rodauth-rails 1.6.3 → 1.6.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e133150815312f4fec4d4c03685b7a762b285860f72cd4594c5d034b58c8d37f
-  data.tar.gz: 10623324c6d20a69973f48faf950563d76ddffa1eb70f39cf82872b1318042ee
+  metadata.gz: a49174b3518279a0414854312fe7ce6e5f8c9094b41a39d7e5f89b1860e844aa
+  data.tar.gz: 6a3fe7d3577aaaa944630b874688d6223139cb50877aa700157b537eeea97f35
 SHA512:
-  metadata.gz: a8b8d22356e108f7e7a6a4025958639546e2fd957a1115f5faf3faf187c136072c7aac1ab130e04a925637a77c31b99326c92d6e43cbc363b6bba3a89188718d
-  data.tar.gz: a5b40c767d34b94f8485d61cb0bd45021108ce927ee16892e72c2095c31a7091c75229bfd971f029227e5a24355de4f090cb75f5d974be9b7c267a5032e2e7c8
+  metadata.gz: 7ef86cb7557eb8aadf205ea5593332e678e6165768aa4288d6ba50456d608fff0eca2c4ce33bd767111ac5a6f07a4fae00d39fd9957ead4198abb4d40816fc77
+  data.tar.gz: 22158dec21b5cb2d5b6b77fc29c34515bf7cf90febafa87c576536a31f96866fb404f488d1970cd0db9fae2503b6dc274318e017311d6a6b0eb765e00e714776

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 1.6.4 (2022-11-24)
+
+* Make `#rails_account` work on directly allocated Rodauth object with `@account` set (@janko)
+
+* Add commented out email configuration for `password_reset_notify` feature (@janko)
+
+* Design generated mailer in a way that exposes the Rodauth object (@janko)
+
+* Fix generated logout page always logging out globally when using active sessions feature (@janko)
+
 ## 1.6.3 (2022-11-15)
 
 * Suggest passing an integer to `verify_account_grace_period` instead of `ActiveSupport::Duration` (@vlado)

data/README.md

@@ -40,11 +40,19 @@ of the advantages that stand out for me:
 * consistent before/after hooks around everything
 * dedicated object encapsulating all authentication logic
 
-One common concern is the fact that, unlike most other authentication
-frameworks for Rails, Rodauth uses [Sequel] for database interaction instead of
-Active Record. There are good reasons for this, and to make Rodauth work
-smoothly alongside Active Record, rodauth-rails configures Sequel to [reuse
-Active Record's database connection][sequel-activerecord_connection].
+### Sequel
+
+One common concern for people coming from other Rails authentication frameworks
+is the fact that Rodauth uses [Sequel] for database interaction instead of
+Active Record. Sequel has powerful APIs for building advanced queries,
+supporting complex SQL expressions, database-agnostic date arithmetic, SQL
+function calls and more, all without having to drop down to raw SQL.
+
+For Rails apps using Active Record, rodauth-rails configures Sequel to [reuse
+Active Record's database connection][sequel-activerecord_connection]. This
+makes it run smoothly alongside Active Record, even allowing calling Active
+Record code from within Rodauth configuration. So, for all intents and
+purposes, Sequel can be treated just as an implementation detail of Rodauth.
 
 ## Installation
 
@@ -720,10 +728,9 @@ Rodauth::Rails.rodauth(:admin, params: { "param" => "value" })
 ## Testing
 
 For system and integration tests, which run the whole middleware stack,
-authentication can be exercised normally via HTTP endpoints. See [this wiki
-page](https://github.com/janko/rodauth-rails/wiki/Testing) for some examples.
+authentication can be exercised normally via HTTP endpoints. For example, given
+a controller
 
-For controller tests, you can log in accounts by modifying the session:
 
 ```rb
 # app/controllers/articles_controller.rb
@@ -735,9 +742,23 @@ class ArticlesController < ApplicationController
   end
 end
 ```
+
+One can write `ActionDispatch::IntegrationTest` test helpers for `login` and
+`logout` by making requests to the rodauth endpoints
+
 ```rb
 # test/controllers/articles_controller_test.rb
-class ArticlesControllerTest < ActionController::TestCase
+class ArticlesControllerTest < ActionDispatch::IntegrationTest
+  def login(login, password)
+    post "/login", params: { login: login, password: password }
+    assert_redirected_to "/"
+  end
+
+  def logout
+    post "/logout"
+    assert_redirected_to "/"
+  end
+  
   test "required authentication" do
     get :index
 
@@ -746,7 +767,7 @@ class ArticlesControllerTest < ActionController::TestCase
     assert_equal "Please login to continue", flash[:alert]
 
     account = Account.create!(email: "user@example.com", password: "secret123", status: "verified")
-    login(account)
+    login(account.email, "secret123")
 
     get :index
     assert_response 200
@@ -757,45 +778,11 @@ class ArticlesControllerTest < ActionController::TestCase
     assert_response 302
     assert_equal "Please login to continue", flash[:alert]
   end
-
-  private
-
-  # Manually modify the session into what Rodauth expects.
-  def login(account)
-    session[:account_id] = account.id
-    session[:authenticated_by] = ["password"] # or ["password", "totp"] for MFA
-  end
-
-  def logout
-    session.clear
-  end
 end
 ```
 
-If you're using multiple configurations with different session prefixes, you'll need
-to make sure to use those in controller tests as well:
-
-```rb
-class RodauthAdmin < Rodauth::Rails::Auth
-  configure do
-    session_key_prefix "admin_"
-  end
-end
-```
-```rb
-# in a controller test:
-session[:admin_account_id] = account.id
-session[:admin_authenticated_by] = ["password"]
-```
-
-If you want to access the Rodauth instance in controller tests, you can do so
-through the controller instance:
-
-```rb
-# in a controller test:
-@controller.rodauth         #=> #<RodauthMain ...>
-@controller.rodauth(:admin) #=> #<RodauthAdmin ...>
-```
+For more examples and information about testing with rodauth, see
+[this wiki page about testing](https://github.com/janko/rodauth-rails/wiki/Testing). 
 
 ## Configuring
 
@@ -1069,19 +1056,6 @@ end
 <% rodauth(:admin) #=> #<RodauthAdmin> (if using multiple configurations) %>
 ```
 
-### Sequel
-
-Rodauth uses the [Sequel] library for database interaction, which offers
-powerful APIs for building advanced queries (it supports SQL expressions,
-database-agnostic date arithmetic, SQL function calls).
-
-If you're using Active Record in your application, the `rodauth:install`
-generator automatically configures Sequel to reuse ActiveRecord's database
-connection, using the [sequel-activerecord_connection] gem.
-
-This means that, from the usage perspective, Sequel can be considered just
-as an implementation detail of Rodauth.
-
 ## Rodauth defaults
 
 rodauth-rails changes some of the default Rodauth settings for easier setup:

data/lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb

@@ -1,64 +1,60 @@
 class RodauthMailer < ApplicationMailer
   def verify_account(name, account_id, key)
-    @email_link = email_link(name, :verify_account, account_id, key)
-    @account = find_account(name, account_id)
+    @rodauth = rodauth(name, account_id) { @verify_account_key_value = key }
+    @account = @rodauth.rails_account
 
-    mail to: @account.email, subject: rodauth(name).verify_account_email_subject
+    mail to: @account.email, subject: @rodauth.verify_account_email_subject
   end
 
   def reset_password(name, account_id, key)
-    @email_link = email_link(name, :reset_password, account_id, key)
-    @account = find_account(name, account_id)
+    @rodauth = rodauth(name, account_id) { @reset_password_key_value = key }
+    @account = @rodauth.rails_account
 
-    mail to: @account.email, subject: rodauth(name).reset_password_email_subject
+    mail to: @account.email, subject: @rodauth.reset_password_email_subject
   end
 
   def verify_login_change(name, account_id, key)
-    @email_link = email_link(name, :verify_login_change, account_id, key)
-    @account = find_account(name, account_id)
+    @rodauth = rodauth(name, account_id) { @verify_login_change_key_value = key }
+    @account = @rodauth.rails_account
     @new_email = @account.login_change_key.login
 
-    mail to: @new_email, subject: rodauth(name).verify_login_change_email_subject
+    mail to: @new_email, subject: @rodauth.verify_login_change_email_subject
   end
 
   def password_changed(name, account_id)
-    @account = find_account(name, account_id)
+    @rodauth = rodauth(name, account_id)
+    @account = @rodauth.rails_account
 
-    mail to: @account.email, subject: rodauth(name).password_changed_email_subject
+    mail to: @account.email, subject: @rodauth.password_changed_email_subject
   end
 
+  # def reset_password_notify(name, account_id)
+  #   @rodauth = rodauth(name, account_id)
+  #   @account = @rodauth.rails_account
+
+  #   mail to: @account.email, subject: @rodauth.reset_password_notify_email_subject
+  # end
+
   # def email_auth(name, account_id, key)
-  #   @email_link = email_link(name, :email_auth, account_id, key)
-  #   @account = find_account(name, account_id)
+  #   @rodauth = rodauth(name, account_id) { @email_auth_key_value = key }
+  #   @account = @rodauth.rails_account
 
-  #   mail to: @account.email, subject: rodauth(name).email_auth_email_subject
+  #   mail to: @account.email, subject: @rodauth.email_auth_email_subject
   # end
 
   # def unlock_account(name, account_id, key)
-  #   @email_link = email_link(name, :unlock_account, account_id, key)
-  #   @account = find_account(name, account_id)
+  #   @rodauth = rodauth(name, account_id) { @unlock_account_key_value = key }
+  #   @account = @rodauth.rails_account
 
-  #   mail to: @account.email, subject: rodauth(name).unlock_account_email_subject
+  #   mail to: @account.email, subject: @rodauth.unlock_account_email_subject
   # end
 
   private
 
-  def find_account(_name, account_id)
-<% if defined?(ActiveRecord::Railtie) -%>
-    Account.find(account_id)
-<% else -%>
-    Account.with_pk!(account_id)
-<% end -%>
-  end
-
-  def email_link(name, action, account_id, key)
