RubyGems - rodauth - Versions diffs - 1.22.0 → 2.3.0 - Mend

rodauth 1.22.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (198) hide show

checksums.yaml +4 -4
data/CHANGELOG +190 -0
data/MIT-LICENSE +1 -1
data/README.rdoc +210 -80
data/doc/account_expiration.rdoc +12 -26
data/doc/active_sessions.rdoc +49 -0
data/doc/audit_logging.rdoc +44 -0
data/doc/base.rdoc +75 -128
data/doc/change_login.rdoc +7 -14
data/doc/change_password.rdoc +9 -13
data/doc/change_password_notify.rdoc +2 -2
data/doc/close_account.rdoc +9 -16
data/doc/confirm_password.rdoc +12 -5
data/doc/create_account.rdoc +11 -22
data/doc/disallow_password_reuse.rdoc +6 -13
data/doc/email_auth.rdoc +15 -14
data/doc/email_base.rdoc +6 -15
data/doc/guides/admin_activation.rdoc +46 -0
data/doc/guides/already_authenticated.rdoc +10 -0
data/doc/guides/alternative_login.rdoc +46 -0
data/doc/guides/create_account_programmatically.rdoc +38 -0
data/doc/guides/delay_password.rdoc +25 -0
data/doc/guides/email_only.rdoc +16 -0
data/doc/guides/i18n.rdoc +26 -0
data/doc/{internals.rdoc → guides/internals.rdoc} +0 -0
data/doc/guides/links.rdoc +12 -0
data/doc/guides/login_return.rdoc +37 -0
data/doc/guides/password_column.rdoc +25 -0
data/doc/guides/password_confirmation.rdoc +37 -0
data/doc/guides/password_requirements.rdoc +30 -0
data/doc/guides/paths.rdoc +36 -0
data/doc/guides/query_params.rdoc +9 -0
data/doc/guides/redirects.rdoc +17 -0
data/doc/guides/registration_field.rdoc +68 -0
data/doc/guides/require_mfa.rdoc +30 -0
data/doc/guides/reset_password_autologin.rdoc +21 -0
data/doc/guides/status_column.rdoc +28 -0
data/doc/guides/totp_or_recovery.rdoc +16 -0
data/doc/http_basic_auth.rdoc +10 -1
data/doc/jwt.rdoc +22 -22
data/doc/jwt_cors.rdoc +2 -3
data/doc/jwt_refresh.rdoc +23 -8
data/doc/lockout.rdoc +17 -15
data/doc/login.rdoc +17 -2
data/doc/login_password_requirements_base.rdoc +18 -37
data/doc/logout.rdoc +2 -2
data/doc/otp.rdoc +25 -19
data/doc/password_complexity.rdoc +10 -26
data/doc/password_expiration.rdoc +11 -25
data/doc/password_grace_period.rdoc +16 -2
data/doc/recovery_codes.rdoc +18 -12
data/doc/release_notes/1.23.0.txt +32 -0
data/doc/release_notes/2.0.0.txt +361 -0
data/doc/release_notes/2.1.0.txt +31 -0
data/doc/release_notes/2.2.0.txt +39 -0
data/doc/release_notes/2.3.0.txt +37 -0
data/doc/remember.rdoc +40 -64
data/doc/reset_password.rdoc +12 -9
data/doc/session_expiration.rdoc +1 -0
data/doc/single_session.rdoc +16 -25
data/doc/sms_codes.rdoc +24 -14
data/doc/two_factor_base.rdoc +60 -22
data/doc/verify_account.rdoc +14 -12
data/doc/verify_account_grace_period.rdoc +6 -2
data/doc/verify_login_change.rdoc +9 -8
data/doc/webauthn.rdoc +115 -0
data/doc/webauthn_login.rdoc +15 -0
data/doc/webauthn_verify_account.rdoc +9 -0
data/javascript/webauthn_auth.js +45 -0
data/javascript/webauthn_setup.js +35 -0
data/lib/roda/plugins/rodauth.rb +1 -1
data/lib/rodauth.rb +36 -28
data/lib/rodauth/features/account_expiration.rb +5 -5
data/lib/rodauth/features/active_sessions.rb +158 -0
data/lib/rodauth/features/audit_logging.rb +98 -0
data/lib/rodauth/features/base.rb +144 -43
data/lib/rodauth/features/change_password_notify.rb +2 -2
data/lib/rodauth/features/close_account.rb +8 -6
data/lib/rodauth/features/confirm_password.rb +40 -2
data/lib/rodauth/features/create_account.rb +8 -13
data/lib/rodauth/features/disallow_common_passwords.rb +1 -1
data/lib/rodauth/features/disallow_password_reuse.rb +1 -1
data/lib/rodauth/features/email_auth.rb +31 -30
data/lib/rodauth/features/email_base.rb +9 -4
data/lib/rodauth/features/http_basic_auth.rb +55 -35
data/lib/rodauth/features/jwt.rb +63 -16
data/lib/rodauth/features/jwt_cors.rb +15 -15
data/lib/rodauth/features/jwt_refresh.rb +42 -13
data/lib/rodauth/features/lockout.rb +12 -14
data/lib/rodauth/features/login.rb +64 -15
data/lib/rodauth/features/login_password_requirements_base.rb +13 -8
data/lib/rodauth/features/otp.rb +77 -80
data/lib/rodauth/features/password_complexity.rb +8 -13
data/lib/rodauth/features/password_expiration.rb +2 -2
data/lib/rodauth/features/password_grace_period.rb +17 -10
data/lib/rodauth/features/recovery_codes.rb +49 -53
data/lib/rodauth/features/remember.rb +11 -27
data/lib/rodauth/features/reset_password.rb +26 -26
data/lib/rodauth/features/session_expiration.rb +7 -10
data/lib/rodauth/features/single_session.rb +8 -6
data/lib/rodauth/features/sms_codes.rb +62 -72
data/lib/rodauth/features/two_factor_base.rb +134 -30
data/lib/rodauth/features/verify_account.rb +29 -21
data/lib/rodauth/features/verify_account_grace_period.rb +18 -9
data/lib/rodauth/features/verify_login_change.rb +12 -11
data/lib/rodauth/features/webauthn.rb +505 -0
data/lib/rodauth/features/webauthn_login.rb +70 -0
data/lib/rodauth/features/webauthn_verify_account.rb +46 -0
data/lib/rodauth/migrations.rb +16 -5
data/lib/rodauth/version.rb +2 -2
data/templates/button.str +1 -3
data/templates/change-login.str +1 -2
data/templates/change-password.str +3 -5
data/templates/close-account.str +2 -2
data/templates/confirm-password.str +1 -1
data/templates/create-account.str +1 -1
data/templates/email-auth-request-form.str +2 -3
data/templates/email-auth.str +1 -1
data/templates/global-logout-field.str +6 -0
data/templates/login-confirm-field.str +2 -4
data/templates/login-display.str +3 -2
data/templates/login-field.str +2 -4
data/templates/login-form-footer.str +6 -0
data/templates/login-form.str +7 -0
data/templates/login.str +1 -9
data/templates/logout.str +1 -1
data/templates/multi-phase-login.str +3 -0
data/templates/otp-auth-code-field.str +5 -3
data/templates/otp-auth.str +1 -1
data/templates/otp-disable.str +1 -1
data/templates/otp-setup.str +3 -3
data/templates/password-confirm-field.str +2 -4
data/templates/password-field.str +2 -4
data/templates/recovery-auth.str +3 -6
data/templates/recovery-codes.str +1 -1
data/templates/remember.str +15 -20
data/templates/reset-password-request.str +3 -3
data/templates/reset-password.str +1 -2
data/templates/sms-auth.str +1 -1
data/templates/sms-code-field.str +5 -3
data/templates/sms-confirm.str +1 -2
data/templates/sms-disable.str +1 -2
data/templates/sms-request.str +1 -1
data/templates/sms-setup.str +6 -4
data/templates/two-factor-auth.str +5 -0
data/templates/two-factor-disable.str +6 -0
data/templates/two-factor-manage.str +16 -0
data/templates/unlock-account-request.str +4 -4
data/templates/unlock-account.str +1 -1
data/templates/verify-account-resend.str +3 -3
data/templates/verify-account.str +1 -2
data/templates/verify-login-change.str +1 -1
data/templates/webauthn-auth.str +11 -0
data/templates/webauthn-remove.str +14 -0
data/templates/webauthn-setup.str +12 -0
metadata +94 -54
data/Rakefile +0 -179
data/doc/verify_change_login.rdoc +0 -11
data/lib/rodauth/features/verify_change_login.rb +0 -20
data/spec/account_expiration_spec.rb +0 -225
data/spec/all.rb +0 -1
data/spec/change_login_spec.rb +0 -156
data/spec/change_password_notify_spec.rb +0 -33
data/spec/change_password_spec.rb +0 -202
data/spec/close_account_spec.rb +0 -162
data/spec/confirm_password_spec.rb +0 -70
data/spec/create_account_spec.rb +0 -127
data/spec/disallow_common_passwords_spec.rb +0 -93
data/spec/disallow_password_reuse_spec.rb +0 -179
data/spec/email_auth_spec.rb +0 -285
data/spec/http_basic_auth_spec.rb +0 -143
data/spec/jwt_cors_spec.rb +0 -57
data/spec/jwt_refresh_spec.rb +0 -256
data/spec/jwt_spec.rb +0 -235
data/spec/lockout_spec.rb +0 -250
data/spec/login_spec.rb +0 -328
data/spec/migrate/001_tables.rb +0 -184
data/spec/migrate/002_account_password_hash_column.rb +0 -11
data/spec/migrate_password/001_tables.rb +0 -73
data/spec/migrate_travis/001_tables.rb +0 -141
data/spec/password_complexity_spec.rb +0 -109
data/spec/password_expiration_spec.rb +0 -244
data/spec/password_grace_period_spec.rb +0 -93
data/spec/remember_spec.rb +0 -451
data/spec/reset_password_spec.rb +0 -229
data/spec/rodauth_spec.rb +0 -343
data/spec/session_expiration_spec.rb +0 -58
data/spec/single_session_spec.rb +0 -127
data/spec/spec_helper.rb +0 -327
data/spec/two_factor_spec.rb +0 -1462
data/spec/update_password_hash_spec.rb +0 -40
data/spec/verify_account_grace_period_spec.rb +0 -171
data/spec/verify_account_spec.rb +0 -240
data/spec/verify_change_login_spec.rb +0 -46
data/spec/verify_login_change_spec.rb +0 -232
data/spec/views/layout-other.str +0 -11
data/spec/views/layout.str +0 -11
data/spec/views/login.str +0 -21

