rodauth 1.22.0 → 1.23.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +12 -0
- data/README.rdoc +5 -3
- data/doc/email_base.rdoc +1 -0
- data/doc/release_notes/1.23.0.txt +32 -0
- data/lib/rodauth.rb +5 -2
- data/lib/rodauth/features/base.rb +8 -0
- data/lib/rodauth/features/change_password_notify.rb +1 -1
- data/lib/rodauth/features/create_account.rb +1 -1
- data/lib/rodauth/features/email_auth.rb +3 -4
- data/lib/rodauth/features/email_base.rb +7 -2
- data/lib/rodauth/features/lockout.rb +1 -1
- data/lib/rodauth/features/login.rb +6 -2
- data/lib/rodauth/features/otp.rb +6 -3
- data/lib/rodauth/features/password_expiration.rb +1 -1
- data/lib/rodauth/features/recovery_codes.rb +3 -3
- data/lib/rodauth/features/reset_password.rb +2 -2
- data/lib/rodauth/features/sms_codes.rb +5 -5
- data/lib/rodauth/features/verify_account.rb +2 -2
- data/lib/rodauth/features/verify_login_change.rb +1 -1
- data/lib/rodauth/version.rb +1 -1
- data/templates/email-auth-request-form.str +2 -2
- data/templates/reset-password-request.str +3 -3
- data/templates/unlock-account-request.str +3 -3
- data/templates/verify-account-resend.str +3 -3
- metadata +5 -43
- data/Rakefile +0 -179
- data/spec/account_expiration_spec.rb +0 -225
- data/spec/all.rb +0 -1
- data/spec/change_login_spec.rb +0 -156
- data/spec/change_password_notify_spec.rb +0 -33
- data/spec/change_password_spec.rb +0 -202
- data/spec/close_account_spec.rb +0 -162
- data/spec/confirm_password_spec.rb +0 -70
- data/spec/create_account_spec.rb +0 -127
- data/spec/disallow_common_passwords_spec.rb +0 -93
- data/spec/disallow_password_reuse_spec.rb +0 -179
- data/spec/email_auth_spec.rb +0 -285
- data/spec/http_basic_auth_spec.rb +0 -143
- data/spec/jwt_cors_spec.rb +0 -57
- data/spec/jwt_refresh_spec.rb +0 -256
- data/spec/jwt_spec.rb +0 -235
- data/spec/lockout_spec.rb +0 -250
- data/spec/login_spec.rb +0 -328
- data/spec/migrate/001_tables.rb +0 -184
- data/spec/migrate/002_account_password_hash_column.rb +0 -11
- data/spec/migrate_password/001_tables.rb +0 -73
- data/spec/migrate_travis/001_tables.rb +0 -141
- data/spec/password_complexity_spec.rb +0 -109
- data/spec/password_expiration_spec.rb +0 -244
- data/spec/password_grace_period_spec.rb +0 -93
- data/spec/remember_spec.rb +0 -451
- data/spec/reset_password_spec.rb +0 -229
- data/spec/rodauth_spec.rb +0 -343
- data/spec/session_expiration_spec.rb +0 -58
- data/spec/single_session_spec.rb +0 -127
- data/spec/spec_helper.rb +0 -327
- data/spec/two_factor_spec.rb +0 -1462
- data/spec/update_password_hash_spec.rb +0 -40
- data/spec/verify_account_grace_period_spec.rb +0 -171
- data/spec/verify_account_spec.rb +0 -240
- data/spec/verify_change_login_spec.rb +0 -46
- data/spec/verify_login_change_spec.rb +0 -232
- data/spec/views/layout-other.str +0 -11
- data/spec/views/layout.str +0 -11
- data/spec/views/login.str +0 -21
@@ -1,40 +0,0 @@
|
|
1
|
-
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
2
|
-
|
3
|
-
describe 'Rodauth update_password feature' do
|
4
|
-
[false, true].each do |ph|
|
5
|
-
it "should support updating passwords for accounts #{'with account_password_hash_column' if ph} if hash cost changes" do
|
6
|
-
cost = BCrypt::Engine::MIN_COST
|
7
|
-
rodauth do
|
8
|
-
enable :login, :logout, :update_password_hash
|
9
|
-
account_password_hash_column :ph if ph
|
10
|
-
password_hash_cost{cost}
|
11
|
-
end
|
12
|
-
roda do |r|
|
13
|
-
r.rodauth
|
14
|
-
next unless rodauth.logged_in?
