rodauth-rails 0.8.1 → 0.11.0

data/lib/rodauth/rails/auth.rb

@@ -0,0 +1,40 @@
+require "rodauth"
+require "rodauth/rails/feature"
+
+module Rodauth
+  module Rails
+    # Base auth class that applies some default configuration and supports
+    # multi-level inheritance.
+    class Auth < Rodauth::Auth
+      class << self
+        attr_writer :features
+        attr_writer :routes
+        attr_accessor :configuration
+      end
+
+      def self.inherited(auth_class)
+        super
+        auth_class.roda_class = Rodauth::Rails.app
+        auth_class.features = features.dup
+        auth_class.routes = routes.dup
+        auth_class.route_hash = route_hash.dup
+        auth_class.configuration = configuration.clone
+        auth_class.configuration.instance_variable_set(:@auth, auth_class)
+      end
+
+      # apply default configuration
+      configure do
+        enable :rails
+
+        # database functions are more complex to set up, so disable them by default
+        use_database_authentication_functions? false
+
+        # avoid having to set deadline values in column default values
+        set_deadline_values? true
+
+        # use HMACs for additional security
+        hmac_secret { Rodauth::Rails.secret_key_base }
+      end
+    end
+  end
+end

data/lib/rodauth/rails/controller_methods.rb

@@ -9,11 +9,7 @@ module Rodauth
       end
 
       def rodauth(name = nil)
-        if name
-          request.env["rodauth.#{name}"]
-        else
-          request.env["rodauth"]
-        end
+        request.env.fetch ["rodauth", *name].join(".")
       end
     end
   end

data/lib/rodauth/rails/feature.rb

@@ -44,6 +44,11 @@ module Rodauth
       true
     end
 
+    # Reset Rails session to protect from session fixation attacks.
+    def clear_session
+      rails_controller_instance.reset_session
+    end
+
     # Default the flash error key to Rails' default :alert.
     def flash_error_key
       :alert
@@ -58,24 +63,33 @@ module Rodauth
       super.html_safe
     end
 
+    delegate :rails_routes, :rails_request, to: :scope
+
     private
 
     # Runs controller callbacks and rescue handlers around Rodauth actions.
     def _around_rodauth(&block)
       result = nil
 
-      rails_controller_rescue do
-        rails_controller_callbacks do
-          result = catch(:halt) { super(&block) }
+      rails_instrument_request do
+        rails_controller_rescue do
+          rails_controller_callbacks do
+            result = catch(:halt) { super(&block) }
+          end
         end
+
+        result = handle_rails_controller_response(result)
       end
 
+      throw :halt, result if result
+    end
+
+    # Handles controller rendering a response or setting response headers.
+    def handle_rails_controller_response(result)
       if rails_controller_instance.performed?
         rails_controller_response
       elsif result
         result[1].merge!(rails_controller_instance.response.headers)
-        throw :halt, result
-      else
         result
       end
     end
@@ -104,6 +118,20 @@ module Rodauth
       end
     end
 
+    def rails_instrument_request
+      ActiveSupport::Notifications.instrument("start_processing.rodauth", rodauth: self)
+      ActiveSupport::Notifications.instrument("process_request.rodauth", rodauth: self) do |payload|
+        begin
+          status, headers, body = yield
+          payload[:status] = status || 404
+          payload[:headers] = headers
+          payload[:body] = body
+        ensure
+          rails_controller_instance.send(:append_info_to_payload, payload)
+        end
+      end
+    end
+
     # Returns Roda response from controller response if set.
     def rails_controller_response
       controller_response = rails_controller_instance.response
@@ -112,7 +140,7 @@ module Rodauth
       response.headers.merge! controller_response.headers
       response.write controller_response.body
 
-      request.halt
+      response.finish
     end
 
     # Create emails with ActionMailer which uses configured delivery method.
@@ -163,11 +191,8 @@ module Rodauth
 
     # Instances of the configured controller with current request's env hash.
     def _rails_controller_instance
-      controller    = rails_controller.new
-      rails_request = ActionDispatch::Request.new(scope.env)
-
+      controller = rails_controller.new
       prepare_rails_controller(controller, rails_request)
-
       controller
     end
 
@@ -187,6 +212,14 @@ module Rodauth
       defined?(ActionController::API) && rails_controller <= ActionController::API
     end
 
+    def rails_controller
+      if only_json? && Rodauth::Rails.api_only?
+        ActionController::API
+      else
+        ActionController::Base
+      end
+    end
+
     # ActionMailer subclass for correct email delivering.
     class Mailer < ActionMailer::Base
       def create_email(**options)

data/lib/rodauth/rails/log_subscriber.rb

@@ -0,0 +1,34 @@
+module Rodauth
+  module Rails
+    class LogSubscriber < ActiveSupport::LogSubscriber
+      def start_processing(event)
+        rodauth = event.payload[:rodauth]
+        app_class = rodauth.scope.class.superclass
+        format = rodauth.rails_request.format.ref
+        format = format.to_s.upcase if format.is_a?(Symbol)
+        format = "*/*" if format.nil?
+
+        info "Processing by #{app_class} as #{format}"
+      end
+
+      def process_request(event)
+        status = event.payload[:status]
+
+        additions = ActionController::Base.log_process_action(event.payload)
+        if ::Rails.gem_version >= Gem::Version.new("6.0")
+          additions << "Allocations: #{event.allocations}"
+        end
+
+        message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
+        message << " (#{additions.join(" | ")})"
+        message << "\n\n" if defined?(::Rails.env) && ::Rails.env.development?
+
+        info message
+      end
+
+      def logger
+        ::Rails.logger
+      end
+    end
+  end
+end

data/lib/rodauth/rails/railtie.rb

@@ -1,5 +1,6 @@
 require "rodauth/rails/middleware"
 require "rodauth/rails/controller_methods"
+require "rodauth/rails/log_subscriber"
 
 require "rails"
 
@@ -16,6 +17,10 @@ module Rodauth
         end
       end
 
+      initializer "rodauth.log_subscriber" do
+        Rodauth::Rails::LogSubscriber.attach_to :rodauth
+      end
+
       initializer "rodauth.test" do
         # Rodauth uses RACK_ENV to set the default bcrypt hash cost
         ENV["RACK_ENV"] = "test" if ::Rails.env.test?

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.8.1"
+    VERSION = "0.11.0"
   end
 end

data/rodauth-rails.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 4.2", "< 7"
-  spec.add_dependency "rodauth", "~> 2.7"
+  spec.add_dependency "rodauth", "~> 2.11"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.11.0
 platform: ruby
 authors:
 - Janko Marohnić
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-04 00:00:00.000000000 Z
+date: 2021-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -36,14 +36,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.11'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '2.11'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
@@ -111,7 +111,6 @@ files:
 - LICENSE.txt
 - README.md
 - lib/generators/rodauth/install_generator.rb
-- lib/generators/rodauth/mailer_generator.rb
 - lib/generators/rodauth/migration/account_expiration.erb
 - lib/generators/rodauth/migration/active_sessions.erb
 - lib/generators/rodauth/migration/audit_logging.erb
@@ -205,8 +204,10 @@ files:
 - lib/rodauth/rails/app.rb
 - lib/rodauth/rails/app/flash.rb
 - lib/rodauth/rails/app/middleware.rb
+- lib/rodauth/rails/auth.rb
 - lib/rodauth/rails/controller_methods.rb
 - lib/rodauth/rails/feature.rb
+- lib/rodauth/rails/log_subscriber.rb
 - lib/rodauth/rails/middleware.rb
 - lib/rodauth/rails/railtie.rb
 - lib/rodauth/rails/tasks.rake
@@ -216,7 +217,7 @@ homepage: https://github.com/janko/rodauth-rails
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -231,8 +232,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.
 test_files: []

data/lib/generators/rodauth/mailer_generator.rb

@@ -1,37 +0,0 @@
-require "rails/generators/base"
-
-module Rodauth
-  module Rails
-    module Generators
-      class MailerGenerator < ::Rails::Generators::Base
-        source_root "#{__dir__}/templates"
-        namespace "rodauth:mailer"
-
-        VIEWS = %w[
-          email_auth
-          password_changed
-          reset_password
-          unlock_account
-          verify_account
-          verify_login_change
-        ]
-
-        class_option :name,
-          desc: "The name for the mailer and the views directory",
-          default: "rodauth"
-
-        def copy_mailer
-          template "app/mailers/rodauth_mailer.rb",
-            "app/mailers/#{options[:name].underscore}_mailer.rb"
-        end
-
-        def copy_mailer_views
-          VIEWS.each do |view|
-            template "app/views/rodauth_mailer/#{view}.text.erb",
-              "app/views/#{options[:name].underscore}_mailer/#{view}.text.erb"
-          end
-        end
-      end
-    end
-  end
-end