authlogic 3.4.0 → 3.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4fed624511b6b7a6b441cb6dd3147085b19ffb04
-  data.tar.gz: 9b7d99ff708b9f25edb9abdae86e854f19fc47e6
+  metadata.gz: 565581e21dba66d898a0aab8b407f73338a21b31
+  data.tar.gz: c9ba53aa14afd2a419f003791181f49fbacaa230
 SHA512:
-  metadata.gz: 53b498bb6fd6de0e49988fac47604ec34ffe5fb2beacb2520450e512133c1e7dd4cd70c91373414baa9b6cb4d4098e01921719b8a2e1e8d00ead21a3c8d8a9e8
-  data.tar.gz: 158dcd58ebf39d0c24806178c709344f8b12e85b6ad58fbb67d0f12103343ce9c6b2ab2045f0a76aa8c8acb1e6c6057626f44191cee63522f8a263ca7080c487
+  metadata.gz: fa27f90194dfe0df4e786238be81a7c0479fc0c8d5ddcff0612e23240ba17143efaa6f4a2aaa93bb9f61a87369e22ef811e048fbc99b0cd0fc4a12dee4082325
+  data.tar.gz: 5e55ec2fd8877e5800ca3b860273e5088423e0924fc94bdd5669d144e48444e55fe2e433808c18d513265e5838ec44eb47c06a8783cc7751c1835aa197ff73af

data/README.rdoc

@@ -1,6 +1,6 @@
 = Authlogic
 
-** Please note the latest version is compatible with rails 3.2 only. Please see the rails2 branch for Rails 2 compatibility.
+** Authlogic plans to support rails 3 and 4 for the foreseeable future
 
 Authlogic is a clean, simple, and unobtrusive ruby authentication solution.
 

data/authlogic.gemspec

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "authlogic"
-  s.version     = "3.4.0"
+  s.version     = "3.4.1"
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Ben Johnson"]
   s.email       = ["bjohnson@binarylogic.com"]

data/lib/authlogic/acts_as_authentic/email.rb

@@ -62,7 +62,7 @@ module Authlogic
         # merge options into it. Checkout the convenience function merge_validates_format_of_email_field_options to merge
         # options.</b>
         #
-        # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => lambda {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
+        # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => Proc.new {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
         def validates_format_of_email_field_options(value = nil)
           rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => Proc.new{I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}})

data/lib/authlogic/acts_as_authentic/login.rb

@@ -90,21 +90,19 @@ module Authlogic
         end
 
         # This method allows you to find a record with the given login. If you notice, with Active Record you have the
-        # validates_uniqueness_of validation function. They give you a :case_sensitive option. I handle this in the same
-        # manner that they handle that. If you are using the login field and set false for the :case_sensitive option in
-        # validates_uniqueness_of_login_field_options this method will modify the query to look something like:
+        # UniquenessValidator class. They give you a :case_sensitive option. I handle this in the same
+        # manner that they handle that. If you are using the login field, set false for the :case_sensitive option in
+        # validates_uniqueness_of_login_field_options and the column doesn't have a case-insensitive collation,
+        # this method will modify the query to look something like:
         #
-        #   where("LOWER(#{quoted_table_name}.#{login_field}) = ?", login.downcase).first
+        #   "LOWER(#{quoted_table_name}.#{login_field}) = LOWER(#{login})"
         #
-        # If you don't specify this it calls the good old find_by_* method:
+        # If you don't specify this it just uses a regular case-sensitive search (with the binary modifier if necessary):
         #
-        #   find_by_login(login)
+        #   "BINARY #{login_field} = #{login}"
         #
         # The above also applies for using email as your login, except that you need to set the :case_sensitive in
         # validates_uniqueness_of_email_field_options to false.
-        #
-        # The only reason I need to do the above is for Postgres and SQLite since they perform case sensitive searches with the
-        # find_by_* methods.
         def find_by_smart_case_login_field(login)
           if login_field
             find_with_case(login_field, login, validates_uniqueness_of_login_field_options[:case_sensitive] != false)
@@ -115,11 +113,14 @@ module Authlogic
 
         private
           def find_with_case(field, value, sensitivity = true)
-            if sensitivity
-              send("find_by_#{field}", value)
+            relation = if not sensitivity
+              connection.case_insensitive_comparison(arel_table, field.to_s, columns_hash[field.to_s], value)
             else
-              where("LOWER(#{quoted_table_name}.#{field}) = ?", value.mb_chars.downcase).first
+              value    = connection.case_sensitive_modifier(value) if value
+              relation = arel_table[field.to_s].eq(value)
             end
+
+            where(relation).first
           end
       end
 

data/lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -52,7 +52,7 @@ module Authlogic
 
         # Class level methods for the perishable token
         module ClassMethods
-          # Use this methdo to find a record with a perishable token. This method does 2 things for you:
+          # Use this method to find a record with a perishable token. This method does 2 things for you:
           #
           # 1. It ignores blank tokens
           # 2. It enforces the perishable_token_valid_for configuration option.

data/lib/authlogic/controller_adapters/rack_adapter.rb

@@ -0,0 +1,63 @@
+module Authlogic
+  module ControllerAdapters
+    # Adapter for authlogic to make it function as a Rack middleware.
+    # First you'll have write your own Rack adapter where you have to set your cookie domain.
+    #
+    #     class YourRackAdapter < Authlogic::ControllerAdapters::RackAdapter
+    #       def cookie_domain
+    #         'your_cookie_domain_here.com'
+    #       end
+    #     end
+    #
+    # Next you need to set up a rack middleware like this:
+    #
+    #     class AuthlogicMiddleware
+    #       def initialize(app)
+    #         @app = app
+    #       end
+    #
+    #       def call(env)
+    #         YourRackAdapter.new(env)
+    #         @app.call(env)
+    #       end
+    #     end
+    #
+    # And that is all! Now just load this middleware into rack:
+    #
+    #     use AuthlogicMiddleware
+    #
+    # Authlogic will expect a User and a UserSession object to be present:
+    #
+    #     class UserSession < Authlogic::Session::Base
+    #       # Authlogic options go here
+    #     end
+    #
+    #     class User < ActiveRecord::Base
+    #       acts_as_authentic
+    #     end
+    #
+    class RackAdapter < AbstractAdapter
+
+      def initialize(env)
+        # We use the Rack::Request object as the controller object.
+        # For this to work, we have to add some glue.
+        request = Rack::Request.new(env)
+
+        request.instance_eval do
+          def request; self; end
+          def remote_ip; self.ip; end
+        end
+
+        super(request)
+        Authlogic::Session::Base.controller = self
+      end
+
+      # Rack Requests stores cookies with not just the value, but also with flags and expire information in the hash.
+      # Authlogic does not like this, so we drop everything except the cookie value
+      def cookies
+        controller.cookies.map{|key, value_hash| {key => value_hash[:value]} }.inject(:merge) || {}
+      end
+    end
+  end
+
+end

data/lib/authlogic/crypto_providers/bcrypt.rb

@@ -1,8 +1,4 @@
-begin
-  require "bcrypt"
-rescue LoadError
-  "sudo gem install bcrypt-ruby"
-end
+require "bcrypt"
 
 module Authlogic
   module CryptoProviders
@@ -21,16 +17,16 @@ module Authlogic
     #
     #   Benchmark.bm(18) do |x|
     #     x.report("BCrypt (cost = 10:") { 100.times { BCrypt::Password.create("mypass", :cost => 10) } }
-    #     x.report("BCrypt (cost = 2:") { 100.times { BCrypt::Password.create("mypass", :cost => 2) } }
+    #     x.report("BCrypt (cost = 4:") { 100.times { BCrypt::Password.create("mypass", :cost => 4) } }
     #     x.report("Sha512:") { 100.times { Digest::SHA512.hexdigest("mypass") } }
     #     x.report("Sha1:") { 100.times { Digest::SHA1.hexdigest("mypass") } }
     #   end
     #
-    #                           user     system      total        real
-    #   BCrypt (cost = 10): 10.780000   0.060000  10.840000 ( 11.100289)
-    #   BCrypt (cost = 2):  0.180000   0.000000   0.180000 (  0.181914)
-    #   Sha512:             0.000000   0.000000   0.000000 (  0.000829)
-    #   Sha1:               0.000000   0.000000   0.000000 (  0.000395)
+    #                            user     system      total        real
+    #   BCrypt (cost = 10):  37.360000   0.020000  37.380000 ( 37.558943)
+    #   BCrypt (cost = 4):    0.680000   0.000000   0.680000 (  0.677460)
+    #   Sha512:               0.000000   0.000000   0.000000 (  0.000672)
+    #   Sha1:                 0.000000   0.000000   0.000000 (  0.000454)
     #
     # You can play around with the cost to get that perfect balance
     # between performance and security. A default cost of 10 is the
@@ -50,24 +46,30 @@ module Authlogic
     class BCrypt
       class << self
         # This is the :cost option for the BCrpyt library. The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
-        # Set this to whatever you want, play around with it to get that perfect balance between security and performance.
+        # Set this to any value >= the engine's minimum (currently 4), play around with it to get that perfect balance between security and performance.
         def cost
           @cost ||= 10
         end
-        attr_writer :cost
-        
+
+        def cost=(val)
+          if val < ::BCrypt::Engine::MIN_COST
+            raise ArgumentError.new("Authlogic's bcrypt cost cannot be set below the engine's min cost (#{::BCrypt::Engine::MIN_COST})")
+          end
+          @cost = val
+        end
+
         # Creates a BCrypt hash for the password passed.
         def encrypt(*tokens)
           ::BCrypt::Password.create(join_tokens(tokens), :cost => cost)
         end
-        
+
         # Does the hash match the tokens? Uses the same tokens that were used to encrypt.
         def matches?(hash, *tokens)
           hash = new_from_hash(hash)
           return false if hash.blank?
           hash == join_tokens(tokens)
         end
-        
+
         # This method is used as a flag to tell Authlogic to "resave" the password upon a successful login, using the new cost
         def cost_matches?(hash)
           hash = new_from_hash(hash)
@@ -77,12 +79,12 @@ module Authlogic
             hash.cost == cost
           end
         end
-        
+
         private
           def join_tokens(tokens)
             tokens.flatten.join
           end
-          
+
           def new_from_hash(hash)
             begin
               ::BCrypt::Password.new(hash)

data/lib/authlogic/crypto_providers/scrypt.rb

@@ -1,8 +1,4 @@
-begin
-  require "scrypt"
-rescue LoadError
-  "sudo gem install scrypt"
-end
+require "scrypt"
 
 module Authlogic
   module CryptoProviders
@@ -67,7 +63,7 @@ module Authlogic
           def join_tokens(tokens)
             tokens.flatten.join
           end
-          
+
           def new_from_hash(hash)
             begin
               ::SCrypt::Password.new(hash)

data/lib/authlogic/session/active_record_trickery.rb

@@ -9,7 +9,7 @@ module Authlogic
         klass.extend ClassMethods
         klass.send(:include, InstanceMethods)
       end
-      
+
       module ClassMethods
         # How to name the attributes of Authlogic, works JUST LIKE ActiveRecord, but instead it uses the following
         # namespace:
@@ -20,24 +20,14 @@ module Authlogic
           options[:default] ||= attribute_key_name.to_s.humanize
           I18n.t("attributes.#{name.underscore}.#{attribute_key_name}", options)
         end
-        
+
         # How to name the class, works JUST LIKE ActiveRecord, except it uses the following namespace:
         #
         #   authlogic.models.user_session
         def human_name(*args)
           I18n.t("models.#{name.underscore}", {:count => 1, :default => name.humanize})
         end
-        
-        # For rails < 2.3, mispelled
-        def self_and_descendents_from_active_record
-          [self]
-        end
-        
-        # For rails >= 2.3, mispelling fixed
-        def self_and_descendants_from_active_record
-          [self]
-        end
-        
+
         # For rails >= 3.0
         def model_name
           if defined?(::ActiveModel)
@@ -55,7 +45,7 @@ module Authlogic
           ancestors.select { |x| x.respond_to?(:model_name) }
         end
       end
-      
+
       module InstanceMethods
         # Don't use this yourself, this is to just trick some of the helpers since this is the method it calls.
         def new_record?
@@ -69,7 +59,7 @@ module Authlogic
         def destroyed?
           record.nil?
         end
-        
+
         def to_key
           new_record? ? nil : record.to_key
         end

data/lib/authlogic/session/magic_columns.rb

@@ -8,7 +8,7 @@ module Authlogic
     #   last_request_at       Updates every time the user logs in, either by explicitly logging in, or logging in by cookie, session, or http auth
     #   current_login_at      Updates with the current time when an explicit login is made.
     #   last_login_at         Updates with the value of current_login_at before it is reset.
-    #   current_login_ip      Updates with the request remote_ip when an explicit login is made.
+    #   current_login_ip      Updates with the request ip when an explicit login is made.
     #   last_login_ip         Updates with the value of current_login_ip before it is reset.
     module MagicColumns
       def self.included(klass)
@@ -21,7 +21,7 @@ module Authlogic
           before_save :set_last_request_at, :if => :set_last_request_at?
         end
       end
-      
+
       # Configuration for the magic columns feature.
       module Config
         # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists.
@@ -36,7 +36,7 @@ module Authlogic
         end
         alias_method :last_request_at_threshold=, :last_request_at_threshold
       end
-      
+
       # The methods available for an Authlogic::Session::Base object that make up the magic columns feature.
       module InstanceMethods
         private
@@ -46,22 +46,22 @@ module Authlogic
               attempted_record.failed_login_count += 1
             end
           end
-        
+
           def update_info
             record.login_count = (record.login_count.blank? ? 1 : record.login_count + 1) if record.respond_to?(:login_count)
             record.failed_login_count = 0 if record.respond_to?(:failed_login_count)
-          
+
             if record.respond_to?(:current_login_at)
               record.last_login_at = record.current_login_at if record.respond_to?(:last_login_at)
               record.current_login_at = klass.default_timezone == :utc ? Time.now.utc : Time.now
             end
-          
+
             if record.respond_to?(:current_login_ip)
               record.last_login_ip = record.current_login_ip if record.respond_to?(:last_login_ip)
-              record.current_login_ip = controller.request.remote_ip
+              record.current_login_ip = controller.request.ip
             end
           end
-          
+
           # This method lets authlogic know whether it should allow the last_request_at field to be updated
           # with the current time (Time.now). One thing to note here is that it also checks for the existence of a
           # last_request_update_allowed? method in your controller. This allows you to control this method pragmatically
@@ -81,11 +81,11 @@ module Authlogic
             return controller.last_request_update_allowed? if controller.responds_to_last_request_update_allowed?
             record.last_request_at.blank? || last_request_at_threshold.to_i.seconds.ago >= record.last_request_at
           end
-        
+
           def set_last_request_at
             record.last_request_at = klass.default_timezone == :utc ? Time.now.utc : Time.now
           end
-          
+
           def last_request_at_threshold
             self.class.last_request_at_threshold
           end

data/lib/authlogic/session/session.rb

@@ -35,8 +35,8 @@ module Authlogic
               # Allow finding by persistence token, because when records are created the session is maintained in a before_save, when there is no id.
               # This is done for performance reasons and to save on queries.
               record = record_id.nil? ?
-                search_for_record("find_by_persistence_token", persistence_token) :
-                search_for_record("find_by_#{klass.primary_key}", record_id)
+                search_for_record("find_by_persistence_token", persistence_token.to_s) :
+                search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
               self.unauthorized_record = record if record && record.persistence_token == persistence_token
               valid?
             else

data/lib/authlogic/test_case/mock_request.rb

@@ -2,15 +2,15 @@ module Authlogic
   module TestCase
     class MockRequest # :nodoc:
       attr_accessor :controller
-      
+
       def initialize(controller)
         self.controller = controller
       end
-      
-      def remote_ip
+
+      def ip
         (controller && controller.respond_to?(:env) && controller.env.is_a?(Hash) && controller.env['REMOTE_ADDR']) || "1.1.1.1"
       end
-      
+
       private
         def method_missing(*args, &block)
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 3.4.0
+  version: 3.4.1
 platform: ruby
 authors:
 - Ben Johnson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-03 00:00:00.000000000 Z
+date: 2014-04-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -169,6 +169,7 @@ files:
 - lib/authlogic/authenticates_many/association.rb
 - lib/authlogic/authenticates_many/base.rb
 - lib/authlogic/controller_adapters/abstract_adapter.rb
+- lib/authlogic/controller_adapters/rack_adapter.rb
 - lib/authlogic/controller_adapters/rails_adapter.rb
 - lib/authlogic/controller_adapters/sinatra_adapter.rb
 - lib/authlogic/crypto_providers/aes256.rb