rodauth 2.13.0 → 2.17.0

data/lib/rodauth/features/remember.rb

@@ -39,12 +39,17 @@ module Rodauth
       :generate_remember_key_value,
       :get_remember_key,
       :load_memory,
+      :remembered_session_id,
       :logged_in_via_remember_key?,
       :remember_key_value,
       :remember_login,
       :remove_remember_key
     )
 
+    internal_request_method :remember_setup
+    internal_request_method :remember_disable
+    internal_request_method :account_id_for_remember_key
+
     route do |r|
       require_account
       before_remember_route
@@ -81,29 +86,35 @@ module Rodauth
       end
     end
 
-    def load_memory
-      return if session[session_key]
-      return unless cookie = request.cookies[remember_cookie_key]
+    def remembered_session_id
+      return unless cookie = _get_remember_cookie
       id, key = cookie.split('_', 2)
       return unless id && key
 
       actual, deadline = active_remember_key_ds(id).get([remember_key_column, remember_deadline_column])
-      unless actual
-        forget_login
-        return
-      end
+      return unless actual
 
       if hmac_secret
         unless valid = timing_safe_eql?(key, compute_hmac(actual))
           unless raw_remember_token_deadline && raw_remember_token_deadline > convert_timestamp(deadline)
-            forget_login
             return
           end
         end
       end
 
       unless valid || timing_safe_eql?(key, actual)
-        forget_login
+        return
+      end
+
+      id
+    end
+
+    def load_memory
+      return if session[session_key]
+
+      unless id = remembered_session_id
+        # Only set expired cookie if there is already a cookie set.
+        forget_login if _get_remember_cookie
         return
       end
 
@@ -180,6 +191,10 @@ module Rodauth
 
     private
 
+    def _get_remember_cookie
+      request.cookies[remember_cookie_key]
+    end
+
     def after_logout
       forget_login
       super if defined?(super)

data/lib/rodauth/features/reset_password.rb

@@ -57,6 +57,9 @@ module Rodauth
       :account_from_reset_password_key
     )
 
+    internal_request_method(:reset_password_request)
+    internal_request_method
+
     route(:reset_password_request) do |r|
       check_already_logged_in
       before_reset_password_request_route

data/lib/rodauth/features/sms_codes.rb

@@ -112,6 +112,13 @@ module Rodauth
       :sms_valid_phone?
     )
 
+    internal_request_method :sms_setup
+    internal_request_method :sms_confirm
+    internal_request_method :sms_request
+    internal_request_method :sms_auth
+    internal_request_method :valid_sms_auth?
+    internal_request_method :sms_disable
+
     route(:sms_request) do |r|
       require_login
       require_account_session

data/lib/rodauth/features/two_factor_base.rb

@@ -57,6 +57,8 @@ module Rodauth
       :two_factor_update_session
     )
 
+    internal_request_method :two_factor_disable
+
     route(:two_factor_manage, 'multifactor-manage') do |r|
       require_account
       before_two_factor_manage_route

data/lib/rodauth/features/verify_account.rb

@@ -60,6 +60,9 @@ module Rodauth
       :account_from_verify_account_key
     )
 
+    internal_request_method(:verify_account_resend)
+    internal_request_method
+
     route(:verify_account_resend) do |r|
       verify_account_check_already_logged_in
       before_verify_account_resend_route
@@ -193,8 +196,7 @@ module Rodauth
 
     def new_account(login)
       if account_from_login(login) && allow_resending_verify_account_email?
-        set_redirect_error_status(unopen_account_error_status)
-        set_error_reason :already_an_unverified_account_with_this_login
+        set_response_error_reason_status(:already_an_unverified_account_with_this_login, unopen_account_error_status)
         set_error_flash attempt_to_create_unverified_account_error_flash
         response.write resend_verify_account_view
         request.halt
@@ -271,8 +273,7 @@ module Rodauth
 
     def before_login_attempt
       unless open_account?
-        set_redirect_error_status(unopen_account_error_status)
-        set_error_reason :unverified_account
+        set_response_error_reason_status(:unverified_account, unopen_account_error_status)
         set_error_flash attempt_to_login_to_unverified_account_error_flash
         response.write resend_verify_account_view
         request.halt

data/lib/rodauth/features/verify_account_grace_period.rb

@@ -72,7 +72,7 @@ module Rodauth
     end
 
     def account_in_unverified_grace_period?
-      account || account_from_session
+      return false unless account || (session_value && account_from_session)
       account[account_status_column] == account_unverified_status_value &&
         verify_account_grace_period &&
         !verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty?

data/lib/rodauth/features/verify_login_change.rb

@@ -50,6 +50,8 @@ module Rodauth
       :account_from_verify_login_change_key
     )
 
+    internal_request_method
+
     route do |r|
       before_verify_login_change_route
 

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 13
+  MINOR = 17
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/lib/rodauth.rb

@@ -3,6 +3,17 @@
 require 'securerandom'
 
 module Rodauth
+  def self.lib(opts={}, &block) 
+    require 'roda'
+    c = Class.new(Roda)
+    c.plugin(:rodauth, opts) do
+      enable :internal_request
+      instance_exec(&block)
+    end
+    c.freeze
+    c.rodauth
+  end
+
   def self.load_dependencies(app, opts={})
     json_opt = opts.fetch(:json, app.opts[:rodauth_json])
     if json_opt
@@ -39,11 +50,11 @@ module Rodauth
     else
       json_opt != :only
     end
-    auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= opts[:auth_class] || Class.new(Auth)
+    auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= opts[:auth_class] || Class.new(Auth){@configuration_name = opts[:name]}
     if !auth_class.roda_class
       auth_class.roda_class = app
     elsif auth_class.roda_class != app
-      auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class)
+      auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class){@configuration_name = opts[:name]}
       auth_class.roda_class = app
     end
     auth_class.configure(&block) if block
@@ -107,6 +118,7 @@ module Rodauth
     attr_accessor :dependencies
     attr_accessor :routes
     attr_accessor :configuration
+    attr_reader :internal_request_methods
 
     def route(name=feature_name, default=name.to_s.tr('_', '-'), &block)
       route_meth = :"#{name}_route"
@@ -152,6 +164,10 @@ module Rodauth
       FEATURES[name] = feature
     end
 
+    def internal_request_method(name=feature_name)
+      (@internal_request_methods ||= []) << name
+    end
+
     def configuration_module_eval(&block)
       configuration.module_eval(&block)
     end
@@ -260,6 +276,8 @@ module Rodauth
       attr_reader :features
       attr_reader :routes
       attr_accessor :route_hash
+      attr_reader :configuration_name
+      attr_reader :configuration
     end
 
     def self.inherited(subclass)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.13.0
+  version: 2.17.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-23 00:00:00.000000000 Z
+date: 2021-09-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -268,6 +268,7 @@ extra_rdoc_files:
 - doc/email_base.rdoc
 - doc/error_reasons.rdoc
 - doc/http_basic_auth.rdoc
+- doc/internal_request.rdoc
 - doc/json.rdoc
 - doc/jwt.rdoc
 - doc/jwt_cors.rdoc
@@ -281,6 +282,7 @@ extra_rdoc_files:
 - doc/password_expiration.rdoc
 - doc/password_grace_period.rdoc
 - doc/password_pepper.rdoc
+- doc/path_class_methods.rdoc
 - doc/recovery_codes.rdoc
 - doc/remember.rdoc
 - doc/reset_password.rdoc
@@ -325,6 +327,10 @@ extra_rdoc_files:
 - doc/release_notes/2.11.0.txt
 - doc/release_notes/2.12.0.txt
 - doc/release_notes/2.13.0.txt
+- doc/release_notes/2.14.0.txt
+- doc/release_notes/2.15.0.txt
+- doc/release_notes/2.16.0.txt
+- doc/release_notes/2.17.0.txt
 - doc/release_notes/2.2.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
@@ -377,6 +383,7 @@ files:
 - doc/guides/status_column.rdoc
 - doc/guides/totp_or_recovery.rdoc
 - doc/http_basic_auth.rdoc
+- doc/internal_request.rdoc
 - doc/json.rdoc
 - doc/jwt.rdoc
 - doc/jwt_cors.rdoc
@@ -390,6 +397,7 @@ files:
 - doc/password_expiration.rdoc
 - doc/password_grace_period.rdoc
 - doc/password_pepper.rdoc
+- doc/path_class_methods.rdoc
 - doc/recovery_codes.rdoc
 - doc/release_notes/1.0.0.txt
 - doc/release_notes/1.1.0.txt
@@ -421,6 +429,10 @@ files:
 - doc/release_notes/2.11.0.txt
 - doc/release_notes/2.12.0.txt
 - doc/release_notes/2.13.0.txt
+- doc/release_notes/2.14.0.txt
+- doc/release_notes/2.15.0.txt
+- doc/release_notes/2.16.0.txt
+- doc/release_notes/2.17.0.txt
 - doc/release_notes/2.2.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
@@ -462,6 +474,7 @@ files:
 - lib/rodauth/features/email_auth.rb
 - lib/rodauth/features/email_base.rb
 - lib/rodauth/features/http_basic_auth.rb
+- lib/rodauth/features/internal_request.rb
 - lib/rodauth/features/json.rb
 - lib/rodauth/features/jwt.rb
 - lib/rodauth/features/jwt_cors.rb
@@ -475,6 +488,7 @@ files:
 - lib/rodauth/features/password_expiration.rb
 - lib/rodauth/features/password_grace_period.rb
 - lib/rodauth/features/password_pepper.rb
+- lib/rodauth/features/path_class_methods.rb
 - lib/rodauth/features/recovery_codes.rb
 - lib/rodauth/features/remember.rb
 - lib/rodauth/features/reset_password.rb
@@ -574,7 +588,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.2.22
 signing_key: 
 specification_version: 4
 summary: Authentication and Account Management Framework for Rack Applications