RubyGems - rodauth-rails - Versions diffs - 0.8.2 → 0.12.0 - Page 3 - Diffend - OSS supply chain security and management platform

rodauth-rails 0.8.2 → 0.12.0

Files changed (40) hide show

data/lib/rodauth/rails/app.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 require "roda"
-require "rodauth"
-require "rodauth/rails/feature"
+require "rodauth/rails/auth"
 module Rodauth
   module Rails
@@ -11,46 +10,39 @@ module Rodauth
       plugin :hooks
       plugin :render, layout: false
+      plugin :pass
-      def self.configure(name = nil, **options, &block)
-        unless options[:json] == :only
-          require "rodauth/rails/app/flash"
-          plugin Flash
-        end
-        plugin :rodauth, name: name, csrf: false, flash: false, **options do
-          # load the Rails integration
-          enable :rails
-          if options[:json] == :only && ActionPack.version >= Gem::Version.new("5.0")
-            rails_controller { ActionController::API }
-          else
-            rails_controller { ActionController::Base }
-          end
+      unless Rodauth::Rails.api_only?
+        require "rodauth/rails/app/flash"
+        plugin Flash
+      end
-          # database functions are more complex to set up, so disable them by default
-          use_database_authentication_functions? false
+      def self.configure(*args, **options, &block)
+        auth_class = args.shift if args[0].is_a?(Class)
+        name       = args.shift if args[0].is_a?(Symbol)
-          # avoid having to set deadline values in column default values
-          set_deadline_values? true
+        fail ArgumentError, "need to pass optional Rodauth::Auth subclass and optional configuration name" if args.any?
-          # use HMACs for additional security
-          hmac_secret { Rodauth::Rails.secret_key_base }
+        auth_class ||= Class.new(Rodauth::Rails::Auth)
-          # evaluate user configuration
-          instance_exec(&block)
+        plugin :rodauth, auth_class: auth_class, name: name, csrf: false, flash: false, json: true, **options do
+          instance_exec(&block) if block
         end
       end
       before do
-        (opts[:rodauths] || {}).each do |name, _|
-          if name
-            env["rodauth.#{name}"] = rodauth(name)
-          else
-            env["rodauth"] = rodauth
-          end
+        opts[:rodauths]&.each_key do |name|
+          env[["rodauth", *name].join(".")] = rodauth(name)
         end
       end
+      def rails_routes
+        ::Rails.application.routes.url_helpers
+      end
+      def rails_request
+        ActionDispatch::Request.new(env)
+      end
     end
   end
 end

data/lib/rodauth/rails/app/flash.rb CHANGED Viewed

@@ -27,22 +27,18 @@ module Rodauth
           end
           def flash
-            rails_request.flash
+            scope.rails_request.flash
           end
-          def commit_flash
-            if ActionPack.version >= Gem::Version.new("5.0")
-              rails_request.commit_flash
-            else
+          if ActionPack.version >= Gem::Version.new("5.0")
+            def commit_flash
+              scope.rails_request.commit_flash
+            end
+          else
+            def commit_flash
               # ActionPack 4.2 automatically commits flash
             end
           end
-          private
-          def rails_request
-            ActionDispatch::Request.new(env)
-          end
         end
       end
     end

data/lib/rodauth/rails/app/middleware.rb CHANGED Viewed

@@ -3,20 +3,30 @@ module Rodauth
     class App
       # Roda plugin that extends middleware plugin by propagating response headers.
       module Middleware
-        def self.load_dependencies(app)
-          app.plugin :hooks
-        end
         def self.configure(app)
-          app.after do
-            if response.empty? && response.headers.any?
-              env["rodauth.rails.headers"] = response.headers
+          handle_result = -> (env, res) do
+            if headers = env.delete("rodauth.rails.headers")
+              res[1] = headers.merge(res[1])
             end
           end
-          app.plugin :middleware, handle_result: -> (env, res) do
-            if headers = env.delete("rodauth.rails.headers")
-              res[1] = headers.merge(res[1])
+          app.plugin :middleware, handle_result: handle_result do |middleware|
+            middleware.plugin :hooks
+            middleware.after do
+              if response.empty? && response.headers.any?
+                env["rodauth.rails.headers"] = response.headers
+              end
+            end
+            middleware.class_eval do
+              def self.inspect
+                "#{superclass}::Middleware"
+              end
+              def inspect
+                "#<#{self.class.inspect} request=#{request.inspect} response=#{response.inspect}>"
+              end
             end
           end
         end

data/lib/rodauth/rails/auth.rb ADDED Viewed

@@ -0,0 +1,40 @@
+require "rodauth"
+require "rodauth/rails/feature"
+module Rodauth
+  module Rails
+    # Base auth class that applies some default configuration and supports
+    # multi-level inheritance.
+    class Auth < Rodauth::Auth
+      class << self
+        attr_writer :features
+        attr_writer :routes
+        attr_accessor :configuration
+      end
+      def self.inherited(auth_class)
+        super
+        auth_class.roda_class = Rodauth::Rails.app
+        auth_class.features = features.dup
+        auth_class.routes = routes.dup
+        auth_class.route_hash = route_hash.dup
+        auth_class.configuration = configuration.clone
+        auth_class.configuration.instance_variable_set(:@auth, auth_class)
+      end
+      # apply default configuration
+      configure do
+        enable :rails
+        # database functions are more complex to set up, so disable them by default
+        use_database_authentication_functions? false
+        # avoid having to set deadline values in column default values
+        set_deadline_values? true
+        # use HMACs for additional security
+        hmac_secret { Rodauth::Rails.secret_key_base }
+      end
+    end
+  end
+end

data/lib/rodauth/rails/controller_methods.rb CHANGED Viewed

@@ -9,11 +9,7 @@ module Rodauth
       end
       def rodauth(name = nil)
-        if name
-          request.env["rodauth.#{name}"]
-        else
-          request.env["rodauth"]
-        end
+        request.env.fetch ["rodauth", *name].join(".")
       end
     end
   end

data/lib/rodauth/rails/feature.rb CHANGED Viewed

@@ -1,206 +1,21 @@
 module Rodauth
   Feature.define(:rails) do
-    depends :email_base
-    # List of overridable methods.
-    auth_methods(
-      :rails_render,
-      :rails_csrf_tag,
-      :rails_csrf_param,
-      :rails_csrf_token,
-      :rails_check_csrf!,
-      :rails_controller,
-    )
-    auth_cached_method :rails_controller_instance
-    # Renders templates with layout. First tries to render a user-defined
-    # template, otherwise falls back to Rodauth's template.
-    def view(page, *)
-      rails_render(action: page.tr("-", "_"), layout: true) ||
-        rails_render(html: super.html_safe, layout: true)
-    end
-    # Renders templates without layout. First tries to render a user-defined
-    # template or partial, otherwise falls back to Rodauth's template.
-    def render(page)
-      rails_render(partial: page.tr("-", "_"), layout: false) ||
-        rails_render(action: page.tr("-", "_"), layout: false) ||
-        super.html_safe
-    end
-    # Render Rails CSRF tags in Rodauth templates.
-    def csrf_tag(*)
-      rails_csrf_tag
-    end
-    # Verify Rails' authenticity token.
-    def check_csrf
-      rails_check_csrf!
-    end
-    # Have Rodauth call #check_csrf automatically.
-    def check_csrf?
-      true
-    end
-    # Reset Rails session to protect from session fixation attacks.
-    def clear_session
-      rails_controller_instance.reset_session
-    end
-    # Default the flash error key to Rails' default :alert.
-    def flash_error_key
-      :alert
-    end
-    # Evaluates the block in context of a Rodauth controller instance.
-    def rails_controller_eval(&block)
-      rails_controller_instance.instance_exec(&block)
-    end
-    def button(*)
-      super.html_safe
-    end
-    private
-    # Runs controller callbacks and rescue handlers around Rodauth actions.
-    def _around_rodauth(&block)
-      result = nil
-      rails_controller_rescue do
-        rails_controller_callbacks do
-          result = catch(:halt) { super(&block) }
-        end
-      end
-      if rails_controller_instance.performed?
-        rails_controller_response
-      elsif result
-        result[1].merge!(rails_controller_instance.response.headers)
-        throw :halt, result
-      else
-        result
-      end
-    end
-    # Runs any #(before|around|after)_action controller callbacks.
-    def rails_controller_callbacks
-      # don't verify CSRF token as part of callbacks, Rodauth will do that
-      rails_controller_forgery_protection { false }
-      rails_controller_instance.run_callbacks(:process_action) do
-        # turn the setting back to default so that form tags generate CSRF tags
-        rails_controller_forgery_protection { rails_controller.allow_forgery_protection }
-        yield
-      end
-    end
-    # Runs any registered #rescue_from controller handlers.
-    def rails_controller_rescue
-      yield
-    rescue Exception => exception
-      rails_controller_instance.rescue_with_handler(exception) || raise
-      unless rails_controller_instance.performed?
-        raise Rodauth::Rails::Error, "rescue_from handler didn't write any response"
-      end
-    end
-    # Returns Roda response from controller response if set.
-    def rails_controller_response
-      controller_response = rails_controller_instance.response
-      response.status = controller_response.status
-      response.headers.merge! controller_response.headers
-      response.write controller_response.body
-      request.halt
-    end
-    # Create emails with ActionMailer which uses configured delivery method.
-    def create_email_to(to, subject, body)
-      Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)
-    end
-    # Delivers the given email.
-    def send_email(email)
-      email.deliver_now
-    end
-    # Calls the Rails renderer, returning nil if a template is missing.
-    def rails_render(*args)
-      return if rails_api_controller?
-      rails_controller_instance.render_to_string(*args)
-    rescue ActionView::MissingTemplate
-      nil
-    end
-    # Calls the controller to verify the authenticity token.
-    def rails_check_csrf!
-      rails_controller_instance.send(:verify_authenticity_token)
-    end
-    # Hidden tag with Rails CSRF token inserted into Rodauth templates.
-    def rails_csrf_tag
-      %(<input type="hidden" name="#{rails_csrf_param}" value="#{rails_csrf_token}">)
-    end
-    # The request parameter under which to send the Rails CSRF token.
-    def rails_csrf_param
-      rails_controller.request_forgery_protection_token
-    end
-    # The Rails CSRF token value inserted into Rodauth templates.
-    def rails_csrf_token
-      rails_controller_instance.send(:form_authenticity_token)
-    end
-    # allows/disables forgery protection
-    def rails_controller_forgery_protection(&value)
-      return if rails_api_controller?
-      rails_controller_instance.allow_forgery_protection = value.call
-    end
-    # Instances of the configured controller with current request's env hash.
-    def _rails_controller_instance
-      controller    = rails_controller.new
-      rails_request = ActionDispatch::Request.new(scope.env)
-      prepare_rails_controller(controller, rails_request)
-      controller
-    end
-    if ActionPack.version >= Gem::Version.new("5.0")
-      def prepare_rails_controller(controller, rails_request)
-        controller.set_request! rails_request
-        controller.set_response! rails_controller.make_response!(rails_request)
-      end
-    else
-      def prepare_rails_controller(controller, rails_request)
-        controller.send(:set_response!, rails_request)
-        controller.instance_variable_set(:@_request, rails_request)
-      end
-    end
-    def rails_api_controller?
-      defined?(ActionController::API) && rails_controller <= ActionController::API
-    end
-    # ActionMailer subclass for correct email delivering.
-    class Mailer < ActionMailer::Base
-      def create_email(**options)
-        mail(**options)
-      end
-    end
+    # Assign feature and feature configuration to constants for introspection.
+    Rodauth::Rails::Feature              = self
+    Rodauth::Rails::FeatureConfiguration = self.configuration
+    require "rodauth/rails/feature/base"
+    require "rodauth/rails/feature/callbacks"
+    require "rodauth/rails/feature/csrf"
+    require "rodauth/rails/feature/render"
+    require "rodauth/rails/feature/email"
+    require "rodauth/rails/feature/instrumentation"
+    include Rodauth::Rails::Feature::Base
+    include Rodauth::Rails::Feature::Callbacks
+    include Rodauth::Rails::Feature::Csrf
+    include Rodauth::Rails::Feature::Render
+    include Rodauth::Rails::Feature::Email
+    include Rodauth::Rails::Feature::Instrumentation
   end
-  # Assign feature and feature configuration to constants for introspection.
-  Rails::Feature              = FEATURES[:rails]
-  Rails::FeatureConfiguration = FEATURES[:rails].configuration
 end

data/lib/rodauth/rails/feature/base.rb ADDED Viewed

@@ -0,0 +1,62 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Base
+        def self.included(feature)
+          feature.auth_methods :rails_controller
+          feature.auth_cached_method :rails_controller_instance
+        end
+        # Reset Rails session to protect from session fixation attacks.
+        def clear_session
+          rails_controller_instance.reset_session
+        end
+        # Default the flash error key to Rails' default :alert.
+        def flash_error_key
+          :alert
+        end
+        # Evaluates the block in context of a Rodauth controller instance.
+        def rails_controller_eval(&block)
+          rails_controller_instance.instance_exec(&block)
+        end
+        delegate :rails_routes, :rails_request, to: :scope
+        private
+        # Instances of the configured controller with current request's env hash.
+        def _rails_controller_instance
+          controller = rails_controller.new
+          prepare_rails_controller(controller, rails_request)
+          controller
+        end
+        if ActionPack.version >= Gem::Version.new("5.0")
+          def prepare_rails_controller(controller, rails_request)
+            controller.set_request! rails_request
+            controller.set_response! rails_controller.make_response!(rails_request)
+          end
+        else
+          def prepare_rails_controller(controller, rails_request)
+            controller.send(:set_response!, rails_request)
+            controller.instance_variable_set(:@_request, rails_request)
+          end
+        end
+        def rails_api_controller?
+          defined?(ActionController::API) && rails_controller <= ActionController::API
+        end
+        def rails_controller
+          if only_json? && Rodauth::Rails.api_only?
+            ActionController::API
+          else
+            ActionController::Base
+          end
+        end
+      end
+    end
+  end
+end