rodauth-rails 1.3.1 → 1.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4e268594e5890725cbba25ee24ab158df204ada3789aeebe428b737307128d9e
-  data.tar.gz: dca778863032dc428ac44b5feca48fe430ef55ea64f4e10050293d1c1a3d95c6
+  metadata.gz: 9a42fbc8522feb0a7d18227ca1cb3d79448c6d5d824befb040699afdb69318ea
+  data.tar.gz: 4d60492cc1ea2acf8176ffb6a05c6f0aba7deda63d1541da42de7f558e55b6e6
 SHA512:
-  metadata.gz: 9008b2381959811820eca625f68c5df7ec2021319ceb2c7bdf6c75412f32ea51f01ffabd716da73f6565e263e0a74699c2c940a70296adf0b9c0b8576ef8e3de
-  data.tar.gz: 4b0d70d43ff624b610bcded93a528b089d103f11975b7fdec9c8bd38b1f81b5c003de2fa1e4068f2c2006841f91783044280fa575ec5951b2ae319f4836a49b7
+  metadata.gz: 8782debac4a0b3bea9bb1849ab0817966f62c3bcf0cf352c2cf83d68e0fc35bce83a321e8c49f96d027450b87d6c196afd1e451a6e79e53cd35328dd84893d8c
+  data.tar.gz: 24de3dec4d061a9421de53062d75959d67091aff43dc26bf7f7fd749664e2288a4a9c198f24fa4ce8890b0c88f38c294d85a565b09aae330c0bcf7674242f112

data/CHANGELOG.md

@@ -1,3 +1,29 @@
+## 1.4.2 (2022-05-15)
+
+* Stop passing email addresses in mailer arguments on verifying login change (@janko)
+
+* Extract finding account into a method in the generated mailer (@janko)
+
+* Make generated Action Mailer integration work with secondary Rodauth configurations (@janko)
+
+* Include `Rodauth::Rails.model` in generated Sequel account model as well (@janko)
+
+## 1.4.1 (2022-05-08)
+
+* Deprecate `Rodauth::Rails::Model` constant (@janko)
+
+* Remove `Rodauth::Rails::Auth#associations` in favour of new association registration API (@janko)
+
+* Extract model mixin into the rodauth-model gem (@janko)
+
+## 1.4.0 (2022-05-04)
+
+* Move association definitions to `#associations` Rodauth method, allowing external features to extend them (@janko)
+
+* Add Sequel support for generating database migrations, model, and mailer (@janko)
+
+* Skip calling Rodauth app on asset requests when using Sprockets or Propshaft (@janko)
+
 ## 1.3.1 (2022-04-22)
 
 * Ensure response status is logged when calling a halting rodauth method inside a controller (@janko)

data/README.md

@@ -484,21 +484,19 @@ end
 
 ## Model
 
-The `Rodauth::Rails::Model` mixin can be included into the account model, which
-defines a password attribute and associations for tables used by enabled
-authentication features.
+The [rodauth-model] gem provides a `Rodauth::Model` mixin that can be included
+into the account model, which defines a password attribute and associations for
+tables used by enabled authentication features.
 
 ```rb
-class Account < ApplicationRecord
+class Account < ActiveRecord::Base # Sequel::Model
   include Rodauth::Rails.model # or `Rodauth::Rails.model(:admin)`
 end
 ```
 
-### Password attribute
-
-Regardless of whether you're storing the password hash in a column in the
-accounts table, or in a separate table, the `#password` attribute can be used
-to set or clear the password hash.
+The password attribute can be used to set or clear the password hash. It
+handles both storing the password hash in a column on the accounts table, or in
+a separate table.
 
 ```rb
 account = Account.create!(email: "user@example.com", password: "secret")
@@ -514,105 +512,14 @@ account.password = nil # clears password hash
 account.password_hash #=> nil
 ```
 
-Note that the password attribute doesn't come with validations, making it
-unsuitable for forms. It was primarily intended to allow easily creating
-accounts in development console and in tests.
-
-### Associations
-
-The `Rodauth::Rails::Model` mixin defines associations for Rodauth tables
-associated to the accounts table:
+The associations are defined for tables used by enabled authentication features:
 
 ```rb
 account.remember_key #=> #<Account::RememberKey> (record from `account_remember_keys` table)
 account.active_session_keys #=> [#<Account::ActiveSessionKey>,...] (records from `account_active_session_keys` table)
 ```
 
-You can also reference the associated models directly:
-
-```rb
-# model referencing the `account_authentication_audit_logs` table
-Account::AuthenticationAuditLog.where(message: "login").group(:account_id)
-```
-
-The associated models define the inverse `belongs_to :account` association:
-
-```rb
-Account::ActiveSessionKey.includes(:account).map(&:account)
-```
-
-Here is an example of using associations to create a method that returns
-whether the account has multifactor authentication enabled:
-
-```rb
-class Account < ApplicationRecord
-  include Rodauth::Rails.model
-
-  def mfa_enabled?
-    otp_key || (sms_code && sms_code.num_failures.nil?) || recovery_codes.any?
-  end
-end
-```
-
-Here is another example of creating a query scope that selects accounts with
-multifactor authentication enabled:
-
-```rb
-class Account < ApplicationRecord
-  include Rodauth::Rails.model
-
-  scope :otp_setup, -> { where(otp_key: OtpKey.all) }
-  scope :sms_codes_setup, -> { where(sms_code: SmsCode.where(num_failures: nil)) }
-  scope :recovery_codes_setup, -> { where(recovery_codes: RecoveryCode.all) }
-  scope :mfa_enabled, -> { merge(otp_setup.or(sms_codes_setup).or(recovery_codes_setup)) }
-end
-```
-
-#### Association reference
-
-Below is a list of all associations defined depending on the features loaded:
-
-| Feature                 | Association                  | Type       | Model                    | Table (default)                     |
-| :------                 | :----------                  | :---       | :----                    | :----                               |
-| account_expiration      | `:activity_time`             | `has_one`  | `ActivityTime`           | `account_activity_times`            |
-| active_sessions         | `:active_session_keys`       | `has_many` | `ActiveSessionKey`       | `account_active_session_keys`       |
-| audit_logging           | `:authentication_audit_logs` | `has_many` | `AuthenticationAuditLog` | `account_authentication_audit_logs` |
-| disallow_password_reuse | `:previous_password_hashes`  | `has_many` | `PreviousPasswordHash`   | `account_previous_password_hashes`  |
-| email_auth              | `:email_auth_key`            | `has_one`  | `EmailAuthKey`           | `account_email_auth_keys`           |
-| jwt_refresh             | `:jwt_refresh_keys`          | `has_many` | `JwtRefreshKey`          | `account_jwt_refresh_keys`          |
-| lockout                 | `:lockout`                   | `has_one`  | `Lockout`                | `account_lockouts`                  |
-| lockout                 | `:login_failure`             | `has_one`  | `LoginFailure`           | `account_login_failures`            |
-| otp                     | `:otp_key`                   | `has_one`  | `OtpKey`                 | `account_otp_keys`                  |
-| password_expiration     | `:password_change_time`      | `has_one`  | `PasswordChangeTime`     | `account_password_change_times`     |
-| recovery_codes          | `:recovery_codes`            | `has_many` | `RecoveryCode`           | `account_recovery_codes`            |
-| remember                | `:remember_key`              | `has_one`  | `RememberKey`            | `account_remember_keys`             |
-| reset_password          | `:password_reset_key`        | `has_one`  | `PasswordResetKey`       | `account_password_reset_keys`       |
-| single_session          | `:session_key`               | `has_one`  | `SessionKey`             | `account_session_keys`              |
-| sms_codes               | `:sms_code`                  | `has_one`  | `SmsCode`                | `account_sms_codes`                 |
-| verify_account          | `:verification_key`          | `has_one`  | `VerificationKey`        | `account_verification_keys`         |
-| verify_login_change     | `:login_change_key`          | `has_one`  | `LoginChangeKey`         | `account_login_change_keys`         |
-| webauthn                | `:webauthn_keys`             | `has_many` | `WebauthnKey`            | `account_webauthn_keys`             |
-| webauthn                | `:webauthn_user_id`          | `has_one`  | `WebauthnUserId`         | `account_webauthn_user_ids`         |
-
-Note that some Rodauth tables use composite primary keys, which Active Record
-doesn't support out of the box. For associations to work properly, you might
-need to add the [composite_primary_keys] gem to your Gemfile.
-
-#### Association options
-
-By default, all associations except for audit logs have `dependent: :destroy`
-set, to allow for easy deletion of account records in the console. You can use
-`:association_options` to modify global or per-association options:
-
-```rb
-# don't auto-delete associations when account model is deleted
-Rodauth::Rails.model(association_options: { dependent: nil })
-
-# require authentication audit logs to be eager loaded before retrieval
-Rodauth::Rails.model(association_options: -> (name) {
-  { strict_loading: true } if name == :authentication_audit_logs
-})
-```
+See the [rodauth-model] documentation for more details.
 
