rodauth 2.11.0 → 2.12.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +4 -0
  3. data/doc/active_sessions.rdoc +4 -0
  4. data/doc/release_notes/2.11.0.txt +1 -1
  5. data/doc/release_notes/2.12.0.txt +17 -0
  6. data/lib/rodauth/features/active_sessions.rb +28 -7
  7. data/lib/rodauth/version.rb +1 -1
  8. data/templates/unlock-account-email.str +1 -1
  9. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 52cc814306a88708a5ade63bfa8288521db20517fdac543217e86a084e8e189f
4
- data.tar.gz: ebd02824ee15ede1c58a5ca93c092d2372e953790f7535d0889521bc95b9dfd3
3
+ metadata.gz: 453992f6df1e1a41e30923334f53146ddd575015f57960dcdadb2b3d4bc496e9
4
+ data.tar.gz: 29172b14c9a5c6d88e36c827c4fbc9e4f61fbadadf6b656734ef7058e9dd4a13
5
5
  SHA512:
6
- metadata.gz: 435b51b083c4509626c0699c2298c641134b132e0c08fae0c738823f4230d35d2a714761b7afdb2c9a48bb7c025e653a2bce84ae88b07f21a2bd5b494b52e6cc
7
- data.tar.gz: 179b131a07064033a1c934360578f8b7a8703421133179255078063d9bde7621f9865c3bb00f51dceb313255e4d685804ba2f1a0ba2d109198f660802d6eda61
6
+ metadata.gz: 956d8809e6ba87044e5aeba7712cc4e907604a632d7113084cda074bf675952fb4e3081cca5adf19a191df6d073e2b9068a313d8d26e81534b70f9eaba20688e
7
+ data.tar.gz: aaa0cde299ba115ea281bc18dfe5f02a0d2b35dd95231d9e69662ec340194569a288be916abb2fe0e258c50599c6ea6ef42791824f986d6dc2e295f5db67645a
data/CHANGELOG CHANGED
@@ -1,3 +1,7 @@
1
+ === 2.12.0 (2021-04-22)
2
+
3
+ * Add configuration methods to active_sessions plugin to control the inserting and updating of rows (janko) (#159)
4
+
1
5
  === 2.11.0 (2021-03-22)
2
6
 
3
7
  * Add same_as_current_login_message and contains_null_byte_message configuration methods to increase translatability (dmitryzuev) (#158)
data/doc/active_sessions.rdoc CHANGED
@@ -37,9 +37,13 @@ inactive_session_error_status :: The error status to use when a JSON request is
37
37
  session_id_session_key :: The session key name to use for storing the session id.
38
38
  session_inactivity_deadline :: The number of seconds since last use after which the session will be considered expired (1 day by default). Can be set to nil to not check session inactivity.
39
39
  session_lifetime_deadline :: The number of seconds since session creation after which the session will be considered expired (30 days by default). Can be set to nil to not check session lifetimes.
40
+ update_current_session? :: Whether the update current session with +active_sessions_update_hash+. By default returns true if +session_inactivity_deadline+ is set.
40
41
 
41
42
  == Auth Methods
42
43
 
44
+ active_sessions_insert_hash :: The hash to insert into the +active_sessions_table+.
45
+ active_sessions_key :: The active session key for the current account.
46
+ active_sessions_update_hash :: The hash to update the currently active session when +update_current_session?+ is true. By default updates last use to current time.
43
47
  add_active_session :: Create a session id for the session and populate the session and add the session id to the database.
44
48
  currently_active_session? :: Whether the session is currently active, by checking the database table.
45
49
  handle_duplicate_active_session_id(exception) :: How to handle the case where a duplicate session id for the account is inserted into the table. Does nothing by default. This should only be called if the random number generator is broken.
data/doc/release_notes/2.11.0.txt CHANGED
@@ -23,7 +23,7 @@
23
23
  block. Previously, you could only call configuration methods in
24
24
  the block that added the feature, and enabling a feature in a
25
25
  block that was already enabled in a previous block did not allow
26
- the use of configuraton methods related to the feature.
26
+ the use of configuration methods related to the feature.
27
27
 
28
28
  * Passing a block when loading the rodauth plugin is now optional.
29
29
 
data/doc/release_notes/2.12.0.txt ADDED
@@ -0,0 +1,17 @@
1
+ = New Features
2
+
3
+ * The following configuration methods have been added to the
4
+ active_sessions feature:
5
+
6
+ * active_sessions_insert_hash
7
+ * active_sessions_key
8
+ * active_sessions_update_hash
9
+ * update_current_session?
10
+
11
+ These methods allow you to control what gets inserted and
12
+ updated into the active_sessions_table, and to control
13
+ whether to perform updates.
14
+
15
+ = Other Improvements
16
+
17
+ * A typo was fixed in the default unlock account email.
data/lib/rodauth/features/active_sessions.rb CHANGED
@@ -19,7 +19,12 @@ module Rodauth
19
19
  auth_value_method :session_inactivity_deadline, 86400
20
20
  auth_value_method(:session_lifetime_deadline, 86400*30)
21
21
 
22
+ auth_value_methods :update_current_session?
23
+
22
24
  auth_methods(
25
+ :active_sessions_insert_hash,
26
+ :active_sessions_key,
27
+ :active_sessions_update_hash,
23
28
  :add_active_session,
24
29
  :currently_active_session?,
25
30
  :handle_duplicate_active_session_id,
@@ -36,8 +41,8 @@ module Rodauth
36
41
  ds = active_sessions_ds.
37
42
  where(active_sessions_session_id_column => compute_hmac(session_id))
38
43
 
39
- if session_inactivity_deadline
40
- ds.update(active_sessions_last_use_column => Sequel::CURRENT_TIMESTAMP) == 1
44
+ if update_current_session?
45
+ ds.update(active_sessions_update_hash) == 1
41
46
  else
42
47
  ds.count == 1
43
48
  end
@@ -57,11 +62,9 @@ module Rodauth
57
62
  end
58
63
 
59
64
  def add_active_session
60
- key = random_key
65
+ key = generate_active_sessions_key
61
66
  set_session_value(session_id_session_key, key)
62
- if e = raises_uniqueness_violation? do
63
- active_sessions_ds.insert(active_sessions_account_id_column => session_value, active_sessions_session_id_column => compute_hmac(key))
64
- end
67
+ if e = raises_uniqueness_violation?{active_sessions_ds.insert(active_sessions_insert_hash)}
65
68
  handle_duplicate_active_session_id(e)
66
69
  end
67
70
  nil
@@ -104,7 +107,7 @@ module Rodauth
104
107
  def after_refresh_token
105
108
  super if defined?(super)
106
109
  if prev_key = session[session_id_session_key]
107
- key = random_key
110
+ key = generate_active_sessions_key
108
111
  set_session_value(session_id_session_key, key)
109
112
  active_sessions_ds.
110
113
  where(active_sessions_session_id_column => compute_hmac(prev_key)).
@@ -126,6 +129,20 @@ module Rodauth
126
129
  super
127
130
  end
128
131
 
132
+ attr_reader :active_sessions_key
133
+
134
+ def generate_active_sessions_key
135
+ @active_sessions_key = random_key
136
+ end
137
+
138
+ def active_sessions_insert_hash
139
+ {active_sessions_account_id_column => session_value, active_sessions_session_id_column => compute_hmac(active_sessions_key)}
140
+ end
141
+
142
+ def active_sessions_update_hash
143
+ {active_sessions_last_use_column => Sequel::CURRENT_TIMESTAMP}
144
+ end
145
+
129
146
  def session_inactivity_deadline_condition
130
147
  if deadline = session_inactivity_deadline
131
148
  Sequel[active_sessions_last_use_column] < Sequel.date_sub(Sequel::CURRENT_TIMESTAMP, seconds: deadline)
@@ -145,6 +162,10 @@ module Rodauth
145
162
  Sequel.|(*[cond, cond2].compact)
146
163
  end
147
164
 
165
+ def update_current_session?
166
+ !!session_inactivity_deadline
167
+ end
168
+
148
169
  def active_sessions_ds
149
170
  db[active_sessions_table].
150
171
  where(active_sessions_account_id_column=>session_value)
data/lib/rodauth/version.rb CHANGED
@@ -6,7 +6,7 @@ module Rodauth
6
6
  MAJOR = 2
7
7
 
8
8
  # The minor version of Rodauth, updated for new feature releases of Rodauth.
9
- MINOR = 11
9
+ MINOR = 12
10
10
 
11
11
  # The patch version of Rodauth, updated only for bug fixes from the last
12
12
  # feature release.
data/templates/unlock-account-email.str CHANGED
@@ -1,4 +1,4 @@
1
- Someone has requested a that the account with this email be unlocked.
1
+ Someone has requested that the account with this email be unlocked.
2
2
  If you did not request the unlocking of this account, please ignore this
3
3
  message. If you requested the unlocking of this account, please go to
4
4
  #{rodauth.unlock_account_email_link}
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.11.0
4
+ version: 2.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jeremy Evans
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-22 00:00:00.000000000 Z
11
+ date: 2021-04-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sequel
@@ -322,6 +322,7 @@ extra_rdoc_files:
322
322
  - doc/release_notes/2.1.0.txt
323
323
  - doc/release_notes/2.10.0.txt
324
324
  - doc/release_notes/2.11.0.txt
325
+ - doc/release_notes/2.12.0.txt
325
326
  - doc/release_notes/2.2.0.txt
326
327
  - doc/release_notes/2.3.0.txt
327
328
  - doc/release_notes/2.4.0.txt
@@ -415,6 +416,7 @@ files:
415
416
  - doc/release_notes/2.1.0.txt
416
417
  - doc/release_notes/2.10.0.txt
417
418
  - doc/release_notes/2.11.0.txt
419
+ - doc/release_notes/2.12.0.txt
418
420
  - doc/release_notes/2.2.0.txt
419
421
  - doc/release_notes/2.3.0.txt
420
422
  - doc/release_notes/2.4.0.txt
@@ -568,7 +570,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
568
570
  - !ruby/object:Gem::Version
569
571
  version: '0'
570
572
  requirements: []
571
- rubygems_version: 3.2.3
573
+ rubygems_version: 3.2.15
572
574
  signing_key:
573
575
  specification_version: 4
574
576
  summary: Authentication and Account Management Framework for Rack Applications