rodauth 1.20.0 → 2.1.0

data/spec/update_password_hash_spec.rb

@@ -1,40 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth update_password feature' do
-  [false, true].each do |ph|
-    it "should support updating passwords for accounts #{'with account_password_hash_column' if ph} if hash cost changes" do
-      cost = BCrypt::Engine::MIN_COST
-      rodauth do
-        enable :login, :logout, :update_password_hash
-        account_password_hash_column :ph if ph
-        password_hash_cost{cost}
-      end
-      roda do |r|
-        r.rodauth
-        next unless rodauth.logged_in?
-        rodauth.account_from_session
-        r.root{rodauth.send(:get_password_hash)}
-      end
-
-      login
-      content = page.html
-
-      logout
-      login
-      page.current_path.must_equal '/'
-      content.must_equal page.html
-
-      cost += 1
-      logout
-      login
-      new_content = page.html
-      page.current_path.must_equal '/'
-      content.wont_equal new_content
-
-      logout
-      login
-      page.current_path.must_equal '/'
-      new_content.must_equal page.html
-    end
-  end
-end

data/spec/verify_account_grace_period_spec.rb

@@ -1,171 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth verify_account_grace_period feature' do
-  it "should support grace periods when verifying accounts" do
-    rodauth do
-      enable :login, :logout, :change_password, :create_account, :verify_account_grace_period
-      change_password_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
-    link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-    page.body.must_include('Logged Infalse')
-    page.current_path.must_equal '/'
-
-    logout
-    login(:login=>'foo@example2.com')
-    page.body.must_include('Logged Infalse')
-
-    visit '/change-password'
-    fill_in 'New Password', :with=>'012345678'
-    fill_in 'Confirm Password', :with=>'012345678'
-    click_button 'Change Password'
-    page.find('#notice_flash').text.must_equal "Your password has been changed"
-
-    DB[:account_verification_keys].update(:requested_at=>Time.now - 100000)
-
-    logout
-    login(:login=>'foo@example2.com', :pass=>'012345678')
-    page.find('#error_flash').text.must_equal 'The account you tried to login with is currently awaiting verification'
-    visit '/'
-    page.body.must_include('Not Logged')
-
-    visit link
-    click_button 'Verify Account'
-    page.find('#notice_flash').text.must_equal "Your account has been verified"
-    page.body.must_include('Logged Intrue')
-  end
-
-  it "should resend verify account email if attempting to create new account with same login" do
-    rodauth do
-      enable :login, :logout, :change_password, :create_account, :verify_account_grace_period
-      change_password_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
-    link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-    page.body.must_include('Logged Infalse')
-    page.current_path.must_equal '/'
-
-    logout
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    click_button 'Create Account'
-    click_button 'Send Verification Email Again'
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
-    page.current_path.must_equal '/'
-    email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
-
-    visit link
-    click_button 'Verify Account'
-    page.find('#notice_flash').text.must_equal "Your account has been verified"
-    page.body.must_include('Logged Intrue')
-  end
-
-  it "should not allow changing logins for unverified accounts" do
-    rodauth do
-      enable :login, :logout, :change_login, :verify_account_grace_period
-      change_login_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-
-    visit '/change-login'
-    page.find('#error_flash').text.must_equal "Cannot change login for unverified account. Please verify this account before changing the login."
-    page.current_path.must_equal '/'
-
-    visit link
-    click_button 'Verify Account'
-    page.find('#notice_flash').text.must_equal "Your account has been verified"
-    page.body.must_include('Logged Intrue')
-
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo3@example.com'
-    fill_in 'Confirm Login', :with=>'foo3@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-    page.current_path.must_equal '/'
-  end
-
-  it "should allow verifying accounts while logged in during grace period" do
-    rodauth do
-      enable :login, :verify_account_grace_period
-      already_logged_in{request.redirect '/'}
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
-    link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-    page.body.must_include('Logged Infalse')
-    page.current_path.must_equal '/'
-
-    visit link
-    click_button 'Verify Account'
-    page.find('#notice_flash').text.must_equal "Your account has been verified"
-    page.body.must_include('Logged Intrue')
-  end
-
-  it "should remove verify keys if closing unverified accounts" do
-    rodauth do
-      enable :login, :close_account, :verify_account_grace_period
-      already_logged_in{request.redirect '/'}
-      close_account_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-
-    visit '/close-account'
-    click_button 'Close Account'
-    page.find('#notice_flash').text.must_equal "Your account has been closed"
-    DB[:account_verification_keys].must_be :empty?
-  end
-end

data/spec/verify_account_spec.rb

@@ -1,240 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth verify_account feature' do
-  it "should support verifying accounts" do
-    last_sent_column = nil
-    secret = nil
-    allow_raw_token = false
-    rodauth do
-      enable :login, :create_account, :verify_account
-      verify_account_autologin? false
-      verify_account_email_last_sent_column{last_sent_column}
-      hmac_secret{secret}
-      allow_raw_email_token?{allow_raw_token}
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
-    page.current_path.must_equal '/'
-
-    link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-    login(:login=>'foo@example2.com')
-    page.find('#error_flash').text.must_equal 'The account you tried to login with is currently awaiting verification'
-    page.html.must_include("If you no longer have the email to verify the account, you can request that it be resent to you")
-    click_button 'Send Verification Email Again'
-    page.current_path.must_equal '/'
-    email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
-
-    visit '/login'
-    click_link 'Resend Verify Account Information'
-    fill_in 'Login', :with=>'foo@example2.com'
-    click_button 'Send Verification Email Again'
-    page.current_path.must_equal '/'
-    email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
-
-    visit '/login'
-    last_sent_column = :email_last_sent
-    click_link 'Resend Verify Account Information'
-    fill_in 'Login', :with=>'foo@example2.com'
-    click_button 'Send Verification Email Again'
-    page.current_path.must_equal '/'
-    page.find('#error_flash').text.must_equal "An email has recently been sent to you with a link to verify your account"
-    Mail::TestMailer.deliveries.must_equal []
-
-    visit '/login'
-    DB[:account_verification_keys].update(:email_last_sent => Time.now - 250).must_equal 1
-    click_link 'Resend Verify Account Information'
-    fill_in 'Login', :with=>'foo@example2.com'
-    click_button 'Send Verification Email Again'
-    page.current_path.must_equal '/'
-    page.find('#error_flash').text.must_equal "An email has recently been sent to you with a link to verify your account"
-    Mail::TestMailer.deliveries.must_equal []
-
-    visit '/login'
-    DB[:account_verification_keys].update(:email_last_sent => Time.now - 350).must_equal 1
-    click_link 'Resend Verify Account Information'
-    fill_in 'Login', :with=>'foo@example2.com'
-    click_button 'Send Verification Email Again'
-    page.current_path.must_equal '/'
-    email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
-
-    DB[:account_verification_keys].update(:email_last_sent => Time.now - 350).must_equal 1
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    click_button 'Create Account'
-    click_button 'Send Verification Email Again'
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
-    page.current_path.must_equal '/'
-
-    link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-    visit link[0...-1]
-    page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
-
-    secret = SecureRandom.random_bytes(32)
-    visit link
-    page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
-
-    allow_raw_token = true
-    visit link
-    click_button 'Verify Account'
-    page.find('#notice_flash').text.must_equal "Your account has been verified"
-    page.current_path.must_equal '/'
-
-    login(:login=>'foo@example2.com')
-    page.find('#notice_flash').text.must_equal 'You have been logged in'
-    page.current_path.must_equal '/'
-  end
-
-  [false, true].each do |ph|
-    it "should support setting passwords when verifying accounts #{'with account_password_hash_column' if ph}" do
-      initial_secret = secret = SecureRandom.random_bytes(32)
-      rodauth do
-        enable :login, :create_account, :verify_account
-        account_password_hash_column :ph if ph
-        verify_account_autologin? false
-        verify_account_set_password? true
-        hmac_secret{secret}
-      end
-      roda do |r|
-        r.rodauth
-        r.root{view :content=>""}
-      end
-
-      visit '/create-account'
-      fill_in 'Login', :with=>'foo@example2.com'
-      fill_in 'Confirm Login', :with=>'foo@example2.com'
-      click_button 'Create Account'
-      page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
-
-      link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-
-      secret = SecureRandom.random_bytes(32)
-      visit link
-      page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
-
-      secret = initial_secret
-      visit link
-      fill_in 'Password', :with=>'0123456789'
-      fill_in 'Confirm Password', :with=>'012345678'
-      click_button 'Verify Account'
-      page.html.must_include("passwords do not match")
-      page.find('#error_flash').text.must_equal "Unable to verify account"
-
-      fill_in 'Password', :with=>'0123'
-      fill_in 'Confirm Password', :with=>'0123'
-      click_button 'Verify Account'
-      page.html.must_include("invalid password, does not meet requirements (minimum 6 characters)")
-      page.find('#error_flash').text.must_equal "Unable to verify account"
-
-      fill_in 'Password', :with=>'0123456789'
-      fill_in 'Confirm Password', :with=>'0123456789'
-      click_button 'Verify Account'
-      page.find('#notice_flash').text.must_equal "Your account has been verified"
-      page.current_path.must_equal '/'
-
-      login(:login=>'foo@example2.com', :password=>'0123456789')
-      page.find('#notice_flash').text.must_equal 'You have been logged in'
-      page.current_path.must_equal '/'
-    end
-  end
-
-  it "should support autologin when verifying accounts" do
-    rodauth do
-      enable :login, :create_account, :verify_account
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
-    page.current_path.must_equal '/'
-
-    link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-    visit link
-    click_button 'Verify Account'
-    page.find('#notice_flash').text.must_equal "Your account has been verified"
-    page.body.must_include 'Logged In'
-  end
-
-  it "should handle uniqueness errors raised when inserting verify account token" do
-    rodauth do
-      enable :login, :verify_account
-    end
-    roda do |r|
-      def rodauth.raised_uniqueness_violation(*) super; true; end
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
-    page.current_path.must_equal '/'
-
-    link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-    visit link
-    click_button 'Verify Account'
-    page.find('#notice_flash').text.must_equal "Your account has been verified"
-    page.body.must_include 'Logged In'
-  end
-
-  it "should support verifying accounts via jwt" do
-    rodauth do
-      enable :login, :create_account, :verify_account
-      verify_account_autologin? false
-      verify_account_email_body{verify_account_email_link}
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    res = json_request('/create-account', :login=>'foo@example2.com', "login-confirm"=>'foo@example2.com', :password=>'0123456789', "password-confirm"=>'0123456789')
-    res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your account"}]
-    link = email_link(/key=.+$/, 'foo@example2.com')
-
-    res = json_request('/verify-account-resend', :login=>'foo@example.com')
-    res.must_equal [401, {'error'=>"Unable to resend verify account email"}]
-
-    res = json_request('/verify-account-resend', :login=>'foo@example3.com')
-    res.must_equal [401, {'error'=>"Unable to resend verify account email"}]
-
-    res = json_request('/login', :login=>'foo@example2.com',:password=>'0123456789')
-    res.must_equal [403, {'error'=>"The account you tried to login with is currently awaiting verification"}]
-
-    res = json_request('/verify-account-resend', :login=>'foo@example2.com')
-    res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your account"}]
-    email_link(/key=.+$/, 'foo@example2.com').must_equal link
-
-    res = json_request('/verify-account')
-    res.must_equal [401, {'error'=>"Unable to verify account"}]
-
-    res = json_request('/verify-account', :key=>link[4...-1])
-    res.must_equal [401, {"error"=>"Unable to verify account"}]
-
-    res = json_request('/verify-account', :key=>link[4..-1])
-    res.must_equal [200, {"success"=>"Your account has been verified"}]
-
-    json_login(:login=>'foo@example2.com')
-  end
-end