authlogic 4.1.0 → 4.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/.rubocop.yml +0 -4
  4. data/.rubocop_todo.yml +32 -33
  5. data/CHANGELOG.md +15 -0
  6. data/Rakefile +2 -4
  7. data/authlogic.gemspec +2 -1
  8. data/lib/authlogic/acts_as_authentic/base.rb +13 -13
  9. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +3 -3
  10. data/lib/authlogic/acts_as_authentic/login.rb +4 -4
  11. data/lib/authlogic/acts_as_authentic/password.rb +99 -98
  12. data/lib/authlogic/acts_as_authentic/persistence_token.rb +3 -3
  13. data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +32 -32
  14. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +14 -14
  15. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +60 -60
  16. data/lib/authlogic/acts_as_authentic/single_access_token.rb +6 -6
  17. data/lib/authlogic/authenticates_many/association.rb +3 -3
  18. data/lib/authlogic/config.rb +9 -9
  19. data/lib/authlogic/controller_adapters/abstract_adapter.rb +28 -8
  20. data/lib/authlogic/controller_adapters/rails_adapter.rb +3 -3
  21. data/lib/authlogic/crypto_providers/aes256.rb +20 -20
  22. data/lib/authlogic/crypto_providers/bcrypt.rb +8 -8
  23. data/lib/authlogic/crypto_providers/scrypt.rb +8 -8
  24. data/lib/authlogic/session/activation.rb +3 -3
  25. data/lib/authlogic/session/brute_force_protection.rb +32 -32
  26. data/lib/authlogic/session/callbacks.rb +49 -35
  27. data/lib/authlogic/session/cookies.rb +58 -49
  28. data/lib/authlogic/session/foundation.rb +3 -3
  29. data/lib/authlogic/session/id.rb +9 -4
  30. data/lib/authlogic/session/klass.rb +6 -6
  31. data/lib/authlogic/session/magic_columns.rb +5 -17
  32. data/lib/authlogic/session/params.rb +3 -0
  33. data/lib/authlogic/session/password.rb +105 -104
  34. data/lib/authlogic/session/perishable_token.rb +5 -5
  35. data/lib/authlogic/session/persistence.rb +5 -4
  36. data/lib/authlogic/session/priority_record.rb +8 -8
  37. data/lib/authlogic/session/scopes.rb +23 -23
  38. data/lib/authlogic/session/timeout.rb +11 -11
  39. data/lib/authlogic/session/unauthorized_record.rb +6 -6
  40. data/lib/authlogic/session/validation.rb +9 -9
  41. data/lib/authlogic/test_case.rb +5 -0
  42. data/lib/authlogic/test_case/mock_request.rb +2 -2
  43. data/lib/authlogic/version.rb +4 -3
  44. data/test/acts_as_authentic_test/password_test.rb +23 -23
  45. data/test/test_helper.rb +96 -93
  46. metadata +18 -4
@@ -54,9 +54,9 @@ module Authlogic
54
54
 
55
55
  private
56
56
 
57
- def reset_persistence_token?
58
- persistence_token.blank?
59
- end
57
+ def reset_persistence_token?
58
+ persistence_token.blank?
59
+ end
60
60
  end
61
61
  end
62
62
  end
@@ -26,41 +26,41 @@ module Authlogic
26
26
 
27
27
  private
28
28
 
29
- # @api private
30
- def bind(relation)
31
- if AR_GEM_VERSION >= Gem::Version.new("5")
32
- bind = ActiveRecord::Relation::QueryAttribute.new(
33
- @field,
34
- @value,
35
- ActiveRecord::Type::Value.new
36
- )
37
- @model_class.where(relation, bind)
38
- else
39
- @model_class.where(relation)
40
- end
29
+ # @api private
30
+ def bind(relation)
31
+ if AR_GEM_VERSION >= Gem::Version.new("5")
32
+ bind = ActiveRecord::Relation::QueryAttribute.new(
33
+ @field,
34
+ @value,
35
+ ActiveRecord::Type::Value.new
36
+ )
37
+ @model_class.where(relation, bind)
38
+ else
39
+ @model_class.where(relation)
41
40
  end
41
+ end
42
42
 
43
- # @api private
44
- def relation
45
- if !@sensitive
46
- @model_class.connection.case_insensitive_comparison(
47
- @model_class.arel_table,
48
- @field,
49
- @model_class.columns_hash[@field],
50
- @value
51
- )
52
- elsif AR_GEM_VERSION >= Gem::Version.new("5.0")
53
- @model_class.connection.case_sensitive_comparison(
54
- @model_class.arel_table,
55
- @field,
56
- @model_class.columns_hash[@field],
57
- @value
58
- )
59
- else
60
- value = @model_class.connection.case_sensitive_modifier(@value, @field)
61
- @model_class.arel_table[@field].eq(value)
62
- end
43
+ # @api private
44
+ def relation
45
+ if !@sensitive
46
+ @model_class.connection.case_insensitive_comparison(
47
+ @model_class.arel_table,
48
+ @field,
49
+ @model_class.columns_hash[@field],
50
+ @value
51
+ )
52
+ elsif AR_GEM_VERSION >= Gem::Version.new("5.0")
53
+ @model_class.connection.case_sensitive_comparison(
54
+ @model_class.arel_table,
55
+ @field,
56
+ @model_class.columns_hash[@field],
57
+ @value
58
+ )
59
+ else
60
+ value = @model_class.connection.case_sensitive_modifier(@value, @field)
61
+ @model_class.arel_table[@field].eq(value)
63
62
  end
63
+ end
64
64
  end
65
65
  end
66
66
  end
@@ -69,24 +69,24 @@ module Authlogic
69
69
 
70
70
  private
71
71
 
72
- def set_restful_authentication_config
73
- self.restful_auth_crypto_provider = CryptoProviders::Sha1
74
- if !defined?(::REST_AUTH_SITE_KEY) || ::REST_AUTH_SITE_KEY.nil?
75
- unless defined?(::REST_AUTH_SITE_KEY)
76
- class_eval("::REST_AUTH_SITE_KEY = ''", __FILE__, __LINE__)
77
- end
78
- CryptoProviders::Sha1.stretches = 1
72
+ def set_restful_authentication_config
73
+ self.restful_auth_crypto_provider = CryptoProviders::Sha1
74
+ if !defined?(::REST_AUTH_SITE_KEY) || ::REST_AUTH_SITE_KEY.nil?
75
+ unless defined?(::REST_AUTH_SITE_KEY)
76
+ class_eval("::REST_AUTH_SITE_KEY = ''", __FILE__, __LINE__)
79
77
  end
78
+ CryptoProviders::Sha1.stretches = 1
80
79
  end
80
+ end
81
81
 
82
- # @api private
83
- def restful_auth_crypto_provider=(provider)
84
- if act_like_restful_authentication
85
- self.crypto_provider = provider
86
- else
87
- self.transition_from_crypto_providers = provider
88
- end
82
+ # @api private
83
+ def restful_auth_crypto_provider=(provider)
84
+ if act_like_restful_authentication
85
+ self.crypto_provider = provider
86
+ else
87
+ self.transition_from_crypto_providers = provider
89
88
  end
89
+ end
90
90
  end
91
91
 
92
92
  # :nodoc:
@@ -100,82 +100,82 @@ module Authlogic
100
100
 
101
101
  private
102
102
 
103
- def skip_session_maintenance=(value)
104
- @skip_session_maintenance = value
105
- end
103
+ def skip_session_maintenance=(value)
104
+ @skip_session_maintenance = value
105
+ end
106
106
 
107
- def skip_session_maintenance
108
- @skip_session_maintenance ||= false
109
- end
107
+ def skip_session_maintenance
108
+ @skip_session_maintenance ||= false
109
+ end
110
110
 
111
- def update_sessions?
112
- !skip_session_maintenance &&
113
- session_class &&
114
- session_class.activated? &&
115
- maintain_session? &&
116
- !session_ids.blank? &&
117
- persistence_token_changed?
118
- end
111
+ def update_sessions?
112
+ !skip_session_maintenance &&
113
+ session_class &&
114
+ session_class.activated? &&
115
+ maintain_session? &&
116
+ !session_ids.blank? &&
117
+ persistence_token_changed?
118
+ end
119
119
 
120
- def maintain_session?
121
- log_in_after_create? || log_in_after_password_change?
122
- end
120
+ def maintain_session?
121
+ log_in_after_create? || log_in_after_password_change?
122
+ end
123
123
 
124
- def get_session_information
125
- # Need to determine if we are completely logged out, or logged in as
126
- # another user.
127
- @_sessions = []
124
+ def get_session_information
125
+ # Need to determine if we are completely logged out, or logged in as
126
+ # another user.
127
+ @_sessions = []
128
128
 
129
- session_ids.each do |session_id|
130
- session = session_class.find(session_id, self)
131
- @_sessions << session if session && session.record
132
- end
129
+ session_ids.each do |session_id|
130
+ session = session_class.find(session_id, self)
131
+ @_sessions << session if session && session.record
133
132
  end
133
+ end
134
134
 
135
- def maintain_sessions
136
- if @_sessions.empty?
137
- create_session
138
- else
139
- update_sessions
140
- end
135
+ def maintain_sessions
136
+ if @_sessions.empty?
137
+ create_session
138
+ else
139
+ update_sessions
141
140
  end
141
+ end
142
142
 
143
- def create_session
144
- # We only want to automatically login into the first session, since
145
- # this is the main session. The other sessions are sessions that
146
- # need to be created after logging into the main session.
147
- session_id = session_ids.first
148
- session_class.create(*[self, self, session_id].compact)
149
-
150
- true
151
- end
143
+ def create_session
144
+ # We only want to automatically login into the first session, since
145
+ # this is the main session. The other sessions are sessions that
146
+ # need to be created after logging into the main session.
147
+ session_id = session_ids.first
148
+ session_class.create(*[self, self, session_id].compact)
152
149
 
153
- def update_sessions
154
- # We found sessions above, let's update them with the new info
155
- @_sessions.each do |stale_session|
156
- next if stale_session.record != self
157
- stale_session.unauthorized_record = self
158
- stale_session.save
159
- end
150
+ true
151
+ end
160
152
 
161
- true
153
+ def update_sessions
154
+ # We found sessions above, let's update them with the new info
155
+ @_sessions.each do |stale_session|
156
+ next if stale_session.record != self
157
+ stale_session.unauthorized_record = self
158
+ stale_session.save
162
159
  end
163
160
 
164
- def session_ids
165
- self.class.session_ids
166
- end
161
+ true
162
+ end
167
163
 
168
- def session_class
169
- self.class.session_class
170
- end
164
+ def session_ids
165
+ self.class.session_ids
166
+ end
171
167
 
172
- def log_in_after_create?
173
- new_record? && self.class.log_in_after_create
174
- end
168
+ def session_class
169
+ self.class.session_class
170
+ end
175
171
 
176
- def log_in_after_password_change?
177
- persistence_token_changed? && self.class.log_in_after_password_change
178
- end
172
+ def log_in_after_create?
173
+ new_record? && self.class.log_in_after_create
174
+ end
175
+
176
+ def log_in_after_password_change?
177
+ persistence_token_changed? && self.class.log_in_after_password_change
178
+ end
179
179
  end
180
180
  end
181
181
  end
@@ -67,13 +67,13 @@ module Authlogic
67
67
 
68
68
  protected
69
69
 
70
- def reset_single_access_token?
71
- single_access_token.blank?
72
- end
70
+ def reset_single_access_token?
71
+ single_access_token.blank?
72
+ end
73
73
 
74
- def change_single_access_token_with_password?
75
- self.class.change_single_access_token_with_password == true
76
- end
74
+ def change_single_access_token_with_password?
75
+ self.class.change_single_access_token_with_password == true
76
+ end
77
77
  end
78
78
  end
79
79
  end
@@ -42,9 +42,9 @@ module Authlogic
42
42
 
43
43
  private
44
44
 
45
- def scope_options
46
- { find_options: find_options, id: id }
47
- end
45
+ def scope_options
46
+ { find_options: find_options, id: id }
47
+ end
48
48
  end
49
49
  end
50
50
  end
@@ -9,15 +9,15 @@ module Authlogic
9
9
 
10
10
  private
11
11
 
12
- # This is a one-liner method to write a config setting, read the config
13
- # setting, and also set a default value for the setting.
14
- def rw_config(key, value, default_value = nil)
15
- if value.nil?
16
- acts_as_authentic_config.include?(key) ? acts_as_authentic_config[key] : default_value
17
- else
18
- self.acts_as_authentic_config = acts_as_authentic_config.merge(key => value)
19
- value
20
- end
12
+ # This is a one-liner method to write a config setting, read the config
13
+ # setting, and also set a default value for the setting.
14
+ def rw_config(key, value, default_value = nil)
15
+ if value.nil?
16
+ acts_as_authentic_config.include?(key) ? acts_as_authentic_config[key] : default_value
17
+ else
18
+ self.acts_as_authentic_config = acts_as_authentic_config.merge(key => value)
19
+ value
21
20
  end
21
+ end
22
22
  end
23
23
  end
@@ -53,12 +53,32 @@ module Authlogic
53
53
  controller.send(:single_access_allowed?)
54
54
  end
55
55
 
