rodauth 1.9.0 → 1.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 63d284b3ed1dc87ff182d472e730e52d823e4dae
-  data.tar.gz: 47599804ed740325e00c8c7bda5dcafde8b669c3
+  metadata.gz: b1741b1db3b830dd1edde47d251c388e51901d85
+  data.tar.gz: 1066a17b7b2a3565335cbcd47ef6903d3c1f5a93
 SHA512:
-  metadata.gz: a4f64fc7c93e5a97c4ef7a100d26dcb286b157a7085c939db4bdce203b3b63f18e239f71ea09cc4881740facacc695c00a220427e91f9daea0aec7f1e65a51d3
-  data.tar.gz: 3424177852d8cbf98f1acca6f75c46e23316664950febab7af6af720a55038570fe6d4655d4dc983e0ee29df70ad011a7cff468b5f0169604c3baed09da1e94f
+  metadata.gz: 76b1d26463432bb939565f09b3779cbdf6f8d7b632079115eaf62288c2817f80c1f24752e3847893e17242eadb21eccfae5cc7d7df54a45f4f7be2032207e751
+  data.tar.gz: 59c18ab583fde50543c9284a7831d2fbf2087d64bb8e5c33a257b82cd3b3ded7c6d28f1a38a6a32cbba04d1c34ff9d2d87264a9356fc44cc40c02ceac8298454

data/CHANGELOG

@@ -1,3 +1,23 @@
+=== 1.10.0 (2017-03-23)
+
+* Add Internals Guide (jeremyevans)
+
+* Set FeatureConfiguration instances to constants, just like Feature instances (jeremyevans)
+
+* When reopening rodauth configuration in roda subclass, automatically subclass rodauth configuration so it doesn't modify superclass (jeremyevans)
+
+* Add verify_login_change feature as an alternative to verify_change_login, where the change doesn't take affect until after verification (jeremyevans) (#31)
+
+* Add login_failed_reset_password_request_form for customizing the HTML used for the request password request form on login failures (jeremyevans)
+
+* Make reset password request form available without requiring a login attempt, and provide a login field in that case (jeremyevans) (#30)
+
+* Make resending verify account email request form available without requiring a login/account creation attempt, and provide a login field in that case (jeremyevans) (#30)
+
+* Fix resending verify account email when attempting to create a new account with same login as unverified account when using verify_account_grace_period feature (jeremyevans) (#30)
+
+* Fix precompile_rodauth_templates usage with reset_password feature (jeremyevans)
+
 === 1.9.0 (2017-02-22)
 
 * Make reset-password use existing password reset key if one is present (jeremyevans) (#26)

data/README.rdoc

@@ -29,7 +29,7 @@ hashes by protecting access via database functions.
 * OTP (2 factor authentication via TOTP)
 * Recovery Codes (2 factor authentication via backup codes)
 * SMS Codes (2 factor authentication via SMS)
-* Verify Change Login (Reverify accounts after login changes)
+* Verify Login Change (Verify new login before changing login)
 * Verify Account Grace Period (Don't require verification before login)
 * Password Grace Period (Don't require password entry if recently entered)
 * Password Complexity (More sophisticated checks)
@@ -280,6 +280,14 @@ versions of Sequel, switch the :Bignum symbols to Bignum constants.
         DateTime :requested_at, :null=>false, :default=>Sequel::CURRENT_TIMESTAMP
       end
 
+      # Used by the verify login change feature
+      create_table(:account_login_change_keys) do
+        foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
+        String :key, :null=>false
+        String :login, :null=>false
+        DateTime :deadline, deadline_opts[1]
+      end
+
       # Used by the remember me feature
       create_table(:account_remember_keys) do
         foreign_key :id, :accounts, :primary_key=>true, :type=>:Bignum
@@ -356,6 +364,7 @@ versions of Sequel, switch the :Bignum symbols to Bignum constants.
         run "GRANT ALL ON accounts TO #{user}"
         run "GRANT ALL ON account_password_reset_keys TO #{user}"
         run "GRANT ALL ON account_verification_keys TO #{user}"
+        run "GRANT ALL ON account_login_change_keys TO #{user}"
         run "GRANT ALL ON account_remember_keys TO #{user}"
         run "GRANT ALL ON account_login_failures TO #{user}"
         run "GRANT ALL ON account_lockouts TO #{user}"
@@ -378,6 +387,7 @@ versions of Sequel, switch the :Bignum symbols to Bignum constants.
                  :account_lockouts,
                  :account_login_failures,
                  :account_remember_keys,
+                 :account_login_change_keys,
                  :account_verification_keys,
                  :account_password_reset_keys,
                  :accounts,
@@ -993,8 +1003,9 @@ use the following basic structure
 
   module Rodauth
     # :feature_name will be the argument given to enable to
-    # load the feature
-    FeatureName = Feature.define(:feature_name) do
+    # load the feature, :FeatureName is optional and will be used to
+    # set a constant name for prettier inspect output.
+    Feature.define(:feature_name, :FeatureName) do
       # Shortcut for defining auth value methods with static values
       auth_value_method :method_name, 1 # method_value
 

data/Rakefile

@@ -116,10 +116,10 @@ task :db_setup_mssql do
   $: << 'lib'
   require 'sequel'
   Sequel.extension :migration
-  Sequel.tinytds('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
+  Sequel.tinytds('rodauth_test', :host=>'localhost', :user=>'rodauth_test_password', :password=>'Rodauth1.') do |db|
     Sequel::Migrator.run(db, 'spec/migrate')
   end
-  Sequel.tinytds('rodauth_test', :user=>'rodauth_test_password', :password=>'rodauth_test') do |db|
+  Sequel.tinytds('rodauth_test', :host=>'localhost', :user=>'rodauth_test_password', :password=>'Rodauth1.') do |db|
     Sequel::Migrator.run(db, 'spec/migrate_password', :table=>'schema_info_password')
   end
 end

data/doc/base.rdoc

@@ -116,7 +116,7 @@ password_match?(password) :: Check whether the given password matches the
                              stored password hash.
 random_key :: A randomly generated string, used for creating tokens.
 redirect(path) :: Redirect the request to the given path.
-session_value :: Alias for account_session_value.
+session_value :: The value for session_key in the current session.
 set_error_flash(message) :: Set the current error flash to the given message.
 set_notice_flash(message) :: Set the next notice flash to the given message.
 set_notice_now_flash(message) :: Set the current notice flash to the given message.

