Carview!

CARVIEW

MOTORHOMES

Select Language

HTTP/2 302 server: nginx date: Fri, 15 Aug 2025 08:58:18 GMT content-type: text/plain; charset=utf-8 content-length: 0 x-archive-redirect-reason: found capture at 20090917032922 location: https://web.archive.org/web/20090917032922/https://github.com/binarylogic/authlogic/issues server-timing: captures_list;dur=0.498917, exclusion.robots;dur=0.019491, exclusion.robots.policy;dur=0.008916, esindex;dur=0.011979, cdx.remote;dur=78.744780, LoadShardBlock;dur=309.508618, PetaboxLoader3.datanode;dur=80.828821, PetaboxLoader3.resolve;dur=179.508058 x-app-server: wwwb-app223 x-ts: 302 x-tr: 412 server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0 set-cookie: wb-p-SERVER=wwwb-app223; path=/ x-location: All x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() HTTP/2 200 server: nginx date: Fri, 15 Aug 2025 08:58:19 GMT content-type: text/html; charset=utf-8 x-archive-orig-server: nginx/0.6.35 x-archive-orig-date: Thu, 17 Sep 2009 03:29:20 GMT x-archive-orig-connection: close x-archive-orig-status: 200 OK x-archive-orig-etag: "ab893ce5a1c617459cc33d0fb6fb0951" x-archive-orig-x-runtime: 2259ms x-archive-orig-cache-control: private, max-age=0, must-revalidate x-archive-orig-content-length: 258122 x-archive-guessed-content-type: text/html x-archive-guessed-charset: utf-8 memento-datetime: Thu, 17 Sep 2009 03:29:22 GMT link: ; rel="original", ; rel="timemap"; type="application/link-format", ; rel="timegate", ; rel="first memento"; datetime="Sun, 19 Apr 2009 06:19:28 GMT", ; rel="prev memento"; datetime="Wed, 19 Aug 2009 04:48:15 GMT", ; rel="memento"; datetime="Thu, 17 Sep 2009 03:29:22 GMT", ; rel="next memento"; datetime="Tue, 06 Oct 2009 05:38:59 GMT", ; rel="last memento"; datetime="Wed, 26 Feb 2025 16:32:29 GMT" content-security-policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org athena.archive.org analytics.archive.org pragma.archivelab.org wwwb-events.archive.org x-archive-src: 51_11_20090917031240_crawl101_IndexOnly.gpg-c/51_11_20090917032817_crawl101.arc.gz server-timing: captures_list;dur=0.541294, exclusion.robots;dur=0.021229, exclusion.robots.policy;dur=0.008708, esindex;dur=0.013016, cdx.remote;dur=9.852337, LoadShardBlock;dur=179.539418, PetaboxLoader3.datanode;dur=73.207935, PetaboxLoader3.resolve;dur=318.416983, load_resource;dur=273.563512 x-app-server: wwwb-app223 x-ts: 200 x-tr: 722 server-timing: TR;dur=0,Tw;dur=0,Tc;dur=0 x-location: All x-rl: 0 x-na: 0 x-page-cache: MISS server-timing: MISS x-nid: DigitalOcean referrer-policy: no-referrer-when-downgrade permissions-policy: interest-cohort=() content-encoding: gzip Issues - binarylogic/authlogic - GitHub

binarylogic / authlogic

120

1865

Description:

A clean, simple, and unobtrusive ruby authentication solution.

Sort by: Priority | Votes | Last Updated

Loading…

14.

1 vote

Suggested features and/or tutorials
0 comments Created 2 months ago by snoblenet

Title

Body
Love your work. Incredibly useful. Some suggested features and/or tutorials: # Users creates a session before creating their account, and retains their session data through the process. For example, user adds items to shopping cart before creating account, then creates account in order to buy. # System sends confirmation email to user when they create account. User clicks link in confirmation email to complete account registration process. # User edit page asks for old password before allowing user to create new password.
or cancel

Love your work. Incredibly useful.

Some suggested features and/or tutorials:

Users creates a session before creating their account, and retains their session data through the process. For example, user adds items to shopping cart before creating account, then creates account in order to buy.

System sends confirmation email to user when they create account. User clicks link in confirmation email to complete account registration process.

User edit page asks for old password before allowing user to create new password.

Comments

Parsed with GitHub Flavored Markdown
15.

3 votes

Mongomapper
1 comment Created about 1 month ago by kless

Title

Body
Does Authlogic could to working with Mongomapper (a wrapper to MongoDB)? https://railstips.org/2009/6/27/mongomapper-the-rad-mongo-wrapper
or cancel

Does Authlogic could to working with Mongomapper (a wrapper to MongoDB)?

https://railstips.org/2009/6/27/mongomapper-the-rad-mongo-wrapper

Comments

activestylus Fri Sep 11 04:26:00 -0700 2009 | link

It doesnt work right now, would be cool if it did!

Comment
It doesnt work right now, would be cool if it did!
or cancel

Parsed with GitHub Flavored Markdown
16.

0 votes

Fixes on hash and crypto. stuff
2 comments Created about 1 month ago by kless

Title

Body
https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L16 ---------------------------------------------------------------- By default SecureRandom [1] uses 16 bytes (which has an entropy of 128 bits [2]), so: SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n") should be: SecureRandom.base64().tr('+/=', '-_ ').rstrip [1] https://api.rubyonrails.org/classes/ActiveSupport/SecureRandom.html#M001107 [2] https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt#cl-113 https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L11 ---------------------------------------------------------------- SecureRandom.hex(64) Why do use 64 bytes? It shoulds be SecureRandom.hex() which uses 16 random bytes to return them into a hexadecimal string. Use hash instead of encrypted ---------------------------------------------------------------- Another thing. I've seen that it's used 'encrypted' or 'crypted' to refer to the hashs. An hash is not a cryptographic algorithm, they are both different. Please use 'hash' to refer a SHA and any term related to crypto. to refer to AES.
or cancel

https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L16

By default SecureRandom [1] uses 16 bytes (which has an entropy of 128 bits [2]), so:

SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")

should be:

SecureRandom.base64().tr('+/=', '-_ ').rstrip

[1] https://api.rubyonrails.org/classes/ActiveSupport/SecureRandom.html#M001107

[2] https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt#cl-113

https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L11

SecureRandom.hex(64)

Why do use 64 bytes?

It shoulds be

SecureRandom.hex()

which uses 16 random bytes to return them into a hexadecimal string.

Use hash instead of encrypted

Another thing. I've seen that it's used 'encrypted' or 'crypted' to refer to the hashs. An hash is not a cryptographic algorithm, they are both different. Please use 'hash' to refer a SHA and any term related to crypto. to refer to AES.

Comments

thedarkone Thu Jul 23 10:10:35 -0700 2009 | link

Hey kless,

I wrote the code in question. Good call with rstrip instead of strip. I also kinda missed that SecureRandom already does .delete("\n"), so that is also redundant. The reason I only use 15 bytes is because I wanted to be fully compatible with the previous ad-hoc implementation that always produced 20 character tokens.

Same thing with hex_token, the original implementation returned 64 bytes (128 characters).

Comment
Hey kless, I wrote the code in question. Good call with `rstrip` instead of `strip`. I also kinda missed that `SecureRandom` already does `.delete("\n")`, so that is also redundant. The reason I only use 15 bytes is because I wanted to be fully compatible with the previous ad-hoc implementation that always produced 20 character tokens. Same thing with `hex_token`, the original implementation returned 64 bytes (128 characters).
or cancel

kless Fri Jul 24 00:27:53 -0700 2009 | link

Hi thedarkone,

thanks for contributing to this great plugin. This is the great thing respect to open software; whatever person to can check the code and make it better. In my case I know anything about security and I'm very strict respect to it.

Today it's very common (and recommended) to use an entropy of 128 bits (16 bytes) which it's used too in the initialization vectors (IV) of criptogaphic algorithms, and I'm sure that it's by that reason because SecureRandom returns 16 bytes by default.

So, at least for me, I think that the security is more important that the compatibility, and in this case I think that the change doesn't hurts.

In the next documents is explained any basic things about criptography and hashes:

https://bitbucket.org/ares/cryha/src/tip/doc/hash.txt
https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt

Greetings!

Comment
Hi thedarkone, thanks for contributing to this great plugin. This is the great thing respect to open software; whatever person to can check the code and make it better. In my case I know anything about security and *I'm very strict respect to it*. Today it's very common (and recommended) to use an entropy of 128 bits (16 bytes) which it's used too in the initialization vectors (IV) of criptogaphic algorithms, and I'm sure that it's by that reason because SecureRandom returns 16 bytes by default. So, at least for me, I think that the security is more important that the compatibility, and in this case I think that the change doesn't hurts. In the next documents is explained any basic things about criptography and hashes: https://bitbucket.org/ares/cryha/src/tip/doc/hash.txt https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt Greetings!
or cancel

Parsed with GitHub Flavored Markdown
17.

1 vote

Store bytes instead of string encoded in hexa./base64
0 comments Created about 1 month ago by kless

Title

Body
* The salt is being saved in base64 getting 22 chars but If it's stored as bytes strings it were only 16 chars. The difference is very great when you have 100K o 1M of users. * The same happens with the hashes which are being saved in hexadecimal, althought the difference is a lot of great. Digest::SHA512.hexdigest => 128 chars. instead of Digest::SHA512.digest => 64 chars.
or cancel
- The salt is being saved in base64 getting 22 chars but If it's stored as bytes strings it were only 16 chars. The difference is very great when you have 100K o 1M of users.
- The same happens with the hashes which are being saved in hexadecimal, althought the difference is a lot of great.
Digest::SHA512.hexdigest => 128 chars.

instead of

Digest::SHA512.digest => 64 chars.
Comments

Parsed with GitHub Flavored Markdown
19.

0 votes

Login authentication encounters an error running Passenger 2.1.2 and Rails 2.3.3
2 comments Created about 1 month ago by jdutil

Title

Body
I am not sure if this bug is related to authlogic not being compatible with rails 2.3.3 or not, but I encounter an undefined method 'rewind' for #<TCPSocket> error when attempting to login using authlogic. This only occurs for me when attempting to use Rails 2.3.3. Once I switch back to 2.3.2 everything works fine. Here is a backtrace: Status: 500 Internal Server Error undefined method `rewind' for #<TCPSocket:0x2536630> /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/request.rb:150:in `POST' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/methodoverride.rb:15:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/params_parser.rb:15:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/session/cookie_store.rb:93:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/reloader.rb:29:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/failsafe.rb:26:in `call' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `synchronize' /Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/dispatcher.rb:106:in `call' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/rack/request_handler.rb:65:in `process_request' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_request_handler.rb:197:in `main_loop' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:340:in `start_request_handler' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:298:in `handle_spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/utils.rb:176:in `safe_fork' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:296:in `handle_spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:149:in `start' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:192:in `start' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:260:in `spawn_rails_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:121:in `lookup_or_add' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:254:in `spawn_rails_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:75:in `synchronize' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:74:in `synchronize' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:253:in `spawn_rails_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:148:in `spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:285:in `handle_spawn_application' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously' /Library/Ruby/Gems/1.8/gems/passenger-2.1.2/bin/passenger-spawn-server:50
or cancel
I am not sure if this bug is related to authlogic not being compatible with rails 2.3.3 or not, but I encounter an undefined method 'rewind' for # error when attempting to login using authlogic. This only occurs for me when attempting to use Rails 2.3.3. Once I switch back to 2.3.2 everything works fine. Here is a backtrace:

Status: 500 Internal Server Error undefined method `rewind' for #<TCPSocket:0x2536630>
```
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/request.rb:150:in `POST'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/methodoverride.rb:15:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/params_parser.rb:15:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/session/cookie_store.rb:93:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/reloader.rb:29:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/failsafe.rb:26:in `call'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `synchronize'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/dispatcher.rb:106:in `call'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/rack/request_handler.rb:65:in `process_request'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_request_handler.rb:197:in `main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:340:in `start_request_handler'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:298:in `handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/utils.rb:176:in `safe_fork'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:296:in `handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:149:in `start'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:192:in `start'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:260:in `spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:121:in `lookup_or_add'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:254:in `spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:75:in `synchronize'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:74:in `synchronize'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:253:in `spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:148:in `spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:285:in `handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/bin/passenger-spawn-server:50
```
Comments

ariejan Thu Jul 30 07:01:59 -0700 2009 | link

You should upgrade the outdated Passenger 2.1.2 to 2.2.4 and the issue is resolved. This issue is not related to AuthLogic directly.

Comment
You should upgrade the outdated Passenger 2.1.2 to 2.2.4 and the issue is resolved. This issue is not related to AuthLogic directly.
or cancel

jdutil Sun Aug 23 11:38:54 -0700 2009 | link

Meant to close this awhile ago.. Thanks updating Passenger did the trick.

Comment
Meant to close this awhile ago.. Thanks updating Passenger did the trick.
or cancel

Parsed with GitHub Flavored Markdown
20.

0 votes

UserSession enumeration vulnerability
0 comments Created about 1 month ago by mephux

Title

Body
I can't seem to find any information in the docs on how to remove the "_ is not valid" validations on the user session fields. generalize_credentials_error_messages did not seem to return the results I was looking for. Is there a way to remove the validations completely for email/login/password and only use the validates_presence_of. Thank you.
or cancel

I can't seem to find any information in the docs on how to remove the "_ is not valid" validations on the user session fields. generalize_credentials_error_messages did not seem to return the results I was looking for. Is there a way to remove the validations completely for email/login/password and only use the validates_presence_of. Thank you.

Comments

Parsed with GitHub Flavored Markdown
21.

0 votes

close..
0 comments Created about 1 month ago by Nappy

Title

Body

or cancel

Comments

Parsed with GitHub Flavored Markdown
22.

0 votes

Authlogic "add ons" example
0 comments Created about 1 month ago by staugaard

Title

Body
It would be really great with a dead simple example showing how to create an Authlogic "add on".
or cancel

It would be really great with a dead simple example showing how to create an Authlogic "add on".

Comments

Parsed with GitHub Flavored Markdown
23.

0 votes

@Ben Johnson
x

from-lighthouse
x

|S| new
x

rails 2.3.3 problem ’ApplicationController removed from tree but still active ’
2 comments Created about 1 month ago by binarylogic

Title

Body
Hi With 2.3.3 I started to see strange ’A copy of ApplicationController has been removed from the module tree but is still active!’ errors every few requests. Switching back to 2.3.2 removed the problem. I think I was able to locate the problem somewhere within authlogic. It might have something to do with this outstanding ticket (https://rails.lighthouseapp.com/projects/8994/tickets/1339-arbase-should-not-be-nuking-its-children-just-because-it-lost-interest), but so far I haven’t seen any activity in it. The problem can be reproduced by fetching my fork of the authlogic example application: - https://github.com/retoo/authlogic_example/tree/rails233bug - cp config/database.yml{-bug-example,} (or use your own, shoudln’t matter) - rake db:migrate - start server - register a user - fetch the page right after the registration (users/show) repeatedly and fast (keep reload button pressed) - The error should occour withhin 10-30 requests, Now if you like you can switch back to 2.3.2 and repeat the test, with 2.3.2 nothing happens. Attached you can find the full backtrace. Thanks! Cheers, Reto [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/147) This ticket has 1 attachment(s).
or cancel
Hi

With 2.3.3 I started to see strange ’A copy of ApplicationController has been removed from the module tree but is still active!’ errors every few requests. Switching back to 2.3.2 removed the problem.

I think I was able to locate the problem somewhere within authlogic.

It might have something to do with this outstanding ticket (https://rails.lighthouseapp.com/projects/8994/tickets/1339-arbase-should-not-be-nuking-its-children-just-because-it-lost-interest), but so far I haven’t seen any activity in it.

The problem can be reproduced by fetching my fork of the authlogic example application:
- https://github.com/retoo/authlogic_example/tree/rails233bug
- cp config/database.yml{-bug-example,} (or use your own, shoudln’t matter)
- rake db:migrate
- start server
- register a user
- fetch the page right after the registration (users/show) repeatedly and fast (keep reload button pressed)
- The error should occour withhin 10-30 requests,
Now if you like you can switch back to 2.3.2 and repeat the test, with 2.3.2 nothing happens.

Attached you can find the full backtrace.

Thanks!

Cheers,
Reto

original LH ticket

This ticket has 1 attachment(s).
Comments
binarylogic Fri Aug 07 15:10:23 -0700 2009 | link
rails 2.3.3 problem ’ApplicationController removed from tree but still active ’

I used git bisect to locate the change within rails, and it looks like its the following change. Ben, can you judge if this is really authlogic fault or not? I think you just trigger it...

bc2c4a4 is first bad commit
commit bc2c4a4
Author: Hongli Lai (Phusion) hongli@phusion.nl">hongli@phusion.nl
Date: Mon Jul 6 14:11:28 2009 +0200

Cleanup application after #close has been called on the Rack response body, not when AC::Reload#call is done. The Rack body might lazily evaluate its output, which is for example the case if one calls ’render :text => lambda { ... }’. The code which lazily evaluates the output might use other application classes. So we will want to defer cleanup until the Rack request is completely finished. Signed-off-by: Michael Koziarski <michael@koziarski.com>

:040000 040000 da0577a a75eb4b M actionpack

by Reto
Comment
**rails 2.3.3 problem ’ApplicationController removed from tree but still active ’** I used git bisect to locate the change within rails, and it looks like its the following change. Ben, can you judge if this is really authlogic fault or not? I think you just trigger it... bc2c4a45959be21e6314fba7876b32c1f04cd08a is first bad commit commit bc2c4a45959be21e6314fba7876b32c1f04cd08a Author: Hongli Lai (Phusion) <hongli@phusion.nl> Date: Mon Jul 6 14:11:28 2009 +0200 Cleanup application after #close has been called on the Rack response body, not when AC::Reload#call is done. The Rack body might lazily evaluate its output, which is for example the case if one calls ’render :text => lambda { ... }’. The code which lazily evaluates the output might use other application classes. So we will want to defer cleanup until the Rack request is completely finished. Signed-off-by: Michael Koziarski <michael@koziarski.com> :040000 040000 da0577aae05718551970c1f4d3c6052bee64216a a75eb4b4b08fa3d5c6a25288590d4973b578d052 M actionpack by Reto
or cancel
binarylogic Fri Aug 07 15:10:25 -0700 2009 | link
rails 2.3.3 problem ’ApplicationController removed from tree but still active ’

Alright, looking for this commit id revealed the following two lighthouse tickets:

https://rails.lighthouseapp.com/projects/8994/tickets/2873-application-reloading-should-be-deferred-to-end-of-request-currently-interferes-with-render-text-lambda-streaming

https://rails.lighthouseapp.com/projects/8994/tickets/2948-exception-a-copy-of-actorscontroller-has-been-removed-from-the-module-tree-but-is-still-active

Which in turn shows to be fixed in https://github.com/rails/rails/commit/d37ac7958fc88fdbf37a8948102f6b4e45c530b3.>
Hmm, I think you can close this bug.. but I fear for me 2.3.3 is broken :(.

by Reto
Comment
**rails 2.3.3 problem ’ApplicationController removed from tree but still active ’** Alright, looking for this commit id revealed the following two lighthouse tickets: - https://rails.lighthouseapp.com/projects/8994/tickets/2873-application-reloading-should-be-deferred-to-end-of-request-currently-interferes-with-render-text-lambda-streaming - https://rails.lighthouseapp.com/projects/8994/tickets/2948-exception-a-copy-of-actorscontroller-has-been-removed-from-the-module-tree-but-is-still-active Which in turn shows to be fixed in https://github.com/rails/rails/commit/d37ac7958fc88fdbf37a8948102f6b4e45c530b3. Hmm, I think you can close this bug.. but I fear for me 2.3.3 is broken :(. by Reto
or cancel
Parsed with GitHub Flavored Markdown
24.

0 votes

@Ben Johnson
x

errors
x

from-lighthouse
x

validation
x

|S| new
x

custom validation
1 comment Created about 1 month ago by binarylogic

Title

Body
My User class has a boolean field named "enabled". I’d like to prevent the login if that field is set to false. I found here an example code: https://rdoc.info/rdoc/binarylogic/authlogic/blob/72992b9effaea12f109465fc904fa5431538775a/Authlogic/Session/Validation/Errors.html class UserSession validate :check_if_awesome private def check_if_awesome errors.add(:login, "must contain awesome") if login && !login.include?("awesome") errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome? end end that I’ve adapted into this: class UserSession < Authlogic::Session::Base validate :check_if_user_enabled private def check_if_user_enabled debugger # User.find_by_login(object.login).enabled end end so, why does UserSession doesn’t inherit from Authlogic::Session::Base ? Moreover, using the debugger I can’t see the "errors" object, I can only access to it by "object.errors". so, if I’m not doing anything wrong, the problem in this ticket should only be about syncing this to the documentation. Maurizio De Magnis [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/146) This ticket has 0 attachment(s).
or cancel
My User class has a boolean field named "enabled". I’d like to prevent the login if that field is set to false. I found here an example code:
https://rdoc.info/rdoc/binarylogic/authlogic/blob/72992b9effaea12f109465fc904fa5431538775a/Authlogic/Session/Validation/Errors.html

class UserSession
```
validate :check_if_awesome
private
  def check_if_awesome
    errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
    errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
  end
```
end

that I’ve adapted into this:

class UserSession < Authlogic::Session::Base
```
validate :check_if_user_enabled
private
    def check_if_user_enabled
        debugger
#        User.find_by_login(object.login).enabled
    end
```
end

so, why does UserSession doesn’t inherit from Authlogic::Session::Base ?
Moreover, using the debugger I can’t see the "errors" object, I can only access to it by "object.errors".

so, if I’m not doing anything wrong, the problem in this ticket should only be about syncing this to the documentation.

Maurizio De Magnis

original LH ticket

This ticket has 0 attachment(s).
Comments

binarylogic Fri Aug 07 15:10:57 -0700 2009 | link

custom validation

Shame on me, it seems that only in the debugger context "errors" and the other fields are accessible through "object"..

by maurizio.demagnis (at gmail)

Comment
**custom validation** Shame on me, it seems that only in the debugger context "errors" and the other fields are accessible through "object".. by maurizio.demagnis (at gmail)
or cancel

Parsed with GitHub Flavored Markdown
25.

0 votes

@Ben Johnson
x

from-lighthouse
x

|S| new
x

Using Multiple Databases with authlogic - Authlogic Switches to using Alternative DB
0 comments Created about 1 month ago by binarylogic

Title

Body
I have a fairly generic setup of Authlogic using all defaults against a User table in my primary DB. I have a 2nd separate database setup in my database.yml/models ala something like.. In database.yml ... a second_db entry In an example model... class ModelInOtherDB < ActiveRecord::Base establish_connection :second_db ... end Whenever I use this MonelInOtherDB .. it works but when I reload the authlogic tries hitting the 2nd database not the primary DB with the User in it and faults with a ... Could not find table ’user’ error Authlogic(2.1.1) Ruby version 1.9.1 (i386-darwin9.6.0) RubyGems version 1.3.3 [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/145) This ticket has 0 attachment(s).
or cancel

I have a fairly generic setup of Authlogic using all defaults against a User table in my primary DB.

I have a 2nd separate database setup in my database.yml/models ala something like..

In database.yml ... a second_db entry

In an example model...
class ModelInOtherDB < ActiveRecord::Base
establish_connection :second_db ... end

Whenever I use this MonelInOtherDB .. it works but when I reload the authlogic tries hitting the 2nd database not the primary DB with the User in it and faults with a ...

Could not find table ’user’ error

Authlogic(2.1.1)
Ruby version 1.9.1 (i386-darwin9.6.0)
RubyGems version 1.3.3

original LH ticket

This ticket has 0 attachment(s).

Comments

Parsed with GitHub Flavored Markdown
26.

0 votes

@Ben Johnson
x

cookies
x

from-lighthouse
x

session
x

|S| open
x

:remember_me option not saving with UserSession.new
8 comments Created about 1 month ago by binarylogic

Title

Body
## View ## @@@ - if current_user %p= "Signed in as " << current_user.email << "!" %p= current_user_session.remember_me? - else %h1 Login %p - form_for :login_info, :url => login_path do |f| = f.label :email = f.text_field :email = f.label :password = f.password_field :password = f.submit "Submit" = f.check_box :remember_me = f.label :remember_me @@@ ## Controller ## @@@ class UserSessionsController < ApplicationController before_filter :require_no_user, :only => :create before_filter :require_user, :only => :destroy def create user_session = UserSession.new(params[:login_info]) if user_session.save flash[:notice] = "Logged in!" redirect_to home_path else flash[:error] = "Error: Login unsuccessful!" redirect_to home_path end end def destroy current_user_session.destroy flash[:notice] = "Logged out!" redirect_to home_path end end @@@ ## Problem ## Now when I login with the option ’Remember me?’ checked, Rails passes: @@@ Processing UserSessionsController#create (for 127.0.0.1 at 2009-07-11 03:39:15) [POST] Parameters: {"commit"=>"Submit", "action"=>"create", "controller"=>"user_sessions", "login_info"=>{"password"=>"[FILTERED]", "remember_me"=>"1", "email"=>"c00lryguy@gmail.com"}} @@@ But the View displays: @@@ Signed in as c00lryguy@gmail.com! false @@@ No matter how hard I try I can’t get the current_user_session to remember the remember_me option. [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/138) This ticket has 0 attachment(s).
or cancel
View

@@@ - if current_user %p= "Signed in as " << current_user.email << "!" %p= current_user_session.remember_me? - else %h1 Login %p
```
- form_for :login_info, :url => login_path do |f|
  = f.label :email
  = f.text_field :email
  = f.label :password
  = f.password_field :password
  = f.submit "Submit"
  = f.check_box :remember_me
  = f.label :remember_me
```
@@@

Controller

@@@ class UserSessionsController < ApplicationController
before_filter :require_no_user, :only => :create before_filter :require_user, :only => :destroy

def create
```
user_session = UserSession.new(params[:login_info])
if user_session.save
  flash[:notice] = "Logged in!"
  redirect_to home_path
else
  flash[:error] = "Error: Login unsuccessful!"
  redirect_to home_path
end
```
end

def destroy
```
current_user_session.destroy
flash[:notice] = "Logged out!"
redirect_to home_path
```
end end
@@@

Problem

Now when I login with the option ’Remember me?’ checked, Rails passes:
@@@ Processing UserSessionsController#create (for 127.0.0.1 at 2009-07-11 03:39:15) [POST]
Parameters: {"commit"=>"Submit", "action"=>"create", "controller"=>"user_sessions", "login_info"=>{"password"=>"[FILTERED]", "remember_me"=>"1", "email"=>"c00lryguy@gmail.com"}} @@@

But the View displays:
@@@ Signed in as c00lryguy@gmail.com!
false
@@@

No matter how hard I try I can’t get the current_user_session to remember the remember_me option.

original LH ticket

This ticket has 0 attachment(s).
Comments
binarylogic Fri Aug 07 15:11:46 -0700 2009 | link

:remember_me option not saving with UserSession.new

That’s strange. The remember_me feature uses a cookie. Are you sure that cookies are properly being created? Try doing a simple test where you expire a cookie in the future, close your browser, and see if you can still retrieve that cookie. I can’t tell you how many times people have an issue with authlogic when their cookies aren’t working properly.

I’m using the remember_me function on a number of sites I manage and all are working great.

Hope this helps.

by Ben Johnson

Comment
**:remember_me option not saving with UserSession.new** That’s strange. The remember_me feature uses a cookie. Are you sure that cookies are properly being created? Try doing a simple test where you expire a cookie in the future, close your browser, and see if you can still retrieve that cookie. I can’t tell you how many times people have an issue with authlogic when their cookies aren’t working properly. I’m using the remember_me function on a number of sites I manage and all are working great. Hope this helps. by Ben Johnson
or cancel

binarylogic Fri Aug 07 15:11:55 -0700 2009 | link

:remember_me option not saving with UserSession.new

While logged with with the Remember me? option checked, I viewed my cookies in Firefox and there’s nothing no ’remember_me’ cookie. I see no reason why it wouldn’t create the ’remember_me’ cookie since it also creates session and user_credentials cookies.

by c00lryguy

Comment
**:remember_me option not saving with UserSession.new** While logged with with the Remember me? option checked, I viewed my cookies in Firefox and there’s nothing no ’remember_me’ cookie. I see no reason why it wouldn’t create the ’remember_me’ cookie since it also creates session and user_credentials cookies. by c00lryguy
or cancel

binarylogic Fri Aug 07 15:11:58 -0700 2009 | link

:remember_me option not saving with UserSession.new

Do you have some sort of example app using the remember_me option?

by c00lryguy

Comment
**:remember_me option not saving with UserSession.new** Do you have some sort of example app using the remember_me option? by c00lryguy
or cancel
binarylogic Fri Aug 07 15:12:00 -0700 2009 | link
:remember_me option not saving with UserSession.new

I’m having the same problem here but I can get the remember_me to be true on the current_user_session.

I don’t have any remeber_me cookie created either.... will keep work on it...

Thanks

by Philippe René
Comment
**:remember_me option not saving with UserSession.new** I’m having the same problem here but I can get the remember_me to be true on the current_user_session. I don’t have any remeber_me cookie created either.... will keep work on it... Thanks by Philippe René
or cancel
binarylogic Fri Aug 07 15:12:04 -0700 2009 | link

:remember_me option not saving with UserSession.new

I have a related problem that is puzzling me.

I decided to keep things simple and have every session ’remembered’. I added a line to my UserSession model:

class UserSession < Authlogic::Session::Base
remember_me true end

This works great in development, but doesn’t seem to work in production. I see the cookie, but it is set to expire at the end of the browser session.

Any thoughts??

Thanks

by Phil McT

Comment
**:remember_me option not saving with UserSession.new** I have a related problem that is puzzling me. I decided to keep things simple and have every session ’remembered’. I added a line to my UserSession model: class UserSession < Authlogic::Session::Base remember_me true end This works great in development, but doesn’t seem to work in production. I see the cookie, but it is set to expire at the end of the browser session. Any thoughts?? Thanks by Phil McT
or cancel

binarylogic Fri Aug 07 15:12:06 -0700 2009 | link

:remember_me option not saving with UserSession.new

Sorry, the code snipped there is:

@@@ class UserSession < Authlogic::Session::Base remember_me true end @@@

by Phil McT

Comment
**:remember_me option not saving with UserSession.new** Sorry, the code snipped there is: @@@ class UserSession < Authlogic::Session::Base remember_me true end @@@ by Phil McT
or cancel

binarylogic Fri Aug 07 15:12:10 -0700 2009 | link

:remember_me option not saving with UserSession.new

Oh for an post edit feature!!

Last try:

@@@ class UserSession < Authlogic::Session::Base remember_me true end
@@@

by Phil McT

Comment
**:remember_me option not saving with UserSession.new** Oh for an post edit feature!! Last try: @@@ class UserSession < Authlogic::Session::Base remember_me true end @@@ by Phil McT
or cancel

binarylogic Fri Aug 07 15:12:14 -0700 2009 | link

:remember_me option not saving with UserSession.new

I messed around for a bit. Looks like unpacking the gem fixed the problem. My host has authlogic installed, looks like the same version, so I don’t know exactly what happened. But it’s working for me now.

Thanks for the plugin, cool stuff.

by Phil McT

Comment
**:remember_me option not saving with UserSession.new** I messed around for a bit. Looks like unpacking the gem fixed the problem. My host has authlogic installed, looks like the same version, so I don’t know exactly what happened. But it’s working for me now. Thanks for the plugin, cool stuff. by Phil McT
or cancel

Parsed with GitHub Flavored Markdown
27.

0 votes

from-lighthouse
x

|S| new
x

Authlogic_openid fails with URL that doesn’t lead to an OpenID aware server
1 comment Created about 1 month ago by binarylogic

Title

Body
I’m using authlogic_openid version 1.0.4 because of problems with the current version of authlogic_openid. The error exists in the demo at https://authlogicexample.binarylogic.com/ as well. Visit the demo. Enter https://google.com (or some other non-OpenID aware URL). The problem is that the save block never gets yielded to. Here is the Mongrel output from my development environment: [OPENID] No usable OpenID services were found for "https://google.com/" A similar problem exists when a URL to a non-existing server is entered: [OPENID] Failed to fetch identity URL https://b.com/ : Error fetching https://b.com/: getaddrinfo: Name or service not known Best, Daniel [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/143) This ticket has 0 attachment(s).
or cancel

I’m using authlogic_openid version 1.0.4 because of problems with the current version of authlogic_openid. The error exists in the demo at https://authlogicexample.binarylogic.com/ as well.

Visit the demo. Enter https://google.com (or some other non-OpenID aware URL).

The problem is that the save block never gets yielded to. Here is the Mongrel output from my development environment:
[OPENID] No usable OpenID services were found for "https://google.com/"

A similar problem exists when a URL to a non-existing server is entered:
[OPENID] Failed to fetch identity URL https://b.com/ : Error fetching https://b.com/: getaddrinfo: Name or service not known

Best,

Daniel

original LH ticket

This ticket has 0 attachment(s).

Comments

binarylogic Fri Aug 07 15:12:39 -0700 2009 | link

Authlogic_openid fails with URL that doesn’t lead to an OpenID aware server

I have similar bug.

by petRUShka

Comment
**Authlogic_openid fails with URL that doesn’t lead to an OpenID aware server** I have similar bug. by petRUShka
or cancel

Parsed with GitHub Flavored Markdown
28.

2 votes

@Ben Johnson
x

from-lighthouse
x

http_basic_authentication
x

|S| new
x

HTTP Basic Authentication not working.
1 comment Created about 1 month ago by binarylogic

Title

Body
HTTP Basic authentication works when going through curl, but not when using a browser (safari or firefox). In firefox, the attached dialog shows up. This happens in all of my projects using authlogic and the authlogic_example application from github. It’s the same whether I use mongrel or passenger. [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/144) This ticket has 2 attachment(s).
or cancel

HTTP Basic authentication works when going through curl, but not when using a browser (safari or firefox). In firefox, the attached dialog shows up. This happens in all of my projects using authlogic and the authlogic_example application from github. It’s the same whether I use mongrel or passenger.

original LH ticket

This ticket has 2 attachment(s).

Comments

voke Sat Sep 05 04:38:25 -0700 2009 | link

It's because when you doing the request using curl, curl is sending the username and password in the request headers and not in the url. To make it work in the browser you also have to send it in the headers like "Authorization: Basic Z3VzdGF2OmZvb2Jhcg==" where the username and password is Base64 encoded.

Comment
It's because when you doing the request using curl, curl is sending the username and password in the request headers and not in the url. To make it work in the browser you also have to send it in the headers like "Authorization: Basic Z3VzdGF2OmZvb2Jhcg==" where the username and password is Base64 encoded.
or cancel

Parsed with GitHub Flavored Markdown
29.

0 votes

@Ben Johnson
x

from-lighthouse
x

|S| open
x

I18n locale changes work for AR but not AL
2 comments Created about 1 month ago by binarylogic

Title

Body
I added a translations file for AuthLogic to my rails app. This correctly resulted in error messages for users being translated into the default locale. However, when I change the locale in a before filter, AuthLogic keeps returning error messages in the default locale while AR starts providing validation errors in the current locale. It seems like the call to I18n translate (t) is being made only once with the default locale when the AuthLogic gem is loaded. [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/134) This ticket has 0 attachment(s).
or cancel

I added a translations file for AuthLogic to my rails app. This correctly resulted in error messages for users being translated into the default locale. However, when I change the locale in a before filter, AuthLogic keeps returning error messages in the default locale while AR starts providing validation errors in the current locale. It seems like the call to I18n translate (t) is being made only once with the default locale when the AuthLogic gem is loaded.

original LH ticket

This ticket has 0 attachment(s).

Comments

binarylogic Fri Aug 07 15:13:17 -0700 2009 | link

I18n locale changes work for AR but not AL

I see what you are saying. This should only be an issue for configuration items. What I’ll do instead is store the key and have authlogic process this upon request.

by Ben Johnson

Comment
**I18n locale changes work for AR but not AL** I see what you are saying. This should only be an issue for configuration items. What I’ll do instead is store the key and have authlogic process this upon request. by Ben Johnson
or cancel

binarylogic Fri Aug 07 15:13:20 -0700 2009 | link

I18n locale changes work for AR but not AL

Could you give an update on the status of this bug? I’m having similar problems.

by Tom-Eric

Comment
**I18n locale changes work for AR but not AL** Could you give an update on the status of this bug? I’m having similar problems. by Tom-Eric
or cancel

Parsed with GitHub Flavored Markdown
30.

0 votes

@Ben Johnson
x

authlogici18n
x

documentation
x

from-lighthouse
x

i18n
x

rdoc
x

|S| new
x

Inaccurate RDOC for Internationalization functionality
0 comments Created about 1 month ago by binarylogic

Title

Body
Hey there. Ran into a couple of problems customising the error messages that Authlogic raises using the I18n functionality, stemming from a couple of inaccuracies in your RDOC. Firstly, this example (from https://rdoc.info/rdoc/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/Authlogic/I18n.html): *** START CODE *** module MyAuthlogicI18nAdapter def t(key, options = {}) # you will have key which will be something like: "error_messages.password_invalid" # you will also have options[:default], which will be the default english version of the message # do whatever you want here with the arguments passed to you. end end Authlogic::I18n.extend MyAuthlogicI18nAdapter *** END CODE *** ..contains a subtle misunderstanding of how Object#extend works, and of Ruby’s OO semantics in general. In a nutshell, extend places the module with which your object is being extended in the inheritance tree above it, rather than overriding the methods on the object itself (The object in this place being the Authlogic::I18n singleton class). In practical terms, this means that if your object already has a method of the same name as one defined by the module (as is true in this case - Authlogic::I18n defines its own self.t method), the object’s own implementation will still be called, as it is lower down in the inheritance tree than that in the module with which it is being extended. However, this is pretty much a moot point, as, looking at the source in i18n.rb - the built-in Authlogic::I18n.t attempts to call the t method on a top-level class called I18n, so a simpler method of overriding auth messages is simply to define that top-level I18n class itself, with a t method (no need for that extend). As a further improvement, i might suggest making this top-level classname configurable, as I18n seems pretty generic and potentially prone to namespace clashes. However, if the documentation for this feature could be updated to correct this, that’d be great. Cheers! Tim [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/142) This ticket has 0 attachment(s).
or cancel
Hey there.

Ran into a couple of problems customising the error messages that Authlogic raises using the I18n functionality, stemming from a couple of inaccuracies in your RDOC.

Firstly, this example (from https://rdoc.info/rdoc/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/Authlogic/I18n.html):>
START CODE
module MyAuthlogicI18nAdapter

def t(key, options = {})
```
# you will have key which will be something like: "error_messages.password_invalid"
# you will also have options[:default], which will be the default english version of the message
# do whatever you want here with the arguments passed to you.
```
end

end

Authlogic::I18n.extend MyAuthlogicI18nAdapter

END CODE

..contains a subtle misunderstanding of how Object#extend works, and of Ruby’s OO semantics in general. In a nutshell, extend places the module with which your object is being extended in the inheritance tree above it, rather than overriding the methods on the object itself (The object in this place being the Authlogic::I18n singleton class). In practical terms, this means that if your object already has a method of the same name as one defined by the module (as is true in this case - Authlogic::I18n defines its own self.t method), the object’s own implementation will still be called, as it is lower down in the inheritance tree than that in the module with which it is being extended.

However, this is pretty much a moot point, as, looking at the source in i18n.rb - the built-in Authlogic::I18n.t attempts to call the t method on a top-level class called I18n, so a simpler method of overriding auth messages is simply to define that top-level I18n class itself, with a t method (no need for that extend). As a further improvement, i might suggest making this top-level classname configurable, as I18n seems pretty generic and potentially prone to namespace clashes. However, if the documentation for this feature could be updated to correct this, that’d be great.

Cheers!

Tim
original LH ticket

This ticket has 0 attachment(s).
Comments

Parsed with GitHub Flavored Markdown
31.

0 votes

@Ben Johnson
x

from-lighthouse
x

i18n
x

|S| new
x

some i18n keys missing?
1 comment Created about 1 month ago by binarylogic

Title

Body
Hello, I think there still are some keys missing. I can’t translate during validation : model names : user_session user attributes : all the attributes for user The rest is working just fine. I’m using the latest gem. [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/139) This ticket has 0 attachment(s).
or cancel
Hello, I think there still are some keys missing.

I can’t translate during validation :

model names :

user_session user

attributes :

all the attributes for user

The rest is working just fine.

I’m using the latest gem.

original LH ticket

This ticket has 0 attachment(s).

Comments
binarylogic Fri Aug 07 15:14:10 -0700 2009 | link
some i18n keys missing?

My locale file looks like this :
@@@ fr:
authlogic:

error_messages: login_blank: ne peut être vide login_not_found: n’existe pas login_invalid: ne doit utiliser que des lettres, des chiffres, des espaces et .-_@ consecutive_failed_logins_limit_exceeded: Trop d’échecs d’authentification consécutifs, le compte est désactivé. email_invalid: "doit ressembler à une adresse email. Ex : votre-nom@lefigaro.fr" password_blank: ne peut être vide password_invalid: n’est pas valide not_active: Votre compte n’est pas actif not_confirmed: Votre compte n’est pas validé not_approved: Votre compte n’est pas approuvé no_authentication_details: Vous n’avez fourni aucune information permettant votre authentification models: user_session: UserSession user: User attributes: user_session: username: le nom d’utilisateur login: le nom d’utilisateur email: l’email password: le mot de passe remember_me: "se souvenir de moi" user: username: le nom d’utilisateur email: "l’email" password: le mot de passe

@@@

My two AuthLogic related models are :

UserSession & User

by Benoit B.
Comment
**some i18n keys missing?** My locale file looks like this : @@@ fr: authlogic: error_messages: login_blank: ne peut être vide login_not_found: n’existe pas login_invalid: ne doit utiliser que des lettres, des chiffres, des espaces et .-_@ consecutive_failed_logins_limit_exceeded: Trop d’échecs d’authentification consécutifs, le compte est désactivé. email_invalid: "doit ressembler à une adresse email. Ex : votre-nom@lefigaro.fr" password_blank: ne peut être vide password_invalid: n’est pas valide not_active: Votre compte n’est pas actif not_confirmed: Votre compte n’est pas validé not_approved: Votre compte n’est pas approuvé no_authentication_details: Vous n’avez fourni aucune information permettant votre authentification models: user_session: UserSession user: User attributes: user_session: username: le nom d’utilisateur login: le nom d’utilisateur email: l’email password: le mot de passe remember_me: "se souvenir de moi" user: username: le nom d’utilisateur email: "l’email" password: le mot de passe @@@ My two AuthLogic related models are : UserSession & User by Benoit B.
or cancel
Parsed with GitHub Flavored Markdown
32.

1 vote

@Ben Johnson
x

authlogic
x

from-lighthouse
x

sti
x

|S| open
x

Using authlogic with STI User models
5 comments Created about 1 month ago by binarylogic

Title

Body
Using authlogic with models that extend the User class (using Single Table Inheritance) seems to break things since you end up with nil objects for @current_user in your controllers @@@ ruby class User < ActiveRecord::Base acts_as_authentic end class NormalUser < User;end class SpecialUser < User;end @@@ Is it possible to use authlogic with STI? [original LH ticket](https://binarylogic.lighthouseapp.com/projects/18752/tickets/126) This ticket has 0 attachment(s).
or cancel
Using authlogic with models that extend the User class (using Single Table Inheritance)
seems to break things since you end up with nil objects for @current_user in your controllers

@@@ ruby class User < ActiveRecord::Base
```
 acts_as_authentic
```
end
class NormalUser < User;end
class SpecialUser < User;end
@@@

Is it possible to use authlogic with STI?

original LH ticket

This ticket has 0 attachment(s).
Comments
binarylogic Fri Aug 07 15:14:29 -0700 2009 | link

Using authlogic with STI User models

I’m not sure, but I dont think it would be difficult to support. What are the specific errors?

by Ben Johnson

Comment
**Using authlogic with STI User models** I’m not sure, but I dont think it would be difficult to support. What are the specific errors? by Ben Johnson
or cancel
binarylogic Fri Aug 07 15:14:32 -0700 2009 | link
Using authlogic with STI User models

I’m using authlogic with STI right now and everything seems to work fine under development, but when I run it in production mode and attempt to update a model, this is what I get:

NoMethodError (undefined method `=’ for #<Patient:0xb34032c>): authlogic (2.1.1) [v] lib/authlogic/acts_as_authentic/password.rb:229:in `send’ authlogic (2.1.1) [v] lib/authlogic/acts_as_authentic/password.rb:229:in `password=’

Here’s the current setup for the models:

class User < ActiveRecord::Base acts_as_authentic end class Patient < User;end class Doctor < User;end

I looked at the password method, but I’m not sure what is happening or what to look for, is authlogic actually passing the whole model to the password method. Any help would be much appreciated.

Thanks!
- Vann

by Vann
Comment
**Using authlogic with STI User models** I’m using authlogic with STI right now and everything seems to work fine under development, but when I run it in production mode and attempt to update a model, this is what I get: NoMethodError (undefined method `=’ for #<Patient:0xb34032c>): authlogic (2.1.1) [v] lib/authlogic/acts_as_authentic/password.rb:229:in `send’ authlogic (2.1.1) [v] lib/authlogic/acts_as_authentic/password.rb:229:in `password=’ Here’s the current setup for the models: class User < ActiveRecord::Base acts_as_authentic end class Patient < User;end class Doctor < User;end I looked at the password method, but I’m not sure what is happening or what to look for, is authlogic actually passing the whole model to the password method. Any help would be much appreciated. Thanks! - Vann by Vann
or cancel
binarylogic Fri Aug 07 15:14:39 -0700 2009 | link

Using authlogic with STI User models

It looks like:

Patient.crypted_password_field

Is returning nil. What does Patient.column_names return for you?

by Ben Johnson

Comment
**Using authlogic with STI User models** It looks like: Patient.crypted_password_field Is returning nil. What does Patient.column_names return for you? by Ben Johnson
or cancel
binarylogic Fri Aug 07 15:14:44 -0700 2009 | link
Using authlogic with STI User models

Here’s what it returns:

>> Patient.column_names

Patient Columns (3.2ms) SHOW FIELDS FROM `users` => ["id", "login", "name", "email", "crypted_password", "salt", "created_at", "updated_at", "remember_token", "remember_token_expires_at", "first_name", "last_name", "ssn", "address", "city", "state", "zip", "drivers_license", "home_phone", "cell_phone", "fax", "employer", "insurance_co", "insurance_type", "insurance_id", "allergies", "medications", "operations", "chronic_conditions", "family_history", "immunizations", "visits_count", "appointments_count", "login_count", "getting_started", "type"]

by Vann
Comment
**Using authlogic with STI User models** Here’s what it returns: >> Patient.column_names Patient Columns (3.2ms) SHOW FIELDS FROM `users` => ["id", "login", "name", "email", "crypted_password", "salt", "created_at", "updated_at", "remember_token", "remember_token_expires_at", "first_name", "last_name", "ssn", "address", "city", "state", "zip", "drivers_license", "home_phone", "cell_phone", "fax", "employer", "insurance_co", "insurance_type", "insurance_id", "allergies", "medications", "operations", "chronic_conditions", "family_history", "immunizations", "visits_count", "appointments_count", "login_count", "getting_started", "type"] by Vann
or cancel
grimen Wed Aug 19 15:31:20 -0700 2009 | link

I was about to use STI user models too, but don't really looking for trouble right now. What's the status on this? 8)

Comment
I was about to use STI user models too, but don't really looking for trouble right now. What's the status on this? 8)
or cancel

Parsed with GitHub Flavored Markdown
33.

0 votes

Login field validation
0 comments Created about 1 month ago by wulffeld

Title

Body
The regex in regex.rb for the login field currently is: /\A\w[\w\.+\-_@ ]+\z/ This requires the login field to be a minimum of two characters. Shouldn't the first \w be removed or the + be changed to a *? I figure it makes most sense to remove the \w.
or cancel

The regex in regex.rb for the login field currently is:

/\A\w[\w.+-_@ ]+\z/

This requires the login field to be a minimum of two characters. Shouldn't the first \w be removed or the + be changed to a *? I figure it makes most sense to remove the \w.

Comments

Parsed with GitHub Flavored Markdown
35.

0 votes

HTTP Basic Auth Fails if "logout_on_timeout true"
0 comments Created 26 days ago by jnimety

Title

Body
If I enable logout_on_timeout and try to use HTTP Basic Auth then Authlogic will not validate the session (JosUserSession.find.record returns nil) User and UserSession models below. I'm using the the ApplicationController methods as shown in the tutorials. class UserSession < Authlogic::Session::Base login_field :username verify_password_method :valid_credentials? logout_on_timeout true allow_http_basic_auth true end class User < ActiveRecord::Base acts_as_authentic do |c| c.validate_password_field = false c.login_field = :username c.logged_in_timeout = 30.minutes end def valid_credentials?(password_plaintext) valid_jos_user_credentials?(password_plaintext) end def valid_jos_user_credentials?(password_plaintext) salt = password.split(':')[1] encrypted = Digest::MD5.hexdigest("#{password_plaintext}#{salt}") password.eql? "#{encrypted}:#{salt}" end end
or cancel
If I enable logout_on_timeout and try to use HTTP Basic Auth then Authlogic will not validate the session (JosUserSession.find.record returns nil)

User and UserSession models below. I'm using the the ApplicationController methods as shown in the tutorials.
```
class UserSession < Authlogic::Session::Base
  login_field :username
  verify_password_method :valid_credentials?
  logout_on_timeout true
  allow_http_basic_auth true
end 
class User < ActiveRecord::Base
  acts_as_authentic do |c| 
    c.validate_password_field = false
    c.login_field = :username
    c.logged_in_timeout = 30.minutes
  end 
  def valid_credentials?(password_plaintext)
    valid_jos_user_credentials?(password_plaintext)
  end 
  def valid_jos_user_credentials?(password_plaintext)
    salt = password.split(':')[1]
    encrypted = Digest::MD5.hexdigest("#{password_plaintext}#{salt}")
    password.eql? "#{encrypted}:#{salt}"
  end 
end 
```
Comments

Parsed with GitHub Flavored Markdown
37.

0 votes

Auth works on console, but not through a web interface - I change a user's password through the console, then reload that user and the valid_password? returns false for the new password.
0 comments Created 25 days ago by jgoodsen

Title

Body
I change a user's password through the console, then reload that user and the valid_password? returns false for the new password. Any ideas where to look from here before I end up deep into the authlogic code? Here's a console dump: ?> u.password = "foobar" => "foobar" >> u.password_confirmation = "foobar" => "foobar" >> u.save! => true >> u.reload => #<User id: 6, login: "jgoodsen", name: "John Goodsen", email: "jgoodsen@radsoft.com", crypted_password: "359a452e8e91642bfcd20141fb405c9412ef3481", salt: "AZJQAz8QBgtKVfBpuPq9", created_at: "2009-05-11 19:15:39", updated_at: "2009-08-23 00:47:58", remember_token: nil, remember_token_expires_at: nil, activation_code: nil, activated_at: "2009-05-11 19:15:40", admin: true, persistence_token: "ab5f1db3eb8e83bdcf6491414f58e2116022c783cb727538d92...", perishable_token: "nYxQrm_0hOmMirPmpTR5", login_count: 9, failed_login_count: 2, current_login_at: "2009-08-23 00:32:49", current_login_ip: nil, last_login_at: "2009-08-23 00:31:35", last_login_ip: nil> >> u.valid_password?("foobar") => false >>
or cancel

I change a user's password through the console, then reload that user and the valid_password? returns false for the new password.

Any ideas where to look from here before I end up deep into the authlogic code?

Here's a console dump:

?> u.password = "foobar" => "foobar"

u.password_confirmation = "foobar" => "foobar" u.save! => true u.reload => # u.valid_password?("foobar") => false

Comments

Parsed with GitHub Flavored Markdown
38.

0 votes

Merge validation options to all validations
1 comment Created 21 days ago by ryanb

Title

Body
Is there an easy way to merge validation options for all validations? I would like to disable validations when a user is registered as a guest and currently have to do this. <pre> acts_as_authentic do |c| c.merge_validates_confirmation_of_password_field_options :unless => :guest? c.merge_validates_length_of_password_field_options :unless => :guest? c.merge_validates_length_of_password_confirmation_field_options :unless => :guest? c.merge_validates_length_of_login_field_options :unless => :guest c.merge_validates_format_of_login_field_options :unless => :guest c.merge_validates_uniqueness_of_login_field_options :unless => :guest c.merge_validates_format_of_email_field_options :unless => :guest c.merge_validates_length_of_email_field_options :unless => :guest c.merge_validates_uniqueness_of_email_field_options :unless => :guest end </pre> It would be nice if there was one `merge_validation_options` config method which merged all of them. Or is there a better way to do this?
or cancel
Is there an easy way to merge validation options for all validations? I would like to disable validations when a user is registered as a guest and currently have to do this.
```
acts_as_authentic do |c|
  c.merge_validates_confirmation_of_password_field_options :unless => :guest?
  c.merge_validates_length_of_password_field_options :unless => :guest?
  c.merge_validates_length_of_password_confirmation_field_options :unless => :guest?
  c.merge_validates_length_of_login_field_options :unless => :guest
  c.merge_validates_format_of_login_field_options :unless => :guest
  c.merge_validates_uniqueness_of_login_field_options :unless => :guest
  c.merge_validates_format_of_email_field_options :unless => :guest
  c.merge_validates_length_of_email_field_options :unless => :guest
  c.merge_validates_uniqueness_of_email_field_options :unless => :guest
end
```
It would be nice if there was one merge_validation_options config method which merged all of them. Or is there a better way to do this?
Comments

binarylogic Thu Aug 27 22:55:32 -0700 2009 | link

Hey Ryan, there was in v1, but I decided to kind of start with a clean slate with v2. I've yet to come up with a nice way to hook into authlogic's validations and easily change the options. This, in my opinion, is the part of authlogic that I do not like. I think the names are way too long. Also, because of this, I made authlogic configurable with a block instead of a hash. I felt this gave you more freedom to elegantly do the things like you are doing above. Ex: loop through options and set them, merge hashes, etc.

Anyways, to answer your question, there isn't anything currently built into authlogic to do this. I planned to do some clean up with authlogic in the next few weeks. Part of that cleanup was going to be this, as well as looking at a way to integrate with DataMapper. That also effect how validations are configured since both AR and DataMapper accept different options.

Comment
Hey Ryan, there was in v1, but I decided to kind of start with a clean slate with v2. I've yet to come up with a nice way to hook into authlogic's validations and easily change the options. This, in my opinion, is the part of authlogic that I do not like. I think the names are way too long. Also, because of this, I made authlogic configurable with a block instead of a hash. I felt this gave you more freedom to elegantly do the things like you are doing above. Ex: loop through options and set them, merge hashes, etc. Anyways, to answer your question, there isn't anything currently built into authlogic to do this. I planned to do some clean up with authlogic in the next few weeks. Part of that cleanup was going to be this, as well as looking at a way to integrate with DataMapper. That also effect how validations are configured since both AR and DataMapper accept different options.
or cancel

Parsed with GitHub Flavored Markdown
39.

0 votes

how do I add email?
0 comments Created 18 days ago by heckubiss

Title

Body
to add email field do i just modify create_users.rb file and then run migration.Or are there other steps? sorry I am a complete newbie
or cancel

to add email field do i just modify create_users.rb file and then run migration.Or are there other steps?
sorry I am a complete newbie

Comments

Parsed with GitHub Flavored Markdown
40.

1 vote

#<AccountSession: no credentials provided> adds errors to the form on :new action
2 comments Created 12 days ago by gavinhughes

Title

Body
Creating a new instance automatically loads errors into @base and populates those errors on my sign in form: (rdb:1) @account_session = AccountSession.new #<AccountSession: no credentials provided> (rdb:1) @account_session.errors #<Authlogic::Session::Validation::Errors:0x213cc78 @errors={}, @base=#<AccountSession: no credentials provided>> Is this correct behavior or am I missing something? Gavin
or cancel

Creating a new instance automatically loads errors into @base and populates those errors on my sign in form:

(rdb:1) @account_session = AccountSession.new

<AccountSession: no credentials provided>

(rdb:1) @account_session.errors

<Authlogic::Session::Validation::Errors:0x213cc78 @errors={}, @base=#<AccountSession: no credentials provided>>

Is this correct behavior or am I missing something?

Gavin

Comments

NebJ Sat Sep 05 16:49:32 -0700 2009 | link

You should do something like that:
@account_session = AccountSession.new(:username => 'my_username', :password => 'password')

Comment
You should do something like that: @account_session = AccountSession.new(:username => 'my_username', :password => 'password')
or cancel

gavinhughes Sat Sep 05 18:33:01 -0700 2009 | link

Doing that on the :new action will populate the form with (incorrect) data, which is not what we want on :new. We want the form to be blank. Calling AccountSession.new(:username => ' ', :password => ' ') gives the same "no credentials..." error. I'm sure the solution is simple, but I don't see it.

Comment
Doing that on the :new action will populate the form with (incorrect) data, which is not what we want on :new. We want the form to be blank. Calling AccountSession.new(:username => ' ', :password => ' ') gives the same "no credentials..." error. I'm sure the solution is simple, but I don't see it.
or cancel

Parsed with GitHub Flavored Markdown
41.

0 votes

NameError: uninitialized constant ActiveRecord
0 comments Created 10 days ago by m4n

Title

Body
irb> require 'rubygems' => true irb> require 'authlogic' NameError: uninitialized constant ActiveRecord from ... from /path/to/authlogic-2.1.1/lib/authlogic/session/validation.rb:16 from ... `Authlogic::Session::Validation::Errors` inherits from `::ActiveRecord::Errors`, but no `require "active_record"` can be found in the code and no dependency has been added to the gemspec. Please note: In Rails 3, ActiveRecord::Errors has been moved to ActiveModel, so it might be better to roll your own Errors class.
or cancel
irb> require 'rubygems' => true irb> require 'authlogic' NameError: uninitialized constant ActiveRecord
```
from ...
from /path/to/authlogic-2.1.1/lib/authlogic/session/validation.rb:16
from ...
```
Authlogic::Session::Validation::Errors inherits from ::ActiveRecord::Errors, but no require "active_record" can be found in the code and no dependency has been added to the gemspec.

Please note: In Rails 3, ActiveRecord::Errors has been moved to ActiveModel, so it might be better to roll your own Errors class.
Comments

Parsed with GitHub Flavored Markdown
42.

0 votes

App on rails 2.3.4
0 comments Created 10 days ago by alec-c4

Title

Body
Hi, There are problem with UserSessions on rails 2.3.4. code in view like this <% form_for @user_session, :url => login_path do |f| -%> <%= f.error_messages %> <%= f.text_field :login %> <%= f.password_field :password %> <%= f.check_box :remember_me %> <%= submit_tag 'Login' %> <% end %> causes ActionView::TemplateError (can't convert ActiveRecord::Error into String) on line <%= f.error_messages %>
or cancel

Hi,
There are problem with UserSessions on rails 2.3.4. code in view like this

<% form_for @user_session, :url => login_path do |f| -%>
<%= f.error_messages %> <%= f.text_field :login %> <%= f.password_field :password %> <%= f.check_box :remember_me %> <%= submit_tag 'Login' %> <% end %>

causes ActionView::TemplateError (can't convert ActiveRecord::Error into String) on line <%= f.error_messages %>

Comments

Parsed with GitHub Flavored Markdown
43.

0 votes

Add sinatra adapter to gemspec files
0 comments Created 9 days ago by m4n

Title

Body
It is missing there.
or cancel

It is missing there.

Comments

Parsed with GitHub Flavored Markdown
44.

0 votes

the template is not valid ruby => breaks pre-commit syntax check
0 comments Created 7 days ago by jlecour

Title

Body
Hi, I'm a happy user of Authlogic. In my projects, manaed with Git, I have a pre-commit hook that checks all the modified files to see if they are valid. They go through Ruby or ERB syntax check and the commit is aborted if an error is raised. When I pack my gems in "vendor/gems", they are added to the next commit checked. This process stumbles upon the session template which ends on *.rb and so is checked by Ruby and so is not valid because it's in fact an ERB template. Maybe this file could be renamed into something either *.erb or *.tpl, … The exact file is : authlogic-2.1.1/generators/session/templates/session.rb I'll try to fork and make a patch, but I'm not sure that's in my reach ;-) Thanks for Authlogic and everything else that you make. It's great. Cheers Jeremy
or cancel

Hi,
I'm a happy user of Authlogic.
In my projects, manaed with Git, I have a pre-commit hook that checks all the modified files to see if they are valid. They go through Ruby or ERB syntax check and the commit is aborted if an error is raised.

When I pack my gems in "vendor/gems", they are added to the next commit checked.

This process stumbles upon the session template which ends on *.rb and so is checked by Ruby and so is not valid because it's in fact an ERB template.

Maybe this file could be renamed into something either .erb or .tpl, …

The exact file is : authlogic-2.1.1/generators/session/templates/session.rb

I'll try to fork and make a patch, but I'm not sure that's in my reach ;-)

Thanks for Authlogic and everything else that you make. It's great.
Cheers
Jeremy

Comments

Parsed with GitHub Flavored Markdown
45.

1 vote

Authlogic::Session::Validation::Errors#[] Doesn't funtion as Rails does
0 comments Created 6 days ago by mitchlloyd

Title

Body
Normally Rails would do this: @object.errors[:non_existent_attribute] # => nil Authlogic returns `[]` This is because of the following method: class Errors < ::ActiveRecord::Errors def [](key) value = super value.is_a?(Array) ? value : [value].compact end end as an example: nil.is_a?(Array) ? nil : [nil].compact # => [] This causes issues when using the Formtastic plugin which expects nil when there are no errors for a given attribute. This would be a fix: class Errors < ::ActiveRecord::Errors def [](key) value = super return nil if value.is_nil? value.is_a?(Array) ? value : [value].compact end end
or cancel
Normally Rails would do this:
```
@object.errors[:non_existent_attribute] # => nil
```
Authlogic returns []

This is because of the following method:
```
class Errors < ::ActiveRecord::Errors
  def [](key)
    value = super
    value.is_a?(Array) ? value : [value].compact
  end
end
```
as an example:
```
nil.is_a?(Array) ? nil : [nil].compact # => []
```
This causes issues when using the Formtastic plugin which expects nil when there are no errors for a given attribute.

This would be a fix:
```
class Errors < ::ActiveRecord::Errors
  def [](key)
    value = super
    return nil if value.is_nil?
    value.is_a?(Array) ? value : [value].compact
  end
end
```
Comments

Parsed with GitHub Flavored Markdown
46.

2 votes

generalize_credentials_error_messages with custom string
2 comments Created 5 days ago by moiristo

Title

Body
The doc specifies that instead of the value 'true' a string can be specified like this: generalize_credentials_error_messages I18n.t('authlogic.error_messages.login_credentials_invalid') However, this does not seem to work: when passing a string the whole statement is ignored.
or cancel

The doc specifies that instead of the value 'true' a string can be specified like this:

generalize_credentials_error_messages I18n.t('authlogic.error_messages.login_credentials_invalid')

However, this does not seem to work: when passing a string the whole statement is ignored.

Comments

IronDigital Wed Sep 16 06:48:18 -0700 2009 | link

I tested this and it seems to work fine. Did this get fixed and this issue not closed? I don't see a commit that mentions this, so I'm inclined to think it has always worked.

Comment
I tested this and it seems to work fine. Did this get fixed and this issue not closed? I don't see a commit that mentions this, so I'm inclined to think it has always worked.
or cancel

moiristo Wed Sep 16 06:55:08 -0700 2009 | link

I was experiencing this problem with ruby 1.8.7. Now I've switched to REE 1.8.6 it is indeed working as it should be.

Comment
I was experiencing this problem with ruby 1.8.7. Now I've switched to REE 1.8.6 it is indeed working as it should be.
or cancel

Parsed with GitHub Flavored Markdown
47.

0 votes

Ruby 1.9.1 and Rails 2.3.4
1 comment Created 5 days ago by shenoudab

Title

Body
Using Ruby 1.9.1 and Rails 2.3.4 i got that error NoMethodError (undefined method `^' for "a":String): authlogic (2.1.1) lib/authlogic/session/session.rb:46:in `session_credentials' authlogic (2.1.1) lib/authlogic/session/session.rb:33:in `persist_by_session' authlogic (2.1.1) lib/authlogic/session/callbacks.rb:78:in `persist' authlogic (2.1.1) lib/authlogic/session/persistence.rb:55:in `persisting?' authlogic (2.1.1) lib/authlogic/session/persistence.rb:39:in `find' app/controllers/application_controller.rb:16:in `current_user_session'
or cancel

Using Ruby 1.9.1 and Rails 2.3.4 i got that error

NoMethodError (undefined method ^' for "a":String):<br/> authlogic (2.1.1) lib/authlogic/session/session.rb:46:insession_credentials' authlogic (2.1.1) lib/authlogic/session/session.rb:33:in persist_by_session' authlogic (2.1.1) lib/authlogic/session/callbacks.rb:78:inpersist' authlogic (2.1.1) lib/authlogic/session/persistence.rb:55:in persisting?' authlogic (2.1.1) lib/authlogic/session/persistence.rb:39:infind' app/controllers/application_controller.rb:16:in `current_user_session'

Comments

gdagley Fri Sep 11 12:38:24 -0700 2009 | link

This appears to be a Rails 2.3.4 issue. See https://groups.google.com/group/authlogic/browse_thread/thread/519a124e0df73141

Comment
This appears to be a Rails 2.3.4 issue. See https://groups.google.com/group/authlogic/browse_thread/thread/519a124e0df73141
or cancel

Parsed with GitHub Flavored Markdown
48.

1 vote

Security: AuthLogic leaks valid usernames when logging in by default
1 comment Created 1 day ago by jj05

Title

Body
AuthLogic helps an attacker by letting them know if a username is valid or not while logging in. A more secure (but slightly less user-friendly) behavior would be not letting the user know whether the login or password (or both) is wrong. I think the secure behavior should be enabled by default, and have a configuration parameter to behave in the current mode. (note that information might also be leaked from the register and forgotten password page)
or cancel

AuthLogic helps an attacker by letting them know if a username is valid or not while logging in.

A more secure (but slightly less user-friendly) behavior would be not letting the user know whether the login or password (or both) is wrong.

I think the secure behavior should be enabled by default, and have a configuration parameter to behave in the current mode.

(note that information might also be leaked from the register and forgotten password page)

Comments

IronDigital Wed Sep 16 06:32:36 -0700 2009 | link

I agree with you, so I've forked and changed that default. The configuration option is still the same.

I'll send a pull request and we'll see what BinaryLogic thinks.

Comment
I agree with you, so I've forked and changed that default. The configuration option is still the same. I'll send a pull request and we'll see what BinaryLogic thinks.
or cancel

Parsed with GitHub Flavored Markdown
49.

1 vote

Authologic does not logout on heroku
0 comments Created about 23 hours ago by liamks

Title

Body
Logout works on my local machine (mac os x leopard, rails 2.3.4, mongral) but fails on Production in Heroku.
or cancel

Logout works on my local machine (mac os x leopard, rails 2.3.4, mongral) but fails on Production in Heroku.

Comments

Parsed with GitHub Flavored Markdown

Labels

Original Source | Taken Source

Users creates a session before creating their account, and retains their session data through the process. For example, user adds items to shopping cart before creating account, then creates account in order to buy.

System sends confirmation email to user when they create account. User clicks link in confirmation email to complete account registration process.

User edit page asks for old password before allowing user to create new password.

Comments

Comments

Use hash instead of encrypted

Comments

Comments

Comments

Comments

Comments

Comments

@Ben Johnsonx from-lighthousex |S| newx rails 2.3.3 problem &rsquo;ApplicationController removed from tree but still active &rsquo;

Comments

@Ben Johnsonx errorsx from-lighthousex validationx |S| newx custom validation

Comments

@Ben Johnsonx from-lighthousex |S| newx Using Multiple Databases with authlogic - Authlogic Switches to using Alternative DB

Comments

@Ben Johnsonx cookiesx from-lighthousex sessionx |S| openx :remember_me option not saving with UserSession.new

View

Controller

Problem

Comments

from-lighthousex |S| newx Authlogic_openid fails with URL that doesn&rsquo;t lead to an OpenID aware server

Comments

@Ben Johnsonx from-lighthousex http_basic_authenticationx |S| newx HTTP Basic Authentication not working.

Comments

@Ben Johnsonx from-lighthousex |S| openx I18n locale changes work for AR but not AL

Comments

@Ben Johnsonx authlogici18nx documentationx from-lighthousex i18nx rdocx |S| newx Inaccurate RDOC for Internationalization functionality

Comments

@Ben Johnsonx from-lighthousex i18nx |S| newx some i18n keys missing?

Comments

@Ben Johnsonx authlogicx from-lighthousex stix |S| openx Using authlogic with STI User models

Comments

Comments

Comments

Comments

Comments

Comments

<AccountSession: no credentials provided>

<Authlogic::Session::Validation::Errors:0x213cc78 @errors={}, @base=#<AccountSession: no credentials provided>>

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

Comments

@Ben Johnson
x

from-lighthouse
x

|S| new
x

rails 2.3.3 problem ’ApplicationController removed from tree but still active ’

@Ben Johnson
x

errors
x

from-lighthouse
x

validation
x

|S| new
x

custom validation

@Ben Johnson
x

from-lighthouse
x

|S| new
x

Using Multiple Databases with authlogic - Authlogic Switches to using Alternative DB

@Ben Johnson
x

cookies
x

from-lighthouse
x

session
x

|S| open
x

:remember_me option not saving with UserSession.new

from-lighthouse
x

|S| new
x

Authlogic_openid fails with URL that doesn’t lead to an OpenID aware server

@Ben Johnson
x

from-lighthouse
x

http_basic_authentication
x

|S| new
x

HTTP Basic Authentication not working.

@Ben Johnson
x

from-lighthouse
x

|S| open
x

I18n locale changes work for AR but not AL

@Ben Johnson
x

authlogici18n
x

documentation
x

from-lighthouse
x

i18n
x

rdoc
x

|S| new
x

Inaccurate RDOC for Internationalization functionality

@Ben Johnson
x

from-lighthouse
x

i18n
x

|S| new
x

some i18n keys missing?

@Ben Johnson
x

authlogic
x

from-lighthouse
x

sti
x

|S| open
x

Using authlogic with STI User models