rodauth-rails 0.6.1 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9805b35cefee7e30cc6f7190e2ace9e7ea75c20f40651eb364edafea2f2382f7
4
- data.tar.gz: 503b821866aaf2b6aa108265ed8015869a8c8a6a73e910aa3c38b35c5a542ac1
3
+ metadata.gz: 8163d64892cbebd867182d15148f3099abb3ed49ae3e07a89a5adea6606623d2
4
+ data.tar.gz: 3cc7990e0af8e5ffb2ac959f989fb45cf538490412adfc908571823e5dd7b160
5
5
  SHA512:
6
- metadata.gz: 5a3e69b6d62f20ee5bc5a13c89acd2974401830a4f0f8917cc7716c9a5ccaad021a20c0f3269a211336b648bd8eb65ae60094c90a039fa1d3968eaf322ec2e47
7
- data.tar.gz: 567cf154e656f7062029e207d92149fa8cf2c87404d1ba72fef6327cb31f928d0bcf453a4a0d55f71740251cb74f8b6829b8c775373daec4fe638690cd702104
6
+ metadata.gz: 99005d6864310fa3a36f8314a13588900a5ac1559af7a77d75cb5aba66b0b829d32c83fe66a3f5a7ced098de32b39396edd666919177836bb84b35a0de3a558b
7
+ data.tar.gz: 2d66b5ab43d05b26483cb3d69181c506b19a937fa77a2d7d66a38708f6357fae7bd2e605cc0a96affdd8fed822076dccb1603577338e68620c70a816fc45db7a
@@ -1,3 +1,9 @@
1
+ ## 0.7.0 (2020-11-27)
2
+
3
+ * Add `#rails_controller_eval` method for running code in context of a controller instance (@janko)
4
+
5
+ * Detect `secret_key_base` from credentials and `$SECRET_KEY_BASE` environment variable (@janko)
6
+
1
7
  ## 0.6.1 (2020-11-25)
2
8
 
3
9
  * Generate the Rodauth controller for API-only Rails apps as well (@janko)
data/README.md CHANGED
@@ -14,6 +14,23 @@ Articles:
14
14
  * [Rodauth: A Refreshing Authentication Solution for Ruby](https://janko.io/rodauth-a-refreshing-authentication-solution-for-ruby/)
15
15
  * [Adding Authentication in Rails 6 with Rodauth](https://janko.io/adding-authentication-in-rails-with-rodauth/)
16
16
 
17
+ ## Upgrading
18
+
19
+ ### Upgrading to 0.7.0
20
+
21
+ Starting from version 0.7.0, rodauth-rails now correctly detects Rails
22
+ application's `secret_key_base` when setting default `hmac_secret`, including
23
+ when it's set via credentials or `$SECRET_KEY_BASE` environment variable. This
24
+ means authentication will be more secure by default, and Rodauth features that
25
+ require `hmac_secret` should now work automatically as well.
26
+
27
+ However, if you've already been using rodauth-rails in production, where the
28
+ `secret_key_base` is set via credentials or environment variable and `hmac_secret`
29
+ was not explicitly set, the fact that your authentication will now start using
30
+ HMACs has backwards compatibility considerations. See the [Rodauth
31
+ documentation](hmac) for instructions on how to safely transition, or just set
32
+ `hmac_secret nil` in your Rodauth configuration.
33
+
17
34
  ## Installation
18
35
 
19
36
  Add the gem to your Gemfile:
@@ -472,6 +489,32 @@ the configure method.
472
489
  Make sure to store the `jwt_secret` in a secure place, such as Rails
473
490
  credentials or environment variables.
474
491
 
492
+ ### Calling controller methods
493
+
494
+ When using Rodauth before/after hooks or generally overriding your Rodauth
495
+ configuration, in some cases you might want to call methods defined on your
496
+ controllers. You can do so with `rails_controller_eval`, for example:
497
+
498
+ ```rb
499
+ # app/controllers/application_controller.rb
500
+ class ApplicationController < ActionController::Base
501
+ private
502
+ def setup_tracking(account_id)
503
+ # ... some implementation ...
504
+ end
505
+ end
506
+ ```
507
+ ```rb
508
+ # app/lib/rodauth_app.rb
509
+ class RodauthApp < Rodauth::Rails::App
510
+ configure do
511
+ after_create_account do
512
+ rails_controller_eval { setup_tracking(account_id) }
513
+ end
514
+ end
515
+ end
516
+ ```
517
+
475
518
  ### Rodauth instance
476
519
 
477
520
  In some cases you might need to use Rodauth more programmatically, and perform
@@ -742,3 +785,4 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
742
785
  [Rodauth migration]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Creating+tables
743
786
  [sequel-activerecord_connection]: https://github.com/janko/sequel-activerecord_connection
744
787
  [plugin options]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Plugin+Options
788
+ [hmac]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-HMAC
@@ -32,6 +32,16 @@ module Rodauth
32
32
  scope.rodauth(name)
33
33
  end
34
34
 
35
+ if ::Rails.gem_version >= Gem::Version.new("5.2")
36
+ def secret_key_base
37
+ ::Rails.application.secret_key_base
38
+ end
39
+ else
40
+ def secret_key_base
41
+ ::Rails.application.secrets.secret_key_base
42
+ end
43
+ end
44
+
35
45
  def configure
36
46
  yield self
37
47
  end
@@ -27,7 +27,7 @@ module Rodauth
27
27
  set_deadline_values? true
28
28
 
29
29
  # use HMACs for additional security
30
- hmac_secret { ::Rails.application.secrets.secret_key_base }
30
+ hmac_secret { Rodauth::Rails.secret_key_base }
31
31
 
32
32
  # evaluate user configuration
33
33
  instance_exec(&block)
@@ -49,6 +49,11 @@ module Rodauth
49
49
  :alert
50
50
  end
51
51
 
52
+ # Evaluates the block in context of a Rodauth controller instance.
53
+ def rails_controller_eval(&block)
54
+ rails_controller_instance.instance_exec(&block)
55
+ end
56
+
52
57
  private
53
58
 
54
59
  # Runs controller callbacks and rescue handlers around Rodauth actions.
@@ -1,5 +1,5 @@
1
1
  module Rodauth
2
2
  module Rails
3
- VERSION = "0.6.1"
3
+ VERSION = "0.7.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Janko Marohnić
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-11-25 00:00:00.000000000 Z
11
+ date: 2020-11-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties