rodauth 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +4 -0
- data/README.rdoc +1 -0
- data/doc/release_notes/1.4.0.txt +11 -0
- data/doc/update_password_hash.rdoc +7 -0
- data/lib/rodauth/features/base.rb +19 -13
- data/lib/rodauth/features/login_password_requirements_base.rb +1 -1
- data/lib/rodauth/features/update_password_hash.rb +29 -0
- data/lib/rodauth/version.rb +1 -1
- data/spec/update_password_hash_spec.rb +40 -0
- metadata +8 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: eedc388675de95e1b6d8f6281bc57cefb262eec9
|
|
4
|
+
data.tar.gz: 725710de442759eba54e3a2245e2ed08af52d479
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c354d87afa1dac53d2589b2626a17841e33b3f3041145cf88ccaef9ad4a4041a94b1a5140b88e7fb43af7de8efde7ad26f34fec0a5f79b962617656eccb10a35
|
|
7
|
+
data.tar.gz: acc6f4b368095dafb9d102642b5da105405475fd73fae8e31c162fe086cb8f7baf849052a9274d6e64f5988b98bf7e4319595c8a746190b1edd6dd529414ded6
|
data/CHANGELOG
CHANGED
data/README.rdoc
CHANGED
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
= New Features
|
|
2
|
+
|
|
3
|
+
* A update_password_hash feature has been added, which will update
|
|
4
|
+
the password hash for the account whenever the account's current
|
|
5
|
+
password hash has a cost different from the currently configured
|
|
6
|
+
password hash cost.
|
|
7
|
+
|
|
8
|
+
This allows you to increase the password hash cost for all
|
|
9
|
+
accounts or for certain types of accounts, and have the password
|
|
10
|
+
hashes automatically updated to use the new cost the next time the
|
|
11
|
+
correct password is provided for the account.
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
= Documentation for Update Password Hash Feature
|
|
2
|
+
|
|
3
|
+
The update password hash feature updates the hash for the password whenever
|
|
4
|
+
the hash cost changes. For example, if you have a cost of 8, and later
|
|
5
|
+
increase the cost to 10, anytime the user authenticates correctly with
|
|
6
|
+
their password, their password hash will change from one that uses a cost
|
|
7
|
+
of 8 to one that uses a cost of 10.
|
|
@@ -246,20 +246,12 @@ module Rodauth
|
|
|
246
246
|
end
|
|
247
247
|
|
|
248
248
|
def password_match?(password)
|
|
249
|
-
if
|
|
250
|
-
|
|
251
|
-
elsif use_database_authentication_functions?
|
|
252
|
-
id = account_id
|
|
253
|
-
if salt = db.get(Sequel.function(function_name(:rodauth_get_salt), id))
|
|
254
|
-
hash = BCrypt::Engine.hash_secret(password, salt)
|
|
255
|
-
db.get(Sequel.function(function_name(:rodauth_valid_password_hash), id, hash))
|
|
256
|
-
end
|
|
257
|
-
else
|
|
258
|
-
# :nocov:
|
|
259
|
-
if hash = password_hash_ds.get(password_hash_column)
|
|
249
|
+
if hash = get_password_hash
|
|
250
|
+
if account_password_hash_column || !use_database_authentication_functions?
|
|
260
251
|
BCrypt::Password.new(hash) == password
|
|
261
|
-
|
|
262
|
-
|
|
252
|
+
else
|
|
253
|
+
db.get(Sequel.function(function_name(:rodauth_valid_password_hash), account_id, BCrypt::Engine.hash_secret(password, hash)))
|
|
254
|
+
end
|
|
263
255
|
end
|
|
264
256
|
end
|
|
265
257
|
|
|
@@ -358,6 +350,20 @@ module Rodauth
|
|
|
358
350
|
end
|
|
359
351
|
end
|
|
360
352
|
|
|
353
|
+
# Get the password hash for the user. When using database authentication functions,
|
|
354
|
+
# note that only the salt is returned.
|
|
355
|
+
def get_password_hash
|
|
356
|
+
if account_password_hash_column
|
|
357
|
+
account[account_password_hash_column]
|
|
358
|
+
elsif use_database_authentication_functions?
|
|
359
|
+
db.get(Sequel.function(function_name(:rodauth_get_salt), account_id))
|
|
360
|
+
else
|
|
361
|
+
# :nocov:
|
|
362
|
+
password_hash_ds.get(password_hash_column)
|
|
363
|
+
# :nocov:
|
|
364
|
+
end
|
|
365
|
+
end
|
|
366
|
+
|
|
361
367
|
def _account_from_login(login)
|
|
362
368
|
ds = db[accounts_table].where(login_column=>login)
|
|
363
369
|
ds = ds.select(*account_select) if account_select
|
|
@@ -56,7 +56,7 @@ module Rodauth
|
|
|
56
56
|
update_account(account_password_hash_column=>hash)
|
|
57
57
|
elsif password_hash_ds.update(password_hash_column=>hash) == 0
|
|
58
58
|
# This shouldn't raise a uniqueness error, as the update should only fail for a new user,
|
|
59
|
-
# and an existing user
|
|
59
|
+
# and an existing user should always have a valid password hash row. If this does
|
|
60
60
|
# fail, retrying it will cause problems, it will override a concurrently running update
|
|
61
61
|
# with potentially a different password.
|
|
62
62
|
db[password_hash_table].insert(password_hash_id_column=>account_id, password_hash_column=>hash)
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# frozen-string-literal: true
|
|
2
|
+
|
|
3
|
+
module Rodauth
|
|
4
|
+
UpdatePasswordHash = Feature.define(:update_password_hash) do
|
|
5
|
+
depends :login_password_requirements_base
|
|
6
|
+
|
|
7
|
+
def password_match?(password)
|
|
8
|
+
if (result = super) && update_password_hash?
|
|
9
|
+
set_password(password)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
result
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
def update_password_hash?
|
|
18
|
+
password_hash_cost != @current_password_hash_cost
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def get_password_hash
|
|
22
|
+
if hash = super
|
|
23
|
+
@current_password_hash_cost = hash.split('$')[2].to_i
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
hash
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
data/lib/rodauth/version.rb
CHANGED
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
require File.expand_path("spec_helper", File.dirname(__FILE__))
|
|
2
|
+
|
|
3
|
+
describe 'Rodauth update_password feature' do
|
|
4
|
+
[false, true].each do |ph|
|
|
5
|
+
it "should support updating passwords for accounts #{'with account_password_hash_column' if ph} if hash cost changes" do
|
|
6
|
+
cost = BCrypt::Engine::MIN_COST
|
|
7
|
+
rodauth do
|
|
8
|
+
enable :login, :logout, :update_password_hash
|
|
9
|
+
account_password_hash_column :ph if ph
|
|
10
|
+
password_hash_cost{cost}
|
|
11
|
+
end
|
|
12
|
+
roda do |r|
|
|
13
|
+
r.rodauth
|
|
14
|
+
next unless session[:account_id]
|
|
15
|
+
rodauth.account_from_session
|
|
16
|
+
r.root{rodauth.send(:get_password_hash)}
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
login
|
|
20
|
+
content = page.html
|
|
21
|
+
|
|
22
|
+
logout
|
|
23
|
+
login
|
|
24
|
+
page.current_path.must_equal '/'
|
|
25
|
+
content.must_equal page.html
|
|
26
|
+
|
|
27
|
+
cost += 1
|
|
28
|
+
logout
|
|
29
|
+
login
|
|
30
|
+
new_content = page.html
|
|
31
|
+
page.current_path.must_equal '/'
|
|
32
|
+
content.wont_equal new_content
|
|
33
|
+
|
|
34
|
+
logout
|
|
35
|
+
login
|
|
36
|
+
page.current_path.must_equal '/'
|
|
37
|
+
new_content.must_equal page.html
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jeremy Evans
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-08-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sequel
|
|
@@ -224,10 +224,12 @@ extra_rdoc_files:
|
|
|
224
224
|
- doc/verify_account_grace_period.rdoc
|
|
225
225
|
- doc/confirm_password.rdoc
|
|
226
226
|
- doc/verify_change_login.rdoc
|
|
227
|
+
- doc/update_password_hash.rdoc
|
|
227
228
|
- doc/release_notes/1.0.0.txt
|
|
228
229
|
- doc/release_notes/1.1.0.txt
|
|
229
230
|
- doc/release_notes/1.2.0.txt
|
|
230
231
|
- doc/release_notes/1.3.0.txt
|
|
232
|
+
- doc/release_notes/1.4.0.txt
|
|
231
233
|
files:
|
|
232
234
|
- CHANGELOG
|
|
233
235
|
- MIT-LICENSE
|
|
@@ -256,12 +258,14 @@ files:
|
|
|
256
258
|
- doc/release_notes/1.1.0.txt
|
|
257
259
|
- doc/release_notes/1.2.0.txt
|
|
258
260
|
- doc/release_notes/1.3.0.txt
|
|
261
|
+
- doc/release_notes/1.4.0.txt
|
|
259
262
|
- doc/remember.rdoc
|
|
260
263
|
- doc/reset_password.rdoc
|
|
261
264
|
- doc/session_expiration.rdoc
|
|
262
265
|
- doc/single_session.rdoc
|
|
263
266
|
- doc/sms_codes.rdoc
|
|
264
267
|
- doc/two_factor_base.rdoc
|
|
268
|
+
- doc/update_password_hash.rdoc
|
|
265
269
|
- doc/verify_account.rdoc
|
|
266
270
|
- doc/verify_account_grace_period.rdoc
|
|
267
271
|
- doc/verify_change_login.rdoc
|
|
@@ -292,6 +296,7 @@ files:
|
|
|
292
296
|
- lib/rodauth/features/single_session.rb
|
|
293
297
|
- lib/rodauth/features/sms_codes.rb
|
|
294
298
|
- lib/rodauth/features/two_factor_base.rb
|
|
299
|
+
- lib/rodauth/features/update_password_hash.rb
|
|
295
300
|
- lib/rodauth/features/verify_account.rb
|
|
296
301
|
- lib/rodauth/features/verify_account_grace_period.rb
|
|
297
302
|
- lib/rodauth/features/verify_change_login.rb
|
|
@@ -321,6 +326,7 @@ files:
|
|
|
321
326
|
- spec/single_session_spec.rb
|
|
322
327
|
- spec/spec_helper.rb
|
|
323
328
|
- spec/two_factor_spec.rb
|
|
329
|
+
- spec/update_password_hash_spec.rb
|
|
324
330
|
- spec/verify_account_grace_period_spec.rb
|
|
325
331
|
- spec/verify_account_spec.rb
|
|
326
332
|
- spec/verify_change_login_spec.rb
|