RubyGems - rodauth-rails - Versions diffs - 0.11.0 → 0.12.0 - Mend

rodauth-rails 0.11.0 → 0.12.0

Files changed (29) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b8063be8ad00634114f74f0eb549c672e2b62cd1fa81cb7f124cc9cd12505e3f
-  data.tar.gz: 6f466e29420f9e4bacb58c855e942cc20289d2c3fc69a12638b97628d25dbbfb
+  metadata.gz: 27d48e6bf86cf81b33f6b0282048c2fb6f16ec6602136e18de6ede5120cfd808
+  data.tar.gz: 2f79498ff25a42131a5ead77f3d4adf05152bc85f271c8b985f0f9fa8c04b503
 SHA512:
-  metadata.gz: 8cc0af59c6ce29837fbc8a3401d456fd407ef76b74493b08ee9b4f2dfc8807d4a95c86f9bb0266401013d5162c009d46b7d07e3f741654af2cc267c0ee2c135e
-  data.tar.gz: 78c098dbaed458d5764ca2e7ee61f4710e01b2386d0cc04831b1732b9883d76c4b9f56c35c0a1e557c40951086d72bb0ed264f769313c1b45be30b2dd760024a
+  metadata.gz: 8a0c44b54d304d4dfb2a205d41a5ac360e483209229fa49e767f9eaa595434b291661e283110f3ee39a8fbc17a4ad2d82f90a6e4545ca4112852ee50a35aa8da
+  data.tar.gz: 52bb16489dd97777f7ff2359be9014a2c55c7537b8d4449621eb95ef3b7f0030febcd06caa811d406db1fb24fcc884d22c7460a36a94255133ce261a2bbeb68d

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,15 @@
+## 0.12.0 (2021-05-15)
+* Include total view render time in logs for Rodauth requests (@janko)
+* Instrument redirects (@janko)
+* Instrument Rodauth requests on `action_controller` namespace (@janko)
+* Update templates for Boostrap 5 compatibility (@janko)
+* Log request parameters for Rodauth requests (@janko)
 ## 0.11.0 (2021-05-06)
 * Add controller-like logging for requests to Rodauth endpoints (@janko)

data/README.md CHANGED Viewed

@@ -61,7 +61,7 @@ documentation][hmac] for instructions on how to safely transition, or just set
 Add the gem to your Gemfile:
 ```rb
-gem "rodauth-rails", "~> 0.10"
+gem "rodauth-rails", "~> 0.12"
 # gem "jwt",      require: false # for JWT feature
 # gem "rotp",     require: false # for OTP feature
@@ -86,132 +86,22 @@ $ rails generate rodauth:install --jwt # token authentication via the "Authoriza
 $ bundle add jwt
 ```
-The generator will create the following files:
+This generator will create a Rodauth app with common authentication features
+enabled, a database migration with tables required by those features, a mailer
+with default templates, and a few other files.
-* Rodauth migration at `db/migrate/*_create_rodauth.rb`
-* Rodauth initializer at `config/initializers/rodauth.rb`
-* Sequel initializer at `config/initializers/sequel.rb` for ActiveRecord integration
-* Rodauth app at `app/lib/rodauth_app.rb`
-* Rodauth controller at `app/controllers/rodauth_controller.rb`
-* Account model at `app/models/account.rb`
-* Rodauth mailer at `app/mailers/rodauth_mailer.rb` with views
+Feel free to remove any features you don't need, along with their corresponding
+tables. Afterwards, run the migration:
-### Migration
-The migration file creates tables required by Rodauth. You're encouraged to
-review the migration, and modify it to only create tables for features you
-intend to use.
-```rb
-# db/migrate/*_create_rodauth.rb
-class CreateRodauth < ActiveRecord::Migration
-  def change
-    create_table :accounts do |t| ... end
-    create_table :account_password_hashes do |t| ... end
-    create_table :account_password_reset_keys do |t| ... end
-    create_table :account_verification_keys do |t| ... end
-    create_table :account_login_change_keys do |t| ... end
-    create_table :account_remember_keys do |t| ... end
-  end
-end
-```
-Once you're done, you can run the migration:
-```
+```sh
 $ rails db:migrate
 ```
-### Rodauth initializer
-The Rodauth initializer assigns the constant for your Rodauth app, which will
-be called by the Rack middleware that's added in front of your Rails router.
-```rb
-# config/initializers/rodauth.rb
-Rodauth::Rails.configure do |config|
-  config.app = "RodauthApp"
-end
-```
-### Sequel initializer
-Rodauth uses [Sequel] for database interaction. If you're using ActiveRecord,
-an additional initializer will be created which configures Sequel to use the
-ActiveRecord connection.
-```rb
-# config/initializers/sequel.rb
-require "sequel/core"
-# initialize Sequel and have it reuse Active Record's database connection
-DB = Sequel.connect("postgresql://", extensions: :activerecord_connection)
-```
-### Rodauth app
-Your Rodauth app is created in the `app/lib/` directory, and comes with a
-default set of authentication features enabled, as well as extensive examples
-on ways you can configure authentication behaviour.
-```rb
-# app/lib/rodauth_app.rb
-class RodauthApp < Rodauth::Rails::App
-  configure do
-    # authentication configuration
-  end
-  route do |r|
-    # request handling
-  end
-end
-```
-### Controller
-Your Rodauth app will by default use `RodauthController` for view rendering,
-CSRF protection, and running controller callbacks and rescue handlers around
-Rodauth actions.
-```rb
-# app/controllers/rodauth_controller.rb
-class RodauthController < ApplicationController
-end
-```
-### Account model
-Rodauth stores user accounts in the `accounts` table, so the generator will
-also create an `Account` model for custom use.
-```rb
-# app/models/account.rb
-class Account < ApplicationRecord
-end
-```
-### Rodauth mailer
-The default Rodauth app is configured to use `RodauthMailer` mailer
-for sending authentication emails.
-```rb
-# app/mailers/rodauth_mailer.rb
-class RodauthMailer < ApplicationMailer
-  def verify_account(recipient, email_link) ... end
-  def reset_password(recipient, email_link) ... end
-  def verify_login_change(recipient, old_login, new_login, email_link) ... end
-  def password_changed(recipient) ... end
-  # def email_auth(recipient, email_link) ... end
-  # def unlock_account(recipient, email_link) ... end
-end
-```
 ## Usage
 ### Routes
-We can see the list of routes our Rodauth middleware handles:
+You can see the list of routes our Rodauth middleware handles:
 ```sh
 $ rails rodauth:routes
@@ -233,7 +123,7 @@ Routes handled by RodauthApp:
   /close-account           rodauth.close_account_path
 ```
-Using this information, we could add some basic authentication links to our
+Using this information, you can add some basic authentication links to your
 navigation header:
 ```erb
@@ -264,7 +154,7 @@ end
 ### Current account
-To be able to fetch currently authenticated account, let's define a
+To be able to fetch currently authenticated account, you can define a
 `#current_account` method that fetches the account id from session and
 retrieves the corresponding account record:
@@ -281,11 +171,11 @@ class ApplicationController < ActionController::Base
     rodauth.logout
     rodauth.login_required
   end
-  helper_method :current_account # skip if inheriting from ActionController:API
+  helper_method :current_account # skip if inheriting from ActionController::API
 end
 ```
-This allows us to access the current account in controllers and views:
+This allows you to access the current account in controllers and views:
 ```erb
 <p>Authenticated as: <%= current_account.email %></p>
@@ -293,9 +183,9 @@ This allows us to access the current account in controllers and views:
 ### Requiring authentication
-We'll likely want to require authentication for certain parts of our app,
-redirecting the user to the login page if they're not logged in. We can do this
-in our Rodauth app's routing block, which helps keep the authentication logic
+You'll likely want to require authentication for certain parts of your app,
+redirecting the user to the login page if they're not logged in. You can do this
+in your Rodauth app's routing block, which helps keep the authentication logic
 encapsulated:
 ```rb
@@ -314,7 +204,7 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
-We can also require authentication at the controller layer:
+You can also require authentication at the controller layer:
 ```rb
 # app/controllers/application_controller.rb
@@ -341,8 +231,8 @@ end
 #### Routing constraints
-You can also require authentication at the Rails router level by
-using a built-in `authenticated` routing constraint:
+In some cases it makes sense to require authentication at the Rails router
+level. You can do this via the built-in `authenticated` routing constraint:
 ```rb
 # config/routes.rb
@@ -404,7 +294,7 @@ This will generate views for the default set of Rodauth features into the
 `RodauthController`.
 You can pass a list of Rodauth features to the generator to create views for
-these features (this will not remove any existing views):
+these features (this will not remove or overwrite any existing views):
 ```sh
 $ rails generate rodauth:views login create_account lockout otp
@@ -546,7 +436,7 @@ end
 ### Multiple configurations
 If you need to handle multiple types of accounts that require different
-authentication logic, you can create different configurations for them:
+authentication logic, you can create additional configurations for them:
 ```rb
 # app/lib/rodauth_app.rb
@@ -656,8 +546,8 @@ class RodauthAdmin < RodauthBase # inherit common settings
 end
 ```
-Another benefit is that you can define custom methods directly on the class
-instead of through `auth_class_eval`:
+Another benefit of explicit classes is that you can define custom methods
+directly at the class level instead of inside an `auth_class_eval`:
 ```rb
 # app/lib/rodauth_admin.rb
@@ -722,7 +612,7 @@ rodauth.setup_account_verification
 rodauth.close_account
 ```
-This Rodauth instance will be initialized with basic Rack env that allows is it
+This Rodauth instance will be initialized with basic Rack env that allows it
 to generate URLs, using `config.action_mailer.default_url_options` options.
 ## How it works
@@ -834,7 +724,7 @@ class RodauthApp < Rodauth::Rails::App
   configure do
     # ...
     enable :json
-    only_json? true # accept only JSON requests
+    only_json? true # accept only JSON requests (optional)
     # ...
   end
 end
@@ -855,7 +745,7 @@ class RodauthApp < Rodauth::Rails::App
     # ...
     enable :jwt
     jwt_secret "<YOUR_SECRET_KEY>" # store the JWT secret in a safe place
-    only_json? true # accept only JSON requests
+    only_json? true # accept only JSON requests (optional)
     # ...
   end
 end
@@ -935,7 +825,8 @@ end
 <%= link_to "Login via Facebook", "/auth/facebook" %>
 ```
-Let's implement the OmniAuth callback endpoint on our Rodauth controller:
+Finally, let's implement the OmniAuth callback endpoint on our Rodauth
+controller:
 ```rb
 # config/routes.rb
@@ -988,11 +879,8 @@ end
 ## Configuring
-For the list of configuration methods provided by Rodauth, see the [feature
-documentation].
-The `rails` feature rodauth-rails loads is customizable as well, here is the
-list of its configuration methods:
+The `rails` feature rodauth-rails loads provides the following configuration
+methods:
 | Name                        | Description                                                        |
 | :----                       | :----------                                                        |
@@ -1019,12 +907,16 @@ Rodauth::Rails.configure do |config|
 end
 ```
+For the list of configuration methods provided by Rodauth, see the [feature
+documentation].
 ## Custom extensions
 When developing custom extensions for Rodauth inside your Rails project, it's
-better to use plain modules (at least in the beginning), because Rodauth
-feature design doesn't yet support Zeitwerk reloading well. Here is
-an example of an LDAP authentication extension that uses the
+probably better to use plain modules, at least in the beginning, as Rodauth
+feature design doesn't yet work well with Zeitwerk reloading.
+Here is an example of an LDAP authentication extension that uses the
 [simple_ldap_authenticator] gem.
 ```rb

data/lib/generators/rodauth/templates/app/views/rodauth/_global_logout_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <div class="form-check">
     <%%= check_box_tag rodauth.global_logout_param, "t", false, id: "global-logout", class: "form-check-input" %>
     <%%= label_tag "global-logout", "Logout all Logged In Sessons?", class: "form-check-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_confirm_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "login-confirm", "Confirm Login" %>
+<div class="form-group mb-3">
+  <%%= label_tag "login-confirm", "Confirm Login", class: "form-label" %>
   <%%= render "field", name: rodauth.login_confirm_param, id: "login-confirm", type: :email, autocomplete: "email" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_display.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "login", "Login" %>
+<div class="form-group mb-3">
+  <%%= label_tag "login", "Login", class: "form-label" %>
   <%%= email_field_tag rodauth.login_param, params[rodauth.login_param], id: "login", readonly: true, class: "form-control-plaintext" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "login", "Login" %>
+<div class="form-group mb-3">
+  <%%= label_tag "login", "Login", class: "form-label" %>
   <%%= render "field", name: rodauth.login_param, id: "login", type: :email, autocomplete: "email" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_new_password_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "new-password", "New Password" %>
+<div class="form-group mb-3">
+  <%%= label_tag "new-password", "New Password", class: "form-label" %>
   <%%= render "field", name: rodauth.new_password_param, id: "new-password", type: "password", value: "", autocomplete: "new-password" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_otp_auth_code_field.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <%%= label_tag "otp-auth-code", "Authentication Code" %>
+<div class="form-group mb-3">
+  <%%= label_tag "otp-auth-code", "Authentication Code", class: "form-label" %>
   <div class="row">
     <div class="col-sm-3">
       <%%= render "field", name: rodauth.otp_auth_param, id: "otp-auth-code", value: "", autocomplete: "off", inputmode: "numeric" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_password_confirm_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "password-confirm", "Confirm Password" %>
+<div class="form-group mb-3">
+  <%%= label_tag "password-confirm", "Confirm Password", class: "form-label" %>
   <%%= render "field", name: rodauth.password_confirm_param, id: "password-confirm", type: :password, value: "", autocomplete: "new-password" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_password_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "password", "Password" %>
+<div class="form-group mb-3">
+  <%%= label_tag "password", "Password", class: "form-label" %>
   <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: rodauth.password_field_autocomplete_value %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_recovery_code_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "recovery_code", "Recovery Code" %>
+<div class="form-group mb-3">
+  <%%= label_tag "recovery_code", "Recovery Code", class: "form-label" %>
   <%%= render "field", name: rodauth.recovery_codes_param, id: "recovery_code", value: "", autocomplete: "off" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_sms_code_field.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <%%= label_tag "sms-code", "SMS Code" %>
+<div class="form-group mb-3">
+  <%%= label_tag "sms-code", "SMS Code", class: "form-label" %>
   <div class="row">
     <div class="col-sm-3">
       <%%= render "field", name: rodauth.sms_code_param, id: "sms-code", value: "", autocomplete: "one-time-code", inputmode: "numeric" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_sms_phone_field.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <%%= label_tag "sms-phone", "Phone Number" %>
+<div class="form-group mb-3">
+  <%%= label_tag "sms-phone", "Phone Number", class: "form-label" %>
   <div class="row">
     <div class="col-sm-3">
       <%%= render "field", name: rodauth.sms_phone_param, id: "sms-phone", type: :tel, autocomplete: "tel" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_submit.html.erb CHANGED Viewed

@@ -1,3 +1,3 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <%%= submit_tag local_assigns[:value], name: local_assigns[:name], class: local_assigns[:class] || "btn btn-primary" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_setup.html.erb CHANGED Viewed

@@ -2,14 +2,14 @@
   <%%= hidden_field_tag rodauth.otp_setup_param, rodauth.otp_user_key, id: "otp-key" %>
   <%%= hidden_field_tag rodauth.otp_setup_raw_param, rodauth.otp_key, id: "otp-hmac-secret" if rodauth.otp_keys_use_hmac? %>
-  <div class="form-group">
+  <div class="form-group mb-3">
     <p>Secret: <%%= rodauth.otp_user_key %></p>
     <p>Provisioning URL: <%%= rodauth.otp_provisioning_uri %></p>
   </div>
   <div class="row">
     <div class="col-lg-6 col-lg">
-      <div class="form-group">
+      <div class="form-group mb-3">
         <p><%%= rodauth.otp_qr_code.html_safe %></p>
       </div>
     </div>

data/lib/generators/rodauth/templates/app/views/rodauth/remember.html.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 <%%= form_tag rodauth.remember_path, method: :post do %>
-  <fieldset class="form-group">
+  <fieldset class="form-group mb-3">
     <div class="form-check">
       <%%= radio_button_tag rodauth.remember_param, rodauth.remember_remember_param_value, false, id: "remember-remember", class: "form-check-input" %>
       <%%= label_tag "remember-remember", "Remember Me", class: "form-check-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_remove.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <%%= form_tag rodauth.webauthn_remove_path, method: :post, id: "webauthn-remove-form" do %>
   <%%= render "password_field" if rodauth.two_factor_modifications_require_password? %>
-  <fieldset class="form-group">
+  <fieldset class="form-group mb-3">
     <%% (usage = rodauth.account_webauthn_usage).each do |id, last_use| %>
       <div class="form-check">
         <%%= render "field", name: rodauth.webauthn_remove_param, id: "webauthn-remove-#{id}", type: :radio, class: "form-check-input", skip_error_message: true, value: id, required: false %>

data/lib/rodauth/rails/feature.rb CHANGED Viewed

@@ -1,234 +1,21 @@
 module Rodauth
   Feature.define(:rails) do
-    depends :email_base
-    # List of overridable methods.
-    auth_methods(
-      :rails_render,
-      :rails_csrf_tag,
-      :rails_csrf_param,
-      :rails_csrf_token,
-      :rails_check_csrf!,
-      :rails_controller,
-    )
-    auth_cached_method :rails_controller_instance
-    # Renders templates with layout. First tries to render a user-defined
-    # template, otherwise falls back to Rodauth's template.
-    def view(page, *)
-      rails_render(action: page.tr("-", "_"), layout: true) ||
-        rails_render(html: super.html_safe, layout: true)
-    end
-    # Renders templates without layout. First tries to render a user-defined
-    # template or partial, otherwise falls back to Rodauth's template.
-    def render(page)
-      rails_render(partial: page.tr("-", "_"), layout: false) ||
-        rails_render(action: page.tr("-", "_"), layout: false) ||
-        super.html_safe
-    end
-    # Render Rails CSRF tags in Rodauth templates.
-    def csrf_tag(*)
-      rails_csrf_tag
-    end
-    # Verify Rails' authenticity token.
-    def check_csrf
-      rails_check_csrf!
-    end
-    # Have Rodauth call #check_csrf automatically.
-    def check_csrf?
-      true
-    end
-    # Reset Rails session to protect from session fixation attacks.
-    def clear_session
-      rails_controller_instance.reset_session
-    end
-    # Default the flash error key to Rails' default :alert.
-    def flash_error_key
-      :alert
-    end
-    # Evaluates the block in context of a Rodauth controller instance.
-    def rails_controller_eval(&block)
-      rails_controller_instance.instance_exec(&block)
-    end
-    def button(*)
-      super.html_safe
-    end
-    delegate :rails_routes, :rails_request, to: :scope
-    private
-    # Runs controller callbacks and rescue handlers around Rodauth actions.
-    def _around_rodauth(&block)
-      result = nil
-      rails_instrument_request do
-        rails_controller_rescue do
-          rails_controller_callbacks do
-            result = catch(:halt) { super(&block) }
-          end
-        end
-        result = handle_rails_controller_response(result)
-      end
-      throw :halt, result if result
-    end
-    # Handles controller rendering a response or setting response headers.
-    def handle_rails_controller_response(result)
-      if rails_controller_instance.performed?
-        rails_controller_response
-      elsif result
-        result[1].merge!(rails_controller_instance.response.headers)
-        result
-      end
-    end
-    # Runs any #(before|around|after)_action controller callbacks.
-    def rails_controller_callbacks
-      # don't verify CSRF token as part of callbacks, Rodauth will do that
-      rails_controller_forgery_protection { false }
-      rails_controller_instance.run_callbacks(:process_action) do
-        # turn the setting back to default so that form tags generate CSRF tags
-        rails_controller_forgery_protection { rails_controller.allow_forgery_protection }
-        yield
-      end
-    end
-    # Runs any registered #rescue_from controller handlers.
-    def rails_controller_rescue
-      yield
-    rescue Exception => exception
-      rails_controller_instance.rescue_with_handler(exception) || raise
-      unless rails_controller_instance.performed?
-        raise Rodauth::Rails::Error, "rescue_from handler didn't write any response"
-      end
-    end
-    def rails_instrument_request
-      ActiveSupport::Notifications.instrument("start_processing.rodauth", rodauth: self)
-      ActiveSupport::Notifications.instrument("process_request.rodauth", rodauth: self) do |payload|
-        begin
-          status, headers, body = yield
-          payload[:status] = status || 404
-          payload[:headers] = headers
-          payload[:body] = body
-        ensure
-          rails_controller_instance.send(:append_info_to_payload, payload)
-        end
-      end
-    end
-    # Returns Roda response from controller response if set.
-    def rails_controller_response
-      controller_response = rails_controller_instance.response
-      response.status = controller_response.status
-      response.headers.merge! controller_response.headers
-      response.write controller_response.body
-      response.finish
-    end
-    # Create emails with ActionMailer which uses configured delivery method.
-    def create_email_to(to, subject, body)
-      Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)
-    end
-    # Delivers the given email.
-    def send_email(email)
-      email.deliver_now
-    end
-    # Calls the Rails renderer, returning nil if a template is missing.
-    def rails_render(*args)
-      return if rails_api_controller?
-      rails_controller_instance.render_to_string(*args)
-    rescue ActionView::MissingTemplate
-      nil
-    end
-    # Calls the controller to verify the authenticity token.
-    def rails_check_csrf!
-      rails_controller_instance.send(:verify_authenticity_token)
-    end
-    # Hidden tag with Rails CSRF token inserted into Rodauth templates.
-    def rails_csrf_tag
-      %(<input type="hidden" name="#{rails_csrf_param}" value="#{rails_csrf_token}">)
-    end
-    # The request parameter under which to send the Rails CSRF token.
-    def rails_csrf_param
-      rails_controller.request_forgery_protection_token
-    end
-    # The Rails CSRF token value inserted into Rodauth templates.
-    def rails_csrf_token
-      rails_controller_instance.send(:form_authenticity_token)
-    end
-    # allows/disables forgery protection
-    def rails_controller_forgery_protection(&value)
-      return if rails_api_controller?
-      rails_controller_instance.allow_forgery_protection = value.call
-    end
-    # Instances of the configured controller with current request's env hash.
-    def _rails_controller_instance
-      controller = rails_controller.new
-      prepare_rails_controller(controller, rails_request)
-      controller
-    end
-    if ActionPack.version >= Gem::Version.new("5.0")
-      def prepare_rails_controller(controller, rails_request)
-        controller.set_request! rails_request
-        controller.set_response! rails_controller.make_response!(rails_request)
-      end
-    else
-      def prepare_rails_controller(controller, rails_request)
-        controller.send(:set_response!, rails_request)
-        controller.instance_variable_set(:@_request, rails_request)
-      end
-    end
-    def rails_api_controller?
-      defined?(ActionController::API) && rails_controller <= ActionController::API
-    end
-    def rails_controller
-      if only_json? && Rodauth::Rails.api_only?
-        ActionController::API
-      else
-        ActionController::Base
-      end
-    end
-    # ActionMailer subclass for correct email delivering.
-    class Mailer < ActionMailer::Base
-      def create_email(**options)
-        mail(**options)
-      end
-    end
+    # Assign feature and feature configuration to constants for introspection.
+    Rodauth::Rails::Feature              = self
+    Rodauth::Rails::FeatureConfiguration = self.configuration
+    require "rodauth/rails/feature/base"
+    require "rodauth/rails/feature/callbacks"
+    require "rodauth/rails/feature/csrf"
+    require "rodauth/rails/feature/render"
+    require "rodauth/rails/feature/email"
+    require "rodauth/rails/feature/instrumentation"
+    include Rodauth::Rails::Feature::Base
+    include Rodauth::Rails::Feature::Callbacks
+    include Rodauth::Rails::Feature::Csrf
+    include Rodauth::Rails::Feature::Render
+    include Rodauth::Rails::Feature::Email
+    include Rodauth::Rails::Feature::Instrumentation
   end
-  # Assign feature and feature configuration to constants for introspection.
-  Rails::Feature              = FEATURES[:rails]
-  Rails::FeatureConfiguration = FEATURES[:rails].configuration
 end

data/lib/rodauth/rails/feature/base.rb ADDED Viewed

@@ -0,0 +1,62 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Base
+        def self.included(feature)
+          feature.auth_methods :rails_controller
+          feature.auth_cached_method :rails_controller_instance
+        end
+        # Reset Rails session to protect from session fixation attacks.
+        def clear_session
+          rails_controller_instance.reset_session
+        end
+        # Default the flash error key to Rails' default :alert.
+        def flash_error_key
+          :alert
+        end
+        # Evaluates the block in context of a Rodauth controller instance.
+        def rails_controller_eval(&block)
+          rails_controller_instance.instance_exec(&block)
+        end
+        delegate :rails_routes, :rails_request, to: :scope
+        private
+        # Instances of the configured controller with current request's env hash.
+        def _rails_controller_instance
+          controller = rails_controller.new
+          prepare_rails_controller(controller, rails_request)
+          controller
+        end
+        if ActionPack.version >= Gem::Version.new("5.0")
+          def prepare_rails_controller(controller, rails_request)
+            controller.set_request! rails_request
+            controller.set_response! rails_controller.make_response!(rails_request)
+          end
+        else
+          def prepare_rails_controller(controller, rails_request)
+            controller.send(:set_response!, rails_request)
+            controller.instance_variable_set(:@_request, rails_request)
+          end
+        end
+        def rails_api_controller?
+          defined?(ActionController::API) && rails_controller <= ActionController::API
+        end
+        def rails_controller
+          if only_json? && Rodauth::Rails.api_only?
+            ActionController::API
+          else
+            ActionController::Base
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/callbacks.rb ADDED Viewed

@@ -0,0 +1,61 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Callbacks
+        private
+        # Runs controller callbacks and rescue handlers around Rodauth actions.
+        def _around_rodauth(&block)
+          result = nil
+          rails_controller_rescue do
+            rails_controller_callbacks do
+              result = catch(:halt) { super(&block) }
+            end
+          end
+          result = handle_rails_controller_response(result)
+          throw :halt, result if result
+        end
+        # Runs any #(before|around|after)_action controller callbacks.
+        def rails_controller_callbacks(&block)
+          rails_controller_instance.run_callbacks(:process_action, &block)
+        end
+        # Runs any registered #rescue_from controller handlers.
+        def rails_controller_rescue
+          yield
+        rescue Exception => exception
+          rails_controller_instance.rescue_with_handler(exception) || raise
+          unless rails_controller_instance.performed?
+            raise Rodauth::Rails::Error, "rescue_from handler didn't write any response"
+          end
+        end
+        # Handles controller rendering a response or setting response headers.
+        def handle_rails_controller_response(result)
+          if rails_controller_instance.performed?
+            rails_controller_response
+          elsif result
+            result[1].merge!(rails_controller_instance.response.headers)
+            result
+          end
+        end
+        # Returns Roda response from controller response if set.
+        def rails_controller_response
+          controller_response = rails_controller_instance.response
+          response.status = controller_response.status
+          response.headers.merge! controller_response.headers
+          response.write controller_response.body
+          response.finish
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/csrf.rb ADDED Viewed

@@ -0,0 +1,65 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Csrf
+        def self.included(feature)
+          feature.auth_methods(
+            :rails_csrf_tag,
+            :rails_csrf_param,
+            :rails_csrf_token,
+            :rails_check_csrf!,
+          )
+        end
+        # Render Rails CSRF tags in Rodauth templates.
+        def csrf_tag(*)
+          rails_csrf_tag
+        end
+        # Verify Rails' authenticity token.
+        def check_csrf
+          rails_check_csrf!
+        end
+        # Have Rodauth call #check_csrf automatically.
+        def check_csrf?
+          true
+        end
+        private
+        def rails_controller_callbacks
+          return super if rails_api_controller?
+          # don't verify CSRF token as part of callbacks, Rodauth will do that
+          rails_controller_instance.allow_forgery_protection = false
+          super do
+            # turn the setting back to default so that form tags generate CSRF tags
+            rails_controller_instance.allow_forgery_protection = rails_controller.allow_forgery_protection
+            yield
+          end
+        end
+        # Calls the controller to verify the authenticity token.
+        def rails_check_csrf!
+          rails_controller_instance.send(:verify_authenticity_token)
+        end
+        # Hidden tag with Rails CSRF token inserted into Rodauth templates.
+        def rails_csrf_tag
+          %(<input type="hidden" name="#{rails_csrf_param}" value="#{rails_csrf_token}">)
+        end
+        # The request parameter under which to send the Rails CSRF token.
+        def rails_csrf_param
+          rails_controller.request_forgery_protection_token
+        end
+        # The Rails CSRF token value inserted into Rodauth templates.
+        def rails_csrf_token
+          rails_controller_instance.send(:form_authenticity_token)
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/email.rb ADDED Viewed

@@ -0,0 +1,30 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Email
+        def self.included(feature)
+          feature.depends :email_base
+        end
+        private
+        # Create emails with ActionMailer which uses configured delivery method.
+        def create_email_to(to, subject, body)
+          Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)
+        end
+        # Delivers the given email.
+        def send_email(email)
+          email.deliver_now
+        end
+        # ActionMailer subclass for correct email delivering.
+        class Mailer < ActionMailer::Base
+          def create_email(**options)
+            mail(**options)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/instrumentation.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Instrumentation
+        private
+        def _around_rodauth
+          rails_instrument_request { super }
+        end
+        def redirect(*)
+          rails_instrument_redirection { super }
+        end
+        def rails_render(*)
+          render_output = nil
+          rails_controller_instance.view_runtime = rails_controller_instance.send(:cleanup_view_runtime) do
+            Benchmark.ms { render_output = super }
+          end
+          render_output
+        end
+        def rails_instrument_request
+          request = rails_request
+          raw_payload = {
+            controller: scope.class.superclass.name,
+            action: "call",
+            request: request,
+            params: request.filtered_parameters,
+            headers: request.headers,
+            format: request.format.ref,
+            method: request.request_method,
+            path: request.fullpath
+          }
+          ActiveSupport::Notifications.instrument("start_processing.action_controller", raw_payload)
+          ActiveSupport::Notifications.instrument("process_action.action_controller", raw_payload) do |payload|
+            begin
+              result = catch(:halt) { yield }
+              response = ActionDispatch::Response.new *(result || [404, {}, []])
+              payload[:response] = response
+              payload[:status] = response.status
+              throw :halt, result if result
+            rescue => error
+              payload[:status] = ActionDispatch::ExceptionWrapper.status_code_for_exception(error.class.name)
+              raise
+            ensure
+              rails_controller_eval { append_info_to_payload(payload) }
+            end
+          end
+        end
+        def rails_instrument_redirection
+          ActiveSupport::Notifications.instrument("redirect_to.action_controller", request: rails_request) do |payload|
+            result = catch(:halt) { yield }
+            response = ActionDispatch::Response.new(*result)
+            payload[:status] = response.status
+            payload[:location] = response.filtered_location
+            throw :halt, result
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/render.rb ADDED Viewed

@@ -0,0 +1,41 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Render
+        def self.included(feature)
+          feature.auth_methods :rails_render
+        end
+        # Renders templates with layout. First tries to render a user-defined
+        # template, otherwise falls back to Rodauth's template.
+        def view(page, *)
+          rails_render(action: page.tr("-", "_"), layout: true) ||
+            rails_render(html: super.html_safe, layout: true)
+        end
+        # Renders templates without layout. First tries to render a user-defined
+        # template or partial, otherwise falls back to Rodauth's template.
+        def render(page)
+          rails_render(partial: page.tr("-", "_"), layout: false) ||
+            rails_render(action: page.tr("-", "_"), layout: false) ||
+            super.html_safe
+        end
+        def button(*)
+          super.html_safe
+        end
+        private
+        # Calls the Rails renderer, returning nil if a template is missing.
+        def rails_render(*args)
+          return if rails_api_controller?
+          rails_controller_instance.render_to_string(*args)
+        rescue ActionView::MissingTemplate
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/railtie.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 require "rodauth/rails/middleware"
 require "rodauth/rails/controller_methods"
-require "rodauth/rails/log_subscriber"
 require "rails"
@@ -17,10 +16,6 @@ module Rodauth
         end
       end
-      initializer "rodauth.log_subscriber" do
-        Rodauth::Rails::LogSubscriber.attach_to :rodauth
-      end
       initializer "rodauth.test" do
         # Rodauth uses RACK_ENV to set the default bcrypt hash cost
         ENV["RACK_ENV"] = "test" if ::Rails.env.test?

data/lib/rodauth/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.11.0"
+    VERSION = "0.12.0"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-06 00:00:00.000000000 Z
+date: 2021-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -207,7 +207,12 @@ files:
 - lib/rodauth/rails/auth.rb
 - lib/rodauth/rails/controller_methods.rb
 - lib/rodauth/rails/feature.rb
-- lib/rodauth/rails/log_subscriber.rb
+- lib/rodauth/rails/feature/base.rb
+- lib/rodauth/rails/feature/callbacks.rb
+- lib/rodauth/rails/feature/csrf.rb
+- lib/rodauth/rails/feature/email.rb
+- lib/rodauth/rails/feature/instrumentation.rb
+- lib/rodauth/rails/feature/render.rb
 - lib/rodauth/rails/middleware.rb
 - lib/rodauth/rails/railtie.rb
 - lib/rodauth/rails/tasks.rake

data/lib/rodauth/rails/log_subscriber.rb DELETED Viewed

@@ -1,34 +0,0 @@
-module Rodauth
-  module Rails
-    class LogSubscriber < ActiveSupport::LogSubscriber
-      def start_processing(event)
-        rodauth = event.payload[:rodauth]
-        app_class = rodauth.scope.class.superclass
-        format = rodauth.rails_request.format.ref
-        format = format.to_s.upcase if format.is_a?(Symbol)
-        format = "*/*" if format.nil?
-        info "Processing by #{app_class} as #{format}"
-      end
-      def process_request(event)
-        status = event.payload[:status]
-        additions = ActionController::Base.log_process_action(event.payload)
-        if ::Rails.gem_version >= Gem::Version.new("6.0")
-          additions << "Allocations: #{event.allocations}"
-        end
-        message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
-        message << " (#{additions.join(" | ")})"
-        message << "\n\n" if defined?(::Rails.env) && ::Rails.env.development?
-        info message
-      end
-      def logger
-        ::Rails.logger
-      end
-    end
-  end
-end