RubyGems - rodauth-omniauth - Versions diffs - 0.4.0 → 0.5.1 - Mend

rodauth-omniauth 0.4.0 → 0.5.1

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +38 -3
data/lib/rodauth/features/omniauth.rb +17 -10
data/locales/en.yml +1 -0
data/rodauth-omniauth.gemspec +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 21b889e9c675d3fd02f65444f581e44965cb84982dd136fb912a5c9e6fb67c8c
-  data.tar.gz: 12a5f50598b671065998b012b9c54997dffa225d5d208d0a25ea90a48bfe3e8b
+  metadata.gz: dad995353c13952f65bb35c561c82d755f2319318ac2409adc948b4b95fd6171
+  data.tar.gz: 30bdc64ac42ad66ff6003e5d95ffd5123ce9564661157ffb25f0f496e2772a3e
 SHA512:
-  metadata.gz: f54a94233c789532139f2e07173e5162209674cf8f90c441df0e603b49b5840b4edad89a0b2e7f9a48c25856ba2d64c9dfed31ff6e61ad219d1ee2725a0d8c03
-  data.tar.gz: c7d3c6db0088e544890cf7be482038d6c9f52c42a95082a5cc5d5bc1ba2dcf92ec7614d6c23b793f1814ac4ffb1272d280d67c527d023d1d437705a5383b608d
+  metadata.gz: '099007ffbf1e055d03625fbe9d90d3b032c27a83803a900e8f3b859dc2b8f350cc10fca07e92668dd49543c1e612a01bc4b0ba582066b633ef147883715a27fa'
+  data.tar.gz: 699b0e8890e5b117c69bf6b7a6aa89e140aebea976ec56455feaee688ef260e7dc71bb9cbc7bc05397ffef6a40f6c4d1260ef5f7885958e6213e4adc7541e270

data/README.md CHANGED Viewed

@@ -55,7 +55,8 @@ plugin :rodauth do
 end
 ```
-It is important to note that `rodauth-omniauth` requires OmniAuth 2.x, and as such, is only compatible with omniauth gems that use the same.
+> [!NOTE]
+> It is important to note that `rodauth-omniauth` requires OmniAuth 2.x, so it's only compatible with providers gems that support it.
 You can now add authentication links to your login form:
@@ -87,6 +88,15 @@ account.identities #=> [#<Account::Identity ...>, ...]
 Currently, provider login is required to return the user's email address, and account creation is assumed not to require additional fields that need to be entered manually. There is currently also no built-in functionality for connecting/removing external identities when signed in. Both features are planned for future versions.
+### Timestamps
+If you'll be adding created/updated timestamps to the identities table, also add these lines to your Rodauth configuration:
+```rb
+omniauth_identity_insert_hash { super().merge(created_at: Time.now) }
+omniauth_identity_update_hash { { updated_at: Time.now } }
+```
 ### Login
 After provider login, you can perform custom logic at the start of the callback request:
@@ -126,7 +136,7 @@ omniauth_login_failure_redirect { require_login_redirect }
 ### Account creation
-Accounts created via external login are automatically verified, because it's assumed your email address was verified by the external provider. If you want to use extra user information for account creation, you can do so via hooks:
+Accounts created via external login are automatically verified, because it's assumed your email address was verified by the external provider. If you want to add extra user information to created accounts, you can do so via hooks:
 ```rb
 before_omniauth_create_account { account[:name] = omniauth_name }
@@ -136,7 +146,22 @@ after_omniauth_create_account do
 end
 ```
-When the account is closed, its external identities are automatically deleted from the database.
+You might want to disable automatic account creation in certain cases. For example, if you're showing OmniAuth login links on both login and registration pages, you might want OmniAuth login on the login page to only log into existing accounts. You could configure this so that it's controlled via a query parameter:
+```rb
+# somewhere in your view template:
+rodauth.omniauth_request_path(:google, action: "login") #=> "/auth/github?action=login"
+```
+```rb
+# in your Rodauth configuration:
+omniauth_create_account? { omniauth_params["action"] != "login" }
+```
+You can change the default error message for when existing account wasn't found in case automatic account creation is disabled:
+```rb
+omniauth_login_no_matching_account_error_flash "No existing account found"
+```
 ### Identity data
@@ -183,6 +208,16 @@ omniauth_identities_provider_column :provider
 omniauth_identities_uid_column :uid
 ```
+### Audit logging
+If you're using the `audit_logging` feature, it can be useful to include the external provider name in the `login` audit logs:
+```rb
+audit_log_metadata_for :login do
+  { "provider" => omniauth_provider } if authenticated_by.include?("omniauth")
+end
+```
 ## Base
 The `omniauth` feature builds on top of the `omniauth_base` feature, which sets up OmniAuth and routes its requests, but has no interaction with the database. So, if you would prefer to handle external logins differently, you can load just the `omniauth_base` feature, and implement your own callback phase.

data/lib/rodauth/features/omniauth.rb CHANGED Viewed

@@ -11,6 +11,7 @@ module Rodauth
     after :omniauth_create_account
     error_flash "The account matching the external identity is currently awaiting verification", :omniauth_login_unverified_account
+    error_flash "There is no existing account matching the external identity", :omniauth_login_no_matching_account
     redirect(:omniauth_login_failure) { require_login_redirect }
@@ -22,6 +23,7 @@ module Rodauth
     auth_value_methods(
       :omniauth_verify_account?,
+      :omniauth_create_account?,
     )
     auth_methods(
@@ -76,11 +78,16 @@ module Rodauth
       end
       transaction do
-        unless account
-          omniauth_new_account
-          before_omniauth_create_account
-          omniauth_save_account
-          after_omniauth_create_account
+        if !account
+          if omniauth_create_account?
+            omniauth_new_account
+            before_omniauth_create_account
+            omniauth_save_account
+            after_omniauth_create_account
+          else
+            set_redirect_error_flash omniauth_login_no_matching_account_error_flash
+            redirect omniauth_login_failure_redirect
+          end
         end
         if omniauth_identity
@@ -119,7 +126,7 @@ module Rodauth
     def possible_authentication_methods
       methods = super
-      methods << "omniauth" unless methods.include?("password") || omniauth_account_identities_ds.empty?
+      methods << "omniauth" unless methods.include?("password") || (features.include?(:email_auth) && allow_email_auth?) || omniauth_account_identities_ds.empty?
       methods
     end
@@ -135,10 +142,6 @@ module Rodauth
       remove_omniauth_identities
     end
-    def allow_email_auth?
-      (defined?(super) ? super : true) && omniauth_account_identities_ds.empty?
-    end
     attr_reader :omniauth_identity
     def omniauth_verify_account?
@@ -152,6 +155,10 @@ module Rodauth
       end
     end
+    def omniauth_create_account?
+      true
+    end
     def _omniauth_new_account(login)
       acc = { login_column => login }
       unless skip_status_checks?

data/locales/en.yml CHANGED Viewed

@@ -2,3 +2,4 @@ en:
   rodauth:
     omniauth_failure_error_flash: There was an error logging in with the external provider
     omniauth_login_unverified_account_error_flash: The account matching the external identity is currently awaiting verification
+    omniauth_login_no_matching_account_error_flash: There is no existing account matching the external identity

data/rodauth-omniauth.gemspec CHANGED Viewed

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = "rodauth-omniauth"
-  spec.version       = "0.4.0"
+  spec.version       = "0.5.1"
   spec.authors       = ["Janko Marohnić"]
   spec.email         = ["janko@hey.com"]

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-omniauth
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.1
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-02 00:00:00.000000000 Z
+date: 2024-10-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rodauth