rodauth 1.22.0 → 1.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +12 -0
  3. data/README.rdoc +5 -3
  4. data/doc/email_base.rdoc +1 -0
  5. data/doc/release_notes/1.23.0.txt +32 -0
  6. data/lib/rodauth.rb +5 -2
  7. data/lib/rodauth/features/base.rb +8 -0
  8. data/lib/rodauth/features/change_password_notify.rb +1 -1
  9. data/lib/rodauth/features/create_account.rb +1 -1
  10. data/lib/rodauth/features/email_auth.rb +3 -4
  11. data/lib/rodauth/features/email_base.rb +7 -2
  12. data/lib/rodauth/features/lockout.rb +1 -1
  13. data/lib/rodauth/features/login.rb +6 -2
  14. data/lib/rodauth/features/otp.rb +6 -3
  15. data/lib/rodauth/features/password_expiration.rb +1 -1
  16. data/lib/rodauth/features/recovery_codes.rb +3 -3
  17. data/lib/rodauth/features/reset_password.rb +2 -2
  18. data/lib/rodauth/features/sms_codes.rb +5 -5
  19. data/lib/rodauth/features/verify_account.rb +2 -2
  20. data/lib/rodauth/features/verify_login_change.rb +1 -1
  21. data/lib/rodauth/version.rb +1 -1
  22. data/templates/email-auth-request-form.str +2 -2
  23. data/templates/reset-password-request.str +3 -3
  24. data/templates/unlock-account-request.str +3 -3
  25. data/templates/verify-account-resend.str +3 -3
  26. metadata +5 -43
  27. data/Rakefile +0 -179
  28. data/spec/account_expiration_spec.rb +0 -225
  29. data/spec/all.rb +0 -1
  30. data/spec/change_login_spec.rb +0 -156
  31. data/spec/change_password_notify_spec.rb +0 -33
  32. data/spec/change_password_spec.rb +0 -202
  33. data/spec/close_account_spec.rb +0 -162
  34. data/spec/confirm_password_spec.rb +0 -70
  35. data/spec/create_account_spec.rb +0 -127
  36. data/spec/disallow_common_passwords_spec.rb +0 -93
  37. data/spec/disallow_password_reuse_spec.rb +0 -179
  38. data/spec/email_auth_spec.rb +0 -285
  39. data/spec/http_basic_auth_spec.rb +0 -143
  40. data/spec/jwt_cors_spec.rb +0 -57
  41. data/spec/jwt_refresh_spec.rb +0 -256
  42. data/spec/jwt_spec.rb +0 -235
  43. data/spec/lockout_spec.rb +0 -250
  44. data/spec/login_spec.rb +0 -328
  45. data/spec/migrate/001_tables.rb +0 -184
  46. data/spec/migrate/002_account_password_hash_column.rb +0 -11
  47. data/spec/migrate_password/001_tables.rb +0 -73
  48. data/spec/migrate_travis/001_tables.rb +0 -141
  49. data/spec/password_complexity_spec.rb +0 -109
  50. data/spec/password_expiration_spec.rb +0 -244
  51. data/spec/password_grace_period_spec.rb +0 -93
  52. data/spec/remember_spec.rb +0 -451
  53. data/spec/reset_password_spec.rb +0 -229
  54. data/spec/rodauth_spec.rb +0 -343
  55. data/spec/session_expiration_spec.rb +0 -58
  56. data/spec/single_session_spec.rb +0 -127
  57. data/spec/spec_helper.rb +0 -327
  58. data/spec/two_factor_spec.rb +0 -1462
  59. data/spec/update_password_hash_spec.rb +0 -40
  60. data/spec/verify_account_grace_period_spec.rb +0 -171
  61. data/spec/verify_account_spec.rb +0 -240
  62. data/spec/verify_change_login_spec.rb +0 -46
  63. data/spec/verify_login_change_spec.rb +0 -232
  64. data/spec/views/layout-other.str +0 -11
  65. data/spec/views/layout.str +0 -11
  66. data/spec/views/login.str +0 -21
@@ -1,33 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth change_password_notify feature' do
4
- it "should email when using change password" do
5
- rodauth do
6
- enable :login, :logout, :change_password_notify
7
- change_password_requires_password? false
8
- end
9
- roda do |r|
10
- r.rodauth
11
- r.root{view :content=>""}
12
- end
13
-
14
- login
15
- page.current_path.must_equal '/'
16
-
17
- visit '/change-password'
18
- fill_in 'New Password', :with=>'0123456'
19
- fill_in 'Confirm Password', :with=>'0123456'
20
- click_button 'Change Password'
21
- page.find('#notice_flash').text.must_equal "Your password has been changed"
22
-
23
- page.current_path.must_equal '/'
24
- msgs = Mail::TestMailer.deliveries
25
- msgs.length.must_equal 1
26
- msgs.first.to.first.must_equal 'foo@example.com'
27
- msgs.first.body.to_s.must_equal <<EMAIL
28
- Someone (hopefully you) has changed the password for the account
29
- associated to this email address.
30
- EMAIL
31
- msgs.clear
32
- end
33
- end
@@ -1,202 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth change_password feature' do
4
- [false, true].each do |ph|
5
- it "should support changing passwords for accounts #{'with account_password_hash_column' if ph}" do
6
- require_password = true
7
- rodauth do
8
- enable :login, :logout, :change_password
9
- account_password_hash_column :ph if ph
10
- change_password_requires_password?{require_password}
11
- end
12
- roda do |r|
13
- r.rodauth
14
- r.root{view :content=>""}
15
- end
16
-
17
- login
18
- page.current_path.must_equal '/'
19
-
20
- visit '/change-password'
21
- page.title.must_equal 'Change Password'
22
-
23
- fill_in 'Password', :with=>'0123456789'
24
- fill_in 'New Password', :with=>'0123456'
25
- fill_in 'Confirm Password', :with=>'0123456789'
26
- click_button 'Change Password'
27
- page.html.must_include("passwords do not match")
28
- page.find('#error_flash').text.must_equal "There was an error changing your password"
29
- page.current_path.must_equal '/change-password'
30
-
31
- fill_in 'Password', :with=>'0123456'
32
- fill_in 'New Password', :with=>'0123456'
33
- fill_in 'Confirm Password', :with=>'0123456'
34
- click_button 'Change Password'
35
- page.find('#error_flash').text.must_equal "There was an error changing your password"
36
- page.body.must_include 'invalid password'
37
- page.current_path.must_equal '/change-password'
38
-
39
- fill_in 'Password', :with=>'0123456789'
40
- fill_in 'New Password', :with=>'0123456789'
41
- fill_in 'Confirm Password', :with=>'0123456789'
42
- click_button 'Change Password'
43
- page.find('#error_flash').text.must_equal "There was an error changing your password"
44
- page.body.must_include 'invalid password, same as current password'
45
- page.current_path.must_equal '/change-password'
46
-
47
- fill_in 'Password', :with=>'0123456789'
48
- fill_in 'New Password', :with=>'0123456'
49
- fill_in 'Confirm Password', :with=>'0123456'
50
- click_button 'Change Password'
51
- page.find('#notice_flash').text.must_equal "Your password has been changed"
52
- page.current_path.must_equal '/'
53
-
54
- logout
55
- login
56
- page.html.must_include("invalid password")
57
- page.current_path.must_equal '/login'
58
-
59
- fill_in 'Password', :with=>'0123456'
60
- click_button 'Login'
61
- page.current_path.must_equal '/'
62
-
63
- require_password = false
64
- visit '/change-password'
65
- fill_in 'New Password', :with=>'012345678'
66
- fill_in 'Confirm Password', :with=>'012345678'
67
- click_button 'Change Password'
68
- page.find('#notice_flash').text.must_equal "Your password has been changed"
69
- page.current_path.must_equal '/'
70
-
71
- login(:pass=>'012345678')
72
- page.current_path.must_equal '/'
73
- end
74
- end
75
-
76
- it "should support changing passwords for accounts without confirmation" do
77
- rodauth do
78
- enable :login, :change_password
79
- modifications_require_password? false
80
- require_password_confirmation? false
81
- end
82
- roda do |r|
83
- r.rodauth
84
- r.root{view :content=>""}
85
- end
86
-
87
- login
88
- visit '/change-password'
89
- fill_in 'New Password', :with=>'012345678'
90
- click_button 'Change Password'
91
- page.find('#notice_flash').text.must_equal "Your password has been changed"
92
- end
93
-
94
- it "should support invalid_previous_password_message" do
95
- rodauth do
96
- enable :login, :logout, :change_password
97
- invalid_previous_password_message "Previous password not correct"
98
- end
99
- roda do |r|
100
- r.rodauth
101
- r.root{view :content=>""}
102
- end
103
-
104
- login
105
- page.current_path.must_equal '/'
106
-
107
- visit '/change-password'
108
- page.title.must_equal 'Change Password'
109
-
110
