rodauth-rails 0.15.0 → 0.18.0

data/lib/generators/rodauth/templates/app/views/rodauth/verify_account_resend.html.erb

@@ -1,9 +1,19 @@
-<%%= form_tag <%= rodauth %>.verify_account_resend_path, method: :post do %>
-  <p>If you no longer have the email to verify the account, you can request that it be resent to you:</p>
-  <%% if params[<%= rodauth %>.login_param] %>
-    <%%= render "login_hidden_field" %>
-  <%% else %>
-    <%%= render "login_field" %>
-  <%% end %>
-  <%%= render "submit", value: "Send Verification Login Again" %>
-<%% end %>
+<% content_for :title, rodauth.resend_verify_account_page_title %>
+
+<%= form_with url: rodauth.verify_account_resend_path, method: :post do |form| %>
+  <%== rodauth.verify_account_resend_explanatory_text %>
+
+  <% if params[rodauth.login_param] %>
+    <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>
+  <% else %>
+    <div class="form-group mb-3">
+      <%= form.label "login", rodauth.login_label, class: "form-label" %>
+      <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: "email", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_param)}", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.login_param), class: "invalid-feedback", id: "login_error_message") if rodauth.field_error(rodauth.login_param) %>
+    </div>
+  <% end %>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.verify_account_resend_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/verify_login_change.html.erb

@@ -1,3 +1,7 @@
-<%%= form_tag <%= rodauth %>.verify_login_change_path, method: :post do %>
-  <%%= render "submit", value: "Verify Login Change" %>
-<%% end %>
+<% content_for :title, rodauth.verify_login_change_page_title %>
+
+<%= form_with url: rodauth.verify_login_change_path, method: :post do |form| %>
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.verify_login_change_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_auth.html.erb

@@ -1,13 +1,17 @@
-<%% cred = <%= rodauth %>.webauth_credential_options_for_get %>
+<% content_for :title, rodauth.webauthn_auth_page_title %>
 
-<%%= form_tag <%= rodauth %>.webauthn_auth_form_path, method: :post, id: "webauthn-auth-form", data: { credential_options: cred.as_json.to_json } do %>
-  <%%= render "login_hidden_field" if params[<%= rodauth %>.login_param] %>
-  <%%= hidden_field_tag <%= rodauth %>.webauthn_auth_challenge_param, cred.challenge %>
-  <%%= hidden_field_tag <%= rodauth %>.webauthn_auth_challenge_hmac_param, <%= rodauth %>.compute_hmac(cred.challenge) %>
-  <%%= text_field_tag <%= rodauth %>.webauthn_auth_param, "", id: "webauthn-auth", aria: { hidden: "true" } %>
+<% cred = rodauth.webauth_credential_options_for_get %>
+
+<%= form_with url: rodauth.webauthn_auth_form_path, method: :post, id: "webauthn-auth-form", data: { credential_options: cred.as_json.to_json } do |form| %>
+  <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>
+  <%= form.hidden_field rodauth.webauthn_auth_challenge_param, value: cred.challenge %>
+  <%= form.hidden_field rodauth.webauthn_auth_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>
+  <%= form.text_field rodauth.webauthn_auth_param, value: "", id: "webauthn-auth", aria: { hidden: "true" } %>
   <div id="webauthn-auth-button">
-    <%%= render "submit", value: "Authenticate Using WebAuthn" %>
+    <div class="form-group mb-3">
+      <%= form.submit rodauth.webauthn_auth_button, class: "btn btn-primary" %>
+    </div>
   </div>
-<%% end %>
+<% end %>
 
-<%%= javascript_include_tag <%= rodauth %>.webauthn_auth_js_path %>
+<%= javascript_include_tag rodauth.webauthn_auth_js_path %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_remove.html.erb

@@ -1,13 +1,25 @@
-<%%= form_tag <%= rodauth %>.webauthn_remove_path, method: :post, id: "webauthn-remove-form" do %>
-  <%%= render "password_field" if <%= rodauth %>.two_factor_modifications_require_password? %>
+<% content_for :title, rodauth.webauthn_remove_page_title %>
+
+<%= form_with url: rodauth.webauthn_remove_path, method: :post, id: "webauthn-remove-form" do |form| %>
+  <% if rodauth.two_factor_modifications_require_password? %>
+    <div class="form-group mb-3">
+      <%= form.label "password", rodauth.password_label, class: "form-label" %>
+      <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "invalid-feedback", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+    </div>
+  <% end %>
+
   <fieldset class="form-group mb-3">
-    <%% (usage = <%= rodauth %>.account_webauthn_usage).each do |id, last_use| %>
+    <% (usage = rodauth.account_webauthn_usage).each do |id, last_use| %>
       <div class="form-check">
-        <%%= render "field", name: <%= rodauth %>.webauthn_remove_param, id: "webauthn-remove-#{id}", type: :radio, class: "form-check-input", skip_error_message: true, value: id, required: false %>
-        <%%= label_tag "webauthn-remove-#{id}", "Last use: #{last_use}", class: "form-check-label" %>
-        <%%= render "field_error", name: <%= rodauth %>.webauthn_remove_param if id == usage.keys.last %>
+        <%= form.radio_button rodauth.webauthn_remove_param, id, id: "webauthn-remove-#{id}", class: "form-check-input #{"is-invalid" if rodauth.field_error(rodauth.webauthn_remove_param)}", aria: ({ invalid: true, describedby: "webauthn_remove_error_message" } if rodauth.field_error(rodauth.webauthn_remove_param)) %>
+        <%= form.label "webauthn-remove-#{id}", "Last use: #{last_use}", class: "form-check-label" %>
+        <%= content_tag(:span, rodauth.field_error(rodauth.webauthn_remove_param), class: "invalid-feedback", id: "webauthn_remove_error_message") if rodauth.field_error(rodauth.webauthn_remove_param) && id == usage.keys.last %>
       </div>
-    <%% end %>
+    <% end %>
   </fieldset>
-  <%%= render "submit", value: "Remove WebAuthn Authenticator" %>
-<%% end %>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.webauthn_remove_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_setup.html.erb

@@ -1,13 +1,25 @@
-<%% cred = <%= rodauth %>.new_webauthn_credential %>
+<% content_for :title, rodauth.webauthn_setup_page_title %>
+
+<% cred = rodauth.new_webauthn_credential %>
+
+<%= form_with url: rodauth.webauthn_setup_path, method: :post, id: "webauthn-setup-form", data: { credential_options: cred.as_json.to_json } do |form| %>
+  <%= form.hidden_field rodauth.webauthn_setup_challenge_param, value: cred.challenge %>
+  <%= form.hidden_field rodauth.webauthn_setup_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>
+  <%= form.text_field rodauth.webauthn_setup_param, value: "", id: "webauthn-setup", aria: { hidden: "true" } %>
+
+  <% if rodauth.two_factor_modifications_require_password? %>
+    <div class="form-group mb-3">
+      <%= form.label "password", rodauth.password_label, class: "form-label" %>
+      <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "invalid-feedback", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+    </div>
+  <% end %>
 
-<%%= form_tag <%= rodauth %>.webauthn_setup_path, method: :post, id: "webauthn-setup-form", data: { credential_options: cred.as_json.to_json } do %>
-  <%%= hidden_field_tag <%= rodauth %>.webauthn_setup_challenge_param, cred.challenge %>
-  <%%= hidden_field_tag <%= rodauth %>.webauthn_setup_challenge_hmac_param, <%= rodauth %>.compute_hmac(cred.challenge) %>
-  <%%= text_field_tag <%= rodauth %>.webauthn_setup_param, "", id: "webauthn-setup", aria: { hidden: "true" } %>
-  <%%= render "password_field" if <%= rodauth %>.two_factor_modifications_require_password? %>
   <div id="webauthn-setup-button"> 
-    <%%= render "submit", value: "Setup WebAuthn Authentication" %>
+    <div class="form-group mb-3">
+      <%= form.submit rodauth.webauthn_setup_button, class: "btn btn-primary" %>
+    </div>
   </div>
-<%% end %>
+<% end %>
 
-<%%= javascript_include_tag <%= rodauth %>.webauthn_setup_js_path %>
+<%= javascript_include_tag rodauth.webauthn_setup_js_path %>

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/email_auth.text.erb

@@ -1,5 +1,5 @@
 Someone has requested a login link for the account with this email
 address.  If you did not request a login link, please ignore this
 message.  If you requested a login link, please go to
-<%%= @email_link %>
+<%= @email_link %>
 to login to this account.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/reset_password.text.erb

@@ -1,5 +1,5 @@
 Someone has requested a password reset for the account with this email
 address.  If you did not request a password reset, please ignore this
 message.  If you requested a password reset, please go to
-<%%= @email_link %>
+<%= @email_link %>
 to reset the password for the account.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/unlock_account.text.erb

@@ -1,5 +1,5 @@
 Someone has requested that the account with this email be unlocked.
 If you did not request the unlocking of this account, please ignore this
 message.  If you requested the unlocking of this account, please go to
-<%%= @email_link %>
+<%= @email_link %>
 to unlock this account.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_account.text.erb

@@ -1,4 +1,4 @@
 Someone has created an account with this email address.  If you did not create
 this account, please ignore this message.  If you created this account, please go to
-<%%= @email_link %>
+<%= @email_link %>
 to verify the account.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_login_change.text.erb

@@ -1,10 +1,10 @@
 Someone with an account has requested their login be changed to this email address:
 
-Old email: <%%= @old_login %>
+Old email: <%= @old_login %>
 
-New email: <%%= @new_login %>
+New email: <%= @new_login %>
 
 If you did not request this login change, please ignore this message.  If you
 requested this login change, please go to
-<%%= @email_link %>
+<%= @email_link %>
 to verify the login change.

data/lib/generators/rodauth/views_generator.rb

@@ -7,12 +7,8 @@ module Rodauth
         source_root "#{__dir__}/templates"
         namespace "rodauth:views"
 
-        argument :features, optional: true, type: :array,
-          desc: "Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)",
-          default: %w[login logout create_account verify_account reset_password change_password change_login verify_login_change close_account]
-
-        class_option :features, type: :array,
-          desc: "[DEPRECATED] Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)"
+        argument :selected_features, optional: true, type: :array,
+          desc: "Rodauth features to generate views for (login, create_account, reset_password, verify_account etc.)"
 
         class_option :all, aliases: "-a", type: :boolean,
           desc: "Generates views for all Rodauth features",
@@ -23,96 +19,57 @@ module Rodauth
           default: nil
 
         VIEWS = {
-          login: %w[
-            _field _field_error _login_field _login_display _password_field
-            _submit _login_form _login_form_footer _login_form_header login
-            multi_phase_login
-          ],
-          create_account: %w[
-            _field _field_error _login_field _login_confirm_field
-            _password_field _password_confirm_field _submit create_account
-          ],
-          logout: %w[
-            _submit logout
-          ],
-          reset_password: %w[
-            _field _field_error _login_field _login_hidden_field
-            _password_field _password_confirm_field _submit
-            reset_password_request reset_password
-          ],
-          remember: %w[
-            _submit remember
-          ],
-          change_login: %w[
-            _field _field_error _login_field _login_confirm_field
-            _password_field _submit change_login
-          ],
-          change_password: %w[
-            _field _field_error _password_field _new_password_field
-            _password_confirm_field _submit change_password
-          ],
-          close_account: %w[
-            _field _field_error _password_field _submit close_account
-          ],
-          email_auth: %w[
-            _login_hidden_field _submit _email_auth_request_form email_auth
-          ],
-          verify_account: %w[
-            _field _field_error _login_hidden_field _login_field _submit
-            verify_account_resend verify_account
-          ],
-          lockout: %w[
-            _login_hidden_field _submit unlock_account_request unlock_account
-          ],
-          active_sessions: %w[
-            _global_logout_field
-          ],
-          two_factor_base: %w[
-            _field _field_error _password_field _submit
-            two_factor_manage two_factor_auth two_factor_disable
-          ],
-          otp: %w[
-            _field _field_error _otp_auth_code_field _password_field _submit
-            otp_setup otp_auth otp_disable
-          ],
-          sms_codes: %w[
-            _field _field_error _sms_code_field _sms_phone_field
-            _password_field _submit
-            sms_setup sms_confirm sms_auth sms_request sms_disable
-          ],
-          recovery_codes: %w[
-            _field _field_error _recovery_code_field _recovery_codes_form
-            recovery_codes add_recovery_codes recovery_auth
-          ],
-          webauthn: %w[
-            _field _field_error _login_hidden_field _password_field _submit
-            webauthn_setup webauthn_auth webauthn_remove
-          ]
+          login:               %w[_login_form _login_form_footer _login_form_header login multi_phase_login],
+          create_account:      %w[create_account],
+          logout:              %w[logout],
+          reset_password:      %w[reset_password_request reset_password],
+          remember:            %w[remember],
+          change_login:        %w[change_login],
+          change_password:     %w[change_password],
+          close_account:       %w[close_account],
+          email_auth:          %w[_email_auth_request_form email_auth],
+          verify_account:      %w[verify_account_resend verify_account],
+          verify_login_change: %w[verify_login_change],
+          lockout:             %w[unlock_account_request unlock_account],
+          two_factor_base:     %w[two_factor_manage two_factor_auth two_factor_disable],
+          otp:                 %w[otp_setup otp_auth otp_disable],
+          sms_codes:           %w[sms_setup sms_confirm sms_auth sms_request sms_disable],
+          recovery_codes:      %w[recovery_codes add_recovery_codes recovery_auth],
+          webauthn:            %w[webauthn_setup webauthn_auth webauthn_remove],
         }
 
         DEPENDENCIES = {
-          active_sessions: :logout,
-          otp:             :two_factor_base,
-          sms_codes:       :two_factor_base,
-          recovery_codes:  :two_factor_base,
-          webauthn:        :two_factor_base,
+          otp:            :two_factor_base,
+          sms_codes:      :two_factor_base,
+          recovery_codes: :two_factor_base,
+          webauthn:       :two_factor_base,
         }
 
         def create_views
-          if options[:all]
-            features = VIEWS.keys
-          else
-            features = (options[:features] || self.features).map(&:to_sym)
-          end
-
           views = features.inject([]) do |list, feature|
             list |= VIEWS[feature] || []
             list |= VIEWS[DEPENDENCIES[feature]] || []
           end
 
           views.each do |view|
-            template "app/views/rodauth/#{view}.html.erb",
-              "app/views/#{directory}/#{view}.html.erb"
+            copy_file "app/views/rodauth/#{view}.html.erb", "app/views/#{directory}/#{view}.html.erb" do |content|
+              content = content.gsub("rodauth.", "rodauth(:#{configuration_name}).") if configuration_name
+              content = content.gsub("rodauth/", "#{directory}/")
+              content = form_helpers_compatibility(content) if ActionView.version < Gem::Version.new("5.1")
+              content
+            end
+          end
+        end
+
+        private
+
+        def features
+          if options[:all]
+            VIEWS.keys
+          elsif selected_features
+            selected_features.map(&:to_sym)
+          else
+            rodauth_configuration.features
           end
         end
 
@@ -124,19 +81,27 @@ module Rodauth
           controller.controller_path
         end
 
-        def rodauth
-          "rodauth#{"(:#{configuration_name})" if configuration_name}"
+        def controller
+          rodauth_configuration.allocate.rails_controller
         end
 
-        def controller
-          rodauth = Rodauth::Rails.app.rodauth(configuration_name)
-          fail ArgumentError, "unknown rodauth configuration: #{configuration_name.inspect}" unless rodauth
-          rodauth.allocate.rails_controller
+        def rodauth_configuration
+          Rodauth::Rails.app.rodauth!(configuration_name)
         end
 
         def configuration_name
           options[:name]&.to_sym
         end
+
+        # We need to use the *_tag helpers on versions lower than Rails 5.1.
+        def form_helpers_compatibility(content)
+          content
+            .gsub(/form_with url: (.+) do \|form\|/, 'form_tag \1 do')
+            .gsub(/form\.(label|submit)/, '\1_tag')
+            .gsub(/form\.(email|password|text|telephone|hidden)_field (\S+), value:/, '\1_field_tag \2,')
+            .gsub(/form\.radio_button (\S+), (\S+),/, 'radio_button_tag \1, \2, false,')
+            .gsub(/form\.check_box (\S+), (.+) /, 'check_box_tag \1, "t", false, \2 ')
+        end
       end
     end
   end

data/lib/rodauth/rails/app.rb

@@ -43,6 +43,10 @@ module Rodauth
       def rails_request
         ActionDispatch::Request.new(env)
       end
+
+      def self.rodauth!(name)
+        rodauth(name) or fail ArgumentError, "unknown rodauth configuration: #{name.inspect}"
+      end
     end
   end
 end

data/lib/rodauth/rails/auth.rb

@@ -6,10 +6,10 @@ module Rodauth
     # Base auth class that applies some default configuration and supports
     # multi-level inheritance.
     class Auth < Rodauth::Auth
-      def self.inherited(auth_class)
+      def self.inherited(subclass)
         super
         superclass = self
-        auth_class.class_eval do
+        subclass.class_eval do
           @roda_class = Rodauth::Rails.app
           @features = superclass.features.clone
           @routes = superclass.routes.clone

data/lib/rodauth/rails/controller_methods.rb

@@ -4,13 +4,54 @@ module Rodauth
       def self.included(controller)
         # ActionController::API doesn't have helper methods
         if controller.respond_to?(:helper_method)
-          controller.helper_method :rodauth
+          controller.helper_method :rodauth, :current_account
         end
       end
 
       def rodauth(name = nil)
         request.env.fetch ["rodauth", *name].join(".")
       end
+
+      def current_account(name = nil)
+        model = rodauth(name).rails_account_model
+        id = rodauth(name).session_value
+
+        @current_account ||= {}
+        @current_account[name] ||= fetch_account(model, id) do
+          rodauth(name).clear_session
+          rodauth(name).login_required
+        end
+      end
+
+      private
+
+      def fetch_account(model, id, &not_found)
+        if defined?(ActiveRecord::Base) && model < ActiveRecord::Base
+          begin
+            model.find(id)
+          rescue ActiveRecord::RecordNotFound
+            not_found.call
+          end
+        elsif model < Sequel::Model
+          begin
+            model.with_pk!(id)
+          rescue Sequel::NoMatchingRow
+            not_found.call
+          end
+        else
+          fail Error, "unsupported model type: #{model}"
+        end
+      end
+
+      def rodauth_response
+        res = catch(:halt) { return yield }
+
+        self.status = res[0]
+        self.headers.merge! res[1]
+        self.response_body = res[2]
+
+        res
+      end
     end
   end
 end

data/lib/rodauth/rails/feature/base.rb

@@ -4,6 +4,7 @@ module Rodauth
       module Base
         def self.included(feature)
           feature.auth_methods :rails_controller
+          feature.auth_value_methods :rails_account_model
           feature.auth_cached_method :rails_controller_instance
         end
 
@@ -30,6 +31,14 @@ module Rodauth
           end
         end
 
+        def rails_account_model
+          table = accounts_table
+          table = table.column if table.is_a?(Sequel::SQL::QualifiedIdentifier) # schema is specified
+          table.to_s.classify.constantize
+        rescue NameError
+          raise Error, "cannot infer account model, please set `rails_account_model` in your rodauth configuration"
+        end
+
         delegate :rails_routes, :rails_request, to: :scope
 
         private

data/lib/rodauth/rails/feature/csrf.rb

@@ -13,23 +13,23 @@ module Rodauth
 
         # Render Rails CSRF tags in Rodauth templates.
         def csrf_tag(*)
-          rails_csrf_tag
+          rails_csrf_tag if rails_controller_csrf?
         end
 
         # Verify Rails' authenticity token.
         def check_csrf
-          rails_check_csrf!
+          rails_check_csrf! if rails_controller_csrf?
         end
 
         # Have Rodauth call #check_csrf automatically.
         def check_csrf?
-          true
+          rails_check_csrf? if rails_controller_csrf?
         end
 
         private
 
         def rails_controller_callbacks
-          return super if rails_api_controller?
+          return super unless rails_controller_csrf?
 
