rodauth 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +4 -0
- data/README.rdoc +1 -0
- data/doc/release_notes/1.4.0.txt +11 -0
- data/doc/update_password_hash.rdoc +7 -0
- data/lib/rodauth/features/base.rb +19 -13
- data/lib/rodauth/features/login_password_requirements_base.rb +1 -1
- data/lib/rodauth/features/update_password_hash.rb +29 -0
- data/lib/rodauth/version.rb +1 -1
- data/spec/update_password_hash_spec.rb +40 -0
- metadata +8 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eedc388675de95e1b6d8f6281bc57cefb262eec9
|
|
4
|
+
data.tar.gz: 725710de442759eba54e3a2245e2ed08af52d479
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c354d87afa1dac53d2589b2626a17841e33b3f3041145cf88ccaef9ad4a4041a94b1a5140b88e7fb43af7de8efde7ad26f34fec0a5f79b962617656eccb10a35
|
|
7
|
+
data.tar.gz: acc6f4b368095dafb9d102642b5da105405475fd73fae8e31c162fe086cb8f7baf849052a9274d6e64f5988b98bf7e4319595c8a746190b1edd6dd529414ded6
|
data/CHANGELOG
CHANGED
data/README.rdoc
CHANGED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
= New Features
|
|
2
|
+
|
|
3
|
+
* A update_password_hash feature has been added, which will update
|
|
4
|
+
the password hash for the account whenever the account's current
|
|
5
|
+
password hash has a cost different from the currently configured
|
|
6
|
+
password hash cost.
|
|
7
|
+
|
|
8
|
+
This allows you to increase the password hash cost for all
|
|
9
|
+
accounts or for certain types of accounts, and have the password
|
|
10
|
+
hashes automatically updated to use the new cost the next time the
|
|
11
|
+
correct password is provided for the account.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
= Documentation for Update Password Hash Feature
|
|
2
|
+
|
|
3
|
+
The update password hash feature updates the hash for the password whenever
|
|
4
|
+
the hash cost changes. For example, if you have a cost of 8, and later
|
|
5
|
+
increase the cost to 10, anytime the user authenticates correctly with
|
|
6
|
+
their password, their password hash will change from one that uses a cost
|
|
7
|
+
of 8 to one that uses a cost of 10.
|
|
@@ -246,20 +246,12 @@ module Rodauth
|
|
|
246
246
|
end
|
|
247
247
|
|
|
248
248
|
def password_match?(password)
|
|
249
|
-
if
|
|
250
|
-
|
|
251
|
-
elsif use_database_authentication_functions?
|
|
252
|
-
id = account_id
|
|
253
|
-
if salt = db.get(Sequel.function(function_name(:rodauth_get_salt), id))
|
|
254
|
-
hash = BCrypt::Engine.hash_secret(password, salt)
|
|
255
|
-
db.get(Sequel.function(function_name(:rodauth_valid_password_hash), id, hash))
|
|
256
|
-
end
|
|
257
|
-
else
|
|
258
|
-
# :nocov:
|
|
259
|
-
if hash = password_hash_ds.get(password_hash_column)
|
|
249
|
+
if hash = get_password_hash
|
|
250
|
+
if account_password_hash_column || !use_database_authentication_functions?
|
|
260
251
|
BCrypt::Password.new(hash) == password
|
|
261
|
-
|
|
262
|
-
|
|
252
|
+
else
|
|
253
|
+
db.get(Sequel.function(function_name(:rodauth_valid_password_hash), account_id, BCrypt::Engine.hash_secret(password, hash)))
|
|
254
|
+
end
|
|
263
255
|
end
|
|
264
256
|
end
|
|
265
257
|
|
|
@@ -358,6 +350,20 @@ module Rodauth
|
|
|
358
350
|
end
|
|
359
351
|
end
|
|
360
352
|
|
|
353
|
+
# Get the password hash for the user. When using database authentication functions,
|
|
354
|
+
# note that only the salt is returned.
|
|
355
|
+
def get_password_hash
|
|
356
|
+
if account_password_hash_column
|
|
357
|
+
account[account_password_hash_column]
|
|
358
|
+
elsif use_database_authentication_functions?
|
|
359
|
+
db.get(Sequel.function(function_name(:rodauth_get_salt), account_id))
|
|
360
|
+
else
|
|
361
|
+
# :nocov:
|
|
362
|
+
password_hash_ds.get(password_hash_column)
|
|
363
|
+
# :nocov:
|
|
364
|
+
end
|
|
365
|
+
end
|
|
366
|
+
|
|
361
367
|
def _account_from_login(login)
|
|
362
368
|
ds = db[accounts_table].where(login_column=>login)
|
|
363
369
|
ds = ds.select(*account_select) if account_select
|
|
@@ -56,7 +56,7 @@ module Rodauth
|
|
|
56
56
|
update_account(account_password_hash_column=>hash)
|
|
57
57
|
elsif password_hash_ds.update(password_hash_column=>hash) == 0
|
|
58
58
|
# This shouldn't raise a uniqueness error, as the update should only fail for a new user,
|
|
59
|
-
# and an existing user
|
|
59
|
+
# and an existing user should always have a valid password hash row. If this does
|
|
60
60
|
# fail, retrying it will cause problems, it will override a concurrently running update
|
|
61
61
|
# with potentially a different password.
|
|
62
62
|
db[password_hash_table].insert(password_hash_id_column=>account_id, password_hash_column=>hash)
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# frozen-string-literal: true
|
|
2
|
+
|
|
3
|
+
module Rodauth
|
|
4
|
+
UpdatePasswordHash = Feature.define(:update_password_hash) do
|
|
5
|
+
depends :login_password_requirements_base
|
|
6
|
+
|
|
7
|
+
def password_match?(password)
|
|
8
|
+
if (result = super) && update_password_hash?
|
|
9
|
+
set_password(password)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
result
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def update_password_hash?
|
|
18
|
+
password_hash_cost != @current_password_hash_cost
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def get_password_hash
|
|
22
|
+
if hash = super
|
|
23
|
+
@current_password_hash_cost = hash.split('$')[2].to_i
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
hash
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
data/lib/rodauth/version.rb
CHANGED
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
|
2
|
+
|
|
3
|
+
describe 'Rodauth update_password feature' do
|
|
4
|
+
[false, true].each do |ph|
|
|
5
|
+
it "should support updating passwords for accounts #{'with account_password_hash_column' if ph} if hash cost changes" do
|
|
6
|
+
cost = BCrypt::Engine::MIN_COST
|
|
7
|
+
rodauth do
|
|
8
|
+
enable :login, :logout, :update_password_hash
|
|
9
|
+
account_password_hash_column :ph if ph
|
|
10
|
+
password_hash_cost{cost}
|
|
11
|
+
end
|
|
12
|
+
roda do |r|
|
|
13
|
+
r.rodauth
|
|
14
|
+
next unless session[:account_id]
|
|
15
|
+
rodauth.account_from_session
|
|
16
|
+
r.root{rodauth.send(:get_password_hash)}
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
login
|
|
20
|
+
content = page.html
|
|
21
|
+
|
|
22
|
+
logout
|
|
23
|
+
login
|
|
24
|
+
page.current_path.must_equal '/'
|
|
25
|
+
content.must_equal page.html
|
|
26
|
+
|
|
27
|
+
cost += 1
|
|
28
|
+
logout
|
|
29
|
+
login
|
|
30
|
+
new_content = page.html
|
|
31
|
+
page.current_path.must_equal '/'
|
|
32
|
+
content.wont_equal new_content
|
|
33
|
+
|
|
34
|
+
logout
|
|
35
|
+
login
|
|
36
|
+
page.current_path.must_equal '/'
|
|
37
|
+
new_content.must_equal page.html
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-08-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sequel
|
|
@@ -224,10 +224,12 @@ extra_rdoc_files:
|
|
|
224
224
|
- doc/verify_account_grace_period.rdoc
|
|
225
225
|
- doc/confirm_password.rdoc
|
|
226
226
|
- doc/verify_change_login.rdoc
|
|
227
|
+
- doc/update_password_hash.rdoc
|
|
227
228
|
- doc/release_notes/1.0.0.txt
|
|
228
229
|
- doc/release_notes/1.1.0.txt
|
|
229
230
|
- doc/release_notes/1.2.0.txt
|
|
230
231
|
- doc/release_notes/1.3.0.txt
|
|
232
|
+
- doc/release_notes/1.4.0.txt
|
|
231
233
|
files:
|
|
232
234
|
- CHANGELOG
|
|
233
235
|
- MIT-LICENSE
|
|
@@ -256,12 +258,14 @@ files:
|
|
|
256
258
|
- doc/release_notes/1.1.0.txt
|
|
257
259
|
- doc/release_notes/1.2.0.txt
|
|
258
260
|
- doc/release_notes/1.3.0.txt
|
|
261
|
+
- doc/release_notes/1.4.0.txt
|
|
259
262
|
- doc/remember.rdoc
|
|
260
263
|
- doc/reset_password.rdoc
|
|
261
264
|
- doc/session_expiration.rdoc
|
|
262
265
|
- doc/single_session.rdoc
|
|
263
266
|
- doc/sms_codes.rdoc
|
|
264
267
|
- doc/two_factor_base.rdoc
|
|
268
|
+
- doc/update_password_hash.rdoc
|
|
265
269
|
- doc/verify_account.rdoc
|
|
266
270
|
- doc/verify_account_grace_period.rdoc
|
|
267
271
|
- doc/verify_change_login.rdoc
|
|
@@ -292,6 +296,7 @@ files:
|
|
|
292
296
|
- lib/rodauth/features/single_session.rb
|
|
293
297
|
- lib/rodauth/features/sms_codes.rb
|
|
294
298
|
- lib/rodauth/features/two_factor_base.rb
|
|
299
|
+
- lib/rodauth/features/update_password_hash.rb
|
|
295
300
|
- lib/rodauth/features/verify_account.rb
|
|
296
301
|
- lib/rodauth/features/verify_account_grace_period.rb
|
|
297
302
|
- lib/rodauth/features/verify_change_login.rb
|
|
@@ -321,6 +326,7 @@ files:
|
|
|
321
326
|
- spec/single_session_spec.rb
|
|
322
327
|
- spec/spec_helper.rb
|
|
323
328
|
- spec/two_factor_spec.rb
|
|
329
|
+
- spec/update_password_hash_spec.rb
|
|
324
330
|
- spec/verify_account_grace_period_spec.rb
|
|
325
331
|
- spec/verify_account_spec.rb
|
|
326
332
|
- spec/verify_change_login_spec.rb
|