rodauth 1.17.0 → 1.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b1798ddc466406349db5af1aade5b74cc46996c13c2fa67deaba0b4dd868f5a8
-  data.tar.gz: fc4232e2eefd30d947285667355fe67bfcd3cd8bb8271d5137f812da525b7ff2
+  metadata.gz: 0005c04210782f2fa730e3078b9c757930c7a9980cd9cb7228da66277175bc7a
+  data.tar.gz: c036f628ddf2479c303cb53b32c67f3b55b63d41037168ff7444c3f32fc4a3dd
 SHA512:
-  metadata.gz: cb68af1641b0c62f21ac2c0dca6fff2384e4fd45e6110e0bf4ef7ebf7d037475aa0a6f2caa84218303c49be23fc0d05a0735e484374bc9bb4b229967cd9574b2
-  data.tar.gz: e2d63f243e0ebfded4b2145cec4b2ae6c9f27980e4a41c9de2b2726aeb22fa4e488a1ae68defb33adfe724666aa6d41649694d06aec06b7de8fd6abe85b57304
+  metadata.gz: 13da13bd1f74c5ceb9cc3d00983e832039d1081c532a49a0901a56d9f1242b2d04848d27f2672c6187a7f51343a94fc079d29d3363464562171a120c26b76325
+  data.tar.gz: fc56e0f75f4d095d1b326301e282eac64bbbfb8a52ccbce78aacc4dcb76288db1edb4d009d3ed234865449afd48cbba43e022b9b2d3f52ba838df703a3b62d38

data/CHANGELOG

@@ -1,3 +1,11 @@
+=== 1.18.0 (2018-07-18)
+
+* Add confirm_password_redirect_session_key configuration method to confirm_password feature (jeremyevans)
+
+* Work with Roda sessions plugin, using string keys for session information if that is used (jeremyevans)
+
+* Add flash_error_key and flash_notice_key configuration for setting keys used in flash (jeremyevans)
+
 === 1.17.0 (2018-06-11)
 
 * Support Roda route_csrf plugin for request-specific CSRF tokens (jeremyevans)

data/doc/base.rdoc

@@ -41,6 +41,8 @@ cache_templates :: Whether to cache templates. True by default. It may be worth
                    switching this to false in development if you are using your
                    own templates instead of the templates provided by Rodauth.
 default_redirect :: Where to redirect after most successful actions.
+flash_error_key :: The flash key to use for error messages (default: +:error+).
+flash_notice_key :: The flash key to use for notice messages (default: +:notice+).
 invalid_field_error_status :: The response status to use for invalid field
                               value errors, 422 by default.
 invalid_key_error_status :: The response status to use for invalid key codes,

data/doc/confirm_password.rdoc

@@ -10,7 +10,8 @@ confirm_password_additional_form_tags :: HTML fragment containing additional for
 confirm_password_button :: The text to use for the confirm password button.
 confirm_password_error_flash :: The flash error to show if password confirmation is unsuccessful.
 confirm_password_notice_flash :: The flash notice to show after password confirmed successful.
-confirm_password_redirect :: Where to redirect after successful password confirmation. By default, uses <tt>session[:confirm_password_redirect]</tt> if set, allowing an easy way to redirect back to the page requesting password confirmation.
+confirm_password_redirect :: Where to redirect after successful password confirmation. By default, uses <tt>session[confirm_password_redirect_session_key]</tt> if set, allowing an easy way to redirect back to the page requesting password confirmation.
+confirm_password_redirect_session_key :: The session key used to check for the confirm_password_redirect.
 confirm_password_route :: The route to the confirm password form. Defaults to
                           +confirm-password+.
 

data/doc/release_notes/1.18.0.txt

@@ -0,0 +1,26 @@
+= New Features
+
+* flash_error_key and flash_notice_key configuration methods have
+  been added for setting the keys used in the flash hash.
+
+* A confirm_password_redirect_session_key configuration method was
+  added for configuring the session key used for storing the
+  confirm password redirect.
+
+= Other Improvements
+
+* Support for the new Roda sessions plugin has been added. Rodauth
+  now recognizes the :sessions_convert_symbols Roda application option
+  and will default to using string keys instead of symbol keys for
+  session and flash values if the application option is set.
+
+= Backwards Compatibility
+
+* If the :sessions_convert_symbols Roda application option is used,
+  and the jwt feature is used and the jwt_symbolize_deeply?
+  configuration method is not used, then the session data will not
+  have the top-level data converted to symbols.
+
+* If the Roda application defines a clear_session method in the scope,
+  that method is now called by Rodauth to clear the session data. This
+  is for better integration with the Roda sessions plugin.

