authlogic 3.5.0 → 3.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/ISSUE_TEMPLATE.md +13 -0
- data/.rubocop_todo.yml +1 -37
- data/.travis.yml +11 -6
- data/CHANGELOG.md +19 -0
- data/CONTRIBUTING.md +13 -2
- data/README.md +2 -3
- data/authlogic.gemspec +5 -5
- data/lib/authlogic/acts_as_authentic/base.rb +4 -2
- data/lib/authlogic/acts_as_authentic/email.rb +8 -3
- data/lib/authlogic/acts_as_authentic/logged_in_status.rb +21 -3
- data/lib/authlogic/acts_as_authentic/login.rb +44 -25
- data/lib/authlogic/acts_as_authentic/password.rb +28 -12
- data/lib/authlogic/acts_as_authentic/perishable_token.rb +21 -12
- data/lib/authlogic/acts_as_authentic/restful_authentication.rb +16 -9
- data/lib/authlogic/acts_as_authentic/session_maintenance.rb +5 -3
- data/lib/authlogic/authenticates_many/association.rb +7 -4
- data/lib/authlogic/controller_adapters/rack_adapter.rb +6 -2
- data/lib/authlogic/controller_adapters/rails_adapter.rb +11 -8
- data/lib/authlogic/crypto_providers/bcrypt.rb +4 -1
- data/lib/authlogic/crypto_providers/sha512.rb +15 -10
- data/lib/authlogic/session/activation.rb +19 -10
- data/lib/authlogic/session/cookies.rb +3 -1
- data/lib/authlogic/session/id.rb +13 -7
- data/lib/authlogic/session/magic_columns.rb +19 -10
- data/lib/authlogic/session/magic_states.rb +7 -1
- data/lib/authlogic/session/password.rb +48 -34
- data/lib/authlogic/session/perishable_token.rb +7 -3
- data/lib/authlogic/session/validation.rb +13 -11
- data/lib/authlogic/test_case.rb +52 -32
- data/test/acts_as_authentic_test/email_test.rb +33 -29
- data/test/acts_as_authentic_test/logged_in_status_test.rb +2 -2
- data/test/acts_as_authentic_test/login_test.rb +50 -37
- data/test/acts_as_authentic_test/magic_columns_test.rb +8 -8
- data/test/acts_as_authentic_test/password_test.rb +14 -14
- data/test/acts_as_authentic_test/perishable_token_test.rb +5 -5
- data/test/acts_as_authentic_test/persistence_token_test.rb +4 -4
- data/test/acts_as_authentic_test/restful_authentication_test.rb +6 -6
- data/test/acts_as_authentic_test/session_maintenance_test.rb +15 -10
- data/test/acts_as_authentic_test/single_access_test.rb +6 -6
- data/test/authenticates_many_test.rb +1 -1
- data/test/gemfiles/Gemfile.rails-5.1.x +6 -0
- data/test/session_test/activation_test.rb +1 -1
- data/test/session_test/active_record_trickery_test.rb +3 -3
- data/test/session_test/brute_force_protection_test.rb +19 -14
- data/test/session_test/cookies_test.rb +21 -12
- data/test/session_test/existence_test.rb +15 -10
- data/test/session_test/http_auth_test.rb +2 -2
- data/test/session_test/magic_columns_test.rb +7 -4
- data/test/session_test/magic_states_test.rb +7 -9
- data/test/session_test/params_test.rb +6 -6
- data/test/session_test/password_test.rb +2 -2
- data/test/session_test/perishability_test.rb +1 -1
- data/test/session_test/persistence_test.rb +2 -2
- data/test/session_test/timeout_test.rb +7 -5
- data/test/session_test/validation_test.rb +1 -1
- data/test/test_helper.rb +10 -2
- metadata +10 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c557e744965cb622f19c7b32421c8a6a7d35be45
|
4
|
+
data.tar.gz: 603d34bc61e526d460501e1417e176d559b2dbcb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 699ca0bd6ec372e1705e2b74de803026cf04b9a620f17fcceaf88de768639188c5237e2ea876db4725f0002813c22e22752cc1d8b3d3ee36d21dbeed32a0fc1f
|
7
|
+
data.tar.gz: e70bca58e4aae93d5a8e412a1d774c80331f3fa4b2687e1db07a7c0c366a58b7de1ac97b11b343773ce92ff71337fd08cd906ec7119179dba893ff932ead4202
|
@@ -0,0 +1,13 @@
|
|
1
|
+
Thanks for your interest in authlogic! Our volunteers' time is limited, so we
|
2
|
+
can only respond on GitHub to bug reports and feature requests. Please ask
|
3
|
+
usage questions on StackOverflow so that the whole community has a chance to
|
4
|
+
answer your question.
|
5
|
+
|
6
|
+
http://stackoverflow.com/questions/tagged/authlogic
|
7
|
+
|
8
|
+
Do not disclose security issues in public. See our contributing guide
|
9
|
+
for instructions.
|
10
|
+
|
11
|
+
https://github.com/binarylogic/authlogic/blob/master/CONTRIBUTING.md
|
12
|
+
|
13
|
+
Thanks for your contribution!
|
data/.rubocop_todo.yml
CHANGED
@@ -79,7 +79,7 @@ Metrics/CyclomaticComplexity:
|
|
79
79
|
# Configuration parameters: AllowHeredoc, AllowURI, URISchemes.
|
80
80
|
# URISchemes: http, https
|
81
81
|
Metrics/LineLength:
|
82
|
-
Max:
|
82
|
+
Max: 130
|
83
83
|
|
84
84
|
Metrics/ModuleLength:
|
85
85
|
Enabled: false
|
@@ -250,11 +250,6 @@ Style/Lambda:
|
|
250
250
|
Exclude:
|
251
251
|
- 'lib/authlogic/acts_as_authentic/logged_in_status.rb'
|
252
252
|
|
253
|
-
# Cop supports --auto-correct.
|
254
|
-
Style/LineEndConcatenation:
|
255
|
-
Exclude:
|
256
|
-
- 'lib/authlogic/acts_as_authentic/base.rb'
|
257
|
-
|
258
253
|
# Configuration parameters: EnforcedStyle, SupportedStyles.
|
259
254
|
# SupportedStyles: module_function, extend_self
|
260
255
|
Style/ModuleFunction:
|
@@ -362,12 +357,6 @@ Style/RescueModifier:
|
|
362
357
|
Exclude:
|
363
358
|
- 'lib/authlogic/acts_as_authentic/session_maintenance.rb'
|
364
359
|
|
365
|
-
# Cop supports --auto-correct.
|
366
|
-
# Configuration parameters: AllowIfMethodIsEmpty.
|
367
|
-
Style/SingleLineMethods:
|
368
|
-
Exclude:
|
369
|
-
- 'lib/authlogic/controller_adapters/rack_adapter.rb'
|
370
|
-
|
371
360
|
# Cop supports --auto-correct.
|
372
361
|
# Configuration parameters: SupportedStyles.
|
373
362
|
# SupportedStyles: use_perl_names, use_english_names
|
@@ -395,33 +384,8 @@ Style/SymbolProc:
|
|
395
384
|
Exclude:
|
396
385
|
- 'lib/authlogic/acts_as_authentic/persistence_token.rb'
|
397
386
|
|
398
|
-
# Cop supports --auto-correct.
|
399
|
-
# Configuration parameters: EnforcedStyleForMultiline, SupportedStyles.
|
400
|
-
# SupportedStyles: comma, consistent_comma, no_comma
|
401
|
-
Style/TrailingCommaInLiteral:
|
402
|
-
Exclude:
|
403
|
-
- 'test/acts_as_authentic_test/email_test.rb'
|
404
|
-
|
405
|
-
# Cop supports --auto-correct.
|
406
|
-
Style/UnneededPercentQ:
|
407
|
-
Exclude:
|
408
|
-
- 'authlogic.gemspec'
|
409
|
-
|
410
387
|
# Cop supports --auto-correct.
|
411
388
|
# Configuration parameters: SupportedStyles, MinSize, WordRegex.
|
412
389
|
# SupportedStyles: percent, brackets
|
413
390
|
Style/WordArray:
