rodauth-rails 0.14.0 → 0.17.1

data/lib/rodauth/rails/feature/base.rb

@@ -4,6 +4,7 @@ module Rodauth
       module Base
         def self.included(feature)
           feature.auth_methods :rails_controller
+          feature.auth_value_methods :rails_account_model
           feature.auth_cached_method :rails_controller_instance
         end
 
@@ -30,6 +31,14 @@ module Rodauth
           end
         end
 
+        def rails_account_model
+          table = accounts_table
+          table = table.column if table.is_a?(Sequel::SQL::QualifiedIdentifier) # schema is specified
+          table.to_s.classify.constantize
+        rescue NameError
+          raise Error, "cannot infer account model, please set `rails_account_model` in your rodauth configuration"
+        end
+
         delegate :rails_routes, :rails_request, to: :scope
 
         private

data/lib/rodauth/rails/feature/callbacks.rb

@@ -4,13 +4,17 @@ module Rodauth
       module Callbacks
         private
 
+        def _around_rodauth
+          rails_controller_around { super }
+        end
+
         # Runs controller callbacks and rescue handlers around Rodauth actions.
-        def _around_rodauth(&block)
+        def rails_controller_around
           result = nil
 
           rails_controller_rescue do
             rails_controller_callbacks do
-              result = catch(:halt) { super(&block) }
+              result = catch(:halt) { yield }
             end
           end
 

data/lib/rodauth/rails/feature/csrf.rb

@@ -13,23 +13,23 @@ module Rodauth
 
         # Render Rails CSRF tags in Rodauth templates.
         def csrf_tag(*)
-          rails_csrf_tag
+          rails_csrf_tag if rails_controller_csrf?
         end
 
         # Verify Rails' authenticity token.
         def check_csrf
-          rails_check_csrf!
+          rails_check_csrf! if rails_controller_csrf?
         end
 
         # Have Rodauth call #check_csrf automatically.
         def check_csrf?
-          true
+          rails_check_csrf? if rails_controller_csrf?
         end
 
         private
 
         def rails_controller_callbacks
-          return super if rails_api_controller?
+          return super unless rails_controller_csrf?
 
           # don't verify CSRF token as part of callbacks, Rodauth will do that
           rails_controller_instance.allow_forgery_protection = false
@@ -40,6 +40,12 @@ module Rodauth
           end
         end
 
+        # Checks whether ActionController::RequestForgeryProtection is included
+        # and that protect_from_forgery was called.
+        def rails_check_csrf?
+          !!rails_controller_instance.forgery_protection_strategy
+        end
+
         # Calls the controller to verify the authenticity token.
         def rails_check_csrf!
           rails_controller_instance.send(:verify_authenticity_token)
@@ -59,6 +65,11 @@ module Rodauth
         def rails_csrf_token
           rails_controller_instance.send(:form_authenticity_token)
         end
+
+        # Checks whether ActionController::RequestForgeryProtection is included.
+        def rails_controller_csrf?
+          rails_controller.respond_to?(:protect_from_forgery)
+        end
       end
     end
   end

data/lib/rodauth/rails/feature/internal_request.rb

@@ -0,0 +1,46 @@
+module Rodauth
+  module Rails
+    module Feature
+      module InternalRequest
+        def domain
+          return super unless missing_host?
+
+          Rodauth::Rails.url_options[:host]
+        end
+
+        def base_url
+          return super unless missing_host? && domain
+
+          url_options = Rodauth::Rails.url_options
+
+          url = "#{url_options[:protocol]}://#{domain}"
+          url << ":#{url_options[:port]}" if url_options[:port]
+          url
+        end
+
+        private
+
+        def rails_controller_around
+          return yield if internal_request?
+          super
+        end
+
+        def rails_instrument_request
+          return yield if internal_request?
+          super
+        end
+
+        def rails_instrument_redirection
+          return yield if internal_request?
+          super
+        end
+
+        # Checks whether we're in an internal request and host was not set,
+        # or the request doesn't exist such as with path_class_methods feature.
+        def missing_host?
+          internal_request? && request.host == INVALID_DOMAIN || scope.nil?
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature.rb

@@ -10,6 +10,7 @@ module Rodauth
     require "rodauth/rails/feature/render"
     require "rodauth/rails/feature/email"
     require "rodauth/rails/feature/instrumentation"
+    require "rodauth/rails/feature/internal_request"
 
     include Rodauth::Rails::Feature::Base
     include Rodauth::Rails::Feature::Callbacks
@@ -17,5 +18,6 @@ module Rodauth
     include Rodauth::Rails::Feature::Render
     include Rodauth::Rails::Feature::Email
     include Rodauth::Rails::Feature::Instrumentation
+    include Rodauth::Rails::Feature::InternalRequest
   end
 end

data/lib/rodauth/rails/model/associations.rb

@@ -0,0 +1,195 @@
+module Rodauth
+  module Rails
+    class Model
+      class Associations
+        attr_reader :rodauth
+
+        def self.call(rodauth)
+          new(rodauth).call
+        end
+
+        def initialize(rodauth)
+          @rodauth = rodauth
+        end
+
+        def call
+          rodauth.features
+            .select { |feature| respond_to?(feature, true) }
+            .flat_map { |feature| send(feature) }
+        end
+
+        private
+
+        def remember
+          {
+            name: :remember_key,
+            type: :has_one,
+            table: rodauth.remember_table,
+            foreign_key: rodauth.remember_id_column,
+          }
+        end
+
+        def verify_account
+          {
+            name: :verification_key,
+            type: :has_one,
+            table: rodauth.verify_account_table,
+            foreign_key: rodauth.verify_account_id_column,
+          }
+        end
+
+        def reset_password
+          {
+            name: :password_reset_key,
+            type: :has_one,
+            table: rodauth.reset_password_table,
+            foreign_key: rodauth.reset_password_id_column,
+          }
+        end
+
+        def verify_login_change
+          {
+            name: :login_change_key,
+            type: :has_one,
+            table: rodauth.verify_login_change_table,
+            foreign_key: rodauth.verify_login_change_id_column,
+          }
+        end
+
+        def lockout
+          [
+            {
+              name: :lockout,
+              type: :has_one,
+              table: rodauth.account_lockouts_table,
+              foreign_key: rodauth.account_lockouts_id_column,
+            },
+            {
+              name: :login_failure,
+              type: :has_one,
+              table: rodauth.account_login_failures_table,
+              foreign_key: rodauth.account_login_failures_id_column,
+            }
+          ]
+        end
+
+        def email_auth
+          {
+            name: :email_auth_key,
+            type: :has_one,
+            table: rodauth.email_auth_table,
+            foreign_key: rodauth.email_auth_id_column,
+          }
+        end
+
+        def account_expiration
+          {
+            name: :activity_time,
+            type: :has_one,
+            table: rodauth.account_activity_table,
+            foreign_key: rodauth.account_activity_id_column,
+          }
+        end
+
+        def active_sessions
+          {
+            name: :active_session_keys,
+            type: :has_many,
+            table: rodauth.active_sessions_table,
+            foreign_key: rodauth.active_sessions_account_id_column,
+          }
+        end
+
+        def audit_logging
+          {
+            name: :authentication_audit_logs,
+            type: :has_many,
+            table: rodauth.audit_logging_table,
+            foreign_key: rodauth.audit_logging_account_id_column,
+            dependent: nil,
+          }
+        end
+
+        def disallow_password_reuse
+          {
+            name: :previous_password_hashes,
+            type: :has_many,
+            table: rodauth.previous_password_hash_table,
+            foreign_key: rodauth.previous_password_account_id_column,
+          }
+        end
+
+        def jwt_refresh
+          {
+            name: :jwt_refresh_keys,
+            type: :has_many,
+            table: rodauth.jwt_refresh_token_table,
+            foreign_key: rodauth.jwt_refresh_token_account_id_column,
+          }
+        end
+
+        def password_expiration
+          {
+            name: :password_change_time,
+            type: :has_one,
+            table: rodauth.password_expiration_table,
+            foreign_key: rodauth.password_expiration_id_column,
+          }
+        end
+
+        def single_session
+          {
+            name: :session_key,
+            type: :has_one,
+            table: rodauth.single_session_table,
+            foreign_key: rodauth.single_session_id_column,
+          }
+        end
+
+        def otp
+          {
+            name: :otp_key,
+            type: :has_one,
+            table: rodauth.otp_keys_table,
+            foreign_key: rodauth.otp_keys_id_column,
+          }
+        end
+
+        def sms_codes
+          {
+            name: :sms_code,
+            type: :has_one,
+            table: rodauth.sms_codes_table,
+            foreign_key: rodauth.sms_id_column,
+          }
+        end
+
+        def recovery_codes
+          {
+            name: :recovery_codes,
+            type: :has_many,
+            table: rodauth.recovery_codes_table,
+            foreign_key: rodauth.recovery_codes_id_column,
+          }
+        end
+
+        def webauthn
+          [
+            {
+              name: :webauthn_user_id,
+              type: :has_one,
+              table: rodauth.webauthn_user_ids_table,
+              foreign_key: rodauth.webauthn_user_ids_account_id_column,
+            },
+            {
+              name: :webauthn_keys,
+              type: :has_many,
+              table: rodauth.webauthn_keys_table,
+              foreign_key: rodauth.webauthn_keys_account_id_column,
+            }
+          ]
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/model.rb

@@ -0,0 +1,101 @@
+module Rodauth
+  module Rails
+    class Model < Module
+      require "rodauth/rails/model/associations"
+
+      def initialize(auth_class, association_options: {})
+        @auth_class = auth_class
+        @association_options = association_options
+
+        define_methods
+      end
+
+      def included(model)
+        fail Rodauth::Rails::Error, "must be an Active Record model" unless model < ActiveRecord::Base
+
+        define_associations(model)
+      end
+
+      private
+
+      def define_methods
+        rodauth = @auth_class.allocate.freeze
+
+        attr_reader :password
+
+        define_method(:password=) do |password|
+          @password = password
+          password_hash = rodauth.send(:password_hash, password) if password
+          set_password_hash(password_hash)
+        end
+
+        define_method(:set_password_hash) do |password_hash|
+          if rodauth.account_password_hash_column
+            public_send(:"#{rodauth.account_password_hash_column}=", password_hash)
+          else
+            if password_hash
+              record = self.password_hash || build_password_hash
+              record.public_send(:"#{rodauth.password_hash_column}=", password_hash)
+            else
+              self.password_hash&.mark_for_destruction
+            end
+          end
+        end
+      end
+
+      def define_associations(model)
+        define_password_hash_association(model) unless rodauth.account_password_hash_column
+
+        feature_associations.each do |association|
+          define_association(model, **association)
+        end
+      end
+
+      def define_password_hash_association(model)
+        password_hash_id_column = rodauth.password_hash_id_column
+        scope = -> { select(password_hash_id_column) } if rodauth.send(:use_database_authentication_functions?)
+
+        define_association model,
+          type: :has_one,
+          name: :password_hash,
+          table: rodauth.password_hash_table,
+          foreign_key: password_hash_id_column,
+          scope: scope,
+          autosave: true
+      end
+
+      def define_association(model, type:, name:, table:, foreign_key:, scope: nil, **options)
+        associated_model = Class.new(model.superclass)
+        associated_model.table_name = table
+        associated_model.belongs_to :account,
+          class_name: model.name,
+          foreign_key: foreign_key,
+          inverse_of: name
+
+        model.const_set(name.to_s.singularize.camelize, associated_model)
+
+        model.public_send type, name, scope,
+          class_name: associated_model.name,
+          foreign_key: foreign_key,
+          dependent: type == :has_many ? :delete_all : :delete,
+          inverse_of: :account,
+          **options,
+          **association_options(name)
+      end
+
+      def feature_associations
+        Rodauth::Rails::Model::Associations.call(rodauth)
+      end
+
+      def association_options(name)
+        options = @association_options
+        options = options.call(name) if options.respond_to?(:call)
+        options || {}
+      end
+
+      def rodauth
+        @auth_class.allocate
+      end
+    end
+  end
+end

data/lib/rodauth/rails/tasks.rake

@@ -4,15 +4,15 @@ namespace :rodauth do
 
     puts "Routes handled by #{app}:"
 
-    app.opts[:rodauths].each_key do |rodauth_name|
-      rodauth = Rodauth::Rails.rodauth(rodauth_name)
+    app.opts[:rodauths].each do |configuration_name, auth_class|
+      auth_class.configure { enable :path_class_methods }
 
-      routes = rodauth.class.routes.map do |handle_method|
+      routes = auth_class.routes.map do |handle_method|
         path_method = "#{handle_method.to_s.sub(/\Ahandle_/, "")}_path"
 
         [
-          rodauth.public_send(path_method),
-          "rodauth#{rodauth_name && "(:#{rodauth_name})"}.#{path_method}",
+          auth_class.public_send(path_method),
+          "rodauth#{configuration_name && "(:#{configuration_name})"}.#{path_method}",
         ]
       end
 

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.14.0"
+    VERSION = "0.17.1"
   end
 end

data/lib/rodauth/rails.rb

@@ -1,9 +1,6 @@
 require "rodauth/rails/version"
 require "rodauth/rails/railtie"
 
-require "rack/utils"
-require "stringio"
-
 module Rodauth
   module Rails
     class Error < StandardError
@@ -12,47 +9,45 @@ module Rodauth
     # This allows the developer to avoid loading Rodauth at boot time.
     autoload :App, "rodauth/rails/app"
     autoload :Auth, "rodauth/rails/auth"
+    autoload :Model, "rodauth/rails/model"
 
     @app = nil
     @middleware = true
 
+    LOCK = Mutex.new
+
     class << self
-      def rodauth(name = nil, query: {}, form: {}, session: {}, account: nil, env: {})
-        unless app.rodauth(name)
+      def rodauth(name = nil, query: nil, form: nil, account: nil, **options)
+        auth_class = app.rodauth(name)
+
+        unless auth_class
           fail ArgumentError, "undefined rodauth configuration: #{name.inspect}"
         end
 
-        url_options = ActionMailer::Base.default_url_options
-
-        scheme   = url_options[:protocol] || "http"
-        port     = url_options[:port]
-        port   ||= Rack::Request::DEFAULT_PORTS[scheme] if Gem::Version.new(Rack.release) < Gem::Version.new("2.0")
-        host     = url_options[:host]
-        host    += ":#{port}" if port
-
-        content_type = "application/x-www-form-urlencoded" if form.any?
-
-        rack_env = {
-          "QUERY_STRING"    => Rack::Utils.build_nested_query(query),
-          "rack.input"      => StringIO.new(Rack::Utils.build_nested_query(form)),
-          "CONTENT_TYPE"    => content_type,
-          "rack.session"    => {},
-          "HTTP_HOST"       => host,
-          "rack.url_scheme" => scheme,
-        }.merge(env)
-
-        scope    = app.new(rack_env)
-        instance = scope.rodauth(name)
+        LOCK.synchronize do
+          unless auth_class.features.include?(:internal_request)
+            auth_class.configure { enable :internal_request }
+            warn "Rodauth::Rails.rodauth requires the internal_request feature to be enabled. For now it was enabled automatically, but this behaviour will be removed in version 1.0."
+          end
+        end
 
-        # update session hash here to make it work with JWT session
-        instance.session.merge!(session)
+        if query || form
+          warn "The :query and :form keyword arguments for Rodauth::Rails.rodauth have been deprecated. Please use the :params argument supported by internal_request feature instead."
+          options[:params] = query || form
+        end
 
         if account
-          instance.instance_variable_set(:@account, account.attributes.symbolize_keys)
-          instance.session[instance.session_key] = instance.account_session_value
+          options[:account_id] = account.id
         end
 
-        instance
+        auth_class.internal_request_eval(options) do
+          @account = account.attributes.symbolize_keys if account
+          self
+        end
+      end
+
+      def model(name = nil, **options)
+        Rodauth::Rails::Model.new(app.rodauth(name), **options)
       end
 
       # routing constraint that requires authentication
@@ -84,6 +79,12 @@ module Rodauth
         end
       end
 
+      def url_options
+        options = ::Rails.application.config.action_mailer.default_url_options || {}
+        options[:protocol] ||= "http"
+        options
+      end
+
       def configure
         yield self
       end

data/rodauth-rails.gemspec

@@ -17,10 +17,13 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 4.2", "< 7"
-  spec.add_dependency "rodauth", "~> 2.11"
+  spec.add_dependency "rodauth", "~> 2.15"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"
 
   spec.add_development_dependency "jwt"
+  spec.add_development_dependency "rotp"
+  spec.add_development_dependency "rqrcode"
+  spec.add_development_dependency "webauthn" unless RUBY_ENGINE == "jruby"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.17.1
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-07-10 00:00:00.000000000 Z
+date: 2021-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -36,14 +36,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.11'
+        version: '2.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.11'
+        version: '2.15'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
@@ -100,6 +100,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rqrcode
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webauthn
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Provides Rails integration for Rodauth.
 email:
 - janko.marohnic@gmail.com
@@ -212,8 +254,11 @@ files:
 - lib/rodauth/rails/feature/csrf.rb
 - lib/rodauth/rails/feature/email.rb
 - lib/rodauth/rails/feature/instrumentation.rb
+- lib/rodauth/rails/feature/internal_request.rb
 - lib/rodauth/rails/feature/render.rb
 - lib/rodauth/rails/middleware.rb
+- lib/rodauth/rails/model.rb
+- lib/rodauth/rails/model/associations.rb
 - lib/rodauth/rails/railtie.rb
 - lib/rodauth/rails/tasks.rake
 - lib/rodauth/rails/version.rb