rodauth 1.21.0 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (200) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +182 -0
  3. data/MIT-LICENSE +1 -1
  4. data/README.rdoc +211 -79
  5. data/doc/account_expiration.rdoc +12 -26
  6. data/doc/active_sessions.rdoc +49 -0
  7. data/doc/audit_logging.rdoc +44 -0
  8. data/doc/base.rdoc +75 -128
  9. data/doc/change_login.rdoc +7 -14
  10. data/doc/change_password.rdoc +9 -13
  11. data/doc/change_password_notify.rdoc +2 -2
  12. data/doc/close_account.rdoc +9 -16
  13. data/doc/confirm_password.rdoc +12 -5
  14. data/doc/create_account.rdoc +11 -22
  15. data/doc/disallow_password_reuse.rdoc +6 -13
  16. data/doc/email_auth.rdoc +15 -14
  17. data/doc/email_base.rdoc +6 -15
  18. data/doc/guides/admin_activation.rdoc +46 -0
  19. data/doc/guides/already_authenticated.rdoc +10 -0
  20. data/doc/guides/alternative_login.rdoc +46 -0
  21. data/doc/guides/create_account_programmatically.rdoc +38 -0
  22. data/doc/guides/delay_password.rdoc +25 -0
  23. data/doc/guides/email_only.rdoc +16 -0
  24. data/doc/guides/i18n.rdoc +26 -0
  25. data/doc/{internals.rdoc → guides/internals.rdoc} +0 -0
  26. data/doc/guides/links.rdoc +12 -0
  27. data/doc/guides/login_return.rdoc +37 -0
  28. data/doc/guides/password_column.rdoc +25 -0
  29. data/doc/guides/password_confirmation.rdoc +37 -0
  30. data/doc/guides/password_requirements.rdoc +30 -0
  31. data/doc/guides/paths.rdoc +36 -0
  32. data/doc/guides/query_params.rdoc +9 -0
  33. data/doc/guides/redirects.rdoc +17 -0
  34. data/doc/guides/registration_field.rdoc +68 -0
  35. data/doc/guides/require_mfa.rdoc +30 -0
  36. data/doc/guides/reset_password_autologin.rdoc +21 -0
  37. data/doc/guides/status_column.rdoc +28 -0
  38. data/doc/guides/totp_or_recovery.rdoc +16 -0
  39. data/doc/http_basic_auth.rdoc +10 -1
  40. data/doc/jwt.rdoc +22 -22
  41. data/doc/jwt_cors.rdoc +22 -0
  42. data/doc/jwt_refresh.rdoc +18 -8
  43. data/doc/lockout.rdoc +17 -15
  44. data/doc/login.rdoc +10 -2
  45. data/doc/login_password_requirements_base.rdoc +15 -37
  46. data/doc/logout.rdoc +2 -2
  47. data/doc/otp.rdoc +25 -19
  48. data/doc/password_complexity.rdoc +10 -26
  49. data/doc/password_expiration.rdoc +11 -25
  50. data/doc/password_grace_period.rdoc +16 -2
  51. data/doc/recovery_codes.rdoc +18 -12
  52. data/doc/release_notes/1.22.0.txt +11 -0
  53. data/doc/release_notes/1.23.0.txt +32 -0
  54. data/doc/release_notes/2.0.0.txt +361 -0
  55. data/doc/release_notes/2.1.0.txt +31 -0
  56. data/doc/release_notes/2.2.0.txt +39 -0
  57. data/doc/remember.rdoc +40 -64
  58. data/doc/reset_password.rdoc +12 -9
  59. data/doc/session_expiration.rdoc +1 -0
  60. data/doc/single_session.rdoc +16 -25
  61. data/doc/sms_codes.rdoc +24 -14
  62. data/doc/two_factor_base.rdoc +60 -22
  63. data/doc/verify_account.rdoc +14 -12
  64. data/doc/verify_account_grace_period.rdoc +6 -2
  65. data/doc/verify_login_change.rdoc +9 -8
  66. data/doc/webauthn.rdoc +115 -0
  67. data/doc/webauthn_login.rdoc +15 -0
  68. data/doc/webauthn_verify_account.rdoc +9 -0
  69. data/javascript/webauthn_auth.js +45 -0
  70. data/javascript/webauthn_setup.js +35 -0
  71. data/lib/roda/plugins/rodauth.rb +1 -1
  72. data/lib/rodauth.rb +36 -28
  73. data/lib/rodauth/features/account_expiration.rb +5 -5
  74. data/lib/rodauth/features/active_sessions.rb +158 -0
  75. data/lib/rodauth/features/audit_logging.rb +98 -0
  76. data/lib/rodauth/features/base.rb +144 -43
  77. data/lib/rodauth/features/change_password_notify.rb +2 -2
  78. data/lib/rodauth/features/confirm_password.rb +40 -2
  79. data/lib/rodauth/features/create_account.rb +8 -13
  80. data/lib/rodauth/features/disallow_common_passwords.rb +1 -1
  81. data/lib/rodauth/features/disallow_password_reuse.rb +1 -1
  82. data/lib/rodauth/features/email_auth.rb +31 -30
  83. data/lib/rodauth/features/email_base.rb +9 -4
  84. data/lib/rodauth/features/http_basic_auth.rb +55 -35
  85. data/lib/rodauth/features/jwt.rb +63 -16
  86. data/lib/rodauth/features/jwt_cors.rb +53 -0
  87. data/lib/rodauth/features/jwt_refresh.rb +32 -9
  88. data/lib/rodauth/features/lockout.rb +12 -14
  89. data/lib/rodauth/features/login.rb +54 -10
  90. data/lib/rodauth/features/login_password_requirements_base.rb +4 -4
  91. data/lib/rodauth/features/otp.rb +77 -80
  92. data/lib/rodauth/features/password_complexity.rb +8 -13
  93. data/lib/rodauth/features/password_expiration.rb +2 -2
  94. data/lib/rodauth/features/password_grace_period.rb +17 -10
  95. data/lib/rodauth/features/recovery_codes.rb +49 -53
  96. data/lib/rodauth/features/remember.rb +11 -27
  97. data/lib/rodauth/features/reset_password.rb +26 -26
  98. data/lib/rodauth/features/session_expiration.rb +6 -4
  99. data/lib/rodauth/features/single_session.rb +8 -6
  100. data/lib/rodauth/features/sms_codes.rb +62 -72
  101. data/lib/rodauth/features/two_factor_base.rb +134 -30
  102. data/lib/rodauth/features/verify_account.rb +29 -21
  103. data/lib/rodauth/features/verify_account_grace_period.rb +18 -9
  104. data/lib/rodauth/features/verify_login_change.rb +12 -11
  105. data/lib/rodauth/features/webauthn.rb +505 -0
  106. data/lib/rodauth/features/webauthn_login.rb +70 -0
  107. data/lib/rodauth/features/webauthn_verify_account.rb +46 -0
  108. data/lib/rodauth/version.rb +2 -2
  109. data/templates/button.str +1 -3
  110. data/templates/change-login.str +1 -2
  111. data/templates/change-password.str +3 -5
  112. data/templates/close-account.str +2 -2
  113. data/templates/confirm-password.str +1 -1
  114. data/templates/create-account.str +1 -1
  115. data/templates/email-auth-email.str +1 -1
  116. data/templates/email-auth-request-form.str +2 -3
  117. data/templates/email-auth.str +1 -1
  118. data/templates/global-logout-field.str +6 -0
  119. data/templates/login-confirm-field.str +2 -4
  120. data/templates/login-display.str +3 -2
  121. data/templates/login-field.str +2 -4
  122. data/templates/login-form-footer.str +6 -0
  123. data/templates/login-form.str +7 -0
  124. data/templates/login.str +1 -9
  125. data/templates/logout.str +1 -1
  126. data/templates/multi-phase-login.str +3 -0
  127. data/templates/otp-auth-code-field.str +5 -3
  128. data/templates/otp-auth.str +1 -1
  129. data/templates/otp-disable.str +1 -1
  130. data/templates/otp-setup.str +3 -3
  131. data/templates/password-confirm-field.str +2 -4
  132. data/templates/password-field.str +2 -4
  133. data/templates/recovery-auth.str +3 -6
  134. data/templates/recovery-codes.str +1 -1
  135. data/templates/remember.str +15 -20
  136. data/templates/reset-password-email.str +1 -1
  137. data/templates/reset-password-request.str +3 -3
  138. data/templates/reset-password.str +1 -2
  139. data/templates/sms-auth.str +1 -1
  140. data/templates/sms-code-field.str +5 -3
  141. data/templates/sms-confirm.str +1 -2
  142. data/templates/sms-disable.str +1 -2
  143. data/templates/sms-request.str +1 -1
  144. data/templates/sms-setup.str +6 -4
  145. data/templates/two-factor-auth.str +5 -0
  146. data/templates/two-factor-disable.str +6 -0
  147. data/templates/two-factor-manage.str +16 -0
  148. data/templates/unlock-account-email.str +1 -1
  149. data/templates/unlock-account-request.str +4 -4
  150. data/templates/unlock-account.str +1 -1
  151. data/templates/verify-account-email.str +1 -1
  152. data/templates/verify-account-resend.str +3 -3
  153. data/templates/verify-account.str +1 -2
  154. data/templates/verify-login-change-email.str +2 -1
  155. data/templates/verify-login-change.str +1 -1
  156. data/templates/webauthn-auth.str +11 -0
  157. data/templates/webauthn-remove.str +14 -0
  158. data/templates/webauthn-setup.str +12 -0
  159. metadata +110 -52
  160. data/Rakefile +0 -179
  161. data/doc/verify_change_login.rdoc +0 -11
  162. data/lib/rodauth/features/verify_change_login.rb +0 -20
  163. data/spec/account_expiration_spec.rb +0 -225
  164. data/spec/all.rb +0 -1
  165. data/spec/change_login_spec.rb +0 -156
  166. data/spec/change_password_notify_spec.rb +0 -33
  167. data/spec/change_password_spec.rb +0 -202
  168. data/spec/close_account_spec.rb +0 -162
  169. data/spec/confirm_password_spec.rb +0 -70
  170. data/spec/create_account_spec.rb +0 -127
  171. data/spec/disallow_common_passwords_spec.rb +0 -93
  172. data/spec/disallow_password_reuse_spec.rb +0 -179
  173. data/spec/email_auth_spec.rb +0 -285
  174. data/spec/http_basic_auth_spec.rb +0 -143
  175. data/spec/jwt_refresh_spec.rb +0 -256
  176. data/spec/jwt_spec.rb +0 -235
  177. data/spec/lockout_spec.rb +0 -250
  178. data/spec/login_spec.rb +0 -328
  179. data/spec/migrate/001_tables.rb +0 -184
  180. data/spec/migrate/002_account_password_hash_column.rb +0 -11
  181. data/spec/migrate_password/001_tables.rb +0 -73
  182. data/spec/migrate_travis/001_tables.rb +0 -141
  183. data/spec/password_complexity_spec.rb +0 -109
  184. data/spec/password_expiration_spec.rb +0 -244
  185. data/spec/password_grace_period_spec.rb +0 -93
  186. data/spec/remember_spec.rb +0 -451
  187. data/spec/reset_password_spec.rb +0 -229
  188. data/spec/rodauth_spec.rb +0 -343
  189. data/spec/session_expiration_spec.rb +0 -58
  190. data/spec/single_session_spec.rb +0 -127
  191. data/spec/spec_helper.rb +0 -327
  192. data/spec/two_factor_spec.rb +0 -1462
  193. data/spec/update_password_hash_spec.rb +0 -40
  194. data/spec/verify_account_grace_period_spec.rb +0 -171
  195. data/spec/verify_account_spec.rb +0 -240
  196. data/spec/verify_change_login_spec.rb +0 -46
  197. data/spec/verify_login_change_spec.rb +0 -232
  198. data/spec/views/layout-other.str +0 -11
  199. data/spec/views/layout.str +0 -11
  200. data/spec/views/login.str +0 -21
@@ -1,244 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth password expiration feature' do
4
- it "should force password changes after x number of days" do
5
- rodauth do
6
- enable :login, :logout, :change_password, :reset_password, :password_expiration
7
- allow_password_change_after 1000
8
- change_password_requires_password? false
9
- end
10
- roda do |r|
11
- r.rodauth
12
- rodauth.require_current_password if rodauth.logged_in?
13
- r.root{view :content=>""}
14
- end
15
-
16
- login(:pass=>'01234567')
17
- click_button 'Request Password Reset'
18
- link = email_link(/(\/reset-password\?key=.+)$/)
19
-
20
- visit link
21
- page.current_path.must_equal '/reset-password'
22
-
23
- login
24
- page.current_path.must_equal '/'
25
-
26
- visit '/change-password'
27
- fill_in 'New Password', :with=>'banana'
28
- fill_in 'Confirm Password', :with=>'banana'
29
- click_button 'Change Password'
30
- page.current_path.must_equal '/'
31
-
32
- visit '/change-password'
33
- page.current_path.must_equal '/'
34
- page.find('#error_flash').text.must_equal "Your password cannot be changed yet"
35
-
36
- logout
37
-
38
- visit link
39
- page.current_path.must_equal '/'
40
- page.find('#error_flash').text.must_equal "Your password cannot be changed yet"
41
-
42
- DB[:account_password_change_times].update(:changed_at=>Time.now - 1100)
43
-
44
- visit link
45
- page.current_path.must_equal '/reset-password'
46
-
47
- login(:pass=>'banana')
48
- page.current_path.must_equal '/'
49
-
50
- visit '/change-password'
51
- page.current_path.must_equal '/change-password'
52
-
53
- logout
54
-
55
- DB[:account_password_change_times].update(:changed_at=>Time.now - 91*86400)
56
-
57
- login(:pass=>'banana')
58
- page.current_path.must_equal '/change-password'
59
- page.find('#error_flash').text.must_equal "Your password has expired and needs to be changed"
60
-
61
- visit '/foo'
62
- page.current_path.must_equal '/change-password'
63
- page.find('#error_flash').text.must_equal "Your password has expired and needs to be changed"
64
-
65
- fill_in 'New Password', :with=>'banana2'
66
- fill_in 'Confirm Password', :with=>'banana2'
67
- click_button 'Change Password'
68
- page.current_path.must_equal '/'
69
-
70
- visit '/change-password'
71
- page.current_path.must_equal '/'
72
- page.find('#error_flash').text.must_equal "Your password cannot be changed yet"
73
-
74
- logout
75
-
76
- visit link
77
- page.current_path.must_equal '/'
78
- page.find('#error_flash').text.must_equal "Your password cannot be changed yet"
79
- end
80
-
81
- it "should update password changed at when creating accounts" do
82
- rodauth do
83
- enable :login, :change_password, :password_expiration
84
- password_expiration_default true
85
- change_password_requires_password? false
86
- end
87
- roda do |r|
88
- r.rodauth
89
- rodauth.require_current_password
90
- r.root{view :content=>""}
91
- end
92
-
93
- login
94
- page.current_path.must_equal '/change-password'
95
-
96
- visit '/'
97
- page.current_path.must_equal '/change-password'
98
- fill_in 'New Password', :with=>'banana'
99
- fill_in 'Confirm Password', :with=>'banana'
100
- click_button 'Change Password'
101
- page.current_path.must_equal '/'
102
- end
103
-
104
- it "should update password changed at when creating accounts" do
105
- rodauth do
106
- enable :login, :create_account, :password_expiration
107
- allow_password_change_after 1000
108
- account_password_hash_column :ph
109
- end
110
- roda do |r|
111
- r.rodauth
112
- r.root{view :content=>""}
113
- end
114
-
115
- visit '/create-account'
116
- fill_in 'Login', :with=>'foo2@example.com'
117
- fill_in 'Confirm Login', :with=>'foo2@example.com'
118
- fill_in 'Password', :with=>'apple2'
119
- fill_in 'Confirm Password', :with=>'apple2'
120
- click_button 'Create Account'
121
-
122
- visit '/change-password'
123
- page.current_path.must_equal '/'
124
- page.find('#error_flash').text.must_equal "Your password cannot be changed yet"
125
- end
126
-
127
- it "should remove password expiration data when closing accounts" do
128
- rodauth do
129
- enable :create_account, :close_account, :password_expiration
130
- close_account_requires_password? false
131
- create_account_autologin? true
132
- end
133
- roda do |r|
134
- r.rodauth
135
- r.root{view :content=>""}
136
- end
137
-
138
- visit '/create-account'
139
- fill_in 'Login', :with=>'foo2@example.com'
140
- fill_in 'Confirm Login', :with=>'foo2@example.com'
141
- fill_in 'Password', :with=>'apple2'
142
- fill_in 'Confirm Password', :with=>'apple2'
143
- click_button 'Create Account'
144
-
145
- DB[:account_password_change_times].count.must_equal 1
146
- visit '/close-account'
147
- click_button 'Close Account'
148
- DB[:account_password_change_times].count.must_equal 0
149
- end
150
-
151
- it "should handle the case where the password is expired while the user has logged in" do
152
- rodauth do
153
- enable :login, :change_password, :password_expiration
154
- password_expiration_default true
155
- allow_password_change_after(-1000)
156
- change_password_requires_password? false
157
- require_password_change_after 3600
158
- end
159
- roda do |r|
160
- r.rodauth
161
- rodauth.require_current_password
162
- r.get("expire", :d){|d| session[:password_changed_at] = Time.now.to_i - d.to_i; r.redirect '/'}
163
- r.root{view :content=>""}
164
- end
165
-
166
- login
167
- page.current_path.must_equal '/change-password'
168
-
169
- visit '/'
170
- page.current_path.must_equal '/change-password'
171
- fill_in 'New Password', :with=>'banana'
172
- fill_in 'Confirm Password', :with=>'banana'
173
- click_button 'Change Password'
174
- page.current_path.must_equal '/'
175
-
176
- visit "/expire/90"
177
- page.current_path.must_equal '/'
178
-
179
- visit "/expire/7200"
180
- page.current_path.must_equal '/change-password'
181
- end
182
-
183
- it "should force password changes via jwt" do
184
- rodauth do
185
- enable :login, :logout, :change_password, :reset_password, :password_expiration
186
- allow_password_change_after 1000
187
- change_password_requires_password? false
188
- reset_password_email_body{reset_password_email_link}
189
- end
190
- roda(:jwt) do |r|
191
- r.rodauth
192
- rodauth.require_current_password
193
- if rodauth.authenticated?
194
- [1]
195
- else
196
- [2]
197
- end
198
- end
199
-
200
- json_request.must_equal [200, [2]]
201
-
202
- res = json_request('/reset-password-request', :login=>'foo@example.com')
203
- res.must_equal [200, {"success"=>"An email has been sent to you with a link to reset the password for your account"}]
204
- link = email_link(/key=.+$/)
205
-
206
- json_login
207
-
208
- res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456', "password-confirm"=>'0123456')
209
- res.must_equal [200, {'success'=>"Your password has been changed"}]
210
-
211
- json_request.must_equal [200, [1]]
212
-
213
- res = json_request('/change-password', :password=>'0123456', "new-password"=>'01234567', "password-confirm"=>'01234567')
214
- res.must_equal [400, {'error'=>"Your password cannot be changed yet"}]
215
-
216
- json_logout
217
-
218
- res = json_request('/reset-password', :key=>link[4..-1], :password=>'01234567', "password-confirm"=>'01234567')
219
- res.must_equal [400, {'error'=>"Your password cannot be changed yet"}]
220
-
221
- DB[:account_password_change_times].update(:changed_at=>Time.now - 1100)
222
- res = json_request('/reset-password', :key=>link[4..-1], :password=>'01234567', "password-confirm"=>'01234567')
223
- res.must_equal [200, {"success"=>"Your password has been reset"}]
224
-
225
- DB[:account_password_change_times].update(:changed_at=>Time.now - 1100)
226
- json_login(:pass=>'01234567')
227
- res = json_request('/change-password', :password=>'01234567', "new-password"=>'012345678', "password-confirm"=>'012345678')
228
- res.must_equal [200, {'success'=>"Your password has been changed"}]
229
-
230
- DB[:account_password_change_times].update(:changed_at=>Time.now - 91*86400)
231
-
232
- json_logout
233
- json_request.must_equal [200, [2]]
234
-
235
- res = json_login(:pass=>'012345678', :no_check=>true)
236
- res.must_equal [400, {'error'=>"Your password has expired and needs to be changed"}]
237
- json_request.must_equal [400, {'error'=>"Your password has expired and needs to be changed"}]
238
-
239
- res = json_request('/change-password', :password=>'012345678', "new-password"=>'012345678a', "password-confirm"=>'012345678a')
240
- res.must_equal [200, {'success'=>"Your password has been changed"}]
241
-
242
- json_request.must_equal [200, [1]]
243
- end
244
- end
@@ -1,93 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth password grace period feature' do
4
- it "should not ask for password again if password was recently entered" do
5
- grace = 300
6
- rodauth do
7
- enable :login, :change_login, :password_grace_period
8
- password_grace_period{grace}
9
- require_login_confirmation? false
10
- end
11
- roda do |r|
12
- r.rodauth
13
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
14
- end
15
-
16
- login
17
- page.body.must_include "Logged In"
18
-
19
- visit '/change-login'
20
- fill_in 'Login', :with=>'foo2@example.com'
21
- click_button 'Change Login'
22
- page.find('#notice_flash').text.must_equal "Your login has been changed"
23
-
24
- grace = -1
25
- visit '/change-login'
26
- fill_in 'Login', :with=>'foo3@example.com'
27
- fill_in 'Password', :with=>'0123456789'
28
- click_button 'Change Login'
29
- page.find('#notice_flash').text.must_equal "Your login has been changed"
30
-
31
- grace = 300
32
- visit '/change-login'
33
- grace = -1
34
- fill_in 'Login', :with=>'foo4@example.com'
35
- click_button 'Change Login'
36
- page.find('#error_flash').text.must_equal "There was an error changing your login"
37
- page.html.must_include("invalid password")
38
-
39
- fill_in 'Password', :with=>'0123456789'
40
- click_button 'Change Login'
41
- page.find('#notice_flash').text.must_equal "Your login has been changed"
42
- end
43
-
44
- it "should not ask for password again directly after creating an account" do
45
- rodauth do
46
- enable :create_account, :change_login, :password_grace_period
47
- require_login_confirmation? false
48
- end
49
- roda do |r|
50
- r.rodauth
51
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
52
- end
53
-
54
- visit '/create-account'
55
- fill_in 'Login', :with=>'foo2@example.com'
56
- fill_in 'Password', :with=>'apple2'
57
- fill_in 'Confirm Password', :with=>'apple2'
58
- click_button 'Create Account'
59
-
60
- visit '/change-login'
61
- fill_in 'Login', :with=>'foo3@example.com'
62
- click_button 'Change Login'
63
- page.find('#notice_flash').text.must_equal "Your login has been changed"
64
- end
65
-
66
- it "should not ask for password again directly after resetting a password" do
67
- rodauth do
68
- enable :login, :reset_password, :change_login, :password_grace_period
69
- require_login_confirmation? false
70
- reset_password_autologin? true
71
- end
72
- roda do |r|
73
- r.rodauth
74
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
75
- end
76
-
77
- login(:pass=>'01234567')
78
- click_button 'Request Password Reset'
79
- link = email_link(/(\/reset-password\?key=.+)$/)
80
- visit link
81
- fill_in 'Password', :with=>'0123456'
82
- fill_in 'Confirm Password', :with=>'0123456'
83
- click_button 'Reset Password'
84
- page.find('#notice_flash').text.must_equal "Your password has been reset"
85
- page.current_path.must_equal '/'
86
-
87
- visit '/change-login'
88
- fill_in 'Login', :with=>'foo2@example.com'
89
- click_button 'Change Login'
90
- page.find('#notice_flash').text.must_equal "Your login has been changed"
91
- end
92
- end
93
-
@@ -1,451 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth remember feature' do
4
- it "should support login via remember token" do
5
- secret = nil
6
- raw_before = Time.now - 100000000
7
- rodauth do
8
- enable :login, :remember
9
- hmac_secret{secret}
10
- raw_remember_token_deadline{raw_before}
11
- end
12
- roda do |r|
13
- r.rodauth
14
- r.get 'load' do
15
- rodauth.load_memory
16
- r.redirect '/'
17
- end
18
- r.root do
19
- if rodauth.logged_in?
20
- if rodauth.logged_in_via_remember_key?
21
- view :content=>"Logged In via Remember"
22
- else
23
- view :content=>"Logged In Normally"
24
- end
25
- else
26
- view :content=>"Not Logged In"
27
- end
28
- end
29
- end
30
-
31
- login
32
- page.body.must_include 'Logged In Normally'
33
-
34
- visit '/load'
35
- page.body.must_include 'Logged In Normally'
36
-
37
- visit '/remember'
38
- click_button 'Change Remember Setting'
39
- page.find('#error_flash').text.must_equal "There was an error updating your remember setting"
40
-
41
- choose 'Remember Me'
42
- click_button 'Change Remember Setting'
43
- page.find('#notice_flash').text.must_equal "Your remember setting has been updated"
44
- page.body.must_include 'Logged In Normally'
45
-
46
- remove_cookie('rack.session')
47
- visit '/'
48
- page.body.must_include 'Not Logged In'
49
-
50
- secret = SecureRandom.random_bytes(32)
51
- visit '/load'
52
- page.body.must_include 'Not Logged In'
53
-
54
- secret = nil
55
- raw_before = Time.now + 100000000
56
- login
57
- visit '/remember'
58
- choose 'Remember Me'
59
- click_button 'Change Remember Setting'
60
- remove_cookie('rack.session')
61
-
62
- secret = SecureRandom.random_bytes(32)
63
- visit '/load'
64
- page.body.must_include 'Logged In via Remember'
65
-
66
- key = get_cookie('_remember')
67
- visit '/remember'
68
- choose 'Forget Me'
69
- click_button 'Change Remember Setting'
70
- page.body.must_include 'Logged In via Remember'
71
-
72
- remove_cookie('rack.session')
73
- visit '/'
74
- page.body.must_include 'Not Logged In'
75
-
76
- visit '/load'
77
- page.body.must_include 'Not Logged In'
78
-
79
- set_cookie('_remember', key)
80
- visit '/load'
81
- page.body.must_include 'Logged In via Remember'
82
-
83
- visit '/remember'
84
- choose 'Disable Remember Me'
85
- click_button 'Change Remember Setting'
86
- page.body.must_include 'Logged In via Remember'
87
-
88
- remove_cookie('rack.session')
89
- visit '/'
90
- page.body.must_include 'Not Logged In'
91
-
92
- set_cookie('_remember', key)
93
- visit '/load'
94
- page.body.must_include 'Not Logged In'
95
-
96
- login
97
- visit '/remember'
98
- choose 'Remember Me'
99
- click_button 'Change Remember Setting'
100
-
101
- secret = SecureRandom.random_bytes(32)
102
- remove_cookie('rack.session')
103
- visit '/load'
104
- page.body.must_include 'Not Logged In'
105
- end
106
-
107
- it "should forget remember token when explicitly logging out" do
108
- rodauth do
109
- enable :login, :logout, :remember
110
- end
111
- roda do |r|
112
- r.rodauth
113
- r.get 'load' do
114
- rodauth.load_memory
115
- r.redirect '/'
116
- end
117
- r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
118
- end
119
-
120
- login
121
- page.body.must_equal 'Logged In'
122
-
123
- visit '/remember'
124
- choose 'Remember Me'
125
- click_button 'Change Remember Setting'
126
- page.body.must_equal 'Logged In'
127
-
128
- logout
129
-
130
- visit '/'
131
- page.body.must_equal 'Not Logged In'
132
-
133
- visit '/load'
134
- page.body.must_equal 'Not Logged In'
135
- end
136
-
137
- it "should remove cookie if cookie is no longer valid" do
138
- rodauth do
139
- enable :login, :remember
140
- skip_status_checks? false
141
- end
142
- roda do |r|
143
- r.rodauth
144
- r.get 'load' do
145
- rodauth.load_memory
146
- r.redirect '/'
147
- end
148
- r.root do
149
- if rodauth.logged_in?
150
- if rodauth.logged_in_via_remember_key?
151
- view :content=>"Logged In via Remember"
152
- else
153
- view :content=>"Logged In Normally"
154
- end
155
- else
156
- view :content=>"Not Logged In"
157
- end
158
- end
159
- end
160
-
161
- login
162
- visit '/remember'
163
- choose 'Remember Me'
164
- click_button 'Change Remember Setting'
165
- page.body.must_include 'Logged In Normally'
166
-
167
- cookie = get_cookie('_remember')
168
- remove_cookie('rack.session')
169
-
170
- rk = DB[:account_remember_keys].first
171
- DB[:account_remember_keys].update(:key=>rk[:key][0...-1])
172
- visit '/load'
173
- page.body.must_include 'Not Logged In'
174
- get_cookie('_remember').must_equal ""
175
-
176
- DB[:account_remember_keys].delete
177
- set_cookie('_remember', cookie)
178
- visit '/load'
179
- page.body.must_include 'Not Logged In'
180
- get_cookie('_remember').must_equal ""
181
-
182
- DB[:account_remember_keys].insert(rk)
183
- DB[:accounts].update(:status_id=>3)
184
- set_cookie('_remember', cookie)
185
- visit '/load'
186
- page.body.must_include 'Not Logged In'
187
- get_cookie('_remember').must_equal ""
188
- DB[:account_remember_keys].must_be :empty?
189
- end
190
-
191
- it "should support clearing remembered flag" do
192
- rodauth do
193
- enable :login, :remember
194
- end
195
- roda do |r|
196
- r.rodauth
197
- r.get 'load' do
198
- rodauth.load_memory
199
- r.redirect '/'
200
- end
201
- r.root do
202
- if rodauth.logged_in?
203
- if rodauth.logged_in_via_remember_key?
204
- view :content=>"Logged In via Remember"
205
- else
206
- view :content=>"Logged In Normally"
207
- end
208
- else
209
- view :content=>"Not Logged In"
210
- end
211
- end
212
- end
213
-
214
- login
215
- page.body.must_include 'Logged In Normally'
216
-
217
- visit '/remember'
218
- choose 'Remember Me'
219
- click_button 'Change Remember Setting'
220
- page.body.must_include 'Logged In Normally'
221
-
222
- remove_cookie('rack.session')
223
- visit '/'
224
- page.body.must_include 'Not Logged In'
225
-
226
- visit '/load'
227
- page.body.must_include 'Logged In via Remember'
228
-
229
- visit '/confirm-password'
230
- fill_in 'Password', :with=>'012345678'
231
- click_button 'Confirm Password'
232
- page.find('#error_flash').text.must_equal "There was an error confirming your password"
233
- page.html.must_include("invalid password")
234
-
235
- fill_in 'Password', :with=>'0123456789'
236
- click_button 'Confirm Password'
237
- page.find('#notice_flash').text.must_equal "Your password has been confirmed"
238
- page.body.must_include 'Logged In Normally'
239
- end
240
-
241
- it "should support extending remember token" do
242
- rodauth do
243
- enable :login, :remember
244
- extend_remember_deadline? true
245
- remember_period :days=>30
246
- end
247
- roda do |r|
248
- r.rodauth
249
- r.get 'load' do
250
- rodauth.load_memory
251
- r.redirect '/'
252
- end
253
- r.root{rodauth.logged_in? ? "Logged In#{session[rodauth.remembered_session_key]}" : "Not Logged In"}
254
- end
255
-
256
- login
257
-
258
- visit '/remember'
259
- choose 'Remember Me'
260
- click_button 'Change Remember Setting'
261
- deadline = DB[:account_remember_keys].get(:deadline)
262
- deadline = Time.parse(deadline) if deadline.is_a?(String)
263
- deadline.must_be(:<, Time.now + 15*86400)
264
-
265
- remove_cookie('rack.session')
266
- visit '/'
267
- page.body.must_equal 'Not Logged In'
268
-
269
- old_expiration = page.driver.browser.rack_mock_session.cookie_jar.instance_variable_get(:@cookies).first.expires
270
- visit '/load'
271
- page.body.must_equal 'Logged Intrue'
272
- new_expiration = page.driver.browser.rack_mock_session.cookie_jar.instance_variable_get(:@cookies).first.expires
273
- new_expiration.must_be :>=, old_expiration
274
- deadline = DB[:account_remember_keys].get(:deadline)
275
- deadline = Time.parse(deadline) if deadline.is_a?(String)
276
- deadline.must_be(:>, Time.now + 29*86400)
277
- end
278
-
279
- it "should clear remember token when closing account" do
280
- rodauth do
281
- enable :login, :remember, :close_account
282
- end
283
- roda do |r|
284
- r.rodauth
285
- rodauth.load_memory
286
- r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
287
- end
288
-
289
- login
290
-
291
- visit '/remember'
292
- choose 'Remember Me'
293
- click_button 'Change Remember Setting'
294
- DB[:account_remember_keys].count.must_equal 1
295
-
296
- visit '/close-account'
297
- fill_in 'Password', :with=>'0123456789'
298
- click_button 'Close Account'
299
- DB[:account_remember_keys].count.must_equal 0
300
- end
301
-
302
- it "should not use remember token if the account is not open" do
303
- rodauth do
304
- enable :login, :remember
305
- skip_status_checks? false
306
- end
307
- roda do |r|
308
- r.rodauth
309
- r.get 'load' do
310
- rodauth.load_memory
311
- r.redirect '/'
312
- end
313
- r.root do
314
- if rodauth.logged_in?
315
- if rodauth.logged_in_via_remember_key?
316
- "Logged In via Remember"
317
- else
318
- "Logged In Normally"
319
- end
320
- else
321
- "Not Logged In"
322
- end
323
- end
324
- end
325
-
326
- login
327
- page.body.must_equal 'Logged In Normally'
328
-
329
- visit '/load'
330
- page.body.must_equal 'Logged In Normally'
331
-
332
- visit '/remember'
333
- choose 'Remember Me'
334
- click_button 'Change Remember Setting'
335
- page.body.must_equal 'Logged In Normally'
336
-
337
- remove_cookie('rack.session')
338
- visit '/'
339
- page.body.must_equal 'Not Logged In'
340
-
341
- DB[:accounts].update(:status_id=>3)
342
-
343
- visit '/load'
344
- page.body.must_equal 'Not Logged In'
345
- end
346
-
347
- it "should handle uniqueness errors raised when inserting remember token" do
348
- rodauth do
349
- enable :login, :remember
350
- end
351
- roda do |r|
352
- def rodauth.raised_uniqueness_violation(*) super; true; end
353
- r.rodauth
354
- r.get 'load' do
355
- rodauth.load_memory
356
- r.redirect '/'
357
- end
358
- r.root do
359
- if rodauth.logged_in?
360
- if rodauth.logged_in_via_remember_key?
361
- "Logged In via Remember"
362
- else
363
- "Logged In Normally"
364
- end
365
- else
366
- "Not Logged In"
367
- end
368
- end
369
- end
370
-
371
- login
372
-
373
- visit '/remember'
374
- choose 'Remember Me'
375
- click_button 'Change Remember Setting'
376
- page.body.must_equal 'Logged In Normally'
377
- end
378
-
379
- it "should support login via remember token via jwt" do
380
- rodauth do
381
- enable :login, :remember
382
- end
383
- roda(:jwt) do |r|
384
- r.rodauth
385
-
386
- r.post 'load' do
387
- rodauth.load_memory
388
- [4]
389
- end
390
-
391
- if rodauth.logged_in?
392
- if rodauth.logged_in_via_remember_key?
393
- [1]
394
- else
395
- [2]
396
- end
397
- else
398
- [3]
399
- end
400
- end
401
-
402
- json_request.must_equal [200, [3]]
403
- json_login
404
- json_request.must_equal [200, [2]]
405
-
406
- json_request('/load').must_equal [200, [4]]
407
- json_request.must_equal [200, [2]]
408
-
409
- res = json_request('/remember', :remember=>'remember')
410
- res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
411
-
412
- @authorization = nil
413
- json_request.must_equal [200, [3]]
414
- json_request('/load').must_equal [200, [4]]
415
- json_request.must_equal [200, [1]]
416
-
417
- cookie = @cookie
418
- res = json_request('/remember', :remember=>'forget')
419
- res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
420
- json_request.must_equal [200, [1]]
421
-
422
- @cookie = nil
423
- @authorization = nil
424
- json_request.must_equal [200, [3]]
425
-
426
- json_request('/load').must_equal [200, [4]]
427
- json_request.must_equal [200, [3]]
428
-
429
- @cookie = cookie
430
- json_request('/load').must_equal [200, [4]]
431
- json_request.must_equal [200, [1]]
432
-
433
- res = json_request('/confirm-password', :password=>'123456')
434
- res.must_equal [401, {'error'=>"There was an error confirming your password", "field-error"=>["password", "invalid password"]}]
435
-
436
- res = json_request('/confirm-password', :password=>'0123456789')
437
- res.must_equal [200, {'success'=>"Your password has been confirmed"}]
438
- json_request.must_equal [200, [2]]
439
-
440
- res = json_request('/remember', :remember=>'disable')
441
- res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
442
-
443
- @authorization = nil
444
- @cookie = nil
445
- json_request.must_equal [200, [3]]
446
-
447
- @cookie = cookie
448
- json_request('/load').must_equal [200, [4]]
449
- json_request.must_equal [200, [3]]
450
- end
451
- end