rodauth-rails 0.8.0 → 0.10.0

data/lib/generators/rodauth/install_generator.rb

@@ -10,17 +10,20 @@ module Rodauth
         include ::ActiveRecord::Generators::Migration
         include MigrationHelpers
 
+        MAILER_VIEWS = %w[
+          email_auth
+          password_changed
+          reset_password
+          unlock_account
+          verify_account
+          verify_login_change
+        ]
+
         source_root "#{__dir__}/templates"
         namespace "rodauth:install"
 
-        # The :api option is a Rails-recognized option that always
-        # defaults to false, so we make it use our provided default
-        # value instead.
-        def self.default_value_for_option(name, options)
-          name == :api ? options[:default] : super
-        end
-
-        class_option :api, type: :boolean, desc: "Generate JSON-only configuration"
+        class_option :json, type: :boolean, desc: "Configure JSON support"
+        class_option :jwt, type: :boolean, desc: "Configure JWT support"
 
         def create_rodauth_migration
           return unless defined?(ActiveRecord::Base)
@@ -53,6 +56,14 @@ module Rodauth
           template "app/models/account.rb"
         end
 
+        def create_mailer
+          template "app/mailers/rodauth_mailer.rb"
+
+          MAILER_VIEWS.each do |view|
+            template "app/views/rodauth_mailer/#{view}.text.erb"
+          end
+        end
+
         private
 
         def sequel_uri_scheme
@@ -83,17 +94,17 @@ module Rodauth
           end
         end
 
-        def api_only?
-          if options.key?(:api)
-            options[:api]
-          elsif ::Rails.gem_version >= Gem::Version.new("5.0")
-            ::Rails.application.config.api_only
-          end
+        def json?
+          options[:json]
+        end
+
+        def jwt?
+          options[:jwt] || Rodauth::Rails.api_only?
         end
 
         def migration_features
           features = [:base, :reset_password, :verify_account, :verify_login_change]
-          features << :remember unless api_only?
+          features << :remember unless jwt?
           features
         end
       end

data/lib/generators/rodauth/migration/base.erb

@@ -5,11 +5,11 @@ enable_extension "citext"
 create_table :accounts<%= primary_key_type %> do |t|
 <% case activerecord_adapter -%>
 <% when "postgresql" -%>
-  t.citext :email, null: false, index: { unique: true, where: "status IN ('verified', 'unverified')" }
+  t.citext :email, null: false, index: { unique: true, where: "status IN ('unverified', 'verified')" }
 <% else -%>
   t.string :email, null: false, index: { unique: true }
 <% end -%>
-  t.string :status, null: false, default: "verified"
+  t.string :status, null: false, default: "unverified"
 end
 
 # Used if storing password hashes in a separate table (default)

data/lib/generators/rodauth/templates/app/lib/rodauth_app.rb

@@ -1,8 +1,8 @@
 class RodauthApp < Rodauth::Rails::App
-  configure<%= " json: :only" if api_only? %> do
+  configure do
     # List of authentication features that are loaded.
     enable :create_account, :verify_account, :verify_account_grace_period,
-      :login, :logout, <%= api_only? ? ":jwt" : ":remember" %>,
+      :login, :logout<%= ", :remember" unless jwt? %><%= ", :json" if json? %><%= ", :jwt" if jwt? %>,
       :reset_password, :change_password, :change_password_notify,
       :change_login, :verify_login_change,
       :close_account
@@ -14,6 +14,20 @@ class RodauthApp < Rodauth::Rails::App
     # The secret key used for hashing public-facing tokens for various features.
     # Defaults to Rails `secret_key_base`, but you can use your own secret key.
     # hmac_secret "<%= SecureRandom.hex(64) %>"
+<% if jwt? -%>
+
+    # Set JWT secret, which is used to cryptographically protect the token.
+    jwt_secret "<%= SecureRandom.hex(64) %>"
+<% end -%>
+<% if json? || jwt? -%>
+
+    # Accept only JSON requests.
+    only_json? true
+
+    # Handle login and password confirmation fields on the client side.
+    # require_password_confirmation? false
+    # require_login_confirmation? false
+<% end -%>
 
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
@@ -42,52 +56,34 @@ class RodauthApp < Rodauth::Rails::App
 
     # Redirect to the app from login and registration pages if already logged in.
     # already_logged_in { redirect login_redirect }
-<% if api_only? -%>
-
-    # ==> JWT
-    # Set JWT secret, which is used to cryptographically protect the token.
-    jwt_secret "<%= SecureRandom.hex(64) %>"
-
-    # Don't require login confirmation param.
-    require_login_confirmation? false
-
-    # Don't require password confirmation param.
-    require_password_confirmation? false
-<% end -%>
 
     # ==> Emails
-    # Uncomment the lines below once you've imported mailer views.
-    # create_reset_password_email do
-    #   RodauthMailer.reset_password(email_to, reset_password_email_link)
-    # end
-    # create_verify_account_email do
-    #   RodauthMailer.verify_account(email_to, verify_account_email_link)
-    # end
-    # create_verify_login_change_email do |login|
-    #   RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
+    # Use a custom mailer for delivering authentication emails.
+    create_reset_password_email do
+      RodauthMailer.reset_password(email_to, reset_password_email_link)
+    end
+    create_verify_account_email do
+      RodauthMailer.verify_account(email_to, verify_account_email_link)
+    end
+    create_verify_login_change_email do |login|
+      RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
+    end
+    create_password_changed_email do
+      RodauthMailer.password_changed(email_to)
+    end
+    # create_email_auth_email do
+    #   RodauthMailer.email_auth(email_to, email_auth_email_link)
     # end
-    # create_password_changed_email do
-    #   RodauthMailer.password_changed(email_to)
+    # create_unlock_account_email do
+    #   RodauthMailer.unlock_account(email_to, unlock_account_email_link)
     # end
-    # # create_email_auth_email do
-    # #   RodauthMailer.email_auth(email_to, email_auth_email_link)
-    # # end
-    # # create_unlock_account_email do
-    # #   RodauthMailer.unlock_account(email_to, unlock_account_email_link)
-    # # end
-    # send_email do |email|
-    #   # queue email delivery on the mailer after the transaction commits
-    #   db.after_commit { email.deliver_later }
-    # end
-
-    # In the meantime you can tweak settings for emails created by Rodauth
-    # email_subject_prefix "[MyApp] "
-    # email_from "noreply@myapp.com"
-    # send_email(&:deliver_later)
-    # reset_password_email_body { "Click here to reset your password: #{reset_password_email_link}" }
+    send_email do |email|
+      # queue email delivery on the mailer after the transaction commits
+      db.after_commit { email.deliver_later }
+    end
 
     # ==> Flash
-<% unless api_only? -%>
+<% unless json? || jwt? -%>
     # Match flash keys with ones already used in the Rails app.
     # flash_notice_key :success # default is :notice
     # flash_error_key :error # default is :alert
@@ -107,7 +103,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Change minimum number of password characters required when creating an account.
     # password_minimum_length 8
-<% unless api_only? -%>
+<% unless jwt? -%>
 
     # ==> Remember Feature
     # Remember all logged in users.
@@ -128,13 +124,14 @@ class RodauthApp < Rodauth::Rails::App
 
     # Perform additional actions after the account is created.
     # after_create_account do
-    #   Profile.create!(account_id: account[:id], name: param("name"))
+    #   Profile.create!(account_id: account_id, name: param("name"))
     # end
 
     # Do additional cleanup after the account is closed.
     # after_close_account do
-    #   Profile.find_by!(account_id: account[:id]).destroy
+    #   Profile.find_by!(account_id: account_id).destroy
     # end
+<% unless json? || jwt? -%>
 
