rodauth 2.39.0 → 2.41.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3b8c2b404f5a8fad1607ba2bfd64ec4e03579a909ea324a0c9cda7705d9e79f7
-  data.tar.gz: bb2e8dcf2c4afa1d855379b69845c6d5efff8e097b5e95b38a11948c8d381d5d
+  metadata.gz: 744dace1fbf5e3ddd602eb8d143b62160960f5dabce29ee512096fa958cf6454
+  data.tar.gz: a2405f22aacc403a5c5a1a868e758dff10bfe961f9c8bcac3c4138b6acad389b
 SHA512:
-  metadata.gz: 4316cb199e760aaa144e7c1b154f974f514abdea83b5a18d4f85dd01ff64a9d8c030fd028cee8c27c00d3402a951571b3ae1379ca7ef8653c991df47035ef5c7
-  data.tar.gz: 0f1fa083577edf23a8db579ab5df5c9ef0d6087c97a7d2cea2c1ef7071049e495d3f374f5657194db4d6feef2252bb708f85af3a1a66e7f116185406db488984
+  metadata.gz: aeaf6a82e9dc58986ee0318706fd9af2d62e031f039f77cfbb1478a92db65cddb88ee25bb538d249a3b3b23bd2f64ec659de986107f404e74e557de2c077c209
+  data.tar.gz: ebe5f8713408b3e1d0e26a82b824371e7ebf4980a8d4447a6e0f4dd971777d1718a9b73ba53ee2d1e0ea9713d618d6b09e5587f21723ef32cb7908dfea5833c2

data/lib/rodauth/features/active_sessions.rb

@@ -125,6 +125,11 @@ module Rodauth
       add_active_session
     end
 
+    def clear_tokens(reason)
+      super
+      remove_all_active_sessions_except_current
+    end
+
     private
 
     def after_refresh_token

data/lib/rodauth/features/base.rb

@@ -93,6 +93,7 @@ module Rodauth
       :autocomplete_for_field?,
       :check_csrf,
       :clear_session,
+      :clear_tokens,
       :csrf_tag,
       :function_name,
       :hook_action,
@@ -330,6 +331,9 @@ module Rodauth
       end
     end
 
+    def clear_tokens(reason)
+    end
+
     def login_required
       set_redirect_error_status(login_required_error_status)
       set_error_reason :login_required

data/lib/rodauth/features/change_login.rb

@@ -86,7 +86,9 @@ module Rodauth
       if raised
         set_login_requirement_error_message(:already_an_account_with_this_login, already_an_account_with_this_login_message)
       end
-      updated && !raised
+      change_made = updated && !raised
+      clear_tokens(:change_login) if change_made
+      change_made
     end
   end
 end

data/lib/rodauth/features/close_account.rb

@@ -45,11 +45,12 @@ module Rodauth
             before_close_account
             close_account
             after_close_account
+            clear_session
+            clear_tokens(:close_account)
             if delete_account_on_close?
               delete_account
             end
           end
-          clear_session
 
           close_account_response
         end

data/lib/rodauth/features/email_auth.rb

@@ -167,6 +167,11 @@ module Rodauth
       (email_last_sent = get_email_auth_email_last_sent) && (Time.now - email_last_sent < email_auth_skip_resend_email_within)
     end
 
+    def clear_tokens(reason)
+      super
+      remove_email_auth_key
+    end
+
     private
 
     def _multi_phase_login_forms
@@ -210,11 +215,6 @@ module Rodauth
       super
     end
 
-    def after_close_account
-      remove_email_auth_key
-      super if defined?(super)
-    end
-
     def generate_email_auth_key_value
       @email_auth_key_value = random_key
     end

data/lib/rodauth/features/jwt_refresh.rb

@@ -89,6 +89,11 @@ module Rodauth
       @account = _account_from_refresh_token(token)
     end
 
+    def clear_tokens(reason)
+      super
+      jwt_refresh_token_account_ds(account_id).delete unless logged_in?
+    end
+
     private
 
     def rescue_jwt_payload(e)

data/lib/rodauth/features/lockout.rb

@@ -126,6 +126,7 @@ module Rodauth
           transaction do
             before_unlock_account
             unlock_account
+            clear_tokens(:unlock_account)
             after_unlock_account
             if unlock_account_autologin?
               autologin_session('unlock_account')
@@ -241,6 +242,11 @@ module Rodauth
       (email_last_sent = get_unlock_account_email_last_sent) && (Time.now - email_last_sent < unlock_account_skip_resend_email_within)
     end
 
+    def clear_tokens(reason)
+      super
+      account_lockouts_ds.update(account_lockouts_key_column => generate_unlock_account_key)
+    end
+
     private
 
     attr_reader :unlock_account_key_value

data/lib/rodauth/features/otp_unlock.rb

@@ -52,6 +52,7 @@ module Rodauth
       :otp_unlock_auth_success,
       :otp_unlock_available?,
       :otp_unlock_deadline_passed?,
+      :otp_unlock_not_available_set_refresh_header,
       :otp_unlock_refresh_tag,
     )
 
@@ -72,6 +73,7 @@ module Rodauth
         if otp_unlock_available?
           otp_unlock_view
         else
+          otp_unlock_not_available_set_refresh_header
           otp_unlock_not_available_view
         end
       end
@@ -201,6 +203,7 @@ module Rodauth
     end
 
     def otp_unlock_refresh_tag
+      # RODAUTH3: Remove
       "<meta http-equiv=\"refresh\" content=\"#{(otp_unlock_next_auth_attempt_after - Time.now).to_i + 1}\">"
     end
 
@@ -224,6 +227,10 @@ module Rodauth
       otp_unlock_data ? otp_unlock_data[otp_unlock_num_successes_column] : 0
     end
 
+    def otp_unlock_not_available_set_refresh_header
+      response.headers["refresh"] = ((otp_unlock_next_auth_attempt_after - Time.now).to_i + 1).to_s
+    end
+
     private
 
     def show_otp_auth_link?

data/lib/rodauth/features/remember.rb

@@ -175,6 +175,12 @@ module Rodauth
       authenticated_by.include?('remember')
     end
 
+    def clear_tokens(reason)
+      super
+      remove_remember_key
+      remember_login if logged_in? && logged_in_via_remember_key?
+    end
+
     private
 
     def _set_remember_cookie(account_id, remember_key_value, deadline)

data/lib/rodauth/features/reset_password.rb

@@ -50,6 +50,7 @@ module Rodauth
       :reset_password_email_link,
       :reset_password_key_insert_hash,
       :reset_password_key_value,
+      :reset_password_request_for_unverified_account,
       :set_reset_password_email_last_sent
     )
     auth_private_methods(
@@ -73,9 +74,7 @@ module Rodauth
             throw_error_reason(:no_matching_login, no_matching_login_error_status, login_param, no_matching_login_message)
           end
 
-          unless open_account?
-            throw_error_reason(:unverified_account, unopen_account_error_status, login_param, unverified_account_message)
-          end
+          reset_password_request_for_unverified_account unless open_account?
 
           if reset_password_email_recently_sent?
             set_redirect_error_flash reset_password_email_recently_sent_error_flash
@@ -144,7 +143,7 @@ module Rodauth
           transaction do
             before_reset_password
             set_password(password)
-            remove_reset_password_key
+            clear_tokens(:reset_password)
             after_reset_password
           end
 
@@ -174,6 +173,10 @@ module Rodauth
       end
     end
 
+    def reset_password_request_for_unverified_account
+      throw_error_reason(:unverified_account, unopen_account_error_status, login_param, unverified_account_message)
+    end
+
     def remove_reset_password_key
       password_reset_ds.delete
     end
@@ -208,6 +211,11 @@ module Rodauth
       (email_last_sent = get_reset_password_email_last_sent) && (Time.now - email_last_sent < reset_password_skip_resend_email_within)
     end
 
+    def clear_tokens(reason)
+      super
+      remove_reset_password_key
+    end
+
     private
 
     def _login_form_footer_links
@@ -223,11 +231,6 @@ module Rodauth
       super
     end
 
-    def after_close_account
-      remove_reset_password_key
-      super if defined?(super)
-    end
-
     def generate_reset_password_key_value
       @reset_password_key_value = random_key
     end

data/lib/rodauth/features/single_session.rb

@@ -79,6 +79,11 @@ module Rodauth
       update_single_session_key
     end
 
+    def clear_tokens(reason)
+      super
+      single_session_ds(account_id).delete unless logged_in?
+    end
+
     private
 
     def after_close_account
@@ -96,9 +101,9 @@ module Rodauth
       set_session_value(single_session_session_key, data)
     end
 
-    def single_session_ds
+    def single_session_ds(id=session_value)
       db[single_session_table].
-        where(single_session_id_column=>session_value)
+        where(single_session_id_column=>id)
     end
   end
 end

data/lib/rodauth/features/verify_account.rb

@@ -139,7 +139,7 @@ module Rodauth
             if verify_account_set_password?
               set_password(password)
             end
-            remove_verify_account_key
+            clear_tokens(:verify_account)
             after_verify_account
           end
 
@@ -244,6 +244,11 @@ module Rodauth
       account && (email_last_sent = get_verify_account_email_last_sent) && (Time.now - email_last_sent < verify_account_skip_resend_email_within)
     end
 
+    def clear_tokens(reason)
+      super
+      remove_verify_account_key
+    end
+
     private
 
     def _login_form_footer_links

data/lib/rodauth/features/verify_login_change.rb

@@ -144,13 +144,13 @@ module Rodauth
     attr_reader :verify_login_change_key_value
     attr_reader :verify_login_change_new_login
 
-    private
-
-    def after_close_account
+    def clear_tokens(reason)
+      super
       remove_verify_login_change_key
-      super if defined?(super)
     end
 
+    private
+
     def update_login(login)
       if _account_from_login(login)
         set_login_requirement_error_message(:already_an_account_with_this_login, already_an_account_with_this_login_message)

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 39
+  MINOR = 41
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/templates/otp-unlock-not-available.str

@@ -2,4 +2,3 @@
 <p>#{rodauth.otp_unlock_required_consecutive_successes_label}: #{rodauth.otp_unlock_auths_required}</p>
 <p>#{rodauth.otp_unlock_next_auth_attempt_label}: #{rodauth.otp_unlock_next_auth_attempt_after.strftime(rodauth.strftime_format)}</p>
 <p>#{rodauth.otp_unlock_next_auth_attempt_refresh_label}</p>
-#{rodauth.otp_unlock_refresh_tag}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.39.0
+  version: 2.41.0
 platform: ruby
 authors:
 - Jeremy Evans
@@ -402,7 +402,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Authentication and Account Management Framework for Rack Applications
 test_files: []