rodauth-rails 1.7.0 → 1.8.0

data/lib/generators/rodauth/migration/sequel/remember.erb

@@ -1,6 +1,6 @@
 # Used by the remember me feature
-create_table :account_remember_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_remember_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   DateTime :deadline, null: false
 end

data/lib/generators/rodauth/migration/sequel/reset_password.erb

@@ -1,6 +1,6 @@
 # Used by the password reset feature
-create_table :account_password_reset_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_password_reset_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   DateTime :deadline, null: false
   DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP

data/lib/generators/rodauth/migration/sequel/single_session.erb

@@ -1,5 +1,5 @@
 # Used by the single session feature
-create_table :account_session_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_session_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
 end

data/lib/generators/rodauth/migration/sequel/sms_codes.erb

@@ -1,6 +1,6 @@
 # Used by the sms codes feature
-create_table :account_sms_codes do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_sms_codes do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :phone_number, null: false
   Integer :num_failures
   String :code

data/lib/generators/rodauth/migration/sequel/verify_account.erb

@@ -1,6 +1,6 @@
 # Used by the account verification feature
-create_table :account_verification_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_verification_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   DateTime :requested_at, null: false, default: Sequel::CURRENT_TIMESTAMP
   DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP

data/lib/generators/rodauth/migration/sequel/verify_login_change.erb

@@ -1,6 +1,6 @@
 # Used by the verify login change feature
-create_table :account_login_change_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_login_change_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   String :login, null: false
   DateTime :deadline, null: false

data/lib/generators/rodauth/migration/sequel/webauthn.erb

@@ -1,13 +1,13 @@
 # Used by the webauthn feature
-create_table :account_webauthn_user_ids do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_webauthn_user_ids do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :webauthn_id, null: false
 end
-create_table :account_webauthn_keys do
-  foreign_key :account_id, :accounts, type: :Bignum
+create_table :<%= table_prefix %>_webauthn_keys do
+  foreign_key :<%= table_prefix %>_id, :<%= table_prefix.pluralize %>, type: :Bignum
   String :webauthn_id
   String :public_key, null: false
   Integer :sign_count, null: false
   Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
-  primary_key [:account_id, :webauthn_id]
+  primary_key [:<%= table_prefix %>_id, :webauthn_id]
 end

data/lib/generators/rodauth/migration_generator.rb

@@ -13,6 +13,9 @@ module Rodauth
           desc: "Rodauth features to create tables for (otp, sms_codes, single_session, account_expiration etc.)",
           default: %w[]
 
+        class_option :prefix, optional: true, type: :string,
+          desc: "Change prefix for generated tables (default: account)"
+
         class_option :name, optional: true, type: :string,
           desc: "Name of the generated migration file"
 
@@ -22,10 +25,24 @@ module Rodauth
           migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "#{migration_name}.rb")
         end
 
+        def show_instructions
+          # skip if called from install generator, it already adds configuration
+          return if current_command_chain.include?(:generate_rodauth_migration)
+          return unless options[:prefix] && behavior == :invoke
+
+          configuration = CONFIGURATION.values_at(*features.map(&:to_sym))
+            .flat_map(&:to_a)
+            .map { |config, format| "#{config} :#{format % { plural: table_prefix.pluralize, singular: table_prefix }}" }
+            .join("\n")
+            .indent(2)
+
+          say "\nAdd the following to your Rodauth configuration:\n\n#{configuration}"
+        end
+
         private
 
         def migration_name
-          options[:name] || "create_rodauth_#{features.join("_")}"
+          options[:name] || ["create_rodauth", *options[:prefix], *features].join("_")
         end
 
         def migration_content
@@ -64,6 +81,31 @@ module Rodauth
           Dir["#{MIGRATION_DIR}/*.erb"].map { |filename| File.basename(filename, ".erb") }
         end
 
+        def table_prefix
+          options[:prefix]&.singularize || "account"
+        end
+
+        CONFIGURATION = {
+          base: { accounts_table: "%{plural}" },
+          remember: { remember_table: "%{singular}_remember_keys" },
+          verify_account: { verify_account_table: "%{singular}_verification_keys" },
+          verify_login_change: { verify_login_change_table: "%{singular}_login_change_keys" },
+          reset_password: { reset_password_table: "%{singular}_password_reset_keys" },
+          email_auth: { email_auth_table: "%{singular}_email_auth_keys" },
+          otp: { otp_keys_table: "%{singular}_otp_keys" },
+          sms_codes: { sms_codes_table: "%{singular}_sms_codes" },
+          recovery_codes: { recovery_codes_table: "%{singular}_recovery_codes" },
+          webauthn: { webauthn_keys_table: "%{singular}_webauthn_keys", webauthn_user_ids_table: "%{singular}_webauthn_user_ids", webauthn_keys_account_id_column: "%{singular}_id" },
+          lockout: { account_login_failures_table: "%{singular}_login_failures", account_lockouts_table: "%{singular}_lockouts" },
+          active_sessions: { active_sessions_table: "%{singular}_active_session_keys", active_sessions_account_id_column: "%{singular}_id" },
+          account_expiration: { account_activity_table: "%{singular}_activity_times" },
+          password_expiration: { password_expiration_table: "%{singular}_password_change_times" },
+          single_session: { single_session_table: "%{singular}_session_keys" },
+          audit_logging: { audit_logging_table: "%{singular}_authentication_audit_logs", audit_logging_account_id_column: "%{singular}_id" },
+          disallow_password_reuse: { previous_password_hash_table: "%{singular}_previous_password_hashes", previous_password_account_id_column: "%{singular}_id" },
+          jwt_refresh: { jwt_refresh_token_table: "%{singular}_jwt_refresh_keys", jwt_refresh_token_account_id_column: "%{singular}_id" },
+        }
+
         if defined?(::ActiveRecord::Railtie) # Active Record
           include ::ActiveRecord::Generators::Migration
 

data/lib/generators/rodauth/templates/app/mailers/{rodauth_mailer.rb → rodauth_mailer.rb.tt}

@@ -1,16 +1,18 @@
 class RodauthMailer < ApplicationMailer
+  default to: -> { @rodauth.email_to }, from: -> { @rodauth.email_from }
+
   def verify_account(name, account_id, key)
     @rodauth = rodauth(name, account_id) { @verify_account_key_value = key }
     @account = @rodauth.rails_account
 
-    mail to: @account.email, subject: @rodauth.verify_account_email_subject
+    mail subject: @rodauth.verify_account_email_subject
   end
 
   def reset_password(name, account_id, key)
     @rodauth = rodauth(name, account_id) { @reset_password_key_value = key }
     @account = @rodauth.rails_account
 
-    mail to: @account.email, subject: @rodauth.reset_password_email_subject
+    mail subject: @rodauth.reset_password_email_subject
   end
 
   def verify_login_change(name, account_id, key)
@@ -25,28 +27,28 @@ class RodauthMailer < ApplicationMailer
     @rodauth = rodauth(name, account_id)
     @account = @rodauth.rails_account
 
-    mail to: @account.email, subject: @rodauth.password_changed_email_subject
+    mail subject: @rodauth.password_changed_email_subject
   end
 
   # def reset_password_notify(name, account_id)
   #   @rodauth = rodauth(name, account_id)
   #   @account = @rodauth.rails_account
 
-  #   mail to: @account.email, subject: @rodauth.reset_password_notify_email_subject
+  #   mail subject: @rodauth.reset_password_notify_email_subject
   # end
 
   # def email_auth(name, account_id, key)
   #   @rodauth = rodauth(name, account_id) { @email_auth_key_value = key }
   #   @account = @rodauth.rails_account
 
-  #   mail to: @account.email, subject: @rodauth.email_auth_email_subject
+  #   mail subject: @rodauth.email_auth_email_subject
   # end
 
   # def unlock_account(name, account_id, key)
   #   @rodauth = rodauth(name, account_id) { @unlock_account_key_value = key }
   #   @account = @rodauth.rails_account
 
-  #   mail to: @account.email, subject: @rodauth.unlock_account_email_subject
+  #   mail subject: @rodauth.unlock_account_email_subject
   # end
 
   private

data/lib/generators/rodauth/templates/app/misc/{rodauth_main.rb → rodauth_main.rb.tt}

@@ -1,18 +1,56 @@
+require "sequel/core"
+
 class RodauthMain < Rodauth::Rails::Auth
   configure do
     # List of authentication features that are loaded.
     enable :create_account, :verify_account, :verify_account_grace_period,
       :login, :logout<%= ", :remember" unless jwt? %><%= ", :json" if json? %><%= ", :jwt" if jwt? %>,
       :reset_password, :change_password, :change_password_notify,
-      :change_login, :verify_login_change, :close_account
+      :change_login, :verify_login_change, :close_account<%= ", :argon2" if argon2? %>
 
     # See the Rodauth documentation for the list of available config options:
     # http://rodauth.jeremyevans.net/documentation.html
 
     # ==> General
+<% if sequel_activerecord_integration? -%>
+    # Initialize Sequel and have it reuse Active Record's database connection.
+<% if RUBY_ENGINE == "jruby" -%>
+    db Sequel.connect("jdbc:<%= sequel_adapter %>://", extensions: :activerecord_connection, keep_reference: false)
+<% else -%>
+    db Sequel.<%= sequel_adapter %>(extensions: :activerecord_connection, keep_reference: false)
+<% end -%>
+
+<% end -%>
+    # Change prefix of table and foreign key column names from default "account"
+<% if table -%>
+    accounts_table :<%= table_prefix.pluralize %>
+    verify_account_table :<%= table_prefix %>_verification_keys
+    verify_login_change_table :<%= table_prefix %>_login_change_keys
+    reset_password_table :<%= table_prefix %>_password_reset_keys
+<% unless jwt? -%>
+    remember_table :<%= table_prefix %>_remember_keys
+<% end -%>
+<% else -%>
+    # accounts_table :users
+    # verify_account_table :user_verification_keys
+    # verify_login_change_table :user_login_change_keys
+    # reset_password_table :user_password_reset_keys
+<% unless jwt? -%>
+    # remember_table :user_remember_keys
+<% end -%>
+<% end -%>
+
     # The secret key used for hashing public-facing tokens for various features.
     # Defaults to Rails `secret_key_base`, but you can use your own secret key.
     # hmac_secret "<%= SecureRandom.hex(64) %>"
+<% if argon2? -%>
+
+    # Use a rotatable password pepper when hashing passwords with Argon2.
+    # argon2_secret "<SECRET_KEY>"
+
+    # Since we're using argon2, prevent loading the bcrypt gem to save memory.
+    require_bcrypt? false
+<% end -%>
 <% if jwt? -%>
 
     # Set JWT secret, which is used to cryptographically protect the token.
@@ -28,10 +66,13 @@ class RodauthMain < Rodauth::Rails::Auth
     # require_login_confirmation? false
 <% end -%>
 
-    # Specify the controller used for view rendering and CSRF verification.
+    # Use path prefix for all routes.
+    # prefix "/auth"
+
+    # Specify the controller used for view rendering, CSRF, and callbacks.
     rails_controller { RodauthController }
 
-    # Set on Rodauth controller with the title of the current page.
+    # Set in Rodauth controller instance with the title of the current page.
     title_instance_variable :@page_title
 
     # Store account status in an integer column without foreign key constraint.
@@ -40,14 +81,13 @@ class RodauthMain < Rodauth::Rails::Auth
     # Store password hash in a column instead of a separate table.
     account_password_hash_column :password_hash
 
-    # Passwords shorter than 8 characters are considered weak according to OWASP.
-    password_minimum_length 8
-    # bcrypt has a maximum input length of 72 bytes, truncating any extra bytes.
-    password_maximum_bytes 72
-
     # Set password when creating account instead of when verifying.
     verify_account_set_password? false
 
+    # Change some default param keys.
+    # login_param "email"
+    # password_confirm_param "confirm_password"
+
     # Redirect back to originally requested location after authentication.
     # login_return_to_requested_location? true
     # two_factor_auth_return_to_requested_location? true # if using MFA
@@ -110,8 +150,27 @@ class RodauthMain < Rodauth::Rails::Auth
     # password_too_short_message { "needs to have at least #{password_minimum_length} characters" }
     # login_does_not_meet_requirements_message { "invalid email#{", #{login_requirement_message}" if login_requirement_message}" }
 
