RubyGems - rodauth-rails - Versions diffs - 1.1.0 → 1.2.2 - Mend

rodauth-rails 1.1.0 → 1.2.2

Files changed (22) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +18 -0
data/README.md +39 -25
data/lib/generators/rodauth/migration/active_sessions.erb +2 -2
data/lib/generators/rodauth/migration/audit_logging.erb +1 -1
data/lib/generators/rodauth/migration/base.erb +2 -2
data/lib/generators/rodauth/migration/email_auth.erb +1 -1
data/lib/generators/rodauth/migration/otp.erb +1 -1
data/lib/generators/rodauth/migration/password_expiration.erb +1 -1
data/lib/generators/rodauth/migration/reset_password.erb +1 -1
data/lib/generators/rodauth/migration/sms_codes.erb +1 -1
data/lib/generators/rodauth/migration/verify_account.erb +2 -2
data/lib/generators/rodauth/migration/webauthn.erb +1 -1
data/lib/generators/rodauth/migration_helpers.rb +8 -0
data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb +1 -4
data/lib/generators/rodauth/templates/app/models/account.rb +1 -0
data/lib/rodauth/rails/app/flash.rb +1 -2
data/lib/rodauth/rails/controller_methods.rb +4 -29
data/lib/rodauth/rails/feature/base.rb +21 -0
data/lib/rodauth/rails/feature/instrumentation.rb +1 -1
data/lib/rodauth/rails/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8643f8a912963b78be7d03a815b813688304f4e4b2777a1fdade807f79a4c712
-  data.tar.gz: 31aadb16115fc826750b7d160dcb572ae9c24255d99a7c640abef5fd157bd319
+  metadata.gz: 402cbf2f62d93eae97353a3aed436ce742b41421e880176649a7271c5516b39c
+  data.tar.gz: ca035e7a60c54b4e1b6f2a42ea6405f43811146141c30c5a6d14fd7c0600669e
 SHA512:
-  metadata.gz: dd27d717b3a01f0b5f43e346c0cd839e2703ee0db44f7503eb6ce80f7cffd4493f4ed9e208db474af56af536f675444170f16a6d47435e1f4ce2af38a7487916
-  data.tar.gz: bbac5b7492751e76886a5bcd275af78aada1026d2cd95ddee732817e8d7a5a154f559e5c27ce08606d444a1ffd4640f8522744bd13939f6491288d57c986fea0
+  metadata.gz: 888fd37f380d6f4896b544374c6681445dbb0e90d692dd7c0239aa043c9d6c0cb2aaafa9b47f271cd6cc70ad3a6c88693c988901aed1e5bc0f77ed5c92cb4ab1
+  data.tar.gz: 48fe23bfbd3d78c3378ab47ecf92ffd7f87fe768f996764a71b8534a2cab8731ebc080998b03ea9a78f1fecd949548782ca8e38dc17c56fa2606ea11f7a7fbe9

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,21 @@
+## 1.2.2 (2022-02-22)
+* Fix flash messages not being preserved through consecutive redirects (@janko)
+## 1.2.1 (2022-02-19)
+* Change `accounts.status` column type from string to integer (@zhongsheng)
+## 1.2.0 (2022-02-11)
+* Work around Active Record 4.2 not supporting procs for literal SQL column default (@janko)
+* Avoid re-fetching the account in `#current_account` when it has already been fetched by Rodauth (@janko)
+* Extract `#current_account` helper functionality into `#rails_account` Rodauth method (@janko)
+* Use default account status values in generated configuration, with enum on `Account` model (@janko)
 ## 1.1.0 (2022-01-16)
 * Automatically route the path prefix in `r.rodauth` if one has been set (@janko)

data/README.md CHANGED Viewed

@@ -4,7 +4,7 @@ Provides Rails integration for the [Rodauth] authentication framework.
