rodauth 2.21.0 → 2.22.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bb1777533bb6a941212c0e6d5be00fc393b95c3d22e7af40542d616cdd68d139
4
- data.tar.gz: de6a798803940fb94ff1d44bc2d148e45b1adc8e532cb44db4602b974a1b6b19
3
+ metadata.gz: f20339f12a4abc3d970bebd785c10d788ecb51c46f787beda3ff8a0d9a337706
4
+ data.tar.gz: 1a930e230aff9f64d7af359211fc9c568a93978372a5813612c964b673c8f6aa
5
5
  SHA512:
6
- metadata.gz: 830b574f78cba6d5e103306f3709e2ae92e99af0cb0b02c8276699c048cd799cad58cf28d521980e43c0023aadc8934705ad45ff48819c316b3c6d3b5554f189
7
- data.tar.gz: d4127705f604ac89b35f17d795c07bd54bed86b6c9c784e04578f047a3b1d2e34689c0320c35ffe9f7640e7870197c6563c4c57c0867ca5d2d257d23a143ce1a
6
+ metadata.gz: '030017944284769f16d83e1454d1b7c1bdf8ec6cd1c8201e7c7feba17f0809201b436f452ed660392f78253f196ca76d4062bc94dd64c1227a4f75937ef42f2c'
7
+ data.tar.gz: e05d2d37f2c32808bb482e7f2ddd332ad34fe6478dc8ea842b84ba45fdd1e9330c081e139235abc2b7a79c0827df92f36350d35ef4b108056b0ac1b8f8a991e0
data/CHANGELOG CHANGED
@@ -1,3 +1,17 @@
1
+ === 2.22.0 (2022-03-22)
2
+
3
+ * Ignore parameters where the value includes a null byte by default, add null_byte_parameter_value configuration method for customization (jeremyevans)
4
+
5
+ * Handle sessions created before active_sessions feature was enabled during logout (jeremyevans) (#224)
6
+
7
+ * Add reset_password_notify for emailing users after successful password resets (jeremyevans)
8
+
9
+ * An email method can now be used in external features to DRY up email creation code (jeremyevans)
10
+
11
+ * The change_password_notify feature now correctly handles template precompilation (jeremyevans)
12
+
13
+ * Fix update_sms to update stored sms hash (bjeanes) (#222)
14
+
1
15
  === 2.21.0 (2022-02-23)
2
16
 
3
17
  * Avoid extra bcrypt hashing on account verification when using account_password_hash_column (janko) (#217)
@@ -326,446 +340,6 @@
326
340
 
