RubyGems - rodauth-rails - Versions diffs - 0.13.0 → 0.17.0 - Mend

rodauth-rails 0.13.0 → 0.17.0

Files changed (71) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc8ee44d094627dcacd9d9b7f5da1eb165cff1af209f079b667e0f04e9540b30
-  data.tar.gz: f179e4eaea99d04ff6ff71c6357cdf75a19991645c9904ab6373c03b5dcd1a16
+  metadata.gz: 1539e5f70a8cefa3c40e06b5b177152e4772f099deb11a077f07f59529622a62
+  data.tar.gz: 67c9a6829f8a9c45708cb1ab0781a2eebe1998d5f31f66b26d5c7f58cb37cdf8
 SHA512:
-  metadata.gz: 78c28c13751abb439179813948bf665cd040444171998e42ecdb4cb42f698097731f4c073b7595d083ba5825a9989940deee052771fb5f76f93bd333e94af500
-  data.tar.gz: eb3a04ae6333dc471fd7fbdb264527a359893fb100d7833bab3545f7d91e213bfc8a2daa562ffc22f531073f39f4bee3de893bffd87201b3e57d1dce99c97320
+  metadata.gz: bf1f132504de2266dc4ef7f71ffdd630e348119f6681f84288aeb6ba24481336948c78183d4fa7e90100dedc85e04c4bb98f915de3ecf156630d523d91d74c00
+  data.tar.gz: e1858507c3ee9a2855e04fa67957859f41347adbf448793b8cebe263a0bd95517ef913b4132470a31609be9741ff73e4769309df5924f19b0db0503a1a25fa2a

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,43 @@
+## 0.17.0 (2021-10-05)
+* Set `delete_account_on_close?` to `true` in generated `rodauth_app.rb` (@janko)
+* Change default `:dependent` option for associations to `:delete`/`:delete_all` (@janko)
+* Add `rails_account_model` configuration method for when the account model cannot be inferred (@janko)
+## 0.16.0 (2021-09-26)
+* Add `#current_account` to methods defined on `ActionController::Base` (@janko)
+* Add missing template for verify_login_change feature to `rodauth:views` generator (@janko)
+* Add `#rodauth_response` controller method for converting rodauth responses into controller responses (@janko)
+## 0.15.0 (2021-07-29)
+* Add `Rodauth::Rails::Model` mixin that defines password attribute and associations on the model (@janko)
+* Add support for the new internal_request feature (@janko)
+* Implement `Rodauth::Rails.rodauth` in terms of the internal_request feature (@janko)
+## 0.14.0 (2021-07-10)
+* Speed up template rendering by only searching formats accepted by the request (@janko)
+* Add `--name` option to `rodauth:views` generator for specifying different rodauth configuration (@janko)
+* Infer correct template path from configured controller in `rodauth:views` generator (@janko)
+* Raise `ArgumentError` if undefined rodauth configuration is passed to `Rodauth::Rails.app` (@janko)
+* Make `#rails_controller` method on the rodauth instance public (@janko)
+* Remove `--directory` option from `rodauth:views` generator (@janko)
+* Remove `#features` and `#routes` writer and `#configuration` reader from `Rodauth::Rails::Auth` (@janko)
 ## 0.13.0 (2021-06-10)
 * Add `:query`, `:form`, `:session`, `:account`, and `:env` options to `Rodauth::Rails.rodauth` (@janko)

data/README.md CHANGED Viewed

@@ -49,7 +49,7 @@ For instructions on upgrading from previous rodauth-rails versions, see
 Add the gem to your Gemfile:
 ```rb
-gem "rodauth-rails", "~> 0.13"
+gem "rodauth-rails", "~> 0.17"
 # gem "jwt",      require: false # for JWT feature
 # gem "rotp",     require: false # for OTP feature
@@ -142,31 +142,36 @@ end
 ### Current account
-To be able to fetch currently authenticated account, you can define a
-`#current_account` method that fetches the account id from session and
-retrieves the corresponding account record:
+The `#current_account` method is defined in controllers and views, which
+returns the model instance of the currently logged in account.
 ```rb
-# app/controllers/application_controller.rb
-class ApplicationController < ActionController::Base
-  before_action :current_account, if: -> { rodauth.logged_in? }
+current_account #=> #<Account id=123 email="user@example.com">
+current_account.email #=> "user@example.com"
+```
-  private
+If the account doesn't exist in the database, the session will be cleared and
+login required.
-  def current_account
-    @current_account ||= Account.find(rodauth.session_value)
-  rescue ActiveRecord::RecordNotFound
-    rodauth.logout
-    rodauth.login_required
-  end
-  helper_method :current_account # skip if inheriting from ActionController::API
-end
+Pass the configuration name to retrieve accounts belonging to other Rodauth
+configurations:
+```rb
+current_account(:admin)
 ```
-This allows you to access the current account in controllers and views:
+The `#current_account` method will try to infer the account model class from
+the configured table name. If that fails, you can set the account model
+manually:
-```erb
-<p>Authenticated as: <%= current_account.email %></p>
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    # ...
+    rails_account_model Authentication::Account # custom model name
+  end
+end
 ```
 ### Requiring authentication
@@ -278,8 +283,8 @@ $ rails generate rodauth:views
 ```
 This will generate views for the default set of Rodauth features into the
-`app/views/rodauth` directory, which will be automatically picked up by the
-`RodauthController`.
+`app/views/rodauth` directory, provided that `RodauthController` is set for the
+main configuration.
 You can pass a list of Rodauth features to the generator to create views for
 these features (this will not remove or overwrite any existing views):
@@ -294,12 +299,10 @@ Or you can generate views for all features:
 $ rails generate rodauth:views --all
 ```
-You can also tell the generator to create views into another directory (in this
-case make sure to rename the Rodauth controller accordingly):
+Use `--name` to generate views for a different Rodauth configuration:
 ```sh
-# generates views into app/views/authentication
-$ rails generate rodauth:views --name authentication
+$ rails generate rodauth:views --name admin
 ```
 #### Layout
@@ -392,14 +395,48 @@ end
 This configuration calls `#deliver_later`, which uses Active Job to deliver
 emails in a background job. It's generally recommended to send emails
 asynchronously for better request throughput and the ability to retry
-deliveries. However, if you want to send emails synchronously, modify the
-configuration to call `#deliver_now` instead.
+deliveries. However, if you want to send emails synchronously, you can modify
+the configuration to call `#deliver_now` instead.
 If you're using a background processing library without an Active Job adapter,
 or a 3rd-party service for sending transactional emails, this two-phase API
 might not be suitable. In this case, instead of overriding `#create_*_email`
 and `#send_email`, override the `#send_*_email` methods instead, which are
-required to send the email immediately.
+required to send the email immediately. For example:
+```rb
+# app/workers/rodauth_mailer_worker.rb
+class RodauthMailerWorker
+  include Sidekiq::Worker
+  def perform(name, *args)
+    email = RodauthMailer.public_send(name, *args)
+    email.deliver_now
+  end
+end
+```
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    # ...
+    # use `#send_*_email` method to be able to immediately enqueue email delivery
+    send_reset_password_email do
+      enqueue_email(:reset_password, email_to, reset_password_email_link)
+    end
+    # ...
+    auth_class_eval do
+      # custom method for enqueuing email delivery using our worker
+      def enqueue_email(name, *args)
+        db.after_commit do
+          RodauthMailerWorker.perform_async(name, *args)
+        end
+      end
+    end
+    # ...
+  end
+end
+```
 ### Migrations
@@ -421,6 +458,134 @@ class CreateRodauthOtpSmsCodesRecoveryCodes < ActiveRecord::Migration
 end
 ```
+### Model
+The `Rodauth::Rails::Model` mixin can be included into the account model, which
+defines a password attribute and associations for tables used by enabled
+authentication features.
+```rb
+class Account < ApplicationRecord
+  include Rodauth::Rails.model # or `Rodauth::Rails.model(:admin)`
+end
+```
+#### Password attribute
+Regardless of whether you're storing the password hash in a column in the
+accounts table, or in a separate table, the `#password` attribute can be used
+to set or clear the password hash.
+```rb
+account = Account.create!(email: "user@example.com", password: "secret")
+# when password hash is stored in a column on the accounts table
+account.password_hash #=> "$2a$12$k/Ub1I2iomi84RacqY89Hu4.M0vK7klRnRtzorDyvOkVI.hKhkNw."
+# when password hash is stored in a separate table
+account.password_hash #=> #<Account::PasswordHash...> (record from `account_password_hashes` table)
+account.password_hash.password_hash #=> "$2a$12$k/Ub1..." (inaccessible when using database authentication functions)
+account.password = nil # clears password hash
+account.password_hash #=> nil
+```
+Note that the password attribute doesn't come with validations, making it
+unsuitable for forms. It was primarily intended to allow easily creating
+accounts in development console and in tests.
+#### Associations
+The `Rodauth::Rails::Model` mixin defines associations for Rodauth tables
+associated to the accounts table:
+```rb
+account.remember_key #=> #<Account::RememberKey> (record from `account_remember_keys` table)
+account.active_session_keys #=> [#<Account::ActiveSessionKey>,...] (records from `account_active_session_keys` table)
+```
+You can also reference the associated models directly:
+```rb
+# model referencing the `account_authentication_audit_logs` table
+Account::AuthenticationAuditLog.where(message: "login").group(:account_id)
+```
+The associated models define the inverse `belongs_to :account` association:
+```rb
+Account::ActiveSessionKey.includes(:account).map(&:account)
+```
+Here is an example of using associations to create a method that returns
+whether the account has multifactor authentication enabled:
+```rb
+class Account < ApplicationRecord
+  include Rodauth::Rails.model
+  def mfa_enabled?
+    otp_key || (sms_code && sms_code.num_failures.nil?) || recovery_codes.any?
+  end
+end
+```
+Here is another example of creating a query scope that selects accounts with
+multifactor authentication enabled:
+```rb
+class Account < ApplicationRecord
+  include Rodauth::Rails.model
+  scope :otp_setup, -> { where(otp_key: OtpKey.all) }
+  scope :sms_codes_setup, -> { where(sms_code: SmsCode.where(num_failures: nil)) }
+  scope :recovery_codes_setup, -> { where(recovery_codes: RecoveryCode.all) }
+  scope :mfa_enabled, -> { merge(otp_setup.or(sms_codes_setup).or(recovery_codes_setup)) }
+end
+```
+Below is a list of all associations defined depending on the features loaded:
+| Feature                 | Association                  | Type       | Model                    | Table (default)                     |
+| :------                 | :----------                  | :---       | :----                    | :----                               |
+| account_expiration      | `:activity_time`             | `has_one`  | `ActivityTime`           | `account_activity_times`            |
+| active_sessions         | `:active_session_keys`       | `has_many` | `ActiveSessionKey`       | `account_active_session_keys`       |
+| audit_logging           | `:authentication_audit_logs` | `has_many` | `AuthenticationAuditLog` | `account_authentication_audit_logs` |
+| disallow_password_reuse | `:previous_password_hashes`  | `has_many` | `PreviousPasswordHash`   | `account_previous_password_hashes`  |
+| email_auth              | `:email_auth_key`            | `has_one`  | `EmailAuthKey`           | `account_email_auth_keys`           |
+| jwt_refresh             | `:jwt_refresh_keys`          | `has_many` | `JwtRefreshKey`          | `account_jwt_refresh_keys`          |
+| lockout                 | `:lockout`                   | `has_one`  | `Lockout`                | `account_lockouts`                  |
+| lockout                 | `:login_failure`             | `has_one`  | `LoginFailure`           | `account_login_failures`            |
+| otp                     | `:otp_key`                   | `has_one`  | `OtpKey`                 | `account_otp_keys`                  |
+| password_expiration     | `:password_change_time`      | `has_one`  | `PasswordChangeTime`     | `account_password_change_times`     |
+| recovery_codes          | `:recovery_codes`            | `has_many` | `RecoveryCode`           | `account_recovery_codes`            |
+| remember                | `:remember_key`              | `has_one`  | `RememberKey`            | `account_remember_keys`             |
+| reset_password          | `:password_reset_key`        | `has_one`  | `PasswordResetKey`       | `account_password_reset_keys`       |
+| single_session          | `:session_key`               | `has_one`  | `SessionKey`             | `account_session_keys`              |
+| sms_codes               | `:sms_code`                  | `has_one`  | `SmsCode`                | `account_sms_codes`                 |
+| verify_account          | `:verification_key`          | `has_one`  | `VerificationKey`        | `account_verification_keys`         |
+| verify_login_change     | `:login_change_key`          | `has_one`  | `LoginChangeKey`         | `account_login_change_keys`         |
+| webauthn                | `:webauthn_keys`             | `has_many` | `WebauthnKey`            | `account_webauthn_keys`             |
+| webauthn                | `:webauthn_user_id`          | `has_one`  | `WebauthnUserId`         | `account_webauthn_user_ids`         |
+By default, all associations except for audit logs have `dependent: :destroy`
+set, to allow for easy deletion of account records in the console. You can use
+`:association_options` to modify global or per-association options:
+```rb
+# don't auto-delete associations when account model is deleted
+Rodauth::Rails.model(association_options: { dependent: nil })
+# require authentication audit logs to be eager loaded before retrieval
+Rodauth::Rails.model(association_options: -> (name) {
+  { strict_loading: true } if name == :authentication_audit_logs
+})
+```
+Note that some Rodauth tables use composite primary keys, which Active Record
+doesn't support out of the box. For associations to work properly, you might
+need to add the [composite_primary_keys] gem to your Gemfile.
 ### Multiple configurations
 If you need to handle multiple types of accounts that require different
@@ -440,10 +605,6 @@ class RodauthApp < Rodauth::Rails::App
     prefix "/admin"
     session_key_prefix "admin_"
     remember_cookie_key "_admin_remember" # if using remember feature
-    # if you want separate tables
-    accounts_table :admin_accounts
-    password_hash_table :admin_account_password_hashes
     # ...
   end
@@ -466,6 +627,50 @@ Then in your application you can reference the secondary Rodauth instance:
 rodauth(:admin).login_path #=> "/admin/login"
 ```
+You'll likely want to save the information of which account belongs to which
+configuration to the database. One way would be to have a separate table that
+stores account types:
+```sh
+$ rails generate migration create_account_types
+```
+```rb
+# db/migrate/*_create_account_types.rb
+class CreateAccountTypes < ActiveRecord::Migration
+  def change
+    create_table :account_types do |t|
+      t.references :account, foreign_key: { on_delete: :cascade }, null: false
+      t.string :type, null: false
+    end
+  end
+end
+```
+```sh
+$ rails db:migrate
+```
+Then an entry would be inserted after account creation, and optionally whenever
+Rodauth retrieves accounts you could filter only those belonging to the current
+configuration:
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure(:admin) do
+    # ...
+    after_create_account do
+      db[:account_types].insert(account_id: account_id, type: "admin")
+    end
+    auth_class_eval do
+      def account_ds(*)
+        super.join(:account_types, account_id: :id).where(type: "admin")
+      end
+    end
+    # ...
+  end
+end
+```
 #### Named auth classes
 A `configure` block inside `Rodauth::Rails::App` will internally create an
@@ -584,37 +789,88 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
-### Rodauth instance
+### Outside of a request
-In some cases you might need to use Rodauth more programmatically, and perform
-Rodauth operations outside of the request context. rodauth-rails gives you a
-helper method for building a Rodauth instance:
+In some cases you might need to use Rodauth more programmatically. If you want
+to perform authentication operations outside of request context, Rodauth ships
+with the [internal_request] feature just for that.
 ```rb
-rodauth = Rodauth::Rails.rodauth # or Rodauth::Rails.rodauth(:admin)
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    enable :internal_request
+  end
+end
+```
+```rb
+# main configuration
+RodauthApp.rodauth.create_account(login: "user@example.com", password: "secret")
+RodauthApp.rodauth.verify_account(account_login: "user@example.com")
-rodauth.login_url #=> "https://example.com/login"
-rodauth.account_from_login("user@example.com") # loads user by email
-rodauth.password_match?("secret") #=> true
-rodauth.setup_account_verification
-rodauth.close_account
+# secondary configuration
+RodauthApp.rodauth(:admin).close_account(account_login: "admin@example.com")
 ```
-The base URL is taken from Action Mailer's `default_url_options` setting if
-configured. The `Rodauth::Rails.rodauth` method accepts additional keyword
-arguments:
+The rodauth-rails gem additionally updates the internal rack env hash with your
+`config.action_mailer.default_url_options`, which is used for generating email
+links.
-* `:account` – Active Record model instance from which to set `account` and `session[:account_id]`
-* `:query` & `:form` – set specific query/form parameters
-* `:session` – set any session values
-* `:env` – set any additional Rack env values
+For generating authentication URLs outside of a request use the
+[path_class_methods] plugin:
 ```rb
-Rodauth::Rails.rodauth(account: Account.find(account_id))
-Rodauth::Rails.rodauth(query: { "param" => "value" })
-Rodauth::Rails.rodauth(form: { "param" => "value" })
-Rodauth::Rails.rodauth(session: { two_factor_auth_setup: true })
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    enable :path_class_methods
+  end
+end
+```
+```rb
+# main configuration
+RodauthApp.rodauth.create_account_path
+RodauthApp.rodauth.verify_account_url(key: "abc123")
+# secondary configuration
+RodauthApp.rodauth(:admin).close_account_path
+```
+#### Calling instance methods
+If you need to access Rodauth methods not exposed as internal requests, you can
+use `Rodauth::Rails.rodauth` to retrieve the Rodauth instance used by the
+internal_request feature:
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    enable :internal_request # this is required
+  end
+end
+```
+```rb
+account = Account.find_by!(email: "user@example.com")
+rodauth = Rodauth::Rails.rodauth(account: account)
+rodauth.compute_hmac("token") #=> "TpEJTKfKwqYvIDKWsuZhkhKlhaBXtR1aodskBAflD8U"
+rodauth.open_account? #=> true
+rodauth.two_factor_authentication_setup? #=> true
+rodauth.password_meets_requirements?("foo") #=> false
+rodauth.locked_out? #=> false
+```
+In addition to the `:account` option, the `Rodauth::Rails.rodauth`
+method accepts any options supported by the internal_request feature.
+```rb
+# main configuration
 Rodauth::Rails.rodauth(env: { "HTTP_USER_AGENT" => "programmatic" })
+Rodauth::Rails.rodauth(session: { two_factor_auth_setup: true })
+# secondary configuration
+Rodauth::Rails.rodauth(:admin, params: { "param" => "value" })
 ```
 ## How it works
@@ -753,21 +1009,23 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
-If you need Cross-Origin Resource Sharing and/or JWT refresh tokens, enable the
-corresponding Rodauth features and create the necessary tables:
+The JWT token will be returned after each request to Rodauth routes. To also
+return the JWT token on requests to your app's routes, you can add the
+following code to your base controller:
-```sh
-$ rails generate rodauth:migration jwt_refresh
-$ rails db:migrate
-```
 ```rb
-# app/lib/rodauth_app.rb
-class RodauthApp < Rodauth::Rails::App
-  configure do
-    # ...
-    enable :jwt, :jwt_cors, :jwt_refresh
-    # ...
+class ApplicationController < ActionController::Base
+  # ...
+  after_action :set_jwt_token
+  private
+  def set_jwt_token
+    if rodauth.use_jwt? && rodauth.valid_jwt?
+      response.headers["Authorization"] = rodauth.session_jwt
+    end
   end
+  # ...
 end
 ```
@@ -872,9 +1130,13 @@ class RodauthController < ApplicationController
       account.identities.create!(provider: auth["provider"], uid: auth["uid"], info: auth["info"])
     end
-    # login with Rodauth
+    # load the account into the rodauth instance
     rodauth.account_from_login(account.email)
-    rodauth.login("omniauth")
+    rodauth_response do # ensures any `after_action` callbacks get called
+      # sign in the loaded account
+      rodauth.login("omniauth")
+    end
   end
 end
 ```
@@ -893,6 +1155,7 @@ methods:
 | `rails_check_csrf!`         | Verifies the authenticity token for the current request.           |
 | `rails_controller_instance` | Instance of the controller with the request env context.           |
 | `rails_controller`          | Controller class to use for rendering and CSRF protection.         |
+| `rails_account_model`       | Model class connected with the accounts table.                     |
 The `Rodauth::Rails` module has a few config settings available as well:
@@ -1075,29 +1338,6 @@ Rails.application.configure do |config|
 end
 ```
-If you need to create an account record with a password directly, you can do it
-as follows:
-```rb
-# app/models/account.rb
-class Account < ApplicationRecord
-  has_one :password_hash, foreign_key: :id
-end
-```
-```rb
-# app/models/account/password_hash.rb
-class Account::PasswordHash < ApplicationRecord
-  belongs_to :account, foreign_key: :id
-end
-```
-```rb
-require "bcrypt"
-account = Account.create!(email: "user@example.com", status: "verified")
-password_hash = BCrypt::Password.create("secret", cost: BCrypt::Engine::MIN_COST)
-account.create_password_hash!(id: account.id, password_hash: password_hash)
-```
 ## Rodauth defaults
 rodauth-rails changes some of the default Rodauth settings for easier setup:
@@ -1231,3 +1471,6 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [single_session]: http://rodauth.jeremyevans.net/rdoc/files/doc/single_session_rdoc.html
 [account_expiration]: http://rodauth.jeremyevans.net/rdoc/files/doc/account_expiration_rdoc.html
 [simple_ldap_authenticator]: https://github.com/jeremyevans/simple_ldap_authenticator
+[internal_request]: http://rodauth.jeremyevans.net/rdoc/files/doc/internal_request_rdoc.html
+[composite_primary_keys]: https://github.com/composite-primary-keys/composite_primary_keys
+[path_class_methods]: https://rodauth.jeremyevans.net/rdoc/files/doc/path_class_methods_rdoc.html

data/lib/generators/rodauth/templates/app/lib/rodauth_app.rb CHANGED Viewed

@@ -52,7 +52,7 @@ class RodauthApp < Rodauth::Rails::App
     # reset_password_autologin? true
     # Delete the account record when the user has closed their account.
-    # delete_account_on_close? true
+    delete_account_on_close? true
     # Redirect to the app from login and registration pages if already logged in.
     # already_logged_in { redirect login_redirect }
@@ -154,11 +154,15 @@ class RodauthApp < Rodauth::Rails::App
 <% end -%>
   end
-  # ==> Multiple configurations
+  # ==> Secondary configurations
   # configure(:admin) do
-  #   enable :http_basic_auth # enable different set of features
+  #   # ... enable features ...
   #   prefix "/admin"
   #   session_key_prefix "admin_"
+  #   # remember_cookie_key "_admin_remember" # if using remember feature
+  #
+  #   # search views in `app/views/admin/rodauth` directory
+  #   rails_controller { Admin::RodauthController }
   # end
   route do |r|
@@ -180,7 +184,7 @@ class RodauthApp < Rodauth::Rails::App
     #   rodauth.require_authentication
     # end
-    # ==> Multiple configurations
+    # ==> Secondary configurations
     # r.on "admin" do
     #   r.rodauth(:admin)
     #
@@ -188,7 +192,7 @@ class RodauthApp < Rodauth::Rails::App
     #     rodauth(:admin).require_http_basic_auth
     #   end
     #
-    #   r.pass # allow the Rails app to handle other "/admin/*" requests
+    #   break # allow the Rails app to handle other "/admin/*" requests
     # end
   end
 end

data/lib/generators/rodauth/templates/app/models/account.rb CHANGED Viewed

@@ -1,2 +1,3 @@
 class Account < ApplicationRecord
+  include Rodauth::Rails.model
 end

data/lib/generators/rodauth/templates/app/views/rodauth/_email_auth_request_form.html.erb CHANGED Viewed

@@ -1,4 +1,4 @@
-<%%= form_tag rodauth.email_auth_request_path, method: :post do %>
+<%%= form_tag <%= rodauth %>.email_auth_request_path, method: :post do %>
   <%%= render "login_hidden_field" %>
   <%%= render "submit", value: "Send Login Link Via Email" %>
 <%% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/_field.html.erb CHANGED Viewed

@@ -4,7 +4,7 @@
   autocomplete: local_assigns[:autocomplete],
   inputmode: local_assigns[:inputmode],
   required: local_assigns[:required] != false,
-  class: "#{local_assigns[:class] || "form-control"} #{"is-invalid" if rodauth.field_error(name)}",
-  aria: ({ invalid: "true", describedby: "#{name}_error_message" } if rodauth.field_error(name)) %>
+  class: "#{local_assigns[:class] || "form-control"} #{"is-invalid" if <%= rodauth %>.field_error(name)}",
+  aria: ({ invalid: "true", describedby: "#{name}_error_message" } if <%= rodauth %>.field_error(name)) %>
 <%%= render "field_error", name: name unless local_assigns[:skip_error_message] %>

data/lib/generators/rodauth/templates/app/views/rodauth/_field_error.html.erb CHANGED Viewed

@@ -1,3 +1,3 @@
-<%% if rodauth.field_error(name) %>
-  <div class="invalid-feedback" id="<%%= name %>_error_message"><%%= rodauth.field_error(name) %></div>
+<%% if <%= rodauth %>.field_error(name) %>
+  <div class="invalid-feedback" id="<%%= name %>_error_message"><%%= <%= rodauth %>.field_error(name) %></div>
 <%% end %>