rodauth 2.11.0 → 2.15.0

data/lib/rodauth/features/session_expiration.rb

@@ -38,6 +38,7 @@ module Rodauth
     def expire_session
       clear_session
       set_redirect_error_status session_expiration_error_status
+      set_error_reason :session_expired
       set_redirect_error_flash session_expiration_error_flash
       redirect session_expiration_redirect
     end

data/lib/rodauth/features/single_session.rb

@@ -57,6 +57,7 @@ module Rodauth
     def no_longer_active_session
       clear_session
       set_redirect_error_status inactive_session_error_status
+      set_error_reason :inactive_session
       set_redirect_error_flash single_session_error_flash
       redirect single_session_redirect
     end

data/lib/rodauth/features/sms_codes.rb

@@ -112,6 +112,13 @@ module Rodauth
       :sms_valid_phone?
     )
 
+    internal_request_method :sms_setup
+    internal_request_method :sms_confirm
+    internal_request_method :sms_request
+    internal_request_method :sms_auth
+    internal_request_method :valid_sms_auth?
+    internal_request_method :sms_disable
+
     route(:sms_request) do |r|
       require_login
       require_account_session
@@ -146,7 +153,7 @@ module Rodauth
           sms_set_code(nil)
         end
 
-        set_response_error_status(invalid_key_error_status)
+        set_response_error_reason_status(:no_current_sms_code, invalid_key_error_status)
         set_redirect_error_flash no_current_sms_code_error_flash
         redirect sms_request_redirect
       end
@@ -169,7 +176,7 @@ module Rodauth
           end
         end
 
-        set_response_error_status(invalid_key_error_status)
+        set_response_error_reason_status(:invalid_sms_code, invalid_key_error_status)
         set_field_error(sms_code_param, sms_invalid_code_message)
         set_error_flash sms_invalid_code_error_flash
         sms_auth_view
@@ -186,6 +193,7 @@ module Rodauth
 
       if sms_needs_confirmation?
         set_redirect_error_status(sms_needs_confirmation_error_status)
+        set_error_reason :sms_needs_confirmation
         set_redirect_error_flash sms_needs_confirmation_error_flash
         redirect sms_needs_confirmation_redirect
       end
@@ -199,13 +207,13 @@ module Rodauth
       r.post do
         catch_error do
           unless two_factor_password_match?(param(password_param))
-            throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+            throw_error_reason(:invalid_password, invalid_password_error_status, password_param, invalid_password_message)
           end
 
           phone = sms_normalize_phone(param(sms_phone_param))
 
           unless sms_valid_phone?(phone)
-            throw_error_status(invalid_field_error_status, sms_phone_param, sms_invalid_phone_message)
+            throw_error_reason(:invalid_phone_number, invalid_field_error_status, sms_phone_param, sms_invalid_phone_message)
           end
 
           transaction do
@@ -254,6 +262,7 @@ module Rodauth
 
         sms_confirm_failure
         set_redirect_error_status(invalid_key_error_status)
+        set_error_reason :invalid_sms_confirmation_code
         set_redirect_error_flash sms_invalid_confirmation_code_error_flash
         redirect sms_needs_setup_redirect
       end
@@ -282,7 +291,7 @@ module Rodauth
           redirect sms_disable_redirect
         end
 
-        set_response_error_status(invalid_password_error_status)
+        set_response_error_reason_status(:invalid_password, invalid_password_error_status)
         set_field_error(password_param, invalid_password_message)
         set_error_flash sms_disable_error_flash
         sms_disable_view
@@ -302,6 +311,7 @@ module Rodauth
     def require_sms_setup
       unless sms_setup?
         set_redirect_error_status(two_factor_not_setup_error_status)
+        set_error_reason :sms_not_setup
         set_redirect_error_flash sms_not_setup_error_flash
         redirect sms_needs_setup_redirect
       end
@@ -310,6 +320,7 @@ module Rodauth
     def require_sms_not_setup
       if sms_setup?
         set_redirect_error_status(sms_already_setup_error_status)
+        set_error_reason :sms_already_setup
         set_redirect_error_flash sms_already_setup_error_flash
         redirect sms_already_setup_redirect
       end
@@ -320,6 +331,7 @@ module Rodauth
 
       if sms_locked_out?
         set_redirect_error_status(lockout_error_status)
+        set_error_reason :sms_locked_out
         set_redirect_error_flash sms_lockout_error_flash
         redirect sms_lockout_redirect
       end

data/lib/rodauth/features/two_factor_base.rb

@@ -57,6 +57,8 @@ module Rodauth
       :two_factor_update_session
     )
 
+    internal_request_method :two_factor_disable
+
     route(:two_factor_manage, 'multifactor-manage') do |r|
       require_account
       before_two_factor_manage_route
@@ -106,7 +108,7 @@ module Rodauth
           redirect two_factor_disable_redirect
         end
 
-        set_response_error_status(invalid_password_error_status)
+        set_response_error_reason_status(:invalid_password, invalid_password_error_status)
         set_field_error(password_param, invalid_password_message)
         set_error_flash two_factor_disable_error_flash
         two_factor_disable_view
@@ -144,6 +146,7 @@ module Rodauth
       return if uses_two_factor_authentication?
 
       set_redirect_error_status(two_factor_not_setup_error_status)
+      set_error_reason :two_factor_not_setup
       set_redirect_error_flash two_factor_not_setup_error_flash
       redirect two_factor_need_setup_redirect
     end
@@ -151,6 +154,7 @@ module Rodauth
     def require_two_factor_not_authenticated(auth_type = nil)
       if two_factor_authenticated? || (auth_type && two_factor_login_type_match?(auth_type))
         set_redirect_error_status(two_factor_already_authenticated_error_status)
+        set_error_reason :two_factor_already_authenticated
         set_redirect_error_flash two_factor_already_authenticated_error_flash
         redirect two_factor_already_authenticated_redirect
       end
@@ -162,6 +166,7 @@ module Rodauth
           set_session_value(two_factor_auth_redirect_session_key, request.fullpath)
         end
         set_redirect_error_status(two_factor_need_authentication_error_status)
+        set_error_reason :two_factor_need_authentication
         set_redirect_error_flash two_factor_need_authentication_error_flash
         redirect two_factor_auth_required_redirect
       end

data/lib/rodauth/features/verify_account.rb

@@ -60,6 +60,9 @@ module Rodauth
       :account_from_verify_account_key
     )
 
+    internal_request_method(:verify_account_resend)
+    internal_request_method
+
     route(:verify_account_resend) do |r|
       verify_account_check_already_logged_in
       before_verify_account_resend_route
@@ -87,6 +90,7 @@ module Rodauth
           set_notice_flash verify_account_email_sent_notice_flash
         else
           set_redirect_error_status(no_matching_login_error_status)
+          set_error_reason :no_matching_login
           set_redirect_error_flash verify_account_resend_error_flash
         end
         
@@ -120,6 +124,7 @@ module Rodauth
         key = session[verify_account_session_key] || param(verify_account_key_param)
         unless account_from_verify_account_key(key)
           set_redirect_error_status(invalid_key_error_status)
+          set_error_reason :invalid_verify_account_key
           set_redirect_error_flash verify_account_error_flash
           redirect verify_account_redirect
         end
@@ -129,7 +134,7 @@ module Rodauth
             password = param(password_param)
 
             if require_password_confirmation? && password != param(password_confirm_param)
-              throw_error_status(unmatched_field_error_status, password_param, passwords_do_not_match_message)
+              throw_error_reason(:passwords_do_not_match, unmatched_field_error_status, password_param, passwords_do_not_match_message)
             end
 
             unless password_meets_requirements?(password)
@@ -192,6 +197,7 @@ module Rodauth
     def new_account(login)
       if account_from_login(login) && allow_resending_verify_account_email?
         set_redirect_error_status(unopen_account_error_status)
+        set_error_reason :already_an_unverified_account_with_this_login
         set_error_flash attempt_to_create_unverified_account_error_flash
         response.write resend_verify_account_view
         request.halt
@@ -269,6 +275,7 @@ module Rodauth
     def before_login_attempt
       unless open_account?
         set_redirect_error_status(unopen_account_error_status)
+        set_error_reason :unverified_account
         set_error_flash attempt_to_login_to_unverified_account_error_flash
         response.write resend_verify_account_view
         request.halt

data/lib/rodauth/features/verify_account_grace_period.rb

@@ -72,7 +72,7 @@ module Rodauth
     end
 
     def account_in_unverified_grace_period?
-      account || account_from_session
+      return false unless account || (session_value && account_from_session)
       account[account_status_column] == account_unverified_status_value &&
         verify_account_grace_period &&
         !verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty?

data/lib/rodauth/features/verify_login_change.rb

@@ -50,6 +50,8 @@ module Rodauth
       :account_from_verify_login_change_key
     )
 
+    internal_request_method
+
     route do |r|
       before_verify_login_change_route
 
@@ -74,6 +76,7 @@ module Rodauth
         key = session[verify_login_change_session_key] || param(verify_login_change_key_param)
         unless account_from_verify_login_change_key(key)
           set_redirect_error_status(invalid_key_error_status)
+          set_error_reason :invalid_verify_login_change_key
           set_redirect_error_flash verify_login_change_error_flash
           redirect verify_login_change_redirect
         end
@@ -82,6 +85,7 @@ module Rodauth
           before_verify_login_change
           unless verify_login_change
             set_redirect_error_status(invalid_key_error_status)
+            set_error_reason :already_an_account_with_this_login
             set_redirect_error_flash verify_login_change_duplicate_account_error_flash
             redirect verify_login_change_duplicate_account_redirect
           end
@@ -151,7 +155,7 @@ module Rodauth
 
     def update_login(login)
       if _account_from_login(login)
-        @login_requirement_message = already_an_account_with_this_login_message
+        set_login_requirement_error_message(:already_an_account_with_this_login, already_an_account_with_this_login_message)
         return false
       end
 
