rodauth 2.12.0 → 2.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 453992f6df1e1a41e30923334f53146ddd575015f57960dcdadb2b3d4bc496e9
-  data.tar.gz: 29172b14c9a5c6d88e36c827c4fbc9e4f61fbadadf6b656734ef7058e9dd4a13
+  metadata.gz: f01d42c90dd22a88566f17b3e77b9495dc1431f004f2f54865cff45a3874ce43
+  data.tar.gz: b09c0a44b2b4f6ab1eb795b11a69ec7acd1d4ed5ac4abbe45d8bb4072cb61e0f
 SHA512:
-  metadata.gz: 956d8809e6ba87044e5aeba7712cc4e907604a632d7113084cda074bf675952fb4e3081cca5adf19a191df6d073e2b9068a313d8d26e81534b70f9eaba20688e
-  data.tar.gz: aaa0cde299ba115ea281bc18dfe5f02a0d2b35dd95231d9e69662ec340194569a288be916abb2fe0e258c50599c6ea6ef42791824f986d6dc2e295f5db67645a
+  metadata.gz: 2934f2824b7c805f6400fab52aad9c4aaca2f3bbfb4584688619b0b24b9e052a3cecc4b36b6eb7379e13f2a9bf2bc64e0efac077d932e390270401966223e2ae
+  data.tar.gz: c1dcf6d140117743baa62ba0715c99584bb80b8aa933f596424f242c2ffb6a31c7d25f0fdba65fed4b1bd93d63692502c7c63b36a1f2b793083b1972c5313304

data/CHANGELOG

@@ -1,3 +1,11 @@
+=== 2.13.0 (2021-05-22)
+
+* Make jwt_refresh expired access token support work when using rodauth.check_active_sessions before calling r.rodauth (renchap) (#165)
+
+* Update default templates to add classes for Bootstrap 5 compatibility (janko) (#164)
+
+* Add set_error_reason configuration method to allow applications more finer grained error handling (renchap, jeremyevans) (#162)
+
 === 2.12.0 (2021-04-22)
 
 * Add configuration methods to active_sessions plugin to control the inserting and updating of rows (janko) (#159)

data/doc/base.rdoc

@@ -105,6 +105,7 @@ random_key :: A randomly generated string, used for creating tokens.
 redirect(path) :: Redirect the request to the given path.
 session_value :: The value for session_key in the current session.
 set_error_flash(message) :: Set the current error flash to the given message.
+set_error_reason(reason) :: You can override this method to customize handling of specific error types (does nothing by default).  Each separate error type has a separate reason symbol, you can see the {list of error reason symbols}[rdoc-ref:doc/error_reasons.rdoc].
 set_notice_flash(message) :: Set the next notice flash to the given message.
 set_notice_now_flash(message) :: Set the current notice flash to the given message.
 set_redirect_error_flash(message) :: Set the next error flash to the given message.

data/doc/error_reasons.rdoc

@@ -0,0 +1,73 @@
+= Error Reasons
+
+Rodauth allows for customizing response status codes and error
+messages for each type of error.  However, in some cases, the
+response status code is too coarse for desired error handling
+by the application (since many error types use the same status
+code), and using the error message is too fragile since it may
+be translated.
+
+For this reason, Rodauth associates a fine grained reason for
+each type of error.  If an error occurs in Rodauth, it will
+call the +set_error_reason+ method with a symbol for the
+specific type of error.  By default, this method does not do
+anything, but you can use the +set_error_reason+ configuration
+method to customize the error handling.
+
+These are the currently supported error type symbols that
+Rodauth will call +set_error_reason+ with:
+
+* :account_locked_out
+* :already_an_account_with_this_login
+* :already_an_unverified_account_with_this_login
+* :duplicate_webauthn_id
+* :inactive_session
+* :invalid_email_auth_key
+* :invalid_otp_auth_code
+* :invalid_otp_secret
+* :invalid_password
+* :invalid_password_pattern
+* :invalid_phone_number
+* :invalid_previous_password
+* :invalid_recovery_code
+* :invalid_remember_param
+* :invalid_reset_password_key
+* :invalid_sms_code
+* :invalid_sms_confirmation_code
+* :invalid_unlock_account_key
+* :invalid_verify_account_key
+* :invalid_verify_login_change_key
+* :invalid_webauthn_auth_param
+* :invalid_webauthn_remove_param
+* :invalid_webauthn_setup_param
+* :invalid_webauthn_sign_count
+* :login_not_valid_email
+* :login_required
+* :login_too_long
+* :login_too_short
+* :logins_do_not_match
+* :no_current_sms_code
+* :no_matching_login
+* :not_enough_character_groups_in_password
+* :otp_locked_out
+* :password_authentication_required
+* :password_contains_null_byte
+* :password_does_not_meet_requirements
+* :password_in_dictionary
+* :password_is_one_of_the_most_common
+* :password_same_as_previous_password
+* :password_too_short
+* :passwords_do_not_match
+* :same_as_current_login
+* :same_as_existing_password
+* :session_expired
+* :sms_already_setup
+* :sms_locked_out
+* :sms_needs_confirmation
+* :sms_not_setup
+* :too_many_repeating_characters_in_password
+* :two_factor_already_authenticated
+* :two_factor_need_authentication
+* :two_factor_not_setup
+* :unverified_account
+* :webauthn_not_setup

data/doc/release_notes/2.13.0.txt

@@ -0,0 +1,19 @@
+= New Features
+
+* A set_error_reason configuration method has been added.  This method
+  is called whenever a error occurs in Rodauth, with a symbol
+  describing the error.  The default implementation of this method does
+  nothing, it has been added to make it easier for Rodauth users to
+  implement custom handling for specific error types.  See the Rodauth
+  documentation for this method to see the list of symbols this method
+  can be called with.
+
+= Other Improvements
+
+* When using active_sessions and jwt_refresh together, and allowing for
+  expired JWTs when refreshing, you can now call
+  rodauth.check_active_session before r.rodauth.  Previously, this
+  did not work, and you had to call rodauth.check_active_session
+  after r.rodauth.
+
+* The default templates now also support Bootstrap 5.