 ## Multiple configurations
 
@@ -1277,8 +1184,8 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [account_expiration]: http://rodauth.jeremyevans.net/rdoc/files/doc/account_expiration_rdoc.html
 [simple_ldap_authenticator]: https://github.com/jeremyevans/simple_ldap_authenticator
 [internal_request]: http://rodauth.jeremyevans.net/rdoc/files/doc/internal_request_rdoc.html
-[composite_primary_keys]: https://github.com/composite-primary-keys/composite_primary_keys
 [path_class_methods]: https://rodauth.jeremyevans.net/rdoc/files/doc/path_class_methods_rdoc.html
 [account types]: https://github.com/janko/rodauth-rails/wiki/Account-Types
 [custom mailer worker]: https://github.com/janko/rodauth-rails/wiki/Custom-Mailer-Worker
 [Turbo]: https://turbo.hotwired.dev/
+[rodauth-model]: https://github.com/janko/rodauth-model

data/lib/generators/rodauth/install_generator.rb

@@ -1,15 +1,10 @@
 require "rails/generators/base"
-require "rails/generators/active_record/migration"
-require "generators/rodauth/migration_helpers"
 require "securerandom"
 
 module Rodauth
   module Rails
     module Generators
       class InstallGenerator < ::Rails::Generators::Base
-        include ::ActiveRecord::Generators::Migration
-        include MigrationHelpers
-
         if RUBY_ENGINE == "jruby"
           SEQUEL_ADAPTERS = {
             "sqlite3"         => "sqlite",
@@ -40,9 +35,7 @@ module Rodauth
         class_option :jwt, type: :boolean, desc: "Configure JWT support"
 
         def create_rodauth_migration
-          return unless defined?(ActiveRecord::Railtie)
-
-          migration_template "db/migrate/create_rodauth.rb"
+          invoke "rodauth:migration", migration_features, name: "create_rodauth"
         end
 
         def create_rodauth_initializer
@@ -66,8 +59,6 @@ module Rodauth
         end
 
         def create_account_model
-          return unless defined?(ActiveRecord::Railtie)
-
           template "app/models/account.rb"
         end
 
@@ -112,6 +103,14 @@ module Rodauth
           scheme = "jdbc:#{scheme}" if RUBY_ENGINE == "jruby"
           scheme
         end
+
+        def activerecord_adapter
+          if ActiveRecord::Base.respond_to?(:connection_db_config)
+            ActiveRecord::Base.connection_db_config.adapter
+          else
+            ActiveRecord::Base.connection_config.fetch(:adapter)
+          end
+        end
       end
     end
   end

data/lib/generators/rodauth/migration/{disallow_password_reuse.erb → active_record/disallow_password_reuse.erb}

@@ -1,4 +1,4 @@
-# Used by the disallow_password_reuse feature
+# Used by the disallow password reuse feature
 create_table :account_previous_password_hashes do |t|
   t.references :account, foreign_key: true<%= primary_key_type(:type) %>
   t.string :password_hash, null: false

data/lib/generators/rodauth/migration/sequel/account_expiration.erb

@@ -0,0 +1,7 @@
+# Used by the account expiration feature
+create_table :account_activity_times do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  DateTime :last_activity_at, null: false
+  DateTime :last_login_at, null: false
+  DateTime :expired_at
+end

data/lib/generators/rodauth/migration/sequel/active_sessions.erb

@@ -0,0 +1,8 @@
+# Used by the active sessions feature
+create_table :account_active_session_keys do
+  foreign_key :account_id, :accounts, type: :Bignum
+  String :session_id
+  Time :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+  Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
+  primary_key [:account_id, :session_id]
+end

