rodauth 1.20.0 → 2.1.0

data/Rakefile

@@ -1,179 +0,0 @@
-require "rake"
-require "rake/clean"
-
-CLEAN.include ["rodauth-*.gem", "rdoc", "coverage", "www/public/rdoc", "www/public/*.html"]
-
-# Packaging
-
-desc "Build rodauth gem"
-task :package=>[:clean] do |p|
-  sh %{#{FileUtils::RUBY} -S gem build rodauth.gemspec}
-end
-
-### RDoc
-
-RDOC_DEFAULT_OPTS = ["--line-numbers", "--inline-source", '--title', 'Rodauth: Authentication and Account Management Framework for Rack Applications']
-
-begin
-  gem 'hanna-nouveau'
-  RDOC_DEFAULT_OPTS.concat(['-f', 'hanna'])
-rescue Gem::LoadError
-end
-
-rdoc_task_class = begin
-  require "rdoc/task"
-  RDoc::Task
-rescue LoadError
-  require "rake/rdoctask"
-  Rake::RDocTask
-end
-
-RDOC_OPTS = RDOC_DEFAULT_OPTS + ['--main', 'README.rdoc']
-RDOC_FILES = %w"README.rdoc CHANGELOG MIT-LICENSE lib/**/*.rb" + Dir["doc/*.rdoc"] + Dir['doc/release_notes/*.txt']
-
-rdoc_task_class.new do |rdoc|
-  rdoc.rdoc_dir = "rdoc"
-  rdoc.options += RDOC_OPTS
-  rdoc.rdoc_files.add RDOC_FILES
-end
-
-# Specs
-
-desc "Run specs"
-task :default=>:spec
-
-spec = proc do |env|
-  env.each{|k,v| ENV[k] = v}
-  sh "#{FileUtils::RUBY} spec/all.rb"
-  env.each{|k,v| ENV.delete(k)}
-end
-
-desc "Run specs on PostgreSQL"
-task "spec" do
-  spec.call({})
-end
-
-desc "Run specs with coverage"
-task "spec_cov" do
-  ENV['COVERAGE'] = '1'
-  spec.call('COVERAGE'=>'1')
-end
-  
-desc "Run specs with -w, some warnings filtered"
-task "spec_w" do
-  rubyopt = ENV['RUBYOPT']
-  ENV['RUBYOPT'] = "#{rubyopt} -w"
-  spec.call('WARNING'=>'1')
-  ENV['RUBYOPT'] = rubyopt
-end
-
-desc "Setup database used for testing on PostgreSQL"
-task :db_setup_postgres do
-  sh 'psql -U postgres -c "CREATE USER rodauth_test PASSWORD \'rodauth_test\'"'
-  sh 'psql -U postgres -c "CREATE USER rodauth_test_password PASSWORD \'rodauth_test\'"'
-  sh 'createdb -U postgres -O rodauth_test rodauth_test'
-  sh 'psql -U postgres -c "CREATE EXTENSION citext" rodauth_test'
-  $: << 'lib'
-  require 'sequel'
-  Sequel.extension :migration
-  Sequel.postgres(:user=>'rodauth_test', :password=>'rodauth_test') do |db|
-    Sequel::Migrator.run(db, 'spec/migrate')
-  end
-  Sequel.postgres('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
-    Sequel::Migrator.run(db, 'spec/migrate_password', :table=>'schema_info_password')
-  end
-end
-
-desc "Teardown database used for testing on MySQL"
-task :db_teardown_postgres do
-  sh 'dropdb -U postgres rodauth_test'
-  sh 'dropuser -U postgres rodauth_test_password'
-  sh 'dropuser -U postgres rodauth_test'
-end
-
-desc "Setup database used for testing on MySQL"
-task :db_setup_mysql do
-  sh 'mysql --user=root -p mysql < spec/sql/mysql_setup.sql'
-  $: << 'lib'
