rodauth 2.23.0 → 2.24.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +10 -0
- data/doc/otp.rdoc +1 -0
- data/doc/recovery_codes.rdoc +1 -0
- data/doc/release_notes/2.24.0.txt +15 -0
- data/lib/rodauth/features/otp.rb +8 -2
- data/lib/rodauth/features/recovery_codes.rb +6 -1
- data/lib/rodauth/features/reset_password.rb +4 -4
- data/lib/rodauth/features/sms_codes.rb +1 -1
- data/lib/rodauth/version.rb +1 -1
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3db9ca9b25c4acd3e2b16cfca4a9efbc95758242e5030cbb33502440df4dbc15
|
|
4
|
+
data.tar.gz: e77ffff24d840adc1a17d162e58f76f99b363f063c070229315f45766d71a96a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 46064d3008752765daec092f037dc3d3b2b85a6f2a9c9a9b6fe1b4abec1cc9764d7c157adc736844ccbdde68f78a7b303225da5fe6caa895f650a9102b2cf271
|
|
7
|
+
data.tar.gz: fadc40b635e868e0b59f61faa566447f294e4fc174b0620e06bac1766c4fb6c1ce0944548d413443bc699c128b7c59d9f5c6dc7175fb46c2f9c3d1404e698c8e
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
=== 2.24.0 (2022-05-24)
|
|
2
|
+
|
|
3
|
+
* Work around implicit null byte check added in bcrypt 3.1.18 by checking password requirements before other password checks (jeremyevans)
|
|
4
|
+
|
|
5
|
+
* Fix invalid HTML on pages with OTP QR codes (jeremyevans)
|
|
6
|
+
|
|
7
|
+
* Add recovery_codes_available? configuration method to the recovery_codes feature (janko) (#238)
|
|
8
|
+
|
|
9
|
+
* Add otp_available? configuration method to the otp feature (janko) (#238)
|
|
10
|
+
|
|
1
11
|
=== 2.23.0 (2022-04-22)
|
|
2
12
|
|
|
3
13
|
* Don't automatically set :httponly cookie option if :http_only option is set in remember feature (jeremyevans)
|
data/doc/otp.rdoc
CHANGED
|
@@ -70,6 +70,7 @@ before_otp_setup_route :: Run arbitrary code before handling an OTP authenticati
|
|
|
70
70
|
otp :: The object used for verifying OTP authentication attempts.
|
|
71
71
|
otp_add_key(secret) :: Add an OTP key for the current account with the given secret.
|
|
72
72
|
otp_auth_view :: The HTML to use for the OTP authentication form.
|
|
73
|
+
otp_available? :: Whether OTP authentication is ready for use.
|
|
73
74
|
otp_disable_view :: The HTML to use for the OTP disable form.
|
|
74
75
|
otp_exists? :: Whether the current account has setup OTP.
|
|
75
76
|
otp_key :: The stored OTP secret for the account.
|
data/doc/recovery_codes.rdoc
CHANGED
|
@@ -57,4 +57,5 @@ new_recovery_code :: A new recovery code to insert into the recovery codes table
|
|
|
57
57
|
recovery_auth_view :: The HTML to use for the form to authenticate via a recovery code.
|
|
58
58
|
recovery_code_match?(code) :: Whether the given code matches any of the existing recovery_codes.
|
|
59
59
|
recovery_codes :: An array containing all valid recovery codes for the current account.
|
|
60
|
+
recovery_codes_available? :: Whether authentication via recovery codes is ready for use.
|
|
60
61
|
recovery_codes_view :: The HTML to use for the form to view recovery codes.
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
= New Features
|
|
2
|
+
|
|
3
|
+
* rodauth.otp_available? has been added for checking whether the
|
|
4
|
+
account is allowed to authenticate with OTP. It returns true
|
|
5
|
+
when the account has setup OTP and OTP use is not locked out.
|
|
6
|
+
|
|
7
|
+
* rodauth.recovery_codes_available? has been added for checking
|
|
8
|
+
whether the account is allowed to authenticate using a recovery
|
|
9
|
+
code. It returns true when there are any available recovery
|
|
10
|
+
codes for the account to use.
|
|
11
|
+
|
|
12
|
+
= Other Improvements
|
|
13
|
+
|
|
14
|
+
* The otp feature no longer includes the <?xml> tag for svg images,
|
|
15
|
+
since that results in invalid HTML.
|
data/lib/rodauth/features/otp.rb
CHANGED
|
@@ -76,6 +76,7 @@ module Rodauth
|
|
|
76
76
|
)
|
|
77
77
|
|
|
78
78
|
auth_methods(
|
|
79
|
+
:otp_available?,
|
|
79
80
|
:otp_exists?,
|
|
80
81
|
:otp_last_use,
|
|
81
82
|
:otp_locked_out?,
|
|
@@ -238,6 +239,10 @@ module Rodauth
|
|
|
238
239
|
end
|
|
239
240
|
end
|
|
240
241
|
|
|
242
|
+
def otp_available?
|
|
243
|
+
otp_exists? && !otp_locked_out?
|
|
244
|
+
end
|
|
245
|
+
|
|
241
246
|
def otp_exists?
|
|
242
247
|
!otp_key.nil?
|
|
243
248
|
end
|
|
@@ -303,7 +308,8 @@ module Rodauth
|
|
|
303
308
|
end
|
|
304
309
|
|
|
305
310
|
def otp_qr_code
|
|
306
|
-
RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true, :use_path=>true)
|
|
311
|
+
svg = RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true, :use_path=>true)
|
|
312
|
+
svg.sub(/\A<\?xml version="1\.0" standalone="yes"\?>/, '')
|
|
307
313
|
end
|
|
308
314
|
|
|
309
315
|
def otp_user_key
|
|
@@ -328,7 +334,7 @@ module Rodauth
|
|
|
328
334
|
|
|
329
335
|
def _two_factor_auth_links
|
|
330
336
|
links = super
|
|
331
|
-
links << [20, otp_auth_path, otp_auth_link_text] if
|
|
337
|
+
links << [20, otp_auth_path, otp_auth_link_text] if otp_available?
|
|
332
338
|
links
|
|
333
339
|
end
|
|
334
340
|
|
|
@@ -57,6 +57,7 @@ module Rodauth
|
|
|
57
57
|
:can_add_recovery_codes?,
|
|
58
58
|
:new_recovery_code,
|
|
59
59
|
:recovery_code_match?,
|
|
60
|
+
:recovery_codes_available?,
|
|
60
61
|
)
|
|
61
62
|
|
|
62
63
|
internal_request_method :recovery_codes
|
|
@@ -192,6 +193,10 @@ module Rodauth
|
|
|
192
193
|
end
|
|
193
194
|
end
|
|
194
195
|
|
|
196
|
+
def recovery_codes_available?
|
|
197
|
+
!recovery_codes_ds.empty?
|
|
198
|
+
end
|
|
199
|
+
|
|
195
200
|
def possible_authentication_methods
|
|
196
201
|
methods = super
|
|
197
202
|
methods << 'recovery_code' unless recovery_codes_ds.empty?
|
|
@@ -202,7 +207,7 @@ module Rodauth
|
|
|
202
207
|
|
|
203
208
|
def _two_factor_auth_links
|
|
204
209
|
links = super
|
|
205
|
-
links << [40, recovery_auth_path, recovery_auth_link_text]
|
|
210
|
+
links << [40, recovery_auth_path, recovery_auth_link_text] if recovery_codes_available?
|
|
206
211
|
links
|
|
207
212
|
end
|
|
208
213
|
|
|
@@ -130,6 +130,10 @@ module Rodauth
|
|
|
130
130
|
|
|
131
131
|
password = param(password_param)
|
|
132
132
|
catch_error do
|
|
133
|
+
unless password_meets_requirements?(password)
|
|
134
|
+
throw_error_status(invalid_field_error_status, password_param, password_does_not_meet_requirements_message)
|
|
135
|
+
end
|
|
136
|
+
|
|
133
137
|
if password_match?(password)
|
|
134
138
|
throw_error_reason(:same_as_existing_password, invalid_field_error_status, password_param, same_as_existing_password_message)
|
|
135
139
|
end
|
|
@@ -138,10 +142,6 @@ module Rodauth
|
|
|
138
142
|
throw_error_reason(:passwords_do_not_match, unmatched_field_error_status, password_param, passwords_do_not_match_message)
|
|
139
143
|
end
|
|
140
144
|
|
|
141
|
-
unless password_meets_requirements?(password)
|
|
142
|
-
throw_error_status(invalid_field_error_status, password_param, password_does_not_meet_requirements_message)
|
|
143
|
-
end
|
|
144
|
-
|
|
145
145
|
transaction do
|
|
146
146
|
before_reset_password
|
|
147
147
|
set_password(password)
|
data/lib/rodauth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.24.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-05-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sequel
|
|
@@ -339,6 +339,7 @@ extra_rdoc_files:
|
|
|
339
339
|
- doc/release_notes/2.21.0.txt
|
|
340
340
|
- doc/release_notes/2.22.0.txt
|
|
341
341
|
- doc/release_notes/2.23.0.txt
|
|
342
|
+
- doc/release_notes/2.24.0.txt
|
|
342
343
|
- doc/release_notes/2.3.0.txt
|
|
343
344
|
- doc/release_notes/2.4.0.txt
|
|
344
345
|
- doc/release_notes/2.5.0.txt
|
|
@@ -449,6 +450,7 @@ files:
|
|
|
449
450
|
- doc/release_notes/2.21.0.txt
|
|
450
451
|
- doc/release_notes/2.22.0.txt
|
|
451
452
|
- doc/release_notes/2.23.0.txt
|
|
453
|
+
- doc/release_notes/2.24.0.txt
|
|
452
454
|
- doc/release_notes/2.3.0.txt
|
|
453
455
|
- doc/release_notes/2.4.0.txt
|
|
454
456
|
- doc/release_notes/2.5.0.txt
|
|
@@ -575,13 +577,13 @@ files:
|
|
|
575
577
|
- templates/webauthn-auth.str
|
|
576
578
|
- templates/webauthn-remove.str
|
|
577
579
|
- templates/webauthn-setup.str
|
|
578
|
-
homepage: https://
|
|
580
|
+
homepage: https://rodauth.jeremyevans.net
|
|
579
581
|
licenses:
|
|
580
582
|
- MIT
|
|
581
583
|
metadata:
|
|
582
584
|
bug_tracker_uri: https://github.com/jeremyevans/rodauth/issues
|
|
583
|
-
changelog_uri:
|
|
584
|
-
documentation_uri:
|
|
585
|
+
changelog_uri: https://rodauth.jeremyevans.net/rdoc/files/CHANGELOG.html
|
|
586
|
+
documentation_uri: https://rodauth.jeremyevans.net/documentation.html
|
|
585
587
|
mailing_list_uri: https://github.com/jeremyevans/rodauth/discussions
|
|
586
588
|
source_code_uri: https://github.com/jeremyevans/rodauth
|
|
587
589
|
post_install_message:
|