RubyGems - rodauth-rails - Versions diffs - 1.1.0 → 1.2.2 - Mend

rodauth-rails 1.1.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +18 -0
data/README.md +39 -25
data/lib/generators/rodauth/migration/active_sessions.erb +2 -2
data/lib/generators/rodauth/migration/audit_logging.erb +1 -1
data/lib/generators/rodauth/migration/base.erb +2 -2
data/lib/generators/rodauth/migration/email_auth.erb +1 -1
data/lib/generators/rodauth/migration/otp.erb +1 -1
data/lib/generators/rodauth/migration/password_expiration.erb +1 -1
data/lib/generators/rodauth/migration/reset_password.erb +1 -1
data/lib/generators/rodauth/migration/sms_codes.erb +1 -1
data/lib/generators/rodauth/migration/verify_account.erb +2 -2
data/lib/generators/rodauth/migration/webauthn.erb +1 -1
data/lib/generators/rodauth/migration_helpers.rb +8 -0
data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb +1 -4
data/lib/generators/rodauth/templates/app/models/account.rb +1 -0
data/lib/rodauth/rails/app/flash.rb +1 -2
data/lib/rodauth/rails/controller_methods.rb +4 -29
data/lib/rodauth/rails/feature/base.rb +21 -0
data/lib/rodauth/rails/feature/instrumentation.rb +1 -1
data/lib/rodauth/rails/version.rb +1 -1
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8643f8a912963b78be7d03a815b813688304f4e4b2777a1fdade807f79a4c712
-  data.tar.gz: 31aadb16115fc826750b7d160dcb572ae9c24255d99a7c640abef5fd157bd319
+  metadata.gz: 402cbf2f62d93eae97353a3aed436ce742b41421e880176649a7271c5516b39c
+  data.tar.gz: ca035e7a60c54b4e1b6f2a42ea6405f43811146141c30c5a6d14fd7c0600669e
 SHA512:
-  metadata.gz: dd27d717b3a01f0b5f43e346c0cd839e2703ee0db44f7503eb6ce80f7cffd4493f4ed9e208db474af56af536f675444170f16a6d47435e1f4ce2af38a7487916
-  data.tar.gz: bbac5b7492751e76886a5bcd275af78aada1026d2cd95ddee732817e8d7a5a154f559e5c27ce08606d444a1ffd4640f8522744bd13939f6491288d57c986fea0
+  metadata.gz: 888fd37f380d6f4896b544374c6681445dbb0e90d692dd7c0239aa043c9d6c0cb2aaafa9b47f271cd6cc70ad3a6c88693c988901aed1e5bc0f77ed5c92cb4ab1
+  data.tar.gz: 48fe23bfbd3d78c3378ab47ecf92ffd7f87fe768f996764a71b8534a2cab8731ebc080998b03ea9a78f1fecd949548782ca8e38dc17c56fa2606ea11f7a7fbe9

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,21 @@
+## 1.2.2 (2022-02-22)
+* Fix flash messages not being preserved through consecutive redirects (@janko)
+## 1.2.1 (2022-02-19)
+* Change `accounts.status` column type from string to integer (@zhongsheng)
+## 1.2.0 (2022-02-11)
+* Work around Active Record 4.2 not supporting procs for literal SQL column default (@janko)
+* Avoid re-fetching the account in `#current_account` when it has already been fetched by Rodauth (@janko)
+* Extract `#current_account` helper functionality into `#rails_account` Rodauth method (@janko)
+* Use default account status values in generated configuration, with enum on `Account` model (@janko)
 ## 1.1.0 (2022-01-16)
 * Automatically route the path prefix in `r.rodauth` if one has been set (@janko)

data/README.md CHANGED Viewed

@@ -4,7 +4,7 @@ Provides Rails integration for the [Rodauth] authentication framework.
