rodauth-rails 0.18.0 → 1.2.0

data/lib/generators/rodauth/install_generator.rb

@@ -10,6 +10,20 @@ module Rodauth
         include ::ActiveRecord::Generators::Migration
         include MigrationHelpers
 
+        if RUBY_ENGINE == "jruby"
+          SEQUEL_ADAPTERS = {
+            "sqlite3"         => "sqlite",
+            "oracle_enhanced" => "oracle", # https://github.com/rsim/oracle-enhanced
+            "sqlserver"       => "mssql",
+          }
+        else
+          SEQUEL_ADAPTERS = {
+            "sqlite3"         => "sqlite",
+            "oracle_enhanced" => "oracle", # https://github.com/rsim/oracle-enhanced
+            "sqlserver"       => "tinytds", # https://github.com/rails-sqlserver/activerecord-sqlserver-adapter
+          }
+        end
+
         MAILER_VIEWS = %w[
           email_auth
           password_changed
@@ -26,7 +40,7 @@ module Rodauth
         class_option :jwt, type: :boolean, desc: "Configure JWT support"
 
         def create_rodauth_migration
-          return unless defined?(ActiveRecord::Base)
+          return unless defined?(ActiveRecord::Railtie)
 
           migration_template "db/migrate/create_rodauth.rb"
         end
@@ -36,14 +50,15 @@ module Rodauth
         end
 
         def create_sequel_initializer
-          return unless defined?(ActiveRecord::Base)
+          return unless defined?(ActiveRecord::Railtie)
           return if defined?(Sequel) && !Sequel::DATABASES.empty?
 
           template "config/initializers/sequel.rb"
         end
 
         def create_rodauth_app
-          template "app/lib/rodauth_app.rb"
+          template "app/misc/rodauth_app.rb"
+          template "app/misc/rodauth_main.rb"
         end
 
         def create_rodauth_controller
@@ -51,7 +66,7 @@ module Rodauth
         end
 
         def create_account_model
-          return unless defined?(ActiveRecord::Base)
+          return unless defined?(ActiveRecord::Railtie)
 
           template "app/models/account.rb"
         end
@@ -64,34 +79,16 @@ module Rodauth
           end
         end
 
-        private
-
-        def sequel_uri_scheme
-          if RUBY_ENGINE == "jruby"
-            "jdbc:#{sequel_jdbc_subadapter}"
-          else
-            sequel_adapter
-          end
+        def show_instructions
+          readme "INSTRUCTIONS" if behavior == :invoke
         end
 
-        def sequel_adapter
-          case activerecord_adapter
-          when "sqlite3"         then "sqlite"
-          when "oracle_enhanced" then "oracle" # https://github.com/rsim/oracle-enhanced
-          when "sqlserver"       then "tinytds" # https://github.com/rails-sqlserver/activerecord-sqlserver-adapter
-          else
-            activerecord_adapter
-          end
-        end
+        private
 
-        def sequel_jdbc_subadapter
-          case activerecord_adapter
-          when "sqlite3"         then "sqlite"
-          when "oracle_enhanced" then "oracle" # https://github.com/rsim/oracle-enhanced
-          when "sqlserver"       then "mssql"
-          else
-            activerecord_adapter
-          end
+        def migration_features
+          features = [:base, :reset_password, :verify_account, :verify_login_change]
+          features << :remember unless jwt?
+          features
         end
 
         def json?
@@ -102,12 +99,6 @@ module Rodauth
           options[:jwt] || api_only? && !session_store? && !options[:json]
         end
 
-        def migration_features
-          features = [:base, :reset_password, :verify_account, :verify_login_change]
-          features << :remember unless jwt?
-          features
-        end
-
         def session_store?
           !!::Rails.application.config.session_store
         end
@@ -115,6 +106,12 @@ module Rodauth
         def api_only?
           Rodauth::Rails.api_only?
         end
+
+        def sequel_uri_scheme
+          scheme = SEQUEL_ADAPTERS[activerecord_adapter] || activerecord_adapter
+          scheme = "jdbc:#{scheme}" if RUBY_ENGINE == "jruby"
+          scheme
+        end
       end
     end
   end

data/lib/generators/rodauth/migration/active_sessions.erb

@@ -2,6 +2,6 @@
 create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
   t.references :account, foreign_key: true<%= primary_key_type(:type) %>
   t.string :session_id
-  t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :created_at, null: false, default: <%= current_timestamp %>
+  t.datetime :last_use, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/audit_logging.erb

@@ -1,7 +1,7 @@
 # Used by the audit logging feature
 create_table :account_authentication_audit_logs<%= primary_key_type %> do |t|
   t.references :account, foreign_key: true, null: false<%= primary_key_type(:type) %>
-  t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :at, null: false, default: <%= current_timestamp %>
   t.text :message, null: false
 <% case activerecord_adapter -%>
 <% when "postgresql" -%>

data/lib/generators/rodauth/migration/base.erb

@@ -9,10 +9,10 @@ create_table :accounts<%= primary_key_type %> do |t|
 <% else -%>
   t.string :email, null: false
 <% end -%>
-  t.string :status, null: false, default: "unverified"
+  t.string :status, null: false, default: 1
 <% case activerecord_adapter -%>
 <% when "postgresql", "sqlite3" -%>
-  t.index :email, unique: true, where: "status IN ('unverified', 'verified')"
+  t.index :email, unique: true, where: "status IN (1, 2)"
 <% else -%>
   t.index :email, unique: true
 <% end -%>

data/lib/generators/rodauth/migration/email_auth.erb

@@ -3,5 +3,5 @@ create_table :account_email_auth_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
   t.datetime :deadline, null: false
-  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :email_last_sent, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/otp.erb

@@ -3,5 +3,5 @@ create_table :account_otp_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
   t.integer :num_failures, null: false, default: 0
-  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :last_use, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/password_expiration.erb

@@ -1,5 +1,5 @@
 # Used by the password expiration feature
 create_table :account_password_change_times<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
-  t.datetime :changed_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :changed_at, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/reset_password.erb

@@ -3,5 +3,5 @@ create_table :account_password_reset_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
   t.datetime :deadline, null: false
-  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :email_last_sent, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/sms_codes.erb

@@ -4,5 +4,5 @@ create_table :account_sms_codes<%= primary_key_type %> do |t|
   t.string :phone_number, null: false
   t.integer :num_failures
   t.string :code
-  t.datetime :code_issued_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :code_issued_at, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/verify_account.erb

@@ -2,6 +2,6 @@
 create_table :account_verification_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
-  t.datetime :requested_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :requested_at, null: false, default: <%= current_timestamp %>
+  t.datetime :email_last_sent, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/webauthn.erb

@@ -8,5 +8,5 @@ create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do
   t.string :webauthn_id
   t.string :public_key, null: false
   t.integer :sign_count, null: false
-  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :last_use, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration_generator.rb

@@ -16,16 +16,23 @@ module Rodauth
           desc: "Rodauth features to create tables for (otp, sms_codes, single_session, account_expiration etc.)",
           default: %w[]
 
+        class_option :name, optional: true, type: :string,
+          desc: "Name of the generated migration file"
+
         def create_rodauth_migration
-          return unless defined?(ActiveRecord::Base)
+          return unless defined?(ActiveRecord::Railtie)
           return if features.empty?
 
-          migration_template "db/migrate/create_rodauth.rb", "create_rodauth_#{features.join("_")}.rb"
+          migration_template "db/migrate/create_rodauth.rb", "#{migration_name}.rb"
         end
 
         def migration_features
           features
         end
+
+        def migration_name
+          options[:name] || "create_rodauth_#{features.join("_")}"
+        end
       end
     end
   end

data/lib/generators/rodauth/migration_helpers.rb

@@ -63,6 +63,14 @@ module Rodauth
             ERB.new(content, 0, "-").result(binding)
           end
         end
+
+        def current_timestamp
+          if ActiveRecord.version >= Gem::Version.new("5.0")
+            %(-> { "CURRENT_TIMESTAMP" })
+          else
+            %(OpenStruct.new(quoted_id: "CURRENT_TIMESTAMP"))
+          end
+        end
       end
     end
   end

data/lib/generators/rodauth/templates/INSTRUCTIONS

@@ -0,0 +1,40 @@
+===============================================================================
+
+Depending on your application's configuration some manual setup may be required:
+
+  1. Ensure you have defined default url options in your environments files. Here
+     is an example of default_url_options appropriate for a development environment
+     in config/environments/development.rb:
+
+       config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
+
+     In production, :host should be set to the actual host of your application.
+
+     * Required for all applications. *
+
+  2. Ensure you have defined root_url to *something* in your config/routes.rb.
+     For example:
+
+       root to: "home#index"
+
+     * Not required for API-only Applications *
+
+  3. Ensure you have flash messages in app/views/layouts/application.html.erb.
+     For example:
+
+       <% if notice %>
+         <div class="alert alert-success"><%= notice %></div>
+       <% end %>
+       <% if alert %>
+         <div class="alert alert-danger"><%= alert %></div>
+       <% end %>
+
+     * Not required for API-only Applications *
+
+  4. You can copy Rodauth views (for customization) to your app by running:
+
+       rails g rodauth:views
+
+     * Not required *
+
+===============================================================================

data/lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb

@@ -1,37 +1,54 @@
 class RodauthMailer < ApplicationMailer
-  def verify_account(recipient, email_link)
-    @email_link = email_link
+  def verify_account(account_id, key)
+    @email_link = rodauth.verify_account_url(key: email_token(account_id, key))
+    @account = Account.find(account_id)
 
-    mail to: recipient
+    mail to: @account.email, subject: rodauth.verify_account_email_subject
   end
 
-  def reset_password(recipient, email_link)
-    @email_link = email_link
+  def reset_password(account_id, key)
+    @email_link = rodauth.reset_password_url(key: email_token(account_id, key))
+    @account = Account.find(account_id)
 
-    mail to: recipient
+    mail to: @account.email, subject: rodauth.reset_password_email_subject
   end
 
-  def verify_login_change(recipient, old_login, new_login, email_link)
+  def verify_login_change(account_id, old_login, new_login, key)
     @old_login  = old_login
     @new_login  = new_login
-    @email_link = email_link
+    @email_link = rodauth.verify_login_change_url(key: email_token(account_id, key))
+    @account = Account.find(account_id)
 
-    mail to: recipient
+    mail to: new_login, subject: rodauth.verify_login_change_email_subject
   end
 
-  def password_changed(recipient)
-    mail to: recipient
+  def password_changed(account_id)
+    @account = Account.find(account_id)
+
+    mail to: @account.email, subject: rodauth.password_changed_email_subject
   end
 
-  # def email_auth(recipient, email_link)
-  #   @email_link = email_link
-  #
-  #   mail to: recipient
+  # def email_auth(account_id, key)
+  #   @email_link = rodauth.email_auth_url(key: email_token(account_id, key))
+  #   @account = Account.find(account_id)
+
+  #   mail to: @account.email, subject: rodauth.email_auth_email_subject
   # end
 
-  # def unlock_account(recipient, email_link)
-  #   @email_link = email_link
-  #
-  #   mail to: recipient
+  # def unlock_account(account_id, key)
+  #   @email_link = rodauth.unlock_account_url(key: email_token(account_id, key))
+  #   @account = Account.find(account_id)
+
+  #   mail to: @account.email, subject: rodauth.unlock_account_email_subject
   # end
+
+  private
+
+  def email_token(account_id, key)
+    "#{account_id}_#{rodauth.compute_hmac(key)}"
+  end
+
+  def rodauth(name = nil)
+    RodauthApp.rodauth(name).allocate
+  end
 end

data/lib/generators/rodauth/templates/app/misc/rodauth_app.rb

@@ -0,0 +1,27 @@
+class RodauthApp < Rodauth::Rails::App
+  # primary configuration
+  configure RodauthMain
+
+  # secondary configuration
+  # configure RodauthAdmin, :admin
+
+  route do |r|
+<% unless jwt? -%>
+    rodauth.load_memory # autologin remembered users
+
+<% end -%>
+    r.rodauth # route rodauth requests
+
+    # ==> Authenticating requests
+    # Call `rodauth.require_authentication` for requests that you want to
+    # require authentication for. For example:
+    #
+    # # authenticate /dashboard/* and /account/* requests
+    # if r.path.start_with?("/dashboard") || r.path.start_with?("/account")
+    #   rodauth.require_authentication
+    # end
+
+    # ==> Secondary configurations
+    # r.rodauth(:admin) # route admin rodauth requests
+  end
+end

data/lib/generators/rodauth/templates/app/{lib/rodauth_app.rb → misc/rodauth_main.rb}

@@ -1,11 +1,10 @@
-class RodauthApp < Rodauth::Rails::App
+class RodauthMain < Rodauth::Rails::Auth
   configure do
     # List of authentication features that are loaded.
     enable :create_account, :verify_account, :verify_account_grace_period,
       :login, :logout<%= ", :remember" unless jwt? %><%= ", :json" if json? %><%= ", :jwt" if jwt? %>,
       :reset_password, :change_password, :change_password_notify,
-      :change_login, :verify_login_change,
-      :close_account
+      :change_login, :verify_login_change, :close_account
 
     # See the Rodauth documentation for the list of available config options:
     # http://rodauth.jeremyevans.net/documentation.html
@@ -32,11 +31,8 @@ class RodauthApp < Rodauth::Rails::App
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
 
-    # Store account status in a text column.
+    # Store account status in an integer column without foreign key constraint.
     account_status_column :status
-    account_unverified_status_value "unverified"
-    account_open_status_value "verified"
-    account_closed_status_value "closed"
 
     # Store password hash in a column instead of a separate table.
     # account_password_hash_column :password_digest
@@ -60,22 +56,22 @@ class RodauthApp < Rodauth::Rails::App
     # ==> Emails
     # Use a custom mailer for delivering authentication emails.
     create_reset_password_email do
-      RodauthMailer.reset_password(email_to, reset_password_email_link)
+      RodauthMailer.reset_password(account_id, reset_password_key_value)
     end
     create_verify_account_email do
-      RodauthMailer.verify_account(email_to, verify_account_email_link)
+      RodauthMailer.verify_account(account_id, verify_account_key_value)
     end
-    create_verify_login_change_email do |login|
-      RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
+    create_verify_login_change_email do |_login|
+      RodauthMailer.verify_login_change(account_id, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_key_value)
     end
     create_password_changed_email do
-      RodauthMailer.password_changed(email_to)
+      RodauthMailer.password_changed(account_id)
     end
     # create_email_auth_email do
-    #   RodauthMailer.email_auth(email_to, email_auth_email_link)
+    #   RodauthMailer.email_auth(account_id, email_auth_key_value)
     # end
     # create_unlock_account_email do
-    #   RodauthMailer.unlock_account(email_to, unlock_account_email_link)
+    #   RodauthMailer.unlock_account(account_id, unlock_account_key_value)
     # end
     send_email do |email|
       # queue email delivery on the mailer after the transaction commits
@@ -153,46 +149,4 @@ class RodauthApp < Rodauth::Rails::App
     # remember_deadline_interval Hash[days: 30]
 <% end -%>
   end
-
-  # ==> Secondary configurations
-  # configure(:admin) do
-  #   # ... enable features ...
-  #   prefix "/admin"
-  #   session_key_prefix "admin_"
-  #   # remember_cookie_key "_admin_remember" # if using remember feature
-  #
-  #   # search views in `app/views/admin/rodauth` directory
-  #   rails_controller { Admin::RodauthController }
-  # end
-
-  route do |r|
-<% unless jwt? -%>
-    rodauth.load_memory # autologin remembered users
-
-<% end -%>
-    r.rodauth # route rodauth requests
-
-    # ==> Authenticating Requests
-    # Call `rodauth.require_authentication` for requests that you want to
-    # require authentication for. Some examples:
-    #
-    # next if r.path.start_with?("/docs") # skip authentication for documentation pages
-    # next if session[:admin] # skip authentication for admins
-    #
-    # # authenticate /dashboard/* and /account/* requests
-    # if r.path.start_with?("/dashboard") || r.path.start_with?("/account")
-    #   rodauth.require_authentication
-    # end
-
-    # ==> Secondary configurations
-    # r.on "admin" do
-    #   r.rodauth(:admin)
-    #
-    #   unless rodauth(:admin).logged_in?
-    #     rodauth(:admin).require_http_basic_auth
-    #   end
-    #
-    #   break # allow the Rails app to handle other "/admin/*" requests
-    # end
-  end
 end

data/lib/generators/rodauth/templates/app/models/account.rb

@@ -1,3 +1,4 @@
 class Account < ApplicationRecord
   include Rodauth::Rails.model
+  enum :status, unverified: 1, verified: 2, closed: 3
 end

data/lib/generators/rodauth/templates/app/views/rodauth/_email_auth_request_form.html.erb

@@ -1,4 +1,4 @@
-<%= form_with url: rodauth.email_auth_request_path, method: :post do |form| %>
+<%= form_with url: rodauth.email_auth_request_path, method: :post, data: { turbo: false } do |form| %>
   <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>
 
   <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/change_login.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.change_login_page_title %>
 
-<%= form_with url: rodauth.change_login_path, method: :post do |form| %>
+<%= form_with url: rodauth.change_login_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "login", rodauth.login_label, class: "form-label" %>
     <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: "email", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_param)}", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>

data/lib/generators/rodauth/templates/app/views/rodauth/change_password.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.change_password_page_title %>
 
-<%= form_with url: rodauth.change_password_path, method: :post do |form| %>
+<%= form_with url: rodauth.change_password_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.change_password_requires_password? %>
     <div class="form-group mb-3">
       <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/close_account.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.close_account_page_title %>
 
-<%= form_with url: rodauth.close_account_path, method: :post do |form| %>
+<%= form_with url: rodauth.close_account_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.close_account_requires_password? %>
     <div class="form-group mb-3">
       <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/confirm_password.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.confirm_password_page_title %>
 
-<%= form_with url: rodauth.confirm_password_path, method: :post do |form| %>
+<%= form_with url: rodauth.confirm_password_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "password", rodauth.password_label, class: "form-label" %>
     <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>

data/lib/generators/rodauth/templates/app/views/rodauth/create_account.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.create_account_page_title %>
 
-<%= form_with url: rodauth.create_account_path, method: :post do |form| %>
+<%= form_with url: rodauth.create_account_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "login", rodauth.login_label, class: "form-label" %>
     <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: "email", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_param)}", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>

data/lib/generators/rodauth/templates/app/views/rodauth/email_auth.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.email_auth_page_title %>
 
-<%= form_with url: rodauth.email_auth_path, method: :post do |form| %>
+<%= form_with url: rodauth.email_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.submit rodauth.login_button, class: "btn btn-primary" %>
   </div>

data/lib/generators/rodauth/templates/app/views/rodauth/logout.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.logout_page_title %>
 
-<%= form_with url: rodauth.logout_path, method: :post do |form| %>
+<%= form_with url: rodauth.logout_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.features.include?(:active_sessions) %>
     <div class="form-group mb-3">
       <div class="form-check">

data/lib/generators/rodauth/templates/app/views/rodauth/otp_auth.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.otp_auth_page_title %>
 
-<%= form_with url: rodauth.otp_auth_path, method: :post do |form| %>
+<%= form_with url: rodauth.otp_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "otp-auth-code", rodauth.otp_auth_label, class: "form-label" %>
     <div class="row">

data/lib/generators/rodauth/templates/app/views/rodauth/otp_disable.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.otp_disable_page_title %>
 
-<%= form_with url: rodauth.otp_disable_path, method: :post do |form| %>
+<%= form_with url: rodauth.otp_disable_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">
       <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_setup.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.otp_setup_page_title %>
 
-<%= form_with url: rodauth.otp_setup_path, method: :post do |form| %>
+<%= form_with url: rodauth.otp_setup_path, method: :post, data: { turbo: false } do |form| %>
   <%= form.hidden_field rodauth.otp_setup_param, value: rodauth.otp_user_key, id: "otp-key" %>
   <%= form.hidden_field rodauth.otp_setup_raw_param, value: rodauth.otp_key, id: "otp-hmac-secret" if rodauth.otp_keys_use_hmac? %>
 

data/lib/generators/rodauth/templates/app/views/rodauth/recovery_auth.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.recovery_auth_page_title %>
 
-<%= form_with url: rodauth.recovery_auth_path, method: :post do |form| %>
+<%= form_with url: rodauth.recovery_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "recovery-code", rodauth.recovery_codes_label, class: "form-label" %>
     <%= form.text_field rodauth.recovery_codes_param, value: "", id: "recovery-code", autocomplete: "off", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.recovery_codes_param)}", aria: ({ invalid: true, describedby: "recovery-code_error_message" } if rodauth.field_error(rodauth.recovery_codes_param)) %>

data/lib/generators/rodauth/templates/app/views/rodauth/remember.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.remember_page_title %>
 
-<%= form_with url: rodauth.remember_path, method: :post do |form| %>
+<%= form_with url: rodauth.remember_path, method: :post, data: { turbo: false } do |form| %>
   <fieldset class="form-group mb-3">
     <div class="form-check">
       <%= form.radio_button rodauth.remember_param, rodauth.remember_remember_param_value, id: "remember-remember", class: "form-check-input" %>

data/lib/generators/rodauth/templates/app/views/rodauth/reset_password.html.erb

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.reset_password_page_title %>
 
-<%= form_with url: rodauth.reset_password_path, method: :post do |form| %>
+<%= form_with url: rodauth.reset_password_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "password", rodauth.password_label, class: "form-label" %>
     <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.password_param)}", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>