data/lib/generators/rodauth/migration/sequel/audit_logging.erb

@@ -0,0 +1,17 @@
+# Used by the audit logging feature
+create_table :account_authentication_audit_logs do
+  primary_key :id, type: :Bignum
+  foreign_key :account_id, :accounts, null: false, type: :Bignum
+  DateTime :at, null: false, default: Sequel::CURRENT_TIMESTAMP
+  String :message, null: false
+<% case db.database_type -%>
+<% when :postgres -%>
+  jsonb :metadata
+<% when :sqlite, :mysql -%>
+  json :metadata
+<% else -%>
+  String :metadata
+<% end -%>
+  index [:account_id, :at], name: :audit_account_at_idx
+  index :at, name: :audit_at_idx
+end

data/lib/generators/rodauth/migration/sequel/base.erb

@@ -0,0 +1,25 @@
+<% if db.database_type == :postgres -%>
+enable_extension "citext"
+
+<% end -%>
+create_table :accounts do
+  primary_key :id, type: :Bignum
+<% if db.database_type == :postgres -%>
+  citext :email, null: false
+  constraint :valid_email, email: /^[^,;@ \r\n]+@[^,@; \r\n]+\.[^,@; \r\n]+$/
+<% else -%>
+  String :email, null: false
+<% end -%>
+  String :status, null: false, default: "unverified"
+<% if db.supports_partial_indexes? -%>
+  index :email, unique: true, where: { status: ["unverified", "verified"] }
+<% else -%>
+  index :email, unique: true
+<% end -%>
+end
+
+# Used if storing password hashes in a separate table (default)
+create_table :account_password_hashes do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :password_hash, null: false
+end

data/lib/generators/rodauth/migration/sequel/disallow_password_reuse.erb

@@ -0,0 +1,6 @@
+# Used by the disallow password reuse feature
+create_table :account_previous_password_hashes do
+  primary_key :id, type: :Bignum
+  foreign_key :account_id, :accounts, type: :Bignum
+  String :password_hash, null: false
+end

data/lib/generators/rodauth/migration/sequel/email_auth.erb

@@ -0,0 +1,7 @@
+# Used by the email auth feature
+create_table :account_email_auth_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+  DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/jwt_refresh.erb

@@ -0,0 +1,8 @@
+# Used by the jwt refresh feature
+create_table :account_jwt_refresh_keys do
+  primary_key :id, type: :Bignum
+  foreign_key :account_id, :accounts, null: false, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+  index :account_id, name: :account_jwt_rk_account_id_idx
+end

data/lib/generators/rodauth/migration/sequel/lockout.erb

@@ -0,0 +1,11 @@
+# Used by the lockout feature
+create_table :account_login_failures do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  Integer :number, null: false, default: 1
+end
+create_table :account_lockouts do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+  DateTime :email_last_sent
+end

data/lib/generators/rodauth/migration/sequel/otp.erb

@@ -0,0 +1,7 @@
+# Used by the otp feature
+create_table :account_otp_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  Integer :num_failures, null: false, default: 0
+  Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/password_expiration.erb

@@ -0,0 +1,5 @@
+# Used by the password expiration feature
+create_table :account_password_change_times do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  DateTime :changed_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/recovery_codes.erb

@@ -0,0 +1,6 @@
+# Used by the recovery codes feature
+create_table :account_recovery_codes do
+  foreign_key :id, :accounts, type: :Bignum
+  String :code
+  primary_key [:id, :code]
+end

data/lib/generators/rodauth/migration/sequel/remember.erb

@@ -0,0 +1,6 @@
+# Used by the remember me feature
+create_table :account_remember_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+end

data/lib/generators/rodauth/migration/sequel/reset_password.erb

@@ -0,0 +1,7 @@
+# Used by the password reset feature
+create_table :account_password_reset_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :deadline, null: false
+  DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/single_session.erb

@@ -0,0 +1,5 @@
+# Used by the single session feature
+create_table :account_session_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+end

data/lib/generators/rodauth/migration/sequel/sms_codes.erb

@@ -0,0 +1,8 @@
+# Used by the sms codes feature
+create_table :account_sms_codes do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :phone_number, null: false
+  Integer :num_failures
+  String :code
+  DateTime :code_issued_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/verify_account.erb

@@ -0,0 +1,7 @@
+# Used by the account verification feature
+create_table :account_verification_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  DateTime :requested_at, null: false, default: Sequel::CURRENT_TIMESTAMP
+  DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP
+end

data/lib/generators/rodauth/migration/sequel/verify_login_change.erb

@@ -0,0 +1,7 @@
+# Used by the verify login change feature
+create_table :account_login_change_keys do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :key, null: false
+  String :login, null: false
+  DateTime :deadline, null: false
+end

data/lib/generators/rodauth/migration/sequel/webauthn.erb

@@ -0,0 +1,13 @@
+# Used by the webauthn feature
+create_table :account_webauthn_user_ids do
+  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+  String :webauthn_id, null: false
+end
+create_table :account_webauthn_keys do
+  foreign_key :account_id, :accounts, type: :Bignum
+  String :webauthn_id
+  String :public_key, null: false
+  Integer :sign_count, null: false
+  Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
+  primary_key [:account_id, :webauthn_id]
+end

data/lib/generators/rodauth/migration_generator.rb

@@ -1,14 +1,11 @@
 require "rails/generators/base"
 require "rails/generators/active_record/migration"
-require "generators/rodauth/migration_helpers"
+require "erb"
 
 module Rodauth
   module Rails
     module Generators
       class MigrationGenerator < ::Rails::Generators::Base
-        include ::ActiveRecord::Generators::Migration
-        include MigrationHelpers
-
         source_root "#{__dir__}/templates"
         namespace "rodauth:migration"
 
@@ -20,19 +17,102 @@ module Rodauth
           desc: "Name of the generated migration file"
 
         def create_rodauth_migration
-          return unless defined?(ActiveRecord::Railtie)
           return if features.empty?
 
-          migration_template "db/migrate/create_rodauth.rb", "#{migration_name}.rb"
+          migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "#{migration_name}.rb")
         end
 
-        def migration_features
-          features
-        end
+        private
 
         def migration_name
           options[:name] || "create_rodauth_#{features.join("_")}"
         end
+
+        def migration_content
+          features
+            .select { |feature| File.exist?(migration_chunk(feature)) }
+            .map { |feature| File.read(migration_chunk(feature)) }
+            .map { |content| erb_eval(content) }
+            .join("\n")
+            .indent(4)
+        end
+
+        def erb_eval(content)
+          if ERB.version[/\d+\.\d+\.\d+/].to_s >= "2.2.0"
+            ERB.new(content, trim_mode: "-").result(binding)
+          else
+            ERB.new(content, 0, "-").result(binding)
+          end
+        end
+
+        if defined?(::ActiveRecord::Railtie) # Active Record
+          include ::ActiveRecord::Generators::Migration
+
+          def db_migrate_path
+            return "db/migrate" unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+            super
+          end
+
+          def migration_chunk(feature)
+            "#{__dir__}/migration/active_record/#{feature}.erb"
+          end
+
+          def migration_version
+            return unless ActiveRecord.version >= Gem::Version.new("5.0")
+
+            "[#{ActiveRecord::Migration.current_version}]"
+          end
+
+          def activerecord_adapter
+            if ActiveRecord::Base.respond_to?(:connection_db_config)
+              ActiveRecord::Base.connection_db_config.adapter
+            else
+              ActiveRecord::Base.connection_config.fetch(:adapter)
+            end
+          end
+
+          def primary_key_type(key = :id)
+            generators  = ::Rails.application.config.generators
+            column_type = generators.options[:active_record][:primary_key_type]
+
+            return unless column_type
+
+            if key
+              ", #{key}: :#{column_type}"
+            else
+              column_type
+            end
+          end
+
+          def current_timestamp
+            if ActiveRecord.version >= Gem::Version.new("5.0")
+              %(-> { "CURRENT_TIMESTAMP" })
+            else
+              %(OpenStruct.new(quoted_id: "CURRENT_TIMESTAMP"))
+            end
+          end
+        else # Sequel
+          include ::Rails::Generators::Migration
+
+          def self.next_migration_number(dirname)
+            next_migration_number = current_migration_number(dirname) + 1
+            [Time.now.utc.strftime('%Y%m%d%H%M%S'), format('%.14d', next_migration_number)].max
+          end
+
+          def db_migrate_path
+            "db/migrate"
+          end
+
+          def migration_chunk(feature)
+            "#{__dir__}/migration/sequel/#{feature}.erb"
+          end
+
+          def db
+            db = ::Sequel::DATABASES.first if defined?(::Sequel)
+            db or fail Rodauth::Rails::Error, "missing Sequel database connection"
+          end
+        end
       end
     end
   end