rodauth 2.12.0 → 2.16.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +30 -0
  3. data/README.rdoc +50 -7
  4. data/doc/base.rdoc +1 -0
  5. data/doc/error_reasons.rdoc +73 -0
  6. data/doc/internal_request.rdoc +463 -0
  7. data/doc/path_class_methods.rdoc +10 -0
  8. data/doc/release_notes/2.13.0.txt +19 -0
  9. data/doc/release_notes/2.14.0.txt +17 -0
  10. data/doc/release_notes/2.15.0.txt +48 -0
  11. data/doc/release_notes/2.16.0.txt +20 -0
  12. data/doc/remember.rdoc +1 -0
  13. data/lib/rodauth/features/active_sessions.rb +1 -1
  14. data/lib/rodauth/features/base.rb +26 -1
  15. data/lib/rodauth/features/change_login.rb +6 -4
  16. data/lib/rodauth/features/change_password.rb +5 -3
  17. data/lib/rodauth/features/close_account.rb +3 -1
  18. data/lib/rodauth/features/confirm_password.rb +2 -2
  19. data/lib/rodauth/features/create_account.rb +6 -4
  20. data/lib/rodauth/features/disallow_common_passwords.rb +1 -1
  21. data/lib/rodauth/features/disallow_password_reuse.rb +1 -1
  22. data/lib/rodauth/features/email_auth.rb +6 -0
  23. data/lib/rodauth/features/internal_request.rb +371 -0
  24. data/lib/rodauth/features/jwt_refresh.rb +1 -1
  25. data/lib/rodauth/features/lockout.rb +15 -4
  26. data/lib/rodauth/features/login.rb +6 -3
  27. data/lib/rodauth/features/login_password_requirements_base.rb +15 -6
  28. data/lib/rodauth/features/otp.rb +13 -6
  29. data/lib/rodauth/features/password_complexity.rb +4 -4
  30. data/lib/rodauth/features/path_class_methods.rb +22 -0
  31. data/lib/rodauth/features/recovery_codes.rb +6 -2
  32. data/lib/rodauth/features/remember.rb +25 -10
  33. data/lib/rodauth/features/reset_password.rb +8 -4
  34. data/lib/rodauth/features/session_expiration.rb +1 -0
  35. data/lib/rodauth/features/single_session.rb +1 -0
  36. data/lib/rodauth/features/sms_codes.rb +17 -5
  37. data/lib/rodauth/features/two_factor_base.rb +6 -1
  38. data/lib/rodauth/features/verify_account.rb +8 -1
  39. data/lib/rodauth/features/verify_account_grace_period.rb +1 -1
  40. data/lib/rodauth/features/verify_login_change.rb +5 -2
  41. data/lib/rodauth/features/webauthn.rb +15 -14
  42. data/lib/rodauth/features/webauthn_login.rb +1 -1
  43. data/lib/rodauth/version.rb +1 -1
  44. data/lib/rodauth.rb +20 -2
  45. data/templates/button.str +1 -1
  46. data/templates/change-password.str +2 -2
  47. data/templates/global-logout-field.str +1 -1
  48. data/templates/login-confirm-field.str +2 -2
  49. data/templates/login-display.str +2 -2
  50. data/templates/login-field.str +2 -2
  51. data/templates/otp-auth-code-field.str +2 -2
  52. data/templates/otp-setup.str +2 -2
  53. data/templates/password-confirm-field.str +2 -2
  54. data/templates/password-field.str +2 -2
  55. data/templates/recovery-auth.str +2 -2
  56. data/templates/remember.str +1 -1
  57. data/templates/sms-code-field.str +2 -2
  58. data/templates/sms-setup.str +2 -2
  59. data/templates/webauthn-remove.str +1 -1
  60. metadata +19 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 453992f6df1e1a41e30923334f53146ddd575015f57960dcdadb2b3d4bc496e9
4
- data.tar.gz: 29172b14c9a5c6d88e36c827c4fbc9e4f61fbadadf6b656734ef7058e9dd4a13
3
+ metadata.gz: 03b165b6104e72c5c2ea6d76b3b0bf53380d4eacd90cbdab80b9fd655d80f1c4
4
+ data.tar.gz: af12c12c4bdf9aa47ffd0a34bd7df2858c006edcafa257e60ddd28c962d62630
5
5
  SHA512:
6
- metadata.gz: 956d8809e6ba87044e5aeba7712cc4e907604a632d7113084cda074bf675952fb4e3081cca5adf19a191df6d073e2b9068a313d8d26e81534b70f9eaba20688e
7
- data.tar.gz: aaa0cde299ba115ea281bc18dfe5f02a0d2b35dd95231d9e69662ec340194569a288be916abb2fe0e258c50599c6ea6ef42791824f986d6dc2e295f5db67645a
6
+ metadata.gz: d11f3050e692d426c409a061c4f23489208618613868653a59fad982fd66b62ec4c9fe5b320b390f3789b5fc3d704d2d3ac99d9105bc54f9ee33dcfaa690dfd2
7
+ data.tar.gz: 811fb60b3f055d59866cf3b262ab197e8cf80a1ca7291724e756c58a99f1cdaddf994a73a500cdcff03f600fd1333e49cf3d1830cc9f10d01af641648c9fd930
data/CHANGELOG CHANGED
@@ -1,3 +1,33 @@
1
+ === 2.16.0 (2021-08-23)
2
+
3
+ * Add Rodauth.lib for using Rodauth as a library (jeremyevans)
4
+
5
+ * Make internal_request feature work if the configuration uses only_json? true (janko) (#176)
6
+
7
+ === 2.15.0 (2021-07-27)
8
+
9
+ * Add path_class_methods feature, for getting paths/URLs using class methods (jeremyevans)
10
+
11
+ * Make default base_url method use configured domain (janko) (#171)
12
+
13
+ * Add internal_request feature, for interacting with Rodauth by calling methods (jeremyevans, janko)
14
+
15
+ === 2.14.0 (2021-06-22)
16
+
17
+ * Make jwt_refresh feature allow refresh with expired access tokens even if prefix is not set correctly (jeremyevans) (#168)
18
+
19
+ * Make internal account_in_unverified_grace_period? method handle accounts missing or unverified accounts (janko, jeremyevans) (#167)
20
+
21
+ * Add remembered_session_id configuration method for getting session id from valid remember token if present (bjeanes) (#166)
22
+
23
+ === 2.13.0 (2021-05-22)
24
+
25
+ * Make jwt_refresh expired access token support work when using rodauth.check_active_sessions before calling r.rodauth (renchap) (#165)
26
+
27
+ * Update default templates to add classes for Bootstrap 5 compatibility (janko) (#164)
28
+
29
+ * Add set_error_reason configuration method to allow applications more finer grained error handling (renchap, jeremyevans) (#162)
30
+
1
31
  === 2.12.0 (2021-04-22)
2
32
 
3
33
  * Add configuration methods to active_sessions plugin to control the inserting and updating of rows (janko) (#159)
data/README.rdoc CHANGED
@@ -60,6 +60,8 @@ HTML and JSON API for all supported features.
60
60
  * Argon2
61
61
  * HTTP Basic Auth
62
62
  * Change Password Notify
63
+ * Internal Request
64
+ * Path Class Methods
63
65
 
64
66
  == Resources
65
67
 
@@ -68,7 +70,6 @@ Demo Site :: http://rodauth-demo.jeremyevans.net
68
70
  Source :: http://github.com/jeremyevans/rodauth
69
71
  Bugs :: http://github.com/jeremyevans/rodauth/issues
70
72
  Google Group :: https://groups.google.com/forum/#!forum/rodauth
71
- IRC :: irc://chat.freenode.net/#rodauth
72
73
 
73
74
  == Dependencies
74
75
 
@@ -85,9 +86,9 @@ bcrypt :: Used by default for password hashing, can be skipped
85
86
  if password_match? is overridden for custom authentication.
86
87
  argon2 :: Used by the argon2 feature as alternative to bcrypt for
87
88
  password hashing.
88
- mail :: Used by default for mailing in the reset password, verify
89
- account, verify_login_change, change_password_notify,
90
- lockout, and email_auth features.
89
+ mail :: Used by default for mailing in the reset_password, verify_account,
90
+ verify_login_change, change_password_notify, lockout, and
91
+ email_auth features.
91
92
  rotp :: Used by the otp feature
92
93
  rqrcode :: Used by the otp feature
93
94
  jwt :: Used by the jwt feature
@@ -831,7 +832,7 @@ overriding for all behavior, using any information from the request:
831
832
  plugin :rodauth do
832
833
  enable :login, :logout
833
834
  accounts_table do
834
- request.ip.start_with?("192.168.1") ? :admins : :users
835
+ request.ip.start_with?("192.168.1.") ? :admins : :users
835
836
  end
836
837
  end
837
838
 
@@ -880,6 +881,7 @@ view the appropriate file in the doc directory.
880
881
  * {Disallow Password Reuse}[rdoc-ref:doc/disallow_password_reuse.rdoc]
881
882
  * {Email Authentication}[rdoc-ref:doc/email_auth.rdoc]
882
883
  * {HTTP Basic Auth}[rdoc-ref:doc/http_basic_auth.rdoc]
884
+ * {Internal Request}[rdoc-ref:doc/internal_request.rdoc]
883
885
  * {JSON}[rdoc-ref:doc/json.rdoc]
884
886
  * {JWT CORS}[rdoc-ref:doc/jwt_cors.rdoc]
885
887
  * {JWT Refresh}[rdoc-ref:doc/jwt_refresh.rdoc]
@@ -892,6 +894,7 @@ view the appropriate file in the doc directory.
892
894
  * {Password Expiration}[rdoc-ref:doc/password_expiration.rdoc]
893
895
  * {Password Grace Period}[rdoc-ref:doc/password_grace_period.rdoc]
894
896
  * {Password Pepper}[rdoc-ref:doc/password_pepper.rdoc]
897
+ * {Path Class Methods}[rdoc-ref:doc/path_class_methods.rdoc]
895
898
  * {Recovery Codes}[rdoc-ref:doc/recovery_codes.rdoc]
896
899
  * {Remember}[rdoc-ref:doc/remember.rdoc]
897
900
  * {Reset Password}[rdoc-ref:doc/reset_password.rdoc]
@@ -1051,6 +1054,46 @@ authenticated_webauthn_id :: (webauthn feature) If the current session was
1051
1054
  URL to the route. Any options passed to this method will be converted
1052
1055
  into query parameters.
1053
1056
 
1057
+ === Calling Rodauth Methods for Other Accounts
1058
+
1059
+ In some cases, you may want to interact with Rodauth directly on behalf
1060
+ of a user. For example, let's say you want to create accounts or change passwords
1061
+ for existing accounts. Using Rodauth's internal_request feature, you can do this
1062
+ by:
1063
+
1064
+ plugin :rodauth do
1065
+ enable :create_account, :change_password, :internal_request
1066
+ end
1067
+ rodauth.create_account(login: 'foo@example.com', password: '...')
1068
+ rodauth.change_password(account_id: 24601, password: '...')
1069
+
1070
+ Here the +rodauth+ method is called as the Roda class level, which returns
1071
+ the appropriate <tt>Rodauth::Auth</tt> subclass. You call internal request
1072
+ methods on that class to perform actions on behalf of a user. See the
1073
+ {internal request feature documentation}[rdoc-ref:doc/internal_request.rdoc]
1074
+ for details.
1075
+
1076
+ == Using Rodauth as a Library
1077
+
1078
+ Rodauth was designed to serve as an authentication framework for Rack applications.
1079
+ However, Rodauth can be used purely as a library outside of a web application. You
1080
+ can do this by requiring +rodauth+, and using the +Rodauth.lib+ method to return
1081
+ a <tt>Rodauth::Auth</tt> subclass, which you can call methods on. You pass the
1082
+ +Rodauth.lib+ method an optional hash of Rodauth plugin options and a Rodauth
1083
+ configuration block:
1084
+
1085
+ require 'rodauth'
1086
+ rodauth = Rodauth.lib do
1087
+ enable :create_account, :change_password
1088
+ end
1089
+ rodauth.create_account(login: 'foo@example.com', password: '...')
1090
+ rodauth.change_password(account_id: 24601, password: '...')
1091
+
1092
+ This supports builds on top of the internal_request support (it implicitly loads
1093
+ the internal_request feature before processing the configuration block), and
1094
+ allows the use of Rodauth in non-web applications. Note that you still have to
1095
+ setup a Sequel::Database connection for Rodauth to use for data storage.
1096
+
1054
1097
  === With Multiple Configurations
1055
1098
 
1056
1099
  Rodauth supports using multiple rodauth configurations in the same
@@ -1362,7 +1405,7 @@ custom methods that will be callable on the +rodauth+ object.
1362
1405
 
1363
1406
  === Using External Features
1364
1407
 
1365
- The enable configuration method is able to load features external to
1408
+ The +enable+ configuration method is able to load features external to
1366
1409
  Rodauth. You need to place the external feature file where it can be
1367
1410
  required via rodauth/features/feature_name. That file should
1368
1411
  use the following basic structure
@@ -1401,7 +1444,7 @@ use the following basic structure
1401
1444
  end
1402
1445
  end
1403
1446
 
1404
- See the {internals guide}[rdoc-ref:doc/internals.rdoc] for a more complete
1447
+ See the {internals guide}[rdoc-ref:doc/guides/internals.rdoc] for a more complete
1405
1448
  example of how to construct features.
1406
1449
 
1407
1450
  === Overriding Route-Level Behavior
data/doc/base.rdoc CHANGED
@@ -105,6 +105,7 @@ random_key :: A randomly generated string, used for creating tokens.
105
105
  redirect(path) :: Redirect the request to the given path.
106
106
  session_value :: The value for session_key in the current session.
107
107
  set_error_flash(message) :: Set the current error flash to the given message.
108
+ set_error_reason(reason) :: You can override this method to customize handling of specific error types (does nothing by default). Each separate error type has a separate reason symbol, you can see the {list of error reason symbols}[rdoc-ref:doc/error_reasons.rdoc].
108
109
  set_notice_flash(message) :: Set the next notice flash to the given message.
109
110
  set_notice_now_flash(message) :: Set the current notice flash to the given message.
110
111
  set_redirect_error_flash(message) :: Set the next error flash to the given message.
@@ -0,0 +1,73 @@
1
+ = Error Reasons
2
+
3
+ Rodauth allows for customizing response status codes and error
4
+ messages for each type of error. However, in some cases, the
5
+ response status code is too coarse for desired error handling
6
+ by the application (since many error types use the same status
7
+ code), and using the error message is too fragile since it may
8
+ be translated.
9
+
10
+ For this reason, Rodauth associates a fine grained reason for
11
+ each type of error. If an error occurs in Rodauth, it will
12
+ call the +set_error_reason+ method with a symbol for the
13
+ specific type of error. By default, this method does not do
14
+ anything, but you can use the +set_error_reason+ configuration
15
+ method to customize the error handling.
16
+
17
+ These are the currently supported error type symbols that
18
+ Rodauth will call +set_error_reason+ with:
19
+
20
+ * :account_locked_out
21
+ * :already_an_account_with_this_login
22
+ * :already_an_unverified_account_with_this_login
23
+ * :duplicate_webauthn_id
24
+ * :inactive_session
25
+ * :invalid_email_auth_key
26
+ * :invalid_otp_auth_code
27
+ * :invalid_otp_secret
28
+ * :invalid_password
29
+ * :invalid_password_pattern
30
+ * :invalid_phone_number
31
+ * :invalid_previous_password
32
+ * :invalid_recovery_code
33
+ * :invalid_remember_param
34
+ * :invalid_reset_password_key
35
+ * :invalid_sms_code
36
+ * :invalid_sms_confirmation_code
37
+ * :invalid_unlock_account_key
38
+ * :invalid_verify_account_key
39
+ * :invalid_verify_login_change_key
40
+ * :invalid_webauthn_auth_param
41
+ * :invalid_webauthn_remove_param
42
+ * :invalid_webauthn_setup_param
43
+ * :invalid_webauthn_sign_count
44
+ * :login_not_valid_email
45
+ * :login_required
46
+ * :login_too_long
47
+ * :login_too_short
48
+ * :logins_do_not_match
49
+ * :no_current_sms_code
50
+ * :no_matching_login
51
+ * :not_enough_character_groups_in_password
52
+ * :otp_locked_out
53
+ * :password_authentication_required
54
+ * :password_contains_null_byte
55
+ * :password_does_not_meet_requirements
56
+ * :password_in_dictionary
57
+ * :password_is_one_of_the_most_common
58
+ * :password_same_as_previous_password
59
+ * :password_too_short
60
+ * :passwords_do_not_match
61
+ * :same_as_current_login
62
+ * :same_as_existing_password
63
+ * :session_expired
64
+ * :sms_already_setup
65
+ * :sms_locked_out
66
+ * :sms_needs_confirmation
67
+ * :sms_not_setup
68
+ * :too_many_repeating_characters_in_password
69
+ * :two_factor_already_authenticated
70
+ * :two_factor_need_authentication
71
+ * :two_factor_not_setup
72
+ * :unverified_account
73
+ * :webauthn_not_setup
@@ -0,0 +1,463 @@
1
+ = Documentation for Internal Request Feature
2
+
3
+ The internal request feature allows interacting with Rodauth by
4
+ calling methods, and is expected to be used mostly for administrative
5
+ purposes. It allows for things like an changing a login or password
6
+ for an existing user, without requiring that the user login to the
7
+ system. The reason the feature is named +internal_request+ is that
8
+ it internally submits requests to Rodauth, which are handled almost
9
+ identically to how actual web requests will be handled by Rodauth.
