Methods
Public Class
- configure
- create_database_authentication_functions
- create_database_previous_password_check_functions
- drop_database_authentication_functions
- drop_database_previous_password_check_functions
- load_dependencies
- new
- version
Public Instance
- _account_from_email_auth_key
- _account_from_login
- _account_from_refresh_token
- _account_from_reset_password_key
- _account_from_session
- _account_from_unlock_key
- _account_from_verify_account_key
- _account_from_verify_login_change_key
- _email_auth_request
- _email_auth_request_and_redirect
- _field_attributes
- _field_error_attributes
- _formatted_field_error
- _json_response_body
- _login
- _login_form_footer
- _login_form_footer_links
- _multi_phase_login_forms
- _new_account
- _otp
- _otp_add_key
- _otp_key
- _otp_tmp_key
- _recovery_codes
- _sms
- _two_factor_auth_links
- _two_factor_remove_all_from_session
- _two_factor_remove_links
- _two_factor_setup_links
- _update_login
- _view
- _view_opts
- account_activity_ds
- account_ds
- account_expired?
- account_expired_at
- account_from_email_auth_key
- account_from_key
- account_from_login
- account_from_refresh_token
- account_from_reset_password_key
- account_from_session
- account_from_unlock_key
- account_from_verify_account_key
- account_from_verify_login_change_key
- account_id
- account_in_unverified_grace_period?
- account_initial_status_value
- account_lockouts_ds
- account_login_failures_ds
- account_password_hash_column
- account_session_status_filter
- account_webauthn_ids
- account_webauthn_usage
- account_webauthn_user_id
- active_remember_key_ds
- active_sessions_ds
- add_active_session
- add_audit_log
- add_field_error_class
- add_previous_password_hash
- add_recovery_code
- add_recovery_codes
- add_remember_key
- add_webauthn_credential
- after_change_password
- after_close_account
- after_create_account
- after_login
- after_login_entered_during_multi_phase_login
- after_login_failure
- after_logout
- after_refresh_token
- after_reset_password
- allow_email_auth?
- allow_resending_verify_account_email?
- already_logged_in
- audit_log_ds
- audit_log_insert_hash
- audit_log_message
- audit_log_message_default
- audit_log_metadata
- auth_class_eval
- authenticated?
- authenticated_by
- authenticated_webauthn_id
- auto_add_missing_recovery_codes
- autocomplete_for_field?
- autologin_session
- autologin_type
- base32_encode
- base_url
- before_change_login_route
- before_change_password_route
- before_login_attempt
- before_logout
- before_otp_setup_route
- before_reset_password
- before_reset_password_request
- before_rodauth
- before_unlock_account
- before_unlock_account_request
- before_verify_account
- before_view_recovery_codes
- before_webauthn_auth_route
- before_webauthn_login_route
- before_webauthn_remove_route
- before_webauthn_setup_route
- button
- button_opts
- can_add_recovery_codes?
- catch_error
- change_login
- change_login_notice_flash
- change_login_requires_password?
- change_password_requires_password?
- check_account_expiration
- check_active_session
- check_already_logged_in
- check_csrf?
- check_password_change_allowed
- check_session_expiration
- check_single_session
- clear_cached_otp
- clear_invalid_login_attempts
- clear_session
- close_account
- close_account_requires_password?
- compute_hmac
- compute_raw_hmac
- confirm_password
- confirm_password_redirect
- convert_email_token_key
- convert_session_key
- convert_timestamp
- convert_token_key
- create_account_autologin?
- create_account_notice_flash
- create_account_set_password?
- create_email
- create_email_auth_email
- create_email_auth_key
- create_email_to
- create_password_changed_email
- create_reset_password_email
- create_reset_password_key
- create_unlock_account_email
- create_verify_account_email
- create_verify_account_key
- create_verify_login_change_email
- create_verify_login_change_key
- csrf_tag
- currently_active_session?
- db
- delete_account
- delete_account_on_close?
- disable_remember_login
- domain
- email_auth_ds
- email_auth_email_body
- email_auth_email_link
- email_auth_email_recently_sent?
- email_auth_key_insert_hash
- email_auth_request_form
- email_from
- email_to
- expire_session
- features
- field_attributes
- field_error
- field_error_attributes
- flash
- forget_login
- formatted_field_error
- function_name
- generate_email_auth_key_value
- generate_refresh_token
- generate_remember_key_value
- generate_reset_password_key_value
- generate_unlock_account_key
- generate_verify_account_key_value
- generate_verify_login_change_key_value
- get_active_refresh_token
- get_activity_timestamp
- get_email_auth_email_last_sent
- get_email_auth_key
- get_password_changed_at
- get_password_hash
- get_password_reset_key
- get_remember_key
- get_reset_password_email_last_sent
- get_unlock_account_email_last_sent
- get_unlock_account_key
- get_verify_account_email_last_sent
- get_verify_account_key
- get_verify_login_change_login_and_key
- handle_duplicate_active_session_id
- handle_webauthn_sign_count_verification_error
- has_password?
- hook_action
- http_basic_auth
- inactive_session_cond
- include_success_messages?
- input_field_string
- inputmode_for_field?
- invalid_login_attempted
- invalid_previous_password_message
- json_request?
- json_response
- jwt_cors_allow?
- jwt_payload
- jwt_refresh_token_account_ds
- jwt_refresh_token_account_token_ds
- jwt_refresh_token_ds
- jwt_refresh_token_insert_hash
- jwt_secret
- jwt_session_hash
- jwt_token
- last_account_activity_at
- last_account_login_at
- load_memory
- loaded_templates
- locked_out?
- logged_in_via_remember_key?
- login_confirm_label
- login_does_not_meet_requirements_message
- login_failed_reset_password_request_form
- login_hidden_field
- login_input_type
- login_meets_email_requirements?
- login_meets_length_requirements?
- login_meets_requirements?
- login_required
- login_session
- login_too_long_message
- login_too_short_message
- login_uses_email?
- logout
- logout_additional_form_tags
- modifications_require_password?
- new_account
- new_recovery_code
- new_webauthn_credential
- no_longer_active_session
- only_json?
- open_account?
- otp_add_key
- otp_exists?
- otp_hmac_secret
- otp_issuer
- otp_key_ds
- otp_keys_use_hmac?
- otp_locked_out?
- otp_new_secret
- otp_provisioning_name
- otp_provisioning_uri
- otp_qr_code
- otp_record_authentication_failure
- otp_remove
- otp_remove_auth_failures
- otp_tmp_key
- otp_update_last_use
- otp_user_key
- otp_valid_code?
- otp_valid_key?
- param
- param_or_nil
- password_changed_email_body
- password_confirm_label
- password_does_not_contain_null_byte?
- password_does_not_meet_requirements_message
- password_doesnt_match_previous_password?
- password_expiration_ds
- password_expired?
- password_has_enough_character_groups?
- password_has_no_invalid_pattern?
- password_hash
- password_hash_cost
- password_hash_ds
- password_match?
- password_meets_length_requirements?
- password_meets_requirements?
- password_not_in_dictionary?
- password_not_one_of_the_most_common?
- password_not_too_many_repeating_characters?
- password_one_of_most_common?
- password_recently_entered?
- password_reset_ds
- password_too_short_message
- possible_authentication_methods
- post_configure
- previous_password_ds
- raises_uniqueness_violation?
- random_key
- raw_param
- recovery_code_match?
- recovery_codes_ds
- recovery_codes_primary?
- recovery_codes_remove
- redirect
- redirect_two_factor_authenticated
- remember_key_ds
- remember_login
- remove_all_active_sessions
- remove_all_webauthn_keys_and_user_ids
- remove_current_session
- remove_email_auth_key
- remove_inactive_sessions
- remove_jwt_refresh_token_key
- remove_lockout_metadata
- remove_remember_key
- remove_reset_password_key
- remove_session_value
- remove_verify_account_key
- remove_verify_login_change_key
- remove_webauthn_key
- render
- render_multi_phase_login_forms
- request
- require_account
- require_account_session
- require_authentication
- require_current_password
- require_http_basic_auth
- require_login
- require_login_confirmation?
- require_otp_setup
- require_password_authentication
- require_password_authentication?
- require_sms_available
- require_sms_not_setup
- require_sms_setup
- require_two_factor_authenticated
- require_two_factor_not_authenticated
- require_two_factor_setup
- require_webauthn_setup
- reset_password_email_body
- reset_password_email_link
- reset_password_email_recently_sent?
- reset_password_key_insert_hash
- reset_single_session_key
- response
- retry_on_uniqueness_violation
- return_json_response
- route!
- route_path
- route_url
- save_account
- send_email
- send_email_auth_email
- send_password_changed_email
- send_reset_password_email
- send_unlock_account_email
- send_verify_account_email
- send_verify_login_change_email
- serialize_audit_log_metadata
- session
- session_expiration_redirect
- session_inactivity_deadline_condition
- session_jwt
- session_lifetime_deadline_condition
- session_value
- set_deadline_value
- set_deadline_values?
- set_email_auth_email_last_sent
- set_error_flash
- set_expired
- set_field_error
- set_http_basic_auth_error_response
- set_jwt
- set_jwt_token
- set_last_password_entry
- set_new_account_password
- set_notice_flash
- set_notice_now_flash
- set_password
- set_redirect_error_flash
- set_redirect_error_status
- set_reset_password_email_last_sent
- set_response_error_status
- set_session_value
- set_single_session_key
- set_title
- set_unlock_account_email_last_sent
- set_verify_account_email_last_sent
- setup_account_verification
- show_lockout_page
- single_session_ds
- skip_login_field_on_login?
- skip_password_field_on_login?
- skip_status_checks?
- sms_auth_message
- sms_available?
- sms_code
- sms_code_issued_at
- sms_code_match?
- sms_codes_primary?
- sms_confirm
- sms_confirm_failure
- sms_confirm_message
- sms_confirmation_match?
- sms_current_auth?
- sms_disable
- sms_ds
- sms_failures
- sms_locked_out?
- sms_needs_confirmation?
- sms_new_auth_code
- sms_new_confirm_code
- sms_normalize_phone
- sms_phone
- sms_record_failure
- sms_remove_failures
- sms_send
- sms_send_auth_code
- sms_send_confirm_code
- sms_set_code
- sms_setup
- sms_setup?
- sms_valid_phone?
- split_token
- template_path
- throw_basic_auth_error
- throw_error
- throw_error_status
- timing_safe_eql?
- token_link
- transaction
- translate
- two_factor_authenticate
- two_factor_authenticated?
- two_factor_authentication_setup?
- two_factor_login_type_match?
- two_factor_modifications_require_password?
- two_factor_password_match?
- two_factor_remove
- two_factor_remove_auth_failures
- two_factor_remove_session
- two_factor_update_session
- unique_constraint_violation_class
- unlock_account
- unlock_account_email_body
- unlock_account_email_link
- unlock_account_email_recently_sent?
- update_account
- update_activity
- update_hash_ds
- update_last_activity
- update_last_login
- update_login
- update_password_changed_at
- update_password_hash?
- update_session
- update_single_session_key
- update_sms
- use_database_authentication_functions?
- use_date_arithmetic?
- use_jwt?
- use_multi_phase_login?
- use_request_specific_csrf_tokens?
- uses_two_factor_authentication?
- valid_jwt?
- valid_login_entered?
- valid_new_webauthn_credential?
- valid_webauthn_credential_auth?
- verified_account?
- verify_account
- verify_account_check_already_logged_in
- verify_account_ds
- verify_account_email_body
- verify_account_email_link
- verify_account_email_recently_sent?
- verify_account_email_resend
- verify_account_key_insert_hash
- verify_account_set_password?
- verify_account_view
- verify_login_change
- verify_login_change_ds
- verify_login_change_email_body
- verify_login_change_email_link
- verify_login_change_key_insert_hash
- verify_login_change_old_login
- view
- webauth_credential_options_for_get
- webauthn_account_id
- webauthn_auth_additional_form_tags
- webauthn_auth_credential_from_form_submission
- webauthn_auth_form_path
- webauthn_authenticator_selection
- webauthn_extensions
- webauthn_keys_ds
- webauthn_origin
- webauthn_remove_authenticated_session
- webauthn_rp_id
- webauthn_rp_name
- webauthn_setup?
- webauthn_setup_credential_from_form_submission
- webauthn_update_session
- webauthn_user_ids_ds
- webauthn_user_name
Classes and Modules
Constants
| FEATURES | = | {} | ||
| MAJOR | = | 2 |
The major version of |
|
| MINOR | = | 0 |
The minor version of |
|
| TINY | = | 0 |
The patch version of |
|
| VERSION | = | "#{MAJOR}.#{MINOR}.#{TINY}".freeze |
The full version of |
|
| VERSION_NUMBER | = | MAJOR*10000 + MINOR*100 + TINY |
The full version of |
Public Instance Aliases
| account_session_value | -> | account_id | |
| ignore_uniqueness_violation | -> | raises_uniqueness_violation? |
If you just want to ignore uniqueness violations, this alias makes more sense. |
| logged_in? | -> | session_value | |
| raised_uniqueness_violation | -> | raises_uniqueness_violation? |
If you would like to operate/reraise the exception, this alias makes more sense. |
Public Class methods
configure
(app, opts={}, &block)
[show source]
# File lib/rodauth.rb 33 def self.configure(app, opts={}, &block) 34 json_opt = app.opts[:rodauth_json] = opts.fetch(:json, app.opts[:rodauth_json]) 35 csrf = app.opts[:rodauth_csrf] = opts.fetch(:csrf, app.opts[:rodauth_csrf]) 36 app.opts[:rodauth_route_csrf] = case csrf 37 when false, :rack_csrf 38 false 39 else 40 json_opt != :only 41 end 42 auth_class = (app.opts[:rodauths] ||= {})[opts[:name]] ||= Class.new(Auth) 43 if !auth_class.roda_class 44 auth_class.roda_class = app 45 elsif auth_class.roda_class != app 46 auth_class = app.opts[:rodauths][opts[:name]] = Class.new(auth_class) 47 auth_class.roda_class = app 48 end 49 auth_class.configure(&block) 50 end
create_database_authentication_functions
(db, opts={})
[show source]
# File lib/rodauth/migrations.rb 4 def self.create_database_authentication_functions(db, opts={}) 5 table_name = opts[:table_name] || :account_password_hashes 6 get_salt_name = opts[:get_salt_name] || :rodauth_get_salt 7 valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash 8 9 case db.database_type 10 when :postgres 11 search_path = opts[:search_path] || 'public, pg_temp' 12 13 db.run <<END 14 CREATE OR REPLACE FUNCTION #{get_salt_name}(acct_id int8) RETURNS text AS $$ 15 DECLARE salt text; 16 BEGIN 17 SELECT substr(password_hash, 0, 30) INTO salt 18 FROM #{table_name} 19 WHERE acct_id = id; 20 RETURN salt; 21 END; 22 $$ LANGUAGE plpgsql 23 SECURITY DEFINER 24 SET search_path = #{search_path}; 25 END 26 27 db.run <<END 28 CREATE OR REPLACE FUNCTION #{valid_hash_name}(acct_id int8, hash text) RETURNS boolean AS $$ 29 DECLARE valid boolean; 30 BEGIN 31 SELECT password_hash = hash INTO valid 32 FROM #{table_name} 33 WHERE acct_id = id; 34 RETURN valid; 35 END; 36 $$ LANGUAGE plpgsql 37 SECURITY DEFINER 38 SET search_path = #{search_path}; 39 END 40 when :mysql 41 db.run <<END 42 CREATE FUNCTION #{get_salt_name}(acct_id int8) RETURNS varchar(255) 43 SQL SECURITY DEFINER 44 READS SQL DATA 45 BEGIN 46 RETURN (SELECT substr(password_hash, 1, 30) 47 FROM #{table_name} 48 WHERE acct_id = id); 49 END; 50 END 51 52 db.run <<END 53 CREATE FUNCTION #{valid_hash_name}(acct_id int8, hash varchar(255)) RETURNS tinyint(1) 54 SQL SECURITY DEFINER 55 READS SQL DATA 56 BEGIN 57 DECLARE valid tinyint(1); 58 DECLARE csr CURSOR FOR 59 SELECT password_hash = hash 60 FROM #{table_name} 61 WHERE acct_id = id; 62 OPEN csr; 63 FETCH csr INTO valid; 64 CLOSE csr; 65 RETURN valid; 66 END; 67 END 68 when :mssql 69 db.run <<END 70 CREATE FUNCTION #{get_salt_name}(@account_id bigint) RETURNS nvarchar(255) 71 WITH EXECUTE AS OWNER 72 AS 73 BEGIN 74 DECLARE @salt nvarchar(255); 75 SELECT @salt = substring(password_hash, 0, 30) 76 FROM #{table_name} 77 WHERE id = @account_id; 78 RETURN @salt; 79 END; 80 END 81 82 db.run <<END 83 CREATE FUNCTION #{valid_hash_name}(@account_id bigint, @hash nvarchar(255)) RETURNS bit 84 WITH EXECUTE AS OWNER 85 AS 86 BEGIN 87 DECLARE @valid bit; 88 DECLARE @ph nvarchar(255); 89 SELECT @ph = password_hash 90 FROM #{table_name} 91 WHERE id = @account_id; 92 IF(@hash = @ph) 93 SET @valid = 1; 94 ELSE 95 SET @valid = 0 96 RETURN @valid; 97 END; 98 END 99 end 100 end
create_database_previous_password_check_functions
(db, opts={})
[show source]
# File lib/rodauth/migrations.rb 116 def self.create_database_previous_password_check_functions(db, opts={}) 117 create_database_authentication_functions(db, {:table_name=>:account_previous_password_hashes, :get_salt_name=>:rodauth_get_previous_salt, :valid_hash_name=>:rodauth_previous_password_hash_match}.merge(opts)) 118 end
drop_database_authentication_functions
(db, opts={})
[show source]
# File lib/rodauth/migrations.rb 102 def self.drop_database_authentication_functions(db, opts={}) 103 get_salt_name = opts[:get_salt_name] || :rodauth_get_salt 104 valid_hash_name = opts[:valid_hash_name] || :rodauth_valid_password_hash 105 106 case db.database_type 107 when :postgres 108 db.run "DROP FUNCTION #{get_salt_name}(int8)" 109 db.run "DROP FUNCTION #{valid_hash_name}(int8, text)" 110 when :mysql, :mssql 111 db.run "DROP FUNCTION #{get_salt_name}" 112 db.run "DROP FUNCTION #{valid_hash_name}" 113 end 114 end
drop_database_previous_password_check_functions
(db, opts={})
[show source]
# File lib/rodauth/migrations.rb 120 def self.drop_database_previous_password_check_functions(db, opts={}) 121 drop_database_authentication_functions(db, {:get_salt_name=>:rodauth_get_previous_salt, :valid_hash_name=>:rodauth_previous_password_hash_match}.merge(opts)) 122 end
load_dependencies
(app, opts={})
[show source]
# File lib/rodauth.rb 6 def self.load_dependencies(app, opts={}) 7 json_opt = opts.fetch(:json, app.opts[:rodauth_json]) 8 if json_opt 9 app.plugin :json 10 app.plugin :json_parser 11 end 12 13 unless json_opt == :only 14 require 'tilt/string' 15 app.plugin :render 16 17 case opts.fetch(:csrf, app.opts[:rodauth_csrf]) 18 when false 19 # nothing 20 when :rack_csrf 21 # :nocov: 22 app.plugin :csrf 23 # :nocov: 24 else 25 app.plugin :route_csrf 26 end 27 28 app.plugin :flash unless opts[:flash] == false 29 app.plugin :h 30 end 31 end
new
(scope)
[show source]
# File lib/rodauth/features/base.rb 124 def initialize(scope) 125 @scope = scope 126 end
Public Instance methods
_account_from_email_auth_key
(token)
[show source]
# File lib/rodauth/features/email_auth.rb 252 def _account_from_email_auth_key(token) 253 account_from_key(token, account_open_status_value){|id| get_email_auth_key(id)} 254 end
_account_from_login
(login)
[show source]
# File lib/rodauth/features/base.rb 586 def _account_from_login(login) 587 ds = db[accounts_table].where(login_column=>login) 588 ds = ds.select(*account_select) if account_select 589 ds = ds.where(account_status_column=>[account_unverified_status_value, account_open_status_value]) unless skip_status_checks? 590 ds.first 591 end
_account_from_refresh_token
(token)
[show source]
# File lib/rodauth/features/jwt_refresh.rb 82 def _account_from_refresh_token(token) 83 id, token = split_token(token) 84 return unless id && token 85 86 token_id, key = split_token(token) 87 return unless token_id && key 88 89 return unless actual = get_active_refresh_token(id, token_id) 90 91 return unless timing_safe_eql?(key, convert_token_key(actual)) 92 93 ds = account_ds(id) 94 ds = ds.where(account_status_column=>account_open_status_value) unless skip_status_checks? 95 ds.first 96 end
_account_from_reset_password_key
(token)
[show source]
# File lib/rodauth/features/reset_password.rb 265 def _account_from_reset_password_key(token) 266 account_from_key(token, account_open_status_value){|id| get_password_reset_key(id)} 267 end
_account_from_session
()
[show source]
# File lib/rodauth/features/base.rb 593 def _account_from_session 594 ds = account_ds(session_value) 595 ds = ds.where(account_session_status_filter) unless skip_status_checks? 596 ds.first 597 end
_account_from_unlock_key
(token)
[show source]
# File lib/rodauth/features/lockout.rb 304 def _account_from_unlock_key(token) 305 account_from_key(token){|id| account_lockouts_ds(id).get(account_lockouts_key_column)} 306 end
_account_from_verify_account_key
(token)
[show source]
# File lib/rodauth/features/verify_account.rb 317 def _account_from_verify_account_key(token) 318 account_from_key(token, account_unverified_status_value){|id| get_verify_account_key(id)} 319 end
_account_from_verify_login_change_key
(token)
[show source]
# File lib/rodauth/features/verify_login_change.rb 207 def _account_from_verify_login_change_key(token) 208 account_from_key(token) do |id| 209 @verify_login_change_new_login, key = get_verify_login_change_login_and_key(id) 210 key 211 end 212 end
_email_auth_request
()
[show source]
# File lib/rodauth/features/email_auth.rb 186 def _email_auth_request 187 if email_auth_email_recently_sent? 188 set_redirect_error_flash email_auth_email_recently_sent_error_flash 189 redirect email_auth_email_recently_sent_redirect 190 end 191 192 generate_email_auth_key_value 193 transaction do 194 before_email_auth_request 195 create_email_auth_key 196 send_email_auth_email 197 after_email_auth_request 198 end 199 200 set_notice_flash email_auth_email_sent_notice_flash 201 end
_email_auth_request_and_redirect
()
[show source]
# File lib/rodauth/features/email_auth.rb 181 def _email_auth_request_and_redirect 182 _email_auth_request 183 redirect email_auth_email_sent_redirect 184 end
_field_attributes
(field)
[show source]
# File lib/rodauth/features/base.rb 603 def _field_attributes(field) 604 nil 605 end
_field_error_attributes
(field)
[show source]
# File lib/rodauth/features/base.rb 607 def _field_error_attributes(field) 608 " aria-invalid=\"true\" aria-describedby=\"#{field}_error_message\" " 609 end
_formatted_field_error
(field, error)
[show source]
# File lib/rodauth/features/base.rb 611 def _formatted_field_error(field, error) 612 "<span class=\"#{input_field_error_message_class}\" id=\"#{field}_error_message\">#{error}</span>" 613 end
_json_response_body
(hash)
[show source]
# File lib/rodauth/features/jwt.rb 260 def _json_response_body(hash) 261 request.send(:convert_to_json, hash) 262 end
_login
(auth_type)
[show source]
# File lib/rodauth/features/login.rb 128 def _login(auth_type) 129 saved_login_redirect = remove_session_value(login_redirect_session_key) 130 transaction do 131 before_login 132 login_session(auth_type) 133 yield if block_given? 134 after_login 135 end 136 set_notice_flash login_notice_flash 137 redirect(saved_login_redirect || login_redirect) 138 end
_multi_phase_login_forms
()
[show source]
# File lib/rodauth/features/email_auth.rb 171 def _multi_phase_login_forms 172 forms = super 173 forms << [30, email_auth_request_form, :_email_auth_request_and_redirect] if valid_login_entered? && allow_email_auth? 174 forms 175 end
_new_account
(login)
[show source]
# File lib/rodauth/features/create_account.rb 118 def _new_account(login) 119 acc = {login_column=>login} 120 unless skip_status_checks? 121 acc[account_status_column] = account_initial_status_value 122 end 123 acc 124 end
_otp
()
[show source]
# File lib/rodauth/features/otp.rb 399 def _otp 400 otp_class.new(otp_user_key, :issuer=>otp_issuer, :digits=>otp_digits, :interval=>otp_interval) 401 end
_otp_add_key
(secret)
[show source]
# File lib/rodauth/features/otp.rb 388 def _otp_add_key(secret) 389 # Uniqueness errors can't be handled here, as we can't be sure the secret provided 390 # is the same as the current secret. 391 otp_key_ds.insert(otp_keys_id_column=>session_value, otp_keys_column=>secret) 392 end
_otp_key
()
[show source]
# File lib/rodauth/features/otp.rb 394 def _otp_key 395 @otp_user_key = nil 396 otp_key_ds.get(otp_keys_column) 397 end
_otp_tmp_key
(secret)
[show source]
# File lib/rodauth/features/otp.rb 382 def _otp_tmp_key(secret) 383 @otp_tmp_key = true 384 @otp_user_key = nil 385 @otp_key = secret 386 end
_recovery_codes
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 230 def _recovery_codes 231 recovery_codes_ds.select_map(recovery_codes_column) 232 end
_sms
()
[show source]
# File lib/rodauth/features/sms_codes.rb 488 def _sms 489 sms_ds.first 490 end
_two_factor_auth_links
()
[show source]
# File lib/rodauth/features/confirm_password.rb 78 def _two_factor_auth_links 79 links = (super if defined?(super)) || [] 80 if authenticated_by.length == 1 && !authenticated_by.include?('password') && has_password? 81 links << [5, confirm_password_path, confirm_password_link_text] 82 end 83 links 84 end
_two_factor_remove_all_from_session
()
[show source]
# File lib/rodauth/features/otp.rb 338 def _two_factor_remove_all_from_session 339 two_factor_remove_session('totp') 340 super 341 end
_two_factor_remove_links
()
[show source]
# File lib/rodauth/features/otp.rb 332 def _two_factor_remove_links 333 links = super 334 links << [20, otp_disable_path, otp_disable_link_text] if otp_exists? 335 links 336 end
_two_factor_setup_links
()
[show source]
# File lib/rodauth/features/otp.rb 326 def _two_factor_setup_links 327 links = super 328 links << [20, otp_setup_path, otp_setup_link_text] unless otp_exists? 329 links 330 end
_update_login
(login)
[show source]
# File lib/rodauth/features/change_login.rb 80 def _update_login(login) 81 updated = nil 82 raised = raises_uniqueness_violation?{updated = update_account({login_column=>login}, account_ds.exclude(login_column=>login)) == 1} 83 if raised 84 @login_requirement_message = already_an_account_with_this_login_message 85 end 86 updated && !raised 87 end
_view
(meth, page)
[show source]
# File lib/rodauth/features/base.rb 731 def _view(meth, page) 732 scope.send(meth, _view_opts(page)) 733 end
_view_opts
(page)
[show source]
# File lib/rodauth/features/base.rb 716 def _view_opts(page) 717 opts = template_opts.dup 718 opts[:locals] = opts[:locals] ? opts[:locals].dup : {} 719 opts[:locals][:rodauth] = self 720 opts[:cache] = cache_templates 721 opts[:cache_key] = :"rodauth_#{page}" 722 723 opts = scope.send(:find_template, scope.send(:parse_template_opts, page, opts)) 724 unless File.file?(scope.send(:template_path, opts)) 725 opts[:path] = template_path(page) 726 end 727 728 opts 729 end
account_activity_ds
(account_id)
[show source]
# File lib/rodauth/features/account_expiration.rb 104 def account_activity_ds(account_id) 105 db[account_activity_table]. 106 where(account_activity_id_column=>account_id) 107 end
account_ds
(id=account_id)
[show source]
# File lib/rodauth/features/base.rb 623 def account_ds(id=account_id) 624 raise ArgumentError, "invalid account id passed to account_ds" unless id 625 ds = db[accounts_table].where(account_id_column=>id) 626 ds = ds.select(*account_select) if account_select 627 ds 628 end
account_expired?
()
[show source]
# File lib/rodauth/features/account_expiration.rb 54 def account_expired? 55 columns = [account_activity_last_activity_column, account_activity_last_login_column, account_activity_expired_column] 56 last_activity, last_login, expired = account_activity_ds(account_id).get(columns) 57 return true if expired 58 timestamp = convert_timestamp(expire_account_on_last_activity? ? last_activity : last_login) 59 return false unless timestamp 60 timestamp < Time.now - expire_account_after 61 end
account_expired_at
()
[show source]
# File lib/rodauth/features/account_expiration.rb 35 def account_expired_at 36 get_activity_timestamp(account_id, account_activity_expired_column) 37 end
account_from_email_auth_key
(key)
[show source]
# File lib/rodauth/features/email_auth.rb 130 def account_from_email_auth_key(key) 131 @account = _account_from_email_auth_key(key) 132 end
account_from_key
(token, status_id=nil)
[show source]
# File lib/rodauth/features/email_base.rb 61 def account_from_key(token, status_id=nil) 62 id, key = split_token(token) 63 return unless id && key 64 65 return unless actual = yield(id) 66 67 unless timing_safe_eql?(key, convert_email_token_key(actual)) 68 if hmac_secret && allow_raw_email_token? 69 return unless timing_safe_eql?(key, actual) 70 else 71 return 72 end 73 end 74 75 ds = account_ds(id) 76 ds = ds.where(account_status_column=>status_id) if status_id && !skip_status_checks? 77 ds.first 78 end
account_from_login
(login)
[show source]
# File lib/rodauth/features/base.rb 245 def account_from_login(login) 246 @account = _account_from_login(login) 247 end
account_from_refresh_token
(token)
[show source]
# File lib/rodauth/features/jwt_refresh.rb 76 def account_from_refresh_token(token) 77 @account = _account_from_refresh_token(token) 78 end
account_from_reset_password_key
(key)
[show source]
# File lib/rodauth/features/password_expiration.rb 45 def account_from_reset_password_key(key) 46 if a = super 47 check_password_change_allowed 48 end 49 a 50 end
account_from_session
()
[show source]
# File lib/rodauth/features/base.rb 332 def account_from_session 333 @account = _account_from_session 334 end
account_from_unlock_key
(key)
[show source]
# File lib/rodauth/features/lockout.rb 214 def account_from_unlock_key(key) 215 @account = _account_from_unlock_key(key) 216 end
account_from_verify_account_key
(key)
[show source]
# File lib/rodauth/features/verify_account.rb 198 def account_from_verify_account_key(key) 199 @account = _account_from_verify_account_key(key) 200 end
account_from_verify_login_change_key
(key)
[show source]
# File lib/rodauth/features/verify_login_change.rb 117 def account_from_verify_login_change_key(key) 118 @account = _account_from_verify_login_change_key(key) 119 end
account_id
()
[show source]
# File lib/rodauth/features/base.rb 235 def account_id 236 account[account_id_column] 237 end
account_in_unverified_grace_period?
()
[show source]
# File lib/rodauth/features/verify_account_grace_period.rb 77 def account_in_unverified_grace_period? 78 account[account_status_column] == account_unverified_status_value && 79 verify_account_grace_period && 80 !verify_account_ds.where(Sequel.date_add(verification_requested_at_column, :seconds=>verify_account_grace_period) > Sequel::CURRENT_TIMESTAMP).empty? 81 end
account_initial_status_value
()
[show source]
# File lib/rodauth/features/base.rb 328 def account_initial_status_value 329 account_open_status_value 330 end
account_lockouts_ds
(id=account_id)
[show source]
# File lib/rodauth/features/lockout.rb 300 def account_lockouts_ds(id=account_id) 301 db[account_lockouts_table].where(account_lockouts_id_column=>id) 302 end
account_login_failures_ds
()
[show source]
# File lib/rodauth/features/lockout.rb 296 def account_login_failures_ds 297 db[account_login_failures_table].where(account_login_failures_id_column=>account_id) 298 end
account_password_hash_column
()
If the account_password_hash_column is set, the password hash is verified in ruby, it will not use a database function to do so, it will check the password hash using bcrypt.
[show source]
# File lib/rodauth/features/base.rb 260 def account_password_hash_column 261 nil 262 end
account_session_status_filter
()
[show source]
# File lib/rodauth/features/base.rb 615 def account_session_status_filter 616 {account_status_column=>account_open_status_value} 617 end
account_webauthn_ids
()
[show source]
# File lib/rodauth/features/webauthn.rb 262 def account_webauthn_ids 263 webauthn_keys_ds.select_map(webauthn_keys_webauthn_id_column) 264 end
account_webauthn_usage
()
[show source]
# File lib/rodauth/features/webauthn.rb 266 def account_webauthn_usage 267 webauthn_keys_ds.select_hash(webauthn_keys_webauthn_id_column, webauthn_keys_last_use_column) 268 end
account_webauthn_user_id
()
[show source]
# File lib/rodauth/features/webauthn.rb 270 def account_webauthn_user_id 271 unless webauthn_id = webauthn_user_ids_ds.get(webauthn_user_ids_webauthn_id_column) 272 webauthn_id = WebAuthn.generate_user_id 273 if e = raised_uniqueness_violation do 274 webauthn_user_ids_ds.insert( 275 webauthn_user_ids_account_id_column => webauthn_account_id, 276 webauthn_user_ids_webauthn_id_column => webauthn_id 277 ) 278 end 279 # If two requests to create a webauthn user id are sent at the same time and an insert 280 # is attempted for both, one will fail with a unique constraint violation. In that case 281 # it is safe for the second one to use the webauthn user id inserted by the other request. 282 # If there is still no webauthn user id at this point, then we'll just reraise the 283 # exception. 284 # :nocov: 285 raise e unless webauthn_id = webauthn_user_ids_ds.get(webauthn_user_ids_webauthn_id_column) 286 # :nocov: 287 end 288 end 289 290 webauthn_id 291 end
active_remember_key_ds
(id=account_id)
[show source]
# File lib/rodauth/features/remember.rb 200 def active_remember_key_ds(id=account_id) 201 remember_key_ds(id).where(Sequel.expr(remember_deadline_column) > Sequel::CURRENT_TIMESTAMP) 202 end
active_sessions_ds
()
[show source]
# File lib/rodauth/features/active_sessions.rb 150 def active_sessions_ds 151 db[active_sessions_table]. 152 where(active_sessions_account_id_column=>session_value) 153 end
add_active_session
()
[show source]
# File lib/rodauth/features/active_sessions.rb 59 def add_active_session 60 key = random_key 61 set_session_value(session_id_session_key, key) 62 if e = raises_uniqueness_violation? do 63 active_sessions_ds.insert(active_sessions_account_id_column => session_value, active_sessions_session_id_column => compute_hmac(key)) 64 end 65 handle_duplicate_active_session_id(e) 66 end 67 nil 68 end
add_audit_log
(account_id, action)
[show source]
# File lib/rodauth/features/audit_logging.rb 39 def add_audit_log(account_id, action) 40 if hash = audit_log_insert_hash(account_id, action) 41 audit_log_ds.insert(hash) 42 end 43 end
add_field_error_class
(field)
[show source]
# File lib/rodauth/features/base.rb 165 def add_field_error_class(field) 166 if field_error(field) 167 " #{input_field_error_class}" 168 end 169 end
add_previous_password_hash
(hash)
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 25 def add_previous_password_hash(hash) 26 ds = previous_password_ds 27 keep_before = ds.reverse(previous_password_id_column). 28 limit(nil, previous_passwords_to_check). 29 get(previous_password_id_column) 30 31 if keep_before 32 ds.where(Sequel.expr(previous_password_id_column) <= keep_before). 33 delete 34 end 35 36 # This should never raise uniqueness violations, as it uses a serial primary key 37 ds.insert(previous_password_account_id_column=>account_id, previous_password_hash_column=>hash) 38 end
add_recovery_code
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 182 def add_recovery_code 183 # This should never raise uniqueness violations unless the recovery code is the same, and the odds of that 184 # are 1/256**32 assuming a good random number generator. Still, attempt to handle that case by retrying 185 # on such a uniqueness violation. 186 retry_on_uniqueness_violation do 187 recovery_codes_ds.insert(recovery_codes_id_column=>session_value, recovery_codes_column=>new_recovery_code) 188 end 189 end
add_recovery_codes
(number)
[show source]
# File lib/rodauth/features/recovery_codes.rb 172 def add_recovery_codes(number) 173 return if number <= 0 174 transaction do 175 number.times do 176 add_recovery_code 177 end 178 end 179 remove_instance_variable(:@recovery_codes) 180 end
add_remember_key
()
[show source]
# File lib/rodauth/features/remember.rb 155 def add_remember_key 156 hash = {remember_id_column=>account_id, remember_key_column=>remember_key_value} 157 set_deadline_value(hash, remember_deadline_column, remember_deadline_interval) 158 159 if e = raised_uniqueness_violation{remember_key_ds.insert(hash)} 160 # If inserting into the remember key table causes a violation, we can pull the 161 # existing row from the table. If there is no invalid row, we can then reraise. 162 raise e unless @remember_key_value = active_remember_key_ds.get(remember_key_column) 163 end 164 end
add_webauthn_credential
(_)
[show source]
# File lib/rodauth/features/recovery_codes.rb 146 def add_webauthn_credential(_) 147 super if defined?(super) 148 auto_add_missing_recovery_codes 149 end
after_change_password
()
[show source]
# File lib/rodauth/features/change_password_notify.rb 31 def after_change_password 32 super 33 send_password_changed_email 34 end
after_close_account
()
[show source]
# File lib/rodauth/features/account_expiration.rb 99 def after_close_account 100 super if defined?(super) 101 account_activity_ds(account_id).delete 102 end
after_create_account
()
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 72 def after_create_account 73 if account_password_hash_column && !(respond_to?(:verify_account_set_password?) && verify_account_set_password?) 74 add_previous_password_hash(password_hash(param(password_param))) 75 end 76 super if defined?(super) 77 end
after_login
()
[show source]
# File lib/rodauth/features/email_auth.rb 209 def after_login 210 # Remove the email auth key after any login, even if 211 # it is a password login. This is done to invalidate 212 # the email login when a user has a password and requests 213 # email authentication, but then remembers their password 214 # and doesn't need the link. At that point, the link 215 # that allows login access to the account becomes a 216 # security liability, and it is best to remove it. 217 remove_email_auth_key 218 super if defined?(super) 219 end
after_login_entered_during_multi_phase_login
()
[show source]
# File lib/rodauth/features/email_auth.rb 152 def after_login_entered_during_multi_phase_login 153 # If forcing email auth, just send the email link. 154 _email_auth_request_and_redirect if force_email_auth? 155 156 super 157 end
after_login_failure
()
[show source]
# File lib/rodauth/features/lockout.rb 254 def after_login_failure 255 invalid_login_attempted 256 super 257 end
after_logout
()
[show source]
# File lib/rodauth/features/remember.rb 176 def after_logout 177 forget_login 178 super if defined?(super) 179 end
after_refresh_token
()
[show source]
# File lib/rodauth/features/active_sessions.rb 104 def after_refresh_token 105 super if defined?(super) 106 if prev_key = session[session_id_session_key] 107 key = random_key 108 set_session_value(session_id_session_key, key) 109 active_sessions_ds. 110 where(active_sessions_session_id_column => compute_hmac(prev_key)). 111 update(active_sessions_session_id_column => compute_hmac(key)) 112 end 113 end
after_reset_password
()
[show source]
# File lib/rodauth/features/password_grace_period.rb 39 def after_reset_password 40 super if defined?(super) 41 @last_password_entry = Time.now.to_i 42 end
allow_email_auth?
()
[show source]
# File lib/rodauth/features/email_auth.rb 205 def allow_email_auth? 206 defined?(super) ? super : true 207 end
allow_resending_verify_account_email?
()
[show source]
# File lib/rodauth/features/verify_account.rb 164 def allow_resending_verify_account_email? 165 account[account_status_column] == account_unverified_status_value 166 end
already_logged_in
()
[show source]
# File lib/rodauth/features/base.rb 268 def already_logged_in 269 nil 270 end
audit_log_ds
()
[show source]
# File lib/rodauth/features/audit_logging.rb 83 def audit_log_ds 84 ds = db[audit_logging_table] 85 if db.database_type == :postgres 86 # For PostgreSQL, use RETURNING NULL. This allows the feature 87 # to be used with INSERT but not SELECT permissions on the 88 # table, useful for audit logging where the database user 89 # the application is running as should not need to read the 90 # logs. 91 ds = ds.returning(nil) 92 end 93 ds 94 end
audit_log_insert_hash
(account_id, action)
[show source]
# File lib/rodauth/features/audit_logging.rb 45 def audit_log_insert_hash(account_id, action) 46 if message = audit_log_message(action) 47 { 48 audit_logging_account_id_column => account_id, 49 audit_logging_message_column => message, 50 audit_logging_metadata_column => serialize_audit_log_metadata(audit_log_metadata(action)) 51 } 52 end 53 end
audit_log_message
(action)
[show source]
# File lib/rodauth/features/audit_logging.rb 63 def audit_log_message(action) 64 meth = :"audit_log_message_for_#{action}" 65 if respond_to?(meth, true) 66 send(meth) 67 else 68 audit_log_message_default(action) 69 end 70 end
audit_log_message_default
(action)
[show source]
# File lib/rodauth/features/audit_logging.rb 59 def audit_log_message_default(action) 60 action.to_s 61 end
audit_log_metadata
(action)
[show source]
# File lib/rodauth/features/audit_logging.rb 72 def audit_log_metadata(action) 73 meth = :"audit_log_metadata_for_#{action}" 74 if respond_to?(meth, true) 75 send(meth) 76 else 77 audit_log_metadata_default 78 end 79 end
auth_class_eval
(&block)
[show source]
# File lib/rodauth/features/base.rb 116 def auth_class_eval(&block) 117 auth.class_eval(&block) 118 end
authenticated?
()
[show source]
# File lib/rodauth/features/base.rb 320 def authenticated? 321 logged_in? 322 end
authenticated_by
()
[show source]
# File lib/rodauth/features/base.rb 399 def authenticated_by 400 session[authenticated_by_session_key] 401 end
authenticated_webauthn_id
()
[show source]
# File lib/rodauth/features/webauthn.rb 242 def authenticated_webauthn_id 243 session[authenticated_webauthn_id_session_key] 244 end
auto_add_missing_recovery_codes
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 224 def auto_add_missing_recovery_codes 225 if auto_add_recovery_codes? 226 add_recovery_codes(recovery_codes_limit - recovery_codes.length) 227 end 228 end
autocomplete_for_field?
(_param)
[show source]
# File lib/rodauth/features/base.rb 195 def autocomplete_for_field?(_param) 196 mark_input_fields_with_autocomplete? 197 end
autologin_session
(autologin_type)
[show source]
# File lib/rodauth/features/base.rb 412 def autologin_session(autologin_type) 413 login_session('autologin') 414 set_session_value(autologin_type_session_key, autologin_type) 415 end
autologin_type
()
[show source]
# File lib/rodauth/features/base.rb 408 def autologin_type 409 session[autologin_type_session_key] 410 end
base32_encode
(data, length)
[show source]
# File lib/rodauth/features/otp.rb 377 def base32_encode(data, length) 378 chars = 'abcdefghijklmnopqrstuvwxyz234567' 379 length.times.map{|i|chars[data[i].ord % 32]}.join 380 end
base_url
()
[show source]
# File lib/rodauth/features/base.rb 434 def base_url 435 request.base_url 436 end
before_change_login_route
()
[show source]
# File lib/rodauth/features/verify_account_grace_period.rb 47 def before_change_login_route 48 unless verified_account? 49 set_redirect_error_flash unverified_change_login_error_flash 50 redirect unverified_change_login_redirect 51 end 52 super if defined?(super) 53 end
before_change_password_route
()
[show source]
# File lib/rodauth/features/password_expiration.rb 90 def before_change_password_route 91 check_password_change_allowed 92 super 93 end
before_login_attempt
()
[show source]
# File lib/rodauth/features/lockout.rb 242 def before_login_attempt 243 if locked_out? 244 show_lockout_page 245 end 246 super 247 end
before_logout
()
[show source]
# File lib/rodauth/features/active_sessions.rb 120 def before_logout 121 if request.post? 122 if param_or_nil(global_logout_param) 123 remove_all_active_sessions 124 else 125 remove_current_session 126 end 127 end 128 super if defined?(super) 129 end
before_otp_setup_route
()
[show source]
# File lib/rodauth/features/jwt.rb 213 def before_otp_setup_route 214 super if defined?(super) 215 if use_jwt? && otp_keys_use_hmac? && !param_or_nil(otp_setup_raw_param) 216 _otp_tmp_key(otp_new_secret) 217 json_response[otp_setup_param] = otp_user_key 218 json_response[otp_setup_raw_param] = otp_key 219 end 220 end
before_reset_password
()
[show source]
# File lib/rodauth/features/account_expiration.rb 79 def before_reset_password 80 check_account_expiration 81 super if defined?(super) 82 end
before_reset_password_request
()
[show source]
# File lib/rodauth/features/account_expiration.rb 84 def before_reset_password_request 85 check_account_expiration 86 super if defined?(super) 87 end
before_rodauth
()
[show source]
# File lib/rodauth/features/jwt.rb 143 def before_rodauth 144 if json_request? 145 if jwt_check_accept? && (accept = request.env['HTTP_ACCEPT']) && accept !~ json_accept_regexp 146 response.status = 406 147 json_response[json_response_error_key] = json_not_accepted_error_message 148 response['Content-Type'] ||= json_response_content_type 149 response.write(request.send(:convert_to_json, json_response)) 150 request.halt 151 end 152 153 unless request.post? 154 response.status = 405 155 response.headers['Allow'] = 'POST' 156 json_response[json_response_error_key] = json_non_post_error_message 157 return_json_response 158 end 159 elsif only_json? 160 response.status = json_response_error_status 161 response.write non_json_request_error_message 162 request.halt 163 end 164 165 super 166 end
before_unlock_account
()
[show source]
# File lib/rodauth/features/account_expiration.rb 89 def before_unlock_account 90 check_account_expiration 91 super if defined?(super) 92 end
before_unlock_account_request
()
[show source]
# File lib/rodauth/features/account_expiration.rb 94 def before_unlock_account_request 95 check_account_expiration 96 super if defined?(super) 97 end
before_verify_account
()
[show source]
# File lib/rodauth/features/webauthn_verify_account.rb 30 def before_verify_account 31 super 32 if features.include?(:jwt) && use_jwt? && !param_or_nil(webauthn_setup_param) 33 cred = new_webauthn_credential 34 json_response[webauthn_setup_param] = cred.as_json 35 json_response[webauthn_setup_challenge_param] = cred.challenge 36 json_response[webauthn_setup_challenge_hmac_param] = compute_hmac(cred.challenge) 37 end 38 @webauthn_credential = webauthn_setup_credential_from_form_submission 39 add_webauthn_credential(@webauthn_credential) 40 end
before_view_recovery_codes
()
[show source]
# File lib/rodauth/features/jwt.rb 168 def before_view_recovery_codes 169 super if defined?(super) 170 if use_jwt? 171 json_response[:codes] = recovery_codes 172 json_response[json_response_success_key] ||= "" if include_success_messages? 173 end 174 end
before_webauthn_auth_route
()
[show source]
# File lib/rodauth/features/jwt.rb 186 def before_webauthn_auth_route 187 super if defined?(super) 188 if use_jwt? && !param_or_nil(webauthn_auth_param) 189 cred = webauth_credential_options_for_get 190 json_response[webauthn_auth_param] = cred.as_json 191 json_response[webauthn_auth_challenge_param] = cred.challenge 192 json_response[webauthn_auth_challenge_hmac_param] = compute_hmac(cred.challenge) 193 end 194 end
before_webauthn_login_route
()
[show source]
# File lib/rodauth/features/jwt.rb 196 def before_webauthn_login_route 197 super if defined?(super) 198 if use_jwt? && !param_or_nil(webauthn_auth_param) && account_from_login(param(login_param)) 199 cred = webauth_credential_options_for_get 200 json_response[webauthn_auth_param] = cred.as_json 201 json_response[webauthn_auth_challenge_param] = cred.challenge 202 json_response[webauthn_auth_challenge_hmac_param] = compute_hmac(cred.challenge) 203 end 204 end
before_webauthn_remove_route
()
[show source]
# File lib/rodauth/features/jwt.rb 206 def before_webauthn_remove_route 207 super if defined?(super) 208 if use_jwt? && !param_or_nil(webauthn_remove_param) 209 json_response[webauthn_remove_param] = account_webauthn_usage 210 end 211 end
before_webauthn_setup_route
()
[show source]
# File lib/rodauth/features/jwt.rb 176 def before_webauthn_setup_route 177 super if defined?(super) 178 if use_jwt? && !param_or_nil(webauthn_setup_param) 179 cred = new_webauthn_credential 180 json_response[webauthn_setup_param] = cred.as_json 181 json_response[webauthn_setup_challenge_param] = cred.challenge 182 json_response[webauthn_setup_challenge_hmac_param] = compute_hmac(cred.challenge) 183 end 184 end
button
(value, opts={})
[show source]
# File lib/rodauth/features/base.rb 357 def button(value, opts={}) 358 scope.render(button_opts(value, opts)) 359 end
button_opts
(value, opts)
[show source]
# File lib/rodauth/features/base.rb 348 def button_opts(value, opts) 349 opts = Hash[template_opts].merge!(opts) 350 opts[:locals] = {:value=>value, :opts=>opts} 351 opts[:path] = template_path('button') 352 opts[:cache] = cache_templates 353 opts[:cache_key] = :rodauth_button 354 opts 355 end
can_add_recovery_codes?
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 168 def can_add_recovery_codes? 169 recovery_codes.length < recovery_codes_limit 170 end
catch_error
(&block)
[show source]
# File lib/rodauth/features/base.rb 507 def catch_error(&block) 508 catch(:rodauth_error, &block) 509 end
change_login
(login)
[show source]
# File lib/rodauth/features/change_login.rb 65 def change_login(login) 66 if account_ds.get(login_column).downcase == login.downcase 67 @login_requirement_message = 'same as current login' 68 return false 69 end 70 71 update_login(login) 72 end
change_login_notice_flash
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 133 def change_login_notice_flash 134 "An email has been sent to you with a link to verify your login change" 135 end
change_login_requires_password?
()
[show source]
# File lib/rodauth/features/change_login.rb 61 def change_login_requires_password? 62 modifications_require_password? 63 end
change_password_requires_password?
()
[show source]
# File lib/rodauth/features/change_password.rb 66 def change_password_requires_password? 67 modifications_require_password? 68 end
check_account_expiration
()
[show source]
# File lib/rodauth/features/account_expiration.rb 63 def check_account_expiration 64 if account_expired? 65 set_expired unless account_expired_at 66 set_redirect_error_flash account_expiration_error_flash 67 redirect account_expiration_redirect 68 end 69 update_last_login 70 end
check_active_session
()
[show source]
# File lib/rodauth/features/active_sessions.rb 46 def check_active_session 47 if logged_in? && !currently_active_session? 48 no_longer_active_session 49 end 50 end
check_already_logged_in
()
[show source]
# File lib/rodauth/features/base.rb 264 def check_already_logged_in 265 already_logged_in if logged_in? 266 end
check_csrf?
()
[show source]
# File lib/rodauth/features/base.rb 552 def check_csrf? 553 scope.opts[:rodauth_route_csrf] 554 end
check_password_change_allowed
()
[show source]
# File lib/rodauth/features/password_expiration.rb 30 def check_password_change_allowed 31 if password_changed_at = get_password_changed_at 32 if password_changed_at > Time.now - allow_password_change_after 33 set_redirect_error_flash password_not_changeable_yet_error_flash 34 redirect password_not_changeable_yet_redirect 35 end 36 end 37 end
check_session_expiration
()
[show source]
# File lib/rodauth/features/session_expiration.rb 16 def check_session_expiration 17 return unless logged_in? 18 19 unless session.has_key?(session_last_activity_session_key) && session.has_key?(session_created_session_key) 20 if session_expiration_default 21 expire_session 22 end 23 24 return 25 end 26 27 time = Time.now.to_i 28 29 if session[session_last_activity_session_key] + session_inactivity_timeout < time 30 expire_session 31 end 32 set_session_value(session_last_activity_session_key, time) 33 34 if session[session_created_session_key] + max_session_lifetime < time 35 expire_session 36 end 37 end
check_single_session
()
[show source]
# File lib/rodauth/features/single_session.rb 51 def check_single_session 52 if logged_in? && !currently_active_session? 53 no_longer_active_session 54 end 55 end
clear_cached_otp
()
[show source]
# File lib/rodauth/features/otp.rb 343 def clear_cached_otp 344 remove_instance_variable(:@otp) if defined?(@otp) 345 end
clear_invalid_login_attempts
()
[show source]
# File lib/rodauth/features/lockout.rb 164 def clear_invalid_login_attempts 165 unlock_account 166 end
clear_session
()
[show source]
# File lib/rodauth/features/base.rb 280 def clear_session 281 if scope.respond_to?(:clear_session) 282 scope.clear_session 283 else 284 session.clear 285 end 286 end
close_account
()
[show source]
# File lib/rodauth/features/close_account.rb 62 def close_account 63 unless skip_status_checks? 64 update_account(account_status_column=>account_closed_status_value) 65 end 66 67 unless account_password_hash_column 68 password_hash_ds.delete 69 end 70 end
close_account_requires_password?
()
[show source]
# File lib/rodauth/features/close_account.rb 58 def close_account_requires_password? 59 modifications_require_password? 60 end
compute_hmac
(data)
Return urlsafe base64 HMAC for data, assumes hmac_secret is set.
[show source]
# File lib/rodauth/features/base.rb 229 def compute_hmac(data) 230 s = [compute_raw_hmac(data)].pack('m').chomp!("=\n") 231 s.tr!('+/', '-_') 232 s 233 end
compute_raw_hmac
(data)
[show source]
# File lib/rodauth/features/base.rb 599 def compute_raw_hmac(data) 600 OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, hmac_secret, data) 601 end
confirm_password
()
[show source]
# File lib/rodauth/features/confirm_password.rb 62 def confirm_password 63 authenticated_by.delete('autologin') 64 authenticated_by.delete('remember') 65 authenticated_by.delete('email_auth') 66 authenticated_by.delete('password') 67 authenticated_by.unshift("password") 68 remove_session_value(autologin_type_session_key) 69 nil 70 end
confirm_password_redirect
()
[show source]
# File lib/rodauth/features/confirm_password.rb 72 def confirm_password_redirect 73 remove_session_value(confirm_password_redirect_session_key) || default_redirect 74 end
convert_email_token_key
(key)
[show source]
# File lib/rodauth/features/email_base.rb 57 def convert_email_token_key(key) 58 convert_token_key(key) 59 end
convert_session_key
(key)
[show source]
# File lib/rodauth/features/base.rb 486 def convert_session_key(key) 487 scope.opts[:sessions_convert_symbols] ? key.to_s : key 488 end
convert_timestamp
(timestamp)
This is needed for jdbc/sqlite, which returns timestamp columns as strings
[show source]
# File lib/rodauth/features/base.rb 635 def convert_timestamp(timestamp) 636 timestamp = db.to_application_timestamp(timestamp) if timestamp.is_a?(String) 637 timestamp 638 end
convert_token_key
(key)
[show source]
# File lib/rodauth/features/base.rb 452 def convert_token_key(key) 453 if key && hmac_secret 454 compute_hmac(key) 455 else 456 key 457 end 458 end
create_account_autologin?
()
[show source]
# File lib/rodauth/features/verify_account.rb 222 def create_account_autologin? 223 false 224 end
create_account_notice_flash
()
[show source]
# File lib/rodauth/features/verify_account.rb 184 def create_account_notice_flash 185 verify_account_email_sent_notice_flash 186 end
create_account_set_password?
()
[show source]
# File lib/rodauth/features/verify_account.rb 226 def create_account_set_password? 227 return false if verify_account_set_password? 228 super 229 end
create_email
(subject, body)
[show source]
# File lib/rodauth/features/email_base.rb 32 def create_email(subject, body) 33 create_email_to(email_to, subject, body) 34 end
create_email_auth_email
()
[show source]
# File lib/rodauth/features/email_auth.rb 230 def create_email_auth_email 231 create_email(email_auth_email_subject, email_auth_email_body) 232 end
create_email_auth_key
()
[show source]
# File lib/rodauth/features/email_auth.rb 101 def create_email_auth_key 102 transaction do 103 if email_auth_key_value = get_email_auth_key(account_id) 104 set_email_auth_email_last_sent 105 @email_auth_key_value = email_auth_key_value 106 elsif e = raised_uniqueness_violation{email_auth_ds.insert(email_auth_key_insert_hash)} 107 # If inserting into the email auth table causes a violation, we can pull the 108 # existing email auth key from the table, or reraise. 109 raise e unless @email_auth_key_value = get_email_auth_key(account_id) 110 end 111 end 112 end
create_email_to
(to, subject, body)
[show source]
# File lib/rodauth/features/email_base.rb 36 def create_email_to(to, subject, body) 37 m = Mail.new 38 m.from = email_from 39 m.to = to 40 m.subject = "#{email_subject_prefix}#{subject}" 41 m.body = body 42 m 43 end
create_password_changed_email
()
[show source]
# File lib/rodauth/features/change_password_notify.rb 23 def create_password_changed_email 24 create_email(password_changed_email_subject, password_changed_email_body) 25 end
create_reset_password_email
()
[show source]
# File lib/rodauth/features/reset_password.rb 239 def create_reset_password_email 240 create_email(reset_password_email_subject, reset_password_email_body) 241 end
create_reset_password_key
()
[show source]
# File lib/rodauth/features/reset_password.rb 164 def create_reset_password_key 165 transaction do 166 if reset_password_key_value = get_password_reset_key(account_id) 167 set_reset_password_email_last_sent 168 @reset_password_key_value = reset_password_key_value 169 elsif e = raised_uniqueness_violation{password_reset_ds.insert(reset_password_key_insert_hash)} 170 # If inserting into the reset password table causes a violation, we can pull the 171 # existing reset password key from the table, or reraise. 172 raise e unless @reset_password_key_value = get_password_reset_key(account_id) 173 end 174 end 175 end
create_unlock_account_email
()
[show source]
# File lib/rodauth/features/lockout.rb 280 def create_unlock_account_email 281 create_email(unlock_account_email_subject, unlock_account_email_body) 282 end
create_verify_account_email
()
[show source]
# File lib/rodauth/features/verify_account.rb 305 def create_verify_account_email 306 create_email(verify_account_email_subject, verify_account_email_body) 307 end
create_verify_account_key
()
[show source]
# File lib/rodauth/features/verify_account.rb 288 def create_verify_account_key 289 ds = verify_account_ds 290 transaction do 291 if ds.empty? 292 if e = raised_uniqueness_violation{ds.insert(verify_account_key_insert_hash)} 293 # If inserting into the verify account table causes a violation, we can pull the 294 # key from the verify account table, or reraise. 295 raise e unless @verify_account_key_value = get_verify_account_key(account_id) 296 end 297 end 298 end 299 end
create_verify_login_change_email
(login)
[show source]
# File lib/rodauth/features/verify_login_change.rb 195 def create_verify_login_change_email(login) 196 create_email_to(login, verify_login_change_email_subject, verify_login_change_email_body) 197 end
create_verify_login_change_key
(login)
[show source]
# File lib/rodauth/features/verify_login_change.rb 173 def create_verify_login_change_key(login) 174 ds = verify_login_change_ds 175 transaction do 176 ds.where((Sequel::CURRENT_TIMESTAMP > verify_login_change_deadline_column) | ~Sequel.expr(verify_login_change_login_column=>login)).delete 177 if e = raised_uniqueness_violation{ds.insert(verify_login_change_key_insert_hash(login))} 178 old_login, key = get_verify_login_change_login_and_key(account_id) 179 # If inserting into the verify login change table causes a violation, we can pull the 180 # key from the verify login change table if the logins match, or reraise. 181 @verify_login_change_key_value = if old_login.downcase == login.downcase 182 key 183 end 184 raise e unless @verify_login_change_key_value 185 end 186 end 187 end
csrf_tag
(path=request.path)
[show source]
# File lib/rodauth/features/base.rb 336 def csrf_tag(path=request.path) 337 return unless scope.respond_to?(:csrf_tag) 338 339 if use_request_specific_csrf_tokens? 340 scope.csrf_tag(path) 341 else 342 # :nocov: 343 scope.csrf_tag 344 # :nocov: 345 end 346 end
currently_active_session?
()
[show source]
# File lib/rodauth/features/active_sessions.rb 32 def currently_active_session? 33 return false unless session_id = session[session_id_session_key] 34 35 remove_inactive_sessions 36 ds = active_sessions_ds. 37 where(active_sessions_session_id_column => compute_hmac(session_id)) 38 39 if session_inactivity_deadline 40 ds.update(active_sessions_last_use_column => Sequel::CURRENT_TIMESTAMP) == 1 41 else 42 ds.count == 1 43 end 44 end
db
()
[show source]
# File lib/rodauth/features/base.rb 253 def db 254 Sequel::DATABASES.first 255 end
delete_account
()
[show source]
# File lib/rodauth/features/close_account.rb 72 def delete_account 73 account_ds.delete 74 end
delete_account_on_close?
()
[show source]
# File lib/rodauth/features/close_account.rb 76 def delete_account_on_close? 77 skip_status_checks? 78 end
disable_remember_login
()
[show source]
# File lib/rodauth/features/remember.rb 151 def disable_remember_login 152 remove_remember_key 153 end
email_auth_ds
(id=account_id)
[show source]
# File lib/rodauth/features/email_auth.rb 248 def email_auth_ds(id=account_id) 249 db[email_auth_table].where(email_auth_id_column=>id) 250 end
email_auth_email_body
()
[show source]
# File lib/rodauth/features/email_auth.rb 234 def email_auth_email_body 235 render('email-auth-email') 236 end
email_auth_email_link
()
[show source]
# File lib/rodauth/features/email_auth.rb 138 def email_auth_email_link 139 token_link(email_auth_route, email_auth_key_param, email_auth_key_value) 140 end
email_auth_email_recently_sent?
()
[show source]
# File lib/rodauth/features/email_auth.rb 177 def email_auth_email_recently_sent? 178 (email_last_sent = get_email_auth_email_last_sent) && (Time.now - email_last_sent < email_auth_skip_resend_email_within) 179 end
email_auth_key_insert_hash
()
[show source]
# File lib/rodauth/features/email_auth.rb 242 def email_auth_key_insert_hash 243 hash = {email_auth_id_column=>account_id, email_auth_key_column=>email_auth_key_value} 244 set_deadline_value(hash, email_auth_deadline_column, email_auth_deadline_interval) 245 hash 246 end
email_auth_request_form
()
[show source]
# File lib/rodauth/features/email_auth.rb 148 def email_auth_request_form 149 render('email-auth-request-form') 150 end
email_from
()
[show source]
# File lib/rodauth/features/email_base.rb 45 def email_from 46 "webmaster@#{domain}" 47 end
email_to
()
[show source]
# File lib/rodauth/features/email_base.rb 49 def email_to 50 account[login_column] 51 end
expire_session
()
[show source]
# File lib/rodauth/features/session_expiration.rb 39 def expire_session 40 clear_session 41 set_redirect_error_status session_expiration_error_status 42 set_redirect_error_flash session_expiration_error_flash 43 redirect session_expiration_redirect 44 end
features
()
[show source]
# File lib/rodauth/features/base.rb 128 def features 129 self.class.features 130 end
field_attributes
(field)
[show source]
# File lib/rodauth/features/base.rb 203 def field_attributes(field) 204 _field_attributes(field) || default_field_attributes 205 end
field_error
(field)
[show source]
# File lib/rodauth/features/base.rb 160 def field_error(field) 161 return nil unless @field_errors 162 @field_errors[field] 163 end
field_error_attributes
(field)
[show source]
# File lib/rodauth/features/base.rb 207 def field_error_attributes(field) 208 if field_error(field) 209 _field_error_attributes(field) 210 end 211 end
forget_login
()
[show source]
# File lib/rodauth/features/remember.rb 136 def forget_login 137 ::Rack::Utils.delete_cookie_header!(response.headers, remember_cookie_key, remember_cookie_options) 138 end
formatted_field_error
(field)
[show source]
# File lib/rodauth/features/base.rb 213 def formatted_field_error(field) 214 if error = field_error(field) 215 _formatted_field_error(field, error) 216 end 217 end
function_name
(name)
[show source]
# File lib/rodauth/features/base.rb 556 def function_name(name) 557 if db.database_type == :mssql 558 # :nocov: 559 "dbo.#{name}" 560 # :nocov: 561 else 562 name 563 end 564 end
generate_email_auth_key_value
()
[show source]
# File lib/rodauth/features/email_auth.rb 226 def generate_email_auth_key_value 227 @email_auth_key_value = random_key 228 end
generate_refresh_token
()
[show source]
# File lib/rodauth/features/jwt_refresh.rb 126 def generate_refresh_token 127 hash = jwt_refresh_token_insert_hash 128 [account_id, jwt_refresh_token_ds.insert(hash), convert_token_key(hash[jwt_refresh_token_key_column])].join(token_separator) 129 end
generate_remember_key_value
()
[show source]
# File lib/rodauth/features/remember.rb 188 def generate_remember_key_value 189 @remember_key_value = random_key 190 end
generate_reset_password_key_value
()
[show source]
# File lib/rodauth/features/reset_password.rb 235 def generate_reset_password_key_value 236 @reset_password_key_value = random_key 237 end
generate_unlock_account_key
()
[show source]
# File lib/rodauth/features/lockout.rb 264 def generate_unlock_account_key 265 random_key 266 end
generate_verify_account_key_value
()
[show source]
# File lib/rodauth/features/verify_account.rb 284 def generate_verify_account_key_value 285 @verify_account_key_value = random_key 286 end
generate_verify_login_change_key_value
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 169 def generate_verify_login_change_key_value 170 @verify_login_change_key_value = random_key 171 end
get_active_refresh_token
(account_id, token_id)
[show source]
# File lib/rodauth/features/jwt_refresh.rb 98 def get_active_refresh_token(account_id, token_id) 99 jwt_refresh_token_account_ds(account_id). 100 where(Sequel::CURRENT_TIMESTAMP > jwt_refresh_token_deadline_column). 101 delete 102 103 jwt_refresh_token_account_token_ds(account_id, token_id). 104 get(jwt_refresh_token_key_column) 105 end
get_activity_timestamp
(account_id, column)
[show source]
# File lib/rodauth/features/account_expiration.rb 109 def get_activity_timestamp(account_id, column) 110 convert_timestamp(account_activity_ds(account_id).get(column)) 111 end
get_email_auth_email_last_sent
()
[show source]
# File lib/rodauth/features/email_auth.rb 118 def get_email_auth_email_last_sent 119 if column = email_auth_email_last_sent_column 120 if ts = email_auth_ds.get(column) 121 convert_timestamp(ts) 122 end 123 end 124 end
get_email_auth_key
(id)
[show source]
# File lib/rodauth/features/email_auth.rb 142 def get_email_auth_key(id) 143 ds = email_auth_ds(id) 144 ds.where(Sequel::CURRENT_TIMESTAMP > email_auth_deadline_column).delete 145 ds.get(email_auth_key_column) 146 end
get_password_changed_at
()
[show source]
# File lib/rodauth/features/password_expiration.rb 26 def get_password_changed_at 27 convert_timestamp(password_expiration_ds.get(password_expiration_changed_at_column)) 28 end
get_password_hash
()
Get the password hash for the user. When using database authentication functions, note that only the salt is returned.
[show source]
# File lib/rodauth/features/base.rb 574 def get_password_hash 575 if account_password_hash_column 576 (account || account_from_session)[account_password_hash_column] 577 elsif use_database_authentication_functions? 578 db.get(Sequel.function(function_name(:rodauth_get_salt), account ? account_id : session_value)) 579 else 580 # :nocov: 581 password_hash_ds.get(password_hash_column) 582 # :nocov: 583 end 584 end
get_password_reset_key
(id)
[show source]
# File lib/rodauth/features/reset_password.rb 193 def get_password_reset_key(id) 194 ds = password_reset_ds(id) 195 ds.where(Sequel::CURRENT_TIMESTAMP > reset_password_deadline_column).delete 196 ds.get(reset_password_key_column) 197 end
get_remember_key
()
[show source]
# File lib/rodauth/features/remember.rb 140 def get_remember_key 141 unless @remember_key_value = active_remember_key_ds.get(remember_key_column) 142 generate_remember_key_value 143 transaction do 144 remove_remember_key 145 add_remember_key 146 end 147 end 148 nil 149 end
get_reset_password_email_last_sent
()
[show source]
# File lib/rodauth/features/reset_password.rb 203 def get_reset_password_email_last_sent 204 if column = reset_password_email_last_sent_column 205 if ts = password_reset_ds.get(column) 206 convert_timestamp(ts) 207 end 208 end 209 end
get_unlock_account_email_last_sent
()
[show source]
# File lib/rodauth/features/lockout.rb 226 def get_unlock_account_email_last_sent 227 if column = account_lockouts_email_last_sent_column 228 if ts = account_lockouts_ds.get(column) 229 convert_timestamp(ts) 230 end 231 end 232 end
get_unlock_account_key
()
[show source]
# File lib/rodauth/features/lockout.rb 210 def get_unlock_account_key 211 account_lockouts_ds.get(account_lockouts_key_column) 212 end
get_verify_account_email_last_sent
()
[show source]
# File lib/rodauth/features/verify_account.rb 235 def get_verify_account_email_last_sent 236 if column = verify_account_email_last_sent_column 237 if ts = verify_account_ds.get(column) 238 convert_timestamp(ts) 239 end 240 end 241 end
get_verify_account_key
(id)
[show source]
# File lib/rodauth/features/verify_account.rb 214 def get_verify_account_key(id) 215 verify_account_ds(id).get(verify_account_key_column) 216 end
get_verify_login_change_login_and_key
(id)
[show source]
# File lib/rodauth/features/verify_login_change.rb 129 def get_verify_login_change_login_and_key(id) 130 verify_login_change_ds(id).get([verify_login_change_login_column, verify_login_change_key_column]) 131 end
handle_duplicate_active_session_id
(_e)
[show source]
# File lib/rodauth/features/active_sessions.rb 70 def handle_duplicate_active_session_id(_e) 71 # Do nothing by default as session is already tracked. This will result in 72 # the current session and the existing session with the same id 73 # being tracked together, so that a logout of one will logout 74 # the other, and updating the last use on one will update the other, 75 # but this should be acceptable. However, this can be overridden if different 76 # behavior is desired. 77 end
handle_webauthn_sign_count_verification_error
()
[show source]
# File lib/rodauth/features/webauthn.rb 344 def handle_webauthn_sign_count_verification_error 345 throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_sign_count_message) 346 end
has_password?
()
[show source]
# File lib/rodauth/features/base.rb 566 def has_password? 567 return @has_password if defined?(@has_password) 568 return false unless account || session_value 569 @has_password = !!get_password_hash 570 end
hook_action
(hook_type, action)
[show source]
# File lib/rodauth/features/audit_logging.rb 31 def hook_action(hook_type, action) 32 super 33 # In after_logout, session is already cleared, so use before_logout in that case 34 if (hook_type == :after || action == :logout) && (id = account ? account_id : session_value) 35 add_audit_log(id, action) 36 end 37 end
http_basic_auth
()
[show source]
# File lib/rodauth/features/http_basic_auth.rb 25 def http_basic_auth 26 return unless token = ((v = request.env['HTTP_AUTHORIZATION']) && v[/\A *Basic (.*)\Z/, 1]) 27 28 username, password = token.unpack("m*").first.split(/:/, 2) 29 return unless username && password 30 31 catch_error do 32 unless account_from_login(username) 33 throw_basic_auth_error(login_param, no_matching_login_message) 34 end 35 36 before_login_attempt 37 38 unless open_account? 39 throw_basic_auth_error(login_param, no_matching_login_message) 40 end 41 42 unless password_match?(password) 43 after_login_failure 44 throw_basic_auth_error(password_param, invalid_password_message) 45 end 46 47 transaction do 48 before_login 49 login_session('password') 50 after_login 51 end 52 53 return true 54 end 55 56 nil 57 end
inactive_session_cond
()
[show source]
# File lib/rodauth/features/active_sessions.rb 143 def inactive_session_cond 144 cond = session_inactivity_deadline_condition 145 cond2 = session_lifetime_deadline_condition 146 return false unless cond || cond2 147 Sequel.|(*[cond, cond2].compact) 148 end
include_success_messages?
()
[show source]
# File lib/rodauth/features/jwt.rb 234 def include_success_messages? 235 !json_response_success_key.nil? 236 end
input_field_string
(param, id, opts={})
[show source]
# File lib/rodauth/features/base.rb 171 def input_field_string(param, id, opts={}) 172 type = opts.fetch(:type, "text") 173 174 unless type == "password" 175 value = opts.fetch(:value){scope.h param(param)} 176 end 177 178 field_class = opts.fetch(:class, "form-control") 179 180 if autocomplete_for_field?(param) && opts[:autocomplete] 181 autocomplete = "autocomplete=\"#{opts[:autocomplete]}\"" 182 end 183 184 if inputmode_for_field?(param) && opts[:inputmode] 185 inputmode = "inputmode=\"#{opts[:inputmode]}\"" 186 end 187 188 if mark_input_fields_as_required? && opts[:required] != false 189 required = "required=\"required\"" 190 end 191 192 "<input #{opts[:attr]} #{autocomplete} #{inputmode} #{required} #{field_attributes(param)} #{field_error_attributes(param)} type=\"#{type}\" class=\"#{field_class}#{add_field_error_class(param)}\" name=\"#{param}\" id=\"#{id}\" value=\"#{value}\"/> #{formatted_field_error(param) unless opts[:skip_error_message]}" 193 end
inputmode_for_field?
(_param)
[show source]
# File lib/rodauth/features/base.rb 199 def inputmode_for_field?(_param) 200 mark_input_fields_with_inputmode? 201 end
invalid_login_attempted
()
[show source]
# File lib/rodauth/features/lockout.rb 168 def invalid_login_attempted 169 ds = account_login_failures_ds. 170 where(account_login_failures_id_column=>account_id) 171 172 number = if db.database_type == :postgres 173 ds.returning(account_login_failures_number_column). 174 with_sql(:update_sql, account_login_failures_number_column=>Sequel.expr(account_login_failures_number_column)+1). 175 single_value 176 else 177 # :nocov: 178 if ds.update(account_login_failures_number_column=>Sequel.expr(account_login_failures_number_column)+1) > 0 179 ds.get(account_login_failures_number_column) 180 end 181 # :nocov: 182 end 183 184 unless number 185 # Ignoring the violation is safe here. It may allow slightly more than max_invalid_logins invalid logins before 186 # lockout, but allowing a few extra is OK if the race is lost. 187 ignore_uniqueness_violation{account_login_failures_ds.insert(account_login_failures_id_column=>account_id)} 188 number = 1 189 end 190 191 if number >= max_invalid_logins 192 @unlock_account_key_value = generate_unlock_account_key 193 hash = {account_lockouts_id_column=>account_id, account_lockouts_key_column=>unlock_account_key_value} 194 set_deadline_value(hash, account_lockouts_deadline_column, account_lockouts_deadline_interval) 195 196 if e = raised_uniqueness_violation{account_lockouts_ds.insert(hash)} 197 # If inserting into the lockout table raises a violation, we should just be able to pull the already inserted 198 # key out of it. If that doesn't return a valid key, we should reraise the error. 199 raise e unless @unlock_account_key_value = account_lockouts_ds.get(account_lockouts_key_column) 200 201 after_account_lockout 202 show_lockout_page 203 else 204 after_account_lockout 205 e 206 end 207 end 208 end
invalid_previous_password_message
()
[show source]
# File lib/rodauth/features/change_password.rb 70 def invalid_previous_password_message 71 invalid_password_message 72 end
json_request?
()
[show source]
# File lib/rodauth/features/jwt.rb 104 def json_request? 105 return @json_request if defined?(@json_request) 106 @json_request = request.content_type =~ json_request_content_type_regexp 107 end
json_response
()
[show source]
# File lib/rodauth/features/jwt.rb 250 def json_response 251 @json_response ||= {} 252 end
jwt_cors_allow?
()
[show source]
# File lib/rodauth/features/jwt_cors.rb 15 def jwt_cors_allow? 16 if origin = request.env['HTTP_ORIGIN'] 17 case allowed = jwt_cors_allow_origin 18 when String 19 timing_safe_eql?(origin, allowed) 20 when Array 21 allowed.any?{|s| timing_safe_eql?(origin, s)} 22 when Regexp 23 allowed =~ origin 24 when true 25 true 26 else 27 false 28 end 29 end 30 end
jwt_payload
()
[show source]
# File lib/rodauth/features/jwt.rb 222 def jwt_payload 223 return @jwt_payload if defined?(@jwt_payload) 224 @jwt_payload = JWT.decode(jwt_token, jwt_secret, true, jwt_decode_opts.merge(:algorithm=>jwt_algorithm))[0] 225 rescue JWT::DecodeError 226 @jwt_payload = false 227 end
jwt_refresh_token_account_ds
(account_id)
[show source]
# File lib/rodauth/features/jwt_refresh.rb 107 def jwt_refresh_token_account_ds(account_id) 108 jwt_refresh_token_ds.where(jwt_refresh_token_account_id_column => account_id) 109 end
jwt_refresh_token_account_token_ds
(account_id, token_id)
[show source]
# File lib/rodauth/features/jwt_refresh.rb 111 def jwt_refresh_token_account_token_ds(account_id, token_id) 112 jwt_refresh_token_account_ds(account_id). 113 where(jwt_refresh_token_id_column=>token_id) 114 end
jwt_refresh_token_ds
()
[show source]
# File lib/rodauth/features/jwt_refresh.rb 116 def jwt_refresh_token_ds 117 db[jwt_refresh_token_table] 118 end
jwt_refresh_token_insert_hash
()
[show source]
# File lib/rodauth/features/jwt_refresh.rb 131 def jwt_refresh_token_insert_hash 132 hash = {jwt_refresh_token_account_id_column => account_id, jwt_refresh_token_key_column => random_key} 133 set_deadline_value(hash, jwt_refresh_token_deadline_column, jwt_refresh_token_deadline_interval) 134 hash 135 end
jwt_secret
()
[show source]
# File lib/rodauth/features/jwt.rb 109 def jwt_secret 110 raise ArgumentError, "jwt_secret not set" 111 end
jwt_session_hash
()
[show source]
# File lib/rodauth/features/jwt.rb 113 def jwt_session_hash 114 jwt_session_key ? {jwt_session_key=>session} : session 115 end
jwt_token
()
[show source]
# File lib/rodauth/features/jwt.rb 121 def jwt_token 122 return @jwt_token if defined?(@jwt_token) 123 124 if (v = request.env['HTTP_AUTHORIZATION']) && v !~ jwt_authorization_ignore 125 @jwt_token = v.sub(jwt_authorization_remove, '') 126 end 127 end
last_account_activity_at
()
[show source]
# File lib/rodauth/features/account_expiration.rb 27 def last_account_activity_at 28 get_activity_timestamp(session_value, account_activity_last_activity_column) 29 end
last_account_login_at
()
[show source]
# File lib/rodauth/features/account_expiration.rb 31 def last_account_login_at 32 get_activity_timestamp(session_value, account_activity_last_login_column) 33 end
load_memory
()
[show source]
# File lib/rodauth/features/remember.rb 82 def load_memory 83 return if session[session_key] 84 return unless cookie = request.cookies[remember_cookie_key] 85 id, key = cookie.split('_', 2) 86 return unless id && key 87 88 actual, deadline = active_remember_key_ds(id).get([remember_key_column, remember_deadline_column]) 89 unless actual 90 forget_login 91 return 92 end 93 94 if hmac_secret 95 unless valid = timing_safe_eql?(key, compute_hmac(actual)) 96 unless raw_remember_token_deadline && raw_remember_token_deadline > convert_timestamp(deadline) 97 forget_login 98 return 99 end 100 end 101 end 102 103 unless valid || timing_safe_eql?(key, actual) 104 forget_login 105 return 106 end 107 108 set_session_value(session_key, id) 109 account = account_from_session 110 remove_session_value(session_key) 111 112 unless account 113 remove_remember_key(id) 114 forget_login 115 return 116 end 117 118 before_load_memory 119 login_session('remember') 120 121 if extend_remember_deadline? 122 active_remember_key_ds(id).update(remember_deadline_column=>Sequel.date_add(Sequel::CURRENT_TIMESTAMP, remember_period)) 123 remember_login 124 end 125 after_load_memory 126 end
loaded_templates
()
[show source]
# File lib/rodauth/features/base.rb 640 def loaded_templates 641 [] 642 end
locked_out?
()
[show source]
# File lib/rodauth/features/lockout.rb 145 def locked_out? 146 if t = convert_timestamp(account_lockouts_ds.get(account_lockouts_deadline_column)) 147 if Time.now < t 148 true 149 else 150 unlock_account 151 false 152 end 153 else 154 false 155 end 156 end
logged_in_via_remember_key?
()
[show source]
# File lib/rodauth/features/remember.rb 170 def logged_in_via_remember_key? 171 authenticated_by.include?('remember') 172 end
login_confirm_label
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 36 def login_confirm_label 37 "Confirm #{login_label}" 38 end
login_does_not_meet_requirements_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 81 def login_does_not_meet_requirements_message 82 "invalid login#{", #{login_requirement_message}" if login_requirement_message}" 83 end
login_failed_reset_password_request_form
()
[show source]
# File lib/rodauth/features/reset_password.rb 243 def login_failed_reset_password_request_form 244 render("reset-password-request") 245 end
login_input_type
()
[show source]
# File lib/rodauth/features/base.rb 272 def login_input_type 273 login_uses_email? ? 'email' : 'text' 274 end
login_meets_email_requirements?
(login)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 105 def login_meets_email_requirements?(login) 106 return true unless require_email_address_logins? 107 if login =~ /\A[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+\z/ 108 return true 109 end 110 @login_requirement_message = 'not a valid email address' 111 return false 112 end
login_meets_length_requirements?
(login)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 93 def login_meets_length_requirements?(login) 94 if login_minimum_length > login.length 95 @login_requirement_message = login_too_short_message 96 false 97 elsif login_maximum_length < login.length 98 @login_requirement_message = login_too_long_message 99 false 100 else 101 true 102 end 103 end
login_meets_requirements?
(login)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 44 def login_meets_requirements?(login) 45 login_meets_length_requirements?(login) && \ 46 login_meets_email_requirements?(login) 47 end
login_required
()
[show source]
# File lib/rodauth/features/base.rb 288 def login_required 289 set_redirect_error_status(login_required_error_status) 290 set_redirect_error_flash require_login_error_flash 291 redirect require_login_redirect 292 end
login_session
(auth_type)
[show source]
# File lib/rodauth/features/base.rb 403 def login_session(auth_type) 404 update_session 405 set_session_value(authenticated_by_session_key, [auth_type]) 406 end
login_too_long_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 85 def login_too_long_message 86 "maximum #{login_maximum_length} characters" 87 end
login_too_short_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 89 def login_too_short_message 90 "minimum #{login_minimum_length} characters" 91 end
login_uses_email?
()
[show source]
# File lib/rodauth/features/base.rb 276 def login_uses_email? 277 login_column == :email 278 end
logout_additional_form_tags
()
[show source]
# File lib/rodauth/features/active_sessions.rb 93 def logout_additional_form_tags 94 super.to_s + render('global-logout-field') 95 end
modifications_require_password?
()
[show source]
# File lib/rodauth/features/base.rb 442 def modifications_require_password? 443 has_password? 444 end
new_account
(login)
[show source]
# File lib/rodauth/features/create_account.rb 93 def new_account(login) 94 @account = _new_account(login) 95 end
new_recovery_code
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 216 def new_recovery_code 217 random_key 218 end
new_webauthn_credential
()
[show source]
# File lib/rodauth/features/webauthn.rb 293 def new_webauthn_credential 294 WebAuthn::Credential.options_for_create( 295 :timeout => webauthn_setup_timeout, 296 :rp => {:name=>webauthn_rp_name, :id=>webauthn_rp_id}, 297 :user => {:id=>account_webauthn_user_id, :name=>webauthn_user_name}, 298 :authenticator_selection => webauthn_authenticator_selection, 299 :attestation => webauthn_attestation, 300 :extensions => webauthn_extensions, 301 :exclude => account_webauthn_ids, 302 ) 303 end
no_longer_active_session
()
[show source]
# File lib/rodauth/features/active_sessions.rb 52 def no_longer_active_session 53 clear_session 54 set_redirect_error_status inactive_session_error_status 55 set_redirect_error_flash active_sessions_error_flash 56 redirect active_sessions_redirect 57 end
only_json?
()
[show source]
# File lib/rodauth/features/base.rb 370 def only_json? 371 scope.class.opts[:rodauth_json] == :only 372 end
open_account?
()
[show source]
# File lib/rodauth/features/base.rb 249 def open_account? 250 skip_status_checks? || account[account_status_column] == account_open_status_value 251 end
otp_add_key
()
[show source]
# File lib/rodauth/features/otp.rb 261 def otp_add_key 262 _otp_add_key(otp_key) 263 super if defined?(super) 264 end
otp_exists?
()
[show source]
# File lib/rodauth/features/otp.rb 235 def otp_exists? 236 !otp_key.nil? 237 end
otp_hmac_secret
(key)
[show source]
# File lib/rodauth/features/otp.rb 352 def otp_hmac_secret(key) 353 base32_encode(compute_raw_hmac(ROTP::Base32.decode(key)), key.bytesize) 354 end
otp_issuer
()
[show source]
# File lib/rodauth/features/otp.rb 288 def otp_issuer 289 domain 290 end
otp_key_ds
()
[show source]
# File lib/rodauth/features/otp.rb 403 def otp_key_ds 404 db[otp_keys_table].where(otp_keys_id_column=>session_value) 405 end
otp_keys_use_hmac?
()
[show source]
# File lib/rodauth/features/otp.rb 308 def otp_keys_use_hmac? 309 !!hmac_secret 310 end
otp_locked_out?
()
[show source]
# File lib/rodauth/features/otp.rb 280 def otp_locked_out? 281 otp_key_ds.get(otp_keys_failures_column) >= otp_auth_failures_limit 282 end
otp_new_secret
()
[show source]
# File lib/rodauth/features/otp.rb 366 def otp_new_secret 367 ROTP::Base32.random_base32.downcase 368 end
otp_provisioning_name
()
[show source]
# File lib/rodauth/features/otp.rb 292 def otp_provisioning_name 293 account[login_column] 294 end
otp_provisioning_uri
()
[show source]
# File lib/rodauth/features/otp.rb 284 def otp_provisioning_uri 285 otp.provisioning_uri(otp_provisioning_name) 286 end
otp_qr_code
()
[show source]
# File lib/rodauth/features/otp.rb 296 def otp_qr_code 297 RQRCode::QRCode.new(otp_provisioning_uri).as_svg(:module_size=>8) 298 end
otp_record_authentication_failure
()
[show source]
# File lib/rodauth/features/otp.rb 272 def otp_record_authentication_failure 273 otp_key_ds.update(otp_keys_failures_column=>Sequel.identifier(otp_keys_failures_column) + 1) 274 end
otp_remove
()
[show source]
# File lib/rodauth/features/otp.rb 255 def otp_remove 256 otp_key_ds.delete 257 @otp_key = nil 258 super if defined?(super) 259 end
otp_remove_auth_failures
()
[show source]
# File lib/rodauth/features/otp.rb 276 def otp_remove_auth_failures 277 otp_key_ds.update(otp_keys_failures_column=>0) 278 end
otp_tmp_key
(secret)
[show source]
# File lib/rodauth/features/otp.rb 347 def otp_tmp_key(secret) 348 _otp_tmp_key(secret) 349 clear_cached_otp 350 end
otp_update_last_use
()
[show source]
# File lib/rodauth/features/otp.rb 266 def otp_update_last_use 267 otp_key_ds. 268 where(Sequel.date_add(otp_keys_last_use_column, :seconds=>(otp_interval||30)) < Sequel::CURRENT_TIMESTAMP). 269 update(otp_keys_last_use_column=>Sequel::CURRENT_TIMESTAMP) == 1 270 end
otp_user_key
()
[show source]
# File lib/rodauth/features/otp.rb 300 def otp_user_key 301 @otp_user_key ||= if otp_keys_use_hmac? 302 otp_hmac_secret(otp_key) 303 else 304 otp_key 305 end 306 end
otp_valid_code?
(ot_pass)
[show source]
# File lib/rodauth/features/otp.rb 239 def otp_valid_code?(ot_pass) 240 return false unless otp_exists? 241 ot_pass = ot_pass.gsub(/\s+/, '') 242 if drift = otp_drift 243 if otp.respond_to?(:verify_with_drift) 244 # :nocov: 245 otp.verify_with_drift(ot_pass, drift) 246 # :nocov: 247 else 248 otp.verify(ot_pass, :drift_behind=>drift, :drift_ahead=>drift) 249 end 250 else 251 otp.verify(ot_pass) 252 end 253 end
otp_valid_key?
(secret)
[show source]
# File lib/rodauth/features/otp.rb 356 def otp_valid_key?(secret) 357 return false unless secret =~ /\A([a-z2-7]{16}|[a-z2-7]{32})\z/ 358 if otp_keys_use_hmac? 359 timing_safe_eql?(otp_hmac_secret(param(otp_setup_raw_param)), secret) 360 else 361 true 362 end 363 end
param
(key)
Return a string for the parameter name. This will be an empty string if the parameter doesn't exist.
[show source]
# File lib/rodauth/features/base.rb 419 def param(key) 420 param_or_nil(key).to_s 421 end
param_or_nil
(key)
Return a string for the parameter name, or nil if there is no parameter with that name.
[show source]
# File lib/rodauth/features/base.rb 425 def param_or_nil(key) 426 value = raw_param(key) 427 value.to_s unless value.nil? 428 end
password_changed_email_body
()
[show source]
# File lib/rodauth/features/change_password_notify.rb 27 def password_changed_email_body 28 render('password-changed-email') 29 end
password_confirm_label
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 40 def password_confirm_label 41 "Confirm #{password_label}" 42 end
password_does_not_contain_null_byte?
(password)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 120 def password_does_not_contain_null_byte?(password) 121 return true unless password.include?("\0") 122 @password_requirement_message = 'contains null byte' 123 false 124 end
password_does_not_meet_requirements_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 73 def password_does_not_meet_requirements_message 74 "invalid password, does not meet requirements#{" (#{password_requirement_message})" if password_requirement_message}" 75 end
password_doesnt_match_previous_password?
(password)
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 47 def password_doesnt_match_previous_password?(password) 48 match = if use_database_authentication_functions? 49 salts = previous_password_ds. 50 select_map([previous_password_id_column, Sequel.function(function_name(:rodauth_get_previous_salt), previous_password_id_column).as(:salt)]) 51 return true if salts.empty? 52 53 salts.any? do |hash_id, salt| 54 db.get(Sequel.function(function_name(:rodauth_previous_password_hash_match), hash_id, BCrypt::Engine.hash_secret(password, salt))) 55 end 56 else 57 # :nocov: 58 previous_password_ds.select_map(previous_password_hash_column).any?{|hash| BCrypt::Password.new(hash) == password} 59 # :nocov: 60 end 61 62 return true unless match 63 @password_requirement_message = password_same_as_previous_password_message 64 false 65 end
password_expiration_ds
()
[show source]
# File lib/rodauth/features/password_expiration.rb 107 def password_expiration_ds 108 db[password_expiration_table].where(password_expiration_id_column=>account_id) 109 end
password_expired?
()
[show source]
# File lib/rodauth/features/password_expiration.rb 68 def password_expired? 69 if password_changed_at = session[password_changed_at_session_key] 70 return password_changed_at + require_password_change_after < Time.now.to_i 71 end 72 73 account_from_session 74 if password_changed_at = get_password_changed_at 75 set_session_value(password_changed_at_session_key, password_changed_at.to_i) 76 password_changed_at + require_password_change_after < Time.now 77 else 78 set_session_value(password_changed_at_session_key, password_expiration_default ? 0 : 2147483647) 79 password_expiration_default 80 end 81 end
password_has_enough_character_groups?
(password)
[show source]
# File lib/rodauth/features/password_complexity.rb 52 def password_has_enough_character_groups?(password) 53 return true if password.length > password_max_length_for_groups_check 54 return true if password_character_groups.select{|re| password =~ re}.length >= password_min_groups 55 @password_requirement_message = password_not_enough_character_groups_message 56 false 57 end
password_has_no_invalid_pattern?
(password)
[show source]
# File lib/rodauth/features/password_complexity.rb 59 def password_has_no_invalid_pattern?(password) 60 return true unless password_invalid_pattern 61 return true if password !~ password_invalid_pattern 62 @password_requirement_message = password_invalid_pattern_message 63 false 64 end
password_hash
(password)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 138 def password_hash(password) 139 BCrypt::Password.create(password, :cost=>password_hash_cost) 140 end
password_hash_cost
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 127 def password_hash_cost 128 BCrypt::Engine::MIN_COST 129 end
password_hash_ds
()
[show source]
# File lib/rodauth/features/base.rb 630 def password_hash_ds 631 db[password_hash_table].where(password_hash_id_column=>account ? account_id : session_value) 632 end
password_match?
(password)
[show source]
# File lib/rodauth/features/base.rb 384 def password_match?(password) 385 if hash = get_password_hash 386 if account_password_hash_column || !use_database_authentication_functions? 387 BCrypt::Password.new(hash) == password 388 else 389 db.get(Sequel.function(function_name(:rodauth_valid_password_hash), account_id, BCrypt::Engine.hash_secret(password, hash))) 390 end 391 end 392 end
password_meets_length_requirements?
(password)
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 114 def password_meets_length_requirements?(password) 115 return true if password_minimum_length <= password.length 116 @password_requirement_message = password_too_short_message 117 false 118 end
password_meets_requirements?
(password)
[show source]
# File lib/rodauth/features/disallow_common_passwords.rb 13 def password_meets_requirements?(password) 14 super && password_not_one_of_the_most_common?(password) 15 end
password_not_in_dictionary?
(password)
[show source]
# File lib/rodauth/features/password_complexity.rb 73 def password_not_in_dictionary?(password) 74 return true unless dict = password_dictionary 75 return true unless password =~ /\A(?:\d*)([A-Za-z!@$+|][A-Za-z!@$+|0134578]+[A-Za-z!@$+|])(?:\d*)\z/ 76 word = $1.downcase.tr('!@$+|0134578', 'iastloleastb') 77 return true if !dict.include?(word) 78 @password_requirement_message = password_in_dictionary_message 79 false 80 end
password_not_one_of_the_most_common?
(password)
[show source]
# File lib/rodauth/features/disallow_common_passwords.rb 33 def password_not_one_of_the_most_common?(password) 34 return true unless password_one_of_most_common?(password) 35 @password_requirement_message = password_is_one_of_the_most_common_message 36 false 37 end
password_not_too_many_repeating_characters?
(password)
[show source]
# File lib/rodauth/features/password_complexity.rb 66 def password_not_too_many_repeating_characters?(password) 67 return true if password_max_repeating_characters < 2 68 return true if password !~ /(.)(\1){#{password_max_repeating_characters-1}}/ 69 @password_requirement_message = password_too_many_repeating_characters_message 70 false 71 end
password_one_of_most_common?
(password)
[show source]
# File lib/rodauth/features/disallow_common_passwords.rb 27 def password_one_of_most_common?(password) 28 most_common_passwords.include?(password) 29 end
password_recently_entered?
()
[show source]
# File lib/rodauth/features/password_grace_period.rb 22 def password_recently_entered? 23 return false unless last_password_entry = session[last_password_entry_session_key] 24 last_password_entry + password_grace_period > Time.now.to_i 25 end
password_reset_ds
(id=account_id)
[show source]
# File lib/rodauth/features/reset_password.rb 261 def password_reset_ds(id=account_id) 262 db[reset_password_table].where(reset_password_id_column=>id) 263 end
password_too_short_message
()
[show source]
# File lib/rodauth/features/login_password_requirements_base.rb 77 def password_too_short_message 78 "minimum #{password_minimum_length} characters" 79 end
possible_authentication_methods
()
[show source]
# File lib/rodauth/features/base.rb 446 def possible_authentication_methods 447 has_password? ? ['password'] : [] 448 end
post_configure
()
[show source]
# File lib/rodauth/features/base.rb 374 def post_configure 375 require 'bcrypt' if require_bcrypt? 376 db.extension :date_arithmetic if use_date_arithmetic? 377 route_hash= {} 378 self.class.routes.each do |meth| 379 route_hash["/#{send("#{meth.to_s.sub(/\Ahandle_/, '')}_route")}"] = meth 380 end 381 self.class.route_hash = route_hash.freeze 382 end
previous_password_ds
()
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 79 def previous_password_ds 80 db[previous_password_hash_table].where(previous_password_account_id_column=>account_id) 81 end
raises_uniqueness_violation?
(&block)
In cases where retrying on uniqueness violations cannot work, this will detect whether a uniqueness violation is raised by the block and return the exception if so. This method should be used if you don't care about the exception itself.
[show source]
# File lib/rodauth/features/base.rb 659 def raises_uniqueness_violation?(&block) 660 transaction(:savepoint=>:only, &block) 661 false 662 rescue unique_constraint_violation_class => e 663 e 664 end
random_key
()
[show source]
# File lib/rodauth/features/base.rb 482 def random_key 483 SecureRandom.urlsafe_base64(32) 484 end
raw_param
(key)
[show source]
# File lib/rodauth/features/base.rb 430 def raw_param(key) 431 request.params[key] 432 end
recovery_code_match?
(code)
[show source]
# File lib/rodauth/features/recovery_codes.rb 155 def recovery_code_match?(code) 156 recovery_codes.each do |s| 157 if timing_safe_eql?(code, s) 158 recovery_codes_ds.where(recovery_codes_column=>code).delete 159 if recovery_codes_primary? 160 add_recovery_code 161 end 162 return true 163 end 164 end 165 false 166 end
recovery_codes_ds
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 234 def recovery_codes_ds 235 db[recovery_codes_table].where(recovery_codes_id_column=>session_value) 236 end
recovery_codes_primary?
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 220 def recovery_codes_primary? 221 (features & [:otp, :sms_codes, :webauthn]).empty? 222 end
recovery_codes_remove
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 151 def recovery_codes_remove 152 recovery_codes_ds.delete 153 end
redirect
(path)
[show source]
# File lib/rodauth/features/base.rb 464 def redirect(path) 465 request.redirect(path) 466 end
redirect_two_factor_authenticated
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 235 def redirect_two_factor_authenticated 236 saved_two_factor_auth_redirect = remove_session_value(two_factor_auth_redirect_session_key) 237 redirect saved_two_factor_auth_redirect || two_factor_auth_redirect 238 end
remember_key_ds
(id=account_id)
[show source]
# File lib/rodauth/features/remember.rb 196 def remember_key_ds(id=account_id) 197 db[remember_table].where(remember_id_column=>id) 198 end
remember_login
()
[show source]
# File lib/rodauth/features/remember.rb 128 def remember_login 129 get_remember_key 130 opts = Hash[remember_cookie_options] 131 opts[:value] = "#{account_id}_#{convert_token_key(remember_key_value)}" 132 opts[:expires] = convert_timestamp(active_remember_key_ds.get(remember_deadline_column)) 133 ::Rack::Utils.set_cookie_header!(response.headers, remember_cookie_key, opts) 134 end
remove_all_active_sessions
()
[show source]
# File lib/rodauth/features/active_sessions.rb 83 def remove_all_active_sessions 84 active_sessions_ds.delete 85 end
remove_all_webauthn_keys_and_user_ids
()
[show source]
# File lib/rodauth/features/webauthn.rb 385 def remove_all_webauthn_keys_and_user_ids 386 webauthn_user_ids_ds.delete 387 webauthn_keys_ds.delete 388 end
remove_current_session
()
[show source]
# File lib/rodauth/features/active_sessions.rb 79 def remove_current_session 80 active_sessions_ds.where(active_sessions_session_id_column=>compute_hmac(session[session_id_session_key])).delete 81 end
remove_email_auth_key
()
[show source]
# File lib/rodauth/features/email_auth.rb 126 def remove_email_auth_key 127 email_auth_ds.delete 128 end
remove_inactive_sessions
()
[show source]
# File lib/rodauth/features/active_sessions.rb 87 def remove_inactive_sessions 88 if cond = inactive_session_cond 89 active_sessions_ds.where(cond).delete 90 end 91 end
remove_jwt_refresh_token_key
(token)
[show source]
# File lib/rodauth/features/jwt_refresh.rb 120 def remove_jwt_refresh_token_key(token) 121 account_id, token = split_token(token) 122 token_id, _ = split_token(token) 123 jwt_refresh_token_account_token_ds(account_id, token_id).delete 124 end
remove_lockout_metadata
()
[show source]
# File lib/rodauth/features/lockout.rb 268 def remove_lockout_metadata 269 account_login_failures_ds.delete 270 account_lockouts_ds.delete 271 end
remove_remember_key
(id=account_id)
[show source]
# File lib/rodauth/features/remember.rb 166 def remove_remember_key(id=account_id) 167 remember_key_ds(id).delete 168 end
remove_reset_password_key
()
[show source]
# File lib/rodauth/features/reset_password.rb 177 def remove_reset_password_key 178 password_reset_ds.delete 179 end
remove_session_value
(key)
[show source]
# File lib/rodauth/features/base.rb 698 def remove_session_value(key) 699 session.delete(key) 700 end
remove_verify_account_key
()
[show source]
# File lib/rodauth/features/verify_account.rb 168 def remove_verify_account_key 169 verify_account_ds.delete 170 end
remove_verify_login_change_key
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 105 def remove_verify_login_change_key 106 verify_login_change_ds.delete 107 end
remove_webauthn_key
(webauthn_id)
[show source]
# File lib/rodauth/features/webauthn.rb 379 def remove_webauthn_key(webauthn_id) 380 ret = webauthn_keys_ds.where(webauthn_keys_webauthn_id_column=>webauthn_id).delete == 1 381 super if defined?(super) 382 ret 383 end
render
(page)
[show source]
# File lib/rodauth/features/base.rb 366 def render(page) 367 _view(:render, page) 368 end
render_multi_phase_login_forms
()
[show source]
# File lib/rodauth/features/login.rb 107 def render_multi_phase_login_forms 108 multi_phase_login_forms.sort.map{|_, form, _| form}.join("\n") 109 end
request
()
[show source]
# File lib/rodauth/features/base.rb 132 def request 133 scope.request 134 end
require_account
()
[show source]
# File lib/rodauth/features/base.rb 495 def require_account 496 require_authentication 497 require_account_session 498 end
require_account_session
()
[show source]
# File lib/rodauth/features/base.rb 500 def require_account_session 501 unless account_from_session 502 clear_session 503 login_required 504 end 505 end
require_authentication
()
[show source]
# File lib/rodauth/features/base.rb 324 def require_authentication 325 require_login 326 end
require_current_password
()
[show source]
# File lib/rodauth/features/password_expiration.rb 61 def require_current_password 62 if authenticated? && password_expired? && password_change_needed_redirect != request.path_info 63 set_redirect_error_flash password_expiration_error_flash 64 redirect password_change_needed_redirect 65 end 66 end
require_http_basic_auth
()
[show source]
# File lib/rodauth/features/http_basic_auth.rb 18 def require_http_basic_auth 19 unless http_basic_auth 20 set_http_basic_auth_error_response 21 request.halt 22 end 23 end
require_login
()
[show source]
# File lib/rodauth/features/base.rb 316 def require_login 317 login_required unless logged_in? 318 end
require_login_confirmation?
()
[show source]
# File lib/rodauth/features/verify_account.rb 160 def require_login_confirmation? 161 false 162 end
require_otp_setup
()
[show source]
# File lib/rodauth/features/otp.rb 227 def require_otp_setup 228 unless otp_exists? 229 set_redirect_error_status(two_factor_not_setup_error_status) 230 set_redirect_error_flash two_factor_not_setup_error_flash 231 redirect two_factor_need_setup_redirect 232 end 233 end
require_password_authentication
()
[show source]
# File lib/rodauth/features/confirm_password.rb 51 def require_password_authentication 52 require_login 53 54 if require_password_authentication? && has_password? 55 set_redirect_error_status(password_authentication_required_error_status) 56 set_redirect_error_flash password_authentication_required_error_flash 57 set_session_value(confirm_password_redirect_session_key, request.fullpath) 58 redirect password_authentication_required_redirect 59 end 60 end
require_password_authentication?
()
[show source]
# File lib/rodauth/features/confirm_password.rb 86 def require_password_authentication? 87 return true if defined?(super) && super 88 !authenticated_by.include?('password') 89 end
require_sms_available
()
[show source]
# File lib/rodauth/features/sms_codes.rb 318 def require_sms_available 319 require_sms_setup 320 321 if sms_locked_out? 322 set_redirect_error_status(lockout_error_status) 323 set_redirect_error_flash sms_lockout_error_flash 324 redirect sms_lockout_redirect 325 end 326 end
require_sms_not_setup
()
[show source]
# File lib/rodauth/features/sms_codes.rb 310 def require_sms_not_setup 311 if sms_setup? 312 set_redirect_error_status(sms_already_setup_error_status) 313 set_redirect_error_flash sms_already_setup_error_flash 314 redirect sms_already_setup_redirect 315 end 316 end
require_sms_setup
()
[show source]
# File lib/rodauth/features/sms_codes.rb 302 def require_sms_setup 303 unless sms_setup? 304 set_redirect_error_status(two_factor_not_setup_error_status) 305 set_redirect_error_flash sms_not_setup_error_flash 306 redirect sms_needs_setup_redirect 307 end 308 end
require_two_factor_authenticated
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 159 def require_two_factor_authenticated 160 unless two_factor_authenticated? 161 if two_factor_auth_return_to_requested_location? 162 set_session_value(two_factor_auth_redirect_session_key, request.fullpath) 163 end 164 set_redirect_error_status(two_factor_need_authentication_error_status) 165 set_redirect_error_flash two_factor_need_authentication_error_flash 166 redirect two_factor_auth_required_redirect 167 end 168 end
require_two_factor_not_authenticated
(auth_type = nil)
[show source]
# File lib/rodauth/features/two_factor_base.rb 151 def require_two_factor_not_authenticated(auth_type = nil) 152 if two_factor_authenticated? || (auth_type && two_factor_login_type_match?(auth_type)) 153 set_redirect_error_status(two_factor_already_authenticated_error_status) 154 set_redirect_error_flash two_factor_already_authenticated_error_flash 155 redirect two_factor_already_authenticated_redirect 156 end 157 end
require_two_factor_setup
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 140 def require_two_factor_setup 141 # Avoid database query if already authenticated via 2nd factor 142 return if two_factor_authenticated? 143 144 return if uses_two_factor_authentication? 145 146 set_redirect_error_status(two_factor_not_setup_error_status) 147 set_redirect_error_flash two_factor_not_setup_error_flash 148 redirect two_factor_need_setup_redirect 149 end
require_webauthn_setup
()
[show source]
# File lib/rodauth/features/webauthn.rb 394 def require_webauthn_setup 395 unless webauthn_setup? 396 set_redirect_error_status(webauthn_not_setup_error_status) 397 set_redirect_error_flash webauthn_not_setup_error_flash 398 redirect two_factor_need_setup_redirect 399 end 400 end
reset_password_email_body
()
[show source]
# File lib/rodauth/features/reset_password.rb 247 def reset_password_email_body 248 render('reset-password-email') 249 end
reset_password_email_link
()
[show source]
# File lib/rodauth/features/reset_password.rb 189 def reset_password_email_link 190 token_link(reset_password_route, reset_password_key_param, reset_password_key_value) 191 end
reset_password_email_recently_sent?
()
[show source]
# File lib/rodauth/features/reset_password.rb 217 def reset_password_email_recently_sent? 218 (email_last_sent = get_reset_password_email_last_sent) && (Time.now - email_last_sent < reset_password_skip_resend_email_within) 219 end
reset_password_key_insert_hash
()
[show source]
# File lib/rodauth/features/reset_password.rb 255 def reset_password_key_insert_hash 256 hash = {reset_password_id_column=>account_id, reset_password_key_column=>reset_password_key_value} 257 set_deadline_value(hash, reset_password_deadline_column, reset_password_deadline_interval) 258 hash 259 end
reset_single_session_key
()
[show source]
# File lib/rodauth/features/single_session.rb 22 def reset_single_session_key 23 if logged_in? 24 single_session_ds.update(single_session_key_column=>random_key) 25 end 26 end
response
()
[show source]
# File lib/rodauth/features/base.rb 136 def response 137 scope.response 138 end
retry_on_uniqueness_violation
(&block)
This is used to avoid race conditions when using the pattern of inserting when an update affects no rows. In such cases, if a row is inserted between the update and the insert, the insert will fail with a uniqueness error, but retrying will work. It is possible for it to fail again, but only if the row is deleted before the update and readded before the insert, which is very unlikely to happen. In such cases, raising an exception is acceptable.
[show source]
# File lib/rodauth/features/base.rb 650 def retry_on_uniqueness_violation(&block) 651 if raises_uniqueness_violation?(&block) 652 yield 653 end 654 end
return_json_response
()
[show source]
# File lib/rodauth/features/jwt.rb 264 def return_json_response 265 response.status ||= json_response_error_status if json_response[json_response_error_key] 266 set_jwt 267 response['Content-Type'] ||= json_response_content_type 268 response.write(_json_response_body(json_response)) 269 request.halt 270 end
route!
()
[show source]
# File lib/rodauth/features/base.rb 148 def route! 149 if meth = self.class.route_hash[request.remaining_path] 150 send(meth) 151 end 152 153 nil 154 end
route_path
(route, opts={})
[show source]
# File lib/rodauth/features/base.rb 468 def route_path(route, opts={}) 469 path = "#{prefix}/#{route}" 470 path += "?#{Rack::Utils.build_nested_query(opts)}" unless opts.empty? 471 path 472 end
route_url
(route, opts={})
[show source]
# File lib/rodauth/features/base.rb 474 def route_url(route, opts={}) 475 "#{base_url}#{route_path(route, opts)}" 476 end
save_account
()
[show source]
# File lib/rodauth/features/create_account.rb 97 def save_account 98 id = nil 99 raised = raises_uniqueness_violation?{id = db[accounts_table].insert(account)} 100 101 if raised 102 @login_requirement_message = already_an_account_with_this_login_message 103 end 104 105 if id 106 account[account_id_column] = id 107 end 108 109 id && !raised 110 end
send_email
(email)
[show source]
# File lib/rodauth/features/email_base.rb 28 def send_email(email) 29 email.deliver! 30 end
send_email_auth_email
()
[show source]
# File lib/rodauth/features/email_auth.rb 134 def send_email_auth_email 135 send_email(create_email_auth_email) 136 end
send_password_changed_email
()
[show source]
# File lib/rodauth/features/change_password_notify.rb 19 def send_password_changed_email 20 send_email(create_password_changed_email) 21 end
send_reset_password_email
()
[show source]
# File lib/rodauth/features/reset_password.rb 185 def send_reset_password_email 186 send_email(create_reset_password_email) 187 end
send_unlock_account_email
()
[show source]
# File lib/rodauth/features/lockout.rb 218 def send_unlock_account_email 219 send_email(create_unlock_account_email) 220 end
send_verify_account_email
()
[show source]
# File lib/rodauth/features/verify_account.rb 206 def send_verify_account_email 207 send_email(create_verify_account_email) 208 end
send_verify_login_change_email
(login)
[show source]
# File lib/rodauth/features/verify_login_change.rb 121 def send_verify_login_change_email(login) 122 send_email(create_verify_login_change_email(login)) 123 end
serialize_audit_log_metadata
(metadata)
[show source]
# File lib/rodauth/features/audit_logging.rb 55 def serialize_audit_log_metadata(metadata) 56 metadata.to_json unless metadata.nil? 57 end
session
()
[show source]
# File lib/rodauth/features/base.rb 140 def session 141 scope.session 142 end
session_expiration_redirect
()
[show source]
# File lib/rodauth/features/session_expiration.rb 46 def session_expiration_redirect 47 require_login_redirect 48 end
session_inactivity_deadline_condition
()
[show source]
# File lib/rodauth/features/active_sessions.rb 131 def session_inactivity_deadline_condition 132 if deadline = session_inactivity_deadline 133 Sequel[active_sessions_last_use_column] < Sequel.date_sub(Sequel::CURRENT_TIMESTAMP, seconds: deadline) 134 end 135 end
session_jwt
()
[show source]
# File lib/rodauth/features/jwt.rb 117 def session_jwt 118 JWT.encode(jwt_session_hash, jwt_secret, jwt_algorithm) 119 end
session_lifetime_deadline_condition
()
[show source]
# File lib/rodauth/features/active_sessions.rb 137 def session_lifetime_deadline_condition 138 if deadline = session_lifetime_deadline 139 Sequel[active_sessions_created_at_column] < Sequel.date_sub(Sequel::CURRENT_TIMESTAMP, seconds: deadline) 140 end 141 end
session_value
()
[show source]
# File lib/rodauth/features/base.rb 240 def session_value 241 session[session_key] 242 end
set_deadline_value
(hash, column, interval)
This is needed on MySQL, which doesn't support non constant defaults other than CURRENT_TIMESTAMP.
[show source]
# File lib/rodauth/features/base.rb 686 def set_deadline_value(hash, column, interval) 687 if set_deadline_values? 688 # :nocov: 689 hash[column] = Sequel.date_add(Sequel::CURRENT_TIMESTAMP, interval) 690 # :nocov: 691 end 692 end
set_deadline_values?
()
[show source]
# File lib/rodauth/features/base.rb 533 def set_deadline_values? 534 db.database_type == :mysql 535 end
set_email_auth_email_last_sent
()
[show source]
# File lib/rodauth/features/email_auth.rb 114 def set_email_auth_email_last_sent 115 email_auth_ds.update(email_auth_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if email_auth_email_last_sent_column 116 end
set_error_flash
(message)
[show source]
# File lib/rodauth/features/base.rb 300 def set_error_flash(message) 301 flash.now[flash_error_key] = message 302 end
set_expired
()
[show source]
# File lib/rodauth/features/account_expiration.rb 49 def set_expired 50 update_activity(account_id, account_activity_expired_column) 51 after_account_expiration 52 end
set_field_error
(field, error)
[show source]
# File lib/rodauth/features/base.rb 156 def set_field_error(field, error) 157 (@field_errors ||= {})[field] = error 158 end
set_http_basic_auth_error_response
()
[show source]
# File lib/rodauth/features/http_basic_auth.rb 61 def set_http_basic_auth_error_response 62 response.status = 401 63 response.headers["WWW-Authenticate"] = "Basic realm=\"#{http_basic_auth_realm}\"" 64 end
set_jwt
()
[show source]
# File lib/rodauth/features/jwt.rb 272 def set_jwt 273 set_jwt_token(session_jwt) 274 end
set_jwt_token
(token)
[show source]
# File lib/rodauth/features/jwt.rb 129 def set_jwt_token(token) 130 response.headers['Authorization'] = token 131 end
set_last_password_entry
()
[show source]
# File lib/rodauth/features/password_grace_period.rb 44 def set_last_password_entry 45 set_session_value(last_password_entry_session_key, Time.now.to_i) 46 end
set_new_account_password
(password)
[show source]
# File lib/rodauth/features/create_account.rb 89 def set_new_account_password(password) 90 account[account_password_hash_column] = password_hash(password) 91 end
set_notice_flash
(message)
[show source]
# File lib/rodauth/features/base.rb 308 def set_notice_flash(message) 309 flash[flash_notice_key] = message 310 end
set_notice_now_flash
(message)
[show source]
# File lib/rodauth/features/base.rb 312 def set_notice_now_flash(message) 313 flash.now[flash_notice_key] = message 314 end
set_password
(password)
[show source]
# File lib/rodauth/features/disallow_password_reuse.rb 19 def set_password(password) 20 hash = super 21 add_previous_password_hash(hash) 22 hash 23 end
set_redirect_error_flash
(message)
[show source]
# File lib/rodauth/features/base.rb 304 def set_redirect_error_flash(message) 305 flash[flash_error_key] = message 306 end
set_redirect_error_status
(status)
Don't set an error status when redirecting in an error case, as a redirect status is needed.
[show source]
# File lib/rodauth/features/base.rb 512 def set_redirect_error_status(status) 513 end
set_reset_password_email_last_sent
()
[show source]
# File lib/rodauth/features/reset_password.rb 199 def set_reset_password_email_last_sent 200 password_reset_ds.update(reset_password_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if reset_password_email_last_sent_column 201 end
set_response_error_status
(status)
[show source]
# File lib/rodauth/features/base.rb 515 def set_response_error_status(status) 516 response.status = status 517 end
set_session_value
(key, value)
[show source]
# File lib/rodauth/features/base.rb 694 def set_session_value(key, value) 695 session[key] = value 696 end
set_single_session_key
(data)
[show source]
# File lib/rodauth/features/single_session.rb 92 def set_single_session_key(data) 93 data = compute_hmac(data) if hmac_secret 94 set_session_value(single_session_session_key, data) 95 end
set_title
(title)
[show source]
# File lib/rodauth/features/base.rb 294 def set_title(title) 295 if title_instance_variable 296 scope.instance_variable_set(title_instance_variable, title) 297 end 298 end
set_unlock_account_email_last_sent
()
[show source]
# File lib/rodauth/features/lockout.rb 234 def set_unlock_account_email_last_sent 235 account_lockouts_ds.update(account_lockouts_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if account_lockouts_email_last_sent_column 236 end
set_verify_account_email_last_sent
()
[show source]
# File lib/rodauth/features/verify_account.rb 231 def set_verify_account_email_last_sent 232 verify_account_ds.update(verify_account_email_last_sent_column=>Sequel::CURRENT_TIMESTAMP) if verify_account_email_last_sent_column 233 end
setup_account_verification
()
[show source]
# File lib/rodauth/features/verify_account.rb 274 def setup_account_verification 275 generate_verify_account_key_value 276 create_verify_account_key 277 send_verify_account_email 278 end
show_lockout_page
()
[show source]
# File lib/rodauth/features/lockout.rb 273 def show_lockout_page 274 set_response_error_status lockout_error_status 275 set_error_flash login_lockout_error_flash 276 response.write unlock_account_request_view 277 request.halt 278 end
single_session_ds
()
[show source]
# File lib/rodauth/features/single_session.rb 97 def single_session_ds 98 db[single_session_table]. 99 where(single_session_id_column=>session_value) 100 end
skip_login_field_on_login?
()
[show source]
# File lib/rodauth/features/login.rb 89 def skip_login_field_on_login? 90 return false unless use_multi_phase_login? 91 valid_login_entered? 92 end
skip_password_field_on_login?
()
[show source]
# File lib/rodauth/features/login.rb 94 def skip_password_field_on_login? 95 return false unless use_multi_phase_login? 96 !valid_login_entered? 97 end
skip_status_checks?
()
[show source]
# File lib/rodauth/features/close_account.rb 80 def skip_status_checks? 81 false 82 end
sms_auth_message
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 379 def sms_auth_message(code) 380 "SMS authentication code for #{domain} is #{code}" 381 end
sms_available?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 421 def sms_available? 422 sms && !sms_needs_confirmation? && !sms_locked_out? 423 end
sms_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 400 def sms_code 401 sms[sms_code_column] 402 end
sms_code_issued_at
()
[show source]
# File lib/rodauth/features/sms_codes.rb 404 def sms_code_issued_at 405 convert_timestamp(sms[sms_issued_at_column]) 406 end
sms_code_match?
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 328 def sms_code_match?(code) 329 return false unless sms_current_auth? 330 timing_safe_eql?(code, sms_code) 331 end
sms_codes_primary?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 464 def sms_codes_primary? 465 (features & [:otp, :webauthn]).empty? 466 end
sms_confirm
()
[show source]
# File lib/rodauth/features/recovery_codes.rb 141 def sms_confirm 142 super if defined?(super) 143 auto_add_missing_recovery_codes 144 end
sms_confirm_failure
()
[show source]
# File lib/rodauth/features/sms_codes.rb 343 def sms_confirm_failure 344 sms_ds.delete 345 end
sms_confirm_message
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 383 def sms_confirm_message(code) 384 "SMS confirmation code for #{domain} is #{code}" 385 end
sms_confirmation_match?
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 333 def sms_confirmation_match?(code) 334 sms_needs_confirmation? && sms_code_match?(code) 335 end
sms_current_auth?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 429 def sms_current_auth? 430 sms_code && sms_code_issued_at + sms_code_allowed_seconds > Time.now 431 end
sms_disable
()
[show source]
# File lib/rodauth/features/sms_codes.rb 337 def sms_disable 338 sms_ds.delete 339 @sms = nil 340 super if defined?(super) 341 end
sms_ds
()
[show source]
# File lib/rodauth/features/sms_codes.rb 492 def sms_ds 493 db[sms_codes_table].where(sms_id_column=>session_value) 494 end
sms_failures
()
[show source]
# File lib/rodauth/features/sms_codes.rb 408 def sms_failures 409 sms[sms_failures_column] 410 end
sms_locked_out?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 425 def sms_locked_out? 426 sms_failures >= sms_failure_limit 427 end
sms_needs_confirmation?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 417 def sms_needs_confirmation? 418 sms && sms_failures.nil? 419 end
sms_new_auth_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 472 def sms_new_auth_code 473 SecureRandom.random_number(10**sms_auth_code_length).to_s.rjust(sms_auth_code_length, "0") 474 end
sms_new_confirm_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 476 def sms_new_confirm_code 477 SecureRandom.random_number(10**sms_confirm_code_length).to_s.rjust(sms_confirm_code_length, "0") 478 end
sms_normalize_phone
(phone)
[show source]
# File lib/rodauth/features/sms_codes.rb 468 def sms_normalize_phone(phone) 469 phone.to_s.gsub(/\D+/, '') 470 end
sms_phone
()
[show source]
# File lib/rodauth/features/sms_codes.rb 396 def sms_phone 397 sms[sms_phone_column] 398 end
sms_record_failure
()
[show source]
# File lib/rodauth/features/sms_codes.rb 391 def sms_record_failure 392 update_sms(sms_failures_column=>Sequel.expr(sms_failures_column)+1) 393 sms[sms_failures_column] = sms_ds.get(sms_failures_column) 394 end
sms_remove_failures
()
[show source]
# File lib/rodauth/features/sms_codes.rb 354 def sms_remove_failures 355 update_sms(sms_failures_column => 0, sms_code_column => nil) 356 end
sms_send
(phone, message)
[show source]
# File lib/rodauth/features/sms_codes.rb 480 def sms_send(phone, message) 481 raise NotImplementedError, "sms_send needs to be defined in the Rodauth configuration for SMS sending to work" 482 end
sms_send_auth_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 363 def sms_send_auth_code 364 code = sms_new_auth_code 365 sms_set_code(code) 366 sms_send(sms_phone, sms_auth_message(code)) 367 end
sms_send_confirm_code
()
[show source]
# File lib/rodauth/features/sms_codes.rb 369 def sms_send_confirm_code 370 code = sms_new_confirm_code 371 sms_set_code(code) 372 sms_send(sms_phone, sms_confirm_message(code)) 373 end
sms_set_code
(code)
[show source]
# File lib/rodauth/features/sms_codes.rb 387 def sms_set_code(code) 388 update_sms(sms_code_column=>code, sms_issued_at_column=>Sequel::CURRENT_TIMESTAMP) 389 end
sms_setup
(phone_number)
[show source]
# File lib/rodauth/features/sms_codes.rb 347 def sms_setup(phone_number) 348 # Cannot handle uniqueness violation here, as the phone number given may not match the 349 # one in the table. 350 sms_ds.insert(sms_id_column=>session_value, sms_phone_column=>phone_number) 351 remove_instance_variable(:@sms) if instance_variable_defined?(:@sms) 352 end
sms_setup?
()
[show source]
# File lib/rodauth/features/sms_codes.rb 412 def sms_setup? 413 return false unless sms 414 !sms_needs_confirmation? 415 end
sms_valid_phone?
(phone)
[show source]
# File lib/rodauth/features/sms_codes.rb 375 def sms_valid_phone?(phone) 376 phone.length >= sms_phone_min_length 377 end
split_token
(token)
[show source]
# File lib/rodauth/features/base.rb 460 def split_token(token) 461 token.split(token_separator, 2) 462 end
template_path
(page)
[show source]
# File lib/rodauth/features/base.rb 619 def template_path(page) 620 File.join(File.dirname(__FILE__), '../../../templates', "#{page}.str") 621 end
throw_basic_auth_error
(*args)
[show source]
# File lib/rodauth/features/http_basic_auth.rb 66 def throw_basic_auth_error(*args) 67 set_http_basic_auth_error_response 68 throw_error(*args) 69 end
throw_error
(field, error)
[show source]
# File lib/rodauth/features/base.rb 519 def throw_error(field, error) 520 set_field_error(field, error) 521 throw :rodauth_error 522 end
throw_error_status
(status, field, error)
[show source]
# File lib/rodauth/features/base.rb 524 def throw_error_status(status, field, error) 525 set_response_error_status(status) 526 throw_error(field, error) 527 end
timing_safe_eql?
(provided, actual)
[show source]
# File lib/rodauth/features/base.rb 490 def timing_safe_eql?(provided, actual) 491 provided = provided.to_s 492 Rack::Utils.secure_compare(provided.ljust(actual.length), actual) && provided.length == actual.length 493 end
token_link
(route, param, key)
[show source]
# File lib/rodauth/features/email_base.rb 53 def token_link(route, param, key) 54 route_url(route, param => "#{account_id}#{token_separator}#{convert_email_token_key(key)}") 55 end
transaction
(opts={}, &block)
[show source]
# File lib/rodauth/features/base.rb 478 def transaction(opts={}, &block) 479 db.transaction(opts, &block) 480 end
translate
(_key, default)
[show source]
# File lib/rodauth/features/base.rb 223 def translate(_key, default) 224 # do not attempt to translate by default 225 default 226 end
two_factor_authenticate
(type)
[show source]
# File lib/rodauth/features/two_factor_base.rb 227 def two_factor_authenticate(type) 228 two_factor_update_session(type) 229 two_factor_remove_auth_failures 230 after_two_factor_authentication 231 set_notice_flash two_factor_auth_notice_flash 232 redirect_two_factor_authenticated 233 end
two_factor_authenticated?
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 182 def two_factor_authenticated? 183 authenticated_by && authenticated_by.length >= 2 184 end
two_factor_authentication_setup?
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 186 def two_factor_authentication_setup? 187 possible_authentication_methods.length >= 2 188 end
two_factor_login_type_match?
(type)
[show source]
# File lib/rodauth/features/two_factor_base.rb 196 def two_factor_login_type_match?(type) 197 authenticated_by && authenticated_by.include?(type) 198 end
two_factor_modifications_require_password?
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 116 def two_factor_modifications_require_password? 117 modifications_require_password? 118 end
two_factor_password_match?
(password)
[show source]
# File lib/rodauth/features/two_factor_base.rb 174 def two_factor_password_match?(password) 175 if two_factor_modifications_require_password? 176 password_match?(password) 177 else 178 true 179 end 180 end
two_factor_remove
()
[show source]
# File lib/rodauth/features/otp.rb 217 def two_factor_remove 218 super 219 otp_remove 220 end
two_factor_remove_auth_failures
()
[show source]
# File lib/rodauth/features/otp.rb 222 def two_factor_remove_auth_failures 223 super 224 otp_remove_auth_failures 225 end
two_factor_remove_session
(type)
[show source]
# File lib/rodauth/features/two_factor_base.rb 240 def two_factor_remove_session(type) 241 authenticated_by.delete(type) 242 remove_session_value(two_factor_setup_session_key) 243 if authenticated_by.empty? 244 clear_session 245 end 246 end
two_factor_update_session
(auth_type)
[show source]
# File lib/rodauth/features/two_factor_base.rb 248 def two_factor_update_session(auth_type) 249 authenticated_by << auth_type 250 set_session_value(two_factor_setup_session_key, true) 251 end
unique_constraint_violation_class
()
Work around jdbc/sqlite issue where it only raises ConstraintViolation and not UniqueConstraintViolation.
[show source]
# File lib/rodauth/features/base.rb 668 def unique_constraint_violation_class 669 if db.adapter_scheme == :jdbc && db.database_type == :sqlite 670 # :nocov: 671 Sequel::ConstraintViolation 672 # :nocov: 673 else 674 Sequel::UniqueConstraintViolation 675 end 676 end
unlock_account
()
[show source]
# File lib/rodauth/features/lockout.rb 158 def unlock_account 159 transaction do 160 remove_lockout_metadata 161 end 162 end
unlock_account_email_body
()
[show source]
# File lib/rodauth/features/lockout.rb 284 def unlock_account_email_body 285 render('unlock-account-email') 286 end
unlock_account_email_link
()
[show source]
# File lib/rodauth/features/lockout.rb 222 def unlock_account_email_link 223 token_link(unlock_account_route, unlock_account_key_param, unlock_account_key_value) 224 end
unlock_account_email_recently_sent?
()
[show source]
# File lib/rodauth/features/lockout.rb 288 def unlock_account_email_recently_sent? 289 (email_last_sent = get_unlock_account_email_last_sent) && (Time.now - email_last_sent < unlock_account_skip_resend_email_within) 290 end
update_account
(values, ds=account_ds)
[show source]
# File lib/rodauth/features/base.rb 712 def update_account(values, ds=account_ds) 713 update_hash_ds(account, ds, values) 714 end
update_activity
(account_id, *columns)
[show source]
# File lib/rodauth/features/account_expiration.rb 113 def update_activity(account_id, *columns) 114 ds = account_activity_ds(account_id) 115 hash = {} 116 columns.each do |c| 117 hash[c] = Sequel::CURRENT_TIMESTAMP 118 end 119 if ds.update(hash) == 0 120 hash[account_activity_id_column] = account_id 121 hash[account_activity_last_activity_column] ||= Sequel::CURRENT_TIMESTAMP 122 hash[account_activity_last_login_column] ||= Sequel::CURRENT_TIMESTAMP 123 # It is safe to ignore uniqueness violations here, as a concurrent insert would also use current timestamps. 124 ignore_uniqueness_violation{ds.insert(hash)} 125 end 126 end
update_hash_ds
(hash, ds, values)
[show source]
# File lib/rodauth/features/base.rb 702 def update_hash_ds(hash, ds, values) 703 num = ds.update(values) 704 if num == 1 705 values.each do |k, v| 706 account[k] = v == Sequel::CURRENT_TIMESTAMP ? Time.now : v 707 end 708 end 709 num 710 end
update_last_activity
()
[show source]
# File lib/rodauth/features/account_expiration.rb 43 def update_last_activity 44 if session_value 45 update_activity(session_value, account_activity_last_activity_column) 46 end 47 end
update_last_login
()
[show source]
# File lib/rodauth/features/account_expiration.rb 39 def update_last_login 40 update_activity(account_id, account_activity_last_login_column, account_activity_last_activity_column) 41 end
update_login
(login)
[show source]
# File lib/rodauth/features/change_login.rb 76 def update_login(login) 77 _update_login(login) 78 end
update_password_changed_at
()
[show source]
# File lib/rodauth/features/password_expiration.rb 52 def update_password_changed_at 53 ds = password_expiration_ds 54 if ds.update(password_expiration_changed_at_column=>Sequel::CURRENT_TIMESTAMP) == 0 55 # Ignoring the violation is safe here, since a concurrent insert would also set it to the 56 # current timestamp. 57 ignore_uniqueness_violation{ds.insert(password_expiration_id_column=>account_id)} 58 end 59 end
update_password_hash?
()
[show source]
# File lib/rodauth/features/update_password_hash.rb 17 def update_password_hash? 18 password_hash_cost != @current_password_hash_cost 19 end
update_session
()
[show source]
# File lib/rodauth/features/account_expiration.rb 72 def update_session 73 check_account_expiration 74 super 75 end
update_single_session_key
()
[show source]
# File lib/rodauth/features/single_session.rb 64 def update_single_session_key 65 key = random_key 66 set_single_session_key(key) 67 if single_session_ds.update(single_session_key_column=>key) == 0 68 # Don't handle uniqueness violations here. While we could get the stored key from the 69 # database, it could lead to two sessions sharing the same key, which this feature is 70 # designed to prevent. 71 single_session_ds.insert(single_session_id_column=>session_value, single_session_key_column=>key) 72 end 73 end
update_sms
(values)
[show source]
# File lib/rodauth/features/sms_codes.rb 484 def update_sms(values) 485 update_hash_ds(sms, sms_ds, values) 486 end
use_database_authentication_functions?
()
[show source]
# File lib/rodauth/features/base.rb 537 def use_database_authentication_functions? 538 case db.database_type 539 when :postgres, :mysql, :mssql 540 true 541 else 542 # :nocov: 543 false 544 # :nocov: 545 end 546 end
use_date_arithmetic?
()
[show source]
# File lib/rodauth/features/active_sessions.rb 155 def use_date_arithmetic? 156 true 157 end
use_jwt?
()
[show source]
# File lib/rodauth/features/jwt.rb 133 def use_jwt? 134 jwt_token || only_json? || json_request? 135 end
use_multi_phase_login?
()
[show source]
# File lib/rodauth/features/email_auth.rb 159 def use_multi_phase_login? 160 true 161 end
use_request_specific_csrf_tokens?
()
[show source]
# File lib/rodauth/features/base.rb 548 def use_request_specific_csrf_tokens? 549 scope.opts[:rodauth_route_csrf] && scope.use_request_specific_csrf_tokens? 550 end
uses_two_factor_authentication?
()
[show source]
# File lib/rodauth/features/two_factor_base.rb 190 def uses_two_factor_authentication? 191 return false unless logged_in? 192 set_session_value(two_factor_setup_session_key, two_factor_authentication_setup?) unless session.has_key?(two_factor_setup_session_key) 193 session[two_factor_setup_session_key] 194 end
valid_jwt?
()
[show source]
# File lib/rodauth/features/jwt.rb 137 def valid_jwt? 138 !!(jwt_token && jwt_payload) 139 end
valid_login_entered?
()
[show source]
# File lib/rodauth/features/login.rb 99 def valid_login_entered? 100 @valid_login_entered 101 end
valid_new_webauthn_credential?
(webauthn_credential)
[show source]
# File lib/rodauth/features/webauthn.rb 305 def valid_new_webauthn_credential?(webauthn_credential) 306 # Hack around inability to override expected_origin 307 origin = webauthn_origin 308 webauthn_credential.response.define_singleton_method(:verify) do |expected_challenge, expected_origin = nil, **kw| 309 super(expected_challenge, expected_origin || origin, **kw) 310 end 311 312 (challenge = param_or_nil(webauthn_setup_challenge_param)) && 313 (hmac = param_or_nil(webauthn_setup_challenge_hmac_param)) && 314 timing_safe_eql?(compute_hmac(challenge), hmac) && 315 webauthn_credential.verify(challenge) 316 end
valid_webauthn_credential_auth?
(webauthn_credential)
[show source]
# File lib/rodauth/features/webauthn.rb 359 def valid_webauthn_credential_auth?(webauthn_credential) 360 ds = webauthn_keys_ds.where(webauthn_keys_webauthn_id_column => webauthn_credential.id) 361 pub_key, sign_count = ds.get([webauthn_keys_public_key_column, webauthn_keys_sign_count_column]) 362 363 # Hack around inability to override expected_origin 364 origin = webauthn_origin 365 webauthn_credential.response.define_singleton_method(:verify) do |expected_challenge, expected_origin = nil, **kw| 366 super(expected_challenge, expected_origin || origin, **kw) 367 end 368 369 (challenge = param_or_nil(webauthn_auth_challenge_param)) && 370 (hmac = param_or_nil(webauthn_auth_challenge_hmac_param)) && 371 timing_safe_eql?(compute_hmac(challenge), hmac) && 372 webauthn_credential.verify(challenge, public_key: pub_key, sign_count: sign_count) && 373 ds.update( 374 webauthn_keys_sign_count_column => Integer(webauthn_credential.sign_count), 375 webauthn_keys_last_use_column => Sequel::CURRENT_TIMESTAMP 376 ) == 1 377 end
verified_account?
()
[show source]
# File lib/rodauth/features/verify_account_grace_period.rb 17 def verified_account? 18 logged_in? && !session[unverified_account_session_key] 19 end
verify_account
()
[show source]
# File lib/rodauth/features/verify_account.rb 172 def verify_account 173 update_account(account_status_column=>account_open_status_value) == 1 174 end
verify_account_check_already_logged_in
()
[show source]
# File lib/rodauth/features/verify_account.rb 280 def verify_account_check_already_logged_in 281 check_already_logged_in 282 end
verify_account_ds
(id=account_id)
[show source]
# File lib/rodauth/features/verify_account.rb 313 def verify_account_ds(id=account_id) 314 db[verify_account_table].where(verify_account_id_column=>id) 315 end
verify_account_email_body
()
[show source]
# File lib/rodauth/features/verify_account.rb 309 def verify_account_email_body 310 render('verify-account-email') 311 end
verify_account_email_link
()
[show source]
# File lib/rodauth/features/verify_account.rb 210 def verify_account_email_link 211 token_link(verify_account_route, verify_account_key_param, verify_account_key_value) 212 end
verify_account_email_recently_sent?
()
[show source]
# File lib/rodauth/features/verify_account.rb 253 def verify_account_email_recently_sent? 254 (email_last_sent = get_verify_account_email_last_sent) && (Time.now - email_last_sent < verify_account_skip_resend_email_within) 255 end
verify_account_email_resend
()
[show source]
# File lib/rodauth/features/verify_account.rb 176 def verify_account_email_resend 177 if @verify_account_key_value = get_verify_account_key(account_id) 178 set_verify_account_email_last_sent 179 send_verify_account_email 180 true 181 end 182 end
verify_account_key_insert_hash
()
[show source]
# File lib/rodauth/features/verify_account.rb 301 def verify_account_key_insert_hash 302 {verify_account_id_column=>account_id, verify_account_key_column=>verify_account_key_value} 303 end
verify_account_set_password?
()
[show source]
# File lib/rodauth/features/verify_account_grace_period.rb 29 def verify_account_set_password? 30 false 31 end
verify_account_view
()
[show source]
# File lib/rodauth/features/webauthn_verify_account.rb 7 def verify_account_view 8 webauthn_setup_view 9 end
verify_login_change
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 109 def verify_login_change 110 unless res = _update_login(verify_login_change_new_login) 111 remove_verify_login_change_key 112 end 113 114 res 115 end
verify_login_change_ds
(id=account_id)
[show source]
# File lib/rodauth/features/verify_login_change.rb 203 def verify_login_change_ds(id=account_id) 204 db[verify_login_change_table].where(verify_login_change_id_column=>id) 205 end
verify_login_change_email_body
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 199 def verify_login_change_email_body 200 render('verify-login-change-email') 201 end
verify_login_change_email_link
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 125 def verify_login_change_email_link 126 token_link(verify_login_change_route, verify_login_change_key_param, verify_login_change_key_value) 127 end
verify_login_change_key_insert_hash
(login)
[show source]
# File lib/rodauth/features/verify_login_change.rb 189 def verify_login_change_key_insert_hash(login) 190 hash = {verify_login_change_id_column=>account_id, verify_login_change_key_column=>verify_login_change_key_value, verify_login_change_login_column=>login} 191 set_deadline_value(hash, verify_login_change_deadline_column, verify_login_change_deadline_interval) 192 hash 193 end
verify_login_change_old_login
()
[show source]
# File lib/rodauth/features/verify_login_change.rb 137 def verify_login_change_old_login 138 account_ds.get(login_column) 139 end
view
(page, title)
[show source]
# File lib/rodauth/features/base.rb 361 def view(page, title) 362 set_title(title) 363 _view(:view, page) 364 end
webauth_credential_options_for_get
()
[show source]
# File lib/rodauth/features/webauthn.rb 318 def webauth_credential_options_for_get 319 WebAuthn::Credential.options_for_get( 320 :allow => account_webauthn_ids, 321 :timeout => webauthn_auth_timeout, 322 :rp_id => webauthn_rp_id, 323 :user_verification => webauthn_user_verification, 324 :extensions => webauthn_extensions, 325 ) 326 end
webauthn_account_id
()
[show source]
# File lib/rodauth/features/webauthn.rb 437 def webauthn_account_id 438 session_value 439 end
webauthn_auth_additional_form_tags
()
[show source]
# File lib/rodauth/features/webauthn_login.rb 35 def webauthn_auth_additional_form_tags 36 if @webauthn_login 37 super.to_s + login_hidden_field 38 else 39 super 40 end 41 end
webauthn_auth_credential_from_form_submission
()
[show source]
# File lib/rodauth/features/webauthn.rb 449 def webauthn_auth_credential_from_form_submission 450 case auth_data = raw_param(webauthn_auth_param) 451 when String 452 begin 453 auth_data = JSON.parse(auth_data) 454 rescue 455 throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 456 end 457 when Hash 458 # nothing 459 else 460 throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 461 end 462 463 begin 464 webauthn_credential = WebAuthn::Credential.from_get(auth_data) 465 unless valid_webauthn_credential_auth?(webauthn_credential) 466 throw_error_status(invalid_key_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 467 end 468 rescue WebAuthn::SignCountVerificationError 469 handle_webauthn_sign_count_verification_error 470 rescue WebAuthn::Error, RuntimeError, NoMethodError 471 throw_error_status(invalid_field_error_status, webauthn_auth_param, webauthn_invalid_auth_param_message) 472 end 473 474 webauthn_credential 475 end
webauthn_auth_form_path
()
[show source]
# File lib/rodauth/features/webauthn.rb 238 def webauthn_auth_form_path 239 webauthn_auth_path 240 end
webauthn_authenticator_selection
()
[show source]
# File lib/rodauth/features/webauthn.rb 254 def webauthn_authenticator_selection 255 {'requireResidentKey' => false, 'userVerification' => webauthn_user_verification} 256 end
webauthn_extensions
()
[show source]
# File lib/rodauth/features/webauthn.rb 258 def webauthn_extensions 259 {} 260 end
webauthn_keys_ds
()
[show source]
# File lib/rodauth/features/webauthn.rb 445 def webauthn_keys_ds 446 db[webauthn_keys_table].where(webauthn_keys_account_id_column => webauthn_account_id) 447 end
webauthn_origin
()
[show source]
# File lib/rodauth/features/webauthn.rb 332 def webauthn_origin 333 base_url 334 end
webauthn_remove_authenticated_session
()
[show source]
# File lib/rodauth/features/webauthn.rb 246 def webauthn_remove_authenticated_session 247 remove_session_value(authenticated_webauthn_id_session_key) 248 end
webauthn_rp_id
()
[show source]
# File lib/rodauth/features/webauthn.rb 336 def webauthn_rp_id 337 webauthn_origin.sub(/\Ahttps?:\/\//, '') 338 end
webauthn_rp_name
()
[show source]
# File lib/rodauth/features/webauthn.rb 340 def webauthn_rp_name 341 webauthn_rp_id 342 end
webauthn_setup?
()
[show source]
# File lib/rodauth/features/webauthn.rb 390 def webauthn_setup? 391 !webauthn_keys_ds.empty? 392 end
webauthn_setup_credential_from_form_submission
()
[show source]
# File lib/rodauth/features/webauthn.rb 477 def webauthn_setup_credential_from_form_submission 478 case setup_data = raw_param(webauthn_setup_param) 479 when String 480 begin 481 setup_data = JSON.parse(setup_data) 482 rescue 483 throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 484 end 485 when Hash 486 # nothing 487 else 488 throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 489 end 490 491 unless two_factor_password_match?(param(password_param)) 492 throw_error_status(invalid_password_error_status, password_param, invalid_password_message) 493 end 494 495 begin 496 webauthn_credential = WebAuthn::Credential.from_create(setup_data) 497 unless valid_new_webauthn_credential?(webauthn_credential) 498 throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 499 end 500 rescue WebAuthn::Error, RuntimeError, NoMethodError 501 throw_error_status(invalid_field_error_status, webauthn_setup_param, webauthn_invalid_setup_param_message) 502 end 503 504 webauthn_credential 505 end
webauthn_update_session
(webauthn_id)
[show source]
# File lib/rodauth/features/webauthn.rb 250 def webauthn_update_session(webauthn_id) 251 set_session_value(authenticated_webauthn_id_session_key, webauthn_id) 252 end
webauthn_user_ids_ds
()
[show source]
# File lib/rodauth/features/webauthn.rb 441 def webauthn_user_ids_ds 442 db[webauthn_user_ids_table].where(webauthn_user_ids_account_id_column => webauthn_account_id) 443 end
webauthn_user_name
()
[show source]
# File lib/rodauth/features/webauthn.rb 328 def webauthn_user_name 329 (account || account_from_session)[login_column] 330 end