rodauth 2.6.0 → 2.11.0

data/lib/rodauth/features/reset_password.rb

@@ -100,6 +100,7 @@ module Rodauth
     route do |r|
       check_already_logged_in
       before_reset_password_route
+      @password_field_autocomplete_value = 'new-password'
 
       r.get do
         if key = param_or_nil(reset_password_key_param)

data/lib/rodauth/features/update_password_hash.rb

@@ -20,7 +20,7 @@ module Rodauth
 
     def get_password_hash
       if hash = super
-        @current_password_hash_cost = hash.split('$')[2].to_i
+        @current_password_hash_cost = extract_password_hash_cost(hash)
       end
 
       hash

data/lib/rodauth/features/verify_account.rb

@@ -47,7 +47,6 @@ module Rodauth
       :get_verify_account_key,
       :get_verify_account_email_last_sent,
       :remove_verify_account_key,
-      :resend_verify_account_view,
       :send_verify_account_email,
       :set_verify_account_email_last_sent,
       :verify_account,

data/lib/rodauth/features/webauthn_verify_account.rb

@@ -29,7 +29,7 @@ module Rodauth
 
     def before_verify_account
       super
-      if features.include?(:jwt) && use_jwt? && !param_or_nil(webauthn_setup_param)
+      if features.include?(:json) && use_json? && !param_or_nil(webauthn_setup_param)
         cred = new_webauthn_credential
         json_response[webauthn_setup_param] = cred.as_json
         json_response[webauthn_setup_challenge_param] = cred.challenge

data/lib/rodauth/migrations.rb

@@ -4,7 +4,8 @@ module Rodauth
   def self.create_database_authentication_functions(db, opts={})
     table_name = opts[:table_name] || :account_password_hashes
     get_salt_name = opts[:get_salt_name] || :rodauth_get_salt
-    valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash 
+    valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash
+    argon2 = opts[:argon2]
 
     case db.database_type
     when :postgres
@@ -14,12 +15,21 @@ module Rodauth
         when 'uuid' then :uuid
         else :int8
         end
+      table_name = db.literal(table_name) unless table_name.is_a?(String)
 
+      argon_sql = <<END
+CASE
+    WHEN password_hash ~ '^\\$argon2id'
+      THEN substring(password_hash from '\\$argon2id\\$v=\\d+\\$m=\\d+,t=\\d+,p=\\d+\\$.+\\$')
+    ELSE substr(password_hash, 0, 30)
+  END INTO salt
+END
       db.run <<END
 CREATE OR REPLACE FUNCTION #{get_salt_name}(acct_id #{primary_key_type}) RETURNS text AS $$
 DECLARE salt text;
 BEGIN
-SELECT substr(password_hash, 0, 30) INTO salt 
+SELECT
+#{argon2 ? argon_sql : "substr(password_hash, 0, 30) INTO salt"}
 FROM #{table_name}
 WHERE acct_id = id;
 RETURN salt;
@@ -43,12 +53,20 @@ SECURITY DEFINER
 SET search_path = #{search_path};
 END
     when :mysql
+      argon_sql = <<END
+CASE
+  WHEN password_hash REGEXP '^.argon2id'
+    THEN left(password_hash, CHAR_LENGTH(password_hash) - INSTR(REVERSE(password_hash), '$'))
+  ELSE substr(password_hash, 1, 30)
+  END
+END
       db.run <<END
 CREATE FUNCTION #{get_salt_name}(acct_id int8) RETURNS varchar(255)
 SQL SECURITY DEFINER
 READS SQL DATA
 BEGIN
-RETURN (SELECT substr(password_hash, 1, 30)
+RETURN (SELECT
+#{argon2 ? argon_sql : "substr(password_hash, 1, 30)"}
 FROM #{table_name}
 WHERE acct_id = id);
 END;
@@ -71,13 +89,21 @@ RETURN valid;
 END;
 END
     when :mssql
+      argon_sql = <<END
+CASE
+  WHEN password_hash LIKE '[$]argon2id%'
+    THEN left(password_hash, len(password_hash) - charindex('$', reverse(password_hash)))
+  ELSE substring(password_hash, 0, 30)
+  END
+END
       db.run <<END
 CREATE FUNCTION #{get_salt_name}(@account_id bigint) RETURNS nvarchar(255)
 WITH EXECUTE AS OWNER
 AS
 BEGIN
 DECLARE @salt nvarchar(255);
-SELECT @salt = substring(password_hash, 0, 30)
+SELECT @salt =
+#{argon2 ? argon_sql : "substring(password_hash, 0, 30)"}
 FROM #{table_name}
 WHERE id = @account_id;
 RETURN @salt;
@@ -107,7 +133,7 @@ END
   def self.drop_database_authentication_functions(db, opts={})
     table_name = opts[:table_name] || :account_password_hashes
     get_salt_name = opts[:get_salt_name] || :rodauth_get_salt
-    valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash 
+    valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash
 
     case db.database_type
     when :postgres

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 6
+  MINOR = 11
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.6.0
+  version: 2.11.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-20 00:00:00.000000000 Z
+date: 2021-03-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: argon2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: mail
   requirement: !ruby/object:Gem::Requirement
@@ -140,14 +154,14 @@ dependencies:
   name: webauthn
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2'
 - !ruby/object:Gem::Dependency
@@ -237,28 +251,35 @@ extra_rdoc_files:
 - README.rdoc
 - CHANGELOG
 - MIT-LICENSE
-- doc/change_password_notify.rdoc
 - doc/account_expiration.rdoc
+- doc/active_sessions.rdoc
+- doc/argon2.rdoc
+- doc/audit_logging.rdoc
 - doc/base.rdoc
 - doc/change_login.rdoc
 - doc/change_password.rdoc
-- doc/confirm_password.rdoc
+- doc/change_password_notify.rdoc
 - doc/close_account.rdoc
-- doc/http_basic_auth.rdoc
+- doc/confirm_password.rdoc
 - doc/create_account.rdoc
-- doc/email_base.rdoc
 - doc/disallow_common_passwords.rdoc
 - doc/disallow_password_reuse.rdoc
-- doc/password_complexity.rdoc
+- doc/email_auth.rdoc
+- doc/email_base.rdoc
+- doc/http_basic_auth.rdoc
+- doc/json.rdoc
 - doc/jwt.rdoc
+- doc/jwt_cors.rdoc
+- doc/jwt_refresh.rdoc
 - doc/lockout.rdoc
 - doc/login.rdoc
+- doc/login_password_requirements_base.rdoc
 - doc/logout.rdoc
 - doc/otp.rdoc
-- doc/login_password_requirements_base.rdoc
-- doc/jwt_cors.rdoc
+- doc/password_complexity.rdoc
 - doc/password_expiration.rdoc
 - doc/password_grace_period.rdoc
+- doc/password_pepper.rdoc
 - doc/recovery_codes.rdoc
 - doc/remember.rdoc
 - doc/reset_password.rdoc
@@ -268,17 +289,11 @@ extra_rdoc_files:
 - doc/two_factor_base.rdoc
 - doc/update_password_hash.rdoc
 - doc/verify_account.rdoc
-- doc/email_auth.rdoc
-- doc/jwt_refresh.rdoc
 - doc/verify_account_grace_period.rdoc
 - doc/verify_login_change.rdoc
 - doc/webauthn.rdoc
 - doc/webauthn_login.rdoc
 - doc/webauthn_verify_account.rdoc
-- doc/active_sessions.rdoc
-- doc/audit_logging.rdoc
-- doc/password_pepper.rdoc
-- doc/release_notes/1.17.0.txt
 - doc/release_notes/1.0.0.txt
 - doc/release_notes/1.1.0.txt
 - doc/release_notes/1.10.0.txt
@@ -288,7 +303,14 @@ extra_rdoc_files:
 - doc/release_notes/1.14.0.txt
 - doc/release_notes/1.15.0.txt
 - doc/release_notes/1.16.0.txt
+- doc/release_notes/1.17.0.txt
+- doc/release_notes/1.18.0.txt
+- doc/release_notes/1.19.0.txt
 - doc/release_notes/1.2.0.txt
+- doc/release_notes/1.20.0.txt
+- doc/release_notes/1.21.0.txt
+- doc/release_notes/1.22.0.txt
+- doc/release_notes/1.23.0.txt
 - doc/release_notes/1.3.0.txt
 - doc/release_notes/1.4.0.txt
 - doc/release_notes/1.5.0.txt
@@ -296,19 +318,18 @@ extra_rdoc_files:
 - doc/release_notes/1.7.0.txt
 - doc/release_notes/1.8.0.txt
 - doc/release_notes/1.9.0.txt
-- doc/release_notes/1.18.0.txt
-- doc/release_notes/1.19.0.txt
-- doc/release_notes/1.20.0.txt
-- doc/release_notes/1.21.0.txt
-- doc/release_notes/1.22.0.txt
-- doc/release_notes/1.23.0.txt
 - doc/release_notes/2.0.0.txt
 - doc/release_notes/2.1.0.txt
+- doc/release_notes/2.10.0.txt
+- doc/release_notes/2.11.0.txt
 - doc/release_notes/2.2.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
 - doc/release_notes/2.6.0.txt
+- doc/release_notes/2.7.0.txt
+- doc/release_notes/2.8.0.txt
+- doc/release_notes/2.9.0.txt
 files:
 - CHANGELOG
 - MIT-LICENSE
@@ -316,6 +337,7 @@ files:
 - dict/top-10_000-passwords.txt
 - doc/account_expiration.rdoc
 - doc/active_sessions.rdoc
+- doc/argon2.rdoc
 - doc/audit_logging.rdoc
 - doc/base.rdoc
 - doc/change_login.rdoc
@@ -338,6 +360,7 @@ files:
 - doc/guides/internals.rdoc
 - doc/guides/links.rdoc
 - doc/guides/login_return.rdoc
+- doc/guides/migrate_password_hash_algorithm.rdoc
 - doc/guides/password_column.rdoc
 - doc/guides/password_confirmation.rdoc
 - doc/guides/password_requirements.rdoc
@@ -350,6 +373,7 @@ files:
 - doc/guides/status_column.rdoc
 - doc/guides/totp_or_recovery.rdoc
 - doc/http_basic_auth.rdoc
+- doc/json.rdoc
 - doc/jwt.rdoc
 - doc/jwt_cors.rdoc
 - doc/jwt_refresh.rdoc
@@ -389,11 +413,16 @@ files:
 - doc/release_notes/1.9.0.txt
 - doc/release_notes/2.0.0.txt
 - doc/release_notes/2.1.0.txt
+- doc/release_notes/2.10.0.txt
+- doc/release_notes/2.11.0.txt
 - doc/release_notes/2.2.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
 - doc/release_notes/2.6.0.txt
+- doc/release_notes/2.7.0.txt
+- doc/release_notes/2.8.0.txt
+- doc/release_notes/2.9.0.txt
 - doc/remember.rdoc
 - doc/reset_password.rdoc
 - doc/session_expiration.rdoc
@@ -413,6 +442,7 @@ files:
 - lib/rodauth.rb
 - lib/rodauth/features/account_expiration.rb
 - lib/rodauth/features/active_sessions.rb
+- lib/rodauth/features/argon2.rb
 - lib/rodauth/features/audit_logging.rb
 - lib/rodauth/features/base.rb
 - lib/rodauth/features/change_login.rb
@@ -426,6 +456,7 @@ files:
 - lib/rodauth/features/email_auth.rb
 - lib/rodauth/features/email_base.rb
 - lib/rodauth/features/http_basic_auth.rb
+- lib/rodauth/features/json.rb
 - lib/rodauth/features/jwt.rb
 - lib/rodauth/features/jwt_cors.rb
 - lib/rodauth/features/jwt_refresh.rb
@@ -537,7 +568,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.3
 signing_key: 
 specification_version: 4
 summary: Authentication and Account Management Framework for Rack Applications