data/doc/internals.rdoc

@@ -0,0 +1,222 @@
+= Rodauth Internals
+
+Rodauth's implementation heavily uses metaprogramming in order to DRY up the codebase, which can be a little intimiting to developers who are not familiar with the codebase.  This guide explains how Rodauth is built, which should make the internals easier to understand.
+
+== Object Model
+
+First, let's talk about the basic parts of Rodauth.
+
+=== Rodauth::Auth
+
+Rodauth::Auth is the core of rodauth.  If a user calls +rodauth+ inside their Roda application, they get a Rodauth::Auth subclass instance.  Rodauth's configuration DSL is designed to build a Rodauth::Auth subclass appropriate to the application, by loading only the features that are needed, and overriding defaults as appropriate.
+
+=== Rodauth::Configuration
+
+Inside the block you pass to <tt>plugin :rodauth</tt>, +self+ is an instance of this class.  This class is mostly empty, as most of Rodauth is implemented as separate features, and the configuration for each feature is loaded as a separate module into this instance.
+
+=== Rodauth::Feature
+
+Each of the parts of rodauth that you can use is going to be a separate feature.  Rodauth::Feature is a Module subclass, and every feature you load is included in the Rodauth::Auth subclass used by the Roda application.  Rodauth::Feature has many methods designed to make building Rodauth features easier by defining methods in the Rodauth::Feature instance.
+
+=== Rodauth::FeatureConfiguration
+
+Just as each feature is a module included in the Rodauth::Auth subclass for the application, each feature also contains a configuration module that is an instance of Rodauth::FeatureConfiguration (also a module subclass).  For each feature you load into the Rodauth configuration, the Rodauth::Configuration instance is extended with the feature's Rodauth::FeatureConfiguration instance, which is what makes the feature's configuration methods available inside the <tt>plugin :rodauth</tt> block.  This is why you need to enable the features in Rodauth before configuring them.
+
+
+== Object Model Example
+
+Here's some commented output hopefully showing the relation between the different parts
+
+   Roda.plugin :rodauth do
+     self                       # => #<Rodauth::Configuration> (instance)
+     auth                       # => Rodauth::Auth subclass
+
+     singleton_class.ancestors  # => [#<Class:#<Rodauth::Configuration>> (singleton class of self),
+                                #     Rodauth::FeatureConfiguration::Base (instance of Rodauth::FeatureConfiguration),
+                                #     Rodauth::Configuration,
+                                #     ...]
+     auth.ancestors             # => [Rodauth::Auth subclass,
+                                #     Rodauth::Base (instance of Rodauth::Feature),
+                                #     Rodauth::Auth,
+                                #     ...]
+
+     enable :login
+
+     singleton_class.ancestors  # => [#<Class:#<Rodauth::Configuration>> (singleton class of self),
+                                #     Rodauth::FeatureConfiguration::Login (instance of Rodauth::FeatureConfiguration),
+                                #     Rodauth::FeatureConfiguration::Base (instance of Rodauth::FeatureConfiguration),
+                                #     Rodauth::Configuration,
+                                #     ...]
+     auth.ancestors             # => [Rodauth::Auth subclass,
+                                #     Rodauth::Login (instance of Rodauth::Feature),
+                                #     Rodauth::Base (instance of Rodauth::Feature),
+                                #     Rodauth::Auth,
+                                #     ...]
+   end
+
+   Roda.rodauth                 # => Rodauth::Auth subclass
+   Roda.rodauth.ancestors       # => [Rodauth::Auth subclass,
+                                #     Rodauth::Login (instance of Rodauth::Feature),
+                                #     Rodauth::Base (instance of Rodauth::Feature),
+                                #     Rodauth::Auth,
+                                #     ...]
+
+   Roda.route do |r|
+     rodauth                    # => Rodauth::Auth subclass instance
+   end
+
+== Feature Creation Example
+
+Here's a heavily commented example showing what is going on inside a Rodauth feature.
+
+  module Rodauth
+    # Feature.define takes a symbol, specifying the name of the feature. This
+    # is the same symbol you would pass to enable when loading the feature into
+    # the Rodauth configuration.  Feature is a module subclass, and Feature.define
+    # is a class method that creates an instance of Feature (a module) and executes
+    # the block in the context of the Feature instance.
+    #
+    # The second argument is optional, and sets the Feature instance and related
+    # FeatureConfiguration instance to a constant in the Rodauth namespace, which
+    # makes it easier to locate via inspect.
+    Feature.define(:foo, :Foo) do
+      # Inside this block, self is an instance of Feature.  As this instance of
+      # Feature will be included in the Rodauth::Auth subclass instance if
+      # the feature is loaded into the rodauth configuration, methods you define
+      # in this block (via def or define_method) will be callable on any
+      # rodauth object if this feature is loaded into the rodauth configuration.
+
+      # Feature has many instance methods that define methods in the Feature
+      # instance.  This is one of those methods, which sets the text of the notice
+      # flash, shown after successful submission of the form. It's basically
+      # equivalent to executing this code in the feature:
+      #
+      #   def foo_notice_flash
+      #     "It worked!"
+      #   end
+      #
+      # while also adding a method to the configuration which does:
+      #
+      #   def foo_notice_flash(v=nil, &block)
+      #     block ||= proc{v}
+      #     @auth.class_eval do
+      #       define_method(:foo_notice_flash, &block)
+      #     end
+      #   end
+      #
+      # This is what easily allows you to modify any part of Rodauth during
+      # configuration.  The Rodauth::Auth subclass has the default behavior
+      # added via a method in an included module (the Feature instance), and the
+      # Rodauth::Configuration instance has a method that when called defines
+      # a method in the Rodauth::Auth subclass itself, which will take precedence
+      # over the default method, which defined in the included Feature instance.
+      notice_flash "It worked!"
+
+      # The rest of these method calls are fairly similar to notice_flash.
+      # This defines the foo_error_flash method, for the error flash message to
+      # show if the form submission wasn't successful.
+      error_flash "There was an error"
+
+      # This defines the foo_view method to use template 'foo.str' in the templates
+      # folder, and set the title of the page to 'Foo'.
+      view 'foo', 'Foo'
+
+      # This defines the foo_additional_form_tags method, which would generally be called
+      # inside the foo.str template.
+      additional_form_tags
+
+      # This defines the foo_button method, for the text to use on the submit button
+      # for the form in foo.str.
+      button 'Submit'
+
+      # This defines the foo_redirect method, for where to redirect after successful submission
+      # of the form.
+      redirect
+
+      # This defines the before_foo method, called before performing the foo action.
+      before
+
+      # This defines the after_foo method, called after successfully performing the foo action.
+      after
+
+      # This defines a loaded_templates method that calls super and adds 'foo' as one of the
+      # templates.  This is necessary for precompilation of templates to work.
+      loaded_templates ['foo']
+
+      # auth_value_method is a generic method that takes two arguments, a method to define
+      # and a default value.  It is similar to the methods above, except that it allows
+      # arbitrary method names.  The notice_flash, error_flash, button, and additional_form_tags
+      # methods are actually defined in terms of this method.
+      #
+      # So this particular method defines a foo_error_status method that will return 401 by
+      # default, but also adds a cofniguration method that allows you to override the default.
+      auth_value_method :foo_error_status, 401
+
+      # This is similar to auth_value_method, but it only adds the configuration method.
+      # Using this should only be done if you have defining the method in the feature
+      # separately (see below).
+      auth_value_methods :foo_bar
+
+      # This is similar to auth_value_methods, but it changes the configuration method so that
+      # a block is required and you cannot provide an argument.  This is used for the cases
+      # where a statically defined value would never make sense, such as when any correct
+      # behavior would depend on accessing request-specific information.
+      auth_methods :foo
+
+      # route defines a route used for the feature.  This is the code that will be executed
+      # if a user goes to /foo in the Roda app.
+      route do |r|
+        # Inside the block, you are in the context of the Roda instance, just as you would
+        # be inside a Roda route block.  r is the RodaRequest instance, just as it would
+        # be for a Roda route block.
+
+        # route adds a before_foo_route method that by default does nothing. It also
+        # adds a configuration method that you can call to set behavior that will be
+        # executed before routing.
+        before_foo_route
+
+        # Just like in Roda, r.get is called for GET requests
+        r.get do
+          # This will render a view to the user, using the foo.erb template from the
+          # templates directory (unless the user has overridden it), inside the Roda
+          # application's layout.
+          foo_view
+        end
+
+        # Just like in Roda, r.post is called for GET requests
+        r.post do
+          # This is called before performing the foo action
+          before_foo
+
+          # This assumes foo returns false or nil on failure, or otherwise on
+          # success.
+          if foo 
+            # In general, Rodauth only calls after_foo if foo is successful.
+            after_foo
+
+            # Successful form submission will usually set the notice flash,
+            # the redirect to the appropriate page.
+            set_notice_flash foo_notice_flash
+            redirect foo_redirect
+          else
+            # Unsucessful form subsmission will usually set the error flash,
+            # the redisplay the page so that the submission can be fixed.
+            set_error_flash foo_error_flash
+            foo_view
+          end
+        end
+      end
+
+      # This is the default behavior for the foo method, if a user doesn't
+      # call the foo method inside the configuration block.
+      def foo
+        # Do Something
+      end
+
+      # This is the default behavior for the foo_bar method, if a user doesn't
+      # call the foo_bar method inside the configuration block.
+      def foo_bar
+        42
+      end
+    end
+  end

data/doc/release_notes/1.10.0.txt

@@ -0,0 +1,80 @@
+= New Features
+
+* A verify_login_change feature has been added.  This is designed
+  as a replacement for the previous verify_change_login feature,
+  which was problematic as it could result in a user being unable
+  to access their account if they used an incorrect email when
+  changing their login.
+
+  The verify_login_change feature does not change the user's login
+  until after the user has confirmed that they can receive email
+  using the new login.
+
+  The verify_login_change feature requires an additional database
+  table to store information on login changes, so it is not a
+  drop in replacement for the verify_change_login feature. However,
+  it is recommended that all users of verify_change_login switch
+  to verify_login_change.
+
+* If using the reset_password feature, there is now a link on the
+  login page to a page that will allow you to request a password
+  reset.  Previously you had to attempt to login with the account
+  in order to request a password reset.
+
+* If using the verify_account feature, there is now a link on the
+  login page to a page that will allow you to request that the
+  account verification email be resent.  Previously you had to
+  attempt to login with the account or attempt to create a new
+  account with the same login in order to get an account verification
+  email resent.
+
+* If using the reset_password feature, there is now a
+  login_failed_reset_password_request_form configuration method for
+  customizing the HTML used for the request password reset form shown
+  when there is a login failure.
+
+= Improvements
+
+* When using the verify_account_grace_period feature, attempting to
+  create a new account using the same login as an existing
+  unverified account now correctly offers the ability to resend the
+  account verification email.
+
+* The precompile_rodauth_templates method now works with the
+  reset_password feature.
+
+* When attempting to reopen a rodauth configuration in a subclass
+  of the Roda class that created the rodauth configuration, a
+  subclass of the rodauth configuration is now automatically
+  created.  This makes it so changes to the rodauth configuration
+  in the Roda subclass no longer affect the rodauth configuration
+  of the superclass.
+
+* The FeatureConfiguration instances for each feature are now
+  assigned to constants, making inspect output more descriptive.
+
+* An internals guide has been added, which explains the
+  metaprogramming used to implement Rodauth.
+
+= Backwards Compatibility
+
+* Any external features should start providing two arguments to
+  Feature.define, with the second argument being the constant
+  name to use.  So instead of:
+
+    module Rodauth
+      Foo = Feature.define(:foo) do
+        # ...
+      end
+    end
+
+  switch to:
+
+    module Rodauth
+      Feature.define(:foo, :Foo) do
+        # ...
+      end
+    end
+
+  This will ensure that the related FeatureConfiguration instance
+  is assigned to a constant.

data/doc/reset_password.rdoc

@@ -38,6 +38,8 @@ reset_password_request_additional_form_tags :: HTML fragment containing addition
 reset_password_request_button :: The text to use for the reset password request button.
 reset_password_request_error_flash :: The flash error to show if not able to send a reset
                                       password email.
+reset_password_request_link :: The HTML to use for a link to the page to request a password
+                               reset.
 reset_password_request_route :: The route to the reset password request action.
                                 Defaults to +reset-password-request+.
 reset_password_route :: The route to the reset password action. Defaults to
@@ -57,10 +59,13 @@ before_reset_password :: Run arbitrary code before resetting a password.
 before_reset_password_request :: Run arbitrary code before sending the reset password
                                  email.
 before_reset_password_route :: Run arbitrary code before handling a reset password route.
-create_reset_password_key :: A random string to use as a reset password key.
+create_reset_password_key :: Add the reset password key data to the database.
+create_reset_password_email :: A Mail::Message for the reset password email.
 get_reset_password_key(id) :: Get the password reset key for the given account id
                               from the database.
-create_reset_password_email :: A Mail::Message for the reset password email.
+login_failed_reset_password_request_form :: The HTML to use for a form to request a password
+                                            reset, shown on the login page after the user
+                                            tries to login with an invalid password.
 remove_reset_password_key :: Remove the reset password key for the current account,
                              run after successful password reset.
 reset_password_email_body :: The body to use for the reset password email.
@@ -69,5 +74,6 @@ reset_password_email_link :: The link to the reset password form in the reset
 reset_password_key_insert_hash :: The hash to insert into the reset password keys
                                   table.
 reset_password_key_value :: The reset password key for the current account.
+reset_password_request_view :: The HTML to use for the reset password request form.
 reset_password_view :: The HTML to use for the reset password form.
 send_reset_password_email :: Send the reset password email.

data/doc/verify_account.rdoc

@@ -38,6 +38,8 @@ verify_account_resend_button :: The text to use for the verify account resend bu
 verify_account_redirect :: Where to redirect after verifying the account.
 verify_account_resend_error_flash :: The flash error to show if unable to resend a
                                      verify account email.
+verify_account_resend_link :: The HTML to use for a link to the page to request
+                              the account verification email be resent.
 verify_account_resend_route :: The route to the verify account resend action.
                                Defaults to +verify-account-resend+.
 verify_account_route :: The route to the verify account action. Defaults to
@@ -52,10 +54,13 @@ account_from_verify_account_key(key) :: Retrieve the account using the given ver
                                         matches.
 after_verify_account :: Run arbitrary code after verifying the account.
 after_verify_account_resend :: Run arbitrary code after resending a verify account email.
+allow_resending_verify_account_email? :: Whether to allow sending the verify account email
+                                         for the account, true by default only if the
+                                         account has not been verified.
 before_verify_account :: Run arbitrary code before verifying the account.
 before_verify_account_resend :: Run arbitrary code before resending a verify account email.
 before_verify_account_route :: Run arbitrary code before handling a verify account route.
-create_verify_account_key :: A random string to use as a verify account key.
+create_verify_account_key :: Add the verify account key data to the database.
 create_verify_account_email :: A Mail::Message for the verify account email.
 get_verify_account_key(id) :: Get the verify account key for the given account id
                               from the database.
@@ -70,4 +75,5 @@ verify_account_email_link :: The link to the verify account form in the verify
                              account email.
 verify_account_key_insert_hash :: The hash to insert into the verify account keys
                                   table.
+verify_account_key_value :: The value of the verify account key.
 verify_account_view :: The HTML to use for the verify account form.

data/doc/verify_change_login.rdoc

@@ -1,9 +1,11 @@
 = Documentation for Verify Change Login Feature
 
+This feature is deprecated, because it is possible for a user to get
+locked out of their account if they use the wrong address on the
+change login page.  It is recommended that users switch to using the
+verify login change feature, which doesn't change the login until
+after it has been verified.
+
 The verify change login feature implements account reverification after
-change login.  Any time you use the verify account and change login
-features together, you should probably use this, otherwise it is trivial
-for users to work around account verification by creating an account with
-an email address they control, and the changing the login to an email
-address they don't control.  Depends on the change login and verify
-account grace period features.
+change login.  Depends on the change login and verify account grace
+period features.

data/doc/verify_login_change.rdoc

@@ -0,0 +1,52 @@
+= Documentation for Verify Login Change Feature
+
+The verify login change feature implements login verification after
+a login change.  With this feature, login changes do not take effect
+until after the user has verified the new login.  Until the new
+login has been verified, the old login continues to work.
+
+Any time you use the verify login change and change login features together,
+you should probably use this, otherwise it is trivial for users to work
+around account verification by creating an account with an email address
+they control, and the changing the login to an email address they don't
+control.  Depends on the change login and email base features.
+
+== Auth Value Methods
+
+no_matching_verify_login_change_key_message :: The flash error message to show when an invalid verify login change key is used.
+verify_login_change_additional_form_tags :: HTML fragment containing additional form tags to use on the verify login change form.
+verify_login_change_autologin? :: Whether to autologin the user after successful login change verification, false by default.
+verify_login_change_button :: The text to use for the verify login change button.
+verify_login_change_deadline_column :: The column name in the verify login change keys table storing the deadline after which the token will be ignored.
+verify_login_change_deadline_interval :: The amount of time for which to allow users to verify login changes, 1 day by default.
+verify_login_change_email_subject :: The subject to use for the verify login change email.
+verify_login_change_error_flash :: The flash error to show if no matching key is submitted when verifying login change.
+verify_login_change_id_column :: The id column in the verify login change keys table, should be a foreign key referencing the accounts table.
+verify_login_change_key_column :: The verify login change key/token column in the verify login change keys table.
+verify_login_change_key_param :: The parameter name to use for the verify login change key.
+verify_login_change_login_column :: The login column in the verify login change keys table, containing the new login.
+verify_login_change_notice_flash :: The flash notice to show after verifying the login change.
+verify_login_change_redirect :: Where to redirect after verifying the login change.
+verify_login_change_route :: The route to the verify login change action. Defaults to +verify-login-change+.
+verify_login_change_session_key :: The key in the session to hold the verify login change key temporarily.
+verify_login_change_table :: The name of the verify login change keys table.
+
+== Auth Methods
+
+account_from_verify_login_change_key(key) :: Retrieve the account using the given verify account key, or return nil if no account matches.  Should also override verify_login_change_new_login if overriding this method.
+after_verify_login_change :: Run arbitrary code after verifying the login change.
+before_verify_login_change :: Run arbitrary code before verifying the login change.
+before_verify_login_change_route :: Run arbitrary code before handling a verify login change route.
+create_verify_login_change_email(login) :: A Mail::Message for the verify login change email.
+create_verify_login_change_key(login) :: Add the verify login change key data to the database.
+get_verify_login_change_login_and_key(id) :: Get the verify login change login and key for the given account id from the database.
+remove_verify_login_change_key :: Remove the verify login change key for the current account, run after successful login change verification.
+send_verify_login_change_email(login) :: Send the verify login change email.
+verify_login_change :: Change the login for the given account to the new login.
+verify_login_change_email_body :: The body to use for the verify login change email.
+verify_login_change_email_link :: The link to the verify login change form in the verify login change email.
+verify_login_change_key_insert_hash(login) :: The hash to insert into the verify login change keys table.
+verify_login_change_key_value :: The value of the verify login change key.
+verify_login_change_new_login :: The new login to use when the login change is verified.
+verify_login_change_old_login :: The old login to display in the verify login change email.
+verify_login_change_view :: The HTML to use for the verify login change form.

data/lib/rodauth/features/account_expiration.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  AccountExpiration = Feature.define(:account_expiration) do
+  Feature.define(:account_expiration, :AccountExpiration) do
     error_flash "You cannot log into this account as it has expired"
     redirect
     after

data/lib/rodauth/features/base.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  Base = Feature.define(:base) do
+  Feature.define(:base, :Base) do
     after 'login'
     after 'login_failure'
     before 'login'

data/lib/rodauth/features/change_login.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  ChangeLogin = Feature.define(:change_login) do
+  Feature.define(:change_login, :ChangeLogin) do
     depends :login_password_requirements_base
 
     notice_flash 'Your login has been changed'
@@ -63,11 +63,18 @@ module Rodauth
     end
 
     def change_login(login)
-      updated = nil
       if account_ds.get(login_column).downcase == login.downcase
         @login_requirement_message = 'same as current login'
         return false
       end
+
+      update_login(login)
+    end
+
+    private
+
+    def update_login(login)
+      updated = nil
       raised = raises_uniqueness_violation?{updated = update_account({login_column=>login}, account_ds.exclude(login_column=>login)) == 1}
       if raised
         @login_requirement_message = 'already an account with this login'

data/lib/rodauth/features/change_password.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  ChangePassword = Feature.define(:change_password) do
+  Feature.define(:change_password, :ChangePassword) do
     depends :login_password_requirements_base
 
     notice_flash 'Your password has been changed'

data/lib/rodauth/features/close_account.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  CloseAccount = Feature.define(:close_account) do
+  Feature.define(:close_account, :CloseAccount) do
     notice_flash 'Your account has been closed'
     error_flash 'There was an error closing your account'
     loaded_templates %w'close-account password-field'

data/lib/rodauth/features/confirm_password.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  ConfirmPassword = Feature.define(:confirm_password) do
+  Feature.define(:confirm_password, :ConfirmPassword) do
     notice_flash "Your password has been confirmed"
     error_flash "There was an error confirming your password"
     loaded_templates %w'confirm-password password-field'

data/lib/rodauth/features/create_account.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  CreateAccount = Feature.define(:create_account) do
+  Feature.define(:create_account, :CreateAccount) do
     depends :login_password_requirements_base
 
     depends :login

data/lib/rodauth/features/disallow_password_reuse.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  DisallowPasswordReuse = Feature.define(:disallow_password_reuse) do
+  Feature.define(:disallow_password_reuse, :DisallowPasswordReuse) do
     depends :login_password_requirements_base
 
     auth_value_method :password_same_as_previous_password_message, "same as previous password"