rodauth-rails 0.1.2 → 0.1.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9c754fbd5d613cab821d197dc1e6918e806e6dd7184dc9a1bb3bef04c3e9a145
4
- data.tar.gz: 6a8c6e225d7912e0b1d424a3a6886e3e653c71e160575ce5c1018343d3f7507c
3
+ metadata.gz: 6582c0a5c1acbaa774ec0dd8b3909797afdb7f6a5e09e528125a021aedb2b7d5
4
+ data.tar.gz: 851e5ed231d870497e014d5eed35884e2ee15bacdb5ed66bd8ad4d5a00657b3e
5
5
  SHA512:
6
- metadata.gz: ca77c9f17d2a4d356aed60b0cbe50737fda50ad6843219e67ad21ae2486fc05df73863bc60d1e4b410a5737fc4f4ed8a66f5351ccdebe9ed9074108e7ce3b413
7
- data.tar.gz: 2bcda57916777509096884aae59a3f0a632e21a100a96b029057cd08d68a2c4e0f022d280e77840f87d0e2f15b4d50bef29d801cd972ff0c08461284c0df3929
6
+ metadata.gz: '0429e4c00fdd4d48b34e319763cf36598b7635720ac8e37ea965a7f0ff68b8a94914f48ab92801893329f3e9c32ccb17f304bb59c4894c83ed0c0dad09b3530b'
7
+ data.tar.gz: f1df4d89de84cb4fe9294101eeb7e5e19e3b0338aeee932278810465e3ea7d0529c490e7071391d74b2bbb11de6c74729a9cfeb64c92ffb5ebf74e7e8dab63e8
data/README.md CHANGED
@@ -160,7 +160,7 @@ page:
160
160
 
161
161
  These links are fully functional, feel free to visit them and interact with the
162
162
  pages. The templates that ship with Rodauth aim to provide a complete
163
- authentication experience, and the forms use [Boostrap] markup.
163
+ authentication experience, and the forms use [Bootstrap] markup.
164
164
 
165
165
  Let's also add the `#current_account` method for retrieving the account of the
166
166
  the authenticated session:
@@ -358,7 +358,7 @@ class RodauthApp < Rodauth::Rails::App
358
358
  configure do
359
359
  # ...
360
360
  send_reset_password_email do
361
- RodauthMailer.reset_password(email_to, password_reset_email_link).deliver_now
361
+ RodauthMailer.reset_password(email_to, reset_password_email_link).deliver_now
362
362
  end
363
363
  send_verify_account_email do
364
364
  RodauthMailer.verify_account(email_to, verify_account_email_link).deliver_now
@@ -485,6 +485,20 @@ Rodauth::Rails.configure do |config|
485
485
  end
486
486
  ```
487
487
 
488
+ ## Working with JWT
489
+
490
+ To work with JWT, you'll need to enable json in `Roda`, and the [JWT plugin][Rodauth JWT documentation]
491
+
492
+ ```rb
493
+ # lib/rodauth_app.rb
494
+ class RodauthApp < Rodauth::Rails::App
495
+ configure(json: true) do
496
+ enable :jwt
497
+ # your configuration
498
+ end
499
+ end
500
+ ```
501
+
488
502
  ## Testing
489
503
 
490
504
  If you're writing system tests, it's generally better to go through the actual
@@ -535,7 +549,7 @@ rodauth-rails changes some of the default Rodauth settings for easier setup:
535
549
 
536
550
  ### Database functions
537
551
 
538
- By default on PostgreSQL, MySQL, and Microsoft SQL Server, Rodauth uses
552
+ By default, on PostgreSQL, MySQL, and Microsoft SQL Server Rodauth uses
539
553
  database functions to access password hashes, with the user running the
540
554
  application unable to get direct access to password hashes. This reduces the
541
555
  risk of an attacker being able to access password hashes and use them to attack
@@ -546,7 +560,11 @@ to reason about, as it requires having two different database users and making
546
560
  sure the correct migration is run for the correct user.
547
561
 
548
562
  To keep with Rails' "convention over configuration" doctrine, rodauth-rails
549
- disables the use of database functions, though it can still be turned back on.
563
+ disables the use of database functions, though you can always turn it back on.
564
+
565
+ ```rb
566
+ use_database_authentication_functions? true
567
+ ```
550
568
 
551
569
  ### Account statuses
552
570
 
@@ -560,8 +578,28 @@ tests by default, but it's also commonly done in development.
560
578
 
561
579
  To address this, rodauth-rails modifies the setup to store account status text
562
580
  directly in the accounts table. If you're worried about invalid status values
563
- creeping in, you may use enums instead. Alternatively, you can still go back to
564
- the setup recommended by Rodauth.
581
+ creeping in, you may use enums instead. Alternatively, you can always go back
582
+ to the setup recommended by Rodauth.
583
+
584
+ ```rb
585
+ # in the migration:
586
+ create_table :account_statuses do |t|
587
+ t.string :name, null: false, unique: true
588
+ end
589
+ execute "INSERT INTO account_statuses (id, name) VALUES (1, 'Unverified'), (2, 'Verified'), (3, 'Closed')"
590
+
591
+ create_table :accounts do |t|
592
+ # ...
593
+ t.references :status, foreign_key: { to_table: :account_statuses }, null: false, default: 1
594
+ # ...
595
+ end
596
+ ```
597
+ ```diff
598
+ - account_status_column :status
599
+ - account_unverified_status_value "unverified"
600
+ - account_open_status_value "verified"
601
+ - account_closed_status_value "closed"
602
+ ```
565
603
 
566
604
  ## License
567
605
 
@@ -578,6 +616,7 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
578
616
  [Sequel]: https://github.com/jeremyevans/sequel
579
617
  [rendering views outside of controllers]: https://blog.bigbinary.com/2016/01/08/rendering-views-outside-of-controllers-in-rails-5.html
580
618
  [feature documentation]: http://rodauth.jeremyevans.net/documentation.html
619
+ [Rodauth JWT documentation]: http://rodauth.jeremyevans.net/rdoc/files/doc/jwt_rdoc.html
581
620
  [Rodauth plugin]: https://github.com/jeremyevans/rodauth/#label-Plugin+Options
582
621
  [Bootstrap]: https://getbootstrap.com/
583
622
  [Roda]: http://roda.jeremyevans.net/
@@ -1,7 +1,6 @@
1
1
  require "rails/generators/base"
2
2
  require "rails/generators/migration"
3
3
  require "rails/generators/active_record"
4
- require "rodauth/version"
5
4
 
6
5
  module Rodauth
7
6
  module Rails
@@ -25,6 +24,7 @@ module Rodauth
25
24
  def create_sequel_initializer
26
25
  return unless defined?(ActiveRecord::Base)
27
26
  return unless %w[postgresql mysql2 sqlite3].include?(adapter)
27
+ return if defined?(Sequel) && !Sequel::DATABASES.empty?
28
28
 
29
29
  template "config/initializers/sequel.rb"
30
30
  end
@@ -1,5 +1,4 @@
1
1
  require "rails/generators/base"
2
- require "rodauth/version"
3
2
 
4
3
  module Rodauth
5
4
  module Rails
@@ -1,4 +1,4 @@
1
- <% if Rodauth::MAJOR == 2 -%>
1
+ <% if Rodauth::MAJOR >= 2 -%>
2
2
  <%% unless rodauth.login_form_footer_links.empty? %>
3
3
  <h2>Other Options</h2>
4
4
  <ul>
@@ -1,4 +1,4 @@
1
1
  <div class="form-group">
2
2
  <%%= label_tag "password", "Password" %>
3
- <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: "current-password" %>
3
+ <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: <%= Rodauth::MAJOR >= 2 && Rodauth::MINOR >= 1 ? %(rodauth.password_field_autocomplete_value) : %("current-password") %> %>
4
4
  </div>
@@ -1,5 +1,5 @@
1
1
  <%%= form_tag rodauth.logout_path, method: :post do %>
2
- <% if Rodauth::MAJOR == 2 -%>
2
+ <% if Rodauth::MAJOR >= 2 -%>
3
3
  <%%= render "global_logout_field" if rodauth.features.include?(:active_sessions) %>
4
4
  <% end -%>
5
5
  <%%= render "submit", value: "Logout", class: "btn btn-warning" %>
@@ -6,7 +6,7 @@
6
6
  </div>
7
7
 
8
8
  <div class="form-check">
9
- <%%= radio_button_tag rodauth.remember_param, rodauth.rememember_forget_param_value, false, id: "remember-forget", class: "form-check-input" %>
9
+ <%%= radio_button_tag rodauth.remember_param, rodauth.remember_forget_param_value, false, id: "remember-forget", class: "form-check-input" %>
10
10
  <%%= label_tag "remember-forget", "Forget Me", class: "form-check-label" %>
11
11
  </div>
12
12
 
@@ -99,9 +99,6 @@ class RodauthApp < Rodauth::Rails::App
99
99
  # Extend user's remember period when remembered via a cookie
100
100
  extend_remember_deadline? true
101
101
 
102
- # Consider remembered users to be multifactor-authenticated (if using MFA).
103
- # after_load_memory { two_factor_update_session("totp") if two_factor_authentication_setup? }
104
-
105
102
  # ==> Hooks
106
103
  # Validate custom fields in the create account form.
107
104
  # before_create_account do
@@ -144,8 +141,8 @@ class RodauthApp < Rodauth::Rails::App
144
141
  # end
145
142
  #
146
143
  # Then use the new custom method in configuration blocks.
147
- # send_password_reset_email do
148
- # my_send_email(:password_reset, email_to, password_reset_email_link)
144
+ # send_reset_password_email do
145
+ # my_send_email(:reset_password, email_to, reset_password_email_link)
149
146
  # end
150
147
  end
151
148
 
@@ -1,5 +1,4 @@
1
1
  require "rails/generators/base"
2
- require "rodauth/version"
3
2
 
4
3
  module Rodauth
5
4
  module Rails
@@ -1,3 +1,4 @@
1
+ require "rodauth/version"
1
2
  require "rodauth/rails/railtie"
2
3
 
3
4
  module Rodauth
@@ -28,6 +28,24 @@ module Rodauth
28
28
  super
29
29
  end
30
30
 
31
+ if Rodauth::MAJOR >= 2 && Rodauth::MINOR >= 1
32
+ # Verify Rails' authenticity token.
33
+ def check_csrf
34
+ rails_check_csrf!
35
+ end
36
+
37
+ # Have Rodauth call #check_csrf automatically.
38
+ def check_csrf?
39
+ true
40
+ end
41
+ else
42
+ # Verify Rails' authenticity token before each Rodauth route.
43
+ def before_rodauth
44
+ rails_check_csrf!
45
+ super
46
+ end
47
+ end
48
+
31
49
  # Render Rails CSRF tags in Rodauth templates.
32
50
  def csrf_tag(*)
33
51
  rails_csrf_tag
@@ -40,12 +58,6 @@ module Rodauth
40
58
 
41
59
  private
42
60
 
43
- # Verify Rails' authenticity token before each Rodauth route.
44
- def before_rodauth
45
- rails_check_csrf!
46
- super
47
- end
48
-
49
61
  # Create emails with ActionMailer which uses configured delivery method.
50
62
  def create_email_to(to, subject, body)
51
63
  Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |spec|
2
2
  spec.name = "rodauth-rails"
3
- spec.version = "0.1.2"
3
+ spec.version = "0.1.3"
4
4
  spec.authors = ["Janko Marohnić"]
5
5
  spec.email = ["janko.marohnic@gmail.com"]
6
6
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.1.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Janko Marohnić
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-14 00:00:00.000000000 Z
11
+ date: 2020-07-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties