rodauth 1.12.0 → 1.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 888e341c90edf3af686821f3d64998da9fcdd5cb
-  data.tar.gz: 5f50386e3657dce0c24b81465a2e54ad8c81221a
+  metadata.gz: f6c97c6e01c1026bf027fb99348421103909a668
+  data.tar.gz: 910777f85e599d240356aeb2eba4339db0c481c3
 SHA512:
-  metadata.gz: 2315ff44b30666ac9291217ba2c9fa2ecb928b0b6ac0919d4a6debc70ec093c1b42f1866191024ee00f0d086c9103b996b173e36a092b84eb56ea9017a7baea0
-  data.tar.gz: c432df2a344582f4aef84b7512fa4f5a5a72058dc9a8528ee315e95e21044bff3d46ac29052cc1a9968e5dd298370e447df31f31a19519880b5da200df680eb9
+  metadata.gz: c2a571d6eac5c96a458da39020a074edb561c2f71ef32a93382177fcdfe67d73d0ad5dd548255d7c8a09e9f9d67166becd616ec1d8c650d30d766a42b24990ae
+  data.tar.gz: '070838b8388668fa6c7ac73145c82dd0e825d61c83ea43e603789f1efd0383d3c57b147345f55b47d709f6a3786f475fc78fa2e1f5fd30213d6e691fcb6ba5ba'

data/CHANGELOG

@@ -1,3 +1,13 @@
+=== 1.13.0 (2017-11-21)
+
+* Add json_response_body(hash) configuration method to jwt feature (jeremyevans)
+
+* Support invalid_previous_password_message configuration method in change_password feature (jeremyevans)
+
+* Use custom error statuses if only_json? and json_response_custom_error_status? are true even if request isn't in json format (jeremyevans)
+
+* Add cache_templates configuration method for disabling caching of templates (adam12, jeremyevans) (#46)
+
 === 1.12.0 (2017-10-03)
 
 * [SECURITY] Clear expired password reset key for account before retrieving password reset key (chanks, jeremyevans) (#43)

data/README.rdoc

@@ -940,7 +940,7 @@ inside the middleware, you can easily provide a way for your
 application to call Rodauth methods.
 
 Here are some examples of integrating Rodauth into applications that
-doesn't use Roda:
+don't use Roda:
 
 * {Ginatra, a Sinatra-based git repository viewer}[https://github.com/jeremyevans/ginatra/commit/28108ebec96e8d42596ee55b01c3f7b50c155dd1] 
 * {Rodauth's demo site as a Rails application}[https://github.com/jeremyevans/rodauth-demo-rails] (

data/doc/base.rdoc

@@ -37,6 +37,9 @@ account_select :: An array of columns to select from +accounts_table+. By
                   default, selects all columns in the table.
 account_status_column :: The status id column in the account model.
 account_unverified_status_value :: The representating unverified accounts.
+cache_templates :: Whether to cache templates. True by default. It may be worth
+                   switching this to false in development if you are using your
+                   own templates instead of the templates provided by Rodauth.
 default_redirect :: Where to redirect after most successful actions.
 invalid_field_error_status :: The response status to use for invalid field
                               value errors, 422 by default.

data/doc/change_password.rdoc

@@ -25,3 +25,5 @@ after_change_password :: Run arbitrary code after successful password change.
 before_change_password :: Run arbitrary code before changing the password for an account.
 before_change_password_route :: Run arbitrary code before handling a change password route.
 change_password_view :: The HTML to use for the change password form.
+invalid_previous_password_message :: The message to use when the previous password was
+                                     incorrect.  Defaults to invalid_password_message.

data/doc/jwt.rdoc

@@ -66,6 +66,7 @@ use_jwt? :: Whether to use the JWT in the Authorization header for authenticatio
 == Auth Methods
 
 json_request? :: Whether the current request is a JSON request, looks at the Content-Type request header by default.
+json_response_body(hash) :: The body to use for JSON response.  By default just converts hash to JSON.  Can be used to reformat JSON output in arbitrary ways.
 jwt_session_hash :: The session hash used to create the session_jwt. Can be used to set JWT claims.
 jwt_token :: Retrieve the JWT token from the request, by default taking it from the Authorization header.
 session_jwt :: An encoded JWT for the current session.

data/doc/release_notes/1.13.0.txt

@@ -0,0 +1,34 @@
+= New Features
+
+* A cache_templates configuration method has been added, which can be
+  set to false to disable the default caching of templates.  The main
+  time you would want to use this is if you were overriding Rodauth's
+  templates with your own templates and modifying such templates in
+  development mode.  If that is the case, you may want to use
+  something like:
+
+    cache_templates(ENV['RACK_ENV'] != 'development')
+
+* An invalid_previous_password_message configuration method has been
+  added to the change_password feature, which overrides the default
+  invalid_password_message configuration method if the incorrect
+  previous password is used when changing the password.  This is
+  designed for use when invalid_password_message has been overridden
+  and the message doesn't make sense in the change password case.
+
+* A json_response_body(hash) configuration method has been added to
+  the jwt feature, allowing for custom formatting of the JSON
+  response body.  This is called with the hash to use in the
+  response, and should return a JSON-formatted string. Example:
+
+    json_response_body do |hash|
+      super('status'=>response.status, 'detail'=>hash)
+    end
+
+= Other Improvements
+
+* In the jwt feature, if json_response_custom_error_status? is set to
+  true, custom error statuses will be used if only_json? is set to
+  true, even if the request is not in JSON format.  Previously,
+  custom error statuses were only used if the request was in JSON
+  format.

data/lib/rodauth/features/base.rb

@@ -17,6 +17,7 @@ module Rodauth
     auth_value_method :account_status_column, :status_id
     auth_value_method :account_unverified_status_value, 1
     auth_value_method :accounts_table, :accounts
+    auth_value_method :cache_templates, true
     auth_value_method :default_redirect, '/'
     auth_value_method :invalid_field_error_status, 422
     auth_value_method :invalid_key_error_status, 401
@@ -235,9 +236,10 @@ module Rodauth
     end
 
     def button_opts(value, opts)
-      opts = {:locals=>{:value=>value, :opts=>opts}}
+      opts = Hash[template_opts].merge!(opts)
+      opts[:locals] = {:value=>value, :opts=>opts}
       opts[:path] = template_path('button')
-      opts[:cache] = true
+      opts[:cache] = cache_templates
       opts[:cache_key] = :rodauth_button
       opts
     end
@@ -516,7 +518,7 @@ module Rodauth
       opts = template_opts.dup
       opts[:locals] = opts[:locals] ? opts[:locals].dup : {}
       opts[:locals][:rodauth] = self
-      opts[:cache] = true
+      opts[:cache] = cache_templates
       opts[:cache_key] = :"rodauth_#{page}"
 
       scope.instance_exec do

data/lib/rodauth/features/change_password.rb

@@ -17,7 +17,10 @@ module Rodauth
     auth_value_method :new_password_label, 'New Password'
     auth_value_method :new_password_param, 'new-password'
 
-    auth_value_methods :change_password_requires_password?
+    auth_value_methods(
+      :change_password_requires_password?,
+      :invalid_previous_password_message
+    )
 
     route do |r|
       require_account
@@ -30,7 +33,7 @@ module Rodauth
       r.post do
         catch_error do
           if change_password_requires_password? && !password_match?(param(password_param))
-            throw_error_status(invalid_password_error_status, password_param, invalid_password_message)
+            throw_error_status(invalid_password_error_status, password_param, invalid_previous_password_message)
           end
 
           password = param(new_password_param)
@@ -63,5 +66,9 @@ module Rodauth
     def change_password_requires_password?
       modifications_require_password?
     end
+
+    def invalid_previous_password_message
+      invalid_password_message
+    end
   end
 end

data/lib/rodauth/features/jwt.rb

@@ -38,6 +38,8 @@ module Rodauth
       :set_jwt_token
     )
 
+    auth_private_methods :json_response_body
+
     def session
       return @session if defined?(@session)
       return super unless use_jwt?
@@ -163,7 +165,7 @@ module Rodauth
 
     def before_view_recovery_codes
       super if defined?(super)
-      if json_request?
+      if use_jwt?
         json_response[:codes] = recovery_codes
         json_response[json_response_success_key] ||= "" if include_success_messages?
       end
@@ -201,11 +203,15 @@ module Rodauth
       return_json_response
     end
 
+    def _json_response_body(hash)
+      request.send(:convert_to_json, hash)
+    end
+
     def return_json_response
       response.status ||= json_response_error_status if json_response[json_response_error_key]
       set_jwt
       response['Content-Type'] ||= json_response_content_type
-      response.write(request.send(:convert_to_json, json_response))
+      response.write(_json_response_body(json_response))
       request.halt
     end
 
@@ -214,13 +220,13 @@ module Rodauth
     end
 
     def set_redirect_error_status(status)
-      if json_request? && json_response_custom_error_status?
+      if use_jwt? && json_response_custom_error_status?
         response.status = status
       end
     end
 
     def set_response_error_status(status)
-      if json_request? && !json_response_custom_error_status?
+      if use_jwt? && !json_response_custom_error_status?
         status = json_response_error_status
       end
 

data/lib/rodauth/version.rb

@@ -1,7 +1,7 @@
 # frozen-string-literal: true
 
 module Rodauth
-  VERSION = '1.12.0'.freeze
+  VERSION = '1.13.0'.freeze
 
   def self.version
     VERSION

data/spec/change_password_spec.rb

@@ -91,6 +91,32 @@ describe 'Rodauth change_password feature' do
     page.find('#notice_flash').text.must_equal "Your password has been changed"
   end
 
+  it "should support invalid_previous_password_message" do
+    require_password = true
+    rodauth do
+      enable :login, :logout, :change_password
+      invalid_previous_password_message "Previous password not correct"
+    end
+    roda do |r|
+      r.rodauth
+      r.root{view :content=>""}
+    end
+
+    login
+    page.current_path.must_equal '/'
+
+    visit '/change-password'
+    page.title.must_equal 'Change Password'
+
+    fill_in 'Password', :with=>'0123456'
+    fill_in 'New Password', :with=>'0123456'
+    fill_in 'Confirm Password', :with=>'0123456'
+    click_button 'Change Password'
+    page.find('#error_flash').text.must_equal "There was an error changing your password"
+    page.body.must_include 'Previous password not correct'
+    page.current_path.must_equal '/change-password'
+  end
+
   it "should support setting requirements for passwords" do
     rodauth do
       enable :login, :create_account, :change_password

data/spec/jwt_spec.rb

@@ -33,6 +33,22 @@ describe 'Rodauth login feature' do
     res.must_equal [400, {'error'=>'invalid JWT format or claim in Authorization header'}]
   end
 
+  it "should use custom JSON error statuses even if the request isn't in JSON format if a JWT is in use" do
+    rodauth do
+      only_json? true
+    end
+    roda(:jwt) do |r|
+      r.rodauth
+      rodauth.require_authentication
+      '1'
+    end
+
+    status, headers, body = json_request("/", :headers=>{'CONTENT_TYPE'=>'text/html'}, :include_headers=>true)
+    status.must_equal 401
+    headers['Content-Type'].must_equal 'application/json'
+    JSON.parse(body.join).must_equal("error"=>"Please login to continue")
+  end
+
   it "should require json request content type in only json mode for rodauth endpoints only" do
     oj = false
     rodauth do
@@ -103,6 +119,21 @@ describe 'Rodauth login feature' do
     res.must_equal [405, {'error'=>'non-POST method used in JSON API'}]
   end
 
+  it "should allow customizing JSON response bodies" do
+    rodauth do
+      enable :login, :logout, :jwt
+      json_response_body do |hash|
+        super('status'=>response.status, 'detail'=>hash)
+      end
+    end
+    roda(:jwt) do |r|
+      r.rodauth
+    end
+
+    res = json_request("/login", :method=>'GET')
+    res.must_equal [405, {'status'=>405, 'detail'=>{'error'=>'non-POST method used in JSON API'}}]
+  end
+
   it "should support valid_jwt? method for checking for valid JWT tokens" do
     rodauth do
       enable :login, :logout, :jwt

data/spec/login_spec.rb

@@ -154,6 +154,30 @@ describe 'Rodauth login feature' do
     page.current_path.must_equal '/auth/lin'
   end
 
+  it "should use correct redirect paths when using prefix" do
+    rodauth do
+      enable :login, :logout
+      prefix '/auth'
+    end
+    roda do |r|
+      r.on 'auth' do
+        r.rodauth
+        rodauth.require_login
+      end
+      rodauth.send("#{r.remaining_path[1..-1]}_redirect")
+    end
+
+    visit '/login'
+    page.html.must_equal '/'
+    visit '/logout'
+    page.html.must_equal '/auth/login'
+    visit '/require_login'
+    page.html.must_equal '/auth/login'
+
+    visit '/auth'
+    page.current_path.must_equal '/auth/login'
+  end
+
   it "should login and logout via jwt" do
     rodauth do
       enable :login, :logout

data/spec/rodauth_spec.rb

@@ -38,6 +38,40 @@ describe 'Rodauth' do
     page.title.must_equal 'Login'
   end
 
+  it "should pick up template changes if not caching templates" do
+    begin
+      @no_freeze = true
+      cache = true
+      rodauth do
+        enable :login
+        cache_templates{cache}
+      end
+      roda do |r|
+        r.rodauth
+      end
+      dir = 'spec/views2'
+      file = "#{dir}/login.str"
+      app.plugin :render, :views=>dir, :engine=>'str'
+      Dir.mkdir(dir) unless File.directory?(dir)
+
+      text = File.read('spec/views/login.str')
+      File.open(file, 'wb'){|f| f.write text}
+      visit '/login'
+      page.all('label').first.text.must_equal 'Login'
+
+      File.open(file, 'wb'){|f| f.write text.gsub('Login', 'Banana')}
+      visit '/login'
+      page.all('label').first.text.must_equal 'Login'
+
+      cache = false
+      visit '/login'
+      page.all('label').first.text.must_equal 'Banana'
+    ensure
+      File.delete(file) if File.file?(file)
+      Dir.rmdir(dir) if File.directory?(dir)
+    end
+  end
+
   it "should require login to perform certain actions" do
     rodauth do
       enable :login, :change_password, :change_login, :close_account

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 1.12.0
+  version: 1.13.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-03 00:00:00.000000000 Z
+date: 2017-11-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -241,6 +241,7 @@ extra_rdoc_files:
 - doc/release_notes/1.10.0.txt
 - doc/release_notes/1.11.0.txt
 - doc/release_notes/1.12.0.txt
+- doc/release_notes/1.13.0.txt
 files:
 - CHANGELOG
 - MIT-LICENSE
@@ -272,6 +273,7 @@ files:
 - doc/release_notes/1.10.0.txt
 - doc/release_notes/1.11.0.txt
 - doc/release_notes/1.12.0.txt
+- doc/release_notes/1.13.0.txt
 - doc/release_notes/1.2.0.txt
 - doc/release_notes/1.3.0.txt
 - doc/release_notes/1.4.0.txt