authlogic 4.5.0 → 6.4.2

data/lib/authlogic/session/magic_column/assigns_last_request_at.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module Session
+    module MagicColumn
+      # Assigns the current time to the `last_request_at` attribute.
+      #
+      # 1. The `last_request_at` column must exist
+      # 2. Assignment can be disabled on a per-controller basis
+      # 3. Assignment will not happen more often than `last_request_at_threshold`
+      #   seconds.
+      #
+      # - current_time - a `Time`
+      # - record - eg. a `User`
+      # - controller - an `Authlogic::ControllerAdapters::AbstractAdapter`
+      # - last_request_at_threshold - integer - seconds
+      #
+      # @api private
+      class AssignsLastRequestAt
+        def initialize(current_time, record, controller, last_request_at_threshold)
+          @current_time = current_time
+          @record = record
+          @controller = controller
+          @last_request_at_threshold = last_request_at_threshold
+        end
+
+        def assign
+          return unless assign?
+          @record.last_request_at = @current_time
+        end
+
+        private
+
+        # @api private
+        def assign?
+          @record &&
+            @record.class.column_names.include?("last_request_at") &&
+            @controller.last_request_update_allowed? && (
+              @record.last_request_at.blank? ||
+              @last_request_at_threshold.to_i.seconds.ago >= @record.last_request_at
+            )
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/test_case/mock_api_controller.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Authlogic
+  module TestCase
+    # Basically acts like an API controller but doesn't do anything.
+    # Authlogic can interact with this, do it's thing and then you can look at
+    # the controller object to see if anything changed.
+    class MockAPIController < ControllerAdapters::AbstractAdapter
+      attr_writer :request_content_type
+
+      def initialize
+      end
+
+      # Expected API controller has no cookies method.
+      undef :cookies
+
+      def cookie_domain
+        nil
+      end
+
+      def logger
+        @logger ||= MockLogger.new
+      end
+
+      def params
+        @params ||= {}
+      end
+
+      def request
+        @request ||= MockRequest.new(self)
+      end
+
+      def request_content_type
+        @request_content_type ||= "text/html"
+      end
+
+      def session
+        @session ||= {}
+      end
+
+      # If method is defined, it causes below behavior...
+      #   controller = Authlogic::ControllerAdapters::RailsAdapter.new(
+      #     Authlogic::TestCase::MockAPIController.new
+      #   )
+      #   controller.responds_to_single_access_allowed? #=> true
+      #   controller.single_access_allowed?
+      #     #=> NoMethodError: undefined method `single_access_allowed?' for nil:NilClass
+      #
+      undef :single_access_allowed?
+    end
+  end
+end

data/lib/authlogic/test_case/mock_controller.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
     # Basically acts like a controller but doesn't do anything. Authlogic can interact
@@ -37,7 +39,7 @@ module Authlogic
       end
 
       def request
-        @request ||= MockRequest.new(controller)
+        @request ||= MockRequest.new(self)
       end
 
       def request_content_type

data/lib/authlogic/test_case/mock_cookie_jar.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
     # A mock of `ActionDispatch::Cookies::CookieJar`.
+    # See action_dispatch/middleware/cookies.rb
     class MockCookieJar < Hash # :nodoc:
       attr_accessor :set_cookies
 
@@ -9,9 +12,12 @@ module Authlogic
         hash && hash[:value]
       end
 
+      # @param options - "the cookie's value [usually a string] or a hash of
+      # options as documented above [in action_dispatch/middleware/cookies.rb]"
       def []=(key, options)
-        (@set_cookies ||= {})[key.to_s] = options
-        super
+        opt = cookie_options_to_hash(options)
+        (@set_cookies ||= {})[key.to_s] = opt
+        super(key, opt)
       end
 
       def delete(key, _options = {})
@@ -25,8 +31,24 @@ module Authlogic
       def encrypted
         @encrypted ||= MockEncryptedCookieJar.new(self)
       end
+
+      private
+
+      # @api private
+      def cookie_options_to_hash(options)
+        if options.is_a?(Hash)
+          options
+        else
+          { value: options }
+        end
+      end
     end
 
+    # A mock of `ActionDispatch::Cookies::SignedKeyRotatingCookieJar`
+    #
+    # > .. a jar that'll automatically generate a signed representation of
+    # > cookie value and verify it when reading from the cookie again.
+    # > actionpack/lib/action_dispatch/middleware/cookies.rb
     class MockSignedCookieJar < MockCookieJar
       attr_reader :parent_jar # helper for testing
 
@@ -45,11 +67,14 @@ module Authlogic
       end
 
       def []=(key, options)
-        options[:value] = "#{options[:value]}--#{Digest::SHA1.hexdigest options[:value]}"
-        @parent_jar[key] = options
+        opt = cookie_options_to_hash(options)
+        opt[:value] = "#{opt[:value]}--#{Digest::SHA1.hexdigest opt[:value]}"
+        @parent_jar[key] = opt
       end
     end
 
+    # Which ActionDispatch class is this a mock of?
+    # TODO: Document as with other mocks above.
     class MockEncryptedCookieJar < MockCookieJar
       attr_reader :parent_jar # helper for testing
 