-    instance = rodauth(name)
-    instance.instance_variable_set(:@account, { id: account_id })
-    instance.instance_variable_set(:"@#{action}_key_value", key)
-    instance.public_send(:"#{action}_email_link")
-  end
-
-  def rodauth(name)
-    RodauthApp.rodauth(name).allocate
+  def rodauth(name, account_id, &block)
+    instance = RodauthApp.rodauth(name).allocate
+    instance.instance_eval { @account = account_ds(account_id).first! }
+    instance.instance_eval(&block) if block
+    instance
   end
 end

data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb

@@ -76,6 +76,9 @@ class RodauthMain < Rodauth::Rails::Auth
     create_password_changed_email do
       RodauthMailer.password_changed(self.class.configuration_name, account_id)
     end
+    # create_reset_password_notify_email do
+    #   RodauthMailer.reset_password_notify(self.class.configuration_name, account_id)
+    # end
     # create_email_auth_email do
     #   RodauthMailer.email_auth(self.class.configuration_name, account_id, email_auth_key_value)
     # end

data/lib/generators/rodauth/templates/app/views/rodauth/logout.html.erb

@@ -2,7 +2,7 @@
   <% if rodauth.features.include?(:active_sessions) %>
     <div class="form-group mb-3">
       <div class="form-check">
-        <%= form.check_box rodauth.global_logout_param, id: "global-logout", class: "form-check-input" %>
+        <%= form.check_box rodauth.global_logout_param, id: "global-logout", class: "form-check-input", include_hidden: false %>
         <%= form.label "global-logout", rodauth.global_logout_label, class: "form-check-label" %>
       </div>
     </div>

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/email_auth.text.erb

@@ -1,5 +1,5 @@
 Someone has requested a login link for the account with this email
 address.  If you did not request a login link, please ignore this
 message.  If you requested a login link, please go to
-<%= @email_link %>
+<%= @rodauth.email_auth_email_link %>
 to login to this account.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/reset_password.text.erb

@@ -1,5 +1,5 @@
 Someone has requested a password reset for the account with this email
 address.  If you did not request a password reset, please ignore this
 message.  If you requested a password reset, please go to
-<%= @email_link %>
+<%= @rodauth.reset_password_email_link %>
 to reset the password for the account.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/reset_password_notify.text.erb

@@ -0,0 +1,2 @@
+Someone (hopefully you) has reset the password for the account
+associated to this email address.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/unlock_account.text.erb

@@ -1,5 +1,5 @@
-Someone has requested that the account with this email be unlocked.
+Someone has requested a that the account with this email be unlocked.
 If you did not request the unlocking of this account, please ignore this
 message.  If you requested the unlocking of this account, please go to
-<%= @email_link %>
+<%= @rodauth.unlock_account_email_link %>
 to unlock this account.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_account.text.erb

@@ -1,4 +1,4 @@
 Someone has created an account with this email address.  If you did not create
 this account, please ignore this message.  If you created this account, please go to
-<%= @email_link %>
+<%= @rodauth.verify_account_email_link %>
 to verify the account.

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_login_change.text.erb

@@ -6,5 +6,5 @@ New email: <%= @new_email %>
 
 If you did not request this login change, please ignore this message.  If you
 requested this login change, please go to
-<%= @email_link %>
+<%= @rodauth.verify_login_change_email_link %>
 to verify the login change.

data/lib/rodauth/rails/feature/base.rb

@@ -13,7 +13,7 @@ module Rodauth
         end
 
         def rails_account
-          return unless logged_in?
+          return unless account || logged_in?
 
           account_from_session unless account
 

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.6.3"
+    VERSION = "1.6.4"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.6.3
+  version: 1.6.4
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-11-15 00:00:00.000000000 Z
+date: 2022-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -265,6 +265,7 @@ files:
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/email_auth.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/password_changed.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/reset_password.text.erb
+- lib/generators/rodauth/templates/app/views/rodauth_mailer/reset_password_notify.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/unlock_account.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_account.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_login_change.text.erb