rodauth-rails 0.1.3 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6582c0a5c1acbaa774ec0dd8b3909797afdb7f6a5e09e528125a021aedb2b7d5
-  data.tar.gz: 851e5ed231d870497e014d5eed35884e2ee15bacdb5ed66bd8ad4d5a00657b3e
+  metadata.gz: dd5d6b153ae21b024570d612aff57a2c0d6f090f2215723b25bbc362ee743c9b
+  data.tar.gz: e6aac1fe20d00bd4c94559c74dbc56bd971da4404d086ec3193db8e06fe2a3bd
 SHA512:
-  metadata.gz: '0429e4c00fdd4d48b34e319763cf36598b7635720ac8e37ea965a7f0ff68b8a94914f48ab92801893329f3e9c32ccb17f304bb59c4894c83ed0c0dad09b3530b'
-  data.tar.gz: f1df4d89de84cb4fe9294101eeb7e5e19e3b0338aeee932278810465e3ea7d0529c490e7071391d74b2bbb11de6c74729a9cfeb64c92ffb5ebf74e7e8dab63e8
+  metadata.gz: 83a5c386eaf39c7aa9b0536e9aed25e8a61bc069e2388bee556b28e9ee00941528fd5431199711d77a28212d281376258ecf0b914d6aa928954d8d99543b827b
+  data.tar.gz: 815d7fee34954d2f512e4532d02bb9d183ad9bde92fc622d522c517cd9db575c8fef98c857dce81c8329cd1798481b8e2f4609390b2472d83825d393886a3576

data/CHANGELOG.md

@@ -0,0 +1,54 @@
+## 0.4.0 (2020-11-02)
+
+* Support Rails API-only mode (@janko)
+
+* Make `rodauth:install` create `rodauth_app.rb` in `app/lib/` directory (@janko)
+
+## 0.3.1 (2020-10-25)
+
+* Depend on sequel-activerecord_connection 1.0+ (@janko)
+
+## 0.3.0 (2020-09-18)
+
+* Handle custom configured database migration paths in install generator (@janko)
+
+* Allow specifying features as plain arguments in `rodauth:views` generator (@janko)
+
+* Add some missing foreign key constraints in generated migration file (@janko)
+
+## 0.2.1 (2020-07-26)
+
+* Fix incorrect JDBC connect syntax in `sequel.rb` template on JRuby (@janko)
+
+## 0.2.0 (2020-07-26)
+
+* Drop support for Rodauth 1.x (@janko)
+
+* Change `rodauth_app.rb` template to send emails in the background after transaction commit (@janko)
+
+* Bump `sequel-activerecord_connection` dependency to `~> 0.3` (@janko)
+
+* Use the JDBC adapter in sequel.rb initializer when on JRuby (@janko)
+
+## 0.1.3 (2020-07-04)
+
+* Remove insecure MFA integration with remember feature suggestion in `lib/rodauth_app.rb` (@janko, @nicolas-besnard)
+
+* Use correct password autocomplete value on Rodauth 2.1+ (@janko)
+
+* Enable skipping CSRF protection on Rodauth 2.1+ by overriding `#check_csrf?` (@janko)
+
+* Don't generate Sequel initializer if Sequel connection exists (@janko)
+
+* Fix typo in remember view template (@nicolas-besnard)
+
+* Fix some more typos in `lib/rodauth_app.rb` (@janko)
+
+## 0.1.2 (2020-05-14)
+
+* Fix some typos in comment suggestions in `lib/rodauth_app.rb` (@janko)
+
+## 0.1.1 (2020-05-09)
+
+* Include view templates in the gem (@janko)
+* Use `Login` labels to be consistent with Rodauth (@janko)

data/README.md

@@ -13,7 +13,12 @@ Provides Rails integration for the [Rodauth] authentication framework.
 Add the gem to your Gemfile:
 
 ```rb
-gem "rodauth-rails", "~> 0.1"
+gem "rodauth-rails", "~> 0.3"
+
+# gem "jwt",      require: false # for JWT feature
+# gem "rotp",     require: false # for OTP feature
+# gem "rqrcode",  require: false # for OTP feature
+# gem "webauthn", require: false # for WebAuthn feature
 ```
 
 Then run `bundle install`.
@@ -29,7 +34,7 @@ The generator will create the following files:
 * Rodauth migration at `db/migrate/*_create_rodauth.rb`
 * Rodauth initializer at `config/initializers/rodauth.rb`
 * Sequel initializer at `config/initializers/sequel.rb` for ActiveRecord integration
-* Rodauth app at `lib/rodauth_app.rb`
+* Rodauth app at `app/lib/rodauth_app.rb`
 * Rodauth controller at `app/controllers/rodauth_controller.rb`
 * Account model at `app/models/account.rb`
 
@@ -82,20 +87,18 @@ ActiveRecord connection.
 # config/initializers/sequel.rb
 require "sequel/core"
 
-# initialize the appropriate Sequel adapter without creating a connection
-DB = Sequel.postgres(test: false)
-# have Sequel use ActiveRecord's connection for database interaction
-DB.extension :activerecord_connection
+# initialize Sequel and have it reuse Active Record's database connection
+DB = Sequel.postgres(extensions: :activerecord_connection)
 ```
 
 ### Rodauth app
 
-Your Rodauth app is created in the `lib/` directory, which comes with a default
-set of authentication features enabled, as well as extensive examples on ways
-you can configure authentication behaviour.
+Your Rodauth app is created in the `app/lib/` directory, and comes with a
+default set of authentication features enabled, as well as extensive examples
+on ways you can configure authentication behaviour.
 
 ```rb
-# lib/rodauth_app.rb
+# app/lib/rodauth_app.rb
 class RodauthApp < Rodauth::Rails::App
   configure do
     # authentication configuration
@@ -107,19 +110,6 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
 
-Note that Rails doesn't autoload files in the `lib/` directory by default, so
-make sure to add `lib/` to your `config.autoload_paths`:
-
-```rb
-# config/application.rb
-module YourApp
-  class Application < Rails::Application
-    # ...
-    config.autoload_paths += %W[#{config.root}/lib]
-  end
-end
-```
-
 ### Controller
 
 Your Rodauth app will by default use `RodauthController` for view rendering
@@ -162,17 +152,24 @@ These links are fully functional, feel free to visit them and interact with the
 pages. The templates that ship with Rodauth aim to provide a complete
 authentication experience, and the forms use [Bootstrap] markup.
 
-Let's also add the `#current_account` method for retrieving the account of the
-the authenticated session:
+Let's also load the account record for authenticated requests and expose it via
+`#current_account`:
 
 ```rb
 # app/controllers/application_controller.rb
 class ApplicationController < ActionController::Base
+  before_action :load_account, if: -> { rodauth.authenticated? }
+
   private
 
-  def current_account
-    @current_account ||= Account.find(rodauth.session_value)
+  def load_account
+    @current_account = Account.find(rodauth.session_value)
+  rescue ActiveRecord::RecordNotFound
+    rodauth.logout
+    rodauth.login_required
   end
+
+  attr_reader   :current_account
   helper_method :current_account
 end
 ```
@@ -258,7 +255,7 @@ You can pass a list of Rodauth features to the generator to create views for
 these features (this will not remove any existing views):
 
 ```sh
-$ rails generate rodauth:views --features login create_account lockout otp
+$ rails generate rodauth:views login create_account lockout otp
 ```
 
 Or you can generate views for all features:
@@ -358,23 +355,31 @@ class RodauthApp < Rodauth::Rails::App
   configure do
     # ...
     send_reset_password_email do
-      RodauthMailer.reset_password(email_to, reset_password_email_link).deliver_now
+      mailer_send(:reset_password, email_to, reset_password_email_link)
     end
     send_verify_account_email do
-      RodauthMailer.verify_account(email_to, verify_account_email_link).deliver_now
+      mailer_send(:verify_account, email_to, verify_account_email_link)
     end
     send_verify_login_change_email do |login|
-      RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link).deliver_now
+      mailer_send(:verify_login_change, login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
     end
     send_password_changed_email do
-      RodauthMailer.password_changed(email_to).deliver_now
+      mailer_send(:password_changed, email_to)
     end
     # send_email_auth_email do
-    #   RodauthMailer.email_auth(email_to, email_auth_email_link).deliver_now
+    #   mailer_send(:email_auth, email_to, email_auth_email_link)
     # end
     # send_unlock_account_email do
-    #   RodauthMailer.unlock_account(email_to, unlock_account_email_link).deliver_now
+    #   mailer_send(:unlock_account, email_to, unlock_account_email_link)
     # end
+    auth_class_eval do
+      # queue email delivery on the mailer after the transaction commits
+      def mailer_send(type, *args)
+        db.after_commit do
+          RodauthMailer.public_send(type, *args).deliver_later
+        end
+      end
+    end
     # ...
   end
 end
@@ -399,7 +404,7 @@ The Rodauth app stores the `Rodauth::Auth` instance in the Rack env hash, which
 is then available in your Rails app:
 
 ```rb
-request.env["rodauth"] #=> #<Rodauth::Auth>
+request.env["rodauth"]           #=> #<Rodauth::Auth>
 request.env["rodauth.secondary"] #=> #<Rodauth::Auth> (if using multiple configurations)
 ```
 
@@ -409,13 +414,13 @@ and controllers:
 ```rb
 class MyController < ApplicationController
   def my_action
-    rodauth #=> #<Rodauth::Auth>
+    rodauth             #=> #<Rodauth::Auth>
     rodauth(:secondary) #=> #<Rodauth::Auth> (if using multiple configurations)
   end
 end
 ```
 ```erb
-<% rodauth #=> #<Rodauth::Auth> %>
+<% rodauth             #=> #<Rodauth::Auth> %>
 <% rodauth(:secondary) #=> #<Rodauth::Auth> (if using multiple configurations) %>
 ```
 
@@ -431,11 +436,11 @@ integration for Rodauth:
 * uses ActionMailer for sending emails
 
 The `configure { ... }` method wraps configuring the Rodauth plugin, forwarding
-any additional [options].
+any additional [plugin options].
 
 ```rb
 configure { ... }             # defining default Rodauth configuration
-configure(json: true)         # passing options to the Rodauth plugin
+configure(json: true) { ... } # passing options to the Rodauth plugin
 configure(:secondary) { ... } # defining multiple Rodauth configurations
 ```
 
@@ -487,18 +492,26 @@ end
 
 ## Working with JWT
 
-To work with JWT, you'll need to enable json in `Roda`, and the [JWT plugin][Rodauth JWT documentation]
+To use Rodauth's [JWT feature], you'll need to load Roda's JSON support in
+`configure`:
 
 ```rb
 # lib/rodauth_app.rb
 class RodauthApp < Rodauth::Rails::App
   configure(json: true) do
     enable :jwt
+    jwt_secret "...your secret key..."
     # your configuration
   end
 end
 ```
 
+Make sure to store the `jwt_secret` in a secure place, such as Rails
+credentials or environment variables.
+
+Rodauth's JWT feature depends on the [JWT gem], so make sure to add it to your
+Gemfile.
+
 ## Testing
 
 If you're writing system tests, it's generally better to go through the actual
@@ -595,10 +608,14 @@ create_table :accounts do |t|
 end
 ```
 ```diff
+configure do
+  # ...
 - account_status_column :status
 - account_unverified_status_value "unverified"
 - account_open_status_value "verified"
 - account_closed_status_value "closed"
+  # ...
+end
 ```
 
 ## License
@@ -616,13 +633,12 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [Sequel]: https://github.com/jeremyevans/sequel
 [rendering views outside of controllers]: https://blog.bigbinary.com/2016/01/08/rendering-views-outside-of-controllers-in-rails-5.html
 [feature documentation]: http://rodauth.jeremyevans.net/documentation.html
-[Rodauth JWT documentation]: http://rodauth.jeremyevans.net/rdoc/files/doc/jwt_rdoc.html
-[Rodauth plugin]: https://github.com/jeremyevans/rodauth/#label-Plugin+Options
+[JWT feature]: http://rodauth.jeremyevans.net/rdoc/files/doc/jwt_rdoc.html
+[JWT gem]: https://github.com/jwt/ruby-jwt
 [Bootstrap]: https://getbootstrap.com/
 [Roda]: http://roda.jeremyevans.net/
 [HMAC]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-HMAC
 [database authentication functions]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Password+Hash+Access+Via+Database+Functions
-[multiple configurations]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-With+Multiple+Configurations
-[views]: /app/views/rodauth
 [Rodauth migration]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Creating+tables
 [sequel-activerecord_connection]: https://github.com/janko/sequel-activerecord_connection
+[plugin options]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Plugin+Options

data/lib/generators/rodauth/install_generator.rb

@@ -1,12 +1,13 @@
 require "rails/generators/base"
-require "rails/generators/migration"
-require "rails/generators/active_record"
+require "rails/generators/active_record/migration"
+
+require "securerandom"
 
 module Rodauth
   module Rails
     module Generators
       class InstallGenerator < ::Rails::Generators::Base
-        include ::Rails::Generators::Migration
+        include ::ActiveRecord::Generators::Migration
 
         source_root "#{__dir__}/templates"
         namespace "rodauth:install"
@@ -14,7 +15,7 @@ module Rodauth
         def create_rodauth_migration
           return unless defined?(ActiveRecord::Base)
 
-          migration_template "db/migrate/create_rodauth.rb", "db/migrate/create_rodauth.rb"
+          migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "create_rodauth.rb")
         end
 
         def create_rodauth_initializer
@@ -23,14 +24,14 @@ module Rodauth
 
         def create_sequel_initializer
           return unless defined?(ActiveRecord::Base)
-          return unless %w[postgresql mysql2 sqlite3].include?(adapter)
+          return unless %w[postgresql mysql2 sqlite3].include?(activerecord_adapter)
           return if defined?(Sequel) && !Sequel::DATABASES.empty?
 
           template "config/initializers/sequel.rb"
         end
 
         def create_rodauth_app
-          template "lib/rodauth_app.rb"
+          template "app/lib/rodauth_app.rb"
         end
 
         def create_rodauth_controller
@@ -45,20 +46,35 @@ module Rodauth
 
         private
 
-        # required by #migration_template action
-        def self.next_migration_number(dirname)
-          ActiveRecord::Generators::Base.next_migration_number(dirname)
+        def db_migrate_path
+          return "db/migrate" unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+          super
         end
 
         def migration_version
-          if ActiveRecord.version >= Gem::Version.new("5.0.0")
+          if ActiveRecord.version >= Gem::Version.new("5.0")
             "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
           end
         end
 
-        def adapter
+        def sequel_adapter
+          case activerecord_adapter
+          when "postgresql" then "postgres#{"ql" if RUBY_ENGINE == "jruby"}"
+          when "mysql2"     then "mysql#{"2" unless RUBY_ENGINE == "jruby"}"
+          when "sqlite3"    then "sqlite"
+          end
+        end
+
+        def activerecord_adapter
           ActiveRecord::Base.connection_config.fetch(:adapter)
         end
+
+        def api_only?
+          return false if ::Rails.gem_version < Gem::Version.new("5.0")
+
+          ::Rails.application.config.api_only
+        end
       end
     end
   end

data/lib/generators/rodauth/templates/{lib → app/lib}/rodauth_app.rb

@@ -1,8 +1,8 @@
 class RodauthApp < Rodauth::Rails::App
-  configure do
+  configure<%= " json: :only" if api_only? %> do
     # List of authentication features that are loaded.
     enable :create_account, :verify_account, :verify_account_grace_period,
-      :login, :remember, :logout,
+      :login, :logout, <%= api_only? ? ":jwt" : ":remember" %>,
       :reset_password, :change_password, :change_password_notify,
       :change_login, :verify_login_change,
       :close_account
@@ -38,30 +38,47 @@ class RodauthApp < Rodauth::Rails::App
 
     # Redirect to the app from login and registration pages if already logged in.
     # already_logged_in { redirect login_redirect }
+<% if api_only? -%>
+
+    # ==> JWT
+    # Set JWT secret, which is used to cryptographically protect the token.
+    jwt_secret "<%= SecureRandom.hex(64) %>"
+
+    # Don't require login confirmation param.
+    require_login_confirmation? false
+
+    # Don't require password confirmation param.
+    require_password_confirmation? false
+<% end -%>
 
     # ==> Emails
     # Uncomment the lines below once you've imported mailer views.
     # send_reset_password_email do
-    #   RodauthMailer.reset_password(email_to, reset_password_email_link).deliver_now
+    #   mailer_send(:reset_password, email_to, reset_password_email_link)
     # end
     # send_verify_account_email do
-    #   RodauthMailer.verify_account(email_to, verify_account_email_link).deliver_now
+    #   mailer_send(:verify_account, email_to, verify_account_email_link)
     # end
     # send_verify_login_change_email do |login|
-    #   RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link).deliver_now
+    #   mailer_send(:verify_login_change, login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
     # end
     # send_password_changed_email do
-    #   RodauthMailer.password_changed(email_to).deliver_now
+    #   mailer_send(:password_changed, email_to)
     # end
     # # send_email_auth_email do
-    # #   RodauthMailer.email_auth(email_to, email_auth_email_link).deliver_now
+    # #   mailer_send(:email_auth, email_to, email_auth_email_link)
     # # end
     # # send_unlock_account_email do
-<% if Rodauth::MAJOR == 1 -%>
-    # #   @unlock_account_key_value = get_unlock_account_key
-<% end -%>
-    # #   RodauthMailer.unlock_account(email_to, unlock_account_email_link).deliver_now
+    # #   mailer_send(:unlock_account, email_to, unlock_account_email_link)
     # # end
+    # auth_class_eval do
+    #   # queue email delivery on the mailer after the transaction commits
+    #   def mailer_send(type, *args)
+    #     db.after_commit do
+    #       RodauthMailer.public_send(type, *args).deliver_later
+    #     end
+    #   end
+    # end
 
     # In the meantime you can tweak settings for emails created by Rodauth
     # email_subject_prefix "[MyApp] "
@@ -70,10 +87,12 @@ class RodauthApp < Rodauth::Rails::App
     # reset_password_email_body { "Click here to reset your password: #{reset_password_email_link}" }
 
     # ==> Flash
+<% unless api_only? -%>
     # Match flash keys with ones already used in the Rails app.
     # flash_notice_key :success # default is :notice
     # flash_error_key :error # default is :alert
 
+<% end -%>
     # Override default flash messages.
     # create_account_notice_flash "Your account has been created. Please verify your account by visiting the confirmation link sent to your email address."
     # require_login_error_flash "Login is required for accessing this page"
@@ -88,6 +107,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Change minimum number of password characters required when creating an account.
     # password_minimum_length 8
+<% unless api_only? -%>
 
     # ==> Remember Feature
     # Remember all logged in users.
@@ -98,6 +118,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Extend user's remember period when remembered via a cookie
     extend_remember_deadline? true
+<% end -%>
 
     # ==> Hooks
     # Validate custom fields in the create account form.
@@ -131,19 +152,6 @@ class RodauthApp < Rodauth::Rails::App
     # reset_password_deadline_interval Hash[hours: 6]
     # verify_login_change_deadline_interval Hash[days: 2]
     # remember_deadline_interval Hash[days: 30]
-
-    # ==> Extending
-    # Define any additional methods you want for the Rodauth object.
-    # auth_class_eval do
-    #   def my_send_email(name, *args)
-    #     AuthenticationMailer.public_send(name, *args).deliver_later
-    #   end
-    # end
-    #
-    # Then use the new custom method in configuration blocks.
-    # send_reset_password_email do
-    #   my_send_email(:reset_password, email_to, reset_password_email_link)
-    # end
   end
 
   # ==> Multiple configurations
@@ -155,8 +163,10 @@ class RodauthApp < Rodauth::Rails::App
   # end
 
   route do |r|
+<% unless api_only? -%>
     rodauth.load_memory # autologin remembered users
 
+<% end -%>
     r.rodauth # route rodauth requests
 
     # ==> Authenticating Requests

data/lib/generators/rodauth/templates/app/views/rodauth/_login_form_footer.html.erb

@@ -1,4 +1,3 @@
-<% if Rodauth::MAJOR >= 2 -%>
 <%% unless rodauth.login_form_footer_links.empty? %>
   <h2>Other Options</h2>
   <ul>
@@ -7,17 +6,3 @@
     <%% end %>
   </ul>
 <%% end %>
-<% else -%>
-<%% if rodauth.features.include?(:create_account) %>
-  <p><%%= link_to "Create a New Account", rodauth.create_account_path %></p>
-<%% end %>
-<%% if rodauth.features.include?(:reset_password) %>
-  <p><%%= link_to "Forgot Password?", rodauth.reset_password_request_path %></p>
-<%% end %>
-<%% if rodauth.features.include?(:email_auth) && rodauth.valid_login_entered? %>
-  <%%= render "email_auth_request_form" %>
-<%% end %>
-<%% if rodauth.features.include?(:verify_account) %>
-  <p><%%= link_to "Resend Verify Account Information", rodauth.verify_account_resend_path %></p>
-<%% end %>
-<% end -%>

data/lib/generators/rodauth/templates/app/views/rodauth/_password_field.html.erb

@@ -1,4 +1,4 @@
 <div class="form-group">
   <%%= label_tag "password", "Password" %>
-  <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: <%= Rodauth::MAJOR >= 2 && Rodauth::MINOR >= 1 ? %(rodauth.password_field_autocomplete_value) : %("current-password") %> %>
+  <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: rodauth.password_field_autocomplete_value %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/logout.html.erb

@@ -1,6 +1,4 @@
 <%%= form_tag rodauth.logout_path, method: :post do %>
-<% if Rodauth::MAJOR >= 2 -%>
   <%%= render "global_logout_field" if rodauth.features.include?(:active_sessions) %>
-<% end -%>
   <%%= render "submit", value: "Logout", class: "btn btn-warning" %>
 <%% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_auth.html.erb

@@ -2,12 +2,3 @@
   <%%= render "otp_auth_code_field" %>
   <%%= render "submit", value: "Authenticate Using TOTP" %>
 <%% end %>
-<% if Rodauth::MAJOR == 1 -%>
-
-<%% if rodauth.features.include?(:sms_codes) && rodauth.sms_available? %>
-  <p><%%= link_to "Authenticate using SMS code", rodauth.sms_request_path %></p>
-<%% end %>
-<%% if rodauth.features.include?(:recovery_codes) %>
-  <p><%%= link_to "Authenticate using recovery code", rodauth.recovery_auth_path %></p>
-<%% end %>
-<% end -%>

data/lib/generators/rodauth/templates/config/initializers/sequel.rb

@@ -1,13 +1,8 @@
 require "sequel/core"
 
-# initialize the appropriate Sequel adapter without creating a connection
-<% case adapter -%>
-<% when "postgresql" -%>
-DB = Sequel.postgres(test: false)
-<% when "mysql2" -%>
-DB = Sequel.mysql2(test: false)
-<% when "sqlite3" -%>
-DB = Sequel.sqlite(test: false)
+# initialize Sequel and have it reuse Active Record's database connection
+<% if RUBY_ENGINE == "jruby" -%>
+DB = Sequel.connect("jdbc:<%= sequel_adapter %>://", extensions: :activerecord_connection)
+<% else -%>
+DB = Sequel.<%= sequel_adapter %>(extensions: :activerecord_connection)
 <% end -%>
-# have Sequel use ActiveRecord's connection for database interaction
-DB.extension :activerecord_connection

data/lib/generators/rodauth/templates/db/migrate/create_rodauth.rb

@@ -1,11 +1,11 @@
 class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
   def change
-<% if adapter == "postgresql" -%>
+<% if activerecord_adapter == "postgresql" -%>
     enable_extension "citext"
 
 <% end -%>
     create_table :accounts do |t|
-<% case adapter -%>
+<% case activerecord_adapter -%>
 <% when "postgresql" -%>
       t.citext :email, null: false, index: { unique: true, where: "status IN ('verified', 'unverified')" }
 <% else -%>
@@ -44,19 +44,28 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
       t.datetime :deadline, null: false
     end
 
+<% unless api_only? -%>
     # Used by the remember me feature
     create_table :account_remember_keys do |t|
       t.foreign_key :accounts, column: :id
       t.string :key, null: false
       t.datetime :deadline, null: false
     end
+<% else -%>
+    # # Used by the remember me feature
+    # create_table :account_remember_keys do |t|
+    #   t.foreign_key :accounts, column: :id
+    #   t.string :key, null: false
+    #   t.datetime :deadline, null: false
+    # end
+<% end -%>
 
     # # Used by the audit logging feature
     # create_table :account_authentication_audit_logs do |t|
-    #   t.references :account, null: false
+    #   t.references :account, foreign_key: true, null: false
     #   t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
     #   t.text :message, null: false
-<% case adapter -%>
+<% case activerecord_adapter -%>
 <% when "postgresql" -%>
     #   t.jsonb :metadata
 <% when "sqlite3", "mysql2" -%>
@@ -70,7 +79,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
 
     # # Used by the jwt refresh feature
     # create_table :account_jwt_refresh_keys do |t|
-    #   t.references :account, null: false
+    #   t.references :account, foreign_key: true, null: false
     #   t.string :key, null: false
     #   t.datetime :deadline, null: false
     #   t.index :account_id, name: "account_jwt_rk_account_id_idx"
@@ -78,7 +87,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
 
     # # Used by the disallow_password_reuse feature
     # create_table :account_previous_password_hashes do |t|
-    #   t.references :account
+    #   t.references :account, foreign_key: true
     #   t.string :password_hash, null: false
     # end
 
@@ -124,7 +133,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
 
     # # Used by the active sessions feature
     # create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
-    #   t.references :account
+    #   t.references :account, foreign_key: true
     #   t.string :session_id
     #   t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
     #   t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
@@ -136,7 +145,7 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
     #   t.string :webauthn_id, null: false
     # end
     # create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do |t|
-    #   t.references :account
+    #   t.references :account, foreign_key: true
     #   t.string :webauthn_id
     #   t.string :public_key, null: false
     #   t.integer :sign_count, null: false

data/lib/generators/rodauth/views_generator.rb

@@ -7,6 +7,21 @@ module Rodauth
         source_root "#{__dir__}/templates"
         namespace "rodauth:views"
 
+        argument :features, optional: true, type: :array,
+          desc: "Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)",
+          default: %w[login logout create_account verify_account reset_password change_password change_login verify_login_change close_account]
+
+        class_option :features, type: :array,
+          desc: "[DEPRECATED] Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)"
+
+        class_option :all, aliases: "-a", type: :boolean,
+          desc: "Generates views for all Rodauth features",
+          default: false
+
+        class_option :directory, aliases: "-d", type: :string,
+          desc: "The directory under app/views/* into which to create views",
+          default: "rodauth"
+
         VIEWS = {
           login: %w[
             _field _field_error _login_field _login_display _password_field
@@ -83,34 +98,18 @@ module Rodauth
           webauthn:        :two_factor_base,
         }
 
-        class_option :features, type: :array,
-          desc: "Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)",
-          default: %w[login logout create_account verify_account reset_password change_password change_login verify_login_change close_account]
-
-        class_option :all, aliases: "-a", type: :boolean,
-          desc: "Generates views for all Rodauth features",
-          default: false
-
-        class_option :directory, aliases: "-d", type: :string,
-          desc: "The directory under app/views/* into which to create views",
-          default: "rodauth"
-
         def create_views
-          features = options[:all] ? VIEWS.keys : options[:features].map(&:to_sym)
+          if options[:all]
+            features = VIEWS.keys
+          else
+            features = (options[:features] || self.features).map(&:to_sym)
+          end
 
           views = features.inject([]) do |list, feature|
             list |= VIEWS[feature] || []
             list |= VIEWS[DEPENDENCIES[feature]] || []
           end
 
-          if Rodauth::MAJOR == 1
-            views -= %w[
-              multi_phase_login _global_logout_field
-              two_factor_manage two_factor_auth two_factor_disable
-              webauthn_setup webauthn_auth webauthn_remove
-            ]
-          end
-
           views.each do |view|
             template "app/views/rodauth/#{view}.html.erb",
               "app/views/#{options[:directory].underscore}/#{view}.html.erb"

data/lib/rodauth/rails.rb

@@ -1,4 +1,4 @@
-require "rodauth/version"
+require "rodauth/rails/version"
 require "rodauth/rails/railtie"
 
 module Rodauth

data/lib/rodauth/rails/app.rb

@@ -4,15 +4,16 @@ module Rodauth
   module Rails
     # The superclass for creating a Rodauth middleware.
     class App < Roda
-      require "rodauth/rails/app/flash"
-
       plugin :middleware
       plugin :hooks
       plugin :render, layout: false
 
-      plugin Flash
-
       def self.configure(name = nil, **options, &block)
+        unless options[:json] == :only
+          require "rodauth/rails/app/flash"
+          plugin Flash
+        end
+
         plugin :rodauth, name: name, csrf: false, flash: false, **options do
           # load the Rails integration
           enable :rails

data/lib/rodauth/rails/app/flash.rb

@@ -31,7 +31,7 @@ module Rodauth
           end
 
           def commit_flash
-            if ActionPack.version >= Gem::Version.new("5.0.0")
+            if ActionPack.version >= Gem::Version.new("5.0")
               rails_request.commit_flash
             else
               # ActionPack 4.2 automatically commits flash

data/lib/rodauth/rails/feature.rb

@@ -28,22 +28,14 @@ module Rodauth
         super
     end
 
-    if Rodauth::MAJOR >= 2 && Rodauth::MINOR >= 1
-      # Verify Rails' authenticity token.
-      def check_csrf
-        rails_check_csrf!
-      end
+    # Verify Rails' authenticity token.
+    def check_csrf
+      rails_check_csrf!
+    end
 
-      # Have Rodauth call #check_csrf automatically.
-      def check_csrf?
-        true
-      end
-    else
-      # Verify Rails' authenticity token before each Rodauth route.
-      def before_rodauth
-        rails_check_csrf!
-        super
-      end
+    # Have Rodauth call #check_csrf automatically.
+    def check_csrf?
+      true
     end
 
     # Render Rails CSRF tags in Rodauth templates.
@@ -100,7 +92,7 @@ module Rodauth
       request  = ActionDispatch::Request.new(scope.env)
       instance = rails_controller.new
 
-      if ActionPack.version >= Gem::Version.new("5.0.0")
+      if ActionPack.version >= Gem::Version.new("5.0")
         instance.set_request! request
         instance.set_response! rails_controller.make_response!(request)
       else

data/lib/rodauth/rails/version.rb

@@ -0,0 +1,5 @@
+module Rodauth
+  module Rails
+    VERSION = "0.4.0"
+  end
+end

data/rodauth-rails.gemspec

@@ -1,6 +1,8 @@
+require_relative "lib/rodauth/rails/version"
+
 Gem::Specification.new do |spec|
   spec.name          = "rodauth-rails"
-  spec.version       = "0.1.3"
+  spec.version       = Rodauth::Rails::VERSION
   spec.authors       = ["Janko Marohnić"]
   spec.email         = ["janko.marohnic@gmail.com"]
 
@@ -15,8 +17,8 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 4.2", "< 7"
-  spec.add_dependency "rodauth", ">= 1.23", "< 3"
-  spec.add_dependency "sequel-activerecord_connection", "~> 0.2"
+  spec.add_dependency "rodauth", "~> 2.1"
+  spec.add_dependency "sequel-activerecord_connection", "~> 1.0"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.4.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-04 00:00:00.000000000 Z
+date: 2020-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -34,36 +34,30 @@ dependencies:
   name: rodauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1.23'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '2.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1.23'
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
@@ -99,11 +93,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
 - LICENSE.txt
 - README.md
 - lib/generators/rodauth/install_generator.rb
 - lib/generators/rodauth/mailer_generator.rb
 - lib/generators/rodauth/templates/app/controllers/rodauth_controller.rb
+- lib/generators/rodauth/templates/app/lib/rodauth_app.rb
 - lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb
 - lib/generators/rodauth/templates/app/models/account.rb
 - lib/generators/rodauth/templates/app/views/rodauth/_email_auth_request_form.html.erb
@@ -169,7 +165,6 @@ files:
 - lib/generators/rodauth/templates/config/initializers/rodauth.rb
 - lib/generators/rodauth/templates/config/initializers/sequel.rb
 - lib/generators/rodauth/templates/db/migrate/create_rodauth.rb
-- lib/generators/rodauth/templates/lib/rodauth_app.rb
 - lib/generators/rodauth/views_generator.rb
 - lib/rodauth-rails.rb
 - lib/rodauth/features/rails.rb
@@ -180,6 +175,7 @@ files:
 - lib/rodauth/rails/feature.rb
 - lib/rodauth/rails/middleware.rb
 - lib/rodauth/rails/railtie.rb
+- lib/rodauth/rails/version.rb
 - rodauth-rails.gemspec
 homepage: https://github.com/janko/rodauth-rails
 licenses:
@@ -200,7 +196,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.1
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Provides Rails integration for Rodauth.