binarylogic / authlogic Goto Github PK
View Code? Open in Web Editor NEWA simple ruby authentication solution.
Home Page: http://rdoc.info/projects/binarylogic/authlogic
License: MIT License
A simple ruby authentication solution.
Home Page: http://rdoc.info/projects/binarylogic/authlogic
License: MIT License
The doc specifies that instead of the value 'true' a string can be specified like this:
generalize_credentials_error_messages I18n.t('authlogic.error_messages.login_credentials_invalid')
However, this does not seem to work: when passing a string the whole statement is ignored.
Logout works on my local machine (mac os x leopard, rails 2.3.4, mongral) but fails on Production in Heroku. Authlogic is integrated into my app in the same way that the railscast episode on authlogic suggests - the only difference is that I included all of the authlogic database columns.
Creating a new instance automatically loads errors into @base and populates those errors on my sign in form:
(rdb:1) @account_session = AccountSession.new
(rdb:1) @account_session.errors
Is this correct behavior or am I missing something?
Gavin
Digest::SHA512.hexdigest => 128 chars.
instead of
Digest::SHA512.digest => 64 chars.
AuthLogic helps an attacker by letting them know if a username is valid or not while logging in.
A more secure (but slightly less user-friendly) behavior would be not letting the user know whether the login or password (or both) is wrong.
I think the secure behavior should be enabled by default, and have a configuration parameter to behave in the current mode.
(note that information might also be leaked from the register and forgotten password page)
SHA-512 is overkill for a web application. It would be best if it'd use SHA-256 by default but that the developer could change to SHA-384 or SHA-512.
In addition with a digest of 512 bytes you get 64 bytes, and with 256 bytes you get 32 chars.
Bruce Schneier has said: "I have, and continue to, recommend SHA-256 for
immediate applications, and will probably continue to recommend the algorithm
until this process (a new secure hash standard) is completed. SHA-384 and
SHA-512 are also fine, but overkill for most applications."
http://www.schneier.com/blog/archives/2007/02/a_new_secure_ha.html
Hey there.
Ran into a couple of problems customising the error messages that Authlogic raises using the I18n functionality, stemming from a couple of inaccuracies in your RDOC.
Firstly, this example (from http://rdoc.info/rdoc/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/Authlogic/I18n.html):
*** START CODE ***
module MyAuthlogicI18nAdapter
def t(key, options = {})
# you will have key which will be something like: "error_messages.password_invalid"
# you will also have options[:default], which will be the default english version of the message
# do whatever you want here with the arguments passed to you.
end
end
Authlogic::I18n.extend MyAuthlogicI18nAdapter
*** END CODE ***
..contains a subtle misunderstanding of how Object#extend works, and of Ruby’s OO semantics in general. In a nutshell, extend places the module with which your object is being extended in the inheritance tree above it, rather than overriding the methods on the object itself (The object in this place being the Authlogic::I18n singleton class). In practical terms, this means that if your object already has a method of the same name as one defined by the module (as is true in this case - Authlogic::I18n defines its own self.t method), the object’s own implementation will still be called, as it is lower down in the inheritance tree than that in the module with which it is being extended.
However, this is pretty much a moot point, as, looking at the source in i18n.rb - the built-in Authlogic::I18n.t attempts to call the t method on a top-level class called I18n, so a simpler method of overriding auth messages is simply to define that top-level I18n class itself, with a t method (no need for that extend). As a further improvement, i might suggest making this top-level classname configurable, as I18n seems pretty generic and potentially prone to namespace clashes. However, if the documentation for this feature could be updated to correct this, that’d be great.
Cheers!
Tim
This ticket has 0 attachment(s).
In UserSessionsControllerTest using shoulda
context "not redirect non-logged in user" do
setup do
get :new
end
should_respond_with :success
end
Fails with 302 status, but in simple Unit Test
test "should get new" do
get :new
assert_response :success
end
Passes successfully, this is second time I am trying Authlogic with shoulda which is resulting in same Test result (302 for response :success)
I added a translations file for AuthLogic to my rails app. This correctly resulted in error messages for users being translated into the default locale. However, when I change the locale in a before filter, AuthLogic keeps returning error messages in the default locale while AR starts providing validation errors in the current locale. It seems like the call to I18n translate (t) is being made only once with the default locale when the AuthLogic gem is loaded.
