rodauth-rails 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b60f1b274889c1809196e62e8f3ba3516bf631593e6263162b3f4af11521d3a3
-  data.tar.gz: e55af46d9f5886dfc70d1f3112597bf508ba9536e8d0fc9cec141f33d045c94b
+  metadata.gz: dd5d6b153ae21b024570d612aff57a2c0d6f090f2215723b25bbc362ee743c9b
+  data.tar.gz: e6aac1fe20d00bd4c94559c74dbc56bd971da4404d086ec3193db8e06fe2a3bd
 SHA512:
-  metadata.gz: 26c72c879909f9497a9d05802776ef8aa42d73dd8a4ba72695ea88289aebf29b2224bbf9011ab7929b394e708c25379410cb9d62f4d54c9c300002e3405cdc5a
-  data.tar.gz: 8370be5f4885300ded77d1e0bfea95ab99c0b0889fe464fbea062da7d71dd1a66deb4777a08dc235f841eb241170b1a08eb9badce756325e2291b5e87883068a
+  metadata.gz: 83a5c386eaf39c7aa9b0536e9aed25e8a61bc069e2388bee556b28e9ee00941528fd5431199711d77a28212d281376258ecf0b914d6aa928954d8d99543b827b
+  data.tar.gz: 815d7fee34954d2f512e4532d02bb9d183ad9bde92fc622d522c517cd9db575c8fef98c857dce81c8329cd1798481b8e2f4609390b2472d83825d393886a3576

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.4.0 (2020-11-02)
+
+* Support Rails API-only mode (@janko)
+
+* Make `rodauth:install` create `rodauth_app.rb` in `app/lib/` directory (@janko)
+
 ## 0.3.1 (2020-10-25)
 
 * Depend on sequel-activerecord_connection 1.0+ (@janko)

data/README.md

@@ -14,6 +14,11 @@ Add the gem to your Gemfile:
 
 ```rb
 gem "rodauth-rails", "~> 0.3"
+
+# gem "jwt",      require: false # for JWT feature
+# gem "rotp",     require: false # for OTP feature
+# gem "rqrcode",  require: false # for OTP feature
+# gem "webauthn", require: false # for WebAuthn feature
 ```
 
 Then run `bundle install`.
@@ -29,7 +34,7 @@ The generator will create the following files:
 * Rodauth migration at `db/migrate/*_create_rodauth.rb`
 * Rodauth initializer at `config/initializers/rodauth.rb`
 * Sequel initializer at `config/initializers/sequel.rb` for ActiveRecord integration
-* Rodauth app at `lib/rodauth_app.rb`
+* Rodauth app at `app/lib/rodauth_app.rb`
 * Rodauth controller at `app/controllers/rodauth_controller.rb`
 * Account model at `app/models/account.rb`
 
@@ -88,12 +93,12 @@ DB = Sequel.postgres(extensions: :activerecord_connection)
 
 ### Rodauth app
 
-Your Rodauth app is created in the `lib/` directory, which comes with a default
-set of authentication features enabled, as well as extensive examples on ways
-you can configure authentication behaviour.
+Your Rodauth app is created in the `app/lib/` directory, and comes with a
+default set of authentication features enabled, as well as extensive examples
+on ways you can configure authentication behaviour.
 
 ```rb
-# lib/rodauth_app.rb
+# app/lib/rodauth_app.rb
 class RodauthApp < Rodauth::Rails::App
   configure do
     # authentication configuration
@@ -105,19 +110,6 @@ class RodauthApp < Rodauth::Rails::App
 end
 ```
 
-Note that Rails doesn't autoload files in the `lib/` directory by default, so
-make sure to add `lib/` to your `config.autoload_paths`:
-
-```rb
-# config/application.rb
-module YourApp
-  class Application < Rails::Application
-    # ...
-    config.autoload_paths += %W[#{config.root}/lib]
-  end
-end
-```
-
 ### Controller
 
 Your Rodauth app will by default use `RodauthController` for view rendering
@@ -500,18 +492,26 @@ end
 
 ## Working with JWT
 
-To use Rodauth's [JWT feature], you'll need to load Roda's JSON support:
+To use Rodauth's [JWT feature], you'll need to load Roda's JSON support in
+`configure`:
 
 ```rb
 # lib/rodauth_app.rb
 class RodauthApp < Rodauth::Rails::App
   configure(json: true) do
     enable :jwt
+    jwt_secret "...your secret key..."
     # your configuration
   end
 end
 ```
 
+Make sure to store the `jwt_secret` in a secure place, such as Rails
+credentials or environment variables.
+
+Rodauth's JWT feature depends on the [JWT gem], so make sure to add it to your
+Gemfile.
+
 ## Testing
 
