rodauth-rails 1.14.1 → 1.15.0

data/lib/generators/rodauth/templates/app/views/rodauth/otp_unlock.html.erb

@@ -0,0 +1,21 @@
+<%= form_with url: rodauth.otp_unlock_path, method: :post, data: { turbo: false } do |form| %>
+  <p><%= rodauth.otp_unlock_consecutive_successes_label %>: <%= rodauth.otp_unlock_num_successes %></p>
+  <p><%= rodauth.otp_unlock_required_consecutive_successes_label %>: <%= rodauth.otp_unlock_auths_required %></p>
+  <p><%= rodauth.otp_unlock_next_auth_deadline_label %>: <%= rodauth.otp_unlock_deadline.strftime(rodauth.strftime_format) %></p>
+
+  <div class="form-group mb-3">
+    <%= form.label "otp-auth-code", rodauth.otp_auth_label, class: "form-label" %>
+    <div class="row">
+      <div class="col-sm-3">
+        <%= form.text_field rodauth.otp_auth_param, value: "", id: "otp-auth-code", autocomplete: "off", inputmode: "numeric", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.otp_auth_param)}", aria: ({ invalid: true, describedby: "otp-auth-code_error_message" } if rodauth.field_error(rodauth.otp_auth_param)) %>
+        <%= content_tag(:span, rodauth.field_error(rodauth.otp_auth_param), class: "invalid-feedback", id: "otp-auth-code_error_message") if rodauth.field_error(rodauth.otp_auth_param) %>
+      </div>
+    </div>
+  </div>
+
+  <div class="form-group mb-3">
+    <%= form.submit rodauth.otp_unlock_button, class: "btn btn-primary" %>
+  </div>
+<% end %>
+
+<%== rodauth.otp_unlock_form_footer %>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_unlock_not_available.html.erb

@@ -0,0 +1,5 @@
+<p><%= rodauth.otp_unlock_consecutive_successes_label %>: <%= rodauth.otp_unlock_num_successes %></p>
+<p><%= rodauth.otp_unlock_required_consecutive_successes_label %>: <%= rodauth.otp_unlock_auths_required %></p>
+<p><%= rodauth.otp_unlock_next_auth_attempt_label %>: <%= rodauth.otp_unlock_next_auth_attempt_after.strftime(rodauth.strftime_format) %></p>
+<p><%= rodauth.otp_unlock_next_auth_attempt_refresh_label %></p>
+<%== rodauth.otp_unlock_refresh_tag %>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/otp_unlock.html.erb

@@ -0,0 +1,22 @@
+<%= form_with url: rodauth.otp_unlock_path, method: :post, data: { turbo: false }, class: "w-full max-w-sm" do |form| %>
+  <dl class="mb-6 text-sm space-y-2">
+    <dt class="font-semibold"><%= rodauth.otp_unlock_consecutive_successes_label %>:</dt>
+    <dd><%= rodauth.otp_unlock_num_successes %></dd>
+
+    <dt class="font-semibold"><%= rodauth.otp_unlock_required_consecutive_successes_label %>:</dt>
+    <dd><%= rodauth.otp_unlock_auths_required %></dd>
+
+    <dt class="font-semibold"><%= rodauth.otp_unlock_next_auth_deadline_label %>:</dt>
+    <dd><%= rodauth.otp_unlock_deadline.strftime(rodauth.strftime_format) %></dd>
+  </dl>
+
+  <div class="mb-6">
+    <%= form.label "otp-auth-code", rodauth.otp_auth_label, class: "block text-sm font-semibold" %>
+    <%= form.text_field rodauth.otp_auth_param, value: "", id: "otp-auth-code", autocomplete: "off", inputmode: "numeric", required: true, class: "mt-2 text-sm w-1/2 px-3 py-2 border rounded-md dark:bg-gray-900 dark:text-gray-100 dark:focus:bg-gray-800 #{rodauth.field_error(rodauth.otp_auth_param) ? "border-red-600 focus:ring-red-600 focus:border-red-600 dark:border-red-400 dark:focus:ring-red-400" : "border-gray-300 dark:border-gray-700 dark:focus:border-emerald-400 dark:focus:ring-emerald-400" }", aria: ({ invalid: true, describedby: "otp-auth-code_error_message" } if rodauth.field_error(rodauth.otp_auth_param)) %>
+    <%= content_tag(:span, rodauth.field_error(rodauth.otp_auth_param), class: "block mt-1 text-red-600 text-xs dark:text-red-400", id: "otp-auth-code_error_message") if rodauth.field_error(rodauth.otp_auth_param) %>
+  </div>
+
+  <%= form.submit rodauth.otp_unlock_button, class: "w-full px-8 py-3 cursor-pointer font-semibold text-sm rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-600 dark:bg-emerald-400 dark:hover:bg-emerald-500 dark:text-gray-900 dark:focus:ring-emerald-400 dark:focus:ring-offset-current" %>
+<% end %>
+
+<%== rodauth.otp_unlock_form_footer %>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/otp_unlock_not_available.html.erb

