plutonium 0.14.0 → 0.15.0.pre.rc1

data/lib/generators/pu/rodauth/templates/app/rodauth/account_rodauth_plugin.rb.tt

@@ -0,0 +1,270 @@
+require "sequel/core"
+
+class <%= account_path.classify %>RodauthPlugin < RodauthPlugin
+  configure do
+    # This block is running inside of
+    #   plugin :rodauth do
+    #     ...
+    #   end
+
+    # ==> Features
+    # See the Rodauth documentation for the list of available config options:
+    # http://rodauth.jeremyevans.net/documentation.html
+
+    # List of authentication features that are loaded.
+    enable <%= selected_features.map(&:inspect).join ', ' %>
+
+    # ==> General
+
+    # Change prefix of table and foreign key column names from default "account"
+    # accounts_table: 'players'
+
+    # The secret key used for hashing public-facing tokens for various features.
+    # Defaults to Rails `secret_key_base`, but you can use your own secret key.
+    # hmac_secret "<SECRET_KEY>"
+
+    # Use path prefix for all routes.
+    <%= '# ' if primary? %>prefix "/<%= account_path.pluralize %>"
+<% unless separate_passwords? -%>
+
+    # Store password hash in a column instead of a separate table.
+    account_password_hash_column :password_hash
+<% end -%>
+
+    # Specify the controller used for view rendering, CSRF, and callbacks.
+    rails_controller { Rodauth::<%= account_path.classify %>Controller }
+
+    # Specify the model to be used.
+    rails_account_model { <%= account_path.classify %> }
+<% if verify_account? -%>
+
+    # Set password password during create account.
+    # verify_account_set_password? false
+<% end -%>
+
+    # Change some default param keys.
+    # login_param "email"
+    # password_confirm_param "confirm_password"
+<% if login? -%>
+
+    # Redirect back to originally requested location after authentication.
+    login_return_to_requested_location? true
+<% end -%>
+    # two_factor_auth_return_to_requested_location? true # if using MFA
+
+    # Autologin the user after they have reset their password.
+    # reset_password_autologin? true
+
+    # Delete the account record when the user has closed their account.
+    # delete_account_on_close? true
+
+    # Redirect to the app from login and registration pages if already logged in.
+    # already_logged_in { redirect login_redirect }
+<% if jwt? -%>
+
+    # ==> JWT
+
+    # Set JWT secret, which is used to cryptographically protect the token.
+    jwt_secret Rails.application.credentials.secret_key_base
+<% end -%>
+<% if only_json? -%>
+
+    # ==> Api only
+
+    # Accept only JSON requests.
+    only_json? true
+
+    # Handle login and password confirmation fields on the client side.
+    require_password_confirmation? false
+    require_login_confirmation? false
+<% else -%>
+
+    # Accept both api and form requests
+    # Requires the JSON feature
+    <%= '# ' unless json? %>only_json? false
+<% end -%>
+<% if mails? -%>
+
+    # ==> Emails
+    # Use a custom mailer for delivering authentication emails.
+<% if reset_password? -%>
+
+    create_reset_password_email do
+      Rodauth::<%= account_path.classify %>Mailer.reset_password(self.class.configuration_name, account_id, reset_password_key_value)
+    end
+<% end -%>
+<% if verify_account? -%>
+
+    create_verify_account_email do
+      Rodauth::<%= account_path.classify %>Mailer.verify_account(self.class.configuration_name, account_id, verify_account_key_value)
+    end
+<% end -%>
+<% if verify_login_change? -%>
+
+    create_verify_login_change_email do |_login|
+      Rodauth::<%= account_path.classify %>Mailer.verify_login_change(self.class.configuration_name, account_id, verify_login_change_key_value)
+    end
+<% end -%>
+<% if change_password_notify? -%>
+
+    create_password_changed_email do
+      Rodauth::<%= account_path.classify %>Mailer.change_password_notify(self.class.configuration_name, account_id)
+    end
+<% end -%>
+<% if reset_password_notify? -%>
+
+    create_reset_password_notify_email do
+      Rodauth::<%= account_path.classify %>Mailer.reset_password_notify(self.class.configuration_name, account_id)
+    end
+<% end -%>
+<% if email_auth? -%>
+
+    create_email_auth_email do
+      Rodauth::<%= account_path.classify %>Mailer.email_auth(self.class.configuration_name, account_id, email_auth_key_value)
+    end
+<% end -%>
+<% if lockout? -%>
+
+    create_unlock_account_email do
+      Rodauth::<%= account_path.classify %>Mailer.unlock_account(self.class.configuration_name, account_id, unlock_account_key_value)
+    end
+<% end -%>
+
+    send_email do |email|
+      # queue email delivery on the mailer after the transaction commits
+      db.after_commit { email.deliver_later }
+    end
+<% end -%>
+<% unless only_json? -%>
+
+    # ==> Flash
+    # Does not work with only_json?
