rodauth-rails 0.16.0 → 0.18.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e46466d584d7579c32e7d7e53335260dd137c04371f4b7c4680caa5c6a4e4147
-  data.tar.gz: c0be8bdc56f5214c885fc5ad990a0be511251cab6dbf9b0ec7aa3fbd8631d0c9
+  metadata.gz: 8eb9b3bee5cf4cd6741d7b05fa1d6869526a583ff3d9712b8a4adcb522c5a8d5
+  data.tar.gz: 37cba7e8de2b0c2aa07763ca4da38989692e3cd467a314440f22706380e9e2fe
 SHA512:
-  metadata.gz: 8428739e888033efa811819ee8561fa3f2ae342074f6e27bbf257c18bf7029ab87380a82c75c6c08de2a0d4de49482eac74a32bc7aaf0579baf45978fe63811c
-  data.tar.gz: d626ea202fe8e371e6c77364a9e3c1ef34fdccff0ce7794c54b3fc748b0e1a764e92b99b6b7f06aaa8e2f2f67b155b127c0b1314d4ec7420637013136170141c
+  metadata.gz: 8c027c266b03b2be2a68d19e847e31ce04d608e1befbf9785b38ffd94326962db2b01bf72b715311f9a690022fe62232c92a355094d451383330413096c57be5
+  data.tar.gz: bc2d33f6d773cc7884c5b655ef93630a6e1f1ec56fe9ce6f75aa8127120005496eecc976aa8f1689cc4ade3e784070b5ce5de1308eda674e8487e9eac5a5599e

data/CHANGELOG.md

@@ -1,3 +1,57 @@
+## 0.18.0 (2021-11-05)
+
+* Disable Turbo on the generated login form (@janko)
+
+* Generate controller views with `form_with` helper on Rails 5.1+ (@janko)
+
+* Fix missing layout error when rendering Rodauth's built-in templates when using Turbo on Rails 6.0+ (@janko)
+
+* Fix `Rodauth::Rails.middleware` config not actually affecting middleware insertion (@janko)
+
+* Set page titles in generated view templates (@janko)
+
+* Merge field and button partials into view templates (@janko)
+
+* Raise error for unknown configuration in `Rodauth::Rails.model` (@janko)
+
+* Generate views for all enabled features by default in `rodauth:views` generator (@janko)
+
+* Add `Rodauth::Rails::App.rodauth!` which raises an error for unknown configuration (@janko)
+
+* Remove deprecated `--features` option from `rodauth:views` generator (@janko)
+
+* Inline `_recovery_codes_form.html.erb` partial into `recovery_codes.html.erb` (@janko)
+
+* Use Rodauth helper methods for texts in generated views, for easier i18n (@janko)
+
+* Allow setting passing a `Sequel::Model` to `:account` in `Rodauth::Rails.rodauth` (@janko)
+
+## 0.17.1 (2021-10-20)
+
+* Skip checking CSRF when request forgery protection wasn't loaded on the controller (@janko)
+
+* Create partial unique index for `accounts.email` column when using `sqlite3` adapter (@janko)
+
+* Revert setting `delete_account_on_close?` to `true` in generated `rodauth_app.rb` (@janko)
+
+* Disable Turbo in `_recovery_codes_form.html.erb`, since viewing recovery codes isn't Turbo-compatible (@janko)
+
+* Generate JSON configuration on `rodauth:install` for API-only with sessions enabled (@janko)
+
+* Generate JWT configuration on `rodauth:install` only for API-only apps without sessions enabled (@janko)
+
+* Don't generate JWT configuration when `rodauth:install --json` was run in API-only app (@janko)
+
+* Use `config.action_mailer.default_url_options` in path_class_methods feature (@janko)
+
+## 0.17.0 (2021-10-05)
+
+* Set `delete_account_on_close?` to `true` in generated `rodauth_app.rb` (@janko)
+
+* Change default `:dependent` option for associations to `:delete`/`:delete_all` (@janko)
+
+* Add `rails_account_model` configuration method for when the account model cannot be inferred (@janko)
+
 ## 0.16.0 (2021-09-26)
 
 * Add `#current_account` to methods defined on `ActionController::Base` (@janko)

data/README.md

@@ -49,7 +49,7 @@ For instructions on upgrading from previous rodauth-rails versions, see
 Add the gem to your Gemfile:
 
 ```rb
-gem "rodauth-rails", "~> 0.16"
+gem "rodauth-rails", "~> 0.18"
 
 # gem "jwt",      require: false # for JWT feature
 # gem "rotp",     require: false # for OTP feature
@@ -150,6 +150,9 @@ current_account #=> #<Account id=123 email="user@example.com">
 current_account.email #=> "user@example.com"
 ```
 
+If the account doesn't exist in the database, the session will be cleared and
+login required.
+
 Pass the configuration name to retrieve accounts belonging to other Rodauth
 configurations:
 
@@ -157,8 +160,19 @@ configurations:
 current_account(:admin)
 ```
 
-If the account doesn't exist in the database, the session will be cleared and
-login required.
+The `#current_account` method will try to infer the account model class from
+the configured table name. If that fails, you can set the account model
+manually:
+
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    # ...
+    rails_account_model Authentication::Account # custom model name
+  end
+end
+```
 
 ### Requiring authentication
 
@@ -268,12 +282,12 @@ copy Rodauth templates into your Rails app:
 $ rails generate rodauth:views
 ```
 
-This will generate views for the default set of Rodauth features into the
-`app/views/rodauth` directory, provided that `RodauthController` is set for the
-main configuration.
+This will generate views for Rodauth features you have currently enabled into
+the `app/views/rodauth` directory, provided that `RodauthController` is set for
+the main configuration.
 
 You can pass a list of Rodauth features to the generator to create views for
-these features (this will not remove or overwrite any existing views):
+these features (this will not remove any existing views):
 
 ```sh
 $ rails generate rodauth:views login create_account lockout otp
@@ -288,7 +302,7 @@ $ rails generate rodauth:views --all
 Use `--name` to generate views for a different Rodauth configuration:
 
 ```sh
-$ rails generate rodauth:views --name admin
+$ rails generate rodauth:views webauthn --name admin
 ```
 
 #### Layout
@@ -777,11 +791,52 @@ end
 
 ### Outside of a request
 
-In some cases you might need to use Rodauth more programmatically. If you would
-like to perform Rodauth operations outside of request context, Rodauth ships
-with the [internal_request] feature just for that. The rodauth-rails gem
-additionally updates the internal rack env hash with your
-`config.action_mailer.default_url_options`, which is used for generating URLs.
+In some cases you might need to use Rodauth more programmatically. If you want
+to perform authentication operations outside of request context, Rodauth ships
+with the [internal_request] feature just for that.
+
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    enable :internal_request
+  end
+end
+```
+```rb
+# main configuration
+RodauthApp.rodauth.create_account(login: "user@example.com", password: "secret")
+RodauthApp.rodauth.verify_account(account_login: "user@example.com")
+
+# secondary configuration
+RodauthApp.rodauth(:admin).close_account(account_login: "admin@example.com")
+```
+
+The rodauth-rails gem additionally updates the internal rack env hash with your
+`config.action_mailer.default_url_options`, which is used for generating email
+links.
+
+For generating authentication URLs outside of a request use the
+[path_class_methods] plugin:
+
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    enable :path_class_methods
+  end
+end
+```
+```rb
+# main configuration
+RodauthApp.rodauth.create_account_path
+RodauthApp.rodauth.verify_account_url(key: "abc123")
+
+# secondary configuration
+RodauthApp.rodauth(:admin).close_account_path
+```
+
+#### Calling instance methods
 
 If you need to access Rodauth methods not exposed as internal requests, you can
 use `Rodauth::Rails.rodauth` to retrieve the Rodauth instance used by the
@@ -810,19 +865,12 @@ In addition to the `:account` option, the `Rodauth::Rails.rodauth`
 method accepts any options supported by the internal_request feature.
 
 ```rb
-Rodauth::Rails.rodauth(
-  env: { "HTTP_USER_AGENT" => "programmatic" },
-  session: { two_factor_auth_setup: true },
-  params: { "param" => "value" },
-  # ...
-)
-```
+# main configuration
+Rodauth::Rails.rodauth(env: { "HTTP_USER_AGENT" => "programmatic" })
+Rodauth::Rails.rodauth(session: { two_factor_auth_setup: true })
 
-Secondary Rodauth configurations are specified by passing the configuration
-name:
-
-```rb
-Rodauth::Rails.rodauth(:admin)
+# secondary configuration
+Rodauth::Rails.rodauth(:admin, params: { "param" => "value" })
 ```
 
 ## How it works
@@ -986,7 +1034,24 @@ end
 While Rodauth doesn't yet come with [OmniAuth] integration, we can build one
 ourselves using the existing Rodauth API.
 
-In order to allow the user to login via multiple external providers, let's
+Let's assume we're building Facebook login. We'll start by installing the
+necessary gems, and loading the Facebook OmniAuth strategy:
+
+```rb
+# Gemfile
+gem "omniauth", "~> 2.0"
+gem "omniauth-rails_csrf_protection" # https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
+gem "omniauth-facebook"
+```
+```rb
+# config/initializers/omniauth.rb
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :facebook, ENV["FACEBOOK_APP_ID"], ENV["FACEBOOK_APP_SECRET"],
+    scope: "email", callback_path: "/auth/facebook/callback"
+end
+```
+
+Since users might potentially want to login with multiple external providers, let's
 create an `account_identities` table that will have a many-to-one relationship
 with the `accounts` table:
 
@@ -1023,18 +1088,11 @@ class Account < ApplicationRecord
 end
 ```
 
-Let's assume we want to implement Facebook login, and have added the
-corresponding OmniAuth strategy to the middleware stack, together with an
-authorization link on the login form:
+Next, let's add a POST button pointing to the request URL to our login form:
 
-```rb
-Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :facebook, ENV["FACEBOOK_APP_ID"], ENV["FACEBOOK_APP_SECRET"],
-    scope: "email", callback_path: "/auth/facebook/callback"
-end
-```
 ```erb
-<%= link_to "Login via Facebook", "/auth/facebook" %>
+<%= button_to "Login via Facebook", "/auth/facebook",
+  method: :post, data: { turbo: false }, class: "btn btn-link p-0" %>
 ```
 
 Finally, let's implement the OmniAuth callback endpoint on our Rodauth
@@ -1107,6 +1165,7 @@ methods:
 | `rails_check_csrf!`         | Verifies the authenticity token for the current request.           |
 | `rails_controller_instance` | Instance of the controller with the request env context.           |
 | `rails_controller`          | Controller class to use for rendering and CSRF protection.         |
+| `rails_account_model`       | Model class connected with the accounts table.                     |
 
 The `Rodauth::Rails` module has a few config settings available as well:
 
@@ -1423,3 +1482,5 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [account_expiration]: http://rodauth.jeremyevans.net/rdoc/files/doc/account_expiration_rdoc.html
 [simple_ldap_authenticator]: https://github.com/jeremyevans/simple_ldap_authenticator
 [internal_request]: http://rodauth.jeremyevans.net/rdoc/files/doc/internal_request_rdoc.html
+[composite_primary_keys]: https://github.com/composite-primary-keys/composite_primary_keys
+[path_class_methods]: https://rodauth.jeremyevans.net/rdoc/files/doc/path_class_methods_rdoc.html

data/lib/generators/rodauth/install_generator.rb

@@ -60,7 +60,7 @@ module Rodauth
           template "app/mailers/rodauth_mailer.rb"
 
           MAILER_VIEWS.each do |view|
-            template "app/views/rodauth_mailer/#{view}.text.erb"
+            copy_file "app/views/rodauth_mailer/#{view}.text.erb"
           end
         end
 
@@ -95,11 +95,11 @@ module Rodauth
         end
 
         def json?
-          options[:json]
+          options[:json] || api_only? && session_store? && !options[:jwt]
         end
 
         def jwt?
-          options[:jwt] || Rodauth::Rails.api_only?
+          options[:jwt] || api_only? && !session_store? && !options[:json]
         end
 
         def migration_features
@@ -107,6 +107,14 @@ module Rodauth
           features << :remember unless jwt?
           features
         end
+
+        def session_store?
+          !!::Rails.application.config.session_store
+        end
+
+        def api_only?
+          Rodauth::Rails.api_only?
+        end
       end
     end
   end

data/lib/generators/rodauth/migration/base.erb

@@ -5,11 +5,17 @@ enable_extension "citext"
 create_table :accounts<%= primary_key_type %> do |t|
 <% case activerecord_adapter -%>
 <% when "postgresql" -%>
-  t.citext :email, null: false, index: { unique: true, where: "status IN ('unverified', 'verified')" }
+  t.citext :email, null: false
 <% else -%>
-  t.string :email, null: false, index: { unique: true }
+  t.string :email, null: false
 <% end -%>
   t.string :status, null: false, default: "unverified"
+<% case activerecord_adapter -%>
+<% when "postgresql", "sqlite3" -%>
+  t.index :email, unique: true, where: "status IN ('unverified', 'verified')"
+<% else -%>
+  t.index :email, unique: true
+<% end -%>
 end
 
 # Used if storing password hashes in a separate table (default)

data/lib/generators/rodauth/templates/app/views/rodauth/_email_auth_request_form.html.erb

@@ -1,4 +1,7 @@
-<%%= form_tag <%= rodauth %>.email_auth_request_path, method: :post do %>
-  <%%= render "login_hidden_field" %>
-  <%%= render "submit", value: "Send Login Link Via Email" %>
-<%% end %>
+<%= form_with url: rodauth.email_auth_request_path, method: :post do |form| %>
+  <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.email_auth_request_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_form.html.erb

@@ -1,9 +1,26 @@
-<%%= form_tag <%= rodauth %>.login_path, method: :post do %>
-  <%% if <%= rodauth %>.skip_login_field_on_login? %>
-    <%%= render "login_display" %>
-  <%% else %>
-    <%%= render "login_field" %>
-  <%% end %>
-  <%%= render "password_field" unless <%= rodauth %>.skip_password_field_on_login? %>
-  <%%= render "submit", value: "Login" %>
-<%% end %>
+<%= form_with url: rodauth.login_path, method: :post, data: { turbo: false } do |form| %>
+  <% if rodauth.skip_login_field_on_login? %>
+    <div class="form-group mb-3">
+      <%= form.label "login", rodauth.login_label, class: "form-label" %>
+      <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", readonly: true, class: "form-control-plaintext" %>
+    </div>
+  <% else %>
+    <div class="form-group mb-3">
+      <%= form.label "login", rodauth.login_label, class: "form-label" %>
+      <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: "email", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_param)}", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.login_param), class: "invalid-feedback", id: "login_error_message") if rodauth.field_error(rodauth.login_param) %>
+    </div>
+  <% end %>
+
+  <% unless rodauth.skip_password_field_on_login? %>
+    <div class="form-group mb-3">
+      <%= form.label "password", rodauth.password_label, class: "form-label" %>
+      <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "invalid-feedback", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+    </div>
+  <% end %>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.login_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_form_footer.html.erb

@@ -1,8 +1,9 @@
-<%% unless <%= rodauth %>.login_form_footer_links.empty? %>
-  <h2>Other Options</h2>
+<% unless rodauth.login_form_footer_links.empty? %>
+  <%== rodauth.login_form_footer_links_heading %>
+
   <ul>
-    <%% <%= rodauth %>.login_form_footer_links.sort.each do |_, link, text| %>
-      <li><%%= link_to text, link %></li>
-    <%% end %>
+    <% rodauth.login_form_footer_links.sort.each do |_, link, text| %>
+      <li><%= link_to text, link %></li>
+    <% end %>
   </ul>
-<%% end %>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_form_header.html.erb

@@ -1,3 +1,3 @@
-<%% if <%= rodauth %>.field_error("password") && <%= rodauth %>.features.include?(:reset_password) %>
-  <%%= render template: "<%= directory %>/reset_password_request", layout: false %>
-<%% end %>
+<% if rodauth.field_error(rodauth.password_param) && rodauth.features.include?(:reset_password) %>
+  <%= render template: "rodauth/reset_password_request", layout: false %>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/add_recovery_codes.html.erb

@@ -1,6 +1,8 @@
-<pre id="recovery-codes"><%%= <%= rodauth %>.recovery_codes.map { |s| h(s) }.join("\n\n") %></pre>
+<% content_for :title, rodauth.add_recovery_codes_page_title %>
 
-<%% if <%= rodauth %>.can_add_recovery_codes? %>
-  <h2>Add Additional Recovery Codes</h2>
-  <%%= render "recovery_codes_form" %>
-<%% end %>
+<pre id="recovery-codes"><%= rodauth.recovery_codes.map { |s| h(s) }.join("\n\n") %></pre>
+
+<% if rodauth.can_add_recovery_codes? %>
+  <%== rodauth.add_recovery_codes_heading %>
+  <%= render template: "rodauth/recovery_codes", layout: false %>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/change_login.html.erb

@@ -1,6 +1,29 @@
-<%%= form_tag <%= rodauth %>.change_login_path, method: :post do %>
-  <%%= render "login_field" %>
-  <%%= render "login_confirm_field" if <%= rodauth %>.require_login_confirmation? %>
-  <%%= render "password_field" if <%= rodauth %>.change_login_requires_password? %>
-  <%%= render "submit", value: "Change Login" %>
-<%% end %>
+<% content_for :title, rodauth.change_login_page_title %>
+
+<%= form_with url: rodauth.change_login_path, method: :post do |form| %>
+  <div class="form-group mb-3">
+    <%= form.label "login", rodauth.login_label, class: "form-label" %>
+    <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: "email", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_param)}", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>
+    <%= content_tag(:span, rodauth.field_error(rodauth.login_param), class: "invalid-feedback", id: "login_error_message") if rodauth.field_error(rodauth.login_param) %>
+  </div>
+
+  <% if rodauth.require_login_confirmation? %>
+    <div class="form-group mb-3">
+      <%= form.label "login-confirm", rodauth.login_confirm_label, class: "form-label" %>
+      <%= form.email_field rodauth.login_confirm_param, value: params[rodauth.login_confirm_param], id: "login-confirm", autocomplete: "email", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_confirm_param)}", aria: ({ invalid: true, describedby: "login-confirm_error_message" } if rodauth.field_error(rodauth.login_confirm_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.login_confirm_param), class: "invalid-feedback", id: "login-confirm_error_message") if rodauth.field_error(rodauth.login_confirm_param) %>
+    </div>
+  <% end %>
+
+  <% if rodauth.change_login_requires_password? %>
+    <div class="form-group mb-3">
+      <%= form.label "password", rodauth.password_label, class: "form-label" %>
+      <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "invalid-feedback", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+    </div>
+  <% end %>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.change_login_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/change_password.html.erb

@@ -1,6 +1,29 @@
-<%%= form_tag <%= rodauth %>.change_password_path, method: :post do %>
-  <%%= render "password_field" if <%= rodauth %>.change_password_requires_password? %>
-  <%%= render "new_password_field" %>
-  <%%= render "password_confirm_field" if <%= rodauth %>.require_password_confirmation? %>
-  <%%= render "submit", value: "Change Password" %>
-<%% end %>
+<% content_for :title, rodauth.change_password_page_title %>
+
+<%= form_with url: rodauth.change_password_path, method: :post do |form| %>
+  <% if rodauth.change_password_requires_password? %>
+    <div class="form-group mb-3">
+      <%= form.label "password", rodauth.password_label, class: "form-label" %>
+      <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "invalid-feedback", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+    </div>
+  <% end %>
+
+  <div class="form-group mb-3">
+    <%= form.label "new-password", rodauth.new_password_label, class: "form-label" %>
+    <%= form.password_field rodauth.new_password_param, value: "", id: "new-password", autocomplete: "new-password", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.new_password_param)}", aria: ({ invalid: true, describedby: "new-password_error_message" } if rodauth.field_error(rodauth.new_password_param)) %>
+    <%= content_tag(:span, rodauth.field_error(rodauth.new_password_param), class: "invalid-feedback", id: "new-password_error_message") if rodauth.field_error(rodauth.new_password_param) %>
+  </div>
+
+  <% if rodauth.require_password_confirmation? %>
+    <div class="form-group mb-3">
+      <%= form.label "password-confirm", rodauth.password_confirm_label, class: "form-label" %>
+      <%= form.password_field rodauth.password_confirm_param, value: "", id: "password-confirm", autocomplete: "new-password", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_confirm_param)}", aria: ({ invalid: true, describedby: "password-confirm_error_message" } if rodauth.field_error(rodauth.password_confirm_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_confirm_param), class: "invalid-feedback", id: "password-confirm_error_message") if rodauth.field_error(rodauth.password_confirm_param) %>
+    </div>
+  <% end %>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.change_password_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/close_account.html.erb

@@ -1,4 +1,15 @@
-<%%= form_tag <%= rodauth %>.close_account_path, method: :post do %>
-  <%%= render "password_field" if <%= rodauth %>.close_account_requires_password? %>
-  <%%= render "submit", value: "Close Account", class: "btn btn-danger" %>
-<%% end %>
+<% content_for :title, rodauth.close_account_page_title %>
+
+<%= form_with url: rodauth.close_account_path, method: :post do |form| %>
+  <% if rodauth.close_account_requires_password? %>
+    <div class="form-group mb-3">
+      <%= form.label "password", rodauth.password_label, class: "form-label" %>
+      <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "invalid-feedback", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+    </div>
+  <% end %>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.close_account_button, class: "btn btn-danger" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/confirm_password.html.erb

@@ -1,4 +1,13 @@
-<%%= form_tag <%= rodauth %>.confirm_password_path, method: :post do %>
-  <%%= render "password_field" %>
-  <%%= render "submit", value: "Confirm Password" %>
-<%% end %>
+<% content_for :title, rodauth.confirm_password_page_title %>
+
+<%= form_with url: rodauth.confirm_password_path, method: :post do |form| %>
+  <div class="form-group mb-3">
+    <%= form.label "password", rodauth.password_label, class: "form-label" %>
+    <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+    <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "invalid-feedback", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+  </div>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.confirm_password_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/create_account.html.erb

@@ -1,7 +1,37 @@
-<%%= form_tag <%= rodauth %>.create_account_path, method: :post do %>
-  <%%= render "login_field" %>
-  <%%= render "login_confirm_field" if <%= rodauth %>.require_login_confirmation? %>
-  <%%= render "password_field" if <%= rodauth %>.create_account_set_password? %>
-  <%%= render "password_confirm_field" if <%= rodauth %>.create_account_set_password? && <%= rodauth %>.require_password_confirmation? %>
-  <%%= render "submit", value: "Create Account" %>
-<%% end %>
+<% content_for :title, rodauth.create_account_page_title %>
+
+<%= form_with url: rodauth.create_account_path, method: :post do |form| %>
+  <div class="form-group mb-3">
+    <%= form.label "login", rodauth.login_label, class: "form-label" %>
+    <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: "email", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_param)}", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>
+    <%= content_tag(:span, rodauth.field_error(rodauth.login_param), class: "invalid-feedback", id: "login_error_message") if rodauth.field_error(rodauth.login_param) %>
+  </div>
+
+  <% if rodauth.require_login_confirmation? %>
+    <div class="form-group mb-3">
+      <%= form.label "login-confirm", rodauth.login_confirm_label, class: "form-label" %>
+      <%= form.email_field rodauth.login_confirm_param, value: params[rodauth.login_confirm_param], id: "login-confirm", autocomplete: "email", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_confirm_param)}", aria: ({ invalid: true, describedby: "login-confirm_error_message" } if rodauth.field_error(rodauth.login_confirm_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.login_confirm_param), class: "invalid-feedback", id: "login-confirm_error_message") if rodauth.field_error(rodauth.login_confirm_param) %>
+    </div>
+  <% end %>
+
+  <% if rodauth.create_account_set_password? %>
+    <div class="form-group mb-3">
+      <%= form.label "password", rodauth.password_label, class: "form-label" %>
+      <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "invalid-feedback", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+    </div>
+
+    <% if rodauth.require_password_confirmation? %>
+      <div class="form-group mb-3">
+        <%= form.label "password-confirm", rodauth.password_confirm_label, class: "form-label" %>
+        <%= form.password_field rodauth.password_confirm_param, value: "", id: "password-confirm", autocomplete: "new-password", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_confirm_param)}", aria: ({ invalid: true, describedby: "password-confirm_error_message" } if rodauth.field_error(rodauth.password_confirm_param)) %>
+        <%= content_tag(:span, rodauth.field_error(rodauth.password_confirm_param), class: "invalid-feedback", id: "password-confirm_error_message") if rodauth.field_error(rodauth.password_confirm_param) %>
+      </div>
+    <% end %>
+  <% end %>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.create_account_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/email_auth.html.erb

@@ -1,3 +1,7 @@
-<%%= form_tag <%= rodauth %>.email_auth_path, method: :post do %>
-  <%%= render "submit", value: "Login" %>
-<%% end %>
+<% content_for :title, rodauth.email_auth_page_title %>
+
+<%= form_with url: rodauth.email_auth_path, method: :post do |form| %>
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.login_button, class: "btn btn-primary" %>
+  </div>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/login.html.erb

@@ -1,3 +1,5 @@
-<%%= render "login_form_header" %>
-<%%= render "login_form" %>
-<%%= render "login_form_footer" %>
+<% content_for :title, rodauth.login_page_title %>
+
+<%= render "login_form_header" %>
+<%= render "login_form" %>
+<%= render "login_form_footer" %>

data/lib/generators/rodauth/templates/app/views/rodauth/logout.html.erb

@@ -1,4 +1,16 @@
-<%%= form_tag <%= rodauth %>.logout_path, method: :post do %>
-  <%%= render "global_logout_field" if <%= rodauth %>.features.include?(:active_sessions) %>
-  <%%= render "submit", value: "Logout", class: "btn btn-warning" %>
-<%% end %>
+<% content_for :title, rodauth.logout_page_title %>
+
+<%= form_with url: rodauth.logout_path, method: :post do |form| %>
+  <% if rodauth.features.include?(:active_sessions) %>
+    <div class="form-group mb-3">
+      <div class="form-check">
+        <%= form.check_box rodauth.global_logout_param, id: "global-logout", class: "form-check-input" %>
+        <%= form.label "global-logout", rodauth.global_logout_label, class: "form-check-label" %>
+      </div>
+    </div>
+  <% end %>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.logout_button, class: "btn btn-warning" %>
+  </div>
+<% end %>