rodauth 2.25.0 → 2.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 934d5c19d29c583ebc73a057ba96a1c321741a64c965b22f4a243a42f56eab81
-  data.tar.gz: 6398ec3d3bc1ee36a2195909b545ba5df9f0282c5a5b9136babb3538f21cb98e
+  metadata.gz: 4a071d4186e38bc942b2eeff4eb684dc5600f9b56e182b77bbdb1db1ecb0b26e
+  data.tar.gz: 828ee9405e19f0f368101ce7fa00c5db997dfe32137a5da36f842ac1ac350d03
 SHA512:
-  metadata.gz: 32bae60cf66d97326397f3429d74ac2e7093afae74c59191bba5013ad6c7ec46782ddfa54c0a28b9a68c38cbf52b7e5071cd9d4eb7e434e5632c70842658120c
-  data.tar.gz: b157ffa28b3f539c7618d747ab8cee321de6fbfdac11c603176b325ce54d10294a9b8860715a27c08e7d6128928e78d51e8f776b0201fcadec99075354c32f51
+  metadata.gz: 8813675142dc50ec6f2383a76e5f10a9fdc8071ff3be1f328cd44d51e910f2908546b3ad7db1b93f0f54e24318ab1b29c18fc8db5b978357212b93a11624cab6
+  data.tar.gz: b502557f7fffd20431601ecf85dde35451823eac85e8bd70334f6fc619cf03ea725439dffc8e362fc28a530a12520e74b1b681f4640477a0a95304396cc04422

data/CHANGELOG

@@ -1,3 +1,19 @@
+=== 2.26.0 (2022-10-21)
+
+* Raise a more informative error when using a feature requiring hmac_secret but not setting hmac_secret (janko) (#271)
+
+* Limit parameter bytesize to 1024 by default, override with max_param_bytesize configuration method (jeremyevans)
+
+* Skip displaying links for disabled routes (janko) (#269)
+
+* Do not prefix flash keys with the session key prefix (jeremyevans) (#266)
+
+* Set configuration_name correctly for internal request classes (janko) (#265)
+
+* Add argon2_secret configuration method to the argon2 feature to specify the secret/pepper used for argon2 password hashes (janko) (#264)
+
+* Use white background instead of transparent background for QR code in otp feature (jeremyevans) (#256)
+
 === 2.25.0 (2022-06-22)
 
 * Support disabling routes by passing nil/false to *_route methods (janko) (#245)

data/README.rdoc

@@ -80,7 +80,7 @@ features in use. These are development dependencies instead of
 runtime dependencies in the gem as it is possible to run without them:
 
 tilt :: Used by all features unless in JSON API only mode.
-rack_csrf :: Used for CSRF support if the :csrf=>:rack_csrf plugin
+rack_csrf :: Used for CSRF support if the <tt>csrf: :rack_csrf</tt> plugin
              option is given (the default is to use Roda's route_csrf
              plugin, as that allows for more secure request-specific
              tokens).
@@ -336,18 +336,18 @@ When running the migration for the +ph+ user you'll need to modify a couple
 things for the schema changes:
 
   create_table(:account_password_hashes) do
-    foreign_key :id, Sequel[:${DATABASE_NAME}][:accounts], :primary_key=>true, :type=>:Bignum
-    String :password_hash, :null=>false
+    foreign_key :id, Sequel[:${DATABASE_NAME}][:accounts], primary_key: true, type: :Bignum
+    String :password_hash, null: false
   end
-  Rodauth.create_database_authentication_functions(self, :table_name=>Sequel[:${DATABASE_NAME}_password][:account_password_hashes])
+  Rodauth.create_database_authentication_functions(self, table_name: Sequel[:${DATABASE_NAME}_password][:account_password_hashes])
 
   # if using the disallow_password_reuse feature:
   create_table(:account_previous_password_hashes) do
-    primary_key :id, :type=>:Bignum
-    foreign_key :account_id, Sequel[:${DATABASE_NAME}][:accounts], :type=>:Bignum
-    String :password_hash, :null=>false
+    primary_key :id, type: :Bignum
+    foreign_key :account_id, Sequel[:${DATABASE_NAME}][:accounts], type: :Bignum
+    String :password_hash, null: false
   end
-  Rodauth.create_database_previous_password_check_functions(self, :table_name=>Sequel[:${DATABASE_NAME}_password][:account_previous_password_hashes])
+  Rodauth.create_database_previous_password_check_functions(self, table_name: Sequel[:${DATABASE_NAME}_password][:account_previous_password_hashes])
 
 You'll also need to use the following Rodauth configuration methods so that the
 app account calls functions in a separate schema:
@@ -412,33 +412,33 @@ Note that these migrations require Sequel 4.35.0+.
 
       # Used by the account verification and close account features
       create_table(:account_statuses) do
-        Integer :id, :primary_key=>true
-        String :name, :null=>false, :unique=>true
+        Integer :id, primary_key: true
+        String :name, null: false, unique: true
       end
       from(:account_statuses).import([:id, :name], [[1, 'Unverified'], [2, 'Verified'], [3, 'Closed']])
 
       db = self
       create_table(:accounts) do
-        primary_key :id, :type=>:Bignum
-        foreign_key :status_id, :account_statuses, :null=>false, :default=>1
+        primary_key :id, type: :Bignum
+        foreign_key :status_id, :account_statuses, null: false, default: 1
         if db.database_type == :postgres
-          citext :email, :null=>false
-          constraint :valid_email, :email=>/^[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+$/
+          citext :email, null: false
+          constraint :valid_email, email: /^[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+$/
         else
-          String :email, :null=>false
+          String :email, null: false
         end
         if db.supports_partial_indexes?
-          index :email, :unique=>true, :where=>{:status_id=>[1, 2]}
+          index :email, unique: true, where: {status_id: [1, 2]}
         else
-          index :email, :unique=>true
+          index :email, unique: true
         end
       end
 
       deadline_opts = proc do |days|
         if database_type == :mysql
-          {:null=>false}
+          {null: false}
         else
-          {:null=>false, :default=>Sequel.date_add(Sequel::CURRENT_TIMESTAMP, :days=>days)}
+          {null: false, default: Sequel.date_add(Sequel::CURRENT_TIMESTAMP, days: days)}
         end
       end
 
@@ -452,140 +452,140 @@ Note that these migrations require Sequel 4.35.0+.
         String
       end
       create_table(:account_authentication_audit_logs) do
-        primary_key :id, :type=>:Bignum
-        foreign_key :account_id, :accounts, :null=>false, :type=>:Bignum
-        DateTime :at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-        String :message, :null=>false
+        primary_key :id, type: :Bignum
+        foreign_key :account_id, :accounts, null: false, type: :Bignum
+        DateTime :at, null: false, default: Sequel::CURRENT_TIMESTAMP
+        String :message, null: false
         column :metadata, json_type
-        index [:account_id, :at], :name=>:audit_account_at_idx
-        index :at, :name=>:audit_at_idx
+        index [:account_id, :at], name: :audit_account_at_idx
+        index :at, name: :audit_at_idx
       end
 
       # Used by the password reset feature
       create_table(:account_password_reset_keys) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :key, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :key, null: false
         DateTime :deadline, deadline_opts[1]
-        DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
+        DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP
       end
 
       # Used by the jwt refresh feature
       create_table(:account_jwt_refresh_keys) do
-        primary_key :id, :type=>:Bignum
-        foreign_key :account_id, :accounts, :null=>false, :type=>:Bignum
-        String :key, :null=>false
+        primary_key :id, type: :Bignum
+        foreign_key :account_id, :accounts, null: false, type: :Bignum
+        String :key, null: false
         DateTime :deadline, deadline_opts[1]
-        index :account_id, :name=>:account_jwt_rk_account_id_idx
+        index :account_id, name: :account_jwt_rk_account_id_idx
       end
 
       # Used by the account verification feature
       create_table(:account_verification_keys) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :key, :null=>false
-        DateTime :requested_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-        DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :key, null: false
+        DateTime :requested_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+        DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP
       end
 
       # Used by the verify login change feature
       create_table(:account_login_change_keys) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :key, :null=>false
-        String :login, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :key, null: false
+        String :login, null: false
         DateTime :deadline, deadline_opts[1]
       end
 
       # Used by the remember me feature
       create_table(:account_remember_keys) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :key, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :key, null: false
         DateTime :deadline, deadline_opts[14]
       end
 
       # Used by the lockout feature
       create_table(:account_login_failures) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        Integer :number, :null=>false, :default=>1
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        Integer :number, null: false, default: 1
       end
       create_table(:account_lockouts) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :key, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :key, null: false
         DateTime :deadline, deadline_opts[1]
         DateTime :email_last_sent
       end
 
       # Used by the email auth feature
       create_table(:account_email_auth_keys) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :key, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :key, null: false
         DateTime :deadline, deadline_opts[1]
-        DateTime :email_last_sent, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
+        DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP
       end
 
       # Used by the password expiration feature
       create_table(:account_password_change_times) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        DateTime :changed_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        DateTime :changed_at, null: false, default: Sequel::CURRENT_TIMESTAMP
       end
 
       # Used by the account expiration feature
       create_table(:account_activity_times) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        DateTime :last_activity_at, :null=>false
-        DateTime :last_login_at, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        DateTime :last_activity_at, null: false
+        DateTime :last_login_at, null: false
         DateTime :expired_at
       end
 
       # Used by the single session feature
       create_table(:account_session_keys) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :key, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :key, null: false
       end
 
       # Used by the active sessions feature
       create_table(:account_active_session_keys) do
-        foreign_key :account_id, :accounts, :type=>:Bignum
+        foreign_key :account_id, :accounts, type: :Bignum
         String :session_id
-        Time :created_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
-        Time :last_use, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
+        Time :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+        Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
         primary_key [:account_id, :session_id]
       end
 
       # Used by the webauthn feature
       create_table(:account_webauthn_user_ids) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :webauthn_id, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :webauthn_id, null: false
       end
       create_table(:account_webauthn_keys) do
-        foreign_key :account_id, :accounts, :type=>:Bignum
+        foreign_key :account_id, :accounts, type: :Bignum
         String :webauthn_id
-        String :public_key, :null=>false
-        Integer :sign_count, :null=>false
-        Time :last_use, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
+        String :public_key, null: false
+        Integer :sign_count, null: false
+        Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
         primary_key [:account_id, :webauthn_id]
       end
 
       # Used by the otp feature
       create_table(:account_otp_keys) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :key, :null=>false
-        Integer :num_failures, :null=>false, :default=>0
-        Time :last_use, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :key, null: false
+        Integer :num_failures, null: false, default: 0
+        Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
       end
 
       # Used by the recovery codes feature
       create_table(:account_recovery_codes) do
-        foreign_key :id, :accounts, :type=>:Bignum
+        foreign_key :id, :accounts, type: :Bignum
         String :code
         primary_key [:id, :code]
       end
 
       # Used by the sms codes feature
       create_table(:account_sms_codes) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :phone_number, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :phone_number, null: false
         Integer :num_failures
         String :code
-        DateTime :code_issued_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
+        DateTime :code_issued_at, null: false, default: Sequel::CURRENT_TIMESTAMP
       end
 
       case database_type
@@ -652,8 +652,8 @@ Second migration, run using the +ph+ account:
   Sequel.migration do
     up do
       create_table(:account_password_hashes) do
-        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
-        String :password_hash, :null=>false
+        foreign_key :id, :accounts, primary_key: true, type: :Bignum
+        String :password_hash, null: false
       end
       Rodauth.create_database_authentication_functions(self)
       case database_type
@@ -682,9 +682,9 @@ Second migration, run using the +ph+ account:
 
       # Used by the disallow_password_reuse feature
       create_table(:account_previous_password_hashes) do
-        primary_key :id, :type=>:Bignum
-        foreign_key :account_id, :accounts, :type=>:Bignum
-        String :password_hash, :null=>false
+        primary_key :id, type: :Bignum
+        foreign_key :account_id, :accounts, type: :Bignum
+        String :password_hash, null: false
       end
       Rodauth.create_database_previous_password_check_functions(self)
 
@@ -725,8 +725,8 @@ To support multiple separate migration users, you can run the migration
 for the password user using Sequel's migration API: 
 
   Sequel.extension :migration
-  Sequel.postgres('DATABASE_NAME', :user=>'PASSWORD_USER_NAME') do |db|
-    Sequel::Migrator.run(db, 'path/to/password_user/migrations', :table=>'schema_info_password')
+  Sequel.postgres('DATABASE_NAME', user: 'PASSWORD_USER_NAME') do |db|
+    Sequel::Migrator.run(db, 'path/to/password_user/migrations', table: 'schema_info_password')
   end
 
 If the database is not PostgreSQL, MySQL, or Microsoft SQL Server, or you
@@ -1112,7 +1112,7 @@ providing a name for any alternate configuration:
 
   plugin :rodauth do
   end
-  plugin :rodauth, :name=>:secondary do
+  plugin :rodauth, name: :secondary do
   end
 
 Then in your routing code, any time you call rodauth, you can provide
@@ -1133,7 +1133,7 @@ alternate configurations.  If you are using the remember feature in both
 configurations, you may also want to set a different remember key in the
 alternate configuration:
 
-  plugin :rodauth, :name=>:secondary do
+  plugin :rodauth, name: :secondary do
     session_key_prefix "secondary_"
     remember_cookie_key "_secondary_remember"
   end
@@ -1235,7 +1235,7 @@ Facebook OAuth access token.
 
     account_from_login do |access_token|
       fb = Koala::Facebook::API.new(access_token)
-      if me = fb.get_object('me', :fields=>[:email])
+      if me = fb.get_object('me', fields: [:email])
         me['email']
       end
     end
@@ -1369,7 +1369,7 @@ To add support for handling JSON responses, you can pass the +:json+
 option to the plugin, and enable the JWT feature in addition to
 other features you plan to use:
 
-  plugin :rodauth, :json=>true do
+  plugin :rodauth, json: true do
     enable :login, :logout, :jwt
   end
 
@@ -1377,12 +1377,12 @@ If you do not want to load the HTML plugins that Rodauth usually loads
 (render, csrf, flash, h), because you are building a JSON-only API,
 pass <tt>:json => :only</tt>
 
-  plugin :rodauth, :json=>:only do
+  plugin :rodauth, json: :only do
     enable :login, :logout, :jwt
   end
 
 Note that by default, the features that send email depend on the
-render plugin, so if using the <tt>:json=>:only</tt> option, you
+render plugin, so if using the <tt>json: :only</tt> option, you
 either need to load the render plugin manually or you need to
 use the necessary *_email_body configuration options to specify
 the body of the emails.
@@ -1391,7 +1391,7 @@ The JWT feature enables JSON API support for all of the other features
 that Rodauth ships with. If you would like JSON API access that still uses
 rack session for storing session data, enable the JSON feature instead:
 
-  plugin :rodauth, :json=>true do
+  plugin :rodauth, json: true do
     enable :login, :logout, :json
     only_json? true # if you want to only handle JSON requests
   end

data/doc/argon2.rdoc

@@ -46,4 +46,5 @@ memory.
 
 == Auth Value Methods
 
+argon2_secret :: A secret key used as input at hashing time, folded into the value of the hash.
 use_argon2? :: Whether to use the argon2 password hash algorithm for new passwords (true by default). The only reason to set this to false is if you have existing passwords using argon2 that you want to support, but want to use bcrypt for new passwords.

