rodauth-rails 1.13.0 → 1.14.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +26 -0
- data/README.md +13 -4
- data/lib/generators/rodauth/install_generator.rb +0 -4
- data/lib/generators/rodauth/templates/app/controllers/rodauth_controller.rb.tt +18 -2
- data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb.tt +1 -1
- data/lib/generators/rodauth/templates/app/models/account.rb.tt +2 -2
- data/lib/generators/rodauth/templates/test/fixtures/accounts.yml.tt +2 -2
- data/lib/rodauth/rails/app.rb +2 -19
- data/lib/rodauth/rails/feature/base.rb +5 -1
- data/lib/rodauth/rails/feature/callbacks.rb +2 -0
- data/lib/rodauth/rails/feature/instrumentation.rb +12 -14
- data/lib/rodauth/rails/feature/render.rb +4 -5
- data/lib/rodauth/rails/tasks/routes.rb +1 -1
- data/lib/rodauth/rails/version.rb +1 -1
- data/lib/rodauth/rails.rb +1 -1
- data/rodauth-rails.gemspec +3 -3
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0c1c699a9d7a18673c641d2fe236bfdb2b9537ade7c6212e9f2f386738308d67
|
4
|
+
data.tar.gz: b30b4195d46e461f0235caaa1e2e453fb70260bda7d9174cbf60be8f43796f94
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f8d67d9e2a738d66d9ba37bcf1f71f69c546d6a361e91248255966bdd8b49fadfff717ab28e44bd2cd0ad0cad784740ef631a7863b1403e56c267b8434c2d8e3
|
7
|
+
data.tar.gz: 0b501ebf1306bbf9780ec86fd9267e75b3bcae3ee69f0b7f56f0c19132f1d8a96a8d7cfcae31dbb07b5636b42064833d5d8543ceb55d3d4432d22cb28ae9aa72
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,29 @@
|
|
1
|
+
## 1.14.1 (2024-05-15)
|
2
|
+
|
3
|
+
* Fix matching on account status when passing Active Record object to `Rodauth::Rails.account` (@dush)
|
4
|
+
|
5
|
+
## 1.14.0 (2024-04-09)
|
6
|
+
|
7
|
+
* Allow declaring controller callbacks for specific Rodauth routes via `:only` and `:except` keyword arguments (@janko)
|
8
|
+
|
9
|
+
* Instrument Rodauth controller and route name instead of `RodauthApp#call` on Rodauth requests (@janko)
|
10
|
+
|
11
|
+
* Remove custom `#inspect` from Rodauth app middleware subclass in favour of Ruby 3.3+ `Module#set_temporary_name` (@janko)
|
12
|
+
|
13
|
+
* Fix `data-turbo="false"` being added in the wrong place in reset password request form on login validation errors (@janko)
|
14
|
+
|
15
|
+
* Fix format being inferred from `Accept` header instead URL path when calling `http_basic_auth` in the Rodauth middleware (@janko)
|
16
|
+
|
17
|
+
* Retrieve auth class through the Rodauth app in generated account fixtures (@janko)
|
18
|
+
|
19
|
+
* Use `include Rodauth::Rails.model` again in generated account model (@janko)
|
20
|
+
|
21
|
+
* Avoid generated `convert_token_id_to_integer?` causing tokens to get silently rejected after switching to UUIDs (@janko)
|
22
|
+
|
23
|
+
* Allow referencing custom column attributes on `rails_account` during account creation (@janko)
|
24
|
+
|
25
|
+
* Drop support for Ruby 2.3 and 2.4 (@janko)
|
26
|
+
|
1
27
|
## 1.13.0 (2023-12-25) :christmas_tree:
|
2
28
|
|
3
29
|
* Add `#rodauth` method to controller test helpers (@janko)
|
data/README.md
CHANGED
@@ -153,7 +153,7 @@ navigation header:
|
|
153
153
|
|
154
154
|
```erb
|
155
155
|
<% if rodauth.logged_in? %>
|
156
|
-
<%=
|
156
|
+
<%= button_to "Sign out", rodauth.logout_path, method: :post %>
|
157
157
|
<% else %>
|
158
158
|
<%= link_to "Sign in", rodauth.login_path %>
|
159
159
|
<%= link_to "Sign up", rodauth.create_account_path %>
|
@@ -253,8 +253,8 @@ end
|
|
253
253
|
```
|
254
254
|
```rb
|
255
255
|
class RodauthController < ApplicationController
|
256
|
-
before_action :
|
257
|
-
rescue_from("
|
256
|
+
before_action :verify_captcha, only: :login, if: -> { request.post? } # executes before Rodauth endpoints
|
257
|
+
rescue_from("SomeError") { |exception| ... } # rescues around Rodauth endpoints
|
258
258
|
end
|
259
259
|
```
|
260
260
|
|
@@ -421,7 +421,7 @@ tables used by enabled authentication features.
|
|
421
421
|
|
422
422
|
```rb
|
423
423
|
class Account < ActiveRecord::Base # Sequel::Model
|
424
|
-
include Rodauth::
|
424
|
+
include Rodauth::Rails.model # or `Rodauth::Rails.model(:admin)`
|
425
425
|
end
|
426
426
|
```
|
427
427
|
```rb
|
@@ -634,6 +634,15 @@ The `rails` feature rodauth-rails loads provides the following configuration met
|
|
634
634
|
| `rails_controller` | Controller class to use for rendering and CSRF protection. |
|
635
635
|
| `rails_account_model` | Model class connected with the accounts table. |
|
636
636
|
|
637
|
+
```rb
|
638
|
+
class RodauthMain < Rodauth::Rails::Auth
|
639
|
+
configure do
|
640
|
+
rails_account_model { MyApp::Account }
|
641
|
+
rails_controller { MyApp::RodauthController }
|
642
|
+
end
|
643
|
+
end
|
644
|
+
```
|
645
|
+
|
637
646
|
### Manually inserting middleware
|
638
647
|
|
639
648
|
You can choose to insert the Rodauth middleware somewhere earlier than
|
@@ -101,10 +101,6 @@ module Rodauth
|
|
101
101
|
options[:argon2]
|
102
102
|
end
|
103
103
|
|
104
|
-
def primary_key_integer?
|
105
|
-
!::Rails.configuration.generators.options.dig(:active_record, :primary_key_type)
|
106
|
-
end
|
107
|
-
|
108
104
|
def sequel_activerecord_integration?
|
109
105
|
defined?(ActiveRecord::Railtie) &&
|
110
106
|
(!defined?(Sequel) || Sequel::DATABASES.empty?)
|
@@ -1,4 +1,20 @@
|
|
1
1
|
class RodauthController < ApplicationController
|
2
|
-
#
|
3
|
-
# registered action callbacks and
|
2
|
+
# Used by Rodauth for rendering views, CSRF protection, running any
|
3
|
+
# registered action callbacks and rescue handlers, instrumentation etc.
|
4
|
+
|
5
|
+
# Controller callbacks and rescue handlers will run around Rodauth endpoints.
|
6
|
+
# before_action :verify_captcha, only: :login, if: -> { request.post? }
|
7
|
+
# rescue_from("SomeError") { |exception| ... }
|
8
|
+
|
9
|
+
# Layout can be changed for all Rodauth pages or only certain pages.
|
10
|
+
# layout "authentication"
|
11
|
+
# layout -> do
|
12
|
+
# case rodauth.current_route
|
13
|
+
# when :login, :create_account, :verify_account, :verify_account_resend,
|
14
|
+
# :reset_password, :reset_password_request
|
15
|
+
# "authentication"
|
16
|
+
# else
|
17
|
+
# "application"
|
18
|
+
# end
|
19
|
+
# end
|
4
20
|
end
|
@@ -21,7 +21,7 @@ class RodauthMain < Rodauth::Rails::Auth
|
|
21
21
|
<% end -%>
|
22
22
|
|
23
23
|
# Avoid DB query that checks accounts table schema at boot time.
|
24
|
-
convert_token_id_to_integer? <%=
|
24
|
+
convert_token_id_to_integer? { <%= table_prefix.camelize %>.columns_hash["id"].type == :integer }
|
25
25
|
|
26
26
|
<% end -%>
|
27
27
|
# Change prefix of table and foreign key column names from default "account"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
<% if defined?(ActiveRecord::Railtie) -%>
|
2
2
|
class <%= table_prefix.camelize %> < ApplicationRecord
|
3
|
-
include Rodauth::
|
3
|
+
include Rodauth::Rails.model
|
4
4
|
<% if ActiveRecord.version >= Gem::Version.new("7.0") -%>
|
5
5
|
enum :status, unverified: 1, verified: 2, closed: 3
|
6
6
|
<% else -%>
|
@@ -9,7 +9,7 @@ class <%= table_prefix.camelize %> < ApplicationRecord
|
|
9
9
|
end
|
10
10
|
<% else -%>
|
11
11
|
class <%= table_prefix.camelize %> < Sequel::Model
|
12
|
-
include Rodauth::
|
12
|
+
include Rodauth::Rails.model
|
13
13
|
plugin :enum
|
14
14
|
enum :status, unverified: 1, verified: 2, closed: 3
|
15
15
|
end
|
@@ -1,10 +1,10 @@
|
|
1
1
|
# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
|
2
2
|
one:
|
3
3
|
email: freddie@queen.com
|
4
|
-
password_hash: <%%=
|
4
|
+
password_hash: <%%= RodauthApp.rodauth.allocate.password_hash("password") %>
|
5
5
|
status: verified
|
6
6
|
|
7
7
|
two:
|
8
8
|
email: brian@queen.com
|
9
|
-
password_hash: <%%=
|
9
|
+
password_hash: <%%= RodauthApp.rodauth.allocate.password_hash("password") %>
|
10
10
|
status: verified
|
data/lib/rodauth/rails/app.rb
CHANGED
@@ -5,18 +5,7 @@ module Rodauth
|
|
5
5
|
module Rails
|
6
6
|
# The superclass for creating a Rodauth middleware.
|
7
7
|
class App < Roda
|
8
|
-
plugin :middleware, forward_response_headers: true, next_if_not_found: true
|
9
|
-
middleware.class_eval do
|
10
|
-
def self.inspect
|
11
|
-
"#{superclass}::Middleware"
|
12
|
-
end
|
13
|
-
|
14
|
-
def inspect
|
15
|
-
"#<#{self.class.inspect} request=#{request.inspect} response=#{response.inspect}>"
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
8
|
+
plugin :middleware, forward_response_headers: true, next_if_not_found: true
|
20
9
|
plugin :hooks
|
21
10
|
plugin :pass
|
22
11
|
|
@@ -63,13 +52,7 @@ module Rodauth
|
|
63
52
|
end
|
64
53
|
|
65
54
|
def self.rodauth!(name)
|
66
|
-
rodauth(name) or fail
|
67
|
-
end
|
68
|
-
|
69
|
-
# The newrelic_rpm gem expects this when we pass the roda class as
|
70
|
-
# :controller in instrumentation payload.
|
71
|
-
def self.controller_path
|
72
|
-
name.underscore
|
55
|
+
rodauth(name) or fail Rodauth::Rails::Error, "unknown rodauth configuration: #{name.inspect}"
|
73
56
|
end
|
74
57
|
|
75
58
|
module RequestMethods
|
@@ -59,7 +59,11 @@ module Rodauth
|
|
59
59
|
|
60
60
|
def instantiate_rails_account
|
61
61
|
if defined?(ActiveRecord::Base) && rails_account_model < ActiveRecord::Base
|
62
|
-
|
62
|
+
if account[account_id_column]
|
63
|
+
rails_account_model.instantiate(account.stringify_keys)
|
64
|
+
else
|
65
|
+
rails_account_model.new(account)
|
66
|
+
end
|
63
67
|
elsif defined?(Sequel::Model) && rails_account_model < Sequel::Model
|
64
68
|
rails_account_model.load(account)
|
65
69
|
else
|
@@ -34,8 +34,8 @@ module Rodauth
|
|
34
34
|
request = rails_request
|
35
35
|
|
36
36
|
raw_payload = {
|
37
|
-
controller:
|
38
|
-
action:
|
37
|
+
controller: rails_controller.name,
|
38
|
+
action: current_route.to_s,
|
39
39
|
request: request,
|
40
40
|
params: request.filtered_parameters,
|
41
41
|
headers: request.headers,
|
@@ -47,20 +47,18 @@ module Rodauth
|
|
47
47
|
ActiveSupport::Notifications.instrument("start_processing.action_controller", raw_payload)
|
48
48
|
|
49
49
|
ActiveSupport::Notifications.instrument("process_action.action_controller", raw_payload) do |payload|
|
50
|
-
|
51
|
-
result = catch(:halt) { yield }
|
50
|
+
result = catch(:halt) { yield }
|
52
51
|
|
53
|
-
|
54
|
-
|
55
|
-
|
52
|
+
response = ActionDispatch::Response.new(*(result || [404, {}, []]))
|
53
|
+
payload[:response] = response
|
54
|
+
payload[:status] = response.status
|
56
55
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
end
|
56
|
+
throw :halt, result if result
|
57
|
+
rescue => error
|
58
|
+
payload[:status] = ActionDispatch::ExceptionWrapper.status_code_for_exception(error.class.name)
|
59
|
+
raise
|
60
|
+
ensure
|
61
|
+
rails_controller_eval { append_info_to_payload(payload) }
|
64
62
|
end
|
65
63
|
end
|
66
64
|
|
@@ -46,17 +46,16 @@ module Rodauth
|
|
46
46
|
end
|
47
47
|
|
48
48
|
# Only look up template formats that the current request is accepting.
|
49
|
-
def
|
50
|
-
|
51
|
-
|
52
|
-
controller
|
49
|
+
def before_rodauth
|
50
|
+
super
|
51
|
+
rails_controller_instance.formats = rails_request.formats.map(&:ref).compact
|
53
52
|
end
|
54
53
|
|
55
54
|
# Not all Rodauth actions are Turbo-compatible (some form submissions
|
56
55
|
# render 200 HTML responses), so we disable Turbo on all Rodauth forms.
|
57
56
|
def _view(meth, *)
|
58
57
|
html = super
|
59
|
-
html = html.gsub(/<form(
|
58
|
+
html = html.gsub(/<form([^>]+)>/, '<form\1 data-turbo="false">') if meth == :view
|
60
59
|
html
|
61
60
|
end
|
62
61
|
|
@@ -13,7 +13,7 @@ module Rodauth
|
|
13
13
|
|
14
14
|
def call
|
15
15
|
routes = auth_class.route_hash.map do |path, handle_method|
|
16
|
-
route_name = handle_method.to_s.
|
16
|
+
route_name = handle_method.to_s.delete_prefix("handle_").to_sym
|
17
17
|
next if IGNORE.include?(route_name)
|
18
18
|
verbs = route_verbs(route_name)
|
19
19
|
|
data/lib/rodauth/rails.rb
CHANGED
@@ -39,7 +39,7 @@ module Rodauth
|
|
39
39
|
|
40
40
|
instance = auth_class.internal_request_eval(options) do
|
41
41
|
if defined?(ActiveRecord::Base) && account.is_a?(ActiveRecord::Base)
|
42
|
-
@account = account.
|
42
|
+
@account = account.attributes_before_type_cast.symbolize_keys
|
43
43
|
elsif defined?(Sequel::Model) && account.is_a?(Sequel::Model)
|
44
44
|
@account = account.values
|
45
45
|
end
|
data/rodauth-rails.gemspec
CHANGED
@@ -11,14 +11,14 @@ Gem::Specification.new do |spec|
|
|
11
11
|
spec.homepage = "https://github.com/janko/rodauth-rails"
|
12
12
|
spec.license = "MIT"
|
13
13
|
|
14
|
-
spec.required_ruby_version = ">= 2.
|
14
|
+
spec.required_ruby_version = ">= 2.5"
|
15
15
|
|
16
16
|
spec.files = Dir["README.md", "LICENSE.txt", "CHANGELOG.md", "lib/**/*", "*.gemspec"]
|
17
17
|
spec.require_paths = ["lib"]
|
18
18
|
|
19
19
|
spec.add_dependency "railties", ">= 5.0", "< 8"
|
20
|
-
spec.add_dependency "rodauth", "~> 2.
|
21
|
-
spec.add_dependency "roda", "~> 3.
|
20
|
+
spec.add_dependency "rodauth", "~> 2.34"
|
21
|
+
spec.add_dependency "roda", "~> 3.76"
|
22
22
|
spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
|
23
23
|
spec.add_dependency "rodauth-model", "~> 0.2"
|
24
24
|
spec.add_dependency "tilt"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.14.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Janko Marohnić
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2024-05-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|
@@ -36,28 +36,28 @@ dependencies:
|
|
36
36
|
requirements:
|
37
37
|
- - "~>"
|
38
38
|
- !ruby/object:Gem::Version
|
39
|
-
version: '2.
|
39
|
+
version: '2.34'
|
40
40
|
type: :runtime
|
41
41
|
prerelease: false
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
43
43
|
requirements:
|
44
44
|
- - "~>"
|
45
45
|
- !ruby/object:Gem::Version
|
46
|
-
version: '2.
|
46
|
+
version: '2.34'
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: roda
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
50
50
|
requirements:
|
51
51
|
- - "~>"
|
52
52
|
- !ruby/object:Gem::Version
|
53
|
-
version: '3.
|
53
|
+
version: '3.76'
|
54
54
|
type: :runtime
|
55
55
|
prerelease: false
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
57
|
requirements:
|
58
58
|
- - "~>"
|
59
59
|
- !ruby/object:Gem::Version
|
60
|
-
version: '3.
|
60
|
+
version: '3.76'
|
61
61
|
- !ruby/object:Gem::Dependency
|
62
62
|
name: sequel-activerecord_connection
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -345,14 +345,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
345
345
|
requirements:
|
346
346
|
- - ">="
|
347
347
|
- !ruby/object:Gem::Version
|
348
|
-
version: '2.
|
348
|
+
version: '2.5'
|
349
349
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
350
350
|
requirements:
|
351
351
|
- - ">="
|
352
352
|
- !ruby/object:Gem::Version
|
353
353
|
version: '0'
|
354
354
|
requirements: []
|
355
|
-
rubygems_version: 3.
|
355
|
+
rubygems_version: 3.5.9
|
356
356
|
signing_key:
|
357
357
|
specification_version: 4
|
358
358
|
summary: Provides Rails integration for Rodauth.
|