56
- def responds_to_last_request_update_allowed?
57
- controller.respond_to?(:last_request_update_allowed?, true)
58
- end
59
-
56
+ # You can disable the updating of `last_request_at`
57
+ # on a per-controller basis.
58
+ #
59
+ # # in your controller
60
+ # def last_request_update_allowed?
61
+ # false
62
+ # end
63
+ #
64
+ # For example, what if you had a javascript function that polled the
65
+ # server updating how much time is left in their session before it
66
+ # times out. Obviously you would want to ignore this request, because
67
+ # then the user would never time out. So you can do something like
68
+ # this in your controller:
69
+ #
70
+ # def last_request_update_allowed?
71
+ # action_name != "update_session_time_left"
72
+ # end
73
+ #
74
+ # See `authlogic/session/magic_columns.rb` to learn more about the
75
+ # `last_request_at` column itself.
60
76
  def last_request_update_allowed?
61
- controller.send(:last_request_update_allowed?)
77
+ if controller.respond_to?(:last_request_update_allowed?, true)
78
+ controller.send(:last_request_update_allowed?)
79
+ else
80
+ true
81
+ end
62
82
  end
63
83
 
64
84
  def respond_to_missing?(*args)
@@ -67,9 +87,9 @@ module Authlogic
67
87
 
68
88
  private
69
89
 
70
- def method_missing(id, *args, &block)
71
- controller.send(id, *args, &block)
72
- end
90
+ def method_missing(id, *args, &block)
91
+ controller.send(id, *args, &block)
92
+ end
73
93
  end
74
94
  end
75
95
  end
@@ -56,9 +56,9 @@ module Authlogic
56
56
 
57
57
  private
58
58
 
59
- def activate_authlogic
60
- Authlogic::Session::Base.controller = RailsAdapter.new(self)
61
- end
59
+ def activate_authlogic
60
+ Authlogic::Session::Base.controller = RailsAdapter.new(self)
61
+ end
62
62
  end
63
63
  end
64
64
  end
@@ -37,29 +37,29 @@ module Authlogic
37
37
 
38
38
  private
39
39
 
40
- def aes
41
- if @key.blank?
42
- raise ArgumentError.new(
43
- "You must provide a key like #{name}.key = my_key before using the #{name}"
44
- )
45
- end
46
-
47
- @aes ||= openssl_cipher_class.new("AES-256-ECB")
40
+ def aes
41
+ if @key.blank?
42
+ raise ArgumentError.new(
43
+ "You must provide a key like #{name}.key = my_key before using the #{name}"
44
+ )
48
45
  end
49
46
 
50
- # `::OpenSSL::Cipher::Cipher` has been deprecated since at least 2014,
51
- # in favor of `::OpenSSL::Cipher`, but a deprecation warning was not
52
- # printed until 2016
53
- # (https://github.com/ruby/openssl/commit/5c20a4c014) when openssl
54
- # became a gem. Its first release as a gem was 2.0.0, in ruby 2.4.
55
- # (See https://github.com/ruby/ruby/blob/v2_4_0/NEWS)
56
- def openssl_cipher_class
57
- if ::Gem::Version.new(::OpenSSL::VERSION) < ::Gem::Version.new("2.0.0")
58
- ::OpenSSL::Cipher::Cipher
59
- else
60
- ::OpenSSL::Cipher
61
- end
47
+ @aes ||= openssl_cipher_class.new("AES-256-ECB")
48
+ end
49
+
50
+ # `::OpenSSL::Cipher::Cipher` has been deprecated since at least 2014,
51
+ # in favor of `::OpenSSL::Cipher`, but a deprecation warning was not
52
+ # printed until 2016
53
+ # (https://github.com/ruby/openssl/commit/5c20a4c014) when openssl
54
+ # became a gem. Its first release as a gem was 2.0.0, in ruby 2.4.
55
+ # (See https://github.com/ruby/ruby/blob/v2_4_0/NEWS)
56
+ def openssl_cipher_class
57
+ if ::Gem::Version.new(::OpenSSL::VERSION) < ::Gem::Version.new("2.0.0")
58
+ ::OpenSSL::Cipher::Cipher
59
+ else
60
+ ::OpenSSL::Cipher
62
61
  end
62
+ end
63
63
  end
64
64
  end
65
65
  end
@@ -98,15 +98,15 @@ module Authlogic
98
98
 
99
99
  private
100
100
 
101
- def join_tokens(tokens)
102
- tokens.flatten.join
103
- end
101
+ def join_tokens(tokens)
102
+ tokens.flatten.join
103
+ end
104
104
 
105
- def new_from_hash(hash)
106
- ::BCrypt::Password.new(hash)
107
- rescue ::BCrypt::Errors::InvalidHash
108
- nil
109
- end
105
+ def new_from_hash(hash)
106
+ ::BCrypt::Password.new(hash)
107
+ rescue ::BCrypt::Errors::InvalidHash
108
+ nil
109
+ end
110
110
  end
111
111
  end
112
112
  end