#21 ✓resolved
James B. Byrne

UserSessionsModel attributes setters overridden by acts_as_authentic

Reported by James B. Byrne | January 2nd, 2009 @ 12:38 PM

It is not clear from the documentation whether or not attribute setters in the UserSession model should modify the data used for login user authentication finds. However, correspondence with the authlogic author leads to the inference that it should.

Nonetheless, in user_session.rb, if one defines a setter method corresponding to a user.rb model login attribute then no custom processing contained therein is ever executed. The logic path goes to the model method definition and then passes from the model file never to return.

Specific instance:

Given a user model with the login attribute named "username"


class User < ActiveRecord::Base
  acts_as_authentic 

  def username=(name)
    # hll_keycase is a local extension of class String.
    # it is equivalent to .strip.squeeze(" ").mb_chars.downcase
    write_attribute(:username, name.hll_keycase)
  end
end

And the UserSession model.


class UserSession < Authlogic::Session::Base

  def username=(name)
    # debugger if ENV['RAILS_ENV'] == 'development'
    @username = name.strip.squeeze(" ").mb_chars.downcase
  end

  def login=(name)
    # debugger if ENV['RAILS_ENV'] == 'development'
    @login = name.strip.squeeze(" ").mb_chars.downcase
  end

end

Given a user "myuser" with password "mypassword" when the user "MyUSer" and password "mypassword" is provided at the login page then the user "myuser" should be authenticated.

This fails. Authlogic does not modify the user name provided, "MyUSer", to the normalized version, "myuser", before generating the SQL SELECT on the users table.


Processing UserSessionsController#create (for 127.0.0.1 at 2008-12-25
11:58:03)
[POST]
  Session ID: 768fb2537f6d90a7dd005403b6a721c9
  Parameters: {"commit"=>"Login", "user_session"=>{"remember_me"=>"0",
"username
"=>"MyUSer", "password"=>"[FILTERED]"}, "action"=>"create",
"controller"=>"user
sessions"}
  User Load (0.0ms)   SELECT * FROM "users" WHERE ("users"."username" =
'MyUSer'
) LIMIT 1
Rendering template within layouts/application
Rendering user_sessions/new
  SQL (0.0ms)   SELECT count(*) AS count_all FROM "users" WHERE
(last_request_at
 > '2008-12-25 11:48:03')
Completed in 157ms (View: 141, DB: 15) | 200 OK

When this code is run with script/server --debugger and the debug statements are activated then no breakpoint is ever encountered, indicating that the setter method in UserSession is never executed.

Comments and changes to this ticket

  • Ben Johnson

    Ben Johnson January 2nd, 2009 @ 01:32 PM

    • State changed from “new” to “resolved”

    I looked into this more, Authlogic defined it methods on the first instantiation, this way it can use your configuration and defined the methods with the proper names, making Authlogic feel more comfortable and clean. That being said, it was oerwriting your custom methods. I just pushed a changed to the repo that should fix this. Update from the repo and let me know if this solves your problems, it did in my tests.

  • James B. Byrne

    James B. Byrne January 2nd, 2009 @ 01:52 PM

    Yes, the version from the git repo does indeed correct the problem.

    Thank you. Sorry if I appeared too persistent.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket

Pages