RubyGems - authlogic - Versions diffs - 2.0.13 → 2.0.14 - Mend

authlogic 2.0.13 → 2.0.14

Potentially problematic release.

This version of authlogic might be problematic. Click here for more details.

Files changed (20) hide show

data/CHANGELOG.rdoc +7 -0
data/README.rdoc +1 -0
data/lib/authlogic/acts_as_authentic/base.rb +13 -6
data/lib/authlogic/acts_as_authentic/perishable_token.rb +1 -1
data/lib/authlogic/session/brute_force_protection.rb +1 -1
data/lib/authlogic/session/magic_columns.rb +1 -1
data/lib/authlogic/session/magic_states.rb +1 -1
data/lib/authlogic/session/password.rb +18 -3
data/lib/authlogic/session/validation.rb +9 -5
data/lib/authlogic/version.rb +1 -1
data/test/acts_as_authentic_test/email_test.rb +8 -8
data/test/acts_as_authentic_test/login_test.rb +8 -8
data/test/acts_as_authentic_test/magic_columns_test.rb +4 -4
data/test/acts_as_authentic_test/password_test.rb +7 -7
data/test/acts_as_authentic_test/perishable_token_test.rb +29 -1
data/test/acts_as_authentic_test/single_access_test.rb +1 -1
data/test/session_test/brute_force_protection_test.rb +8 -6
data/test/session_test/magic_states_test.rb +3 -3
data/test/test_helper.rb +10 -0
metadata +4 -4

data/CHANGELOG.rdoc CHANGED

@@ -1,3 +1,10 @@
+== 2.0.14 released 2009-6-13
+* Fixed issue with using brute force protection AND generalize_credentials_error_messages. Brute force protection was looking to see if there were password errors, which generalize_credentials_error_messages was obfuscating. This is all fixed now though thanks to a handy article on Microsoft (http://support.microsoft.com/kb/168702), method #2, it works every time.
+* Added db_setup? method to avoid errors during rake tasks where the db might not be set up. Ex: migrations
+* Stop using errors.on(key) since that is now deprecated in Rails. Use errors[key] instead.
+* Use valid_password? for the method name to validate a password instead of valid_#{password_field}?.
 == 2.0.13 released 2009-5-13
 * Add authlogic/regex.rb to manifest

data/README.rdoc CHANGED

@@ -66,6 +66,7 @@ If you find a bug or a problem please post it on lighthouse. If you need help wi
 * <b>Authlogic OpenID addon:</b> http://github.com/binarylogic/authlogic_openid
 * <b>Authlogic LDAP addon:</b> http://github.com/binarylogic/authlogic_ldap
+* <b>Authlogic Facebook Connect:</b> http://github.com/kalasjocke/authlogic_facebook_connect
 If you create one of your own, please let me know about it so I can add it to this list. Or just fork the project, add your link, and send me a pull request.

data/lib/authlogic/acts_as_authentic/base.rb CHANGED

@@ -25,11 +25,7 @@ module Authlogic
         # See the various sub modules for the configuration they provide.
         def acts_as_authentic(unsupported_options = nil, &block)
           # Stop all configuration if the DB is not set up
-          begin
-            column_names
-          rescue Exception
-            return
-          end
+          return if !db_setup?
           raise ArgumentError.new("You are using the old v1.X.X configuration method for Authlogic. Instead of " +
             "passing a hash of configuration options to acts_as_authentic, pass a block: acts_as_authentic { |c| c.my_option = my_value }") if !unsupported_options.nil?
@@ -68,6 +64,15 @@ module Authlogic
             inheritable_attributes.include?(key) ? read_inheritable_attribute(key) : []
           end
+          def db_setup?
+            begin
+              column_names
+              true
+            rescue Exception
+              false
+            end
+          end
           def rw_config(key, value, default_value = nil, read_value = nil)
             if value == read_value
               inheritable_attributes.include?(key) ? read_inheritable_attribute(key) : default_value
@@ -77,7 +82,9 @@ module Authlogic
           end
           def first_column_to_exist(*columns_to_check)
-            columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
+            if db_setup?
+              columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
+            end
             columns_to_check.first && columns_to_check.first.to_sym
           end
       end

data/lib/authlogic/acts_as_authentic/perishable_token.rb CHANGED

@@ -60,7 +60,7 @@ module Authlogic
           # If you want to use a different timeout value, just pass it as the second parameter:
           #
           #   User.find_using_perishable_token(token, 1.hour)
-          def find_using_perishable_token(token, age = perishable_token_valid_for)
+          def find_using_perishable_token(token, age = self.perishable_token_valid_for)
             return if token.blank?
             age = age.to_i

data/lib/authlogic/session/brute_force_protection.rb CHANGED

@@ -76,7 +76,7 @@ module Authlogic
           def validate_failed_logins
             errors.clear # Clear all other error messages, as they are irrelevant at this point and can only provide additional information that is not needed
-            errors.add_to_base(I18n.t('error_messages.consecutive_failed_logins_limit_exceeded', :default => "Consecutive failed logins limit exceeded, account is disabled."))
+            errors.add(:base, I18n.t('error_messages.consecutive_failed_logins_limit_exceeded', :default => "Consecutive failed logins limit exceeded, account is disabled."))
           end
           def consecutive_failed_logins_limit

data/lib/authlogic/session/magic_columns.rb CHANGED

@@ -40,7 +40,7 @@ module Authlogic
       module InstanceMethods
         private
           def increase_failed_login_count
-            if errors.on(password_field) && attempted_record.respond_to?(:failed_login_count)
+            if invalid_password? && attempted_record.respond_to?(:failed_login_count)
               attempted_record.failed_login_count ||= 0
               attempted_record.failed_login_count += 1
             end

data/lib/authlogic/session/magic_states.rb CHANGED

@@ -46,7 +46,7 @@ module Authlogic
             return true if attempted_record.nil?
             [:active, :approved, :confirmed].each do |required_status|
               if attempted_record.respond_to?("#{required_status}?") && !attempted_record.send("#{required_status}?")
-                errors.add_to_base(I18n.t("error_messages.not_#{required_status}", :default => "Your account is not #{required_status}"))
+                errors.add(:base, I18n.t("error_messages.not_#{required_status}", :default => "Your account is not #{required_status}"))
                 return false
               end
             end

data/lib/authlogic/session/password.rb CHANGED

@@ -91,10 +91,10 @@ module Authlogic
         # The name of the method in your model used to verify the password. This should be an instance method. It should also be prepared to accept a raw password and a crytped password.
         #
-        # * <tt>Default:</tt> "valid_#{password_field}?"
+        # * <tt>Default:</tt> "valid_password?"
         # * <tt>Accepts:</tt> Symbol or String
         def verify_password_method(value = nil)
-          rw_config(:verify_password_method, value, "valid_#{password_field}?")
+          rw_config(:verify_password_method, value, "valid_password?")
         end
         alias_method :verify_password_method=, :verify_password_method
       end
@@ -151,12 +151,18 @@ module Authlogic
           end
         end
+        def invalid_password?
+          invalid_password == true
+        end
         private
           def authenticating_with_password?
             login_field && (!send(login_field).nil? || !send("protected_#{password_field}").nil?)
           end
           def validate_by_password
+            self.invalid_password = false
             errors.add(login_field, I18n.t('error_messages.login_blank', :default => "cannot be blank")) if send(login_field).blank?
             errors.add(password_field, I18n.t('error_messages.password_blank', :default => "cannot be blank")) if send("protected_#{password_field}").blank?
             return if errors.count > 0
@@ -169,11 +175,20 @@ module Authlogic
             end
             if !attempted_record.send(verify_password_method, send("protected_#{password_field}"))
+              self.invalid_password = true
               generalize_credentials_error_messages? ? add_general_credentials_error : errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
               return
             end
           end
+          def invalid_password
+            @invalid_password
+          end
+          def invalid_password=(value)
+            @invalid_password = value
+          end
           def find_by_login_method
             self.class.find_by_login_method
           end
@@ -183,7 +198,7 @@ module Authlogic
           end
           def add_general_credentials_error
-            errors.add_to_base(I18n.t('error_messages.general_credentials_error', :default => "#{login_field.to_s.humanize}/Password combination is not valid"))
+            errors.add(:base, I18n.t('error_messages.general_credentials_error', :default => "#{login_field.to_s.humanize}/Password combination is not valid"))
           end
           def generalize_credentials_error_messages?

data/lib/authlogic/session/validation.rb CHANGED

@@ -10,10 +10,14 @@ module Authlogic
       #     private
       #       def check_if_awesome
       #         errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
-      #         errors.add_to_base("You must be awesome to log in") unless attempted_record.awesome?
+      #         errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
       #       end
       #   end
       class Errors < ::ActiveRecord::Errors
+        def [](key)
+          value = super
+          value.is_a?(Array) ? value : [value].compact
+        end
       end
       # You should use this as a place holder for any records that you find during validation. The main reason for this is to
@@ -39,7 +43,7 @@ module Authlogic
       #    private
       #      def check_if_awesome
       #        errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
-      #        errors.add_to_base("You must be awesome to log in") unless attempted_record.awesome?
+      #        errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
       #      end
       #  end
       def errors
@@ -58,18 +62,18 @@ module Authlogic
         validate
         ensure_authentication_attempted
-        if errors.empty?
+        if errors.size == 0
           new_session? ? after_validation_on_create : after_validation_on_update
           after_validation
         end
         save_record(attempted_record)
-        errors.empty?
+        errors.size == 0
       end
       private
         def ensure_authentication_attempted
-          errors.add_to_base(I18n.t('error_messages.no_authentication_details', :default => "You did not provide any details for authentication.")) if errors.empty? && attempted_record.nil?
+          errors.add(:base, I18n.t('error_messages.no_authentication_details', :default => "You did not provide any details for authentication.")) if errors.empty? && attempted_record.nil?
         end
     end
   end

data/lib/authlogic/version.rb CHANGED

@@ -41,7 +41,7 @@ module Authlogic # :nodoc:
     MAJOR = 2
     MINOR = 0
-    TINY  = 13
+    TINY  = 14
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/test/acts_as_authentic_test/email_test.rb CHANGED

@@ -57,41 +57,41 @@ module ActsAsAuthenticTest
       u = User.new
       u.email = "a@a.a"
       assert !u.valid?
-      assert u.errors.on(:email)
+      assert u.errors[:email].size > 0
       u.email = "a@a.com"
       assert !u.valid?
-      assert !u.errors.on(:email)
+      assert u.errors[:email].size == 0
     end
     def test_validates_format_of_email_field
       u = User.new
       u.email = "aaaaaaaaaaaaa"
       assert !u.valid?
-      assert u.errors.on(:email)
+      assert u.errors[:email].size > 0
       u.email = "a@a.com"
       assert !u.valid?
-      assert !u.errors.on(:email)
+      assert u.errors[:email].size == 0
       u.email = "dakota.dux+1@gmail.com"
       assert !u.valid?
-      assert !u.errors.on(:email)
+      assert u.errors[:email].size == 0
     end
     def test_validates_uniqueness_of_email_field
       u = User.new
       u.email = "bjohnson@binarylogic.com"
       assert !u.valid?
-      assert u.errors.on(:email)
+      assert u.errors[:email].size > 0
       u.email = "BJOHNSON@binarylogic.com"
       assert !u.valid?
-      assert u.errors.on(:email)
+      assert u.errors[:email].size > 0
       u.email = "a@a.com"
       assert !u.valid?
-      assert !u.errors.on(:email)
+      assert u.errors[:email].size == 0
     end
   end
 end

data/test/acts_as_authentic_test/login_test.rb CHANGED

@@ -57,41 +57,41 @@ module ActsAsAuthenticTest
       u = User.new
       u.login = "a"
       assert !u.valid?
-      assert u.errors.on(:login)
+      assert u.errors[:login].size > 0
       u.login = "aaaaaaaaaa"
       assert !u.valid?
-      assert !u.errors.on(:login)
+      assert u.errors[:login].size == 0
     end
     def test_validates_format_of_login_field
       u = User.new
       u.login = "fdsf@^&*"
       assert !u.valid?
-      assert u.errors.on(:login)
+      assert u.errors[:login].size > 0
       u.login = "fdsfdsfdsfdsfs"
       assert !u.valid?
-      assert !u.errors.on(:login)
+      assert u.errors[:login].size == 0
       u.login = "dakota.dux+1@gmail.com"
       assert !u.valid?
-      assert !u.errors.on(:login)
+      assert u.errors[:login].size == 0
     end
     def test_validates_uniqueness_of_login_field
       u = User.new
       u.login = "bjohnson"
       assert !u.valid?
-      assert u.errors.on(:login)
+      assert u.errors[:login].size > 0
       u.login = "BJOHNSON"
       assert !u.valid?
-      assert u.errors.on(:login)
+      assert u.errors[:login].size > 0
       u.login = "fdsfdsf"
       assert !u.valid?
-      assert !u.errors.on(:login)
+      assert u.errors[:login].size == 0
     end
     def test_find_by_smart_case_login_field

