Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Released 1.2.1

  • Loading branch information...
commit 4caccd0bafa21f84f26b28510ac086b7e9a6c61d 1 parent 4ed1d7f
Ben Johnson yourewelcome authored

Showing 29 changed files with 259 additions and 224 deletions. Show diff stats Hide diff stats

  1. +5 3 CHANGELOG.rdoc
  2. +4 4 Manifest
  3. +49 20 README.rdoc
  4. +0 1  Rakefile
  5. +3 3 lib/authlogic.rb
  6. +13 12 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb
  7. +0 73 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/password_reset.rb
  8. +75 0 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb
  9. +7 7 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb
  10. +1 1  lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb
  11. +2 2 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb
  12. +4 4 lib/authlogic/session/config.rb
  13. +2 2 lib/authlogic/session/cookies.rb
  14. +2 2 lib/authlogic/session/params.rb
  15. +0 17 lib/authlogic/session/password_reset.rb
  16. +18 0 lib/authlogic/session/perishability.rb
  17. +2 2 lib/authlogic/session/session.rb
  18. +1 1  lib/authlogic/version.rb
  19. +2 2 test/fixtures/employees.yml
  20. +3 3 test/fixtures/users.yml
  21. +3 3 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb
  22. +5 5 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb
  23. +0 40 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/password_reset_test.rb
  24. +41 0 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/perishability_test.rb
  25. +4 4 test/session_tests/base_test.rb
  26. +1 1  test/session_tests/cookies_test.rb
  27. +3 3 test/session_tests/{password_reset_test.rb → perishability_test.rb}
  28. +4 4 test/session_tests/session_test.rb
  29. +5 5 test/test_helper.rb
8 CHANGELOG.rdoc
Source Rendered
... ... @@ -1,7 +1,9 @@
1   -== 1.2.1 released 2008-11-16
  1 +== 1.2.1 released 2008-11-19
2 2
3   -* Added build method to authenticates_many association.
4   -* Added validation boolean configuration options for acts_as_authentic: validate_field, validate_login_field, validate_password_field, validate_email_field
  3 +* Added build method to authenticates_many association to act like AR association collections.
  4 +* Added validation boolean configuration options for acts_as_authentic: validate_field, validate_login_field, validate_password_field, validate_email_field. This turns on and off validations for their respective fields.
  5 +* Renamed all password_reset_token terms to perishable_token, including configuration, etc. I still allow for the old configurations so this will not break compatibility, but perishable token is a better name and can be used for account confirmation as well as a password reset token, or anything else you want.
  6 +* Renamed all remember_token instances to persistence_token, the term "remember token" doesn't really make sense. I still allow for the old configuration, so this will not break backwards compatibility: persistence_token fits better and makes more sense.
5 7
6 8 == 1.2.0 released 2008-11-16
7 9
8 Manifest
@@ -8,7 +8,7 @@ lib/authlogic/crypto_providers/sha512.rb
8 8 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb
9 9 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials.rb
10 10 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in.rb
11   -lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/password_reset.rb
  11 +lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb
12 12 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb
13 13 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb
14 14 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb
@@ -22,7 +22,7 @@ lib/authlogic/session/config.rb
22 22 lib/authlogic/session/cookies.rb
23 23 lib/authlogic/session/errors.rb
24 24 lib/authlogic/session/params.rb
25   -lib/authlogic/session/password_reset.rb
  25 +lib/authlogic/session/perishability.rb
26 26 lib/authlogic/session/scopes.rb
27 27 lib/authlogic/session/session.rb
28 28 lib/authlogic/version.rb
@@ -44,7 +44,7 @@ test/libs/ordered_hash.rb
44 44 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb
45 45 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb
46 46 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/logged_in_test.rb
47   -test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/password_reset_test.rb
  47 +test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/perishability_test.rb
48 48 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/persistence_test.rb
49 49 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/session_maintenance_test.rb
50 50 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/single_access_test.rb
@@ -55,7 +55,7 @@ test/session_tests/base_test.rb
55 55 test/session_tests/config_test.rb
56 56 test/session_tests/cookies_test.rb
57 57 test/session_tests/params_test.rb
58   -test/session_tests/password_reset_test.rb
  58 +test/session_tests/perishability_test.rb
59 59 test/session_tests/scopes_test.rb
60 60 test/session_tests/session_test.rb
61 61 test/test_helper.rb
69 README.rdoc
Source Rendered
@@ -32,6 +32,7 @@ What if your user sessions controller could look just like your other controller
32 32
33 33 def destroy
34 34 current_user_session.destroy
  35 + redirect_to new_user_session_url
35 36 end
36 37 end
37 38
@@ -109,9 +110,9 @@ The user model needs to have the following columns. The names of these columns c
109 110 t.string :login, :null => false
110 111 t.string :crypted_password, :null => false
111 112 t.string :password_salt, :null => false # not needed if you are encrypting your pw instead of using a hash algorithm.
112   - t.string :remember_token, :null => false
113   - t.string :single_access_token, :null => false # optional, see the single access section below.
114   - t.string :password_reset_token, :null => false # optional, see the password reset section below.
  113 + t.string :persistence_token, :null => false
  114 + t.string :single_access_token, :null => false # optional, see the tokens section below.
  115 + t.string :perishable_token, :null => false # optional, see the tokens section below.
115 116 t.integer :login_count # optional, this is a "magic" column, see the magic columns section below
116 117
117 118 === Set up your model
@@ -191,39 +192,67 @@ This will keep everything separate. The :secure session will store its info in a
191 192
192 193 For more information on ids checkout Authlogic::Session::Base#id
193 194
194   -== Resetting passwords
  195 +== Tokens (persistence, resetting passwords, private feed access, etc.)
195 196
196   -You may have noticed in the helpful links section is a tutorial on resetting password with Authlogic. I'm not going to repeat myself here, but I will touch on the basics, if you want more information please see the tutorial.
  197 +To start, let me define tokens as Authlogic sees it. A token is a form of credentials that grants some type of access to their account. Depending on the type of access, a different type of token may be needed. Put simply, it's a way for the user to say "I am this person, let me proceed". What types of different access you ask? Here are just a few:
197 198
198   -Just add the following field to your database:
  199 +1. Regular account access
  200 +2. Access to reset their password
  201 +3. Access to a private feed
  202 +4. Access to confirm their account
199 203
200   - t.string :password_reset_token, :null => false
  204 +There could be many more depending on your application. What's great about Authlogic is that it doesn't care what you do or how you want to grant access to accounts. That's up to you and your application. Authlogic just cares about the type of tokens you need. Instead of giving you a token for each specific task, it gives you all of the necessary *types* of tokens, and you get to use them how you wish. It maintains the tokens and gives you all of the tools you need to use them. Just add the fields to your database and you are good to go.
201 205
202   -Authlogic will notice this field and take care of maintaining it for you. You should use the value of this field to verify your user before they reset their password. There is a finder method you can use to find users with this token, I highly recommend using this method, as it adds in extra security checks to verify the user. See Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::PasswordReset for more information.
  206 +Here are the 3 tokens in more detail:
203 207
204   -== Single Access / Private Feeds Access
  208 +=== Persistence token
205 209
206   -Need to provide a single / one time access to an account where the session does NOT get persisted? Take a private feed for example, if everyone followed standards, basic http auth should work just fine, but since we live in a world where following standards is not a standard (\*cough\* Microsoft \*cough\*), the feed url needs to have some sort of "credentials" to log the user in and get their user specific feed items. This is easy, Authlogic has a nifty little feature for doing just this. All that you need to do is add the following field in your table:
  210 +This token is used to persist the user's session. This is the token that is stored in the session and the cookie, so that during each request the user stays logged in. What's unique about this token is that the first time it is used the value is stored in the session, thus persisting the session. This field is required and must be in your database.
  211 +
  212 +=== Single access token
  213 +
  214 +This token is used for single access only, it is not persisted. Meaning the user provides it, Authlogic grants them access, and that's it. If they want access again they need to provide the token again. Authlogic will *NEVER* store this value in the session or a cookie. Also, for added security, by default this token is *ONLY* allowed for RSS and ATOM requests. Lastly, this token does *NOT* change with the password. Meaning if the user changes their password, this token will remain the same. You can change all of this with configuration (see Authlogic::Session::config), so if you don't like how this works by default, just set some simple configuration in your session.
  215 +
  216 +This field is optional, if you want to use it just add the field to your database:
207 217
208 218 t.string :single_access_token, :null => false
209 219 # or call it feeds_token, feed_token, or whatever you want with configuration
210 220
211   -Authlogic will notice you have this and adjust accordingly. By default single_access_tokens can only be used to login for rss and atom request types.
  221 +This is great for private feed access. So your URL to that user's private feed could look something like:
  222 +
  223 + http://www.mydomain.com/account/feed.rss?single_access_token=4LiXF7FiGUppIPubBPey
  224 +
  225 +The single_access_token parameter name is configurable (see Authlogic::Session::Config), but if that parameter exists Authlogic will automatically use it to try and grant that user access. You don't have to do a thing: UserSession.find will take care of it just like it does for everything else.
  226 +
  227 +For more information see: Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::SingleAccess
  228 +
  229 +=== Perishable token
  230 +
  231 +This token is used for temporary account access, hence the term "perishable". This token is constantly changing, it changes...
  232 +
  233 +1. In a before_validation in your model, so basically every time the record is saved
  234 +2. Any time a new session is successfully saved (aka logged in)
  235 +
  236 +This is perfect for <b>resetting passwords</b> or <b>confirming accounts</b>. You email them a url with this token in it, and then use this token to find the record and perform your action.
  237 +
  238 +This field is optional, if you want to use it just add the field to your database:
  239 +
  240 + t.string :perishable_token, :null => false
  241 + # or call it password_reset_token, pw_reset_token, activation_token, or whatever you want with configuration
212 242
213   -To tailor how this works, you have the following configuration options:
  243 +Finding the record with this token couldn't be easier, Authlogic provides a special finder method that you can use. I highly recommend using it as it adds extra security:
214 244
215   -Session configuration (Authlogic::Session::Config)
  245 + User.find_using_perishable_token(token)
  246 + User.find_using_perishable_token(token, 20.minutes)
216 247
217   -1. params_key
218   -2. single_access_allowed_request_types
219   -3. single_access_token_field
  248 +That's all you need to do to locate the record. Here is what it does for extra security:
220 249
221   -Model configuration (Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Config)
  250 +1. Ignores blank tokens all together. If a blank token is passed nil will be returned.
  251 +2. It checks the age of the token, by default the threshold is 10 minutes, meaning if the token is older than 10 minutes, it is not valid and no record will be returned. You can change the default or just override it by passing the threshold as the second parameter. If you don't want a threshold at all, pass 0.
222 252
223   -1. single_access_token_field:
224   -2. change_single_access_token_with_password
  253 +For a detailed tutorial on how to reset password using this token see the helpful links section above.
225 254
226   -Please use this with care and make sure you warn your users that the URL you provide them is to remain private. Even if Billy 13 year old gets this URL and tries to log in, the only way he can login is through a GET or POST parameter with an rss or atom request. Billy can't create a cookie with this token and Billy wont have access to anything else on the site, unless you change the above configuration.
  255 +For more information see: Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Perishability
227 256
228 257 == Scoping
229 258
1  Rakefile
@@ -11,5 +11,4 @@ Echoe.new 'authlogic' do |p|
11 11 p.summary = "A clean, simple, and unobtrusive ruby authentication solution."
12 12 p.url = "http://github.com/binarylogic/authlogic"
13 13 p.dependencies = %w(activesupport)
14   - p.include_rakefile = true
15 14 end
6 lib/authlogic.rb
@@ -13,7 +13,7 @@
13 13 require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic"
14 14 require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/credentials"
15 15 require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/logged_in"
16   - require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/password_reset"
  16 + require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability"
17 17 require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence"
18 18 require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance"
19 19 require File.dirname(__FILE__) + "/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access"
@@ -28,7 +28,7 @@
28 28 require File.dirname(__FILE__) + "/authlogic/session/cookies"
29 29 require File.dirname(__FILE__) + "/authlogic/session/errors"
30 30 require File.dirname(__FILE__) + "/authlogic/session/params"
31   -require File.dirname(__FILE__) + "/authlogic/session/password_reset"
  31 +require File.dirname(__FILE__) + "/authlogic/session/perishability"
32 32 require File.dirname(__FILE__) + "/authlogic/session/session"
33 33 require File.dirname(__FILE__) + "/authlogic/session/scopes"
34 34 require File.dirname(__FILE__) + "/authlogic/session/base"
@@ -40,7 +40,7 @@ class Base
40 40 include Callbacks
41 41 include Cookies
42 42 include Params
43   - include PasswordReset
  43 + include Perishability
44 44 include Session
45 45 include Scopes
46 46 end
25 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/config.rb
@@ -77,17 +77,18 @@ module ActsAsAuthentic
77 77 # * <tt>password_salt_field</tt> - default: :password_salt, :pw_salt, or :salt, depending on which column is present, defaults to :password_salt if none are present,
78 78 # This is the name of the field in your database that stores your password salt.
79 79 #
80   - # * <tt>password_reset_token_field</tt> - default: :password_reset_token, :pw_reset_token, :reset_password_token, or :reset_pw_token, depending on which column is present, if none are present defaults to nil
81   - # This is the name of the field in your database that stores your password reset token. The token you should use to verify your users before you allow a password reset. Authlogic takes care
82   - # of maintaining this for you and making sure it changes when needed.
  80 + # * <tt>perishable_token_field</tt> - default: :perishable_token, :password_reset_token, :pw_reset_token, :reset_password_token, or :reset_pw_token, depending on which column is present, if none are present defaults to nil
  81 + # This is the name of the field in your database that stores your perishable token. The token you should use to confirm your users or allow a password reset. Authlogic takes care
  82 + # of maintaining this for you and making sure it changes when needed. Use this token for whatever you want, but keep in mind it is temporary, hence the term "perishable".
83 83 #
84   - # * <tt>password_reset_token_valid_for</tt> - default: 10.minutes,
85   - # Authlogic gives you a sepcial method for finding records by the password reset token (see Authlogic::ORMAdapters::ActiveRecordAdapter::ActcsAsAuthentic::PasswordReset). In this method
86   - # it checks for the age of the token. If the token is old than whatever you specify here, a user will NOT be returned. This way the tokens are perishable, thus making this system much
  84 + # * <tt>perishable_token_valid_for</tt> - default: 10.minutes,
  85 + # Authlogic gives you a sepcial method for finding records by the perishable token (see Authlogic::ORMAdapters::ActiveRecordAdapter::ActcsAsAuthentic::Perishability). In this method
  86 + # it checks for the age of the token. If the token is older than whatever you specify here, a record will NOT be returned. This way the tokens are perishable, thus making this system much
87 87 # more secure.
88 88 #
89   - # * <tt>remember_token_field</tt> - default: :remember_token, :remember_key, :cookie_tokien, or :cookie_key, depending on which column is present, defaults to :remember_token if none are present,
90   - # This is the name of the field your remember_token is stored. The remember token is a unique token that is stored in the users cookie and
  89 + # * <tt>persistence_field</tt> - default: :persistence_token, :remember_token, or :cookie_tokien, depending on which column is present,
  90 + # defaults to :persistence_token if none are present,
  91 + # This is the name of the field your persistence token is stored. The persistence token is a unique token that is stored in the users cookie and
91 92 # session. This way you have complete control of when sessions expire and you don't have to change passwords to expire sessions. This also
92 93 # ensures that stale sessions can not be persisted. By stale, I mean sessions that are logged in using an outdated password.
93 94 #
@@ -149,11 +150,11 @@ def acts_as_authentic_with_config(options = {})
149 150 options[:confirm_password_did_not_match_message] ||= "did not match"
150 151 options[:crypted_password_field] ||= first_column_to_exist(:crypted_password, :encrypted_password, :password_hash, :pw_hash)
151 152 options[:password_salt_field] ||= first_column_to_exist(:password_salt, :pw_salt, :salt)
152   - options[:remember_token_field] ||= first_column_to_exist(:remember_token, :remember_key, :cookie_token, :cookiey_key)
  153 + options[:persistence_token_field] ||= options[:remember_token_field] || first_column_to_exist(:persistence_token, :remember_token, :cookie_token)
153 154 options[:single_access_token_field] ||= first_column_to_exist(nil, :single_access_token, :feed_token, :feeds_token)
154   - options[:password_reset_token_field] ||= first_column_to_exist(nil, :password_reset_token, :pw_reset_token, :reset_password_token, :reset_pw_token)
155   - options[:password_reset_token_valid_for] ||= 10.minutes
156   - options[:password_reset_token_valid_for] = options[:password_reset_token_valid_for].to_i
  155 + options[:perishable_token_field] ||= options[:password_reset_token_field] || first_column_to_exist(nil, :perishable_token, :password_reset_token, :pw_reset_token, :reset_password_token, :reset_pw_token, :activation_token)
  156 + options[:perishable_token_valid_for] ||= 10.minutes
  157 + options[:perishable_token_valid_for] = options[:perishable_token_valid_for].to_i
157 158 options[:logged_in_timeout] ||= 10.minutes
158 159 options[:logged_in_timeout] = options[:logged_in_timeout].to_i
159 160 options[:session_ids] ||= [nil]
73 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/password_reset.rb
... ... @@ -1,73 +0,0 @@
1   -module Authlogic
2   - module ORMAdapters
3   - module ActiveRecordAdapter
4   - module ActsAsAuthentic
5   - # = Password Reset
6   - #
7   - # Handles all logic the deals with maintaining the password reset token. This token should be used to authenticate a user that is not logged in so that they
8   - # can change their password.
9   - #
10   - # === Class Methods
11   - #
12   - # * <tt>find_using_{options[:password_reset_token_field]}(token)</tt> - returns the record that matches the pased token. The record's updated at column must not be older than
13   - # {options[:password_reset_token_valid_for]} ago. Lastly, if a blank token is passed no record will be returned.
14   - #
15   - # === Instance Methods
16   - #
17   - # * <tt>reset_#{options[:password_reset_token_field]}</tt> - resets the password reset token field to a friendly unique token.
18   - # * <tt>reset_#{options[:password_reset_token_field]}!</tt> - same as above but saves the record afterwards.
19   - module PasswordReset
20   - def acts_as_authentic_with_password_reset(options = {})
21   - acts_as_authentic_without_password_reset(options)
22   -
23   - return if options[:password_reset_token_field].blank?
24   -
25   - class_eval <<-"end_eval", __FILE__, __LINE__
26   - validates_uniqueness_of :#{options[:password_reset_token_field]}
27   -
28   - before_validation :reset_#{options[:password_reset_token_field]}, :unless => :resetting_#{options[:password_reset_token_field]}?
29   -
30   - def self.find_using_#{options[:password_reset_token_field]}(token)
31   - return if token.blank?
32   -
33   - conditions_sql = "#{options[:password_reset_token_field]} = ?"
34   - conditions_subs = [token]
35   -
36   - if column_names.include?("updated_at") && #{options[:password_reset_token_valid_for]} > 0
37   - conditions_sql += " and updated_at > ?"
38   - conditions_subs << #{options[:password_reset_token_valid_for]}.seconds.ago
39   - end
40   -
41   - find(:first, :conditions => [conditions_sql, *conditions_subs])
42   - end
43   -
44   - def reset_#{options[:password_reset_token_field]}
45   - self.#{options[:password_reset_token_field]} = self.class.friendly_unique_token
46   - end
47   -
48   - def reset_#{options[:password_reset_token_field]}!
49   - reset_#{options[:password_reset_token_field]}
50   - @resetting_#{options[:password_reset_token_field]} = true
51   - result = save_without_session_maintenance
52   - @resetting_#{options[:password_reset_token_field]} = false
53   - result
54   - end
55   -
56   - private
57   - def resetting_#{options[:password_reset_token_field]}?
58   - @resetting_#{options[:password_reset_token_field]} == true
59   - end
60   - end_eval
61   - end
62   - end
63   - end
64   - end
65   - end
66   -end
67   -
68   -ActiveRecord::Base.class_eval do
69   - class << self
70   - include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::PasswordReset
71   - alias_method_chain :acts_as_authentic, :password_reset
72   - end
73   -end
75 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/perishability.rb
... ... @@ -0,0 +1,75 @@
  1 +module Authlogic
  2 + module ORMAdapters
  3 + module ActiveRecordAdapter
  4 + module ActsAsAuthentic
  5 + # = Perishable
  6 + #
  7 + # Handles all logic the deals with maintaining the perishable token. This token should be used to authenticate a user that is not logged in so that they
  8 + # can change their password, confirm their account, etc. Use it for whatever you want, but keep in mind this token is only temporary. Which
  9 + # is perfect for emailing, etc.
  10 + #
  11 + # === Class Methods
  12 + #
  13 + # * <tt>find_using_{options[:perishable_token_field]}(token, age = {options[:perishable_token_valid_for]})</tt> - returns the record that matches the pased token. The record's updated at column must not be older than
  14 + # {age} ago. Lastly, if a blank token is passed no record will be returned.
  15 + #
  16 + # === Instance Methods
  17 + #
  18 + # * <tt>reset_#{options[:perishable_token_field]}</tt> - resets the perishable token field to a friendly unique token.
  19 + # * <tt>reset_#{options[:perishable_token_field]}!</tt> - same as above but saves the record afterwards.
  20 + module Perishability
  21 + def acts_as_authentic_with_perishability(options = {})
  22 + acts_as_authentic_without_perishability(options)
  23 +
  24 + return if options[:perishable_token_field].blank?
  25 +
  26 + class_eval <<-"end_eval", __FILE__, __LINE__
  27 + validates_uniqueness_of :#{options[:perishable_token_field]}
  28 +
  29 + before_validation :reset_#{options[:perishable_token_field]}, :unless => :resetting_#{options[:perishable_token_field]}?
  30 +
  31 + def self.find_using_#{options[:perishable_token_field]}(token, age = #{options[:perishable_token_valid_for]})
  32 + return if token.blank?
  33 + age = age.to_i
  34 +
  35 + conditions_sql = "#{options[:perishable_token_field]} = ?"
  36 + conditions_subs = [token]
  37 +
  38 + if column_names.include?("updated_at") && age > 0
  39 + conditions_sql += " and updated_at > ?"
  40 + conditions_subs << age.seconds.ago
  41 + end
  42 +
  43 + find(:first, :conditions => [conditions_sql, *conditions_subs])
  44 + end
  45 +
  46 + def reset_#{options[:perishable_token_field]}
  47 + self.#{options[:perishable_token_field]} = self.class.friendly_unique_token
  48 + end
  49 +
  50 + def reset_#{options[:perishable_token_field]}!
  51 + reset_#{options[:perishable_token_field]}
  52 + @resetting_#{options[:perishable_token_field]} = true
  53 + result = save_without_session_maintenance
  54 + @resetting_#{options[:perishable_token_field]} = false
  55 + result
  56 + end
  57 +
  58 + private
  59 + def resetting_#{options[:perishable_token_field]}?
  60 + @resetting_#{options[:perishable_token_field]} == true
  61 + end
  62 + end_eval
  63 + end
  64 + end
  65 + end
  66 + end
  67 + end
  68 +end
  69 +
  70 +ActiveRecord::Base.class_eval do
  71 + class << self
  72 + include Authlogic::ORMAdapters::ActiveRecordAdapter::ActsAsAuthentic::Perishability
  73 + alias_method_chain :acts_as_authentic, :perishability
  74 + end
  75 +end
14 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/persistence.rb
@@ -8,21 +8,21 @@ module ActsAsAuthentic
8 8 #
9 9 # === Class Methods
10 10 #
11   - # * <tt>forget_all!</tt> - resets ALL records remember_token to a unique value, requiring all users to re-login
  11 + # * <tt>forget_all!</tt> - resets ALL records persistence_token to a unique value, requiring all users to re-login
12 12 # * <tt>unique_token</tt> - returns a pretty hardcore random token that is finally encrypted with a hash algorithm
13 13 #
14 14 # === Instance Methods
15 15 #
16   - # * <tt>forget!</tt> - resets the record's remember_token which requires them to re-login
  16 + # * <tt>forget!</tt> - resets the record's persistence_token which requires them to re-login
17 17 #
18 18 # === Alias Method Chains
19 19 #
20   - # * <tt>#{options[:password_field]}</tt> - adds in functionality to reset the remember token when the password is changed
  20 + # * <tt>#{options[:password_field]}</tt> - adds in functionality to reset the persistence token when the password is changed
21 21 module Persistence
22 22 def acts_as_authentic_with_persistence(options = {})
23 23 acts_as_authentic_without_persistence(options)
24 24
25   - validates_uniqueness_of options[:remember_token_field]
  25 + validates_uniqueness_of options[:persistence_token_field]
26 26
27 27 def forget_all!
28 28 # Paginate these to save on memory
@@ -37,19 +37,19 @@ def forget_all!
37 37
38 38 class_eval <<-"end_eval", __FILE__, __LINE__
39 39 def self.unique_token
40   - # The remember token should be a unique string that is not reversible, which is what a hash is all about
  40 + # The persistence token should be a unique string that is not reversible, which is what a hash is all about
41 41 # if you using encryption this defaults to Sha512.
42 42 token_class = #{options[:crypto_provider].respond_to?(:decrypt) ? Authlogic::CryptoProviders::Sha512 : options[:crypto_provider]}
43 43 token_class.encrypt(Time.now.to_s + (1..10).collect{ rand.to_s }.join)
44 44 end
45 45
46 46 def forget!
47   - self.#{options[:remember_token_field]} = self.class.unique_token
  47 + self.#{options[:persistence_token_field]} = self.class.unique_token
48 48 save_without_session_maintenance(false)
49 49 end
50 50
51 51 def #{options[:password_field]}_with_persistence=(value)
52   - self.#{options[:remember_token_field]} = self.class.unique_token
  52 + self.#{options[:persistence_token_field]} = self.class.unique_token
53 53 self.#{options[:password_field]}_without_persistence = value
54 54 end
55 55 alias_method_chain :#{options[:password_field]}=, :persistence
2  lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/session_maintenance.rb
@@ -30,7 +30,7 @@ def save_without_session_maintenance(*args)
30 30
31 31 protected
32 32 def update_sessions?
33   - !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{options[:remember_token_field]}_changed?
  33 + !@skip_session_maintenance && #{options[:session_class]}.activated? && !#{options[:session_ids].inspect}.blank? && #{options[:persistence_token_field]}_changed?
34 34 end
35 35
36 36 def get_session_information
4 lib/authlogic/orm_adapters/active_record_adapter/acts_as_authentic/single_access.rb
@@ -4,8 +4,8 @@ module ActiveRecordAdapter
4 4 module ActsAsAuthentic
5 5 # = Single Access
6 6 #
7   - # Instead of repeating myself here, checkout the README. There is a "Single Access" section in there that goes over this. Keep in mind none of this will be applied if there
8   - # is not a single_access_token field supplied in the database.
  7 + # Instead of repeating myself here, checkout the README. There is a "Tokens" section in there that goes over the single access token.
  8 + # Keep in mind none of this will be applied if there is not a single_access_token field supplied in the database.
9 9 #
10 10 # === Instance Methods
11 11 #
8 lib/authlogic/session/config.rb
@@ -389,8 +389,8 @@ def password_invalid_message
389 389 self.class.password_invalid_message
390 390 end
391 391
392   - def password_reset_token_field
393   - klass.acts_as_authentic_config[:password_reset_token_field]
  392 + def perishable_token_field
  393 + klass.acts_as_authentic_config[:perishable_token_field]
394 394 end
395 395
396 396 def remember_me_for
@@ -398,8 +398,8 @@ def remember_me_for
398 398 self.class.remember_me_for
399 399 end
400 400
401   - def remember_token_field
402   - klass.acts_as_authentic_config[:remember_token_field]
  401 + def persistence_token_field
  402 + klass.acts_as_authentic_config[:persistence_token_field]
403 403 end
404 404
405 405 def session_key
4 lib/authlogic/session/cookies.rb
@@ -12,7 +12,7 @@ def self.included(klass)
12 12 # Tries to validate the session from information in the cookie
13 13 def valid_cookie?
14 14 if cookie_credentials
15   - self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", cookie_credentials)
  15 + self.unauthorized_record = search_for_record("find_by_#{persistence_token_field}", cookie_credentials)
16 16 return valid?
17 17 end
18 18
@@ -26,7 +26,7 @@ def cookie_credentials
26 26
27 27 def save_cookie
28 28 controller.cookies[cookie_key] = {
29   - :value => record.send(remember_token_field),
  29 + :value => record.send(persistence_token_field),
30 30 :expires => remember_me_until
31 31 }
32 32 end
4 lib/authlogic/session/params.rb
@@ -7,8 +7,8 @@ module Session
7 7 #
8 8 # https://www.domain.com?user_credentials=[insert single access token here]
9 9 #
10   - # Wait, what is a single access token? It is all explained in the README. Checkout the "Single Access" section in the README. For security reasons, this type of authentication
11   - # is ONLY available via single access tokens, you can NOT pass your remember token.
  10 + # Wait, what is a single access token? It is all explained in the README. Checkout the "Tokens" section in the README, there is section about
  11 + # single access tokens. For security reasons, this type of authentication is ONLY available via single access tokens, you can NOT pass your persistence token.
12 12 module Params
13 13 # Tries to validate the session from information in the params token
14 14 def valid_params?
17 lib/authlogic/session/password_reset.rb
... ... @@ -1,17 +0,0 @@
1   -module Authlogic
2   - module Session
3   - # = Password Reset
4   - #
5   - # Provides utilities that assist in maintaining the password reset token. This module just resets the token after a session has been saved, just to keep changing it and add extra security.
6   - module PasswordReset
7   - def self.included(klass)
8   - klass.after_save :reset_password_reset_token!
9   - end
10   -
11   - private
12   - def reset_password_reset_token!
13   - record.send("reset_#{password_reset_token_field}!") if record.respond_to?("reset_#{password_reset_token_field}!")
14   - end
15   - end
16   - end
17   -end
18 lib/authlogic/session/perishability.rb
... ... @@ -0,0 +1,18 @@
  1 +module Authlogic
  2 + module Session
  3 + # = Perishability
  4 + #
  5 + # Maintains the perishable token, which is helpful for confirming records or authorizing records to reset their password. All that this
  6 + # module does is reset it after a session have been saved, just keep it changing. The more it changes, the tighter the security.
  7 + module Perishability
  8 + def self.included(klass)
  9 + klass.after_save :reset_perishable_token!
  10 + end
  11 +
  12 + private
  13 + def reset_perishable_token!
  14 + record.send("reset_#{perishable_token_field}!") if record.respond_to?("reset_#{perishable_token_field}!")
  15 + end
  16 + end
  17 + end
  18 +end
4 lib/authlogic/session/session.rb
@@ -13,7 +13,7 @@ def self.included(klass)
13 13 # Tries to validate the session from information in the session
14 14 def valid_session?
15 15 if session_credentials
16   - self.unauthorized_record = search_for_record("find_by_#{remember_token_field}", session_credentials)
  16 + self.unauthorized_record = search_for_record("find_by_#{persistence_token_field}", session_credentials)
17 17 return valid?
18 18 end
19 19
@@ -26,7 +26,7 @@ def session_credentials
26 26 end
27 27
28 28 def update_session!
29   - controller.session[session_key] = record && record.send(remember_token_field)
  29 + controller.session[session_key] = record && record.send(persistence_token_field)
30 30 end
31 31 end
32 32 end
2  lib/authlogic/version.rb
@@ -44,7 +44,7 @@ def to_a
44 44
45 45 MAJOR = 1
46 46 MINOR = 2
47   - TINY = 0
  47 + TINY = 1
48 48
49 49 # The current version as a Version instance
50 50 CURRENT = new(MAJOR, MINOR, TINY)
4 test/fixtures/employees.yml
@@ -3,7 +3,7 @@ drew:
3 3 email: dgainor@binarylogic.com
4 4 password_salt: <%= salt = Employee.unique_token %>
5 5 crypted_password: "<%= Employee.acts_as_authentic_config[:crypto_provider].encrypt("drewrocks" + salt) %>"
6   - remember_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
  6 + persistence_token: 5273d85ed156e9dbd6a7c1438d319ef8c8d41dd24368db6c222de11346c7b11e53ee08d45ecf619b1c1dc91233d22b372482b751b066d0a6f6f9bac42eacaabf
7 7 first_name: Drew
8 8 last_name: Gainor
9 9
@@ -12,6 +12,6 @@ jennifer:
12 12 email: jjohnson@logicoverdata.com
13 13 password_salt: <%= salt = Employee.unique_token %>
14 14 crypted_password: "<%= Employee.acts_as_authentic_config[:crypto_provider].encrypt("jenniferocks" + salt) %>"
15   - remember_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
  15 + persistence_token: 2be52a8f741ad00056e6f94eb6844d5316527206da7a3a5e3d0e14d19499ef9fe4c47c89b87febb59a2b41a69edfb4733b6b79302040f3de83f297c6991c75a2
16 16 first_name: Jennifer
17 17 last_name: Johnson
6 test/fixtures/users.yml
@@ -4,9 +4,9 @@ ben:
4 4 login: bjohnson
5 5 password_salt: <%= salt = User.unique_token %>
6 6 crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("benrocks" + salt) %>
7   - remember_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
  7 + persistence_token: 6cde0674657a8a313ce952df979de2830309aa4c11ca65805dd00bfdc65dbcc2f5e36718660a1d2e68c1a08c276d996763985d2f06fd3d076eb7bc4d97b1e317
8 8 single_access_token: <%= User.friendly_unique_token %>
9   - password_reset_token: <%= User.friendly_unique_token %>
  9 + perishable_token: <%= User.friendly_unique_token %>
10 10 email: bjohnson@binarylogic.com
11 11 first_name: Ben
12 12 last_name: Johnson
@@ -17,7 +17,7 @@ zack:
17 17 login: zham
18 18 password_salt: <%= salt = User.unique_token %>
19 19 crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("zackrocks" + salt) %>
20   - remember_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
  20 + persistence_token: fd3c2d5ce09ab98e7547d21f1b3dcf9158a9a19b5d3022c0402f32ae197019fce3fdbc6614d7ee57d719bae53bb089e30edc9e5d6153e5bc3afca0ac1d320342
21 21 single_access_token: <%= User.friendly_unique_token %>
22 22 email: zham@ziggityzack.com
23 23 first_name: Zack
6 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/config_test.rb
@@ -17,12 +17,12 @@ def test_acts_as_authentic_config
17 17 :login_field_regex => /\A\w[\w\.\-_@ ]+\z/,
18 18 :session_ids => [nil],
19 19 :login_field_regex_failed_message => "use only letters, numbers, spaces, and .-_@ please.",
20   - :remember_token_field => :remember_token,
  20 + :persistence_token_field => :persistence_token,
21 21 :password_field => :password,
22 22 :logged_in_timeout => 600,
23 23 :password_salt_field => :password_salt,
24   - :password_reset_token_valid_for => 600,
25   - :password_reset_token_field => :password_reset_token,
  24 + :perishable_token_valid_for => 600,
  25 + :perishable_token_field => :perishable_token,
26 26 :login_field_type => :login,
27 27 :crypto_provider => Authlogic::CryptoProviders::Sha512,
28 28 :password_blank_message => "can not be blank",
10 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/credentials_test.rb
@@ -94,14 +94,14 @@ def test_password
94 94 user.password = "sillywilly"
95 95 assert user.crypted_password
96 96 assert user.password_salt
97   - assert user.remember_token
  97 + assert user.persistence_token
98 98 assert_equal true, user.tried_to_set_password
99 99 assert_nil user.password
100 100
101 101 employee = Employee.new
102 102 employee.password = "awesome"
103 103 assert employee.crypted_password
104   - assert employee.remember_token
  104 + assert employee.persistence_token
105 105 assert_equal true, employee.tried_to_set_password
106 106 assert_nil employee.password
107 107 end
@@ -123,18 +123,18 @@ def test_reset_password
123 123
124 124 old_password = ben.crypted_password
125 125 old_salt = ben.password_salt
126   - old_remember_token = ben.remember_token
  126 + old_persistence_token = ben.persistence_token
127 127 ben.reset_password
128 128 assert_not_equal old_password, ben.crypted_password
129 129 assert_not_equal old_salt, ben.password_salt
130   - assert_not_equal old_remember_token, ben.remember_token
  130 + assert_not_equal old_persistence_token, ben.persistence_token
131 131 assert UserSession.find
132 132
133 133 ben.reset_password!
134 134 ben.reload
135 135 assert_not_equal old_password, ben.crypted_password
136 136 assert_not_equal old_salt, ben.password_salt
137   - assert_not_equal old_remember_token, ben.remember_token
  137 + assert_not_equal old_persistence_token, ben.persistence_token
138 138 assert !UserSession.find
139 139 end
140 140 end
40 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/password_reset_test.rb
... ... @@ -1,40 +0,0 @@
1   -require File.dirname(__FILE__) + '/../../../test_helper.rb'
2   -
3   -module ORMAdaptersTests
4   - module ActiveRecordAdapterTests
5   - module ActsAsAuthenticTests
6   - class PasswordResetTest < ActiveSupport::TestCase
7   - def test_before_validation
8   - ben = users(:ben)
9   - old_password_reset_token = ben.password_reset_token
10   - assert ben.valid?
11   - assert_not_equal old_password_reset_token, ben.password_reset_token
12   - ben.reload
13   - assert_equal old_password_reset_token, ben.password_reset_token
14   - assert ben.save
15   - assert_not_equal old_password_reset_token, ben.password_reset_token
16   - end
17   -
18   - def test_find_using_password_reset_token
19   - ben = users(:ben)
20   - assert_nil User.find_using_password_reset_token("")
21   - assert_equal ben, User.find_using_password_reset_token(ben.password_reset_token)
22   - assert ben.class.connection.execute("update users set updated_at = '#{10.minutes.ago.to_s(:db)}' where id = '#{ben.id}';")
23   - assert_nil User.find_using_password_reset_token(ben.password_reset_token)
24   - end
25   -
26   - def test_reset_password_reset_token
27   - ben = users(:ben)
28   - old_password_reset_token = ben.password_reset_token
29   - ben.reset_password_reset_token
30   - assert_not_equal old_password_reset_token, ben.password_reset_token
31   - ben.reload
32   - assert_equal old_password_reset_token, ben.password_reset_token
33   - ben.reset_password_reset_token!
34   - ben.reload
35   - assert_not_equal old_password_reset_token, ben.password_reset_token
36   - end
37   - end
38   - end
39   - end
40   -end
41 test/orm_adapters_tests/active_record_adapter_tests/acts_as_authentic_tests/perishability_test.rb
... ... @@ -0,0 +1,41 @@
  1 +require File.dirname(__FILE__) + '/../../../test_helper.rb'
  2 +
  3 +module ORMAdaptersTests
  4 + module ActiveRecordAdapterTests
  5 + module ActsAsAuthenticTests
  6 + class PerishabilityTest < ActiveSupport::TestCase
  7 + def test_before_validation
  8 + ben = users(:ben)
  9 + old_perishable_token = ben.perishable_token
  10 + assert ben.valid?
  11 + assert_not_equal old_perishable_token, ben.perishable_token
  12 + ben.reload
  13 + assert_equal old_perishable_token, ben.perishable_token
  14 + assert ben.save
  15 + assert_not_equal old_perishable_token, ben.perishable_token
  16 + end
  17 +
  18 + def test_find_using_perishable_token
  19 + ben = users(:ben)
  20 + assert_nil User.find_using_perishable_token("")
  21 + assert_equal ben, User.find_using_perishable_token(ben.perishable_token)
  22 + assert ben.class.connection.execute("update users set updated_at = '#{10.minutes.ago.to_s(:db)}' where id = '#{ben.id}';")
  23 + assert_nil User.find_using_perishable_token(ben.perishable_token)
  24 + assert_equal ben, User.find_using_perishable_token(ben.perishable_token, 20.minutes)
  25 + end
  26 +
  27 + def test_reset_perishable_token
  28 + ben = users(:ben)
  29 + old_perishable_token = ben.perishable_token
  30 + ben.reset_perishable_token
  31 + assert_not_equal old_perishable_token, ben.perishable_token
  32 + ben.reload
  33 + assert_equal old_perishable_token, ben.perishable_token
  34 + ben.reset_perishable_token!
  35 + ben.reload
  36 + assert_not_equal old_perishable_token, ben.perishable_token
  37 + end
  38 + end
  39 + end
  40 + end
  41 +end
8 test/session_tests/base_test.rb
@@ -55,10 +55,10 @@ def test_find
55 55
56 56 assert UserSession.find
57 57 last_request_at = ben.reload.last_request_at
58   - sleep(1)
  58 + sleep(1.1)
59 59 assert UserSession.find
60 60 assert_equal last_request_at, ben.reload.last_request_at
61   - sleep(1)
  61 + sleep(1.1)
62 62 assert UserSession.find
63 63 assert_not_equal last_request_at, ben.reload.last_request_at
64 64
@@ -157,10 +157,10 @@ def test_id
157 157
158 158 def test_inspect
159 159 session = UserSession.new
160   - assert_equal "#<UserSession {:login=>nil, :password=>\"<protected>\"}>", session.inspect
  160 + assert_equal "#<UserSession #{{:login=>nil, :password=>"<protected>"}.inspect}>", session.inspect
161 161 session.login = "login"
162 162 session.password = "pass"
163   - assert "#<UserSession {:login=>\"login\", :password=>\"<protected>\"}>" == session.inspect || "#<UserSession {:password=>\"<protected>\", :login=>\"login\"}>" == session.inspect
  163 + assert "#<UserSession #{{:login=>"login", :password=>"<protected>"}.inspect}>" == session.inspect
164 164 end
165 165
166 166 def test_new_session
2  test/session_tests/cookies_test.rb
@@ -17,7 +17,7 @@ def test_save
17 17 ben = users(:ben)
18 18 session = UserSession.new(ben)
19 19 assert session.save
20   - assert_equal ben.remember_token, @controller.cookies["user_credentials"]
  20 + assert_equal ben.persistence_token, @controller.cookies["user_credentials"]
21 21 end
22 22
23 23 def test_destroy
6 test/session_tests/password_reset_test.rb → test/session_tests/perishability_test.rb
... ... @@ -1,12 +1,12 @@
1 1 require File.dirname(__FILE__) + '/../test_helper.rb'
2 2
3 3 module SessionTests
4   - class PasswordResetTest < ActiveSupport::TestCase
  4 + class PerishabilityTest < ActiveSupport::TestCase
5 5 def test_after_save
6 6 ben = users(:ben)
7   - old_password_reset_token = ben.password_reset_token
  7 + old_perishable_token = ben.perishable_token
8 8 session = UserSession.create(ben)
9   - assert_not_equal old_password_reset_token, ben.password_reset_token
  9 + assert_not_equal old_perishable_token, ben.perishable_token
10 10
11 11 drew = employees(:drew)
12 12 assert UserSession.create(drew)
8 test/session_tests/session_test.rb
@@ -12,7 +12,7 @@ def test_valid_session
12 12 assert session.valid_session?
13 13 assert session.find_record
14 14 assert_equal ben, session.record
15   - assert_equal ben.remember_token, @controller.session["user_credentials"]
  15 + assert_equal ben.persistence_token, @controller.session["user_credentials"]
16 16 assert_equal ben, session.unauthorized_record
17 17 assert !session.new_session?
18 18 end
@@ -22,13 +22,13 @@ def test_save
22 22 session = UserSession.new(ben)
23 23 assert @controller.session["user_credentials"].blank?
24 24 assert session.save
25   - assert_equal ben.remember_token, @controller.session["user_credentials"]
  25 + assert_equal ben.persistence_token, @controller.session["user_credentials"]
26 26 end
27 27
28 28 def test_destroy
29 29 ben = users(:ben)
30 30 set_session_for(ben)
31   - assert_equal ben.remember_token, @controller.session["user_credentials"]
  31 + assert_equal ben.persistence_token, @controller.session["user_credentials"]
32 32 session = UserSession.find
33 33 assert session.destroy
34 34 assert @controller.session["user_credentials"].blank?
@@ -39,7 +39,7 @@ def test_find
39 39 set_cookie_for(ben)
40 40 assert @controller.session["user_credentials"].blank?
41 41 assert UserSession.find
42   - assert_equal ben.remember_token, @controller.session["user_credentials"]
  42 + assert_equal ben.persistence_token, @controller.session["user_credentials"]
43 43 end
44 44 end
45 45 end
10 test/test_helper.rb
@@ -38,9 +38,9 @@
38 38 t.string :login
39 39 t.string :crypted_password
40 40 t.string :password_salt
41   - t.string :remember_token
  41 + t.string :persistence_token
42 42 t.string :single_access_token
43   - t.string :password_reset_token
  43 + t.string :perishable_token
44 44 t.string :email
45 45 t.string :first_name
46 46 t.string :last_name
@@ -59,7 +59,7 @@
59 59 t.string :email
60 60 t.string :crypted_password
61 61 t.string :password_salt
62   - t.string :remember_token
  62 + t.string :persistence_token
63 63 t.string :first_name
64 64 t.string :last_name
65 65 t.integer :login_count
@@ -132,7 +132,7 @@ def http_basic_auth_for(user = nil, &block)
132 132 end
133 133
134 134 def set_cookie_for(user, id = nil)
135   - @controller.cookies["user_credentials"] = {:value => user.remember_token, :expires => nil}
  135 + @controller.cookies["user_credentials"] = {:value => user.persistence_token, :expires => nil}
136 136 end
137 137
138 138 def unset_cookie
@@ -156,7 +156,7 @@ def unset_request_content_type
156 156 end
157 157
158 158 def set_session_for(user, id = nil)
159   - @controller.session["user_credentials"] = user.remember_token
  159 + @controller.session["user_credentials"] = user.persistence_token
160 160 end
161 161
162 162 def unset_session

0 comments on commit 4caccd0

Please sign in to comment.
Something went wrong with that request. Please try again.