Methods
Public Class
- configure
- create_database_authentication_functions
- create_database_previous_password_check_functions
- drop_database_authentication_functions
- drop_database_previous_password_check_functions
- load_dependencies
- new
- version
Public Instance
- _account_from_email_auth_key
- _account_from_login
- _account_from_reset_password_key
- _account_from_session
- _account_from_unlock_key
- _account_from_verify_account_key
- _account_from_verify_login_change_key
- _email_auth_request
- _field_attributes
- _field_error_attributes
- _formatted_field_error
- _json_response_body
- _login
- _new_account
- _otp
- _otp_add_key
- _otp_key
- _otp_tmp_key
- _recovery_codes
- _sms
- _two_factor_auth_required_redirect
- _update_login
- _view
- _view_opts
- account_activity_ds
- account_ds
- account_expired?
- account_expired_at
- account_from_email_auth_key
- account_from_key
- account_from_login
- account_from_reset_password_key
- account_from_session
- account_from_unlock_key
- account_from_verify_account_key
- account_from_verify_login_change_key
- account_id
- account_in_unverified_grace_period?
- account_initial_status_value
- account_lockouts_ds
- account_login_failures_ds
- account_model
- account_password_hash_column
- account_session_status_filter
- active_remember_key_ds
- add_field_error_class
- add_previous_password_hash
- add_recovery_code
- add_recovery_codes
- add_remember_key
- after_change_login
- after_change_password
- after_close_account
- after_confirm_password
- after_create_account
- after_login
- after_login_entered_during_multi_phase_login
- after_login_failure
- after_logout
- after_reset_password
- allow_resending_verify_account_email?
- already_logged_in
- auth_class_eval
- authenticated?
- base32_encode
- before_change_login_route
- before_change_password_route
- before_login_attempt
- before_logout
- before_otp_authentication_route
- before_otp_setup_route
- before_reset_password
- before_reset_password_request
- before_rodauth
- before_unlock_account
- before_unlock_account_request
- before_view_recovery_codes
- button
- button_opts
- can_add_recovery_codes?
- catch_error
- change_login
- change_login_notice_flash
- change_login_requires_password?
- change_password_requires_password?
- check_account_expiration
- check_already_logged_in
- check_password_change_allowed
- check_session_expiration
- check_single_session
- clear_cached_otp
- clear_invalid_login_attempts
- clear_remembered_session_key
- clear_session
- close_account
- close_account_requires_password?
- compute_hmac
- compute_raw_hmac
- confirm_password
- confirm_password_redirect
- convert_email_token_key
- convert_session_key
- convert_timestamp
- convert_token_key
- create_account_autologin?
- create_account_link
- create_account_notice_flash
- create_account_set_password?
- create_email
- create_email_auth_email
- create_email_auth_key
- create_email_to
- create_password_changed_email
- create_reset_password_email
- create_reset_password_key
- create_unlock_account_email
- create_verify_account_email
- create_verify_account_key
- create_verify_login_change_email
- create_verify_login_change_key
- csrf_tag
- currently_active_session?
- db
- default_field_attributes
- delete_account
- delete_account_on_close?
- disable_remember_login
- email_auth_ds
- email_auth_email_body
- email_auth_email_link
- email_auth_email_recently_sent?
- email_auth_key_insert_hash
- email_auth_request_form
- email_from
- email_to
- expire_session
- features
- field_attributes
- field_error
- field_error_attributes
- flash
- force_email_auth?
- forget_login
- formatted_field_error
- function_name
- generate_email_auth_key_value
- generate_remember_key_value
- generate_reset_password_key_value
- generate_unlock_account_key
- generate_verify_account_key_value
- generate_verify_login_change_key_value
- get_activity_timestamp
- get_email_auth_email_last_sent
- get_email_auth_key
- get_password_changed_at
- get_password_hash
- get_password_reset_key
- get_remember_key
- get_reset_password_email_last_sent
- get_unlock_account_email_last_sent
- get_unlock_account_key
- get_verify_account_email_last_sent
- get_verify_account_key
- get_verify_login_change_login_and_key
- include_success_messages?
- input_field_string
- invalid_login_attempted
- invalid_previous_password_message
- json_request?
- json_response
- jwt_cors_allow?
- jwt_payload
- jwt_secret
- jwt_session_hash
- jwt_token
- last_account_activity_at
- last_account_login_at
- load_memory
- loaded_templates
- locked_out?
- logged_in_via_remember_key?
- login_confirm_label
- login_does_not_meet_requirements_message
- login_failed_reset_password_request_form
- login_form_footer
- login_hidden_field
- login_meets_email_requirements?
- login_meets_length_requirements?
- login_meets_requirements?
- login_required
- login_too_long_message
- login_too_short_message
- logout
- modifications_require_password?
- new_account
- new_recovery_code
- no_longer_active_session
- only_json?
- open_account?
- otp_add_key
- otp_auth_form_footer
- otp_exists?
- otp_hmac_secret
- otp_issuer
- otp_key_ds
- otp_keys_use_hmac?
- otp_locked_out?
- otp_lockout_error_flash
- otp_lockout_redirect
- otp_new_secret
- otp_provisioning_name
- otp_provisioning_uri
- otp_qr_code
- otp_record_authentication_failure
- otp_remove
- otp_remove_auth_failures
- otp_tmp_key
- otp_update_last_use
- otp_user_key
- otp_valid_code?
- otp_valid_key?
- param
- param_or_nil
- password_changed_email_body
- password_confirm_label
- password_does_not_contain_null_byte?
- password_does_not_meet_requirements_message
- password_doesnt_match_previous_password?
- password_expiration_ds
- password_expired?
- password_has_enough_character_groups?
- password_has_no_invalid_pattern?
- password_hash
- password_hash_cost
- password_hash_ds
- password_match?
- password_meets_length_requirements?
- password_meets_requirements?
- password_not_in_dictionary?
- password_not_one_of_the_most_common?
- password_not_too_many_repeating_characters?
- password_one_of_most_common?
- password_recently_entered?
- password_reset_ds
- password_too_many_repeating_characters_message
- password_too_short_message
- post_configure
- previous_password_ds
- raises_uniqueness_violation?
- random_key
- recovery_code_match?
- recovery_codes_ds
- recovery_codes_primary?
- recovery_codes_remove
- redirect
- remember_key_ds
- remember_login
- remove_email_auth_key
- remove_lockout_metadata
- remove_remember_key
- remove_reset_password_key
- remove_verify_account_key
- remove_verify_login_change_key
- render
- request
- require_account
- require_account_session
- require_authentication
- require_current_password
- require_login
- require_otp_setup
- require_sms_available
- require_sms_not_setup
- require_sms_setup
- require_two_factor_authenticated
- require_two_factor_not_authenticated
- require_two_factor_setup
- reset_password_email_body
- reset_password_email_link
- reset_password_email_recently_sent?
- reset_password_key_insert_hash
- reset_password_request_link
- reset_single_session_key
- response
- retry_on_uniqueness_violation
- return_json_response
- route!
- save_account
- send_email_auth_email
- send_password_changed_email
- send_reset_password_email
- send_unlock_account_email
- send_verify_account_email
- send_verify_login_change_email
- session
- session_expiration_redirect
- session_jwt
- session_value
- set_deadline_value
- set_deadline_values?
- set_email_auth_email_last_sent
- set_error_flash
- set_expired
- set_field_error
- set_http_basic_auth_error_response
- set_jwt
- set_jwt_token
- set_last_password_entry
- set_new_account_password
- set_notice_flash
- set_notice_now_flash
- set_password
- set_redirect_error_flash
- set_redirect_error_status
- set_reset_password_email_last_sent
- set_response_error_status
- set_session_value
- set_single_session_key
- set_title
- set_unlock_account_email_last_sent
- set_verify_account_email_last_sent
- setup_account_verification
- show_lockout_page
- single_session_ds
- skip_login_field_on_login?
- skip_password_field_on_login?
- skip_status_checks?
- sms_auth_message
- sms_available?
- sms_code
- sms_code_issued_at
- sms_code_match?
- sms_codes_primary?
- sms_confirm
- sms_confirm_failure
- sms_confirm_message
- sms_confirmation_match?
- sms_current_auth?
- sms_disable
- sms_ds
- sms_failures
- sms_locked_out?
- sms_needs_confirmation?
- sms_new_auth_code
- sms_new_confirm_code
- sms_normalize_phone
- sms_phone
- sms_record_failure
- sms_remove_failures
- sms_send
- sms_send_auth_code
- sms_send_confirm_code
- sms_set_code
- sms_setup
- sms_setup?
- sms_valid_phone?
- split_token
- template_path
- throw_basic_auth_error
- throw_error
- throw_error_status
- timing_safe_eql?
- token_link
- transaction
- two_factor_auth_fallback_redirect
- two_factor_auth_required_redirect
- two_factor_authenticate
- two_factor_authenticated?
- two_factor_authentication_setup?
- two_factor_modifications_require_password?
- two_factor_need_setup_redirect
- two_factor_password_match?
- two_factor_remove
- two_factor_remove_auth_failures
- two_factor_remove_session
- two_factor_update_session
- unique_constraint_violation_class
- unlock_account
- unlock_account_email_body
- unlock_account_email_link
- unlock_account_email_recently_sent?
- update_account
- update_activity
- update_hash_ds
- update_last_activity
- update_last_login
- update_login
- update_password_changed_at
- update_password_hash?
- update_session
- update_single_session_key
- update_sms
- use_database_authentication_functions?
- use_date_arithmetic?
- use_jwt?
- use_multi_phase_login?
- use_request_specific_csrf_tokens?
- uses_two_factor_authentication?
- valid_jwt?
- verified_account?
- verify_account
- verify_account_check_already_logged_in
- verify_account_ds
- verify_account_email_body
- verify_account_email_link
- verify_account_email_recently_sent?
- verify_account_email_resend
- verify_account_key_insert_hash
- verify_account_resend_link
- verify_login_change
- verify_login_change_ds
- verify_login_change_email_body
- verify_login_change_email_link
- verify_login_change_key_insert_hash
- verify_login_change_old_login
- view
Classes and Modules
Constants
| FEATURES | = | {} | ||
| JwtRefresh | = | Feature.define(:jwt_refresh) do depends :jwt after 'refresh_token' before 'refresh_token' auth_value_method :jwt_access_token_key, 'access_token' auth_value_method :jwt_access_token_not_before_period, 5 auth_value_method :jwt_access_token_period, 1800 auth_value_method :jwt_refresh_invalid_token_message, 'invalid JWT refresh token' auth_value_method :jwt_refresh_token_account_id_column, :account_id auth_value_method :jwt_refresh_token_deadline_column, :deadline auth_value_method :jwt_refresh_token_deadline_interval, {:days=>14} auth_value_method :jwt_refresh_token_id_column, :id auth_value_method :jwt_refresh_token_key, 'refresh_token' auth_value_method :jwt_refresh_token_key_column, :key auth_value_method :jwt_refresh_token_key_param, 'refresh_token' auth_value_method :jwt_refresh_token_table, :account_jwt_refresh_keys auth_private_methods( :account_from_refresh_token ) route do |r| r.post do if (refresh_token = param_or_nil(jwt_refresh_token_key_param)) && account_from_refresh_token(refresh_token) formatted_token = nil transaction do before_refresh_token formatted_token = generate_refresh_token remove_jwt_refresh_token_key(refresh_token) after_refresh_token end json_response[jwt_refresh_token_key] = formatted_token json_response[jwt_access_token_key] = session_jwt else json_response[json_response_error_key] = jwt_refresh_invalid_token_message response.status ||= json_response_error_status end response['Content-Type'] ||= json_response_content_type response.write(_json_response_body(json_response)) request.halt end end def update_session super # JWT login puts the access token in the header. # We put the refresh token in the body. # Note, do not put the access_token in the body here, as the access token content is not yet finalised. json_response['refresh_token'] = generate_refresh_token end def set_jwt_token(token) super if json_response[json_response_error_key] json_response.delete(jwt_access_token_key) else json_response[jwt_access_token_key] = token end end def jwt_session_hash h = super t = Time.now.to_i h[:exp] = t + jwt_access_token_period h[:iat] = t h[:nbf] = t - jwt_access_token_not_before_period h end def account_from_refresh_token(token) @account = _account_from_refresh_token(token) end private def _account_from_refresh_token(token) id, token = split_token(token) return unless id && token token_id, key = split_token(token) return unless token_id && key return unless actual = get_active_refresh_token(id, token_id) return unless timing_safe_eql?(key, convert_token_key(actual)) ds = account_ds(id) ds = ds.where(account_status_column=>account_open_status_value) unless skip_status_checks? ds.first end def get_active_refresh_token(account_id, token_id) jwt_refresh_token_account_ds(account_id). where(Sequel::CURRENT_TIMESTAMP > jwt_refresh_token_deadline_column). delete jwt_refresh_token_account_token_ds(account_id, token_id). get(jwt_refresh_token_key_column) end def jwt_refresh_token_account_ds(account_id) jwt_refresh_token_ds.where(jwt_refresh_token_account_id_column => account_id) end def jwt_refresh_token_account_token_ds(account_id, token_id) jwt_refresh_token_account_ds(account_id). where(jwt_refresh_token_id_column=>token_id) end def jwt_refresh_token_ds db[jwt_refresh_token_table] end def remove_jwt_refresh_token_key(token) account_id, token = split_token(token) token_id, _ = split_token(token) jwt_refresh_token_account_token_ds(account_id, token_id).delete end def generate_refresh_token hash = jwt_refresh_token_insert_hash [account_id, jwt_refresh_token_ds.insert(hash), convert_token_key(hash[jwt_refresh_token_key_column])].join(token_separator) end def jwt_refresh_token_insert_hash hash = {jwt_refresh_token_account_id_column => account_id, jwt_refresh_token_key_column => random_key} set_deadline_value(hash, jwt_refresh_token_deadline_column, jwt_refresh_token_deadline_interval) hash end def after_close_account jwt_refresh_token_account_ds(account_id).delete super if defined?(super) end end | ||
| MAJOR | = | 1 |
The major version of |
|
| MINOR | = | 22 |
The minor version of |
|
| TINY | = | 0 |
The patch version of |
|
| VERSION | = | "#{MAJOR}.#{MINOR}.#{TINY}".freeze |
The full version of |
|
| VERSION_NUMBER | = | MAJOR*10000 + MINOR*100 + TINY |
The full version of |
Public Instance Aliases
| account_session_value | -> | account_id | |
| ignore_uniqueness_violation | -> | raises_uniqueness_violation? |
