rodauth-rails 0.1.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 208b7da31e6d8a4949d5059480e60a8302e7847ec253c8cfbd0c3e0f9e7b4d93
-  data.tar.gz: 364bb8b379717f2cb4879a07fec5505f5769bb17f78ddbc14b6a5f7e26189016
+  metadata.gz: b6bb43d7d1d355de281ce5fe57e1e00a13943f29efe93d39dc98099aa100c78c
+  data.tar.gz: 43034ad43125b0bb56132b57dd27cacdc4e9833c285f98256e67a989da84321c
 SHA512:
-  metadata.gz: 41f7d004e425622098c5a0dbc60f7d35b45e323f37e947dc34d20091c411d4a1908af2a1b9f10531a12c939b6532a60b688b7fc9369ef40b20a3579d7df77b84
-  data.tar.gz: 2a76e9f356208a235a86406adc51b952803f1beebc3ee42c4d7da1c8eab8855840bc3311b8e31ea052447b5b693bdbc5c5f59565f10aae614a4b4eaede1f82a0
+  metadata.gz: fb66ec48409f5f15f1e0953a8ae8a715cec48811e1ba81ea25015128f360487425c0fd09574da22ece00277e9e488204bc9393212631ec4d3c235f16f3064aaa
+  data.tar.gz: 15cbe441d8ff403f3db98d41710a32d8cb819c1961e5f25187e93411b3ec5dad7b1a0c508e6efa54df8fc08cd169587c07948a4c8da2b70edb7a2751f4bd6b09

data/CHANGELOG.md

@@ -0,0 +1,44 @@
+## 0.3.0 (2020-09-18)
+
+* Handle custom configured database migration paths in install generator (@janko)
+
+* Allow specifying features as plain arguments in `rodauth:views` generator (@janko)
+
+* Add some missing foreign key constraints in generated migration file (@janko)
+
+## 0.2.1 (2020-07-26)
+
+* Fix incorrect JDBC connect syntax in `sequel.rb` template on JRuby (@janko)
+
+## 0.2.0 (2020-07-26)
+
+* Drop support for Rodauth 1.x (@janko)
+
+* Change `rodauth_app.rb` template to send emails in the background after transaction commit (@janko)
+
+* Bump `sequel-activerecord_connection` dependency to `~> 0.3` (@janko)
+
+* Use the JDBC adapter in sequel.rb initializer when on JRuby (@janko)
+
+## 0.1.3 (2020-07-04)
+
+* Remove insecure MFA integration with remember feature suggestion in `lib/rodauth_app.rb` (@janko, @nicolas-besnard)
+
+* Use correct password autocomplete value on Rodauth 2.1+ (@janko)
+
+* Enable skipping CSRF protection on Rodauth 2.1+ by overriding `#check_csrf?` (@janko)
+
+* Don't generate Sequel initializer if Sequel connection exists (@janko)
+
+* Fix typo in remember view template (@nicolas-besnard)
+
+* Fix some more typos in `lib/rodauth_app.rb` (@janko)
+
+## 0.1.2 (2020-05-14)
+
+* Fix some typos in comment suggestions in `lib/rodauth_app.rb` (@janko)
+
+## 0.1.1 (2020-05-09)
+
+* Include view templates in the gem (@janko)
+* Use `Login` labels to be consistent with Rodauth (@janko)

data/README.md

@@ -13,7 +13,7 @@ Provides Rails integration for the [Rodauth] authentication framework.
 Add the gem to your Gemfile:
 
 ```rb
-gem "rodauth-rails", "~> 0.1"
+gem "rodauth-rails", "~> 0.2"
 ```
 
 Then run `bundle install`.
@@ -82,10 +82,8 @@ ActiveRecord connection.
 # config/initializers/sequel.rb
 require "sequel/core"
 
-# initialize the appropriate Sequel adapter without creating a connection
-DB = Sequel.postgres(test: false)
-# have Sequel use ActiveRecord's connection for database interaction
-DB.extension :activerecord_connection
+# initialize Sequel and have it reuse Active Record's database connection
+DB = Sequel.postgres(extensions: :activerecord_connection)
 ```
 
 ### Rodauth app
@@ -160,19 +158,26 @@ page:
 
 These links are fully functional, feel free to visit them and interact with the
 pages. The templates that ship with Rodauth aim to provide a complete
-authentication experience, and the forms use [Boostrap] markup.
+authentication experience, and the forms use [Bootstrap] markup.
 
-Let's also add the `#current_account` method for retrieving the account of the
-the authenticated session:
+Let's also load the account record for authenticated requests and expose it via
+`#current_account`:
 
 ```rb
 # app/controllers/application_controller.rb
 class ApplicationController < ActionController::Base
+  before_action :load_account, if: -> { rodauth.authenticated? }
+
   private
 
-  def current_account
-    @current_account ||= Account.find(rodauth.session_value)
+  def load_account
+    @current_account = Account.find(rodauth.session_value)
+  rescue ActiveRecord::RecordNotFound
+    rodauth.logout
+    rodauth.login_required
   end
+
+  attr_reader   :current_account
   helper_method :current_account
 end
 ```
@@ -258,7 +263,7 @@ You can pass a list of Rodauth features to the generator to create views for
 these features (this will not remove any existing views):
 
 ```sh
-$ rails generate rodauth:views --features login create_account lockout otp
+$ rails generate rodauth:views login create_account lockout otp
 ```
 
 Or you can generate views for all features:
@@ -358,23 +363,31 @@ class RodauthApp < Rodauth::Rails::App
   configure do
     # ...
     send_reset_password_email do
-      RodauthMailer.reset_password(email_to, password_reset_email_link).deliver_now
+      mailer_send(:reset_password, email_to, reset_password_email_link)
     end
     send_verify_account_email do
-      RodauthMailer.verify_account(email_to, verify_account_email_link).deliver_now
+      mailer_send(:verify_account, email_to, verify_account_email_link)
     end
     send_verify_login_change_email do |login|
-      RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link).deliver_now
+      mailer_send(:verify_login_change, login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
     end
     send_password_changed_email do
-      RodauthMailer.password_changed(email_to).deliver_now
+      mailer_send(:password_changed, email_to)
     end
     # send_email_auth_email do
-    #   RodauthMailer.email_auth(email_to, email_auth_email_link).deliver_now
+    #   mailer_send(:email_auth, email_to, email_auth_email_link)
     # end
     # send_unlock_account_email do
-    #   RodauthMailer.unlock_account(email_to, unlock_account_email_link).deliver_now
+    #   mailer_send(:unlock_account, email_to, unlock_account_email_link)
     # end
+    auth_class_eval do
+      # queue email delivery on the mailer after the transaction commits
+      def mailer_send(type, *args)
+        db.after_commit do
+          RodauthMailer.public_send(type, *args).deliver_later
+        end
+      end
+    end
     # ...
   end
 end
@@ -399,7 +412,7 @@ The Rodauth app stores the `Rodauth::Auth` instance in the Rack env hash, which
 is then available in your Rails app:
 
 ```rb
-request.env["rodauth"] #=> #<Rodauth::Auth>
+request.env["rodauth"]           #=> #<Rodauth::Auth>
 request.env["rodauth.secondary"] #=> #<Rodauth::Auth> (if using multiple configurations)
 ```
 
@@ -409,13 +422,13 @@ and controllers:
 ```rb
 class MyController < ApplicationController
   def my_action
-    rodauth #=> #<Rodauth::Auth>
+    rodauth             #=> #<Rodauth::Auth>
     rodauth(:secondary) #=> #<Rodauth::Auth> (if using multiple configurations)
   end
 end
 ```
 ```erb
-<% rodauth #=> #<Rodauth::Auth> %>
+<% rodauth             #=> #<Rodauth::Auth> %>
 <% rodauth(:secondary) #=> #<Rodauth::Auth> (if using multiple configurations) %>
 ```
 
@@ -431,11 +444,11 @@ integration for Rodauth:
 * uses ActionMailer for sending emails
 
 The `configure { ... }` method wraps configuring the Rodauth plugin, forwarding
-any additional [options].
+any additional [plugin options].
 
 ```rb
 configure { ... }             # defining default Rodauth configuration
-configure(json: true)         # passing options to the Rodauth plugin
+configure(json: true) { ... } # passing options to the Rodauth plugin
 configure(:secondary) { ... } # defining multiple Rodauth configurations
 ```
 
@@ -485,6 +498,20 @@ Rodauth::Rails.configure do |config|
 end
 ```
 
+## Working with JWT
+
+To use Rodauth's [JWT feature], you'll need to load Roda's JSON support:
+
+```rb
+# lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure(json: true) do
+    enable :jwt
+    # your configuration
+  end
+end
+```
+
 ## Testing
 
 If you're writing system tests, it's generally better to go through the actual
@@ -535,7 +562,7 @@ rodauth-rails changes some of the default Rodauth settings for easier setup:
 
 ### Database functions
 
-By default on PostgreSQL, MySQL, and Microsoft SQL Server, Rodauth uses
+By default, on PostgreSQL, MySQL, and Microsoft SQL Server Rodauth uses
 database functions to access password hashes, with the user running the
 application unable to get direct access to password hashes. This reduces the
 risk of an attacker being able to access password hashes and use them to attack
@@ -546,7 +573,11 @@ to reason about, as it requires having two different database users and making
 sure the correct migration is run for the correct user.
 
 To keep with Rails' "convention over configuration" doctrine, rodauth-rails
-disables the use of database functions, though it can still be turned back on.
+disables the use of database functions, though you can always turn it back on.
+
+```rb
+use_database_authentication_functions? true
+```
 
 ### Account statuses
 
@@ -560,8 +591,32 @@ tests by default, but it's also commonly done in development.
 
 To address this, rodauth-rails modifies the setup to store account status text
 directly in the accounts table. If you're worried about invalid status values
-creeping in, you may use enums instead. Alternatively, you can still go back to
-the setup recommended by Rodauth.
+creeping in, you may use enums instead. Alternatively, you can always go back
+to the setup recommended by Rodauth.
+
+```rb
+# in the migration:
+create_table :account_statuses do |t|
+  t.string :name, null: false, unique: true
+end
+execute "INSERT INTO account_statuses (id, name) VALUES (1, 'Unverified'), (2, 'Verified'), (3, 'Closed')"
+
+create_table :accounts do |t|
+  # ...
+  t.references :status, foreign_key: { to_table: :account_statuses }, null: false, default: 1
+  # ...
+end
+```
+```diff
+configure do
+  # ...
+- account_status_column :status
+- account_unverified_status_value "unverified"
+- account_open_status_value "verified"
+- account_closed_status_value "closed"
+  # ...
+end
+```
 
 ## License
 
@@ -578,12 +633,11 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [Sequel]: https://github.com/jeremyevans/sequel
 [rendering views outside of controllers]: https://blog.bigbinary.com/2016/01/08/rendering-views-outside-of-controllers-in-rails-5.html
 [feature documentation]: http://rodauth.jeremyevans.net/documentation.html
-[Rodauth plugin]: https://github.com/jeremyevans/rodauth/#label-Plugin+Options
+[JWT feature]: http://rodauth.jeremyevans.net/rdoc/files/doc/jwt_rdoc.html
 [Bootstrap]: https://getbootstrap.com/
 [Roda]: http://roda.jeremyevans.net/
 [HMAC]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-HMAC
 [database authentication functions]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Password+Hash+Access+Via+Database+Functions
-[multiple configurations]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-With+Multiple+Configurations
-[views]: /app/views/rodauth
 [Rodauth migration]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Creating+tables
 [sequel-activerecord_connection]: https://github.com/janko/sequel-activerecord_connection
+[plugin options]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Plugin+Options

data/lib/generators/rodauth/install_generator.rb

@@ -1,13 +1,11 @@
 require "rails/generators/base"
-require "rails/generators/migration"
-require "rails/generators/active_record"
-require "rodauth/version"
+require "rails/generators/active_record/migration"
 
 module Rodauth
   module Rails
     module Generators
       class InstallGenerator < ::Rails::Generators::Base
-        include ::Rails::Generators::Migration
+        include ::ActiveRecord::Generators::Migration
 
         source_root "#{__dir__}/templates"
         namespace "rodauth:install"
@@ -15,7 +13,7 @@ module Rodauth
         def create_rodauth_migration
           return unless defined?(ActiveRecord::Base)
 
-          migration_template "db/migrate/create_rodauth.rb", "db/migrate/create_rodauth.rb"
+          migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "create_rodauth.rb")
         end
 
         def create_rodauth_initializer
@@ -24,7 +22,8 @@ module Rodauth
 
         def create_sequel_initializer
           return unless defined?(ActiveRecord::Base)
-          return unless %w[postgresql mysql2 sqlite3].include?(adapter)
+          return unless %w[postgresql mysql2 sqlite3].include?(activerecord_adapter)
+          return if defined?(Sequel) && !Sequel::DATABASES.empty?
 
           template "config/initializers/sequel.rb"
         end
@@ -45,20 +44,32 @@ module Rodauth
 
         private
 
-        # required by #migration_template action
-        def self.next_migration_number(dirname)
-          ActiveRecord::Generators::Base.next_migration_number(dirname)
+        def db_migrate_path
+          return "db/migrate" unless activerecord_at_least?(5, 0)
+          super
         end
 
         def migration_version
-          if ActiveRecord.version >= Gem::Version.new("5.0.0")
+          if activerecord_at_least?(5, 0)
             "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
           end
         end
 
-        def adapter
+        def sequel_adapter
+          case activerecord_adapter
+          when "postgresql" then "postgres#{"ql" if RUBY_ENGINE == "jruby"}"
+          when "mysql2"     then "mysql#{"2" unless RUBY_ENGINE == "jruby"}"
+          when "sqlite3"    then "sqlite"
+          end
+        end
+
+        def activerecord_adapter
           ActiveRecord::Base.connection_config.fetch(:adapter)
         end
+
+        def activerecord_at_least?(major, minor)
+          ActiveRecord.version >= Gem::Version.new("#{major}.#{minor}")
+        end
       end
     end
   end

data/lib/generators/rodauth/mailer_generator.rb

@@ -1,5 +1,4 @@
 require "rails/generators/base"
-require "rodauth/version"
 
 module Rodauth
   module Rails

data/lib/generators/rodauth/templates/app/views/rodauth/_login_form_footer.html.erb

@@ -1,4 +1,3 @@
-<% if Rodauth::MAJOR == 2 -%>
 <%% unless rodauth.login_form_footer_links.empty? %>
   <h2>Other Options</h2>
   <ul>
@@ -7,17 +6,3 @@
     <%% end %>
   </ul>
 <%% end %>
-<% else -%>
-<%% if rodauth.features.include?(:create_account) %>
-  <p><%%= link_to "Create a New Account", rodauth.create_account_path %></p>
-<%% end %>
-<%% if rodauth.features.include?(:reset_password) %>
-  <p><%%= link_to "Forgot Password?", rodauth.reset_password_request_path %></p>
-<%% end %>
-<%% if rodauth.features.include?(:email_auth) && rodauth.valid_login_entered? %>
-  <%%= render "email_auth_request_form" %>
-<%% end %>
-<%% if rodauth.features.include?(:verify_account) %>
-  <p><%%= link_to "Resend Verify Account Information", rodauth.verify_account_resend_path %></p>
-<%% end %>
-<% end -%>

data/lib/generators/rodauth/templates/app/views/rodauth/_password_field.html.erb

@@ -1,4 +1,4 @@
 <div class="form-group">
   <%%= label_tag "password", "Password" %>
-  <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: "current-password" %>
+  <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: rodauth.password_field_autocomplete_value %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/logout.html.erb

@@ -1,6 +1,4 @@
 <%%= form_tag rodauth.logout_path, method: :post do %>
-<% if Rodauth::MAJOR == 2 -%>
   <%%= render "global_logout_field" if rodauth.features.include?(:active_sessions) %>
-<% end -%>
   <%%= render "submit", value: "Logout", class: "btn btn-warning" %>
 <%% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_auth.html.erb

@@ -2,12 +2,3 @@
   <%%= render "otp_auth_code_field" %>
   <%%= render "submit", value: "Authenticate Using TOTP" %>
 <%% end %>
-<% if Rodauth::MAJOR == 1 -%>
-
-<%% if rodauth.features.include?(:sms_codes) && rodauth.sms_available? %>
-  <p><%%= link_to "Authenticate using SMS code", rodauth.sms_request_path %></p>
-<%% end %>
-<%% if rodauth.features.include?(:recovery_codes) %>
-  <p><%%= link_to "Authenticate using recovery code", rodauth.recovery_auth_path %></p>
-<%% end %>
-<% end -%>

data/lib/generators/rodauth/templates/app/views/rodauth/remember.html.erb

@@ -6,7 +6,7 @@
     </div>
 
     <div class="form-check">
-      <%%= radio_button_tag rodauth.remember_param, rodauth.rememember_forget_param_value, false, id: "remember-forget", class: "form-check-input" %>
+      <%%= radio_button_tag rodauth.remember_param, rodauth.remember_forget_param_value, false, id: "remember-forget", class: "form-check-input" %>
       <%%= label_tag "remember-forget", "Forget Me", class: "form-check-label" %>
     </div>
 

data/lib/generators/rodauth/templates/config/initializers/sequel.rb

@@ -1,13 +1,8 @@
 require "sequel/core"
 
-# initialize the appropriate Sequel adapter without creating a connection
-<% case adapter -%>
-<% when "postgresql" -%>
-DB = Sequel.postgres(test: false)
-<% when "mysql2" -%>
-DB = Sequel.mysql2(test: false)
-<% when "sqlite3" -%>
-DB = Sequel.sqlite(test: false)
+# initialize Sequel and have it reuse Active Record's database connection
+<%- if RUBY_ENGINE == "jruby" -%>
+DB = Sequel.connect("jdbc:<%= sequel_adapter %>://", extensions: :activerecord_connection)
+<% else -%>
+DB = Sequel.<%= sequel_adapter %>(extensions: :activerecord_connection)
 <% end -%>
-# have Sequel use ActiveRecord's connection for database interaction
-DB.extension :activerecord_connection

data/lib/generators/rodauth/templates/db/migrate/create_rodauth.rb

@@ -1,11 +1,11 @@
 class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
   def change
-<% if adapter == "postgresql" -%>
+<% if activerecord_adapter == "postgresql" -%>
     enable_extension "citext"
 
 <% end -%>
     create_table :accounts do |t|
-<% case adapter -%>
+<% case activerecord_adapter -%>
 <% when "postgresql" -%>
       t.citext :email, null: false, index: { unique: true, where: "status IN ('verified', 'unverified')" }
 <% else -%>
@@ -53,10 +53,10 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
 
     # # Used by the audit logging feature
     # create_table :account_authentication_audit_logs do |t|
-    #   t.references :account, null: false
+    #   t.references :account, foreign_key: true, null: false
     #   t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
     #   t.text :message, null: false
-<% case adapter -%>
+<% case activerecord_adapter -%>
 <% when "postgresql" -%>
     #   t.jsonb :metadata
 <% when "sqlite3", "mysql2" -%>
@@ -70,7 +70,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
 
     # # Used by the jwt refresh feature
     # create_table :account_jwt_refresh_keys do |t|
-    #   t.references :account, null: false
+    #   t.references :account, foreign_key: true, null: false
     #   t.string :key, null: false
     #   t.datetime :deadline, null: false
     #   t.index :account_id, name: "account_jwt_rk_account_id_idx"
@@ -78,7 +78,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
 
     # # Used by the disallow_password_reuse feature
     # create_table :account_previous_password_hashes do |t|
-    #   t.references :account
+    #   t.references :account, foreign_key: true
     #   t.string :password_hash, null: false
     # end
 
@@ -124,7 +124,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
 
     # # Used by the active sessions feature
     # create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
-    #   t.references :account
+    #   t.references :account, foreign_key: true
     #   t.string :session_id
     #   t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
     #   t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
@@ -136,7 +136,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
     #   t.string :webauthn_id, null: false
     # end
     # create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do |t|
-    #   t.references :account
+    #   t.references :account, foreign_key: true
     #   t.string :webauthn_id
     #   t.string :public_key, null: false
     #   t.integer :sign_count, null: false

data/lib/generators/rodauth/templates/lib/rodauth_app.rb

@@ -42,26 +42,31 @@ class RodauthApp < Rodauth::Rails::App
     # ==> Emails
     # Uncomment the lines below once you've imported mailer views.
     # send_reset_password_email do
-    #   RodauthMailer.reset_password(email_to, password_reset_email_link).deliver_now
+    #   mailer_send(:reset_password, email_to, reset_password_email_link)
     # end
     # send_verify_account_email do
-    #   RodauthMailer.verify_account(email_to, verify_account_email_link).deliver_now
+    #   mailer_send(:verify_account, email_to, verify_account_email_link)
     # end
     # send_verify_login_change_email do |login|
-    #   RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link).deliver_now
+    #   mailer_send(:verify_login_change, login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
     # end
     # send_password_changed_email do
-    #   RodauthMailer.password_changed(email_to).deliver_now
+    #   mailer_send(:password_changed, email_to)
     # end
     # # send_email_auth_email do
-    # #   RodauthMailer.email_auth(email_to, email_auth_email_link).deliver_now
+    # #   mailer_send(:email_auth, email_to, email_auth_email_link)
     # # end
     # # send_unlock_account_email do
-<% if Rodauth::MAJOR == 1 -%>
-    # #   @unlock_account_key_value = get_unlock_account_key
-<% end -%>
-    # #   RodauthMailer.unlock_account(email_to, unlock_account_email_link).deliver_now
+    # #   mailer_send(:unlock_account, email_to, unlock_account_email_link)
     # # end
+    # auth_class_eval do
+    #   # queue email delivery on the mailer after the transaction commits
+    #   def mailer_send(type, *args)
+    #     db.after_commit do
+    #       RodauthMailer.public_send(type, *args).deliver_later
+    #     end
+    #   end
+    # end
 
     # In the meantime you can tweak settings for emails created by Rodauth
     # email_subject_prefix "[MyApp] "
@@ -76,7 +81,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Override default flash messages.
     # create_account_notice_flash "Your account has been created. Please verify your account by visiting the confirmation link sent to your email address."
-    # login_error_flash "Login is required for accessing this page"
+    # require_login_error_flash "Login is required for accessing this page"
     # login_notice_flash nil
 
     # ==> Validation
@@ -99,9 +104,6 @@ class RodauthApp < Rodauth::Rails::App
     # Extend user's remember period when remembered via a cookie
     extend_remember_deadline? true
 
-    # Consider remembered users to be multifactor-authenticated (if using MFA).
-    # after_load_memory { two_factor_update_session("totp") if two_factor_authentication_setup? }
-
     # ==> Hooks
     # Validate custom fields in the create account form.
     # before_create_account do
@@ -134,19 +136,6 @@ class RodauthApp < Rodauth::Rails::App
     # reset_password_deadline_interval Hash[hours: 6]
     # verify_login_change_deadline_interval Hash[days: 2]
     # remember_deadline_interval Hash[days: 30]
-
-    # ==> Extending
-    # Define any additional methods you want for the Rodauth object.
-    # auth_class_eval do
-    #   def my_send_email(name, *args)
-    #     AuthenticationMailer.public_send(name, *args).deliver_later
-    #   end
-    # end
-    #
-    # Then use the new custom method in configuration blocks.
-    # send_password_reset_email do
-    #   my_send_email(:password_reset, email_to, password_reset_email_link)
-    # end
   end
 
   # ==> Multiple configurations

data/lib/generators/rodauth/views_generator.rb

@@ -1,5 +1,4 @@
 require "rails/generators/base"
-require "rodauth/version"
 
 module Rodauth
   module Rails
@@ -8,6 +7,21 @@ module Rodauth
         source_root "#{__dir__}/templates"
         namespace "rodauth:views"
 
+        argument :features, optional: true, type: :array,
+          desc: "Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)",
+          default: %w[login logout create_account verify_account reset_password change_password change_login verify_login_change close_account]
+
+        class_option :features, type: :array,
+          desc: "[DEPRECATED] Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)"
+
+        class_option :all, aliases: "-a", type: :boolean,
+          desc: "Generates views for all Rodauth features",
+          default: false
+
+        class_option :directory, aliases: "-d", type: :string,
+          desc: "The directory under app/views/* into which to create views",
+          default: "rodauth"
+
         VIEWS = {
           login: %w[
             _field _field_error _login_field _login_display _password_field
@@ -84,34 +98,18 @@ module Rodauth
           webauthn:        :two_factor_base,
         }
 
-        class_option :features, type: :array,
-          desc: "Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)",
-          default: %w[login logout create_account verify_account reset_password change_password change_login verify_login_change close_account]
-
-        class_option :all, aliases: "-a", type: :boolean,
-          desc: "Generates views for all Rodauth features",
-          default: false
-
-        class_option :directory, aliases: "-d", type: :string,
-          desc: "The directory under app/views/* into which to create views",
-          default: "rodauth"
-
         def create_views
-          features = options[:all] ? VIEWS.keys : options[:features].map(&:to_sym)
+          if options[:all]
+            features = VIEWS.keys
+          else
+            features = (options[:features] || self.features).map(&:to_sym)
+          end
 
           views = features.inject([]) do |list, feature|
             list |= VIEWS[feature] || []
             list |= VIEWS[DEPENDENCIES[feature]] || []
           end
 
-          if Rodauth::MAJOR == 1
-            views -= %w[
-              multi_phase_login _global_logout_field
-              two_factor_manage two_factor_auth two_factor_disable
-              webauthn_setup webauthn_auth webauthn_remove
-            ]
-          end
-
           views.each do |view|
             template "app/views/rodauth/#{view}.html.erb",
               "app/views/#{options[:directory].underscore}/#{view}.html.erb"

data/lib/rodauth/rails.rb

@@ -1,3 +1,4 @@
+require "rodauth/version"
 require "rodauth/rails/railtie"
 
 module Rodauth

data/lib/rodauth/rails/feature.rb

@@ -28,6 +28,16 @@ module Rodauth
         super
     end
 
+    # Verify Rails' authenticity token.
+    def check_csrf
+      rails_check_csrf!
+    end
+
+    # Have Rodauth call #check_csrf automatically.
+    def check_csrf?
+      true
+    end
+
     # Render Rails CSRF tags in Rodauth templates.
     def csrf_tag(*)
       rails_csrf_tag
@@ -40,12 +50,6 @@ module Rodauth
 
     private
 
-    # Verify Rails' authenticity token before each Rodauth route.
-    def before_rodauth
-      rails_check_csrf!
-      super
-    end
-
     # Create emails with ActionMailer which uses configured delivery method.
     def create_email_to(to, subject, body)
       Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)

data/rodauth-rails.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = "rodauth-rails"
-  spec.version       = "0.1.1"
+  spec.version       = "0.3.0"
   spec.authors       = ["Janko Marohnić"]
   spec.email         = ["janko.marohnic@gmail.com"]
 
@@ -15,8 +15,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 4.2", "< 7"
-  spec.add_dependency "rodauth", ">= 1.23", "< 3"
-  spec.add_dependency "sequel-activerecord_connection", "~> 0.2"
+  spec.add_dependency "rodauth", "~> 2.1"
+  spec.add_dependency "sequel-activerecord_connection", "~> 0.3"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-09 00:00:00.000000000 Z
+date: 2020-09-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -34,36 +34,30 @@ dependencies:
   name: rodauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1.23'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1.23'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
@@ -99,6 +93,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
 - LICENSE.txt
 - README.md
 - lib/generators/rodauth/install_generator.rb