rodauth 1.22.0 → 1.23.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3379479fde31b70cd341f7d862088a1c29f850a4293bbf08a4ddced9f152a026
-  data.tar.gz: 3ec8abcd54a4da0a230d8d5a064d75febc247ee6ed35e3282b9b3ab2e1dde21d
+  metadata.gz: e4306ff08603b48a95bc543ffe53188d28d71ffdf8bf7427b65f4384eab8f430
+  data.tar.gz: a7319dbdfa10b43743ec76f32453ef0d65f3b1a30945f9c3988c7b87c6a639a2
 SHA512:
-  metadata.gz: 6617d309568f8292c01d00343fdea602692fc6ca0be38d9846f0e8415a6da13cee10007e3286e03e2eb9170f693d4b2420861167225aab35ebea87b111627819
-  data.tar.gz: 30efd30667ccb724c0796aa58123beb4d2711ac92a032be21d900ae74391901521d60b6b4806463494fc748461ecac3adb28ce3bf7c1956e6dcd4b72b0fea963
+  metadata.gz: 21d00b963f35ce2f356ba139cc07f0e0612484cc55a42efe5502f8401b8c373eeab2b2c71c92f68a2886d523e0b73a5fda80b5137fecec5b26ca9a0f517a3040
+  data.tar.gz: c5947144c88fbe98c31a2a24cd7a349953f8ff1717b9258f39ff58cbd98de85fb36abf6912b51496b6965ed7367f3fc13aad702db9443e587d9bde15dfc7c7c7

data/CHANGELOG

@@ -1,3 +1,15 @@
+=== 1.23.0 (2020-03-06)
+
+* Remove specs from the gem to reduce gem size by over 20% (jeremyevans) 
+
+* Make rodauth.authenticated? return true on OTP setup page (jeremyevans) (#68)
+
+* Display link to email auth request form when user has entered login and incorrect password if using email_auth feature (janko) (#65)
+
+* Add *_path and *_url methods for all *_route methods (janko) (#64)
+
+* Add send_email configuration method for configuring how email is sent (janko) (#63)
+
 === 1.22.0 (2019-10-29)
 
 * Add jwt_cors feature to handle Cross-Origin Resource Sharing when using the jwt feature (jeremyevans)

data/README.rdoc

@@ -931,6 +931,10 @@ verified_account? :: (verify_grace_period feature) Whether the account is curren
                      login as they are in the grace period.
 locked_out? :: (lockout feature) Whether the account for the current session has been
                locked out.
+*_path :: One of these is added for each of the routes added by Rodauth, giving the
+          relative path to the route.
+*_url :: One of these is added for each of the routes added by Rodauth, giving the
+         absolute path to the routE.
 
 === With Multiple Configurations
 
@@ -1100,9 +1104,7 @@ Here are some examples of integrating Rodauth into applications that
 don't use Roda:
 
 * {Ginatra, a Sinatra-based git repository viewer}[https://github.com/jeremyevans/ginatra/commit/28108ebec96e8d42596ee55b01c3f7b50c155dd1] 
-* {Rodauth's demo site as a Rails application}[https://github.com/jeremyevans/rodauth-demo-rails] (
-  This uses the {roda-rails gem}[https://github.com/jeremyevans/roda-rails]
-  so that Rodauth uses Rails' CSRF and flash support)
+* {Rodauth's demo site as a Rails 6 application}[https://github.com/janko/rodauth-demo-rails]
 * {Grape application}[https://github.com/davydovanton/grape-rodauth]
 * {Hanami application}[https://github.com/davydovanton/rodauth_hanami]
 

data/doc/email_base.rdoc

@@ -25,3 +25,4 @@ email_to :: The email address to send emails to, by default the login of the
             current account.
 create_email(subject, body) :: Return a Mail::Message instance with the given subject
                                and body.
+send_email(email) :: Deliver a given Mail::Message instance.

data/doc/release_notes/1.23.0.txt

@@ -0,0 +1,32 @@
+= New Features
+
+* When the email_auth feature is used, the link to request email
+  authentication is now displayed if the user inputs an incorrect
+  password.  Previously, it was only shown if the user had not
+  yet entered a password.
+
+* A send_email configuration method has been added, which can be
+  overridden to customize email delivery (such as logging such
+  email). The configuration method block accepts a Mail::Message
+  argument.
+
+* All rodauth.*_route methods that return the name of the route
+  segment now have rodauth.*_path and rodauth.*_url equivalents,
+  which return the path and URL for the related routes, respectively.
+  The rodauth.*_path methods are useful when constructing links to
+  the related Rodauth pages on the same site, and the rodauth.*_url
+  methods are useful for constructing link to the Rodauth pages from
+  other sites or in email.
+
+= Other Improvements
+
+* Specs have been removed from the gem file, reducing gem size by
+  over 20%.
+
+* rodauth.authenticated? now returns true on the OTP setup page
+  when using the otp feature.  Previously, this method returned
+  false on the OTP setup page.  However, as the user has not yet
+  setup OTP when viewing this page, they should be considered
+  fully authenticated, as they would be if they viewed any other
+  page before setting up OTP.  This change probably only affects
+  cases where the layout uses rodauth.authenticated?.

data/lib/rodauth.rb

@@ -101,11 +101,14 @@ module Rodauth
     attr_accessor :configuration
 
     def route(name=feature_name, default=name.to_s.tr('_', '-'), &block)
-      auth_value_method "#{name}_route", default
+      route_meth = :"#{name}_route"
+      auth_value_method route_meth, default
+
+      define_method(:"#{name}_path") { route_path(send(route_meth)) }
+      define_method(:"#{name}_url") { route_url(send(route_meth)) }
 
       handle_meth = :"handle_#{name}"
       internal_handle_meth = :"_#{handle_meth}"
-      route_meth = :"#{name}_route"
       before route_meth
 
       unless block.arity == 1

data/lib/rodauth/features/base.rb

@@ -387,6 +387,14 @@ module Rodauth
       request.redirect(path)
     end
 
+    def route_path(route)
+      "#{prefix}/#{route}"
+    end
+
+    def route_url(route)
+      "#{request.base_url}#{route_path(route)}"
+    end
+
     def transaction(opts={}, &block)
       db.transaction(opts, &block)
     end

data/lib/rodauth/features/change_password_notify.rb

@@ -17,7 +17,7 @@ module Rodauth
     private
 
     def send_password_changed_email
-      create_password_changed_email.deliver!
+      send_email(create_password_changed_email)
     end
 
     def create_password_changed_email

data/lib/rodauth/features/create_account.rb

@@ -89,7 +89,7 @@ module Rodauth
     end
 
     def create_account_link
-      "<p><a href=\"#{prefix}/#{create_account_route}\">Create a New Account</a></p>"
+      "<p><a href=\"#{create_account_path}\">Create a New Account</a></p>"
     end
 
     def login_form_footer

data/lib/rodauth/features/email_auth.rb

@@ -135,7 +135,7 @@ module Rodauth
     end
 
     def send_email_auth_email
-      create_email_auth_email.deliver!
+      send_email(create_email_auth_email)
     end
 
     def email_auth_email_link
@@ -150,7 +150,7 @@ module Rodauth
 
     def login_form_footer
       footer = super
-      footer += @email_auth_request_form if @email_auth_request_form
+      footer += email_auth_request_form if valid_login_entered?
       footer
     end
 
@@ -166,9 +166,8 @@ module Rodauth
         redirect email_auth_email_sent_redirect
       else
         # If the account has a password hash, allow password login, but
-        # show form below to also login via email link.
+        # we will show form below to also login via email link.
         super
-        @email_auth_request_form = email_auth_request_form
       end
     end
 

data/lib/rodauth/features/email_base.rb

@@ -14,7 +14,8 @@ module Rodauth
 
     auth_methods(
       :create_email,
-      :email_to
+      :email_to,
+      :send_email
     )
 
     def post_configure
@@ -24,6 +25,10 @@ module Rodauth
 
     private
 
+    def send_email(email)
+      email.deliver!
+    end
+
     def create_email(subject, body)
       create_email_to(email_to, subject, body)
     end
@@ -46,7 +51,7 @@ module Rodauth
     end
 
     def token_link(route, param, key)
-      "#{request.base_url}#{prefix}/#{route}?#{param}=#{account_id}#{token_separator}#{convert_email_token_key(key)}"
+      "#{route_url(route)}?#{param}=#{account_id}#{token_separator}#{convert_email_token_key(key)}"
     end
 
     def convert_email_token_key(key)

data/lib/rodauth/features/lockout.rb

@@ -218,7 +218,7 @@ module Rodauth
 
     def send_unlock_account_email
       @unlock_account_key_value = get_unlock_account_key
-      create_unlock_account_email.deliver!
+      send_email(create_unlock_account_email)
     end
 
     def unlock_account_email_link

data/lib/rodauth/features/login.rb

@@ -69,12 +69,16 @@ module Rodauth
 
     def skip_login_field_on_login?
       return false unless use_multi_phase_login?
-      @valid_login_entered
+      valid_login_entered?
     end
 
     def skip_password_field_on_login?
       return false unless use_multi_phase_login?
-      @valid_login_entered != true
+      !valid_login_entered?
+    end
+
+    def valid_login_entered?
+      @valid_login_entered
     end
 
     def login_hidden_field

data/lib/rodauth/features/otp.rb

@@ -219,15 +219,17 @@ module Rodauth
     end
 
     def two_factor_authentication_setup?
-      super || otp_exists?
+      return true if super
+      return false if @otp_tmp_key
+      otp_exists?
     end
 
     def two_factor_need_setup_redirect
-      "#{prefix}/#{otp_setup_route}"
+      otp_setup_path
     end
 
     def two_factor_auth_required_redirect
-      "#{prefix}/#{otp_auth_route}"
+      otp_auth_path
     end
 
     def two_factor_remove
@@ -388,6 +390,7 @@ module Rodauth
     end
 
     def _otp_tmp_key(secret)
+      @otp_tmp_key = true
       @otp_user_key = nil
       @otp_key = secret
     end

data/lib/rodauth/features/password_expiration.rb

@@ -8,7 +8,7 @@ module Rodauth
     error_flash "Your password cannot be changed yet", 'password_not_changeable_yet'
 
     redirect :password_not_changeable_yet 
-    redirect(:password_change_needed){"#{prefix}/#{change_password_route}"}
+    redirect(:password_change_needed){change_password_path}
 
     auth_value_method :allow_password_change_after, -86400
     auth_value_method :require_password_change_after, 90*86400

data/lib/rodauth/features/recovery_codes.rb

@@ -23,8 +23,8 @@ module Rodauth
 
     notice_flash "Additional authentication recovery codes have been added.", 'recovery_codes_added'
 
-    redirect(:recovery_auth){"#{prefix}/#{recovery_auth_route}"}
-    redirect(:add_recovery_codes){"#{prefix}/#{recovery_codes_route}"}
+    redirect(:recovery_auth){recovery_auth_path}
+    redirect(:add_recovery_codes){recovery_codes_path}
 
     loaded_templates %w'add-recovery-codes recovery-auth recovery-codes password-field'
     view 'add-recovery-codes', 'Authentication Recovery Codes', 'add_recovery_codes'
@@ -146,7 +146,7 @@ module Rodauth
     end
 
     def otp_auth_form_footer
-      "#{super if defined?(super)}<p><a href=\"#{recovery_auth_route}\">Authenticate using recovery code</a></p>"
+      "#{super if defined?(super)}<p><a href=\"#{recovery_auth_path}\">Authenticate using recovery code</a></p>"
     end
 
     def otp_lockout_redirect

data/lib/rodauth/features/reset_password.rb

@@ -179,7 +179,7 @@ module Rodauth
     end
 
     def send_reset_password_email
-      create_reset_password_email.deliver!
+      send_email(create_reset_password_email)
     end
 
     def reset_password_email_link
@@ -197,7 +197,7 @@ module Rodauth
     end
 
     def reset_password_request_link
-      "<p><a href=\"#{prefix}/#{reset_password_request_route}\">Forgot Password?</a></p>"
+      "<p><a href=\"#{reset_password_request_path}\">Forgot Password?</a></p>"
     end
 
     def set_reset_password_email_last_sent

data/lib/rodauth/features/sms_codes.rb

@@ -45,10 +45,10 @@ module Rodauth
     redirect :sms_already_setup
     redirect :sms_confirm
     redirect :sms_disable
-    redirect(:sms_auth){"#{prefix}/#{sms_auth_route}"}
-    redirect(:sms_needs_confirmation){"#{prefix}/#{sms_confirm_route}"}
-    redirect(:sms_needs_setup){"#{prefix}/#{sms_setup_route}"}
-    redirect(:sms_request){"#{prefix}/#{sms_request_route}"}
+    redirect(:sms_auth){sms_auth_path}
+    redirect(:sms_needs_confirmation){sms_confirm_path}
+    redirect(:sms_needs_setup){sms_setup_path}
+    redirect(:sms_request){sms_request_path}
     redirect(:sms_lockout){_two_factor_auth_required_redirect}
 
     loaded_templates %w'sms-auth sms-confirm sms-disable sms-request sms-setup sms-code-field password-field'
@@ -311,7 +311,7 @@ module Rodauth
     end
 
     def otp_auth_form_footer
-      "#{super if defined?(super)}#{"<p><a href=\"#{sms_request_route}\">Authenticate using SMS code</a></p>" if sms_available?}"
+      "#{super if defined?(super)}#{"<p><a href=\"#{sms_request_path}\">Authenticate using SMS code</a></p>" if sms_available?}"
     end
 
     def otp_lockout_redirect

data/lib/rodauth/features/verify_account.rb

@@ -201,7 +201,7 @@ module Rodauth
     end
 
     def send_verify_account_email
-      create_verify_account_email.deliver!
+      send_email(create_verify_account_email)
     end
 
     def verify_account_email_link
@@ -225,7 +225,7 @@ module Rodauth
     end
 
     def verify_account_resend_link
-      "<p><a href=\"#{prefix}/#{verify_account_resend_route}\">Resend Verify Account Information</a></p>"
+      "<p><a href=\"#{verify_account_resend_path}\">Resend Verify Account Information</a></p>"
     end
 
     def create_account_set_password?

data/lib/rodauth/features/verify_login_change.rb

@@ -118,7 +118,7 @@ module Rodauth
     end
 
     def send_verify_login_change_email(login)
-      create_verify_login_change_email(login).deliver!
+      send_email(create_verify_login_change_email(login))
     end
 
     def verify_login_change_email_link

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 1
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 22
+  MINOR = 23
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/templates/email-auth-request-form.str

@@ -1,6 +1,6 @@
-<form action="#{rodauth.prefix}/#{rodauth.email_auth_request_route}" method="post" class="rodauth form-horizontal" role="form" id="email-auth-request-form">
+<form action="#{rodauth.email_auth_request_path}" method="post" class="rodauth form-horizontal" role="form" id="email-auth-request-form">
   #{rodauth.email_auth_request_additional_form_tags}
-  #{rodauth.csrf_tag("#{rodauth.prefix}/#{rodauth.email_auth_request_route}")}
+  #{rodauth.csrf_tag(rodauth.email_auth_request_path)}
   #{rodauth.login_hidden_field}
   #{rodauth.button(rodauth.email_auth_request_button)}
 </form>

data/templates/reset-password-request.str

@@ -1,7 +1,7 @@
-<form action="#{rodauth.prefix}/#{rodauth.reset_password_request_route}" method="post" class="rodauth form-horizontal" role="form" id="reset-password-request-form">
+<form action="#{rodauth.reset_password_request_path}" method="post" class="rodauth form-horizontal" role="form" id="reset-password-request-form">
   #{rodauth.reset_password_request_additional_form_tags}
-  #{rodauth.csrf_tag("#{rodauth.prefix}/#{rodauth.reset_password_request_route}")}
+  #{rodauth.csrf_tag(rodauth.reset_password_request_path)}
   #{rodauth.reset_password_explanatory_text}
-  #{(login = rodauth.param_or_nil(rodauth.login_param)) ? "<input type=\"hidden\" name=\"#{rodauth.login_param}\" value=\"#{h login}\"/>" : rodauth.render('login-field')}
+  #{rodauth.param_or_nil(rodauth.login_param) ? rodauth.login_hidden_field : rodauth.render('login-field')}
   #{rodauth.button(rodauth.reset_password_request_button)}
 </form>

data/templates/unlock-account-request.str

@@ -1,7 +1,7 @@
-<form action="#{rodauth.prefix}/#{rodauth.unlock_account_request_route}" method="post" class="rodauth form-horizontal" role="form" id="unlock-account-request-form">
+<form action="#{rodauth.unlock_account_request_path}" method="post" class="rodauth form-horizontal" role="form" id="unlock-account-request-form">
   #{rodauth.unlock_account_request_additional_form_tags}
-  #{rodauth.csrf_tag("#{rodauth.prefix}/#{rodauth.unlock_account_request_route}")}
-  <input type="hidden" name="#{rodauth.login_param}" value="#{h rodauth.param(rodauth.login_param)}"/>
+  #{rodauth.csrf_tag(rodauth.unlock_account_request_path)}
+  #{rodauth.login_hidden_field}
   #{rodauth.unlock_account_request_explanatory_text}
   <input type="submit" class="btn btn-primary inline" value="#{rodauth.unlock_account_request_button}"/>
 </form>

data/templates/verify-account-resend.str

@@ -1,7 +1,7 @@
-<form action="#{rodauth.prefix}/#{rodauth.verify_account_resend_route}" method="post" class="rodauth form-horizontal" role="form" id="verify-account-resend-form">
+<form action="#{rodauth.verify_account_resend_path}" method="post" class="rodauth form-horizontal" role="form" id="verify-account-resend-form">
   #{rodauth.verify_account_resend_additional_form_tags}
-  #{rodauth.csrf_tag("#{rodauth.prefix}/#{rodauth.verify_account_resend_route}")}
+  #{rodauth.csrf_tag(rodauth.verify_account_resend_path)}
   #{rodauth.verify_account_resend_explanatory_text}
-  #{(login = rodauth.param_or_nil(rodauth.login_param)) ? "<input type=\"hidden\" name=\"#{rodauth.login_param}\" value=\"#{h login}\"/>" : rodauth.render('login-field')}
+  #{rodauth.param_or_nil(rodauth.login_param) ? rodauth.login_hidden_field : rodauth.render('login-field')}
   #{rodauth.button(rodauth.verify_account_resend_button)}
 </form>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 1.22.0
+  version: 1.23.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-29 00:00:00.000000000 Z
+date: 2020-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -270,11 +270,11 @@ extra_rdoc_files:
 - doc/release_notes/1.20.0.txt
 - doc/release_notes/1.21.0.txt
 - doc/release_notes/1.22.0.txt
+- doc/release_notes/1.23.0.txt
 files:
 - CHANGELOG
 - MIT-LICENSE
 - README.rdoc
-- Rakefile
 - dict/top-10_000-passwords.txt
 - doc/account_expiration.rdoc
 - doc/base.rdoc
@@ -318,6 +318,7 @@ files:
 - doc/release_notes/1.20.0.txt
 - doc/release_notes/1.21.0.txt
 - doc/release_notes/1.22.0.txt
+- doc/release_notes/1.23.0.txt
 - doc/release_notes/1.3.0.txt
 - doc/release_notes/1.4.0.txt
 - doc/release_notes/1.5.0.txt
@@ -376,45 +377,6 @@ files:
 - lib/rodauth/features/verify_login_change.rb
 - lib/rodauth/migrations.rb
 - lib/rodauth/version.rb
-- spec/account_expiration_spec.rb
-- spec/all.rb
-- spec/change_login_spec.rb
-- spec/change_password_notify_spec.rb
-- spec/change_password_spec.rb
-- spec/close_account_spec.rb
-- spec/confirm_password_spec.rb
-- spec/create_account_spec.rb
-- spec/disallow_common_passwords_spec.rb
-- spec/disallow_password_reuse_spec.rb
-- spec/email_auth_spec.rb
-- spec/http_basic_auth_spec.rb
-- spec/jwt_cors_spec.rb
-- spec/jwt_refresh_spec.rb
-- spec/jwt_spec.rb
-- spec/lockout_spec.rb
-- spec/login_spec.rb
-- spec/migrate/001_tables.rb
-- spec/migrate/002_account_password_hash_column.rb
-- spec/migrate_password/001_tables.rb
-- spec/migrate_travis/001_tables.rb
-- spec/password_complexity_spec.rb
-- spec/password_expiration_spec.rb
-- spec/password_grace_period_spec.rb
-- spec/remember_spec.rb
-- spec/reset_password_spec.rb
-- spec/rodauth_spec.rb
-- spec/session_expiration_spec.rb
-- spec/single_session_spec.rb
-- spec/spec_helper.rb
-- spec/two_factor_spec.rb
-- spec/update_password_hash_spec.rb
-- spec/verify_account_grace_period_spec.rb
-- spec/verify_account_spec.rb
-- spec/verify_change_login_spec.rb
-- spec/verify_login_change_spec.rb
-- spec/views/layout-other.str
-- spec/views/layout.str
-- spec/views/login.str
 - templates/add-recovery-codes.str
 - templates/button.str
 - templates/change-login.str
@@ -488,7 +450,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Authentication and Account Management Framework for Rack Applications