fix conflicts from merge

Author: binarylogic

lib/authlogic/acts_as_authentic/email.rb

@@ -62,7 +62,7 @@ def merge_validates_length_of_email_field_options(options = {})
         # merge options into it. Checkout the convenience function merge_validates_format_of_email_field_options to merge
         # options.</b>
         #
-        # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => lambda {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
+        # * <tt>Default:</tt> {:with => Authlogic::Regex.email, :message => Proc.new {I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}}
         # * <tt>Accepts:</tt> Hash of options accepted by validates_format_of
         def validates_format_of_email_field_options(value = nil)
           rw_config(:validates_format_of_email_field_options, value, {:with => Authlogic::Regex.email, :message => Proc.new{I18n.t('error_messages.email_invalid', :default => "should look like an email address.")}})

lib/authlogic/acts_as_authentic/login.rb

@@ -90,21 +90,19 @@ def merge_validates_uniqueness_of_login_field_options(options = {})
         end
 
         # This method allows you to find a record with the given login. If you notice, with Active Record you have the
-        # validates_uniqueness_of validation function. They give you a :case_sensitive option. I handle this in the same
-        # manner that they handle that. If you are using the login field and set false for the :case_sensitive option in
-        # validates_uniqueness_of_login_field_options this method will modify the query to look something like:
+        # UniquenessValidator class. They give you a :case_sensitive option. I handle this in the same
+        # manner that they handle that. If you are using the login field, set false for the :case_sensitive option in
+        # validates_uniqueness_of_login_field_options and the column doesn't have a case-insensitive collation,
+        # this method will modify the query to look something like:
         #
-        #   where("LOWER(#{quoted_table_name}.#{login_field}) = ?", login.downcase).first
+        #   "LOWER(#{quoted_table_name}.#{login_field}) = LOWER(#{login})"
         #
-        # If you don't specify this it calls the good old find_by_* method:
+        # If you don't specify this it just uses a regular case-sensitive search (with the binary modifier if necessary):
         #
-        #   find_by_login(login)
+        #   "BINARY #{login_field} = #{login}"
         #
         # The above also applies for using email as your login, except that you need to set the :case_sensitive in
         # validates_uniqueness_of_email_field_options to false.
-        #
-        # The only reason I need to do the above is for Postgres and SQLite since they perform case sensitive searches with the
-        # find_by_* methods.
         def find_by_smart_case_login_field(login)
           if login_field
             find_with_case(login_field, login, validates_uniqueness_of_login_field_options[:case_sensitive] != false)
@@ -115,11 +113,14 @@ def find_by_smart_case_login_field(login)
 
         private
           def find_with_case(field, value, sensitivity = true)
-            if sensitivity
-              send("find_by_#{field}", value)
+            relation = if not sensitivity
+              connection.case_insensitive_comparison(arel_table, field.to_s, columns_hash[field.to_s], value)
             else
-              where("LOWER(#{quoted_table_name}.#{field}) = ?", value.mb_chars.downcase).first
+              value    = connection.case_sensitive_modifier(value) if value
+              relation = arel_table[field.to_s].eq(value)
             end
+
+            where(relation).first
           end
       end
 

lib/authlogic/acts_as_authentic/perishable_token.rb

@@ -52,7 +52,7 @@ def self.included(klass)
 
         # Class level methods for the perishable token
         module ClassMethods
-          # Use this methdo to find a record with a perishable token. This method does 2 things for you:
+          # Use this method to find a record with a perishable token. This method does 2 things for you:
           #
           # 1. It ignores blank tokens
           # 2. It enforces the perishable_token_valid_for configuration option.

lib/authlogic/controller_adapters/rack_adapter.rb

@@ -0,0 +1,63 @@
+module Authlogic
+  module ControllerAdapters
+    # Adapter for authlogic to make it function as a Rack middleware.
+    # First you'll have write your own Rack adapter where you have to set your cookie domain.
+    #
+    #     class YourRackAdapter < Authlogic::ControllerAdapters::RackAdapter
+    #       def cookie_domain
+    #         'your_cookie_domain_here.com'
+    #       end
+    #     end
+    #
+    # Next you need to set up a rack middleware like this:
+    #
+    #     class AuthlogicMiddleware
+    #       def initialize(app)
+    #         @app = app
+    #       end
+    #
+    #       def call(env)
+    #         YourRackAdapter.new(env)
+    #         @app.call(env)
+    #       end
+    #     end
+    #
+    # And that is all! Now just load this middleware into rack:
+    #
+    #     use AuthlogicMiddleware
+    #
+    # Authlogic will expect a User and a UserSession object to be present:
+    #
+    #     class UserSession < Authlogic::Session::Base
+    #       # Authlogic options go here
+    #     end
+    #
+    #     class User < ActiveRecord::Base
+    #       acts_as_authentic
+    #     end
+    #
+    class RackAdapter < AbstractAdapter
+
+      def initialize(env)
+        # We use the Rack::Request object as the controller object.
+        # For this to work, we have to add some glue.
+        request = Rack::Request.new(env)
+
+        request.instance_eval do
+          def request; self; end
+          def remote_ip; self.ip; end
+        end
+
+        super(request)
+        Authlogic::Session::Base.controller = self
+      end
+
+      # Rack Requests stores cookies with not just the value, but also with flags and expire information in the hash.
+      # Authlogic does not like this, so we drop everything except the cookie value
+      def cookies
+        controller.cookies.map{|key, value_hash| {key => value_hash[:value]} }.inject(:merge) || {}
+      end
+    end
+  end
+
+end

lib/authlogic/crypto_providers/bcrypt.rb

@@ -17,16 +17,16 @@ module CryptoProviders
     #
     #   Benchmark.bm(18) do |x|
     #     x.report("BCrypt (cost = 10:") { 100.times { BCrypt::Password.create("mypass", :cost => 10) } }
-    #     x.report("BCrypt (cost = 2:") { 100.times { BCrypt::Password.create("mypass", :cost => 2) } }
+    #     x.report("BCrypt (cost = 4:") { 100.times { BCrypt::Password.create("mypass", :cost => 4) } }
     #     x.report("Sha512:") { 100.times { Digest::SHA512.hexdigest("mypass") } }
     #     x.report("Sha1:") { 100.times { Digest::SHA1.hexdigest("mypass") } }
     #   end
     #
-    #                           user     system      total        real
-    #   BCrypt (cost = 10): 10.780000   0.060000  10.840000 ( 11.100289)
-    #   BCrypt (cost = 2):  0.180000   0.000000   0.180000 (  0.181914)
-    #   Sha512:             0.000000   0.000000   0.000000 (  0.000829)
-    #   Sha1:               0.000000   0.000000   0.000000 (  0.000395)
+    #                            user     system      total        real
+    #   BCrypt (cost = 10):  37.360000   0.020000  37.380000 ( 37.558943)
+    #   BCrypt (cost = 4):    0.680000   0.000000   0.680000 (  0.677460)
+    #   Sha512:               0.000000   0.000000   0.000000 (  0.000672)
+    #   Sha1:                 0.000000   0.000000   0.000000 (  0.000454)
     #
     # You can play around with the cost to get that perfect balance
     # between performance and security. A default cost of 10 is the
@@ -46,11 +46,17 @@ module CryptoProviders
     class BCrypt
       class << self
         # This is the :cost option for the BCrpyt library. The higher the cost the more secure it is and the longer is take the generate a hash. By default this is 10.
-        # Set this to whatever you want, play around with it to get that perfect balance between security and performance.
+        # Set this to any value >= the engine's minimum (currently 4), play around with it to get that perfect balance between security and performance.
         def cost
           @cost ||= 10
         end
-        attr_writer :cost
+
+        def cost=(val)
+          if val < ::BCrypt::Engine::MIN_COST
+            raise ArgumentError.new("Authlogic's bcrypt cost cannot be set below the engine's min cost (#{::BCrypt::Engine::MIN_COST})")
+          end
+          @cost = val
+        end
 
         # Creates a BCrypt hash for the password passed.
         def encrypt(*tokens)

lib/authlogic/session/active_record_trickery.rb

@@ -9,7 +9,7 @@ def self.included(klass)
         klass.extend ClassMethods
         klass.send(:include, InstanceMethods)
       end
-      
+
       module ClassMethods
         # How to name the attributes of Authlogic, works JUST LIKE ActiveRecord, but instead it uses the following
         # namespace:
@@ -20,24 +20,14 @@ def human_attribute_name(attribute_key_name, options = {})
           options[:default] ||= attribute_key_name.to_s.humanize
           I18n.t("attributes.#{name.underscore}.#{attribute_key_name}", options)
         end
-        
+
         # How to name the class, works JUST LIKE ActiveRecord, except it uses the following namespace:
         #
         #   authlogic.models.user_session
         def human_name(*args)
           I18n.t("models.#{name.underscore}", {:count => 1, :default => name.humanize})
         end
-        
-        # For rails < 2.3, mispelled
-        def self_and_descendents_from_active_record
-          [self]
-        end
-        
-        # For rails >= 2.3, mispelling fixed
-        def self_and_descendants_from_active_record
-          [self]
-        end
-        
+
         # For rails >= 3.0
         def model_name
           if defined?(::ActiveModel)
@@ -55,7 +45,7 @@ def lookup_ancestors
           ancestors.select { |x| x.respond_to?(:model_name) }
         end
       end
-      
+
       module InstanceMethods
         # Don't use this yourself, this is to just trick some of the helpers since this is the method it calls.
         def new_record?
@@ -69,7 +59,7 @@ def persisted?
         def destroyed?
           record.nil?
         end
-        
+
         def to_key
           new_record? ? nil : record.to_key
         end

lib/authlogic/session/magic_columns.rb

@@ -8,7 +8,7 @@ module Session
     #   last_request_at       Updates every time the user logs in, either by explicitly logging in, or logging in by cookie, session, or http auth
     #   current_login_at      Updates with the current time when an explicit login is made.
     #   last_login_at         Updates with the value of current_login_at before it is reset.
-    #   current_login_ip      Updates with the request remote_ip when an explicit login is made.
+    #   current_login_ip      Updates with the request ip when an explicit login is made.
     #   last_login_ip         Updates with the value of current_login_ip before it is reset.
     module MagicColumns
       def self.included(klass)
@@ -21,7 +21,7 @@ def self.included(klass)
           before_save :set_last_request_at, :if => :set_last_request_at?
         end
       end
-      
+
       # Configuration for the magic columns feature.
       module Config
         # Every time a session is found the last_request_at field for that record is updatd with the current time, if that field exists.
@@ -36,7 +36,7 @@ def last_request_at_threshold(value = nil)
         end
         alias_method :last_request_at_threshold=, :last_request_at_threshold
       end
-      
+
       # The methods available for an Authlogic::Session::Base object that make up the magic columns feature.
       module InstanceMethods
         private
@@ -46,22 +46,22 @@ def increase_failed_login_count
               attempted_record.failed_login_count += 1
             end
           end
-        
+
           def update_info
             record.login_count = (record.login_count.blank? ? 1 : record.login_count + 1) if record.respond_to?(:login_count)
             record.failed_login_count = 0 if record.respond_to?(:failed_login_count)
-          
+
             if record.respond_to?(:current_login_at)
               record.last_login_at = record.current_login_at if record.respond_to?(:last_login_at)
               record.current_login_at = klass.default_timezone == :utc ? Time.now.utc : Time.now
             end
-          
+
             if record.respond_to?(:current_login_ip)
               record.last_login_ip = record.current_login_ip if record.respond_to?(:last_login_ip)
-              record.current_login_ip = controller.request.remote_ip
+              record.current_login_ip = controller.request.ip
             end
           end
-          
+
           # This method lets authlogic know whether it should allow the last_request_at field to be updated
           # with the current time (Time.now). One thing to note here is that it also checks for the existence of a
           # last_request_update_allowed? method in your controller. This allows you to control this method pragmatically
@@ -81,11 +81,11 @@ def set_last_request_at? # :doc:
             return controller.last_request_update_allowed? if controller.responds_to_last_request_update_allowed?
             record.last_request_at.blank? || last_request_at_threshold.to_i.seconds.ago >= record.last_request_at
           end
-        
+
           def set_last_request_at
             record.last_request_at = klass.default_timezone == :utc ? Time.now.utc : Time.now
           end
-          
+
           def last_request_at_threshold
             self.class.last_request_at_threshold
           end

lib/authlogic/session/session.rb

@@ -35,8 +35,8 @@ def persist_by_session
               # Allow finding by persistence token, because when records are created the session is maintained in a before_save, when there is no id.
               # This is done for performance reasons and to save on queries.
               record = record_id.nil? ?
-                search_for_record("find_by_persistence_token", persistence_token) :
-                search_for_record("find_by_#{klass.primary_key}", record_id)
+                search_for_record("find_by_persistence_token", persistence_token.to_s) :
+                search_for_record("find_by_#{klass.primary_key}", record_id.to_s)
               self.unauthorized_record = record if record && record.persistence_token == persistence_token
               valid?
             else

lib/authlogic/test_case/mock_request.rb

@@ -2,15 +2,15 @@ module Authlogic
   module TestCase
     class MockRequest # :nodoc:
       attr_accessor :controller
-      
+
       def initialize(controller)
         self.controller = controller
       end
-      
-      def remote_ip
+
+      def ip
         (controller && controller.respond_to?(:env) && controller.env.is_a?(Hash) && controller.env['REMOTE_ADDR']) || "1.1.1.1"
       end
-      
+
       private
         def method_missing(*args, &block)
         end