+
+    # Match flash keys with ones already used in the Rails app.
+    # flash_notice_key :success # default is :notice
+    # flash_error_key :error # default is :alert
+
+    # Override default flash messages.
+    # create_account_notice_flash "Your account has been created. Please verify your account by visiting the confirmation link sent to your email address."
+    # require_login_error_flash "Login is required for accessing this page"
+    # login_notice_flash nil
+<% end -%>
+
+    # ==> Validation
+    # Override default validation error messages.
+    # no_matching_login_message "user with this email address doesn't exist"
+    # already_an_account_with_this_login_message "user with this email address already exists"
+    # password_too_short_message { "needs to have at least #{password_minimum_length} characters" }
+    # login_does_not_meet_requirements_message { "invalid email#{", #{login_requirement_message}" if login_requirement_message}" }
+
+    # ==> Passwords
+
+    # Passwords shorter than 8 characters are considered weak according to OWASP.
+    <%= '# ' unless login? %>password_minimum_length 8
+
+    # Custom password complexity requirements (alternative to password_complexity feature).
+    # password_meets_requirements? do |password|
+    #   super(password) && password_complex_enough?(password)
+    # end
+    # auth_class_eval do
+    #   def password_complex_enough?(password)
+    #     return true if password.match?(/\d/) && password.match?(/[^a-zA-Z\d]/)
+    #     set_password_requirement_error_message(:password_simple, "requires one number and one special character")
+    #     false
+    #   end
+    # end
+<% unless argon2? -%>
+
+    # = bcrypt
+
+    # bcrypt has a maximum input length of 72 bytes, truncating any extra bytes.
+    password_maximum_bytes 72 if respond_to?(:password_maximum_bytes)
+<% else -%>
+
+    # = argon2
+
+    # Use a rotatable password pepper when hashing passwords with Argon2.
+    argon2_secret "TODO: <SECRET_KEY>"
+
+    # Since we're using argon2, prevent loading the bcrypt gem to save memory.
+    require_bcrypt? false
+
+    # Having a maximum password length set prevents long password DoS attacks.
+    password_maximum_length 64 if respond_to?(:password_maximum_length)
+<% end -%>
+<% if remember? -%>
+
+    # ==> Remember Feature
+
+    # Remember all logged in users.
+    after_login { remember_login }
+
+    # Or only remember users that have ticked a "Remember Me" checkbox on login.
+    # after_login { remember_login if param_or_nil("remember") }
+
+    # Extend user's remember period when remembered via a cookie
+    extend_remember_deadline? true
+
+    # Store the user's remember cookie under a namespace
+    remember_cookie_key "_<%= table_prefix %>_remember"
+<% end -%>
+
+    # ==> Hooks
+
+    # Validate custom fields in the create account form.
+    # before_create_account do
+    #   throw_error_status(422, "name", "must be present") if param("name").empty?
+    # end
+
+    # Perform additional actions after the account is created.
+    # after_create_account do
+    #   Profile.create!(account_id: account_id, name: param("name"))
+    # end
+
+    # Do additional cleanup after the account is closed.
+    # after_close_account do
+    #   Profile.find_by!(account_id: account_id).destroy
+    # end
+<% unless only_json? -%>
+
+    # ==> Redirects
+<% if create_account? -%>
+
+    # Redirect to home after login.
+    create_account_redirect "/"
+<% end -%>
+<% if login? -%>
+
+    # Redirect to home after login.
+    login_redirect "/"
+<% end -%>
+<% if logout? -%>
+
+    # Redirect to home page after logout.
+    logout_redirect "/"
+<% end -%>
+<% if verify_account? -%>
+
+    # Redirect to wherever login redirects to after account verification.
+    verify_account_redirect { login_redirect }
+<% end -%>
+<% if reset_password? -%>
+
+    # Redirect to login page after password reset.
+    reset_password_redirect { login_path }
+<% end -%>
+
+    # Ensure requiring login follows login route changes.
+    require_login_redirect { login_path }
+<% end -%>
+
+    # ==> Deadlines
+    # Change default deadlines for some actions.
+    # verify_account_grace_period 3.days.to_i
+    # reset_password_deadline_interval Hash[hours: 6]
+    # verify_login_change_deadline_interval Hash[days: 2]
+<% unless only_json? -%>
+    # remember_deadline_interval Hash[days: 30]
+<% end -%>
+  end
+end

data/lib/plutonium/action/base.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+require "active_support/string_inquirer"
+
+module Plutonium
+  module Action
+    # Base class for all actions in the Plutonium framework.
+    #
+    # @attr_reader [Symbol] name The name of the action.
+    # @attr_reader [String] label The human-readable label for the action.
+    # @attr_reader [String, nil] icon The icon associated with the action.
+    # @attr_reader [RouteOptions] route_options The routing options for the action.
+    # @attr_reader [String, nil] confirmation The confirmation message for the action.
+    # @attr_reader [String, nil] turbo_frame The Turbo Frame ID for the action.
+    # @attr_reader [Symbol, nil] color The color associated with the action.
+    # @attr_reader [Symbol, nil] category The category of the action.
+    # @attr_reader [Integer] position The position of the action within its category.
+    class Base
+      attr_reader :name, :label, :icon, :route_options, :confirmation, :turbo_frame, :color, :category, :position
+
+      # Initialize a new action.
+      #
+      # @param [Symbol] name The name of the action.
+      # @param [Hash] options The options for the action.
+      # @option options [String] :label The human-readable label for the action.
+      # @option options [String] :icon The icon associated with the action (e.g., 'fa-edit' for Font Awesome).
+      # @option options [Symbol] :color The color associated with the action (e.g., :primary, :secondary, :success, :warning, :danger).
+      # @option options [String] :confirmation The confirmation message to display before executing the action.
+      # @option options [RouteOptions, Hash] :route_options The routing options for the action.
+      # @option options [String] :turbo_frame The Turbo Frame ID for the action (used in Hotwire/Turbo Drive applications).
+      # @option options [Boolean] :bulk_action (false) If true, applies to a bulk selection of records (e.g., "Mark Selected as Read").
+      # @option options [Boolean] :collection_record_action (false) If true, applies to records in a collection (e.g., "Edit Record" button in a table).
+      # @option options [Boolean] :record_action (false) If true, applies to an individual record (e.g., "Delete" button on a Show page).
+      # @option options [Boolean] :resource_action (false) If true, applies to the entire resource and can be used in any context (e.g., "Import from CSV").
+      # @option options [Symbol] :category The category of the action. Determines visibility and grouping.
+      #   Valid values include:
+      #   @option options [Symbol] :primary Always shown and given prominence in the UI.
+      #   @option options [Symbol] :secondary Shown in secondary menus or less prominent areas.
+      #   @option options [Symbol] :danger Actions that require caution, often destructive operations.
+      # @option options [Integer] :position (50) The position of the action in its group. Lower numbers appear first.
+      def initialize(name, **options)
+        @name = name.to_sym
+        @label = options[:label] || name.to_s.humanize
+        @icon = options[:icon]
+        @color = options[:color]
+        @confirmation = options[:confirmation]
+        @route_options = build_route_options(options[:route_options])
+        @turbo_frame = options[:turbo_frame]
+        @bulk_action = options[:bulk_action] || false
+        @collection_record_action = options[:collection_record_action] || false
+        @record_action = options[:record_action] || false
+        @resource_action = options[:resource_action] || false
+        @category = ActiveSupport::StringInquirer.new((options[:category] || :secondary).to_s)
+        @position = options[:position] || 50
+
+        freeze
+      end
+
+      # @return [Boolean] Whether this is a bulk action.
+      def bulk_action?
+        @bulk_action
+      end
+
+      # @return [Boolean] Whether this is a collection record action.
+      def collection_record_action?
+        @collection_record_action
+      end
+
+      # @return [Boolean] Whether this is a record action.
+      def record_action?
+        @record_action
+      end
+
+      # @return [Boolean] Whether this is a resource action.
+      def resource_action?
+        @resource_action
+      end
+
+      def permitted_by?(policy)
+        policy.allowed_to?(:"#{name}?")
+      end
+
+      private
+
+      # Build RouteOptions from the provided options
+      #
+      # @param [RouteOptions, Hash, nil] options The routing options
+      # @return [RouteOptions] The built RouteOptions object
+      def build_route_options(options)
+        case options
+        when RouteOptions
+          options
+        when Hash
+          RouteOptions.new(**options)
+        when nil
+          RouteOptions.new
+        else
+          raise ArgumentError, "Invalid route_options. Expected RouteOptions, Hash, or nil."
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/action/interactive.rb

@@ -0,0 +1,117 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module Action
+    # InteractiveAction class for handling interactive actions in the Plutonium framework
+    #
+    # @attr_reader [Class] interaction The interaction class associated with this action
+    # @attr_reader [Boolean] immediate Whether the action is executed immediately
+    class Interactive < Base
+      attr_reader :interaction, :immediate
+
+      # Initialize a new InteractiveAction
+      #
+      # @param [Symbol] name The name of the action
+      # @param [Class] interaction The interaction class for this action
+      # @param [Boolean] immediate Whether the action is executed immediately
+      # @param [Hash] options Additional options for the action
+      def initialize(name, interaction:, immediate:, **)
+        @interaction = interaction
+        @immediate = immediate
+
+        super(name, **)
+      end
+
+      # Get the confirmation message for the action
+      #
+      # @return [String, nil] The confirmation message or nil if not applicable
+      def confirmation
+        super || (@immediate ? "#{label}?" : nil)
+      end
+
+      # Factory for creating Interactive actions
+      class Factory
+        # Create a new Interactive action based on the interaction type
+        #
+        # @param [Symbol] name The name of the action
+        # @param [Class] interaction The interaction class
+        # @param [Hash] options Additional options for the action
+        # @return [Interactive] A new Interactive action instance
+        def self.create(name, interaction:, **options)
+          attribute_names = symbolized_attribute_names(interaction)
+          action_type = determine_action_type(attribute_names)
+          input_fields = determine_input_fields(attribute_names)
+          action_options = determine_action_options(action_type)
+          immediate = options.fetch(:immediate) { input_fields.blank? }
+          route_options = build_route_options(name, action_type, immediate)
+
+          Interactive.new(
+            name,
+            interaction: interaction,
+            immediate: immediate,
+            route_options: route_options,
+            **action_options,
+            **options
+          )
+        end
+
+        # Get symbolized attribute names for the interaction
+        #
+        # @param [Class] interaction The interaction class
+        # @return [Array<Symbol>] Symbolized attribute names
+        def self.symbolized_attribute_names(interaction)
+          interaction.attribute_names.map(&:to_sym)
+        end
+
+        # Determine the action type based on the interaction's attributes
+        #
+        # @param [Array<Symbol>] attribute_names Symbolized attribute names
+        # @return [Symbol] The determined action type
+        def self.determine_action_type(attribute_names)
+          if attribute_names.include?(:resource)
+            :interactive_resource_record_action
+          elsif attribute_names.include?(:resources)
+            :interactive_resource_collection_action
+          else
+            :interactive_resource_recordless_action
+          end
+        end
+
+        # Determine the input fields for the action
+        #
+        # @param [Array<Symbol>] attribute_names Symbolized attribute names
+        # @return [Array<Symbol>] The input fields
+        def self.determine_input_fields(attribute_names)
+          attribute_names - [:resource, :resources]
+        end
+
+        # Determine the action options based on the action type
+        #
+        # @param [Symbol] action_type The type of the action
+        # @return [Hash] The action options
+        def self.determine_action_options(action_type)
+          {
+            bulk_action: action_type == :interactive_resource_collection_action,
+            record_action: action_type == :interactive_resource_record_action,
+            collection_record_action: action_type == :interactive_resource_record_action,
+            resource_action: action_type == :interactive_resource_recordless_action
+          }
+        end
+
+        # Build the route options for the action
+        #
+        # @param [Symbol] name The name of the action
+        # @param [Symbol] action_type The type of the action
+        # @param [Boolean] immediate Whether the action is executed immediately
+        # @return [RouteOptions] The route options for the action
+        def self.build_route_options(name, action_type, immediate)
+          RouteOptions.new(
+            method: immediate ? :post : :get,
+            action: action_type,
+            interactive_action: name
+          )
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/action/route_options.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module Action
+    # RouteOptions class for handling routing options in the Plutonium framework.
+    #
+    # @attr_reader [Symbol] method The HTTP method for the route.
+    # @attr_reader [Array] url_args The positional arguments for URL generation.
+    # @attr_reader [Hash] url_options URL options for the route.
+    # @attr_reader [Symbol] url_resolver The method to use for resolving URLs.
+    class RouteOptions
+      attr_reader :method, :url_args, :url_options, :url_resolver
+
+      # Initialize a new RouteOptions instance.
+      #
+      # @param [Array] url_args The positional arguments for URL generation.
+      # @param [Symbol] method The HTTP method for the route (default: :get).
+      # @param [Symbol] url_resolver The method to use for resolving URLs (default: :resource_url_for).
+      # @param [Hash] url_options URL options for the route.
+      def initialize(*url_args, method: :get, url_resolver: :resource_url_for, **url_options)
+        @method = method
+        @url_resolver = url_resolver
+        @url_args = url_args
+        @url_options = url_options.freeze
+        freeze
+      end
+
+      # Convert the RouteOptions to arguments suitable for URL helpers.
+      #
+      # @return [Array] The arguments for URL generation.
+      def to_url_args
+        @url_args + [@url_options]
+      end
+
+      # Merge this RouteOptions with another RouteOptions instance.
+      #
+      # @param [RouteOptions] other The other RouteOptions instance to merge with.
+      # @return [RouteOptions] A new RouteOptions instance with merged values.
+      def merge(other)
+        self.class.new(
+          *(@url_args | other.url_args),
+          method: other.method || @method,
+          url_resolver: other.url_resolver || @url_resolver,
+          **@url_options.merge(other.url_options)
+        )
+      end
+
+      def ==(other)
+        self.class == other.class &&
+          method == other.method &&
+          url_resolver == other.url_resolver &&
+          url_args == other.url_args &&
+          url_options == other.url_options
+      end
+
+      def eql?(other)
+        self == other
+      end
+
+      def hash
+        [self.class, method, url_resolver, url_args, url_options].hash
+      end
+    end
+  end
+end

data/lib/plutonium/action/simple.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Plutonium
+  module Action
+    class Simple < Base
+    end
+  end
+end

data/lib/plutonium/auth.rb

@@ -1,6 +1,6 @@
 module Plutonium
   module Auth
-    def self.rodauth(name)
+    def self.Rodauth(name)
       Rodauth.for(name)
     end
   end