rodauth 1.22.0 → 1.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +12 -0
- data/README.rdoc +5 -3
- data/doc/email_base.rdoc +1 -0
- data/doc/release_notes/1.23.0.txt +32 -0
- data/lib/rodauth.rb +5 -2
- data/lib/rodauth/features/base.rb +8 -0
- data/lib/rodauth/features/change_password_notify.rb +1 -1
- data/lib/rodauth/features/create_account.rb +1 -1
- data/lib/rodauth/features/email_auth.rb +3 -4
- data/lib/rodauth/features/email_base.rb +7 -2
- data/lib/rodauth/features/lockout.rb +1 -1
- data/lib/rodauth/features/login.rb +6 -2
- data/lib/rodauth/features/otp.rb +6 -3
- data/lib/rodauth/features/password_expiration.rb +1 -1
- data/lib/rodauth/features/recovery_codes.rb +3 -3
- data/lib/rodauth/features/reset_password.rb +2 -2
- data/lib/rodauth/features/sms_codes.rb +5 -5
- data/lib/rodauth/features/verify_account.rb +2 -2
- data/lib/rodauth/features/verify_login_change.rb +1 -1
- data/lib/rodauth/version.rb +1 -1
- data/templates/email-auth-request-form.str +2 -2
- data/templates/reset-password-request.str +3 -3
- data/templates/unlock-account-request.str +3 -3
- data/templates/verify-account-resend.str +3 -3
- metadata +5 -43
- data/Rakefile +0 -179
- data/spec/account_expiration_spec.rb +0 -225
- data/spec/all.rb +0 -1
- data/spec/change_login_spec.rb +0 -156
- data/spec/change_password_notify_spec.rb +0 -33
- data/spec/change_password_spec.rb +0 -202
- data/spec/close_account_spec.rb +0 -162
- data/spec/confirm_password_spec.rb +0 -70
- data/spec/create_account_spec.rb +0 -127
- data/spec/disallow_common_passwords_spec.rb +0 -93
- data/spec/disallow_password_reuse_spec.rb +0 -179
- data/spec/email_auth_spec.rb +0 -285
- data/spec/http_basic_auth_spec.rb +0 -143
- data/spec/jwt_cors_spec.rb +0 -57
- data/spec/jwt_refresh_spec.rb +0 -256
- data/spec/jwt_spec.rb +0 -235
- data/spec/lockout_spec.rb +0 -250
- data/spec/login_spec.rb +0 -328
- data/spec/migrate/001_tables.rb +0 -184
- data/spec/migrate/002_account_password_hash_column.rb +0 -11
- data/spec/migrate_password/001_tables.rb +0 -73
- data/spec/migrate_travis/001_tables.rb +0 -141
- data/spec/password_complexity_spec.rb +0 -109
- data/spec/password_expiration_spec.rb +0 -244
- data/spec/password_grace_period_spec.rb +0 -93
- data/spec/remember_spec.rb +0 -451
- data/spec/reset_password_spec.rb +0 -229
- data/spec/rodauth_spec.rb +0 -343
- data/spec/session_expiration_spec.rb +0 -58
- data/spec/single_session_spec.rb +0 -127
- data/spec/spec_helper.rb +0 -327
- data/spec/two_factor_spec.rb +0 -1462
- data/spec/update_password_hash_spec.rb +0 -40
- data/spec/verify_account_grace_period_spec.rb +0 -171
- data/spec/verify_account_spec.rb +0 -240
- data/spec/verify_change_login_spec.rb +0 -46
- data/spec/verify_login_change_spec.rb +0 -232
- data/spec/views/layout-other.str +0 -11
- data/spec/views/layout.str +0 -11
- data/spec/views/login.str +0 -21
@@ -1,33 +0,0 @@
|
|
1
|
-
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
2
|
-
|
3
|
-
describe 'Rodauth change_password_notify feature' do
|
4
|
-
it "should email when using change password" do
|
5
|
-
rodauth do
|
6
|
-
enable :login, :logout, :change_password_notify
|
7
|
-
change_password_requires_password? false
|
8
|
-
end
|
9
|
-
roda do |r|
|
10
|
-
r.rodauth
|
11
|
-
r.root{view :content=>""}
|
12
|
-
end
|
13
|
-
|
14
|
-
login
|
15
|
-
page.current_path.must_equal '/'
|
16
|
-
|
17
|
-
visit '/change-password'
|
18
|
-
fill_in 'New Password', :with=>'0123456'
|
19
|
-
fill_in 'Confirm Password', :with=>'0123456'
|
20
|
-
click_button 'Change Password'
|
21
|
-
page.find('#notice_flash').text.must_equal "Your password has been changed"
|
22
|
-
|
23
|
-
page.current_path.must_equal '/'
|
24
|
-
msgs = Mail::TestMailer.deliveries
|
25
|
-
msgs.length.must_equal 1
|
26
|
-
msgs.first.to.first.must_equal 'foo@example.com'
|
27
|
-
msgs.first.body.to_s.must_equal <<EMAIL
|
28
|
-
Someone (hopefully you) has changed the password for the account
|
29
|
-
associated to this email address.
