rodauth 2.19.0 → 2.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0defa94cb0c58b317997853eda1775694a8b0bb89e3bb75f8de50af57a2223fe
-  data.tar.gz: 977738446cb7d8ac53a7edeab2587c07e7a9b9407d2584daa80fe6d47147f395
+  metadata.gz: 534a50718fe362e695a9fbd8043d1ce05ca211de2049b1351207bd5d11cbf962
+  data.tar.gz: 9afd5a7d79dde11005b090ca18591661c55c2647387a151b0d732ef97f51f633
 SHA512:
-  metadata.gz: 0e8833fc2ac01f3a917b8c267642b92472969531df33dc90dcae6e90d5b62befbf2f948ca75cafcd84353b4b9d629f1dec8d70e3e77cc2387cc0791cee551773
-  data.tar.gz: 03ff22811e9679b26f1dc83c676ca19145c762d26c216a9aafae816d3bad67cd39a68430fbd72c55f17e77117fbcd65690eb6d71f3b05f72860833a2205f2fe7
+  metadata.gz: f10082d21fad4783ad6193dc7e1dfe55bc5f57c98b33e1b6f6583dbaa0e921f4d40025e935f93aef9706078232956bcde2fec4e8838b1c2ee4f49a8885c22520
+  data.tar.gz: 8ca004055be7ee660a37f2657d6752dbe2318b30100204e8eb68c514229422158db3f513a1d9e90eb532535bdbdf5854f66834212cc43fb81f8f9b8872221af5

data/CHANGELOG

@@ -1,3 +1,9 @@
+=== 2.20.0 (2022-01-24)
+
+* Change the default implementation of webauth_rp_id to not include the port (jeremyevans) (#203)
+
+* Make logout of all sessions in active_sessions plugin also remove remember key if using remember plugin (jeremyevans)
+
 === 2.19.0 (2021-12-22)
 
 * Add login_maximum_bytes, setting the maximum number of bytes in a login, 255 by default (jeremyevans)

data/doc/release_notes/2.20.0.txt

@@ -0,0 +1,10 @@
+= Improvements
+
+* When using the active_sessions and remember features together,
+  doing a global logout will automatically remove the remember key for
+  the account, so the account will no longer be able to automatically
+  create new sessions using the remember key.
+
+* The default value of webauthn_rp_id now removes the port from the
+  origin if it exists, since the WebAuthn spec does not allow ports
+  in the relying party identifier.

data/lib/rodauth/features/active_sessions.rb

@@ -123,6 +123,7 @@ module Rodauth
 
     def before_logout
       if param_or_nil(global_logout_param)
+        remove_remember_key(session_value) if respond_to?(:remove_remember_key)
         remove_all_active_sessions
       else
         remove_current_session

data/lib/rodauth/features/webauthn.rb

@@ -334,7 +334,7 @@ module Rodauth
     end
 
     def webauthn_rp_id
-      webauthn_origin.sub(/\Ahttps?:\/\//, '')
+      webauthn_origin.sub(/\Ahttps?:\/\//, '').sub(/:\d+\z/, '')
     end
 
     def webauthn_rp_name

data/lib/rodauth/version.rb

@@ -6,7 +6,7 @@ module Rodauth
   MAJOR = 2
 
   # The minor version of Rodauth, updated for new feature releases of Rodauth.
-  MINOR = 19
+  MINOR = 20
 
   # The patch version of Rodauth, updated only for bug fixes from the last
   # feature release.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth
 version: !ruby/object:Gem::Version
-  version: 2.19.0
+  version: 2.20.0
 platform: ruby
 authors:
 - Jeremy Evans
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-12-22 00:00:00.000000000 Z
+date: 2022-01-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sequel
@@ -334,6 +334,7 @@ extra_rdoc_files:
 - doc/release_notes/2.18.0.txt
 - doc/release_notes/2.19.0.txt
 - doc/release_notes/2.2.0.txt
+- doc/release_notes/2.20.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
@@ -440,6 +441,7 @@ files:
 - doc/release_notes/2.18.0.txt
 - doc/release_notes/2.19.0.txt
 - doc/release_notes/2.2.0.txt
+- doc/release_notes/2.20.0.txt
 - doc/release_notes/2.3.0.txt
 - doc/release_notes/2.4.0.txt
 - doc/release_notes/2.5.0.txt
@@ -594,7 +596,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.3.3
 signing_key: 
 specification_version: 4
 summary: Authentication and Account Management Framework for Rack Applications