rodauth 2.11.0 → 2.15.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (63) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +28 -0
  3. data/README.rdoc +29 -7
  4. data/doc/active_sessions.rdoc +4 -0
  5. data/doc/base.rdoc +1 -0
  6. data/doc/error_reasons.rdoc +73 -0
  7. data/doc/internal_request.rdoc +463 -0
  8. data/doc/path_class_methods.rdoc +10 -0
  9. data/doc/release_notes/2.11.0.txt +1 -1
  10. data/doc/release_notes/2.12.0.txt +17 -0
  11. data/doc/release_notes/2.13.0.txt +19 -0
  12. data/doc/release_notes/2.14.0.txt +17 -0
  13. data/doc/release_notes/2.15.0.txt +48 -0
  14. data/doc/remember.rdoc +1 -0
  15. data/lib/rodauth.rb +9 -2
  16. data/lib/rodauth/features/active_sessions.rb +29 -8
  17. data/lib/rodauth/features/base.rb +26 -1
  18. data/lib/rodauth/features/change_login.rb +6 -4
  19. data/lib/rodauth/features/change_password.rb +5 -3
  20. data/lib/rodauth/features/close_account.rb +3 -1
  21. data/lib/rodauth/features/confirm_password.rb +2 -2
  22. data/lib/rodauth/features/create_account.rb +6 -4
  23. data/lib/rodauth/features/disallow_common_passwords.rb +1 -1
  24. data/lib/rodauth/features/disallow_password_reuse.rb +1 -1
  25. data/lib/rodauth/features/email_auth.rb +6 -0
  26. data/lib/rodauth/features/internal_request.rb +367 -0
  27. data/lib/rodauth/features/jwt_refresh.rb +1 -1
  28. data/lib/rodauth/features/lockout.rb +15 -4
  29. data/lib/rodauth/features/login.rb +6 -3
  30. data/lib/rodauth/features/login_password_requirements_base.rb +15 -6
  31. data/lib/rodauth/features/otp.rb +13 -6
  32. data/lib/rodauth/features/password_complexity.rb +4 -4
  33. data/lib/rodauth/features/path_class_methods.rb +22 -0
  34. data/lib/rodauth/features/recovery_codes.rb +6 -2
  35. data/lib/rodauth/features/remember.rb +25 -10
  36. data/lib/rodauth/features/reset_password.rb +8 -4
  37. data/lib/rodauth/features/session_expiration.rb +1 -0
  38. data/lib/rodauth/features/single_session.rb +1 -0
  39. data/lib/rodauth/features/sms_codes.rb +17 -5
  40. data/lib/rodauth/features/two_factor_base.rb +6 -1
  41. data/lib/rodauth/features/verify_account.rb +8 -1
  42. data/lib/rodauth/features/verify_account_grace_period.rb +1 -1
  43. data/lib/rodauth/features/verify_login_change.rb +5 -2
  44. data/lib/rodauth/features/webauthn.rb +15 -14
  45. data/lib/rodauth/features/webauthn_login.rb +1 -1
  46. data/lib/rodauth/version.rb +1 -1
  47. data/templates/button.str +1 -1
  48. data/templates/change-password.str +2 -2
  49. data/templates/global-logout-field.str +1 -1
  50. data/templates/login-confirm-field.str +2 -2
  51. data/templates/login-display.str +2 -2
  52. data/templates/login-field.str +2 -2
  53. data/templates/otp-auth-code-field.str +2 -2
  54. data/templates/otp-setup.str +2 -2
  55. data/templates/password-confirm-field.str +2 -2
  56. data/templates/password-field.str +2 -2
  57. data/templates/recovery-auth.str +2 -2
  58. data/templates/remember.str +1 -1
  59. data/templates/sms-code-field.str +2 -2
  60. data/templates/sms-setup.str +2 -2
  61. data/templates/unlock-account-email.str +1 -1
  62. data/templates/webauthn-remove.str +1 -1
  63. metadata +19 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 52cc814306a88708a5ade63bfa8288521db20517fdac543217e86a084e8e189f
4
- data.tar.gz: ebd02824ee15ede1c58a5ca93c092d2372e953790f7535d0889521bc95b9dfd3
3
+ metadata.gz: 3abad4574361365b90229229928b653d049ad73e2e366195e10bb8ee565de323
4
+ data.tar.gz: 2fecb89ba5456f9aa8569eef019dbf7f9b7a3b7736b3da053ce15e5b4d67074c
5
5
  SHA512:
6
- metadata.gz: 435b51b083c4509626c0699c2298c641134b132e0c08fae0c738823f4230d35d2a714761b7afdb2c9a48bb7c025e653a2bce84ae88b07f21a2bd5b494b52e6cc
7
- data.tar.gz: 179b131a07064033a1c934360578f8b7a8703421133179255078063d9bde7621f9865c3bb00f51dceb313255e4d685804ba2f1a0ba2d109198f660802d6eda61
6
+ metadata.gz: 9086a3f18f04da0184af7fcaaa3c474ae3560e7b9c1b6b526cbbd8239ca4f2f47f2a44fe4e8681e349c5bb78a6e3f7529b5bd296d62ad92e1a1ac9188122a4ab
7
+ data.tar.gz: 2b67d509e6a0b0a61ca679f45238714b817d6eef1becb9e1ecfeab33d7e296d3f43ffa0a392d812981b8a3f096cbc868501c00f6661d1c72194cdfe0726ef842
data/CHANGELOG CHANGED
@@ -1,3 +1,31 @@
1
+ === 2.15.0 (2021-07-27)
2
+
3
+ * Add path_class_methods feature, for getting paths/URLs using class methods (jeremyevans)
4
+
5
+ * Make default base_url method use configured domain (janko) (#171)
6
+
7
+ * Add internal_request feature, for interacting with Rodauth by calling methods (jeremyevans, janko)
8
+
9
+ === 2.14.0 (2021-06-22)
10
+
11
+ * Make jwt_refresh feature allow refresh with expired access tokens even if prefix is not set correctly (jeremyevans) (#168)
12
+
13
+ * Make internal account_in_unverified_grace_period? method handle accounts missing or unverified accounts (janko, jeremyevans) (#167)
14
+
15
+ * Add remembered_session_id configuration method for getting session id from valid remember token if present (bjeanes) (#166)
16
+
17
+ === 2.13.0 (2021-05-22)
18
+
19
+ * Make jwt_refresh expired access token support work when using rodauth.check_active_sessions before calling r.rodauth (renchap) (#165)
20
+
21
+ * Update default templates to add classes for Bootstrap 5 compatibility (janko) (#164)
22
+
23
+ * Add set_error_reason configuration method to allow applications more finer grained error handling (renchap, jeremyevans) (#162)
24
+
25
+ === 2.12.0 (2021-04-22)
26
+
27
+ * Add configuration methods to active_sessions plugin to control the inserting and updating of rows (janko) (#159)
28
+
1
29
  === 2.11.0 (2021-03-22)
2
30
 
3
31
  * Add same_as_current_login_message and contains_null_byte_message configuration methods to increase translatability (dmitryzuev) (#158)
data/README.rdoc CHANGED
@@ -60,6 +60,8 @@ HTML and JSON API for all supported features.
60
60
  * Argon2
61
61
  * HTTP Basic Auth
62
62
  * Change Password Notify
63
+ * Internal Request
64
+ * Path Class Methods
63
65
 
64
66
  == Resources
65
67
 
@@ -68,7 +70,6 @@ Demo Site :: http://rodauth-demo.jeremyevans.net
68
70
  Source :: http://github.com/jeremyevans/rodauth
69
71
  Bugs :: http://github.com/jeremyevans/rodauth/issues
70
72
  Google Group :: https://groups.google.com/forum/#!forum/rodauth
71
- IRC :: irc://chat.freenode.net/#rodauth
72
73
 
73
74
  == Dependencies
74
75
 
@@ -85,9 +86,9 @@ bcrypt :: Used by default for password hashing, can be skipped
85
86
  if password_match? is overridden for custom authentication.
86
87
  argon2 :: Used by the argon2 feature as alternative to bcrypt for
87
88
  password hashing.
88
- mail :: Used by default for mailing in the reset password, verify
89
- account, verify_login_change, change_password_notify,
90
- lockout, and email_auth features.
89
+ mail :: Used by default for mailing in the reset_password, verify_account,
90
+ verify_login_change, change_password_notify, lockout, and
91
+ email_auth features.
91
92
  rotp :: Used by the otp feature
92
93
  rqrcode :: Used by the otp feature
93
94
  jwt :: Used by the jwt feature
@@ -831,7 +832,7 @@ overriding for all behavior, using any information from the request:
831
832
  plugin :rodauth do
832
833
  enable :login, :logout
833
834
  accounts_table do
834
- request.ip.start_with?("192.168.1") ? :admins : :users
835
+ request.ip.start_with?("192.168.1.") ? :admins : :users
835
836
  end
836
837
  end
837
838
 
@@ -880,6 +881,7 @@ view the appropriate file in the doc directory.
880
881
  * {Disallow Password Reuse}[rdoc-ref:doc/disallow_password_reuse.rdoc]
881
882
  * {Email Authentication}[rdoc-ref:doc/email_auth.rdoc]
882
883
  * {HTTP Basic Auth}[rdoc-ref:doc/http_basic_auth.rdoc]
884
+ * {Internal Request}[rdoc-ref:doc/internal_request.rdoc]
883
885
  * {JSON}[rdoc-ref:doc/json.rdoc]
884
886
  * {JWT CORS}[rdoc-ref:doc/jwt_cors.rdoc]
885
887
  * {JWT Refresh}[rdoc-ref:doc/jwt_refresh.rdoc]
@@ -892,6 +894,7 @@ view the appropriate file in the doc directory.
892
894
  * {Password Expiration}[rdoc-ref:doc/password_expiration.rdoc]
893
895
  * {Password Grace Period}[rdoc-ref:doc/password_grace_period.rdoc]
894
896
  * {Password Pepper}[rdoc-ref:doc/password_pepper.rdoc]
897
+ * {Path Class Methods}[rdoc-ref:doc/path_class_methods.rdoc]
895
898
  * {Recovery Codes}[rdoc-ref:doc/recovery_codes.rdoc]
896
899
  * {Remember}[rdoc-ref:doc/remember.rdoc]
897
900
  * {Reset Password}[rdoc-ref:doc/reset_password.rdoc]
@@ -1051,6 +1054,25 @@ authenticated_webauthn_id :: (webauthn feature) If the current session was
1051
1054
  URL to the route. Any options passed to this method will be converted
1052
1055
  into query parameters.
1053
1056
 
1057
+ === Calling Rodauth Methods for Other Accounts
1058
+
1059
+ In some cases, you may want to interact with Rodauth directly on behalf
1060
+ of a user. For example, let's say you want to create accounts or change passwords
1061
+ for existing accounts. Using Rodauth's internal_request feature, you can do this
1062
+ by:
1063
+
1064
+ plugin :rodauth do
1065
+ enable :create_account, :change_password, :internal_request
1066
+ end
1067
+ rodauth.create_account(login: 'foo@example.com', password: '...')
1068
+ rodauth.change_password(account_id: 24601, password: '...')
1069
+
1070
+ Here the +rodauth+ method is called as the Roda class level, which returns
1071
+ the appropriate <tt>Rodauth::Auth</tt> subclass. You call internal request
1072
+ methods on that class to perform actions on behalf of a user. See the
1073
+ {internal request feature documentation}[rdoc-ref:doc/internal_request.rdoc]
1074
+ for details.
1075
+
1054
1076
  === With Multiple Configurations
1055
1077
 
1056
1078
  Rodauth supports using multiple rodauth configurations in the same
@@ -1362,7 +1384,7 @@ custom methods that will be callable on the +rodauth+ object.
1362
1384
 
1363
1385
  === Using External Features
1364
1386
 
1365
- The enable configuration method is able to load features external to
1387
+ The +enable+ configuration method is able to load features external to
1366
1388
  Rodauth. You need to place the external feature file where it can be
1367
1389
  required via rodauth/features/feature_name. That file should
1368
1390
  use the following basic structure
@@ -1401,7 +1423,7 @@ use the following basic structure
1401
1423
  end
1402
1424
  end
1403
1425
 
1404
- See the {internals guide}[rdoc-ref:doc/internals.rdoc] for a more complete
1426
+ See the {internals guide}[rdoc-ref:doc/guides/internals.rdoc] for a more complete
1405
1427
  example of how to construct features.
1406
1428
 
1407
1429
  === Overriding Route-Level Behavior
@@ -37,9 +37,13 @@ inactive_session_error_status :: The error status to use when a JSON request is
37
37
  session_id_session_key :: The session key name to use for storing the session id.
38
38
  session_inactivity_deadline :: The number of seconds since last use after which the session will be considered expired (1 day by default). Can be set to nil to not check session inactivity.
39
39
  session_lifetime_deadline :: The number of seconds since session creation after which the session will be considered expired (30 days by default). Can be set to nil to not check session lifetimes.
40
+ update_current_session? :: Whether the update current session with +active_sessions_update_hash+. By default returns true if +session_inactivity_deadline+ is set.
40
41
 
41
42
  == Auth Methods
42
43
 
44
+ active_sessions_insert_hash :: The hash to insert into the +active_sessions_table+.
45
+ active_sessions_key :: The active session key for the current account.
46
+ active_sessions_update_hash :: The hash to update the currently active session when +update_current_session?+ is true. By default updates last use to current time.
43
47
  add_active_session :: Create a session id for the session and populate the session and add the session id to the database.
44
48
  currently_active_session? :: Whether the session is currently active, by checking the database table.
45
49
  handle_duplicate_active_session_id(exception) :: How to handle the case where a duplicate session id for the account is inserted into the table. Does nothing by default. This should only be called if the random number generator is broken.
data/doc/base.rdoc CHANGED
@@ -105,6 +105,7 @@ random_key :: A randomly generated string, used for creating tokens.
105
105
  redirect(path) :: Redirect the request to the given path.
106
106
  session_value :: The value for session_key in the current session.
107
107
  set_error_flash(message) :: Set the current error flash to the given message.
108
+ set_error_reason(reason) :: You can override this method to customize handling of specific error types (does nothing by default). Each separate error type has a separate reason symbol, you can see the {list of error reason symbols}[rdoc-ref:doc/error_reasons.rdoc].
108
109
  set_notice_flash(message) :: Set the next notice flash to the given message.
109
110
  set_notice_now_flash(message) :: Set the current notice flash to the given message.
110
111
  set_redirect_error_flash(message) :: Set the next error flash to the given message.
@@ -0,0 +1,73 @@
1
+ = Error Reasons
2
+
3
+ Rodauth allows for customizing response status codes and error
4
+ messages for each type of error. However, in some cases, the
5
+ response status code is too coarse for desired error handling
6
+ by the application (since many error types use the same status
7
+ code), and using the error message is too fragile since it may
8
+ be translated.
9
+
10
+ For this reason, Rodauth associates a fine grained reason for
11
+ each type of error. If an error occurs in Rodauth, it will
12
+ call the +set_error_reason+ method with a symbol for the
13
+ specific type of error. By default, this method does not do
14
+ anything, but you can use the +set_error_reason+ configuration
15
+ method to customize the error handling.
16
+
17
+ These are the currently supported error type symbols that
18
+ Rodauth will call +set_error_reason+ with:
19
+
20
+ * :account_locked_out
21
+ * :already_an_account_with_this_login
22
+ * :already_an_unverified_account_with_this_login
23
+ * :duplicate_webauthn_id
24
+ * :inactive_session
25
+ * :invalid_email_auth_key
26
+ * :invalid_otp_auth_code
27
+ * :invalid_otp_secret
28
+ * :invalid_password
29
+ * :invalid_password_pattern
30
+ * :invalid_phone_number
31
+ * :invalid_previous_password
32
+ * :invalid_recovery_code
33
+ * :invalid_remember_param
34
+ * :invalid_reset_password_key
35
+ * :invalid_sms_code
36
+ * :invalid_sms_confirmation_code
37
+ * :invalid_unlock_account_key
38
+ * :invalid_verify_account_key
39
+ * :invalid_verify_login_change_key
40
+ * :invalid_webauthn_auth_param
41
+ * :invalid_webauthn_remove_param
42
+ * :invalid_webauthn_setup_param
43
+ * :invalid_webauthn_sign_count
44
+ * :login_not_valid_email
45
+ * :login_required
46
+ * :login_too_long
47
+ * :login_too_short
48
+ * :logins_do_not_match
49
+ * :no_current_sms_code
50
+ * :no_matching_login
51
+ * :not_enough_character_groups_in_password
52
+ * :otp_locked_out
53
+ * :password_authentication_required
54
+ * :password_contains_null_byte
55
+ * :password_does_not_meet_requirements
56
+ * :password_in_dictionary
57
+ * :password_is_one_of_the_most_common
58
+ * :password_same_as_previous_password
59
+ * :password_too_short
60
+ * :passwords_do_not_match
61
+ * :same_as_current_login
62
+ * :same_as_existing_password
63
+ * :session_expired
64
+ * :sms_already_setup
65
+ * :sms_locked_out
66
+ * :sms_needs_confirmation
67
+ * :sms_not_setup
68
+ * :too_many_repeating_characters_in_password
69
+ * :two_factor_already_authenticated
70
+ * :two_factor_need_authentication
71
+ * :two_factor_not_setup
72
+ * :unverified_account
73
+ * :webauthn_not_setup
@@ -0,0 +1,463 @@
1
+ = Documentation for Internal Request Feature
2
+
3
+ The internal request feature allows interacting with Rodauth by
4
+ calling methods, and is expected to be used mostly for administrative
5
+ purposes. It allows for things like an changing a login or password
6
+ for an existing user, without requiring that the user login to the
7
+ system. The reason the feature is named +internal_request+ is that
8
+ it internally submits requests to Rodauth, which are handled almost
9
+ identically to how actual web requests will be handled by Rodauth.
10
+
11
+ The general form of calling these methods is:
12
+
13
+ App.rodauth.internal_request_method(hash)
14
+
15
+ Where +App+ is the Roda class, and +internal_request_method+ is the
16
+ method you are calling. For example:
17
+
18
+ App.rodauth.change_password(account_id: 1, password: 'foobar')
19
+
20
+ Will change the password for the account with id 1 to +foobar+.
21
+
22
+ All internal request methods support the following options. For
23
+ internal requests that require an existing account, you should
24
+ generally use one of the two following options:
25
+
26
+ :account_id :: The id of the account to be considered as logged in when the internal request is submitted (most internal requests require a logged in account). This value is assumed to represent an existing account, the database is not checked to confirm that.
27
+ :account_login :: The login of the account to be considered as logged in when the internal request is submitted (most internal requests require a login). This will query the database to determine the account's id before submitting the request. If there is no non-closed account for the login, this will raise an exception.
28
+
29
+ There are additional options available, that you should only use
30
+ if you have special requirements:
31
+
32
+ :authenticated_by :: The array of strings to use for how the internal request's session was authenticated.
33
+ :env :: A hash to merge into the internal request environment hash. Keys given will override default values, so you will probably have problems if you directly use an existing request environment.
34
+ :session :: A hash for the session to use.
35
+ :params :: A hash of custom parameters.
36
+
37
+ All remaining options are considered parameters. Using the
38
+ previous example:
39
+
40
+ App.rodauth.change_password(account_id: 1, password: 'foobar')
41
+
42
+ The <tt>password: 'foobar'</tt> part means that the parameters
43
+ for the request will be <tt>{rodauth.password_param => 'foobar'}</tt>,
44
+ where +rodauth.password_param+ is the value of +password_param+ in
45
+ your Rodauth configuration (this defaults to <tt>"password"</tt>).
46
+
47
+ Passing any options not mentioned above that are not valid Rodauth
48
+ parameters will result in a warning.
49
+
50
+ == Configuration
51
+
52
+ In general, the configuration for internal requests is almost
53
+ the same as for regular requests. There are some minor changes
54
+ for easier usability. +modifications_require_password?+ (and
55
+ similar methods for requiring password),
56
+ +require_login_confirmation?+, and +require_password_confirmation?+
57
+ are set to false. In general, the caller of the method should not
58
+ be able to determine the user's password, and there is no point
59
+ in requiring parameter confirmation when calling the method
60
+ directly.
61
+
62
+ You can override the configuration for internal requests by using
63
+ the +internal_request_configuration+ configuration method. For
64
+ example, you can set the minimum length for logins to be 15
65
+ for normal requests, but only 3 for internal requests:
66
+
67
+ plugin :rodauth do
68
+ enable :create_account, :internal_request
69
+ login_minimum_length 15
70
+
71
+ internal_request_configuration do
72
+ login_minimum_length 3
73
+ end
74
+ end
75
+
76
+ Another approach for doing this is to call the +internal_request?+
77
+ method inside configuration method blocks:
78
+
79
+ plugin :rodauth do
80
+ enable :create_account, :internal_request
81
+ login_minimum_length{internal_request? ? 3 : 15}
82
+ end
83
+
84
+ == Return Values and Exceptions
85
+
86
+ Internal request methods ending in a question mark return true or false.
87
+ Most other internal request methods return nil on success, and or raise a
88
+ Rodauth::InternalRequestError exception on failure. The exception
89
+ message will include the flash message, {the reason for the
90
+ failure}[rdoc-ref:doc/error_reasons.rdoc] if available, and any field errors.
91
+ This data can also be retrieved via +flash+, +reason+, and +field_errors+
92
+ attributes on the exception object.
93
+
94
+ If an internal request method returns a non-nil value on success,
95
+ it will be documented in the Features section below. In such
96
+ cases, unless documented below, the methods will still raise a
97
+ Rodauth::InternalRequestError exception on failure.
98
+
99
+ == Domain
100
+
101
+ While it is a good idea to use the +domain+ configuration method
102
+ to force a domain to use, as it can avoid DNS rebinding attacks,
103
+ Rodauth can function without it, as it can use the domain of the
104
+ request. However, for internal requests, there is no submitted
105
+ domain, and Rodauth does not know what to use as the domain. To
106
+ avoid potentially using a wrong domain, Rodauth will raise an
107
+ Rodauth::InternalRequestError in internal requests if a domain
108
+ is needed and has not been configured.
109
+
110
+ == Features
111
+
112
+ This section documents the methods that are available for each
113
+ feature. You must load that feature and the internal request feature
114
+ in order to call the internal request methods for that feature.
115
+ Some features support multiple internal request methods, and
116
+ each internal request method supported will be documented under
117
+ the appropriate subheading.
118
+
119
+ If the method subheading states it it requires an account, you
120
+ must pass the +:account_id+ or +account_login+ option when calling
121
+ the method.
122
+
123
+ If the method subheading states it it requires an account or
124
+ a login, you must pass either +:login+, +:account_id+, or
125
+ +account_login+ when calling the method.
126
+
127
+ === Base
128
+
129
+ === account_exists?
130
+
131
+ The +account_exists?+ method returns whether the account exists
132
+ for the given login.
133
+
134
+ Options:
135
+ +:login+ :: (required) The login for the account.
136
+
137
+ === account_id_for_login
138
+
139
+ The +account_id_for_login+ method returns the account id for
140
+ the given login. A Rodauth::InternalRequestError is raised
141
+ if the login given is not valid.
142
+
143
+ Options:
144
+ +:login+ :: (required) The login for the account.
145
+
146
+ === internal_request_eval
147
+
148
+ The +internal_request_eval+ requires a block and will +instance_eval+
149
+ the block the context of an internal request instance. This allows
150
+ you full usage of the +Rodauth::Auth+ API inside the request.
151
+ Before using this method, you should have a good understanding
152
+ of Rodauth's internals and the effects of calling any methods you
153
+ are calling inside the block.
154
+
155
+ The return value of the method will be the return value of the
156
+ block, unless one of the methods in the block has set a
157
+ different return value.
158
+
159
+ === Change Login
160
+
161
+ ==== change_login (requires account)
162
+
163
+ The +change_login+ method changes the login for the account.
164
+
165
+ Options:
166
+ +:login+ :: (required) The new login for the account. Note that if the +:account_login+ option is provided, that is the current login for the account, not the new login.
167
+
168
+ === Change Password
169
+
170
+ ==== change_password (requires account)
171
+
172
+ The +change_password+ method changes the password for the account.
173
+
174
+ Options:
175
+ +:password+ or +new_password+ :: (required) The new password for the account.
176
+
177
+ === Close Account
178
+
179
+ ==== close_account (requires account)
180
+
181
+ The +close_account+ method closes the account. There is no method
182
+ in Rodauth to reopen closed accounts.
183
+
184
+ === Create Account
185
+
186
+ ==== create_account
187
+
188
+ The +create_account+ method creates an account.
189
+
190
+ Options:
191
+ +:login+ :: (required) The login for the created account.
192
+ +:password+ :: The password for the created account.
193
+
194
+ === Email Auth
195
+
196
+ ==== email_auth_request (requires account or login)
197
+
198
+ The +email_auth_request+ method requests an email with an
199
+ authentication link be sent to the account's email address.
200
+
201
+ ==== email_auth
202
+
203
+ The +email_auth+ method determines if the given email authentication
204
+ key is valid.
205
+
206
+ This method will return the account id if the authentication key is
207
+ valid.
208
+
209
+ Options:
210
+ +:email_auth_key+ :: (required) The email authentication key for the account.
211
+
212
+ ==== valid_email_auth?
213
+
214
+ The +valid_email_auth?+ method returns whether the given email
215
+ authentication key is valid.
216
+
217
+ Options:
218
+ +:email_auth_key+ :: (required) The email authentication key for the account.
219
+
220
+ === Lockout
221
+
222
+ ==== lock_account (requires account)
223
+
224
+ The +lock_account+ method locks an account, even if the account has
225
+ not experienced any login failures. This is one method only available
226
+ as an internal request.
227
+
228
+ ==== unlock_account_request (requires account or login)
229
+
230
+ The +unlock_account_request+ method requests an email with an
231
+ link to unlock the account be sent to the account's email address.
232
+
233
+ ==== unlock_account
234
+
235
+ The +unlock_account+ method unlocks the account.
236
+
237
+ If an +:account_id+ or +:account_login+ option is provided, this
238
+ will unlock the account without requiring the unlock account key
239
+ value.
240
+
241
+ Options:
242
+ +:unlock_account_key+ :: The unlock account key for the account. This allows unlocking accounts by key, without knowing the account id or login.
243
+
244
+ === Login
245
+
246
+ ==== login (requires account or login)
247
+
248
+ The +login+ method determines if the given password is valid for
249
+ the given account.
250
+
251
+ This method will return the account id if the password is valid.
252
+
253
+ Options:
254
+ +:password+ :: (required) The password for the account.
255
+
256
+ ==== valid_login_and_password? (requires account or login)
257
+
258
+ The +valid_login_and_password?+ method returns whether the given
259
+ password is valid for the given account.
260
+
261
+ Options:
262
+ +:password+ :: (required) The password for the account.
263
+
264
+ === OTP
265
+
266
+ ==== otp_setup_params (requires account)
267
+
268
+ The +otp_setup_params+ method returns a hash with an +:otp_setup+
269
+ key, and an +:otp_setup_raw+ key if the Rodauth configuration uses
270
+ +hmac_secret+.
271
+
272
+ The +:otp_setup+ key in the returned hash specifies the OTP secret.
273
+
274
+ This hash should be merged into the options submitted to the
275
+ +otp_setup+ method in order to complete OTP setup.
276
+
277
+ ==== otp_setup (requires account)
278
+
279
+ The +otp_setup+ method enables OTP multifactor authentication for
280
+ the account.
281
+
282
+ The values in the hash returned by the +otp_setup_params+ hash
283
+ must be passed as options to this method.
284
+
285
+ Additional Options:
286
+ +:otp_auth+ :: (required) The current OTP authentication code for the OTP secret.
287
+
288
+ ==== otp_auth (requires account)
289
+
290
+ The +otp_auth+ method determines if the OTP authentication code is
291
+ valid for the account.
292
+
293
+ Options:
294
+ +:otp_auth+ :: (required) The current OTP authentication code for account.
295
+
296
+ ==== valid_otp_auth? (requires account)
297
+
298
+ The +valid_otp_auth?+ method returns whether the OTP authentication
299
+ code is valid for the account.
300
+
301
+ Options:
302
+ +:otp_auth+ :: (required) The current OTP authentication code for account.
303
+
304
+ ==== otp_disable (requires account)
305
+
306
+ The +otp_disable+ method disables OTP authentication for the account.
307
+
308
+ === Recovery Codes
309
+
310
+ ==== recovery_codes (requires account)
311
+
312
+ The +recovery_codes+ method returns an array of recovery codes for
313
+ the account. This array can be empty if no recovery codes are setup.
314
+
315
+ Options:
316
+ +:add_recovery_codes+ :: Generate new recovery codes for the account, up to the configured +recovery_codes_limit+, before returning the codes.
317
+
318
+ ==== recovery_auth (requires account)
319
+
320
+ The +recovery_auth+ method determines if the recovery authentication
321
+ code is valid for the account.
322
+
323
+ Options:
324
+ +:recovery_codes+ :: (required) A valid recovery code for the account. This option sounds like it would take an array of recover codes, but it only takes a single recovery code.
325
+
326
+ ==== valid_recovery_auth? (requires account)
327
+
328
+ The +valid_recovery_auth?+ method returns whether the recovery
329
+ authentication code is valid for the account.
330
+
331
+ Options:
332
+ +:recovery_codes+ :: (required) A valid recovery code for the account. This option sounds like it would take an array of recover codes, but it only takes a single recovery code.
333
+
334
+ === Remember
335
+
336
+ ==== remember_setup (requires_account)
337
+
338
+ The +remember_setup+ method setups up the remember feature for
339
+ the account, and returns the cookie value that can be used for
340
+ the remember cookie.
341
+
342
+ ==== remember_disable (requires_account)
343
+
344
+ The +remember_disable+ method disables the remember feature for
345
+ the account.
346
+
347
+ ==== account_id_for_remember_key
348
+
349
+ The +account_id_for_remember_key+ method returns the account id
350
+ for the given remember key.
351
+
352
+ Options:
353
+ +:remember+ :: (required) The remember key for the account. This is the same value returned by +remember_setup+.
354
+
355
+ === Reset Password
356
+
357
+ ==== reset_password_request (requires account or login)
358
+
359
+ The +reset_password_request+ method requests an email with an
360
+ link to reset the password for the account be sent to the account's
361
+ email address.
362
+
363
+ ==== reset_password
364
+
365
+ The +reset_password+ method resets the password for an account.
366
+ This is similar to the +change_password+ method, but requires
367
+ that a reset password key has been created for the account, and
368
+ removes the key after the password has been reset.
369
+
370
+ If an +:account_id+ or +:account_login+ option is provided, this
371
+ will reset the password for the account without requiring the
372
+ reset password key value.
373
+
374
+ Options:
375
+ +:password+ :: (required) The new password for the account.
376
+ +:reset_password_key+ :: The reset password key for the account. This allows resetting passwords by key, without knowing the account id or login.
377
+
378
+ === SMS Codes
379
+
380
+ ==== sms_setup (requires account)
381
+
382
+ The +sms_setup+ method sends an SMS message to the given
383
+ phone number with a code to setup SMS authentication for
384
+ the account.
385
+
386
+ Options:
387
+ +:sms_phone+ :: (required) The phone number to use to setup SMS authentication.
388
+
389
+ ==== sms_confirm (requires account)
390
+
391
+ The +sms_confirm+ method sets up SMS authentication for
392
+ an account, confirming that the SMS authentication code
393
+ sent previously was received.
394
+
395
+ Options:
396
+ +:sms_code+ :: (required) The authentication code sent to the user for setting up SMS authentication.
397
+
398
+ ==== sms_request (requires account)
399
+
400
+ The +sms_setup+ method sends an SMS message to the account's
401
+ SMS phone number with an authentication code for two factor
402
+ authentication.
403
+
404
+ ==== sms_auth (requires account)
405
+
406
+ The +sms_auth+ method determines if the SMS authentication code is
407
+ valid for the account.
408
+
409
+ Options:
410
+ +:sms_code+ :: (required) The authentication code sent to the user via SMS.
411
+
412
+ ==== valid_sms_auth? (requires account)
413
+
414
+ The +valid_sms_auth?+ method returns whether the SMS authentication
415
+ code is valid for the account.
416
+
417
+ Options:
418
+ +:sms_code+ :: (required) The authentication code sent to the user via SMS.
419
+
420
+ ==== sms_disable (requires account)
421
+
422
+ The +sms_disable+ method disables SMS authentication for the account.
423
+
424
+ === Two Factor Base
425
+
426
+ ==== two_factor_disable (requires_account)
427
+
428
+ The +two_factor_disable+ method disables all multifactor authentication
429
+ for the account.
430
+
431
+ === Verify Account
432
+
433
+ ==== verify_account_resend (requires account or login)
434
+
435
+ The +verify_account_resend+ method resends the account verification email
436
+ to the account's email address.
437
+
438
+ ==== verify_account
439
+
440
+ The +verify_account+ method verifies the account.
441
+ to the account's email address.
442
+
443
+ If an +:account_id+ or +:account_login+ option is provided, this
444
+ will verify the account without requiring the verify account key value.
445
+
446
+ Options:
447
+ +:password+ :: The password for the account, if setting up passwords during verification.
448
+ +:verify_account_key+ :: The verify account key for the account. This allows verifying accounts by key, without knowing the account id or login.
449
+
450
+ === Verify Login Change
451
+
452
+ ==== verify_login_change
453
+
454
+ The +verify_login_change+ method verifies the login change for the
455
+ account.
456
+
457
+ If an +:account_id+ or +:account_login+ option is provided, this
458
+ will verify the account without requiring the verify account key value.
459
+ If the +:account_login+ option is provided, it specifies the current
460
+ account login, before the change.
461
+
462
+ Options:
463
+ +:verify_login_change_key+ :: The verify login change key for the account. This allows verifying login changes by key, without knowing the account id or login.