     # ==> Redirects
     # Redirect to home page after logout.
@@ -145,25 +142,27 @@ class RodauthApp < Rodauth::Rails::App
 
     # Redirect to login page after password reset.
     reset_password_redirect { login_path }
+<% end -%>
 
     # ==> Deadlines
     # Change default deadlines for some actions.
     # verify_account_grace_period 3.days
     # reset_password_deadline_interval Hash[hours: 6]
     # verify_login_change_deadline_interval Hash[days: 2]
+<% unless jwt? -%>
     # remember_deadline_interval Hash[days: 30]
+<% end -%>
   end
 
   # ==> Multiple configurations
   # configure(:admin) do
-  #   enable :http_basic_auth
-  #
+  #   enable :http_basic_auth # enable different set of features
   #   prefix "/admin"
-  #   session_key :admin_id
+  #   session_key_prefix "admin_"
   # end
 
   route do |r|
-<% unless api_only? -%>
+<% unless jwt? -%>
     rodauth.load_memory # autologin remembered users
 
 <% end -%>
@@ -188,6 +187,8 @@ class RodauthApp < Rodauth::Rails::App
     #   unless rodauth(:admin).logged_in?
     #     rodauth(:admin).require_http_basic_auth
     #   end
+    #
+    #   r.pass # allow the Rails app to handle other "/admin/*" requests
     # end
   end
 end

data/lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb

@@ -1,4 +1,4 @@
-class <%= options[:name].camelize %>Mailer < ApplicationMailer
+class RodauthMailer < ApplicationMailer
   def verify_account(recipient, email_link)
     @email_link = email_link
 
@@ -25,13 +25,13 @@ class <%= options[:name].camelize %>Mailer < ApplicationMailer
 
   # def email_auth(recipient, email_link)
   #   @email_link = email_link
-
+  #
   #   mail to: recipient
   # end
 
   # def unlock_account(recipient, email_link)
   #   @email_link = email_link
-
+  #
   #   mail to: recipient
   # end
 end

data/lib/rodauth/rails.rb

@@ -8,6 +8,7 @@ module Rodauth
 
     # This allows the developer to avoid loading Rodauth at boot time.
     autoload :App, "rodauth/rails/app"
+    autoload :Auth, "rodauth/rails/auth"
 
     @app = nil
     @middleware = true
@@ -32,6 +33,15 @@ module Rodauth
         scope.rodauth(name)
       end
 
+      # routing constraint that requires authentication
+      def authenticated(name = nil, &condition)
+        lambda do |request|
+          rodauth = request.env.fetch ["rodauth", *name].join(".")
+          rodauth.require_authentication
+          rodauth.authenticated? && (condition.nil? || condition.call(rodauth))
+        end
+      end
+
       if ::Rails.gem_version >= Gem::Version.new("5.2")
         def secret_key_base
           ::Rails.application.secret_key_base
@@ -42,6 +52,16 @@ module Rodauth
         end
       end
 
+      if ::Rails.gem_version >= Gem::Version.new("5.0")
+        def api_only?
+          ::Rails.application.config.api_only
+        end
+      else
+        def api_only?
+          false
+        end
+      end
+
       def configure
         yield self
       end

data/lib/rodauth/rails/app.rb

@@ -1,6 +1,5 @@
 require "roda"
-require "rodauth"
-require "rodauth/rails/feature"
+require "rodauth/rails/auth"
 
 module Rodauth
   module Rails
@@ -11,38 +10,29 @@ module Rodauth
 
       plugin :hooks
       plugin :render, layout: false
+      plugin :pass
 
-      def self.configure(name = nil, **options, &block)
-        unless options[:json] == :only
-          require "rodauth/rails/app/flash"
-          plugin Flash
-        end
-
-        plugin :rodauth, name: name, csrf: false, flash: false, **options do
-          # load the Rails integration
-          enable :rails
+      unless Rodauth::Rails.api_only?
+        require "rodauth/rails/app/flash"
+        plugin Flash
+      end
 
-          # database functions are more complex to set up, so disable them by default
-          use_database_authentication_functions? false
+      def self.configure(*args, **options, &block)
+        auth_class = args.shift if args[0].is_a?(Class)
+        name       = args.shift if args[0].is_a?(Symbol)
 
-          # avoid having to set deadline values in column default values
-          set_deadline_values? true
+        fail ArgumentError, "need to pass optional Rodauth::Auth subclass and optional configuration name" if args.any?
 
-          # use HMACs for additional security
-          hmac_secret { Rodauth::Rails.secret_key_base }
+        auth_class ||= Class.new(Rodauth::Rails::Auth)
 
-          # evaluate user configuration
-          instance_exec(&block)
+        plugin :rodauth, auth_class: auth_class, name: name, csrf: false, flash: false, json: true, **options do
+          instance_exec(&block) if block
         end
       end
 
       before do
-        (opts[:rodauths] || {}).each do |name, _|
-          if name
-            env["rodauth.#{name}"] = rodauth(name)
-          else
-            env["rodauth"] = rodauth
-          end
+        opts[:rodauths]&.each_key do |name|
+          env[["rodauth", *name].join(".")] = rodauth(name)
         end
       end
     end

data/lib/rodauth/rails/app/flash.rb

@@ -30,10 +30,12 @@ module Rodauth
             rails_request.flash
           end
 
-          def commit_flash
-            if ActionPack.version >= Gem::Version.new("5.0")
+          if ActionPack.version >= Gem::Version.new("5.0")
+            def commit_flash
               rails_request.commit_flash
-            else
+            end
+          else
+            def commit_flash
               # ActionPack 4.2 automatically commits flash
             end
           end

data/lib/rodauth/rails/app/middleware.rb

@@ -3,20 +3,30 @@ module Rodauth
     class App
       # Roda plugin that extends middleware plugin by propagating response headers.
       module Middleware
-        def self.load_dependencies(app)
-          app.plugin :hooks
-        end
-
         def self.configure(app)
-          app.after do
-            if response.empty? && response.headers.any?
-              env["rodauth.rails.headers"] = response.headers
+          handle_result = -> (env, res) do
+            if headers = env.delete("rodauth.rails.headers")
+              res[1] = headers.merge(res[1])
             end
           end
 
-          app.plugin :middleware, handle_result: -> (env, res) do
-            if headers = env.delete("rodauth.rails.headers")
-              res[1] = headers.merge(res[1])
+          app.plugin :middleware, handle_result: handle_result do |middleware|
+            middleware.plugin :hooks
+
+            middleware.after do
+              if response.empty? && response.headers.any?
+                env["rodauth.rails.headers"] = response.headers
+              end
+            end
+
+            middleware.class_eval do
+              def self.inspect
+                "#{superclass}::Middleware"
+              end
+
+              def inspect
+                "#<#{self.class.inspect} request=#{request.inspect} response=#{response.inspect}>"
+              end
             end
           end
         end

data/lib/rodauth/rails/auth.rb

@@ -0,0 +1,40 @@
+require "rodauth"
+require "rodauth/rails/feature"
+
+module Rodauth
+  module Rails
+    # Base auth class that applies some default configuration and supports
+    # multi-level inheritance.
+    class Auth < Rodauth::Auth
+      class << self
+        attr_writer :features
+        attr_writer :routes
+        attr_accessor :configuration
+      end
+
+      def self.inherited(auth_class)
+        super
+        auth_class.roda_class = Rodauth::Rails.app
+        auth_class.features = features.dup
+        auth_class.routes = routes.dup
+        auth_class.route_hash = route_hash.dup
+        auth_class.configuration = configuration.clone
+        auth_class.configuration.instance_variable_set(:@auth, auth_class)
+      end
+
+      # apply default configuration
+      configure do
+        enable :rails
+
+        # database functions are more complex to set up, so disable them by default
+        use_database_authentication_functions? false
+
+        # avoid having to set deadline values in column default values
+        set_deadline_values? true
+
+        # use HMACs for additional security
+        hmac_secret { Rodauth::Rails.secret_key_base }
+      end
+    end
+  end
+end