rodauth-rails 0.4.2 → 0.8.0

data/lib/generators/rodauth/install_generator.rb

@@ -1,6 +1,6 @@
 require "rails/generators/base"
 require "rails/generators/active_record/migration"
-
+require "generators/rodauth/migration_helpers"
 require "securerandom"
 
 module Rodauth
@@ -8,14 +8,24 @@ module Rodauth
     module Generators
       class InstallGenerator < ::Rails::Generators::Base
         include ::ActiveRecord::Generators::Migration
+        include MigrationHelpers
 
         source_root "#{__dir__}/templates"
         namespace "rodauth:install"
 
+        # The :api option is a Rails-recognized option that always
+        # defaults to false, so we make it use our provided default
+        # value instead.
+        def self.default_value_for_option(name, options)
+          name == :api ? options[:default] : super
+        end
+
+        class_option :api, type: :boolean, desc: "Generate JSON-only configuration"
+
         def create_rodauth_migration
           return unless defined?(ActiveRecord::Base)
 
-          migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "create_rodauth.rb")
+          migration_template "db/migrate/create_rodauth.rb"
         end
 
         def create_rodauth_initializer
@@ -24,7 +34,6 @@ module Rodauth
 
         def create_sequel_initializer
           return unless defined?(ActiveRecord::Base)
-          return unless %w[postgresql mysql2 sqlite3].include?(activerecord_adapter)
           return if defined?(Sequel) && !Sequel::DATABASES.empty?
 
           template "config/initializers/sequel.rb"
@@ -35,8 +44,6 @@ module Rodauth
         end
 
         def create_rodauth_controller
-          return if api_only?
-
           template "app/controllers/rodauth_controller.rb"
         end
 
@@ -48,38 +55,46 @@ module Rodauth
 
         private
 
-        def db_migrate_path
-          return "db/migrate" unless ActiveRecord.version >= Gem::Version.new("5.0")
-
-          super
-        end
-
-        def migration_version
-          if ActiveRecord.version >= Gem::Version.new("5.0")
-            "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+        def sequel_uri_scheme
+          if RUBY_ENGINE == "jruby"
+            "jdbc:#{sequel_jdbc_subadapter}"
+          else
+            sequel_adapter
           end
         end
 
         def sequel_adapter
           case activerecord_adapter
-          when "postgresql" then "postgres#{"ql" if RUBY_ENGINE == "jruby"}"
-          when "mysql2"     then "mysql#{"2" unless RUBY_ENGINE == "jruby"}"
-          when "sqlite3"    then "sqlite"
+          when "sqlite3"         then "sqlite"
+          when "oracle_enhanced" then "oracle" # https://github.com/rsim/oracle-enhanced
+          when "sqlserver"       then "tinytds" # https://github.com/rails-sqlserver/activerecord-sqlserver-adapter
+          else
+            activerecord_adapter
           end
         end
 
-        def activerecord_adapter
-          if ActiveRecord::Base.respond_to?(:connection_db_config)
-            ActiveRecord::Base.connection_db_config.adapter
+        def sequel_jdbc_subadapter
+          case activerecord_adapter
+          when "sqlite3"         then "sqlite"
+          when "oracle_enhanced" then "oracle" # https://github.com/rsim/oracle-enhanced
+          when "sqlserver"       then "mssql"
           else
-            ActiveRecord::Base.connection_config.fetch(:adapter)
+            activerecord_adapter
           end
         end
 
         def api_only?
-          return false if ::Rails.gem_version < Gem::Version.new("5.0")
+          if options.key?(:api)
+            options[:api]
+          elsif ::Rails.gem_version >= Gem::Version.new("5.0")
+            ::Rails.application.config.api_only
+          end
+        end
 
-          ::Rails.application.config.api_only
+        def migration_features
+          features = [:base, :reset_password, :verify_account, :verify_login_change]
+          features << :remember unless api_only?
+          features
         end
       end
     end

data/lib/generators/rodauth/migration/account_expiration.erb

@@ -0,0 +1,7 @@
+# Used by the account expiration feature
+create_table :account_activity_times<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.datetime :last_activity_at, null: false
+  t.datetime :last_login_at, null: false
+  t.datetime :expired_at
+end

data/lib/generators/rodauth/migration/active_sessions.erb

@@ -0,0 +1,7 @@
+# Used by the active sessions feature
+create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
+  t.references :account, foreign_key: true<%= primary_key_type(:type) %>
+  t.string :session_id
+  t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/audit_logging.erb

@@ -0,0 +1,16 @@
+# Used by the audit logging feature
+create_table :account_authentication_audit_logs<%= primary_key_type %> do |t|
+  t.references :account, foreign_key: true, null: false<%= primary_key_type(:type) %>
+  t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.text :message, null: false
+<% case activerecord_adapter -%>
+<% when "postgresql" -%>
+  t.jsonb :metadata
+<% when "sqlite3", "mysql2" -%>
+  t.json :metadata
+<% else -%>
+  t.string :metadata
+<% end -%>
+  t.index [:account_id, :at], name: "audit_account_at_idx"
+  t.index :at, name: "audit_at_idx"
+end

data/lib/generators/rodauth/migration/base.erb

@@ -0,0 +1,19 @@
+<% if activerecord_adapter == "postgresql" -%>
+enable_extension "citext"
+
+<% end -%>
+create_table :accounts<%= primary_key_type %> do |t|
+<% case activerecord_adapter -%>
+<% when "postgresql" -%>
+  t.citext :email, null: false, index: { unique: true, where: "status IN ('verified', 'unverified')" }
+<% else -%>
+  t.string :email, null: false, index: { unique: true }
+<% end -%>
+  t.string :status, null: false, default: "verified"
+end
+
+# Used if storing password hashes in a separate table (default)
+create_table :account_password_hashes<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :password_hash, null: false
+end

data/lib/generators/rodauth/migration/disallow_password_reuse.erb

@@ -0,0 +1,5 @@
+# Used by the disallow_password_reuse feature
+create_table :account_previous_password_hashes do |t|
+  t.references :account, foreign_key: true<%= primary_key_type(:type) %>
+  t.string :password_hash, null: false
+end

data/lib/generators/rodauth/migration/email_auth.erb

@@ -0,0 +1,7 @@
+# Used by the email auth feature
+create_table :account_email_auth_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/jwt_refresh.erb

@@ -0,0 +1,7 @@
+# Used by the jwt refresh feature
+create_table :account_jwt_refresh_keys<%= primary_key_type %> do |t|
+  t.references :account, foreign_key: true, null: false<%= primary_key_type(:type) %>
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.index :account_id, name: "account_jwt_rk_account_id_idx"
+end

data/lib/generators/rodauth/migration/lockout.erb

@@ -0,0 +1,11 @@
+# Used by the lockout feature
+create_table :account_login_failures<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.integer :number, null: false, default: 1
+end
+create_table :account_lockouts<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.datetime :email_last_sent
+end

data/lib/generators/rodauth/migration/otp.erb

@@ -0,0 +1,7 @@
+# Used by the otp feature
+create_table :account_otp_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.integer :num_failures, null: false, default: 0
+  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/password_expiration.erb

@@ -0,0 +1,5 @@
+# Used by the password expiration feature
+create_table :account_password_change_times<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.datetime :changed_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/recovery_codes.erb

@@ -0,0 +1,6 @@
+# Used by the recovery codes feature
+create_table :account_recovery_codes, primary_key: [:id, :code] do |t|
+  t.column :id, :<%= primary_key_type(nil) || :bigint %>
+  t.foreign_key :accounts, column: :id
+  t.string :code
+end

data/lib/generators/rodauth/migration/remember.erb

@@ -0,0 +1,6 @@
+# Used by the remember me feature
+create_table :account_remember_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+end

data/lib/generators/rodauth/migration/reset_password.erb

@@ -0,0 +1,7 @@
+# Used by the password reset feature
+create_table :account_password_reset_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :deadline, null: false
+  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/single_session.erb

@@ -0,0 +1,5 @@
+# Used by the single session feature
+create_table :account_session_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+end

data/lib/generators/rodauth/migration/sms_codes.erb

@@ -0,0 +1,8 @@
+# Used by the sms codes feature
+create_table :account_sms_codes<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :phone_number, null: false
+  t.integer :num_failures
+  t.string :code
+  t.datetime :code_issued_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/verify_account.erb

@@ -0,0 +1,7 @@
+# Used by the account verification feature
+create_table :account_verification_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.datetime :requested_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration/verify_login_change.erb

@@ -0,0 +1,7 @@
+# Used by the verify login change feature
+create_table :account_login_change_keys<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :key, null: false
+  t.string :login, null: false
+  t.datetime :deadline, null: false
+end

data/lib/generators/rodauth/migration/webauthn.erb

@@ -0,0 +1,12 @@
+# Used by the webauthn feature
+create_table :account_webauthn_user_ids<%= primary_key_type %> do |t|
+  t.foreign_key :accounts, column: :id
+  t.string :webauthn_id, null: false
+end
+create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do |t|
+  t.references :account, foreign_key: true<%= primary_key_type(:type) %>
+  t.string :webauthn_id
+  t.string :public_key, null: false
+  t.integer :sign_count, null: false
+  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+end

data/lib/generators/rodauth/migration_generator.rb

@@ -0,0 +1,32 @@
+require "rails/generators/base"
+require "rails/generators/active_record/migration"
+require "generators/rodauth/migration_helpers"
+
+module Rodauth
+  module Rails
+    module Generators
+      class MigrationGenerator < ::Rails::Generators::Base
+        include ::ActiveRecord::Generators::Migration
+        include MigrationHelpers
+
+        source_root "#{__dir__}/templates"
+        namespace "rodauth:migration"
+
+        argument :features, optional: true, type: :array,
+          desc: "Rodauth features to create tables for (otp, sms_codes, single_session, account_expiration etc.)",
+          default: %w[]
+
+        def create_rodauth_migration
+          return unless defined?(ActiveRecord::Base)
+          return if features.empty?
+
+          migration_template "db/migrate/create_rodauth.rb", "create_rodauth_#{features.join("_")}.rb"
+        end
+
+        def migration_features
+          features
+        end
+      end
+    end
+  end
+end

data/lib/generators/rodauth/migration_helpers.rb

@@ -0,0 +1,69 @@
+require "erb"
+
+module Rodauth
+  module Rails
+    module Generators
+      module MigrationHelpers
+        attr_reader :migration_class_name
+
+        def migration_template(source, destination = File.basename(source))
+          @migration_class_name = destination.chomp(".rb").camelize
+
+          super source, File.join(db_migrate_path, destination)
+        end
+
+        private
+
+        def migration_content
+          migration_features
+            .select { |feature| File.exist?("#{__dir__}/migration/#{feature}.erb") }
+            .map { |feature| File.read("#{__dir__}/migration/#{feature}.erb") }
+            .map { |content| erb_eval(content) }
+            .join("\n")
+            .indent(4)
+        end
+
+        def activerecord_adapter
+          if ActiveRecord::Base.respond_to?(:connection_db_config)
+            ActiveRecord::Base.connection_db_config.adapter
+          else
+            ActiveRecord::Base.connection_config.fetch(:adapter)
+          end
+        end
+
+        def migration_version
+          return unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+          "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+        end
+
+        def db_migrate_path
+          return "db/migrate" unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+          super
+        end
+
+        def primary_key_type(key = :id)
+          generators  = ::Rails.application.config.generators
+          column_type = generators.options[:active_record][:primary_key_type]
+
+          return unless column_type
+
+          if key
+            ", #{key}: :#{column_type}"
+          else
+            column_type
+          end
+        end
+
+        def erb_eval(content)
+          if ERB.version[/\d+\.\d+\.\d+/].to_s >= "2.2.0"
+            ERB.new(content, trim_mode: "-").result(binding)
+          else
+            ERB.new(content, 0, "-").result(binding)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/generators/rodauth/templates/app/controllers/rodauth_controller.rb

@@ -1,3 +1,4 @@
 class RodauthController < ApplicationController
-  # used by Rodauth for rendering views and CSRF protection
+  # used by Rodauth for rendering views, CSRF protection, and running any
+  # registered action callbacks and rescue_from handlers
 end

data/lib/generators/rodauth/templates/app/lib/rodauth_app.rb

@@ -11,11 +11,13 @@ class RodauthApp < Rodauth::Rails::App
     # http://rodauth.jeremyevans.net/documentation.html
 
     # ==> General
-<% unless api_only? -%>
+    # The secret key used for hashing public-facing tokens for various features.
+    # Defaults to Rails `secret_key_base`, but you can use your own secret key.
+    # hmac_secret "<%= SecureRandom.hex(64) %>"
+
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
 
-<% end -%>
     # Store account status in a text column.
     account_status_column :status
     account_unverified_status_value "unverified"
@@ -55,31 +57,27 @@ class RodauthApp < Rodauth::Rails::App
 
     # ==> Emails
     # Uncomment the lines below once you've imported mailer views.
-    # send_reset_password_email do
-    #   mailer_send(:reset_password, email_to, reset_password_email_link)
+    # create_reset_password_email do
+    #   RodauthMailer.reset_password(email_to, reset_password_email_link)
     # end
-    # send_verify_account_email do
-    #   mailer_send(:verify_account, email_to, verify_account_email_link)
+    # create_verify_account_email do
+    #   RodauthMailer.verify_account(email_to, verify_account_email_link)
     # end
-    # send_verify_login_change_email do |login|
-    #   mailer_send(:verify_login_change, login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
+    # create_verify_login_change_email do |login|
+    #   RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
     # end
-    # send_password_changed_email do
-    #   mailer_send(:password_changed, email_to)
+    # create_password_changed_email do
+    #   RodauthMailer.password_changed(email_to)
     # end
-    # # send_email_auth_email do
-    # #   mailer_send(:email_auth, email_to, email_auth_email_link)
+    # # create_email_auth_email do
+    # #   RodauthMailer.email_auth(email_to, email_auth_email_link)
     # # end
-    # # send_unlock_account_email do
-    # #   mailer_send(:unlock_account, email_to, unlock_account_email_link)
+    # # create_unlock_account_email do
+    # #   RodauthMailer.unlock_account(email_to, unlock_account_email_link)
     # # end
-    # auth_class_eval do
+    # send_email do |email|
     #   # queue email delivery on the mailer after the transaction commits
-    #   def mailer_send(type, *args)
-    #     db.after_commit do
-    #       RodauthMailer.public_send(type, *args).deliver_later
-    #     end
-    #   end
+    #   db.after_commit { email.deliver_later }
     # end
 
     # In the meantime you can tweak settings for emails created by Rodauth