RubyGems - authlogic - Versions diffs - 1.2.0 → 1.2.1 - Mend

authlogic 1.2.0 → 1.2.1

Potentially problematic release.

This version of authlogic might be problematic. Click here for more details.

Files changed (34) hide show

data/CHANGELOG.rdoc CHANGED

@@ -1,3 +1,10 @@
+== 1.2.1 released 2008-11-19
+* Added build method to authenticates_many association to act like AR association collections.
+* Added validation boolean configuration options for acts_as_authentic: validate_field, validate_login_field, validate_password_field, validate_email_field. This turns on and off validations for their respective fields.
+* Renamed all password_reset_token terms to perishable_token, including configuration, etc. I still allow for the old configurations so this will not break compatibility, but perishable token is a better name and can be used for account confirmation as well as a password reset token, or anything else you want.
+* Renamed all remember_token instances to persistence_token, the term "remember token" doesn't really make sense. I still allow for the old configuration, so this will not break backwards compatibility: persistence_token fits better and makes more sense.
 == 1.2.0 released 2008-11-16
 * Added check for database set up in acts_as_authentic to prevent errors during migrations.

data/Manifest CHANGED

@@ -8,7 +8,7 @@ lib/authlogic/crypto_providers/sha512.rb
 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb
 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb
 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb
-lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/password_reset.rb
+lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb
 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb
 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb
 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb
@@ -22,7 +22,7 @@ lib/authlogic/session/config.rb
 lib/authlogic/session/cookies.rb
 lib/authlogic/session/errors.rb
 lib/authlogic/session/params.rb
-lib/authlogic/session/password_reset.rb
+lib/authlogic/session/perishability.rb
 lib/authlogic/session/scopes.rb
 lib/authlogic/session/session.rb
 lib/authlogic/version.rb
@@ -44,7 +44,7 @@ test/libs/ordered_hash.rb
 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb
 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb
 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb
-test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/password_reset_test.rb
+test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/perishability_test.rb
 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb
 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb
 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb
@@ -55,7 +55,7 @@ test/session_tests/base_test.rb
 test/session_tests/config_test.rb
 test/session_tests/cookies_test.rb
 test/session_tests/params_test.rb
-test/session_tests/password_reset_test.rb
+test/session_tests/perishability_test.rb
 test/session_tests/scopes_test.rb
 test/session_tests/session_test.rb
 test/test_helper.rb

