authlogic 4.5.0 → 6.4.2

data/lib/authlogic/acts_as_authentic/restful_authentication.rb

@@ -1,106 +0,0 @@
-module Authlogic
-  module ActsAsAuthentic
-    # This module is responsible for transitioning existing applications from
-    # the restful_authentication plugin.
-    module RestfulAuthentication
-      def self.included(klass)
-        klass.class_eval do
-          extend Config
-          include InstanceMethods
-        end
-      end
-
-      # Configures the restful_authentication aspect of acts_as_authentic.
-      # These methods become class methods of ::ActiveRecord::Base.
-      module Config
-        DPR_MSG = <<~STR.squish
-          Support for transitioning to authlogic from restful_authentication
-          (%s) is deprecated without replacement. restful_authentication is no
-          longer used in the ruby community, and the transition away from it is
-          complete. There is only one version of restful_authentication on
-          rubygems.org, it was released in 2009, and it's only compatible with
-          rails 2.3. It has been nine years since it was released.
-        STR
-
-        # Switching an existing app to Authlogic from restful_authentication? No
-        # problem, just set this true and your users won't know anything
-        # changed. From your database perspective nothing will change at all.
-        # Authlogic will continue to encrypt passwords just like
-        # restful_authentication, so your app won't skip a beat. Although, might
-        # consider transitioning your users to a newer and stronger algorithm.
-        # Checkout the transition_from_restful_authentication option.
-        #
-        # * <tt>Default:</tt> false
-        # * <tt>Accepts:</tt> Boolean
-        def act_like_restful_authentication(value = nil)
-          r = rw_config(:act_like_restful_authentication, value, false)
-          set_restful_authentication_config if value
-          r
-        end
-
-        def act_like_restful_authentication=(value = nil)
-          ::ActiveSupport::Deprecation.warn(
-            format(DPR_MSG, "act_like_restful_authentication="),
-            caller(1)
-          )
-          act_like_restful_authentication(value)
-        end
-
-        # This works just like act_like_restful_authentication except that it
-        # will start transitioning your users to the algorithm you specify with
-        # the crypto provider option. The next time they log in it will resave
-        # their password with the new algorithm and any new record will use the
-        # new algorithm as well. Make sure to update your users table if you are
-        # using the default migration since it will set crypted_password and
-        # salt columns to a maximum width of 40 characters which is not enough.
-        def transition_from_restful_authentication(value = nil)
-          r = rw_config(:transition_from_restful_authentication, value, false)
-          set_restful_authentication_config if value
-          r
-        end
-
-        def transition_from_restful_authentication=(value = nil)
-          ::ActiveSupport::Deprecation.warn(
-            format(DPR_MSG, "transition_from_restful_authentication="),
-            caller(1)
-          )
-          transition_from_restful_authentication(value)
-        end
-
-        private
-
-        def set_restful_authentication_config
-          self.restful_auth_crypto_provider = CryptoProviders::Sha1
-          if !defined?(::REST_AUTH_SITE_KEY) || ::REST_AUTH_SITE_KEY.nil?
-            unless defined?(::REST_AUTH_SITE_KEY)
-              class_eval("::REST_AUTH_SITE_KEY = ''", __FILE__, __LINE__)
-            end
-            CryptoProviders::Sha1.stretches = 1
-          end
-        end
-
-        # @api private
-        def restful_auth_crypto_provider=(provider)
-          if act_like_restful_authentication
-            self.crypto_provider = provider
-          else
-            self.transition_from_crypto_providers = provider
-          end
-        end
-      end
-
-      # :nodoc:
-      module InstanceMethods
-        private
-
-        def act_like_restful_authentication?
-          self.class.act_like_restful_authentication == true
-        end
-
-        def transition_from_restful_authentication?
-          self.class.transition_from_restful_authentication == true
-        end
-      end
-    end
-  end
-end

data/lib/authlogic/acts_as_authentic/validations_scope.rb

@@ -1,35 +0,0 @@
-module Authlogic
-  module ActsAsAuthentic
-    # Allows you to scope everything to specific fields. See the Config
-    # submodule for more info. For information on how to scope off of a parent
-    # object see Authlogic::AuthenticatesMany
-    module ValidationsScope
-      def self.included(klass)
-        klass.class_eval do
-          extend Config
-        end
-      end
-
-      # All configuration for the scope feature.
-      module Config
-        # Allows you to scope everything to specific field(s). Works just like
-        # validates_uniqueness_of. For example, let's say a user belongs to a
-        # company, and you want to scope everything to the company:
-        #
-        #   acts_as_authentic do |c|
-        #     c.validations_scope = :company_id
-        #   end
-        #
-        # * <tt>Default:</tt> nil
-        # * <tt>Accepts:</tt> Symbol or Array of symbols
-        #
-        # @deprecated
-        def validations_scope(value = nil)
-          deprecate_authlogic_config("validations_scope") if value
-          rw_config(:validations_scope, value)
-        end
-        alias_method :validations_scope=, :validations_scope
-      end
-    end
-  end
-end