data/spec/verify_change_login_spec.rb DELETED

@@ -1,46 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-describe 'Rodauth verify_change_login feature' do
-  it "should support reverifying accounts after changing logins" do
-    rodauth do
-      enable :login, :verify_change_login
-      change_login_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In#{rodauth.verified_account?}" : "Not Logged"}
-    end
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    link = email_link(/(\/verify-account\?key=.+)$/, 'foo@example2.com')
-    visit '/change-login'
-    page.find('#error_flash').text.must_equal "Cannot change login for unverified account. Please verify this account before changing the login."
-    page.current_path.must_equal '/'
-    visit link
-    click_button 'Verify Account'
-    page.find('#notice_flash').text.must_equal "Your account has been verified"
-    page.body.must_include('Logged Intrue')
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo3@example.com'
-    fill_in 'Confirm Login', :with=>'foo3@example.com'
-    click_button 'Change Login'
-    page.find('#notice_flash').text.must_equal "Your login has been changed. An email has been sent to you with a link to verify your account"
-    page.current_path.must_equal '/'
-    page.body.must_include('Logged Infalse')
-    link2 = email_link(/(\/verify-account\?key=.+)$/, 'foo3@example.com')
-    link2.wont_equal link
-    visit link2
-    click_button 'Verify Account'
-    page.find('#notice_flash').text.must_equal "Your account has been verified"
-    page.body.must_include('Logged Intrue')
-  end
-end

data/spec/verify_login_change_spec.rb DELETED

@@ -1,232 +0,0 @@
-require File.expand_path("spec_helper", File.dirname(__FILE__))
-describe 'Rodauth verify_login_change feature' do
-  it "should support verifying login changes" do
-    rodauth do
-      enable :login, :logout, :verify_login_change
-      change_login_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    login
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    click_button 'Change Login'
-    link = email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example2.com')
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your login change"
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    click_button 'Change Login'
-    email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example2.com').must_equal link
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example3.com'
-    fill_in 'Confirm Login', :with=>'foo@example3.com'
-    click_button 'Change Login'
-    new_link = email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example3.com')
-    new_link.wont_equal link
-    logout
-    visit link
-    page.find('#error_flash').text.must_equal "There was an error verifying your login change: invalid verify login change key"
-    visit new_link
-    page.title.must_equal 'Verify Login Change'
-    click_button 'Verify Login Change'
-    page.find('#notice_flash').text.must_equal "Your login change has been verified"
-    page.body.must_include('Not Logged')
-    login
-    page.find('#error_flash').text.must_equal "There was an error logging in"
-    login(:login=>'foo@example3.com')
-    page.body.must_include('Logged In')
-  end
-  it "should support verifying login changes with autologin" do
-    rodauth do
-      enable :login, :logout, :verify_login_change
-      verify_login_change_autologin? true
-      change_login_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    login
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    click_button 'Change Login'
-    link = email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example2.com')
-    logout
-    visit link
-    click_button 'Verify Login Change'
-    page.find('#notice_flash').text.must_equal "Your login change has been verified"
-    page.body.must_include('Logged In')
-  end
-  it "should check for duplicate accounts before sending verify email and before updating login" do
-    rodauth do
-      enable :login, :logout, :verify_login_change, :create_account
-      change_login_requires_password? false
-      create_account_autologin? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    visit '/create-account'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    fill_in 'Password', :with=>'0123456789'
-    fill_in 'Confirm Password', :with=>'0123456789'
-    click_button 'Create Account'
-    login
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example.com'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.body.must_include "logins do not match"
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    click_button 'Change Login'
-    page.find('#error_flash').text.must_equal "There was an error changing your login"
-    page.body.must_include "invalid login, already an account with this login"
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example3.com'
-    fill_in 'Confirm Login', :with=>'foo@example3.com'
-    click_button 'Change Login'
-    link = email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example3.com')
-    logout
-    DB[:accounts].where(:email=>'foo@example2.com').update(:email=>'foo@example3.com')
-    visit link
-    click_button 'Verify Login Change'
-    page.find('#error_flash').text.must_equal "Unable to change login as there is already an account with the new login"
-    page.current_path.must_equal '/login'
-    visit link
-    page.find('#error_flash').text.must_equal "There was an error verifying your login change: invalid verify login change key"
-  end
-  it "should handle uniqueness errors raised when inserting verify login change entry" do
-    unique = false
-    rodauth do
-      enable :login, :logout, :verify_login_change
-      change_login_requires_password? false
-      auth_class_eval do
-        define_method(:raised_uniqueness_violation) do |*a, &block|
-          unique.call if unique
-          super(*a, &block)
-        end
-      end
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    login
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    click_button 'Change Login'
-    email_link(/(\/verify-login-change\?key=.+)$/, 'foo@example2.com')
-    page.find('#notice_flash').text.must_equal "An email has been sent to you with a link to verify your login change"
-    unique = lambda{DB[:account_login_change_keys].update(:login=>'foo@example3.com'); true}
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    proc{click_button 'Change Login'}.must_raise Sequel::ConstraintViolation
-  end
-  it "should clear verify login change token when closing account" do
-    rodauth do
-      enable :login, :verify_login_change, :close_account
-      change_login_requires_password? false
-    end
-    roda do |r|
-      r.rodauth
-      r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
-    end
-    login
-    visit '/change-login'
-    fill_in 'Login', :with=>'foo@example2.com'
-    fill_in 'Confirm Login', :with=>'foo@example2.com'
-    click_button 'Change Login'
-    email_link(/key=.+$/, 'foo@example2.com').wont_be_nil
-    DB[:account_login_change_keys].count.must_equal 1
-    visit '/close-account'
-    fill_in 'Password', :with=>'0123456789'
-    click_button 'Close Account'
-    DB[:account_login_change_keys].count.must_equal 0
-  end
-  it "should support verifying login changes for accounts via jwt" do
-    rodauth do
-      enable :login, :verify_login_change
-      change_login_requires_password? false
-      verify_login_change_email_body{verify_login_change_email_link}
-    end
-    roda(:jwt) do |r|
-      r.rodauth
-    end
-    json_login
-    res = json_request('/change-login', :login=>'foo2@example.com', "login-confirm"=>'foo2@example.com')
-    res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your login change"}]
-    link = email_link(/key=.+$/, 'foo2@example.com')
-    res = json_request('/change-login', :login=>'foo2@example.com', "login-confirm"=>'foo2@example.com')
-    res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your login change"}]
-    email_link(/key=.+$/, 'foo2@example.com').must_equal link
-    res = json_request('/change-login', :login=>'foo3@example.com', "login-confirm"=>'foo3@example.com')
-    res.must_equal [200, {'success'=>"An email has been sent to you with a link to verify your login change"}]
-    new_link = email_link(/key=.+$/, 'foo3@example.com')
-    new_link.wont_equal link
-    res = json_request('/verify-login-change')
-    res.must_equal [401, {"error"=>"Unable to verify login change"}]
-    res = json_request('/verify-login-change', :key=>link[4..-1])
-    res.must_equal [401, {"error"=>"Unable to verify login change"}]
-    res = json_request('/verify-login-change', :key=>new_link[4..-1])
-    res.must_equal [200, {"success"=>"Your login change has been verified"}]
-    res = json_request("/login", :login=>'foo@example.com', :password=>'0123456789')
-    res.must_equal [401, {'error'=>"There was an error logging in", "field-error"=>["login", "no matching login"]}]
-    json_login(:login=>'foo3@example.com')
-  end
-end

