rodauth 1.22.0 → 1.23.0

data/spec/login_spec.rb

@@ -1,328 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-
-describe 'Rodauth login feature' do
-  it "should handle logins and logouts" do
-    rodauth{enable :login, :logout}
-    roda do |r|
-      r.rodauth
-      next unless rodauth.logged_in?
-      r.root{view :content=>"Logged In"}
-    end
-
-    visit '/login'
-    page.title.must_equal 'Login'
-
-    login(:login=>'foo@example2.com', :visit=>false)
-    page.find('#error_flash').text.must_equal 'There was an error logging in'
-    page.html.must_include("no matching login")
-    page.all('[type=text]').first.value.must_equal 'foo@example2.com'
-
-    login(:pass=>'012345678', :visit=>false)
-    page.find('#error_flash').text.must_equal 'There was an error logging in'
-    page.html.must_include("invalid password")
-
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Login'
-    page.current_path.must_equal '/'
-    page.find('#notice_flash').text.must_equal 'You have been logged in'
-    page.html.must_include("Logged In")
-
-    visit '/logout'
-    page.title.must_equal 'Logout'
-
-    click_button 'Logout'
-    page.find('#notice_flash').text.must_equal 'You have been logged out'
-    page.current_path.must_equal '/login'
-  end
-
-  it "should handle multi phase login (email first, then password)" do
-    rodauth do
-      enable :login, :logout
-      use_multi_phase_login? true
-      login_input_type 'email'
-      input_field_label_suffix ' (Required)'
-      input_field_error_class ' bad-input'
-      input_field_error_message_class 'err-msg'
-      mark_input_fields_as_required? true
-      field_attributes do |field|
-        if field == 'login'
-          'custom_field="custom_value"'
-        else
-          super(field)
-        end
-      end
-      field_error_attributes do |field|
-        if field == 'login'
-          'custom_error_field="custom_error_value"'
-        else
-          super(field)
-        end
-      end
-      formatted_field_error do |field, error|
-        if field == 'login'
-          super(field, error)
-        else
-          "<span class='err-msg2'>1#{error}2</span>"
-        end
-      end
-    end
-    roda do |r|
-      r.rodauth
-      next unless rodauth.logged_in?
-      r.root{view :content=>"Logged In"}
-    end
-
-    visit '/login'
-    page.title.must_equal 'Login'
-
-    page.find('[custom_field=custom_value]').value.must_equal ''
-    page.all('[custom_error_field=custom_error_value]').must_be_empty
-    page.all('input[type=password]').must_be_empty
-    fill_in 'Login (Required)', :with=>'foo2@example.com'
-    click_button 'Login'
-    page.find('#error_flash').text.must_equal 'There was an error logging in'
-    page.find('[custom_field=custom_value]').value.must_equal 'foo2@example.com'
-    page.find('[custom_error_field=custom_error_value]').value.must_equal 'foo2@example.com'
-    page.find('[type=email]').value.must_equal 'foo2@example.com'
-    page.find('.bad-input').value.must_equal 'foo2@example.com'
-    page.find('.err-msg').text.must_equal 'no matching login'
-
-    page.all('input[type=password]').must_be_empty
-    fill_in 'Login (Required)', :with=>'foo@example.com'
-    click_button 'Login'
-    page.find('#notice_flash').text.must_equal 'Login recognized, please enter your password'
-
-    page.all('[custom_field=custom_value]').must_be_empty
-    page.all('[custom_error_field=custom_error_value]').must_be_empty
-    page.all('[aria-invalid=true]').must_be_empty
-    page.all('[aria-describedby]').must_be_empty
-    page.find('[required=required]').value.to_s.must_equal ''
-    page.all('input[type=text]').must_be_empty
-    fill_in 'Password (Required)', :with=>'012345678'
-    click_button 'Login'
-    page.find('#error_flash').text.must_equal 'There was an error logging in'
-    page.find('[aria-invalid=true]').value.to_s.must_equal ''
-    page.find('[aria-describedby=password_error_message]').value.to_s.must_equal ''
-    page.all('[custom_error_field=custom_error_value]').must_be_empty
-    page.find('.err-msg2').text.must_equal '1invalid password2'
-
-    page.all('input[type=text]').must_be_empty
-    fill_in 'Password (Required)', :with=>'0123456789'
-    click_button 'Login'
-    page.current_path.must_equal '/'
-    page.find('#notice_flash').text.must_equal 'You have been logged in'
-    page.html.must_include("Logged In")
-
-    visit '/logout'
-    page.title.must_equal 'Logout'
-
-    click_button 'Logout'
-    page.find('#notice_flash').text.must_equal 'You have been logged out'
-    page.current_path.must_equal '/login'
-  end
-
-  it "should not allow login to unverified account" do
-    rodauth do
-      enable :login
-      skip_status_checks? false
-    end
-    roda do |r|
-      r.rodauth
-      next unless rodauth.logged_in?
-      r.root{view :content=>"Logged In"}
-    end
-
-    DB[:accounts].update(:status_id=>1)
-    login
-    page.find('#error_flash').text.must_equal 'There was an error logging in'
-    page.html.must_include("unverified account, please verify account before logging in")
-  end
-
-  it "should handle overriding login action" do
-    rodauth do
-      enable :login
-    end
-    roda do |r|
-      r.post 'login' do
-        if r.params['login'] == 'apple' && r.params['password'] == 'banana'
-          session['user_id'] = 'pear'
-          r.redirect '/'
-        end
-        r.redirect '/login'
-      end
-      r.rodauth
-      next unless session['user_id'] == 'pear'
-      r.root{"Logged In"}
-    end
-
-    login(:login=>'appl', :pass=>'banana')
-    page.html.wont_match(/Logged In/)
-
-    login(:login=>'apple', :pass=>'banan', :visit=>false)
-    page.html.wont_match(/Logged In/)
-
-    login(:login=>'apple', :pass=>'banana', :visit=>false)
-    page.current_path.must_equal '/'
-    page.html.must_include("Logged In")
-  end
-
-  it "should handle overriding some login attributes" do
-    rodauth do
-      enable :login
-      account_from_login do |login|
-        DB[:accounts].first if login == 'apple'
-      end
-      password_match? do |password|
-        password == 'banana'
-      end
-      update_session do
-        session['user_id'] = 'pear'
-      end
-      no_matching_login_message "no user"
-      invalid_password_message "bad password"
-    end
-    roda do |r|
-      r.rodauth
-      next unless session['user_id'] == 'pear'
-      r.root{"Logged In"}
-    end
-
-    login(:login=>'appl', :pass=>'banana')
-    page.html.must_include("no user")
-
-    login(:login=>'apple', :pass=>'banan', :visit=>false)
-    page.html.must_include("bad password")
-
-    fill_in 'Password', :with=>'banana'
-    click_button 'Login'
-    page.current_path.must_equal '/'
-    page.html.must_include("Logged In")
-  end
-
-  it "should handle a prefix and some other login options" do
-    rodauth do
-      enable :login, :logout
-      prefix '/auth'
-      session_key 'login_email'
-      account_from_session{DB[:accounts].first(:email=>session_value)}
-      account_session_value{account[:email]}
-      login_param{param('lp')}
-      login_additional_form_tags "<input type='hidden' name='lp' value='l' />"
-      password_param 'p'
-      login_redirect{"/foo/#{account[:email]}"}
-      logout_redirect '/auth/lin'
-      login_route 'lin'
-      logout_route 'lout'
-    end
-    no_freeze!
-    roda do |r|
-      r.on 'auth' do
-        r.rodauth
-      end
-      next unless session['login_email'] =~ /example/
-      r.get('foo', :email){|e| "Logged In: #{e}"}
-    end
-    app.plugin :render, :views=>'spec/views', :engine=>'str'
-
-    visit '/auth/lin?lp=l'
-
-    login(:login=>'foo@example2.com', :visit=>false)
-    page.html.must_include("no matching login")
-
-    login(:pass=>'012345678', :visit=>false)
-    page.html.must_include("invalid password")
-
-    login(:visit=>false)
-    page.current_path.must_equal '/foo/foo@example.com'
-    page.html.must_include("Logged In: foo@example.com")
-
-    visit '/auth/lout'
-    click_button 'Logout'
-    page.current_path.must_equal '/auth/lin'
-  end
-
-  it "should use correct redirect paths when using prefix" do
-    rodauth do
-      enable :login, :logout
-      prefix '/auth'
-    end
-    roda do |r|
-      r.on 'auth' do
-        r.rodauth
-        rodauth.require_login
-      end
-      rodauth.send("#{r.remaining_path[1..-1]}_redirect")
-    end
-
-    visit '/login'
-    page.html.must_equal '/'
-    visit '/logout'
-    page.html.must_equal '/auth/login'
-    visit '/require_login'
-    page.html.must_equal '/auth/login'
-
-    visit '/auth'
-    page.current_path.must_equal '/auth/login'
-  end
-
-  it "should login and logout via jwt" do
-    rodauth do
-      enable :login, :logout
-      json_response_custom_error_status? false
-      jwt_secret{proc{super()}.must_raise ArgumentError; "1"}
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-      response['Content-Type'] = 'application/json'
-      rodauth.logged_in? ? '1' : '2'
-    end
-
-    json_request.must_equal [200, 2]
-
-    res = json_request("/login", :login=>'foo@example2.com', :password=>'0123456789')
-    res.must_equal [400, {'error'=>"There was an error logging in", "field-error"=>["login", "no matching login"]}]
-
-    res = json_request("/login", :login=>'foo@example.com', :password=>'012345678')
-    res.must_equal [400, {'error'=>"There was an error logging in", "field-error"=>["password", "invalid password"]}]
-
-    json_request("/login", :login=>'foo@example.com', :password=>'0123456789').must_equal [200, {"success"=>'You have been logged in'}]
-    json_request.must_equal [200, 1]
-
-    json_request("/logout").must_equal [200, {"success"=>'You have been logged out'}]
-    json_request.must_equal [200, 2]
-  end
-
-  it "should login and logout via jwt with custom error statuses" do
-    rodauth do
-      enable :login, :logout
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-      response['Content-Type'] = 'application/json'
-      r.post('foo') do
-        rodauth.require_login
-        '3'
-      end
-      rodauth.logged_in? ? '1' : '2'
-    end
-
-    json_request.must_equal [200, 2]
-
-    res = json_request("/foo")
-    res.must_equal [401, {"error"=>"Please login to continue"}]
-
-    res = json_request("/login", :login=>'foo@example2.com', :password=>'0123456789')
-    res.must_equal [401, {'error'=>"There was an error logging in", "field-error"=>["login", "no matching login"]}]
-
-    res = json_request("/login", :login=>'foo@example.com', :password=>'012345678')
-    res.must_equal [401, {'error'=>"There was an error logging in", "field-error"=>["password", "invalid password"]}]
-
-    json_request("/login", :login=>'foo@example.com', :password=>'0123456789').must_equal [200, {"success"=>'You have been logged in'}]
-    json_request.must_equal [200, 1]
-
-    res = json_request("/foo").must_equal [200, 3]
-
-    json_request("/logout").must_equal [200, {"success"=>'You have been logged out'}]
-    json_request.must_equal [200, 2]
-  end
-end

data/spec/migrate/001_tables.rb

@@ -1,184 +0,0 @@
-Sequel.migration do
-  up do
-    extension :date_arithmetic
-
-    # Used by the account verification and close account features
-    create_table(:account_statuses) do
-      Integer :id, :primary_key=>true
-      String :name, :null=>false, :unique=>true
-    end
-    from(:account_statuses).import([:id, :name], [[1, 'Unverified'], [2, 'Verified'], [3, 'Closed']])
-
-    db = self
-    create_table(:accounts) do
-      primary_key :id, :type=>:Bignum
-      foreign_key :status_id, :account_statuses, :null=>false, :default=>1
-      if db.database_type == :postgres
-        citext :email, :null=>false
-        constraint :valid_email, :email=>/^[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+$/
-        index :email, :unique=>true, :where=>{:status_id=>[1, 2]}
-      else
-        String :email, :null=>false
-        index :email, :unique=>true
-      end
-    end
-
-    deadline_opts = proc do |days|
-      if database_type == :mysql
-        {:null=>false}
-      else
-        {:null=>false, :default=>Sequel.date_add(Sequel::CURRENT_TIMESTAMP, :days=>days)}
-      end
-    end
-
-    # Used by the password reset feature
-    create_table(:account_password_reset_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-      DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the refresh token feature
-    create_table(:account_jwt_refresh_keys) do
-      primary_key :id, :type=>:Bignum
-      foreign_key :account_id, :accounts, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-    end
-
-    # Used by the account verification feature
-    create_table(:account_verification_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :requested_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-      DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the verify login change feature
-    create_table(:account_login_change_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      String :login, :null=>false
-      DateTime :deadline, deadline_opts[1]
-    end
-
-    # Used by the remember me feature
-    create_table(:account_remember_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[14]
-    end
-
-    # Used by the lockout feature
-    create_table(:account_login_failures) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      Integer :number, :null=>false, :default=>1
-    end
-    create_table(:account_lockouts) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-      DateTime :email_last_sent
-    end
-
-    # Used by the email auth feature
-    create_table(:account_email_auth_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      DateTime :deadline, deadline_opts[1]
-      DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the password expiration feature
-    create_table(:account_password_change_times) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      DateTime :changed_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the account expiration feature
-    create_table(:account_activity_times) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      DateTime :last_activity_at, :null=>false
-      DateTime :last_login_at, :null=>false
-      DateTime :expired_at
-    end
-
-    # Used by the single session feature
-    create_table(:account_session_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-    end
-
-    # Used by the otp feature
-    create_table(:account_otp_keys) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :key, :null=>false
-      Integer :num_failures, :null=>false, :default=>0
-      Time :last_use, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    # Used by the recovery codes feature
-    create_table(:account_recovery_codes) do
-      foreign_key :id, :accounts, :type=>:Bignum
-      String :code
-      primary_key [:id, :code]
-    end
-
-    # Used by the sms codes feature
-    create_table(:account_sms_codes) do
-      foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-      String :phone_number, :null=>false
-      Integer :num_failures
-      String :code
-      DateTime :code_issued_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-    end
-
-    case database_type
-    when :postgres
-      user = get(Sequel.lit('current_user')) + '_password'
-      run "GRANT REFERENCES ON accounts TO #{user}"
-    when :mysql, :mssql
-      user = if database_type == :mysql
-        get(Sequel.lit('current_user')).sub(/_password@/, '@')
-      else
-        get(Sequel.function(:DB_NAME))
-      end
-      run "GRANT ALL ON account_statuses TO #{user}"
-      run "GRANT ALL ON accounts TO #{user}"
-      run "GRANT ALL ON account_password_reset_keys TO #{user}"
-      run "GRANT ALL ON account_jwt_refresh_keys TO #{user}"
-      run "GRANT ALL ON account_verification_keys TO #{user}"
-      run "GRANT ALL ON account_login_change_keys TO #{user}"
-      run "GRANT ALL ON account_remember_keys TO #{user}"
-      run "GRANT ALL ON account_login_failures TO #{user}"
-      run "GRANT ALL ON account_email_auth_keys TO #{user}"
-      run "GRANT ALL ON account_lockouts TO #{user}"
-      run "GRANT ALL ON account_password_change_times TO #{user}"
-      run "GRANT ALL ON account_activity_times TO #{user}"
-      run "GRANT ALL ON account_session_keys TO #{user}"
-      run "GRANT ALL ON account_otp_keys TO #{user}"
-      run "GRANT ALL ON account_recovery_codes TO #{user}"
-      run "GRANT ALL ON account_sms_codes TO #{user}"
-    end
-  end
-
-  down do
-    drop_table(:account_sms_codes,
-               :account_recovery_codes,
-               :account_otp_keys,
-               :account_session_keys,
-               :account_activity_times,
-               :account_password_change_times,
-               :account_email_auth_keys,
-               :account_lockouts,
-               :account_login_failures,
-               :account_remember_keys,
-               :account_login_change_keys,
-               :account_verification_keys,
-               :account_jwt_refresh_keys,
-               :account_password_reset_keys,
-               :accounts,
-               :account_statuses)
-  end
-end