327
341
  * Drop support for Ruby 1.8 (jeremyevans)
328
342
 
329
- === 1.23.0 (2020-03-06)
330
-
331
- * Remove specs from the gem to reduce gem size by over 20% (jeremyevans)
332
-
333
- * Make rodauth.authenticated? return true on OTP setup page (jeremyevans) (#68)
334
-
335
- * Display link to email auth request form when user has entered login and incorrect password if using email_auth feature (janko) (#65)
336
-
337
- * Add *_path and *_url methods for all *_route methods (janko) (#64)
338
-
339
- * Add send_email configuration method for configuring how email is sent (janko) (#63)
340
-
341
- === 1.22.0 (2019-10-29)
342
-
343
- * Add jwt_cors feature to handle Cross-Origin Resource Sharing when using the jwt feature (jeremyevans)
344
-
345
- * Add space before newline after links in email, fixing issues with some webmail providers with broken autolinkers (jeremyevans)
346
-
347
- === 1.21.0 (2019-07-24)
348
-
349
- * Support rotp 5.1 in the otp feature (jeremyevans)
350
-
351
- * Log user out when locking out OTP account if no fallback options available (jeremyevans)
352
-
353
- === 1.20.0 (2019-06-07)
354
-
355
- * Support rotp 5 in the otp feature (jeremyevans)
356
-
357
- * Add jwt_refresh feature to allow shorter lived JWTs with a refresh token for creating new JWTs (allavena, jeremyevans) (#28)
358
-
359
- * Fix disallow_password_reuse feature when account_password_hash_column is not set and verify_account feature is not used (cptaffe) (#59)
360
-
361
- * Rename no_matching_email_auth_key_message to no_matching_email_auth_key_error_flash for consistency (jeremyevans)
362
-
363
- * Rename no_matching_verify_login_change_key_message to no_matching_verify_login_change_key_error_flash for consistency (jeremyevans)
364
-
365
- * Rename attempt_to_login_to_unverified_account_notice_message to attempt_to_login_to_unverified_account_error_flash for consistency (jeremyevans)
366
-
367
- * Rename attempt_to_create_unverified_account_notice_message to attempt_to_create_unverified_account_error_flash for consistency (jeremyevans)
368
-
369
- * Rename no_matching_verify_account_key_message to no_matching_verify_account_key_error_flash for consistency (jeremyevans)
370
-
371
- * Rename no_matching_unlock_account_key_message to no_matching_unlock_account_key_error_flash for consistency (jeremyevans)
372
-
373
- * Rename no_matching_reset_password_key_message to no_matching_reset_password_key_error_flash for consistency (jeremyevans)
374
-
375
- * Add otp_keys_use_hmac? and otp_setup_raw_param configuration methods to the otp feature for configuring use of HMACs with OTP authentication (jeremyevans)
376
-
377
- * Do not set a previous account password before password has been set when using disallow_password_reuse with verify_account_set_password? (jeremyevans)
378
-
379
- * Add allow_raw_single_session_key? to single_session feature to allow raw single single session tokens, for graceful transition (jeremyevans)
380
-
381
- * Add raw_remember_token_deadline to remember feature to allow raw remember tokens before given deadline, for graceful transition (jeremyevans)
382
-
383
- * Add allow_raw_email_token? configuration method to email_base feature to allow raw tokens when email_token_hmac_secret is set, for graceful transition (jeremyevans)
384
-
385
- * Add hmac_secret configuration method, used for additional security using HMACs (jeremyevans)
386
-
387
- * Use urlsafe base64 for new token keys on Ruby 1.8 (jeremyevans)
388
-
389
- * Add login_input_type configuration method for setting the input type for login inputs (jeremyevans)
390
-
391
- * Add formatted_field_error configuration method for formatting error messages (jeremyevans)
392
-
393
- * Add field_error_attributes configuration method for configuring attributes for fields with errors (jeremyevans)
394
-
395
- * Add field_attributes configuration method for configuring attributes for specific fields (jeremyevans)
396
-
397
- * Add default_field_attributes configuration method to set default attributes for all input fields (jeremyevans)
398
-
399
- * Make error handling accessible by default using aria-invalid and aria-describedby attributes (jeremyevans)
400
-
401
- * Add mark_input_fields_as_required? configuration method for whether inputs should use the required attribute (jeremyevans)
402
-
403
- * Add input_field_error_message_class configuration method for the CSS class used for error messages (jeremyevans)
404
-
405
- * Wrap all error messages in a span so they can be styled (jeremyevans)
406
-
407
- * Add input_field_error_class configuration method for customizing CSS class to use for inputs with errors (jeremyevans)
408
-
409
- * Add input_field_label_suffix configuration method for suffixing all input labels, useful for labeling fields as required (jeremyevans)
410
-
411
- * Add verify_account_resend_explanatory_text configuration method to verify_account feature for configuring text (jeremyevans)
412
-
413
- * Add unlock_account_explanatory_text and unlock_account_request_explanatory_text configuration methods to lockout feature for configuring text (jeremyevans)
414
-
415
- * Add reset_password_explanatory_text configuration method to reset_password feature for configuring text (jeremyevans)
416
-
417
- * Add otp_provisioning_uri_label and otp_secret_label configuration methods to otp feature for configuring labels displayed during OTP setup (jeremyevans)
418
-
419
- * Add add_recovery_codes_heading configuration method to recovery_codes feature for configuring heading text (jeremyevans)
420
-
421
- * Use define_method instead of instance_exec for route dispatching for better performance (jeremyevans)
422
-
423
- * Add already_an_account_with_this_login_message configuration method (1gor) (#54)
424
-
425
- === 1.19.1 (2018-11-16)
426
-
427
- * Support rotp 4 in the otp feature (jeremyevans)
428
-
429
- === 1.19.0 (2018-11-16)
430
-
431
- * Avoid unneeded database queries in the two factor authentication support (jeremyevans)
432
-
433
- * Add {before,after}_verify_login_change_email configuration methods, called around sending the verify login change email (jeremyevans)
434
-
435
- * Add after_account_lockout configuration method, called after locking out an account (jeremyevans)
436
-
437
- * Add default_post_email_redirect configuration method, setting default for all redirects after emailing when not logged in (jeremyevans)
438
-
439
- * Gracefully handle failure when new login is already taken in the verify_login_change feature (jeremyevans)
440
-
441
- * Support optional email rate limiting in the lockout, reset password, and verify account features (jeremyevans)
442
-
443
- * Make MySQL rodauth_get_salt function handle accounts without password hashes (jeremyevans)
444
-
445
- * Add email_auth feature, for authentication using links sent via email (jeremyevans)
446
-
447
- * Deprecate before_otp_authentication_route, users should switch to before_otp_auth_route (jeremyevans)
448
-
449
- * Add use_multi_phase_login? configuration method to login feature, separating login entry from password entry (jeremyevans)
450
-
451
- * Don't disable use of date_arithmetic extension on !MySQL when using lockout, remember, or reset password features (jeremyevans)
452
-
453
- === 1.18.0 (2018-07-18)
454
-
455
- * Add confirm_password_redirect_session_key configuration method to confirm_password feature (jeremyevans)
456
-
457
- * Work with Roda sessions plugin, using string keys for session information if that is used (jeremyevans)
458
-
459
- * Add flash_error_key and flash_notice_key configuration for setting keys used in flash (jeremyevans)
460
-
461
- === 1.17.0 (2018-06-11)
462
-
463
- * Support Roda route_csrf plugin for request-specific CSRF tokens (jeremyevans)
464
-
465
- === 1.16.0 (2018-03-09)
466
-
467
- * Add disallow_common_passwords feature, for disallowing the usage of the most common passwords (jeremyevans)
468
-
469
- * Remove calling request [] method to get request param values, as it is deprecated in the current version of rack (jeremyevans)
470
-
471
- === 1.15.0 (2018-01-29)
472
-
473
- * Add create_account_set_password? and verify_account_set_password? methods to delay setting password until account verification (jeremyevans)
474
-
475
- === 1.14.0 (2017-12-19)
476
-
477
- * Don't allow unlocking expired accounts when using account_expiration and lockout features (jeremyevans)
478
-
479
- * Don't allow resetting passwords for expired accounts when using account_expiration and reset_password features (jeremyevans)
480
-
481
- * Add change_password_notify feature for emailing when user uses change password feature (jeremyevans)
482
-
483
- === 1.13.0 (2017-11-21)
484
-
485
- * Add json_response_body(hash) configuration method to jwt feature (jeremyevans)
486
-
487
- * Support invalid_previous_password_message configuration method in change_password feature (jeremyevans)
488
-
489
- * Use custom error statuses if only_json? and json_response_custom_error_status? are true even if request isn't in json format (jeremyevans)
490
-
491
- * Add cache_templates configuration method for disabling caching of templates (adam12, jeremyevans) (#46)
492
-
493
- === 1.12.0 (2017-10-03)
494
-
495
- * [SECURITY] Clear expired password reset key for account before retrieving password reset key (chanks, jeremyevans) (#43)
496
-
497
- * Update migrations to work with Sequel 5 (jeremyevans)
498
-
499
- * Add require_http_basic_auth configuration method to http_basic_auth feature (jeremyevans) (#41)
500
-
501
- * Support passing :search_path option to Rodauth.create_database_authentication_functions when using PostgreSQL (jeremyevans)
502
-
503
- * Support passing options to Rodauth.{create,drop}_database_previous_password_check_functions (jeremyevans)
504
-
505
- * Support passing options to Rodauth.drop_database_authentication_functions (jeremyevans)
506
-
507
- === 1.11.0 (2017-04-24)
508
-
509
- * Add login_required_error_status, and use it in the jwt feature when custom error statuses are allowed (jeremyevans)
510
-
511
- * Deal better with time differences between the database and application servers in the password_expiration plugin (jeremyevans)
512
-
513
- * Add rodauth.valid_jwt? method for checking if a valid JWT was submitted with the request (jeremyevans)
514
-
515
- === 1.10.0 (2017-03-23)
516
-
517
- * Add Internals Guide (jeremyevans)
518
-
519
- * Set FeatureConfiguration instances to constants, just like Feature instances (jeremyevans)
520
-
521
- * When reopening rodauth configuration in roda subclass, automatically subclass rodauth configuration so it doesn't modify superclass (jeremyevans)
522
-
523
- * Add verify_login_change feature as an alternative to verify_change_login, where the change doesn't take affect until after verification (jeremyevans) (#31)
524
-
525
- * Add login_failed_reset_password_request_form for customizing the HTML used for the request password request form on login failures (jeremyevans)
526
-
527
- * Make reset password request form available without requiring a login attempt, and provide a login field in that case (jeremyevans) (#30)
528
-
529
- * Make resending verify account email request form available without requiring a login/account creation attempt, and provide a login field in that case (jeremyevans) (#30)
530
-
531
- * Fix resending verify account email when attempting to create a new account with same login as unverified account when using verify_account_grace_period feature (jeremyevans) (#30)
532
-
533
- * Fix precompile_rodauth_templates usage with reset_password feature (jeremyevans)
534
-
535
- === 1.9.0 (2017-02-22)
536
-
537
- * Make reset-password use existing password reset key if one is present (jeremyevans) (#26)
538
-
539
- * Add Roda.precompile_rodauth_templates method, useful to save memory when forking, or when chrooting (jeremyevans)
540
-
541
- === 1.8.0 (2017-01-06)
542
-
543
- * Add json_response_custom_error_status? option to jwt feature to use specific 4xx statuses instead of 400 (jeremyevans)
544
-
545
- * Use 4xx error statuses for errors, instead of using a 200 success status (jeremyevans)
546
-
547
- === 1.7.0 (2016-11-22)
548
-
549
- * Make reset password, unlock account, and verify account pages not leak keys to external servers via Referer header (jeremyevans)
550
-
551
- === 1.6.0 (2016-10-24)
552
-
553
- * Add http_basic_auth feature (TiagoCardoso1983, jeremyevans) (#12)
554
-
555
- * Move login hooks from login feature to base, to be usable by other features (jeremyevans)
556
-
557
- * Make reset_password feature not attempt to render a template in json-only mode (jeremyevans) (#11)
558
-
559
- * Memoize jwt_payload in jwt feature, as it may be called more than once (mwpastore) (#10)
560
-
561
- * Add jwt_decode_opts configuration method to jwt feature, for specifying options to JWT.decode, allowing for JWT claim verification (mwpastore, jeremyevans) (#9)
562
-
563
- * Add jwt_session_hash configuration method to jwt feature, for modifying the session information stored in the JWT hash, allowing for setting JWT claims (mwpastore, jeremyevans) (#9)
564
-
565
- * Add jwt_session_key configuration method to jwt feature, for nesting the session under a key in the JWT, avoiding reserve claim names (mwpastore, jeremyevans) (#9)
566
-
567
- * Add jwt_symbolize_deeply? configuration method to jwt feature, for symbolizing nested keys in session hash when using JWT (mwpastore) (#9)
568
-
569
- === 1.5.0 (2016-09-22)
570
-
571
- * Return error instead of raising exception in the jwt feature if an invalid jwt format is submitted in the Authorization header (jeremyevans)
572
-
573
- * Add jwt_authorization_remove configuration method to jwt feature, for regexp to remove from Authorization header before JWT processing (jeremyevans)
574
-
575
- * Add jwt_authorization_ignore configuration method to jwt feature, for regexp to skip processing of JWTs in Authorization header (jeremyevans)
576
-
577
- * Add json_accept_regexp configuration method to jwt feature, for the regexp used to match against the Accept header (jeremyevans)
578
-
579
- * Add use_jwt? configuration method to jwt feature, for whether to use the JWT token or rack session for authentication information (jeremyevans)
580
-
581
- * Add jwt_check_accept? configuration method to jwt feature, to return 406 error if Accept header is present and json is not accepted (jeremyevans)
582
-
583
- * Add json_response_content_type configuration method to jwt feature, for the content type to set for json responses, default to application/json (jeremyevans)
584
-
585
- * Add json_request_content_type_regexp configuration method to the jwt feature, for the regexp that recognize a request as a json request (jeremyevans)
586
-
587
- * Add session_jwt method to the jwt feature, which returns a string for the encoded JWT for the current session (jeremyevans)
588
-
589
- * If the only_json? setting is true, return a 400 error if the request content type to a rodauth endpoint is not json (jeremyevans)
590
-
591
- * The only_json? setting in the jwt feature is now only true by default if :json=>:only plugin option was used (jeremyevans)
592
-
593
- * Don't have jwt feature break if HTTP Basic/Digest authentication is used (jeremyevans)
594
-
595
- * Add template_opts configuration method, for overriding view/method options (jeremyevans)
596
-
597
- === 1.4.0 (2016-08-18)
598
-
599
- * Add update_password_hash feature, for updating the password hash when the hash cost changes (jeremyevans)
600
-
601
- === 1.3.0 (2016-07-19)
602
-
603
- * Add login_maximum_length, defaulting to 255 (jeremyevans)
604
-
605
- === 1.2.0 (2016-06-15)
606
-
607
- * Add otp_drift configuration method to otp plugin, setting number of seconds of allowed drift (jeremyevans)
608
-
609
- * Don't allow setting passwords containing the ASCII NUL character, as bcrypt truncates at that point (jeremyevans) (#4)
610
-
611
- === 1.1.0 (2016-05-13)
612
-
613
- * Support :csrf=>false and :flash=>false plugin options (jeremyevans)
614
-
615
- === 1.0.0 (2016-04-15)
616
-
617
- * Remove invalid remember cookies to prevent unnecessary future database checks (jeremyevans)
618
-
619
- * Extend remember deadline in cookie in addition to database (jeremyevans)
620
-
621
- * Make tokens work with string account ids (jeremyevans)
622
-
623
- * Add verify_change_login feature for requiring account reverification on login changes (jeremyevans)
624
-
625
- * Set correct cookie expiration in the remember feature (jeremyevans)
626
-
627
- * Split confirm_password feature from remember feature (jeremyevans)
628
-
629
- * Add verify_account_grace_period feature, for allowing logins into unverified accounts for a certain period after creation (jeremyevans)
630
-
631
- * Move login/password requirements settings to login password requirements base feature (jeremyevans)
632
-
633
- * Add session_expiration feature, expiring sessions based on inactivity and max lifetime checks (jeremyevans)
634
-
635
- * Add password_grace_period feature, for not requiring password entry if password was recently entered (jeremyevans)
636
-
637
- * Make create/verify account autologin true by default (jeremyevans)
638
-
639
- * Optimize routing using a hash table, disallow per-request routes (jeremyevans)
640
-
641
- * Add ability to turn off login/password confirmations (jeremyevans)
642
-
643
- * Don't allow changing login to the same as the current login (jeremyevans)
644
-
645
- * Only allow requesting account unlocks if the account is current locked out (jeremyevans)
646
-
647
- * Use separate routes for unlock account/reset password/verify account requests (jeremyevans)
648
-
649
- * Use separate routes for confirming passwords and changing remember settings (jeremyevans)
650
-
651
- * Add JWT feature for JSON API support using JWT tokens (jeremyevans)
652
-
653
- * Add account_select configuration option for setting which columns to select from accounts_table (jeremyevans)
654
-
655
- * Execute get_block and post_block in the Rodauth::Auth instance scope (jeremyevans)
656
-
657
- * Store field errors in the rodauth object instead of instance variables in the Roda scope (jeremyevans)
658
-
659
- * Add rodauth.redirect to abstract redirection code (jeremyevans)
660
-
661
- * Only use flash notices for successful requests, other requests that redirect now use an error flash (jeremyevans)
662
-
663
- * The before_* configuration methods now run directly before making the related database changes (jeremyevans)
664
-
665
- * Before hooks run before routes now use before_*_route instead of before_* configuration methods (jeremyevans)
666
-
667
- * Add token_separator configuration method to replace the default of _ (jeremyevans)
668
-
669
- * Rename account_id_value to account_id (jeremyevans)
670
-
671
- * Rename account_id to account_id_column and account_session_id to account_session_column (jeremyevans)
672
-
673
- * Make skip_status_checks? default to true unless loading verify_account or close_account features (jeremyevans)
674
-
675
- * Replace account_model with accounts_table and db, removing use of Sequel models (jeremyevans)
676
-
677
- * Extract shared email-related code into email_base feature (jeremyevans)
678
-
679
- * Add auth_class_eval to configuration block for adding custom methods (jeremyevans)
680
-
681
- * Add configuration_eval to feature definitions for adding custom configuration methods (jeremyevans)
682
-
683
- * Allow close_account feature to optionally delete accounts (jeremyevans)
684
-
685
- * Make close_account feature work when skipping status checks or when using account_password_hash_column (jeremyevans)
686
-
687
- * Add sms_codes feature, for codes received via SMS that can be used if TOTP authentication is not available (jeremyevans)
688
-
689
- * Attempt to handle unique constraint violations raised in race conditions where possible (jeremyevans)
690
-
691
- * Add _before and _after internal methods, make ununderscored methods only for users (jeremyevans)
692
-
693
- * Add single_session feature, for only allowing a single active session per account (jeremyevans)
694
-
695
- * Add account_expiration feature, for disallowing access to accounts after an amount of time since last login/activity (jeremyevans)
696
-
697
- * Check account status in rodauth.load_memory in remember plugin (jeremyevans)
698
-
699
- * Use csrf plugin automatically, depend on Roda >=2.6.0 (jeremyevans)
700
-
701
- * Make bcrypt and mail development dependencies instead of runtime dependencies in the gem (jeremyevans)
702
-
703
- * Add password_expiration feature, requiring users to change their password after a given amount of time (jeremyevans)
704
-
705
- * Add disallow_password_reuse feature, checking that a new password doesn't match previous passwords (jeremyevans)
706
-
707
- * Add password_complexity feature, allowing more sophisticated password complexity checks (jeremyevans)
708
-
709
- * Add rodauth.remember_param and .remember_confirm_param for overriding parameter names (jeremyevans)
710
-
711
- * Check that new password is not the same as existing password in change password and reset password features (jeremyevans)
712
-
713
- * Add rodauth.login_meets_requirements? for checking if a login is valid, by default a valid email address (jeremyevans)
714
-
715
- * Allow unlock account to optionally require the user's current password (jeremyevans)
716
-
717
- * Add support for running on Microsoft SQL Server with database functions for authentication (jeremyevans)
718
-
719
- * Make change password, change login, and close account require the user's current password by default (jeremyevans)
720
-
721
- * Add rodauth.csrf_tag to make it easy to replace the CSRF tag implementation (jeremyevans)
722
-
723
- * Switch unlock_account_autologin? to be true by default (jeremyevans)
724
-
725
- * Add rodauth.authenticated? and .require_authentication (jeremyevans)
726
-
727
- * Add recovery_codes feature, for single use codes that can be used if TOTP authentication is not available (jeremyevans)
728
-
729
- * Add otp feature, for 2 factor authentication via TOTP (jeremyevans)
730
-
731
- * Add support for running on MySQL with database functions for authentication (jeremyevans)
732
-
733
- * Add *_interval and set_deadline_values? methods for setting deadline intervals on a per-request basis (jeremyevans)
734
-
735
- * Add remember_deadline_column method for overriding the column used for storing the deadline (jeremyevans)
736
-
737
- * Add rodauth/migrations file for DRYing up the database function creation (jeremyevans)
738
-
739
- * Add Rodauth.version for getting the version (jeremyevans)
740
-
741
- * External features should now be requirable via rodauth/features/feature_name instead of roda/plugins/rodauth/feature_name (jeremyevans)
742
-
743
- * Make Rodauth top level module instead of under Roda::RodaPlugins (jeremyevans)
744
-
745
- * Require mail at configure time instead of run time if using a feature that sends email, use require_mail? false to disable (jeremyevans)
746
-
747
- * Require bcrypt at configure time instead of run time, use require_bcrypt? false to disable (jeremyevans)
748
-
749
- * Always require securerandom (jeremyevans)
750
-
751
- * Make remember, password reset, and lockout features work on non-PostgreSQL databases (jeremyevans)
752
-
753
- * Support authentication without database functions when password hashes are stored in separate table (jeremyevans)
754
-
755
- * Remove overriding of route/get/post blocks (jeremyevans)
756
-
757
- * Make lockout feature work on databases not supporting UPDATE RETURNING (jeremyevans)
758
-
759
- * Add timing safe comparison of tokens (jeremyevans)
760
-
761
- === 0.10.0 (2016-02-17)
762
-
763
- * Retrieve salt from database and compute hash client side, instead of computing hash on server (jeremyevans)
764
-
765
- === 0.9.1 (2015-08-13)
766
-
767
- * Don't use csrf plugin automatically (jeremyevans)
768
-
769
- === 0.9.0 (2015-08-12)
343
+ === Older
770
344
 
771
- * Initial public release
345
+ See doc/CHANGELOG.old
data/README.rdoc CHANGED
@@ -60,6 +60,7 @@ HTML and JSON API for all supported features.
60
60
  * Argon2
61
61
  * HTTP Basic Auth
62
62
  * Change Password Notify
63
+ * Reset Password Notify
63
64
  * Internal Request
64
65
  * Path Class Methods
65
66
 
@@ -902,6 +903,7 @@ view the appropriate file in the doc directory.
902
903
  * {Recovery Codes}[rdoc-ref:doc/recovery_codes.rdoc]
903
904
  * {Remember}[rdoc-ref:doc/remember.rdoc]
904
905
  * {Reset Password}[rdoc-ref:doc/reset_password.rdoc]
906
+ * {Reset Password Notify}[rdoc-ref:doc/reset_password_notify.rdoc]
905
907
  * {Session Expiration}[rdoc-ref:doc/session_expiration.rdoc]
906
908
  * {Single Session}[rdoc-ref:doc/single_session.rdoc]
907
909
  * {SMS Codes}[rdoc-ref:doc/sms_codes.rdoc]
data/doc/base.rdoc CHANGED
@@ -99,6 +99,7 @@ csrf_tag(path=request.path) :: The HTML fragment containing the CSRF tag to use,
99
99
  function_name(name) :: The name of the database function to call. It's passed either :rodauth_get_salt or :rodauth_valid_password_hash.
100
100
  logged_in? :: Whether the current session is logged in.
101
101
  login_required :: Action to take when a login is required to access the page and the user is not logged in.
102
+ null_byte_parameter_value(key, value) :: The value to use for the parameter if the parameter includes an ASCII NUL byte ("\0"), nil by default to ignore the parameter.
102
103
  open_account? :: Whether the current account is an open account (not closed or unverified).
103
104
  password_match?(password) :: Check whether the given password matches the stored password hash.
104
105
  random_key :: A randomly generated string, used for creating tokens.
@@ -143,6 +143,17 @@ Here's a heavily commented example showing what is going on inside a Rodauth fea
143
143
  # templates. This is necessary for precompilation of templates to work.
144
144
  loaded_templates ['foo']
145
145
 
