rodauth-rails 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b6bb43d7d1d355de281ce5fe57e1e00a13943f29efe93d39dc98099aa100c78c
-  data.tar.gz: 43034ad43125b0bb56132b57dd27cacdc4e9833c285f98256e67a989da84321c
+  metadata.gz: f0d00b7ad2f6198fff3a5cc3c720c6f30d9296898e3fd764ddf7408e36232a6d
+  data.tar.gz: 9ba008116fc5521c98ed62dda5b1f6b2eccd733d06ccb0a2c5b9b4db8df94539
 SHA512:
-  metadata.gz: fb66ec48409f5f15f1e0953a8ae8a715cec48811e1ba81ea25015128f360487425c0fd09574da22ece00277e9e488204bc9393212631ec4d3c235f16f3064aaa
-  data.tar.gz: 15cbe441d8ff403f3db98d41710a32d8cb819c1961e5f25187e93411b3ec5dad7b1a0c508e6efa54df8fc08cd169587c07948a4c8da2b70edb7a2751f4bd6b09
+  metadata.gz: 848873e599cfb8dc8a5d274ac5fec5987cf4c895c77757a4b21529ddcd9a635ba8086c037f55c55ef097ae926549234e5abebb97a5300f0ead6118927d737d91
+  data.tar.gz: aa75fb48217e79c40000cf1f226f36a65fdffdcb764233572ae45341b7ab9dd2f1d8f8470e593d8260495962b1b5c352e62d0d5e71fed0cb96891da93a0f344c

data/CHANGELOG.md

@@ -1,3 +1,39 @@
+## 0.5.0 (2020-11-16)
+
+* Support more Active Record adapters in `rodauth:install` generator (@janko)
+
+* Add `rodauth:migration` generator for creating tables of specified features (@janko)
+
+* Use UUIDs for primary keys if so configured in Rails generators (@janko)
+
+* Add `rodauth:routes` rake task for printing routes handled by Rodauth middleware (@janko)
+
+## 0.4.2 (2020-11-08)
+
+* Drop support for Ruby 2.2 (@janko)
+
+* Bump `sequel-activerecord_connection` dependency to 1.1+ (@janko)
+
+* Set default bcrypt hash cost to `1` in tests (@janko)
+
+* Call `AR::Base.connection_db_config` on Rails 6.1+ in `rodauth:install` generator (@janko)
+
+## 0.4.1 (2020-11-02)
+
+* Don't generate `RodauthController` in API-only mode (@janko)
+
+* Pass `test: false` to Sequel in the `sequel.rb` initializer (@janko)
+
+## 0.4.0 (2020-11-02)
+
+* Support Rails API-only mode (@janko)
+
+* Make `rodauth:install` create `rodauth_app.rb` in `app/lib/` directory (@janko)
+
+## 0.3.1 (2020-10-25)
+
+* Depend on sequel-activerecord_connection 1.0+ (@janko)
+
 ## 0.3.0 (2020-09-18)
 
 * Handle custom configured database migration paths in install generator (@janko)

data/README.md

@@ -13,7 +13,12 @@ Provides Rails integration for the [Rodauth] authentication framework.
 Add the gem to your Gemfile:
 
 ```rb
-gem "rodauth-rails", "~> 0.2"
+gem "rodauth-rails", "~> 0.4"
+
+# gem "jwt",      require: false # for JWT feature
+# gem "rotp",     require: false # for OTP feature
+# gem "rqrcode",  require: false # for OTP feature
+# gem "webauthn", require: false # for WebAuthn feature
 ```
 
 Then run `bundle install`.
@@ -29,7 +34,7 @@ The generator will create the following files:
 * Rodauth migration at `db/migrate/*_create_rodauth.rb`
 * Rodauth initializer at `config/initializers/rodauth.rb`
 * Sequel initializer at `config/initializers/sequel.rb` for ActiveRecord integration
-* Rodauth app at `lib/rodauth_app.rb`
+* Rodauth app at `app/lib/rodauth_app.rb`
 * Rodauth controller at `app/controllers/rodauth_controller.rb`
 * Account model at `app/models/account.rb`
 
@@ -49,7 +54,6 @@ class CreateRodauth < ActiveRecord::Migration
     create_table :account_verification_keys do |t| ... end
     create_table :account_login_change_keys do |t| ... end
     create_table :account_remember_keys do |t| ... end
-    # ...
   end
 end
 ```
@@ -83,17 +87,17 @@ ActiveRecord connection.
 require "sequel/core"
 
 # initialize Sequel and have it reuse Active Record's database connection
-DB = Sequel.postgres(extensions: :activerecord_connection)
+DB = Sequel.connect("postgresql://", extensions: :activerecord_connection)
 ```
 
 ### Rodauth app
 
-Your Rodauth app is created in the `lib/` directory, which comes with a default
-set of authentication features enabled, as well as extensive examples on ways
-you can configure authentication behaviour.
+Your Rodauth app is created in the `app/lib/` directory, and comes with a
+default set of authentication features enabled, as well as extensive examples
+on ways you can configure authentication behaviour.
 
 ```rb
-# lib/rodauth_app.rb
+# app/lib/rodauth_app.rb
 class RodauthApp < Rodauth::Rails::App
   configure do
     # authentication configuration
@@ -105,19 +109,6 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
 
-Note that Rails doesn't autoload files in the `lib/` directory by default, so
-make sure to add `lib/` to your `config.autoload_paths`:
-
-```rb
-# config/application.rb
-module YourApp
-  class Application < Rails::Application
-    # ...
-    config.autoload_paths += %W[#{config.root}/lib]
-  end
-end
-```
-
 ### Controller
 
 Your Rodauth app will by default use `RodauthController` for view rendering
@@ -129,7 +120,7 @@ class RodauthController < ApplicationController
 end
 ```
 
-### Account Model
+### Account model
 
 Rodauth stores user accounts in the `accounts` table, so the generator will
 also create an `Account` model for custom use.
@@ -142,8 +133,30 @@ end
 
 ## Getting started
 
-Let's start by adding some basic authentication navigation links to our home
-page:
+First, let's see what routes our Rodauth middleware will handle:
+
+```sh
+$ rails rodauth:routes
+```
+```
+Routes handled by RodauthApp:
+
+  /login                   rodauth.login_path
+  /create-account          rodauth.create_account_path
+  /verify-account-resend   rodauth.verify_account_resend_path
+  /verify-account          rodauth.verify_account_path
+  /change-password         rodauth.change_password_path
+  /change-login            rodauth.change_login_path
+  /logout                  rodauth.logout_path
+  /remember                rodauth.remember_path
+  /reset-password-request  rodauth.reset_password_request_path
+  /reset-password          rodauth.reset_password_path
+  /verify-login-change     rodauth.verify_login_change_path
+  /close-account           rodauth.close_account_path
+```
+
+We can use this information to add some basic authentication navigation links
+to our home page:
 
 ```erb
 <ul>
@@ -192,7 +205,7 @@ our app. We can do this in our Rodauth app's routing block, which helps keep
 the authentication logic encapsulated:
 
 ```rb
-# lib/rodauth_app.rb
+# app/lib/rodauth_app.rb
 class RodauthApp < Rodauth::Rails::App
   # ...
   route do |r|
@@ -273,7 +286,7 @@ $ rails generate rodauth:views --all
 ```
 
 You can also tell the generator to create views into another directory (in this
-case don't forget to rename the Rodauth controller accordingly).
+case make sure to rename the Rodauth controller accordingly).
 
 ```sh
 # generates views into app/views/authentication
@@ -308,11 +321,11 @@ end
 
 ### Mailer
 
-Rodauth may send emails as part of the authentication flow. Most email settings
-can be customized:
+Depending on the features you've enabled, Rodauth may send emails as part of
+the authentication flow. Most email settings can be customized:
 
 ```rb
-# lib/rodauth_app.rb
+# app/lib/rodauth_app.rb
 class RodauthApp < Rodauth::Rails::App
   # ...
   configure do
@@ -357,7 +370,7 @@ your mailer. If you've enabled additional authentication features, make sure to
 override their `send_*_email` methods as well.
 
 ```rb
-# lib/rodauth_app.rb
+# app/lib/rodauth_app.rb
 class RodauthApp < Rodauth::Rails::App
   # ...
   configure do
@@ -393,6 +406,56 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
 
+### Migrations
+
+The install generator will have created some default tables, but you can use
+the migration generator to create tables for any additional Rodauth features:
+
+```
+$ rails generate rodauth:migration otp sms_codes recovery_codes
+```
+```rb
+# db/migration/*_create_rodauth_otp_sms_codes_recovery_codes.rb
+class CreateRodauthOtpSmsCodesRecoveryCodes < ActiveRecord::Migration
+  def change
+    create_table :account_otp_keys do |t| ... end
+    create_table :account_sms_codes do |t| ... end
+    create_table :account_recovery_codes do |t| ... end
+  end
+end
+```
+
+### JSON API
+
+JSON API support in Rodauth is provided by the [JWT feature]. First you'll need
+to add the [JWT gem] to your Gemfile:
+
+```rb
+gem "jwt"
+```
+
+The following configuration will enable the Rodauth endpoints to be accessed
+via JSON requests (in addition to HTML requests):
+
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure(json: true) do
+    # ...
+    enable :jwt
+    jwt_secret "...your secret key..."
+    # ...
+  end
+end
+```
+
+If you want the endpoints to be only accessible via JSON requests, or if your
+Rails app is in API-only mode, instead of `json: true` pass `json: :only` to
+the configure method.
+
+Make sure to store the `jwt_secret` in a secure place, such as Rails
+credentials or environment variables.
+
 ## How it works
 
 ### Middleware
@@ -498,20 +561,6 @@ Rodauth::Rails.configure do |config|
 end
 ```
 
-## Working with JWT
-
-To use Rodauth's [JWT feature], you'll need to load Roda's JSON support:
-
-```rb
-# lib/rodauth_app.rb
-class RodauthApp < Rodauth::Rails::App
-  configure(json: true) do
-    enable :jwt
-    # your configuration
-  end
-end
-```
-
 ## Testing
 
 If you're writing system tests, it's generally better to go through the actual
@@ -579,6 +628,26 @@ disables the use of database functions, though you can always turn it back on.
 use_database_authentication_functions? true
 ```
 
+To create the database functions, pass the Sequel database object into the
+Rodauth method for creating database functions:
+
+```rb
+# db/migrate/*_create_rodauth_database_functions.rb
+class CreateRodauthDatabaseFunctions < ActiveRecord::Migration
+  def up
+    # ...
+    Rodauth.create_database_authentication_functions(DB)
+    # ...
+  end
+
+  def down
+    # ...
+    Rodauth.drop_database_authentication_functions(DB)
+    # ...
+  end
+end
+```
+
 ### Account statuses
 
 The recommended [Rodauth migration] stores possible account status values in a
@@ -634,6 +703,7 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [rendering views outside of controllers]: https://blog.bigbinary.com/2016/01/08/rendering-views-outside-of-controllers-in-rails-5.html
 [feature documentation]: http://rodauth.jeremyevans.net/documentation.html
 [JWT feature]: http://rodauth.jeremyevans.net/rdoc/files/doc/jwt_rdoc.html
+[JWT gem]: https://github.com/jwt/ruby-jwt
 [Bootstrap]: https://getbootstrap.com/
 [Roda]: http://roda.jeremyevans.net/
 [HMAC]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-HMAC

data/lib/generators/rodauth/install_generator.rb

@@ -1,11 +1,14 @@
 require "rails/generators/base"
 require "rails/generators/active_record/migration"
+require "generators/rodauth/migration_helpers"
+require "securerandom"
 
 module Rodauth
   module Rails
     module Generators
       class InstallGenerator < ::Rails::Generators::Base
         include ::ActiveRecord::Generators::Migration
+        include MigrationHelpers
 
         source_root "#{__dir__}/templates"
         namespace "rodauth:install"
@@ -13,7 +16,7 @@ module Rodauth
         def create_rodauth_migration
           return unless defined?(ActiveRecord::Base)
 
-          migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "create_rodauth.rb")
+          migration_template "db/migrate/create_rodauth.rb"
         end
 
         def create_rodauth_initializer
@@ -22,17 +25,18 @@ module Rodauth
 
         def create_sequel_initializer
           return unless defined?(ActiveRecord::Base)
-          return unless %w[postgresql mysql2 sqlite3].include?(activerecord_adapter)
           return if defined?(Sequel) && !Sequel::DATABASES.empty?
 
           template "config/initializers/sequel.rb"
         end
 
         def create_rodauth_app
-          template "lib/rodauth_app.rb"
+          template "app/lib/rodauth_app.rb"
         end
 
         def create_rodauth_controller
+          return if api_only?
+
           template "app/controllers/rodauth_controller.rb"
         end
 
@@ -44,31 +48,44 @@ module Rodauth
 
         private
 
-        def db_migrate_path
-          return "db/migrate" unless activerecord_at_least?(5, 0)
-          super
+        def sequel_uri_scheme
+          if RUBY_ENGINE == "jruby"
+            "jdbc:#{sequel_jdbc_subadapter}"
+          else
+            sequel_adapter
+          end
         end
 
-        def migration_version
-          if activerecord_at_least?(5, 0)
-            "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+        def sequel_adapter
+          case activerecord_adapter
+          when "sqlite3"         then "sqlite"
+          when "oracle_enhanced" then "oracle" # https://github.com/rsim/oracle-enhanced
+          when "sqlserver"       then "tinytds" # https://github.com/rails-sqlserver/activerecord-sqlserver-adapter
+          else
+            activerecord_adapter
           end
         end
 
-        def sequel_adapter
+        def sequel_jdbc_subadapter
           case activerecord_adapter
-          when "postgresql" then "postgres#{"ql" if RUBY_ENGINE == "jruby"}"
-          when "mysql2"     then "mysql#{"2" unless RUBY_ENGINE == "jruby"}"
-          when "sqlite3"    then "sqlite"
+          when "sqlite3"         then "sqlite"
+          when "oracle_enhanced" then "oracle" # https://github.com/rsim/oracle-enhanced
+          when "sqlserver"       then "mssql"
+          else
+            activerecord_adapter
           end
         end
 
-        def activerecord_adapter
-          ActiveRecord::Base.connection_config.fetch(:adapter)
+        def api_only?
+          return unless ::Rails.gem_version >= Gem::Version.new("5.0")
+
+          ::Rails.application.config.api_only
         end
 
-        def activerecord_at_least?(major, minor)
-          ActiveRecord.version >= Gem::Version.new("#{major}.#{minor}")
+        def migration_features
+          features = [:base, :reset_password, :verify_account, :verify_login_change]
+          features << :remember unless api_only?
+          features
         end
       end
     end

data/lib/generators/rodauth/migration/account_expiration.erb

@@ -0,0 +1,7 @@
+# Used by the account expiration feature
+create_table :account_activity_times<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.datetime :last_activity_at, null: false
+  t.datetime :last_login_at, null: false
+  t.datetime :expired_at
+end

data/lib/generators/rodauth/migration/active_sessions.erb

@@ -0,0 +1,7 @@
+# Used by the active sessions feature
+create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
+  t.references :account, foreign_key: true<%= primary_key_type(:type) %>
+  t.string :session_id
+  t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/audit_logging.erb

@@ -0,0 +1,16 @@
+# Used by the audit logging feature
+create_table :account_authentication_audit_logs<%= primary_key_type %> do |t|
+  t.references :account, foreign_key: true, null: false<%= primary_key_type(:type) %>
+  t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.text :message, null: false
+<% case activerecord_adapter -%>
+<% when "postgresql" -%>
+  t.jsonb :metadata
+<% when "sqlite3", "mysql2" -%>
+  t.json :metadata
+<% else -%>
+  t.string :metadata
+<% end -%>
+  t.index [:account_id, :at], name: "audit_account_at_idx"
+  t.index :at, name: "audit_at_idx"
+end

data/lib/generators/rodauth/migration/base.erb

@@ -0,0 +1,19 @@
+<% if activerecord_adapter == "postgresql" -%>
+enable_extension "citext"
+
+<% end -%>
+create_table :accounts<%= primary_key_type %> do |t|
+<% case activerecord_adapter -%>
+<% when "postgresql" -%>
+  t.citext :email, null: false, index: { unique: true, where: "status IN ('verified', 'unverified')" }
+<% else -%>
+  t.string :email, null: false, index: { unique: true }
+<% end -%>
+  t.string :status, null: false, default: "verified"
+end
+
+# Used if storing password hashes in a separate table (default)
+create_table :account_password_hashes<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :password_hash, null: false
+end

data/lib/generators/rodauth/migration/disallow_password_reuse.erb

@@ -0,0 +1,5 @@
+# Used by the disallow_password_reuse feature
+create_table :account_previous_password_hashes do |t|
+  t.references :account, foreign_key: true<%= primary_key_type(:type) %>
+  t.string :password_hash, null: false
+end

data/lib/generators/rodauth/migration/email_auth.erb

@@ -0,0 +1,7 @@
+# Used by the email auth feature
+create_table :account_email_auth_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/jwt_refresh.erb

@@ -0,0 +1,7 @@
+# Used by the jwt refresh feature
+create_table :account_jwt_refresh_keys<%= primary_key_type %> do |t|
+  t.references :account, foreign_key: true, null: false<%= primary_key_type(:type) %>
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.index :account_id, name: "account_jwt_rk_account_id_idx"
+end

data/lib/generators/rodauth/migration/lockout.erb

@@ -0,0 +1,11 @@
+# Used by the lockout feature
+create_table :account_login_failures<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.integer :number, null: false, default: 1
+end
+create_table :account_lockouts<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.datetime :email_last_sent
+end

data/lib/generators/rodauth/migration/otp.erb

@@ -0,0 +1,7 @@
+# Used by the otp feature
+create_table :account_otp_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.integer :num_failures, null: false, default: 0
+  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/password_expiration.erb

@@ -0,0 +1,5 @@
+# Used by the password expiration feature
+create_table :account_password_change_times<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.datetime :changed_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/recovery_codes.erb

@@ -0,0 +1,6 @@
+# Used by the recovery codes feature
+create_table :account_recovery_codes, primary_key: [:id, :code] do |t|
+  t.column :id, :<%= primary_key_type(nil) || :bigint %>
+  t.foreign_key :accounts, column: :id
+  t.string :code
+end

data/lib/generators/rodauth/migration/remember.erb

@@ -0,0 +1,6 @@
+# Used by the remember me feature
+create_table :account_remember_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+end

data/lib/generators/rodauth/migration/reset_password.erb

@@ -0,0 +1,7 @@
+# Used by the password reset feature
+create_table :account_password_reset_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/single_session.erb

@@ -0,0 +1,5 @@
+# Used by the single session feature
+create_table :account_session_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+end

data/lib/generators/rodauth/migration/sms_codes.erb

@@ -0,0 +1,8 @@
+# Used by the sms codes feature
+create_table :account_sms_codes<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :phone_number, null: false
+  t.integer :num_failures
+  t.string :code
+  t.datetime :code_issued_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/verify_account.erb

@@ -0,0 +1,7 @@
+# Used by the account verification feature
+create_table :account_verification_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :requested_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/verify_login_change.erb

@@ -0,0 +1,7 @@
+# Used by the verify login change feature
+create_table :account_login_change_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.string :login, null: false
+  t.datetime :deadline, null: false
+end

data/lib/generators/rodauth/migration/webauthn.erb

@@ -0,0 +1,12 @@
+# Used by the webauthn feature
+create_table :account_webauthn_user_ids<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :webauthn_id, null: false
+end
+create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do |t|
+  t.references :account, foreign_key: true<%= primary_key_type(:type) %>
+  t.string :webauthn_id
+  t.string :public_key, null: false
+  t.integer :sign_count, null: false
+  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration_generator.rb

@@ -0,0 +1,32 @@
+require "rails/generators/base"
+require "rails/generators/active_record/migration"
+require "generators/rodauth/migration_helpers"
+
+module Rodauth
+  module Rails
+    module Generators
+      class MigrationGenerator < ::Rails::Generators::Base
+        include ::ActiveRecord::Generators::Migration
+        include MigrationHelpers
+
+        source_root "#{__dir__}/templates"
+        namespace "rodauth:migration"
+
+        argument :features, optional: true, type: :array,
+          desc: "Rodauth features to create tables for (otp, sms_codes, single_session, account_expiration etc.)",
+          default: %w[]
+
+        def create_rodauth_migration
+          return unless defined?(ActiveRecord::Base)
+          return if features.empty?
+
+          migration_template "db/migrate/create_rodauth.rb", "create_rodauth_#{features.join("_")}.rb"
+        end
+
+        def migration_features
+          features
+        end
+      end
+    end
+  end
+end

data/lib/generators/rodauth/migration_helpers.rb

@@ -0,0 +1,69 @@
+require "erb"
+
+module Rodauth
+  module Rails
+    module Generators
+      module MigrationHelpers
+        attr_reader :migration_class_name
+
+        def migration_template(source, destination = File.basename(source))
+          @migration_class_name = destination.chomp(".rb").camelize
+
+          super source, File.join(db_migrate_path, destination)
+        end
+
+        private
+
+        def migration_content
+          migration_features
+            .select { |feature| File.exist?("#{__dir__}/migration/#{feature}.erb") }
+            .map { |feature| File.read("#{__dir__}/migration/#{feature}.erb") }
+            .map { |content| erb_eval(content) }
+            .join("\n")
+            .indent(4)
+        end
+
+        def activerecord_adapter
+          if ActiveRecord::Base.respond_to?(:connection_db_config)
+            ActiveRecord::Base.connection_db_config.adapter
+          else
+            ActiveRecord::Base.connection_config.fetch(:adapter)
+          end
+        end
+
+        def migration_version
+          return unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+          "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+        end
+
+        def db_migrate_path
+          return "db/migrate" unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+          super
+        end
+
+        def primary_key_type(key = :id)
+          generators  = ::Rails.application.config.generators
+          column_type = generators.options[:active_record][:primary_key_type]
+
+          return unless column_type
+
+          if key
+            ", #{key}: :#{column_type}"
+          else
+            column_type
+          end
+        end
+
+        def erb_eval(content)
+          if ERB.version[/\d+\.\d+\.\d+/].to_s >= "2.2.0"
+            ERB.new(content, trim_mode: "-").result(binding)
+          else
+            ERB.new(content, 0, "-").result(binding)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/generators/rodauth/templates/{lib → app/lib}/rodauth_app.rb

@@ -1,8 +1,8 @@
 class RodauthApp < Rodauth::Rails::App
-  configure do
+  configure<%= " json: :only" if api_only? %> do
     # List of authentication features that are loaded.
     enable :create_account, :verify_account, :verify_account_grace_period,
-      :login, :remember, :logout,
+      :login, :logout, <%= api_only? ? ":jwt" : ":remember" %>,
       :reset_password, :change_password, :change_password_notify,
       :change_login, :verify_login_change,
       :close_account
@@ -11,9 +11,15 @@ class RodauthApp < Rodauth::Rails::App
     # http://rodauth.jeremyevans.net/documentation.html
 
     # ==> General
+    # The secret key used for hashing public-facing tokens for various features.
+    # Defaults to Rails `secret_key_base`, but you can use your own secret key.
+    # hmac_secret "<%= SecureRandom.hex(64) %>"
+
+<% unless api_only? -%>
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
 
+<% end -%>
     # Store account status in a text column.
     account_status_column :status
     account_unverified_status_value "unverified"
@@ -38,6 +44,18 @@ class RodauthApp < Rodauth::Rails::App
 
     # Redirect to the app from login and registration pages if already logged in.
     # already_logged_in { redirect login_redirect }
+<% if api_only? -%>
+
+    # ==> JWT
+    # Set JWT secret, which is used to cryptographically protect the token.
+    jwt_secret "<%= SecureRandom.hex(64) %>"
+
+    # Don't require login confirmation param.
+    require_login_confirmation? false
+
+    # Don't require password confirmation param.
+    require_password_confirmation? false
+<% end -%>
 
     # ==> Emails
     # Uncomment the lines below once you've imported mailer views.
@@ -75,10 +93,12 @@ class RodauthApp < Rodauth::Rails::App
     # reset_password_email_body { "Click here to reset your password: #{reset_password_email_link}" }
 
     # ==> Flash
+<% unless api_only? -%>
     # Match flash keys with ones already used in the Rails app.
     # flash_notice_key :success # default is :notice
     # flash_error_key :error # default is :alert
 
+<% end -%>
     # Override default flash messages.
     # create_account_notice_flash "Your account has been created. Please verify your account by visiting the confirmation link sent to your email address."
     # require_login_error_flash "Login is required for accessing this page"
@@ -93,6 +113,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Change minimum number of password characters required when creating an account.
     # password_minimum_length 8
+<% unless api_only? -%>
 
     # ==> Remember Feature
     # Remember all logged in users.
@@ -103,6 +124,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Extend user's remember period when remembered via a cookie
     extend_remember_deadline? true
+<% end -%>
 
     # ==> Hooks
     # Validate custom fields in the create account form.
@@ -147,8 +169,10 @@ class RodauthApp < Rodauth::Rails::App
   # end
 
   route do |r|
+<% unless api_only? -%>
     rodauth.load_memory # autologin remembered users
 
+<% end -%>
     r.rodauth # route rodauth requests
 
     # ==> Authenticating Requests

data/lib/generators/rodauth/templates/config/initializers/sequel.rb

@@ -1,8 +1,4 @@
 require "sequel/core"
 
 # initialize Sequel and have it reuse Active Record's database connection
-<%- if RUBY_ENGINE == "jruby" -%>
-DB = Sequel.connect("jdbc:<%= sequel_adapter %>://", extensions: :activerecord_connection)
-<% else -%>
-DB = Sequel.<%= sequel_adapter %>(extensions: :activerecord_connection)
-<% end -%>
+DB = Sequel.connect("<%= sequel_uri_scheme %>://", extensions: :activerecord_connection)

data/lib/generators/rodauth/templates/db/migrate/create_rodauth.rb

@@ -1,170 +1,5 @@
-class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
+class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version %>
   def change
-<% if activerecord_adapter == "postgresql" -%>
-    enable_extension "citext"
-
-<% end -%>
-    create_table :accounts do |t|
-<% case activerecord_adapter -%>
-<% when "postgresql" -%>
-      t.citext :email, null: false, index: { unique: true, where: "status IN ('verified', 'unverified')" }
-<% else -%>
-      t.string :email, null: false, index: { unique: true }
-<% end -%>
-      t.string :status, null: false, default: "verified"
-    end
-
-    # Used if storing password hashes in a separate table (default)
-    create_table :account_password_hashes do |t|
-      t.foreign_key :accounts, column: :id
-      t.string :password_hash, null: false
-    end
-
-    # Used by the password reset feature
-    create_table :account_password_reset_keys do |t|
-      t.foreign_key :accounts, column: :id
-      t.string :key, null: false
-      t.datetime :deadline, null: false
-      t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    end
-
-    # Used by the account verification feature
-    create_table :account_verification_keys do |t|
-      t.foreign_key :accounts, column: :id
-      t.string :key, null: false
-      t.datetime :requested_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-      t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    end
-
-    # Used by the verify login change feature
-    create_table :account_login_change_keys do |t|
-      t.foreign_key :accounts, column: :id
-      t.string :key, null: false
-      t.string :login, null: false
-      t.datetime :deadline, null: false
-    end
-
-    # Used by the remember me feature
-    create_table :account_remember_keys do |t|
-      t.foreign_key :accounts, column: :id
-      t.string :key, null: false
-      t.datetime :deadline, null: false
-    end
-
-    # # Used by the audit logging feature
-    # create_table :account_authentication_audit_logs do |t|
-    #   t.references :account, foreign_key: true, null: false
-    #   t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    #   t.text :message, null: false
-<% case activerecord_adapter -%>
-<% when "postgresql" -%>
-    #   t.jsonb :metadata
-<% when "sqlite3", "mysql2" -%>
-    #   t.json :metadata
-<% else -%>
-    #   t.string :metadata
-<% end -%>
-    #   t.index [:account_id, :at], name: "audit_account_at_idx"
-    #   t.index :at, name: "audit_at_idx"
-    # end
-
-    # # Used by the jwt refresh feature
-    # create_table :account_jwt_refresh_keys do |t|
-    #   t.references :account, foreign_key: true, null: false
-    #   t.string :key, null: false
-    #   t.datetime :deadline, null: false
-    #   t.index :account_id, name: "account_jwt_rk_account_id_idx"
-    # end
-
-    # # Used by the disallow_password_reuse feature
-    # create_table :account_previous_password_hashes do |t|
-    #   t.references :account, foreign_key: true
-    #   t.string :password_hash, null: false
-    # end
-
-    # # Used by the lockout feature
-    # create_table :account_login_failures do |t|
-    #   t.foreign_key :accounts, column: :id
-    #   t.integer :number, null: false, default: 1
-    # end
-    # create_table :account_lockouts do |t|
-    #   t.foreign_key :accounts, column: :id
-    #   t.string :key, null: false
-    #   t.datetime :deadline, null: false
-    #   t.datetime :email_last_sent
-    # end
-
-    # # Used by the email auth feature
-    # create_table :account_email_auth_keys do |t|
-    #   t.foreign_key :accounts, column: :id
-    #   t.string :key, null: false
-    #   t.datetime :deadline, null: false
-    #   t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    # end
-
-    # # Used by the password expiration feature
-    # create_table :account_password_change_times do |t|
-    #   t.foreign_key :accounts, column: :id
-    #   t.datetime :changed_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    # end
-
-    # # Used by the account expiration feature
-    # create_table :account_activity_times do |t|
-    #   t.foreign_key :accounts, column: :id
-    #   t.datetime :last_activity_at, null: false
-    #   t.datetime :last_login_at, null: false
-    #   t.datetime :expired_at
-    # end
-
-    # # Used by the single session feature
-    # create_table :account_session_keys do |t|
-    #   t.foreign_key :accounts, column: :id
-    #   t.string :key, null: false
-    # end
-
-    # # Used by the active sessions feature
-    # create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
-    #   t.references :account, foreign_key: true
-    #   t.string :session_id
-    #   t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    #   t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    # end
-
-    # # Used by the webauthn feature
-    # create_table :account_webauthn_user_ids do |t|
-    #   t.foreign_key :accounts, column: :id
-    #   t.string :webauthn_id, null: false
-    # end
-    # create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do |t|
-    #   t.references :account, foreign_key: true
-    #   t.string :webauthn_id
-    #   t.string :public_key, null: false
-    #   t.integer :sign_count, null: false
-    #   t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    # end
-
-    # # Used by the otp feature
-    # create_table :account_otp_keys do |t|
-    #   t.foreign_key :accounts, column: :id
-    #   t.string :key, null: false
-    #   t.integer :num_failures, null: false, default: 0
-    #   t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    # end
-
-    # # Used by the recovery codes feature
-    # create_table :account_recovery_codes, primary_key: [:id, :code] do |t|
-    #   t.integer :id
-    #   t.foreign_key :accounts, column: :id
-    #   t.string :code
-    # end
-
-    # # Used by the sms codes feature
-    # create_table :account_sms_codes do |t|
-    #   t.foreign_key :accounts, column: :id
-    #   t.string :phone_number, null: false
-    #   t.integer :num_failures
-    #   t.string :code
-    #   t.datetime :code_issued_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-    # end
+<%= migration_content -%>
   end
 end

data/lib/rodauth/rails.rb

@@ -1,4 +1,4 @@
-require "rodauth/version"
+require "rodauth/rails/version"
 require "rodauth/rails/railtie"
 
 module Rodauth

data/lib/rodauth/rails/app.rb

@@ -4,15 +4,16 @@ module Rodauth
   module Rails
     # The superclass for creating a Rodauth middleware.
     class App < Roda
-      require "rodauth/rails/app/flash"
-
       plugin :middleware
       plugin :hooks
       plugin :render, layout: false
 
-      plugin Flash
-
       def self.configure(name = nil, **options, &block)
+        unless options[:json] == :only
+          require "rodauth/rails/app/flash"
+          plugin Flash
+        end
+
         plugin :rodauth, name: name, csrf: false, flash: false, **options do
           # load the Rails integration
           enable :rails

data/lib/rodauth/rails/app/flash.rb

@@ -31,7 +31,7 @@ module Rodauth
           end
 
           def commit_flash
-            if ActionPack.version >= Gem::Version.new("5.0.0")
+            if ActionPack.version >= Gem::Version.new("5.0")
               rails_request.commit_flash
             else
               # ActionPack 4.2 automatically commits flash

data/lib/rodauth/rails/feature.rb

@@ -62,9 +62,13 @@ module Rodauth
 
     # Calls the Rails renderer, returning nil if a template is missing.
     def rails_render(*args)
-      rails_controller_instance.render_to_string(*args)
-    rescue ActionView::MissingTemplate
-      nil
+      return if only_json?
+
+      begin
+        rails_controller_instance.render_to_string(*args)
+      rescue ActionView::MissingTemplate
+        nil
+      end
     end
 
     # Hidden tag with Rails CSRF token inserted into Rodauth templates.
@@ -92,7 +96,7 @@ module Rodauth
       request  = ActionDispatch::Request.new(scope.env)
       instance = rails_controller.new
 
-      if ActionPack.version >= Gem::Version.new("5.0.0")
+      if ActionPack.version >= Gem::Version.new("5.0")
         instance.set_request! request
         instance.set_response! rails_controller.make_response!(request)
       else

data/lib/rodauth/rails/railtie.rb

@@ -1,6 +1,8 @@
 require "rodauth/rails/middleware"
 require "rodauth/rails/controller_methods"
 
+require "rails"
+
 module Rodauth
   module Rails
     class Railtie < ::Rails::Railtie
@@ -13,6 +15,15 @@ module Rodauth
           include Rodauth::Rails::ControllerMethods
         end
       end
+
+      initializer "rodauth.test" do
+        # Rodauth uses RACK_ENV to set the default bcrypt hash cost
+        ENV["RACK_ENV"] = "test" if ::Rails.env.test?
+      end
+
+      rake_tasks do
+        load "rodauth/rails/tasks.rake"
+      end
     end
   end
 end

data/lib/rodauth/rails/tasks.rake

@@ -0,0 +1,32 @@
+namespace :rodauth do
+  task routes: :environment do
+    app = Rodauth::Rails.app
+
+    puts "Routes handled by #{app}:"
+    puts
+
+    app.opts[:rodauths].each do |rodauth_name, rodauth_class|
+      route_names = rodauth_class.routes
+        .map { |handle_method| handle_method.to_s.sub(/\Ahandle_/, "") }
+        .uniq
+
+      rodauth = rodauth_class.allocate
+
+      routes = route_names.map do |name|
+        [
+          rodauth.public_send(:"#{name}_path"),
+          "rodauth#{rodauth_name && "(:#{rodauth_name})"}.#{name}_path",
+        ]
+      end
+
+      padding = routes.map { |path, _| path.length }.max
+
+      route_lines = routes.map do |path, code|
+        "#{path.ljust(padding)}  #{code}"
+      end
+
+      puts "  #{route_lines.join("\n  ")}"
+      puts
+    end
+  end
+end

data/lib/rodauth/rails/version.rb

@@ -0,0 +1,5 @@
+module Rodauth
+  module Rails
+    VERSION = "0.5.0"
+  end
+end

data/rodauth-rails.gemspec

@@ -1,6 +1,8 @@
+require_relative "lib/rodauth/rails/version"
+
 Gem::Specification.new do |spec|
   spec.name          = "rodauth-rails"
-  spec.version       = "0.3.0"
+  spec.version       = Rodauth::Rails::VERSION
   spec.authors       = ["Janko Marohnić"]
   spec.email         = ["janko.marohnic@gmail.com"]
 
@@ -9,14 +11,14 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/janko/rodauth-rails"
   spec.license       = "MIT"
 
-  spec.required_ruby_version = ">= 2.2.0"
+  spec.required_ruby_version = ">= 2.3"
 
   spec.files         = Dir["README.md", "LICENSE.txt", "CHANGELOG.md", "lib/**/*", "*.gemspec"]
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 4.2", "< 7"
   spec.add_dependency "rodauth", "~> 2.1"
-  spec.add_dependency "sequel-activerecord_connection", "~> 0.3"
+  spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-17 00:00:00.000000000 Z
+date: 2020-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -50,14 +50,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.3'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
@@ -98,7 +98,28 @@ files:
 - README.md
 - lib/generators/rodauth/install_generator.rb
 - lib/generators/rodauth/mailer_generator.rb
+- lib/generators/rodauth/migration/account_expiration.erb
+- lib/generators/rodauth/migration/active_sessions.erb
+- lib/generators/rodauth/migration/audit_logging.erb
+- lib/generators/rodauth/migration/base.erb
+- lib/generators/rodauth/migration/disallow_password_reuse.erb
+- lib/generators/rodauth/migration/email_auth.erb
+- lib/generators/rodauth/migration/jwt_refresh.erb
+- lib/generators/rodauth/migration/lockout.erb
+- lib/generators/rodauth/migration/otp.erb
+- lib/generators/rodauth/migration/password_expiration.erb
+- lib/generators/rodauth/migration/recovery_codes.erb
+- lib/generators/rodauth/migration/remember.erb
+- lib/generators/rodauth/migration/reset_password.erb
+- lib/generators/rodauth/migration/single_session.erb
+- lib/generators/rodauth/migration/sms_codes.erb
+- lib/generators/rodauth/migration/verify_account.erb
+- lib/generators/rodauth/migration/verify_login_change.erb
+- lib/generators/rodauth/migration/webauthn.erb
+- lib/generators/rodauth/migration_generator.rb
+- lib/generators/rodauth/migration_helpers.rb
 - lib/generators/rodauth/templates/app/controllers/rodauth_controller.rb
+- lib/generators/rodauth/templates/app/lib/rodauth_app.rb
 - lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb
 - lib/generators/rodauth/templates/app/models/account.rb
 - lib/generators/rodauth/templates/app/views/rodauth/_email_auth_request_form.html.erb
@@ -164,7 +185,6 @@ files:
 - lib/generators/rodauth/templates/config/initializers/rodauth.rb
 - lib/generators/rodauth/templates/config/initializers/sequel.rb
 - lib/generators/rodauth/templates/db/migrate/create_rodauth.rb
-- lib/generators/rodauth/templates/lib/rodauth_app.rb
 - lib/generators/rodauth/views_generator.rb
 - lib/rodauth-rails.rb
 - lib/rodauth/features/rails.rb
@@ -175,6 +195,8 @@ files:
 - lib/rodauth/rails/feature.rb
 - lib/rodauth/rails/middleware.rb
 - lib/rodauth/rails/railtie.rb
+- lib/rodauth/rails/tasks.rake
+- lib/rodauth/rails/version.rb
 - rodauth-rails.gemspec
 homepage: https://github.com/janko/rodauth-rails
 licenses:
@@ -188,14 +210,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.0
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.1
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Provides Rails integration for Rodauth.