RubyGems - rodauth-rails - Versions diffs - 1.2.0 → 1.3.0 - Mend

rodauth-rails 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +18 -0
data/README.md +87 -4
data/lib/generators/rodauth/migration/base.erb +2 -7
data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb +4 -1
data/lib/generators/rodauth/templates/app/models/account.rb +4 -0
data/lib/rodauth/rails/app/flash.rb +1 -2
data/lib/rodauth/rails/feature/instrumentation.rb +1 -1
data/lib/rodauth/rails/railtie.rb +9 -0
data/lib/rodauth/rails/test/controller.rb +41 -0
data/lib/rodauth/rails/test.rb +7 -0
data/lib/rodauth/rails/version.rb +1 -1
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f93b80457e9c6e9ea6083974e05514de8e605b0f9a4015fe765ffc1c4059c5ee
-  data.tar.gz: '06877735d144b893b1a7a08f125e34316196679e47038112c6df215e352268c6'
+  metadata.gz: b1f519c5d15eb6c70585c8cfa625106dec267b4e7f666daeeb9499ef61c656e7
+  data.tar.gz: 1bc84d1dba6ab9ab884a56f47419e207655c90f1d71d32b009575ab169fc0b3d
 SHA512:
-  metadata.gz: 7f26bf373cb8a64e2e0d5156aff9ca94e468d9eb257dcd2e34f702d43a6506bacdc7a22bd85090ddefddc972ebb25b22f3012bca2f21b84aece970d138159166
-  data.tar.gz: b5811e6ae069e71f7cd8be35b9bd884c463aa709a1be4abc6fd792bf747ba7aabe0d7aa2f3f4f7c43466f153b163912d55957d0fd84d1314b37ac60ca4a5b221
+  metadata.gz: 88ccdb974fe6b6dd0e797cf5307656c80d7038c820eab897b277b6c22bd1bc61cc00e7e39295d2a98fc313530ad658c6be80e043dde595d3514c3a51fa0572a4
+  data.tar.gz: d17fc8142a16f18ff485446d94e68ed4672faa64edfa8aaac3b400e9060f9638575a577ff232b83a1360a58e8655199c1ab88972f77a3af0f45d76f3514b7df5

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,21 @@
+## 1.3.0 (2022-04-01)
+* Store password hash on the `accounts` table in generated Rodauth migration and configuration (@janko)
+* Add support for controller testing with Minitest or RSpec (@janko)
+* Fix `enum` declaration in generated `Account` model for Active Record < 7.0 (@janko)
+* Ensure `require_login_redirect` points to the login page even if the login route changes (@janko)
+## 1.2.2 (2022-02-22)
+* Fix flash messages not being preserved through consecutive redirects (@janko)
+## 1.2.1 (2022-02-19)
+* Change `accounts.status` column type from string to integer (@zhongsheng)
 ## 1.2.0 (2022-02-11)
 * Work around Active Record 4.2 not supporting procs for literal SQL column default (@janko)

data/README.md CHANGED Viewed

@@ -4,15 +4,18 @@ Provides Rails integration for the [Rodauth] authentication framework.
 ## Resources
-Useful links:
+🔗 Useful links:
 * [Rodauth documentation](http://rodauth.jeremyevans.net/documentation.html)
 * [Rails demo](https://github.com/janko/rodauth-demo-rails)
 * [JSON API guide](https://github.com/janko/rodauth-rails/wiki/JSON-API)
 * [OmniAuth guide](https://github.com/janko/rodauth-rails/wiki/OmniAuth)
-* [Testing guide](https://github.com/janko/rodauth-rails/wiki/Testing)
-Articles:
+🎥 Screencasts:
+* [Rails Authentication with Rodauth](https://www.youtube.com/watch?v=2hDpNikacf0)
+📚 Articles:
 * [Rodauth: A Refreshing Authentication Solution for Ruby](https://janko.io/rodauth-a-refreshing-authentication-solution-for-ruby/)
 * [Rails Authentication with Rodauth](https://janko.io/adding-authentication-in-rails-with-rodauth/)
@@ -36,7 +39,7 @@ of the advantages that stand out for me:
 * consistent before/after hooks around everything
 * dedicated object encapsulating all authentication logic
-One commmon concern is the fact that, unlike most other authentication
+One common concern is the fact that, unlike most other authentication
 frameworks for Rails, Rodauth uses [Sequel] for database interaction instead of
 Active Record. There are good reasons for this, and to make Rodauth work
 smoothly alongside Active Record, rodauth-rails configures Sequel to [reuse
@@ -779,6 +782,86 @@ Rodauth::Rails.rodauth(session: { two_factor_auth_setup: true })
 Rodauth::Rails.rodauth(:admin, params: { "param" => "value" })
 ```
+## Testing
+For system and integration tests, which run the whole middleware stack,
+authentication can be exercised normally via HTTP endpoints. See [this wiki
+page](https://github.com/janko/rodauth-rails/wiki/Testing) for some examples.
+For controller tests, you can log in accounts by modifying the session:
+```rb
+# app/controllers/articles_controller.rb
+class ArticlesController < ApplicationController
+  before_action -> { rodauth.require_authentication }
+  def index
+    # ...
+  end
+end
+```
+```rb
+# test/controllers/articles_controller_test.rb
+class ArticlesControllerTest < ActionController::TestCase
+  test "required authentication" do
+    get :index
+    assert_response 302
+    assert_redirected_to "/login"
+    assert_equal "Please login to continue", flash[:alert]
+    account = Account.create!(email: "user@example.com", password: "secret", status: "verified")
+    login(account)
+    get :index
+    assert_response 200
+    logout
+    get :index
+    assert_response 302
+    assert_equal "Please login to continue", flash[:alert]
+  end
+  private
+  # Manually modify the session into what Rodauth expects.
+  def login(account)
+    session[:account_id] = account.id
+    session[:authenticated_by] = ["password"] # or ["password", "totp"] for MFA
+  end
+  def logout
+    session.clear
+  end
+end
+```
+If you're using multiple configurations with different session prefixes, you'll need
+to make sure to use those in controller tests as well:
+```rb
+class RodauthAdmin < Rodauth::Rails::Auth
+  configure do
+    session_key_prefix "admin_"
+  end
+end
+```
+```rb
+# in a controller test:
+session[:admin_account_id] = account.id
+session[:admin_authenticated_by] = ["password"]
+```
+If you want to access the Rodauth instance in controller tests, you can do so
+through the controller instance:
+```rb
+# in a controller test:
+@controller.rodauth         #=> #<RodauthMain ...>
+@controller.rodauth(:admin) #=> #<RodauthAdmin ...>
+```
 ## Configuring
 ### Configuration methods

data/lib/generators/rodauth/migration/base.erb CHANGED Viewed

@@ -3,23 +3,18 @@ enable_extension "citext"
 <% end -%>
 create_table :accounts<%= primary_key_type %> do |t|
+  t.integer :status, null: false, default: 1
 <% case activerecord_adapter -%>
 <% when "postgresql" -%>
   t.citext :email, null: false
 <% else -%>
   t.string :email, null: false
 <% end -%>
-  t.string :status, null: false, default: 1
 <% case activerecord_adapter -%>
 <% when "postgresql", "sqlite3" -%>
   t.index :email, unique: true, where: "status IN (1, 2)"
 <% else -%>
   t.index :email, unique: true
 <% end -%>
-end
-# Used if storing password hashes in a separate table (default)
-create_table :account_password_hashes<%= primary_key_type %> do |t|
-  t.foreign_key :accounts, column: :id
-  t.string :password_hash, null: false
+  t.string :password_hash
 end

data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb CHANGED Viewed

@@ -35,7 +35,7 @@ class RodauthMain < Rodauth::Rails::Auth
     account_status_column :status
     # Store password hash in a column instead of a separate table.
-    # account_password_hash_column :password_digest
+    account_password_hash_column :password_hash
     # Set password when creating account instead of when verifying.
     verify_account_set_password? false
@@ -138,6 +138,9 @@ class RodauthMain < Rodauth::Rails::Auth
     # Redirect to login page after password reset.
     reset_password_redirect { login_path }
+    # Ensure requiring login follows login route changes.
+    require_login_redirect { login_path }
 <% end -%>
     # ==> Deadlines

data/lib/generators/rodauth/templates/app/models/account.rb CHANGED Viewed

@@ -1,4 +1,8 @@
 class Account < ApplicationRecord
   include Rodauth::Rails.model
+<% if ActiveRecord.version >= Gem::Version.new("7.0") -%>
   enum :status, unverified: 1, verified: 2, closed: 3
+<% else -%>
+  enum status: { unverified: 1, verified: 2, closed: 3 }
+<% end -%>
 end

data/lib/rodauth/rails/app/flash.rb CHANGED Viewed

@@ -8,8 +8,7 @@ module Rodauth
         end
         def self.configure(app)
-          app.before { request.flash }        # load flash
-          app.after  { request.commit_flash } # save flash
+          app.after { request.commit_flash }
         end
         module InstanceMethods

data/lib/rodauth/rails/feature/instrumentation.rb CHANGED Viewed

@@ -40,7 +40,7 @@ module Rodauth
             begin
               result = catch(:halt) { yield }
-              response = ActionDispatch::Response.new *(result || [404, {}, []])
+              response = ActionDispatch::Response.new(*(result || [404, {}, []]))
               payload[:response] = response
               payload[:status] = response.status

data/lib/rodauth/rails/railtie.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require "rodauth/rails/middleware"
 require "rodauth/rails/controller_methods"
+require "rodauth/rails/test"
 require "rails"
@@ -21,6 +22,14 @@ module Rodauth
       initializer "rodauth.test" do
         # Rodauth uses RACK_ENV to set the default bcrypt hash cost
         ENV["RACK_ENV"] = "test" if ::Rails.env.test?
+        if ActionPack.version >= Gem::Version.new("5.0")
+          ActiveSupport.on_load(:action_controller_test_case) do
+            include Rodauth::Rails::Test::Controller
+          end
+        else
+          ActionController::TestCase.include Rodauth::Rails::Test::Controller
+        end
       end
       rake_tasks do

data/lib/rodauth/rails/test/controller.rb ADDED Viewed

@@ -0,0 +1,41 @@
+require "active_support/concern"
+module Rodauth
+  module Rails
+    module Test
+      module Controller
+        extend ActiveSupport::Concern
+        included do
+          setup :setup_rodauth
+        end
+        def process(*)
+          catch_rodauth { super }
+        end
+        ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true)
+        private
+        def setup_rodauth
+          Rodauth::Rails.app.opts[:rodauths].each do |name, auth_class|
+            scope = auth_class.roda_class.new(request.env)
+            request.env[["rodauth", *name].join(".")] = auth_class.new(scope)
+          end
+        end
+        def catch_rodauth(&block)
+          result = catch(:halt, &block)
+          if result.is_a?(Array) # rodauth response
+            response.status = result[0]
+            response.headers.merge! result[1]
+            response.body = result[2]
+          end
+          response
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/test.rb ADDED Viewed

@@ -0,0 +1,7 @@
+module Rodauth
+  module Rails
+    module Test
+      autoload :Controller, "rodauth/rails/test/controller"
+    end
+  end
+end

data/lib/rodauth/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.2.0"
+    VERSION = "1.3.0"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-11 00:00:00.000000000 Z
+date: 2022-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -247,6 +247,8 @@ files:
 - lib/rodauth/rails/model/associations.rb
 - lib/rodauth/rails/railtie.rb
 - lib/rodauth/rails/tasks.rake
+- lib/rodauth/rails/test.rb
+- lib/rodauth/rails/test/controller.rb
 - lib/rodauth/rails/version.rb
 - rodauth-rails.gemspec
 homepage: https://github.com/janko/rodauth-rails