data/doc/base.rdoc

@@ -60,6 +60,7 @@ login_required_error_status :: The response status to return when a login is req
 login_uses_email? :: Whether the login field uses email, used to set the type of the login field as well as the autocomplete setting.
 mark_input_fields_with_autocomplete? :: Whether input fields should be marked with autocomplete attribute appropriate for the field, true by default.
 mark_input_fields_with_inputmode? :: Whether input fields should be marked with inputmode attribute appropriate for the field, true by default.
+max_param_bytesize :: The maximum bytesize allowed for submitted parameters, 1024 by default. Use nil for no limit.
 modifications_require_password? :: Whether making changes to an account requires the user reinputing their password.  True by default if the account has a password.
 no_matching_login_error_status :: The response status to use when the login is not in the database, 401 by default.
 no_matching_login_message :: The error message to display when the login used is not in the database.
@@ -101,6 +102,7 @@ logged_in? :: Whether the current session is logged in.
 login_required :: Action to take when a login is required to access the page and the user is not logged in.
 null_byte_parameter_value(key, value) :: The value to use for the parameter if the parameter includes an ASCII NUL byte ("\0"), nil by default to ignore the parameter.
 open_account? :: Whether the current account is an open account (not closed or unverified).
+over_max_bytesize_param_value(key, value) :: The value to use for the parameter if the parameter is over the maximum allowed bytesize, nil by default to ignore the parameter.
 password_match?(password) :: Check whether the given password matches the stored password hash.
 random_key :: A randomly generated string, used for creating tokens.
 redirect(path) :: Redirect the request to the given path.

data/doc/password_pepper.rdoc

@@ -15,6 +15,14 @@ If your database already contains password hashes that were created without a
 password pepper, these will get automatically updated with a password pepper
 next time the user successfully enters their password.
 
+If you're using bcrypt (default), you should set +password_maximum_bytes+ so
+that password + pepper don't exceed 72 bytes. This is because bcrypt truncates
+passwords longer than 72 bytes, enabling an attacker to crack the pepper if the
+password bytesize is unlimited. If you're using argon2, you should probably set
++argon2_secret+ instead of using this feature.
+
+== Pepper Rotation
+
 You can rotate the password pepper as well, just make sure to add the previous
 pepper to the +previous_password_peppers+ array. Password hashes using the old
 pepper will get automatically updated on the next successful password match.

data/doc/release_notes/2.26.0.txt

@@ -0,0 +1,45 @@
+= New Features
+
+* An argon2_secret configuration method has been added to the argon2
+  feature, supporting argon2's built-in password peppering.
+
+= Other Improvements
+
+* Links are no longer automatically displayed for routes that are
+  disabled by calling the *_route method with nil.
+
+* The QR code used by the otp feature now uses a white background
+  instead of a transparent background, fixing issues when the
+  underlying background is dark.
+
+* Input parameter bytesize is now limited to 1024 bytes by default.
+  Parameters larger than that will be ignored, as if they weren't
+  submitted.
+
+* The Rodauth::Auth class for internal request classes now uses the
+  same configuration name as the class it is based on.
+
+* The session_key_prefix configuration method no longer also prefixes
+  the keys used in the flash hash.
+
+* The *_path and *_url methods now return nil when the related *_route
+  method returns nil, indicating the route is disabled.
+
+* A more explicit error message is raised when using a feature that
+  requires the hmac_secret being set and not setting hmac_secret.
+
+= Backwards Compatibility
+
+* If you are using session_key_prefix and flash messages, you will
+  probably need to adjust your code to remove the prefix from the
+  expected flash keys, or manually prefix the flash keys by using
+  the flash_error_key and flash_notice_key configuration methods.
+
+* The limiting of input parameter bytesizes by default could potentially
+  break applications that use Rodauth's parameter parsing method to
+  handle parameters that Rodauth itself doesn't handle.  You can use
+  the max_param_bytesize configuration method to set a larger bytesize,
+  or use a value of nil with the method for the previous behavior of
+  no limit.  Additionally, to customize the behavior if a parameter
+  is over the allowed bytesize, you can use the
+  over_max_bytesize_param_value configuration method.

data/lib/rodauth/features/argon2.rb

@@ -12,6 +12,7 @@ module Rodauth
   Feature.define(:argon2, :Argon2) do
     depends :login_password_requirements_base
 
+    auth_value_method :argon2_secret, nil
     auth_value_method :use_argon2?, true
 
     private
@@ -35,7 +36,14 @@ module Rodauth
 
     def password_hash(password)
       return super unless use_argon2?
-      ::Argon2::Password.new(password_hash_cost).create(password)
+
+      if secret = argon2_secret
+        argon2_params = Hash[password_hash_cost]
+        argon2_params[:secret] = secret
+      else
+        argon2_params = password_hash_cost
+      end
+      ::Argon2::Password.new(argon2_params).create(password)
     end
 
     def password_hash_match?(hash, password)
@@ -48,6 +56,7 @@ module Rodauth
 
       argon2_params = Hash[extract_password_hash_cost(salt)]
       argon2_params[argon2_salt_option] = Base64.decode64(salt.split('$').last)
+      argon2_params[:secret] = argon2_secret
       ::Argon2::Password.new(argon2_params).create(password)
     end
 
@@ -75,7 +84,7 @@ module Rodauth
     end
 
     def argon2_password_hash_match?(hash, password)
-      ::Argon2::Password.verify_password(password, hash)
+      ::Argon2::Password.verify_password(password, hash, argon2_secret)
     end
   end
 end

data/lib/rodauth/features/base.rb

@@ -24,8 +24,8 @@ module Rodauth
     auth_value_method :check_csrf_block, nil
     auth_value_method :check_csrf_opts, {}.freeze
     auth_value_method :default_redirect, '/'
-    session_key :flash_error_key, :error
-    session_key :flash_notice_key, :notice
+    flash_key :flash_error_key, :error
+    flash_key :flash_notice_key, :notice
     auth_value_method :hmac_secret, nil
     translatable_method :input_field_label_suffix, ''
     auth_value_method :input_field_error_class, 'error is-invalid'
@@ -37,6 +37,7 @@ module Rodauth
     auth_value_method :login_column, :email
     auth_value_method :login_required_error_status, 401
     auth_value_method :lockout_error_status, 403
+    auth_value_method :max_param_bytesize, 1024
     auth_value_method :password_hash_id_column, :id
     auth_value_method :password_hash_column, :password_hash
     auth_value_method :password_hash_table, :account_password_hashes
@@ -96,6 +97,7 @@ module Rodauth
       :login_required,
       :null_byte_parameter_value,
       :open_account?,
+      :over_max_bytesize_param_value,
       :password_match?,
       :random_key,
       :redirect,
@@ -455,11 +457,17 @@ module Rodauth
       value = raw_param(key)
       unless value.nil?
         value = value.to_s
-        value = null_byte_parameter_value(key, value) if value.include?("\0")
+        value = over_max_bytesize_param_value(key, value) if max_param_bytesize && value.bytesize > max_param_bytesize
+        value = null_byte_parameter_value(key, value) if value && value.include?("\0")
       end
       value
     end
 
+    # Return nil by default for values over maximum bytesize.
+    def over_max_bytesize_param_value(key, value)
+      nil
+    end
+
     # Return nil by default for values with null bytes
     def null_byte_parameter_value(key, value)
       nil
@@ -541,7 +549,11 @@ module Rodauth
     end
 
     def convert_session_key(key)
-      key = "#{session_key_prefix}#{key}".to_sym if session_key_prefix
+      key = :"#{session_key_prefix}#{key}" if session_key_prefix
+      normalize_session_or_flash_key(key)
+    end
+
+    def normalize_session_or_flash_key(key)
       scope.opts[:sessions_convert_symbols] ? key.to_s : key
     end
 
@@ -654,7 +666,7 @@ module Rodauth
     end
 
     def _account_from_login(login)
-      ds = db[accounts_table].where(login_column=>login)
+      ds = account_table_ds.where(login_column=>login)
       ds = ds.select(*account_select) if account_select
       ds = ds.where(account_status_column=>[account_unverified_status_value, account_open_status_value]) unless skip_status_checks?
       ds.first
@@ -667,6 +679,8 @@ module Rodauth
     end
 
     def compute_raw_hmac(data)
+      raise ArgumentError, "hmac_secret not set" unless hmac_secret
+
       OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, hmac_secret, data)
     end
 
@@ -692,11 +706,15 @@ module Rodauth
 
     def account_ds(id=account_id)
       raise ArgumentError, "invalid account id passed to account_ds" unless id
-      ds = db[accounts_table].where(account_id_column=>id)
+      ds = account_table_ds.where(account_id_column=>id)
       ds = ds.select(*account_select) if account_select
       ds
     end
 
+    def account_table_ds
+      db[accounts_table]
+    end
+
     def password_hash_ds
       db[password_hash_table].where(password_hash_id_column=>account ? account_id : session_value)
     end
@@ -761,6 +779,12 @@ module Rodauth
       end
     end
 
+    def _filter_links(links)
+      links.select!{|_, link| link}
+      links.sort!
+      links
+    end
+
     def internal_request?
       false
     end

data/lib/rodauth/features/internal_request.rb

@@ -340,6 +340,7 @@ module Rodauth
 
       klass = self.class
       internal_class = Class.new(klass)
+      internal_class.instance_variable_set(:@configuration_name, klass.configuration_name)
 
       if blocks = klass.instance_variable_get(:@internal_request_configuration_blocks)
         configuration = internal_class.configuration

data/lib/rodauth/features/login.rb

@@ -20,11 +20,12 @@ module Rodauth
     session_key :login_redirect_session_key, :login_redirect
 
     auth_cached_method :multi_phase_login_forms
-    auth_cached_method :login_form_footer_links
     auth_cached_method :login_form_footer
 
     auth_value_methods :login_return_to_requested_location_path
 
+    auth_private_methods :login_form_footer_links
+
     internal_request_method
     internal_request_method :valid_login_and_password?
 
@@ -125,6 +126,10 @@ module Rodauth
       "<input type='hidden' name=\"#{login_param}\" value=\"#{scope.h param(login_param)}\" />"
     end
 
+    def login_form_footer_links
+      @login_form_footer_links ||= _filter_links(_login_form_footer_links)
+    end
+
     def render_multi_phase_login_forms
       multi_phase_login_forms.sort.map{|_, form, _| form}.join("\n")
     end

data/lib/rodauth/features/otp.rb

@@ -308,7 +308,7 @@ module Rodauth
     end
 
     def otp_qr_code
-      svg = RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true, :use_path=>true)
+      svg = RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true, :use_path=>true, :fill=>"#fff")
       svg.sub(/\A<\?xml version="1\.0" standalone="yes"\?>/, '')
     end
 

data/lib/rodauth/features/two_factor_base.rb

@@ -43,10 +43,6 @@ module Rodauth
     translatable_method :two_factor_disable_link_text, "Remove All Multifactor Authentication Methods"
     auth_value_method :two_factor_auth_return_to_requested_location?, false
 
-    auth_cached_method :two_factor_auth_links
-    auth_cached_method :two_factor_setup_links
-    auth_cached_method :two_factor_remove_links
-
     auth_value_methods :two_factor_modifications_require_password?
 
     auth_methods(
@@ -57,6 +53,12 @@ module Rodauth
       :two_factor_update_session
     )
 
+    auth_private_methods(
+      :two_factor_auth_links,
+      :two_factor_setup_links,
+      :two_factor_remove_links
+    )
+
     internal_request_method :two_factor_disable
 
     route(:two_factor_manage, 'multifactor-manage') do |r|
@@ -206,6 +208,18 @@ module Rodauth
       nil
     end
 
+    def two_factor_auth_links
+      @two_factor_auth_links ||= _filter_links(_two_factor_auth_links)
+    end
+
+    def two_factor_setup_links
+      @two_factor_setup_links ||= _filter_links(_two_factor_setup_links)
+    end
+
+    def two_factor_remove_links
+      @two_factor_remove_links ||= _filter_links(_two_factor_remove_links)
+    end
+
     private
 
     def _two_factor_auth_links

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 25
+  MINOR = 26
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/lib/rodauth.rb

@@ -126,8 +126,8 @@ module Rodauth
       route_meth = :"#{name}_route"
       auth_value_method route_meth, default
 
-      define_method(:"#{name}_path"){|opts={}| route_path(send(route_meth), opts)}
-      define_method(:"#{name}_url"){|opts={}| route_url(send(route_meth), opts)}
+      define_method(:"#{name}_path"){|opts={}| route_path(send(route_meth), opts) if send(route_meth)}
+      define_method(:"#{name}_url"){|opts={}| route_url(send(route_meth), opts) if send(route_meth)}
 
       handle_meth = :"handle_#{name}"
       internal_handle_meth = :"_#{handle_meth}"
@@ -269,6 +269,11 @@ module Rodauth
       auth_value_methods(meth)
     end
 
+    def flash_key(meth, value)
+      define_method(meth){normalize_session_or_flash_key(value)}
+      auth_value_methods(meth)
+    end
+
     def auth_value_method(meth, value)
       define_method(meth){value}
       auth_value_methods(meth)

data/templates/login-form-footer.str

@@ -1,6 +1,6 @@
 #{rodauth.login_form_footer_links_heading}
 <ul class="rodauth-links rodauth-login-footer-links">
-#{rodauth.login_form_footer_links.sort.map do |_, link, text|
+#{rodauth.login_form_footer_links.map do |_, link, text|
   "<li><a href=\"#{h link}\">#{h text}</a></li>"
 end.join("\n")}
 </ul>

data/templates/two-factor-auth.str

@@ -1,5 +1,5 @@
 <ul class="rodauth-links rodauth-two-factor-auth-links">
-#{rodauth.two_factor_auth_links.sort.map do |_, link, text|
+#{rodauth.two_factor_auth_links.map do |_, link, text|
   "<li><a href=\"#{h link}\">#{h text}</a></li>"
 end.join}
 </ul>

data/templates/two-factor-manage.str

@@ -1,7 +1,7 @@
 #{rodauth.two_factor_setup_heading unless rodauth.two_factor_setup_links.empty?}
 
 <ul class="rodauth-links rodauth-multifactor-setup-links">
-#{rodauth.two_factor_setup_links.sort.map do |_, link, text|
+#{rodauth.two_factor_setup_links.map do |_, link, text|
   "<li><a href=\"#{h link}\">#{h text}</a></li>"
 end.join("\n")}
 </ul>
@@ -9,7 +9,7 @@ end.join("\n")}
 #{rodauth.two_factor_remove_heading unless rodauth.two_factor_remove_links.empty?}
 
 <ul class="rodauth-links rodauth-multifactor-remove-links">
-#{rodauth.two_factor_remove_links.sort.map do |_, link, text|
+#{rodauth.two_factor_remove_links.map do |_, link, text|
   "<li><a href=\"#{h link}\">#{h text}</a></li>"
 end.join("\n")}
 #{"<li><a href=\"#{h rodauth.two_factor_disable_path}\">#{rodauth.two_factor_disable_link_text}</a></li>" if rodauth.two_factor_remove_links.length > 1}

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.25.0
+  version: 2.26.0
 platform: ruby
 authors:
 - Jeremy Evans
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-22 00:00:00.000000000 Z
+date: 2022-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -341,6 +341,7 @@ extra_rdoc_files:
 - doc/release_notes/2.23.0.txt
 - doc/release_notes/2.24.0.txt
 - doc/release_notes/2.25.0.txt
+- doc/release_notes/2.26.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
@@ -453,6 +454,7 @@ files:
 - doc/release_notes/2.23.0.txt
 - doc/release_notes/2.24.0.txt
 - doc/release_notes/2.25.0.txt
+- doc/release_notes/2.26.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
@@ -588,7 +590,7 @@ metadata:
   documentation_uri: https://rodauth.jeremyevans.net/documentation.html
   mailing_list_uri: https://github.com/jeremyevans/rodauth/discussions
   source_code_uri: https://github.com/jeremyevans/rodauth
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--quiet"
 - "--line-numbers"
@@ -611,7 +613,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.3.7
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Authentication and Account Management Framework for Rack Applications
 test_files: []