Permalink
Browse files

User column_names instead of colums when determining if a column exists

  • Loading branch information...
1 parent 3f5055e commit 4b1f8fafbcdde41c7cb21d1bcb4aceafa99ac8d0 @binarylogic committed Oct 29, 2008
Showing with 37 additions and 35 deletions.
  1. +2 −1 CHANGELOG.rdoc
  2. +3 −3 README.rdoc
  3. +26 −25 lib/authgasm/acts_as_authentic.rb
  4. +6 −6 lib/authgasm/session/config.rb
View
@@ -1,6 +1,7 @@
== 0.10.2 released 2008-10-24
-* Added in stretched to the default Sha512 encryption algorithm
+* Added in stretches to the default Sha512 encryption algorithm.
+* Use column_names instead of columns when determining if a column is present.
== 0.10.1 released 2008-10-24
View
@@ -10,7 +10,7 @@ Wouldn't it be nice to keep your app up to date with the latest and greatest sec
What if creating a user session could be as simple as...
- UserSession.create(params[:user])
+ UserSession.create(params[:user_session])
What if your user sessions controller could look just like your other controllers...
@@ -33,7 +33,7 @@ What if your user sessions controller could look just like your other controller
end
end
-Look familiar? If you didn't know any better, you would think UserSession was an ActiveRecord model. I think that's pretty cool. Why is that cool? Because it fits nicely into the RESTful development pattern and its a style we all know and love. Wouldn't this be cool too...
+Look familiar? If you didn't know any better, you would think UserSession was an ActiveRecord model. I think that's pretty cool, because it fits nicely into the RESTful development pattern, is a style we all know and love. What about the view...
<%= error_messages_for "user_session" %>
<% form_for @user_session do |f| %>
@@ -169,7 +169,7 @@ The errors in Authgasm work JUST LIKE ActiveRecord. In fact, it uses the exact s
== Automatic Session Updating
-This is one of my favorite features that I think its pretty cool. It's things like this that make a library great and let you know you are on the right track.
+This is one of my favorite features that I think is pretty cool. It's things like this that make a library great and let you know you are on the right track.
Just to clear up any confusion, Authgasm does not store the plain id in the session. It stores a token. This token changes with the password, this way stale sessions can not be persisted.
@@ -7,32 +7,33 @@ def self.included(base)
# = Acts As Authentic
# Provides and "acts_as" method to include in your models to help with authentication. See method below.
module ClassMethods
- # Call this method in your model to add in basic authentication madness:
+ # Call this method in your model to add in basic authentication madness that your authgasm session expects.
#
- # 1. Adds various validations for the login field
- # 2. Adds various validations for the password field
- # 3. Handles password encryption
- # 4. Adds usefule methods to dealing with authentication
+ # <b>Please keep in mind</b> that based on your configuration the method names could change. For example, if you pass the option:
+ #
+ # :password_field => :pass
+ #
+ # The method will not be password=, it will be pass=. Same with valid_password?, it will be valid_pass?, etc.
#
# === Methods
# For example purposes lets assume you have a User model.
#
# Class method name Description
- # User.unique_token returns unique token generated by your :crypto_provider
# User.crypto_provider The class that you set in your :crypto_provider option
- # User.forget_all! Resets all records so they will not be remembered on their next visit. Basically makes their cookies invalid
+ # User.forget_all! Finds all records, loops through them, and calls forget! on each record. This is paginated to save on memory.
+ # User.unique_token returns unique token generated by your :crypto_provider
#
# Named Scopes
- # User.logged_in Find all users who are logged in, based on your :logged_in_timeout option
- # User.logged_out Same as above, but logged out
+ # User.logged_in Find all users who are logged in, based on your :logged_in_timeout option.
+ # User.logged_out Same as above, but logged out.
#
# Isntace method name
- # user.password= Method name based on the :password_field option. This is used to set the password. Pass the *raw* password to this
- # user.confirm_password= Confirms the password, needed to change the password
- # user.valid_password?(pass) Based on the valid of :password_field. Determines if the password passed is valid. The password could be encrypted or raw.
- # user.randomize_password! Basically resets the password to a random password using only letters and numbers
- # user.logged_in? Based on the :logged_in_timeout option. Tells you if the user is logged in or not
- # user.forget! Changes their remember token, making their cookie invalid.
+ # user.password= Method name based on the :password_field option. This is used to set the password. Pass the *raw* password to this.
+ # user.confirm_password= Confirms the password, needed to change the password.
+ # user.valid_password?(pass) Determines if the password passed is valid. The password could be encrypted or raw.
+ # user.randomize_password! Basically resets the password to a random password using only letters and numbers.
+ # user.logged_in? Based on the :logged_in_timeout option. Tells you if the user is logged in or not.
+ # user.forget! Changes their remember token, making their cookie and session invalid. A way to log the user out withouth changing their password.
#
# === Options
# * <tt>session_class:</tt> default: "#{name}Session", the related session class. Used so that you don't have to repeat yourself here. A lot of the configuration will be based off of the configuration values of this class.
@@ -55,15 +56,15 @@ def acts_as_authentic(options = {})
options[:login_field_type] ||= options[:login_field] == :email ? :email : :login
options[:password_field] ||= options[:session_class].password_field
options[:crypted_password_field] ||=
- (columns.include?("crypted_password") && :crypted_password) ||
- (columns.include?("encrypted_password") && :encrypted_password) ||
- (columns.include?("password_hash") && :password_hash) ||
- (columns.include?("pw_hash") && :pw_hash) ||
+ (column_names.include?("crypted_password") && :crypted_password) ||
+ (column_names.include?("encrypted_password") && :encrypted_password) ||
+ (column_names.include?("password_hash") && :password_hash) ||
+ (column_names.include?("pw_hash") && :pw_hash) ||
:crypted_password
options[:password_salt_field] ||=
- (columns.include?("password_salt") && :password_salt) ||
- (columns.include?("pw_salt") && :pw_salt) ||
- (columns.include?("salt") && :salt) ||
+ (column_names.include?("password_salt") && :password_salt) ||
+ (column_names.include?("pw_salt") && :pw_salt) ||
+ (column_names.include?("salt") && :salt) ||
:password_salt
options[:remember_token_field] ||= options[:session_class].remember_token_field
options[:logged_in_timeout] ||= 10.minutes
@@ -117,7 +118,7 @@ def self.forget_all!
i = 0
begin
records = find(:all, :limit => 50, :offset => i)
- records.each { |record| records.update_attribute(:#{options[:remember_token_field]}, unique_token) }
+ records.each { |record| record.forget! }
i += 50
end while !records.blank?
end
@@ -210,7 +211,7 @@ def create_sessions!
end
def find_my_sessions
- return if @saving_from_session || !#{options[:session_class]}.activated?
+ return if @saving_from_session || !#{options[:session_class]}.activated? || #{options[:session_ids].inspect}.blank?
@my_sessions = []
#{options[:session_ids].inspect}.each do |session_id|
@@ -224,7 +225,7 @@ def find_my_sessions
end
def update_sessions!
- return if @saving_from_session || !#{options[:session_class]}.activated?
+ return if @my_sessions.blank?
@my_sessions.each do |stale_session|
stale_session.unauthorized_record = self
@@ -91,7 +91,7 @@ def find_with
# * <tt>Default:</tt> Guesses based on the model columns, tries login, username, and email. If none are present it defaults to login
# * <tt>Accepts:</tt> Symbol or String
def login_field
- @login_field ||= (klass.columns.include?("login") && :login) || (klass.columns.include?("username") && :username) || (klass.columns.include?("email") && :email) || :login
+ @login_field ||= (klass.column_names.include?("login") && :login) || (klass.column_names.include?("username") && :username) || (klass.column_names.include?("email") && :email) || :login
end
attr_writer :login_field
@@ -100,7 +100,7 @@ def login_field
# * <tt>Default:</tt> Guesses based on the model columns, tries password and pass. If none are present it defaults to password
# * <tt>Accepts:</tt> Symbol or String
def password_field
- @password_field ||= (klass.columns.include?("password") && :password) || (klass.columns.include?("pass") && :pass) || :password
+ @password_field ||= (klass.column_names.include?("password") && :password) || (klass.column_names.include?("pass") && :pass) || :password
end
attr_writer :password_field
@@ -126,10 +126,10 @@ def remember_me_for=(value) # :nodoc:
# * <tt>Accepts:</tt> Symbol or String
def remember_token_field
@remember_token_field ||=
- (klass.columns.include?("remember_token") && :remember_token) ||
- (klass.columns.include?("remember_key") && :remember_key) ||
- (klass.columns.include?("cookie_token") && :cookie_token) ||
- (klass.columns.include?("cookie_key") && :cookie_key) ||
+ (klass.column_names.include?("remember_token") && :remember_token) ||
+ (klass.column_names.include?("remember_key") && :remember_key) ||
+ (klass.column_names.include?("cookie_token") && :cookie_token) ||
+ (klass.column_names.include?("cookie_key") && :cookie_key) ||
:remember_token
end
attr_writer :remember_token_field

0 comments on commit 4b1f8fa

Please sign in to comment.