data/lib/rodauth/features/active_sessions.rb

@@ -57,6 +57,7 @@ module Rodauth
     def no_longer_active_session
       clear_session
       set_redirect_error_status inactive_session_error_status
+      set_error_reason :inactive_session
       set_redirect_error_flash active_sessions_error_flash
       redirect active_sessions_redirect
     end
@@ -176,4 +177,3 @@ module Rodauth
     end
   end
 end
-

data/lib/rodauth/features/base.rb

@@ -100,6 +100,7 @@ module Rodauth
       :set_notice_flash,
       :set_notice_now_flash,
       :set_redirect_error_flash,
+      :set_error_reason,
       :set_title,
       :translate,
       :update_session
@@ -294,6 +295,7 @@ module Rodauth
 
     def login_required
       set_redirect_error_status(login_required_error_status)
+      set_error_reason :login_required
       set_redirect_error_flash require_login_error_flash
       redirect require_login_redirect
     end
@@ -539,6 +541,11 @@ module Rodauth
     def set_response_error_status(status)
       response.status = status
     end
+    
+    def set_response_error_reason_status(reason, status)
+      set_error_reason(reason)
+      set_response_error_status(status)
+    end
 
     def throw_error(field, error)
       set_field_error(field, error)
@@ -550,6 +557,14 @@ module Rodauth
       throw_error(field, error)
     end
 
+    def set_error_reason(reason)
+    end
+
+    def throw_error_reason(reason, status, field, message)
+      set_error_reason(reason)
+      throw_error_status(status, field, message)
+    end
+
     def use_date_arithmetic?
       set_deadline_values?
     end

data/lib/rodauth/features/change_login.rb

@@ -30,7 +30,7 @@ module Rodauth
       r.post do
         catch_error do
           if change_login_requires_password? && !password_match?(param(password_param))
-            throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+            throw_error_reason(:invalid_password, invalid_password_error_status, password_param, invalid_password_message)
           end
 
           login = param(login_param)
@@ -39,7 +39,7 @@ module Rodauth
           end
 
           if require_login_confirmation? && login != param(login_confirm_param)
-            throw_error_status(unmatched_field_error_status, login_param, logins_do_not_match_message)
+            throw_error_reason(:logins_do_not_match, unmatched_field_error_status, login_param, logins_do_not_match_message)
           end
 
           transaction do
@@ -65,7 +65,7 @@ module Rodauth
 
     def change_login(login)
       if account_ds.get(login_column).downcase == login.downcase
-        @login_requirement_message = same_as_current_login_message
+        set_login_requirement_error_message(:same_as_current_login, same_as_current_login_message)
         return false
       end
 
@@ -82,7 +82,7 @@ module Rodauth
       updated = nil
       raised = raises_uniqueness_violation?{updated = update_account({login_column=>login}, account_ds.exclude(login_column=>login)) == 1}
       if raised
-        @login_requirement_message = already_an_account_with_this_login_message
+        set_login_requirement_error_message(:already_an_account_with_this_login, already_an_account_with_this_login_message)
       end
       updated && !raised
     end

data/lib/rodauth/features/change_password.rb

@@ -33,16 +33,16 @@ module Rodauth
       r.post do
         catch_error do
           if change_password_requires_password? && !password_match?(param(password_param))
-            throw_error_status(invalid_password_error_status, password_param, invalid_previous_password_message)
+            throw_error_reason(:invalid_previous_password, invalid_password_error_status, password_param, invalid_previous_password_message)
           end
 
           password = param(new_password_param)
           if require_password_confirmation? && password != param(password_confirm_param)
-            throw_error_status(unmatched_field_error_status, new_password_param, passwords_do_not_match_message)
+            throw_error_reason(:passwords_do_not_match, unmatched_field_error_status, new_password_param, passwords_do_not_match_message)
           end
 
           if password_match?(password) 
-            throw_error_status(invalid_field_error_status, new_password_param, same_as_existing_password_message)
+            throw_error_reason(:same_as_existing_password, invalid_field_error_status, new_password_param, same_as_existing_password_message)
           end
 
           unless password_meets_requirements?(password)

data/lib/rodauth/features/close_account.rb

@@ -35,7 +35,7 @@ module Rodauth
       r.post do
         catch_error do
           if close_account_requires_password? && !password_match?(param(password_param))
-            throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+            throw_error_reason(:invalid_password, invalid_password_error_status, password_param, invalid_password_message)
           end
 
           transaction do

data/lib/rodauth/features/confirm_password.rb

@@ -40,7 +40,7 @@ module Rodauth
           set_notice_flash confirm_password_notice_flash
           redirect confirm_password_redirect
         else
-          set_response_error_status(invalid_password_error_status)
+          set_response_error_reason_status(:invalid_password, invalid_password_error_status)
           set_field_error(password_param, invalid_password_message)
           set_error_flash confirm_password_error_flash
           confirm_password_view
@@ -53,6 +53,7 @@ module Rodauth
 
       if require_password_authentication? && has_password?
         set_redirect_error_status(password_authentication_required_error_status)
+        set_error_reason :password_authentication_required
         set_redirect_error_flash password_authentication_required_error_flash
         set_session_value(confirm_password_redirect_session_key, request.fullpath)
         redirect password_authentication_required_redirect
@@ -89,4 +90,3 @@ module Rodauth
     end
   end
 end
-

data/lib/rodauth/features/create_account.rb

@@ -43,7 +43,7 @@ module Rodauth
 
         catch_error do
           if require_login_confirmation? && login != param(login_confirm_param)
-            throw_error_status(unmatched_field_error_status, login_param, logins_do_not_match_message)
+            throw_error_reason(:logins_do_not_match, unmatched_field_error_status, login_param, logins_do_not_match_message)
           end
 
           unless login_meets_requirements?(login)
@@ -52,11 +52,11 @@ module Rodauth
 
           if create_account_set_password?
             if require_password_confirmation? && password != param(password_confirm_param)
-              throw_error_status(unmatched_field_error_status, password_param, passwords_do_not_match_message)
+              throw_error_reason(:passwords_do_not_match, unmatched_field_error_status, password_param, passwords_do_not_match_message)
             end
 
             unless password_meets_requirements?(password)
-              throw_error_status(invalid_field_error_status, password_param, password_does_not_meet_requirements_message)
+              throw_error_reason(:password_does_not_meet_requirements, invalid_field_error_status, password_param, password_does_not_meet_requirements_message)
             end
 
             if account_password_hash_column
@@ -100,7 +100,7 @@ module Rodauth
       raised = raises_uniqueness_violation?{id = db[accounts_table].insert(account)}
 
       if raised
-        @login_requirement_message = already_an_account_with_this_login_message
+        set_login_requirement_error_message(:already_an_account_with_this_login, already_an_account_with_this_login_message)
       end
 
       if id

data/lib/rodauth/features/disallow_common_passwords.rb

@@ -32,7 +32,7 @@ module Rodauth
 
     def password_not_one_of_the_most_common?(password)
       return true unless password_one_of_most_common?(password)
-      @password_requirement_message = password_is_one_of_the_most_common_message
+      set_password_requirement_error_message(:password_is_one_of_the_most_common, password_is_one_of_the_most_common_message)
       false
     end
   end

data/lib/rodauth/features/disallow_password_reuse.rb

@@ -65,7 +65,7 @@ module Rodauth
       end
 
       return true unless match
-      @password_requirement_message = password_same_as_previous_password_message
+      set_password_requirement_error_message(:password_same_as_previous_password, password_same_as_previous_password_message)
       false
     end
 

data/lib/rodauth/features/email_auth.rb

@@ -58,6 +58,7 @@ module Rodauth
           _email_auth_request
         else
           set_redirect_error_status(no_matching_login_error_status)
+          set_error_reason :no_matching_login
           set_redirect_error_flash email_auth_request_error_flash
         end
 
@@ -90,6 +91,7 @@ module Rodauth
         key = session[email_auth_session_key] || param(email_auth_key_param)
         unless account_from_email_auth_key(key)
           set_redirect_error_status(invalid_key_error_status)
+          set_error_reason :invalid_email_auth_key
           set_redirect_error_flash email_auth_error_flash
           redirect email_auth_email_sent_redirect
         end

data/lib/rodauth/features/jwt_refresh.rb

@@ -32,6 +32,8 @@ module Rodauth
     )
 
     route do |r|
+      # For backward compatibility, unused in core Rodauth
+      # RODAUTH3: Remove
       @jwt_refresh_route = true
       before_jwt_refresh_route
 
@@ -135,7 +137,7 @@ module Rodauth
     end
 
     def _jwt_decode_opts
-      if allow_refresh_with_expired_jwt_access_token? && @jwt_refresh_route
+      if allow_refresh_with_expired_jwt_access_token? && request.path == jwt_refresh_path
         Hash[super].merge!(:verify_expiration=>false)
       else
         super

data/lib/rodauth/features/lockout.rb

@@ -84,6 +84,7 @@ module Rodauth
           set_notice_flash unlock_account_request_notice_flash
         else
           set_redirect_error_status(no_matching_login_error_status)
+          set_error_reason :no_matching_login
           set_redirect_error_flash no_matching_login_message.to_s.capitalize
         end
 
@@ -116,6 +117,7 @@ module Rodauth
         key = session[unlock_account_session_key] || param(unlock_account_key_param)
         unless account_from_unlock_key(key)
           set_redirect_error_status invalid_key_error_status
+          set_error_reason :invalid_unlock_account_key
           set_redirect_error_flash no_matching_unlock_account_key_error_flash
           redirect unlock_account_request_redirect
         end
@@ -134,7 +136,7 @@ module Rodauth
           set_notice_flash unlock_account_notice_flash
           redirect unlock_account_redirect
         else
-          set_response_error_status(invalid_password_error_status)
+          set_response_error_reason_status(:invalid_password, invalid_password_error_status)
           set_field_error(password_param, invalid_password_message)
           set_error_flash unlock_account_error_flash
           unlock_account_view
@@ -271,7 +273,7 @@ module Rodauth
     end
 
     def show_lockout_page
-      set_response_error_status lockout_error_status
+      set_response_error_reason_status(:account_locked_out, lockout_error_status)
       set_error_flash login_lockout_error_flash
       response.write unlock_account_request_view
       request.halt

data/lib/rodauth/features/login.rb

@@ -39,13 +39,13 @@ module Rodauth
 
         catch_error do
           unless account_from_login(param(login_param))
-            throw_error_status(no_matching_login_error_status, login_param, no_matching_login_message)
+            throw_error_reason(:no_matching_login, no_matching_login_error_status, login_param, no_matching_login_message)
           end
 
           before_login_attempt
 
           unless open_account?
-            throw_error_status(unopen_account_error_status, login_param, unverified_account_message)
+            throw_error_reason(:unverified_account, unopen_account_error_status, login_param, unverified_account_message)
           end
 
           if use_multi_phase_login?
@@ -61,7 +61,7 @@ module Rodauth
 
           unless password_match?(param(password_param))
             after_login_failure
-            throw_error_status(login_error_status, password_param, invalid_password_message)
+            throw_error_reason(:invalid_password, login_error_status, password_param, invalid_password_message)
           end
 
           login('password')

data/lib/rodauth/features/login_password_requirements_base.rb

@@ -81,6 +81,11 @@ module Rodauth
     def password_too_short_message
       "minimum #{password_minimum_length} characters"
     end
+    
+    def set_password_requirement_error_message(reason, message)
+      set_error_reason(reason)
+      @password_requirement_message = message
+    end
 
     def login_does_not_meet_requirements_message
       "invalid login#{", #{login_requirement_message}" if login_requirement_message}"
@@ -93,13 +98,18 @@ module Rodauth
     def login_too_short_message
       "minimum #{login_minimum_length} characters"
     end
+    
+    def set_login_requirement_error_message(reason, message)
+      set_error_reason(reason)
+      @login_requirement_message = message
+    end
 
     def login_meets_length_requirements?(login)
       if login_minimum_length > login.length
-        @login_requirement_message = login_too_short_message
+        set_login_requirement_error_message(:login_too_short, login_too_short_message)
         false
       elsif login_maximum_length < login.length
-        @login_requirement_message = login_too_long_message
+        set_login_requirement_error_message(:login_too_long, login_too_long_message)
         false
       else
         true
@@ -109,7 +119,7 @@ module Rodauth
     def login_meets_email_requirements?(login)
       return true unless require_email_address_logins?
       return true if login_valid_email?(login)
-      @login_requirement_message = login_not_valid_email_message
+      set_login_requirement_error_message(:login_not_valid_email, login_not_valid_email_message)
       return false
     end
 
@@ -119,13 +129,13 @@ module Rodauth
 
     def password_meets_length_requirements?(password)
       return true if password_minimum_length <= password.length
-      @password_requirement_message = password_too_short_message
+      set_password_requirement_error_message(:password_too_short, password_too_short_message)
       false
     end
 
     def password_does_not_contain_null_byte?(password)
       return true unless password.include?("\0")
-      @password_requirement_message = contains_null_byte_message
+      set_password_requirement_error_message(:password_contains_null_byte, contains_null_byte_message)
       false
     end
 
@@ -150,4 +160,3 @@ module Rodauth
     end
   end
 end
-

data/lib/rodauth/features/otp.rb

@@ -103,7 +103,7 @@ module Rodauth
       require_otp_setup
 
       if otp_locked_out?
-        set_response_error_status(lockout_error_status)
+        set_response_error_reason_status(:otp_locked_out, lockout_error_status)
         set_redirect_error_flash otp_lockout_error_flash
         redirect otp_lockout_redirect
       end
@@ -122,7 +122,7 @@ module Rodauth
 
         otp_record_authentication_failure
         after_otp_authentication_failure
-        set_response_error_status(invalid_key_error_status)
+        set_response_error_reason_status(:invalid_otp_auth_code, invalid_key_error_status)
         set_field_error(otp_auth_param, otp_invalid_auth_code_message)
         set_error_flash otp_auth_error_flash
         otp_auth_view
@@ -149,7 +149,7 @@ module Rodauth
         catch_error do
           unless otp_valid_key?(secret)
             otp_tmp_key(otp_new_secret)
-            throw_error_status(invalid_field_error_status, otp_setup_param, otp_invalid_secret_message)
+            throw_error_reason(:invalid_otp_secret, invalid_field_error_status, otp_setup_param, otp_invalid_secret_message)
           end
 
           if otp_keys_use_hmac?
@@ -159,11 +159,11 @@ module Rodauth
           end
 
           unless two_factor_password_match?(param(password_param))
-            throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+            throw_error_reason(:invalid_password, invalid_password_error_status, password_param, invalid_password_message)
           end
 
           unless otp_valid_code?(param(otp_auth_param))
-            throw_error_status(invalid_key_error_status, otp_auth_param, otp_invalid_auth_code_message)
+            throw_error_reason(:invalid_otp_auth_code, invalid_key_error_status, otp_auth_param, otp_invalid_auth_code_message)
           end
 
           transaction do
@@ -206,7 +206,7 @@ module Rodauth
           redirect otp_disable_redirect
         end
 
-        set_response_error_status(invalid_password_error_status)
+        set_response_error_reason_status(:invalid_password, invalid_password_error_status)
         set_field_error(password_param, invalid_password_message)
         set_error_flash otp_disable_error_flash
         otp_disable_view
@@ -226,6 +226,7 @@ module Rodauth
     def require_otp_setup
       unless otp_exists?
         set_redirect_error_status(two_factor_not_setup_error_status)
+        set_error_reason :two_factor_not_setup
         set_redirect_error_flash two_factor_not_setup_error_flash
         redirect two_factor_need_setup_redirect
       end

data/lib/rodauth/features/password_complexity.rb

@@ -54,21 +54,21 @@ module Rodauth
     def password_has_enough_character_groups?(password)
       return true if password.length > password_max_length_for_groups_check
       return true if password_character_groups.select{|re| password =~ re}.length >= password_min_groups
-      @password_requirement_message = password_not_enough_character_groups_message
+      set_password_requirement_error_message(:not_enough_character_groups_in_password, password_not_enough_character_groups_message)
       false
     end
 
     def password_has_no_invalid_pattern?(password)
       return true unless password_invalid_pattern
       return true if password !~ password_invalid_pattern
-      @password_requirement_message = password_invalid_pattern_message
+      set_password_requirement_error_message(:invalid_password_pattern, password_invalid_pattern_message)
       false
     end
 
     def password_not_too_many_repeating_characters?(password)
       return true if password_max_repeating_characters < 2
       return true if password !~ /(.)(\1){#{password_max_repeating_characters-1}}/ 
-      @password_requirement_message = password_too_many_repeating_characters_message
+      set_password_requirement_error_message(:too_many_repeating_characters_in_password, password_too_many_repeating_characters_message)
       false
     end
 
@@ -77,7 +77,7 @@ module Rodauth
       return true unless password =~ /\A(?:\d*)([A-Za-z!@$+|][A-Za-z!@$+|0134578]+[A-Za-z!@$+|])(?:\d*)\z/
       word = $1.downcase.tr('!@$+|0134578', 'iastloleastb')
       return true if !dict.include?(word)
-      @password_requirement_message = password_in_dictionary_message
+      set_password_requirement_error_message(:password_in_dictionary, password_in_dictionary_message)
       false
     end
   end

data/lib/rodauth/features/recovery_codes.rb

@@ -76,7 +76,7 @@ module Rodauth
           two_factor_authenticate('recovery_code')
         end
 
-        set_response_error_status(invalid_key_error_status)
+        set_response_error_reason_status(:invalid_recovery_code, invalid_key_error_status)
         set_field_error(recovery_codes_param, invalid_recovery_code_message)
         set_error_flash invalid_recovery_code_error_flash
         recovery_auth_view
@@ -119,7 +119,7 @@ module Rodauth
             set_error_flash view_recovery_codes_error_flash
           end
 
