RubyGems - rodauth - Versions diffs - 1.23.0 → 2.4.0 - Mend

rodauth 1.23.0 → 2.4.0

Files changed (160) hide show

checksums.yaml +4 -4
data/CHANGELOG +184 -0
data/MIT-LICENSE +1 -1
data/README.rdoc +221 -79
data/doc/account_expiration.rdoc +12 -26
data/doc/active_sessions.rdoc +49 -0
data/doc/audit_logging.rdoc +44 -0
data/doc/base.rdoc +76 -128
data/doc/change_login.rdoc +7 -14
data/doc/change_password.rdoc +9 -13
data/doc/change_password_notify.rdoc +2 -2
data/doc/close_account.rdoc +9 -16
data/doc/confirm_password.rdoc +12 -5
data/doc/create_account.rdoc +11 -22
data/doc/disallow_password_reuse.rdoc +6 -13
data/doc/email_auth.rdoc +15 -14
data/doc/email_base.rdoc +5 -15
data/doc/guides/admin_activation.rdoc +46 -0
data/doc/guides/already_authenticated.rdoc +10 -0
data/doc/guides/alternative_login.rdoc +46 -0
data/doc/guides/create_account_programmatically.rdoc +38 -0
data/doc/guides/delay_password.rdoc +25 -0
data/doc/guides/email_only.rdoc +16 -0
data/doc/guides/i18n.rdoc +26 -0
data/doc/{internals.rdoc → guides/internals.rdoc} +0 -0
data/doc/guides/links.rdoc +12 -0
data/doc/guides/login_return.rdoc +37 -0
data/doc/guides/password_column.rdoc +25 -0
data/doc/guides/password_confirmation.rdoc +37 -0
data/doc/guides/password_requirements.rdoc +30 -0
data/doc/guides/paths.rdoc +36 -0
data/doc/guides/query_params.rdoc +9 -0
data/doc/guides/redirects.rdoc +17 -0
data/doc/guides/registration_field.rdoc +68 -0
data/doc/guides/require_mfa.rdoc +30 -0
data/doc/guides/reset_password_autologin.rdoc +21 -0
data/doc/guides/status_column.rdoc +28 -0
data/doc/guides/totp_or_recovery.rdoc +16 -0
data/doc/http_basic_auth.rdoc +10 -1
data/doc/jwt.rdoc +22 -22
data/doc/jwt_cors.rdoc +2 -3
data/doc/jwt_refresh.rdoc +23 -8
data/doc/lockout.rdoc +17 -15
data/doc/login.rdoc +17 -2
data/doc/login_password_requirements_base.rdoc +18 -37
data/doc/logout.rdoc +2 -2
data/doc/otp.rdoc +25 -19
data/doc/password_complexity.rdoc +10 -26
data/doc/password_expiration.rdoc +11 -25
data/doc/password_grace_period.rdoc +16 -2
data/doc/password_pepper.rdoc +44 -0
data/doc/recovery_codes.rdoc +18 -12
data/doc/release_notes/2.0.0.txt +361 -0
data/doc/release_notes/2.1.0.txt +31 -0
data/doc/release_notes/2.2.0.txt +39 -0
data/doc/release_notes/2.3.0.txt +37 -0
data/doc/release_notes/2.4.0.txt +22 -0
data/doc/remember.rdoc +40 -64
data/doc/reset_password.rdoc +12 -9
data/doc/session_expiration.rdoc +1 -0
data/doc/single_session.rdoc +16 -25
data/doc/sms_codes.rdoc +24 -14
data/doc/two_factor_base.rdoc +60 -22
data/doc/verify_account.rdoc +14 -12
data/doc/verify_account_grace_period.rdoc +6 -2
data/doc/verify_login_change.rdoc +9 -8
data/doc/webauthn.rdoc +115 -0
data/doc/webauthn_login.rdoc +15 -0
data/doc/webauthn_verify_account.rdoc +9 -0
data/javascript/webauthn_auth.js +45 -0
data/javascript/webauthn_setup.js +35 -0
data/lib/roda/plugins/rodauth.rb +1 -1
data/lib/rodauth.rb +33 -28
data/lib/rodauth/features/account_expiration.rb +5 -5
data/lib/rodauth/features/active_sessions.rb +158 -0
data/lib/rodauth/features/audit_logging.rb +98 -0
data/lib/rodauth/features/base.rb +152 -49
data/lib/rodauth/features/change_password_notify.rb +1 -1
data/lib/rodauth/features/close_account.rb +8 -6
data/lib/rodauth/features/confirm_password.rb +40 -2
data/lib/rodauth/features/create_account.rb +8 -13
data/lib/rodauth/features/disallow_common_passwords.rb +1 -1
data/lib/rodauth/features/disallow_password_reuse.rb +5 -3
data/lib/rodauth/features/email_auth.rb +30 -28
data/lib/rodauth/features/email_base.rb +3 -3
data/lib/rodauth/features/http_basic_auth.rb +55 -35
data/lib/rodauth/features/jwt.rb +63 -16
data/lib/rodauth/features/jwt_cors.rb +15 -15
data/lib/rodauth/features/jwt_refresh.rb +42 -13
data/lib/rodauth/features/lockout.rb +11 -13
data/lib/rodauth/features/login.rb +58 -13
data/lib/rodauth/features/login_password_requirements_base.rb +13 -8
data/lib/rodauth/features/otp.rb +76 -82
data/lib/rodauth/features/password_complexity.rb +8 -13
data/lib/rodauth/features/password_expiration.rb +1 -1
data/lib/rodauth/features/password_grace_period.rb +17 -10
data/lib/rodauth/features/password_pepper.rb +45 -0
data/lib/rodauth/features/recovery_codes.rb +47 -51
data/lib/rodauth/features/remember.rb +13 -27
data/lib/rodauth/features/reset_password.rb +25 -25
data/lib/rodauth/features/session_expiration.rb +7 -10
data/lib/rodauth/features/single_session.rb +8 -6
data/lib/rodauth/features/sms_codes.rb +58 -68
data/lib/rodauth/features/two_factor_base.rb +134 -30
data/lib/rodauth/features/verify_account.rb +28 -20
data/lib/rodauth/features/verify_account_grace_period.rb +18 -9
data/lib/rodauth/features/verify_login_change.rb +11 -10
data/lib/rodauth/features/webauthn.rb +505 -0
data/lib/rodauth/features/webauthn_login.rb +70 -0
data/lib/rodauth/features/webauthn_verify_account.rb +46 -0
data/lib/rodauth/migrations.rb +16 -5
data/lib/rodauth/version.rb +2 -2
data/templates/button.str +1 -3
data/templates/change-login.str +1 -2
data/templates/change-password.str +3 -5
data/templates/close-account.str +2 -2
data/templates/confirm-password.str +1 -1
data/templates/create-account.str +1 -1
data/templates/email-auth-request-form.str +1 -2
data/templates/email-auth.str +1 -1
data/templates/global-logout-field.str +6 -0
data/templates/login-confirm-field.str +2 -4
data/templates/login-display.str +3 -2
data/templates/login-field.str +2 -4
data/templates/login-form-footer.str +6 -0
data/templates/login-form.str +7 -0
data/templates/login.str +1 -9
data/templates/logout.str +1 -1
data/templates/multi-phase-login.str +3 -0
data/templates/otp-auth-code-field.str +5 -3
data/templates/otp-auth.str +1 -1
data/templates/otp-disable.str +1 -1
data/templates/otp-setup.str +3 -3
data/templates/password-confirm-field.str +2 -4
data/templates/password-field.str +2 -4
data/templates/recovery-auth.str +3 -6
data/templates/recovery-codes.str +1 -1
data/templates/remember.str +15 -20
data/templates/reset-password-request.str +2 -2
data/templates/reset-password.str +1 -2
data/templates/sms-auth.str +1 -1
data/templates/sms-code-field.str +5 -3
data/templates/sms-confirm.str +1 -2
data/templates/sms-disable.str +1 -2
data/templates/sms-request.str +1 -1
data/templates/sms-setup.str +6 -4
data/templates/two-factor-auth.str +5 -0
data/templates/two-factor-disable.str +6 -0
data/templates/two-factor-manage.str +16 -0
data/templates/unlock-account-request.str +2 -2
data/templates/unlock-account.str +1 -1
data/templates/verify-account-resend.str +1 -1
data/templates/verify-account.str +1 -2
data/templates/verify-login-change.str +1 -1
data/templates/webauthn-auth.str +11 -0
data/templates/webauthn-remove.str +14 -0
data/templates/webauthn-setup.str +12 -0
metadata +96 -13
data/doc/verify_change_login.rdoc +0 -11
data/lib/rodauth/features/verify_change_login.rb +0 -20

data/doc/verify_change_login.rdoc DELETED

@@ -1,11 +0,0 @@
-= Documentation for Verify Change Login Feature
-This feature is deprecated, because it is possible for a user to get
-locked out of their account if they use the wrong address on the
-change login page.  It is recommended that users switch to using the
-verify login change feature, which doesn't change the login until
-after it has been verified.
-The verify change login feature implements account reverification after
-change login.  Depends on the change login and verify account grace
-period features.

data/lib/rodauth/features/verify_change_login.rb DELETED

@@ -1,20 +0,0 @@
-# frozen-string-literal: true
-module Rodauth
-  Feature.define(:verify_change_login, :VerifyChangeLogin) do
-    depends :change_login, :verify_account_grace_period
-    def change_login_notice_flash
-      "#{super}. #{verify_account_email_sent_notice_flash}"
-    end
-    private
-    def after_change_login
-      super
-      update_account(account_status_column=>account_unverified_status_value)
-      setup_account_verification
-      session[unverified_account_session_key] = true
-    end
-  end
-end