rodauth-rails 0.8.0 → 0.10.0

data/lib/rodauth/rails/controller_methods.rb

@@ -9,11 +9,7 @@ module Rodauth
       end
 
       def rodauth(name = nil)
-        if name
-          request.env["rodauth.#{name}"]
-        else
-          request.env["rodauth"]
-        end
+        request.env.fetch ["rodauth", *name].join(".")
       end
     end
   end

data/lib/rodauth/rails/feature.rb

@@ -26,7 +26,7 @@ module Rodauth
     def render(page)
       rails_render(partial: page.tr("-", "_"), layout: false) ||
         rails_render(action: page.tr("-", "_"), layout: false) ||
-        super
+        super.html_safe
     end
 
     # Render Rails CSRF tags in Rodauth templates.
@@ -44,6 +44,11 @@ module Rodauth
       true
     end
 
+    # Reset Rails session to protect from session fixation attacks.
+    def clear_session
+      rails_controller_instance.reset_session
+    end
+
     # Default the flash error key to Rails' default :alert.
     def flash_error_key
       :alert
@@ -54,6 +59,10 @@ module Rodauth
       rails_controller_instance.instance_exec(&block)
     end
 
+    def button(*)
+      super.html_safe
+    end
+
     private
 
     # Runs controller callbacks and rescue handlers around Rodauth actions.
@@ -79,11 +88,11 @@ module Rodauth
     # Runs any #(before|around|after)_action controller callbacks.
     def rails_controller_callbacks
       # don't verify CSRF token as part of callbacks, Rodauth will do that
-      rails_controller_instance.allow_forgery_protection = false
+      rails_controller_forgery_protection { false }
 
       rails_controller_instance.run_callbacks(:process_action) do
         # turn the setting back to default so that form tags generate CSRF tags
-        rails_controller_instance.allow_forgery_protection = rails_controller.allow_forgery_protection
+        rails_controller_forgery_protection { rails_controller.allow_forgery_protection }
 
         yield
       end
@@ -123,7 +132,7 @@ module Rodauth
 
     # Calls the Rails renderer, returning nil if a template is missing.
     def rails_render(*args)
-      return if only_json?
+      return if rails_api_controller?
 
       rails_controller_instance.render_to_string(*args)
     rescue ActionView::MissingTemplate
@@ -150,6 +159,13 @@ module Rodauth
       rails_controller_instance.send(:form_authenticity_token)
     end
 
+    # allows/disables forgery protection
+    def rails_controller_forgery_protection(&value)
+      return if rails_api_controller?
+
+      rails_controller_instance.allow_forgery_protection = value.call
+    end
+
     # Instances of the configured controller with current request's env hash.
     def _rails_controller_instance
       controller    = rails_controller.new
@@ -161,27 +177,29 @@ module Rodauth
     end
 
     if ActionPack.version >= Gem::Version.new("5.0")
-      # Controller class to use for view rendering, CSRF protection, and
-      # running any registered action callbacks and rescue_from handlers.
-      def rails_controller
-        only_json? ? ActionController::API : ActionController::Base
-      end
-
       def prepare_rails_controller(controller, rails_request)
         controller.set_request! rails_request
         controller.set_response! rails_controller.make_response!(rails_request)
       end
     else
-      def rails_controller
-        ActionController::Base
-      end
-
       def prepare_rails_controller(controller, rails_request)
         controller.send(:set_response!, rails_request)
         controller.instance_variable_set(:@_request, rails_request)
       end
     end
 
+    def rails_api_controller?
+      defined?(ActionController::API) && rails_controller <= ActionController::API
+    end
+
+    def rails_controller
+      if only_json? && Rodauth::Rails.api_only?
+        ActionController::API
+      else
+        ActionController::Base
+      end
+    end
+
     # ActionMailer subclass for correct email delivering.
     class Mailer < ActionMailer::Base
       def create_email(**options)

data/lib/rodauth/rails/tasks.rake

@@ -22,7 +22,7 @@ namespace :rodauth do
         "#{path.ljust(padding)}  #{code}"
       end
 
-      puts "\n  #{route_lines.join("\n  ")}"
+      puts "\n  #{route_lines.join("\n  ")}" unless route_lines.empty?
     end
   end
 end

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.8.0"
+    VERSION = "0.10.0"
   end
 end

data/rodauth-rails.gemspec

@@ -17,8 +17,10 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 4.2", "< 7"
-  spec.add_dependency "rodauth", "~> 2.7"
+  spec.add_dependency "rodauth", "~> 2.11"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"
+
+  spec.add_development_dependency "jwt"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Janko Marohnić
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-03 00:00:00.000000000 Z
+date: 2021-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -36,14 +36,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.11'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
@@ -86,6 +86,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Provides Rails integration for Rodauth.
 email:
 - janko.marohnic@gmail.com
@@ -97,7 +111,6 @@ files:
 - LICENSE.txt
 - README.md
 - lib/generators/rodauth/install_generator.rb
-- lib/generators/rodauth/mailer_generator.rb
 - lib/generators/rodauth/migration/account_expiration.erb
 - lib/generators/rodauth/migration/active_sessions.erb
 - lib/generators/rodauth/migration/audit_logging.erb
@@ -191,6 +204,7 @@ files:
 - lib/rodauth/rails/app.rb
 - lib/rodauth/rails/app/flash.rb
 - lib/rodauth/rails/app/middleware.rb
+- lib/rodauth/rails/auth.rb
 - lib/rodauth/rails/controller_methods.rb
 - lib/rodauth/rails/feature.rb
 - lib/rodauth/rails/middleware.rb
@@ -202,7 +216,7 @@ homepage: https://github.com/janko/rodauth-rails
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -217,8 +231,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.
 test_files: []

data/lib/generators/rodauth/mailer_generator.rb

@@ -1,37 +0,0 @@
-require "rails/generators/base"
-
-module Rodauth
-  module Rails
-    module Generators
-      class MailerGenerator < ::Rails::Generators::Base
-        source_root "#{__dir__}/templates"
-        namespace "rodauth:mailer"
-
-        VIEWS = %w[
-          email_auth
-          password_changed
-          reset_password
-          unlock_account
-          verify_account
-          verify_login_change
-        ]
-
-        class_option :name,
-          desc: "The name for the mailer and the views directory",
-          default: "rodauth"
-
-        def copy_mailer
-          template "app/mailers/rodauth_mailer.rb",
-            "app/mailers/#{options[:name].underscore}_mailer.rb"
-        end
-
-        def copy_mailer_views
-          VIEWS.each do |view|
-            template "app/views/rodauth_mailer/#{view}.text.erb",
-              "app/views/#{options[:name].underscore}_mailer/#{view}.text.erb"
-          end
-        end
-      end
-    end
-  end
-end