RubyGems - rodauth-rails - Versions diffs - 1.4.0 → 1.5.0 - Mend

rodauth-rails 1.4.0 → 1.5.0

Files changed (50) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8b5fb22e3d8c84eafedffa3463b4e0ecdf481189b8b48adc2d31005f86251d87
-  data.tar.gz: 142e229b7c9a9b078f773f99885117268e759df2eb49e5252ce21754dcf61763
+  metadata.gz: 43e0f2c048024645cb8af7e744042187ded20eeca3f685bdf28a959aebf296e0
+  data.tar.gz: 96d02ad057f315a339bc1cda804f71e19cd629a9cb2ca5c574c515d954692673
 SHA512:
-  metadata.gz: b1c30c5b1714a80466ad3775720be50d2f02b8d06d016638e6d1ebfb7515cd6060463b975f9810977fe74eb7330ce12b9c6ff81839e41b2e4044615c606ca7bb
-  data.tar.gz: 4a532058b27cfc07d2ed234457b880a609c7b35186db976a547be2e83d1c18df7ac72402a9d52155819f2d97edb63b0e7742e908b6cb3ed1b40c2deae18e7e2e
+  metadata.gz: c943289cb0c628b37d89fcc6e2a0b22b190ba0e0c0351ffc53c726ac81b0c9f87b0b6e1f929a823724fa1aed70c5b5601279b24df5b54026cb06bb073c3b284c
+  data.tar.gz: afb5b6523b6c440c9b02255b047cf562dd0122a6abb8d49f7c93671981c75935d6a1a9ab1c27a9e8158578a928b70b3705db24760db803acd79abafa58cdc4ce

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,29 @@
+## 1.5.0 (2022-06-11)
+* Remove `content_for` calls from generated view templates (@janko)
+* Set title instance variable to `@page_title` in generated configuration (@janko)
+* Set title instance variable on the controller when `title_instance_variable` is set (@HoneyryderChuck)
+## 1.4.2 (2022-05-15)
+* Stop passing email addresses in mailer arguments on verifying login change (@janko)
+* Extract finding account into a method in the generated mailer (@janko)
+* Make generated Action Mailer integration work with secondary Rodauth configurations (@janko)
+* Include `Rodauth::Rails.model` in generated Sequel account model as well (@janko)
+## 1.4.1 (2022-05-08)
+* Deprecate `Rodauth::Rails::Model` constant (@janko)
+* Remove `Rodauth::Rails::Auth#associations` in favour of new association registration API (@janko)
+* Extract model mixin into the rodauth-model gem (@janko)
 ## 1.4.0 (2022-05-04)
 * Move association definitions to `#associations` Rodauth method, allowing external features to extend them (@janko)

data/README.md CHANGED Viewed

@@ -321,16 +321,26 @@ $ rails generate rodauth:views webauthn --name admin
 #### Page titles
-The generated view templates use `content_for(:title)` to store Rodauth's page
-titles, which you can then retrieve in your layout template to set the page
-title:
+The generated configuration sets `title_instance_variable` to make page titles
+available in your views via `@page_title` instance variable, which you can then
+use in your layout:
+```rb
+# app/misc/rodauth_main.rb
+class RodauthMain < Rodauth::Rails::Auth
+  configure do
+    # ...
+    title_instance_variable :@page_title
+    # ...
+  end
+end
+```
 ```erb
 <!-- app/views/layouts/application.html.erb -->
 <!DOCTYPE html>
 <html>
   <head>
-    <title><%= content_for(:title) %></title>
+    <title><%= @page_title || "Default title" %></title>
     <!-- ... -->
   </head>
   <body>
@@ -339,6 +349,21 @@ title:
 </html>
 ```
+If you're already setting page titles via `content_for`, you can use it in
+generated Rodauth views, giving it the result of the corresponding
+`*_page_title` method:
+```erb
+<!-- app/views/rodauth/login.html.erb -->
+<%= content_for :page_title, rodauth.login_page_title %>
+<!-- ... -->
+```
+```erb
+<!-- app/views/rodauth/change_password.html.erb -->
+<%= content_for :page_title, rodauth.change_password_page_title %>
+<!-- ... -->
+```
 #### Layout
 To use different layouts for different Rodauth views, you can compare the
@@ -484,21 +509,19 @@ end
 ## Model
-The `Rodauth::Rails::Model` mixin can be included into the account model, which
-defines a password attribute and associations for tables used by enabled
-authentication features.
+The [rodauth-model] gem provides a `Rodauth::Model` mixin that can be included
+into the account model, which defines a password attribute and associations for
+tables used by enabled authentication features.
 ```rb
-class Account < ApplicationRecord
+class Account < ActiveRecord::Base # Sequel::Model
   include Rodauth::Rails.model # or `Rodauth::Rails.model(:admin)`
 end
 ```
-### Password attribute
-Regardless of whether you're storing the password hash in a column in the
-accounts table, or in a separate table, the `#password` attribute can be used
-to set or clear the password hash.
+The password attribute can be used to set or clear the password hash. It
+handles both storing the password hash in a column on the accounts table, or in
+a separate table.
 ```rb
 account = Account.create!(email: "user@example.com", password: "secret")
@@ -514,132 +537,14 @@ account.password = nil # clears password hash
 account.password_hash #=> nil
 ```
-Note that the password attribute doesn't come with validations, making it
-unsuitable for forms. It was primarily intended to allow easily creating
-accounts in development console and in tests.
-### Associations
-The `Rodauth::Rails::Model` mixin defines associations for Rodauth tables
-associated to the accounts table:
+The associations are defined for tables used by enabled authentication features:
 ```rb
 account.remember_key #=> #<Account::RememberKey> (record from `account_remember_keys` table)
 account.active_session_keys #=> [#<Account::ActiveSessionKey>,...] (records from `account_active_session_keys` table)
 ```
-You can also reference the associated models directly:
-```rb
-# model referencing the `account_authentication_audit_logs` table
-Account::AuthenticationAuditLog.where(message: "login").group(:account_id)
-```
-The associated models define the inverse `belongs_to :account` association:
-```rb
-Account::ActiveSessionKey.includes(:account).map(&:account)
-```
-Here is an example of using associations to create a method that returns
-whether the account has multifactor authentication enabled:
-```rb
-class Account < ApplicationRecord
-  include Rodauth::Rails.model
-  def mfa_enabled?
-    otp_key || (sms_code && sms_code.num_failures.nil?) || recovery_codes.any?
-  end
-end
-```
-Here is another example of creating a query scope that selects accounts with
-multifactor authentication enabled:
-```rb
-class Account < ApplicationRecord
-  include Rodauth::Rails.model
-  scope :otp_setup, -> { where(otp_key: OtpKey.all) }
-  scope :sms_codes_setup, -> { where(sms_code: SmsCode.where(num_failures: nil)) }
-  scope :recovery_codes_setup, -> { where(recovery_codes: RecoveryCode.all) }
-  scope :mfa_enabled, -> { merge(otp_setup.or(sms_codes_setup).or(recovery_codes_setup)) }
-end
-```
-#### Association reference
-Below is a list of all associations defined depending on the features loaded:
-| Feature                 | Association                  | Type       | Model                    | Table (default)                     |
-| :------                 | :----------                  | :---       | :----                    | :----                               |
-| account_expiration      | `:activity_time`             | `has_one`  | `ActivityTime`           | `account_activity_times`            |
-| active_sessions         | `:active_session_keys`       | `has_many` | `ActiveSessionKey`       | `account_active_session_keys`       |
-| audit_logging           | `:authentication_audit_logs` | `has_many` | `AuthenticationAuditLog` | `account_authentication_audit_logs` |
-| disallow_password_reuse | `:previous_password_hashes`  | `has_many` | `PreviousPasswordHash`   | `account_previous_password_hashes`  |
-| email_auth              | `:email_auth_key`            | `has_one`  | `EmailAuthKey`           | `account_email_auth_keys`           |
-| jwt_refresh             | `:jwt_refresh_keys`          | `has_many` | `JwtRefreshKey`          | `account_jwt_refresh_keys`          |
-| lockout                 | `:lockout`                   | `has_one`  | `Lockout`                | `account_lockouts`                  |
-| lockout                 | `:login_failure`             | `has_one`  | `LoginFailure`           | `account_login_failures`            |
-| otp                     | `:otp_key`                   | `has_one`  | `OtpKey`                 | `account_otp_keys`                  |
-| password_expiration     | `:password_change_time`      | `has_one`  | `PasswordChangeTime`     | `account_password_change_times`     |
-| recovery_codes          | `:recovery_codes`            | `has_many` | `RecoveryCode`           | `account_recovery_codes`            |
-| remember                | `:remember_key`              | `has_one`  | `RememberKey`            | `account_remember_keys`             |
-| reset_password          | `:password_reset_key`        | `has_one`  | `PasswordResetKey`       | `account_password_reset_keys`       |
-| single_session          | `:session_key`               | `has_one`  | `SessionKey`             | `account_session_keys`              |
-| sms_codes               | `:sms_code`                  | `has_one`  | `SmsCode`                | `account_sms_codes`                 |
-| verify_account          | `:verification_key`          | `has_one`  | `VerificationKey`        | `account_verification_keys`         |
-| verify_login_change     | `:login_change_key`          | `has_one`  | `LoginChangeKey`         | `account_login_change_keys`         |
-| webauthn                | `:webauthn_keys`             | `has_many` | `WebauthnKey`            | `account_webauthn_keys`             |
-| webauthn                | `:webauthn_user_id`          | `has_one`  | `WebauthnUserId`         | `account_webauthn_user_ids`         |
-Note that some Rodauth tables use composite primary keys, which Active Record
-doesn't support out of the box. For associations to work properly, you might
-need to add the [composite_primary_keys] gem to your Gemfile.
-#### Association options
-By default, all associations except for audit logs have `dependent: :destroy`
-set, to allow for easy deletion of account records in the console. You can use
-`:association_options` to modify global or per-association options:
-```rb
-# don't auto-delete associations when account model is deleted
-Rodauth::Rails.model(association_options: { dependent: nil })
-# require authentication audit logs to be eager loaded before retrieval
-Rodauth::Rails.model(association_options: -> (name) {
-  { strict_loading: true } if name == :authentication_audit_logs
-})
-```
-#### Extending Associations
-External features can extend the list of associations with their own
-definitions, which the model mixin will pick up and declare the new associations
-on the model.
-```rb
-# lib/rodauth/features/foo.rb
-module Rodauth
-  Feature.define(:foo, :Foo) do
-    auth_value_method :foo_table, :account_foos
-    auth_value_method :foo_id_column, :id
-    def associations
-      list = super
-      list << {
-        name: :foo, # will define `Account::Foo` model
-        type: :one, # or :many
-        table: foo_table,
-        foreign_key: foo_id_column
-      }
-      list
-    end
-  end
-end
-```
+See the [rodauth-model] documentation for more details.
 ## Multiple configurations
@@ -1304,8 +1209,8 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [account_expiration]: http://rodauth.jeremyevans.net/rdoc/files/doc/account_expiration_rdoc.html
 [simple_ldap_authenticator]: https://github.com/jeremyevans/simple_ldap_authenticator
 [internal_request]: http://rodauth.jeremyevans.net/rdoc/files/doc/internal_request_rdoc.html
-[composite_primary_keys]: https://github.com/composite-primary-keys/composite_primary_keys
 [path_class_methods]: https://rodauth.jeremyevans.net/rdoc/files/doc/path_class_methods_rdoc.html
 [account types]: https://github.com/janko/rodauth-rails/wiki/Account-Types
 [custom mailer worker]: https://github.com/janko/rodauth-rails/wiki/Custom-Mailer-Worker
 [Turbo]: https://turbo.hotwired.dev/
+[rodauth-model]: https://github.com/janko/rodauth-model

data/lib/generators/rodauth/templates/INSTRUCTIONS CHANGED Viewed

@@ -31,7 +31,17 @@ Depending on your application's configuration some manual setup may be required:
      * Not required for API-only Applications *
-  4. You can copy Rodauth views (for customization) to your app by running:
+  4. Titles for Rodauth pages are available via @page_title instance variable
+     by default, you can use it in your layout file:
+       <head>
+         <title><%= @page_title || "Default title" %></title>
+         ...
+       </head>
+    * Not required *
+  5. You can copy Rodauth views (for customization) to your app by running:
        rails g rodauth:views

data/lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb CHANGED Viewed

@@ -1,78 +1,64 @@
 class RodauthMailer < ApplicationMailer
-  def verify_account(account_id, key)
-    @email_link = rodauth.verify_account_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-    @account = Account.find(account_id)
-<% else -%>
-    @account = Account.with_pk!(account_id)
-<% end -%>
+  def verify_account(name = nil, account_id, key)
+    @email_link = email_link(name, :verify_account, account_id, key)
+    @account = find_account(name, account_id)
-    mail to: @account.email, subject: rodauth.verify_account_email_subject
+    mail to: @account.email, subject: rodauth(name).verify_account_email_subject
   end
-  def reset_password(account_id, key)
-    @email_link = rodauth.reset_password_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-    @account = Account.find(account_id)
-<% else -%>
-    @account = Account.with_pk!(account_id)
-<% end -%>
+  def reset_password(name = nil, account_id, key)
+    @email_link = email_link(name, :reset_password, account_id, key)
+    @account = find_account(name, account_id)
-    mail to: @account.email, subject: rodauth.reset_password_email_subject
+    mail to: @account.email, subject: rodauth(name).reset_password_email_subject
   end
-  def verify_login_change(account_id, old_login, new_login, key)
-    @old_login  = old_login
-    @new_login  = new_login
-    @email_link = rodauth.verify_login_change_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-    @account = Account.find(account_id)
-<% else -%>
-    @account = Account.with_pk!(account_id)
-<% end -%>
+  def verify_login_change(name = nil, account_id, key)
+    @email_link = email_link(name, :verify_login_change, account_id, key)
+    @account = find_account(name, account_id)
+    @new_email = @account.login_change_key.login
-    mail to: new_login, subject: rodauth.verify_login_change_email_subject
+    mail to: @new_email, subject: rodauth(name).verify_login_change_email_subject
   end
-  def password_changed(account_id)
-<% if defined?(ActiveRecord::Railtie) -%>
-    @account = Account.find(account_id)
-<% else -%>
-    @account = Account.with_pk!(account_id)
-<% end -%>
+  def password_changed(name = nil, account_id)
+    @account = find_account(name, account_id)
-    mail to: @account.email, subject: rodauth.password_changed_email_subject
+    mail to: @account.email, subject: rodauth(name).password_changed_email_subject
   end
-  # def email_auth(account_id, key)
-  #   @email_link = rodauth.email_auth_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-  #   @account = Account.find(account_id)
-<% else -%>
-  #   @account = Account.with_pk!(account_id)
-<% end -%>
+  # def email_auth(name = nil, account_id, key)
+  #   @email_link = email_link(name, :email_auth, account_id, key)
+  #   @account = find_account(name, account_id)
-  #   mail to: @account.email, subject: rodauth.email_auth_email_subject
+  #   mail to: @account.email, subject: rodauth(name).email_auth_email_subject
   # end
-  # def unlock_account(account_id, key)
-  #   @email_link = rodauth.unlock_account_url(key: email_token(account_id, key))
-<% if defined?(ActiveRecord::Railtie) -%>
-  #   @account = Account.find(account_id)
-<% else -%>
-  #   @account = Account.with_pk!(account_id)
-<% end -%>
+  # def unlock_account(name = nil, account_id, key)
+  #   @email_link = email_link(name, :unlock_account, account_id, key)
+  #   @account = find_account(name, account_id)
-  #   mail to: @account.email, subject: rodauth.unlock_account_email_subject
+  #   mail to: @account.email, subject: rodauth(name).unlock_account_email_subject
   # end
   private
-  def email_token(account_id, key)
-    "#{account_id}_#{rodauth.compute_hmac(key)}"
+  def find_account(_name, account_id)
+<% if defined?(ActiveRecord::Railtie) -%>
+    Account.find(account_id)
+<% else -%>
+    Account.with_pk!(account_id)
+<% end -%>
+  end
+  def email_link(name, action, account_id, key)
+    instance = rodauth(name)
+    instance.instance_variable_set(:@account, { id: account_id })
+    instance.instance_variable_set(:"@#{action}_key_value", key)
+    instance.public_send(:"#{action}_email_link")
   end
-  def rodauth(name = nil)
+  def rodauth(name)
     RodauthApp.rodauth(name).allocate
   end
 end

data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb CHANGED Viewed

@@ -31,6 +31,9 @@ class RodauthMain < Rodauth::Rails::Auth
     # Specify the controller used for view rendering and CSRF verification.
     rails_controller { RodauthController }
+    # Set on Rodauth controller with the title of the current page.
+    title_instance_variable :@page_title
     # Store account status in an integer column without foreign key constraint.
     account_status_column :status
@@ -56,22 +59,22 @@ class RodauthMain < Rodauth::Rails::Auth
     # ==> Emails
     # Use a custom mailer for delivering authentication emails.
     create_reset_password_email do
-      RodauthMailer.reset_password(account_id, reset_password_key_value)
+      RodauthMailer.reset_password(*self.class.configuration_name, account_id, reset_password_key_value)
     end
     create_verify_account_email do
-      RodauthMailer.verify_account(account_id, verify_account_key_value)
+      RodauthMailer.verify_account(*self.class.configuration_name, account_id, verify_account_key_value)
     end
     create_verify_login_change_email do |_login|
-      RodauthMailer.verify_login_change(account_id, verify_login_change_old_login, verify_login_change_new_login, verify_login_change_key_value)
+      RodauthMailer.verify_login_change(*self.class.configuration_name, account_id, verify_login_change_key_value)
     end
     create_password_changed_email do
-      RodauthMailer.password_changed(account_id)
+      RodauthMailer.password_changed(*self.class.configuration_name, account_id)
     end
     # create_email_auth_email do
-    #   RodauthMailer.email_auth(account_id, email_auth_key_value)
+    #   RodauthMailer.email_auth(*self.class.configuration_name, account_id, email_auth_key_value)
     # end
     # create_unlock_account_email do
-    #   RodauthMailer.unlock_account(account_id, unlock_account_key_value)
+    #   RodauthMailer.unlock_account(*self.class.configuration_name, account_id, unlock_account_key_value)
     # end
     send_email do |email|
       # queue email delivery on the mailer after the transaction commits

data/lib/generators/rodauth/templates/app/models/account.rb CHANGED Viewed

@@ -9,6 +9,7 @@ class Account < ApplicationRecord
 end
 <% else -%>
 class Account < Sequel::Model
+  include Rodauth::Rails.model
   plugin :enum
   enum :status, unverified: 1, verified: 2, closed: 3
 end

data/lib/generators/rodauth/templates/app/views/rodauth/add_recovery_codes.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.add_recovery_codes_page_title %>
 <pre id="recovery-codes"><%= rodauth.recovery_codes.map { |s| h(s) }.join("\n\n") %></pre>
 <% if rodauth.can_add_recovery_codes? %>

data/lib/generators/rodauth/templates/app/views/rodauth/change_login.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.change_login_page_title %>
 <%= form_with url: rodauth.change_login_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "login", rodauth.login_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/change_password.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.change_password_page_title %>
 <%= form_with url: rodauth.change_password_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.change_password_requires_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/close_account.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.close_account_page_title %>
 <%= form_with url: rodauth.close_account_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.close_account_requires_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/confirm_password.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.confirm_password_page_title %>
 <%= form_with url: rodauth.confirm_password_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/create_account.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.create_account_page_title %>
 <%= form_with url: rodauth.create_account_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "login", rodauth.login_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/email_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.email_auth_page_title %>
 <%= form_with url: rodauth.email_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.submit rodauth.login_button, class: "btn btn-primary" %>

data/lib/generators/rodauth/templates/app/views/rodauth/login.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.login_page_title %>
 <%= render "login_form_header" %>
 <%= render "login_form" %>
 <%= render "login_form_footer" %>

data/lib/generators/rodauth/templates/app/views/rodauth/logout.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.logout_page_title %>
 <%= form_with url: rodauth.logout_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.features.include?(:active_sessions) %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/multi_phase_login.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.multi_phase_login_page_title %>
 <%= render "login_form_header" %>
 <%== rodauth.render_multi_phase_login_forms %>
 <%= render "login_form_footer" %>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.otp_auth_page_title %>
 <%= form_with url: rodauth.otp_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "otp-auth-code", rodauth.otp_auth_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/otp_disable.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.otp_disable_page_title %>
 <%= form_with url: rodauth.otp_disable_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/otp_setup.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.otp_setup_page_title %>
 <%= form_with url: rodauth.otp_setup_path, method: :post, data: { turbo: false } do |form| %>
   <%= form.hidden_field rodauth.otp_setup_param, value: rodauth.otp_user_key, id: "otp-key" %>
   <%= form.hidden_field rodauth.otp_setup_raw_param, value: rodauth.otp_key, id: "otp-hmac-secret" if rodauth.otp_keys_use_hmac? %>

data/lib/generators/rodauth/templates/app/views/rodauth/recovery_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.recovery_auth_page_title %>
 <%= form_with url: rodauth.recovery_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "recovery-code", rodauth.recovery_codes_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/recovery_codes.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.recovery_codes_page_title %>
 <%= form_with url: rodauth.recovery_codes_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/remember.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.remember_page_title %>
 <%= form_with url: rodauth.remember_path, method: :post, data: { turbo: false } do |form| %>
   <fieldset class="form-group mb-3">
     <div class="form-check">

data/lib/generators/rodauth/templates/app/views/rodauth/reset_password.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.reset_password_page_title %>
 <%= form_with url: rodauth.reset_password_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "password", rodauth.password_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/reset_password_request.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.reset_password_request_page_title %>
 <%= form_with url: rodauth.reset_password_request_path, method: :post, data: { turbo: false } do |form| %>
   <%== rodauth.reset_password_explanatory_text %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_auth_page_title %>
 <%= form_with url: rodauth.sms_auth_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "sms-code", rodauth.sms_code_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_confirm.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_confirm_page_title %>
 <%= form_with url: rodauth.sms_confirm_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.label "sms-code", rodauth.sms_code_label, class: "form-label" %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_disable.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_disable_page_title %>
 <%= form_with url: rodauth.sms_disable_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/sms_request.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_request_page_title %>
 <%= form_with url: rodauth.sms_request_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.submit rodauth.sms_request_button, class: "btn btn-primary" %>

data/lib/generators/rodauth/templates/app/views/rodauth/sms_setup.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.sms_setup_page_title %>
 <%= form_with url: rodauth.sms_setup_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/two_factor_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.two_factor_auth_page_title %>
 <ul>
   <% rodauth.two_factor_auth_links.sort.each do |_, link, text| %>
     <li><%= link_to text, link %></li>

data/lib/generators/rodauth/templates/app/views/rodauth/two_factor_disable.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.two_factor_disable_page_title %>
 <%= form_with url: rodauth.two_factor_disable_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/two_factor_manage.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.two_factor_manage_page_title %>
 <% if rodauth.two_factor_setup_links.any? %>
   <%== rodauth.two_factor_setup_heading %>

data/lib/generators/rodauth/templates/app/views/rodauth/unlock_account.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.unlock_account_page_title %>
 <%= form_with url: rodauth.unlock_account_path, method: :post, data: { turbo: false } do |form| %>
   <%== rodauth.unlock_account_explanatory_text %>

data/lib/generators/rodauth/templates/app/views/rodauth/unlock_account_request.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.unlock_account_request_page_title %>
 <%= form_with url: rodauth.unlock_account_request_path, method: :post, data: { turbo: false } do |form| %>
   <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>

data/lib/generators/rodauth/templates/app/views/rodauth/verify_account.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.verify_account_page_title %>
 <%= form_with url: rodauth.verify_account_path, method: :post, data: { turbo: false } do |form| %>
   <% if rodauth.verify_account_set_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/verify_account_resend.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.resend_verify_account_page_title %>
 <%= form_with url: rodauth.verify_account_resend_path, method: :post, data: { turbo: false } do |form| %>
   <%== rodauth.verify_account_resend_explanatory_text %>

data/lib/generators/rodauth/templates/app/views/rodauth/verify_login_change.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.verify_login_change_page_title %>
 <%= form_with url: rodauth.verify_login_change_path, method: :post, data: { turbo: false } do |form| %>
   <div class="form-group mb-3">
     <%= form.submit rodauth.verify_login_change_button, class: "btn btn-primary" %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_auth.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.webauthn_auth_page_title %>
 <% cred = rodauth.webauth_credential_options_for_get %>
 <%= form_with url: rodauth.webauthn_auth_form_path, method: :post, id: "webauthn-auth-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_remove.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.webauthn_remove_page_title %>
 <%= form_with url: rodauth.webauthn_remove_path, method: :post, id: "webauthn-remove-form", data: { turbo: false } do |form| %>
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_setup.html.erb CHANGED Viewed

@@ -1,5 +1,3 @@
-<% content_for :title, rodauth.webauthn_setup_page_title %>
 <% cred = rodauth.new_webauthn_credential %>
 <%= form_with url: rodauth.webauthn_setup_path, method: :post, id: "webauthn-setup-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_login_change.text.erb CHANGED Viewed

@@ -1,8 +1,8 @@
 Someone with an account has requested their login be changed to this email address:
-Old email: <%= @old_login %>
+Old email: <%= @account.email %>
-New email: <%= @new_login %>
+New email: <%= @new_email %>
 If you did not request this login change, please ignore this message.  If you
 requested this login change, please go to

data/lib/rodauth/rails/feature/render.rb CHANGED Viewed

@@ -8,7 +8,8 @@ module Rodauth
         # Renders templates with layout. First tries to render a user-defined
         # template, otherwise falls back to Rodauth's template.
-        def view(page, *)
+        def view(page, title)
+          set_title(title)
           rails_render(action: page.tr("-", "_"), layout: true) ||
             rails_render(html: super.html_safe, layout: true, formats: :html)
         end
@@ -50,6 +51,12 @@ module Rodauth
           html = html.gsub(/<form(.+)>/, '<form\1 data-turbo="false">') if meth == :view
           html
         end
+        def set_title(title)
+          if title_instance_variable
+            rails_controller_instance.instance_variable_set(title_instance_variable, title)
+          end
+        end
       end
     end
   end

data/lib/rodauth/rails/feature.rb CHANGED Viewed

@@ -11,7 +11,6 @@ module Rodauth
     require "rodauth/rails/feature/email"
     require "rodauth/rails/feature/instrumentation"
     require "rodauth/rails/feature/internal_request"
-    require "rodauth/rails/feature/associations"
     include Rodauth::Rails::Feature::Base
     include Rodauth::Rails::Feature::Callbacks
@@ -20,6 +19,5 @@ module Rodauth
     include Rodauth::Rails::Feature::Email
     include Rodauth::Rails::Feature::Instrumentation
     include Rodauth::Rails::Feature::InternalRequest
-    include Rodauth::Rails::Feature::Associations
   end
 end

data/lib/rodauth/rails/model.rb CHANGED Viewed

@@ -1,101 +1,6 @@
 module Rodauth
   module Rails
-    class Model < Module
-      ASSOCIATION_TYPES = { one: :has_one, many: :has_many }
-      def initialize(auth_class, association_options: {})
-        @auth_class = auth_class
-        @association_options = association_options
-        define_methods
-      end
-      def included(model)
-        fail Rodauth::Rails::Error, "must be an Active Record model" unless model < ActiveRecord::Base
-        define_associations(model)
-      end
-      private
-      def define_methods
-        rodauth = @auth_class.allocate.freeze
-        attr_reader :password
-        define_method(:password=) do |password|
-          @password = password
-          password_hash = rodauth.send(:password_hash, password) if password
-          set_password_hash(password_hash)
-        end
-        define_method(:set_password_hash) do |password_hash|
-          if rodauth.account_password_hash_column
-            public_send(:"#{rodauth.account_password_hash_column}=", password_hash)
-          else
-            if password_hash
-              record = self.password_hash || build_password_hash
-              record.public_send(:"#{rodauth.password_hash_column}=", password_hash)
-            else
-              self.password_hash&.mark_for_destruction
-            end
-          end
-        end
-      end
-      def define_associations(model)
-        define_password_hash_association(model) unless rodauth.account_password_hash_column
-        rodauth.associations.each do |association|
-          define_association(model, **association, type: ASSOCIATION_TYPES.fetch(association[:type]))
-        end
-      end
-      def define_password_hash_association(model)
-        password_hash_id_column = rodauth.password_hash_id_column
-        scope = -> { select(password_hash_id_column) } if rodauth.send(:use_database_authentication_functions?)
-        define_association model,
-          type: :has_one,
-          name: :password_hash,
-          table: rodauth.password_hash_table,
-          foreign_key: password_hash_id_column,
-          scope: scope,
-          autosave: true
-      end
-      def define_association(model, type:, name:, table:, foreign_key:, scope: nil, **options)
-        associated_model = Class.new(model.superclass)
-        associated_model.table_name = table
-        associated_model.belongs_to :account,
-          class_name: model.name,
-          foreign_key: foreign_key,
-          inverse_of: name
-        model.const_set(name.to_s.singularize.camelize, associated_model)
-        unless name == :authentication_audit_logs
-          dependent = type == :has_many ? :delete_all : :delete
-        end
-        model.public_send type, name, scope,
-          class_name: associated_model.name,
-          foreign_key: foreign_key,
-          dependent: dependent,
-          inverse_of: :account,
-          **options,
-          **association_options(name)
-      end
-      def association_options(name)
-        options = @association_options
-        options = options.call(name) if options.respond_to?(:call)
-        options || {}
-      end
-      def rodauth
-        @auth_class.allocate
-      end
-    end
+    Model = Rodauth::Model
+    deprecate_constant :Model
   end
 end

data/lib/rodauth/rails/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.4.0"
+    VERSION = "1.5.0"
   end
 end

