RubyGems - better_auth - Versions diffs - 0.3.0 → 0.5.0 - Mend

better_auth 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +17 -0
data/README.md +24 -0
data/lib/better_auth/adapters/internal_adapter.rb +10 -7
data/lib/better_auth/adapters/memory.rb +57 -11
data/lib/better_auth/adapters/sql.rb +123 -20
data/lib/better_auth/api.rb +114 -9
data/lib/better_auth/async.rb +70 -0
data/lib/better_auth/configuration.rb +97 -7
data/lib/better_auth/context.rb +165 -12
data/lib/better_auth/cookies.rb +6 -4
data/lib/better_auth/core.rb +2 -0
data/lib/better_auth/crypto/jwe.rb +27 -5
data/lib/better_auth/crypto.rb +32 -0
data/lib/better_auth/database_hooks.rb +8 -8
data/lib/better_auth/deprecate.rb +28 -0
data/lib/better_auth/endpoint.rb +92 -5
data/lib/better_auth/error.rb +8 -1
data/lib/better_auth/host.rb +166 -0
data/lib/better_auth/instrumentation.rb +74 -0
data/lib/better_auth/logger.rb +31 -0
data/lib/better_auth/middleware/origin_check.rb +2 -2
data/lib/better_auth/oauth2.rb +94 -0
data/lib/better_auth/plugins/admin/schema.rb +2 -2
data/lib/better_auth/plugins/admin.rb +344 -16
data/lib/better_auth/plugins/anonymous.rb +37 -3
data/lib/better_auth/plugins/device_authorization.rb +102 -5
data/lib/better_auth/plugins/dub.rb +148 -0
data/lib/better_auth/plugins/email_otp.rb +261 -19
data/lib/better_auth/plugins/expo.rb +17 -1
data/lib/better_auth/plugins/generic_oauth.rb +67 -35
data/lib/better_auth/plugins/jwt.rb +37 -4
data/lib/better_auth/plugins/last_login_method.rb +2 -2
data/lib/better_auth/plugins/magic_link.rb +66 -3
data/lib/better_auth/plugins/mcp/authorization.rb +111 -0
data/lib/better_auth/plugins/mcp/config.rb +51 -0
data/lib/better_auth/plugins/mcp/consent.rb +31 -0
data/lib/better_auth/plugins/mcp/legacy_aliases.rb +39 -0
data/lib/better_auth/plugins/mcp/metadata.rb +81 -0
data/lib/better_auth/plugins/mcp/registration.rb +31 -0
data/lib/better_auth/plugins/mcp/resource_handler.rb +37 -0
data/lib/better_auth/plugins/mcp/schema.rb +91 -0
data/lib/better_auth/plugins/mcp/token.rb +108 -0
data/lib/better_auth/plugins/mcp/userinfo.rb +37 -0
data/lib/better_auth/plugins/mcp.rb +111 -263
data/lib/better_auth/plugins/multi_session.rb +61 -3
data/lib/better_auth/plugins/oauth_protocol.rb +173 -30
data/lib/better_auth/plugins/oauth_proxy.rb +26 -6
data/lib/better_auth/plugins/oidc_provider.rb +118 -14
data/lib/better_auth/plugins/one_tap.rb +7 -2
data/lib/better_auth/plugins/one_time_token.rb +42 -2
data/lib/better_auth/plugins/open_api.rb +163 -318
data/lib/better_auth/plugins/organization/schema.rb +6 -0
data/lib/better_auth/plugins/organization.rb +186 -56
data/lib/better_auth/plugins/phone_number.rb +141 -6
data/lib/better_auth/plugins/siwe.rb +69 -3
data/lib/better_auth/plugins/two_factor.rb +118 -41
data/lib/better_auth/plugins/username.rb +57 -2
data/lib/better_auth/rate_limiter.rb +38 -0
data/lib/better_auth/request_state.rb +44 -0
data/lib/better_auth/response.rb +42 -0
data/lib/better_auth/router.rb +7 -1
data/lib/better_auth/routes/account.rb +220 -42
data/lib/better_auth/routes/email_verification.rb +98 -14
data/lib/better_auth/routes/password.rb +126 -8
data/lib/better_auth/routes/session.rb +128 -13
data/lib/better_auth/routes/sign_in.rb +26 -2
data/lib/better_auth/routes/sign_out.rb +13 -1
data/lib/better_auth/routes/sign_up.rb +70 -4
data/lib/better_auth/routes/social.rb +132 -7
data/lib/better_auth/routes/user.rb +228 -20
data/lib/better_auth/routes/validation.rb +50 -0
data/lib/better_auth/secret_config.rb +115 -0
data/lib/better_auth/session.rb +13 -2
data/lib/better_auth/url_helpers.rb +206 -0
data/lib/better_auth/version.rb +1 -1
data/lib/better_auth.rb +12 -0
metadata +23 -1

data/lib/better_auth/endpoint.rb CHANGED Viewed

@@ -7,18 +7,24 @@ module BetterAuth
     attr_reader :path,
       :body_schema,
       :query_schema,
+      :params_schema,
       :headers_schema,
       :metadata,
+      :options,
       :use,
       :handler
-    def initialize(path: nil, method: nil, body_schema: nil, query_schema: nil, headers_schema: nil, metadata: {}, use: [], &handler)
+    def initialize(path: nil, method: nil, body_schema: nil, query_schema: nil, params_schema: nil, headers_schema: nil, metadata: {}, use: [], &handler)
       @path = path
       @methods = Array(method || "*").map { |value| value.to_s.upcase }
       @body_schema = body_schema
       @query_schema = query_schema
+      @params_schema = params_schema
       @headers_schema = headers_schema
       @metadata = metadata || {}
+      apply_default_open_api_metadata!
+      apply_open_api_schemas!
+      @options = endpoint_options
       @use = Array(use)
       @handler = handler || ->(_ctx) {}
     end
@@ -44,9 +50,38 @@ module BetterAuth
     private
+    def endpoint_options
+      {
+        method: (methods.length == 1) ? methods.first : methods,
+        body: body_schema,
+        query: query_schema,
+        params: params_schema,
+        headers: headers_schema,
+        metadata: metadata
+      }.compact
+    end
+    def apply_default_open_api_metadata!
+      return unless path
+      return if metadata[:openapi] || metadata[:hide] || metadata[:SERVER_ONLY] || metadata[:server_only]
+      return unless defined?(BetterAuth::OpenAPI)
+      metadata[:openapi] = BetterAuth::OpenAPI.default_metadata(path, methods)
+    end
+    def apply_open_api_schemas!
+      openapi = fetch_key(metadata, :openapi)
+      return unless openapi.is_a?(Hash)
+      @body_schema ||= schema_for_open_api_request_body(openapi)
+      @query_schema ||= schema_for_open_api_parameters(openapi, "query")
+      @headers_schema ||= schema_for_open_api_parameters(openapi, "header")
+    end
     def apply_schemas!(context)
       context.body = validate_schema(:body, body_schema, context.body)
       context.query = validate_schema(:query, query_schema, context.query)
+      context.params = validate_schema(:params, params_schema, context.params)
       context.headers = context.send(:normalize_headers, validate_schema(:headers, headers_schema, context.headers))
     end
@@ -83,6 +118,54 @@ module BetterAuth
       result
     end
+    def schema_for_open_api_request_body(openapi)
+      schema = fetch_key(fetch_key(fetch_key(fetch_key(openapi, :requestBody), :content), "application/json"), :schema)
+      required = Array(fetch_key(schema, :required)).map(&:to_s)
+      return nil if required.empty?
+      ->(value) { validate_required_open_api_fields(value, required) }
+    end
+    def schema_for_open_api_parameters(openapi, location)
+      required = Array(fetch_key(openapi, :parameters))
+        .select { |parameter| parameter.is_a?(Hash) && fetch_key(parameter, :in).to_s == location && fetch_key(parameter, :required) == true }
+        .filter_map { |parameter| fetch_key(parameter, :name) }
+        .map(&:to_s)
+      return nil if required.empty?
+      ->(value) { validate_required_open_api_fields(value, required) }
+    end
+    def validate_required_open_api_fields(value, required)
+      data = normalize_open_api_input(value)
+      return false unless required.all? { |key| data.key?(open_api_storage_key(key)) && !data[open_api_storage_key(key)].nil? }
+      value
+    end
+    def normalize_open_api_input(value)
+      return {} unless value.is_a?(Hash)
+      value.each_with_object({}) do |(key, object_value), result|
+        result[open_api_storage_key(key)] = object_value
+      end
+    end
+    def open_api_storage_key(key)
+      key.to_s
+        .gsub(/([a-z\d])([A-Z])/, "\\1_\\2")
+        .tr("-", "_")
+        .downcase
+        .split("_")
+        .then { |parts| ([parts.first] + parts.drop(1).map(&:capitalize)).join }
+    end
+    def fetch_key(hash, key)
+      return nil unless hash.respond_to?(:[])
+      hash[key] || hash[key.to_s]
+    end
     class Result
       attr_accessor :response, :status, :headers
@@ -97,7 +180,7 @@ module BetterAuth
         return value if value.is_a?(self)
         if value.is_a?(APIError)
-          return new(response: value, status: value.status_code, headers: value.headers)
+          return new(response: value, status: value.status_code, headers: merge_headers(context.response_headers, value.headers))
         end
         if rack_response?(value)
@@ -133,17 +216,21 @@ module BetterAuth
       end
       def to_rack_response
-        return @raw_response if raw_response?
+        to_response.to_a
+      end
+      def to_response
+        return Response.from_rack(@raw_response) if raw_response?
         body = if response.nil?
-          [""]
+          [JSON.generate(nil)]
         elsif response.is_a?(String)
           [response]
         else
           [JSON.generate(response)]
         end
         response_headers = {"content-type" => "application/json"}.merge(headers)
-        [status, response_headers, body]
+        Response.new(status: status, headers: response_headers, body: body)
       end
       private

