rodauth 2.20.0 → 2.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +12 -0
- data/README.rdoc +4 -0
- data/doc/release_notes/2.21.0.txt +28 -0
- data/lib/rodauth/features/active_sessions.rb +1 -1
- data/lib/rodauth/features/base.rb +6 -6
- data/lib/rodauth/features/verify_account_grace_period.rb +13 -1
- data/lib/rodauth/version.rb +1 -1
- data/templates/webauthn-remove.str +1 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb1777533bb6a941212c0e6d5be00fc393b95c3d22e7af40542d616cdd68d139
|
|
4
|
+
data.tar.gz: de6a798803940fb94ff1d44bc2d148e45b1adc8e532cb44db4602b974a1b6b19
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 830b574f78cba6d5e103306f3709e2ae92e99af0cb0b02c8276699c048cd799cad58cf28d521980e43c0023aadc8934705ad45ff48819c316b3c6d3b5554f189
|
|
7
|
+
data.tar.gz: d4127705f604ac89b35f17d795c07bd54bed86b6c9c784e04578f047a3b1d2e34689c0320c35ffe9f7640e7870197c6563c4c57c0867ca5d2d257d23a143ce1a
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,15 @@
|
|
|
1
|
+
=== 2.21.0 (2022-02-23)
|
|
2
|
+
|
|
3
|
+
* Avoid extra bcrypt hashing on account verification when using account_password_hash_column (janko) (#217)
|
|
4
|
+
|
|
5
|
+
* Make require_account public (janko) (#212)
|
|
6
|
+
|
|
7
|
+
* Force specific date/time format when displaying webauthn last use time (jeremyevans)
|
|
8
|
+
|
|
9
|
+
* Automatically clear the session in require_login if users go beyond verify account grace period (janko) (#211)
|
|
10
|
+
|
|
11
|
+
* Fix typo in default value of global_logout_label in active_sessions plugin (sterlzbd) (#209)
|
|
12
|
+
|
|
1
13
|
=== 2.20.0 (2022-01-24)
|
|
2
14
|
|
|
3
15
|
* Change the default implementation of webauth_rp_id to not include the port (jeremyevans) (#203)
|
data/README.rdoc
CHANGED
|
@@ -990,6 +990,10 @@ require_authentication :: Similar to +require_login+, but also requires
|
|
|
990
990
|
two factor authentication. Redirects the request to
|
|
991
991
|
the two factor authentication page if logged in but not
|
|
992
992
|
authenticated via two factors.
|
|
993
|
+
require_account :: Similar to +require_authentication+, but also loads the logged
|
|
994
|
+
in account to ensure it exists in the database. If the account
|
|
995
|
+
doesn't exist, or if it exists but isn't verified, the session
|
|
996
|
+
is cleared and the request redirected to the login page.
|
|
993
997
|
logged_in? :: Whether the session has been logged in.
|
|
994
998
|
authenticated? :: Similar to +logged_in?+, but if the account has setup two
|
|
995
999
|
factor authentication, whether the session has authenticated
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
= Improvements
|
|
2
|
+
|
|
3
|
+
* When using the verify_account_grace_period feature, if the grace
|
|
4
|
+
period has expired for currently logged in session, require_login
|
|
5
|
+
will clear the session and redirect to the login page. This is
|
|
6
|
+
implemented by having the unverified_account_session_key store the
|
|
7
|
+
time of expiration, as an integer.
|
|
8
|
+
|
|
9
|
+
* The previously private require_account method is now public. The
|
|
10
|
+
method is used internally by Rodauth to check that not only is the
|
|
11
|
+
current session logged in, but also that the account related to the
|
|
12
|
+
currently logged in session still exists in the database. The only
|
|
13
|
+
reason you would want to call require_account instead of
|
|
14
|
+
require_authentication is if you want to handle cases where there
|
|
15
|
+
can be logged in sessions for accounts that have been deleted.
|
|
16
|
+
|
|
17
|
+
* Rodauth now avoids an unnecessary bcrypt hash calculation when
|
|
18
|
+
updating accounts when using the account_password_hash_column
|
|
19
|
+
configuration method.
|
|
20
|
+
|
|
21
|
+
* When WebAuthn token last use times are displayed, Rodauth now uses a
|
|
22
|
+
fixed format of YYYY-MM-DD HH:MM:SS, instead of relying on
|
|
23
|
+
Time#to_s. If this presents an problem for your application, please
|
|
24
|
+
open an issue and we can add a configuration method to control
|
|
25
|
+
the behavior.
|
|
26
|
+
|
|
27
|
+
* A typo in the default value of global_logout_label in the
|
|
28
|
+
active_sessions feature has been fixed.
|
|
@@ -13,7 +13,7 @@ module Rodauth
|
|
|
13
13
|
auth_value_method :active_sessions_last_use_column, :last_use
|
|
14
14
|
auth_value_method :active_sessions_session_id_column, :session_id
|
|
15
15
|
auth_value_method :active_sessions_table, :account_active_session_keys
|
|
16
|
-
translatable_method :global_logout_label, 'Logout all Logged In
|
|
16
|
+
translatable_method :global_logout_label, 'Logout all Logged In Sessions?'
|
|
17
17
|
auth_value_method :global_logout_param, 'global_logout'
|
|
18
18
|
auth_value_method :inactive_session_error_status, 401
|
|
19
19
|
auth_value_method :session_inactivity_deadline, 86400
|
|
@@ -338,6 +338,11 @@ module Rodauth
|
|
|
338
338
|
require_login
|
|
339
339
|
end
|
|
340
340
|
|
|
341
|
+
def require_account
|
|
342
|
+
require_authentication
|
|
343
|
+
require_account_session
|
|
344
|
+
end
|
|
345
|
+
|
|
341
346
|
def account_initial_status_value
|
|
342
347
|
account_open_status_value
|
|
343
348
|
end
|
|
@@ -524,11 +529,6 @@ module Rodauth
|
|
|
524
529
|
Rack::Utils.secure_compare(provided.ljust(actual.length), actual) && provided.length == actual.length
|
|
525
530
|
end
|
|
526
531
|
|
|
527
|
-
def require_account
|
|
528
|
-
require_authentication
|
|
529
|
-
require_account_session
|
|
530
|
-
end
|
|
531
|
-
|
|
532
532
|
def require_account_session
|
|
533
533
|
unless account_from_session
|
|
534
534
|
clear_session
|
|
@@ -756,7 +756,7 @@ module Rodauth
|
|
|
756
756
|
num = ds.update(values)
|
|
757
757
|
if num == 1
|
|
758
758
|
values.each do |k, v|
|
|
759
|
-
account[k] =
|
|
759
|
+
account[k] = Sequel::CURRENT_TIMESTAMP == v ? Time.now : v
|
|
760
760
|
end
|
|
761
761
|
end
|
|
762
762
|
num
|
|
@@ -30,10 +30,17 @@ module Rodauth
|
|
|
30
30
|
false
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
+
def require_login
|
|
34
|
+
if unverified_grace_period_expired?
|
|
35
|
+
clear_session
|
|
36
|
+
end
|
|
37
|
+
super
|
|
38
|
+
end
|
|
39
|
+
|
|
33
40
|
def update_session
|
|
34
41
|
super
|
|
35
42
|
if account_in_unverified_grace_period?
|
|
36
|
-
set_session_value(unverified_account_session_key,
|
|
43
|
+
set_session_value(unverified_account_session_key, Time.now.to_i + verify_account_grace_period)
|
|
37
44
|
end
|
|
38
45
|
end
|
|
39
46
|
|
|
@@ -78,6 +85,11 @@ module Rodauth
|
|
|
78
85
|
!verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty?
|
|
79
86
|
end
|
|
80
87
|
|
|
88
|
+
def unverified_grace_period_expired?
|
|
89
|
+
return false unless expires_at = session[unverified_account_session_key]
|
|
90
|
+
expires_at.is_a?(Integer) && Time.now.to_i > expires_at
|
|
91
|
+
end
|
|
92
|
+
|
|
81
93
|
def use_date_arithmetic?
|
|
82
94
|
true
|
|
83
95
|
end
|
data/lib/rodauth/version.rb
CHANGED
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
#{rodauth.render('password-field') if rodauth.two_factor_modifications_require_password?}
|
|
5
5
|
<fieldset class="form-group mb-3">
|
|
6
6
|
#{(usage = rodauth.account_webauthn_usage; last_id = usage.keys.last; usage;).map do |id, last_use|
|
|
7
|
+
last_use = last_use.strftime("%F %T") if last_use.is_a?(Time)
|
|
7
8
|
input = rodauth.input_field_string(rodauth.webauthn_remove_param, "webauthn-remove-#{h id}", :type=>'radio', :class=>"form-check-input", :skip_error_message=>true, :value=>id, :required=>false)
|
|
8
9
|
label = "<label class=\"rodauth-webauthn-id form-check-label\" for=\"webauthn-remove-#{h id}\">Last Use: #{last_use}</label>"
|
|
9
10
|
error = rodauth.formatted_field_error(rodauth.webauthn_remove_param) if id == last_id
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.21.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-02-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sequel
|
|
@@ -335,6 +335,7 @@ extra_rdoc_files:
|
|
|
335
335
|
- doc/release_notes/2.19.0.txt
|
|
336
336
|
- doc/release_notes/2.2.0.txt
|
|
337
337
|
- doc/release_notes/2.20.0.txt
|
|
338
|
+
- doc/release_notes/2.21.0.txt
|
|
338
339
|
- doc/release_notes/2.3.0.txt
|
|
339
340
|
- doc/release_notes/2.4.0.txt
|
|
340
341
|
- doc/release_notes/2.5.0.txt
|
|
@@ -442,6 +443,7 @@ files:
|
|
|
442
443
|
- doc/release_notes/2.19.0.txt
|
|
443
444
|
- doc/release_notes/2.2.0.txt
|
|
444
445
|
- doc/release_notes/2.20.0.txt
|
|
446
|
+
- doc/release_notes/2.21.0.txt
|
|
445
447
|
- doc/release_notes/2.3.0.txt
|
|
446
448
|
- doc/release_notes/2.4.0.txt
|
|
447
449
|
- doc/release_notes/2.5.0.txt
|
|
@@ -596,7 +598,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
596
598
|
- !ruby/object:Gem::Version
|
|
597
599
|
version: '0'
|
|
598
600
|
requirements: []
|
|
599
|
-
rubygems_version: 3.3.
|
|
601
|
+
rubygems_version: 3.3.7
|
|
600
602
|
signing_key:
|
|
601
603
|
specification_version: 4
|
|
602
604
|
summary: Authentication and Account Management Framework for Rack Applications
|