rodauth 2.23.0 → 2.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +10 -0
- data/doc/otp.rdoc +1 -0
- data/doc/recovery_codes.rdoc +1 -0
- data/doc/release_notes/2.24.0.txt +15 -0
- data/lib/rodauth/features/otp.rb +8 -2
- data/lib/rodauth/features/recovery_codes.rb +6 -1
- data/lib/rodauth/features/reset_password.rb +4 -4
- data/lib/rodauth/features/sms_codes.rb +1 -1
- data/lib/rodauth/version.rb +1 -1
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3db9ca9b25c4acd3e2b16cfca4a9efbc95758242e5030cbb33502440df4dbc15
|
|
4
|
+
data.tar.gz: e77ffff24d840adc1a17d162e58f76f99b363f063c070229315f45766d71a96a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 46064d3008752765daec092f037dc3d3b2b85a6f2a9c9a9b6fe1b4abec1cc9764d7c157adc736844ccbdde68f78a7b303225da5fe6caa895f650a9102b2cf271
|
|
7
|
+
data.tar.gz: fadc40b635e868e0b59f61faa566447f294e4fc174b0620e06bac1766c4fb6c1ce0944548d413443bc699c128b7c59d9f5c6dc7175fb46c2f9c3d1404e698c8e
|
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
=== 2.24.0 (2022-05-24)
|
|
2
|
+
|
|
3
|
+
* Work around implicit null byte check added in bcrypt 3.1.18 by checking password requirements before other password checks (jeremyevans)
|
|
4
|
+
|
|
5
|
+
* Fix invalid HTML on pages with OTP QR codes (jeremyevans)
|
|
6
|
+
|
|
7
|
+
* Add recovery_codes_available? configuration method to the recovery_codes feature (janko) (#238)
|
|
8
|
+
|
|
9
|
+
* Add otp_available? configuration method to the otp feature (janko) (#238)
|
|
10
|
+
|
|
1
11
|
=== 2.23.0 (2022-04-22)
|
|
2
12
|
|
|
3
13
|
* Don't automatically set :httponly cookie option if :http_only option is set in remember feature (jeremyevans)
|
data/doc/otp.rdoc
CHANGED
|
@@ -70,6 +70,7 @@ before_otp_setup_route :: Run arbitrary code before handling an OTP authenticati
|
|
|
70
70
|
otp :: The object used for verifying OTP authentication attempts.
|
|
71
71
|
otp_add_key(secret) :: Add an OTP key for the current account with the given secret.
|
|
72
72
|
otp_auth_view :: The HTML to use for the OTP authentication form.
|
|
73
|
+
otp_available? :: Whether OTP authentication is ready for use.
|
|
73
74
|
otp_disable_view :: The HTML to use for the OTP disable form.
|
|
74
75
|
otp_exists? :: Whether the current account has setup OTP.
|
|
75
76
|
otp_key :: The stored OTP secret for the account.
|
data/doc/recovery_codes.rdoc
CHANGED
|
@@ -57,4 +57,5 @@ new_recovery_code :: A new recovery code to insert into the recovery codes table
|
|
|
57
57
|
recovery_auth_view :: The HTML to use for the form to authenticate via a recovery code.
|
|
58
58
|
recovery_code_match?(code) :: Whether the given code matches any of the existing recovery_codes.
|
|
59
59
|
recovery_codes :: An array containing all valid recovery codes for the current account.
|
|
60
|
+
recovery_codes_available? :: Whether authentication via recovery codes is ready for use.
|
|
60
61
|
recovery_codes_view :: The HTML to use for the form to view recovery codes.
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
= New Features
|
|
2
|
+
|
|
3
|
+
* rodauth.otp_available? has been added for checking whether the
|
|
4
|
+
account is allowed to authenticate with OTP. It returns true
|
|
5
|
+
when the account has setup OTP and OTP use is not locked out.
|
|
6
|
+
|
|
7
|
+
* rodauth.recovery_codes_available? has been added for checking
|
|
8
|
+
whether the account is allowed to authenticate using a recovery
|
|
9
|
+
code. It returns true when there are any available recovery
|
|
10
|
+
codes for the account to use.
|
|
11
|
+
|
|
12
|
+
= Other Improvements
|
|
13
|
+
|
|
14
|
+
* The otp feature no longer includes the <?xml> tag for svg images,
|
|
15
|
+
since that results in invalid HTML.
|
data/lib/rodauth/features/otp.rb
CHANGED
|
@@ -76,6 +76,7 @@ module Rodauth
|
|
|
76
76
|
)
|
|
77
77
|
|
|
78
78
|
auth_methods(
|
|
79
|
+
:otp_available?,
|
|
79
80
|
:otp_exists?,
|
|
80
81
|
:otp_last_use,
|
|
81
82
|
:otp_locked_out?,
|
|
@@ -238,6 +239,10 @@ module Rodauth
|
|
|
238
239
|
end
|
|
239
240
|
end
|
|
240
241
|
|
|
242
|
+
def otp_available?
|
|
243
|
+
otp_exists? && !otp_locked_out?
|
|
244
|
+
end
|
|
245
|
+
|
|
241
246
|
def otp_exists?
|
|
242
247
|
!otp_key.nil?
|
|
243
248
|
end
|
|
@@ -303,7 +308,8 @@ module Rodauth
|
|
|
303
308
|
end
|
|
304
309
|
|
|
305
310
|
def otp_qr_code
|
|
306
|
-
RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true, :use_path=>true)
|
|
311
|
+
svg = RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true, :use_path=>true)
|
|
312
|
+
svg.sub(/\A<\?xml version="1\.0" standalone="yes"\?>/, '')
|
|
307
313
|
end
|
|
308
314
|
|
|
309
315
|
def otp_user_key
|
|
@@ -328,7 +334,7 @@ module Rodauth
|
|
|
328
334
|
|
|
329
335
|
def _two_factor_auth_links
|
|
330
336
|
links = super
|
|
331
|
-
links << [20, otp_auth_path, otp_auth_link_text] if
|
|
337
|
+
links << [20, otp_auth_path, otp_auth_link_text] if otp_available?
|
|
332
338
|
links
|
|
333
339
|
end
|
|
334
340
|
|
|
@@ -57,6 +57,7 @@ module Rodauth
|
|
|
57
57
|
:can_add_recovery_codes?,
|
|
58
58
|
:new_recovery_code,
|
|
59
59
|
:recovery_code_match?,
|
|
60
|
+
:recovery_codes_available?,
|
|
60
61
|
)
|
|
61
62
|
|
|
62
63
|
internal_request_method :recovery_codes
|
|
@@ -192,6 +193,10 @@ module Rodauth
|
|
|
192
193
|
end
|
|
193
194
|
end
|
|
194
195
|
|
|
196
|
+
def recovery_codes_available?
|
|
197
|
+
!recovery_codes_ds.empty?
|
|
198
|
+
end
|
|
199
|
+
|
|
195
200
|
def possible_authentication_methods
|
|
196
201
|
methods = super
|
|
197
202
|
methods << 'recovery_code' unless recovery_codes_ds.empty?
|
|
@@ -202,7 +207,7 @@ module Rodauth
|
|
|
202
207
|
|
|
203
208
|
def _two_factor_auth_links
|
|
204
209
|
links = super
|
|
205
|
-
links << [40, recovery_auth_path, recovery_auth_link_text]
|
|
210
|
+
links << [40, recovery_auth_path, recovery_auth_link_text] if recovery_codes_available?
|
|
206
211
|
links
|
|
207
212
|
end
|
|
208
213
|
|
|
@@ -130,6 +130,10 @@ module Rodauth
|
|
|
130
130
|
|
|
131
131
|
password = param(password_param)
|
|
132
132
|
catch_error do
|
|
133
|
+
unless password_meets_requirements?(password)
|
|
134
|
+
throw_error_status(invalid_field_error_status, password_param, password_does_not_meet_requirements_message)
|
|
135
|
+
end
|
|
136
|
+
|
|
133
137
|
if password_match?(password)
|
|
134
138
|
throw_error_reason(:same_as_existing_password, invalid_field_error_status, password_param, same_as_existing_password_message)
|
|
135
139
|
end
|
|
@@ -138,10 +142,6 @@ module Rodauth
|
|
|
138
142
|
throw_error_reason(:passwords_do_not_match, unmatched_field_error_status, password_param, passwords_do_not_match_message)
|
|
139
143
|
end
|
|
140
144
|
|
|
141
|
-
unless password_meets_requirements?(password)
|
|
142
|
-
throw_error_status(invalid_field_error_status, password_param, password_does_not_meet_requirements_message)
|
|
143
|
-
end
|
|
144
|
-
|
|
145
145
|
transaction do
|
|
146
146
|
before_reset_password
|
|
147
147
|
set_password(password)
|
data/lib/rodauth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.24.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-05-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sequel
|
|
@@ -339,6 +339,7 @@ extra_rdoc_files:
|
|
|
339
339
|
- doc/release_notes/2.21.0.txt
|
|
340
340
|
- doc/release_notes/2.22.0.txt
|
|
341
341
|
- doc/release_notes/2.23.0.txt
|
|
342
|
+
- doc/release_notes/2.24.0.txt
|
|
342
343
|
- doc/release_notes/2.3.0.txt
|
|
343
344
|
- doc/release_notes/2.4.0.txt
|
|
344
345
|
- doc/release_notes/2.5.0.txt
|
|
@@ -449,6 +450,7 @@ files:
|
|
|
449
450
|
- doc/release_notes/2.21.0.txt
|
|
450
451
|
- doc/release_notes/2.22.0.txt
|
|
451
452
|
- doc/release_notes/2.23.0.txt
|
|
453
|
+
- doc/release_notes/2.24.0.txt
|
|
452
454
|
- doc/release_notes/2.3.0.txt
|
|
453
455
|
- doc/release_notes/2.4.0.txt
|
|
454
456
|
- doc/release_notes/2.5.0.txt
|
|
@@ -575,13 +577,13 @@ files:
|
|
|
575
577
|
- templates/webauthn-auth.str
|
|
576
578
|
- templates/webauthn-remove.str
|
|
577
579
|
- templates/webauthn-setup.str
|
|
578
|
-
homepage: https://
|
|
580
|
+
homepage: https://rodauth.jeremyevans.net
|
|
579
581
|
licenses:
|
|
580
582
|
- MIT
|
|
581
583
|
metadata:
|
|
582
584
|
bug_tracker_uri: https://github.com/jeremyevans/rodauth/issues
|
|
583
|
-
changelog_uri:
|
|
584
|
-
documentation_uri:
|
|
585
|
+
changelog_uri: https://rodauth.jeremyevans.net/rdoc/files/CHANGELOG.html
|
|
586
|
+
documentation_uri: https://rodauth.jeremyevans.net/documentation.html
|
|
585
587
|
mailing_list_uri: https://github.com/jeremyevans/rodauth/discussions
|
|
586
588
|
source_code_uri: https://github.com/jeremyevans/rodauth
|
|
587
589
|
post_install_message:
|