rodauth 1.23.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +132 -0
- data/MIT-LICENSE +1 -1
- data/README.rdoc +207 -79
- data/doc/account_expiration.rdoc +12 -26
- data/doc/active_sessions.rdoc +49 -0
- data/doc/audit_logging.rdoc +44 -0
- data/doc/base.rdoc +74 -128
- data/doc/change_login.rdoc +7 -14
- data/doc/change_password.rdoc +9 -13
- data/doc/change_password_notify.rdoc +2 -2
- data/doc/close_account.rdoc +9 -16
- data/doc/confirm_password.rdoc +12 -5
- data/doc/create_account.rdoc +11 -22
- data/doc/disallow_password_reuse.rdoc +6 -13
- data/doc/email_auth.rdoc +15 -14
- data/doc/email_base.rdoc +5 -15
- data/doc/http_basic_auth.rdoc +10 -1
- data/doc/jwt.rdoc +22 -22
- data/doc/jwt_cors.rdoc +2 -3
- data/doc/jwt_refresh.rdoc +12 -8
- data/doc/lockout.rdoc +17 -15
- data/doc/login.rdoc +10 -2
- data/doc/login_password_requirements_base.rdoc +15 -37
- data/doc/logout.rdoc +2 -2
- data/doc/otp.rdoc +24 -19
- data/doc/password_complexity.rdoc +10 -26
- data/doc/password_expiration.rdoc +11 -25
- data/doc/password_grace_period.rdoc +16 -2
- data/doc/recovery_codes.rdoc +18 -12
- data/doc/release_notes/2.0.0.txt +361 -0
- data/doc/remember.rdoc +40 -64
- data/doc/reset_password.rdoc +12 -9
- data/doc/session_expiration.rdoc +1 -0
- data/doc/single_session.rdoc +16 -25
- data/doc/sms_codes.rdoc +24 -14
- data/doc/two_factor_base.rdoc +60 -22
- data/doc/verify_account.rdoc +14 -12
- data/doc/verify_account_grace_period.rdoc +6 -2
- data/doc/verify_login_change.rdoc +9 -8
- data/doc/webauthn.rdoc +115 -0
- data/doc/webauthn_login.rdoc +15 -0
- data/doc/webauthn_verify_account.rdoc +9 -0
- data/javascript/webauthn_auth.js +45 -0
- data/javascript/webauthn_setup.js +35 -0
- data/lib/roda/plugins/rodauth.rb +1 -1
- data/lib/rodauth.rb +29 -24
- data/lib/rodauth/features/account_expiration.rb +5 -5
- data/lib/rodauth/features/active_sessions.rb +160 -0
- data/lib/rodauth/features/audit_logging.rb +96 -0
- data/lib/rodauth/features/base.rb +131 -47
- data/lib/rodauth/features/change_password_notify.rb +1 -1
- data/lib/rodauth/features/confirm_password.rb +40 -2
- data/lib/rodauth/features/create_account.rb +7 -13
- data/lib/rodauth/features/disallow_common_passwords.rb +1 -1
- data/lib/rodauth/features/disallow_password_reuse.rb +1 -1
- data/lib/rodauth/features/email_auth.rb +29 -27
- data/lib/rodauth/features/email_base.rb +3 -3
- data/lib/rodauth/features/http_basic_auth.rb +44 -37
- data/lib/rodauth/features/jwt.rb +51 -8
- data/lib/rodauth/features/jwt_refresh.rb +3 -3
- data/lib/rodauth/features/lockout.rb +11 -13
- data/lib/rodauth/features/login.rb +48 -8
- data/lib/rodauth/features/login_password_requirements_base.rb +4 -4
- data/lib/rodauth/features/otp.rb +71 -81
- data/lib/rodauth/features/password_complexity.rb +4 -11
- data/lib/rodauth/features/password_expiration.rb +1 -1
- data/lib/rodauth/features/password_grace_period.rb +17 -10
- data/lib/rodauth/features/recovery_codes.rb +47 -51
- data/lib/rodauth/features/remember.rb +11 -27
- data/lib/rodauth/features/reset_password.rb +25 -25
- data/lib/rodauth/features/session_expiration.rb +6 -4
- data/lib/rodauth/features/single_session.rb +7 -5
- data/lib/rodauth/features/sms_codes.rb +58 -67
- data/lib/rodauth/features/two_factor_base.rb +132 -28
- data/lib/rodauth/features/verify_account.rb +23 -20
- data/lib/rodauth/features/verify_account_grace_period.rb +19 -8
- data/lib/rodauth/features/verify_login_change.rb +11 -10
- data/lib/rodauth/features/webauthn.rb +507 -0
- data/lib/rodauth/features/webauthn_login.rb +70 -0
- data/lib/rodauth/features/webauthn_verify_account.rb +46 -0
- data/lib/rodauth/version.rb +2 -2
- data/templates/button.str +1 -3
- data/templates/change-login.str +1 -2
- data/templates/change-password.str +3 -5
- data/templates/close-account.str +2 -2
- data/templates/confirm-password.str +1 -1
- data/templates/create-account.str +1 -1
- data/templates/email-auth-request-form.str +1 -2
- data/templates/email-auth.str +1 -1
- data/templates/global-logout-field.str +6 -0
- data/templates/login-confirm-field.str +2 -4
- data/templates/login-display.str +3 -2
- data/templates/login-field.str +2 -4
- data/templates/login-form-footer.str +6 -0
- data/templates/login-form.str +7 -0
- data/templates/login.str +1 -9
- data/templates/logout.str +1 -1
- data/templates/multi-phase-login.str +3 -0
- data/templates/otp-auth-code-field.str +5 -3
- data/templates/otp-auth.str +1 -1
- data/templates/otp-disable.str +1 -1
- data/templates/otp-setup.str +3 -3
- data/templates/password-confirm-field.str +2 -4
- data/templates/password-field.str +2 -4
- data/templates/recovery-auth.str +3 -6
- data/templates/recovery-codes.str +1 -1
- data/templates/remember.str +15 -20
- data/templates/reset-password-request.str +2 -2
- data/templates/reset-password.str +1 -2
- data/templates/sms-auth.str +1 -1
- data/templates/sms-code-field.str +5 -3
- data/templates/sms-confirm.str +1 -2
- data/templates/sms-disable.str +1 -2
- data/templates/sms-request.str +1 -1
- data/templates/sms-setup.str +6 -4
- data/templates/two-factor-auth.str +5 -0
- data/templates/two-factor-disable.str +6 -0
- data/templates/two-factor-manage.str +16 -0
- data/templates/unlock-account-request.str +2 -2
- data/templates/unlock-account.str +1 -1
- data/templates/verify-account-resend.str +1 -1
- data/templates/verify-account.str +1 -2
- data/templates/verify-login-change.str +1 -1
- data/templates/webauthn-auth.str +11 -0
- data/templates/webauthn-remove.str +14 -0
- data/templates/webauthn-setup.str +12 -0
- metadata +64 -11
- data/doc/verify_change_login.rdoc +0 -11
- data/lib/rodauth/features/verify_change_login.rb +0 -20
|
@@ -11,13 +11,10 @@ module Rodauth
|
|
|
11
11
|
auth_value_method :password_max_length_for_groups_check, 11
|
|
12
12
|
auth_value_method :password_max_repeating_characters, 3
|
|
13
13
|
auth_value_method :password_invalid_pattern, Regexp.union([/qwerty/i, /azerty/i, /asdf/i, /zxcv/i] + (1..8).map{|i| /#{i}#{i+1}#{(i+2)%10}/})
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
auth_value_methods(
|
|
19
|
-
:password_too_many_repeating_characters_message
|
|
20
|
-
)
|
|
14
|
+
translatable_method :password_not_enough_character_groups_message, "does not include uppercase letters, lowercase letters, and numbers"
|
|
15
|
+
translatable_method :password_invalid_pattern_message, "includes common character sequence"
|
|
16
|
+
translatable_method :password_in_dictionary_message, "is a word in a dictionary"
|
|
17
|
+
translatable_method :password_too_many_repeating_characters_message, "contains too many of the same character in a row"
|
|
21
18
|
|
|
22
19
|
def password_meets_requirements?(password)
|
|
23
20
|
super && \
|
|
@@ -73,10 +70,6 @@ module Rodauth
|
|
|
73
70
|
false
|
|
74
71
|
end
|
|
75
72
|
|
|
76
|
-
def password_too_many_repeating_characters_message
|
|
77
|
-
"contains #{password_max_repeating_characters} or more of the same character in a row"
|
|
78
|
-
end
|
|
79
|
-
|
|
80
73
|
def password_not_in_dictionary?(password)
|
|
81
74
|
return true unless dict = password_dictionary
|
|
82
75
|
return true unless password =~ /\A(?:\d*)([A-Za-z!@$+|][A-Za-z!@$+|0134578]+[A-Za-z!@$+|])(?:\d*)\z/
|
|
@@ -5,6 +5,8 @@ module Rodauth
|
|
|
5
5
|
auth_value_method :password_grace_period, 300
|
|
6
6
|
session_key :last_password_entry_session_key, :last_password_entry
|
|
7
7
|
|
|
8
|
+
auth_methods :password_recently_entered?
|
|
9
|
+
|
|
8
10
|
def modifications_require_password?
|
|
9
11
|
return false unless super
|
|
10
12
|
!password_recently_entered?
|
|
@@ -17,6 +19,16 @@ module Rodauth
|
|
|
17
19
|
v
|
|
18
20
|
end
|
|
19
21
|
|
|
22
|
+
def password_recently_entered?
|
|
23
|
+
return false unless last_password_entry = session[last_password_entry_session_key]
|
|
24
|
+
last_password_entry + password_grace_period > Time.now.to_i
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def update_session
|
|
28
|
+
super
|
|
29
|
+
set_session_value(last_password_entry_session_key, @last_password_entry) if defined?(@last_password_entry)
|
|
30
|
+
end
|
|
31
|
+
|
|
20
32
|
private
|
|
21
33
|
|
|
22
34
|
def after_create_account
|
|
@@ -29,18 +41,13 @@ module Rodauth
|
|
|
29
41
|
@last_password_entry = Time.now.to_i
|
|
30
42
|
end
|
|
31
43
|
|
|
32
|
-
def
|
|
33
|
-
|
|
34
|
-
session[last_password_entry_session_key] = @last_password_entry if defined?(@last_password_entry)
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def password_recently_entered?
|
|
38
|
-
return false unless last_password_entry = session[last_password_entry_session_key]
|
|
39
|
-
last_password_entry + password_grace_period > Time.now.to_i
|
|
44
|
+
def set_last_password_entry
|
|
45
|
+
set_session_value(last_password_entry_session_key, Time.now.to_i)
|
|
40
46
|
end
|
|
41
47
|
|
|
42
|
-
def
|
|
43
|
-
|
|
48
|
+
def require_password_authentication?
|
|
49
|
+
return true if defined?(super) && super
|
|
50
|
+
!password_recently_entered?
|
|
44
51
|
end
|
|
45
52
|
end
|
|
46
53
|
end
|
|
@@ -17,11 +17,11 @@ module Rodauth
|
|
|
17
17
|
button 'Authenticate via Recovery Code', 'recovery_auth'
|
|
18
18
|
button 'View Authentication Recovery Codes', 'view_recovery_codes'
|
|
19
19
|
|
|
20
|
-
error_flash "Error authenticating via recovery code
|
|
21
|
-
error_flash "Unable to add recovery codes
|
|
22
|
-
error_flash "Unable to view recovery codes
|
|
20
|
+
error_flash "Error authenticating via recovery code", 'invalid_recovery_code'
|
|
21
|
+
error_flash "Unable to add recovery codes", 'add_recovery_codes'
|
|
22
|
+
error_flash "Unable to view recovery codes", 'view_recovery_codes'
|
|
23
23
|
|
|
24
|
-
notice_flash "Additional authentication recovery codes have been added
|
|
24
|
+
notice_flash "Additional authentication recovery codes have been added", 'recovery_codes_added'
|
|
25
25
|
|
|
26
26
|
redirect(:recovery_auth){recovery_auth_path}
|
|
27
27
|
redirect(:add_recovery_codes){recovery_codes_path}
|
|
@@ -32,15 +32,19 @@ module Rodauth
|
|
|
32
32
|
view 'recovery-codes', 'View Authentication Recovery Codes', 'recovery_codes'
|
|
33
33
|
|
|
34
34
|
auth_value_method :add_recovery_codes_param, 'add'
|
|
35
|
-
|
|
36
|
-
auth_value_method :
|
|
35
|
+
translatable_method :add_recovery_codes_heading, '<h2>Add Additional Recovery Codes</h2>'
|
|
36
|
+
auth_value_method :auto_add_recovery_codes?, false
|
|
37
|
+
translatable_method :invalid_recovery_code_message, "Invalid recovery code"
|
|
37
38
|
auth_value_method :recovery_codes_limit, 16
|
|
38
39
|
auth_value_method :recovery_codes_column, :code
|
|
39
40
|
auth_value_method :recovery_codes_id_column, :id
|
|
40
|
-
|
|
41
|
+
translatable_method :recovery_codes_label, 'Recovery Code'
|
|
41
42
|
auth_value_method :recovery_codes_param, 'recovery-code'
|
|
42
43
|
auth_value_method :recovery_codes_table, :account_recovery_codes
|
|
43
44
|
|
|
45
|
+
translatable_method :recovery_auth_link_text, "Authenticate Using Recovery Code"
|
|
46
|
+
translatable_method :recovery_codes_link_text, "View Authentication Recovery Codes"
|
|
47
|
+
|
|
44
48
|
auth_cached_method :recovery_codes
|
|
45
49
|
|
|
46
50
|
auth_value_methods(
|
|
@@ -59,7 +63,7 @@ module Rodauth
|
|
|
59
63
|
require_login
|
|
60
64
|
require_account_session
|
|
61
65
|
require_two_factor_setup
|
|
62
|
-
require_two_factor_not_authenticated
|
|
66
|
+
require_two_factor_not_authenticated('recovery_code')
|
|
63
67
|
before_recovery_auth_route
|
|
64
68
|
|
|
65
69
|
r.get do
|
|
@@ -69,7 +73,7 @@ module Rodauth
|
|
|
69
73
|
r.post do
|
|
70
74
|
if recovery_code_match?(param(recovery_codes_param))
|
|
71
75
|
before_recovery_auth
|
|
72
|
-
two_factor_authenticate(
|
|
76
|
+
two_factor_authenticate('recovery_code')
|
|
73
77
|
end
|
|
74
78
|
|
|
75
79
|
set_response_error_status(invalid_key_error_status)
|
|
@@ -124,61 +128,24 @@ module Rodauth
|
|
|
124
128
|
|
|
125
129
|
attr_accessor :recovery_codes_button
|
|
126
130
|
|
|
127
|
-
def two_factor_need_setup_redirect
|
|
128
|
-
super || (add_recovery_codes_redirect if recovery_codes_primary?)
|
|
129
|
-
end
|
|
130
|
-
|
|
131
|
-
def two_factor_auth_required_redirect
|
|
132
|
-
super || (recovery_auth_redirect if recovery_codes_primary?)
|
|
133
|
-
end
|
|
134
|
-
|
|
135
|
-
def two_factor_auth_fallback_redirect
|
|
136
|
-
recovery_auth_redirect
|
|
137
|
-
end
|
|
138
|
-
|
|
139
131
|
def two_factor_remove
|
|
140
132
|
super
|
|
141
133
|
recovery_codes_remove
|
|
142
134
|
end
|
|
143
135
|
|
|
144
|
-
def two_factor_authentication_setup?
|
|
145
|
-
super || (recovery_codes_primary? && !recovery_codes.empty?)
|
|
146
|
-
end
|
|
147
|
-
|
|
148
|
-
def otp_auth_form_footer
|
|
149
|
-
"#{super if defined?(super)}<p><a href=\"#{recovery_auth_path}\">Authenticate using recovery code</a></p>"
|
|
150
|
-
end
|
|
151
|
-
|
|
152
|
-
def otp_lockout_redirect
|
|
153
|
-
recovery_auth_redirect
|
|
154
|
-
end
|
|
155
|
-
|
|
156
|
-
def otp_lockout_error_flash
|
|
157
|
-
"#{super if defined?(super)} Can use recovery code to unlock."
|
|
158
|
-
end
|
|
159
|
-
|
|
160
136
|
def otp_add_key
|
|
161
137
|
super if defined?(super)
|
|
162
|
-
|
|
138
|
+
auto_add_missing_recovery_codes
|
|
163
139
|
end
|
|
164
140
|
|
|
165
141
|
def sms_confirm
|
|
166
142
|
super if defined?(super)
|
|
167
|
-
|
|
168
|
-
end
|
|
169
|
-
|
|
170
|
-
def otp_remove
|
|
171
|
-
super if defined?(super)
|
|
172
|
-
unless recovery_codes_primary?
|
|
173
|
-
recovery_codes_remove
|
|
174
|
-
end
|
|
143
|
+
auto_add_missing_recovery_codes
|
|
175
144
|
end
|
|
176
145
|
|
|
177
|
-
def
|
|
146
|
+
def add_webauthn_credential(_)
|
|
178
147
|
super if defined?(super)
|
|
179
|
-
|
|
180
|
-
recovery_codes_remove
|
|
181
|
-
end
|
|
148
|
+
auto_add_missing_recovery_codes
|
|
182
149
|
end
|
|
183
150
|
|
|
184
151
|
def recovery_codes_remove
|
|
@@ -221,14 +188,43 @@ module Rodauth
|
|
|
221
188
|
end
|
|
222
189
|
end
|
|
223
190
|
|
|
191
|
+
def possible_authentication_methods
|
|
192
|
+
methods = super
|
|
193
|
+
methods << 'recovery_code' unless recovery_codes_ds.empty?
|
|
194
|
+
methods
|
|
195
|
+
end
|
|
196
|
+
|
|
224
197
|
private
|
|
225
198
|
|
|
199
|
+
def _two_factor_auth_links
|
|
200
|
+
links = super
|
|
201
|
+
links << [40, recovery_auth_path, recovery_auth_link_text] unless recovery_codes_ds.empty?
|
|
202
|
+
links
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
def _two_factor_setup_links
|
|
206
|
+
links = super
|
|
207
|
+
links << [40, recovery_codes_path, recovery_codes_link_text] if (recovery_codes_primary? || uses_two_factor_authentication?)
|
|
208
|
+
links
|
|
209
|
+
end
|
|
210
|
+
|
|
211
|
+
def _two_factor_remove_all_from_session
|
|
212
|
+
two_factor_remove_session('recovery_code')
|
|
213
|
+
super
|
|
214
|
+
end
|
|
215
|
+
|
|
226
216
|
def new_recovery_code
|
|
227
217
|
random_key
|
|
228
218
|
end
|
|
229
219
|
|
|
230
220
|
def recovery_codes_primary?
|
|
231
|
-
(features & [:otp, :sms_codes]).empty?
|
|
221
|
+
(features & [:otp, :sms_codes, :webauthn]).empty?
|
|
222
|
+
end
|
|
223
|
+
|
|
224
|
+
def auto_add_missing_recovery_codes
|
|
225
|
+
if auto_add_recovery_codes?
|
|
226
|
+
add_recovery_codes(recovery_codes_limit - recovery_codes.length)
|
|
227
|
+
end
|
|
232
228
|
end
|
|
233
229
|
|
|
234
230
|
def _recovery_codes
|
|
@@ -2,8 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
module Rodauth
|
|
4
4
|
Feature.define(:remember, :Remember) do
|
|
5
|
-
depends :confirm_password
|
|
6
|
-
|
|
7
5
|
notice_flash "Your remember setting has been updated"
|
|
8
6
|
error_flash "There was an error updating your remember setting"
|
|
9
7
|
loaded_templates %w'remember'
|
|
@@ -17,11 +15,10 @@ module Rodauth
|
|
|
17
15
|
redirect
|
|
18
16
|
|
|
19
17
|
auth_value_method :raw_remember_token_deadline, nil
|
|
20
|
-
auth_value_method :remember_cookie_options, {}
|
|
18
|
+
auth_value_method :remember_cookie_options, {}.freeze
|
|
21
19
|
auth_value_method :extend_remember_deadline?, false
|
|
22
|
-
auth_value_method :remember_period, {:days=>14}
|
|
23
|
-
|
|
24
|
-
auth_value_method :remember_deadline_interval, {:days=>14}
|
|
20
|
+
auth_value_method :remember_period, {:days=>14}.freeze
|
|
21
|
+
auth_value_method :remember_deadline_interval, {:days=>14}.freeze
|
|
25
22
|
auth_value_method :remember_id_column, :id
|
|
26
23
|
auth_value_method :remember_key_column, :key
|
|
27
24
|
auth_value_method :remember_deadline_column, :deadline
|
|
@@ -31,13 +28,12 @@ module Rodauth
|
|
|
31
28
|
auth_value_method :remember_remember_param_value, 'remember'
|
|
32
29
|
auth_value_method :remember_forget_param_value, 'forget'
|
|
33
30
|
auth_value_method :remember_disable_param_value, 'disable'
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
31
|
+
translatable_method :remember_remember_label, 'Remember Me'
|
|
32
|
+
translatable_method :remember_forget_label, 'Forget Me'
|
|
33
|
+
translatable_method :remember_disable_label, 'Disable Remember Me'
|
|
37
34
|
|
|
38
35
|
auth_methods(
|
|
39
36
|
:add_remember_key,
|
|
40
|
-
:clear_remembered_session_key,
|
|
41
37
|
:disable_remember_login,
|
|
42
38
|
:forget_login,
|
|
43
39
|
:generate_remember_key_value,
|
|
@@ -109,9 +105,9 @@ module Rodauth
|
|
|
109
105
|
return
|
|
110
106
|
end
|
|
111
107
|
|
|
112
|
-
|
|
108
|
+
set_session_value(session_key, id)
|
|
113
109
|
account = account_from_session
|
|
114
|
-
|
|
110
|
+
remove_session_value(session_key)
|
|
115
111
|
|
|
116
112
|
unless account
|
|
117
113
|
remove_remember_key(id)
|
|
@@ -120,9 +116,8 @@ module Rodauth
|
|
|
120
116
|
end
|
|
121
117
|
|
|
122
118
|
before_load_memory
|
|
123
|
-
|
|
119
|
+
login_session('remember')
|
|
124
120
|
|
|
125
|
-
set_session_value(remembered_session_key, true)
|
|
126
121
|
if extend_remember_deadline?
|
|
127
122
|
active_remember_key_ds(id).update(remember_deadline_column=>Sequel.date_add(Sequel::CURRENT_TIMESTAMP, remember_period))
|
|
128
123
|
remember_login
|
|
@@ -133,9 +128,7 @@ module Rodauth
|
|
|
133
128
|
def remember_login
|
|
134
129
|
get_remember_key
|
|
135
130
|
opts = Hash[remember_cookie_options]
|
|
136
|
-
|
|
137
|
-
key = compute_hmac(key) if hmac_secret
|
|
138
|
-
opts[:value] = "#{account_id}_#{key}"
|
|
131
|
+
opts[:value] = "#{account_id}_#{convert_token_key(remember_key_value)}"
|
|
139
132
|
opts[:expires] = convert_timestamp(active_remember_key_ds.get(remember_deadline_column))
|
|
140
133
|
::Rack::Utils.set_cookie_header!(response.headers, remember_cookie_key, opts)
|
|
141
134
|
end
|
|
@@ -174,12 +167,8 @@ module Rodauth
|
|
|
174
167
|
remember_key_ds(id).delete
|
|
175
168
|
end
|
|
176
169
|
|
|
177
|
-
def clear_remembered_session_key
|
|
178
|
-
session.delete(remembered_session_key)
|
|
179
|
-
end
|
|
180
|
-
|
|
181
170
|
def logged_in_via_remember_key?
|
|
182
|
-
|
|
171
|
+
authenticated_by.include?('remember')
|
|
183
172
|
end
|
|
184
173
|
|
|
185
174
|
private
|
|
@@ -194,11 +183,6 @@ module Rodauth
|
|
|
194
183
|
super if defined?(super)
|
|
195
184
|
end
|
|
196
185
|
|
|
197
|
-
def after_confirm_password
|
|
198
|
-
super
|
|
199
|
-
clear_remembered_session_key
|
|
200
|
-
end
|
|
201
|
-
|
|
202
186
|
attr_reader :remember_key_value
|
|
203
187
|
|
|
204
188
|
def generate_remember_key_value
|
|
@@ -4,8 +4,6 @@ module Rodauth
|
|
|
4
4
|
Feature.define(:reset_password, :ResetPassword) do
|
|
5
5
|
depends :login, :email_base, :login_password_requirements_base
|
|
6
6
|
|
|
7
|
-
def_deprecated_alias :no_matching_reset_password_key_error_flash, :no_matching_reset_password_key_message
|
|
8
|
-
|
|
9
7
|
notice_flash "Your password has been reset"
|
|
10
8
|
notice_flash "An email has been sent to you with a link to reset the password for your account", 'reset_password_email_sent'
|
|
11
9
|
error_flash "There was an error resetting your password"
|
|
@@ -28,20 +26,19 @@ module Rodauth
|
|
|
28
26
|
redirect(:reset_password_email_recently_sent){default_post_email_redirect}
|
|
29
27
|
|
|
30
28
|
auth_value_method :reset_password_deadline_column, :deadline
|
|
31
|
-
auth_value_method :reset_password_deadline_interval, {:days=>1}
|
|
32
|
-
|
|
29
|
+
auth_value_method :reset_password_deadline_interval, {:days=>1}.freeze
|
|
30
|
+
translatable_method :reset_password_email_subject, 'Reset Password'
|
|
33
31
|
auth_value_method :reset_password_key_param, 'key'
|
|
34
32
|
auth_value_method :reset_password_autologin?, false
|
|
35
33
|
auth_value_method :reset_password_table, :account_password_reset_keys
|
|
36
34
|
auth_value_method :reset_password_id_column, :id
|
|
37
35
|
auth_value_method :reset_password_key_column, :key
|
|
38
|
-
auth_value_method :reset_password_email_last_sent_column,
|
|
39
|
-
|
|
36
|
+
auth_value_method :reset_password_email_last_sent_column, :email_last_sent
|
|
37
|
+
translatable_method :reset_password_explanatory_text, "<p>If you have forgotten your password, you can request a password reset:</p>"
|
|
40
38
|
auth_value_method :reset_password_skip_resend_email_within, 300
|
|
39
|
+
translatable_method :reset_password_request_link_text, "Forgot Password?"
|
|
41
40
|
session_key :reset_password_session_key, :reset_password_key
|
|
42
41
|
|
|
43
|
-
auth_value_methods :reset_password_request_link
|
|
44
|
-
|
|
45
42
|
auth_methods(
|
|
46
43
|
:create_reset_password_key,
|
|
47
44
|
:create_reset_password_email,
|
|
@@ -69,7 +66,15 @@ module Rodauth
|
|
|
69
66
|
end
|
|
70
67
|
|
|
71
68
|
r.post do
|
|
72
|
-
|
|
69
|
+
catch_error do
|
|
70
|
+
unless account_from_login(param(login_param))
|
|
71
|
+
throw_error_status(no_matching_login_error_status, login_param, no_matching_login_message)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
unless open_account?
|
|
75
|
+
throw_error_status(unopen_account_error_status, login_param, unverified_account_message)
|
|
76
|
+
end
|
|
77
|
+
|
|
73
78
|
if reset_password_email_recently_sent?
|
|
74
79
|
set_redirect_error_flash reset_password_email_recently_sent_error_flash
|
|
75
80
|
redirect reset_password_email_recently_sent_redirect
|
|
@@ -84,12 +89,11 @@ module Rodauth
|
|
|
84
89
|
end
|
|
85
90
|
|
|
86
91
|
set_notice_flash reset_password_email_sent_notice_flash
|
|
87
|
-
|
|
88
|
-
set_redirect_error_status(no_matching_login_error_status)
|
|
89
|
-
set_redirect_error_flash reset_password_request_error_flash
|
|
92
|
+
redirect reset_password_email_sent_redirect
|
|
90
93
|
end
|
|
91
94
|
|
|
92
|
-
|
|
95
|
+
set_error_flash reset_password_request_error_flash
|
|
96
|
+
reset_password_request_view
|
|
93
97
|
end
|
|
94
98
|
end
|
|
95
99
|
|
|
@@ -99,7 +103,7 @@ module Rodauth
|
|
|
99
103
|
|
|
100
104
|
r.get do
|
|
101
105
|
if key = param_or_nil(reset_password_key_param)
|
|
102
|
-
|
|
106
|
+
set_session_value(reset_password_session_key, key)
|
|
103
107
|
redirect(r.path)
|
|
104
108
|
end
|
|
105
109
|
|
|
@@ -107,7 +111,7 @@ module Rodauth
|
|
|
107
111
|
if account_from_reset_password_key(key)
|
|
108
112
|
reset_password_view
|
|
109
113
|
else
|
|
110
|
-
|
|
114
|
+
remove_session_value(reset_password_session_key)
|
|
111
115
|
set_redirect_error_flash no_matching_reset_password_key_error_flash
|
|
112
116
|
redirect require_login_redirect
|
|
113
117
|
end
|
|
@@ -144,10 +148,10 @@ module Rodauth
|
|
|
144
148
|
end
|
|
145
149
|
|
|
146
150
|
if reset_password_autologin?
|
|
147
|
-
|
|
151
|
+
autologin_session('reset_password')
|
|
148
152
|
end
|
|
149
153
|
|
|
150
|
-
|
|
154
|
+
remove_session_value(reset_password_session_key)
|
|
151
155
|
set_notice_flash reset_password_notice_flash
|
|
152
156
|
redirect reset_password_redirect
|
|
153
157
|
end
|
|
@@ -192,14 +196,6 @@ module Rodauth
|
|
|
192
196
|
ds.get(reset_password_key_column)
|
|
193
197
|
end
|
|
194
198
|
|
|
195
|
-
def login_form_footer
|
|
196
|
-
super + reset_password_request_link
|
|
197
|
-
end
|
|
198
|
-
|
|
199
|
-
def reset_password_request_link
|
|
200
|
-
"<p><a href=\"#{reset_password_request_path}\">Forgot Password?</a></p>"
|
|
201
|
-
end
|
|
202
|
-
|
|
203
199
|
def set_reset_password_email_last_sent
|
|
204
200
|
password_reset_ds.update(reset_password_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if reset_password_email_last_sent_column
|
|
205
201
|
end
|
|
@@ -214,6 +210,10 @@ module Rodauth
|
|
|
214
210
|
|
|
215
211
|
private
|
|
216
212
|
|
|
213
|
+
def _login_form_footer_links
|
|
214
|
+
super << [20, reset_password_request_path, reset_password_request_link_text]
|
|
215
|
+
end
|
|
216
|
+
|
|
217
217
|
def reset_password_email_recently_sent?
|
|
218
218
|
(email_last_sent = get_reset_password_email_last_sent) && (Time.now - email_last_sent < reset_password_skip_resend_email_within)
|
|
219
219
|
end
|