rodauth 1.8.0 → 1.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 65176959334b7e6fa96008eabe2b3f6f4d69032d
-  data.tar.gz: 44aeba80765dfc4a4afa4f15848f4004a83d453a
+  metadata.gz: 63d284b3ed1dc87ff182d472e730e52d823e4dae
+  data.tar.gz: 47599804ed740325e00c8c7bda5dcafde8b669c3
 SHA512:
-  metadata.gz: 0500da1e1abe0cf9ed4e3cac1ca02102ab8a388bc6726e35de3934600676e7c886ca0181d2e0bd06385d1cd43015120cf5b4a97dcbaff6ceba4dc66ae8ac9abd
-  data.tar.gz: 8a5eed74a9f73f0ef22a9965a8c7f74b5c5de6036fa9af62d6adced7304f01a147d3f9e16d2966a79a898766704d512079d801f5be6864929f533db9f1aacfed
+  metadata.gz: a4f64fc7c93e5a97c4ef7a100d26dcb286b157a7085c939db4bdce203b3b63f18e239f71ea09cc4881740facacc695c00a220427e91f9daea0aec7f1e65a51d3
+  data.tar.gz: 3424177852d8cbf98f1acca6f75c46e23316664950febab7af6af720a55038570fe6d4655d4dc983e0ee29df70ad011a7cff468b5f0169604c3baed09da1e94f

data/CHANGELOG

@@ -1,3 +1,9 @@
+=== 1.9.0 (2017-02-22)
+
+* Make reset-password use existing password reset key if one is present (jeremyevans) (#26)
+
+* Add Roda.precompile_rodauth_templates method, useful to save memory when forking, or when chrooting (jeremyevans)
+
 === 1.8.0 (2017-01-06)
 
 * Add json_response_custom_error_status? option to jwt feature to use specific 4xx statuses instead of 400 (jeremyevans)

data/README.rdoc

@@ -757,12 +757,21 @@ Conversely, if you implement the rodauth_get_salt and
 rodauth_valid_password_hash functions on a database that isn't
 PostgreSQL, MySQL, or Microsoft SQL Server, you can set this value to true.
 
-=== With Custom Authentication (such as LDAP)
+=== With Custom Authentication
 
-You can use Rodauth with other authentication types, by overriding
-a single configuration setting.  For example, if you have accounts
-stored in the database, but authentication happens via LDAP, you
-can use the +simple_ldap_authenticator+ library:
+You can use Rodauth with other authentication types, by using some
+of Rodauth's configuration methods.
+
+Note that when using custom authentication, using some of Rodauth's
+features such as change login and change password either would not
+make sense or would require some additional custom configuration.
+The login and logout features should work correctly with the examples
+below, though.
+
+==== Using LDAP Authentication
+
+If you have accounts stored in the database, but authentication happens
+via LDAP, you can use the +simple_ldap_authenticator+ library:
 
   require 'simple_ldap_authenticator'
   plugin :rodauth do
@@ -783,26 +792,51 @@ any valid LDAP user to login, you can do something like this:
     # Don't require the bcrypt library, since using LDAP for auth
     require_bcrypt? false
 
-    # Treat the login itself as the account
-    account_from_login{|l| l.to_s}
+    # Store session value in :login key, since the :account_id
+    # default wouldn't make sense
+    session_key :login
 
     # Use the login provided as the session value
     account_session_value{account}
 
-    # Store session value in :login key, since the :account_id
-    # default wouldn't make sense
-    session_key :login
+    # Treat the login itself as the account
+    account_from_login{|l| l.to_s}
 
     password_match? do |password|
       SimpleLdapAuthenticator.valid?(account, password)
     end
   end
 
-Note that when using custom authentication, using some of Rodauth's
-features such as change login and change password either would not
-make sense or would require some additional custom configuration.
-The login and logout features should work correctly with the examples
-above, though.
+==== Using Facebook Authentication
+
+Here's an example of authentication using Facebook with a JSON API.
+This setup assumes you have client-side code to submit JSON POST requests
+to +/login+ with an +access_token+ parameter that is set to the user's
+Facebook OAuth access token.
+
+
+   require 'koala'
+   plugin :rodauth do
+    enable :login, :logout, :jwt
+     
+    require_bcrypt? false
+    session_key :facebook_email
+    account_session_value{account}
+
+    login_param 'access_token'
+
+    account_from_login do |access_token|
+      fb = Koala::Facebook::API.new(access_token)
+      if me = fb.get_object('me', :fields=>[:email])
+        me['email']
+      end
+    end
+
+    # there is no password!
+    password_match? do |pass|
+      true
+    end
+  end
 
 === With Other Web Frameworks
 
@@ -1008,6 +1042,18 @@ by adding an appropriate route before calling +r.rodauth+:
     r.rodauth
   end
 
+=== Precompiling Rodauth Templates
+
+Rodauth serves templates from it's gem folder.  If you are using
+a forking webserver and want to preload the compiled templates
+to save memory, or if you are chrooting your application, you can
+benefit from precompiling your rodauth templates:
+
+  plugin :rodauth do
+    # ...
+  end
+  precompile_rodauth_templates
+
 == Upgrading from 0.9.x
 
 To upgrade from 0.9.x to the current version, if you were using

data/doc/change_login.rdoc

@@ -16,7 +16,8 @@ change_login_notice_flash :: The flash notice to show after a successful
 change_login_redirect :: Where to redirect after a sucessful login change.
 change_login_requires_password? :: Whether a password is required when
                                    changing logins.
-change_login_route :: The route to the change login action.
+change_login_route :: The route to the change login action. Defaults to
+                      +change-login+.
 
 == Auth Methods
 

data/doc/change_password.rdoc

@@ -16,7 +16,8 @@ change_password_notice_flash :: The flash notice to show after a successful
 change_password_redirect :: Where to redirect after a sucessful password change.
 change_password_requires_password? :: Whether a password is required when
                                       changing passwords.
-change_password_route :: The route to the change password action.
+change_password_route :: The route to the change password action. Defaults to
+                         +change-password+.
 
 == Auth Methods
 

data/doc/close_account.rdoc

@@ -14,7 +14,8 @@ close_account_notice_flash :: The flash notice to show after closing the
 close_account_redirect :: Where to redirect after closing the account.
 close_account_requires_password? :: Whether a password is required when
                                     closing accounts.
-close_account_route :: The route to the close account action.
+close_account_route :: The route to the close account action. Defaults to
+                       +close-account+.
 delete_account_on_close? :: Whether to delete the account when closing it,
                             default value is to use +skip_status_checks?+.
 

data/doc/confirm_password.rdoc

@@ -11,7 +11,8 @@ confirm_password_button :: The text to use for the confirm password button.
 confirm_password_error_flash :: The flash error to show if password confirmation is unsuccessful.
 confirm_password_notice_flash :: The flash notice to show after password confirmed successful.
 confirm_password_redirect :: Where to redirect after successful password confirmation. By default, uses <tt>session[:confirm_password_redirect]</tt> if set, allowing an easy way to redirect back to the page requesting password confirmation.
-confirm_password_route :: The route to the confirm password form.
+confirm_password_route :: The route to the confirm password form. Defaults to
+                          +confirm-password+.
 
 == Auth Methods
 

data/doc/create_account.rdoc

@@ -12,8 +12,8 @@ create_account_error_flash :: The flash error to show for unsuccessful
                               account creation.
 create_account_notice_flash :: The flash notice to show after successful
 create_account_redirect :: Where to redirect after creating the account.
-create_account_route :: The route to the create account action.
-                        account creation.
+create_account_route :: The route to the create account action. Defaults to
+                        +create-account+.
 