data/lib/rodauth.rb

@@ -179,6 +179,11 @@ module Rodauth
       auth_value_method(:"#{name}_additional_form_tags", nil)
     end
 
+    def session_key(meth, value)
+      define_method(meth){convert_session_key(value)}
+      auth_value_methods(meth)
+    end
+
     def auth_value_method(meth, value)
       define_method(meth){value}
       auth_value_methods(meth)

data/lib/rodauth/features/base.rb

@@ -19,6 +19,8 @@ module Rodauth
     auth_value_method :accounts_table, :accounts
     auth_value_method :cache_templates, true
     auth_value_method :default_redirect, '/'
+    session_key :flash_error_key, :error
+    session_key :flash_notice_key, :notice
     auth_value_method :invalid_field_error_status, 422
     auth_value_method :invalid_key_error_status, 401
     auth_value_method :invalid_password_error_status, 401
@@ -36,7 +38,7 @@ module Rodauth
     auth_value_method :password_label, 'Password'
     auth_value_method :password_param, 'password'
     auth_value_method :modifications_require_password?, true
-    auth_value_method :session_key, :account_id
+    session_key :session_key, :account_id
     auth_value_method :prefix, ''
     auth_value_method :require_bcrypt?, true
     auth_value_method :skip_status_checks?, true
@@ -181,7 +183,11 @@ module Rodauth
     end
 
     def clear_session
-      session.clear
+      if scope.respond_to?(:clear_session)
+        scope.clear_session
+      else
+        session.clear
+      end
     end
 
     def login_required
@@ -197,19 +203,19 @@ module Rodauth
     end
 
     def set_error_flash(message)
-      flash.now[:error] = message
+      flash.now[flash_error_key] = message
     end
 
     def set_redirect_error_flash(message)
-      flash[:error] = message
+      flash[flash_error_key] = message
     end
 
     def set_notice_flash(message)
-      flash[:notice] = message
+      flash[flash_notice_key] = message
     end
 
     def set_notice_now_flash(message)
-      flash.now[:notice] = message
+      flash.now[flash_notice_key] = message
     end
 
     def require_login
@@ -330,6 +336,10 @@ module Rodauth
       # :nocov:
     end
 
+    def convert_session_key(key)
+      scope.opts[:sessions_convert_symbols] ? key.to_s : key
+    end
+
     def timing_safe_eql?(provided, actual)
       provided = provided.to_s
       Rack::Utils.secure_compare(provided.ljust(actual.length), actual) && provided.length == actual.length

data/lib/rodauth/features/confirm_password.rb

@@ -11,6 +11,7 @@ module Rodauth
     before
     after
 
+    session_key :confirm_password_redirect_session_key, :confirm_password_redirect
     auth_value_methods :confirm_password_redirect
 
     auth_methods :confirm_password
@@ -46,7 +47,7 @@ module Rodauth
     end
 
     def confirm_password_redirect
-      session.delete(:confirm_password_redirect) || default_redirect
+      session.delete(confirm_password_redirect_session_key) || default_redirect
     end
   end
 end

data/lib/rodauth/features/jwt.rb

@@ -61,6 +61,8 @@ module Rodauth
         if session_data
           if jwt_symbolize_deeply?
             s = JSON.parse(JSON.fast_generate(session_data), :symbolize_names=>true)
+          elsif scope.opts[:sessions_convert_symbols]
+            s = session_data
           else
             session_data.each{|k,v| s[k.to_sym] = v}
           end

data/lib/rodauth/features/lockout.rb

@@ -36,7 +36,7 @@ module Rodauth
     auth_value_method :unlock_account_email_subject, 'Unlock Account'
     auth_value_method :unlock_account_key_param, 'key'
     auth_value_method :unlock_account_requires_password?, false
-    auth_value_method :unlock_account_session_key, :unlock_account_key
+    session_key :unlock_account_session_key, :unlock_account_key
 
     auth_value_methods(
       :unlock_account_redirect,

data/lib/rodauth/features/password_expiration.rb

@@ -15,7 +15,7 @@ module Rodauth
     auth_value_method :password_expiration_table, :account_password_change_times
     auth_value_method :password_expiration_id_column, :id
     auth_value_method :password_expiration_changed_at_column, :changed_at
-    auth_value_method :password_changed_at_session_key, :password_changed_at
+    session_key :password_changed_at_session_key, :password_changed_at
     auth_value_method :password_expiration_default, false
 
     auth_methods(

data/lib/rodauth/features/password_grace_period.rb

@@ -3,7 +3,7 @@
 module Rodauth
   Feature.define(:password_grace_period, :PasswordGracePeriod) do
     auth_value_method :password_grace_period, 300
-    auth_value_method :last_password_entry_session_key, :last_password_entry
+    session_key :last_password_entry_session_key, :last_password_entry
 
     def modifications_require_password?
       return false unless super

data/lib/rodauth/features/remember.rb

@@ -19,7 +19,7 @@ module Rodauth
     auth_value_method :remember_cookie_options, {}
     auth_value_method :extend_remember_deadline?, false
     auth_value_method :remember_period, {:days=>14}
-    auth_value_method :remembered_session_key, :remembered
+    session_key :remembered_session_key, :remembered
     auth_value_method :remember_deadline_interval, {:days=>14}
     auth_value_method :remember_id_column, :id
     auth_value_method :remember_key_column, :key

data/lib/rodauth/features/reset_password.rb

@@ -31,7 +31,7 @@ module Rodauth
     auth_value_method :reset_password_table, :account_password_reset_keys
     auth_value_method :reset_password_id_column, :id
     auth_value_method :reset_password_key_column, :key
-    auth_value_method :reset_password_session_key, :reset_password_key
+    session_key :reset_password_session_key, :reset_password_key
 
     auth_value_methods :reset_password_email_sent_redirect, :reset_password_request_link
 

data/lib/rodauth/features/session_expiration.rb

@@ -5,10 +5,10 @@ module Rodauth
     error_flash "This session has expired, please login again."
 
     auth_value_method :max_session_lifetime, 86400
-    auth_value_method :session_created_session_key, :session_created_at
+    session_key :session_created_session_key, :session_created_at
     auth_value_method :session_expiration_default, true
     auth_value_method :session_inactivity_timeout, 1800
-    auth_value_method :session_last_activity_session_key, :last_session_activity_at
+    session_key :session_last_activity_session_key, :last_session_activity_at
 
     auth_value_methods :session_expiration_redirect
     

data/lib/rodauth/features/single_session.rb

@@ -7,7 +7,7 @@ module Rodauth
 
     auth_value_method :single_session_id_column, :id
     auth_value_method :single_session_key_column, :key
-    auth_value_method :single_session_session_key, :single_session_key
+    session_key :single_session_session_key, :single_session_key
     auth_value_method :single_session_table, :account_session_keys
 
     auth_methods(

data/lib/rodauth/features/two_factor_base.rb

@@ -17,8 +17,8 @@ module Rodauth
     auth_value_method :two_factor_need_authentication_error_status, 401
     auth_value_method :two_factor_not_setup_error_status, 403
 
-    auth_value_method :two_factor_session_key, :two_factor_auth
-    auth_value_method :two_factor_setup_session_key, :two_factor_auth_setup
+    session_key :two_factor_session_key, :two_factor_auth
+    session_key :two_factor_setup_session_key, :two_factor_auth_setup
     auth_value_method :two_factor_need_setup_redirect, nil
 
     auth_value_methods(

data/lib/rodauth/features/verify_account.rb

@@ -31,7 +31,7 @@ module Rodauth
     auth_value_method :verify_account_table, :account_verification_keys
     auth_value_method :verify_account_id_column, :id
     auth_value_method :verify_account_key_column, :key
-    auth_value_method :verify_account_session_key, :verify_account_key
+    session_key :verify_account_session_key, :verify_account_key
     auth_value_method :verify_account_set_password?, false
 