If you just want to ignore uniqueness violations, this alias makes more sense. |
| logged_in? | -> | session_value | |
| raised_uniqueness_violation | -> | raises_uniqueness_violation? |
If you would like to operate/reraise the exception, this alias makes more sense. |
Public Class methods
configure
(app, opts={}, &block)
[show source]
# File lib/rodauth.rb 33 def self.configure(app, opts={}, &block) 34 app.opts[:rodauth_json] = opts.fetch(:json, app.opts[:rodauth_json]) 35 app.opts[:rodauth_csrf] = opts.fetch(:csrf, app.opts[:rodauth_route_csrf]) 36 auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= Class.new(Auth) 37 if !auth_class.roda_class 38 auth_class.roda_class = app 39 elsif auth_class.roda_class != app 40 auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class) 41 auth_class.roda_class = app 42 end 43 auth_class.configure(&block) 44 end
create_database_authentication_functions
(db, opts={})
[show source]
# File lib/rodauth/migrations.rb 4 def self.create_database_authentication_functions(db, opts={}) 5 table_name = opts[:table_name] || :account_password_hashes 6 get_salt_name = opts[:get_salt_name] || :rodauth_get_salt 7 valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash 8 9 case db.database_type 10 when :postgres 11 search_path = opts[:search_path] || 'public, pg_temp' 12 13 db.run <<END 14 CREATE OR REPLACE FUNCTION #{get_salt_name}(acct_id int8) RETURNS text AS $$ 15 DECLARE salt text; 16 BEGIN 17 SELECT substr(password_hash, 0, 30) INTO salt 18 FROM #{table_name} 19 WHERE acct_id = id; 20 RETURN salt; 21 END; 22 $$ LANGUAGE plpgsql 23 SECURITY DEFINER 24 SET search_path = #{search_path}; 25 END 26 27 db.run <<END 28 CREATE OR REPLACE FUNCTION #{valid_hash_name}(acct_id int8, hash text) RETURNS boolean AS $$ 29 DECLARE valid boolean; 30 BEGIN 31 SELECT password_hash = hash INTO valid 32 FROM #{table_name} 33 WHERE acct_id = id; 34 RETURN valid; 35 END; 36 $$ LANGUAGE plpgsql 37 SECURITY DEFINER 38 SET search_path = #{search_path}; 39 END 40 when :mysql 41 db.run <<END 42 CREATE FUNCTION #{get_salt_name}(acct_id int8) RETURNS varchar(255) 43 SQL SECURITY DEFINER 44 READS SQL DATA 45 BEGIN 46 RETURN (SELECT substr(password_hash, 1, 30) 47 FROM #{table_name} 48 WHERE acct_id = id); 49 END; 50 END 51 52 db.run <<END 53 CREATE FUNCTION #{valid_hash_name}(acct_id int8, hash varchar(255)) RETURNS tinyint(1) 54 SQL SECURITY DEFINER 55 READS SQL DATA 56 BEGIN 57 DECLARE valid tinyint(1); 58 DECLARE csr CURSOR FOR 59 SELECT password_hash = hash 60 FROM #{table_name} 61 WHERE acct_id = id; 62 OPEN csr; 63 FETCH csr INTO valid; 64 CLOSE csr; 65 RETURN valid; 66 END; 67 END 68 when :mssql 69 db.run <<END 70 CREATE FUNCTION #{get_salt_name}(@account_id bigint) RETURNS nvarchar(255) 71 WITH EXECUTE AS OWNER 72 AS 73 BEGIN 74 DECLARE @salt nvarchar(255); 75 SELECT @salt = substring(password_hash, 0, 30) 76 FROM #{table_name} 77 WHERE id = @account_id; 78 RETURN @salt; 79 END; 80 END 81 82 db.run <<END 83 CREATE FUNCTION #{valid_hash_name}(@account_id bigint, @hash nvarchar(255)) RETURNS bit 84 WITH EXECUTE AS OWNER 85 AS 86 BEGIN 87 DECLARE @valid bit; 88 DECLARE @ph nvarchar(255); 89 SELECT @ph = password_hash 90 FROM #{table_name} 91 WHERE id = @account_id; 92 IF(@hash = @ph) 93 SET @valid = 1; 94 ELSE 95 SET @valid = 0 96 RETURN @valid; 97 END; 98 END 99 end 100 end
create_database_previous_password_check_functions
(db, opts={})
[show source]
# File lib/rodauth/migrations.rb 116 def self.create_database_previous_password_check_functions(db, opts={}) 117 create_database_authentication_functions(db, {:table_name=>:account_previous_password_hashes, :get_salt_name=>:rodauth_get_previous_salt, :valid_hash_name=>:rodauth_previous_password_hash_match}.merge(opts)) 118 end
drop_database_authentication_functions
(db, opts={})
[show source]
# File lib/rodauth/migrations.rb 102 def self.drop_database_authentication_functions(db, opts={}) 103 get_salt_name = opts[:get_salt_name] || :rodauth_get_salt 104 valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash 105 106 case db.database_type 107 when :postgres 108 db.run "DROP FUNCTION #{get_salt_name}(int8)" 109 db.run "DROP FUNCTION #{valid_hash_name}(int8, text)" 110 when :mysql, :mssql 111 db.run "DROP FUNCTION #{get_salt_name}" 112 db.run "DROP FUNCTION #{valid_hash_name}" 113 end 114 end
drop_database_previous_password_check_functions
(db, opts={})
[show source]
# File lib/rodauth/migrations.rb 120 def self.drop_database_previous_password_check_functions(db, opts={}) 121 drop_database_authentication_functions(db, {:get_salt_name=>:rodauth_get_previous_salt, :valid_hash_name=>:rodauth_previous_password_hash_match}.merge(opts)) 122 end
load_dependencies
(app, opts={})
[show source]
# File lib/rodauth.rb 6 def self.load_dependencies(app, opts={}) 7 json_opt = opts.fetch(:json, app.opts[:rodauth_json]) 8 if json_opt 9 app.plugin :json 10 app.plugin :json_parser 11 end 12 13 unless json_opt == :only 14 require 'tilt/string' 15 app.plugin :render 16 17 case opts.fetch(:csrf, app.opts[:rodauth_route_csrf]) 18 when false 19 # nothing 20 when :route_csrf 21 app.plugin :route_csrf 22 else 23 # :nocov: 24 app.plugin :csrf 25 # :nocov: 26 end 27 28 app.plugin :flash unless opts[:flash] == false 29 app.plugin :h 30 end 31 end
new
(scope)
[show source]
# File lib/rodauth/features/base.rb 117 def initialize(scope) 118 @scope = scope 119 end
Public Instance methods
_account_from_email_auth_key
(token)
[show source]
# File lib/rodauth/features/email_auth.rb 251 def _account_from_email_auth_key(token) 252 account_from_key(token, account_open_status_value){|id| get_email_auth_key(id)} 253 end
_account_from_login
(login)
[show source]
# File lib/rodauth/features/base.rb 498 def _account_from_login(login) 499 ds = db[accounts_table].where(login_column=>login) 500 ds = ds.select(*account_select) if account_select 501 ds = ds.where(account_status_column=>[account_unverified_status_value, account_open_status_value]) unless skip_status_checks? 502 ds.first 503 end
_account_from_reset_password_key
(token)
[show source]
# File lib/rodauth/features/reset_password.rb 265 def _account_from_reset_password_key(token) 266 account_from_key(token, account_open_status_value){|id| get_password_reset_key(id)} 267 end
_account_from_session
()
[show source]
# File lib/rodauth/features/base.rb 505 def _account_from_session 506 ds = account_ds(session_value) 507 ds = ds.where(account_session_status_filter) unless skip_status_checks? 508 ds.first 509 end
_account_from_unlock_key
(token)
[show source]
# File lib/rodauth/features/lockout.rb 306 def _account_from_unlock_key(token) 307 account_from_key(token){|id| account_lockouts_ds(id).get(account_lockouts_key_column)} 308 end
_account_from_verify_account_key
(token)
[show source]
# File lib/rodauth/features/verify_account.rb 314 def _account_from_verify_account_key(token) 315 account_from_key(token, account_unverified_status_value){|id| get_verify_account_key(id)} 316 end
_account_from_verify_login_change_key
(token)
[show source]
# File lib/rodauth/features/verify_login_change.rb 206 def _account_from_verify_login_change_key(token) 207 account_from_key(token) do |id| 208 @verify_login_change_new_login, key = get_verify_login_change_login_and_key(id) 209 key 210 end 211 end
_email_auth_request
()
[show source]
# File lib/rodauth/features/email_auth.rb 189 def _email_auth_request 190 if email_auth_email_recently_sent? 191 set_redirect_error_flash email_auth_email_recently_sent_error_flash 192 redirect email_auth_email_recently_sent_redirect 193 end 194 195 generate_email_auth_key_value 196 transaction do 197 before_email_auth_request 198 create_email_auth_key 199 send_email_auth_email 200 after_email_auth_request 201 end 202 203 set_notice_flash email_auth_email_sent_notice_flash 204 end
_field_attributes
(field)
[show source]
# File lib/rodauth/features/base.rb 515 def _field_attributes(field) 516 nil 517 end
_field_error_attributes
(field)
[show source]
# File lib/rodauth/features/base.rb 519 def _field_error_attributes(field) 520 " aria-invalid=\"true\" aria-describedby=\"#{field}_error_message\" " 521 end
_formatted_field_error
(field, error)
[show source]
# File lib/rodauth/features/base.rb 523 def _formatted_field_error(field, error) 524 "<span class=\"#{input_field_error_message_class}\" id=\"#{field}_error_message\">#{error}</span>" 525 end
_json_response_body
(hash)
[show source]
# File lib/rodauth/features/jwt.rb 217 def _json_response_body(hash) 218 request.send(:convert_to_json, hash) 219 end
_login
()
[show source]
# File lib/rodauth/features/login.rb 86 def _login 87 transaction do 88 before_login 89 update_session 90 after_login 91 end 92 set_notice_flash login_notice_flash 93 redirect login_redirect 94 end
_new_account
(login)
[show source]
# File lib/rodauth/features/create_account.rb 124 def _new_account(login) 125 acc = {login_column=>login} 126 unless skip_status_checks? 127 acc[account_status_column] = account_initial_status_value 128 end 129 acc 130 end
_otp
()
[show source]
# File lib/rodauth/features/otp.rb 406 def _otp 407 otp_class.new(otp_user_key, :issuer=>otp_issuer, :digits=>otp_digits, :interval=>otp_interval) 408 end
_otp_add_key
(secret)
[show source]
# File lib/rodauth/features/otp.rb 395 def _otp_add_key(secret) 396 # Uniqueness errors can't be handled here, as we can't be sure the secret provided 397 # is the same as the current secret. 398 otp_key_ds.insert(otp_keys_id_column=>session_value, otp_keys_column=>secret) 399 end
_otp_key
()
[show source]
# File lib/rodauth/features/otp.rb 401 def _otp_key 402 @otp_user_key = nil 403 otp_key_ds.get(otp_keys_column) 404 end
_otp_tmp_key
(secret)
[show source]
# File lib/rodauth/features/otp.rb 390 def _otp_tmp_key(secret) 391 @otp_user_key = nil 392 @otp_key = secret 393 end
_recovery_codes
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 234 def _recovery_codes 235 recovery_codes_ds.select_map(recovery_codes_column) 236 end
_sms
()
[show source]
# File lib/rodauth/features/sms_codes.rb 497 def _sms 498 sms_ds.first 499 end
_two_factor_auth_required_redirect
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 145 def _two_factor_auth_required_redirect 146 two_factor_auth_required_redirect || two_factor_auth_fallback_redirect || default_redirect 147 end
_update_login
(login)
[show source]
# File lib/rodauth/features/change_login.rb 80 def _update_login(login) 81 updated = nil 82 raised = raises_uniqueness_violation?{updated = update_account({login_column=>login}, account_ds.exclude(login_column=>login)) == 1} 83 if raised 84 @login_requirement_message = already_an_account_with_this_login_message 85 end 86 updated && !raised 87 end
_view
(meth, page)
[show source]
# File lib/rodauth/features/base.rb 639 def _view(meth, page) 640 scope.send(meth, _view_opts(page)) 641 end
_view_opts
(page)
[show source]
# File lib/rodauth/features/base.rb 624 def _view_opts(page) 625 opts = template_opts.dup 626 opts[:locals] = opts[:locals] ? opts[:locals].dup : {} 627 opts[:locals][:rodauth] = self 628 opts[:cache] = cache_templates 629 opts[:cache_key] = :"rodauth_#{page}" 630 631 opts = scope.send(:find_template, scope.send(:parse_template_opts, page, opts)) 632 unless File.file?(scope.send(:template_path, opts)) 633 opts[:path] = template_path(page) 634 end 635 636 opts 637 end
account_activity_ds
(account_id)
[show source]
# File lib/rodauth/features/account_expiration.rb 104 def account_activity_ds(account_id) 105 db[account_activity_table]. 106 where(account_activity_id_column=>account_id) 107 end
account_ds
(id=account_id)
[show source]
# File lib/rodauth/features/base.rb 535 def account_ds(id=account_id) 536 raise ArgumentError, "invalid account id passed to account_ds" unless id 537 ds = db[accounts_table].where(account_id_column=>id) 538 ds = ds.select(*account_select) if account_select 539 ds 540 end
account_expired?
()
[show source]
# File lib/rodauth/features/account_expiration.rb 54 def account_expired? 55 columns = [account_activity_last_activity_column, account_activity_last_login_column, account_activity_expired_column] 56 last_activity, last_login, expired = account_activity_ds(account_id).get(columns) 57 return true if expired 58 timestamp = convert_timestamp(expire_account_on_last_activity? ? last_activity : last_login) 59 return false unless timestamp 60 timestamp < Time.now - expire_account_after 61 end
account_expired_at
()
[show source]
# File lib/rodauth/features/account_expiration.rb 35 def account_expired_at 36 get_activity_timestamp(account_id, account_activity_expired_column) 37 end
account_from_email_auth_key
(key)
[show source]
# File lib/rodauth/features/email_auth.rb 133 def account_from_email_auth_key(key) 134 @account = _account_from_email_auth_key(key) 135 end
account_from_key
(token, status_id=nil)
[show source]
# File lib/rodauth/features/email_base.rb 56 def account_from_key(token, status_id=nil) 57 id, key = split_token(token) 58 return unless id && key 59 60 return unless actual = yield(id) 61 62 unless timing_safe_eql?(key, convert_email_token_key(actual)) 63 if hmac_secret && allow_raw_email_token? 64 return unless timing_safe_eql?(key, actual) 65 else 66 return 67 end 68 end 69 70 ds = account_ds(id) 71 ds = ds.where(account_status_column=>status_id) if status_id && !skip_status_checks? 72 ds.first 73 end
account_from_login
(login)
[show source]
# File lib/rodauth/features/base.rb 213 def account_from_login(login) 214 @account = _account_from_login(login) 215 end
account_from_reset_password_key
(key)
[show source]
# File lib/rodauth/features/password_expiration.rb 45 def account_from_reset_password_key(key) 46 if a = super 47 check_password_change_allowed 48 end 49 a 50 end
account_from_session
()
[show source]
# File lib/rodauth/features/base.rb 292 def account_from_session 293 @account = _account_from_session 294 end
account_from_unlock_key
(key)
[show source]
# File lib/rodauth/features/lockout.rb 215 def account_from_unlock_key(key) 216 @account = _account_from_unlock_key(key) 217 end
account_from_verify_account_key
(key)
[show source]
# File lib/rodauth/features/verify_account.rb 195 def account_from_verify_account_key(key) 196 @account = _account_from_verify_account_key(key) 197 end
account_from_verify_login_change_key
(key)
[show source]
# File lib/rodauth/features/verify_login_change.rb 116 def account_from_verify_login_change_key(key) 117 @account = _account_from_verify_login_change_key(key) 118 end
account_id
()
[show source]
# File lib/rodauth/features/base.rb 203 def account_id 204 account[account_id_column] 205 end
account_in_unverified_grace_period?
()
[show source]
# File lib/rodauth/features/verify_account_grace_period.rb 66 def account_in_unverified_grace_period? 67 account[account_status_column] == account_unverified_status_value && 68 verify_account_grace_period && 69 !verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty? 70 end
account_initial_status_value
()
[show source]
# File lib/rodauth/features/base.rb 288 def account_initial_status_value 289 account_open_status_value 290 end
account_lockouts_ds
(id=account_id)
[show source]
# File lib/rodauth/features/lockout.rb 302 def account_lockouts_ds(id=account_id) 303 db[account_lockouts_table].where(account_lockouts_id_column=>id) 304 end
account_login_failures_ds
()
[show source]
# File lib/rodauth/features/lockout.rb 298 def account_login_failures_ds 299 db[account_login_failures_table].where(account_login_failures_id_column=>account_id) 300 end
account_model
(model)
[show source]
# File lib/rodauth/features/base.rb 106 def account_model(model) 107 warn "account_model is deprecated, use db and accounts_table settings" 108 db model.db 109 accounts_table model.table_name 110 account_select model.dataset.opts[:select] 111 end
account_password_hash_column
()
If the account_password_hash_column is set, the password hash is verified in ruby, it will not use a database function to do so, it will check the password hash using bcrypt.
[show source]
# File lib/rodauth/features/base.rb 228 def account_password_hash_column 229 nil 230 end
account_session_status_filter
()
[show source]
# File lib/rodauth/features/base.rb 527 def account_session_status_filter 528 {account_status_column=>account_open_status_value} 529 end
active_remember_key_ds
(id=account_id)
[show source]
# File lib/rodauth/features/remember.rb 216 def active_remember_key_ds(id=account_id) 217 remember_key_ds(id).where(Sequel.expr(remember_deadline_column) > Sequel::CURRENT_TIMESTAMP) 218 end
add_field_error_class
(field)
[show source]
# File lib/rodauth/features/base.rb 158 def add_field_error_class(field) 159 if field_error(field) 160 " #{input_field_error_class}" 161 end 162 end
add_previous_password_hash
(hash)
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 25 def add_previous_password_hash(hash) 26 ds = previous_password_ds 27 keep_before = ds.reverse(previous_password_id_column). 28 limit(nil, previous_passwords_to_check). 29 get(previous_password_id_column) 30 31 if keep_before 32 ds.where(Sequel.expr(previous_password_id_column) <= keep_before). 33 delete 34 end 35 36 # This should never raise uniqueness violations, as it uses a serial primary key 37 ds.insert(previous_password_account_id_column=>account_id, previous_password_hash_column=>hash) 38 end
add_recovery_code
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 215 def add_recovery_code 216 # This should never raise uniqueness violations unless the recovery code is the same, and the odds of that 217 # are 1/256**32 assuming a good random number generator. Still, attempt to handle that case by retrying 218 # on such a uniqueness violation. 219 retry_on_uniqueness_violation do 220 recovery_codes_ds.insert(recovery_codes_id_column=>session_value, recovery_codes_column=>new_recovery_code) 221 end 222 end
add_recovery_codes
(number)
[show source]
# File lib/rodauth/features/recovery_codes.rb 205 def add_recovery_codes(number) 206 return if number <= 0 207 transaction do 208 number.times do 209 add_recovery_code 210 end 211 end 212 remove_instance_variable(:@recovery_codes) 213 end
add_remember_key
()
[show source]
# File lib/rodauth/features/remember.rb 162 def add_remember_key 163 hash = {remember_id_column=>account_id, remember_key_column=>remember_key_value} 164 set_deadline_value(hash, remember_deadline_column, remember_deadline_interval) 165 166 if e = raised_uniqueness_violation{remember_key_ds.insert(hash)} 167 # If inserting into the remember key table causes a violation, we can pull the 168 # existing row from the table. If there is no invalid row, we can then reraise. 169 raise e unless @remember_key_value = active_remember_key_ds.get(remember_key_column) 170 end 171 end
after_change_login
()
[show source]
# File lib/rodauth/features/verify_change_login.rb 13 def after_change_login 14 super 15 update_account(account_status_column=>account_unverified_status_value) 16 setup_account_verification 17 session[unverified_account_session_key] = true 18 end
after_change_password
()
[show source]
# File lib/rodauth/features/change_password_notify.rb 31 def after_change_password 32 super 33 send_password_changed_email 34 end
after_close_account
()
[show source]
# File lib/rodauth/features/account_expiration.rb 94 def after_close_account 95 super if defined?(super) 96 account_activity_ds(account_id).delete 97 end
after_confirm_password
()
[show source]
# File lib/rodauth/features/remember.rb 197 def after_confirm_password 198 super 199 clear_remembered_session_key 200 end
after_create_account
()
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 72 def after_create_account 73 if account_password_hash_column && !(respond_to?(:verify_account_set_password?) && verify_account_set_password?) 74 add_previous_password_hash(password_hash(param(password_param))) 75 end 76 super if defined?(super) 77 end
after_login
()
[show source]
# File lib/rodauth/features/email_auth.rb 208 def after_login 209 # Remove the email auth key after any login, even if 210 # it is a password login. This is done to invalidate 211 # the email login when a user has a password and requests 212 # email authentication, but then remembers their password 213 # and doesn't need the link. At that point, the link 214 # that allows login access to the account becomes a 215 # security liability, and it is best to remove it. 216 remove_email_auth_key 217 super if defined?(super) 218 end
after_login_entered_during_multi_phase_login
()
[show source]
# File lib/rodauth/features/email_auth.rb 161 def after_login_entered_during_multi_phase_login 162 if force_email_auth? 163 # If the account does not have a password hash, just send the 164 # email link. 165 _email_auth_request 166 redirect email_auth_email_sent_redirect 167 else 168 # If the account has a password hash, allow password login, but 169 # show form below to also login via email link. 170 super 171 @email_auth_request_form = email_auth_request_form 172 end 173 end
after_login_failure
()
[show source]
# File lib/rodauth/features/lockout.rb 256 def after_login_failure 257 invalid_login_attempted 258 super 259 end
after_logout
()
[show source]
# File lib/rodauth/features/remember.rb 187 def after_logout 188 forget_login 189 super if defined?(super) 190 end
after_reset_password
()
[show source]
# File lib/rodauth/features/password_grace_period.rb 27 def after_reset_password 28 super if defined?(super) 29 @last_password_entry = Time.now.to_i 30 end
allow_resending_verify_account_email?
()
[show source]
# File lib/rodauth/features/verify_account.rb 161 def allow_resending_verify_account_email? 162 account[account_status_column] == account_unverified_status_value 163 end
already_logged_in
()
[show source]
# File lib/rodauth/features/base.rb 236 def already_logged_in 237 nil 238 end
auth_class_eval
(&block)
[show source]
# File lib/rodauth/features/base.rb 102 def auth_class_eval(&block) 103 auth.class_eval(&block) 104 end
authenticated?
()
[show source]
# File lib/rodauth/features/base.rb 280 def authenticated? 281 logged_in? 282 end
base32_encode
(data, length)
:nocov:
[show source]
# File lib/rodauth/features/otp.rb 378 def base32_encode(data, length) 379 chars = 'abcdefghijklmnopqrstuvwxyz234567' 380 length.times.map{|i|chars[data[i] % 32].chr}.join 381 end
before_change_login_route
()
[show source]
# File lib/rodauth/features/verify_account_grace_period.rb 36 def before_change_login_route 37 unless verified_account? 38 set_redirect_error_flash unverified_change_login_error_flash 39 redirect unverified_change_login_redirect 40 end 41 super if defined?(super) 42 end
before_change_password_route
()
[show source]
# File lib/rodauth/features/password_expiration.rb 90 def before_change_password_route 91 check_password_change_allowed 92 super 93 end
before_login_attempt
()
[show source]
# File lib/rodauth/features/lockout.rb 244 def before_login_attempt 245 if locked_out? 246 show_lockout_page 247 end 248 super 249 end
before_logout
()
[show source]
# File lib/rodauth/features/single_session.rb 80 def before_logout 81 reset_single_session_key if request.post? 82 super if defined?(super) 83 end
before_otp_authentication_route
(&block)
[show source]
# File lib/rodauth/features/otp.rb 23 def before_otp_authentication_route(&block) 24 warn "before_otp_authentication_route is deprecated, switch to before_otp_auth_route" 25 before_otp_auth_route(&block) 26 end
before_otp_setup_route
()
[show source]
# File lib/rodauth/features/jwt.rb 176 def before_otp_setup_route 177 super if defined?(super) 178 if use_jwt? && otp_keys_use_hmac? && !param_or_nil(otp_setup_raw_param) 179 _otp_tmp_key(otp_new_secret) 180 json_response[otp_setup_param] = otp_user_key 181 json_response[otp_setup_raw_param] = otp_key 182 end 183 end
before_reset_password
()
[show source]
# File lib/rodauth/features/account_expiration.rb 74 def before_reset_password 75 check_account_expiration 76 super if defined?(super) 77 end
before_reset_password_request
()
[show source]
# File lib/rodauth/features/account_expiration.rb 79 def before_reset_password_request 80 check_account_expiration 81 super if defined?(super) 82 end
before_rodauth
()
[show source]
# File lib/rodauth/features/jwt.rb 143 def before_rodauth 144 if json_request? 145 if jwt_check_accept? && (accept = request.env['HTTP_ACCEPT']) && accept !~ json_accept_regexp 146 response.status = 406 147 json_response[json_response_error_key] = json_not_accepted_error_message 148 response['Content-Type'] ||= json_response_content_type 149 response.write(request.send(:convert_to_json, json_response)) 150 request.halt 151 end 152 153 unless request.post? 154 response.status = 405 155 response.headers['Allow'] = 'POST' 156 json_response[json_response_error_key] = json_non_post_error_message 157 return_json_response 158 end 159 elsif only_json? 160 response.status = json_response_error_status 161 response.write non_json_request_error_message 162 request.halt 163 end 164 165 super 166 end
before_unlock_account
()
[show source]
# File lib/rodauth/features/account_expiration.rb 84 def before_unlock_account 85 check_account_expiration 86 super if defined?(super) 87 end
before_unlock_account_request
()
[show source]
# File lib/rodauth/features/account_expiration.rb 89 def before_unlock_account_request 90 check_account_expiration 91 super if defined?(super) 92 end
before_view_recovery_codes
()
[show source]
# File lib/rodauth/features/jwt.rb 168 def before_view_recovery_codes 169 super if defined?(super) 170 if use_jwt? 171 json_response[:codes] = recovery_codes 172 json_response[json_response_success_key] ||= "" if include_success_messages? 173 end 174 end
button
(value, opts={})
[show source]
# File lib/rodauth/features/base.rb 317 def button(value, opts={}) 318 scope.render(button_opts(value, opts)) 319 end
button_opts
(value, opts)
[show source]
# File lib/rodauth/features/base.rb 308 def button_opts(value, opts) 309 opts = Hash[template_opts].merge!(opts) 310 opts[:locals] = {:value=>value, :opts=>opts} 311 opts[:path] = template_path('button') 312 opts[:cache] = cache_templates 313 opts[:cache_key] = :rodauth_button 314 opts 315 end
can_add_recovery_codes?
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 201 def can_add_recovery_codes? 202 recovery_codes.length < recovery_codes_limit 203 end
catch_error
(&block)
[show source]
# File lib/rodauth/features/base.rb 429 def catch_error(&block) 430 catch(:rodauth_error, &block) 431 end
change_login
(login)
[show source]
# File lib/rodauth/features/change_login.rb 65 def change_login(login) 66 if account_ds.get(login_column).downcase == login.downcase 67 @login_requirement_message = 'same as current login' 68 return false 69 end 70 71 update_login(login) 72 end
change_login_notice_flash
()
[show source]
# File lib/rodauth/features/verify_change_login.rb 7 def change_login_notice_flash 8 "#{super}. #{verify_account_email_sent_notice_flash}" 9 end
change_login_requires_password?
()
[show source]
# File lib/rodauth/features/change_login.rb 61 def change_login_requires_password? 62 modifications_require_password? 63 end
change_password_requires_password?
()
[show source]
# File lib/rodauth/features/change_password.rb 66 def change_password_requires_password? 67 modifications_require_password? 68 end
check_account_expiration
()
[show source]
# File lib/rodauth/features/account_expiration.rb 63 def check_account_expiration 64 if account_expired? 65 set_expired unless account_expired_at 66 set_redirect_error_flash account_expiration_error_flash 67 redirect account_expiration_redirect 68 end 69 update_last_login 70 end
check_already_logged_in
()
[show source]
# File lib/rodauth/features/base.rb 232 def check_already_logged_in 233 already_logged_in if logged_in? 234 end
check_password_change_allowed
()
[show source]
# File lib/rodauth/features/password_expiration.rb 30 def check_password_change_allowed 31 if password_changed_at = get_password_changed_at 32 if password_changed_at > Time.now - allow_password_change_after 33 set_redirect_error_flash password_not_changeable_yet_error_flash 34 redirect password_not_changeable_yet_redirect 35 end 36 end 37 end
check_session_expiration
()
[show source]
# File lib/rodauth/features/session_expiration.rb 15 def check_session_expiration 16 return unless logged_in? 17 18 unless session.has_key?(session_last_activity_session_key) && session.has_key?(session_created_session_key) 19 if session_expiration_default 20 expire_session 21 end 22 23 return 24 end 25 26 time = Time.now.to_i 27 28 if session[session_last_activity_session_key] + session_inactivity_timeout < time 29 expire_session 30 end 31 set_session_value(session_last_activity_session_key, time) 32 33 if session[session_created_session_key] + max_session_lifetime < time 34 expire_session 35 end 36 end
check_single_session
()
[show source]
# File lib/rodauth/features/single_session.rb 50 def check_single_session 51 if logged_in? && !currently_active_session? 52 no_longer_active_session 53 end 54 end
clear_cached_otp
()
[show source]
# File lib/rodauth/features/otp.rb 342 def clear_cached_otp 343 remove_instance_variable(:@otp) if defined?(@otp) 344 end
clear_invalid_login_attempts
()
[show source]
# File lib/rodauth/features/lockout.rb 165 def clear_invalid_login_attempts 166 unlock_account 167 end
clear_remembered_session_key
()
[show source]
# File lib/rodauth/features/remember.rb 177 def clear_remembered_session_key 178 session.delete(remembered_session_key) 179 end
clear_session
()
[show source]
# File lib/rodauth/features/base.rb 240 def clear_session 241 if scope.respond_to?(:clear_session) 242 scope.clear_session 243 else 244 session.clear 245 end 246 end
close_account
()
[show source]
# File lib/rodauth/features/close_account.rb 62 def close_account 63 unless skip_status_checks? 64 update_account(account_status_column=>account_closed_status_value) 65 end 66 67 unless account_password_hash_column 68 password_hash_ds.delete 69 end 70 end
close_account_requires_password?
()
[show source]
# File lib/rodauth/features/close_account.rb 58 def close_account_requires_password? 59 modifications_require_password? 60 end
compute_hmac
(data)
Return urlsafe base64 HMAC for data, assumes hmac_secret is set.
[show source]
# File lib/rodauth/features/base.rb 197 def compute_hmac(data) 198 s = [compute_raw_hmac(data)].pack('m').chomp!("=\n") 199 s.tr!('+/', '-_') 200 s 201 end
compute_raw_hmac
(data)
[show source]
# File lib/rodauth/features/base.rb 511 def compute_raw_hmac(data) 512 OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, hmac_secret, data) 513 end
confirm_password
()
[show source]
# File lib/rodauth/features/confirm_password.rb 45 def confirm_password 46 nil 47 end
confirm_password_redirect
()
[show source]
# File lib/rodauth/features/confirm_password.rb 49 def confirm_password_redirect 50 session.delete(confirm_password_redirect_session_key) || default_redirect 51 end
convert_email_token_key
(key)
[show source]
# File lib/rodauth/features/email_base.rb 52 def convert_email_token_key(key) 53 convert_token_key(key) 54 end
convert_session_key
(key)
[show source]
# File lib/rodauth/features/base.rb 408 def convert_session_key(key) 409 scope.opts[:sessions_convert_symbols] ? key.to_s : key 410 end
convert_timestamp
(timestamp)
This is needed for jdbc/sqlite, which returns timestamp columns as strings
[show source]
# File lib/rodauth/features/base.rb 547 def convert_timestamp(timestamp) 548 timestamp = db.to_application_timestamp(timestamp) if timestamp.is_a?(String) 549 timestamp 550 end
convert_token_key
(key)
[show source]
# File lib/rodauth/features/base.rb 374 def convert_token_key(key) 375 if key && hmac_secret 376 compute_hmac(key) 377 else 378 key 379 end 380 end
create_account_autologin?
()
[show source]
# File lib/rodauth/features/verify_account.rb 219 def create_account_autologin? 220 false 221 end
create_account_link
()
[show source]
# File lib/rodauth/features/create_account.rb 91 def create_account_link 92 "<p><a href=\"#{prefix}/#{create_account_route}\">Create a New Account</a></p>" 93 end
create_account_notice_flash
()
[show source]
# File lib/rodauth/features/verify_account.rb 181 def create_account_notice_flash 182 verify_account_email_sent_notice_flash 183 end
create_account_set_password?
()
[show source]
# File lib/rodauth/features/verify_account.rb 231 def create_account_set_password? 232 return false if verify_account_set_password? 233 super 234 end
create_email
(subject, body)
[show source]
# File lib/rodauth/features/email_base.rb 27 def create_email(subject, body) 28 create_email_to(email_to, subject, body) 29 end
create_email_auth_email
()
[show source]
# File lib/rodauth/features/email_auth.rb 229 def create_email_auth_email 230 create_email(email_auth_email_subject, email_auth_email_body) 231 end
create_email_auth_key
()
[show source]
# File lib/rodauth/features/email_auth.rb 104 def create_email_auth_key 105 transaction do 106 if email_auth_key_value = get_email_auth_key(account_id) 107 set_email_auth_email_last_sent 108 @email_auth_key_value = email_auth_key_value 109 elsif e = raised_uniqueness_violation{email_auth_ds.insert(email_auth_key_insert_hash)} 110 # If inserting into the email auth table causes a violation, we can pull the 111 # existing email auth key from the table, or reraise. 112 raise e unless @email_auth_key_value = get_email_auth_key(account_id) 113 end 114 end 115 end
create_email_to
(to, subject, body)
[show source]
# File lib/rodauth/features/email_base.rb 31 def create_email_to(to, subject, body) 32 m = Mail.new 33 m.from = email_from 34 m.to = to 35 m.subject = "#{email_subject_prefix}#{subject}" 36 m.body = body 37 m 38 end
create_password_changed_email
()
[show source]
# File lib/rodauth/features/change_password_notify.rb 23 def create_password_changed_email 24 create_email(password_changed_email_subject, password_changed_email_body) 25 end
create_reset_password_email
()
[show source]
# File lib/rodauth/features/reset_password.rb 239 def create_reset_password_email 240 create_email(reset_password_email_subject, reset_password_email_body) 241 end
create_reset_password_key
()
[show source]
# File lib/rodauth/features/reset_password.rb 160 def create_reset_password_key 161 transaction do 162 if reset_password_key_value = get_password_reset_key(account_id) 163 set_reset_password_email_last_sent 164 @reset_password_key_value = reset_password_key_value 165 elsif e = raised_uniqueness_violation{password_reset_ds.insert(reset_password_key_insert_hash)} 166 # If inserting into the reset password table causes a violation, we can pull the 167 # existing reset password key from the table, or reraise. 168 raise e unless @reset_password_key_value = get_password_reset_key(account_id) 169 end 170 end 171 end
create_unlock_account_email
()
[show source]
# File lib/rodauth/features/lockout.rb 282 def create_unlock_account_email 283 create_email(unlock_account_email_subject, unlock_account_email_body) 284 end
create_verify_account_email
()
[show source]
# File lib/rodauth/features/verify_account.rb 302 def create_verify_account_email 303 create_email(verify_account_email_subject, verify_account_email_body) 304 end
create_verify_account_key
()
[show source]
# File lib/rodauth/features/verify_account.rb 285 def create_verify_account_key 286 ds = verify_account_ds 287 transaction do 288 if ds.empty? 289 if e = raised_uniqueness_violation{ds.insert(verify_account_key_insert_hash)} 290 # If inserting into the verify account table causes a violation, we can pull the 291 # key from the verify account table, or reraise. 292 raise e unless @verify_account_key_value = get_verify_account_key(account_id) 293 end 294 end 295 end 296 end
create_verify_login_change_email
(login)
[show source]
# File lib/rodauth/features/verify_login_change.rb 194 def create_verify_login_change_email(login) 195 create_email_to(login, verify_login_change_email_subject, verify_login_change_email_body) 196 end
create_verify_login_change_key
(login)
[show source]
# File lib/rodauth/features/verify_login_change.rb 172 def create_verify_login_change_key(login) 173 ds = verify_login_change_ds 174 transaction do 175 ds.where((Sequel::CURRENT_TIMESTAMP > verify_login_change_deadline_column) | ~Sequel.expr(verify_login_change_login_column=>login)).delete 176 if e = raised_uniqueness_violation{ds.insert(verify_login_change_key_insert_hash(login))} 177 old_login, key = get_verify_login_change_login_and_key(account_id) 178 # If inserting into the verify login change table causes a violation, we can pull the 179 # key from the verify login change table if the logins match, or reraise. 180 @verify_login_change_key_value = if old_login.downcase == login.downcase 181 key 182 end 183 raise e unless @verify_login_change_key_value 184 end 185 end 186 end
csrf_tag
(path=request.path)
[show source]
# File lib/rodauth/features/base.rb 296 def csrf_tag(path=request.path) 297 return unless scope.respond_to?(:csrf_tag) 298 299 if use_request_specific_csrf_tokens? 300 scope.csrf_tag(path) 301 else 302 # :nocov: 303 scope.csrf_tag 304 # :nocov: 305 end 306 end
currently_active_session?
()
[show source]
# File lib/rodauth/features/single_session.rb 27 def currently_active_session? 28 single_session_key = session[single_session_session_key] 29 current_key = single_session_ds.get(single_session_key_column) 30 if single_session_key.nil? 31 unless current_key 32 # No row exists for this user, indicating the feature has never 33 # been used, so it is OK to treat the current session as a new 34 # session. 35 update_single_session_key 36 end 37 true 38 elsif current_key 39 if hmac_secret 40 valid = timing_safe_eql?(single_session_key, compute_hmac(current_key)) 41 if !valid && !allow_raw_single_session_key? 42 return false 43 end 44 end 45 46 valid || timing_safe_eql?(single_session_key, current_key) 47 end 48 end
db
()
[show source]
# File lib/rodauth/features/base.rb 221 def db 222 Sequel::DATABASES.first 223 end
default_field_attributes
()
[show source]
# File lib/rodauth/features/base.rb 174 def default_field_attributes 175 if mark_input_fields_as_required? 176 "required=\"required\"" 177 end 178 end
delete_account
()
[show source]
# File lib/rodauth/features/close_account.rb 72 def delete_account 73 account_ds.delete 74 end
delete_account_on_close?
()
[show source]
# File lib/rodauth/features/close_account.rb 76 def delete_account_on_close? 77 skip_status_checks? 78 end
disable_remember_login
()
[show source]
# File lib/rodauth/features/remember.rb 158 def disable_remember_login 159 remove_remember_key 160 end
email_auth_ds
(id=account_id)
[show source]
# File lib/rodauth/features/email_auth.rb 247 def email_auth_ds(id=account_id) 248 db[email_auth_table].where(email_auth_id_column=>id) 249 end
email_auth_email_body
()
[show source]
# File lib/rodauth/features/email_auth.rb 233 def email_auth_email_body 234 render('email-auth-email') 235 end
email_auth_email_link
()
[show source]
# File lib/rodauth/features/email_auth.rb 141 def email_auth_email_link 142 token_link(email_auth_route, email_auth_key_param, email_auth_key_value) 143 end
email_auth_email_recently_sent?
()
[show source]
# File lib/rodauth/features/email_auth.rb 185 def email_auth_email_recently_sent? 186 (email_last_sent = get_email_auth_email_last_sent) && (Time.now - email_last_sent < email_auth_skip_resend_email_within) 187 end
email_auth_key_insert_hash
()
[show source]
# File lib/rodauth/features/email_auth.rb 241 def email_auth_key_insert_hash 242 hash = {email_auth_id_column=>account_id, email_auth_key_column=>email_auth_key_value} 243 set_deadline_value(hash, email_auth_deadline_column, email_auth_deadline_interval) 244 hash 245 end
email_auth_request_form
()
[show source]
# File lib/rodauth/features/email_auth.rb 157 def email_auth_request_form 158 render('email-auth-request-form') 159 end
email_from
()
[show source]
# File lib/rodauth/features/email_base.rb 40 def email_from 41 "webmaster@#{request.host}" 42 end
email_to
()
[show source]
# File lib/rodauth/features/email_base.rb 44 def email_to 45 account[login_column] 46 end
expire_session
()
[show source]
# File lib/rodauth/features/session_expiration.rb 38 def expire_session 39 clear_session 40 set_redirect_error_flash session_expiration_error_flash 41 redirect session_expiration_redirect 42 end
features
()
[show source]
# File lib/rodauth/features/base.rb 121 def features 122 self.class.features 123 end
field_attributes
(field)
[show source]
# File lib/rodauth/features/base.rb 180 def field_attributes(field) 181 _field_attributes(field) || default_field_attributes 182 end
field_error
(field)
[show source]
# File lib/rodauth/features/base.rb 153 def field_error(field) 154 return nil unless @field_errors 155 @field_errors[field] 156 end
field_error_attributes
(field)
[show source]
# File lib/rodauth/features/base.rb 184 def field_error_attributes(field) 185 if field_error(field) 186 _field_error_attributes(field) 187 end 188 end
force_email_auth?
()
[show source]
# File lib/rodauth/features/email_auth.rb 179 def force_email_auth? 180 get_password_hash.nil? 181 end
forget_login
()
[show source]
# File lib/rodauth/features/remember.rb 143 def forget_login 144 ::Rack::Utils.delete_cookie_header!(response.headers, remember_cookie_key, remember_cookie_options) 145 end
formatted_field_error
(field)
[show source]
# File lib/rodauth/features/base.rb 190 def formatted_field_error(field) 191 if error = field_error(field) 192 _formatted_field_error(field, error) 193 end 194 end
function_name
(name)
[show source]
# File lib/rodauth/features/base.rb 474 def function_name(name) 475 if db.database_type == :mssql 476 # :nocov: 477 "dbo.#{name}" 478 # :nocov: 479 else 480 name 481 end 482 end
generate_email_auth_key_value
()
[show source]
# File lib/rodauth/features/email_auth.rb 225 def generate_email_auth_key_value 226 @email_auth_key_value = random_key 227 end
generate_remember_key_value
()
[show source]
# File lib/rodauth/features/remember.rb 204 def generate_remember_key_value 205 @remember_key_value = random_key 206 end
generate_reset_password_key_value
()
[show source]
# File lib/rodauth/features/reset_password.rb 235 def generate_reset_password_key_value 236 @reset_password_key_value = random_key 237 end
generate_unlock_account_key
()
[show source]
# File lib/rodauth/features/lockout.rb 266 def generate_unlock_account_key 267 random_key 268 end
generate_verify_account_key_value
()
[show source]
# File lib/rodauth/features/verify_account.rb 281 def generate_verify_account_key_value 282 @verify_account_key_value = random_key 283 end
generate_verify_login_change_key_value
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 168 def generate_verify_login_change_key_value 169 @verify_login_change_key_value = random_key 170 end
get_activity_timestamp
(account_id, column)
[show source]
# File lib/rodauth/features/account_expiration.rb 109 def get_activity_timestamp(account_id, column) 110 convert_timestamp(account_activity_ds(account_id).get(column)) 111 end
get_email_auth_email_last_sent
()
[show source]
# File lib/rodauth/features/email_auth.rb 121 def get_email_auth_email_last_sent 122 if column = email_auth_email_last_sent_column 123 if ts = email_auth_ds.get(column) 124 convert_timestamp(ts) 125 end 126 end 127 end
get_email_auth_key
(id)
[show source]
# File lib/rodauth/features/email_auth.rb 145 def get_email_auth_key(id) 146 ds = email_auth_ds(id) 147 ds.where(Sequel::CURRENT_TIMESTAMP > email_auth_deadline_column).delete 148 ds.get(email_auth_key_column) 149 end
get_password_changed_at
()
[show source]
# File lib/rodauth/features/password_expiration.rb 26 def get_password_changed_at 27 convert_timestamp(password_expiration_ds.get(password_expiration_changed_at_column)) 28 end
get_password_hash
()
Get the password hash for the user. When using database authentication functions, note that only the salt is returned.
