Does Authlogic could to working with Mongomapper (a wrapper to MongoDB)?

https://railstips.org/2009/6/27/mongomapper-the-rad-mongo-wrapper

https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L16

By default SecureRandom [1] uses 16 bytes (which has an entropy of 128 bits [2]), so:

SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")

should be:

SecureRandom.base64().tr('+/=', '-_ ').rstrip

[1] https://api.rubyonrails.org/classes/ActiveSupport/SecureRandom.html#M001107

[2] https://bitbucket.org/ares/cryha/src/tip/doc/sym_crypto.txt#cl-113

https://github.com/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/lib/authlogic/random.rb#L11

SecureRandom.hex(64)

Why do use 64 bytes?

It shoulds be

SecureRandom.hex()

which uses 16 random bytes to return them into a hexadecimal string.

Use hash instead of encrypted

Another thing. I've seen that it's used 'encrypted' or 'crypted' to refer to the hashs. An hash is not a cryptographic algorithm, they are both different. Please use 'hash' to refer a SHA and any term related to crypto. to refer to AES.

• The salt is being saved in base64 getting 22 chars but If it's stored as bytes strings it were only 16 chars. The difference is very great when you have 100K o 1M of users.

• The same happens with the hashes which are being saved in hexadecimal, althought the difference is a lot of great.

Digest::SHA512.hexdigest => 128 chars.

instead of

Digest::SHA512.digest => 64 chars.

I am not sure if this bug is related to authlogic not being compatible with rails 2.3.3 or not, but I encounter an undefined method 'rewind' for # error when attempting to login using authlogic. This only occurs for me when attempting to use Rails 2.3.3. Once I switch back to 2.3.2 everything works fine. Here is a backtrace:

Status: 500 Internal Server Error undefined method `rewind' for #<TCPSocket:0x2536630>

/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/request.rb:150:in `POST'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/methodoverride.rb:15:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/params_parser.rb:15:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/session/cookie_store.rb:93:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/reloader.rb:29:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/failsafe.rb:26:in `call'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `synchronize'
/Library/Ruby/Gems/1.8/gems/rack-1.0.0/lib/rack/lock.rb:11:in `call'
/Library/Ruby/Gems/1.8/gems/actionpack-2.3.3/lib/action_controller/dispatcher.rb:106:in `call'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/rack/request_handler.rb:65:in `process_request'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_request_handler.rb:197:in `main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:340:in `start_request_handler'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:298:in `handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/utils.rb:176:in `safe_fork'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:296:in `handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:149:in `start'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/railz/application_spawner.rb:192:in `start'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:260:in `spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:121:in `lookup_or_add'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:254:in `spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:75:in `synchronize'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server_collection.rb:74:in `synchronize'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:253:in `spawn_rails_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:148:in `spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/spawn_manager.rb:285:in `handle_spawn_application'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `__send__'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:332:in `main_loop'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/lib/phusion_passenger/abstract_server.rb:182:in `start_synchronously'
/Library/Ruby/Gems/1.8/gems/passenger-2.1.2/bin/passenger-spawn-server:50

I can't seem to find any information in the docs on how to remove the "_ is not valid" validations on the user session fields. generalize_credentials_error_messages did not seem to return the results I was looking for. Is there a way to remove the validations completely for email/login/password and only use the validates_presence_of. Thank you.

It would be really great with a dead simple example showing how to create an Authlogic "add on".

Hi

With 2.3.3 I started to see strange ’A copy of ApplicationController has been removed from the module tree but is still active!’ errors every few requests. Switching back to 2.3.2 removed the problem.

I think I was able to locate the problem somewhere within authlogic.

It might have something to do with this outstanding ticket (https://rails.lighthouseapp.com/projects/8994/tickets/1339-arbase-should-not-be-nuking-its-children-just-because-it-lost-interest), but so far I haven’t seen any activity in it.

The problem can be reproduced by fetching my fork of the authlogic example application:

• https://github.com/retoo/authlogic_example/tree/rails233bug
• cp config/database.yml{-bug-example,} (or use your own, shoudln’t matter)
• rake db:migrate
• start server
• register a user
• fetch the page right after the registration (users/show) repeatedly and fast (keep reload button pressed)
• The error should occour withhin 10-30 requests,

Now if you like you can switch back to 2.3.2 and repeat the test, with 2.3.2 nothing happens.

Attached you can find the full backtrace.

Thanks!

Cheers,
Reto

original LH ticket

This ticket has 1 attachment(s).

My User class has a boolean field named "enabled". I’d like to prevent the login if that field is set to false. I found here an example code:
https://rdoc.info/rdoc/binarylogic/authlogic/blob/72992b9effaea12f109465fc904fa5431538775a/Authlogic/Session/Validation/Errors.html

class UserSession

validate :check_if_awesome
private
  def check_if_awesome
    errors.add(:login, "must contain awesome") if login && !login.include?("awesome")
    errors.add(:base, "You must be awesome to log in") unless attempted_record.awesome?
  end

end

that I’ve adapted into this:

class UserSession < Authlogic::Session::Base

validate :check_if_user_enabled
private
    def check_if_user_enabled
        debugger
#        User.find_by_login(object.login).enabled
    end

end

so, why does UserSession doesn’t inherit from Authlogic::Session::Base ?
Moreover, using the debugger I can’t see the "errors" object, I can only access to it by "object.errors".

so, if I’m not doing anything wrong, the problem in this ticket should only be about syncing this to the documentation.

Maurizio De Magnis

original LH ticket

This ticket has 0 attachment(s).

I have a fairly generic setup of Authlogic using all defaults against a User table in my primary DB.

I have a 2nd separate database setup in my database.yml/models ala something like..

In database.yml ... a second_db entry

In an example model...
class ModelInOtherDB < ActiveRecord::Base
establish_connection :second_db ... end

Whenever I use this MonelInOtherDB .. it works but when I reload the authlogic tries hitting the 2nd database not the primary DB with the User in it and faults with a ...

Could not find table ’user’ error

Authlogic(2.1.1)
Ruby version 1.9.1 (i386-darwin9.6.0)
RubyGems version 1.3.3

original LH ticket

This ticket has 0 attachment(s).

View

@@@ - if current_user %p= "Signed in as " << current_user.email << "!" %p= current_user_session.remember_me? - else %h1 Login %p

- form_for :login_info, :url => login_path do |f|
  = f.label :email
  = f.text_field :email
  = f.label :password
  = f.password_field :password
  = f.submit "Submit"
  = f.check_box :remember_me
  = f.label :remember_me

@@@

Controller

@@@ class UserSessionsController < ApplicationController
before_filter :require_no_user, :only => :create before_filter :require_user, :only => :destroy

def create

user_session = UserSession.new(params[:login_info])
if user_session.save
  flash[:notice] = "Logged in!"
  redirect_to home_path
else
  flash[:error] = "Error: Login unsuccessful!"
  redirect_to home_path
end

end

def destroy

current_user_session.destroy
flash[:notice] = "Logged out!"
redirect_to home_path

end end
@@@

Problem

Now when I login with the option ’Remember me?’ checked, Rails passes:
@@@ Processing UserSessionsController#create (for 127.0.0.1 at 2009-07-11 03:39:15) [POST]
Parameters: {"commit"=>"Submit", "action"=>"create", "controller"=>"user_sessions", "login_info"=>{"password"=>"[FILTERED]", "remember_me"=>"1", "email"=>"c00lryguy@gmail.com"}} @@@

But the View displays:
@@@ Signed in as c00lryguy@gmail.com!
false
@@@

No matter how hard I try I can’t get the current_user_session to remember the remember_me option.

original LH ticket

This ticket has 0 attachment(s).

I’m using authlogic_openid version 1.0.4 because of problems with the current version of authlogic_openid. The error exists in the demo at https://authlogicexample.binarylogic.com/ as well.

Visit the demo. Enter https://google.com (or some other non-OpenID aware URL).

The problem is that the save block never gets yielded to. Here is the Mongrel output from my development environment:
[OPENID] No usable OpenID services were found for "https://google.com/"

A similar problem exists when a URL to a non-existing server is entered:
[OPENID] Failed to fetch identity URL https://b.com/ : Error fetching https://b.com/: getaddrinfo: Name or service not known

Best,

Daniel

original LH ticket

This ticket has 0 attachment(s).

HTTP Basic authentication works when going through curl, but not when using a browser (safari or firefox). In firefox, the attached dialog shows up. This happens in all of my projects using authlogic and the authlogic_example application from github. It’s the same whether I use mongrel or passenger.

original LH ticket

This ticket has 2 attachment(s).

I added a translations file for AuthLogic to my rails app. This correctly resulted in error messages for users being translated into the default locale. However, when I change the locale in a before filter, AuthLogic keeps returning error messages in the default locale while AR starts providing validation errors in the current locale. It seems like the call to I18n translate (t) is being made only once with the default locale when the AuthLogic gem is loaded.

original LH ticket

This ticket has 0 attachment(s).

Hey there.

Ran into a couple of problems customising the error messages that Authlogic raises using the I18n functionality, stemming from a couple of inaccuracies in your RDOC.

Firstly, this example (from https://rdoc.info/rdoc/binarylogic/authlogic/blob/81af95e639570822667ec817f42aaad54f8865ed/Authlogic/I18n.html):>

START CODE

# you will have key which will be something like: "error_messages.password_invalid"
# you will also have options[:default], which will be the default english version of the message
# do whatever you want here with the arguments passed to you.

original LH ticket

This ticket has 0 attachment(s).

Hello, I think there still are some keys missing.

I can’t translate during validation :

model names :

user_session user

attributes :

all the attributes for user

The rest is working just fine.

I’m using the latest gem.

original LH ticket

This ticket has 0 attachment(s).

Using authlogic with models that extend the User class (using Single Table Inheritance)
seems to break things since you end up with nil objects for @current_user in your controllers

@@@ ruby class User < ActiveRecord::Base

 acts_as_authentic

end
class NormalUser < User;end
class SpecialUser < User;end
@@@

Is it possible to use authlogic with STI?

original LH ticket

This ticket has 0 attachment(s).

The regex in regex.rb for the login field currently is:

/\A\w[\w.+-_@ ]+\z/

This requires the login field to be a minimum of two characters. Shouldn't the first \w be removed or the + be changed to a *? I figure it makes most sense to remove the \w.

If I enable logout_on_timeout and try to use HTTP Basic Auth then Authlogic will not validate the session (JosUserSession.find.record returns nil)

User and UserSession models below. I'm using the the ApplicationController methods as shown in the tutorials.

class UserSession < Authlogic::Session::Base
  login_field :username
  verify_password_method :valid_credentials?
  logout_on_timeout true
  allow_http_basic_auth true
end 
class User < ActiveRecord::Base
  acts_as_authentic do |c| 
    c.validate_password_field = false
    c.login_field = :username
    c.logged_in_timeout = 30.minutes
  end 
  def valid_credentials?(password_plaintext)
    valid_jos_user_credentials?(password_plaintext)
  end 
  def valid_jos_user_credentials?(password_plaintext)
    salt = password.split(':')[1]
    encrypted = Digest::MD5.hexdigest("#{password_plaintext}#{salt}")
    password.eql? "#{encrypted}:#{salt}"
  end 
end 

I change a user's password through the console, then reload that user and the valid_password? returns false for the new password.

Any ideas where to look from here before I end up deep into the authlogic code?

Here's a console dump:

?> u.password = "foobar" => "foobar"

u.password_confirmation = "foobar" => "foobar" u.save! => true u.reload => # u.valid_password?("foobar") => false

Is there an easy way to merge validation options for all validations? I would like to disable validations when a user is registered as a guest and currently have to do this.

acts_as_authentic do |c|
  c.merge_validates_confirmation_of_password_field_options :unless => :guest?
  c.merge_validates_length_of_password_field_options :unless => :guest?
  c.merge_validates_length_of_password_confirmation_field_options :unless => :guest?
  c.merge_validates_length_of_login_field_options :unless => :guest
  c.merge_validates_format_of_login_field_options :unless => :guest
  c.merge_validates_uniqueness_of_login_field_options :unless => :guest
  c.merge_validates_format_of_email_field_options :unless => :guest
  c.merge_validates_length_of_email_field_options :unless => :guest
  c.merge_validates_uniqueness_of_email_field_options :unless => :guest
end

It would be nice if there was one merge_validation_options config method which merged all of them. Or is there a better way to do this?

to add email field do i just modify create_users.rb file and then run migration.Or are there other steps?
sorry I am a complete newbie

Creating a new instance automatically loads errors into @base and populates those errors on my sign in form:

(rdb:1) @account_session = AccountSession.new

<AccountSession: no credentials provided>

(rdb:1) @account_session.errors

<Authlogic::Session::Validation::Errors:0x213cc78 @errors={}, @base=#<AccountSession: no credentials provided>>

Is this correct behavior or am I missing something?

Gavin

irb> require 'rubygems' => true irb> require 'authlogic' NameError: uninitialized constant ActiveRecord

from ...
from /path/to/authlogic-2.1.1/lib/authlogic/session/validation.rb:16
from ...

Authlogic::Session::Validation::Errors inherits from ::ActiveRecord::Errors, but no require "active_record" can be found in the code and no dependency has been added to the gemspec.

Please note: In Rails 3, ActiveRecord::Errors has been moved to ActiveModel, so it might be better to roll your own Errors class.

Hi,
There are problem with UserSessions on rails 2.3.4. code in view like this

<% form_for @user_session, :url => login_path do |f| -%>
<%= f.error_messages %> <%= f.text_field :login %> <%= f.password_field :password %> <%= f.check_box :remember_me %> <%= submit_tag 'Login' %> <% end %>

causes ActionView::TemplateError (can't convert ActiveRecord::Error into String) on line <%= f.error_messages %>

It is missing there.

Hi,
I'm a happy user of Authlogic.
In my projects, manaed with Git, I have a pre-commit hook that checks all the modified files to see if they are valid. They go through Ruby or ERB syntax check and the commit is aborted if an error is raised.

When I pack my gems in "vendor/gems", they are added to the next commit checked.

This process stumbles upon the session template which ends on *.rb and so is checked by Ruby and so is not valid because it's in fact an ERB template.

Maybe this file could be renamed into something either .erb or .tpl, …

The exact file is : authlogic-2.1.1/generators/session/templates/session.rb

I'll try to fork and make a patch, but I'm not sure that's in my reach ;-)

Thanks for Authlogic and everything else that you make. It's great.
Cheers
Jeremy

Normally Rails would do this:

@object.errors[:non_existent_attribute] # => nil

Authlogic returns []

This is because of the following method:

class Errors < ::ActiveRecord::Errors
  def [](key)
    value = super
    value.is_a?(Array) ? value : [value].compact
  end
end

as an example:

nil.is_a?(Array) ? nil : [nil].compact # => []

This causes issues when using the Formtastic plugin which expects nil when there are no errors for a given attribute.

This would be a fix:

class Errors < ::ActiveRecord::Errors
  def [](key)
    value = super
    return nil if value.is_nil?
    value.is_a?(Array) ? value : [value].compact
  end
end

The doc specifies that instead of the value 'true' a string can be specified like this:

generalize_credentials_error_messages I18n.t('authlogic.error_messages.login_credentials_invalid')

However, this does not seem to work: when passing a string the whole statement is ignored.

Using Ruby 1.9.1 and Rails 2.3.4 i got that error

NoMethodError (undefined method ^' for "a":String):<br/> authlogic (2.1.1) lib/authlogic/session/session.rb:46:insession_credentials' authlogic (2.1.1) lib/authlogic/session/session.rb:33:in persist_by_session' authlogic (2.1.1) lib/authlogic/session/callbacks.rb:78:inpersist' authlogic (2.1.1) lib/authlogic/session/persistence.rb:55:in persisting?' authlogic (2.1.1) lib/authlogic/session/persistence.rb:39:infind' app/controllers/application_controller.rb:16:in `current_user_session'

AuthLogic helps an attacker by letting them know if a username is valid or not while logging in.

A more secure (but slightly less user-friendly) behavior would be not letting the user know whether the login or password (or both) is wrong.

I think the secure behavior should be enabled by default, and have a configuration parameter to behave in the current mode.

(note that information might also be leaked from the register and forgotten password page)

Logout works on my local machine (mac os x leopard, rails 2.3.4, mongral) but fails on Production in Heroku. Authlogic is integrated into my app in the same way that the railscast episode on authlogic suggests - the only difference is that I included all of the authlogic database columns.

https://www.mrkris.com/2009/09/21/not-using-ipaddr-should-result-in-you-being-mauled-by-a-bear/

Authlogic is very great, but I'm not alone being confused by how the act_as_authentic DSL is designed - it's quite confusing as it's not really follow some Ruby patterns. Not a bug but... Example: c.validates_length_of_password_field_options is both a method and a setter, but c.merge_validates_format_of_email_field_options is only a method - very confusing. The first one should be either a property or a method to make the API more clean. Same as perishable_token_valid_for = 5.days, should be perishable_token_valid_for 5.days should not both work. It's too much magic making especially newbies confused. I'm not a newbie, but I tend to check the docs like all the time - the old DSL made a bit more sense.

My point is that too many ways of doing the identical thing leads to "the paradox of choice" which is not good for APIs.

I'm using Authlogic 2.1.2, Shoulda 2.10.2, FactoryGirl 1.2.2.
I included require "authlogic/test_case" in the test_helper.rb
and added the following

class ActionController::TestCase
  setup :activate_authlogic
end

so that it runs before each functional test

Now, A test like the following fails

context "A guest - for an already activated account - " do
  setup {@user = Factory.create(:activated_user)}
  context "requesting the activation mail (POST to create)" do
    setup { post :create, :email => @user.email}
    should_set_flash_of_to :error, "The account is already activated"
    should_redirect_to("login_path") { login_path }
  end
end

It fails because there's a user in the session...As you can see, the code above did not login the user created. It just created it.

If I instead remove

class ActionController::TestCase
  setup :activate_authlogic
end

and add the activate_authlogic call right after creating the user, everything works fine.
I've debugged and inspected some code and my observation is that
If you activate_authlogic and then create users, the first user created will have a session without the need to call UserSession.create. This is a wrong behavior

AuthLogic doesn't behave like ActiveRecord.

With ActiveRecord, the @errors array is filled only after running .valid? or .save
With AuthLogic it is run automatically and there is no way to disable it.

AuthLogic will therefore mark the fields login and password as error. As these are added to the base errors, there's no way to clear those errors. This is especially an issue if AuthLogic is used in conjunction with Formtastic. In that case those fields will always be highlighted as errors.

AuthLogic shouldn't check for errors until the .valid? or .save methods are called.

To reproduce, modify the authlogic example as follows,

class UserSessionsController < ApplicationController
  def new
    @user_session = UserSession.new
    raise @user_session.inspect   # will always show an error
  end
end

e.g. when doing a signup, and leaving all the fields blank, the user gets the following errors:

* Password confirmation is too short (minimum is 4 characters)
* Password is too short (minimum is 4 characters)
* Password doesn't match confirmation
* Login is too short (minimum is 3 characters)
* Login should use only letters, numbers, spaces, and .-_@ please.
* Email is too short (minimum is 6 characters)
* Email should look like an email address.

Instead they should be getting:

* Login can't be blank
* Email can't be blank
* Password can't be blank
* Password confirmation can't be blank

I got the following error when i use: self.primary_key = 'login" in the user model .

WARNING: Can't mass-assign these protected attributes: login

NoMethodError (undefined method `login_changed?' for #<User:0x10324f578>):

app/controllers/users_controller.rb:12:in `create'

The exception is thrown in the create method (@user.save) when i trying to create a new account:
def create

  @user = User.new(params[:user])
  if @user.save
    flash[:notice] = "Account registered!"
    redirect_back_or_default account_url
  else
    render :action => :new
  end
end

Thanks,
James

All fields in a user object are shown by default, including the persistence-token, crypted password, salt, email address and openid.

You can disable the formatted routes, or you can sanitize these fields by overriding to_xml, to_json, etc to always use the

 :only => [...whitelisted fields...]

flag. (The attr_visible plugin https://github.com/mrflip/attr_visible helps implement the latter)

Seems like there are no git tags for any of the released versions on github, make sure to push them with

git push --tags

It appears that some extensions are mutually incompatible. I think it is because of the way authlogic is made and not really the extensions' fault (I might be wrong).

The #save scheme with block does not work correctly the way it is now implemented. If you have two extensions that need it (e.g. open_id and oauth extensions), then both extensions will yield to the block. Yielding twice is not the right thing to do (since some logic could be in that block) and will automatically result in (at best) a DoubleRender error.

Maybe authlogic's #save itself should yield to the block; this way the extensions won't have to do it themselves?

Get the following issue with a brand new app on ruby 1.9.1p243 (2009-07-16 revision 24175), and rails 2.3.3, and authlogic 2.1.2.

Steps went:
sudo gem install authlogic
rails authlogic_test
cd authlogic_test/
vim config/environment.rb
added - config.gem "authlogic" set - RAILS_GEM_VERSION = '2.3.3' unless defined? RAILS_GEM_VERSION script/generate session user_session
/home/nevyn/rails/authlogic_test/config/initializers/new_rails_defaults.rb:14:in <top (required)>': undefined methodgenerate_best_match=' for ActionController::Routing:Module (NoMethodError)

from /home/nevyn/.gem/ruby/1.9.1/gems/activesupport-2.3.3/lib/active_support/dependencies.rb:145:in `load'
from /home/nevyn/.gem/ruby/1.9.1/gems/activesupport-2.3.3/lib/active_support/dependencies.rb:145:in `block in load_with_new_constant_marking'
from /home/nevyn/.gem/ruby/1.9.1/gems/activesupport-2.3.3/lib/active_support/dependencies.rb:521:in `new_constants_in'
from /home/nevyn/.gem/ruby/1.9.1/gems/activesupport-2.3.3/lib/active_support/dependencies.rb:145:in `load_with_new_constant_marking'
from /usr/lib/ruby19/gems/1.9.1/gems/rails-2.3.3/lib/initializer.rb:622:in `block in load_application_initializers'
from /usr/lib/ruby19/gems/1.9.1/gems/rails-2.3.3/lib/initializer.rb:621:in `each'
from /usr/lib/ruby19/gems/1.9.1/gems/rails-2.3.3/lib/initializer.rb:621:in `load_application_initializers'
from /usr/lib/ruby19/gems/1.9.1/gems/rails-2.3.3/lib/initializer.rb:176:in `process'
from /usr/lib/ruby19/gems/1.9.1/gems/rails-2.3.3/lib/initializer.rb:113:in `run'
from /home/nevyn/rails/authlogic_test/config/environment.rb:9:in `<top (required)>'
from /usr/lib/ruby19/gems/1.9.1/gems/rails-2.3.3/lib/commands/generate.rb:1:in `require'
from /usr/lib/ruby19/gems/1.9.1/gems/rails-2.3.3/lib/commands/generate.rb:1:in `<top (required)>'
from script/generate:3:in `require'
from script/generate:3:in `<main>'

Hello,

I have a rack filter that dynamically sets the session cookie domain using env['rack.session.options'][:domain]. This seems to correctly update the domain for rails session cookies but not for authlogic cookies.

Is there a preferred method for setting dynamic (rather than static in environment.rb) cookie domains that would work with authlogic as well?

Thanks!
Omar

Authlogic allows people to register with the same login plus a trailing space. I don't know about other databases, but this makes it impossible to log in with the second login using MySQL. Example:

User1 signs up with login "John"
User2 signs up with login "John "

first(:conditions => ["LOWER(users.login) = ?", "John ".downcase])
returns User1 rather than User2.

Also, Authlogic allows the login to be an email address by default, which can cause problems if you enable email or login to log in.

Hi all, I'm getting the following error in my application that uses Authlogic:

ActionView::TemplateError (undefined method `password' for #<User:0x2af83ebffa98>) on line <a href="/binarylogic/authlogic/issues/#issue/7" class="internal">#7</a>     of app/views/users/_form.html.erb: 
4: <br /> 
5: 
6: <%= form.label :password, form.object.new_record? ? nil : "Change password" %><br /> 
7: <%= form.password_field :password %><br /> 
8: 
9: <br /> 
10:

It works perfectly locally, but when I run it on Heroku it stops working. I see that others have this issue, but no-one has been given an answer. All of the migrations are run, and I do have acts_as_authentic in my User model.

Thanks!

Hey,

Currently the persistence order of Authlogic is this:
[:persist_by_params, :persist_by_cookie, :persist_by_session, :persist_by_http_auth]

This - according to me - is not logically correct. persistence by session should come before persistence by cookie.

:persist_by_cookie is enabling the "remember me" functionality, and could be perceived as an "automated re-login" system. There are many possible use cases where a client would want to track these "automated logins". Currently this can be done by overriding (or chaining) the persist_by_cookie method. However it is always called.

