RubyGems - rodauth - Versions diffs - 1.22.0 → 1.23.0 - Mend

rodauth 1.22.0 → 1.23.0

Files changed (66) hide show

checksums.yaml +4 -4
data/CHANGELOG +12 -0
data/README.rdoc +5 -3
data/doc/email_base.rdoc +1 -0
data/doc/release_notes/1.23.0.txt +32 -0
data/lib/rodauth.rb +5 -2
data/lib/rodauth/features/base.rb +8 -0
data/lib/rodauth/features/change_password_notify.rb +1 -1
data/lib/rodauth/features/create_account.rb +1 -1
data/lib/rodauth/features/email_auth.rb +3 -4
data/lib/rodauth/features/email_base.rb +7 -2
data/lib/rodauth/features/lockout.rb +1 -1
data/lib/rodauth/features/login.rb +6 -2
data/lib/rodauth/features/otp.rb +6 -3
data/lib/rodauth/features/password_expiration.rb +1 -1
data/lib/rodauth/features/recovery_codes.rb +3 -3
data/lib/rodauth/features/reset_password.rb +2 -2
data/lib/rodauth/features/sms_codes.rb +5 -5
data/lib/rodauth/features/verify_account.rb +2 -2
data/lib/rodauth/features/verify_login_change.rb +1 -1
data/lib/rodauth/version.rb +1 -1
data/templates/email-auth-request-form.str +2 -2
data/templates/reset-password-request.str +3 -3
data/templates/unlock-account-request.str +3 -3
data/templates/verify-account-resend.str +3 -3
metadata +5 -43
data/Rakefile +0 -179
data/spec/account_expiration_spec.rb +0 -225
data/spec/all.rb +0 -1
data/spec/change_login_spec.rb +0 -156
data/spec/change_password_notify_spec.rb +0 -33
data/spec/change_password_spec.rb +0 -202
data/spec/close_account_spec.rb +0 -162
data/spec/confirm_password_spec.rb +0 -70
data/spec/create_account_spec.rb +0 -127
data/spec/disallow_common_passwords_spec.rb +0 -93
data/spec/disallow_password_reuse_spec.rb +0 -179
data/spec/email_auth_spec.rb +0 -285
data/spec/http_basic_auth_spec.rb +0 -143
data/spec/jwt_cors_spec.rb +0 -57
data/spec/jwt_refresh_spec.rb +0 -256
data/spec/jwt_spec.rb +0 -235
data/spec/lockout_spec.rb +0 -250
data/spec/login_spec.rb +0 -328
data/spec/migrate/001_tables.rb +0 -184
data/spec/migrate/002_account_password_hash_column.rb +0 -11
data/spec/migrate_password/001_tables.rb +0 -73
data/spec/migrate_travis/001_tables.rb +0 -141
data/spec/password_complexity_spec.rb +0 -109
data/spec/password_expiration_spec.rb +0 -244
data/spec/password_grace_period_spec.rb +0 -93
data/spec/remember_spec.rb +0 -451
data/spec/reset_password_spec.rb +0 -229
data/spec/rodauth_spec.rb +0 -343
data/spec/session_expiration_spec.rb +0 -58
data/spec/single_session_spec.rb +0 -127
data/spec/spec_helper.rb +0 -327
data/spec/two_factor_spec.rb +0 -1462
data/spec/update_password_hash_spec.rb +0 -40
data/spec/verify_account_grace_period_spec.rb +0 -171
data/spec/verify_account_spec.rb +0 -240
data/spec/verify_change_login_spec.rb +0 -46
data/spec/verify_login_change_spec.rb +0 -232
data/spec/views/layout-other.str +0 -11
data/spec/views/layout.str +0 -11
data/spec/views/login.str +0 -21

data/spec/password_grace_period_spec.rb DELETED

@@ -1,93 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-describe 'Rodauth password grace period feature' do
-  it "should not ask for password again if password was recently entered" do
-    grace = 300
-    rodauth do
-      enable :login, :change_login, :password_grace_period
-      password_grace_period{grace}
-      require_login_confirmation? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    login
-    page.body.must_include "Logged In"
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo2@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-    grace = -1
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo3@example.com'
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-    grace = 300
-    visit '/change-login'
-    grace = -1
-    fill_in 'Login', :with=>'foo4@example.com'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.html.must_include("invalid password")
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-  end
-  it "should not ask for password again directly after creating an account" do
-    rodauth do
-      enable :create_account, :change_login, :password_grace_period
-      require_login_confirmation? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo2@example.com'
-    fill_in 'Password', :with=>'apple2'
-    fill_in 'Confirm Password', :with=>'apple2'
-    click_button 'Create Account'
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo3@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-  end
-  it "should not ask for password again directly after resetting a password" do
-    rodauth do
-      enable :login, :reset_password, :change_login, :password_grace_period
-      require_login_confirmation? false
-      reset_password_autologin? true
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    login(:pass=>'01234567')
-    click_button 'Request Password Reset'
-    link = email_link(/(\/reset-password\?key=.+)$/)
-    visit link
-    fill_in 'Password', :with=>'0123456'
-    fill_in 'Confirm Password', :with=>'0123456'
-    click_button 'Reset Password'
-    page.find('#notice_flash').text.must_equal "Your password has been reset"
-    page.current_path.must_equal '/'
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo2@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed"
-  end
-end

data/spec/remember_spec.rb DELETED

@@ -1,451 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-describe 'Rodauth remember feature' do
-  it "should support login via remember token" do
-    secret = nil
-    raw_before = Time.now - 100000000
-    rodauth do
-      enable :login, :remember
-      hmac_secret{secret}
-      raw_remember_token_deadline{raw_before}
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            view :content=>"Logged In via Remember"
-          else
-            view :content=>"Logged In Normally"
-          end
-        else
-          view :content=>"Not Logged In"
-        end
-      end
-    end
-    login
-    page.body.must_include 'Logged In Normally'
-    visit '/load'
-    page.body.must_include 'Logged In Normally'
-    visit '/remember'
-    click_button 'Change Remember Setting'
-    page.find('#error_flash').text.must_equal "There was an error updating your remember setting"
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.find('#notice_flash').text.must_equal "Your remember setting has been updated"
-    page.body.must_include 'Logged In Normally'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_include 'Not Logged In'
-    secret = SecureRandom.random_bytes(32)
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    secret = nil
-    raw_before = Time.now + 100000000
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    remove_cookie('rack.session')
-    secret = SecureRandom.random_bytes(32)
-    visit '/load'
-    page.body.must_include 'Logged In via Remember'
-    key = get_cookie('_remember')
-    visit '/remember'
-    choose 'Forget Me'
-    click_button 'Change Remember Setting'
-    page.body.must_include 'Logged In via Remember'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_include 'Not Logged In'
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    set_cookie('_remember', key)
-    visit '/load'
-    page.body.must_include 'Logged In via Remember'
-    visit '/remember'
-    choose 'Disable Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_include 'Logged In via Remember'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_include 'Not Logged In'
-    set_cookie('_remember', key)
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    secret = SecureRandom.random_bytes(32)
-    remove_cookie('rack.session')
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-  end
-  it "should forget remember token when explicitly logging out" do
-    rodauth do
-      enable :login, :logout, :remember
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
-    end
-    login
-    page.body.must_equal 'Logged In'
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_equal 'Logged In'
-    logout
-    visit '/'
-    page.body.must_equal 'Not Logged In'
-    visit '/load'
-    page.body.must_equal 'Not Logged In'
-  end
-  it "should remove cookie if cookie is no longer valid" do
-    rodauth do
-      enable :login, :remember
-      skip_status_checks? false
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            view :content=>"Logged In via Remember"
-          else
-            view :content=>"Logged In Normally"
-          end
-        else
-          view :content=>"Not Logged In"
-        end
-      end
-    end
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_include 'Logged In Normally'
-    cookie = get_cookie('_remember')
-    remove_cookie('rack.session')
-    rk = DB[:account_remember_keys].first
-    DB[:account_remember_keys].update(:key=>rk[:key][0...-1])
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    get_cookie('_remember').must_equal ""
-    DB[:account_remember_keys].delete
-    set_cookie('_remember', cookie)
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    get_cookie('_remember').must_equal ""
-    DB[:account_remember_keys].insert(rk)
-    DB[:accounts].update(:status_id=>3)
-    set_cookie('_remember', cookie)
-    visit '/load'
-    page.body.must_include 'Not Logged In'
-    get_cookie('_remember').must_equal ""
-    DB[:account_remember_keys].must_be :empty?
-  end
-  it "should support clearing remembered flag" do
-    rodauth do
-      enable :login, :remember
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            view :content=>"Logged In via Remember"
-          else
-            view :content=>"Logged In Normally"
-          end
-        else
-          view :content=>"Not Logged In"
-        end
-      end
-    end
-    login
-    page.body.must_include 'Logged In Normally'
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_include 'Logged In Normally'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_include 'Not Logged In'
-    visit '/load'
-    page.body.must_include 'Logged In via Remember'
-    visit '/confirm-password'
-    fill_in 'Password', :with=>'012345678'
-    click_button 'Confirm Password'
-    page.find('#error_flash').text.must_equal "There was an error confirming your password"
-    page.html.must_include("invalid password")
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Confirm Password'
-    page.find('#notice_flash').text.must_equal "Your password has been confirmed"
-    page.body.must_include 'Logged In Normally'
-  end
-  it "should support extending remember token" do
-    rodauth do
-      enable :login, :remember
-      extend_remember_deadline? true
-      remember_period :days=>30
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root{rodauth.logged_in? ? "Logged In#{session[rodauth.remembered_session_key]}" : "Not Logged In"}
-    end
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    deadline = DB[:account_remember_keys].get(:deadline)
-    deadline = Time.parse(deadline) if deadline.is_a?(String)
-    deadline.must_be(:<, Time.now + 15*86400)
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_equal 'Not Logged In'
-    old_expiration = page.driver.browser.rack_mock_session.cookie_jar.instance_variable_get(:@cookies).first.expires
-    visit '/load'
-    page.body.must_equal 'Logged Intrue'
-    new_expiration = page.driver.browser.rack_mock_session.cookie_jar.instance_variable_get(:@cookies).first.expires
-    new_expiration.must_be :>=, old_expiration
-    deadline = DB[:account_remember_keys].get(:deadline)
-    deadline = Time.parse(deadline) if deadline.is_a?(String)
-    deadline.must_be(:>, Time.now + 29*86400)
-  end
-  it "should clear remember token when closing account" do
-    rodauth do
-      enable :login, :remember, :close_account
-    end
-    roda do |r|
-      r.rodauth
-      rodauth.load_memory
-      r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
-    end
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    DB[:account_remember_keys].count.must_equal 1
-    visit '/close-account'
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Close Account'
-    DB[:account_remember_keys].count.must_equal 0
-  end
-  it "should not use remember token if the account is not open" do
-    rodauth do
-      enable :login, :remember
-      skip_status_checks? false
-    end
-    roda do |r|
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            "Logged In via Remember"
-          else
-            "Logged In Normally"
-          end
-        else
-          "Not Logged In"
-        end
-      end
-    end
-    login
-    page.body.must_equal 'Logged In Normally'
-    visit '/load'
-    page.body.must_equal 'Logged In Normally'
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_equal 'Logged In Normally'
-    remove_cookie('rack.session')
-    visit '/'
-    page.body.must_equal 'Not Logged In'
-    DB[:accounts].update(:status_id=>3)
-    visit '/load'
-    page.body.must_equal 'Not Logged In'
-  end
-  it "should handle uniqueness errors raised when inserting remember token" do
-    rodauth do
-      enable :login, :remember
-    end
-    roda do |r|
-      def rodauth.raised_uniqueness_violation(*) super; true; end
-      r.rodauth
-      r.get 'load' do
-        rodauth.load_memory
-        r.redirect '/'
-      end
-      r.root do
-        if rodauth.logged_in?
-          if rodauth.logged_in_via_remember_key?
-            "Logged In via Remember"
-          else
-            "Logged In Normally"
-          end
-        else
-          "Not Logged In"
-        end
-      end
-    end
-    login
-    visit '/remember'
-    choose 'Remember Me'
-    click_button 'Change Remember Setting'
-    page.body.must_equal 'Logged In Normally'
-  end
-  it "should support login via remember token via jwt" do
-    rodauth do
-      enable :login, :remember
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-      r.post 'load' do
-        rodauth.load_memory
-        [4]
-      end
-      if rodauth.logged_in?
-        if rodauth.logged_in_via_remember_key?
-          [1]
-        else
-          [2]
-        end
-      else
-        [3]
-      end
-    end
-    json_request.must_equal [200, [3]]
-    json_login
-    json_request.must_equal [200, [2]]
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [2]]
-    res = json_request('/remember', :remember=>'remember')
-    res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
-    @authorization = nil
-    json_request.must_equal [200, [3]]
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [1]]
-    cookie = @cookie
-    res = json_request('/remember', :remember=>'forget')
-    res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
-    json_request.must_equal [200, [1]]
-    @cookie = nil
-    @authorization = nil
-    json_request.must_equal [200, [3]]
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [3]]
-    @cookie = cookie
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [1]]
-    res = json_request('/confirm-password', :password=>'123456')
-    res.must_equal [401, {'error'=>"There was an error confirming your password", "field-error"=>["password", "invalid password"]}]
-    res = json_request('/confirm-password', :password=>'0123456789')
-    res.must_equal [200, {'success'=>"Your password has been confirmed"}]
-    json_request.must_equal [200, [2]]
-    res = json_request('/remember', :remember=>'disable')
-    res.must_equal [200, {'success'=>"Your remember setting has been updated"}]
-    @authorization = nil
-    @cookie = nil
-    json_request.must_equal [200, [3]]
-    @cookie = cookie
-    json_request('/load').must_equal [200, [4]]
-    json_request.must_equal [200, [3]]
-  end
-end