authlogic 2.1.10 → 2.1.11
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of authlogic might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/authlogic.gemspec +1 -1
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +14 -14
- data/lib/authlogic/session/cookies.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3203bbce50c553b0b0c99097a8ad6f6c6a4a217d
|
|
4
|
+
data.tar.gz: 13e0bf060300a0f2212a06c7e7cb115e43b641fb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f16e10584c146cd3d9b27a86930bb27b8b3b2254ceeb02cf484203cc0d531b6940dfa951c815051b872344936eb55a2aaee1726ce092e4aeb2bdc72739656d9
|
|
7
|
+
data.tar.gz: eb9dba329e7508027d7fd7d7e52121e48d63bf2a2bf125e459d406e5e0e870c132e69e9d03ab8428813c4d62cad9197c6aefa05ee5707929bb4364fbaf85275f
|
data/authlogic.gemspec
CHANGED
|
@@ -11,7 +11,7 @@ module Authlogic
|
|
|
11
11
|
add_acts_as_authentic_module(Methods)
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
|
-
|
|
14
|
+
|
|
15
15
|
# Change how the perishable token works.
|
|
16
16
|
module Config
|
|
17
17
|
# When using the find_using_perishable_token method the token can expire. If the token is expired, no
|
|
@@ -23,7 +23,7 @@ module Authlogic
|
|
|
23
23
|
rw_config(:perishable_token_valid_for, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
|
|
24
24
|
end
|
|
25
25
|
alias_method :perishable_token_valid_for=, :perishable_token_valid_for
|
|
26
|
-
|
|
26
|
+
|
|
27
27
|
# Authlogic tries to expire and change the perishable token as much as possible, without comprising
|
|
28
28
|
# it's purpose. This is for security reasons. If you want to manage it yourself, you can stop
|
|
29
29
|
# Authlogic from getting your in way by setting this to true.
|
|
@@ -35,21 +35,21 @@ module Authlogic
|
|
|
35
35
|
end
|
|
36
36
|
alias_method :disable_perishable_token_maintenance=, :disable_perishable_token_maintenance
|
|
37
37
|
end
|
|
38
|
-
|
|
38
|
+
|
|
39
39
|
# All methods relating to the perishable token.
|
|
40
40
|
module Methods
|
|
41
41
|
def self.included(klass)
|
|
42
42
|
return if !klass.column_names.include?("perishable_token")
|
|
43
|
-
|
|
43
|
+
|
|
44
44
|
klass.class_eval do
|
|
45
45
|
extend ClassMethods
|
|
46
46
|
include InstanceMethods
|
|
47
|
-
|
|
47
|
+
|
|
48
48
|
validates_uniqueness_of :perishable_token, :if => :perishable_token_changed?
|
|
49
49
|
before_save :reset_perishable_token, :unless => :disable_perishable_token_maintenance?
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
|
-
|
|
52
|
+
|
|
53
53
|
# Class level methods for the perishable token
|
|
54
54
|
module ClassMethods
|
|
55
55
|
# Use this methdo to find a record with a perishable token. This method does 2 things for you:
|
|
@@ -63,37 +63,37 @@ module Authlogic
|
|
|
63
63
|
def find_using_perishable_token(token, age = self.perishable_token_valid_for)
|
|
64
64
|
return if token.blank?
|
|
65
65
|
age = age.to_i
|
|
66
|
-
|
|
66
|
+
|
|
67
67
|
conditions_sql = "perishable_token = ?"
|
|
68
|
-
conditions_subs = [token]
|
|
69
|
-
|
|
68
|
+
conditions_subs = [token.to_s]
|
|
69
|
+
|
|
70
70
|
if column_names.include?("updated_at") && age > 0
|
|
71
71
|
conditions_sql += " and updated_at > ?"
|
|
72
72
|
conditions_subs << age.seconds.ago
|
|
73
73
|
end
|
|
74
|
-
|
|
74
|
+
|
|
75
75
|
find(:first, :conditions => [conditions_sql, *conditions_subs])
|
|
76
76
|
end
|
|
77
|
-
|
|
77
|
+
|
|
78
78
|
# This method will raise ActiveRecord::NotFound if no record is found.
|
|
79
79
|
def find_using_perishable_token!(token, age = perishable_token_valid_for)
|
|
80
80
|
find_using_perishable_token(token, age) || raise(ActiveRecord::RecordNotFound)
|
|
81
81
|
end
|
|
82
82
|
end
|
|
83
|
-
|
|
83
|
+
|
|
84
84
|
# Instance level methods for the perishable token.
|
|
85
85
|
module InstanceMethods
|
|
86
86
|
# Resets the perishable token to a random friendly token.
|
|
87
87
|
def reset_perishable_token
|
|
88
88
|
self.perishable_token = Random.friendly_token
|
|
89
89
|
end
|
|
90
|
-
|
|
90
|
+
|
|
91
91
|
# Same as reset_perishable_token, but then saves the record afterwards.
|
|
92
92
|
def reset_perishable_token!
|
|
93
93
|
reset_perishable_token
|
|
94
94
|
save_without_session_maintenance(false)
|
|
95
95
|
end
|
|
96
|
-
|
|
96
|
+
|
|
97
97
|
# A convenience method based on the disable_perishable_token_maintenance configuration option.
|
|
98
98
|
def disable_perishable_token_maintenance?
|
|
99
99
|
self.class.disable_perishable_token_maintenance == true
|
|
@@ -154,7 +154,7 @@ module Authlogic
|
|
|
154
154
|
# Tries to validate the session from information in the cookie
|
|
155
155
|
def persist_by_cookie
|
|
156
156
|
persistence_token, record_id = cookie_credentials
|
|
157
|
-
if !persistence_token.
|
|
157
|
+
if !persistence_token.blank?
|
|
158
158
|
record = record_id.nil? ? search_for_record("find_by_persistence_token", persistence_token) : search_for_record("find_by_#{klass.primary_key}", record_id)
|
|
159
159
|
self.unauthorized_record = record if record && record.persistence_token == persistence_token
|
|
160
160
|
valid?
|