     auth_methods(

data/lib/rodauth/features/verify_account_grace_period.rb

@@ -7,7 +7,7 @@ module Rodauth
     redirect :unverified_change_login
 
     auth_value_method :verification_requested_at_column, :requested_at
-    auth_value_method :unverified_account_session_key, :unverified_account
+    session_key :unverified_account_session_key, :unverified_account
     auth_value_method :verify_account_grace_period, 86400
 
     auth_methods(

data/lib/rodauth/features/verify_login_change.rb

@@ -23,7 +23,7 @@ module Rodauth
     auth_value_method :verify_login_change_key_column, :key
     auth_value_method :verify_login_change_key_param, 'key'
     auth_value_method :verify_login_change_login_column, :login
-    auth_value_method :verify_login_change_session_key, :verify_login_change_key
+    session_key :verify_login_change_session_key, :verify_login_change_key
     auth_value_method :verify_login_change_table, :account_login_change_keys
 
     auth_methods(

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 1
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 17
+  MINOR = 18
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/spec/create_account_spec.rb

@@ -84,8 +84,8 @@ describe 'Rodauth create_account feature' do
     end
     roda do |r|
       r.rodauth
-      next unless session[:account_id]
-      r.root{view :content=>"Logged In: #{DB[:accounts].where(:id=>session[:account_id]).get(:email)}"}
+      next unless rodauth.logged_in?
+      r.root{view :content=>"Logged In: #{DB[:accounts].where(:id=>rodauth.session_value).get(:email)}"}
     end
 
     visit '/create-account'

data/spec/login_spec.rb

@@ -5,7 +5,7 @@ describe 'Rodauth login feature' do
     rodauth{enable :login, :logout}
     roda do |r|
       r.rodauth
-      next unless session[:account_id]
+      next unless rodauth.logged_in?
       r.root{view :content=>"Logged In"}
     end
 
@@ -41,7 +41,7 @@ describe 'Rodauth login feature' do
     end
     roda do |r|
       r.rodauth
-      next unless session[:account_id]
+      next unless rodauth.logged_in?
       r.root{view :content=>"Logged In"}
     end
 
@@ -58,13 +58,13 @@ describe 'Rodauth login feature' do
     roda do |r|
       r.post 'login' do
         if r.params['login'] == 'apple' && r.params['password'] == 'banana'
-          session[:user_id] = 'pear'
+          session['user_id'] = 'pear'
           r.redirect '/'
         end
         r.redirect '/login'
       end
       r.rodauth
-      next unless session[:user_id] == 'pear'
+      next unless session['user_id'] == 'pear'
       r.root{"Logged In"}
     end
 
@@ -89,14 +89,14 @@ describe 'Rodauth login feature' do
         password == 'banana'
       end
       update_session do
-        session[:user_id] = 'pear'
+        session['user_id'] = 'pear'
       end
       no_matching_login_message "no user"
       invalid_password_message "bad password"
     end
     roda do |r|
       r.rodauth
-      next unless session[:user_id] == 'pear'
+      next unless session['user_id'] == 'pear'
       r.root{"Logged In"}
     end
 
@@ -116,7 +116,7 @@ describe 'Rodauth login feature' do
     rodauth do
       enable :login, :logout
       prefix 'auth'
-      session_key :login_email
+      session_key 'login_email'
       account_from_session{DB[:accounts].first(:email=>session_value)}
       account_session_value{account[:email]}
       login_param{param('lp')}
@@ -132,7 +132,7 @@ describe 'Rodauth login feature' do
       r.on 'auth' do
         r.rodauth
       end
-      next unless session[:login_email] =~ /example/
+      next unless session['login_email'] =~ /example/
       r.get('foo', :email){|e| "Logged In: #{e}"}
     end
     app.plugin :render, :views=>'spec/views', :engine=>'str'

data/spec/remember_spec.rb

@@ -223,7 +223,7 @@ describe 'Rodauth remember feature' do
         rodauth.load_memory
         r.redirect '/'
       end
-      r.root{rodauth.logged_in? ? "Logged In#{session[:remembered]}" : "Not Logged In"}
+      r.root{rodauth.logged_in? ? "Logged In#{session[rodauth.remembered_session_key]}" : "Not Logged In"}
     end
 
     login

data/spec/rodauth_spec.rb

@@ -25,6 +25,25 @@ describe 'Rodauth' do
     page.title.must_equal 'Foo Login'
   end
 
+  it "should support flash_error_key and flash_notice_key" do
+    rodauth do
+      enable :login
+      template_opts(:layout_opts=>{:path=>'spec/views/layout-other.str'})
+      flash_error_key 'error2'
+      flash_notice_key 'notice2'
+    end
+    roda do |r|
+      r.rodauth
+      rodauth.require_login
+      view(:content=>'', :layout_opts=>{:path=>'spec/views/layout-other.str'})
+    end
+
+    visit '/'
+    page.html.must_include 'Please login to continue'
+    login(:visit=>false)
+    page.html.must_include 'You have been logged in'
+  end
+
   it "should work without preloading the templates" do
     @no_precompile = true
     rodauth do
@@ -263,10 +282,12 @@ describe 'Rodauth' do
   end
 
   it "should support :csrf=>false and :flash=>false plugin options" do
-    rodauth{}
-    roda(:csrf=>false, :flash=>false){}
-    app.instance_variable_get(:@middleware).length.must_equal 1
-    app.ancestors.map(&:to_s).wont_include 'Roda::RodaPlugins::Flash::InstanceMethods'
+    c = Class.new(Roda)
+    c.plugin(:rodauth, :csrf=>false, :flash=>false){}
+    c.route{}
+    c.instance_variable_get(:@middleware).length.must_equal 0
+    c.ancestors.map(&:to_s).wont_include 'Roda::RodaPlugins::Flash::InstanceMethods'
+    c.ancestors.map(&:to_s).wont_include 'Roda::RodaPlugins::RouteCsrf::InstanceMethods'
   end
 
   it "should inherit rodauth configuration in subclass" do
@@ -286,7 +307,7 @@ describe 'Rodauth' do
     page.html.must_equal 'foo'
 
     a = Class.new(app)
-    a.plugin(:rodauth){auth_class_eval{def foo; "#{super}bar" end}}
+    a.plugin(:rodauth, rodauth_opts){auth_class_eval{def foo; "#{super}bar" end}}
     a.rodauth.superclass.must_equal auth_class
 
     visit '/'

data/spec/session_expiration_spec.rb

@@ -13,8 +13,8 @@ describe 'Rodauth session expiration feature' do
     roda do |r|
       rodauth.check_session_expiration
       r.rodauth
-      r.get("remove-creation"){session.delete(:session_created_at); r.redirect '/'}
-      r.get("set-creation"){session[:session_created_at] = Time.now.to_i - 100000; r.redirect '/'}
+      r.get("remove-creation"){session.delete(rodauth.session_created_session_key); r.redirect '/'}
+      r.get("set-creation"){session[rodauth.session_created_session_key] = Time.now.to_i - 100000; r.redirect '/'}
       r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
     end
 

data/spec/single_session_spec.rb

@@ -8,7 +8,7 @@ describe 'Rodauth single session feature' do
     roda do |r|
       rodauth.check_single_session
       r.rodauth
-      r.is("clear"){session.delete(:single_session_key); DB[:account_session_keys].delete; r.redirect '/'}
+      r.is("clear"){session.delete(rodauth.single_session_session_key); DB[:account_session_keys].delete; r.redirect '/'}
       r.root{view :content=>rodauth.logged_in? ? "Logged In" : "Not Logged"}
     end
 

data/spec/spec_helper.rb

@@ -29,6 +29,7 @@ require 'capybara'
 require 'capybara/dsl'
 require 'rack/test'
 require 'stringio'
+require 'securerandom'
 
 ENV['MT_NO_PLUGINS'] = '1' # Work around stupid autoloading of plugins
 gem 'minitest'
@@ -72,9 +73,23 @@ ENV['RACK_ENV'] = 'test'
 end
 
 Base = Class.new(Roda)
+Base.plugin :flash
 Base.plugin :render, :layout_opts=>{:path=>'spec/views/layout.str'}
 Base.plugin(:not_found){raise "path #{request.path_info} not found"}
-Base.use Rack::Session::Cookie, :secret=>'0123456789'
+
+if defined?(Roda::RodaVersionNumber) && Roda::RodaVersionNumber >= 30100
+  if ENV['RODA_ROUTE_CSRF'] == '0'
+    require 'roda/session_middleware'
+    Base.opts[:sessions_convert_symbols] = true
+    Base.use RodaSessionMiddleware, :secret=>SecureRandom.random_bytes(64), :key=>'rack.session'
+  else
+    ENV['RODA_ROUTE_CSRF'] ||= '1'
+    Base.plugin :sessions, :secret=>SecureRandom.random_bytes(64), :key=>'rack.session'
+  end
+else
+  Base.use Rack::Session::Cookie, :secret => '0123456789'
+end
+
 class Base
   attr_writer :title
 end
@@ -200,7 +215,8 @@ class Minitest::HooksSpec
            "SCRIPT_NAME" => "",
            "CONTENT_TYPE" => params.delete(:content_type) || "application/json",
            "SERVER_NAME" => 'example.com',
-           "rack.input"=>StringIO.new((params || {}).to_json)
+           "rack.input"=>StringIO.new((params || {}).to_json),
+           "rack.errors"=>$stderr
     }
 
     if @authorization
@@ -215,7 +231,11 @@ class Minitest::HooksSpec
     r = @app.call(env)
 
     if cookie = r[1]['Set-Cookie']
-      @cookie = cookie
+      if cookie.include?('expires=Thu, 01 Jan 1970 00:00:00 -0000')
+        @cookie = nil
+      else
+        @cookie = cookie.split(';', 2)[0]
+      end
     end
     if authorization = r[1]['Authorization']
       @authorization = authorization

data/spec/update_password_hash_spec.rb

@@ -11,7 +11,7 @@ describe 'Rodauth update_password feature' do
       end
       roda do |r|
         r.rodauth
-        next unless session[:account_id]
+        next unless rodauth.logged_in?
         rodauth.account_from_session
         r.root{rodauth.send(:get_password_hash)}
       end

data/spec/views/layout-other.str

@@ -4,8 +4,8 @@
 <title>Foo #{@title}</title>
 </head>
 <body>
-#{"<div id='error_flash'>#{flash[:error]}</div>" if flash[:error]}
-#{"<div id='notice_flash'>#{flash[:notice]}</div>" if flash[:notice]}
+#{"<div id='error_flash'>#{flash['error2']}</div>" if flash['error2']}
+#{"<div id='notice_flash'>#{flash['notice2']}</div>" if flash['notice2']}
 #{yield}
 </body>
 </html>

data/spec/views/layout.str

@@ -4,8 +4,8 @@
 <title>#{@title}</title>
 </head>
 <body>
-#{"<div id='error_flash'>#{flash[:error]}</div>" if flash[:error]}
-#{"<div id='notice_flash'>#{flash[:notice]}</div>" if flash[:notice]}
+#{"<div id='error_flash'>#{opts[:sessions_convert_symbols] ? flash['error'] : flash[:error]}</div>" if opts[:sessions_convert_symbols] ? flash['error'] : flash[:error]}
+#{"<div id='notice_flash'>#{opts[:sessions_convert_symbols] ? flash['notice'] : flash[:notice]}</div>" if opts[:sessions_convert_symbols] ? flash['notice'] : flash[:notice]}
 #{yield}
 </body>
 </html>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 1.17.0
+  version: 1.18.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-11 00:00:00.000000000 Z
+date: 2018-07-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -248,6 +248,7 @@ extra_rdoc_files:
 - doc/release_notes/1.7.0.txt
 - doc/release_notes/1.8.0.txt
 - doc/release_notes/1.9.0.txt
+- doc/release_notes/1.18.0.txt
 files:
 - CHANGELOG
 - MIT-LICENSE
@@ -287,6 +288,7 @@ files:
 - doc/release_notes/1.15.0.txt
 - doc/release_notes/1.16.0.txt
 - doc/release_notes/1.17.0.txt
+- doc/release_notes/1.18.0.txt
 - doc/release_notes/1.2.0.txt
 - doc/release_notes/1.3.0.txt
 - doc/release_notes/1.4.0.txt