rodauth-rails 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +45 -6
- data/lib/generators/rodauth/install_generator.rb +1 -1
- data/lib/generators/rodauth/mailer_generator.rb +0 -1
- data/lib/generators/rodauth/templates/app/views/rodauth/_login_form_footer.html.erb +1 -1
- data/lib/generators/rodauth/templates/app/views/rodauth/_password_field.html.erb +1 -1
- data/lib/generators/rodauth/templates/app/views/rodauth/logout.html.erb +1 -1
- data/lib/generators/rodauth/templates/app/views/rodauth/remember.html.erb +1 -1
- data/lib/generators/rodauth/templates/lib/rodauth_app.rb +2 -5
- data/lib/generators/rodauth/views_generator.rb +0 -1
- data/lib/rodauth/rails.rb +1 -0
- data/lib/rodauth/rails/feature.rb +18 -6
- data/rodauth-rails.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6582c0a5c1acbaa774ec0dd8b3909797afdb7f6a5e09e528125a021aedb2b7d5
|
4
|
+
data.tar.gz: 851e5ed231d870497e014d5eed35884e2ee15bacdb5ed66bd8ad4d5a00657b3e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '0429e4c00fdd4d48b34e319763cf36598b7635720ac8e37ea965a7f0ff68b8a94914f48ab92801893329f3e9c32ccb17f304bb59c4894c83ed0c0dad09b3530b'
|
7
|
+
data.tar.gz: f1df4d89de84cb4fe9294101eeb7e5e19e3b0338aeee932278810465e3ea7d0529c490e7071391d74b2bbb11de6c74729a9cfeb64c92ffb5ebf74e7e8dab63e8
|
data/README.md
CHANGED
@@ -160,7 +160,7 @@ page:
|
|
160
160
|
|
161
161
|
These links are fully functional, feel free to visit them and interact with the
|
162
162
|
pages. The templates that ship with Rodauth aim to provide a complete
|
163
|
-
authentication experience, and the forms use [
|
163
|
+
authentication experience, and the forms use [Bootstrap] markup.
|
164
164
|
|
165
165
|
Let's also add the `#current_account` method for retrieving the account of the
|
166
166
|
the authenticated session:
|
@@ -358,7 +358,7 @@ class RodauthApp < Rodauth::Rails::App
|
|
358
358
|
configure do
|
359
359
|
# ...
|
360
360
|
send_reset_password_email do
|
361
|
-
RodauthMailer.reset_password(email_to,
|
361
|
+
RodauthMailer.reset_password(email_to, reset_password_email_link).deliver_now
|
362
362
|
end
|
363
363
|
send_verify_account_email do
|
364
364
|
RodauthMailer.verify_account(email_to, verify_account_email_link).deliver_now
|
@@ -485,6 +485,20 @@ Rodauth::Rails.configure do |config|
|
|
485
485
|
end
|
486
486
|
```
|
487
487
|
|
488
|
+
## Working with JWT
|
489
|
+
|
490
|
+
To work with JWT, you'll need to enable json in `Roda`, and the [JWT plugin][Rodauth JWT documentation]
|
491
|
+
|
492
|
+
```rb
|
493
|
+
# lib/rodauth_app.rb
|
494
|
+
class RodauthApp < Rodauth::Rails::App
|
495
|
+
configure(json: true) do
|
496
|
+
enable :jwt
|
497
|
+
# your configuration
|
498
|
+
end
|
499
|
+
end
|
500
|
+
```
|
501
|
+
|
488
502
|
## Testing
|
489
503
|
|
490
504
|
If you're writing system tests, it's generally better to go through the actual
|
@@ -535,7 +549,7 @@ rodauth-rails changes some of the default Rodauth settings for easier setup:
|
|
535
549
|
|
536
550
|
### Database functions
|
537
551
|
|
538
|
-
By default on PostgreSQL, MySQL, and Microsoft SQL Server
|
552
|
+
By default, on PostgreSQL, MySQL, and Microsoft SQL Server Rodauth uses
|
539
553
|
database functions to access password hashes, with the user running the
|
540
554
|
application unable to get direct access to password hashes. This reduces the
|
541
555
|
risk of an attacker being able to access password hashes and use them to attack
|
@@ -546,7 +560,11 @@ to reason about, as it requires having two different database users and making
|
|
546
560
|
sure the correct migration is run for the correct user.
|
547
561
|
|
548
562
|
To keep with Rails' "convention over configuration" doctrine, rodauth-rails
|
549
|
-
disables the use of database functions, though
|
563
|
+
disables the use of database functions, though you can always turn it back on.
|
564
|
+
|
565
|
+
```rb
|
566
|
+
use_database_authentication_functions? true
|
567
|
+
```
|
550
568
|
|
551
569
|
### Account statuses
|
552
570
|
|
@@ -560,8 +578,28 @@ tests by default, but it's also commonly done in development.
|
|
560
578
|
|
561
579
|
To address this, rodauth-rails modifies the setup to store account status text
|
562
580
|
directly in the accounts table. If you're worried about invalid status values
|
563
|
-
creeping in, you may use enums instead. Alternatively, you can
|
564
|
-
the setup recommended by Rodauth.
|
581
|
+
creeping in, you may use enums instead. Alternatively, you can always go back
|
582
|
+
to the setup recommended by Rodauth.
|
583
|
+
|
584
|
+
```rb
|
585
|
+
# in the migration:
|
586
|
+
create_table :account_statuses do |t|
|
587
|
+
t.string :name, null: false, unique: true
|
588
|
+
end
|
589
|
+
execute "INSERT INTO account_statuses (id, name) VALUES (1, 'Unverified'), (2, 'Verified'), (3, 'Closed')"
|
590
|
+
|
591
|
+
create_table :accounts do |t|
|
592
|
+
# ...
|
593
|
+
t.references :status, foreign_key: { to_table: :account_statuses }, null: false, default: 1
|
594
|
+
# ...
|
595
|
+
end
|
596
|
+
```
|
597
|
+
```diff
|
598
|
+
- account_status_column :status
|
599
|
+
- account_unverified_status_value "unverified"
|
600
|
+
- account_open_status_value "verified"
|
601
|
+
- account_closed_status_value "closed"
|
602
|
+
```
|
565
603
|
|
566
604
|
## License
|
567
605
|
|
@@ -578,6 +616,7 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
|
|
578
616
|
[Sequel]: https://github.com/jeremyevans/sequel
|
579
617
|
[rendering views outside of controllers]: https://blog.bigbinary.com/2016/01/08/rendering-views-outside-of-controllers-in-rails-5.html
|
580
618
|
[feature documentation]: http://rodauth.jeremyevans.net/documentation.html
|
619
|
+
[Rodauth JWT documentation]: http://rodauth.jeremyevans.net/rdoc/files/doc/jwt_rdoc.html
|
581
620
|
[Rodauth plugin]: https://github.com/jeremyevans/rodauth/#label-Plugin+Options
|
582
621
|
[Bootstrap]: https://getbootstrap.com/
|
583
622
|
[Roda]: http://roda.jeremyevans.net/
|
@@ -1,7 +1,6 @@
|
|
1
1
|
require "rails/generators/base"
|
2
2
|
require "rails/generators/migration"
|
3
3
|
require "rails/generators/active_record"
|
4
|
-
require "rodauth/version"
|
5
4
|
|
6
5
|
module Rodauth
|
7
6
|
module Rails
|
@@ -25,6 +24,7 @@ module Rodauth
|
|
25
24
|
def create_sequel_initializer
|
26
25
|
return unless defined?(ActiveRecord::Base)
|
27
26
|
return unless %w[postgresql mysql2 sqlite3].include?(adapter)
|
27
|
+
return if defined?(Sequel) && !Sequel::DATABASES.empty?
|
28
28
|
|
29
29
|
template "config/initializers/sequel.rb"
|
30
30
|
end
|
@@ -1,4 +1,4 @@
|
|
1
1
|
<div class="form-group">
|
2
2
|
<%%= label_tag "password", "Password" %>
|
3
|
-
<%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: "current-password" %>
|
3
|
+
<%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: <%= Rodauth::MAJOR >= 2 && Rodauth::MINOR >= 1 ? %(rodauth.password_field_autocomplete_value) : %("current-password") %> %>
|
4
4
|
</div>
|
@@ -1,5 +1,5 @@
|
|
1
1
|
<%%= form_tag rodauth.logout_path, method: :post do %>
|
2
|
-
<% if Rodauth::MAJOR
|
2
|
+
<% if Rodauth::MAJOR >= 2 -%>
|
3
3
|
<%%= render "global_logout_field" if rodauth.features.include?(:active_sessions) %>
|
4
4
|
<% end -%>
|
5
5
|
<%%= render "submit", value: "Logout", class: "btn btn-warning" %>
|
@@ -6,7 +6,7 @@
|
|
6
6
|
</div>
|
7
7
|
|
8
8
|
<div class="form-check">
|
9
|
-
<%%= radio_button_tag rodauth.remember_param, rodauth.
|
9
|
+
<%%= radio_button_tag rodauth.remember_param, rodauth.remember_forget_param_value, false, id: "remember-forget", class: "form-check-input" %>
|
10
10
|
<%%= label_tag "remember-forget", "Forget Me", class: "form-check-label" %>
|
11
11
|
</div>
|
12
12
|
|
@@ -99,9 +99,6 @@ class RodauthApp < Rodauth::Rails::App
|
|
99
99
|
# Extend user's remember period when remembered via a cookie
|
100
100
|
extend_remember_deadline? true
|
101
101
|
|
102
|
-
# Consider remembered users to be multifactor-authenticated (if using MFA).
|
103
|
-
# after_load_memory { two_factor_update_session("totp") if two_factor_authentication_setup? }
|
104
|
-
|
105
102
|
# ==> Hooks
|
106
103
|
# Validate custom fields in the create account form.
|
107
104
|
# before_create_account do
|
@@ -144,8 +141,8 @@ class RodauthApp < Rodauth::Rails::App
|
|
144
141
|
# end
|
145
142
|
#
|
146
143
|
# Then use the new custom method in configuration blocks.
|
147
|
-
#
|
148
|
-
# my_send_email(:
|
144
|
+
# send_reset_password_email do
|
145
|
+
# my_send_email(:reset_password, email_to, reset_password_email_link)
|
149
146
|
# end
|
150
147
|
end
|
151
148
|
|
data/lib/rodauth/rails.rb
CHANGED
@@ -28,6 +28,24 @@ module Rodauth
|
|
28
28
|
super
|
29
29
|
end
|
30
30
|
|
31
|
+
if Rodauth::MAJOR >= 2 && Rodauth::MINOR >= 1
|
32
|
+
# Verify Rails' authenticity token.
|
33
|
+
def check_csrf
|
34
|
+
rails_check_csrf!
|
35
|
+
end
|
36
|
+
|
37
|
+
# Have Rodauth call #check_csrf automatically.
|
38
|
+
def check_csrf?
|
39
|
+
true
|
40
|
+
end
|
41
|
+
else
|
42
|
+
# Verify Rails' authenticity token before each Rodauth route.
|
43
|
+
def before_rodauth
|
44
|
+
rails_check_csrf!
|
45
|
+
super
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
31
49
|
# Render Rails CSRF tags in Rodauth templates.
|
32
50
|
def csrf_tag(*)
|
33
51
|
rails_csrf_tag
|
@@ -40,12 +58,6 @@ module Rodauth
|
|
40
58
|
|
41
59
|
private
|
42
60
|
|
43
|
-
# Verify Rails' authenticity token before each Rodauth route.
|
44
|
-
def before_rodauth
|
45
|
-
rails_check_csrf!
|
46
|
-
super
|
47
|
-
end
|
48
|
-
|
49
61
|
# Create emails with ActionMailer which uses configured delivery method.
|
50
62
|
def create_email_to(to, subject, body)
|
51
63
|
Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)
|
data/rodauth-rails.gemspec
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Janko Marohnić
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-07-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|