rodauth 2.1.0 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +56 -0
- data/README.rdoc +14 -0
- data/doc/base.rdoc +3 -1
- data/doc/guides/admin_activation.rdoc +46 -0
- data/doc/guides/already_authenticated.rdoc +10 -0
- data/doc/guides/alternative_login.rdoc +46 -0
- data/doc/guides/create_account_programmatically.rdoc +38 -0
- data/doc/guides/delay_password.rdoc +25 -0
- data/doc/guides/email_only.rdoc +16 -0
- data/doc/guides/i18n.rdoc +26 -0
- data/doc/{internals.rdoc → guides/internals.rdoc} +0 -0
- data/doc/guides/links.rdoc +12 -0
- data/doc/guides/login_return.rdoc +37 -0
- data/doc/guides/password_column.rdoc +25 -0
- data/doc/guides/password_confirmation.rdoc +37 -0
- data/doc/guides/password_requirements.rdoc +30 -0
- data/doc/guides/paths.rdoc +36 -0
- data/doc/guides/query_params.rdoc +9 -0
- data/doc/guides/redirects.rdoc +17 -0
- data/doc/guides/registration_field.rdoc +68 -0
- data/doc/guides/require_mfa.rdoc +30 -0
- data/doc/guides/reset_password_autologin.rdoc +21 -0
- data/doc/guides/status_column.rdoc +28 -0
- data/doc/guides/totp_or_recovery.rdoc +16 -0
- data/doc/jwt_refresh.rdoc +17 -0
- data/doc/login.rdoc +8 -0
- data/doc/login_password_requirements_base.rdoc +3 -0
- data/doc/otp.rdoc +1 -0
- data/doc/password_pepper.rdoc +44 -0
- data/doc/release_notes/2.2.0.txt +39 -0
- data/doc/release_notes/2.3.0.txt +37 -0
- data/doc/release_notes/2.4.0.txt +22 -0
- data/doc/release_notes/2.5.0.txt +20 -0
- data/doc/release_notes/2.6.0.txt +37 -0
- data/doc/verify_login_change.rdoc +1 -0
- data/javascript/webauthn_auth.js +9 -9
- data/javascript/webauthn_setup.js +9 -6
- data/lib/rodauth.rb +13 -9
- data/lib/rodauth/features/active_sessions.rb +5 -7
- data/lib/rodauth/features/audit_logging.rb +2 -0
- data/lib/rodauth/features/base.rb +18 -3
- data/lib/rodauth/features/change_password.rb +1 -1
- data/lib/rodauth/features/close_account.rb +8 -6
- data/lib/rodauth/features/confirm_password.rb +2 -2
- data/lib/rodauth/features/disallow_password_reuse.rb +4 -2
- data/lib/rodauth/features/email_auth.rb +2 -2
- data/lib/rodauth/features/jwt.rb +10 -7
- data/lib/rodauth/features/jwt_cors.rb +15 -15
- data/lib/rodauth/features/jwt_refresh.rb +76 -10
- data/lib/rodauth/features/login.rb +23 -12
- data/lib/rodauth/features/login_password_requirements_base.rb +9 -4
- data/lib/rodauth/features/otp.rb +5 -1
- data/lib/rodauth/features/password_complexity.rb +4 -2
- data/lib/rodauth/features/password_pepper.rb +45 -0
- data/lib/rodauth/features/remember.rb +2 -0
- data/lib/rodauth/features/session_expiration.rb +1 -6
- data/lib/rodauth/features/single_session.rb +1 -1
- data/lib/rodauth/features/sms_codes.rb +0 -1
- data/lib/rodauth/features/two_factor_base.rb +4 -4
- data/lib/rodauth/features/verify_account.rb +10 -6
- data/lib/rodauth/features/verify_account_grace_period.rb +2 -4
- data/lib/rodauth/features/verify_login_change.rb +2 -1
- data/lib/rodauth/features/webauthn.rb +1 -3
- data/lib/rodauth/features/webauthn_login.rb +1 -1
- data/lib/rodauth/migrations.rb +16 -5
- data/lib/rodauth/version.rb +1 -1
- metadata +37 -5
@@ -53,10 +53,7 @@ module Rodauth
|
|
53
53
|
end
|
54
54
|
|
55
55
|
def allow_email_auth?
|
56
|
-
|
57
|
-
return false unless super
|
58
|
-
end
|
59
|
-
!account_in_unverified_grace_period?
|
56
|
+
(defined?(super) ? super : true) && !account_in_unverified_grace_period?
|
60
57
|
end
|
61
58
|
|
62
59
|
def verify_account_check_already_logged_in
|
@@ -75,6 +72,7 @@ module Rodauth
|
|
75
72
|
end
|
76
73
|
|
77
74
|
def account_in_unverified_grace_period?
|
75
|
+
account || account_from_session
|
78
76
|
account[account_status_column] == account_unverified_status_value &&
|
79
77
|
verify_account_grace_period &&
|
80
78
|
!verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty?
|
@@ -8,6 +8,7 @@ module Rodauth
|
|
8
8
|
error_flash "Unable to change login as there is already an account with the new login", 'verify_login_change_duplicate_account'
|
9
9
|
error_flash "There was an error verifying your login change: invalid verify login change key", 'no_matching_verify_login_change_key'
|
10
10
|
notice_flash "Your login change has been verified"
|
11
|
+
notice_flash "An email has been sent to you with a link to verify your login change", 'change_login_needs_verification'
|
11
12
|
loaded_templates %w'verify-login-change verify-login-change-email'
|
12
13
|
view 'verify-login-change', 'Verify Login Change'
|
13
14
|
additional_form_tags
|
@@ -131,7 +132,7 @@ module Rodauth
|
|
131
132
|
end
|
132
133
|
|
133
134
|
def change_login_notice_flash
|
134
|
-
|
135
|
+
change_login_needs_verification_notice_flash
|
135
136
|
end
|
136
137
|
|
137
138
|
def verify_login_change_old_login
|
@@ -377,9 +377,7 @@ module Rodauth
|
|
377
377
|
end
|
378
378
|
|
379
379
|
def remove_webauthn_key(webauthn_id)
|
380
|
-
|
381
|
-
super if defined?(super)
|
382
|
-
ret
|
380
|
+
webauthn_keys_ds.where(webauthn_keys_webauthn_id_column=>webauthn_id).delete == 1
|
383
381
|
end
|
384
382
|
|
385
383
|
def remove_all_webauthn_keys_and_user_ids
|
data/lib/rodauth/migrations.rb
CHANGED
@@ -9,9 +9,14 @@ module Rodauth
|
|
9
9
|
case db.database_type
|
10
10
|
when :postgres
|
11
11
|
search_path = opts[:search_path] || 'public, pg_temp'
|
12
|
+
primary_key_type =
|
13
|
+
case db.schema(table_name).find { |row| row.first == :id }[1][:db_type]
|
14
|
+
when 'uuid' then :uuid
|
15
|
+
else :int8
|
16
|
+
end
|
12
17
|
|
13
18
|
db.run <<END
|
14
|
-
CREATE OR REPLACE FUNCTION #{get_salt_name}(acct_id
|
19
|
+
CREATE OR REPLACE FUNCTION #{get_salt_name}(acct_id #{primary_key_type}) RETURNS text AS $$
|
15
20
|
DECLARE salt text;
|
16
21
|
BEGIN
|
17
22
|
SELECT substr(password_hash, 0, 30) INTO salt
|
@@ -25,7 +30,7 @@ SET search_path = #{search_path};
|
|
25
30
|
END
|
26
31
|
|
27
32
|
db.run <<END
|
28
|
-
CREATE OR REPLACE FUNCTION #{valid_hash_name}(acct_id
|
33
|
+
CREATE OR REPLACE FUNCTION #{valid_hash_name}(acct_id #{primary_key_type}, hash text) RETURNS boolean AS $$
|
29
34
|
DECLARE valid boolean;
|
30
35
|
BEGIN
|
31
36
|
SELECT password_hash = hash INTO valid
|
@@ -100,13 +105,19 @@ END
|
|
100
105
|
end
|
101
106
|
|
102
107
|
def self.drop_database_authentication_functions(db, opts={})
|
108
|
+
table_name = opts[:table_name] || :account_password_hashes
|
103
109
|
get_salt_name = opts[:get_salt_name] || :rodauth_get_salt
|
104
110
|
valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash
|
105
111
|
|
106
112
|
case db.database_type
|
107
113
|
when :postgres
|
108
|
-
|
109
|
-
|
114
|
+
primary_key_type =
|
115
|
+
case db.schema(table_name).find { |row| row.first == :id }[1][:db_type]
|
116
|
+
when 'uuid' then :uuid
|
117
|
+
else :int8
|
118
|
+
end
|
119
|
+
db.run "DROP FUNCTION #{get_salt_name}(#{primary_key_type})"
|
120
|
+
db.run "DROP FUNCTION #{valid_hash_name}(#{primary_key_type}, text)"
|
110
121
|
when :mysql, :mssql
|
111
122
|
db.run "DROP FUNCTION #{get_salt_name}"
|
112
123
|
db.run "DROP FUNCTION #{valid_hash_name}"
|
@@ -118,6 +129,6 @@ END
|
|
118
129
|
end
|
119
130
|
|
120
131
|
def self.drop_database_previous_password_check_functions(db, opts={})
|
121
|
-
drop_database_authentication_functions(db, {:get_salt_name=>:rodauth_get_previous_salt, :valid_hash_name=>:rodauth_previous_password_hash_match}.merge(opts))
|
132
|
+
drop_database_authentication_functions(db, {:table_name=>:account_previous_password_hashes, :get_salt_name=>:rodauth_get_previous_salt, :valid_hash_name=>:rodauth_previous_password_hash_match}.merge(opts))
|
122
133
|
end
|
123
134
|
end
|
data/lib/rodauth/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeremy Evans
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-11-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sequel
|
@@ -247,7 +247,6 @@ extra_rdoc_files:
|
|
247
247
|
- doc/http_basic_auth.rdoc
|
248
248
|
- doc/create_account.rdoc
|
249
249
|
- doc/email_base.rdoc
|
250
|
-
- doc/internals.rdoc
|
251
250
|
- doc/disallow_common_passwords.rdoc
|
252
251
|
- doc/disallow_password_reuse.rdoc
|
253
252
|
- doc/password_complexity.rdoc
|
@@ -278,6 +277,7 @@ extra_rdoc_files:
|
|
278
277
|
- doc/webauthn_verify_account.rdoc
|
279
278
|
- doc/active_sessions.rdoc
|
280
279
|
- doc/audit_logging.rdoc
|
280
|
+
- doc/password_pepper.rdoc
|
281
281
|
- doc/release_notes/1.17.0.txt
|
282
282
|
- doc/release_notes/1.0.0.txt
|
283
283
|
- doc/release_notes/1.1.0.txt
|
@@ -304,6 +304,11 @@ extra_rdoc_files:
|
|
304
304
|
- doc/release_notes/1.23.0.txt
|
305
305
|
- doc/release_notes/2.0.0.txt
|
306
306
|
- doc/release_notes/2.1.0.txt
|
307
|
+
- doc/release_notes/2.2.0.txt
|
308
|
+
- doc/release_notes/2.3.0.txt
|
309
|
+
- doc/release_notes/2.4.0.txt
|
310
|
+
- doc/release_notes/2.5.0.txt
|
311
|
+
- doc/release_notes/2.6.0.txt
|
307
312
|
files:
|
308
313
|
- CHANGELOG
|
309
314
|
- MIT-LICENSE
|
@@ -323,8 +328,28 @@ files:
|
|
323
328
|
- doc/disallow_password_reuse.rdoc
|
324
329
|
- doc/email_auth.rdoc
|
325
330
|
- doc/email_base.rdoc
|
331
|
+
- doc/guides/admin_activation.rdoc
|
332
|
+
- doc/guides/already_authenticated.rdoc
|
333
|
+
- doc/guides/alternative_login.rdoc
|
334
|
+
- doc/guides/create_account_programmatically.rdoc
|
335
|
+
- doc/guides/delay_password.rdoc
|
336
|
+
- doc/guides/email_only.rdoc
|
337
|
+
- doc/guides/i18n.rdoc
|
338
|
+
- doc/guides/internals.rdoc
|
339
|
+
- doc/guides/links.rdoc
|
340
|
+
- doc/guides/login_return.rdoc
|
341
|
+
- doc/guides/password_column.rdoc
|
342
|
+
- doc/guides/password_confirmation.rdoc
|
343
|
+
- doc/guides/password_requirements.rdoc
|
344
|
+
- doc/guides/paths.rdoc
|
345
|
+
- doc/guides/query_params.rdoc
|
346
|
+
- doc/guides/redirects.rdoc
|
347
|
+
- doc/guides/registration_field.rdoc
|
348
|
+
- doc/guides/require_mfa.rdoc
|
349
|
+
- doc/guides/reset_password_autologin.rdoc
|
350
|
+
- doc/guides/status_column.rdoc
|
351
|
+
- doc/guides/totp_or_recovery.rdoc
|
326
352
|
- doc/http_basic_auth.rdoc
|
327
|
-
- doc/internals.rdoc
|
328
353
|
- doc/jwt.rdoc
|
329
354
|
- doc/jwt_cors.rdoc
|
330
355
|
- doc/jwt_refresh.rdoc
|
@@ -336,6 +361,7 @@ files:
|
|
336
361
|
- doc/password_complexity.rdoc
|
337
362
|
- doc/password_expiration.rdoc
|
338
363
|
- doc/password_grace_period.rdoc
|
364
|
+
- doc/password_pepper.rdoc
|
339
365
|
- doc/recovery_codes.rdoc
|
340
366
|
- doc/release_notes/1.0.0.txt
|
341
367
|
- doc/release_notes/1.1.0.txt
|
@@ -363,6 +389,11 @@ files:
|
|
363
389
|
- doc/release_notes/1.9.0.txt
|
364
390
|
- doc/release_notes/2.0.0.txt
|
365
391
|
- doc/release_notes/2.1.0.txt
|
392
|
+
- doc/release_notes/2.2.0.txt
|
393
|
+
- doc/release_notes/2.3.0.txt
|
394
|
+
- doc/release_notes/2.4.0.txt
|
395
|
+
- doc/release_notes/2.5.0.txt
|
396
|
+
- doc/release_notes/2.6.0.txt
|
366
397
|
- doc/remember.rdoc
|
367
398
|
- doc/reset_password.rdoc
|
368
399
|
- doc/session_expiration.rdoc
|
@@ -406,6 +437,7 @@ files:
|
|
406
437
|
- lib/rodauth/features/password_complexity.rb
|
407
438
|
- lib/rodauth/features/password_expiration.rb
|
408
439
|
- lib/rodauth/features/password_grace_period.rb
|
440
|
+
- lib/rodauth/features/password_pepper.rb
|
409
441
|
- lib/rodauth/features/recovery_codes.rb
|
410
442
|
- lib/rodauth/features/remember.rb
|
411
443
|
- lib/rodauth/features/reset_password.rb
|
@@ -505,7 +537,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
505
537
|
- !ruby/object:Gem::Version
|
506
538
|
version: '0'
|
507
539
|
requirements: []
|
508
|
-
rubygems_version: 3.1.
|
540
|
+
rubygems_version: 3.1.4
|
509
541
|
signing_key:
|
510
542
|
specification_version: 4
|
511
543
|
summary: Authentication and Account Management Framework for Rack Applications
|