rodauth 1.22.0 → 1.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +12 -0
  3. data/README.rdoc +5 -3
  4. data/doc/email_base.rdoc +1 -0
  5. data/doc/release_notes/1.23.0.txt +32 -0
  6. data/lib/rodauth.rb +5 -2
  7. data/lib/rodauth/features/base.rb +8 -0
  8. data/lib/rodauth/features/change_password_notify.rb +1 -1
  9. data/lib/rodauth/features/create_account.rb +1 -1
  10. data/lib/rodauth/features/email_auth.rb +3 -4
  11. data/lib/rodauth/features/email_base.rb +7 -2
  12. data/lib/rodauth/features/lockout.rb +1 -1
  13. data/lib/rodauth/features/login.rb +6 -2
  14. data/lib/rodauth/features/otp.rb +6 -3
  15. data/lib/rodauth/features/password_expiration.rb +1 -1
  16. data/lib/rodauth/features/recovery_codes.rb +3 -3
  17. data/lib/rodauth/features/reset_password.rb +2 -2
  18. data/lib/rodauth/features/sms_codes.rb +5 -5
  19. data/lib/rodauth/features/verify_account.rb +2 -2
  20. data/lib/rodauth/features/verify_login_change.rb +1 -1
  21. data/lib/rodauth/version.rb +1 -1
  22. data/templates/email-auth-request-form.str +2 -2
  23. data/templates/reset-password-request.str +3 -3
  24. data/templates/unlock-account-request.str +3 -3
  25. data/templates/verify-account-resend.str +3 -3
  26. metadata +5 -43
  27. data/Rakefile +0 -179
  28. data/spec/account_expiration_spec.rb +0 -225
  29. data/spec/all.rb +0 -1
  30. data/spec/change_login_spec.rb +0 -156
  31. data/spec/change_password_notify_spec.rb +0 -33
  32. data/spec/change_password_spec.rb +0 -202
  33. data/spec/close_account_spec.rb +0 -162
  34. data/spec/confirm_password_spec.rb +0 -70
  35. data/spec/create_account_spec.rb +0 -127
  36. data/spec/disallow_common_passwords_spec.rb +0 -93
  37. data/spec/disallow_password_reuse_spec.rb +0 -179
  38. data/spec/email_auth_spec.rb +0 -285
  39. data/spec/http_basic_auth_spec.rb +0 -143
  40. data/spec/jwt_cors_spec.rb +0 -57
  41. data/spec/jwt_refresh_spec.rb +0 -256
  42. data/spec/jwt_spec.rb +0 -235
  43. data/spec/lockout_spec.rb +0 -250
  44. data/spec/login_spec.rb +0 -328
  45. data/spec/migrate/001_tables.rb +0 -184
  46. data/spec/migrate/002_account_password_hash_column.rb +0 -11
  47. data/spec/migrate_password/001_tables.rb +0 -73
  48. data/spec/migrate_travis/001_tables.rb +0 -141
  49. data/spec/password_complexity_spec.rb +0 -109
  50. data/spec/password_expiration_spec.rb +0 -244
  51. data/spec/password_grace_period_spec.rb +0 -93
  52. data/spec/remember_spec.rb +0 -451
  53. data/spec/reset_password_spec.rb +0 -229
  54. data/spec/rodauth_spec.rb +0 -343
  55. data/spec/session_expiration_spec.rb +0 -58
  56. data/spec/single_session_spec.rb +0 -127
  57. data/spec/spec_helper.rb +0 -327
  58. data/spec/two_factor_spec.rb +0 -1462
  59. data/spec/update_password_hash_spec.rb +0 -40
  60. data/spec/verify_account_grace_period_spec.rb +0 -171
  61. data/spec/verify_account_spec.rb +0 -240
  62. data/spec/verify_change_login_spec.rb +0 -46
  63. data/spec/verify_login_change_spec.rb +0 -232
  64. data/spec/views/layout-other.str +0 -11
  65. data/spec/views/layout.str +0 -11
  66. data/spec/views/login.str +0 -21
data/Rakefile DELETED
@@ -1,179 +0,0 @@
1
- require "rake"
2
- require "rake/clean"
3
-
4
- CLEAN.include ["rodauth-*.gem", "rdoc", "coverage", "www/public/rdoc", "www/public/*.html"]
5
-
6
- # Packaging
7
-
8
- desc "Build rodauth gem"
9
- task :package=>[:clean] do |p|
10
- sh %{#{FileUtils::RUBY} -S gem build rodauth.gemspec}
11
- end
12
-
13
- ### RDoc
14
-
15
- RDOC_DEFAULT_OPTS = ["--line-numbers", "--inline-source", '--title', 'Rodauth: Authentication and Account Management Framework for Rack Applications']
16
-
17
- begin
18
- gem 'hanna-nouveau'
19
- RDOC_DEFAULT_OPTS.concat(['-f', 'hanna'])
20
- rescue Gem::LoadError
21
- end
22
-
23
- rdoc_task_class = begin
24
- require "rdoc/task"
25
- RDoc::Task
26
- rescue LoadError
27
- require "rake/rdoctask"
28
- Rake::RDocTask
29
- end
30
-
31
- RDOC_OPTS = RDOC_DEFAULT_OPTS + ['--main', 'README.rdoc']
32
- RDOC_FILES = %w"README.rdoc CHANGELOG MIT-LICENSE lib/**/*.rb" + Dir["doc/*.rdoc"] + Dir['doc/release_notes/*.txt']
33
-
34
- rdoc_task_class.new do |rdoc|
35
- rdoc.rdoc_dir = "rdoc"
36
- rdoc.options += RDOC_OPTS
37
- rdoc.rdoc_files.add RDOC_FILES
38
- end
39
-
40
- # Specs
41
-
42
- desc "Run specs"
43
- task :default=>:spec
44
-
45
- spec = proc do |env|
46
- env.each{|k,v| ENV[k] = v}
47
- sh "#{FileUtils::RUBY} spec/all.rb"
48
- env.each{|k,v| ENV.delete(k)}
49
- end
50
-
51
- desc "Run specs on PostgreSQL"
52
- task "spec" do
53
- spec.call({})
54
- end
55
-
56
- desc "Run specs with coverage"
57
- task "spec_cov" do
58
- ENV['COVERAGE'] = '1'
59
- spec.call('COVERAGE'=>'1')
60
- end
61
-
62
- desc "Run specs with -w, some warnings filtered"
63
- task "spec_w" do
64
- rubyopt = ENV['RUBYOPT']
65
- ENV['RUBYOPT'] = "#{rubyopt} -w"
66
- spec.call('WARNING'=>'1')
67
- ENV['RUBYOPT'] = rubyopt
68
- end
69
-
70
- desc "Setup database used for testing on PostgreSQL"
71
- task :db_setup_postgres do
72
- sh 'psql -U postgres -c "CREATE USER rodauth_test PASSWORD \'rodauth_test\'"'
73
- sh 'psql -U postgres -c "CREATE USER rodauth_test_password PASSWORD \'rodauth_test\'"'
74
- sh 'createdb -U postgres -O rodauth_test rodauth_test'
75
- sh 'psql -U postgres -c "CREATE EXTENSION citext" rodauth_test'
76
- $: << 'lib'
77
- require 'sequel'
78
- Sequel.extension :migration
79
- Sequel.postgres(:user=>'rodauth_test', :password=>'rodauth_test') do |db|
80
- Sequel::Migrator.run(db, 'spec/migrate')
81
- end
82
- Sequel.postgres('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
83
- Sequel::Migrator.run(db, 'spec/migrate_password', :table=>'schema_info_password')
84
- end
85
- end
86
-
87
- desc "Teardown database used for testing on MySQL"
88
- task :db_teardown_postgres do
89
- sh 'dropdb -U postgres rodauth_test'
90
- sh 'dropuser -U postgres rodauth_test_password'
91
- sh 'dropuser -U postgres rodauth_test'
92
- end
93
-
94
- desc "Setup database used for testing on MySQL"
95
- task :db_setup_mysql do
96
- sh 'mysql --user=root -p mysql < spec/sql/mysql_setup.sql'
97
- $: << 'lib'
98
- require 'sequel'
99
- Sequel.extension :migration
100
- Sequel.mysql2('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
101
- Sequel::Migrator.run(db, 'spec/migrate')
102
- end
103
- Sequel.mysql2('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
104
- Sequel::Migrator.run(db, 'spec/migrate_password', :table=>'schema_info_password')
105
- end
106
- end
107
-
108
- desc "Teardown database used for testing on MySQL"
109
- task :db_teardown_mysql do
110
- sh 'mysql --user=root -p mysql < spec/sql/mysql_teardown.sql'
111
- end
112
-
113
- desc "Setup database used for testing on Microsoft SQL Server"
114
- task :db_setup_mssql do
115
- sh 'sqlcmd -E -e -b -r1 -i spec\\sql\\mssql_setup.sql'
116
- $: << 'lib'
117
- require 'sequel'
118
- Sequel.extension :migration
119
- Sequel.tinytds('rodauth_test', :host=>'localhost', :user=>'rodauth_test_password', :password=>'Rodauth1.') do |db|
120
- Sequel::Migrator.run(db, 'spec/migrate')
121
- end
122
- Sequel.tinytds('rodauth_test', :host=>'localhost', :user=>'rodauth_test_password', :password=>'Rodauth1.') do |db|
123
- Sequel::Migrator.run(db, 'spec/migrate_password', :table=>'schema_info_password')
124
- end
125
- end
126
-
127
- desc "Teardown database used for testing on Microsoft SQL Server"
128
- task :db_teardown_mssql do
129
- sh 'sqlcmd -E -e -b -r1 -i spec\\sql\\mssql_teardown.sql'
130
- end
131
-
132
- desc "Run specs on MySQL"
133
- task :spec_mysql do
134
- spec.call('RODAUTH_SPEC_DB'=>'mysql2://rodauth_test:rodauth_test@localhost/rodauth_test')
135
- end
136
-
137
- task :spec_travis do
138
- if defined?(RUBY_ENGINE) && RUBY_ENGINE == 'jruby'
139
- pg_db = 'jdbc:postgresql://localhost/rodauth_test?user=postgres'
140
- my_db = "jdbc:mysql://localhost/rodauth_test?user=root"
141
- else
142
- pg_db = 'postgres:///rodauth_test?user=postgres'
143
- my_db = "mysql2://localhost/rodauth_test?user=root"
144
- end
145
- sh 'psql -U postgres -c "CREATE EXTENSION citext" rodauth_test'
146
- spec.call('RODAUTH_SPEC_MIGRATE'=>'1', 'RODAUTH_SPEC_DB'=>pg_db)
147
- spec.call('RODAUTH_SPEC_MIGRATE'=>'1', 'RODAUTH_SPEC_DB'=>my_db)
148
- end
149
-
150
- desc "Run specs on SQLite"
151
- task :spec_sqlite do
152
- spec_db = if defined?(RUBY_ENGINE) && RUBY_ENGINE == 'jruby'
153
- 'jdbc:sqlite::memory:'
154
- else
155
- 'sqlite:/'
156
- end
157
- spec.call('RODAUTH_SPEC_MIGRATE'=>'1', 'RODAUTH_SPEC_DB'=>spec_db)
158
- end
159
-
160
- ### Website
161
-
162
- rdoc_task_class.new(:website_rdoc) do |rdoc|
163
- rdoc.rdoc_dir = "www/public/rdoc"
164
- rdoc.options += RDOC_OPTS
165
- rdoc.rdoc_files.add RDOC_FILES
166
- end
167
-
168
- desc "Make local version of website"
169
- task :website_base do
170
- sh %{#{FileUtils::RUBY} -I lib www/make_www.rb}
171
- end
172
-
173
- desc "Make local version of website, with rdoc"
174
- task :website => [:website_base, :website_rdoc]
175
-
176
- desc "Serve local version of website via rackup"
177
- task :serve => :website do
178
- sh %{#{FileUtils::RUBY} -C www -S rackup}
179
- end
@@ -1,225 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth account expiration feature' do
4
- it "should force account expiration after x number of days since last login" do
5
- rodauth do
6
- enable :login, :logout, :account_expiration
7
- end
8
- roda do |r|
9
- r.rodauth
10
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.last_account_login_at.strftime('%m%d%y')}" : "Not Logged"}
11
- end
12
-
13
- now = Time.now
14
- 2.times do
15
- login
16
- page.body.must_include "Logged In#{now.strftime('%m%d%y')}"
17
-
18
- logout
19
- end
20
-
21
- DB[:account_activity_times].update(:last_login_at => Time.now - 181*86400)
22
-
23
- 2.times do
24
- login
25
- page.body.must_include 'Not Logged'
26
- page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
27
- end
28
- end
29
-
30
- it "should not allow resetting of passwords for expired accounts" do
31
- rodauth do
32
- enable :login, :logout, :account_expiration, :reset_password
33
- end
34
- roda do |r|
35
- r.rodauth
36
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.last_account_login_at.strftime('%m%d%y')}" : "Not Logged"}
37
- end
38
-
39
- now = Time.now
40
- login
41
- page.body.must_include "Logged In#{now.strftime('%m%d%y')}"
42
- logout
43
-
44
- visit '/login'
45
- click_link 'Forgot Password?'
46
- fill_in 'Login', :with=>'foo@example.com'
47
- click_button 'Request Password Reset'
48
- link = email_link(/(\/reset-password\?key=.+)$/)
49
-
50
- visit link
51
- fill_in 'Password', :with=>'0123456'
52
- fill_in 'Confirm Password', :with=>'0123456'
53
- click_button 'Reset Password'
54
- page.find('#notice_flash').text.must_equal "Your password has been reset"
55
- page.current_path.must_equal '/'
56
-
57
- visit '/login'
58
- click_link 'Forgot Password?'
59
- fill_in 'Login', :with=>'foo@example.com'
60
- click_button 'Request Password Reset'
61
- link = email_link(/(\/reset-password\?key=.+)$/)
62
-
63
- DB[:account_activity_times].update(:last_login_at => Time.now - 181*86400)
64
-
65
- visit link
66
- page.title.must_equal 'Reset Password'
67
- fill_in 'Password', :with=>'01234567'
68
- fill_in 'Confirm Password', :with=>'01234567'
69
- click_button 'Reset Password'
70
- page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
71
- page.body.must_include 'Not Logged'
72
- page.current_path.must_equal '/'
73
-
74
- visit '/login'
75
- click_link 'Forgot Password?'
76
- fill_in 'Login', :with=>'foo@example.com'
77
- click_button 'Request Password Reset'
78
- page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
79
- page.body.must_include 'Not Logged'
80
- page.current_path.must_equal '/'
81
- end
82
-
83
- it "should not allow account unlocks for expired accounts" do
84
- rodauth do
85
- enable :lockout, :account_expiration, :logout
86
- max_invalid_logins 2
87
- unlock_account_autologin? false
88
- end
89
- roda do |r|
90
- r.rodauth
91
- r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")}
92
- end
93
-
94
- login
95
- logout
96
-
97
- visit '/login'
98
- fill_in 'Login', :with=>'foo@example.com'
99
- 3.times do
100
- fill_in 'Password', :with=>'012345678910'
101
- click_button 'Login'
102
- end
103
-
104
- page.body.must_include("This account is currently locked out")
105
- click_button 'Request Account Unlock'
106
- page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account'
107
- link = email_link(/(\/unlock-account\?key=.+)$/)
108
-
109
- visit link
110
- click_button 'Unlock Account'
111
- page.find('#notice_flash').text.must_equal 'Your account has been unlocked'
112
- page.body.must_include('Not Logged')
113
-
114
- visit '/login'
115
- fill_in 'Login', :with=>'foo@example.com'
116
- 3.times do
117
- fill_in 'Password', :with=>'012345678910'
118
- click_button 'Login'
119
- end
120
-
121
- page.body.must_include("This account is currently locked out")
122
- click_button 'Request Account Unlock'
123
- page.find('#notice_flash').text.must_equal 'An email has been sent to you with a link to unlock your account'
124
- link = email_link(/(\/unlock-account\?key=.+)$/)
125
-
126
- DB[:account_activity_times].update(:last_login_at => Time.now - 181*86400)
127
-
128
- visit link
129
- click_button 'Unlock Account'
130
- page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
131
- page.body.must_include 'Not Logged'
132
- page.current_path.must_equal '/'
133
- end
134
-
135
- it "should not allow account unlock requests for expired accounts" do
136
- rodauth do
137
- enable :lockout, :account_expiration, :logout
138
- max_invalid_logins 2
139
- unlock_account_autologin? false
140
- end
141
- roda do |r|
142
- r.rodauth
143
- r.root{view :content=>(rodauth.logged_in? ? "Logged In" : "Not Logged")}
144
- end
145
-
146
- login
147
- logout
148
-
149
- visit '/login'
150
- fill_in 'Login', :with=>'foo@example.com'
151
- 3.times do
152
- fill_in 'Password', :with=>'012345678910'
153
- click_button 'Login'
154
- end
155
-
156
- DB[:account_activity_times].update(:last_login_at => Time.now - 181*86400)
157
-
158
- page.body.must_include("This account is currently locked out")
159
- click_button 'Request Account Unlock'
160
- page.find('#error_flash').text.must_equal "You cannot log into this account as it has expired"
161
- page.body.must_include 'Not Logged'
162
- page.current_path.must_equal '/'
163
- end
164
-
165
- it "should use last activity time if configured" do
166
- rodauth do
167
- enable :login, :logout, :account_expiration
168
- expire_account_on_last_activity? true
169
- account_expiration_error_flash{"Account expired on #{account_expired_at.strftime('%m%d%y')}"}
170
- end
171
- roda do |r|
172
- r.is("a"){view :content=>"Logged In#{rodauth.last_account_activity_at.strftime('%m%d%y')}"}
173
- rodauth.update_last_activity
174
- r.rodauth
175
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.last_account_activity_at.strftime('%m%d%y')}" : 'Not Logged'}
176
- end
177
-
178
- now = Time.now
179
- login
180
- page.body.must_include "Logged In#{now.strftime('%m%d%y')}"
181
-
182
- DB[:account_activity_times].count.must_equal 1
183
- DB[:account_activity_times].delete
184
-
185
- visit '/'
186
- DB[:account_activity_times].count.must_equal 1
187
-
188
- t1 = now - 179*86400
189
- DB[:account_activity_times].update(:last_activity_at => t1)
190
- visit '/a'
191
- page.body.must_include "Logged In#{t1.strftime('%m%d%y')}"
192
-
193
- logout
194
-
195
- t2 = now - 181*86400
196
- DB[:account_activity_times].update(:last_activity_at => t2).must_equal 1
197
-
198
- login
199
- page.body.must_include 'Not Logged'
200
- page.find('#error_flash').text.must_equal "Account expired on #{now.strftime('%m%d%y')}"
201
-
202
- DB[:account_activity_times].update(:expired_at=>t1).must_equal 1
203
-
204
- login
205
- page.body.must_include 'Not Logged'
206
- page.find('#error_flash').text.must_equal "Account expired on #{t1.strftime('%m%d%y')}"
207
- end
208
-
209
- it "should remove account activity data when closing accounts" do
210
- rodauth do
211
- enable :login, :close_account, :account_expiration
212
- close_account_requires_password? false
213
- end
214
- roda do |r|
215
- r.rodauth
216
- r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.last_account_login_at.strftime('%m%d%y')}" : "Not Logged"}
217
- end
218
-
219
- login
220
- DB[:account_activity_times].count.must_equal 1
221
- visit '/close-account'
222
- click_button 'Close Account'
223
- DB[:account_activity_times].count.must_equal 0
224
- end
225
- end
@@ -1 +0,0 @@
1
- Dir['./spec/*_spec.rb'].each{|f| require f}
@@ -1,156 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth change_login feature' do
4
- it "should support changing logins for accounts" do
5
- DB[:accounts].insert(:email=>'foo2@example.com')
6
- require_password = false
7
- require_email = true
8
-
9
- rodauth do
10
- enable :login, :logout, :change_login
11
- change_login_requires_password?{require_password}
12
- require_email_address_logins?{require_email}
13
- end
14
- roda do |r|
15
- r.rodauth
16
- r.root{view :content=>""}
17
- end
18
-
19
- login
20
- page.current_path.must_equal '/'
21
-
22
- visit '/change-login'
23
- page.title.must_equal 'Change Login'
24
-
25
- fill_in 'Login', :with=>'foobar'
26
- fill_in 'Confirm Login', :with=>'foobar'
27
- click_button 'Change Login'
28
- page.find('#error_flash').text.must_equal "There was an error changing your login"
29
- page.html.must_include("invalid login, not a valid email address")
30
- page.current_path.must_equal '/change-login'
31
-
32
- require_email = false
33
-
34
- fill_in 'Login', :with=>'fb'
35
- fill_in 'Confirm Login', :with=>'fb'
36
- click_button 'Change Login'
37
- page.find('#error_flash').text.must_equal "There was an error changing your login"
38
- page.html.must_include("invalid login, minimum 3 characters")
39
- page.current_path.must_equal '/change-login'
40
-
41
- fill_in 'Login', :with=>'f'*256
42
- fill_in 'Confirm Login', :with=>'f'*256
43
- click_button 'Change Login'
44
- page.find('#error_flash').text.must_equal "There was an error changing your login"
45
- page.html.must_include("invalid login, maximum 255 characters")
46
- page.current_path.must_equal '/change-login'
47
-
48
- fill_in 'Login', :with=>'foo@example.com'
49
- fill_in 'Confirm Login', :with=>'foo2@example.com'
50
- click_button 'Change Login'
51
- page.find('#error_flash').text.must_equal "There was an error changing your login"
52
- page.html.must_include("logins do not match")
53
- page.current_path.must_equal '/change-login'
54
-
55
- fill_in 'Login', :with=>'foo2@example.com'
56
- click_button 'Change Login'