[show source]
# File lib/rodauth/features/base.rb 486 def get_password_hash 487 if account_password_hash_column 488 account[account_password_hash_column] 489 elsif use_database_authentication_functions? 490 db.get(Sequel.function(function_name(:rodauth_get_salt), account_id)) 491 else 492 # :nocov: 493 password_hash_ds.get(password_hash_column) 494 # :nocov: 495 end 496 end
get_password_reset_key
(id)
[show source]
# File lib/rodauth/features/reset_password.rb 189 def get_password_reset_key(id) 190 ds = password_reset_ds(id) 191 ds.where(Sequel::CURRENT_TIMESTAMP > reset_password_deadline_column).delete 192 ds.get(reset_password_key_column) 193 end
get_remember_key
()
[show source]
# File lib/rodauth/features/remember.rb 147 def get_remember_key 148 unless @remember_key_value = active_remember_key_ds.get(remember_key_column) 149 generate_remember_key_value 150 transaction do 151 remove_remember_key 152 add_remember_key 153 end 154 end 155 nil 156 end
get_reset_password_email_last_sent
()
[show source]
# File lib/rodauth/features/reset_password.rb 207 def get_reset_password_email_last_sent 208 if column = reset_password_email_last_sent_column 209 if ts = password_reset_ds.get(column) 210 convert_timestamp(ts) 211 end 212 end 213 end
get_unlock_account_email_last_sent
()
[show source]
# File lib/rodauth/features/lockout.rb 228 def get_unlock_account_email_last_sent 229 if column = account_lockouts_email_last_sent_column 230 if ts = account_lockouts_ds.get(column) 231 convert_timestamp(ts) 232 end 233 end 234 end
get_unlock_account_key
()
[show source]
# File lib/rodauth/features/lockout.rb 211 def get_unlock_account_key 212 account_lockouts_ds.get(account_lockouts_key_column) 213 end
get_verify_account_email_last_sent
()
[show source]
# File lib/rodauth/features/verify_account.rb 240 def get_verify_account_email_last_sent 241 if column = verify_account_email_last_sent_column 242 if ts = verify_account_ds.get(column) 243 convert_timestamp(ts) 244 end 245 end 246 end
get_verify_account_key
(id)
[show source]
# File lib/rodauth/features/verify_account.rb 211 def get_verify_account_key(id) 212 verify_account_ds(id).get(verify_account_key_column) 213 end
get_verify_login_change_login_and_key
(id)
[show source]
# File lib/rodauth/features/verify_login_change.rb 128 def get_verify_login_change_login_and_key(id) 129 verify_login_change_ds(id).get([verify_login_change_login_column, verify_login_change_key_column]) 130 end
include_success_messages?
()
[show source]
# File lib/rodauth/features/jwt.rb 197 def include_success_messages? 198 !json_response_success_key.nil? 199 end
input_field_string
(param, id, opts={})
[show source]
# File lib/rodauth/features/base.rb 164 def input_field_string(param, id, opts={}) 165 type = opts.fetch(:type, "text") 166 167 unless type == "password" 168 value = opts.fetch(:value){scope.h param(param)} 169 end 170 171 "<input #{opts[:attr]} #{field_attributes(param)} #{field_error_attributes(param)} type=\"#{type}\" class=\"form-control#{add_field_error_class(param)}\" name=\"#{param}\" id=\"#{id}\" value=\"#{value}\"/> #{formatted_field_error(param)}" 172 end
invalid_login_attempted
()
[show source]
# File lib/rodauth/features/lockout.rb 169 def invalid_login_attempted 170 ds = account_login_failures_ds. 171 where(account_login_failures_id_column=>account_id) 172 173 number = if db.database_type == :postgres 174 ds.returning(account_login_failures_number_column). 175 with_sql(:update_sql, account_login_failures_number_column=>Sequel.expr(account_login_failures_number_column)+1). 176 single_value 177 else 178 # :nocov: 179 if ds.update(account_login_failures_number_column=>Sequel.expr(account_login_failures_number_column)+1) > 0 180 ds.get(account_login_failures_number_column) 181 end 182 # :nocov: 183 end 184 185 unless number 186 # Ignoring the violation is safe here. It may allow slightly more than max_invalid_logins invalid logins before 187 # lockout, but allowing a few extra is OK if the race is lost. 188 ignore_uniqueness_violation{account_login_failures_ds.insert(account_login_failures_id_column=>account_id)} 189 number = 1 190 end 191 192 if number >= max_invalid_logins 193 @unlock_account_key_value = generate_unlock_account_key 194 hash = {account_lockouts_id_column=>account_id, account_lockouts_key_column=>unlock_account_key_value} 195 set_deadline_value(hash, account_lockouts_deadline_column, account_lockouts_deadline_interval) 196 197 if e = raised_uniqueness_violation{account_lockouts_ds.insert(hash)} 198 # If inserting into the lockout table raises a violation, we should just be able to pull the already inserted 199 # key out of it. If that doesn't return a valid key, we should reraise the error. 200 raise e unless @unlock_account_key_value = account_lockouts_ds.get(account_lockouts_key_column) 201 202 after_account_lockout 203 show_lockout_page 204 else 205 after_account_lockout 206 e 207 end 208 end 209 end
invalid_previous_password_message
()
[show source]
# File lib/rodauth/features/change_password.rb 70 def invalid_previous_password_message 71 invalid_password_message 72 end
json_request?
()
[show source]
# File lib/rodauth/features/jwt.rb 104 def json_request? 105 return @json_request if defined?(@json_request) 106 @json_request = request.content_type =~ json_request_content_type_regexp 107 end
json_response
()
[show source]
# File lib/rodauth/features/jwt.rb 207 def json_response 208 @json_response ||= {} 209 end
jwt_cors_allow?
()
[show source]
# File lib/rodauth/features/jwt_cors.rb 15 def jwt_cors_allow? 16 if origin = request.env['HTTP_ORIGIN'] 17 case allowed = jwt_cors_allow_origin 18 when String 19 timing_safe_eql?(origin, allowed) 20 when Array 21 allowed.any?{|s| timing_safe_eql?(origin, s)} 22 when Regexp 23 allowed =~ origin 24 when true 25 true 26 else 27 false 28 end 29 end 30 end
jwt_payload
()
[show source]
# File lib/rodauth/features/jwt.rb 185 def jwt_payload 186 return @jwt_payload if defined?(@jwt_payload) 187 @jwt_payload = JWT.decode(jwt_token, jwt_secret, true, jwt_decode_opts.merge(:algorithm=>jwt_algorithm))[0] 188 rescue JWT::DecodeError 189 @jwt_payload = false 190 end
jwt_secret
()
[show source]
# File lib/rodauth/features/jwt.rb 109 def jwt_secret 110 raise ArgumentError, "jwt_secret not set" 111 end
jwt_session_hash
()
[show source]
# File lib/rodauth/features/jwt.rb 113 def jwt_session_hash 114 jwt_session_key ? {jwt_session_key=>session} : session 115 end
jwt_token
()
[show source]
# File lib/rodauth/features/jwt.rb 121 def jwt_token 122 return @jwt_token if defined?(@jwt_token) 123 124 if (v = request.env['HTTP_AUTHORIZATION']) && v !~ jwt_authorization_ignore 125 @jwt_token = v.sub(jwt_authorization_remove, '') 126 end 127 end
last_account_activity_at
()
[show source]
# File lib/rodauth/features/account_expiration.rb 27 def last_account_activity_at 28 get_activity_timestamp(session_value, account_activity_last_activity_column) 29 end
last_account_login_at
()
[show source]
# File lib/rodauth/features/account_expiration.rb 31 def last_account_login_at 32 get_activity_timestamp(session_value, account_activity_last_login_column) 33 end
load_memory
()
[show source]
# File lib/rodauth/features/remember.rb 86 def load_memory 87 return if session[session_key] 88 return unless cookie = request.cookies[remember_cookie_key] 89 id, key = cookie.split('_', 2) 90 return unless id && key 91 92 actual, deadline = active_remember_key_ds(id).get([remember_key_column, remember_deadline_column]) 93 unless actual 94 forget_login 95 return 96 end 97 98 if hmac_secret 99 unless valid = timing_safe_eql?(key, compute_hmac(actual)) 100 unless raw_remember_token_deadline && raw_remember_token_deadline > convert_timestamp(deadline) 101 forget_login 102 return 103 end 104 end 105 end 106 107 unless valid || timing_safe_eql?(key, actual) 108 forget_login 109 return 110 end 111 112 session[session_key] = id 113 account = account_from_session 114 session.delete(session_key) 115 116 unless account 117 remove_remember_key(id) 118 forget_login 119 return 120 end 121 122 before_load_memory 123 update_session 124 125 set_session_value(remembered_session_key, true) 126 if extend_remember_deadline? 127 active_remember_key_ds(id).update(remember_deadline_column=>Sequel.date_add(Sequel::CURRENT_TIMESTAMP, remember_period)) 128 remember_login 129 end 130 after_load_memory 131 end
loaded_templates
()
[show source]
# File lib/rodauth/features/base.rb 552 def loaded_templates 553 [] 554 end
locked_out?
()
[show source]
# File lib/rodauth/features/lockout.rb 146 def locked_out? 147 if t = convert_timestamp(account_lockouts_ds.get(account_lockouts_deadline_column)) 148 if Time.now < t 149 true 150 else 151 unlock_account 152 false 153 end 154 else 155 false 156 end 157 end
logged_in_via_remember_key?
()
[show source]
# File lib/rodauth/features/remember.rb 181 def logged_in_via_remember_key? 182 !!session[remembered_session_key] 183 end
login_confirm_label
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 36 def login_confirm_label 37 "Confirm #{login_label}" 38 end
login_does_not_meet_requirements_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 81 def login_does_not_meet_requirements_message 82 "invalid login#{", #{login_requirement_message}" if login_requirement_message}" 83 end
login_failed_reset_password_request_form
()
[show source]
# File lib/rodauth/features/reset_password.rb 243 def login_failed_reset_password_request_form 244 render("reset-password-request") 245 end
login_meets_email_requirements?
(login)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 105 def login_meets_email_requirements?(login) 106 return true unless require_email_address_logins? 107 if login =~ /\A[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+\z/ 108 return true 109 end 110 @login_requirement_message = 'not a valid email address' 111 return false 112 end
login_meets_length_requirements?
(login)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 93 def login_meets_length_requirements?(login) 94 if login_minimum_length > login.length 95 @login_requirement_message = login_too_short_message 96 false 97 elsif login_maximum_length < login.length 98 @login_requirement_message = login_too_long_message 99 false 100 else 101 true 102 end 103 end
login_meets_requirements?
(login)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 44 def login_meets_requirements?(login) 45 login_meets_length_requirements?(login) && \ 46 login_meets_email_requirements?(login) 47 end
login_required
()
[show source]
# File lib/rodauth/features/base.rb 248 def login_required 249 set_redirect_error_status(login_required_error_status) 250 set_redirect_error_flash require_login_error_flash 251 redirect require_login_redirect 252 end
login_too_long_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 85 def login_too_long_message 86 "maximum #{login_maximum_length} characters" 87 end
login_too_short_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 89 def login_too_short_message 90 "minimum #{login_minimum_length} characters" 91 end
modifications_require_password?
()
[show source]
# File lib/rodauth/features/password_grace_period.rb 8 def modifications_require_password? 9 return false unless super 10 !password_recently_entered? 11 end
new_account
(login)
[show source]
# File lib/rodauth/features/create_account.rb 103 def new_account(login) 104 @account = _new_account(login) 105 end
new_recovery_code
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 226 def new_recovery_code 227 random_key 228 end
no_longer_active_session
()
[show source]
# File lib/rodauth/features/single_session.rb 56 def no_longer_active_session 57 clear_session 58 set_redirect_error_flash single_session_error_flash 59 redirect single_session_redirect 60 end
only_json?
()
[show source]
# File lib/rodauth/features/base.rb 330 def only_json? 331 scope.class.opts[:rodauth_json] == :only 332 end
open_account?
()
[show source]
# File lib/rodauth/features/base.rb 217 def open_account? 218 skip_status_checks? || account[account_status_column] == account_open_status_value 219 end
otp_add_key
()
[show source]
# File lib/rodauth/features/otp.rb 289 def otp_add_key 290 _otp_add_key(otp_key) 291 super if defined?(super) 292 end
otp_exists?
()
[show source]
# File lib/rodauth/features/otp.rb 264 def otp_exists? 265 !otp_key.nil? 266 end
otp_hmac_secret
(key)
[show source]
# File lib/rodauth/features/otp.rb 351 def otp_hmac_secret(key) 352 base32_encode(compute_raw_hmac(ROTP::Base32.decode(key)), key.bytesize) 353 end
otp_issuer
()
[show source]
# File lib/rodauth/features/otp.rb 316 def otp_issuer 317 request.host 318 end
otp_key_ds
()
[show source]
# File lib/rodauth/features/otp.rb 410 def otp_key_ds 411 db[otp_keys_table].where(otp_keys_id_column=>session_value) 412 end
otp_keys_use_hmac?
()
[show source]
# File lib/rodauth/features/otp.rb 336 def otp_keys_use_hmac? 337 !!hmac_secret 338 end
otp_locked_out?
()
[show source]
# File lib/rodauth/features/otp.rb 308 def otp_locked_out? 309 otp_key_ds.get(otp_keys_failures_column) >= otp_auth_failures_limit 310 end
otp_lockout_error_flash
()
[show source]
# File lib/rodauth/features/otp.rb 252 def otp_lockout_error_flash 253 "Authentication code use locked out due to numerous failures.#{super if defined?(super)}" 254 end
otp_lockout_redirect
()
[show source]
# File lib/rodauth/features/otp.rb 247 def otp_lockout_redirect 248 return super if defined?(super) 249 nil 250 end
otp_new_secret
()
:nocov:
[show source]
# File lib/rodauth/features/otp.rb 366 def otp_new_secret 367 ROTP::Base32.random_base32.downcase 368 end
otp_provisioning_name
()
[show source]
# File lib/rodauth/features/otp.rb 320 def otp_provisioning_name 321 account[login_column] 322 end
otp_provisioning_uri
()
[show source]
# File lib/rodauth/features/otp.rb 312 def otp_provisioning_uri 313 otp.provisioning_uri(otp_provisioning_name) 314 end
otp_qr_code
()
[show source]
# File lib/rodauth/features/otp.rb 324 def otp_qr_code 325 RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8) 326 end
otp_record_authentication_failure
()
[show source]
# File lib/rodauth/features/otp.rb 300 def otp_record_authentication_failure 301 otp_key_ds.update(otp_keys_failures_column=>Sequel.identifier(otp_keys_failures_column) + 1) 302 end
otp_remove
()
[show source]
# File lib/rodauth/features/otp.rb 284 def otp_remove 285 otp_key_ds.delete 286 super if defined?(super) 287 end
otp_remove_auth_failures
()
[show source]
# File lib/rodauth/features/otp.rb 304 def otp_remove_auth_failures 305 otp_key_ds.update(otp_keys_failures_column=>0) 306 end
otp_tmp_key
(secret)
[show source]
# File lib/rodauth/features/otp.rb 346 def otp_tmp_key(secret) 347 _otp_tmp_key(secret) 348 clear_cached_otp 349 end
otp_update_last_use
()
[show source]
# File lib/rodauth/features/otp.rb 294 def otp_update_last_use 295 otp_key_ds. 296 where(Sequel.date_add(otp_keys_last_use_column, :seconds=>(otp_interval||30)) < Sequel::CURRENT_TIMESTAMP). 297 update(otp_keys_last_use_column=>Sequel::CURRENT_TIMESTAMP) == 1 298 end
otp_user_key
()
[show source]
# File lib/rodauth/features/otp.rb 328 def otp_user_key 329 @otp_user_key ||= if otp_keys_use_hmac? 330 otp_hmac_secret(otp_key) 331 else 332 otp_key 333 end 334 end
otp_valid_code?
(ot_pass)
[show source]
# File lib/rodauth/features/otp.rb 268 def otp_valid_code?(ot_pass) 269 return false unless otp_exists? 270 ot_pass = ot_pass.gsub(/\s+/, '') 271 if drift = otp_drift 272 if otp.respond_to?(:verify_with_drift) 273 otp.verify_with_drift(ot_pass, drift) 274 else 275 # :nocov: 276 otp.verify(ot_pass, :drift_behind=>drift, :drift_ahead=>drift) 277 # :nocov: 278 end 279 else 280 otp.verify(ot_pass) 281 end 282 end
otp_valid_key?
(secret)
[show source]
# File lib/rodauth/features/otp.rb 355 def otp_valid_key?(secret) 356 return false unless secret =~ /\A([a-z2-7]{16}|[a-z2-7]{32})\z/ 357 if otp_keys_use_hmac? 358 timing_safe_eql?(otp_hmac_secret(param(otp_setup_raw_param)), secret) 359 else 360 true 361 end 362 end
param
(key)
Return a string for the parameter name. This will be an empty string if the parameter doesn't exist.
[show source]
# File lib/rodauth/features/base.rb 361 def param(key) 362 param_or_nil(key).to_s 363 end
param_or_nil
(key)
Return a string for the parameter name, or nil if there is no parameter with that name.
[show source]
# File lib/rodauth/features/base.rb 367 def param_or_nil(key) 368 value = request.params[key] 369 value.to_s unless value.nil? 370 end
password_changed_email_body
()
[show source]
# File lib/rodauth/features/change_password_notify.rb 27 def password_changed_email_body 28 render('password-changed-email') 29 end
password_confirm_label
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 40 def password_confirm_label 41 "Confirm #{password_label}" 42 end
password_does_not_contain_null_byte?
(password)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 120 def password_does_not_contain_null_byte?(password) 121 return true unless password.include?("\0") 122 @password_requirement_message = 'contains null byte' 123 false 124 end
password_does_not_meet_requirements_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 73 def password_does_not_meet_requirements_message 74 "invalid password, does not meet requirements#{" (#{password_requirement_message})" if password_requirement_message}" 75 end
password_doesnt_match_previous_password?
(password)
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 47 def password_doesnt_match_previous_password?(password) 48 match = if use_database_authentication_functions? 49 salts = previous_password_ds. 50 select_map([previous_password_id_column, Sequel.function(function_name(:rodauth_get_previous_salt), previous_password_id_column).as(:salt)]) 51 return true if salts.empty? 52 53 salts.any? do |hash_id, salt| 54 db.get(Sequel.function(function_name(:rodauth_previous_password_hash_match), hash_id, BCrypt::Engine.hash_secret(password, salt))) 55 end 56 else 57 # :nocov: 58 previous_password_ds.select_map(previous_password_hash_column).any?{|hash| BCrypt::Password.new(hash) == password} 59 # :nocov: 60 end 61 62 return true unless match 63 @password_requirement_message = password_same_as_previous_password_message 64 false 65 end
password_expiration_ds
()
[show source]
# File lib/rodauth/features/password_expiration.rb 107 def password_expiration_ds 108 db[password_expiration_table].where(password_expiration_id_column=>account_id) 109 end
password_expired?
()
[show source]
# File lib/rodauth/features/password_expiration.rb 68 def password_expired? 69 if password_changed_at = session[password_changed_at_session_key] 70 return password_changed_at + require_password_change_after < Time.now.to_i 71 end 72 73 account_from_session 74 if password_changed_at = get_password_changed_at 75 set_session_value(password_changed_at_session_key, password_changed_at.to_i) 76 password_changed_at + require_password_change_after < Time.now 77 else 78 set_session_value(password_changed_at_session_key, password_expiration_default ? 0 : 2147483647) 79 password_expiration_default 80 end 81 end
password_has_enough_character_groups?
(password)
[show source]
# File lib/rodauth/features/password_complexity.rb 55 def password_has_enough_character_groups?(password) 56 return true if password.length > password_max_length_for_groups_check 57 return true if password_character_groups.select{|re| password =~ re}.length >= password_min_groups 58 @password_requirement_message = password_not_enough_character_groups_message 59 false 60 end
password_has_no_invalid_pattern?
(password)
[show source]
# File lib/rodauth/features/password_complexity.rb 62 def password_has_no_invalid_pattern?(password) 63 return true unless password_invalid_pattern 64 return true if password !~ password_invalid_pattern 65 @password_requirement_message = password_invalid_pattern_message 66 false 67 end
password_hash
(password)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 138 def password_hash(password) 139 BCrypt::Password.create(password, :cost=>password_hash_cost) 140 end
password_hash_cost
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 127 def password_hash_cost 128 BCrypt::Engine::MIN_COST 129 end
password_hash_ds
()
[show source]
# File lib/rodauth/features/base.rb 542 def password_hash_ds 543 db[password_hash_table].where(password_hash_id_column=>account_id) 544 end
password_match?
(password)
[show source]
# File lib/rodauth/features/base.rb 344 def password_match?(password) 345 if hash = get_password_hash 346 if account_password_hash_column || !use_database_authentication_functions? 347 BCrypt::Password.new(hash) == password 348 else 349 db.get(Sequel.function(function_name(:rodauth_valid_password_hash), account_id, BCrypt::Engine.hash_secret(password, hash))) 350 end 351 end 352 end
password_meets_length_requirements?
(password)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 114 def password_meets_length_requirements?(password) 115 return true if password_minimum_length <= password.length 116 @password_requirement_message = password_too_short_message 117 false 118 end
password_meets_requirements?
(password)
[show source]
# File lib/rodauth/features/disallow_common_passwords.rb 13 def password_meets_requirements?(password) 14 super && password_not_one_of_the_most_common?(password) 15 end
password_not_in_dictionary?
(password)
[show source]
# File lib/rodauth/features/password_complexity.rb 80 def password_not_in_dictionary?(password) 81 return true unless dict = password_dictionary 82 return true unless password =~ /\A(?:\d*)([A-Za-z!@$+|][A-Za-z!@$+|0134578]+[A-Za-z!@$+|])(?:\d*)\z/ 83 word = $1.downcase.tr('!@$+|0134578', 'iastloleastb') 84 return true if !dict.include?(word) 85 @password_requirement_message = password_in_dictionary_message 86 false 87 end
password_not_one_of_the_most_common?
(password)
[show source]
# File lib/rodauth/features/disallow_common_passwords.rb 33 def password_not_one_of_the_most_common?(password) 34 return true unless password_one_of_most_common?(password) 35 @password_requirement_message = password_is_one_of_the_most_common_message 36 false 37 end
password_not_too_many_repeating_characters?
(password)
[show source]
# File lib/rodauth/features/password_complexity.rb 69 def password_not_too_many_repeating_characters?(password) 70 return true if password_max_repeating_characters < 2 71 return true if password !~ /(.)(\1){#{password_max_repeating_characters-1}}/ 72 @password_requirement_message = password_too_many_repeating_characters_message 73 false 74 end
password_one_of_most_common?
(password)
[show source]
# File lib/rodauth/features/disallow_common_passwords.rb 27 def password_one_of_most_common?(password) 28 most_common_passwords.include?(password) 29 end
password_recently_entered?
()
[show source]
# File lib/rodauth/features/password_grace_period.rb 37 def password_recently_entered? 38 return false unless last_password_entry = session[last_password_entry_session_key] 39 last_password_entry + password_grace_period > Time.now.to_i 40 end
password_reset_ds
(id=account_id)
[show source]
# File lib/rodauth/features/reset_password.rb 261 def password_reset_ds(id=account_id) 262 db[reset_password_table].where(reset_password_id_column=>id) 263 end
password_too_many_repeating_characters_message
()
[show source]
# File lib/rodauth/features/password_complexity.rb 76 def password_too_many_repeating_characters_message 77 "contains #{password_max_repeating_characters} or more of the same character in a row" 78 end
password_too_short_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 77 def password_too_short_message 78 "minimum #{password_minimum_length} characters" 79 end
post_configure
()
[show source]
# File lib/rodauth/features/base.rb 334 def post_configure 335 require 'bcrypt' if require_bcrypt? 336 db.extension :date_arithmetic if use_date_arithmetic? 337 route_hash= {} 338 self.class.routes.each do |meth| 339 route_hash["/#{send("#{meth.to_s.sub(/\Ahandle_/, '')}_route")}"] = meth 340 end 341 self.class.route_hash = route_hash.freeze 342 end
previous_password_ds
()
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 79 def previous_password_ds 80 db[previous_password_hash_table].where(previous_password_account_id_column=>account_id) 81 end
raises_uniqueness_violation?
(&block)
In cases where retrying on uniqueness violations cannot work, this will detect whether a uniqueness violation is raised by the block and return the exception if so. This method should be used if you don't care about the exception itself.
[show source]
# File lib/rodauth/features/base.rb 571 def raises_uniqueness_violation?(&block) 572 transaction(:savepoint=>:only, &block) 573 false 574 rescue unique_constraint_violation_class => e 575 e 576 end
random_key
()
[show source]
# File lib/rodauth/features/base.rb 395 def random_key 396 SecureRandom.urlsafe_base64(32) 397 end
recovery_code_match?
(code)
[show source]
# File lib/rodauth/features/recovery_codes.rb 188 def recovery_code_match?(code) 189 recovery_codes.each do |s| 190 if timing_safe_eql?(code, s) 191 recovery_codes_ds.where(recovery_codes_column=>code).delete 192 if recovery_codes_primary? 193 add_recovery_code 194 end 195 return true 196 end 197 end 198 false 199 end
recovery_codes_ds
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 238 def recovery_codes_ds 239 db[recovery_codes_table].where(recovery_codes_id_column=>session_value) 240 end
recovery_codes_primary?
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 230 def recovery_codes_primary? 231 (features & [:otp, :sms_codes]).empty? 232 end
recovery_codes_remove
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 184 def recovery_codes_remove 185 recovery_codes_ds.delete 186 end
redirect
(path)
[show source]
# File lib/rodauth/features/base.rb 386 def redirect(path) 387 request.redirect(path) 388 end
remember_key_ds
(id=account_id)
[show source]
# File lib/rodauth/features/remember.rb 212 def remember_key_ds(id=account_id) 213 db[remember_table].where(remember_id_column=>id) 214 end
remember_login
()
[show source]
# File lib/rodauth/features/remember.rb 133 def remember_login 134 get_remember_key 135 opts = Hash[remember_cookie_options] 136 key = remember_key_value 137 key = compute_hmac(key) if hmac_secret 138 opts[:value] = "#{account_id}_#{key}" 139 opts[:expires] = convert_timestamp(active_remember_key_ds.get(remember_deadline_column)) 140 ::Rack::Utils.set_cookie_header!(response.headers, remember_cookie_key, opts) 141 end
remove_email_auth_key
()
[show source]
# File lib/rodauth/features/email_auth.rb 129 def remove_email_auth_key 130 email_auth_ds.delete 131 end
remove_lockout_metadata
()
[show source]
# File lib/rodauth/features/lockout.rb 270 def remove_lockout_metadata 271 account_login_failures_ds.delete 272 account_lockouts_ds.delete 273 end
remove_remember_key
(id=account_id)
[show source]
# File lib/rodauth/features/remember.rb 173 def remove_remember_key(id=account_id) 174 remember_key_ds(id).delete 175 end
remove_reset_password_key
()
[show source]
# File lib/rodauth/features/reset_password.rb 173 def remove_reset_password_key 174 password_reset_ds.delete 175 end
remove_verify_account_key
()
[show source]
# File lib/rodauth/features/verify_account.rb 165 def remove_verify_account_key 166 verify_account_ds.delete 167 end
remove_verify_login_change_key
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 104 def remove_verify_login_change_key 105 verify_login_change_ds.delete 106 end
render
(page)
[show source]
# File lib/rodauth/features/base.rb 326 def render(page) 327 _view(:render, page) 328 end
request
()
[show source]
# File lib/rodauth/features/base.rb 125 def request 126 scope.request 127 end
require_account
()
[show source]
# File lib/rodauth/features/base.rb 417 def require_account 418 require_authentication 419 require_account_session 420 end
require_account_session
()
[show source]
# File lib/rodauth/features/base.rb 422 def require_account_session 423 unless account_from_session 424 clear_session 425 login_required 426 end 427 end
require_authentication
()
[show source]
# File lib/rodauth/features/base.rb 284 def require_authentication 285 require_login 286 end
require_current_password
()
[show source]
# File lib/rodauth/features/password_expiration.rb 61 def require_current_password 62 if authenticated? && password_expired? && password_change_needed_redirect != request.path_info 63 set_redirect_error_flash password_expiration_error_flash 64 redirect password_change_needed_redirect 65 end 66 end
require_login
()
[show source]
# File lib/rodauth/features/base.rb 276 def require_login 277 login_required unless logged_in? 278 end
require_otp_setup
()
[show source]
# File lib/rodauth/features/otp.rb 256 def require_otp_setup 257 unless otp_exists? 258 set_redirect_error_status(two_factor_not_setup_error_status) 259 set_redirect_error_flash two_factor_not_setup_error_flash 260 redirect two_factor_need_setup_redirect 261 end 262 end
require_sms_available
()
[show source]
# File lib/rodauth/features/sms_codes.rb 356 def require_sms_available 357 require_sms_setup 358 359 if sms_locked_out? 360 set_redirect_error_status(lockout_error_status) 361 set_redirect_error_flash sms_lockout_error_flash 362 redirect sms_lockout_redirect 363 end 364 end
require_sms_not_setup
()
[show source]
# File lib/rodauth/features/sms_codes.rb 348 def require_sms_not_setup 349 if sms_setup? 350 set_redirect_error_status(sms_already_setup_error_status) 351 set_redirect_error_flash sms_already_setup_error_flash 352 redirect sms_already_setup_redirect 353 end 354 end
require_sms_setup
()
[show source]
# File lib/rodauth/features/sms_codes.rb 340 def require_sms_setup 341 unless sms_setup? 342 set_redirect_error_status(two_factor_not_setup_error_status) 343 set_redirect_error_flash sms_not_setup_error_flash 344 redirect sms_needs_setup_redirect 345 end 346 end
require_two_factor_authenticated
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 78 def require_two_factor_authenticated 79 unless two_factor_authenticated? 80 set_redirect_error_status(two_factor_need_authentication_error_status) 81 set_redirect_error_flash two_factor_need_authentication_error_flash 82 redirect _two_factor_auth_required_redirect 83 end 84 end
require_two_factor_not_authenticated
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 70 def require_two_factor_not_authenticated 71 if two_factor_authenticated? 72 set_redirect_error_status(two_factor_already_authenticated_error_status) 73 set_redirect_error_flash two_factor_already_authenticated_error_flash 74 redirect two_factor_already_authenticated_redirect 75 end 76 end
require_two_factor_setup
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 59 def require_two_factor_setup 60 # Avoid database query if already authenticated via 2nd factor 61 return if two_factor_authenticated? 62 63 return if uses_two_factor_authentication? 64 65 set_redirect_error_status(two_factor_not_setup_error_status) 66 set_redirect_error_flash two_factor_not_setup_error_flash 67 redirect two_factor_need_setup_redirect 68 end
reset_password_email_body
()
[show source]
# File lib/rodauth/features/reset_password.rb 247 def reset_password_email_body 248 render('reset-password-email') 249 end
reset_password_email_link
()
[show source]
# File lib/rodauth/features/reset_password.rb 185 def reset_password_email_link 186 token_link(reset_password_route, reset_password_key_param, reset_password_key_value) 187 end
reset_password_email_recently_sent?