|
15
|
-
rodauth.account_from_session
|
16
|
-
r.root{rodauth.send(:get_password_hash)}
|
17
|
-
end
|
18
|
-
|
19
|
-
login
|
20
|
-
content = page.html
|
21
|
-
|
22
|
-
logout
|
23
|
-
login
|
24
|
-
page.current_path.must_equal '/'
|
25
|
-
content.must_equal page.html
|
26
|
-
|
27
|
-
cost += 1
|
28
|
-
logout
|
29
|
-
login
|
30
|
-
new_content = page.html
|
31
|
-
page.current_path.must_equal '/'
|
32
|
-
content.wont_equal new_content
|
33
|
-
|
34
|
-
logout
|
35
|
-
login
|
36
|
-
page.current_path.must_equal '/'
|
37
|
-
new_content.must_equal page.html
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
@@ -1,171 +0,0 @@
|
|
1
|
-
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
2
|
-
|
3
|
-
describe 'Rodauth verify_account_grace_period feature' do
|
4
|
-
it "should support grace periods when verifying accounts" do
|
5
|
-
rodauth do
|
6
|
-
enable :login, :logout, :change_password, :create_account, :verify_account_grace_period
|
7
|
-
change_password_requires_password? false
|
8
|
-
end
|
9
|
-
roda do |r|
|
10
|
-
r.rodauth
|
11
|
-
r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
|
12
|
-
end
|
13
|
-
|
14
|
-
visit '/create-account'
|
15
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
16
|
-
fill_in 'Confirm Login', :with=>'foo@example2.com'
|
17
|
-
fill_in 'Password', :with=>'0123456789'
|
18
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
19
|
-
click_button 'Create Account'
|
20
|
-
page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
|
21
|
-
link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
22
|
-
page.body.must_include('Logged Infalse')
|
23
|
-
page.current_path.must_equal '/'
|
24
|
-
|
25
|
-
logout
|
26
|
-
login(:login=>'foo@example2.com')
|
27
|
-
page.body.must_include('Logged Infalse')
|
28
|
-
|
29
|
-
visit '/change-password'
|
30
|
-
fill_in 'New Password', :with=>'012345678'
|
31
|
-
fill_in 'Confirm Password', :with=>'012345678'
|
32
|
-
click_button 'Change Password'
|
33
|
-
page.find('#notice_flash').text.must_equal "Your password has been changed"
|
34
|
-
|
35
|
-
DB[:account_verification_keys].update(:requested_at=>Time.now - 100000)
|
36
|
-
|
37
|
-
logout
|
38
|
-
login(:login=>'foo@example2.com', :pass=>'012345678')
|
39
|
-
page.find('#error_flash').text.must_equal 'The account you tried to login with is currently awaiting verification'
|
40
|
-
visit '/'
|
41
|
-
page.body.must_include('Not Logged')
|
42
|
-
|
43
|
-
visit link
|
44
|
-
click_button 'Verify Account'
|
45
|
-
page.find('#notice_flash').text.must_equal "Your account has been verified"
|
46
|
-
page.body.must_include('Logged Intrue')
|
47
|
-
end
|
48
|
-
|
49
|
-
it "should resend verify account email if attempting to create new account with same login" do
|
50
|
-
rodauth do
|
51
|
-
enable :login, :logout, :change_password, :create_account, :verify_account_grace_period
|
52
|
-
change_password_requires_password? false
|
53
|
-
end
|
54
|
-
roda do |r|
|
55
|
-
r.rodauth
|
56
|
-
r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
|
57
|
-
end
|
58
|
-
|
59
|
-
visit '/create-account'
|
60
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
61
|
-
fill_in 'Confirm Login', :with=>'foo@example2.com'
|
62
|
-
fill_in 'Password', :with=>'0123456789'
|
63
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
64
|
-
click_button 'Create Account'
|
65
|
-
page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
|
66
|
-
link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
67
|
-
page.body.must_include('Logged Infalse')
|
68
|
-
page.current_path.must_equal '/'
|
69
|
-
|
70
|
-
logout
|
71
|
-
visit '/create-account'
|
72
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
73
|
-
click_button 'Create Account'
|
74
|
-
click_button 'Send Verification Email Again'
|
75
|
-
page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
|
76
|
-
page.current_path.must_equal '/'
|
77
|
-
email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
|
78
|
-
|
79
|
-
visit link
|
80
|
-
click_button 'Verify Account'
|
81
|
-
page.find('#notice_flash').text.must_equal "Your account has been verified"
|
82
|
-
page.body.must_include('Logged Intrue')
|
83
|
-
end
|
84
|
-
|
85
|
-
it "should not allow changing logins for unverified accounts" do
|
86
|
-
rodauth do
|
87
|
-
enable :login, :logout, :change_login, :verify_account_grace_period
|
88
|
-
change_login_requires_password? false
|
89
|
-
end
|
90
|
-
roda do |r|
|
91
|
-
r.rodauth
|
92
|
-
r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
|
93
|
-
end
|
94
|
-
|
95
|
-
visit '/create-account'
|
96
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
97
|
-
fill_in 'Confirm Login', :with=>'foo@example2.com'
|
98
|
-
fill_in 'Password', :with=>'0123456789'
|
99
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
100
|
-
click_button 'Create Account'
|
101
|
-
link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
102
|
-
|
103
|
-
visit '/change-login'
|
104
|
-
page.find('#error_flash').text.must_equal "Cannot change login for unverified account. Please verify this account before changing the login."
|
105
|
-
page.current_path.must_equal '/'
|
106
|
-
|
107
|
-
visit link
|
108
|
-
click_button 'Verify Account'
|
109
|
-
page.find('#notice_flash').text.must_equal "Your account has been verified"
|
110
|
-
page.body.must_include('Logged Intrue')
|
111
|
-
|
112
|
-
visit '/change-login'
|
113
|
-
fill_in 'Login', :with=>'foo3@example.com'
|
114
|
-
fill_in 'Confirm Login', :with=>'foo3@example.com'
|
115
|
-
click_button 'Change Login'
|
116
|
-
page.find('#notice_flash').text.must_equal "Your login has been changed"
|
117
|
-
page.current_path.must_equal '/'
|
118
|
-
end
|
119
|
-
|
120
|
-
it "should allow verifying accounts while logged in during grace period" do
|
121
|
-
rodauth do
|
122
|
-
enable :login, :verify_account_grace_period
|
123
|
-
already_logged_in{request.redirect '/'}
|
124
|
-
end
|
125
|
-
roda do |r|
|
126
|
-
r.rodauth
|
127
|
-
r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
|
128
|
-
end
|
129
|
-
|
130
|
-
visit '/create-account'
|
131
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
132
|
-
fill_in 'Confirm Login', :with=>'foo@example2.com'
|
133
|
-
fill_in 'Password', :with=>'0123456789'
|
134
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
135
|
-
click_button 'Create Account'
|
136
|
-
page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
|
137
|
-
link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
138
|
-
page.body.must_include('Logged Infalse')
|
139
|
-
page.current_path.must_equal '/'
|
140
|
-
|
141
|
-
visit link
|
142
|
-
click_button 'Verify Account'
|
143
|
-
page.find('#notice_flash').text.must_equal "Your account has been verified"
|
144
|
-
page.body.must_include('Logged Intrue')
|
145
|
-
end
|
146
|
-
|
147
|
-
it "should remove verify keys if closing unverified accounts" do
|
148
|
-
rodauth do
|
149
|
-
enable :login, :close_account, :verify_account_grace_period
|
150
|
-
already_logged_in{request.redirect '/'}
|
151
|
-
close_account_requires_password? false
|
152
|
-
end
|
153
|
-
roda do |r|
|
154
|
-
r.rodauth
|
155
|
-
r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
|
156
|
-
end
|
157
|
-
|
158
|
-
visit '/create-account'
|
159
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
160
|
-
fill_in 'Confirm Login', :with=>'foo@example2.com'
|
161
|
-
fill_in 'Password', :with=>'0123456789'
|
162
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
163
|
-
click_button 'Create Account'
|
164
|
-
email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
165
|
-
|
166
|
-
visit '/close-account'
|
167
|
-
click_button 'Close Account'
|
168
|
-
page.find('#notice_flash').text.must_equal "Your account has been closed"
|
169
|
-
DB[:account_verification_keys].must_be :empty?
|
170
|
-
end
|
171
|
-
end
|
data/spec/verify_account_spec.rb
DELETED
@@ -1,240 +0,0 @@
|
|
1
|
-
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
2
|
-
|
3
|
-
describe 'Rodauth verify_account feature' do
|
4
|
-
it "should support verifying accounts" do
|
5
|
-
last_sent_column = nil
|
6
|
-
secret = nil
|
7
|
-
allow_raw_token = false
|
8
|
-
rodauth do
|
9
|
-
enable :login, :create_account, :verify_account
|
10
|
-
verify_account_autologin? false
|
11
|
-
verify_account_email_last_sent_column{last_sent_column}
|
12
|
-
hmac_secret{secret}
|
13
|
-
allow_raw_email_token?{allow_raw_token}
|
14
|
-
end
|
15
|
-
roda do |r|
|
16
|
-
r.rodauth
|
17
|
-
r.root{view :content=>""}
|
18
|
-
end
|
19
|
-
|
20
|
-
visit '/create-account'
|
21
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
22
|
-
fill_in 'Confirm Login', :with=>'foo@example2.com'
|
23
|
-
fill_in 'Password', :with=>'0123456789'
|
24
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
25
|
-
click_button 'Create Account'
|
26
|
-
page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
|
27
|
-
page.current_path.must_equal '/'
|
28
|
-
|
29
|
-
link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
30
|
-
login(:login=>'foo@example2.com')
|
31
|
-
page.find('#error_flash').text.must_equal 'The account you tried to login with is currently awaiting verification'
|
32
|
-
page.html.must_include("If you no longer have the email to verify the account, you can request that it be resent to you")
|
33
|
-
click_button 'Send Verification Email Again'
|
34
|
-
page.current_path.must_equal '/'
|
35
|
-
email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
|
36
|
-
|
37
|
-
visit '/login'
|
38
|
-
click_link 'Resend Verify Account Information'
|
39
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
40
|
-
click_button 'Send Verification Email Again'
|
41
|
-
page.current_path.must_equal '/'
|
42
|
-
email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
|
43
|
-
|
44
|
-
visit '/login'
|
45
|
-
last_sent_column = :email_last_sent
|
46
|
-
click_link 'Resend Verify Account Information'
|
47
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
48
|
-
click_button 'Send Verification Email Again'
|
49
|
-
page.current_path.must_equal '/'
|
50
|
-
page.find('#error_flash').text.must_equal "An email has recently been sent to you with a link to verify your account"
|
51
|
-
Mail::TestMailer.deliveries.must_equal []
|
52
|
-
|
53
|
-
visit '/login'
|
54
|
-
DB[:account_verification_keys].update(:email_last_sent => Time.now - 250).must_equal 1
|
55
|
-
click_link 'Resend Verify Account Information'
|
56
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
57
|
-
click_button 'Send Verification Email Again'
|
58
|
-
page.current_path.must_equal '/'
|
59
|
-
page.find('#error_flash').text.must_equal "An email has recently been sent to you with a link to verify your account"
|
60
|
-
Mail::TestMailer.deliveries.must_equal []
|
61
|
-
|
62
|
-
visit '/login'
|
63
|
-
DB[:account_verification_keys].update(:email_last_sent => Time.now - 350).must_equal 1
|
64
|
-
click_link 'Resend Verify Account Information'
|
65
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
66
|
-
click_button 'Send Verification Email Again'
|
67
|
-
page.current_path.must_equal '/'
|
68
|
-
email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com').must_equal link
|
69
|
-
|
70
|
-
DB[:account_verification_keys].update(:email_last_sent => Time.now - 350).must_equal 1
|
71
|
-
visit '/create-account'
|
72
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
73
|
-
click_button 'Create Account'
|
74
|
-
click_button 'Send Verification Email Again'
|
75
|
-
page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
|
76
|
-
page.current_path.must_equal '/'
|
77
|
-
|
78
|
-
link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
79
|
-
visit link[0...-1]
|
80
|
-
page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
|
81
|
-
|
82
|
-
secret = SecureRandom.random_bytes(32)
|
83
|
-
visit link
|
84
|
-
page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
|
85
|
-
|
86
|
-
allow_raw_token = true
|
87
|
-
visit link
|
88
|
-
click_button 'Verify Account'
|
89
|
-
page.find('#notice_flash').text.must_equal "Your account has been verified"
|
90
|
-
page.current_path.must_equal '/'
|
91
|
-
|
92
|
-
login(:login=>'foo@example2.com')
|
93
|
-
page.find('#notice_flash').text.must_equal 'You have been logged in'
|
94
|
-
page.current_path.must_equal '/'
|
95
|
-
end
|
96
|
-
|
97
|
-
[false, true].each do |ph|
|
98
|
-
it "should support setting passwords when verifying accounts #{'with account_password_hash_column' if ph}" do
|
99
|
-
initial_secret = secret = SecureRandom.random_bytes(32)
|
100
|
-
rodauth do
|
101
|
-
enable :login, :create_account, :verify_account
|
102
|
-
account_password_hash_column :ph if ph
|
103
|
-
verify_account_autologin? false
|
104
|
-
verify_account_set_password? true
|
105
|
-
hmac_secret{secret}
|
106
|
-
end
|
107
|
-
roda do |r|
|
108
|
-
r.rodauth
|
109
|
-
r.root{view :content=>""}
|
110
|
-
end
|
111
|
-
|
112
|
-
visit '/create-account'
|
113
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
114
|
-
fill_in 'Confirm Login', :with=>'foo@example2.com'
|
115
|
-
click_button 'Create Account'
|
116
|
-
page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
|
117
|
-
|
118
|
-
link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
119
|
-
|
120
|
-
secret = SecureRandom.random_bytes(32)
|
121
|
-
visit link
|
122
|
-
page.find('#error_flash').text.must_equal "There was an error verifying your account: invalid verify account key"
|
123
|
-
|
124
|
-
secret = initial_secret
|
125
|
-
visit link
|
126
|
-
fill_in 'Password', :with=>'0123456789'
|
127
|
-
fill_in 'Confirm Password', :with=>'012345678'
|
128
|
-
click_button 'Verify Account'
|
129
|
-
page.html.must_include("passwords do not match")
|
130
|
-
page.find('#error_flash').text.must_equal "Unable to verify account"
|
131
|
-
|
132
|
-
fill_in 'Password', :with=>'0123'
|
133
|
-
fill_in 'Confirm Password', :with=>'0123'
|
134
|
-
click_button 'Verify Account'
|
135
|
-
page.html.must_include("invalid password, does not meet requirements (minimum 6 characters)")
|
136
|
-
page.find('#error_flash').text.must_equal "Unable to verify account"
|
137
|
-
|
138
|
-
fill_in 'Password', :with=>'0123456789'
|
139
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
140
|
-
click_button 'Verify Account'
|
141
|
-
page.find('#notice_flash').text.must_equal "Your account has been verified"
|
142
|
-
page.current_path.must_equal '/'
|
143
|
-
|
144
|
-
login(:login=>'foo@example2.com', :password=>'0123456789')
|
145
|
-
page.find('#notice_flash').text.must_equal 'You have been logged in'
|
146
|
-
page.current_path.must_equal '/'
|
147
|
-
end
|
148
|
-
end
|
149
|
-
|
150
|
-
it "should support autologin when verifying accounts" do
|
151
|
-
rodauth do
|
152
|
-
enable :login, :create_account, :verify_account
|
153
|
-
end
|
154
|
-
roda do |r|
|
155
|
-
r.rodauth
|
156
|
-
r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
|
157
|
-
end
|
158
|
-
|
159
|
-
visit '/create-account'
|
160
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
161
|
-
fill_in 'Confirm Login', :with=>'foo@example2.com'
|
162