@@ -0,0 +1,14 @@
+<dl class="mb-6 text-sm space-y-2">
+  <dt class="font-semibold"><%= rodauth.otp_unlock_consecutive_successes_label %>:</dt>
+  <dd><%= rodauth.otp_unlock_num_successes %></dd>
+
+  <dt class="font-semibold"><%= rodauth.otp_unlock_required_consecutive_successes_label %>:</dt>
+  <dd><%= rodauth.otp_unlock_auths_required %></dd>
+
+  <dt class="font-semibold"><%= rodauth.otp_unlock_next_auth_attempt_label %>:</dt>
+  <dd><%= rodauth.otp_unlock_deadline.strftime(rodauth.strftime_format) %></dd>
+</dl>
+
+<p class="mt-2"><%= rodauth.otp_unlock_next_auth_attempt_refresh_label %></p>
+
+<%== rodauth.otp_unlock_refresh_tag %>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/webauthn_remove.html.erb

@@ -10,6 +10,7 @@
   <fieldset class="mb-6">
     <% rodauth.account_webauthn_usage.each do |id, last_use| %>
       <div class="flex items-center space-x-2">
+        <% last_use = last_use.strftime(rodauth.strftime_format) if last_use.is_a?(Time) %>
         <%= form.radio_button rodauth.webauthn_remove_param, id, id: "webauthn-remove-#{id}", class: "dark:bg-gray-900 dark:border-gray-600 dark:checked:bg-current dark:checked:border-current dark:checked:text-emerald-400 dark:focus:ring-emerald-400 dark:focus:ring-offset-gray-900" %>
         <%= form.label "webauthn-remove-#{id}", "Last use: #{last_use}", class: "text-sm" %>
       </div>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_remove.html.erb

@@ -10,6 +10,7 @@
   <fieldset class="form-group mb-3">
     <% (usage = rodauth.account_webauthn_usage).each do |id, last_use| %>
       <div class="form-check">
+        <% last_use = last_use.strftime(rodauth.strftime_format) if last_use.is_a?(Time) %>
         <%= form.radio_button rodauth.webauthn_remove_param, id, id: "webauthn-remove-#{id}", class: "form-check-input #{"is-invalid" if rodauth.field_error(rodauth.webauthn_remove_param)}", aria: ({ invalid: true, describedby: "webauthn_remove_error_message" } if rodauth.field_error(rodauth.webauthn_remove_param)) %>
         <%= form.label "webauthn-remove-#{id}", "Last use: #{last_use}", class: "form-check-label" %>
         <%= content_tag(:span, rodauth.field_error(rodauth.webauthn_remove_param), class: "invalid-feedback", id: "webauthn_remove_error_message") if rodauth.field_error(rodauth.webauthn_remove_param) && id == usage.keys.last %>

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_disabled.text.erb

@@ -0,0 +1,2 @@
+Someone (hopefully you) has disabled TOTP authentication for the account
+associated to this email address.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_locked_out.text.erb

@@ -0,0 +1,9 @@
+TOTP authentication has been locked out on your account due to too many
+consecutive authentication failures. You can attempt to unlock TOTP
+authentication for your account by consecutively authenticating via
+TOTP multiple times.
+
+If you did not initiate the TOTP authentication failures that
+caused TOTP authentication to be locked out, that means someone already
+has partial access to your account, but is unable to use TOTP
+authentication to fully authenticate themselves.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_setup.text.erb

