authlogic 4.5.0 → 6.4.2

data/lib/authlogic/session/scopes.rb

@@ -1,138 +0,0 @@
-require "request_store"
-
-module Authlogic
-  module Session
-    # Authentication can be scoped, and it's easy, you just need to define how you want to
-    # scope everything. This should help you:
-    #
-    # 1. Want to scope by a parent object? Ex: An account has many users.
-    #    Checkout Authlogic::AuthenticatesMany
-    # 2. Want to scope the validations in your model? Ex: 2 users can have the same login
-    #    under different accounts. See Authlogic::ActsAsAuthentic::Scope
-    module Scopes # :nodoc:
-      def self.included(klass)
-        klass.class_eval do
-          extend ClassMethods
-          include InstanceMethods
-          attr_writer :scope
-        end
-      end
-
-      # = Scopes
-      module ClassMethods
-        # The current scope set, should be used in the block passed to with_scope.
-        def scope
-          RequestStore.store[:authlogic_scope]
-        end
-
-        # What with_scopes focuses on is scoping the query when finding the
-        # object and the name of the cookie / session. It works very similar to
-        # ActiveRecord::Base#with_scopes. It accepts a hash with any of the
-        # following options:
-        #
-        # * <tt>find_options:</tt> any options you can pass into ActiveRecord::Base.find.
-        #   This is used when trying to find the record.
-        # * <tt>id:</tt> The id of the session, this gets merged with the real id. For
-        #   information ids see the id method.
-        #
-        # Here is how you use it:
-        #
-        # ```
-        # UserSession.with_scope(find_options: {conditions: "account_id = 2"}, id: "account_2") do
-        #   UserSession.find
-        # end
-        # ```
-        #
-        # Essentially what the above does is scope the searching of the object
-        # with the sql you provided. So instead of:
-        #
-        # ```
-        # User.where("login = 'ben'").first
-        # ```
-        #
-        # it would be:
-        #
-        # ```
-        # User.where("login = 'ben' and account_id = 2").first
-        # ```
-        #
-        # You will also notice the :id option. This works just like the id
-        # method. It scopes your cookies. So the name of your cookie will be:
-        #
-        #   account_2_user_credentials
-        #
-        # instead of:
-        #
-        #   user_credentials
-        #
-        # What is also nifty about scoping with an :id is that it merges your
-        # id's. So if you do:
-        #
-        #   UserSession.with_scope(
-        #     find_options: { conditions: "account_id = 2"},
-        #     id: "account_2"
-        #   ) do
-        #     session = UserSession.new
-        #     session.id = :secure
-        #   end
-        #
-        # The name of your cookies will be:
-        #
-        #   secure_account_2_user_credentials
-        def with_scope(options = {})
-          raise ArgumentError.new("You must provide a block") unless block_given?
-          self.scope = options
-          result = yield
-          self.scope = nil
-          result
-        end
-
-        private
-
-        def scope=(value)
-          RequestStore.store[:authlogic_scope] = value
-        end
-      end
-
-      module InstanceMethods
-        # Setting the scope if it exists upon instantiation.
-        def initialize(*args)
-          self.scope = self.class.scope
-          super
-        end
-
-        # The scope of the current object
-        def scope
-          @scope ||= {}
-        end
-
-        private
-
-        # Used for things like cookie_key, session_key, etc.
-        def build_key(last_part)
-          [scope[:id], super].compact.join("_")
-        end
-
-        # `args[0]` is the name of an AR method, like
-        # `find_by_single_access_token`.
-        def search_for_record(*args)
-          search_scope.scoping do
-            klass.send(*args)
-          end
-        end
-
-        # Returns an AR relation representing the scope of the search. The
-        # relation is either provided directly by, or defined by
-        # `find_options`.
-        def search_scope
-          if scope[:find_options].is_a?(ActiveRecord::Relation)
-            scope[:find_options]
-          else
-            conditions = scope[:find_options] && scope[:find_options][:conditions] || {}
-            klass.send(:where, conditions)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/authlogic/session/session.rb

@@ -1,77 +0,0 @@
-module Authlogic
-  module Session
-    # Handles all parts of authentication that deal with sessions. Such as persisting a
-    # session and saving / destroy a session.
-    module Session
-      def self.included(klass)
-        klass.class_eval do
-          extend Config
-          include InstanceMethods
-          persist :persist_by_session
-          after_save :update_session
-          after_destroy :update_session
-          after_persisting :update_session, unless: :single_access?
-        end
-      end
-
-      # Configuration for the session feature.
-      module Config
-        # Works exactly like cookie_key, but for sessions. See cookie_key for more info.
-        #
-        # * <tt>Default:</tt> cookie_key
-        # * <tt>Accepts:</tt> Symbol or String
-        def session_key(value = nil)
-          rw_config(:session_key, value, cookie_key)
-        end
-        alias_method :session_key=, :session_key
-      end
-
-      # Instance methods for the session feature.
-      module InstanceMethods
-        private
-
-        # Tries to validate the session from information in the session
-        def persist_by_session
-          persistence_token, record_id = session_credentials
-          if !persistence_token.nil?
-            record = persist_by_session_search(persistence_token, record_id)
-            if record && record.persistence_token == persistence_token
-              self.unauthorized_record = record
-            end
-            valid?
-          else
-            false
-          end
-        end
-
-        # Allow finding by persistence token, because when records are created
-        # the session is maintained in a before_save, when there is no id.
-        # This is done for performance reasons and to save on queries.
-        def persist_by_session_search(persistence_token, record_id)
-          if record_id.nil?
-            search_for_record("find_by_persistence_token", persistence_token.to_s)
-          else
-            search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
-          end
-        end
-
-        def session_credentials
-          [
-            controller.session[session_key],
-            controller.session["#{session_key}_#{klass.primary_key}"]
-          ].collect { |i| i.nil? ? i : i.to_s }.compact
-        end
-
-        def session_key
-          build_key(self.class.session_key)
-        end
-
-        def update_session
-          controller.session[session_key] = record && record.persistence_token
-          compound_key = "#{session_key}_#{klass.primary_key}"
-          controller.session[compound_key] = record && record.send(record.class.primary_key)
-        end
-      end
-    end
-  end
-end

data/lib/authlogic/session/timeout.rb

@@ -1,103 +0,0 @@
-module Authlogic
-  module Session
-    # Think about financial websites, if you are inactive for a certain period
-    # of time you will be asked to log back in on your next request. You can do
-    # this with Authlogic easily, there are 2 parts to this:
-    #
-    # 1. Define the timeout threshold:
-    #
-    #   acts_as_authentic do |c|
-    #     c.logged_in_timeout = 10.minutes # default is 10.minutes
-    #   end
-    #
-    # 2. Enable logging out on timeouts
-    #
-    #   class UserSession < Authlogic::Session::Base
-    #     logout_on_timeout true # default if false
-    #   end
-    #
-    # This will require a user to log back in if they are inactive for more than
-    # 10 minutes. In order for this feature to be used you must have a
-    # last_request_at datetime column in your table for whatever model you are
-    # authenticating with.
-    module Timeout
-      def self.included(klass)
-        klass.class_eval do
-          extend Config
-          include InstanceMethods
-          before_persisting :reset_stale_state
-          after_persisting :enforce_timeout
-          attr_accessor :stale_record
-        end
-      end
-
-      # Configuration for the timeout feature.
-      module Config
-        # With acts_as_authentic you get a :logged_in_timeout configuration
-        # option. If this is set, after this amount of time has passed the user
-        # will be marked as logged out. Obviously, since web based apps are on a
-        # per request basis, we have to define a time limit threshold that
-        # determines when we consider a user to be "logged out". Meaning, if
-        # they login and then leave the website, when do mark them as logged
-        # out? I recommend just using this as a fun feature on your website or
-        # reports, giving you a ballpark number of users logged in and active.
-        # This is not meant to be a dead accurate representation of a user's
-        # logged in state, since there is really no real way to do this with web
-        # based apps. Think about a user that logs in and doesn't log out. There
-        # is no action that tells you that the user isn't technically still
-        # logged in and active.
-        #
-        # That being said, you can use that feature to require a new login if
-        # their session times out. Similar to how financial sites work. Just set
-        # this option to true and if your record returns true for stale? then
-        # they will be required to log back in.
-        #
-        # Lastly, UserSession.find will still return an object if the session is
-        # stale, but you will not get a record. This allows you to determine if
-        # the user needs to log back in because their session went stale, or
-        # because they just aren't logged in. Just call
-        # current_user_session.stale? as your flag.
-        #
-        # * <tt>Default:</tt> false
-        # * <tt>Accepts:</tt> Boolean
-        def logout_on_timeout(value = nil)
-          rw_config(:logout_on_timeout, value, false)
-        end
-        alias_method :logout_on_timeout=, :logout_on_timeout
-      end
-
-      # Instance methods for the timeout feature.
-      module InstanceMethods
-        # Tells you if the record is stale or not. Meaning the record has timed
-        # out. This will only return true if you set logout_on_timeout to true
-        # in your configuration. Basically how a bank website works. If you
-        # aren't active over a certain period of time your session becomes stale
-        # and requires you to log back in.
-        def stale?
-          if remember_me?
-            remember_me_expired?
-          else
-            !stale_record.nil? || (logout_on_timeout? && record && record.logged_out?)
-          end
-        end
-
-        private
-
-        def reset_stale_state
-          self.stale_record = nil
-        end
-
-        def enforce_timeout
-          if stale?
-            self.stale_record = record
-            self.record = nil
-          end
-        end
-
-        def logout_on_timeout?
-          self.class.logout_on_timeout == true
-        end
-      end
-    end
-  end
-end

data/lib/authlogic/session/unauthorized_record.rb

@@ -1,56 +0,0 @@
-module Authlogic
-  module Session
-    # Allows you to create session with an object. Ex:
-    #
-    #   UserSession.create(my_user_object)
-    #
-    # Be careful with this, because Authlogic is assuming that you have already
-    # confirmed that the user is who he says he is.
-    #
-    # For example, this is the method used to persist the session internally.
-    # Authlogic finds the user with the persistence token. At this point we know
-    # the user is who he says he is, so Authlogic just creates a session with
-    # the record. This is particularly useful for 3rd party authentication
-    # methods, such as OpenID. Let that method verify the identity, once it's
-    # verified, pass the object and create a session.
-    module UnauthorizedRecord
-      def self.included(klass)
-        klass.class_eval do
-          attr_accessor :unauthorized_record
-          validate(
-            :validate_by_unauthorized_record,
-            if: :authenticating_with_unauthorized_record?
-          )
-        end
-      end
-
-      # Returning meaningful credentials
-      def credentials
-        if authenticating_with_unauthorized_record?
-          details = {}
-          details[:unauthorized_record] = "<protected>"
-          details
-        else
-          super
-        end
-      end
-
-      # Setting the unauthorized record if it exists in the credentials passed.
-      def credentials=(value)
-        super
-        values = value.is_a?(Array) ? value : [value]
-        self.unauthorized_record = values.first if values.first.class < ::ActiveRecord::Base
-      end
-
-      private
-
-      def authenticating_with_unauthorized_record?
-        !unauthorized_record.nil?
-      end
-
-      def validate_by_unauthorized_record
-        self.attempted_record = unauthorized_record
-      end
-    end
-  end
-end

data/lib/authlogic/session/validation.rb

@@ -1,93 +0,0 @@
-module Authlogic
-  module Session
-    # Responsible for session validation
-    module Validation
-      # The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses
-      # the exact same ActiveRecord errors class. Use it the same way:
-      #
-      #   class UserSession
-      #     validate :check_if_awesome
-      #
-      #     private
-      #       def check_if_awesome
-      #         errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
-      #         errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
-      #       end
-      #   end
-      class Errors < (defined?(::ActiveModel) ? ::ActiveModel::Errors : ::ActiveRecord::Errors)
-        unless defined?(::ActiveModel)
-          def [](key)
-            value = super
-            value.is_a?(Array) ? value : [value].compact
-          end
-        end
-      end
-
-      # You should use this as a place holder for any records that you find
-      # during validation. The main reason for this is to allow other modules to
-      # use it if needed. Take the failed_login_count feature, it needs this in
-      # order to increase the failed login count.
-      def attempted_record
-        @attempted_record
-      end
-
-      # See attempted_record
-      def attempted_record=(value)
-        @attempted_record = value
-      end
-
-      # The errors in Authlogic work JUST LIKE ActiveRecord. In fact, it uses
-      # the exact same ActiveRecord errors class. Use it the same way:
-      #
-      # === Example
-      #
-      #  class UserSession
-      #    before_validation :check_if_awesome
-      #
-      #    private
-      #      def check_if_awesome
-      #        errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
-      #        errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
-      #      end
-      #  end
-      def errors
-        @errors ||= Errors.new(self)
-      end
-
-      # Determines if the information you provided for authentication is valid
-      # or not. If there is a problem with the information provided errors will
-      # be added to the errors object and this method will return false.
-      def valid?
-        errors.clear
-        self.attempted_record = nil
-
-        before_validation
-        new_session? ? before_validation_on_create : before_validation_on_update
-        validate
-        ensure_authentication_attempted
-
-        if errors.empty?
-          new_session? ? after_validation_on_create : after_validation_on_update
-          after_validation
-        end
-
-        save_record(attempted_record)
-        errors.empty?
-      end
-
-      private
-
-      def ensure_authentication_attempted
-        if errors.empty? && attempted_record.nil?
-          errors.add(
-            :base,
-            I18n.t(
-              "error_messages.no_authentication_details",
-              default: "You did not provide any details for authentication."
-            )
-          )
-        end
-      end
-    end
-  end
-end

data/test/acts_as_authentic_test/base_test.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-require "test_helper"
-
-module ActsAsAuthenticTest
-  class BaseTest < ActiveSupport::TestCase
-    def test_acts_as_authentic
-      assert_nothing_raised do
-        User.acts_as_authentic do
-        end
-      end
-    end
-
-    def test_acts_as_authentic_with_old_config
-      assert_raise(ArgumentError) do
-        User.acts_as_authentic({})
-      end
-    end
-
-    def test_acts_as_authentic_with_no_table
-      klass = Class.new(ActiveRecord::Base)
-      assert_nothing_raised do
-        klass.acts_as_authentic
-      end
-    end
-  end
-end