()
[show source]
# File lib/rodauth/features/reset_password.rb 217 def reset_password_email_recently_sent? 218 (email_last_sent = get_reset_password_email_last_sent) && (Time.now - email_last_sent < reset_password_skip_resend_email_within) 219 end
reset_password_key_insert_hash
()
[show source]
# File lib/rodauth/features/reset_password.rb 255 def reset_password_key_insert_hash 256 hash = {reset_password_id_column=>account_id, reset_password_key_column=>reset_password_key_value} 257 set_deadline_value(hash, reset_password_deadline_column, reset_password_deadline_interval) 258 hash 259 end
reset_password_request_link
()
[show source]
# File lib/rodauth/features/reset_password.rb 199 def reset_password_request_link 200 "<p><a href=\"#{prefix}/#{reset_password_request_route}\">Forgot Password?</a></p>" 201 end
reset_single_session_key
()
[show source]
# File lib/rodauth/features/single_session.rb 21 def reset_single_session_key 22 if logged_in? 23 single_session_ds.update(single_session_key_column=>random_key) 24 end 25 end
response
()
[show source]
# File lib/rodauth/features/base.rb 129 def response 130 scope.response 131 end
retry_on_uniqueness_violation
(&block)
This is used to avoid race conditions when using the pattern of inserting when an update affects no rows. In such cases, if a row is inserted between the update and the insert, the insert will fail with a uniqueness error, but retrying will work. It is possible for it to fail again, but only if the row is deleted before the update and readded before the insert, which is very unlikely to happen. In such cases, raising an exception is acceptable.
[show source]
# File lib/rodauth/features/base.rb 562 def retry_on_uniqueness_violation(&block) 563 if raises_uniqueness_violation?(&block) 564 yield 565 end 566 end
return_json_response
()
[show source]
# File lib/rodauth/features/jwt.rb 221 def return_json_response 222 response.status ||= json_response_error_status if json_response[json_response_error_key] 223 set_jwt 224 response['Content-Type'] ||= json_response_content_type 225 response.write(_json_response_body(json_response)) 226 request.halt 227 end
route!
()
[show source]
# File lib/rodauth/features/base.rb 141 def route! 142 if meth = self.class.route_hash[request.remaining_path] 143 send(meth) 144 end 145 146 nil 147 end
save_account
()
[show source]
# File lib/rodauth/features/create_account.rb 107 def save_account 108 id = nil 109 raised = raises_uniqueness_violation?{id = db[accounts_table].insert(account)} 110 111 if raised 112 @login_requirement_message = already_an_account_with_this_login_message 113 end 114 115 if id 116 account[account_id_column] = id 117 end 118 119 id && !raised 120 end
send_email_auth_email
()
[show source]
# File lib/rodauth/features/email_auth.rb 137 def send_email_auth_email 138 create_email_auth_email.deliver! 139 end
send_password_changed_email
()
[show source]
# File lib/rodauth/features/change_password_notify.rb 19 def send_password_changed_email 20 create_password_changed_email.deliver! 21 end
send_reset_password_email
()
[show source]
# File lib/rodauth/features/reset_password.rb 181 def send_reset_password_email 182 create_reset_password_email.deliver! 183 end
send_unlock_account_email
()
[show source]
# File lib/rodauth/features/lockout.rb 219 def send_unlock_account_email 220 @unlock_account_key_value = get_unlock_account_key 221 create_unlock_account_email.deliver! 222 end
send_verify_account_email
()
[show source]
# File lib/rodauth/features/verify_account.rb 203 def send_verify_account_email 204 create_verify_account_email.deliver! 205 end
send_verify_login_change_email
(login)
[show source]
# File lib/rodauth/features/verify_login_change.rb 120 def send_verify_login_change_email(login) 121 create_verify_login_change_email(login).deliver! 122 end
session
()
[show source]
# File lib/rodauth/features/base.rb 133 def session 134 scope.session 135 end
session_expiration_redirect
()
[show source]
# File lib/rodauth/features/session_expiration.rb 44 def session_expiration_redirect 45 require_login_redirect 46 end
session_jwt
()
[show source]
# File lib/rodauth/features/jwt.rb 117 def session_jwt 118 JWT.encode(jwt_session_hash, jwt_secret, jwt_algorithm) 119 end
session_value
()
[show source]
# File lib/rodauth/features/base.rb 208 def session_value 209 session[session_key] 210 end
set_deadline_value
(hash, column, interval)
This is needed on MySQL, which doesn't support non constant defaults other than CURRENT_TIMESTAMP.
[show source]
# File lib/rodauth/features/base.rb 598 def set_deadline_value(hash, column, interval) 599 if set_deadline_values? 600 # :nocov: 601 hash[column] = Sequel.date_add(Sequel::CURRENT_TIMESTAMP, interval) 602 # :nocov: 603 end 604 end
set_deadline_values?
()
[show source]
# File lib/rodauth/features/base.rb 455 def set_deadline_values? 456 db.database_type == :mysql 457 end
set_email_auth_email_last_sent
()
[show source]
# File lib/rodauth/features/email_auth.rb 117 def set_email_auth_email_last_sent 118 email_auth_ds.update(email_auth_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if email_auth_email_last_sent_column 119 end
set_error_flash
(message)
[show source]
# File lib/rodauth/features/base.rb 260 def set_error_flash(message) 261 flash.now[flash_error_key] = message 262 end
set_expired
()
[show source]
# File lib/rodauth/features/account_expiration.rb 49 def set_expired 50 update_activity(account_id, account_activity_expired_column) 51 after_account_expiration 52 end
set_field_error
(field, error)
[show source]
# File lib/rodauth/features/base.rb 149 def set_field_error(field, error) 150 (@field_errors ||= {})[field] = error 151 end
set_http_basic_auth_error_response
()
[show source]
# File lib/rodauth/features/http_basic_auth.rb 54 def set_http_basic_auth_error_response 55 response.status = 401 56 response.headers["WWW-Authenticate"] = "Basic realm=\"#{http_basic_auth_realm}\"" 57 end
set_jwt
()
[show source]
# File lib/rodauth/features/jwt.rb 229 def set_jwt 230 set_jwt_token(session_jwt) 231 end
set_jwt_token
(token)
[show source]
# File lib/rodauth/features/jwt.rb 129 def set_jwt_token(token) 130 response.headers['Authorization'] = token 131 end
set_last_password_entry
()
[show source]
# File lib/rodauth/features/password_grace_period.rb 42 def set_last_password_entry 43 session[last_password_entry_session_key] = Time.now.to_i 44 end
set_new_account_password
(password)
[show source]
# File lib/rodauth/features/create_account.rb 99 def set_new_account_password(password) 100 account[account_password_hash_column] = password_hash(password) 101 end
set_notice_flash
(message)
[show source]
# File lib/rodauth/features/base.rb 268 def set_notice_flash(message) 269 flash[flash_notice_key] = message 270 end
set_notice_now_flash
(message)
[show source]
# File lib/rodauth/features/base.rb 272 def set_notice_now_flash(message) 273 flash.now[flash_notice_key] = message 274 end
set_password
(password)
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 19 def set_password(password) 20 hash = super 21 add_previous_password_hash(hash) 22 hash 23 end
set_redirect_error_flash
(message)
[show source]
# File lib/rodauth/features/base.rb 264 def set_redirect_error_flash(message) 265 flash[flash_error_key] = message 266 end
set_redirect_error_status
(status)
Don't set an error status when redirecting in an error case, as a redirect status is needed.
[show source]
# File lib/rodauth/features/base.rb 434 def set_redirect_error_status(status) 435 end
set_reset_password_email_last_sent
()
[show source]
# File lib/rodauth/features/reset_password.rb 203 def set_reset_password_email_last_sent 204 password_reset_ds.update(reset_password_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if reset_password_email_last_sent_column 205 end
set_response_error_status
(status)
[show source]
# File lib/rodauth/features/base.rb 437 def set_response_error_status(status) 438 response.status = status 439 end
set_session_value
(key, value)
[show source]
# File lib/rodauth/features/base.rb 606 def set_session_value(key, value) 607 session[key] = value 608 end
set_single_session_key
(data)
[show source]
# File lib/rodauth/features/single_session.rb 85 def set_single_session_key(data) 86 data = compute_hmac(data) if hmac_secret 87 set_session_value(single_session_session_key, data) 88 end
set_title
(title)
[show source]
# File lib/rodauth/features/base.rb 254 def set_title(title) 255 if title_instance_variable 256 scope.instance_variable_set(title_instance_variable, title) 257 end 258 end
set_unlock_account_email_last_sent
()
[show source]
# File lib/rodauth/features/lockout.rb 236 def set_unlock_account_email_last_sent 237 account_lockouts_ds.update(account_lockouts_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if account_lockouts_email_last_sent_column 238 end
set_verify_account_email_last_sent
()
[show source]
# File lib/rodauth/features/verify_account.rb 236 def set_verify_account_email_last_sent 237 verify_account_ds.update(verify_account_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if verify_account_email_last_sent_column 238 end
setup_account_verification
()
[show source]
# File lib/rodauth/features/verify_account.rb 271 def setup_account_verification 272 generate_verify_account_key_value 273 create_verify_account_key 274 send_verify_account_email 275 end
show_lockout_page
()
[show source]
# File lib/rodauth/features/lockout.rb 275 def show_lockout_page 276 set_response_error_status lockout_error_status 277 set_error_flash login_lockout_error_flash 278 response.write unlock_account_request_view 279 request.halt 280 end
single_session_ds
()
[show source]
# File lib/rodauth/features/single_session.rb 95 def single_session_ds 96 db[single_session_table]. 97 where(single_session_id_column=>session_value) 98 end
skip_login_field_on_login?
()
[show source]
# File lib/rodauth/features/login.rb 70 def skip_login_field_on_login? 71 return false unless use_multi_phase_login? 72 @valid_login_entered 73 end
skip_password_field_on_login?
()
[show source]
# File lib/rodauth/features/login.rb 75 def skip_password_field_on_login? 76 return false unless use_multi_phase_login? 77 @valid_login_entered != true 78 end
skip_status_checks?
()
[show source]
# File lib/rodauth/features/close_account.rb 80 def skip_status_checks? 81 false 82 end
sms_auth_message
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 417 def sms_auth_message(code) 418 "SMS authentication code for #{request.host} is #{code}" 419 end
sms_available?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 459 def sms_available? 460 sms && !sms_needs_confirmation? && !sms_locked_out? 461 end
sms_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 438 def sms_code 439 sms[sms_code_column] 440 end
sms_code_issued_at
()
[show source]
# File lib/rodauth/features/sms_codes.rb 442 def sms_code_issued_at 443 convert_timestamp(sms[sms_issued_at_column]) 444 end
sms_code_match?
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 366 def sms_code_match?(code) 367 return false unless sms_current_auth? 368 timing_safe_eql?(code, sms_code) 369 end
sms_codes_primary?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 473 def sms_codes_primary? 474 !features.include?(:otp) 475 end
sms_confirm
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 165 def sms_confirm 166 super if defined?(super) 167 add_recovery_codes(recovery_codes_limit - recovery_codes.length) 168 end
sms_confirm_failure
()
[show source]
# File lib/rodauth/features/sms_codes.rb 381 def sms_confirm_failure 382 sms_ds.delete 383 end
sms_confirm_message
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 421 def sms_confirm_message(code) 422 "SMS confirmation code for #{request.host} is #{code}" 423 end
sms_confirmation_match?
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 371 def sms_confirmation_match?(code) 372 sms_needs_confirmation? && sms_code_match?(code) 373 end
sms_current_auth?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 467 def sms_current_auth? 468 sms_code && sms_code_issued_at + sms_code_allowed_seconds > Time.now 469 end
sms_disable
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 177 def sms_disable 178 super if defined?(super) 179 unless recovery_codes_primary? 180 recovery_codes_remove 181 end 182 end
sms_ds
()
[show source]
# File lib/rodauth/features/sms_codes.rb 501 def sms_ds 502 db[sms_codes_table].where(sms_id_column=>session_value) 503 end
sms_failures
()
[show source]
# File lib/rodauth/features/sms_codes.rb 446 def sms_failures 447 sms[sms_failures_column] 448 end
sms_locked_out?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 463 def sms_locked_out? 464 sms_failures >= sms_failure_limit 465 end
sms_needs_confirmation?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 455 def sms_needs_confirmation? 456 sms && sms_failures.nil? 457 end
sms_new_auth_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 481 def sms_new_auth_code 482 SecureRandom.random_number(10**sms_auth_code_length).to_s.rjust(sms_auth_code_length, "0") 483 end
sms_new_confirm_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 485 def sms_new_confirm_code 486 SecureRandom.random_number(10**sms_confirm_code_length).to_s.rjust(sms_confirm_code_length, "0") 487 end
sms_normalize_phone
(phone)
[show source]
# File lib/rodauth/features/sms_codes.rb 477 def sms_normalize_phone(phone) 478 phone.to_s.gsub(/\D+/, '') 479 end
sms_phone
()
[show source]
# File lib/rodauth/features/sms_codes.rb 434 def sms_phone 435 sms[sms_phone_column] 436 end
sms_record_failure
()
[show source]
# File lib/rodauth/features/sms_codes.rb 429 def sms_record_failure 430 update_sms(sms_failures_column=>Sequel.expr(sms_failures_column)+1) 431 sms[sms_failures_column] = sms_ds.get(sms_failures_column) 432 end
sms_remove_failures
()
[show source]
# File lib/rodauth/features/sms_codes.rb 392 def sms_remove_failures 393 update_sms(sms_failures_column => 0, sms_code_column => nil) 394 end
sms_send
(phone, message)
[show source]
# File lib/rodauth/features/sms_codes.rb 489 def sms_send(phone, message) 490 raise NotImplementedError, "sms_send needs to be defined in the Rodauth configuration for SMS sending to work" 491 end
sms_send_auth_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 401 def sms_send_auth_code 402 code = sms_new_auth_code 403 sms_set_code(code) 404 sms_send(sms_phone, sms_auth_message(code)) 405 end
sms_send_confirm_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 407 def sms_send_confirm_code 408 code = sms_new_confirm_code 409 sms_set_code(code) 410 sms_send(sms_phone, sms_confirm_message(code)) 411 end
sms_set_code
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 425 def sms_set_code(code) 426 update_sms(sms_code_column=>code, sms_issued_at_column=>Sequel::CURRENT_TIMESTAMP) 427 end
sms_setup
(phone_number)
[show source]
# File lib/rodauth/features/sms_codes.rb 385 def sms_setup(phone_number) 386 # Cannot handle uniqueness violation here, as the phone number given may not match the 387 # one in the table. 388 sms_ds.insert(sms_id_column=>session_value, sms_phone_column=>phone_number) 389 remove_instance_variable(:@sms) if instance_variable_defined?(:@sms) 390 end
sms_setup?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 450 def sms_setup? 451 return false unless sms 452 !sms_needs_confirmation? 453 end
sms_valid_phone?
