RubyGems - rodauth - Versions diffs - 1.22.0 → 1.23.0 - Mend

rodauth 1.22.0 → 1.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

checksums.yaml +4 -4
data/CHANGELOG +12 -0
data/README.rdoc +5 -3
data/doc/email_base.rdoc +1 -0
data/doc/release_notes/1.23.0.txt +32 -0
data/lib/rodauth.rb +5 -2
data/lib/rodauth/features/base.rb +8 -0
data/lib/rodauth/features/change_password_notify.rb +1 -1
data/lib/rodauth/features/create_account.rb +1 -1
data/lib/rodauth/features/email_auth.rb +3 -4
data/lib/rodauth/features/email_base.rb +7 -2
data/lib/rodauth/features/lockout.rb +1 -1
data/lib/rodauth/features/login.rb +6 -2
data/lib/rodauth/features/otp.rb +6 -3
data/lib/rodauth/features/password_expiration.rb +1 -1
data/lib/rodauth/features/recovery_codes.rb +3 -3
data/lib/rodauth/features/reset_password.rb +2 -2
data/lib/rodauth/features/sms_codes.rb +5 -5
data/lib/rodauth/features/verify_account.rb +2 -2
data/lib/rodauth/features/verify_login_change.rb +1 -1
data/lib/rodauth/version.rb +1 -1
data/templates/email-auth-request-form.str +2 -2
data/templates/reset-password-request.str +3 -3
data/templates/unlock-account-request.str +3 -3
data/templates/verify-account-resend.str +3 -3
metadata +5 -43
data/Rakefile +0 -179
data/spec/account_expiration_spec.rb +0 -225
data/spec/all.rb +0 -1
data/spec/change_login_spec.rb +0 -156
data/spec/change_password_notify_spec.rb +0 -33
data/spec/change_password_spec.rb +0 -202
data/spec/close_account_spec.rb +0 -162
data/spec/confirm_password_spec.rb +0 -70
data/spec/create_account_spec.rb +0 -127
data/spec/disallow_common_passwords_spec.rb +0 -93
data/spec/disallow_password_reuse_spec.rb +0 -179
data/spec/email_auth_spec.rb +0 -285
data/spec/http_basic_auth_spec.rb +0 -143
data/spec/jwt_cors_spec.rb +0 -57
data/spec/jwt_refresh_spec.rb +0 -256
data/spec/jwt_spec.rb +0 -235
data/spec/lockout_spec.rb +0 -250
data/spec/login_spec.rb +0 -328
data/spec/migrate/001_tables.rb +0 -184
data/spec/migrate/002_account_password_hash_column.rb +0 -11
data/spec/migrate_password/001_tables.rb +0 -73
data/spec/migrate_travis/001_tables.rb +0 -141
data/spec/password_complexity_spec.rb +0 -109
data/spec/password_expiration_spec.rb +0 -244
data/spec/password_grace_period_spec.rb +0 -93
data/spec/remember_spec.rb +0 -451
data/spec/reset_password_spec.rb +0 -229
data/spec/rodauth_spec.rb +0 -343
data/spec/session_expiration_spec.rb +0 -58
data/spec/single_session_spec.rb +0 -127
data/spec/spec_helper.rb +0 -327
data/spec/two_factor_spec.rb +0 -1462
data/spec/update_password_hash_spec.rb +0 -40
data/spec/verify_account_grace_period_spec.rb +0 -171
data/spec/verify_account_spec.rb +0 -240
data/spec/verify_change_login_spec.rb +0 -46
data/spec/verify_login_change_spec.rb +0 -232
data/spec/views/layout-other.str +0 -11
data/spec/views/layout.str +0 -11
data/spec/views/login.str +0 -21

data/spec/password_grace_period_spec.rb DELETED

@@ -1,93 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-describe 'Rodauth password grace period feature' do
-  it "should not ask for password again if password was recently entered" do
-    grace = 300
-    rodauth do
-      enable :login, :change_login, :password_grace_period
-      password_grace_period{grace}
-      require_login_confirmation? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    login
-    page.body.must_include "Logged In"
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo2@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-    grace = -1
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo3@example.com'
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-    grace = 300
-    visit '/change-login'
-    grace = -1
-    fill_in 'Login', :with=>'foo4@example.com'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.html.must_include("invalid password")
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-  end
-  it "should not ask for password again directly after creating an account" do
-    rodauth do
-      enable :create_account, :change_login, :password_grace_period
-      require_login_confirmation? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo2@example.com'
-    fill_in 'Password', :with=>'apple2'
-    fill_in 'Confirm Password', :with=>'apple2'
-    click_button 'Create Account'
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo3@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-  end
-  it "should not ask for password again directly after resetting a password" do
-    rodauth do
-      enable :login, :reset_password, :change_login, :password_grace_period
-      require_login_confirmation? false
-      reset_password_autologin? true
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    login(:pass=>'01234567')
-    click_button 'Request Password Reset'
-    link = email_link(/(\/reset-password\?key=.+)$/)
-    visit link
-    fill_in 'Password', :with=>'0123456'
-    fill_in 'Confirm Password', :with=>'0123456'
-    click_button 'Reset Password'
-    page.find('#notice_flash').text.must_equal "Your password has been reset"
-    page.current_path.must_equal '/'
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo2@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-  end
-end

