Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

respond configuration method #369

Merged
merged 1 commit into from
Oct 9, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions doc/change_login.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,4 @@ before_change_login :: Run arbitrary code before changing a login.
before_change_login_route :: Run arbitrary code before handling a change login route.
change_login(login) :: Change the users login to the given login, or return nil/false if the login cannot be changed to the given login.
change_login_view :: The HTML to use for the change login form.
change_login_response :: Change the logic which sets up the response to a successful login change.
1 change: 1 addition & 0 deletions doc/change_password.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,4 @@ after_change_password :: Run arbitrary code after successful password change.
before_change_password :: Run arbitrary code before changing the password for an account.
before_change_password_route :: Run arbitrary code before handling a change password route.
change_password_view :: The HTML to use for the change password form.
change_password_response :: Change the logic which sets up the response to a successful password change.
1 change: 1 addition & 0 deletions doc/close_account.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,4 @@ before_close_account_route :: Run arbitrary code before handling a close account
close_account :: Close the account, by default setting the account status to closed.
close_account_view :: The HTML to use for the close account form.
delete_account :: If +delete_account_on_close?+ is true, delete the account when closing it.
close_account_response :: Change the logic which sets up the response to successfully closing an account.
1 change: 1 addition & 0 deletions doc/confirm_password.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,4 @@ before_confirm_password :: Run arbitrary code before setting that the password h
before_confirm_password_route :: Run arbitrary code before handling the password confirmation route.
confirm_password :: Update the session to reflect the password has been confirmed.
confirm_password_view :: The HTML to use for the confirm password form.
confirm_password_response :: Change the logic which sets up the response to a successful password confirmation.
1 change: 1 addition & 0 deletions doc/create_account.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ before_create_account_route :: Run arbitrary code before handling a create accou
create_account_autologin? :: Whether to autologin the user upon successful account creation, true by default unless verifying accounts.
create_account_link_text :: The text to use for a link to the create account form.
create_account_view :: The HTML to use for the create account form.
create_account_response :: Change the logic which sets up the response to successfully creating an account.
new_account(login) :: Instantiate a new account hash for the given login, without saving it.
save_account :: Insert the account into the database, or return nil/false if that was not successful.
set_new_account_password :: Set the password for a new account if +account_password_hash_column+ is set, without saving.
5 changes: 3 additions & 2 deletions doc/lockout.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -46,14 +46,14 @@ unlock_account_skip_resend_email_within :: The number of seconds before sending

== Auth Methods

account_from_unlock_key(key) :: Retrieve the account using the given verify account key, or return nil if no account matches.
account_from_unlock_key(key) :: Retrieve the account using the given verify account key, or return nil if no account matches.
after_account_lockout :: Run arbitrary code after an account has been locked out.
after_unlock_account :: Run arbitrary code after a successful account unlock.
after_unlock_account_request :: Run arbitrary code after a successful account unlock request.
before_unlock_account :: Run arbitrary code before unlocking an account.
before_unlock_account_request :: Run arbitrary code before sending an account unlock email.
before_unlock_account_request_route :: Run arbitrary code before handling an account unlock request route.
before_unlock_account_route :: Run arbitrary code before handling an unlock account route.
before_unlock_account_route :: Run arbitrary code before handling an unlock account route.
clear_invalid_login_attempts :: Clear any stored login failures or lockouts for the current account.
create_unlock_account_email :: A Mail::Message for the account unlock email to send.
generate_unlock_account_key :: A random string to use for a new unlock account key.
Expand All @@ -69,3 +69,4 @@ unlock_account_email_link :: The link to the unlock account form to include in t
unlock_account_key :: The unlock account key for the current account.
unlock_account_request_view :: The HTML to use for the unlock account request form.
unlock_account_view :: The HTML to use for the unlock account form.
unlock_account_response :: Change the logic which sets up the response to successfulll locking an account.
1 change: 1 addition & 0 deletions doc/login.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,6 @@ use_multi_phase_login? :: Whether to ask for login first, and only ask for passw

before_login_route :: Run arbitrary code before handling a login route.
login_view :: The HTML to use for the login form.
login_response :: Change the logic which sets up the response to a successful login.
login_return_to_requested_location_path :: If +login_return_to_requested_location?+ is true, the path to use as the requested location. By default, uses the full path of the request for GET requests, and is nil for non-GET requests (in which case the default +login_redirect+ will be used).
multi_phase_login_view :: The HTML to use for the login form after login has been entered when using multi phase login.
1 change: 1 addition & 0 deletions doc/logout.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,4 @@ before_logout :: Run arbitrary code before logout.
before_logout_route :: Run arbitrary code before handling a logout route.
logout :: Log the user out, by default clearing the session.
logout_view :: The HTML to use for the logout form.
logout_response :: Change the logic which sets up the response to a successful logout.
2 changes: 2 additions & 0 deletions doc/otp.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ otp_add_key(secret) :: Add an OTP key for the current account with the given sec
otp_auth_view :: The HTML to use for the OTP authentication form.
otp_available? :: Whether OTP authentication is ready for use.
otp_disable_view :: The HTML to use for the OTP disable form.
otp_disable_response :: Change the logic which sets up the response to successfully disabling OTP.
otp_exists? :: Whether the current account has setup OTP.
otp_key :: The stored OTP secret for the account.
otp_last_use :: The last time OTP authentication was successful for the account.
Expand All @@ -84,6 +85,7 @@ otp_record_authentication_failure :: Record an OTP authentication failure.
otp_remove :: Removes all stored OTP data for the current account.
otp_remove_auth_failures :: Removes OTP authentication failures for the current account, used after successful multifactor authentication.
otp_setup_view :: The HTML to use for the form to setup OTP authentication.
otp_setup_response :: Change the logic which sets up the response to successfully setting up OTP.
otp_tmp_key(secret) :: Set the secret to use for the temporary OTP key, during OTP setup.
otp_update_last_use :: Update the last time OTP authentication was successful for the account. Return true if the authentication should be allowed, or false if it should not be allowed because the last authentication was too recent and indicates the possible reuse of a TOTP authentication code.
otp_valid_code_for_old_secret :: Called when valid OTP authentication is performed using hmac_old_secret. This indicates the OTP needs to be rotated before support for the previous hmac secret value is removed. You can use this to track users who need their OTP rotated, and take appropriate action.
Expand Down
1 change: 1 addition & 0 deletions doc/remember.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -75,4 +75,5 @@ remembered_session_id :: The session_id which is validly remembered, if any.
remember_key_value :: The current value of the remember key/token.
remember_login :: Set the cookie containing the remember token, so that future sessions will be autologged in.
remember_view :: The HTML to use for the change remember settings form.
remember_response :: Change the logic which sets up the response to successfully changing remember settings.
remove_remember_key(id_value=account_id) :: Delete the related remember key from the database.
2 changes: 2 additions & 0 deletions doc/reset_password.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,5 @@ reset_password_request_view :: The HTML to use for the reset password request fo
reset_password_view :: The HTML to use for the reset password form.
send_reset_password_email :: Send the reset password request email.
set_reset_password_email_last_sent :: Set the last time a reset password request email is sent.
reset_password_email_sent_response :: Change the logic which sets up the response to successfully sending a password reset email.
reset_password_response :: Change the logic which sets up the response to successfully resetting password.
2 changes: 2 additions & 0 deletions doc/sms_codes.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -110,10 +110,12 @@ sms_code_issued_at :: The timestamp the current SMS code was issued at.
sms_code_match?(code) :: Whether there is an active SMS authentication code for the current account and the given code matches it.
sms_confirm_message(code) :: The SMS message to use for the given confirmation code.
sms_confirm_view :: The HTML to use for the form to authenticate via SMS code.
sms_confirm_response :: Change the logic which sets up the response to successfully confirming the SMS code.
sms_confirmation_match?(code) :: Whether there is an active SMS confirmation code for the current account and the given code matches it.
sms_current_auth? :: Whether there is a active SMS authentication code for the current account.
sms_disable :: Action to take to disable SMS authentication for the account.
sms_disable_view :: The HTML to use for the form to disable SMS authentication.
sms_disable_response :: Change the logic which sets up the response to successfully disabling SMS authentication.
sms_failures :: The number of SMS authentication failures since the last successfully SMS authentication for this account.
sms_locked_out? :: Whether SMS authentication has been locked out for the current account.
sms_needs_confirmation? :: Whether SMS authentication has been setup but not confirmed for the current account.
Expand Down
1 change: 1 addition & 0 deletions doc/two_factor_base.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,4 @@ two_factor_remove_links :: An array of entries for remove links to show on the m
two_factor_remove_session :: What actions to take to remove multifactor authentication status from the session, called when disabling multifactor authentication when authenticated using the factor being removed.
two_factor_setup_links :: An array of entries for setup links to show on the multifactor manage page. Each entry is an array of three elements, sort order (integer), link href, and link text.
two_factor_update_session(type) :: How to update the session to reflect a successful multifactor authentication.
two_factor_disable_response :: Change the logic which sets up the response to successfully multifactor authentication.
1 change: 1 addition & 0 deletions doc/verify_account.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,4 @@ verify_account_email_link :: The link to the verify account form in the verify a
verify_account_key_insert_hash :: The hash to insert into the +verify_account_table+.
verify_account_key_value :: The value of the verify account key.
verify_account_view :: The HTML to use for the verify account form.
verify_account_response :: Change the logic which sets up the response to a successful account verification.
1 change: 1 addition & 0 deletions doc/verify_login_change.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,4 @@ verify_login_change_key_value :: The value of the verify login change key.
verify_login_change_new_login :: The new login to use when the login change is verified.
verify_login_change_old_login :: The old login to display in the verify login change email.
verify_login_change_view :: The HTML to use for the verify login change form.
verify_login_change_response :: Change the logic which sets up the response to a successful login change verificatin.
2 changes: 2 additions & 0 deletions doc/webauthn.rdoc
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,9 @@ webauthn_credential_options_for_get :: WebAuthn credential options to provide to
webauthn_key_insert_hash(webauthn_credential) :: The hash to insert into the +webauthn_keys_table+.
webauthn_remove_authenticated_session :: Remove the authenticated WebAuthn ID, used when removing the WebAuthn credential with the ID after authenticating with it.
webauthn_remove_view :: The HTML to use for the page for removing an existing WebAuthn authenticator.
webauthn_remove_response :: Change the logic which sets up the response to successfully removing an existing WebAuthn authenticator.
webauthn_setup_js_path :: The path to the WebAuthn registration javascript.
webauthn_setup_view :: The HTML to use for the page for registering a new WebAuthn authenticator.
webauthn_setup_response :: Change the logic which sets up the response to successfully registering a new WebAuthn authenticator.
webauthn_update_session(webauthn_id) :: Set the authenticated WebAuthn ID after authenticating via WebAuthn.
webauthn_user_name :: The user name to use when registering a new WebAuthn credential, the user's email by default.
11 changes: 11 additions & 0 deletions lib/rodauth.rb
Original file line number Diff line number Diff line change
Expand Up @@ -214,6 +214,17 @@ def view(page, title, name=feature_name)
auth_methods meth
end

def response(name=feature_name)
meth = :"#{name}_response"
notice_flash_meth = :"#{name}_notice_flash"
redirect_meth = :"#{name}_redirect"
define_method(meth) do
set_notice_flash send(notice_flash_meth)
redirect send(redirect_meth)
end
auth_methods meth
end

def loaded_templates(v)
define_method(:loaded_templates) do
super().concat(v)
Expand Down
4 changes: 2 additions & 2 deletions lib/rodauth/features/change_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ module Rodauth
additional_form_tags
button 'Change Login'
redirect
response

auth_value_methods :change_login_requires_password?

Expand Down Expand Up @@ -51,9 +52,8 @@ module Rodauth
end

after_change_login
set_notice_flash change_login_notice_flash
redirect change_login_redirect
end
change_login_response
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This moves the code from inside the transaction block to outside. Not a big deal in this case, but we should probably attempt to avoid unnecessary changes when refactoring.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I figured this was an overlook from the initial implementation, given you probably don't want to enforce the redirection from within the transaction (and none of the other implementations do?). Was I wrong in this assessment?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. I think the change makes sense. However, it's probably better as a separate commit.

end

set_error_flash change_login_error_flash
Expand Down
4 changes: 2 additions & 2 deletions lib/rodauth/features/change_password.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ module Rodauth
additional_form_tags
button 'Change Password'
redirect
response

translatable_method :new_password_label, 'New Password'
auth_value_method :new_password_param, 'new-password'
Expand Down Expand Up @@ -56,8 +57,7 @@ module Rodauth
set_password(password)
after_change_password
end
set_notice_flash change_password_notice_flash
redirect change_password_redirect
change_password_response
end

set_error_flash change_password_error_flash
Expand Down
4 changes: 2 additions & 2 deletions lib/rodauth/features/close_account.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ module Rodauth
after
before
redirect
response

auth_value_method :account_closed_status_value, 3

Expand Down Expand Up @@ -50,8 +51,7 @@ module Rodauth
end
clear_session

set_notice_flash close_account_notice_flash
redirect close_account_redirect
close_account_response
end

set_error_flash close_account_error_flash
Expand Down
4 changes: 2 additions & 2 deletions lib/rodauth/features/confirm_password.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ module Rodauth
button 'Confirm Password'
before
after
response
redirect(:password_authentication_required){confirm_password_path}

session_key :confirm_password_redirect_session_key, :confirm_password_redirect
Expand All @@ -37,8 +38,7 @@ module Rodauth
confirm_password
after_confirm_password
end
set_notice_flash confirm_password_notice_flash
redirect confirm_password_redirect
confirm_password_response
else
set_response_error_reason_status(:invalid_password, invalid_password_error_status)
set_field_error(password_param, invalid_password_message)
Expand Down
4 changes: 2 additions & 2 deletions lib/rodauth/features/create_account.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ module Rodauth
button 'Create Account'
additional_form_tags
redirect
response

auth_value_method :create_account_autologin?, true
translatable_method :create_account_link_text, "Create a New Account"
Expand Down Expand Up @@ -79,8 +80,7 @@ module Rodauth
if create_account_autologin?
autologin_session('create_account')
end
set_notice_flash create_account_notice_flash
redirect create_account_redirect
create_account_response
end
end

Expand Down
7 changes: 4 additions & 3 deletions lib/rodauth/features/lockout.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,12 @@ module Rodauth
notice_flash "Your account has been unlocked", 'unlock_account'
notice_flash "An email has been sent to you with a link to unlock your account", 'unlock_account_request'
redirect :unlock_account
response :unlock_account
redirect(:unlock_account_request){default_post_email_redirect}
redirect(:unlock_account_email_recently_sent){default_post_email_redirect}
email :unlock_account, 'Unlock Account'

HoneyryderChuck marked this conversation as resolved.
Show resolved Hide resolved


auth_value_method :unlock_account_autologin?, true
auth_value_method :max_invalid_logins, 100
auth_value_method :account_login_failures_table, :account_login_failures
Expand Down Expand Up @@ -134,8 +136,7 @@ module Rodauth
end

remove_session_value(unlock_account_session_key)
set_notice_flash unlock_account_notice_flash
redirect unlock_account_redirect
unlock_account_response
else
set_response_error_reason_status(:invalid_password, invalid_password_error_status)
set_field_error(password_param, invalid_password_message)
Expand Down
10 changes: 9 additions & 1 deletion lib/rodauth/features/login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ module Rodauth
auth_cached_method :login_form_footer

auth_value_methods :login_return_to_requested_location_path
auth_methods :login_response

auth_private_methods :login_form_footer_links

Expand Down Expand Up @@ -77,15 +78,22 @@ module Rodauth
end

attr_reader :login_form_header
attr_reader :saved_login_redirect
private :saved_login_redirect


def login(auth_type)
saved_login_redirect = remove_session_value(login_redirect_session_key)
@saved_login_redirect = remove_session_value(login_redirect_session_key)
transaction do
before_login
login_session(auth_type)
yield if block_given?
after_login
end
login_response
end

def login_response
set_notice_flash login_notice_flash
redirect(saved_login_redirect || login_redirect)
end
Expand Down
4 changes: 2 additions & 2 deletions lib/rodauth/features/logout.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ module Rodauth
after
button 'Logout'
redirect{require_login_redirect}
response

auth_methods :logout

Expand All @@ -26,8 +27,7 @@ module Rodauth
logout
after_logout
end
set_notice_flash logout_notice_flash
redirect logout_redirect
logout_response
end
end

Expand Down
10 changes: 5 additions & 5 deletions lib/rodauth/features/otp.rb
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ module Rodauth
redirect :otp_disable
redirect :otp_already_setup
redirect :otp_setup
response :otp_disable
response :otp_setup
redirect(:otp_lockout){two_factor_auth_required_redirect}

loaded_templates %w'otp-disable otp-auth otp-setup otp-auth-code-field password-field'
Expand Down Expand Up @@ -182,8 +184,7 @@ module Rodauth
end
after_otp_setup
end
set_notice_flash otp_setup_notice_flash
redirect otp_setup_redirect
otp_setup_response
end

set_error_flash otp_setup_error_flash
Expand All @@ -210,8 +211,7 @@ module Rodauth
end
after_otp_disable
end
set_notice_flash otp_disable_notice_flash
redirect otp_disable_redirect
otp_disable_response
end

set_response_error_reason_status(:invalid_password, invalid_password_error_status)
Expand Down Expand Up @@ -247,7 +247,7 @@ def otp_available?
def otp_exists?
!otp_key.nil?
end

def otp_valid_code?(ot_pass)
if _otp_valid_code?(ot_pass, otp)
true
Expand Down
8 changes: 4 additions & 4 deletions lib/rodauth/features/remember.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ module Rodauth
after
after 'load_memory'
redirect
response

auth_value_method :raw_remember_token_deadline, nil
auth_value_method :remember_cookie_options, {}.freeze
Expand Down Expand Up @@ -71,15 +72,14 @@ module Rodauth
when remember_remember_param_value
remember_login
when remember_forget_param_value
forget_login
forget_login
when remember_disable_param_value
disable_remember_login
disable_remember_login
end
after_remember
end

set_notice_flash remember_notice_flash
redirect remember_redirect
remember_response
else
set_response_error_reason_status(:invalid_remember_param, invalid_field_error_status)
set_error_flash remember_error_flash
Expand Down
Loading