rodauth 2.17.0 → 2.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 59e6db4541ac9a7ad8c00cf690d757d6e25b3cbf787b273d4415cc5236add6aa
-  data.tar.gz: dacd42d02a586b2ab34e9dbaa916fb77e365fd436d7be60dbe2a2f32074d25e8
+  metadata.gz: 60f279e15751f9a0915c72e919726cae392844137ddabd98cb5a973815ada935
+  data.tar.gz: ae841728e69f0fdf1d2c67de55f52ed535971a349ecc6dbddeaf6250e573515f
 SHA512:
-  metadata.gz: ed735a0beee837826544608e9f79fefc4421b311b0a75724a390d1368fe4ae8e68f5b6960085c45f3ba546e7c0faec034dc19023e1c5da70c0abfab5c75a4116
-  data.tar.gz: 8acc037e30b6c7528d7ac6d5c153cdb9f243473ed8a870cf75deff01ae185c0b5bb269f54f2a369e4246c17abe0deff27b576ea207b595cf8eef0cf1d07b8ca5
+  metadata.gz: 7490aded0f6e506fff03b445d569709ec77d1dc7e36193d8939c36d706a95f4b9bbd2ad0a05feaa7f4e2c309ce03ceeff302de81546a23f8c26bbd1c62f12c88
+  data.tar.gz: bb437de6fd56ee88a2acdccc6058eefe05c856d3bc0569b473d968aa7c8c2eae64817944dade3987b612322e61c7351808765e7dfa897267e4966a7b4c8c4206

data/CHANGELOG

@@ -1,3 +1,15 @@
+=== 2.18.0 (2021-11-23)
+
+* Allow JSON API access to /multifactor-manage to get links to setup/disable multifactor authentication endpoints (jeremyevans)
+
+* Allow JSON API access to /multifactor-auth to get links to possible multifactor authentication endpoints (jeremyevans)
+
+* Set configuration_name on class passed via :auth_class option if not already set (janko, jeremyevans) (#181)
+
+* Use viewbox: true option when creating QR code in otp feature, displays better and easier to style when using rqrcode 2+ (jeremyevans)
+
+* Make argon2 feature work with argon2 2.1.0 (jeremyevans)
+
 === 2.17.0 (2021-09-24)
 
 * Make jwt_refresh work correctly with verify_account_grace_period (jeremyevans)

data/README.rdoc

@@ -422,9 +422,12 @@ Note that these migrations require Sequel 4.35.0+.
         if db.database_type == :postgres
           citext :email, :null=>false
           constraint :valid_email, :email=>/^[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+$/
-          index :email, :unique=>true, :where=>{:status_id=>[1, 2]}
         else
           String :email, :null=>false
+        end
+        if db.supports_partial_indexes?
+          index :email, :unique=>true, :where=>{:status_id=>[1, 2]}
+        else
           index :email, :unique=>true
         end
       end

data/doc/guides/i18n.rdoc

@@ -24,3 +24,6 @@ Your translation file may then look something like this:
       require_login_error_flash: "Login is required for accessing this page"
       no_matching_login_message: "user with this email address doesn't exist"
       reset_password_email_subject: "Password Reset Instructions"
+
+Alternatively, you can use the
+{rodauth-i18n}[https://github.com/janko/rodauth-i18n] gem.

data/doc/release_notes/2.18.0.txt

@@ -0,0 +1,27 @@
+= New Features
+
+* When using the json and multifactor auth features, the JSON API can
+  now access the multifactor-manage route to get lists of endpoints
+  for setting up and disabling supported multifactor authentication
+  methods.  The JSON API can now also access the multifactor-auth
+  route to get a list of endpoints for multifactor authentication for
+  the currently logged in account.
+
+= Other Improvements
+
+* In the otp feature, the viewbox: true rqrcode option is now used
+  when creating the QR code.  This results in a QR code that is
+  displayed better and is easier to style.  This option only has
+  an effect when using rqrcode 2+.
+
+* When using the :auth_class option when loading the rodauth plugin,
+  the configuration name is set in the provided auth class, unless the
+  auth class already has a configuration name set.
+
+* The example migration now recommends using a partial index on the
+  email column in cases where the database supports partial indexes.
+  Previously, it only recommended it on PostgreSQL.
+
+* The argon2 feature now works with argon2 2.1.0.  Older versions of
+  Rodauth work with both earlier and later versions of argon2, but
+  not 2.1.0.

data/lib/rodauth/features/argon2.rb

@@ -16,6 +16,18 @@ module Rodauth
 
     private
 
+    if Argon2::VERSION != '2.1.0'
+      def argon2_salt_option
+        :salt_do_not_supply
+      end
+    # :nocov:
+    else
+      def argon2_salt_option
+        :salt_for_testing_purposes_only
+      end
+    # :nocov:
+    end
+
     def password_hash_cost
       return super unless use_argon2?
       argon2_hash_cost 
@@ -35,7 +47,7 @@ module Rodauth
       return super unless argon2_hash_algorithm?(salt)
 
       argon2_params = Hash[extract_password_hash_cost(salt)]
-      argon2_params[:salt_do_not_supply] = Base64.decode64(salt.split('$').last)
+      argon2_params[argon2_salt_option] = Base64.decode64(salt.split('$').last)
       ::Argon2::Password.new(argon2_params).create(password)
     end
 

data/lib/rodauth/features/json.rb

@@ -67,6 +67,25 @@ module Rodauth
 
     private
 
+    def before_two_factor_manage_route
+      super if defined?(super)
+      if use_json?
+        json_response[:setup_links] = two_factor_setup_links.sort.map{|_,link| link}
+        json_response[:remove_links] = two_factor_remove_links.sort.map{|_,link| link}
+        json_response[json_response_success_key] ||= "" if include_success_messages?
+        return_json_response
+      end
+    end
+
+    def before_two_factor_auth_route
+      super if defined?(super)
+      if use_json?
+        json_response[:auth_links] = two_factor_auth_links.sort.map{|_,link| link}
+        json_response[json_response_success_key] ||= "" if include_success_messages?
+        return_json_response
+      end
+    end
+
     def before_view_recovery_codes
       super if defined?(super)
       if use_json?

data/lib/rodauth/features/otp.rb

@@ -303,7 +303,7 @@ module Rodauth
     end
 
     def otp_qr_code
-      RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8)
+      RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8, :viewbox=>true)
     end
 
     def otp_user_key

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 17
+  MINOR = 18
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

data/lib/rodauth.rb

@@ -50,13 +50,14 @@ module Rodauth
     else
       json_opt != :only
     end
-    auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= opts[:auth_class] || Class.new(Auth){@configuration_name = opts[:name]}
+    auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= opts[:auth_class] || Class.new(Auth)
     if !auth_class.roda_class
       auth_class.roda_class = app
     elsif auth_class.roda_class != app
-      auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class){@configuration_name = opts[:name]}
+      auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class)
       auth_class.roda_class = app
     end
+    auth_class.class_eval{@configuration_name = opts[:name] unless defined?(@configuration_name)}
     auth_class.configure(&block) if block
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.17.0
+  version: 2.18.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-24 00:00:00.000000000 Z
+date: 2021-11-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -331,6 +331,7 @@ extra_rdoc_files:
 - doc/release_notes/2.15.0.txt
 - doc/release_notes/2.16.0.txt
 - doc/release_notes/2.17.0.txt
+- doc/release_notes/2.18.0.txt
 - doc/release_notes/2.2.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
@@ -433,6 +434,7 @@ files:
 - doc/release_notes/2.15.0.txt
 - doc/release_notes/2.16.0.txt
 - doc/release_notes/2.17.0.txt
+- doc/release_notes/2.18.0.txt
 - doc/release_notes/2.2.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt