rodauth 2.1.0 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +56 -0
  3. data/README.rdoc +14 -0
  4. data/doc/base.rdoc +3 -1
  5. data/doc/guides/admin_activation.rdoc +46 -0
  6. data/doc/guides/already_authenticated.rdoc +10 -0
  7. data/doc/guides/alternative_login.rdoc +46 -0
  8. data/doc/guides/create_account_programmatically.rdoc +38 -0
  9. data/doc/guides/delay_password.rdoc +25 -0
  10. data/doc/guides/email_only.rdoc +16 -0
  11. data/doc/guides/i18n.rdoc +26 -0
  12. data/doc/{internals.rdoc → guides/internals.rdoc} +0 -0
  13. data/doc/guides/links.rdoc +12 -0
  14. data/doc/guides/login_return.rdoc +37 -0
  15. data/doc/guides/password_column.rdoc +25 -0
  16. data/doc/guides/password_confirmation.rdoc +37 -0
  17. data/doc/guides/password_requirements.rdoc +30 -0
  18. data/doc/guides/paths.rdoc +36 -0
  19. data/doc/guides/query_params.rdoc +9 -0
  20. data/doc/guides/redirects.rdoc +17 -0
  21. data/doc/guides/registration_field.rdoc +68 -0
  22. data/doc/guides/require_mfa.rdoc +30 -0
  23. data/doc/guides/reset_password_autologin.rdoc +21 -0
  24. data/doc/guides/status_column.rdoc +28 -0
  25. data/doc/guides/totp_or_recovery.rdoc +16 -0
  26. data/doc/jwt_refresh.rdoc +17 -0
  27. data/doc/login.rdoc +8 -0
  28. data/doc/login_password_requirements_base.rdoc +3 -0
  29. data/doc/otp.rdoc +1 -0
  30. data/doc/password_pepper.rdoc +44 -0
  31. data/doc/release_notes/2.2.0.txt +39 -0
  32. data/doc/release_notes/2.3.0.txt +37 -0
  33. data/doc/release_notes/2.4.0.txt +22 -0
  34. data/doc/release_notes/2.5.0.txt +20 -0
  35. data/doc/release_notes/2.6.0.txt +37 -0
  36. data/doc/verify_login_change.rdoc +1 -0
  37. data/javascript/webauthn_auth.js +9 -9
  38. data/javascript/webauthn_setup.js +9 -6
  39. data/lib/rodauth.rb +13 -9
  40. data/lib/rodauth/features/active_sessions.rb +5 -7
  41. data/lib/rodauth/features/audit_logging.rb +2 -0
  42. data/lib/rodauth/features/base.rb +18 -3
  43. data/lib/rodauth/features/change_password.rb +1 -1
  44. data/lib/rodauth/features/close_account.rb +8 -6
  45. data/lib/rodauth/features/confirm_password.rb +2 -2
  46. data/lib/rodauth/features/disallow_password_reuse.rb +4 -2
  47. data/lib/rodauth/features/email_auth.rb +2 -2
  48. data/lib/rodauth/features/jwt.rb +10 -7
  49. data/lib/rodauth/features/jwt_cors.rb +15 -15
  50. data/lib/rodauth/features/jwt_refresh.rb +76 -10
  51. data/lib/rodauth/features/login.rb +23 -12
  52. data/lib/rodauth/features/login_password_requirements_base.rb +9 -4
  53. data/lib/rodauth/features/otp.rb +5 -1
  54. data/lib/rodauth/features/password_complexity.rb +4 -2
  55. data/lib/rodauth/features/password_pepper.rb +45 -0
  56. data/lib/rodauth/features/remember.rb +2 -0
  57. data/lib/rodauth/features/session_expiration.rb +1 -6
  58. data/lib/rodauth/features/single_session.rb +1 -1
  59. data/lib/rodauth/features/sms_codes.rb +0 -1
  60. data/lib/rodauth/features/two_factor_base.rb +4 -4
  61. data/lib/rodauth/features/verify_account.rb +10 -6
  62. data/lib/rodauth/features/verify_account_grace_period.rb +2 -4
  63. data/lib/rodauth/features/verify_login_change.rb +2 -1
  64. data/lib/rodauth/features/webauthn.rb +1 -3
  65. data/lib/rodauth/features/webauthn_login.rb +1 -1
  66. data/lib/rodauth/migrations.rb +16 -5
  67. data/lib/rodauth/version.rb +1 -1
  68. metadata +37 -5
@@ -53,10 +53,7 @@ module Rodauth
53
53
  end
54
54
 
55
55
  def allow_email_auth?
56
- if defined?(super)
57
- return false unless super
58
- end
59
- !account_in_unverified_grace_period?
56
+ (defined?(super) ? super : true) && !account_in_unverified_grace_period?
60
57
  end
61
58
 
62
59
  def verify_account_check_already_logged_in
@@ -75,6 +72,7 @@ module Rodauth
75
72
  end
76
73
 
77
74
  def account_in_unverified_grace_period?
75
+ account || account_from_session
78
76
  account[account_status_column] == account_unverified_status_value &&
79
77
  verify_account_grace_period &&
80
78
  !verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty?
@@ -8,6 +8,7 @@ module Rodauth
8
8
  error_flash "Unable to change login as there is already an account with the new login", 'verify_login_change_duplicate_account'
9
9
  error_flash "There was an error verifying your login change: invalid verify login change key", 'no_matching_verify_login_change_key'
10
10
  notice_flash "Your login change has been verified"
11
+ notice_flash "An email has been sent to you with a link to verify your login change", 'change_login_needs_verification'
11
12
  loaded_templates %w'verify-login-change verify-login-change-email'
12
13
  view 'verify-login-change', 'Verify Login Change'
13
14
  additional_form_tags
@@ -131,7 +132,7 @@ module Rodauth
131
132
  end
132
133
 
133
134
  def change_login_notice_flash
134
- "An email has been sent to you with a link to verify your login change"
135
+ change_login_needs_verification_notice_flash
135
136
  end
136
137
 
137
138
  def verify_login_change_old_login
@@ -377,9 +377,7 @@ module Rodauth
377
377
  end
378
378
 
379
379
  def remove_webauthn_key(webauthn_id)
380
- ret = webauthn_keys_ds.where(webauthn_keys_webauthn_id_column=>webauthn_id).delete == 1
381
- super if defined?(super)
382
- ret
380
+ webauthn_keys_ds.where(webauthn_keys_webauthn_id_column=>webauthn_id).delete == 1
383
381
  end
384
382
 
385
383
  def remove_all_webauthn_keys_and_user_ids
@@ -22,7 +22,7 @@ module Rodauth
22
22
 
23
23
  webauthn_credential = webauthn_auth_credential_from_form_submission
24
24
  before_webauthn_login
25
- _login('webauthn') do
25
+ login('webauthn') do
26
26
  webauthn_update_session(webauthn_credential.id)
27
27
  end
28
28
  end
@@ -9,9 +9,14 @@ module Rodauth
9
9
  case db.database_type
10
10
  when :postgres
11
11
  search_path = opts[:search_path] || 'public, pg_temp'
12
+ primary_key_type =
13
+ case db.schema(table_name).find { |row| row.first == :id }[1][:db_type]
14
+ when 'uuid' then :uuid
15
+ else :int8
16
+ end
12
17
 
13
18
  db.run <<END
14
- CREATE OR REPLACE FUNCTION #{get_salt_name}(acct_id int8) RETURNS text AS $$
19
+ CREATE OR REPLACE FUNCTION #{get_salt_name}(acct_id #{primary_key_type}) RETURNS text AS $$
15
20
  DECLARE salt text;
16
21
  BEGIN
17
22
  SELECT substr(password_hash, 0, 30) INTO salt
@@ -25,7 +30,7 @@ SET search_path = #{search_path};
25
30
  END
26
31
 
27
32
  db.run <<END
28
- CREATE OR REPLACE FUNCTION #{valid_hash_name}(acct_id int8, hash text) RETURNS boolean AS $$
33
+ CREATE OR REPLACE FUNCTION #{valid_hash_name}(acct_id #{primary_key_type}, hash text) RETURNS boolean AS $$
29
34
  DECLARE valid boolean;
30
35
  BEGIN
31
36
  SELECT password_hash = hash INTO valid
@@ -100,13 +105,19 @@ END
100
105
  end
101
106
 
102
107
  def self.drop_database_authentication_functions(db, opts={})
108
+ table_name = opts[:table_name] || :account_password_hashes
103
109
  get_salt_name = opts[:get_salt_name] || :rodauth_get_salt
104
110
  valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash
105
111
 
106
112
  case db.database_type
107
113
  when :postgres
108
- db.run "DROP FUNCTION #{get_salt_name}(int8)"
109
- db.run "DROP FUNCTION #{valid_hash_name}(int8, text)"
114
+ primary_key_type =
115
+ case db.schema(table_name).find { |row| row.first == :id }[1][:db_type]
116
+ when 'uuid' then :uuid
117
+ else :int8
118
+ end
119
+ db.run "DROP FUNCTION #{get_salt_name}(#{primary_key_type})"
120
+ db.run "DROP FUNCTION #{valid_hash_name}(#{primary_key_type}, text)"
110
121
  when :mysql, :mssql
111
122
  db.run "DROP FUNCTION #{get_salt_name}"
112
123
  db.run "DROP FUNCTION #{valid_hash_name}"
@@ -118,6 +129,6 @@ END
118
129
  end
119
130
 
120
131
  def self.drop_database_previous_password_check_functions(db, opts={})
121
- drop_database_authentication_functions(db, {:get_salt_name=>:rodauth_get_previous_salt, :valid_hash_name=>:rodauth_previous_password_hash_match}.merge(opts))
132
+ drop_database_authentication_functions(db, {:table_name=>:account_previous_password_hashes, :get_salt_name=>:rodauth_get_previous_salt, :valid_hash_name=>:rodauth_previous_password_hash_match}.merge(opts))
122
133
  end
123
134
  end
@@ -6,7 +6,7 @@ module Rodauth
6
6
  MAJOR = 2
7
7
 
8
8
  # The minor version of Rodauth, updated for new feature releases of Rodauth.
9
- MINOR = 1
9
+ MINOR = 6
10
10
 
11
11
  # The patch version of Rodauth, updated only for bug fixes from the last
12
12
  # feature release.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Evans
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-06-09 00:00:00.000000000 Z
11
+ date: 2020-11-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sequel
@@ -247,7 +247,6 @@ extra_rdoc_files:
247
247
  - doc/http_basic_auth.rdoc
248
248
  - doc/create_account.rdoc
249
249
  - doc/email_base.rdoc
250
- - doc/internals.rdoc
251
250
  - doc/disallow_common_passwords.rdoc
252
251
  - doc/disallow_password_reuse.rdoc
253
252
  - doc/password_complexity.rdoc
@@ -278,6 +277,7 @@ extra_rdoc_files:
278
277
  - doc/webauthn_verify_account.rdoc
279
278
  - doc/active_sessions.rdoc
280
279
  - doc/audit_logging.rdoc
280
+ - doc/password_pepper.rdoc
281
281
  - doc/release_notes/1.17.0.txt
282
282
  - doc/release_notes/1.0.0.txt
283
283
  - doc/release_notes/1.1.0.txt
@@ -304,6 +304,11 @@ extra_rdoc_files:
304
304
  - doc/release_notes/1.23.0.txt
305
305
  - doc/release_notes/2.0.0.txt
306
306
  - doc/release_notes/2.1.0.txt
307
+ - doc/release_notes/2.2.0.txt
308
+ - doc/release_notes/2.3.0.txt
309
+ - doc/release_notes/2.4.0.txt
310
+ - doc/release_notes/2.5.0.txt
311
+ - doc/release_notes/2.6.0.txt
307
312
  files:
308
313
  - CHANGELOG
309
314
  - MIT-LICENSE
@@ -323,8 +328,28 @@ files:
323
328
  - doc/disallow_password_reuse.rdoc
324
329
  - doc/email_auth.rdoc
325
330
  - doc/email_base.rdoc
331
+ - doc/guides/admin_activation.rdoc
332
+ - doc/guides/already_authenticated.rdoc
333
+ - doc/guides/alternative_login.rdoc
334
+ - doc/guides/create_account_programmatically.rdoc
335
+ - doc/guides/delay_password.rdoc
336
+ - doc/guides/email_only.rdoc
337
+ - doc/guides/i18n.rdoc
338
+ - doc/guides/internals.rdoc
339
+ - doc/guides/links.rdoc
340
+ - doc/guides/login_return.rdoc
341
+ - doc/guides/password_column.rdoc
342
+ - doc/guides/password_confirmation.rdoc
343
+ - doc/guides/password_requirements.rdoc
344
+ - doc/guides/paths.rdoc
345
+ - doc/guides/query_params.rdoc
346
+ - doc/guides/redirects.rdoc
347
+ - doc/guides/registration_field.rdoc
348
+ - doc/guides/require_mfa.rdoc
349
+ - doc/guides/reset_password_autologin.rdoc
350
+ - doc/guides/status_column.rdoc
351
+ - doc/guides/totp_or_recovery.rdoc
326
352
  - doc/http_basic_auth.rdoc
327
- - doc/internals.rdoc
328
353
  - doc/jwt.rdoc
329
354
  - doc/jwt_cors.rdoc
330
355
  - doc/jwt_refresh.rdoc
@@ -336,6 +361,7 @@ files:
336
361
  - doc/password_complexity.rdoc
337
362
  - doc/password_expiration.rdoc
338
363
  - doc/password_grace_period.rdoc
364
+ - doc/password_pepper.rdoc
339
365
  - doc/recovery_codes.rdoc
340
366
  - doc/release_notes/1.0.0.txt
341
367
  - doc/release_notes/1.1.0.txt
@@ -363,6 +389,11 @@ files:
363
389
  - doc/release_notes/1.9.0.txt
364
390
  - doc/release_notes/2.0.0.txt
365
391
  - doc/release_notes/2.1.0.txt
392
+ - doc/release_notes/2.2.0.txt
393
+ - doc/release_notes/2.3.0.txt
394
+ - doc/release_notes/2.4.0.txt
395
+ - doc/release_notes/2.5.0.txt
396
+ - doc/release_notes/2.6.0.txt
366
397
  - doc/remember.rdoc
367
398
  - doc/reset_password.rdoc
368
399
  - doc/session_expiration.rdoc
@@ -406,6 +437,7 @@ files:
406
437
  - lib/rodauth/features/password_complexity.rb
407
438
  - lib/rodauth/features/password_expiration.rb
408
439
  - lib/rodauth/features/password_grace_period.rb
440
+ - lib/rodauth/features/password_pepper.rb
409
441
  - lib/rodauth/features/recovery_codes.rb
410
442
  - lib/rodauth/features/remember.rb
411
443
  - lib/rodauth/features/reset_password.rb
@@ -505,7 +537,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
505
537
  - !ruby/object:Gem::Version
506
538
  version: '0'
507
539
  requirements: []
508
- rubygems_version: 3.1.2
540
+ rubygems_version: 3.1.4
509
541
  signing_key:
510
542
  specification_version: 4
511
543
  summary: Authentication and Account Management Framework for Rack Applications