on inactivity. So if that user is
+    # inactive for a certain amount of time we assume they are logged out.
+    # That's what this module is all about.
     module LoggedInStatus
       def self.included(klass)
         klass.class_eval do
@@ -52,11 +53,15 @@ module Authlogic
           end
         end
 
+        # :nodoc:
         module InstanceMethods
           # Returns true if the last_request_at > logged_in_timeout.
           def logged_in?
             unless respond_to?(:last_request_at)
-              raise "Can not determine the records login state because there is no last_request_at column"
+              raise(
+                "Can not determine the records login state because " \
+                  "there is no last_request_at column"
+              )
             end
             !last_request_at.nil? && last_request_at > logged_in_timeout.seconds.ago
           end

data/lib/authlogic/acts_as_authentic/login.rb

@@ -1,4 +1,4 @@
-require 'authlogic/acts_as_authentic/queries/find_with_case'
+require "authlogic/acts_as_authentic/queries/find_with_case"
 
 module Authlogic
   module ActsAsAuthentic
@@ -44,7 +44,10 @@ module Authlogic
         def validates_length_of_login_field_options(value = nil)
           rw_config(:validates_length_of_login_field_options, value, within: 3..100)
         end
-        alias_method :validates_length_of_login_field_options=, :validates_length_of_login_field_options
+        alias_method(
+          :validates_length_of_login_field_options=,
+          :validates_length_of_login_field_options
+        )
 
         # A convenience function to merge options into the
         # validates_length_of_login_field_options. So instead of:
@@ -85,16 +88,19 @@ module Authlogic
           rw_config(
             :validates_format_of_login_field_options,
             value,
-            with: Authlogic::Regex.login,
+            with: Authlogic::Regex::LOGIN,
             message: proc do
                        I18n.t(
-                         'error_messages.login_invalid',
+                         "error_messages.login_invalid",
                          default: "should use only letters, numbers, spaces, and .-_@+ please."
                        )
                      end
           )
         end
-        alias_method :validates_format_of_login_field_options=, :validates_format_of_login_field_options
+        alias_method(
+          :validates_format_of_login_field_options=,
+          :validates_format_of_login_field_options
+        )
 
         # See merge_validates_length_of_login_field_options. The same thing,
         # except for validates_format_of_login_field_options

data/lib/authlogic/acts_as_authentic/password.rb

@@ -22,7 +22,13 @@ module Authlogic
           rw_config(
             :crypted_password_field,
             value,
-            first_column_to_exist(nil, :crypted_password, :encrypted_password, :password_hash, :pw_hash)
+            first_column_to_exist(
+              nil,
+              :crypted_password,
+              :encrypted_password,
+              :password_hash,
+              :pw_hash
+            )
           )
         end
         alias_method :crypted_password_field=, :crypted_password_field
@@ -99,17 +105,25 @@ module Authlogic
         # A hash of options for the validates_length_of call for the password field.
         # Allows you to change this however you want.
         #
-        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so
-        # you can completely replace the hash or merge options into it. Checkout the
-        # convenience function merge_validates_length_of_password_field_options to merge
-        # options.</b>
+        # **Keep in mind this is ruby. I wanted to keep this as flexible as
+        # possible, so you can completely replace the hash or merge options into
+        # it. Checkout the convenience function
+        # merge_validates_length_of_password_field_options to merge options.**
         #
         # * <tt>Default:</tt> {:minimum => 8, :if => :require_password?}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_password_field_options(value = nil)
-          rw_config(:validates_length_of_password_field_options, value, minimum: 8, if: :require_password?)
+          rw_config(
+            :validates_length_of_password_field_options,
+            value,
+            minimum: 8,
+            if: :require_password?
+          )
         end
-        alias_method :validates_length_of_password_field_options=, :validates_length_of_password_field_options
+        alias_method(
+          :validates_length_of_password_field_options=,
+          :validates_length_of_password_field_options
+        )
 
         # A convenience function to merge options into the
         # validates_length_of_login_field_options. So instead of:
@@ -125,18 +139,22 @@ module Authlogic
             validates_length_of_password_field_options.merge(options)
         end
 
-        # A hash of options for the validates_confirmation_of call for the password field.
-        # Allows you to change this however you want.
+        # A hash of options for the validates_confirmation_of call for the
+        # password field. Allows you to change this however you want.
         #
-        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so
-        # you can completely replace the hash or merge options into it. Checkout the
-        # convenience function merge_validates_length_of_password_field_options to merge
-        # options.</b>
+        # **Keep in mind this is ruby. I wanted to keep this as flexible as
+        # possible, so you can completely replace the hash or merge options into
+        # it. Checkout the convenience function
+        # merge_validates_length_of_password_field_options to merge options.**
         #
         # * <tt>Default:</tt> {:if => :require_password?}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_confirmation_of
         def validates_confirmation_of_password_field_options(value = nil)
-          rw_config(:validates_confirmation_of_password_field_options, value, if: :require_password?)
+          rw_config(
+            :validates_confirmation_of_password_field_options,
+            value,
+            if: :require_password?
+          )
         end
         alias_method :validates_confirmation_of_password_field_options=,
           :validates_confirmation_of_password_field_options
@@ -188,31 +206,41 @@ module Authlogic
         end
         alias_method :crypto_provider=, :crypto_provider
 
-        # Let's say you originally encrypted your passwords with Sha1. Sha1 is starting to
-        # join the party with MD5 and you want to switch to something stronger. No
-        # problem, just specify your new and improved algorithm with the crypt_provider
-        # option and then let Authlogic know you are transitioning from Sha1 using this
-        # option. Authlogic will take care of everything, including transitioning your
-        # users to the new algorithm. The next time a user logs in, they will be granted
-        # access using the old algorithm and their password will be resaved with the new
-        # algorithm. All new users will obviously use the new algorithm as well.
+        # Let's say you originally encrypted your passwords with Sha1. Sha1 is
+        # starting to join the party with MD5 and you want to switch to
+        # something stronger. No problem, just specify your new and improved
+        # algorithm with the crypt_provider option and then let Authlogic know
+        # you are transitioning from Sha1 using this option. Authlogic will take
+        # care of everything, including transitioning your users to the new
+        # algorithm. The next time a user logs in, they will be granted access
+        # using the old algorithm and their password will be resaved with the
+        # new algorithm. All new users will obviously use the new algorithm as
+        # well.
         #
-        # Lastly, if you want to transition again, you can pass an array of crypto
-        # providers. So you can transition from as many algorithms as you want.
+        # Lastly, if you want to transition again, you can pass an array of
+        # crypto providers. So you can transition from as many algorithms as you
+        # want.
         #
         # * <tt>Default:</tt> nil
         # * <tt>Accepts:</tt> Class or Array
         def transition_from_crypto_providers(value = nil)
-          rw_config(:transition_from_crypto_providers, (!value.nil? && [value].flatten.compact) || value, [])
+          rw_config(
+            :transition_from_crypto_providers,
+            (!value.nil? && [value].flatten.compact) || value,
+            []
+          )
         end
         alias_method :transition_from_crypto_providers=, :transition_from_crypto_providers
       end
 
       # Callbacks / hooks to allow other modules to modify the behavior of this module.
       module Callbacks
-        METHODS = [
-          "before_password_set", "after_password_set",
-          "before_password_verification", "after_password_verification"
+        # Does the order of this array matter?
+        METHODS = %w[
+          before_password_set
+          after_password_set
+          before_password_verification
+          after_password_verification
         ].freeze
 
         def self.included(klass)
@@ -220,10 +248,9 @@ module Authlogic
           klass.define_callbacks(*METHODS)
 
           # If Rails 3, support the new callback syntax
-          singleton_class_method_name = klass.respond_to?(:singleton_class) ? :singleton_class : :metaclass
-          if klass.send(singleton_class_method_name).method_defined?(:set_callback)
+          if klass.singleton_class.method_defined?(:set_callback)
             METHODS.each do |method|
-              klass.class_eval <<-EOS, __FILE__, __LINE__
+              klass.class_eval <<-EOS, __FILE__, __LINE__ + 1
                 def self.#{method}(*methods, &block)
                   set_callback :#{method}, *methods, &block
                 end
@@ -237,7 +264,7 @@ module Authlogic
         # by using calling `private` here in the module. Maybe we can set the
         # privacy inside `included`?
         METHODS.each do |method|
-          class_eval <<-EOS, __FILE__, __LINE__
+          class_eval <<-EOS, __FILE__, __LINE__ + 1
             def #{method}
               run_callbacks(:#{method}) { |result, object| result == false }
             end
@@ -272,6 +299,7 @@ module Authlogic
           end
         end
 
+        # :nodoc:
         module InstanceMethods
           # The password
           def password
@@ -284,40 +312,48 @@ module Authlogic
             return if ignore_blank_passwords? && pass.blank?
             before_password_set
             @password = pass
-            send("#{password_salt_field}=", Authlogic::Random.friendly_token) if password_salt_field
-            encryptor_arguments_type = act_like_restful_authentication? ? :restful_authentication : nil
+            if password_salt_field
+              send("#{password_salt_field}=", Authlogic::Random.friendly_token)
+            end
+            encryptor_args_type = act_like_restful_authentication? ? :restful_authentication : nil
             send(
               "#{crypted_password_field}=",
-              crypto_provider.encrypt(*encrypt_arguments(@password, false, encryptor_arguments_type))
+              crypto_provider.encrypt(
+                *encrypt_arguments(@password, false, encryptor_args_type)
+              )
             )
             @password_changed = true
             after_password_set
           end
 
-          # Accepts a raw password to determine if it is the correct password or not.
-          # Notice the second argument. That defaults to the value of
-          # check_passwords_against_database. See that method for more information, but
-          # basically it just tells Authlogic to check the password against the value in
-          # the database or the value in the object.
-          def valid_password?(attempted_password, check_against_database = check_passwords_against_database?)
-            crypted =
-              if check_against_database && send("#{crypted_password_field}_changed?")
-                send("#{crypted_password_field}_was")
-              else
-                send(crypted_password_field)
-              end
-
+          # Accepts a raw password to determine if it is the correct password.
+          #
+          # - attempted_password [String] - password entered by user
+          # - check_against_database [boolean] - Should we check the password
+          #   against the value in the database or the value in the object?
+          #   Default taken from config option check_passwords_against_database.
+          #   See config method for more information.
+          def valid_password?(
+            attempted_password,
+            check_against_database = check_passwords_against_database?
+          )
+            crypted = crypted_password_to_validate_against(check_against_database)
             return false if attempted_password.blank? || crypted.blank?
             before_password_verification
 
             crypto_providers.each_with_index do |encryptor, index|
-              if encryptor_matches?(crypted, encryptor, index, attempted_password, check_against_database)
-                if transition_password?(index, encryptor, check_against_database)
-                  transition_password(attempted_password)
-                end
-                after_password_verification
-                return true
+              next unless encryptor_matches?(
+                crypted,
+                encryptor,
+                index,
+                attempted_password,
+                check_against_database
+              )
+              if transition_password?(index, encryptor, check_against_database)
+                transition_password(attempted_password)
               end
+              after_password_verification
+              return true
             end
 
             false
@@ -340,6 +376,14 @@ module Authlogic
 
           private
 
+            def crypted_password_to_validate_against(check_against_database)
+              if check_against_database && send("#{crypted_password_field}_changed?")
+                send("#{crypted_password_field}_was")
+              else
+                send(crypted_password_field)
+              end
+            end
+
             def check_passwords_against_database?
               self.class.check_passwords_against_database == true
             end
@@ -372,15 +416,25 @@ module Authlogic
             end
 
             # Given `encryptor`, does `attempted_password` match the `crypted` password?
-            def encryptor_matches?(crypted, encryptor, index, attempted_password, check_against_database)
+            def encryptor_matches?(
+              crypted,
+              encryptor,
+              index,
+              attempted_password,
+              check_against_database
+            )
               # The arguments_type for the transitioning from restful_authentication
-              acting_restful = act_like_restful_authentication? && index == 0
+              acting_restful = act_like_restful_authentication? && index.zero?
               transitioning = transition_from_restful_authentication? &&
                 index > 0 &&
                 encryptor == Authlogic::CryptoProviders::Sha1
               restful = acting_restful || transitioning
               arguments_type = restful ? :restful_authentication : nil
-              encryptor_args = encrypt_arguments(attempted_password, check_against_database, arguments_type)
+              encryptor_args = encrypt_arguments(
+                attempted_password,
+                check_against_database,
+                arguments_type
+              )
               encryptor.matches?(crypted, *encryptor_args)
             end
 

data/lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -27,7 +27,11 @@ module Authlogic
         # * <tt>Default:</tt> 10.minutes
         # * <tt>Accepts:</tt> Fixnum
         def perishable_token_valid_for(value = nil)
-          rw_config(:perishable_token_valid_for, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
+          rw_config(
+            :perishable_token_valid_for,
+            (!value.nil? && value.to_i) || value,
+            10.minutes.to_i
+          )
         end
         alias_method :perishable_token_valid_for=, :perishable_token_valid_for
 