 == Auth Methods
 

data/doc/lockout.rdoc

@@ -47,6 +47,7 @@ unlock_account_request_notice_flash :: The flash notice to display upon successf
                                        the unlock account email.
 unlock_account_request_redirect :: Where to redirect after account unlock email is sent.
 unlock_account_request_route :: The route to the unlock account request action.
+                                Defaults to +unlock-account-request+.
 unlock_account_requires_password? :: Whether a password is required when unlocking accounts,
                                      false by default.  May want to set to true if not
                                      allowing password resets.

data/doc/login.rdoc

@@ -14,7 +14,7 @@ login_error_status :: The response status to use when using an invalid
 login_form_footer :: A message to display after the login form.
 login_notice_flash :: The flash notice to show after successful login.
 login_redirect :: Where to redirect after a sucessful login.
-login_route :: The route to the login action.
+login_route :: The route to the login action. Defaults to +login+.
 
 == Auth Methods
 

data/doc/logout.rdoc

@@ -10,7 +10,7 @@ logout_additional_form_tags :: HTML fragment containing additional form
 logout_button :: The text to use for the logout button.
 logout_notice_flash :: The flash notice to show after logout.
 logout_redirect :: Where to redirect after a logout.
-logout_route :: The route to the logout action.
+logout_route :: The route to the logout action. Defaults to +logout+.
 
 == Auth Methods
 

data/doc/otp.rdoc

@@ -21,7 +21,7 @@ otp_auth_failures_limit :: The number of allowed OTP authentication failures bef
 otp_auth_form_footer :: A footer to display at the bottom of the OTP authentication form.
 otp_auth_label :: The label for the OTP authentication code.
 otp_auth_param :: The parameter name for the OTP authentication code.
-otp_auth_route :: The route to the OTP authentication action.
+otp_auth_route :: The route to the OTP authentication action. Defaults to +otp-auth+.
 otp_class :: The class to use for OTP authentication (default: ROTP::TOTP)
 otp_digits :: The number of digits to use in OTP authentication codes (rotp's default is 6).
 otp_disable_additional_form_tags :: HTML fragment containing additional form tags to use on
@@ -30,7 +30,7 @@ otp_disable_button :: The text to use for button on form to disable OTP authenti
 otp_disable_error_flash :: The flash error to show if unable to disable OTP authentication.
 otp_disable_notice_flash :: The flash notice to show after disabling OTP authentication.
 otp_disable_redirect :: Where to redirect after disabling OTP authentication.
-otp_disable_route :: The route to the OTP disable action.
+otp_disable_route :: The route to the OTP disable action. Defaults to +otp-disable+.
 otp_drift :: The number of seconds the client and server are allowed to drift apart. The
              default is nil, to not allow drift.
 otp_invalid_auth_code_message :: The error message to show when an invalid OTP authentication
@@ -61,7 +61,7 @@ otp_setup_error_flash :: The flash error to show if OTP authentication setup was
 otp_setup_notice_flash :: The flash notice to show if OTP authentication setup was successful.
 otp_setup_param :: The parameter name used for the OTP secret when setting up OTP authentication.
 otp_setup_redirect :: Where to redirect after sucessful OTP authentication setup.
-otp_setup_route :: The route to the OTP setup action.
+otp_setup_route :: The route to the OTP setup action. Defaults to +otp-setup+.
 
 == Auth Methods
 

data/doc/recovery_codes.rdoc

@@ -5,6 +5,10 @@ codes.  It is usually used as a backup if OTP authentication is not available or
 has been locked out, but can be used by itself or as a backup to SMS codes.  It allows
 users to view authentication recovery codes as well as regenerate recovery codes.
 
+Access to recovery codes is limited to authenticated sessions only, so users should
+be recommended to securely store/preserve a subset of these codes prior to any chance
+of them being required due to a missing / lost device.
+
 == Auth Value Methods
 
 add_recovery_codes_button :: Text to use for button on form to add recovery codes.
@@ -21,6 +25,7 @@ recovery_auth_additional_form_tags :: HTML fragment containing additional form t
 recovery_auth_button :: The text to use for the button when authenticating via a recovery code.
 recovery_auth_redirect :: Where to redirect after authenticating via an recovery code.
 recovery_auth_route :: The route to the recovery code authentication action.
+                       Defaults to +recovery-auth+.
 recovery_codes_added_notice_flash :: The flash notice to show when recovery codes
                                      were added.
 recovery_codes_additional_form_tags :: HTML fragment containing additional form tags when
@@ -34,7 +39,8 @@ recovery_codes_limit :: The number of recovery codes to allow.
 recovery_codes_param :: The parameter name for the recovery code.
 recovery_codes_primary? :: Whether recovery codes are the primary second factor, true by
                            default if neither the otp or sms_codes features are enabled.
-recovery_codes_route :: The route to the view recovery codes action.
+recovery_codes_route :: The route to the view recovery codes action. Defaults to
+                        +recovery-codes+.
 recovery_codes_table :: The table storing the recovery codes.
 view_recovery_codes_button :: Text for the button to view recovery codes.
 view_recovery_codes_error_flash :: The flash error to show when viewing recovery codes

data/doc/release_notes/1.9.0.txt

@@ -0,0 +1,15 @@
+= New Features
+
+* Roda.precompile_rodauth_templates has been added.  This method
+  allows for precompiling the templates that rodauth uses, which
+  allows for memory saving when using a forking webserver that
+  preloads the application, and also allows Rodauth to be used
+  with an application that uses chroot after loading.
+
+= Improvements
+
+* If requesting a password reset link more than once, the same
+  password reset key will be used.  Previously, subsequent
+  emails after the first request would contain an invalid key,
+  so if the email for the original request was lost, you could
+  not generate another key until that key expired.

data/doc/remember.rdoc

@@ -37,7 +37,8 @@ remember_period :: The additional time to extend the remember deadline if
 remember_redirect :: Where to redirect after changing the remember settings.
 remember_remember_param_value :: The parameter value for switching on remembering.
 remember_remember_label :: The label for turning on remembering.
-remember_route :: The route to the change remember settings action.
+remember_route :: The route to the change remember settings action. Defaults to
+                  +remember+.
 remember_table :: The name of the remember keys table.
 remember_param :: The parameter name to use for the remember password settings
                   choice.

data/doc/reset_password.rdoc

@@ -39,7 +39,9 @@ reset_password_request_button :: The text to use for the reset password request
 reset_password_request_error_flash :: The flash error to show if not able to send a reset
                                       password email.
 reset_password_request_route :: The route to the reset password request action.
-reset_password_route :: The route to the reset password action.
+                                Defaults to +reset-password-request+.
+reset_password_route :: The route to the reset password action. Defaults to
+                        +reset-password+.
 reset_password_session_key :: The key in the session to hold the reset password key temporarily.
 reset_password_table :: The name of the reset password keys table.
 

data/doc/sms_codes.rdoc

@@ -28,7 +28,7 @@ sms_auth_additional_form_tags :: HTML fragment containing additional form tags w
 sms_auth_button :: Text to use for button on form to authenticate via SMS.
 sms_auth_code_length :: The length of SMS authentication codes, 6 by default.
 sms_auth_redirect :: Where to redirect if SMS authentication is needed.
-sms_auth_route :: The route to the SMS authentication action.
+sms_auth_route :: The route to the SMS authentication action. Defaults to +sms-auth+.
 sms_code_allowed_seconds :: The number of seconds after an SMS authentication is sent until it is no longer valid, 300 seconds by default.
 sms_code_column :: The column in the +sms_codes_table+ containing the currently valid SMS authentication/confirmation code.
 sms_code_label :: The label for SMS codes.
@@ -40,13 +40,13 @@ sms_confirm_button :: Text to use for button on form to confirm SMS setup.
 sms_confirm_code_length :: The length of SMS confirmation codes, 12 by default, as there is no lockout. 
 sms_confirm_notice_flash :: The flash notice to show when SMS authentication setup has been confirmed.
 sms_confirm_redirect ::Where to redirect after SMS authentication setup has been confirmed.
-sms_confirm_route :: The route to the SMS setup confirmation action.
+sms_confirm_route :: The route to the SMS setup confirmation action. Defaults to +sms-confirm+.
 sms_disable_additional_form_tags :: HTML fragment containing additional form tags when disabling SMS authentication.
 sms_disable_button :: Text to use for button on form to disable SMS authentication.
 sms_disable_error_flash :: The flash error to show when disabling SMS authentication fails.
 sms_disable_notice_flash :: The flash notice to show when SMS authentication has been successfully disabled.
 sms_disable_redirect :: Where to redirect after SMS authentication has been disabled.
-sms_disable_route :: The route to the SMS authentication disable action.
+sms_disable_route :: The route to the SMS authentication disable action. Defaults to +sms-disable+.
 sms_failure_limit :: The number of failures until SMS authentication is locked out.
 sms_failures_column :: The column in the +sms_codes_table+ containing the number of SMS authentication failures since the last successful authentication.
 sms_id_column :: The column in the +sms_codes_table+ containing the account id.
@@ -70,11 +70,11 @@ sms_request_additional_form_tags :: HTML fragment containing additional form tag
 sms_request_button :: Text to use for button on form to request an SMS authentication code.
 sms_request_notice_flash :: The flash notice to show when an SMS authentication code is requested.
 sms_request_redirect :: Where to redirect after requesting an SMS authentication code.
-sms_request_route :: The route to the SMS authentication code request action.
+sms_request_route :: The route to the SMS authentication code request action. Defaults to +sms-request+.
 sms_setup_additional_form_tags :: HTML fragment containing additional form tags when setting up SMS authentication.
 sms_setup_button :: Text to use for button on form to setup SMS authentication.
 sms_setup_error_flash :: The flash error to show when setting up SMS authentication fails.
-sms_setup_route :: The route to the SMS authentication setup action.
+sms_setup_route :: The route to the SMS authentication setup action. Defaults to +sms-setup+.
 
 == Auth Methods
 

data/doc/verify_account.rdoc

@@ -39,7 +39,9 @@ verify_account_redirect :: Where to redirect after verifying the account.
 verify_account_resend_error_flash :: The flash error to show if unable to resend a
                                      verify account email.
 verify_account_resend_route :: The route to the verify account resend action.
-verify_account_route :: The route to the verify account action.
+                               Defaults to +verify-account-resend+.
+verify_account_route :: The route to the verify account action. Defaults to
+                        +verify-account+.
 verify_account_session_key :: The key in the session to hold the verify account key temporarily.
 verify_account_table :: The name of the verify account keys table.
 

data/lib/rodauth.rb

@@ -128,6 +128,12 @@ module Rodauth
       auth_methods meth
     end
 
+    def loaded_templates(v)
+      define_method(:loaded_templates) do
+        super().concat(v)
+      end
+    end
+
     def depends(*deps)
       dependencies.concat(deps)
     end
@@ -244,6 +250,22 @@ module Rodauth
       opts[:rodauths][name]
     end
 
+    def precompile_rodauth_templates
+      instance = allocate
+      rodauth = instance.rodauth
+
+      view_opts = rodauth.send(:loaded_templates).map do |page|
+        rodauth.send(:_view_opts, page)
+      end
+      view_opts << rodauth.send(:button_opts, '', {})
+
+      view_opts.each do |opts|
+        instance.send(:retrieve_template, opts).send(:compiled_method, opts[:locals].keys.sort_by(&:to_s))
+      end
+
+      nil
+    end
+
     def freeze
       if opts[:rodauths]
         opts[:rodauths].each_value(&:freeze)

data/lib/rodauth/features/base.rb

@@ -232,10 +232,16 @@ module Rodauth
       scope.csrf_tag if scope.respond_to?(:csrf_tag)
     end
 
-    def button(value, opts={})
+    def button_opts(value, opts)
       opts = {:locals=>{:value=>value, :opts=>opts}}
       opts[:path] = template_path('button')
-      scope.render(opts)
+      opts[:cache] = true
+      opts[:cache_key] = :rodauth_button
+      opts
+    end
+
+    def button(value, opts={})
+      scope.render(button_opts(value, opts))
     end
 
     def view(page, title)
@@ -431,6 +437,10 @@ module Rodauth
       timestamp
     end
 
+    def loaded_templates
+      []
+    end
+
     # This is used to avoid race conditions when using the pattern of inserting when
     # an update affects no rows.  In such cases, if a row is inserted between the
     # update and the insert, the insert will fail with a uniqueness error, but
@@ -499,19 +509,26 @@ module Rodauth
       update_hash_ds(account, ds, values)
     end
 
-    def _view(meth, page)
+    def _view_opts(page)
       auth_template_path = template_path(page)
       opts = template_opts.dup
       opts[:locals] = opts[:locals] ? opts[:locals].dup : {}
       opts[:locals][:rodauth] = self
+      opts[:cache] = true
+      opts[:cache_key] = :"rodauth_#{page}"
 
       scope.instance_exec do
         opts = find_template(parse_template_opts(page, opts))
         unless File.file?(template_path(opts))
           opts[:path] = auth_template_path
         end
-        send(meth, opts)
       end
+
+      opts
+    end
+
+    def _view(meth, page)
+      scope.send(meth, _view_opts(page))
     end
   end
 end

data/lib/rodauth/features/change_login.rb

@@ -6,6 +6,7 @@ module Rodauth
 
     notice_flash 'Your login has been changed'
     error_flash 'There was an error changing your login'
+    loaded_templates %w'change-login login-field login-confirm-field password-field'
     view 'change-login', 'Change Login'
     after
     before

data/lib/rodauth/features/change_password.rb

@@ -6,6 +6,7 @@ module Rodauth
 
     notice_flash 'Your password has been changed'
     error_flash 'There was an error changing your password'
+    loaded_templates %w'change-password password-field password-confirm-field'
     view 'change-password', 'Change Password'
     after
     before

data/lib/rodauth/features/close_account.rb

@@ -4,6 +4,7 @@ module Rodauth
   CloseAccount = Feature.define(:close_account) do
     notice_flash 'Your account has been closed'
     error_flash 'There was an error closing your account'
+    loaded_templates %w'close-account password-field'
     view 'close-account', 'Close Account'
     additional_form_tags
     button 'Close Account'

data/lib/rodauth/features/confirm_password.rb

@@ -4,6 +4,7 @@ module Rodauth
   ConfirmPassword = Feature.define(:confirm_password) do
     notice_flash "Your password has been confirmed"
     error_flash "There was an error confirming your password"
+    loaded_templates %w'confirm-password password-field'
     view 'confirm-password', 'Confirm Password'
     additional_form_tags
     button 'Confirm Password'

data/lib/rodauth/features/create_account.rb

@@ -7,6 +7,7 @@ module Rodauth
     depends :login
     notice_flash 'Your account has been created'
     error_flash "There was an error creating your account"
+    loaded_templates %w'create-account login-field login-confirm-field password-field password-confirm-field'
     view 'create-account', 'Create Account'
     after
     before

data/lib/rodauth/features/lockout.rb

@@ -4,6 +4,7 @@ module Rodauth
   Lockout = Feature.define(:lockout) do
     depends :login, :email_base
 
+    loaded_templates %w'unlock-account-request unlock-account password-field unlock-account-email'
     view 'unlock-account-request', 'Request Account Unlock', 'unlock_account_request'
     view 'unlock-account', 'Unlock Account', 'unlock_account'
     before 'unlock_account'

data/lib/rodauth/features/login.rb

@@ -4,6 +4,7 @@ module Rodauth
   Login = Feature.define(:login) do
     notice_flash "You have been logged in"
     error_flash "There was an error logging in"
+    loaded_templates %w'login login-field password-field'
     view 'login', 'Login'
     additional_form_tags
     button 'Login'

data/lib/rodauth/features/logout.rb

@@ -3,6 +3,7 @@
 module Rodauth
   Logout = Feature.define(:logout) do
     notice_flash "You have been logged out"
+    loaded_templates %w'logout'
     view 'logout', 'Logout'
     additional_form_tags
     before

data/lib/rodauth/features/otp.rb

@@ -38,6 +38,7 @@ module Rodauth
     redirect :otp_already_setup
     redirect :otp_setup
 
