authlogic 2.1.1 → 2.1.2

data/CHANGELOG.rdoc

@@ -1,3 +1,8 @@
+== 2.1.2
+
+* Return the newly create object for the class level create method, instead of a boolean
+* Add a model_name class method for Authlogic::Session for rails 3 compatibility. Will be using ActiveModel eventually, but this should be a quick fix.
+
 == 2.1.1 released 2009-7-04
 
 * Use mb_chars when downcasing the login string to support international characters.

data/README.rdoc

@@ -55,12 +55,12 @@ Authlogic is very flexible, it has a strong public API and a plethora of hooks t
 * <b>Live example with OpenID "add on":</b> http://authlogicexample.binarylogic.com
 * <b>Live example repository with tutorial in README:</b> http://github.com/binarylogic/authlogic_example/tree/master
 * <b>Tutorial: Reset passwords with Authlogic the RESTful way:</b> http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic
-* <b>Bugs / feature suggestions:</b> http://binarylogic.lighthouseapp.com/projects/18752-authlogic
+* <b>Issues:</b> http://github.com/binarylogic/authlogic/issues
 * <b>Google group:</b> http://groups.google.com/group/authlogic
 
 <b>Before contacting me directly, please read:</b>
 
-If you find a bug or a problem please post it on lighthouse. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. This also benefits other people in the future with the same questions / problems. Thank you.
+If you find a bug or a problem please post it in the issues section. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. This also benefits other people in the future with the same questions / problems. Thank you.
 
 == Authlogic "add ons"
 
@@ -223,7 +223,7 @@ I think one of the best aspects of Authlogic is testing. For one, it cuts out <b
 
 For example, think about ActiveRecord. You don't test the internals of ActiveRecord, because the creators of ActiveRecord have already tested the internals for you. It wouldn't make sense for ActiveRecord to copy it's hundreds of tests into your applications. The same concept applies to Authlogic. You only need to test code you write that is specific to your application, just like everything else in your application.
 
-That being said, testing your code that uses Authlogic is easy. Since everyone uses different testing suites, I created a helpful module called Authlogic::TestCase, which is basically a set of tools for testing code using Authlogic. I explain testing Authlogic thoroughly in the {Authlogic::TestCase section of the documentation}[http://authlogic.rubyforge.org/classes/Authlogic/TestCase.html]. It should answer any questions you have in regards to testing Authlogic.
+That being said, testing your code that uses Authlogic is easy. Since everyone uses different testing suites, I created a helpful module called Authlogic::TestCase, which is basically a set of tools for testing code using Authlogic. I explain testing Authlogic thoroughly in the {Authlogic::TestCase section of the documentation}[http://rdoc.info/rdoc/binarylogic/authlogic/blob/f2f6988d3b97e11770b00b72a7a9733df69ffa5b/Authlogic/TestCase.html]. It should answer any questions you have in regards to testing Authlogic.
 
 == Tell me quickly how Authlogic works
 
@@ -239,7 +239,7 @@ What inspired me to create Authlogic was the messiness of the current authentica
 4. <b>No redundant tests.</b> Because Authlogic doesn't use generators, #1 also applies to tests. Authlogic is *thoroughly* tested for you. You don't go and test the internals of ActiveRecord in each of your apps do you? So why do the same for Authlogic? Your application tests should be for application specific code. Get rid of the noise and make your tests focused and concise, no reason to copy tests from app to app.
 5. <b>Framework agnostic</b>. Authlogic can be used in *any* ruby framework you want: Rails, Merb, Sinatra, Mack, your own framework, whatever. It's not tied down to Rails. It does this by abstracting itself from these framework's controllers by using a controller adapter. Thanks to {Rack}[http://rack.rubyforge.org/], there is a defined standard for controller structure, and that's what Authlogic's abstract adapter follows. So if your controller follows the rack standards, you don't need to do anything. Any place it deviates from this is solved by a simple adapter for your framework that closes these gaps. For an example, checkout the Authlogic::ControllerAdapters::MerbAdapter.
 5. <b>You are not restricted to a single session.</b> Think about Apple's me.com, where they need you to authenticate a second time before changing your billing information. Why not just create a second session for this? It works just like your initial session. Then your billing controller can require an "ultra secure" session.
-6. <b>Easily extendable.</b> One of the distinct advantages of using a library is the ability to use it's API, assuming it has one. Authlogic has an *excellent* public API, meaning it can easily be extended and grow beyond the core library. Checkout the "add ons" list above to see what I mean.
+6. <b>Easily extendable.</b> One of the distinct advantages of using a library is the ability to use its API, assuming it has one. Authlogic has an *excellent* public API, meaning it can easily be extended and grow beyond the core library. Checkout the "add ons" list above to see what I mean.
 
