rodauth 2.14.0 → 2.15.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +8 -0
- data/README.rdoc +29 -6
- data/doc/internal_request.rdoc +463 -0
- data/doc/path_class_methods.rdoc +10 -0
- data/doc/release_notes/2.15.0.txt +48 -0
- data/lib/rodauth.rb +9 -2
- data/lib/rodauth/features/base.rb +11 -1
- data/lib/rodauth/features/change_login.rb +2 -0
- data/lib/rodauth/features/change_password.rb +2 -0
- data/lib/rodauth/features/close_account.rb +2 -0
- data/lib/rodauth/features/create_account.rb +2 -0
- data/lib/rodauth/features/email_auth.rb +4 -0
- data/lib/rodauth/features/internal_request.rb +367 -0
- data/lib/rodauth/features/lockout.rb +11 -2
- data/lib/rodauth/features/login.rb +3 -0
- data/lib/rodauth/features/otp.rb +6 -0
- data/lib/rodauth/features/path_class_methods.rb +22 -0
- data/lib/rodauth/features/recovery_codes.rb +4 -0
- data/lib/rodauth/features/remember.rb +10 -2
- data/lib/rodauth/features/reset_password.rb +3 -0
- data/lib/rodauth/features/sms_codes.rb +7 -0
- data/lib/rodauth/features/two_factor_base.rb +2 -0
- data/lib/rodauth/features/verify_account.rb +3 -0
- data/lib/rodauth/features/verify_login_change.rb +2 -0
- data/lib/rodauth/version.rb +1 -1
- metadata +11 -3
@@ -62,6 +62,10 @@ module Rodauth
|
|
62
62
|
)
|
63
63
|
auth_private_methods :account_from_unlock_key
|
64
64
|
|
65
|
+
internal_request_method(:lock_account)
|
66
|
+
internal_request_method(:unlock_account_request)
|
67
|
+
internal_request_method(:unlock_account)
|
68
|
+
|
65
69
|
route(:unlock_account_request) do |r|
|
66
70
|
check_already_logged_in
|
67
71
|
before_unlock_account_request_route
|
@@ -167,6 +171,12 @@ module Rodauth
|
|
167
171
|
unlock_account
|
168
172
|
end
|
169
173
|
|
174
|
+
def _setup_account_lockouts_hash(account_id, key)
|
175
|
+
hash = {account_lockouts_id_column=>account_id, account_lockouts_key_column=>key}
|
176
|
+
set_deadline_value(hash, account_lockouts_deadline_column, account_lockouts_deadline_interval)
|
177
|
+
hash
|
178
|
+
end
|
179
|
+
|
170
180
|
def invalid_login_attempted
|
171
181
|
ds = account_login_failures_ds.
|
172
182
|
where(account_login_failures_id_column=>account_id)
|
@@ -192,8 +202,7 @@ module Rodauth
|
|
192
202
|
|
193
203
|
if number >= max_invalid_logins
|
194
204
|
@unlock_account_key_value = generate_unlock_account_key
|
195
|
-
hash =
|
196
|
-
set_deadline_value(hash, account_lockouts_deadline_column, account_lockouts_deadline_interval)
|
205
|
+
hash = _setup_account_lockouts_hash(account_id, unlock_account_key_value)
|
197
206
|
|
198
207
|
if e = raised_uniqueness_violation{account_lockouts_ds.insert(hash)}
|
199
208
|
# If inserting into the lockout table raises a violation, we should just be able to pull the already inserted
|
data/lib/rodauth/features/otp.rb
CHANGED
@@ -96,6 +96,12 @@ module Rodauth
|
|
96
96
|
:otp_tmp_key
|
97
97
|
)
|
98
98
|
|
99
|
+
internal_request_method :otp_setup_params
|
100
|
+
internal_request_method :otp_setup
|
101
|
+
internal_request_method :otp_auth
|
102
|
+
internal_request_method :valid_otp_auth?
|
103
|
+
internal_request_method :otp_disable
|
104
|
+
|
99
105
|
route(:otp_auth) do |r|
|
100
106
|
require_login
|
101
107
|
require_account_session
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen-string-literal: true
|
2
|
+
|
3
|
+
module Rodauth
|
4
|
+
Feature.define(:path_class_methods, :PathClassMethods) do
|
5
|
+
def post_configure
|
6
|
+
super
|
7
|
+
|
8
|
+
klass = self.class
|
9
|
+
klass.features.each do |feature_name|
|
10
|
+
feature = FEATURES[feature_name]
|
11
|
+
feature.routes.each do |handle_meth|
|
12
|
+
route = handle_meth.to_s.sub(/\Ahandle_/, '')
|
13
|
+
path_meth = :"#{route}_path"
|
14
|
+
url_meth = :"#{route}_url"
|
15
|
+
instance = klass.allocate.freeze
|
16
|
+
klass.define_singleton_method(path_meth){|opts={}| instance.send(path_meth, opts)}
|
17
|
+
klass.define_singleton_method(url_meth){|opts={}| instance.send(url_meth, opts)}
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -59,6 +59,10 @@ module Rodauth
|
|
59
59
|
:recovery_code_match?,
|
60
60
|
)
|
61
61
|
|
62
|
+
internal_request_method :recovery_codes
|
63
|
+
internal_request_method :recovery_auth
|
64
|
+
internal_request_method :valid_recovery_auth?
|
65
|
+
|
62
66
|
route(:recovery_auth) do |r|
|
63
67
|
require_login
|
64
68
|
require_account_session
|
@@ -46,6 +46,10 @@ module Rodauth
|
|
46
46
|
:remove_remember_key
|
47
47
|
)
|
48
48
|
|
49
|
+
internal_request_method :remember_setup
|
50
|
+
internal_request_method :remember_disable
|
51
|
+
internal_request_method :account_id_for_remember_key
|
52
|
+
|
49
53
|
route do |r|
|
50
54
|
require_account
|
51
55
|
before_remember_route
|
@@ -83,7 +87,7 @@ module Rodauth
|
|
83
87
|
end
|
84
88
|
|
85
89
|
def remembered_session_id
|
86
|
-
return unless cookie =
|
90
|
+
return unless cookie = _get_remember_cookie
|
87
91
|
id, key = cookie.split('_', 2)
|
88
92
|
return unless id && key
|
89
93
|
|
@@ -110,7 +114,7 @@ module Rodauth
|
|
110
114
|
|
111
115
|
unless id = remembered_session_id
|
112
116
|
# Only set expired cookie if there is already a cookie set.
|
113
|
-
forget_login if
|
117
|
+
forget_login if _get_remember_cookie
|
114
118
|
return
|
115
119
|
end
|
116
120
|
|
@@ -187,6 +191,10 @@ module Rodauth
|
|
187
191
|
|
188
192
|
private
|
189
193
|
|
194
|
+
def _get_remember_cookie
|
195
|
+
request.cookies[remember_cookie_key]
|
196
|
+
end
|
197
|
+
|
190
198
|
def after_logout
|
191
199
|
forget_login
|
192
200
|
super if defined?(super)
|
@@ -112,6 +112,13 @@ module Rodauth
|
|
112
112
|
:sms_valid_phone?
|
113
113
|
)
|
114
114
|
|
115
|
+
internal_request_method :sms_setup
|
116
|
+
internal_request_method :sms_confirm
|
117
|
+
internal_request_method :sms_request
|
118
|
+
internal_request_method :sms_auth
|
119
|
+
internal_request_method :valid_sms_auth?
