authlogic 4.5.0 → 5.0.0

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,28 +0,0 @@
----
-name: I want to fix a bug, but need some help
-about: >
-  If the bug is easy to reproduce, we will help. However, you must fix the bug,
-  in a reasonable amount of time, or your issue will be closed. See
-  CONTRIBUTING.md
-
----
-
-- [ ] This is not a usage question.
-  - Our volunteers' time is limited, so please ask usage questions on
-    [StackOverflow](http://stackoverflow.com/questions/tagged/authlogic).
-- [ ] This is not a security issue.
-  - Do not disclose security issues in public. See our [contributing
-    guide](https://github.com/binarylogic/authlogic/blob/master/CONTRIBUTING.md)
-    for instructions.
-- [ ] This is a reproducible bug, and I am committed to fixing it in
-  a reasonable amount of time.
-- [ ] If I cannot fix this bug in a reasonable amount of time, I understand
-  this issue will be closed.
-
-# Expected Behavior
-
-Describe.
-
-# Actual Behavior
-
-Describe.

data/.github/ISSUE_TEMPLATE/feature_proposal.md

@@ -1,32 +0,0 @@
----
-name: Feature Proposal
-about: >
-  Propose something that you would like to build. We'll help, but you must build
-  it yourself, in a reasonable amount of time, or your issue will be closed. See
-  CONTRIBUTING.md
-
----
-
-- [ ] This is not a usage question.
-  - Our volunteers' time is limited, so please ask usage questions on
-    [StackOverflow](http://stackoverflow.com/questions/tagged/authlogic).
-- [ ] This is not a security issue.
-  - Do not disclose security issues in public. See our [contributing
-    guide](https://github.com/binarylogic/authlogic/blob/master/CONTRIBUTING.md)
-    for instructions.
-- [ ] I am committed to implementing this feature in a reasonable amount of time.
-- [ ] If I cannot implement this feature in a reasonable amount of time, I
-  understand this issue will be closed.
-
-# Current Behavior
-
-Describe.
-
-# Proposed Behavior
-
-Describe.
-
-# Proposed Solution
-
-It's OK if you don't have a solution, we can help with that. But, whatever
-solution we decide on, you must build yourself, in a reasonable amount of time.

data/.github/triage.md

@@ -1,86 +0,0 @@
-# Triage
-
-Common responses to issues.
-
-## Usage question we were able to answer
-
-```
-If that doesn't answer your question, please ask a new question
-on [stackoverflow][1]. Unfortunatley, we just don't have enough volunteers to
-handle usage questions on github.
-
-Also, please check the [reference documentation][2]. You might find something
-there that's not in the readme.
-
-Thanks!
-
-[1]: http://stackoverflow.com/questions/tagged/authlogic
-[2]: https://github.com/binarylogic/authlogic#1c-reference-documentation
-```
-
-## Old issue, generic
-
-```
-Hello, I'm going through old authlogic issues and seeing what to do with them.
-Skimming through this, it's unclear if it's a usage question, a feature
-suggestion, or a bug report.
-
-If this is a bug report, and you can still reproduce this issue with a clean
-install of the latest version of authlogic and rails (currently 3.6.0 and 5.1.4
-respectively), please create a git repo with a sample app that reproduces the
-problem, and open a new issue.
-
-If this is a feature suggestion, it's still relevant, and you are committed to
-implementing it, please open a new issue and we can discuss your implementation
-plan.
-
-If this is a usage question, please ask it on [stackoverflow][1]. Unfortunatley,
-we just don't have enough volunteers to handle usage questions on github. Also,
-please check the [reference documentation][2]. You might find something there
-that's not in the readme.
-
-Thanks!
-
-[1]: http://stackoverflow.com/questions/tagged/authlogic
-[2]: https://github.com/binarylogic/authlogic#1c-reference-documentation
-```
-
-## Old issue, usage question / feature suggestion
-
-```
-Hello, I'm going through old authlogic issues and seeing what to do with them.
-This one looks a bit like a usage question and a bit like a feature suggestion.
-
-If this is a feature suggestion, it's still relevant, and you are committed to
-implementing it, please open a new issue and we can discuss your implementation
-plan.
-
-If this is a usage question, please ask it on [stackoverflow][1]. Unfortunatley,
-we just don't have enough volunteers to handle usage questions on github. Also,
-please check the [reference documentation][2]. You might find something there
-that's not in the readme.
-
-Thanks!
-
-[1]: http://stackoverflow.com/questions/tagged/authlogic
-[2]: https://github.com/binarylogic/authlogic#1c-reference-documentation
-```
-
-## Old issue, bug report
-
-```
-Hello, I'm going through old authlogic issues and seeing what to do with them.
-This one looks like a bug report.
-
-If you can still reproduce this issue with a clean install of the latest version
-of authlogic and rails, please create a git repo with a sample app that
-reproduces the problem, and open a new issue.
-
-If this was more of a usage question than a bug report, please ask your question
-on [stackoverflow][1]. Unfortunatley, we just don't have enough volunteers to
-handle usage questions on github.
-
-Thanks!
-
-[1]: http://stackoverflow.com/questions/tagged/authlogic
-```