data/lib/rodauth/rails.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require "rodauth/rails/version"
 require "rodauth/rails/railtie"
+require "rodauth/model"
 module Rodauth
   module Rails
@@ -15,7 +16,7 @@ module Rodauth
     @middleware = true
     class << self
-      def rodauth(name = nil, query: nil, form: nil, account: nil, **options)
+      def rodauth(name = nil, account: nil, **options)
         auth_class = app.rodauth!(name)
         unless auth_class.features.include?(:internal_request)
@@ -43,7 +44,7 @@ module Rodauth
       end
       def model(name = nil, **options)
-        Rodauth::Rails::Model.new(app.rodauth!(name), **options)
+        Rodauth::Model.new(app.rodauth!(name), **options)
       end
       # routing constraint that requires authentication

data/rodauth-rails.gemspec CHANGED Viewed

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rodauth", "~> 2.23"
   spec.add_dependency "roda", "~> 3.55"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
+  spec.add_dependency "rodauth-model", "~> 0.2"
   spec.add_dependency "tilt"
   spec.add_dependency "bcrypt"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-04 00:00:00.000000000 Z
+date: 2022-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -72,6 +72,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: rodauth-model
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: tilt
   requirement: !ruby/object:Gem::Requirement
@@ -264,7 +278,6 @@ files:
 - lib/rodauth/rails/auth.rb
 - lib/rodauth/rails/controller_methods.rb
 - lib/rodauth/rails/feature.rb
-- lib/rodauth/rails/feature/associations.rb
 - lib/rodauth/rails/feature/base.rb
 - lib/rodauth/rails/feature/callbacks.rb
 - lib/rodauth/rails/feature/csrf.rb

data/lib/rodauth/rails/feature/associations.rb DELETED Viewed

@@ -1,54 +0,0 @@
-module Rodauth
-  module Rails
-    module Feature
-      module Associations
-        def associations
-          list = []
-          features.each do |feature|
-            case feature
-            when :remember
-              list << { name: :remember_key, type: :one, table: remember_table, foreign_key: remember_id_column }
-            when :verify_account
-              list << { name: :verification_key, type: :one, table: verify_account_table, foreign_key: verify_account_id_column }
-            when :reset_password
-              list << { name: :password_reset_key, type: :one, table: reset_password_table, foreign_key: reset_password_id_column }
-            when :verify_login_change
-              list << { name: :login_change_key, type: :one, table: verify_login_change_table, foreign_key: verify_login_change_id_column }
-            when :lockout
-              list << { name: :lockout, type: :one, table: account_lockouts_table, foreign_key: account_lockouts_id_column }
-              list << { name: :login_failure, type: :one, table: account_login_failures_table, foreign_key: account_login_failures_id_column }
-            when :email_auth
-              list << { name: :email_auth_key, type: :one, table: email_auth_table, foreign_key: email_auth_id_column }
-            when :account_expiration
-              list << { name: :activity_time, type: :one, table: account_activity_table, foreign_key: account_activity_id_column }
-            when :active_sessions
-              list << { name: :active_session_keys, type: :many, table: active_sessions_table, foreign_key: active_sessions_account_id_column }
-            when :audit_logging
-              list << { name: :authentication_audit_logs, type: :many, table: audit_logging_table, foreign_key: audit_logging_account_id_column }
-            when :disallow_password_reuse
-              list << { name: :previous_password_hashes, type: :many, table: previous_password_hash_table, foreign_key: previous_password_account_id_column }
-            when :jwt_refresh
-              list << { name: :jwt_refresh_keys, type: :many, table: jwt_refresh_token_table, foreign_key: jwt_refresh_token_account_id_column }
-            when :password_expiration
-              list << { name: :password_change_time, type: :one, table: password_expiration_table, foreign_key: password_expiration_id_column }
-            when :single_session
-              list << { name: :session_key, type: :one, table: single_session_table, foreign_key: single_session_id_column }
-            when :otp
-              list << { name: :otp_key, type: :one, table: otp_keys_table, foreign_key: otp_keys_id_column }
-            when :sms_codes
-              list << { name: :sms_code, type: :one, table: sms_codes_table, foreign_key: sms_id_column }
-            when :recovery_codes
-              list << { name: :recovery_codes, type: :many, table: recovery_codes_table, foreign_key: recovery_codes_id_column }
-            when :webauthn
-              list << { name: :webauthn_user_id, type: :one, table: webauthn_user_ids_table, foreign_key: webauthn_user_ids_account_id_column }
-              list << { name: :webauthn_keys, type: :many, table: webauthn_keys_table, foreign_key: webauthn_keys_account_id_column }
-            end
-          end
-          list
-        end
-      end
-    end
-  end
-end