rodauth 2.6.0 → 2.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +42 -0
- data/MIT-LICENSE +1 -1
- data/README.rdoc +21 -6
- data/doc/argon2.rdoc +49 -0
- data/doc/base.rdoc +1 -1
- data/doc/change_login.rdoc +1 -0
- data/doc/guides/migrate_password_hash_algorithm.rdoc +15 -0
- data/doc/json.rdoc +47 -0
- data/doc/jwt.rdoc +1 -28
- data/doc/jwt_refresh.rdoc +2 -0
- data/doc/login_password_requirements_base.rdoc +2 -1
- data/doc/recovery_codes.rdoc +2 -1
- data/doc/release_notes/2.10.0.txt +47 -0
- data/doc/release_notes/2.11.0.txt +31 -0
- data/doc/release_notes/2.7.0.txt +33 -0
- data/doc/release_notes/2.8.0.txt +20 -0
- data/doc/release_notes/2.9.0.txt +21 -0
- data/doc/remember.rdoc +1 -1
- data/lib/rodauth.rb +17 -4
- data/lib/rodauth/features/argon2.rb +69 -0
- data/lib/rodauth/features/base.rb +6 -2
- data/lib/rodauth/features/change_login.rb +2 -1
- data/lib/rodauth/features/disallow_password_reuse.rb +20 -7
- data/lib/rodauth/features/email_base.rb +5 -2
- data/lib/rodauth/features/json.rb +189 -0
- data/lib/rodauth/features/jwt.rb +19 -171
- data/lib/rodauth/features/jwt_refresh.rb +23 -10
- data/lib/rodauth/features/login_password_requirements_base.rb +6 -1
- data/lib/rodauth/features/otp.rb +0 -2
- data/lib/rodauth/features/recovery_codes.rb +22 -1
- data/lib/rodauth/features/remember.rb +6 -1
- data/lib/rodauth/features/reset_password.rb +1 -0
- data/lib/rodauth/features/update_password_hash.rb +1 -1
- data/lib/rodauth/features/verify_account.rb +0 -1
- data/lib/rodauth/features/webauthn_verify_account.rb +1 -1
- data/lib/rodauth/migrations.rb +31 -5
- data/lib/rodauth/version.rb +1 -1
- metadata +55 -24
@@ -29,7 +29,7 @@ module Rodauth
|
|
29
29
|
|
30
30
|
def before_verify_account
|
31
31
|
super
|
32
|
-
if features.include?(:
|
32
|
+
if features.include?(:json) && use_json? && !param_or_nil(webauthn_setup_param)
|
33
33
|
cred = new_webauthn_credential
|
34
34
|
json_response[webauthn_setup_param] = cred.as_json
|
35
35
|
json_response[webauthn_setup_challenge_param] = cred.challenge
|
data/lib/rodauth/migrations.rb
CHANGED
@@ -4,7 +4,8 @@ module Rodauth
|
|
4
4
|
def self.create_database_authentication_functions(db, opts={})
|
5
5
|
table_name = opts[:table_name] || :account_password_hashes
|
6
6
|
get_salt_name = opts[:get_salt_name] || :rodauth_get_salt
|
7
|
-
valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash
|
7
|
+
valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash
|
8
|
+
argon2 = opts[:argon2]
|
8
9
|
|
9
10
|
case db.database_type
|
10
11
|
when :postgres
|
@@ -14,12 +15,21 @@ module Rodauth
|
|
14
15
|
when 'uuid' then :uuid
|
15
16
|
else :int8
|
16
17
|
end
|
18
|
+
table_name = db.literal(table_name) unless table_name.is_a?(String)
|
17
19
|
|
20
|
+
argon_sql = <<END
|
21
|
+
CASE
|
22
|
+
WHEN password_hash ~ '^\\$argon2id'
|
23
|
+
THEN substring(password_hash from '\\$argon2id\\$v=\\d+\\$m=\\d+,t=\\d+,p=\\d+\\$.+\\$')
|
24
|
+
ELSE substr(password_hash, 0, 30)
|
25
|
+
END INTO salt
|
26
|
+
END
|
18
27
|
db.run <<END
|
19
28
|
CREATE OR REPLACE FUNCTION #{get_salt_name}(acct_id #{primary_key_type}) RETURNS text AS $$
|
20
29
|
DECLARE salt text;
|
21
30
|
BEGIN
|
22
|
-
SELECT
|
31
|
+
SELECT
|
32
|
+