|
30
|
-
EMAIL
|
31
|
-
msgs.clear
|
32
|
-
end
|
33
|
-
end
|
@@ -1,202 +0,0 @@
|
|
1
|
-
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
2
|
-
|
3
|
-
describe 'Rodauth change_password feature' do
|
4
|
-
[false, true].each do |ph|
|
5
|
-
it "should support changing passwords for accounts #{'with account_password_hash_column' if ph}" do
|
6
|
-
require_password = true
|
7
|
-
rodauth do
|
8
|
-
enable :login, :logout, :change_password
|
9
|
-
account_password_hash_column :ph if ph
|
10
|
-
change_password_requires_password?{require_password}
|
11
|
-
end
|
12
|
-
roda do |r|
|
13
|
-
r.rodauth
|
14
|
-
r.root{view :content=>""}
|
15
|
-
end
|
16
|
-
|
17
|
-
login
|
18
|
-
page.current_path.must_equal '/'
|
19
|
-
|
20
|
-
visit '/change-password'
|
21
|
-
page.title.must_equal 'Change Password'
|
22
|
-
|
23
|
-
fill_in 'Password', :with=>'0123456789'
|
24
|
-
fill_in 'New Password', :with=>'0123456'
|
25
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
26
|
-
click_button 'Change Password'
|
27
|
-
page.html.must_include("passwords do not match")
|
28
|
-
page.find('#error_flash').text.must_equal "There was an error changing your password"
|
29
|
-
page.current_path.must_equal '/change-password'
|
30
|
-
|
31
|
-
fill_in 'Password', :with=>'0123456'
|
32
|
-
fill_in 'New Password', :with=>'0123456'
|
33
|
-
fill_in 'Confirm Password', :with=>'0123456'
|
34
|
-
click_button 'Change Password'
|
35
|
-
page.find('#error_flash').text.must_equal "There was an error changing your password"
|
36
|
-
page.body.must_include 'invalid password'
|
37
|
-
page.current_path.must_equal '/change-password'
|
38
|
-
|
39
|
-
fill_in 'Password', :with=>'0123456789'
|
40
|
-
fill_in 'New Password', :with=>'0123456789'
|
41
|
-
fill_in 'Confirm Password', :with=>'0123456789'
|
42
|
-
click_button 'Change Password'
|
43
|
-
page.find('#error_flash').text.must_equal "There was an error changing your password"
|
44
|
-
page.body.must_include 'invalid password, same as current password'
|
45
|
-
page.current_path.must_equal '/change-password'
|
46
|
-
|
47
|
-
fill_in 'Password', :with=>'0123456789'
|
48
|
-
fill_in 'New Password', :with=>'0123456'
|
49
|
-
fill_in 'Confirm Password', :with=>'0123456'
|
50
|
-
click_button 'Change Password'
|
51
|
-
page.find('#notice_flash').text.must_equal "Your password has been changed"
|
52
|
-
page.current_path.must_equal '/'
|
53
|
-
|
54
|
-
logout
|
55
|
-
login
|
56
|
-
page.html.must_include("invalid password")
|
57
|
-
page.current_path.must_equal '/login'
|
58
|
-
|
59
|
-
fill_in 'Password', :with=>'0123456'
|
60
|
-
click_button 'Login'
|
61
|
-
page.current_path.must_equal '/'
|
62
|
-
|
63
|
-
require_password = false
|
64
|
-
visit '/change-password'
|
65
|
-
fill_in 'New Password', :with=>'012345678'
|
66
|
-
fill_in 'Confirm Password', :with=>'012345678'
|
67
|
-
click_button 'Change Password'
|
68
|
-
page.find('#notice_flash').text.must_equal "Your password has been changed"
|
69
|
-
page.current_path.must_equal '/'
|
70
|
-
|
71
|
-
login(:pass=>'012345678')
|
72
|
-
page.current_path.must_equal '/'
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
it "should support changing passwords for accounts without confirmation" do
|
77
|
-
rodauth do
|
78
|
-
enable :login, :change_password
|
79
|
-
modifications_require_password? false
|
80
|
-
require_password_confirmation? false
|
81
|
-
end
|
82
|
-
roda do |r|
|
83
|
-
r.rodauth
|
84
|
-
r.root{view :content=>""}
|
85
|
-
end
|
86
|
-
|
87
|
-
login
|
88
|
-
visit '/change-password'
|
89
|
-
fill_in 'New Password', :with=>'012345678'
|
90
|
-
click_button 'Change Password'
|
91
|
-
page.find('#notice_flash').text.must_equal "Your password has been changed"
|
92
|
-
end
|
93
|
-
|
94
|
-
it "should support invalid_previous_password_message" do
|
95
|
-
rodauth do
|
96
|
-
enable :login, :logout, :change_password
|
97
|
-
invalid_previous_password_message "Previous password not correct"
|
98
|
-
end
|
99
|
-
roda do |r|
|
100
|
-
r.rodauth
|
101
|
-
r.root{view :content=>""}
|
102
|
-
end
|
103
|
-
|
104
|
-
login
|
105
|
-
page.current_path.must_equal '/'
|
106
|
-
|
107
|
-
visit '/change-password'
|
108
|
-
page.title.must_equal 'Change Password'
|
109
|
-
|
110
|
-
fill_in 'Password', :with=>'0123456'
|
111
|
-
fill_in 'New Password', :with=>'0123456'
|
112
|
-
fill_in 'Confirm Password', :with=>'0123456'
|
113
|
-
click_button 'Change Password'
|
114
|
-
page.find('#error_flash').text.must_equal "There was an error changing your password"
|
115
|
-
page.body.must_include 'Previous password not correct'
|
116
|
-
page.current_path.must_equal '/change-password'
|
117
|
-
end
|
118
|
-
|
119
|
-
it "should support setting requirements for passwords" do
|
120
|
-
rodauth do
|
121
|
-
enable :login, :create_account, :change_password
|
122
|
-
create_account_autologin? false
|
123
|
-
password_meets_requirements? do |password|
|
124
|
-
password =~ /banana/
|
125
|
-
end
|
126
|
-
end
|
127
|
-
roda do |r|
|
128
|
-
r.rodauth
|
129
|
-
r.root{view :content=>""}
|
130
|
-
end
|
131
|
-
|
132
|
-
visit '/create-account'
|
133
|
-
fill_in 'Login', :with=>'foo2@example.com'
|
134
|
-
fill_in 'Confirm Login', :with=>'foo2@example.com'
|
135
|
-
fill_in 'Password', :with=>'apple'
|
136
|
-
fill_in 'Confirm Password', :with=>'apple'
|
137
|
-
click_button 'Create Account'
|
138
|
-
page.html.must_include("invalid password, does not meet requirements")
|
139
|
-
page.find('#error_flash').text.must_equal "There was an error creating your account"
|
140
|
-
page.current_path.must_equal '/create-account'
|
141
|
-
|
142
|
-
fill_in 'Password', :with=>'banana'
|
143
|
-
fill_in 'Confirm Password', :with=>'banana'
|
144
|
-
click_button 'Create Account'
|
145
|
-
|
146
|
-
login(:login=>'foo2@example.com', :pass=>'banana')
|
147
|
-
|
148
|
-
visit '/change-password'
|
149
|
-
fill_in 'Password', :with=>'banana'
|
150
|
-
fill_in 'New Password', :with=>'apple'
|
151
|
-
fill_in 'Confirm Password', :with=>'apple'
|
152
|
-
click_button 'Change Password'
|
153
|
-
page.html.must_include("invalid password, does not meet requirements")
|
154
|
-
page.find('#error_flash').text.must_equal "There was an error changing your password"
|
155
|
-
page.current_path.must_equal '/change-password'
|
156
|
-
|
157
|
-
fill_in 'Password', :with=>'banana'
|
158
|
-
fill_in 'New Password', :with=>'my_banana_3'
|
159
|
-
fill_in 'Confirm Password', :with=>'my_banana_3'
|
160
|
-
click_button 'Change Password'
|
161
|
-
page.current_path.must_equal '/'
|
162
|
-
end
|
163
|
-
|
164
|
-
it "should support changing passwords for accounts via jwt" do
|
165
|
-
require_password = true
|
166
|
-
rodauth do
|
167
|
-
enable :login, :logout, :change_password
|
168
|
-
change_password_requires_password?{require_password}
|
169
|
-
end
|
170
|
-
roda(:jwt) do |r|
|
171
|
-
r.rodauth
|
172
|
-
end
|
173
|
-
|
174
|
-
json_login
|
175
|
-
|
176
|
-
res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456', "password-confirm"=>'0123456789')
|
177
|
-
res.must_equal [422, {'error'=>"There was an error changing your password", "field-error"=>["new-password", "passwords do not match"]}]
|
178
|
-
|
179
|
-
res = json_request('/change-password', :password=>'0123456', "new-password"=>'0123456', "password-confirm"=>'0123456')
|
180
|
-
res.must_equal [401, {'error'=>"There was an error changing your password", "field-error"=>["password", "invalid password"]}]
|
181
|
-
|
182
|
-
res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456789', "password-confirm"=>'0123456789')
|
183
|
-
res.must_equal [422, {'error'=>"There was an error changing your password", "field-error"=>["new-password", "invalid password, same as current password"]}]
|
184
|
-
|
185
|
-
res = json_request('/change-password', :password=>'0123456789', "new-password"=>'0123456', "password-confirm"=>'0123456')
|
186
|
-
res.must_equal [200, {'success'=>"Your password has been changed"}]
|
187
|
-
|
188
|
-
json_logout
|
189
|
-
res = json_login(:no_check=>true)
|
190
|
-
res.must_equal [401, {'error'=>"There was an error logging in", "field-error"=>["password", "invalid password"]}]
|
191
|
-
|
192
|
-
json_login(:pass=>'0123456')
|
193
|
-
|
194
|
-
require_password = false
|
195
|
-
|
196
|
-
res = json_request('/change-password', "new-password"=>'012345678', "password-confirm"=>'012345678')
|
197
|
-
res.must_equal [200, {'success'=>"Your password has been changed"}]
|
198
|
-
|
199
|
-
json_logout
|
200
|
-
json_login(:pass=>'012345678')
|
201
|
-
end
|
202
|
-
end
|
data/spec/close_account_spec.rb
DELETED
@@ -1,162 +0,0 @@
|
|
1
|
-
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
2
|
-
|
3
|
-
describe 'Rodauth close_account feature' do
|
4
|
-
it "should support closing accounts when passwords are not required" do
|
5
|
-
rodauth do
|
6
|
-
enable :login, :close_account
|
7
|
-
close_account_requires_password? false
|
8
|
-
end
|
9
|
-
roda do |r|
|
10
|
-
r.rodauth
|
11
|
-
r.root{view(:content=>"")}
|
12
|
-
end
|
13
|
-
|
14
|
-
login
|
15
|
-
page.current_path.must_equal '/'
|
16
|
-
|
17
|
-
visit '/close-account'
|
18
|
-
click_button 'Close Account'
|
19
|
-
page.current_path.must_equal '/'
|
20
|
-
|
21
|
-
DB[:accounts].select_map(:status_id).must_equal [3]
|
22
|
-
end
|
23
|
-
|
24
|
-
it "should update account information when closing accounts" do
|
25
|
-
statuses = nil
|
26
|
-
rodauth do
|
27
|
-
enable :login, :close_account
|
28
|
-
close_account_requires_password? false
|
29
|
-
after_close_account{statuses = [account[:status_id], account_ds.get(:status_id)]}
|
30
|
-
end
|
31
|
-
roda do |r|
|
32
|
-
r.rodauth
|
33
|
-
r.root{view(:content=>"")}
|
34
|
-
end
|
35
|
-
|
36
|
-
login
|
37
|
-
visit '/close-account'
|
38
|
-
click_button 'Close Account'
|
39
|
-
statuses[0].must_equal 3
|
40
|
-
statuses[1].must_equal 3
|
41
|
-
end
|
42
|
-
|
43
|
-
it "should delete accounts when skip_status_checks? is true" do
|
44
|
-
rodauth do
|
45
|
-
enable :login, :close_account
|
46
|
-
close_account_requires_password? false
|
47
|
-
skip_status_checks? true
|
48
|
-
end
|
49
|
-
roda do |r|
|
50
|
-
r.rodauth
|
51
|
-
r.root{view(:content=>"")}
|
52
|
-
end
|
53
|
-
|
54
|
-
login
|
55
|
-
page.current_path.must_equal '/'
|
56
|
-
|
57
|
-
visit '/close-account'
|
58
|
-
click_button 'Close Account'
|
59
|
-
page.current_path.must_equal '/'
|
60
|
-
|
61
|
-
DB[:accounts].count.must_equal 0
|
62
|
-
end
|
63
|
-
|
64
|
-
it "should support closing accounts when passwords are required" do
|
65
|
-
rodauth do
|
66
|
-
enable :login, :close_account
|
67
|
-
end
|
68
|
-
roda do |r|
|
69
|
-
r.rodauth
|
70
|
-
r.root{view(:content=>"")}
|
71
|
-
end
|
72
|
-
|
73
|
-
login
|
74
|
-
page.current_path.must_equal '/'
|
75
|
-
|
76
|
-
visit '/close-account'
|
77
|
-
fill_in 'Password', :with=>'012345678'
|
78
|
-
click_button 'Close Account'
|
79
|
-
page.find('#error_flash').text.must_equal "There was an error closing your account"
|
80
|
-
page.html.must_include("invalid password")
|
81
|
-
DB[:accounts].select_map(:status_id).must_equal [2]
|
82
|
-
|
83
|
-
fill_in 'Password', :with=>'0123456789'
|
84
|
-
click_button 'Close Account'
|
85
|
-
page.find('#notice_flash').text.must_equal "Your account has been closed"
|
86
|
-
page.current_path.must_equal '/'
|
87
|
-
|
88
|
-
DB[:accounts].select_map(:status_id).must_equal [3]
|
89
|
-
end
|
90
|
-
|
91
|
-
it "should support closing accounts with overrides" do
|
92
|
-
rodauth do
|
93
|
-
enable :login, :close_account
|
94
|
-
close_account do
|
95
|
-
account_ds.update(:email => 'foo@bar.com', :status_id=>3)
|
96
|
-
end
|
97
|
-
close_account_route 'close'
|
98
|
-
close_account_redirect '/login'
|
99
|
-
end
|
100
|
-
roda do |r|
|
101
|
-
r.rodauth
|
102
|
-
r.root{""}
|
103
|
-
end
|
104
|
-
|
105
|
-
login
|
106
|
-
page.current_path.must_equal '/'
|
107
|
-
|
108
|
-
visit '/close'
|
109
|
-
page.title.must_equal 'Close Account'
|
110
|
-
fill_in 'Password', :with=>'0123456789'
|
111
|
-
click_button 'Close Account'
|
112
|
-
page.find('#notice_flash').text.must_equal "Your account has been closed"
|
113
|
-
page.current_path.must_equal '/login'
|
114
|
-
|
115
|
-
DB[:accounts].select_map(:status_id).must_equal [3]
|
116
|
-
DB[:accounts].select_map(:email).must_equal ['foo@bar.com']
|
117
|
-
end
|
118
|
-
|
119
|
-
it "should close accounts when account_password_hash_column is set" do
|
120
|
-
rodauth do
|
121
|
-
enable :create_account, :close_account
|
122
|
-
close_account_requires_password? false
|
123
|
-
account_password_hash_column :ph
|
124
|
-
end
|
125
|
-
roda do |r|
|
126
|
-
r.rodauth
|
127
|
-
r.root{view(:content=>"")}
|
128
|
-
end
|
129
|
-
|
130
|
-
visit '/create-account'
|
131
|
-
fill_in 'Login', :with=>'foo2@example.com'
|
132
|
-
fill_in 'Confirm Login', :with=>'foo2@example.com'
|
133
|
-
fill_in 'Password', :with=>'apple2'
|
134
|
-
fill_in 'Confirm Password', :with=>'apple2'
|
135
|
-
click_button 'Create Account'
|
136
|
-
|
137
|
-
visit '/close-account'
|
138
|
-
click_button 'Close Account'
|
139
|
-
page.current_path.must_equal '/'
|
140
|
-
|
141
|
-
DB[:accounts].reverse(:id).get(:status_id).must_equal 3
|
142
|
-
end
|
143
|
-
|
144
|
-
it "should support closing accounts via jwt" do
|
145
|
-
rodauth do
|
146
|
-
enable :login, :close_account
|
147
|
-
end
|
148
|
-
roda(:jwt) do |r|
|
149
|
-
r.rodauth
|
150
|
-
end
|
151
|
-
|
152
|
-
json_login
|
153
|
-
|
154
|
-
res = json_request('/close-account', :password=>'0123456')
|
155
|
-
res.must_equal [401, {'error'=>"There was an error closing your account", "field-error"=>["password", "invalid password"]}]
|
156
|
-
DB[:accounts].select_map(:status_id).must_equal [2]
|
157
|
-
|
158
|
-
res = json_request('/close-account', :password=>'0123456789')
|
159
|
-
res.must_equal [200, {'success'=>"Your account has been closed"}]
|
160
|
-
DB[:accounts].select_map(:status_id).must_equal [3]
|
161
|
-
end
|
162
|
-
end
|
@@ -1,70 +0,0 @@
|
|
1
|
-
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
2
|
-
|
3
|
-
describe 'Rodauth confirm password feature' do
|
4
|
-
it "should support confirming passwords" do
|
5
|
-
rodauth do
|
6
|
-
enable :login, :change_login, :confirm_password, :password_grace_period
|
7
|
-
before_change_login_route do
|
8
|
-
unless password_recently_entered?
|
9
|
-
session[:confirm_password_redirect] = request.path_info
|
10
|
-
redirect '/confirm-password'
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
14
|
-
roda do |r|
|
15
|
-
r.rodauth
|
16
|
-
r.get("reset"){session[:last_password_entry] = Time.now.to_i - 400; "a"}
|
17
|
-
view :content=>""
|
18
|
-
end
|
19
|
-
|
20
|
-
login
|
21
|
-
|
22
|
-
visit '/change-login'
|
23
|
-
page.title.must_equal 'Change Login'
|
24
|
-
|
25
|
-
visit '/reset'
|
26
|
-
page.body.must_equal 'a'
|
27
|
-
|
28
|
-
visit '/change-login'
|
29
|
-
page.title.must_equal 'Confirm Password'
|
30
|
-
fill_in 'Password', :with=>'012345678'
|
31
|
-
click_button 'Confirm Password'
|
32
|
-
page.find('#error_flash').text.must_equal "There was an error confirming your password"
|
33
|
-
page.html.must_include("invalid password")
|
34
|
-
|
35
|
-
fill_in 'Password', :with=>'0123456789'
|
36
|
-
click_button 'Confirm Password'
|
37
|
-
page.find('#notice_flash').text.must_equal "Your password has been confirmed"
|
38
|
-
|
39
|
-
fill_in 'Login', :with=>'foo3@example.com'
|
40
|
-
fill_in 'Confirm Login', :with=>'foo3@example.com'
|
41
|
-
click_button 'Change Login'
|
42
|
-
page.find('#notice_flash').text.must_equal "Your login has been changed"
|
43
|
-
end
|
44
|
-
|
45
|
-
it "should support confirming passwords via jwt" do
|
46
|
-
rodauth do
|
47
|
-
enable :login, :change_password, :confirm_password, :password_grace_period
|
48
|
-
end
|
49
|
-
roda(:jwt) do |r|
|
50
|
-
r.rodauth
|
51
|
-
r.post("reset"){rodauth.send(:set_session_value, :last_password_entry, Time.now.to_i - 400); [1]}
|
52
|
-
end
|
53
|
-
|
54
|
-
json_login
|
55
|
-
|
56
|
-
res = json_request('/change-password', "new-password"=>'0123456', "password-confirm"=>'0123456')
|
57
|
-
res.must_equal [200, {'success'=>"Your password has been changed"}]
|
58
|
-
|
59
|
-
json_request('/reset').must_equal [200, [1]]
|
60
|
-
|
61
|
-
res = json_request('/change-password', "new-password"=>'01234567', "password-confirm"=>'01234567')
|
62
|
-
res.must_equal [401, {"field-error"=>["password", "invalid password"], "error"=>"There was an error changing your password"}]
|
63
|
-
|
64
|
-
res = json_request('/confirm-password', "password"=>'0123456')
|
65
|
-
res.must_equal [200, {'success'=>"Your password has been confirmed"}]
|
66
|
-
|
67
|
-
res = json_request('/change-password', "new-password"=>'01234567', "password-confirm"=>'01234567')
|
68
|
-
res.must_equal [200, {'success'=>"Your password has been changed"}]
|
69
|
-
end
|
70
|
-
end
|