refinerycms 0.9.6.19 → 0.9.6.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (385) hide show
  1. data/.gems +0 -8
  2. data/.gitignore +3 -1
  3. data/Rakefile +1 -5
  4. data/VERSION +1 -1
  5. data/bin/refinery-update-core +11 -2
  6. data/config/application.rb +6 -1
  7. data/config/environments/development.rb +10 -6
  8. data/config/settings.rb +3 -0
  9. data/db/migrate/20100305023036_change_users_columns_for_authlogic.rb +46 -0
  10. data/db/migrate/20100305023037_remove_unused_users_columns.rb +16 -0
  11. data/db/migrate/20100312155331_make_user_perishable_token_nullable.rb +13 -0
  12. data/db/migrate/20100312160327_make_user_persistence_token_nullable.rb +13 -0
  13. data/db/migrate/20100315203301_remove_state_from_users.rb +9 -0
  14. data/db/schema.rb +8 -21
  15. data/db/seeds.rb +5 -19
  16. data/lib/refinery/tasks/refinery.rb +1 -1
  17. data/public/javascripts/admin.js +6 -2
  18. data/public/javascripts/jquery-ui-1.8.min.js +374 -0
  19. data/public/javascripts/jquery.js +606 -444
  20. data/public/javascripts/refinery/admin.js +30 -9
  21. data/public/javascripts/refinery/boot_wym.js +4 -0
  22. data/public/javascripts/wymeditor/jquery.refinery.wymeditor.js +3 -4
  23. data/public/stylesheets/refinery/refinery.css +11 -0
  24. data/public/stylesheets/wymeditor/skins/refinery/skin.css +3 -1
  25. data/public/stylesheets/wymeditor/skins/refinery/wymiframe.css +5 -5
  26. data/readme.md +13 -10
  27. data/test/fixtures/users.yml +5 -5
  28. data/test/functional/dashboard_controller_test.rb +0 -4
  29. data/test/functional/images_controller_test.rb +0 -3
  30. data/test/test_helper.rb +7 -3
  31. data/themes/hemingway/views/layouts/application.html.erb +1 -12
  32. data/vendor/plugins/authentication/app/controllers/admin/users_controller.rb +1 -3
  33. data/vendor/plugins/authentication/app/controllers/sessions_controller.rb +3 -14
  34. data/vendor/plugins/authentication/app/controllers/users_controller.rb +26 -37
  35. data/vendor/plugins/authentication/app/models/user.rb +29 -112
  36. data/vendor/plugins/authentication/app/models/user_mailer.rb +8 -5
  37. data/vendor/plugins/authentication/app/models/user_session.rb +9 -0
  38. data/vendor/plugins/authentication/app/views/admin/users/index.html.erb +1 -1
  39. data/vendor/plugins/authentication/app/views/sessions/new.html.erb +5 -4
  40. data/vendor/plugins/authentication/lib/authenticated_system.rb +40 -30
  41. data/vendor/plugins/authentication/rails/init.rb +9 -0
  42. data/vendor/plugins/authlogic/CHANGELOG.rdoc +345 -0
  43. data/vendor/plugins/authlogic/LICENSE +20 -0
  44. data/vendor/plugins/authlogic/README.rdoc +246 -0
  45. data/vendor/plugins/authlogic/Rakefile +42 -0
  46. data/vendor/plugins/authlogic/VERSION.yml +5 -0
  47. data/vendor/plugins/authlogic/authlogic.gemspec +217 -0
  48. data/vendor/plugins/authlogic/generators/session/session_generator.rb +9 -0
  49. data/vendor/plugins/authlogic/generators/session/templates/session.rb +2 -0
  50. data/vendor/plugins/authlogic/init.rb +1 -0
  51. data/vendor/plugins/authlogic/lib/authlogic.rb +64 -0
  52. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/base.rb +107 -0
  53. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/email.rb +110 -0
  54. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/logged_in_status.rb +60 -0
  55. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/login.rb +141 -0
  56. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/magic_columns.rb +24 -0
  57. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/password.rb +355 -0
  58. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/perishable_token.rb +105 -0
  59. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/persistence_token.rb +68 -0
  60. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/restful_authentication.rb +61 -0
  61. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/session_maintenance.rb +139 -0
  62. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/single_access_token.rb +65 -0
  63. data/vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/validations_scope.rb +32 -0
  64. data/vendor/plugins/authlogic/lib/authlogic/authenticates_many/association.rb +42 -0
  65. data/vendor/plugins/authlogic/lib/authlogic/authenticates_many/base.rb +55 -0
  66. data/vendor/plugins/authlogic/lib/authlogic/controller_adapters/abstract_adapter.rb +67 -0
  67. data/vendor/plugins/authlogic/lib/authlogic/controller_adapters/merb_adapter.rb +30 -0
  68. data/vendor/plugins/authlogic/lib/authlogic/controller_adapters/rails_adapter.rb +48 -0
  69. data/vendor/plugins/authlogic/lib/authlogic/controller_adapters/sinatra_adapter.rb +61 -0
  70. data/vendor/plugins/authlogic/lib/authlogic/crypto_providers/aes256.rb +43 -0
  71. data/vendor/plugins/authlogic/lib/authlogic/crypto_providers/bcrypt.rb +90 -0
  72. data/vendor/plugins/authlogic/lib/authlogic/crypto_providers/md5.rb +34 -0
  73. data/vendor/plugins/authlogic/lib/authlogic/crypto_providers/sha1.rb +35 -0
  74. data/vendor/plugins/authlogic/lib/authlogic/crypto_providers/sha256.rb +50 -0
  75. data/vendor/plugins/authlogic/lib/authlogic/crypto_providers/sha512.rb +50 -0
  76. data/vendor/plugins/authlogic/lib/authlogic/crypto_providers/wordpress.rb +43 -0
  77. data/vendor/plugins/authlogic/lib/authlogic/i18n.rb +83 -0
  78. data/vendor/plugins/authlogic/lib/authlogic/i18n/translator.rb +15 -0
  79. data/vendor/plugins/authlogic/lib/authlogic/random.rb +33 -0
  80. data/vendor/plugins/authlogic/lib/authlogic/regex.rb +25 -0
  81. data/vendor/plugins/authlogic/lib/authlogic/session/activation.rb +58 -0
  82. data/vendor/plugins/authlogic/lib/authlogic/session/active_record_trickery.rb +64 -0
  83. data/vendor/plugins/authlogic/lib/authlogic/session/base.rb +37 -0
  84. data/vendor/plugins/authlogic/lib/authlogic/session/brute_force_protection.rb +96 -0
  85. data/vendor/plugins/authlogic/lib/authlogic/session/callbacks.rb +99 -0
  86. data/vendor/plugins/authlogic/lib/authlogic/session/cookies.rb +130 -0
  87. data/vendor/plugins/authlogic/lib/authlogic/session/existence.rb +93 -0
  88. data/vendor/plugins/authlogic/lib/authlogic/session/foundation.rb +63 -0
  89. data/vendor/plugins/authlogic/lib/authlogic/session/http_auth.rb +58 -0
  90. data/vendor/plugins/authlogic/lib/authlogic/session/id.rb +41 -0
  91. data/vendor/plugins/authlogic/lib/authlogic/session/klass.rb +78 -0
  92. data/vendor/plugins/authlogic/lib/authlogic/session/magic_columns.rb +95 -0
  93. data/vendor/plugins/authlogic/lib/authlogic/session/magic_states.rb +59 -0
  94. data/vendor/plugins/authlogic/lib/authlogic/session/params.rb +101 -0
  95. data/vendor/plugins/authlogic/lib/authlogic/session/password.rb +240 -0
  96. data/vendor/plugins/authlogic/lib/authlogic/session/perishable_token.rb +18 -0
  97. data/vendor/plugins/authlogic/lib/authlogic/session/persistence.rb +70 -0
  98. data/vendor/plugins/authlogic/lib/authlogic/session/priority_record.rb +34 -0
  99. data/vendor/plugins/authlogic/lib/authlogic/session/scopes.rb +101 -0
  100. data/vendor/plugins/authlogic/lib/authlogic/session/session.rb +62 -0
  101. data/vendor/plugins/authlogic/lib/authlogic/session/timeout.rb +82 -0
  102. data/vendor/plugins/authlogic/lib/authlogic/session/unauthorized_record.rb +50 -0
  103. data/vendor/plugins/authlogic/lib/authlogic/session/validation.rb +82 -0
  104. data/vendor/plugins/authlogic/lib/authlogic/test_case.rb +120 -0
  105. data/vendor/plugins/authlogic/lib/authlogic/test_case/mock_controller.rb +45 -0
  106. data/vendor/plugins/authlogic/lib/authlogic/test_case/mock_cookie_jar.rb +14 -0
  107. data/vendor/plugins/authlogic/lib/authlogic/test_case/mock_logger.rb +10 -0
  108. data/vendor/plugins/authlogic/lib/authlogic/test_case/mock_request.rb +19 -0
  109. data/vendor/plugins/authlogic/lib/authlogic/test_case/rails_request_adapter.rb +30 -0
  110. data/vendor/plugins/authlogic/rails/init.rb +1 -0
  111. data/vendor/plugins/authlogic/shoulda_macros/authlogic.rb +69 -0
  112. data/vendor/plugins/authlogic/test/acts_as_authentic_test/base_test.rb +18 -0
  113. data/vendor/plugins/authlogic/test/acts_as_authentic_test/email_test.rb +97 -0
  114. data/vendor/plugins/authlogic/test/acts_as_authentic_test/logged_in_status_test.rb +36 -0
  115. data/vendor/plugins/authlogic/test/acts_as_authentic_test/login_test.rb +109 -0
  116. data/vendor/plugins/authlogic/test/acts_as_authentic_test/magic_columns_test.rb +27 -0
  117. data/vendor/plugins/authlogic/test/acts_as_authentic_test/password_test.rb +236 -0
  118. data/vendor/plugins/authlogic/test/acts_as_authentic_test/perishable_token_test.rb +90 -0
  119. data/vendor/plugins/authlogic/test/acts_as_authentic_test/persistence_token_test.rb +55 -0
  120. data/vendor/plugins/authlogic/test/acts_as_authentic_test/restful_authentication_test.rb +40 -0
  121. data/vendor/plugins/authlogic/test/acts_as_authentic_test/session_maintenance_test.rb +84 -0
  122. data/vendor/plugins/authlogic/test/acts_as_authentic_test/single_access_test.rb +44 -0
  123. data/vendor/plugins/authlogic/test/authenticates_many_test.rb +16 -0
  124. data/vendor/plugins/authlogic/test/crypto_provider_test/aes256_test.rb +14 -0
  125. data/vendor/plugins/authlogic/test/crypto_provider_test/bcrypt_test.rb +14 -0
  126. data/vendor/plugins/authlogic/test/crypto_provider_test/sha1_test.rb +23 -0
  127. data/vendor/plugins/authlogic/test/crypto_provider_test/sha256_test.rb +14 -0
  128. data/vendor/plugins/authlogic/test/crypto_provider_test/sha512_test.rb +14 -0
  129. data/vendor/plugins/authlogic/test/fixtures/companies.yml +5 -0
  130. data/vendor/plugins/authlogic/test/fixtures/employees.yml +17 -0
  131. data/vendor/plugins/authlogic/test/fixtures/projects.yml +3 -0
  132. data/vendor/plugins/authlogic/test/fixtures/users.yml +24 -0
  133. data/vendor/plugins/authlogic/test/i18n_test.rb +33 -0
  134. data/vendor/plugins/authlogic/test/libs/affiliate.rb +7 -0
  135. data/vendor/plugins/authlogic/test/libs/company.rb +6 -0
  136. data/vendor/plugins/authlogic/test/libs/employee.rb +7 -0
  137. data/vendor/plugins/authlogic/test/libs/employee_session.rb +2 -0
  138. data/vendor/plugins/authlogic/test/libs/ldaper.rb +3 -0
  139. data/vendor/plugins/authlogic/test/libs/ordered_hash.rb +9 -0
  140. data/vendor/plugins/authlogic/test/libs/project.rb +3 -0
  141. data/vendor/plugins/authlogic/test/libs/user.rb +5 -0
  142. data/vendor/plugins/authlogic/test/libs/user_session.rb +6 -0
  143. data/vendor/plugins/authlogic/test/random_test.rb +49 -0
  144. data/vendor/plugins/authlogic/test/session_test/activation_test.rb +43 -0
  145. data/vendor/plugins/authlogic/test/session_test/active_record_trickery_test.rb +36 -0
  146. data/vendor/plugins/authlogic/test/session_test/brute_force_protection_test.rb +101 -0
  147. data/vendor/plugins/authlogic/test/session_test/callbacks_test.rb +6 -0
  148. data/vendor/plugins/authlogic/test/session_test/cookies_test.rb +112 -0
  149. data/vendor/plugins/authlogic/test/session_test/credentials_test.rb +0 -0
  150. data/vendor/plugins/authlogic/test/session_test/existence_test.rb +64 -0
  151. data/vendor/plugins/authlogic/test/session_test/http_auth_test.rb +28 -0
  152. data/vendor/plugins/authlogic/test/session_test/id_test.rb +17 -0
  153. data/vendor/plugins/authlogic/test/session_test/klass_test.rb +40 -0
  154. data/vendor/plugins/authlogic/test/session_test/magic_columns_test.rb +62 -0
  155. data/vendor/plugins/authlogic/test/session_test/magic_states_test.rb +60 -0
  156. data/vendor/plugins/authlogic/test/session_test/params_test.rb +53 -0
  157. data/vendor/plugins/authlogic/test/session_test/password_test.rb +106 -0
  158. data/vendor/plugins/authlogic/test/session_test/perishability_test.rb +15 -0
  159. data/vendor/plugins/authlogic/test/session_test/persistence_test.rb +21 -0
  160. data/vendor/plugins/authlogic/test/session_test/scopes_test.rb +60 -0
  161. data/vendor/plugins/authlogic/test/session_test/session_test.rb +59 -0
  162. data/vendor/plugins/authlogic/test/session_test/timeout_test.rb +52 -0
  163. data/vendor/plugins/authlogic/test/session_test/unauthorized_record_test.rb +13 -0
  164. data/vendor/plugins/authlogic/test/session_test/validation_test.rb +23 -0
  165. data/vendor/plugins/authlogic/test/test_helper.rb +182 -0
  166. data/vendor/plugins/dashboard/app/helpers/admin/dashboard_helper.rb +1 -1
  167. data/vendor/plugins/friendly_id/Changelog.md +243 -0
  168. data/vendor/plugins/friendly_id/Contributors.md +30 -0
  169. data/vendor/plugins/friendly_id/Gemfile +2 -0
  170. data/vendor/plugins/friendly_id/Guide.md +509 -0
  171. data/vendor/plugins/friendly_id/LICENSE +19 -0
  172. data/vendor/plugins/friendly_id/README.md +76 -0
  173. data/vendor/plugins/friendly_id/Rakefile +68 -0
  174. data/vendor/plugins/friendly_id/extras/README.txt +3 -0
  175. data/vendor/plugins/friendly_id/extras/bench.rb +59 -0
  176. data/vendor/plugins/friendly_id/extras/extras.rb +31 -0
  177. data/vendor/plugins/friendly_id/extras/prof.rb +14 -0
  178. data/vendor/plugins/friendly_id/extras/template-gem.rb +26 -0
  179. data/vendor/plugins/friendly_id/extras/template-plugin.rb +28 -0
  180. data/vendor/plugins/friendly_id/friendly_id.gemspec +40 -0
  181. data/vendor/plugins/friendly_id/generators/friendly_id/friendly_id_generator.rb +28 -0
  182. data/vendor/plugins/friendly_id/generators/friendly_id/templates/create_slugs.rb +18 -0
  183. data/vendor/plugins/friendly_id/lib/friendly_id.rb +67 -0
  184. data/vendor/plugins/friendly_id/lib/friendly_id/active_record2.rb +47 -0
  185. data/vendor/plugins/friendly_id/lib/friendly_id/active_record2/configuration.rb +66 -0
  186. data/vendor/plugins/friendly_id/lib/friendly_id/active_record2/finders.rb +140 -0
  187. data/vendor/plugins/friendly_id/lib/friendly_id/active_record2/simple_model.rb +162 -0
  188. data/vendor/plugins/friendly_id/lib/friendly_id/active_record2/slug.rb +111 -0
  189. data/vendor/plugins/friendly_id/lib/friendly_id/active_record2/slugged_model.rb +323 -0
  190. data/vendor/plugins/friendly_id/lib/friendly_id/active_record2/tasks.rb +66 -0
  191. data/vendor/plugins/friendly_id/lib/friendly_id/active_record2/tasks/friendly_id.rake +19 -0
  192. data/vendor/plugins/friendly_id/lib/friendly_id/configuration.rb +132 -0
  193. data/vendor/plugins/friendly_id/lib/friendly_id/finders.rb +106 -0
  194. data/vendor/plugins/friendly_id/lib/friendly_id/slug_string.rb +292 -0
  195. data/vendor/plugins/friendly_id/lib/friendly_id/slugged.rb +91 -0
  196. data/vendor/plugins/friendly_id/lib/friendly_id/status.rb +35 -0
  197. data/vendor/plugins/friendly_id/lib/friendly_id/test.rb +175 -0
  198. data/vendor/plugins/friendly_id/lib/friendly_id/version.rb +8 -0
  199. data/vendor/plugins/friendly_id/rails/init.rb +2 -0
  200. data/vendor/plugins/friendly_id/test/active_record2/basic_slugged_model_test.rb +14 -0
  201. data/vendor/plugins/friendly_id/test/active_record2/cached_slug_test.rb +61 -0
  202. data/vendor/plugins/friendly_id/test/active_record2/core.rb +93 -0
  203. data/vendor/plugins/friendly_id/test/active_record2/custom_normalizer_test.rb +20 -0
  204. data/vendor/plugins/friendly_id/test/active_record2/custom_table_name_test.rb +22 -0
  205. data/vendor/plugins/friendly_id/test/active_record2/deprecated_test.rb +23 -0
  206. data/vendor/plugins/friendly_id/test/active_record2/scoped_model_test.rb +111 -0
  207. data/vendor/plugins/friendly_id/test/active_record2/simple_test.rb +59 -0
  208. data/vendor/plugins/friendly_id/test/active_record2/slug_test.rb +34 -0
  209. data/vendor/plugins/friendly_id/test/active_record2/slugged.rb +30 -0
  210. data/vendor/plugins/friendly_id/test/active_record2/slugged_status_test.rb +61 -0
  211. data/vendor/plugins/friendly_id/test/active_record2/sti_test.rb +22 -0
  212. data/vendor/plugins/friendly_id/test/active_record2/support/database.mysql.yml +4 -0
  213. data/vendor/plugins/friendly_id/test/active_record2/support/database.postgres.yml +6 -0
  214. data/vendor/plugins/friendly_id/test/active_record2/support/database.sqlite3.yml +2 -0
  215. data/vendor/plugins/friendly_id/test/active_record2/support/models.rb +78 -0
  216. data/vendor/plugins/friendly_id/test/active_record2/tasks_test.rb +82 -0
  217. data/vendor/plugins/friendly_id/test/active_record2/test_helper.rb +114 -0
  218. data/vendor/plugins/friendly_id/test/friendly_id_test.rb +60 -0
  219. data/vendor/plugins/friendly_id/test/slug_string_test.rb +78 -0
  220. data/vendor/plugins/friendly_id/test/test_helper.rb +9 -0
  221. data/vendor/plugins/hpricot/CHANGELOG +88 -0
  222. data/vendor/plugins/hpricot/COPYING +18 -0
  223. data/vendor/plugins/hpricot/README +275 -0
  224. data/vendor/plugins/hpricot/Rakefile +272 -0
  225. data/vendor/plugins/hpricot/ext/fast_xs/FastXsService.java +1030 -0
  226. data/vendor/plugins/hpricot/ext/fast_xs/extconf.rb +4 -0
  227. data/vendor/plugins/hpricot/ext/fast_xs/fast_xs.c +201 -0
  228. data/vendor/plugins/hpricot/ext/hpricot_scan/HpricotCss.java +831 -0
  229. data/vendor/plugins/hpricot/ext/hpricot_scan/HpricotScanService.java +2086 -0
  230. data/vendor/plugins/hpricot/ext/hpricot_scan/MANIFEST +0 -0
  231. data/vendor/plugins/hpricot/ext/hpricot_scan/extconf.rb +6 -0
  232. data/vendor/plugins/hpricot/ext/hpricot_scan/hpricot_common.rl +76 -0
  233. data/vendor/plugins/hpricot/ext/hpricot_scan/hpricot_css.c +3503 -0
  234. data/vendor/plugins/hpricot/ext/hpricot_scan/hpricot_css.java.rl +155 -0
  235. data/vendor/plugins/hpricot/ext/hpricot_scan/hpricot_css.rl +115 -0
  236. data/vendor/plugins/hpricot/ext/hpricot_scan/hpricot_scan.c +6927 -0
  237. data/vendor/plugins/hpricot/ext/hpricot_scan/hpricot_scan.h +79 -0
  238. data/vendor/plugins/hpricot/ext/hpricot_scan/hpricot_scan.java.rl +1152 -0
  239. data/vendor/plugins/hpricot/ext/hpricot_scan/hpricot_scan.rl +788 -0
  240. data/vendor/plugins/hpricot/extras/mingw-rbconfig.rb +176 -0
  241. data/vendor/plugins/hpricot/hpricot.gemspec +17 -0
  242. data/vendor/plugins/hpricot/lib/hpricot.rb +26 -0
  243. data/vendor/plugins/hpricot/lib/hpricot/blankslate.rb +63 -0
  244. data/vendor/plugins/hpricot/lib/hpricot/builder.rb +216 -0
  245. data/vendor/plugins/hpricot/lib/hpricot/elements.rb +510 -0
  246. data/vendor/plugins/hpricot/lib/hpricot/htmlinfo.rb +691 -0
  247. data/vendor/plugins/hpricot/lib/hpricot/inspect.rb +103 -0
  248. data/vendor/plugins/hpricot/lib/hpricot/modules.rb +40 -0
  249. data/vendor/plugins/hpricot/lib/hpricot/parse.rb +38 -0
  250. data/vendor/plugins/hpricot/lib/hpricot/tag.rb +219 -0
  251. data/vendor/plugins/hpricot/lib/hpricot/tags.rb +164 -0
  252. data/vendor/plugins/hpricot/lib/hpricot/traverse.rb +839 -0
  253. data/vendor/plugins/hpricot/lib/hpricot/xchar.rb +94 -0
  254. data/vendor/plugins/hpricot/setup.rb +1585 -0
  255. data/vendor/plugins/hpricot/test/files/basic.xhtml +17 -0
  256. data/vendor/plugins/hpricot/test/files/boingboing.html +2266 -0
  257. data/vendor/plugins/hpricot/test/files/cy0.html +3653 -0
  258. data/vendor/plugins/hpricot/test/files/immob.html +400 -0
  259. data/vendor/plugins/hpricot/test/files/pace_application.html +1320 -0
  260. data/vendor/plugins/hpricot/test/files/tenderlove.html +16 -0
  261. data/vendor/plugins/hpricot/test/files/uswebgen.html +220 -0
  262. data/vendor/plugins/hpricot/test/files/utf8.html +1054 -0
  263. data/vendor/plugins/hpricot/test/files/week9.html +1723 -0
  264. data/vendor/plugins/hpricot/test/files/why.xml +19 -0
  265. data/vendor/plugins/hpricot/test/load_files.rb +7 -0
  266. data/vendor/plugins/hpricot/test/nokogiri-bench.rb +64 -0
  267. data/vendor/plugins/hpricot/test/test_alter.rb +96 -0
  268. data/vendor/plugins/hpricot/test/test_builder.rb +37 -0
  269. data/vendor/plugins/hpricot/test/test_parser.rb +428 -0
  270. data/vendor/plugins/hpricot/test/test_paths.rb +25 -0
  271. data/vendor/plugins/hpricot/test/test_preserved.rb +88 -0
  272. data/vendor/plugins/hpricot/test/test_xml.rb +28 -0
  273. data/vendor/plugins/inquiries/app/controllers/admin/inquiries_controller.rb +1 -6
  274. data/vendor/plugins/inquiries/app/helpers/inquiries_helper.rb +0 -11
  275. data/vendor/plugins/inquiries/app/views/admin/inquiries/_inquiry.html.erb +10 -6
  276. data/vendor/plugins/inquiries/app/views/inquiry_mailer/confirmation.html.erb +1 -1
  277. data/vendor/plugins/inquiries/config/routes.rb +1 -1
  278. data/vendor/plugins/pages/app/controllers/admin/pages_controller.rb +16 -3
  279. data/vendor/plugins/pages/app/models/page_part.rb +9 -0
  280. data/vendor/plugins/rails_indexes/lib/indexer.rb +0 -2
  281. data/vendor/plugins/refinery/app/views/admin/_head.html.erb +2 -1
  282. data/vendor/plugins/refinery/app/views/shared/_head.html.erb +0 -1
  283. data/vendor/plugins/refinery/app/views/shared/_ie6check.html.erb +23 -11
  284. data/vendor/plugins/refinery/app/views/welcome.html.erb +1 -1
  285. data/vendor/plugins/refinery/app/views/wymiframe.html.erb +2 -1
  286. data/vendor/plugins/refinery/lib/generators/refinery/USAGE +1 -1
  287. data/vendor/plugins/refinery/lib/generators/refinery/templates/migration.rb +2 -2
  288. data/vendor/plugins/refinery/lib/generators/refinery/templates/model.rb +4 -0
  289. data/vendor/plugins/refinery/lib/generators/refinery/templates/views/admin/_form.html.erb +6 -0
  290. data/vendor/plugins/refinery/lib/generators/refinery/templates/views/show.html.erb +5 -3
  291. data/vendor/plugins/refinery/lib/refinery/application_helper.rb +2 -2
  292. data/vendor/plugins/refinery/lib/refinery/initializer.rb +4 -41
  293. data/vendor/plugins/refinery_settings/app/models/refinery_setting.rb +7 -3
  294. data/vendor/plugins/slim_scrooge/README.textile +112 -0
  295. data/vendor/plugins/slim_scrooge/Rakefile +29 -0
  296. data/vendor/plugins/slim_scrooge/VERSION.yml +5 -0
  297. data/vendor/plugins/slim_scrooge/ext/Rakefile +42 -0
  298. data/vendor/plugins/slim_scrooge/ext/extconf.rb +5 -0
  299. data/vendor/plugins/slim_scrooge/lib/slim_scrooge.rb +16 -0
  300. data/vendor/plugins/slim_scrooge/lib/slim_scrooge/callsite.rb +96 -0
  301. data/vendor/plugins/slim_scrooge/lib/slim_scrooge/callsites.rb +70 -0
  302. data/vendor/plugins/slim_scrooge/lib/slim_scrooge/monitored_hash.rb +103 -0
  303. data/vendor/plugins/slim_scrooge/lib/slim_scrooge/result_set.rb +38 -0
  304. data/vendor/plugins/slim_scrooge/lib/slim_scrooge/simple_set.rb +34 -0
  305. data/vendor/plugins/slim_scrooge/lib/slim_scrooge/slim_scrooge.rb +46 -0
  306. data/vendor/plugins/slim_scrooge/rails/init.rb +8 -0
  307. data/vendor/plugins/slim_scrooge/slim_scrooge.gemspec +62 -0
  308. data/vendor/plugins/slim_scrooge/slim_scrooge_windows.gemspec +59 -0
  309. data/vendor/plugins/slim_scrooge/test/active_record_setup.rb +3 -0
  310. data/vendor/plugins/slim_scrooge/test/helper.rb +91 -0
  311. data/vendor/plugins/slim_scrooge/test/models/course.rb +2 -0
  312. data/vendor/plugins/slim_scrooge/test/schema/schema.rb +5 -0
  313. data/vendor/plugins/slim_scrooge/test/setup.rb +5 -0
  314. data/vendor/plugins/themes/app/models/theme.rb +7 -0
  315. data/vendor/plugins/themes/lib/theme_server.rb +3 -1
  316. data/vendor/plugins/themes/rails/init.rb +16 -13
  317. data/vendor/plugins/will_paginate/.manifest +43 -0
  318. data/vendor/plugins/will_paginate/CHANGELOG.rdoc +139 -0
  319. data/vendor/plugins/will_paginate/LICENSE +18 -0
  320. data/vendor/plugins/will_paginate/README.rdoc +107 -0
  321. data/vendor/plugins/will_paginate/Rakefile +53 -0
  322. data/vendor/plugins/will_paginate/examples/apple-circle.gif +0 -0
  323. data/vendor/plugins/will_paginate/examples/index.haml +69 -0
  324. data/vendor/plugins/will_paginate/examples/index.html +92 -0
  325. data/vendor/plugins/will_paginate/examples/pagination.css +90 -0
  326. data/vendor/plugins/will_paginate/examples/pagination.sass +91 -0
  327. data/vendor/plugins/will_paginate/init.rb +1 -0
  328. data/vendor/plugins/will_paginate/lib/will_paginate.rb +90 -0
  329. data/vendor/plugins/will_paginate/lib/will_paginate/array.rb +16 -0
  330. data/vendor/plugins/will_paginate/lib/will_paginate/collection.rb +146 -0
  331. data/vendor/plugins/will_paginate/lib/will_paginate/core_ext.rb +43 -0
  332. data/vendor/plugins/will_paginate/lib/will_paginate/finder.rb +264 -0
  333. data/vendor/plugins/will_paginate/lib/will_paginate/named_scope.rb +170 -0
  334. data/vendor/plugins/will_paginate/lib/will_paginate/named_scope_patch.rb +37 -0
  335. data/vendor/plugins/will_paginate/lib/will_paginate/version.rb +9 -0
  336. data/vendor/plugins/will_paginate/lib/will_paginate/view_helpers.rb +408 -0
  337. data/vendor/plugins/will_paginate/test/boot.rb +21 -0
  338. data/vendor/plugins/will_paginate/test/collection_test.rb +143 -0
  339. data/vendor/plugins/will_paginate/test/console +8 -0
  340. data/vendor/plugins/will_paginate/test/database.yml +22 -0
  341. data/vendor/plugins/will_paginate/test/finder_test.rb +473 -0
  342. data/vendor/plugins/will_paginate/test/fixtures/admin.rb +3 -0
  343. data/vendor/plugins/will_paginate/test/fixtures/developer.rb +14 -0
  344. data/vendor/plugins/will_paginate/test/fixtures/developers_projects.yml +13 -0
  345. data/vendor/plugins/will_paginate/test/fixtures/project.rb +15 -0
  346. data/vendor/plugins/will_paginate/test/fixtures/projects.yml +6 -0
  347. data/vendor/plugins/will_paginate/test/fixtures/replies.yml +29 -0
  348. data/vendor/plugins/will_paginate/test/fixtures/reply.rb +7 -0
  349. data/vendor/plugins/will_paginate/test/fixtures/schema.rb +38 -0
  350. data/vendor/plugins/will_paginate/test/fixtures/topic.rb +10 -0
  351. data/vendor/plugins/will_paginate/test/fixtures/topics.yml +30 -0
  352. data/vendor/plugins/will_paginate/test/fixtures/user.rb +2 -0
  353. data/vendor/plugins/will_paginate/test/fixtures/users.yml +35 -0
  354. data/vendor/plugins/will_paginate/test/helper.rb +37 -0
  355. data/vendor/plugins/will_paginate/test/lib/activerecord_test_case.rb +43 -0
  356. data/vendor/plugins/will_paginate/test/lib/activerecord_test_connector.rb +75 -0
  357. data/vendor/plugins/will_paginate/test/lib/load_fixtures.rb +11 -0
  358. data/vendor/plugins/will_paginate/test/lib/view_test_process.rb +179 -0
  359. data/vendor/plugins/will_paginate/test/tasks.rake +59 -0
  360. data/vendor/plugins/will_paginate/test/view_test.rb +373 -0
  361. data/vendor/plugins/will_paginate/will_paginate.gemspec +19 -0
  362. metadata +308 -27
  363. data/db/migrate/20091029034951_remove_blurb_from_news_items.rb +0 -9
  364. data/public/javascripts/jquery-ui-1.8rc1.min.js +0 -375
  365. data/test/fixtures/news_items.yml +0 -14
  366. data/test/unit/news_items_test.rb +0 -33
  367. data/vendor/plugins/authentication/test/fixtures/users.yml +0 -19
  368. data/vendor/plugins/authentication/test/functional/sessions_controller_test.rb +0 -85
  369. data/vendor/plugins/authentication/test/functional/users_controller_test.rb +0 -99
  370. data/vendor/plugins/authentication/test/unit/user_test.rb +0 -164
  371. data/vendor/plugins/news/app/controllers/admin/news_items_controller.rb +0 -5
  372. data/vendor/plugins/news/app/controllers/news_items_controller.rb +0 -20
  373. data/vendor/plugins/news/app/models/news_item.rb +0 -24
  374. data/vendor/plugins/news/app/views/admin/news_items/_form.html.erb +0 -19
  375. data/vendor/plugins/news/app/views/admin/news_items/_news_item.html.erb +0 -15
  376. data/vendor/plugins/news/app/views/admin/news_items/edit.html.erb +0 -1
  377. data/vendor/plugins/news/app/views/admin/news_items/index.html.erb +0 -31
  378. data/vendor/plugins/news/app/views/admin/news_items/new.html.erb +0 -1
  379. data/vendor/plugins/news/app/views/news_items/_recent_posts.html.erb +0 -8
  380. data/vendor/plugins/news/app/views/news_items/index.html.erb +0 -17
  381. data/vendor/plugins/news/app/views/news_items/index.rss.builder +0 -26
  382. data/vendor/plugins/news/app/views/news_items/show.html.erb +0 -13
  383. data/vendor/plugins/news/config/routes.rb +0 -7
  384. data/vendor/plugins/news/news.md +0 -20
  385. data/vendor/plugins/news/rails/init.rb +0 -11
@@ -0,0 +1,41 @@
1
+ module Authlogic
2
+ module Session
3
+ # Allows you to separate sessions with an id, ultimately letting you create multiple sessions for the same user.
4
+ module Id
5
+ def self.included(klass)
6
+ klass.class_eval do
7
+ attr_writer :id
8
+ end
9
+ end
10
+
11
+ # Setting the id if it is passed in the credentials.
12
+ def credentials=(value)
13
+ super
14
+ values = value.is_a?(Array) ? value : [value]
15
+ self.id = values.last if values.last.is_a?(Symbol)
16
+ end
17
+
18
+ # Allows you to set a unique identifier for your session, so that you can have more than 1 session at a time.
19
+ # A good example when this might be needed is when you want to have a normal user session and a "secure" user session.
20
+ # The secure user session would be created only when they want to modify their billing information, or other sensitive
21
+ # information. Similar to me.com. This requires 2 user sessions. Just use an id for the "secure" session and you should be good.
22
+ #
23
+ # You can set the id during initialization (see initialize for more information), or as an attribute:
24
+ #
25
+ # session.id = :my_id
26
+ #
27
+ # Just be sure and set your id before you save your session.
28
+ #
29
+ # Lastly, to retrieve your session with the id check out the find class method.
30
+ def id
31
+ @id
32
+ end
33
+
34
+ private
35
+ # Used for things like cookie_key, session_key, etc.
36
+ def build_key(last_part)
37
+ [id, super].compact.join("_")
38
+ end
39
+ end
40
+ end
41
+ end
@@ -0,0 +1,78 @@
1
+ module Authlogic
2
+ module Session
3
+ # Handles authenticating via a traditional username and password.
4
+ module Klass
5
+ def self.included(klass)
6
+ klass.class_eval do
7
+ extend Config
8
+ include InstanceMethods
9
+
10
+ class << self
11
+ attr_accessor :configured_klass_methods
12
+ end
13
+ end
14
+ end
15
+
16
+ module Config
17
+ # Lets you change which model to use for authentication.
18
+ #
19
+ # * <tt>Default:</tt> inferred from the class name. UserSession would automatically try User
20
+ # * <tt>Accepts:</tt> an ActiveRecord class
21
+ def authenticate_with(klass)
22
+ @klass_name = klass.name
23
+ @klass = klass
24
+ end
25
+ alias_method :authenticate_with=, :authenticate_with
26
+
27
+ # The name of the class that this session is authenticating with. For example, the UserSession class will
28
+ # authenticate with the User class unless you specify otherwise in your configuration. See authenticate_with
29
+ # for information on how to change this value.
30
+ def klass
31
+ @klass ||=
32
+ if klass_name
33
+ klass_name.constantize
34
+ else
35
+ nil
36
+ end
37
+ end
38
+
39
+ # Same as klass, just returns a string instead of the actual constant.
40
+ def klass_name
41
+ @klass_name ||= guessed_klass_name
42
+ end
43
+
44
+ # The string of the model name class guessed from the actual session class name.
45
+ def guessed_klass_name
46
+ guessed_name = name.scan(/(.*)Session/)[0]
47
+ guessed_name[0] if guessed_name
48
+ end
49
+ end
50
+
51
+ module InstanceMethods
52
+ # Creating an alias method for the "record" method based on the klass name, so that we can do:
53
+ #
54
+ # session.user
55
+ #
56
+ # instead of:
57
+ #
58
+ # session.record
59
+ def initialize(*args)
60
+ if !self.class.configured_klass_methods
61
+ self.class.send(:alias_method, klass_name.demodulize.underscore.to_sym, :record)
62
+ self.class.configured_klass_methods = true
63
+ end
64
+ super
65
+ end
66
+
67
+ private
68
+ def klass
69
+ self.class.klass
70
+ end
71
+
72
+ def klass_name
73
+ self.class.klass_name
74
+ end
75
+ end
76
+ end
77
+ end
78
+ end
@@ -0,0 +1,95 @@
1
+ module Authlogic
2
+ module Session
3
+ # Just like ActiveRecord has "magic" columns, such as: created_at and updated_at. Authlogic has its own "magic" columns too:
4
+ #
5
+ # Column name Description
6
+ # login_count Increased every time an explicit login is made. This will *NOT* increase if logging in by a session, cookie, or basic http auth
7
+ # failed_login_count This increases for each consecutive failed login. See Authlogic::Session::BruteForceProtection and the consecutive_failed_logins_limit config option for more details.
8
+ # last_request_at Updates every time the user logs in, either by explicitly logging in, or logging in by cookie, session, or http auth
9
+ # current_login_at Updates with the current time when an explicit login is made.
10
+ # last_login_at Updates with the value of current_login_at before it is reset.
11
+ # current_login_ip Updates with the request remote_ip when an explicit login is made.
12
+ # last_login_ip Updates with the value of current_login_ip before it is reset.
13
+ module MagicColumns
14
+ def self.included(klass)
15
+ klass.class_eval do
16
+ extend Config
17
+ include InstanceMethods
18
+ after_persisting :set_last_request_at, :if => :set_last_request_at?
19
+ validate :increase_failed_login_count
20
+ before_save :update_info
21
+ before_save :set_last_request_at, :if => :set_last_request_at?
22
+ end
23
+ end
24
+
25
+ # Configuration for the magic columns feature.
26
+ module Config
27
+ # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists.
28
+ # If you want to limit how frequent that field is updated specify the threshold here. For example, if your user is making a
29
+ # request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threashold. Set this to 1.minute.
30
+ # Once a minute has passed in between requests the field will be updated.
31
+ #
32
+ # * <tt>Default:</tt> 0
33
+ # * <tt>Accepts:</tt> integer representing time in seconds
34
+ def last_request_at_threshold(value = nil)
35
+ rw_config(:last_request_at_threshold, value, 0)
36
+ end
37
+ alias_method :last_request_at_threshold=, :last_request_at_threshold
38
+ end
39
+
40
+ # The methods available for an Authlogic::Session::Base object that make up the magic columns feature.
41
+ module InstanceMethods
42
+ private
43
+ def increase_failed_login_count
44
+ if invalid_password? && attempted_record.respond_to?(:failed_login_count)
45
+ attempted_record.failed_login_count ||= 0
46
+ attempted_record.failed_login_count += 1
47
+ end
48
+ end
49
+
50
+ def update_info
51
+ record.login_count = (record.login_count.blank? ? 1 : record.login_count + 1) if record.respond_to?(:login_count)
52
+ record.failed_login_count = 0 if record.respond_to?(:failed_login_count)
53
+
54
+ if record.respond_to?(:current_login_at)
55
+ record.last_login_at = record.current_login_at if record.respond_to?(:last_login_at)
56
+ record.current_login_at = klass.default_timezone == :utc ? Time.now.utc : Time.now
57
+ end
58
+
59
+ if record.respond_to?(:current_login_ip)
60
+ record.last_login_ip = record.current_login_ip if record.respond_to?(:last_login_ip)
61
+ record.current_login_ip = controller.request.remote_ip
62
+ end
63
+ end
64
+
65
+ # This method lets authlogic know whether it should allow the last_request_at field to be updated
66
+ # with the current time (Time.now). One thing to note here is that it also checks for the existence of a
67
+ # last_request_update_allowed? method in your controller. This allows you to control this method pragmatically
68
+ # in your controller.
69
+ #
70
+ # For example, what if you had a javascript function that polled the server updating how much time is left in their
71
+ # session before it times out. Obviously you would want to ignore this request, because then the user would never time out.
72
+ # So you can do something like this in your controller:
73
+ #
74
+ # def last_request_update_allowed?
75
+ # action_name =! "update_session_time_left"
76
+ # end
77
+ #
78
+ # You can do whatever you want with that method.
79
+ def set_last_request_at? # :doc:
80
+ return false if !record || !klass.column_names.include?("last_request_at")
81
+ return controller.last_request_update_allowed? if controller.responds_to_last_request_update_allowed?
82
+ record.last_request_at.blank? || last_request_at_threshold.to_i.seconds.ago >= record.last_request_at
83
+ end
84
+
85
+ def set_last_request_at
86
+ record.last_request_at = klass.default_timezone == :utc ? Time.now.utc : Time.now
87
+ end
88
+
89
+ def last_request_at_threshold
90
+ self.class.last_request_at_threshold
91
+ end
92
+ end
93
+ end
94
+ end
95
+ end
@@ -0,0 +1,59 @@
1
+ module Authlogic
2
+ module Session
3
+ # Authlogic tries to check the state of the record before creating the session. If your record responds to the following methods and any of them return false, validation will fail:
4
+ #
5
+ # Method name Description
6
+ # active? Is the record marked as active?
7
+ # approved? Has the record been approved?
8
+ # confirmed? Has the record been conirmed?
9
+ #
10
+ # Authlogic does nothing to define these methods for you, its up to you to define what they mean. If your object responds to these methods Authlogic will use them, otherwise they are ignored.
11
+ #
12
+ # What's neat about this is that these are checked upon any type of login. When logging in explicitly, by cookie, session, or basic http auth.
13
+ # So if you mark a user inactive in the middle of their session they wont be logged back in next time they refresh the page. Giving you complete control.
14
+ #
15
+ # Need Authlogic to check your own "state"? No problem, check out the hooks section below. Add in a before_validation to do your own checking. The sky is the limit.
16
+ module MagicStates
17
+ def self.included(klass)
18
+ klass.class_eval do
19
+ extend Config
20
+ include InstanceMethods
21
+ validate :validate_magic_states, :unless => :disable_magic_states?
22
+ end
23
+ end
24
+
25
+ # Configuration for the magic states feature.
26
+ module Config
27
+ # Set this to true if you want to disable the checking of active?, approved?, and confirmed? on your record. This is more or less of a
28
+ # convenience feature, since 99% of the time if those methods exist and return false you will not want the user logging in. You could
29
+ # easily accomplish this same thing with a before_validation method or other callbacks.
30
+ #
31
+ # * <tt>Default:</tt> false
32
+ # * <tt>Accepts:</tt> Boolean
33
+ def disable_magic_states(value = nil)
34
+ rw_config(:disable_magic_states, value, false)
35
+ end
36
+ alias_method :disable_magic_states=, :disable_magic_states
37
+ end
38
+
39
+ # The methods available for an Authlogic::Session::Base object that make up the magic states feature.
40
+ module InstanceMethods
41
+ private
42
+ def disable_magic_states?
43
+ self.class.disable_magic_states == true
44
+ end
45
+
46
+ def validate_magic_states
47
+ return true if attempted_record.nil?
48
+ [:active, :approved, :confirmed].each do |required_status|
49
+ if attempted_record.respond_to?("#{required_status}?") && !attempted_record.send("#{required_status}?")
50
+ errors.add(:base, I18n.t("error_messages.not_#{required_status}", :default => "Your account is not #{required_status}"))
51
+ return false
52
+ end
53
+ end
54
+ true
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,101 @@
1
+ module Authlogic
2
+ module Session
3
+ # This module is responsible for authenticating the user via params, which ultimately allows the user to log in using a URL like the following:
4
+ #
5
+ # https://www.domain.com?user_credentials=4LiXF7FiGUppIPubBPey
6
+ #
7
+ # Notice the token in the URL, this is a single access token. A single access token is used for single access only, it is not persisted. Meaning the user
8
+ # provides it, Authlogic grants them access, and that's it. If they want access again they need to provide the token again. Authlogic will
9
+ # *NEVER* try to persist the session after authenticating through this method.
10
+ #
11
+ # For added security, this token is *ONLY* allowed for RSS and ATOM requests. You can change this with the configuration. You can also define if
12
+ # it is allowed dynamically by defining a single_access_allowed? method in your controller. For example:
13
+ #
14
+ # class UsersController < ApplicationController
15
+ # private
16
+ # def single_access_allowed?
17
+ # action_name == "index"
18
+ # end
19
+ #
20
+ # Also, by default, this token is permanent. Meaning if the user changes their password, this token will remain the same. It will only change
21
+ # when it is explicitly reset.
22
+ #
23
+ # You can modify all of this behavior with the Config sub module.
24
+ module Params
25
+ def self.included(klass)
26
+ klass.class_eval do
27
+ extend Config
28
+ include InstanceMethods
29
+ attr_accessor :single_access
30
+ persist :persist_by_params
31
+ end
32
+ end
33
+
34
+ # Configuration for the params / single access feature.
35
+ module Config
36
+ # Works exactly like cookie_key, but for params. So a user can login via params just like a cookie or a session. Your URL would look like:
37
+ #
38
+ # http://www.domain.com?user_credentials=my_single_access_key
39
+ #
40
+ # You can change the "user_credentials" key above with this configuration option. Keep in mind, just like cookie_key, if you supply an id
41
+ # the id will be appended to the front. Check out cookie_key for more details. Also checkout the "Single Access / Private Feeds Access" section in the README.
42
+ #
43
+ # * <tt>Default:</tt> cookie_key
44
+ # * <tt>Accepts:</tt> String
45
+ def params_key(value = nil)
46
+ rw_config(:params_key, value, cookie_key)
47
+ end
48
+ alias_method :params_key=, :params_key
49
+
50
+ # Authentication is allowed via a single access token, but maybe this is something you don't want for your application as a whole. Maybe this is
51
+ # something you only want for specific request types. Specify a list of allowed request types and single access authentication will only be
52
+ # allowed for the ones you specify.
53
+ #
54
+ # * <tt>Default:</tt> ["application/rss+xml", "application/atom+xml"]
55
+ # * <tt>Accepts:</tt> String of a request type, or :all or :any to allow single access authentication for any and all request types
56
+ def single_access_allowed_request_types(value = nil)
57
+ rw_config(:single_access_allowed_request_types, value, ["application/rss+xml", "application/atom+xml"])
58
+ end
59
+ alias_method :single_access_allowed_request_types=, :single_access_allowed_request_types
60
+ end
61
+
62
+ # The methods available for an Authlogic::Session::Base object that make up the params / single access feature.
63
+ module InstanceMethods
64
+ private
65
+ def persist_by_params
66
+ return false if !params_enabled?
67
+ self.unauthorized_record = search_for_record("find_by_single_access_token", params_credentials)
68
+ self.single_access = valid?
69
+ end
70
+
71
+ def params_enabled?
72
+ return false if !params_credentials || !klass.column_names.include?("single_access_token")
73
+ return controller.single_access_allowed? if controller.responds_to_single_access_allowed?
74
+
75
+ case single_access_allowed_request_types
76
+ when Array
77
+ single_access_allowed_request_types.include?(controller.request_content_type) || single_access_allowed_request_types.include?(:all)
78
+ else
79
+ [:all, :any].include?(single_access_allowed_request_types)
80
+ end
81
+ end
82
+
83
+ def params_key
84
+ build_key(self.class.params_key)
85
+ end
86
+
87
+ def single_access?
88
+ single_access == true
89
+ end
90
+
91
+ def single_access_allowed_request_types
92
+ self.class.single_access_allowed_request_types
93
+ end
94
+
95
+ def params_credentials
96
+ controller.params[params_key]
97
+ end
98
+ end
99
+ end
100
+ end
101
+ end
@@ -0,0 +1,240 @@
1
+ module Authlogic
2
+ module Session
3
+ # Handles authenticating via a traditional username and password.
4
+ module Password
5
+ def self.included(klass)
6
+ klass.class_eval do
7
+ extend Config
8
+ include InstanceMethods
9
+ validate :validate_by_password, :if => :authenticating_with_password?
10
+
11
+ class << self
12
+ attr_accessor :configured_password_methods
13
+ end
14
+ end
15
+ end
16
+
17
+ # Password configuration
18
+ module Config
19
+ # Authlogic tries to validate the credentials passed to it. One part of validation is actually finding the user and
20
+ # making sure it exists. What method it uses the do this is up to you.
21
+ #
22
+ # Let's say you have a UserSession that is authenticating a User. By default UserSession will call User.find_by_login(login).
23
+ # You can change what method UserSession calls by specifying it here. Then in your User model you can make that method do
24
+ # anything you want, giving you complete control of how users are found by the UserSession.
25
+ #
26
+ # Let's take an example: You want to allow users to login by username or email. Set this to the name of the class method
27
+ # that does this in the User model. Let's call it "find_by_username_or_email"
28
+ #
29
+ # class User < ActiveRecord::Base
30
+ # def self.find_by_username_or_email(login)
31
+ # find_by_username(login) || find_by_email(login)
32
+ # end
33
+ # end
34
+ #
35
+ # Now just specify the name of this method for this configuration option and you are all set. You can do anything you
36
+ # want here. Maybe you allow users to have multiple logins and you want to search a has_many relationship, etc. The sky is the limit.
37
+ #
38
+ # * <tt>Default:</tt> "find_by_smart_case_login_field"
39
+ # * <tt>Accepts:</tt> Symbol or String
40
+ def find_by_login_method(value = nil)
41
+ rw_config(:find_by_login_method, value, "find_by_smart_case_login_field")
42
+ end
43
+ alias_method :find_by_login_method=, :find_by_login_method
44
+
45
+ # The text used to identify credentials (username/password) combination when a bad login attempt occurs.
46
+ # When you show error messages for a bad login, it's considered good security practice to hide which field
47
+ # the user has entered incorrectly (the login field or the password field). For a full explanation, see
48
+ # http://www.gnucitizen.org/blog/username-enumeration-vulnerabilities/
49
+ #
50
+ # Example of use:
51
+ #
52
+ # class UserSession < Authlogic::Session::Base
53
+ # generalize_credentials_error_messages true
54
+ # end
55
+ #
56
+ # This would make the error message for bad logins and bad passwords look identical:
57
+ #
58
+ # Login/Password combination is not valid
59
+ #
60
+ # Alternatively you may use a custom message:
61
+ #
62
+ # class UserSession < AuthLogic::Session::Base
63
+ # generalize_credentials_error_messages "Your login information is invalid"
64
+ # end
65
+ #
66
+ # This will instead show your custom error message when the UserSession is invalid.
67
+ #
68
+ # The downside to enabling this is that is can be too vague for a user that has a hard time remembering
69
+ # their username and password combinations. It also disables the ability to to highlight the field
70
+ # with the error when you use form_for.
71
+ #
72
+ # If you are developing an app where security is an extreme priority (such as a financial application),
73
+ # then you should enable this. Otherwise, leaving this off is fine.
74
+ #
75
+ # * <tt>Default</tt> false
76
+ # * <tt>Accepts:</tt> Boolean
77
+ def generalize_credentials_error_messages(value = nil)
78
+ rw_config(:generalize_credentials_error_messages, value, false)
79
+ end
80
+ alias_method :generalize_credentials_error_messages=, :generalize_credentials_error_messages
81
+
82
+ # The name of the method you want Authlogic to create for storing the login / username. Keep in mind this is just for your
83
+ # Authlogic::Session, if you want it can be something completely different than the field in your model. So if you wanted people to
84
+ # login with a field called "login" and then find users by email this is compeltely doable. See the find_by_login_method configuration
85
+ # option for more details.
86
+ #
87
+ # * <tt>Default:</tt> klass.login_field || klass.email_field
88
+ # * <tt>Accepts:</tt> Symbol or String
89
+ def login_field(value = nil)
90
+ rw_config(:login_field, value, klass.login_field || klass.email_field)
91
+ end
92
+ alias_method :login_field=, :login_field
93
+
94
+ # Works exactly like login_field, but for the password instead. Returns :password if a login_field exists.
95
+ #
96
+ # * <tt>Default:</tt> :password
97
+ # * <tt>Accepts:</tt> Symbol or String
98
+ def password_field(value = nil)
99
+ rw_config(:password_field, value, login_field && :password)
100
+ end
101
+ alias_method :password_field=, :password_field
102
+
103
+ # The name of the method in your model used to verify the password. This should be an instance method. It should also
104
+ # be prepared to accept a raw password and a crytped password.
105
+ #
106
+ # * <tt>Default:</tt> "valid_password?"
107
+ # * <tt>Accepts:</tt> Symbol or String
108
+ def verify_password_method(value = nil)
109
+ rw_config(:verify_password_method, value, "valid_password?")
110
+ end
111
+ alias_method :verify_password_method=, :verify_password_method
112
+ end
113
+
114
+ # Password related instance methods
115
+ module InstanceMethods
116
+ def initialize(*args)
117
+ if !self.class.configured_password_methods
118
+ if login_field
119
+ self.class.send(:attr_writer, login_field) if !respond_to?("#{login_field}=")
120
+ self.class.send(:attr_reader, login_field) if !respond_to?(login_field)
121
+ end
122
+
123
+ if password_field
124
+ self.class.send(:attr_writer, password_field) if !respond_to?("#{password_field}=")
125
+ self.class.send(:define_method, password_field) {} if !respond_to?(password_field)
126
+
127
+ self.class.class_eval <<-"end_eval", __FILE__, __LINE__
128
+ private
129
+ # The password should not be accessible publicly. This way forms using form_for don't fill the password with the
130
+ # attempted password. To prevent this we just create this method that is private.
131
+ def protected_#{password_field}
132
+ @#{password_field}
133
+ end
134
+ end_eval
135
+ end
136
+
137
+ self.class.configured_password_methods = true
138
+ end
139
+
140
+ super
141
+ end
142
+
143
+ # Returns the login_field / password_field credentials combination in hash form.
144
+ def credentials
145
+ if authenticating_with_password?
146
+ details = {}
147
+ details[login_field.to_sym] = send(login_field)
148
+ details[password_field.to_sym] = "<protected>"
149
+ details
150
+ else
151
+ super
152
+ end
153
+ end
154
+
155
+ # Accepts the login_field / password_field credentials combination in hash form.
156
+ def credentials=(value)
157
+ super
158
+ values = value.is_a?(Array) ? value : [value]
159
+ if values.first.is_a?(Hash)
160
+ values.first.with_indifferent_access.slice(login_field, password_field).each do |field, value|
161
+ next if value.blank?
162
+ send("#{field}=", value)
163
+ end
164
+ end
165
+ end
166
+
167
+ def invalid_password?
168
+ invalid_password == true
169
+ end
170
+
171
+ private
172
+ def authenticating_with_password?
173
+ login_field && (!send(login_field).nil? || !send("protected_#{password_field}").nil?)
174
+ end
175
+
176
+ def validate_by_password
177
+ self.invalid_password = false
178
+
179
+ errors.add(login_field, I18n.t('error_messages.login_blank', :default => "cannot be blank")) if send(login_field).blank?
180
+ errors.add(password_field, I18n.t('error_messages.password_blank', :default => "cannot be blank")) if send("protected_#{password_field}").blank?
181
+ return if errors.count > 0
182
+
183
+ self.attempted_record = search_for_record(find_by_login_method, send(login_field))
184
+ if attempted_record.blank?
185
+ generalize_credentials_error_messages? ?
186
+ add_general_credentials_error :
187
+ errors.add(login_field, I18n.t('error_messages.login_not_found', :default => "is not valid"))
188
+ return
189
+ end
190
+
191
+ if !attempted_record.send(verify_password_method, send("protected_#{password_field}"))
192
+ self.invalid_password = true
193
+ generalize_credentials_error_messages? ?
194
+ add_general_credentials_error :
195
+ errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
196
+ return
197
+ end
198
+ end
199
+
200
+ def invalid_password
201
+ @invalid_password
202
+ end
203
+
204
+ def invalid_password=(value)
205
+ @invalid_password = value
206
+ end
207
+
208
+ def find_by_login_method
209
+ self.class.find_by_login_method
210
+ end
211
+
212
+ def login_field
213
+ self.class.login_field
214
+ end
215
+
216
+ def add_general_credentials_error
217
+ error_message =
218
+ if self.class.generalize_credentials_error_messages.is_a? String
219
+ self.class.generalize_credentials_error_messages
220
+ else
221
+ "#{login_field.to_s.humanize}/Password combination is not valid"
222
+ end
223
+ errors.add(:base, I18n.t('error_messages.general_credentials_error', :default => error_message))
224
+ end
225
+
226
+ def generalize_credentials_error_messages?
227
+ self.class.generalize_credentials_error_messages
228
+ end
229
+
230
+ def password_field
231
+ self.class.password_field
232
+ end
233
+
234
+ def verify_password_method
235
+ self.class.verify_password_method
236
+ end
237
+ end
238
+ end
239
+ end
240
+ end