@@ -66,8 +91,9 @@ module Authlogic
       end
 
       def []=(key, options)
-        options[:value] = self.class.encrypt(options[:value])
-        @parent_jar[key] = options
+        opt = cookie_options_to_hash(options)
+        opt[:value] = self.class.encrypt(opt[:value])
+        @parent_jar[key] = opt
       end
 
       # simple caesar cipher for testing

data/lib/authlogic/test_case/mock_logger.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
     # Simple class to replace real loggers, so that we can raise any errors being logged.

data/lib/authlogic/test_case/mock_request.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
     class MockRequest # :nodoc:
@@ -7,6 +9,16 @@ module Authlogic
         self.controller = controller
       end
 
+      def env
+        @env ||= {
+          ControllerAdapters::AbstractAdapter::ENV_SESSION_OPTIONS => {}
+        }
+      end
+
+      def format
+        controller.request_content_type if controller.respond_to? :request_content_type
+      end
+
       def ip
         controller&.respond_to?(:env) &&
           controller.env.is_a?(Hash) &&

data/lib/authlogic/test_case/rails_request_adapter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Authlogic
   module TestCase
     # Adapts authlogic to work with the @request object when testing. This way Authlogic
@@ -10,7 +12,7 @@ module Authlogic
       def cookies
         new_cookies = MockCookieJar.new
         super.each do |key, value|
-          new_cookies[key] = value[:value]
+          new_cookies[key] = cookie_value(value)
         end
         new_cookies
       end
@@ -26,6 +28,12 @@ module Authlogic
       def request_content_type
         request.format.to_s
       end
+
+      private
+
+      def cookie_value(value)
+        value.is_a?(Hash) ? value[:value] : value
+      end
     end
   end
 end

data/lib/authlogic/test_case.rb

@@ -1,9 +1,13 @@
+# frozen_string_literal: true
+
 require File.dirname(__FILE__) + "/test_case/rails_request_adapter"
+require File.dirname(__FILE__) + "/test_case/mock_api_controller"
 require File.dirname(__FILE__) + "/test_case/mock_cookie_jar"
 require File.dirname(__FILE__) + "/test_case/mock_controller"
 require File.dirname(__FILE__) + "/test_case/mock_logger"
 require File.dirname(__FILE__) + "/test_case/mock_request"
 
+# :nodoc:
 module Authlogic
   # This module is a collection of methods and classes that help you easily test
   # Authlogic. In fact, I use these same tools to test the internals of
@@ -204,6 +208,7 @@ module Authlogic
     end
   end
 
+  # TODO: Why are these lines inside the `Authlogic` module? Should be outside?
   ::Test::Unit::TestCase.send(:include, TestCase) if defined?(::Test::Unit::TestCase)
   ::MiniTest::Unit::TestCase.send(:include, TestCase) if defined?(::MiniTest::Unit::TestCase)
   ::MiniTest::Test.send(:include, TestCase) if defined?(::MiniTest::Test)

data/lib/authlogic/version.rb

@@ -2,6 +2,7 @@
 
 require "rubygems"
 
+# :nodoc:
 module Authlogic
   # Returns a `::Gem::Version`, the version number of the authlogic gem.
   #
@@ -16,6 +17,6 @@ module Authlogic
   #
   # @api public
   def self.gem_version
-    ::Gem::Version.new("4.5.0")
+    ::Gem::Version.new("6.4.2")
   end
 end

data/lib/authlogic.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 # Authlogic uses ActiveSupport's core extensions like `strip_heredoc` and
 # `squish`. ActiveRecord does not `require` these exensions, so we must.
 #
@@ -11,18 +13,16 @@ require "active_record"
 path = File.dirname(__FILE__) + "/authlogic/"
 
 [
+  "errors",
   "i18n",
   "random",
-  "regex",
   "config",
 
   "controller_adapters/abstract_adapter",
+  "cookie_credentials",
 
   "crypto_providers",
 
-  "authenticates_many/base",
-  "authenticates_many/association",
-
   "acts_as_authentic/email",
   "acts_as_authentic/logged_in_status",
   "acts_as_authentic/login",
@@ -30,34 +30,11 @@ path = File.dirname(__FILE__) + "/authlogic/"
   "acts_as_authentic/password",
   "acts_as_authentic/perishable_token",
   "acts_as_authentic/persistence_token",
-  "acts_as_authentic/restful_authentication",
   "acts_as_authentic/session_maintenance",
   "acts_as_authentic/single_access_token",
-  "acts_as_authentic/validations_scope",
   "acts_as_authentic/base",
 
-  "session/activation",
-  "session/active_record_trickery",
-  "session/brute_force_protection",
-  "session/callbacks",
-  "session/cookies",
-  "session/existence",
-  "session/foundation",
-  "session/http_auth",
-  "session/id",
-  "session/klass",
-  "session/magic_columns",
-  "session/magic_states",
-  "session/params",
-  "session/password",
-  "session/perishable_token",
-  "session/persistence",
-  "session/priority_record",
-  "session/scopes",
-  "session/session",
-  "session/timeout",
-  "session/unauthorized_record",
-  "session/validation",
+  "session/magic_column/assigns_last_request_at",
   "session/base"
 ].each do |library|
   require path + library