#{argon2 ? argon_sql : "substr(password_hash, 0, 30) INTO salt"}
|
23
33
|
FROM #{table_name}
|
24
34
|
WHERE acct_id = id;
|
25
35
|
RETURN salt;
|
@@ -43,12 +53,20 @@ SECURITY DEFINER
|
|
43
53
|
SET search_path = #{search_path};
|
44
54
|
END
|
45
55
|
when :mysql
|
56
|
+
argon_sql = <<END
|
57
|
+
CASE
|
58
|
+
WHEN password_hash REGEXP '^.argon2id'
|
59
|
+
THEN left(password_hash, CHAR_LENGTH(password_hash) - INSTR(REVERSE(password_hash), '$'))
|
60
|
+
ELSE substr(password_hash, 1, 30)
|
61
|
+
END
|
62
|
+
END
|
46
63
|
db.run <<END
|
47
64
|
CREATE FUNCTION #{get_salt_name}(acct_id int8) RETURNS varchar(255)
|
48
65
|
SQL SECURITY DEFINER
|
49
66
|
READS SQL DATA
|
50
67
|
BEGIN
|
51
|
-
RETURN (SELECT
|
68
|
+
RETURN (SELECT
|
69
|
+
#{argon2 ? argon_sql : "substr(password_hash, 1, 30)"}
|
52
70
|
FROM #{table_name}
|
53
71
|
WHERE acct_id = id);
|
54
72
|
END;
|
@@ -71,13 +89,21 @@ RETURN valid;
|
|
71
89
|
END;
|
72
90
|
END
|
73
91
|
when :mssql
|
92
|
+
argon_sql = <<END
|
93
|
+
CASE
|
94
|
+
WHEN password_hash LIKE '[$]argon2id%'
|
95
|
+
THEN left(password_hash, len(password_hash) - charindex('$', reverse(password_hash)))
|
96
|
+
ELSE substring(password_hash, 0, 30)
|
97
|
+
END
|
98
|
+
END
|
74
99
|
db.run <<END
|
75
100
|
CREATE FUNCTION #{get_salt_name}(@account_id bigint) RETURNS nvarchar(255)
|
76
101
|
WITH EXECUTE AS OWNER
|
77
102
|
AS
|
78
103
|
BEGIN
|
79
104
|
DECLARE @salt nvarchar(255);
|
80
|
-
SELECT @salt =
|
105
|
+
SELECT @salt =
|
106
|
+
#{argon2 ? argon_sql : "substring(password_hash, 0, 30)"}
|
81
107
|
FROM #{table_name}
|
82
108
|
WHERE id = @account_id;
|
83
109
|
RETURN @salt;
|
@@ -107,7 +133,7 @@ END
|
|
107
133
|
def self.drop_database_authentication_functions(db, opts={})
|
108
134
|
table_name = opts[:table_name] || :account_password_hashes
|
109
135
|
get_salt_name = opts[:get_salt_name] || :rodauth_get_salt
|
110
|
-
valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash
|
136
|
+
valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash
|
111
137
|
|
112
138
|
case db.database_type
|
113
139
|
when :postgres
|
data/lib/rodauth/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeremy Evans
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-03-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sequel
|
@@ -80,6 +80,20 @@ dependencies:
|
|
80
80
|
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: argon2
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '2'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '2'
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
98
|
name: mail
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -140,14 +154,14 @@ dependencies:
|
|
140
154
|
name: webauthn
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
142
156
|
requirements:
|
143
|
-
- - "
|
157
|
+
- - ">="
|
144
158
|
- !ruby/object:Gem::Version
|
145
159
|
version: '2'
|
146
160
|
type: :development
|
147
161
|
prerelease: false
|
148
162
|
version_requirements: !ruby/object:Gem::Requirement
|
149
163
|
requirements:
|
150
|
-
- - "
|
164
|
+
- - ">="
|
151
165
|
- !ruby/object:Gem::Version
|
152
166
|
version: '2'
|
153
167
|
- !ruby/object:Gem::Dependency
|
@@ -237,28 +251,35 @@ extra_rdoc_files:
|
|
237
251
|
- README.rdoc
|
238
252
|
- CHANGELOG
|
239
253
|
- MIT-LICENSE
|
240
|
-
- doc/change_password_notify.rdoc
|
241
254
|
- doc/account_expiration.rdoc
|
255
|
+
- doc/active_sessions.rdoc
|
256
|
+
- doc/argon2.rdoc
|
257
|
+
- doc/audit_logging.rdoc
|
242
258
|
- doc/base.rdoc
|
243
259
|
- doc/change_login.rdoc
|
244
260
|
- doc/change_password.rdoc
|
245
|
-
- doc/
|
261
|
+
- doc/change_password_notify.rdoc
|
246
262
|
- doc/close_account.rdoc
|
247
|
-
- doc/
|
263
|
+
- doc/confirm_password.rdoc
|
248
264
|
- doc/create_account.rdoc
|
249
|
-
- doc/email_base.rdoc
|
250
265
|
- doc/disallow_common_passwords.rdoc
|
251
266
|
- doc/disallow_password_reuse.rdoc
|
252
|
-
- doc/
|
267
|
+
- doc/email_auth.rdoc
|
268
|
+
- doc/email_base.rdoc
|
269
|
+
- doc/http_basic_auth.rdoc
|
270
|
+
- doc/json.rdoc
|
253
271
|
- doc/jwt.rdoc
|
272
|
+
- doc/jwt_cors.rdoc
|
273
|
+
- doc/jwt_refresh.rdoc
|
254
274
|
- doc/lockout.rdoc
|
255
275
|
- doc/login.rdoc
|
276
|
+
- doc/login_password_requirements_base.rdoc
|
256
277
|
- doc/logout.rdoc
|
257
278
|
- doc/otp.rdoc
|
258
|
-
- doc/
|
259
|
-
- doc/jwt_cors.rdoc
|
279
|
+
- doc/password_complexity.rdoc
|
260
280
|
- doc/password_expiration.rdoc
|
261
281
|
- doc/password_grace_period.rdoc
|
282
|
+
- doc/password_pepper.rdoc
|
262
283
|
- doc/recovery_codes.rdoc
|
263
284
|
- doc/remember.rdoc
|
264
285
|
- doc/reset_password.rdoc
|
@@ -268,17 +289,11 @@ extra_rdoc_files:
|
|
268
289
|
- doc/two_factor_base.rdoc
|
269
290
|
- doc/update_password_hash.rdoc
|
270
291
|
- doc/verify_account.rdoc
|
271
|
-
- doc/email_auth.rdoc
|
272
|
-
- doc/jwt_refresh.rdoc
|
273
292
|
- doc/verify_account_grace_period.rdoc
|
274
293
|
- doc/verify_login_change.rdoc
|
275
294
|
- doc/webauthn.rdoc
|
276
295
|
- doc/webauthn_login.rdoc
|
277
296
|
- doc/webauthn_verify_account.rdoc
|
278
|
-
- doc/active_sessions.rdoc
|
279
|
-
- doc/audit_logging.rdoc
|
280
|
-
- doc/password_pepper.rdoc
|
281
|
-
- doc/release_notes/1.17.0.txt
|
282
297
|
- doc/release_notes/1.0.0.txt
|
283
298
|
- doc/release_notes/1.1.0.txt
|
284
299
|
- doc/release_notes/1.10.0.txt
|
@@ -288,7 +303,14 @@ extra_rdoc_files:
|
|
288
303
|
- doc/release_notes/1.14.0.txt
|
289
304
|
- doc/release_notes/1.15.0.txt
|
290
305
|
- doc/release_notes/1.16.0.txt
|
306
|
+
- doc/release_notes/1.17.0.txt
|
307
|
+
- doc/release_notes/1.18.0.txt
|
308
|
+
- doc/release_notes/1.19.0.txt
|
291
309
|
- doc/release_notes/1.2.0.txt
|
310
|
+
- doc/release_notes/1.20.0.txt
|
311
|
+
- doc/release_notes/1.21.0.txt
|
312
|
+
- doc/release_notes/1.22.0.txt
|
313
|
+
- doc/release_notes/1.23.0.txt
|
292
314
|
- doc/release_notes/1.3.0.txt
|
293
315
|
- doc/release_notes/1.4.0.txt
|
294
316
|
- doc/release_notes/1.5.0.txt
|
@@ -296,19 +318,18 @@ extra_rdoc_files:
|
|
296
318
|
- doc/release_notes/1.7.0.txt
|
297
319
|
- doc/release_notes/1.8.0.txt
|
298
320
|
- doc/release_notes/1.9.0.txt
|
299
|
-
- doc/release_notes/1.18.0.txt
|
300
|
-
- doc/release_notes/1.19.0.txt
|
301
|
-
- doc/release_notes/1.20.0.txt
|
302
|
-
- doc/release_notes/1.21.0.txt
|
303
|
-
- doc/release_notes/1.22.0.txt
|
304
|
-
- doc/release_notes/1.23.0.txt
|
305
321
|
- doc/release_notes/2.0.0.txt
|
306
322
|
- doc/release_notes/2.1.0.txt
|
323
|
+
- doc/release_notes/2.10.0.txt
|
324
|
+
- doc/release_notes/2.11.0.txt
|
307
325
|
- doc/release_notes/2.2.0.txt
|
308
326
|
- doc/release_notes/2.3.0.txt
|
309
327
|
- doc/release_notes/2.4.0.txt
|
310
328
|
- doc/release_notes/2.5.0.txt
|
311
329
|
- doc/release_notes/2.6.0.txt
|
330
|
+
- doc/release_notes/2.7.0.txt
|
331
|
+
- doc/release_notes/2.8.0.txt
|
332
|
+
- doc/release_notes/2.9.0.txt
|
312
333
|
files:
|
313
334
|
- CHANGELOG
|
314
335
|
- MIT-LICENSE
|
@@ -316,6 +337,7 @@ files:
|
|
316
337
|
- dict/top-10_000-passwords.txt
|
317
338
|
- doc/account_expiration.rdoc
|
318
339
|
- doc/active_sessions.rdoc
|
340
|
+
- doc/argon2.rdoc
|
319
341
|
- doc/audit_logging.rdoc
|
320
342
|
- doc/base.rdoc
|
321
343
|
- doc/change_login.rdoc
|
@@ -338,6 +360,7 @@ files:
|
|
338
360
|
- doc/guides/internals.rdoc
|
339
361
|
- doc/guides/links.rdoc
|
340
362
|
- doc/guides/login_return.rdoc
|
363
|
+
- doc/guides/migrate_password_hash_algorithm.rdoc
|
341
364
|
- doc/guides/password_column.rdoc
|
342
365
|
- doc/guides/password_confirmation.rdoc
|
343
366
|
- doc/guides/password_requirements.rdoc
|
@@ -350,6 +373,7 @@ files:
|
|
350
373
|
- doc/guides/status_column.rdoc
|
351
374
|
- doc/guides/totp_or_recovery.rdoc
|
352
375
|
- doc/http_basic_auth.rdoc
|
376
|
+
- doc/json.rdoc
|
353
377
|
- doc/jwt.rdoc
|
354
378
|
- doc/jwt_cors.rdoc
|
355
379
|
- doc/jwt_refresh.rdoc
|
@@ -389,11 +413,16 @@ files:
|
|
389
413
|
- doc/release_notes/1.9.0.txt
|
390
414
|
- doc/release_notes/2.0.0.txt
|
391
415
|
- doc/release_notes/2.1.0.txt
|
416
|
+
- doc/release_notes/2.10.0.txt
|
417
|
+
- doc/release_notes/2.11.0.txt
|
392
418
|
- doc/release_notes/2.2.0.txt
|
393
419
|
- doc/release_notes/2.3.0.txt
|
394
420
|
- doc/release_notes/2.4.0.txt
|
395
421
|
- doc/release_notes/2.5.0.txt
|
396
422
|
- doc/release_notes/2.6.0.txt
|
423
|
+
- doc/release_notes/2.7.0.txt
|
424
|
+
- doc/release_notes/2.8.0.txt
|
425
|
+
- doc/release_notes/2.9.0.txt
|
397
426
|
- doc/remember.rdoc
|
398
427
|
- doc/reset_password.rdoc
|
399
428
|
- doc/session_expiration.rdoc
|
@@ -413,6 +442,7 @@ files:
|
|
413
442
|
- lib/rodauth.rb
|
414
443
|
- lib/rodauth/features/account_expiration.rb
|
415
444
|
- lib/rodauth/features/active_sessions.rb
|
445
|
+
- lib/rodauth/features/argon2.rb
|
416
446
|
- lib/rodauth/features/audit_logging.rb
|
417
447
|
- lib/rodauth/features/base.rb
|
418
448
|
- lib/rodauth/features/change_login.rb
|
@@ -426,6 +456,7 @@ files:
|
|
426
456
|
- lib/rodauth/features/email_auth.rb
|
427
457
|
- lib/rodauth/features/email_base.rb
|
428
458
|
- lib/rodauth/features/http_basic_auth.rb
|
459
|
+
- lib/rodauth/features/json.rb
|
429
460
|
- lib/rodauth/features/jwt.rb
|
430
461
|
- lib/rodauth/features/jwt_cors.rb
|
431
462
|
- lib/rodauth/features/jwt_refresh.rb
|
@@ -537,7 +568,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
537
568
|
- !ruby/object:Gem::Version
|
538
569
|
version: '0'
|
539
570
|
requirements: []
|
540
|
-
rubygems_version: 3.
|
571
|
+
rubygems_version: 3.2.3
|
541
572
|
signing_key:
|
542
573
|
specification_version: 4
|
543
574
|
summary: Authentication and Account Management Framework for Rack Applications
|