rodauth 2.17.0 → 2.18.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 59e6db4541ac9a7ad8c00cf690d757d6e25b3cbf787b273d4415cc5236add6aa
4
- data.tar.gz: dacd42d02a586b2ab34e9dbaa916fb77e365fd436d7be60dbe2a2f32074d25e8
3
+ metadata.gz: 60f279e15751f9a0915c72e919726cae392844137ddabd98cb5a973815ada935
4
+ data.tar.gz: ae841728e69f0fdf1d2c67de55f52ed535971a349ecc6dbddeaf6250e573515f
5
5
  SHA512:
6
- metadata.gz: ed735a0beee837826544608e9f79fefc4421b311b0a75724a390d1368fe4ae8e68f5b6960085c45f3ba546e7c0faec034dc19023e1c5da70c0abfab5c75a4116
7
- data.tar.gz: 8acc037e30b6c7528d7ac6d5c153cdb9f243473ed8a870cf75deff01ae185c0b5bb269f54f2a369e4246c17abe0deff27b576ea207b595cf8eef0cf1d07b8ca5
6
+ metadata.gz: 7490aded0f6e506fff03b445d569709ec77d1dc7e36193d8939c36d706a95f4b9bbd2ad0a05feaa7f4e2c309ce03ceeff302de81546a23f8c26bbd1c62f12c88
7
+ data.tar.gz: bb437de6fd56ee88a2acdccc6058eefe05c856d3bc0569b473d968aa7c8c2eae64817944dade3987b612322e61c7351808765e7dfa897267e4966a7b4c8c4206
data/CHANGELOG CHANGED
@@ -1,3 +1,15 @@
1
+ === 2.18.0 (2021-11-23)
2
+
3
+ * Allow JSON API access to /multifactor-manage to get links to setup/disable multifactor authentication endpoints (jeremyevans)
4
+
5
+ * Allow JSON API access to /multifactor-auth to get links to possible multifactor authentication endpoints (jeremyevans)
6
+
7
+ * Set configuration_name on class passed via :auth_class option if not already set (janko, jeremyevans) (#181)
8
+
9
+ * Use viewbox: true option when creating QR code in otp feature, displays better and easier to style when using rqrcode 2+ (jeremyevans)
10
+
11
+ * Make argon2 feature work with argon2 2.1.0 (jeremyevans)
12
+
1
13
  === 2.17.0 (2021-09-24)
2
14
 
3
15
  * Make jwt_refresh work correctly with verify_account_grace_period (jeremyevans)
data/README.rdoc CHANGED
@@ -422,9 +422,12 @@ Note that these migrations require Sequel 4.35.0+.
422
422
  if db.database_type == :postgres
423
423
  citext :email, :null=>false
424
424
  constraint :valid_email, :email=>/^[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+$/
425
- index :email, :unique=>true, :where=>{:status_id=>[1, 2]}
426
425
  else
427
426
  String :email, :null=>false
427
+ end
428
+ if db.supports_partial_indexes?
429
+ index :email, :unique=>true, :where=>{:status_id=>[1, 2]}
430
+ else
428
431
  index :email, :unique=>true
429
432
  end
430
433
  end
data/doc/guides/i18n.rdoc CHANGED
@@ -24,3 +24,6 @@ Your translation file may then look something like this:
24
24
  require_login_error_flash: "Login is required for accessing this page"
25
25
  no_matching_login_message: "user with this email address doesn't exist"
26
26
  reset_password_email_subject: "Password Reset Instructions"
27
+
28
+ Alternatively, you can use the
29
+ {rodauth-i18n}[https://github.com/janko/rodauth-i18n] gem.
@@ -0,0 +1,27 @@
1
+ = New Features
2
+
3
+ * When using the json and multifactor auth features, the JSON API can
4
+ now access the multifactor-manage route to get lists of endpoints
5
+ for setting up and disabling supported multifactor authentication
6
+ methods. The JSON API can now also access the multifactor-auth
7
+ route to get a list of endpoints for multifactor authentication for
8
+ the currently logged in account.
9
+
10
+ = Other Improvements
11
+
12
+ * In the otp feature, the viewbox: true rqrcode option is now used
13
+ when creating the QR code. This results in a QR code that is
14
+ displayed better and is easier to style. This option only has
15
+ an effect when using rqrcode 2+.
16
+
17
+ * When using the :auth_class option when loading the rodauth plugin,
18
+ the configuration name is set in the provided auth class, unless the
19
+ auth class already has a configuration name set.
20
+
21
+ * The example migration now recommends using a partial index on the
22
+ email column in cases where the database supports partial indexes.
23
+ Previously, it only recommended it on PostgreSQL.
24
+
25
+ * The argon2 feature now works with argon2 2.1.0. Older versions of
26
+ Rodauth work with both earlier and later versions of argon2, but
27
+ not 2.1.0.
@@ -16,6 +16,18 @@ module Rodauth
16
16
 
17
17
  private
18
18
 
19
+ if Argon2::VERSION != '2.1.0'
20
+ def argon2_salt_option
21
+ :salt_do_not_supply
22
+ end
23
+ # :nocov:
24
+ else
25
+ def argon2_salt_option
26
+ :salt_for_testing_purposes_only
27
+ end
28
+ # :nocov:
29
+ end
30
+
19
31
  def password_hash_cost
20
32
  return super unless use_argon2?
21
33
  argon2_hash_cost
@@ -35,7 +47,7 @@ module Rodauth
35
47
  return super unless argon2_hash_algorithm?(salt)
36
48
 
37
49
  argon2_params = Hash[extract_password_hash_cost(salt)]
38
- argon2_params[:salt_do_not_supply] = Base64.decode64(salt.split('$').last)
50
+ argon2_params[argon2_salt_option] = Base64.decode64(salt.split('$').last)
39
51
  ::Argon2::Password.new(argon2_params).create(password)
40
52
  end
41
53
 
@@ -67,6 +67,25 @@ module Rodauth
67
67
 
68
68
  private
69
69
 
70
+ def before_two_factor_manage_route
71
+ super if defined?(super)
72
+ if use_json?
73
+ json_response[:setup_links] = two_factor_setup_links.sort.map{|_,link| link}
74
+ json_response[:remove_links] = two_factor_remove_links.sort.map{|_,link| link}
75
+ json_response[json_response_success_key] ||= "" if include_success_messages?
76
+ return_json_response
77
+ end
78
+ end
79
+
80
+ def before_two_factor_auth_route
81
+ super if defined?(super)
82
+ if use_json?
83
+ json_response[:auth_links] = two_factor_auth_links.sort.map{|_,link| link}
84
+ json_response[json_response_success_key] ||= "" if include_success_messages?
85
+ return_json_response
86
+ end
87
+ end
88
+
70
89
  def before_view_recovery_codes
71
90
  super if defined?(super)
72
91
  if use_json?
@@ -303,7 +303,7 @@ module Rodauth
303
303
  end
304
304
 
305
305
  def otp_qr_code
306
- RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8)
306
+ RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true)
307
307
  end
308
308
 
309
309
  def otp_user_key
@@ -6,7 +6,7 @@ module Rodauth
6
6
  MAJOR = 2
7
7
 
8
8
  # The minor version of Rodauth, updated for new feature releases of Rodauth.
9
- MINOR = 17
9
+ MINOR = 18
10
10
 
11
11
  # The patch version of Rodauth, updated only for bug fixes from the last
12
12
  # feature release.
data/lib/rodauth.rb CHANGED
@@ -50,13 +50,14 @@ module Rodauth
50
50
  else
51
51
  json_opt != :only
52
52
  end
53
- auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= opts[:auth_class] || Class.new(Auth){@configuration_name = opts[:name]}
53
+ auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= opts[:auth_class] || Class.new(Auth)
54
54
  if !auth_class.roda_class
55
55
  auth_class.roda_class = app
56
56
  elsif auth_class.roda_class != app
57
- auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class){@configuration_name = opts[:name]}
57
+ auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class)
58
58
  auth_class.roda_class = app
59
59
  end
60
+ auth_class.class_eval{@configuration_name = opts[:name] unless defined?(@configuration_name)}
60
61
  auth_class.configure(&block) if block
61
62
  end
62
63
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.17.0
4
+ version: 2.18.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Evans
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-24 00:00:00.000000000 Z
11
+ date: 2021-11-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sequel
@@ -331,6 +331,7 @@ extra_rdoc_files:
331
331
  - doc/release_notes/2.15.0.txt
332
332
  - doc/release_notes/2.16.0.txt
333
333
  - doc/release_notes/2.17.0.txt
334
+ - doc/release_notes/2.18.0.txt
334
335
  - doc/release_notes/2.2.0.txt
335
336
  - doc/release_notes/2.3.0.txt
336
337
  - doc/release_notes/2.4.0.txt
@@ -433,6 +434,7 @@ files:
433
434
  - doc/release_notes/2.15.0.txt
434
435
  - doc/release_notes/2.16.0.txt
435
436
  - doc/release_notes/2.17.0.txt
437
+ - doc/release_notes/2.18.0.txt
436
438
  - doc/release_notes/2.2.0.txt
437
439
  - doc/release_notes/2.3.0.txt
438
440
  - doc/release_notes/2.4.0.txt