rodauth-rails 1.7.1 → 1.9.0

data/lib/generators/rodauth/migration/sequel/base.erb

@@ -5,7 +5,7 @@ rescue NoMethodError # migration is being reverted
 end
 
 <% end -%>
-create_table :accounts do
+create_table :<%= table_prefix.pluralize %> do
   primary_key :id, type: :Bignum
 <% if db.database_type == :postgres -%>
   citext :email, null: false

data/lib/generators/rodauth/migration/sequel/disallow_password_reuse.erb

@@ -1,6 +1,6 @@
 # Used by the disallow password reuse feature
-create_table :account_previous_password_hashes do
+create_table :<%= table_prefix %>_previous_password_hashes do
   primary_key :id, type: :Bignum
-  foreign_key :account_id, :accounts, type: :Bignum
+  foreign_key :<%= table_prefix %>_id, :<%= table_prefix.pluralize %>, type: :Bignum
   String :password_hash, null: false
 end

data/lib/generators/rodauth/migration/sequel/email_auth.erb

@@ -1,6 +1,6 @@
 # Used by the email auth feature
-create_table :account_email_auth_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_email_auth_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   DateTime :deadline, null: false
   DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP

data/lib/generators/rodauth/migration/sequel/jwt_refresh.erb

@@ -1,8 +1,8 @@
 # Used by the jwt refresh feature
-create_table :account_jwt_refresh_keys do
+create_table :<%= table_prefix %>_jwt_refresh_keys do
   primary_key :id, type: :Bignum
-  foreign_key :account_id, :accounts, null: false, type: :Bignum
+  foreign_key :<%= table_prefix %>_id, :<%= table_prefix.pluralize %>, null: false, type: :Bignum
   String :key, null: false
   DateTime :deadline, null: false
-  index :account_id, name: :account_jwt_rk_account_id_idx
+  index :<%= table_prefix %>_id, name: :<%= table_prefix %>_jwt_rk_<%= table_prefix %>_id_idx
 end

data/lib/generators/rodauth/migration/sequel/lockout.erb

@@ -1,10 +1,10 @@
 # Used by the lockout feature
-create_table :account_login_failures do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_login_failures do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   Integer :number, null: false, default: 1
 end
-create_table :account_lockouts do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_lockouts do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   DateTime :deadline, null: false
   DateTime :email_last_sent

data/lib/generators/rodauth/migration/sequel/otp.erb

@@ -1,6 +1,6 @@
 # Used by the otp feature
-create_table :account_otp_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_otp_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   Integer :num_failures, null: false, default: 0
   Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP

data/lib/generators/rodauth/migration/sequel/password_expiration.erb

@@ -1,5 +1,5 @@
 # Used by the password expiration feature
-create_table :account_password_change_times do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_password_change_times do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   DateTime :changed_at, null: false, default: Sequel::CURRENT_TIMESTAMP
 end

data/lib/generators/rodauth/migration/sequel/recovery_codes.erb

@@ -1,6 +1,6 @@
 # Used by the recovery codes feature
-create_table :account_recovery_codes do
-  foreign_key :id, :accounts, type: :Bignum
+create_table :<%= table_prefix %>_recovery_codes do
+  foreign_key :id, :<%= table_prefix.pluralize %>, type: :Bignum
   String :code
   primary_key [:id, :code]
 end

data/lib/generators/rodauth/migration/sequel/remember.erb

@@ -1,6 +1,6 @@
 # Used by the remember me feature
-create_table :account_remember_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_remember_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   DateTime :deadline, null: false
 end

data/lib/generators/rodauth/migration/sequel/reset_password.erb

@@ -1,6 +1,6 @@
 # Used by the password reset feature
-create_table :account_password_reset_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_password_reset_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   DateTime :deadline, null: false
   DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP

data/lib/generators/rodauth/migration/sequel/single_session.erb

@@ -1,5 +1,5 @@
 # Used by the single session feature
-create_table :account_session_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_session_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
 end

data/lib/generators/rodauth/migration/sequel/sms_codes.erb

@@ -1,6 +1,6 @@
 # Used by the sms codes feature
-create_table :account_sms_codes do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_sms_codes do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :phone_number, null: false
   Integer :num_failures
   String :code