+    loaded_templates %w'otp-disable otp-auth otp-setup otp-auth-code-field password-field'
     view 'otp-disable', 'Disable Two Factor Authentication', 'otp_disable'
     view 'otp-auth', 'Enter Authentication Code', 'otp_auth'
     view 'otp-setup', 'Setup Two Factor Authentication', 'otp_setup'

data/lib/rodauth/features/recovery_codes.rb

@@ -28,6 +28,7 @@ module Rodauth
     redirect(:recovery_auth){"#{prefix}/#{recovery_auth_route}"}
     redirect(:add_recovery_codes){"#{prefix}/#{recovery_codes_route}"}
 
+    loaded_templates %w'add-recovery-codes recovery-auth recovery-codes password-field'
     view 'add-recovery-codes', 'Authentication Recovery Codes', 'add_recovery_codes'
     view 'recovery-auth', 'Enter Authentication Recovery Code', 'recovery_auth'
     view 'recovery-codes', 'View Authentication Recovery Codes', 'recovery_codes'

data/lib/rodauth/features/remember.rb

@@ -6,6 +6,7 @@ module Rodauth
 
     notice_flash "Your remember setting has been updated"
     error_flash "There was an error updating your remember setting"
+    loaded_templates %w'remember'
     view 'remember', 'Change Remember Setting'
     additional_form_tags
     button 'Change Remember Setting'

data/lib/rodauth/features/reset_password.rb

@@ -8,6 +8,7 @@ module Rodauth
     notice_flash "An email has been sent to you with a link to reset the password for your account", 'reset_password_email_sent'
     error_flash "There was an error resetting your password"
     error_flash "There was an error requesting a password reset", 'reset_password_request'
+    loaded_templates %w'reset-password password-field password-confirm-field reset-password-email'
     view 'reset-password', 'Reset Password'
     additional_form_tags
     additional_form_tags 'reset_password_request'
@@ -146,6 +147,8 @@ module Rodauth
             # existing reset password key from the table, or reraise.
             raise e unless @reset_password_key_value = get_password_reset_key(account_id)
           end
+        else
+          @reset_password_key_value = get_password_reset_key(account_id)
         end
       end
     end

data/lib/rodauth/features/sms_codes.rb

@@ -50,6 +50,7 @@ module Rodauth
     redirect(:sms_needs_setup){"#{prefix}/#{sms_setup_route}"}
     redirect(:sms_request){"#{prefix}/#{sms_request_route}"}
 
+    loaded_templates %w'sms-auth sms-confirm sms-disable sms-request sms-setup sms-code-field password-field'
     view 'sms-auth', 'Authenticate via SMS Code', 'sms_auth'
     view 'sms-confirm', 'Confirm SMS Backup Number', 'sms_confirm'
     view 'sms-disable', 'Disable Backup SMS Authentication', 'sms_disable'

data/lib/rodauth/features/verify_account.rb

@@ -8,6 +8,7 @@ module Rodauth
     error_flash "Unable to resend verify account email", 'verify_account_resend'
     notice_flash "Your account has been verified"
     notice_flash "An email has been sent to you with a link to verify your account", 'verify_account_email_sent'
+    loaded_templates %w'verify-account verify-account-resend verify-account-email'
     view 'verify-account', 'Verify Account'
     view 'verify-account-resend', 'Resend Verification Email', 'resend_verify_account'
     additional_form_tags

data/lib/rodauth/version.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  VERSION = '1.8.0'.freeze
+  VERSION = '1.9.0'.freeze
 
   def self.version
     VERSION

data/spec/login_spec.rb

@@ -133,7 +133,7 @@ describe 'Rodauth login feature' do
         r.rodauth
       end
       next unless session[:login_email] =~ /example/
-      r.get('foo/:email'){|e| "Logged In: #{e}"}
+      r.get('foo', :email){|e| "Logged In: #{e}"}
     end
     app.plugin :render, :views=>'spec/views', :engine=>'str'
 

data/spec/password_expiration_spec.rb

@@ -158,7 +158,7 @@ describe 'Rodauth password expiration feature' do
     roda do |r|
       r.rodauth
       rodauth.require_current_password
-      r.get("expire/:d"){|d| session[:password_changed_at] = Time.now.to_i - d.to_i; r.redirect '/'}
+      r.get("expire", :d){|d| session[:password_changed_at] = Time.now.to_i - d.to_i; r.redirect '/'}
       r.root{view :content=>""}
     end
 

data/spec/reset_password_spec.rb

@@ -23,6 +23,10 @@ describe 'Rodauth reset_password feature' do
     visit link[0...-1]
     page.find('#error_flash').text.must_equal "invalid password reset key"
 
+    login(:pass=>'01234567', :visit=>false)
+    click_button 'Request Password Reset'
+    email_link(/(\/reset-password\?key=.+)$/).must_equal link
+
     visit link
     page.title.must_equal 'Reset Password'
 

data/spec/rodauth_spec.rb

@@ -25,6 +25,19 @@ describe 'Rodauth' do
     page.title.must_equal 'Foo Login'
   end
 
+  it "should work without preloading the templates" do
+    @no_precompile = true
+    rodauth do
+      enable :login
+    end
+    roda do |r|
+      r.rodauth
+    end
+
+    visit '/login'
+    page.title.must_equal 'Login'
+  end
+
   it "should require login to perform certain actions" do
     rodauth do
       enable :login, :change_password, :change_login, :close_account

data/spec/spec_helper.rb

@@ -42,7 +42,8 @@ require 'tilt/string'
 
 db_url = ENV['RODAUTH_SPEC_DB'] || 'postgres:///?user=rodauth_test&password=rodauth_test'
 DB = Sequel.connect(db_url, :identifier_mangling=>false)
-DB.extension(:freeze_datasets)
+DB.extension :freeze_datasets, :date_arithmetic
+DB.freeze
 puts "using #{DB.database_type}"
 
 #DB.loggers << Logger.new($stdout)
@@ -98,6 +99,9 @@ class Minitest::HooksSpec
     jwt = type == :jwt || type == :jwt_html
 
     app = Class.new(jwt_only ? JsonBase : Base)
+    app.opts[:unsupported_block_result] = :raise
+    app.opts[:unsupported_matcher] = :raise
+    app.opts[:verbatim_string_matcher] = true
     rodauth_block = @rodauth_block
     opts = type.is_a?(Hash) ? type : {}
 
@@ -116,6 +120,7 @@ class Minitest::HooksSpec
       instance_exec(&rodauth_block)
     end
     app.route(&block)
+    app.precompile_rodauth_templates unless @no_precompile || jwt_only
     app.freeze unless @no_freeze
     self.app = app
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.9.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-06 00:00:00.000000000 Z
+date: 2017-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -235,6 +235,7 @@ extra_rdoc_files:
 - doc/release_notes/1.6.0.txt
 - doc/release_notes/1.7.0.txt
 - doc/release_notes/1.8.0.txt
+- doc/release_notes/1.9.0.txt
 files:
 - CHANGELOG
 - MIT-LICENSE
@@ -269,6 +270,7 @@ files:
 - doc/release_notes/1.6.0.txt
 - doc/release_notes/1.7.0.txt
 - doc/release_notes/1.8.0.txt
+- doc/release_notes/1.9.0.txt
 - doc/remember.rdoc
 - doc/reset_password.rdoc
 - doc/session_expiration.rdoc