rodauth 2.13.0 → 2.17.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f01d42c90dd22a88566f17b3e77b9495dc1431f004f2f54865cff45a3874ce43
4
- data.tar.gz: b09c0a44b2b4f6ab1eb795b11a69ec7acd1d4ed5ac4abbe45d8bb4072cb61e0f
3
+ metadata.gz: 59e6db4541ac9a7ad8c00cf690d757d6e25b3cbf787b273d4415cc5236add6aa
4
+ data.tar.gz: dacd42d02a586b2ab34e9dbaa916fb77e365fd436d7be60dbe2a2f32074d25e8
5
5
  SHA512:
6
- metadata.gz: 2934f2824b7c805f6400fab52aad9c4aaca2f3bbfb4584688619b0b24b9e052a3cecc4b36b6eb7379e13f2a9bf2bc64e0efac077d932e390270401966223e2ae
7
- data.tar.gz: c1dcf6d140117743baa62ba0715c99584bb80b8aa933f596424f242c2ffb6a31c7d25f0fdba65fed4b1bd93d63692502c7c63b36a1f2b793083b1972c5313304
6
+ metadata.gz: ed735a0beee837826544608e9f79fefc4421b311b0a75724a390d1368fe4ae8e68f5b6960085c45f3ba546e7c0faec034dc19023e1c5da70c0abfab5c75a4116
7
+ data.tar.gz: 8acc037e30b6c7528d7ac6d5c153cdb9f243473ed8a870cf75deff01ae185c0b5bb269f54f2a369e4246c17abe0deff27b576ea207b595cf8eef0cf1d07b8ca5
data/CHANGELOG CHANGED
@@ -1,3 +1,31 @@
1
+ === 2.17.0 (2021-09-24)
2
+
3
+ * Make jwt_refresh work correctly with verify_account_grace_period (jeremyevans)
4
+
5
+ * Use 4xx status code when attempting to login to or create an unverified account (janko) (#177, #178)
6
+
7
+ === 2.16.0 (2021-08-23)
8
+
9
+ * Add Rodauth.lib for using Rodauth as a library (jeremyevans)
10
+
11
+ * Make internal_request feature work if the configuration uses only_json? true (janko) (#176)
12
+
13
+ === 2.15.0 (2021-07-27)
14
+
15
+ * Add path_class_methods feature, for getting paths/URLs using class methods (jeremyevans)
16
+
17
+ * Make default base_url method use configured domain (janko) (#171)
18
+
19
+ * Add internal_request feature, for interacting with Rodauth by calling methods (jeremyevans, janko)
20
+
21
+ === 2.14.0 (2021-06-22)
22
+
23
+ * Make jwt_refresh feature allow refresh with expired access tokens even if prefix is not set correctly (jeremyevans) (#168)
24
+
25
+ * Make internal account_in_unverified_grace_period? method handle accounts missing or unverified accounts (janko, jeremyevans) (#167)
26
+
27
+ * Add remembered_session_id configuration method for getting session id from valid remember token if present (bjeanes) (#166)
28
+
1
29
  === 2.13.0 (2021-05-22)
2
30
 
3
31
  * Make jwt_refresh expired access token support work when using rodauth.check_active_sessions before calling r.rodauth (renchap) (#165)
data/README.rdoc CHANGED
@@ -60,6 +60,8 @@ HTML and JSON API for all supported features.
60
60
  * Argon2
61
61
  * HTTP Basic Auth
62
62
  * Change Password Notify
63
+ * Internal Request
64
+ * Path Class Methods
63
65
 
64
66
  == Resources
65
67
 
@@ -68,7 +70,6 @@ Demo Site :: http://rodauth-demo.jeremyevans.net
68
70
  Source :: http://github.com/jeremyevans/rodauth
69
71
  Bugs :: http://github.com/jeremyevans/rodauth/issues
70
72
  Google Group :: https://groups.google.com/forum/#!forum/rodauth
71
- IRC :: irc://chat.freenode.net/#rodauth
72
73
 
73
74
  == Dependencies
74
75
 
@@ -85,9 +86,9 @@ bcrypt :: Used by default for password hashing, can be skipped
85
86
  if password_match? is overridden for custom authentication.
86
87
  argon2 :: Used by the argon2 feature as alternative to bcrypt for
87
88
  password hashing.
88
- mail :: Used by default for mailing in the reset password, verify
89
- account, verify_login_change, change_password_notify,
90
- lockout, and email_auth features.
89
+ mail :: Used by default for mailing in the reset_password, verify_account,
90
+ verify_login_change, change_password_notify, lockout, and
91
+ email_auth features.
91
92
  rotp :: Used by the otp feature
92
93
  rqrcode :: Used by the otp feature
93
94
  jwt :: Used by the jwt feature
@@ -831,7 +832,7 @@ overriding for all behavior, using any information from the request:
831
832
  plugin :rodauth do
832
833
  enable :login, :logout
833
834
  accounts_table do
834
- request.ip.start_with?("192.168.1") ? :admins : :users
835
+ request.ip.start_with?("192.168.1.") ? :admins : :users
835
836
  end
836
837
  end
837
838
 
@@ -880,6 +881,7 @@ view the appropriate file in the doc directory.
880
881
  * {Disallow Password Reuse}[rdoc-ref:doc/disallow_password_reuse.rdoc]
881
882
  * {Email Authentication}[rdoc-ref:doc/email_auth.rdoc]
882
883
  * {HTTP Basic Auth}[rdoc-ref:doc/http_basic_auth.rdoc]
884
+ * {Internal Request}[rdoc-ref:doc/internal_request.rdoc]
883
885
  * {JSON}[rdoc-ref:doc/json.rdoc]
884
886
  * {JWT CORS}[rdoc-ref:doc/jwt_cors.rdoc]
885
887
  * {JWT Refresh}[rdoc-ref:doc/jwt_refresh.rdoc]
@@ -892,6 +894,7 @@ view the appropriate file in the doc directory.
892
894
  * {Password Expiration}[rdoc-ref:doc/password_expiration.rdoc]
893
895
  * {Password Grace Period}[rdoc-ref:doc/password_grace_period.rdoc]
894
896
  * {Password Pepper}[rdoc-ref:doc/password_pepper.rdoc]
897
+ * {Path Class Methods}[rdoc-ref:doc/path_class_methods.rdoc]
895
898
  * {Recovery Codes}[rdoc-ref:doc/recovery_codes.rdoc]
896
899
  * {Remember}[rdoc-ref:doc/remember.rdoc]
897
900
  * {Reset Password}[rdoc-ref:doc/reset_password.rdoc]
@@ -1051,6 +1054,46 @@ authenticated_webauthn_id :: (webauthn feature) If the current session was
1051
1054
  URL to the route. Any options passed to this method will be converted
1052
1055
  into query parameters.
1053
1056
 
1057
+ === Calling Rodauth Methods for Other Accounts
1058
+
1059
+ In some cases, you may want to interact with Rodauth directly on behalf
1060
+ of a user. For example, let's say you want to create accounts or change passwords
1061
+ for existing accounts. Using Rodauth's internal_request feature, you can do this
1062
+ by:
1063
+
1064
+ plugin :rodauth do
1065
+ enable :create_account, :change_password, :internal_request
1066
+ end
1067
+ rodauth.create_account(login: 'foo@example.com', password: '...')
1068
+ rodauth.change_password(account_id: 24601, password: '...')
1069
+
1070
+ Here the +rodauth+ method is called as the Roda class level, which returns
1071
+ the appropriate <tt>Rodauth::Auth</tt> subclass. You call internal request
1072
+ methods on that class to perform actions on behalf of a user. See the
1073
+ {internal request feature documentation}[rdoc-ref:doc/internal_request.rdoc]
1074
+ for details.
1075
+
1076
+ == Using Rodauth as a Library
1077
+
1078
+ Rodauth was designed to serve as an authentication framework for Rack applications.
1079
+ However, Rodauth can be used purely as a library outside of a web application. You
1080
+ can do this by requiring +rodauth+, and using the +Rodauth.lib+ method to return
1081
+ a <tt>Rodauth::Auth</tt> subclass, which you can call methods on. You pass the
1082
+ +Rodauth.lib+ method an optional hash of Rodauth plugin options and a Rodauth
1083
+ configuration block:
1084
+
1085
+ require 'rodauth'
1086
+ rodauth = Rodauth.lib do
1087
+ enable :create_account, :change_password
1088
+ end
1089
+ rodauth.create_account(login: 'foo@example.com', password: '...')
1090
+ rodauth.change_password(account_id: 24601, password: '...')
1091
+
1092
+ This supports builds on top of the internal_request support (it implicitly loads
1093
+ the internal_request feature before processing the configuration block), and
1094
+ allows the use of Rodauth in non-web applications. Note that you still have to
1095
+ setup a Sequel::Database connection for Rodauth to use for data storage.
1096
+
1054
1097
  === With Multiple Configurations
1055
1098
 
1056
1099
  Rodauth supports using multiple rodauth configurations in the same
@@ -1362,7 +1405,7 @@ custom methods that will be callable on the +rodauth+ object.
1362
1405
 
1363
1406
  === Using External Features
1364
1407
 
1365
- The enable configuration method is able to load features external to
1408
+ The +enable+ configuration method is able to load features external to
1366
1409
  Rodauth. You need to place the external feature file where it can be
1367
1410
  required via rodauth/features/feature_name. That file should
1368
1411
  use the following basic structure
@@ -1401,7 +1444,7 @@ use the following basic structure
1401
1444
  end
1402
1445
  end
1403
1446
 
1404
- See the {internals guide}[rdoc-ref:doc/internals.rdoc] for a more complete
1447
+ See the {internals guide}[rdoc-ref:doc/guides/internals.rdoc] for a more complete
1405
1448
  example of how to construct features.
1406
1449
 
1407
1450
  === Overriding Route-Level Behavior
@@ -0,0 +1,463 @@
1
+ = Documentation for Internal Request Feature
2
+
3
+ The internal request feature allows interacting with Rodauth by
4
+ calling methods, and is expected to be used mostly for administrative
5
+ purposes. It allows for things like an changing a login or password
6
+ for an existing user, without requiring that the user login to the
7
+ system. The reason the feature is named +internal_request+ is that
8
+ it internally submits requests to Rodauth, which are handled almost
9
+ identically to how actual web requests will be handled by Rodauth.
10
+
11
+ The general form of calling these methods is:
12
+
13
+ App.rodauth.internal_request_method(hash)
14
+
15
+ Where +App+ is the Roda class, and +internal_request_method+ is the
16
+ method you are calling. For example:
17
+
18
+ App.rodauth.change_password(account_id: 1, password: 'foobar')
19
+
20
+ Will change the password for the account with id 1 to +foobar+.
21
+
22
+ All internal request methods support the following options. For
23
+ internal requests that require an existing account, you should
24
+ generally use one of the two following options:
25
+
26
+ :account_id :: The id of the account to be considered as logged in when the internal request is submitted (most internal requests require a logged in account). This value is assumed to represent an existing account, the database is not checked to confirm that.
27
+ :account_login :: The login of the account to be considered as logged in when the internal request is submitted (most internal requests require a login). This will query the database to determine the account's id before submitting the request. If there is no non-closed account for the login, this will raise an exception.
28
+
29
+ There are additional options available, that you should only use
30
+ if you have special requirements:
31
+
32
+ :authenticated_by :: The array of strings to use for how the internal request's session was authenticated.
33
+ :env :: A hash to merge into the internal request environment hash. Keys given will override default values, so you will probably have problems if you directly use an existing request environment.
34
+ :session :: A hash for the session to use.
35
+ :params :: A hash of custom parameters.
36
+
37
+ All remaining options are considered parameters. Using the
38
+ previous example:
39
+
40
+ App.rodauth.change_password(account_id: 1, password: 'foobar')
41
+
42
+ The <tt>password: 'foobar'</tt> part means that the parameters
43
+ for the request will be <tt>{rodauth.password_param => 'foobar'}</tt>,
44
+ where +rodauth.password_param+ is the value of +password_param+ in
45
+ your Rodauth configuration (this defaults to <tt>"password"</tt>).
46
+
47
+ Passing any options not mentioned above that are not valid Rodauth
48
+ parameters will result in a warning.
49
+
50
+ == Configuration
51
+
52
+ In general, the configuration for internal requests is almost
53
+ the same as for regular requests. There are some minor changes
54
+ for easier usability. +modifications_require_password?+ (and
55
+ similar methods for requiring password),
56
+ +require_login_confirmation?+, and +require_password_confirmation?+
57
+ are set to false. In general, the caller of the method should not
58
+ be able to determine the user's password, and there is no point
59
+ in requiring parameter confirmation when calling the method
60
+ directly.
61
+
62
+ You can override the configuration for internal requests by using
63
+ the +internal_request_configuration+ configuration method. For
64
+ example, you can set the minimum length for logins to be 15
65
+ for normal requests, but only 3 for internal requests:
66
+
67
+ plugin :rodauth do
68
+ enable :create_account, :internal_request
69
+ login_minimum_length 15
70
+
71
+ internal_request_configuration do
72
+ login_minimum_length 3
73
+ end
74
+ end
75
+
76
+ Another approach for doing this is to call the +internal_request?+
77
+ method inside configuration method blocks:
78
+
79
+ plugin :rodauth do
80
+ enable :create_account, :internal_request
81
+ login_minimum_length{internal_request? ? 3 : 15}
82
+ end
83
+
84
+ == Return Values and Exceptions
85
+
86
+ Internal request methods ending in a question mark return true or false.
87
+ Most other internal request methods return nil on success, and or raise a
88
+ Rodauth::InternalRequestError exception on failure. The exception
89
+ message will include the flash message, {the reason for the
90
+ failure}[rdoc-ref:doc/error_reasons.rdoc] if available, and any field errors.
91
+ This data can also be retrieved via +flash+, +reason+, and +field_errors+
92
+ attributes on the exception object.
93
+
94
+ If an internal request method returns a non-nil value on success,
95
+ it will be documented in the Features section below. In such
96
+ cases, unless documented below, the methods will still raise a
97
+ Rodauth::InternalRequestError exception on failure.
98
+
99
+ == Domain
100
+
101
+ While it is a good idea to use the +domain+ configuration method
102
+ to force a domain to use, as it can avoid DNS rebinding attacks,
103
+ Rodauth can function without it, as it can use the domain of the
104
+ request. However, for internal requests, there is no submitted
105
+ domain, and Rodauth does not know what to use as the domain. To
106
+ avoid potentially using a wrong domain, Rodauth will raise an
107
+ Rodauth::InternalRequestError in internal requests if a domain
108
+ is needed and has not been configured.
109
+
110
+ == Features
111
+
112
+ This section documents the methods that are available for each
113
+ feature. You must load that feature and the internal request feature
114
+ in order to call the internal request methods for that feature.
115
+ Some features support multiple internal request methods, and
116
+ each internal request method supported will be documented under
117
+ the appropriate subheading.
118
+
119
+ If the method subheading states it it requires an account, you
120
+ must pass the +:account_id+ or +account_login+ option when calling
121
+ the method.
122
+
123
+ If the method subheading states it it requires an account or
124
+ a login, you must pass either +:login+, +:account_id+, or
125
+ +account_login+ when calling the method.
126
+
127
+ === Base
128
+
129
+ === account_exists?
130
+
131
+ The +account_exists?+ method returns whether the account exists
132
+ for the given login.
133
+
134
+ Options:
135
+ +:login+ :: (required) The login for the account.
136
+
137
+ === account_id_for_login
138
+
139
+ The +account_id_for_login+ method returns the account id for
140
+ the given login. A Rodauth::InternalRequestError is raised
141
+ if the login given is not valid.
142
+
143
+ Options:
144
+ +:login+ :: (required) The login for the account.
145
+
146
+ === internal_request_eval
147
+
148
+ The +internal_request_eval+ requires a block and will +instance_eval+
149
+ the block the context of an internal request instance. This allows
150
+ you full usage of the +Rodauth::Auth+ API inside the request.
151
+ Before using this method, you should have a good understanding
152
+ of Rodauth's internals and the effects of calling any methods you
153
+ are calling inside the block.
154
+
155
+ The return value of the method will be the return value of the
156
+ block, unless one of the methods in the block has set a
157
+ different return value.
158
+
159
+ === Change Login
160
+
161
+ ==== change_login (requires account)
162
+
163
+ The +change_login+ method changes the login for the account.
164
+
165
+ Options:
166
+ +:login+ :: (required) The new login for the account. Note that if the +:account_login+ option is provided, that is the current login for the account, not the new login.
167
+
168
+ === Change Password
169
+
170
+ ==== change_password (requires account)
171
+
172
+ The +change_password+ method changes the password for the account.
173
+
174
+ Options:
175
+ +:password+ or +new_password+ :: (required) The new password for the account.
176
+
177
+ === Close Account
178
+
179
+ ==== close_account (requires account)
180
+
181
+ The +close_account+ method closes the account. There is no method
182
+ in Rodauth to reopen closed accounts.
183
+
184
+ === Create Account
185
+
186
+ ==== create_account
187
+
188
+ The +create_account+ method creates an account.
189
+
190
+ Options:
191
+ +:login+ :: (required) The login for the created account.
192
+ +:password+ :: The password for the created account.
193
+
194
+ === Email Auth
195
+
196
+ ==== email_auth_request (requires account or login)
197
+
198
+ The +email_auth_request+ method requests an email with an
199
+ authentication link be sent to the account's email address.
200
+
201
+ ==== email_auth
202
+
203
+ The +email_auth+ method determines if the given email authentication
204
+ key is valid.
205
+
206
+ This method will return the account id if the authentication key is
207
+ valid.
208
+
209
+ Options:
210
+ +:email_auth_key+ :: (required) The email authentication key for the account.
211
+
212
+ ==== valid_email_auth?
213
+
214
+ The +valid_email_auth?+ method returns whether the given email
215
+ authentication key is valid.
216
+
217
+ Options:
218
+ +:email_auth_key+ :: (required) The email authentication key for the account.
219
+
220
+ === Lockout
221
+
222
+ ==== lock_account (requires account)
223
+
224
+ The +lock_account+ method locks an account, even if the account has
225
+ not experienced any login failures. This is one method only available
226
+ as an internal request.
227
+
228
+ ==== unlock_account_request (requires account or login)
229
+
230
+ The +unlock_account_request+ method requests an email with an
231
+ link to unlock the account be sent to the account's email address.
232
+
233
+ ==== unlock_account
234
+
235
+ The +unlock_account+ method unlocks the account.
236
+
237
+ If an +:account_id+ or +:account_login+ option is provided, this
238
+ will unlock the account without requiring the unlock account key
239
+ value.
240
+
241
+ Options:
242
+ +:unlock_account_key+ :: The unlock account key for the account. This allows unlocking accounts by key, without knowing the account id or login.
243
+
244
+ === Login
245
+
246
+ ==== login (requires account or login)
247
+
248
+ The +login+ method determines if the given password is valid for
249
+ the given account.
250
+
251
+ This method will return the account id if the password is valid.
252
+
253
+ Options:
254
+ +:password+ :: (required) The password for the account.
255
+
256
+ ==== valid_login_and_password? (requires account or login)
257
+
258
+ The +valid_login_and_password?+ method returns whether the given
259
+ password is valid for the given account.
260
+
261
+ Options:
262
+ +:password+ :: (required) The password for the account.
263
+
264
+ === OTP
265
+
266
+ ==== otp_setup_params (requires account)
267
+
268
+ The +otp_setup_params+ method returns a hash with an +:otp_setup+
269
+ key, and an +:otp_setup_raw+ key if the Rodauth configuration uses
270
+ +hmac_secret+.
271
+
272
+ The +:otp_setup+ key in the returned hash specifies the OTP secret.
273
+
274
+ This hash should be merged into the options submitted to the
275
+ +otp_setup+ method in order to complete OTP setup.
276
+
277
+ ==== otp_setup (requires account)
278
+
279
+ The +otp_setup+ method enables OTP multifactor authentication for
280
+ the account.
281
+
282
+ The values in the hash returned by the +otp_setup_params+ hash
283
+ must be passed as options to this method.
284
+
285
+ Additional Options:
286
+ +:otp_auth+ :: (required) The current OTP authentication code for the OTP secret.
287
+
288
+ ==== otp_auth (requires account)
289
+
290
+ The +otp_auth+ method determines if the OTP authentication code is
291
+ valid for the account.
292
+
293
+ Options:
294
+ +:otp_auth+ :: (required) The current OTP authentication code for account.
295
+
296
+ ==== valid_otp_auth? (requires account)
297
+
298
+ The +valid_otp_auth?+ method returns whether the OTP authentication
299
+ code is valid for the account.
300
+
301
+ Options:
302
+ +:otp_auth+ :: (required) The current OTP authentication code for account.
303
+
304
+ ==== otp_disable (requires account)
305
+
306
+ The +otp_disable+ method disables OTP authentication for the account.
307
+
308
+ === Recovery Codes
309
+
310
+ ==== recovery_codes (requires account)
311
+
312
+ The +recovery_codes+ method returns an array of recovery codes for
313
+ the account. This array can be empty if no recovery codes are setup.
314
+
315
+ Options:
316
+ +:add_recovery_codes+ :: Generate new recovery codes for the account, up to the configured +recovery_codes_limit+, before returning the codes.
317
+
318
+ ==== recovery_auth (requires account)
319
+
320
+ The +recovery_auth+ method determines if the recovery authentication
321
+ code is valid for the account.
322
+
323
+ Options:
324
+ +:recovery_codes+ :: (required) A valid recovery code for the account. This option sounds like it would take an array of recover codes, but it only takes a single recovery code.
325
+
326
+ ==== valid_recovery_auth? (requires account)
327
+
328
+ The +valid_recovery_auth?+ method returns whether the recovery
329
+ authentication code is valid for the account.
330
+
331
+ Options:
332
+ +:recovery_codes+ :: (required) A valid recovery code for the account. This option sounds like it would take an array of recover codes, but it only takes a single recovery code.
333
+
334
+ === Remember
335
+
336
+ ==== remember_setup (requires_account)
337
+
338
+ The +remember_setup+ method setups up the remember feature for
339
+ the account, and returns the cookie value that can be used for
340
+ the remember cookie.
341
+
342
+ ==== remember_disable (requires_account)
343
+
344
+ The +remember_disable+ method disables the remember feature for
345
+ the account.
346
+
347
+ ==== account_id_for_remember_key
348
+
349
+ The +account_id_for_remember_key+ method returns the account id
350
+ for the given remember key.
351
+
352
+ Options:
353
+ +:remember+ :: (required) The remember key for the account. This is the same value returned by +remember_setup+.
354
+
355
+ === Reset Password
356
+
357
+ ==== reset_password_request (requires account or login)
358
+
359
+ The +reset_password_request+ method requests an email with an
360
+ link to reset the password for the account be sent to the account's
361
+ email address.
362
+
363
+ ==== reset_password
364
+
365
+ The +reset_password+ method resets the password for an account.
366
+ This is similar to the +change_password+ method, but requires
367
+ that a reset password key has been created for the account, and
368
+ removes the key after the password has been reset.
369
+
370
+ If an +:account_id+ or +:account_login+ option is provided, this
371
+ will reset the password for the account without requiring the
372
+ reset password key value.
373
+
374
+ Options:
375
+ +:password+ :: (required) The new password for the account.
376
+ +:reset_password_key+ :: The reset password key for the account. This allows resetting passwords by key, without knowing the account id or login.
377
+
378
+ === SMS Codes
379
+
380
+ ==== sms_setup (requires account)
381
+
382
+ The +sms_setup+ method sends an SMS message to the given
383
+ phone number with a code to setup SMS authentication for
384
+ the account.
385
+
386
+ Options:
387
+ +:sms_phone+ :: (required) The phone number to use to setup SMS authentication.
388
+
389
+ ==== sms_confirm (requires account)
390
+
391
+ The +sms_confirm+ method sets up SMS authentication for
392
+ an account, confirming that the SMS authentication code
393
+ sent previously was received.
394
+
395
+ Options:
396
+ +:sms_code+ :: (required) The authentication code sent to the user for setting up SMS authentication.
397
+
398
+ ==== sms_request (requires account)
399
+
400
+ The +sms_setup+ method sends an SMS message to the account's
401
+ SMS phone number with an authentication code for two factor
402
+ authentication.
403
+
404
+ ==== sms_auth (requires account)
405
+
406
+ The +sms_auth+ method determines if the SMS authentication code is
407
+ valid for the account.
408
+
409
+ Options:
410
+ +:sms_code+ :: (required) The authentication code sent to the user via SMS.
411
+
412
+ ==== valid_sms_auth? (requires account)
413
+
414
+ The +valid_sms_auth?+ method returns whether the SMS authentication
415
+ code is valid for the account.
416
+
417
+ Options:
418
+ +:sms_code+ :: (required) The authentication code sent to the user via SMS.
419
+
420
+ ==== sms_disable (requires account)
421
+
422
+ The +sms_disable+ method disables SMS authentication for the account.
423
+
424
+ === Two Factor Base
425
+
426
+ ==== two_factor_disable (requires_account)
427
+
428
+ The +two_factor_disable+ method disables all multifactor authentication
429
+ for the account.
430
+
431
+ === Verify Account
432
+
433
+ ==== verify_account_resend (requires account or login)
434
+
435
+ The +verify_account_resend+ method resends the account verification email
436
+ to the account's email address.
437
+
438
+ ==== verify_account
439
+
440
+ The +verify_account+ method verifies the account.
441
+ to the account's email address.
442
+
443
+ If an +:account_id+ or +:account_login+ option is provided, this
444
+ will verify the account without requiring the verify account key value.
445
+
446
+ Options:
447
+ +:password+ :: The password for the account, if setting up passwords during verification.
448
+ +:verify_account_key+ :: The verify account key for the account. This allows verifying accounts by key, without knowing the account id or login.
449
+
450
+ === Verify Login Change
451
+
452
+ ==== verify_login_change
453
+
454
+ The +verify_login_change+ method verifies the login change for the
455
+ account.
456
+
457
+ If an +:account_id+ or +:account_login+ option is provided, this
458
+ will verify the account without requiring the verify account key value.
459
+ If the +:account_login+ option is provided, it specifies the current
460
+ account login, before the change.
461
+
462
+ Options:
463
+ +:verify_login_change_key+ :: The verify login change key for the account. This allows verifying login changes by key, without knowing the account id or login.
@@ -0,0 +1,10 @@
1
+ = Documentation for Path Class Methods Feature
2
+
3
+ The path class methods feature allows for calling the *_path and *_url
4
+ methods directly on the class, as opposed to an instance of the class.
5
+
6
+ In order for the *_url methods to be used, you must use the base_url
7
+ configuration so that determining the base URL doesn't depend on the
8
+ submitted request, as the request will not be set when using the
9
+ class method. Failure to do this will probably result in a NoMethodError
10
+ being raised.
@@ -0,0 +1,17 @@
1
+ = New Features
2
+
3
+ * A remembered_session_id method has been added for getting the
4
+ account id from a valid remember token, without modifying the
5
+ session to log the account in.
6
+
7
+ = Other Improvements
8
+
9
+ * The jwt_refresh feature's support for allowing refresh with
10
+ an expired access token now works even if the Rodauth
11
+ configuration uses an incorrect prefix.
12
+
13
+ * The internal account_in_unverified_grace_period? method now
14
+ returns false if an account has not been loaded and the
15
+ session has not been logged in. Previously, calling this
16
+ method in such cases would result in an exception being
17
+ raised.