rodauth-rails 0.12.0 → 0.16.0

data/lib/rodauth/rails/controller_methods.rb

@@ -4,13 +4,55 @@ module Rodauth
       def self.included(controller)
         # ActionController::API doesn't have helper methods
         if controller.respond_to?(:helper_method)
-          controller.helper_method :rodauth
+          controller.helper_method :rodauth, :current_account
         end
       end
 
       def rodauth(name = nil)
         request.env.fetch ["rodauth", *name].join(".")
       end
+
+      def current_account(name = nil)
+        table = rodauth(name).accounts_table
+        model = table.to_s.classify.constantize
+        id = rodauth(name).session_value
+
+        @current_account ||= {}
+        @current_account[name] ||= fetch_account(model, id) do
+          rodauth(name).clear_session
+          rodauth(name).login_required
+        end
+      end
+
+      private
+
+      def fetch_account(model, id, &not_found)
+        if defined?(ActiveRecord::Base) && model < ActiveRecord::Base
+          begin
+            model.find(id)
+          rescue ActiveRecord::RecordNotFound
+            not_found.call
+          end
+        elsif model < Sequel::Model
+          begin
+            model.with_pk!(id)
+          rescue Sequel::NoMatchingRow
+            not_found.call
+          end
+        else
+          fail Error, "unsupported model type: #{model}"
+        end
+      end
+
+      def rodauth_response
+        res = catch(:halt) { return yield }
+
+        self.status = res[0]
+        self.headers.merge! res[1]
+        self.response_body = res[2]
+
+        res
+      end
     end
   end
 end

data/lib/rodauth/rails/feature/base.rb

@@ -22,6 +22,14 @@ module Rodauth
           rails_controller_instance.instance_exec(&block)
         end
 
+        def rails_controller
+          if only_json? && Rodauth::Rails.api_only?
+            ActionController::API
+          else
+            ActionController::Base
+          end
+        end
+
         delegate :rails_routes, :rails_request, to: :scope
 
         private
@@ -48,14 +56,6 @@ module Rodauth
         def rails_api_controller?
           defined?(ActionController::API) && rails_controller <= ActionController::API
         end
-
-        def rails_controller
-          if only_json? && Rodauth::Rails.api_only?
-            ActionController::API
-          else
-            ActionController::Base
-          end
-        end
       end
     end
   end

data/lib/rodauth/rails/feature/callbacks.rb

@@ -4,13 +4,17 @@ module Rodauth
       module Callbacks
         private
 
+        def _around_rodauth
+          rails_controller_around { super }
+        end
+
         # Runs controller callbacks and rescue handlers around Rodauth actions.
-        def _around_rodauth(&block)
+        def rails_controller_around
           result = nil
 
           rails_controller_rescue do
             rails_controller_callbacks do
-              result = catch(:halt) { super(&block) }
+              result = catch(:halt) { yield }
             end
           end
 

data/lib/rodauth/rails/feature/internal_request.rb

@@ -0,0 +1,50 @@
+module Rodauth
+  module Rails
+    module Feature
+      module InternalRequest
+        def post_configure
+          super
+          return unless internal_request?
+
+          self.class.define_singleton_method(:internal_request) do |route, opts = {}, &blk|
+            url_options = ::Rails.application.config.action_mailer.default_url_options || {}
+
+            scheme = url_options[:protocol]
+            port = url_options[:port]
+            port||= Rack::Request::DEFAULT_PORTS[scheme] if Rack.release < "2"
+            host = url_options[:host]
+            host_with_port = host && port ? "#{host}:#{port}" : host
+
+            env = {
+              "HTTP_HOST" => host_with_port,
+              "rack.url_scheme" => scheme,
+              "SERVER_NAME" => host,
+              "SERVER_PORT" => port,
+            }.compact
+
+            opts = opts.merge(env: env) { |k, v1, v2| v2.merge(v1) }
+
+            super(route, opts, &blk)
+          end
+        end
+
+        private
+
+        def rails_controller_around
+          return yield if internal_request?
+          super
+        end
+
+        def rails_instrument_request
+          return yield if internal_request?
+          super
+        end
+
+        def rails_instrument_redirection
+          return yield if internal_request?
+          super
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/render.rb

@@ -35,6 +35,13 @@ module Rodauth
         rescue ActionView::MissingTemplate
           nil
         end
+
+        # Only look up template formats that the current request is accepting.
+        def _rails_controller_instance
+          controller = super
+          controller.formats = rails_request.formats.map(&:ref).compact
+          controller
+        end
       end
     end
   end

data/lib/rodauth/rails/feature.rb

@@ -10,6 +10,7 @@ module Rodauth
     require "rodauth/rails/feature/render"
     require "rodauth/rails/feature/email"
     require "rodauth/rails/feature/instrumentation"
+    require "rodauth/rails/feature/internal_request"
 
     include Rodauth::Rails::Feature::Base
     include Rodauth::Rails::Feature::Callbacks
@@ -17,5 +18,6 @@ module Rodauth
     include Rodauth::Rails::Feature::Render
     include Rodauth::Rails::Feature::Email
     include Rodauth::Rails::Feature::Instrumentation
+    include Rodauth::Rails::Feature::InternalRequest
   end
 end

data/lib/rodauth/rails/model/associations.rb

@@ -0,0 +1,195 @@
+module Rodauth
+  module Rails
+    class Model
+      class Associations
+        attr_reader :rodauth
+
+        def self.call(rodauth)
+          new(rodauth).call
+        end
+
+        def initialize(rodauth)
+          @rodauth = rodauth
+        end
+
+        def call
+          rodauth.features
+            .select { |feature| respond_to?(feature, true) }
+            .flat_map { |feature| send(feature) }
+        end
+
+        private
+
+        def remember
+          {
+            name: :remember_key,
+            type: :has_one,
+            table: rodauth.remember_table,
+            foreign_key: rodauth.remember_id_column,
+          }
+        end
+
+        def verify_account
+          {
+            name: :verification_key,
+            type: :has_one,
+            table: rodauth.verify_account_table,
+            foreign_key: rodauth.verify_account_id_column,
+          }
+        end
+
+        def reset_password
+          {
+            name: :password_reset_key,
+            type: :has_one,
+            table: rodauth.reset_password_table,
+            foreign_key: rodauth.reset_password_id_column,
+          }
+        end
+
+        def verify_login_change
+          {
+            name: :login_change_key,
+            type: :has_one,
+            table: rodauth.verify_login_change_table,
+            foreign_key: rodauth.verify_login_change_id_column,
+          }
+        end
+
+        def lockout
+          [
+            {
+              name: :lockout,
+              type: :has_one,
+              table: rodauth.account_lockouts_table,
+              foreign_key: rodauth.account_lockouts_id_column,
+            },
+            {
+              name: :login_failure,
+              type: :has_one,
+              table: rodauth.account_login_failures_table,
+              foreign_key: rodauth.account_login_failures_id_column,
+            }
+          ]
+        end
+
+        def email_auth
+          {
+            name: :email_auth_key,
+            type: :has_one,
+            table: rodauth.email_auth_table,
+            foreign_key: rodauth.email_auth_id_column,
+          }
+        end
+
+        def account_expiration
+          {
+            name: :activity_time,
+            type: :has_one,
+            table: rodauth.account_activity_table,
+            foreign_key: rodauth.account_activity_id_column,
+          }
+        end
+
+        def active_sessions
+          {
+            name: :active_session_keys,
+            type: :has_many,
+            table: rodauth.active_sessions_table,
+            foreign_key: rodauth.active_sessions_account_id_column,
+          }
+        end
+
+        def audit_logging
+          {
+            name: :authentication_audit_logs,
+            type: :has_many,
+            table: rodauth.audit_logging_table,
+            foreign_key: rodauth.audit_logging_account_id_column,
+            dependent: nil,
+          }
+        end
+
+        def disallow_password_reuse
+          {
+            name: :previous_password_hashes,
+            type: :has_many,
+            table: rodauth.previous_password_hash_table,
+            foreign_key: rodauth.previous_password_account_id_column,
+          }
+        end
+
+        def jwt_refresh
+          {
+            name: :jwt_refresh_keys,
+            type: :has_many,
+            table: rodauth.jwt_refresh_token_table,
+            foreign_key: rodauth.jwt_refresh_token_account_id_column,
+          }
+        end
+
+        def password_expiration
+          {
+            name: :password_change_time,
+            type: :has_one,
+            table: rodauth.password_expiration_table,
+            foreign_key: rodauth.password_expiration_id_column,
+          }
+        end
+
+        def single_session
+          {
+            name: :session_key,
+            type: :has_one,
+            table: rodauth.single_session_table,
+            foreign_key: rodauth.single_session_id_column,
+          }
+        end
+
+        def otp
+          {
+            name: :otp_key,
+            type: :has_one,
+            table: rodauth.otp_keys_table,
+            foreign_key: rodauth.otp_keys_id_column,
+          }
+        end
+
+        def sms_codes
+          {
+            name: :sms_code,
+            type: :has_one,
+            table: rodauth.sms_codes_table,
+            foreign_key: rodauth.sms_id_column,
+          }
+        end
+
+        def recovery_codes
+          {
+            name: :recovery_codes,
+            type: :has_many,
+            table: rodauth.recovery_codes_table,
+            foreign_key: rodauth.recovery_codes_id_column,
+          }
+        end
+
+        def webauthn
+          [
+            {
+              name: :webauthn_user_id,
+              type: :has_one,
+              table: rodauth.webauthn_user_ids_table,
+              foreign_key: rodauth.webauthn_user_ids_account_id_column,
+            },
+            {
+              name: :webauthn_keys,
+              type: :has_many,
+              table: rodauth.webauthn_keys_table,
+              foreign_key: rodauth.webauthn_keys_account_id_column,
+            }
+          ]
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/model.rb

@@ -0,0 +1,101 @@
+module Rodauth
+  module Rails
+    class Model < Module
+      require "rodauth/rails/model/associations"
+
+      def initialize(auth_class, association_options: {})
+        @auth_class = auth_class
+        @association_options = association_options
+
+        define_methods
+      end
+
+      def included(model)
+        fail Rodauth::Rails::Error, "must be an Active Record model" unless model < ActiveRecord::Base
+
+        define_associations(model)
+      end
+
+      private
+
+      def define_methods
+        rodauth = @auth_class.allocate.freeze
+
+        attr_reader :password
+
+        define_method(:password=) do |password|
+          @password = password
+          password_hash = rodauth.send(:password_hash, password) if password
+          set_password_hash(password_hash)
+        end
+
+        define_method(:set_password_hash) do |password_hash|
+          if rodauth.account_password_hash_column
+            public_send(:"#{rodauth.account_password_hash_column}=", password_hash)
+          else
+            if password_hash
+              record = self.password_hash || build_password_hash
+              record.public_send(:"#{rodauth.password_hash_column}=", password_hash)
+            else
+              self.password_hash&.mark_for_destruction
+            end
+          end
+        end
+      end
+
+      def define_associations(model)
+        define_password_hash_association(model) unless rodauth.account_password_hash_column
+
+        feature_associations.each do |association|
+          define_association(model, **association)
+        end
+      end
+
+      def define_password_hash_association(model)
+        password_hash_id_column = rodauth.password_hash_id_column
+        scope = -> { select(password_hash_id_column) } if rodauth.send(:use_database_authentication_functions?)
+
+        define_association model,
+          type: :has_one,
+          name: :password_hash,
+          table: rodauth.password_hash_table,
+          foreign_key: password_hash_id_column,
+          scope: scope,
+          autosave: true
+      end
+
+      def define_association(model, type:, name:, table:, foreign_key:, scope: nil, **options)
+        associated_model = Class.new(model.superclass)
+        associated_model.table_name = table
+        associated_model.belongs_to :account,
+          class_name: model.name,
+          foreign_key: foreign_key,
+          inverse_of: name
+
+        model.const_set(name.to_s.singularize.camelize, associated_model)
+
+        model.public_send type, name, scope,
+          class_name: associated_model.name,
+          foreign_key: foreign_key,
+          dependent: :destroy,
+          inverse_of: :account,
+          **options,
+          **association_options(name)
+      end
+
+      def feature_associations
+        Rodauth::Rails::Model::Associations.call(rodauth)
+      end
+
+      def association_options(name)
+        options = @association_options
+        options = options.call(name) if options.respond_to?(:call)
+        options || {}
+      end
+
+      def rodauth
+        @auth_class.allocate
+      end
+    end
+  end
+end

data/lib/rodauth/rails/tasks.rake

@@ -4,15 +4,15 @@ namespace :rodauth do
 
     puts "Routes handled by #{app}:"
 
-    app.opts[:rodauths].each_key do |rodauth_name|
-      rodauth = Rodauth::Rails.rodauth(rodauth_name)
+    app.opts[:rodauths].each do |configuration_name, auth_class|
+      auth_class.configure { enable :path_class_methods }
 
