rodauth 1.21.0 → 2.2.0

data/spec/migrate/001_tables.rb

@@ -1,184 +0,0 @@
-Sequel.migration do
-  up do
-    extension :date_arithmetic
-
-    # Used by the account verification and close account features
-    create_table(:account_statuses) do
-      Integer :id, :primary_key=>true
-      String :name, :null=>false, :unique=>true
-    end
-    from(:account_statuses).import([:id, :name], [[1, 'Unverified'], [2, 'Verified'], [3, 'Closed']])
-
-    db = self
-    create_table(:accounts) do
-      primary_key :id, :type=>:Bignum
-      foreign_key :status_id, :account_statuses, :null=>false, :default=>1
-      if db.database_type == :postgres
-        citext :email, :null=>false
-        constraint :valid_email, :email=>/^[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+$/
-        index :email, :unique=>true, :where=>{:status_id=>[1, 2]}
-      else
-        String :email, :null=>false
-        index :email, :unique=>true
-      end
-    end
-
-    deadline_opts = proc do |days|
-      if database_type == :mysql
-        {:null=>false}
-      else
-        {:null=>false, :default=>Sequel.date_add(Sequel::CURRENT_TIMESTAMP, :days=>days)}
-      end
-    end
-
-    # Used by the password reset feature
-    create_table(:account_password_reset_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-      DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the refresh token feature
-    create_table(:account_jwt_refresh_keys) do
-      primary_key :id, :type=>:Bignum
-      foreign_key :account_id, :accounts, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-    end
-
-    # Used by the account verification feature
-    create_table(:account_verification_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :requested_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-      DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the verify login change feature
-    create_table(:account_login_change_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      String :login, :null=>false
-      DateTime :deadline, deadline_opts[1]
-    end
-
-    # Used by the remember me feature
-    create_table(:account_remember_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[14]
-    end
-
-    # Used by the lockout feature
-    create_table(:account_login_failures) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      Integer :number, :null=>false, :default=>1
-    end
-    create_table(:account_lockouts) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-      DateTime :email_last_sent
-    end
-
-    # Used by the email auth feature
-    create_table(:account_email_auth_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-      DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the password expiration feature
-    create_table(:account_password_change_times) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      DateTime :changed_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the account expiration feature
-    create_table(:account_activity_times) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      DateTime :last_activity_at, :null=>false
-      DateTime :last_login_at, :null=>false
-      DateTime :expired_at
-    end
-
-    # Used by the single session feature
-    create_table(:account_session_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-    end
-
-    # Used by the otp feature
-    create_table(:account_otp_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      Integer :num_failures, :null=>false, :default=>0
-      Time :last_use, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the recovery codes feature
-    create_table(:account_recovery_codes) do
-      foreign_key :id, :accounts, :type=>:Bignum
-      String :code
-      primary_key [:id, :code]
-    end
-
-    # Used by the sms codes feature
-    create_table(:account_sms_codes) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :phone_number, :null=>false
-      Integer :num_failures
-      String :code
-      DateTime :code_issued_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    case database_type
-    when :postgres
-      user = get(Sequel.lit('current_user')) + '_password'
-      run "GRANT REFERENCES ON accounts TO #{user}"
-    when :mysql, :mssql
-      user = if database_type == :mysql
-        get(Sequel.lit('current_user')).sub(/_password@/, '@')
-      else
-        get(Sequel.function(:DB_NAME))
-      end
-      run "GRANT ALL ON account_statuses TO #{user}"
-      run "GRANT ALL ON accounts TO #{user}"
-      run "GRANT ALL ON account_password_reset_keys TO #{user}"
-      run "GRANT ALL ON account_jwt_refresh_keys TO #{user}"
-      run "GRANT ALL ON account_verification_keys TO #{user}"
-      run "GRANT ALL ON account_login_change_keys TO #{user}"
-      run "GRANT ALL ON account_remember_keys TO #{user}"
-      run "GRANT ALL ON account_login_failures TO #{user}"
-      run "GRANT ALL ON account_email_auth_keys TO #{user}"
-      run "GRANT ALL ON account_lockouts TO #{user}"
-      run "GRANT ALL ON account_password_change_times TO #{user}"
-      run "GRANT ALL ON account_activity_times TO #{user}"
-      run "GRANT ALL ON account_session_keys TO #{user}"
-      run "GRANT ALL ON account_otp_keys TO #{user}"
-      run "GRANT ALL ON account_recovery_codes TO #{user}"
-      run "GRANT ALL ON account_sms_codes TO #{user}"
-    end
-  end
-
-  down do
-    drop_table(:account_sms_codes,
-               :account_recovery_codes,
-               :account_otp_keys,
-               :account_session_keys,
-               :account_activity_times,
-               :account_password_change_times,
-               :account_email_auth_keys,
-               :account_lockouts,
-               :account_login_failures,
-               :account_remember_keys,
-               :account_login_change_keys,
-               :account_verification_keys,
-               :account_jwt_refresh_keys,
-               :account_password_reset_keys,
-               :accounts,
-               :account_statuses)
-  end
-end

data/spec/migrate/002_account_password_hash_column.rb

@@ -1,11 +0,0 @@
-Sequel.migration do
-  up do
-    # Only for testing of account_password_hash_column, not recommended for new
-    # applications
-    add_column :accounts, :ph, String
-  end
-
-  down do
-    drop_column :accounts, :ph
-  end
-end

data/spec/migrate_password/001_tables.rb

@@ -1,73 +0,0 @@
-require 'rodauth/migrations'
-
-Sequel.migration do
-  up do
-    create_table(:account_password_hashes) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :password_hash, :null=>false
-    end
-    Rodauth.create_database_authentication_functions(self)
-    case database_type
-    when :postgres
-      user = get(Sequel.lit('current_user')).sub(/_password\z/, '')
-      run "REVOKE ALL ON account_password_hashes FROM public"
-      run "REVOKE ALL ON FUNCTION rodauth_get_salt(int8) FROM public"
-      run "REVOKE ALL ON FUNCTION rodauth_valid_password_hash(int8, text) FROM public"
-      run "GRANT INSERT, UPDATE, DELETE ON account_password_hashes TO #{user}"
-      run "GRANT SELECT(id) ON account_password_hashes TO #{user}"
-      run "GRANT EXECUTE ON FUNCTION rodauth_get_salt(int8) TO #{user}"
-      run "GRANT EXECUTE ON FUNCTION rodauth_valid_password_hash(int8, text) TO #{user}"
-    when :mysql
-      user = get(Sequel.lit('current_user')).sub(/_password@/, '@')
-      db_name = get(Sequel.function(:database))
-      run "GRANT EXECUTE ON #{db_name}.* TO #{user}"
-      run "GRANT INSERT, UPDATE, DELETE ON account_password_hashes TO #{user}"
-      run "GRANT SELECT (id) ON account_password_hashes TO #{user}"
-    when :mssql
-      user = get(Sequel.function(:DB_NAME))
-      run "GRANT EXECUTE ON rodauth_get_salt TO #{user}"
-      run "GRANT EXECUTE ON rodauth_valid_password_hash TO #{user}"
-      run "GRANT INSERT, UPDATE, DELETE ON account_password_hashes TO #{user}"
-      run "GRANT SELECT ON account_password_hashes(id) TO #{user}"
-    end
-
-    # Used by the disallow_password_reuse feature
-    create_table(:account_previous_password_hashes) do
-      primary_key :id, :type=>:Bignum
-      foreign_key :account_id, :accounts, :type=>:Bignum
-      String :password_hash, :null=>false
-    end
-    Rodauth.create_database_previous_password_check_functions(self)
-
-    case database_type
-    when :postgres
-      user = get(Sequel.lit('current_user')).sub(/_password\z/, '')
-      run "REVOKE ALL ON account_previous_password_hashes FROM public"
-      run "REVOKE ALL ON FUNCTION rodauth_get_previous_salt(int8) FROM public"
-      run "REVOKE ALL ON FUNCTION rodauth_previous_password_hash_match(int8, text) FROM public"
-      run "GRANT INSERT, UPDATE, DELETE ON account_previous_password_hashes TO #{user}"
-      run "GRANT SELECT(id, account_id) ON account_previous_password_hashes TO #{user}"
-      run "GRANT USAGE ON account_previous_password_hashes_id_seq TO #{user}"
-      run "GRANT EXECUTE ON FUNCTION rodauth_get_previous_salt(int8) TO #{user}"
-      run "GRANT EXECUTE ON FUNCTION rodauth_previous_password_hash_match(int8, text) TO #{user}"
-    when :mysql
-      user = get(Sequel.lit('current_user')).sub(/_password@/, '@')
-      db_name = get(Sequel.function(:database))
-      run "GRANT EXECUTE ON #{db_name}.* TO #{user}"
-      run "GRANT INSERT, UPDATE, DELETE ON account_previous_password_hashes TO #{user}"
-      run "GRANT SELECT (id, account_id) ON account_previous_password_hashes TO #{user}"
-    when :mssql
-      user = get(Sequel.function(:DB_NAME))
-      run "GRANT EXECUTE ON rodauth_get_previous_salt TO #{user}"
-      run "GRANT EXECUTE ON rodauth_previous_password_hash_match TO #{user}"
-      run "GRANT INSERT, UPDATE, DELETE ON account_previous_password_hashes TO #{user}"
-      run "GRANT SELECT ON account_previous_password_hashes(id, account_id) TO #{user}"
-    end
-  end
-
-  down do
-    Rodauth.drop_database_previous_password_check_functions(self)
-    Rodauth.drop_database_authentication_functions(self)
-    drop_table(:account_previous_password_hashes, :account_password_hashes)
-  end
-end

data/spec/migrate_travis/001_tables.rb

@@ -1,141 +0,0 @@
-require 'rodauth/migrations'
-
-Sequel.migration do
-  up do
-    extension :date_arithmetic
-
-    create_table(:account_statuses) do
-      Integer :id, :primary_key=>true
-      String :name, :null=>false, :unique=>true
-    end
-    from(:account_statuses).import([:id, :name], [[1, 'Unverified'], [2, 'Verified'], [3, 'Closed']])
-
-    db = self
-    create_table(:accounts) do
-      primary_key :id, :type=>:Bignum
-      foreign_key :status_id, :account_statuses, :null=>false, :default=>1
-      if db.database_type == :postgres
-        citext :email, :null=>false
-        constraint :valid_email, :email=>/^[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+$/
-        index :email, :unique=>true, :where=>{:status_id=>[1, 2]}
-      else
-        String :email, :null=>false
-        index :email, :unique=>true
-      end
-
-      String :ph
-    end
-
-    create_table(:account_password_hashes) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :password_hash, :null=>false
-    end
-    Rodauth.create_database_authentication_functions(self)
-
-    deadline_opts = proc do |days|
-      if database_type == :mysql
-        {:null=>false}
-      else
-        {:null=>false, :default=>Sequel.date_add(Sequel::CURRENT_TIMESTAMP, :days=>days)}
-      end
-    end
-
-    create_table(:account_password_reset_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-      DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the refresh token feature
-    create_table(:account_jwt_refresh_keys) do
-      primary_key :id, :type=>:Bignum
-      foreign_key :account_id, :accounts, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-    end
-
-    create_table(:account_verification_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :requested_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-      DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    create_table(:account_login_change_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      String :login, :null=>false
-      DateTime :deadline, deadline_opts[1]
-    end
-
-    create_table(:account_remember_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[14]
-    end
-
-    create_table(:account_email_auth_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-      DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    create_table(:account_login_failures) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      Integer :number, :null=>false, :default=>1
-    end
-    create_table(:account_lockouts) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-      DateTime :email_last_sent
-    end
-
-    create_table(:account_password_change_times) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      DateTime :changed_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    create_table(:account_activity_times) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      DateTime :last_activity_at, :null=>false
-      DateTime :last_login_at, :null=>false
-      DateTime :expired_at
-    end
-
-    create_table(:account_session_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-    end
-
-    create_table(:account_otp_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      Integer :num_failures, :null=>false, :default=>0
-      Time :last_use, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    create_table(:account_recovery_codes) do
-      foreign_key :id, :accounts, :type=>:Bignum
-      String :code
-      primary_key [:id, :code]
-    end
-
-    create_table(:account_sms_codes) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :phone_number, :null=>false
-      Integer :num_failures
-      String :code
-      DateTime :code_issued_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    create_table(:account_previous_password_hashes) do
-      primary_key :id, :type=>:Bignum
-      foreign_key :account_id, :accounts, :type=>:Bignum
-      String :password_hash, :null=>false
-    end
-    Rodauth.create_database_previous_password_check_functions(self)
-  end
-end

data/spec/password_complexity_spec.rb

@@ -1,109 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth password complexity feature' do
-  it "should do additional password complexity checks" do
-    rodauth do
-      enable :login, :change_password, :password_complexity
-      change_password_requires_password? false
-      password_dictionary_file 'spec/words'
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/change-password'
-
-    bad_passwords = [
-      ["minimum 6 characters", %w"a1OX"],
-      ["does not include uppercase letters, lowercase letters, and numbers",
-       %w'sdflksdfl sdflks!fl Sdflksdfl dfl1sdfl DFL1SDFL DFL!SDFL'],
-      ["includes common character sequence",
-       %w"Aqwerty12 Aazerty12 HA123ha HA234ha HA345ha HA456ha HA567ha HA678ha HA789ha HA890ha"],
-      ["contains 3 or more of the same character in a row", %w"Helll0 Hellllll0"],
-      ["is a word in a dictionary", 
-       %w"Password1 1Password1 1PaSSword1 1P@$5w0Rd1 2398|3@$+7809 2|!7+1e l4$7$124 N!88|e56"]
-    ]
-
-
-    bad_passwords.each do |message, passwords|
-      passwords.each do |pass|
-        fill_in 'New Password', :with=>pass
-        fill_in 'Confirm Password', :with=>pass
-        click_button 'Change Password'
-        page.html.must_include("invalid password, does not meet requirements (#{message})")
-        page.find('#error_flash').text.must_equal "There was an error changing your password"
-      end
-    end
-
-    fill_in 'New Password', :with=>'footpassword'
-    fill_in 'Confirm Password', :with=>'footpassword'
-    click_button 'Change Password'
-    page.find('#notice_flash').text.must_equal "Your password has been changed"
-  end
-
-  it "should support default dictionary" do
-    default_dictionary = '/usr/share/dict/words'
-    skip("#{default_dictionary} not present") unless File.file?(default_dictionary)
-    pass = File.read(default_dictionary).split.sort_by{|w| w.length}.last
-    skip("#{default_dictionary} empty") unless pass
-    pass = pass.downcase.gsub(/[^a-z]/, '')
-
-    rodauth do
-      enable :login, :change_password, :password_complexity
-      change_password_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/change-password'
-    fill_in 'New Password', :with=>"135#{pass}135"
-    fill_in 'Confirm Password', :with=>"135#{pass}135"
-    click_button 'Change Password'
-    page.html.must_include("invalid password")
-    page.find('#error_flash').text.must_equal "There was an error changing your password"
-
-    fill_in 'New Password', :with=>'footpassword'
-    fill_in 'Confirm Password', :with=>'footpassword'
-    click_button 'Change Password'
-    page.find('#notice_flash').text.must_equal "Your password has been changed"
-  end
-
-  it "should support no dictionary" do
-    default_dictionary = '/usr/share/dict/words'
-    skip("#{default_dictionary} not present") unless File.file?(default_dictionary)
-
-    rodauth do
-      enable :login, :change_password, :password_complexity
-      change_password_requires_password? false
-      password_dictionary_file false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>""}
-    end
-
-    login
-    page.current_path.must_equal '/'
-
-    visit '/change-password'
-    fill_in 'New Password', :with=>"password123"
-    fill_in 'Confirm Password', :with=>"password123"
-    click_button 'Change Password'
-    page.html.must_include("invalid password")
-    page.find('#error_flash').text.must_equal "There was an error changing your password"
-
-    fill_in 'New Password', :with=>'Password1'
-    fill_in 'Confirm Password', :with=>'Password1'
-    click_button 'Change Password'
-    page.find('#notice_flash').text.must_equal "Your password has been changed"
-  end
-end