rodauth 1.19.1 → 1.20.0

data/spec/verify_account_spec.rb

@@ -3,10 +3,14 @@ require File.expand_path("spec_helper", File.dirname(__FILE__))
 describe 'Rodauth verify_account feature' do
   it "should support verifying accounts" do
     last_sent_column = nil
+    secret = nil
+    allow_raw_token = false
     rodauth do
       enable :login, :create_account, :verify_account
       verify_account_autologin? false
       verify_account_email_last_sent_column{last_sent_column}
+      hmac_secret{secret}
+      allow_raw_email_token?{allow_raw_token}
     end
     roda do |r|
       r.rodauth
@@ -73,8 +77,13 @@ describe 'Rodauth verify_account feature' do
 
     link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
     visit link[0...-1]
-    page.find('#error_flash').text.must_equal "invalid verify account key"
+    page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
 
+    secret = SecureRandom.random_bytes(32)
+    visit link
+    page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
+
+    allow_raw_token = true
     visit link
     click_button 'Verify Account'
     page.find('#notice_flash').text.must_equal "Your account has been verified"
@@ -87,11 +96,13 @@ describe 'Rodauth verify_account feature' do
 
   [false, true].each do |ph|
     it "should support setting passwords when verifying accounts #{'with account_password_hash_column' if ph}" do
+      initial_secret = secret = SecureRandom.random_bytes(32)
       rodauth do
         enable :login, :create_account, :verify_account
         account_password_hash_column :ph if ph
         verify_account_autologin? false
         verify_account_set_password? true
+        hmac_secret{secret}
       end
       roda do |r|
         r.rodauth
@@ -105,6 +116,12 @@ describe 'Rodauth verify_account feature' do
       page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
 
       link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
+
+      secret = SecureRandom.random_bytes(32)
+      visit link
+      page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
+
+      secret = initial_secret
       visit link
       fill_in 'Password', :with=>'0123456789'
       fill_in 'Confirm Password', :with=>'012345678'

data/spec/verify_login_change_spec.rb

@@ -36,7 +36,7 @@ describe 'Rodauth verify_login_change feature' do
     logout
 
     visit link
-    page.find('#error_flash').text.must_equal "invalid verify login change key"
+    page.find('#error_flash').text.must_equal "There was an error verifying your login change: invalid verify login change key"
 
     visit new_link
     page.title.must_equal 'Verify Login Change'
@@ -128,7 +128,7 @@ describe 'Rodauth verify_login_change feature' do
     page.current_path.must_equal '/login'
 
     visit link
-    page.find('#error_flash').text.must_equal "invalid verify login change key"
+    page.find('#error_flash').text.must_equal "There was an error verifying your login change: invalid verify login change key"
   end
 
   it "should handle uniqueness errors raised when inserting verify login change entry" do

data/templates/add-recovery-codes.str

@@ -1,2 +1,2 @@
 <pre id="recovery-codes">#{rodauth.recovery_codes.map{|s| h s}.join("\n\n")}</pre>
-#{"<h2>Add Additional Recovery Codes</h2>#{rodauth.render('recovery-codes')}" if rodauth.can_add_recovery_codes?}
+#{"#{rodauth.add_recovery_codes_heading}#{rodauth.render('recovery-codes')}" if rodauth.can_add_recovery_codes?}

data/templates/change-password.str

@@ -3,9 +3,9 @@
   #{rodauth.csrf_tag}
   #{rodauth.render('password-field') if rodauth.change_password_requires_password?}
   <div class="form-group">
-    <label class="col-sm-2 control-label" for="new-password">#{rodauth.new_password_label}</label>
+    <label class="col-sm-2 control-label" for="new-password">#{rodauth.new_password_label}#{rodauth.input_field_label_suffix}</label>
     <div class="col-sm-10">
-      <input type="password" class="form-control#{' error' if rodauth.field_error(rodauth.new_password_param)}" name="#{rodauth.new_password_param}" id="new-password"/> #{rodauth.field_error(rodauth.new_password_param)}
+      #{rodauth.input_field_string(rodauth.new_password_param, 'new-password', :type => 'password')}
     </div>
   </div>
   #{rodauth.render('password-confirm-field') if rodauth.require_password_confirmation?}

data/templates/login-confirm-field.str

@@ -1,6 +1,6 @@
 <div class="form-group">
-  <label class="col-sm-2 control-label" for="login-confirm">#{rodauth.login_confirm_label}</label>
+  <label class="col-sm-2 control-label" for="login-confirm">#{rodauth.login_confirm_label}#{rodauth.input_field_label_suffix}</label>
   <div class="col-sm-10">
-    <input type="text" class="form-control" name="login-confirm" id="#{rodauth.login_confirm_param}" value="#{h rodauth.param(rodauth.login_confirm_param)}"/>
+    #{rodauth.input_field_string(rodauth.login_confirm_param, 'login-confirm', :type=>rodauth.login_input_type)}
   </div>
 </div>

data/templates/login-field.str

@@ -1,6 +1,6 @@
 <div class="form-group">
-  <label class="col-sm-2 control-label" for="login">#{rodauth.login_label}</label>
+  <label class="col-sm-2 control-label" for="login">#{rodauth.login_label}#{rodauth.input_field_label_suffix}</label>
   <div class="col-sm-10">
-    <input type="text" class="form-control#{' error' if rodauth.field_error(rodauth.login_param)}" name="#{rodauth.login_param}" id="login" value="#{h rodauth.param(rodauth.login_param)}"/> #{rodauth.field_error(rodauth.login_param)}
+    #{rodauth.input_field_string(rodauth.login_param, 'login', :type=>rodauth.login_input_type)}
   </div>
 </div>

data/templates/otp-auth-code-field.str

@@ -1,6 +1,6 @@
 <div class="form-group">
-  <label class="col-sm-4 control-label" for="otp-auth-code">#{rodauth.otp_auth_label}</label>
+  <label class="col-sm-4 control-label" for="otp-auth-code">#{rodauth.otp_auth_label}#{rodauth.input_field_label_suffix}</label>
   <div class="col-sm-3">
-    <input type="text" class="form-control#{' error' if rodauth.field_error(rodauth.otp_auth_param)}" name="#{rodauth.otp_auth_param}" id="otp-auth-code" value=""/> #{rodauth.field_error(rodauth.otp_auth_param)}
+    #{rodauth.input_field_string(rodauth.otp_auth_param, 'otp-auth-code', :value=>'', :attr=>'autocomplete="off"' )}
   </div>
 </div>

data/templates/otp-setup.str

@@ -1,10 +1,11 @@
 <form method="post" class="rodauth form-horizontal" role="form" id="otp-setup-form">
   #{rodauth.otp_setup_additional_form_tags}
-  <input type="hidden" id="otp-key" name="#{rodauth.otp_setup_param}" value="#{rodauth.otp_key}" />
+  <input type="hidden" id="otp-key" name="#{rodauth.otp_setup_param}" value="#{rodauth.otp_user_key}" />
+  #{"<input type=\"hidden\" id=\"otp-hmac-secret\" name=\"#{rodauth.otp_setup_raw_param}\" value=\"#{rodauth.otp_key}\" />" if rodauth.otp_keys_use_hmac?}
   #{rodauth.csrf_tag}
   <div class="form-group">
-    <p>Secret: #{rodauth.otp_key}</p>
-    <p>Provisioning URL: #{rodauth.otp_provisioning_uri}</p>
+    <p>#{rodauth.otp_secret_label}: #{rodauth.otp_user_key}</p>
+    <p>#{rodauth.otp_provisioning_uri_label}: #{rodauth.otp_provisioning_uri}</p>
   </div>
  
   <div class="row">

data/templates/password-confirm-field.str

@@ -1,6 +1,6 @@
 <div class="form-group">
-  <label class="col-sm-2 control-label" for="password-confirm">#{rodauth.password_confirm_label}</label>
+  <label class="col-sm-2 control-label" for="password-confirm">#{rodauth.password_confirm_label}#{rodauth.input_field_label_suffix}</label>
   <div class="col-sm-10">
-    <input type="password" class="form-control" name="#{rodauth.password_confirm_param}" id="password-confirm"/>
+    #{rodauth.input_field_string(rodauth.password_confirm_param, 'password-confirm', :type => 'password')}
   </div>
 </div>

data/templates/password-field.str

@@ -1,6 +1,6 @@
 <div class="form-group">
-  <label class="col-sm-2 control-label" for="password">#{rodauth.password_label}</label>
+  <label class="col-sm-2 control-label" for="password">#{rodauth.password_label}#{rodauth.input_field_label_suffix}</label>
   <div class="col-sm-10">
-    <input type="password" class="form-control#{' error' if rodauth.field_error(rodauth.password_param)}" name="#{rodauth.password_param}" id="password"/> #{rodauth.field_error(rodauth.password_param)}
+    #{rodauth.input_field_string(rodauth.password_param, 'password', :type => 'password')}
   </div>
 </div>

data/templates/recovery-auth.str

@@ -2,9 +2,9 @@
   #{rodauth.recovery_auth_additional_form_tags}
   #{rodauth.csrf_tag}
   <div class="form-group">
-    <label class="col-sm-2 control-label" for="recovery_code">#{rodauth.recovery_codes_label}</label>
+    <label class="col-sm-2 control-label" for="recovery_code">#{rodauth.recovery_codes_label}#{rodauth.input_field_label_suffix}</label>
     <div class="col-sm-10">
-      <input type="text" class="form-control#{' error' if rodauth.field_error(rodauth.recovery_codes_param)}" name="#{rodauth.recovery_codes_param}" id="recovery_code" value=""/> #{rodauth.field_error(rodauth.recovery_codes_param)}
+      #{rodauth.input_field_string(rodauth.recovery_codes_param, 'recovery_code', :value => '')}
     </div>
   </div>
   #{rodauth.button(rodauth.recovery_auth_button)}

data/templates/reset-password-request.str

@@ -1,7 +1,7 @@
 <form action="#{rodauth.prefix}/#{rodauth.reset_password_request_route}" method="post" class="rodauth form-horizontal" role="form" id="reset-password-request-form">
   #{rodauth.reset_password_request_additional_form_tags}
   #{rodauth.csrf_tag("#{rodauth.prefix}/#{rodauth.reset_password_request_route}")}
-  <p>If you have forgotten your password, you can request a password reset: </p>
+  #{rodauth.reset_password_explanatory_text}
   #{(login = rodauth.param_or_nil(rodauth.login_param)) ? "<input type=\"hidden\" name=\"#{rodauth.login_param}\" value=\"#{h login}\"/>" : rodauth.render('login-field')}
   #{rodauth.button(rodauth.reset_password_request_button)}
 </form>

data/templates/sms-code-field.str

@@ -1,6 +1,6 @@
 <div class="form-group">
-  <label class="col-sm-3 control-label" for="sms-code">#{rodauth.sms_code_label}</label>
+  <label class="col-sm-3 control-label" for="sms-code">#{rodauth.sms_code_label}#{rodauth.input_field_label_suffix}</label>
   <div class="col-sm-3">
-    <input type="text" class="form-control#{' error' if rodauth.field_error(rodauth.sms_code_param)}" name="#{rodauth.sms_code_param}" id="sms-code" value=""/> #{rodauth.field_error(rodauth.sms_code_param)}
+    #{rodauth.input_field_string(rodauth.sms_code_param, 'sms-code', :value => '')}
   </div>
 </div>

data/templates/sms-setup.str

@@ -3,9 +3,9 @@
   #{rodauth.csrf_tag}
   #{rodauth.render('password-field') if rodauth.two_factor_modifications_require_password?}
   <div class="form-group">
-    <label class="col-sm-2 control-label" for="sms-phone">#{rodauth.sms_phone_label}</label>
+    <label class="col-sm-2 control-label" for="sms-phone">#{rodauth.sms_phone_label}#{rodauth.input_field_label_suffix}</label>
     <div class="col-sm-3">
-      <input type="text" class="form-control#{' error' if rodauth.field_error(rodauth.sms_phone_param)}" name="#{rodauth.sms_phone_param}" id="sms-phone" value="#{h rodauth.param(rodauth.sms_phone_param)}"/> #{rodauth.field_error(rodauth.sms_phone_param)}
+      #{rodauth.input_field_string(rodauth.sms_phone_param, 'sms-phone')}
     </div>
   </div>
   #{rodauth.button(rodauth.sms_setup_button)}

data/templates/unlock-account-request.str

@@ -2,6 +2,6 @@
   #{rodauth.unlock_account_request_additional_form_tags}
   #{rodauth.csrf_tag("#{rodauth.prefix}/#{rodauth.unlock_account_request_route}")}
   <input type="hidden" name="#{rodauth.login_param}" value="#{h rodauth.param(rodauth.login_param)}"/>
-  This account is currently locked out.  You can request that the account be unlocked: 
+  #{rodauth.unlock_account_request_explanatory_text}
   <input type="submit" class="btn btn-primary inline" value="#{rodauth.unlock_account_request_button}"/>
 </form>

data/templates/unlock-account.str

@@ -1,7 +1,7 @@
 <form method="post" class="rodauth form-horizontal" role="form" id="unlock-account-form">
   #{rodauth.unlock_account_additional_form_tags}
   #{rodauth.csrf_tag}
-  <p>This account is currently locked out.  You can unlock the account.</p>
+  #{rodauth.unlock_account_explanatory_text}
   #{rodauth.render('password-field') if rodauth.unlock_account_requires_password?}
   #{rodauth.button(rodauth.unlock_account_button)}
 </form>

data/templates/verify-account-resend.str

@@ -1,7 +1,7 @@
 <form action="#{rodauth.prefix}/#{rodauth.verify_account_resend_route}" method="post" class="rodauth form-horizontal" role="form" id="verify-account-resend-form">
   #{rodauth.verify_account_resend_additional_form_tags}
   #{rodauth.csrf_tag("#{rodauth.prefix}/#{rodauth.verify_account_resend_route}")}
-  <p>If you no longer have the email to verify the account, you can request that it be resent to you:</p>
+  #{rodauth.verify_account_resend_explanatory_text}
   #{(login = rodauth.param_or_nil(rodauth.login_param)) ? "<input type=\"hidden\" name=\"#{rodauth.login_param}\" value=\"#{h login}\"/>" : rodauth.render('login-field')}
   #{rodauth.button(rodauth.verify_account_resend_button)}
 </form>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 1.19.1
+  version: 1.20.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-16 00:00:00.000000000 Z
+date: 2019-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -229,6 +229,7 @@ extra_rdoc_files:
 - doc/update_password_hash.rdoc
 - doc/verify_account.rdoc
 - doc/email_auth.rdoc
+- doc/jwt_refresh.rdoc
 - doc/verify_account_grace_period.rdoc
 - doc/verify_login_change.rdoc
 - doc/release_notes/1.17.0.txt
@@ -251,6 +252,7 @@ extra_rdoc_files:
 - doc/release_notes/1.9.0.txt
 - doc/release_notes/1.18.0.txt
 - doc/release_notes/1.19.0.txt
+- doc/release_notes/1.20.0.txt
 files:
 - CHANGELOG
 - MIT-LICENSE
@@ -272,6 +274,7 @@ files:
 - doc/http_basic_auth.rdoc
 - doc/internals.rdoc
 - doc/jwt.rdoc
+- doc/jwt_refresh.rdoc
 - doc/lockout.rdoc
 - doc/login.rdoc
 - doc/login_password_requirements_base.rdoc
@@ -294,6 +297,7 @@ files:
 - doc/release_notes/1.18.0.txt
 - doc/release_notes/1.19.0.txt
 - doc/release_notes/1.2.0.txt
+- doc/release_notes/1.20.0.txt
 - doc/release_notes/1.3.0.txt
 - doc/release_notes/1.4.0.txt
 - doc/release_notes/1.5.0.txt
@@ -328,6 +332,7 @@ files:
 - lib/rodauth/features/email_base.rb
 - lib/rodauth/features/http_basic_auth.rb
 - lib/rodauth/features/jwt.rb
+- lib/rodauth/features/jwt_refresh.rb
 - lib/rodauth/features/lockout.rb
 - lib/rodauth/features/login.rb
 - lib/rodauth/features/login_password_requirements_base.rb
@@ -362,6 +367,7 @@ files:
 - spec/disallow_password_reuse_spec.rb
 - spec/email_auth_spec.rb
 - spec/http_basic_auth_spec.rb
+- spec/jwt_refresh_spec.rb
 - spec/jwt_spec.rb
 - spec/lockout_spec.rb
 - spec/login_spec.rb
@@ -432,7 +438,12 @@ files:
 homepage: https://github.com/jeremyevans/rodauth
 licenses:
 - MIT
-metadata: {}
+metadata:
+  bug_tracker_uri: https://github.com/jeremyevans/rodauth/issues
+  changelog_uri: http://rodauth.jeremyevans.net/rdoc/files/CHANGELOG.html
+  documentation_uri: http://rodauth.jeremyevans.net/documentation.html
+  mailing_list_uri: https://groups.google.com/forum/#!forum/rodauth
+  source_code_uri: https://github.com/jeremyevans/rodauth
 post_install_message: 
 rdoc_options:
 - "--quiet"
@@ -455,8 +466,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Authentication and Account Management Framework for Rack Applications