sorcery 0.16.1 → 0.18.0

data/lib/sorcery/controller.rb

@@ -3,22 +3,17 @@ module Sorcery
     def self.included(klass)
       klass.class_eval do
         include InstanceMethods
+
         Config.submodules.each do |mod|
-          # FIXME: Is there a cleaner way to handle missing submodules?
-          # rubocop:disable Lint/HandleExceptions
-          begin
-            include Submodules.const_get(mod.to_s.split('_').map(&:capitalize).join)
-          rescue NameError
-            # don't stop on a missing submodule.
-          end
-          # rubocop:enable Lint/HandleExceptions
+          submodule_name = mod.to_s.split('_').map(&:capitalize).join
+          include Submodules.const_get(submodule_name) if Submodules.const_defined?(submodule_name, false)
         end
       end
       Config.update!
       Config.configure!
     end
 
-    module InstanceMethods
+    module InstanceMethods # rubocop:disable Metrics/ModuleLength
       # To be used as before_action.
       # Will trigger auto-login attempts via the call to logged_in?
       # If all attempts to auto-login fail, the failure callback will be called.
@@ -54,7 +49,6 @@ module Sorcery
           old_session.each_pair do |k, v|
             session[k.to_sym] = v
           end
-          form_authenticity_token
 
           auto_login(user, credentials[2])
           after_login!(user, credentials)
@@ -63,6 +57,14 @@ module Sorcery
         end
       end
 
+      def login!(...)
+        user = login(...)
+
+        raise Sorcery::InvalidCredentials if user.nil?
+
+        user
+      end
+
       def reset_sorcery_session
         reset_session # protect from session fixation attacks
       end
@@ -85,9 +87,7 @@ module Sorcery
       # attempts to auto-login from the sources defined (session, basic_auth, cookie, etc.)
       # returns the logged in user if found, nil if not
       def current_user
-        unless defined?(@current_user)
-          @current_user = login_from_session || login_from_other_sources || nil
-        end
+        @current_user = login_from_session || login_from_other_sources || nil unless defined?(@current_user)
         @current_user
       end
 
@@ -97,8 +97,24 @@ module Sorcery
 
       # used when a user tries to access a page while logged out, is asked to login,
       # and we want to return him back to the page he originally wanted.
-      def redirect_back_or_to(url, flash_hash = {})
-        redirect_to(session[:return_to_url] || url, flash: flash_hash)
+      def redirect_back_or_to(...)
+        if Config.use_redirect_back_or_to_by_rails
+          super
+        else
+          Sorcery.deprecator.warn(
+            '`redirect_back_or_to` overrides the method of the same name defined in Rails 7. ' \
+            'To avoid overriding, set `config.use_redirect_back_or_to_by_rails = true` and use `redirect_to_before_login_path`. ' \
+            'In a future release, `config.use_redirect_back_or_to_by_rails = true` will become the default.'
+          )
+          redirect_to_before_login_path(...)
+        end
+      end
+
+      def redirect_to_before_login_path(url, **options)
+        allow_other_host = options[:allow_other_host].nil? ? _allow_other_host : options[:allow_other_host]
+        flash = options.except(:allow_other_host)
+
+        redirect_to(session[:return_to_url] || url, flash:, allow_other_host:)
         session[:return_to_url] = nil
       end
 
@@ -137,9 +153,7 @@ module Sorcery
       end
 
       def login_from_session
-        @current_user = if session[:user_id]
-                          user_class.sorcery_adapter.find_by_id(session[:user_id])
-                        end
+        @current_user = (user_class.sorcery_adapter.find_by_id(session[:user_id]) if session[:user_id])
       end
 
       def after_login!(user, credentials = [])
@@ -162,10 +176,14 @@ module Sorcery
         Config.after_remember_me.each { |c| send(c, user) }
       end
 
+      def after_login_lock!(credentials)
+        Config.after_login_lock.each { |c| send(c, credentials) }
+      end
+
       def user_class
         @user_class ||= Config.user_class.to_s.constantize
       rescue NameError
-        raise ArgumentError, 'You have incorrectly defined user_class or have forgotten to define it in intitializer file (config.user_class = \'User\').'
+        raise ArgumentError, 'You have incorrectly defined user_class or have forgotten to define it in the initializer file (config.user_class = \'User\').'
       end
     end
   end

data/lib/sorcery/crypto_providers/aes256.rb

@@ -36,13 +36,15 @@ module Sorcery
         def decrypt(crypted)
           aes.decrypt
           aes.key = @key
-          (aes.update(crypted.unpack('m').first) + aes.final)
+          (aes.update(crypted.unpack1('m')) + aes.final)
         end
 
         private
 
         def aes
-          raise ArgumentError, "#{name} expects a 32 bytes long key. Please use Sorcery::Model::Config.encryption_key to set it." if @key.nil? || @key == ''
+          if @key.nil? || @key == ''
+            raise ArgumentError, "#{name} expects a 32 bytes long key. Please use Sorcery::Model::Config.encryption_key to set it."
+          end
 
           @aes ||= OpenSSL::Cipher.new('AES-256-ECB')
         end

data/lib/sorcery/crypto_providers/bcrypt.rb

@@ -44,6 +44,7 @@ module Sorcery
         # Basically it's equivalent to :salt_join_token option, but have a different name to ensure
         # backward compatibility in generating/matching passwords.
         attr_accessor :pepper
+
         # This is the :cost option for the BCrpyt library.
         # The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
         # Set this to whatever you want, play around with it to get that perfect balance between
@@ -87,7 +88,7 @@ module Sorcery
         private
 
         def join_tokens(tokens)
-          tokens.flatten.join.concat(pepper.to_s) # make sure to add pepper in case tokens have only one element
+          tokens.join.concat(pepper.to_s) # make sure to add pepper in case tokens have only one element
         end
 
         def new_from_hash(hash)

data/lib/sorcery/crypto_providers/md5.rb

@@ -9,6 +9,7 @@ module Sorcery
     # Please use any other provider offered by Sorcery.
     class MD5
       include Common
+
       class << self
         def secure_digest(digest)
           Digest::MD5.hexdigest(digest)

data/lib/sorcery/crypto_providers/sha1.rb

@@ -6,6 +6,7 @@ module Sorcery
     # crypto provider as it inferior to your other options. Please use any other provider offered by Sorcery.
     class SHA1
       include Common
+
       class << self
         def join_token
           @join_token ||= '--'

data/lib/sorcery/crypto_providers/sha256.rb

@@ -26,6 +26,7 @@ module Sorcery
     # Uses the Sha256 hash algorithm to encrypt passwords.
     class SHA256
       include Common
+
       class << self
         def secure_digest(digest)
           Digest::SHA256.hexdigest(digest)

data/lib/sorcery/crypto_providers/sha512.rb

@@ -26,6 +26,7 @@ module Sorcery
     # Uses the Sha512 hash algorithm to encrypt passwords.
     class SHA512
       include Common
+
       class << self
         def secure_digest(digest)
           Digest::SHA512.hexdigest(digest)

data/lib/sorcery/engine.rb

@@ -7,20 +7,22 @@ module Sorcery
   class Engine < Rails::Engine
     config.sorcery = ::Sorcery::Controller::Config
 
+    initializer 'sorcery.deprecator' do |app|
+      app.deprecators[:sorcery] = Sorcery.deprecator
+    end
+
     # TODO: Should this include a modified version of the helper methods?
     initializer 'extend Controller with sorcery' do
       # FIXME: on_load is needed to fix Rails 6 deprecations, but it breaks
       #        applications due to undefined method errors.
       # ActiveSupport.on_load(:action_controller_api) do
-      if defined?(ActionController::API)
-        ActionController::API.send(:include, Sorcery::Controller)
-      end
+      ActionController::API.include Sorcery::Controller if defined?(ActionController::API)
 
       # FIXME: on_load is needed to fix Rails 6 deprecations, but it breaks
       #        applications due to undefined method errors.
       # ActiveSupport.on_load(:action_controller_base) do
       if defined?(ActionController::Base)
-        ActionController::Base.send(:include, Sorcery::Controller)
+        ActionController::Base.include Sorcery::Controller
         ActionController::Base.helper_method :current_user
         ActionController::Base.helper_method :logged_in?
       end

data/lib/sorcery/errors.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Sorcery
+  ##
+  # Custom error class for rescuing from all Sorcery errors.
+  #
+  class Error < StandardError; end
+
+  class InvalidCredentials < Sorcery::Error; end
+end

data/lib/sorcery/model/config.rb

@@ -31,8 +31,8 @@ module Sorcery
       # an array of method names to call before authentication completes. used internally.
       attr_accessor :before_authenticate
       # method to send email related
-      # options: `:deliver_later`, `:deliver_now`, `:deliver`
-      # Default: :deliver (Rails version < 4.2) or :deliver_now (Rails version 4.2+)
+      # options: `:deliver_later`, `:deliver_now`
+      # Default: :deliver_now
       # method to send email related
       attr_accessor :email_delivery_method
       # an array of method names to call after configuration by user. used internally.
@@ -51,25 +51,25 @@ module Sorcery
 
       def initialize
         @defaults = {
-          :@submodules                           => [],
-          :@username_attribute_names             => [:email],
-          :@password_attribute_name              => :password,
+          :@submodules => [],
+          :@username_attribute_names => [:email],
+          :@password_attribute_name => :password,
           :@downcase_username_before_authenticating => false,
-          :@email_attribute_name                 => :email,
-          :@crypted_password_attribute_name      => :crypted_password,
-          :@encryption_algorithm                 => :bcrypt,
-          :@encryption_provider                  => CryptoProviders::BCrypt,
-          :@custom_encryption_provider           => nil,
-          :@encryption_key                       => nil,
-          :@pepper                               => '',
-          :@salt_join_token                      => '',
-          :@salt_attribute_name                  => :salt,
-          :@stretches                            => nil,
-          :@subclasses_inherit_config            => false,
-          :@before_authenticate                  => [],
-          :@after_config                         => [],
-          :@email_delivery_method                => default_email_delivery_method,
-          :@token_randomness                     => 15
+          :@email_attribute_name => :email,
+          :@crypted_password_attribute_name => :crypted_password,
+          :@encryption_algorithm => :bcrypt,
+          :@encryption_provider => CryptoProviders::BCrypt,
+          :@custom_encryption_provider => nil,
+          :@encryption_key => nil,
+          :@pepper => '',
+          :@salt_join_token => '',
+          :@salt_attribute_name => :salt,
+          :@stretches => nil,
+          :@subclasses_inherit_config => false,
+          :@before_authenticate => [],
+          :@after_config => [],
+          :@email_delivery_method => :deliver_now,
+          :@token_randomness => 15
         }
         reset!
       end
@@ -103,17 +103,6 @@ module Sorcery
                                else raise ArgumentError, "Encryption algorithm supplied, #{algo}, is invalid"
                                end
       end
-
-      private
-
-      def default_email_delivery_method
-        # Rails 4.2 deprecates #deliver
-        rails_version_bigger_than_or_equal?('4.2.0') ? :deliver_now : :deliver
-      end
-
-      def rails_version_bigger_than_or_equal?(version)
-        Gem::Version.new(version) <= Gem::Version.new(Rails.version)
-      end
     end
   end
 end

data/lib/sorcery/model/submodules/activity_logging.rb

@@ -25,11 +25,11 @@ module Sorcery
           end
 
           base.sorcery_config.instance_eval do
-            @defaults.merge!(:@last_login_at_attribute_name                => :last_login_at,
-                             :@last_logout_at_attribute_name               => :last_logout_at,
-                             :@last_activity_at_attribute_name             => :last_activity_at,
-                             :@last_login_from_ip_address_name             => :last_login_from_ip_address,
-                             :@activity_timeout                            => 10 * 60)
+            @defaults.merge!(:@last_login_at_attribute_name => :last_login_at,
+                             :@last_logout_at_attribute_name => :last_logout_at,
+                             :@last_activity_at_attribute_name => :last_activity_at,
+                             :@last_login_from_ip_address_name => :last_login_from_ip_address,
+                             :@activity_timeout => 10 * 60)
             reset!
           end
 
@@ -63,7 +63,9 @@ module Sorcery
           #  shows if user is logged in, but it not show if user is online - see online?
           def logged_in?
             return false if send(sorcery_config.last_login_at_attribute_name).nil?
-            return true if send(sorcery_config.last_login_at_attribute_name).present? && send(sorcery_config.last_logout_at_attribute_name).nil?
+            if send(sorcery_config.last_login_at_attribute_name).present? && send(sorcery_config.last_logout_at_attribute_name).nil?
+              return true
+            end
 
             send(sorcery_config.last_login_at_attribute_name) > send(sorcery_config.last_logout_at_attribute_name)
           end

data/lib/sorcery/model/submodules/brute_force_protection.rb

@@ -21,15 +21,15 @@ module Sorcery
           end
 
           base.sorcery_config.instance_eval do
-            @defaults.merge!(:@failed_logins_count_attribute_name              => :failed_logins_count,
-                             :@lock_expires_at_attribute_name                  => :lock_expires_at,
-                             :@consecutive_login_retries_amount_limit          => 50,
-                             :@login_lock_time_period                          => 60 * 60,
-
-                             :@unlock_token_attribute_name                     => :unlock_token,
-                             :@unlock_token_email_method_name                  => :send_unlock_token_email,
-                             :@unlock_token_mailer_disabled                    => false,
-                             :@unlock_token_mailer                             => nil)
+            @defaults.merge!(:@failed_logins_count_attribute_name => :failed_logins_count,
+                             :@lock_expires_at_attribute_name => :lock_expires_at,
+                             :@consecutive_login_retries_amount_limit => 50,
+                             :@login_lock_time_period => 60 * 60,
+
+                             :@unlock_token_attribute_name => :unlock_token,
+                             :@unlock_token_email_method_name => :send_unlock_token_email,
+                             :@unlock_token_mailer_disabled => false,
+                             :@unlock_token_mailer => nil)
             reset!
           end
 
@@ -41,13 +41,13 @@ module Sorcery
 
         module ClassMethods
           # This doesn't check to see if the account is still locked
-          def load_from_unlock_token(token, &block)
+          def load_from_unlock_token(token, &)
             return if token.blank?
 
             load_from_token(
               token,
               sorcery_config.unlock_token_attribute_name,
-              &block
+              &
             )
           end
 
@@ -69,7 +69,9 @@ module Sorcery
 
             sorcery_adapter.increment(config.failed_logins_count_attribute_name)
 
-            return unless send(config.failed_logins_count_attribute_name) >= config.consecutive_login_retries_amount_limit
+            unless send(config.failed_logins_count_attribute_name) >= config.consecutive_login_retries_amount_limit
+              return
+            end
 
             login_lock!
           end
@@ -117,8 +119,8 @@ module Sorcery
           # Runs as a hook before authenticate.
           def prevent_locked_user_login
             config = sorcery_config
-            if !login_unlocked? && config.login_lock_time_period != 0
-              login_unlock! if send(config.lock_expires_at_attribute_name) <= Time.now.in_time_zone
+            if !login_unlocked? && config.login_lock_time_period != 0 && send(config.lock_expires_at_attribute_name) <= Time.now.in_time_zone
+              login_unlock!
             end
 
             return false, :locked unless login_unlocked?

data/lib/sorcery/model/submodules/external.rb

@@ -23,10 +23,10 @@ module Sorcery
           end
 
           base.sorcery_config.instance_eval do
-            @defaults.merge!(:@authentications_class                  => nil,
+            @defaults.merge!(:@authentications_class => nil,
                              :@authentications_user_id_attribute_name => :user_id,
-                             :@provider_attribute_name                => :provider,
-                             :@provider_uid_attribute_name            => :uid)
+                             :@provider_attribute_name => :provider,
+                             :@provider_uid_attribute_name => :uid)
 
             reset!
           end
@@ -41,7 +41,9 @@ module Sorcery
             config = sorcery_config
             authentication = config.authentications_class.sorcery_adapter.find_by_oauth_credentials(provider, uid)
             # Return user if matching authentication found
-            sorcery_adapter.find_by_id(authentication.send(config.authentications_user_id_attribute_name)) if authentication
+            return unless authentication
+
+            sorcery_adapter.find_by_id(authentication.send(config.authentications_user_id_attribute_name))
           end
 
           def create_and_validate_from_provider(provider, uid, attrs)
@@ -60,9 +62,7 @@ module Sorcery
               user.send(:"#{k}=", v)
             end
 
-            if block_given?
-              return false unless yield user
-            end
+            return false if block_given? && !yield(user)
 
             sorcery_adapter.transaction do
               user.sorcery_adapter.save(validate: false)
@@ -83,9 +83,7 @@ module Sorcery
               user.send(:"#{k}=", v)
             end
 
-            if block_given?
-              return false unless yield user
-            end
+            return false if block_given? && !yield(user)
 
             user
           end

data/lib/sorcery/model/submodules/magic_login.rb

@@ -52,12 +52,12 @@ module Sorcery
         module ClassMethods
           # Find user by token, also checks for expiration.
           # Returns the user if token found and is valid.
-          def load_from_magic_login_token(token, &block)
+          def load_from_magic_login_token(token, &)
             load_from_token(
               token,
               @sorcery_config.magic_login_token_attribute_name,
               @sorcery_config.magic_login_token_expires_at_attribute_name,
-              &block
+              &
             )
           end
 
@@ -67,7 +67,9 @@ module Sorcery
           # when magic_login_mailer_disabled is false
           def validate_mailer_defined
             msg = 'To use magic_login submodule, you must define a mailer (config.magic_login_mailer_class = YourMailerClass).'
-            raise ArgumentError, msg if @sorcery_config.magic_login_mailer_class.nil? && @sorcery_config.magic_login_mailer_disabled == false
+            if @sorcery_config.magic_login_mailer_class.nil? && @sorcery_config.magic_login_mailer_disabled == false
+              raise ArgumentError, msg
+            end
           end
 
           def define_magic_login_fields
@@ -85,7 +87,9 @@ module Sorcery
               config.magic_login_token_attribute_name => TemporaryToken.generate_random_token,
               config.magic_login_email_sent_at_attribute_name => Time.now.in_time_zone
             }
-            attributes[config.magic_login_token_expires_at_attribute_name] = Time.now.in_time_zone + config.magic_login_expiration_period if config.magic_login_expiration_period
+            if config.magic_login_expiration_period
+              attributes[config.magic_login_token_expires_at_attribute_name] = Time.now.in_time_zone + config.magic_login_expiration_period
+            end
 
             sorcery_adapter.update_attributes(attributes)
           end

data/lib/sorcery/model/submodules/remember_me.rb

@@ -14,10 +14,10 @@ module Sorcery
           end
 
           base.sorcery_config.instance_eval do
-            @defaults.merge!(:@remember_me_token_attribute_name            => :remember_me_token,
+            @defaults.merge!(:@remember_me_token_attribute_name => :remember_me_token,
                              :@remember_me_token_expires_at_attribute_name => :remember_me_token_expires_at,
-                             :@remember_me_token_persist_globally          => false,
-                             :@remember_me_for                             => 7 * 60 * 60 * 24)
+                             :@remember_me_token_persist_globally => false,
+                             :@remember_me_for => 7 * 60 * 60 * 24)
 
             reset!
           end

data/lib/sorcery/model/submodules/reset_password.rb

@@ -34,16 +34,16 @@ module Sorcery
           end
 
           base.sorcery_config.instance_eval do
-            @defaults.merge!(:@reset_password_token_attribute_name            => :reset_password_token,
+            @defaults.merge!(:@reset_password_token_attribute_name => :reset_password_token,
                              :@reset_password_token_expires_at_attribute_name => :reset_password_token_expires_at,
                              :@reset_password_page_access_count_attribute_name =>
                                  :access_count_to_reset_password_page,
-                             :@reset_password_email_sent_at_attribute_name    => :reset_password_email_sent_at,
-                             :@reset_password_mailer                          => nil,
-                             :@reset_password_mailer_disabled                 => false,
-                             :@reset_password_email_method_name               => :reset_password_email,
-                             :@reset_password_expiration_period               => nil,
-                             :@reset_password_time_between_emails             => 5 * 60)
+                             :@reset_password_email_sent_at_attribute_name => :reset_password_email_sent_at,
+                             :@reset_password_mailer => nil,
+                             :@reset_password_mailer_disabled => false,
+                             :@reset_password_email_method_name => :reset_password_email,
+                             :@reset_password_expiration_period => nil,
+                             :@reset_password_time_between_emails => 5 * 60)
 
             reset!
           end
@@ -59,12 +59,12 @@ module Sorcery
         module ClassMethods
           # Find user by token, also checks for expiration.
           # Returns the user if token found and is valid.
-          def load_from_reset_password_token(token, &block)
+          def load_from_reset_password_token(token, &)
             load_from_token(
               token,
               @sorcery_config.reset_password_token_attribute_name,
               @sorcery_config.reset_password_token_expires_at_attribute_name,
-              &block
+              &
             )
           end
 
@@ -74,7 +74,9 @@ module Sorcery
           # when reset_password_mailer_disabled is false
           def validate_mailer_defined
             message = 'To use reset_password submodule, you must define a mailer (config.reset_password_mailer = YourMailerClass).'
-            raise ArgumentError, message if @sorcery_config.reset_password_mailer.nil? && @sorcery_config.reset_password_mailer_disabled == false
+            if @sorcery_config.reset_password_mailer.nil? && @sorcery_config.reset_password_mailer_disabled == false
+              raise ArgumentError, message
+            end
           end
 
           def define_reset_password_fields
@@ -90,7 +92,9 @@ module Sorcery
             config = sorcery_config
             attributes = { config.reset_password_token_attribute_name => TemporaryToken.generate_random_token,
                            config.reset_password_email_sent_at_attribute_name => Time.now.in_time_zone }
-            attributes[config.reset_password_token_expires_at_attribute_name] = Time.now.in_time_zone + config.reset_password_expiration_period if config.reset_password_expiration_period
+            if config.reset_password_expiration_period
+              attributes[config.reset_password_token_expires_at_attribute_name] = Time.now.in_time_zone + config.reset_password_expiration_period
+            end
 
             sorcery_adapter.update_attributes(attributes)
           end
@@ -100,7 +104,9 @@ module Sorcery
             mail = false
             config = sorcery_config
             # hammering protection
-            return false if config.reset_password_time_between_emails.present? && send(config.reset_password_email_sent_at_attribute_name) && send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.seconds.ago.utc
+            if config.reset_password_time_between_emails.present? && send(config.reset_password_email_sent_at_attribute_name) && send(config.reset_password_email_sent_at_attribute_name) > config.reset_password_time_between_emails.seconds.ago.utc
+              return false
+            end
 
             self.class.sorcery_adapter.transaction do
               generate_reset_password_token!
@@ -131,6 +137,8 @@ module Sorcery
           end
 
           def change_password!(new_password)
+            raise ArgumentError, 'Blank password passed to change_password!' if new_password.blank?
+
             change_password(new_password, raise_on_failure: true)
           end
 
@@ -144,7 +152,9 @@ module Sorcery
           def clear_reset_password_token
             config = sorcery_config
             send(:"#{config.reset_password_token_attribute_name}=", nil)
-            send(:"#{config.reset_password_token_expires_at_attribute_name}=", nil) if config.reset_password_expiration_period
+            return unless config.reset_password_expiration_period
+
+            send(:"#{config.reset_password_token_expires_at_attribute_name}=", nil)
           end
         end
       end

data/lib/sorcery/model/submodules/user_activation.rb

@@ -29,15 +29,15 @@ module Sorcery
           end
 
           base.sorcery_config.instance_eval do
-            @defaults.merge!(:@activation_state_attribute_name             => :activation_state,
-                             :@activation_token_attribute_name             => :activation_token,
-                             :@activation_token_expires_at_attribute_name  => :activation_token_expires_at,
-                             :@activation_token_expiration_period          => nil,
-                             :@user_activation_mailer                      => nil,
-                             :@activation_mailer_disabled                  => false,
-                             :@activation_needed_email_method_name         => :activation_needed_email,
-                             :@activation_success_email_method_name        => :activation_success_email,
-                             :@prevent_non_active_users_to_login           => true)
+            @defaults.merge!(:@activation_state_attribute_name => :activation_state,
+                             :@activation_token_attribute_name => :activation_token,
+                             :@activation_token_expires_at_attribute_name => :activation_token_expires_at,
+                             :@activation_token_expiration_period => nil,
+                             :@user_activation_mailer => nil,
+                             :@activation_mailer_disabled => false,
+                             :@activation_needed_email_method_name => :activation_needed_email,
+                             :@activation_success_email_method_name => :activation_success_email,
+                             :@prevent_non_active_users_to_login => true)
             reset!
           end
 
@@ -59,12 +59,12 @@ module Sorcery
         module ClassMethods
           # Find user by token, also checks for expiration.
           # Returns the user if token found and is valid.
-          def load_from_activation_token(token, &block)
+          def load_from_activation_token(token, &)
             load_from_token(
               token,
               @sorcery_config.activation_token_attribute_name,
               @sorcery_config.activation_token_expires_at_attribute_name,
-              &block
+              &
             )
           end
 
@@ -74,7 +74,9 @@ module Sorcery
           # when activation_mailer_disabled is false
           def validate_mailer_defined
             message = 'To use user_activation submodule, you must define a mailer (config.user_activation_mailer = YourMailerClass).'
-            raise ArgumentError, message if @sorcery_config.user_activation_mailer.nil? && @sorcery_config.activation_mailer_disabled == false
+            if @sorcery_config.user_activation_mailer.nil? && @sorcery_config.activation_mailer_disabled == false
+              raise ArgumentError, message
+            end
           end
 
           def define_user_activation_fields
@@ -92,7 +94,9 @@ module Sorcery
             generated_activation_token = TemporaryToken.generate_random_token
             send(:"#{config.activation_token_attribute_name}=", generated_activation_token)
             send(:"#{config.activation_state_attribute_name}=", 'pending')
-            send(:"#{config.activation_token_expires_at_attribute_name}=", Time.now.in_time_zone + config.activation_token_expiration_period) if config.activation_token_expiration_period
+            return unless config.activation_token_expiration_period
+
+            send(:"#{config.activation_token_expires_at_attribute_name}=", Time.now.in_time_zone + config.activation_token_expiration_period)
           end
 
           # clears activation code, sets the user as 'active' and optionaly sends a success email.
@@ -132,10 +136,8 @@ module Sorcery
           def prevent_non_active_login
             config = sorcery_config
 
-            if config.prevent_non_active_users_to_login
-              unless send(config.activation_state_attribute_name) == 'active'
-                return false, :inactive
-              end
+            if config.prevent_non_active_users_to_login && send(config.activation_state_attribute_name) != 'active'
+              return false, :inactive
             end
 
             true