RubyGems - rodauth-rails - Versions diffs - 0.18.0 → 1.2.0 - Mend

rodauth-rails 0.18.0 → 1.2.0

Files changed (62) hide show

data/lib/generators/rodauth/templates/app/views/rodauth/reset_password_request.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.reset_password_request_page_title %>
-<%= form_with url: rodauth.reset_password_request_path, method: :post do |form| %>
+<%= form_with url: rodauth.reset_password_request_path, method: :post, data: { turbo: false } do |form| %>
   <%== rodauth.reset_password_explanatory_text %>
   <% if params[rodauth.login_param] && !rodauth.field_error(rodauth.login_param) %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_auth.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.sms_auth_page_title %>
-<%= form_with url: rodauth.sms_auth_path, method: :post do |form| %>
+<%= form_with url: rodauth.sms_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "sms-code", rodauth.sms_code_label, class: "form-label" %>
     <div class="row">

data/lib/generators/rodauth/templates/app/views/rodauth/sms_confirm.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.sms_confirm_page_title %>
-<%= form_with url: rodauth.sms_confirm_path, method: :post do |form| %>
+<%= form_with url: rodauth.sms_confirm_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "sms-code", rodauth.sms_code_label, class: "form-label" %>
     <div class="row">

data/lib/generators/rodauth/templates/app/views/rodauth/sms_disable.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.sms_disable_page_title %>
-<%= form_with url: rodauth.sms_disable_path, method: :post do |form| %>
+<%= form_with url: rodauth.sms_disable_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">
       <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_request.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.sms_request_page_title %>
-<%= form_with url: rodauth.sms_request_path, method: :post do |form| %>
+<%= form_with url: rodauth.sms_request_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.submit rodauth.sms_request_button, class: "btn btn-primary" %>
   </div>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_setup.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.sms_setup_page_title %>
-<%= form_with url: rodauth.sms_setup_path, method: :post do |form| %>
+<%= form_with url: rodauth.sms_setup_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">
       <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/two_factor_disable.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.two_factor_disable_page_title %>
-<%= form_with url: rodauth.two_factor_disable_path, method: :post do |form| %>
+<%= form_with url: rodauth.two_factor_disable_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">
       <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/unlock_account.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.unlock_account_page_title %>
-<%= form_with url: rodauth.unlock_account_path, method: :post do |form| %>
+<%= form_with url: rodauth.unlock_account_path, method: :post, data: { turbo: false } do |form| %>
   <%== rodauth.unlock_account_explanatory_text %>
   <% if rodauth.unlock_account_requires_password? %>

data/lib/generators/rodauth/templates/app/views/rodauth/unlock_account_request.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.unlock_account_request_page_title %>
-<%= form_with url: rodauth.unlock_account_request_path, method: :post do |form| %>
+<%= form_with url: rodauth.unlock_account_request_path, method: :post, data: { turbo: false } do |form| %>
   <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>
   <%== rodauth.unlock_account_request_explanatory_text %>

data/lib/generators/rodauth/templates/app/views/rodauth/verify_account.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.verify_account_page_title %>
-<%= form_with url: rodauth.verify_account_path, method: :post do |form| %>
+<%= form_with url: rodauth.verify_account_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.verify_account_set_password? %>
     <div class="form-group mb-3">
       <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/verify_account_resend.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.resend_verify_account_page_title %>
-<%= form_with url: rodauth.verify_account_resend_path, method: :post do |form| %>
+<%= form_with url: rodauth.verify_account_resend_path, method: :post, data: { turbo: false } do |form| %>
   <%== rodauth.verify_account_resend_explanatory_text %>
   <% if params[rodauth.login_param] %>

data/lib/generators/rodauth/templates/app/views/rodauth/verify_login_change.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.verify_login_change_page_title %>
-<%= form_with url: rodauth.verify_login_change_path, method: :post do |form| %>
+<%= form_with url: rodauth.verify_login_change_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.submit rodauth.verify_login_change_button, class: "btn btn-primary" %>
   </div>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_auth.html.erb CHANGED Viewed

@@ -2,7 +2,7 @@
 <% cred = rodauth.webauth_credential_options_for_get %>
-<%= form_with url: rodauth.webauthn_auth_form_path, method: :post, id: "webauthn-auth-form", data: { credential_options: cred.as_json.to_json } do |form| %>
+<%= form_with url: rodauth.webauthn_auth_form_path, method: :post, id: "webauthn-auth-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>
   <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>
   <%= form.hidden_field rodauth.webauthn_auth_challenge_param, value: cred.challenge %>
   <%= form.hidden_field rodauth.webauthn_auth_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_remove.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <% content_for :title, rodauth.webauthn_remove_page_title %>
-<%= form_with url: rodauth.webauthn_remove_path, method: :post, id: "webauthn-remove-form" do |form| %>
+<%= form_with url: rodauth.webauthn_remove_path, method: :post, id: "webauthn-remove-form", data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">
       <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_setup.html.erb CHANGED Viewed

@@ -2,7 +2,7 @@
 <% cred = rodauth.new_webauthn_credential %>
-<%= form_with url: rodauth.webauthn_setup_path, method: :post, id: "webauthn-setup-form", data: { credential_options: cred.as_json.to_json } do |form| %>
+<%= form_with url: rodauth.webauthn_setup_path, method: :post, id: "webauthn-setup-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>
   <%= form.hidden_field rodauth.webauthn_setup_challenge_param, value: cred.challenge %>
   <%= form.hidden_field rodauth.webauthn_setup_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>
   <%= form.text_field rodauth.webauthn_setup_param, value: "", id: "webauthn-setup", aria: { hidden: "true" } %>

data/lib/rodauth/rails/app.rb CHANGED Viewed

@@ -10,7 +10,6 @@ module Rodauth
       plugin :hooks
       plugin :render, layout: false
-      plugin :pass
       unless Rodauth::Rails.api_only?
         require "rodauth/rails/app/flash"
@@ -25,9 +24,9 @@ module Rodauth
         auth_class ||= Class.new(Rodauth::Rails::Auth)
-        plugin :rodauth, auth_class: auth_class, name: name, csrf: false, flash: false, json: true, **options do
-          instance_exec(&block) if block
-        end
+        plugin :rodauth, auth_class: auth_class, name: name, csrf: false, flash: false, json: true, **options, &block
+        self::RodaRequest.include RequestMethods
       end
       before do
@@ -47,6 +46,21 @@ module Rodauth
       def self.rodauth!(name)
         rodauth(name) or fail ArgumentError, "unknown rodauth configuration: #{name.inspect}"
       end
+      module RequestMethods
+        def rodauth(name = nil)
+          prefix = scope.rodauth(name).prefix
+          if prefix.present? && remaining_path == path_info
+            on prefix[1..-1] do
+              super
+              break # forward other `{prefix}/*` requests to the rails router
+            end
+          else
+            super
+          end
+        end
+      end
     end
   end
 end

data/lib/rodauth/rails/auth.rb CHANGED Viewed

@@ -3,23 +3,8 @@ require "rodauth/rails/feature"
 module Rodauth
   module Rails
-    # Base auth class that applies some default configuration and supports
-    # multi-level inheritance.
+    # Base auth class that applies some changes to the default configuration.
     class Auth < Rodauth::Auth
-      def self.inherited(subclass)
-        super
-        superclass = self
-        subclass.class_eval do
-          @roda_class = Rodauth::Rails.app
-          @features = superclass.features.clone
-          @routes = superclass.routes.clone
-          @route_hash = superclass.route_hash.clone
-          @configuration = superclass.instance_variable_get(:@configuration).clone
-          @configuration.instance_variable_set(:@auth, self)
-        end
-      end
-      # apply default configuration
       configure do
         enable :rails

data/lib/rodauth/rails/controller_methods.rb CHANGED Viewed

@@ -8,41 +8,16 @@ module Rodauth
         end
       end
-      def rodauth(name = nil)
-        request.env.fetch ["rodauth", *name].join(".")
-      end
       def current_account(name = nil)
-        model = rodauth(name).rails_account_model
-        id = rodauth(name).session_value
+        rodauth(name).rails_account || rodauth(name).login_required
+      end
-        @current_account ||= {}
-        @current_account[name] ||= fetch_account(model, id) do
-          rodauth(name).clear_session
-          rodauth(name).login_required
-        end
+      def rodauth(name = nil)
+        request.env.fetch ["rodauth", *name].join(".")
       end
       private
-      def fetch_account(model, id, &not_found)
-        if defined?(ActiveRecord::Base) && model < ActiveRecord::Base
-          begin
-            model.find(id)
-          rescue ActiveRecord::RecordNotFound
-            not_found.call
-          end
-        elsif model < Sequel::Model
-          begin
-            model.with_pk!(id)
-          rescue Sequel::NoMatchingRow
-            not_found.call
-          end
-        else
-          fail Error, "unsupported model type: #{model}"
-        end
-      end
       def rodauth_response
         res = catch(:halt) { return yield }

data/lib/rodauth/rails/feature/base.rb CHANGED Viewed

@@ -8,6 +8,17 @@ module Rodauth
           feature.auth_cached_method :rails_controller_instance
         end
+        def rails_account
+          account_from_session unless account
+          unless account
+            clear_session if logged_in?
+            return
+          end
+          @rails_account ||= instantiate_rails_account
+        end
         # Reset Rails session to protect from session fixation attacks.
         def clear_session
           rails_controller_instance.reset_session
@@ -43,6 +54,16 @@ module Rodauth
         private
+        def instantiate_rails_account
+          if defined?(ActiveRecord::Base) && rails_account_model < ActiveRecord::Base
+            rails_account_model.instantiate(account.stringify_keys)
+          elsif defined?(Sequel::Model) && rails_account_model < Sequel::Model
+            rails_account_model.load(account)
+          else
+            fail Error, "unsupported model type: #{rails_account_model}"
+          end
+        end
         # Instances of the configured controller with current request's env hash.
         def _rails_controller_instance
           controller = rails_controller.new

data/lib/rodauth/rails/feature/internal_request.rb CHANGED Viewed

@@ -5,16 +5,17 @@ module Rodauth
         def domain
           return super unless missing_host?
-          Rodauth::Rails.url_options[:host]
+          rails_url_options.fetch(:host)
         end
         def base_url
           return super unless missing_host? && domain
-          url_options = Rodauth::Rails.url_options
+          scheme = rails_url_options[:protocol] || "http"
+          port = rails_url_options[:port]
-          url = "#{url_options[:protocol]}://#{domain}"
-          url << ":#{url_options[:port]}" if url_options[:port]
+          url = "#{scheme}://#{domain}"
+          url << ":#{port}" if port
           url
         end
@@ -40,6 +41,11 @@ module Rodauth
         def missing_host?
           internal_request? && request.host == INVALID_DOMAIN || scope.nil?
         end
+        def rails_url_options
+          ::Rails.application.config.action_mailer.default_url_options or
+            fail Error, "There is no information to set the URL host from. Please set config.action_mailer.default_url_options in your Rails application, or configure #domain and #base_url in your Rodauth configuration."
+        end
       end
     end
   end

data/lib/rodauth/rails/feature/render.rb CHANGED Viewed

@@ -42,6 +42,14 @@ module Rodauth
           controller.formats = rails_request.formats.map(&:ref).compact
           controller
         end
+        # Not all Rodauth actions are Turbo-compatible (some form submissions
+        # render 200 HTML responses), so we disable Turbo on all Rodauth forms.
+        def _view(meth, *)
+          html = super
+          html = html.gsub(/<form(.+)>/, '<form\1 data-turbo="false">') if meth == :view
+          html
+        end
       end
     end
   end

data/lib/rodauth/rails/tasks.rake CHANGED Viewed

@@ -5,13 +5,13 @@ namespace :rodauth do
     puts "Routes handled by #{app}:"
     app.opts[:rodauths].each do |configuration_name, auth_class|
-      auth_class.configure { enable :path_class_methods }
+      rodauth = auth_class.allocate
       routes = auth_class.routes.map do |handle_method|
         path_method = "#{handle_method.to_s.sub(/\Ahandle_/, "")}_path"
         [
-          auth_class.public_send(path_method),
+          rodauth.public_send(path_method),
           "rodauth#{configuration_name && "(:#{configuration_name})"}.#{path_method}",
         ]
       end

data/lib/rodauth/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.18.0"
+    VERSION = "1.2.0"
   end
 end

data/lib/rodauth/rails.rb CHANGED Viewed

@@ -14,37 +14,32 @@ module Rodauth
     @app = nil
     @middleware = true
-    LOCK = Mutex.new
     class << self
       def rodauth(name = nil, query: nil, form: nil, account: nil, **options)
         auth_class = app.rodauth!(name)
-        LOCK.synchronize do
-          unless auth_class.features.include?(:internal_request)
-            auth_class.configure { enable :internal_request }
-            warn "Rodauth::Rails.rodauth requires the internal_request feature to be enabled. For now it was enabled automatically, but this behaviour will be removed in version 1.0."
-          end
-        end
-        if query || form
-          warn "The :query and :form keyword arguments for Rodauth::Rails.rodauth have been deprecated. Please use the :params argument supported by internal_request feature instead."
-          options[:params] = query || form
+        unless auth_class.features.include?(:internal_request)
+          fail Rodauth::Rails::Error, "Rodauth::Rails.rodauth requires internal_request feature to be enabled"
         end
         if account
           options[:account_id] = account.id
         end
-        auth_class.internal_request_eval(options) do
+        instance = auth_class.internal_request_eval(options) do
           if defined?(ActiveRecord::Base) && account.is_a?(ActiveRecord::Base)
             @account = account.attributes.symbolize_keys
           elsif defined?(Sequel::Model) && account.is_a?(Sequel::Model)
             @account = account.values
           end
           self
         end
+        # clean up inspect output
+        instance.remove_instance_variable(:@internal_request_block)
+        instance.remove_instance_variable(:@internal_request_return_value)
+        instance
       end
       def model(name = nil, **options)
@@ -80,12 +75,6 @@ module Rodauth
         end
       end
-      def url_options
-        options = ::Rails.application.config.action_mailer.default_url_options || {}
-        options[:protocol] ||= "http"
-        options
-      end
       def configure
         yield self
       end

data/rodauth-rails.gemspec CHANGED Viewed

@@ -16,8 +16,8 @@ Gem::Specification.new do |spec|
   spec.files         = Dir["README.md", "LICENSE.txt", "CHANGELOG.md", "lib/**/*", "*.gemspec"]
   spec.require_paths = ["lib"]
-  spec.add_dependency "railties", ">= 4.2", "< 7"
-  spec.add_dependency "rodauth", "~> 2.15"
+  spec.add_dependency "railties", ">= 4.2", "< 8"
+  spec.add_dependency "rodauth", "~> 2.19"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.18.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-11-05 00:00:00.000000000 Z
+date: 2022-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -19,7 +19,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,21 +29,21 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '7'
+        version: '8'
 - !ruby/object:Gem::Dependency
   name: rodauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.15'
+        version: '2.19'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.15'
+        version: '2.19'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
@@ -173,9 +173,11 @@ files:
 - lib/generators/rodauth/migration/webauthn.erb
 - lib/generators/rodauth/migration_generator.rb
 - lib/generators/rodauth/migration_helpers.rb
+- lib/generators/rodauth/templates/INSTRUCTIONS
 - lib/generators/rodauth/templates/app/controllers/rodauth_controller.rb
-- lib/generators/rodauth/templates/app/lib/rodauth_app.rb
 - lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb
+- lib/generators/rodauth/templates/app/misc/rodauth_app.rb
+- lib/generators/rodauth/templates/app/misc/rodauth_main.rb
 - lib/generators/rodauth/templates/app/models/account.rb
 - lib/generators/rodauth/templates/app/views/rodauth/_email_auth_request_form.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/_login_form.html.erb
@@ -266,7 +268,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.