authlogic 5.0.0 → 5.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/authlogic.rb +1 -0
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +19 -7
- data/lib/authlogic/cookie_credentials.rb +63 -0
- data/lib/authlogic/session/base.rb +19 -21
- data/lib/authlogic/version.rb +1 -1
- metadata +18 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: d7ee80bf9b23608f9c88971bd8353f1cd1680f25a9d1bc34543a60adc8a6ff0e
|
|
4
|
+
data.tar.gz: 836f688d32e87f503357c530a0a380c3e7ea85c566fcca2d08f1990ee9ed3461
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 14ec354abdd25ef960983f64e4d3fc58b764a365f3c419ffc03bc32d43d2824be585e3557162ff4afd70a0eb94cd86b6a08186302f8478f8369fc2dfded46cee
|
|
7
|
+
data.tar.gz: f1bdaba676fdef7a280e3f7063d92551464f4e3eed5c6299ba4f34c9245d39f831c765d43ecfcca4420e31d2acb4079af3abbd180f2babf23281578ff4e4f2b4
|
data/lib/authlogic.rb
CHANGED
|
@@ -34,17 +34,28 @@ module Authlogic
|
|
|
34
34
|
|
|
35
35
|
# @api private
|
|
36
36
|
def insensitive_comparison
|
|
37
|
-
|
|
38
|
-
@model_class.
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
37
|
+
if AR_GEM_VERSION > Gem::Version.new("5.3")
|
|
38
|
+
@model_class.connection.case_insensitive_comparison(
|
|
39
|
+
@model_class.arel_table[@field], @value
|
|
40
|
+
)
|
|
41
|
+
else
|
|
42
|
+
@model_class.connection.case_insensitive_comparison(
|
|
43
|
+
@model_class.arel_table,
|
|
44
|
+
@field,
|
|
45
|
+
@model_class.columns_hash[@field],
|
|
46
|
+
@value
|
|
47
|
+
)
|
|
48
|
+
end
|
|
43
49
|
end
|
|
44
50
|
|
|
45
51
|
# @api private
|
|
52
|
+
# rubocop:disable Metrics/AbcSize
|
|
46
53
|
def sensitive_comparison
|
|
47
|
-
if AR_GEM_VERSION
|
|
54
|
+
if AR_GEM_VERSION > Gem::Version.new("5.3")
|
|
55
|
+
@model_class.connection.case_sensitive_comparison(
|
|
56
|
+
@model_class.arel_table[@field], @value
|
|
57
|
+
)
|
|
58
|
+
elsif AR_GEM_VERSION >= Gem::Version.new("5.0")
|
|
48
59
|
@model_class.connection.case_sensitive_comparison(
|
|
49
60
|
@model_class.arel_table,
|
|
50
61
|
@field,
|
|
@@ -56,6 +67,7 @@ module Authlogic
|
|
|
56
67
|
@model_class.arel_table[@field].eq(value)
|
|
57
68
|
end
|
|
58
69
|
end
|
|
70
|
+
# rubocop:enable Metrics/AbcSize
|
|
59
71
|
end
|
|
60
72
|
end
|
|
61
73
|
end
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Authlogic
|
|
4
|
+
# Represents the credentials *in* the cookie. The value of the cookie.
|
|
5
|
+
# This is primarily a data object. It doesn't interact with controllers.
|
|
6
|
+
# It doesn't know about eg. cookie expiration.
|
|
7
|
+
#
|
|
8
|
+
# @api private
|
|
9
|
+
class CookieCredentials
|
|
10
|
+
# @api private
|
|
11
|
+
class ParseError < RuntimeError
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
DELIMITER = "::"
|
|
15
|
+
|
|
16
|
+
attr_reader :persistence_token, :record_id, :remember_me_until
|
|
17
|
+
|
|
18
|
+
# @api private
|
|
19
|
+
# @param persistence_token [String]
|
|
20
|
+
# @param record_id [String, Numeric]
|
|
21
|
+
# @param remember_me_until [ActiveSupport::TimeWithZone]
|
|
22
|
+
def initialize(persistence_token, record_id, remember_me_until)
|
|
23
|
+
@persistence_token = persistence_token
|
|
24
|
+
@record_id = record_id
|
|
25
|
+
@remember_me_until = remember_me_until
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
class << self
|
|
29
|
+
# @api private
|
|
30
|
+
def parse(string)
|
|
31
|
+
parts = string.split(DELIMITER)
|
|
32
|
+
unless (1..3).cover?(parts.length)
|
|
33
|
+
raise ParseError, format("Expected 1..3 parts, got %d", parts.length)
|
|
34
|
+
end
|
|
35
|
+
new(parts[0], parts[1], parse_time(parts[2]))
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
40
|
+
# @api private
|
|
41
|
+
def parse_time(string)
|
|
42
|
+
return if string.nil?
|
|
43
|
+
::Time.parse(string)
|
|
44
|
+
rescue ::ArgumentError => e
|
|
45
|
+
raise ParseError, format("Found cookie, cannot parse remember_me_until: #{e}")
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
# @api private
|
|
50
|
+
def remember_me?
|
|
51
|
+
!@remember_me_until.nil?
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
# @api private
|
|
55
|
+
def to_s
|
|
56
|
+
[
|
|
57
|
+
@persistence_token,
|
|
58
|
+
@record_id.to_s,
|
|
59
|
+
@remember_me_until&.iso8601
|
|
60
|
+
].compact.join(DELIMITER)
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
@@ -1322,7 +1322,7 @@ module Authlogic
|
|
|
1322
1322
|
def persisting?
|
|
1323
1323
|
return true unless record.nil?
|
|
1324
1324
|
self.attempted_record = nil
|
|
1325
|
-
self.remember_me =
|
|
1325
|
+
self.remember_me = cookie_credentials&.remember_me?
|
|
1326
1326
|
run_callbacks :before_persisting
|
|
1327
1327
|
run_callbacks :persist
|
|
1328
1328
|
ensure_authentication_attempted
|
|
@@ -1380,7 +1380,7 @@ module Authlogic
|
|
|
1380
1380
|
# Has the cookie expired due to current time being greater than remember_me_until.
|
|
1381
1381
|
def remember_me_expired?
|
|
1382
1382
|
return unless remember_me?
|
|
1383
|
-
|
|
1383
|
+
cookie_credentials.remember_me_until < ::Time.now
|
|
1384
1384
|
end
|
|
1385
1385
|
|
|
1386
1386
|
# How long to remember the user if remember_me is true. This is based on the class
|
|
@@ -1610,18 +1610,16 @@ module Authlogic
|
|
|
1610
1610
|
build_key(self.class.cookie_key)
|
|
1611
1611
|
end
|
|
1612
1612
|
|
|
1613
|
-
#
|
|
1614
|
-
# `
|
|
1613
|
+
# Look in the `cookie_jar`, find the cookie that contains authlogic
|
|
1614
|
+
# credentials (`cookie_key`).
|
|
1615
|
+
#
|
|
1616
|
+
# @api private
|
|
1617
|
+
# @return ::Authlogic::CookieCredentials or if no cookie is found, nil
|
|
1615
1618
|
def cookie_credentials
|
|
1616
|
-
|
|
1617
|
-
|
|
1618
|
-
|
|
1619
|
-
|
|
1620
|
-
# The third element of the cookie indicates whether the user wanted
|
|
1621
|
-
# to be remembered (Actually, it's a timestamp, `remember_me_until`)
|
|
1622
|
-
# See cookie format in `generate_cookie_for_saving`.
|
|
1623
|
-
def cookie_credentials_remember_me?
|
|
1624
|
-
!cookie_credentials.nil? && !cookie_credentials[2].nil?
|
|
1619
|
+
cookie_value = cookie_jar[cookie_key]
|
|
1620
|
+
unless cookie_value.nil?
|
|
1621
|
+
::Authlogic::CookieCredentials.parse(cookie_value)
|
|
1622
|
+
end
|
|
1625
1623
|
end
|
|
1626
1624
|
|
|
1627
1625
|
def cookie_jar
|
|
@@ -1705,15 +1703,15 @@ module Authlogic
|
|
|
1705
1703
|
self.class.generalize_credentials_error_messages
|
|
1706
1704
|
end
|
|
1707
1705
|
|
|
1706
|
+
# @api private
|
|
1708
1707
|
def generate_cookie_for_saving
|
|
1709
|
-
|
|
1710
|
-
"%s::%s%s",
|
|
1708
|
+
creds = ::Authlogic::CookieCredentials.new(
|
|
1711
1709
|
record.persistence_token,
|
|
1712
1710
|
record.send(record.class.primary_key),
|
|
1713
|
-
remember_me? ?
|
|
1711
|
+
remember_me? ? remember_me_until : nil
|
|
1714
1712
|
)
|
|
1715
1713
|
{
|
|
1716
|
-
value:
|
|
1714
|
+
value: creds.to_s,
|
|
1717
1715
|
expires: remember_me_until,
|
|
1718
1716
|
secure: secure,
|
|
1719
1717
|
httponly: httponly,
|
|
@@ -1809,10 +1807,10 @@ module Authlogic
|
|
|
1809
1807
|
|
|
1810
1808
|
# Tries to validate the session from information in the cookie
|
|
1811
1809
|
def persist_by_cookie
|
|
1812
|
-
|
|
1813
|
-
if persistence_token.present?
|
|
1814
|
-
record = search_for_record("find_by_#{klass.primary_key}", record_id)
|
|
1815
|
-
if record && record.persistence_token == persistence_token
|
|
1810
|
+
creds = cookie_credentials
|
|
1811
|
+
if creds&.persistence_token.present?
|
|
1812
|
+
record = search_for_record("find_by_#{klass.primary_key}", creds.record_id)
|
|
1813
|
+
if record && record.persistence_token == creds.persistence_token
|
|
1816
1814
|
self.unauthorized_record = record
|
|
1817
1815
|
end
|
|
1818
1816
|
valid?
|
data/lib/authlogic/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authlogic
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0.
|
|
4
|
+
version: 5.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Johnson
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2019-
|
|
13
|
+
date: 2019-02-13 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activemodel
|
|
@@ -162,6 +162,20 @@ dependencies:
|
|
|
162
162
|
- - "~>"
|
|
163
163
|
- !ruby/object:Gem::Version
|
|
164
164
|
version: 0.62.0
|
|
165
|
+
- !ruby/object:Gem::Dependency
|
|
166
|
+
name: sqlite3
|
|
167
|
+
requirement: !ruby/object:Gem::Requirement
|
|
168
|
+
requirements:
|
|
169
|
+
- - "~>"
|
|
170
|
+
- !ruby/object:Gem::Version
|
|
171
|
+
version: 1.3.13
|
|
172
|
+
type: :development
|
|
173
|
+
prerelease: false
|
|
174
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
175
|
+
requirements:
|
|
176
|
+
- - "~>"
|
|
177
|
+
- !ruby/object:Gem::Version
|
|
178
|
+
version: 1.3.13
|
|
165
179
|
- !ruby/object:Gem::Dependency
|
|
166
180
|
name: timecop
|
|
167
181
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -203,6 +217,7 @@ files:
|
|
|
203
217
|
- lib/authlogic/controller_adapters/rack_adapter.rb
|
|
204
218
|
- lib/authlogic/controller_adapters/rails_adapter.rb
|
|
205
219
|
- lib/authlogic/controller_adapters/sinatra_adapter.rb
|
|
220
|
+
- lib/authlogic/cookie_credentials.rb
|
|
206
221
|
- lib/authlogic/crypto_providers.rb
|
|
207
222
|
- lib/authlogic/crypto_providers/bcrypt.rb
|
|
208
223
|
- lib/authlogic/crypto_providers/md5.rb
|
|
@@ -242,7 +257,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
242
257
|
version: '0'
|
|
243
258
|
requirements: []
|
|
244
259
|
rubyforge_project:
|
|
245
|
-
rubygems_version: 2.
|
|
260
|
+
rubygems_version: 2.7.6
|
|
246
261
|
signing_key:
|
|
247
262
|
specification_version: 4
|
|
248
263
|
summary: An unobtrusive ruby authentication library based on ActiveRecord.
|