data/lib/generators/rodauth/migration/sequel/verify_account.erb

@@ -1,6 +1,6 @@
 # Used by the account verification feature
-create_table :account_verification_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_verification_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   DateTime :requested_at, null: false, default: Sequel::CURRENT_TIMESTAMP
   DateTime :email_last_sent, null: false, default: Sequel::CURRENT_TIMESTAMP

data/lib/generators/rodauth/migration/sequel/verify_login_change.erb

@@ -1,6 +1,6 @@
 # Used by the verify login change feature
-create_table :account_login_change_keys do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_login_change_keys do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :key, null: false
   String :login, null: false
   DateTime :deadline, null: false

data/lib/generators/rodauth/migration/sequel/webauthn.erb

@@ -1,13 +1,13 @@
 # Used by the webauthn feature
-create_table :account_webauthn_user_ids do
-  foreign_key :id, :accounts, primary_key: true, type: :Bignum
+create_table :<%= table_prefix %>_webauthn_user_ids do
+  foreign_key :id, :<%= table_prefix.pluralize %>, primary_key: true, type: :Bignum
   String :webauthn_id, null: false
 end
-create_table :account_webauthn_keys do
-  foreign_key :account_id, :accounts, type: :Bignum
+create_table :<%= table_prefix %>_webauthn_keys do
+  foreign_key :<%= table_prefix %>_id, :<%= table_prefix.pluralize %>, type: :Bignum
   String :webauthn_id
   String :public_key, null: false
   Integer :sign_count, null: false
   Time :last_use, null: false, default: Sequel::CURRENT_TIMESTAMP
-  primary_key [:account_id, :webauthn_id]
+  primary_key [:<%= table_prefix %>_id, :webauthn_id]
 end

data/lib/generators/rodauth/migration_generator.rb

@@ -13,6 +13,9 @@ module Rodauth
           desc: "Rodauth features to create tables for (otp, sms_codes, single_session, account_expiration etc.)",
           default: %w[]
 
+        class_option :prefix, optional: true, type: :string,
+          desc: "Change prefix for generated tables (default: account)"
+
         class_option :name, optional: true, type: :string,
           desc: "Name of the generated migration file"
 
@@ -22,10 +25,24 @@ module Rodauth
           migration_template "db/migrate/create_rodauth.rb", File.join(db_migrate_path, "#{migration_name}.rb")
         end
 
+        def show_instructions
+          # skip if called from install generator, it already adds configuration
+          return if current_command_chain.include?(:generate_rodauth_migration)
+          return unless options[:prefix] && behavior == :invoke
+
+          configuration = CONFIGURATION.values_at(*features.map(&:to_sym))
+            .flat_map(&:to_a)
+            .map { |config, format| "#{config} :#{format % { plural: table_prefix.pluralize, singular: table_prefix }}" }
+            .join("\n")
+            .indent(2)
+
+          say "\nAdd the following to your Rodauth configuration:\n\n#{configuration}"
+        end
+
         private
 
         def migration_name
-          options[:name] || "create_rodauth_#{features.join("_")}"
+          options[:name] || ["create_rodauth", *options[:prefix], *features].join("_")
         end
 
         def migration_content
@@ -64,23 +81,36 @@ module Rodauth
           Dir["#{MIGRATION_DIR}/*.erb"].map { |filename| File.basename(filename, ".erb") }
         end
 