This ticket has 0 attachment(s).
HTTP Basic authentication works when going through curl, but not when using a browser (safari or firefox). In firefox, the attached dialog shows up. This happens in all of my projects using authlogic and the authlogic_example application from github. It’s the same whether I use mongrel or passenger.
This ticket has 2 attachment(s).
Using authlogic with models that extend the User class (using Single Table Inheritance)
seems to break things since you end up with nil objects for @current_user in your controllers
@@@ ruby
class User < ActiveRecord::Base
acts_as_authentic
end
class NormalUser < User;end
class SpecialUser < User;end
@@@
Is it possible to use authlogic with STI?
This ticket has 0 attachment(s).
Hi
With 2.3.3 I started to see strange ’A copy of ApplicationController has been removed from the module tree but is still active!’ errors every few requests. Switching back to 2.3.2 removed the problem.
I think I was able to locate the problem somewhere within authlogic.
It might have something to do with this outstanding ticket (https://rails.lighthouseapp.com/projects/8994/tickets/1339-arbase-should-not-be-nuking-its-children-just-because-it-lost-interest), but so far I haven’t seen any activity in it.
The problem can be reproduced by fetching my fork of the authlogic example application:
Now if you like you can switch back to 2.3.2 and repeat the test, with 2.3.2 nothing happens.
Attached you can find the full backtrace.
Thanks!
Cheers,
Reto
This ticket has 1 attachment(s).
Hi,
There are problem with UserSessions on rails 2.3.4. code in view like this
<% form_for @user_session, :url => login_path do |f| -%>
<%= f.error_messages %>
<%= f.text_field :login %>
<%= f.password_field :password %>
<%= f.check_box :remember_me %>
<%= submit_tag 'Login' %>
<% end %>
causes ActionView::TemplateError (can't convert ActiveRecord::Error into String) on line <%= f.error_messages %>
Hi,
I'm a happy user of Authlogic.
In my projects, manaed with Git, I have a pre-commit hook that checks all the modified files to see if they are valid. They go through Ruby or ERB syntax check and the commit is aborted if an error is raised.
When I pack my gems in "vendor/gems", they are added to the next commit checked.
This process stumbles upon the session template which ends on *.rb and so is checked by Ruby and so is not valid because it's in fact an ERB template.
Maybe this file could be renamed into something either *.erb or *.tpl, …
The exact file is : authlogic-2.1.1/generators/session/templates/session.rb
I'll try to fork and make a patch, but I'm not sure that's in my reach ;-)
Thanks for Authlogic and everything else that you make. It's great.
Cheers
Jeremy
to add email field do i just modify create_users.rb file and then run migration.Or are there other steps?
sorry I am a complete newbie
If I enable logout_on_timeout and try to use HTTP Basic Auth then Authlogic will not validate the session (JosUserSession.find.record returns nil)
User and UserSession models below. I'm using the the ApplicationController methods as shown in the tutorials.
class UserSession < Authlogic::Session::Base
login_field :username
verify_password_method :valid_credentials?
logout_on_timeout true
allow_http_basic_auth true
end
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.validate_password_field = false
c.login_field = :username
c.logged_in_timeout = 30.minutes
end
def valid_credentials?(password_plaintext)
valid_jos_user_credentials?(password_plaintext)
end
def valid_jos_user_credentials?(password_plaintext)
salt = password.split(':')[1]
encrypted = Digest::MD5.hexdigest("#{password_plaintext}#{salt}")
password.eql? "#{encrypted}:#{salt}"
end
end
By default SecureRandom [1] uses 16 bytes (which has an entropy of 128 bits [2]), so:
SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
should be:
SecureRandom.base64().tr('+/=', '-_ ').rstrip
[1] http://api.rubyonrails.org/classes/ActiveSupport/SecureRandom.html#M001107
[2] https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt#cl-113
SecureRandom.hex(64)
Why do use 64 bytes?
It shoulds be
SecureRandom.hex()
which uses 16 random bytes to return them into a hexadecimal string.
Another thing. I've seen that it's used 'encrypted' or 'crypted' to refer to the hashs. An hash is not a cryptographic algorithm, they are both different. Please use 'hash' to refer a SHA and any term related to crypto. to refer to AES.
Is there an easy way to merge validation options for all validations? I would like to disable validations when a user is registered as a guest and currently have to do this.
acts_as_authentic do |c| c.merge_validates_confirmation_of_password_field_options :unless => :guest? c.merge_validates_length_of_password_field_options :unless => :guest? c.merge_validates_length_of_password_confirmation_field_options :unless => :guest? c.merge_validates_length_of_login_field_options :unless => :guest c.merge_validates_format_of_login_field_options :unless => :guest c.merge_validates_uniqueness_of_login_field_options :unless => :guest c.merge_validates_format_of_email_field_options :unless => :guest c.merge_validates_length_of_email_field_options :unless => :guest c.merge_validates_uniqueness_of_email_field_options :unless => :guest end
It would be nice if there was one merge_validation_options
config method which merged all of them. Or is there a better way to do this?
Authlogic will randomly log in a logged out user. I am using the basic authlogic_example setup and have added just one more 'orders' resource controller with the basic actions and no other filters.
I can log out of my session, and view the orders index action logged out. Then I can keep refreshing my browser and within 5 - 15 refreshes, I will suddenly be logged back in again to the previous user session.
I followed the example verbatim.
here is the error i get
undefined local variable or method `my_value' for User(id: integer, created_at: datetime, updated_at: datetime):Class
Full trace:
/usr/local/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/active_record/base.rb:1964:in method_missing' /home/smpmode/racebench/app/models/user.rb:3 /usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/acts_as_authentic/base.rb:33:in
acts_as_authentic'
/home/smpmode/racebench/app/models/user.rb:2
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/dependencies.rb:380:in load_without_new_constant_marking' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/dependencies.rb:380:in
load_file'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/dependencies.rb:521:in new_constants_in' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/dependencies.rb:379:in
load_file'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/dependencies.rb:259:in require_or_load' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/dependencies.rb:425:in
load_missing_constant'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/dependencies.rb:80:in const_missing' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/dependencies.rb:92:in
const_missing'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/inflector.rb:361:in constantize' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/inflector.rb:360:in
each'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/inflector.rb:360:in constantize' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/core_ext/string/inflections.rb:162:in
constantize'
/usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/klass.rb:33:in klass' /usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/password.rb:79:in
login_field'
/usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/password.rb:197:in login_field' /usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/password.rb:106:in
initialize'
/usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/activation.rb:48:in initialize' /usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/klass.rb:61:in
initialize'
/usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/scopes.rb:79:in initialize' /usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/persistence.rb:37:in
new'
/usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/persistence.rb:37:in find' /home/smpmode/racebench/app/controllers/application_controller.rb:12:in
current_user_session'
/home/smpmode/racebench/app/controllers/application_controller.rb:17:in current_user' /home/smpmode/racebench/app/controllers/application_controller.rb:30:in
require_no_user'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:178:in send' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:178:in
evaluate_method'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:166:in call' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/filters.rb:225:in
call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/filters.rb:629:in run_before_filters' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/filters.rb:615:in
call_filters'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/filters.rb:610:in perform_action_without_benchmark' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/benchmarking.rb:68:in
perform_action_without_rescue'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/core_ext/benchmark.rb:17:in ms' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/core_ext/benchmark.rb:10:in
realtime'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/core_ext/benchmark.rb:17:in ms' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/benchmarking.rb:68:in
perform_action_without_rescue'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/rescue.rb:160:in perform_action_without_flash' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/flash.rb:141:in
perform_action'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/base.rb:523:in send' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/base.rb:523:in
process_without_filters'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/filters.rb:606:in process' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/base.rb:391:in
process'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/base.rb:386:in call' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/routing/route_set.rb:433:in
call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/dispatcher.rb:88:in dispatch' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/dispatcher.rb:111:in
_call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/dispatcher.rb:82:in initialize' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/head.rb:9:in
call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/head.rb:9:in call' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/methodoverride.rb:24:in
call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/params_parser.rb:15:in call' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/rewindable_input.rb:25:in
call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/session/abstract_store.rb:122:in call' /usr/local/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/active_record/query_cache.rb:29:in
call'
/usr/local/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in cache' /usr/local/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/active_record/query_cache.rb:9:in
cache'
/usr/local/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/active_record/query_cache.rb:28:in call' /usr/local/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/active_record/connection_adapters/abstract/connection_pool.rb:361:in
call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/reloader.rb:9:in call' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/failsafe.rb:11:in
call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/lock.rb:11:in call' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/lock.rb:11:in
synchronize'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/lock.rb:11:in call' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/dispatcher.rb:106:in
call'
/usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/content_length.rb:13:in call' /usr/local/lib/ruby/gems/1.8/gems/actionpack-2.3.2/lib/action_controller/vendor/rack-1.0/rack/handler/fastcgi.rb:60:in
serve'
/usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:103:in process_request' /usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:153:in
with_signal_handler'
/usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:101:in process_request' /usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:78:in
process_each_request'
/usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:77:in each' /usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:77:in
process_each_request'
/usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:76:in catch' /usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:76:in
process_each_request'
/usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:51:in process!' /usr/local/lib/ruby/gems/1.8/gems/rails-2.3.2/lib/fcgi_handler.rb:23:in
process!'
dispatch.fcgi:24
This tests the response_code for each user to a page, the session[:user_credentials_id] will change when using the helper ‘set_session_for’ in a loop, but the ‘current user’ does not change. The response body, does not change.
This is the smallest test I could create.
```
test ‘All users hit home page’ do
for user in User.all
set_session_for(user)
get :home
assert_response :success
assert_tag :tag => ‘span’, :attributes => {:id => "name"}, :content => user.display_name
end
end
```
I have a span on the page that holds the users first name. This test will succeed the first time and fail on the second time through the loop. In the test output, the value in the tag is the name of the user that was set to the session the first time through the loop.
I would expect to be able to change the user in a functional test.
I can't seem to find any information in the docs on how to remove the "_ is not valid" validations on the user session fields. generalize_credentials_error_messages did not seem to return the results I was looking for. Is there a way to remove the validations completely for email/login/password and only use the validates_presence_of. Thank you.
@@@
@@@
class UserSessionsController < ApplicationController
before_filter :require_no_user, :only => :create
before_filter :require_user, :only => :destroy
def create
user_session = UserSession.new(params[:login_info])
if user_session.save
flash[:notice] = "Logged in!"
redirect_to home_path
else
flash[:error] = "Error: Login unsuccessful!"
redirect_to home_path
end
end
def destroy
current_user_session.destroy
flash[:notice] = "Logged out!"
redirect_to home_path
end
end
@@@
Now when I login with the option ’Remember me?’ checked, Rails passes:
@@@
Processing UserSessionsController#create (for 127.0.0.1 at 2009-07-11 03:39:15) [POST]
Parameters:
{"commit"=>"Submit", "action"=>"create", "controller"=>"user_sessions",
"login_info"=>{"password"=>"[FILTERED]", "remember_me"=>"1", "email"=>"[email protected]"}}
@@@
But the View displays:
@@@
Signed in as [email protected]!
false
@@@
No matter how hard I try I can’t get the current_user_session to remember the remember_me option.
This ticket has 0 attachment(s).
irb> require 'rubygems'
=> true
irb> require 'authlogic'
NameError: uninitialized constant ActiveRecord
from ...
from /path/to/authlogic-2.1.1/lib/authlogic/session/validation.rb:16
from ...
Authlogic::Session::Validation::Errors
inherits from ::ActiveRecord::Errors
, but no require "active_record"
can be found in the code and no dependency has been added to the gemspec.
Please note: In Rails 3, ActiveRecord::Errors has been moved to ActiveModel, so it might be better to roll your own Errors class.
Normally Rails would do this:
@object.errors[:non_existent_attribute] # => nil
Authlogic returns []
This is because of the following method:
class Errors < ::ActiveRecord::Errors
def [](key)
value = super
value.is_a?(Array) ? value : [value].compact
end
end
as an example:
nil.is_a?(Array) ? nil : [nil].compact # => []
This causes issues when using the Formtastic plugin which expects nil when there are no errors for a given attribute.
This would be a fix:
class Errors < ::ActiveRecord::Errors
def [](key)
value = super
return nil if value.is_nil?
value.is_a?(Array) ? value : [value].compact
end
end
Hello, I think there still are some keys missing.
I can’t translate during validation :
model names :
user_session
user
attributes :
all the attributes for user
The rest is working just fine.
I’m using the latest gem.
This ticket has 0 attachment(s).
I implemented the tutorial exactly but when i go to mywebsite/account/new I get:
NoMethodError in Users#new
Showing app/views/users/_form.html.erb where line #5 raised:
undefined method `username' for #User:0xb74d5bf4
Extracted source (around line #5):
2: <%= f.error_messages %>
3:
4: <%= f.label :username %>
5: <%= f.text_field :username %>
6:
8: <%= f.label :email %>
I get an error if my user's password = 123456.
It's fixed if you just change line 50 of lib/authlogic/session/magic_columns.rb (notice the to_i)
record.login_count = (record.login_count.blank? ? 1 : record.login_count + 1) if record.respond_to?(:login_count)
record.login_count = (record.login_count.blank? ? 1 : record.login_count.to_i + 1) if record.respond_to?(:login_count)
With such a simple fix, I figured it was more trouble than it was worth to fork and then submit a patch. Hope this helps.
Best,
Bryce
Error msg:
TypeError in User sessionsController#create
can't convert Fixnum into String
RAILS_ROOT: /Library/WebServer/Documents/Projects/smsFood
Application Trace | Framework Trace | Full Trace
/usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/magic_columns.rb:50:in +' /usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/magic_columns.rb:50:in
update_info'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:178:in send' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:178:in
evaluate_method'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:166:in call' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:93:in
run'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:92:in each' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:92:in
send'
/usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:92:in run' /usr/local/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/active_support/callbacks.rb:276:in
run_callbacks'
/usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/callbacks.rb:71:in before_save' /usr/local/lib/ruby/gems/1.8/gems/authlogic-2.0.14/lib/authlogic/session/existence.rb:66:in
save'
/Library/WebServer/Documents/Projects/smsFood/app/controllers/user_sessions_controller.rb:10:in create' /Library/WebServer/Documents/Projects/smsFood/app/controllers/user_sessions_controller.rb:9:in
create'
The admin of my webapp needs to be able to log in and masquerade as any user. Is there any easy way to set a "skeleton key" admin password to create a valid UserSession even if it doesn't match the user's actual password?
I am not sure if this bug is related to authlogic not being compatible with rails 2.3.3 or not, but I encounter an undefined method 'rewind' for # error when attempting to login using authlogic. This only occurs for me when attempting to use Rails 2.3.3. Once I switch back to 2.3.2 everything works fine. Here is a backtrace:
Status: 500 Internal Server Error
undefined method rewind' for #<TCPSocket:0x2536630> /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/request.rb:150:in
POST'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/methodoverride.rb:15:in call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/params_parser.rb:15:in
call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/session/cookie_store.rb:93:in call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/reloader.rb:29:in
call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/failsafe.rb:26:in call' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in
call'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in synchronize' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in
call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/dispatcher.rb:106:in call' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/rack/request_handler.rb:65:in
process_request'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_request_handler.rb:197:in main_loop' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:340:in
start_request_handler'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:298:in handle_spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/utils.rb:176:in
safe_fork'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:296:in handle_spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in
send'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in main_loop' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in
start_synchronously'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:149:in start' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:192:in
start'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:260:in spawn_rails_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:121:in
lookup_or_add'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:254:in spawn_rails_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:75:in
synchronize'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:74:in synchronize' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:253:in
spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:148:in spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:285:in
handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in __send__' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in
main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/bin/passenger-spawn-server:50
Authlogic::TestCase docs in README points to:
http://authlogic.rubyforge.org/classes/Authlogic/TestCase.html
which is broken. Should point to rdoc.info...
Does Authlogic could to working with Mongomapper (a wrapper to MongoDB)?
http://railstips.org/2009/6/27/mongomapper-the-rad-mongo-wrapper
I've created two controller tests that test the same controller, but do it for different users (with a different set of privileges).
In the controller tests that tests a visitor I have
setup :activate_authlogic
def setup
UserSession.create(users(:visitor))
end
Which works perfectly. When I remove that code the tests fail because no one is logged on (perfect). However, in another tests, that should tests an admin the code, does not fail when the above is removed. Just to reiterate I'm testing the same controller. What's more, when I do include the code above, it does not work as expected, but does when I include "UserSession.create(users(:admin))" within each test method.
Using Ruby 1.9.1 and Rails 2.3.4 i got that error
NoMethodError (undefined method ^' for "a":String): authlogic (2.1.1) lib/authlogic/session/session.rb:46:in
session_credentials'
authlogic (2.1.1) lib/authlogic/session/session.rb:33:in persist_by_session' authlogic (2.1.1) lib/authlogic/session/callbacks.rb:78:in
persist'
authlogic (2.1.1) lib/authlogic/session/persistence.rb:55:in persisting?' authlogic (2.1.1) lib/authlogic/session/persistence.rb:39:in
find'
app/controllers/application_controller.rb:16:in `current_user_session'
The regex in regex.rb for the login field currently is:
/\A\w[\w.+-_@ ]+\z/
This requires the login field to be a minimum of two characters. Shouldn't the first \w be removed or the + be changed to a *? I figure it makes most sense to remove the \w.
I'm not sure what I am doing wrong here, but I keep getting the YAML tab error when I run my tests now. Here is what I have, which I've looked for tabs and have found none. Is there maybe a problem with the output from the ruby code?
superuser:
login:ben
email: [email protected]
crypted_password: <%= Authlogic::CryptoProviders::Sha512.encrypt("ben"+salt) %>
password_salt: <%= salt = Authlogic::Random.hex_token %>
persistence_token: <%= Authlogic::Random.hex_token %>
super: true
I have a fairly generic setup of Authlogic using all defaults against a User table in my primary DB.
I have a 2nd separate database setup in my database.yml/models ala something like..
In database.yml ... a second_db entry
In an example model...
class ModelInOtherDB < ActiveRecord::Base
establish_connection :second_db
...
end
Whenever I use this MonelInOtherDB .. it works but when I reload the authlogic tries hitting the 2nd database not the primary DB with the User in it and faults with a ...
Could not find table ’user’ error
Authlogic(2.1.1)
Ruby version 1.9.1 (i386-darwin9.6.0)
RubyGems version 1.3.3
This ticket has 0 attachment(s).
If you include generalize_credentials_error_messages true in your UserSession object, the failed_login_count will stop incrementing when the password is bad but the login is valid. This in turn stops the brute force protection from working.
Is it possible that the generalize_credentials_error_messages can be included in UserSession, but still have the failed_login_count increment when the password is incorrect.
Thanks,
When using the latest v2.0.12 the web server won't start.
=> Booting Mongrel
=> Rails 2.3.2 application starting on http://0.0.0.0:3000
no such file to load -- /opt/local/lib/ruby/gems/1.8/gems/authlogic-2.0.12/lib/authlogic/regex
/opt/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in gem_original_require' /opt/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
require'
It is missing there.
Love your work. Incredibly useful.
Some suggested features and/or tutorials:
I change a user's password through the console, then reload that user and the valid_password? returns false for the new password.
Any ideas where to look from here before I end up deep into the authlogic code?
Here's a console dump:
?> u.password = "foobar"
=> "foobar"
u.password_confirmation = "foobar"
=> "foobar"
u.save!
=> true
u.reload
=> #<User id: 6, login: "jgoodsen", name: "John Goodsen", email: "[email protected]", crypted_password: "359a452e8e91642bfcd20141fb405c9412ef3481", salt: "AZJQAz8QBgtKVfBpuPq9", created_at: "2009-05-11 19:15:39", updated_at: "2009-08-23 00:47:58", remember_token: nil, remember_token_expires_at: nil, activation_code: nil, activated_at: "2009-05-11 19:15:40", admin: true, persistence_token: "ab5f1db3eb8e83bdcf6491414f58e2116022c783cb727538d92...", perishable_token: "nYxQrm_0hOmMirPmpTR5", login_count: 9, failed_login_count: 2, current_login_at: "2009-08-23 00:32:49", current_login_ip: nil, last_login_at: "2009-08-23 00:31:35", last_login_ip: nil>
u.valid_password?("foobar")
=> false
It would be really great with a dead simple example showing how to create an Authlogic "add on".
My User class has a boolean field named "enabled". I’d like to prevent the login if that field is set to false. I found here an example code:
http://rdoc.info/rdoc/binarylogic/authlogic/blob/72992b9effaea12f109465fc904fa5431538775a/Authlogic/Session/Validation/Errors.html
class UserSession
validate :check_if_awesome
private
def check_if_awesome
errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
end
end
that I’ve adapted into this:
class UserSession < Authlogic::Session::Base
validate :check_if_user_enabled
private
def check_if_user_enabled
debugger
# User.find_by_login(object.login).enabled
end
end
so, why does UserSession doesn’t inherit from Authlogic::Session::Base ?
Moreover, using the debugger I can’t see the "errors" object, I can only access to it by "object.errors".
so, if I’m not doing anything wrong, the problem in this ticket should only be about syncing this to the documentation.
Maurizio De Magnis
This ticket has 0 attachment(s).
Is this possible? I have tried to add either the 'login' or 'username' column to the Client migration (where acts_as_authentic is placed) and I get the following error when going to the login page:
ActionView::TemplateError (undefined method `email' for #<ClientSession: no credentials provided>) on line #8 of app/views/client_sessions/new.html.erb:
5:
6:
7: <%= f.label :email, "Email Address" %>
8: <%= f.text_field :email %>
9:
However, the migration (and specifically in the message below it) in the example states that the data model can have both login and email columns, and that we might be able to use them both at login?
Basically, I want all users to use email addresses to login. However, we do have legacy users with logins/usernames, and I need to accommodate them as well.
Thanks! :) Great module ;)
Hi!
I'm probably being an idiot, but I've just set up Authlogic by following your comprehensive tutorial - while trying to register a new account, the email validation doesn't pass, regardless of how long or how "valid" an email address I use.
Register
2 errors prohibited this user from being saved
There were problems with the following fields:
* Email is too short (minimum is 6 characters)
* Email should look like an email address.
Any ideas?
P
I’m using authlogic_openid version 1.0.4 because of problems with the current version of authlogic_openid. The error exists in the demo at http://authlogicexample.binarylogic.com/ as well.
Visit the demo. Enter http://google.com (or some other non-OpenID aware URL).
The problem is that the save block never gets yielded to. Here is the Mongrel output from my development environment:
[OPENID] No usable OpenID services were found for "http://google.com/"
A similar problem exists when a URL to a non-existing server is entered:
[OPENID] Failed to fetch identity URL http://b.com/ : Error fetching http://b.com/: getaddrinfo: Name or service not known
Best,
Daniel
This ticket has 0 attachment(s).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.