data/lib/authlogic/authenticates_many/association.rb

@@ -1,50 +0,0 @@
-module Authlogic
-  module AuthenticatesMany
-    # An object of this class is used as a proxy for the authenticates_many
-    # relationship. It basically allows you to "save" scope details and call
-    # them on an object, which allows you to do the following:
-    #
-    #   @account.user_sessions.new
-    #   @account.user_sessions.find
-    #   # ... etc
-    #
-    # You can call all of the class level methods off of an object with a saved
-    # scope, so that calling the above methods scopes the user sessions down to
-    # that specific account. To implement this via ActiveRecord do something
-    # like:
-    #
-    #   class User < ApplicationRecord
-    #     authenticates_many :user_sessions
-    #   end
-    class Association
-      attr_accessor :klass, :find_options, :id
-
-      # - id: Usually `nil`, but if the `scope_cookies` option is used, then
-      #   `id` is a string like "company_123". It may seem strange to refer
-      #   to such a string as an "id", but the naming is intentional, and
-      #   is derived from `Authlogic::Session::Id`.
-      def initialize(klass, find_options, id)
-        self.klass = klass
-        self.find_options = find_options
-        self.id = id
-      end
-
-      %i[create create! find new].each do |method|
-        class_eval <<-EOS, __FILE__, __LINE__ + 1
-          def #{method}(*args)
-            klass.with_scope(scope_options) do
-              klass.#{method}(*args)
-            end
-          end
-        EOS
-      end
-      alias_method :build, :new
-
-      private
-
-      def scope_options
-        { find_options: find_options, id: id }
-      end
-    end
-  end
-end

data/lib/authlogic/authenticates_many/base.rb

@@ -1,81 +0,0 @@
-module Authlogic
-  # This allows you to scope your authentication. For example, let's say all users belong
-  # to an account, you want to make sure only users that belong to that account can
-  # actually login into that account. Simple, just do:
-  #
-  #   class Account < ApplicationRecord
-  #     authenticates_many :user_sessions
-  #   end
-  #
-  # Now you can scope sessions just like everything else in ActiveRecord:
-  #
-  #   @account.user_sessions.new(*args)
-  #   @account.user_sessions.create(*args)
-  #   @account.user_sessions.find(*args)
-  #   # ... etc
-  #
-  # Checkout the authenticates_many method for a list of options.
-  # You may also want to checkout Authlogic::ActsAsAuthentic::Scope to scope your model.
-  module AuthenticatesMany
-    # These methods become class methods of ::ActiveRecord::Base.
-    module Base
-      DPR_AUTH_MANY = <<~EOS.freeze
-        authenticates_many is deprecated without replacement. Let us know
-        if you would like to take over maintenance of this feature as a separate
-        gem. If no one volunteers to extract and maintain a new gem, then this
-        feature will simply be deleted.
-      EOS
-
-      # Allows you to set up a relationship with your sessions. See module
-      # definition above for more details.
-      #
-      # === Options
-      #
-      # * <tt>session_class:</tt> default: "#{name}Session",
-      #   This is the related session class.
-      #
-      # * <tt>relationship_name:</tt>
-      #   default: options[:session_class].klass_name.underscore.pluralize,
-      #   This is the name of the relationship you want to use to scope
-      #   everything. For example an Account has many Users. There should be a
-      #   relationship called :users that you defined with a has_many. The
-      #   reason we use the relationship is so you don't have to repeat
-      #   yourself. The relationship could have all kinds of custom options. So
-      #   instead of repeating yourself we essentially use the scope that the
-      #   relationship creates.
-      #
-      # * <tt>find_options:</tt> default: nil,
-      #   By default the find options are created from the relationship you
-      #   specify with :relationship_name. But if you want to override this and
-      #   manually specify find_options you can do it here. Specify options just
-      #   as you would in ActiveRecord::Base.find.
-      #
-      # * <tt>scope_cookies:</tt> default: false
-      #   By the nature of cookies they scope themselves if you are using
-      #   subdomains to access accounts. If you aren't using subdomains you need
-      #   to have separate cookies for each account, assuming a user is logging
-      #   into more than one account. Authlogic can take care of this for you by
-      #   prefixing the name of the cookie and session with the model id.
-      #   Because it affects both cookies names and session keys, the name
-      #   `scope_cookies` is misleading. Perhaps simply `scope` or `scoped`
-      #   would have been better.
-      def authenticates_many(name, options = {})
-        ::ActiveSupport::Deprecation.warn(DPR_AUTH_MANY)
-        options[:session_class] ||= name.to_s.classify.constantize
-        options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
-        class_eval <<-EOS, __FILE__, __LINE__ + 1
-          def #{name}
-            find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.where(nil)
-            @#{name} ||= Authlogic::AuthenticatesMany::Association.new(
-              #{options[:session_class]},
-              find_options,
-              #{options[:scope_cookies] ? "self.class.model_name.name.underscore + '_' + self.send(self.class.primary_key).to_s" : 'nil'}
-            )
-          end
-        EOS
-      end
-    end
-
-    ::ActiveRecord::Base.extend(Base) if defined?(::ActiveRecord)
-  end
-end

data/lib/authlogic/crypto_providers/aes256.rb

@@ -1,71 +0,0 @@
-require "openssl"
-
-module Authlogic
-  module CryptoProviders
-    # This encryption method is reversible if you have the supplied key. So in
-    # order to use this encryption method you must supply it with a key first.
-    # In an initializer, or before your application initializes, you should do
-    # the following:
-    #
-    #   Authlogic::CryptoProviders::AES256.key = "long, unique, and random key"
-    #
-    # My final comment is that this is a strong encryption method, but its main
-    # weakness is that it's reversible. If you do not need to reverse the hash
-    # then you should consider Sha512 or BCrypt instead.
-    #
-    # Keep your key in a safe place, some even say the key should be stored on a
-    # separate server. This won't hurt performance because the only time it will
-    # try and access the key on the separate server is during initialization,
-    # which only happens once. The reasoning behind this is if someone does
-    # compromise your server they won't have the key also. Basically, you don't
-    # want to store the key with the lock.
-    class AES256
-      class << self
-        attr_writer :key
-
-        def encrypt(*tokens)
-          aes.encrypt
-          aes.key = @key
-          [aes.update(tokens.join) + aes.final].pack("m").chomp
-        end
-
-        def matches?(crypted, *tokens)
-          aes.decrypt
-          aes.key = @key
-          (aes.update(crypted.unpack("m").first) + aes.final) == tokens.join
-        rescue OpenSSL::CipherError
-          false
-        end
-
-        private
-
-        def aes
-          if @key.blank?
-            raise ArgumentError.new(
-              "You must provide a key like #{name}.key = my_key before using the #{name}"
-            )
-          end
-
-          @aes ||= openssl_cipher_class.new("AES-256-ECB")
-        end
-
-        # `::OpenSSL::Cipher::Cipher` has been deprecated since at least 2014,
-        # in favor of `::OpenSSL::Cipher`, but a deprecation warning was not
-        # printed until 2016
-        # (https://github.com/ruby/openssl/commit/5c20a4c014) when openssl
-        # became a gem. Its first release as a gem was 2.0.0, in ruby 2.4.
-        # (See https://github.com/ruby/ruby/blob/v2_4_0/NEWS)
-        #
-        # When we eventually drop support for ruby < 2.4, we can probably also
-        # drop support for openssl gem < 2.
-        def openssl_cipher_class
-          if ::Gem::Version.new(::OpenSSL::VERSION) < ::Gem::Version.new("2.0.0")
-            ::OpenSSL::Cipher::Cipher
-          else
-            ::OpenSSL::Cipher
-          end
-        end
-      end
-    end
-  end
-end

data/lib/authlogic/crypto_providers/wordpress.rb

@@ -1,72 +0,0 @@
-require "digest/md5"
-
-::ActiveSupport::Deprecation.warn(
-  <<~EOS,
-    authlogic/crypto_providers/wordpress.rb is deprecated without replacement.
-    Yes, the entire file. Don't `require` it. Let us know ASAP if you are still
-    using it.
-
-    Reasons for deprecation: This file is not autoloaded by
-    `authlogic/crypto_providers.rb`. It's not documented. There are no tests.
-    So, it's likely used by a *very* small number of people, if any. It's never
-    had any contributions except by its original author, Jeffry Degrande, in
-    2009. It is unclear why it should live in the main authlogic codebase. It
-    could be in a separate gem, authlogic-wordpress, or it could just live in
-    Jeffry's codebase, if he still even needs it, in 2018, nine years later.
-  EOS
-  caller(1)
-)
-
-module Authlogic
-  module CryptoProviders
-    # Crypto provider to transition from wordpress user accounts. Written by
-    # Jeffry Degrande in 2009. First released in 2.1.3.
-    #
-    # Problems:
-    #
-    # - There are no tests.
-    # - We can't even figure out how to run this without it crashing.
-    # - Presumably it implements some spec, but it doesn't mention which.
-    # - It is not documented anywhere.
-    # - There is no PR associated with this, and no discussion about it could be found.
-    #
-    class Wordpress
-      class << self
-        ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".freeze
-
-        def matches?(crypted, *tokens)
-          stretches = 1 << ITOA64.index(crypted[3, 1])
-          plain, salt = *tokens
-          hashed = Digest::MD5.digest(salt + plain)
-          stretches.times do
-            hashed = Digest::MD5.digest(hashed + plain)
-          end
-          crypted[0, 12] + encode_64(hashed, 16) == crypted
-        end
-
-        def encode_64(input, length)
-          output = ""
-          i = 0
-          while i < length
-            value = input[i]
-            i += 1
-            break if value.nil?
-            output += ITOA64[value & 0x3f, 1]
-            value |= input[i] << 8 if i < length
-            output += ITOA64[(value >> 6) & 0x3f, 1]
-
-            i += 1
-            break if i >= length
-            value |= input[i] << 16 if i < length
-            output += ITOA64[(value >> 12) & 0x3f, 1]
-
-            i += 1
-            break if i >= length
-            output += ITOA64[(value >> 18) & 0x3f, 1]
-          end
-          output
-        end
-      end
-    end
-  end
-end

data/lib/authlogic/regex.rb

@@ -1,79 +0,0 @@
-module Authlogic
-  # This is a module the contains regular expressions used throughout Authlogic.
-  # The point of extracting them out into their own module is to make them
-  # easily available to you for other uses. Ex:
-  #
-  #   validates_format_of :my_email_field, :with => Authlogic::Regex.email
-  module Regex
-    # A general email regular expression. It allows top level domains (TLD) to
-    # be from 2 - 24 in length. The decisions behind this regular expression
-    # were made by analyzing the list of top-level domains maintained by IANA
-    # and by reading this website:
-    # http://www.regular-expressions.info/email.html, which is an excellent
-    # resource for regular expressions.
-    EMAIL = /
-      \A
-      [A-Z0-9_.&%+\-']+   # mailbox
-      @
-      (?:[A-Z0-9\-]+\.)+  # subdomains
-      (?:[A-Z]{2,25})     # TLD
-      \z
-    /ix
-
-    # A draft regular expression for internationalized email addresses. Given
-    # that the standard may be in flux, this simply emulates @email_regex but
-    # rather than allowing specific characters for each part, it instead
-    # disallows the complement set of characters:
-    #
-    # - email_name_regex disallows: @[]^ !"#$()*,/:;<=>?`{|}~\ and control characters
-    # - domain_head_regex disallows: _%+ and all characters in email_name_regex
-    # - domain_tld_regex disallows: 0123456789- and all characters in domain_head_regex
-    #
-    # http://en.wikipedia.org/wiki/Email_address#Internationalization
-    # http://tools.ietf.org/html/rfc6530
-    # http://www.unicode.org/faq/idn.html
-    # http://ruby-doc.org/core-2.1.5/Regexp.html#class-Regexp-label-Character+Classes
-    # http://en.wikipedia.org/wiki/Unicode_character_property#General_Category
-    EMAIL_NONASCII = /
-      \A
-      [^[:cntrl:][@\[\]\^ \!"\#$\(\)*,\/:;<=>?`{|}~\\]]+                        # mailbox
-      @
-      (?:[^[:cntrl:][@\[\]\^ \!\"\#$&\(\)*,\/:;<=>\?`{|}~\\_.%+']]+\.)+         # subdomains
-      (?:[^[:cntrl:][@\[\]\^ \!\"\#$&\(\)*,\/:;<=>\?`{|}~\\_.%+\-'0-9]]{2,25})  # TLD
-      \z
-    /x
-
-    # A simple regular expression that only allows for letters, numbers, spaces, and
-    # .-_@+. Just a standard login / username regular expression.
-    LOGIN = /\A[a-zA-Z0-9_][a-zA-Z0-9\.+\-_@ ]+\z/
-
-    # Accessing the above constants using the following methods is deprecated.
-
-    # @deprecated
-    def self.email
-      ::ActiveSupport::Deprecation.warn(
-        "Authlogic::Regex.email is deprecated, use Authlogic::Regex::EMAIL",
-        caller(1)
-      )
-      EMAIL
-    end
-
-    # @deprecated
-    def self.email_nonascii
-      ::ActiveSupport::Deprecation.warn(
-        "Authlogic::Regex.email_nonascii is deprecated, use Authlogic::Regex::EMAIL_NONASCII",
-        caller(1)
-      )
-      EMAIL_NONASCII
-    end
-
-    # @deprecated
-    def self.login
-      ::ActiveSupport::Deprecation.warn(
-        "Authlogic::Regex.login is deprecated, use Authlogic::Regex::LOGIN",
-        caller(1)
-      )
-      LOGIN
-    end
-  end
-end

data/lib/authlogic/session/activation.rb

@@ -1,73 +0,0 @@
-require "request_store"
-
-module Authlogic
-  module Session
-    # Activating Authlogic requires that you pass it an
-    # Authlogic::ControllerAdapters::AbstractAdapter object, or a class that
-    # extends it. This is sort of like a database connection for an ORM library,
-    # Authlogic can't do anything until it is "connected" to a controller. If
-    # you are using a supported framework, Authlogic takes care of this for you.
-    module Activation
-      class NotActivatedError < ::StandardError # :nodoc:
-        def initialize
-          super(
-            "You must activate the Authlogic::Session::Base.controller with " \
-              "a controller object before creating objects"
-          )
-        end
-      end
-
-      def self.included(klass)
-        klass.class_eval do
-          extend ClassMethods
-          include InstanceMethods
-        end
-      end
-
-      module ClassMethods
-        # Returns true if a controller has been set and can be used properly.
-        # This MUST be set before anything can be done. Similar to how
-        # ActiveRecord won't allow you to do anything without establishing a DB
-        # connection. In your framework environment this is done for you, but if
-        # you are using Authlogic outside of your framework, you need to assign
-        # a controller object to Authlogic via
-        # Authlogic::Session::Base.controller = obj. See the controller= method
-        # for more information.
-        def activated?
-          !controller.nil?
-        end
-
-        # This accepts a controller object wrapped with the Authlogic controller
-        # adapter. The controller adapters close the gap between the different
-        # controllers in each framework. That being said, Authlogic is expecting
-        # your object's class to extend
-        # Authlogic::ControllerAdapters::AbstractAdapter. See
-        # Authlogic::ControllerAdapters for more info.
-        #
-        # Lastly, this is thread safe.
-        def controller=(value)
-          RequestStore.store[:authlogic_controller] = value
-        end
-
-        # The current controller object
-        def controller
-          RequestStore.store[:authlogic_controller]
-        end
-      end
-
-      module InstanceMethods
-        # Making sure we are activated before we start creating objects
-        def initialize(*args)
-          raise NotActivatedError unless self.class.activated?
-          super
-        end
-
-        private
-
-        def controller
-          self.class.controller
-        end
-      end
-    end
-  end
-end

data/lib/authlogic/session/active_record_trickery.rb

@@ -1,65 +0,0 @@
-module Authlogic
-  module Session
-    # Authlogic looks like ActiveRecord, sounds like ActiveRecord, but its not
-    # ActiveRecord. That's the goal here. This is useful for the various rails
-    # helper methods such as form_for, error_messages_for, or any method that
-    # expects an ActiveRecord object. The point is to disguise the object as an
-    # ActiveRecord object so we can take advantage of the many ActiveRecord
-    # tools.
-    module ActiveRecordTrickery
-      def self.included(klass)
-        klass.extend ActiveModel::Naming
-        klass.extend ActiveModel::Translation
-
-        # Support ActiveModel::Name#name for Rails versions before 4.0.
-        unless klass.model_name.respond_to?(:name)
-          ActiveModel::Name.module_eval do
-            alias_method :name, :to_s
-          end
-        end
-
-        klass.extend ClassMethods
-        klass.send(:include, InstanceMethods)
-      end
-
-      module ClassMethods
-        # How to name the class, works JUST LIKE ActiveRecord, except it uses
-        # the following namespace:
-        #
-        #   authlogic.models.user_session
-        def human_name(*)
-          I18n.t("models.#{name.underscore}", count: 1, default: name.humanize)
-        end
-
-        def i18n_scope
-          I18n.scope
-        end
-      end
-
-      module InstanceMethods
-        # Don't use this yourself, this is to just trick some of the helpers
-        # since this is the method it calls.
-        def new_record?
-          new_session?
-        end
-
-        def persisted?
-          !(new_record? || destroyed?)
-        end
-
-        def destroyed?
-          record.nil?
-        end
-
-        def to_key
-          new_record? ? nil : record.to_key
-        end
-
-        # For rails >= 3.0
-        def to_model
-          self
-        end
-      end
-    end
-  end
-end