authlogic 3.4.2 → 3.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f3c45b3e20668e033c6495eead74fffb26f49e2d
-  data.tar.gz: 5874acbfdecb0756c3832cf7529be7096dc5285a
+  metadata.gz: 2d73042e9d99c9d01535d405c9e735a22967c1ed
+  data.tar.gz: 5ba70f01a348b3990451ab67e91dd6f49966290d
 SHA512:
-  metadata.gz: 2fd5a1c9152c9b908e19788a93e5b6c81c6e445a16518278114e52110243acec868beacb1e2a901b5c9a6267ce15e2c58fafca16e788e49cb8d6ae6d0593ebd3
-  data.tar.gz: 6b59e97756f951c24bd0b7a79830bab6f1ab4f23e21446c6c49b90128d6aee29daa05d3a047a741d856810930591ef0dbee6d1a31a8b18c5591b0dbd3edc0a38
+  metadata.gz: 653df6e58f3a50a81cd85bd7304f2eb0895606d08b2969d41a817d8ad9ea40d6d2bcd669e069fbc28739c95371f2f1b4b992652efd75458b527eba88d74be023
+  data.tar.gz: f1f535422bd84ee1f11899490fec35c0822d07a28c8188d8037c10fef8971aaeaa35cdd767f24b11bf987bc4fa207ea921febf855cf56803e28c438ad7d34802

data/.gitignore

@@ -6,7 +6,7 @@ pkg/*
 coverage/*
 doc/*
 benchmarks/*
-.specification
 .rvmrc
 test/gemfiles/Gemfile*.lock
 .bundle
+Gemfile.lock

data/.travis.yml

@@ -1,10 +1,8 @@
 language: ruby
 rvm:
-  - 1.8.7
   - 1.9.3
   - 2.0.0
   - 2.1.0
-  - ree
   - jruby
 
 gemfile:
@@ -14,14 +12,6 @@ gemfile:
 
 matrix:
   exclude:
-    - rvm: 1.8.7
-      gemfile: test/gemfiles/Gemfile.rails-4.0.x
-    - rvm: ree
-      gemfile: test/gemfiles/Gemfile.rails-4.0.x
-    - rvm: 1.8.7
+    - rvm: 1.9.3
       gemfile: test/gemfiles/Gemfile.rails-4.1.x
-    - rvm: ree
-      gemfile: test/gemfiles/Gemfile.rails-4.1.x
-  allow_failures:
-    - gemfile: test/gemfiles/Gemfile.rails-4.1.x
   fast_finish: true

data/CHANGELOG.md

@@ -0,0 +1,102 @@
+# Changelog
+
+## 3.4.3 2014-10-08
+
+* changes
+  * backfill CHANGELOG
+  * better compatibility with jruby (thx @petergoldstein)
+  * added scrypt as a dependency
+  * cleanup some code (thx @roryokane)
+  * reference 'bcrypt' gem instead of 'bcrypt-ruby' (thx @roryokane)
+  * fixed typo (thx @chamini2)
+  * fixed magic column validations for Rails 4.2 (thx @tom-kuca)
+
+## 3.4.2 2014-04-28
+
+* changes
+  * fixed the missing scrypt/bcrypt gem errors introduced in 3.4.1
+  * implemented autoloading for providers
+  * added longer subdomain support in email regex
+
+## 3.4.1 2014-04-04
+
+* changes
+  * undid an accidental revert of some code
+
+## 3.4.0 2014-03-03
+
+* new
+  * added cookie signing
+  * added request store for better concurency for threaded environments
+
+* changes
+  * made scrypt the default crypto provider from SHA512
+  * ditched appraisal
+  * officially support rails 4 (still supporting rails 3)
+  * improved find_with_case default performance
+  * added a rack adapter for Rack middleware support
+  * added travis ci support
+
+## 3.3.0 2014-04-04
+
+* changes
+  * added safeguard against a sqli that was also fixed in rails 3.2.10/3.1.9/3.0.18
+  * imposed the bcrypt gem's mincost
+  * removed shoulda macros
+
+## 3.2.0 2012-12-07
+
+* new
+  * scrypt support
+
+* changes
+  * moved back to LOWER for find_with_case ci lookups
+
+## 3.1.3 2012-06-13
+
+* changes
+  * removed jeweler
+
+## 3.1.2 2012-06-01
+
+* changes
+  * mostly test fixes
+
+## 3.1.1 2012-06-01
+
+* changes
+  * mostly doc fixes
+
+## 3.1.0 2011-10-19
+
+* changes
+  * mostly small bug fixes
+
+## 3.0.3 2011-05-17
+
+* changes
+  * rails 3.1 support
+
+* new
+  * http auth support
+
+## 3.0.2 2011-04-30
+
+* changes
+  * doc fixes
+
+## 3.0.1 2011-04-30
+
+* changes
+  * switch from LOWER to LIKE for find_with_case ci lookups
+
+## 3.0.0 2011-04-30
+
+* new
+  * ssl cookie support
+  * httponly cookie support
+  * added a session generator
+
+* changes
+  * rails 3 support
+  * ruby 1.9.2 support

data/Gemfile

@@ -1,2 +1,5 @@
 source "https://rubygems.org"
-gemspec
+gemspec
+
+gem 'activerecord-jdbcsqlite3-adapter', :platforms => :jruby
+gem 'sqlite3', :platforms => :ruby

data/README.rdoc

@@ -1,6 +1,10 @@
 = Authlogic
 
-** Authlogic plans to support rails 3 and 4 for the foreseeable future
+** Authlogic supports both rails 3 and 4. For rails 2, see the rail2 branch
+
+{<img src="https://travis-ci.org/binarylogic/authlogic.svg?branch=master" alt="Build Status" />}[https://travis-ci.org/binarylogic/authlogic]
+
+{<img src="https://codeclimate.com/github/binarylogic/authlogic.png" />}[https://codeclimate.com/github/binarylogic/authlogic]
 
 Authlogic is a clean, simple, and unobtrusive ruby authentication solution.
 
@@ -41,6 +45,12 @@ To get all of the nice authentication functionality in your model just do this:
 
 This handles validations, etc. It is also "smart" in the sense that it if a login field is present it will use that to authenticate, if not it will look for an email field, etc. This is all configurable, but for 99% of cases that above is all you will need to do.
 
+You may specify how passwords are cryptographically hashed (or encrypted) by setting the Authlogic::CryptoProvider option:
+
+  c.crypto_provider = Authlogic::CryptoProviders::BCrypt
+
+NOTE: the default provider was changed from **Sha512** to **SCrypt** in version 3.4.0.
+
 Also, sessions are automatically maintained. You can switch this on and off with configuration, but the following will automatically log a user in after a successful registration:
 
   User.create(params[:user])
@@ -162,5 +172,3 @@ Interested in how all of this all works? Think about an ActiveRecord model. A da
 
 
 Copyright (c) 2012 {Ben Johnson of Binary Logic}[http://www.binarylogic.com], released under the MIT license
-
-{<img src="https://codeclimate.com/github/binarylogic/authlogic.png" />}[https://codeclimate.com/github/binarylogic/authlogic]

data/authlogic.gemspec

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "authlogic"
-  s.version     = "3.4.2"
+  s.version     = "3.4.3"
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Ben Johnson"]
   s.email       = ["bjohnson@binarylogic.com"]
@@ -16,9 +16,8 @@ Gem::Specification.new do |s|
   s.add_dependency 'activerecord', '>= 3.2'
   s.add_dependency 'activesupport', '>= 3.2'
   s.add_dependency 'request_store', '~> 1.0'
-  s.add_development_dependency 'bcrypt-ruby', '~> 3.1'
-  s.add_development_dependency 'scrypt', '~> 1.2'
-  s.add_development_dependency 'sqlite3', '~> 1.3'
+  s.add_dependency 'scrypt', '~> 1.2'
+  s.add_development_dependency 'bcrypt', '~> 3.1'
   s.add_development_dependency 'timecop', '~> 0.7'
 
   s.files         = `git ls-files`.split("\n")

data/lib/authlogic/acts_as_authentic/magic_columns.rb

@@ -14,11 +14,11 @@ module Authlogic
       module Methods
         def self.included(klass)
           klass.class_eval do
-            validates_numericality_of :login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
-            validates_numericality_of :failed_login_count, :only_integer => :true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("failed_login_count")
+            validates_numericality_of :login_count, :only_integer => true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("login_count")
+            validates_numericality_of :failed_login_count, :only_integer => true, :greater_than_or_equal_to => 0, :allow_nil => true if column_names.include?("failed_login_count")
           end
         end
       end
     end
   end
-end
+end

data/lib/authlogic/acts_as_authentic/password.rb

@@ -149,11 +149,7 @@ module Authlogic
         # * <tt>Default:</tt> CryptoProviders::SCrypt
         # * <tt>Accepts:</tt> Class
         def crypto_provider(value = nil)
-          if value.nil? and !acts_as_authentic_config.include?(:crypto_provider)
-            rw_config(:crypto_provider, CryptoProviders::SCrypt)
-          else
-            rw_config(:crypto_provider, value)
-          end
+          rw_config(:crypto_provider, value, CryptoProviders::SCrypt)
         end
         alias_method :crypto_provider=, :crypto_provider
 

data/lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -24,7 +24,7 @@ module Authlogic
         end
         alias_method :perishable_token_valid_for=, :perishable_token_valid_for
 
-        # Authlogic tries to expire and change the perishable token as much as possible, without comprising
+        # Authlogic tries to expire and change the perishable token as much as possible, without compromising
         # it's purpose. This is for security reasons. If you want to manage it yourself, you can stop
         # Authlogic from getting your in way by setting this to true.
         #

data/lib/authlogic/crypto_providers/bcrypt.rb

@@ -34,7 +34,7 @@ module Authlogic
     #
     # Decided BCrypt is for you? Just install the bcrypt gem:
     #
-    #   gem install bcrypt-ruby
+    #   gem install bcrypt
     #
     # Tell acts_as_authentic to use it:
     #

data/lib/authlogic/session/cookies.rb

@@ -180,10 +180,11 @@ module Authlogic
 
           def cookie_credentials
             if self.class.sign_cookie
-              controller.cookies.signed[cookie_key] && controller.cookies.signed[cookie_key].split("::")
+              cookie = controller.cookies.signed[cookie_key]
             else
-              controller.cookies[cookie_key] && controller.cookies[cookie_key].split("::")
+              cookie = controller.cookies[cookie_key]
             end
+            cookie && cookie.split("::")
           end
 
           # Tries to validate the session from information in the cookie
@@ -199,20 +200,22 @@ module Authlogic
           end
 
           def save_cookie
+            if sign_cookie?
+              controller.cookies.signed[cookie_key] = generate_cookie_for_saving
+            else
+              controller.cookies[cookie_key] = generate_cookie_for_saving
+            end
+          end
+          
+          def generate_cookie_for_saving
             remember_me_until_value = "::#{remember_me_until.iso8601}" if remember_me?
-            cookie = {
+            {
               :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}#{remember_me_until_value}",
               :expires => remember_me_until,
               :secure => secure,
               :httponly => httponly,
               :domain => controller.cookie_domain
             }
-
-            if sign_cookie?
-              controller.cookies.signed[cookie_key] = cookie
-            else
-              controller.cookies[cookie_key] = cookie
-            end
           end
 
           def destroy_cookie

data/lib/authlogic/session/magic_columns.rb

@@ -48,8 +48,13 @@ module Authlogic
           end
 
           def update_info
-            record.login_count = (record.login_count.blank? ? 1 : record.login_count + 1) if record.respond_to?(:login_count)
-            record.failed_login_count = 0 if record.respond_to?(:failed_login_count)
+            if record.respond_to?(:login_count)
+              record.login_count = (record.login_count.blank? ? 1 : record.login_count + 1)
+            end
+
+            if record.respond_to?(:failed_login_count)
+              record.failed_login_count = 0
+            end
 
             if record.respond_to?(:current_login_at)
               record.last_login_at = record.current_login_at if record.respond_to?(:last_login_at)

data/lib/authlogic/session/password.rb

@@ -115,28 +115,9 @@ module Authlogic
       module InstanceMethods
         def initialize(*args)
           if !self.class.configured_password_methods
-            if login_field
-              self.class.send(:attr_writer, login_field) if !respond_to?("#{login_field}=")
-              self.class.send(:attr_reader, login_field) if !respond_to?(login_field)
-            end
-            
-            if password_field
-              self.class.send(:attr_writer, password_field) if !respond_to?("#{password_field}=")
-              self.class.send(:define_method, password_field) {} if !respond_to?(password_field)
-
-              self.class.class_eval <<-"end_eval", __FILE__, __LINE__
-                private
-                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the
-                  # attempted password. To prevent this we just create this method that is private.
-                  def protected_#{password_field}
-                    @#{password_field}
-                  end
-              end_eval
-            end
-
+            configure_password_methods
             self.class.configured_password_methods = true
           end
-          
           super
         end
         
@@ -169,6 +150,27 @@ module Authlogic
         end
         
         private
+          def configure_password_methods
+            if login_field
+              self.class.send(:attr_writer, login_field) if !respond_to?("#{login_field}=")
+              self.class.send(:attr_reader, login_field) if !respond_to?(login_field)
+            end
+            
+            if password_field
+              self.class.send(:attr_writer, password_field) if !respond_to?("#{password_field}=")
+              self.class.send(:define_method, password_field) {} if !respond_to?(password_field)
+
+              self.class.class_eval <<-"end_eval", __FILE__, __LINE__
+                private
+                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the
+                  # attempted password. To prevent this we just create this method that is private.
+                  def protected_#{password_field}
+                    @#{password_field}
+                  end
+              end_eval
+            end
+          end
+
           def authenticating_with_password?
             login_field && (!send(login_field).nil? || !send("protected_#{password_field}").nil?)
           end
@@ -176,10 +178,12 @@ module Authlogic
           def validate_by_password
             self.invalid_password = false
             
+            # check for blank fields
             errors.add(login_field, I18n.t('error_messages.login_blank', :default => "cannot be blank")) if send(login_field).blank?
             errors.add(password_field, I18n.t('error_messages.password_blank', :default => "cannot be blank")) if send("protected_#{password_field}").blank?
             return if errors.count > 0
 
+            # check for unknown login
             self.attempted_record = search_for_record(find_by_login_method, send(login_field))
             if attempted_record.blank?
               generalize_credentials_error_messages? ?
@@ -188,6 +192,7 @@ module Authlogic
               return
             end
 
+            # check for invalid password
             if !attempted_record.send(verify_password_method, send("protected_#{password_field}"))
               self.invalid_password = true
               generalize_credentials_error_messages? ?
@@ -197,13 +202,7 @@ module Authlogic
             end
           end
           
-          def invalid_password
-            @invalid_password
-          end
-          
-          def invalid_password=(value)
-            @invalid_password = value
-          end
+          attr_accessor :invalid_password
           
           def find_by_login_method
             self.class.find_by_login_method

data/test/gemfiles/Gemfile.rails-3.2.x

@@ -3,3 +3,5 @@ gemspec :path => "./../.."
 
 gem "activerecord", "3.2.17"
 gem "activesupport", "3.2.17"
+gem 'activerecord-jdbcsqlite3-adapter', :platforms => :jruby
+gem 'sqlite3', :platforms => :ruby

data/test/gemfiles/Gemfile.rails-4.0.x

@@ -1,5 +1,7 @@
 source "https://rubygems.org"
 gemspec :path => "./../.."
 
-gem "activerecord", "4.0.3"
-gem "activesupport", "4.0.3"
+gem "activerecord", "~> 4.0.3"
+gem "activesupport", "~> 4.0.3"
+gem 'activerecord-jdbcsqlite3-adapter', :platforms => :jruby
+gem 'sqlite3', :platforms => :ruby

data/test/gemfiles/Gemfile.rails-4.1.x

@@ -1,5 +1,7 @@
 source "https://rubygems.org"
 gemspec :path => "./../.."
 
-gem "activerecord", "4.1.0.rc1"
-gem "activesupport", "4.1.0.rc1"
+gem "activerecord", "~> 4.1.0"
+gem "activesupport", "~> 4.1.0"
+gem 'activerecord-jdbcsqlite3-adapter', :platforms => :jruby
+gem 'sqlite3', :platforms => :ruby

data/test/session_test/brute_force_protection_test.rb

@@ -20,7 +20,7 @@ module SessionTest
       end
     end
     
-    class InstaceMethodsTest < ActiveSupport::TestCase
+    class InstanceMethodsTest < ActiveSupport::TestCase
       def test_under_limit
         ben = users(:ben)
         ben.failed_login_count = UserSession.consecutive_failed_logins_limit - 1

data/test/test_helper.rb

@@ -14,7 +14,9 @@ logger = Logger.new(STDOUT)
 logger.level= Logger::FATAL
 ActiveRecord::Base.logger = logger
 
-#ActiveRecord::Base.configurations = true
+if (ActiveRecord::VERSION::STRING < '4.1')
+  ActiveRecord::Base.configurations = true
+end
 ActiveRecord::Base.default_timezone = :local
 ActiveRecord::Schema.define(:version => 1) do
   create_table :companies do |t|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 3.4.2
+  version: 3.4.3
 platform: ruby
 authors:
 - Ben Johnson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-28 00:00:00.000000000 Z
+date: 2014-10-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -52,20 +52,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-- !ruby/object:Gem::Dependency
-  name: bcrypt-ruby
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.1'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: scrypt
   requirement: !ruby/object:Gem::Requirement
@@ -73,7 +59,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -81,19 +67,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: bcrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '3.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -117,10 +103,9 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".travis.yml"
+- CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile
-- Gemfile.lock
-- History
 - LICENSE
 - README.rdoc
 - Rakefile

data/Gemfile.lock

@@ -1,56 +0,0 @@
-PATH
-  remote: .
-  specs:
-    authlogic (3.4.2)
-      activerecord (>= 3.2)
-      activesupport (>= 3.2)
-      request_store (~> 1.0)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activemodel (4.1.0)
-      activesupport (= 4.1.0)
-      builder (~> 3.1)
-    activerecord (4.1.0)
-      activemodel (= 4.1.0)
-      activesupport (= 4.1.0)
-      arel (~> 5.0.0)
-    activesupport (4.1.0)
-      i18n (~> 0.6, >= 0.6.9)
-      json (~> 1.7, >= 1.7.7)
-      minitest (~> 5.1)
-      thread_safe (~> 0.1)
-      tzinfo (~> 1.1)
-    arel (5.0.1.20140414130214)
-    bcrypt (3.1.7)
-    bcrypt-ruby (3.1.5)
-      bcrypt (>= 3.1.3)
-    builder (3.2.2)
-    ffi (1.9.3)
-    ffi-compiler (0.1.3)
-      ffi (>= 1.0.0)
-      rake
-    i18n (0.6.9)
-    json (1.8.1)
-    minitest (5.3.3)
-    rake (10.3.1)
-    request_store (1.0.5)
-    scrypt (1.2.1)
-      ffi-compiler (>= 0.0.2)
-      rake
-    sqlite3 (1.3.9)
-    thread_safe (0.3.3)
-    timecop (0.7.1)
-    tzinfo (1.1.0)
-      thread_safe (~> 0.1)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  authlogic!
-  bcrypt-ruby (~> 3.1)
-  scrypt (~> 1.2)
-  sqlite3 (~> 1.3)
-  timecop (~> 0.7)

data/History

@@ -1,10 +0,0 @@
-== 3.4.0 2014-03-03
-
-* new
-  * added cookie signing
-  * added request store for better concurency for threaded environments
-
-* changes
-  * made SCrpyt the default crypto provider from SHA512
-  * ditched appraisal
-  * officially support rails 4 (still supporting rails 3)