-      routes = rodauth.class.routes.map do |handle_method|
+      routes = auth_class.routes.map do |handle_method|
         path_method = "#{handle_method.to_s.sub(/\Ahandle_/, "")}_path"
 
         [
-          rodauth.public_send(path_method),
-          "rodauth#{rodauth_name && "(:#{rodauth_name})"}.#{path_method}",
+          auth_class.public_send(path_method),
+          "rodauth#{configuration_name && "(:#{configuration_name})"}.#{path_method}",
         ]
       end
 

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.12.0"
+    VERSION = "0.16.0"
   end
 end

data/lib/rodauth/rails.rb

@@ -9,28 +9,45 @@ module Rodauth
     # This allows the developer to avoid loading Rodauth at boot time.
     autoload :App, "rodauth/rails/app"
     autoload :Auth, "rodauth/rails/auth"
+    autoload :Model, "rodauth/rails/model"
 
     @app = nil
     @middleware = true
 
+    LOCK = Mutex.new
+
     class << self
-      def rodauth(name = nil)
-        url_options = ActionMailer::Base.default_url_options
+      def rodauth(name = nil, query: nil, form: nil, account: nil, **options)
+        auth_class = app.rodauth(name)
 
-        scheme   = url_options[:protocol] || "http"
-        port     = url_options[:port]
-        port   ||= Rack::Request::DEFAULT_PORTS[scheme] if Gem::Version.new(Rack.release) < Gem::Version.new("2.0")
-        host     = url_options[:host]
-        host    += ":#{port}" if port
+        unless auth_class
+          fail ArgumentError, "undefined rodauth configuration: #{name.inspect}"
+        end
 
-        rack_env = {
-          "HTTP_HOST"       => host,
-          "rack.url_scheme" => scheme,
-        }
+        LOCK.synchronize do
+          unless auth_class.features.include?(:internal_request)
+            auth_class.configure { enable :internal_request }
+            warn "Rodauth::Rails.rodauth requires the internal_request feature to be enabled. For now it was enabled automatically, but this behaviour will be removed in version 1.0."
+          end
+        end
+
+        if query || form
+          warn "The :query and :form keyword arguments for Rodauth::Rails.rodauth have been deprecated. Please use the :params argument supported by internal_request feature instead."
+          options[:params] = query || form
+        end
 
-        scope = app.new(rack_env)
+        if account
+          options[:account_id] = account.id
+        end
+
+        auth_class.internal_request_eval(options) do
+          @account = account.attributes.symbolize_keys if account
+          self
+        end
+      end
 
-        scope.rodauth(name)
+      def model(name = nil, **options)
+        Rodauth::Rails::Model.new(app.rodauth(name), **options)
       end
 
       # routing constraint that requires authentication

data/rodauth-rails.gemspec

@@ -17,10 +17,13 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 4.2", "< 7"
-  spec.add_dependency "rodauth", "~> 2.11"
+  spec.add_dependency "rodauth", "~> 2.15"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"
 
   spec.add_development_dependency "jwt"
+  spec.add_development_dependency "rotp"
+  spec.add_development_dependency "rqrcode"
+  spec.add_development_dependency "webauthn" unless RUBY_ENGINE == "jruby"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.12.0
+  version: 0.16.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-15 00:00:00.000000000 Z
+date: 2021-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -36,14 +36,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.11'
+        version: '2.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.11'
+        version: '2.15'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
@@ -100,6 +100,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rqrcode
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webauthn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Provides Rails integration for Rodauth.
 email:
 - janko.marohnic@gmail.com
@@ -212,8 +254,11 @@ files:
 - lib/rodauth/rails/feature/csrf.rb
 - lib/rodauth/rails/feature/email.rb
 - lib/rodauth/rails/feature/instrumentation.rb
+- lib/rodauth/rails/feature/internal_request.rb
 - lib/rodauth/rails/feature/render.rb
 - lib/rodauth/rails/middleware.rb
+- lib/rodauth/rails/model.rb
+- lib/rodauth/rails/model/associations.rb
 - lib/rodauth/rails/railtie.rb
 - lib/rodauth/rails/tasks.rake
 - lib/rodauth/rails/version.rb
@@ -237,7 +282,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.15
 signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.