authlogic 1.4.0 → 1.4.1

data/CHANGELOG.rdoc

@@ -1,3 +1,17 @@
+== 1.4.1 released 2009-2-8
+
+* Fixed I18n key misspelling.
+* Added I18n keys for ORM error messages.
+* Use the password_field configuration value for the alias_methods defined in acts_as_authentic/credentials.rb
+* Change shoulda macros implementation to follow the shoulda documentation
+* Rails >2.3 uses :domain for the session option instead of :session_domain. Authlogic now uses the proper key in the rails adapter.
+* Added validate_password attribute to force password validation regardless if the password is blank. This is useful for forms explicitly changing passwords.
+* The class level find method will return a session object if the session is stale. The protection is that there will be no record associated with that session. This allows you to receive an object and call the stale? method on it to determine why the user must log back in.
+* Added validate callbacks in Session::Base so you can run callbacks by calling validate :my_method, just like in AR.
+* Checked for blank persistence tokens when trying to validate passwords, this is where transitioning occurs. People transitioning from older systems never had a persistence token, which means it would be nil here.
+* Update allowed domain name extensions for email
+* Ignore default length options for validations if alternate length options are provided, since AR raises an error if 2 different length specifications are provided.
+
 == 1.4.0 released 2009-1-28
 
 * Added support for cookie domain, based on your frameworks session domain configuration

data/README.rdoc

@@ -219,6 +219,7 @@ Just like ActiveRecord you can create your own hooks / callbacks so that you can
   after_update
   
   before_validation
+  validate
   after_validation
 
 See Authlogic::Session::Callbacks for more information
@@ -406,6 +407,11 @@ But what if you *don't* want to separate your cookies by subdomains? You can acc
 
   ActionController::Base.session_options[:session_domain] = '.mydomain.com'
 
+or for Rails 2.3.0 or higher:
+
+  ActionController::Base.session_options[:domain] = '.mydomain.com'
+
+
 Notice the above is configuration for your session, not your cookies. Authlogic notices this and assume this is how you want to treat your cookies as well. As a result, it applies this domain to the cookies it sets. Now your session and all cookies act the same and are scoped under the same domain under Authlogic.
 
 Now let's look at this from the other angle. What if you are *NOT* using subdomains, but still want to separate cookies for each account. Simple, set the :scope_cookies option for authenticate_many:

data/Rakefile

@@ -10,5 +10,4 @@ Echoe.new 'authlogic' do |p|
   p.summary = "A clean, simple, and unobtrusive ruby authentication solution."
   p.url = "http://github.com/binarylogic/authlogic"
   p.dependencies = %w(activesupport echoe)
-  p.install_message = "BREAKS BACKWARDS COMPATIBILITY! This is only for those using I18n. If you were using the Authlogic configuration to implement I18n you need to update your configuration. A new cleaner approach has been implemented for I18n in Authlogic. See Authlogic::I18n for more details."
 end

data/authlogic.gemspec

@@ -2,18 +2,17 @@
 
 Gem::Specification.new do |s|
   s.name = %q{authlogic}
-  s.version = "1.4.0"
+  s.version = "1.4.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Ben Johnson of Binary Logic"]
-  s.date = %q{2009-01-28}
+  s.date = %q{2009-02-08}
   s.description = %q{A clean, simple, and unobtrusive ruby authentication solution.}
   s.email = %q{bjohnson@binarylogic.com}
   s.extra_rdoc_files = ["CHANGELOG.rdoc", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/aes256.rb", "lib/authlogic/crypto_providers/bcrypt.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/i18n.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/perishability.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/session/timeout.rb", "lib/authlogic/testing/test_unit_helpers.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "README.rdoc"]
   s.files = ["CHANGELOG.rdoc", "generators/session/session_generator.rb", "generators/session/templates/session.rb", "init.rb", "lib/authlogic/controller_adapters/abstract_adapter.rb", "lib/authlogic/controller_adapters/merb_adapter.rb", "lib/authlogic/controller_adapters/rails_adapter.rb", "lib/authlogic/crypto_providers/aes256.rb", "lib/authlogic/crypto_providers/bcrypt.rb", "lib/authlogic/crypto_providers/sha1.rb", "lib/authlogic/crypto_providers/sha512.rb", "lib/authlogic/i18n.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb", "lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic.rb", "lib/authlogic/orm_adapters/active_record_adapter/authenticates_many.rb", "lib/authlogic/session/active_record_trickery.rb", "lib/authlogic/session/authenticates_many_association.rb", "lib/authlogic/session/base.rb", "lib/authlogic/session/callbacks.rb", "lib/authlogic/session/config.rb", "lib/authlogic/session/cookies.rb", "lib/authlogic/session/errors.rb", "lib/authlogic/session/params.rb", "lib/authlogic/session/perishability.rb", "lib/authlogic/session/scopes.rb", "lib/authlogic/session/session.rb", "lib/authlogic/session/timeout.rb", "lib/authlogic/testing/test_unit_helpers.rb", "lib/authlogic/version.rb", "lib/authlogic.rb", "Manifest", "MIT-LICENSE", "Rakefile", "README.rdoc", "shoulda_macros/authlogic.rb", "test/crypto_provider_tests/aes256_test.rb", "test/crypto_provider_tests/bcrypt_test.rb", "test/crypto_provider_tests/sha1_test.rb", "test/crypto_provider_tests/sha512_test.rb", "test/fixtures/companies.yml", "test/fixtures/employees.yml", "test/fixtures/projects.yml", "test/fixtures/users.yml", "test/libs/mock_controller.rb", "test/libs/mock_cookie_jar.rb", "test/libs/mock_request.rb", "test/libs/ordered_hash.rb", "test/libs/user.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/perishability_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb", "test/orm_adapters_tests/active_record_adapter_tests/authenticates_many_test.rb", "test/session_tests/active_record_trickery_test.rb", "test/session_tests/authenticates_many_association_test.rb", "test/session_tests/base_test.rb", "test/session_tests/config_test.rb", "test/session_tests/cookies_test.rb", "test/session_tests/params_test.rb", "test/session_tests/perishability_test.rb", "test/session_tests/scopes_test.rb", "test/session_tests/session_test.rb", "test/session_tests/timeout_test.rb", "test/test_helper.rb", "authlogic.gemspec"]
   s.has_rdoc = true
   s.homepage = %q{http://github.com/binarylogic/authlogic}
-  s.post_install_message = %q{BREAKS BACKWARDS COMPATIBILITY! This is only for those using I18n. If you were using the Authlogic configuration to implement I18n you need to update your configuration. A new cleaner approach has been implemented for I18n in Authlogic. See Authlogic::I18n for more details.}
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Authlogic", "--main", "README.rdoc"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{authlogic}

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -14,7 +14,8 @@ module Authlogic
       end
       
       def cookie_domain
-        controller.class.session_options[:session_domain]
+        @cookie_domain_key ||= (Rails::VERSION::MAJOR >= 2 && Rails::VERSION::MINOR >= 3) ? :domain : :session_domain
+        controller.class.session_options[@cookie_domain_key]
       end
       
       def request_content_type

data/lib/authlogic/i18n.rb

@@ -1,13 +1,15 @@
 module Authlogic
   # I18n
   #
-  # Allows any message, error message, etc to use internationalization. In earlier versions of Authlogic each message was translated via configuration.
+  # This class allows any message in Authlogic to use internationalization. In earlier versions of Authlogic each message was translated via configuration.
   # This cluttered up the configuration and cluttered up Authlogic. So all translation has been extracted out into this class. Now all messages pass through
   # this class, making it much easier to implement in I18n library / plugin you want. Use this as a layer that sits between Authlogic and whatever I18n
   # library you want to use.
   #
-  # By default this uses the rails I18n library, if it exists. If it doesnt exist it just returns the default english message. Using the Authlogic I18n class
-  # works EXACTLY like the rails I18n class. Here is how all messages are translated internally with Authlogic:
+  # By default this uses the rails I18n library, if it exists. If it doesnt exist it just returns the default english message. The Authlogic I18n class
+  # works EXACTLY like the rails I18n class. This is because the arguments are delegated to this class.
+  #
+  # Here is how all messages are translated internally with Authlogic:
   #
   #   Authlogic::I18n.t('error_messages.password_invalid', :default => "is invalid")
   #
@@ -24,14 +26,16 @@ module Authlogic
   #   
   #   Authlogic::I18n.extend MyAuthlogicI18nAdapter
   #
-  #   That it's! Here is a complete list of the keys that are passed. Just defined these however you wish:
+  # That it's! Here is a complete list of the keys that are passed. Just define these however you wish:
   #
   #   authlogic:
   #     error_messages:
   #       login_blank: can not be blank
   #       login_not_found: does not exist
+  #       login_invalid: should use only letters, numbers, spaces, and .-_@ please.
+  #       email_invalid: should look like an email address.
   #       password_blank: can not be blank
-  #       password_invlid: is not valid
+  #       password_invalid: is not valid
   #       not_active: Your account is not active
   #       not_confirmed: Your account is not confirmed
   #       not_approved: Your account is not approved

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb

@@ -23,35 +23,36 @@ module Authlogic
             if options[:validate_fields]
               email_name_regex  = '[\w\.%\+\-]+'
               domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
-              domain_tld_regex  = '(?:[A-Z]{2}|com|org|net|edu|gov|mil|biz|info|mobi|name|aero|jobs|museum)'
+              domain_tld_regex  = '(?:[A-Z]{2}|aero|ag|asia|at|be|biz|ca|cc|cn|com|de|edu|eu|fm|gov|gs|jobs|jp|in|info|me|mil|mobi|museum|ms|name|net|nu|nz|org|tc|tw|tv|uk|us|vg|ws)'
               email_field_regex ||= /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
               
               if options[:validate_login_field]
                 case options[:login_field_type]
                 when :email
-                  validates_length_of options[:login_field], {:within => 6..100}.merge(options[:login_field_validates_length_of_options])
-                  validates_format_of options[:login_field], {:with => email_field_regex, :message => "should look like an email address."}.merge(options[:login_field_validates_format_of_options])
+                  validates_length_of options[:login_field], sanitize_validation_length_options({:within => 6..100}, options[:login_field_validates_length_of_options])
+                  validates_format_of options[:login_field], {:with => email_field_regex, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}.merge(options[:login_field_validates_format_of_options])
                 else
-                  validates_length_of options[:login_field], {:within => 2..100}.merge(options[:login_field_validates_length_of_options])
-                  validates_format_of options[:login_field], {:with => /\A\w[\w\.\-_@ ]+\z/, :message => "should use only letters, numbers, spaces, and .-_@ please."}.merge(options[:login_field_validates_format_of_options])
+                  validates_length_of options[:login_field], sanitize_validation_length_options({:within => 2..100}, options[:login_field_validates_length_of_options])
+                  validates_format_of options[:login_field], {:with => /\A\w[\w\.\-_@ ]+\z/, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}.merge(options[:login_field_validates_format_of_options])
                 end
                 
                 validates_uniqueness_of options[:login_field], {:allow_blank => true}.merge(options[:login_field_validates_uniqueness_of_options].merge(:if => "#{options[:login_field]}_changed?".to_sym))
               end
               
               if options[:validate_password_field]
-                validates_length_of options[:password_field], {:minimum => 4}.merge(options[:password_field_validates_length_of_options].merge(:if => "validate_#{options[:password_field]}?".to_sym))
+                validates_length_of options[:password_field], sanitize_validation_length_options({:minimum => 4}, options[:password_field_validates_length_of_options].merge(:if => "validate_#{options[:password_field]}?".to_sym))
                 validates_confirmation_of options[:password_field], options[:password_field_validates_confirmation_of_options].merge(:if => "#{options[:password_salt_field]}_changed?".to_sym)
                 validates_presence_of "#{options[:password_field]}_confirmation", options[:password_confirmation_field_validates_presence_of_options].merge(:if => "#{options[:password_salt_field]}_changed?".to_sym)
               end
               
               if options[:validate_email_field] && options[:email_field]
-                validates_length_of options[:email_field], {:within => 6..100}.merge(options[:email_field_validates_length_of_options])
-                validates_format_of options[:email_field], {:with => email_field_regex, :message => "should look like an email address."}.merge(options[:email_field_validates_format_of_options])
+                validates_length_of options[:email_field], sanitize_validation_length_options({:within => 6..100}, options[:email_field_validates_length_of_options])
+                validates_format_of options[:email_field], {:with => email_field_regex, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}.merge(options[:email_field_validates_format_of_options])
                 validates_uniqueness_of options[:email_field], options[:email_field_validates_uniqueness_of_options].merge(:if => "#{options[:email_field]}_changed?".to_sym)
               end
             end
             
+            attr_accessor "validate_#{options[:password_field]}".to_sym
             attr_reader options[:password_field]
             
             class_eval <<-"end_eval", __FILE__, __LINE__
@@ -68,7 +69,6 @@ module Authlogic
                 self.#{options[:password_salt_field]} = self.class.unique_token
                 self.#{options[:crypted_password_field]} = #{options[:crypto_provider]}.encrypt(*encrypt_arguments(@#{options[:password_field]}, #{options[:act_like_restful_authentication].inspect} ? :restful_authentication : nil))
               end
-              alias_method :update_#{options[:password_field]}, :#{options[:password_field]}= # this is to avoids the method chain, so we are ONLY changing the password
               
               def valid_#{options[:password_field]}?(attempted_password)
                 return false if attempted_password.blank? || #{options[:crypted_password_field]}.blank? || #{options[:password_salt_field]}.blank?
@@ -84,7 +84,7 @@ module Authlogic
                     # then let's reset the password using the new algorithm. If the algorithm has a cost (BCrypt) and the cost has changed, update the password with
                     # the new cost.
                     if index > 0 || (encryptor.respond_to?(:cost_matches?) && !encryptor.cost_matches?(#{options[:crypted_password_field]}))
-                      update_#{options[:password_field]}(attempted_password)
+                      self.password = attempted_password
                       save(false)
                     end
                     
@@ -100,7 +100,7 @@ module Authlogic
                 self.#{options[:password_field]} = friendly_token
                 self.#{options[:password_field]}_confirmation = friendly_token
               end
-              alias_method :randomize_password, :reset_password
+              alias_method :randomize_#{options[:password_field]}, :reset_#{options[:password_field]}
               
               def confirm_#{options[:password_field]}
                 raise "confirm_#{options[:password_field]} has been removed, please use #{options[:password_field]}_confirmation. " +
@@ -111,7 +111,7 @@ module Authlogic
                 reset_#{options[:password_field]}
                 save_without_session_maintenance(false)
               end
-              alias_method :randomize_password!, :reset_password!
+              alias_method :randomize_#{options[:password_field]}!, :reset_#{options[:password_field]}!
               
               def validate_#{options[:password_field]}?
                 case #{options[:password_field_validates_length_of_options][:if].inspect}
@@ -121,7 +121,7 @@ module Authlogic
                   return false if !send(#{options[:password_field_validates_length_of_options][:if].inspect})
                 end
                 
-                new_record? || #{options[:password_salt_field]}_changed? || #{options[:crypted_password_field]}.blank?
+                new_record? || #{options[:password_salt_field]}_changed? || #{options[:crypted_password_field]}.blank? || ["true", "1", "yes"].include?(validate_#{options[:password_field]}.to_s)
               end
               
               private
@@ -135,6 +135,12 @@ module Authlogic
                 end
             end_eval
           end
+          
+          def sanitize_validation_length_options(defaults, options)
+            length_keys = [:minimum, :maximum, :in, :within, :is]
+            length_keys.each { |key| defaults.delete(key) } if options.keys.find { |key| length_keys.include?(key.to_sym) }
+            defaults.merge(options)
+          end
         end
       end
     end

data/lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb

@@ -66,6 +66,18 @@ module Authlogic
               def reset_#{options[:persistence_token_field]}?
                 #{options[:persistence_token_field]}.blank?
               end
+              
+              # When a user logs in we need to ensure they have a persistence token. Think about apps that are transitioning and
+              # never have a persistence token to begin with. When their users log in their persistence token needs to be set.
+              # The only other time persistence tokens are reset is in a before_validation on the user, and when a user is saved
+              # from the session we skip validation for performance reasons. We do save_without_session_maintenance(false), the false
+              # indicates to skip validation.
+              def valid_#{options[:password_field]}_with_persistence?(attempted_password)
+                result = valid_password_without_persistence?(attempted_password)
+                reset_#{options[:persistence_token_field]}! if result && #{options[:persistence_token_field]}.blank?
+                result
+              end
+              alias_method_chain :valid_#{options[:password_field]}?, :persistence
             end_eval
           end
         end

data/lib/authlogic/session/base.rb

@@ -64,8 +64,11 @@ module Authlogic
         def find(id = nil)
           args = [id].compact
           session = new(*args)
-          return session if session.find_record
-          nil
+          if session.find_record
+            session
+          else
+            nil
+          end
         end
         
         # The name of the class that this session is authenticating with. For example, the UserSession class will authenticate with the User class
@@ -452,7 +455,7 @@ module Authlogic
           return true if disable_magic_states?
           [:active, :approved, :confirmed].each do |required_status|
             if record.respond_to?("#{required_status}?") && !record.send("#{required_status}?")
-              errors.add_to_base(I18n.t("errors_messages.not_#{required_status}", :default => "Your account is not #{required_status}"))
+              errors.add_to_base(I18n.t("error_messages.not_#{required_status}", :default => "Your account is not #{required_status}"))
               return false
             end
           end

data/lib/authlogic/session/callbacks.rb

@@ -4,7 +4,7 @@ module Authlogic
     #
     # Just like in ActiveRecord you have before_save, before_validation, etc. You have similar callbacks with Authlogic, see all callbacks below.
     module Callbacks
-      CALLBACKS = %w(before_create after_create before_destroy after_destroy before_find after_find before_save after_save before_update after_update before_validation after_validation)
+      CALLBACKS = %w(before_create after_create before_destroy after_destroy before_find after_find before_save after_save before_update after_update before_validation validate after_validation)
 
       def self.included(base) #:nodoc:
         [:destroy, :find_record, :save, :validate].each do |method|
@@ -77,6 +77,7 @@ module Authlogic
       def validate_with_callbacks
         run_callbacks(:before_validation)
         validate_without_callbacks
+        run_callbacks(:validate)
         run_callbacks(:after_validation) if errors.empty?
       end
     end

data/lib/authlogic/session/config.rb

@@ -165,9 +165,14 @@ module Authlogic
         # determines when we consider a user to be "logged out". Meaning, if they login and then leave the website, when do mark them as logged out?
         # I recommend just using this as a fun feature on your website or reports, giving you a ballpark number of users logged in and active. This is
         # not meant to be a dead accurate representation of a users logged in state, since there is really no real way to do this with web based apps.
+        # Think about a user that logs in and doesn't log out. There is no action that tells you that the user isn't technically still logged in and
+        # active.
         #
-        # That being said, you can use that feature to require a login if their session timesout. Similar to how financial sites work. Just set this option to
-        # true and if your record returns true for logged_out? then they will be required to log back in.
+        # That being said, you can use that feature to require a new login if their session timesout. Similar to how financial sites work. Just set this option to
+        # true and if your record returns true for stale? then they will be required to log back in.
+        #
+        # Lastly, UserSession.find will still return a object is the session is stale, but you will not get a record. This allows you to determine if the
+        # user needs to log back in because their session went stale, or because they just aren't logged in. Just call current_user_session.stale? as your flag.
         #
         # * <tt>Default:</tt> false
         # * <tt>Accepts:</tt> Boolean

data/lib/authlogic/session/cookies.rb

@@ -13,7 +13,7 @@ module Authlogic
       def valid_cookie?
         if cookie_credentials
           self.unauthorized_record = search_for_record("find_by_#{persistence_token_field}", cookie_credentials)
-          valid? && !stale?
+          valid?
         else
           false
         end

data/lib/authlogic/session/session.rb

@@ -25,7 +25,7 @@ module Authlogic
               self.unauthorized_record = record
             end
           end
-          valid? && !stale?
+          valid?
         else
           false
         end

data/lib/authlogic/session/timeout.rb

@@ -8,14 +8,27 @@ module Authlogic
     # module kicks in. See the logout_on_timeout configuration option for how to turn this on.
     module Timeout
       def self.included(klass)
-        klass.after_find :update_last_request_at!
-        klass.after_save :update_last_request_at!
+        klass.class_eval do
+          alias_method_chain :find_record, :timeout
+          after_find :update_last_request_at!
+          after_save :update_last_request_at!
+        end
       end
       
+      # This implements the stale functionality when trying to find a session. If the session is stale the record will be cleared, but the session object will still be
+      # returned. This allows you to perform a current_user_session.stale? query in order to inform your users of why they need to log back in.
+      def find_record_with_timeout
+        result = find_record_without_timeout
+        self.record = nil if result && stale?
+        result
+      end
+    
+      # Tells you if the record is stale or not. Meaning the record has timed out. This will only return true if you set logout_on_timeout to true in your configuration.
+      # Basically how a bank website works. If you aren't active over a certain period of time your session becomes stale and requires you to log back in.
       def stale?
         logout_on_timeout? && record && record.logged_out?
       end
-      
+    
       private
         def update_last_request_at!
           if record.class.column_names.include?("last_request_at") && (record.last_request_at.blank? || last_request_at_threshold.to_i.seconds.ago >= record.last_request_at)

data/lib/authlogic/testing/test_unit_helpers.rb

@@ -23,7 +23,7 @@ module Authlogic
         # Sets the cookie for a record. This way when you execute a request in your test, cookie values will be present.
         def set_cookie_for(record)
           session_class = session_class(record)
-          @request.cookies[session_class.cookie_key] = record.record.send(record.class.acts_as_authentic_config[:persistence_token_field])
+          @request.cookies[session_class.cookie_key] = record.send(record.class.acts_as_authentic_config[:persistence_token_field])
         end
         
         # Sets the HTTP_AUTHORIZATION header for basic HTTP auth. This way when you execute a request in your test that is trying to authenticate

data/lib/authlogic/version.rb

@@ -44,7 +44,7 @@ module Authlogic # :nodoc:
 
     MAJOR = 1
     MINOR = 4
-    TINY  = 0
+    TINY  = 1
 
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/shoulda_macros/authlogic.rb

@@ -1,14 +1,12 @@
-require "test/unit"
-
 module Authlogic
   module ShouldaMacros
-    def should_be_authentic
-      klass = model_class
-      should "acts as authentic" do
-        assert klass.respond_to?(:acts_as_authentic_config)
+    class Test::Unit::TestCase
+      def self.should_be_authentic
+        klass = model_class
+        should "acts as authentic" do
+          assert klass.respond_to?(:acts_as_authentic_config)
+        end
       end
     end
   end
-end
-
-Test::Unit::TestCase.extend Authlogic::ShouldaMacros
+end

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb

@@ -136,9 +136,16 @@ module ORMAdaptersTests
             User.acts_as_authentic(:crypto_provider => crypto_provider, :transition_from_crypto_provider => from_crypto_providers)
             records.each do |record|
               old_hash = record.crypted_password
+              old_persistence_token = record.persistence_token
               assert record.valid_password?(password_for(record))
-              assert_not_equal old_hash, record.crypted_password
+              assert_not_equal old_hash.to_s, record.crypted_password.to_s
+              assert_not_equal old_persistence_token.to_s, record.persistence_token.to_s # we need to make sure the persistence token gets reset, what if it is nil and has never been used before?
+              
+              old_hash = record.crypted_password
+              old_persistence_token = record.persistence_token
               assert record.valid_password?(password_for(record))
+              assert_equal old_hash.to_s, record.crypted_password.to_s
+              assert_equal old_persistence_token.to_s, record.persistence_token.to_s
             end
           end
       end

data/test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb

@@ -57,6 +57,13 @@ module ORMAdaptersTests
           assert user.valid?
         end
         
+        # Make sure the default :within option is ignored, since AR will raise an error if :within and :minimum are passed.
+        def test_multiple_length_options
+          User.acts_as_authentic(:login_field_validates_length_of_options => {:minimum => 6})
+          user = User.new
+          assert_nothing_raised { user.valid? }
+        end
+        
         def test_employee_validations
           employee = Employee.new
           employee.password = "pass"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: authlogic
 version: !ruby/object:Gem::Version 
-  version: 1.4.0
+  version: 1.4.1
 platform: ruby
 authors: 
 - Ben Johnson of Binary Logic
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-01-28 00:00:00 -05:00
+date: 2009-02-08 00:00:00 -05:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -160,7 +160,7 @@ files:
 - authlogic.gemspec
 has_rdoc: true
 homepage: http://github.com/binarylogic/authlogic
-post_install_message: BREAKS BACKWARDS COMPATIBILITY! This is only for those using I18n. If you were using the Authlogic configuration to implement I18n you need to update your configuration. A new cleaner approach has been implemented for I18n in Authlogic. See Authlogic::I18n for more details.
+post_install_message: 
 rdoc_options: 
 - --line-numbers
 - --inline-source