lib/authlogic/session/password.rb in authlogic-4.0.1 vs lib/authlogic/session/password.rb in authlogic-4.1.0
- old
+ new
@@ -117,11 +117,11 @@
# The name of the method in your model used to verify the password. This
# should be an instance method. It should also be prepared to accept a
# raw password and a crytped password.
#
- # * <tt>Default:</tt> "valid_password?"
+ # * <tt>Default:</tt> "valid_password?" defined in acts_as_authentic/password.rb
# * <tt>Accepts:</tt> Symbol or String
def verify_password_method(value = nil)
rw_config(:verify_password_method, value, "valid_password?")
end
alias_method :verify_password_method=, :verify_password_method
@@ -160,11 +160,15 @@
# all method signatures.
def credentials=(value)
super
values = Array.wrap(value)
if values.first.is_a?(Hash)
- values.first.with_indifferent_access.slice(login_field, password_field).each do |field, val|
+ sliced = values
+ .first
+ .with_indifferent_access
+ .slice(login_field, password_field)
+ sliced.each do |field, val|
next if val.blank?
send("#{field}=", val)
end
end
end
@@ -177,72 +181,99 @@
def add_invalid_password_error
if generalize_credentials_error_messages?
add_general_credentials_error
else
- errors.add(password_field, I18n.t('error_messages.password_invalid', default: "is not valid"))
+ errors.add(
+ password_field,
+ I18n.t("error_messages.password_invalid", default: "is not valid")
+ )
end
end
def add_login_not_found_error
if generalize_credentials_error_messages?
add_general_credentials_error
else
- errors.add(login_field, I18n.t('error_messages.login_not_found', default: "is not valid"))
+ errors.add(
+ login_field,
+ I18n.t("error_messages.login_not_found", default: "is not valid")
+ )
end
end
+ def authenticating_with_password?
+ login_field && (!send(login_field).nil? || !send("protected_#{password_field}").nil?)
+ end
+
def configure_password_methods
- if login_field
- self.class.send(:attr_writer, login_field) unless respond_to?("#{login_field}=")
- self.class.send(:attr_reader, login_field) unless respond_to?(login_field)
- end
+ define_login_field_methods
+ define_password_field_methods
+ end
- if password_field
- self.class.send(:attr_writer, password_field) unless respond_to?("#{password_field}=")
- self.class.send(:define_method, password_field) {} unless respond_to?(password_field)
-
- # The password should not be accessible publicly. This way forms
- # using form_for don't fill the password with the attempted
- # password. To prevent this we just create this method that is
- # private.
- self.class.class_eval <<-EOS, __FILE__, __LINE__
- private
- def protected_#{password_field}
- @#{password_field}
- end
- EOS
- end
+ def define_login_field_methods
+ return unless login_field
+ self.class.send(:attr_writer, login_field) unless respond_to?("#{login_field}=")
+ self.class.send(:attr_reader, login_field) unless respond_to?(login_field)
end
- def authenticating_with_password?
- login_field && (!send(login_field).nil? || !send("protected_#{password_field}").nil?)
+ def define_password_field_methods
+ return unless password_field
+ self.class.send(:attr_writer, password_field) unless respond_to?("#{password_field}=")
+ self.class.send(:define_method, password_field) {} unless respond_to?(password_field)
+
+ # The password should not be accessible publicly. This way forms
+ # using form_for don't fill the password with the attempted
+ # password. To prevent this we just create this method that is
+ # private.
+ self.class.class_eval <<-EOS, __FILE__, __LINE__ + 1
+ private
+ def protected_#{password_field}
+ @#{password_field}
+ end
+ EOS
end
+ # In keeping with the metaphor of ActiveRecord, verification of the
+ # password is referred to as a "validation".
def validate_by_password
self.invalid_password = false
-
- # check for blank fields
- if send(login_field).blank?
- errors.add(login_field, I18n.t('error_messages.login_blank', default: "cannot be blank"))
- end
- if send("protected_#{password_field}").blank?
- errors.add(password_field, I18n.t('error_messages.password_blank', default: "cannot be blank"))
- end
+ validate_by_password__blank_fields
return if errors.count > 0
-
self.attempted_record = search_for_record(find_by_login_method, send(login_field))
if attempted_record.blank?
add_login_not_found_error
return
end
+ validate_by_password__invalid_password
+ end
- # check for invalid password
- unless attempted_record.send(verify_password_method, send("protected_#{password_field}"))
+ def validate_by_password__blank_fields
+ if send(login_field).blank?
+ errors.add(
+ login_field,
+ I18n.t("error_messages.login_blank", default: "cannot be blank")
+ )
+ end
+ if send("protected_#{password_field}").blank?
+ errors.add(
+ password_field,
+ I18n.t("error_messages.password_blank", default: "cannot be blank")
+ )
+ end
+ end
+
+ # Verify the password, usually using `valid_password?` in
+ # `acts_as_authentic/password.rb`. If it cannot be verified, we
+ # refer to it as "invalid".
+ def validate_by_password__invalid_password
+ unless attempted_record.send(
+ verify_password_method,
+ send("protected_#{password_field}")
+ )
self.invalid_password = true
add_invalid_password_error
- return
end
end
attr_accessor :invalid_password
@@ -259,10 +290,13 @@
if self.class.generalize_credentials_error_messages.is_a? String
self.class.generalize_credentials_error_messages
else
"#{login_field.to_s.humanize}/Password combination is not valid"
end
- errors.add(:base, I18n.t('error_messages.general_credentials_error', default: error_message))
+ errors.add(
+ :base,
+ I18n.t("error_messages.general_credentials_error", default: error_message)
+ )
end
def generalize_credentials_error_messages?
self.class.generalize_credentials_error_messages
end