data/README.rdoc CHANGED

@@ -32,6 +32,7 @@ What if your user sessions controller could look just like your other controller
     def destroy
       current_user_session.destroy
+      redirect_to new_user_session_url
     end
   end
@@ -109,9 +110,9 @@ The user model needs to have the following columns. The names of these columns c
     t.string    :login,                 :null => false
     t.string    :crypted_password,      :null => false
     t.string    :password_salt,         :null => false # not needed if you are encrypting your pw instead of using a hash algorithm.
-    t.string    :remember_token,        :null => false
-    t.string    :single_access_token,   :null => false # optional, see the single access section below.
-    t.string    :password_reset_token,  :null => false # optional, see the password reset section below.
+    t.string    :persistence_token,     :null => false
+    t.string    :single_access_token,   :null => false # optional, see the tokens section below.
+    t.string    :perishable_token,      :null => false # optional, see the tokens section below.
     t.integer   :login_count                           # optional, this is a "magic" column, see the magic columns section below
 === Set up your model
@@ -191,39 +192,67 @@ This will keep everything separate. The :secure session will store its info in a
 For more information on ids checkout Authlogic::Session::Base#id
-== Resetting passwords
+== Tokens (persistence, resetting passwords, private feed access, etc.)
-You may have noticed in the helpful links section is a tutorial on resetting password with Authlogic. I'm not going to repeat myself here, but I will touch on the basics, if you want more information please see the tutorial.
+To start, let me define tokens as Authlogic sees it. A token is a form of credentials that grants some type of access to their account. Depending on the type of access, a different type of token may be needed. Put simply, it's a way for the user to say "I am this person, let me proceed". What types of different access you ask? Here are just a few:
-Just add the following field to your database:
+1. Regular account access
+2. Access to reset their password
+3. Access to a private feed
+4. Access to confirm their account
-t.string :password_reset_token, :null => false
+There could be many more depending on your application. What's great about Authlogic is that it doesn't care what you do or how you want to grant access to accounts. That's up to you and your application. Authlogic just cares about the type of tokens you need. Instead of giving you a token for each specific task, it gives you all of the necessary *types* of tokens, and you get to use them how you wish. It maintains the tokens and gives you all of the tools you need to use them. Just add the fields to your database and you are good to go.
-Authlogic will notice this field and take care of maintaining it for you. You should use the value of this field to verify your user before they reset their password. There is a finder method you can use to find users with this token, I highly recommend using this method, as it adds in extra security checks to verify the user. See Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::PasswordReset for more information.
+Here are the 3 tokens in more detail:
-== Single Access / Private Feeds Access
+=== Persistence token
-Need to provide a single / one time access to an account where the session does NOT get persisted? Take a private feed for example, if everyone followed standards, basic http auth should work just fine, but since we live in a world where following standards is not a standard (\*cough\* Microsoft \*cough\*), the feed url needs to have some sort of "credentials" to log the user in and get their user specific feed items. This is easy, Authlogic has a nifty little feature for doing just this. All that you need to do is add the following field in your table:
+This token is used to persist the user's session. This is the token that is stored in the session and the cookie, so that during each request the user stays logged in. What's unique about this token is that the first time it is used the value is stored in the session, thus persisting the session. This field is required and must be in your database.
+=== Single access token
+This token is used for single access only, it is not persisted. Meaning the user provides it, Authlogic grants them access, and that's it. If they want access again they need to provide the token again. Authlogic will *NEVER* store this value in the session or a cookie. Also, for added security, by default this token is *ONLY* allowed for RSS and ATOM requests. Lastly, this token does *NOT* change with the password. Meaning if the user changes their password, this token will remain the same. You can change all of this with configuration (see Authlogic::Session::config), so if you don't like how this works by default, just set some simple configuration in your session.
+This field is optional, if you want to use it just add the field to your database:
   t.string :single_access_token, :null => false
   # or call it feeds_token, feed_token, or whatever you want with configuration
-Authlogic will notice you have this and adjust accordingly. By default single_access_tokens can only be used to login for rss and atom request types.
+This is great for private feed access. So your URL to that user's private feed could look something like:
+  http://www.mydomain.com/account/feed.rss?single_access_token=4LiXF7FiGUppIPubBPey
+The single_access_token parameter name is configurable (see Authlogic::Session::Config), but if that parameter exists Authlogic will automatically use it to try and grant that user access. You don't have to do a thing: UserSession.find will take care of it just like it does for everything else.
+For more information see: Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::SingleAccess
+=== Perishable token
+This token is used for temporary account access, hence the term "perishable". This token is constantly changing, it changes...
+1. In a before_validation in your model, so basically every time the record is saved
+2. Any time a new session is successfully saved (aka logged in)
+This is perfect for <b>resetting passwords</b> or <b>confirming accounts</b>. You email them a url with this token in it, and then use this token to find the record and perform your action.
+This field is optional, if you want to use it just add the field to your database:
+  t.string :perishable_token, :null => false
+  # or call it password_reset_token, pw_reset_token, activation_token, or whatever you want with configuration
-To tailor how this works, you have the following configuration options:
+Finding the record with this token couldn't be easier, Authlogic provides a special finder method that you can use. I highly recommend using it as it adds extra security:
-Session configuration (Authlogic::Session::Config)
+  User.find_using_perishable_token(token)
+  User.find_using_perishable_token(token, 20.minutes)
-1. params_key
-2. single_access_allowed_request_types
-3. single_access_token_field
+That's all you need to do to locate the record. Here is what it does for extra security:
-Model configuration (Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Config)
+1. Ignores blank tokens all together. If a blank token is passed nil will be returned.
+2. It checks the age of the token, by default the threshold is 10 minutes, meaning if the token is older than 10 minutes, it is not valid and no record will be returned. You can change the default or just override it by passing the threshold as the second parameter. If you don't want a threshold at all, pass 0.
-1. single_access_token_field:
-2. change_single_access_token_with_password
+For a detailed tutorial on how to reset password using this token see the helpful links section above.
-Please use this with care and make sure you warn your users that the URL you provide them is to remain private. Even if Billy 13 year old gets this URL and tries to log in, the only way he can login is through a GET or POST parameter with an rss or atom request. Billy can't create a cookie with this token and Billy wont have access to anything else on the site, unless you change the above configuration.
+For more information see: Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Perishability
 == Scoping

