authlogic 4.1.0 → 4.1.1

data/lib/authlogic/crypto_providers/scrypt.rb

@@ -75,15 +75,15 @@ module Authlogic
 
         private
 
-          def join_tokens(tokens)
-            tokens.flatten.join
-          end
+        def join_tokens(tokens)
+          tokens.flatten.join
+        end
 
-          def new_from_hash(hash)
-            ::SCrypt::Password.new(hash)
-          rescue ::SCrypt::Errors::InvalidHash
-            nil
-          end
+        def new_from_hash(hash)
+          ::SCrypt::Password.new(hash)
+        rescue ::SCrypt::Errors::InvalidHash
+          nil
+        end
       end
     end
   end

data/lib/authlogic/session/activation.rb

@@ -64,9 +64,9 @@ module Authlogic
 
         private
 
-          def controller
-            self.class.controller
-          end
+        def controller
+          self.class.controller
+        end
       end
     end
   end

data/lib/authlogic/session/brute_force_protection.rb

@@ -83,44 +83,44 @@ module Authlogic
 
         private
 
-          def exceeded_failed_logins_limit?
-            !attempted_record.nil? &&
-              attempted_record.respond_to?(:failed_login_count) &&
-              consecutive_failed_logins_limit > 0 &&
-              attempted_record.failed_login_count &&
-              attempted_record.failed_login_count >= consecutive_failed_logins_limit
-          end
+        def exceeded_failed_logins_limit?
+          !attempted_record.nil? &&
+            attempted_record.respond_to?(:failed_login_count) &&
+            consecutive_failed_logins_limit > 0 &&
+            attempted_record.failed_login_count &&
+            attempted_record.failed_login_count >= consecutive_failed_logins_limit
+        end
 
-          def reset_failed_login_count?
-            exceeded_failed_logins_limit? && !being_brute_force_protected?
-          end
+        def reset_failed_login_count?
+          exceeded_failed_logins_limit? && !being_brute_force_protected?
+        end
 
-          def reset_failed_login_count
-            attempted_record.failed_login_count = 0
-          end
+        def reset_failed_login_count
+          attempted_record.failed_login_count = 0
+        end
 
-          def validate_failed_logins
-            # Clear all other error messages, as they are irrelevant at this point and can
-            # only provide additional information that is not needed
-            errors.clear
-            errors.add(
-              :base,
-              I18n.t(
-                "error_messages.consecutive_failed_logins_limit_exceeded",
-                default: "Consecutive failed logins limit exceeded, account has been" +
-                  (failed_login_ban_for.zero? ? "" : " temporarily") +
-                  " disabled."
-              )
+        def validate_failed_logins
+          # Clear all other error messages, as they are irrelevant at this point and can
+          # only provide additional information that is not needed
+          errors.clear
+          errors.add(
+            :base,
+            I18n.t(
+              "error_messages.consecutive_failed_logins_limit_exceeded",
+              default: "Consecutive failed logins limit exceeded, account has been" +
+                (failed_login_ban_for.zero? ? "" : " temporarily") +
+                " disabled."
             )
-          end
+          )
+        end
 
-          def consecutive_failed_logins_limit
-            self.class.consecutive_failed_logins_limit
-          end
+        def consecutive_failed_logins_limit
+          self.class.consecutive_failed_logins_limit
+        end
 
-          def failed_login_ban_for
-            self.class.failed_login_ban_for
-          end
+        def failed_login_ban_for
+          self.class.failed_login_ban_for
+        end
       end
     end
   end

data/lib/authlogic/session/callbacks.rb

@@ -79,57 +79,71 @@ module Authlogic
         after_destroy
       ].freeze
 
-      def self.included(base) #:nodoc:
-        base.send :include, ActiveSupport::Callbacks
-
-        if Gem::Version.new(ActiveSupport::VERSION::STRING) >= Gem::Version.new("5")
-          base.define_callbacks(
-            *METHODS + [{ terminator: ->(_target, result_lambda) { result_lambda.call == false } }]
-          )
-          base.define_callbacks(
-            "persist",
-            terminator: ->(_target, result_lambda) { result_lambda.call == true }
-          )
-        else
-          base.define_callbacks(
-            *METHODS + [{ terminator: ->(_target, result) { result == false } }]
-          )
-          base.define_callbacks("persist", terminator: ->(_target, result) { result == true })
+      class << self
+        def included(base) #:nodoc:
+          base.send :include, ActiveSupport::Callbacks
+          define_session_callbacks(base)
+          define_session_callback_installation_methods(base)
         end
 
-        # Now we define the "callback installation methods". These class methods
-        # will be used by other modules to install their callbacks. Examples:
+        private
+
+        # Defines the "callback installation methods". Other modules will use
+        # these class methods to install their callbacks. Examples:
         #
         # ```
-        # # Timeout.included
+        # # session/timeout.rb, in `included`
         # before_persisting :reset_stale_state
         #
-        # # Session::Password.included
+        # # session/password.rb, in `included`
         # validate :validate_by_password, if: :authenticating_with_password?
         # ```
-        METHODS.each do |method|
-          base.class_eval <<-EOS, __FILE__, __LINE__ + 1
-            def self.#{method}(*methods, &block)
-              set_callback :#{method}, *methods, &block
-            end
-          EOS
+        def define_session_callback_installation_methods(base)
+          METHODS.each do |method|
+            base.class_eval <<-EOS, __FILE__, __LINE__ + 1
+              def self.#{method}(*filter_list, &block)
+                set_callback(:#{method}, *filter_list, &block)
+              end
+            EOS
+          end
         end
-      end
 
-      private
+        # Defines session life cycle events that support callbacks.
+        def define_session_callbacks(base)
+          if Gem::Version.new(ActiveSupport::VERSION::STRING) >= Gem::Version.new("5")
+            base.define_callbacks(
+              *METHODS,
+              terminator: ->(_target, result_lambda) { result_lambda.call == false }
+            )
+            base.define_callbacks(
+              "persist",
+              terminator: ->(_target, result_lambda) { result_lambda.call == true }
+            )
+          else
+            base.define_callbacks(
+              *METHODS,
+              terminator: ->(_target, result) { result == false }
+            )
+            base.define_callbacks(
+              "persist",
+              terminator: ->(_target, result) { result == true }
+            )
+          end
+        end
+      end
 
-        METHODS.each do |method|
-          class_eval <<-EOS, __FILE__, __LINE__ + 1
+      METHODS.each do |method|
+        class_eval <<-EOS, __FILE__, __LINE__ + 1
             def #{method}
               run_callbacks(:#{method})
             end
           EOS
-        end
+      end
 
-        def save_record(alternate_record = nil)
-          r = alternate_record || record
-          r.save_without_session_maintenance(validate: false) if r && r.changed? && !r.readonly?
-        end
+      def save_record(alternate_record = nil)
+        r = alternate_record || record
+        r.save_without_session_maintenance(validate: false) if r && r.changed? && !r.readonly?
+      end
     end
   end
 end

data/lib/authlogic/session/cookies.rb

@@ -222,65 +222,74 @@ module Authlogic
 
         private
 
-          def cookie_key
-            build_key(self.class.cookie_key)
-          end
+        def cookie_key
+          build_key(self.class.cookie_key)
+        end
 
-          def cookie_credentials
-            cookie = cookie_jar[cookie_key]
-            cookie && cookie.split("::")
-          end
+        # Returns an array of cookie elements. See cookie format in
+        # `generate_cookie_for_saving`. If no cookie is found, returns nil.
+        def cookie_credentials
+          cookie = cookie_jar[cookie_key]
+          cookie && cookie.split("::")
+        end
 
-          def cookie_jar
-            if self.class.sign_cookie
-              controller.cookies.signed
-            else
-              controller.cookies
-            end
-          end
+        # The third element of the cookie indicates whether the user wanted
+        # to be remembered (Actually, it's a timestamp, `remember_me_until`)
+        # See cookie format in `generate_cookie_for_saving`.
+        def cookie_credentials_remember_me?
+          !cookie_credentials.nil? && !cookie_credentials[2].nil?
+        end
 
-          # Tries to validate the session from information in the cookie
-          def persist_by_cookie
-            persistence_token, record_id = cookie_credentials
-            if persistence_token.present?
-              record = search_for_record("find_by_#{klass.primary_key}", record_id)
-              if record && record.persistence_token == persistence_token
-                self.unauthorized_record = record
-              end
-              valid?
-            else
-              false
-            end
+        def cookie_jar
+          if self.class.sign_cookie
+            controller.cookies.signed
+          else
+            controller.cookies
           end
+        end
 
-          def save_cookie
-            if sign_cookie?
-              controller.cookies.signed[cookie_key] = generate_cookie_for_saving
-            else
-              controller.cookies[cookie_key] = generate_cookie_for_saving
+        # Tries to validate the session from information in the cookie
+        def persist_by_cookie
+          persistence_token, record_id = cookie_credentials
+          if persistence_token.present?
+            record = search_for_record("find_by_#{klass.primary_key}", record_id)
+            if record && record.persistence_token == persistence_token
+              self.unauthorized_record = record
             end
+            valid?
+          else
+            false
           end
+        end
 
-          def generate_cookie_for_saving
-            value = format(
-              "%s::%s%s",
-              record.persistence_token,
-              record.send(record.class.primary_key),
-              remember_me? ? "::#{remember_me_until.iso8601}" : ""
-            )
-            {
-              value: value,
-              expires: remember_me_until,
-              secure: secure,
-              httponly: httponly,
-              same_site: same_site,
-              domain: controller.cookie_domain
-            }
+        def save_cookie
+          if sign_cookie?
+            controller.cookies.signed[cookie_key] = generate_cookie_for_saving
+          else
+            controller.cookies[cookie_key] = generate_cookie_for_saving
           end
+        end
 
-          def destroy_cookie
-            controller.cookies.delete cookie_key, domain: controller.cookie_domain
-          end
+        def generate_cookie_for_saving
+          value = format(
+            "%s::%s%s",
+            record.persistence_token,
+            record.send(record.class.primary_key),
+            remember_me? ? "::#{remember_me_until.iso8601}" : ""
+          )
+          {
+            value: value,
+            expires: remember_me_until,
+            secure: secure,
+            httponly: httponly,
+            same_site: same_site,
+            domain: controller.cookie_domain
+          }
+        end
+
+        def destroy_cookie
+          controller.cookies.delete cookie_key, domain: controller.cookie_domain
+        end
       end
     end
   end

data/lib/authlogic/session/foundation.rb

@@ -96,9 +96,9 @@ module Authlogic
 
         private
 
-          def build_key(last_part)
-            last_part
-          end
+        def build_key(last_part)
+          last_part
+        end
       end
     end
   end

data/lib/authlogic/session/id.rb

@@ -3,6 +3,11 @@ module Authlogic
     # Allows you to separate sessions with an id, ultimately letting you create
     # multiple sessions for the same user.
     module Id
+      def initialize(*args)
+        @id = nil
+        super
+      end
+
       def self.included(klass)
         klass.class_eval do
           attr_writer :id
@@ -39,10 +44,10 @@ module Authlogic
 
       private
 
-        # Used for things like cookie_key, session_key, etc.
-        def build_key(last_part)
-          [id, super].compact.join("_")
-        end
+      # Used for things like cookie_key, session_key, etc.
+      def build_key(last_part)
+        [id, super].compact.join("_")
+      end
     end
   end
 end

data/lib/authlogic/session/klass.rb

@@ -60,13 +60,13 @@ module Authlogic
 
         private
 
-          def klass
-            self.class.klass
-          end
+        def klass
+          self.class.klass
+        end
 
-          def klass_name
-            self.class.klass_name
-          end
+        def klass_name
+          self.class.klass_name
+        end
       end
     end
   end

data/lib/authlogic/session/magic_columns.rb

@@ -89,29 +89,17 @@ module Authlogic
           end
 
           # This method lets authlogic know whether it should allow the
-          # last_request_at field to be updated with the current time
-          # (Time.now). One thing to note here is that it also checks for the
-          # existence of a last_request_update_allowed? method in your
-          # controller. This allows you to control this method pragmatically in
-          # your controller.
+          # last_request_at field to be updated with the current time.
           #
-          # For example, what if you had a javascript function that polled the
-          # server updating how much time is left in their session before it
-          # times out. Obviously you would want to ignore this request, because
-          # then the user would never time out. So you can do something like
-          # this in your controller:
+          # See also `last_request_update_allowed?` in
+          # `Authlogic::ControllerAdapters::AbstractAdapter`
           #
-          #   def last_request_update_allowed?
-          #     action_name != "update_session_time_left"
-          #   end
-          #
-          # You can do whatever you want with that method.
+          # @api private
           def set_last_request_at?
             if !record || !klass.column_names.include?("last_request_at")
               return false
             end
-            if controller.responds_to_last_request_update_allowed? &&
-                !controller.last_request_update_allowed?
+            unless controller.last_request_update_allowed?
               return false
             end
             record.last_request_at.blank? ||

data/lib/authlogic/session/params.rb

@@ -96,7 +96,10 @@ module Authlogic
             if controller.responds_to_single_access_allowed?
               return controller.single_access_allowed?
             end
+            params_enabled_by_allowed_request_types?
+          end
 
+          def params_enabled_by_allowed_request_types?
             case single_access_allowed_request_types
             when Array
               single_access_allowed_request_types.include?(controller.request_content_type) ||