rodauth 2.13.0 → 2.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +28 -0
- data/README.rdoc +50 -7
- data/doc/internal_request.rdoc +463 -0
- data/doc/path_class_methods.rdoc +10 -0
- data/doc/release_notes/2.14.0.txt +17 -0
- data/doc/release_notes/2.15.0.txt +48 -0
- data/doc/release_notes/2.16.0.txt +20 -0
- data/doc/release_notes/2.17.0.txt +10 -0
- data/doc/remember.rdoc +1 -0
- data/lib/rodauth/features/base.rb +11 -1
- data/lib/rodauth/features/change_login.rb +2 -0
- data/lib/rodauth/features/change_password.rb +2 -0
- data/lib/rodauth/features/close_account.rb +2 -0
- data/lib/rodauth/features/create_account.rb +2 -0
- data/lib/rodauth/features/email_auth.rb +4 -0
- data/lib/rodauth/features/internal_request.rb +371 -0
- data/lib/rodauth/features/jwt_refresh.rb +3 -5
- data/lib/rodauth/features/lockout.rb +11 -2
- data/lib/rodauth/features/login.rb +3 -0
- data/lib/rodauth/features/otp.rb +6 -0
- data/lib/rodauth/features/path_class_methods.rb +22 -0
- data/lib/rodauth/features/recovery_codes.rb +4 -0
- data/lib/rodauth/features/remember.rb +24 -9
- data/lib/rodauth/features/reset_password.rb +3 -0
- data/lib/rodauth/features/sms_codes.rb +7 -0
- data/lib/rodauth/features/two_factor_base.rb +2 -0
- data/lib/rodauth/features/verify_account.rb +5 -4
- data/lib/rodauth/features/verify_account_grace_period.rb +1 -1
- data/lib/rodauth/features/verify_login_change.rb +2 -0
- data/lib/rodauth/version.rb +1 -1
- data/lib/rodauth.rb +20 -2
- metadata +17 -3
@@ -39,12 +39,17 @@ module Rodauth
|
|
39
39
|
:generate_remember_key_value,
|
40
40
|
:get_remember_key,
|
41
41
|
:load_memory,
|
42
|
+
:remembered_session_id,
|
42
43
|
:logged_in_via_remember_key?,
|
43
44
|
:remember_key_value,
|
44
45
|
:remember_login,
|
45
46
|
:remove_remember_key
|
46
47
|
)
|
47
48
|
|
49
|
+
internal_request_method :remember_setup
|
50
|
+
internal_request_method :remember_disable
|
51
|
+
internal_request_method :account_id_for_remember_key
|
52
|
+
|
48
53
|
route do |r|
|
49
54
|
require_account
|
50
55
|
before_remember_route
|
@@ -81,29 +86,35 @@ module Rodauth
|
|
81
86
|
end
|
82
87
|
end
|
83
88
|
|
84
|
-
def
|
85
|
-
return
|
86
|
-
return unless cookie = request.cookies[remember_cookie_key]
|
89
|
+
def remembered_session_id
|
90
|
+
return unless cookie = _get_remember_cookie
|
87
91
|
id, key = cookie.split('_', 2)
|
88
92
|
return unless id && key
|
89
93
|
|
90
94
|
actual, deadline = active_remember_key_ds(id).get([remember_key_column, remember_deadline_column])
|
91
|
-
unless actual
|
92
|
-
forget_login
|
93
|
-
return
|
94
|
-
end
|
95
|
+
return unless actual
|
95
96
|
|
96
97
|
if hmac_secret
|
97
98
|
unless valid = timing_safe_eql?(key, compute_hmac(actual))
|
98
99
|
unless raw_remember_token_deadline && raw_remember_token_deadline > convert_timestamp(deadline)
|
99
|
-
forget_login
|
100
100
|
return
|
101
101
|
end
|
102
102
|
end
|
103
103
|
end
|
104
104
|
|
105
105
|
unless valid || timing_safe_eql?(key, actual)
|
106
|
-
|
106
|
+
return
|
107
|
+
end
|
108
|
+
|
109
|
+
id
|
110
|
+
end
|
111
|
+
|
112
|
+
def load_memory
|
113
|
+
return if session[session_key]
|
114
|
+
|
115
|
+
unless id = remembered_session_id
|
116
|
+
# Only set expired cookie if there is already a cookie set.
|
117
|
+
forget_login if _get_remember_cookie
|
107
118
|
return
|
108
119
|
end
|
109
120
|
|
@@ -180,6 +191,10 @@ module Rodauth
|
|
180
191
|
|
181
192
|
private
|
182
193
|
|
194
|
+
def _get_remember_cookie
|
195
|
+
request.cookies[remember_cookie_key]
|
196
|
+
end
|
197
|
+
|
183
198
|
def after_logout
|
184
199
|
forget_login
|
185
200
|
super if defined?(super)
|
@@ -112,6 +112,13 @@ module Rodauth
|
|
112
112
|
:sms_valid_phone?