 
 Copyright (c) 2009 {Ben Johnson of Binary Logic}[http://www.binarylogic.com], released under the MIT license

data/Rakefile

@@ -12,13 +12,14 @@ begin
     gem.rubyforge_project = "authlogic"
     gem.add_dependency "activesupport"
   end
+  Jeweler::RubyforgeTasks.new
 rescue LoadError
   puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
 end
 
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |test|
-  test.libs << 'lib' << 'test'
+  test.libs << 'test'
   test.pattern = 'test/**/*_test.rb'
   test.verbose = true
 end
@@ -36,14 +37,6 @@ rescue LoadError
   end
 end
 
-task :default => :test
+task :test => :check_dependencies
 
-begin
-  require 'rake/contrib/sshpublisher'
-  namespace :rubyforge do
-    desc "Release gem to RubyForge"
-    task :release => ["rubyforge:release:gem"]
-  end
-rescue LoadError
-  puts "Rake SshDirPublisher is unavailable or your rubyforge environment is not configured."
-end
+task :default => :test

data/VERSION.yml

@@ -1,4 +1,4 @@
 --- 
-:patch: 1
+:patch: 2
 :major: 2
 :minor: 1

data/authlogic.gemspec

@@ -1,12 +1,15 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE
+# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
   s.name = %q{authlogic}
-  s.version = "2.1.1"
+  s.version = "2.1.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Ben Johnson of Binary Logic"]
-  s.date = %q{2009-07-04}
+  s.date = %q{2009-09-12}
   s.email = %q{bjohnson@binarylogic.com}
   s.extra_rdoc_files = [
     "LICENSE",
@@ -41,12 +44,14 @@ Gem::Specification.new do |s|
      "lib/authlogic/controller_adapters/abstract_adapter.rb",
      "lib/authlogic/controller_adapters/merb_adapter.rb",
      "lib/authlogic/controller_adapters/rails_adapter.rb",
+     "lib/authlogic/controller_adapters/sinatra_adapter.rb",
      "lib/authlogic/crypto_providers/aes256.rb",
      "lib/authlogic/crypto_providers/bcrypt.rb",
      "lib/authlogic/crypto_providers/md5.rb",
      "lib/authlogic/crypto_providers/sha1.rb",
      "lib/authlogic/crypto_providers/sha512.rb",
      "lib/authlogic/i18n.rb",
+     "lib/authlogic/i18n/translator.rb",
      "lib/authlogic/random.rb",
      "lib/authlogic/regex.rb",
      "lib/authlogic/session/activation.rb",
@@ -100,6 +105,7 @@ Gem::Specification.new do |s|
      "test/fixtures/employees.yml",
      "test/fixtures/projects.yml",
      "test/fixtures/users.yml",
+     "test/i18n_test.rb",
      "test/libs/affiliate.rb",
      "test/libs/company.rb",
      "test/libs/employee.rb",
@@ -137,7 +143,7 @@ Gem::Specification.new do |s|
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{authlogic}
-  s.rubygems_version = %q{1.3.4}
+  s.rubygems_version = %q{1.3.5}
   s.summary = %q{A clean, simple, and unobtrusive ruby authentication solution.}
   s.test_files = [
     "test/acts_as_authentic_test/base_test.rb",
@@ -156,6 +162,7 @@ Gem::Specification.new do |s|
      "test/crypto_provider_test/bcrypt_test.rb",
      "test/crypto_provider_test/sha1_test.rb",
      "test/crypto_provider_test/sha512_test.rb",
+     "test/i18n_test.rb",
      "test/libs/affiliate.rb",
      "test/libs/company.rb",
      "test/libs/employee.rb",

data/lib/authlogic.rb

@@ -1,4 +1,4 @@
-require "active_support"
+require "active_record"
 
 require File.dirname(__FILE__) + "/authlogic/i18n"
 require File.dirname(__FILE__) + "/authlogic/random"
@@ -7,6 +7,7 @@ require File.dirname(__FILE__) + "/authlogic/regex"
 require File.dirname(__FILE__) + "/authlogic/controller_adapters/abstract_adapter"
 require File.dirname(__FILE__) + "/authlogic/controller_adapters/rails_adapter" if defined?(Rails)
 require File.dirname(__FILE__) + "/authlogic/controller_adapters/merb_adapter" if defined?(Merb)
+require File.dirname(__FILE__) + "/authlogic/controller_adapters/sinatra_adapter" if defined?(Sinatra)
 
 require File.dirname(__FILE__) + "/authlogic/crypto_providers/md5"
 require File.dirname(__FILE__) + "/authlogic/crypto_providers/sha1"
@@ -52,4 +53,4 @@ require File.dirname(__FILE__) + "/authlogic/session/session"
 require File.dirname(__FILE__) + "/authlogic/session/timeout"
 require File.dirname(__FILE__) + "/authlogic/session/unauthorized_record"
 require File.dirname(__FILE__) + "/authlogic/session/validation"
-require File.dirname(__FILE__) + "/authlogic/session/base"
+require File.dirname(__FILE__) + "/authlogic/session/base"

