authlogic 1.3.3 → 1.3.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of authlogic might be problematic. Click here for more details.

Files changed (12) hide show
  1. data/CHANGELOG.rdoc +5 -0
  2. data/README.rdoc +8 -2
  3. data/authlogic.gemspec +2 -2
  4. data/lib/authlogic/crypto_providers/sha1.rb +2 -1
  5. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb +1 -1
  6. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb +5 -5
  7. data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb +5 -7
  8. data/lib/authlogic/session/active_record_trickery.rb +2 -2
  9. data/lib/authlogic/version.rb +1 -1
  10. data/test/crypto_provider_tests/sha1_test.rb +9 -0
  11. data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb +8 -0
  12. metadata +2 -2
data/CHANGELOG.rdoc CHANGED
@@ -1,3 +1,8 @@
1
+ == 1.3.4 released 2008-11-24
2
+
3
+ * Delegate human_attribute_name to the ActiveRecord class to take advantage of the I18n feature.
4
+ * Fixed issue with passwords from older versions of restful_authentication, the passwords end with --
5
+
1
6
  == 1.3.3 released 2008-11-23
2
7
 
3
8
  * Updated :act_like_restful_authentication for those using the older version where no site wide key is preset (REST_AUTH_SITE_KEY), Authlogic will adjust automatically based on the presence of this constant.
data/README.rdoc CHANGED
@@ -199,13 +199,19 @@ For more information on ids checkout Authlogic::Session::Base#id
199
199
 
200
200
  == Encryption methods
201
201
 
202
- Authlogic is designed so you can use *any* encryption method you want. It delegates this task to a class of your choice. By default Authlogic uses salted Sha512 with 20 stretches. It also comes preloaded with some other common encryption algorithms so that you can choose. For example, if you wanted to use the BCrypt algorithm just do the following:
202
+ Authlogic is designed so you can use *any* encryption method you want. It delegates this task to a class of your choice. Here are you choices:
203
+
204
+ 1. Authlogic::CryptoProviders::Sha1 (used mainly for migrating from restful_authentication)
205
+ 2. Authlogic::CryptoProviders::Sha512
206
+ 3. Authlogic::CryptoProviders::BCrypt
207
+
208
+ By default Authlogic uses salted Sha512 with 20 stretches, but you can easily change this. For example, if you wanted to use the BCrypt algorithm just do the following:
203
209
 
204
210
  acts_as_authentic :crypto_provider => Authlogic::CryptoProviders::BCrypt
205
211
 
206
212
  For more information on BCrypt checkout my blog post on it: http://www.binarylogic.com/2008/11/22/storing-nuclear-launch-codes-in-your-app-enter-bcrypt-for-authlogic
207
213
 
208
- Also, check out the Authlogic::CryptoProviders module and sublcasses to get an idea of how to write your own crypto provider. It's extremely easy, all that you have to do is make a class with a class level encrypt and matches? method. That's it, the sky is the limit.
214
+ Also, check out the Authlogic::CryptoProviders module and subclasses to get an idea of how to write your own crypto provider. You don't have to use the provided classes, you can easily write your own. All that you have to do is make a class with a class level encrypt and matches? method. That's it, the sky is the limit.
209
215
 
210
216
  == Switching to a new encryption method
211
217
 
data/authlogic.gemspec CHANGED
@@ -2,11 +2,11 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{authlogic}
5
- s.version = "1.3.3"
5
+ s.version = "1.3.4"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Ben Johnson of Binary Logic"]
9
- s.date = %q{2008-11-23}
9
+ s.date = %q{2008-11-24}
10
10
  s.description = %q{A clean, simple, and unobtrusive ruby authentication solution.}
11
11
  s.email = %q{bjohnson@binarylogic.com}
12
12
  s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/bcrypt.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/perishability.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "README.rdoc"]
data/lib/authlogic/crypto_providers/sha1.rb CHANGED
@@ -23,7 +23,8 @@ module Authlogic
23
23
  def encrypt(*tokens)
24
24
  tokens = tokens.flatten
25
25
  digest = tokens.shift
26
- stretches.times { digest = Digest::SHA1.hexdigest([digest, *tokens].compact.join(join_token)) }
26
+ stretches.times { digest = Digest::SHA1.hexdigest([digest, *tokens].join(join_token)) }
27
+ digest
27
28
  end
28
29
 
29
30
  # Does the crypted password match the tokens? Uses the same tokens that were used to encrypt.
data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb CHANGED
@@ -207,7 +207,7 @@ module Authlogic
207
207
  options[crypto_provider_key].stretches = 1
208
208
  end
209
209
  end
210
-
210
+
211
211
  class_eval <<-"end_eval", __FILE__, __LINE__
212
212
  def self.acts_as_authentic_config
213
213
  #{options.inspect}
data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb CHANGED
@@ -53,7 +53,6 @@ module Authlogic
53
53
  end
54
54
 
55
55
  attr_reader options[:password_field]
56
- attr_accessor :crypto_provider
57
56
 
58
57
  class_eval <<-"end_eval", __FILE__, __LINE__
59
58
  def self.friendly_unique_token
@@ -77,10 +76,11 @@ module Authlogic
77
76
  [#{options[:crypto_provider]}, #{options[:transition_from_crypto_provider].inspect}].compact.each do |encryptor|
78
77
  # The arguments_type of for the transitioning from restful_authentication
79
78
  arguments_type = nil
80
- case encryptor
81
- when #{options[:crypto_provider]}
79
+
80
+ case encryptor.name
81
+ when "#{options[:crypto_provider]}"
82
82
  arguments_type = :restful_authentication if #{options[:act_like_restful_authentication].inspect}
83
- when #{options[:transition_from_crypto_provider].inspect}
83
+ when "#{options[:transition_from_crypto_provider].inspect}"
84
84
  arguments_type = :restful_authentication if #{options[:transition_from_restful_authentication].inspect}
85
85
  end
86
86
 
@@ -122,7 +122,7 @@ module Authlogic
122
122
  def encrypt_arguments(raw_password, arguments_type = nil)
123
123
  case arguments_type
124
124
  when :restful_authentication
125
- [REST_AUTH_SITE_KEY, raw_password, #{options[:password_salt_field]}, REST_AUTH_SITE_KEY]
125
+ [REST_AUTH_SITE_KEY, #{options[:password_salt_field]}, raw_password, REST_AUTH_SITE_KEY]
126
126
  else
127
127
  [raw_password, #{options[:password_salt_field]}]
128
128
  end
data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb CHANGED
@@ -18,16 +18,14 @@ module Authlogic
18
18
  module LoggedIn
19
19
  def acts_as_authentic_with_logged_in(options = {})
20
20
  acts_as_authentic_without_logged_in(options)
21
-
21
+
22
22
  validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
23
-
24
- if column_names.include?("last_request_at")
25
- named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", options[:logged_in_timeout].seconds.ago]} }
26
- named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", options[:logged_in_timeout].seconds.ago]} }
27
- end
28
-
23
+
29
24
  if column_names.include?("last_request_at")
30
25
  class_eval <<-"end_eval", __FILE__, __LINE__
26
+ named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", #{options[:logged_in_timeout]}.seconds.ago]} }
27
+ named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", #{options[:logged_in_timeout]}.seconds.ago]} }
28
+
31
29
  def logged_in?
32
30
  !last_request_at.nil? && last_request_at > #{options[:logged_in_timeout]}.seconds.ago
33
31
  end
data/lib/authlogic/session/active_record_trickery.rb CHANGED
@@ -11,8 +11,8 @@ module Authlogic
11
11
  end
12
12
 
13
13
  module ClassMethods # :nodoc:
14
- def human_attribute_name(attribute_key_name, options = {})
15
- attribute_key_name.humanize
14
+ def human_attribute_name(*args)
15
+ klass.human_attribute_name(*args)
16
16
  end
17
17
  end
18
18
 
data/lib/authlogic/version.rb CHANGED
@@ -44,7 +44,7 @@ module Authlogic # :nodoc:
44
44
 
45
45
  MAJOR = 1
46
46
  MINOR = 3
47
- TINY = 3
47
+ TINY = 4
48
48
 
49
49
  # The current version as a Version instance
50
50
  CURRENT = new(MAJOR, MINOR, TINY)
data/test/crypto_provider_tests/sha1_test.rb CHANGED
@@ -10,5 +10,14 @@ module CryptoProviderTests
10
10
  hash = Authlogic::CryptoProviders::Sha1.encrypt("mypass")
11
11
  assert Authlogic::CryptoProviders::Sha1.matches?(hash, "mypass")
12
12
  end
13
+
14
+ def test_old_restful_authentication_passwords
15
+ password = "test"
16
+ salt = "7e3041ebc2fc05a40c60028e2c4901a81035d3cd"
17
+ digest = "00742970dc9e6319f8019fd54864d3ea740f04b1"
18
+ Authlogic::CryptoProviders::Sha1.stretches = 1
19
+ assert Authlogic::CryptoProviders::Sha1.matches?(digest, nil, salt, password, nil)
20
+ Authlogic::CryptoProviders::Sha1.stretches = 10
21
+ end
13
22
  end
14
23
  end
data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb CHANGED
@@ -84,6 +84,14 @@ module ORMAdaptersTests
84
84
  User.acts_as_authentic(:act_like_restful_authentication => true)
85
85
  set_session_for(ben)
86
86
  assert UserSession.find
87
+
88
+ # Let's try a brute force approach
89
+ salt = "7e3041ebc2fc05a40c60028e2c4901a81035d3cd"
90
+ digest = "00742970dc9e6319f8019fd54864d3ea740f04b1"
91
+ assert ben.class.connection.execute("update users set crypted_password = '#{digest}', password_salt = '#{salt}' where id = '#{ben.id}';")
92
+ ben.reload
93
+ assert_equal 1, Authlogic::CryptoProviders::Sha1.stretches
94
+ assert ben.valid_password?("test")
87
95
  end
88
96
 
89
97
  def test_transition_from_restful_authentication
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authlogic
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.3
4
+ version: 1.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ben Johnson of Binary Logic
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-11-23 00:00:00 -05:00
12
+ date: 2008-11-24 00:00:00 -05:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency