sorcery 0.9.1 → 0.10.0

data/lib/sorcery/controller/submodules/http_basic_auth.rb

@@ -2,46 +2,45 @@ module Sorcery
   module Controller
     module Submodules
       # This submodule integrates HTTP Basic authentication into sorcery.
-      # You are provided with a before filter, require_login_from_http_basic, 
+      # You are provided with a before action, require_login_from_http_basic,
       # which requests the browser for authentication.
-      # Then the rest of the submodule takes care of logging the user in 
+      # Then the rest of the submodule takes care of logging the user in
       # into the session, so that the next requests will keep him logged in.
       module HttpBasicAuth
         def self.included(base)
           base.send(:include, InstanceMethods)
           Config.module_eval do
             class << self
-              attr_accessor :controller_to_realm_map            # What realm to display for which controller name.
-                            
+              attr_accessor :controller_to_realm_map # What realm to display for which controller name.
+
               def merge_http_basic_auth_defaults!
-                @defaults.merge!(:@controller_to_realm_map  => {"application" => "Application"})
+                @defaults.merge!(:@controller_to_realm_map => { 'application' => 'Application' })
               end
             end
             merge_http_basic_auth_defaults!
           end
           Config.login_sources << :login_from_basic_auth
         end
-        
-        module InstanceMethods
 
+        module InstanceMethods
           protected
-          
-          # to be used as a before_filter.
+
+          # to be used as a before_action.
           # The method sets a session when requesting the user's credentials.
           # This is a trick to overcome the way HTTP authentication works (explained below):
           #
-          # Once the user fills the credentials once, the browser will always send it to the 
+          # Once the user fills the credentials once, the browser will always send it to the
           # server when visiting the website, until the browser is closed.
-          # This causes wierd behaviour if the user logs out. The session is reset, yet the 
-          # user is re-logged in by the before_filter calling 'login_from_basic_auth'.
+          # This causes wierd behaviour if the user logs out. The session is reset, yet the
+          # user is re-logged in by the before_action calling 'login_from_basic_auth'.
           # To overcome this, we set a session when requesting the password, which logout will
           # reset, and that's how we know if we need to request for HTTP auth again.
           def require_login_from_http_basic
-            (request_http_basic_authentication(realm_name_by_controller) and (session[:http_authentication_used] = true) and return) if (request.authorization.nil? || session[:http_authentication_used].nil?)
+            (request_http_basic_authentication(realm_name_by_controller) && (session[:http_authentication_used] = true) && return) if request.authorization.nil? || session[:http_authentication_used].nil?
             require_login
             session[:http_authentication_used] = nil unless logged_in?
           end
-          
+
           # given to main controller module as a login source callback
           def login_from_basic_auth
             authenticate_with_http_basic do |username, password|
@@ -50,7 +49,7 @@ module Sorcery
               @current_user
             end
           end
-          
+
           # Sets the realm name by searching the controller name in the hash given at configuration time.
           def realm_name_by_controller
             if defined?(ActionController::Base)
@@ -62,13 +61,11 @@ module Sorcery
               end
               nil
             else
-              Config.controller_to_realm_map["application"]
+              Config.controller_to_realm_map['application']
             end
           end
-          
         end
-
       end
     end
   end
-end
+end

data/lib/sorcery/controller/submodules/remember_me.rb

@@ -19,7 +19,7 @@ module Sorcery
           end
           Config.login_sources << :login_from_cookie
           Config.after_login << :remember_me_if_asked_to
-          Config.after_logout << :forget_me!
+          Config.before_logout << :forget_me!
         end
 
         module InstanceMethods
@@ -29,10 +29,16 @@ module Sorcery
             set_remember_me_cookie!(current_user)
           end
 
-          # Clears the cookie and clears the token from the db.
+          # Clears the cookie, and depending on the value of remember_me_token_persist_globally, may clear the token value.
           def forget_me!
             current_user.forget_me!
-            cookies.delete(:remember_me_token, :domain => Config.cookie_domain)
+            cookies.delete(:remember_me_token, domain: Config.cookie_domain)
+          end
+
+          # Clears the cookie, and clears the token value.
+          def force_forget_me!
+            current_user.force_forget_me!
+            cookies.delete(:remember_me_token, domain: Config.cookie_domain)
           end
 
           # Override.
@@ -47,8 +53,8 @@ module Sorcery
 
           # calls remember_me! if a third credential was passed to the login method.
           # Runs as a hook after login.
-          def remember_me_if_asked_to(user, credentials)
-            remember_me! if ( credentials.size == 3 && credentials[2] && credentials[2] != "0" )
+          def remember_me_if_asked_to(_user, credentials)
+            remember_me! if credentials.size == 3 && credentials[2] && credentials[2] != '0'
           end
 
           # Checks the cookie for a remember me token, tried to find a user with that token
@@ -67,14 +73,13 @@ module Sorcery
 
           def set_remember_me_cookie!(user)
             cookies.signed[:remember_me_token] = {
-              :value => user.send(user.sorcery_config.remember_me_token_attribute_name),
-              :expires => user.send(user.sorcery_config.remember_me_token_expires_at_attribute_name),
-              :httponly => Config.remember_me_httponly,
-              :domain => Config.cookie_domain
+              value: user.send(user.sorcery_config.remember_me_token_attribute_name),
+              expires: user.send(user.sorcery_config.remember_me_token_expires_at_attribute_name),
+              httponly: Config.remember_me_httponly,
+              domain: Config.cookie_domain
             }
           end
         end
-
       end
     end
   end

data/lib/sorcery/controller/submodules/session_timeout.rb

@@ -8,10 +8,10 @@ module Sorcery
           base.send(:include, InstanceMethods)
           Config.module_eval do
             class << self
-              attr_accessor :session_timeout,                     # how long in seconds to keep the session alive.
-
-                            :session_timeout_from_last_action     # use the last action as the beginning of session
-                                                                  # timeout.
+              # how long in seconds to keep the session alive.
+              attr_accessor :session_timeout
+              # use the last action as the beginning of session timeout.
+              attr_accessor :session_timeout_from_last_action
 
               def merge_session_timeout_defaults!
                 @defaults.merge!(:@session_timeout                      => 3600, # 1.hour
@@ -21,7 +21,7 @@ module Sorcery
             merge_session_timeout_defaults!
           end
           Config.after_login << :register_login_time
-          base.prepend_before_filter :validate_session
+          base.prepend_before_action :validate_session
         end
 
         module InstanceMethods
@@ -29,12 +29,12 @@ module Sorcery
 
           # Registers last login to be used as the timeout starting point.
           # Runs as a hook after a successful login.
-          def register_login_time(user, credentials)
+          def register_login_time(_user, _credentials)
             session[:login_time] = session[:last_action_time] = Time.now.in_time_zone
           end
 
           # Checks if session timeout was reached and expires the current session if so.
-          # To be used as a before_filter, before require_login
+          # To be used as a before_action, before require_login
           def validate_session
             session_to_use = Config.session_timeout_from_last_action ? session[:last_action_time] : session[:login_time]
             if session_to_use && sorcery_session_expired?(session_to_use.to_time)
@@ -48,7 +48,6 @@ module Sorcery
           def sorcery_session_expired?(time)
             Time.now.in_time_zone - time > Config.session_timeout
           end
-
         end
       end
     end

data/lib/sorcery/crypto_providers/aes256.rb

@@ -1,51 +1,51 @@
-require "openssl"
+require 'openssl'
 
 module Sorcery
   module CryptoProviders
-    # This encryption method is reversible if you have the supplied key. 
+    # This encryption method is reversible if you have the supplied key.
     # So in order to use this encryption method you must supply it with a key first.
     # In an initializer, or before your application initializes, you should do the following:
     #
     #   Sorcery::Model::ConfigAES256.key = "my 32 bytes long key"
     #
-    # My final comment is that this is a strong encryption method, 
+    # My final comment is that this is a strong encryption method,
     # but its main weakness is that its reversible. If you do not need to reverse the hash
     # then you should consider Sha512 or BCrypt instead.
     #
     # Keep your key in a safe place, some even say the key should be stored on a separate server.
-    # This won't hurt performance because the only time it will try and access the key on the 
+    # This won't hurt performance because the only time it will try and access the key on the
     # separate server is during initialization, which only
-    # happens once. The reasoning behind this is if someone does compromise your server they 
+    # happens once. The reasoning behind this is if someone does compromise your server they
     # won't have the key also. Basically, you don't want to store the key with the lock.
     class AES256
       class << self
         attr_writer :key
-    
+
         def encrypt(*tokens)
           aes.encrypt
           aes.key = @key
-          [aes.update(tokens.join) + aes.final].pack("m").chomp
+          [aes.update(tokens.join) + aes.final].pack('m').chomp
         end
-    
+
         def matches?(crypted, *tokens)
           decrypt(crypted) == tokens.join
         rescue OpenSSL::CipherError
           false
         end
-        
+
         def decrypt(crypted)
           aes.decrypt
           aes.key = @key
-          (aes.update(crypted.unpack("m").first) + aes.final)
+          (aes.update(crypted.unpack('m').first) + aes.final)
         end
-    
+
         private
-        
+
         def aes
-          raise ArgumentError.new("#{name} expects a 32 bytes long key. Please use Sorcery::Model::Config.encryption_key to set it.") if ( @key.nil? || @key == "" )
-          @aes ||= OpenSSL::Cipher::Cipher.new("AES-256-ECB")
+          raise ArgumentError, "#{name} expects a 32 bytes long key. Please use Sorcery::Model::Config.encryption_key to set it." if @key.nil? || @key == ''
+          @aes ||= OpenSSL::Cipher.new('AES-256-ECB')
         end
       end
     end
   end
-end
+end

data/lib/sorcery/crypto_providers/bcrypt.rb

@@ -2,9 +2,9 @@ require 'bcrypt'
 
 module Sorcery
   module CryptoProviders
-    # For most apps Sha512 is plenty secure, but if you are building an app that stores nuclear 
+    # For most apps Sha512 is plenty secure, but if you are building an app that stores nuclear
     # launch codes you might want to consier BCrypt. This is an extremely
-    # secure hashing algorithm, mainly because it is slow. 
+    # secure hashing algorithm, mainly because it is slow.
     # A brute force attack on a BCrypt encrypted password would take much longer than a brute force attack on a
     # password encrypted with a Sha algorithm. Keep in mind you are sacrificing performance by using this,
     # generating a password takes exponentially longer than any
@@ -40,30 +40,30 @@ module Sorcery
     # You are good to go!
     class BCrypt
       class << self
-        # This is the :cost option for the BCrpyt library. 
+        # This is the :cost option for the BCrpyt library.
         # The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
-        # Set this to whatever you want, play around with it to get that perfect balance between 
+        # Set this to whatever you want, play around with it to get that perfect balance between
         # security and performance.
         def cost
           @cost ||= 10
         end
         attr_writer :cost
-        alias :stretches :cost
-        alias :stretches= :cost=
-        
+        alias stretches cost
+        alias stretches= cost=
+
         # Creates a BCrypt hash for the password passed.
         def encrypt(*tokens)
-          ::BCrypt::Password.create(join_tokens(tokens), :cost => cost)
+          ::BCrypt::Password.create(join_tokens(tokens), cost: cost)
         end
-        
+
         # Does the hash match the tokens? Uses the same tokens that were used to encrypt.
         def matches?(hash, *tokens)
           hash = new_from_hash(hash)
           return false if hash.nil? || hash == {}
           hash == join_tokens(tokens)
         end
-        
-        # This method is used as a flag to tell Sorcery to "resave" the password 
+
+        # This method is used as a flag to tell Sorcery to "resave" the password
         # upon a successful login, using the new cost
         def cost_matches?(hash)
           hash = new_from_hash(hash)
@@ -73,25 +73,23 @@ module Sorcery
             hash.cost == cost
           end
         end
-        
+
         def reset!
           @cost = 10
         end
-        
+
         private
-        
+
         def join_tokens(tokens)
           tokens.flatten.join
         end
-        
+
         def new_from_hash(hash)
-          begin
-            ::BCrypt::Password.new(hash)
-          rescue ::BCrypt::Errors::InvalidHash
-            return nil
-          end
+          ::BCrypt::Password.new(hash)
+        rescue ::BCrypt::Errors::InvalidHash
+          return nil
         end
       end
     end
   end
-end
+end

data/lib/sorcery/crypto_providers/common.rb

@@ -32,4 +32,4 @@ module Sorcery
       end
     end
   end
-end
+end

data/lib/sorcery/crypto_providers/md5.rb

@@ -1,9 +1,9 @@
-require "digest/md5"
- 
+require 'digest/md5'
+
 module Sorcery
   module CryptoProviders
-    # This class was made for the users transitioning from md5 based systems. 
-    # I highly discourage using this crypto provider as it superbly inferior 
+    # This class was made for the users transitioning from md5 based systems.
+    # I highly discourage using this crypto provider as it superbly inferior
     # to your other options.
     #
     # Please use any other provider offered by Sorcery.
@@ -16,4 +16,4 @@ module Sorcery
       end
     end
   end
-end
+end

data/lib/sorcery/crypto_providers/sha1.rb

@@ -1,4 +1,4 @@
-require "digest/sha1"
+require 'digest/sha1'
 
 module Sorcery
   module CryptoProviders
@@ -8,9 +8,9 @@ module Sorcery
       include Common
       class << self
         def join_token
-          @join_token ||= "--"
+          @join_token ||= '--'
         end
-        
+
         # Turns your raw password into a Sha1 hash.
         def encrypt(*tokens)
           tokens = tokens.flatten
@@ -18,11 +18,11 @@ module Sorcery
           stretches.times { digest = secure_digest([digest, *tokens].join(join_token)) }
           digest
         end
-        
+
         def secure_digest(digest)
           Digest::SHA1.hexdigest(digest)
         end
       end
     end
   end
-end
+end

data/lib/sorcery/crypto_providers/sha256.rb

@@ -1,7 +1,7 @@
-require "digest/sha2"
+require 'digest/sha2'
 
 module Sorcery
-  # The activate_sorcery method has a custom_crypto_provider configuration option. 
+  # The activate_sorcery method has a custom_crypto_provider configuration option.
   # This allows you to use any type of encryption you like.
   # Just create a class with a class level encrypt and matches? method. See example below.
   #

data/lib/sorcery/crypto_providers/sha512.rb

@@ -1,7 +1,7 @@
-require "digest/sha2"
+require 'digest/sha2'
 
 module Sorcery
-  # The activate_sorcery method has a custom_crypto_provider configuration option. 
+  # The activate_sorcery method has a custom_crypto_provider configuration option.
   # This allows you to use any type of encryption you like.
   # Just create a class with a class level encrypt and matches? method. See example below.
   #
@@ -33,4 +33,4 @@ module Sorcery
       end
     end
   end
-end
+end

data/lib/sorcery/engine.rb

@@ -6,16 +6,11 @@ module Sorcery
   # With the plugin logic.
   class Engine < Rails::Engine
     config.sorcery = ::Sorcery::Controller::Config
-    
-    initializer "extend Controller with sorcery" do |app|
+
+    initializer 'extend Controller with sorcery' do
       ActionController::Base.send(:include, Sorcery::Controller)
       ActionController::Base.helper_method :current_user
       ActionController::Base.helper_method :logged_in?
     end
-    
-    rake_tasks do
-      load "sorcery/railties/tasks.rake"
-    end
-    
   end
-end
+end

data/lib/sorcery/model.rb

@@ -17,7 +17,7 @@ module Sorcery
       include_required_submodules!
 
       # This runs the options block set in the initializer on the model class.
-      ::Sorcery::Controller::Config.user_config.tap{|blk| blk.call(@sorcery_config) if blk}
+      ::Sorcery::Controller::Config.user_config.tap { |blk| blk.call(@sorcery_config) if blk }
 
       define_base_fields
       init_orm_hooks!
@@ -29,7 +29,7 @@ module Sorcery
     private
 
     def define_base_fields
-      self.class_eval do
+      class_eval do
         sorcery_config.username_attribute_names.each do |username|
           sorcery_adapter.define_field username, String, length: 255
         end
@@ -39,17 +39,16 @@ module Sorcery
         sorcery_adapter.define_field sorcery_config.crypted_password_attribute_name, String, length: 255
         sorcery_adapter.define_field sorcery_config.salt_attribute_name, String, length: 255
       end
-
     end
 
     # includes required submodules into the model class,
     # which usually is called User.
     def include_required_submodules!
-      self.class_eval do
+      class_eval do
         @sorcery_config.submodules = ::Sorcery::Controller::Config.submodules
         @sorcery_config.submodules.each do |mod|
           begin
-            include Submodules.const_get(mod.to_s.split('_').map {|p| p.capitalize}.join)
+            include Submodules.const_get(mod.to_s.split('_').map(&:capitalize).join)
           rescue NameError
             # don't stop on a missing submodule. Needed because some submodules are only defined
             # in the controller side.
@@ -60,11 +59,11 @@ module Sorcery
 
     # add virtual password accessor and ORM callbacks.
     def init_orm_hooks!
-      sorcery_adapter.define_callback :before, :validation, :encrypt_password, if: Proc.new {|record|
+      sorcery_adapter.define_callback :before, :validation, :encrypt_password, if: proc { |record|
         record.send(sorcery_config.password_attribute_name).present?
       }
 
-      sorcery_adapter.define_callback :after, :save, :clear_virtual_password, if: Proc.new {|record|
+      sorcery_adapter.define_callback :after, :save, :clear_virtual_password, if: proc { |record|
         record.send(sorcery_config.password_attribute_name).present?
       }
 
@@ -82,7 +81,7 @@ module Sorcery
       # Finds the user by the username and compares the user's password to the one supplied to the method.
       # returns the user if success, nil otherwise.
       def authenticate(*credentials)
-        raise ArgumentError, "at least 2 arguments required" if credentials.size < 2
+        raise ArgumentError, 'at least 2 arguments required' if credentials.size < 2
 
         return false if credentials[0].blank?
 
@@ -93,19 +92,19 @@ module Sorcery
         user = sorcery_adapter.find_by_credentials(credentials)
 
         if user.respond_to?(:active_for_authentication?)
-          return nil if !user.active_for_authentication?
+          return nil unless user.active_for_authentication?
         end
 
         set_encryption_attributes
 
-        user if user && @sorcery_config.before_authenticate.all? {|c| user.send(c)} && user.valid_password?(credentials[1])
+        user if user && @sorcery_config.before_authenticate.all? { |c| user.send(c) } && user.valid_password?(credentials[1])
       end
 
       # encrypt tokens using current encryption_provider.
       def encrypt(*tokens)
         return tokens.first if @sorcery_config.encryption_provider.nil?
 
-        set_encryption_attributes()
+        set_encryption_attributes
 
         CryptoProviders::AES256.key = @sorcery_config.encryption_key
         @sorcery_config.encryption_provider.encrypt(*tokens)
@@ -113,13 +112,13 @@ module Sorcery
 
       protected
 
-      def set_encryption_attributes()
+      def set_encryption_attributes
         @sorcery_config.encryption_provider.stretches = @sorcery_config.stretches if @sorcery_config.encryption_provider.respond_to?(:stretches) && @sorcery_config.stretches
         @sorcery_config.encryption_provider.join_token = @sorcery_config.salt_join_token if @sorcery_config.encryption_provider.respond_to?(:join_token) && @sorcery_config.salt_join_token
       end
-      
+
       def add_config_inheritance
-        self.class_eval do
+        class_eval do
           def self.inherited(subclass)
             subclass.class_eval do
               class << self
@@ -131,7 +130,6 @@ module Sorcery
           end
         end
       end
-
     end
 
     module InstanceMethods
@@ -148,12 +146,12 @@ module Sorcery
 
       # Calls the configured encryption provider to compare the supplied password with the encrypted one.
       def valid_password?(pass)
-        _crypted = self.send(sorcery_config.crypted_password_attribute_name)  
-        return _crypted == pass if sorcery_config.encryption_provider.nil?
+        crypted = send(sorcery_config.crypted_password_attribute_name)
+        return crypted == pass if sorcery_config.encryption_provider.nil?
 
-        _salt = self.send(sorcery_config.salt_attribute_name) unless sorcery_config.salt_attribute_name.nil?
+        salt = send(sorcery_config.salt_attribute_name) unless sorcery_config.salt_attribute_name.nil?
 
-        sorcery_config.encryption_provider.matches?(_crypted, pass, _salt)
+        sorcery_config.encryption_provider.matches?(crypted, pass, salt)
       end
 
       protected
@@ -162,16 +160,16 @@ module Sorcery
       # encrypts password with salt and saves it.
       def encrypt_password
         config = sorcery_config
-        self.send(:"#{config.salt_attribute_name}=", new_salt = TemporaryToken.generate_random_token) if !config.salt_attribute_name.nil?
-        self.send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(self.send(config.password_attribute_name),new_salt))
+        send(:"#{config.salt_attribute_name}=", new_salt = TemporaryToken.generate_random_token) unless config.salt_attribute_name.nil?
+        send(:"#{config.crypted_password_attribute_name}=", self.class.encrypt(send(config.password_attribute_name), new_salt))
       end
 
       def clear_virtual_password
         config = sorcery_config
-        self.send(:"#{config.password_attribute_name}=", nil)
+        send(:"#{config.password_attribute_name}=", nil)
 
         if respond_to?(:"#{config.password_attribute_name}_confirmation=")
-          self.send(:"#{config.password_attribute_name}_confirmation=", nil)
+          send(:"#{config.password_attribute_name}_confirmation=", nil)
         end
       end
 
@@ -179,17 +177,11 @@ module Sorcery
       # supports both the ActionMailer 3 way of calling, and the plain old Ruby object way.
       def generic_send_email(method, mailer)
         config = sorcery_config
-        mail = config.send(mailer).send(config.send(method),self)
-        if defined?(ActionMailer) and config.send(mailer).kind_of?(Class) and config.send(mailer) < ActionMailer::Base
-          # Rails 4.2 deprecates #deliver
-          if mail.respond_to?(:deliver_now)
-            mail.deliver_now
-          else
-            mail.deliver
-          end
+        mail = config.send(mailer).send(config.send(method), self)
+        if defined?(ActionMailer) && config.send(mailer).is_a?(Class) && config.send(mailer) < ActionMailer::Base
+          mail.send(config.email_delivery_method)
         end
       end
     end
-
   end
 end