rodauth 2.22.0 → 2.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +10 -0
- data/README.rdoc +9 -3
- data/doc/release_notes/2.23.0.txt +15 -0
- data/lib/rodauth/features/base.rb +8 -0
- data/lib/rodauth/features/http_basic_auth.rb +1 -1
- data/lib/rodauth/features/internal_request.rb +1 -1
- data/lib/rodauth/features/json.rb +2 -4
- data/lib/rodauth/features/jwt_cors.rb +1 -1
- data/lib/rodauth/features/lockout.rb +1 -2
- data/lib/rodauth/features/otp.rb +1 -1
- data/lib/rodauth/features/remember.rb +1 -1
- data/lib/rodauth/features/sms_codes.rb +1 -1
- data/lib/rodauth/features/verify_account.rb +2 -4
- data/lib/rodauth/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 707e580a46dc470c4fffc91eca813495d0fb6330312131fd17b4b87db8415cc2
|
|
4
|
+
data.tar.gz: d73099f372d594438da78614ac974f1b9343aa4c9de93f162b9432a77f0e0ae6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d0005518db3164d29e4be62b76035ccb98df3f8d0f7d129624a099032b5566f125041656d11c798d0fa14b3c2b40a19df18fe5fc1df6c38603ba4660baf9d7b1
|
|
7
|
+
data.tar.gz: 9b585c6e4f7338609b404cbd4e35fa96467d8f04d9a98089729d7f757b7920afbb1d99a9b028519aa211ad4bd16c7b96d4e3945647a4eaf81691abf6b1a64aae
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
=== 2.23.0 (2022-04-22)
|
|
2
|
+
|
|
3
|
+
* Don't automatically set :httponly cookie option if :http_only option is set in remember feature (jeremyevans)
|
|
4
|
+
|
|
5
|
+
* Fix invalid domain check in internal_request feature when using Rack 3 (jeremyevans)
|
|
6
|
+
|
|
7
|
+
* Make removing all multifactor authentication methods mark session as not authenticated by SMS (janko) (#235)
|
|
8
|
+
|
|
9
|
+
* Use use_path option when rendering QR code to svg in the otp feature, to reduce svg size (jeremyevans)
|
|
10
|
+
|
|
1
11
|
=== 2.22.0 (2022-03-22)
|
|
2
12
|
|
|
3
13
|
* Ignore parameters where the value includes a null byte by default, add null_byte_parameter_value configuration method for customization (jeremyevans)
|
data/README.rdoc
CHANGED
|
@@ -1294,6 +1294,12 @@ By setting <tt>env['rodauth'] = rodauth</tt> in the route block
|
|
|
1294
1294
|
inside the middleware, you can easily provide a way for your
|
|
1295
1295
|
application to call Rodauth methods.
|
|
1296
1296
|
|
|
1297
|
+
If you're using the remember feature with +extend_remember_deadline?+ set to
|
|
1298
|
+
true, you'll want to load roda's middleware plugin with
|
|
1299
|
+
+forward_response_headers: true+ option, so that +Set-Cookie+ header changes
|
|
1300
|
+
from the +load_memory+ call in the route block are propagated when the request
|
|
1301
|
+
is forwarded to the main app.
|
|
1302
|
+
|
|
1297
1303
|
Here are some examples of integrating Rodauth into applications that
|
|
1298
1304
|
don't use Roda:
|
|
1299
1305
|
|
|
@@ -1495,9 +1501,9 @@ required to run the current version of Rodauth is 1.9.2.
|
|
|
1495
1501
|
|
|
1496
1502
|
All of these are Rails-specific:
|
|
1497
1503
|
|
|
1498
|
-
* Devise
|
|
1499
|
-
* Authlogic
|
|
1500
|
-
* Sorcery
|
|
1504
|
+
* {Devise}[https://github.com/heartcombo/devise]
|
|
1505
|
+
* {Authlogic}[https://github.com/binarylogic/authlogic]
|
|
1506
|
+
* {Sorcery}[https://github.com/Sorcery/sorcery]
|
|
1501
1507
|
|
|
1502
1508
|
== Author
|
|
1503
1509
|
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
= Improvements
|
|
2
|
+
|
|
3
|
+
* The otp feature now uses the :use_path option when rendering QR
|
|
4
|
+
codes, resulting in significantly smaller svg images.
|
|
5
|
+
|
|
6
|
+
* Removing all multifactor authentication methods now removes the fact
|
|
7
|
+
that the session was authenticated via SMS, if the user used SMS as
|
|
8
|
+
an authentication method for the current session.
|
|
9
|
+
|
|
10
|
+
* The invalid domain check in the internal_request feature now works
|
|
11
|
+
correctly when using the rack master branch.
|
|
12
|
+
|
|
13
|
+
* The :httponly cookie option is no longer set automatically in the
|
|
14
|
+
remember feature if the :http_only cookie option was provided by the
|
|
15
|
+
user (rack recognizes both options).
|
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# frozen-string-literal: true
|
|
2
2
|
|
|
3
|
+
require 'rack/request'
|
|
4
|
+
require 'rack/utils'
|
|
5
|
+
|
|
3
6
|
module Rodauth
|
|
4
7
|
Feature.define(:base, :Base) do
|
|
5
8
|
after 'login'
|
|
@@ -511,6 +514,11 @@ module Rodauth
|
|
|
511
514
|
request.redirect(path)
|
|
512
515
|
end
|
|
513
516
|
|
|
517
|
+
def return_response(body=nil)
|
|
518
|
+
response.write(body) if body
|
|
519
|
+
request.halt
|
|
520
|
+
end
|
|
521
|
+
|
|
514
522
|
def route_path(route, opts={})
|
|
515
523
|
path = "#{prefix}/#{route}"
|
|
516
524
|
path += "?#{Rack::Utils.build_nested_query(opts)}" unless opts.empty?