 ## Resources
-Useful links:
+🔗 Useful links:
 * [Rodauth documentation](http://rodauth.jeremyevans.net/documentation.html)
 * [Rails demo](https://github.com/janko/rodauth-demo-rails)
@@ -12,11 +12,15 @@ Useful links:
 * [OmniAuth guide](https://github.com/janko/rodauth-rails/wiki/OmniAuth)
 * [Testing guide](https://github.com/janko/rodauth-rails/wiki/Testing)
-Articles:
+🎥 Screencasts:
+* [Rails Authentication with Rodauth](https://www.youtube.com/watch?v=2hDpNikacf0)
+📚 Articles:
 * [Rodauth: A Refreshing Authentication Solution for Ruby](https://janko.io/rodauth-a-refreshing-authentication-solution-for-ruby/)
-* [Adding Authentication in Rails with Rodauth](https://janko.io/adding-authentication-in-rails-with-rodauth/)
-* [Adding Multifactor Authentication in Rails with Rodauth](https://janko.io/adding-multifactor-authentication-in-rails-with-rodauth/)
+* [Rails Authentication with Rodauth](https://janko.io/adding-authentication-in-rails-with-rodauth/)
+* [Multifactor Authentication in Rails with Rodauth](https://janko.io/adding-multifactor-authentication-in-rails-with-rodauth/)
 * [How to build an OIDC provider using rodauth-oauth on Rails](https://honeyryderchuck.gitlab.io/httpx/2021/03/15/oidc-provider-on-rails-using-rodauth-oauth.html)
 ## Why Rodauth?
@@ -140,16 +144,14 @@ authentication experience, and the forms use [Bootstrap] markup.
 ### Current account
 The `#current_account` method is defined in controllers and views, which
-returns the model instance of the currently logged in account.
+returns the model instance of the currently logged in account. If the account
+doesn't exist in the database, the session will be cleared.
 ```rb
 current_account #=> #<Account id=123 email="user@example.com">
 current_account.email #=> "user@example.com"
 ```
-If the account doesn't exist in the database, the session will be cleared and
-login required.
 Pass the configuration name to retrieve accounts belonging to other Rodauth
 configurations:
@@ -157,6 +159,8 @@ configurations:
 current_account(:admin)
 ```
+This just delegates to the `#rails_account` method on the Rodauth object.
 #### Custom account model
 The `#current_account` method will try to infer the account model class from
@@ -248,6 +252,18 @@ Rails.application.routes.draw do
 end
 ```
+The current account can be retrieved via the `#rails_account` method:
+```rb
+# config/routes.rb
+Rails.application.routes.draw do
+  # require user to be admin
+  constraints Rodauth::Rails.authenticated { |rodauth| rodauth.rails_account.admin? } do
+    # ...
+  end
+end
+```
 You can specify the Rodauth configuration by passing the configuration name:
 ```rb
@@ -1097,16 +1113,15 @@ end
 The recommended [Rodauth migration] stores possible account status values in a
 separate table, and creates a foreign key on the accounts table, which ensures
-only a valid status value will be persisted.
+only a valid status value will be persisted. Unfortunately, this doesn't work
+when the database is restored from the schema file, in which case the account
+statuses table will be empty. This happens in tests by default, but it's also
+not unusual to do it in development.
-Unfortunately, this doesn't work when the database is restored from the schema
-file, in which case the account statuses table will be empty. This happens in
-tests by default, but it's also commonly done in development.
-To address this, rodauth-rails modifies the setup to store account status text
-directly in the accounts table. If you're worried about invalid status values
-creeping in, you may use enums instead. Alternatively, you can always go back
-to the setup recommended by Rodauth.
+To address this, rodauth-rails uses a `status` column without a separate table.
+If you're worried about invalid status values creeping in, you may use enums
+instead. Alternatively, you can always go back to the setup recommended by
+Rodauth.
 ```rb
 # in the migration:
@@ -1122,14 +1137,13 @@ create_table :accounts do |t|
 end
 ```
 ```diff
-configure do
-  # ...
-- account_status_column :status
-- account_unverified_status_value "unverified"
-- account_open_status_value "verified"
-- account_closed_status_value "closed"
-  # ...
-end
+  class RodauthMain < Rodauth::Rails::Auth
+    configure do
+      # ...
+-     account_status_column :status
+      # ...
+    end
+  end
 ```
 ### Deadline values

data/lib/generators/rodauth/migration/active_sessions.erb CHANGED Viewed

@@ -2,6 +2,6 @@
 create_table :account_active_session_keys, primary_key: [:account_id, :session_id] do |t|
   t.references :account, foreign_key: true<%= primary_key_type(:type) %>
   t.string :session_id
-  t.datetime :created_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :created_at, null: false, default: <%= current_timestamp %>
+  t.datetime :last_use, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/audit_logging.erb CHANGED Viewed

@@ -1,7 +1,7 @@
 # Used by the audit logging feature
 create_table :account_authentication_audit_logs<%= primary_key_type %> do |t|
   t.references :account, foreign_key: true, null: false<%= primary_key_type(:type) %>
-  t.datetime :at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :at, null: false, default: <%= current_timestamp %>
   t.text :message, null: false
 <% case activerecord_adapter -%>
 <% when "postgresql" -%>

data/lib/generators/rodauth/migration/base.erb CHANGED Viewed

@@ -9,10 +9,10 @@ create_table :accounts<%= primary_key_type %> do |t|
 <% else -%>
   t.string :email, null: false
 <% end -%>
-  t.string :status, null: false, default: "unverified"
+  t.integer :status, null: false, default: 1
 <% case activerecord_adapter -%>
 <% when "postgresql", "sqlite3" -%>
-  t.index :email, unique: true, where: "status IN ('unverified', 'verified')"
+  t.index :email, unique: true, where: "status IN (1, 2)"
 <% else -%>
   t.index :email, unique: true
 <% end -%>

data/lib/generators/rodauth/migration/email_auth.erb CHANGED Viewed

@@ -3,5 +3,5 @@ create_table :account_email_auth_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
   t.datetime :deadline, null: false
-  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :email_last_sent, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/otp.erb CHANGED Viewed

@@ -3,5 +3,5 @@ create_table :account_otp_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
   t.integer :num_failures, null: false, default: 0
-  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :last_use, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/password_expiration.erb CHANGED Viewed

@@ -1,5 +1,5 @@
 # Used by the password expiration feature
 create_table :account_password_change_times<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
-  t.datetime :changed_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :changed_at, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/reset_password.erb CHANGED Viewed

@@ -3,5 +3,5 @@ create_table :account_password_reset_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
   t.datetime :deadline, null: false
-  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :email_last_sent, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/sms_codes.erb CHANGED Viewed

@@ -4,5 +4,5 @@ create_table :account_sms_codes<%= primary_key_type %> do |t|
   t.string :phone_number, null: false
   t.integer :num_failures
   t.string :code
-  t.datetime :code_issued_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :code_issued_at, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/verify_account.erb CHANGED Viewed

@@ -2,6 +2,6 @@
 create_table :account_verification_keys<%= primary_key_type %> do |t|
   t.foreign_key :accounts, column: :id
   t.string :key, null: false
-  t.datetime :requested_at, null: false, default: -> { "CURRENT_TIMESTAMP" }
-  t.datetime :email_last_sent, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :requested_at, null: false, default: <%= current_timestamp %>
+  t.datetime :email_last_sent, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration/webauthn.erb CHANGED Viewed

@@ -8,5 +8,5 @@ create_table :account_webauthn_keys, primary_key: [:account_id, :webauthn_id] do
   t.string :webauthn_id
   t.string :public_key, null: false
   t.integer :sign_count, null: false
-  t.datetime :last_use, null: false, default: -> { "CURRENT_TIMESTAMP" }
+  t.datetime :last_use, null: false, default: <%= current_timestamp %>
 end

data/lib/generators/rodauth/migration_helpers.rb CHANGED Viewed

@@ -63,6 +63,14 @@ module Rodauth
             ERB.new(content, 0, "-").result(binding)
           end
         end
+        def current_timestamp
+          if ActiveRecord.version >= Gem::Version.new("5.0")
+            %(-> { "CURRENT_TIMESTAMP" })
+          else
+            %(OpenStruct.new(quoted_id: "CURRENT_TIMESTAMP"))
+          end
+        end
       end
     end
   end

data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb CHANGED Viewed

@@ -31,11 +31,8 @@ class RodauthMain < Rodauth::Rails::Auth
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
-    # Store account status in a text column.
+    # Store account status in an integer column without foreign key constraint.
     account_status_column :status
-    account_unverified_status_value "unverified"
-    account_open_status_value "verified"
-    account_closed_status_value "closed"
     # Store password hash in a column instead of a separate table.
     # account_password_hash_column :password_digest

data/lib/generators/rodauth/templates/app/models/account.rb CHANGED Viewed

@@ -1,3 +1,4 @@
 class Account < ApplicationRecord
   include Rodauth::Rails.model
+  enum :status, unverified: 1, verified: 2, closed: 3
 end

data/lib/rodauth/rails/app/flash.rb CHANGED Viewed

@@ -8,8 +8,7 @@ module Rodauth
         end
         def self.configure(app)
-          app.before { request.flash }        # load flash
-          app.after  { request.commit_flash } # save flash
+          app.after { request.commit_flash }
         end
         module InstanceMethods

data/lib/rodauth/rails/controller_methods.rb CHANGED Viewed

@@ -8,41 +8,16 @@ module Rodauth
         end
       end
-      def rodauth(name = nil)
-        request.env.fetch ["rodauth", *name].join(".")
-      end
       def current_account(name = nil)
-        model = rodauth(name).rails_account_model
-        id = rodauth(name).session_value
+        rodauth(name).rails_account || rodauth(name).login_required
+      end
-        @current_account ||= {}
-        @current_account[name] ||= fetch_account(model, id) do
-          rodauth(name).clear_session
-          rodauth(name).login_required
-        end
+      def rodauth(name = nil)
+        request.env.fetch ["rodauth", *name].join(".")
       end
       private
-      def fetch_account(model, id, &not_found)
-        if defined?(ActiveRecord::Base) && model < ActiveRecord::Base
-          begin
-            model.find(id)
-          rescue ActiveRecord::RecordNotFound
-            not_found.call
-          end
-        elsif defined?(Sequel::Model) && model < Sequel::Model
-          begin
-            model.with_pk!(id)
-          rescue Sequel::NoMatchingRow
-            not_found.call
-          end
-        else
-          fail Error, "unsupported model type: #{model}"
-        end
-      end
       def rodauth_response
         res = catch(:halt) { return yield }

data/lib/rodauth/rails/feature/base.rb CHANGED Viewed

@@ -8,6 +8,17 @@ module Rodauth
           feature.auth_cached_method :rails_controller_instance
         end
+        def rails_account
+          account_from_session unless account
+          unless account
+            clear_session if logged_in?
+            return
+          end
+          @rails_account ||= instantiate_rails_account
+        end
         # Reset Rails session to protect from session fixation attacks.
         def clear_session
           rails_controller_instance.reset_session
@@ -43,6 +54,16 @@ module Rodauth
         private
+        def instantiate_rails_account
+          if defined?(ActiveRecord::Base) && rails_account_model < ActiveRecord::Base
+            rails_account_model.instantiate(account.stringify_keys)
+          elsif defined?(Sequel::Model) && rails_account_model < Sequel::Model
+            rails_account_model.load(account)
+          else
+            fail Error, "unsupported model type: #{rails_account_model}"
+          end
+        end
         # Instances of the configured controller with current request's env hash.
         def _rails_controller_instance
           controller = rails_controller.new

data/lib/rodauth/rails/feature/instrumentation.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Rodauth
             begin
               result = catch(:halt) { yield }
-              response = ActionDispatch::Response.new *(result || [404, {}, []])
+              response = ActionDispatch::Response.new(*(result || [404, {}, []]))
               payload[:response] = response
               payload[:status] = response.status

data/lib/rodauth/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.1.0"
+    VERSION = "1.2.2"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.2
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-16 00:00:00.000000000 Z
+date: 2022-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -268,7 +268,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.3.3
 signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.