authlogic 2.0.5 → 2.0.6

data/CHANGELOG.rdoc

@@ -1,6 +1,24 @@
+== 2.0.6
+
+* Don't use second, use [1] instead so older rails systems don't complain.
+* Update email regular expression to be less TLD specific: (?:[A-Z]{2,4}|museum|travel)
+* Update shoulda macro for 2.0
+* validates_length_of_password_confirmation_field_options defaults to validates_confirmation_of_password_field_options
+* Use MockCookieJar in tests instead of a Hash.
+* Cookies now store the record id as well, for faster lookup. Also to avoid the need to use sessions since sessions are lazily loaded in rails 2.3+
+* Add configuration option for Authlogic::ActsAsAuthentic: ignore_blank_passwords
+* Fix cookie_domain in rails adapter
+* Make password and login fields optional. This allows you to have an alternate authentication method as your main authentication source. Such as OpenID, LDAP, or whatever you want.
+* Reset the @password_changed instance variable after the record has been saved.
+* Add referer and user_agent to mock requests for testing purposes.
+* Add :case_sensitive => false to validates_uniqueness_of calls on the login and email fields.
+* MockRequest not tries to use controller.env['REMOTE_ADDR'] for the IP address in tests.
+* Add in custom find_with_email and find_with_login methods to perform case insensitive searches for databases that are case sensitive by default. This is only done if the :case_insensitive option for validates_uniqueness_of_login_field_options or validates_uniqueness_of_email_field_options is set to false. Which, as of this version, it is. If you are using MySQL this has been the default behavior all along. If you are using SQLite or Postgres this has NOT been the default behavior.
+* Added in exception explaining that you are using the old configuration for acts_as_authentic with an example of the new format.
+
 == 2.0.5 released 2009-3-30
 
-* Stub out authenticate_with_http_basic for TestCase::Controller adapter.
+* Stub out authenticate_with_http_basic for TestCase::ControllerAdapter.
 * Added second parameter for add_acts_as_authentic module to specify the position: append or prepend.
 
 == 2.0.4 released 2009-3-28

data/README.rdoc

@@ -2,11 +2,11 @@
 
 Authlogic is a clean, simple, and unobtrusive ruby authentication solution.
 
-What inspired me to create Authlogic was the messiness of the current authentication solutions. Put simply, they just didn't feel right. They felt wrong because the logic was not organized properly. As you may know, a common misconception with the MVC design pattern is that the model "M" is only for data access logic, which is wrong. A model is a place for domain logic. This is why the RESTful design pattern and the current authentication solutions don't play nice. Authlogic solves this by placing the session maintenance logic into its own domain (aka "model"). Moving session maintenance into its own domain has its benefits:
+What inspired me to create Authlogic was the messiness of the current authentication solutions. Put simply, they just didn't feel right, because the logic was not organized properly. As you may know, a common misconception with the MVC design pattern is that the model "M" is only for data access logic, which is wrong. A model is a place for domain logic. This is why the RESTful design pattern and the current authentication solutions don't play nice. Authlogic solves this by placing the session maintenance logic into its own domain (aka "model"). Moving session maintenance into its own domain has its benefits:
 
-1. It's easier to update and stay current with the latest security practices. Since authlogic sits in between you and your session it can assist in keeping your security top notch. Such as upgrading your hashing algorithm, helping you transition to a new algorithm, etc. Also, Authlogic is a gem, which means you get all of these benefits easily, through a rubygems update.
+1. It's easier to update and stay current with the latest security practices. Since authlogic sits in between you and your session it can assist in keeping your security up to date. For example: upgrading your hashing algorithm, helping you transition to a new algorithm, etc. Since all of this logic is in the Authlogic library, staying up to date is as easy as updating the library.
 2. It ties everything together on the domain level. Take a new user registration for example, no reason to manually log the user in, authlogic handles this for you via callbacks. The same applies to a user changing their password. Authlogic handles maintaining the session for you.
-3. Your application can stay clean and focused and free of redundant authentication code from app to app. Meaning generators are *NOT* necessary at all.
+3. Your application can stay clean, focused, and free of redundant authentication code from app to app. Meaning generators are *NOT* necessary. Not any more neccessary than any other control
 4. A byproduct of #3 is that you don't have to test the same code over and over in each of your apps. You don't test the internals of ActiveRecord in each of your apps, so why would you test the internals of Authlogic? It's already been thoroughly tested for you. Focus on your application, and get rid of the noise by testing your application specific code and not generated code that you didn't write.
 5. You get to write your own code, just like you do for any other model. Meaning the code you write is specific to your application, the way you want it, and more importantly you understand it.
 6. You are not restricted to a single session. Think about Apple's me.com, where they need you to authenticate a second time before changing your billing information. Why not just create a second session for this? It works just like your initial session. Then your billing controller can require an "ultra secure" session.
@@ -16,17 +16,26 @@ Authlogic can do all of this and much more, keep reading to see...
 == Helpful links
 