|
120
|
+
internal_request_method :sms_disable
|
121
|
+
|
115
122
|
route(:sms_request) do |r|
|
116
123
|
require_login
|
117
124
|
require_account_session
|
@@ -60,6 +60,9 @@ module Rodauth
|
|
60
60
|
:account_from_verify_account_key
|
61
61
|
)
|
62
62
|
|
63
|
+
internal_request_method(:verify_account_resend)
|
64
|
+
internal_request_method
|
65
|
+
|
63
66
|
route(:verify_account_resend) do |r|
|
64
67
|
verify_account_check_already_logged_in
|
65
68
|
before_verify_account_resend_route
|
data/lib/rodauth/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.15.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeremy Evans
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-07-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sequel
|
@@ -268,6 +268,7 @@ extra_rdoc_files:
|
|
268
268
|
- doc/email_base.rdoc
|
269
269
|
- doc/error_reasons.rdoc
|
270
270
|
- doc/http_basic_auth.rdoc
|
271
|
+
- doc/internal_request.rdoc
|
271
272
|
- doc/json.rdoc
|
272
273
|
- doc/jwt.rdoc
|
273
274
|
- doc/jwt_cors.rdoc
|
@@ -281,6 +282,7 @@ extra_rdoc_files:
|
|
281
282
|
- doc/password_expiration.rdoc
|
282
283
|
- doc/password_grace_period.rdoc
|
283
284
|
- doc/password_pepper.rdoc
|
285
|
+
- doc/path_class_methods.rdoc
|
284
286
|
- doc/recovery_codes.rdoc
|
285
287
|
- doc/remember.rdoc
|
286
288
|
- doc/reset_password.rdoc
|
@@ -326,6 +328,7 @@ extra_rdoc_files:
|
|
326
328
|
- doc/release_notes/2.12.0.txt
|
327
329
|
- doc/release_notes/2.13.0.txt
|
328
330
|
- doc/release_notes/2.14.0.txt
|
331
|
+
- doc/release_notes/2.15.0.txt
|
329
332
|
- doc/release_notes/2.2.0.txt
|
330
333
|
- doc/release_notes/2.3.0.txt
|
331
334
|
- doc/release_notes/2.4.0.txt
|
@@ -378,6 +381,7 @@ files:
|
|
378
381
|
- doc/guides/status_column.rdoc
|
379
382
|
- doc/guides/totp_or_recovery.rdoc
|
380
383
|
- doc/http_basic_auth.rdoc
|
384
|
+
- doc/internal_request.rdoc
|
381
385
|
- doc/json.rdoc
|
382
386
|
- doc/jwt.rdoc
|
383
387
|
- doc/jwt_cors.rdoc
|
@@ -391,6 +395,7 @@ files:
|
|
391
395
|
- doc/password_expiration.rdoc
|
392
396
|
- doc/password_grace_period.rdoc
|
393
397
|
- doc/password_pepper.rdoc
|
398
|
+
- doc/path_class_methods.rdoc
|
394
399
|
- doc/recovery_codes.rdoc
|
395
400
|
- doc/release_notes/1.0.0.txt
|
396
401
|
- doc/release_notes/1.1.0.txt
|
@@ -423,6 +428,7 @@ files:
|
|
423
428
|
- doc/release_notes/2.12.0.txt
|
424
429
|
- doc/release_notes/2.13.0.txt
|
425
430
|
- doc/release_notes/2.14.0.txt
|
431
|
+
- doc/release_notes/2.15.0.txt
|
426
432
|
- doc/release_notes/2.2.0.txt
|
427
433
|
- doc/release_notes/2.3.0.txt
|
428
434
|
- doc/release_notes/2.4.0.txt
|
@@ -464,6 +470,7 @@ files:
|
|
464
470
|
- lib/rodauth/features/email_auth.rb
|
465
471
|
- lib/rodauth/features/email_base.rb
|
466
472
|
- lib/rodauth/features/http_basic_auth.rb
|
473
|
+
- lib/rodauth/features/internal_request.rb
|
467
474
|
- lib/rodauth/features/json.rb
|
468
475
|
- lib/rodauth/features/jwt.rb
|
469
476
|
- lib/rodauth/features/jwt_cors.rb
|
@@ -477,6 +484,7 @@ files:
|
|
477
484
|
- lib/rodauth/features/password_expiration.rb
|
478
485
|
- lib/rodauth/features/password_grace_period.rb
|
479
486
|
- lib/rodauth/features/password_pepper.rb
|
487
|
+
- lib/rodauth/features/path_class_methods.rb
|
480
488
|
- lib/rodauth/features/recovery_codes.rb
|
481
489
|
- lib/rodauth/features/remember.rb
|
482
490
|
- lib/rodauth/features/reset_password.rb
|
@@ -576,7 +584,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
576
584
|
- !ruby/object:Gem::Version
|
577
585
|
version: '0'
|
578
586
|
requirements: []
|
579
|
-
rubygems_version: 3.2.
|
587
|
+
rubygems_version: 3.2.22
|
580
588
|
signing_key:
|
581
589
|
specification_version: 4
|
582
590
|
summary: Authentication and Account Management Framework for Rack Applications
|