authlogic 4.5.0 → 6.4.2

data/.rubocop.yml

@@ -1,133 +0,0 @@
-inherit_from: .rubocop_todo.yml
-
-AllCops:
-  Exclude:
-    # TravisCI runs `bundle install --path=${BUNDLE_PATH:-vendor/bundle}`
-    # causing our bundle to be installed in `gemfiles/vendor/bundle`.
-    # Regardless, we have no interest in linting files in our bundle :D
-    - gemfiles/vendor/bundle/**/*
-  # Specify lowest supported ruby version. If we committed our .ruby-version
-  # file, we wouldn't have to specify this (https://bit.ly/2vNTsue), but we
-  # don't commit that file because that would interfere with testing multiple
-  # rubies on CI.
-  TargetRubyVersion: 2.3
-
-# Please use normal indentation when aligning parameters.
-#
-# Good:
-#
-#     method_call(
-#       a,
-#       b
-#     )
-#
-#     method_call(a,
-#       b
-#     )
-#
-# Bad:
-#
-#     method_call(a,
-#                 b)
-#
-# The latter is harder to maintain and uses too much horizontal space.
-Layout/AlignParameters:
-  EnforcedStyle: with_fixed_indentation
-
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-
-Layout/MultilineOperationIndentation:
-  EnforcedStyle: indented
-
-Metrics/AbcSize:
-  Exclude:
-    # crypto_providers/wordpress is deprecated so we will not attempt to
-    # improve its quality.
-    - lib/authlogic/crypto_providers/wordpress.rb
-    # In an ideal world tests would be held to the same ABC metric as production
-    # code. In practice, time spent doing so is not nearly as valuable as
-    # spending the same time improving production code.
-    - test/**/*
-
-# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
-Metrics/BlockLength:
-  Enabled: false
-
-# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
-Metrics/ClassLength:
-  Enabled: false
-
-Metrics/CyclomaticComplexity:
-  Exclude:
-    # crypto_providers/wordpress is deprecated so we will not attempt to
-    # improve its quality.
-    - lib/authlogic/crypto_providers/wordpress.rb
-
-# Aim for 80, but 100 is OK.
-Metrics/LineLength:
-  Max: 100
-
-# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
-Metrics/MethodLength:
-  Enabled: false
-
-# Questionable value compared to metrics like AbcSize or CyclomaticComplexity.
-Metrics/ModuleLength:
-  Enabled: false
-
-# Sometimes prefixing a method name with get_ or set_ is a reasonable choice.
-Naming/AccessorMethodName:
-  Enabled: false
-
-# Having a consistent delimiter, like EOS, improves reading speed. The delimiter
-# is syntactic noise, just like a quotation mark, and inconsistent naming would
-# hurt reading speed, just as inconsistent quoting would.
-Naming/HeredocDelimiterNaming:
-  Enabled: false
-
-# Avoid single-line method definitions.
-Style/EmptyMethod:
-  EnforcedStyle: expanded
-
-# Avoid annotated tokens except in desperately complicated format strings.
-# In 99% of format strings they actually make it less readable.
-Style/FormatStringToken:
-  Enabled: false
-
-# Too subtle to lint. Guard clauses are great, use them if they help.
-Style/GuardClause:
-  Enabled: false
-
-# Too subtle to lint. A multi-line conditional may improve readability, even if
-# a postfix conditional would satisfy `Metrics/LineLength`.
-Style/IfUnlessModifier:
-  Enabled: false
-
-# Too subtle to lint. Use semantic style, but prefer `}.x` over `end.x`.
-Style/BlockDelimiters:
-  Enabled: false
-
-# Use the nested style because it is safer. It is easier to make mistakes with
-# the compact style.
-Style/ClassAndModuleChildren:
-  EnforcedStyle: nested
-
-# Both `module_function` and `extend_self` are legitimate. Most importantly,
-# they are different (http://bit.ly/2hSQAGm)
-Style/ModuleFunction:
-  Enabled: false
-
-# The decision of when to use slashes `/foo/` or percent-r `%r{foo}` is too
-# subtle to lint. Use whichever requires fewer backslash escapes.
-Style/RegexpLiteral:
-  AllowInnerSlashes: true
-
-# We use words, like `$LOAD_PATH`, because they are much less confusing that
-# arcane symbols like `$:`. Unfortunately, we must then `require "English"` in
-# a few places, but it's worth it so that we can read our code.
-Style/SpecialGlobalVars:
-  EnforcedStyle: use_english_names
-
-Style/StringLiterals:
-  EnforcedStyle: double_quotes

