authlogic 4.4.3 → 5.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (147) hide show
  1. checksums.yaml +4 -4
  2. data/lib/authlogic.rb +4 -28
  3. data/lib/authlogic/acts_as_authentic/base.rb +3 -18
  4. data/lib/authlogic/acts_as_authentic/email.rb +3 -170
  5. data/lib/authlogic/acts_as_authentic/logged_in_status.rb +3 -1
  6. data/lib/authlogic/acts_as_authentic/login.rb +7 -174
  7. data/lib/authlogic/acts_as_authentic/magic_columns.rb +7 -4
  8. data/lib/authlogic/acts_as_authentic/password.rb +54 -253
  9. data/lib/authlogic/acts_as_authentic/perishable_token.rb +8 -5
  10. data/lib/authlogic/acts_as_authentic/persistence_token.rb +10 -4
  11. data/lib/authlogic/acts_as_authentic/queries/case_sensitivity.rb +53 -0
  12. data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +36 -20
  13. data/lib/authlogic/acts_as_authentic/session_maintenance.rb +8 -6
  14. data/lib/authlogic/acts_as_authentic/single_access_token.rb +10 -8
  15. data/lib/authlogic/config.rb +9 -1
  16. data/lib/authlogic/controller_adapters/abstract_adapter.rb +7 -4
  17. data/lib/authlogic/controller_adapters/rack_adapter.rb +2 -0
  18. data/lib/authlogic/controller_adapters/rails_adapter.rb +6 -29
  19. data/lib/authlogic/controller_adapters/sinatra_adapter.rb +6 -0
  20. data/lib/authlogic/cookie_credentials.rb +63 -0
  21. data/lib/authlogic/crypto_providers.rb +5 -20
  22. data/lib/authlogic/crypto_providers/bcrypt.rb +3 -3
  23. data/lib/authlogic/crypto_providers/md5.rb +3 -6
  24. data/lib/authlogic/crypto_providers/scrypt.rb +2 -0
  25. data/lib/authlogic/crypto_providers/sha1.rb +4 -6
  26. data/lib/authlogic/crypto_providers/sha256.rb +2 -0
  27. data/lib/authlogic/crypto_providers/sha512.rb +6 -5
  28. data/lib/authlogic/i18n.rb +3 -1
  29. data/lib/authlogic/i18n/translator.rb +3 -0
  30. data/lib/authlogic/random.rb +2 -0
  31. data/lib/authlogic/session/base.rb +2087 -39
  32. data/lib/authlogic/session/magic_column/assigns_last_request_at.rb +46 -0
  33. data/lib/authlogic/test_case.rb +4 -0
  34. data/lib/authlogic/test_case/mock_controller.rb +2 -0
  35. data/lib/authlogic/test_case/mock_cookie_jar.rb +7 -35
  36. data/lib/authlogic/test_case/mock_logger.rb +2 -0
  37. data/lib/authlogic/test_case/mock_request.rb +2 -0
  38. data/lib/authlogic/test_case/rails_request_adapter.rb +2 -0
  39. data/lib/authlogic/version.rb +2 -1
  40. metadata +136 -182
  41. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -28
  42. data/.github/ISSUE_TEMPLATE/feature_proposal.md +0 -32
  43. data/.github/triage.md +0 -86
  44. data/.gitignore +0 -15
  45. data/.rubocop.yml +0 -133
  46. data/.rubocop_todo.yml +0 -74
  47. data/.travis.yml +0 -24
  48. data/CHANGELOG.md +0 -336
  49. data/CONTRIBUTING.md +0 -91
  50. data/Gemfile +0 -6
  51. data/LICENSE +0 -20
  52. data/README.md +0 -439
  53. data/Rakefile +0 -21
  54. data/UPGRADING.md +0 -22
  55. data/authlogic.gemspec +0 -40
  56. data/doc/use_normal_rails_validation.md +0 -82
  57. data/gemfiles/Gemfile.rails-4.2.x +0 -6
  58. data/gemfiles/Gemfile.rails-5.1.x +0 -6