 *	<b>Documentation:</b> http://authlogic.rubyforge.org
+*	<b>Live example with OpenID "add on" & source code:</b> http://authlogicexample.binarylogic.com
 *	<b>Tutorial: Authlogic basic setup:</b> http://www.binarylogic.com/2008/11/3/tutorial-authlogic-basic-setup
 *	<b>Tutorial: Reset passwords with Authlogic the RESTful way:</b> http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic
-*	<b>Tutorial: Using OpenID with Authlogic:</b> http://www.binarylogic.com/2008/11/21/tutorial-using-openid-with-authlogic
-*	<b>Live example of the tutorials above (with source):</b> http://authlogicexample.binarylogic.com
 *	<b>Tutorial: Easily migrate from restful_authentication:</b> http://www.binarylogic.com/2008/11/23/tutorial-easily-migrate-from-restful_authentication-to-authlogic
 *	<b>Tutorial: Upgrade passwords easily with Authlogic:</b> http://www.binarylogic.com/2008/11/23/tutorial-upgrade-passwords-easily-with-authlogic
 * <b>Bugs / feature suggestions:</b> http://binarylogic.lighthouseapp.com/projects/18752-authlogic
 * <b>Google group:</b> http://groups.google.com/group/authlogic
 
-**Before contacting me, please read:**
-If you find a bug or a problem please post it on lighthouse. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. Please do not email me directly, with issues regarding Authlogic.
+<b>Before contacting me, please read:</b>
+
+If you find a bug or a problem please post it on lighthouse. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help.
+
+Please do not email me directly with issues regarding Authlogic. This is an inefficient way to get help because it doesn't help people who have the same problem in the future.
+
+== Authlogic "add ons"
+
+*	<b>Authlogic OpenID addon:</b> http://github.com/binarylogic/authlogic_openid
+*	<b>Authlogic LDAP addon:</b> http://github.com/binarylogic/authlogic_ldap
+
+If you create one of your own, please let me know about it so I can add it to this list.
 
 == Documentation
 
@@ -184,7 +193,7 @@ This will create a file that looks similar to:
 The user model should have the following columns. The names of these columns can be changed with configuration. Better yet, Authlogic tries to guess these names by checking for the existence of common names. See the sub modules of Authlogic::Session for more details, but chances are you won't have to specify any configuration for your field names, even if they aren't the same names as below.
 
     t.string    :login,               :null => false                # optional, you can use email instead, or both
-    t.string    :crypted_password,    :null => false                # required
+    t.string    :crypted_password,    :null => false                # optional, see below
     t.string    :password_salt,       :null => false                # optional, but highly recommended
     t.string    :persistence_token,   :null => false                # required
     t.string    :single_access_token, :null => false                # optional, see Authlogic::Session::Params
@@ -197,6 +206,8 @@ The user model should have the following columns. The names of these columns can
     t.string    :current_login_ip                                   # optional, see Authlogic::Session::MagicColumns
     t.string    :last_login_ip                                      # optional, see Authlogic::Session::MagicColumns
 
+Notice the login and crypted_password fields are optional. If you prefer, you could use OpenID, LDAP, or whatever you want as your main authentication source and not even provide your own authentication system. I recommend providing your own as an option though. Your interface, such as the registration form, can dictate which method is the default. Lastly, adding 3rd party authentication methods should be as easy as installing an Authlogic "add on" gem. See "Authligic add ons" above.
+
 === 4. Set up your model
 
 Make sure you have a model that you will be authenticating with. Since we are using the User model it should look something like:
@@ -266,4 +277,4 @@ A lot of them forced me to name my password column as "this", or the key of my c
 I am not trying to  "bash" any other authentication solutions. These are just my opinions, formulate your own opinion. I released Authlogic because I was "scratching my own itch". It has made my life easier and I enjoy using it, hopefully it does the same for you.
 
 
-Copyright (c) 2008 Ben Johnson of [Binary Logic](http://www.binarylogic.com), released under the MIT license
+Copyright (c) 2009 {Ben Johnson of Binary Logic}(http://www.binarylogic.com), released under the MIT license

data/lib/authlogic/acts_as_authentic/base.rb

@@ -23,7 +23,7 @@ module Authlogic
         #   end
         #
         # See the various sub modules for the configuration they provide.
-        def acts_as_authentic(&block)
+        def acts_as_authentic(unsupported_options = nil, &block)
           # Stop all configuration if the DB is not set up
           begin
             column_names
@@ -31,6 +31,9 @@ module Authlogic
             return
           end
           
+          raise ArgumentError.new("You are using the old v1.X.X configuration method for Authlogic. Instead of " +
+            "passing a hash of configuration options to acts_as_authentic, pass a block: acts_as_authentic { |c| c.my_option = my_value }") if !unsupported_options.nil?
+          
           yield self if block_given?
           acts_as_authentic_modules.each { |mod| include mod }
         end
@@ -73,9 +76,9 @@ module Authlogic
             end
           end
 
-          def first_column_to_exist(*columns_to_check) # :nodoc:
+          def first_column_to_exist(*columns_to_check)
             columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
-            columns_to_check.first ? columns_to_check.first.to_sym : nil
+            columns_to_check.first && columns_to_check.first.to_sym
           end
 
       end

data/lib/authlogic/acts_as_authentic/email.rb

@@ -19,7 +19,7 @@ module Authlogic
         # * <tt>Default:</tt> :email, if it exists
         # * <tt>Accepts:</tt> Symbol
         def email_field(value = nil)
-          config(:email_field, value, first_column_to_exist(nil, :email))
+          config(:email_field, value, first_column_to_exist(nil, :email, :email_address))
         end
         alias_method :email_field=, :email_field
         
@@ -52,10 +52,10 @@ module Authlogic
         
         # A hash of options for the validates_uniqueness_of call for the email field. Allows you to change this however you want.
         #
-        # * <tt>Default:</tt> {:scope => validations_scope, :if => "#{email_field}_changed?".to_sym}
+        # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
         def validates_uniqueness_of_email_field_options(value = nil)
-          config(:validates_uniqueness_of_email_field_options, value, {:scope => validations_scope, :if => "#{email_field}_changed?".to_sym})
+          config(:validates_uniqueness_of_email_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym})
         end
         alias_method :validates_uniqueness_of_email_field_options=, :validates_uniqueness_of_email_field_options
         
@@ -64,7 +64,7 @@ module Authlogic
             return @email_regex if @email_regex
             email_name_regex  = '[\w\.%\+\-]+'
             domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
-            domain_tld_regex  = '(?:[A-Z]{2}|aero|ag|asia|at|be|biz|ca|cc|cn|com|de|edu|eu|fm|gov|gs|jobs|jp|in|info|me|mil|mobi|museum|ms|name|net|nu|nz|org|tc|tw|tv|uk|us|vg|ws)'
+            domain_tld_regex  = '(?:[A-Z]{2,4}|museum|travel)'
             @email_regex = /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
           end
       end
@@ -73,6 +73,8 @@ module Authlogic
       module Methods
         def self.included(klass)
           klass.class_eval do
+            extend ClassMethods
+            
             if validate_email_field && email_field
               validates_length_of email_field, validates_length_of_email_field_options
               validates_format_of email_field, validates_format_of_email_field_options
@@ -80,6 +82,24 @@ module Authlogic
             end
           end
         end
+        
+        # Class methods relating to the email field
+        module ClassMethods
+          # Calls alias_method if your email_field name is "out of the norm".
+          def self.included(klass)
+            klass.send(:alias_method, "find_with_email", "find_with_#{email_field}") if klass.email_field != :email
+          end
+          
+          # Please see the find_with_login method in Authlogic::ActsAsAuthentic::Login module. It's the same exact thing
+          # but for the login field instead of the email field.
+          def find_with_email(email)
+            if validates_uniqueness_of_email_field_options[:case_sensitive] == false
+              first(:conditions => ["LOWER(#{quoted_table_name}.#{email_field}) = ?", email.downcase])
+            else
+              send("find_by_#{email_field}", email)
+            end
+          end
+        end
       end
     end
   end

data/lib/authlogic/acts_as_authentic/logged_in_status.rb

@@ -27,27 +27,33 @@ module Authlogic
       # All methods for the logged in status feature seat.
       module Methods
         def self.included(klass)
+          return if !klass.column_names.include?("last_request_at")
+          
           klass.class_eval do
+            include InstanceMethods
+            
             named_scope :logged_in, lambda { {:conditions => ["last_request_at > ?", logged_in_timeout.seconds.ago]} }
             named_scope :logged_out, lambda { {:conditions => ["last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago]} }
           end
         end
         
-        # Returns true if the last_request_at > logged_in_timeout.
-        def logged_in?
-          raise "Can not determine the records login state because there is no last_request_at column" if !respond_to?(:last_request_at)
-          !last_request_at.nil? && last_request_at > logged_in_timeout.seconds.ago
-        end
-        
-        # Opposite of logged_in?
-        def logged_out?
-          !logged_in?
-        end
+        module InstanceMethods
+          # Returns true if the last_request_at > logged_in_timeout.
+          def logged_in?
+            raise "Can not determine the records login state because there is no last_request_at column" if !respond_to?(:last_request_at)
+            !last_request_at.nil? && last_request_at > logged_in_timeout.seconds.ago
+          end
         
-        private
-          def logged_in_timeout
-            self.class.logged_in_timeout
+          # Opposite of logged_in?
+          def logged_out?
+            !logged_in?
           end
+        
+          private
+            def logged_in_timeout
+              self.class.logged_in_timeout
+            end
+        end
       end
     end
   end

data/lib/authlogic/acts_as_authentic/login.rb

@@ -49,18 +49,21 @@ module Authlogic
         
         # A hash of options for the validates_uniqueness_of call for the login field. Allows you to change this however you want.
         #
-        # * <tt>Default:</tt> {:scope => validations_scope, :if => "#{login_field}_changed?".to_sym}
+        # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
         def validates_uniqueness_of_login_field_options(value = nil)
-          config(:validates_uniqueness_of_login_field_options, value, {:scope => validations_scope, :if => "#{login_field}_changed?".to_sym})
+          config(:validates_uniqueness_of_login_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym})
         end
         alias_method :validates_uniqueness_of_login_field_options=, :validates_uniqueness_of_login_field_options
       end
       
