rodauth-rails 1.13.0 → 1.14.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f56967000d0a2cc64e51a707783fc541d4ff37dbb3e68f1fc519ef02a0a83e65
-  data.tar.gz: dfe189f65d18781e42058e133f0e403ed769421fb8682e4a63078b1f7e39cb8a
+  metadata.gz: 0c1c699a9d7a18673c641d2fe236bfdb2b9537ade7c6212e9f2f386738308d67
+  data.tar.gz: b30b4195d46e461f0235caaa1e2e453fb70260bda7d9174cbf60be8f43796f94
 SHA512:
-  metadata.gz: f582926f90ab796d491210e28705585e166047c3b3f093e27ad556fb5271041e5c0a34ce78a42d9ec84c5b074958938527b233b750ec944043611df6f1bf7112
-  data.tar.gz: 04e475c871440131db6c42c1eabcecc95a34e323cfdd2ce045f59b196439d404321ee27e64b857321df642e362168e146b15ed354a3710d3fff5160ad23f18d1
+  metadata.gz: f8d67d9e2a738d66d9ba37bcf1f71f69c546d6a361e91248255966bdd8b49fadfff717ab28e44bd2cd0ad0cad784740ef631a7863b1403e56c267b8434c2d8e3
+  data.tar.gz: 0b501ebf1306bbf9780ec86fd9267e75b3bcae3ee69f0b7f56f0c19132f1d8a96a8d7cfcae31dbb07b5636b42064833d5d8543ceb55d3d4432d22cb28ae9aa72

data/CHANGELOG.md

@@ -1,3 +1,29 @@
+## 1.14.1 (2024-05-15)
+
+* Fix matching on account status when passing Active Record object to `Rodauth::Rails.account` (@dush)
+
+## 1.14.0 (2024-04-09)
+
+* Allow declaring controller callbacks for specific Rodauth routes via `:only` and `:except` keyword arguments (@janko)
+
+* Instrument Rodauth controller and route name instead of `RodauthApp#call` on Rodauth requests (@janko)
+
+* Remove custom `#inspect` from Rodauth app middleware subclass in favour of Ruby 3.3+ `Module#set_temporary_name` (@janko)
+
+* Fix `data-turbo="false"` being added in the wrong place in reset password request form on login validation errors (@janko)
+
+* Fix format being inferred from `Accept` header instead URL path when calling `http_basic_auth` in the Rodauth middleware (@janko)
+
+* Retrieve auth class through the Rodauth app in generated account fixtures (@janko)
+
+* Use `include Rodauth::Rails.model` again in generated account model (@janko)
+
+* Avoid generated `convert_token_id_to_integer?` causing tokens to get silently rejected after switching to UUIDs (@janko)
+
+* Allow referencing custom column attributes on `rails_account` during account creation (@janko)
+
+* Drop support for Ruby 2.3 and 2.4 (@janko)
+
 ## 1.13.0 (2023-12-25) :christmas_tree:
 
 * Add `#rodauth` method to controller test helpers (@janko)

data/README.md

@@ -153,7 +153,7 @@ navigation header:
 
 ```erb
 <% if rodauth.logged_in? %>
-  <%= link_to "Sign out", rodauth.logout_path, data: { turbo_method: :post } %>
+  <%= button_to "Sign out", rodauth.logout_path, method: :post %>
 <% else %>
   <%= link_to "Sign in", rodauth.login_path %>
   <%= link_to "Sign up", rodauth.create_account_path %>
@@ -253,8 +253,8 @@ end
 ```
 ```rb
 class RodauthController < ApplicationController
-  before_action :set_locale # executes before Rodauth endpoints
-  rescue_from("MyApp::SomeError") { |exception| ... } # rescues around Rodauth endpoints
+  before_action :verify_captcha, only: :login, if: -> { request.post? } # executes before Rodauth endpoints
+  rescue_from("SomeError") { |exception| ... } # rescues around Rodauth endpoints
 end
 ```
 
@@ -421,7 +421,7 @@ tables used by enabled authentication features.
 
 ```rb
 class Account < ActiveRecord::Base # Sequel::Model
-  include Rodauth::Model(RodauthMain)
+  include Rodauth::Rails.model # or `Rodauth::Rails.model(:admin)`
 end
 ```
 ```rb
@@ -634,6 +634,15 @@ The `rails` feature rodauth-rails loads provides the following configuration met
 | `rails_controller`          | Controller class to use for rendering and CSRF protection.         |
 | `rails_account_model`       | Model class connected with the accounts table.                     |
 
+```rb
+class RodauthMain < Rodauth::Rails::Auth
+  configure do
+    rails_account_model { MyApp::Account }
+    rails_controller { MyApp::RodauthController }
+  end
+end
+```
+
 ### Manually inserting middleware
 
 You can choose to insert the Rodauth middleware somewhere earlier than

data/lib/generators/rodauth/install_generator.rb

@@ -101,10 +101,6 @@ module Rodauth
           options[:argon2]
         end
 
-        def primary_key_integer?
-          !::Rails.configuration.generators.options.dig(:active_record, :primary_key_type)
-        end
-
         def sequel_activerecord_integration?
           defined?(ActiveRecord::Railtie) &&
             (!defined?(Sequel) || Sequel::DATABASES.empty?)

data/lib/generators/rodauth/templates/app/controllers/rodauth_controller.rb.tt

@@ -1,4 +1,20 @@
 class RodauthController < ApplicationController
-  # used by Rodauth for rendering views, CSRF protection, and running any
-  # registered action callbacks and rescue_from handlers
+  # Used by Rodauth for rendering views, CSRF protection, running any
+  # registered action callbacks and rescue handlers, instrumentation etc.
+
+  # Controller callbacks and rescue handlers will run around Rodauth endpoints.
+  # before_action :verify_captcha, only: :login, if: -> { request.post? }
+  # rescue_from("SomeError") { |exception| ... }
+
+  # Layout can be changed for all Rodauth pages or only certain pages.
+  # layout "authentication"
+  # layout -> do
+  #   case rodauth.current_route
+  #   when :login, :create_account, :verify_account, :verify_account_resend,
+  #        :reset_password, :reset_password_request
+  #     "authentication"
+  #   else
+  #     "application"
+  #   end
+  # end
 end

data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb.tt

@@ -21,7 +21,7 @@ class RodauthMain < Rodauth::Rails::Auth
 <% end -%>
 
     # Avoid DB query that checks accounts table schema at boot time.
-    convert_token_id_to_integer? <%= primary_key_integer? %>
+    convert_token_id_to_integer? { <%= table_prefix.camelize %>.columns_hash["id"].type == :integer }
 
 <% end -%>
     # Change prefix of table and foreign key column names from default "account"

data/lib/generators/rodauth/templates/app/models/account.rb.tt

@@ -1,6 +1,6 @@
 <% if defined?(ActiveRecord::Railtie) -%>
 class <%= table_prefix.camelize %> < ApplicationRecord
-  include Rodauth::Model(RodauthMain)
+  include Rodauth::Rails.model
 <% if ActiveRecord.version >= Gem::Version.new("7.0") -%>
   enum :status, unverified: 1, verified: 2, closed: 3
 <% else -%>
@@ -9,7 +9,7 @@ class <%= table_prefix.camelize %> < ApplicationRecord
 end
 <% else -%>
 class <%= table_prefix.camelize %> < Sequel::Model
-  include Rodauth::Model(RodauthMain)
+  include Rodauth::Rails.model
   plugin :enum
   enum :status, unverified: 1, verified: 2, closed: 3
 end

data/lib/generators/rodauth/templates/test/fixtures/accounts.yml.tt

@@ -1,10 +1,10 @@
 # Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
 one:
   email: freddie@queen.com
-  password_hash: <%%= RodauthMain.allocate.password_hash("password") %>
+  password_hash: <%%= RodauthApp.rodauth.allocate.password_hash("password") %>
   status: verified
 
 two:
   email: brian@queen.com
-  password_hash: <%%= RodauthMain.allocate.password_hash("password") %>
+  password_hash: <%%= RodauthApp.rodauth.allocate.password_hash("password") %>
   status: verified

data/lib/rodauth/rails/app.rb

@@ -5,18 +5,7 @@ module Rodauth
   module Rails
     # The superclass for creating a Rodauth middleware.
     class App < Roda
-      plugin :middleware, forward_response_headers: true, next_if_not_found: true do |middleware|
-        middleware.class_eval do
-          def self.inspect
-            "#{superclass}::Middleware"
-          end
-
-          def inspect
-            "#<#{self.class.inspect} request=#{request.inspect} response=#{response.inspect}>"
-          end
-        end
-      end
-
+      plugin :middleware, forward_response_headers: true, next_if_not_found: true
       plugin :hooks
       plugin :pass
 
@@ -63,13 +52,7 @@ module Rodauth
       end
 
       def self.rodauth!(name)
-        rodauth(name) or fail ArgumentError, "unknown rodauth configuration: #{name.inspect}"
-      end
-
-      # The newrelic_rpm gem expects this when we pass the roda class as
-      # :controller in instrumentation payload.
-      def self.controller_path
-        name.underscore
+        rodauth(name) or fail Rodauth::Rails::Error, "unknown rodauth configuration: #{name.inspect}"
       end
 
       module RequestMethods

data/lib/rodauth/rails/feature/base.rb

@@ -59,7 +59,11 @@ module Rodauth
 
         def instantiate_rails_account
           if defined?(ActiveRecord::Base) && rails_account_model < ActiveRecord::Base
-            rails_account_model.instantiate(account.stringify_keys)
+            if account[account_id_column]
+              rails_account_model.instantiate(account.stringify_keys)
+            else
+              rails_account_model.new(account)
+            end
           elsif defined?(Sequel::Model) && rails_account_model < Sequel::Model
             rails_account_model.load(account)
           else

data/lib/rodauth/rails/feature/callbacks.rb

@@ -7,6 +7,8 @@ module Rodauth
         private
 
         def _around_rodauth
+          rails_controller_instance.instance_variable_set(:@_action_name, current_route.to_s)
+
           rails_controller_around { super }
         end
 

data/lib/rodauth/rails/feature/instrumentation.rb

@@ -34,8 +34,8 @@ module Rodauth
           request = rails_request
 
           raw_payload = {
-            controller: self.class.roda_class.name,
-            action: "call",
+            controller: rails_controller.name,
+            action: current_route.to_s,
             request: request,
             params: request.filtered_parameters,
             headers: request.headers,
@@ -47,20 +47,18 @@ module Rodauth
           ActiveSupport::Notifications.instrument("start_processing.action_controller", raw_payload)
 
           ActiveSupport::Notifications.instrument("process_action.action_controller", raw_payload) do |payload|
-            begin
-              result = catch(:halt) { yield }
+            result = catch(:halt) { yield }
 
-              response = ActionDispatch::Response.new(*(result || [404, {}, []]))
-              payload[:response] = response
-              payload[:status] = response.status
+            response = ActionDispatch::Response.new(*(result || [404, {}, []]))
+            payload[:response] = response
+            payload[:status] = response.status
 
-              throw :halt, result if result
-            rescue => error
-              payload[:status] = ActionDispatch::ExceptionWrapper.status_code_for_exception(error.class.name)
-              raise
-            ensure
-              rails_controller_eval { append_info_to_payload(payload) }
-            end
+            throw :halt, result if result
+          rescue => error
+            payload[:status] = ActionDispatch::ExceptionWrapper.status_code_for_exception(error.class.name)
+            raise
+          ensure
+            rails_controller_eval { append_info_to_payload(payload) }
           end
         end
 

data/lib/rodauth/rails/feature/render.rb

@@ -46,17 +46,16 @@ module Rodauth
         end
 
         # Only look up template formats that the current request is accepting.
-        def _rails_controller_instance
-          controller = super
-          controller.formats = rails_request.formats.map(&:ref).compact
-          controller
+        def before_rodauth
+          super
+          rails_controller_instance.formats = rails_request.formats.map(&:ref).compact
         end
 
         # Not all Rodauth actions are Turbo-compatible (some form submissions
         # render 200 HTML responses), so we disable Turbo on all Rodauth forms.
         def _view(meth, *)
           html = super
-          html = html.gsub(/<form(.+)>/, '<form\1 data-turbo="false">') if meth == :view
+          html = html.gsub(/<form([^>]+)>/, '<form\1 data-turbo="false">') if meth == :view
           html
         end
 

data/lib/rodauth/rails/tasks/routes.rb

@@ -13,7 +13,7 @@ module Rodauth
 
         def call
           routes = auth_class.route_hash.map do |path, handle_method|
-            route_name = handle_method.to_s.sub(/\Ahandle_/, "").to_sym
+            route_name = handle_method.to_s.delete_prefix("handle_").to_sym
             next if IGNORE.include?(route_name)
             verbs = route_verbs(route_name)
 

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.13.0"
+    VERSION = "1.14.1"
   end
 end

data/lib/rodauth/rails.rb

@@ -39,7 +39,7 @@ module Rodauth
 
         instance = auth_class.internal_request_eval(options) do
           if defined?(ActiveRecord::Base) && account.is_a?(ActiveRecord::Base)
-            @account = account.attributes.symbolize_keys
+            @account = account.attributes_before_type_cast.symbolize_keys
           elsif defined?(Sequel::Model) && account.is_a?(Sequel::Model)
             @account = account.values
           end

data/rodauth-rails.gemspec

@@ -11,14 +11,14 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/janko/rodauth-rails"
   spec.license       = "MIT"
 
-  spec.required_ruby_version = ">= 2.3"
+  spec.required_ruby_version = ">= 2.5"
 
   spec.files         = Dir["README.md", "LICENSE.txt", "CHANGELOG.md", "lib/**/*", "*.gemspec"]
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 5.0", "< 8"
-  spec.add_dependency "rodauth", "~> 2.30"
-  spec.add_dependency "roda", "~> 3.73"
+  spec.add_dependency "rodauth", "~> 2.34"
+  spec.add_dependency "roda", "~> 3.76"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
   spec.add_dependency "rodauth-model", "~> 0.2"
   spec.add_dependency "tilt"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.13.0
+  version: 1.14.1
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-25 00:00:00.000000000 Z
+date: 2024-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -36,28 +36,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.30'
+        version: '2.34'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.30'
+        version: '2.34'
 - !ruby/object:Gem::Dependency
   name: roda
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.73'
+        version: '3.76'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.73'
+        version: '3.76'
 - !ruby/object:Gem::Dependency
   name: sequel-activerecord_connection
   requirement: !ruby/object:Gem::Requirement
@@ -345,14 +345,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.9
 signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.