rodauth-rails 0.8.0 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +46 -0
- data/README.md +445 -107
- data/lib/generators/rodauth/install_generator.rb +26 -15
- data/lib/generators/rodauth/migration/base.erb +2 -2
- data/lib/generators/rodauth/templates/app/lib/rodauth_app.rb +50 -49
- data/lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb +3 -3
- data/lib/rodauth/rails.rb +20 -0
- data/lib/rodauth/rails/app.rb +15 -25
- data/lib/rodauth/rails/app/flash.rb +5 -3
- data/lib/rodauth/rails/app/middleware.rb +20 -10
- data/lib/rodauth/rails/auth.rb +40 -0
- data/lib/rodauth/rails/controller_methods.rb +1 -5
- data/lib/rodauth/rails/feature.rb +32 -14
- data/lib/rodauth/rails/tasks.rake +1 -1
- data/lib/rodauth/rails/version.rb +1 -1
- data/rodauth-rails.gemspec +3 -1
- metadata +23 -9
- data/lib/generators/rodauth/mailer_generator.rb +0 -37
|
@@ -26,7 +26,7 @@ module Rodauth
|
|
|
26
26
|
def render(page)
|
|
27
27
|
rails_render(partial: page.tr("-", "_"), layout: false) ||
|
|
28
28
|
rails_render(action: page.tr("-", "_"), layout: false) ||
|
|
29
|
-
super
|
|
29
|
+
super.html_safe
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
# Render Rails CSRF tags in Rodauth templates.
|
|
@@ -44,6 +44,11 @@ module Rodauth
|
|
|
44
44
|
true
|
|
45
45
|
end
|
|
46
46
|
|
|
47
|
+
# Reset Rails session to protect from session fixation attacks.
|
|
48
|
+
def clear_session
|
|
49
|
+
rails_controller_instance.reset_session
|
|
50
|
+
end
|
|
51
|
+
|
|
47
52
|
# Default the flash error key to Rails' default :alert.
|
|
48
53
|
def flash_error_key
|
|
49
54
|
:alert
|
|
@@ -54,6 +59,10 @@ module Rodauth
|
|
|
54
59
|
rails_controller_instance.instance_exec(&block)
|
|
55
60
|
end
|
|
56
61
|
|
|
62
|
+
def button(*)
|
|
63
|
+
super.html_safe
|
|
64
|
+
end
|
|
65
|
+
|
|
57
66
|
private
|
|
58
67
|
|
|
59
68
|
# Runs controller callbacks and rescue handlers around Rodauth actions.
|
|
@@ -79,11 +88,11 @@ module Rodauth
|
|
|
79
88
|
# Runs any #(before|around|after)_action controller callbacks.
|
|
80
89
|
def rails_controller_callbacks
|
|
81
90
|
# don't verify CSRF token as part of callbacks, Rodauth will do that
|
|
82
|
-
|
|
91
|
+
rails_controller_forgery_protection { false }
|
|
83
92
|
|
|
84
93
|
rails_controller_instance.run_callbacks(:process_action) do
|
|
85
94
|
# turn the setting back to default so that form tags generate CSRF tags
|
|
86
|
-
|
|
95
|
+
rails_controller_forgery_protection { rails_controller.allow_forgery_protection }
|
|
87
96
|
|
|
88
97
|
yield
|
|
89
98
|
end
|
|
@@ -123,7 +132,7 @@ module Rodauth
|
|
|
123
132
|
|
|
124
133
|
# Calls the Rails renderer, returning nil if a template is missing.
|
|
125
134
|
def rails_render(*args)
|
|
126
|
-
return if
|
|
135
|
+
return if rails_api_controller?
|
|
127
136
|
|
|
128
137
|
rails_controller_instance.render_to_string(*args)
|
|
129
138
|
rescue ActionView::MissingTemplate
|
|
@@ -150,6 +159,13 @@ module Rodauth
|
|
|
150
159
|
rails_controller_instance.send(:form_authenticity_token)
|
|
151
160
|
end
|
|
152
161
|
|
|
162
|
+
# allows/disables forgery protection
|
|
163
|
+
def rails_controller_forgery_protection(&value)
|
|
164
|
+
return if rails_api_controller?
|
|
165
|
+
|
|
166
|
+
rails_controller_instance.allow_forgery_protection = value.call
|
|
167
|
+
end
|
|
168
|
+
|
|
153
169
|
# Instances of the configured controller with current request's env hash.
|
|
154
170
|
def _rails_controller_instance
|
|
155
171
|
controller = rails_controller.new
|
|
@@ -161,27 +177,29 @@ module Rodauth
|
|
|
161
177
|
end
|
|
162
178
|
|
|
163
179
|
if ActionPack.version >= Gem::Version.new("5.0")
|
|
164
|
-
# Controller class to use for view rendering, CSRF protection, and
|
|
165
|
-
# running any registered action callbacks and rescue_from handlers.
|
|
166
|
-
def rails_controller
|
|
167
|
-
only_json? ? ActionController::API : ActionController::Base
|
|
168
|
-
end
|
|
169
|
-
|
|
170
180
|
def prepare_rails_controller(controller, rails_request)
|
|
171
181
|
controller.set_request! rails_request
|
|
172
182
|
controller.set_response! rails_controller.make_response!(rails_request)
|
|
173
183
|
end
|
|
174
184
|
else
|
|
175
|
-
def rails_controller
|
|
176
|
-
ActionController::Base
|
|
177
|
-
end
|
|
178
|
-
|
|
179
185
|
def prepare_rails_controller(controller, rails_request)
|
|
180
186
|
controller.send(:set_response!, rails_request)
|
|
181
187
|
controller.instance_variable_set(:@_request, rails_request)
|
|
182
188
|
end
|
|
183
189
|
end
|
|
184
190
|
|
|
191
|
+
def rails_api_controller?
|
|
192
|
+
defined?(ActionController::API) && rails_controller <= ActionController::API
|
|
193
|
+
end
|
|
194
|
+
|
|
195
|
+
def rails_controller
|
|
196
|
+
if only_json? && Rodauth::Rails.api_only?
|
|
197
|
+
ActionController::API
|
|
198
|
+
else
|
|
199
|
+
ActionController::Base
|
|
200
|
+
end
|
|
201
|
+
end
|
|
202
|
+
|
|
185
203
|
# ActionMailer subclass for correct email delivering.
|
|
186
204
|
class Mailer < ActionMailer::Base
|
|
187
205
|
def create_email(**options)
|
data/rodauth-rails.gemspec
CHANGED
|
@@ -17,8 +17,10 @@ Gem::Specification.new do |spec|
|
|
|
17
17
|
spec.require_paths = ["lib"]
|
|
18
18
|
|
|
19
19
|
spec.add_dependency "railties", ">= 4.2", "< 7"
|
|
20
|
-
spec.add_dependency "rodauth", "~> 2.
|
|
20
|
+
spec.add_dependency "rodauth", "~> 2.11"
|
|
21
21
|
spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
|
|
22
22
|
spec.add_dependency "tilt"
|
|
23
23
|
spec.add_dependency "bcrypt"
|
|
24
|
+
|
|
25
|
+
spec.add_development_dependency "jwt"
|
|
24
26
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth-rails
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Janko Marohnić
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-03-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: railties
|
|
@@ -36,14 +36,14 @@ dependencies:
|
|
|
36
36
|
requirements:
|
|
37
37
|
- - "~>"
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: '2.
|
|
39
|
+
version: '2.11'
|
|
40
40
|
type: :runtime
|
|
41
41
|
prerelease: false
|
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
|
43
43
|
requirements:
|
|
44
44
|
- - "~>"
|
|
45
45
|
- !ruby/object:Gem::Version
|
|
46
|
-
version: '2.
|
|
46
|
+
version: '2.11'
|
|
47
47
|
- !ruby/object:Gem::Dependency
|
|
48
48
|
name: sequel-activerecord_connection
|
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -86,6 +86,20 @@ dependencies:
|
|
|
86
86
|
- - ">="
|
|
87
87
|
- !ruby/object:Gem::Version
|
|
88
88
|
version: '0'
|
|
89
|
+
- !ruby/object:Gem::Dependency
|
|
90
|
+
name: jwt
|
|
91
|
+
requirement: !ruby/object:Gem::Requirement
|
|
92
|
+
requirements:
|
|
93
|
+
- - ">="
|
|
94
|
+
- !ruby/object:Gem::Version
|
|
95
|
+
version: '0'
|
|
96
|
+
type: :development
|
|
97
|
+
prerelease: false
|
|
98
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
99
|
+
requirements:
|
|
100
|
+
- - ">="
|
|
101
|
+
- !ruby/object:Gem::Version
|
|
102
|
+
version: '0'
|
|
89
103
|
description: Provides Rails integration for Rodauth.
|
|
90
104
|
email:
|
|
91
105
|
- janko.marohnic@gmail.com
|
|
@@ -97,7 +111,6 @@ files:
|
|
|
97
111
|
- LICENSE.txt
|
|
98
112
|
- README.md
|
|
99
113
|
- lib/generators/rodauth/install_generator.rb
|
|
100
|
-
- lib/generators/rodauth/mailer_generator.rb
|
|
101
114
|
- lib/generators/rodauth/migration/account_expiration.erb
|
|
102
115
|
- lib/generators/rodauth/migration/active_sessions.erb
|
|
103
116
|
- lib/generators/rodauth/migration/audit_logging.erb
|
|
@@ -191,6 +204,7 @@ files:
|
|
|
191
204
|
- lib/rodauth/rails/app.rb
|
|
192
205
|
- lib/rodauth/rails/app/flash.rb
|
|
193
206
|
- lib/rodauth/rails/app/middleware.rb
|
|
207
|
+
- lib/rodauth/rails/auth.rb
|
|
194
208
|
- lib/rodauth/rails/controller_methods.rb
|
|
195
209
|
- lib/rodauth/rails/feature.rb
|
|
196
210
|
- lib/rodauth/rails/middleware.rb
|
|
@@ -202,7 +216,7 @@ homepage: https://github.com/janko/rodauth-rails
|
|
|
202
216
|
licenses:
|
|
203
217
|
- MIT
|
|
204
218
|
metadata: {}
|
|
205
|
-
post_install_message:
|
|
219
|
+
post_install_message:
|
|
206
220
|
rdoc_options: []
|
|
207
221
|
require_paths:
|
|
208
222
|
- lib
|
|
@@ -217,8 +231,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
217
231
|
- !ruby/object:Gem::Version
|
|
218
232
|
version: '0'
|
|
219
233
|
requirements: []
|
|
220
|
-
rubygems_version: 3.
|
|
221
|
-
signing_key:
|
|
234
|
+
rubygems_version: 3.2.3
|
|
235
|
+
signing_key:
|
|
222
236
|
specification_version: 4
|
|
223
237
|
summary: Provides Rails integration for Rodauth.
|
|
224
238
|
test_files: []
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
require "rails/generators/base"
|
|
2
|
-
|
|
3
|
-
module Rodauth
|
|
4
|
-
module Rails
|
|
5
|
-
module Generators
|
|
6
|
-
class MailerGenerator < ::Rails::Generators::Base
|
|
7
|
-
source_root "#{__dir__}/templates"
|
|
8
|
-
namespace "rodauth:mailer"
|
|
9
|
-
|
|
10
|
-
VIEWS = %w[
|
|
11
|
-
email_auth
|
|
12
|
-
password_changed
|
|
13
|
-
reset_password
|
|
14
|
-
unlock_account
|
|
15
|
-
verify_account
|
|
16
|
-
verify_login_change
|
|
17
|
-
]
|
|
18
|
-
|
|
19
|
-
class_option :name,
|
|
20
|
-
desc: "The name for the mailer and the views directory",
|
|
21
|
-
default: "rodauth"
|
|
22
|
-
|
|
23
|
-
def copy_mailer
|
|
24
|
-
template "app/mailers/rodauth_mailer.rb",
|
|
25
|
-
"app/mailers/#{options[:name].underscore}_mailer.rb"
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
def copy_mailer_views
|
|
29
|
-
VIEWS.each do |view|
|
|
30
|
-
template "app/views/rodauth_mailer/#{view}.text.erb",
|
|
31
|
-
"app/views/#{options[:name].underscore}_mailer/#{view}.text.erb"
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
end
|