data/lib/better_auth/error.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module BetterAuth
     "SOCIAL_ACCOUNT_ALREADY_LINKED" => "Social account already linked",
     "PROVIDER_NOT_FOUND" => "Provider not found",
     "INVALID_TOKEN" => "Invalid token",
+    "TOKEN_EXPIRED" => "Token expired",
     "ID_TOKEN_NOT_SUPPORTED" => "id_token not supported",
     "FAILED_TO_GET_USER_INFO" => "Failed to get user info",
     "USER_EMAIL_NOT_FOUND" => "User email not found",
@@ -47,6 +48,12 @@ module BetterAuth
     "FIELD_NOT_ALLOWED" => "Field not allowed to be set",
     "ASYNC_VALIDATION_NOT_SUPPORTED" => "Async validation is not supported",
     "VALIDATION_ERROR" => "Validation Error",
-    "MISSING_FIELD" => "Field is required"
+    "MISSING_FIELD" => "Field is required",
+    "BODY_MUST_BE_AN_OBJECT" => "Body must be an object",
+    "METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED" => "POST method requires deferSessionRefresh to be enabled in session config",
+    "PASSWORD_ALREADY_SET" => "User already has a password set",
+    "RESET_PASSWORD_DISABLED" => "Reset password isn't enabled",
+    "EMAIL_PASSWORD_DISABLED" => "Email and password is not enabled",
+    "EMAIL_PASSWORD_SIGN_UP_DISABLED" => "Email and password sign up is not enabled"
   }.freeze
 end

data/lib/better_auth/host.rb ADDED Viewed

@@ -0,0 +1,166 @@
+# frozen_string_literal: true
+require "ipaddr"
+module BetterAuth
+  module Host
+    CLOUD_METADATA_HOSTS = [
+      "metadata.google.internal",
+      "metadata.goog",
+      "metadata",
+      "instance-data",
+      "instance-data.ec2.internal"
+    ].freeze
+    module_function
+    def classify_host(host)
+      canonical_input = normalize_input(host)
+      lowered = canonical_input.downcase
+      return {kind: :reserved, literal: :fqdn, canonical: ""} if lowered.empty?
+      address = parse_ip(lowered)
+      unless address
+        return {kind: :localhost, literal: :fqdn, canonical: lowered} if lowered == "localhost" || lowered.end_with?(".localhost")
+        return {kind: :cloud_metadata, literal: :fqdn, canonical: lowered} if CLOUD_METADATA_HOSTS.include?(lowered)
+        return {kind: :public, literal: :fqdn, canonical: lowered}
+      end
+      native = address.respond_to?(:native) ? address.native : address
+      if native.ipv4?
+        canonical = native.to_s
+        return {kind: classify_ipv4(canonical), literal: :ipv4, canonical: canonical}
+      end
+      canonical = expanded_ipv6(native)
+      {kind: classify_ipv6(canonical), literal: :ipv6, canonical: canonical}
+    end
+    def loopback_ip?(host)
+      classify_host(host)[:kind] == :loopback
+    end
+    def loopback_host?(host)
+      [:loopback, :localhost].include?(classify_host(host)[:kind])
+    end
+    def public_routable_host?(host)
+      classify_host(host)[:kind] == :public
+    end
+    def normalize_input(host)
+      value = host.to_s.strip
+      value = strip_port(value)
+      value = value[1...-1] if value.start_with?("[") && value.end_with?("]")
+      value = value.split("%", 2).first || ""
+      value.gsub(/\.+\z/, "")
+    end
+    def strip_port(host)
+      if host.start_with?("[")
+        closing = host.index("]")
+        return host unless closing
+        return host[0..closing] if host[(closing + 1)..]&.match?(/\A:\d+\z/)
+        return host
+      end
+      first_colon = host.index(":")
+      return host unless first_colon
+      return host if host.index(":", first_colon + 1)
+      host[0...first_colon]
+    end
+    def parse_ip(host)
+      IPAddr.new(host)
+    rescue ArgumentError
+      nil
+    end
+    def classify_ipv4(ip)
+      return :unspecified if ip == "0.0.0.0"
+      return :broadcast if ip == "255.255.255.255"
+      value = ipv4_to_i(ip)
+      return :loopback if ipv4_range?(value, "127.0.0.0", 8)
+      return :private if ipv4_range?(value, "10.0.0.0", 8)
+      return :private if ipv4_range?(value, "172.16.0.0", 12)
+      return :private if ipv4_range?(value, "192.168.0.0", 16)
+      return :link_local if ipv4_range?(value, "169.254.0.0", 16)
+      return :shared_address_space if ipv4_range?(value, "100.64.0.0", 10)
+      return :documentation if ipv4_range?(value, "192.0.2.0", 24)
+      return :documentation if ipv4_range?(value, "198.51.100.0", 24)
+      return :documentation if ipv4_range?(value, "203.0.113.0", 24)
+      return :benchmarking if ipv4_range?(value, "198.18.0.0", 15)
+      return :multicast if ipv4_range?(value, "224.0.0.0", 4)
+      return :reserved if ipv4_range?(value, "0.0.0.0", 8)
+      return :reserved if ipv4_range?(value, "192.0.0.0", 24)
+      return :reserved if ipv4_range?(value, "240.0.0.0", 4)
+      :public
+    end
+    def ipv4_to_i(ip)
+      ip.split(".").map(&:to_i).reduce(0) { |sum, part| (sum << 8) + part }
+    end
+    def ipv4_range?(value, prefix, length)
+      mask = (length == 32) ? 0xffffffff : ((0xffffffff << (32 - length)) & 0xffffffff)
+      (value & mask) == (ipv4_to_i(prefix) & mask)
+    end
+    def classify_ipv6(expanded)
+      return :unspecified if expanded == "0000:0000:0000:0000:0000:0000:0000:0000"
+      return :loopback if expanded == "0000:0000:0000:0000:0000:0000:0000:0001"
+      first_byte = expanded[0, 2].to_i(16)
+      second_byte = expanded[2, 2].to_i(16)
+      return :multicast if first_byte == 0xff
+      return :link_local if first_byte == 0xfe && (second_byte & 0xc0) == 0x80
+      return :private if (first_byte & 0xfe) == 0xfc
+      return :documentation if expanded.start_with?("2001:0db8:")
+      if expanded.start_with?("2002:")
+        embedded = embedded_ipv4(expanded, 1)
+        return (classify_ipv4(embedded) == :public) ? :public : :reserved if embedded
+      end
+      if expanded.start_with?("0064:ff9b:0000:0000:0000:0000:")
+        embedded = embedded_ipv4(expanded, 6)
+        return :reserved if embedded
+      end
+      if expanded.start_with?("2001:0000:")
+        embedded = embedded_ipv4(expanded, 6, xor: true)
+        return :reserved if embedded
+      end
+      return :reserved if expanded.start_with?("0100:0000:0000:0000:")
+      :public
+    end
+    def embedded_ipv4(expanded, start_group, xor: false)
+      groups = expanded.split(":")
+      combined = (groups.fetch(start_group).to_i(16) << 16) | groups.fetch(start_group + 1).to_i(16)
+      combined ^= 0xffffffff if xor
+      [
+        (combined >> 24) & 0xff,
+        (combined >> 16) & 0xff,
+        (combined >> 8) & 0xff,
+        combined & 0xff
+      ].join(".")
+    rescue IndexError
+      nil
+    end
+    def expanded_ipv6(address)
+      address.hton.bytes.each_slice(2).map do |high, low|
+        ((high << 8) + low).to_s(16).rjust(4, "0")
+      end.join(":")
+    end
+  end
+end

data/lib/better_auth/instrumentation.rb ADDED Viewed

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+module BetterAuth
+  module Instrumentation
+    module SpanStatusCode
+      UNSET = 0
+      OK = 1
+      ERROR = 2
+    end
+    class NoopSpan
+      def set_attribute(_key, _value)
+        self
+      end
+      def set_attributes(_attributes)
+        self
+      end
+      def record_exception(_error)
+        self
+      end
+      def set_status(_status)
+        self
+      end
+      def add_event(_name, _attributes = nil)
+        self
+      end
+      def end
+        self
+      end
+    end
+    class NoopTracer
+      def start_active_span(_name, attributes: {}, &block)
+        span = NoopSpan.new
+        return span unless block
+        block.call(span)
+      ensure
+        span&.end
+      end
+    end
+    class Trace
+      def get_tracer(_name = "better-auth")
+        NoopTracer.new
+      end
+      def get_active_span
+        NoopSpan.new
+      end
+    end
+    module_function
+    def trace
+      @trace ||= Trace.new
+    end
+    def with_span(name, attributes: {}, &block)
+      trace.get_tracer("better-auth").start_active_span(name, attributes: attributes) do |span|
+        block.call(span)
+      rescue => error
+        span.record_exception(error)
+        span.set_status(SpanStatusCode::ERROR)
+        raise
+      end
+    end
+  end
+end

data/lib/better_auth/logger.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module BetterAuth
+  module Logger
+    LEVELS = [:debug, :info, :success, :warn, :error].freeze
+    Internal = Struct.new(:level, :disabled, :handler, keyword_init: true) do
+      LEVELS.each do |log_level|
+        define_method(log_level) do |message, *args|
+          return if disabled || !Logger.should_publish?(level, log_level)
+          if handler
+            handler.call((log_level == :success) ? :info : log_level, message, *args)
+          else
+            Kernel.warn("#{log_level.upcase} [Better Auth]: #{message}")
+          end
+        end
+      end
+    end
+    module_function
+    def should_publish?(current_log_level, log_level)
+      LEVELS.index(log_level.to_sym).to_i >= LEVELS.index(current_log_level.to_sym).to_i
+    end
+    def create(level: :warn, disabled: false, log: nil, **)
+      Internal.new(level: level.to_sym, disabled: disabled, handler: log)
+    end
+  end
+end

data/lib/better_auth/middleware/origin_check.rb CHANGED Viewed

@@ -14,7 +14,7 @@ module BetterAuth
         validate_origin(endpoint_context)
         validate_fetch_metadata(endpoint_context)
-        return if skip_origin_check?(endpoint_context)
+        return if skip_origin_check?(endpoint_context) || skip_origin_path?(endpoint_context)
         validate_callback_urls(endpoint_context)
         nil
@@ -87,7 +87,7 @@ module BetterAuth
       end
       def skip_origin_check?(endpoint_context)
-        !!endpoint_context.context.options.advanced[:disable_origin_check]
+        endpoint_context.context.options.advanced[:disable_origin_check] == true
       end
       def skip_csrf_for_backward_compat?(endpoint_context)

data/lib/better_auth/oauth2.rb ADDED Viewed

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+require "base64"
+require "net/http"
+require "uri"
+require "jwt"
+module BetterAuth
+  module OAuth2
+    module_function
+    def validate_token(token, jwks:, audience: nil, issuer: nil)
+      header = JWT.decode(token, nil, false).last
+      kid = header["kid"]
+      raise APIError.new("UNAUTHORIZED", message: "Missing jwt kid") if kid.to_s.empty?
+      key_data = Array(jwks["keys"] || jwks[:keys]).find { |key| (key["kid"] || key[:kid]).to_s == kid.to_s }
+      raise APIError.new("UNAUTHORIZED", message: "kid doesn't match any key") unless key_data
+      public_key = JWT::JWK.import(stringify_keys(key_data)).public_key
+      algorithm = header["alg"] || key_data["alg"] || key_data[:alg]
+      options = {algorithm: algorithm}
+      options[:aud] = audience if audience
+      options[:verify_aud] = true if audience
+      options[:iss] = issuer if issuer
+      options[:verify_iss] = true if issuer
+      JWT.decode(token, public_key, true, **options).first
+    rescue JWT::DecodeError => error
+      raise APIError.new("UNAUTHORIZED", message: error.message)
+    end
+    def refresh_access_token(refresh_token:, token_endpoint:, options:, authentication: nil, extra_params: nil, resource: nil, fetcher: nil)
+      request = create_refresh_access_token_request(
+        refresh_token: refresh_token,
+        options: options,
+        authentication: authentication,
+        extra_params: extra_params,
+        resource: resource
+      )
+      data = fetcher ? fetcher.call(token_endpoint, request) : post_form(token_endpoint, request)
+      now = Time.now
+      tokens = {
+        access_token: data["access_token"] || data[:access_token],
+        refresh_token: data["refresh_token"] || data[:refresh_token],
+        token_type: data["token_type"] || data[:token_type],
+        scopes: (data["scope"] || data[:scope])&.split(" "),
+        id_token: data["id_token"] || data[:id_token]
+      }.compact
+      expires_in = data["expires_in"] || data[:expires_in]
+      tokens[:access_token_expires_at] = now + expires_in.to_i if expires_in
+      refresh_expires_in = data["refresh_token_expires_in"] || data[:refresh_token_expires_in]
+      tokens[:refresh_token_expires_at] = now + refresh_expires_in.to_i if refresh_expires_in
+      tokens
+    end
+    def create_refresh_access_token_request(refresh_token:, options:, authentication: nil, extra_params: nil, resource: nil)
+      body = {
+        "grant_type" => "refresh_token",
+        "refresh_token" => refresh_token
+      }
+      headers = {
+        "content-type" => "application/x-www-form-urlencoded",
+        "accept" => "application/json"
+      }
+      client_id = Array(options[:client_id] || options["client_id"] || options[:clientId] || options["clientId"]).first
+      client_secret = options[:client_secret] || options["client_secret"] || options[:clientSecret] || options["clientSecret"]
+      if authentication.to_s == "basic"
+        headers["authorization"] = "Basic #{Base64.strict_encode64("#{client_id}:#{client_secret}")}"
+      else
+        body["client_id"] = client_id if client_id
+        body["client_secret"] = client_secret if client_secret
+      end
+      Array(resource).each { |entry| (body["resource"] ||= []) << entry } if resource
+      extra_params&.each { |key, value| body[key.to_s] = value }
+      {body: body, headers: headers}
+    end
+    def post_form(token_endpoint, request)
+      uri = URI.parse(token_endpoint)
+      response = Net::HTTP.post(uri, URI.encode_www_form(request[:body]), request[:headers])
+      JSON.parse(response.body)
+    end
+    def stringify_keys(hash)
+      hash.each_with_object({}) do |(key, value), result|
+        result[key.to_s] = value.is_a?(Hash) ? stringify_keys(value) : value
+      end
+    end
+  end
+end

data/lib/better_auth/plugins/admin/schema.rb CHANGED Viewed

@@ -11,8 +11,8 @@ module BetterAuth
             fields: {
               role: {type: "string", required: false, input: false},
               banned: {type: "boolean", required: false, input: false, default_value: false},
-              banReason: {type: "string", required: false, input: false},
-              banExpires: {type: "date", required: false, input: false}
+              banReason: {type: "string", required: false, input: false, default_value: nil},
+              banExpires: {type: "date", required: false, input: false, default_value: nil}
             }
           },
           session: {