rodauth 2.20.0 → 2.23.0

data/doc/release_notes/2.23.0.txt

@@ -0,0 +1,15 @@
+= Improvements
+
+* The otp feature now uses the :use_path option when rendering QR
+  codes, resulting in significantly smaller svg images.
+
+* Removing all multifactor authentication methods now removes the fact
+  that the session was authenticated via SMS, if the user used SMS as
+  an authentication method for the current session.
+
+* The invalid domain check in the internal_request feature now works
+  correctly when using the rack master branch.
+
+* The :httponly cookie option is no longer set automatically in the
+  remember feature if the :http_only cookie option was provided by the
+  user (rack recognizes both options).

data/doc/reset_password.rdoc

@@ -14,12 +14,12 @@ reset_password_autologin? :: Whether to autologin the user after successfully re
 reset_password_button :: The text to use for the reset password button.
 reset_password_deadline_column :: The column name in the +reset_password_table+ storing the deadline after which the token will be ignored.
 reset_password_deadline_interval :: The amount of time for which to allow users to reset their passwords, 1 day by default. Only used if +set_deadline_values?+ is true.
-reset_password_email_last_sent_column :: The email last sent column in the +reset_password_table+. Set to nil to always send a reset password email when requested.
-reset_password_email_recently_sent_error_flash :: The flash error to show if not sending reset password email because one has been sent recently.
-reset_password_email_recently_sent_redirect :: Where to redirect if not sending reset password email because one has been sent recently.
-reset_password_email_sent_notice_flash :: The flash notice to show after a reset password email has been sent.
-reset_password_email_sent_redirect :: Where to redirect after sending a reset password email.
-reset_password_email_subject :: The subject to use for reset password emails.
+reset_password_email_last_sent_column :: The email last sent column in the +reset_password_table+. Set to nil to always send a reset password request email when requested.
+reset_password_email_recently_sent_error_flash :: The flash error to show if not sending reset password request email because one has been sent recently.
+reset_password_email_recently_sent_redirect :: Where to redirect if not sending reset password request email because one has been sent recently.
+reset_password_email_sent_notice_flash :: The flash notice to show after a reset password request email has been sent.
+reset_password_email_sent_redirect :: Where to redirect after sending a reset password request email.
+reset_password_email_subject :: The subject to use for the reset password request email.
 reset_password_error_flash :: The flash error to show after resetting a password.
 reset_password_explanatory_text :: The text to display above the button to request a password reset.
 reset_password_id_column :: The id column in the +reset_password_table+, should be a foreign key referencing the accounts table.
@@ -30,35 +30,35 @@ reset_password_page_title :: The page title to use on the reset password form.
 reset_password_redirect :: Where to redirect after resetting a password.
 reset_password_request_additional_form_tags :: HTML fragment containing additional form tags to use on the reset password request form.
 reset_password_request_button :: The text to use for the reset password request button.
-reset_password_request_error_flash :: The flash error to show if not able to send a reset password email.
+reset_password_request_error_flash :: The flash error to show if not able to send a reset password request email.
 reset_password_request_link_text :: The text to use for a link to the page to request a password reset.
 reset_password_request_page_title :: The page title to use on the reset password request form.
 reset_password_request_route :: The route to the reset password request action.  Defaults to +reset-password-request+.
 reset_password_route :: The route to the reset password action. Defaults to +reset-password+.
 reset_password_session_key :: The key in the session to hold the reset password key temporarily.
-reset_password_skip_resend_email_within :: The number of seconds before sending another reset password email, if +reset_password_email_last_sent_column+ is set.
+reset_password_skip_resend_email_within :: The number of seconds before sending another reset password request email, if +reset_password_email_last_sent_column+ is set.
 reset_password_table :: The name of the reset password keys table.
 
 == Auth Methods
 
 account_from_reset_password_key(key) :: Retrieve the account using the given reset password key, or return nil if no account matches.
 after_reset_password :: Run arbitrary code after successfully resetting a password.
-after_reset_password_request :: Run arbitrary code after sending the reset password email.
+after_reset_password_request :: Run arbitrary code after sending the reset password request email.
 before_reset_password :: Run arbitrary code before resetting a password.
-before_reset_password_request :: Run arbitrary code before sending the reset password email.
+before_reset_password_request :: Run arbitrary code before sending the reset password request email.
 before_reset_password_request_route :: Run arbitrary code before handling a reset password request route.
 before_reset_password_route :: Run arbitrary code before handling a reset password route.
-create_reset_password_email :: A Mail::Message for the reset password email.
+create_reset_password_email :: A Mail::Message for the reset password request email.
 create_reset_password_key :: Add the reset password key data to the database.
-get_reset_password_email_last_sent :: Get the last time a reset password email is sent, or nil if there is no last sent time.
+get_reset_password_email_last_sent :: Get the last time a reset password request email is sent, or nil if there is no last sent time.
 get_reset_password_key(id) :: Get the password reset key for the given account id from the database.
 login_failed_reset_password_request_form :: The HTML to use for a form to request a password reset, shown on the login page after the user tries to login with an invalid password.
 remove_reset_password_key :: Remove the reset password key for the current account, run after successful password reset.
-reset_password_email_body :: The body to use for the reset password email.
-reset_password_email_link :: The link to the reset password form in the reset password email.
+reset_password_email_body :: The body to use for the reset password request email.
+reset_password_email_link :: The link to the reset password form in the reset password request email.
 reset_password_key_insert_hash :: The hash to insert into the +reset_password_table+.
 reset_password_key_value :: The reset password key for the current account.
 reset_password_request_view :: The HTML to use for the reset password request form.
 reset_password_view :: The HTML to use for the reset password form.
-send_reset_password_email :: Send the reset password email.
-set_reset_password_email_last_sent :: Set the last time a reset password email is sent.
+send_reset_password_email :: Send the reset password request email.
+set_reset_password_email_last_sent :: Set the last time a reset password request email is sent.

data/doc/reset_password_notify.rdoc

@@ -0,0 +1,17 @@
+= Documentation for Reset Password Notify Feature
+
+The reset password notify feature emails the user after the user has
+reset their password. The user has already been sent a reset password
+email by this point, so they know a password reset was requested, but
+this feature allows for confirming that the password reset process
+was completed. Depends on the reset_password feature.
+
+== Auth Value Methods
+
+reset_password_notify_email_subject :: The subject to use for the reset password notify email.
+reset_password_notify_email_body :: The body to use for the reset password notify email.
+
+== Auth Methods
+
+create_reset_password_notify_email :: A Mail::Message for the reset password notify email.
+send_reset_password_notify_email :: Send the reset password notify email.

data/lib/rodauth/features/active_sessions.rb

@@ -13,7 +13,7 @@ module Rodauth
     auth_value_method :active_sessions_last_use_column, :last_use
     auth_value_method :active_sessions_session_id_column, :session_id
     auth_value_method :active_sessions_table, :account_active_session_keys
-    translatable_method :global_logout_label, 'Logout all Logged In Sessons?'
+    translatable_method :global_logout_label, 'Logout all Logged In Sessions?'
     auth_value_method :global_logout_param, 'global_logout'
     auth_value_method :inactive_session_error_status, 401
     auth_value_method :session_inactivity_deadline, 86400
@@ -81,7 +81,9 @@ module Rodauth
     end
 
     def remove_current_session
-      active_sessions_ds.where(active_sessions_session_id_column=>compute_hmac(session[session_id_session_key])).delete
+      if session_id = session[session_id_session_key]
+        active_sessions_ds.where(active_sessions_session_id_column=>compute_hmac(session_id)).delete
+      end
     end
 
     def remove_all_active_sessions

data/lib/rodauth/features/base.rb

@@ -1,5 +1,8 @@
 # frozen-string-literal: true
 
+require 'rack/request'
+require 'rack/utils'
+
 module Rodauth
   Feature.define(:base, :Base) do
     after 'login'
@@ -91,6 +94,7 @@ module Rodauth
       :inputmode_for_field?,
       :logged_in?,
       :login_required,
+      :null_byte_parameter_value,
       :open_account?,
       :password_match?,
       :random_key,
@@ -338,6 +342,11 @@ module Rodauth
       require_login
     end
 
+    def require_account
+      require_authentication
+      require_account_session
+    end
+
     def account_initial_status_value
       account_open_status_value
     end
@@ -441,7 +450,16 @@ module Rodauth
     # parameter with that name.
     def param_or_nil(key)
       value = raw_param(key)
-      value.to_s unless value.nil?
+      unless value.nil?
+        value = value.to_s
+        value = null_byte_parameter_value(key, value) if value.include?("\0")
+      end
+      value
+    end
+
+    # Return nil by default for values with null bytes
+    def null_byte_parameter_value(key, value)
+      nil
     end
 
     def raw_param(key)
@@ -496,6 +514,11 @@ module Rodauth
       request.redirect(path)
     end
 
+    def return_response(body=nil)
+      response.write(body) if body
+      request.halt
+    end
+
     def route_path(route, opts={})
       path  = "#{prefix}/#{route}"
       path += "?#{Rack::Utils.build_nested_query(opts)}" unless opts.empty?
@@ -524,11 +547,6 @@ module Rodauth
       Rack::Utils.secure_compare(provided.ljust(actual.length), actual) && provided.length == actual.length
     end
 
-    def require_account
-      require_authentication
-      require_account_session
-    end
-
     def require_account_session
       unless account_from_session
         clear_session
@@ -756,7 +774,7 @@ module Rodauth
       num = ds.update(values)
       if num == 1
         values.each do |k, v|
-          account[k] = v == Sequel::CURRENT_TIMESTAMP ? Time.now : v
+          hash[k] = Sequel::CURRENT_TIMESTAMP == v ? Time.now : v
         end
       end
       num

data/lib/rodauth/features/change_password_notify.rb

@@ -3,31 +3,11 @@
 module Rodauth
   Feature.define(:change_password_notify, :ChangePasswordNotify) do
     depends :change_password, :email_base
-
-    translatable_method :password_changed_email_subject, 'Password Changed'
-
-    auth_value_methods(
-      :password_changed_email_body
-    )
-    auth_methods(
-      :create_password_changed_email,
-      :send_password_changed_email
-    )
+    loaded_templates %w'password-changed-email'
+    email :password_changed, 'Password Changed', :translatable=>true
 
     private
 
-    def send_password_changed_email
-      send_email(create_password_changed_email)
-    end
-
-    def create_password_changed_email
-      create_email(password_changed_email_subject, password_changed_email_body)
-    end
-
-    def password_changed_email_body
-      render('password-changed-email')
-    end
-
     def after_change_password
       super
       send_password_changed_email

data/lib/rodauth/features/email_auth.rb

@@ -19,10 +19,10 @@ module Rodauth
     button 'Send Login Link Via Email', 'email_auth_request'
     redirect(:email_auth_email_sent){default_post_email_redirect}
     redirect(:email_auth_email_recently_sent){default_post_email_redirect}
+    email :email_auth, 'Login Link'
     
     auth_value_method :email_auth_deadline_column, :deadline
     auth_value_method :email_auth_deadline_interval, {:days=>1}.freeze
-    translatable_method :email_auth_email_subject, 'Login Link'
     auth_value_method :email_auth_id_column, :id
     auth_value_method :email_auth_key_column, :key
     auth_value_method :email_auth_key_param, 'key'
@@ -33,9 +33,7 @@ module Rodauth
     session_key :email_auth_session_key, :email_auth_key
     
     auth_methods(
-      :create_email_auth_email,
       :create_email_auth_key,
-      :email_auth_email_body,
       :email_auth_email_link,
       :email_auth_key_insert_hash,
       :email_auth_key_value,
@@ -43,7 +41,6 @@ module Rodauth
       :get_email_auth_key,
       :get_email_auth_email_last_sent,
       :remove_email_auth_key,
-      :send_email_auth_email,
       :set_email_auth_email_last_sent
     )
 
@@ -137,10 +134,6 @@ module Rodauth
       @account = _account_from_email_auth_key(key)
     end
 
-    def send_email_auth_email
-      send_email(create_email_auth_email)
-    end
-
     def email_auth_email_link
       token_link(email_auth_route, email_auth_key_param, email_auth_key_value)
     end
@@ -233,14 +226,6 @@ module Rodauth
       @email_auth_key_value = random_key
     end
 
-    def create_email_auth_email
-      create_email(email_auth_email_subject, email_auth_email_body)
-    end
-
-    def email_auth_email_body
-      render('email-auth-email')
-    end
-
     def use_date_arithmetic?
       super || db.database_type == :mysql
     end

data/lib/rodauth/features/http_basic_auth.rb

@@ -27,7 +27,7 @@ module Rodauth
     def require_http_basic_auth
       unless http_basic_auth
         set_http_basic_auth_error_response
-        request.halt
+        return_response
       end
     end
 

data/lib/rodauth/features/internal_request.rb

@@ -40,7 +40,7 @@ module Rodauth
 
     def domain
       d = super
-      if d == INVALID_DOMAIN
+      if d.nil? || d == INVALID_DOMAIN
         raise InternalRequestError, "must set domain in configuration, as it cannot be determined from internal request"
       end
       d

data/lib/rodauth/features/json.rb

@@ -156,8 +156,7 @@ module Rodauth
         end
       elsif only_json?
         response.status = json_response_error_status
-        response.write non_json_request_error_message
-        request.halt
+        return_response non_json_request_error_message
       end
 
       super
@@ -175,8 +174,7 @@ module Rodauth
     def _return_json_response
       response.status ||= json_response_error_status if json_response[json_response_error_key]
       response['Content-Type'] ||= json_response_content_type
-      response.write(_json_response_body(json_response))
-      request.halt
+      return_response _json_response_body(json_response)
     end
 
     def include_success_messages?

data/lib/rodauth/features/jwt_cors.rb

@@ -41,7 +41,7 @@ module Rodauth
           response['Access-Control-Allow-Headers'] = jwt_cors_allow_headers
           response['Access-Control-Max-Age'] = jwt_cors_max_age.to_s
           response.status = 204
-          request.halt(response.finish)
+          return_response
         end
 
         response['Access-Control-Expose-Headers'] = jwt_cors_expose_headers

data/lib/rodauth/features/lockout.rb

@@ -25,6 +25,7 @@ module Rodauth
     redirect :unlock_account
     redirect(:unlock_account_request){default_post_email_redirect}
     redirect(:unlock_account_email_recently_sent){default_post_email_redirect}
+    email :unlock_account, 'Unlock Account'
       
     auth_value_method :unlock_account_autologin?, true
     auth_value_method :max_invalid_logins, 100
@@ -37,7 +38,6 @@ module Rodauth
     auth_value_method :account_lockouts_email_last_sent_column, :email_last_sent
     auth_value_method :account_lockouts_deadline_column, :deadline
     auth_value_method :account_lockouts_deadline_interval, {:days=>1}.freeze
-    translatable_method :unlock_account_email_subject, 'Unlock Account'
     translatable_method :unlock_account_explanatory_text, '<p>This account is currently locked out.  You can unlock the account:</p>'
     translatable_method :unlock_account_request_explanatory_text, '<p>This account is currently locked out.  You can request that the account be unlocked:</p>'
     auth_value_method :unlock_account_key_param, 'key'
@@ -47,15 +47,12 @@ module Rodauth
 
     auth_methods(
       :clear_invalid_login_attempts,
-      :create_unlock_account_email,
       :generate_unlock_account_key,
       :get_unlock_account_key,
       :get_unlock_account_email_last_sent,
       :invalid_login_attempted,
       :locked_out?,
-      :send_unlock_account_email,
       :set_unlock_account_email_last_sent,
-      :unlock_account_email_body,
       :unlock_account_email_link,
       :unlock_account,
       :unlock_account_key
@@ -226,10 +223,6 @@ module Rodauth
       @account = _account_from_unlock_key(key)
     end
 
-    def send_unlock_account_email
-      send_email(create_unlock_account_email)
-    end
-
     def unlock_account_email_link
       token_link(unlock_account_route, unlock_account_key_param, unlock_account_key_value)
     end
@@ -284,16 +277,7 @@ module Rodauth
     def show_lockout_page
       set_response_error_reason_status(:account_locked_out, lockout_error_status)
       set_error_flash login_lockout_error_flash
-      response.write unlock_account_request_view
-      request.halt
-    end
-
-    def create_unlock_account_email
-      create_email(unlock_account_email_subject, unlock_account_email_body)
-    end
-
-    def unlock_account_email_body
-      render('unlock-account-email')
+      return_response unlock_account_request_view
     end
 
     def unlock_account_email_recently_sent?

data/lib/rodauth/features/otp.rb

@@ -303,7 +303,7 @@ module Rodauth
     end
 
     def otp_qr_code
-      RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true)
+      RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true, :use_path=>true)
     end
 
     def otp_user_key

data/lib/rodauth/features/remember.rb

@@ -144,7 +144,7 @@ module Rodauth
       opts[:value] = "#{account_id}_#{convert_token_key(remember_key_value)}"
       opts[:expires] = convert_timestamp(active_remember_key_ds.get(remember_deadline_column))
       opts[:path] = "/" unless opts.key?(:path)
-      opts[:httponly] = true unless opts.key?(:httponly)
+      opts[:httponly] = true unless opts.key?(:httponly) || opts.key?(:http_only)
       opts[:secure] = true unless opts.key?(:secure) || !request.ssl?
       ::Rack::Utils.set_cookie_header!(response.headers, remember_cookie_key, opts)
     end

data/lib/rodauth/features/reset_password.rb

@@ -24,10 +24,10 @@ module Rodauth
     redirect
     redirect(:reset_password_email_sent){default_post_email_redirect}
     redirect(:reset_password_email_recently_sent){default_post_email_redirect}
+    email :reset_password, 'Reset Password'
     
     auth_value_method :reset_password_deadline_column, :deadline
     auth_value_method :reset_password_deadline_interval, {:days=>1}.freeze
-    translatable_method :reset_password_email_subject, 'Reset Password'
     auth_value_method :reset_password_key_param, 'key'
     auth_value_method :reset_password_autologin?, false
     auth_value_method :reset_password_table, :account_password_reset_keys
@@ -41,16 +41,13 @@ module Rodauth
 
     auth_methods(
       :create_reset_password_key,
-      :create_reset_password_email,
       :get_reset_password_key,
       :get_reset_password_email_last_sent,
       :login_failed_reset_password_request_form,
       :remove_reset_password_key,
-      :reset_password_email_body,
       :reset_password_email_link,
       :reset_password_key_insert_hash,
       :reset_password_key_value,
-      :send_reset_password_email,
       :set_reset_password_email_last_sent
     )
     auth_private_methods(
@@ -187,10 +184,6 @@ module Rodauth
       @account = _account_from_reset_password_key(key)
     end
 
-    def send_reset_password_email
-      send_email(create_reset_password_email)
-    end
-
     def reset_password_email_link
       token_link(reset_password_route, reset_password_key_param, reset_password_key_value)
     end
@@ -241,18 +234,10 @@ module Rodauth
       @reset_password_key_value = random_key
     end
 
-    def create_reset_password_email
-      create_email(reset_password_email_subject, reset_password_email_body)
-    end
-
     def login_failed_reset_password_request_form
       render("reset-password-request")
     end
 
-    def reset_password_email_body
-      render('reset-password-email')
-    end
-
     def use_date_arithmetic?
       super || db.database_type == :mysql
     end

data/lib/rodauth/features/reset_password_notify.rb

@@ -0,0 +1,16 @@
+# frozen-string-literal: true
+
+module Rodauth
+  Feature.define(:reset_password_notify, :ResetPasswordNotify) do
+    depends :reset_password
+    loaded_templates %w'reset-password-notify-email'
+    email :reset_password_notify, 'Password Reset Completed', :translatable=>true
+
+    private
+
+    def after_reset_password
+      super
+      send_reset_password_notify_email
+    end
+  end
+end

data/lib/rodauth/features/sms_codes.rb

@@ -468,7 +468,7 @@ module Rodauth
     end
 
     def _two_factor_remove_all_from_session
-      two_factor_remove_session('sms_codes')
+      two_factor_remove_session('sms_code')
       super
     end
 

data/lib/rodauth/features/verify_account.rb

@@ -26,8 +26,8 @@ module Rodauth
     redirect
     redirect(:verify_account_email_sent){default_post_email_redirect}
     redirect(:verify_account_email_recently_sent){default_post_email_redirect}
+    email :verify_account, 'Verify Account'
 
-    translatable_method :verify_account_email_subject, 'Verify Account'
     auth_value_method :verify_account_key_param, 'key'
     auth_value_method :verify_account_autologin?, true
     auth_value_method :verify_account_table, :account_verification_keys
@@ -43,14 +43,11 @@ module Rodauth
     auth_methods(
       :allow_resending_verify_account_email?,
       :create_verify_account_key,
-      :create_verify_account_email,
       :get_verify_account_key,
       :get_verify_account_email_last_sent,
       :remove_verify_account_key,
-      :send_verify_account_email,
       :set_verify_account_email_last_sent,
       :verify_account,
-      :verify_account_email_body,
       :verify_account_email_link,
       :verify_account_key_insert_hash,
       :verify_account_key_value
@@ -198,8 +195,7 @@ module Rodauth
       if account_from_login(login) && allow_resending_verify_account_email?
         set_response_error_reason_status(:already_an_unverified_account_with_this_login, unopen_account_error_status)
         set_error_flash attempt_to_create_unverified_account_error_flash
-        response.write resend_verify_account_view
-        request.halt
+        return_response resend_verify_account_view
       end
       super
     end
@@ -212,10 +208,6 @@ module Rodauth
       account_unverified_status_value
     end
 
-    def send_verify_account_email
-      send_email(create_verify_account_email)
-    end
-
     def verify_account_email_link
       token_link(verify_account_route, verify_account_key_param, verify_account_key_value)
     end
@@ -275,8 +267,7 @@ module Rodauth
       unless open_account?
         set_response_error_reason_status(:unverified_account, unopen_account_error_status)
         set_error_flash attempt_to_login_to_unverified_account_error_flash
-        response.write resend_verify_account_view
-        request.halt
+        return_response resend_verify_account_view
       end
       super
     end
@@ -311,14 +302,6 @@ module Rodauth
       {verify_account_id_column=>account_id, verify_account_key_column=>verify_account_key_value}
     end
 
-    def create_verify_account_email
-      create_email(verify_account_email_subject, verify_account_email_body)
-    end
-
-    def verify_account_email_body
-      render('verify-account-email')
-    end
-
     def verify_account_ds(id=account_id)
       db[verify_account_table].where(verify_account_id_column=>id)
     end

data/lib/rodauth/features/verify_account_grace_period.rb

@@ -30,10 +30,17 @@ module Rodauth
       false
     end
 
+    def require_login
+      if unverified_grace_period_expired?
+        clear_session
+      end
+      super
+    end
+
     def update_session
       super
       if account_in_unverified_grace_period?
-        set_session_value(unverified_account_session_key, true)
+        set_session_value(unverified_account_session_key, Time.now.to_i + verify_account_grace_period)
       end
     end
 
@@ -78,6 +85,11 @@ module Rodauth
         !verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty?
     end
 
+    def unverified_grace_period_expired?
+      return false unless expires_at = session[unverified_account_session_key]
+      expires_at.is_a?(Integer) && Time.now.to_i > expires_at
+    end
+
     def use_date_arithmetic?
       true
     end

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 20
+  MINOR = 23
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/lib/rodauth.rb

@@ -233,6 +233,33 @@ module Rodauth
       end
     end
 
+    def email(type, subject, opts = {})
+      subject_method = :"#{type}_email_subject"
+      body_method = :"#{type}_email_body"
+      create_method = :"create_#{type}_email"
+      send_method = :"send_#{type}_email"
+
+      translatable_method subject_method, subject
+      auth_methods create_method, send_method
+
+      body_template = "#{type.to_s.tr('_', '-')}-email"
+      if opts[:translatable]
+        auth_value_methods body_method
+        define_method(body_method){translate(body_method, render(body_template))}
+      else
+        auth_methods body_method
+        define_method(body_method){render(body_template)}
+      end
+
+      define_method(create_method) do
+        create_email(send(subject_method), send(body_method))
+      end
+
+      define_method(send_method) do
+        send_email(send(create_method))
+      end
+    end
+
     def additional_form_tags(name=feature_name)
       auth_value_method(:"#{name}_additional_form_tags", nil)
     end

data/templates/reset-password-notify-email.str

@@ -0,0 +1,2 @@
+Someone (hopefully you) has reset the password for the account
+associated to this email address.

data/templates/webauthn-remove.str

@@ -4,6 +4,7 @@
   #{rodauth.render('password-field') if rodauth.two_factor_modifications_require_password?}
   <fieldset class="form-group mb-3">
     #{(usage = rodauth.account_webauthn_usage; last_id = usage.keys.last; usage;).map do |id, last_use|
+      last_use = last_use.strftime("%F %T") if last_use.is_a?(Time)
       input = rodauth.input_field_string(rodauth.webauthn_remove_param, "webauthn-remove-#{h id}", :type=>'radio', :class=>"form-check-input", :skip_error_message=>true, :value=>id, :required=>false)
       label = "<label class=\"rodauth-webauthn-id form-check-label\" for=\"webauthn-remove-#{h id}\">Last Use: #{last_use}</label>"
       error = rodauth.formatted_field_error(rodauth.webauthn_remove_param) if id == last_id