data/lib/authlogic/acts_as_authentic/base.rb

@@ -92,21 +92,16 @@ module Authlogic
   end
 end
 
-if defined?(::ActiveRecord)
-  module ::ActiveRecord
-    class Base
-      include Authlogic::ActsAsAuthentic::Base
-      include Authlogic::ActsAsAuthentic::Email
-      include Authlogic::ActsAsAuthentic::LoggedInStatus
-      include Authlogic::ActsAsAuthentic::Login
-      include Authlogic::ActsAsAuthentic::MagicColumns
-      include Authlogic::ActsAsAuthentic::Password
-      include Authlogic::ActsAsAuthentic::PerishableToken
-      include Authlogic::ActsAsAuthentic::PersistenceToken
-      include Authlogic::ActsAsAuthentic::RestfulAuthentication
-      include Authlogic::ActsAsAuthentic::SessionMaintenance
-      include Authlogic::ActsAsAuthentic::SingleAccessToken
-      include Authlogic::ActsAsAuthentic::ValidationsScope
-    end
-  end
-end
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Base
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Email
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::LoggedInStatus
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Login
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::MagicColumns
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Password
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::PerishableToken
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::PersistenceToken
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::RestfulAuthentication
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SessionMaintenance
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SingleAccessToken
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::ValidationsScope
+

data/lib/authlogic/controller_adapters/sinatra_adapter.rb

@@ -0,0 +1,61 @@
+# Authlogic bridge for Sinatra
+module Authlogic
+  module ControllerAdapters
+    module SinatraAdapter
+      class Cookies
+        attr_reader :request, :response
+
+        def initialize(request, response)
+          @request = request
+          @response = response
+        end
+
+        def delete(key, options = {})
+          @request.cookies.delete(key)
+        end
+
+        def []=(key, options)
+          @response.set_cookie(key, options)
+        end
+
+        def method_missing(meth, *args, &block)
+          @request.cookies.send(meth, *args, &block)
+        end
+      end
+
+      class Controller
+        attr_reader :request, :response, :cookies
+
+        def initialize(request, response)
+          @request = request
+          @cookies = Cookies.new(request, response)
+        end
+
+        def session
+          env['rack.session']
+        end
+
+        def method_missing(meth, *args, &block)
+          @request.send meth, *args, &block
+        end
+      end
+
+      class Adapter < AbstractAdapter
+        def cookie_domain
+          env['SERVER_NAME']
+        end
+
+        module Implementation
+          def self.included(klass)
+            klass.send :before do
+              controller = Controller.new(request, response)
+              Authlogic::Session::Base.controller = Adapter.new(controller)
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+Sinatra::Request.send(:include, Authlogic::ControllerAdapters::SinatraAdapter::Adapter::Implementation)

data/lib/authlogic/i18n.rb

@@ -1,3 +1,5 @@
+require "authlogic/i18n/translator"
+
 module Authlogic
   # This class allows any message in Authlogic to use internationalization. In earlier versions of Authlogic each message was translated via configuration.
   # This cluttered up the configuration and cluttered up Authlogic. So all translation has been extracted out into this class. Now all messages pass through
@@ -11,18 +13,17 @@ module Authlogic
   #
   #   Authlogic::I18n.t('error_messages.password_invalid', :default => "is invalid")
   #
-  # If you use a different I18n library or plugin just redefine the t method in the Authlogic::I18n class to do whatever you want with those options. For example:
+  # If you use a different I18n library just replace the build-in I18n::Translator class with your own. For example:
   #
-  #   # config/initializers/authlogic.rb
-  #   module MyAuthlogicI18nAdapter
-  #     def t(key, options = {})
+  #   class MyAuthlogicI18nTranslator
+  #     def translate(key, options = {})
   #       # you will have key which will be something like: "error_messages.password_invalid"
   #       # you will also have options[:default], which will be the default english version of the message
   #       # do whatever you want here with the arguments passed to you.
   #     end
   #   end
   #   
-  #   Authlogic::I18n.extend MyAuthlogicI18nAdapter
+  #   Authlogic::I18n.translator = MyAuthlogicI18nTranslator.new
   #
   # That it's! Here is a complete list of the keys that are passed. Just define these however you wish:
   #
@@ -47,17 +48,36 @@ module Authlogic
   #         email: email
   #         password: password
   #         remember_me: remember me
-  class I18n
+  module I18n
+    @@scope = :authlogic
+    @@translator = nil
+    
     class << self
+      # Returns the current scope. Defaults to :authlogic
+      def scope
+        @@scope
+      end
+   
+      # Sets the current scope. Used to set a custom scope.
+      def scope=(scope)
+        @@scope = scope
+      end
+      
+      # Returns the current translator. Defaults to +Translator+.
+      def translator
+        @@translator ||= Translator.new
+      end
+      
+      # Sets the current translator. Used to set a custom translator.
+      def translator=(translator)
+        @@translator = translator
+      end
+    
       # All message translation is passed to this method. The first argument is the key for the message. The second is options, see the rails I18n library for a list of options used.
-      def t(key, options = {})
-        if defined?(::I18n)
-          ::I18n.t(key, options.merge(:scope => :authlogic))
-        else
-          options[:default]
-        end
+      def translate(key, options = {})
+        translator.translate key, { :scope => I18n.scope }.merge(options)
       end
-      alias_method :translate, :t
+      alias :t :translate
     end
   end
-end
+end

data/lib/authlogic/i18n/translator.rb

@@ -0,0 +1,15 @@
+module Authlogic
+  module I18n
+    class Translator
+      # If the I18n gem is present, calls +I18n.translate+ passing all 
+      # arguments, else returns +options[:default]+.
+      def translate(key, options = {})
+        if defined?(::I18n)
+          ::I18n.translate key, options
+        else
+          options[:default]
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/session/active_record_trickery.rb

@@ -33,10 +33,16 @@ module Authlogic
           [self]
         end
         
-        # For Rails >2.3, fix mispelling
+        # For rails >= 2.3, mispelling fixed
         def self_and_descendants_from_active_record
           [self]
         end
+        
+        # For rails >= 3.0
+        def model_name
+          clazz = defined?(::ActiveModel) ? ::ActiveModel::Name : ::ActiveSupport::ModelName
+          clazz.new(self.to_s)
+        end
       end
       
       module InstanceMethods
@@ -44,7 +50,12 @@ module Authlogic
         def new_record?
           new_session?
         end
+        
+        # For rails >= 3.0
+        def to_model
+          self
+        end
       end
     end
   end
-end
+end

data/lib/authlogic/session/brute_force_protection.rb

@@ -57,7 +57,8 @@ module Authlogic
         # Notice the word temporary, the user will not be permanently banned unless you choose to do so with configuration.
         # By default they will be banned for 2 hours. During that 2 hour period this method will return true.
         def being_brute_force_protected?
-          exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 || (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago))
+          exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 ||
+            (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago))
         end
         
         private
@@ -76,7 +77,10 @@ module Authlogic
         
           def validate_failed_logins
             errors.clear # Clear all other error messages, as they are irrelevant at this point and can only provide additional information that is not needed
-            errors.add(:base, I18n.t('error_messages.consecutive_failed_logins_limit_exceeded', :default => "Consecutive failed logins limit exceeded, account is disabled."))
+            errors.add(:base, I18n.t(
+              'error_messages.consecutive_failed_logins_limit_exceeded', 
+              :default => "Consecutive failed logins limit exceeded, account has been" + (failed_login_ban_for == 0 ? "" : " temporarily") + " disabled."
+            ))
           end
           
           def consecutive_failed_logins_limit

data/lib/authlogic/session/callbacks.rb

@@ -55,7 +55,8 @@ module Authlogic
     module Callbacks
       METHODS = [
         "before_persisting", "persist", "after_persisting",
-        "before_validation", "before_validation_on_create", "before_validation_on_update", "validate", "after_validation_on_update", "after_validation_on_create", "after_validation",
+        "before_validation", "before_validation_on_create", "before_validation_on_update", "validate",
+        "after_validation_on_update", "after_validation_on_create", "after_validation",
         "before_save", "before_create", "before_update", "after_update", "after_create", "after_save",
         "before_destroy", "after_destroy"
       ]

data/lib/authlogic/session/cookies.rb

@@ -69,12 +69,12 @@ module Authlogic
           return @remember_me if defined?(@remember_me)
           @remember_me = self.class.remember_me
         end
-      
+        
         # Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for "remember_me_until".
         def remember_me=(value)
           @remember_me = value
         end
-      
+        
         # See remember_me
         def remember_me?
           remember_me == true || remember_me == "true" || remember_me == "1"
@@ -85,7 +85,7 @@ module Authlogic
           return unless remember_me?
           self.class.remember_me_for
         end
-      
+        
         # When to expire the cookie. See remember_me_for configuration option to change this.
         def remember_me_until
           return unless remember_me?
@@ -112,7 +112,7 @@ module Authlogic
               false
             end
           end
-        
+          
           def save_cookie
             controller.cookies[cookie_key] = {
               :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
@@ -120,7 +120,7 @@ module Authlogic
               :domain => controller.cookie_domain
             }
           end
-        
+          
           def destroy_cookie
             controller.cookies.delete cookie_key, :domain => controller.cookie_domain
           end

data/lib/authlogic/session/existence.rb

@@ -28,12 +28,14 @@ module Authlogic
         def create(*args, &block)
           session = new(*args)
           session.save(&block)
+          session
         end
         
         # Same as create but calls create!, which raises an exception when validation fails.
         def create!(*args)
           session = new(*args)
           session.save!
+          session
         end
       end
       

data/lib/authlogic/session/magic_columns.rb

@@ -24,9 +24,10 @@ module Authlogic
       
       # Configuration for the magic columns feature.
       module Config
-        # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists. If you want to limit how frequent that field is updated specify the threshold
-        # here. For example, if your user is making a request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threashold. Set this to 1.minute. Once a minute has passed in between
-        # requests the field will be updated.
+        # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists.
+        # If you want to limit how frequent that field is updated specify the threshold here. For example, if your user is making a
+        # request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threashold. Set this to 1.minute.
+        # Once a minute has passed in between requests the field will be updated.
         #
         # * <tt>Default:</tt> 0
         # * <tt>Accepts:</tt> integer representing time in seconds

data/lib/authlogic/session/magic_states.rb

@@ -9,7 +9,8 @@ module Authlogic
     #
     # Authlogic does nothing to define these methods for you, its up to you to define what they mean. If your object responds to these methods Authlogic will use them, otherwise they are ignored.
     #
-    # What's neat about this is that these are checked upon any type of login. When logging in explicitly, by cookie, session, or basic http auth. So if you mark a user inactive in the middle of their session they wont be logged back in next time they refresh the page. Giving you complete control.
+    # What's neat about this is that these are checked upon any type of login. When logging in explicitly, by cookie, session, or basic http auth.
+    # So if you mark a user inactive in the middle of their session they wont be logged back in next time they refresh the page. Giving you complete control.
     #
     # Need Authlogic to check your own "state"? No problem, check out the hooks section below. Add in a before_validation to do your own checking. The sky is the limit.
     module MagicStates

data/lib/authlogic/session/params.rb

@@ -47,8 +47,9 @@ module Authlogic
         end
         alias_method :params_key=, :params_key
         
-        # Authentication is allowed via a single access token, but maybe this is something you don't want for your application as a whole. Maybe this is something you only want for specific request types.
-        # Specify a list of allowed request types and single access authentication will only be allowed for the ones you specify.
+        # Authentication is allowed via a single access token, but maybe this is something you don't want for your application as a whole. Maybe this is
+        # something you only want for specific request types. Specify a list of allowed request types and single access authentication will only be
+        # allowed for the ones you specify.
         #
         # * <tt>Default:</tt> ["application/rss+xml", "application/atom+xml"]
         # * <tt>Accepts:</tt> String of a request type, or :all or :any to allow single access authentication for any and all request types

data/lib/authlogic/session/password.rb

@@ -16,12 +16,15 @@ module Authlogic
       
       # Password configuration
       module Config
-        # Authlogic tries to validate the credentials passed to it. One part of validation is actually finding the user and making sure it exists. What method it uses the do this is up to you.
+        # Authlogic tries to validate the credentials passed to it. One part of validation is actually finding the user and
+        # making sure it exists. What method it uses the do this is up to you.
         #
-        # Let's say you have a UserSession that is authenticating a User. By default UserSession will call User.find_by_login(login). You can change what method UserSession calls by specifying it here. Then
-        # in your User model you can make that method do anything you want, giving you complete control of how users are found by the UserSession.
+        # Let's say you have a UserSession that is authenticating a User. By default UserSession will call User.find_by_login(login).
+        # You can change what method UserSession calls by specifying it here. Then in your User model you can make that method do
+        # anything you want, giving you complete control of how users are found by the UserSession.
         #
-        # Let's take an example: You want to allow users to login by username or email. Set this to the name of the class method that does this in the User model. Let's call it "find_by_username_or_email"
+        # Let's take an example: You want to allow users to login by username or email. Set this to the name of the class method
+        # that does this in the User model. Let's call it "find_by_username_or_email"
         #
         #   class User < ActiveRecord::Base
         #     def self.find_by_username_or_email(login)
@@ -29,8 +32,8 @@ module Authlogic
         #     end
         #   end
         #
-        # Now just specify the name of this method for this configuration option and you are all set. You can do anything you want here. Maybe you allow users to have multiple logins
-        # and you want to search a has_many relationship, etc. The sky is the limit.
+        # Now just specify the name of this method for this configuration option and you are all set. You can do anything you
+        # want here. Maybe you allow users to have multiple logins and you want to search a has_many relationship, etc. The sky is the limit.
         #
         # * <tt>Default:</tt> "find_by_smart_case_login_field"
         # * <tt>Accepts:</tt> Symbol or String
@@ -50,9 +53,17 @@ module Authlogic
         #     generalize_credentials_error_messages true
         #   end
         #
-        # This would make the error message for bad logins and bad passwords look identical:
+        #   This would make the error message for bad logins and bad passwords look identical:
         #
         #   Login/Password combination is not valid
+        #  
+        #   Alternatively you may use a custom message:
+        # 
+        #   class UserSession < AuthLogic::Session::Base
+        #     generalize_credentials_error_messages "Your login information is invalid"
+        #   end
+        #
+        #   This will instead show your custom error message when the UserSession is invalid.
         #
         # The downside to enabling this is that is can be too vague for a user that has a hard time remembering
         # their username and password combinations. It also disables the ability to to highlight the field
@@ -89,7 +100,8 @@ module Authlogic
         end
         alias_method :password_field=, :password_field
         
-        # The name of the method in your model used to verify the password. This should be an instance method. It should also be prepared to accept a raw password and a crytped password.
+        # The name of the method in your model used to verify the password. This should be an instance method. It should also
+        # be prepared to accept a raw password and a crytped password.
         #
         # * <tt>Default:</tt> "valid_password?"
         # * <tt>Accepts:</tt> Symbol or String
@@ -114,7 +126,8 @@ module Authlogic
 
               self.class.class_eval <<-"end_eval", __FILE__, __LINE__
                 private
-                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the attempted password. To prevent this we just create this method that is private.
+                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the
+                  # attempted password. To prevent this we just create this method that is private.
                   def protected_#{password_field}
                     @#{password_field}
                   end
@@ -168,15 +181,18 @@ module Authlogic
             return if errors.count > 0
 
             self.attempted_record = search_for_record(find_by_login_method, send(login_field))
-
             if attempted_record.blank?
-              generalize_credentials_error_messages? ? add_general_credentials_error : errors.add(login_field, I18n.t('error_messages.login_not_found', :default => "is not valid"))
+              generalize_credentials_error_messages? ?
+                add_general_credentials_error :
+                errors.add(login_field, I18n.t('error_messages.login_not_found', :default => "is not valid"))
               return
             end
 
             if !attempted_record.send(verify_password_method, send("protected_#{password_field}"))
               self.invalid_password = true
-              generalize_credentials_error_messages? ? add_general_credentials_error : errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
+              generalize_credentials_error_messages? ?
+                add_general_credentials_error :
+                errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
               return
             end
           end
@@ -198,11 +214,17 @@ module Authlogic
           end
           
           def add_general_credentials_error
-            errors.add(:base, I18n.t('error_messages.general_credentials_error', :default => "#{login_field.to_s.humanize}/Password combination is not valid"))
+            error_message = 
+            if self.class.generalize_credentials_error_messages.is_a? String
+              self.class.generalize_credentials_error_messages
+            else
+              "#{login_field.to_s.humanize}/Password combination is not valid"
+            end
+            errors.add(:base, I18n.t('error_messages.general_credentials_error', :default => error_message))
           end
           
           def generalize_credentials_error_messages?
-            self.class.generalize_credentials_error_messages == true
+            self.class.generalize_credentials_error_messages
           end
           
           def password_field
@@ -215,4 +237,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/session/session.rb

@@ -34,7 +34,9 @@ module Authlogic
             if !persistence_token.nil?
               # Allow finding by persistence token, because when records are created the session is maintained in a before_save, when there is no id.
               # This is done for performance reasons and to save on queries.
-              record = record_id.nil? ? search_for_record("find_by_persistence_token", persistence_token) : search_for_record("find_by_#{klass.primary_key}", record_id)
+              record = record_id.nil? ?
+                search_for_record("find_by_persistence_token", persistence_token) :
+                search_for_record("find_by_#{klass.primary_key}", record_id)
               self.unauthorized_record = record if record && record.persistence_token == persistence_token
               valid?
             else

data/lib/authlogic/session/validation.rb

@@ -13,10 +13,12 @@ module Authlogic
       #         errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
       #       end
       #   end
-      class Errors < ::ActiveRecord::Errors
-        def [](key)
-          value = super
-          value.is_a?(Array) ? value : [value].compact
+      class Errors < (defined?(::ActiveModel) ? ::ActiveModel::Errors : ::ActiveRecord::Errors)
+        unless defined?(::ActiveModel)
+          def [](key)
+            value = super
+            value.is_a?(Array) ? value : [value].compact
+          end
         end
       end
       
@@ -77,4 +79,4 @@ module Authlogic
         end
     end
   end
-end
+end

data/shoulda_macros/authlogic.rb

@@ -2,7 +2,7 @@ module Authlogic
   module ShouldaMacros
     class Test::Unit::TestCase
       def self.should_be_authentic
-        klass = model_class
+        klass = described_type rescue model_class
         should "acts as authentic" do
           assert klass.new.respond_to?(:password=)
           assert klass.new.respond_to?(:valid_password?)

data/test/i18n_test.rb

@@ -0,0 +1,33 @@
+require File.dirname(__FILE__) + '/test_helper.rb'
+
+class I18nTest < ActiveSupport::TestCase
+  def test_uses_authlogic_as_scope_by_default
+    assert_equal :authlogic, Authlogic::I18n.scope
+  end
+  
+  def test_can_set_scope
+    assert_nothing_raised { Authlogic::I18n.scope = [:a, :b] }
+    assert_equal [:a, :b], Authlogic::I18n.scope
+    Authlogic::I18n.scope = :authlogic
+  end
+  
+  def test_uses_built_in_translator_by_default
+    assert_equal Authlogic::I18n::Translator, Authlogic::I18n.translator.class
+  end
+  
+  def test_can_set_custom_translator
+    old_translator = Authlogic::I18n.translator
+    
+    assert_nothing_raised do
+      Authlogic::I18n.translator = Class.new do
+        def translate(key, options = {})
+          "Translated: #{key}"
+        end
+      end.new
+    end
+
+    assert_equal "Translated: x", Authlogic::I18n.translate(:x)
+    
+    Authlogic::I18n.translator = old_translator
+  end
+end

data/test/session_test/active_record_trickery_test.rb

@@ -15,6 +15,10 @@ module SessionTest
       def test_self_and_descendents_from_active_record
         assert_equal [UserSession], UserSession.self_and_descendents_from_active_record
       end
+    
+      def test_self_and_descendants_from_active_record
+        assert_equal [UserSession], UserSession.self_and_descendants_from_active_record
+      end
     end
     
     class InstanceMethodsTest < ActiveSupport::TestCase
@@ -22,6 +26,11 @@ module SessionTest
         session = UserSession.new
         assert session.new_record?
       end
+      
+      def test_to_model
+        session = UserSession.new
+        assert session, session.to_model
+      end
     end
   end
-end
+end

data/test/session_test/brute_force_protection_test.rb

@@ -32,10 +32,10 @@ module SessionTest
         ben = users(:ben)
         ben.failed_login_count = UserSession.consecutive_failed_logins_limit
         assert ben.save
-        assert !UserSession.create(:login => ben.login, :password => "benrocks")
-        assert !UserSession.create(ben)
+        assert UserSession.create(:login => ben.login, :password => "benrocks").new_session?
+        assert UserSession.create(ben).new_session?
         ben.updated_at = (UserSession.failed_login_ban_for + 2.hours.to_i).seconds.ago
-        assert UserSession.create(ben)
+        assert !UserSession.create(ben).new_session?
       end
     
       def test_exceeding_failed_logins_limit

data/test/session_test/existence_test.rb

@@ -5,10 +5,10 @@ module SessionTest
     class ClassMethodsTest < ActiveSupport::TestCase
       def test_create
         ben = users(:ben)
-        assert !UserSession.create(:login => "somelogin", :password => "badpw2")
-        assert UserSession.create(:login => ben.login, :password => "benrocks")
+        assert UserSession.create(:login => "somelogin", :password => "badpw2").new_session?
+        assert !UserSession.create(:login => ben.login, :password => "benrocks").new_session?
         assert_raise(Authlogic::Session::Existence::SessionInvalidError) { UserSession.create!(:login => ben.login, :password => "badpw") }
-        assert UserSession.create!(:login => ben.login, :password => "benrocks")
+        assert !UserSession.create!(:login => ben.login, :password => "benrocks").new_session?
       end
     end
     

data/test/session_test/magic_columns_test.rb

@@ -15,7 +15,7 @@ module SessionTest
     class InstanceMethodsTest < ActiveSupport::TestCase
       def test_after_persisting_set_last_request_at
         ben = users(:ben)
-        assert UserSession.create(ben)
+        assert !UserSession.create(ben).new_session?
         
         set_cookie_for(ben)
         old_last_request_at = ben.last_request_at
@@ -27,7 +27,7 @@ module SessionTest
       def test_valid_increase_failed_login_count
         ben = users(:ben)
         old_failed_login_count = ben.failed_login_count
-        assert !UserSession.create(:login => ben.login, :password => "wrong")
+        assert UserSession.create(:login => ben.login, :password => "wrong").new_session?
         ben.reload
         assert_equal old_failed_login_count + 1, ben.failed_login_count
       end
@@ -36,7 +36,7 @@ module SessionTest
         ben = users(:ben)
       
         # increase failed login count
-        assert !UserSession.create(:login => ben.login, :password => "wrong")
+        assert UserSession.create(:login => ben.login, :password => "wrong").new_session?
         ben.reload
       
         # grab old values
@@ -47,7 +47,7 @@ module SessionTest
         old_last_login_ip = ben.last_login_ip
         old_current_login_ip = ben.current_login_ip
       
-        assert UserSession.create(:login => ben.login, :password => "benrocks")
+        assert !UserSession.create(:login => ben.login, :password => "benrocks").new_session?
         
         ben.reload
         assert_equal old_login_count + 1, ben.login_count

data/test/session_test/password_test.rb

@@ -19,13 +19,27 @@ module SessionTest
         assert_equal "valid_password?", UserSession.verify_password_method
       end
     
-      def test_generalize_credentials_error_messages
-        UserSession.generalize_credentials_error_messages = true
-        assert UserSession.generalize_credentials_error_messages
-    
+      def test_generalize_credentials_error_mesages_set_to_false
         UserSession.generalize_credentials_error_messages false
         assert !UserSession.generalize_credentials_error_messages
+        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        assert_equal ["Password is not valid"], session.errors.full_messages
+      end
+      
+      def test_generalize_credentials_error_messages_set_to_true
+        UserSession.generalize_credentials_error_messages true
+        assert UserSession.generalize_credentials_error_messages
+        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        assert_equal ["Login/Password combination is not valid"], session.errors.full_messages
       end
+
+      def test_generalize_credentials_error_messages_set_to_string
+        UserSession.generalize_credentials_error_messages= "Custom Error Message"
+        assert UserSession.generalize_credentials_error_messages
+        session = UserSession.create(:login => users(:ben).login, :password => "invalud-password")
+        assert_equal ["Custom Error Message"], session.errors.full_messages
+      end
+
       
       def test_login_field
         UserSession.configured_password_methods = false
@@ -89,4 +103,4 @@ module SessionTest
       end
     end
   end
-end
+end

data/test/test_helper.rb

@@ -6,16 +6,24 @@ require "active_record/fixtures"
 
 # A temporary fix to bring active record errors up to speed with rails edge.
 # I need to remove this once the new gem is released. This is only here so my tests pass.
-class ActiveRecord::Errors
-  def [](key)
-    value = on(key)
-    value.is_a?(Array) ? value : [value].compact
+unless defined?(::ActiveModel)
+  class ActiveRecord::Errors
+    def [](key)
+      value = on(key)
+      value.is_a?(Array) ? value : [value].compact
+    end
   end
 end
 
 
 ActiveRecord::Schema.verbose = false
-ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :dbfile => ":memory:")
+
+begin
+  ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+rescue ArgumentError
+  ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :dbfile => ":memory:")
+end
+
 ActiveRecord::Base.configurations = true
 ActiveRecord::Schema.define(:version => 1) do
   create_table :companies do |t|
@@ -171,4 +179,4 @@ class ActiveSupport::TestCase
     def unset_session
       controller.session["user_credentials"] = controller.session["user_credentials_id"] = nil
     end
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: authlogic
 version: !ruby/object:Gem::Version 
-  version: 2.1.1
+  version: 2.1.2
 platform: ruby
 authors: 
 - Ben Johnson of Binary Logic
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-07-04 00:00:00 -05:00
+date: 2009-09-12 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -60,12 +60,14 @@ files:
 - lib/authlogic/controller_adapters/abstract_adapter.rb
 - lib/authlogic/controller_adapters/merb_adapter.rb
 - lib/authlogic/controller_adapters/rails_adapter.rb
+- lib/authlogic/controller_adapters/sinatra_adapter.rb
 - lib/authlogic/crypto_providers/aes256.rb
 - lib/authlogic/crypto_providers/bcrypt.rb
 - lib/authlogic/crypto_providers/md5.rb
 - lib/authlogic/crypto_providers/sha1.rb
 - lib/authlogic/crypto_providers/sha512.rb
 - lib/authlogic/i18n.rb
+- lib/authlogic/i18n/translator.rb
 - lib/authlogic/random.rb
 - lib/authlogic/regex.rb
 - lib/authlogic/session/activation.rb
@@ -119,6 +121,7 @@ files:
 - test/fixtures/employees.yml
 - test/fixtures/projects.yml
 - test/fixtures/users.yml
+- test/i18n_test.rb
 - test/libs/affiliate.rb
 - test/libs/company.rb
 - test/libs/employee.rb
@@ -175,7 +178,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: authlogic
-rubygems_version: 1.3.4
+rubygems_version: 1.3.5
 signing_key: 
 specification_version: 3
 summary: A clean, simple, and unobtrusive ruby authentication solution.
@@ -196,6 +199,7 @@ test_files:
 - test/crypto_provider_test/bcrypt_test.rb
 - test/crypto_provider_test/sha1_test.rb
 - test/crypto_provider_test/sha512_test.rb
+- test/i18n_test.rb
 - test/libs/affiliate.rb
 - test/libs/company.rb
 - test/libs/employee.rb