 ## Resources
-Useful links:
+🔗 Useful links:
 * [Rodauth documentation](http://rodauth.jeremyevans.net/documentation.html)
 * [Rails demo](https://github.com/janko/rodauth-demo-rails)
@@ -12,11 +12,15 @@ Useful links:
 * [OmniAuth guide](https://github.com/janko/rodauth-rails/wiki/OmniAuth)
 * [Testing guide](https://github.com/janko/rodauth-rails/wiki/Testing)
-Articles:
+🎥 Screencasts:
+* [Rails Authentication with Rodauth](https://www.youtube.com/watch?v=2hDpNikacf0)
+📚 Articles:
 * [Rodauth: A Refreshing Authentication Solution for Ruby](https://janko.io/rodauth-a-refreshing-authentication-solution-for-ruby/)
-* [Adding Authentication in Rails with Rodauth](https://janko.io/adding-authentication-in-rails-with-rodauth/)
-* [Adding Multifactor Authentication in Rails with Rodauth](https://janko.io/adding-multifactor-authentication-in-rails-with-rodauth/)
+* [Rails Authentication with Rodauth](https://janko.io/adding-authentication-in-rails-with-rodauth/)
+* [Multifactor Authentication in Rails with Rodauth](https://janko.io/adding-multifactor-authentication-in-rails-with-rodauth/)
 * [How to build an OIDC provider using rodauth-oauth on Rails](https://honeyryderchuck.gitlab.io/httpx/2021/03/15/oidc-provider-on-rails-using-rodauth-oauth.html)
 ## Why Rodauth?
@@ -140,16 +144,14 @@ authentication experience, and the forms use [Bootstrap] markup.
 ### Current account
 The `#current_account` method is defined in controllers and views, which
-returns the model instance of the currently logged in account.
+returns the model instance of the currently logged in account. If the account
+doesn't exist in the database, the session will be cleared.
 ```rb
 current_account #=> #<Account id=123 email="user@example.com">
 current_account.email #=> "user@example.com"
 ```
-If the account doesn't exist in the database, the session will be cleared and
-login required.
 Pass the configuration name to retrieve accounts belonging to other Rodauth
 configurations:
@@ -157,6 +159,8 @@ configurations:
 current_account(:admin)
 ```
+This just delegates to the `#rails_account` method on the Rodauth object.
 #### Custom account model
 The `#current_account` method will try to infer the account model class from
@@ -248,6 +252,18 @@ Rails.application.routes.draw do
 end
 ```
+The current account can be retrieved via the `#rails_account` method:
+```rb
+# config/routes.rb
+Rails.application.routes.draw do
+  # require user to be admin
+  constraints Rodauth::Rails.authenticated { |rodauth| rodauth.rails_account.admin? } do
+    # ...
+  end
+end
+```
 You can specify the Rodauth configuration by passing the configuration name:
 ```rb
@@ -1097,16 +1113,15 @@ end
 The recommended [Rodauth migration] stores possible account status values in a
 separate table, and creates a foreign key on the accounts table, which ensures
-only a valid status value will be persisted.
+only a valid status value will be persisted. Unfortunately, this doesn't work
+when the database is restored from the schema file, in which case the account
+statuses table will be empty. This happens in tests by default, but it's also
+not unusual to do it in development.
-Unfortunately, this doesn't work when the database is restored from the schema
-file, in which case the account statuses table will be empty. This happens in
-tests by default, but it's also commonly done in development.
-To address this, rodauth-rails modifies the setup to store account status text
-directly in the accounts table. If you're worried about invalid status values
-creeping in, you may use enums instead. Alternatively, you can always go back
-to the setup recommended by Rodauth.
+To address this, rodauth-rails uses a `status` column without a separate table.
+If you're worried about invalid status values creeping in, you may use enums
+instead. Alternatively, you can always go back to the setup recommended by
+Rodauth.
 ```rb
 # in the migration:
@@ -1122,14 +1137,13 @@ create_table :accounts do |t|
 end
 ```
 ```diff
-configure do
-  # ...
-- account_status_column :status
-- account_unverified_status_value "unverified"
-- account_open_status_value "verified"
-- account_closed_status_value "closed"
-  # ...
-end
+  class RodauthMain < Rodauth::Rails::Auth
+    configure do
+      # ...
+-     account_status_column :status
+      # ...
+    end
+  end
 ```
 ### Deadline values

data/lib/generators/rodauth/migration/active_sessions.erb CHANGED Viewed

@@ -2,6 +2,6 @@
 create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
   t.references :account, foreign_key: true<%= primary_key_type(:type) %>
   t.string :session_id
-  t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :created_at, null: false, default: <%= current_timestamp %>
+  t.datetime :last_use, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/audit_logging.erb CHANGED Viewed

@@ -1,7 +1,7 @@
 # Used by the audit logging feature
 create_table :account_authentication_audit_logs<%= primary_key_type %> do |t|
   t.references :account, foreign_key: true, null: false<%= primary_key_type(:type) %>
-  t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :at, null: false, default: <%= current_timestamp %>
   t.text :message, null: false
 <% case activerecord_adapter -%>
 <% when "postgresql" -%>

data/lib/generators/rodauth/migration/base.erb CHANGED Viewed

@@ -9,10 +9,10 @@ create_table :accounts<%= primary_key_type %> do |t|
 <% else -%>
   t.string :email, null: false
 <% end -%>
-  t.string :status, null: false, default: "unverified"
+  t.integer :status, null: false, default: 1
 <% case activerecord_adapter -%>
 <% when "postgresql", "sqlite3" -%>
-  t.index :email, unique: true, where: "status IN ('unverified', 'verified')"
+  t.index :email, unique: true, where: "status IN (1, 2)"
 <% else -%>
   t.index :email, unique: true
 <% end -%>

data/lib/generators/rodauth/migration/email_auth.erb CHANGED Viewed

@@ -3,5 +3,5 @@ create_table :account_email_auth_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
   t.datetime :deadline, null: false
-  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :email_last_sent, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/otp.erb CHANGED Viewed

@@ -3,5 +3,5 @@ create_table :account_otp_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
   t.integer :num_failures, null: false, default: 0
-  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :last_use, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/password_expiration.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 # Used by the password expiration feature
 create_table :account_password_change_times<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
-  t.datetime :changed_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :changed_at, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/reset_password.erb CHANGED Viewed

@@ -3,5 +3,5 @@ create_table :account_password_reset_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
   t.datetime :deadline, null: false
-  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :email_last_sent, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/sms_codes.erb CHANGED Viewed

@@ -4,5 +4,5 @@ create_table :account_sms_codes<%= primary_key_type %> do |t|
   t.string :phone_number, null: false
   t.integer :num_failures
   t.string :code
-  t.datetime :code_issued_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :code_issued_at, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/verify_account.erb CHANGED Viewed

@@ -2,6 +2,6 @@
 create_table :account_verification_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
-  t.datetime :requested_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :requested_at, null: false, default: <%= current_timestamp %>
+  t.datetime :email_last_sent, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/webauthn.erb CHANGED Viewed

@@ -8,5 +8,5 @@ create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do
   t.string :webauthn_id
   t.string :public_key, null: false
   t.integer :sign_count, null: false
-  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :last_use, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration_helpers.rb CHANGED Viewed

@@ -63,6 +63,14 @@ module Rodauth
             ERB.new(content, 0, "-").result(binding)
           end
         end
+        def current_timestamp
+          if ActiveRecord.version >= Gem::Version.new("5.0")
+            %(-> { "CURRENT_TIMESTAMP" })
+          else
+            %(OpenStruct.new(quoted_id: "CURRENT_TIMESTAMP"))
+          end
+        end
       end
     end
   end

data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb CHANGED Viewed

@@ -31,11 +31,8 @@ class RodauthMain < Rodauth::Rails::Auth
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
-    # Store account status in a text column.
+    # Store account status in an integer column without foreign key constraint.
     account_status_column :status
-    account_unverified_status_value "unverified"
-    account_open_status_value "verified"
-    account_closed_status_value "closed"
     # Store password hash in a column instead of a separate table.
     # account_password_hash_column :password_digest

data/lib/generators/rodauth/templates/app/models/account.rb CHANGED Viewed

@@ -1,3 +1,4 @@
 class Account < ApplicationRecord
   include Rodauth::Rails.model
+  enum :status, unverified: 1, verified: 2, closed: 3
 end

data/lib/rodauth/rails/app/flash.rb CHANGED Viewed

@@ -8,8 +8,7 @@ module Rodauth
         end
         def self.configure(app)
-          app.before { request.flash }        # load flash
-          app.after  { request.commit_flash } # save flash
+          app.after { request.commit_flash }
         end
         module InstanceMethods

data/lib/rodauth/rails/controller_methods.rb CHANGED Viewed

@@ -8,41 +8,16 @@ module Rodauth
         end
       end
-      def rodauth(name = nil)
-        request.env.fetch ["rodauth", *name].join(".")
-      end
       def current_account(name = nil)
-        model = rodauth(name).rails_account_model
-        id = rodauth(name).session_value
+        rodauth(name).rails_account || rodauth(name).login_required
+      end
-        @current_account ||= {}
-        @current_account[name] ||= fetch_account(model, id) do
-          rodauth(name).clear_session
-          rodauth(name).login_required
-        end
+      def rodauth(name = nil)
+        request.env.fetch ["rodauth", *name].join(".")
       end
       private
-      def fetch_account(model, id, &not_found)
-        if defined?(ActiveRecord::Base) && model < ActiveRecord::Base
-          begin
-            model.find(id)
-          rescue ActiveRecord::RecordNotFound
-            not_found.call
-          end
-        elsif defined?(Sequel::Model) && model < Sequel::Model
-          begin
-            model.with_pk!(id)
-          rescue Sequel::NoMatchingRow
-            not_found.call
-          end
-        else
-          fail Error, "unsupported model type: #{model}"
-        end
-      end
       def rodauth_response
         res = catch(:halt) { return yield }

data/lib/rodauth/rails/feature/base.rb CHANGED Viewed

@@ -8,6 +8,17 @@ module Rodauth
           feature.auth_cached_method :rails_controller_instance
         end
+        def rails_account
+          account_from_session unless account
+          unless account
+            clear_session if logged_in?
+            return
+          end
+          @rails_account ||= instantiate_rails_account
+        end
         # Reset Rails session to protect from session fixation attacks.
         def clear_session
           rails_controller_instance.reset_session
@@ -43,6 +54,16 @@ module Rodauth
         private
+        def instantiate_rails_account
+          if defined?(ActiveRecord::Base) && rails_account_model < ActiveRecord::Base
+            rails_account_model.instantiate(account.stringify_keys)
+          elsif defined?(Sequel::Model) && rails_account_model < Sequel::Model
+            rails_account_model.load(account)
+          else
+            fail Error, "unsupported model type: #{rails_account_model}"
+          end
+        end
         # Instances of the configured controller with current request's env hash.
         def _rails_controller_instance
           controller = rails_controller.new

data/lib/rodauth/rails/feature/instrumentation.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Rodauth
             begin
               result = catch(:halt) { yield }
-              response = ActionDispatch::Response.new *(result || [404, {}, []])
+              response = ActionDispatch::Response.new(*(result || [404, {}, []]))
               payload[:response] = response
               payload[:status] = response.status

data/lib/rodauth/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.1.0"
+    VERSION = "1.2.2"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.2
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-16 00:00:00.000000000 Z
+date: 2022-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -268,7 +268,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.