data/spec/views/layout-other.str DELETED

@@ -1,11 +0,0 @@
-<!doctype html>
-<html>
-<head>
-<title>Foo #{@title}</title>
-</head>
-<body>
-#{"<div id='error_flash'>#{flash['error2']}</div>" if flash['error2']}
-#{"<div id='notice_flash'>#{flash['notice2']}</div>" if flash['notice2']}
-#{yield}
-</body>
-</html>

data/spec/views/layout.str DELETED

@@ -1,11 +0,0 @@
-<!doctype html>
-<html>
-<head>
-<title>#{@title}</title>
-</head>
-<body>
-#{"<div id='error_flash'>#{opts[:sessions_convert_symbols] ? flash['error'] : flash[:error]}</div>" if opts[:sessions_convert_symbols] ? flash['error'] : flash[:error]}
-#{"<div id='notice_flash'>#{opts[:sessions_convert_symbols] ? flash['notice'] : flash[:notice]}</div>" if opts[:sessions_convert_symbols] ? flash['notice'] : flash[:notice]}
-#{yield}
-</body>
-</html>

data/spec/views/login.str DELETED

@@ -1,21 +0,0 @@
-<form method="post" class="form-horizontal" role="form" id="login-form">
-  #{csrf_tag if respond_to?(:csrf_tag)}
-  <input type="hidden" name="lp" value="#{rodauth.param('lp')}"/>
-  <div class="form-group">
-    <label class="col-sm-2 control-label" for="login">Login</label>
-    <div class="col-sm-10">
-      <input type="text" class="form-control#{' error' if rodauth.field_error(rodauth.login_param)}" name="l" id="login"/> #{rodauth.field_error(rodauth.login_param)}
-    </div>
-  </div>
-  <div class="form-group">
-    <label class="col-sm-2 control-label" for="password">Password</label>
-    <div class="col-sm-10">
-      <input type="password" class="form-control#{' error' if rodauth.field_error(rodauth.password_param)}" name="p" id="password"/> #{rodauth.field_error(rodauth.password_param)}
-    </div>
-  </div>
-  <div class="form-group">
-    <div class="col-sm-offset-2 col-sm-10">
-      <input type="submit" class="btn btn-default" value="Login"/>
-    </div>
-  </div>
-</form>