rodauth-rails 0.8.2 → 0.12.0

data/lib/generators/rodauth/install_generator.rb

@@ -10,17 +10,20 @@ module Rodauth
         include ::ActiveRecord::Generators::Migration
         include MigrationHelpers
 
+        MAILER_VIEWS = %w[
+          email_auth
+          password_changed
+          reset_password
+          unlock_account
+          verify_account
+          verify_login_change
+        ]
+
         source_root "#{__dir__}/templates"
         namespace "rodauth:install"
 
-        # The :api option is a Rails-recognized option that always
-        # defaults to false, so we make it use our provided default
-        # value instead.
-        def self.default_value_for_option(name, options)
-          name == :api ? options[:default] : super
-        end
-
-        class_option :api, type: :boolean, desc: "Generate JSON-only configuration"
+        class_option :json, type: :boolean, desc: "Configure JSON support"
+        class_option :jwt, type: :boolean, desc: "Configure JWT support"
 
         def create_rodauth_migration
           return unless defined?(ActiveRecord::Base)
@@ -53,6 +56,14 @@ module Rodauth
           template "app/models/account.rb"
         end
 
+        def create_mailer
+          template "app/mailers/rodauth_mailer.rb"
+
+          MAILER_VIEWS.each do |view|
+            template "app/views/rodauth_mailer/#{view}.text.erb"
+          end
+        end
+
         private
 
         def sequel_uri_scheme
@@ -83,17 +94,17 @@ module Rodauth
           end
         end
 
-        def api_only?
-          if options.key?(:api)
-            options[:api]
-          elsif ::Rails.gem_version >= Gem::Version.new("5.0")
-            ::Rails.application.config.api_only
-          end
+        def json?
+          options[:json]
+        end
+
+        def jwt?
+          options[:jwt] || Rodauth::Rails.api_only?
         end
 
         def migration_features
           features = [:base, :reset_password, :verify_account, :verify_login_change]
-          features << :remember unless api_only?
+          features << :remember unless jwt?
           features
         end
       end

data/lib/generators/rodauth/migration/base.erb

@@ -5,11 +5,11 @@ enable_extension "citext"
 create_table :accounts<%= primary_key_type %> do |t|
 <% case activerecord_adapter -%>
 <% when "postgresql" -%>
-  t.citext :email, null: false, index: { unique: true, where: "status IN ('verified', 'unverified')" }
+  t.citext :email, null: false, index: { unique: true, where: "status IN ('unverified', 'verified')" }
 <% else -%>
   t.string :email, null: false, index: { unique: true }
 <% end -%>
-  t.string :status, null: false, default: "verified"
+  t.string :status, null: false, default: "unverified"
 end
 
 # Used if storing password hashes in a separate table (default)

data/lib/generators/rodauth/templates/app/lib/rodauth_app.rb

@@ -1,8 +1,8 @@
 class RodauthApp < Rodauth::Rails::App
-  configure<%= " json: :only" if api_only? %> do
+  configure do
     # List of authentication features that are loaded.
     enable :create_account, :verify_account, :verify_account_grace_period,
-      :login, :logout, <%= api_only? ? ":jwt" : ":remember" %>,
+      :login, :logout<%= ", :remember" unless jwt? %><%= ", :json" if json? %><%= ", :jwt" if jwt? %>,
       :reset_password, :change_password, :change_password_notify,
       :change_login, :verify_login_change,
       :close_account
@@ -14,6 +14,20 @@ class RodauthApp < Rodauth::Rails::App
     # The secret key used for hashing public-facing tokens for various features.
     # Defaults to Rails `secret_key_base`, but you can use your own secret key.
     # hmac_secret "<%= SecureRandom.hex(64) %>"
+<% if jwt? -%>
+
+    # Set JWT secret, which is used to cryptographically protect the token.
+    jwt_secret "<%= SecureRandom.hex(64) %>"
+<% end -%>
+<% if json? || jwt? -%>
+
+    # Accept only JSON requests.
+    only_json? true
+
+    # Handle login and password confirmation fields on the client side.
+    # require_password_confirmation? false
+    # require_login_confirmation? false
+<% end -%>
 
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
@@ -42,52 +56,34 @@ class RodauthApp < Rodauth::Rails::App
 
     # Redirect to the app from login and registration pages if already logged in.
     # already_logged_in { redirect login_redirect }
-<% if api_only? -%>
-
-    # ==> JWT
-    # Set JWT secret, which is used to cryptographically protect the token.
-    jwt_secret "<%= SecureRandom.hex(64) %>"
-
-    # Don't require login confirmation param.
-    require_login_confirmation? false
-
-    # Don't require password confirmation param.
-    require_password_confirmation? false
-<% end -%>
 
     # ==> Emails
-    # Uncomment the lines below once you've imported mailer views.
-    # create_reset_password_email do
-    #   RodauthMailer.reset_password(email_to, reset_password_email_link)
-    # end
-    # create_verify_account_email do
-    #   RodauthMailer.verify_account(email_to, verify_account_email_link)
-    # end
-    # create_verify_login_change_email do |login|
-    #   RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
+    # Use a custom mailer for delivering authentication emails.
+    create_reset_password_email do
+      RodauthMailer.reset_password(email_to, reset_password_email_link)
+    end
+    create_verify_account_email do
+      RodauthMailer.verify_account(email_to, verify_account_email_link)
+    end
+    create_verify_login_change_email do |login|
+      RodauthMailer.verify_login_change(login, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_email_link)
+    end
+    create_password_changed_email do
+      RodauthMailer.password_changed(email_to)
+    end
+    # create_email_auth_email do
+    #   RodauthMailer.email_auth(email_to, email_auth_email_link)
     # end
-    # create_password_changed_email do
-    #   RodauthMailer.password_changed(email_to)
+    # create_unlock_account_email do
+    #   RodauthMailer.unlock_account(email_to, unlock_account_email_link)
     # end
-    # # create_email_auth_email do
-    # #   RodauthMailer.email_auth(email_to, email_auth_email_link)
-    # # end
-    # # create_unlock_account_email do
-    # #   RodauthMailer.unlock_account(email_to, unlock_account_email_link)
-    # # end
-    # send_email do |email|
-    #   # queue email delivery on the mailer after the transaction commits
-    #   db.after_commit { email.deliver_later }
-    # end
-
-    # In the meantime you can tweak settings for emails created by Rodauth
-    # email_subject_prefix "[MyApp] "
-    # email_from "noreply@myapp.com"
-    # send_email(&:deliver_later)
-    # reset_password_email_body { "Click here to reset your password: #{reset_password_email_link}" }
+    send_email do |email|
+      # queue email delivery on the mailer after the transaction commits
+      db.after_commit { email.deliver_later }
+    end
 
     # ==> Flash
-<% unless api_only? -%>
+<% unless json? || jwt? -%>
     # Match flash keys with ones already used in the Rails app.
     # flash_notice_key :success # default is :notice
     # flash_error_key :error # default is :alert
@@ -107,7 +103,7 @@ class RodauthApp < Rodauth::Rails::App
 
     # Change minimum number of password characters required when creating an account.
     # password_minimum_length 8
-<% unless api_only? -%>
+<% unless jwt? -%>
 
     # ==> Remember Feature
     # Remember all logged in users.
@@ -128,13 +124,14 @@ class RodauthApp < Rodauth::Rails::App
 
     # Perform additional actions after the account is created.
     # after_create_account do
-    #   Profile.create!(account_id: account[:id], name: param("name"))
+    #   Profile.create!(account_id: account_id, name: param("name"))
     # end
 
     # Do additional cleanup after the account is closed.
     # after_close_account do
-    #   Profile.find_by!(account_id: account[:id]).destroy
+    #   Profile.find_by!(account_id: account_id).destroy
     # end
+<% unless json? || jwt? -%>
 
     # ==> Redirects
     # Redirect to home page after logout.
@@ -145,25 +142,27 @@ class RodauthApp < Rodauth::Rails::App
 
     # Redirect to login page after password reset.
     reset_password_redirect { login_path }
+<% end -%>
 
     # ==> Deadlines
     # Change default deadlines for some actions.
     # verify_account_grace_period 3.days
     # reset_password_deadline_interval Hash[hours: 6]
     # verify_login_change_deadline_interval Hash[days: 2]
+<% unless jwt? -%>
     # remember_deadline_interval Hash[days: 30]
+<% end -%>
   end
 
   # ==> Multiple configurations
   # configure(:admin) do
-  #   enable :http_basic_auth
-  #
+  #   enable :http_basic_auth # enable different set of features
   #   prefix "/admin"
-  #   session_key :admin_id
+  #   session_key_prefix "admin_"
   # end
 
   route do |r|
-<% unless api_only? -%>
+<% unless jwt? -%>
     rodauth.load_memory # autologin remembered users
 
 <% end -%>
@@ -188,6 +187,8 @@ class RodauthApp < Rodauth::Rails::App
     #   unless rodauth(:admin).logged_in?
     #     rodauth(:admin).require_http_basic_auth
     #   end
+    #
+    #   r.pass # allow the Rails app to handle other "/admin/*" requests
     # end
   end
 end

data/lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb

@@ -1,4 +1,4 @@
-class <%= options[:name].camelize %>Mailer < ApplicationMailer
+class RodauthMailer < ApplicationMailer
   def verify_account(recipient, email_link)
     @email_link = email_link
 
@@ -25,13 +25,13 @@ class <%= options[:name].camelize %>Mailer < ApplicationMailer
 
   # def email_auth(recipient, email_link)
   #   @email_link = email_link
-
+  #
   #   mail to: recipient
   # end
 
   # def unlock_account(recipient, email_link)
   #   @email_link = email_link
-
+  #
   #   mail to: recipient
   # end
 end

data/lib/generators/rodauth/templates/app/views/rodauth/_global_logout_field.html.erb

@@ -1,4 +1,4 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <div class="form-check">
     <%%= check_box_tag rodauth.global_logout_param, "t", false, id: "global-logout", class: "form-check-input" %>
     <%%= label_tag "global-logout", "Logout all Logged In Sessons?", class: "form-check-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_confirm_field.html.erb

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "login-confirm", "Confirm Login" %>
+<div class="form-group mb-3">
+  <%%= label_tag "login-confirm", "Confirm Login", class: "form-label" %>
   <%%= render "field", name: rodauth.login_confirm_param, id: "login-confirm", type: :email, autocomplete: "email" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_display.html.erb

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "login", "Login" %>
+<div class="form-group mb-3">
+  <%%= label_tag "login", "Login", class: "form-label" %>
   <%%= email_field_tag rodauth.login_param, params[rodauth.login_param], id: "login", readonly: true, class: "form-control-plaintext" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_login_field.html.erb

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "login", "Login" %>
+<div class="form-group mb-3">
+  <%%= label_tag "login", "Login", class: "form-label" %>
   <%%= render "field", name: rodauth.login_param, id: "login", type: :email, autocomplete: "email" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_new_password_field.html.erb

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "new-password", "New Password" %>
+<div class="form-group mb-3">
+  <%%= label_tag "new-password", "New Password", class: "form-label" %>
   <%%= render "field", name: rodauth.new_password_param, id: "new-password", type: "password", value: "", autocomplete: "new-password" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_otp_auth_code_field.html.erb

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <%%= label_tag "otp-auth-code", "Authentication Code" %>
+<div class="form-group mb-3">
+  <%%= label_tag "otp-auth-code", "Authentication Code", class: "form-label" %>
   <div class="row">
     <div class="col-sm-3">
       <%%= render "field", name: rodauth.otp_auth_param, id: "otp-auth-code", value: "", autocomplete: "off", inputmode: "numeric" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_password_confirm_field.html.erb

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "password-confirm", "Confirm Password" %>
+<div class="form-group mb-3">
+  <%%= label_tag "password-confirm", "Confirm Password", class: "form-label" %>
   <%%= render "field", name: rodauth.password_confirm_param, id: "password-confirm", type: :password, value: "", autocomplete: "new-password" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_password_field.html.erb

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "password", "Password" %>
+<div class="form-group mb-3">
+  <%%= label_tag "password", "Password", class: "form-label" %>
   <%%= render "field", name: rodauth.password_param, id: "password", type: :password, value: "", autocomplete: rodauth.password_field_autocomplete_value %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_recovery_code_field.html.erb

@@ -1,4 +1,4 @@
-<div class="form-group">
-  <%%= label_tag "recovery_code", "Recovery Code" %>
+<div class="form-group mb-3">
+  <%%= label_tag "recovery_code", "Recovery Code", class: "form-label" %>
   <%%= render "field", name: rodauth.recovery_codes_param, id: "recovery_code", value: "", autocomplete: "off" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/_sms_code_field.html.erb

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <%%= label_tag "sms-code", "SMS Code" %>
+<div class="form-group mb-3">
+  <%%= label_tag "sms-code", "SMS Code", class: "form-label" %>
   <div class="row">
     <div class="col-sm-3">
       <%%= render "field", name: rodauth.sms_code_param, id: "sms-code", value: "", autocomplete: "one-time-code", inputmode: "numeric" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_sms_phone_field.html.erb

@@ -1,5 +1,5 @@
-<div class="form-group">
-  <%%= label_tag "sms-phone", "Phone Number" %>
+<div class="form-group mb-3">
+  <%%= label_tag "sms-phone", "Phone Number", class: "form-label" %>
   <div class="row">
     <div class="col-sm-3">
       <%%= render "field", name: rodauth.sms_phone_param, id: "sms-phone", type: :tel, autocomplete: "tel" %>

data/lib/generators/rodauth/templates/app/views/rodauth/_submit.html.erb

@@ -1,3 +1,3 @@
-<div class="form-group">
+<div class="form-group mb-3">
   <%%= submit_tag local_assigns[:value], name: local_assigns[:name], class: local_assigns[:class] || "btn btn-primary" %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_setup.html.erb

@@ -2,14 +2,14 @@
   <%%= hidden_field_tag rodauth.otp_setup_param, rodauth.otp_user_key, id: "otp-key" %>
   <%%= hidden_field_tag rodauth.otp_setup_raw_param, rodauth.otp_key, id: "otp-hmac-secret" if rodauth.otp_keys_use_hmac? %>
 
-  <div class="form-group">
+  <div class="form-group mb-3">
     <p>Secret: <%%= rodauth.otp_user_key %></p>
     <p>Provisioning URL: <%%= rodauth.otp_provisioning_uri %></p>
   </div>
 
   <div class="row">
     <div class="col-lg-6 col-lg">
-      <div class="form-group">
+      <div class="form-group mb-3">
         <p><%%= rodauth.otp_qr_code.html_safe %></p>
       </div>
     </div>

data/lib/generators/rodauth/templates/app/views/rodauth/remember.html.erb

@@ -1,5 +1,5 @@
 <%%= form_tag rodauth.remember_path, method: :post do %>
-  <fieldset class="form-group">
+  <fieldset class="form-group mb-3">
     <div class="form-check">
       <%%= radio_button_tag rodauth.remember_param, rodauth.remember_remember_param_value, false, id: "remember-remember", class: "form-check-input" %>
       <%%= label_tag "remember-remember", "Remember Me", class: "form-check-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_remove.html.erb

@@ -1,6 +1,6 @@
 <%%= form_tag rodauth.webauthn_remove_path, method: :post, id: "webauthn-remove-form" do %>
   <%%= render "password_field" if rodauth.two_factor_modifications_require_password? %>
-  <fieldset class="form-group">
+  <fieldset class="form-group mb-3">
     <%% (usage = rodauth.account_webauthn_usage).each do |id, last_use| %>
       <div class="form-check">
         <%%= render "field", name: rodauth.webauthn_remove_param, id: "webauthn-remove-#{id}", type: :radio, class: "form-check-input", skip_error_message: true, value: id, required: false %>

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/unlock_account.text.erb

@@ -1,4 +1,4 @@
-Someone has requested a that the account with this email be unlocked.
+Someone has requested that the account with this email be unlocked.
 If you did not request the unlocking of this account, please ignore this
 message.  If you requested the unlocking of this account, please go to
 <%%= @email_link %>

data/lib/rodauth/rails.rb

@@ -8,6 +8,7 @@ module Rodauth
 
     # This allows the developer to avoid loading Rodauth at boot time.
     autoload :App, "rodauth/rails/app"
+    autoload :Auth, "rodauth/rails/auth"
 
     @app = nil
     @middleware = true
@@ -32,6 +33,15 @@ module Rodauth
         scope.rodauth(name)
       end
 
+      # routing constraint that requires authentication
+      def authenticated(name = nil, &condition)
+        lambda do |request|
+          rodauth = request.env.fetch ["rodauth", *name].join(".")
+          rodauth.require_authentication
+          rodauth.authenticated? && (condition.nil? || condition.call(rodauth))
+        end
+      end
+
       if ::Rails.gem_version >= Gem::Version.new("5.2")
         def secret_key_base
           ::Rails.application.secret_key_base
@@ -42,6 +52,16 @@ module Rodauth
         end
       end
 
+      if ::Rails.gem_version >= Gem::Version.new("5.0")
+        def api_only?
+          ::Rails.application.config.api_only
+        end
+      else
+        def api_only?
+          false
+        end
+      end
+
       def configure
         yield self
       end