RubyGems - rodauth-rails - Versions diffs - 0.12.0 → 0.16.0 - Mend

rodauth-rails 0.12.0 → 0.16.0

Files changed (71) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 27d48e6bf86cf81b33f6b0282048c2fb6f16ec6602136e18de6ede5120cfd808
-  data.tar.gz: 2f79498ff25a42131a5ead77f3d4adf05152bc85f271c8b985f0f9fa8c04b503
+  metadata.gz: e46466d584d7579c32e7d7e53335260dd137c04371f4b7c4680caa5c6a4e4147
+  data.tar.gz: c0be8bdc56f5214c885fc5ad990a0be511251cab6dbf9b0ec7aa3fbd8631d0c9
 SHA512:
-  metadata.gz: 8a0c44b54d304d4dfb2a205d41a5ac360e483209229fa49e767f9eaa595434b291661e283110f3ee39a8fbc17a4ad2d82f90a6e4545ca4112852ee50a35aa8da
-  data.tar.gz: 52bb16489dd97777f7ff2359be9014a2c55c7537b8d4449621eb95ef3b7f0030febcd06caa811d406db1fb24fcc884d22c7460a36a94255133ce261a2bbeb68d
+  metadata.gz: 8428739e888033efa811819ee8561fa3f2ae342074f6e27bbf257c18bf7029ab87380a82c75c6c08de2a0d4de49482eac74a32bc7aaf0579baf45978fe63811c
+  data.tar.gz: d626ea202fe8e371e6c77364a9e3c1ef34fdccff0ce7794c54b3fc748b0e1a764e92b99b6b7f06aaa8e2f2f67b155b127c0b1314d4ec7420637013136170141c

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,39 @@
+## 0.16.0 (2021-09-26)
+* Add `#current_account` to methods defined on `ActionController::Base` (@janko)
+* Add missing template for verify_login_change feature to `rodauth:views` generator (@janko)
+* Add `#rodauth_response` controller method for converting rodauth responses into controller responses (@janko)
+## 0.15.0 (2021-07-29)
+* Add `Rodauth::Rails::Model` mixin that defines password attribute and associations on the model (@janko)
+* Add support for the new internal_request feature (@janko)
+* Implement `Rodauth::Rails.rodauth` in terms of the internal_request feature (@janko)
+## 0.14.0 (2021-07-10)
+* Speed up template rendering by only searching formats accepted by the request (@janko)
+* Add `--name` option to `rodauth:views` generator for specifying different rodauth configuration (@janko)
+* Infer correct template path from configured controller in `rodauth:views` generator (@janko)
+* Raise `ArgumentError` if undefined rodauth configuration is passed to `Rodauth::Rails.app` (@janko)
+* Make `#rails_controller` method on the rodauth instance public (@janko)
+* Remove `--directory` option from `rodauth:views` generator (@janko)
+* Remove `#features` and `#routes` writer and `#configuration` reader from `Rodauth::Rails::Auth` (@janko)
+## 0.13.0 (2021-06-10)
+* Add `:query`, `:form`, `:session`, `:account`, and `:env` options to `Rodauth::Rails.rodauth` (@janko)
 ## 0.12.0 (2021-05-15)
 * Include total view render time in logs for Rodauth requests (@janko)

data/README.md CHANGED Viewed

@@ -41,27 +41,15 @@ Active Record's database connection][sequel-activerecord_connection].
 ## Upgrading
-### Upgrading to 0.7.0
-Starting from version 0.7.0, rodauth-rails now correctly detects Rails
-application's `secret_key_base` when setting default `hmac_secret`, including
-when it's set via credentials or `$SECRET_KEY_BASE` environment variable. This
-means that your authentication will now be more secure by default, and Rodauth
-features that require `hmac_secret` should now work automatically as well.
-However, if you've already been using rodauth-rails in production, where the
-`secret_key_base` is set via credentials or environment variable and `hmac_secret`
-was not explicitly set, the fact that your authentication will now start using
-HMACs has backwards compatibility considerations. See the [Rodauth
-documentation][hmac] for instructions on how to safely transition, or just set
-`hmac_secret nil` in your Rodauth configuration.
+For instructions on upgrading from previous rodauth-rails versions, see
+[UPGRADING.md](/UPGRADING.md).
 ## Installation
 Add the gem to your Gemfile:
 ```rb
-gem "rodauth-rails", "~> 0.12"
+gem "rodauth-rails", "~> 0.16"
 # gem "jwt",      require: false # for JWT feature
 # gem "rotp",     require: false # for OTP feature
@@ -154,33 +142,24 @@ end
 ### Current account
-To be able to fetch currently authenticated account, you can define a
-`#current_account` method that fetches the account id from session and
-retrieves the corresponding account record:
+The `#current_account` method is defined in controllers and views, which
+returns the model instance of the currently logged in account.
 ```rb
-# app/controllers/application_controller.rb
-class ApplicationController < ActionController::Base
-  before_action :current_account, if: -> { rodauth.logged_in? }
-  private
-  def current_account
-    @current_account ||= Account.find(rodauth.session_value)
-  rescue ActiveRecord::RecordNotFound
-    rodauth.logout
-    rodauth.login_required
-  end
-  helper_method :current_account # skip if inheriting from ActionController::API
-end
+current_account #=> #<Account id=123 email="user@example.com">
+current_account.email #=> "user@example.com"
 ```
-This allows you to access the current account in controllers and views:
+Pass the configuration name to retrieve accounts belonging to other Rodauth
+configurations:
-```erb
-<p>Authenticated as: <%= current_account.email %></p>
+```rb
+current_account(:admin)
 ```
+If the account doesn't exist in the database, the session will be cleared and
+login required.
 ### Requiring authentication
 You'll likely want to require authentication for certain parts of your app,
@@ -290,8 +269,8 @@ $ rails generate rodauth:views
 ```
 This will generate views for the default set of Rodauth features into the
-`app/views/rodauth` directory, which will be automatically picked up by the
-`RodauthController`.
+`app/views/rodauth` directory, provided that `RodauthController` is set for the
+main configuration.
 You can pass a list of Rodauth features to the generator to create views for
 these features (this will not remove or overwrite any existing views):
@@ -306,12 +285,10 @@ Or you can generate views for all features:
 $ rails generate rodauth:views --all
 ```
-You can also tell the generator to create views into another directory (in this
-case make sure to rename the Rodauth controller accordingly):
+Use `--name` to generate views for a different Rodauth configuration:
 ```sh
-# generates views into app/views/authentication
-$ rails generate rodauth:views --name authentication
+$ rails generate rodauth:views --name admin
 ```
 #### Layout
@@ -404,14 +381,48 @@ end
 This configuration calls `#deliver_later`, which uses Active Job to deliver
 emails in a background job. It's generally recommended to send emails
 asynchronously for better request throughput and the ability to retry
-deliveries. However, if you want to send emails synchronously, modify the
-configuration to call `#deliver_now` instead.
+deliveries. However, if you want to send emails synchronously, you can modify
+the configuration to call `#deliver_now` instead.
 If you're using a background processing library without an Active Job adapter,
 or a 3rd-party service for sending transactional emails, this two-phase API
 might not be suitable. In this case, instead of overriding `#create_*_email`
 and `#send_email`, override the `#send_*_email` methods instead, which are
-required to send the email immediately.
+required to send the email immediately. For example:
+```rb
+# app/workers/rodauth_mailer_worker.rb
+class RodauthMailerWorker
+  include Sidekiq::Worker
+  def perform(name, *args)
+    email = RodauthMailer.public_send(name, *args)
+    email.deliver_now
+  end
+end
+```
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    # ...
+    # use `#send_*_email` method to be able to immediately enqueue email delivery
+    send_reset_password_email do
+      enqueue_email(:reset_password, email_to, reset_password_email_link)
+    end
+    # ...
+    auth_class_eval do
+      # custom method for enqueuing email delivery using our worker
+      def enqueue_email(name, *args)
+        db.after_commit do
+          RodauthMailerWorker.perform_async(name, *args)
+        end
+      end
+    end
+    # ...
+  end
+end
+```
 ### Migrations
@@ -433,6 +444,134 @@ class CreateRodauthOtpSmsCodesRecoveryCodes < ActiveRecord::Migration
 end
 ```
+### Model
+The `Rodauth::Rails::Model` mixin can be included into the account model, which
+defines a password attribute and associations for tables used by enabled
+authentication features.
+```rb
+class Account < ApplicationRecord
+  include Rodauth::Rails.model # or `Rodauth::Rails.model(:admin)`
+end
+```
+#### Password attribute
+Regardless of whether you're storing the password hash in a column in the
+accounts table, or in a separate table, the `#password` attribute can be used
+to set or clear the password hash.
+```rb
+account = Account.create!(email: "user@example.com", password: "secret")
+# when password hash is stored in a column on the accounts table
+account.password_hash #=> "$2a$12$k/Ub1I2iomi84RacqY89Hu4.M0vK7klRnRtzorDyvOkVI.hKhkNw."
+# when password hash is stored in a separate table
+account.password_hash #=> #<Account::PasswordHash...> (record from `account_password_hashes` table)
+account.password_hash.password_hash #=> "$2a$12$k/Ub1..." (inaccessible when using database authentication functions)
+account.password = nil # clears password hash
+account.password_hash #=> nil
+```
+Note that the password attribute doesn't come with validations, making it
+unsuitable for forms. It was primarily intended to allow easily creating
+accounts in development console and in tests.
+#### Associations
+The `Rodauth::Rails::Model` mixin defines associations for Rodauth tables
+associated to the accounts table:
+```rb
+account.remember_key #=> #<Account::RememberKey> (record from `account_remember_keys` table)
+account.active_session_keys #=> [#<Account::ActiveSessionKey>,...] (records from `account_active_session_keys` table)
+```
+You can also reference the associated models directly:
+```rb
+# model referencing the `account_authentication_audit_logs` table
+Account::AuthenticationAuditLog.where(message: "login").group(:account_id)
+```
+The associated models define the inverse `belongs_to :account` association:
+```rb
+Account::ActiveSessionKey.includes(:account).map(&:account)
+```
+Here is an example of using associations to create a method that returns
+whether the account has multifactor authentication enabled:
+```rb
+class Account < ApplicationRecord
+  include Rodauth::Rails.model
+  def mfa_enabled?
+    otp_key || (sms_code && sms_code.num_failures.nil?) || recovery_codes.any?
+  end
+end
+```
+Here is another example of creating a query scope that selects accounts with
+multifactor authentication enabled:
+```rb
+class Account < ApplicationRecord
+  include Rodauth::Rails.model
+  scope :otp_setup, -> { where(otp_key: OtpKey.all) }
+  scope :sms_codes_setup, -> { where(sms_code: SmsCode.where(num_failures: nil)) }
+  scope :recovery_codes_setup, -> { where(recovery_codes: RecoveryCode.all) }
+  scope :mfa_enabled, -> { merge(otp_setup.or(sms_codes_setup).or(recovery_codes_setup)) }
+end
+```
+Below is a list of all associations defined depending on the features loaded:
+| Feature                 | Association                  | Type       | Model                    | Table (default)                     |
+| :------                 | :----------                  | :---       | :----                    | :----                               |
+| account_expiration      | `:activity_time`             | `has_one`  | `ActivityTime`           | `account_activity_times`            |
+| active_sessions         | `:active_session_keys`       | `has_many` | `ActiveSessionKey`       | `account_active_session_keys`       |
+| audit_logging           | `:authentication_audit_logs` | `has_many` | `AuthenticationAuditLog` | `account_authentication_audit_logs` |
+| disallow_password_reuse | `:previous_password_hashes`  | `has_many` | `PreviousPasswordHash`   | `account_previous_password_hashes`  |
+| email_auth              | `:email_auth_key`            | `has_one`  | `EmailAuthKey`           | `account_email_auth_keys`           |
+| jwt_refresh             | `:jwt_refresh_keys`          | `has_many` | `JwtRefreshKey`          | `account_jwt_refresh_keys`          |
+| lockout                 | `:lockout`                   | `has_one`  | `Lockout`                | `account_lockouts`                  |
+| lockout                 | `:login_failure`             | `has_one`  | `LoginFailure`           | `account_login_failures`            |
+| otp                     | `:otp_key`                   | `has_one`  | `OtpKey`                 | `account_otp_keys`                  |
+| password_expiration     | `:password_change_time`      | `has_one`  | `PasswordChangeTime`     | `account_password_change_times`     |
+| recovery_codes          | `:recovery_codes`            | `has_many` | `RecoveryCode`           | `account_recovery_codes`            |
+| remember                | `:remember_key`              | `has_one`  | `RememberKey`            | `account_remember_keys`             |
+| reset_password          | `:password_reset_key`        | `has_one`  | `PasswordResetKey`       | `account_password_reset_keys`       |
+| single_session          | `:session_key`               | `has_one`  | `SessionKey`             | `account_session_keys`              |
+| sms_codes               | `:sms_code`                  | `has_one`  | `SmsCode`                | `account_sms_codes`                 |
+| verify_account          | `:verification_key`          | `has_one`  | `VerificationKey`        | `account_verification_keys`         |
+| verify_login_change     | `:login_change_key`          | `has_one`  | `LoginChangeKey`         | `account_login_change_keys`         |
+| webauthn                | `:webauthn_keys`             | `has_many` | `WebauthnKey`            | `account_webauthn_keys`             |
+| webauthn                | `:webauthn_user_id`          | `has_one`  | `WebauthnUserId`         | `account_webauthn_user_ids`         |
+By default, all associations except for audit logs have `dependent: :destroy`
+set, to allow for easy deletion of account records in the console. You can use
+`:association_options` to modify global or per-association options:
+```rb
+# don't auto-delete associations when account model is deleted
+Rodauth::Rails.model(association_options: { dependent: nil })
+# require authentication audit logs to be eager loaded before retrieval
+Rodauth::Rails.model(association_options: -> (name) {
+  { strict_loading: true } if name == :authentication_audit_logs
+})
+```
+Note that some Rodauth tables use composite primary keys, which Active Record
+doesn't support out of the box. For associations to work properly, you might
+need to add the [composite_primary_keys] gem to your Gemfile.
 ### Multiple configurations
 If you need to handle multiple types of accounts that require different
@@ -452,10 +591,6 @@ class RodauthApp < Rodauth::Rails::App
     prefix "/admin"
     session_key_prefix "admin_"
     remember_cookie_key "_admin_remember" # if using remember feature
-    # if you want separate tables
-    accounts_table :admin_accounts
-    password_hash_table :admin_account_password_hashes
     # ...
   end
@@ -464,7 +599,7 @@ class RodauthApp < Rodauth::Rails::App
     r.on "admin" do
       r.rodauth(:admin)
-      r.pass # allow the Rails app to handle other "/admin/*" requests
+      break # allow routing of other /admin/* requests to continue to Rails
     end
     # ...
@@ -478,6 +613,50 @@ Then in your application you can reference the secondary Rodauth instance:
 rodauth(:admin).login_path #=> "/admin/login"
 ```
+You'll likely want to save the information of which account belongs to which
+configuration to the database. One way would be to have a separate table that
+stores account types:
+```sh
+$ rails generate migration create_account_types
+```
+```rb
+# db/migrate/*_create_account_types.rb
+class CreateAccountTypes < ActiveRecord::Migration
+  def change
+    create_table :account_types do |t|
+      t.references :account, foreign_key: { on_delete: :cascade }, null: false
+      t.string :type, null: false
+    end
+  end
+end
+```
+```sh
+$ rails db:migrate
+```
+Then an entry would be inserted after account creation, and optionally whenever
+Rodauth retrieves accounts you could filter only those belonging to the current
+configuration:
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure(:admin) do
+    # ...
+    after_create_account do
+      db[:account_types].insert(account_id: account_id, type: "admin")
+    end
+    auth_class_eval do
+      def account_ds(*)
+        super.join(:account_types, account_id: :id).where(type: "admin")
+      end
+    end
+    # ...
+  end
+end
+```
 #### Named auth classes
 A `configure` block inside `Rodauth::Rails::App` will internally create an
@@ -596,24 +775,55 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
-### Rodauth instance
+### Outside of a request
-In some cases you might need to use Rodauth more programmatically, and perform
-Rodauth operations outside of the request context. rodauth-rails gives you the
-ability to retrieve the Rodauth instance:
+In some cases you might need to use Rodauth more programmatically. If you would
+like to perform Rodauth operations outside of request context, Rodauth ships
+with the [internal_request] feature just for that. The rodauth-rails gem
+additionally updates the internal rack env hash with your
+`config.action_mailer.default_url_options`, which is used for generating URLs.
+If you need to access Rodauth methods not exposed as internal requests, you can
+use `Rodauth::Rails.rodauth` to retrieve the Rodauth instance used by the
+internal_request feature:
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    enable :internal_request # this is required
+  end
+end
+```
 ```rb
-rodauth = Rodauth::Rails.rodauth # or Rodauth::Rails.rodauth(:admin)
+account = Account.find_by!(email: "user@example.com")
+rodauth = Rodauth::Rails.rodauth(account: account)
-rodauth.login_url #=> "https://example.com/login"
-rodauth.account_from_login("user@example.com") # loads user by email
-rodauth.password_match?("secret") #=> true
-rodauth.setup_account_verification
-rodauth.close_account
+rodauth.compute_hmac("token") #=> "TpEJTKfKwqYvIDKWsuZhkhKlhaBXtR1aodskBAflD8U"
+rodauth.open_account? #=> true
+rodauth.two_factor_authentication_setup? #=> true
+rodauth.password_meets_requirements?("foo") #=> false
+rodauth.locked_out? #=> false
 ```
-This Rodauth instance will be initialized with basic Rack env that allows it
-to generate URLs, using `config.action_mailer.default_url_options` options.
+In addition to the `:account` option, the `Rodauth::Rails.rodauth`
+method accepts any options supported by the internal_request feature.
+```rb
+Rodauth::Rails.rodauth(
+  env: { "HTTP_USER_AGENT" => "programmatic" },
+  session: { two_factor_auth_setup: true },
+  params: { "param" => "value" },
+  # ...
+)
+```
+Secondary Rodauth configurations are specified by passing the configuration
+name:
+```rb
+Rodauth::Rails.rodauth(:admin)
+```
 ## How it works
@@ -751,21 +961,23 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
-If you need Cross-Origin Resource Sharing and/or JWT refresh tokens, enable the
-corresponding Rodauth features and create the necessary tables:
+The JWT token will be returned after each request to Rodauth routes. To also
+return the JWT token on requests to your app's routes, you can add the
+following code to your base controller:
-```sh
-$ rails generate rodauth:migration jwt_refresh
-$ rails db:migrate
-```
 ```rb
-# app/lib/rodauth_app.rb
-class RodauthApp < Rodauth::Rails::App
-  configure do
-    # ...
-    enable :jwt, :jwt_cors, :jwt_refresh
-    # ...
+class ApplicationController < ActionController::Base
+  # ...
+  after_action :set_jwt_token
+  private
+  def set_jwt_token
+    if rodauth.use_jwt? && rodauth.valid_jwt?
+      response.headers["Authorization"] = rodauth.session_jwt
+    end
   end
+  # ...
 end
 ```
@@ -870,9 +1082,13 @@ class RodauthController < ApplicationController
       account.identities.create!(provider: auth["provider"], uid: auth["uid"], info: auth["info"])
     end
-    # login with Rodauth
+    # load the account into the rodauth instance
     rodauth.account_from_login(account.email)
-    rodauth.login("omniauth")
+    rodauth_response do # ensures any `after_action` callbacks get called
+      # sign in the loaded account
+      rodauth.login("omniauth")
+    end
   end
 end
 ```
@@ -1073,29 +1289,6 @@ Rails.application.configure do |config|
 end
 ```
-If you need to create an account record with a password directly, you can do it
-as follows:
-```rb
-# app/models/account.rb
-class Account < ApplicationRecord
-  has_one :password_hash, foreign_key: :id
-end
-```
-```rb
-# app/models/account/password_hash.rb
-class Account::PasswordHash < ApplicationRecord
-  belongs_to :account, foreign_key: :id
-end
-```
-```rb
-require "bcrypt"
-account = Account.create!(email: "user@example.com", status: "verified")
-password_hash = BCrypt::Password.create("secret", cost: BCrypt::Engine::MIN_COST)
-account.create_password_hash!(id: account.id, password_hash: password_hash)
-```
 ## Rodauth defaults
 rodauth-rails changes some of the default Rodauth settings for easier setup:
@@ -1176,6 +1369,18 @@ configure do
 end
 ```
+### Deadline values
+To simplify changes to the database schema, rodauth-rails configures Rodauth
+to set deadline values for various features in Ruby, instead of relying on
+the database to set default column values.
+You can easily change this back:
+```rb
+set_deadline_values? false
+```
 ## License
 The gem is available as open source under the terms of the [MIT
@@ -1217,3 +1422,4 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [single_session]: http://rodauth.jeremyevans.net/rdoc/files/doc/single_session_rdoc.html
 [account_expiration]: http://rodauth.jeremyevans.net/rdoc/files/doc/account_expiration_rdoc.html
 [simple_ldap_authenticator]: https://github.com/jeremyevans/simple_ldap_authenticator
+[internal_request]: http://rodauth.jeremyevans.net/rdoc/files/doc/internal_request_rdoc.html

data/lib/generators/rodauth/templates/app/lib/rodauth_app.rb CHANGED Viewed

@@ -154,11 +154,15 @@ class RodauthApp < Rodauth::Rails::App
 <% end -%>
   end
-  # ==> Multiple configurations
+  # ==> Secondary configurations
   # configure(:admin) do
-  #   enable :http_basic_auth # enable different set of features
+  #   # ... enable features ...
   #   prefix "/admin"
   #   session_key_prefix "admin_"
+  #   # remember_cookie_key "_admin_remember" # if using remember feature
+  #
+  #   # search views in `app/views/admin/rodauth` directory
+  #   rails_controller { Admin::RodauthController }
   # end
   route do |r|
@@ -180,7 +184,7 @@ class RodauthApp < Rodauth::Rails::App
     #   rodauth.require_authentication
     # end
-    # ==> Multiple configurations
+    # ==> Secondary configurations
     # r.on "admin" do
     #   r.rodauth(:admin)
     #
@@ -188,7 +192,7 @@ class RodauthApp < Rodauth::Rails::App
     #     rodauth(:admin).require_http_basic_auth
     #   end
     #
-    #   r.pass # allow the Rails app to handle other "/admin/*" requests
+    #   break # allow the Rails app to handle other "/admin/*" requests
     # end
   end
 end

data/lib/generators/rodauth/templates/app/models/account.rb CHANGED Viewed

@@ -1,2 +1,3 @@
 class Account < ApplicationRecord
+  include Rodauth::Rails.model
 end

data/lib/generators/rodauth/templates/app/views/rodauth/_email_auth_request_form.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<%%= form_tag rodauth.email_auth_request_path, method: :post do %>
+<%%= form_tag <%= rodauth %>.email_auth_request_path, method: :post do %>
   <%%= render "login_hidden_field" %>
   <%%= render "submit", value: "Send Login Link Via Email" %>
 <%% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/_field.html.erb CHANGED Viewed

@@ -4,7 +4,7 @@
   autocomplete: local_assigns[:autocomplete],
   inputmode: local_assigns[:inputmode],
   required: local_assigns[:required] != false,
-  class: "#{local_assigns[:class] || "form-control"} #{"is-invalid" if rodauth.field_error(name)}",
-  aria: ({ invalid: "true", describedby: "#{name}_error_message" } if rodauth.field_error(name)) %>
+  class: "#{local_assigns[:class] || "form-control"} #{"is-invalid" if <%= rodauth %>.field_error(name)}",
+  aria: ({ invalid: "true", describedby: "#{name}_error_message" } if <%= rodauth %>.field_error(name)) %>
 <%%= render "field_error", name: name unless local_assigns[:skip_error_message] %>

data/lib/generators/rodauth/templates/app/views/rodauth/_field_error.html.erb CHANGED Viewed

@@ -1,3 +1,3 @@
-<%% if rodauth.field_error(name) %>
-  <div class="invalid-feedback" id="<%%= name %>_error_message"><%%= rodauth.field_error(name) %></div>
+<%% if <%= rodauth %>.field_error(name) %>
+  <div class="invalid-feedback" id="<%%= name %>_error_message"><%%= <%= rodauth %>.field_error(name) %></div>
 <%% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/_global_logout_field.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <div class="form-group mb-3">
   <div class="form-check">
-    <%%= check_box_tag rodauth.global_logout_param, "t", false, id: "global-logout", class: "form-check-input" %>
+    <%%= check_box_tag <%= rodauth %>.global_logout_param, "t", false, id: "global-logout", class: "form-check-input" %>
     <%%= label_tag "global-logout", "Logout all Logged In Sessons?", class: "form-check-label" %>
   </div>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_confirm_field.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
 <div class="form-group mb-3">
   <%%= label_tag "login-confirm", "Confirm Login", class: "form-label" %>
-  <%%= render "field", name: rodauth.login_confirm_param, id: "login-confirm", type: :email, autocomplete: "email" %>
+  <%%= render "field", name: <%= rodauth %>.login_confirm_param, id: "login-confirm", type: :email, autocomplete: "email" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_display.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
 <div class="form-group mb-3">
   <%%= label_tag "login", "Login", class: "form-label" %>
-  <%%= email_field_tag rodauth.login_param, params[rodauth.login_param], id: "login", readonly: true, class: "form-control-plaintext" %>
+  <%%= email_field_tag <%= rodauth %>.login_param, params[<%= rodauth %>.login_param], id: "login", readonly: true, class: "form-control-plaintext" %>
 </div>