rodauth 2.31.0 → 2.32.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (52) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +26 -0
  3. data/README.rdoc +1 -1
  4. data/doc/argon2.rdoc +9 -5
  5. data/doc/base.rdoc +1 -0
  6. data/doc/change_login.rdoc +1 -0
  7. data/doc/change_password.rdoc +1 -0
  8. data/doc/close_account.rdoc +1 -0
  9. data/doc/confirm_password.rdoc +1 -0
  10. data/doc/create_account.rdoc +1 -0
  11. data/doc/email_auth.rdoc +1 -0
  12. data/doc/jwt.rdoc +1 -0
  13. data/doc/lockout.rdoc +4 -2
  14. data/doc/login.rdoc +2 -1
  15. data/doc/logout.rdoc +1 -0
  16. data/doc/otp.rdoc +3 -0
  17. data/doc/release_notes/2.32.0.txt +65 -0
  18. data/doc/remember.rdoc +1 -0
  19. data/doc/reset_password.rdoc +2 -0
  20. data/doc/sms_codes.rdoc +5 -0
  21. data/doc/two_factor_base.rdoc +2 -0
  22. data/doc/verify_account.rdoc +2 -0
  23. data/doc/verify_login_change.rdoc +1 -0
  24. data/doc/webauthn.rdoc +2 -0
  25. data/lib/rodauth/features/active_sessions.rb +10 -4
  26. data/lib/rodauth/features/argon2.rb +26 -6
  27. data/lib/rodauth/features/base.rb +39 -4
  28. data/lib/rodauth/features/change_login.rb +2 -2
  29. data/lib/rodauth/features/change_password.rb +2 -2
  30. data/lib/rodauth/features/close_account.rb +2 -2
  31. data/lib/rodauth/features/confirm_password.rb +2 -2
  32. data/lib/rodauth/features/create_account.rb +2 -2
  33. data/lib/rodauth/features/email_auth.rb +7 -12
  34. data/lib/rodauth/features/email_base.rb +4 -6
  35. data/lib/rodauth/features/jwt.rb +17 -1
  36. data/lib/rodauth/features/jwt_refresh.rb +4 -2
  37. data/lib/rodauth/features/lockout.rb +6 -6
  38. data/lib/rodauth/features/login.rb +13 -4
  39. data/lib/rodauth/features/logout.rb +2 -2
  40. data/lib/rodauth/features/otp.rb +35 -7
  41. data/lib/rodauth/features/remember.rb +15 -11
  42. data/lib/rodauth/features/reset_password.rb +5 -5
  43. data/lib/rodauth/features/single_session.rb +4 -3
  44. data/lib/rodauth/features/sms_codes.rb +23 -10
  45. data/lib/rodauth/features/two_factor_base.rb +8 -6
  46. data/lib/rodauth/features/update_password_hash.rb +2 -1
  47. data/lib/rodauth/features/verify_account.rb +7 -12
  48. data/lib/rodauth/features/verify_login_change.rb +2 -2
  49. data/lib/rodauth/features/webauthn.rb +6 -6
  50. data/lib/rodauth/version.rb +1 -1
  51. data/lib/rodauth.rb +16 -0
  52. metadata +4 -2
@@ -24,6 +24,8 @@ module Rodauth
24
24
  button 'Verify Account'
25
25
  button 'Send Verification Email Again', 'verify_account_resend'
26
26
  redirect
27
+ response
28
+ response :verify_account_email_sent
27
29
  redirect(:verify_account_email_sent){default_post_email_redirect}
28
30
  redirect(:verify_account_email_recently_sent){default_post_email_redirect}
29
31
  email :verify_account, 'Verify Account'
@@ -69,7 +71,6 @@ module Rodauth
69
71
  end
70
72
 
71
73
  r.post do
72
- verified = false
73
74
  if account_from_login(param(login_param)) && allow_resending_verify_account_email?
74
75
  if verify_account_email_recently_sent?
75
76
  set_redirect_error_flash verify_account_email_recently_sent_error_flash
@@ -79,18 +80,13 @@ module Rodauth
79
80
  before_verify_account_email_resend
80
81
  if verify_account_email_resend
81
82
  after_verify_account_email_resend
82
- verified = true
83
+ verify_account_email_sent_response
83
84
  end
84
85
  end
85
86
 
86
- if verified
87
- set_notice_flash verify_account_email_sent_notice_flash
88
- else
89
- set_redirect_error_status(no_matching_login_error_status)
90
- set_error_reason :no_matching_login
91
- set_redirect_error_flash verify_account_resend_error_flash
92
- end
93
-
87
+ set_redirect_error_status(no_matching_login_error_status)
88
+ set_error_reason :no_matching_login
89
+ set_redirect_error_flash verify_account_resend_error_flash
94
90
  redirect verify_account_email_sent_redirect
95
91
  end
96
92
  end
@@ -154,8 +150,7 @@ module Rodauth
154
150
  end
155
151
 
156
152
  remove_session_value(verify_account_session_key)
157
- set_notice_flash verify_account_notice_flash
158
- redirect verify_account_redirect
153
+ verify_account_response
159
154
  end
160
155
 
161
156
  set_error_flash verify_account_error_flash
@@ -18,6 +18,7 @@ module Rodauth
18
18
  before 'verify_login_change_email'
19
19
  button 'Verify Login Change'
20
20
  redirect
21
+ response
21
22
  redirect(:verify_login_change_duplicate_account){require_login_redirect}
22
23
 
23
24
  auth_value_method :verify_login_change_autologin?, false
@@ -98,8 +99,7 @@ module Rodauth
98
99
  end
99
100
 
100
101
  remove_session_value(verify_login_change_session_key)
101
- set_notice_flash verify_login_change_notice_flash
102
- redirect verify_login_change_redirect
102
+ verify_login_change_response
103
103
  end
104
104
  end
105
105
 
@@ -30,6 +30,8 @@ module Rodauth
30
30
 
31
31
  redirect :webauthn_setup
32
32
  redirect :webauthn_remove
33
+ response :webauthn_setup
34
+ response :webauthn_remove
33
35
 
34
36
  notice_flash "WebAuthn authentication is now setup", 'webauthn_setup'
35
37
  notice_flash "WebAuthn authenticator has been removed", 'webauthn_remove'
@@ -194,8 +196,7 @@ module Rodauth
194
196
  throw_error_reason(:duplicate_webauthn_id, invalid_field_error_status, webauthn_setup_param, webauthn_duplicate_webauthn_id_message)
195
197
  end
196
198
 
197
- set_notice_flash webauthn_setup_notice_flash
198
- redirect webauthn_setup_redirect
199
+ webauthn_setup_response
199
200
  end
200
201
 
201
202
  set_error_flash webauthn_setup_error_flash
@@ -235,8 +236,7 @@ module Rodauth
235
236
  after_webauthn_remove
236
237
  end
237
238
 
238
- set_notice_flash webauthn_remove_notice_flash
239
- redirect webauthn_remove_redirect
239
+ webauthn_remove_response
240
240
  end
241
241
 
242
242
  set_error_flash webauthn_remove_error_flash
@@ -320,7 +320,7 @@ module Rodauth
320
320
 
321
321
  (challenge = param_or_nil(webauthn_setup_challenge_param)) &&
322
322
  (hmac = param_or_nil(webauthn_setup_challenge_hmac_param)) &&
323
- timing_safe_eql?(compute_hmac(challenge), hmac) &&
323
+ (timing_safe_eql?(compute_hmac(challenge), hmac) || (hmac_secret_rotation? && timing_safe_eql?(compute_old_hmac(challenge), hmac))) &&
324
324
  webauthn_credential.verify(challenge)
325
325
  end
326
326
 
@@ -376,7 +376,7 @@ module Rodauth
376
376
 
377
377
  (challenge = param_or_nil(webauthn_auth_challenge_param)) &&
378
378
  (hmac = param_or_nil(webauthn_auth_challenge_hmac_param)) &&
379
- timing_safe_eql?(compute_hmac(challenge), hmac) &&
379
+ (timing_safe_eql?(compute_hmac(challenge), hmac) || (hmac_secret_rotation? && timing_safe_eql?(compute_old_hmac(challenge), hmac))) &&
380
380
  webauthn_credential.verify(challenge, public_key: pub_key, sign_count: sign_count) &&
381
381
  ds.update(
382
382
  webauthn_keys_sign_count_column => Integer(webauthn_credential.sign_count),
@@ -6,7 +6,7 @@ module Rodauth
6
6
  MAJOR = 2
7
7
 
8
8
  # The minor version of Rodauth, updated for new feature releases of Rodauth.
9
- MINOR = 31
9
+ MINOR = 32
10
10
 
11
11
  # The patch version of Rodauth, updated only for bug fixes from the last
12
12
  # feature release.
data/lib/rodauth.rb CHANGED
@@ -214,6 +214,22 @@ module Rodauth
214
214
  auth_methods meth
215
215
  end
216
216
 
217
+ def response(name=feature_name)
218
+ meth = :"#{name}_response"
219
+ overridable_meth = :"_#{meth}"
220
+ notice_flash_meth = :"#{name}_notice_flash"
221
+ redirect_meth = :"#{name}_redirect"
222
+ define_method(overridable_meth) do
223
+ set_notice_flash send(notice_flash_meth)
224
+ redirect send(redirect_meth)
225
+ end
226
+ define_method(meth) do
227
+ require_response(overridable_meth)
228
+ end
229
+ private overridable_meth, meth
230
+ auth_private_methods meth
231
+ end
232
+
217
233
  def loaded_templates(v)
218
234
  define_method(:loaded_templates) do
219
235
  super().concat(v)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.31.0
4
+ version: 2.32.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Evans
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-22 00:00:00.000000000 Z
11
+ date: 2023-10-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sequel
@@ -349,6 +349,7 @@ extra_rdoc_files:
349
349
  - doc/release_notes/2.3.0.txt
350
350
  - doc/release_notes/2.30.0.txt
351
351
  - doc/release_notes/2.31.0.txt
352
+ - doc/release_notes/2.32.0.txt
352
353
  - doc/release_notes/2.4.0.txt
353
354
  - doc/release_notes/2.5.0.txt
354
355
  - doc/release_notes/2.6.0.txt
@@ -468,6 +469,7 @@ files:
468
469
  - doc/release_notes/2.3.0.txt
469
470
  - doc/release_notes/2.30.0.txt
470
471
  - doc/release_notes/2.31.0.txt
472
+ - doc/release_notes/2.32.0.txt
471
473
  - doc/release_notes/2.4.0.txt
472
474
  - doc/release_notes/2.5.0.txt
473
475
  - doc/release_notes/2.6.0.txt