rodauth-rails 0.1.2 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9c754fbd5d613cab821d197dc1e6918e806e6dd7184dc9a1bb3bef04c3e9a145
4
- data.tar.gz: 6a8c6e225d7912e0b1d424a3a6886e3e653c71e160575ce5c1018343d3f7507c
3
+ metadata.gz: b60f1b274889c1809196e62e8f3ba3516bf631593e6263162b3f4af11521d3a3
4
+ data.tar.gz: e55af46d9f5886dfc70d1f3112597bf508ba9536e8d0fc9cec141f33d045c94b
5
5
  SHA512:
6
- metadata.gz: ca77c9f17d2a4d356aed60b0cbe50737fda50ad6843219e67ad21ae2486fc05df73863bc60d1e4b410a5737fc4f4ed8a66f5351ccdebe9ed9074108e7ce3b413
7
- data.tar.gz: 2bcda57916777509096884aae59a3f0a632e21a100a96b029057cd08d68a2c4e0f022d280e77840f87d0e2f15b4d50bef29d801cd972ff0c08461284c0df3929
6
+ metadata.gz: 26c72c879909f9497a9d05802776ef8aa42d73dd8a4ba72695ea88289aebf29b2224bbf9011ab7929b394e708c25379410cb9d62f4d54c9c300002e3405cdc5a
7
+ data.tar.gz: 8370be5f4885300ded77d1e0bfea95ab99c0b0889fe464fbea062da7d71dd1a66deb4777a08dc235f841eb241170b1a08eb9badce756325e2291b5e87883068a
@@ -0,0 +1,48 @@
1
+ ## 0.3.1 (2020-10-25)
2
+
3
+ * Depend on sequel-activerecord_connection 1.0+ (@janko)
4
+
5
+ ## 0.3.0 (2020-09-18)
6
+
7
+ * Handle custom configured database migration paths in install generator (@janko)
8
+
9
+ * Allow specifying features as plain arguments in `rodauth:views` generator (@janko)
10
+
11
+ * Add some missing foreign key constraints in generated migration file (@janko)
12
+
13
+ ## 0.2.1 (2020-07-26)
14
+
15
+ * Fix incorrect JDBC connect syntax in `sequel.rb` template on JRuby (@janko)
16
+
17
+ ## 0.2.0 (2020-07-26)
18
+
19
+ * Drop support for Rodauth 1.x (@janko)
20
+
21
+ * Change `rodauth_app.rb` template to send emails in the background after transaction commit (@janko)
22
+
23
+ * Bump `sequel-activerecord_connection` dependency to `~> 0.3` (@janko)
24
+
25
+ * Use the JDBC adapter in sequel.rb initializer when on JRuby (@janko)
26
+
27
+ ## 0.1.3 (2020-07-04)
28
+
29
+ * Remove insecure MFA integration with remember feature suggestion in `lib/rodauth_app.rb` (@janko, @nicolas-besnard)
30
+
31
+ * Use correct password autocomplete value on Rodauth 2.1+ (@janko)
32
+
33
+ * Enable skipping CSRF protection on Rodauth 2.1+ by overriding `#check_csrf?` (@janko)
34
+
35
+ * Don't generate Sequel initializer if Sequel connection exists (@janko)
36
+
37
+ * Fix typo in remember view template (@nicolas-besnard)
38
+
39
+ * Fix some more typos in `lib/rodauth_app.rb` (@janko)
40
+
41
+ ## 0.1.2 (2020-05-14)
42
+
43
+ * Fix some typos in comment suggestions in `lib/rodauth_app.rb` (@janko)
44
+
45
+ ## 0.1.1 (2020-05-09)
46
+
47
+ * Include view templates in the gem (@janko)
48
+ * Use `Login` labels to be consistent with Rodauth (@janko)
data/README.md CHANGED
@@ -13,7 +13,7 @@ Provides Rails integration for the [Rodauth] authentication framework.
13
13
  Add the gem to your Gemfile:
14
14
 
15
15
  ```rb
16
- gem "rodauth-rails", "~> 0.1"
16
+ gem "rodauth-rails", "~> 0.3"
17
17
  ```
18
18
 
19
19
  Then run `bundle install`.
@@ -82,10 +82,8 @@ ActiveRecord connection.
82
82
  # config/initializers/sequel.rb
83
83
  require "sequel/core"
84
84
 
85
- # initialize the appropriate Sequel adapter without creating a connection
86
- DB = Sequel.postgres(test: false)
87
- # have Sequel use ActiveRecord's connection for database interaction
88
- DB.extension :activerecord_connection
85
+ # initialize Sequel and have it reuse Active Record's database connection
86
+ DB = Sequel.postgres(extensions: :activerecord_connection)
89
87
  ```
90
88
 
91
89
  ### Rodauth app
@@ -160,19 +158,26 @@ page:
160
158
 
161
159
  These links are fully functional, feel free to visit them and interact with the
162
160
  pages. The templates that ship with Rodauth aim to provide a complete
163
- authentication experience, and the forms use [Boostrap] markup.
161
+ authentication experience, and the forms use [Bootstrap] markup.
164
162
 
165
- Let's also add the `#current_account` method for retrieving the account of the
166
- the authenticated session:
163
+ Let's also load the account record for authenticated requests and expose it via
164
+ `#current_account`:
167
165
 
168
166
  ```rb
169
167
  # app/controllers/application_controller.rb
170
168
  class ApplicationController < ActionController::Base
169
+ before_action :load_account, if: -> { rodauth.authenticated? }
170
+
171
171
  private
172
172
 
173
- def current_account
174
- @current_account ||= Account.find(rodauth.session_value)
173
+ def load_account
174
+ @current_account = Account.find(rodauth.session_value)
175
+ rescue ActiveRecord::RecordNotFound
176
+ rodauth.logout
177
+ rodauth.login_required
175
178
  end
179
+
180
+ attr_reader :current_account
176
181
  helper_method :current_account
177
182
  end
178
183
  ```
@@ -258,7 +263,7 @@ You can pass a list of Rodauth features to the generator to create views for
258
263
  these features (this will not remove any existing views):
259
264
 
260
265
  ```sh
261
- $ rails generate rodauth:views --features login create_account lockout otp
266
+ $ rails generate rodauth:views login create_account lockout otp
262
267
  ```
263
268
 
264
269
  Or you can generate views for all features:
@@ -358,23 +363,31 @@ class RodauthApp < Rodauth::Rails::App
358
363
  configure do
359
364
  # ...
360
365
  send_reset_password_email do
361
- RodauthMailer.reset_password(email_to, password_reset_email_link).deliver_now
366
+ mailer_send(:reset_password, email_to, reset_password_email_link)
362
367
  end
363
368
  send_verify_account_email do
364
- RodauthMailer.verify_account(email_to, verify_account_email_link).deliver_now
369
+ mailer_send(:verify_account, email_to, verify_account_email_link)
365
370
  end
366
371
  send_verify_login_change_email do |login|
367
- RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link).deliver_now
372
+ mailer_send(:verify_login_change, login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
368
373
  end
369
374
  send_password_changed_email do
370
- RodauthMailer.password_changed(email_to).deliver_now
375
+ mailer_send(:password_changed, email_to)
371
376
  end
372
377
  # send_email_auth_email do
373
- # RodauthMailer.email_auth(email_to, email_auth_email_link).deliver_now
378
+ # mailer_send(:email_auth, email_to, email_auth_email_link)
374
379
  # end
375
380
  # send_unlock_account_email do
376
- # RodauthMailer.unlock_account(email_to, unlock_account_email_link).deliver_now
381
+ # mailer_send(:unlock_account, email_to, unlock_account_email_link)
377
382
  # end
383
+ auth_class_eval do
384
+ # queue email delivery on the mailer after the transaction commits
385
+ def mailer_send(type, *args)
386
+ db.after_commit do
387
+ RodauthMailer.public_send(type, *args).deliver_later
388
+ end
389
+ end
390
+ end
378
391
  # ...
379
392
  end
380
393
  end
@@ -399,7 +412,7 @@ The Rodauth app stores the `Rodauth::Auth` instance in the Rack env hash, which
399
412
  is then available in your Rails app:
400
413
 
401
414
  ```rb
402
- request.env["rodauth"] #=> #<Rodauth::Auth>
415
+ request.env["rodauth"] #=> #<Rodauth::Auth>
403
416
  request.env["rodauth.secondary"] #=> #<Rodauth::Auth> (if using multiple configurations)
404
417
  ```
405
418
 
@@ -409,13 +422,13 @@ and controllers:
409
422
  ```rb
410
423
  class MyController < ApplicationController
411
424
  def my_action
412
- rodauth #=> #<Rodauth::Auth>
425
+ rodauth #=> #<Rodauth::Auth>
413
426
  rodauth(:secondary) #=> #<Rodauth::Auth> (if using multiple configurations)
414
427
  end
415
428
  end
416
429
  ```
417
430
  ```erb
418
- <% rodauth #=> #<Rodauth::Auth> %>
431
+ <% rodauth #=> #<Rodauth::Auth> %>
419
432
  <% rodauth(:secondary) #=> #<Rodauth::Auth> (if using multiple configurations) %>
420
433
  ```
421
434
 
@@ -431,11 +444,11 @@ integration for Rodauth:
431
444
  * uses ActionMailer for sending emails
432
445
 
433
446
  The `configure { ... }` method wraps configuring the Rodauth plugin, forwarding
434
- any additional [options].
447
+ any additional [plugin options].
435
448
 
436
449
  ```rb
437
450
  configure { ... } # defining default Rodauth configuration
438
- configure(json: true) # passing options to the Rodauth plugin
451
+ configure(json: true) { ... } # passing options to the Rodauth plugin
439
452
  configure(:secondary) { ... } # defining multiple Rodauth configurations
440
453
  ```
441
454
 
@@ -485,6 +498,20 @@ Rodauth::Rails.configure do |config|
485
498
  end
486
499
  ```
487
500
 
501
+ ## Working with JWT
502
+
503
+ To use Rodauth's [JWT feature], you'll need to load Roda's JSON support:
504
+
505
+ ```rb
506
+ # lib/rodauth_app.rb
507
+ class RodauthApp < Rodauth::Rails::App
508
+ configure(json: true) do
509
+ enable :jwt
510
+ # your configuration
511
+ end
512
+ end
513
+ ```
514
+
488
515
  ## Testing
489
516
 
490
517
  If you're writing system tests, it's generally better to go through the actual
@@ -535,7 +562,7 @@ rodauth-rails changes some of the default Rodauth settings for easier setup:
535
562
 
536
563
  ### Database functions
537
564
 
538
- By default on PostgreSQL, MySQL, and Microsoft SQL Server, Rodauth uses
565
+ By default, on PostgreSQL, MySQL, and Microsoft SQL Server Rodauth uses
539
566
  database functions to access password hashes, with the user running the
540
567
  application unable to get direct access to password hashes. This reduces the
541
568
  risk of an attacker being able to access password hashes and use them to attack
@@ -546,7 +573,11 @@ to reason about, as it requires having two different database users and making
546
573
  sure the correct migration is run for the correct user.
547
574
 
548
575
  To keep with Rails' "convention over configuration" doctrine, rodauth-rails
549
- disables the use of database functions, though it can still be turned back on.
576
+ disables the use of database functions, though you can always turn it back on.
577
+
578
+ ```rb
579
+ use_database_authentication_functions? true
580
+ ```
550
581
 
551
582
  ### Account statuses
552
583
 
@@ -560,8 +591,32 @@ tests by default, but it's also commonly done in development.
560
591
 
561
592
  To address this, rodauth-rails modifies the setup to store account status text
562
593
  directly in the accounts table. If you're worried about invalid status values
563
- creeping in, you may use enums instead. Alternatively, you can still go back to
564
- the setup recommended by Rodauth.
594
+ creeping in, you may use enums instead. Alternatively, you can always go back
595
+ to the setup recommended by Rodauth.
596
+
597
+ ```rb
598
+ # in the migration:
599
+ create_table :account_statuses do |t|
600
+ t.string :name, null: false, unique: true
601
+ end
602
+ execute "INSERT INTO account_statuses (id, name) VALUES (1, 'Unverified'), (2, 'Verified'), (3, 'Closed')"
603
+
604
+ create_table :accounts do |t|
605
+ # ...
606
+ t.references :status, foreign_key: { to_table: :account_statuses }, null: false, default: 1
607
+ # ...
608
+ end
609
+ ```
610
+ ```diff
611
+ configure do
612
+ # ...
613
+ - account_status_column :status
614
+ - account_unverified_status_value "unverified"
615
+ - account_open_status_value "verified"
616
+ - account_closed_status_value "closed"
617
+ # ...
618
+ end
619
+ ```
565
620
 
566
621
  ## License
567
622
 
@@ -578,12 +633,11 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
578
633
  [Sequel]: https://github.com/jeremyevans/sequel
579
634
  [rendering views outside of controllers]: https://blog.bigbinary.com/2016/01/08/rendering-views-outside-of-controllers-in-rails-5.html
580
635
  [feature documentation]: http://rodauth.jeremyevans.net/documentation.html
581
- [Rodauth plugin]: https://github.com/jeremyevans/rodauth/#label-Plugin+Options
636
+ [JWT feature]: http://rodauth.jeremyevans.net/rdoc/files/doc/jwt_rdoc.html
582
637
  [Bootstrap]: https://getbootstrap.com/
583
638
  [Roda]: http://roda.jeremyevans.net/
584
639
  [HMAC]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-HMAC
585
640
  [database authentication functions]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Password+Hash+Access+Via+Database+Functions
586
- [multiple configurations]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-With+Multiple+Configurations
587
- [views]: /app/views/rodauth
588
641
  [Rodauth migration]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Creating+tables
589
642
  [sequel-activerecord_connection]: https://github.com/janko/sequel-activerecord_connection
643
+ [plugin options]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Plugin+Options
@@ -1,13 +1,11 @@
1
1
  require "rails/generators/base"
2
- require "rails/generators/migration"
3
- require "rails/generators/active_record"
4
- require "rodauth/version"
2
+ require "rails/generators/active_record/migration"
5
3
 
6
4
  module Rodauth
7
5
  module Rails
8
6
  module Generators
9
7
  class InstallGenerator < ::Rails::Generators::Base
10
- include ::Rails::Generators::Migration
8
+ include ::ActiveRecord::Generators::Migration
11
9
 
12
10
  source_root "#{__dir__}/templates"
13
11
  namespace "rodauth:install"
@@ -15,7 +13,7 @@ module Rodauth
15
13
  def create_rodauth_migration
16
14
  return unless defined?(ActiveRecord::Base)
17
15
 
18
- migration_template "db/migrate/create_rodauth.rb", "db/migrate/create_rodauth.rb"
16
+ migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "create_rodauth.rb")
19
17
  end
20
18
 
21
19
  def create_rodauth_initializer
@@ -24,7 +22,8 @@ module Rodauth
24
22
 
25
23
  def create_sequel_initializer
26
24
  return unless defined?(ActiveRecord::Base)
27
- return unless %w[postgresql mysql2 sqlite3].include?(adapter)
25
+ return unless %w[postgresql mysql2 sqlite3].include?(activerecord_adapter)
26
+ return if defined?(Sequel) && !Sequel::DATABASES.empty?
28
27
 
29
28
  template "config/initializers/sequel.rb"
30
29
  end
@@ -45,20 +44,32 @@ module Rodauth
45
44
 
46
45
  private
47
46
 
48
- # required by #migration_template action
49
- def self.next_migration_number(dirname)
50
- ActiveRecord::Generators::Base.next_migration_number(dirname)
47
+ def db_migrate_path
48
+ return "db/migrate" unless activerecord_at_least?(5, 0)
49
+ super
51
50
  end
52
51
 
53
52
  def migration_version
54
- if ActiveRecord.version >= Gem::Version.new("5.0.0")
53
+ if activerecord_at_least?(5, 0)
55
54
  "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
56
55
  end
57
56
  end
58
57
 
59
- def adapter
58
+ def sequel_adapter
59
+ case activerecord_adapter
60
+ when "postgresql" then "postgres#{"ql" if RUBY_ENGINE == "jruby"}"
61
+ when "mysql2" then "mysql#{"2" unless RUBY_ENGINE == "jruby"}"
62
+ when "sqlite3" then "sqlite"
63
+ end
64
+ end
65
+
66
+ def activerecord_adapter
60
67
  ActiveRecord::Base.connection_config.fetch(:adapter)
61
68
  end
69
+
70
+ def activerecord_at_least?(major, minor)
71
+ ActiveRecord.version >= Gem::Version.new("#{major}.#{minor}")
72
+ end
62
73
  end
63
74
  end
64
75
  end
@@ -1,5 +1,4 @@
1
1
  require "rails/generators/base"
2
- require "rodauth/version"
3
2
 
4
3
  module Rodauth
5
4
  module Rails
@@ -1,4 +1,3 @@
1
- <% if Rodauth::MAJOR == 2 -%>
2
1
  <%% unless rodauth.login_form_footer_links.empty? %>
3
2
  <h2>Other Options</h2>
4
3
  <ul>
@@ -7,17 +6,3 @@
7
6
  <%% end %>
8
7
  </ul>
9
8
  <%% end %>
10
- <% else -%>
11
- <%% if rodauth.features.include?(:create_account) %>
12
- <p><%%= link_to "Create a New Account", rodauth.create_account_path %></p>
13
- <%% end %>
14
- <%% if rodauth.features.include?(:reset_password) %>
15
- <p><%%= link_to "Forgot Password?", rodauth.reset_password_request_path %></p>
16
- <%% end %>
17
- <%% if rodauth.features.include?(:email_auth) && rodauth.valid_login_entered? %>
18
- <%%= render "email_auth_request_form" %>
19
- <%% end %>
20
- <%% if rodauth.features.include?(:verify_account) %>
21
- <p><%%= link_to "Resend Verify Account Information", rodauth.verify_account_resend_path %></p>
22
- <%% end %>
23
- <% end -%>
@@ -1,4 +1,4 @@
1
1
  <div class="form-group">
2
2
  <%%= label_tag "password", "Password" %>
3
- <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: "current-password" %>
3
+ <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: rodauth.password_field_autocomplete_value %>
4
4
  </div>
@@ -1,6 +1,4 @@
1
1
  <%%= form_tag rodauth.logout_path, method: :post do %>
2
- <% if Rodauth::MAJOR == 2 -%>
3
2
  <%%= render "global_logout_field" if rodauth.features.include?(:active_sessions) %>
4
- <% end -%>
5
3
  <%%= render "submit", value: "Logout", class: "btn btn-warning" %>
6
4
  <%% end %>
@@ -2,12 +2,3 @@
2
2
  <%%= render "otp_auth_code_field" %>
3
3
  <%%= render "submit", value: "Authenticate Using TOTP" %>
4
4
  <%% end %>
5
- <% if Rodauth::MAJOR == 1 -%>
6
-
7
- <%% if rodauth.features.include?(:sms_codes) && rodauth.sms_available? %>
8
- <p><%%= link_to "Authenticate using SMS code", rodauth.sms_request_path %></p>
9
- <%% end %>
10
- <%% if rodauth.features.include?(:recovery_codes) %>
11
- <p><%%= link_to "Authenticate using recovery code", rodauth.recovery_auth_path %></p>
12
- <%% end %>
13
- <% end -%>
@@ -6,7 +6,7 @@
6
6
  </div>
7
7
 
8
8
  <div class="form-check">
9
- <%%= radio_button_tag rodauth.remember_param, rodauth.rememember_forget_param_value, false, id: "remember-forget", class: "form-check-input" %>
9
+ <%%= radio_button_tag rodauth.remember_param, rodauth.remember_forget_param_value, false, id: "remember-forget", class: "form-check-input" %>
10
10
  <%%= label_tag "remember-forget", "Forget Me", class: "form-check-label" %>
11
11
  </div>
12
12
 
@@ -1,13 +1,8 @@
1
1
  require "sequel/core"
2
2
 
3
- # initialize the appropriate Sequel adapter without creating a connection
4
- <% case adapter -%>
5
- <% when "postgresql" -%>
6
- DB = Sequel.postgres(test: false)
7
- <% when "mysql2" -%>
8
- DB = Sequel.mysql2(test: false)
9
- <% when "sqlite3" -%>
10
- DB = Sequel.sqlite(test: false)
3
+ # initialize Sequel and have it reuse Active Record's database connection
4
+ <%- if RUBY_ENGINE == "jruby" -%>
5
+ DB = Sequel.connect("jdbc:<%= sequel_adapter %>://", extensions: :activerecord_connection)
6
+ <% else -%>
7
+ DB = Sequel.<%= sequel_adapter %>(extensions: :activerecord_connection)
11
8
  <% end -%>
12
- # have Sequel use ActiveRecord's connection for database interaction
13
- DB.extension :activerecord_connection
@@ -1,11 +1,11 @@
1
1
  class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
2
2
  def change
3
- <% if adapter == "postgresql" -%>
3
+ <% if activerecord_adapter == "postgresql" -%>
4
4
  enable_extension "citext"
5
5
 
6
6
  <% end -%>
7
7
  create_table :accounts do |t|
8
- <% case adapter -%>
8
+ <% case activerecord_adapter -%>
9
9
  <% when "postgresql" -%>
10
10
  t.citext :email, null: false, index: { unique: true, where: "status IN ('verified', 'unverified')" }
11
11
  <% else -%>
@@ -53,10 +53,10 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
53
53
 
54
54
  # # Used by the audit logging feature
55
55
  # create_table :account_authentication_audit_logs do |t|
56
- # t.references :account, null: false
56
+ # t.references :account, foreign_key: true, null: false
57
57
  # t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
58
58
  # t.text :message, null: false
59
- <% case adapter -%>
59
+ <% case activerecord_adapter -%>
60
60
  <% when "postgresql" -%>
61
61
  # t.jsonb :metadata
62
62
  <% when "sqlite3", "mysql2" -%>
@@ -70,7 +70,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
70
70
 
71
71
  # # Used by the jwt refresh feature
72
72
  # create_table :account_jwt_refresh_keys do |t|
73
- # t.references :account, null: false
73
+ # t.references :account, foreign_key: true, null: false
74
74
  # t.string :key, null: false
75
75
  # t.datetime :deadline, null: false
76
76
  # t.index :account_id, name: "account_jwt_rk_account_id_idx"
@@ -78,7 +78,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
78
78
 
79
79
  # # Used by the disallow_password_reuse feature
80
80
  # create_table :account_previous_password_hashes do |t|
81
- # t.references :account
81
+ # t.references :account, foreign_key: true
82
82
  # t.string :password_hash, null: false
83
83
  # end
84
84
 
@@ -124,7 +124,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
124
124
 
125
125
  # # Used by the active sessions feature
126
126
  # create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
127
- # t.references :account
127
+ # t.references :account, foreign_key: true
128
128
  # t.string :session_id
129
129
  # t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
130
130
  # t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
@@ -136,7 +136,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
136
136
  # t.string :webauthn_id, null: false
137
137
  # end
138
138
  # create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do |t|
139
- # t.references :account
139
+ # t.references :account, foreign_key: true
140
140
  # t.string :webauthn_id
141
141
  # t.string :public_key, null: false
142
142
  # t.integer :sign_count, null: false
@@ -42,26 +42,31 @@ class RodauthApp < Rodauth::Rails::App
42
42
  # ==> Emails
43
43
  # Uncomment the lines below once you've imported mailer views.
44
44
  # send_reset_password_email do
45
- # RodauthMailer.reset_password(email_to, reset_password_email_link).deliver_now
45
+ # mailer_send(:reset_password, email_to, reset_password_email_link)
46
46
  # end
47
47
  # send_verify_account_email do
48
- # RodauthMailer.verify_account(email_to, verify_account_email_link).deliver_now
48
+ # mailer_send(:verify_account, email_to, verify_account_email_link)
49
49
  # end
50
50
  # send_verify_login_change_email do |login|
51
- # RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link).deliver_now
51
+ # mailer_send(:verify_login_change, login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
52
52
  # end
53
53
  # send_password_changed_email do
54
- # RodauthMailer.password_changed(email_to).deliver_now
54
+ # mailer_send(:password_changed, email_to)
55
55
  # end
56
56
  # # send_email_auth_email do
57
- # # RodauthMailer.email_auth(email_to, email_auth_email_link).deliver_now
57
+ # # mailer_send(:email_auth, email_to, email_auth_email_link)
58
58
  # # end
59
59
  # # send_unlock_account_email do
60
- <% if Rodauth::MAJOR == 1 -%>
61
- # # @unlock_account_key_value = get_unlock_account_key
62
- <% end -%>
63
- # # RodauthMailer.unlock_account(email_to, unlock_account_email_link).deliver_now
60
+ # # mailer_send(:unlock_account, email_to, unlock_account_email_link)
64
61
  # # end
62
+ # auth_class_eval do
63
+ # # queue email delivery on the mailer after the transaction commits
64
+ # def mailer_send(type, *args)
65
+ # db.after_commit do
66
+ # RodauthMailer.public_send(type, *args).deliver_later
67
+ # end
68
+ # end
69
+ # end
65
70
 
66
71
  # In the meantime you can tweak settings for emails created by Rodauth
67
72
  # email_subject_prefix "[MyApp] "
@@ -99,9 +104,6 @@ class RodauthApp < Rodauth::Rails::App
99
104
  # Extend user's remember period when remembered via a cookie
100
105
  extend_remember_deadline? true
101
106
 
102
- # Consider remembered users to be multifactor-authenticated (if using MFA).
103
- # after_load_memory { two_factor_update_session("totp") if two_factor_authentication_setup? }
104
-
105
107
  # ==> Hooks
106
108
  # Validate custom fields in the create account form.
107
109
  # before_create_account do
@@ -134,19 +136,6 @@ class RodauthApp < Rodauth::Rails::App
134
136
  # reset_password_deadline_interval Hash[hours: 6]
135
137
  # verify_login_change_deadline_interval Hash[days: 2]
136
138
  # remember_deadline_interval Hash[days: 30]
137
-
138
- # ==> Extending
139
- # Define any additional methods you want for the Rodauth object.
140
- # auth_class_eval do
141
- # def my_send_email(name, *args)
142
- # AuthenticationMailer.public_send(name, *args).deliver_later
143
- # end
144
- # end
145
- #
146
- # Then use the new custom method in configuration blocks.
147
- # send_password_reset_email do
148
- # my_send_email(:password_reset, email_to, password_reset_email_link)
149
- # end
150
139
  end
151
140
 
152
141
  # ==> Multiple configurations
@@ -1,5 +1,4 @@
1
1
  require "rails/generators/base"
2
- require "rodauth/version"
3
2
 
4
3
  module Rodauth
5
4
  module Rails
@@ -8,6 +7,21 @@ module Rodauth
8
7
  source_root "#{__dir__}/templates"
9
8
  namespace "rodauth:views"
10
9
 
10
+ argument :features, optional: true, type: :array,
11
+ desc: "Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)",
12
+ default: %w[login logout create_account verify_account reset_password change_password change_login verify_login_change close_account]
13
+
14
+ class_option :features, type: :array,
15
+ desc: "[DEPRECATED] Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)"
16
+
17
+ class_option :all, aliases: "-a", type: :boolean,
18
+ desc: "Generates views for all Rodauth features",
19
+ default: false
20
+
21
+ class_option :directory, aliases: "-d", type: :string,
22
+ desc: "The directory under app/views/* into which to create views",
23
+ default: "rodauth"
24
+
11
25
  VIEWS = {
12
26
  login: %w[
13
27
  _field _field_error _login_field _login_display _password_field
@@ -84,34 +98,18 @@ module Rodauth
84
98
  webauthn: :two_factor_base,
85
99
  }
86
100
 
87
- class_option :features, type: :array,
88
- desc: "Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)",
89
- default: %w[login logout create_account verify_account reset_password change_password change_login verify_login_change close_account]
90
-
91
- class_option :all, aliases: "-a", type: :boolean,
92
- desc: "Generates views for all Rodauth features",
93
- default: false
94
-
95
- class_option :directory, aliases: "-d", type: :string,
96
- desc: "The directory under app/views/* into which to create views",
97
- default: "rodauth"
98
-
99
101
  def create_views
100
- features = options[:all] ? VIEWS.keys : options[:features].map(&:to_sym)
102
+ if options[:all]
103
+ features = VIEWS.keys
104
+ else
105
+ features = (options[:features] || self.features).map(&:to_sym)
106
+ end
101
107
 
102
108
  views = features.inject([]) do |list, feature|
103
109
  list |= VIEWS[feature] || []
104
110
  list |= VIEWS[DEPENDENCIES[feature]] || []
105
111
  end
106
112
 
107
- if Rodauth::MAJOR == 1
108
- views -= %w[
109
- multi_phase_login _global_logout_field
110
- two_factor_manage two_factor_auth two_factor_disable
111
- webauthn_setup webauthn_auth webauthn_remove
112
- ]
113
- end
114
-
115
113
  views.each do |view|
116
114
  template "app/views/rodauth/#{view}.html.erb",
117
115
  "app/views/#{options[:directory].underscore}/#{view}.html.erb"
@@ -1,3 +1,4 @@
1
+ require "rodauth/version"
1
2
  require "rodauth/rails/railtie"
2
3
 
3
4
  module Rodauth
@@ -28,6 +28,16 @@ module Rodauth
28
28
  super
29
29
  end
30
30
 
31
+ # Verify Rails' authenticity token.
32
+ def check_csrf
33
+ rails_check_csrf!
34
+ end
35
+
36
+ # Have Rodauth call #check_csrf automatically.
37
+ def check_csrf?
38
+ true
39
+ end
40
+
31
41
  # Render Rails CSRF tags in Rodauth templates.
32
42
  def csrf_tag(*)
33
43
  rails_csrf_tag
@@ -40,12 +50,6 @@ module Rodauth
40
50
 
41
51
  private
42
52
 
43
- # Verify Rails' authenticity token before each Rodauth route.
44
- def before_rodauth
45
- rails_check_csrf!
46
- super
47
- end
48
-
49
53
  # Create emails with ActionMailer which uses configured delivery method.
50
54
  def create_email_to(to, subject, body)
51
55
  Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |spec|
2
2
  spec.name = "rodauth-rails"
3
- spec.version = "0.1.2"
3
+ spec.version = "0.3.1"
4
4
  spec.authors = ["Janko Marohnić"]
5
5
  spec.email = ["janko.marohnic@gmail.com"]
6
6
 
@@ -15,8 +15,8 @@ Gem::Specification.new do |spec|
15
15
  spec.require_paths = ["lib"]
16
16
 
17
17
  spec.add_dependency "railties", ">= 4.2", "< 7"
18
- spec.add_dependency "rodauth", ">= 1.23", "< 3"
19
- spec.add_dependency "sequel-activerecord_connection", "~> 0.2"
18
+ spec.add_dependency "rodauth", "~> 2.1"
19
+ spec.add_dependency "sequel-activerecord_connection", "~> 1.0"
20
20
  spec.add_dependency "tilt"
21
21
  spec.add_dependency "bcrypt"
22
22
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Janko Marohnić
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-05-14 00:00:00.000000000 Z
11
+ date: 2020-10-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties
@@ -34,36 +34,30 @@ dependencies:
34
34
  name: rodauth
35
35
  requirement: !ruby/object:Gem::Requirement
36
36
  requirements:
37
- - - ">="
38
- - !ruby/object:Gem::Version
39
- version: '1.23'
40
- - - "<"
37
+ - - "~>"
41
38
  - !ruby/object:Gem::Version
42
- version: '3'
39
+ version: '2.1'
43
40
  type: :runtime
44
41
  prerelease: false
45
42
  version_requirements: !ruby/object:Gem::Requirement
46
43
  requirements:
47
- - - ">="
48
- - !ruby/object:Gem::Version
49
- version: '1.23'
50
- - - "<"
44
+ - - "~>"
51
45
  - !ruby/object:Gem::Version
52
- version: '3'
46
+ version: '2.1'
53
47
  - !ruby/object:Gem::Dependency
54
48
  name: sequel-activerecord_connection
55
49
  requirement: !ruby/object:Gem::Requirement
56
50
  requirements:
57
51
  - - "~>"
58
52
  - !ruby/object:Gem::Version
59
- version: '0.2'
53
+ version: '1.0'
60
54
  type: :runtime
61
55
  prerelease: false
62
56
  version_requirements: !ruby/object:Gem::Requirement
63
57
  requirements:
64
58
  - - "~>"
65
59
  - !ruby/object:Gem::Version
66
- version: '0.2'
60
+ version: '1.0'
67
61
  - !ruby/object:Gem::Dependency
68
62
  name: tilt
69
63
  requirement: !ruby/object:Gem::Requirement
@@ -99,6 +93,7 @@ executables: []
99
93
  extensions: []
100
94
  extra_rdoc_files: []
101
95
  files:
96
+ - CHANGELOG.md
102
97
  - LICENSE.txt
103
98
  - README.md
104
99
  - lib/generators/rodauth/install_generator.rb
@@ -200,7 +195,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
200
195
  - !ruby/object:Gem::Version
201
196
  version: '0'
202
197
  requirements: []
203
- rubygems_version: 3.1.1
198
+ rubygems_version: 3.1.4
204
199
  signing_key:
205
200
  specification_version: 4
206
201
  summary: Provides Rails integration for Rodauth.