Update issue link, moved from lighthouse to github

README.rdoc

@@ -55,12 +55,12 @@ Authlogic is very flexible, it has a strong public API and a plethora of hooks t
 * <b>Live example with OpenID "add on":</b> http://authlogicexample.binarylogic.com
 * <b>Live example repository with tutorial in README:</b> http://github.com/binarylogic/authlogic_example/tree/master
 * <b>Tutorial: Reset passwords with Authlogic the RESTful way:</b> http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic
-* <b>Bugs / feature suggestions:</b> http://binarylogic.lighthouseapp.com/projects/18752-authlogic
+* <b>Issues:</b> http://github.com/binarylogic/authlogic/issues
 * <b>Google group:</b> http://groups.google.com/group/authlogic
 
 <b>Before contacting me directly, please read:</b>
 
-If you find a bug or a problem please post it on lighthouse. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. This also benefits other people in the future with the same questions / problems. Thank you.
+If you find a bug or a problem please post it in the issues section. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. This also benefits other people in the future with the same questions / problems. Thank you.
 
 == Authlogic "add ons"
 

lib/authlogic/session/brute_force_protection.rb

@@ -57,7 +57,8 @@ module InstanceMethods
         # Notice the word temporary, the user will not be permanently banned unless you choose to do so with configuration.
         # By default they will be banned for 2 hours. During that 2 hour period this method will return true.
         def being_brute_force_protected?
-          exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 || (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago))
+          exceeded_failed_logins_limit? && (failed_login_ban_for <= 0 ||
+            (attempted_record.respond_to?(:updated_at) && attempted_record.updated_at >= failed_login_ban_for.seconds.ago))
         end
 
         private
@@ -76,7 +77,10 @@ def reset_failed_login_count
 
           def validate_failed_logins
             errors.clear # Clear all other error messages, as they are irrelevant at this point and can only provide additional information that is not needed
-            errors.add(:base, I18n.t('error_messages.consecutive_failed_logins_limit_exceeded', :default => "Consecutive failed logins limit exceeded, account is disabled."))
+            errors.add(:base, I18n.t(
+              'error_messages.consecutive_failed_logins_limit_exceeded', 
+              :default => "Consecutive failed logins limit exceeded, account has been" + (failed_login_ban_for == 0 ? "" : " temporarily") + " disabled."
+            ))
           end
 
           def consecutive_failed_logins_limit

lib/authlogic/session/callbacks.rb

@@ -55,7 +55,8 @@ module Session
     module Callbacks
       METHODS = [
         "before_persisting", "persist", "after_persisting",
-        "before_validation", "before_validation_on_create", "before_validation_on_update", "validate", "after_validation_on_update", "after_validation_on_create", "after_validation",
+        "before_validation", "before_validation_on_create", "before_validation_on_update", "validate",
+        "after_validation_on_update", "after_validation_on_create", "after_validation",
         "before_save", "before_create", "before_update", "after_update", "after_create", "after_save",
         "before_destroy", "after_destroy"
       ]

lib/authlogic/session/cookies.rb

@@ -69,12 +69,12 @@ def remember_me
           return @remember_me if defined?(@remember_me)
           @remember_me = self.class.remember_me
         end
-
+        
         # Accepts a boolean as a flag to remember the session or not. Basically to expire the cookie at the end of the session or keep it for "remember_me_until".
         def remember_me=(value)
           @remember_me = value
         end
-
+        
         # See remember_me
         def remember_me?
           remember_me == true || remember_me == "true" || remember_me == "1"
@@ -85,7 +85,7 @@ def remember_me_for
           return unless remember_me?
           self.class.remember_me_for
         end
-
+        
         # When to expire the cookie. See remember_me_for configuration option to change this.
         def remember_me_until
           return unless remember_me?
@@ -112,15 +112,15 @@ def persist_by_cookie
               false
             end
           end
-
+          
           def save_cookie
             controller.cookies[cookie_key] = {
               :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
               :expires => remember_me_until,
               :domain => controller.cookie_domain
             }
           end
-
+          
           def destroy_cookie
             controller.cookies.delete cookie_key, :domain => controller.cookie_domain
           end

lib/authlogic/session/magic_columns.rb

@@ -24,9 +24,10 @@ def self.included(klass)
 
       # Configuration for the magic columns feature.
       module Config
-        # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists. If you want to limit how frequent that field is updated specify the threshold
-        # here. For example, if your user is making a request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threashold. Set this to 1.minute. Once a minute has passed in between
-        # requests the field will be updated.
+        # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists.
+        # If you want to limit how frequent that field is updated specify the threshold here. For example, if your user is making a
+        # request every 5 seconds, and you feel this is too frequent, and feel a minute is a good threashold. Set this to 1.minute.
+        # Once a minute has passed in between requests the field will be updated.
         #
         # * <tt>Default:</tt> 0
         # * <tt>Accepts:</tt> integer representing time in seconds

lib/authlogic/session/magic_states.rb

@@ -9,7 +9,8 @@ module Session
     #
     # Authlogic does nothing to define these methods for you, its up to you to define what they mean. If your object responds to these methods Authlogic will use them, otherwise they are ignored.
     #
-    # What's neat about this is that these are checked upon any type of login. When logging in explicitly, by cookie, session, or basic http auth. So if you mark a user inactive in the middle of their session they wont be logged back in next time they refresh the page. Giving you complete control.
+    # What's neat about this is that these are checked upon any type of login. When logging in explicitly, by cookie, session, or basic http auth.
+    # So if you mark a user inactive in the middle of their session they wont be logged back in next time they refresh the page. Giving you complete control.
     #
     # Need Authlogic to check your own "state"? No problem, check out the hooks section below. Add in a before_validation to do your own checking. The sky is the limit.
     module MagicStates

lib/authlogic/session/params.rb

@@ -47,8 +47,9 @@ def params_key(value = nil)
         end
         alias_method :params_key=, :params_key
 
-        # Authentication is allowed via a single access token, but maybe this is something you don't want for your application as a whole. Maybe this is something you only want for specific request types.
-        # Specify a list of allowed request types and single access authentication will only be allowed for the ones you specify.
+        # Authentication is allowed via a single access token, but maybe this is something you don't want for your application as a whole. Maybe this is
+        # something you only want for specific request types. Specify a list of allowed request types and single access authentication will only be
+        # allowed for the ones you specify.
         #
         # * <tt>Default:</tt> ["application/rss+xml", "application/atom+xml"]
         # * <tt>Accepts:</tt> String of a request type, or :all or :any to allow single access authentication for any and all request types

lib/authlogic/session/password.rb

@@ -16,21 +16,24 @@ class << self
 
       # Password configuration
       module Config
-        # Authlogic tries to validate the credentials passed to it. One part of validation is actually finding the user and making sure it exists. What method it uses the do this is up to you.
+        # Authlogic tries to validate the credentials passed to it. One part of validation is actually finding the user and
+        # making sure it exists. What method it uses the do this is up to you.
         #
-        # Let's say you have a UserSession that is authenticating a User. By default UserSession will call User.find_by_login(login). You can change what method UserSession calls by specifying it here. Then
-        # in your User model you can make that method do anything you want, giving you complete control of how users are found by the UserSession.
+        # Let's say you have a UserSession that is authenticating a User. By default UserSession will call User.find_by_login(login).
+        # You can change what method UserSession calls by specifying it here. Then in your User model you can make that method do
+        # anything you want, giving you complete control of how users are found by the UserSession.
         #
-        # Let's take an example: You want to allow users to login by username or email. Set this to the name of the class method that does this in the User model. Let's call it "find_by_username_or_email"
+        # Let's take an example: You want to allow users to login by username or email. Set this to the name of the class method
+        # that does this in the User model. Let's call it "find_by_username_or_email"
         #
         #   class User < ActiveRecord::Base
         #     def self.find_by_username_or_email(login)
         #       find_by_username(login) || find_by_email(login)
         #     end
         #   end
         #
-        # Now just specify the name of this method for this configuration option and you are all set. You can do anything you want here. Maybe you allow users to have multiple logins
-        # and you want to search a has_many relationship, etc. The sky is the limit.
+        # Now just specify the name of this method for this configuration option and you are all set. You can do anything you
+        # want here. Maybe you allow users to have multiple logins and you want to search a has_many relationship, etc. The sky is the limit.
         #
         # * <tt>Default:</tt> "find_by_smart_case_login_field"
         # * <tt>Accepts:</tt> Symbol or String
@@ -89,7 +92,8 @@ def password_field(value = nil)
         end
         alias_method :password_field=, :password_field
 
-        # The name of the method in your model used to verify the password. This should be an instance method. It should also be prepared to accept a raw password and a crytped password.
+        # The name of the method in your model used to verify the password. This should be an instance method. It should also
+        # be prepared to accept a raw password and a crytped password.
         #
         # * <tt>Default:</tt> "valid_password?"
         # * <tt>Accepts:</tt> Symbol or String
@@ -114,7 +118,8 @@ def initialize(*args)
 
               self.class.class_eval <<-"end_eval", __FILE__, __LINE__
                 private
-                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the attempted password. To prevent this we just create this method that is private.
+                  # The password should not be accessible publicly. This way forms using form_for don't fill the password with the
+                  # attempted password. To prevent this we just create this method that is private.
                   def protected_#{password_field}
                     @#{password_field}
                   end
@@ -170,13 +175,17 @@ def validate_by_password
             self.attempted_record = search_for_record(find_by_login_method, send(login_field))
 
             if attempted_record.blank?
-              generalize_credentials_error_messages? ? add_general_credentials_error : errors.add(login_field, I18n.t('error_messages.login_not_found', :default => "is not valid"))
+              generalize_credentials_error_messages? ?
+                add_general_credentials_error :
+                errors.add(login_field, I18n.t('error_messages.login_not_found', :default => "is not valid"))
               return
             end
 
             if !attempted_record.send(verify_password_method, send("protected_#{password_field}"))
               self.invalid_password = true
-              generalize_credentials_error_messages? ? add_general_credentials_error : errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
+              generalize_credentials_error_messages? ?
+                add_general_credentials_error :
+                errors.add(password_field, I18n.t('error_messages.password_invalid', :default => "is not valid"))
               return
             end
           end

lib/authlogic/session/session.rb

@@ -34,7 +34,9 @@ def persist_by_session
             if !persistence_token.nil?
               # Allow finding by persistence token, because when records are created the session is maintained in a before_save, when there is no id.
               # This is done for performance reasons and to save on queries.
-              record = record_id.nil? ? search_for_record("find_by_persistence_token", persistence_token) : search_for_record("find_by_#{klass.primary_key}", record_id)
+              record = record_id.nil? ?
+                search_for_record("find_by_persistence_token", persistence_token) :
+                search_for_record("find_by_#{klass.primary_key}", record_id)
               self.unauthorized_record = record if record && record.persistence_token == persistence_token
               valid?
             else