|
|
@@ -156,8 +156,7 @@ module Rodauth
|
|
|
156
156
|
end
|
|
157
157
|
elsif only_json?
|
|
158
158
|
response.status = json_response_error_status
|
|
159
|
-
|
|
160
|
-
request.halt
|
|
159
|
+
return_response non_json_request_error_message
|
|
161
160
|
end
|
|
162
161
|
|
|
163
162
|
super
|
|
@@ -175,8 +174,7 @@ module Rodauth
|
|
|
175
174
|
def _return_json_response
|
|
176
175
|
response.status ||= json_response_error_status if json_response[json_response_error_key]
|
|
177
176
|
response['Content-Type'] ||= json_response_content_type
|
|
178
|
-
|
|
179
|
-
request.halt
|
|
177
|
+
return_response _json_response_body(json_response)
|
|
180
178
|
end
|
|
181
179
|
|
|
182
180
|
def include_success_messages?
|
|
@@ -41,7 +41,7 @@ module Rodauth
|
|
|
41
41
|
response['Access-Control-Allow-Headers'] = jwt_cors_allow_headers
|
|
42
42
|
response['Access-Control-Max-Age'] = jwt_cors_max_age.to_s
|
|
43
43
|
response.status = 204
|
|
44
|
-
|
|
44
|
+
return_response
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
response['Access-Control-Expose-Headers'] = jwt_cors_expose_headers
|
|
@@ -277,8 +277,7 @@ module Rodauth
|
|
|
277
277
|
def show_lockout_page
|
|
278
278
|
set_response_error_reason_status(:account_locked_out, lockout_error_status)
|
|
279
279
|
set_error_flash login_lockout_error_flash
|
|
280
|
-
|
|
281
|
-
request.halt
|
|
280
|
+
return_response unlock_account_request_view
|
|
282
281
|
end
|
|
283
282
|
|
|
284
283
|
def unlock_account_email_recently_sent?
|
data/lib/rodauth/features/otp.rb
CHANGED
|
@@ -303,7 +303,7 @@ module Rodauth
|
|
|
303
303
|
end
|
|
304
304
|
|
|
305
305
|
def otp_qr_code
|
|
306
|
-
RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true)
|
|
306
|
+
RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true, :use_path=>true)
|
|
307
307
|
end
|
|
308
308
|
|
|
309
309
|
def otp_user_key
|
|
@@ -144,7 +144,7 @@ module Rodauth
|
|
|
144
144
|
opts[:value] = "#{account_id}_#{convert_token_key(remember_key_value)}"
|
|
145
145
|
opts[:expires] = convert_timestamp(active_remember_key_ds.get(remember_deadline_column))
|
|
146
146
|
opts[:path] = "/" unless opts.key?(:path)
|
|
147
|
-
opts[:httponly] = true unless opts.key?(:httponly)
|
|
147
|
+
opts[:httponly] = true unless opts.key?(:httponly) || opts.key?(:http_only)
|
|
148
148
|
opts[:secure] = true unless opts.key?(:secure) || !request.ssl?
|
|
149
149
|
::Rack::Utils.set_cookie_header!(response.headers, remember_cookie_key, opts)
|
|
150
150
|
end
|
|
@@ -195,8 +195,7 @@ module Rodauth
|
|
|
195
195
|
if account_from_login(login) && allow_resending_verify_account_email?
|
|
196
196
|
set_response_error_reason_status(:already_an_unverified_account_with_this_login, unopen_account_error_status)
|
|
197
197
|
set_error_flash attempt_to_create_unverified_account_error_flash
|
|
198
|
-
|
|
199
|
-
request.halt
|
|
198
|
+
return_response resend_verify_account_view
|
|
200
199
|
end
|
|
201
200
|
super
|
|
202
201
|
end
|
|
@@ -268,8 +267,7 @@ module Rodauth
|
|
|
268
267
|
unless open_account?
|
|
269
268
|
set_response_error_reason_status(:unverified_account, unopen_account_error_status)
|
|
270
269
|
set_error_flash attempt_to_login_to_unverified_account_error_flash
|
|
271
|
-
|
|
272
|
-
request.halt
|
|
270
|
+
return_response resend_verify_account_view
|
|
273
271
|
end
|
|
274
272
|
super
|
|
275
273
|
end
|
data/lib/rodauth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.23.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-04-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sequel
|
|
@@ -338,6 +338,7 @@ extra_rdoc_files:
|
|
|
338
338
|
- doc/release_notes/2.20.0.txt
|
|
339
339
|
- doc/release_notes/2.21.0.txt
|
|
340
340
|
- doc/release_notes/2.22.0.txt
|
|
341
|
+
- doc/release_notes/2.23.0.txt
|
|
341
342
|
- doc/release_notes/2.3.0.txt
|
|
342
343
|
- doc/release_notes/2.4.0.txt
|
|
343
344
|
- doc/release_notes/2.5.0.txt
|
|
@@ -447,6 +448,7 @@ files:
|
|
|
447
448
|
- doc/release_notes/2.20.0.txt
|
|
448
449
|
- doc/release_notes/2.21.0.txt
|
|
449
450
|
- doc/release_notes/2.22.0.txt
|
|
451
|
+
- doc/release_notes/2.23.0.txt
|
|
450
452
|
- doc/release_notes/2.3.0.txt
|
|
451
453
|
- doc/release_notes/2.4.0.txt
|
|
452
454
|
- doc/release_notes/2.5.0.txt
|