@@ -3,6 +3,7 @@ * Only change persistence token if the password is not blank * Normalize the last_request_at_threshold so that you can pass an integer or a date/time range. * Fixed bug where password length validations were not being run because the password value was not blank. It should be run if it is a new record, the password has changed, or the password is blank. +* Added disable_magic_states option for sessions, to turn off the automatic checking of "magic states" such as active?, confirmed?, and approved?. == 1.3.7 released 2008-11-30 CHANGELOG.rdoc @@ -439,12 +439,14 @@ module Authlogic end def valid_record? + return true if disable_magic_states? [:active, :approved, :confirmed].each do |required_status| if record.respond_to?("#{required_status}?") && !record.send("#{required_status}?") errors.add_to_base(send("not_#{required_status}_message")) return false end end + true end end end lib/authlogic/session/base.rb @@ -65,6 +65,21 @@ module Authlogic end alias_method :cookie_key=, :cookie_key + # Set this to true if you want to disable the checking of active?, approved?, and confirmed? on your record. This is more or less of a + # convenience feature, since 99% of the time if those methods exist and return false you will not want the user logging in. You could + # easily accomplish this same thing with a before_validation method or other callbacks. + # + # * <tt>Default:</tt> false + # * <tt>Accepts:</tt> Boolean + def disable_magic_states(value = nil) + if value.nil? + read_inheritable_attribute(:disable_magic_states) + else + write_inheritable_attribute(:disable_magic_states, value) + end + end + alias_method :disable_magic_states=, :disable_magic_states + # Authlogic tries to validate the credentials passed to it. One part of validation is actually finding the user and making sure it exists. What method it uses the do this is up to you. # # Let's say you have a UserSession that is authenticating a User. By default UserSession will call User.find_by_login(login). You can change what method UserSession calls by specifying it here. Then @@ -333,6 +348,10 @@ module Authlogic build_key(self.class.cookie_key) end + def disable_magic_states? + self.class.disable_magic_states == true + end + def find_by_login_method self.class.find_by_login_method end lib/authlogic/session/config.rb @@ -44,7 +44,7 @@ module Authlogic # :nodoc: MAJOR = 1 MINOR = 3 - TINY = 7 + TINY = 8 # The current version as a Version instance CURRENT = new(MAJOR, MINOR, TINY) lib/authlogic/version.rb @@ -274,6 +274,39 @@ module SessionTests assert session.errors.empty? end + def test_valid_record + session = UserSession.new + ben = users(:ben) + session.send(:record=, ben) + assert session.send :valid_record? + assert session.errors.empty? + + ben.update_attribute(:active, false) + assert !session.send(:valid_record?) + assert session.errors.on_base.size > 0 + + ben.active = true + ben.approved = false + ben.save + assert !session.send(:valid_record?) + assert session.errors.on_base.size > 0 + + ben.approved = true + ben.confirmed = false + ben.save + assert !session.send(:valid_record?) + assert session.errors.on_base.size > 0 + + ben.approved = false + ben.confirmed = false + ben.active = false + + UserSession.disable_magic_states = true + session = UserSession.new + session.send(:record=, ben) + assert session.send :valid_record? + end + def test_valid_http_auth ben = users(:ben) session = UserSession.new test/session_tests/base_test.rb @@ -23,6 +23,18 @@ module SessionTests session = UserSession.new assert_equal "user_credentials", session.cookie_key end + + def test_disable_magic_states + UserSession.disable_magic_states = true + assert_equal true, UserSession.disable_magic_states + session = UserSession.new + assert_equal true, session.disable_magic_states? + + UserSession.disable_magic_states false + assert_equal false, UserSession.disable_magic_states + session = UserSession.new + assert_equal false, session.disable_magic_states? + end def test_find_by_login_method UserSession.find_by_login_method = "my_login_method" test/session_tests/config_test.rb @@ -50,6 +50,9 @@ ActiveRecord::Schema.define(:version => 1) do t.datetime :last_login_at t.string :current_login_ip t.string :last_login_ip + t.boolean :active, :default => true + t.boolean :approved, :default => true + t.boolean :confirmed, :default => true end create_table :employees do |t| test/test_helper.rb 5ee3be09100f9bdb5e7490783a00777b8cba30de binarylogic bjohnson@binarylogic.com http://github.com/binarylogic/authlogic/commit/1f74ab91b96619095da596243f6a77c544872617 1f74ab91b96619095da596243f6a77c544872617 2008-12-24T10:03:00-08:00 2008-12-24T10:03:00-08:00 Added disable_magic_states option for sessions 240d6653b17962ed255c422db77e8c64b9898da8 binarylogic bjohnson@binarylogic.com