146
+ # This defines the following methods related to sending email:
147
+ #
148
+ # * foo_email_subject: uses given subject
149
+ # * foo_email_body: renders foo-email template
150
+ # * create_foo_email: creates Mail::Message using subject and body
151
+ # * send_foo_email: sends created email
152
+ #
153
+ # The foo-email template should be included in the loaded_templates call to make sure
154
+ # template precompilation works.
155
+ email :foo, 'Foo Subject'
156
+
146
157
  # auth_value_method is a generic method that takes two arguments, a method to define
147
158
  # and a default value. It is similar to the methods above, except that it allows
148
159
  # arbitrary method names. The notice_flash, error_flash, button, and additional_form_tags
@@ -8,6 +8,9 @@ corresponding <tt>*_route</tt> method:
8
8
 
9
9
  # Change login route to "/signin"
10
10
  login_route "signin"
11
+
12
+ # Change redirect when login is required to "/signin"
13
+ require_login_redirect { login_path }
11
14
 
12
15
  # Change create account route to "/register"
13
16
  create_account_route "register"
@@ -6,7 +6,7 @@ use a Rodauth feature that requires setting logins or passwords.
6
6
  == Auth Value Methods
7
7
 
8
8
  already_an_account_with_this_login_message :: The error message to display when there already exists an account with the same login.
9
- contains_null_byte_message :: The error message to display when the password contains a null byte.
9
+ contains_null_byte_message :: The error message to display when the password contains a null byte (only used if parameters with null bytes are otherwise allowed).
10
10
  login_confirm_label :: The label to use for login confirmations.
11
11
  login_confirm_param :: The parameter name to use for login confirmations.
12
12
  login_does_not_meet_requirements_message :: The error message to display when the login does not meet the requirements you have set.
@@ -0,0 +1,43 @@
1
+ = New Features
2
+
3
+ * Rodauth now ignores parameters containing ASCII NUL bytes ("\0") by
4
+ default. You can customize this behavior using the
5
+ null_byte_parameter_value configuration method.
6
+
7
+ * A reset_password_notify feature has been added for emailing users
8
+ after successful password resets.
9
+
10
+ * External features can now use the email method inside their
11
+ feature definitions to DRY up the creation of email configuration
12
+ methods. The email method will setup the following configuration
13
+ methods for the feature:
14
+
15
+ * ${name}_email_subject
16
+ * ${name}_email_body
17
+ * create_${name}_email
18
+ * send_${name}_email
19
+
20
+ = Other Improvements
21
+
22
+ * The active_sessions feature now correctly handles logouts for
23
+ sessions that were created before the active_sessions feature was
24
+ added to the Rodauth configuration.
25
+
26
+ * The change_password_notify feature now works correctly when using
27
+ template precompilation.
28
+
29
+ * The update_sms method now updates the in-memory sms hash instead of
30
+ the in-memory account hash. This only has an effect if you are
31
+ using the sms_codes feature and customizing Rodauth to access one
32
+ of these hashes after a call to update_sms.
33
+
34
+ = Backwards Compatibility
35
+
36
+ * If your application requires the ability to submit values containing
37
+ ASCII NUL bytes ("\0") as Rodauth parameters, you should use the
38
+ new null_byte_parameter_value configuration method to pass the
39
+ value through unchanged:
40
+
41
+ null_byte_parameter_value do |_, v|
42
+ v
43
+ end
@@ -14,12 +14,12 @@ reset_password_autologin? :: Whether to autologin the user after successfully re
14
14
  reset_password_button :: The text to use for the reset password button.
15
15
  reset_password_deadline_column :: The column name in the +reset_password_table+ storing the deadline after which the token will be ignored.
16
16
  reset_password_deadline_interval :: The amount of time for which to allow users to reset their passwords, 1 day by default. Only used if +set_deadline_values?+ is true.
17
- reset_password_email_last_sent_column :: The email last sent column in the +reset_password_table+. Set to nil to always send a reset password email when requested.
18
- reset_password_email_recently_sent_error_flash :: The flash error to show if not sending reset password email because one has been sent recently.
19
- reset_password_email_recently_sent_redirect :: Where to redirect if not sending reset password email because one has been sent recently.
20
- reset_password_email_sent_notice_flash :: The flash notice to show after a reset password email has been sent.
21
- reset_password_email_sent_redirect :: Where to redirect after sending a reset password email.
22
- reset_password_email_subject :: The subject to use for reset password emails.
17
+ reset_password_email_last_sent_column :: The email last sent column in the +reset_password_table+. Set to nil to always send a reset password request email when requested.
18
+ reset_password_email_recently_sent_error_flash :: The flash error to show if not sending reset password request email because one has been sent recently.
19
+ reset_password_email_recently_sent_redirect :: Where to redirect if not sending reset password request email because one has been sent recently.
20
+ reset_password_email_sent_notice_flash :: The flash notice to show after a reset password request email has been sent.
21
+ reset_password_email_sent_redirect :: Where to redirect after sending a reset password request email.
22
+ reset_password_email_subject :: The subject to use for the reset password request email.
23
23
  reset_password_error_flash :: The flash error to show after resetting a password.
24
24
  reset_password_explanatory_text :: The text to display above the button to request a password reset.
25
25
  reset_password_id_column :: The id column in the +reset_password_table+, should be a foreign key referencing the accounts table.
@@ -30,35 +30,35 @@ reset_password_page_title :: The page title to use on the reset password form.
30
30
  reset_password_redirect :: Where to redirect after resetting a password.
31
31
  reset_password_request_additional_form_tags :: HTML fragment containing additional form tags to use on the reset password request form.
32
32
  reset_password_request_button :: The text to use for the reset password request button.
33
- reset_password_request_error_flash :: The flash error to show if not able to send a reset password email.
33
+ reset_password_request_error_flash :: The flash error to show if not able to send a reset password request email.
34
34
  reset_password_request_link_text :: The text to use for a link to the page to request a password reset.
35
35
  reset_password_request_page_title :: The page title to use on the reset password request form.
36
36
  reset_password_request_route :: The route to the reset password request action. Defaults to +reset-password-request+.
37
37
  reset_password_route :: The route to the reset password action. Defaults to +reset-password+.
38
38
  reset_password_session_key :: The key in the session to hold the reset password key temporarily.
39
- reset_password_skip_resend_email_within :: The number of seconds before sending another reset password email, if +reset_password_email_last_sent_column+ is set.
39
+ reset_password_skip_resend_email_within :: The number of seconds before sending another reset password request email, if +reset_password_email_last_sent_column+ is set.
40
40
  reset_password_table :: The name of the reset password keys table.
41
41
 
42
42
  == Auth Methods
43
43
 
44
44
  account_from_reset_password_key(key) :: Retrieve the account using the given reset password key, or return nil if no account matches.
45
45
  after_reset_password :: Run arbitrary code after successfully resetting a password.
46
- after_reset_password_request :: Run arbitrary code after sending the reset password email.
46
+ after_reset_password_request :: Run arbitrary code after sending the reset password request email.
47
47
  before_reset_password :: Run arbitrary code before resetting a password.
48
- before_reset_password_request :: Run arbitrary code before sending the reset password email.
48
+ before_reset_password_request :: Run arbitrary code before sending the reset password request email.
49
49
  before_reset_password_request_route :: Run arbitrary code before handling a reset password request route.
50
50
  before_reset_password_route :: Run arbitrary code before handling a reset password route.
51
- create_reset_password_email :: A Mail::Message for the reset password email.
51
+ create_reset_password_email :: A Mail::Message for the reset password request email.
52
52
  create_reset_password_key :: Add the reset password key data to the database.
53
- get_reset_password_email_last_sent :: Get the last time a reset password email is sent, or nil if there is no last sent time.
53
+ get_reset_password_email_last_sent :: Get the last time a reset password request email is sent, or nil if there is no last sent time.
54
54
  get_reset_password_key(id) :: Get the password reset key for the given account id from the database.
55
55
  login_failed_reset_password_request_form :: The HTML to use for a form to request a password reset, shown on the login page after the user tries to login with an invalid password.
56
56
  remove_reset_password_key :: Remove the reset password key for the current account, run after successful password reset.
57
- reset_password_email_body :: The body to use for the reset password email.
58
- reset_password_email_link :: The link to the reset password form in the reset password email.
57
+ reset_password_email_body :: The body to use for the reset password request email.
58
+ reset_password_email_link :: The link to the reset password form in the reset password request email.
59
59
  reset_password_key_insert_hash :: The hash to insert into the +reset_password_table+.
60
60
  reset_password_key_value :: The reset password key for the current account.
61
61
  reset_password_request_view :: The HTML to use for the reset password request form.
62
62
  reset_password_view :: The HTML to use for the reset password form.
63
- send_reset_password_email :: Send the reset password email.
64
- set_reset_password_email_last_sent :: Set the last time a reset password email is sent.
63
+ send_reset_password_email :: Send the reset password request email.
64
+ set_reset_password_email_last_sent :: Set the last time a reset password request email is sent.
@@ -0,0 +1,17 @@
1
+ = Documentation for Reset Password Notify Feature
2
+
3
+ The reset password notify feature emails the user after the user has
4
+ reset their password. The user has already been sent a reset password
5
+ email by this point, so they know a password reset was requested, but
6
+ this feature allows for confirming that the password reset process
7
+ was completed. Depends on the reset_password feature.
8
+
9
+ == Auth Value Methods
10
+
11
+ reset_password_notify_email_subject :: The subject to use for the reset password notify email.
12
+ reset_password_notify_email_body :: The body to use for the reset password notify email.
13
+
14
+ == Auth Methods
15
+
16
+ create_reset_password_notify_email :: A Mail::Message for the reset password notify email.
17
+ send_reset_password_notify_email :: Send the reset password notify email.
@@ -81,7 +81,9 @@ module Rodauth
81
81
  end
82
82
 
83
83
  def remove_current_session
84
- active_sessions_ds.where(active_sessions_session_id_column=>compute_hmac(session[session_id_session_key])).delete
84
+ if session_id = session[session_id_session_key]
85
+ active_sessions_ds.where(active_sessions_session_id_column=>compute_hmac(session_id)).delete
86
+ end
85
87
  end
86
88
 
87
89
  def remove_all_active_sessions
@@ -91,6 +91,7 @@ module Rodauth
91
91
  :inputmode_for_field?,
92
92
  :logged_in?,
93
93
  :login_required,
94
+ :null_byte_parameter_value,
94
95
  :open_account?,
95
96
  :password_match?,
96
97
  :random_key,
@@ -446,7 +447,16 @@ module Rodauth
446
447
  # parameter with that name.
447
448
  def param_or_nil(key)
448
449
  value = raw_param(key)
449
- value.to_s unless value.nil?
450
+ unless value.nil?
451
+ value = value.to_s
452
+ value = null_byte_parameter_value(key, value) if value.include?("\0")
453
+ end
454
+ value
455
+ end
456
+
457
+ # Return nil by default for values with null bytes
458
+ def null_byte_parameter_value(key, value)
459
+ nil
450
460
  end
451
461
 
452
462
  def raw_param(key)
@@ -756,7 +766,7 @@ module Rodauth
756
766
  num = ds.update(values)
757
767
  if num == 1
758
768
  values.each do |k, v|
759
- account[k] = Sequel::CURRENT_TIMESTAMP == v ? Time.now : v
769
+ hash[k] = Sequel::CURRENT_TIMESTAMP == v ? Time.now : v
760
770
  end
761
771
  end
762
772
  num
@@ -3,31 +3,11 @@
3
3
  module Rodauth
4
4
  Feature.define(:change_password_notify, :ChangePasswordNotify) do
5
5
  depends :change_password, :email_base
6
-
7
- translatable_method :password_changed_email_subject, 'Password Changed'
8
-
9
- auth_value_methods(
10
- :password_changed_email_body
11
- )
12
- auth_methods(
13
- :create_password_changed_email,
14
- :send_password_changed_email
15
- )
6
+ loaded_templates %w'password-changed-email'
7
+ email :password_changed, 'Password Changed', :translatable=>true
16
8
 
17
9
  private
18
10
 
19
- def send_password_changed_email
20
- send_email(create_password_changed_email)
21
- end
22
-
23
- def create_password_changed_email
24
- create_email(password_changed_email_subject, password_changed_email_body)
25
- end
26
-
27
- def password_changed_email_body
28
- render('password-changed-email')
29
- end
30
-
31
11
  def after_change_password
32
12
  super
33
13
  send_password_changed_email
@@ -19,10 +19,10 @@ module Rodauth
19
19
  button 'Send Login Link Via Email', 'email_auth_request'
20
20
  redirect(:email_auth_email_sent){default_post_email_redirect}
21
21
  redirect(:email_auth_email_recently_sent){default_post_email_redirect}
22
+ email :email_auth, 'Login Link'
22
23
 
23
24
  auth_value_method :email_auth_deadline_column, :deadline
24
25
  auth_value_method :email_auth_deadline_interval, {:days=>1}.freeze
25
- translatable_method :email_auth_email_subject, 'Login Link'
26
26
  auth_value_method :email_auth_id_column, :id
27
27
  auth_value_method :email_auth_key_column, :key
28
28
  auth_value_method :email_auth_key_param, 'key'
@@ -33,9 +33,7 @@ module Rodauth
33
33
  session_key :email_auth_session_key, :email_auth_key
34
34
 
35
35
  auth_methods(
36
- :create_email_auth_email,
37
36
  :create_email_auth_key,
38
- :email_auth_email_body,
39
37
  :email_auth_email_link,
40
38
  :email_auth_key_insert_hash,
41
39
  :email_auth_key_value,
@@ -43,7 +41,6 @@ module Rodauth
43
41
  :get_email_auth_key,
44
42
  :get_email_auth_email_last_sent,
45
43
  :remove_email_auth_key,
46
- :send_email_auth_email,
47
44
  :set_email_auth_email_last_sent
48
45
  )
49
46
 
@@ -137,10 +134,6 @@ module Rodauth
137
134
  @account = _account_from_email_auth_key(key)
138
135
  end
139
136
 
140
- def send_email_auth_email
141
- send_email(create_email_auth_email)
142
- end
143
-
144
137
  def email_auth_email_link
145
138
  token_link(email_auth_route, email_auth_key_param, email_auth_key_value)
146
139
  end
@@ -233,14 +226,6 @@ module Rodauth
233
226
  @email_auth_key_value = random_key
234
227
  end
235
228
 
236
- def create_email_auth_email
237
- create_email(email_auth_email_subject, email_auth_email_body)
238
- end
239
-
240
- def email_auth_email_body
241
- render('email-auth-email')
242
- end
243
-
244
229
  def use_date_arithmetic?
245
230
  super || db.database_type == :mysql
246
231
  end
@@ -25,6 +25,7 @@ module Rodauth
25
25
  redirect :unlock_account
26
26
  redirect(:unlock_account_request){default_post_email_redirect}
27
27
  redirect(:unlock_account_email_recently_sent){default_post_email_redirect}
28
+ email :unlock_account, 'Unlock Account'
28
29
 
29
30
  auth_value_method :unlock_account_autologin?, true
30
31
  auth_value_method :max_invalid_logins, 100
@@ -37,7 +38,6 @@ module Rodauth
37
38
  auth_value_method :account_lockouts_email_last_sent_column, :email_last_sent
38
39
  auth_value_method :account_lockouts_deadline_column, :deadline
39
40
  auth_value_method :account_lockouts_deadline_interval, {:days=>1}.freeze
40
- translatable_method :unlock_account_email_subject, 'Unlock Account'
41
41
  translatable_method :unlock_account_explanatory_text, '<p>This account is currently locked out. You can unlock the account:</p>'
42
42
  translatable_method :unlock_account_request_explanatory_text, '<p>This account is currently locked out. You can request that the account be unlocked:</p>'
43
43
  auth_value_method :unlock_account_key_param, 'key'
@@ -47,15 +47,12 @@ module Rodauth
47
47
 
48
48
  auth_methods(
49
49
  :clear_invalid_login_attempts,
50
- :create_unlock_account_email,
51
50
  :generate_unlock_account_key,
52
51
  :get_unlock_account_key,
53
52
  :get_unlock_account_email_last_sent,
54
53
  :invalid_login_attempted,
55
54
  :locked_out?,
56
- :send_unlock_account_email,
57
55
  :set_unlock_account_email_last_sent,
58
- :unlock_account_email_body,
59
56
  :unlock_account_email_link,
60
57
  :unlock_account,
61
58
  :unlock_account_key
@@ -226,10 +223,6 @@ module Rodauth
226
223
  @account = _account_from_unlock_key(key)
227
224
  end
228
225
 
229
- def send_unlock_account_email
230
- send_email(create_unlock_account_email)
231
- end
232
-
233
226
  def unlock_account_email_link
234
227
  token_link(unlock_account_route, unlock_account_key_param, unlock_account_key_value)
235
228
  end
@@ -288,14 +281,6 @@ module Rodauth
288
281
  request.halt
289
282
  end
290
283
 
291
- def create_unlock_account_email
292
- create_email(unlock_account_email_subject, unlock_account_email_body)
293
- end
294
-
295
- def unlock_account_email_body
296
- render('unlock-account-email')
297
- end
298
-
299
284
  def unlock_account_email_recently_sent?
300
285
  (email_last_sent = get_unlock_account_email_last_sent) && (Time.now - email_last_sent < unlock_account_skip_resend_email_within)
301
286
  end
@@ -24,10 +24,10 @@ module Rodauth
24
24
  redirect
25
25
  redirect(:reset_password_email_sent){default_post_email_redirect}
26
26
  redirect(:reset_password_email_recently_sent){default_post_email_redirect}
27
+ email :reset_password, 'Reset Password'
27
28
 
28
29
  auth_value_method :reset_password_deadline_column, :deadline
29
30
  auth_value_method :reset_password_deadline_interval, {:days=>1}.freeze
30
- translatable_method :reset_password_email_subject, 'Reset Password'
31
31
  auth_value_method :reset_password_key_param, 'key'
32
32
  auth_value_method :reset_password_autologin?, false
33
33
  auth_value_method :reset_password_table, :account_password_reset_keys
@@ -41,16 +41,13 @@ module Rodauth
41
41
 
42
42
  auth_methods(
43
43
  :create_reset_password_key,
44
- :create_reset_password_email,
45
44
  :get_reset_password_key,
46
45
  :get_reset_password_email_last_sent,
47
46
  :login_failed_reset_password_request_form,
48
47
  :remove_reset_password_key,
49
- :reset_password_email_body,
50
48
  :reset_password_email_link,
51
49
  :reset_password_key_insert_hash,
52
50
  :reset_password_key_value,
53
- :send_reset_password_email,
54
51
  :set_reset_password_email_last_sent
55
52
  )
56
53
  auth_private_methods(
@@ -187,10 +184,6 @@ module Rodauth
187
184
  @account = _account_from_reset_password_key(key)
188
185
  end
189
186
 
190
- def send_reset_password_email
191
- send_email(create_reset_password_email)
192
- end
193
-
194
187
  def reset_password_email_link
195
188
  token_link(reset_password_route, reset_password_key_param, reset_password_key_value)
196
189
  end
@@ -241,18 +234,10 @@ module Rodauth
241
234
  @reset_password_key_value = random_key
242
235
  end
243
236
 
244
- def create_reset_password_email
245
- create_email(reset_password_email_subject, reset_password_email_body)
246
- end
247
-
248
237
  def login_failed_reset_password_request_form
249
238
  render("reset-password-request")
250
239
  end
251
240
 
252
- def reset_password_email_body
253
- render('reset-password-email')
254
- end
255
-
256
241
  def use_date_arithmetic?
257
242
  super || db.database_type == :mysql
258
243
  end
@@ -0,0 +1,16 @@
1
+ # frozen-string-literal: true
2
+
3
+ module Rodauth
4
+ Feature.define(:reset_password_notify, :ResetPasswordNotify) do
5
+ depends :reset_password
6
+ loaded_templates %w'reset-password-notify-email'
7
+ email :reset_password_notify, 'Password Reset Completed', :translatable=>true
8
+
9
+ private
10
+
11
+ def after_reset_password
12
+ super
13
+ send_reset_password_notify_email
14
+ end
15
+ end
16
+ end
@@ -26,8 +26,8 @@ module Rodauth
26
26
  redirect
27
27
  redirect(:verify_account_email_sent){default_post_email_redirect}
28
28
  redirect(:verify_account_email_recently_sent){default_post_email_redirect}
29
+ email :verify_account, 'Verify Account'
29
30
 
30
- translatable_method :verify_account_email_subject, 'Verify Account'
31
31
  auth_value_method :verify_account_key_param, 'key'
32
32
  auth_value_method :verify_account_autologin?, true
33
33
  auth_value_method :verify_account_table, :account_verification_keys
@@ -43,14 +43,11 @@ module Rodauth
43
43
  auth_methods(
44
44
  :allow_resending_verify_account_email?,
45
45
  :create_verify_account_key,
46
- :create_verify_account_email,
47
46
  :get_verify_account_key,
48
47
  :get_verify_account_email_last_sent,
49
48
  :remove_verify_account_key,
50
- :send_verify_account_email,
51
49
  :set_verify_account_email_last_sent,
52
50
  :verify_account,
53
- :verify_account_email_body,
54
51
  :verify_account_email_link,
55
52
  :verify_account_key_insert_hash,
56
53
  :verify_account_key_value
@@ -212,10 +209,6 @@ module Rodauth
212
209
  account_unverified_status_value
213
210
  end
214
211
 
215
- def send_verify_account_email
216
- send_email(create_verify_account_email)
217
- end
218
-
219
212
  def verify_account_email_link
220
213
  token_link(verify_account_route, verify_account_key_param, verify_account_key_value)
221
214
  end
@@ -311,14 +304,6 @@ module Rodauth
311
304
  {verify_account_id_column=>account_id, verify_account_key_column=>verify_account_key_value}
312
305
  end
313
306
 
314
- def create_verify_account_email
315
- create_email(verify_account_email_subject, verify_account_email_body)
316
- end
317
-
318
- def verify_account_email_body
319
- render('verify-account-email')
320
- end
321
-
322
307
  def verify_account_ds(id=account_id)
323
308
  db[verify_account_table].where(verify_account_id_column=>id)
324
309
  end
@@ -6,7 +6,7 @@ module Rodauth
6
6
  MAJOR = 2
7
7
 
8
8
  # The minor version of Rodauth, updated for new feature releases of Rodauth.
9
- MINOR = 21
9
+ MINOR = 22
10
10
 
11
11
  # The patch version of Rodauth, updated only for bug fixes from the last
12
12
  # feature release.
data/lib/rodauth.rb CHANGED
@@ -233,6 +233,33 @@ module Rodauth
233
233
  end
234
234
  end
235
235
 
236
+ def email(type, subject, opts = {})
237
+ subject_method = :"#{type}_email_subject"
238
+ body_method = :"#{type}_email_body"
239
+ create_method = :"create_#{type}_email"
240
+ send_method = :"send_#{type}_email"
241
+
242
+ translatable_method subject_method, subject
243
+ auth_methods create_method, send_method
244
+
245
+ body_template = "#{type.to_s.tr('_', '-')}-email"
246
+ if opts[:translatable]
247
+ auth_value_methods body_method
248
+ define_method(body_method){translate(body_method, render(body_template))}
249
+ else
250
+ auth_methods body_method
251
+ define_method(body_method){render(body_template)}
252
+ end
253
+
254
+ define_method(create_method) do
255
+ create_email(send(subject_method), send(body_method))
256
+ end
257
+
258
+ define_method(send_method) do
259
+ send_email(send(create_method))
260
+ end
261
+ end
262
+
236
263
  def additional_form_tags(name=feature_name)
237
264
  auth_value_method(:"#{name}_additional_form_tags", nil)
238
265
  end
@@ -0,0 +1,2 @@
1
+ Someone (hopefully you) has reset the password for the account
2
+ associated to this email address.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.21.0
4
+ version: 2.22.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Evans
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-23 00:00:00.000000000 Z
11
+ date: 2022-03-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sequel
@@ -286,6 +286,7 @@ extra_rdoc_files:
286
286
  - doc/recovery_codes.rdoc
287
287
  - doc/remember.rdoc
288
288
  - doc/reset_password.rdoc
289
+ - doc/reset_password_notify.rdoc
289
290
  - doc/session_expiration.rdoc
290
291
  - doc/single_session.rdoc
291
292
  - doc/sms_codes.rdoc
@@ -336,6 +337,7 @@ extra_rdoc_files:
336
337
  - doc/release_notes/2.2.0.txt
337
338
  - doc/release_notes/2.20.0.txt
338
339
  - doc/release_notes/2.21.0.txt
340
+ - doc/release_notes/2.22.0.txt
339
341
  - doc/release_notes/2.3.0.txt
340
342
  - doc/release_notes/2.4.0.txt
341
343
  - doc/release_notes/2.5.0.txt
@@ -444,6 +446,7 @@ files:
444
446
  - doc/release_notes/2.2.0.txt
445
447
  - doc/release_notes/2.20.0.txt
446
448
  - doc/release_notes/2.21.0.txt
449
+ - doc/release_notes/2.22.0.txt
447
450
  - doc/release_notes/2.3.0.txt
448
451
  - doc/release_notes/2.4.0.txt
449
452
  - doc/release_notes/2.5.0.txt
@@ -453,6 +456,7 @@ files:
453
456
  - doc/release_notes/2.9.0.txt
454
457
  - doc/remember.rdoc
455
458
  - doc/reset_password.rdoc
459
+ - doc/reset_password_notify.rdoc
456
460
  - doc/session_expiration.rdoc
457
461
  - doc/single_session.rdoc
458
462
  - doc/sms_codes.rdoc
@@ -502,6 +506,7 @@ files:
502
506
  - lib/rodauth/features/recovery_codes.rb
503
507
  - lib/rodauth/features/remember.rb
504
508
  - lib/rodauth/features/reset_password.rb
509
+ - lib/rodauth/features/reset_password_notify.rb
505
510
  - lib/rodauth/features/session_expiration.rb
506
511
  - lib/rodauth/features/single_session.rb
507
512
  - lib/rodauth/features/sms_codes.rb
@@ -545,6 +550,7 @@ files:
545
550
  - templates/recovery-codes.str
546
551
  - templates/remember.str
547
552
  - templates/reset-password-email.str
553
+ - templates/reset-password-notify-email.str
548
554
  - templates/reset-password-request.str
549
555
  - templates/reset-password.str
550
556
  - templates/sms-auth.str