-          set_response_error_status(invalid_password_error_status)
+          set_response_error_reason_status(:invalid_password, invalid_password_error_status)
           set_field_error(password_param, invalid_password_message)
           recovery_codes_view
         end

data/lib/rodauth/features/remember.rb

@@ -74,7 +74,7 @@ module Rodauth
           set_notice_flash remember_notice_flash
           redirect remember_redirect
         else
-          set_response_error_status(invalid_field_error_status)
+          set_response_error_reason_status(:invalid_remember_param, invalid_field_error_status)
           set_error_flash remember_error_flash
           remember_view
         end

data/lib/rodauth/features/reset_password.rb

@@ -68,11 +68,11 @@ module Rodauth
       r.post do
         catch_error do
           unless account_from_login(param(login_param))
-            throw_error_status(no_matching_login_error_status, login_param, no_matching_login_message)
+            throw_error_reason(:no_matching_login, no_matching_login_error_status, login_param, no_matching_login_message)
           end
 
           unless open_account?
-            throw_error_status(unopen_account_error_status, login_param, unverified_account_message)
+            throw_error_reason(:unverified_account, unopen_account_error_status, login_param, unverified_account_message)
           end
 
           if reset_password_email_recently_sent?
@@ -123,6 +123,7 @@ module Rodauth
         key = session[reset_password_session_key] || param(reset_password_key_param)
         unless account_from_reset_password_key(key)
           set_redirect_error_status(invalid_key_error_status)
+          set_error_reason :invalid_reset_password_key
           set_redirect_error_flash reset_password_error_flash
           redirect reset_password_email_sent_redirect
         end
@@ -130,11 +131,11 @@ module Rodauth
         password = param(password_param)
         catch_error do
           if password_match?(password) 
-            throw_error_status(invalid_field_error_status, password_param, same_as_existing_password_message)
+            throw_error_reason(:same_as_existing_password, invalid_field_error_status, password_param, same_as_existing_password_message)
           end
 
           if require_password_confirmation? && password != param(password_confirm_param)
-            throw_error_status(unmatched_field_error_status, password_param, passwords_do_not_match_message)
+            throw_error_reason(:passwords_do_not_match, unmatched_field_error_status, password_param, passwords_do_not_match_message)
           end
 
           unless password_meets_requirements?(password)

data/lib/rodauth/features/session_expiration.rb

@@ -38,6 +38,7 @@ module Rodauth
     def expire_session
       clear_session
       set_redirect_error_status session_expiration_error_status
+      set_error_reason :session_expired
       set_redirect_error_flash session_expiration_error_flash
       redirect session_expiration_redirect
     end

data/lib/rodauth/features/single_session.rb

@@ -57,6 +57,7 @@ module Rodauth
     def no_longer_active_session
       clear_session
       set_redirect_error_status inactive_session_error_status
+      set_error_reason :inactive_session
       set_redirect_error_flash single_session_error_flash
       redirect single_session_redirect
     end

data/lib/rodauth/features/sms_codes.rb

@@ -146,7 +146,7 @@ module Rodauth
           sms_set_code(nil)
         end
 
-        set_response_error_status(invalid_key_error_status)
+        set_response_error_reason_status(:no_current_sms_code, invalid_key_error_status)
         set_redirect_error_flash no_current_sms_code_error_flash
         redirect sms_request_redirect
       end
@@ -169,7 +169,7 @@ module Rodauth
           end
         end
 
-        set_response_error_status(invalid_key_error_status)
+        set_response_error_reason_status(:invalid_sms_code, invalid_key_error_status)
         set_field_error(sms_code_param, sms_invalid_code_message)
         set_error_flash sms_invalid_code_error_flash
         sms_auth_view
@@ -186,6 +186,7 @@ module Rodauth
 
       if sms_needs_confirmation?
         set_redirect_error_status(sms_needs_confirmation_error_status)
+        set_error_reason :sms_needs_confirmation
         set_redirect_error_flash sms_needs_confirmation_error_flash
         redirect sms_needs_confirmation_redirect
       end
@@ -199,13 +200,13 @@ module Rodauth
       r.post do
         catch_error do
           unless two_factor_password_match?(param(password_param))
-            throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+            throw_error_reason(:invalid_password, invalid_password_error_status, password_param, invalid_password_message)
           end
 
           phone = sms_normalize_phone(param(sms_phone_param))
 
           unless sms_valid_phone?(phone)
-            throw_error_status(invalid_field_error_status, sms_phone_param, sms_invalid_phone_message)
+            throw_error_reason(:invalid_phone_number, invalid_field_error_status, sms_phone_param, sms_invalid_phone_message)
           end
 
           transaction do
@@ -254,6 +255,7 @@ module Rodauth
 
         sms_confirm_failure
         set_redirect_error_status(invalid_key_error_status)
+        set_error_reason :invalid_sms_confirmation_code
         set_redirect_error_flash sms_invalid_confirmation_code_error_flash
         redirect sms_needs_setup_redirect
       end
@@ -282,7 +284,7 @@ module Rodauth
           redirect sms_disable_redirect
         end
 
-        set_response_error_status(invalid_password_error_status)
+        set_response_error_reason_status(:invalid_password, invalid_password_error_status)
         set_field_error(password_param, invalid_password_message)
         set_error_flash sms_disable_error_flash
         sms_disable_view
@@ -302,6 +304,7 @@ module Rodauth
     def require_sms_setup
       unless sms_setup?
         set_redirect_error_status(two_factor_not_setup_error_status)
+        set_error_reason :sms_not_setup
         set_redirect_error_flash sms_not_setup_error_flash
         redirect sms_needs_setup_redirect
       end
@@ -310,6 +313,7 @@ module Rodauth
     def require_sms_not_setup
       if sms_setup?
         set_redirect_error_status(sms_already_setup_error_status)
+        set_error_reason :sms_already_setup
         set_redirect_error_flash sms_already_setup_error_flash
         redirect sms_already_setup_redirect
       end
@@ -320,6 +324,7 @@ module Rodauth
 
       if sms_locked_out?
         set_redirect_error_status(lockout_error_status)
+        set_error_reason :sms_locked_out
         set_redirect_error_flash sms_lockout_error_flash
         redirect sms_lockout_redirect
       end

data/lib/rodauth/features/two_factor_base.rb

@@ -106,7 +106,7 @@ module Rodauth
           redirect two_factor_disable_redirect
         end
 
-        set_response_error_status(invalid_password_error_status)
+        set_response_error_reason_status(:invalid_password, invalid_password_error_status)
         set_field_error(password_param, invalid_password_message)
         set_error_flash two_factor_disable_error_flash
         two_factor_disable_view
@@ -144,6 +144,7 @@ module Rodauth
       return if uses_two_factor_authentication?
 
       set_redirect_error_status(two_factor_not_setup_error_status)
+      set_error_reason :two_factor_not_setup
       set_redirect_error_flash two_factor_not_setup_error_flash
       redirect two_factor_need_setup_redirect
     end
@@ -151,6 +152,7 @@ module Rodauth
     def require_two_factor_not_authenticated(auth_type = nil)
       if two_factor_authenticated? || (auth_type && two_factor_login_type_match?(auth_type))
         set_redirect_error_status(two_factor_already_authenticated_error_status)
+        set_error_reason :two_factor_already_authenticated
         set_redirect_error_flash two_factor_already_authenticated_error_flash
         redirect two_factor_already_authenticated_redirect
       end
@@ -162,6 +164,7 @@ module Rodauth
           set_session_value(two_factor_auth_redirect_session_key, request.fullpath)
         end
         set_redirect_error_status(two_factor_need_authentication_error_status)
+        set_error_reason :two_factor_need_authentication
         set_redirect_error_flash two_factor_need_authentication_error_flash
         redirect two_factor_auth_required_redirect
       end

data/lib/rodauth/features/verify_account.rb

@@ -87,6 +87,7 @@ module Rodauth
           set_notice_flash verify_account_email_sent_notice_flash
         else
           set_redirect_error_status(no_matching_login_error_status)
+          set_error_reason :no_matching_login
           set_redirect_error_flash verify_account_resend_error_flash
         end
         
@@ -120,6 +121,7 @@ module Rodauth
         key = session[verify_account_session_key] || param(verify_account_key_param)
         unless account_from_verify_account_key(key)
           set_redirect_error_status(invalid_key_error_status)
+          set_error_reason :invalid_verify_account_key
           set_redirect_error_flash verify_account_error_flash
           redirect verify_account_redirect
         end
@@ -129,7 +131,7 @@ module Rodauth
             password = param(password_param)
 
             if require_password_confirmation? && password != param(password_confirm_param)
-              throw_error_status(unmatched_field_error_status, password_param, passwords_do_not_match_message)
+              throw_error_reason(:passwords_do_not_match, unmatched_field_error_status, password_param, passwords_do_not_match_message)
             end
 
             unless password_meets_requirements?(password)
@@ -192,6 +194,7 @@ module Rodauth
     def new_account(login)
       if account_from_login(login) && allow_resending_verify_account_email?
         set_redirect_error_status(unopen_account_error_status)
+        set_error_reason :already_an_unverified_account_with_this_login
         set_error_flash attempt_to_create_unverified_account_error_flash
         response.write resend_verify_account_view
         request.halt
@@ -269,6 +272,7 @@ module Rodauth
     def before_login_attempt
       unless open_account?
         set_redirect_error_status(unopen_account_error_status)
+        set_error_reason :unverified_account
         set_error_flash attempt_to_login_to_unverified_account_error_flash
         response.write resend_verify_account_view
         request.halt

data/lib/rodauth/features/verify_login_change.rb

@@ -74,6 +74,7 @@ module Rodauth
         key = session[verify_login_change_session_key] || param(verify_login_change_key_param)
         unless account_from_verify_login_change_key(key)
           set_redirect_error_status(invalid_key_error_status)
+          set_error_reason :invalid_verify_login_change_key
           set_redirect_error_flash verify_login_change_error_flash
           redirect verify_login_change_redirect
         end
@@ -82,6 +83,7 @@ module Rodauth
           before_verify_login_change
           unless verify_login_change
             set_redirect_error_status(invalid_key_error_status)
+            set_error_reason :already_an_account_with_this_login
             set_redirect_error_flash verify_login_change_duplicate_account_error_flash
             redirect verify_login_change_duplicate_account_redirect
           end
@@ -151,7 +153,7 @@ module Rodauth
 
     def update_login(login)
       if _account_from_login(login)
-        @login_requirement_message = already_an_account_with_this_login_message
+        set_login_requirement_error_message(:already_an_account_with_this_login, already_an_account_with_this_login_message)
         return false
       end
 
@@ -213,4 +215,3 @@ module Rodauth
     end
   end
 end
-

data/lib/rodauth/features/webauthn.rb

@@ -182,7 +182,7 @@ module Rodauth
           end
 
           if throw_error
-            throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_duplicate_webauthn_id_message)
+            throw_error_reason(:duplicate_webauthn_id, invalid_field_error_status, webauthn_setup_param, webauthn_duplicate_webauthn_id_message)
           end
 
           set_notice_flash webauthn_setup_notice_flash
@@ -207,17 +207,17 @@ module Rodauth
       r.post do
         catch_error do
           unless webauthn_id = param_or_nil(webauthn_remove_param)
-            throw_error_status(invalid_field_error_status, webauthn_remove_param, webauthn_invalid_remove_param_message)
+            throw_error_reason(:invalid_webauthn_remove_param, invalid_field_error_status, webauthn_remove_param, webauthn_invalid_remove_param_message)
           end
 
           unless two_factor_password_match?(param(password_param))
-            throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+            throw_error_reason(:invalid_password, invalid_password_error_status, password_param, invalid_password_message)
           end
 
           transaction do
             before_webauthn_remove
             unless remove_webauthn_key(webauthn_id)
-              throw_error_status(invalid_field_error_status, webauthn_remove_param, webauthn_invalid_remove_param_message)
+              throw_error_reason(:invalid_webauthn_remove_param, invalid_field_error_status, webauthn_remove_param, webauthn_invalid_remove_param_message)
             end
             if authenticated_webauthn_id == webauthn_id && two_factor_login_type_match?('webauthn')
               webauthn_remove_authenticated_session
@@ -342,7 +342,7 @@ module Rodauth
     end
 
     def handle_webauthn_sign_count_verification_error
-      throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_sign_count_message) 
+      throw_error_reason(:invalid_webauthn_sign_count, invalid_field_error_status, webauthn_auth_param, webauthn_invalid_sign_count_message) 
     end
 
     def add_webauthn_credential(webauthn_credential)
@@ -392,6 +392,7 @@ module Rodauth
     def require_webauthn_setup
       unless webauthn_setup?
         set_redirect_error_status(webauthn_not_setup_error_status)
+        set_error_reason :webauthn_not_setup
         set_redirect_error_flash webauthn_not_setup_error_flash
         redirect two_factor_need_setup_redirect
       end
@@ -450,23 +451,23 @@ module Rodauth
         begin
           auth_data = JSON.parse(auth_data)
         rescue
-          throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 
+          throw_error_reason(:invalid_webauthn_auth_param, invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 
         end
       when Hash
         # nothing
       else
-        throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message)
+        throw_error_reason(:invalid_webauthn_auth_param, invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message)
       end
 
       begin
         webauthn_credential = WebAuthn::Credential.from_get(auth_data)
         unless valid_webauthn_credential_auth?(webauthn_credential)
-          throw_error_status(invalid_key_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message)
+          throw_error_reason(:invalid_webauthn_auth_param, invalid_key_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message)
         end
       rescue WebAuthn::SignCountVerificationError
         handle_webauthn_sign_count_verification_error
       rescue WebAuthn::Error, RuntimeError, NoMethodError
-        throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 
+        throw_error_reason(:invalid_webauthn_auth_param, invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 
       end
 
       webauthn_credential
@@ -478,25 +479,25 @@ module Rodauth
         begin
           setup_data = JSON.parse(setup_data)
         rescue
-          throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
+          throw_error_reason(:invalid_webauthn_setup_param, invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
         end
       when Hash
         # nothing
       else
-        throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message)
+        throw_error_reason(:invalid_webauthn_setup_param, invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message)
       end
 
       unless two_factor_password_match?(param(password_param))
-        throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+        throw_error_reason(:invalid_password, invalid_password_error_status, password_param, invalid_password_message)
       end
 
       begin
         webauthn_credential = WebAuthn::Credential.from_create(setup_data)
         unless valid_new_webauthn_credential?(webauthn_credential)
-          throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
+          throw_error_reason(:invalid_webauthn_setup_param, invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
         end
       rescue WebAuthn::Error, RuntimeError, NoMethodError
-        throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
+        throw_error_reason(:invalid_webauthn_setup_param, invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
       end
 
       webauthn_credential

data/lib/rodauth/features/webauthn_login.rb

@@ -17,7 +17,7 @@ module Rodauth
       r.post do
         catch_error do
           unless account_from_login(param(login_param)) && open_account?
-            throw_error_status(no_matching_login_error_status, login_param, no_matching_login_message) 
+            throw_error_reason(:no_matching_login, no_matching_login_error_status, login_param, no_matching_login_message) 
           end
 
           webauthn_credential = webauthn_auth_credential_from_form_submission

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 12
+  MINOR = 13
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/templates/button.str

@@ -1,3 +1,3 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <input type="submit" #{"name=\"#{h opts[:name]}\"" if opts[:name]} class="#{h(opts[:class] || 'btn btn-primary')}" value="#{h value}"/>
 </div>

data/templates/change-password.str

@@ -2,8 +2,8 @@
   #{rodauth.change_password_additional_form_tags}
   #{rodauth.csrf_tag}
   #{rodauth.render('password-field') if rodauth.change_password_requires_password?}
-  <div class="form-group">
-    <label for="new-password">#{rodauth.new_password_label}#{rodauth.input_field_label_suffix}</label>
+  <div class="form-group mb-3">
+    <label for="new-password" class="form-label">#{rodauth.new_password_label}#{rodauth.input_field_label_suffix}</label>
     #{rodauth.input_field_string(rodauth.new_password_param, 'new-password', :type => 'password', :autocomplete=>"new-password")}
   </div>
   #{rodauth.render('password-confirm-field') if rodauth.require_password_confirmation?}

data/templates/global-logout-field.str

@@ -1,4 +1,4 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <div class="form-check checkbox">
     <input type="checkbox" name="#{rodauth.global_logout_param}" class="form-check-input" id="global-logout" value="t"/>
     <label class="rodauth-global-logout-label form-check-label" for="global-logout">#{rodauth.global_logout_label}</label>

data/templates/login-confirm-field.str

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <label for="login-confirm">#{rodauth.login_confirm_label}#{rodauth.input_field_label_suffix}</label>
+<div class="form-group mb-3">
+  <label for="login-confirm" class="form-label">#{rodauth.login_confirm_label}#{rodauth.input_field_label_suffix}</label>
   #{rodauth.input_field_string(rodauth.login_confirm_param, 'login-confirm', :type=>rodauth.login_input_type, :autocomplete=>rodauth.login_uses_email? ? "email" : "on")}
 </div>

data/templates/login-display.str

@@ -1,5 +1,5 @@
-<div class="form-group">
+<div class="form-group mb-3">
   #{rodauth.login_hidden_field}
-  <label for="login">#{rodauth.login_label}</label>
+  <label for="login" class="form-label">#{rodauth.login_label}</label>
   <div class="form-control-plaintext form-control-static">#{h rodauth.param(rodauth.login_param)}</div>
 </div>

data/templates/login-field.str

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <label for="login">#{rodauth.login_label}#{rodauth.input_field_label_suffix}</label>
+<div class="form-group mb-3">
+  <label for="login" class="form-label">#{rodauth.login_label}#{rodauth.input_field_label_suffix}</label>
   #{rodauth.input_field_string(rodauth.login_param, 'login', :type=>rodauth.login_input_type, :autocomplete=>rodauth.login_uses_email? ? "email" : "on")}
 </div>

data/templates/otp-auth-code-field.str

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <label for="otp-auth-code">#{rodauth.otp_auth_label}#{rodauth.input_field_label_suffix}</label>
+<div class="form-group mb-3">
+  <label for="otp-auth-code" class="form-label">#{rodauth.otp_auth_label}#{rodauth.input_field_label_suffix}</label>
   <div class="row">
     <div class="col-sm-3">
       #{rodauth.input_field_string(rodauth.otp_auth_param, 'otp-auth-code', :value=>'', :autocomplete=>"off", :inputmode=>'numeric')}

data/templates/otp-setup.str

@@ -3,14 +3,14 @@
   <input type="hidden" id="otp-key" name="#{rodauth.otp_setup_param}" value="#{rodauth.otp_user_key}" />
   #{"<input type=\"hidden\" id=\"otp-hmac-secret\" name=\"#{rodauth.otp_setup_raw_param}\" value=\"#{rodauth.otp_key}\" />" if rodauth.otp_keys_use_hmac?}
   #{rodauth.csrf_tag}
-  <div class="form-group">
+  <div class="form-group mb-3">
     <p>#{rodauth.otp_secret_label}: #{rodauth.otp_user_key}</p>
     <p>#{rodauth.otp_provisioning_uri_label}: #{rodauth.otp_provisioning_uri}</p>
   </div>
  
   <div class="row">
     <div class="col-lg-6 col-lg">
-      <div class="form-group">
+      <div class="form-group mb-3">
         <p>#{rodauth.otp_qr_code}</p>
       </div>
     </div>

data/templates/password-confirm-field.str

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <label for="password-confirm">#{rodauth.password_confirm_label}#{rodauth.input_field_label_suffix}</label>
+<div class="form-group mb-3">
+  <label for="password-confirm" class="form-label">#{rodauth.password_confirm_label}#{rodauth.input_field_label_suffix}</label>
   #{rodauth.input_field_string(rodauth.password_confirm_param, 'password-confirm', :type => 'password', :autocomplete=>'new-password')}
 </div>

data/templates/password-field.str

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <label for="password">#{rodauth.password_label}#{rodauth.input_field_label_suffix}</label>
+<div class="form-group mb-3">
+  <label for="password" class="form-label">#{rodauth.password_label}#{rodauth.input_field_label_suffix}</label>
   #{rodauth.input_field_string(rodauth.password_param, 'password', :type => 'password', :autocomplete=>rodauth.password_field_autocomplete_value)}
 </div>

data/templates/recovery-auth.str

@@ -1,8 +1,8 @@
 <form method="post" class="rodauth" role="form" id="recovery-auth-form">
   #{rodauth.recovery_auth_additional_form_tags}
   #{rodauth.csrf_tag}
-  <div class="form-group">
-    <label for="recovery-code">#{rodauth.recovery_codes_label}#{rodauth.input_field_label_suffix}</label>
+  <div class="form-group mb-3">
+    <label for="recovery-code" class="form-label">#{rodauth.recovery_codes_label}#{rodauth.input_field_label_suffix}</label>
     #{rodauth.input_field_string(rodauth.recovery_codes_param, 'recovery-code', :value => '', :autocomplete=>'off')}
   </div>
   #{rodauth.button(rodauth.recovery_auth_button)}

data/templates/remember.str

@@ -1,7 +1,7 @@
 <form method="post" class="rodauth" role="form" id="remember-form">
   #{rodauth.remember_additional_form_tags}
   #{rodauth.csrf_tag}
-  <fieldset class="form-group">
+  <fieldset class="form-group mb-3">
     <div class="form-check radio">
       <input type="radio" name="#{rodauth.remember_param}" id="remember-remember" value="#{h rodauth.remember_remember_param_value}" class="form-check-input"/>
       <label class="form-check-label" for="remember-remember">#{rodauth.remember_remember_label}</label>

data/templates/sms-code-field.str

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <label for="sms-code">#{rodauth.sms_code_label}#{rodauth.input_field_label_suffix}</label>
+<div class="form-group mb-3">
+  <label for="sms-code" class="form-label">#{rodauth.sms_code_label}#{rodauth.input_field_label_suffix}</label>
   <div class="row">
     <div class="col-sm-3">
       #{rodauth.input_field_string(rodauth.sms_code_param, 'sms-code', :value => '', :autocomplete=>'one-time-code', :inputmode=>'numeric')}

data/templates/sms-setup.str

@@ -2,8 +2,8 @@
   #{rodauth.sms_setup_additional_form_tags}
   #{rodauth.csrf_tag}
   #{rodauth.render('password-field') if rodauth.two_factor_modifications_require_password?}
-  <div class="form-group">
-    <label for="sms-phone">#{rodauth.sms_phone_label}#{rodauth.input_field_label_suffix}</label>
+  <div class="form-group mb-3">
+    <label for="sms-phone" class="form-label">#{rodauth.sms_phone_label}#{rodauth.input_field_label_suffix}</label>
     <div class="row">
       <div class="col-sm-3">
         #{rodauth.input_field_string(rodauth.sms_phone_param, 'sms-phone', :type=>rodauth.sms_phone_input_type, :autocomplete=>'tel')}

data/templates/webauthn-remove.str

@@ -2,7 +2,7 @@
   #{rodauth.webauthn_remove_additional_form_tags}
   #{rodauth.csrf_tag}
   #{rodauth.render('password-field') if rodauth.two_factor_modifications_require_password?}
-  <fieldset class="form-group">
+  <fieldset class="form-group mb-3">
     #{(usage = rodauth.account_webauthn_usage; last_id = usage.keys.last; usage;).map do |id, last_use|
       input = rodauth.input_field_string(rodauth.webauthn_remove_param, "webauthn-remove-#{h id}", :type=>'radio', :class=>"form-check-input", :skip_error_message=>true, :value=>id, :required=>false)
       label = "<label class=\"rodauth-webauthn-id form-check-label\" for=\"webauthn-remove-#{h id}\">Last Use: #{last_use}</label>"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.12.0
+  version: 2.13.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-22 00:00:00.000000000 Z
+date: 2021-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -266,6 +266,7 @@ extra_rdoc_files:
 - doc/disallow_password_reuse.rdoc
 - doc/email_auth.rdoc
 - doc/email_base.rdoc
+- doc/error_reasons.rdoc
 - doc/http_basic_auth.rdoc
 - doc/json.rdoc
 - doc/jwt.rdoc
@@ -323,6 +324,7 @@ extra_rdoc_files:
 - doc/release_notes/2.10.0.txt
 - doc/release_notes/2.11.0.txt
 - doc/release_notes/2.12.0.txt
+- doc/release_notes/2.13.0.txt
 - doc/release_notes/2.2.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
@@ -351,6 +353,7 @@ files:
 - doc/disallow_password_reuse.rdoc
 - doc/email_auth.rdoc
 - doc/email_base.rdoc
+- doc/error_reasons.rdoc
 - doc/guides/admin_activation.rdoc
 - doc/guides/already_authenticated.rdoc
 - doc/guides/alternative_login.rdoc
@@ -417,6 +420,7 @@ files:
 - doc/release_notes/2.10.0.txt
 - doc/release_notes/2.11.0.txt
 - doc/release_notes/2.12.0.txt
+- doc/release_notes/2.13.0.txt
 - doc/release_notes/2.2.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt