rodauth 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9f7b621217958c77c148ee85c271e7e39548b02f
4
- data.tar.gz: f4fa75ad99266693763134533d5f7f0dc90de8ba
3
+ metadata.gz: 6ff15843042dfd35b89e9e6c76a54b571941248b
4
+ data.tar.gz: 04df40188862b7547b0f0ae7eb1cfb55aacbfd1a
5
5
  SHA512:
6
- metadata.gz: 9ce46e8a0b1d1b5f5a2994d4ab3d70503fd5da9f968fa0dc1cbd938cd9ce2d327c8dd427fd09a4c8242b2dbdb8be4f428c40277008352021c91b97ad438689fb
7
- data.tar.gz: 6535d95d9d3573f5c7190b990d448f983757d674a4df73662de2567ca197fcc63867773a86a4f3617edc26c4a2cd54f3bb741ba3153f503a8f69094c8a89a3d3
6
+ metadata.gz: ec10b0e76411b3512ca463700e29659a5fb258e13ecde5be57d906e133e40cb9a2760e9d4ffca1e3fe0ed6a1911336449373abfcb58200d112ff341aa3372185
7
+ data.tar.gz: 05327fbf88823044fa475f3cfe48ec417532882f02fd320533ecdaac548a65ca7544db8e6f0298218e2f8ffbd53d1291e7fb386f01adbf6de0cb82da2cd467d7
data/CHANGELOG CHANGED
@@ -1,4 +1,8 @@
1
- === HEAD
1
+ === 1.1.0 (2016-05-13)
2
+
3
+ * Support :csrf=>false and :flash=>false plugin options (jeremyevans)
4
+
5
+ === 1.0.0 (2016-04-15)
2
6
 
3
7
  * Remove invalid remember cookies to prevent unnecessary future database checks (jeremyevans)
4
8
 
@@ -645,6 +645,63 @@ inside a matching routing tree branch:
645
645
  # ...
646
646
  end
647
647
 
648
+ === +rodauth+ Methods
649
+
650
+ Most of Rodauth's functionality is exposed via +r.rodauth+, which allows
651
+ Rodauth to handle routes for the features you have enabled (such as +/login+
652
+ for login). However, as you have seen above, you may want to call methods on
653
+ the +rodauth+ object, such as for checking if the current request has been
654
+ authenticated.
655
+
656
+ Here are methods designed to be callable on the +rodauth+ object outside
657
+ +r.rodauth+:
658
+
659
+ require_login :: Require the session be logged in, redirecting the request to the
660
+ login page if the request has not been logged in.
661
+ require_authentication :: Similar to +require_login+, but also requires
662
+ two factor authentication if the account has setup
663
+ two factor authentication. Redirects the request to
664
+ the two factor authentication page if logged in but not
665
+ authenticated via two factors.
666
+ logged_in? :: Whether the session has been logged in.
667
+ authenticated? :: Similar to +logged_in?+, but if the account has setup two
668
+ factor authentication, whether the session has authenticated
669
+ via two factors.
670
+ require_two_factor_setup :: (two_factor_base feature) Require the session to have
671
+ setup two factor authentication, redirecting the
672
+ request to the two factor authentication setup page
673
+ if not.
674
+ uses_two_factor_authentication? :: (two_factor_base feature) Whether the account
675
+ for the current session has setup two factor
676
+ authentication.
677
+ update_last_activity :: (account_expiration feature) Update the last activity
678
+ time for the current account. Only makes sense to use
679
+ this if you are expiring accounts based on last activity.
680
+ require_current_password :: (password_expiration feature) Require a current
681
+ password, redirecting the request to the change
682
+ password page if the password for the account has
683
+ expired.
684
+ load_memory :: (remember feature) If the session has not been authenticated, look
685
+ for the remember cookie. If present and valid, automatically
686
+ log the session in, but mark that it was logged in via a remember
687
+ key.
688
+ logged_in_via_remember_key? :: (remember feature) Whether the current session has
689
+ been logged in via a remember key. For security
690
+ sensitive actions where you want to require the user
691
+ to reenter the password, you can use the
692
+ confirm_password feature.
693
+ check_session_expiration :: (session_expiration feature) Check whether the current
694
+ session has expired, automatically logging the session
695
+ out if so.
696
+ check_single_session :: (single_session expiration) Check whether the current
697
+ session is still the only valid session, automatically logging
698
+ the session out if not.
699
+ verified_account? :: (verify_grace_period extension) Whether the account is currently
700
+ verified. If false, it is because the account is allowed to
701
+ login as they are in the grace period.
702
+ locked_out? :: (lockout feature) Whether the account for the current session has been
703
+ locked out.
704
+
648
705
  === With Multiple Configurations
649
706
 
650
707
  Rodauth supports using multiple rodauth configurations in the same
@@ -757,8 +814,8 @@ Rodauth:
757
814
 
758
815
  route do |r|
759
816
  r.rodauth
760
- env['rodauth'] = rodauth
761
817
  rodauth.require_authentication
818
+ env['rodauth'] = rodauth
762
819
  end
763
820
  end
764
821
 
@@ -779,6 +836,11 @@ For an example of integrating Rodauth into a real application that
779
836
  doesn't use Roda, see
780
837
  {this example integrating Rodauth into Ginatra, a Sinatra-based git repository viewer}[https://github.com/jeremyevans/ginatra/commit/28108ebec96e8d42596ee55b01c3f7b50c155dd1].
781
838
 
839
+ To see an example of integrating Rodauth into a Rails application, see
840
+ {this example porting Rodauth's demo site to Rails}[https://github.com/jeremyevans/rodauth-demo-rails].
841
+ This uses the {roda-rails gem}[https://github.com/jeremyevans/roda-rails]
842
+ so that Rodauth uses Rails' CSRF and flash support.
843
+
782
844
  === Using 2 Factor Authentication
783
845
 
784
846
  Rodauth ships with 2 factor authentication support via TOTP (Time-Based
@@ -0,0 +1,8 @@
1
+ = New Features
2
+
3
+ * The rodauth plugin now supports :csrf=>false and :flash=>false
4
+ options. This will make it so it no longer depends on the csrf
5
+ or flash plugins, which is useful when the csrf and flash
6
+ functionality is provided via a different approach, such as
7
+ when rodauth is being used inside middleware in a Rails
8
+ application with the roda-rails library.
@@ -12,8 +12,8 @@ module Rodauth
12
12
  unless opts[:json] == :only
13
13
  require 'tilt/string'
14
14
  app.plugin :render
15
- app.plugin :csrf
16
- app.plugin :flash
15
+ app.plugin :csrf unless opts[:csrf] == false
16
+ app.plugin :flash unless opts[:flash] == false
17
17
  app.plugin :h
18
18
  end
19
19
  end
@@ -1,7 +1,7 @@
1
1
  # frozen-string-literal: true
2
2
 
3
3
  module Rodauth
4
- VERSION = '1.0.0'.freeze
4
+ VERSION = '1.1.0'.freeze
5
5
 
6
6
  def self.version
7
7
  VERSION
@@ -188,4 +188,11 @@ describe 'Rodauth' do
188
188
  login
189
189
  page.body.must_equal 'email id'
190
190
  end
191
+
192
+ it "should support :csrf=>false and :flash=>false plugin options" do
193
+ rodauth{}
194
+ roda(:csrf=>false, :flash=>false){}
195
+ app.instance_variable_get(:@middleware).length.must_equal 1
196
+ app.ancestors.map(&:to_s).wont_include 'Roda::RodaPlugins::Flash::InstanceMethods'
197
+ end
191
198
  end
@@ -89,7 +89,7 @@ class Minitest::HooksSpec
89
89
  jwt = type == :jwt
90
90
  app = Class.new(jwt ? JsonBase : Base)
91
91
  rodauth_block = @rodauth_block
92
- opts = {}
92
+ opts = type.is_a?(Hash) ? type : {}
93
93
  opts[:json] = :only if jwt
94
94
  app.plugin(:rodauth, opts) do
95
95
  title_instance_variable :@title
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Evans
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-04-15 00:00:00.000000000 Z
11
+ date: 2016-05-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sequel
@@ -225,6 +225,7 @@ extra_rdoc_files:
225
225
  - doc/confirm_password.rdoc
226
226
  - doc/verify_change_login.rdoc
227
227
  - doc/release_notes/1.0.0.txt
228
+ - doc/release_notes/1.1.0.txt
228
229
  files:
229
230
  - CHANGELOG
230
231
  - MIT-LICENSE
@@ -250,6 +251,7 @@ files:
250
251
  - doc/password_grace_period.rdoc
251
252
  - doc/recovery_codes.rdoc
252
253
  - doc/release_notes/1.0.0.txt
254
+ - doc/release_notes/1.1.0.txt
253
255
  - doc/remember.rdoc
254
256
  - doc/reset_password.rdoc
255
257
  - doc/session_expiration.rdoc