-  require 'sequel'
-  Sequel.extension :migration
-  Sequel.mysql2('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
-    Sequel::Migrator.run(db, 'spec/migrate')
-  end
-  Sequel.mysql2('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
-    Sequel::Migrator.run(db, 'spec/migrate_password', :table=>'schema_info_password')
-  end
-end
-
-desc "Teardown database used for testing on MySQL"
-task :db_teardown_mysql do
-  sh 'mysql --user=root -p mysql < spec/sql/mysql_teardown.sql'
-end
-
-desc "Setup database used for testing on Microsoft SQL Server"
-task :db_setup_mssql do
-  sh 'sqlcmd -E -e -b -r1 -i spec\\sql\\mssql_setup.sql'
-  $: << 'lib'
-  require 'sequel'
-  Sequel.extension :migration
-  Sequel.tinytds('rodauth_test', :host=>'localhost', :user=>'rodauth_test_password', :password=>'Rodauth1.') do |db|
-    Sequel::Migrator.run(db, 'spec/migrate')
-  end
-  Sequel.tinytds('rodauth_test', :host=>'localhost', :user=>'rodauth_test_password', :password=>'Rodauth1.') do |db|
-    Sequel::Migrator.run(db, 'spec/migrate_password', :table=>'schema_info_password')
-  end
-end
-
-desc "Teardown database used for testing on Microsoft SQL Server"
-task :db_teardown_mssql do
-  sh 'sqlcmd -E -e -b -r1 -i spec\\sql\\mssql_teardown.sql'
-end
-
-desc "Run specs on MySQL"
-task :spec_mysql do
-  spec.call('RODAUTH_SPEC_DB'=>'mysql2://rodauth_test:rodauth_test@localhost/rodauth_test')
-end
-
-task :spec_travis do
-  if defined?(RUBY_ENGINE) && RUBY_ENGINE == 'jruby'
-    pg_db = 'jdbc:postgresql://localhost/rodauth_test?user=postgres'
-    my_db = "jdbc:mysql://localhost/rodauth_test?user=root"
-  else
-    pg_db = 'postgres:///rodauth_test?user=postgres'
-    my_db = "mysql2://localhost/rodauth_test?user=root"
-  end
-  sh 'psql -U postgres -c "CREATE EXTENSION citext" rodauth_test'
-  spec.call('RODAUTH_SPEC_MIGRATE'=>'1', 'RODAUTH_SPEC_DB'=>pg_db)
-  spec.call('RODAUTH_SPEC_MIGRATE'=>'1', 'RODAUTH_SPEC_DB'=>my_db)
-end
-
-desc "Run specs on SQLite"
-task :spec_sqlite do
-  spec_db = if defined?(RUBY_ENGINE) && RUBY_ENGINE == 'jruby'
-    'jdbc:sqlite::memory:'
-  else
-    'sqlite:/'
-  end
-  spec.call('RODAUTH_SPEC_MIGRATE'=>'1', 'RODAUTH_SPEC_DB'=>spec_db)
-end
-
-### Website
-
-rdoc_task_class.new(:website_rdoc) do |rdoc|
-  rdoc.rdoc_dir = "www/public/rdoc"
-  rdoc.options += RDOC_OPTS
-  rdoc.rdoc_files.add RDOC_FILES
-end
-
-desc "Make local version of website"
-task :website_base do
-  sh %{#{FileUtils::RUBY} -I lib www/make_www.rb}
-end
-
-desc "Make local version of website, with rdoc"
-task :website => [:website_base, :website_rdoc]
-
-desc "Serve local version of website via rackup"
-task :serve => :website do
-  sh %{#{FileUtils::RUBY} -C www -S rackup}
-end

data/doc/verify_change_login.rdoc

@@ -1,11 +0,0 @@
-= Documentation for Verify Change Login Feature
-
-This feature is deprecated, because it is possible for a user to get
-locked out of their account if they use the wrong address on the
-change login page.  It is recommended that users switch to using the
-verify login change feature, which doesn't change the login until
-after it has been verified.
-
-The verify change login feature implements account reverification after
-change login.  Depends on the change login and verify account grace
-period features.

data/lib/rodauth/features/verify_change_login.rb

@@ -1,20 +0,0 @@
-# frozen-string-literal: true
-
-module Rodauth
-  Feature.define(:verify_change_login, :VerifyChangeLogin) do
-    depends :change_login, :verify_account_grace_period
-
-    def change_login_notice_flash
-      "#{super}. #{verify_account_email_sent_notice_flash}"
-    end
-
-    private
-
-    def after_change_login
-      super
-      update_account(account_status_column=>account_unverified_status_value)
-      setup_account_verification
-      session[unverified_account_session_key] = true
-    end
-  end
-end

data/spec/account_expiration_spec.rb

@@ -1,225 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth account expiration feature' do
-  it "should force account expiration after x number of days since last login" do
-    rodauth do
-      enable :login, :logout, :account_expiration
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.last_account_login_at.strftime('%m%d%y')}" : "Not Logged"}
-    end
-
-    now = Time.now
-    2.times do
-      login
-      page.body.must_include "Logged In#{now.strftime('%m%d%y')}"
-
-      logout
-    end
-
-    DB[:account_activity_times].update(:last_login_at => Time.now - 181*86400)
-
-    2.times do
-      login
-      page.body.must_include 'Not Logged'
-      page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
-    end
-  end
-
-  it "should not allow resetting of passwords for expired accounts" do
-    rodauth do
-      enable :login, :logout, :account_expiration, :reset_password
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.last_account_login_at.strftime('%m%d%y')}" : "Not Logged"}
-    end
-
-    now = Time.now
-    login
-    page.body.must_include "Logged In#{now.strftime('%m%d%y')}"
-    logout
-
-    visit '/login'
-    click_link 'Forgot Password?'
-    fill_in 'Login', :with=>'foo@example.com'
-    click_button 'Request Password Reset'
-    link = email_link(/(\/reset-password\?key=.+)$/)
-
-    visit link
-    fill_in 'Password', :with=>'0123456'
-    fill_in 'Confirm Password', :with=>'0123456'
-    click_button 'Reset Password'
-    page.find('#notice_flash').text.must_equal "Your password has been reset"
-    page.current_path.must_equal '/'
-
-    visit '/login'
-    click_link 'Forgot Password?'
-    fill_in 'Login', :with=>'foo@example.com'
-    click_button 'Request Password Reset'
-    link = email_link(/(\/reset-password\?key=.+)$/)
-
-    DB[:account_activity_times].update(:last_login_at => Time.now - 181*86400)
-
-    visit link
-    page.title.must_equal 'Reset Password'
-    fill_in 'Password', :with=>'01234567'
-    fill_in 'Confirm Password', :with=>'01234567'
-    click_button 'Reset Password'
-    page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
-    page.body.must_include 'Not Logged'
-    page.current_path.must_equal '/'
-
-    visit '/login'
-    click_link 'Forgot Password?'
-    fill_in 'Login', :with=>'foo@example.com'
-    click_button 'Request Password Reset'
-    page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
-    page.body.must_include 'Not Logged'
-    page.current_path.must_equal '/'
-  end
-
-  it "should not allow account unlocks for expired accounts" do
-    rodauth do
-      enable :lockout, :account_expiration, :logout
-      max_invalid_logins 2
-      unlock_account_autologin? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")}
-    end
-
-    login
-    logout
-
-    visit '/login'
-    fill_in 'Login', :with=>'foo@example.com'
-    3.times do
-      fill_in 'Password', :with=>'012345678910'
-      click_button 'Login'
-    end
-
-    page.body.must_include("This account is currently locked out")
-    click_button 'Request Account Unlock'
-    page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account'
-    link = email_link(/(\/unlock-account\?key=.+)$/)
-
-    visit link
-    click_button 'Unlock Account'
-    page.find('#notice_flash').text.must_equal 'Your account has been unlocked'
-    page.body.must_include('Not Logged')
-
-    visit '/login'
-    fill_in 'Login', :with=>'foo@example.com'
-    3.times do
-      fill_in 'Password', :with=>'012345678910'
-      click_button 'Login'
-    end
-
-    page.body.must_include("This account is currently locked out")
-    click_button 'Request Account Unlock'
-    page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account'
-    link = email_link(/(\/unlock-account\?key=.+)$/)
-
-    DB[:account_activity_times].update(:last_login_at => Time.now - 181*86400)
-
-    visit link
-    click_button 'Unlock Account'
-    page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
-    page.body.must_include 'Not Logged'
-    page.current_path.must_equal '/'
-  end
-
-  it "should not allow account unlock requests for expired accounts" do
-    rodauth do
-      enable :lockout, :account_expiration, :logout
-      max_invalid_logins 2
-      unlock_account_autologin? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")}
-    end
-
-    login
-    logout
-
-    visit '/login'
-    fill_in 'Login', :with=>'foo@example.com'
-    3.times do
-      fill_in 'Password', :with=>'012345678910'
-      click_button 'Login'
-    end
-
-    DB[:account_activity_times].update(:last_login_at => Time.now - 181*86400)
-
-    page.body.must_include("This account is currently locked out")
-    click_button 'Request Account Unlock'
-    page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
-    page.body.must_include 'Not Logged'
-    page.current_path.must_equal '/'
-  end
-
-  it "should use last activity time if configured" do
-    rodauth do
-      enable :login, :logout, :account_expiration
-      expire_account_on_last_activity? true
-      account_expiration_error_flash{"Account expired on #{account_expired_at.strftime('%m%d%y')}"}
-    end
-    roda do |r|
-      r.is("a"){view :content=>"Logged In#{rodauth.last_account_activity_at.strftime('%m%d%y')}"}
-      rodauth.update_last_activity
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.last_account_activity_at.strftime('%m%d%y')}" : 'Not Logged'}
-    end
-
-    now = Time.now
-    login
-    page.body.must_include "Logged In#{now.strftime('%m%d%y')}"
-
-    DB[:account_activity_times].count.must_equal 1
-    DB[:account_activity_times].delete
-
-    visit '/'
-    DB[:account_activity_times].count.must_equal 1
-
-    t1 = now - 179*86400
-    DB[:account_activity_times].update(:last_activity_at => t1)
-    visit '/a'
-    page.body.must_include "Logged In#{t1.strftime('%m%d%y')}"
-
-    logout
-
-    t2 = now - 181*86400
-    DB[:account_activity_times].update(:last_activity_at => t2).must_equal 1
-
-    login
-    page.body.must_include 'Not Logged'
-    page.find('#error_flash').text.must_equal "Account expired on #{now.strftime('%m%d%y')}"
-
-    DB[:account_activity_times].update(:expired_at=>t1).must_equal 1
-
-    login
-    page.body.must_include 'Not Logged'
-    page.find('#error_flash').text.must_equal "Account expired on #{t1.strftime('%m%d%y')}"
-  end
-
-  it "should remove account activity data when closing accounts" do
-    rodauth do
-      enable :login, :close_account, :account_expiration
-      close_account_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.last_account_login_at.strftime('%m%d%y')}" : "Not Logged"}
-    end
-
-    login
-    DB[:account_activity_times].count.must_equal 1
-    visit '/close-account'
-    click_button 'Close Account'
-    DB[:account_activity_times].count.must_equal 0
-  end
-end

data/spec/all.rb

@@ -1 +0,0 @@
-Dir['./spec/*_spec.rb'].each{|f| require f}

data/spec/change_login_spec.rb

@@ -1,156 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth change_login feature' do
-  it "should support changing logins for accounts" do
-    DB[:accounts].insert(:email=>'foo2@example.com')
-    require_password = false
-    require_email = true
-
-    rodauth do
-      enable :login, :logout, :change_login
-      change_login_requires_password?{require_password}
-      require_email_address_logins?{require_email}
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/change-login'
-    page.title.must_equal 'Change Login'
-
-    fill_in 'Login', :with=>'foobar'
-    fill_in 'Confirm Login', :with=>'foobar'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.html.must_include("invalid login, not a valid email address")
-    page.current_path.must_equal '/change-login'
-
-    require_email = false
-
-    fill_in 'Login', :with=>'fb'
-    fill_in 'Confirm Login', :with=>'fb'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.html.must_include("invalid login, minimum 3 characters")
-    page.current_path.must_equal '/change-login'
-
-    fill_in 'Login', :with=>'f'*256
-    fill_in 'Confirm Login', :with=>'f'*256
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.html.must_include("invalid login, maximum 255 characters")
-    page.current_path.must_equal '/change-login'
-
-    fill_in 'Login', :with=>'foo@example.com'
-    fill_in 'Confirm Login', :with=>'foo2@example.com'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.html.must_include("logins do not match")
-    page.current_path.must_equal '/change-login'
-
-    fill_in 'Login', :with=>'foo2@example.com'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.html.must_include("invalid login, already an account with this login")
-    page.current_path.must_equal '/change-login'
-
-    fill_in 'Login', :with=>'foo@example.com'
-    fill_in 'Confirm Login', :with=>'foo@example.com'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.html.must_include("invalid login, same as current login")
-    page.current_path.must_equal '/change-login'
-
-    fill_in 'Login', :with=>'foo3@example.com'
-    fill_in 'Confirm Login', :with=>'foo3@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-    page.current_path.must_equal '/'
-
-    logout
-    login(:login=>'foo3@example.com')
-    page.current_path.must_equal '/'
-
-    require_password = true
-    visit '/change-login'
-    fill_in 'Password', :with=>'012345678'
-    fill_in 'Login', :with=>'foo4@example.com'
-    fill_in 'Confirm Login', :with=>'foo4@example.com'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.html.must_include("invalid password")
-    page.current_path.must_equal '/change-login'
-
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-    page.current_path.must_equal '/'
-
-    logout
-    login(:login=>'foo4@example.com')
-    page.current_path.must_equal '/'
-  end
-
-  it "should support changing logins for accounts with login confirmation" do
-    rodauth do
-      enable :login, :change_login
-      change_login_requires_password? false
-      require_login_confirmation? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    login
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo3@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-  end
-
-  it "should support changing logins via jwt" do
-    DB[:accounts].insert(:email=>'foo2@example.com')
-    require_password = false
-
-    rodauth do
-      enable :login, :logout, :change_login
-      change_login_requires_password?{require_password}
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-    end
-
-    json_login
-
-    res = json_request('/change-login', :login=>'foobar', "login-confirm"=>'foobar')
-    res.must_equal [422, {'error'=>"There was an error changing your login", "field-error"=>["login", "invalid login, not a valid email address"]}]
-
-    res = json_request('/change-login', :login=>'foo@example.com', "login-confirm"=>'foo2@example.com')
-    res.must_equal [422, {'error'=>"There was an error changing your login", "field-error"=>["login", "logins do not match"]}]
-
-    res = json_request('/change-login', :login=>'foo2@example.com', "login-confirm"=>'foo2@example.com')
-    res.must_equal [422, {'error'=>"There was an error changing your login", "field-error"=>["login", "invalid login, already an account with this login"]}]
-
-    res = json_request('/change-login', :login=>'foo3@example.com', "login-confirm"=>'foo3@example.com')
-    res.must_equal [200, {'success'=>"Your login has been changed"}]
-
-    json_logout
-    json_login(:login=>'foo3@example.com')
-
-    require_password = true
-
-    res = json_request('/change-login', :login=>'foo4@example.com', "login-confirm"=>'foo4@example.com', :password=>'012345678')
-    res.must_equal [401, {'error'=>"There was an error changing your login", "field-error"=>["password", "invalid password"]}]
-
-    res = json_request('/change-login', :login=>'foo4@example.com', "login-confirm"=>'foo4@example.com', :password=>'0123456789')
-    res.must_equal [200, {'success'=>"Your login has been changed"}]
-
-    json_logout
-    json_login(:login=>'foo4@example.com')
-  end
-end