…(the run_callback block serves different purpose). Also fixes an http_auth test that wasn't caught b/c of the callback bug (reset the persisted session when testing http auth multiple times).
…ame instead of the klass name. So that we don't have to change cookie keys if we have multiple session models authenticating with the same model.
Added docs Signed-off-by: Ben Johnson <email@example.com>
…nstead of a boolean
…e errors[key] instead.
…tials_error_messages. Brute force protection was looking to see if there were password errors, which generalize_credentials_error_messages was obfuscating. This is all fixed now though thanks to a handy article on Microsoft ( http://support.microsoft.com/kb/168702 ), method #2, it works every time.
…s for the Authlogic::Session::Password module. This allows you to generalize your login / password errors messages as to not reveal was the problem was when authenticating. If enabled, when an invalid login is supplied it will use the same exact error message when an invalid password is supplied.
…e existence of a standard username and password before enabling itself.
…m case insensitive searches for databases that are case sensitive by default. This is only done if the :case_insensitive option for validates_uniqueness_of_login_field_options or validates_uniqueness_of_email_field_options is set to false. Which, as of this version, it is.
… address in tests.
… avoid the need to use sessions since sessions are lazily loaded in rails 2.3+ * Add configuration option for Authlogic::ActsAsAuthentic: ignore_blank_passwords
…tCase. Testing Authlogic is much easier now. Please see Authlogic::TestCase for more info.
…gate to the associated model.
…ersistence try would fail.
…exceed and the failed_login_ban_for has passed.