authlogic 5.0.0 → 5.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/authlogic.rb +1 -0
- data/lib/authlogic/acts_as_authentic/queries/find_with_case.rb +19 -7
- data/lib/authlogic/cookie_credentials.rb +63 -0
- data/lib/authlogic/session/base.rb +19 -21
- data/lib/authlogic/version.rb +1 -1
- metadata +18 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: d7ee80bf9b23608f9c88971bd8353f1cd1680f25a9d1bc34543a60adc8a6ff0e
|
|
4
|
+
data.tar.gz: 836f688d32e87f503357c530a0a380c3e7ea85c566fcca2d08f1990ee9ed3461
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 14ec354abdd25ef960983f64e4d3fc58b764a365f3c419ffc03bc32d43d2824be585e3557162ff4afd70a0eb94cd86b6a08186302f8478f8369fc2dfded46cee
|
|
7
|
+
data.tar.gz: f1bdaba676fdef7a280e3f7063d92551464f4e3eed5c6299ba4f34c9245d39f831c765d43ecfcca4420e31d2acb4079af3abbd180f2babf23281578ff4e4f2b4
|
data/lib/authlogic.rb
CHANGED
|
@@ -34,17 +34,28 @@ module Authlogic
|
|
|
34
34
|
|
|
35
35
|
# @api private
|
|
36
36
|
def insensitive_comparison
|
|
37
|
-
|
|
38
|
-
@model_class.
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
37
|
+
if AR_GEM_VERSION > Gem::Version.new("5.3")
|
|
38
|
+
@model_class.connection.case_insensitive_comparison(
|
|
39
|
+
@model_class.arel_table[@field], @value
|
|
40
|
+
)
|
|
41
|
+
else
|
|
42
|
+
@model_class.connection.case_insensitive_comparison(
|
|
43
|
+
@model_class.arel_table,
|
|
44
|
+
@field,
|
|
45
|
+
@model_class.columns_hash[@field],
|
|
46
|
+
@value
|
|
47
|
+
)
|
|
48
|
+
end
|
|
43
49
|
end
|
|
44
50
|
|
|
45
51
|
# @api private
|
|
52
|
+
# rubocop:disable Metrics/AbcSize
|
|
46
53
|
def sensitive_comparison
|
|
47
|
-
if AR_GEM_VERSION
|
|
54
|
+
if AR_GEM_VERSION > Gem::Version.new("5.3")
|
|
55
|
+
@model_class.connection.case_sensitive_comparison(
|
|
56
|
+
@model_class.arel_table[@field], @value
|
|
57
|
+
)
|
|
58
|
+
elsif AR_GEM_VERSION >= Gem::Version.new("5.0")
|
|
48
59
|
@model_class.connection.case_sensitive_comparison(
|
|
49
60
|
@model_class.arel_table,
|
|
50
61
|
@field,
|
|
@@ -56,6 +67,7 @@ module Authlogic
|
|
|
56
67
|
@model_class.arel_table[@field].eq(value)
|
|
57
68
|
end
|
|
58
69
|
end
|
|
70
|
+
# rubocop:enable Metrics/AbcSize
|
|
59
71
|
end
|
|
60
72
|
end
|
|
61
73
|
end
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Authlogic
|
|
4
|
+
# Represents the credentials *in* the cookie. The value of the cookie.
|
|
5
|
+
# This is primarily a data object. It doesn't interact with controllers.
|
|
6
|
+
# It doesn't know about eg. cookie expiration.
|
|
7
|
+
#
|
|
8
|
+
# @api private
|
|
9
|
+
class CookieCredentials
|
|
10
|
+
# @api private
|
|
11
|
+
class ParseError < RuntimeError
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
DELIMITER = "::"
|
|
15
|
+
|
|
16
|
+
attr_reader :persistence_token, :record_id, :remember_me_until
|
|
17
|
+
|
|
18
|
+
# @api private
|
|
19
|
+
# @param persistence_token [String]
|
|
20
|
+
# @param record_id [String, Numeric]
|
|
21
|
+
# @param remember_me_until [ActiveSupport::TimeWithZone]
|
|
22
|
+
def initialize(persistence_token, record_id, remember_me_until)
|
|
23
|
+
@persistence_token = persistence_token
|
|
24
|
+
@record_id = record_id
|
|
25
|
+
@remember_me_until = remember_me_until
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
class << self
|
|
29
|
+
# @api private
|
|
30
|
+
def parse(string)
|
|
31
|
+
parts = string.split(DELIMITER)
|
|
32
|
+
unless (1..3).cover?(parts.length)
|
|
33
|
+
raise ParseError, format("Expected 1..3 parts, got %d", parts.length)
|
|
34
|
+
end
|
|
35
|
+
new(parts[0], parts[1], parse_time(parts[2]))
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
private
|
|
39
|
+
|
|
40
|
+
# @api private
|
|
41
|
+
def parse_time(string)
|
|
42
|
+
return if string.nil?
|
|
43
|
+
::Time.parse(string)
|
|
44
|
+
rescue ::ArgumentError => e
|
|
45
|
+
raise ParseError, format("Found cookie, cannot parse remember_me_until: #{e}")
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
# @api private
|
|
50
|
+
def remember_me?
|
|
51
|
+
!@remember_me_until.nil?
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
# @api private
|
|
55
|
+
def to_s
|
|
56
|
+
[
|
|
57
|
+
@persistence_token,
|
|
58
|
+
@record_id.to_s,
|
|
59
|
+
@remember_me_until&.iso8601
|
|
60
|
+
].compact.join(DELIMITER)
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
@@ -1322,7 +1322,7 @@ module Authlogic
|
|
|
1322
1322
|
def persisting?
|
|
1323
1323
|
return true unless record.nil?
|
|
1324
1324
|
self.attempted_record = nil
|
|
1325
|
-
self.remember_me =
|
|
1325
|
+
self.remember_me = cookie_credentials&.remember_me?
|
|
1326
1326
|
run_callbacks :before_persisting
|
|
1327
1327
|
run_callbacks :persist
|
|
1328
1328
|
ensure_authentication_attempted
|
|
@@ -1380,7 +1380,7 @@ module Authlogic
|
|
|
1380
1380
|
# Has the cookie expired due to current time being greater than remember_me_until.
|
|
1381
1381
|
def remember_me_expired?
|
|
1382
1382
|
return unless remember_me?
|
|
1383
|
-
|
|
1383
|
+
cookie_credentials.remember_me_until < ::Time.now
|
|
1384
1384
|
end
|
|
1385
1385
|
|
|
1386
1386
|
# How long to remember the user if remember_me is true. This is based on the class
|
|
@@ -1610,18 +1610,16 @@ module Authlogic
|
|
|
1610
1610
|
build_key(self.class.cookie_key)
|
|
1611
1611
|
end
|
|
1612
1612
|
|
|
1613
|
-
#
|
|
1614
|
-
# `
|
|
1613
|
+
# Look in the `cookie_jar`, find the cookie that contains authlogic
|
|
1614
|
+
# credentials (`cookie_key`).
|
|
1615
|
+
#
|
|
1616
|
+
# @api private
|
|
1617
|
+
# @return ::Authlogic::CookieCredentials or if no cookie is found, nil
|
|
1615
1618
|
def cookie_credentials
|
|
1616
|
-
|
|
1617
|
-
|
|
1618
|
-
|
|
1619
|
-
|
|
1620
|
-
# The third element of the cookie indicates whether the user wanted
|
|
1621
|
-
# to be remembered (Actually, it's a timestamp, `remember_me_until`)
|
|
1622
|
-
# See cookie format in `generate_cookie_for_saving`.
|
|
1623
|
-
def cookie_credentials_remember_me?
|
|
1624
|
-
!cookie_credentials.nil? && !cookie_credentials[2].nil?
|
|
1619
|
+
cookie_value = cookie_jar[cookie_key]
|
|
1620
|
+
unless cookie_value.nil?
|
|
1621
|
+
::Authlogic::CookieCredentials.parse(cookie_value)
|
|
1622
|
+
end
|
|
1625
1623
|
end
|
|
1626
1624
|
|
|
1627
1625
|
def cookie_jar
|
|
@@ -1705,15 +1703,15 @@ module Authlogic
|
|
|
1705
1703
|
self.class.generalize_credentials_error_messages
|
|
1706
1704
|
end
|
|
1707
1705
|
|
|
1706
|
+
# @api private
|
|
1708
1707
|
def generate_cookie_for_saving
|
|
1709
|
-
|
|
1710
|
-
"%s::%s%s",
|
|
1708
|
+
creds = ::Authlogic::CookieCredentials.new(
|
|
1711
1709
|
record.persistence_token,
|
|
1712
1710
|
record.send(record.class.primary_key),
|
|
1713
|
-
remember_me? ?
|
|
1711
|
+
remember_me? ? remember_me_until : nil
|
|
1714
1712
|
)
|
|
1715
1713
|
{
|
|
1716
|
-
value:
|
|
1714
|
+
value: creds.to_s,
|
|
1717
1715
|
expires: remember_me_until,
|
|
1718
1716
|
secure: secure,
|
|
1719
1717
|
httponly: httponly,
|
|
@@ -1809,10 +1807,10 @@ module Authlogic
|
|
|
1809
1807
|
|
|
1810
1808
|
# Tries to validate the session from information in the cookie
|
|
1811
1809
|
def persist_by_cookie
|
|
1812
|
-
|
|
1813
|
-
if persistence_token.present?
|
|
1814
|
-
record = search_for_record("find_by_#{klass.primary_key}", record_id)
|
|
1815
|
-
if record && record.persistence_token == persistence_token
|
|
1810
|
+
creds = cookie_credentials
|
|
1811
|
+
if creds&.persistence_token.present?
|
|
1812
|
+
record = search_for_record("find_by_#{klass.primary_key}", creds.record_id)
|
|
1813
|
+
if record && record.persistence_token == creds.persistence_token
|
|
1816
1814
|
self.unauthorized_record = record
|
|
1817
1815
|
end
|
|
1818
1816
|
valid?
|
data/lib/authlogic/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authlogic
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0.
|
|
4
|
+
version: 5.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Johnson
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2019-
|
|
13
|
+
date: 2019-02-13 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activemodel
|
|
@@ -162,6 +162,20 @@ dependencies:
|
|
|
162
162
|
- - "~>"
|
|
163
163
|
- !ruby/object:Gem::Version
|
|
164
164
|
version: 0.62.0
|
|
165
|
+
- !ruby/object:Gem::Dependency
|
|
166
|
+
name: sqlite3
|
|
167
|
+
requirement: !ruby/object:Gem::Requirement
|
|
168
|
+
requirements:
|
|
169
|
+
- - "~>"
|
|
170
|
+
- !ruby/object:Gem::Version
|
|
171
|
+
version: 1.3.13
|
|
172
|
+
type: :development
|
|
173
|
+
prerelease: false
|
|
174
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
175
|
+
requirements:
|
|
176
|
+
- - "~>"
|
|
177
|
+
- !ruby/object:Gem::Version
|
|
178
|
+
version: 1.3.13
|
|
165
179
|
- !ruby/object:Gem::Dependency
|
|
166
180
|
name: timecop
|
|
167
181
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -203,6 +217,7 @@ files:
|
|
|
203
217
|
- lib/authlogic/controller_adapters/rack_adapter.rb
|
|
204
218
|
- lib/authlogic/controller_adapters/rails_adapter.rb
|
|
205
219
|
- lib/authlogic/controller_adapters/sinatra_adapter.rb
|
|
220
|
+
- lib/authlogic/cookie_credentials.rb
|
|
206
221
|
- lib/authlogic/crypto_providers.rb
|
|
207
222
|
- lib/authlogic/crypto_providers/bcrypt.rb
|
|
208
223
|
- lib/authlogic/crypto_providers/md5.rb
|
|
@@ -242,7 +257,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
242
257
|
version: '0'
|
|
243
258
|
requirements: []
|
|
244
259
|
rubyforge_project:
|
|
245
|
-
rubygems_version: 2.
|
|
260
|
+
rubygems_version: 2.7.6
|
|
246
261
|
signing_key:
|
|
247
262
|
specification_version: 4
|
|
248
263
|
summary: An unobtrusive ruby authentication library based on ActiveRecord.
|