authlogic 3.1.0 → 3.1.1

data/Gemfile

@@ -1,6 +1,7 @@
 source :rubygems
 
-gem 'activerecord', '>= 3.0.7'
+gem 'activesupport', '>= 3.0.0'
+gem 'activerecord', '>= 3.0.0'
 
 group :test do
   gem 'bcrypt-ruby'

data/Gemfile.lock

@@ -1,32 +1,36 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    activemodel (3.1.1)
-      activesupport (= 3.1.1)
+    activemodel (3.2.5)
+      activesupport (= 3.2.5)
       builder (~> 3.0.0)
-      i18n (~> 0.6)
-    activerecord (3.1.1)
-      activemodel (= 3.1.1)
-      activesupport (= 3.1.1)
-      arel (~> 2.2.1)
+    activerecord (3.2.5)
+      activemodel (= 3.2.5)
+      activesupport (= 3.2.5)
+      arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activesupport (3.1.1)
+    activesupport (3.2.5)
+      i18n (~> 0.6)
       multi_json (~> 1.0)
     archive-tar-minitar (0.5.2)
-    arel (2.2.1)
+    arel (3.0.2)
     bcrypt-ruby (3.0.1)
     builder (3.0.0)
-    columnize (0.3.4)
+    columnize (0.3.6)
     git (1.2.5)
     i18n (0.6.0)
-    jeweler (1.6.4)
+    jeweler (1.8.3)
       bundler (~> 1.0)
       git (>= 1.2.5)
       rake
+      rdoc
+    json (1.7.3)
     linecache19 (0.5.12)
       ruby_core_source (>= 0.1.4)
-    multi_json (1.0.3)
-    rake (0.9.2)
+    multi_json (1.3.6)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
     ruby-debug-base19 (0.11.25)
       columnize (>= 0.3.1)
       linecache19 (>= 0.5.11)
@@ -37,14 +41,15 @@ GEM
       ruby-debug-base19 (>= 0.11.19)
     ruby_core_source (0.1.5)
       archive-tar-minitar (>= 0.5.2)
-    sqlite3 (1.3.4)
-    tzinfo (0.3.30)
+    sqlite3 (1.3.6)
+    tzinfo (0.3.33)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  activerecord (>= 3.0.7)
+  activerecord (>= 3.0.0)
+  activesupport (>= 3.0.0)
   bcrypt-ruby
   jeweler
   rake

data/README.rdoc

@@ -1,6 +1,6 @@
 = Authlogic
 
-** Please note the latest version is compatible with rails 3 only. Rails 2 should use version 2.X.X **
+** Please note the latest version is compatible with rails 3 only. Please see the rails2 branch for Rails 2 compatibility.
 
 Authlogic is a clean, simple, and unobtrusive ruby authentication solution.
 
@@ -174,8 +174,17 @@ What if your user sessions controller could look just like your other controller
 
 As you can see, this fits nicely into the RESTful development pattern. What about the view...
 
-  <% form_for @user_session do |f| %>
-    <%= f.error_messages %>
+  <%= form_for @user_session do |f| %>
+    <% if @user_session.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@user_session.errors.count, "error") %> prohibited:</h2>
+      <ul>
+        <% @user_session.errors.full_messages.each do |msg| %>
+          <li><%= msg %></li>
+        <% end %>
+      </ul>
+    </div>
+    <% end %>
     <%= f.label :login %><br />
     <%= f.text_field :login %><br />
     <br />
@@ -204,19 +213,9 @@ Or how about persisting the session...
 
 == Install & Use
 
-Install the gem / plugin (recommended)
+Install the gem
 
-Rails 3:
-
-  $ sudo gem install authlogic
-
-Rails 2:
-
-  $ sudo gem install authlogic --version=2.1.6
-
-Or install as a plugin:
-
-  script/plugin install git://github.com/binarylogic/authlogic.git
+  $ gem 'authlogic'
 
 == Detailed Setup Tutorial
 

data/Rakefile

@@ -12,7 +12,8 @@ begin
     gem.email = "bjohnson@binarylogic.com"
     gem.homepage = "http://github.com/binarylogic/authlogic"
     gem.authors = ["Ben Johnson of Binary Logic"]
-    gem.add_bundler_dependencies
+    gem.add_dependency "activesupport", ">= 3.0.0"
+    gem.add_dependency "activerecord", ">= 3.0.0"
   end
   Jeweler::GemcutterTasks.new
 rescue LoadError

data/VERSION.yml

@@ -1,5 +1,5 @@
 ---
 :major: 3
 :minor: 1
-:patch: 0
-:build: !!null 
+:patch: 1
+:build: 

data/authlogic.gemspec

@@ -4,13 +4,13 @@
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
-  s.name = %q{authlogic}
-  s.version = "3.1.0"
+  s.name = "authlogic"
+  s.version = "3.1.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = [%q{Ben Johnson of Binary Logic}]
-  s.date = %q{2011-10-19}
-  s.email = %q{bjohnson@binarylogic.com}
+  s.authors = ["Ben Johnson of Binary Logic"]
+  s.date = "2012-06-01"
+  s.email = "bjohnson@binarylogic.com"
   s.extra_rdoc_files = [
     "LICENSE",
     "README.rdoc"
@@ -145,24 +145,30 @@ Gem::Specification.new do |s|
     "test/session_test/validation_test.rb",
     "test/test_helper.rb"
   ]
-  s.homepage = %q{http://github.com/binarylogic/authlogic}
-  s.require_paths = [%q{lib}]
-  s.rubygems_version = %q{1.8.6}
-  s.summary = %q{A clean, simple, and unobtrusive ruby authentication solution.}
+  s.homepage = "http://github.com/binarylogic/authlogic"
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.24"
+  s.summary = "A clean, simple, and unobtrusive ruby authentication solution."
 
   if s.respond_to? :specification_version then
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<activerecord>, [">= 3.0.7"])
-      s.add_runtime_dependency(%q<activerecord>, [">= 3.0.7"])
+      s.add_runtime_dependency(%q<activesupport>, [">= 3.0.0"])
+      s.add_runtime_dependency(%q<activerecord>, [">= 3.0.0"])
+      s.add_runtime_dependency(%q<activesupport>, [">= 3.0.0"])
+      s.add_runtime_dependency(%q<activerecord>, [">= 3.0.0"])
     else
-      s.add_dependency(%q<activerecord>, [">= 3.0.7"])
-      s.add_dependency(%q<activerecord>, [">= 3.0.7"])
+      s.add_dependency(%q<activesupport>, [">= 3.0.0"])
+      s.add_dependency(%q<activerecord>, [">= 3.0.0"])
+      s.add_dependency(%q<activesupport>, [">= 3.0.0"])
+      s.add_dependency(%q<activerecord>, [">= 3.0.0"])
     end
   else
-    s.add_dependency(%q<activerecord>, [">= 3.0.7"])
-    s.add_dependency(%q<activerecord>, [">= 3.0.7"])
+    s.add_dependency(%q<activesupport>, [">= 3.0.0"])
+    s.add_dependency(%q<activerecord>, [">= 3.0.0"])
+    s.add_dependency(%q<activesupport>, [">= 3.0.0"])
+    s.add_dependency(%q<activerecord>, [">= 3.0.0"])
   end
 end
 

data/lib/authlogic/acts_as_authentic/base.rb

@@ -28,7 +28,7 @@ module Authlogic
         # See the various sub modules for the configuration they provide.
         def acts_as_authentic(unsupported_options = nil, &block)
           # Stop all configuration if the DB is not set up
-          return if !db_setup?
+          raise StandardError.new("You must establish a database connection before using acts_as_authentic") if !db_setup?
           
           raise ArgumentError.new("You are using the old v1.X.X configuration method for Authlogic. Instead of " +
             "passing a hash of configuration options to acts_as_authentic, pass a block: acts_as_authentic { |c| c.my_option = my_value }") if !unsupported_options.nil?

data/lib/authlogic/acts_as_authentic/email.rb

@@ -65,7 +65,7 @@ module Authlogic
         # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => lambda {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
         def validates_format_of_email_field_options(value = nil)
-          rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => I18n.t('error_messages.email_invalid', :default => "should look like an email address.")})
+          rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => lambda {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}})
         end
         alias_method :validates_format_of_email_field_options=, :validates_format_of_email_field_options
 
@@ -107,4 +107,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/acts_as_authentic/logged_in_status.rb

@@ -31,8 +31,8 @@ module Authlogic
 
           klass.class_eval do
             include InstanceMethods
-            scope :logged_in, where("last_request_at > ?", logged_in_timeout.seconds.ago)
-            scope :logged_out, where("last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago)
+            scope :logged_in, lambda{ where("last_request_at > ?", logged_in_timeout.seconds.ago) }
+            scope :logged_out, lambda{ where("last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago) }
           end
         end
 

data/lib/authlogic/acts_as_authentic/login.rb

@@ -62,7 +62,7 @@ module Authlogic
         # * <tt>Default:</tt> {:with => Authlogic::Regex.login, :message => lambda {I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
         def validates_format_of_login_field_options(value = nil)
-          rw_config(:validates_format_of_login_field_options, value, {:with => Authlogic::Regex.login, :message => I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")})
+          rw_config(:validates_format_of_login_field_options, value, {:with => Authlogic::Regex.login, :message => lambda {I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}})
         end
         alias_method :validates_format_of_login_field_options=, :validates_format_of_login_field_options
 
@@ -94,7 +94,7 @@ module Authlogic
         # manner that they handle that. If you are using the login field and set false for the :case_sensitive option in
         # validates_uniqueness_of_login_field_options this method will modify the query to look something like:
         #
-        #   where("LOWER(#{quoted_table_name}.#{login_field}) = ?", login.downcase).first
+        #   where("#{quoted_table_name}.#{field} LIKE ?", login).first
         #
         # If you don't specify this it calls the good old find_by_* method:
         #
@@ -139,4 +139,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/acts_as_authentic/password.rb

@@ -58,7 +58,7 @@ module Authlogic
         alias_method :ignore_blank_passwords=, :ignore_blank_passwords
         
         # When calling valid_password?("some pass") do you want to check that password against what's in that object or whats in
-        # the datbase. Take this example:
+        # the database. Take this example:
         #
         #   u = User.first
         #   u.password = "new pass"

data/lib/authlogic/acts_as_authentic/persistence_token.rb

@@ -1,7 +1,7 @@
 module Authlogic
   module ActsAsAuthentic
     # Maintains the persistence token, the token responsible for persisting sessions. This token
-    # gets stores in the session and the cookie.
+    # gets stored in the session and the cookie.
     module PersistenceToken
       def self.included(klass)
         klass.class_eval do

data/lib/authlogic/controller_adapters/rails_adapter.rb

@@ -1,3 +1,5 @@
+require 'action_controller'
+
 module Authlogic
   module ControllerAdapters
     # Adapts authlogic to work with rails. The point is to close the gap between what authlogic expects and what the rails controller object

data/lib/authlogic/controller_adapters/sinatra_adapter.rb

@@ -58,4 +58,4 @@ module Authlogic
   end
 end
 
-Sinatra::Request.send(:include, Authlogic::ControllerAdapters::SinatraAdapter::Adapter::Implementation)
+Sinatra::Base.send(:include, Authlogic::ControllerAdapters::SinatraAdapter::Adapter::Implementation)

data/lib/authlogic/crypto_providers/sha512.rb

@@ -27,7 +27,7 @@ module Authlogic
       class << self
         attr_accessor :join_token
         
-        # The number of times to loop through the encryption. This is ten because that is what restful_authentication defaults to.
+        # The number of times to loop through the encryption. This is twenty because that is what restful_authentication defaults to.
         def stretches
           @stretches ||= 20
         end

data/lib/authlogic/regex.rb

@@ -9,17 +9,18 @@ module Authlogic
     # by reading this website: http://www.regular-expressions.info/email.html, which is an excellent resource
     # for regular expressions.
     def self.email
-      return @email_regex if @email_regex
-      email_name_regex  = '[A-Z0-9_\.%\+\-\']+'
-      domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
-      domain_tld_regex  = '(?:[A-Z]{2,4}|museum|travel)'
-      @email_regex = /^#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}$/i
+      @email_regex ||= begin
+        email_name_regex  = '[A-Z0-9_\.%\+\-\']+'
+        domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
+        domain_tld_regex  = '(?:[A-Z]{2,4}|museum|travel)'
+        /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
+      end
     end
     
     # A simple regular expression that only allows for letters, numbers, spaces, and .-_@. Just a standard login / username
     # regular expression.
     def self.login
-      /\A\w[\w\.+\-_@ ]+$/
+      /\A\w[\w\.+\-_@ ]+\z/
     end
   end
 end

data/lib/authlogic/session/foundation.rb

@@ -19,7 +19,7 @@ module Authlogic
           def rw_config(key, value, default_value = nil, read_value = nil)
             if value == read_value
               return acts_as_authentic_config[key] if acts_as_authentic_config.include?(key)
-              rw_config(key, default_value)
+              rw_config(key, default_value) unless default_value.nil?
             else
               config = acts_as_authentic_config.clone
               config[key] = value
@@ -74,4 +74,4 @@ module Authlogic
       end
     end
   end
-end
+end

data/lib/authlogic/session/persistence.rb

@@ -46,7 +46,7 @@ module Authlogic
       
       module InstanceMethods
         # Let's you know if the session is being persisted or not, meaning the user does not have to explicitly log in
-        # in order to be logged in. If the session has no associated record, it will try to find a record and persis
+        # in order to be logged in. If the session has no associated record, it will try to find a record and persist
         # the session. This is the method that the class level method find uses to ultimately persist the session.
         def persisting?
           return true if !record.nil?

data/test/acts_as_authentic_test/email_test.rb

@@ -85,6 +85,10 @@ module ActsAsAuthenticTest
       u.email = "dakota.d'ux@gmail.com"
       u.valid?
       assert u.errors[:email].size == 0
+      
+      u.email = "<script>alert(123);</script>\nnobody@example.com"
+      assert !u.valid?
+      assert u.errors[:email].size > 0
     end
 
     def test_validates_uniqueness_of_email_field

data/test/acts_as_authentic_test/logged_in_status_test.rb

@@ -2,6 +2,8 @@ require 'test_helper'
 
 module ActsAsAuthenticTest
   class LoggedInStatusTest < ActiveSupport::TestCase
+    ERROR_MSG = 'Multiple calls to %s should result in different relations'
+    
     def test_logged_in_timeout_config
       assert_equal 10.minutes.to_i, User.logged_in_timeout
       assert_equal 10.minutes.to_i, Employee.logged_in_timeout
@@ -13,12 +15,24 @@ module ActsAsAuthenticTest
     end
     
     def test_named_scope_logged_in
+      # Testing that the scope returned differs, because the time it was called should be 
+      # slightly different. This is an attempt to make sure the scope is lambda wrapped 
+      # so that it is re-evaluated every time its called. My biggest concern is that the
+      # test happens so fast that the test fails... I just don't know a better way to test it!
+      assert User.logged_in.where_values != User.logged_in.where_values, ERROR_MSG % '#logged_in'
+      
       assert_equal 0, User.logged_in.count
       User.first.update_attribute(:last_request_at, Time.now)
       assert_equal 1, User.logged_in.count
     end
     
     def test_named_scope_logged_out
+      # Testing that the scope returned differs, because the time it was called should be 
+      # slightly different. This is an attempt to make sure the scope is lambda wrapped 
+      # so that it is re-evaluated every time its called. My biggest concern is that the
+      # test happens so fast that the test fails... I just don't know a better way to test it!
+      assert User.logged_in.where_values != User.logged_out.where_values, ERROR_MSG % '#logged_out'
+      
       assert_equal 2, User.logged_out.count
       User.first.update_attribute(:last_request_at, Time.now)
       assert_equal 1, User.logged_out.count

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.1.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,30 +9,72 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-10-19 00:00:00.000000000Z
+date: 2012-06-01 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: activerecord
-  requirement: &70092428968260 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 3.0.7
+        version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *70092428968260
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: activerecord
-  requirement: &70092428967600 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 3.0.7
+        version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *70092428967600
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 description: 
 email: bjohnson@binarylogic.com
 executables: []
@@ -183,7 +225,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3222304498311125982
+      hash: 1092096732576566616
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -192,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.6
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: A clean, simple, and unobtrusive ruby authentication solution.