rodauth 2.32.0 → 2.34.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ee670a5f0a59467c2043ca7649284c04665663fa4859b52bea1200722cf69256
-  data.tar.gz: 0a270ebc549934096225c47c0ea37e218658133cd7a5a10036c60e5d6a2f3c5c
+  metadata.gz: 96f5711d9bb49c87385e4e0ef0f07e0e8624e1139f145429c1a518d844811757
+  data.tar.gz: 01c43ee8ceb8d4c61c040e3463bf8b03cdd239e2c401461ef0122a24407ce311
 SHA512:
-  metadata.gz: 8e36ee900735384b6179c44f9549c10719cd24055b04b2b4a46daf7e499aa5e9057abb205b37bb4be2ab0d43eddff88314f945d6b8e47dde4bb2b21da1160947
-  data.tar.gz: 90970c54c4f2492ff0956a8c8bdb91eb475487e5e45b71fad06a39403c658234656a644b871de4d18c74d14c3288fef5db5932ee0fc5c8434cc69788348c606c
+  metadata.gz: 9b66e0f290cf4ae0c6d14c4032ff0830ef4b229a158def47247bec420414161dcfe35c60de12b15f20ac358d9c55d7ed446bf1d07cb0b6302031b63e5ce4b5a2
+  data.tar.gz: 304d17a7a183a0e33e42db2fcb5be6e9cdab0b58a70416ac2abd49478c4a1cc28c62395bd25f0e5b154a8117e712772045994c72159f4d36b3413d5f567c5a2c

data/CHANGELOG

@@ -1,3 +1,31 @@
+=== 2.34.0 (2024-03-22)
+
+* Add remove_all_active_sessions_except_current method for removing current active session (jeremyevans) (#395)
+
+* Add remove_all_active_sessions_except_for method for removing active sessions except for given session id (jeremyevans) (#395)
+
+* Avoid overriding WebAuthn internals when using webauthn 3 (santiagorodriguez96, jeremyevans) (#398)
+
+* Support overriding webauthn_rp_id when verifying Webauthn credentials (butsjoh, jeremyevans) (#397)
+
+* Override require_login_redirect in login feature to use login_path (janko) (#396)
+
+* Do not override convert_token_id_to_integer? if the user has already configured it (janko) (#393)
+
+* Have uses_two_factor_authentication? handle case where account has been deleted (janko) (#390)
+
+* Add current_route accessor to allow easy determination of which rodauth route was requested (janko) (#381)
+
+=== 2.33.0 (2023-12-21)
+
+* Expire SMS confirm code after 24 hours by default (jeremyevans)
+
+* Do not accidentally confirm SMS phone number on successful authentication of other second factor (Bertg) (#376, #377)
+
+* Return error response instead of 404 response for requests to valid pages with missing tokens (janko) (#375)
+
+* Do not override existing primary key value in the cached account when inserting a new account (janko) (#372)
+
 === 2.32.0 (2023-10-23)
 
 * Remove use of Base64 in argon2 feature (jeremyevans)

data/README.rdoc

@@ -830,6 +830,7 @@ scope :: Roda instance
 session :: session hash
 flash :: flash message hash
 account :: account hash (if set by an earlier Rodauth method)
+current_route :: route name symbol (if Rodauth is handling the route)
 
 So if you want to log the IP address for the user during login:
 

data/doc/active_sessions.rdoc

@@ -49,6 +49,8 @@ currently_active_session? :: Whether the session is currently active, by checkin
 handle_duplicate_active_session_id(exception) :: How to handle the case where a duplicate session id for the account is inserted into the table.  Does nothing by default.  This should only be called if the random number generator is broken.
 no_longer_active_session :: What action to take if +rodauth.check_active_session+ is called and the session is no longer active.
 remove_active_session(session_id) :: Removes the active session matching the given session ID from the database. Useful for implementing session revoking.
-remove_all_active_sessions :: Remove all active session from the database, used for global logouts and when closing accounts.
+remove_all_active_sessions :: Remove all active sessions for the account from the database, used for global logouts and when closing accounts.
+remove_all_active_sessions_except_for(session_id) :: Remove all active sessions for the account from the database, except for the session id given.
+remove_all_active_sessions_except_current :: Remove all active sessions for the account from the database, except for the current session.
 remove_current_session :: Remove current session from the database, used for regular logouts.
 remove_inactive_sessions :: Remove inactive sessions from the database, run before checking for whether the current session is active.

data/doc/release_notes/2.33.0.txt

@@ -0,0 +1,18 @@
+= Improvements
+
+* Rodauth no longer accidentally confirms an SMS number upon valid
+  authentication by an alternative second factor.
+
+* Rodauth now automatically expires SMS confirmation codes after 24
+  hours by default.  You can use the sms_confirm_deadline
+  configuration method to adjust the deadline.  Previously, if an
+  invalid SMS number was submitted, or the SMS confirm code was never
+  received, it was not possible to continue SMS setup without
+  administrative intervention.
+
+* Rodauth no longer overwrites existing primary key values when
+  inserting new accounts. This fixes cases such as setting account
+  primary key values to UUIDs before inserting.
+
+* When submitting a request to a valid endpoint with a missing token,
+  Rodauth now returns an error response instead of a 404 response.

data/doc/release_notes/2.34.0.txt

@@ -0,0 +1,36 @@
+= New Features
+
+* A rodauth.current_route method has been added for returning the route
+  name symbol (if rodauth is currently handling the route).  This makes it
+  simpler to write code that extends Rodauth and works with
+  applications that use override the default route names.
+
+* A remove_all_active_sessions_except_for method has been added to the
+  active_sessions feature, which removes all active sessions for the
+  current account, except for the session id given.
+
+* A remove_all_active_sessions_except_current method has been added to
+  the active_sessions feature, which removes all active sessions for
+  the current account, except for the current session.
+
+= Improvements
+
+* Rodauth now supports overriding webauthn_rp_id in the webauthn
+  feature.
+
+* When using the login feature, Rodauth now defaults
+  require_login_redirect to use the path to the login route, instead
+  of /login.
+
+* When setting up multifactor authentication, Rodauth now handles the
+  case where account has been deleted, instead of raising an exception.
+
+* When a database connection is not available during startup, Rodauth
+  now handles that case instead of raising an exception.  Note that in
+  this case, Rodauth cannot automatically setup a conversion of token
+  ids to integer, since it cannot determine whether the underlying
+  database column uses an integer type.
+
+* When using WebAuthn 3+, Rodauth no longer defines singleton methods
+  to work around limitations in WebAuthn.  Instead, it uses public
+  APIs that were added in WebAuthn 3.

data/doc/sms_codes.rdoc

@@ -41,6 +41,7 @@ sms_codes_table :: The name of the table storing SMS code data.
 sms_confirm_additional_form_tags :: HTML fragment containing additional form tags when confirming SMS setup.
 sms_confirm_button :: Text to use for button on the form to confirm SMS setup.
 sms_confirm_code_length :: The length of SMS confirmation codes, 12 by default, as there is no lockout. 
+sms_confirm_deadline :: The number of seconds before an SMS confirmation code expires (86400 seconds by default).
 sms_confirm_notice_flash :: The flash notice to show when SMS authentication setup has been confirmed.
 sms_confirm_page_title :: The page title to use on the form to authenticate via SMS code.
 sms_confirm_redirect :: Where to redirect after SMS authentication setup has been confirmed.
@@ -125,6 +126,7 @@ sms_new_auth_code :: A new SMS authentication code that can be used for the acco
 sms_new_confirm_code :: A new SMS confirmation code that can be used for the account.
 sms_normalize_phone(phone) :: A normalized version of the given phone number, by default removing everything except 0-9.
 sms_record_failure :: Record an SMS authentication failure for the current account.
+sms_remove_expired_confirm_code :: Remove an expired SMS confirm code, allowing setup of a new sms confirm code.
 sms_remove_failures :: Reset the SMS authentication failure counter for the current account, used after a successful multifactor authentication.
 sms_request_response :: Return a response after a successful SMS request during SMS authentication. By default, redirects to +sms_auth_redirect+.
 sms_request_view :: The HTML to use for the form to request an SMS authentication code.

data/lib/rodauth/features/active_sessions.rb

@@ -31,6 +31,8 @@ module Rodauth
       :no_longer_active_session,
       :remove_active_session,
       :remove_all_active_sessions,
+      :remove_all_active_sessions_except_for,
+      :remove_all_active_sessions_except_current,
       :remove_current_session,
       :remove_inactive_sessions,
     )
@@ -95,6 +97,18 @@ module Rodauth
       active_sessions_ds.delete
     end
 
+    def remove_all_active_sessions_except_for(session_id)
+      active_sessions_ds.exclude(active_sessions_session_id_column=>compute_hmacs(session_id)).delete
+    end
+
+    def remove_all_active_sessions_except_current 
+      if session_id = session[session_id_session_key]
+        remove_all_active_sessions_except_for(session_id)
+      else
+        remove_all_active_sessions
+      end
+    end
+
     def remove_inactive_sessions
       if cond = inactive_session_cond
         active_sessions_ds.where(cond).delete

data/lib/rodauth/features/base.rb

@@ -136,6 +136,7 @@ module Rodauth
 
     attr_reader :scope
     attr_reader :account
+    attr_reader :current_route
 
     def initialize(scope)
       @scope = scope
@@ -428,7 +429,7 @@ module Rodauth
       require 'bcrypt' if require_bcrypt?
       db.extension :date_arithmetic if use_date_arithmetic?
 
-      if convert_token_id_to_integer?.nil? && (db rescue false) && db.table_exists?(accounts_table) && db.schema(accounts_table).find{|col, v| break v[:type] == :integer if col == account_id_column}
+      if method(:convert_token_id_to_integer?).owner == Rodauth::Base && (db rescue false) && db.table_exists?(accounts_table) && db.schema(accounts_table).find{|col, v| break v[:type] == :integer if col == account_id_column}
         self.class.send(:define_method, :convert_token_id_to_integer?){true}
       end
 
@@ -711,7 +712,7 @@ module Rodauth
     # note that only the salt is returned.
     def get_password_hash
       if account_password_hash_column
-        account![account_password_hash_column]
+        account[account_password_hash_column] if account!
       elsif use_database_authentication_functions?
         db.get(Sequel.function(function_name(:rodauth_get_salt), account ? account_id : session_value))
       else

data/lib/rodauth/features/create_account.rb

@@ -106,7 +106,7 @@ module Rodauth
       end
 
       if id
-        account[account_id_column] = id
+        account[account_id_column] ||= id
       end
 
       id && !raised

data/lib/rodauth/features/email_auth.rb

@@ -77,14 +77,12 @@ module Rodauth
           redirect(r.path)
         end
 
-        if key = session[email_auth_session_key]
-          if account_from_email_auth_key(key)
-            email_auth_view
-          else
-            remove_session_value(email_auth_session_key)
-            set_redirect_error_flash no_matching_email_auth_key_error_flash
-            redirect require_login_redirect
-          end
+        if (key = session[email_auth_session_key]) && account_from_email_auth_key(key)
+          email_auth_view
+        else
+          remove_session_value(email_auth_session_key)
+          set_redirect_error_flash no_matching_email_auth_key_error_flash
+          redirect require_login_redirect
         end
       end
 

data/lib/rodauth/features/lockout.rb

@@ -104,14 +104,12 @@ module Rodauth
           redirect(r.path)
         end
 
-        if key = session[unlock_account_session_key]
-          if account_from_unlock_key(key)
-            unlock_account_view
-          else
-            remove_session_value(unlock_account_session_key)
-            set_redirect_error_flash no_matching_unlock_account_key_error_flash
-            redirect require_login_redirect
-          end
+        if (key = session[unlock_account_session_key]) && account_from_unlock_key(key)
+          unlock_account_view
+        else
+          remove_session_value(unlock_account_session_key)
+          set_redirect_error_flash no_matching_unlock_account_key_error_flash
+          redirect require_login_redirect
         end
       end
 

data/lib/rodauth/features/login.rb

@@ -138,6 +138,10 @@ module Rodauth
       multi_phase_login_forms.sort.map{|_, form, _| form}.join("\n")
     end
 
+    def require_login_redirect
+      login_path
+    end
+
     private
 
     def _login_response

data/lib/rodauth/features/reset_password.rb

@@ -109,14 +109,12 @@ module Rodauth
           redirect(r.path)
         end
 
-        if key = session[reset_password_session_key]
-          if account_from_reset_password_key(key)
-            reset_password_view
-          else
-            remove_session_value(reset_password_session_key)
-            set_redirect_error_flash no_matching_reset_password_key_error_flash
-            redirect require_login_redirect
-          end
+        if (key = session[reset_password_session_key]) && account_from_reset_password_key(key)
+          reset_password_view
+        else
+          remove_session_value(reset_password_session_key)
+          set_redirect_error_flash no_matching_reset_password_key_error_flash
+          redirect require_login_redirect
         end
       end
 

data/lib/rodauth/features/sms_codes.rb

@@ -76,6 +76,7 @@ module Rodauth
     auth_value_method :sms_code_param, 'sms-code'
     auth_value_method :sms_codes_table, :account_sms_codes
     auth_value_method :sms_confirm_code_length, 12
+    auth_value_method :sms_confirm_deadline, 86400
     auth_value_method :sms_failure_limit, 5
     auth_value_method :sms_failures_column, :num_failures
     auth_value_method :sms_id_column, :id
@@ -112,6 +113,7 @@ module Rodauth
       :sms_new_confirm_code,
       :sms_normalize_phone,
       :sms_record_failure,
+      :sms_remove_expired_confirm_code,
       :sms_remove_failures,
       :sms_send,
       :sms_set_code,
@@ -196,6 +198,7 @@ module Rodauth
         require_two_factor_setup
         require_two_factor_authenticated
       end
+      sms_remove_expired_confirm_code
       require_sms_not_setup
 
       if sms_needs_confirmation?
@@ -244,6 +247,7 @@ module Rodauth
         require_two_factor_setup
         require_two_factor_authenticated
       end
+      sms_remove_expired_confirm_code
       require_sms_not_setup
       before_sms_confirm_route
 
@@ -362,16 +366,17 @@ module Rodauth
     def sms_setup(phone_number)
       # Cannot handle uniqueness violation here, as the phone number given may not match the
       # one in the table.
-      sms_ds.insert(sms_id_column=>session_value, sms_phone_column=>phone_number)
+      sms_ds.insert(sms_id_column=>session_value, sms_phone_column=>phone_number, sms_failures_column => nil)
       remove_instance_variable(:@sms) if instance_variable_defined?(:@sms)
     end
 
     def sms_remove_failures
-      update_sms(sms_failures_column => 0, sms_code_column => nil)
+      return if sms_needs_confirmation?
+      update_hash_ds(sms, sms_ds.exclude(sms_failures_column => nil), sms_failures_column => 0, sms_code_column => nil)
     end
 
     def sms_confirm
-      sms_remove_failures
+      update_hash_ds(sms, sms_ds.where(sms_failures_column => nil), sms_failures_column => 0, sms_code_column => nil)
       super if defined?(super)
     end
 
@@ -407,6 +412,13 @@ module Rodauth
      update_sms(sms_code_column=>code, sms_issued_at_column=>Sequel::CURRENT_TIMESTAMP)
     end
 
+    def sms_remove_expired_confirm_code
+      db[sms_codes_table].
+        where(sms_id_column=>session_value, sms_failures_column => nil).
+        where(Sequel[sms_issued_at_column] < Sequel.date_sub(Sequel::CURRENT_TIMESTAMP, seconds: sms_confirm_deadline)).
+        delete
+    end
+
     def sms_record_failure
       update_sms(sms_failures_column=>Sequel.expr(sms_failures_column)+1)
       sms[sms_failures_column] = sms_ds.get(sms_failures_column)
@@ -516,5 +528,9 @@ module Rodauth
     def sms_ds
       db[sms_codes_table].where(sms_id_column=>session_value)
     end
+
+    def use_date_arithmetic?
+      true
+    end
   end
 end