|
414
391
|
EnforcedStyle: brackets
|
415
|
-
|
416
|
-
# Cop supports --auto-correct.
|
417
|
-
Style/ZeroLengthPredicate:
|
418
|
-
Exclude:
|
419
|
-
- 'lib/authlogic/session/validation.rb'
|
420
|
-
- 'test/acts_as_authentic_test/email_test.rb'
|
421
|
-
- 'test/acts_as_authentic_test/login_test.rb'
|
422
|
-
- 'test/acts_as_authentic_test/magic_columns_test.rb'
|
423
|
-
- 'test/acts_as_authentic_test/password_test.rb'
|
424
|
-
- 'test/acts_as_authentic_test/perishable_token_test.rb'
|
425
|
-
- 'test/acts_as_authentic_test/single_access_test.rb'
|
426
|
-
- 'test/session_test/brute_force_protection_test.rb'
|
427
|
-
- 'test/session_test/magic_states_test.rb'
|
data/.travis.yml
CHANGED
@@ -11,9 +11,9 @@ before_install:
|
|
11
11
|
|
12
12
|
rvm:
|
13
13
|
- 1.9.3
|
14
|
-
- 2.1.
|
15
|
-
- 2.2.
|
16
|
-
- 2.3.
|
14
|
+
- 2.1.10
|
15
|
+
- 2.2.6
|
16
|
+
- 2.3.3
|
17
17
|
|
18
18
|
gemfile:
|
19
19
|
- test/gemfiles/Gemfile.rails-3.2.x
|
@@ -21,6 +21,7 @@ gemfile:
|
|
21
21
|
- test/gemfiles/Gemfile.rails-4.1.x
|
22
22
|
- test/gemfiles/Gemfile.rails-4.2.x
|
23
23
|
- test/gemfiles/Gemfile.rails-5.0.x
|
24
|
+
- test/gemfiles/Gemfile.rails-5.1.x
|
24
25
|
|
25
26
|
matrix:
|
26
27
|
exclude:
|
@@ -28,11 +29,15 @@ matrix:
|
|
28
29
|
gemfile: test/gemfiles/Gemfile.rails-4.1.x
|
29
30
|
- rvm: 1.9.3
|
30
31
|
gemfile: test/gemfiles/Gemfile.rails-5.0.x
|
31
|
-
- rvm:
|
32
|
+
- rvm: 1.9.3
|
33
|
+
gemfile: test/gemfiles/Gemfile.rails-5.1.x
|
34
|
+
- rvm: 2.1.10
|
32
35
|
gemfile: test/gemfiles/Gemfile.rails-5.0.x
|
33
|
-
- rvm: 2.
|
36
|
+
- rvm: 2.1.10
|
37
|
+
gemfile: test/gemfiles/Gemfile.rails-5.1.x
|
38
|
+
- rvm: 2.2.6
|
34
39
|
gemfile: test/gemfiles/Gemfile.rails-3.2.x
|
35
|
-
- rvm: 2.3.
|
40
|
+
- rvm: 2.3.3
|
36
41
|
gemfile: test/gemfiles/Gemfile.rails-3.2.x
|
37
42
|
fast_finish: true
|
38
43
|
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,24 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
## Unreleased
|
4
|
+
|
5
|
+
* Breaking Changes
|
6
|
+
* None
|
7
|
+
|
8
|
+
* Added
|
9
|
+
* None
|
10
|
+
|
11
|
+
* Fixed
|
12
|
+
* None
|
13
|
+
|
14
|
+
## 3.6.0 2017-04-28
|
15
|
+
|
16
|
+
* Added
|
17
|
+
* rails 5.1 support
|
18
|
+
|
19
|
+
* Fixed
|
20
|
+
* ensure that login field validation uses correct locale (@sskirby)
|
21
|
+
|
3
22
|
## 3.5.0 2016-08-29
|
4
23
|
|
5
24
|
* new
|
data/CONTRIBUTING.md
CHANGED
@@ -16,11 +16,12 @@ We will review security issues promptly.
|
|
16
16
|
|
17
17
|
### Non-Security Issues
|
18
18
|
|
19
|
-
Please use github issues for
|
19
|
+
Please use github issues only for bug reports and feature requests.
|
20
20
|
|
21
21
|
### Usage Questions
|
22
22
|
|
23
|
-
Please
|
23
|
+
Please ask usage questions on
|
24
|
+
[stackoverflow](http://stackoverflow.com/questions/tagged/authlogic).
|
24
25
|
|
25
26
|
## Development
|
26
27
|
|
@@ -47,3 +48,13 @@ To run the tests without linting, use `rake test`.
|
|
47
48
|
```
|
48
49
|
BUNDLE_GEMFILE=test/gemfiles/Gemfile.rails-3.2.x bundle exec rake test
|
49
50
|
```
|
51
|
+
|
52
|
+
### Release
|
53
|
+
|
54
|
+
1. Update version number in gemspec
|
55
|
+
1. Add release date to changelog entry
|
56
|
+
1. Commit
|
57
|
+
1. git tag -a -m "v3.6.0" "v3.6.0"
|
58
|
+
1. git push --tags origin 3-stable # or whatever branch
|
59
|
+
1. gem build authlogic.gemspec
|
60
|
+
1. gem push authlogic-3.6.0
|
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# Authlogic
|
2
2
|
|
3
|
-
**Authlogic supports
|
3
|
+
**Authlogic supports rails 3, 4 and 5. For rails 2, see the [rails2 branch](https://github.com/binarylogic/authlogic/tree/rails2).**
|
4
4
|
|
5
5
|
[![Gem Version](https://badge.fury.io/rb/authlogic.png)](http://badge.fury.io/rb/authlogic)
|
6
6
|
[![Build Status](https://travis-ci.org/binarylogic/authlogic.png?branch=master)](https://travis-ci.org/binarylogic/authlogic)
|
@@ -291,5 +291,4 @@ See [Authlogic::TestCase](https://github.com/binarylogic/authlogic/blob/master/l
|
|
291
291
|
|
292
292
|
Interested in how all of this all works? Think about an ActiveRecord model. A database connection must be established before you can use it. In the case of Authlogic, a controller connection must be established before you can use it. It uses that controller connection to modify cookies, the current session, login with HTTP basic, etc. It connects to the controller through a before filter that is automatically set in your controller which lets Authlogic know about the current controller object. Then Authlogic leverages that to do everything, it's a pretty simple design. Nothing crazy going on, Authlogic is just leveraging the tools your framework provides in the controller object.
|
293
293
|
|
294
|
-
|
295
|
-
Copyright (c) 2012 [Ben Johnson of Binary Logic](http://www.binarylogic.com), released under the MIT license
|
294
|
+
Copyright (c) 2012 Ben Johnson of Binary Logic, released under the MIT license
|
data/authlogic.gemspec
CHANGED
@@ -3,18 +3,18 @@ $:.push File.expand_path("../lib", __FILE__)
|
|
3
3
|
|
4
4
|
Gem::Specification.new do |s|
|
5
5
|
s.name = "authlogic"
|
6
|
-
s.version = "3.
|
6
|
+
s.version = "3.6.0"
|
7
7
|
s.platform = Gem::Platform::RUBY
|
8
8
|
s.authors = ["Ben Johnson"]
|
9
9
|
s.email = ["bjohnson@binarylogic.com"]
|
10
10
|
s.homepage = "http://github.com/binarylogic/authlogic"
|
11
|
-
s.summary =
|
12
|
-
s.description =
|
11
|
+
s.summary = 'A clean, simple, and unobtrusive ruby authentication solution.'
|
12
|
+
s.description = 'A clean, simple, and unobtrusive ruby authentication solution.'
|
13
13
|
|
14
14
|
s.license = 'MIT'
|
15
15
|
|
16
|
-
s.add_dependency 'activerecord', ['>= 3.2', '< 5.
|
17
|
-
s.add_dependency 'activesupport', ['>= 3.2', '< 5.
|
16
|
+
s.add_dependency 'activerecord', ['>= 3.2', '< 5.2']
|
17
|
+
s.add_dependency 'activesupport', ['>= 3.2', '< 5.2']
|
18
18
|
s.add_dependency 'request_store', '~> 1.0'
|
19
19
|
s.add_dependency 'scrypt', '>= 1.2', '< 4.0'
|
20
20
|
s.add_development_dependency 'bcrypt', '~> 3.1'
|
@@ -32,8 +32,10 @@ module Authlogic
|
|
32
32
|
|
33
33
|
if !unsupported_options.nil?
|
34
34
|
raise ArgumentError.new(
|
35
|
-
"You are using the old v1.X.X configuration method for
|
36
|
-
|
35
|
+
"You are using the old v1.X.X configuration method for " \
|
36
|
+
"Authlogic. Instead of passing a hash of configuration " \
|
37
|
+
"options to acts_as_authentic, pass a block: " \
|
38
|
+
"acts_as_authentic { |c| c.my_option = my_value }"
|
37
39
|
)
|
38
40
|
end
|
39
41
|
|
@@ -133,11 +133,16 @@ module Authlogic
|
|
133
133
|
}
|
134
134
|
)
|
135
135
|
end
|
136
|
-
alias_method
|
136
|
+
alias_method(
|
137
|
+
:validates_uniqueness_of_email_field_options=,
|
138
|
+
:validates_uniqueness_of_email_field_options
|
139
|
+
)
|
137
140
|
|
138
|
-
# See merge_validates_length_of_email_field_options. The same thing
|
141
|
+
# See merge_validates_length_of_email_field_options. The same thing
|
142
|
+
# except for validates_uniqueness_of_email_field_options.
|
139
143
|
def merge_validates_uniqueness_of_email_field_options(options = {})
|
140
|
-
self.validates_uniqueness_of_email_field_options =
|
144
|
+
self.validates_uniqueness_of_email_field_options =
|
145
|
+
validates_uniqueness_of_email_field_options.merge(options)
|
141
146
|
end
|
142
147
|
end
|
143
148
|
|
@@ -31,15 +31,33 @@ module Authlogic
|
|
31
31
|
|
32
32
|
klass.class_eval do
|
33
33
|
include InstanceMethods
|
34
|
-
scope
|
35
|
-
|
34
|
+
scope(
|
35
|
+
:logged_in,
|
36
|
+
lambda do
|
37
|
+
where(
|
38
|
+
"last_request_at > ? and current_login_at IS NOT NULL",
|
39
|
+
logged_in_timeout.seconds.ago
|
40
|
+
)
|
41
|
+
end
|
42
|
+
)
|
43
|
+
scope(
|
44
|
+
:logged_out,
|
45
|
+
lambda do
|
46
|
+
where(
|
47
|
+
"last_request_at is NULL or last_request_at <= ?",
|
48
|
+
logged_in_timeout.seconds.ago
|
49
|
+
)
|
50
|
+
end
|
51
|
+
)
|
36
52
|
end
|
37
53
|
end
|
38
54
|
|
39
55
|
module InstanceMethods
|
40
56
|
# Returns true if the last_request_at > logged_in_timeout.
|
41
57
|
def logged_in?
|
42
|
-
|
58
|
+
unless respond_to?(:last_request_at)
|
59
|
+
raise "Can not determine the records login state because there is no last_request_at column"
|
60
|
+
end
|
43
61
|
!last_request_at.nil? && last_request_at > logged_in_timeout.seconds.ago
|
44
62
|
end
|
45
63
|
|
@@ -29,11 +29,13 @@ module Authlogic
|
|
29
29
|
end
|
30
30
|
alias_method :validate_login_field=, :validate_login_field
|
31
31
|
|
32
|
-
# A hash of options for the validates_length_of call for the login
|
32
|
+
# A hash of options for the validates_length_of call for the login
|
33
|
+
# field. Allows you to change this however you want.
|
33
34
|
#
|
34
|
-
# <b>Keep in mind this is ruby. I wanted to keep this as flexible as
|
35
|
-
#
|
36
|
-
#
|
35
|
+
# <b>Keep in mind this is ruby. I wanted to keep this as flexible as
|
36
|
+
# possible, so you can completely replace the hash or merge options into
|
37
|
+
# it. Checkout the convenience function
|
38
|
+
# merge_validates_length_of_login_field_options to merge options.</b>
|
37
39
|
#
|
38
40
|
# * <tt>Default:</tt> {:within => 3..100}
|
39
41
|
# * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
|
@@ -42,9 +44,11 @@ module Authlogic
|
|
42
44
|
end
|
43
45
|
alias_method :validates_length_of_login_field_options=, :validates_length_of_login_field_options
|
44
46
|
|
45
|
-
# A convenience function to merge options into the
|
47
|
+
# A convenience function to merge options into the
|
48
|
+
# validates_length_of_login_field_options. So instead of:
|
46
49
|
#
|
47
|
-
# self.validates_length_of_login_field_options =
|
50
|
+
# self.validates_length_of_login_field_options =
|
51
|
+
# validates_length_of_login_field_options.merge(:my_option => my_value)
|
48
52
|
#
|
49
53
|
# You can do this:
|
50
54
|
#
|
@@ -53,11 +57,13 @@ module Authlogic
|
|
53
57
|
self.validates_length_of_login_field_options = validates_length_of_login_field_options.merge(options)
|
54
58
|
end
|
55
59
|
|
56
|
-
# A hash of options for the validates_format_of call for the login
|
60
|
+
# A hash of options for the validates_format_of call for the login
|
61
|
+
# field. Allows you to change this however you want.
|
57
62
|
#
|
58
|
-
# <b>Keep in mind this is ruby. I wanted to keep this as flexible as
|
59
|
-
#
|
60
|
-
#
|
63
|
+
# <b>Keep in mind this is ruby. I wanted to keep this as flexible as
|
64
|
+
# possible, so you can completely replace the hash or merge options into
|
65
|
+
# it. Checkout the convenience function
|
66
|
+
# merge_validates_format_of_login_field_options to merge options.</b>
|
61
67
|
#
|
62
68
|
# * <tt>Default:</tt>
|
63
69
|
#
|
@@ -78,16 +84,19 @@ module Authlogic
|
|
78
84
|
value,
|
79
85
|
{
|
80
86
|
:with => Authlogic::Regex.login,
|
81
|
-
:message =>
|
82
|
-
|
83
|
-
|
84
|
-
|
87
|
+
:message => proc do
|
88
|
+
I18n.t(
|
89
|
+
'error_messages.login_invalid',
|
90
|
+
:default => "should use only letters, numbers, spaces, and .-_@+ please."
|
91
|
+
)
|
92
|
+
end
|
85
93
|
}
|
86
94
|
)
|
87
95
|
end
|
88
96
|
alias_method :validates_format_of_login_field_options=, :validates_format_of_login_field_options
|
89
97
|
|
90
|
-
# See merge_validates_length_of_login_field_options. The same thing,
|
98
|
+
# See merge_validates_length_of_login_field_options. The same thing,
|
99
|
+
# except for validates_format_of_login_field_options
|
91
100
|
def merge_validates_format_of_login_field_options(options = {})
|
92
101
|
self.validates_format_of_login_field_options = validates_format_of_login_field_options.merge(options)
|
93
102
|
end
|
@@ -120,26 +129,36 @@ module Authlogic
|
|
120
129
|
}
|
121
130
|
)
|
122
131
|
end
|
123
|
-
alias_method
|
132
|
+
alias_method(
|
133
|
+
:validates_uniqueness_of_login_field_options=,
|
134
|
+
:validates_uniqueness_of_login_field_options
|
135
|
+
)
|
124
136
|
|
125
|
-
# See merge_validates_length_of_login_field_options. The same thing,
|
137
|
+
# See merge_validates_length_of_login_field_options. The same thing,
|
138
|
+
# except for validates_uniqueness_of_login_field_options
|
126
139
|
def merge_validates_uniqueness_of_login_field_options(options = {})
|
127
|
-
self.validates_uniqueness_of_login_field_options =
|
140
|
+
self.validates_uniqueness_of_login_field_options =
|
141
|
+
validates_uniqueness_of_login_field_options.merge(options)
|
128
142
|
end
|
129
143
|
|
130
|
-
# This method allows you to find a record with the given login. If you
|
131
|
-
#
|
132
|
-
#
|
133
|
-
#
|
134
|
-
#
|
144
|
+
# This method allows you to find a record with the given login. If you
|
145
|
+
# notice, with Active Record you have the UniquenessValidator class.
|
146
|
+
# They give you a :case_sensitive option. I handle this in the same
|
147
|
+
# manner that they handle that. If you are using the login field, set
|
148
|
+
# false for the :case_sensitive option in
|
149
|
+
# validates_uniqueness_of_login_field_options and the column doesn't
|
150
|
+
# have a case-insensitive collation, this method will modify the query
|
151
|
+
# to look something like:
|
135
152
|
#
|
136
153
|
# "LOWER(#{quoted_table_name}.#{login_field}) = LOWER(#{login})"
|
137
154
|
#
|
138
|
-
# If you don't specify this it just uses a regular case-sensitive search
|
155
|
+
# If you don't specify this it just uses a regular case-sensitive search
|
156
|
+
# (with the binary modifier if necessary):
|
139
157
|
#
|
140
158
|
# "BINARY #{login_field} = #{login}"
|
141
159
|
#
|
142
|
-
# The above also applies for using email as your login, except that you
|
160
|
+
# The above also applies for using email as your login, except that you
|
161
|
+
# need to set the :case_sensitive in
|
143
162
|
# validates_uniqueness_of_email_field_options to false.
|
144
163
|
def find_by_smart_case_login_field(login)
|
145
164
|
if login_field
|
@@ -162,7 +162,10 @@ module Authlogic
|
|
162
162
|
validates_length_of_password_field_options
|
163
163
|
)
|
164
164
|
end
|
165
|
-
alias_method
|
165
|
+
alias_method(
|
166
|
+
:validates_length_of_password_confirmation_field_options=,
|
167
|
+
:validates_length_of_password_confirmation_field_options
|
168
|
+
)
|
166
169
|
|
167
170
|
# See merge_validates_length_of_password_field_options. The same thing, except for
|
168
171
|
# validates_length_of_password_confirmation_field_options
|
@@ -270,11 +273,10 @@ module Authlogic
|
|
270
273
|
before_password_set
|
271
274
|
@password = pass
|
272
275
|
send("#{password_salt_field}=", Authlogic::Random.friendly_token) if password_salt_field
|
276
|
+
encryptor_arguments_type = act_like_restful_authentication? ? :restful_authentication : nil
|
273
277
|
send(
|
274
278
|
"#{crypted_password_field}=",
|
275
|
-
crypto_provider.encrypt(
|
276
|
-
*encrypt_arguments(@password, false, act_like_restful_authentication? ? :restful_authentication : nil)
|
277
|
-
)
|
279
|
+
crypto_provider.encrypt(*encrypt_arguments(@password, false, encryptor_arguments_type))
|
278
280
|
)
|
279
281
|
@password_changed = true
|
280
282
|
after_password_set
|
@@ -297,13 +299,10 @@ module Authlogic
|
|
297
299
|
before_password_verification
|
298
300
|
|
299
301
|
crypto_providers.each_with_index do |encryptor, index|
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
|
304
|
-
|
305
|
-
if encryptor.matches?(crypted, *encrypt_arguments(attempted_password, check_against_database, arguments_type))
|
306
|
-
transition_password(attempted_password) if transition_password?(index, encryptor, crypted, check_against_database)
|
302
|
+
if encryptor_matches?(crypted, encryptor, index, attempted_password, check_against_database)
|
303
|
+
if transition_password?(index, encryptor, crypted, check_against_database)
|
304
|
+
transition_password(attempted_password)
|
305
|
+
end
|
307
306
|
after_password_verification
|
308
307
|
return true
|
309
308
|
end
|
@@ -337,6 +336,8 @@ module Authlogic
|
|
337
336
|
[crypto_provider] + transition_from_crypto_providers
|
338
337
|
end
|
339
338
|
|
339
|
+
# Returns an array of arguments to be passed to a crypto provider, either its
|
340
|
+
# `matches?` or its `encrypt` method.
|
340
341
|
def encrypt_arguments(raw_password, check_against_database, arguments_type = nil)
|
341
342
|
salt = nil
|
342
343
|
if password_salt_field
|
@@ -351,11 +352,26 @@ module Authlogic
|
|
351
352
|
case arguments_type
|
352
353
|
when :restful_authentication
|
353
354
|
[REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact
|
354
|
-
|
355
|
+
when nil
|
355
356
|
[raw_password, salt].compact
|
357
|
+
else
|
358
|
+
raise "Invalid encryptor arguments_type: #{arguments_type}"
|
356
359
|
end
|
357
360
|
end
|
358
361
|
|
362
|
+
# Given `encryptor`, does `attempted_password` match the `crypted` password?
|
363
|
+
def encryptor_matches?(crypted, encryptor, index, attempted_password, check_against_database)
|
364
|
+
# The arguments_type for the transitioning from restful_authentication
|
365
|
+
acting_restful = act_like_restful_authentication? && index == 0
|
366
|
+
transitioning = transition_from_restful_authentication? &&
|
367
|
+
index > 0 &&
|
368
|
+
encryptor == Authlogic::CryptoProviders::Sha1
|
369
|
+
restful = acting_restful || transitioning
|
370
|
+
arguments_type = restful ? :restful_authentication : nil
|
371
|
+
encryptor_args = encrypt_arguments(attempted_password, check_against_database, arguments_type)
|
372
|
+
encryptor.matches?(crypted, *encryptor_args)
|
373
|
+
end
|
374
|
+
|
359
375
|
# Determines if we need to transition the password.
|
360
376
|
# If the index > 0 then we are using an "transition from" crypto provider.
|
361
377
|
# If the encryptor has a cost and the cost it outdated.
|