rodauth 1.22.0 → 1.23.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (66) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +12 -0
  3. data/README.rdoc +5 -3
  4. data/doc/email_base.rdoc +1 -0
  5. data/doc/release_notes/1.23.0.txt +32 -0
  6. data/lib/rodauth.rb +5 -2
  7. data/lib/rodauth/features/base.rb +8 -0
  8. data/lib/rodauth/features/change_password_notify.rb +1 -1
  9. data/lib/rodauth/features/create_account.rb +1 -1
  10. data/lib/rodauth/features/email_auth.rb +3 -4
  11. data/lib/rodauth/features/email_base.rb +7 -2
  12. data/lib/rodauth/features/lockout.rb +1 -1
  13. data/lib/rodauth/features/login.rb +6 -2
  14. data/lib/rodauth/features/otp.rb +6 -3
  15. data/lib/rodauth/features/password_expiration.rb +1 -1
  16. data/lib/rodauth/features/recovery_codes.rb +3 -3
  17. data/lib/rodauth/features/reset_password.rb +2 -2
  18. data/lib/rodauth/features/sms_codes.rb +5 -5
  19. data/lib/rodauth/features/verify_account.rb +2 -2
  20. data/lib/rodauth/features/verify_login_change.rb +1 -1
  21. data/lib/rodauth/version.rb +1 -1
  22. data/templates/email-auth-request-form.str +2 -2
  23. data/templates/reset-password-request.str +3 -3
  24. data/templates/unlock-account-request.str +3 -3
  25. data/templates/verify-account-resend.str +3 -3
  26. metadata +5 -43
  27. data/Rakefile +0 -179
  28. data/spec/account_expiration_spec.rb +0 -225
  29. data/spec/all.rb +0 -1
  30. data/spec/change_login_spec.rb +0 -156
  31. data/spec/change_password_notify_spec.rb +0 -33
  32. data/spec/change_password_spec.rb +0 -202
  33. data/spec/close_account_spec.rb +0 -162
  34. data/spec/confirm_password_spec.rb +0 -70
  35. data/spec/create_account_spec.rb +0 -127
  36. data/spec/disallow_common_passwords_spec.rb +0 -93
  37. data/spec/disallow_password_reuse_spec.rb +0 -179
  38. data/spec/email_auth_spec.rb +0 -285
  39. data/spec/http_basic_auth_spec.rb +0 -143
  40. data/spec/jwt_cors_spec.rb +0 -57
  41. data/spec/jwt_refresh_spec.rb +0 -256
  42. data/spec/jwt_spec.rb +0 -235
  43. data/spec/lockout_spec.rb +0 -250
  44. data/spec/login_spec.rb +0 -328
  45. data/spec/migrate/001_tables.rb +0 -184
  46. data/spec/migrate/002_account_password_hash_column.rb +0 -11
  47. data/spec/migrate_password/001_tables.rb +0 -73
  48. data/spec/migrate_travis/001_tables.rb +0 -141
  49. data/spec/password_complexity_spec.rb +0 -109
  50. data/spec/password_expiration_spec.rb +0 -244
  51. data/spec/password_grace_period_spec.rb +0 -93
  52. data/spec/remember_spec.rb +0 -451
  53. data/spec/reset_password_spec.rb +0 -229
  54. data/spec/rodauth_spec.rb +0 -343
  55. data/spec/session_expiration_spec.rb +0 -58
  56. data/spec/single_session_spec.rb +0 -127
  57. data/spec/spec_helper.rb +0 -327
  58. data/spec/two_factor_spec.rb +0 -1462
  59. data/spec/update_password_hash_spec.rb +0 -40
  60. data/spec/verify_account_grace_period_spec.rb +0 -171
  61. data/spec/verify_account_spec.rb +0 -240
  62. data/spec/verify_change_login_spec.rb +0 -46
  63. data/spec/verify_login_change_spec.rb +0 -232
  64. data/spec/views/layout-other.str +0 -11
  65. data/spec/views/layout.str +0 -11
  66. data/spec/views/login.str +0 -21
data/spec/verify_change_login_spec.rb DELETED
@@ -1,46 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth verify_change_login feature' do
4
- it "should support reverifying accounts after changing logins" do
5
- rodauth do
6
- enable :login, :verify_change_login
7
- change_login_requires_password? false
8
- end
9
- roda do |r|
10
- r.rodauth
11
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
12
- end
13
-
14
- visit '/create-account'
15
- fill_in 'Login', :with=>'foo@example2.com'
16
- fill_in 'Confirm Login', :with=>'foo@example2.com'
17
- fill_in 'Password', :with=>'0123456789'
18
- fill_in 'Confirm Password', :with=>'0123456789'
19
- click_button 'Create Account'
20
- link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
21
-
22
- visit '/change-login'
23
- page.find('#error_flash').text.must_equal "Cannot change login for unverified account. Please verify this account before changing the login."
24
- page.current_path.must_equal '/'
25
-
26
- visit link
27
- click_button 'Verify Account'
28
- page.find('#notice_flash').text.must_equal "Your account has been verified"
29
- page.body.must_include('Logged Intrue')
30
-
31
- visit '/change-login'
32
- fill_in 'Login', :with=>'foo3@example.com'
33
- fill_in 'Confirm Login', :with=>'foo3@example.com'
34
- click_button 'Change Login'
35
- page.find('#notice_flash').text.must_equal "Your login has been changed. An email has been sent to you with a link to verify your account"
36
- page.current_path.must_equal '/'
37
- page.body.must_include('Logged Infalse')
38
- link2 = email_link(/(\/verify-account\?key=.+)$/, 'foo3@example.com')
39
- link2.wont_equal link
40
-
41
- visit link2
42
- click_button 'Verify Account'
43
- page.find('#notice_flash').text.must_equal "Your account has been verified"
44
- page.body.must_include('Logged Intrue')
45
- end
46
- end
data/spec/verify_login_change_spec.rb DELETED
@@ -1,232 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth verify_login_change feature' do
4
- it "should support verifying login changes" do
5
- rodauth do
6
- enable :login, :logout, :verify_login_change
7
- change_login_requires_password? false
8
- end
9
- roda do |r|
10
- r.rodauth
11
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
12
- end
13
-
14
- login
15
-
16
- visit '/change-login'
17
- fill_in 'Login', :with=>'foo@example2.com'
18
- fill_in 'Confirm Login', :with=>'foo@example2.com'
19
- click_button 'Change Login'
20
- link = email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example2.com')
21
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your login change"
22
-
23
- visit '/change-login'
24
- fill_in 'Login', :with=>'foo@example2.com'
25
- fill_in 'Confirm Login', :with=>'foo@example2.com'
26
- click_button 'Change Login'
27
- email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example2.com').must_equal link
28
-
29
- visit '/change-login'
30
- fill_in 'Login', :with=>'foo@example3.com'
31
- fill_in 'Confirm Login', :with=>'foo@example3.com'
32
- click_button 'Change Login'
33
- new_link = email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example3.com')
34
- new_link.wont_equal link
35
-
36
- logout
37
-
38
- visit link
39
- page.find('#error_flash').text.must_equal "There was an error verifying your login change: invalid verify login change key"
40
-
41
- visit new_link
42
- page.title.must_equal 'Verify Login Change'
43
- click_button 'Verify Login Change'
44
- page.find('#notice_flash').text.must_equal "Your login change has been verified"
45
- page.body.must_include('Not Logged')
46
-
47
- login
48
- page.find('#error_flash').text.must_equal "There was an error logging in"
49
-
50
- login(:login=>'foo@example3.com')
51
- page.body.must_include('Logged In')
52
- end
53
-
54
- it "should support verifying login changes with autologin" do
55
- rodauth do
56
- enable :login, :logout, :verify_login_change
57
- verify_login_change_autologin? true
58
- change_login_requires_password? false
59
- end
60
- roda do |r|
61
- r.rodauth
62
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
63
- end
64
-
65
- login
66
-
67
- visit '/change-login'
68
- fill_in 'Login', :with=>'foo@example2.com'
69
- fill_in 'Confirm Login', :with=>'foo@example2.com'
70
- click_button 'Change Login'
71
- link = email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example2.com')
72
-
73
- logout
74
-
75
- visit link
76
- click_button 'Verify Login Change'
77
- page.find('#notice_flash').text.must_equal "Your login change has been verified"
78
- page.body.must_include('Logged In')
79
- end
80
-
81
- it "should check for duplicate accounts before sending verify email and before updating login" do
82
- rodauth do
83
- enable :login, :logout, :verify_login_change, :create_account
84
- change_login_requires_password? false
85
- create_account_autologin? false
86
- end
87
- roda do |r|
88
- r.rodauth
89
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
90
- end
91
-
92
- visit '/create-account'
93
- fill_in 'Login', :with=>'foo@example2.com'
94
- fill_in 'Confirm Login', :with=>'foo@example2.com'
95
- fill_in 'Password', :with=>'0123456789'
96
- fill_in 'Confirm Password', :with=>'0123456789'
97
- click_button 'Create Account'
98
-
99
- login
100
-
101
- visit '/change-login'
102
- fill_in 'Login', :with=>'foo@example2.com'
103
- fill_in 'Confirm Login', :with=>'foo@example.com'
104
- click_button 'Change Login'
105
- page.find('#error_flash').text.must_equal "There was an error changing your login"
106
- page.body.must_include "logins do not match"
107
-
108
- visit '/change-login'
109
- fill_in 'Login', :with=>'foo@example2.com'
110
- fill_in 'Confirm Login', :with=>'foo@example2.com'
111
- click_button 'Change Login'
112
- page.find('#error_flash').text.must_equal "There was an error changing your login"
113
- page.body.must_include "invalid login, already an account with this login"
114
-
115
- visit '/change-login'
116
- fill_in 'Login', :with=>'foo@example3.com'
117
- fill_in 'Confirm Login', :with=>'foo@example3.com'
118
- click_button 'Change Login'
119
- link = email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example3.com')
120
-
121
- logout
122
-
123
- DB[:accounts].where(:email=>'foo@example2.com').update(:email=>'foo@example3.com')
124
-
125
- visit link
126
- click_button 'Verify Login Change'
127
- page.find('#error_flash').text.must_equal "Unable to change login as there is already an account with the new login"
128
- page.current_path.must_equal '/login'
129
-
130
- visit link
131
- page.find('#error_flash').text.must_equal "There was an error verifying your login change: invalid verify login change key"
132
- end
133
-
134
- it "should handle uniqueness errors raised when inserting verify login change entry" do
135
- unique = false
136
- rodauth do
137
- enable :login, :logout, :verify_login_change
138
- change_login_requires_password? false
139
-
140
- auth_class_eval do
141
- define_method(:raised_uniqueness_violation) do |*a, &block|
142
- unique.call if unique
143
- super(*a, &block)
144
- end
145
- end
146
- end
147
- roda do |r|
148
- r.rodauth
149
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
150
- end
151
-
152
- login
153
-
154
- visit '/change-login'
155
- fill_in 'Login', :with=>'foo@example2.com'
156
- fill_in 'Confirm Login', :with=>'foo@example2.com'
157
- click_button 'Change Login'
158
- email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example2.com')
159
- page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your login change"
160
-
161
- unique = lambda{DB[:account_login_change_keys].update(:login=>'foo@example3.com'); true}
162
- visit '/change-login'
163
- fill_in 'Login', :with=>'foo@example2.com'
164
- fill_in 'Confirm Login', :with=>'foo@example2.com'
165
- proc{click_button 'Change Login'}.must_raise Sequel::ConstraintViolation
166
- end
167
-
168
- it "should clear verify login change token when closing account" do
169
- rodauth do
170
- enable :login, :verify_login_change, :close_account
171
- change_login_requires_password? false
172
- end
173
- roda do |r|
174
- r.rodauth
175
- r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
176
- end
177
-
178
- login
179
-
180
- visit '/change-login'
181
- fill_in 'Login', :with=>'foo@example2.com'
182
- fill_in 'Confirm Login', :with=>'foo@example2.com'
183
- click_button 'Change Login'
184
- email_link(/key=.+$/, 'foo@example2.com').wont_be_nil
185
-
186
- DB[:account_login_change_keys].count.must_equal 1
187
- visit '/close-account'
188
- fill_in 'Password', :with=>'0123456789'
189
- click_button 'Close Account'
190
- DB[:account_login_change_keys].count.must_equal 0
191
- end
192
-
193
- it "should support verifying login changes for accounts via jwt" do
194
- rodauth do
195
- enable :login, :verify_login_change
196
- change_login_requires_password? false
197
- verify_login_change_email_body{verify_login_change_email_link}
198
- end
199
- roda(:jwt) do |r|
200
- r.rodauth
201
- end
202
-
203
- json_login
204
-
205
- res = json_request('/change-login', :login=>'foo2@example.com', "login-confirm"=>'foo2@example.com')
206
- res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your login change"}]
207
- link = email_link(/key=.+$/, 'foo2@example.com')
208
-
209
- res = json_request('/change-login', :login=>'foo2@example.com', "login-confirm"=>'foo2@example.com')
210
- res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your login change"}]
211
- email_link(/key=.+$/, 'foo2@example.com').must_equal link
212
-
213
- res = json_request('/change-login', :login=>'foo3@example.com', "login-confirm"=>'foo3@example.com')
214
- res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your login change"}]
215
- new_link = email_link(/key=.+$/, 'foo3@example.com')
216
- new_link.wont_equal link
217
-
218
- res = json_request('/verify-login-change')
219
- res.must_equal [401, {"error"=>"Unable to verify login change"}]
220
-
221
- res = json_request('/verify-login-change', :key=>link[4..-1])
222
- res.must_equal [401, {"error"=>"Unable to verify login change"}]
223
-
224
- res = json_request('/verify-login-change', :key=>new_link[4..-1])
225
- res.must_equal [200, {"success"=>"Your login change has been verified"}]
226
-
227
- res = json_request("/login", :login=>'foo@example.com', :password=>'0123456789')
228
- res.must_equal [401, {'error'=>"There was an error logging in", "field-error"=>["login", "no matching login"]}]
229
-
230
- json_login(:login=>'foo3@example.com')
231
- end
232
- end
data/spec/views/layout-other.str DELETED
@@ -1,11 +0,0 @@
1
- <!doctype html>
2
- <html>
3
- <head>
4
- <title>Foo #{@title}</title>
5
- </head>
6
- <body>
7
- #{"<div id='error_flash'>#{flash['error2']}</div>" if flash['error2']}
8
- #{"<div id='notice_flash'>#{flash['notice2']}</div>" if flash['notice2']}
9
- #{yield}
10
- </body>
11
- </html>
data/spec/views/layout.str DELETED
@@ -1,11 +0,0 @@
1
- <!doctype html>
2
- <html>
3
- <head>
4
- <title>#{@title}</title>
5
- </head>
6
- <body>
7
- #{"<div id='error_flash'>#{opts[:sessions_convert_symbols] ? flash['error'] : flash[:error]}</div>" if opts[:sessions_convert_symbols] ? flash['error'] : flash[:error]}
8
- #{"<div id='notice_flash'>#{opts[:sessions_convert_symbols] ? flash['notice'] : flash[:notice]}</div>" if opts[:sessions_convert_symbols] ? flash['notice'] : flash[:notice]}
9
- #{yield}
10
- </body>
11
- </html>
data/spec/views/login.str DELETED
@@ -1,21 +0,0 @@
1
- <form method="post" class="form-horizontal" role="form" id="login-form">
2
- #{csrf_tag if respond_to?(:csrf_tag)}
3
- <input type="hidden" name="lp" value="#{rodauth.param('lp')}"/>
4
- <div class="form-group">
5
- <label class="col-sm-2 control-label" for="login">Login</label>
6
- <div class="col-sm-10">
7
- <input type="text" class="form-control#{' error' if rodauth.field_error(rodauth.login_param)}" name="l" id="login"/> #{rodauth.field_error(rodauth.login_param)}
8
- </div>
9
- </div>
10
- <div class="form-group">
11
- <label class="col-sm-2 control-label" for="password">Password</label>
12
- <div class="col-sm-10">
13
- <input type="password" class="form-control#{' error' if rodauth.field_error(rodauth.password_param)}" name="p" id="password"/> #{rodauth.field_error(rodauth.password_param)}
14
- </div>
15
- </div>
16
- <div class="form-group">
17
- <div class="col-sm-offset-2 col-sm-10">
18
- <input type="submit" class="btn btn-default" value="Login"/>
19
- </div>
20
- </div>
21
- </form>