data/lib/rodauth/features/verify_account.rb

@@ -102,14 +102,12 @@ module Rodauth
           redirect(r.path)
         end
 
-        if key = session[verify_account_session_key]
-          if account_from_verify_account_key(key)
-            verify_account_view
-          else
-            remove_session_value(verify_account_session_key)
-            set_redirect_error_flash no_matching_verify_account_key_error_flash
-            redirect require_login_redirect
-          end
+        if (key = session[verify_account_session_key]) && account_from_verify_account_key(key)
+          verify_account_view
+        else
+          remove_session_value(verify_account_session_key)
+          set_redirect_error_flash no_matching_verify_account_key_error_flash
+          redirect require_login_redirect
         end
       end
 

data/lib/rodauth/features/verify_login_change.rb

@@ -62,14 +62,12 @@ module Rodauth
           redirect(r.path)
         end
 
-        if key = session[verify_login_change_session_key]
-          if account_from_verify_login_change_key(key)
-            verify_login_change_view
-          else
-            remove_session_value(verify_login_change_session_key)
-            set_redirect_error_flash no_matching_verify_login_change_key_error_flash
-            redirect require_login_redirect
-          end
+        if (key = session[verify_login_change_session_key]) && account_from_verify_login_change_key(key)
+          verify_login_change_view
+        else
+          remove_session_value(verify_login_change_session_key)
+          set_redirect_error_flash no_matching_verify_login_change_key_error_flash
+          redirect require_login_redirect
         end
       end
 

data/lib/rodauth/features/webauthn.rb

@@ -302,22 +302,17 @@ module Rodauth
     def new_webauthn_credential
       WebAuthn::Credential.options_for_create(
         :timeout => webauthn_setup_timeout,
-        :rp => {:name=>webauthn_rp_name, :id=>webauthn_rp_id},
         :user => {:id=>account_webauthn_user_id, :name=>webauthn_user_name},
         :authenticator_selection => webauthn_authenticator_selection,
         :attestation => webauthn_attestation,
         :extensions => webauthn_extensions,
         :exclude => account_webauthn_ids,
+        **webauthn_create_relying_party_opts
       )
     end
 
     def valid_new_webauthn_credential?(webauthn_credential)
-      # Hack around inability to override expected_origin
-      origin = webauthn_origin
-      webauthn_credential.response.define_singleton_method(:verify) do |expected_challenge, expected_origin = nil, **kw|
-        super(expected_challenge, expected_origin || origin, **kw)
-      end
-
+      _override_webauthn_credential_response_verify(webauthn_credential)
       (challenge = param_or_nil(webauthn_setup_challenge_param)) &&
         (hmac = param_or_nil(webauthn_setup_challenge_hmac_param)) &&
         (timing_safe_eql?(compute_hmac(challenge), hmac) || (hmac_secret_rotation? && timing_safe_eql?(compute_old_hmac(challenge), hmac))) &&
@@ -328,9 +323,9 @@ module Rodauth
       WebAuthn::Credential.options_for_get(
         :allow => webauthn_allow,
         :timeout => webauthn_auth_timeout,
-        :rp_id => webauthn_rp_id,
         :user_verification => webauthn_user_verification,
         :extensions => webauthn_extensions,
+        **webauthn_get_relying_party_opts
       )
     end
 
@@ -368,12 +363,7 @@ module Rodauth
       ds = webauthn_keys_ds.where(webauthn_keys_webauthn_id_column => webauthn_credential.id)
       pub_key, sign_count = ds.get([webauthn_keys_public_key_column, webauthn_keys_sign_count_column])
 
-      # Hack around inability to override expected_origin
-      origin = webauthn_origin
-      webauthn_credential.response.define_singleton_method(:verify) do |expected_challenge, expected_origin = nil, **kw|
-        super(expected_challenge, expected_origin || origin, **kw)
-      end
-
+      _override_webauthn_credential_response_verify(webauthn_credential)
       (challenge = param_or_nil(webauthn_auth_challenge_param)) &&
         (hmac = param_or_nil(webauthn_auth_challenge_hmac_param)) &&
         (timing_safe_eql?(compute_hmac(challenge), hmac) || (hmac_secret_rotation? && timing_safe_eql?(compute_old_hmac(challenge), hmac))) &&
@@ -419,6 +409,54 @@ module Rodauth
 
     private
 
+    if WebAuthn::VERSION >= '3'
+      def webauthn_relying_party
+        # No need to memoize, only called once per request
+        WebAuthn::RelyingParty.new(
+          origin: webauthn_origin,
+          id: webauthn_rp_id,
+          name: webauthn_rp_name,
+        )
+      end
+
+      def webauthn_create_relying_party_opts
+        { :relying_party => webauthn_relying_party }
+      end
+      alias webauthn_get_relying_party_opts webauthn_create_relying_party_opts
+
+      def webauthn_form_submission_call(meth, arg)
+        WebAuthn::Credential.public_send(meth, arg, :relying_party => webauthn_relying_party)
+      end
+
+      def _override_webauthn_credential_response_verify(webauthn_credential)
+        # no need to override
+      end
+    # :nocov:
+    else
+      def webauthn_create_relying_party_opts
+        {:rp => {:name=>webauthn_rp_name, :id=>webauthn_rp_id}}
+      end
+
+      def webauthn_get_relying_party_opts
+        { :rp_id => webauthn_rp_id }
+      end
+
+      def webauthn_form_submission_call(meth, arg)
+        WebAuthn::Credential.public_send(meth, arg)
+      end
+
+      def _override_webauthn_credential_response_verify(webauthn_credential)
+        # Hack around inability to override expected_origin and rp_id
+        origin = webauthn_origin
+        rp_id = webauthn_rp_id
+        webauthn_credential.response.define_singleton_method(:verify) do |expected_challenge, expected_origin = nil, **kw|
+          kw[:rp_id] = rp_id
+          super(expected_challenge, expected_origin || origin, **kw)
+        end
+      end
+    # :nocov:
+    end
+
     def _two_factor_auth_links
       links = super
       links << [10, webauthn_auth_path, webauthn_auth_link_text] if webauthn_setup? && !two_factor_login_type_match?('webauthn')
@@ -464,7 +502,8 @@ module Rodauth
 
     def webauthn_auth_credential_from_form_submission
       begin
-        webauthn_credential = WebAuthn::Credential.from_get(webauthn_auth_data)
+        webauthn_credential = webauthn_form_submission_call(:from_get, webauthn_auth_data)
+
         unless valid_webauthn_credential_auth?(webauthn_credential)
           throw_error_reason(:invalid_webauthn_auth_param, invalid_key_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message)
         end
@@ -498,7 +537,8 @@ module Rodauth
       end
 
       begin
-        webauthn_credential = WebAuthn::Credential.from_create(webauthn_setup_data)
+        webauthn_credential = webauthn_form_submission_call(:from_create, webauthn_setup_data)
+
         unless valid_new_webauthn_credential?(webauthn_credential)
           throw_error_reason(:invalid_webauthn_setup_param, invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 
         end

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 32
+  MINOR = 34
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/lib/rodauth.rb

@@ -138,6 +138,7 @@ module Rodauth
 
       define_method(handle_meth) do
         request.is send(route_meth) do
+          @current_route = name
           check_csrf if check_csrf?
           _around_rodauth do
             before_rodauth

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.32.0
+  version: 2.34.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-10-23 00:00:00.000000000 Z
+date: 2024-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -350,6 +350,8 @@ extra_rdoc_files:
 - doc/release_notes/2.30.0.txt
 - doc/release_notes/2.31.0.txt
 - doc/release_notes/2.32.0.txt
+- doc/release_notes/2.33.0.txt
+- doc/release_notes/2.34.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
 - doc/release_notes/2.6.0.txt
@@ -470,6 +472,8 @@ files:
 - doc/release_notes/2.30.0.txt
 - doc/release_notes/2.31.0.txt
 - doc/release_notes/2.32.0.txt
+- doc/release_notes/2.33.0.txt
+- doc/release_notes/2.34.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
 - doc/release_notes/2.6.0.txt
@@ -630,7 +634,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Authentication and Account Management Framework for Rack Applications