authpwn_rails 0.16.2 → 0.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 38257de1d56ba7c5ea75d7e055fbe62d5a8cf579
-  data.tar.gz: 70b9271b0f567bf5c358530371ea9f06bd9f93e0
+  metadata.gz: e9776c5aa80187c9368f044da7036cb46c872e3e
+  data.tar.gz: 2df0b77fc051007d52ea662efb289bedcbbd6ead
 SHA512:
-  metadata.gz: 4b89f3ff51230ef53e527075a8fb898e63de72c4276e4d3b3dd5e48dd6aa83312cb16bbfcf629cdb82e5981e24a43bf767f2851d84b2cedf24c65caaaf378017
-  data.tar.gz: 86d7b0f0f9a05826fc61d1b41461a20b1a8a65e0bc189b47cb9fbb70bce8cf091104f613d20eb76a8a35e0a65d1541756756a7a0c29ebb6dda0451e997fb3b95
+  metadata.gz: 3a3c415f26386f64090d662398eee705a573ecf6f10cff87ae754eb3f2e65d26f729e4cc6ac91d494c8f36acc4a560a1520b711b99d933e6609dee2d2c151e26
+  data.tar.gz: 261ff309c4d7c7b8bc404d13b4fe7da501801f68c2b4881d9fa55a573ef253bb7f54c16106aa17b2d51d6b53d2843887afa1f9b1e0d52bf5752275f8c1561201

data/.travis.yml

@@ -5,13 +5,10 @@ env:
   - DB=pg DB_USER=postgres
   - DB=sqlite
 gemfile:
-  - Gemfile.rails3
   - Gemfile.rails4
+  - Gemfile.rails41
+  - Gemfile.rails42
 rvm:
-  - 1.9.3
   - 2.0.0
+  - 2.1.0
   - rbx
-matrix:
-  exclude:
-    - gemfile: Gemfile.rails3
-      rvm: 2.0.0

data/Gemfile

@@ -1,17 +1,16 @@
 source 'https://rubygems.org'
 
-gem 'fbgraph_rails', '>= 0.2.2'
-
-gem 'rails', '>= 3.2.17'
+gem 'rails', '>= 4.0.9'
 
 group :development do
-  gem 'bundler', '>= 1.3.5'
+  gem 'bundler', '>= 1.7.3'
   gem 'mocha', '>= 0.14.0'
-  gem 'jeweler', '>= 1.8.8'
+  gem 'jeweler', '>= 2.0.1'
   gem 'simplecov', '>= 0'
-  gem 'mysql2', '>= 0.3.14'
-  gem 'pg', '>= 0.17.0'
-  gem 'sqlite3', '>= 1.3.8'
+  gem 'mysql2', '>= 0.3.16'
+  gem 'omniauth', '>= 1.2.2'
+  gem 'pg', '>= 0.17.1'
+  gem 'sqlite3', '>= 1.3.9'
   gem 'rubysl', platforms: [:rbx]
   gem 'rubysl-bundler', platforms: [:rbx]
   gem 'rubysl-rake', platforms: [:rbx]

data/Gemfile.lock

@@ -1,67 +1,55 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.0.3)
-      actionpack (= 4.0.3)
-      mail (~> 2.5.4)
-    actionpack (4.0.3)
-      activesupport (= 4.0.3)
-      builder (~> 3.1.0)
-      erubis (~> 2.7.0)
+    actionmailer (4.1.7)
+      actionpack (= 4.1.7)
+      actionview (= 4.1.7)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.1.7)
+      actionview (= 4.1.7)
+      activesupport (= 4.1.7)
       rack (~> 1.5.2)
       rack-test (~> 0.6.2)
-    activemodel (4.0.3)
-      activesupport (= 4.0.3)
-      builder (~> 3.1.0)
-    activerecord (4.0.3)
-      activemodel (= 4.0.3)
-      activerecord-deprecated_finders (~> 1.0.2)
-      activesupport (= 4.0.3)
-      arel (~> 4.0.0)
-    activerecord-deprecated_finders (1.0.3)
-    activesupport (4.0.3)
-      i18n (~> 0.6, >= 0.6.4)
-      minitest (~> 4.2)
-      multi_json (~> 1.3)
+    actionview (4.1.7)
+      activesupport (= 4.1.7)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.7)
+      activesupport (= 4.1.7)
+      builder (~> 3.1)
+    activerecord (4.1.7)
+      activemodel (= 4.1.7)
+      activesupport (= 4.1.7)
+      arel (~> 5.0.0)
+    activesupport (4.1.7)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
       thread_safe (~> 0.1)
-      tzinfo (~> 0.3.37)
-    addressable (2.3.5)
-    arel (4.0.2)
-    atomic (1.1.14)
-    builder (3.1.4)
-    descendants_tracker (0.0.3)
-    docile (1.1.3)
+      tzinfo (~> 1.1)
+    addressable (2.3.6)
+    arel (5.0.1.20140414130214)
+    builder (3.2.2)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    docile (1.1.5)
     erubis (2.7.0)
     faraday (0.9.0)
       multipart-post (>= 1.2, < 3)
-    fbgraph (1.10.0)
-      activesupport
-      faraday (>= 0.7.5)
-      hashie (>= 1.0.0)
-      i18n
-      json (>= 1.0.0)
-      oauth2 (>= 0.5.0)
-      rest-client
-    fbgraph_rails (0.2.2)
-      erubis (>= 2.7.0)
-      fbgraph (>= 1.8.3)
-      json (>= 1.6.1)
-      oauth2 (>= 0.5.0)
-      rails (>= 3.1.0)
     ffi2-generators (0.1.1)
-    git (1.2.6)
-    github_api (0.11.2)
+    git (1.2.8)
+    github_api (0.12.2)
       addressable (~> 2.3)
-      descendants_tracker (~> 0.0.1)
+      descendants_tracker (~> 0.0.4)
       faraday (~> 0.8, < 0.10)
-      hashie (>= 1.2)
+      hashie (>= 3.3)
       multi_json (>= 1.7.5, < 2.0)
-      nokogiri (~> 1.6.0)
+      nokogiri (~> 1.6.3)
       oauth2
-    hashie (2.0.5)
-    highline (1.6.20)
+    hashie (3.3.1)
+    highline (1.6.21)
     hike (1.2.3)
-    i18n (0.6.9)
+    i18n (0.6.11)
     jeweler (2.0.1)
       builder
       bundler (>= 1.0)
@@ -72,53 +60,54 @@ GEM
       rake
       rdoc
     json (1.8.1)
-    jwt (0.1.11)
-      multi_json (>= 1.5)
-    mail (2.5.4)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    metaclass (0.0.3)
-    mime-types (1.25.1)
-    mini_portile (0.5.2)
-    minitest (4.7.5)
-    mocha (1.0.0)
+    jwt (1.0.0)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    metaclass (0.0.4)
+    mime-types (2.4.3)
+    mini_portile (0.6.0)
+    minitest (5.4.2)
+    mocha (1.1.0)
       metaclass (~> 0.0.1)
-    multi_json (1.8.4)
+    multi_json (1.10.1)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    mysql2 (0.3.15)
-    nokogiri (1.6.1)
-      mini_portile (~> 0.5.0)
-    oauth2 (0.9.3)
+    mysql2 (0.3.16)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    oauth2 (1.0.0)
       faraday (>= 0.8, < 0.10)
-      jwt (~> 0.1.8)
+      jwt (~> 1.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (~> 1.2)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
+      rack (~> 1.0)
     pg (0.17.1)
-    polyglot (0.3.4)
     rack (1.5.2)
     rack-test (0.6.2)
       rack (>= 1.0)
-    rails (4.0.3)
-      actionmailer (= 4.0.3)
-      actionpack (= 4.0.3)
-      activerecord (= 4.0.3)
-      activesupport (= 4.0.3)
+    rails (4.1.7)
+      actionmailer (= 4.1.7)
+      actionpack (= 4.1.7)
+      actionview (= 4.1.7)
+      activemodel (= 4.1.7)
+      activerecord (= 4.1.7)
+      activesupport (= 4.1.7)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.0.3)
-      sprockets-rails (~> 2.0.0)
-    railties (4.0.3)
-      actionpack (= 4.0.3)
-      activesupport (= 4.0.3)
+      railties (= 4.1.7)
+      sprockets-rails (~> 2.0)
+    railties (4.1.7)
+      actionpack (= 4.1.7)
+      activesupport (= 4.1.7)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.1.1)
-    rdoc (4.1.1)
+    rake (10.3.2)
+    rb-readline (0.5.1)
+    rdoc (4.1.2)
       json (~> 1.4)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    rubysl (2.0.15)
+    rubysl (2.1.0)
       rubysl-abbrev (~> 2.0)
       rubysl-base64 (~> 2.0)
       rubysl-benchmark (~> 2.0)
@@ -152,7 +141,7 @@ GEM
       rubysl-io-nonblock (~> 2.0)
       rubysl-io-wait (~> 2.0)
       rubysl-ipaddr (~> 2.0)
-      rubysl-irb (~> 2.0)
+      rubysl-irb (~> 2.1)
       rubysl-logger (~> 2.0)
       rubysl-mathn (~> 2.0)
       rubysl-matrix (~> 2.0)
@@ -181,7 +170,6 @@ GEM
       rubysl-pstore (~> 2.0)
       rubysl-pty (~> 2.0)
       rubysl-rational (~> 2.0)
-      rubysl-readline (~> 2.0)
       rubysl-resolv (~> 2.0)
       rubysl-rexml (~> 2.0)
       rubysl-rinda (~> 2.0)
@@ -232,7 +220,7 @@ GEM
     rubysl-csv (2.0.2)
       rubysl-english (~> 2.0)
     rubysl-curses (2.0.1)
-    rubysl-date (2.0.6)
+    rubysl-date (2.0.8)
     rubysl-delegate (2.0.1)
     rubysl-digest (2.0.3)
     rubysl-drb (2.0.1)
@@ -257,10 +245,10 @@ GEM
     rubysl-io-nonblock (2.0.0)
     rubysl-io-wait (2.0.0)
     rubysl-ipaddr (2.0.0)
-    rubysl-irb (2.0.4)
+    rubysl-irb (2.1.0)
+      rb-readline (~> 0.5)
       rubysl-e2mmap (~> 2.0)
       rubysl-mathn (~> 2.0)
-      rubysl-readline (~> 2.0)
       rubysl-thread (~> 2.0)
     rubysl-logger (2.0.0)
     rubysl-mathn (2.0.0)
@@ -285,12 +273,12 @@ GEM
     rubysl-observer (2.0.0)
     rubysl-open-uri (2.0.0)
     rubysl-open3 (2.0.0)
-    rubysl-openssl (2.1.0)
+    rubysl-openssl (2.2.1)
     rubysl-optparse (2.0.1)
       rubysl-shellwords (~> 2.0)
     rubysl-ostruct (2.0.4)
-    rubysl-pathname (2.0.0)
-    rubysl-prettyprint (2.0.2)
+    rubysl-pathname (2.1.0)
+    rubysl-prettyprint (2.0.3)
     rubysl-prime (2.0.1)
     rubysl-profile (2.0.0)
     rubysl-profiler (2.0.1)
@@ -310,9 +298,8 @@ GEM
       rubysl-tempfile (~> 2.0)
       rubysl-thread (~> 2.0)
     rubysl-rational (2.0.1)
-    rubysl-readline (2.0.2)
-    rubysl-resolv (2.0.0)
-    rubysl-rexml (2.0.2)
+    rubysl-resolv (2.1.0)
+    rubysl-rexml (2.0.3)
     rubysl-rinda (2.0.1)
     rubysl-rss (2.0.0)
     rubysl-scanf (2.0.0)
@@ -331,7 +318,7 @@ GEM
     rubysl-thwait (2.0.0)
     rubysl-time (2.0.3)
     rubysl-timeout (2.0.0)
-    rubysl-tmpdir (2.0.0)
+    rubysl-tmpdir (2.0.1)
     rubysl-tsort (2.0.1)
     rubysl-un (2.0.0)
       rubysl-fileutils (~> 2.0)
@@ -342,43 +329,40 @@ GEM
     rubysl-xmlrpc (2.0.0)
     rubysl-yaml (2.0.4)
     rubysl-zlib (2.0.1)
-    simplecov (0.8.2)
+    simplecov (0.9.1)
       docile (~> 1.1.0)
-      multi_json
+      multi_json (~> 1.0)
       simplecov-html (~> 0.8.0)
     simplecov-html (0.8.0)
-    sprockets (2.11.0)
+    sprockets (2.12.3)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.0.1)
+    sprockets-rails (2.2.0)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
-      sprockets (~> 2.8)
-    sqlite3 (1.3.8)
-    thor (0.18.1)
-    thread_safe (0.1.3)
-      atomic
+      sprockets (>= 2.8, < 4.0)
+    sqlite3 (1.3.10)
+    thor (0.19.1)
+    thread_safe (0.3.4)
     tilt (1.4.1)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.38)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (>= 1.3.5)
-  fbgraph_rails (>= 0.2.2)
-  jeweler (>= 1.8.8)
+  bundler (>= 1.7.3)
+  jeweler (>= 2.0.1)
   mocha (>= 0.14.0)
-  mysql2 (>= 0.3.14)
-  pg (>= 0.17.0)
-  rails (>= 3.2.17)
+  mysql2 (>= 0.3.16)
+  omniauth (>= 1.2.2)
+  pg (>= 0.17.1)
+  rails (>= 4.0.9)
   rubysl
   rubysl-bundler
   rubysl-rake
   simplecov
-  sqlite3 (>= 1.3.8)
+  sqlite3 (>= 1.3.9)

data/Gemfile.rails4

@@ -1,17 +1,16 @@
 source 'https://rubygems.org'
 
-gem 'fbgraph_rails', '>= 0.2.2'
-
-gem 'rails', '~> 4.0'
+gem 'rails', '~> 4.0.9'
 
 group :development do
-  gem 'bundler', '>= 1.3.5'
-  gem 'mocha', '>= 0.14.0'
-  gem 'jeweler', '>= 1.8.8'
+  gem 'bundler', '>= 1.6.2'
+  gem 'mocha', '>= 1.1.0'
+  gem 'jeweler', '>= 2.0.1'
   gem 'simplecov', '>= 0'
-  gem 'mysql2', '>= 0.3.14'
-  gem 'pg', '>= 0.17.0'
-  gem 'sqlite3', '>= 1.3.8'
+  gem 'mysql2', '>= 0.3.16'
+  gem 'omniauth', '>= 1.2.2'
+  gem 'pg', '>= 0.17.1'
+  gem 'sqlite3', '>= 1.3.10'
   gem 'rubysl', platforms: [:rbx]
   gem 'rubysl-bundler', platforms: [:rbx]
   gem 'rubysl-rake', platforms: [:rbx]

data/{Gemfile.rails3 → Gemfile.rails41}

@@ -1,17 +1,16 @@
 source 'https://rubygems.org'
 
-gem 'fbgraph_rails', '>= 0.2.2'
-
-gem 'rails', '~> 3.2.17'
+gem 'rails', '~> 4.1.7'
 
 group :development do
-  gem 'bundler', '>= 1.5.3'
-  gem 'mocha', '>= 1.0.0'
+  gem 'bundler', '>= 1.6.2'
+  gem 'mocha', '>= 1.1.0'
   gem 'jeweler', '>= 2.0.1'
   gem 'simplecov', '>= 0'
-  gem 'mysql2', '>= 0.3.15'
+  gem 'mysql2', '>= 0.3.16'
+  gem 'omniauth', '>= 1.2.2'
   gem 'pg', '>= 0.17.1'
-  gem 'sqlite3', '>= 1.3.8'
+  gem 'sqlite3', '>= 1.3.10'
   gem 'rubysl', platforms: [:rbx]
   gem 'rubysl-bundler', platforms: [:rbx]
   gem 'rubysl-rake', platforms: [:rbx]

data/Gemfile.rails42

@@ -0,0 +1,17 @@
+source 'https://rubygems.org'
+
+gem 'rails', '>= 4.2.0.beta2'
+
+group :development do
+  gem 'bundler', '>= 1.6.2'
+  gem 'mocha', '>= 1.1.0'
+  gem 'jeweler', '>= 2.0.1'
+  gem 'simplecov', '>= 0'
+  gem 'mysql2', '>= 0.3.16'
+  gem 'omniauth', '>= 1.2.2'
+  gem 'pg', '>= 0.17.1'
+  gem 'sqlite3', '>= 1.3.10'
+  gem 'rubysl', platforms: [:rbx]
+  gem 'rubysl-bundler', platforms: [:rbx]
+  gem 'rubysl-rake', platforms: [:rbx]
+end

data/README.rdoc

@@ -1,6 +1,6 @@
 = authpwn_rails
 
-User authentication for a Ruby on Rails 3 application. Works with Facebook.
+User authentication for a Ruby on Rails 4 application. Works with Facebook.
 
 == Integration
 
@@ -9,7 +9,6 @@ Scaffold user accounts, and session controller views.
 
 Wire authentication into your ApplicationController.
     authenticates_using_session
-    authenticates_using_facebook
 
 Note: the code inside the models and controllers is tucked away in the plug-in.
 The scaffold models and controllers are there as extension points. You will be

data/Rakefile

@@ -16,7 +16,7 @@ Jeweler::Tasks.new do |gem|
   gem.name = "authpwn_rails"
   gem.homepage = "http://github.com/pwnall/authpwn_rails"
   gem.license = "MIT"
-  gem.summary = %Q{User authentication for Rails 3 and 4 applications.}
+  gem.summary = %Q{User authentication for Rails 4 applications.}
   gem.description = %Q{Works with Facebook.}
   gem.email = "victor@costan.us"
   gem.authors = ["Victor Costan"]

data/VERSION

@@ -1 +1 @@
-0.16.2
+0.17.0

data/app/models/credentials/email.rb

@@ -5,13 +5,7 @@ module Credentials
 class Email < ::Credential
   # E-mail is a user-visible attribute, so we want good error messages for some
   # of its validations. This means we must re-define them.
-  if respond_to?(:clear_validators!)
-    clear_validators!
-  else
-    # Backport clear_validators! from Rails 4.
-    reset_callbacks :validate
-    _validators.clear
-  end
+  clear_validators!
 
   # The user whose email this is.
   validates :user, presence: true
@@ -26,17 +20,20 @@ class Email < ::Credential
   validates :key, presence: true, inclusion: { in: ['0', '1'] }
 
   before_validation :set_verified_to_false, on: :create
-  # :nodoc: by default, e-mail addresses are not verified
+  # @private
+  # By default, e-mail addresses are not verified.
   def set_verified_to_false
     self.key ||= '0' if self.key.nil?
   end
+  private :set_verified_to_false
 
   # True if the e-mail has been verified via a token URL.
   def verified?
     key == '1'
   end
 
-  # True if the e-mail has been verified via a token URL.
+  # @param [Boolean] new_verified_value true if the e-mail has been verified
+  #     via a token URL.
   def verified=(new_verified_value)
     self.key = new_verified_value ? '1' : '0'
     new_verified_value ? true : false
@@ -59,34 +56,15 @@ class Email < ::Credential
     user.auth_bounce_reason(credential) || user
   end
 
-  begin
-    ActiveRecord::QueryMethods.instance_method :references
-    # Rails 4.
-
-    # Locates the credential holding an e-mail address.
-    #
-    # Returns the User matching the given e-mail, or nil if the e-mail is not
-    # associated with any user.
-    def self.with(email)
-      # This method is likely to be used to kick off a complex authentication
-      # process, so it makes sense to pre-fetch the user's other credentials.
-      Credentials::Email.includes(user: :credentials).where(name: email).
-                         references(:credential).first
-    end
-  rescue NameError
-    # Rails 3.
-
-    def self.with(email)
-      # This method is likely to be used to kick off a complex authentication
-      # process, so it makes sense to pre-fetch the user's other credentials.
-      Credentials::Email.includes(user: :credentials).where(name: email).
-                         first
-    end
-  end
-
-  if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
-    # Forms can only change the e-mail in the credential.
-    attr_accessible :email
+  # Locates the credential holding an e-mail address.
+  #
+  # Returns the User matching the given e-mail, or nil if the e-mail is not
+  # associated with any user.
+  def self.with(email)
+    # This method is likely to be used to kick off a complex authentication
+    # process, so it makes sense to pre-fetch the user's other credentials.
+    Credentials::Email.includes(user: :credentials).where(name: email).
+                       references(:credential).first
   end
 end  # class Credentials::Email
 

data/app/models/credentials/omni_auth_uid.rb

@@ -0,0 +1,96 @@
+# :namespace
+module Credentials
+
+# Associates an OmniAuth authentication method with the user account.
+class OmniAuthUid < ::Credential
+  # Virtual attribute: the OmniAuth provider.
+  validates :provider, presence: true, length: 1..64
+  def provider
+    @omni_provider ||= name.split(',', 2).first
+  end
+  def provider=(new_provider)
+    @omni_provider = new_provider
+    self.name = "#{@omni_provider},#{@omni_uid}"
+  end
+
+  # Virtual attribute: the UID generated by the OmniAuth provider.
+  validates :uid, presence: true, length: 1..128
+  def uid
+    @omni_uid ||= name.split(',', 2).last
+  end
+  def uid=(new_uid)
+    @omni_uid = new_uid
+    self.name = "#{@omni_provider},#{@omni_uid}"
+  end
+
+  # '1' unless this authentication method is blocked.
+  validates :key, presence: true, inclusion: { in: ['0', '1'] }
+
+  before_validation :set_blocked_to_false, on: :create
+  # @private
+  # By default, OmniAuth authentication methods are not blocked.
+  def set_blocked_to_false
+    self.key ||= '1' if self.key.nil?
+  end
+  private :set_blocked_to_false
+
+  # @return [Boolean] true if the authentication method has been blocked
+  def blocked?
+    key == '0'
+  end
+
+  # @param [Boolean] new_blocked_value true if this authentication method has
+  #     been blocked
+  def blocked=(new_blocked_value)
+    self.key = new_blocked_value ? '0' : '1'
+    new_blocked_value ? true : false
+  end
+
+  # Locates a user given an OmniAuth hash.
+  #
+  # @return [User, Symbol] the authenticated User instance, or a symbol
+  #     indicating the reason why the (potentially valid) hash was rejected
+  def self.authenticate(omniauth_hash)
+    credential = with omniauth_hash
+    if credential
+      user = credential.user
+    else
+      user = User.related_to_omniauth omniauth_hash
+      unless user
+        user = User.create_from_omniauth omniauth_hash
+      end
+
+      # If a user was found/created here, attach an OmniAuth credential to the
+      # user, so it always survives.
+      if user
+        credential = Credentials::OmniAuthUid.create! user: user,
+            provider: omniauth_hash['provider'], uid: omniauth_hash['uid']
+      end
+    end
+
+    return :invalid unless credential
+    return :blocked if credential.blocked?
+    user.auth_bounce_reason(credential) || user
+  end
+
+  # Locates a user given an OmniAuth hash.
+  #
+  # This returns a user
+  #
+  # @return [User] the User matching the given hash, or nil if the hash is not
+  #     associated with any user
+  def self.with(omniauth_hash)
+    Credentials::OmniAuthUid.where(name: name_from_omniauth(omniauth_hash)).
+                             first
+  end
+
+  # @param [Hash] omniauth_hash the hash given in the omniauth.auth Rack
+  #     environment variable
+  # @return [String] the credential name derived from the hash
+  def self.name_from_omniauth(omniauth_hash)
+    "#{omniauth_hash['provider']},#{omniauth_hash['uid']}"
+  end
+end  # class Credentials::Email
+
+end  # namespace Credentials
+

data/app/models/credentials/password.rb

@@ -80,11 +80,6 @@ class Password < ::Credential
   def self.random_salt
     [(0...12).map { |i| 1 + rand(255) }.pack('C*')].pack('m').strip
   end
-
-  if ActiveRecord::Base.respond_to? :mass_assignment_sanitizer=
-    # Forms can only change the plain-text password fields.
-    attr_accessible :old_password, :password, :password_confirmation
-  end
 end  # class Credentials::Password
 
 end  # namespace Credentials