rodauth 2.31.0 → 2.32.0

data/lib/rodauth/features/verify_account.rb

@@ -24,6 +24,8 @@ module Rodauth
     button 'Verify Account'
     button 'Send Verification Email Again', 'verify_account_resend'
     redirect
+    response
+    response :verify_account_email_sent
     redirect(:verify_account_email_sent){default_post_email_redirect}
     redirect(:verify_account_email_recently_sent){default_post_email_redirect}
     email :verify_account, 'Verify Account'
@@ -69,7 +71,6 @@ module Rodauth
       end
 
       r.post do
-        verified = false
         if account_from_login(param(login_param)) && allow_resending_verify_account_email?
           if verify_account_email_recently_sent?
             set_redirect_error_flash verify_account_email_recently_sent_error_flash
@@ -79,18 +80,13 @@ module Rodauth
           before_verify_account_email_resend
           if verify_account_email_resend
             after_verify_account_email_resend
-            verified = true
+            verify_account_email_sent_response
           end
         end
 
-        if verified
-          set_notice_flash verify_account_email_sent_notice_flash
-        else
-          set_redirect_error_status(no_matching_login_error_status)
-          set_error_reason :no_matching_login
-          set_redirect_error_flash verify_account_resend_error_flash
-        end
-        
+        set_redirect_error_status(no_matching_login_error_status)
+        set_error_reason :no_matching_login
+        set_redirect_error_flash verify_account_resend_error_flash
         redirect verify_account_email_sent_redirect
       end
     end
@@ -154,8 +150,7 @@ module Rodauth
           end
 
           remove_session_value(verify_account_session_key)
-          set_notice_flash verify_account_notice_flash
-          redirect verify_account_redirect
+          verify_account_response
         end
 
         set_error_flash verify_account_error_flash

data/lib/rodauth/features/verify_login_change.rb

@@ -18,6 +18,7 @@ module Rodauth
     before 'verify_login_change_email'
     button 'Verify Login Change'
     redirect
+    response
     redirect(:verify_login_change_duplicate_account){require_login_redirect}
 
     auth_value_method :verify_login_change_autologin?, false
@@ -98,8 +99,7 @@ module Rodauth
         end
 
         remove_session_value(verify_login_change_session_key)
-        set_notice_flash verify_login_change_notice_flash
-        redirect verify_login_change_redirect
+        verify_login_change_response
       end
     end
 

data/lib/rodauth/features/webauthn.rb

@@ -30,6 +30,8 @@ module Rodauth
 
     redirect :webauthn_setup
     redirect :webauthn_remove
+    response :webauthn_setup
+    response :webauthn_remove
 
     notice_flash "WebAuthn authentication is now setup", 'webauthn_setup'
     notice_flash "WebAuthn authenticator has been removed", 'webauthn_remove'
@@ -194,8 +196,7 @@ module Rodauth
             throw_error_reason(:duplicate_webauthn_id, invalid_field_error_status, webauthn_setup_param, webauthn_duplicate_webauthn_id_message)
           end
 
-          set_notice_flash webauthn_setup_notice_flash
-          redirect webauthn_setup_redirect
+          webauthn_setup_response
         end
 
         set_error_flash webauthn_setup_error_flash
@@ -235,8 +236,7 @@ module Rodauth
             after_webauthn_remove
           end
 
-          set_notice_flash webauthn_remove_notice_flash
-          redirect webauthn_remove_redirect
+          webauthn_remove_response
         end
 
         set_error_flash webauthn_remove_error_flash
@@ -320,7 +320,7 @@ module Rodauth
 
       (challenge = param_or_nil(webauthn_setup_challenge_param)) &&
         (hmac = param_or_nil(webauthn_setup_challenge_hmac_param)) &&
-        timing_safe_eql?(compute_hmac(challenge), hmac) &&
+        (timing_safe_eql?(compute_hmac(challenge), hmac) || (hmac_secret_rotation? && timing_safe_eql?(compute_old_hmac(challenge), hmac))) &&
         webauthn_credential.verify(challenge)
     end
 
@@ -376,7 +376,7 @@ module Rodauth
 
       (challenge = param_or_nil(webauthn_auth_challenge_param)) &&
         (hmac = param_or_nil(webauthn_auth_challenge_hmac_param)) &&
-        timing_safe_eql?(compute_hmac(challenge), hmac) &&
+        (timing_safe_eql?(compute_hmac(challenge), hmac) || (hmac_secret_rotation? && timing_safe_eql?(compute_old_hmac(challenge), hmac))) &&
         webauthn_credential.verify(challenge, public_key: pub_key, sign_count: sign_count) &&
         ds.update(
           webauthn_keys_sign_count_column => Integer(webauthn_credential.sign_count),

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 31
+  MINOR = 32
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/lib/rodauth.rb

@@ -214,6 +214,22 @@ module Rodauth
       auth_methods meth
     end
 
+    def response(name=feature_name)
+      meth = :"#{name}_response"
+      overridable_meth = :"_#{meth}"
+      notice_flash_meth = :"#{name}_notice_flash"
+      redirect_meth = :"#{name}_redirect"
+      define_method(overridable_meth) do
+        set_notice_flash send(notice_flash_meth)
+        redirect send(redirect_meth)
+      end
+      define_method(meth) do
+        require_response(overridable_meth)
+      end
+      private overridable_meth, meth
+      auth_private_methods meth
+    end
+
     def loaded_templates(v)
       define_method(:loaded_templates) do
         super().concat(v)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.31.0
+  version: 2.32.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-22 00:00:00.000000000 Z
+date: 2023-10-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -349,6 +349,7 @@ extra_rdoc_files:
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.30.0.txt
 - doc/release_notes/2.31.0.txt
+- doc/release_notes/2.32.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
 - doc/release_notes/2.6.0.txt
@@ -468,6 +469,7 @@ files:
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.30.0.txt
 - doc/release_notes/2.31.0.txt
+- doc/release_notes/2.32.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
 - doc/release_notes/2.6.0.txt