nulogy-authlogic 3.1.0.1

data/generators/session/session_generator.rb

@@ -0,0 +1,9 @@
+class SessionGenerator < Rails::Generator::NamedBase
+  def manifest
+    record do |m|
+      m.class_collisions class_name
+      m.directory File.join('app/models', class_path)
+      m.template 'session.rb', File.join('app/models', class_path, "#{file_name}.rb")
+    end
+  end
+end

data/generators/session/templates/session.rb

@@ -0,0 +1,2 @@
+class <%= class_name %> < Authlogic::Session::Base
+end

data/init.rb

@@ -0,0 +1 @@
+require File.dirname(__FILE__) + "/rails/init.rb"

data/lib/authlogic.rb

@@ -0,0 +1,64 @@
+require "active_record"
+
+AUTHLOGIC_PATH = File.dirname(__FILE__) + "/authlogic/"
+
+[
+ "i18n",
+ "random",
+ "regex",
+ 
+ "controller_adapters/abstract_adapter",
+ 
+ "crypto_providers/md5",
+ "crypto_providers/sha1",
+ "crypto_providers/sha256",
+ "crypto_providers/sha512",
+ "crypto_providers/bcrypt",
+ "crypto_providers/aes256",
+ 
+ "authenticates_many/base",
+ "authenticates_many/association",
+ 
+ "acts_as_authentic/email",
+ "acts_as_authentic/logged_in_status",
+ "acts_as_authentic/login",
+ "acts_as_authentic/magic_columns",
+ "acts_as_authentic/password",
+ "acts_as_authentic/perishable_token",
+ "acts_as_authentic/persistence_token",
+ "acts_as_authentic/restful_authentication",
+ "acts_as_authentic/session_maintenance",
+ "acts_as_authentic/single_access_token",
+ "acts_as_authentic/validations_scope",
+ "acts_as_authentic/base",
+ 
+ "session/activation",
+ "session/active_record_trickery",
+ "session/brute_force_protection",
+ "session/callbacks",
+ "session/cookies",
+ "session/existence",
+ "session/foundation",
+ "session/http_auth",
+ "session/id",
+ "session/klass",
+ "session/magic_columns",
+ "session/magic_states",
+ "session/params",
+ "session/password",
+ "session/perishable_token",
+ "session/persistence",
+ "session/priority_record",
+ "session/scopes",
+ "session/session",
+ "session/timeout",
+ "session/unauthorized_record",
+ "session/validation",
+ "session/base"
+].each do |library|
+   require AUTHLOGIC_PATH + library
+ end
+
+require AUTHLOGIC_PATH + "controller_adapters/rails_adapter"   if defined?( Rails   )
+require AUTHLOGIC_PATH + "controller_adapters/merb_adapter"    if defined?( Merb    )
+require AUTHLOGIC_PATH + "controller_adapters/sinatra_adapter" if defined?( Sinatra )

data/lib/authlogic/acts_as_authentic/base.rb

@@ -0,0 +1,109 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Provides the base functionality for acts_as_authentic
+    module Base
+      def self.included(klass)
+        klass.class_eval do
+          class_attribute :acts_as_authentic_modules, :acts_as_authentic_config
+          self.acts_as_authentic_modules ||= []
+          self.acts_as_authentic_config  ||= {}
+          extend Config
+        end
+      end
+      
+      module Config
+        # This includes a lot of helpful methods for authenticating records which The Authlogic::Session module relies on.
+        # To use it just do:
+        #
+        #   class User < ActiveRecord::Base
+        #     acts_as_authentic
+        #   end
+        #
+        # Configuration is easy:
+        #
+        #   acts_as_authentic do |c|
+        #     c.my_configuration_option = my_value
+        #   end
+        #
+        # See the various sub modules for the configuration they provide.
+        def acts_as_authentic(unsupported_options = nil, &block)
+          # Stop all configuration if the DB is not set up
+          raise StandardError.new("You must establish a database connection before using acts_as_authentic") if !db_setup?
+          
+          raise ArgumentError.new("You are using the old v1.X.X configuration method for Authlogic. Instead of " +
+            "passing a hash of configuration options to acts_as_authentic, pass a block: acts_as_authentic { |c| c.my_option = my_value }") if !unsupported_options.nil?
+          
+          yield self if block_given?
+          acts_as_authentic_modules.each { |mod| include mod }
+        end
+        
+        # Since this part of Authlogic deals with another class, ActiveRecord, we can't just start including things
+        # in ActiveRecord itself. A lot of these module includes need to be triggered by the acts_as_authentic method
+        # call. For example, you don't want to start adding in email validations and what not into a model that has
+        # nothing to do with Authlogic.
+        #
+        # That being said, this is your tool for extending Authlogic and "hooking" into the acts_as_authentic call.
+        def add_acts_as_authentic_module(mod, action = :append)
+          modules = acts_as_authentic_modules.clone
+          case action
+          when :append
+            modules << mod
+          when :prepend
+            modules = [mod] + modules
+          end
+          modules.uniq!
+          self.acts_as_authentic_modules = modules
+        end
+        
+        # This is the same as add_acts_as_authentic_module, except that it removes the module from the list.
+        def remove_acts_as_authentic_module(mod)
+          modules = acts_as_authentic_modules.clone
+          modules.delete(mod)
+          self.acts_as_authentic_modules = modules
+        end
+
+        private
+          def db_setup?
+            begin
+              column_names
+              true
+            rescue Exception
+              false
+            end
+          end
+          
+          def rw_config(key, value, default_value = nil, read_value = nil)
+            if value == read_value
+              acts_as_authentic_config.include?(key) ? acts_as_authentic_config[key] : default_value
+            else
+              config = acts_as_authentic_config.clone
+              config[key] = value
+              self.acts_as_authentic_config = config
+              value
+            end
+          end
+          
+          def first_column_to_exist(*columns_to_check)
+            if db_setup?
+              columns_to_check.each { |column_name| return column_name.to_sym if column_names.include?(column_name.to_s) }
+            end
+            columns_to_check.first && columns_to_check.first.to_sym
+          end
+      end
+    end
+  end
+end
+
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Base
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Email
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::LoggedInStatus
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Login
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::MagicColumns
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::Password
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::PerishableToken
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::PersistenceToken
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::RestfulAuthentication
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SessionMaintenance
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::SingleAccessToken
+::ActiveRecord::Base.send :include, Authlogic::ActsAsAuthentic::ValidationsScope
+

data/lib/authlogic/acts_as_authentic/email.rb

@@ -0,0 +1,110 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Sometimes models won't have an explicit "login" or "username" field. Instead they want to use the email field.
+    # In this case, authlogic provides validations to make sure the email submited is actually a valid email. Don't worry,
+    # if you do have a login or username field, Authlogic will still validate your email field. One less thing you have to
+    # worry about.
+    module Email
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+
+      # Configuration to modify how Authlogic handles the email field.
+      module Config
+        # The name of the field that stores email addresses.
+        #
+        # * <tt>Default:</tt> :email, if it exists
+        # * <tt>Accepts:</tt> Symbol
+        def email_field(value = nil)
+          rw_config(:email_field, value, first_column_to_exist(nil, :email, :email_address))
+        end
+        alias_method :email_field=, :email_field
+
+        # Toggles validating the email field or not.
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def validate_email_field(value = nil)
+          rw_config(:validate_email_field, value, true)
+        end
+        alias_method :validate_email_field=, :validate_email_field
+
+        # A hash of options for the validates_length_of call for the email field. Allows you to change this however you want.
+        #
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
+        # merge options into it. Checkout the convenience function merge_validates_length_of_email_field_options to merge
+        # options.</b>
+        #
+        # * <tt>Default:</tt> {:maximum => 100}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
+        def validates_length_of_email_field_options(value = nil)
+          rw_config(:validates_length_of_email_field_options, value, {:maximum => 100})
+        end
+        alias_method :validates_length_of_email_field_options=, :validates_length_of_email_field_options
+
+        # A convenience function to merge options into the validates_length_of_email_field_options. So intead of:
+        #
+        #   self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(:my_option => my_value)
+        #
+        # You can do this:
+        #
+        #   merge_validates_length_of_email_field_options :my_option => my_value
+        def merge_validates_length_of_email_field_options(options = {})
+          self.validates_length_of_email_field_options = validates_length_of_email_field_options.merge(options)
+        end
+
+        # A hash of options for the validates_format_of call for the email field. Allows you to change this however you want.
+        #
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
+        # merge options into it. Checkout the convenience function merge_validates_format_of_email_field_options to merge
+        # options.</b>
+        #
+        # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => lambda {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
+        def validates_format_of_email_field_options(value = nil)
+          rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => Proc.new{I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}})
+        end
+        alias_method :validates_format_of_email_field_options=, :validates_format_of_email_field_options
+
+        # See merge_validates_length_of_email_field_options. The same thing except for validates_format_of_email_field_options.
+        def merge_validates_format_of_email_field_options(options = {})
+          self.validates_format_of_email_field_options = validates_format_of_email_field_options.merge(options)
+        end
+
+        # A hash of options for the validates_uniqueness_of call for the email field. Allows you to change this however you want.
+        #
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
+        # merge options into it. Checkout the convenience function merge_validates_uniqueness_of_email_field_options to merge
+        # options.</b>
+        #
+        # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
+        def validates_uniqueness_of_email_field_options(value = nil)
+          rw_config(:validates_uniqueness_of_email_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{email_field}_changed?".to_sym})
+        end
+        alias_method :validates_uniqueness_of_email_field_options=, :validates_uniqueness_of_email_field_options
+
+        # See merge_validates_length_of_email_field_options. The same thing except for validates_uniqueness_of_email_field_options.
+        def merge_validates_uniqueness_of_email_field_options(options = {})
+          self.validates_uniqueness_of_email_field_options = validates_uniqueness_of_email_field_options.merge(options)
+        end
+      end
+
+      # All methods relating to the email field
+      module Methods
+        def self.included(klass)
+          klass.class_eval do
+            if validate_email_field && email_field
+              validates_length_of email_field, validates_length_of_email_field_options
+              validates_format_of email_field, validates_format_of_email_field_options
+              validates_uniqueness_of email_field, validates_uniqueness_of_email_field_options
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/logged_in_status.rb

@@ -0,0 +1,59 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Since web applications are stateless there is not sure fire way to tell if a user is logged in or not,
+    # from the database perspective. The best way to do this is to provide a "timeout" based on inactivity.
+    # So if that user is inactive for a certain amount of time we assume they are logged out. That's what this
+    # module is all about.
+    module LoggedInStatus
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+
+      # All configuration for the logged in status feature set.
+      module Config
+        # The timeout to determine when a user is logged in or not.
+        #
+        # * <tt>Default:</tt> 10.minutes
+        # * <tt>Accepts:</tt> Fixnum
+        def logged_in_timeout(value = nil)
+          rw_config(:logged_in_timeout, (!value.nil? && value.to_i) || value, 10.minutes.to_i)
+        end
+        alias_method :logged_in_timeout=, :logged_in_timeout
+      end
+
+      # All methods for the logged in status feature seat.
+      module Methods
+        def self.included(klass)
+          return if !klass.column_names.include?("last_request_at")
+
+          klass.class_eval do
+            include InstanceMethods
+            scope :logged_in, lambda{ where("last_request_at > ?", logged_in_timeout.seconds.ago) }
+            scope :logged_out, lambda{ where("last_request_at is NULL or last_request_at <= ?", logged_in_timeout.seconds.ago) }
+          end
+        end
+
+        module InstanceMethods
+          # Returns true if the last_request_at > logged_in_timeout.
+          def logged_in?
+            raise "Can not determine the records login state because there is no last_request_at column" if !respond_to?(:last_request_at)
+            !last_request_at.nil? && last_request_at > logged_in_timeout.seconds.ago
+          end
+
+          # Opposite of logged_in?
+          def logged_out?
+            !logged_in?
+          end
+
+          private
+            def logged_in_timeout
+              self.class.logged_in_timeout
+            end
+        end
+      end
+    end
+  end
+end

data/lib/authlogic/acts_as_authentic/login.rb

@@ -0,0 +1,142 @@
+module Authlogic
+  module ActsAsAuthentic
+    # Handles everything related to the login field.
+    module Login
+      def self.included(klass)
+        klass.class_eval do
+          extend Config
+          add_acts_as_authentic_module(Methods)
+        end
+      end
+
+      # Configuration for the login field.
+      module Config
+        # The name of the login field in the database.
+        #
+        # * <tt>Default:</tt> :login or :username, if they exist
+        # * <tt>Accepts:</tt> Symbol
+        def login_field(value = nil)
+          rw_config(:login_field, value, first_column_to_exist(nil, :login, :username))
+        end
+        alias_method :login_field=, :login_field
+
+        # Whether or not to validate the login field
+        #
+        # * <tt>Default:</tt> true
+        # * <tt>Accepts:</tt> Boolean
+        def validate_login_field(value = nil)
+          rw_config(:validate_login_field, value, true)
+        end
+        alias_method :validate_login_field=, :validate_login_field
+
+        # A hash of options for the validates_length_of call for the login field. Allows you to change this however you want.
+        #
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
+        # merge options into it. Checkout the convenience function merge_validates_length_of_login_field_options to merge
+        # options.</b>
+        #
+        # * <tt>Default:</tt> {:within => 3..100}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_length_of
+        def validates_length_of_login_field_options(value = nil)
+          rw_config(:validates_length_of_login_field_options, value, {:within => 3..100})
+        end
+        alias_method :validates_length_of_login_field_options=, :validates_length_of_login_field_options
+
+        # A convenience function to merge options into the validates_length_of_login_field_options. So instead of:
+        #
+        #   self.validates_length_of_login_field_options = validates_length_of_login_field_options.merge(:my_option => my_value)
+        #
+        # You can do this:
+        #
+        #   merge_validates_length_of_login_field_options :my_option => my_value
+        def merge_validates_length_of_login_field_options(options = {})
+          self.validates_length_of_login_field_options = validates_length_of_login_field_options.merge(options)
+        end
+
+        # A hash of options for the validates_format_of call for the login field. Allows you to change this however you want.
+        #
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
+        # merge options into it. Checkout the convenience function merge_validates_format_of_login_field_options to merge
+        # options.</b>
+        #
+        # * <tt>Default:</tt> {:with => Authlogic::Regex.login, :message => lambda {I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
+        def validates_format_of_login_field_options(value = nil)
+          rw_config(:validates_format_of_login_field_options, value, {:with => Authlogic::Regex.login, :message => Proc.new{I18n.t('error_messages.login_invalid', :default => "should use only letters, numbers, spaces, and .-_@ please.")}})
+        end
+        alias_method :validates_format_of_login_field_options=, :validates_format_of_login_field_options
+
+        # See merge_validates_length_of_login_field_options. The same thing, except for validates_format_of_login_field_options
+        def merge_validates_format_of_login_field_options(options = {})
+          self.validates_format_of_login_field_options = validates_format_of_login_field_options.merge(options)
+        end
+
+        # A hash of options for the validates_uniqueness_of call for the login field. Allows you to change this however you want.
+        #
+        # <b>Keep in mind this is ruby. I wanted to keep this as flexible as possible, so you can completely replace the hash or
+        # merge options into it. Checkout the convenience function merge_validates_format_of_login_field_options to merge
+        # options.</b>
+        #
+        # * <tt>Default:</tt> {:case_sensitive => false, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym}
+        # * <tt>Accepts:</tt> Hash of options accepted by validates_uniqueness_of
+        def validates_uniqueness_of_login_field_options(value = nil)
+          rw_config(:validates_uniqueness_of_login_field_options, value, {:case_sensitive => false, :scope => validations_scope, :if => "#{login_field}_changed?".to_sym})
+        end
+        alias_method :validates_uniqueness_of_login_field_options=, :validates_uniqueness_of_login_field_options
+
+        # See merge_validates_length_of_login_field_options. The same thing, except for validates_uniqueness_of_login_field_options
+        def merge_validates_uniqueness_of_login_field_options(options = {})
+          self.validates_uniqueness_of_login_field_options = validates_uniqueness_of_login_field_options.merge(options)
+        end
+
+        # This method allows you to find a record with the given login. If you notice, with Active Record you have the
+        # validates_uniqueness_of validation function. They give you a :case_sensitive option. I handle this in the same
+        # manner that they handle that. If you are using the login field and set false for the :case_sensitive option in
+        # validates_uniqueness_of_login_field_options this method will modify the query to look something like:
+        #
+        #   where("#{quoted_table_name}.#{field} LIKE ?", login).first
+        #
+        # If you don't specify this it calls the good old find_by_* method:
+        #
+        #   find_by_login(login)
+        #
+        # The above also applies for using email as your login, except that you need to set the :case_sensitive in
+        # validates_uniqueness_of_email_field_options to false.
+        #
+        # The only reason I need to do the above is for Postgres and SQLite since they perform case sensitive searches with the
+        # find_by_* methods.
+        def find_by_smart_case_login_field(login)
+          if login_field
+            find_with_case(login_field, login, validates_uniqueness_of_login_field_options[:case_sensitive] != false)
+          else
+            find_with_case(email_field, login, validates_uniqueness_of_email_field_options[:case_sensitive] != false)
+          end
+        end
+
+        private
+          def find_with_case(field, value, sensitivity = true)
+            if sensitivity
+              send("find_by_#{field}", value)
+            else
+              like_word = ::ActiveRecord::Base.connection.adapter_name == "PostgreSQL" ? "ILIKE" : "LIKE"
+              where("#{quoted_table_name}.#{field} #{like_word} ?", value.mb_chars).first
+            end
+          end
+      end
+
+      # All methods relating to the login field
+      module Methods
+        # Adds in various validations, modules, etc.
+        def self.included(klass)
+          klass.class_eval do
+            if validate_login_field && login_field
+              validates_length_of login_field, validates_length_of_login_field_options
+              validates_format_of login_field, validates_format_of_login_field_options
+              validates_uniqueness_of login_field, validates_uniqueness_of_login_field_options
+            end
+          end
+        end
+      end
+    end
+  end
+end