rodauth-rails 0.12.0 → 0.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 27d48e6bf86cf81b33f6b0282048c2fb6f16ec6602136e18de6ede5120cfd808
-  data.tar.gz: 2f79498ff25a42131a5ead77f3d4adf05152bc85f271c8b985f0f9fa8c04b503
+  metadata.gz: cc8ee44d094627dcacd9d9b7f5da1eb165cff1af209f079b667e0f04e9540b30
+  data.tar.gz: f179e4eaea99d04ff6ff71c6357cdf75a19991645c9904ab6373c03b5dcd1a16
 SHA512:
-  metadata.gz: 8a0c44b54d304d4dfb2a205d41a5ac360e483209229fa49e767f9eaa595434b291661e283110f3ee39a8fbc17a4ad2d82f90a6e4545ca4112852ee50a35aa8da
-  data.tar.gz: 52bb16489dd97777f7ff2359be9014a2c55c7537b8d4449621eb95ef3b7f0030febcd06caa811d406db1fb24fcc884d22c7460a36a94255133ce261a2bbeb68d
+  metadata.gz: 78c28c13751abb439179813948bf665cd040444171998e42ecdb4cb42f698097731f4c073b7595d083ba5825a9989940deee052771fb5f76f93bd333e94af500
+  data.tar.gz: eb3a04ae6333dc471fd7fbdb264527a359893fb100d7833bab3545f7d91e213bfc8a2daa562ffc22f531073f39f4bee3de893bffd87201b3e57d1dce99c97320

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.13.0 (2021-06-10)
+
+* Add `:query`, `:form`, `:session`, `:account`, and `:env` options to `Rodauth::Rails.rodauth` (@janko)
+
 ## 0.12.0 (2021-05-15)
 
 * Include total view render time in logs for Rodauth requests (@janko)

data/README.md

@@ -41,27 +41,15 @@ Active Record's database connection][sequel-activerecord_connection].
 
 ## Upgrading
 
-### Upgrading to 0.7.0
-
-Starting from version 0.7.0, rodauth-rails now correctly detects Rails
-application's `secret_key_base` when setting default `hmac_secret`, including
-when it's set via credentials or `$SECRET_KEY_BASE` environment variable. This
-means that your authentication will now be more secure by default, and Rodauth
-features that require `hmac_secret` should now work automatically as well.
-
-However, if you've already been using rodauth-rails in production, where the
-`secret_key_base` is set via credentials or environment variable and `hmac_secret`
-was not explicitly set, the fact that your authentication will now start using
-HMACs has backwards compatibility considerations. See the [Rodauth
-documentation][hmac] for instructions on how to safely transition, or just set
-`hmac_secret nil` in your Rodauth configuration.
+For instructions on upgrading from previous rodauth-rails versions, see
+[UPGRADING.md](/UPGRADING.md).
 
 ## Installation
 
 Add the gem to your Gemfile:
 
 ```rb
-gem "rodauth-rails", "~> 0.12"
+gem "rodauth-rails", "~> 0.13"
 
 # gem "jwt",      require: false # for JWT feature
 # gem "rotp",     require: false # for OTP feature
@@ -464,7 +452,7 @@ class RodauthApp < Rodauth::Rails::App
 
     r.on "admin" do
       r.rodauth(:admin)
-      r.pass # allow the Rails app to handle other "/admin/*" requests
+      break # allow routing of other /admin/* requests to continue to Rails
     end
 
     # ...
@@ -599,8 +587,8 @@ end
 ### Rodauth instance
 
 In some cases you might need to use Rodauth more programmatically, and perform
-Rodauth operations outside of the request context. rodauth-rails gives you the
-ability to retrieve the Rodauth instance:
+Rodauth operations outside of the request context. rodauth-rails gives you a
+helper method for building a Rodauth instance:
 
 ```rb
 rodauth = Rodauth::Rails.rodauth # or Rodauth::Rails.rodauth(:admin)
@@ -612,8 +600,22 @@ rodauth.setup_account_verification
 rodauth.close_account
 ```
 
-This Rodauth instance will be initialized with basic Rack env that allows it
-to generate URLs, using `config.action_mailer.default_url_options` options.
+The base URL is taken from Action Mailer's `default_url_options` setting if
+configured. The `Rodauth::Rails.rodauth` method accepts additional keyword
+arguments:
+
+* `:account` – Active Record model instance from which to set `account` and `session[:account_id]`
+* `:query` & `:form` – set specific query/form parameters
+* `:session` – set any session values
+* `:env` – set any additional Rack env values
+
+```rb
+Rodauth::Rails.rodauth(account: Account.find(account_id))
+Rodauth::Rails.rodauth(query: { "param" => "value" })
+Rodauth::Rails.rodauth(form: { "param" => "value" })
+Rodauth::Rails.rodauth(session: { two_factor_auth_setup: true })
+Rodauth::Rails.rodauth(env: { "HTTP_USER_AGENT" => "programmatic" })
+```
 
 ## How it works
 
@@ -1176,6 +1178,18 @@ configure do
 end
 ```
 
+### Deadline values
+
+To simplify changes to the database schema, rodauth-rails configures Rodauth
+to set deadline values for various features in Ruby, instead of relying on
+the database to set default column values.
+
+You can easily change this back:
+
+```rb
+set_deadline_values? false
+```
+
 ## License
 
 The gem is available as open source under the terms of the [MIT

data/lib/rodauth/rails.rb

@@ -1,6 +1,9 @@
 require "rodauth/rails/version"
 require "rodauth/rails/railtie"
 
+require "rack/utils"
+require "stringio"
+
 module Rodauth
   module Rails
     class Error < StandardError
@@ -14,7 +17,7 @@ module Rodauth
     @middleware = true
 
     class << self
-      def rodauth(name = nil)
+      def rodauth(name = nil, query: {}, form: {}, session: {}, account: nil, env: {})
         url_options = ActionMailer::Base.default_url_options
 
         scheme   = url_options[:protocol] || "http"
@@ -23,14 +26,29 @@ module Rodauth
         host     = url_options[:host]
         host    += ":#{port}" if port
 
+        content_type = "application/x-www-form-urlencoded" if form.any?
+
         rack_env = {
+          "QUERY_STRING"    => Rack::Utils.build_nested_query(query),
+          "rack.input"      => StringIO.new(Rack::Utils.build_nested_query(form)),
+          "CONTENT_TYPE"    => content_type,
+          "rack.session"    => {},
           "HTTP_HOST"       => host,
           "rack.url_scheme" => scheme,
-        }
+        }.merge(env)
+
+        scope    = app.new(rack_env)
+        instance = scope.rodauth(name)
 
-        scope = app.new(rack_env)
+        # update session hash here to make it work with JWT session
+        instance.session.merge!(session)
+
+        if account
+          instance.instance_variable_set(:@account, account.attributes.symbolize_keys)
+          instance.session[instance.session_key] = instance.account_session_value
+        end
 
-        scope.rodauth(name)
+        instance
       end
 
       # routing constraint that requires authentication

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.12.0"
+    VERSION = "0.13.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.13.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-15 00:00:00.000000000 Z
+date: 2021-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -237,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.15
 signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.