           # don't verify CSRF token as part of callbacks, Rodauth will do that
           rails_controller_instance.allow_forgery_protection = false
@@ -40,6 +40,12 @@ module Rodauth
           end
         end
 
+        # Checks whether ActionController::RequestForgeryProtection is included
+        # and that protect_from_forgery was called.
+        def rails_check_csrf?
+          !!rails_controller_instance.forgery_protection_strategy
+        end
+
         # Calls the controller to verify the authenticity token.
         def rails_check_csrf!
           rails_controller_instance.send(:verify_authenticity_token)
@@ -59,6 +65,11 @@ module Rodauth
         def rails_csrf_token
           rails_controller_instance.send(:form_authenticity_token)
         end
+
+        # Checks whether ActionController::RequestForgeryProtection is included.
+        def rails_controller_csrf?
+          rails_controller.respond_to?(:protect_from_forgery)
+        end
       end
     end
   end

data/lib/rodauth/rails/feature/internal_request.rb

@@ -2,30 +2,20 @@ module Rodauth
   module Rails
     module Feature
       module InternalRequest
-        def post_configure
-          super
-          return unless internal_request?
-
-          self.class.define_singleton_method(:internal_request) do |route, opts = {}, &blk|
-            url_options = ::Rails.application.config.action_mailer.default_url_options || {}
+        def domain
+          return super unless missing_host?
 
-            scheme = url_options[:protocol]
-            port = url_options[:port]
-            port||= Rack::Request::DEFAULT_PORTS[scheme] if Rack.release < "2"
-            host = url_options[:host]
-            host_with_port = host && port ? "#{host}:#{port}" : host
+          Rodauth::Rails.url_options[:host]
+        end
 
-            env = {
-              "HTTP_HOST" => host_with_port,
-              "rack.url_scheme" => scheme,
-              "SERVER_NAME" => host,
-              "SERVER_PORT" => port,
-            }.compact
+        def base_url
+          return super unless missing_host? && domain
 
-            opts = opts.merge(env: env) { |k, v1, v2| v2.merge(v1) }
+          url_options = Rodauth::Rails.url_options
 
-            super(route, opts, &blk)
-          end
+          url = "#{url_options[:protocol]}://#{domain}"
+          url << ":#{url_options[:port]}" if url_options[:port]
+          url
         end
 
         private
@@ -44,6 +34,12 @@ module Rodauth
           return yield if internal_request?
           super
         end
+
+        # Checks whether we're in an internal request and host was not set,
+        # or the request doesn't exist such as with path_class_methods feature.
+        def missing_host?
+          internal_request? && request.host == INVALID_DOMAIN || scope.nil?
+        end
       end
     end
   end

data/lib/rodauth/rails/feature/render.rb

@@ -10,7 +10,7 @@ module Rodauth
         # template, otherwise falls back to Rodauth's template.
         def view(page, *)
           rails_render(action: page.tr("-", "_"), layout: true) ||
-            rails_render(html: super.html_safe, layout: true)
+            rails_render(html: super.html_safe, layout: true, formats: :html)
         end
 
         # Renders templates without layout. First tries to render a user-defined

data/lib/rodauth/rails/model.rb

@@ -77,7 +77,7 @@ module Rodauth
         model.public_send type, name, scope,
           class_name: associated_model.name,
           foreign_key: foreign_key,
-          dependent: :destroy,
+          dependent: type == :has_many ? :delete_all : :delete,
           inverse_of: :account,
           **options,
           **association_options(name)

data/lib/rodauth/rails/railtie.rb

@@ -6,8 +6,10 @@ require "rails"
 module Rodauth
   module Rails
     class Railtie < ::Rails::Railtie
-      initializer "rodauth.middleware" do |app|
-        app.middleware.use Rodauth::Rails::Middleware if Rodauth::Rails.middleware?
+      initializer "rodauth.middleware", after: :load_config_initializers do |app|
+        if Rodauth::Rails.middleware?
+          app.middleware.use Rodauth::Rails::Middleware
+        end
       end
 
       initializer "rodauth.controller" do

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.15.0"
+    VERSION = "0.18.0"
   end
 end