57
- page.find('#error_flash').text.must_equal "There was an error changing your login"
58
- page.html.must_include("invalid login, already an account with this login")
59
- page.current_path.must_equal '/change-login'
60
-
61
- fill_in 'Login', :with=>'foo@example.com'
62
- fill_in 'Confirm Login', :with=>'foo@example.com'
63
- click_button 'Change Login'
64
- page.find('#error_flash').text.must_equal "There was an error changing your login"
65
- page.html.must_include("invalid login, same as current login")
66
- page.current_path.must_equal '/change-login'
67
-
68
- fill_in 'Login', :with=>'foo3@example.com'
69
- fill_in 'Confirm Login', :with=>'foo3@example.com'
70
- click_button 'Change Login'
71
- page.find('#notice_flash').text.must_equal "Your login has been changed"
72
- page.current_path.must_equal '/'
73
-
74
- logout
75
- login(:login=>'foo3@example.com')
76
- page.current_path.must_equal '/'
77
-
78
- require_password = true
79
- visit '/change-login'
80
- fill_in 'Password', :with=>'012345678'
81
- fill_in 'Login', :with=>'foo4@example.com'
82
- fill_in 'Confirm Login', :with=>'foo4@example.com'
83
- click_button 'Change Login'
84
- page.find('#error_flash').text.must_equal "There was an error changing your login"
85
- page.html.must_include("invalid password")
86
- page.current_path.must_equal '/change-login'
87
-
88
- fill_in 'Password', :with=>'0123456789'
89
- click_button 'Change Login'
90
- page.find('#notice_flash').text.must_equal "Your login has been changed"
91
- page.current_path.must_equal '/'
92
-
93
- logout
94
- login(:login=>'foo4@example.com')
95
- page.current_path.must_equal '/'
96
- end
97
-
98
- it "should support changing logins for accounts with login confirmation" do
99
- rodauth do
100
- enable :login, :change_login
101
- change_login_requires_password? false
102
- require_login_confirmation? false
103
- end
104
- roda do |r|
105
- r.rodauth
106
- r.root{view :content=>""}
107
- end
108
-
109
- login
110
- visit '/change-login'
111
- fill_in 'Login', :with=>'foo3@example.com'
112
- click_button 'Change Login'
113
- page.find('#notice_flash').text.must_equal "Your login has been changed"
114
- end
115
-
116
- it "should support changing logins via jwt" do
117
- DB[:accounts].insert(:email=>'foo2@example.com')
118
- require_password = false
119
-
120
- rodauth do
121
- enable :login, :logout, :change_login
122
- change_login_requires_password?{require_password}
123
- end
124
- roda(:jwt) do |r|
125
- r.rodauth
126
- end
127
-
128
- json_login
129
-
130
- res = json_request('/change-login', :login=>'foobar', "login-confirm"=>'foobar')
131
- res.must_equal [422, {'error'=>"There was an error changing your login", "field-error"=>["login", "invalid login, not a valid email address"]}]
132
-
133
- res = json_request('/change-login', :login=>'foo@example.com', "login-confirm"=>'foo2@example.com')
134
- res.must_equal [422, {'error'=>"There was an error changing your login", "field-error"=>["login", "logins do not match"]}]
135
-
136
- res = json_request('/change-login', :login=>'foo2@example.com', "login-confirm"=>'foo2@example.com')
137
- res.must_equal [422, {'error'=>"There was an error changing your login", "field-error"=>["login", "invalid login, already an account with this login"]}]
138
-
139
- res = json_request('/change-login', :login=>'foo3@example.com', "login-confirm"=>'foo3@example.com')
140
- res.must_equal [200, {'success'=>"Your login has been changed"}]
141
-
142
- json_logout
143
- json_login(:login=>'foo3@example.com')
144
-
145
- require_password = true
146
-
147
- res = json_request('/change-login', :login=>'foo4@example.com', "login-confirm"=>'foo4@example.com', :password=>'012345678')
148
- res.must_equal [401, {'error'=>"There was an error changing your login", "field-error"=>["password", "invalid password"]}]
149
-
150
- res = json_request('/change-login', :login=>'foo4@example.com', "login-confirm"=>'foo4@example.com', :password=>'0123456789')
151
- res.must_equal [200, {'success'=>"Your login has been changed"}]
152
-
153
- json_logout
154
- json_login(:login=>'foo4@example.com')
155
- end
156
- end