  59. data/gemfiles/Gemfile.rails-5.2.x +0 -6
  60. data/lib/authlogic/acts_as_authentic/restful_authentication.rb +0 -106
  61. data/lib/authlogic/acts_as_authentic/validations_scope.rb +0 -35
  62. data/lib/authlogic/authenticates_many/association.rb +0 -50
  63. data/lib/authlogic/authenticates_many/base.rb +0 -81
  64. data/lib/authlogic/crypto_providers/aes256.rb +0 -71
  65. data/lib/authlogic/crypto_providers/wordpress.rb +0 -72
  66. data/lib/authlogic/regex.rb +0 -79
  67. data/lib/authlogic/session/activation.rb +0 -73
  68. data/lib/authlogic/session/active_record_trickery.rb +0 -65
  69. data/lib/authlogic/session/brute_force_protection.rb +0 -127
  70. data/lib/authlogic/session/callbacks.rb +0 -153
  71. data/lib/authlogic/session/cookies.rb +0 -329
  72. data/lib/authlogic/session/existence.rb +0 -103
  73. data/lib/authlogic/session/foundation.rb +0 -105
  74. data/lib/authlogic/session/http_auth.rb +0 -107
  75. data/lib/authlogic/session/id.rb +0 -53
  76. data/lib/authlogic/session/klass.rb +0 -73
  77. data/lib/authlogic/session/magic_columns.rb +0 -119
  78. data/lib/authlogic/session/magic_states.rb +0 -82
  79. data/lib/authlogic/session/params.rb +0 -130
  80. data/lib/authlogic/session/password.rb +0 -318
  81. data/lib/authlogic/session/perishable_token.rb +0 -24
  82. data/lib/authlogic/session/persistence.rb +0 -77
  83. data/lib/authlogic/session/priority_record.rb +0 -38
  84. data/lib/authlogic/session/scopes.rb +0 -138
  85. data/lib/authlogic/session/session.rb +0 -77
  86. data/lib/authlogic/session/timeout.rb +0 -103
  87. data/lib/authlogic/session/unauthorized_record.rb +0 -56
  88. data/lib/authlogic/session/validation.rb +0 -93
  89. data/test/acts_as_authentic_test/base_test.rb +0 -27
  90. data/test/acts_as_authentic_test/email_test.rb +0 -241
  91. data/test/acts_as_authentic_test/logged_in_status_test.rb +0 -64
  92. data/test/acts_as_authentic_test/login_test.rb +0 -153
  93. data/test/acts_as_authentic_test/magic_columns_test.rb +0 -29
  94. data/test/acts_as_authentic_test/password_test.rb +0 -263
  95. data/test/acts_as_authentic_test/perishable_token_test.rb +0 -98
  96. data/test/acts_as_authentic_test/persistence_token_test.rb +0 -62
  97. data/test/acts_as_authentic_test/restful_authentication_test.rb +0 -48
  98. data/test/acts_as_authentic_test/session_maintenance_test.rb +0 -150
  99. data/test/acts_as_authentic_test/single_access_test.rb +0 -46
  100. data/test/adapter_test.rb +0 -23
  101. data/test/authenticates_many_test.rb +0 -33
  102. data/test/config_test.rb +0 -38
  103. data/test/crypto_provider_test/aes256_test.rb +0 -16
  104. data/test/crypto_provider_test/bcrypt_test.rb +0 -16
  105. data/test/crypto_provider_test/scrypt_test.rb +0 -16
  106. data/test/crypto_provider_test/sha1_test.rb +0 -25
  107. data/test/crypto_provider_test/sha256_test.rb +0 -16
  108. data/test/crypto_provider_test/sha512_test.rb +0 -16
  109. data/test/crypto_provider_test/wordpress_test.rb +0 -26
  110. data/test/fixtures/companies.yml +0 -5
  111. data/test/fixtures/employees.yml +0 -17
  112. data/test/fixtures/projects.yml +0 -3
  113. data/test/fixtures/users.yml +0 -41
  114. data/test/i18n/lol.yml +0 -4
  115. data/test/i18n_test.rb +0 -35
  116. data/test/libs/affiliate.rb +0 -9
  117. data/test/libs/company.rb +0 -8
  118. data/test/libs/employee.rb +0 -9
  119. data/test/libs/employee_session.rb +0 -4
  120. data/test/libs/ldaper.rb +0 -5
  121. data/test/libs/project.rb +0 -5
  122. data/test/libs/user.rb +0 -9
  123. data/test/libs/user_session.rb +0 -27
  124. data/test/random_test.rb +0 -15
  125. data/test/session_test/activation_test.rb +0 -45
  126. data/test/session_test/active_record_trickery_test.rb +0 -78
  127. data/test/session_test/brute_force_protection_test.rb +0 -110
  128. data/test/session_test/callbacks_test.rb +0 -42
  129. data/test/session_test/cookies_test.rb +0 -242
  130. data/test/session_test/credentials_test.rb +0 -0
  131. data/test/session_test/existence_test.rb +0 -88
  132. data/test/session_test/foundation_test.rb +0 -24
  133. data/test/session_test/http_auth_test.rb +0 -60
  134. data/test/session_test/id_test.rb +0 -19
  135. data/test/session_test/klass_test.rb +0 -42
  136. data/test/session_test/magic_columns_test.rb +0 -62
  137. data/test/session_test/magic_states_test.rb +0 -60
  138. data/test/session_test/params_test.rb +0 -61
  139. data/test/session_test/password_test.rb +0 -107
  140. data/test/session_test/perishability_test.rb +0 -17
  141. data/test/session_test/persistence_test.rb +0 -35
  142. data/test/session_test/scopes_test.rb +0 -68
  143. data/test/session_test/session_test.rb +0 -80
  144. data/test/session_test/timeout_test.rb +0 -84
  145. data/test/session_test/unauthorized_record_test.rb +0 -15
  146. data/test/session_test/validation_test.rb +0 -25
  147. data/test/test_helper.rb +0 -272
@@ -1,9 +1,12 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Authlogic
2
4
  module ActsAsAuthentic
3
- # Magic columns are like ActiveRecord's created_at and updated_at columns. They are
4
- # "magically" maintained for you. Authlogic has the same thing, but these are
5
- # maintained on the session side. Please see Authlogic::Session::MagicColumns for more
6
- # details. This module merely adds validations for the magic columns if they exist.
5
+ # Magic columns are like ActiveRecord's created_at and updated_at columns.
6
+ # They are "magically" maintained for you. Authlogic has the same thing, but
7
+ # these are maintained on the session side. Please see "Magic Columns" in
8
+ # `Session::Base` for more details. This module merely adds validations for
9
+ # the magic columns if they exist.
7
10
  module MagicColumns
8
11
  def self.included(klass)
9
12
  klass.class_eval do
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Authlogic
2
4
  module ActsAsAuthentic
3
5
  # This module has a lot of neat functionality. It is responsible for encrypting your
@@ -31,7 +33,7 @@ module Authlogic
31
33
  )
32
34
  )
33
35
  end
34
- alias_method :crypted_password_field=, :crypted_password_field
36
+ alias crypted_password_field= crypted_password_field
35
37
 
36
38
  # The name of the password_salt field in the database.
37
39
  #
@@ -44,7 +46,7 @@ module Authlogic
44
46
  first_column_to_exist(nil, :password_salt, :pw_salt, :salt)
45
47
  )
46
48
  end
47
- alias_method :password_salt_field=, :password_salt_field
49
+ alias password_salt_field= password_salt_field
48
50
 
49
51
  # Whether or not to require a password confirmation. If you don't want your users
50
52
  # to confirm their password just set this to false.
@@ -54,7 +56,7 @@ module Authlogic
54
56
  def require_password_confirmation(value = nil)
55
57
  rw_config(:require_password_confirmation, value, true)
56
58
  end
57
- alias_method :require_password_confirmation=, :require_password_confirmation
59
+ alias require_password_confirmation= require_password_confirmation
58
60
 
59
61
  # By default passwords are required when a record is new or the crypted_password
60
62
  # is blank, but if both of these things are met a password is not required. In
@@ -73,7 +75,7 @@ module Authlogic
73
75
  def ignore_blank_passwords(value = nil)
74
76
  rw_config(:ignore_blank_passwords, value, true)
75
77
  end
76
- alias_method :ignore_blank_passwords=, :ignore_blank_passwords
78
+ alias ignore_blank_passwords= ignore_blank_passwords
77
79
 
78
80
  # When calling valid_password?("some pass") do you want to check that password
79
81
  # against what's in that object or whats in the database. Take this example:
@@ -91,143 +93,7 @@ module Authlogic
91
93
  def check_passwords_against_database(value = nil)
92
94
  rw_config(:check_passwords_against_database, value, true)
93
95
  end
94
- alias_method :check_passwords_against_database=, :check_passwords_against_database
95
-
96
- # Whether or not to validate the password field.
97
- #
98
- # * <tt>Default:</tt> true
99
- # * <tt>Accepts:</tt> Boolean
100
- #
101
- # @deprecated
102
- def validate_password_field(value = nil)
103
- rw_config(:validate_password_field, value, true)
104
- end
105
- alias_method :validate_password_field=, :validate_password_field
106
-
107
- # A hash of options for the validates_length_of call for the password field.
108
- # Allows you to change this however you want.
109
- #
110
- # **Keep in mind this is ruby. I wanted to keep this as flexible as
111
- # possible, so you can completely replace the hash or merge options into
112
- # it. Checkout the convenience function
113
- # merge_validates_length_of_password_field_options to merge options.**
114
- #
115
- # * <tt>Default:</tt> {:minimum => 8, :if => :require_password?}
116
- # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
117
- #
118
- # @deprecated
119
- def validates_length_of_password_field_options(value = nil)
120
- deprecate_authlogic_config("validates_length_of_password_field_options") if value
121
- rw_config(
122
- :validates_length_of_password_field_options,
123
- value,
124
- minimum: 8,
125
- if: :require_password?
126
- )
127
- end
128
- alias_method(
129
- :validates_length_of_password_field_options=,
130
- :validates_length_of_password_field_options
131
- )
132
-
133
- # A convenience function to merge options into the
134
- # validates_length_of_login_field_options. So instead of:
135
- #
136
- # self.validates_length_of_password_field_options =
137
- # validates_length_of_password_field_options.merge(:my_option => my_value)
138
- #
139
- # You can do this:
140
- #
141
- # merge_validates_length_of_password_field_options :my_option => my_value
142
- #
143
- # @deprecated
144
- def merge_validates_length_of_password_field_options(options = {})
145
- deprecate_authlogic_config(
146
- "merge_validates_length_of_password_field_options"
147
- )
148
- self.validates_length_of_password_field_options =
149
- validates_length_of_password_field_options.merge(options)
150
- end
151
-
152
- # A hash of options for the validates_confirmation_of call for the
153
- # password field. Allows you to change this however you want.
154
- #
155
- # **Keep in mind this is ruby. I wanted to keep this as flexible as
156
- # possible, so you can completely replace the hash or merge options into
157
- # it. Checkout the convenience function
158
- # merge_validates_length_of_password_field_options to merge options.**
159
- #
160
- # * <tt>Default:</tt> {:if => :require_password?}
161
- # * <tt>Accepts:</tt> Hash of options accepted by validates_confirmation_of
162
- #
163
- # @deprecated
164
- def validates_confirmation_of_password_field_options(value = nil)
165
- if value
166
- deprecate_authlogic_config(
167
- "validates_confirmation_of_password_field_options"
168
- )
169
- end
170
- rw_config(
171
- :validates_confirmation_of_password_field_options,
172
- value,
173
- if: :require_password?
174
- )
175
- end
176
- alias_method :validates_confirmation_of_password_field_options=,
177
- :validates_confirmation_of_password_field_options
178
-
179
- # See merge_validates_length_of_password_field_options. The same thing, except for
180
- # validates_confirmation_of_password_field_options
181
- #
182
- # @deprecated
183
- def merge_validates_confirmation_of_password_field_options(options = {})
184
- deprecate_authlogic_config(
185
- "merge_validates_confirmation_of_password_field_options"
186
- )
187
- self.validates_confirmation_of_password_field_options =
188
- validates_confirmation_of_password_field_options.merge(options)
189
- end
190
-
191
- # A hash of options for the validates_length_of call for the password_confirmation
192
- # field. Allows you to change this however you want.
193
- #
194
- # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so
195
- # you can completely replace the hash or merge options into it. Checkout the
196
- # convenience function merge_validates_length_of_password_field_options to merge
197
- # options.</b>
198
- #
199
- # * <tt>Default:</tt> validates_length_of_password_field_options
200
- # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
201
- #
202
- # @deprecated
203
- def validates_length_of_password_confirmation_field_options(value = nil)
204
- if value
205
- deprecate_authlogic_config(
206
- "validates_length_of_password_confirmation_field_options"
207
- )
208
- end
209
- rw_config(
210
- :validates_length_of_password_confirmation_field_options,
211
- value,
212
- validates_length_of_password_field_options
213
- )
214
- end
215
- alias_method(
216
- :validates_length_of_password_confirmation_field_options=,
217
- :validates_length_of_password_confirmation_field_options
218
- )
219
-
220
- # See merge_validates_length_of_password_field_options. The same thing, except for
221
- # validates_length_of_password_confirmation_field_options
222
- #
223
- # @deprecated
224
- def merge_validates_length_of_password_confirmation_field_options(options = {})
225
- deprecate_authlogic_config(
226
- "merge_validates_length_of_password_confirmation_field_options"
227
- )
228
- self.validates_length_of_password_confirmation_field_options =
229
- validates_length_of_password_confirmation_field_options.merge(options)
230
- end
96
+ alias check_passwords_against_database= check_passwords_against_database
231
97
 
232
98
  # The class you want to use to encrypt and verify your encrypted
233
99
  # passwords. See the Authlogic::CryptoProviders module for more info on
@@ -236,7 +102,8 @@ module Authlogic
236
102
  # The family of adaptive hash functions (BCrypt, SCrypt, PBKDF2) is the
237
103
  # best choice for password storage today. We recommend SCrypt. Other
238
104
  # one-way functions like SHA512 are inferior, but widely used.
239
- # Reverisbile functions like AES256 are the worst choice.
105
+ # Reverisbile functions like AES256 are the worst choice, and we no
106
+ # longer support them.
240
107
  #
241
108
  # You can use the `transition_from_crypto_providers` option to gradually
242
109
  # transition to a better crypto provider without causing your users any
@@ -248,7 +115,7 @@ module Authlogic
248
115
  CryptoProviders::Guidance.new(value).impart_wisdom
249
116
  rw_config(:crypto_provider, value, CryptoProviders::SCrypt)
250
117
  end
251
- alias_method :crypto_provider=, :crypto_provider
118
+ alias crypto_provider= crypto_provider
252
119
 
253
120
  # Let's say you originally encrypted your passwords with Sha1. Sha1 is
254
121
  # starting to join the party with MD5 and you want to switch to
@@ -274,46 +141,24 @@ module Authlogic
274
141
  []
275
142
  )
276
143
  end
277
- alias_method :transition_from_crypto_providers=, :transition_from_crypto_providers
144
+ alias transition_from_crypto_providers= transition_from_crypto_providers
278
145
  end
279
146
 
280
147
  # Callbacks / hooks to allow other modules to modify the behavior of this module.
281
148
  module Callbacks
282
149
  # Does the order of this array matter?
283
150
  METHODS = %w[
284
- before_password_set
285
- after_password_set
286
- before_password_verification
287
- after_password_verification
151
+ password_set
152
+ password_verification
288
153
  ].freeze
289
154
 
290
155
  def self.included(klass)
291
156
  return if klass.crypted_password_field.nil?
292
- klass.define_callbacks(*METHODS)
293
-
294
- # If Rails 3, support the new callback syntax
295
- if klass.singleton_class.method_defined?(:set_callback)
296
- METHODS.each do |method|
297
- klass.class_eval <<-EOS, __FILE__, __LINE__ + 1
298
- def self.#{method}(*methods, &block)
299
- set_callback :#{method}, *methods, &block
300
- end
301
- EOS
302
- end
157
+ klass.send :extend, ActiveModel::Callbacks
158
+ METHODS.each do |method|
159
+ klass.define_model_callbacks method, only: %i[before after]
303
160
  end
304
161
  end
305
-
306
- # TODO: Ideally, once this module is included, the included copies of
307
- # the following methods would be private. This cannot be accomplished
308
- # by using calling `private` here in the module. Maybe we can set the
309
- # privacy inside `included`?
310
- METHODS.each do |method|
311
- class_eval <<-EOS, __FILE__, __LINE__ + 1
312
- def #{method}
313
- run_callbacks(:#{method}) { |result, object| result == false }
314
- end
315
- EOS
316
- end
317
162
  end
318
163
 
319
164
  # The methods related to the password field.
@@ -323,22 +168,6 @@ module Authlogic
323
168
 
324
169
  klass.class_eval do
325
170
  include InstanceMethods
326
-
327
- if validate_password_field
328
- validates_length_of :password, validates_length_of_password_field_options
329
-
330
- if require_password_confirmation
331
- validates_confirmation_of(
332
- :password,
333
- validates_confirmation_of_password_field_options
334
- )
335
- validates_length_of(
336
- :password_confirmation,
337
- validates_length_of_password_confirmation_field_options
338
- )
339
- end
340
- end
341
-
342
171
  after_save :reset_password_changed
343
172
  end
344
173
  end
@@ -355,20 +184,17 @@ module Authlogic
355
184
  # create new password salt as well as encrypt the password.
356
185
  def password=(pass)
357
186
  return if ignore_blank_passwords? && pass.blank?
358
- before_password_set
359
- @password = pass
360
- if password_salt_field
361
- send("#{password_salt_field}=", Authlogic::Random.friendly_token)
362
- end
363
- encryptor_args_type = act_like_restful_authentication? ? :restful_authentication : nil
364
- send(
365
- "#{crypted_password_field}=",
366
- crypto_provider.encrypt(
367
- *encrypt_arguments(@password, false, encryptor_args_type)
187
+ run_callbacks :password_set do
188
+ @password = pass
189
+ if password_salt_field
190
+ send("#{password_salt_field}=", Authlogic::Random.friendly_token)
191
+ end
192
+ send(
193
+ "#{crypted_password_field}=",
194
+ crypto_provider.encrypt(*encrypt_arguments(@password, false))
368
195
  )
369
- )
370
- @password_changed = true
371
- after_password_set
196
+ @password_changed = true
197
+ end
372
198
  end
373
199
 
374
200
  # Accepts a raw password to determine if it is the correct password.
@@ -384,24 +210,23 @@ module Authlogic
384
210
  )
385
211
  crypted = crypted_password_to_validate_against(check_against_database)
386
212
  return false if attempted_password.blank? || crypted.blank?
387
- before_password_verification
388
-
389
- crypto_providers.each_with_index do |encryptor, index|
390
- next unless encryptor_matches?(
391
- crypted,
392
- encryptor,
393
- index,
394
- attempted_password,
395
- check_against_database
396
- )
397
- if transition_password?(index, encryptor, check_against_database)
398
- transition_password(attempted_password)
213
+ run_callbacks :password_verification do
214
+ crypto_providers.each_with_index.any? do |encryptor, index|
215
+ if encryptor_matches?(
216
+ crypted,
217
+ encryptor,
218
+ attempted_password,
219
+ check_against_database
220
+ )
221
+ if transition_password?(index, encryptor, check_against_database)
222
+ transition_password(attempted_password)
223
+ end
224
+ true
225
+ else
226
+ false
227
+ end
399
228
  end
400
- after_password_verification
401
- return true
402
229
  end
403
-
404
- false
405
230
  end
406
231
 
407
232
  # Resets the password to a random friendly token.
@@ -410,20 +235,20 @@ module Authlogic
410
235
  self.password = friendly_token
411
236
  self.password_confirmation = friendly_token if self.class.require_password_confirmation
412
237
  end
413
- alias_method :randomize_password, :reset_password
238
+ alias randomize_password reset_password
414
239
 
415
240
  # Resets the password to a random friendly token and then saves the record.
416
241
  def reset_password!
417
242
  reset_password
418
243
  save_without_session_maintenance(validate: false)
419
244
  end
420
- alias_method :randomize_password!, :reset_password!
245
+ alias randomize_password! reset_password!
421
246
 
422
247
  private
423
248
 
424
249
  def crypted_password_to_validate_against(check_against_database)
425
- if check_against_database && send("#{crypted_password_field}_changed?")
426
- send("#{crypted_password_field}_was")
250
+ if check_against_database && send("will_save_change_to_#{crypted_password_field}?")
251
+ send("#{crypted_password_field}_in_database")
427
252
  else
428
253
  send(crypted_password_field)
429
254
  end
@@ -439,53 +264,28 @@ module Authlogic
439
264
 
440
265
  # Returns an array of arguments to be passed to a crypto provider, either its
441
266
  # `matches?` or its `encrypt` method.
442
- def encrypt_arguments(raw_password, check_against_database, arguments_type = nil)
267
+ def encrypt_arguments(raw_password, check_against_database)
443
268
  salt = nil
444
269
  if password_salt_field
445
270
  salt =
446
- if check_against_database && send("#{password_salt_field}_changed?")
447
- send("#{password_salt_field}_was")
271
+ if check_against_database && send("will_save_change_to_#{password_salt_field}?")
272
+ send("#{password_salt_field}_in_database")
448
273
  else
449
274
  send(password_salt_field)
450
275
  end
451
276
  end
452
-
453
- case arguments_type
454
- when :restful_authentication
455
- [REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact
456
- when nil
457
- [raw_password, salt].compact
458
- else
459
- raise "Invalid encryptor arguments_type: #{arguments_type}"
460
- end
277
+ [raw_password, salt].compact
461
278
  end
462
279
 
463
280
  # Given `encryptor`, does `attempted_password` match the `crypted` password?
464
- def encryptor_matches?(
465
- crypted,
466
- encryptor,
467
- index,
468
- attempted_password,
469
- check_against_database
470
- )
471
- # The arguments_type for the transitioning from restful_authentication
472
- acting_restful = act_like_restful_authentication? && index.zero?
473
- transitioning = transition_from_restful_authentication? &&
474
- index > 0 &&
475
- encryptor == Authlogic::CryptoProviders::Sha1
476
- restful = acting_restful || transitioning
477
- arguments_type = restful ? :restful_authentication : nil
478
- encryptor_args = encrypt_arguments(
479
- attempted_password,
480
- check_against_database,
481
- arguments_type
482
- )
281
+ def encryptor_matches?(crypted, encryptor, attempted_password, check_against_database)
282
+ encryptor_args = encrypt_arguments(attempted_password, check_against_database)
483
283
  encryptor.matches?(crypted, *encryptor_args)
484
284
  end
485
285
 
486
286
  # Determines if we need to transition the password.
487
287
  #
488
- # - If the index > 0 then we are using an "transition from" crypto
288
+ # - If the index > 0 then we are using a "transition from" crypto
489
289
  # provider.
490
290
  # - If the encryptor has a cost and the cost it outdated.
491
291
  # - If we aren't using database values
@@ -499,7 +299,7 @@ module Authlogic
499
299
  ) &&
500
300
  (
501
301
  !check_against_database ||
502
- !send("#{crypted_password_field}_changed?")
302
+ !send("will_save_change_to_#{crypted_password_field}?")
503
303
  )
504
304
  end
505
305
 
@@ -509,6 +309,7 @@ module Authlogic
509
309
  end
510
310
 
511
311
  def require_password?
312
+ # this is _not_ the activemodel changed? method, see below
512
313
  new_record? || password_changed? || send(crypted_password_field).blank?
513
314
  end
514
315