data/.gitignore

@@ -1,15 +0,0 @@
-.DS_Store
-.swp
-*.gem
-*.log
-*.sqlite3
-pkg/*
-coverage/*
-benchmarks/*
-.rvmrc
-gemfiles/Gemfile*.lock
-.bundle
-Gemfile.lock
-.ruby-gemset
-.ruby-version
-.byebug_history

data/.rubocop.yml

@@ -1,133 +0,0 @@
-inherit_from: .rubocop_todo.yml
-
-AllCops:
-  Exclude:
-    # TravisCI runs `bundle install --path=${BUNDLE_PATH:-vendor/bundle}`
-    # causing our bundle to be installed in `gemfiles/vendor/bundle`.
-    # Regardless, we have no interest in linting files in our bundle :D
-    - gemfiles/vendor/bundle/**/*
-  # Specify lowest supported ruby version. If we committed our .ruby-version
-  # file, we wouldn't have to specify this (https://bit.ly/2vNTsue), but we
-  # don't commit that file because that would interfere with testing multiple
-  # rubies on CI.
-  TargetRubyVersion: 2.3
-
-# Please use normal indentation when aligning parameters.
-#
-# Good:
-#
-#     method_call(
-#       a,
-#       b
-#     )
-#
-#     method_call(a,
-#       b
-#     )
-#
-# Bad:
-#
-#     method_call(a,
-#                 b)
-#
-# The latter is harder to maintain and uses too much horizontal space.
-Layout/AlignParameters:
-  EnforcedStyle: with_fixed_indentation
-
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-
-Layout/MultilineOperationIndentation:
-  EnforcedStyle: indented
-
-Metrics/AbcSize:
-  Exclude:
-    # crypto_providers/wordpress is deprecated so we will not attempt to
-    # improve its quality.
-    - lib/authlogic/crypto_providers/wordpress.rb
-    # In an ideal world tests would be held to the same ABC metric as production
-    # code. In practice, time spent doing so is not nearly as valuable as
-    # spending the same time improving production code.
-    - test/**/*
-
-# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
-Metrics/BlockLength:
-  Enabled: false
-
-# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
-Metrics/ClassLength:
-  Enabled: false
-
-Metrics/CyclomaticComplexity:
-  Exclude:
-    # crypto_providers/wordpress is deprecated so we will not attempt to
-    # improve its quality.
-    - lib/authlogic/crypto_providers/wordpress.rb
-
-# Aim for 80, but 100 is OK.
-Metrics/LineLength:
-  Max: 100
-
-# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
-Metrics/MethodLength:
-  Enabled: false
-
-# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
-Metrics/ModuleLength:
-  Enabled: false
-
-# Sometimes prefixing a method name with get_ or set_ is a reasonable choice.
-Naming/AccessorMethodName:
-  Enabled: false
-
-# Having a consistent delimiter, like EOS, improves reading speed. The delimiter
-# is syntactic noise, just like a quotation mark, and inconsistent naming would
-# hurt reading speed, just as inconsistent quoting would.
-Naming/HeredocDelimiterNaming:
-  Enabled: false
-
-# Avoid single-line method definitions.
-Style/EmptyMethod:
-  EnforcedStyle: expanded
-
-# Avoid annotated tokens except in desperately complicated format strings.
-# In 99% of format strings they actually make it less readable.
-Style/FormatStringToken:
-  Enabled: false
-
-# Too subtle to lint. Guard clauses are great, use them if they help.
-Style/GuardClause:
-  Enabled: false
-
-# Too subtle to lint. A multi-line conditional may improve readability, even if
-# a postfix conditional would satisfy `Metrics/LineLength`.
-Style/IfUnlessModifier:
-  Enabled: false
-
-# Too subtle to lint. Use semantic style, but prefer `}.x` over `end.x`.
-Style/BlockDelimiters:
-  Enabled: false
-
-# Use the nested style because it is safer. It is easier to make mistakes with
-# the compact style.
-Style/ClassAndModuleChildren:
-  EnforcedStyle: nested
-
-# Both `module_function` and `extend_self` are legitimate. Most importantly,
-# they are different (http://bit.ly/2hSQAGm)
-Style/ModuleFunction:
-  Enabled: false
-
-# The decision of when to use slashes `/foo/` or percent-r `%r{foo}` is too
-# subtle to lint. Use whichever requires fewer backslash escapes.
-Style/RegexpLiteral:
-  AllowInnerSlashes: true
-
-# We use words, like `$LOAD_PATH`, because they are much less confusing that
-# arcane symbols like `$:`. Unfortunately, we must then `require "English"` in
-# a few places, but it's worth it so that we can read our code.
-Style/SpecialGlobalVars:
-  EnforcedStyle: use_english_names
-
-Style/StringLiterals:
-  EnforcedStyle: double_quotes

data/.rubocop_todo.yml

@@ -1,74 +0,0 @@
-# This configuration was generated by
-# `rubocop --auto-gen-config`
-# on 2018-05-22 23:50:03 -0400 using RuboCop version 0.56.0.
-# The point is for the user to remove these configuration records
-# one by one as the offenses are removed from the code base.
-# Note that changes in the inspected code, or installation of new
-# versions of RuboCop, may require this file to be generated again.
-
-# Offense count: 10
-Metrics/AbcSize:
-  Max: 18.5
-
-# Offense count: 59
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: prefer_alias, prefer_alias_method
-Style/Alias:
-  Enabled: false
-
-# Offense count: 5
-Style/ClassVars:
-  Exclude:
-    - 'lib/authlogic/i18n.rb'
-
-# Offense count: 22
-Style/Documentation:
-  Exclude:
-    # Permanent
-    - 'test/**/*'
-
-    # TODO
-    - 'lib/authlogic/config.rb'
-    - 'lib/authlogic/controller_adapters/sinatra_adapter.rb'
-    - 'lib/authlogic/crypto_providers.rb'
-    - 'lib/authlogic/i18n/translator.rb'
-    - 'lib/authlogic/session/activation.rb'
-    - 'lib/authlogic/session/active_record_trickery.rb'
-    - 'lib/authlogic/session/existence.rb'
-    - 'lib/authlogic/session/foundation.rb'
-    - 'lib/authlogic/session/klass.rb'
-    - 'lib/authlogic/session/persistence.rb'
-    - 'lib/authlogic/session/scopes.rb'
-    - 'lib/authlogic/test_case.rb'
-    - 'lib/authlogic/test_case/mock_cookie_jar.rb'
-    - 'lib/authlogic/version.rb'
-
-Style/FrozenStringLiteralComment:
-  Exclude:
-    # Freezing strings in lib would be a breaking change. We'll have to wait
-    # for the next major version.
-    - lib/**/*
-
-# Offense count: 4
-Style/MethodMissingSuper:
-  Exclude:
-    - 'lib/authlogic/controller_adapters/abstract_adapter.rb'
-    - 'lib/authlogic/controller_adapters/sinatra_adapter.rb'
-    - 'lib/authlogic/test_case/mock_request.rb'
-
-# Offense count: 3
-Style/MissingRespondToMissing:
-  Exclude:
-    - 'lib/authlogic/controller_adapters/sinatra_adapter.rb'
-    - 'lib/authlogic/test_case/mock_request.rb'
-
-Style/NumericPredicate:
-  Enabled: false
-
-# Offense count: 10
-# Cop supports --auto-correct.
-# Configuration parameters: .
-# SupportedStyles: compact, exploded
-Style/RaiseArgs:
-  EnforcedStyle: compact

data/.travis.yml

@@ -1,24 +0,0 @@
-language: ruby
-cache: bundler
-
-before_install:
-  - gem update --system
-  - gem update bundler
-
-# We only test the oldest and the newest ruby versions that we support. We
-# do not test intermediate versions.
-rvm:
-  - 2.3.7
-  - 2.5.1
-
-# We only test living versions of rails, per the [rails maintenance
-# policy](http://guides.rubyonrails.org/maintenance_policy.html)
-gemfile:
-  - gemfiles/Gemfile.rails-4.2.x
-  - gemfiles/Gemfile.rails-5.1.x
-  - gemfiles/Gemfile.rails-5.2.x
-
-matrix:
-  fast_finish: true
-
-sudo: false

