Skip to content
This repository
Browse code

* Use MockCookieJar in tests instead of a Hash.

  • Loading branch information...
commit ee1f49b2451071aae05147aa2d4bc3de5197c614 1 parent 0fb89ea
Ben Johnson yourewelcome authored
1  CHANGELOG.rdoc
Source Rendered
@@ -4,6 +4,7 @@
4 4 * Update email regular expression to be less TLD specific: (?:[A-Z]{2,4}|museum|travel)
5 5 * Update shoulda macro for 2.0
6 6 * validates_length_of_password_confirmation_field_options defaults to validates_confirmation_of_password_field_options
  7 +* Use MockCookieJar in tests instead of a Hash.
7 8
8 9 == 2.0.5 released 2009-3-30
9 10
15 README.rdoc
Source Rendered
@@ -2,11 +2,11 @@
2 2
3 3 Authlogic is a clean, simple, and unobtrusive ruby authentication solution.
4 4
5   -What inspired me to create Authlogic was the messiness of the current authentication solutions. Put simply, they just didn't feel right. They felt wrong because the logic was not organized properly. As you may know, a common misconception with the MVC design pattern is that the model "M" is only for data access logic, which is wrong. A model is a place for domain logic. This is why the RESTful design pattern and the current authentication solutions don't play nice. Authlogic solves this by placing the session maintenance logic into its own domain (aka "model"). Moving session maintenance into its own domain has its benefits:
  5 +What inspired me to create Authlogic was the messiness of the current authentication solutions. Put simply, they just didn't feel right, because the logic was not organized properly. As you may know, a common misconception with the MVC design pattern is that the model "M" is only for data access logic, which is wrong. A model is a place for domain logic. This is why the RESTful design pattern and the current authentication solutions don't play nice. Authlogic solves this by placing the session maintenance logic into its own domain (aka "model"). Moving session maintenance into its own domain has its benefits:
6 6
7   -1. It's easier to update and stay current with the latest security practices. Since authlogic sits in between you and your session it can assist in keeping your security top notch. Such as upgrading your hashing algorithm, helping you transition to a new algorithm, etc. Also, Authlogic is a gem, which means you get all of these benefits easily, through a rubygems update.
  7 +1. It's easier to update and stay current with the latest security practices. Since authlogic sits in between you and your session it can assist in keeping your security up to date. For example: upgrading your hashing algorithm, helping you transition to a new algorithm, etc. Since all of this logic is in the Authlogic library, staying up to date is as easy as updating the library.
8 8 2. It ties everything together on the domain level. Take a new user registration for example, no reason to manually log the user in, authlogic handles this for you via callbacks. The same applies to a user changing their password. Authlogic handles maintaining the session for you.
9   -3. Your application can stay clean and focused and free of redundant authentication code from app to app. Meaning generators are *NOT* necessary at all.
  9 +3. Your application can stay clean, focused, and free of redundant authentication code from app to app. Meaning generators are *NOT* necessary. Not any more neccessary than any other control
10 10 4. A byproduct of #3 is that you don't have to test the same code over and over in each of your apps. You don't test the internals of ActiveRecord in each of your apps, so why would you test the internals of Authlogic? It's already been thoroughly tested for you. Focus on your application, and get rid of the noise by testing your application specific code and not generated code that you didn't write.
11 11 5. You get to write your own code, just like you do for any other model. Meaning the code you write is specific to your application, the way you want it, and more importantly you understand it.
12 12 6. You are not restricted to a single session. Think about Apple's me.com, where they need you to authenticate a second time before changing your billing information. Why not just create a second session for this? It works just like your initial session. Then your billing controller can require an "ultra secure" session.
@@ -16,7 +16,6 @@ Authlogic can do all of this and much more, keep reading to see...
16 16 == Helpful links
17 17
18 18 * <b>Documentation:</b> http://authlogic.rubyforge.org
19   -* <b>Official Authlogic OpenID addon:</b> http://github.com/binarylogic/authlogic_openid
20 19 * <b>Live example with OpenID & source code:</b> http://authlogicexample.binarylogic.com
21 20 * <b>Tutorial: Authlogic basic setup:</b> http://www.binarylogic.com/2008/11/3/tutorial-authlogic-basic-setup
22 21 * <b>Tutorial: Reset passwords with Authlogic the RESTful way:</b> http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic
@@ -26,7 +25,13 @@ Authlogic can do all of this and much more, keep reading to see...
26 25 * <b>Google group:</b> http://groups.google.com/group/authlogic
27 26
28 27 **Before contacting me, please read:**
29   -If you find a bug or a problem please post it on lighthouse. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. Please do not email me directly, with issues regarding Authlogic.
  28 +If you find a bug or a problem please post it on lighthouse. If you need help with something, please use google groups. I check both regularly and get emails when anything happens, so that is the best place to get help. Please do not email me directly with issues regarding Authlogic.
  29 +
  30 +== Authlogic "add on" directory
  31 +
  32 +* <b>Authlogic OpenID addon:</b> http://github.com/binarylogic/authlogic_openid
  33 +
  34 +If you create one of your own, please let me know about it so I can add it to this list.
30 35
31 36 == Documentation
32 37
10 lib/authlogic/session/cookies.rb
@@ -98,13 +98,15 @@ def cookie_key
98 98 end
99 99
100 100 def cookie_credentials
101   - controller.cookies[cookie_key]
  101 + controller.cookies[cookie_key] && controller.cookies[cookie_key].split("::")
102 102 end
103 103
104 104 # Tries to validate the session from information in the cookie
105 105 def persist_by_cookie
106   - if cookie_credentials
107   - self.unauthorized_record = search_for_record("find_by_persistence_token", cookie_credentials)
  106 + persistence_token, record_id = cookie_credentials
  107 + if !persistence_token.nil?
  108 + record = record_id.nil? ? search_for_record("find_by_persistence_token", persistence_token) : search_for_record("find_by_#{klass.primary_key}", record_id)
  109 + self.unauthorized_record = record if record && record.persistence_token == persistence_token
108 110 valid?
109 111 else
110 112 false
@@ -113,7 +115,7 @@ def persist_by_cookie
113 115
114 116 def save_cookie
115 117 controller.cookies[cookie_key] = {
116   - :value => record.persistence_token,
  118 + :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
117 119 :expires => remember_me_until,
118 120 :domain => controller.cookie_domain
119 121 }
2  lib/authlogic/session/session.rb
@@ -49,7 +49,7 @@ def session_credentials
49 49 def session_key
50 50 build_key(self.class.session_key)
51 51 end
52   -
  52 +
53 53 def update_session
54 54 controller.session[session_key] = record && record.persistence_token
55 55 controller.session["#{session_key}_#{klass.primary_key}"] = record && record.send(record.class.primary_key)
2  lib/authlogic/test_case/controller_adapter.rb
@@ -7,7 +7,7 @@ def authenticate_with_http_basic(&block)
7 7 end
8 8
9 9 def cookies
10   - new_cookies = {}
  10 + new_cookies = MockCookieJar.new
11 11 super.each do |key, value|
12 12 new_cookies[key] = value[:value]
13 13 end

0 comments on commit ee1f49b

Please sign in to comment.
Something went wrong with that request. Please try again.