rodauth-rails 0.3.1 → 0.6.0

data/lib/generators/rodauth/install_generator.rb

@@ -1,11 +1,14 @@
 require "rails/generators/base"
 require "rails/generators/active_record/migration"
+require "generators/rodauth/migration_helpers"
+require "securerandom"
 
 module Rodauth
   module Rails
     module Generators
       class InstallGenerator < ::Rails::Generators::Base
         include ::ActiveRecord::Generators::Migration
+        include MigrationHelpers
 
         source_root "#{__dir__}/templates"
         namespace "rodauth:install"
@@ -13,7 +16,7 @@ module Rodauth
         def create_rodauth_migration
           return unless defined?(ActiveRecord::Base)
 
-          migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "create_rodauth.rb")
+          migration_template "db/migrate/create_rodauth.rb"
         end
 
         def create_rodauth_initializer
@@ -22,17 +25,18 @@ module Rodauth
 
         def create_sequel_initializer
           return unless defined?(ActiveRecord::Base)
-          return unless %w[postgresql mysql2 sqlite3].include?(activerecord_adapter)
           return if defined?(Sequel) && !Sequel::DATABASES.empty?
 
           template "config/initializers/sequel.rb"
         end
 
         def create_rodauth_app
-          template "lib/rodauth_app.rb"
+          template "app/lib/rodauth_app.rb"
         end
 
         def create_rodauth_controller
+          return if api_only?
+
           template "app/controllers/rodauth_controller.rb"
         end
 
@@ -44,31 +48,44 @@ module Rodauth
 
         private
 
-        def db_migrate_path
-          return "db/migrate" unless activerecord_at_least?(5, 0)
-          super
+        def sequel_uri_scheme
+          if RUBY_ENGINE == "jruby"
+            "jdbc:#{sequel_jdbc_subadapter}"
+          else
+            sequel_adapter
+          end
         end
 
-        def migration_version
-          if activerecord_at_least?(5, 0)
-            "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+        def sequel_adapter
+          case activerecord_adapter
+          when "sqlite3"         then "sqlite"
+          when "oracle_enhanced" then "oracle" # https://github.com/rsim/oracle-enhanced
+          when "sqlserver"       then "tinytds" # https://github.com/rails-sqlserver/activerecord-sqlserver-adapter
+          else
+            activerecord_adapter
           end
         end
 
-        def sequel_adapter
+        def sequel_jdbc_subadapter
           case activerecord_adapter
-          when "postgresql" then "postgres#{"ql" if RUBY_ENGINE == "jruby"}"
-          when "mysql2"     then "mysql#{"2" unless RUBY_ENGINE == "jruby"}"
-          when "sqlite3"    then "sqlite"
+          when "sqlite3"         then "sqlite"
+          when "oracle_enhanced" then "oracle" # https://github.com/rsim/oracle-enhanced
+          when "sqlserver"       then "mssql"
+          else
+            activerecord_adapter
           end
         end
 
-        def activerecord_adapter
-          ActiveRecord::Base.connection_config.fetch(:adapter)
+        def api_only?
+          return unless ::Rails.gem_version >= Gem::Version.new("5.0")
+
+          ::Rails.application.config.api_only
         end
 
-        def activerecord_at_least?(major, minor)
-          ActiveRecord.version >= Gem::Version.new("#{major}.#{minor}")
+        def migration_features
+          features = [:base, :reset_password, :verify_account, :verify_login_change]
+          features << :remember unless api_only?
+          features
         end
       end
     end

data/lib/generators/rodauth/migration/account_expiration.erb

@@ -0,0 +1,7 @@
+# Used by the account expiration feature
+create_table :account_activity_times<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.datetime :last_activity_at, null: false
+  t.datetime :last_login_at, null: false
+  t.datetime :expired_at
+end

data/lib/generators/rodauth/migration/active_sessions.erb

@@ -0,0 +1,7 @@
+# Used by the active sessions feature
+create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
+  t.references :account, foreign_key: true<%= primary_key_type(:type) %>
+  t.string :session_id
+  t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/audit_logging.erb

@@ -0,0 +1,16 @@
+# Used by the audit logging feature
+create_table :account_authentication_audit_logs<%= primary_key_type %> do |t|
+  t.references :account, foreign_key: true, null: false<%= primary_key_type(:type) %>
+  t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.text :message, null: false
+<% case activerecord_adapter -%>
+<% when "postgresql" -%>
+  t.jsonb :metadata
+<% when "sqlite3", "mysql2" -%>
+  t.json :metadata
+<% else -%>
+  t.string :metadata
+<% end -%>
+  t.index [:account_id, :at], name: "audit_account_at_idx"
+  t.index :at, name: "audit_at_idx"
+end

