Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Release v0.10.2

  • Loading branch information...
commit 24501b4c14918844bbf91eea60a8f568026fcc96 1 parent 4ff3efd
@binarylogic authored
View
1  CHANGELOG.rdoc
@@ -2,6 +2,7 @@
* Added in stretches to the default Sha512 encryption algorithm.
* Use column_names instead of columns when determining if a column is present.
+* Improved validation callbacks. after_validation should only be run if valid? = true. Also clear errors before the "before_validation" callback.
== 0.10.1 released 2008-10-24
View
4 README.rdoc
@@ -33,7 +33,7 @@ What if your user sessions controller could look just like your other controller
end
end
-Look familiar? If you didn't know any better, you would think UserSession was an ActiveRecord model. I think that's pretty cool, because it fits nicely into the RESTful development pattern, is a style we all know and love. What about the view...
+Look familiar? If you didn't know any better, you would think UserSession was an ActiveRecord model. I think that's pretty cool, because it fits nicely into the RESTful development pattern, a style we all know and love. What about the view...
<%= error_messages_for "user_session" %>
<% form_for @user_session do |f| %>
@@ -95,7 +95,7 @@ It is important to set your configuration for your session before you set the co
=== Ensure proper database fields
-The user model needs to have the following columns. The names of these columns can be changed with configuration.
+The user model needs to have the following columns. The names of these columns can be changed with configuration. Better yet, Authgasm tries to guess these names by checking for the existence of common names. See Authgasm::Session::Config::ClassMethods for more details, but chances are you won't have to specify any configuration for your field names.
t.string :login, :null => false
t.string :crypted_password, :null => false
View
94 lib/authgasm/session/base.rb
@@ -257,51 +257,12 @@ def unauthorized_record=(value)
def valid?
errors.clear
- temp_record = unauthorized_record
-
- case login_with
- when :credentials
- errors.add(login_field, "can not be blank") if send(login_field).blank?
- errors.add(password_field, "can not be blank") if send("protected_#{password_field}").blank?
- return false if errors.count > 0
-
- temp_record = klass.send(find_by_login_method, send(login_field))
-
- if temp_record.blank?
- errors.add(login_field, "was not found")
- return false
- end
-
- unless temp_record.send(verify_password_method, send("protected_#{password_field}"))
- errors.add(password_field, "is invalid")
- return false
- end
- when :unauthorized_record
- if temp_record.blank?
- errors.add_to_base("You can not log in with a blank record.")
- return false
- end
-
- if temp_record.new_record?
- errors.add_to_base("You can not login with a new record.") if temp_record.new_record?
- return false
- end
- else
- errors.add_to_base("You must provide some form of credentials before logging in.")
- return false
+ temp_record = validate_credentials
+ if errors.empty?
+ @record = temp_record
+ return true
end
-
- [:active, :approved, :confirmed].each do |required_status|
- if temp_record.respond_to?("#{required_status}?") && !temp_record.send("#{required_status}?")
- errors.add_to_base("Your account has not been marked as #{required_status}")
- return false
- end
- end
-
- # All is good, lets set the record
- @record = temp_record
-
- true
+ false
end
def valid_http_auth?
@@ -397,6 +358,51 @@ def session_credentials
def update_session!
controller.session[session_key] = record && record.send(remember_token_field)
end
+
+ def validate_credentials
+ temp_record = unauthorized_record
+
+ case login_with
+ when :credentials
+ errors.add(login_field, "can not be blank") if send(login_field).blank?
+ errors.add(password_field, "can not be blank") if send("protected_#{password_field}").blank?
+ return if errors.count > 0
+
+ temp_record = klass.send(find_by_login_method, send(login_field))
+
+ if temp_record.blank?
+ errors.add(login_field, "was not found")
+ return
+ end
+
+ unless temp_record.send(verify_password_method, send("protected_#{password_field}"))
+ errors.add(password_field, "is invalid")
+ return
+ end
+ when :unauthorized_record
+ if temp_record.blank?
+ errors.add_to_base("You can not log in with a blank record.")
+ return
+ end
+
+ if temp_record.new_record?
+ errors.add_to_base("You can not login with a new record.") if temp_record.new_record?
+ return
+ end
+ else
+ errors.add_to_base("You must provide some form of credentials before logging in.")
+ return
+ end
+
+ [:active, :approved, :confirmed].each do |required_status|
+ if temp_record.respond_to?("#{required_status}?") && !temp_record.send("#{required_status}?")
+ errors.add_to_base("Your account has not been marked as #{required_status}")
+ return
+ end
+ end
+
+ temp_record
+ end
end
end
end
View
15 lib/authgasm/session/callbacks.rb
@@ -7,7 +7,7 @@ module Callbacks
CALLBACKS = %w(before_create after_create before_destroy after_destroy before_save after_save before_update after_update before_validation after_validation)
def self.included(base) #:nodoc:
- [:destroy, :save, :valid?].each do |method|
+ [:destroy, :save, :valid?, :validate_credentials].each do |method|
base.send :alias_method_chain, method, :callbacks
end
@@ -41,15 +41,16 @@ def save_with_callbacks # :nodoc:
result
end
- def valid_with_callbacks? # :nodoc:
- run_callbacks(:before_validation)
+ def valid_with_callbacks?
result = valid_without_callbacks?
- if result
- run_callbacks(:after_validation)
- result = errors.empty?
- end
+ run_callbacks(:after_validation) if result
result
end
+
+ def validate_credentials_with_callbacks # :nodoc:
+ run_callbacks(:before_validation)
+ validate_credentials_without_callbacks
+ end
end
end
end
View
2  lib/authgasm/version.rb
@@ -44,7 +44,7 @@ def to_a
MAJOR = 0
MINOR = 10
- TINY = 1
+ TINY = 2
# The current version as a Version instance
CURRENT = new(MAJOR, MINOR, TINY)
View
BIN  test_app/db/test.sqlite3
Binary file not shown
Please sign in to comment.
Something went wrong with that request. Please try again.