data/.rubocop_todo.yml

@@ -1,74 +0,0 @@
-# This configuration was generated by
-# `rubocop --auto-gen-config`
-# on 2018-05-22 23:50:03 -0400 using RuboCop version 0.56.0.
-# The point is for the user to remove these configuration records
-# one by one as the offenses are removed from the code base.
-# Note that changes in the inspected code, or installation of new
-# versions of RuboCop, may require this file to be generated again.
-
-# Offense count: 10
-Metrics/AbcSize:
-  Max: 18.5
-
-# Offense count: 59
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: prefer_alias, prefer_alias_method
-Style/Alias:
-  Enabled: false
-
-# Offense count: 5
-Style/ClassVars:
-  Exclude:
-    - 'lib/authlogic/i18n.rb'
-
-# Offense count: 22
-Style/Documentation:
-  Exclude:
-    # Permanent
-    - 'test/**/*'
-
-    # TODO
-    - 'lib/authlogic/config.rb'
-    - 'lib/authlogic/controller_adapters/sinatra_adapter.rb'
-    - 'lib/authlogic/crypto_providers.rb'
-    - 'lib/authlogic/i18n/translator.rb'
-    - 'lib/authlogic/session/activation.rb'
-    - 'lib/authlogic/session/active_record_trickery.rb'
-    - 'lib/authlogic/session/existence.rb'
-    - 'lib/authlogic/session/foundation.rb'
-    - 'lib/authlogic/session/klass.rb'
-    - 'lib/authlogic/session/persistence.rb'
-    - 'lib/authlogic/session/scopes.rb'
-    - 'lib/authlogic/test_case.rb'
-    - 'lib/authlogic/test_case/mock_cookie_jar.rb'
-    - 'lib/authlogic/version.rb'
-
-Style/FrozenStringLiteralComment:
-  Exclude:
-    # Freezing strings in lib would be a breaking change. We'll have to wait
-    # for the next major version.
-    - lib/**/*
-
-# Offense count: 4
-Style/MethodMissingSuper:
-  Exclude:
-    - 'lib/authlogic/controller_adapters/abstract_adapter.rb'
-    - 'lib/authlogic/controller_adapters/sinatra_adapter.rb'
-    - 'lib/authlogic/test_case/mock_request.rb'
-
-# Offense count: 3
-Style/MissingRespondToMissing:
-  Exclude:
-    - 'lib/authlogic/controller_adapters/sinatra_adapter.rb'
-    - 'lib/authlogic/test_case/mock_request.rb'
-
-Style/NumericPredicate:
-  Enabled: false
-
-# Offense count: 10
-# Cop supports --auto-correct.
-# Configuration parameters: .
-# SupportedStyles: compact, exploded
-Style/RaiseArgs:
-  EnforcedStyle: compact

data/.travis.yml

@@ -1,24 +0,0 @@
-language: ruby
-cache: bundler
-
-before_install:
-  - gem update --system
-  - gem update bundler
-
-# We only test the oldest and the newest ruby versions that we support. We
-# do not test intermediate versions.
-rvm:
-  - 2.3.7
-  - 2.5.1
-
-# We only test living versions of rails, per the [rails maintenance
-# policy](http://guides.rubyonrails.org/maintenance_policy.html)
-gemfile:
-  - gemfiles/Gemfile.rails-4.2.x
-  - gemfiles/Gemfile.rails-5.1.x
-  - gemfiles/Gemfile.rails-5.2.x
-
-matrix:
-  fast_finish: true
-
-sudo: false

data/CHANGELOG.md

@@ -1,348 +0,0 @@
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
-
-## 5.0.0
-
-See https://github.com/binarylogic/authlogic/blob/5-0-stable/CHANGELOG.md
-
-## Unreleased
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * None
-
-## 4.5.0 (2020-03-23)
-
-* Breaking Changes
-  * None
-* Added
-  * [#701](https://github.com/binarylogic/authlogic/pull/701) - Ability to
-    specify None as a valid value to SameSite cookie attribute
-* Fixed
-  * None
-
-## 4.4.3 (2019-03-23)
-
-* Breaking Changes
-  * None
-* Added
-  * [#660](https://github.com/binarylogic/authlogic/pull/660) -
-    Authlogic::Session::Cookies.encrypt_cookie option
-* Fixed
-  * Restrict sqlite3 version so tests can run normally
-
-## 4.4.2 (2018-09-23)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * Improved instructions in deprecation warning for validations
-
-## 4.4.1 (2018-09-21)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * The methods for disabling Authlogic's "special" validations,
-    eg. `validate_email_field = false` are actually deprecated, but should
-    not produce a deprecation warning.
-  * Only produce deprecation warning when configuring a validation, not when
-    performing actual validation.
-
-## 4.4.0 (2018-09-21)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * None
-* Deprecation
-  * [#627](https://github.com/binarylogic/authlogic/pull/627) -
-    Deprecate `authenticates_many` without replacement
-  * [#623](https://github.com/binarylogic/authlogic/pull/623) -
-    Deprecate unnecessary validation features, use normal rails validation
-    instead
-
-## 4.3.0 (2018-08-12)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * None
-* Dependencies
-  * Drop support for ruby 2.2, which reached EoL on 2018-06-20
-
-## 4.2.0 (2018-07-18)
-
-* Breaking Changes
-  * None
-* Added
-  * [#611](https://github.com/binarylogic/authlogic/pull/611) - Deprecate
-    AES256, guide users to choose a better crypto provider
-* Fixed
-  * None
-
-## 4.1.1 (2018-05-23)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * [#606](https://github.com/binarylogic/authlogic/pull/606) - Interpreter
-    warnings about undefined instance variables
-
-## 4.1.0 (2018-04-24)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * None
-* Deprecated
-  * crypto_providers/wordpress.rb, without replacement
-  * restful_authentication, without replacement
-
-## 4.0.1 (2018-03-20)
-
-* Breaking Changes
-  * None
-* Added
-  * None
-* Fixed
-  * [#590](https://github.com/binarylogic/authlogic/pull/590) -
-    Fix "cannot modify frozen gem" re: ActiveRecord.gem_version
-
-## 4.0.0 (2018-03-18)
-
-* Breaking Changes, Major
-  * Drop support for ruby < 2.2
-  * Drop support for rails < 4.2
-  * HTTP Basic Auth is now disabled by default (use allow_http_basic_auth to enable)
-  * 'httponly' and 'secure' cookie options are enabled by default now
-  * maintain_sessions config has been removed. It has been split into 2 new options:
-    log_in_after_create & log_in_after_password_change (@lucasminissale)
-  * [#558](https://github.com/binarylogic/authlogic/pull/558) Passing an
-    ActionController::Parameters into authlogic will now raise an error
-
-* Breaking Changes, Minor
-  * Methods in Authlogic::Random are now module methods, and are no longer
-    instance methods. Previously, there were both. Do not use Authlogic::Random
-    as a mixin.
-  * Our mutable constants (e.g. arrays, hashes) are now frozen.
-
-* Added
-  * `Authlogic.gem_version`
-  * [#586](https://github.com/binarylogic/authlogic/pull/586) Support for SameSite cookies
-  * [#581](https://github.com/binarylogic/authlogic/pull/581) Support for rails 5.2
-  * Support for ruby 2.4, specifically openssl gem 2.0
-  * [#98](https://github.com/binarylogic/authlogic/issues/98)
-    I18n for invalid session error message. (@eugenebolshakov)
-
-* Fixed
-  * Random.friendly_token (used for e.g. perishable token) now returns strings
-    of consistent length, and conforms better to RFC-4648
-  * ensure that login field validation uses correct locale (@sskirby)
-  * add a respond_to_missing? in AbstractAdapter that also checks controller respond_to?
-  * [#561](https://github.com/binarylogic/authlogic/issues/561) authenticates_many now works with scope_cookies:true
-  * Allow tld up to 24 characters per https://data.iana.org/TLD/tlds-alpha-by-domain.txt
-
-## 3.8.0 2018-02-07
-
-* Breaking Changes
-  * None
-
-* Added
-  * [#582](https://github.com/binarylogic/authlogic/pull/582) Support rails 5.2
-  * [#583](https://github.com/binarylogic/authlogic/pull/583) Support openssl gem 2.0
-
-* Fixed
-  * None
-
-## 3.7.0 2018-02-07
-
-* Breaking Changes
-  * None
-
-* Added
-  * [#580](https://github.com/binarylogic/authlogic/pull/580) Deprecated
-    `ActionController::Parameters`, will be removed in 4.0.0
-
-* Fixed
-  * None
-
-## 3.6.1 2017-09-30
-
-* Breaking Changes
-  * None
-
-* Added
-  * None
-
-* Fixed
-  * Allow TLD up to 24 characters per
-    https://data.iana.org/TLD/tlds-alpha-by-domain.txt
-  * [#561](https://github.com/binarylogic/authlogic/issues/561)
-    authenticates_many now works with scope_cookies:true
-
-## 3.6.0 2017-04-28
-
-* Breaking Changes
-  * None
-
-* Added
-  * Support rails 5.1
-
-* Fixed
-  * ensure that login field validation uses correct locale (@sskirby)
-
-## 3.5.0 2016-08-29
-
-* new
-  * Rails 5.0 support! Thanks to all reporters and contributors.
-
-* changes
-  * increased default minimum password length to 8 (@iainbeeston)
-  * bind parameters in where statement for rails 5 support
-  * change callback for rails 5 support
-  * converts the ActionController::Parameters to a Hash for rails 5 support
-  * check last_request_at_threshold even if last_request_at_update_allowed returns true (@rofreg)
-
-## 3.4.6 2015
-
-* changes
-  * add Regex.email_nonascii for validation of emails w/unicode (@rchekaluk)
-  * allow scrypt 2.x (@jaredbeck)
-
-## 3.4.5 2015-03-01
-
-* changes
-  * security-hardening fix and cleanup in persistence_token lookup
-  * security-hardening fix in perishable_token lookup (thx @tomekr)
-
-## 3.4.4 2014-12-23
-
-* changes
-  * extract rw_config into an Authlogic::Config module
-  * improved the way config changes are made in tests
-  * fix for Rails 4.2 by extending ActiveModel
-
-## 3.4.3 2014-10-08
-
-* changes
-  * backfill CHANGELOG
-  * better compatibility with jruby (thx @petergoldstein)
-  * added scrypt as a dependency
-  * cleanup some code (thx @roryokane)
-  * reference 'bcrypt' gem instead of 'bcrypt-ruby' (thx @roryokane)
-  * fixed typo (thx @chamini2)
-  * fixed magic column validations for Rails 4.2 (thx @tom-kuca)
-
-## 3.4.2 2014-04-28
-
-* changes
-  * fixed the missing scrypt/bcrypt gem errors introduced in 3.4.1
-  * implemented autoloading for providers
-  * added longer subdomain support in email regex
-
-## 3.4.1 2014-04-04
-
-* changes
-  * undid an accidental revert of some code
-
-## 3.4.0 2014-03-03
-
-* Breaking Changes
-  * made scrypt the default crypto provider from SHA512
-    (https://github.com/binarylogic/authlogic#upgrading-to-authlogic-340)
-    See UPGRADING.md.
-
-* Added
-  * officially support rails 4 (still supporting rails 3)
-  * added cookie signing
-  * added request store for better concurency for threaded environments
-  * added a rack adapter for Rack middleware support
-
-* Fixed
-  * ditched appraisal
-  * improved find_with_case default performance
-  * added travis ci support
-
-## 3.3.0 2014-04-04
-
-* changes
-  * added safeguard against a sqli that was also fixed in rails 3.2.10/3.1.9/3.0.18
-  * imposed the bcrypt gem's mincost
-  * removed shoulda macros
-
-## 3.2.0 2012-12-07
-
-* new
-  * scrypt support
-
-* changes
-  * moved back to LOWER for find_with_case ci lookups
-
-## 3.1.3 2012-06-13
-
-* changes
-  * removed jeweler
-
-## 3.1.2 2012-06-01
-
-* changes
-  * mostly test fixes
-
-## 3.1.1 2012-06-01
-
-* changes
-  * mostly doc fixes
-
-## 3.1.0 2011-10-19
-
-* changes
-  * mostly small bug fixes
-
-## 3.0.3 2011-05-17
-
-* changes
-  * rails 3.1 support
-
-* new
-  * http auth support
-
-## 3.0.2 2011-04-30
-
-* changes
-  * doc fixes
-
-## 3.0.1 2011-04-30
-
-* changes
-  * switch from LOWER to LIKE for find_with_case ci lookups
-
-## 3.0.0 2011-04-30
-
-* new
-  * ssl cookie support
-  * httponly cookie support
-  * added a session generator
-
-* changes
-  * rails 3 support
-  * ruby 1.9.2 support

data/CONTRIBUTING.md

@@ -1,91 +0,0 @@
-# Contributing to Authlogic
-
-## Issues
-
-### Security Issues
-
-**Do not disclose security issues in public.** Instead, please email:
-
-```
-Ben Johnson <bjohnson@binarylogic.com>,
-Tieg Zaharia <tieg.zaharia@gmail.com>
-Jared Beck <jared@jaredbeck.com>
-```
-
-We will review security issues promptly.
-
-### Non-Security Issues
-
-Please use github issues only for bug reports and feature suggestions.
-
-### Usage Questions
-
-Please ask usage questions on
-[stackoverflow](http://stackoverflow.com/questions/tagged/authlogic).
-
-## Development
-
-Most local development should be done using the oldest supported version of
-ruby. See `required_ruby_version` in the gemspec.
-
-### Testing
-
-Tests can be run against different versions of Rails like so:
-
-```
-BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.2.x bundle install
-BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.2.x bundle exec rake
-```
-
-To run a single test:
-
-```
-BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.2.x \
-  bundle exec ruby -I test path/to/test.rb
-```
-
-Bundler can be omitted, and the latest installed version of a gem dependency
-will be used. This is only suitable for certain unit tests.
-
-```
-ruby –I test path/to/test.rb
-```
-
-### Linting
-
-Running `rake` also runs a linter, rubocop. Contributions must pass both
-the linter and the tests. The linter can be run on its own.
-
-```
-BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.2.x bundle exec rubocop
-```
-
-To run the tests without linting, use `rake test`.
-
-```
-BUNDLE_GEMFILE=gemfiles/Gemfile.rails-4.2.x bundle exec rake test
-```
-
-### Version Control Branches
-
-We've been trying to follow the rails way, stable branches, but have been
-inconsistent. We should have one branche for each minor version, named like
-`4-3-stable`. Releases should be done on those branches, not in master. So,
-the "stable" branches should be the only branches with release tags.
-
-### A normal release (no backport)
-
-1. git checkout 4-3-stable # the latest "stable" branch (see above)
-1. Update version number in lib/authlogic/version.rb
-1. In the changelog,
-  - Add release date to entry
-  - Add a new "Unreleased" section at top
-1. In the readme,
-  - Update version number in the docs table at the top
-  - For non-patch versions, update the compatibility table
-1. Commit with message like "Release 4.3.0"
-1. git tag -a -m "v4.3.0" "v4.3.0"
-1. git push --tags origin 4-3-stable # or whatever branch (see above)
-1. CI should pass
-1. gem build authlogic.gemspec
-1. gem push authlogic-4.3.0

data/Gemfile

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-source "https://rubygems.org"
-gemspec
-
-gem "sqlite3", "~> 1.3.6", platforms: :ruby

data/LICENSE

@@ -1,20 +0,0 @@
-Copyright (c) 2011 Ben Johnson of Binary Logic
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.