rodauth-rails 0.15.0 → 0.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '097625662e9cefbf7484ea775c9b1930968fbbc3a1b8ad24df9e229e2194e301'
-  data.tar.gz: fbbfe9dd849646e859aecbf3c600168fc0b65255f7b2bf933a2e42591f8b0b79
+  metadata.gz: e46466d584d7579c32e7d7e53335260dd137c04371f4b7c4680caa5c6a4e4147
+  data.tar.gz: c0be8bdc56f5214c885fc5ad990a0be511251cab6dbf9b0ec7aa3fbd8631d0c9
 SHA512:
-  metadata.gz: 762d0c1725dcd0017cdd6722894e546dfdf246e245af688a8bc99f177e43765fe8bd7a79639e45d3146ca5bedadce9f34389f61bf3a6957b406cbc664cf93829
-  data.tar.gz: 8c6624c70668356b8434dde9bd237cced89f23d4d241b770989f1af68ee687b7186f305ada409885d619b9974e7d2d47b6fddc9faf6935653cab805ee8709167
+  metadata.gz: 8428739e888033efa811819ee8561fa3f2ae342074f6e27bbf257c18bf7029ab87380a82c75c6c08de2a0d4de49482eac74a32bc7aaf0579baf45978fe63811c
+  data.tar.gz: d626ea202fe8e371e6c77364a9e3c1ef34fdccff0ce7794c54b3fc748b0e1a764e92b99b6b7f06aaa8e2f2f67b155b127c0b1314d4ec7420637013136170141c

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.16.0 (2021-09-26)
+
+* Add `#current_account` to methods defined on `ActionController::Base` (@janko)
+
+* Add missing template for verify_login_change feature to `rodauth:views` generator (@janko)
+
+* Add `#rodauth_response` controller method for converting rodauth responses into controller responses (@janko)
+
 ## 0.15.0 (2021-07-29)
 
 * Add `Rodauth::Rails::Model` mixin that defines password attribute and associations on the model (@janko)

data/README.md

@@ -49,7 +49,7 @@ For instructions on upgrading from previous rodauth-rails versions, see
 Add the gem to your Gemfile:
 
 ```rb
-gem "rodauth-rails", "~> 0.15"
+gem "rodauth-rails", "~> 0.16"
 
 # gem "jwt",      require: false # for JWT feature
 # gem "rotp",     require: false # for OTP feature
@@ -142,33 +142,24 @@ end
 
 ### Current account
 
-To be able to fetch currently authenticated account, you can define a
-`#current_account` method that fetches the account id from session and
-retrieves the corresponding account record:
+The `#current_account` method is defined in controllers and views, which
+returns the model instance of the currently logged in account.
 
 ```rb
-# app/controllers/application_controller.rb
-class ApplicationController < ActionController::Base
-  before_action :current_account, if: -> { rodauth.logged_in? }
-
-  private
-
-  def current_account
-    @current_account ||= Account.find(rodauth.session_value)
-  rescue ActiveRecord::RecordNotFound
-    rodauth.logout
-    rodauth.login_required
-  end
-  helper_method :current_account # skip if inheriting from ActionController::API
-end
+current_account #=> #<Account id=123 email="user@example.com">
+current_account.email #=> "user@example.com"
 ```
 
-This allows you to access the current account in controllers and views:
+Pass the configuration name to retrieve accounts belonging to other Rodauth
+configurations:
 
-```erb
-<p>Authenticated as: <%= current_account.email %></p>
+```rb
+current_account(:admin)
 ```
 
+If the account doesn't exist in the database, the session will be cleared and
+login required.
+
 ### Requiring authentication
 
 You'll likely want to require authentication for certain parts of your app,
@@ -577,6 +568,10 @@ Rodauth::Rails.model(association_options: -> (name) {
 })
 ```
 
+Note that some Rodauth tables use composite primary keys, which Active Record
+doesn't support out of the box. For associations to work properly, you might
+need to add the [composite_primary_keys] gem to your Gemfile.
+
 ### Multiple configurations
 
 If you need to handle multiple types of accounts that require different
@@ -818,7 +813,8 @@ method accepts any options supported by the internal_request feature.
 Rodauth::Rails.rodauth(
   env: { "HTTP_USER_AGENT" => "programmatic" },
   session: { two_factor_auth_setup: true },
-  params: { "param" => "value" }
+  params: { "param" => "value" },
+  # ...
 )
 ```
 
@@ -1086,9 +1082,13 @@ class RodauthController < ApplicationController
       account.identities.create!(provider: auth["provider"], uid: auth["uid"], info: auth["info"])
     end
 
-    # login with Rodauth
+    # load the account into the rodauth instance
     rodauth.account_from_login(account.email)
-    rodauth.login("omniauth")
+
+    rodauth_response do # ensures any `after_action` callbacks get called
+      # sign in the loaded account
+      rodauth.login("omniauth")
+    end
   end
 end
 ```

data/lib/generators/rodauth/views_generator.rb

@@ -61,6 +61,9 @@ module Rodauth
             _field _field_error _login_hidden_field _login_field _submit
             verify_account_resend verify_account
           ],
+          verify_login_change: %w[
+            _submit verify_login_change
+          ],
           lockout: %w[
             _login_hidden_field _submit unlock_account_request unlock_account
           ],

data/lib/rodauth/rails/auth.rb

@@ -6,10 +6,10 @@ module Rodauth
     # Base auth class that applies some default configuration and supports
     # multi-level inheritance.
     class Auth < Rodauth::Auth
-      def self.inherited(auth_class)
+      def self.inherited(subclass)
         super
         superclass = self
-        auth_class.class_eval do
+        subclass.class_eval do
           @roda_class = Rodauth::Rails.app
           @features = superclass.features.clone
           @routes = superclass.routes.clone

data/lib/rodauth/rails/controller_methods.rb

@@ -4,13 +4,55 @@ module Rodauth
       def self.included(controller)
         # ActionController::API doesn't have helper methods
         if controller.respond_to?(:helper_method)
-          controller.helper_method :rodauth
+          controller.helper_method :rodauth, :current_account
         end
       end
 
       def rodauth(name = nil)
         request.env.fetch ["rodauth", *name].join(".")
       end
+
+      def current_account(name = nil)
+        table = rodauth(name).accounts_table
+        model = table.to_s.classify.constantize
+        id = rodauth(name).session_value
+
+        @current_account ||= {}
+        @current_account[name] ||= fetch_account(model, id) do
+          rodauth(name).clear_session
+          rodauth(name).login_required
+        end
+      end
+
+      private
+
+      def fetch_account(model, id, &not_found)
+        if defined?(ActiveRecord::Base) && model < ActiveRecord::Base
+          begin
+            model.find(id)
+          rescue ActiveRecord::RecordNotFound
+            not_found.call
+          end
+        elsif model < Sequel::Model
+          begin
+            model.with_pk!(id)
+          rescue Sequel::NoMatchingRow
+            not_found.call
+          end
+        else
+          fail Error, "unsupported model type: #{model}"
+        end
+      end
+
+      def rodauth_response
+        res = catch(:halt) { return yield }
+
+        self.status = res[0]
+        self.headers.merge! res[1]
+        self.response_body = res[2]
+
+        res
+      end
     end
   end
 end

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.15.0"
+    VERSION = "0.16.0"
   end
 end

data/lib/rodauth/rails.rb

@@ -40,12 +40,10 @@ module Rodauth
           options[:account_id] = account.id
         end
 
-        instance = auth_class.internal_request_eval(options) do
+        auth_class.internal_request_eval(options) do
           @account = account.attributes.symbolize_keys if account
           self
         end
-
-        instance
       end
 
       def model(name = nil, **options)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.15.0
+  version: 0.16.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-07-29 00:00:00.000000000 Z
+date: 2021-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties