RubyGems - authlogic - Versions diffs - 3.4.4 → 3.4.5 - Mend

authlogic 3.4.4 → 3.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +14 -1
data/authlogic.gemspec +1 -1
data/lib/authlogic/acts_as_authentic/perishable_token.rb +1 -1
data/lib/authlogic/session/cookies.rb +2 -2
data/test/session_test/cookies_test.rb +8 -0
data/test/test_helper.rb +4 -4
metadata +37 -37

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 17095091ab5b4dcc1f590473c508b1399bc292a7
-  data.tar.gz: f5007fb710d07bb9c3ccc6b0739f6fdf991784de
+!binary "U0hBMQ==":
+  metadata.gz: 8bffb67255fc9ec159c102e5a1fb08da08ccac95
+  data.tar.gz: c02b665debaece73cfe56a98779189f9020e014b
 SHA512:
-  metadata.gz: f135d071afd20fe21989436341ecf97eeefbbf4c7b53b06a958e5ada571a8a564cbb0b913f164950d2e4fa197bf5a2d4f505e61002fc44c92d8f07995692ad65
-  data.tar.gz: c1d77b76d9a8d781145a532bbfe43f48be0992990efc0d8b5689abc551072a8bf8c1661bfc93c91e837be6d7cef973946df7b8d443c9d9dc559d0ff9bda06319
+  metadata.gz: b31555535c3e0b37dca55ae8ed02dd38d2879793174c30c26c4047a7bbf9b4750c3b7a97b442db88608c1f60ba0d3f07de406f101a2ba6d05d96fcea7292763c
+  data.tar.gz: bc1bf62ba62ee81894742526f3993957421592663f30736da7681781ea663f01f582cf3b831da908e597f606f04c18aa003b0f501417d35e889194e82fa580a0

data/CHANGELOG.md CHANGED

@@ -1,5 +1,18 @@
 # Changelog
+## 3.4.5 2015-03-01
+* changes
+  * security-hardening fix and cleanup in persistence_token lookup
+  * security-hardening fix in perishable_token lookup (thx @tomekr)
+## 3.4.4 2014-12-23
+* changes
+  * extract rw_config into an Authlogic::Config module
+  * improved the way config changes are made in tests
+  * fix for Rails 4.2 by extending ActiveModel
 ## 3.4.3 2014-10-08
 * changes
@@ -30,7 +43,7 @@
   * added request store for better concurency for threaded environments
 * changes
-  * made scrypt the default crypto provider from SHA512
+  * BREAKING CHANGE: made scrypt the default crypto provider from SHA512 (https://github.com/binarylogic/authlogic#upgrading-to-authlogic-340)
   * ditched appraisal
   * officially support rails 4 (still supporting rails 3)
   * improved find_with_case default performance

data/authlogic.gemspec CHANGED

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 Gem::Specification.new do |s|
   s.name        = "authlogic"
-  s.version     = "3.4.4"
+  s.version     = "3.4.5"
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Ben Johnson"]
   s.email       = ["bjohnson@binarylogic.com"]

data/lib/authlogic/acts_as_authentic/perishable_token.rb CHANGED

@@ -65,7 +65,7 @@ module Authlogic
             age = age.to_i
             conditions_sql = "perishable_token = ?"
-            conditions_subs = [token]
+            conditions_subs = [token.to_s]
             if column_names.include?("updated_at") && age > 0
               conditions_sql += " and updated_at > ?"

data/lib/authlogic/session/cookies.rb CHANGED

@@ -190,8 +190,8 @@ module Authlogic
           # Tries to validate the session from information in the cookie
           def persist_by_cookie
             persistence_token, record_id = cookie_credentials
-            if !persistence_token.nil?
-              record = record_id.nil? ? search_for_record("find_by_persistence_token", persistence_token) : search_for_record("find_by_#{klass.primary_key}", record_id)
+            if persistence_token.present?
+              record = search_for_record("find_by_#{klass.primary_key}", record_id)
               self.unauthorized_record = record if record && record.persistence_token == persistence_token
               valid?
             else

data/test/session_test/cookies_test.rb CHANGED

@@ -128,6 +128,14 @@ module SessionTest
         assert_equal ben, session.record
       end
+      def test_persist_persist_by_cookie_with_blank_persistence_token
+        ben = users(:ben)
+        ben.update_column(:persistence_token, "")
+        assert !UserSession.find
+        set_cookie_for(ben)
+        assert !UserSession.find
+      end
       def test_remember_me_expired
         ben = users(:ben)
         session = UserSession.new(ben)

data/test/test_helper.rb CHANGED

@@ -163,15 +163,15 @@ class ActiveSupport::TestCase
       controller.http_user = controller.http_password = controller.realm = nil
     end
-    def set_cookie_for(user, id = nil)
-      controller.cookies["user_credentials"] = {:value => user.persistence_token, :expires => nil}
+    def set_cookie_for(user)
+      controller.cookies["user_credentials"] = {:value => "#{user.persistence_token}::#{user.id}", :expires => nil}
     end
     def unset_cookie
       controller.cookies["user_credentials"] = nil
     end
-    def set_params_for(user, id = nil)
+    def set_params_for(user)
       controller.params["user_credentials"] = user.single_access_token
     end
@@ -187,7 +187,7 @@ class ActiveSupport::TestCase
       controller.request_content_type = nil
     end
-    def set_session_for(user, id = nil)
+    def set_session_for(user)
       controller.session["user_credentials"] = user.persistence_token
       controller.session["user_credentials_id"] = user.id
     end

metadata CHANGED

@@ -1,99 +1,99 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 3.4.4
+  version: 3.4.5
 platform: ruby
 authors:
 - Ben Johnson
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-12-23 00:00:00.000000000 Z
+date: 2015-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '3.2'
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '3.2'
-  prerelease: false
   type: :runtime
-- !ruby/object:Gem::Dependency
-  name: activesupport
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '3.2'
-  prerelease: false
   type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '3.2'
 - !ruby/object:Gem::Dependency
   name: request_store
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.0'
-  requirement: !ruby/object:Gem::Requirement
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.0'
-  prerelease: false
-  type: :runtime
 - !ruby/object:Gem::Dependency
   name: scrypt
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.2'
-  requirement: !ruby/object:Gem::Requirement
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.2'
-  prerelease: false
-  type: :runtime
 - !ruby/object:Gem::Dependency
   name: bcrypt
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
-  requirement: !ruby/object:Gem::Requirement
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '3.1'
-  prerelease: false
-  type: :development
 - !ruby/object:Gem::Dependency
   name: timecop
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.7'
-  requirement: !ruby/object:Gem::Requirement
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.7'
-  prerelease: false
-  type: :development
 description: A clean, simple, and unobtrusive ruby authentication solution.
 email:
 - bjohnson@binarylogic.com
@@ -237,24 +237,24 @@ homepage: http://github.com/binarylogic/authlogic
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.1.9
-signing_key:
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
 specification_version: 4
 summary: A clean, simple, and unobtrusive ruby authentication solution.
 test_files: