RubyGems - rodauth-rails - Versions diffs - 0.9.0 → 0.13.0 - Mend

rodauth-rails 0.9.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

data/lib/rodauth/rails/app/middleware.rb CHANGED Viewed

@@ -3,20 +3,30 @@ module Rodauth
     class App
       # Roda plugin that extends middleware plugin by propagating response headers.
       module Middleware
-        def self.load_dependencies(app)
-          app.plugin :hooks
-        end
         def self.configure(app)
-          app.after do
-            if response.empty? && response.headers.any?
-              env["rodauth.rails.headers"] = response.headers
+          handle_result = -> (env, res) do
+            if headers = env.delete("rodauth.rails.headers")
+              res[1] = headers.merge(res[1])
             end
           end
-          app.plugin :middleware, handle_result: -> (env, res) do
-            if headers = env.delete("rodauth.rails.headers")
-              res[1] = headers.merge(res[1])
+          app.plugin :middleware, handle_result: handle_result do |middleware|
+            middleware.plugin :hooks
+            middleware.after do
+              if response.empty? && response.headers.any?
+                env["rodauth.rails.headers"] = response.headers
+              end
+            end
+            middleware.class_eval do
+              def self.inspect
+                "#{superclass}::Middleware"
+              end
+              def inspect
+                "#<#{self.class.inspect} request=#{request.inspect} response=#{response.inspect}>"
+              end
             end
           end
         end

data/lib/rodauth/rails/auth.rb ADDED Viewed

@@ -0,0 +1,40 @@
+require "rodauth"
+require "rodauth/rails/feature"
+module Rodauth
+  module Rails
+    # Base auth class that applies some default configuration and supports
+    # multi-level inheritance.
+    class Auth < Rodauth::Auth
+      class << self
+        attr_writer :features
+        attr_writer :routes
+        attr_accessor :configuration
+      end
+      def self.inherited(auth_class)
+        super
+        auth_class.roda_class = Rodauth::Rails.app
+        auth_class.features = features.dup
+        auth_class.routes = routes.dup
+        auth_class.route_hash = route_hash.dup
+        auth_class.configuration = configuration.clone
+        auth_class.configuration.instance_variable_set(:@auth, auth_class)
+      end
+      # apply default configuration
+      configure do
+        enable :rails
+        # database functions are more complex to set up, so disable them by default
+        use_database_authentication_functions? false
+        # avoid having to set deadline values in column default values
+        set_deadline_values? true
+        # use HMACs for additional security
+        hmac_secret { Rodauth::Rails.secret_key_base }
+      end
+    end
+  end
+end

data/lib/rodauth/rails/controller_methods.rb CHANGED Viewed

@@ -9,11 +9,7 @@ module Rodauth
       end
       def rodauth(name = nil)
-        if name
-          request.env["rodauth.#{name}"]
-        else
-          request.env["rodauth"]
-        end
+        request.env.fetch ["rodauth", *name].join(".")
       end
     end
   end

data/lib/rodauth/rails/feature.rb CHANGED Viewed

@@ -1,214 +1,21 @@
 module Rodauth
   Feature.define(:rails) do
-    depends :email_base
-    # List of overridable methods.
-    auth_methods(
-      :rails_render,
-      :rails_csrf_tag,
-      :rails_csrf_param,
-      :rails_csrf_token,
-      :rails_check_csrf!,
-      :rails_controller,
-    )
-    auth_cached_method :rails_controller_instance
-    # Renders templates with layout. First tries to render a user-defined
-    # template, otherwise falls back to Rodauth's template.
-    def view(page, *)
-      rails_render(action: page.tr("-", "_"), layout: true) ||
-        rails_render(html: super.html_safe, layout: true)
-    end
-    # Renders templates without layout. First tries to render a user-defined
-    # template or partial, otherwise falls back to Rodauth's template.
-    def render(page)
-      rails_render(partial: page.tr("-", "_"), layout: false) ||
-        rails_render(action: page.tr("-", "_"), layout: false) ||
-        super.html_safe
-    end
-    # Render Rails CSRF tags in Rodauth templates.
-    def csrf_tag(*)
-      rails_csrf_tag
-    end
-    # Verify Rails' authenticity token.
-    def check_csrf
-      rails_check_csrf!
-    end
-    # Have Rodauth call #check_csrf automatically.
-    def check_csrf?
-      true
-    end
-    # Reset Rails session to protect from session fixation attacks.
-    def clear_session
-      rails_controller_instance.reset_session
-    end
-    # Default the flash error key to Rails' default :alert.
-    def flash_error_key
-      :alert
-    end
-    # Evaluates the block in context of a Rodauth controller instance.
-    def rails_controller_eval(&block)
-      rails_controller_instance.instance_exec(&block)
-    end
-    def button(*)
-      super.html_safe
-    end
-    private
-    # Runs controller callbacks and rescue handlers around Rodauth actions.
-    def _around_rodauth(&block)
-      result = nil
-      rails_controller_rescue do
-        rails_controller_callbacks do
-          result = catch(:halt) { super(&block) }
-        end
-      end
-      if rails_controller_instance.performed?
-        rails_controller_response
-      elsif result
-        result[1].merge!(rails_controller_instance.response.headers)
-        throw :halt, result
-      else
-        result
-      end
-    end
-    # Runs any #(before|around|after)_action controller callbacks.
-    def rails_controller_callbacks
-      # don't verify CSRF token as part of callbacks, Rodauth will do that
-      rails_controller_forgery_protection { false }
-      rails_controller_instance.run_callbacks(:process_action) do
-        # turn the setting back to default so that form tags generate CSRF tags
-        rails_controller_forgery_protection { rails_controller.allow_forgery_protection }
-        yield
-      end
-    end
-    # Runs any registered #rescue_from controller handlers.
-    def rails_controller_rescue
-      yield
-    rescue Exception => exception
-      rails_controller_instance.rescue_with_handler(exception) || raise
-      unless rails_controller_instance.performed?
-        raise Rodauth::Rails::Error, "rescue_from handler didn't write any response"
-      end
-    end
-    # Returns Roda response from controller response if set.
-    def rails_controller_response
-      controller_response = rails_controller_instance.response
-      response.status = controller_response.status
-      response.headers.merge! controller_response.headers
-      response.write controller_response.body
-      request.halt
-    end
-    # Create emails with ActionMailer which uses configured delivery method.
-    def create_email_to(to, subject, body)
-      Mailer.create_email(to: to, from: email_from, subject: "#{email_subject_prefix}#{subject}", body: body)
-    end
-    # Delivers the given email.
-    def send_email(email)
-      email.deliver_now
-    end
-    # Calls the Rails renderer, returning nil if a template is missing.
-    def rails_render(*args)
-      return if rails_api_controller?
-      rails_controller_instance.render_to_string(*args)
-    rescue ActionView::MissingTemplate
-      nil
-    end
-    # Calls the controller to verify the authenticity token.
-    def rails_check_csrf!
-      rails_controller_instance.send(:verify_authenticity_token)
-    end
-    # Hidden tag with Rails CSRF token inserted into Rodauth templates.
-    def rails_csrf_tag
-      %(<input type="hidden" name="#{rails_csrf_param}" value="#{rails_csrf_token}">)
-    end
-    # The request parameter under which to send the Rails CSRF token.
-    def rails_csrf_param
-      rails_controller.request_forgery_protection_token
-    end
-    # The Rails CSRF token value inserted into Rodauth templates.
-    def rails_csrf_token
-      rails_controller_instance.send(:form_authenticity_token)
-    end
-    # allows/disables forgery protection
-    def rails_controller_forgery_protection(&value)
-      return if rails_api_controller?
-      rails_controller_instance.allow_forgery_protection = value.call
-    end
-    # Instances of the configured controller with current request's env hash.
-    def _rails_controller_instance
-      controller    = rails_controller.new
-      rails_request = ActionDispatch::Request.new(scope.env)
-      prepare_rails_controller(controller, rails_request)
-      controller
-    end
-    if ActionPack.version >= Gem::Version.new("5.0")
-      def prepare_rails_controller(controller, rails_request)
-        controller.set_request! rails_request
-        controller.set_response! rails_controller.make_response!(rails_request)
-      end
-    else
-      def prepare_rails_controller(controller, rails_request)
-        controller.send(:set_response!, rails_request)
-        controller.instance_variable_set(:@_request, rails_request)
-      end
-    end
-    def rails_api_controller?
-      defined?(ActionController::API) && rails_controller <= ActionController::API
-    end
-    def rails_controller
-      if only_json? && Rodauth::Rails.api_only?
-        ActionController::API
-      else
-        ActionController::Base
-      end
-    end
-    # ActionMailer subclass for correct email delivering.
-    class Mailer < ActionMailer::Base
-      def create_email(**options)
-        mail(**options)
-      end
-    end
+    # Assign feature and feature configuration to constants for introspection.
+    Rodauth::Rails::Feature              = self
+    Rodauth::Rails::FeatureConfiguration = self.configuration
+    require "rodauth/rails/feature/base"
+    require "rodauth/rails/feature/callbacks"
+    require "rodauth/rails/feature/csrf"
+    require "rodauth/rails/feature/render"
+    require "rodauth/rails/feature/email"
+    require "rodauth/rails/feature/instrumentation"
+    include Rodauth::Rails::Feature::Base
+    include Rodauth::Rails::Feature::Callbacks
+    include Rodauth::Rails::Feature::Csrf
+    include Rodauth::Rails::Feature::Render
+    include Rodauth::Rails::Feature::Email
+    include Rodauth::Rails::Feature::Instrumentation
   end
-  # Assign feature and feature configuration to constants for introspection.
-  Rails::Feature              = FEATURES[:rails]
-  Rails::FeatureConfiguration = FEATURES[:rails].configuration
 end

data/lib/rodauth/rails/feature/base.rb ADDED Viewed

@@ -0,0 +1,62 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Base
+        def self.included(feature)
+          feature.auth_methods :rails_controller
+          feature.auth_cached_method :rails_controller_instance
+        end
+        # Reset Rails session to protect from session fixation attacks.
+        def clear_session
+          rails_controller_instance.reset_session
+        end
+        # Default the flash error key to Rails' default :alert.
+        def flash_error_key
+          :alert
+        end
+        # Evaluates the block in context of a Rodauth controller instance.
+        def rails_controller_eval(&block)
+          rails_controller_instance.instance_exec(&block)
+        end
+        delegate :rails_routes, :rails_request, to: :scope
+        private
+        # Instances of the configured controller with current request's env hash.
+        def _rails_controller_instance
+          controller = rails_controller.new
+          prepare_rails_controller(controller, rails_request)
+          controller
+        end
+        if ActionPack.version >= Gem::Version.new("5.0")
+          def prepare_rails_controller(controller, rails_request)
+            controller.set_request! rails_request
+            controller.set_response! rails_controller.make_response!(rails_request)
+          end
+        else
+          def prepare_rails_controller(controller, rails_request)
+            controller.send(:set_response!, rails_request)
+            controller.instance_variable_set(:@_request, rails_request)
+          end
+        end
+        def rails_api_controller?
+          defined?(ActionController::API) && rails_controller <= ActionController::API
+        end
+        def rails_controller
+          if only_json? && Rodauth::Rails.api_only?
+            ActionController::API
+          else
+            ActionController::Base
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/feature/callbacks.rb ADDED Viewed

@@ -0,0 +1,61 @@
+module Rodauth
+  module Rails
+    module Feature
+      module Callbacks
+        private
+        # Runs controller callbacks and rescue handlers around Rodauth actions.
+        def _around_rodauth(&block)
+          result = nil
+          rails_controller_rescue do
+            rails_controller_callbacks do
+              result = catch(:halt) { super(&block) }
+            end
+          end
+          result = handle_rails_controller_response(result)
+          throw :halt, result if result
+        end
+        # Runs any #(before|around|after)_action controller callbacks.
+        def rails_controller_callbacks(&block)
+          rails_controller_instance.run_callbacks(:process_action, &block)
+        end
+        # Runs any registered #rescue_from controller handlers.
+        def rails_controller_rescue
+          yield
+        rescue Exception => exception
+          rails_controller_instance.rescue_with_handler(exception) || raise
+          unless rails_controller_instance.performed?
+            raise Rodauth::Rails::Error, "rescue_from handler didn't write any response"
+          end
+        end
+        # Handles controller rendering a response or setting response headers.
+        def handle_rails_controller_response(result)
+          if rails_controller_instance.performed?
+            rails_controller_response
+          elsif result
+            result[1].merge!(rails_controller_instance.response.headers)
+            result
+          end
+        end
+        # Returns Roda response from controller response if set.
+        def rails_controller_response
+          controller_response = rails_controller_instance.response
+          response.status = controller_response.status
+          response.headers.merge! controller_response.headers
+          response.write controller_response.body
+          response.finish
+        end
+      end
+    end
+  end
+end