rodauth 1.21.0 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (200) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +182 -0
  3. data/MIT-LICENSE +1 -1
  4. data/README.rdoc +211 -79
  5. data/doc/account_expiration.rdoc +12 -26
  6. data/doc/active_sessions.rdoc +49 -0
  7. data/doc/audit_logging.rdoc +44 -0
  8. data/doc/base.rdoc +75 -128
  9. data/doc/change_login.rdoc +7 -14
  10. data/doc/change_password.rdoc +9 -13
  11. data/doc/change_password_notify.rdoc +2 -2
  12. data/doc/close_account.rdoc +9 -16
  13. data/doc/confirm_password.rdoc +12 -5
  14. data/doc/create_account.rdoc +11 -22
  15. data/doc/disallow_password_reuse.rdoc +6 -13
  16. data/doc/email_auth.rdoc +15 -14
  17. data/doc/email_base.rdoc +6 -15
  18. data/doc/guides/admin_activation.rdoc +46 -0
  19. data/doc/guides/already_authenticated.rdoc +10 -0
  20. data/doc/guides/alternative_login.rdoc +46 -0
  21. data/doc/guides/create_account_programmatically.rdoc +38 -0
  22. data/doc/guides/delay_password.rdoc +25 -0
  23. data/doc/guides/email_only.rdoc +16 -0
  24. data/doc/guides/i18n.rdoc +26 -0
  25. data/doc/{internals.rdoc → guides/internals.rdoc} +0 -0
  26. data/doc/guides/links.rdoc +12 -0
  27. data/doc/guides/login_return.rdoc +37 -0
  28. data/doc/guides/password_column.rdoc +25 -0
  29. data/doc/guides/password_confirmation.rdoc +37 -0
  30. data/doc/guides/password_requirements.rdoc +30 -0
  31. data/doc/guides/paths.rdoc +36 -0
  32. data/doc/guides/query_params.rdoc +9 -0
  33. data/doc/guides/redirects.rdoc +17 -0
  34. data/doc/guides/registration_field.rdoc +68 -0
  35. data/doc/guides/require_mfa.rdoc +30 -0
  36. data/doc/guides/reset_password_autologin.rdoc +21 -0
  37. data/doc/guides/status_column.rdoc +28 -0
  38. data/doc/guides/totp_or_recovery.rdoc +16 -0
  39. data/doc/http_basic_auth.rdoc +10 -1
  40. data/doc/jwt.rdoc +22 -22
  41. data/doc/jwt_cors.rdoc +22 -0
  42. data/doc/jwt_refresh.rdoc +18 -8
  43. data/doc/lockout.rdoc +17 -15
  44. data/doc/login.rdoc +10 -2
  45. data/doc/login_password_requirements_base.rdoc +15 -37
  46. data/doc/logout.rdoc +2 -2
  47. data/doc/otp.rdoc +25 -19
  48. data/doc/password_complexity.rdoc +10 -26
  49. data/doc/password_expiration.rdoc +11 -25
  50. data/doc/password_grace_period.rdoc +16 -2
  51. data/doc/recovery_codes.rdoc +18 -12
  52. data/doc/release_notes/1.22.0.txt +11 -0
  53. data/doc/release_notes/1.23.0.txt +32 -0
  54. data/doc/release_notes/2.0.0.txt +361 -0
  55. data/doc/release_notes/2.1.0.txt +31 -0
  56. data/doc/release_notes/2.2.0.txt +39 -0
  57. data/doc/remember.rdoc +40 -64
  58. data/doc/reset_password.rdoc +12 -9
  59. data/doc/session_expiration.rdoc +1 -0
  60. data/doc/single_session.rdoc +16 -25
  61. data/doc/sms_codes.rdoc +24 -14
  62. data/doc/two_factor_base.rdoc +60 -22
  63. data/doc/verify_account.rdoc +14 -12
  64. data/doc/verify_account_grace_period.rdoc +6 -2
  65. data/doc/verify_login_change.rdoc +9 -8
  66. data/doc/webauthn.rdoc +115 -0
  67. data/doc/webauthn_login.rdoc +15 -0
  68. data/doc/webauthn_verify_account.rdoc +9 -0
  69. data/javascript/webauthn_auth.js +45 -0
  70. data/javascript/webauthn_setup.js +35 -0
  71. data/lib/roda/plugins/rodauth.rb +1 -1
  72. data/lib/rodauth.rb +36 -28
  73. data/lib/rodauth/features/account_expiration.rb +5 -5
  74. data/lib/rodauth/features/active_sessions.rb +158 -0
  75. data/lib/rodauth/features/audit_logging.rb +98 -0
  76. data/lib/rodauth/features/base.rb +144 -43
  77. data/lib/rodauth/features/change_password_notify.rb +2 -2
  78. data/lib/rodauth/features/confirm_password.rb +40 -2
  79. data/lib/rodauth/features/create_account.rb +8 -13
  80. data/lib/rodauth/features/disallow_common_passwords.rb +1 -1
  81. data/lib/rodauth/features/disallow_password_reuse.rb +1 -1
  82. data/lib/rodauth/features/email_auth.rb +31 -30
  83. data/lib/rodauth/features/email_base.rb +9 -4
  84. data/lib/rodauth/features/http_basic_auth.rb +55 -35
  85. data/lib/rodauth/features/jwt.rb +63 -16
  86. data/lib/rodauth/features/jwt_cors.rb +53 -0
  87. data/lib/rodauth/features/jwt_refresh.rb +32 -9
  88. data/lib/rodauth/features/lockout.rb +12 -14
  89. data/lib/rodauth/features/login.rb +54 -10
  90. data/lib/rodauth/features/login_password_requirements_base.rb +4 -4
  91. data/lib/rodauth/features/otp.rb +77 -80
  92. data/lib/rodauth/features/password_complexity.rb +8 -13
  93. data/lib/rodauth/features/password_expiration.rb +2 -2
  94. data/lib/rodauth/features/password_grace_period.rb +17 -10
  95. data/lib/rodauth/features/recovery_codes.rb +49 -53
  96. data/lib/rodauth/features/remember.rb +11 -27
  97. data/lib/rodauth/features/reset_password.rb +26 -26
  98. data/lib/rodauth/features/session_expiration.rb +6 -4
  99. data/lib/rodauth/features/single_session.rb +8 -6
  100. data/lib/rodauth/features/sms_codes.rb +62 -72
  101. data/lib/rodauth/features/two_factor_base.rb +134 -30
  102. data/lib/rodauth/features/verify_account.rb +29 -21
  103. data/lib/rodauth/features/verify_account_grace_period.rb +18 -9
  104. data/lib/rodauth/features/verify_login_change.rb +12 -11
  105. data/lib/rodauth/features/webauthn.rb +505 -0
  106. data/lib/rodauth/features/webauthn_login.rb +70 -0
  107. data/lib/rodauth/features/webauthn_verify_account.rb +46 -0
  108. data/lib/rodauth/version.rb +2 -2
  109. data/templates/button.str +1 -3
  110. data/templates/change-login.str +1 -2
  111. data/templates/change-password.str +3 -5
  112. data/templates/close-account.str +2 -2
  113. data/templates/confirm-password.str +1 -1
  114. data/templates/create-account.str +1 -1
  115. data/templates/email-auth-email.str +1 -1
  116. data/templates/email-auth-request-form.str +2 -3
  117. data/templates/email-auth.str +1 -1
  118. data/templates/global-logout-field.str +6 -0
  119. data/templates/login-confirm-field.str +2 -4
  120. data/templates/login-display.str +3 -2
  121. data/templates/login-field.str +2 -4
  122. data/templates/login-form-footer.str +6 -0
  123. data/templates/login-form.str +7 -0
  124. data/templates/login.str +1 -9
  125. data/templates/logout.str +1 -1
  126. data/templates/multi-phase-login.str +3 -0
  127. data/templates/otp-auth-code-field.str +5 -3
  128. data/templates/otp-auth.str +1 -1
  129. data/templates/otp-disable.str +1 -1
  130. data/templates/otp-setup.str +3 -3
  131. data/templates/password-confirm-field.str +2 -4
  132. data/templates/password-field.str +2 -4
  133. data/templates/recovery-auth.str +3 -6
  134. data/templates/recovery-codes.str +1 -1
  135. data/templates/remember.str +15 -20
  136. data/templates/reset-password-email.str +1 -1
  137. data/templates/reset-password-request.str +3 -3
  138. data/templates/reset-password.str +1 -2
  139. data/templates/sms-auth.str +1 -1
  140. data/templates/sms-code-field.str +5 -3
  141. data/templates/sms-confirm.str +1 -2
  142. data/templates/sms-disable.str +1 -2
  143. data/templates/sms-request.str +1 -1
  144. data/templates/sms-setup.str +6 -4
  145. data/templates/two-factor-auth.str +5 -0
  146. data/templates/two-factor-disable.str +6 -0
  147. data/templates/two-factor-manage.str +16 -0
  148. data/templates/unlock-account-email.str +1 -1
  149. data/templates/unlock-account-request.str +4 -4
  150. data/templates/unlock-account.str +1 -1
  151. data/templates/verify-account-email.str +1 -1
  152. data/templates/verify-account-resend.str +3 -3
  153. data/templates/verify-account.str +1 -2
  154. data/templates/verify-login-change-email.str +2 -1
  155. data/templates/verify-login-change.str +1 -1
  156. data/templates/webauthn-auth.str +11 -0
  157. data/templates/webauthn-remove.str +14 -0
  158. data/templates/webauthn-setup.str +12 -0
  159. metadata +110 -52
  160. data/Rakefile +0 -179
  161. data/doc/verify_change_login.rdoc +0 -11
  162. data/lib/rodauth/features/verify_change_login.rb +0 -20
  163. data/spec/account_expiration_spec.rb +0 -225
  164. data/spec/all.rb +0 -1
  165. data/spec/change_login_spec.rb +0 -156
  166. data/spec/change_password_notify_spec.rb +0 -33
  167. data/spec/change_password_spec.rb +0 -202
  168. data/spec/close_account_spec.rb +0 -162
  169. data/spec/confirm_password_spec.rb +0 -70
  170. data/spec/create_account_spec.rb +0 -127
  171. data/spec/disallow_common_passwords_spec.rb +0 -93
  172. data/spec/disallow_password_reuse_spec.rb +0 -179
  173. data/spec/email_auth_spec.rb +0 -285
  174. data/spec/http_basic_auth_spec.rb +0 -143
  175. data/spec/jwt_refresh_spec.rb +0 -256
  176. data/spec/jwt_spec.rb +0 -235
  177. data/spec/lockout_spec.rb +0 -250
  178. data/spec/login_spec.rb +0 -328
  179. data/spec/migrate/001_tables.rb +0 -184
  180. data/spec/migrate/002_account_password_hash_column.rb +0 -11
  181. data/spec/migrate_password/001_tables.rb +0 -73
  182. data/spec/migrate_travis/001_tables.rb +0 -141
  183. data/spec/password_complexity_spec.rb +0 -109
  184. data/spec/password_expiration_spec.rb +0 -244
  185. data/spec/password_grace_period_spec.rb +0 -93
  186. data/spec/remember_spec.rb +0 -451
  187. data/spec/reset_password_spec.rb +0 -229
  188. data/spec/rodauth_spec.rb +0 -343
  189. data/spec/session_expiration_spec.rb +0 -58
  190. data/spec/single_session_spec.rb +0 -127
  191. data/spec/spec_helper.rb +0 -327
  192. data/spec/two_factor_spec.rb +0 -1462
  193. data/spec/update_password_hash_spec.rb +0 -40
  194. data/spec/verify_account_grace_period_spec.rb +0 -171
  195. data/spec/verify_account_spec.rb +0 -240
  196. data/spec/verify_change_login_spec.rb +0 -46
  197. data/spec/verify_login_change_spec.rb +0 -232
  198. data/spec/views/layout-other.str +0 -11
  199. data/spec/views/layout.str +0 -11
  200. data/spec/views/login.str +0 -21
@@ -1,40 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth update_password feature' do
4
- [false, true].each do |ph|
5
- it "should support updating passwords for accounts #{'with account_password_hash_column' if ph} if hash cost changes" do
6
- cost = BCrypt::Engine::MIN_COST
7
- rodauth do
8
- enable :login, :logout, :update_password_hash
9
- account_password_hash_column :ph if ph
10
- password_hash_cost{cost}
11
- end
12
- roda do |r|
13
- r.rodauth
14
- next unless rodauth.logged_in?
15
- rodauth.account_from_session
16
- r.root{rodauth.send(:get_password_hash)}
17
- end
18
-
19
- login
20
- content = page.html
21
-
22
- logout
23
- login
24
- page.current_path.must_equal '/'
25
- content.must_equal page.html
26
-
27
- cost += 1
28
- logout
29
- login
30
- new_content = page.html
31
- page.current_path.must_equal '/'
32
- content.wont_equal new_content
33
-
34
- logout
35
- login
36
- page.current_path.must_equal '/'
37
- new_content.must_equal page.html
38
- end
39
- end
40
- end
@@ -1,171 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth verify_account_grace_period feature' do
4
- it "should support grace periods when verifying accounts" do
5
- rodauth do
6
- enable :login, :logout, :change_password, :create_account, :verify_account_grace_period
7
- change_password_requires_password? false
8
- end
9
- roda do |r|
10
- r.rodauth
11
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
12
- end
13
-
14
- visit '/create-account'
15
- fill_in 'Login', :with=>'foo@example2.com'
16
- fill_in 'Confirm Login', :with=>'foo@example2.com'
17
- fill_in 'Password', :with=>'0123456789'
18
- fill_in 'Confirm Password', :with=>'0123456789'
19
- click_button 'Create Account'
20
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
21
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
22
- page.body.must_include('Logged Infalse')
23
- page.current_path.must_equal '/'
24
-
25
- logout
26
- login(:login=>'foo@example2.com')
27
- page.body.must_include('Logged Infalse')
28
-
29
- visit '/change-password'
30
- fill_in 'New Password', :with=>'012345678'
31
- fill_in 'Confirm Password', :with=>'012345678'
32
- click_button 'Change Password'
33
- page.find('#notice_flash').text.must_equal "Your password has been changed"
34
-
35
- DB[:account_verification_keys].update(:requested_at=>Time.now - 100000)
36
-
37
- logout
38
- login(:login=>'foo@example2.com', :pass=>'012345678')
39
- page.find('#error_flash').text.must_equal 'The account you tried to login with is currently awaiting verification'
40
- visit '/'
41
- page.body.must_include('Not Logged')
42
-
43
- visit link
44
- click_button 'Verify Account'
45
- page.find('#notice_flash').text.must_equal "Your account has been verified"
46
- page.body.must_include('Logged Intrue')
47
- end
48
-
49
- it "should resend verify account email if attempting to create new account with same login" do
50
- rodauth do
51
- enable :login, :logout, :change_password, :create_account, :verify_account_grace_period
52
- change_password_requires_password? false
53
- end
54
- roda do |r|
55
- r.rodauth
56
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
57
- end
58
-
59
- visit '/create-account'
60
- fill_in 'Login', :with=>'foo@example2.com'
61
- fill_in 'Confirm Login', :with=>'foo@example2.com'
62
- fill_in 'Password', :with=>'0123456789'
63
- fill_in 'Confirm Password', :with=>'0123456789'
64
- click_button 'Create Account'
65
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
66
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
67
- page.body.must_include('Logged Infalse')
68
- page.current_path.must_equal '/'
69
-
70
- logout
71
- visit '/create-account'
72
- fill_in 'Login', :with=>'foo@example2.com'
73
- click_button 'Create Account'
74
- click_button 'Send Verification Email Again'
75
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
76
- page.current_path.must_equal '/'
77
- email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
78
-
79
- visit link
80
- click_button 'Verify Account'
81
- page.find('#notice_flash').text.must_equal "Your account has been verified"
82
- page.body.must_include('Logged Intrue')
83
- end
84
-
85
- it "should not allow changing logins for unverified accounts" do
86
- rodauth do
87
- enable :login, :logout, :change_login, :verify_account_grace_period
88
- change_login_requires_password? false
89
- end
90
- roda do |r|
91
- r.rodauth
92
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
93
- end
94
-
95
- visit '/create-account'
96
- fill_in 'Login', :with=>'foo@example2.com'
97
- fill_in 'Confirm Login', :with=>'foo@example2.com'
98
- fill_in 'Password', :with=>'0123456789'
99
- fill_in 'Confirm Password', :with=>'0123456789'
100
- click_button 'Create Account'
101
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
102
-
103
- visit '/change-login'
104
- page.find('#error_flash').text.must_equal "Cannot change login for unverified account. Please verify this account before changing the login."
105
- page.current_path.must_equal '/'
106
-
107
- visit link
108
- click_button 'Verify Account'
109
- page.find('#notice_flash').text.must_equal "Your account has been verified"
110
- page.body.must_include('Logged Intrue')
111
-
112
- visit '/change-login'
113
- fill_in 'Login', :with=>'foo3@example.com'
114
- fill_in 'Confirm Login', :with=>'foo3@example.com'
115
- click_button 'Change Login'
116
- page.find('#notice_flash').text.must_equal "Your login has been changed"
117
- page.current_path.must_equal '/'
118
- end
119
-
120
- it "should allow verifying accounts while logged in during grace period" do
121
- rodauth do
122
- enable :login, :verify_account_grace_period
123
- already_logged_in{request.redirect '/'}
124
- end
125
- roda do |r|
126
- r.rodauth
127
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
128
- end
129
-
130
- visit '/create-account'
131
- fill_in 'Login', :with=>'foo@example2.com'
132
- fill_in 'Confirm Login', :with=>'foo@example2.com'
133
- fill_in 'Password', :with=>'0123456789'
134
- fill_in 'Confirm Password', :with=>'0123456789'
135
- click_button 'Create Account'
136
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
137
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
138
- page.body.must_include('Logged Infalse')
139
- page.current_path.must_equal '/'
140
-
141
- visit link
142
- click_button 'Verify Account'
143
- page.find('#notice_flash').text.must_equal "Your account has been verified"
144
- page.body.must_include('Logged Intrue')
145
- end
146
-
147
- it "should remove verify keys if closing unverified accounts" do
148
- rodauth do
149
- enable :login, :close_account, :verify_account_grace_period
150
- already_logged_in{request.redirect '/'}
151
- close_account_requires_password? false
152
- end
153
- roda do |r|
154
- r.rodauth
155
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
156
- end
157
-
158
- visit '/create-account'
159
- fill_in 'Login', :with=>'foo@example2.com'
160
- fill_in 'Confirm Login', :with=>'foo@example2.com'
161
- fill_in 'Password', :with=>'0123456789'
162
- fill_in 'Confirm Password', :with=>'0123456789'
163
- click_button 'Create Account'
164
- email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
165
-
166
- visit '/close-account'
167
- click_button 'Close Account'
168
- page.find('#notice_flash').text.must_equal "Your account has been closed"
169
- DB[:account_verification_keys].must_be :empty?
170
- end
171
- end
@@ -1,240 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth verify_account feature' do
4
- it "should support verifying accounts" do
5
- last_sent_column = nil
6
- secret = nil
7
- allow_raw_token = false
8
- rodauth do
9
- enable :login, :create_account, :verify_account
10
- verify_account_autologin? false
11
- verify_account_email_last_sent_column{last_sent_column}
12
- hmac_secret{secret}
13
- allow_raw_email_token?{allow_raw_token}
14
- end
15
- roda do |r|
16
- r.rodauth
17
- r.root{view :content=>""}
18
- end
19
-
20
- visit '/create-account'
21
- fill_in 'Login', :with=>'foo@example2.com'
22
- fill_in 'Confirm Login', :with=>'foo@example2.com'
23
- fill_in 'Password', :with=>'0123456789'
24
- fill_in 'Confirm Password', :with=>'0123456789'
25
- click_button 'Create Account'
26
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
27
- page.current_path.must_equal '/'
28
-
29
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
30
- login(:login=>'foo@example2.com')
31
- page.find('#error_flash').text.must_equal 'The account you tried to login with is currently awaiting verification'
32
- page.html.must_include("If you no longer have the email to verify the account, you can request that it be resent to you")
33
- click_button 'Send Verification Email Again'
34
- page.current_path.must_equal '/'
35
- email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
36
-
37
- visit '/login'
38
- click_link 'Resend Verify Account Information'
39
- fill_in 'Login', :with=>'foo@example2.com'
40
- click_button 'Send Verification Email Again'
41
- page.current_path.must_equal '/'
42
- email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
43
-
44
- visit '/login'
45
- last_sent_column = :email_last_sent
46
- click_link 'Resend Verify Account Information'
47
- fill_in 'Login', :with=>'foo@example2.com'
48
- click_button 'Send Verification Email Again'
49
- page.current_path.must_equal '/'
50
- page.find('#error_flash').text.must_equal "An email has recently been sent to you with a link to verify your account"
51
- Mail::TestMailer.deliveries.must_equal []
52
-
53
- visit '/login'
54
- DB[:account_verification_keys].update(:email_last_sent => Time.now - 250).must_equal 1
55
- click_link 'Resend Verify Account Information'
56
- fill_in 'Login', :with=>'foo@example2.com'
57
- click_button 'Send Verification Email Again'
58
- page.current_path.must_equal '/'
59
- page.find('#error_flash').text.must_equal "An email has recently been sent to you with a link to verify your account"
60
- Mail::TestMailer.deliveries.must_equal []
61
-
62
- visit '/login'
63
- DB[:account_verification_keys].update(:email_last_sent => Time.now - 350).must_equal 1
64
- click_link 'Resend Verify Account Information'
65
- fill_in 'Login', :with=>'foo@example2.com'
66
- click_button 'Send Verification Email Again'
67
- page.current_path.must_equal '/'
68
- email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
69
-
70
- DB[:account_verification_keys].update(:email_last_sent => Time.now - 350).must_equal 1
71
- visit '/create-account'
72
- fill_in 'Login', :with=>'foo@example2.com'
73
- click_button 'Create Account'
74
- click_button 'Send Verification Email Again'
75
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
76
- page.current_path.must_equal '/'
77
-
78
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
79
- visit link[0...-1]
80
- page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
81
-
82
- secret = SecureRandom.random_bytes(32)
83
- visit link
84
- page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
85
-
86
- allow_raw_token = true
87
- visit link
88
- click_button 'Verify Account'
89
- page.find('#notice_flash').text.must_equal "Your account has been verified"
90
- page.current_path.must_equal '/'
91
-
92
- login(:login=>'foo@example2.com')
93
- page.find('#notice_flash').text.must_equal 'You have been logged in'
94
- page.current_path.must_equal '/'
95
- end
96
-
97
- [false, true].each do |ph|
98
- it "should support setting passwords when verifying accounts #{'with account_password_hash_column' if ph}" do
99
- initial_secret = secret = SecureRandom.random_bytes(32)
100
- rodauth do
101
- enable :login, :create_account, :verify_account
102
- account_password_hash_column :ph if ph
103
- verify_account_autologin? false
104
- verify_account_set_password? true
105
- hmac_secret{secret}
106
- end
107
- roda do |r|
108
- r.rodauth
109
- r.root{view :content=>""}
110
- end
111
-
112
- visit '/create-account'
113
- fill_in 'Login', :with=>'foo@example2.com'
114
- fill_in 'Confirm Login', :with=>'foo@example2.com'
115
- click_button 'Create Account'
116
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
117
-
118
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
119
-
120
- secret = SecureRandom.random_bytes(32)
121
- visit link
122
- page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
123
-
124
- secret = initial_secret
125
- visit link
126
- fill_in 'Password', :with=>'0123456789'
127
- fill_in 'Confirm Password', :with=>'012345678'
128
- click_button 'Verify Account'
129
- page.html.must_include("passwords do not match")
130
- page.find('#error_flash').text.must_equal "Unable to verify account"
131
-
132
- fill_in 'Password', :with=>'0123'
133
- fill_in 'Confirm Password', :with=>'0123'
134
- click_button 'Verify Account'
135
- page.html.must_include("invalid password, does not meet requirements (minimum 6 characters)")
136
- page.find('#error_flash').text.must_equal "Unable to verify account"
137
-
138
- fill_in 'Password', :with=>'0123456789'
139
- fill_in 'Confirm Password', :with=>'0123456789'
140
- click_button 'Verify Account'
141
- page.find('#notice_flash').text.must_equal "Your account has been verified"
142
- page.current_path.must_equal '/'
143
-
144
- login(:login=>'foo@example2.com', :password=>'0123456789')
145
- page.find('#notice_flash').text.must_equal 'You have been logged in'
146
- page.current_path.must_equal '/'
147
- end
148
- end
149
-
150
- it "should support autologin when verifying accounts" do
151
- rodauth do
152
- enable :login, :create_account, :verify_account
153
- end
154
- roda do |r|
155
- r.rodauth
156
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
157
- end
158
-
159
- visit '/create-account'
160
- fill_in 'Login', :with=>'foo@example2.com'
161
- fill_in 'Confirm Login', :with=>'foo@example2.com'
162
- fill_in 'Password', :with=>'0123456789'
163
- fill_in 'Confirm Password', :with=>'0123456789'
164
- click_button 'Create Account'
165
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
166
- page.current_path.must_equal '/'
167
-
168
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
169
- visit link
170
- click_button 'Verify Account'
171
- page.find('#notice_flash').text.must_equal "Your account has been verified"
172
- page.body.must_include 'Logged In'
173
- end
174
-
175
- it "should handle uniqueness errors raised when inserting verify account token" do
176
- rodauth do
177
- enable :login, :verify_account
178
- end
179
- roda do |r|
180
- def rodauth.raised_uniqueness_violation(*) super; true; end
181
- r.rodauth
182
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
183
- end
184
-
185
- visit '/create-account'
186
- fill_in 'Login', :with=>'foo@example2.com'
187
- fill_in 'Confirm Login', :with=>'foo@example2.com'
188
- fill_in 'Password', :with=>'0123456789'
189
- fill_in 'Confirm Password', :with=>'0123456789'
190
- click_button 'Create Account'
191
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
192
- page.current_path.must_equal '/'
193
-
194
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
195
- visit link
196
- click_button 'Verify Account'
197
- page.find('#notice_flash').text.must_equal "Your account has been verified"
198
- page.body.must_include 'Logged In'
199
- end
200
-
201
- it "should support verifying accounts via jwt" do
202
- rodauth do
203
- enable :login, :create_account, :verify_account
204
- verify_account_autologin? false
205
- verify_account_email_body{verify_account_email_link}
206
- end
207
- roda(:jwt) do |r|
208
- r.rodauth
209
- r.root{view :content=>""}
210
- end
211
-
212
- res = json_request('/create-account', :login=>'foo@example2.com', "login-confirm"=>'foo@example2.com', :password=>'0123456789', "password-confirm"=>'0123456789')
213
- res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your account"}]
214
- link = email_link(/key=.+$/, 'foo@example2.com')
215
-
216
- res = json_request('/verify-account-resend', :login=>'foo@example.com')
217
- res.must_equal [401, {'error'=>"Unable to resend verify account email"}]
218
-
219
- res = json_request('/verify-account-resend', :login=>'foo@example3.com')
220
- res.must_equal [401, {'error'=>"Unable to resend verify account email"}]
221
-
222
- res = json_request('/login', :login=>'foo@example2.com',:password=>'0123456789')
223
- res.must_equal [403, {'error'=>"The account you tried to login with is currently awaiting verification"}]
224
-
225
- res = json_request('/verify-account-resend', :login=>'foo@example2.com')
226
- res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your account"}]
227
- email_link(/key=.+$/, 'foo@example2.com').must_equal link
228
-
229
- res = json_request('/verify-account')
230
- res.must_equal [401, {'error'=>"Unable to verify account"}]
231
-
232
- res = json_request('/verify-account', :key=>link[4...-1])
233
- res.must_equal [401, {"error"=>"Unable to verify account"}]
234
-
235
- res = json_request('/verify-account', :key=>link[4..-1])
236
- res.must_equal [200, {"success"=>"Your account has been verified"}]
237
-
238
- json_login(:login=>'foo@example2.com')
239
- end
240
- end