- fill_in 'Password', :with=>'0123456'
111
- fill_in 'New Password', :with=>'0123456'
112
- fill_in 'Confirm Password', :with=>'0123456'
113
- click_button 'Change Password'
114
- page.find('#error_flash').text.must_equal "There was an error changing your password"
115
- page.body.must_include 'Previous password not correct'
116
- page.current_path.must_equal '/change-password'
117
- end
118
-
119
- it "should support setting requirements for passwords" do
120
- rodauth do
121
- enable :login, :create_account, :change_password
122
- create_account_autologin? false
123
- password_meets_requirements? do |password|
124
- password =~ /banana/
125
- end
126
- end
127
- roda do |r|
128
- r.rodauth
129
- r.root{view :content=>""}
130
- end
131
-
132
- visit '/create-account'
133
- fill_in 'Login', :with=>'foo2@example.com'
134
- fill_in 'Confirm Login', :with=>'foo2@example.com'
135
- fill_in 'Password', :with=>'apple'
136
- fill_in 'Confirm Password', :with=>'apple'
137
- click_button 'Create Account'
138
- page.html.must_include("invalid password, does not meet requirements")
139
- page.find('#error_flash').text.must_equal "There was an error creating your account"
140
- page.current_path.must_equal '/create-account'
141
-
142
- fill_in 'Password', :with=>'banana'
143
- fill_in 'Confirm Password', :with=>'banana'
144
- click_button 'Create Account'
145
-
146
- login(:login=>'foo2@example.com', :pass=>'banana')
147
-
148
- visit '/change-password'
149
- fill_in 'Password', :with=>'banana'
150
- fill_in 'New Password', :with=>'apple'
151
- fill_in 'Confirm Password', :with=>'apple'
152
- click_button 'Change Password'
153
- page.html.must_include("invalid password, does not meet requirements")
154
- page.find('#error_flash').text.must_equal "There was an error changing your password"
155
- page.current_path.must_equal '/change-password'
156
-
157
- fill_in 'Password', :with=>'banana'
158
- fill_in 'New Password', :with=>'my_banana_3'
159
- fill_in 'Confirm Password', :with=>'my_banana_3'
160
- click_button 'Change Password'
161
- page.current_path.must_equal '/'
162
- end
163
-
164
- it "should support changing passwords for accounts via jwt" do
165
- require_password = true
166
- rodauth do
167
- enable :login, :logout, :change_password
168
- change_password_requires_password?{require_password}
169
- end
170
- roda(:jwt) do |r|
171
- r.rodauth
172
- end
173
-
174
- json_login
175
-
176
- res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456', "password-confirm"=>'0123456789')
177
- res.must_equal [422, {'error'=>"There was an error changing your password", "field-error"=>["new-password", "passwords do not match"]}]
178
-
179
- res = json_request('/change-password', :password=>'0123456', "new-password"=>'0123456', "password-confirm"=>'0123456')
180
- res.must_equal [401, {'error'=>"There was an error changing your password", "field-error"=>["password", "invalid password"]}]
181
-
182
- res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456789', "password-confirm"=>'0123456789')
183
- res.must_equal [422, {'error'=>"There was an error changing your password", "field-error"=>["new-password", "invalid password, same as current password"]}]
184
-
185
- res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456', "password-confirm"=>'0123456')
186
- res.must_equal [200, {'success'=>"Your password has been changed"}]
187
-
188
- json_logout
189
- res = json_login(:no_check=>true)
190
- res.must_equal [401, {'error'=>"There was an error logging in", "field-error"=>["password", "invalid password"]}]
191
-
192
- json_login(:pass=>'0123456')
193
-
194
- require_password = false
195
-
196
- res = json_request('/change-password', "new-password"=>'012345678', "password-confirm"=>'012345678')
197
- res.must_equal [200, {'success'=>"Your password has been changed"}]
198
-
199
- json_logout
200
- json_login(:pass=>'012345678')
201
- end
202
- end
@@ -1,162 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth close_account feature' do
4
- it "should support closing accounts when passwords are not required" do
5
- rodauth do
6
- enable :login, :close_account
7
- close_account_requires_password? false
8
- end
9
- roda do |r|
10
- r.rodauth
11
- r.root{view(:content=>"")}
12
- end
13
-
14
- login
15
- page.current_path.must_equal '/'
16
-
17
- visit '/close-account'
18
- click_button 'Close Account'
19
- page.current_path.must_equal '/'
20
-
21
- DB[:accounts].select_map(:status_id).must_equal [3]
22
- end
23
-
24
- it "should update account information when closing accounts" do
25
- statuses = nil
26
- rodauth do
27
- enable :login, :close_account
28
- close_account_requires_password? false
29
- after_close_account{statuses = [account[:status_id], account_ds.get(:status_id)]}
30
- end
31
- roda do |r|
32
- r.rodauth
33
- r.root{view(:content=>"")}
34
- end
35
-
36
- login
37
- visit '/close-account'
38
- click_button 'Close Account'
39
- statuses[0].must_equal 3
40
- statuses[1].must_equal 3
41
- end
42
-
43
- it "should delete accounts when skip_status_checks? is true" do
44
- rodauth do
45
- enable :login, :close_account
46
- close_account_requires_password? false
47
- skip_status_checks? true
48
- end
49
- roda do |r|
50
- r.rodauth
51
- r.root{view(:content=>"")}
52
- end
53
-
54
- login
55
- page.current_path.must_equal '/'
56
-
57
- visit '/close-account'
58
- click_button 'Close Account'
59
- page.current_path.must_equal '/'
60
-
61
- DB[:accounts].count.must_equal 0
62
- end
63
-
64
- it "should support closing accounts when passwords are required" do
65
- rodauth do
66
- enable :login, :close_account
67
- end
68
- roda do |r|
69
- r.rodauth
70
- r.root{view(:content=>"")}
71
- end
72
-
73
- login
74
- page.current_path.must_equal '/'
75
-
76
- visit '/close-account'
77
- fill_in 'Password', :with=>'012345678'
78
- click_button 'Close Account'
79
- page.find('#error_flash').text.must_equal "There was an error closing your account"
80
- page.html.must_include("invalid password")
81
- DB[:accounts].select_map(:status_id).must_equal [2]
82
-
83
- fill_in 'Password', :with=>'0123456789'
84
- click_button 'Close Account'
85
- page.find('#notice_flash').text.must_equal "Your account has been closed"
86
- page.current_path.must_equal '/'
87
-
88
- DB[:accounts].select_map(:status_id).must_equal [3]
89
- end
90
-
91
- it "should support closing accounts with overrides" do
92
- rodauth do
93
- enable :login, :close_account
94
- close_account do
95
- account_ds.update(:email => 'foo@bar.com', :status_id=>3)
96
- end
97
- close_account_route 'close'
98
- close_account_redirect '/login'
99
- end
100
- roda do |r|
101
- r.rodauth
102
- r.root{""}
103
- end
104
-
105
- login
106
- page.current_path.must_equal '/'
107
-
108
- visit '/close'
109
- page.title.must_equal 'Close Account'
110
- fill_in 'Password', :with=>'0123456789'
111
- click_button 'Close Account'
112
- page.find('#notice_flash').text.must_equal "Your account has been closed"
113
- page.current_path.must_equal '/login'
114
-
115
- DB[:accounts].select_map(:status_id).must_equal [3]
116
- DB[:accounts].select_map(:email).must_equal ['foo@bar.com']
117
- end
118
-
119
- it "should close accounts when account_password_hash_column is set" do
120
- rodauth do
121
- enable :create_account, :close_account
122
- close_account_requires_password? false
123
- account_password_hash_column :ph
124
- end
125
- roda do |r|
126
- r.rodauth
127
- r.root{view(:content=>"")}
128
- end
129
-
130
- visit '/create-account'
131
- fill_in 'Login', :with=>'foo2@example.com'
132
- fill_in 'Confirm Login', :with=>'foo2@example.com'
133
- fill_in 'Password', :with=>'apple2'
134
- fill_in 'Confirm Password', :with=>'apple2'
135
- click_button 'Create Account'
136
-
137
- visit '/close-account'
138
- click_button 'Close Account'
139
- page.current_path.must_equal '/'
140
-
141
- DB[:accounts].reverse(:id).get(:status_id).must_equal 3
142
- end
143
-
144
- it "should support closing accounts via jwt" do
145
- rodauth do
146
- enable :login, :close_account
147
- end
148
- roda(:jwt) do |r|
149
- r.rodauth
150
- end
151
-
152
- json_login
153
-
154
- res = json_request('/close-account', :password=>'0123456')
155
- res.must_equal [401, {'error'=>"There was an error closing your account", "field-error"=>["password", "invalid password"]}]
156
- DB[:accounts].select_map(:status_id).must_equal [2]
157
-
158
- res = json_request('/close-account', :password=>'0123456789')
159
- res.must_equal [200, {'success'=>"Your account has been closed"}]
160
- DB[:accounts].select_map(:status_id).must_equal [3]
161
- end
162
- end
@@ -1,70 +0,0 @@
1
- require File.expand_path("spec_helper", File.dirname(__FILE__))
2
-
3
- describe 'Rodauth confirm password feature' do
4
- it "should support confirming passwords" do
5
- rodauth do
6
- enable :login, :change_login, :confirm_password, :password_grace_period
7
- before_change_login_route do
8
- unless password_recently_entered?
9
- session[:confirm_password_redirect] = request.path_info
10
- redirect '/confirm-password'
11
- end
12
- end
13
- end
14
- roda do |r|
15
- r.rodauth
16
- r.get("reset"){session[:last_password_entry] = Time.now.to_i - 400; "a"}
17
- view :content=>""
18
- end
19
-
20
- login
21
-
22
- visit '/change-login'
23
- page.title.must_equal 'Change Login'
24
-
25
- visit '/reset'
26
- page.body.must_equal 'a'
27
-
28
- visit '/change-login'
29
- page.title.must_equal 'Confirm Password'
30
- fill_in 'Password', :with=>'012345678'
31
- click_button 'Confirm Password'
32
- page.find('#error_flash').text.must_equal "There was an error confirming your password"
33
- page.html.must_include("invalid password")
34
-
35
- fill_in 'Password', :with=>'0123456789'
36
- click_button 'Confirm Password'
37
- page.find('#notice_flash').text.must_equal "Your password has been confirmed"
38
-
39
- fill_in 'Login', :with=>'foo3@example.com'
40
- fill_in 'Confirm Login', :with=>'foo3@example.com'
41
- click_button 'Change Login'
42
- page.find('#notice_flash').text.must_equal "Your login has been changed"
43
- end
44
-
45
- it "should support confirming passwords via jwt" do
46
- rodauth do
47
- enable :login, :change_password, :confirm_password, :password_grace_period
48
- end
49
- roda(:jwt) do |r|
50
- r.rodauth
51
- r.post("reset"){rodauth.send(:set_session_value, :last_password_entry, Time.now.to_i - 400); [1]}
52
- end
53
-
54
- json_login
55
-
56
- res = json_request('/change-password', "new-password"=>'0123456', "password-confirm"=>'0123456')
57
- res.must_equal [200, {'success'=>"Your password has been changed"}]
58
-
59
- json_request('/reset').must_equal [200, [1]]
60
-
61
- res = json_request('/change-password', "new-password"=>'01234567', "password-confirm"=>'01234567')
62
- res.must_equal [401, {"field-error"=>["password", "invalid password"], "error"=>"There was an error changing your password"}]
63
-
64
- res = json_request('/confirm-password', "password"=>'0123456')
65
- res.must_equal [200, {'success'=>"Your password has been confirmed"}]
66
-
67
- res = json_request('/change-password', "new-password"=>'01234567', "password-confirm"=>'01234567')
68
- res.must_equal [200, {'success'=>"Your password has been changed"}]
69
- end
70
- end