@@ -0,0 +1,2 @@
+Someone (hopefully you) has setup TOTP authentication for the account
+associated to this email address.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_unlock_failed.text.erb

@@ -0,0 +1,8 @@
+Someone (hopefully you) attempted to unlock TOTP authentication for the
+account associated to this email address, but failed as the
+authentication code submitted was not correct.
+
+If you did not initiate the TOTP authentication failure that generated
+this email, that means someone already has partial access to your
+account, but is unable to use TOTP authentication to fully authenticate
+themselves.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_unlocked.text.erb

@@ -0,0 +1,2 @@
+Someone (hopefully you) has unlocked TOTP authentication for the account
+associated to this email address.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/webauthn_authenticator_added.text.erb

@@ -0,0 +1,3 @@
+Someone (hopefully you) has added a WebAuthn authenticator to the
+account associated to this email address. There are now <%= @account.webauthn_keys.count %> WebAuthn
+authenticator(s) with access to the account.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/webauthn_authenticator_removed.text.erb

@@ -0,0 +1,3 @@
+Someone (hopefully you) has removed a WebAuthn authenticator from the
+account associated to this email address. There are now <%= @account.webauthn_keys.count %> WebAuthn
+authenticator(s) with access to the account.

data/lib/generators/rodauth/views_generator.rb

@@ -37,6 +37,7 @@ module Rodauth
           lockout:             %w[unlock_account_request unlock_account],
           two_factor_base:     %w[two_factor_manage two_factor_auth two_factor_disable],
           otp:                 %w[otp_setup otp_auth otp_disable],
+          otp_unlock:          %w[otp_unlock otp_unlock_not_available],
           sms_codes:           %w[sms_setup sms_confirm sms_auth sms_request sms_disable],
           recovery_codes:      %w[recovery_codes add_recovery_codes recovery_auth],
           webauthn:            %w[webauthn_setup webauthn_auth webauthn_remove],
@@ -45,7 +46,7 @@ module Rodauth
         }
 
         def create_views
-          validate_features or return
+          return unless validate_features
 
           views.each do |view|
             copy_file view_location(view), "app/views/#{directory}/#{view}.html.erb" do |content|

data/lib/rodauth/rails/feature/base.rb

@@ -13,6 +13,7 @@ module Rodauth
         end
 
         def rails_account
+          @rails_account = nil if account.nil? || @rails_account&.id != account_id
           @rails_account ||= instantiate_rails_account if account!
         end
 
@@ -59,7 +60,7 @@ module Rodauth
 
         def instantiate_rails_account
           if defined?(ActiveRecord::Base) && rails_account_model < ActiveRecord::Base
-            if account[account_id_column]
+            if account_id
               rails_account_model.instantiate(account.stringify_keys)
             else
               rails_account_model.new(account)

data/lib/rodauth/rails/feature/instrumentation.rb

@@ -49,9 +49,9 @@ module Rodauth
           ActiveSupport::Notifications.instrument("process_action.action_controller", raw_payload) do |payload|
             result = catch(:halt) { yield }
 
-            response = ActionDispatch::Response.new(*(result || [404, {}, []]))
-            payload[:response] = response
-            payload[:status] = response.status
+            rails_response = build_rails_response(result || [404, {}, []])
+            payload[:response] = rails_response
+            payload[:status] = rails_response.status
 
             throw :halt, result if result
           rescue => error
@@ -66,13 +66,19 @@ module Rodauth
           ActiveSupport::Notifications.instrument("redirect_to.action_controller", request: rails_request) do |payload|
             result = catch(:halt) { yield }
 
-            response = ActionDispatch::Response.new(*result)
-            payload[:status] = response.status
-            payload[:location] = response.filtered_location
+            rails_response = build_rails_response(result)
+            payload[:status] = rails_response.status
+            payload[:location] = rails_response.filtered_location
 
             throw :halt, result
           end
         end
+
+        def build_rails_response(args)
+          response = ActionDispatch::Response.new(*args)
+          response.request = rails_request
+          response
+        end
       end
     end
   end

data/lib/rodauth/rails/feature/internal_request.rb

@@ -4,14 +4,18 @@ module Rodauth
       module InternalRequest
         extend ActiveSupport::Concern
 