data/CHANGELOG.md

@@ -1,348 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
-
-## 5.0.0
-
-See https://github.com/binarylogic/authlogic/blob/5-0-stable/CHANGELOG.md
-
-## Unreleased
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * None
-
-## 4.5.0 (2020-03-23)
-
-* Breaking Changes
-  * None
-* Added
-  * [#701](https://github.com/binarylogic/authlogic/pull/701) - Ability to
-    specify None as a valid value to SameSite cookie attribute
-* Fixed
-  * None
-
-## 4.4.3 (2019-03-23)
-
-* Breaking Changes
-  * None
-* Added
-  * [#660](https://github.com/binarylogic/authlogic/pull/660) -
-    Authlogic::Session::Cookies.encrypt_cookie option
-* Fixed
-  * Restrict sqlite3 version so tests can run normally
-
-## 4.4.2 (2018-09-23)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * Improved instructions in deprecation warning for validations
-
-## 4.4.1 (2018-09-21)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * The methods for disabling Authlogic's "special" validations,
-    eg. `validate_email_field = false` are actually deprecated, but should
-    not produce a deprecation warning.
-  * Only produce deprecation warning when configuring a validation, not when
-    performing actual validation.
-
-## 4.4.0 (2018-09-21)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * None
-* Deprecation
-  * [#627](https://github.com/binarylogic/authlogic/pull/627) -
-    Deprecate `authenticates_many` without replacement
-  * [#623](https://github.com/binarylogic/authlogic/pull/623) -
-    Deprecate unnecessary validation features, use normal rails validation
-    instead
-
-## 4.3.0 (2018-08-12)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * None
-* Dependencies
-  * Drop support for ruby 2.2, which reached EoL on 2018-06-20
-
-## 4.2.0 (2018-07-18)
-
-* Breaking Changes
-  * None
-* Added
-  * [#611](https://github.com/binarylogic/authlogic/pull/611) - Deprecate
-    AES256, guide users to choose a better crypto provider
-* Fixed
-  * None
-
-## 4.1.1 (2018-05-23)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * [#606](https://github.com/binarylogic/authlogic/pull/606) - Interpreter
-    warnings about undefined instance variables
-
-## 4.1.0 (2018-04-24)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * None
-* Deprecated
-  * crypto_providers/wordpress.rb, without replacement
-  * restful_authentication, without replacement
-
-## 4.0.1 (2018-03-20)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * [#590](https://github.com/binarylogic/authlogic/pull/590) -
-    Fix "cannot modify frozen gem" re: ActiveRecord.gem_version
-
-## 4.0.0 (2018-03-18)
-
-* Breaking Changes, Major
-  * Drop support for ruby < 2.2
-  * Drop support for rails < 4.2
-  * HTTP Basic Auth is now disabled by default (use allow_http_basic_auth to enable)
-  * 'httponly' and 'secure' cookie options are enabled by default now
-  * maintain_sessions config has been removed. It has been split into 2 new options:
-    log_in_after_create & log_in_after_password_change (@lucasminissale)
-  * [#558](https://github.com/binarylogic/authlogic/pull/558) Passing an
-    ActionController::Parameters into authlogic will now raise an error
-
-* Breaking Changes, Minor
-  * Methods in Authlogic::Random are now module methods, and are no longer
-    instance methods. Previously, there were both. Do not use Authlogic::Random
-    as a mixin.
-  * Our mutable constants (e.g. arrays, hashes) are now frozen.
-
-* Added
-  * `Authlogic.gem_version`
-  * [#586](https://github.com/binarylogic/authlogic/pull/586) Support for SameSite cookies
-  * [#581](https://github.com/binarylogic/authlogic/pull/581) Support for rails 5.2
-  * Support for ruby 2.4, specifically openssl gem 2.0
-  * [#98](https://github.com/binarylogic/authlogic/issues/98)
-    I18n for invalid session error message. (@eugenebolshakov)
-
-* Fixed
-  * Random.friendly_token (used for e.g. perishable token) now returns strings
-    of consistent length, and conforms better to RFC-4648
-  * ensure that login field validation uses correct locale (@sskirby)
-  * add a respond_to_missing? in AbstractAdapter that also checks controller respond_to?
-  * [#561](https://github.com/binarylogic/authlogic/issues/561) authenticates_many now works with scope_cookies:true
-  * Allow tld up to 24 characters per https://data.iana.org/TLD/tlds-alpha-by-domain.txt
-
-## 3.8.0 2018-02-07
-
-* Breaking Changes
-  * None
-
-* Added
-  * [#582](https://github.com/binarylogic/authlogic/pull/582) Support rails 5.2
-  * [#583](https://github.com/binarylogic/authlogic/pull/583) Support openssl gem 2.0
-
-* Fixed
-  * None
-
-## 3.7.0 2018-02-07
-
-* Breaking Changes
-  * None
-
-* Added
-  * [#580](https://github.com/binarylogic/authlogic/pull/580) Deprecated
-    `ActionController::Parameters`, will be removed in 4.0.0
-
-* Fixed
-  * None
-
-## 3.6.1 2017-09-30
-
-* Breaking Changes
-  * None
-
-* Added
-  * None
-
-* Fixed
-  * Allow TLD up to 24 characters per
-    https://data.iana.org/TLD/tlds-alpha-by-domain.txt
-  * [#561](https://github.com/binarylogic/authlogic/issues/561)
-    authenticates_many now works with scope_cookies:true
-
-## 3.6.0 2017-04-28
-
-* Breaking Changes
-  * None
-
-* Added
-  * Support rails 5.1
-
-* Fixed
-  * ensure that login field validation uses correct locale (@sskirby)
-
-## 3.5.0 2016-08-29
-
-* new
-  * Rails 5.0 support! Thanks to all reporters and contributors.
-
-* changes
-  * increased default minimum password length to 8 (@iainbeeston)
-  * bind parameters in where statement for rails 5 support
-  * change callback for rails 5 support
-  * converts the ActionController::Parameters to a Hash for rails 5 support
-  * check last_request_at_threshold even if last_request_at_update_allowed returns true (@rofreg)
-
-## 3.4.6 2015
-
-* changes
-  * add Regex.email_nonascii for validation of emails w/unicode (@rchekaluk)
-  * allow scrypt 2.x (@jaredbeck)
-
-## 3.4.5 2015-03-01
-
-* changes
-  * security-hardening fix and cleanup in persistence_token lookup
-  * security-hardening fix in perishable_token lookup (thx @tomekr)
-
-## 3.4.4 2014-12-23
-
-* changes
-  * extract rw_config into an Authlogic::Config module
-  * improved the way config changes are made in tests
-  * fix for Rails 4.2 by extending ActiveModel
-
-## 3.4.3 2014-10-08
-
-* changes
-  * backfill CHANGELOG
-  * better compatibility with jruby (thx @petergoldstein)
-  * added scrypt as a dependency
-  * cleanup some code (thx @roryokane)
-  * reference 'bcrypt' gem instead of 'bcrypt-ruby' (thx @roryokane)
-  * fixed typo (thx @chamini2)
-  * fixed magic column validations for Rails 4.2 (thx @tom-kuca)
-
-## 3.4.2 2014-04-28
-
-* changes
-  * fixed the missing scrypt/bcrypt gem errors introduced in 3.4.1
-  * implemented autoloading for providers
-  * added longer subdomain support in email regex
-
-## 3.4.1 2014-04-04
-
-* changes
-  * undid an accidental revert of some code
-
-## 3.4.0 2014-03-03
-
-* Breaking Changes
-  * made scrypt the default crypto provider from SHA512
-    (https://github.com/binarylogic/authlogic#upgrading-to-authlogic-340)
-    See UPGRADING.md.
-
-* Added
-  * officially support rails 4 (still supporting rails 3)
-  * added cookie signing
-  * added request store for better concurency for threaded environments
-  * added a rack adapter for Rack middleware support
-
-* Fixed
-  * ditched appraisal
-  * improved find_with_case default performance
-  * added travis ci support
-
-## 3.3.0 2014-04-04
-
-* changes
-  * added safeguard against a sqli that was also fixed in rails 3.2.10/3.1.9/3.0.18
-  * imposed the bcrypt gem's mincost
-  * removed shoulda macros
-
-## 3.2.0 2012-12-07
-
-* new
-  * scrypt support
-
-* changes
-  * moved back to LOWER for find_with_case ci lookups
-
-## 3.1.3 2012-06-13
-
-* changes
-  * removed jeweler
-
-## 3.1.2 2012-06-01
-
-* changes
-  * mostly test fixes
-
-## 3.1.1 2012-06-01
-
-* changes
-  * mostly doc fixes
-
-## 3.1.0 2011-10-19
-
-* changes
-  * mostly small bug fixes
-
-## 3.0.3 2011-05-17
-
-* changes
-  * rails 3.1 support
-
-* new
-  * http auth support
-
-## 3.0.2 2011-04-30
-
-* changes
-  * doc fixes
-
-## 3.0.1 2011-04-30
-
-* changes
-  * switch from LOWER to LIKE for find_with_case ci lookups
-
-## 3.0.0 2011-04-30
-
-* new
-  * ssl cookie support
-  * httponly cookie support
-  * added a session generator
-
-* changes
-  * rails 3 support
-  * ruby 1.9.2 support