By moving the :persist_by_session callback up one spot, the :persist_by_cookie will only be called if there is no session available and can then be truly seen as "automated login"

hey,

if you have the timeout logic enabled as well as the column 'last_request_at', then a single_access_token will be flagged as 'stale' because logged_out will return true (which is because last_request_at is not set or is old).

to fix this, one needs to replace (in lib/session/timeout.rb)

      before_persisting :reset_stale_state
      after_persisting :enforce_timeout

to

      before_persisting :reset_stale_state, :unless => :single_access?
      after_persisting :enforce_timeout,    :unless => :single_access?

thanks!
Adam

I have installed the version 2.1.2 and it gives me this error when I try to login:

NameError (uninitialized constant ActiveSupport::Multibyte::Chars::Encoding): authlogic (2.1.2) lib/authlogic/acts_as_authentic/login.rb:121:infind_with_case' authlogic (2.1.2) lib/authlogic/acts_as_authentic/login.rb:110:in find_by_smart_case_login_field' authlogic (2.1.2) lib/authlogic/session/scopes.rb:95:insend' authlogic (2.1.2) lib/authlogic/session/scopes.rb:95:in search_for_record' authlogic (2.1.2) lib/authlogic/session/scopes.rb:94:insend' authlogic (2.1.2) lib/authlogic/session/scopes.rb:94:in search_for_record' authlogic (2.1.2) lib/authlogic/session/password.rb:183:invalidate_by_password' authlogic (2.1.2) lib/authlogic/session/callbacks.rb:72:in validate' authlogic (2.1.2) lib/authlogic/session/validation.rb:64:invalid?' authlogic (2.1.2) lib/authlogic/session/existence.rb:65:in save' app/controllers/usuario_sessiones_controller.rb:14:increate'`

At the time of this writing authlogic/acts_as_authentic/base.rb does inclusion of many methods in ActiveRecord::Base.

Would it be possible to improve this part to not include those methods in all objects inheriting from ActiveRecord::Base since it compromises code stability?

I notice that Authlogic::ActsAsAuthentic::Login::Config 's login_field method accepts a symbol representing a single column.

I have a system which has 2 fields (agency & username) that uniquely identifies a user. Is there some way the existing authlogic can deal with a user table that has multiple columns that identify a user?

If not, would you be interested in a patch allowing login_field to also accept an array of symbols to handle such cases?

Hello,

I posted this message on authlogic_facebook_connect but Joakim told me I'd better ask Ben (ref: https://github.com/kalasjocke/authlogic_facebook_connect/issues/#issue/7).

So, here am I :)

I have a problem with facebook connect and the authlogic's persistence token. In my app right now I use 3 tokens : persistence, perishable and single_access. Following Authlogic example app (Ben's one), the three tokens should not be allowed NULL. I'd like to preserve that since I plan to have both facebook and non-facebook users.

perishable_token and single_access_token don't mess up facebook connect, and before_connect (a hook to grab facebook info and initialize your user model with it upon connection) seems a good place to set them in case you want to.

So my code looks like :
def before_connect(facebook_session)

self.single_access_token = Authlogic::Random.friendly_token
self.perishable_token = Authlogic::Random.friendly_token
self.first_name = facebook_session.user.first_name
self.last_name = facebook_session.user.last_name

end

Unfortunately, this doesn't work with the persistence_token.
It's really strange because if I add a persistence_token the same way I do for the two other tokens (friendly_token or hex_token), it gets impossible to login.
But, if I set the facebook_uid to an existing "non facebook" user (that has a persistence_token), he will be able to log in.
Also, if I manually edit the database entry and put whatever token, it will also work.

So it looks like the random token generated during before_connect isn't acceptable, but I don't know why.

Do you have any clue regarding this behavior ?

Thanks a lot for your help.

I get this error with the following setup: uninitialized constant User::AuthLogic

config/environment.rb

= '2.3.4' unless defined? RAILS_GEM_VERSION require File.join(File.dirname(FILE), 'boot')

Rails::Initializer.run do |config|
config.gem 'authlogic'

config.time_zone = 'UTC'

end

app/models/user.rb

class User < ActiveRecord::Base
acts_as_authentic do |c|

c.crypto_provider = AuthLogic::CryptoProviders::MD5

end end

Any thoughts on what I am doing wrong?

I think the problem is with the roo gem, I just want to inform you about this problem, you can check the error messagge I have:
https://rubyforge.org/tracker/index.php?func=detail&aid=27445&group_id=3729&atid=14374

I seem to have some sort of load issue kicking me into the test environment, and I've made a minimal app to replicate the issue. (https://www.ruby-forum.com/topic/199371#868558 has the app attached)

From what I can tell, the problem is due to three related items: 1) a user model with authlogic, 2) rspec-rails, and 3) a users observer. Removing any one of the three seems to "fix" the issue. I've noted the lines which you can comment out to see the problem resolve. (It should then load the development SQLite3 database with my test user). The visible symptom is:

SQLite3::SQLException: no such table: users: SELECT * FROM "users"

Apparently the conflict pushes the app into the test environment and therefore changes the database on me.

Gems:

• authlogic 2.1.3
• rspec and rspec-rails 1.2.9
• rails 2.3.4

I'm on passenger 2.2.5, and I hope that's not a factor. I currently run stock Snow Leopard ruby.

Any clue how I can further track this down? I don't see anything obvious with either rspec or authlogic fudging with the environment…

Regards,
David Nawara

Hi, I implemented the tutorial, with 'username' as the login field.
The column in the Users table is named 'username', and in user.rb I added:
acts_as_authentic do |c|

  c.login_field = :username

end

and got this weird exception:

NoMethodError in User_sessions#new

Showing app/views/user_sessions/new.html.erb where line #33 raised:

undefined method `column_for_attribute' for #<UserSession: no credentials provided>

Extracted source (around line #33):

30: <%= f.label t('user.username') %> :
31:
32:
33: <%= f.text_field :username %>

34:
35:
36:

RAILS_ROOT: /disk1/home/slugs/34794_f1a214e_a88e/mnt
Application Trace | Framework Trace | Full Trace

/disk1/home/slugs/34794_f1a214e_a88e/mnt/vendor/plugins/delocalize/lib/delocalize/rails_ext/action_view.rb:11:in to_input_field_tag' /disk1/home/slugs/34794_f1a214e_a88e/mnt/vendor/rails/actionpack/lib/action_view/helpers/form_helper.rb:531:intext_field'

/disk1/home/slugs/34794_f1a214e_a88e/mnt/vendor/rails/actionpack/lib/action_view/helpers/form_helper.rb:930:in send' /disk1/home/slugs/34794_f1a214e_a88e/mnt/vendor/rails/actionpack/lib/action_view/helpers/form_helper.rb:930:intext_field'

/disk1/home/slugs/34794_f1a214e_a88e/mnt/app/views/user_sessions/new.html.erb:33:in _run_erb_app47views47user_sessions47new46html46erb' /disk1/home/slugs/34794_f1a214e_a88e/mnt/app/views/user_sessions/new.html.erb:26:in_run_erb_app47views47user_sessions47new46html46erb'

This only appends in production, it works well in development.

There's a bug that causes AuthLogic to only maintain one session at a time. It is caused by BCrypt and the BCrypt.cost parameter. When one session starts, all the other sessions will be invalidated/logged out.

To reproduce, make the following changes in the AuthLogic Example, and register a new user after making those changes.

user.rb:

class User < ActiveRecord::Base
  acts_as_authentic do |c|
    c.crypto_provider = Authlogic::CryptoProviders::BCrypt
  end
end

config/initializers/authlogic.rb

Authlogic::CryptoProviders::BCrypt.cost = 1

Removing the BCrypt.cost line seems to solve the issue.

Since recently updating to a newer version of both Formtastic and Authlogic I've noticed a NoMethodError for UserSession on method 'content_columns'

I've since made the following amendment to my UserSession model to get things humming again.

https://gist.github.com/245249

This is a bit of a strange one. I'm testing my logout action, simply testing to see if the user is logged-out after hitting the action.

It works fine in the browser, but never logs the user out in tests (at least user.reload.logged_in? is still true.) Logging in was fine once I discovered activate_authlogic, but logging out continues to elude me.

I understand that you don't use rspec, but I have no other recourse at this point. I've been trying for an hour to make a 5-line test I've written 20 times before to work and i'm about to slit my wrists here.