       # All methods relating to the login field
       module Methods
+        # Adds in various validations, modules, etc.
         def self.included(klass)
           klass.class_eval do
+            extend ClassMethods
+            
             if validate_login_field && login_field
               validates_length_of login_field, validates_length_of_login_field_options
               validates_format_of login_field, validates_format_of_login_field_options
@@ -68,6 +71,35 @@ module Authlogic
             end
           end
         end
+        
+        # Class methods relating to the login field.
+        module ClassMethods
+          # Calls alias_method if your login_field name is "out of the norm".
+          def self.included(klass)
+            klass.send(:alias_method, "find_with_login", "find_with_#{login_field}") if klass.login_field != :login
+          end
+          
+          # This method allows you to find a record with the given login. If you notice, with ActiveRecord you have the
+          # validates_uniqueness_of validation function. They give you a :case_sensitive option. I handle this in the same
+          # manner that they handle that. If you set false for the :case_sensitive option in validates_uniqueness_of_login_field_options
+          # this method will modify the query to look something like:
+          #
+          #   first(:conditions => ["LOWER(#{quoted_table_name}.#{login_field}) = ?", login.downcase])
+          #
+          # If you don't specify this it calls the good old find_by_* method:
+          #
+          #   find_by_login(login)
+          #
+          # The only reason I need to do the above is for Postgres and SQLite since they perform case sensitive searches with the
+          # find_by_* methods.
+          def find_with_login(login)
+            if validates_uniqueness_of_login_field_options[:case_sensitive] == false
+              first(:conditions => ["LOWER(#{quoted_table_name}.#{login_field}) = ?", login.downcase])
+            else
+              send("find_by_#{login_field}", login)
+            end
+          end
+        end
       end
     end
   end

data/lib/authlogic/acts_as_authentic/password.rb

@@ -18,7 +18,7 @@ module Authlogic
         # * <tt>Default:</tt> :crypted_password, :encrypted_password, :password_hash, or :pw_hash
         # * <tt>Accepts:</tt> Symbol
         def crypted_password_field(value = nil)
-          config(:crypted_password_field, value, first_column_to_exist(:crypted_password, :encrypted_password, :password_hash, :pw_hash))
+          config(:crypted_password_field, value, first_column_to_exist(nil, :crypted_password, :encrypted_password, :password_hash, :pw_hash))
         end
         alias_method :crypted_password_field=, :crypted_password_field
         
@@ -31,6 +31,22 @@ module Authlogic
         end
         alias_method :password_salt_field=, :password_salt_field
         
+        # By default passwords are required when a record is new or the crypted_password is blank, but if both of these things
+        # are met a password is not required. In this case, blank passwords are ignored.
+        #
+        # Think about a profile page, where the user can edit all of their information, including changing their password.
+        # If they do not want to change their password they just leave the fields blank. This will try to set the password to
+        # a blank value, in which case is incorrect behavior. As such, Authlogic ignores this. But let's say you have a completely
+        # separate page for resetting passwords, you might not want to ignore blank passwords. If this is the case for you, then
+        # just set this value to false.
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def ignore_blank_passwords(value = nil)
+          config(:ignore_blank_passwords, value, true)
+        end
+        alias_method :ignore_blank_passwords=, :ignore_blank_passwords
+        
         # Whether or not to validate the password field.
         #
         # * <tt>Default:</tt> true
@@ -60,10 +76,10 @@ module Authlogic
         
         # A hash of options for the validates_length_of call for the password_confirmation field. Allows you to change this however you want.
         #
-        # * <tt>Default:</tt> {:minimum => 4, :if => :require_password_?}
+        # * <tt>Default:</tt> validates_length_of_password_field_options
         # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
         def validates_length_of_password_confirmation_field_options(value = nil)
-          config(:validates_length_of_password_confirmation_field_options, value, {:minimum => 4, :if => :require_password?})
+          config(:validates_length_of_password_confirmation_field_options, value, validates_length_of_password_field_options)
         end
         alias_method :validates_length_of_password_confirmation_field_options=, :validates_length_of_password_confirmation_field_options
         
@@ -102,6 +118,7 @@ module Authlogic
         ]
         
         def self.included(klass)
+          return if !klass.column_names.include?(klass.crypted_password_field.to_s)
           klass.define_callbacks *METHODS
         end
         
@@ -118,112 +135,128 @@ module Authlogic
       # The methods related to the password field.
       module Methods
         def self.included(klass)
+          return if !klass.column_names.include?(klass.crypted_password_field.to_s)
+          
           klass.class_eval do
+            include InstanceMethods
+            
             if validate_password_field
               validates_length_of :password, validates_length_of_password_field_options
               validates_confirmation_of :password, validates_confirmation_of_password_field_options
               validates_length_of :password_confirmation, validates_length_of_password_confirmation_field_options
             end
+            
+            after_save :reset_password_changed
           end
         end
         
-        # The password
-        def password
-          @password
-        end
+        module InstanceMethods
+          # The password
+          def password
+            @password
+          end
         
-        # This is a virtual method. Once a password is passed to it, it will create new password salt as well as encrypt
-        # the password.
-        def password=(pass)
-          return if pass.blank?
-          before_password_set
-          @password = pass
-          send("#{password_salt_field}=", Authlogic::Random.friendly_token) if password_salt_field
-          send("#{crypted_password_field}=", crypto_provider.encrypt(*encrypt_arguments(@password, act_like_restful_authentication? ? :restful_authentication : nil)))
-          @password_changed = true
-          after_password_set
-        end
+          # This is a virtual method. Once a password is passed to it, it will create new password salt as well as encrypt
+          # the password.
+          def password=(pass)
+            return if ignore_blank_passwords? && pass.blank?
+            before_password_set
+            @password = pass
+            send("#{password_salt_field}=", Authlogic::Random.friendly_token) if password_salt_field
+            send("#{crypted_password_field}=", crypto_provider.encrypt(*encrypt_arguments(@password, act_like_restful_authentication? ? :restful_authentication : nil)))
+            @password_changed = true
+            after_password_set
+          end
         
-        # Accepts a raw password to determine if it is the correct password or not.
-        def valid_password?(attempted_password)
-          return false if attempted_password.blank? || send(crypted_password_field).blank?
+          # Accepts a raw password to determine if it is the correct password or not.
+          def valid_password?(attempted_password)
+            return false if attempted_password.blank? || send(crypted_password_field).blank?
           
-          before_password_verification
+            before_password_verification
           
-          crypto_providers = [crypto_provider] + transition_from_crypto_providers
-          crypto_providers.each_with_index do |encryptor, index|
-            # The arguments_type of for the transitioning from restful_authentication
-            arguments_type = (act_like_restful_authentication? && index == 0) ||
-              (transition_from_restful_authentication? && index > 0 && encryptor == Authlogic::CryptoProviders::Sha1) ?
-              :restful_authentication : nil
+            crypto_providers = [crypto_provider] + transition_from_crypto_providers
+            crypto_providers.each_with_index do |encryptor, index|
+              # The arguments_type of for the transitioning from restful_authentication
+              arguments_type = (act_like_restful_authentication? && index == 0) ||
+                (transition_from_restful_authentication? && index > 0 && encryptor == Authlogic::CryptoProviders::Sha1) ?
+                :restful_authentication : nil
             
-            if encryptor.matches?(send(crypted_password_field), *encrypt_arguments(attempted_password, arguments_type))
-              # If we are transitioning from an older encryption algorithm and the password is still using the old algorithm
-              # then let's reset the password using the new algorithm. If the algorithm has a cost (BCrypt) and the cost has changed, update the password with
-              # the new cost.
-              if index > 0 || (encryptor.respond_to?(:cost_matches?) && !encryptor.cost_matches?(send(crypted_password_field)))
-                self.password = attempted_password
-                save(false)
-              end
+              if encryptor.matches?(send(crypted_password_field), *encrypt_arguments(attempted_password, arguments_type))
+                # If we are transitioning from an older encryption algorithm and the password is still using the old algorithm
+                # then let's reset the password using the new algorithm. If the algorithm has a cost (BCrypt) and the cost has changed, update the password with
+                # the new cost.
+                if index > 0 || (encryptor.respond_to?(:cost_matches?) && !encryptor.cost_matches?(send(crypted_password_field)))
+                  self.password = attempted_password
+                  save(false)
+                end
               
-              after_password_verification
+                after_password_verification
               
-              return true
+                return true
+              end
             end
-          end
           
-          false
-        end
+            false
+          end
         
-        # Resets the password to a random friendly token.
-        def reset_password
-          friendly_token = Authlogic::Random.friendly_token
-          self.password = friendly_token
-          self.password_confirmation = friendly_token
-        end
-        alias_method :randomize_password, :reset_password
+          # Resets the password to a random friendly token.
+          def reset_password
+            friendly_token = Authlogic::Random.friendly_token
+            self.password = friendly_token
+            self.password_confirmation = friendly_token
+          end
+          alias_method :randomize_password, :reset_password
         
-        # Resets the password to a random friendly token and then saves the record.
-        def reset_password!
-          reset_password
-          save_without_session_maintenance(false)
-        end
-        alias_method :randomize_password!, :reset_password!
+          # Resets the password to a random friendly token and then saves the record.
+          def reset_password!
+            reset_password
+            save_without_session_maintenance(false)
+          end
+          alias_method :randomize_password!, :reset_password!
         
-        private
-          def encrypt_arguments(raw_password, arguments_type = nil)
-            salt = password_salt_field ? send(password_salt_field) : nil
-            case arguments_type
-            when :restful_authentication
-              [REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact
-            else
-              [raw_password, salt].compact
+          private
+            def encrypt_arguments(raw_password, arguments_type = nil)
+              salt = password_salt_field ? send(password_salt_field) : nil
+              case arguments_type
+              when :restful_authentication
+                [REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact
+              else
+                [raw_password, salt].compact
+              end
             end
-          end
           
-          def require_password?
-            new_record? || password_changed? || send(crypted_password_field).blank?
-          end
+            def require_password?
+              new_record? || password_changed? || send(crypted_password_field).blank?
+            end
           
-          def password_changed?
-            @password_changed == true
-          end
+            def ignore_blank_passwords?
+              self.class.ignore_blank_passwords == true
+            end
           
-          def crypted_password_field
-            self.class.crypted_password_field
-          end
+            def password_changed?
+              @password_changed == true
+            end
+            
+            def reset_password_changed
+              @password_changed = false
+            end
           
-          def password_salt_field
-            self.class.password_salt_field
-          end
+            def crypted_password_field
+              self.class.crypted_password_field
+            end
           
-          def crypto_provider
-            self.class.crypto_provider
-          end
+            def password_salt_field
+              self.class.password_salt_field
+            end
           
-          def transition_from_crypto_providers
-            self.class.transition_from_crypto_providers
-          end
+            def crypto_provider
+              self.class.crypto_provider
+            end
+          
+            def transition_from_crypto_providers
+              self.class.transition_from_crypto_providers
+            end
+        end
       end
     end
   end

data/lib/authlogic/acts_as_authentic/single_access_token.rb

@@ -29,7 +29,7 @@ module Authlogic
       module Methods
         def self.included(klass)
           return if !klass.column_names.include?("single_access_token")
-            
+          
           klass.class_eval do
             include InstanceMethods
             validates_uniqueness_of :single_access_token, :if => :single_access_token_changed?

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -4,7 +4,7 @@ module Authlogic
     # provides. Similar to how ActiveRecord has an adapter for MySQL, PostgreSQL, SQLite, etc.
     class RailsAdapter < AbstractAdapter
       def authenticate_with_http_basic(&block)
-        yield [nil, nil]
+        controller.authenticate_with_http_basic(&block)
       end
       
       def cookies
@@ -13,7 +13,7 @@ module Authlogic
       
       def cookie_domain
         @cookie_domain_key ||= (Rails::VERSION::MAJOR >= 2 && Rails::VERSION::MINOR >= 3) ? :domain : :session_domain
-        controller.class.session_options[@cookie_domain_key]
+        ActionController::Base.session_options[@cookie_domain_key]
       end
       
       def request_content_type

data/lib/authlogic/crypto_providers/aes256.rb

@@ -5,7 +5,7 @@ module Authlogic
     # This encryption method is reversible if you have the supplied key. So in order to use this encryption method you must supply it with a key first.
     # In an initializer, or before your application initializes, you should do the following:
     #
-    #   Authlogic::CryptoProviders::AES256.key = "my really long and unique key, preferrable a bunch of random characters"
+    #   Authlogic::CryptoProviders::AES256.key = "my really long and unique key, preferrably a bunch of random characters"
     #
     # My final comment is that this is a strong encryption method, but its main weakness is that its reversible. If you do not need to reverse the hash
     # then you should consider Sha512 or BCrypt instead.
@@ -34,7 +34,7 @@ module Authlogic
     
         private
           def aes
-            raise ArgumentError.new("You provide a key like #{name}.key = my_key before using the #{name}") if @key.blank?
+            raise ArgumentError.new("You must provide a key like #{name}.key = my_key before using the #{name}") if @key.blank?
             @aes ||= OpenSSL::Cipher::Cipher.new("AES-256-ECB")
           end
       end

data/lib/authlogic/crypto_providers/bcrypt.rb

@@ -35,7 +35,9 @@ module Authlogic
     #
     # Tell acts_as_authentic to use it:
     #
-    #   acts_as_authentic :crypto_provider => Authlogic::CryptoProviders::BCrypt
+    #   acts_as_authentic do |c|
+    #     c.crypto_provider = Authlogic::CryptoProviders::BCrypt
+    #   end
     #
     # You are good to go!
     class BCrypt

data/lib/authlogic/crypto_providers/sha1.rb

@@ -2,8 +2,8 @@ require "digest/sha1"
 
 module Authlogic
   module CryptoProviders
-    # This class was made for the users transitioning from restful_authentication. I highly discourage using this crypto provider as it inferior to your other options.
-    # Please use any other provider offered by Authlogic.
+    # This class was made for the users transitioning from restful_authentication. I highly discourage using this
+    # crypto provider as it inferior to your other options. Please use any other provider offered by Authlogic.
     class Sha1
       class << self
         def join_token

data/lib/authlogic/session/active_record_trickery.rb

@@ -17,7 +17,7 @@ module Authlogic
         #   authlogic.attributes.user_session.login
         def human_attribute_name(attribute_key_name, options = {})
           options[:count] ||= 1
-          options[:default] ||= attribute_key_name.humanize
+          options[:default] ||= attribute_key_name.to_s.humanize
           I18n.t("attributes.#{name.underscore}.#{attribute_key_name}", options)
         end
         

data/lib/authlogic/session/cookies.rb

@@ -98,13 +98,15 @@ module Authlogic
           end
           
           def cookie_credentials
-            controller.cookies[cookie_key]
+            controller.cookies[cookie_key] && controller.cookies[cookie_key].split("::")
           end
           
           # Tries to validate the session from information in the cookie
           def persist_by_cookie
-            if cookie_credentials
-              self.unauthorized_record = search_for_record("find_by_persistence_token", cookie_credentials)
+            persistence_token, record_id = cookie_credentials
+            if !persistence_token.nil?
+              record = record_id.nil? ? search_for_record("find_by_persistence_token", persistence_token) : search_for_record("find_by_#{klass.primary_key}", record_id)
+              self.unauthorized_record = record if record && record.persistence_token == persistence_token
               valid?
             else
               false
@@ -113,7 +115,7 @@ module Authlogic
         
           def save_cookie
             controller.cookies[cookie_key] = {
-              :value => record.persistence_token,
+              :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
               :expires => remember_me_until,
               :domain => controller.cookie_domain
             }

data/lib/authlogic/session/password.rb

@@ -29,10 +29,13 @@ module Authlogic
         #     end
         #   end
         #
-        # * <tt>Default:</tt> "find_by_#{login_field}"
+        # Now just specifcy the name of this method for this configuration option and you are all set. You can do anything you want here. Maybe you allow users to have multiple logins
+        # and you want to search a has_many relationship, etc. The sky is the limit.
+        #
+        # * <tt>Default:</tt> "find_by_case_insensitive_#{login_field}"
         # * <tt>Accepts:</tt> Symbol or String
         def find_by_login_method(value = nil)
-          config(:find_by_login_method, value, "find_by_#{login_field}")
+          config(:find_by_login_method, value, "find_with_#{login_field}")
         end
         alias_method :find_by_login_method=, :find_by_login_method
         
@@ -41,19 +44,19 @@ module Authlogic
         # login with a field called "login" and then find users by email this is compeltely doable. See the find_by_login_method configuration
         # option for more details.
         #
-        # * <tt>Default:</tt> Uses the configuration option in your model: User.login_field
+        # * <tt>Default:</tt> klass.login_field || klass.email_field
         # * <tt>Accepts:</tt> Symbol or String
         def login_field(value = nil)
           config(:login_field, value, klass.login_field || klass.email_field)
         end
         alias_method :login_field=, :login_field
         
-        # Works exactly like login_field, but for the password instead.
+        # Works exactly like login_field, but for the password instead. Returns :password if a login_field exists.
         #
         # * <tt>Default:</tt> :password
         # * <tt>Accepts:</tt> Symbol or String
         def password_field(value = nil)
-          config(:password_field, value, :password)
+          config(:password_field, value, login_field && :password)
         end
         alias_method :password_field=, :password_field
         
@@ -71,18 +74,23 @@ module Authlogic
       module InstanceMethods
         def initialize(*args)
           if !self.class.configured_password_methods
-            self.class.send(:attr_writer, login_field) if !respond_to?("#{login_field}=")
-            self.class.send(:attr_reader, login_field) if !respond_to?(login_field)
-            self.class.send(:attr_writer, password_field) if !respond_to?("#{password_field}=")
-            self.class.send(:define_method, password_field) {} if !respond_to?(password_field)
+            if login_field
+              self.class.send(:attr_writer, login_field) if !respond_to?("#{login_field}=")
+              self.class.send(:attr_reader, login_field) if !respond_to?(login_field)
+            end
+            
+            if password_field
+              self.class.send(:attr_writer, password_field) if !respond_to?("#{password_field}=")
+              self.class.send(:define_method, password_field) {} if !respond_to?(password_field)
 
-            self.class.class_eval <<-"end_eval", __FILE__, __LINE__
-              private
-                # The password should not be accessible publicly. This way forms using form_for don't fill the password with the attempted password. The prevent this we just create this method that is private.
-                def protected_#{password_field}
-                  @#{password_field}
-                end
-            end_eval
+              self.class.class_eval <<-"end_eval", __FILE__, __LINE__
+                private
+                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the attempted password. The prevent this we just create this method that is private.
+                  def protected_#{password_field}
+                    @#{password_field}
+                  end
+              end_eval
+            end
 
             self.class.configured_password_methods = true
           end
@@ -114,7 +122,7 @@ module Authlogic
         
         private
           def authenticating_with_password?
-            !send(login_field).nil? || !send("protected_#{password_field}").nil?
+            login_field && (!send(login_field).nil? || !send("protected_#{password_field}").nil?)
           end
           
           def validate_by_password

data/lib/authlogic/session/priority_record.rb

@@ -16,7 +16,7 @@ module Authlogic
       def credentials=(value)
         super
         values = value.is_a?(Array) ? value : [value]
-        self.priority_record = values.second if values.second.class < ::ActiveRecord::Base
+        self.priority_record = values[1] if values[1].class < ::ActiveRecord::Base
       end
       
       private

data/lib/authlogic/session/session.rb

@@ -49,7 +49,7 @@ module Authlogic
           def session_key
             build_key(self.class.session_key)
           end
-        
+          
           def update_session
             controller.session[session_key] = record && record.persistence_token
             controller.session["#{session_key}_#{klass.primary_key}"] = record && record.send(record.class.primary_key)

data/lib/authlogic/test_case/controller_adapter.rb

@@ -4,11 +4,10 @@ module Authlogic
     # a request is made, ultimately letting you log in users in functional tests.
     class ControllerAdapter < ControllerAdapters::AbstractAdapter
       def authenticate_with_http_basic(&block)
-        controller.authenticate_with_http_basic(&block)
       end
       
       def cookies
-        new_cookies = {}
+        new_cookies = MockCookieJar.new
         super.each do |key, value|
           new_cookies[key] = value[:value]
         end
@@ -20,7 +19,7 @@ module Authlogic
       end
       
       def request
-        @request ||= MockRequest.new
+        @request ||= MockRequest.new(controller)
       end
       
       def request_content_type

data/lib/authlogic/test_case/mock_controller.rb

@@ -2,7 +2,7 @@ module Authlogic
   module TestCase
     # Basically acts like a controller but doesn't do anything. Authlogic can interact with this, do it's thing and then you
     # can look at the controller object to see if anything changed.
-    class MockController < ControllerAdapters::AbstractAdapter
+    class MockController < ControllerAdapter
       attr_accessor :http_user, :http_password
       attr_writer :request_content_type
   
@@ -29,10 +29,6 @@ module Authlogic
         @params ||= {}
       end
   
-      def request
-        @request ||= MockRequest.new
-      end
-  
       def request_content_type
         @request_content_type ||= "text/html"
       end

data/lib/authlogic/test_case/mock_request.rb

@@ -1,12 +1,24 @@
 module Authlogic
   module TestCase
     class MockRequest # :nodoc:
+      attr_accessor :controller
+      
+      def initialize(controller)
+        self.controller = controller
+      end
+      
       def request_method
         nil
       end
       
+      def referer
+      end
+      
       def remote_ip
-        "1.1.1.1"
+        (controller && controller.respond_to?(:env) && controller.env.is_a?(Hahs) && controller.env['REMOTE_ADDR']) || "1.1.1.1"
+      end
+      
+      def user_agent
       end
     end
   end

data/lib/authlogic/version.rb

@@ -41,7 +41,7 @@ module Authlogic # :nodoc:
 
     MAJOR = 2
     MINOR = 0
-    TINY  = 5
+    TINY  = 6
 
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/shoulda_macros/authlogic.rb

@@ -4,7 +4,8 @@ module Authlogic
       def self.should_be_authentic
         klass = model_class
         should "acts as authentic" do
-          assert klass.respond_to?(:acts_as_authentic_config)
+          assert klass.respond_to?(:password=)
+          assert klass.respond_to?(:valid_password?)
         end
       end
     end

data/test/acts_as_authentic_test/base_test.rb

@@ -8,5 +8,11 @@ module ActsAsAuthenticTest
         end
       end
     end
+    
+    def test_acts_as_authentic_with_old_config
+      assert_raise(ArgumentError) do
+        User.acts_as_authentic({})
+      end
+    end
   end
 end

data/test/acts_as_authentic_test/email_test.rb

@@ -44,7 +44,7 @@ module ActsAsAuthenticTest
     end
     
     def test_validates_uniqueness_of_email_field_options_config
-      default = {:scope => Employee.validations_scope, :if => "#{Employee.email_field}_changed?".to_sym}
+      default = {:case_sensitive => false, :scope => Employee.validations_scope, :if => "#{Employee.email_field}_changed?".to_sym}
       assert_equal default, Employee.validates_uniqueness_of_email_field_options
       
       Employee.validates_uniqueness_of_email_field_options = {:yes => "no"}
@@ -81,9 +81,20 @@ module ActsAsAuthenticTest
       assert !u.valid?
       assert u.errors.on(:email)
       
+      u.email = "BJOHNSON@binarylogic.com"
+      assert !u.valid?
+      assert u.errors.on(:email)
+      
       u.email = "a@a.com"
       assert !u.valid?
       assert !u.errors.on(:email)
     end
+    
+    def test_find_with_email
+      ben = users(:ben)
+      assert_equal ben, User.find_with_email("bjohnson@binarylogic.com")
+      assert_equal ben, User.find_with_email("bJohnson@binarylogic.com")
+      assert_equal ben, User.find_with_email("BJOHNSON@BINARYLOGIC.COM")
+    end
   end
 end

data/test/acts_as_authentic_test/login_test.rb

@@ -44,7 +44,7 @@ module ActsAsAuthenticTest
     end
     
     def test_validates_uniqueness_of_login_field_options_config
-      default = {:scope => User.validations_scope, :if => "#{User.login_field}_changed?".to_sym}
+      default = {:case_sensitive => false, :scope => User.validations_scope, :if => "#{User.login_field}_changed?".to_sym}
       assert_equal default, User.validates_uniqueness_of_login_field_options
       
       User.validates_uniqueness_of_login_field_options = {:yes => "no"}
@@ -81,9 +81,20 @@ module ActsAsAuthenticTest
       assert !u.valid?
       assert u.errors.on(:login)
       
+      u.login = "BJOHNSON"
+      assert !u.valid?
+      assert u.errors.on(:login)
+      
       u.login = "fdsfdsf"
       assert !u.valid?
       assert !u.errors.on(:login)
     end
+    
+    def test_find_with_login
+      ben = users(:ben)
+      assert_equal ben, User.find_with_login("bjohnson")
+      assert_equal ben, User.find_with_login("BJOHNSON")
+      assert_equal ben, User.find_with_login("Bjohnson")
+    end
   end
 end

data/test/acts_as_authentic_test/password_test.rb

@@ -22,6 +22,16 @@ module ActsAsAuthenticTest
       assert_equal :password_salt, User.password_salt_field
     end
     
+    def test_ignore_blank_passwords_config
+      assert User.ignore_blank_passwords
+      assert Employee.ignore_blank_passwords
+      
+      User.ignore_blank_passwords = false
+      assert !User.ignore_blank_passwords
+      User.ignore_blank_passwords true
+      assert User.ignore_blank_passwords
+    end
+    
     def test_validate_password_field_config
       assert User.validate_password_field
       assert Employee.validate_password_field

data/test/session_test/active_record_trickery_test.rb

@@ -5,6 +5,7 @@ module SessionTest
     class ClassMethodsTest < ActiveSupport::TestCase
       def test_human_attribute_name
         assert_equal "Some attribute", UserSession.human_attribute_name("some_attribute")
+        assert_equal "Some attribute", UserSession.human_attribute_name(:some_attribute)
       end
     
       def test_human_name

data/test/session_test/cookies_test.rb

@@ -91,7 +91,7 @@ module SessionTest
         ben = users(:ben)
         session = UserSession.new(ben)
         assert session.save
-        assert_equal ben.persistence_token, controller.cookies["user_credentials"]
+        assert_equal "#{ben.persistence_token}::#{ben.id}", controller.cookies["user_credentials"]
       end
     
       def test_after_destroy_destroy_cookie

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: authlogic
 version: !ruby/object:Gem::Version 
-  version: 2.0.5
+  version: 2.0.6
 platform: ruby
 authors: 
 - Ben Johnson of Binary Logic
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-03-30 00:00:00 -04:00
+date: 2009-04-09 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -30,7 +30,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.11.0
+        version: 1.12.1
     version: 
 description: A clean, simple, and unobtrusive ruby authentication solution.
 email: bjohnson@binarylogic.com