data/spec/remember_spec.rb DELETED

@@ -1,451 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-describe 'Rodauth remember feature' do
-  it "should support login via remember token" do
-    secret = nil
-    raw_before = Time.now - 100000000
-    rodauth do
-      enable :login, :remember
-      hmac_secret{secret}
-      raw_remember_token_deadline{raw_before}
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            view :content=>"Logged In via Remember"
-          else
-            view :content=>"Logged In Normally"
-          end
-        else
-          view :content=>"Not Logged In"
-        end
-      end
-    end
-    login
-    page.body.must_include 'Logged In Normally'
-    visit '/load'
-    page.body.must_include 'Logged In Normally'
-    visit '/remember'
-    click_button 'Change Remember Setting'
-    page.find('#error_flash').text.must_equal "There was an error updating your remember setting"
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.find('#notice_flash').text.must_equal "Your remember setting has been updated"
-    page.body.must_include 'Logged In Normally'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_include 'Not Logged In'
-    secret = SecureRandom.random_bytes(32)
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    secret = nil
-    raw_before = Time.now + 100000000
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    remove_cookie('rack.session')
-    secret = SecureRandom.random_bytes(32)
-    visit '/load'
-    page.body.must_include 'Logged In via Remember'
-    key = get_cookie('_remember')
-    visit '/remember'
-    choose 'Forget Me'
-    click_button 'Change Remember Setting'
-    page.body.must_include 'Logged In via Remember'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_include 'Not Logged In'
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    set_cookie('_remember', key)
-    visit '/load'
-    page.body.must_include 'Logged In via Remember'
-    visit '/remember'
-    choose 'Disable Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_include 'Logged In via Remember'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_include 'Not Logged In'
-    set_cookie('_remember', key)
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    secret = SecureRandom.random_bytes(32)
-    remove_cookie('rack.session')
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-  end
-  it "should forget remember token when explicitly logging out" do
-    rodauth do
-      enable :login, :logout, :remember
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
-    end
-    login
-    page.body.must_equal 'Logged In'
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_equal 'Logged In'
-    logout
-    visit '/'
-    page.body.must_equal 'Not Logged In'
-    visit '/load'
-    page.body.must_equal 'Not Logged In'
-  end
-  it "should remove cookie if cookie is no longer valid" do
-    rodauth do
-      enable :login, :remember
-      skip_status_checks? false
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            view :content=>"Logged In via Remember"
-          else
-            view :content=>"Logged In Normally"
-          end
-        else
-          view :content=>"Not Logged In"
-        end
-      end
-    end
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_include 'Logged In Normally'
-    cookie = get_cookie('_remember')
-    remove_cookie('rack.session')
-    rk = DB[:account_remember_keys].first
-    DB[:account_remember_keys].update(:key=>rk[:key][0...-1])
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    get_cookie('_remember').must_equal ""
-    DB[:account_remember_keys].delete
-    set_cookie('_remember', cookie)
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    get_cookie('_remember').must_equal ""
-    DB[:account_remember_keys].insert(rk)
-    DB[:accounts].update(:status_id=>3)
-    set_cookie('_remember', cookie)
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    get_cookie('_remember').must_equal ""
-    DB[:account_remember_keys].must_be :empty?
-  end
-  it "should support clearing remembered flag" do
-    rodauth do
-      enable :login, :remember
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            view :content=>"Logged In via Remember"
-          else
-            view :content=>"Logged In Normally"
-          end
-        else
-          view :content=>"Not Logged In"
-        end
-      end
-    end
-    login
-    page.body.must_include 'Logged In Normally'
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_include 'Logged In Normally'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_include 'Not Logged In'
-    visit '/load'
-    page.body.must_include 'Logged In via Remember'
-    visit '/confirm-password'
-    fill_in 'Password', :with=>'012345678'
-    click_button 'Confirm Password'
-    page.find('#error_flash').text.must_equal "There was an error confirming your password"
-    page.html.must_include("invalid password")
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Confirm Password'
-    page.find('#notice_flash').text.must_equal "Your password has been confirmed"
-    page.body.must_include 'Logged In Normally'
-  end
-  it "should support extending remember token" do
-    rodauth do
-      enable :login, :remember
-      extend_remember_deadline? true
-      remember_period :days=>30
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root{rodauth.logged_in? ? "Logged In#{session[rodauth.remembered_session_key]}" : "Not Logged In"}
-    end
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    deadline = DB[:account_remember_keys].get(:deadline)
-    deadline = Time.parse(deadline) if deadline.is_a?(String)
-    deadline.must_be(:<, Time.now + 15*86400)
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_equal 'Not Logged In'
-    old_expiration = page.driver.browser.rack_mock_session.cookie_jar.instance_variable_get(:@cookies).first.expires
-    visit '/load'
-    page.body.must_equal 'Logged Intrue'
-    new_expiration = page.driver.browser.rack_mock_session.cookie_jar.instance_variable_get(:@cookies).first.expires
-    new_expiration.must_be :>=, old_expiration
-    deadline = DB[:account_remember_keys].get(:deadline)
-    deadline = Time.parse(deadline) if deadline.is_a?(String)
-    deadline.must_be(:>, Time.now + 29*86400)
-  end
-  it "should clear remember token when closing account" do
-    rodauth do
-      enable :login, :remember, :close_account
-    end
-    roda do |r|
-      r.rodauth
-      rodauth.load_memory
-      r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
-    end
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    DB[:account_remember_keys].count.must_equal 1
-    visit '/close-account'
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Close Account'
-    DB[:account_remember_keys].count.must_equal 0
-  end
-  it "should not use remember token if the account is not open" do
-    rodauth do
-      enable :login, :remember
-      skip_status_checks? false
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            "Logged In via Remember"
-          else
-            "Logged In Normally"
-          end
-        else
-          "Not Logged In"
-        end
-      end
-    end
-    login
-    page.body.must_equal 'Logged In Normally'
-    visit '/load'
-    page.body.must_equal 'Logged In Normally'
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_equal 'Logged In Normally'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_equal 'Not Logged In'
-    DB[:accounts].update(:status_id=>3)
-    visit '/load'
-    page.body.must_equal 'Not Logged In'
-  end
-  it "should handle uniqueness errors raised when inserting remember token" do
-    rodauth do
-      enable :login, :remember
-    end
-    roda do |r|
-      def rodauth.raised_uniqueness_violation(*) super; true; end
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            "Logged In via Remember"
-          else
-            "Logged In Normally"
-          end
-        else
-          "Not Logged In"
-        end
-      end
-    end
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_equal 'Logged In Normally'
-  end
-  it "should support login via remember token via jwt" do
-    rodauth do
-      enable :login, :remember
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-      r.post 'load' do
-        rodauth.load_memory
-        [4]
-      end
-      if rodauth.logged_in?
-        if rodauth.logged_in_via_remember_key?
-          [1]
-        else
-          [2]
-        end
-      else
-        [3]
-      end
-    end
-    json_request.must_equal [200, [3]]
-    json_login
-    json_request.must_equal [200, [2]]
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [2]]
-    res = json_request('/remember', :remember=>'remember')
-    res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
-    @authorization = nil
-    json_request.must_equal [200, [3]]
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [1]]
-    cookie = @cookie
-    res = json_request('/remember', :remember=>'forget')
-    res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
-    json_request.must_equal [200, [1]]
-    @cookie = nil
-    @authorization = nil
-    json_request.must_equal [200, [3]]
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [3]]
-    @cookie = cookie
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [1]]
-    res = json_request('/confirm-password', :password=>'123456')
-    res.must_equal [401, {'error'=>"There was an error confirming your password", "field-error"=>["password", "invalid password"]}]
-    res = json_request('/confirm-password', :password=>'0123456789')
-    res.must_equal [200, {'success'=>"Your password has been confirmed"}]
-    json_request.must_equal [200, [2]]
-    res = json_request('/remember', :remember=>'disable')
-    res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
-    @authorization = nil
-    @cookie = nil
-    json_request.must_equal [200, [3]]
-    @cookie = cookie
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [3]]
-  end
-end