-    # Change minimum number of password characters required when creating an account.
-    # password_minimum_length 8
+    # Passwords shorter than 8 characters are considered weak according to OWASP.
+    password_minimum_length 8
+<% if argon2? -%>
+    # Having a maximum password length set prevents long password DoS attacks.
+    password_maximum_length 64
+<% else -%>
+    # bcrypt has a maximum input length of 72 bytes, truncating any extra bytes.
+    password_maximum_bytes 72
+<% end -%>
+
+    # Custom password complexity requirements (alternative to password_complexity feature).
+    # password_meets_requirements? do |password|
+    #   super(password) && password_complex_enough?(password)
+    # end
+    # auth_class_eval do
+    #   def password_complex_enough?(password)
+    #     return true if password.match?(/\d/) && password.match?(/[^a-zA-Z\d]/)
+    #     set_password_requirement_error_message(:password_simple, "requires one number and one special character")
+    #     false
+    #   end
+    # end
 <% unless jwt? -%>
 
     # ==> Remember Feature

data/lib/generators/rodauth/templates/app/models/{account.rb → account.rb.tt}

@@ -1,5 +1,5 @@
 <% if defined?(ActiveRecord::Railtie) -%>
-class Account < ApplicationRecord
+class <%= table_prefix.camelize %> < ApplicationRecord
   include Rodauth::Rails.model
 <% if ActiveRecord.version >= Gem::Version.new("7.0") -%>
   enum :status, unverified: 1, verified: 2, closed: 3
@@ -8,7 +8,7 @@ class Account < ApplicationRecord
 <% end -%>
 end
 <% else -%>
-class Account < Sequel::Model
+class <%= table_prefix.camelize %> < Sequel::Model
   include Rodauth::Rails.model
   plugin :enum
   enum :status, unverified: 1, verified: 2, closed: 3

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/webauthn_auth.html.erb

@@ -0,0 +1,13 @@
+<% cred = rodauth.webauthn_credential_options_for_get %>
+
+<%= form_with url: rodauth.webauthn_auth_form_path, method: :post, id: "webauthn-auth-form", data: { credential_options: cred.as_json.to_json, turbo: false }, class: "w-full max-w-sm" do |form| %>
+  <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>
+  <%= form.hidden_field rodauth.webauthn_auth_challenge_param, value: cred.challenge %>
+  <%= form.hidden_field rodauth.webauthn_auth_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>
+  <%= form.text_field rodauth.webauthn_auth_param, value: "", id: "webauthn-auth", class: "hidden", aria: { hidden: "true" } %>
+  <div id="webauthn-auth-button">
+    <%= form.submit rodauth.webauthn_auth_button, class: "w-full px-8 py-3 cursor-pointer font-semibold text-sm rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-600 dark:bg-emerald-400 dark:hover:bg-emerald-500 dark:text-gray-900 dark:focus:ring-emerald-400 dark:focus:ring-offset-current" %>
+  </div>
+<% end %>
+
+<%= javascript_include_tag rodauth.webauthn_auth_js_path, extname: false %>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/webauthn_remove.html.erb

@@ -0,0 +1,21 @@
+<%= form_with url: rodauth.webauthn_remove_path, method: :post, id: "webauthn-remove-form", data: { turbo: false }, class: "w-full max-w-sm" do |form| %>
+  <% if rodauth.two_factor_modifications_require_password? %>
+    <div class="mb-6">
+      <%= form.label "password", rodauth.password_label, class: "block text-sm font-semibold" %>
+      <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "mt-2 text-sm w-full px-3 py-2 border rounded-md dark:bg-gray-900 dark:text-gray-100 dark:focus:bg-gray-800 #{rodauth.field_error(rodauth.password_param) ? "border-red-600 focus:ring-red-600 focus:border-red-600 dark:border-red-400 dark:focus:ring-red-400" : "border-gray-300 dark:border-gray-700 dark:focus:border-emerald-400 dark:focus:ring-emerald-400" }", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "block mt-1 text-red-600 text-xs dark:text-red-400", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+    </div>
+  <% end %>
+
+  <fieldset class="mb-6">
+    <% rodauth.account_webauthn_usage.each do |id, last_use| %>
+      <div class="flex items-center space-x-2">
+        <%= form.radio_button rodauth.webauthn_remove_param, id, id: "webauthn-remove-#{id}", class: "dark:bg-gray-900 dark:border-gray-600 dark:checked:bg-current dark:checked:border-current dark:checked:text-emerald-400 dark:focus:ring-emerald-400 dark:focus:ring-offset-gray-900" %>
+        <%= form.label "webauthn-remove-#{id}", "Last use: #{last_use}", class: "text-sm" %>
+      </div>
+    <% end %>
+    <%= content_tag(:span, rodauth.field_error(rodauth.webauthn_remove_param), class: "block mt-1 text-red-600 text-xs dark:text-red-400", id: "webauthn_remove_error_message") if rodauth.field_error(rodauth.webauthn_remove_param) %>
+  </fieldset>
+
+  <%= form.submit rodauth.webauthn_remove_button, class: "w-full px-8 py-3 cursor-pointer font-semibold text-sm rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-600 dark:bg-emerald-400 dark:hover:bg-emerald-500 dark:text-gray-900 dark:focus:ring-emerald-400 dark:focus:ring-offset-current" %>
+<% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/webauthn_setup.html.erb

@@ -0,0 +1,21 @@
+<% cred = rodauth.new_webauthn_credential %>
+
+<%= form_with url: request.path, method: :post, id: "webauthn-setup-form", data: { credential_options: cred.as_json.to_json, turbo: false }, class: "w-full max-w-sm" do |form| %>
+  <%= form.hidden_field rodauth.webauthn_setup_challenge_param, value: cred.challenge %>
+  <%= form.hidden_field rodauth.webauthn_setup_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>
+  <%= form.text_field rodauth.webauthn_setup_param, value: "", id: "webauthn-setup", class: "hidden", aria: { hidden: "true" } %>
+
+  <% if rodauth.two_factor_modifications_require_password? %>
+    <div class="mb-6">
+      <%= form.label "password", rodauth.password_label, class: "block text-sm font-semibold" %>
+      <%= form.password_field rodauth.password_param, value: "", id: "password", autocomplete: rodauth.password_field_autocomplete_value, required: true, class: "mt-2 text-sm w-full px-3 py-2 border rounded-md dark:bg-gray-900 dark:text-gray-100 dark:focus:bg-gray-800 #{rodauth.field_error(rodauth.password_param) ? "border-red-600 focus:ring-red-600 focus:border-red-600 dark:border-red-400 dark:focus:ring-red-400" : "border-gray-300 dark:border-gray-700 dark:focus:border-emerald-400 dark:focus:ring-emerald-400" }", aria: ({ invalid: true, describedby: "password_error_message" } if rodauth.field_error(rodauth.password_param)) %>
+      <%= content_tag(:span, rodauth.field_error(rodauth.password_param), class: "block mt-1 text-red-600 text-xs dark:text-red-400", id: "password_error_message") if rodauth.field_error(rodauth.password_param) %>
+    </div>
+  <% end %>
+
+  <div id="webauthn-setup-button">
+    <%= form.submit rodauth.webauthn_setup_button, class: "w-full px-8 py-3 cursor-pointer font-semibold text-sm rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-600 dark:bg-emerald-400 dark:hover:bg-emerald-500 dark:text-gray-900 dark:focus:ring-emerald-400 dark:focus:ring-offset-current" %>
+  </div>
+<% end %>
+
+<%= javascript_include_tag rodauth.webauthn_setup_js_path, extname: false %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_auth.html.erb

@@ -1,10 +1,10 @@
-<% cred = rodauth.webauth_credential_options_for_get %>
+<% cred = rodauth.webauthn_credential_options_for_get %>
 
 <%= form_with url: rodauth.webauthn_auth_form_path, method: :post, id: "webauthn-auth-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>
   <%= form.hidden_field rodauth.login_param, value: params[rodauth.login_param] %>
   <%= form.hidden_field rodauth.webauthn_auth_challenge_param, value: cred.challenge %>
   <%= form.hidden_field rodauth.webauthn_auth_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>
-  <%= form.text_field rodauth.webauthn_auth_param, value: "", id: "webauthn-auth", aria: { hidden: "true" } %>
+  <%= form.text_field rodauth.webauthn_auth_param, value: "", id: "webauthn-auth", class: "d-none", aria: { hidden: "true" } %>
   <div id="webauthn-auth-button">
     <div class="form-group mb-3">
       <%= form.submit rodauth.webauthn_auth_button, class: "btn btn-primary" %>
@@ -12,4 +12,4 @@
   </div>
 <% end %>
 
-<%= javascript_include_tag rodauth.webauthn_auth_js_path %>
+<%= javascript_include_tag rodauth.webauthn_auth_js_path, extname: false %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_setup.html.erb

@@ -1,9 +1,9 @@
 <% cred = rodauth.new_webauthn_credential %>
 
-<%= form_with url: rodauth.webauthn_setup_path, method: :post, id: "webauthn-setup-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>
+<%= form_with url: request.path, method: :post, id: "webauthn-setup-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>
   <%= form.hidden_field rodauth.webauthn_setup_challenge_param, value: cred.challenge %>
   <%= form.hidden_field rodauth.webauthn_setup_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>
-  <%= form.text_field rodauth.webauthn_setup_param, value: "", id: "webauthn-setup", aria: { hidden: "true" } %>
+  <%= form.text_field rodauth.webauthn_setup_param, value: "", id: "webauthn-setup", class: "d-none", aria: { hidden: "true" } %>
 
   <% if rodauth.two_factor_modifications_require_password? %>
     <div class="form-group mb-3">
@@ -13,11 +13,11 @@
     </div>
   <% end %>
 
-  <div id="webauthn-setup-button"> 
+  <div id="webauthn-setup-button">
     <div class="form-group mb-3">
       <%= form.submit rodauth.webauthn_setup_button, class: "btn btn-primary" %>
     </div>
   </div>
 <% end %>
 
-<%= javascript_include_tag rodauth.webauthn_setup_js_path %>
+<%= javascript_include_tag rodauth.webauthn_setup_js_path, extname: false %>

data/lib/generators/rodauth/templates/test/fixtures/{accounts.yml → accounts.yml.tt}

@@ -1,10 +1,10 @@
 # Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
 one:
   email: freddie@queen.com
-  password_hash: <%%= BCrypt::Password.create("password", cost: BCrypt::Engine::MIN_COST) %>
+  password_hash: <%%= RodauthMain.allocate.password_hash("password") %>
   status: verified
 
 two:
   email: brian@queen.com
-  password_hash: <%%= BCrypt::Password.create("password", cost: BCrypt::Engine::MIN_COST) %>
+  password_hash: <%%= RodauthMain.allocate.password_hash("password") %>
   status: verified

data/lib/rodauth/rails/app.rb

@@ -82,6 +82,25 @@ module Rodauth
             super
           end
         end
+
+        # The Rack input might not be rewindable, so ensure we parse the JSON
+        # request body in Rails, and avoid parsing it again in Roda.
+        def POST
+          if content_type =~ /json/
+            env["roda.json_params"] = scope.rails_request.POST.to_hash
+          end
+          super
+        end
+
+        unless ActionPack.version < Gem::Version.new("5.0")
+          # When calling a Rodauth method that redirects inside the Rails
+          # router, Roda's after hook that commits the flash would never get
+          # called, so we make sure to commit the flash beforehand.
+          def redirect(*)
+            scope.rails_request.commit_flash
+            super
+          end
+        end
       end
     end
   end

data/lib/rodauth/rails/feature/base.rb

@@ -60,16 +60,6 @@ module Rodauth
 
         private
 
-        unless ActionPack.version < Gem::Version.new("5.0")
-          # When calling a Rodauth method that redirects inside the Rails
-          # router, Roda's after hook that commits the flash would never get
-          # called, so we make sure to commit the flash beforehand.
-          def redirect(*)
-            rails_request.commit_flash
-            super
-          end
-        end
-
         def instantiate_rails_account
           if defined?(ActiveRecord::Base) && rails_account_model < ActiveRecord::Base
             rails_account_model.instantiate(account.stringify_keys)

data/lib/rodauth/rails/feature/email.rb

@@ -22,8 +22,8 @@ module Rodauth
 
         # ActionMailer subclass for correct email delivering.
         class Mailer < ActionMailer::Base
-          def create_email(**options)
-            mail(**options)
+          def create_email(options)
+            mail(options)
           end
         end
       end

data/lib/rodauth/rails/feature/internal_request.rb

@@ -41,7 +41,7 @@ module Rodauth
         # Checks whether we're in an internal request and host was not set,
         # or the request doesn't exist such as with path_class_methods feature.
         def missing_host?
-          internal_request? && request.host == INVALID_DOMAIN || scope.nil?
+          internal_request? && (request.host.nil? || request.host == INVALID_DOMAIN) || scope.nil?
         end
 
         def rails_url_options

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.7.0"
+    VERSION = "1.8.0"
   end
 end

data/rodauth-rails.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "railties", ">= 4.2", "< 8"
-  spec.add_dependency "rodauth", "~> 2.25"
+  spec.add_dependency "rodauth", "~> 2.28"
   spec.add_dependency "roda", "~> 3.55"
   spec.add_dependency "sequel-activerecord_connection", "~> 1.1"
   spec.add_dependency "rodauth-model", "~> 0.2"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.8.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-21 00:00:00.000000000 Z
+date: 2023-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -36,14 +36,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.25'
+        version: '2.28'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.25'
+        version: '2.28'
 - !ruby/object:Gem::Dependency
   name: roda
   requirement: !ruby/object:Gem::Requirement
@@ -219,11 +219,11 @@ files:
 - lib/generators/rodauth/migration/sequel/webauthn.erb
 - lib/generators/rodauth/migration_generator.rb
 - lib/generators/rodauth/templates/INSTRUCTIONS
-- lib/generators/rodauth/templates/app/controllers/rodauth_controller.rb
-- lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb
-- lib/generators/rodauth/templates/app/misc/rodauth_app.rb
-- lib/generators/rodauth/templates/app/misc/rodauth_main.rb
-- lib/generators/rodauth/templates/app/models/account.rb
+- lib/generators/rodauth/templates/app/controllers/rodauth_controller.rb.tt
+- lib/generators/rodauth/templates/app/mailers/rodauth_mailer.rb.tt
+- lib/generators/rodauth/templates/app/misc/rodauth_app.rb.tt
+- lib/generators/rodauth/templates/app/misc/rodauth_main.rb.tt
+- lib/generators/rodauth/templates/app/models/account.rb.tt
 - lib/generators/rodauth/templates/app/views/rodauth/_email_auth_request_form.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/_login_form.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/_login_form_footer.html.erb
@@ -286,6 +286,9 @@ files:
 - lib/generators/rodauth/templates/app/views/rodauth/tailwind/verify_account.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/tailwind/verify_account_resend.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/tailwind/verify_login_change.html.erb
+- lib/generators/rodauth/templates/app/views/rodauth/tailwind/webauthn_auth.html.erb
+- lib/generators/rodauth/templates/app/views/rodauth/tailwind/webauthn_remove.html.erb
+- lib/generators/rodauth/templates/app/views/rodauth/tailwind/webauthn_setup.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/two_factor_auth.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/two_factor_disable.html.erb
 - lib/generators/rodauth/templates/app/views/rodauth/two_factor_manage.html.erb
@@ -304,10 +307,9 @@ files:
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/unlock_account.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_account.text.erb
 - lib/generators/rodauth/templates/app/views/rodauth_mailer/verify_login_change.text.erb
-- lib/generators/rodauth/templates/config/initializers/rodauth.rb
-- lib/generators/rodauth/templates/config/initializers/sequel.rb
-- lib/generators/rodauth/templates/db/migrate/create_rodauth.rb
-- lib/generators/rodauth/templates/test/fixtures/accounts.yml
+- lib/generators/rodauth/templates/config/initializers/rodauth.rb.tt
+- lib/generators/rodauth/templates/db/migrate/create_rodauth.rb.tt
+- lib/generators/rodauth/templates/test/fixtures/accounts.yml.tt
 - lib/generators/rodauth/views_generator.rb
 - lib/rodauth-rails.rb
 - lib/rodauth/rails.rb
@@ -349,7 +351,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
+rubygems_version: 3.4.6
 signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.

data/lib/generators/rodauth/templates/config/initializers/sequel.rb

@@ -1,4 +0,0 @@
-require "sequel/core"
-
-# initialize Sequel and have it reuse Active Record's database connection
-DB = Sequel.connect("<%= sequel_uri_scheme %>://", extensions: :activerecord_connection)