|
113
113
|
)
|
114
114
|
|
115
|
+
internal_request_method :sms_setup
|
116
|
+
internal_request_method :sms_confirm
|
117
|
+
internal_request_method :sms_request
|
118
|
+
internal_request_method :sms_auth
|
119
|
+
internal_request_method :valid_sms_auth?
|
120
|
+
internal_request_method :sms_disable
|
121
|
+
|
115
122
|
route(:sms_request) do |r|
|
116
123
|
require_login
|
117
124
|
require_account_session
|
@@ -60,6 +60,9 @@ module Rodauth
|
|
60
60
|
:account_from_verify_account_key
|
61
61
|
)
|
62
62
|
|
63
|
+
internal_request_method(:verify_account_resend)
|
64
|
+
internal_request_method
|
65
|
+
|
63
66
|
route(:verify_account_resend) do |r|
|
64
67
|
verify_account_check_already_logged_in
|
65
68
|
before_verify_account_resend_route
|
@@ -193,8 +196,7 @@ module Rodauth
|
|
193
196
|
|
194
197
|
def new_account(login)
|
195
198
|
if account_from_login(login) && allow_resending_verify_account_email?
|
196
|
-
|
197
|
-
set_error_reason :already_an_unverified_account_with_this_login
|
199
|
+
set_response_error_reason_status(:already_an_unverified_account_with_this_login, unopen_account_error_status)
|
198
200
|
set_error_flash attempt_to_create_unverified_account_error_flash
|
199
201
|
response.write resend_verify_account_view
|
200
202
|
request.halt
|
@@ -271,8 +273,7 @@ module Rodauth
|
|
271
273
|
|
272
274
|
def before_login_attempt
|
273
275
|
unless open_account?
|
274
|
-
|
275
|
-
set_error_reason :unverified_account
|
276
|
+
set_response_error_reason_status(:unverified_account, unopen_account_error_status)
|
276
277
|
set_error_flash attempt_to_login_to_unverified_account_error_flash
|
277
278
|
response.write resend_verify_account_view
|
278
279
|
request.halt
|
@@ -72,7 +72,7 @@ module Rodauth
|
|
72
72
|
end
|
73
73
|
|
74
74
|
def account_in_unverified_grace_period?
|
75
|
-
account || account_from_session
|
75
|
+
return false unless account || (session_value && account_from_session)
|
76
76
|
account[account_status_column] == account_unverified_status_value &&
|
77
77
|
verify_account_grace_period &&
|
78
78
|
!verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty?
|
data/lib/rodauth/version.rb
CHANGED
data/lib/rodauth.rb
CHANGED
@@ -3,6 +3,17 @@
|
|
3
3
|
require 'securerandom'
|
4
4
|
|
5
5
|
module Rodauth
|
6
|
+
def self.lib(opts={}, &block)
|
7
|
+
require 'roda'
|
8
|
+
c = Class.new(Roda)
|
9
|
+
c.plugin(:rodauth, opts) do
|
10
|
+
enable :internal_request
|
11
|
+
instance_exec(&block)
|
12
|
+
end
|
13
|
+
c.freeze
|
14
|
+
c.rodauth
|
15
|
+
end
|
16
|
+
|
6
17
|
def self.load_dependencies(app, opts={})
|
7
18
|
json_opt = opts.fetch(:json, app.opts[:rodauth_json])
|
8
19
|
if json_opt
|
@@ -39,11 +50,11 @@ module Rodauth
|
|
39
50
|
else
|
40
51
|
json_opt != :only
|
41
52
|
end
|
42
|
-
auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= opts[:auth_class] || Class.new(Auth)
|
53
|
+
auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= opts[:auth_class] || Class.new(Auth){@configuration_name = opts[:name]}
|
43
54
|
if !auth_class.roda_class
|
44
55
|
auth_class.roda_class = app
|
45
56
|
elsif auth_class.roda_class != app
|
46
|
-
auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class)
|
57
|
+
auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class){@configuration_name = opts[:name]}
|
47
58
|
auth_class.roda_class = app
|
48
59
|
end
|
49
60
|
auth_class.configure(&block) if block
|
@@ -107,6 +118,7 @@ module Rodauth
|
|
107
118
|
attr_accessor :dependencies
|
108
119
|
attr_accessor :routes
|
109
120
|
attr_accessor :configuration
|
121
|
+
attr_reader :internal_request_methods
|
110
122
|
|
111
123
|
def route(name=feature_name, default=name.to_s.tr('_', '-'), &block)
|
112
124
|
route_meth = :"#{name}_route"
|
@@ -152,6 +164,10 @@ module Rodauth
|
|
152
164
|
FEATURES[name] = feature
|
153
165
|
end
|
154
166
|
|
167
|
+
def internal_request_method(name=feature_name)
|
168
|
+
(@internal_request_methods ||= []) << name
|
169
|
+
end
|
170
|
+
|
155
171
|
def configuration_module_eval(&block)
|
156
172
|
configuration.module_eval(&block)
|
157
173
|
end
|
@@ -260,6 +276,8 @@ module Rodauth
|
|
260
276
|
attr_reader :features
|
261
277
|
attr_reader :routes
|
262
278
|
attr_accessor :route_hash
|
279
|
+
attr_reader :configuration_name
|
280
|
+
attr_reader :configuration
|
263
281
|
end
|
264
282
|
|
265
283
|
def self.inherited(subclass)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.17.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeremy Evans
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-09-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sequel
|
@@ -268,6 +268,7 @@ extra_rdoc_files:
|
|
268
268
|
- doc/email_base.rdoc
|
269
269
|
- doc/error_reasons.rdoc
|
270
270
|
- doc/http_basic_auth.rdoc
|
271
|
+
- doc/internal_request.rdoc
|
271
272
|
- doc/json.rdoc
|
272
273
|
- doc/jwt.rdoc
|
273
274
|
- doc/jwt_cors.rdoc
|
@@ -281,6 +282,7 @@ extra_rdoc_files:
|
|
281
282
|
- doc/password_expiration.rdoc
|
282
283
|
- doc/password_grace_period.rdoc
|
283
284
|
- doc/password_pepper.rdoc
|
285
|
+
- doc/path_class_methods.rdoc
|
284
286
|
- doc/recovery_codes.rdoc
|
285
287
|
- doc/remember.rdoc
|
286
288
|
- doc/reset_password.rdoc
|
@@ -325,6 +327,10 @@ extra_rdoc_files:
|
|
325
327
|
- doc/release_notes/2.11.0.txt
|
326
328
|
- doc/release_notes/2.12.0.txt
|
327
329
|
- doc/release_notes/2.13.0.txt
|
330
|
+
- doc/release_notes/2.14.0.txt
|
331
|
+
- doc/release_notes/2.15.0.txt
|
332
|
+
- doc/release_notes/2.16.0.txt
|
333
|
+
- doc/release_notes/2.17.0.txt
|
328
334
|
- doc/release_notes/2.2.0.txt
|
329
335
|
- doc/release_notes/2.3.0.txt
|
330
336
|
- doc/release_notes/2.4.0.txt
|
@@ -377,6 +383,7 @@ files:
|
|
377
383
|
- doc/guides/status_column.rdoc
|
378
384
|
- doc/guides/totp_or_recovery.rdoc
|
379
385
|
- doc/http_basic_auth.rdoc
|
386
|
+
- doc/internal_request.rdoc
|
380
387
|
- doc/json.rdoc
|
381
388
|
- doc/jwt.rdoc
|
382
389
|
- doc/jwt_cors.rdoc
|
@@ -390,6 +397,7 @@ files:
|
|
390
397
|
- doc/password_expiration.rdoc
|
391
398
|
- doc/password_grace_period.rdoc
|
392
399
|
- doc/password_pepper.rdoc
|
400
|
+
- doc/path_class_methods.rdoc
|
393
401
|
- doc/recovery_codes.rdoc
|
394
402
|
- doc/release_notes/1.0.0.txt
|
395
403
|
- doc/release_notes/1.1.0.txt
|
@@ -421,6 +429,10 @@ files:
|
|
421
429
|
- doc/release_notes/2.11.0.txt
|
422
430
|
- doc/release_notes/2.12.0.txt
|
423
431
|
- doc/release_notes/2.13.0.txt
|
432
|
+
- doc/release_notes/2.14.0.txt
|
433
|
+
- doc/release_notes/2.15.0.txt
|
434
|
+
- doc/release_notes/2.16.0.txt
|
435
|
+
- doc/release_notes/2.17.0.txt
|
424
436
|
- doc/release_notes/2.2.0.txt
|
425
437
|
- doc/release_notes/2.3.0.txt
|
426
438
|
- doc/release_notes/2.4.0.txt
|
@@ -462,6 +474,7 @@ files:
|
|
462
474
|
- lib/rodauth/features/email_auth.rb
|
463
475
|
- lib/rodauth/features/email_base.rb
|
464
476
|
- lib/rodauth/features/http_basic_auth.rb
|
477
|
+
- lib/rodauth/features/internal_request.rb
|
465
478
|
- lib/rodauth/features/json.rb
|
466
479
|
- lib/rodauth/features/jwt.rb
|
467
480
|
- lib/rodauth/features/jwt_cors.rb
|
@@ -475,6 +488,7 @@ files:
|
|
475
488
|
- lib/rodauth/features/password_expiration.rb
|
476
489
|
- lib/rodauth/features/password_grace_period.rb
|
477
490
|
- lib/rodauth/features/password_pepper.rb
|
491
|
+
- lib/rodauth/features/path_class_methods.rb
|
478
492
|
- lib/rodauth/features/recovery_codes.rb
|
479
493
|
- lib/rodauth/features/remember.rb
|
480
494
|
- lib/rodauth/features/reset_password.rb
|
@@ -574,7 +588,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
574
588
|
- !ruby/object:Gem::Version
|
575
589
|
version: '0'
|
576
590
|
requirements: []
|
577
|
-
rubygems_version: 3.2.
|
591
|
+
rubygems_version: 3.2.22
|
578
592
|
signing_key:
|
579
593
|
specification_version: 4
|
580
594
|
summary: Authentication and Account Management Framework for Rack Applications
|