Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

fix regex encoding conflict

  • Loading branch information...
commit 6592f3aafcaf3072ee417338adc88c67d45e7d93 2 parents 139dd03 + 9bc2760
@binarylogic authored
View
3  .gitignore
@@ -7,4 +7,5 @@ coverage/*
doc/*
benchmarks/*
.specification
-.rvmrc
+.rvmrc
+gemfiles/*.gemfile.lock
View
1  .travis.yml
@@ -2,6 +2,7 @@ rvm:
- 1.8.7
- 1.9.3
- 2.0.0
+ - 2.1.0
- ree
- jruby
View
2  README.rdoc
@@ -162,3 +162,5 @@ Interested in how all of this all works? Think about an ActiveRecord model. A da
Copyright (c) 2012 {Ben Johnson of Binary Logic}[http://www.binarylogic.com], released under the MIT license
+
+{<img src="https://codeclimate.com/github/binarylogic/authlogic.png" />}[https://codeclimate.com/github/binarylogic/authlogic]
View
2  lib/authlogic/acts_as_authentic/password.rb
@@ -149,7 +149,7 @@ def merge_validates_length_of_password_confirmation_field_options(options = {})
# * <tt>Default:</tt> CryptoProviders::Sha512
# * <tt>Accepts:</tt> Class
def crypto_provider(value = nil)
- rw_config(:crypto_provider, value, CryptoProviders::Sha512)
+ rw_config(:crypto_provider, value, CryptoProviders::SCrypt)
end
alias_method :crypto_provider=, :crypto_provider
View
2  lib/authlogic/acts_as_authentic/persistence_token.rb
@@ -36,7 +36,7 @@ def forget_all
records = nil
i = 0
begin
- records = find(:all, :limit => 50, :offset => i)
+ records = limit(50).offset(i)
records.each { |record| record.forget! }
i += 50
end while !records.blank?
View
2  lib/authlogic/authenticates_many/base.rb
@@ -42,7 +42,7 @@ def authenticates_many(name, options = {})
options[:relationship_name] ||= options[:session_class].klass_name.underscore.pluralize
class_eval <<-"end_eval", __FILE__, __LINE__
def #{name}
- find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.scoped
+ find_options = #{options[:find_options].inspect} || #{options[:relationship_name]}.where(nil)
@#{name} ||= Authlogic::AuthenticatesMany::Association.new(#{options[:session_class]}, find_options, #{options[:scope_cookies] ? "self.class.model_name.underscore + '_' + self.send(self.class.primary_key).to_s" : "nil"})
end
end_eval
View
2  lib/authlogic/controller_adapters/sinatra_adapter.rb
@@ -11,7 +11,7 @@ def initialize(request, response)
end
def delete(key, options = {})
- @request.cookies.delete(key)
+ @response.delete_cookie(key, options)
end
def []=(key, options)
View
16 lib/authlogic/crypto_providers/bcrypt.rb
@@ -6,10 +6,14 @@
module Authlogic
module CryptoProviders
- # For most apps Sha512 is plenty secure, but if you are building an app that stores nuclear launch codes you might want to consier BCrypt. This is an extremely
- # secure hashing algorithm, mainly because it is slow. A brute force attack on a BCrypt encrypted password would take much longer than a brute force attack on a
- # password encrypted with a Sha algorithm. Keep in mind you are sacrificing performance by using this, generating a password takes exponentially longer than any
- # of the Sha algorithms. I did some benchmarking to save you some time with your decision:
+ # The family of adaptive hash functions (BCrypt, SCrypt, PBKDF2)
+ # is the best choice for password storage today. They have the
+ # three properties of password hashing that are desirable. They
+ # are one-way, unique, and slow. While a salted SHA or MD5 hash is
+ # one-way and unique, preventing rainbow table attacks, they are
+ # still lightning fast and attacks on the stored passwords are
+ # much more effective. This benchmark demonstrates the effective
+ # slowdown that BCrypt provides:
#
# require "bcrypt"
# require "digest"
@@ -28,7 +32,9 @@ module CryptoProviders
# Sha512: 0.000000 0.000000 0.000000 ( 0.000829)
# Sha1: 0.000000 0.000000 0.000000 ( 0.000395)
#
- # You can play around with the cost to get that perfect balance between performance and security.
+ # You can play around with the cost to get that perfect balance
+ # between performance and security. A default cost of 10 is the
+ # best place to start.
#
# Decided BCrypt is for you? Just install the bcrypt gem:
#
View
13 lib/authlogic/crypto_providers/scrypt.rb
@@ -6,12 +6,13 @@
module Authlogic
module CryptoProviders
- # If you want a stronger hashing algorithm, but would prefer not to use BCrypt, SCrypt is another option.
- # SCrypt is newer and less popular (and so less-tested), but it's designed specifically to avoid a theoretical
- # hardware attack against BCrypt. Just as with BCrypt, you are sacrificing performance relative to SHA2 algorithms,
- # but the increased security may well be worth it. (That performance sacrifice is the exact reason it's much, much
- # harder for an attacker to brute-force your paswords).
- # Decided SCrypt is for you? Just install the bcrypt gem:
+ # SCrypt is the default provider for Authlogic. It is the only
+ # choice in the adaptive hash family that accounts for hardware
+ # based attacks by compensating with memory bound as well as cpu
+ # bound computational constraints. It offers the same guarantees
+ # as BCrypt in the way of one-way, unique and slow.
+ #
+ # Decided SCrypt is for you? Just install the scrypt gem:
#
# gem install scrypt
#
View
2  lib/authlogic/regex.rb
@@ -1,4 +1,4 @@
-# encoding: UTF-8
+#encoding: utf-8
module Authlogic
# This is a module the contains regular expressions used throughout Authlogic. The point of extracting
# them out into their own module is to make them easily available to you for other uses. Ex:
View
12 lib/authlogic/session/active_record_trickery.rb
@@ -61,7 +61,19 @@ module InstanceMethods
def new_record?
new_session?
end
+
+ def persisted?
+ !(new_record? || destroyed?)
+ end
+
+ def destroyed?
+ record.nil?
+ end
+ def to_key
+ new_record? ? nil : record.to_key
+ end
+
# For rails >= 3.0
def to_model
self
View
9 lib/authlogic/session/callbacks.rb
@@ -63,8 +63,13 @@ module Callbacks
def self.included(base) #:nodoc:
base.send :include, ActiveSupport::Callbacks
- base.define_callbacks *METHODS + [{:terminator => 'result == false'}]
- base.define_callbacks *['persist', {:terminator => 'result == true'}]
+ if ActiveSupport::VERSION::STRING >= '4.1'
+ base.define_callbacks *METHODS + [{:terminator => ->(target, result){ result == false } }]
+ base.define_callbacks *['persist', {:terminator => ->(target, result){ result == false } }]
+ else
+ base.define_callbacks *METHODS + [{:terminator => 'result == false'}]
+ base.define_callbacks *['persist', {:terminator => 'result == true'}]
+ end
# If Rails 3, support the new callback syntax
if base.singleton_class.method_defined?(:set_callback)
View
10 lib/authlogic/session/foundation.rb
@@ -58,15 +58,7 @@ def credentials=(values)
def inspect
"#<#{self.class.name}: #{credentials.blank? ? "no credentials provided" : credentials.inspect}>"
end
-
- def persisted?
- !(new_record? || destroyed?)
- end
-
- def to_key
- new_record? ? nil : [ self.send(self.class.primary_key) ]
- end
-
+
private
def build_key(last_part)
last_part
View
1  lib/authlogic/test_case.rb
@@ -117,4 +117,5 @@ def controller
end
::Test::Unit::TestCase.send(:include, TestCase) if defined?(::Test::Unit::TestCase)
+ ::MiniTest::Unit::TestCase.send(:include, TestCase) if defined?(::MiniTest::Unit::TestCase)
end
View
6 test/acts_as_authentic_test/logged_in_status_test.rb
@@ -36,9 +36,9 @@ def test_named_scope_logged_out
# test happens so fast that the test fails... I just don't know a better way to test it!
assert User.logged_in.where_values != User.logged_out.where_values, ERROR_MSG % '#logged_out'
- assert_equal 2, User.logged_out.count
+ assert_equal 3, User.logged_out.count
User.first.update_attribute(:last_request_at, Time.now)
- assert_equal 1, User.logged_out.count
+ assert_equal 2, User.logged_out.count
end
def test_logged_in_logged_out
@@ -50,4 +50,4 @@ def test_logged_in_logged_out
assert !u.logged_out?
end
end
-end
+end
View
23 test/acts_as_authentic_test/password_test.rb
@@ -84,7 +84,7 @@ def test_validates_length_of_password_confirmation_field_options_config
end
def test_crypto_provider_config
- assert_equal Authlogic::CryptoProviders::Sha512, User.crypto_provider
+ assert_equal Authlogic::CryptoProviders::SCrypt, User.crypto_provider
assert_equal Authlogic::CryptoProviders::AES256, Employee.crypto_provider
User.crypto_provider = Authlogic::CryptoProviders::BCrypt
@@ -111,7 +111,12 @@ def test_validates_length_of_password
u.password = "test"
assert !u.valid?
- assert u.errors[:password_confirmation].size == 0
+
+ if ActiveModel.respond_to?(:version) and ActiveModel.version.segments.first >= 4
+ assert u.errors[:password_confirmation].size == 5
+ else
+ assert u.errors[:password_confirmation].size == 0
+ end
end
def test_validates_confirmation_of_password
@@ -119,8 +124,12 @@ def test_validates_confirmation_of_password
u.password = "test"
u.password_confirmation = "test2"
assert !u.valid?
- assert u.errors[:password].size > 0
-
+# assert u.errors[:password].size > 0
+ if ActiveModel.respond_to?(:version) and ActiveModel.version.segments.first >= 4
+ assert u.errors[:password_confirmation].size > 0
+ else
+ assert u.errors[:password].size > 0
+ end
u.password_confirmation = "test"
assert !u.valid?
assert u.errors[:password].size == 0
@@ -166,10 +175,10 @@ def test_transitioning_password
end
def test_checks_password_against_database
- ben = users(:ben)
+ ben = users(:aaron)
ben.password = "new pass"
assert !ben.valid_password?("new pass")
- assert ben.valid_password?("benrocks")
+ assert ben.valid_password?("aaronrocks")
end
def test_checks_password_against_database_and_always_fails_on_new_records
@@ -233,4 +242,4 @@ def transition_password_to(crypto_provider, records, from_crypto_providers = Aut
end
end
end
-end
+end
View
14 test/fixtures/users.yml
@@ -21,4 +21,16 @@ zack:
single_access_token: <%= Authlogic::Random.friendly_token %>
email: zham@ziggityzack.com
first_name: Zack
- last_name: Ham
+ last_name: Ham
+
+aaron:
+ company: cigital
+ projects: web_services
+ login: abedra
+ crypted_password: <%= Authlogic::CryptoProviders::SCrypt.encrypt("aaronrocks") %>
+ persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
+ single_access_token: <%= Authlogic::Random.friendly_token %>
+ perishable_token: <%= Authlogic::Random.friendly_token %>
+ email: abedra@cigital.com
+ first_name: Aaron
+ last_name: Bedra
View
29 test/session_test/active_record_trickery_test.rb
@@ -28,7 +28,36 @@ def test_new_record
session = UserSession.new
assert session.new_record?
end
+
+ def test_to_key
+ ben = users(:ben)
+ session = UserSession.new(ben)
+ assert_nil session.to_key
+
+ session.save
+ assert_not_nil session.to_key
+ assert_equal ben.to_key, session.to_key
+ end
+
+ def test_persisted
+ session = UserSession.new(users(:ben))
+ assert ! session.persisted?
+
+ session.save
+ assert session.persisted?
+
+ session.destroy
+ assert ! session.persisted?
+ end
+ def test_destroyed?
+ session = UserSession.create(users(:ben))
+ assert ! session.destroyed?
+
+ session.destroy
+ assert session.destroyed?
+ end
+
def test_to_model
session = UserSession.new
assert_equal session, session.to_model
View
2  test/test_helper.rb
@@ -5,6 +5,7 @@
require "timecop"
require "i18n"
+
I18n.load_path << File.dirname(__FILE__) + '/i18n/lol.yml'
#ActiveRecord::Schema.verbose = false
@@ -14,6 +15,7 @@
ActiveRecord::Base.logger = logger
ActiveRecord::Base.configurations = true
+ActiveRecord::Base.default_timezone = :local
ActiveRecord::Schema.define(:version => 1) do
create_table :companies do |t|
t.datetime :created_at
Please sign in to comment.
Something went wrong with that request. Please try again.