@@ -69,7 +73,7 @@ module Authlogic
           # second parameter:
           #
           #   User.find_using_perishable_token(token, 1.hour)
-          def find_using_perishable_token(token, age = self.perishable_token_valid_for)
+          def find_using_perishable_token(token, age = perishable_token_valid_for)
             return if token.blank?
             age = age.to_i
 

data/lib/authlogic/acts_as_authentic/persistence_token.rb

@@ -34,7 +34,7 @@ module Authlogic
           # all users to re-authenticate.
           def forget_all
             # Paginate these to save on memory
-            find_each(batch_size: 50) { |record| record.forget! }
+            find_each(batch_size: 50, &:forget!)
           end
         end
 

data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb

@@ -28,7 +28,7 @@ module Authlogic
 
           # @api private
           def bind(relation)
-            if AR_GEM_VERSION >= Gem::Version.new('5')
+            if AR_GEM_VERSION >= Gem::Version.new("5")
               bind = ActiveRecord::Relation::QueryAttribute.new(
                 @field,
                 @value,
@@ -49,7 +49,7 @@ module Authlogic
                 @model_class.columns_hash[@field],
                 @value
               )
-            elsif AR_GEM_VERSION >= Gem::Version.new('5.0')
+            elsif AR_GEM_VERSION >= Gem::Version.new("5.0")
               @model_class.connection.case_sensitive_comparison(
                 @model_class.arel_table,
                 @field,

data/lib/authlogic/acts_as_authentic/restful_authentication.rb

@@ -10,7 +10,18 @@ module Authlogic
         end
       end
 
+      # Configures the restful_authentication aspect of acts_as_authentic.
+      # These methods become class methods of ::ActiveRecord::Base.
       module Config
+        DPR_MSG = <<-STR.squish
+          Support for transitioning to authlogic from restful_authentication
+          (%s) is deprecated without replacement. restful_authentication is no
+          longer used in the ruby community, and the transition away from it is
+          complete. There is only one version of restful_authentication on
+          rubygems.org, it was released in 2009, and it's only compatible with
+          rails 2.3. It has been nine years since it was released.
+        STR
+
         # Switching an existing app to Authlogic from restful_authentication? No
         # problem, just set this true and your users won't know anything
         # changed. From your database perspective nothing will change at all.
@@ -26,7 +37,14 @@ module Authlogic
           set_restful_authentication_config if value
           r
         end
-        alias_method :act_like_restful_authentication=, :act_like_restful_authentication
+
+        def act_like_restful_authentication=(value = nil)
+          ::ActiveSupport::Deprecation.warn(
+            format(DPR_MSG, "act_like_restful_authentication="),
+            caller(1)
+          )
+          act_like_restful_authentication(value)
+        end
 
         # This works just like act_like_restful_authentication except that it
         # will start transitioning your users to the algorithm you specify with
@@ -40,14 +58,23 @@ module Authlogic
           set_restful_authentication_config if value
           r
         end
-        alias_method :transition_from_restful_authentication=, :transition_from_restful_authentication
+
+        def transition_from_restful_authentication=(value = nil)
+          ::ActiveSupport::Deprecation.warn(
+            format(DPR_MSG, "transition_from_restful_authentication="),
+            caller(1)
+          )
+          transition_from_restful_authentication(value)
+        end
 
         private
 
           def set_restful_authentication_config
             self.restful_auth_crypto_provider = CryptoProviders::Sha1
             if !defined?(::REST_AUTH_SITE_KEY) || ::REST_AUTH_SITE_KEY.nil?
-              class_eval("::REST_AUTH_SITE_KEY = ''") unless defined?(::REST_AUTH_SITE_KEY)
+              unless defined?(::REST_AUTH_SITE_KEY)
+                class_eval("::REST_AUTH_SITE_KEY = ''", __FILE__, __LINE__)
+              end
               CryptoProviders::Sha1.stretches = 1
             end
           end
@@ -62,6 +89,7 @@ module Authlogic
           end
       end
 
+      # :nodoc:
       module InstanceMethods
         private