@@ -213,4 +217,3 @@ module Rodauth
     end
   end
 end
-

data/lib/rodauth/features/webauthn.rb

@@ -182,7 +182,7 @@ module Rodauth
           end
 
           if throw_error
-            throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_duplicate_webauthn_id_message)
+            throw_error_reason(:duplicate_webauthn_id, invalid_field_error_status, webauthn_setup_param, webauthn_duplicate_webauthn_id_message)
           end
 
           set_notice_flash webauthn_setup_notice_flash
@@ -207,17 +207,17 @@ module Rodauth
       r.post do
         catch_error do
           unless webauthn_id = param_or_nil(webauthn_remove_param)
-            throw_error_status(invalid_field_error_status, webauthn_remove_param, webauthn_invalid_remove_param_message)
+            throw_error_reason(:invalid_webauthn_remove_param, invalid_field_error_status, webauthn_remove_param, webauthn_invalid_remove_param_message)
           end
 
           unless two_factor_password_match?(param(password_param))
-            throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+            throw_error_reason(:invalid_password, invalid_password_error_status, password_param, invalid_password_message)
           end
 
           transaction do
             before_webauthn_remove
             unless remove_webauthn_key(webauthn_id)
-              throw_error_status(invalid_field_error_status, webauthn_remove_param, webauthn_invalid_remove_param_message)
+              throw_error_reason(:invalid_webauthn_remove_param, invalid_field_error_status, webauthn_remove_param, webauthn_invalid_remove_param_message)
             end
             if authenticated_webauthn_id == webauthn_id && two_factor_login_type_match?('webauthn')
               webauthn_remove_authenticated_session
@@ -342,7 +342,7 @@ module Rodauth
     end
 
     def handle_webauthn_sign_count_verification_error
-      throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_sign_count_message) 
+      throw_error_reason(:invalid_webauthn_sign_count, invalid_field_error_status, webauthn_auth_param, webauthn_invalid_sign_count_message) 
     end
 
     def add_webauthn_credential(webauthn_credential)
@@ -392,6 +392,7 @@ module Rodauth
     def require_webauthn_setup
       unless webauthn_setup?
         set_redirect_error_status(webauthn_not_setup_error_status)
+        set_error_reason :webauthn_not_setup
         set_redirect_error_flash webauthn_not_setup_error_flash
         redirect two_factor_need_setup_redirect
       end
@@ -450,23 +451,23 @@ module Rodauth
         begin
           auth_data = JSON.parse(auth_data)
         rescue
-          throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 
+          throw_error_reason(:invalid_webauthn_auth_param, invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 
         end
       when Hash
         # nothing
       else
-        throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message)
+        throw_error_reason(:invalid_webauthn_auth_param, invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message)
       end
 
       begin
         webauthn_credential = WebAuthn::Credential.from_get(auth_data)
         unless valid_webauthn_credential_auth?(webauthn_credential)
-          throw_error_status(invalid_key_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message)
+          throw_error_reason(:invalid_webauthn_auth_param, invalid_key_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message)
         end
       rescue WebAuthn::SignCountVerificationError
         handle_webauthn_sign_count_verification_error
       rescue WebAuthn::Error, RuntimeError, NoMethodError
-        throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 
+        throw_error_reason(:invalid_webauthn_auth_param, invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 
       end
 
       webauthn_credential
@@ -478,25 +479,25 @@ module Rodauth
         begin
           setup_data = JSON.parse(setup_data)
         rescue
-          throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
+          throw_error_reason(:invalid_webauthn_setup_param, invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
         end
       when Hash
         # nothing
       else
-        throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message)
+        throw_error_reason(:invalid_webauthn_setup_param, invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message)
       end
 
       unless two_factor_password_match?(param(password_param))
-        throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+        throw_error_reason(:invalid_password, invalid_password_error_status, password_param, invalid_password_message)
       end
 
       begin
         webauthn_credential = WebAuthn::Credential.from_create(setup_data)
         unless valid_new_webauthn_credential?(webauthn_credential)
-          throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
+          throw_error_reason(:invalid_webauthn_setup_param, invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
         end
       rescue WebAuthn::Error, RuntimeError, NoMethodError
-        throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
+        throw_error_reason(:invalid_webauthn_setup_param, invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
       end
 
       webauthn_credential

data/lib/rodauth/features/webauthn_login.rb

@@ -17,7 +17,7 @@ module Rodauth
       r.post do
         catch_error do
           unless account_from_login(param(login_param)) && open_account?
-            throw_error_status(no_matching_login_error_status, login_param, no_matching_login_message) 
+            throw_error_reason(:no_matching_login, no_matching_login_error_status, login_param, no_matching_login_message) 
           end
 
           webauthn_credential = webauthn_auth_credential_from_form_submission

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 11
+  MINOR = 15
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/templates/button.str

@@ -1,3 +1,3 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <input type="submit" #{"name=\"#{h opts[:name]}\"" if opts[:name]} class="#{h(opts[:class] || 'btn btn-primary')}" value="#{h value}"/>
 </div>

data/templates/change-password.str

@@ -2,8 +2,8 @@
   #{rodauth.change_password_additional_form_tags}
   #{rodauth.csrf_tag}
   #{rodauth.render('password-field') if rodauth.change_password_requires_password?}
-  <div class="form-group">
-    <label for="new-password">#{rodauth.new_password_label}#{rodauth.input_field_label_suffix}</label>
+  <div class="form-group mb-3">
+    <label for="new-password" class="form-label">#{rodauth.new_password_label}#{rodauth.input_field_label_suffix}</label>
     #{rodauth.input_field_string(rodauth.new_password_param, 'new-password', :type => 'password', :autocomplete=>"new-password")}
   </div>
   #{rodauth.render('password-confirm-field') if rodauth.require_password_confirmation?}

data/templates/global-logout-field.str

@@ -1,4 +1,4 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <div class="form-check checkbox">
     <input type="checkbox" name="#{rodauth.global_logout_param}" class="form-check-input" id="global-logout" value="t"/>
     <label class="rodauth-global-logout-label form-check-label" for="global-logout">#{rodauth.global_logout_label}</label>

data/templates/login-confirm-field.str

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <label for="login-confirm">#{rodauth.login_confirm_label}#{rodauth.input_field_label_suffix}</label>
+<div class="form-group mb-3">
+  <label for="login-confirm" class="form-label">#{rodauth.login_confirm_label}#{rodauth.input_field_label_suffix}</label>
   #{rodauth.input_field_string(rodauth.login_confirm_param, 'login-confirm', :type=>rodauth.login_input_type, :autocomplete=>rodauth.login_uses_email? ? "email" : "on")}
 </div>

data/templates/login-display.str

@@ -1,5 +1,5 @@
-<div class="form-group">
+<div class="form-group mb-3">
   #{rodauth.login_hidden_field}
-  <label for="login">#{rodauth.login_label}</label>
+  <label for="login" class="form-label">#{rodauth.login_label}</label>
   <div class="form-control-plaintext form-control-static">#{h rodauth.param(rodauth.login_param)}</div>
 </div>

data/templates/login-field.str

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <label for="login">#{rodauth.login_label}#{rodauth.input_field_label_suffix}</label>
+<div class="form-group mb-3">
+  <label for="login" class="form-label">#{rodauth.login_label}#{rodauth.input_field_label_suffix}</label>
   #{rodauth.input_field_string(rodauth.login_param, 'login', :type=>rodauth.login_input_type, :autocomplete=>rodauth.login_uses_email? ? "email" : "on")}
 </div>

data/templates/otp-auth-code-field.str

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <label for="otp-auth-code">#{rodauth.otp_auth_label}#{rodauth.input_field_label_suffix}</label>
+<div class="form-group mb-3">
+  <label for="otp-auth-code" class="form-label">#{rodauth.otp_auth_label}#{rodauth.input_field_label_suffix}</label>
   <div class="row">
     <div class="col-sm-3">
       #{rodauth.input_field_string(rodauth.otp_auth_param, 'otp-auth-code', :value=>'', :autocomplete=>"off", :inputmode=>'numeric')}

data/templates/otp-setup.str

@@ -3,14 +3,14 @@
   <input type="hidden" id="otp-key" name="#{rodauth.otp_setup_param}" value="#{rodauth.otp_user_key}" />
   #{"<input type=\"hidden\" id=\"otp-hmac-secret\" name=\"#{rodauth.otp_setup_raw_param}\" value=\"#{rodauth.otp_key}\" />" if rodauth.otp_keys_use_hmac?}
   #{rodauth.csrf_tag}
-  <div class="form-group">
+  <div class="form-group mb-3">
     <p>#{rodauth.otp_secret_label}: #{rodauth.otp_user_key}</p>
     <p>#{rodauth.otp_provisioning_uri_label}: #{rodauth.otp_provisioning_uri}</p>
   </div>
  
   <div class="row">
     <div class="col-lg-6 col-lg">
-      <div class="form-group">
+      <div class="form-group mb-3">
         <p>#{rodauth.otp_qr_code}</p>
       </div>
     </div>