kschrader-authlogic 2.1.2

data/lib/authlogic/session/cookies.rb

@@ -0,0 +1,130 @@
+module Authlogic
+  module Session
+    # Handles all authentication that deals with cookies, such as persisting, saving, and destroying.
+    module Cookies
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          include InstanceMethods
+          persist :persist_by_cookie
+          after_save :save_cookie
+          after_destroy :destroy_cookie
+        end
+      end
+      
+      # Configuration for the cookie feature set.
+      module Config
+        # The name of the cookie or the key in the cookies hash. Be sure and use a unique name. If you have multiple sessions and they use the same cookie it will cause problems.
+        # Also, if a id is set it will be inserted into the beginning of the string. Exmaple:
+        #
+        #   session = UserSession.new
+        #   session.cookie_key => "user_credentials"
+        #   
+        #   session = UserSession.new(:super_high_secret)
+        #   session.cookie_key => "super_high_secret_user_credentials"
+        #
+        # * <tt>Default:</tt> "#{klass_name.underscore}_credentials"
+        # * <tt>Accepts:</tt> String
+        def cookie_key(value = nil)
+          rw_config(:cookie_key, value, "#{klass_name.underscore}_credentials")
+        end
+        alias_method :cookie_key=, :cookie_key
+        
+        # If sessions should be remembered by default or not.
+        #
+        # * <tt>Default:</tt> false
+        # * <tt>Accepts:</tt> Boolean
+        def remember_me(value = nil)
+          rw_config(:remember_me, value, false)
+        end
+        alias_method :remember_me=, :remember_me
+        
+        # The length of time until the cookie expires.
+        #
+        # * <tt>Default:</tt> 3.months
+        # * <tt>Accepts:</tt> Integer, length of time in seconds, such as 60 or 3.months
+        def remember_me_for(value = :_read)
+          rw_config(:remember_me_for, value, 3.months, :_read)
+        end
+        alias_method :remember_me_for=, :remember_me_for
+      end
+      
+      # The methods available for an Authlogic::Session::Base object that make up the cookie feature set.
+      module InstanceMethods
+        # Allows you to set the remember_me option when passing credentials.
+        def credentials=(value)
+          super
+          values = value.is_a?(Array) ? value : [value]
+          case values.first
+          when Hash
+            self.remember_me = values.first.with_indifferent_access[:remember_me] if values.first.with_indifferent_access.key?(:remember_me)
+          else
+            r = values.find { |value| value.is_a?(TrueClass) || value.is_a?(FalseClass) }
+            self.remember_me = r if !r.nil?
+          end
+        end
+        
+        # Is the cookie going to expire after the session is over, or will it stick around?
+        def remember_me
+          return @remember_me if defined?(@remember_me)
+          @remember_me = self.class.remember_me
+        end
+      
+        # Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for "remember_me_until".
+        def remember_me=(value)
+          @remember_me = value
+        end
+      
+        # See remember_me
+        def remember_me?
+          remember_me == true || remember_me == "true" || remember_me == "1"
+        end
+        
+        # How long to remember the user if remember_me is true. This is based on the class level configuration: remember_me_for
+        def remember_me_for
+          return unless remember_me?
+          self.class.remember_me_for
+        end
+      
+        # When to expire the cookie. See remember_me_for configuration option to change this.
+        def remember_me_until
+          return unless remember_me?
+          remember_me_for.from_now
+        end
+        
+        private
+          def cookie_key
+            build_key(self.class.cookie_key)
+          end
+          
+          def cookie_credentials
+            controller.cookies[cookie_key] && controller.cookies[cookie_key].split("::")
+          end
+          
+          # Tries to validate the session from information in the cookie
+          def persist_by_cookie
+            persistence_token, record_id = cookie_credentials
+            if !persistence_token.nil?
+              record = record_id.nil? ? search_for_record("find_by_persistence_token", persistence_token) : search_for_record("find_by_#{klass.primary_key}", record_id)
+              self.unauthorized_record = record if record && record.persistence_token == persistence_token
+              valid?
+            else
+              false
+            end
+          end
+        
+          def save_cookie
+            controller.cookies[cookie_key] = {
+              :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
+              :expires => remember_me_until,
+              :domain => controller.cookie_domain
+            }
+          end
+        
+          def destroy_cookie
+            controller.cookies.delete cookie_key, :domain => controller.cookie_domain
+          end
+      end
+    end
+  end
+end

data/lib/authlogic/session/existence.rb

@@ -0,0 +1,93 @@
+module Authlogic
+  module Session
+    # Provides methods to create and destroy objects. Basically controls their "existence".
+    module Existence
+      class SessionInvalidError < ::StandardError # :nodoc:
+        def initialize(session)
+          super("Your session is invalid and has the following errors: #{session.errors.full_messages.to_sentence}")
+        end
+      end
+      
+      def self.included(klass)
+        klass.class_eval do
+          extend ClassMethods
+          include InstanceMethods
+          attr_accessor :new_session, :record
+        end
+      end
+      
+      module ClassMethods
+        # A convenince method. The same as:
+        #
+        #   session = UserSession.new(*args)
+        #   session.save
+        #
+        # Instead you can do:
+        #
+        #   UserSession.create(*args)
+        def create(*args, &block)
+          session = new(*args)
+          session.save(&block)
+          session
+        end
+        
+        # Same as create but calls create!, which raises an exception when validation fails.
+        def create!(*args)
+          session = new(*args)
+          session.save!
+          session
+        end
+      end
+      
+      module InstanceMethods
+        # Clears all errors and the associated record, you should call this terminate a session, thus requring
+        # the user to authenticate again if it is needed.
+        def destroy
+          before_destroy
+          save_record
+          errors.clear
+          @record = nil
+          after_destroy
+          true
+        end
+        
+        # Returns true if the session is new, meaning no action has been taken on it and a successful save
+        # has not taken place.
+        def new_session?
+          new_session != false
+        end
+        
+        # After you have specified all of the details for your session you can try to save it. This will
+        # run validation checks and find the associated record, if all validation passes. If validation
+        # does not pass, the save will fail and the erorrs will be stored in the errors object.
+        def save(&block)
+          result = nil
+          if valid?
+            self.record = attempted_record
+
+            before_save
+            new_session? ? before_create : before_update
+            new_session? ? after_create : after_update
+            after_save
+
+            save_record
+            self.new_session = false
+            result = true
+          else
+            result = false
+          end
+
+          yield result if block_given?
+          result
+        end
+
+        # Same as save but raises an exception of validation errors when validation fails
+        def save!
+          result = save
+          raise SessionInvalidError.new(self) unless result
+          result
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/session/foundation.rb

@@ -0,0 +1,63 @@
+module Authlogic
+  module Session
+    # Sort of like an interface, it sets the foundation for the class, such as the required methods. This also allows
+    # other modules to overwrite methods and call super on them. It's also a place to put "utility" methods used
+    # throughout Authlogic.
+    module Foundation
+      def self.included(klass)
+        klass.class_eval do
+          extend ClassMethods
+          include InstanceMethods
+        end
+      end
+      
+      module ClassMethods
+        private
+          def rw_config(key, value, default_value = nil, read_value = nil)
+            if value == read_value
+              return read_inheritable_attribute(key) if inheritable_attributes.include?(key)
+              write_inheritable_attribute(key, default_value)
+            else
+              write_inheritable_attribute(key, value)
+            end
+          end
+      end
+      
+      module InstanceMethods
+        def initialize(*args)
+          self.credentials = args
+        end
+        
+        # The credentials you passed to create your session. See credentials= for more info.
+        def credentials
+          []
+        end
+
+        # Set your credentials before you save your session. You can pass a hash of credentials:
+        #
+        #   session.credentials = {:login => "my login", :password => "my password", :remember_me => true}
+        #
+        # or you can pass an array of objects:
+        #
+        #   session.credentails = [my_user_object, true]
+        #
+        # and if you need to set an id, just pass it last. This value need be the last item in the array you pass, since the id is something that
+        # you control yourself, it should never be set from a hash or a form. Examples:
+        #
+        #   session.credentials = [{:login => "my login", :password => "my password", :remember_me => true}, :my_id]
+        #   session.credentials = [my_user_object, true, :my_id]
+        def credentials=(values)
+        end
+        
+        def inspect
+          "#<#{self.class.name}: #{credentials.blank? ? "no credentials provided" : credentials.inspect}>"
+        end
+        
+        private
+          def build_key(last_part)
+            last_part
+          end
+      end
+    end
+  end
+end

data/lib/authlogic/session/http_auth.rb

@@ -0,0 +1,58 @@
+module Authlogic
+  module Session
+    # Handles all authentication that deals with basic HTTP auth. Which is authentication built into the HTTP protocol:
+    #
+    #   http://username:password@whatever.com
+    #
+    # Also, if you are not comfortable letting users pass their raw username and password you can always use the single
+    # access token. See Authlogic::Session::Params for more info.
+    module HttpAuth
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          include InstanceMethods
+          persist :persist_by_http_auth, :if => :persist_by_http_auth?
+        end
+      end
+      
+      # Configuration for the HTTP basic auth feature of Authlogic.
+      module Config
+        # Do you want to allow your users to log in via HTTP basic auth?
+        #
+        # I recommend keeping this enabled. The only time I feel this should be disabled is if you are not comfortable
+        # having your users provide their raw username and password. Whatever the reason, you can disable it here.
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def allow_http_basic_auth(value = nil)
+          rw_config(:allow_http_basic_auth, value, true)
+        end
+        alias_method :allow_http_basic_auth=, :allow_http_basic_auth
+      end
+      
+      # Instance methods for the HTTP basic auth feature of authlogic.
+      module InstanceMethods
+        private
+          def persist_by_http_auth?
+            allow_http_basic_auth? && login_field && password_field
+          end
+        
+          def persist_by_http_auth
+            controller.authenticate_with_http_basic do |login, password|
+              if !login.blank? && !password.blank?
+                send("#{login_field}=", login)
+                send("#{password_field}=", password)
+                return valid?
+              end
+            end
+        
+            false
+          end
+        
+          def allow_http_basic_auth?
+            self.class.allow_http_basic_auth == true
+          end
+      end
+    end
+  end
+end

data/lib/authlogic/session/id.rb

@@ -0,0 +1,41 @@
+module Authlogic
+  module Session
+    # Allows you to separate sessions with an id, ultimately letting you create multiple sessions for the same user.
+    module Id
+      def self.included(klass)
+        klass.class_eval do
+          attr_writer :id
+        end
+      end
+      
+      # Setting the id if it is passed in the credentials.
+      def credentials=(value)
+        super
+        values = value.is_a?(Array) ? value : [value]
+        self.id = values.last if values.last.is_a?(Symbol)
+      end
+      
+      # Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time.
+      # A good example when this might be needed is when you want to have a normal user session and a "secure" user session.
+      # The secure user session would be created only when they want to modify their billing information, or other sensitive
+      # information. Similar to me.com. This requires 2 user sessions. Just use an id for the "secure" session and you should be good.
+      #
+      # You can set the id during initialization (see initialize for more information), or as an attribute:
+      #
+      #   session.id = :my_id
+      #
+      # Just be sure and set your id before you save your session.
+      #
+      # Lastly, to retrieve your session with the id check out the find class method.
+      def id
+        @id
+      end
+      
+      private
+        # Used for things like cookie_key, session_key, etc.
+        def build_key(last_part)
+          [id, super].compact.join("_")
+        end
+    end
+  end
+end

data/lib/authlogic/session/klass.rb

@@ -0,0 +1,75 @@
+module Authlogic
+  module Session
+    # Handles authenticating via a traditional username and password.
+    module Klass
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          include InstanceMethods
+          
+          class << self
+            attr_accessor :configured_klass_methods
+          end
+        end
+      end
+      
+      module Config
+        # Lets you change which model to use for authentication.
+        #
+        # * <tt>Default:</tt> inferred from the class name. UserSession would automatically try User
+        # * <tt>Accepts:</tt> an ActiveRecord class
+        def authenticate_with(klass)
+          @klass_name = klass.name
+          @klass = klass
+        end
+        alias_method :authenticate_with=, :authenticate_with
+        
+        # The name of the class that this session is authenticating with. For example, the UserSession class will
+        # authenticate with the User class unless you specify otherwise in your configuration. See authenticate_with
+        # for information on how to change this value.
+        def klass
+          @klass ||=
+            if klass_name
+              klass_name.constantize
+            else
+              nil
+            end
+        end
+        
+        # Same as klass, just returns a string instead of the actual constant.
+        def klass_name
+          @klass_name ||= 
+            if guessed_name = name.scan(/(.*)Session/)[0]
+              @klass_name = guessed_name[0]
+            end
+        end
+      end
+      
+      module InstanceMethods
+        # Creating an alias method for the "record" method based on the klass name, so that we can do:
+        #
+        #   session.user
+        #
+        # instead of:
+        #
+        #   session.record
+        def initialize(*args)
+          if !self.class.configured_klass_methods
+            self.class.send(:alias_method, klass_name.demodulize.underscore.to_sym, :record)
+            self.class.configured_klass_methods = true
+          end
+          super
+        end
+        
+        private
+          def klass
+            self.class.klass
+          end
+
+          def klass_name
+            self.class.klass_name
+          end
+      end
+    end
+  end
+end