RubyGems - rodauth-rails - Versions diffs - 0.11.0 → 0.12.0 - Mend

rodauth-rails 0.11.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b8063be8ad00634114f74f0eb549c672e2b62cd1fa81cb7f124cc9cd12505e3f
-  data.tar.gz: 6f466e29420f9e4bacb58c855e942cc20289d2c3fc69a12638b97628d25dbbfb
+  metadata.gz: 27d48e6bf86cf81b33f6b0282048c2fb6f16ec6602136e18de6ede5120cfd808
+  data.tar.gz: 2f79498ff25a42131a5ead77f3d4adf05152bc85f271c8b985f0f9fa8c04b503
 SHA512:
-  metadata.gz: 8cc0af59c6ce29837fbc8a3401d456fd407ef76b74493b08ee9b4f2dfc8807d4a95c86f9bb0266401013d5162c009d46b7d07e3f741654af2cc267c0ee2c135e
-  data.tar.gz: 78c098dbaed458d5764ca2e7ee61f4710e01b2386d0cc04831b1732b9883d76c4b9f56c35c0a1e557c40951086d72bb0ed264f769313c1b45be30b2dd760024a
+  metadata.gz: 8a0c44b54d304d4dfb2a205d41a5ac360e483209229fa49e767f9eaa595434b291661e283110f3ee39a8fbc17a4ad2d82f90a6e4545ca4112852ee50a35aa8da
+  data.tar.gz: 52bb16489dd97777f7ff2359be9014a2c55c7537b8d4449621eb95ef3b7f0030febcd06caa811d406db1fb24fcc884d22c7460a36a94255133ce261a2bbeb68d

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,15 @@
+## 0.12.0 (2021-05-15)
+* Include total view render time in logs for Rodauth requests (@janko)
+* Instrument redirects (@janko)
+* Instrument Rodauth requests on `action_controller` namespace (@janko)
+* Update templates for Boostrap 5 compatibility (@janko)
+* Log request parameters for Rodauth requests (@janko)
 ## 0.11.0 (2021-05-06)
 * Add controller-like logging for requests to Rodauth endpoints (@janko)

data/README.md CHANGED Viewed

@@ -61,7 +61,7 @@ documentation][hmac] for instructions on how to safely transition, or just set
 Add the gem to your Gemfile:
 ```rb
-gem "rodauth-rails", "~> 0.10"
+gem "rodauth-rails", "~> 0.12"
 # gem "jwt",      require: false # for JWT feature
 # gem "rotp",     require: false # for OTP feature
@@ -86,132 +86,22 @@ $ rails generate rodauth:install --jwt # token authentication via the "Authoriza
 $ bundle add jwt
 ```
-The generator will create the following files:
+This generator will create a Rodauth app with common authentication features
+enabled, a database migration with tables required by those features, a mailer
+with default templates, and a few other files.
-* Rodauth migration at `db/migrate/*_create_rodauth.rb`
-* Rodauth initializer at `config/initializers/rodauth.rb`
-* Sequel initializer at `config/initializers/sequel.rb` for ActiveRecord integration
-* Rodauth app at `app/lib/rodauth_app.rb`
-* Rodauth controller at `app/controllers/rodauth_controller.rb`
-* Account model at `app/models/account.rb`
-* Rodauth mailer at `app/mailers/rodauth_mailer.rb` with views
+Feel free to remove any features you don't need, along with their corresponding
+tables. Afterwards, run the migration:
-### Migration
-The migration file creates tables required by Rodauth. You're encouraged to
-review the migration, and modify it to only create tables for features you
-intend to use.
-```rb
-# db/migrate/*_create_rodauth.rb
-class CreateRodauth < ActiveRecord::Migration
-  def change
-    create_table :accounts do |t| ... end
-    create_table :account_password_hashes do |t| ... end
-    create_table :account_password_reset_keys do |t| ... end
-    create_table :account_verification_keys do |t| ... end
-    create_table :account_login_change_keys do |t| ... end
-    create_table :account_remember_keys do |t| ... end
-  end
-end
-```
-Once you're done, you can run the migration:
-```
+```sh
 $ rails db:migrate
 ```
-### Rodauth initializer
-The Rodauth initializer assigns the constant for your Rodauth app, which will
-be called by the Rack middleware that's added in front of your Rails router.
-```rb
-# config/initializers/rodauth.rb
-Rodauth::Rails.configure do |config|
-  config.app = "RodauthApp"
-end
-```
-### Sequel initializer
-Rodauth uses [Sequel] for database interaction. If you're using ActiveRecord,
-an additional initializer will be created which configures Sequel to use the
-ActiveRecord connection.
-```rb
-# config/initializers/sequel.rb
-require "sequel/core"
-# initialize Sequel and have it reuse Active Record's database connection
-DB = Sequel.connect("postgresql://", extensions: :activerecord_connection)
-```
-### Rodauth app
-Your Rodauth app is created in the `app/lib/` directory, and comes with a
-default set of authentication features enabled, as well as extensive examples
-on ways you can configure authentication behaviour.
-```rb
-# app/lib/rodauth_app.rb
-class RodauthApp < Rodauth::Rails::App
-  configure do
-    # authentication configuration
-  end
-  route do |r|
-    # request handling
-  end
-end
-```
-### Controller
-Your Rodauth app will by default use `RodauthController` for view rendering,
-CSRF protection, and running controller callbacks and rescue handlers around
-Rodauth actions.
-```rb
-# app/controllers/rodauth_controller.rb
-class RodauthController < ApplicationController
-end
-```
-### Account model
-Rodauth stores user accounts in the `accounts` table, so the generator will
-also create an `Account` model for custom use.
-```rb
-# app/models/account.rb
-class Account < ApplicationRecord
-end
-```
-### Rodauth mailer
-The default Rodauth app is configured to use `RodauthMailer` mailer
-for sending authentication emails.
-```rb
-# app/mailers/rodauth_mailer.rb
-class RodauthMailer < ApplicationMailer
-  def verify_account(recipient, email_link) ... end
-  def reset_password(recipient, email_link) ... end
-  def verify_login_change(recipient, old_login, new_login, email_link) ... end
-  def password_changed(recipient) ... end
-  # def email_auth(recipient, email_link) ... end
-  # def unlock_account(recipient, email_link) ... end
-end
-```
 ## Usage
 ### Routes
-We can see the list of routes our Rodauth middleware handles:
+You can see the list of routes our Rodauth middleware handles:
 ```sh
 $ rails rodauth:routes
@@ -233,7 +123,7 @@ Routes handled by RodauthApp:
   /close-account           rodauth.close_account_path
 ```
-Using this information, we could add some basic authentication links to our
+Using this information, you can add some basic authentication links to your
 navigation header:
 ```erb
@@ -264,7 +154,7 @@ end
 ### Current account
-To be able to fetch currently authenticated account, let's define a
+To be able to fetch currently authenticated account, you can define a
 `#current_account` method that fetches the account id from session and
 retrieves the corresponding account record:
@@ -281,11 +171,11 @@ class ApplicationController < ActionController::Base
     rodauth.logout
     rodauth.login_required
   end
-  helper_method :current_account # skip if inheriting from ActionController:API
+  helper_method :current_account # skip if inheriting from ActionController::API
 end
 ```
-This allows us to access the current account in controllers and views:
+This allows you to access the current account in controllers and views:
 ```erb
 <p>Authenticated as: <%= current_account.email %></p>
@@ -293,9 +183,9 @@ This allows us to access the current account in controllers and views:
 ### Requiring authentication
-We'll likely want to require authentication for certain parts of our app,
-redirecting the user to the login page if they're not logged in. We can do this
-in our Rodauth app's routing block, which helps keep the authentication logic
+You'll likely want to require authentication for certain parts of your app,
+redirecting the user to the login page if they're not logged in. You can do this
+in your Rodauth app's routing block, which helps keep the authentication logic
 encapsulated:
 ```rb
@@ -314,7 +204,7 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
-We can also require authentication at the controller layer:
+You can also require authentication at the controller layer:
 ```rb
 # app/controllers/application_controller.rb
@@ -341,8 +231,8 @@ end
 #### Routing constraints
-You can also require authentication at the Rails router level by
-using a built-in `authenticated` routing constraint:
+In some cases it makes sense to require authentication at the Rails router
+level. You can do this via the built-in `authenticated` routing constraint:
 ```rb
 # config/routes.rb
@@ -404,7 +294,7 @@ This will generate views for the default set of Rodauth features into the
 `RodauthController`.
 You can pass a list of Rodauth features to the generator to create views for
-these features (this will not remove any existing views):
+these features (this will not remove or overwrite any existing views):
 ```sh
 $ rails generate rodauth:views login create_account lockout otp
@@ -546,7 +436,7 @@ end
 ### Multiple configurations
 If you need to handle multiple types of accounts that require different
-authentication logic, you can create different configurations for them:
+authentication logic, you can create additional configurations for them:
 ```rb
 # app/lib/rodauth_app.rb
@@ -656,8 +546,8 @@ class RodauthAdmin < RodauthBase # inherit common settings
 end
 ```
-Another benefit is that you can define custom methods directly on the class
-instead of through `auth_class_eval`:
+Another benefit of explicit classes is that you can define custom methods
+directly at the class level instead of inside an `auth_class_eval`:
 ```rb
 # app/lib/rodauth_admin.rb
@@ -722,7 +612,7 @@ rodauth.setup_account_verification
 rodauth.close_account
 ```
-This Rodauth instance will be initialized with basic Rack env that allows is it
+This Rodauth instance will be initialized with basic Rack env that allows it
 to generate URLs, using `config.action_mailer.default_url_options` options.
 ## How it works
@@ -834,7 +724,7 @@ class RodauthApp < Rodauth::Rails::App
   configure do
     # ...
     enable :json
-    only_json? true # accept only JSON requests
+    only_json? true # accept only JSON requests (optional)
     # ...
   end
 end
@@ -855,7 +745,7 @@ class RodauthApp < Rodauth::Rails::App
     # ...
     enable :jwt
     jwt_secret "<YOUR_SECRET_KEY>" # store the JWT secret in a safe place
-    only_json? true # accept only JSON requests
+    only_json? true # accept only JSON requests (optional)
     # ...
   end
 end
@@ -935,7 +825,8 @@ end
 <%= link_to "Login via Facebook", "/auth/facebook" %>
 ```
-Let's implement the OmniAuth callback endpoint on our Rodauth controller:
+Finally, let's implement the OmniAuth callback endpoint on our Rodauth
+controller:
 ```rb
 # config/routes.rb
@@ -988,11 +879,8 @@ end
 ## Configuring
-For the list of configuration methods provided by Rodauth, see the [feature
-documentation].
-The `rails` feature rodauth-rails loads is customizable as well, here is the
-list of its configuration methods:
+The `rails` feature rodauth-rails loads provides the following configuration
+methods:
 | Name                        | Description                                                        |
 | :----                       | :----------                                                        |
@@ -1019,12 +907,16 @@ Rodauth::Rails.configure do |config|
 end
 ```
+For the list of configuration methods provided by Rodauth, see the [feature
+documentation].
 ## Custom extensions
 When developing custom extensions for Rodauth inside your Rails project, it's
-better to use plain modules (at least in the beginning), because Rodauth
-feature design doesn't yet support Zeitwerk reloading well. Here is
-an example of an LDAP authentication extension that uses the
+probably better to use plain modules, at least in the beginning, as Rodauth
+feature design doesn't yet work well with Zeitwerk reloading.
+Here is an example of an LDAP authentication extension that uses the
 [simple_ldap_authenticator] gem.
 ```rb

data/lib/generators/rodauth/templates/app/views/rodauth/_global_logout_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <div class="form-check">
     <%%= check_box_tag rodauth.global_logout_param, "t", false, id: "global-logout", class: "form-check-input" %>
     <%%= label_tag "global-logout", "Logout all Logged In Sessons?", class: "form-check-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_confirm_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "login-confirm", "Confirm Login" %>
+<div class="form-group mb-3">
+  <%%= label_tag "login-confirm", "Confirm Login", class: "form-label" %>
   <%%= render "field", name: rodauth.login_confirm_param, id: "login-confirm", type: :email, autocomplete: "email" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_display.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "login", "Login" %>
+<div class="form-group mb-3">
+  <%%= label_tag "login", "Login", class: "form-label" %>
   <%%= email_field_tag rodauth.login_param, params[rodauth.login_param], id: "login", readonly: true, class: "form-control-plaintext" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "login", "Login" %>
+<div class="form-group mb-3">
+  <%%= label_tag "login", "Login", class: "form-label" %>
   <%%= render "field", name: rodauth.login_param, id: "login", type: :email, autocomplete: "email" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_new_password_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "new-password", "New Password" %>
+<div class="form-group mb-3">
+  <%%= label_tag "new-password", "New Password", class: "form-label" %>
   <%%= render "field", name: rodauth.new_password_param, id: "new-password", type: "password", value: "", autocomplete: "new-password" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_otp_auth_code_field.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <%%= label_tag "otp-auth-code", "Authentication Code" %>
+<div class="form-group mb-3">
+  <%%= label_tag "otp-auth-code", "Authentication Code", class: "form-label" %>
   <div class="row">
     <div class="col-sm-3">
       <%%= render "field", name: rodauth.otp_auth_param, id: "otp-auth-code", value: "", autocomplete: "off", inputmode: "numeric" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_password_confirm_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "password-confirm", "Confirm Password" %>
+<div class="form-group mb-3">
+  <%%= label_tag "password-confirm", "Confirm Password", class: "form-label" %>
   <%%= render "field", name: rodauth.password_confirm_param, id: "password-confirm", type: :password, value: "", autocomplete: "new-password" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_password_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "password", "Password" %>
+<div class="form-group mb-3">
+  <%%= label_tag "password", "Password", class: "form-label" %>
   <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: rodauth.password_field_autocomplete_value %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_recovery_code_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "recovery_code", "Recovery Code" %>
+<div class="form-group mb-3">
+  <%%= label_tag "recovery_code", "Recovery Code", class: "form-label" %>
   <%%= render "field", name: rodauth.recovery_codes_param, id: "recovery_code", value: "", autocomplete: "off" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_sms_code_field.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <%%= label_tag "sms-code", "SMS Code" %>
+<div class="form-group mb-3">
+  <%%= label_tag "sms-code", "SMS Code", class: "form-label" %>
   <div class="row">
     <div class="col-sm-3">
       <%%= render "field", name: rodauth.sms_code_param, id: "sms-code", value: "", autocomplete: "one-time-code", inputmode: "numeric" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_sms_phone_field.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <%%= label_tag "sms-phone", "Phone Number" %>
+<div class="form-group mb-3">
+  <%%= label_tag "sms-phone", "Phone Number", class: "form-label" %>
   <div class="row">
     <div class="col-sm-3">
       <%%= render "field", name: rodauth.sms_phone_param, id: "sms-phone", type: :tel, autocomplete: "tel" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_submit.html.erb CHANGED Viewed

@@ -1,3 +1,3 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <%%= submit_tag local_assigns[:value], name: local_assigns[:name], class: local_assigns[:class] || "btn btn-primary" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_setup.html.erb CHANGED Viewed

@@ -2,14 +2,14 @@
   <%%= hidden_field_tag rodauth.otp_setup_param, rodauth.otp_user_key, id: "otp-key" %>
   <%%= hidden_field_tag rodauth.otp_setup_raw_param, rodauth.otp_key, id: "otp-hmac-secret" if rodauth.otp_keys_use_hmac? %>
-  <div class="form-group">
+  <div class="form-group mb-3">
     <p>Secret: <%%= rodauth.otp_user_key %></p>
     <p>Provisioning URL: <%%= rodauth.otp_provisioning_uri %></p>
   </div>
   <div class="row">
     <div class="col-lg-6 col-lg">
-      <div class="form-group">
+      <div class="form-group mb-3">
         <p><%%= rodauth.otp_qr_code.html_safe %></p>
       </div>
     </div>

data/lib/generators/rodauth/templates/app/views/rodauth/remember.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <%%= form_tag rodauth.remember_path, method: :post do %>
-  <fieldset class="form-group">
+  <fieldset class="form-group mb-3">
     <div class="form-check">
       <%%= radio_button_tag rodauth.remember_param, rodauth.remember_remember_param_value, false, id: "remember-remember", class: "form-check-input" %>
       <%%= label_tag "remember-remember", "Remember Me", class: "form-check-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_remove.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <%%= form_tag rodauth.webauthn_remove_path, method: :post, id: "webauthn-remove-form" do %>
   <%%= render "password_field" if rodauth.two_factor_modifications_require_password? %>
-  <fieldset class="form-group">
+  <fieldset class="form-group mb-3">
     <%% (usage = rodauth.account_webauthn_usage).each do |id, last_use| %>
       <div class="form-check">
         <%%= render "field", name: rodauth.webauthn_remove_param, id: "webauthn-remove-#{id}", type: :radio, class: "form-check-input", skip_error_message: true, value: id, required: false %>

data/lib/rodauth/rails/feature.rb CHANGED Viewed

@@ -1,234 +1,21 @@
 module Rodauth
   Feature.define(:rails) do
-    depends :email_base
-    # List of overridable methods.
-    auth_methods(
-      :rails_render,
-      :rails_csrf_tag,
-      :rails_csrf_param,
-      :rails_csrf_token,
-      :rails_check_csrf!,
-      :rails_controller,
-    )
-    auth_cached_method :rails_controller_instance
-    # Renders templates with layout. First tries to render a user-defined
-    # template, otherwise falls back to Rodauth's template.
-    def view(page, *)
-      rails_render(action: page.tr("-", "_"), layout: true) ||
-        rails_render(html: super.html_safe, layout: true)
-    end
-    # Renders templates without layout. First tries to render a user-defined
-    # template or partial, otherwise falls back to Rodauth's template.
-    def render(page)
-      rails_render(partial: page.tr("-", "_"), layout: false) ||
-        rails_render(action: page.tr("-", "_"), layout: false) ||
-        super.html_safe
-    end
-    # Render Rails CSRF tags in Rodauth templates.
-    def csrf_tag(*)
-      rails_csrf_tag
-    end
-    # Verify Rails' authenticity token.
-    def check_csrf
-      rails_check_csrf!
-    end
-    # Have Rodauth call #check_csrf automatically.
-    def check_csrf?
-      true
-    end
-    # Reset Rails session to protect from session fixation attacks.
-    def clear_session
-      rails_controller_instance.reset_session
-    end
-    # Default the flash error key to Rails' default :alert.
-    def flash_error_key
-      :alert
-    end
-    # Evaluates the block in context of a Rodauth controller instance.
-    def rails_controller_eval(&block)
-      rails_controller_instance.instance_exec(&block)
-    end
-    def button(*)
-      super.html_safe
-    end
-    delegate :rails_routes, :rails_request, to: :scope
-    private
-    # Runs controller callbacks and rescue handlers around Rodauth actions.
-    def _around_rodauth(&block)
-      result = nil
-      rails_instrument_request do
-        rails_controller_rescue do
-          rails_controller_callbacks do
-            result = catch(:halt) { super(&block) }
-          end
-        end
-        result = handle_rails_controller_response(result)
-      end
-      throw :halt, result if result
-    end
-    # Handles controller rendering a response or setting response headers.
-    def handle_rails_controller_response(result)
-      if rails_controller_instance.performed?
-        rails_controller_response
-      elsif result
-        result[1].merge!(rails_controller_instance.response.headers)
-        result
-      end
-    end
-    # Runs any #(before|around|after)_action controller callbacks.
-    def rails_controller_callbacks
-      # don't verify CSRF token as part of callbacks, Rodauth will do that
-      rails_controller_forgery_protection { false }
-      rails_controller_instance.run_callbacks(:process_action) do
-        # turn the setting back to default so that form tags generate CSRF tags
-        rails_controller_forgery_protection { rails_controller.allow_forgery_protection }
-        yield
-      end
-    end
-    # Runs any registered #rescue_from controller handlers.
-    def rails_controller_rescue
-      yield
-    rescue Exception => exception
-      rails_controller_instance.rescue_with_handler(exception) || raise
-      unless rails_controller_instance.performed?
-        raise Rodauth::Rails::Error, "rescue_from handler didn't write any response"
-      end
-    end
-    def rails_instrument_request
-      ActiveSupport::Notifications.instrument("start_processing.rodauth", rodauth: self)
-      ActiveSupport::Notifications.instrument("process_request.rodauth", rodauth: self) do |payload|
-        begin
-          status, headers, body = yield
-          payload[:status] = status || 404
-          payload[:headers] = headers
-          payload[:body] = body
-        ensure
-          rails_controller_instance.send(:append_info_to_payload, payload)
-        end
-      end
-    end
-    # Returns Roda response from controller response if set.
-    def rails_controller_response
-      controller_response = rails_controller_instance.response
-      response.status = controller_response.status
-      response.headers.merge! controller_response.headers
-      response.write controller_response.body
-      response.finish
-    end
-    # Create emails with ActionMailer which uses configured delivery method.
-    def create_email_to(to, subject, body)
-      Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)
-    end
-    # Delivers the given email.
-    def send_email(email)
-      email.deliver_now
-    end
-    # Calls the Rails renderer, returning nil if a template is missing.
-    def rails_render(*args)
-      return if rails_api_controller?
-      rails_controller_instance.render_to_string(*args)
-    rescue ActionView::MissingTemplate
-      nil
-    end
-    # Calls the controller to verify the authenticity token.
-    def rails_check_csrf!
-      rails_controller_instance.send(:verify_authenticity_token)
-    end
-    # Hidden tag with Rails CSRF token inserted into Rodauth templates.
-    def rails_csrf_tag
-      %(<input type="hidden" name="#{rails_csrf_param}" value="#{rails_csrf_token}">)
-    end
-    # The request parameter under which to send the Rails CSRF token.
-    def rails_csrf_param
-      rails_controller.request_forgery_protection_token
-    end
-    # The Rails CSRF token value inserted into Rodauth templates.
-    def rails_csrf_token
-      rails_controller_instance.send(:form_authenticity_token)
-    end
-    # allows/disables forgery protection
-    def rails_controller_forgery_protection(&value)
-      return if rails_api_controller?
-      rails_controller_instance.allow_forgery_protection = value.call
-    end
-    # Instances of the configured controller with current request's env hash.
-    def _rails_controller_instance
-      controller = rails_controller.new
-      prepare_rails_controller(controller, rails_request)
-      controller
-    end
-    if ActionPack.version >= Gem::Version.new("5.0")
-      def prepare_rails_controller(controller, rails_request)
-        controller.set_request! rails_request
-        controller.set_response! rails_controller.make_response!(rails_request)
-      end
-    else
-      def prepare_rails_controller(controller, rails_request)
-        controller.send(:set_response!, rails_request)
-        controller.instance_variable_set(:@_request, rails_request)
-      end
-    end
-    def rails_api_controller?
-      defined?(ActionController::API) && rails_controller <= ActionController::API
-    end
-    def rails_controller
-      if only_json? && Rodauth::Rails.api_only?
-        ActionController::API
-      else
-        ActionController::Base
-      end
-    end
-    # ActionMailer subclass for correct email delivering.
-    class Mailer < ActionMailer::Base
-      def create_email(**options)
-        mail(**options)
-      end
-    end
+    # Assign feature and feature configuration to constants for introspection.
+    Rodauth::Rails::Feature              = self
+    Rodauth::Rails::FeatureConfiguration = self.configuration
+    require "rodauth/rails/feature/base"
+    require "rodauth/rails/feature/callbacks"
+    require "rodauth/rails/feature/csrf"
+    require "rodauth/rails/feature/render"
+    require "rodauth/rails/feature/email"
+    require "rodauth/rails/feature/instrumentation"
+    include Rodauth::Rails::Feature::Base
+    include Rodauth::Rails::Feature::Callbacks
+    include Rodauth::Rails::Feature::Csrf
+    include Rodauth::Rails::Feature::Render
+    include Rodauth::Rails::Feature::Email
+    include Rodauth::Rails::Feature::Instrumentation
   end
-  # Assign feature and feature configuration to constants for introspection.
-  Rails::Feature              = FEATURES[:rails]
-  Rails::FeatureConfiguration = FEATURES[:rails].configuration
 end

data/lib/rodauth/rails/feature/base.rb ADDED Viewed

@@ -0,0 +1,62 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Base
+        def self.included(feature)
+          feature.auth_methods :rails_controller
+          feature.auth_cached_method :rails_controller_instance
+        end
+        # Reset Rails session to protect from session fixation attacks.
+        def clear_session
+          rails_controller_instance.reset_session
+        end
+        # Default the flash error key to Rails' default :alert.
+        def flash_error_key
+          :alert
+        end
+        # Evaluates the block in context of a Rodauth controller instance.
+        def rails_controller_eval(&block)
+          rails_controller_instance.instance_exec(&block)
+        end
+        delegate :rails_routes, :rails_request, to: :scope
+        private
+        # Instances of the configured controller with current request's env hash.
+        def _rails_controller_instance
+          controller = rails_controller.new
+          prepare_rails_controller(controller, rails_request)
+          controller
+        end
+        if ActionPack.version >= Gem::Version.new("5.0")
+          def prepare_rails_controller(controller, rails_request)
+            controller.set_request! rails_request
+            controller.set_response! rails_controller.make_response!(rails_request)
+          end
+        else
+          def prepare_rails_controller(controller, rails_request)
+            controller.send(:set_response!, rails_request)
+            controller.instance_variable_set(:@_request, rails_request)
+          end
+        end
+        def rails_api_controller?
+          defined?(ActionController::API) && rails_controller <= ActionController::API
+        end
+        def rails_controller
+          if only_json? && Rodauth::Rails.api_only?
+            ActionController::API
+          else
+            ActionController::Base
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/callbacks.rb ADDED Viewed

@@ -0,0 +1,61 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Callbacks
+        private
+        # Runs controller callbacks and rescue handlers around Rodauth actions.
+        def _around_rodauth(&block)
+          result = nil
+          rails_controller_rescue do
+            rails_controller_callbacks do
+              result = catch(:halt) { super(&block) }
+            end
+          end
+          result = handle_rails_controller_response(result)
+          throw :halt, result if result
+        end
+        # Runs any #(before|around|after)_action controller callbacks.
+        def rails_controller_callbacks(&block)
+          rails_controller_instance.run_callbacks(:process_action, &block)
+        end
+        # Runs any registered #rescue_from controller handlers.
+        def rails_controller_rescue
+          yield
+        rescue Exception => exception
+          rails_controller_instance.rescue_with_handler(exception) || raise
+          unless rails_controller_instance.performed?
+            raise Rodauth::Rails::Error, "rescue_from handler didn't write any response"
+          end
+        end
+        # Handles controller rendering a response or setting response headers.
+        def handle_rails_controller_response(result)
+          if rails_controller_instance.performed?
+            rails_controller_response
+          elsif result
+            result[1].merge!(rails_controller_instance.response.headers)
+            result
+          end
+        end
+        # Returns Roda response from controller response if set.
+        def rails_controller_response
+          controller_response = rails_controller_instance.response
+          response.status = controller_response.status
+          response.headers.merge! controller_response.headers
+          response.write controller_response.body
+          response.finish
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/csrf.rb ADDED Viewed

@@ -0,0 +1,65 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Csrf
+        def self.included(feature)
+          feature.auth_methods(
+            :rails_csrf_tag,
+            :rails_csrf_param,
+            :rails_csrf_token,
+            :rails_check_csrf!,
+          )
+        end
+        # Render Rails CSRF tags in Rodauth templates.
+        def csrf_tag(*)
+          rails_csrf_tag
+        end
+        # Verify Rails' authenticity token.
+        def check_csrf
+          rails_check_csrf!
+        end
+        # Have Rodauth call #check_csrf automatically.
+        def check_csrf?
+          true
+        end
+        private
+        def rails_controller_callbacks
+          return super if rails_api_controller?
+          # don't verify CSRF token as part of callbacks, Rodauth will do that
+          rails_controller_instance.allow_forgery_protection = false
+          super do
+            # turn the setting back to default so that form tags generate CSRF tags
+            rails_controller_instance.allow_forgery_protection = rails_controller.allow_forgery_protection
+            yield
+          end
+        end
+        # Calls the controller to verify the authenticity token.
+        def rails_check_csrf!
+          rails_controller_instance.send(:verify_authenticity_token)
+        end
+        # Hidden tag with Rails CSRF token inserted into Rodauth templates.
+        def rails_csrf_tag
+          %(<input type="hidden" name="#{rails_csrf_param}" value="#{rails_csrf_token}">)
+        end
+        # The request parameter under which to send the Rails CSRF token.
+        def rails_csrf_param
+          rails_controller.request_forgery_protection_token
+        end
+        # The Rails CSRF token value inserted into Rodauth templates.
+        def rails_csrf_token
+          rails_controller_instance.send(:form_authenticity_token)
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/email.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Email
+        def self.included(feature)
+          feature.depends :email_base
+        end
+        private
+        # Create emails with ActionMailer which uses configured delivery method.
+        def create_email_to(to, subject, body)
+          Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)
+        end
+        # Delivers the given email.
+        def send_email(email)
+          email.deliver_now
+        end
+        # ActionMailer subclass for correct email delivering.
+        class Mailer < ActionMailer::Base
+          def create_email(**options)
+            mail(**options)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/instrumentation.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Instrumentation
+        private
+        def _around_rodauth
+          rails_instrument_request { super }
+        end
+        def redirect(*)
+          rails_instrument_redirection { super }
+        end
+        def rails_render(*)
+          render_output = nil
+          rails_controller_instance.view_runtime = rails_controller_instance.send(:cleanup_view_runtime) do
+            Benchmark.ms { render_output = super }
+          end
+          render_output
+        end
+        def rails_instrument_request
+          request = rails_request
+          raw_payload = {
+            controller: scope.class.superclass.name,
+            action: "call",
+            request: request,
+            params: request.filtered_parameters,
+            headers: request.headers,
+            format: request.format.ref,
+            method: request.request_method,
+            path: request.fullpath
+          }
+          ActiveSupport::Notifications.instrument("start_processing.action_controller", raw_payload)
+          ActiveSupport::Notifications.instrument("process_action.action_controller", raw_payload) do |payload|
+            begin
+              result = catch(:halt) { yield }
+              response = ActionDispatch::Response.new *(result || [404, {}, []])
+              payload[:response] = response
+              payload[:status] = response.status
+              throw :halt, result if result
+            rescue => error
+              payload[:status] = ActionDispatch::ExceptionWrapper.status_code_for_exception(error.class.name)
+              raise
+            ensure
+              rails_controller_eval { append_info_to_payload(payload) }
+            end
+          end
+        end
+        def rails_instrument_redirection
+          ActiveSupport::Notifications.instrument("redirect_to.action_controller", request: rails_request) do |payload|
+            result = catch(:halt) { yield }
+            response = ActionDispatch::Response.new(*result)
+            payload[:status] = response.status
+            payload[:location] = response.filtered_location
+            throw :halt, result
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/render.rb ADDED Viewed

@@ -0,0 +1,41 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Render
+        def self.included(feature)
+          feature.auth_methods :rails_render
+        end
+        # Renders templates with layout. First tries to render a user-defined
+        # template, otherwise falls back to Rodauth's template.
+        def view(page, *)
+          rails_render(action: page.tr("-", "_"), layout: true) ||
+            rails_render(html: super.html_safe, layout: true)
+        end
+        # Renders templates without layout. First tries to render a user-defined
+        # template or partial, otherwise falls back to Rodauth's template.
+        def render(page)
+          rails_render(partial: page.tr("-", "_"), layout: false) ||
+            rails_render(action: page.tr("-", "_"), layout: false) ||
+            super.html_safe
+        end
+        def button(*)
+          super.html_safe
+        end
+        private
+        # Calls the Rails renderer, returning nil if a template is missing.
+        def rails_render(*args)
+          return if rails_api_controller?
+          rails_controller_instance.render_to_string(*args)
+        rescue ActionView::MissingTemplate
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/railtie.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 require "rodauth/rails/middleware"
 require "rodauth/rails/controller_methods"
-require "rodauth/rails/log_subscriber"
 require "rails"
@@ -17,10 +16,6 @@ module Rodauth
         end
       end
-      initializer "rodauth.log_subscriber" do
-        Rodauth::Rails::LogSubscriber.attach_to :rodauth
-      end
       initializer "rodauth.test" do
         # Rodauth uses RACK_ENV to set the default bcrypt hash cost
         ENV["RACK_ENV"] = "test" if ::Rails.env.test?

data/lib/rodauth/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.11.0"
+    VERSION = "0.12.0"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-06 00:00:00.000000000 Z
+date: 2021-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -207,7 +207,12 @@ files:
 - lib/rodauth/rails/auth.rb
 - lib/rodauth/rails/controller_methods.rb
 - lib/rodauth/rails/feature.rb
-- lib/rodauth/rails/log_subscriber.rb
+- lib/rodauth/rails/feature/base.rb
+- lib/rodauth/rails/feature/callbacks.rb
+- lib/rodauth/rails/feature/csrf.rb
+- lib/rodauth/rails/feature/email.rb
+- lib/rodauth/rails/feature/instrumentation.rb
+- lib/rodauth/rails/feature/render.rb
 - lib/rodauth/rails/middleware.rb
 - lib/rodauth/rails/railtie.rb
 - lib/rodauth/rails/tasks.rake

data/lib/rodauth/rails/log_subscriber.rb DELETED Viewed

@@ -1,34 +0,0 @@
-module Rodauth
-  module Rails
-    class LogSubscriber < ActiveSupport::LogSubscriber
-      def start_processing(event)
-        rodauth = event.payload[:rodauth]
-        app_class = rodauth.scope.class.superclass
-        format = rodauth.rails_request.format.ref
-        format = format.to_s.upcase if format.is_a?(Symbol)
-        format = "*/*" if format.nil?
-        info "Processing by #{app_class} as #{format}"
-      end
-      def process_request(event)
-        status = event.payload[:status]
-        additions = ActionController::Base.log_process_action(event.payload)
-        if ::Rails.gem_version >= Gem::Version.new("6.0")
-          additions << "Allocations: #{event.allocations}"
-        end
-        message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
-        message << " (#{additions.join(" | ")})"
-        message << "\n\n" if defined?(::Rails.env) && ::Rails.env.development?
-        info message
-      end
-      def logger
-        ::Rails.logger
-      end
-    end
-  end
-end