rodauth 2.11.0 → 2.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +4 -0
- data/doc/active_sessions.rdoc +4 -0
- data/doc/release_notes/2.11.0.txt +1 -1
- data/doc/release_notes/2.12.0.txt +17 -0
- data/lib/rodauth/features/active_sessions.rb +28 -7
- data/lib/rodauth/version.rb +1 -1
- data/templates/unlock-account-email.str +1 -1
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 453992f6df1e1a41e30923334f53146ddd575015f57960dcdadb2b3d4bc496e9
|
|
4
|
+
data.tar.gz: 29172b14c9a5c6d88e36c827c4fbc9e4f61fbadadf6b656734ef7058e9dd4a13
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 956d8809e6ba87044e5aeba7712cc4e907604a632d7113084cda074bf675952fb4e3081cca5adf19a191df6d073e2b9068a313d8d26e81534b70f9eaba20688e
|
|
7
|
+
data.tar.gz: aaa0cde299ba115ea281bc18dfe5f02a0d2b35dd95231d9e69662ec340194569a288be916abb2fe0e258c50599c6ea6ef42791824f986d6dc2e295f5db67645a
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
=== 2.12.0 (2021-04-22)
|
|
2
|
+
|
|
3
|
+
* Add configuration methods to active_sessions plugin to control the inserting and updating of rows (janko) (#159)
|
|
4
|
+
|
|
1
5
|
=== 2.11.0 (2021-03-22)
|
|
2
6
|
|
|
3
7
|
* Add same_as_current_login_message and contains_null_byte_message configuration methods to increase translatability (dmitryzuev) (#158)
|
data/doc/active_sessions.rdoc
CHANGED
|
@@ -37,9 +37,13 @@ inactive_session_error_status :: The error status to use when a JSON request is
|
|
|
37
37
|
session_id_session_key :: The session key name to use for storing the session id.
|
|
38
38
|
session_inactivity_deadline :: The number of seconds since last use after which the session will be considered expired (1 day by default). Can be set to nil to not check session inactivity.
|
|
39
39
|
session_lifetime_deadline :: The number of seconds since session creation after which the session will be considered expired (30 days by default). Can be set to nil to not check session lifetimes.
|
|
40
|
+
update_current_session? :: Whether the update current session with +active_sessions_update_hash+. By default returns true if +session_inactivity_deadline+ is set.
|
|
40
41
|
|
|
41
42
|
== Auth Methods
|
|
42
43
|
|
|
44
|
+
active_sessions_insert_hash :: The hash to insert into the +active_sessions_table+.
|
|
45
|
+
active_sessions_key :: The active session key for the current account.
|
|
46
|
+
active_sessions_update_hash :: The hash to update the currently active session when +update_current_session?+ is true. By default updates last use to current time.
|
|
43
47
|
add_active_session :: Create a session id for the session and populate the session and add the session id to the database.
|
|
44
48
|
currently_active_session? :: Whether the session is currently active, by checking the database table.
|
|
45
49
|
handle_duplicate_active_session_id(exception) :: How to handle the case where a duplicate session id for the account is inserted into the table. Does nothing by default. This should only be called if the random number generator is broken.
|
|
@@ -23,7 +23,7 @@
|
|
|
23
23
|
block. Previously, you could only call configuration methods in
|
|
24
24
|
the block that added the feature, and enabling a feature in a
|
|
25
25
|
block that was already enabled in a previous block did not allow
|
|
26
|
-
the use of
|
|
26
|
+
the use of configuration methods related to the feature.
|
|
27
27
|
|
|
28
28
|
* Passing a block when loading the rodauth plugin is now optional.
|
|
29
29
|
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
= New Features
|
|
2
|
+
|
|
3
|
+
* The following configuration methods have been added to the
|
|
4
|
+
active_sessions feature:
|
|
5
|
+
|
|
6
|
+
* active_sessions_insert_hash
|
|
7
|
+
* active_sessions_key
|
|
8
|
+
* active_sessions_update_hash
|
|
9
|
+
* update_current_session?
|
|
10
|
+
|
|
11
|
+
These methods allow you to control what gets inserted and
|
|
12
|
+
updated into the active_sessions_table, and to control
|
|
13
|
+
whether to perform updates.
|
|
14
|
+
|
|
15
|
+
= Other Improvements
|
|
16
|
+
|
|
17
|
+
* A typo was fixed in the default unlock account email.
|
|
@@ -19,7 +19,12 @@ module Rodauth
|
|
|
19
19
|
auth_value_method :session_inactivity_deadline, 86400
|
|
20
20
|
auth_value_method(:session_lifetime_deadline, 86400*30)
|
|
21
21
|
|
|
22
|
+
auth_value_methods :update_current_session?
|
|
23
|
+
|
|
22
24
|
auth_methods(
|
|
25
|
+
:active_sessions_insert_hash,
|
|
26
|
+
:active_sessions_key,
|
|
27
|
+
:active_sessions_update_hash,
|
|
23
28
|
:add_active_session,
|
|
24
29
|
:currently_active_session?,
|
|
25
30
|
:handle_duplicate_active_session_id,
|
|
@@ -36,8 +41,8 @@ module Rodauth
|
|
|
36
41
|
ds = active_sessions_ds.
|
|
37
42
|
where(active_sessions_session_id_column => compute_hmac(session_id))
|
|
38
43
|
|
|
39
|
-
if
|
|
40
|
-
ds.update(
|
|
44
|
+
if update_current_session?
|
|
45
|
+
ds.update(active_sessions_update_hash) == 1
|
|
41
46
|
else
|
|
42
47
|
ds.count == 1
|
|
43
48
|
end
|
|
@@ -57,11 +62,9 @@ module Rodauth
|
|
|
57
62
|
end
|
|
58
63
|
|
|
59
64
|
def add_active_session
|
|
60
|
-
key =
|
|
65
|
+
key = generate_active_sessions_key
|
|
61
66
|
set_session_value(session_id_session_key, key)
|
|
62
|
-
if e = raises_uniqueness_violation?
|
|
63
|
-
active_sessions_ds.insert(active_sessions_account_id_column => session_value, active_sessions_session_id_column => compute_hmac(key))
|
|
64
|
-
end
|
|
67
|
+
if e = raises_uniqueness_violation?{active_sessions_ds.insert(active_sessions_insert_hash)}
|
|
65
68
|
handle_duplicate_active_session_id(e)
|
|
66
69
|
end
|
|
67
70
|
nil
|
|
@@ -104,7 +107,7 @@ module Rodauth
|
|
|
104
107
|
def after_refresh_token
|
|
105
108
|
super if defined?(super)
|
|
106
109
|
if prev_key = session[session_id_session_key]
|
|
107
|
-
key =
|
|
110
|
+
key = generate_active_sessions_key
|
|
108
111
|
set_session_value(session_id_session_key, key)
|
|
109
112
|
active_sessions_ds.
|
|
110
113
|
where(active_sessions_session_id_column => compute_hmac(prev_key)).
|
|
@@ -126,6 +129,20 @@ module Rodauth
|
|
|
126
129
|
super
|
|
127
130
|
end
|
|
128
131
|
|
|
132
|
+
attr_reader :active_sessions_key
|
|
133
|
+
|
|
134
|
+
def generate_active_sessions_key
|
|
135
|
+
@active_sessions_key = random_key
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
def active_sessions_insert_hash
|
|
139
|
+
{active_sessions_account_id_column => session_value, active_sessions_session_id_column => compute_hmac(active_sessions_key)}
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
def active_sessions_update_hash
|
|
143
|
+
{active_sessions_last_use_column => Sequel::CURRENT_TIMESTAMP}
|
|
144
|
+
end
|
|
145
|
+
|
|
129
146
|
def session_inactivity_deadline_condition
|
|
130
147
|
if deadline = session_inactivity_deadline
|
|
131
148
|
Sequel[active_sessions_last_use_column] < Sequel.date_sub(Sequel::CURRENT_TIMESTAMP, seconds: deadline)
|
|
@@ -145,6 +162,10 @@ module Rodauth
|
|
|
145
162
|
Sequel.|(*[cond, cond2].compact)
|
|
146
163
|
end
|
|
147
164
|
|
|
165
|
+
def update_current_session?
|
|
166
|
+
!!session_inactivity_deadline
|
|
167
|
+
end
|
|
168
|
+
|
|
148
169
|
def active_sessions_ds
|
|
149
170
|
db[active_sessions_table].
|
|
150
171
|
where(active_sessions_account_id_column=>session_value)
|
data/lib/rodauth/version.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
Someone has requested
|
|
1
|
+
Someone has requested that the account with this email be unlocked.
|
|
2
2
|
If you did not request the unlocking of this account, please ignore this
|
|
3
3
|
message. If you requested the unlocking of this account, please go to
|
|
4
4
|
#{rodauth.unlock_account_email_link}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.12.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sequel
|
|
@@ -322,6 +322,7 @@ extra_rdoc_files:
|
|
|
322
322
|
- doc/release_notes/2.1.0.txt
|
|
323
323
|
- doc/release_notes/2.10.0.txt
|
|
324
324
|
- doc/release_notes/2.11.0.txt
|
|
325
|
+
- doc/release_notes/2.12.0.txt
|
|
325
326
|
- doc/release_notes/2.2.0.txt
|
|
326
327
|
- doc/release_notes/2.3.0.txt
|
|
327
328
|
- doc/release_notes/2.4.0.txt
|
|
@@ -415,6 +416,7 @@ files:
|
|
|
415
416
|
- doc/release_notes/2.1.0.txt
|
|
416
417
|
- doc/release_notes/2.10.0.txt
|
|
417
418
|
- doc/release_notes/2.11.0.txt
|
|
419
|
+
- doc/release_notes/2.12.0.txt
|
|
418
420
|
- doc/release_notes/2.2.0.txt
|
|
419
421
|
- doc/release_notes/2.3.0.txt
|
|
420
422
|
- doc/release_notes/2.4.0.txt
|
|
@@ -568,7 +570,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
568
570
|
- !ruby/object:Gem::Version
|
|
569
571
|
version: '0'
|
|
570
572
|
requirements: []
|
|
571
|
-
rubygems_version: 3.2.
|
|
573
|
+
rubygems_version: 3.2.15
|
|
572
574
|
signing_key:
|
|
573
575
|
specification_version: 4
|
|
574
576
|
summary: Authentication and Account Management Framework for Rack Applications
|