rodauth-rails 0.8.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -9,11 +9,7 @@ module Rodauth
9
9
  end
10
10
 
11
11
  def rodauth(name = nil)
12
- if name
13
- request.env["rodauth.#{name}"]
14
- else
15
- request.env["rodauth"]
16
- end
12
+ request.env.fetch ["rodauth", *name].join(".")
17
13
  end
18
14
  end
19
15
  end
@@ -26,7 +26,7 @@ module Rodauth
26
26
  def render(page)
27
27
  rails_render(partial: page.tr("-", "_"), layout: false) ||
28
28
  rails_render(action: page.tr("-", "_"), layout: false) ||
29
- super
29
+ super.html_safe
30
30
  end
31
31
 
32
32
  # Render Rails CSRF tags in Rodauth templates.
@@ -44,6 +44,11 @@ module Rodauth
44
44
  true
45
45
  end
46
46
 
47
+ # Reset Rails session to protect from session fixation attacks.
48
+ def clear_session
49
+ rails_controller_instance.reset_session
50
+ end
51
+
47
52
  # Default the flash error key to Rails' default :alert.
48
53
  def flash_error_key
49
54
  :alert
@@ -54,6 +59,10 @@ module Rodauth
54
59
  rails_controller_instance.instance_exec(&block)
55
60
  end
56
61
 
62
+ def button(*)
63
+ super.html_safe
64
+ end
65
+
57
66
  private
58
67
 
59
68
  # Runs controller callbacks and rescue handlers around Rodauth actions.
@@ -79,11 +88,11 @@ module Rodauth
79
88
  # Runs any #(before|around|after)_action controller callbacks.
80
89
  def rails_controller_callbacks
81
90
  # don't verify CSRF token as part of callbacks, Rodauth will do that
82
- rails_controller_instance.allow_forgery_protection = false
91
+ rails_controller_forgery_protection { false }
83
92
 
84
93
  rails_controller_instance.run_callbacks(:process_action) do
85
94
  # turn the setting back to default so that form tags generate CSRF tags
86
- rails_controller_instance.allow_forgery_protection = rails_controller.allow_forgery_protection
95
+ rails_controller_forgery_protection { rails_controller.allow_forgery_protection }
87
96
 
88
97
  yield
89
98
  end
@@ -123,7 +132,7 @@ module Rodauth
123
132
 
124
133
  # Calls the Rails renderer, returning nil if a template is missing.
125
134
  def rails_render(*args)
126
- return if only_json?
135
+ return if rails_api_controller?
127
136
 
128
137
  rails_controller_instance.render_to_string(*args)
129
138
  rescue ActionView::MissingTemplate
@@ -150,6 +159,13 @@ module Rodauth
150
159
  rails_controller_instance.send(:form_authenticity_token)
151
160
  end
152
161
 
162
+ # allows/disables forgery protection
163
+ def rails_controller_forgery_protection(&value)
164
+ return if rails_api_controller?
165
+
166
+ rails_controller_instance.allow_forgery_protection = value.call
167
+ end
168
+
153
169
  # Instances of the configured controller with current request's env hash.
154
170
  def _rails_controller_instance
155
171
  controller = rails_controller.new
@@ -161,27 +177,29 @@ module Rodauth
161
177
  end
162
178
 
163
179
  if ActionPack.version >= Gem::Version.new("5.0")
164
- # Controller class to use for view rendering, CSRF protection, and
165
- # running any registered action callbacks and rescue_from handlers.
166
- def rails_controller
167
- only_json? ? ActionController::API : ActionController::Base
168
- end
169
-
170
180
  def prepare_rails_controller(controller, rails_request)
171
181
  controller.set_request! rails_request
172
182
  controller.set_response! rails_controller.make_response!(rails_request)
173
183
  end
174
184
  else
175
- def rails_controller
176
- ActionController::Base
177
- end
178
-
179
185
  def prepare_rails_controller(controller, rails_request)
180
186
  controller.send(:set_response!, rails_request)
181
187
  controller.instance_variable_set(:@_request, rails_request)
182
188
  end
183
189
  end
184
190
 
191
+ def rails_api_controller?
192
+ defined?(ActionController::API) && rails_controller <= ActionController::API
193
+ end
194
+
195
+ def rails_controller
196
+ if only_json? && Rodauth::Rails.api_only?
197
+ ActionController::API
198
+ else
199
+ ActionController::Base
200
+ end
201
+ end
202
+
185
203
  # ActionMailer subclass for correct email delivering.
186
204
  class Mailer < ActionMailer::Base
187
205
  def create_email(**options)
@@ -22,7 +22,7 @@ namespace :rodauth do
22
22
  "#{path.ljust(padding)} #{code}"
23
23
  end
24
24
 
25
- puts "\n #{route_lines.join("\n ")}"
25
+ puts "\n #{route_lines.join("\n ")}" unless route_lines.empty?
26
26
  end
27
27
  end
28
28
  end
@@ -1,5 +1,5 @@
1
1
  module Rodauth
2
2
  module Rails
3
- VERSION = "0.8.0"
3
+ VERSION = "0.10.0"
4
4
  end
5
5
  end
@@ -17,8 +17,10 @@ Gem::Specification.new do |spec|
17
17
  spec.require_paths = ["lib"]
18
18
 
19
19
  spec.add_dependency "railties", ">= 4.2", "< 7"
20
- spec.add_dependency "rodauth", "~> 2.7"
20
+ spec.add_dependency "rodauth", "~> 2.11"
21
21
  spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
22
22
  spec.add_dependency "tilt"
23
23
  spec.add_dependency "bcrypt"
24
+
25
+ spec.add_development_dependency "jwt"
24
26
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.0
4
+ version: 0.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Janko Marohnić
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-03 00:00:00.000000000 Z
11
+ date: 2021-03-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties
@@ -36,14 +36,14 @@ dependencies:
36
36
  requirements:
37
37
  - - "~>"
38
38
  - !ruby/object:Gem::Version
39
- version: '2.7'
39
+ version: '2.11'
40
40
  type: :runtime
41
41
  prerelease: false
42
42
  version_requirements: !ruby/object:Gem::Requirement
43
43
  requirements:
44
44
  - - "~>"
45
45
  - !ruby/object:Gem::Version
46
- version: '2.7'
46
+ version: '2.11'
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: sequel-activerecord_connection
49
49
  requirement: !ruby/object:Gem::Requirement
@@ -86,6 +86,20 @@ dependencies:
86
86
  - - ">="
87
87
  - !ruby/object:Gem::Version
88
88
  version: '0'
89
+ - !ruby/object:Gem::Dependency
90
+ name: jwt
91
+ requirement: !ruby/object:Gem::Requirement
92
+ requirements:
93
+ - - ">="
94
+ - !ruby/object:Gem::Version
95
+ version: '0'
96
+ type: :development
97
+ prerelease: false
98
+ version_requirements: !ruby/object:Gem::Requirement
99
+ requirements:
100
+ - - ">="
101
+ - !ruby/object:Gem::Version
102
+ version: '0'
89
103
  description: Provides Rails integration for Rodauth.
90
104
  email:
91
105
  - janko.marohnic@gmail.com
@@ -97,7 +111,6 @@ files:
97
111
  - LICENSE.txt
98
112
  - README.md
99
113
  - lib/generators/rodauth/install_generator.rb
100
- - lib/generators/rodauth/mailer_generator.rb
101
114
  - lib/generators/rodauth/migration/account_expiration.erb
102
115
  - lib/generators/rodauth/migration/active_sessions.erb
103
116
  - lib/generators/rodauth/migration/audit_logging.erb
@@ -191,6 +204,7 @@ files:
191
204
  - lib/rodauth/rails/app.rb
192
205
  - lib/rodauth/rails/app/flash.rb
193
206
  - lib/rodauth/rails/app/middleware.rb
207
+ - lib/rodauth/rails/auth.rb
194
208
  - lib/rodauth/rails/controller_methods.rb
195
209
  - lib/rodauth/rails/feature.rb
196
210
  - lib/rodauth/rails/middleware.rb
@@ -202,7 +216,7 @@ homepage: https://github.com/janko/rodauth-rails
202
216
  licenses:
203
217
  - MIT
204
218
  metadata: {}
205
- post_install_message:
219
+ post_install_message:
206
220
  rdoc_options: []
207
221
  require_paths:
208
222
  - lib
@@ -217,8 +231,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
217
231
  - !ruby/object:Gem::Version
218
232
  version: '0'
219
233
  requirements: []
220
- rubygems_version: 3.1.4
221
- signing_key:
234
+ rubygems_version: 3.2.3
235
+ signing_key:
222
236
  specification_version: 4
223
237
  summary: Provides Rails integration for Rodauth.
224
238
  test_files: []
@@ -1,37 +0,0 @@
1
- require "rails/generators/base"
2
-
3
- module Rodauth
4
- module Rails
5
- module Generators
6
- class MailerGenerator < ::Rails::Generators::Base
7
- source_root "#{__dir__}/templates"
8
- namespace "rodauth:mailer"
9
-
10
- VIEWS = %w[
11
- email_auth
12
- password_changed
13
- reset_password
14
- unlock_account
15
- verify_account
16
- verify_login_change
17
- ]
18
-
19
- class_option :name,
20
- desc: "The name for the mailer and the views directory",
21
- default: "rodauth"
22
-
23
- def copy_mailer
24
- template "app/mailers/rodauth_mailer.rb",
25
- "app/mailers/#{options[:name].underscore}_mailer.rb"
26
- end
27
-
28
- def copy_mailer_views
29
- VIEWS.each do |view|
30
- template "app/views/rodauth_mailer/#{view}.text.erb",
31
- "app/views/#{options[:name].underscore}_mailer/#{view}.text.erb"
32
- end
33
- end
34
- end
35
- end
36
- end
37
- end