 If you're writing system tests, it's generally better to go through the actual
@@ -634,6 +634,7 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [rendering views outside of controllers]: https://blog.bigbinary.com/2016/01/08/rendering-views-outside-of-controllers-in-rails-5.html
 [feature documentation]: http://rodauth.jeremyevans.net/documentation.html
 [JWT feature]: http://rodauth.jeremyevans.net/rdoc/files/doc/jwt_rdoc.html
+[JWT gem]: https://github.com/jwt/ruby-jwt
 [Bootstrap]: https://getbootstrap.com/
 [Roda]: http://roda.jeremyevans.net/
 [HMAC]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-HMAC

data/lib/generators/rodauth/install_generator.rb

@@ -1,6 +1,8 @@
 require "rails/generators/base"
 require "rails/generators/active_record/migration"
 
+require "securerandom"
+
 module Rodauth
   module Rails
     module Generators
@@ -29,7 +31,7 @@ module Rodauth
         end
 
         def create_rodauth_app
-          template "lib/rodauth_app.rb"
+          template "app/lib/rodauth_app.rb"
         end
 
         def create_rodauth_controller
@@ -45,12 +47,13 @@ module Rodauth
         private
 
         def db_migrate_path
-          return "db/migrate" unless activerecord_at_least?(5, 0)
+          return "db/migrate" unless ActiveRecord.version >= Gem::Version.new("5.0")
+
           super
         end
 
         def migration_version
-          if activerecord_at_least?(5, 0)
+          if ActiveRecord.version >= Gem::Version.new("5.0")
             "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
           end
         end
@@ -67,8 +70,10 @@ module Rodauth
           ActiveRecord::Base.connection_config.fetch(:adapter)
         end
 
-        def activerecord_at_least?(major, minor)
-          ActiveRecord.version >= Gem::Version.new("#{major}.#{minor}")
+        def api_only?
+          return false if ::Rails.gem_version < Gem::Version.new("5.0")
+
+          ::Rails.application.config.api_only
         end
       end
     end

data/lib/generators/rodauth/templates/{lib → app/lib}/rodauth_app.rb

@@ -1,8 +1,8 @@
 class RodauthApp < Rodauth::Rails::App
-  configure do
+  configure<%= " json: :only" if api_only? %> do
     # List of authentication features that are loaded.
     enable :create_account, :verify_account, :verify_account_grace_period,
-      :login, :remember, :logout,
+      :login, :logout, <%= api_only? ? ":jwt" : ":remember" %>,
       :reset_password, :change_password, :change_password_notify,
       :change_login, :verify_login_change,
       :close_account
@@ -38,6 +38,18 @@ class RodauthApp < Rodauth::Rails::App
 
     # Redirect to the app from login and registration pages if already logged in.
     # already_logged_in { redirect login_redirect }
+<% if api_only? -%>
+
+    # ==> JWT
+    # Set JWT secret, which is used to cryptographically protect the token.
+    jwt_secret "<%= SecureRandom.hex(64) %>"
+
+    # Don't require login confirmation param.
+    require_login_confirmation? false
+
+    # Don't require password confirmation param.
+    require_password_confirmation? false
+<% end -%>
 
     # ==> Emails
     # Uncomment the lines below once you've imported mailer views.
@@ -75,10 +87,12 @@ class RodauthApp < Rodauth::Rails::App
     # reset_password_email_body { "Click here to reset your password: #{reset_password_email_link}" }
 
     # ==> Flash
+<% unless api_only? -%>
     # Match flash keys with ones already used in the Rails app.
     # flash_notice_key :success # default is :notice
     # flash_error_key :error # default is :alert
 
+<% end -%>
     # Override default flash messages.
     # create_account_notice_flash "Your account has been created. Please verify your account by visiting the confirmation link sent to your email address."
     # require_login_error_flash "Login is required for accessing this page"
@@ -93,6 +107,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Change minimum number of password characters required when creating an account.
     # password_minimum_length 8
+<% unless api_only? -%>
 
     # ==> Remember Feature
     # Remember all logged in users.
@@ -103,6 +118,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Extend user's remember period when remembered via a cookie
     extend_remember_deadline? true
+<% end -%>
 
     # ==> Hooks
     # Validate custom fields in the create account form.
@@ -147,8 +163,10 @@ class RodauthApp < Rodauth::Rails::App
   # end
 
   route do |r|
+<% unless api_only? -%>
     rodauth.load_memory # autologin remembered users
 
+<% end -%>
     r.rodauth # route rodauth requests
 
     # ==> Authenticating Requests

data/lib/generators/rodauth/templates/config/initializers/sequel.rb

@@ -1,7 +1,7 @@
 require "sequel/core"
 
 # initialize Sequel and have it reuse Active Record's database connection
-<%- if RUBY_ENGINE == "jruby" -%>
+<% if RUBY_ENGINE == "jruby" -%>
 DB = Sequel.connect("jdbc:<%= sequel_adapter %>://", extensions: :activerecord_connection)
 <% else -%>
 DB = Sequel.<%= sequel_adapter %>(extensions: :activerecord_connection)

data/lib/generators/rodauth/templates/db/migrate/create_rodauth.rb

@@ -44,12 +44,21 @@ class CreateRodauth < ActiveRecord::Migration<%= migration_version %>
       t.datetime :deadline, null: false
     end
 
+<% unless api_only? -%>
     # Used by the remember me feature
     create_table :account_remember_keys do |t|
       t.foreign_key :accounts, column: :id
       t.string :key, null: false
       t.datetime :deadline, null: false
     end
+<% else -%>
+    # # Used by the remember me feature
+    # create_table :account_remember_keys do |t|
+    #   t.foreign_key :accounts, column: :id
+    #   t.string :key, null: false
+    #   t.datetime :deadline, null: false
+    # end
+<% end -%>
 
     # # Used by the audit logging feature
     # create_table :account_authentication_audit_logs do |t|

data/lib/rodauth/rails.rb

@@ -1,4 +1,4 @@
-require "rodauth/version"
+require "rodauth/rails/version"
 require "rodauth/rails/railtie"
 
 module Rodauth

data/lib/rodauth/rails/app.rb

@@ -4,15 +4,16 @@ module Rodauth
   module Rails
     # The superclass for creating a Rodauth middleware.
     class App < Roda
-      require "rodauth/rails/app/flash"
-
       plugin :middleware
       plugin :hooks
       plugin :render, layout: false
 
-      plugin Flash
-
       def self.configure(name = nil, **options, &block)
+        unless options[:json] == :only
+          require "rodauth/rails/app/flash"
+          plugin Flash
+        end
+
         plugin :rodauth, name: name, csrf: false, flash: false, **options do
           # load the Rails integration
           enable :rails

data/lib/rodauth/rails/app/flash.rb

@@ -31,7 +31,7 @@ module Rodauth
           end
 
           def commit_flash
-            if ActionPack.version >= Gem::Version.new("5.0.0")
+            if ActionPack.version >= Gem::Version.new("5.0")
               rails_request.commit_flash
             else
               # ActionPack 4.2 automatically commits flash

data/lib/rodauth/rails/feature.rb

@@ -92,7 +92,7 @@ module Rodauth
       request  = ActionDispatch::Request.new(scope.env)
       instance = rails_controller.new
 
-      if ActionPack.version >= Gem::Version.new("5.0.0")
+      if ActionPack.version >= Gem::Version.new("5.0")
         instance.set_request! request
         instance.set_response! rails_controller.make_response!(request)
       else

data/lib/rodauth/rails/version.rb

@@ -0,0 +1,5 @@
+module Rodauth
+  module Rails
+    VERSION = "0.4.0"
+  end
+end

data/rodauth-rails.gemspec

@@ -1,6 +1,8 @@
+require_relative "lib/rodauth/rails/version"
+
 Gem::Specification.new do |spec|
   spec.name          = "rodauth-rails"
-  spec.version       = "0.3.1"
+  spec.version       = Rodauth::Rails::VERSION
   spec.authors       = ["Janko Marohnić"]
   spec.email         = ["janko.marohnic@gmail.com"]
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-25 00:00:00.000000000 Z
+date: 2020-11-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -99,6 +99,7 @@ files:
 - lib/generators/rodauth/install_generator.rb
 - lib/generators/rodauth/mailer_generator.rb
 - lib/generators/rodauth/templates/app/controllers/rodauth_controller.rb
+- lib/generators/rodauth/templates/app/lib/rodauth_app.rb
 - lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb
 - lib/generators/rodauth/templates/app/models/account.rb
 - lib/generators/rodauth/templates/app/views/rodauth/_email_auth_request_form.html.erb
@@ -164,7 +165,6 @@ files:
 - lib/generators/rodauth/templates/config/initializers/rodauth.rb
 - lib/generators/rodauth/templates/config/initializers/sequel.rb
 - lib/generators/rodauth/templates/db/migrate/create_rodauth.rb
-- lib/generators/rodauth/templates/lib/rodauth_app.rb
 - lib/generators/rodauth/views_generator.rb
 - lib/rodauth-rails.rb
 - lib/rodauth/features/rails.rb
@@ -175,6 +175,7 @@ files:
 - lib/rodauth/rails/feature.rb
 - lib/rodauth/rails/middleware.rb
 - lib/rodauth/rails/railtie.rb
+- lib/rodauth/rails/version.rb
 - rodauth-rails.gemspec
 homepage: https://github.com/janko/rodauth-rails
 licenses: