authlogic 3.4.5 → 3.4.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: 8bffb67255fc9ec159c102e5a1fb08da08ccac95
-  data.tar.gz: c02b665debaece73cfe56a98779189f9020e014b
+SHA1:
+  metadata.gz: e9c7f5c79c3343a9c1d2f15743ffef73e6a5a73d
+  data.tar.gz: 90c6bc0a810fbfeb410c6d5a177148dc9e802329
 SHA512:
-  metadata.gz: b31555535c3e0b37dca55ae8ed02dd38d2879793174c30c26c4047a7bbf9b4750c3b7a97b442db88608c1f60ba0d3f07de406f101a2ba6d05d96fcea7292763c
-  data.tar.gz: bc1bf62ba62ee81894742526f3993957421592663f30736da7681781ea663f01f582cf3b831da908e597f606f04c18aa003b0f501417d35e889194e82fa580a0
+  metadata.gz: 1b3fedace0a9232fad6ba1ad25994215f76af134a74c82496f24c1554af00c59ed00cab602ca11c480c66228e0b738e555e6612f68764c8205e10fc92e6a07d6
+  data.tar.gz: 20ca2cfb1de0d9f30b90014188e5bd7592fc087b381861c047293d9ecbc6d4084475a8409a74000b2a6ed2ab0ffea6534208e04b4496ecba555a3975b2614649

data/CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## Unreleased
+
+* changes
+  * ...
+
+## 3.4.6 2015
+
+* changes
+  * add Regex.email_nonascii for validation of emails w/unicode (@rchekaluk)
+  * allow scrypt 2.x (@jaredbeck)
+
 ## 3.4.5 2015-03-01
 
 * changes

data/README.rdoc

@@ -49,6 +49,10 @@ You may specify how passwords are cryptographically hashed (or encrypted) by set
 
   c.crypto_provider = Authlogic::CryptoProviders::BCrypt
 
+You may validate international email addresses by enabling the provided alternate regex:
+
+  c.validates_format_of_email_field_options = {:with => Authlogic::Regex.email_nonascii}
+
 Also, sessions are automatically maintained. You can switch this on and off with configuration, but the following will automatically log a user in after a successful registration:
 
   User.create(params[:user])
@@ -106,6 +110,49 @@ Each of the above has its various sub modules that contain common logic. The sub
 
 For example, if you want to timeout users after a certain period of inactivity, you would look in <b>Authlogic::Session::Timeout</b>. To help you out, I listed the following publicly relevant modules with short descriptions. For the sake of brevity, there are more modules than listed here, the ones not listed are more for internal use, but you can easily read up on them in the {documentation}[http://rdoc.info/projects/binarylogic/authlogic].
 
+== Example migration
+
+If you want to enable all the features of Authlogic, a migration to create a
++User+ model, for example, might look like this:
+
+  class CreateUser < ActiveRecord::Migration
+    def change
+      create_table :users do |t|
+        # Authlogic::ActsAsAuthentic::Email
+        t.string    :email
+
+        # Authlogic::ActsAsAuthentic::Password
+        t.string    :crypted_password
+        t.string    :password_salt
+
+        # Authlogic::ActsAsAuthentic::PersistenceToken
+        t.string    :persistence_token
+
+        # Authlogic::ActsAsAuthentic::SingleAccessToken
+        t.string    :single_access_token
+
+        # Authlogic::ActsAsAuthentic::PerishableToken
+        t.string    :perishable_token
+
+        # Authlogic::Session::MagicColumns
+        t.integer   :login_count, default: 0, null: false
+        t.integer   :failed_login_count, default: 0, null: false
+        t.datetime  :last_request_at
+        t.datetime  :current_login_at
+        t.datetime  :last_login_at
+        t.string    :current_login_ip
+        t.string    :last_login_ip
+
+        # Authlogic::Session::MagicStates
+        t.boolean   :active, default: false
+        t.boolean   :approved, default: false
+        t.boolean   :confirmed, default: false
+
+        t.timestamps
+      end
+    end
+  end
+
 == Quick Rails example
 
 What if creating sessions worked like an ORM library on the surface...

data/authlogic.gemspec

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "authlogic"
-  s.version     = "3.4.5"
+  s.version     = "3.4.6"
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Ben Johnson"]
   s.email       = ["bjohnson@binarylogic.com"]
@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
   s.add_dependency 'activerecord', '>= 3.2'
   s.add_dependency 'activesupport', '>= 3.2'
   s.add_dependency 'request_store', '~> 1.0'
-  s.add_dependency 'scrypt', '~> 1.2'
+  s.add_dependency 'scrypt', '>= 1.2', '< 3.0'
   s.add_development_dependency 'bcrypt', '~> 3.1'
   s.add_development_dependency 'timecop', '~> 0.7'
 

data/lib/authlogic/acts_as_authentic/email.rb

@@ -62,6 +62,9 @@ module Authlogic
         # merge options into it. Checkout the convenience function merge_validates_format_of_email_field_options to merge
         # options.</b>
         #
+        # To validate international email addresses, enable the provided alternate regex:
+        # * <tt>validates_format_of_email_field_options({:with => Authlogic::Regex.email_nonascii})</tt>
+        #
         # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => Proc.new {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
         def validates_format_of_email_field_options(value = nil)

data/lib/authlogic/acts_as_authentic/login.rb

@@ -116,10 +116,13 @@ module Authlogic
             relation = if not sensitivity
               connection.case_insensitive_comparison(arel_table, field.to_s, columns_hash[field.to_s], value)
             else
-              value    = connection.case_sensitive_modifier(value) if value
+              if Gem::Version.new(Rails.version) < Gem::Version.new('4.2')
+                value = connection.case_sensitive_modifier(value)
+              else
+                value = connection.case_sensitive_modifier(value, field.to_s)
+              end
               relation = arel_table[field.to_s].eq(value)
             end
-
             where(relation).first
           end
       end

data/lib/authlogic/acts_as_authentic/password.rb

@@ -270,7 +270,7 @@ module Authlogic
           def reset_password
             friendly_token = Authlogic::Random.friendly_token
             self.password = friendly_token
-            self.password_confirmation = friendly_token
+            self.password_confirmation = friendly_token if self.class.require_password_confirmation
           end
           alias_method :randomize_password, :reset_password
 

data/lib/authlogic/i18n.rb

@@ -34,6 +34,7 @@ module Authlogic
   #       login_invalid: should use only letters, numbers, spaces, and .-_@ please.
   #       consecutive_failed_logins_limit_exceeded: Consecutive failed logins limit exceeded, account is disabled.
   #       email_invalid: should look like an email address.
+  #       email_invalid_international: should look like an international email address.
   #       password_blank: can not be blank
   #       password_invalid: is not valid
   #       not_active: Your account is not active

data/lib/authlogic/regex.rb

@@ -11,13 +11,33 @@ module Authlogic
     # which is an excellent resource for regular expressions.
     def self.email
       @email_regex ||= begin
-        email_name_regex  = '[A-Z0-9_\.%\+\-\']+'
+        email_name_regex  = '[A-Z0-9_\.&%\+\-\']+'
         domain_head_regex = '(?:[A-Z0-9\-]+\.)+'
         domain_tld_regex  = '(?:[A-Z]{2,13})'
         /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/i
       end
     end
 
+    # A draft regular expression for internationalized email addresses.
+    # Given that the standard may be in flux, this simply emulates @email_regex but rather than
+    # allowing specific characters for each part, it instead disallows the complement set of characters:
+    # - email_name_regex disallows: @[]^ !"#$()*,/:;<=>?`{|}~\ and control characters
+    # - domain_head_regex disallows: _%+ and all characters in email_name_regex
+    # - domain_tld_regex disallows: 0123456789- and all characters in domain_head_regex
+    # http://en.wikipedia.org/wiki/Email_address#Internationalization
+    # http://tools.ietf.org/html/rfc6530
+    # http://www.unicode.org/faq/idn.html
+    # http://ruby-doc.org/core-2.1.5/Regexp.html#class-Regexp-label-Character+Classes
+    # http://en.wikipedia.org/wiki/Unicode_character_property#General_Category
+    def self.email_nonascii
+      @email_nonascii_regex ||= begin
+        email_name_regex  = '[^[:cntrl:][@\[\]\^ \!\"#$\(\)*,/:;<=>\?`{|}~\\\]]+'
+        domain_head_regex = '(?:[^[:cntrl:][@\[\]\^ \!\"#$&\(\)*,/:;<=>\?`{|}~\\\_\.%\+\']]+\.)+'
+        domain_tld_regex  = '(?:[^[:cntrl:][@\[\]\^ \!\"#$&\(\)*,/:;<=>\?`{|}~\\\_\.%\+\-\'0-9]]{2,13})'
+        /\A#{email_name_regex}@#{domain_head_regex}#{domain_tld_regex}\z/
+      end
+    end
+
     # A simple regular expression that only allows for letters, numbers, spaces, and .-_@. Just a standard login / username
     # regular expression.
     def self.login

data/lib/authlogic/session/magic_columns.rb

@@ -24,9 +24,9 @@ module Authlogic
 
       # Configuration for the magic columns feature.
       module Config
-        # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists.
+        # Every time a session is found the last_request_at field for that record is updated with the current time, if that field exists.
         # If you want to limit how frequent that field is updated specify the threshold here. For example, if your user is making a
-        # request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threashold. Set this to 1.minute.
+        # request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threshold. Set this to 1.minute.
         # Once a minute has passed in between requests the field will be updated.
         #
         # * <tt>Default:</tt> 0

data/test/acts_as_authentic_test/email_test.rb

@@ -1,7 +1,67 @@
+# encoding: utf-8
 require 'test_helper'
 
 module ActsAsAuthenticTest
   class EmailTest < ActiveSupport::TestCase
+
+    GOOD_ASCII_EMAILS = [
+      "a@a.com",
+      "damien+test1...etc..@mydomain.com",
+      "dakota.dux+1@gmail.com",
+      "dakota.d'ux@gmail.com",
+      "a&b@c.com",
+    ]
+
+    BAD_ASCII_EMAILS = [
+      "",
+      "aaaaaaaaaaaaa",
+      "question?mark@gmail.com",
+      "backslash@g\\mail.com",
+      "<script>alert(123);</script>\nnobody@example.com",
+    ]
+
+    # http://en.wikipedia.org/wiki/ISO/IEC_8859-1#Codepage_layout
+    GOOD_ISO88591_EMAILS = [
+      "töm.öm@dömain.fi",  # https://github.com/binarylogic/authlogic/issues/176
+      "Pelé@examplé.com",  # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
+    ]
+
+    BAD_ISO88591_EMAILS = [
+      "",
+      "öm(@ava.fi",      # L paren
+      "é)@domain.com",   # R paren
+      "é[@example.com",  # L bracket
+      "question?mark@gmail.com",  # question mark
+      "back\\slash@gmail.com",    # backslash
+    ]
+
+    GOOD_UTF8_EMAILS = [
+      "δκιμή@παράδεγμα.δοκμή",            # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
+      "我本@屋企.香港",                     # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
+      "甲斐@黒川.日買",                     # http://en.wikipedia.org/wiki/Email_address#Internationalization_examples
+      "чебурша@ящик-с-пельнами.рф",       # Contains dashes in domain head
+      "企斐@黒川.みんな",                                              #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
+    ]
+
+    BAD_UTF8_EMAILS = [
+      "",
+              ".みんな",                                                    #  https://github.com/binarylogic/authlogic/issues/176#issuecomment-55829320
+      'δκιμή@παράδεγμα.δ',          # short TLD
+      "öm(@ava.fi",                 # L paren
+      "é)@domain.com",              # R paren
+      "é[@example.com",             # L bracket
+      "δ]@πράιγμα.δοκμή",           # R bracket
+      "我\.香港",                    # slash
+      "甲;.日本",                    # semicolon
+      "ч:@ящик-с-пельнами.рф",      # colon
+      "斐,.みんな",                                           #  comma
+      "香<.香港",                    # less than
+      "我>.香港",                    # greater than
+      "我?本@屋企.香港",              # question mark
+      "чебурша@ьн\\ами.рф",         # backslash
+      "user@domain.com%0A<script>alert('hello')</script>",
+    ]
+
     def test_email_field_config
       assert_equal :email, User.email_field
       assert_equal :email, Employee.email_field
@@ -53,6 +113,12 @@ module ActsAsAuthenticTest
       assert_equal({:yes => "no"}, User.validates_format_of_email_field_options)
       User.validates_format_of_email_field_options default
       assert_equal default, User.validates_format_of_email_field_options
+
+      with_email_nonascii = {:with => Authlogic::Regex.email_nonascii, :message => Proc.new{I18n.t('error_messages.email_invalid_international', :default => "should look like an international email address.")}}
+      User.validates_format_of_email_field_options = with_email_nonascii
+      assert_equal(with_email_nonascii, User.validates_format_of_email_field_options)
+      User.validates_format_of_email_field_options with_email_nonascii
+      assert_equal with_email_nonascii, User.validates_format_of_email_field_options
     end
 
     def test_deferred_error_message_translation
@@ -120,6 +186,22 @@ module ActsAsAuthenticTest
       u.email = "<script>alert(123);</script>\nnobody@example.com"
       assert !u.valid?
       assert u.errors[:email].size > 0
+
+      u.email = "a&b@c.com"
+      u.valid?
+      assert u.errors[:email].size == 0
+    end
+
+    def test_validates_format_of_nonascii_email_field
+
+      (GOOD_ASCII_EMAILS + GOOD_ISO88591_EMAILS + GOOD_UTF8_EMAILS).each do |e|
+        assert e =~  Authlogic::Regex.email_nonascii, "Good email should validate: #{e}"
+      end
+
+      (BAD_ASCII_EMAILS + BAD_ISO88591_EMAILS + BAD_UTF8_EMAILS).each do |e|
+        assert e !~  Authlogic::Regex.email_nonascii, "Bad email should not validate: #{e}"
+      end
+
     end
 
     def test_validates_uniqueness_of_email_field

metadata

@@ -1,41 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: authlogic
 version: !ruby/object:Gem::Version
-  version: 3.4.5
+  version: 3.4.6
 platform: ruby
 authors:
 - Ben Johnson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-01 00:00:00.000000000 Z
+date: 2015-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '3.2'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '3.2'
 - !ruby/object:Gem::Dependency
@@ -56,16 +56,22 @@ dependencies:
   name: scrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - <
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - <
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bcrypt
   requirement: !ruby/object:Gem::Requirement
@@ -243,17 +249,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.0.14
 signing_key: 
 specification_version: 4
 summary: A clean, simple, and unobtrusive ruby authentication solution.