Breaking change: Authlogic::Random: Method visibility

Methods in Authlogic::Random are now module methods, and are no
longer instance methods. Previously, there were both. Do not use
Authlogic::Random as a mixin.

.rubocop.yml

@@ -82,3 +82,8 @@ Style/BlockDelimiters:
 # the compact style.
 Style/ClassAndModuleChildren:
   EnforcedStyle: nested
+
+# Both `module_function` and `extend_self` are legitimate. Most importantly,
+# they are different (http://bit.ly/2hSQAGm)
+Style/ModuleFunction:
+  Enabled: false

.rubocop_todo.yml

@@ -52,13 +52,6 @@ Style/MixinUsage:
   Exclude:
     - 'lib/authlogic/acts_as_authentic/base.rb'
 
-# Offense count: 1
-# Configuration parameters: EnforcedStyle, SupportedStyles.
-# SupportedStyles: module_function, extend_self
-Style/ModuleFunction:
-  Exclude:
-    - 'lib/authlogic/random.rb'
-
 # Offense count: 3
 Style/MultilineTernaryOperator:
   Exclude:

CHANGELOG.md

@@ -9,6 +9,9 @@
   * 'httponly' and 'secure' cookie options are enabled by default now
   * maintain_sessions config has been removed. It has been split into 2 new options:
     log_in_after_create & log_in_after_password_change (@lucasminissale)
+  * Methods in Authlogic::Random are now module methods, and are no longer
+    instance methods. Previously, there were both. Do not use Authlogic::Random
+    as a mixin.
 
 * Added
   * Support for ruby 2.4, specifically openssl gem 2.0

lib/authlogic/random.rb

@@ -3,15 +3,13 @@
 module Authlogic
   # Generates random strings using ruby's SecureRandom library.
   module Random
-    extend self
-
-    def hex_token
+    def self.hex_token
       SecureRandom.hex(64)
     end
 
     # Returns a string in base64url format as defined by RFC-3548 and RFC-4648.
     # We call this a "friendly" token because it is short and safe for URLs.
-    def friendly_token
+    def self.friendly_token
       SecureRandom.urlsafe_base64(15)
     end
   end