+        def table_prefix
+          options[:prefix]&.singularize || "account"
+        end
+
+        CONFIGURATION = {
+          base: { accounts_table: "%{plural}" },
+          remember: { remember_table: "%{singular}_remember_keys" },
+          verify_account: { verify_account_table: "%{singular}_verification_keys" },
+          verify_login_change: { verify_login_change_table: "%{singular}_login_change_keys" },
+          reset_password: { reset_password_table: "%{singular}_password_reset_keys" },
+          email_auth: { email_auth_table: "%{singular}_email_auth_keys" },
+          otp: { otp_keys_table: "%{singular}_otp_keys" },
+          sms_codes: { sms_codes_table: "%{singular}_sms_codes" },
+          recovery_codes: { recovery_codes_table: "%{singular}_recovery_codes" },
+          webauthn: { webauthn_keys_table: "%{singular}_webauthn_keys", webauthn_user_ids_table: "%{singular}_webauthn_user_ids", webauthn_keys_account_id_column: "%{singular}_id" },
+          lockout: { account_login_failures_table: "%{singular}_login_failures", account_lockouts_table: "%{singular}_lockouts" },
+          active_sessions: { active_sessions_table: "%{singular}_active_session_keys", active_sessions_account_id_column: "%{singular}_id" },
+          account_expiration: { account_activity_table: "%{singular}_activity_times" },
+          password_expiration: { password_expiration_table: "%{singular}_password_change_times" },
+          single_session: { single_session_table: "%{singular}_session_keys" },
+          audit_logging: { audit_logging_table: "%{singular}_authentication_audit_logs", audit_logging_account_id_column: "%{singular}_id" },
+          disallow_password_reuse: { previous_password_hash_table: "%{singular}_previous_password_hashes", previous_password_account_id_column: "%{singular}_id" },
+          jwt_refresh: { jwt_refresh_token_table: "%{singular}_jwt_refresh_keys", jwt_refresh_token_account_id_column: "%{singular}_id" },
+        }
+
         if defined?(::ActiveRecord::Railtie) # Active Record
           include ::ActiveRecord::Generators::Migration
 
           MIGRATION_DIR = "#{__dir__}/migration/active_record"
 
-          def db_migrate_path
-            return "db/migrate" unless ActiveRecord.version >= Gem::Version.new("5.0")
-
-            super
-          end
-
-          def migration_version
-            return unless ActiveRecord.version >= Gem::Version.new("5.0")
-
-            "[#{ActiveRecord::Migration.current_version}]"
-          end
-
           def activerecord_adapter
             if ActiveRecord::Base.respond_to?(:connection_db_config)
               ActiveRecord::Base.connection_db_config.adapter
@@ -108,18 +138,10 @@ module Rodauth
             end
           end
 
-          def current_timestamp
-            if ActiveRecord.version >= Gem::Version.new("5.0")
-              %(-> { "#{current_timestamp_literal}" })
-            else
-              %(OpenStruct.new(quoted_id: "#{current_timestamp_literal}"))
-            end
-          end
-
           # Active Record 7+ sets default precision to 6 for timestamp columns,
           # so we need to ensure we match this when setting the default value.
-          def current_timestamp_literal
-            if ActiveRecord.version >= Gem::Version.new("7.0") && activerecord_adapter == "mysql2" && ActiveRecord::Base.connection.supports_datetime_with_precision?
+          def current_timestamp
+            if ActiveRecord.version >= Gem::Version.new("7.0") && ["mysql2", "trilogy"].include?(activerecord_adapter) && ActiveRecord::Base.connection.supports_datetime_with_precision?
               "CURRENT_TIMESTAMP(6)"
             else
               "CURRENT_TIMESTAMP"

data/lib/generators/rodauth/templates/app/mailers/{rodauth_mailer.rb → rodauth_mailer.rb.tt}

@@ -1,16 +1,18 @@
 class RodauthMailer < ApplicationMailer
+  default to: -> { @rodauth.email_to }, from: -> { @rodauth.email_from }
+
   def verify_account(name, account_id, key)
     @rodauth = rodauth(name, account_id) { @verify_account_key_value = key }
     @account = @rodauth.rails_account
 
-    mail to: @account.email, subject: @rodauth.verify_account_email_subject
+    mail subject: @rodauth.email_subject_prefix + @rodauth.verify_account_email_subject
   end
 
   def reset_password(name, account_id, key)
     @rodauth = rodauth(name, account_id) { @reset_password_key_value = key }
     @account = @rodauth.rails_account
 
-    mail to: @account.email, subject: @rodauth.reset_password_email_subject
+    mail subject: @rodauth.email_subject_prefix + @rodauth.reset_password_email_subject
   end
 
   def verify_login_change(name, account_id, key)
@@ -18,35 +20,35 @@ class RodauthMailer < ApplicationMailer
     @account = @rodauth.rails_account
     @new_email = @account.login_change_key.login
 
-    mail to: @new_email, subject: @rodauth.verify_login_change_email_subject
+    mail to: @new_email, subject: @rodauth.email_subject_prefix + @rodauth.verify_login_change_email_subject
   end
 
   def password_changed(name, account_id)
     @rodauth = rodauth(name, account_id)
     @account = @rodauth.rails_account
 
-    mail to: @account.email, subject: @rodauth.password_changed_email_subject
+    mail subject: @rodauth.email_subject_prefix + @rodauth.password_changed_email_subject
   end
 
   # def reset_password_notify(name, account_id)
   #   @rodauth = rodauth(name, account_id)
   #   @account = @rodauth.rails_account
 
-  #   mail to: @account.email, subject: @rodauth.reset_password_notify_email_subject
+  #   mail subject: @rodauth.email_subject_prefix + @rodauth.reset_password_notify_email_subject
   # end
 
   # def email_auth(name, account_id, key)
   #   @rodauth = rodauth(name, account_id) { @email_auth_key_value = key }
   #   @account = @rodauth.rails_account
 
-  #   mail to: @account.email, subject: @rodauth.email_auth_email_subject
+  #   mail subject: @rodauth.email_subject_prefix + @rodauth.email_auth_email_subject
   # end
 
   # def unlock_account(name, account_id, key)
   #   @rodauth = rodauth(name, account_id) { @unlock_account_key_value = key }
   #   @account = @rodauth.rails_account
 
-  #   mail to: @account.email, subject: @rodauth.unlock_account_email_subject
+  #   mail subject: @rodauth.email_subject_prefix + @rodauth.unlock_account_email_subject
   # end
 
   private

data/lib/generators/rodauth/templates/app/misc/{rodauth_main.rb → rodauth_main.rb.tt}

@@ -1,18 +1,56 @@
+require "sequel/core"
+
 class RodauthMain < Rodauth::Rails::Auth
   configure do
     # List of authentication features that are loaded.
     enable :create_account, :verify_account, :verify_account_grace_period,
       :login, :logout<%= ", :remember" unless jwt? %><%= ", :json" if json? %><%= ", :jwt" if jwt? %>,
       :reset_password, :change_password, :change_password_notify,
-      :change_login, :verify_login_change, :close_account
+      :change_login, :verify_login_change, :close_account<%= ", :argon2" if argon2? %>
 
     # See the Rodauth documentation for the list of available config options:
     # http://rodauth.jeremyevans.net/documentation.html
 
     # ==> General
+<% if sequel_activerecord_integration? -%>
+    # Initialize Sequel and have it reuse Active Record's database connection.
+<% if RUBY_ENGINE == "jruby" -%>
+    db Sequel.connect("jdbc:<%= sequel_adapter %>://", extensions: :activerecord_connection, keep_reference: false)
+<% else -%>
+    db Sequel.<%= sequel_adapter %>(extensions: :activerecord_connection, keep_reference: false)
+<% end -%>
+
+<% end -%>
+    # Change prefix of table and foreign key column names from default "account"
+<% if table -%>
+    accounts_table :<%= table_prefix.pluralize %>
+    verify_account_table :<%= table_prefix %>_verification_keys
+    verify_login_change_table :<%= table_prefix %>_login_change_keys
+    reset_password_table :<%= table_prefix %>_password_reset_keys
+<% unless jwt? -%>
+    remember_table :<%= table_prefix %>_remember_keys
+<% end -%>
+<% else -%>
+    # accounts_table :users
+    # verify_account_table :user_verification_keys
+    # verify_login_change_table :user_login_change_keys
+    # reset_password_table :user_password_reset_keys
+<% unless jwt? -%>
+    # remember_table :user_remember_keys
+<% end -%>
+<% end -%>
+
     # The secret key used for hashing public-facing tokens for various features.
     # Defaults to Rails `secret_key_base`, but you can use your own secret key.
     # hmac_secret "<%= SecureRandom.hex(64) %>"
+<% if argon2? -%>
+
+    # Use a rotatable password pepper when hashing passwords with Argon2.
+    # argon2_secret "<SECRET_KEY>"
+
+    # Since we're using argon2, prevent loading the bcrypt gem to save memory.
+    require_bcrypt? false
+<% end -%>
 <% if jwt? -%>
 
     # Set JWT secret, which is used to cryptographically protect the token.
@@ -28,10 +66,13 @@ class RodauthMain < Rodauth::Rails::Auth
     # require_login_confirmation? false
 <% end -%>
 
-    # Specify the controller used for view rendering and CSRF verification.
+    # Use path prefix for all routes.
+    # prefix "/auth"
+
+    # Specify the controller used for view rendering, CSRF, and callbacks.
     rails_controller { RodauthController }
 
-    # Set on Rodauth controller with the title of the current page.
+    # Set in Rodauth controller instance with the title of the current page.
     title_instance_variable :@page_title
 
     # Store account status in an integer column without foreign key constraint.
@@ -40,14 +81,13 @@ class RodauthMain < Rodauth::Rails::Auth
     # Store password hash in a column instead of a separate table.
     account_password_hash_column :password_hash
 
-    # Passwords shorter than 8 characters are considered weak according to OWASP.
-    password_minimum_length 8
-    # bcrypt has a maximum input length of 72 bytes, truncating any extra bytes.
-    password_maximum_bytes 72
-
     # Set password when creating account instead of when verifying.
     verify_account_set_password? false
 
+    # Change some default param keys.
+    login_param "email"
+    # password_confirm_param "confirm_password"
+
     # Redirect back to originally requested location after authentication.
     # login_return_to_requested_location? true
     # two_factor_auth_return_to_requested_location? true # if using MFA
@@ -110,8 +150,27 @@ class RodauthMain < Rodauth::Rails::Auth
     # password_too_short_message { "needs to have at least #{password_minimum_length} characters" }
     # login_does_not_meet_requirements_message { "invalid email#{", #{login_requirement_message}" if login_requirement_message}" }
 
-    # Change minimum number of password characters required when creating an account.
-    # password_minimum_length 8
+    # Passwords shorter than 8 characters are considered weak according to OWASP.
+    password_minimum_length 8
+<% if argon2? -%>
+    # Having a maximum password length set prevents long password DoS attacks.
+    password_maximum_length 64
+<% else -%>
+    # bcrypt has a maximum input length of 72 bytes, truncating any extra bytes.
+    password_maximum_bytes 72
+<% end -%>
+
+    # Custom password complexity requirements (alternative to password_complexity feature).
+    # password_meets_requirements? do |password|
+    #   super(password) && password_complex_enough?(password)
+    # end
+    # auth_class_eval do
+    #   def password_complex_enough?(password)
+    #     return true if password.match?(/\d/) && password.match?(/[^a-zA-Z\d]/)
+    #     set_password_requirement_error_message(:password_simple, "requires one number and one special character")
+    #     false
+    #   end
+    # end
 <% unless jwt? -%>
 
     # ==> Remember Feature

data/lib/generators/rodauth/templates/app/models/{account.rb → account.rb.tt}

@@ -1,5 +1,5 @@
 <% if defined?(ActiveRecord::Railtie) -%>
-class Account < ApplicationRecord
+class <%= table_prefix.camelize %> < ApplicationRecord
   include Rodauth::Rails.model
 <% if ActiveRecord.version >= Gem::Version.new("7.0") -%>
   enum :status, unverified: 1, verified: 2, closed: 3
@@ -8,7 +8,7 @@ class Account < ApplicationRecord
 <% end -%>
 end
 <% else -%>
-class Account < Sequel::Model
+class <%= table_prefix.camelize %> < Sequel::Model
   include Rodauth::Rails.model
   plugin :enum
   enum :status, unverified: 1, verified: 2, closed: 3

data/lib/generators/rodauth/templates/app/views/rodauth/_login_form.html.erb

@@ -7,7 +7,7 @@
   <% else %>
     <div class="form-group mb-3">
       <%= form.label "login", rodauth.login_label, class: "form-label" %>
-      <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: "email", required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_param)}", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>
+      <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: rodauth.login_field_autocomplete_value, required: true, class: "form-control #{"is-invalid" if rodauth.field_error(rodauth.login_param)}", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>
       <%= content_tag(:span, rodauth.field_error(rodauth.login_param), class: "invalid-feedback", id: "login_error_message") if rodauth.field_error(rodauth.login_param) %>
     </div>
   <% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/login.html.erb

@@ -1,3 +1,3 @@
-<%= render "login_form_header" %>
+<%== rodauth.login_form_header %>
 <%= render "login_form" %>
-<%= render "login_form_footer" %>
+<%== rodauth.login_form_footer %>

data/lib/generators/rodauth/templates/app/views/rodauth/multi_phase_login.html.erb

@@ -1,3 +1,3 @@
-<%= render "login_form_header" %>
+<%== rodauth.login_form_header %>
 <%== rodauth.render_multi_phase_login_forms %>
-<%= render "login_form_footer" %>
+<%== rodauth.login_form_footer %>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/_login_form.html.erb

@@ -7,7 +7,7 @@
   <% else %>
     <div class="mb-6">
       <%= form.label "login", rodauth.login_label, class: "block text-sm font-semibold" %>
-      <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: "email", required: true, class: "mt-2 text-sm w-full px-3 py-2 border rounded-md dark:bg-gray-900 dark:text-gray-100 dark:focus:bg-gray-800 #{rodauth.field_error(rodauth.login_param) ? "border-red-600 focus:ring-red-600 focus:border-red-600 dark:border-red-400 dark:focus:ring-red-400" : "border-gray-300 dark:border-gray-700 dark:focus:border-emerald-400 dark:focus:ring-emerald-400" }", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>
+      <%= form.email_field rodauth.login_param, value: params[rodauth.login_param], id: "login", autocomplete: rodauth.login_field_autocomplete_value, required: true, class: "mt-2 text-sm w-full px-3 py-2 border rounded-md dark:bg-gray-900 dark:text-gray-100 dark:focus:bg-gray-800 #{rodauth.field_error(rodauth.login_param) ? "border-red-600 focus:ring-red-600 focus:border-red-600 dark:border-red-400 dark:focus:ring-red-400" : "border-gray-300 dark:border-gray-700 dark:focus:border-emerald-400 dark:focus:ring-emerald-400" }", aria: ({ invalid: true, describedby: "login_error_message" } if rodauth.field_error(rodauth.login_param)) %>
       <%= content_tag(:span, rodauth.field_error(rodauth.login_param), class: "block mt-1 text-red-600 text-xs dark:text-red-400", id: "login_error_message") if rodauth.field_error(rodauth.login_param) %>
     </div>
   <% end %>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/login.html.erb

@@ -1,5 +1,5 @@
 <div class="flex-1 space-y-4">
-  <%= render "login_form_header" %>
+  <%== rodauth.login_form_header %>
   <%= render "login_form" %>
-  <%= render "login_form_footer" %>
+  <%== rodauth.login_form_footer %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/multi_phase_login.html.erb

@@ -1,5 +1,5 @@
 <div class="flex-1 space-y-4">
-  <%= render "login_form_header" %>
+  <%== rodauth.login_form_header %>
   <%== rodauth.render_multi_phase_login_forms %>
-  <%= render "login_form_footer" %>
+  <%== rodauth.login_form_footer %>
 </div>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/webauthn_autofill.html.erb

@@ -0,0 +1,10 @@
+<% cred = rodauth.webauthn_credential_options_for_get %>
+
+<%= form_with url: rodauth.webauthn_login_path, method: :post, id: "webauthn-login-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>
+  <%= form.hidden_field rodauth.webauthn_auth_challenge_param, value: cred.challenge %>
+  <%= form.hidden_field rodauth.webauthn_auth_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>
+  <%= form.text_field rodauth.webauthn_auth_param, value: "", id: "webauthn-auth", class: "hidden", aria: { hidden: "true" } %>
+  <%= form.submit rodauth.webauthn_auth_button, class: "hidden" %>
+<% end %>
+
+<%= javascript_include_tag rodauth.webauthn_autofill_js_path, extname: false %>

data/lib/generators/rodauth/templates/app/views/rodauth/tailwind/webauthn_remove.html.erb

@@ -8,13 +8,13 @@
   <% end %>
 
   <fieldset class="mb-6">
-    <% (usage = rodauth.account_webauthn_usage).each do |id, last_use| %>
+    <% rodauth.account_webauthn_usage.each do |id, last_use| %>
       <div class="flex items-center space-x-2">
         <%= form.radio_button rodauth.webauthn_remove_param, id, id: "webauthn-remove-#{id}", class: "dark:bg-gray-900 dark:border-gray-600 dark:checked:bg-current dark:checked:border-current dark:checked:text-emerald-400 dark:focus:ring-emerald-400 dark:focus:ring-offset-gray-900" %>
         <%= form.label "webauthn-remove-#{id}", "Last use: #{last_use}", class: "text-sm" %>
-        <%= content_tag(:span, rodauth.field_error(rodauth.webauthn_remove_param), class: "block mt-1 text-red-600 text-xs dark:text-red-400", id: "webauthn_remove_error_message") if rodauth.field_error(rodauth.webauthn_remove_param) && id == usage.keys.last %>
       </div>
     <% end %>
+    <%= content_tag(:span, rodauth.field_error(rodauth.webauthn_remove_param), class: "block mt-1 text-red-600 text-xs dark:text-red-400", id: "webauthn_remove_error_message") if rodauth.field_error(rodauth.webauthn_remove_param) %>
   </fieldset>
 
   <%= form.submit rodauth.webauthn_remove_button, class: "w-full px-8 py-3 cursor-pointer font-semibold text-sm rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-600 dark:bg-emerald-400 dark:hover:bg-emerald-500 dark:text-gray-900 dark:focus:ring-emerald-400 dark:focus:ring-offset-current" %>

data/lib/generators/rodauth/templates/app/views/rodauth/webauthn_autofill.html.erb

@@ -0,0 +1,10 @@
+<% cred = rodauth.webauthn_credential_options_for_get %>
+
+<%= form_with url: rodauth.webauthn_login_path, method: :post, id: "webauthn-login-form", data: { credential_options: cred.as_json.to_json, turbo: false } do |form| %>
+  <%= form.hidden_field rodauth.webauthn_auth_challenge_param, value: cred.challenge %>
+  <%= form.hidden_field rodauth.webauthn_auth_challenge_hmac_param, value: rodauth.compute_hmac(cred.challenge) %>
+  <%= form.text_field rodauth.webauthn_auth_param, value: "", id: "webauthn-auth", class: "d-none", aria: { hidden: "true" } %>
+  <%= form.submit rodauth.webauthn_auth_button, class: "d-none" %>
+<% end %>
+
+<%= javascript_include_tag rodauth.webauthn_autofill_js_path, extname: false %>

data/lib/generators/rodauth/templates/app/views/rodauth_mailer/unlock_account.text.erb

@@ -1,4 +1,4 @@
-Someone has requested a that the account with this email be unlocked.
+Someone has requested that the account with this email be unlocked.
 If you did not request the unlocking of this account, please ignore this
 message.  If you requested the unlocking of this account, please go to
 <%= @rodauth.unlock_account_email_link %>

data/lib/generators/rodauth/templates/db/migrate/{create_rodauth.rb → create_rodauth.rb.tt}

@@ -1,5 +1,5 @@
 <% if defined?(::ActiveRecord::Railtie) -%>
-class <%= migration_class_name %> < ActiveRecord::Migration<%= migration_version %>
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
   def change
 <%= migration_content -%>
   end

data/lib/generators/rodauth/templates/test/fixtures/{accounts.yml → accounts.yml.tt}

@@ -1,10 +1,10 @@
 # Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
 one:
   email: freddie@queen.com
-  password_hash: <%%= BCrypt::Password.create("password", cost: BCrypt::Engine::MIN_COST) %>
+  password_hash: <%%= RodauthMain.allocate.password_hash("password") %>
   status: verified
 
 two:
   email: brian@queen.com
-  password_hash: <%%= BCrypt::Password.create("password", cost: BCrypt::Engine::MIN_COST) %>
+  password_hash: <%%= RodauthMain.allocate.password_hash("password") %>
   status: verified