(phone)
[show source]
# File lib/rodauth/features/sms_codes.rb 413 def sms_valid_phone?(phone) 414 phone.length >= sms_phone_min_length 415 end
split_token
(token)
[show source]
# File lib/rodauth/features/base.rb 382 def split_token(token) 383 token.split(token_separator, 2) 384 end
template_path
(page)
[show source]
# File lib/rodauth/features/base.rb 531 def template_path(page) 532 File.join(File.dirname(__FILE__), '../../../templates', "#{page}.str") 533 end
throw_basic_auth_error
(*args)
[show source]
# File lib/rodauth/features/http_basic_auth.rb 59 def throw_basic_auth_error(*args) 60 set_http_basic_auth_error_response 61 throw_error(*args) 62 end
throw_error
(field, error)
[show source]
# File lib/rodauth/features/base.rb 441 def throw_error(field, error) 442 set_field_error(field, error) 443 throw :rodauth_error 444 end
throw_error_status
(status, field, error)
[show source]
# File lib/rodauth/features/base.rb 446 def throw_error_status(status, field, error) 447 set_response_error_status(status) 448 throw_error(field, error) 449 end
timing_safe_eql?
(provided, actual)
[show source]
# File lib/rodauth/features/base.rb 412 def timing_safe_eql?(provided, actual) 413 provided = provided.to_s 414 Rack::Utils.secure_compare(provided.ljust(actual.length), actual) && provided.length == actual.length 415 end
token_link
(route, param, key)
[show source]
# File lib/rodauth/features/email_base.rb 48 def token_link(route, param, key) 49 "#{request.base_url}#{prefix}/#{route}?#{param}=#{account_id}#{token_separator}#{convert_email_token_key(key)}" 50 end
transaction
(opts={}, &block)
[show source]
# File lib/rodauth/features/base.rb 390 def transaction(opts={}, &block) 391 db.transaction(opts, &block) 392 end
two_factor_auth_fallback_redirect
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 135 def two_factor_auth_fallback_redirect 136 recovery_auth_redirect 137 end
two_factor_auth_required_redirect
()
[show source]
# File lib/rodauth/features/otp.rb 229 def two_factor_auth_required_redirect 230 "#{prefix}/#{otp_auth_route}" 231 end
two_factor_authenticate
(type)
[show source]
# File lib/rodauth/features/two_factor_base.rb 127 def two_factor_authenticate(type) 128 two_factor_update_session(type) 129 two_factor_remove_auth_failures 130 after_two_factor_authentication 131 set_notice_flash two_factor_auth_notice_flash 132 redirect two_factor_auth_redirect 133 end
two_factor_authenticated?
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 102 def two_factor_authenticated? 103 !!session[two_factor_session_key] 104 end
two_factor_authentication_setup?
()
[show source]
# File lib/rodauth/features/otp.rb 221 def two_factor_authentication_setup? 222 super || otp_exists? 223 end
two_factor_modifications_require_password?
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 35 def two_factor_modifications_require_password? 36 modifications_require_password? 37 end
two_factor_need_setup_redirect
()
[show source]
# File lib/rodauth/features/otp.rb 225 def two_factor_need_setup_redirect 226 "#{prefix}/#{otp_setup_route}" 227 end
two_factor_password_match?
(password)
[show source]
# File lib/rodauth/features/two_factor_base.rb 94 def two_factor_password_match?(password) 95 if two_factor_modifications_require_password? 96 password_match?(password) 97 else 98 true 99 end 100 end
two_factor_remove
()
[show source]
# File lib/rodauth/features/otp.rb 233 def two_factor_remove 234 super 235 otp_remove 236 end
two_factor_remove_auth_failures
()
[show source]
# File lib/rodauth/features/otp.rb 238 def two_factor_remove_auth_failures 239 super 240 otp_remove_auth_failures 241 end
two_factor_remove_session
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 135 def two_factor_remove_session 136 session.delete(two_factor_session_key) 137 session[two_factor_setup_session_key] = false 138 end
two_factor_update_session
(type)
[show source]
# File lib/rodauth/features/two_factor_base.rb 140 def two_factor_update_session(type) 141 session[two_factor_session_key] = type 142 session[two_factor_setup_session_key] = true 143 end
unique_constraint_violation_class
()
Work around jdbc/sqlite issue where it only raises ConstraintViolation and not UniqueConstraintViolation.
[show source]
# File lib/rodauth/features/base.rb 580 def unique_constraint_violation_class 581 if db.adapter_scheme == :jdbc && db.database_type == :sqlite 582 # :nocov: 583 Sequel::ConstraintViolation 584 # :nocov: 585 else 586 Sequel::UniqueConstraintViolation 587 end 588 end
unlock_account
()
[show source]
# File lib/rodauth/features/lockout.rb 159 def unlock_account 160 transaction do 161 remove_lockout_metadata 162 end 163 end
unlock_account_email_body
()
[show source]
# File lib/rodauth/features/lockout.rb 286 def unlock_account_email_body 287 render('unlock-account-email') 288 end
unlock_account_email_link
()
[show source]
# File lib/rodauth/features/lockout.rb 224 def unlock_account_email_link 225 token_link(unlock_account_route, unlock_account_key_param, unlock_account_key_value) 226 end
unlock_account_email_recently_sent?
()
[show source]
# File lib/rodauth/features/lockout.rb 290 def unlock_account_email_recently_sent? 291 (email_last_sent = get_unlock_account_email_last_sent) && (Time.now - email_last_sent < unlock_account_skip_resend_email_within) 292 end
update_account
(values, ds=account_ds)
[show source]
# File lib/rodauth/features/base.rb 620 def update_account(values, ds=account_ds) 621 update_hash_ds(account, ds, values) 622 end
update_activity
(account_id, *columns)
[show source]
# File lib/rodauth/features/account_expiration.rb 113 def update_activity(account_id, *columns) 114 ds = account_activity_ds(account_id) 115 hash = {} 116 columns.each do |c| 117 hash[c] = Sequel::CURRENT_TIMESTAMP 118 end 119 if ds.update(hash) == 0 120 hash[account_activity_id_column] = account_id 121 hash[account_activity_last_activity_column] ||= Sequel::CURRENT_TIMESTAMP 122 hash[account_activity_last_login_column] ||= Sequel::CURRENT_TIMESTAMP 123 # It is safe to ignore uniqueness violations here, as a concurrent insert would also use current timestamps. 124 ignore_uniqueness_violation{ds.insert(hash)} 125 end 126 end
update_hash_ds
(hash, ds, values)
[show source]
# File lib/rodauth/features/base.rb 610 def update_hash_ds(hash, ds, values) 611 num = ds.update(values) 612 if num == 1 613 values.each do |k, v| 614 account[k] = v == Sequel::CURRENT_TIMESTAMP ? Time.now : v 615 end 616 end 617 num 618 end
update_last_activity
()
[show source]
# File lib/rodauth/features/account_expiration.rb 43 def update_last_activity 44 if session_value 45 update_activity(session_value, account_activity_last_activity_column) 46 end 47 end
update_last_login
()
[show source]
# File lib/rodauth/features/account_expiration.rb 39 def update_last_login 40 update_activity(account_id, account_activity_last_login_column, account_activity_last_activity_column) 41 end
update_login
(login)
[show source]
# File lib/rodauth/features/change_login.rb 76 def update_login(login) 77 _update_login(login) 78 end
update_password_changed_at
()
[show source]
# File lib/rodauth/features/password_expiration.rb 52 def update_password_changed_at 53 ds = password_expiration_ds 54 if ds.update(password_expiration_changed_at_column=>Sequel::CURRENT_TIMESTAMP) == 0 55 # Ignoring the violation is safe here, since a concurrent insert would also set it to the 56 # current timestamp. 57 ignore_uniqueness_violation{ds.insert(password_expiration_id_column=>account_id)} 58 end 59 end
update_password_hash?
()
[show source]
# File lib/rodauth/features/update_password_hash.rb 17 def update_password_hash? 18 password_hash_cost != @current_password_hash_cost 19 end
update_session
()
[show source]
# File lib/rodauth/features/account_expiration.rb 99 def update_session 100 check_account_expiration 101 super 102 end
update_single_session_key
()
[show source]
# File lib/rodauth/features/single_session.rb 62 def update_single_session_key 63 key = random_key 64 set_single_session_key(key) 65 if single_session_ds.update(single_session_key_column=>key) == 0 66 # Don't handle uniqueness violations here. While we could get the stored key from the 67 # database, it could lead to two sessions sharing the same key, which this feature is 68 # designed to prevent. 69 single_session_ds.insert(single_session_id_column=>session_value, single_session_key_column=>key) 70 end 71 end
update_sms
(values)
[show source]
# File lib/rodauth/features/sms_codes.rb 493 def update_sms(values) 494 update_hash_ds(sms, sms_ds, values) 495 end
use_database_authentication_functions?
()
[show source]
# File lib/rodauth/features/base.rb 459 def use_database_authentication_functions? 460 case db.database_type 461 when :postgres, :mysql, :mssql 462 true 463 else 464 # :nocov: 465 false 466 # :nocov: 467 end 468 end
use_date_arithmetic?
()
[show source]
# File lib/rodauth/features/base.rb 451 def use_date_arithmetic? 452 set_deadline_values? 453 end
use_jwt?
()
[show source]
# File lib/rodauth/features/jwt.rb 133 def use_jwt? 134 jwt_token || only_json? || json_request? 135 end
use_multi_phase_login?
()
[show source]
# File lib/rodauth/features/email_auth.rb 175 def use_multi_phase_login? 176 true 177 end
use_request_specific_csrf_tokens?
()
[show source]
# File lib/rodauth/features/base.rb 470 def use_request_specific_csrf_tokens? 471 scope.opts[:rodauth_csrf] == :route_csrf && scope.use_request_specific_csrf_tokens? 472 end
uses_two_factor_authentication?
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 110 def uses_two_factor_authentication? 111 return false unless logged_in? 112 session[two_factor_setup_session_key] = two_factor_authentication_setup? unless session.has_key?(two_factor_setup_session_key) 113 session[two_factor_setup_session_key] 114 end
valid_jwt?
()
[show source]
# File lib/rodauth/features/jwt.rb 137 def valid_jwt? 138 !!(jwt_token && jwt_payload) 139 end
verified_account?
()
[show source]
# File lib/rodauth/features/verify_account_grace_period.rb 17 def verified_account? 18 logged_in? && !session[unverified_account_session_key] 19 end
verify_account
()
[show source]
# File lib/rodauth/features/verify_account.rb 169 def verify_account 170 update_account(account_status_column=>account_open_status_value) == 1 171 end
verify_account_check_already_logged_in
()
[show source]
# File lib/rodauth/features/verify_account.rb 277 def verify_account_check_already_logged_in 278 check_already_logged_in 279 end
verify_account_ds
(id=account_id)
[show source]
# File lib/rodauth/features/verify_account.rb 310 def verify_account_ds(id=account_id) 311 db[verify_account_table].where(verify_account_id_column=>id) 312 end
verify_account_email_body
()
[show source]
# File lib/rodauth/features/verify_account.rb 306 def verify_account_email_body 307 render('verify-account-email') 308 end
verify_account_email_link
()
[show source]
# File lib/rodauth/features/verify_account.rb 207 def verify_account_email_link 208 token_link(verify_account_route, verify_account_key_param, verify_account_key_value) 209 end
verify_account_email_recently_sent?
()
[show source]
# File lib/rodauth/features/verify_account.rb 250 def verify_account_email_recently_sent? 251 (email_last_sent = get_verify_account_email_last_sent) && (Time.now - email_last_sent < verify_account_skip_resend_email_within) 252 end
verify_account_email_resend
()
[show source]
# File lib/rodauth/features/verify_account.rb 173 def verify_account_email_resend 174 if @verify_account_key_value = get_verify_account_key(account_id) 175 set_verify_account_email_last_sent 176 send_verify_account_email 177 true 178 end 179 end
verify_account_key_insert_hash
()
[show source]
# File lib/rodauth/features/verify_account.rb 298 def verify_account_key_insert_hash 299 {verify_account_id_column=>account_id, verify_account_key_column=>verify_account_key_value} 300 end
verify_account_resend_link
()
[show source]
# File lib/rodauth/features/verify_account.rb 227 def verify_account_resend_link 228 "<p><a href=\"#{prefix}/#{verify_account_resend_route}\">Resend Verify Account Information</a></p>" 229 end
verify_login_change
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 108 def verify_login_change 109 unless res = _update_login(verify_login_change_new_login) 110 remove_verify_login_change_key 111 end 112 113 res 114 end
verify_login_change_ds
(id=account_id)
[show source]
# File lib/rodauth/features/verify_login_change.rb 202 def verify_login_change_ds(id=account_id) 203 db[verify_login_change_table].where(verify_login_change_id_column=>id) 204 end
verify_login_change_email_body
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 198 def verify_login_change_email_body 199 render('verify-login-change-email') 200 end
verify_login_change_email_link
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 124 def verify_login_change_email_link 125 token_link(verify_login_change_route, verify_login_change_key_param, verify_login_change_key_value) 126 end
verify_login_change_key_insert_hash
(login)
[show source]
# File lib/rodauth/features/verify_login_change.rb 188 def verify_login_change_key_insert_hash(login) 189 hash = {verify_login_change_id_column=>account_id, verify_login_change_key_column=>verify_login_change_key_value, verify_login_change_login_column=>login} 190 set_deadline_value(hash, verify_login_change_deadline_column, verify_login_change_deadline_interval) 191 hash 192 end
verify_login_change_old_login
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 136 def verify_login_change_old_login 137 account_ds.get(login_column) 138 end
view
(page, title)
[show source]
# File lib/rodauth/features/base.rb 321 def view(page, title) 322 set_title(title) 323 _view(:view, page) 324 end