data/Rakefile CHANGED

@@ -11,5 +11,4 @@ Echoe.new 'authlogic' do |p|
   p.summary = "A clean, simple, and unobtrusive ruby authentication solution."
   p.url = "http://github.com/binarylogic/authlogic"
   p.dependencies = %w(activesupport)
-  p.include_rakefile = true
 end

data/authlogic.gemspec CHANGED

@@ -1,28 +1,30 @@
+# -*- encoding: utf-8 -*-
 Gem::Specification.new do |s|
   s.name = %q{authlogic}
-  s.version = "1.2.0"
+  s.version = "1.2.1"
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Ben Johnson of Binary Logic"]
-  s.date = %q{2008-11-16}
+  s.date = %q{2008-11-19}
   s.description = %q{A clean, simple, and unobtrusive ruby authentication solution.}
   s.email = %q{bjohnson@binarylogic.com}
-  s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/password_reset.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/password_reset.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "README.rdoc"]
-  s.files = ["CHANGELOG.rdoc", "init.rb", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/password_reset.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/password_reset.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "Manifest", "MIT-LICENSE", "Rakefile", "README.rdoc", "shoulda_macros/authlogic.rb", "test/fixtures/companies.yml", "test/fixtures/employees.yml", "test/fixtures/projects.yml", "test/fixtures/users.yml", "test/libs/aes128_crypto_provider.rb", "test/libs/mock_controller.rb", "test/libs/mock_cookie_jar.rb", "test/libs/mock_request.rb", "test/libs/ordered_hash.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/password_reset_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/password_reset_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb", "authlogic.gemspec"]
+  s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/perishability.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "README.rdoc"]
+  s.files = ["CHANGELOG.rdoc", "init.rb", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/perishability.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "Manifest", "MIT-LICENSE", "Rakefile", "README.rdoc", "shoulda_macros/authlogic.rb", "test/fixtures/companies.yml", "test/fixtures/employees.yml", "test/fixtures/projects.yml", "test/fixtures/users.yml", "test/libs/aes128_crypto_provider.rb", "test/libs/mock_controller.rb", "test/libs/mock_cookie_jar.rb", "test/libs/mock_request.rb", "test/libs/ordered_hash.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/perishability_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/perishability_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb", "authlogic.gemspec"]
   s.has_rdoc = true
   s.homepage = %q{http://github.com/binarylogic/authlogic}
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Authlogic", "--main", "README.rdoc"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{authlogic}
-  s.rubygems_version = %q{1.2.0}
+  s.rubygems_version = %q{1.3.1}
   s.summary = %q{A clean, simple, and unobtrusive ruby authentication solution.}
-  s.test_files = ["test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/password_reset_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/password_reset_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb"]
+  s.test_files = ["test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/perishability_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/perishability_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/test_helper.rb"]
   if s.respond_to? :specification_version then
     current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 2
-    if current_version >= 3 then
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<activesupport>, [">= 0"])
       s.add_development_dependency(%q<echoe>, [">= 0"])
     else

data/lib/authlogic.rb CHANGED

@@ -13,7 +13,7 @@ if defined?(ActiveRecord)
   require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic"
   require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials"
   require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in"
-  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/password_reset"
+  require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability"
   require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence"
   require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance"
   require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access"
@@ -28,7 +28,7 @@ require File.dirname(__FILE__) + "/authlogic/session/config"
 require File.dirname(__FILE__) + "/authlogic/session/cookies"
 require File.dirname(__FILE__) + "/authlogic/session/errors"
 require File.dirname(__FILE__) + "/authlogic/session/params"
-require File.dirname(__FILE__) + "/authlogic/session/password_reset"
+require File.dirname(__FILE__) + "/authlogic/session/perishability"
 require File.dirname(__FILE__) + "/authlogic/session/session"
 require File.dirname(__FILE__) + "/authlogic/session/scopes"
 require File.dirname(__FILE__) + "/authlogic/session/base"
@@ -40,7 +40,7 @@ module Authlogic
       include Callbacks
       include Cookies
       include Params
-      include PasswordReset
+      include Perishability
       include Session
       include Scopes
     end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb CHANGED

@@ -21,13 +21,19 @@ module Authlogic
         #
         # * <tt>crypto_provider</tt> - default: Authlogic::CryptoProviders::Sha512,
         #   This is the class that provides your encryption. By default Authlogic provides its own crypto provider that uses Sha512 encrypton.
-        #
+        #
+        # * <tt>validate_fields</tt> - default: true,
+        #   Tells Authlogic if it should validate ANY of the fields: login_field, email_field, and password_field. If set to false, no validations will be set for any of these fields.
+        #
         # * <tt>login_field</tt> - default: :login, :username, or :email, depending on which column is present, if none are present defaults to :login
         #   The name of the field used for logging in. Only specify if you aren't using any of the defaults.
         #
         # * <tt>login_field_type</tt> - default: options[:login_field] == :email ? :email : :login,
         #   Tells authlogic how to validation the field, what regex to use, etc. If the field name is email it will automatically use :email,
         #   otherwise it uses :login.
+        #
+        # * <tt>validate_login_field</tt> - default: true,
+        #   Tells authlogic if it should validate the :login_field. If set to false, no validations will be set for this field at all.
         #
         # * <tt>login_field_regex</tt> - default: if :login_field_type is :email then typical email regex, otherwise typical login regex.
         #   This is used in validates_format_of for the :login_field.
@@ -38,6 +44,9 @@ module Authlogic
         # * <tt>email_field</tt> - default: :email, depending on if it is present, if :email is not present defaults to nil
         #   The name of the field used to store the email address. Only specify this if you arent using this as your :login_field.
         #
+        # * <tt>validate_email_field</tt> - default: true,
+        #   Tells Authlogic if it should validate the email field. If set to false, no validations will be set for this field at all.
+        #
         # * <tt>email_field_regex</tt> - default: type email regex
         #   This is used in validates_format_of for the :email_field.
         #
@@ -52,30 +61,34 @@ module Authlogic
         #
         # * <tt>password_field</tt> - default: :password,
         #   This is the name of the field to set the password, *NOT* the field the encrypted password is stored. Defaults the what the configuration
-        #
-        # * <tt>crypted_password_field</tt> - default: :crypted_password, :encrypted_password, :password_hash, :pw_hash, depends on which columns are present, if none are present defaults to nil
-        #   The name of the database field where your encrypted password is stored.
+        #
+        # * <tt>validate_password_field</tt> - default: :password,
+        #   Tells authlogic if it should validate the :password_field. If set to false, no validations will be set for this field at all.
         #
         # * <tt>password_blank_message</tt> - default: "can not be blank",
         #   The error message used when the password is left blank.
         #
         # * <tt>confirm_password_did_not_match_message</tt> - default: "did not match",
         #   The error message used when the confirm password does not match the password
-        #
+        #
+        # * <tt>crypted_password_field</tt> - default: :crypted_password, :encrypted_password, :password_hash, :pw_hash, depends on which columns are present, if none are present defaults to nil
+        #   The name of the database field where your encrypted password is stored.
+        #
         # * <tt>password_salt_field</tt> - default: :password_salt, :pw_salt, or :salt, depending on which column is present, defaults to :password_salt if none are present,
         #   This is the name of the field in your database that stores your password salt.
         #
-        # * <tt>password_reset_token_field</tt> - default: :password_reset_token, :pw_reset_token, :reset_password_token, or :reset_pw_token, depending on which column is present, if none are present defaults to nil
-        #   This is the name of the field in your database that stores your password reset token. The token you should use to verify your users before you allow a password reset. Authlogic takes care
-        #   of maintaining this for you and making sure it changes when needed.
+        # * <tt>perishable_token_field</tt> - default: :perishable_token, :password_reset_token, :pw_reset_token, :reset_password_token, or :reset_pw_token, depending on which column is present, if none are present defaults to nil
+        #   This is the name of the field in your database that stores your perishable token. The token you should use to confirm your users or allow a password reset. Authlogic takes care
+        #   of maintaining this for you and making sure it changes when needed. Use this token for whatever you want, but keep in mind it is temporary, hence the term "perishable".
         #
-        # * <tt>password_reset_token_valid_for</tt> - default: 10.minutes,
-        #   Authlogic gives you a sepcial method for finding records by the password reset token (see Authlogic::ORMAdapters::ActiveRecordAdapter::ActcsAsAuthentic::PasswordReset). In this method
-        #   it checks for the age of the token. If the token is old than whatever you specify here, a user will NOT be returned. This way the tokens are perishable, thus making this system much
+        # * <tt>perishable_token_valid_for</tt> - default: 10.minutes,
+        #   Authlogic gives you a sepcial method for finding records by the perishable token (see Authlogic::ORMAdapters::ActiveRecordAdapter::ActcsAsAuthentic::Perishability). In this method
+        #   it checks for the age of the token. If the token is older than whatever you specify here, a record will NOT be returned. This way the tokens are perishable, thus making this system much
         #   more secure.
         #
-        # * <tt>remember_token_field</tt> - default: :remember_token, :remember_key, :cookie_tokien, or :cookie_key, depending on which column is present, defaults to :remember_token if none are present,
-        #   This is the name of the field your remember_token is stored. The remember token is a unique token that is stored in the users cookie and
+        # * <tt>persistence_field</tt> - default: :persistence_token, :remember_token, or :cookie_tokien, depending on which column is present,
+        #   defaults to :persistence_token if none are present,
+        #   This is the name of the field your persistence token is stored. The persistence token is a unique token that is stored in the users cookie and
         #   session. This way you have complete control of when sessions expire and you don't have to change passwords to expire sessions. This also
         #   ensures that stale sessions can not be persisted. By stale, I mean sessions that are logged in using an outdated password.
         #
@@ -107,10 +120,13 @@ module Authlogic
             options[:session_class] ||= "#{name}Session"
             options[:crypto_provider] ||= CryptoProviders::Sha512
+            options[:validate_fields] = true unless options.key?(:validate_fields)
             options[:login_field] ||= first_column_to_exist(:login, :username, :email)
             options[:login_field_type] ||= options[:login_field] == :email ? :email : :login
+            options[:validate_login_field] = true unless options.key?(:validate_login_field)
             options[:email_field] = first_column_to_exist(nil, :email) unless options.key?(:email_field)
             options[:email_field] = nil if options[:email_field] == options[:login_field]
+            options[:validate_email_field] = true unless options.key?(:validate_email_field)
             email_name_regex  = '[\w\.%\+\-]+'
             domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
@@ -128,15 +144,17 @@ module Authlogic
             end
             options[:password_field] ||= :password
+            options[:validate_password_field] = true unless options.key?(:validate_password_field)
             options[:password_blank_message] ||= "can not be blank"
             options[:confirm_password_did_not_match_message] ||= "did not match"
             options[:crypted_password_field] ||= first_column_to_exist(:crypted_password, :encrypted_password, :password_hash, :pw_hash)
             options[:password_salt_field] ||= first_column_to_exist(:password_salt, :pw_salt, :salt)
-            options[:remember_token_field] ||= first_column_to_exist(:remember_token, :remember_key, :cookie_token, :cookiey_key)
+            options[:persistence_token_field] ||= options[:remember_token_field] || first_column_to_exist(:persistence_token, :remember_token, :cookie_token)
             options[:single_access_token_field] ||= first_column_to_exist(nil, :single_access_token, :feed_token, :feeds_token)
-            options[:password_reset_token_field] ||= first_column_to_exist(nil, :password_reset_token, :pw_reset_token, :reset_password_token, :reset_pw_token)
-            options[:password_reset_token_valid_for] ||= 10.minutes
-            options[:password_reset_token_valid_for] = options[:password_reset_token_valid_for].to_i
+            options[:perishable_token_field] ||= options[:password_reset_token_field] || first_column_to_exist(nil, :perishable_token, :password_reset_token, :pw_reset_token, :reset_password_token, :reset_pw_token, :activation_token)
+            options[:perishable_token_valid_for] ||= 10.minutes
+            options[:perishable_token_valid_for] = options[:perishable_token_valid_for].to_i
             options[:logged_in_timeout] ||= 10.minutes
             options[:logged_in_timeout] = options[:logged_in_timeout].to_i
             options[:session_ids] ||= [nil]

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb CHANGED

@@ -19,25 +19,29 @@ module Authlogic
         module Credentials
           def acts_as_authentic_with_credentials(options = {})
             acts_as_authentic_without_credentials(options)
-            # Validations
-            case options[:login_field_type]
-            when :email
-              validates_length_of options[:login_field], :within => 6..100
-              validates_format_of options[:login_field], :with => options[:login_field_regex], :message => options[:login_field_regex_failed_message]
-            else
-              validates_length_of options[:login_field], :within => 2..100, :allow_blank => true
-              validates_format_of options[:login_field], :with => options[:login_field_regex], :message => options[:login_field_regex_failed_message]
-            end
-            if options[:email_field]
-              validates_length_of options[:email_field], :within => 6..100
-              validates_format_of options[:email_field], :with => options[:email_field_regex], :message => options[:email_field_regex_failed_message]
-              validates_uniqueness_of options[:email_field], :scope => options[:scope]
-            end
+            if options[:validate_fields]
+              if options[:validate_login_field]
+                case options[:login_field_type]
+                when :email
+                  validates_length_of options[:login_field], :within => 6..100
+                  validates_format_of options[:login_field], :with => options[:login_field_regex], :message => options[:login_field_regex_failed_message]
+                else
+                  validates_length_of options[:login_field], :within => 2..100, :allow_blank => true
+                  validates_format_of options[:login_field], :with => options[:login_field_regex], :message => options[:login_field_regex_failed_message]
+                end
+                validates_uniqueness_of options[:login_field], :scope => options[:scope]
+              end
+              if options[:validate_email_field] && options[:email_field]
+                validates_length_of options[:email_field], :within => 6..100
+                validates_format_of options[:email_field], :with => options[:email_field_regex], :message => options[:email_field_regex_failed_message]
+                validates_uniqueness_of options[:email_field], :scope => options[:scope]
+              end
-            validates_uniqueness_of options[:login_field], :scope => options[:scope]
-            validate :validate_password
+              validate :validate_password if options[:validate_password_field]
+            end
             attr_writer "confirm_#{options[:password_field]}"
             attr_accessor "tried_to_set_#{options[:password_field]}"

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb ADDED

@@ -0,0 +1,75 @@
+module Authlogic
+  module ORMAdapters
+    module ActiveRecordAdapter
+      module ActsAsAuthentic
+        # = Perishable
+        #
+        # Handles all logic the deals with maintaining the perishable token. This token should be used to authenticate a user that is not logged in so that they
+        # can change their password, confirm their account, etc. Use it for whatever you want, but keep in mind this token is only temporary. Which
+        # is perfect for emailing, etc.
+        #
+        # === Class Methods
+        #
+        # * <tt>find_using_{options[:perishable_token_field]}(token, age = {options[:perishable_token_valid_for]})</tt> - returns the record that matches the pased token. The record's updated at column must not be older than
+        #   {age} ago. Lastly, if a blank token is passed no record will be returned.
+        #
+        # === Instance Methods
+        #
+        # * <tt>reset_#{options[:perishable_token_field]}</tt> - resets the perishable token field to a friendly unique token.
+        # * <tt>reset_#{options[:perishable_token_field]}!</tt> - same as above but saves the record afterwards.
+        module Perishability
+          def acts_as_authentic_with_perishability(options = {})
+            acts_as_authentic_without_perishability(options)
+            return if options[:perishable_token_field].blank?
+            class_eval <<-"end_eval", __FILE__, __LINE__
+              validates_uniqueness_of :#{options[:perishable_token_field]}
+              before_validation :reset_#{options[:perishable_token_field]}, :unless => :resetting_#{options[:perishable_token_field]}?
+              def self.find_using_#{options[:perishable_token_field]}(token, age = #{options[:perishable_token_valid_for]})
+                return if token.blank?
+                age = age.to_i
+                conditions_sql = "#{options[:perishable_token_field]} = ?"
+                conditions_subs = [token]
+                if column_names.include?("updated_at") && age > 0
+                  conditions_sql += " and updated_at > ?"
+                  conditions_subs << age.seconds.ago
+                end
+                find(:first, :conditions => [conditions_sql, *conditions_subs])
+              end
+              def reset_#{options[:perishable_token_field]}
+                self.#{options[:perishable_token_field]} = self.class.friendly_unique_token
+              end
+              def reset_#{options[:perishable_token_field]}!
+                reset_#{options[:perishable_token_field]}
+                @resetting_#{options[:perishable_token_field]} = true
+                result = save_without_session_maintenance
+                @resetting_#{options[:perishable_token_field]} = false
+                result
+              end
+              private
+                def resetting_#{options[:perishable_token_field]}?
+                  @resetting_#{options[:perishable_token_field]} == true
+                end
+            end_eval
+          end
+        end
+      end
+    end
+  end
+end
+ActiveRecord::Base.class_eval do
+  class << self
+    include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Perishability
+    alias_method_chain :acts_as_authentic, :perishability
+  end
+end