RubyGems - rodauth-rails - Versions diffs - 1.4.0 → 1.5.0 - Mend

rodauth-rails 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8b5fb22e3d8c84eafedffa3463b4e0ecdf481189b8b48adc2d31005f86251d87
-  data.tar.gz: 142e229b7c9a9b078f773f99885117268e759df2eb49e5252ce21754dcf61763
+  metadata.gz: 43e0f2c048024645cb8af7e744042187ded20eeca3f685bdf28a959aebf296e0
+  data.tar.gz: 96d02ad057f315a339bc1cda804f71e19cd629a9cb2ca5c574c515d954692673
 SHA512:
-  metadata.gz: b1c30c5b1714a80466ad3775720be50d2f02b8d06d016638e6d1ebfb7515cd6060463b975f9810977fe74eb7330ce12b9c6ff81839e41b2e4044615c606ca7bb
-  data.tar.gz: 4a532058b27cfc07d2ed234457b880a609c7b35186db976a547be2e83d1c18df7ac72402a9d52155819f2d97edb63b0e7742e908b6cb3ed1b40c2deae18e7e2e
+  metadata.gz: c943289cb0c628b37d89fcc6e2a0b22b190ba0e0c0351ffc53c726ac81b0c9f87b0b6e1f929a823724fa1aed70c5b5601279b24df5b54026cb06bb073c3b284c
+  data.tar.gz: afb5b6523b6c440c9b02255b047cf562dd0122a6abb8d49f7c93671981c75935d6a1a9ab1c27a9e8158578a928b70b3705db24760db803acd79abafa58cdc4ce

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,29 @@
+## 1.5.0 (2022-06-11)
+* Remove `content_for` calls from generated view templates (@janko)
+* Set title instance variable to `@page_title` in generated configuration (@janko)
+* Set title instance variable on the controller when `title_instance_variable` is set (@HoneyryderChuck)
+## 1.4.2 (2022-05-15)
+* Stop passing email addresses in mailer arguments on verifying login change (@janko)
+* Extract finding account into a method in the generated mailer (@janko)
+* Make generated Action Mailer integration work with secondary Rodauth configurations (@janko)
+* Include `Rodauth::Rails.model` in generated Sequel account model as well (@janko)
+## 1.4.1 (2022-05-08)
+* Deprecate `Rodauth::Rails::Model` constant (@janko)
+* Remove `Rodauth::Rails::Auth#associations` in favour of new association registration API (@janko)
+* Extract model mixin into the rodauth-model gem (@janko)
 ## 1.4.0 (2022-05-04)
 * Move association definitions to `#associations` Rodauth method, allowing external features to extend them (@janko)

data/README.md CHANGED Viewed

@@ -321,16 +321,26 @@ $ rails generate rodauth:views webauthn --name admin
 #### Page titles
-The generated view templates use `content_for(:title)` to store Rodauth's page
-titles, which you can then retrieve in your layout template to set the page
-title:
+The generated configuration sets `title_instance_variable` to make page titles
+available in your views via `@page_title` instance variable, which you can then
+use in your layout:
+```rb
+# app/misc/rodauth_main.rb
+class RodauthMain < Rodauth::Rails::Auth
+  configure do
+    # ...
+    title_instance_variable :@page_title
+    # ...
+  end
+end
+```
 ```erb
 <!-- app/views/layouts/application.html.erb -->
 <!DOCTYPE html>
 <html>
   <head>
-    <title><%= content_for(:title) %></title>
+    <title><%= @page_title || "Default title" %></title>
     <!-- ... -->
   </head>
   <body>
@@ -339,6 +349,21 @@ title:
 </html>
 ```
+If you're already setting page titles via `content_for`, you can use it in
+generated Rodauth views, giving it the result of the corresponding
+`*_page_title` method:
+```erb
+<!-- app/views/rodauth/login.html.erb -->
+<%= content_for :page_title, rodauth.login_page_title %>
+<!-- ... -->
+```
+```erb
+<!-- app/views/rodauth/change_password.html.erb -->
+<%= content_for :page_title, rodauth.change_password_page_title %>
+<!-- ... -->
+```
 #### Layout
 To use different layouts for different Rodauth views, you can compare the
@@ -484,21 +509,19 @@ end
 ## Model
-The `Rodauth::Rails::Model` mixin can be included into the account model, which
-defines a password attribute and associations for tables used by enabled
-authentication features.
+The [rodauth-model] gem provides a `Rodauth::Model` mixin that can be included
+into the account model, which defines a password attribute and associations for
+tables used by enabled authentication features.
 ```rb
-class Account < ApplicationRecord
+class Account < ActiveRecord::Base # Sequel::Model
   include Rodauth::Rails.model # or `Rodauth::Rails.model(:admin)`
 end
 ```
-### Password attribute
-Regardless of whether you're storing the password hash in a column in the
-accounts table, or in a separate table, the `#password` attribute can be used
-to set or clear the password hash.
+The password attribute can be used to set or clear the password hash. It
+handles both storing the password hash in a column on the accounts table, or in
+a separate table.
 ```rb
 account = Account.create!(email: "user@example.com", password: "secret")
@@ -514,132 +537,14 @@ account.password = nil # clears password hash
 account.password_hash #=> nil
 ```
-Note that the password attribute doesn't come with validations, making it
-unsuitable for forms. It was primarily intended to allow easily creating
-accounts in development console and in tests.
-### Associations
-The `Rodauth::Rails::Model` mixin defines associations for Rodauth tables
-associated to the accounts table:
+The associations are defined for tables used by enabled authentication features:
 ```rb
 account.remember_key #=> #<Account::RememberKey> (record from `account_remember_keys` table)
 account.active_session_keys #=> [#<Account::ActiveSessionKey>,...] (records from `account_active_session_keys` table)
 ```
-You can also reference the associated models directly:
-```rb
-# model referencing the `account_authentication_audit_logs` table
-Account::AuthenticationAuditLog.where(message: "login").group(:account_id)
-```
-The associated models define the inverse `belongs_to :account` association:
-```rb
-Account::ActiveSessionKey.includes(:account).map(&:account)
-```
-Here is an example of using associations to create a method that returns
-whether the account has multifactor authentication enabled:
-```rb
-class Account < ApplicationRecord
-  include Rodauth::Rails.model
-  def mfa_enabled?
-    otp_key || (sms_code && sms_code.num_failures.nil?) || recovery_codes.any?
-  end
-end
-```
-Here is another example of creating a query scope that selects accounts with
-multifactor authentication enabled:
-```rb
-class Account < ApplicationRecord
-  include Rodauth::Rails.model
-  scope :otp_setup, -> { where(otp_key: OtpKey.all) }
-  scope :sms_codes_setup, -> { where(sms_code: SmsCode.where(num_failures: nil)) }
-  scope :recovery_codes_setup, -> { where(recovery_codes: RecoveryCode.all) }
-  scope :mfa_enabled, -> { merge(otp_setup.or(sms_codes_setup).or(recovery_codes_setup)) }
-end
-```
-#### Association reference
-Below is a list of all associations defined depending on the features loaded:
-| Feature                 | Association                  | Type       | Model                    | Table (default)                     |
-| :------                 | :----------                  | :---       | :----                    | :----                               |
-| account_expiration      | `:activity_time`             | `has_one`  | `ActivityTime`           | `account_activity_times`            |
-| active_sessions         | `:active_session_keys`       | `has_many` | `ActiveSessionKey`       | `account_active_session_keys`       |
-| audit_logging           | `:authentication_audit_logs` | `has_many` | `AuthenticationAuditLog` | `account_authentication_audit_logs` |
-| disallow_password_reuse | `:previous_password_hashes`  | `has_many` | `PreviousPasswordHash`   | `account_previous_password_hashes`  |
-| email_auth              | `:email_auth_key`            | `has_one`  | `EmailAuthKey`           | `account_email_auth_keys`           |
-| jwt_refresh             | `:jwt_refresh_keys`          | `has_many` | `JwtRefreshKey`          | `account_jwt_refresh_keys`          |
-| lockout                 | `:lockout`                   | `has_one`  | `Lockout`                | `account_lockouts`                  |
-| lockout                 | `:login_failure`             | `has_one`  | `LoginFailure`           | `account_login_failures`            |
-| otp                     | `:otp_key`                   | `has_one`  | `OtpKey`                 | `account_otp_keys`                  |
-| password_expiration     | `:password_change_time`      | `has_one`  | `PasswordChangeTime`     | `account_password_change_times`     |
-| recovery_codes          | `:recovery_codes`            | `has_many` | `RecoveryCode`           | `account_recovery_codes`            |
-| remember                | `:remember_key`              | `has_one`  | `RememberKey`            | `account_remember_keys`             |
-| reset_password          | `:password_reset_key`        | `has_one`  | `PasswordResetKey`       | `account_password_reset_keys`       |
-| single_session          | `:session_key`               | `has_one`  | `SessionKey`             | `account_session_keys`              |
-| sms_codes               | `:sms_code`                  | `has_one`  | `SmsCode`                | `account_sms_codes`                 |
-| verify_account          | `:verification_key`          | `has_one`  | `VerificationKey`        | `account_verification_keys`         |
-| verify_login_change     | `:login_change_key`          | `has_one`  | `LoginChangeKey`         | `account_login_change_keys`         |
-| webauthn                | `:webauthn_keys`             | `has_many` | `WebauthnKey`            | `account_webauthn_keys`             |
-| webauthn                | `:webauthn_user_id`          | `has_one`  | `WebauthnUserId`         | `account_webauthn_user_ids`         |
-Note that some Rodauth tables use composite primary keys, which Active Record
-doesn't support out of the box. For associations to work properly, you might
-need to add the [composite_primary_keys] gem to your Gemfile.
-#### Association options
-By default, all associations except for audit logs have `dependent: :destroy`
-set, to allow for easy deletion of account records in the console. You can use
-`:association_options` to modify global or per-association options:
-```rb
-# don't auto-delete associations when account model is deleted
-Rodauth::Rails.model(association_options: { dependent: nil })
-# require authentication audit logs to be eager loaded before retrieval
-Rodauth::Rails.model(association_options: -> (name) {
-  { strict_loading: true } if name == :authentication_audit_logs
-})
-```
-#### Extending Associations
-External features can extend the list of associations with their own
-definitions, which the model mixin will pick up and declare the new associations
-on the model.
-```rb
-# lib/rodauth/features/foo.rb
-module Rodauth
-  Feature.define(:foo, :Foo) do
-    auth_value_method :foo_table, :account_foos
-    auth_value_method :foo_id_column, :id
-    def associations
-      list = super
-      list << {
-        name: :foo, # will define `Account::Foo` model
-        type: :one, # or :many
-        table: foo_table,
-        foreign_key: foo_id_column
-      }
-      list
-    end
-  end
-end
-```
+See the [rodauth-model] documentation for more details.
 ## Multiple configurations
@@ -1304,8 +1209,8 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [account_expiration]: http://rodauth.jeremyevans.net/rdoc/files/doc/account_expiration_rdoc.html
 [simple_ldap_authenticator]: https://github.com/jeremyevans/simple_ldap_authenticator
 [internal_request]: http://rodauth.jeremyevans.net/rdoc/files/doc/internal_request_rdoc.html
-[composite_primary_keys]: https://github.com/composite-primary-keys/composite_primary_keys
 [path_class_methods]: https://rodauth.jeremyevans.net/rdoc/files/doc/path_class_methods_rdoc.html
 [account types]: https://github.com/janko/rodauth-rails/wiki/Account-Types
 [custom mailer worker]: https://github.com/janko/rodauth-rails/wiki/Custom-Mailer-Worker
 [Turbo]: https://turbo.hotwired.dev/
+[rodauth-model]: https://github.com/janko/rodauth-model

data/lib/generators/rodauth/templates/INSTRUCTIONS CHANGED Viewed

@@ -31,7 +31,17 @@ Depending on your application's configuration some manual setup may be required:
      * Not required for API-only Applications *
-  4. You can copy Rodauth views (for customization) to your app by running:
+  4. Titles for Rodauth pages are available via @page_title instance variable
+     by default, you can use it in your layout file:
+       <head>
+         <title><%= @page_title || "Default title" %></title>
+         ...
+       </head>
+    * Not required *
+  5. You can copy Rodauth views (for customization) to your app by running:
        rails g rodauth:views

data/lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb CHANGED Viewed

@@ -1,78 +1,64 @@
 class RodauthMailer < ApplicationMailer
-  def verify_account(account_id, key)
-    @email_link = rodauth.verify_account_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-    @account = Account.find(account_id)
-<% else -%>
-    @account = Account.with_pk!(account_id)
-<% end -%>
+  def verify_account(name = nil, account_id, key)
+    @email_link = email_link(name, :verify_account, account_id, key)
+    @account = find_account(name, account_id)
-    mail to: @account.email, subject: rodauth.verify_account_email_subject
+    mail to: @account.email, subject: rodauth(name).verify_account_email_subject
   end
-  def reset_password(account_id, key)
-    @email_link = rodauth.reset_password_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-    @account = Account.find(account_id)
-<% else -%>
-    @account = Account.with_pk!(account_id)
-<% end -%>
+  def reset_password(name = nil, account_id, key)
+    @email_link = email_link(name, :reset_password, account_id, key)
+    @account = find_account(name, account_id)
-    mail to: @account.email, subject: rodauth.reset_password_email_subject
+    mail to: @account.email, subject: rodauth(name).reset_password_email_subject
   end
-  def verify_login_change(account_id, old_login, new_login, key)
-    @old_login  = old_login
-    @new_login  = new_login
-    @email_link = rodauth.verify_login_change_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-    @account = Account.find(account_id)
-<% else -%>
-    @account = Account.with_pk!(account_id)
-<% end -%>
+  def verify_login_change(name = nil, account_id, key)
+    @email_link = email_link(name, :verify_login_change, account_id, key)
+    @account = find_account(name, account_id)
+    @new_email = @account.login_change_key.login
-    mail to: new_login, subject: rodauth.verify_login_change_email_subject
+    mail to: @new_email, subject: rodauth(name).verify_login_change_email_subject
   end
-  def password_changed(account_id)
-<% if defined?(ActiveRecord::Railtie) -%>
-    @account = Account.find(account_id)
-<% else -%>
-    @account = Account.with_pk!(account_id)
-<% end -%>
+  def password_changed(name = nil, account_id)
+    @account = find_account(name, account_id)
-    mail to: @account.email, subject: rodauth.password_changed_email_subject
+    mail to: @account.email, subject: rodauth(name).password_changed_email_subject
   end
-  # def email_auth(account_id, key)
-  #   @email_link = rodauth.email_auth_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-  #   @account = Account.find(account_id)
-<% else -%>
-  #   @account = Account.with_pk!(account_id)
-<% end -%>
+  # def email_auth(name = nil, account_id, key)
+  #   @email_link = email_link(name, :email_auth, account_id, key)
+  #   @account = find_account(name, account_id)
-  #   mail to: @account.email, subject: rodauth.email_auth_email_subject
+  #   mail to: @account.email, subject: rodauth(name).email_auth_email_subject
   # end
-  # def unlock_account(account_id, key)
-  #   @email_link = rodauth.unlock_account_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-  #   @account = Account.find(account_id)
-<% else -%>
-  #   @account = Account.with_pk!(account_id)
-<% end -%>
+  # def unlock_account(name = nil, account_id, key)
+  #   @email_link = email_link(name, :unlock_account, account_id, key)
+  #   @account = find_account(name, account_id)
-  #   mail to: @account.email, subject: rodauth.unlock_account_email_subject
+  #   mail to: @account.email, subject: rodauth(name).unlock_account_email_subject
   # end
   private
-  def email_token(account_id, key)
-    "#{account_id}_#{rodauth.compute_hmac(key)}"
+  def find_account(_name, account_id)
+<% if defined?(ActiveRecord::Railtie) -%>
+    Account.find(account_id)
+<% else -%>
+    Account.with_pk!(account_id)
+<% end -%>
+  end
+  def email_link(name, action, account_id, key)
+    instance = rodauth(name)
+    instance.instance_variable_set(:@account, { id: account_id })
+    instance.instance_variable_set(:"@#{action}_key_value", key)
+    instance.public_send(:"#{action}_email_link")
   end
-  def rodauth(name = nil)
+  def rodauth(name)
     RodauthApp.rodauth(name).allocate
   end
 end

data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb CHANGED Viewed

@@ -31,6 +31,9 @@ class RodauthMain < Rodauth::Rails::Auth
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
+    # Set on Rodauth controller with the title of the current page.
+    title_instance_variable :@page_title
     # Store account status in an integer column without foreign key constraint.
     account_status_column :status
@@ -56,22 +59,22 @@ class RodauthMain < Rodauth::Rails::Auth
     # ==> Emails
     # Use a custom mailer for delivering authentication emails.
     create_reset_password_email do
-      RodauthMailer.reset_password(account_id, reset_password_key_value)
+      RodauthMailer.reset_password(*self.class.configuration_name, account_id, reset_password_key_value)
     end
     create_verify_account_email do
-      RodauthMailer.verify_account(account_id, verify_account_key_value)
+      RodauthMailer.verify_account(*self.class.configuration_name, account_id, verify_account_key_value)
     end
     create_verify_login_change_email do |_login|
-      RodauthMailer.verify_login_change(account_id, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_key_value)
+      RodauthMailer.verify_login_change(*self.class.configuration_name, account_id, verify_login_change_key_value)
     end
     create_password_changed_email do
-      RodauthMailer.password_changed(account_id)
+      RodauthMailer.password_changed(*self.class.configuration_name, account_id)
     end
     # create_email_auth_email do
-    #   RodauthMailer.email_auth(account_id, email_auth_key_value)
+    #   RodauthMailer.email_auth(*self.class.configuration_name, account_id, email_auth_key_value)
     # end
     # create_unlock_account_email do
-    #   RodauthMailer.unlock_account(account_id, unlock_account_key_value)
+    #   RodauthMailer.unlock_account(*self.class.configuration_name, account_id, unlock_account_key_value)
     # end
     send_email do |email|
       # queue email delivery on the mailer after the transaction commits

data/lib/generators/rodauth/templates/app/models/account.rb CHANGED Viewed

@@ -9,6 +9,7 @@ class Account < ApplicationRecord
 end
 <% else -%>
 class Account < Sequel::Model
+  include Rodauth::Rails.model
   plugin :enum
   enum :status, unverified: 1, verified: 2, closed: 3
 end

data/lib/generators/rodauth/templates/app/views/rodauth/add_recovery_codes.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.add_recovery_codes_page_title %>
 <pre id="recovery-codes"><%= rodauth.recovery_codes.map { |s| h(s) }.join("\n\n") %></pre>
 <% if rodauth.can_add_recovery_codes? %>

data/lib/generators/rodauth/templates/app/views/rodauth/change_login.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.change_login_page_title %>
 <%= form_with url: rodauth.change_login_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "login", rodauth.login_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/change_password.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.change_password_page_title %>
 <%= form_with url: rodauth.change_password_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.change_password_requires_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/close_account.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.close_account_page_title %>
 <%= form_with url: rodauth.close_account_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.close_account_requires_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/confirm_password.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.confirm_password_page_title %>
 <%= form_with url: rodauth.confirm_password_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/create_account.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.create_account_page_title %>
 <%= form_with url: rodauth.create_account_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "login", rodauth.login_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/email_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.email_auth_page_title %>
 <%= form_with url: rodauth.email_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.submit rodauth.login_button, class: "btn btn-primary" %>

data/lib/generators/rodauth/templates/app/views/rodauth/login.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.login_page_title %>
 <%= render "login_form_header" %>
 <%= render "login_form" %>
 <%= render "login_form_footer" %>

data/lib/generators/rodauth/templates/app/views/rodauth/logout.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.logout_page_title %>
 <%= form_with url: rodauth.logout_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.features.include?(:active_sessions) %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/multi_phase_login.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.multi_phase_login_page_title %>
 <%= render "login_form_header" %>
 <%== rodauth.render_multi_phase_login_forms %>
 <%= render "login_form_footer" %>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.otp_auth_page_title %>
 <%= form_with url: rodauth.otp_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "otp-auth-code", rodauth.otp_auth_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_disable.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.otp_disable_page_title %>
 <%= form_with url: rodauth.otp_disable_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/otp_setup.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.otp_setup_page_title %>
 <%= form_with url: rodauth.otp_setup_path, method: :post, data: { turbo: false } do |form| %>
   <%= form.hidden_field rodauth.otp_setup_param, value: rodauth.otp_user_key, id: "otp-key" %>
   <%= form.hidden_field rodauth.otp_setup_raw_param, value: rodauth.otp_key, id: "otp-hmac-secret" if rodauth.otp_keys_use_hmac? %>

data/lib/generators/rodauth/templates/app/views/rodauth/recovery_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.recovery_auth_page_title %>
 <%= form_with url: rodauth.recovery_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "recovery-code", rodauth.recovery_codes_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/recovery_codes.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.recovery_codes_page_title %>
 <%= form_with url: rodauth.recovery_codes_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/remember.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.remember_page_title %>
 <%= form_with url: rodauth.remember_path, method: :post, data: { turbo: false } do |form| %>
   <fieldset class="form-group mb-3">
     <div class="form-check">

data/lib/generators/rodauth/templates/app/views/rodauth/reset_password.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.reset_password_page_title %>
 <%= form_with url: rodauth.reset_password_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/reset_password_request.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.reset_password_request_page_title %>
 <%= form_with url: rodauth.reset_password_request_path, method: :post, data: { turbo: false } do |form| %>
   <%== rodauth.reset_password_explanatory_text %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_auth_page_title %>
 <%= form_with url: rodauth.sms_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "sms-code", rodauth.sms_code_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_confirm.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_confirm_page_title %>
 <%= form_with url: rodauth.sms_confirm_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "sms-code", rodauth.sms_code_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_disable.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_disable_page_title %>
 <%= form_with url: rodauth.sms_disable_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/sms_request.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_request_page_title %>
 <%= form_with url: rodauth.sms_request_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.submit rodauth.sms_request_button, class: "btn btn-primary" %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_setup.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_setup_page_title %>
 <%= form_with url: rodauth.sms_setup_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/two_factor_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.two_factor_auth_page_title %>
 <ul>
   <% rodauth.two_factor_auth_links.sort.each do |_, link, text| %>
     <li><%= link_to text, link %></li>

data/lib/generators/rodauth/templates/app/views/rodauth/two_factor_disable.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.two_factor_disable_page_title %>
 <%= form_with url: rodauth.two_factor_disable_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/two_factor_manage.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.two_factor_manage_page_title %>
 <% if rodauth.two_factor_setup_links.any? %>
   <%== rodauth.two_factor_setup_heading %>

data/lib/generators/rodauth/templates/app/views/rodauth/unlock_account.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.unlock_account_page_title %>
 <%= form_with url: rodauth.unlock_account_path, method: :post, data: { turbo: false } do |form| %>
   <%== rodauth.unlock_account_explanatory_text %>

data/lib/generators/rodauth/templates/app/views/rodauth/unlock_account_request.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.unlock_account_request_page_title %>
 <%= form_with url: rodauth.unlock_account_request_path, method: :post, data: { turbo: false } do |form| %>
   <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>

data/lib/generators/rodauth/templates/app/views/rodauth/verify_account.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.verify_account_page_title %>
 <%= form_with url: rodauth.verify_account_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.verify_account_set_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/verify_account_resend.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.resend_verify_account_page_title %>
 <%= form_with url: rodauth.verify_account_resend_path, method: :post, data: { turbo: false } do |form| %>
   <%== rodauth.verify_account_resend_explanatory_text %>

data/lib/generators/rodauth/templates/app/views/rodauth/verify_login_change.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.verify_login_change_page_title %>
 <%= form_with url: rodauth.verify_login_change_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.submit rodauth.verify_login_change_button, class: "btn btn-primary" %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.webauthn_auth_page_title %>
 <% cred = rodauth.webauth_credential_options_for_get %>
 <%= form_with url: rodauth.webauthn_auth_form_path, method: :post, id: "webauthn-auth-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_remove.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.webauthn_remove_page_title %>
 <%= form_with url: rodauth.webauthn_remove_path, method: :post, id: "webauthn-remove-form", data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_setup.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.webauthn_setup_page_title %>
 <% cred = rodauth.new_webauthn_credential %>
 <%= form_with url: rodauth.webauthn_setup_path, method: :post, id: "webauthn-setup-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_login_change.text.erb CHANGED Viewed

@@ -1,8 +1,8 @@
 Someone with an account has requested their login be changed to this email address:
-Old email: <%= @old_login %>
+Old email: <%= @account.email %>
-New email: <%= @new_login %>
+New email: <%= @new_email %>
 If you did not request this login change, please ignore this message.  If you
 requested this login change, please go to

data/lib/rodauth/rails/feature/render.rb CHANGED Viewed

@@ -8,7 +8,8 @@ module Rodauth
         # Renders templates with layout. First tries to render a user-defined
         # template, otherwise falls back to Rodauth's template.
-        def view(page, *)
+        def view(page, title)
+          set_title(title)
           rails_render(action: page.tr("-", "_"), layout: true) ||
             rails_render(html: super.html_safe, layout: true, formats: :html)
         end
@@ -50,6 +51,12 @@ module Rodauth
           html = html.gsub(/<form(.+)>/, '<form\1 data-turbo="false">') if meth == :view
           html
         end
+        def set_title(title)
+          if title_instance_variable
+            rails_controller_instance.instance_variable_set(title_instance_variable, title)
+          end
+        end
       end
     end
   end

data/lib/rodauth/rails/feature.rb CHANGED Viewed

@@ -11,7 +11,6 @@ module Rodauth
     require "rodauth/rails/feature/email"
     require "rodauth/rails/feature/instrumentation"
     require "rodauth/rails/feature/internal_request"
-    require "rodauth/rails/feature/associations"
     include Rodauth::Rails::Feature::Base
     include Rodauth::Rails::Feature::Callbacks
@@ -20,6 +19,5 @@ module Rodauth
     include Rodauth::Rails::Feature::Email
     include Rodauth::Rails::Feature::Instrumentation
     include Rodauth::Rails::Feature::InternalRequest
-    include Rodauth::Rails::Feature::Associations
   end
 end

data/lib/rodauth/rails/model.rb CHANGED Viewed

@@ -1,101 +1,6 @@
 module Rodauth
   module Rails
-    class Model < Module
-      ASSOCIATION_TYPES = { one: :has_one, many: :has_many }
-      def initialize(auth_class, association_options: {})
-        @auth_class = auth_class
-        @association_options = association_options
-        define_methods
-      end
-      def included(model)
-        fail Rodauth::Rails::Error, "must be an Active Record model" unless model < ActiveRecord::Base
-        define_associations(model)
-      end
-      private
-      def define_methods
-        rodauth = @auth_class.allocate.freeze
-        attr_reader :password
-        define_method(:password=) do |password|
-          @password = password
-          password_hash = rodauth.send(:password_hash, password) if password
-          set_password_hash(password_hash)
-        end
-        define_method(:set_password_hash) do |password_hash|
-          if rodauth.account_password_hash_column
-            public_send(:"#{rodauth.account_password_hash_column}=", password_hash)
-          else
-            if password_hash
-              record = self.password_hash || build_password_hash
-              record.public_send(:"#{rodauth.password_hash_column}=", password_hash)
-            else
-              self.password_hash&.mark_for_destruction
-            end
-          end
-        end
-      end
-      def define_associations(model)
-        define_password_hash_association(model) unless rodauth.account_password_hash_column
-        rodauth.associations.each do |association|
-          define_association(model, **association, type: ASSOCIATION_TYPES.fetch(association[:type]))
-        end
-      end
-      def define_password_hash_association(model)
-        password_hash_id_column = rodauth.password_hash_id_column
-        scope = -> { select(password_hash_id_column) } if rodauth.send(:use_database_authentication_functions?)
-        define_association model,
-          type: :has_one,
-          name: :password_hash,
-          table: rodauth.password_hash_table,
-          foreign_key: password_hash_id_column,
-          scope: scope,
-          autosave: true
-      end
-      def define_association(model, type:, name:, table:, foreign_key:, scope: nil, **options)
-        associated_model = Class.new(model.superclass)
-        associated_model.table_name = table
-        associated_model.belongs_to :account,
-          class_name: model.name,
-          foreign_key: foreign_key,
-          inverse_of: name
-        model.const_set(name.to_s.singularize.camelize, associated_model)
-        unless name == :authentication_audit_logs
-          dependent = type == :has_many ? :delete_all : :delete
-        end
-        model.public_send type, name, scope,
-          class_name: associated_model.name,
-          foreign_key: foreign_key,
-          dependent: dependent,
-          inverse_of: :account,
-          **options,
-          **association_options(name)
-      end
-      def association_options(name)
-        options = @association_options
-        options = options.call(name) if options.respond_to?(:call)
-        options || {}
-      end
-      def rodauth
-        @auth_class.allocate
-      end
-    end
+    Model = Rodauth::Model
+    deprecate_constant :Model
   end
 end

data/lib/rodauth/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.4.0"
+    VERSION = "1.5.0"
   end
 end

data/lib/rodauth/rails.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require "rodauth/rails/version"
 require "rodauth/rails/railtie"
+require "rodauth/model"
 module Rodauth
   module Rails
@@ -15,7 +16,7 @@ module Rodauth
     @middleware = true
     class << self
-      def rodauth(name = nil, query: nil, form: nil, account: nil, **options)
+      def rodauth(name = nil, account: nil, **options)
         auth_class = app.rodauth!(name)
         unless auth_class.features.include?(:internal_request)
@@ -43,7 +44,7 @@ module Rodauth
       end
       def model(name = nil, **options)
-        Rodauth::Rails::Model.new(app.rodauth!(name), **options)
+        Rodauth::Model.new(app.rodauth!(name), **options)
       end
       # routing constraint that requires authentication

data/rodauth-rails.gemspec CHANGED Viewed

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rodauth", "~> 2.23"
   spec.add_dependency "roda", "~> 3.55"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
+  spec.add_dependency "rodauth-model", "~> 0.2"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-04 00:00:00.000000000 Z
+date: 2022-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -72,6 +72,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rodauth-model
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
@@ -264,7 +278,6 @@ files:
 - lib/rodauth/rails/auth.rb
 - lib/rodauth/rails/controller_methods.rb
 - lib/rodauth/rails/feature.rb
-- lib/rodauth/rails/feature/associations.rb
 - lib/rodauth/rails/feature/base.rb
 - lib/rodauth/rails/feature/callbacks.rb
 - lib/rodauth/rails/feature/csrf.rb

data/lib/rodauth/rails/feature/associations.rb DELETED Viewed

@@ -1,54 +0,0 @@
-module Rodauth
-  module Rails
-    module Feature
-      module Associations
-        def associations
-          list = []
-          features.each do |feature|
-            case feature
-            when :remember
-              list << { name: :remember_key, type: :one, table: remember_table, foreign_key: remember_id_column }
-            when :verify_account
-              list << { name: :verification_key, type: :one, table: verify_account_table, foreign_key: verify_account_id_column }
-            when :reset_password
-              list << { name: :password_reset_key, type: :one, table: reset_password_table, foreign_key: reset_password_id_column }
-            when :verify_login_change
-              list << { name: :login_change_key, type: :one, table: verify_login_change_table, foreign_key: verify_login_change_id_column }
-            when :lockout
-              list << { name: :lockout, type: :one, table: account_lockouts_table, foreign_key: account_lockouts_id_column }
-              list << { name: :login_failure, type: :one, table: account_login_failures_table, foreign_key: account_login_failures_id_column }
-            when :email_auth
-              list << { name: :email_auth_key, type: :one, table: email_auth_table, foreign_key: email_auth_id_column }
-            when :account_expiration
-              list << { name: :activity_time, type: :one, table: account_activity_table, foreign_key: account_activity_id_column }
-            when :active_sessions
-              list << { name: :active_session_keys, type: :many, table: active_sessions_table, foreign_key: active_sessions_account_id_column }
-            when :audit_logging
-              list << { name: :authentication_audit_logs, type: :many, table: audit_logging_table, foreign_key: audit_logging_account_id_column }
-            when :disallow_password_reuse
-              list << { name: :previous_password_hashes, type: :many, table: previous_password_hash_table, foreign_key: previous_password_account_id_column }
-            when :jwt_refresh
-              list << { name: :jwt_refresh_keys, type: :many, table: jwt_refresh_token_table, foreign_key: jwt_refresh_token_account_id_column }
-            when :password_expiration
-              list << { name: :password_change_time, type: :one, table: password_expiration_table, foreign_key: password_expiration_id_column }
-            when :single_session
-              list << { name: :session_key, type: :one, table: single_session_table, foreign_key: single_session_id_column }
-            when :otp
-              list << { name: :otp_key, type: :one, table: otp_keys_table, foreign_key: otp_keys_id_column }
-            when :sms_codes
-              list << { name: :sms_code, type: :one, table: sms_codes_table, foreign_key: sms_id_column }
-            when :recovery_codes
-              list << { name: :recovery_codes, type: :many, table: recovery_codes_table, foreign_key: recovery_codes_id_column }
-            when :webauthn
-              list << { name: :webauthn_user_id, type: :one, table: webauthn_user_ids_table, foreign_key: webauthn_user_ids_account_id_column }
-              list << { name: :webauthn_keys, type: :many, table: webauthn_keys_table, foreign_key: webauthn_keys_account_id_column }
-            end
-          end
-          list
-        end
-      end
-    end
-  end
-end