|
-
fill_in 'Password', :with=>'0123456789'
|
163
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
164
|
-
click_button 'Create Account'
|
165
|
-
page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
|
166
|
-
page.current_path.must_equal '/'
|
167
|
-
|
168
|
-
link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
169
|
-
visit link
|
170
|
-
click_button 'Verify Account'
|
171
|
-
page.find('#notice_flash').text.must_equal "Your account has been verified"
|
172
|
-
page.body.must_include 'Logged In'
|
173
|
-
end
|
174
|
-
|
175
|
-
it "should handle uniqueness errors raised when inserting verify account token" do
|
176
|
-
rodauth do
|
177
|
-
enable :login, :verify_account
|
178
|
-
end
|
179
|
-
roda do |r|
|
180
|
-
def rodauth.raised_uniqueness_violation(*) super; true; end
|
181
|
-
r.rodauth
|
182
|
-
r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
|
183
|
-
end
|
184
|
-
|
185
|
-
visit '/create-account'
|
186
|
-
fill_in 'Login', :with=>'foo@example2.com'
|
187
|
-
fill_in 'Confirm Login', :with=>'foo@example2.com'
|
188
|
-
fill_in 'Password', :with=>'0123456789'
|
189
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
190
|
-
click_button 'Create Account'
|
191
|
-
page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your account"
|
192
|
-
page.current_path.must_equal '/'
|
193
|
-
|
194
|
-
link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
|
195
|
-
visit link
|
196
|
-
click_button 'Verify Account'
|
197
|
-
page.find('#notice_flash').text.must_equal "Your account has been verified"
|
198
|
-
page.body.must_include 'Logged In'
|
199
|
-
end
|
200
|
-
|
201
|
-
it "should support verifying accounts via jwt" do
|
202
|
-
rodauth do
|
203
|
-
enable :login, :create_account, :verify_account
|
204
|
-
verify_account_autologin? false
|
205
|
-
verify_account_email_body{verify_account_email_link}
|
206
|
-
end
|
207
|
-
roda(:jwt) do |r|
|
208
|
-
r.rodauth
|
209
|
-
r.root{view :content=>""}
|
210
|
-
end
|
211
|
-
|
212
|
-
res = json_request('/create-account', :login=>'foo@example2.com', "login-confirm"=>'foo@example2.com', :password=>'0123456789', "password-confirm"=>'0123456789')
|
213
|
-
res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your account"}]
|
214
|
-
link = email_link(/key=.+$/, 'foo@example2.com')
|
215
|
-
|
216
|
-
res = json_request('/verify-account-resend', :login=>'foo@example.com')
|
217
|
-
res.must_equal [401, {'error'=>"Unable to resend verify account email"}]
|
218
|
-
|
219
|
-
res = json_request('/verify-account-resend', :login=>'foo@example3.com')
|
220
|
-
res.must_equal [401, {'error'=>"Unable to resend verify account email"}]
|
221
|
-
|
222
|
-
res = json_request('/login', :login=>'foo@example2.com',:password=>'0123456789')
|
223
|
-
res.must_equal [403, {'error'=>"The account you tried to login with is currently awaiting verification"}]
|
224
|
-
|
225
|
-
res = json_request('/verify-account-resend', :login=>'foo@example2.com')
|
226
|
-
res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your account"}]
|
227
|
-
email_link(/key=.+$/, 'foo@example2.com').must_equal link
|
228
|
-
|
229
|
-
res = json_request('/verify-account')
|
230
|
-
res.must_equal [401, {'error'=>"Unable to verify account"}]
|
231
|
-
|
232
|
-
res = json_request('/verify-account', :key=>link[4...-1])
|
233
|
-
res.must_equal [401, {"error"=>"Unable to verify account"}]
|
234
|
-
|
235
|
-
res = json_request('/verify-account', :key=>link[4..-1])
|
236
|
-
res.must_equal [200, {"success"=>"Your account has been verified"}]
|
237
|
-
|
238
|
-
json_login(:login=>'foo@example2.com')
|
239
|
-
end
|
240
|
-
end
|