data/test/acts_as_authentic_test/magic_columns_test.rb CHANGED

@@ -6,22 +6,22 @@ module ActsAsAuthenticTest
       u = User.new
       u.login_count = -1
       assert !u.valid?
-      assert u.errors.on(:login_count)
+      assert u.errors[:login_count].size > 0
       u.login_count = 0
       assert !u.valid?
-      assert !u.errors.on(:login_count)
+      assert u.errors[:login_count].size == 0
     end
     def test_validates_numericality_of_failed_login_count
       u = User.new
       u.failed_login_count = -1
       assert !u.valid?
-      assert u.errors.on(:failed_login_count)
+      assert u.errors[:failed_login_count].size > 0
       u.failed_login_count = 0
       assert !u.valid?
-      assert !u.errors.on(:failed_login_count)
+      assert u.errors[:failed_login_count].size == 0
     end
   end
 end

data/test/acts_as_authentic_test/password_test.rb CHANGED

@@ -107,11 +107,11 @@ module ActsAsAuthenticTest
       u = User.new
       u.password_confirmation = "test2"
       assert !u.valid?
-      assert u.errors.on(:password)
+      assert u.errors[:password].size > 0
       u.password = "test"
       assert !u.valid?
-      assert !u.errors.on(:password_confirmation)
+      assert u.errors[:password_confirmation].size == 0
     end
     def test_validates_confirmation_of_password
@@ -119,11 +119,11 @@ module ActsAsAuthenticTest
       u.password = "test"
       u.password_confirmation = "test2"
       assert !u.valid?
-      assert u.errors.on(:password)
+      assert u.errors[:password].size > 0
       u.password_confirmation = "test"
       assert !u.valid?
-      assert !u.errors.on(:password)
+      assert u.errors[:password].size == 0
     end
     def test_validates_length_of_password_confirmation
@@ -132,18 +132,18 @@ module ActsAsAuthenticTest
       u.password = "test"
       u.password_confirmation = ""
       assert !u.valid?
-      assert u.errors.on(:password_confirmation)
+      assert u.errors[:password_confirmation].size > 0
       u.password_confirmation = "test"
       assert !u.valid?
-      assert !u.errors.on(:password_confirmation)
+      assert u.errors[:password_confirmation].size == 0
       ben = users(:ben)
       assert ben.valid?
       ben.password = "newpass"
       assert !ben.valid?
-      assert ben.errors.on(:password_confirmation)
+      assert ben.errors[:password_confirmation].size > 0
       ben.password_confirmation = "newpass"
       assert ben.valid?

data/test/acts_as_authentic_test/perishable_token_test.rb CHANGED

@@ -26,7 +26,7 @@ module ActsAsAuthenticTest
       u = User.new
       u.perishable_token = users(:ben).perishable_token
       assert !u.valid?
-      assert u.errors.on(:perishable_token)
+      assert u.errors[:perishable_token].size > 0
     end
     def test_before_save_reset_perishable_token
@@ -52,5 +52,33 @@ module ActsAsAuthenticTest
       ben.reload
       assert_not_equal old_perishable_token, ben.perishable_token
     end
+    def test_find_using_perishable_token
+      ben = users(:ben)
+      assert_equal ben, User.find_using_perishable_token(ben.perishable_token)
+    end
+    def test_find_using_perishable_token_when_perished
+      ben = users(:ben)
+      ActiveRecord::Base.connection.execute("UPDATE users set updated_at = '#{1.week.ago.to_s(:db)}' where id = #{ben.id}")
+      assert_nil User.find_using_perishable_token(ben.perishable_token)
+    end
+    def test_find_using_perishable_token_when_perished
+      User.perishable_token_valid_for = 1.minute
+      ben = users(:ben)
+      ActiveRecord::Base.connection.execute("UPDATE users set updated_at = '#{2.minutes.ago.to_s(:db)}' where id = #{ben.id}")
+      assert_nil User.find_using_perishable_token(ben.perishable_token)
+      User.perishable_token_valid_for = 10.minutes
+    end
+    def test_find_using_perishable_token_when_passing_threshold
+      User.perishable_token_valid_for = 1.minute
+      ben = users(:ben)
+      ActiveRecord::Base.connection.execute("UPDATE users set updated_at = '#{10.minutes.ago.to_s(:db)}' where id = #{ben.id}")
+      assert_nil User.find_using_perishable_token(ben.perishable_token, 5.minutes)
+      assert_equal ben, User.find_using_perishable_token(ben.perishable_token, 20.minutes)
+      User.perishable_token_valid_for = 10.minutes
+    end
   end
 end

data/test/acts_as_authentic_test/single_access_test.rb CHANGED

@@ -16,7 +16,7 @@ module ActsAsAuthenticTest
       u = User.new
       u.single_access_token = users(:ben).single_access_token
       assert !u.valid?
-      assert u.errors.on(:single_access_token)
+      assert u.errors[:single_access_token].size > 0
     end
     def test_before_validation_reset_single_access_token

data/test/session_test/brute_force_protection_test.rb CHANGED

@@ -45,26 +45,27 @@ module SessionTest
         2.times do |i|
           session = UserSession.new(:login => ben.login, :password => "badpassword1")
           assert !session.save
-          assert session.errors.on(:password)
+          assert session.errors[:password].size > 0
           assert_equal i + 1, ben.reload.failed_login_count
         end
         session = UserSession.new(:login => ben.login, :password => "badpassword2")
         assert !session.save
-        assert !session.errors.on(:password)
-        assert_equal 2, ben.reload.failed_login_count
+        assert session.errors[:password].size == 0
+        assert_equal 3, ben.reload.failed_login_count
         UserSession.consecutive_failed_logins_limit = 50
       end
       def test_exceeded_ban_for
         UserSession.consecutive_failed_logins_limit = 2
+        UserSession.generalize_credentials_error_messages true
         ben = users(:ben)
         2.times do |i|
           session = UserSession.new(:login => ben.login, :password => "badpassword1")
           assert !session.save
-          assert session.errors.on(:password)
+          assert session.invalid_password?
           assert_equal i + 1, ben.reload.failed_login_count
         end
@@ -74,6 +75,7 @@ module SessionTest
         assert_equal 0, ben.reload.failed_login_count
         UserSession.consecutive_failed_logins_limit = 50
+        UserSession.generalize_credentials_error_messages false
       end
       def test_exceeded_ban_and_failed_doesnt_ban_again
@@ -83,7 +85,7 @@ module SessionTest
         2.times do |i|
           session = UserSession.new(:login => ben.login, :password => "badpassword1")
           assert !session.save
-          assert session.errors.on(:password)
+          assert session.errors[:password].size > 0
           assert_equal i + 1, ben.reload.failed_login_count
         end

data/test/session_test/magic_states_test.rb CHANGED

@@ -31,7 +31,7 @@ module SessionTest
         ben.update_attribute(:active, false)
         assert !session.valid?
-        assert session.errors.on_base.size > 0
+        assert session.errors[:base].size > 0
       end
       def test_validate_validate_magic_states_approved
@@ -42,7 +42,7 @@ module SessionTest
         ben.update_attribute(:approved, false)
         assert !session.valid?
-        assert session.errors.on_base.size > 0
+        assert session.errors[:base].size > 0
       end
       def test_validate_validate_magic_states_confirmed
@@ -53,7 +53,7 @@ module SessionTest
         ben.update_attribute(:confirmed, false)
         assert !session.valid?
-        assert session.errors.on_base.size > 0
+        assert session.errors[:base].size > 0
       end
     end
   end

data/test/test_helper.rb CHANGED

@@ -4,6 +4,16 @@ require "ruby-debug"
 require "active_record"
 require "active_record/fixtures"
+# A temporary fix to bring active record errors up to speed with rails edge.
+# I need to remove this once the new gem is released. This is only here so my tests pass.
+class ActiveRecord::Errors
+  def [](key)
+    value = on(key)
+    value.is_a?(Array) ? value : [value].compact
+  end
+end
 ActiveRecord::Schema.verbose = false
 ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :dbfile => ":memory:")
 ActiveRecord::Base.configurations = true

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 2.0.13
+  version: 2.0.14
 platform: ruby
 authors:
 - Ben Johnson of Binary Logic
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2009-05-13 00:00:00 -04:00
+date: 2009-06-13 00:00:00 -04:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -30,7 +30,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.12.2
+        version: 2.0.0
     version:
 description: A clean, simple, and unobtrusive ruby authentication solution.
 email: bjohnson@binarylogic.com
@@ -186,7 +186,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project: authlogic
-rubygems_version: 1.3.3
+rubygems_version: 1.3.4
 signing_key:
 specification_version: 3
 summary: A clean, simple, and unobtrusive ruby authentication solution.