rodauth-rails 1.2.2 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 402cbf2f62d93eae97353a3aed436ce742b41421e880176649a7271c5516b39c
-  data.tar.gz: ca035e7a60c54b4e1b6f2a42ea6405f43811146141c30c5a6d14fd7c0600669e
+  metadata.gz: 8b5fb22e3d8c84eafedffa3463b4e0ecdf481189b8b48adc2d31005f86251d87
+  data.tar.gz: 142e229b7c9a9b078f773f99885117268e759df2eb49e5252ce21754dcf61763
 SHA512:
-  metadata.gz: 888fd37f380d6f4896b544374c6681445dbb0e90d692dd7c0239aa043c9d6c0cb2aaafa9b47f271cd6cc70ad3a6c88693c988901aed1e5bc0f77ed5c92cb4ab1
-  data.tar.gz: 48fe23bfbd3d78c3378ab47ecf92ffd7f87fe768f996764a71b8534a2cab8731ebc080998b03ea9a78f1fecd949548782ca8e38dc17c56fa2606ea11f7a7fbe9
+  metadata.gz: b1c30c5b1714a80466ad3775720be50d2f02b8d06d016638e6d1ebfb7515cd6060463b975f9810977fe74eb7330ce12b9c6ff81839e41b2e4044615c606ca7bb
+  data.tar.gz: 4a532058b27cfc07d2ed234457b880a609c7b35186db976a547be2e83d1c18df7ac72402a9d52155819f2d97edb63b0e7742e908b6cb3ed1b40c2deae18e7e2e

data/CHANGELOG.md

@@ -1,3 +1,25 @@
+## 1.4.0 (2022-05-04)
+
+* Move association definitions to `#associations` Rodauth method, allowing external features to extend them (@janko)
+
+* Add Sequel support for generating database migrations, model, and mailer (@janko)
+
+* Skip calling Rodauth app on asset requests when using Sprockets or Propshaft (@janko)
+
+## 1.3.1 (2022-04-22)
+
+* Ensure response status is logged when calling a halting rodauth method inside a controller (@janko)
+
+## 1.3.0 (2022-04-01)
+
+* Store password hash on the `accounts` table in generated Rodauth migration and configuration (@janko)
+
+* Add support for controller testing with Minitest or RSpec (@janko)
+
+* Fix `enum` declaration in generated `Account` model for Active Record < 7.0 (@janko)
+
+* Ensure `require_login_redirect` points to the login page even if the login route changes (@janko)
+
 ## 1.2.2 (2022-02-22)
 
 * Fix flash messages not being preserved through consecutive redirects (@janko)

data/README.md

@@ -10,7 +10,6 @@ Provides Rails integration for the [Rodauth] authentication framework.
 * [Rails demo](https://github.com/janko/rodauth-demo-rails)
 * [JSON API guide](https://github.com/janko/rodauth-rails/wiki/JSON-API)
 * [OmniAuth guide](https://github.com/janko/rodauth-rails/wiki/OmniAuth)
-* [Testing guide](https://github.com/janko/rodauth-rails/wiki/Testing)
 
 🎥 Screencasts:
 
@@ -40,7 +39,7 @@ of the advantages that stand out for me:
 * consistent before/after hooks around everything
 * dedicated object encapsulating all authentication logic
 
-One commmon concern is the fact that, unlike most other authentication
+One common concern is the fact that, unlike most other authentication
 frameworks for Rails, Rodauth uses [Sequel] for database interaction instead of
 Active Record. There are good reasons for this, and to make Rodauth work
 smoothly alongside Active Record, rodauth-rails configures Sequel to [reuse
@@ -615,6 +614,33 @@ Rodauth::Rails.model(association_options: -> (name) {
 })
 ```
 
+#### Extending Associations
+
+External features can extend the list of associations with their own
+definitions, which the model mixin will pick up and declare the new associations
+on the model.
+
+```rb
+# lib/rodauth/features/foo.rb
+module Rodauth
+  Feature.define(:foo, :Foo) do
+    auth_value_method :foo_table, :account_foos
+    auth_value_method :foo_id_column, :id
+
+    def associations
+      list = super
+      list << {
+        name: :foo, # will define `Account::Foo` model
+        type: :one, # or :many
+        table: foo_table,
+        foreign_key: foo_id_column
+      }
+      list
+    end
+  end
+end
+```
+
 ## Multiple configurations
 
 If you need to handle multiple types of accounts that require different
@@ -783,6 +809,86 @@ Rodauth::Rails.rodauth(session: { two_factor_auth_setup: true })
 Rodauth::Rails.rodauth(:admin, params: { "param" => "value" })
 ```
 
+## Testing
+
+For system and integration tests, which run the whole middleware stack,
+authentication can be exercised normally via HTTP endpoints. See [this wiki
+page](https://github.com/janko/rodauth-rails/wiki/Testing) for some examples.
+
+For controller tests, you can log in accounts by modifying the session:
+
+```rb
+# app/controllers/articles_controller.rb
+class ArticlesController < ApplicationController
+  before_action -> { rodauth.require_authentication }
+
+  def index
+    # ...
+  end
+end
+```
+```rb
+# test/controllers/articles_controller_test.rb
+class ArticlesControllerTest < ActionController::TestCase
+  test "required authentication" do
+    get :index
+
+    assert_response 302
+    assert_redirected_to "/login"
+    assert_equal "Please login to continue", flash[:alert]
+
+    account = Account.create!(email: "user@example.com", password: "secret", status: "verified")
+    login(account)
+
+    get :index
+    assert_response 200
+
+    logout
+
+    get :index
+    assert_response 302
+    assert_equal "Please login to continue", flash[:alert]
+  end
+
+  private
+
+  # Manually modify the session into what Rodauth expects.
+  def login(account)
+    session[:account_id] = account.id
+    session[:authenticated_by] = ["password"] # or ["password", "totp"] for MFA
+  end
+
+  def logout
+    session.clear
+  end
+end
+```
+
+If you're using multiple configurations with different session prefixes, you'll need
+to make sure to use those in controller tests as well:
+
+```rb
+class RodauthAdmin < Rodauth::Rails::Auth
+  configure do
+    session_key_prefix "admin_"
+  end
+end
+```
+```rb
+# in a controller test:
+session[:admin_account_id] = account.id
+session[:admin_authenticated_by] = ["password"]
+```
+
+If you want to access the Rodauth instance in controller tests, you can do so
+through the controller instance:
+
+```rb
+# in a controller test:
+@controller.rodauth         #=> #<RodauthMain ...>
+@controller.rodauth(:admin) #=> #<RodauthAdmin ...>
+```
+
 ## Configuring
 
 ### Configuration methods

data/lib/generators/rodauth/install_generator.rb

@@ -1,15 +1,10 @@
 require "rails/generators/base"
-require "rails/generators/active_record/migration"
-require "generators/rodauth/migration_helpers"
 require "securerandom"
 
 module Rodauth
   module Rails
     module Generators
       class InstallGenerator < ::Rails::Generators::Base
-        include ::ActiveRecord::Generators::Migration
-        include MigrationHelpers
-
         if RUBY_ENGINE == "jruby"
           SEQUEL_ADAPTERS = {
             "sqlite3"         => "sqlite",
@@ -40,9 +35,7 @@ module Rodauth
         class_option :jwt, type: :boolean, desc: "Configure JWT support"
 
         def create_rodauth_migration
-          return unless defined?(ActiveRecord::Railtie)
-
-          migration_template "db/migrate/create_rodauth.rb"
+          invoke "rodauth:migration", migration_features, name: "create_rodauth"
         end
 
         def create_rodauth_initializer
@@ -66,8 +59,6 @@ module Rodauth
         end
 
         def create_account_model
-          return unless defined?(ActiveRecord::Railtie)
-
           template "app/models/account.rb"
         end
 
@@ -112,6 +103,14 @@ module Rodauth
           scheme = "jdbc:#{scheme}" if RUBY_ENGINE == "jruby"
           scheme
         end
+
+        def activerecord_adapter
+          if ActiveRecord::Base.respond_to?(:connection_db_config)
+            ActiveRecord::Base.connection_db_config.adapter
+          else
+            ActiveRecord::Base.connection_config.fetch(:adapter)
+          end
+        end
       end
     end
   end

data/lib/generators/rodauth/migration/{base.erb → active_record/base.erb}

@@ -3,23 +3,18 @@ enable_extension "citext"
 
 <% end -%>
 create_table :accounts<%= primary_key_type %> do |t|
+  t.integer :status, null: false, default: 1
 <% case activerecord_adapter -%>
 <% when "postgresql" -%>
   t.citext :email, null: false
 <% else -%>
   t.string :email, null: false
 <% end -%>
-  t.integer :status, null: false, default: 1
 <% case activerecord_adapter -%>
 <% when "postgresql", "sqlite3" -%>
   t.index :email, unique: true, where: "status IN (1, 2)"
 <% else -%>
   t.index :email, unique: true
 <% end -%>
-end
-
-# Used if storing password hashes in a separate table (default)
-create_table :account_password_hashes<%= primary_key_type %> do |t|
-  t.foreign_key :accounts, column: :id
-  t.string :password_hash, null: false
+  t.string :password_hash
 end

data/lib/generators/rodauth/migration/{disallow_password_reuse.erb → active_record/disallow_password_reuse.erb}

@@ -1,4 +1,4 @@
-# Used by the disallow_password_reuse feature
+# Used by the disallow password reuse feature
 create_table :account_previous_password_hashes do |t|
   t.references :account, foreign_key: true<%= primary_key_type(:type) %>
   t.string :password_hash, null: false

data/lib/generators/rodauth/migration/sequel/account_expiration.erb

@@ -0,0 +1,7 @@
+# Used by the account expiration feature
+create_table :account_activity_times do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  DateTime :last_activity_at, null: false
+  DateTime :last_login_at, null: false
+  DateTime :expired_at
+end

data/lib/generators/rodauth/migration/sequel/active_sessions.erb

@@ -0,0 +1,8 @@
+# Used by the active sessions feature
+create_table :account_active_session_keys do
+  foreign_key :account_id, :accounts, type: :Bignum
+  String :session_id
+  Time :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+  Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
+  primary_key [:account_id, :session_id]
+end

data/lib/generators/rodauth/migration/sequel/audit_logging.erb

@@ -0,0 +1,17 @@
+# Used by the audit logging feature
+create_table :account_authentication_audit_logs do
+  primary_key :id, type: :Bignum
+  foreign_key :account_id, :accounts, null: false, type: :Bignum
+  DateTime :at, null: false, default: Sequel::CURRENT_TIMESTAMP
+  String :message, null: false
+<% case db.database_type -%>
+<% when :postgres -%>
+  jsonb :metadata
+<% when :sqlite, :mysql -%>
+  json :metadata
+<% else -%>
+  String :metadata
+<% end -%>
+  index [:account_id, :at], name: :audit_account_at_idx
+  index :at, name: :audit_at_idx
+end

data/lib/generators/rodauth/migration/sequel/base.erb

@@ -0,0 +1,25 @@
+<% if db.database_type == :postgres -%>
+enable_extension "citext"
+
+<% end -%>
+create_table :accounts do
+  primary_key :id, type: :Bignum
+<% if db.database_type == :postgres -%>
+  citext :email, null: false
+  constraint :valid_email, email: /^[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+$/
+<% else -%>
+  String :email, null: false
+<% end -%>
+  String :status, null: false, default: "unverified"
+<% if db.supports_partial_indexes? -%>
+  index :email, unique: true, where: { status: ["unverified", "verified"] }
+<% else -%>
+  index :email, unique: true
+<% end -%>
+end
+
+# Used if storing password hashes in a separate table (default)
+create_table :account_password_hashes do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :password_hash, null: false
+end

data/lib/generators/rodauth/migration/sequel/disallow_password_reuse.erb

@@ -0,0 +1,6 @@
+# Used by the disallow password reuse feature
+create_table :account_previous_password_hashes do
+  primary_key :id, type: :Bignum
+  foreign_key :account_id, :accounts, type: :Bignum
+  String :password_hash, null: false
+end

data/lib/generators/rodauth/migration/sequel/email_auth.erb

@@ -0,0 +1,7 @@
+# Used by the email auth feature
+create_table :account_email_auth_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+  DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/jwt_refresh.erb

@@ -0,0 +1,8 @@
+# Used by the jwt refresh feature
+create_table :account_jwt_refresh_keys do
+  primary_key :id, type: :Bignum
+  foreign_key :account_id, :accounts, null: false, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+  index :account_id, name: :account_jwt_rk_account_id_idx
+end

data/lib/generators/rodauth/migration/sequel/lockout.erb

@@ -0,0 +1,11 @@
+# Used by the lockout feature
+create_table :account_login_failures do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  Integer :number, null: false, default: 1
+end
+create_table :account_lockouts do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+  DateTime :email_last_sent
+end

data/lib/generators/rodauth/migration/sequel/otp.erb

@@ -0,0 +1,7 @@
+# Used by the otp feature
+create_table :account_otp_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  Integer :num_failures, null: false, default: 0
+  Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/password_expiration.erb

@@ -0,0 +1,5 @@
+# Used by the password expiration feature
+create_table :account_password_change_times do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  DateTime :changed_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/recovery_codes.erb

@@ -0,0 +1,6 @@
+# Used by the recovery codes feature
+create_table :account_recovery_codes do
+  foreign_key :id, :accounts, type: :Bignum
+  String :code
+  primary_key [:id, :code]
+end

data/lib/generators/rodauth/migration/sequel/remember.erb

@@ -0,0 +1,6 @@
+# Used by the remember me feature
+create_table :account_remember_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+end

data/lib/generators/rodauth/migration/sequel/reset_password.erb

@@ -0,0 +1,7 @@
+# Used by the password reset feature
+create_table :account_password_reset_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+  DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/single_session.erb

@@ -0,0 +1,5 @@
+# Used by the single session feature
+create_table :account_session_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+end

data/lib/generators/rodauth/migration/sequel/sms_codes.erb

@@ -0,0 +1,8 @@
+# Used by the sms codes feature
+create_table :account_sms_codes do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :phone_number, null: false
+  Integer :num_failures
+  String :code
+  DateTime :code_issued_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/verify_account.erb

@@ -0,0 +1,7 @@
+# Used by the account verification feature
+create_table :account_verification_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :requested_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+  DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/verify_login_change.erb

@@ -0,0 +1,7 @@
+# Used by the verify login change feature
+create_table :account_login_change_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  String :login, null: false
+  DateTime :deadline, null: false
+end

data/lib/generators/rodauth/migration/sequel/webauthn.erb

@@ -0,0 +1,13 @@
+# Used by the webauthn feature
+create_table :account_webauthn_user_ids do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :webauthn_id, null: false
+end
+create_table :account_webauthn_keys do
+  foreign_key :account_id, :accounts, type: :Bignum
+  String :webauthn_id
+  String :public_key, null: false
+  Integer :sign_count, null: false
+  Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
+  primary_key [:account_id, :webauthn_id]
+end

data/lib/generators/rodauth/migration_generator.rb

@@ -1,14 +1,11 @@
 require "rails/generators/base"
 require "rails/generators/active_record/migration"
-require "generators/rodauth/migration_helpers"
+require "erb"
 
 module Rodauth
   module Rails
     module Generators
       class MigrationGenerator < ::Rails::Generators::Base
-        include ::ActiveRecord::Generators::Migration
-        include MigrationHelpers
-
         source_root "#{__dir__}/templates"
         namespace "rodauth:migration"
 
@@ -20,19 +17,102 @@ module Rodauth
           desc: "Name of the generated migration file"
 
         def create_rodauth_migration
-          return unless defined?(ActiveRecord::Railtie)
           return if features.empty?
 
-          migration_template "db/migrate/create_rodauth.rb", "#{migration_name}.rb"
+          migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "#{migration_name}.rb")
         end
 
-        def migration_features
-          features
-        end
+        private
 
         def migration_name
           options[:name] || "create_rodauth_#{features.join("_")}"
         end
+
+        def migration_content
+          features
+            .select { |feature| File.exist?(migration_chunk(feature)) }
+            .map { |feature| File.read(migration_chunk(feature)) }
+            .map { |content| erb_eval(content) }
+            .join("\n")
+            .indent(4)
+        end
+
+        def erb_eval(content)
+          if ERB.version[/\d+\.\d+\.\d+/].to_s >= "2.2.0"
+            ERB.new(content, trim_mode: "-").result(binding)
+          else
+            ERB.new(content, 0, "-").result(binding)
+          end
+        end
+
+        if defined?(::ActiveRecord::Railtie) # Active Record
+          include ::ActiveRecord::Generators::Migration
+
+          def db_migrate_path
+            return "db/migrate" unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+            super
+          end
+
+          def migration_chunk(feature)
+            "#{__dir__}/migration/active_record/#{feature}.erb"
+          end
+
+          def migration_version
+            return unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+            "[#{ActiveRecord::Migration.current_version}]"
+          end
+
+          def activerecord_adapter
+            if ActiveRecord::Base.respond_to?(:connection_db_config)
+              ActiveRecord::Base.connection_db_config.adapter
+            else
+              ActiveRecord::Base.connection_config.fetch(:adapter)
+            end
+          end
+
+          def primary_key_type(key = :id)
+            generators  = ::Rails.application.config.generators
+            column_type = generators.options[:active_record][:primary_key_type]
+
+            return unless column_type
+
+            if key
+              ", #{key}: :#{column_type}"
+            else
+              column_type
+            end
+          end
+
+          def current_timestamp
+            if ActiveRecord.version >= Gem::Version.new("5.0")
+              %(-> { "CURRENT_TIMESTAMP" })
+            else
+              %(OpenStruct.new(quoted_id: "CURRENT_TIMESTAMP"))
+            end
+          end
+        else # Sequel
+          include ::Rails::Generators::Migration
+
+          def self.next_migration_number(dirname)
+            next_migration_number = current_migration_number(dirname) + 1
+            [Time.now.utc.strftime('%Y%m%d%H%M%S'), format('%.14d', next_migration_number)].max
+          end
+
+          def db_migrate_path
+            "db/migrate"
+          end
+
+          def migration_chunk(feature)
+            "#{__dir__}/migration/sequel/#{feature}.erb"
+          end
+
+          def db
+            db = ::Sequel::DATABASES.first if defined?(::Sequel)
+            db or fail Rodauth::Rails::Error, "missing Sequel database connection"
+          end
+        end
       end
     end
   end