data/lib/generators/rodauth/migration/base.erb

@@ -0,0 +1,19 @@
+<% if activerecord_adapter == "postgresql" -%>
+enable_extension "citext"
+
+<% end -%>
+create_table :accounts<%= primary_key_type %> do |t|
+<% case activerecord_adapter -%>
+<% when "postgresql" -%>
+  t.citext :email, null: false, index: { unique: true, where: "status IN ('verified', 'unverified')" }
+<% else -%>
+  t.string :email, null: false, index: { unique: true }
+<% end -%>
+  t.string :status, null: false, default: "verified"
+end
+
+# Used if storing password hashes in a separate table (default)
+create_table :account_password_hashes<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :password_hash, null: false
+end

data/lib/generators/rodauth/migration/disallow_password_reuse.erb

@@ -0,0 +1,5 @@
+# Used by the disallow_password_reuse feature
+create_table :account_previous_password_hashes do |t|
+  t.references :account, foreign_key: true<%= primary_key_type(:type) %>
+  t.string :password_hash, null: false
+end

data/lib/generators/rodauth/migration/email_auth.erb

@@ -0,0 +1,7 @@
+# Used by the email auth feature
+create_table :account_email_auth_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/jwt_refresh.erb

@@ -0,0 +1,7 @@
+# Used by the jwt refresh feature
+create_table :account_jwt_refresh_keys<%= primary_key_type %> do |t|
+  t.references :account, foreign_key: true, null: false<%= primary_key_type(:type) %>
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.index :account_id, name: "account_jwt_rk_account_id_idx"
+end

data/lib/generators/rodauth/migration/lockout.erb

@@ -0,0 +1,11 @@
+# Used by the lockout feature
+create_table :account_login_failures<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.integer :number, null: false, default: 1
+end
+create_table :account_lockouts<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.datetime :email_last_sent
+end

data/lib/generators/rodauth/migration/otp.erb

@@ -0,0 +1,7 @@
+# Used by the otp feature
+create_table :account_otp_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.integer :num_failures, null: false, default: 0
+  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/password_expiration.erb

@@ -0,0 +1,5 @@
+# Used by the password expiration feature
+create_table :account_password_change_times<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.datetime :changed_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/recovery_codes.erb

@@ -0,0 +1,6 @@
+# Used by the recovery codes feature
+create_table :account_recovery_codes, primary_key: [:id, :code] do |t|
+  t.column :id, :<%= primary_key_type(nil) || :bigint %>
+  t.foreign_key :accounts, column: :id
+  t.string :code
+end

data/lib/generators/rodauth/migration/remember.erb

@@ -0,0 +1,6 @@
+# Used by the remember me feature
+create_table :account_remember_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+end

data/lib/generators/rodauth/migration/reset_password.erb

@@ -0,0 +1,7 @@
+# Used by the password reset feature
+create_table :account_password_reset_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/single_session.erb

@@ -0,0 +1,5 @@
+# Used by the single session feature
+create_table :account_session_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+end

data/lib/generators/rodauth/migration/sms_codes.erb

@@ -0,0 +1,8 @@
+# Used by the sms codes feature
+create_table :account_sms_codes<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :phone_number, null: false
+  t.integer :num_failures
+  t.string :code
+  t.datetime :code_issued_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/verify_account.erb

@@ -0,0 +1,7 @@
+# Used by the account verification feature
+create_table :account_verification_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :requested_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/verify_login_change.erb

@@ -0,0 +1,7 @@
+# Used by the verify login change feature
+create_table :account_login_change_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.string :login, null: false
+  t.datetime :deadline, null: false
+end

data/lib/generators/rodauth/migration/webauthn.erb

@@ -0,0 +1,12 @@
+# Used by the webauthn feature
+create_table :account_webauthn_user_ids<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :webauthn_id, null: false
+end
+create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do |t|
+  t.references :account, foreign_key: true<%= primary_key_type(:type) %>
+  t.string :webauthn_id
+  t.string :public_key, null: false
+  t.integer :sign_count, null: false
+  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration_generator.rb

@@ -0,0 +1,32 @@
+require "rails/generators/base"
+require "rails/generators/active_record/migration"
+require "generators/rodauth/migration_helpers"
+
+module Rodauth
+  module Rails
+    module Generators
+      class MigrationGenerator < ::Rails::Generators::Base
+        include ::ActiveRecord::Generators::Migration
+        include MigrationHelpers
+
+        source_root "#{__dir__}/templates"
+        namespace "rodauth:migration"
+
+        argument :features, optional: true, type: :array,
+          desc: "Rodauth features to create tables for (otp, sms_codes, single_session, account_expiration etc.)",
+          default: %w[]
+
+        def create_rodauth_migration
+          return unless defined?(ActiveRecord::Base)
+          return if features.empty?
+
+          migration_template "db/migrate/create_rodauth.rb", "create_rodauth_#{features.join("_")}.rb"
+        end
+
+        def migration_features
+          features
+        end
+      end
+    end
+  end
+end

data/lib/generators/rodauth/migration_helpers.rb

@@ -0,0 +1,69 @@
+require "erb"
+
+module Rodauth
+  module Rails
+    module Generators
+      module MigrationHelpers
+        attr_reader :migration_class_name
+
+        def migration_template(source, destination = File.basename(source))
+          @migration_class_name = destination.chomp(".rb").camelize
+
+          super source, File.join(db_migrate_path, destination)
+        end
+
+        private
+
+        def migration_content
+          migration_features
+            .select { |feature| File.exist?("#{__dir__}/migration/#{feature}.erb") }
+            .map { |feature| File.read("#{__dir__}/migration/#{feature}.erb") }
+            .map { |content| erb_eval(content) }
+            .join("\n")
+            .indent(4)
+        end
+
+        def activerecord_adapter
+          if ActiveRecord::Base.respond_to?(:connection_db_config)
+            ActiveRecord::Base.connection_db_config.adapter
+          else
+            ActiveRecord::Base.connection_config.fetch(:adapter)
+          end
+        end
+
+        def migration_version
+          return unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+          "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+        end
+
+        def db_migrate_path
+          return "db/migrate" unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+          super
+        end
+
+        def primary_key_type(key = :id)
+          generators  = ::Rails.application.config.generators
+          column_type = generators.options[:active_record][:primary_key_type]
+
+          return unless column_type
+
+          if key
+            ", #{key}: :#{column_type}"
+          else
+            column_type
+          end
+        end
+
+        def erb_eval(content)
+          if ERB.version[/\d+\.\d+\.\d+/].to_s >= "2.2.0"
+            ERB.new(content, trim_mode: "-").result(binding)
+          else
+            ERB.new(content, 0, "-").result(binding)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/generators/rodauth/templates/{lib → app/lib}/rodauth_app.rb

@@ -1,8 +1,8 @@
 class RodauthApp < Rodauth::Rails::App
-  configure do
+  configure<%= " json: :only" if api_only? %> do
     # List of authentication features that are loaded.
     enable :create_account, :verify_account, :verify_account_grace_period,
-      :login, :remember, :logout,
+      :login, :logout, <%= api_only? ? ":jwt" : ":remember" %>,
       :reset_password, :change_password, :change_password_notify,
       :change_login, :verify_login_change,
       :close_account
@@ -11,9 +11,15 @@ class RodauthApp < Rodauth::Rails::App
     # http://rodauth.jeremyevans.net/documentation.html
 
     # ==> General
+    # The secret key used for hashing public-facing tokens for various features.
+    # Defaults to Rails `secret_key_base`, but you can use your own secret key.
+    # hmac_secret "<%= SecureRandom.hex(64) %>"
+
+<% unless api_only? -%>
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
 
+<% end -%>
     # Store account status in a text column.
     account_status_column :status
     account_unverified_status_value "unverified"
@@ -38,6 +44,18 @@ class RodauthApp < Rodauth::Rails::App
 
     # Redirect to the app from login and registration pages if already logged in.
     # already_logged_in { redirect login_redirect }
+<% if api_only? -%>
+
+    # ==> JWT
+    # Set JWT secret, which is used to cryptographically protect the token.
+    jwt_secret "<%= SecureRandom.hex(64) %>"
+
+    # Don't require login confirmation param.
+    require_login_confirmation? false
+
+    # Don't require password confirmation param.
+    require_password_confirmation? false
+<% end -%>
 
     # ==> Emails
     # Uncomment the lines below once you've imported mailer views.
@@ -75,10 +93,12 @@ class RodauthApp < Rodauth::Rails::App
     # reset_password_email_body { "Click here to reset your password: #{reset_password_email_link}" }
 
     # ==> Flash
+<% unless api_only? -%>
     # Match flash keys with ones already used in the Rails app.
     # flash_notice_key :success # default is :notice
     # flash_error_key :error # default is :alert
 
+<% end -%>
     # Override default flash messages.
     # create_account_notice_flash "Your account has been created. Please verify your account by visiting the confirmation link sent to your email address."
     # require_login_error_flash "Login is required for accessing this page"
@@ -93,6 +113,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Change minimum number of password characters required when creating an account.
     # password_minimum_length 8
+<% unless api_only? -%>
 
     # ==> Remember Feature
     # Remember all logged in users.
@@ -103,6 +124,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Extend user's remember period when remembered via a cookie
     extend_remember_deadline? true
+<% end -%>
 
     # ==> Hooks
     # Validate custom fields in the create account form.
@@ -147,8 +169,10 @@ class RodauthApp < Rodauth::Rails::App
   # end
 
   route do |r|
+<% unless api_only? -%>
     rodauth.load_memory # autologin remembered users
 
+<% end -%>
     r.rodauth # route rodauth requests
 
     # ==> Authenticating Requests