10
+
11
+ The general form of calling these methods is:
12
+
13
+ App.rodauth.internal_request_method(hash)
14
+
15
+ Where +App+ is the Roda class, and +internal_request_method+ is the
16
+ method you are calling. For example:
17
+
18
+ App.rodauth.change_password(account_id: 1, password: 'foobar')
19
+
20
+ Will change the password for the account with id 1 to +foobar+.
21
+
22
+ All internal request methods support the following options. For
23
+ internal requests that require an existing account, you should
24
+ generally use one of the two following options:
25
+
26
+ :account_id :: The id of the account to be considered as logged in when the internal request is submitted (most internal requests require a logged in account). This value is assumed to represent an existing account, the database is not checked to confirm that.
27
+ :account_login :: The login of the account to be considered as logged in when the internal request is submitted (most internal requests require a login). This will query the database to determine the account's id before submitting the request. If there is no non-closed account for the login, this will raise an exception.
28
+
29
+ There are additional options available, that you should only use
30
+ if you have special requirements:
31
+
32
+ :authenticated_by :: The array of strings to use for how the internal request's session was authenticated.
33
+ :env :: A hash to merge into the internal request environment hash. Keys given will override default values, so you will probably have problems if you directly use an existing request environment.
34
+ :session :: A hash for the session to use.
35
+ :params :: A hash of custom parameters.
36
+
37
+ All remaining options are considered parameters. Using the
38
+ previous example:
39
+
40
+ App.rodauth.change_password(account_id: 1, password: 'foobar')
41
+
42
+ The <tt>password: 'foobar'</tt> part means that the parameters
43
+ for the request will be <tt>{rodauth.password_param => 'foobar'}</tt>,
44
+ where +rodauth.password_param+ is the value of +password_param+ in
45
+ your Rodauth configuration (this defaults to <tt>"password"</tt>).
46
+
47
+ Passing any options not mentioned above that are not valid Rodauth
48
+ parameters will result in a warning.
49
+
50
+ == Configuration
51
+
52
+ In general, the configuration for internal requests is almost
53
+ the same as for regular requests. There are some minor changes
54
+ for easier usability. +modifications_require_password?+ (and
55
+ similar methods for requiring password),
56
+ +require_login_confirmation?+, and +require_password_confirmation?+
57
+ are set to false. In general, the caller of the method should not
58
+ be able to determine the user's password, and there is no point
59
+ in requiring parameter confirmation when calling the method
60
+ directly.
61
+
62
+ You can override the configuration for internal requests by using
63
+ the +internal_request_configuration+ configuration method. For
64
+ example, you can set the minimum length for logins to be 15
65
+ for normal requests, but only 3 for internal requests:
66
+
67
+ plugin :rodauth do
68
+ enable :create_account, :internal_request
69
+ login_minimum_length 15
70
+
71
+ internal_request_configuration do
72
+ login_minimum_length 3
73
+ end
74
+ end
75
+
76
+ Another approach for doing this is to call the +internal_request?+
77
+ method inside configuration method blocks:
78
+
79
+ plugin :rodauth do
80
+ enable :create_account, :internal_request
81
+ login_minimum_length{internal_request? ? 3 : 15}
82
+ end
83
+
84
+ == Return Values and Exceptions
85
+
86
+ Internal request methods ending in a question mark return true or false.
87
+ Most other internal request methods return nil on success, and or raise a
88
+ Rodauth::InternalRequestError exception on failure. The exception
89
+ message will include the flash message, {the reason for the
90
+ failure}[rdoc-ref:doc/error_reasons.rdoc] if available, and any field errors.
91
+ This data can also be retrieved via +flash+, +reason+, and +field_errors+
92
+ attributes on the exception object.
93
+
94
+ If an internal request method returns a non-nil value on success,
95
+ it will be documented in the Features section below. In such
96
+ cases, unless documented below, the methods will still raise a
97
+ Rodauth::InternalRequestError exception on failure.
98
+
99
+ == Domain
100
+
101
+ While it is a good idea to use the +domain+ configuration method
102
+ to force a domain to use, as it can avoid DNS rebinding attacks,
103
+ Rodauth can function without it, as it can use the domain of the
104
+ request. However, for internal requests, there is no submitted
105
+ domain, and Rodauth does not know what to use as the domain. To
106
+ avoid potentially using a wrong domain, Rodauth will raise an
107
+ Rodauth::InternalRequestError in internal requests if a domain
108
+ is needed and has not been configured.
109
+
110
+ == Features
111
+
112
+ This section documents the methods that are available for each
113
+ feature. You must load that feature and the internal request feature
114
+ in order to call the internal request methods for that feature.
115
+ Some features support multiple internal request methods, and
116
+ each internal request method supported will be documented under
117
+ the appropriate subheading.
118
+
119
+ If the method subheading states it it requires an account, you
120
+ must pass the +:account_id+ or +account_login+ option when calling
121
+ the method.
122
+
123
+ If the method subheading states it it requires an account or
124
+ a login, you must pass either +:login+, +:account_id+, or
125
+ +account_login+ when calling the method.
126
+
127
+ === Base
128
+
129
+ === account_exists?
130
+
131
+ The +account_exists?+ method returns whether the account exists
132
+ for the given login.
133
+
134
+ Options:
135
+ +:login+ :: (required) The login for the account.
136
+
137
+ === account_id_for_login
138
+
139
+ The +account_id_for_login+ method returns the account id for
140
+ the given login. A Rodauth::InternalRequestError is raised
141
+ if the login given is not valid.
142
+
143
+ Options:
144
+ +:login+ :: (required) The login for the account.
145
+
146
+ === internal_request_eval
147
+
148
+ The +internal_request_eval+ requires a block and will +instance_eval+
149
+ the block the context of an internal request instance. This allows
150
+ you full usage of the +Rodauth::Auth+ API inside the request.
151
+ Before using this method, you should have a good understanding
152
+ of Rodauth's internals and the effects of calling any methods you
153
+ are calling inside the block.
154
+
155
+ The return value of the method will be the return value of the
156
+ block, unless one of the methods in the block has set a
157
+ different return value.
158
+
159
+ === Change Login
160
+
161
+ ==== change_login (requires account)
162
+
163
+ The +change_login+ method changes the login for the account.
164
+
165
+ Options:
166
+ +:login+ :: (required) The new login for the account. Note that if the +:account_login+ option is provided, that is the current login for the account, not the new login.
167
+
168
+ === Change Password
169
+
170
+ ==== change_password (requires account)
171
+
172
+ The +change_password+ method changes the password for the account.
173
+
174
+ Options:
175
+ +:password+ or +new_password+ :: (required) The new password for the account.
176
+
177
+ === Close Account
178
+
179
+ ==== close_account (requires account)
180
+
181
+ The +close_account+ method closes the account. There is no method
182
+ in Rodauth to reopen closed accounts.
183
+
184
+ === Create Account
185
+
186
+ ==== create_account
187
+
188
+ The +create_account+ method creates an account.
189
+
190
+ Options:
191
+ +:login+ :: (required) The login for the created account.
192
+ +:password+ :: The password for the created account.
193
+
194
+ === Email Auth
195
+
196
+ ==== email_auth_request (requires account or login)
197
+
198
+ The +email_auth_request+ method requests an email with an
199
+ authentication link be sent to the account's email address.
200
+
201
+ ==== email_auth
202
+
203
+ The +email_auth+ method determines if the given email authentication
204
+ key is valid.
205
+
206
+ This method will return the account id if the authentication key is
207
+ valid.
208
+
209
+ Options:
210
+ +:email_auth_key+ :: (required) The email authentication key for the account.
211
+
212
+ ==== valid_email_auth?
213
+
214
+ The +valid_email_auth?+ method returns whether the given email
215
+ authentication key is valid.
216
+
217
+ Options:
218
+ +:email_auth_key+ :: (required) The email authentication key for the account.
219
+
220
+ === Lockout
221
+
222
+ ==== lock_account (requires account)
223
+
224
+ The +lock_account+ method locks an account, even if the account has
225
+ not experienced any login failures. This is one method only available
226
+ as an internal request.
227
+
228
+ ==== unlock_account_request (requires account or login)
229
+
230
+ The +unlock_account_request+ method requests an email with an
231
+ link to unlock the account be sent to the account's email address.
232
+
233
+ ==== unlock_account
234
+
235
+ The +unlock_account+ method unlocks the account.
236
+
237
+ If an +:account_id+ or +:account_login+ option is provided, this
238
+ will unlock the account without requiring the unlock account key
239
+ value.
240
+
241
+ Options:
242
+ +:unlock_account_key+ :: The unlock account key for the account. This allows unlocking accounts by key, without knowing the account id or login.
243
+
244
+ === Login
245
+
246
+ ==== login (requires account or login)
247
+
248
+ The +login+ method determines if the given password is valid for
249
+ the given account.
250
+
251
+ This method will return the account id if the password is valid.
252
+
253
+ Options:
254
+ +:password+ :: (required) The password for the account.
255
+
256
+ ==== valid_login_and_password? (requires account or login)
257
+
258
+ The +valid_login_and_password?+ method returns whether the given
259
+ password is valid for the given account.
260
+
261
+ Options:
262
+ +:password+ :: (required) The password for the account.
263
+
264
+ === OTP
265
+
266
+ ==== otp_setup_params (requires account)
267
+
268
+ The +otp_setup_params+ method returns a hash with an +:otp_setup+
269
+ key, and an +:otp_setup_raw+ key if the Rodauth configuration uses
270
+ +hmac_secret+.
271
+
272
+ The +:otp_setup+ key in the returned hash specifies the OTP secret.
273
+
274
+ This hash should be merged into the options submitted to the
275
+ +otp_setup+ method in order to complete OTP setup.
276
+
277
+ ==== otp_setup (requires account)
278
+
279
+ The +otp_setup+ method enables OTP multifactor authentication for
280
+ the account.
281
+
282
+ The values in the hash returned by the +otp_setup_params+ hash
283
+ must be passed as options to this method.
284
+
285
+ Additional Options:
286
+ +:otp_auth+ :: (required) The current OTP authentication code for the OTP secret.
287
+
288
+ ==== otp_auth (requires account)
289
+
290
+ The +otp_auth+ method determines if the OTP authentication code is
291
+ valid for the account.
292
+
293
+ Options:
294
+ +:otp_auth+ :: (required) The current OTP authentication code for account.
295
+
296
+ ==== valid_otp_auth? (requires account)
297
+
298
+ The +valid_otp_auth?+ method returns whether the OTP authentication
299
+ code is valid for the account.
300
+
301
+ Options:
302
+ +:otp_auth+ :: (required) The current OTP authentication code for account.
303
+
304
+ ==== otp_disable (requires account)
305
+
306
+ The +otp_disable+ method disables OTP authentication for the account.
307
+
308
+ === Recovery Codes
309
+
310
+ ==== recovery_codes (requires account)
311
+
312
+ The +recovery_codes+ method returns an array of recovery codes for
313
+ the account. This array can be empty if no recovery codes are setup.
314
+
315
+ Options:
316
+ +:add_recovery_codes+ :: Generate new recovery codes for the account, up to the configured +recovery_codes_limit+, before returning the codes.
317
+
318
+ ==== recovery_auth (requires account)
319
+
320
+ The +recovery_auth+ method determines if the recovery authentication
321
+ code is valid for the account.
322
+
323
+ Options:
324
+ +:recovery_codes+ :: (required) A valid recovery code for the account. This option sounds like it would take an array of recover codes, but it only takes a single recovery code.
325
+
326
+ ==== valid_recovery_auth? (requires account)
327
+
328
+ The +valid_recovery_auth?+ method returns whether the recovery
329
+ authentication code is valid for the account.
330
+
331
+ Options:
332
+ +:recovery_codes+ :: (required) A valid recovery code for the account. This option sounds like it would take an array of recover codes, but it only takes a single recovery code.
333
+
334
+ === Remember
335
+
336
+ ==== remember_setup (requires_account)
337
+
338
+ The +remember_setup+ method setups up the remember feature for
339
+ the account, and returns the cookie value that can be used for
340
+ the remember cookie.
341
+
342
+ ==== remember_disable (requires_account)
343
+
344
+ The +remember_disable+ method disables the remember feature for
345
+ the account.
346
+
347
+ ==== account_id_for_remember_key
348
+
349
+ The +account_id_for_remember_key+ method returns the account id
350
+ for the given remember key.
351
+
352
+ Options:
353
+ +:remember+ :: (required) The remember key for the account. This is the same value returned by +remember_setup+.
354
+
355
+ === Reset Password
356
+
357
+ ==== reset_password_request (requires account or login)
358
+
359
+ The +reset_password_request+ method requests an email with an
360
+ link to reset the password for the account be sent to the account's
361
+ email address.
362
+
363
+ ==== reset_password
364
+
365
+ The +reset_password+ method resets the password for an account.
366
+ This is similar to the +change_password+ method, but requires
367
+ that a reset password key has been created for the account, and
368
+ removes the key after the password has been reset.
369
+
370
+ If an +:account_id+ or +:account_login+ option is provided, this
371
+ will reset the password for the account without requiring the
372
+ reset password key value.
373
+
374
+ Options:
375
+ +:password+ :: (required) The new password for the account.
376
+ +:reset_password_key+ :: The reset password key for the account. This allows resetting passwords by key, without knowing the account id or login.
377
+
378
+ === SMS Codes
379
+
380
+ ==== sms_setup (requires account)
381
+
382
+ The +sms_setup+ method sends an SMS message to the given
383
+ phone number with a code to setup SMS authentication for
384
+ the account.
385
+
386
+ Options:
387
+ +:sms_phone+ :: (required) The phone number to use to setup SMS authentication.
388
+
389
+ ==== sms_confirm (requires account)
390
+
391
+ The +sms_confirm+ method sets up SMS authentication for
392
+ an account, confirming that the SMS authentication code
393
+ sent previously was received.
394
+
395
+ Options:
396
+ +:sms_code+ :: (required) The authentication code sent to the user for setting up SMS authentication.
397
+
398
+ ==== sms_request (requires account)
399
+
400
+ The +sms_setup+ method sends an SMS message to the account's
401
+ SMS phone number with an authentication code for two factor
402
+ authentication.
403
+
404
+ ==== sms_auth (requires account)
405
+
406
+ The +sms_auth+ method determines if the SMS authentication code is
407
+ valid for the account.
408
+
409
+ Options:
410
+ +:sms_code+ :: (required) The authentication code sent to the user via SMS.
411
+
412
+ ==== valid_sms_auth? (requires account)
413
+
414
+ The +valid_sms_auth?+ method returns whether the SMS authentication
415
+ code is valid for the account.
416
+
417
+ Options:
418
+ +:sms_code+ :: (required) The authentication code sent to the user via SMS.
419
+
420
+ ==== sms_disable (requires account)
421
+
422
+ The +sms_disable+ method disables SMS authentication for the account.
423
+
424
+ === Two Factor Base
425
+
426
+ ==== two_factor_disable (requires_account)
427
+
428
+ The +two_factor_disable+ method disables all multifactor authentication
429
+ for the account.
430
+
431
+ === Verify Account
432
+
433
+ ==== verify_account_resend (requires account or login)
434
+
435
+ The +verify_account_resend+ method resends the account verification email
436
+ to the account's email address.
437
+
438
+ ==== verify_account
439
+
440
+ The +verify_account+ method verifies the account.
441
+ to the account's email address.
442
+
443
+ If an +:account_id+ or +:account_login+ option is provided, this
444
+ will verify the account without requiring the verify account key value.
445
+
446
+ Options:
447
+ +:password+ :: The password for the account, if setting up passwords during verification.
448
+ +:verify_account_key+ :: The verify account key for the account. This allows verifying accounts by key, without knowing the account id or login.
449
+
450
+ === Verify Login Change
451
+
452
+ ==== verify_login_change
453
+
454
+ The +verify_login_change+ method verifies the login change for the
455
+ account.
456
+
457
+ If an +:account_id+ or +:account_login+ option is provided, this
458
+ will verify the account without requiring the verify account key value.
459
+ If the +:account_login+ option is provided, it specifies the current
460
+ account login, before the change.
461
+
462
+ Options:
463
+ +:verify_login_change_key+ :: The verify login change key for the account. This allows verifying login changes by key, without knowing the account id or login.