authlogic 3.3.0 → 3.4.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4fed624511b6b7a6b441cb6dd3147085b19ffb04
+  data.tar.gz: 9b7d99ff708b9f25edb9abdae86e854f19fc47e6
+SHA512:
+  metadata.gz: 53b498bb6fd6de0e49988fac47604ec34ffe5fb2beacb2520450e512133c1e7dd4cd70c91373414baa9b6cb4d4098e01921719b8a2e1e8d00ead21a3c8d8a9e8
+  data.tar.gz: 158dcd58ebf39d0c24806178c709344f8b12e85b6ad58fbb67d0f12103343ce9c6b2ab2045f0a76aa8c8acb1e6c6057626f44191cee63522f8a263ca7080c487

data/.gitignore

@@ -7,4 +7,6 @@ coverage/*
 doc/*
 benchmarks/*
 .specification
-.rvmrc
+.rvmrc
+test/gemfiles/Gemfile*.lock
+.bundle

data/.travis.yml

@@ -0,0 +1,27 @@
+language: ruby
+rvm:
+  - 1.8.7
+  - 1.9.3
+  - 2.0.0
+  - 2.1.0
+  - ree
+  - jruby
+
+gemfile:
+  - test/gemfiles/Gemfile.rails-3.2.x
+  - test/gemfiles/Gemfile.rails-4.0.x
+  - test/gemfiles/Gemfile.rails-4.1.x
+
+matrix:
+  exclude:
+    - rvm: 1.8.7
+      gemfile: test/gemfiles/Gemfile.rails-4.0.x
+    - rvm: ree
+      gemfile: test/gemfiles/Gemfile.rails-4.0.x
+    - rvm: 1.8.7
+      gemfile: test/gemfiles/Gemfile.rails-4.1.x
+    - rvm: ree
+      gemfile: test/gemfiles/Gemfile.rails-4.1.x
+  allow_failures:
+    - gemfile: test/gemfiles/Gemfile.rails-4.1.x
+  fast_finish: true

data/CONTRIBUTING.md

@@ -0,0 +1,10 @@
+
+### Testing
+
+Tests can be ran against different versions of Rails like so:
+
+```
+BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-3.2.x bundle install
+BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-3.2.x bundle exec rake test
+```
+

data/Gemfile.lock

@@ -1,43 +1,61 @@
 PATH
   remote: .
   specs:
-    authlogic (3.3.0)
+    authlogic (3.4.0)
       activerecord (>= 3.2)
       activesupport (>= 3.2)
+      request_store (~> 1.0.5)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (3.2.13)
-      activesupport (= 3.2.13)
-      builder (~> 3.0.0)
-    activerecord (3.2.13)
-      activemodel (= 3.2.13)
-      activesupport (= 3.2.13)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
-    activesupport (3.2.13)
-      i18n (= 0.6.1)
-      multi_json (~> 1.0)
-    arel (3.0.2)
-    bcrypt-ruby (3.0.1)
-    builder (3.0.4)
-    i18n (0.6.1)
-    multi_json (1.7.2)
-    rake (10.0.4)
-    scrypt (1.1.0)
-    sqlite3 (1.3.7)
-    timecop (0.6.1)
-    tzinfo (0.3.37)
+    activemodel (4.0.3)
+      activesupport (= 4.0.3)
+      builder (~> 3.1.0)
+    activerecord (4.0.3)
+      activemodel (= 4.0.3)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.3)
+      arel (~> 4.0.0)
+    activerecord-deprecated_finders (1.0.3)
+    activesupport (4.0.3)
+      i18n (~> 0.6, >= 0.6.4)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
+    arel (4.0.2)
+    atomic (1.1.15)
+    bcrypt (3.1.7)
+    bcrypt-ruby (3.1.5)
+      bcrypt (>= 3.1.3)
+    builder (3.1.4)
+    ffi (1.9.3)
+    ffi-compiler (0.1.3)
+      ffi (>= 1.0.0)
+      rake
+    i18n (0.6.9)
+    minitest (4.7.5)
+    multi_json (1.8.4)
+    rake (10.1.1)
+    request_store (1.0.5)
+    scrypt (1.2.0)
+      ffi-compiler (>= 0.0.2)
+      rake
+    sqlite3 (1.3.9)
+    thread_safe (0.2.0)
+      atomic (>= 1.1.7, < 2)
+    timecop (0.7.1)
+    tzinfo (0.3.38)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   authlogic!
-  bcrypt-ruby
-  i18n
-  rake
-  scrypt
-  sqlite3
-  timecop
+  bcrypt-ruby (>= 3.1.5)
+  i18n (>= 0.6.9)
+  rake (>= 10.1.1)
+  scrypt (>= 1.2.0)
+  sqlite3 (>= 1.3.9)
+  timecop (>= 0.7.1)

data/History

@@ -0,0 +1,10 @@
+== 3.4.0 2014-03-03
+
+* new
+  * added cookie signing
+  * added request store for better concurency for threaded environments
+
+* changes
+  * made SCrpyt the default crypto provider from SHA512
+  * ditched appraisal
+  * officially support rails 4 (still supporting rails 3)

data/README.rdoc

@@ -162,3 +162,5 @@ Interested in how all of this all works? Think about an ActiveRecord model. A da
 
 
 Copyright (c) 2012 {Ben Johnson of Binary Logic}[http://www.binarylogic.com], released under the MIT license
+
+{<img src="https://codeclimate.com/github/binarylogic/authlogic.png" />}[https://codeclimate.com/github/binarylogic/authlogic]

data/Rakefile

@@ -10,17 +10,4 @@ Rake::TestTask.new(:test) do |test|
   test.verbose = true
 end
 
-begin
-  require 'rcov/rcovtask'
-  Rcov::RcovTask.new do |test|
-    test.libs << 'test'
-    test.pattern = 'test/**/*_test.rb'
-    test.verbose = true
-  end
-rescue LoadError
-  task :rcov do
-    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
-  end
-end
-
 task :default => :test

data/authlogic.gemspec

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "authlogic"
-  s.version     = "3.3.0"
+  s.version     = "3.4.0"
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Ben Johnson"]
   s.email       = ["bjohnson@binarylogic.com"]
@@ -13,12 +13,13 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'activerecord', '>= 3.2'
   s.add_dependency 'activesupport', '>= 3.2'
-  s.add_development_dependency 'rake'
-  s.add_development_dependency 'bcrypt-ruby'
-  s.add_development_dependency 'scrypt'
-  s.add_development_dependency 'sqlite3'
-  s.add_development_dependency 'timecop'
-  s.add_development_dependency 'i18n'
+  s.add_dependency 'request_store', '~>1.0.5'
+  s.add_development_dependency 'rake', '>= 10.1.1'
+  s.add_development_dependency 'bcrypt-ruby', '>= 3.1.5'
+  s.add_development_dependency 'scrypt', '>= 1.2.0'
+  s.add_development_dependency 'sqlite3', '>= 1.3.9'
+  s.add_development_dependency 'timecop', '>= 0.7.1'
+  s.add_development_dependency 'i18n', '>= 0.6.9'
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/lib/authlogic/acts_as_authentic/email.rb

@@ -62,7 +62,7 @@ module Authlogic
         # merge options into it. Checkout the convenience function merge_validates_format_of_email_field_options to merge
         # options.</b>
         #
-        # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => Proc.new {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
+        # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => lambda {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
         def validates_format_of_email_field_options(value = nil)
           rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => Proc.new{I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}})

data/lib/authlogic/acts_as_authentic/login.rb

@@ -90,19 +90,21 @@ module Authlogic
         end
 
         # This method allows you to find a record with the given login. If you notice, with Active Record you have the
-        # UniquenessValidator class. They give you a :case_sensitive option. I handle this in the same
-        # manner that they handle that. If you are using the login field, set false for the :case_sensitive option in
-        # validates_uniqueness_of_login_field_options and the column doesn't have a case-insensitive collation,
-        # this method will modify the query to look something like:
+        # validates_uniqueness_of validation function. They give you a :case_sensitive option. I handle this in the same
+        # manner that they handle that. If you are using the login field and set false for the :case_sensitive option in
+        # validates_uniqueness_of_login_field_options this method will modify the query to look something like:
         #
-        #   "LOWER(#{quoted_table_name}.#{login_field}) = LOWER(#{login})"
+        #   where("LOWER(#{quoted_table_name}.#{login_field}) = ?", login.downcase).first
         #
-        # If you don't specify this it just uses a regular case-sensitive search (with the binary modifier if necessary):
+        # If you don't specify this it calls the good old find_by_* method:
         #
-        #   "BINARY #{login_field} = #{login}"
+        #   find_by_login(login)
         #
         # The above also applies for using email as your login, except that you need to set the :case_sensitive in
         # validates_uniqueness_of_email_field_options to false.
+        #
+        # The only reason I need to do the above is for Postgres and SQLite since they perform case sensitive searches with the
+        # find_by_* methods.
         def find_by_smart_case_login_field(login)
           if login_field
             find_with_case(login_field, login, validates_uniqueness_of_login_field_options[:case_sensitive] != false)
@@ -113,14 +115,11 @@ module Authlogic
 
         private
           def find_with_case(field, value, sensitivity = true)
-            relation = if not sensitivity
-              connection.case_insensitive_comparison(arel_table, field.to_s, columns_hash[field.to_s], value)
+            if sensitivity
+              send("find_by_#{field}", value)
             else
-              value    = connection.case_sensitive_modifier(value) if value
-              relation = arel_table[field.to_s].eq(value)
+              where("LOWER(#{quoted_table_name}.#{field}) = ?", value.mb_chars.downcase).first
             end
-
-            where(relation).first
           end
       end
 

data/lib/authlogic/acts_as_authentic/password.rb

@@ -10,7 +10,7 @@ module Authlogic
           add_acts_as_authentic_module(Methods)
         end
       end
-      
+
       # All configuration for the password aspect of acts_as_authentic.
       module Config
         # The name of the crypted_password field in the database.
@@ -21,7 +21,7 @@ module Authlogic
           rw_config(:crypted_password_field, value, first_column_to_exist(nil, :crypted_password, :encrypted_password, :password_hash, :pw_hash))
         end
         alias_method :crypted_password_field=, :crypted_password_field
-        
+
         # The name of the password_salt field in the database.
         #
         # * <tt>Default:</tt> :password_salt, :pw_salt, :salt, nil if none exist
@@ -30,7 +30,7 @@ module Authlogic
           rw_config(:password_salt_field, value, first_column_to_exist(nil, :password_salt, :pw_salt, :salt))
         end
         alias_method :password_salt_field=, :password_salt_field
-        
+
         # Whether or not to require a password confirmation. If you don't want your users to confirm their password
         # just set this to false.
         #
@@ -40,7 +40,7 @@ module Authlogic
           rw_config(:require_password_confirmation, value, true)
         end
         alias_method :require_password_confirmation=, :require_password_confirmation
-        
+
         # By default passwords are required when a record is new or the crypted_password is blank, but if both of these things
         # are met a password is not required. In this case, blank passwords are ignored.
         #
@@ -56,7 +56,7 @@ module Authlogic
           rw_config(:ignore_blank_passwords, value, true)
         end
         alias_method :ignore_blank_passwords=, :ignore_blank_passwords
-        
+
         # When calling valid_password?("some pass") do you want to check that password against what's in that object or whats in
         # the database. Take this example:
         #
@@ -73,7 +73,7 @@ module Authlogic
           rw_config(:check_passwords_against_database, value, true)
         end
         alias_method :check_passwords_against_database=, :check_passwords_against_database
-        
+
         # Whether or not to validate the password field.
         #
         # * <tt>Default:</tt> true
@@ -82,7 +82,7 @@ module Authlogic
           rw_config(:validate_password_field, value, true)
         end
         alias_method :validate_password_field=, :validate_password_field
-        
+
         # A hash of options for the validates_length_of call for the password field. Allows you to change this however you want.
         #
         # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
@@ -95,7 +95,7 @@ module Authlogic
           rw_config(:validates_length_of_password_field_options, value, {:minimum => 4, :if => :require_password?})
         end
         alias_method :validates_length_of_password_field_options=, :validates_length_of_password_field_options
-        
+
         # A convenience function to merge options into the validates_length_of_login_field_options. So intead of:
         #
         #   self.validates_length_of_password_field_options = validates_length_of_password_field_options.merge(:my_option => my_value)
@@ -106,7 +106,7 @@ module Authlogic
         def merge_validates_length_of_password_field_options(options = {})
           self.validates_length_of_password_field_options = validates_length_of_password_field_options.merge(options)
         end
-        
+
         # A hash of options for the validates_confirmation_of call for the password field. Allows you to change this however you want.
         #
         # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
@@ -119,12 +119,12 @@ module Authlogic
           rw_config(:validates_confirmation_of_password_field_options, value, {:if => :require_password?})
         end
         alias_method :validates_confirmation_of_password_field_options=, :validates_confirmation_of_password_field_options
-        
+
         # See merge_validates_length_of_password_field_options. The same thing, except for validates_confirmation_of_password_field_options
         def merge_validates_confirmation_of_password_field_options(options = {})
           self.validates_confirmation_of_password_field_options = validates_confirmation_of_password_field_options.merge(options)
         end
-        
+
         # A hash of options for the validates_length_of call for the password_confirmation field. Allows you to change this however you want.
         #
         # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
@@ -137,22 +137,22 @@ module Authlogic
           rw_config(:validates_length_of_password_confirmation_field_options, value, validates_length_of_password_field_options)
         end
         alias_method :validates_length_of_password_confirmation_field_options=, :validates_length_of_password_confirmation_field_options
-        
+
         # See merge_validates_length_of_password_field_options. The same thing, except for validates_length_of_password_confirmation_field_options
         def merge_validates_length_of_password_confirmation_field_options(options = {})
           self.validates_length_of_password_confirmation_field_options = validates_length_of_password_confirmation_field_options.merge(options)
         end
-        
+
         # The class you want to use to encrypt and verify your encrypted passwords. See the Authlogic::CryptoProviders module for more info
         # on the available methods and how to create your own.
         #
-        # * <tt>Default:</tt> CryptoProviders::Sha512
+        # * <tt>Default:</tt> CryptoProviders::SCrypt
         # * <tt>Accepts:</tt> Class
         def crypto_provider(value = nil)
-          rw_config(:crypto_provider, value, CryptoProviders::Sha512)
+          rw_config(:crypto_provider, value, CryptoProviders::SCrypt)
         end
         alias_method :crypto_provider=, :crypto_provider
-        
+
         # Let's say you originally encrypted your passwords with Sha1. Sha1 is starting to join the party with MD5 and you want to switch
         # to something stronger. No problem, just specify your new and improved algorithm with the crypt_provider option and then let
         # Authlogic know you are transitioning from Sha1 using this option. Authlogic will take care of everything, including transitioning
@@ -169,18 +169,18 @@ module Authlogic
         end
         alias_method :transition_from_crypto_providers=, :transition_from_crypto_providers
       end
-      
+
       # Callbacks / hooks to allow other modules to modify the behavior of this module.
       module Callbacks
         METHODS = [
           "before_password_set", "after_password_set",
           "before_password_verification", "after_password_verification"
         ]
-        
+
         def self.included(klass)
           return if klass.crypted_password_field.nil?
           klass.define_callbacks *METHODS
-          
+
           # If Rails 3, support the new callback syntax
           if klass.send(klass.respond_to?(:singleton_class) ? :singleton_class : :metaclass).method_defined?(:set_callback)
             METHODS.each do |method|
@@ -192,7 +192,7 @@ module Authlogic
             end
           end
         end
-        
+
         private
           METHODS.each do |method|
             class_eval <<-"end_eval", __FILE__, __LINE__
@@ -202,34 +202,34 @@ module Authlogic
             end_eval
           end
       end
-      
+
       # The methods related to the password field.
       module Methods
         def self.included(klass)
           return if klass.crypted_password_field.nil?
-          
+
           klass.class_eval do
             include InstanceMethods
-            
+
             if validate_password_field
               validates_length_of :password, validates_length_of_password_field_options
-              
+
               if require_password_confirmation
                 validates_confirmation_of :password, validates_confirmation_of_password_field_options
                 validates_length_of :password_confirmation, validates_length_of_password_confirmation_field_options
               end
             end
-            
+
             after_save :reset_password_changed
           end
         end
-        
+
         module InstanceMethods
           # The password
           def password
             @password
           end
-        
+
           # This is a virtual method. Once a password is passed to it, it will create new password salt as well as encrypt
           # the password.
           def password=(pass)
@@ -241,7 +241,7 @@ module Authlogic
             @password_changed = true
             after_password_set
           end
-        
+
           # Accepts a raw password to determine if it is the correct password or not. Notice the second argument. That defaults to the value of
           # check_passwords_against_database. See that method for more information, but basically it just tells Authlogic to check the password
           # against the value in the database or the value in the object.
@@ -249,23 +249,23 @@ module Authlogic
             crypted = check_against_database && send("#{crypted_password_field}_changed?") ? send("#{crypted_password_field}_was") : send(crypted_password_field)
             return false if attempted_password.blank? || crypted.blank?
             before_password_verification
-          
+
             crypto_providers.each_with_index do |encryptor, index|
               # The arguments_type of for the transitioning from restful_authentication
               arguments_type = (act_like_restful_authentication? && index == 0) ||
                 (transition_from_restful_authentication? && index > 0 && encryptor == Authlogic::CryptoProviders::Sha1) ?
                 :restful_authentication : nil
-            
+
               if encryptor.matches?(crypted, *encrypt_arguments(attempted_password, check_against_database, arguments_type))
                 transition_password(attempted_password) if transition_password?(index, encryptor, crypted, check_against_database)
                 after_password_verification
                 return true
               end
             end
-          
+
             false
           end
-        
+
           # Resets the password to a random friendly token.
           def reset_password
             friendly_token = Authlogic::Random.friendly_token
@@ -273,27 +273,27 @@ module Authlogic
             self.password_confirmation = friendly_token
           end
           alias_method :randomize_password, :reset_password
-        
+
           # Resets the password to a random friendly token and then saves the record.
           def reset_password!
             reset_password
             save_without_session_maintenance(:validate => false)
           end
           alias_method :randomize_password!, :reset_password!
-        
+
           private
             def check_passwords_against_database?
               self.class.check_passwords_against_database == true
             end
-            
+
             def crypto_providers
               [crypto_provider] + transition_from_crypto_providers
             end
-            
+
             def encrypt_arguments(raw_password, check_against_database, arguments_type = nil)
               salt = nil
               salt = (check_against_database && send("#{password_salt_field}_changed?") ? send("#{password_salt_field}_was") : send(password_salt_field)) if password_salt_field
-              
+
               case arguments_type
               when :restful_authentication
                 [REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact
@@ -301,7 +301,7 @@ module Authlogic
                 [raw_password, salt].compact
               end
             end
-            
+
             # Determines if we need to tranisiton the password.
             # If the index > 0 then we are using an "transition from" crypto provider.
             # If the encryptor has a cost and the cost it outdated.
@@ -311,40 +311,40 @@ module Authlogic
               (index > 0 || (encryptor.respond_to?(:cost_matches?) && !encryptor.cost_matches?(send(crypted_password_field)))) &&
                 (!check_against_database || !send("#{crypted_password_field}_changed?"))
             end
-            
+
             def transition_password(attempted_password)
               self.password = attempted_password
               save(:validate => false)
             end
-          
+
             def require_password?
               new_record? || password_changed? || send(crypted_password_field).blank?
             end
-          
+
             def ignore_blank_passwords?
               self.class.ignore_blank_passwords == true
             end
-          
+
             def password_changed?
               @password_changed == true
             end
-            
+
             def reset_password_changed
               @password_changed = nil
             end
-          
+
             def crypted_password_field
               self.class.crypted_password_field
             end
-          
+
             def password_salt_field
               self.class.password_salt_field
             end
-          
+
             def crypto_provider
               self.class.crypto_provider
             end
-          
+
             def transition_from_crypto_providers
               self.class.transition_from_crypto_providers
             end