+        included do
+          auth_private_methods :rails_url_options
+        end
+
         def domain
-          return super unless missing_host? && rails_url_options
+          return super unless missing_host? && rails_url_options!
 
           rails_url_options.fetch(:host)
         end
 
         def base_url
-          return super unless missing_host? && domain && rails_url_options
+          return super unless missing_host? && domain && rails_url_options!
 
           scheme = rails_url_options[:protocol] || "http"
           port = rails_url_options[:port]
@@ -21,6 +25,11 @@ module Rodauth
           url
         end
 
+        def rails_url_options
+          return _rails_url_options if frozen? # handle path_class_methods feature
+          @rails_url_options ||= _rails_url_options
+        end
+
         private
 
         def rails_controller_around
@@ -44,11 +53,12 @@ module Rodauth
           internal_request? && (request.host.nil? || request.host == INVALID_DOMAIN) || scope.nil?
         end
 
-        def rails_url_options
-          return nil unless defined?(ActionMailer)
+        def rails_url_options!
+          rails_url_options.presence or fail Error, "There is no information to set the URL host from. Please set config.action_mailer.default_url_options in your Rails application, configure #domain and #base_url in your Rodauth configuration, or set #rails_url_options on the Rodauth instance."
+        end
 
-          ::Rails.configuration.action_mailer.default_url_options or
-            fail Error, "There is no information to set the URL host from. Please set config.action_mailer.default_url_options in your Rails application, or configure #domain and #base_url in your Rodauth configuration."
+        def _rails_url_options
+          defined?(ActionMailer) ? ActionMailer::Base.default_url_options.dup : {}
         end
       end
     end

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.14.1"
+    VERSION = "1.15.0"
   end
 end

data/rodauth-rails.gemspec

@@ -6,18 +6,18 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Janko Marohnić"]
   spec.email         = ["janko.marohnic@gmail.com"]
 
-  spec.summary       = %q{Provides Rails integration for Rodauth.}
-  spec.description   = %q{Provides Rails integration for Rodauth.}
+  spec.summary       = %q{Provides Rails integration for Rodauth authentication framework.}
+  spec.description   = %q{Provides Rails integration for Rodauth authentication framework.}
   spec.homepage      = "https://github.com/janko/rodauth-rails"
   spec.license       = "MIT"
 
   spec.required_ruby_version = ">= 2.5"
 
-  spec.files         = Dir["README.md", "LICENSE.txt", "CHANGELOG.md", "lib/**/*", "*.gemspec"]
+  spec.files         = Dir["README.md", "LICENSE.txt", "lib/**/*", "*.gemspec"]
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 5.0", "< 8"
-  spec.add_dependency "rodauth", "~> 2.34"
+  spec.add_dependency "rodauth", "~> 2.36"
   spec.add_dependency "roda", "~> 3.76"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
   spec.add_dependency "rodauth-model", "~> 0.2"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.14.1
+  version: 1.15.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-05-15 00:00:00.000000000 Z
+date: 2024-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -36,14 +36,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.34'
+        version: '2.36'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.34'
+        version: '2.36'
 - !ruby/object:Gem::Dependency
   name: roda
   requirement: !ruby/object:Gem::Requirement
@@ -170,17 +170,31 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Provides Rails integration for Rodauth.
+description: Provides Rails integration for Rodauth authentication framework.
 email:
 - janko.marohnic@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- CHANGELOG.md
 - LICENSE.txt
 - README.md
 - lib/generators/rodauth/install_generator.rb
+- lib/generators/rodauth/mailer/email_auth.erb
+- lib/generators/rodauth/mailer/otp_disabled.erb
+- lib/generators/rodauth/mailer/otp_locked_out.erb
+- lib/generators/rodauth/mailer/otp_setup.erb
+- lib/generators/rodauth/mailer/otp_unlock_failed.erb
+- lib/generators/rodauth/mailer/otp_unlocked.erb
+- lib/generators/rodauth/mailer/password_changed.erb
+- lib/generators/rodauth/mailer/reset_password.erb
+- lib/generators/rodauth/mailer/reset_password_notify.erb
+- lib/generators/rodauth/mailer/unlock_account.erb
+- lib/generators/rodauth/mailer/verify_account.erb
+- lib/generators/rodauth/mailer/verify_login_change.erb
+- lib/generators/rodauth/mailer/webauthn_authenticator_added.erb
+- lib/generators/rodauth/mailer/webauthn_authenticator_removed.erb
+- lib/generators/rodauth/mailer_generator.rb
 - lib/generators/rodauth/migration/active_record/account_expiration.erb
 - lib/generators/rodauth/migration/active_record/active_sessions.erb
 - lib/generators/rodauth/migration/active_record/audit_logging.erb
@@ -190,6 +204,7 @@ files:
 - lib/generators/rodauth/migration/active_record/jwt_refresh.erb
 - lib/generators/rodauth/migration/active_record/lockout.erb
 - lib/generators/rodauth/migration/active_record/otp.erb
+- lib/generators/rodauth/migration/active_record/otp_unlock.erb
 - lib/generators/rodauth/migration/active_record/password_expiration.erb
 - lib/generators/rodauth/migration/active_record/recovery_codes.erb
 - lib/generators/rodauth/migration/active_record/remember.erb
@@ -208,6 +223,7 @@ files:
 - lib/generators/rodauth/migration/sequel/jwt_refresh.erb
 - lib/generators/rodauth/migration/sequel/lockout.erb
 - lib/generators/rodauth/migration/sequel/otp.erb
+- lib/generators/rodauth/migration/sequel/otp_unlock.erb
 - lib/generators/rodauth/migration/sequel/password_expiration.erb
 - lib/generators/rodauth/migration/sequel/recovery_codes.erb
 - lib/generators/rodauth/migration/sequel/remember.erb
@@ -240,6 +256,8 @@ files:
 - lib/generators/rodauth/templates/app/views/rodauth/otp_auth.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/otp_disable.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/otp_setup.html.erb
+- lib/generators/rodauth/templates/app/views/rodauth/otp_unlock.html.erb
+- lib/generators/rodauth/templates/app/views/rodauth/otp_unlock_not_available.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/recovery_auth.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/recovery_codes.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/remember.html.erb
@@ -266,6 +284,8 @@ files:
 - lib/generators/rodauth/templates/app/views/rodauth/tailwind/otp_auth.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/tailwind/otp_disable.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/tailwind/otp_setup.html.erb
+- lib/generators/rodauth/templates/app/views/rodauth/tailwind/otp_unlock.html.erb
+- lib/generators/rodauth/templates/app/views/rodauth/tailwind/otp_unlock_not_available.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/tailwind/recovery_auth.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/tailwind/recovery_codes.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/tailwind/remember.html.erb
@@ -301,12 +321,19 @@ files:
 - lib/generators/rodauth/templates/app/views/rodauth/webauthn_remove.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/webauthn_setup.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/email_auth.text.erb
+- lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_disabled.text.erb
+- lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_locked_out.text.erb
+- lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_setup.text.erb
+- lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_unlock_failed.text.erb
+- lib/generators/rodauth/templates/app/views/rodauth_mailer/otp_unlocked.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/password_changed.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/reset_password.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/reset_password_notify.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/unlock_account.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_account.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_login_change.text.erb
+- lib/generators/rodauth/templates/app/views/rodauth_mailer/webauthn_authenticator_added.text.erb
+- lib/generators/rodauth/templates/app/views/rodauth_mailer/webauthn_authenticator_removed.text.erb
 - lib/generators/rodauth/templates/config/initializers/rodauth.rb.tt
 - lib/generators/rodauth/templates/db/migrate/create_rodauth.rb.tt
 - lib/generators/rodauth/templates/test/fixtures/accounts.yml.tt
@@ -352,8 +379,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.9
+rubygems_version: 3.5.11
 signing_key:
 specification_version: 4
-summary: Provides Rails integration for Rodauth.
+summary: Provides Rails integration for Rodauth authentication framework.
 test_files: []