rodauth 2.20.0 → 2.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +12 -0
- data/README.rdoc +4 -0
- data/doc/release_notes/2.21.0.txt +28 -0
- data/lib/rodauth/features/active_sessions.rb +1 -1
- data/lib/rodauth/features/base.rb +6 -6
- data/lib/rodauth/features/verify_account_grace_period.rb +13 -1
- data/lib/rodauth/version.rb +1 -1
- data/templates/webauthn-remove.str +1 -0
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bb1777533bb6a941212c0e6d5be00fc393b95c3d22e7af40542d616cdd68d139
|
4
|
+
data.tar.gz: de6a798803940fb94ff1d44bc2d148e45b1adc8e532cb44db4602b974a1b6b19
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 830b574f78cba6d5e103306f3709e2ae92e99af0cb0b02c8276699c048cd799cad58cf28d521980e43c0023aadc8934705ad45ff48819c316b3c6d3b5554f189
|
7
|
+
data.tar.gz: d4127705f604ac89b35f17d795c07bd54bed86b6c9c784e04578f047a3b1d2e34689c0320c35ffe9f7640e7870197c6563c4c57c0867ca5d2d257d23a143ce1a
|
data/CHANGELOG
CHANGED
@@ -1,3 +1,15 @@
|
|
1
|
+
=== 2.21.0 (2022-02-23)
|
2
|
+
|
3
|
+
* Avoid extra bcrypt hashing on account verification when using account_password_hash_column (janko) (#217)
|
4
|
+
|
5
|
+
* Make require_account public (janko) (#212)
|
6
|
+
|
7
|
+
* Force specific date/time format when displaying webauthn last use time (jeremyevans)
|
8
|
+
|
9
|
+
* Automatically clear the session in require_login if users go beyond verify account grace period (janko) (#211)
|
10
|
+
|
11
|
+
* Fix typo in default value of global_logout_label in active_sessions plugin (sterlzbd) (#209)
|
12
|
+
|
1
13
|
=== 2.20.0 (2022-01-24)
|
2
14
|
|
3
15
|
* Change the default implementation of webauth_rp_id to not include the port (jeremyevans) (#203)
|
data/README.rdoc
CHANGED
@@ -990,6 +990,10 @@ require_authentication :: Similar to +require_login+, but also requires
|
|
990
990
|
two factor authentication. Redirects the request to
|
991
991
|
the two factor authentication page if logged in but not
|
992
992
|
authenticated via two factors.
|
993
|
+
require_account :: Similar to +require_authentication+, but also loads the logged
|
994
|
+
in account to ensure it exists in the database. If the account
|
995
|
+
doesn't exist, or if it exists but isn't verified, the session
|
996
|
+
is cleared and the request redirected to the login page.
|
993
997
|
logged_in? :: Whether the session has been logged in.
|
994
998
|
authenticated? :: Similar to +logged_in?+, but if the account has setup two
|
995
999
|
factor authentication, whether the session has authenticated
|
@@ -0,0 +1,28 @@
|
|
1
|
+
= Improvements
|
2
|
+
|
3
|
+
* When using the verify_account_grace_period feature, if the grace
|
4
|
+
period has expired for currently logged in session, require_login
|
5
|
+
will clear the session and redirect to the login page. This is
|
6
|
+
implemented by having the unverified_account_session_key store the
|
7
|
+
time of expiration, as an integer.
|
8
|
+
|
9
|
+
* The previously private require_account method is now public. The
|
10
|
+
method is used internally by Rodauth to check that not only is the
|
11
|
+
current session logged in, but also that the account related to the
|
12
|
+
currently logged in session still exists in the database. The only
|
13
|
+
reason you would want to call require_account instead of
|
14
|
+
require_authentication is if you want to handle cases where there
|
15
|
+
can be logged in sessions for accounts that have been deleted.
|
16
|
+
|
17
|
+
* Rodauth now avoids an unnecessary bcrypt hash calculation when
|
18
|
+
updating accounts when using the account_password_hash_column
|
19
|
+
configuration method.
|
20
|
+
|
21
|
+
* When WebAuthn token last use times are displayed, Rodauth now uses a
|
22
|
+
fixed format of YYYY-MM-DD HH:MM:SS, instead of relying on
|
23
|
+
Time#to_s. If this presents an problem for your application, please
|
24
|
+
open an issue and we can add a configuration method to control
|
25
|
+
the behavior.
|
26
|
+
|
27
|
+
* A typo in the default value of global_logout_label in the
|
28
|
+
active_sessions feature has been fixed.
|
@@ -13,7 +13,7 @@ module Rodauth
|
|
13
13
|
auth_value_method :active_sessions_last_use_column, :last_use
|
14
14
|
auth_value_method :active_sessions_session_id_column, :session_id
|
15
15
|
auth_value_method :active_sessions_table, :account_active_session_keys
|
16
|
-
translatable_method :global_logout_label, 'Logout all Logged In
|
16
|
+
translatable_method :global_logout_label, 'Logout all Logged In Sessions?'
|
17
17
|
auth_value_method :global_logout_param, 'global_logout'
|
18
18
|
auth_value_method :inactive_session_error_status, 401
|
19
19
|
auth_value_method :session_inactivity_deadline, 86400
|
@@ -338,6 +338,11 @@ module Rodauth
|
|
338
338
|
require_login
|
339
339
|
end
|
340
340
|
|
341
|
+
def require_account
|
342
|
+
require_authentication
|
343
|
+
require_account_session
|
344
|
+
end
|
345
|
+
|
341
346
|
def account_initial_status_value
|
342
347
|
account_open_status_value
|
343
348
|
end
|
@@ -524,11 +529,6 @@ module Rodauth
|
|
524
529
|
Rack::Utils.secure_compare(provided.ljust(actual.length), actual) && provided.length == actual.length
|
525
530
|
end
|
526
531
|
|
527
|
-
def require_account
|
528
|
-
require_authentication
|
529
|
-
require_account_session
|
530
|
-
end
|
531
|
-
|
532
532
|
def require_account_session
|
533
533
|
unless account_from_session
|
534
534
|
clear_session
|
@@ -756,7 +756,7 @@ module Rodauth
|
|
756
756
|
num = ds.update(values)
|
757
757
|
if num == 1
|
758
758
|
values.each do |k, v|
|
759
|
-
account[k] =
|
759
|
+
account[k] = Sequel::CURRENT_TIMESTAMP == v ? Time.now : v
|
760
760
|
end
|
761
761
|
end
|
762
762
|
num
|
@@ -30,10 +30,17 @@ module Rodauth
|
|
30
30
|
false
|
31
31
|
end
|
32
32
|
|
33
|
+
def require_login
|
34
|
+
if unverified_grace_period_expired?
|
35
|
+
clear_session
|
36
|
+
end
|
37
|
+
super
|
38
|
+
end
|
39
|
+
|
33
40
|
def update_session
|
34
41
|
super
|
35
42
|
if account_in_unverified_grace_period?
|
36
|
-
set_session_value(unverified_account_session_key,
|
43
|
+
set_session_value(unverified_account_session_key, Time.now.to_i + verify_account_grace_period)
|
37
44
|
end
|
38
45
|
end
|
39
46
|
|
@@ -78,6 +85,11 @@ module Rodauth
|
|
78
85
|
!verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty?
|
79
86
|
end
|
80
87
|
|
88
|
+
def unverified_grace_period_expired?
|
89
|
+
return false unless expires_at = session[unverified_account_session_key]
|
90
|
+
expires_at.is_a?(Integer) && Time.now.to_i > expires_at
|
91
|
+
end
|
92
|
+
|
81
93
|
def use_date_arithmetic?
|
82
94
|
true
|
83
95
|
end
|
data/lib/rodauth/version.rb
CHANGED
@@ -4,6 +4,7 @@
|
|
4
4
|
#{rodauth.render('password-field') if rodauth.two_factor_modifications_require_password?}
|
5
5
|
<fieldset class="form-group mb-3">
|
6
6
|
#{(usage = rodauth.account_webauthn_usage; last_id = usage.keys.last; usage;).map do |id, last_use|
|
7
|
+
last_use = last_use.strftime("%F %T") if last_use.is_a?(Time)
|
7
8
|
input = rodauth.input_field_string(rodauth.webauthn_remove_param, "webauthn-remove-#{h id}", :type=>'radio', :class=>"form-check-input", :skip_error_message=>true, :value=>id, :required=>false)
|
8
9
|
label = "<label class=\"rodauth-webauthn-id form-check-label\" for=\"webauthn-remove-#{h id}\">Last Use: #{last_use}</label>"
|
9
10
|
error = rodauth.formatted_field_error(rodauth.webauthn_remove_param) if id == last_id
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.21.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jeremy Evans
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-02-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sequel
|
@@ -335,6 +335,7 @@ extra_rdoc_files:
|
|
335
335
|
- doc/release_notes/2.19.0.txt
|
336
336
|
- doc/release_notes/2.2.0.txt
|
337
337
|
- doc/release_notes/2.20.0.txt
|
338
|
+
- doc/release_notes/2.21.0.txt
|
338
339
|
- doc/release_notes/2.3.0.txt
|
339
340
|
- doc/release_notes/2.4.0.txt
|
340
341
|
- doc/release_notes/2.5.0.txt
|
@@ -442,6 +443,7 @@ files:
|
|
442
443
|
- doc/release_notes/2.19.0.txt
|
443
444
|
- doc/release_notes/2.2.0.txt
|
444
445
|
- doc/release_notes/2.20.0.txt
|
446
|
+
- doc/release_notes/2.21.0.txt
|
445
447
|
- doc/release_notes/2.3.0.txt
|
446
448
|
- doc/release_notes/2.4.0.txt
|
447
449
|
- doc/release_notes/2.5.0.txt
|
@@ -596,7 +598,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
596
598
|
- !ruby/object:Gem::Version
|
597
599
|
version: '0'
|
598
600
|
requirements: []
|
599
|
-
rubygems_version: 3.3.
|
601
|
+
rubygems_version: 3.3.7
|
600
602
|
signing_key:
|
601
603
|
specification_version: 4
|
602
604
|
summary: Authentication and Account Management Framework for Rack Applications
|