lib/authlogic/session/http_auth.rb in authlogic-3.8.0 vs lib/authlogic/session/http_auth.rb in authlogic-4.0.0

@@ -1,33 +1,37 @@
 module Authlogic
   module Session
-    # Handles all authentication that deals with basic HTTP auth. Which is authentication built into the HTTP protocol:
+    # Handles all authentication that deals with basic HTTP auth. Which is
+    # authentication built into the HTTP protocol:
     #
     #   http://username:password@whatever.com
     #
-    # Also, if you are not comfortable letting users pass their raw username and password you can always use the single
-    # access token. See Authlogic::Session::Params for more info.
+    # Also, if you are not comfortable letting users pass their raw username and
+    # password you can always use the single access token. See
+    # Authlogic::Session::Params for more info.
     module HttpAuth
       def self.included(klass)
         klass.class_eval do
           extend Config
           include InstanceMethods
-          persist :persist_by_http_auth, :if => :persist_by_http_auth?
+          persist :persist_by_http_auth, if: :persist_by_http_auth?
         end
       end
 
       # Configuration for the HTTP basic auth feature of Authlogic.
       module Config
         # Do you want to allow your users to log in via HTTP basic auth?
         #
-        # I recommend keeping this enabled. The only time I feel this should be disabled is if you are not comfortable
-        # having your users provide their raw username and password. Whatever the reason, you can disable it here.
+        # I recommend keeping this enabled. The only time I feel this should be
+        # disabled is if you are not comfortable having your users provide their
+        # raw username and password. Whatever the reason, you can disable it
+        # here.
         #
         # * <tt>Default:</tt> true
         # * <tt>Accepts:</tt> Boolean
         def allow_http_basic_auth(value = nil)
-          rw_config(:allow_http_basic_auth, value, true)
+          rw_config(:allow_http_basic_auth, value, false)
         end
         alias_method :allow_http_basic_auth=, :allow_http_basic_auth
 
         # Whether or not to request HTTP authentication
         #
@@ -81,10 +85,13 @@
                 valid?
               end
             end
 
             if self.class.request_http_basic_auth
-              controller.authenticate_or_request_with_http_basic(self.class.http_basic_auth_realm, &login_proc)
+              controller.authenticate_or_request_with_http_basic(
+                self.class.http_basic_auth_realm,
+                &login_proc
+              )
             else
               controller.authenticate_with_http_basic(&login_proc)
             end
 
             false