rodauth 1.23.0 → 2.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (160) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +184 -0
  3. data/MIT-LICENSE +1 -1
  4. data/README.rdoc +221 -79
  5. data/doc/account_expiration.rdoc +12 -26
  6. data/doc/active_sessions.rdoc +49 -0
  7. data/doc/audit_logging.rdoc +44 -0
  8. data/doc/base.rdoc +76 -128
  9. data/doc/change_login.rdoc +7 -14
  10. data/doc/change_password.rdoc +9 -13
  11. data/doc/change_password_notify.rdoc +2 -2
  12. data/doc/close_account.rdoc +9 -16
  13. data/doc/confirm_password.rdoc +12 -5
  14. data/doc/create_account.rdoc +11 -22
  15. data/doc/disallow_password_reuse.rdoc +6 -13
  16. data/doc/email_auth.rdoc +15 -14
  17. data/doc/email_base.rdoc +5 -15
  18. data/doc/guides/admin_activation.rdoc +46 -0
  19. data/doc/guides/already_authenticated.rdoc +10 -0
  20. data/doc/guides/alternative_login.rdoc +46 -0
  21. data/doc/guides/create_account_programmatically.rdoc +38 -0
  22. data/doc/guides/delay_password.rdoc +25 -0
  23. data/doc/guides/email_only.rdoc +16 -0
  24. data/doc/guides/i18n.rdoc +26 -0
  25. data/doc/{internals.rdoc → guides/internals.rdoc} +0 -0
  26. data/doc/guides/links.rdoc +12 -0
  27. data/doc/guides/login_return.rdoc +37 -0
  28. data/doc/guides/password_column.rdoc +25 -0
  29. data/doc/guides/password_confirmation.rdoc +37 -0
  30. data/doc/guides/password_requirements.rdoc +30 -0
  31. data/doc/guides/paths.rdoc +36 -0
  32. data/doc/guides/query_params.rdoc +9 -0
  33. data/doc/guides/redirects.rdoc +17 -0
  34. data/doc/guides/registration_field.rdoc +68 -0
  35. data/doc/guides/require_mfa.rdoc +30 -0
  36. data/doc/guides/reset_password_autologin.rdoc +21 -0
  37. data/doc/guides/status_column.rdoc +28 -0
  38. data/doc/guides/totp_or_recovery.rdoc +16 -0
  39. data/doc/http_basic_auth.rdoc +10 -1
  40. data/doc/jwt.rdoc +22 -22
  41. data/doc/jwt_cors.rdoc +2 -3
  42. data/doc/jwt_refresh.rdoc +23 -8
  43. data/doc/lockout.rdoc +17 -15
  44. data/doc/login.rdoc +17 -2
  45. data/doc/login_password_requirements_base.rdoc +18 -37
  46. data/doc/logout.rdoc +2 -2
  47. data/doc/otp.rdoc +25 -19
  48. data/doc/password_complexity.rdoc +10 -26
  49. data/doc/password_expiration.rdoc +11 -25
  50. data/doc/password_grace_period.rdoc +16 -2
  51. data/doc/password_pepper.rdoc +44 -0
  52. data/doc/recovery_codes.rdoc +18 -12
  53. data/doc/release_notes/2.0.0.txt +361 -0
  54. data/doc/release_notes/2.1.0.txt +31 -0
  55. data/doc/release_notes/2.2.0.txt +39 -0
  56. data/doc/release_notes/2.3.0.txt +37 -0
  57. data/doc/release_notes/2.4.0.txt +22 -0
  58. data/doc/remember.rdoc +40 -64
  59. data/doc/reset_password.rdoc +12 -9
  60. data/doc/session_expiration.rdoc +1 -0
  61. data/doc/single_session.rdoc +16 -25
  62. data/doc/sms_codes.rdoc +24 -14
  63. data/doc/two_factor_base.rdoc +60 -22
  64. data/doc/verify_account.rdoc +14 -12
  65. data/doc/verify_account_grace_period.rdoc +6 -2
  66. data/doc/verify_login_change.rdoc +9 -8
  67. data/doc/webauthn.rdoc +115 -0
  68. data/doc/webauthn_login.rdoc +15 -0
  69. data/doc/webauthn_verify_account.rdoc +9 -0
  70. data/javascript/webauthn_auth.js +45 -0
  71. data/javascript/webauthn_setup.js +35 -0
  72. data/lib/roda/plugins/rodauth.rb +1 -1
  73. data/lib/rodauth.rb +33 -28
  74. data/lib/rodauth/features/account_expiration.rb +5 -5
  75. data/lib/rodauth/features/active_sessions.rb +158 -0
  76. data/lib/rodauth/features/audit_logging.rb +98 -0
  77. data/lib/rodauth/features/base.rb +152 -49
  78. data/lib/rodauth/features/change_password_notify.rb +1 -1
  79. data/lib/rodauth/features/close_account.rb +8 -6
  80. data/lib/rodauth/features/confirm_password.rb +40 -2
  81. data/lib/rodauth/features/create_account.rb +8 -13
  82. data/lib/rodauth/features/disallow_common_passwords.rb +1 -1
  83. data/lib/rodauth/features/disallow_password_reuse.rb +5 -3
  84. data/lib/rodauth/features/email_auth.rb +30 -28
  85. data/lib/rodauth/features/email_base.rb +3 -3
  86. data/lib/rodauth/features/http_basic_auth.rb +55 -35
  87. data/lib/rodauth/features/jwt.rb +63 -16
  88. data/lib/rodauth/features/jwt_cors.rb +15 -15
  89. data/lib/rodauth/features/jwt_refresh.rb +42 -13
  90. data/lib/rodauth/features/lockout.rb +11 -13
  91. data/lib/rodauth/features/login.rb +58 -13
  92. data/lib/rodauth/features/login_password_requirements_base.rb +13 -8
  93. data/lib/rodauth/features/otp.rb +76 -82
  94. data/lib/rodauth/features/password_complexity.rb +8 -13
  95. data/lib/rodauth/features/password_expiration.rb +1 -1
  96. data/lib/rodauth/features/password_grace_period.rb +17 -10
  97. data/lib/rodauth/features/password_pepper.rb +45 -0
  98. data/lib/rodauth/features/recovery_codes.rb +47 -51
  99. data/lib/rodauth/features/remember.rb +13 -27
  100. data/lib/rodauth/features/reset_password.rb +25 -25
  101. data/lib/rodauth/features/session_expiration.rb +7 -10
  102. data/lib/rodauth/features/single_session.rb +8 -6
  103. data/lib/rodauth/features/sms_codes.rb +58 -68
  104. data/lib/rodauth/features/two_factor_base.rb +134 -30
  105. data/lib/rodauth/features/verify_account.rb +28 -20
  106. data/lib/rodauth/features/verify_account_grace_period.rb +18 -9
  107. data/lib/rodauth/features/verify_login_change.rb +11 -10
  108. data/lib/rodauth/features/webauthn.rb +505 -0
  109. data/lib/rodauth/features/webauthn_login.rb +70 -0
  110. data/lib/rodauth/features/webauthn_verify_account.rb +46 -0
  111. data/lib/rodauth/migrations.rb +16 -5
  112. data/lib/rodauth/version.rb +2 -2
  113. data/templates/button.str +1 -3
  114. data/templates/change-login.str +1 -2
  115. data/templates/change-password.str +3 -5
  116. data/templates/close-account.str +2 -2
  117. data/templates/confirm-password.str +1 -1
  118. data/templates/create-account.str +1 -1
  119. data/templates/email-auth-request-form.str +1 -2
  120. data/templates/email-auth.str +1 -1
  121. data/templates/global-logout-field.str +6 -0
  122. data/templates/login-confirm-field.str +2 -4
  123. data/templates/login-display.str +3 -2
  124. data/templates/login-field.str +2 -4
  125. data/templates/login-form-footer.str +6 -0
  126. data/templates/login-form.str +7 -0
  127. data/templates/login.str +1 -9
  128. data/templates/logout.str +1 -1
  129. data/templates/multi-phase-login.str +3 -0
  130. data/templates/otp-auth-code-field.str +5 -3
  131. data/templates/otp-auth.str +1 -1
  132. data/templates/otp-disable.str +1 -1
  133. data/templates/otp-setup.str +3 -3
  134. data/templates/password-confirm-field.str +2 -4
  135. data/templates/password-field.str +2 -4
  136. data/templates/recovery-auth.str +3 -6
  137. data/templates/recovery-codes.str +1 -1
  138. data/templates/remember.str +15 -20
  139. data/templates/reset-password-request.str +2 -2
  140. data/templates/reset-password.str +1 -2
  141. data/templates/sms-auth.str +1 -1
  142. data/templates/sms-code-field.str +5 -3
  143. data/templates/sms-confirm.str +1 -2
  144. data/templates/sms-disable.str +1 -2
  145. data/templates/sms-request.str +1 -1
  146. data/templates/sms-setup.str +6 -4
  147. data/templates/two-factor-auth.str +5 -0
  148. data/templates/two-factor-disable.str +6 -0
  149. data/templates/two-factor-manage.str +16 -0
  150. data/templates/unlock-account-request.str +2 -2
  151. data/templates/unlock-account.str +1 -1
  152. data/templates/verify-account-resend.str +1 -1
  153. data/templates/verify-account.str +1 -2
  154. data/templates/verify-login-change.str +1 -1
  155. data/templates/webauthn-auth.str +11 -0
  156. data/templates/webauthn-remove.str +14 -0
  157. data/templates/webauthn-setup.str +12 -0
  158. metadata +96 -13
  159. data/doc/verify_change_login.rdoc +0 -11
  160. data/lib/rodauth/features/verify_change_login.rb +0 -20
@@ -19,37 +19,23 @@ if you need such a feature.
19
19
 
20
20
  == Auth Value Methods
21
21
 
22
- account_activity_expired_column :: The column in the +account_activity_table+
23
- storing the expiration timestamp.
24
- account_activity_id_column :: The column in the +account_activity_table+
25
- storing the account id.
26
- account_activity_last_activity_column :: The column in the +account_activity_table+
27
- storing the last activity timestamp.
28
- account_activity_last_login_column :: The column in the +account_activity_table+
29
- storing the last login timestamp.
30
- account_activity_table :: The database table use for storing account
31
- login/activity/expiration timestamps.
32
- account_expiration_error_flash :: The flash error to show when attempting to
33
- login to an account that has expired.
34
- account_expiration_redirect :: Where to redirect after attempting to login to
35
- an account that has expired.
36
- expire_account_after :: How long in seconds from last login or activity until
37
- an account is considered expired.
38
- expire_account_on_last_activity? :: Whether to use the last activity timestamp
39
- when checking an account for expiration.
40
- By default, this is false and it uses the
41
- last login timestamp.
22
+ account_activity_expired_column :: The column in the +account_activity_table+ storing the expiration timestamp.
23
+ account_activity_id_column :: The column in the +account_activity_table+ storing the account id.
24
+ account_activity_last_activity_column :: The column in the +account_activity_table+ storing the last activity timestamp.
25
+ account_activity_last_login_column :: The column in the +account_activity_table+ storing the last login timestamp.
26
+ account_activity_table :: The database table use for storing account login/activity/expiration timestamps.
27
+ account_expiration_error_flash :: The flash error to show when attempting to login to an account that has expired.
28
+ account_expiration_redirect :: Where to redirect after attempting to login to an account that has expired.
29
+ expire_account_after :: How long in seconds from last login or activity until an account is considered expired.
30
+ expire_account_on_last_activity? :: Whether to use the last activity timestamp when checking an account for expiration. By default, this is false and it uses the last login timestamp.
42
31
 
43
32
  == Auth Methods
44
33
 
45
34
  account_expired? :: Whether the current account has expired.
46
- account_expired_at :: The expiration timestamp for the current account, nil if the
47
- account hasn't been expired.
35
+ account_expired_at :: The expiration timestamp for the current account, nil if the account hasn't been expired.
48
36
  after_account_expiration :: Run arbitrary code after account expiration.
49
- last_account_activity_at :: The last activity timestamp for the current account, nil if
50
- the account hasn't had activity recorded yet.
51
- last_account_login_at :: The last login timestamp for the current account, nil if
52
- the account hasn't had a login recorded yet.
37
+ last_account_activity_at :: The last activity timestamp for the current account, nil if the account hasn't had activity recorded yet.
38
+ last_account_login_at :: The last login timestamp for the current account, nil if the account hasn't had a login recorded yet.
53
39
  set_expired :: Set the current account as having expired.
54
40
  update_last_activity :: Update the last activity timestamp for the account.
55
41
  update_last_login :: Update the last login timestamp for the account.
@@ -0,0 +1,49 @@
1
+ = Documentation for Active Sessions Feature
2
+
3
+ The active sessions feature stores an id for each session in a
4
+ database table whenever a user logs in to the system. In your
5
+ routing block, you can check that the session id given is
6
+ still listed as an active session:
7
+
8
+ rodauth.check_active_session
9
+
10
+ On logout, the session id is removed from the database table,
11
+ so attempts to reuse the session id after that will fail.
12
+ Additionally, this supports an option on logout to globally
13
+ logout all sessions, which removes all active session ids for
14
+ the account from the database table.
15
+
16
+ In addition to removing sessions on logout, this also by default
17
+ supports session inactivity deadlines (based on time since last
18
+ use) and session lifetime deadlines (based on time since session
19
+ creation). To prevent the sessions table from growing
20
+ indefinitely, sessions that are passed either deadline are
21
+ removed when checking if the current session is active.
22
+
23
+ This depends on the logout feature.
24
+
25
+ == Auth Value Methods
26
+
27
+ active_sessions_account_id_column :: The column in the +active_sessions_table+ containing the account id.
28
+ active_sessions_created_at_column :: The column in the +active_sessions_table+ containing the time of session creation.
29
+ active_sessions_error_flash :: The flash error to display if the current session is no longer active.
30
+ active_sessions_last_use_column :: The column in the +active_sessions_table+ containing the time the session was last used.
31
+ active_sessions_redirect :: Where to redirect if the current session is no longer active.
32
+ active_sessions_session_id_column :: The column in the +active_sessions_table+ containing the session_id.
33
+ active_sessions_table :: The database table storing active session keys.
34
+ global_logout_label :: The label for the global logout checkbox on the logout page.
35
+ global_logout_param :: The parameter name for the global logout checkbox on the logout page.
36
+ inactive_session_error_status :: The error status to use when a JSON request is made and the session is no longer active, 401 by default.
37
+ session_id_session_key :: The session key name to use for storing the session id.
38
+ session_inactivity_deadline :: The number of seconds since last use after which the session will be considered expired (1 day by default). Can be set to nil to not check session inactivity.
39
+ session_lifetime_deadline :: The number of seconds since session creation after which the session will be considered expired (30 days by default). Can be set to nil to not check session lifetimes.
40
+
41
+ == Auth Methods
42
+
43
+ add_active_session :: Create a session id for the session and populate the session and add the session id to the database.
44
+ currently_active_session? :: Whether the session is currently active, by checking the database table.
45
+ handle_duplicate_active_session_id(exception) :: How to handle the case where a duplicate session id for the account is inserted into the table. Does nothing by default. This should only be called if the random number generator is broken.
46
+ no_longer_active_session :: What action to take if +rodauth.check_active_session+ is called and the session is no longer active.
47
+ remove_all_active_sessions :: Remove all active session from the database, used for global logouts and when closing accounts.
48
+ remove_current_session :: Remove current session from the database, used for regular logouts.
49
+ remove_inactive_sessions :: Remove inactive sessions from the database, run before checking for whether the current session is active.
@@ -0,0 +1,44 @@
1
+ = Documentation for Audit Logging Feature
2
+
3
+ The audit logging feature adds audit logging of rodauth actions to a
4
+ database table. It ties into the after hook processing used by all
5
+ features so that all features that use after hooks automatically
6
+ support audit logging.
7
+
8
+ In addition to the configuration methods defined below, the audit
9
+ logging feature also offers two additional configuration methods
10
+ for action specific audit log messages and metadata,
11
+ +audit_log_message_for+ and +audit_log_metadata_for+. These
12
+ methods take the action symbol and either take a value or a
13
+ block that returns a value to use for the message and metadata
14
+ for that action:
15
+
16
+ audit_log_message_for :login, "I have logged in"
17
+ audit_log_metadata_for :logout, 'Uses'=>'JSON Metadata'
18
+
19
+ audit_log_message_for :login_failure do
20
+ "Login failure on domain #{request.host}"
21
+ end
22
+ audit_log_metadata_for :login_failure do
23
+ {'ip'=>request.ip}
24
+ end
25
+
26
+ To skip audit logging for a particular action, you can set the
27
+ log message for the action to nil.
28
+
29
+ == Auth Value Methods
30
+
31
+ audit_logging_account_id_column :: The id column in the +audit_logging_table+, should be a foreign key referencing the accounts table.
32
+ audit_logging_message_column :: The message column in the +audit_logging_table+, containing the log message.
33
+ audit_logging_metadata_column :: The metadata column in the +audit_logging_table+, storing metadata for the log (if any).
34
+ audit_logging_table :: The name of the audit logging table.
35
+ audit_log_metadata_default :: The default metadata to use for logs that do not have custom metadata specified by +audit_log_metadata_for+.
36
+
37
+ == Auth Methods
38
+
39
+ add_audit_log(account_id, action) :: Add an appropriate audit log entry for the account id and action.
40
+ audit_log_insert_hash(account_id, action) :: A hash to use when inserting into the +audit_logging_table+.
41
+ audit_log_message(action) :: The log message to use when logging the action, by default using +audit_log_message_for+ and +audit_log_message_default+.
42
+ audit_log_message_default(action) :: The log message to use when logging the action for logs that do not have custom metadata specified by +audit_log_message_for+
43
+ audit_log_metadata(action) :: The metadata to use when logging the action, by default using +audit_log_metadata_for+ and +audit_log_metadata_default+.
44
+ serialize_audit_log_metadata(metadata) :: Serialize the metadata for insertion into the database. By default, this converts the metadata using +to_json+, unless the metadata is nil.
@@ -7,151 +7,99 @@ shared functionality that is used by multiple features.
7
7
 
8
8
  === Most Commonly Used
9
9
 
10
+ account_password_hash_column :: Set if the password hash column is in the same table as the login. If this is set, Rodauth will check the password hash in ruby. This is often used if you are replacing a legacy authentication system with Rodauth.
10
11
  accounts_table :: The database table containing the accounts.
11
- account_password_hash_column :: Set if the password hash column is in the same
12
- table as the login. If this is set, Rodauth
13
- will check the password hash in ruby. This is
14
- often used if you are replacing a legacy
15
- authentication system with Rodauth.
12
+ base_url :: The base URL to use, used when construct absolute links. It is recommended to set this if the application can be reached using arbitrary Host headers, as otherwise it is possible for an attacker to control the value.
16
13
  db :: The Sequel::Database object used for database access.
17
- hmac_secret :: This sets the secret to use for all of Rodauth's HMACs. This is
18
- not set by default, in which case Rodauth does not use HMACs for
19
- additional security. However, it is highly recommended that you
20
- set this.
21
- mark_input_fields_as_required? :: Whether input fields should be marked as
22
- required, so browsers will not allow submission
23
- without filling out the field (default: false).
24
- prefix :: The routing prefix used for Rodauth routes. If you are calling
25
- in a routing subtree, this should be set to the root path of the
26
- subtree. This should include a leading slash if set, but not a
27
- trailing slash.
28
- require_bcrypt? :: Set to false to not require bcrypt, useful if using custom
29
- authentication.
30
- session_key :: The key in the session hash storing the primary key of the
31
- logged in account.
32
- skip_status_checks? :: Whether status checks should be skipped for accounts.
33
- Defaults to false unless enabling the verify_account
34
- or close_account features.
35
- title_instance_variable :: The instance variable to set in the Roda scope with
36
- the page title. The layout should use this instance
37
- variable if available to set the title of the page.
14
+ domain :: The domain to use, required by some other features. It is recommended to set this if the application can be reached using arbitrary Host headers, as otherwise it is possible for an attacker to control the value.
15
+ hmac_secret :: This sets the secret to use for all of Rodauth's HMACs. This is not set by default, in which case Rodauth does not use HMACs for additional security. However, it is highly recommended that you set this, and some features require it.
16
+ mark_input_fields_as_required? :: Whether input fields should be marked as required, so browsers will not allow submission without filling out the field (default: true).
17
+ prefix :: The routing prefix used for Rodauth routes. If you are calling in a routing subtree, this should be set to the root path of the subtree. This should include a leading slash if set, but not a trailing slash.
18
+ require_bcrypt? :: Set to false to not require bcrypt, useful if using custom authentication.
19
+ session_key :: The key in the session hash storing the primary key of the logged in account.
20
+ session_key_prefix :: The string that will be prepended to the default value for all session keys.
21
+ skip_status_checks? :: Whether status checks should be skipped for accounts. Defaults to true unless enabling the verify_account or close_account features.
22
+ title_instance_variable :: The instance variable to set in the Roda scope with the page title. The layout should use this instance variable if available to set the title of the page. You can use +set_title+ if setting the page title is not done through an instance variable.
38
23
 
39
24
  === Other
40
25
 
41
- account_id_column :: The primary key column of the account model.
26
+ account_id_column :: The primary key column of the +accounts_table+.
42
27
  account_open_status_value :: The integer representing open accounts.
43
- account_select :: An array of columns to select from +accounts_table+. By
44
- default, selects all columns in the table.
45
- account_status_column :: The status id column in the account model.
46
- account_unverified_status_value :: The representating unverified accounts.
47
- cache_templates :: Whether to cache templates. True by default. It may be worth
48
- switching this to false in development if you are using your
49
- own templates instead of the templates provided by Rodauth.
28
+ account_select :: An array of columns to select from +accounts_table+. By default, selects all columns in the table.
29
+ account_status_column :: The status id column in the +accounts_table+.
30
+ account_unverified_status_value :: The integer representating unverified accounts.
31
+ authenticated_by_session_key :: The key in the session hash storing an array of methods used to authenticate.
32
+ autocomplete_for_field?(param) :: Whether to use an autocomplete attribute for the given parameter, defaults to +mark_input_fields_with_autocomplete?+.
33
+ autologin_type_session_key :: The key in the session hash storing the type of autologin method used, if autologin was used to authenticate.
34
+ cache_templates :: Whether to cache templates. True by default. It may be worth switching this to false in development if you are using your own templates instead of the templates provided by Rodauth.
35
+ check_csrf? :: Whether Rodauth should use Roda's +check_csrf!+ method for checking CSRF tokens before dispatching to Rodauth routes, true by default.
36
+ check_csrf_opts :: Options to pass to Roda's +check_csrf!+ if Rodauth calls it before dispatching.
37
+ check_csrf_block :: Proc for block to pass to Roda's +check_csrf!+ if Rodauth calls it before dispatching.
38
+ default_field_attributes :: The default attributes to use for input field tags, if field_attributes returns nil for the field.
50
39
  default_redirect :: Where to redirect after most successful actions.
51
- default_field_attributes :: The default attributes to use for input field tags, if
52
- field_attributes returns nil for the field.
53
- field_attributes(field) :: The attributes to use for the input field tags for the given
54
- field (parameter name).
55
- field_error_attributes(field) :: The attributes to use for the input field tags for the given
56
- field (parameter name), if the input has an error.
57
- flash_error_key :: The flash key to use for error messages (default: +:error+).
58
- flash_notice_key :: The flash key to use for notice messages (default: +:notice+).
59
- formatted_field_error(field, error) :: HTML to use for error messages for the field (parameter
60
- name), if the field has an error. By default, uses a
61
- span tag for the error message.
62
- input_field_label_suffix :: The suffix to use for all labels. Useful for noting that
63
- the fields are required.
64
- input_field_error_class :: The CSS class to use for input fields with errors. Can be a
65
- space separated string for multiple CSS classes.
66
- input_field_error_message_class :: The CSS class to use for error messages. Can be a
67
- space separated string for multiple CSS classes.
68
- invalid_field_error_status :: The response status to use for invalid field
69
- value errors, 422 by default.
70
- invalid_key_error_status :: The response status to use for invalid key codes,
71
- 401 by default.
72
- invalid_password_error_status :: The response status to use for invalid passwords,
73
- 401 by default.
74
- invalid_password_message :: The error message to display when a given
75
- password doesn't match the stored password hash.
76
- lockout_error_status :: The response status to use a login is attempted to an account that
77
- is locked out, 403 by default.
78
- login_column :: The login column in the account model.
79
- login_input_type :: The input type to use for logins. Defaults to text but could be set to email
80
- if all logins should be valid email addresses.
40
+ field_attributes(field) :: The attributes to use for the input field tags for the given field (parameter name).
41
+ field_error_attributes(field) :: The attributes to use for the input field tags for the given field (parameter name), if the input has an error.
42
+ flash_error_key :: The flash key to use for error messages (default: +:error+ or <tt>'error'</tt> depending on session support for symbols).
43
+ flash_notice_key :: The flash key to use for notice messages (default: +:notice+ or <tt>'notice'</tt> depending on session support for symbols).
44
+ formatted_field_error(field, error) :: HTML to use for error messages for the field (parameter name), if the field has an error. By default, uses a span tag for the error message.
45
+ hook_action(hook_type, action) :: Arbitrary action to take on all hook processing, with hook type being +:before+ or +:after+, and action being symbol for related action.
46
+ input_field_error_class :: The CSS class to use for input fields with errors. Can be a space separated string for multiple CSS classes.
47
+ input_field_error_message_class :: The CSS class to use for error messages. Can be a space separated string for multiple CSS classes.
48
+ input_field_label_suffix :: The suffix to use for all labels. Useful for noting that the fields are required.
49
+ inputmode_for_field?(param) :: Whether to use an inputmode attribute for the given parameter, defaults to mark_input_fields_with_inputmode?.
50
+ invalid_field_error_status :: The response status to use for invalid field value errors, 422 by default.
51
+ invalid_key_error_status :: The response status to use for invalid key codes, 401 by default.
52
+ invalid_password_error_status :: The response status to use for invalid passwords, 401 by default.
53
+ invalid_password_message :: The error message to display when a given password doesn't match the stored password hash.
54
+ lockout_error_status :: The response status to use a login is attempted to an account that is locked out, 403 by default.
55
+ login_column :: The login column in the +accounts_table+.
56
+ login_input_type :: The input type to use for logins. Defaults to email if login column is email and text otherwise.
81
57
  login_label :: The label to use for logins.
82
58
  login_param :: The parameter name to use for logins.
83
- login_required_error_status :: The response status to return when a login is required
84
- and you are not logged in, if not redirecting, 401 by detault
85
- modifications_require_password? :: Whether making changes to an account requires
86
- the user reinputing their password.
87
- no_matching_login_error_status :: The response status to use when the login is not
88
- in the database, 401 by default.
89
- no_matching_login_message :: The error message to display when the login
90
- used is not in the database.
91
- password_hash_column :: The password hash column in the password hash table.
92
- password_hash_id_column :: The account id column in the password hash table.
59
+ login_required_error_status :: The response status to return when a login is required and you are not logged in, if not redirecting, 401 by default
60
+ login_uses_email? :: Whether the login field uses email, used to set the type of the login field as well as the autocomplete setting.
61
+ mark_input_fields_with_autocomplete? :: Whether input fields should be marked with autocomplete attribute appropriate for the field, true by default.
62
+ mark_input_fields_with_inputmode? :: Whether input fields should be marked with inputmode attribute appropriate for the field, true by default.
63
+ modifications_require_password? :: Whether making changes to an account requires the user reinputing their password. True by default if the account has a password.
64
+ no_matching_login_error_status :: The response status to use when the login is not in the database, 401 by default.
65
+ no_matching_login_message :: The error message to display when the login used is not in the database.
66
+ password_hash_column :: The password hash column in the +password_hash_table+.
67
+ password_hash_id_column :: The account id column in the +password_hash_table+.
93
68
  password_hash_table :: The table storing the password hashes.
94
69
  password_label :: The label to use for passwords.
95
70
  password_param :: The parameter name to use for passwords.
96
- require_login_error_flash :: The flash error to display when accessing a
97
- page that requires a login, when you are not
98
- logged in.
71
+ require_login_error_flash :: The flash error to display when accessing a page that requires a login, when you are not logged in.
99
72
  require_login_redirect :: A redirect to the login page.
100
- set_deadline_values? :: Whether deadline values should be set. True by default
101
- on MySQL, as that doesn't support default values that
102
- are not constant. Can be set to true on other databases
103
- if you want to vary the value based on a request parameter.
104
- template_opts :: Any template options to pass to view/render. This can be used
105
- to set a custom layout, for example.
73
+ set_deadline_values? :: Whether deadline values should be set. True by default on MySQL, as that doesn't support default values that are not constant. Can be set to true on other databases if you want to vary the value based on a request parameter.
74
+ template_opts :: Any template options to pass to view/render. This can be used to set a custom layout, for example.
106
75
  token_separator :: The string used to separate account id from the random key in links.
107
- unmatched_field_error_status :: The response status to use when two field values should
108
- match but do not, 422 by default.
109
- unopen_account_error_status :: The response status to use when trying to login to an
110
- account that isn't open, 403 by default.
111
- use_date_arithmetic? :: Whether the date_arithmetic extension should be loaded into
112
- the database. Defaults to whether deadline values should
113
- be set.
114
- use_database_authentication_functions? :: Whether to use functions to do authentication.
115
- True by default on PostgreSQL, MySQL, and
116
- Microsoft SQL Server, false otherwise.
117
- use_request_specific_csrf_tokens? :: Whether to use request-specific CSRF tokens.
118
- True if the :csrf=>:route_csrf option is used when
119
- loading the plugin, and the Roda route_csrf plugin
120
- is configured to use request-specific CSRF tokens.
76
+ unmatched_field_error_status :: The response status to use when two field values should match but do not, 422 by default.
77
+ unopen_account_error_status :: The response status to use when trying to login to an account that isn't open, 403 by default.
78
+ use_database_authentication_functions? :: Whether to use functions to do authentication. True by default on PostgreSQL, MySQL, and Microsoft SQL Server, false otherwise.
79
+ use_date_arithmetic? :: Whether the date_arithmetic extension should be loaded into the database. Defaults to whether deadline values should be set.
80
+ use_request_specific_csrf_tokens? :: Whether to use request-specific CSRF tokens. True if the default CSRF setting are used.
121
81
 
122
82
  == Auth Methods
123
83
 
84
+ account_from_login(login) :: Retrieve the account hash related to the given login or nil if no login matches.
85
+ account_from_session :: Retrieve the account hash related to the currently logged in session.
86
+ account_id :: The primary key value of the current account.
87
+ account_session_value :: The primary value of the current account to store in the session when logging in.
124
88
  after_login :: Run arbitrary code after a successful login.
125
- after_login_failure :: Run arbitrary code after a login failure due to
126
- an invalid password.
127
- before_login :: Run arbitrary code after password has been checked, but
128
- before updating the session.
129
- before_login_attempt :: Run arbitrary code after an account has been
130
- located, but before the password has been checked.
131
- before_rodauth :: Run arbitrary code before handling any rodauth route.
132
- account_from_login(login) :: Retrieve the account hash related to the
133
- given login or nil if no login matches.
134
- account_from_session :: Retrieve the account hash related to the currently
135
- logged in session.
136
- account_id :: The primary key value of the current account
137
- account_session_value :: The primary value of the account currently stored in the
138
- session.
139
- already_logged_in :: What action to take if you are already logged in and attempt
140
- to access a page that only makes sense if you are not logged in.
141
- authenticated? :: Whether the user has been authenticated. If 2 factor authentication
142
- has been enabled for the account, this is true only if both factors
143
- have been authenticated.
89
+ after_login_failure :: Run arbitrary code after a login failure due to an invalid password.
90
+ already_logged_in :: What action to take if you are already logged in and attempt to access a page that only makes sense if you are not logged in.
91
+ authenticated? :: Whether the user has been authenticated. If multifactor authentication has been enabled for the account, this is true only if the session is multifactor authenticated.
92
+ before_login :: Run arbitrary code after password has been checked, but before updating the session.
93
+ before_login_attempt :: Run arbitrary code after an account has been located, but before the password has been checked.
94
+ before_rodauth :: Run arbitrary code before handling any rodauth route, but after CSRF checks if Rodauth is doing CSRF checks.
95
+ check_csrf :: Checks CSRF token using Roda's +check_csrf!+ method.
144
96
  clear_session :: Clears the current session.
145
97
  csrf_tag(path=request.path) :: The HTML fragment containing the CSRF tag to use, if any.
146
- function_name(name) :: The name of the database function to call. It's passed either
147
- :rodauth_get_salt or :rodauth_valid_password_hash.
148
- logged_in? :: Whether there is an account currently logged in.
149
- login_required :: Action to take when a login is required to access the page and
150
- the user is not logged in.
151
- open_account? :: Whether the current account is an open account (not closed or
152
- unverified).
153
- password_match?(password) :: Check whether the given password matches the
154
- stored password hash.
98
+ function_name(name) :: The name of the database function to call. It's passed either :rodauth_get_salt or :rodauth_valid_password_hash.
99
+ logged_in? :: Whether the current session is logged in.
100
+ login_required :: Action to take when a login is required to access the page and the user is not logged in.
101
+ open_account? :: Whether the current account is an open account (not closed or unverified).
102
+ password_match?(password) :: Check whether the given password matches the stored password hash.
155
103
  random_key :: A randomly generated string, used for creating tokens.
156
104
  redirect(path) :: Redirect the request to the given path.
157
105
  session_value :: The value for session_key in the current session.
@@ -160,6 +108,6 @@ set_notice_flash(message) :: Set the next notice flash to the given message.
160
108
  set_notice_now_flash(message) :: Set the current notice flash to the given message.
161
109
  set_redirect_error_flash(message) :: Set the next error flash to the given message.
162
110
  set_title(title) :: Set the title of the page to the given title.
163
- unverified_account_message :: The message to use when attempting to login to an
164
- unverified account.
165
- update_session :: Set the session key to the primary key of the current account.
111
+ translate(key, default_value) :: Return a translated version for the key (uses the default value by default).
112
+ unverified_account_message :: The message to use when attempting to login to an unverified account.
113
+ update_session :: Clear the session, then set the session key to the primary key of the current account.
@@ -5,26 +5,19 @@ change their login.
5
5
 
6
6
  == Auth Value Methods
7
7
 
8
- change_login_additional_form_tags :: HTML fragment containing additional
9
- form tags to use on the change login
10
- form.
8
+ change_login_additional_form_tags :: HTML fragment containing additional form tags to use on the change login form.
11
9
  change_login_button :: The text to use for the change login button.
12
- change_login_error_flash :: The flash error to show for an unsuccessful
13
- login change.
14
- change_login_notice_flash :: The flash notice to show after a successful
15
- login change.
10
+ change_login_error_flash :: The flash error to show for an unsuccessful login change.
11
+ change_login_notice_flash :: The flash notice to show after a successful login change.
12
+ change_login_page_title :: The page title to use on the change login form.
16
13
  change_login_redirect :: Where to redirect after a sucessful login change.
17
- change_login_requires_password? :: Whether a password is required when
18
- changing logins.
19
- change_login_route :: The route to the change login action. Defaults to
20
- +change-login+.
14
+ change_login_requires_password? :: Whether a password is required when changing logins.
15
+ change_login_route :: The route to the change login action. Defaults to +change-login+.
21
16
 
22
17
  == Auth Methods
23
18
 
24
19
  after_change_login :: Run arbitrary code after successful login change.
25
20
  before_change_login :: Run arbitrary code before changing a login.
26
21
  before_change_login_route :: Run arbitrary code before handling a change login route.
27
- change_login(login) :: Change the users login to the given login, or
28
- return nil/false if the login cannot be changed to
29
- the given login.
22
+ change_login(login) :: Change the users login to the given login, or return nil/false if the login cannot be changed to the given login.
30
23
  change_login_view :: The HTML to use for the change login form.
@@ -5,19 +5,17 @@ change their password.
5
5
 
6
6
  == Auth Value Methods
7
7
 
8
- change_password_additional_form_tags :: HTML fragment containing additional
9
- form tags to use on the change password
10
- form.
8
+ change_password_additional_form_tags :: HTML fragment containing additional form tags to use on the change password form.
11
9
  change_password_button :: The text to use for the change password button.
12
- change_password_error_flash :: The flash error to show for an unsuccessful
13
- password change.
14
- change_password_notice_flash :: The flash notice to show after a successful
15
- password change.
10
+ change_password_error_flash :: The flash error to show for an unsuccessful password change.
11
+ change_password_notice_flash :: The flash notice to show after a successful password change.
12
+ change_password_page_title :: The page title to use on the change password form.
16
13
  change_password_redirect :: Where to redirect after a sucessful password change.
17
- change_password_requires_password? :: Whether a password is required when
18
- changing passwords.
19
- change_password_route :: The route to the change password action. Defaults to
20
- +change-password+.
14
+ change_password_requires_password? :: Whether a password is required when changing passwords.
15
+ change_password_route :: The route to the change password action. Defaults to +change-password+.
16
+ invalid_previous_password_message :: The message to use when the previous password was incorrect. Defaults to +invalid_password_message+.
17
+ new_password_label :: The label to use for the new password.
18
+ new_password_param :: The parameter name to use for new passwords.
21
19
 
22
20
  == Auth Methods
23
21
 
@@ -25,5 +23,3 @@ after_change_password :: Run arbitrary code after successful password change.
25
23
  before_change_password :: Run arbitrary code before changing the password for an account.
26
24
  before_change_password_route :: Run arbitrary code before handling a change password route.
27
25
  change_password_view :: The HTML to use for the change password form.
28
- invalid_previous_password_message :: The message to use when the previous password was
29
- incorrect. Defaults to invalid_password_message.