rodauth-rails 0.6.1 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9805b35cefee7e30cc6f7190e2ace9e7ea75c20f40651eb364edafea2f2382f7
-  data.tar.gz: 503b821866aaf2b6aa108265ed8015869a8c8a6a73e910aa3c38b35c5a542ac1
+  metadata.gz: 8163d64892cbebd867182d15148f3099abb3ed49ae3e07a89a5adea6606623d2
+  data.tar.gz: 3cc7990e0af8e5ffb2ac959f989fb45cf538490412adfc908571823e5dd7b160
 SHA512:
-  metadata.gz: 5a3e69b6d62f20ee5bc5a13c89acd2974401830a4f0f8917cc7716c9a5ccaad021a20c0f3269a211336b648bd8eb65ae60094c90a039fa1d3968eaf322ec2e47
-  data.tar.gz: 567cf154e656f7062029e207d92149fa8cf2c87404d1ba72fef6327cb31f928d0bcf453a4a0d55f71740251cb74f8b6829b8c775373daec4fe638690cd702104
+  metadata.gz: 99005d6864310fa3a36f8314a13588900a5ac1559af7a77d75cb5aba66b0b829d32c83fe66a3f5a7ced098de32b39396edd666919177836bb84b35a0de3a558b
+  data.tar.gz: 2d66b5ab43d05b26483cb3d69181c506b19a937fa77a2d7d66a38708f6357fae7bd2e605cc0a96affdd8fed822076dccb1603577338e68620c70a816fc45db7a

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.7.0 (2020-11-27)
+
+* Add `#rails_controller_eval` method for running code in context of a controller instance (@janko)
+
+* Detect `secret_key_base` from credentials and `$SECRET_KEY_BASE` environment variable (@janko)
+
 ## 0.6.1 (2020-11-25)
 
 * Generate the Rodauth controller for API-only Rails apps as well (@janko)

data/README.md

@@ -14,6 +14,23 @@ Articles:
 * [Rodauth: A Refreshing Authentication Solution for Ruby](https://janko.io/rodauth-a-refreshing-authentication-solution-for-ruby/)
 * [Adding Authentication in Rails 6 with Rodauth](https://janko.io/adding-authentication-in-rails-with-rodauth/)
 
+## Upgrading
+
+### Upgrading to 0.7.0
+
+Starting from version 0.7.0, rodauth-rails now correctly detects Rails
+application's `secret_key_base` when setting default `hmac_secret`, including
+when it's set via credentials or `$SECRET_KEY_BASE` environment variable. This
+means authentication will be more secure by default, and Rodauth features that
+require `hmac_secret` should now work automatically as well.
+
+However, if you've already been using rodauth-rails in production, where the
+`secret_key_base` is set via credentials or environment variable and `hmac_secret`
+was not explicitly set, the fact that your authentication will now start using
+HMACs has backwards compatibility considerations. See the [Rodauth
+documentation](hmac) for instructions on how to safely transition, or just set
+`hmac_secret nil` in your Rodauth configuration.
+
 ## Installation
 
 Add the gem to your Gemfile:
@@ -472,6 +489,32 @@ the configure method.
 Make sure to store the `jwt_secret` in a secure place, such as Rails
 credentials or environment variables.
 
+### Calling controller methods
+
+When using Rodauth before/after hooks or generally overriding your Rodauth
+configuration, in some cases you might want to call methods defined on your
+controllers. You can do so with `rails_controller_eval`, for example:
+
+```rb
+# app/controllers/application_controller.rb
+class ApplicationController < ActionController::Base
+  private
+  def setup_tracking(account_id)
+    # ... some implementation ...
+  end
+end
+```
+```rb
+# app/lib/rodauth_app.rb
+class RodauthApp < Rodauth::Rails::App
+  configure do
+    after_create_account do
+      rails_controller_eval { setup_tracking(account_id) }
+    end
+  end
+end
+```
+
 ### Rodauth instance
 
 In some cases you might need to use Rodauth more programmatically, and perform
@@ -742,3 +785,4 @@ conduct](https://github.com/janko/rodauth-rails/blob/master/CODE_OF_CONDUCT.md).
 [Rodauth migration]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Creating+tables
 [sequel-activerecord_connection]: https://github.com/janko/sequel-activerecord_connection
 [plugin options]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-Plugin+Options
+[hmac]: http://rodauth.jeremyevans.net/rdoc/files/README_rdoc.html#label-HMAC

data/lib/rodauth/rails.rb

@@ -32,6 +32,16 @@ module Rodauth
         scope.rodauth(name)
       end
 
+      if ::Rails.gem_version >= Gem::Version.new("5.2")
+        def secret_key_base
+          ::Rails.application.secret_key_base
+        end
+      else
+        def secret_key_base
+          ::Rails.application.secrets.secret_key_base
+        end
+      end
+
       def configure
         yield self
       end

data/lib/rodauth/rails/app.rb

@@ -27,7 +27,7 @@ module Rodauth
           set_deadline_values? true
 
           # use HMACs for additional security
-          hmac_secret { ::Rails.application.secrets.secret_key_base }
+          hmac_secret { Rodauth::Rails.secret_key_base }
 
           # evaluate user configuration
           instance_exec(&block)

data/lib/rodauth/rails/feature.rb

@@ -49,6 +49,11 @@ module Rodauth
       :alert
     end
 
+    # Evaluates the block in context of a Rodauth controller instance.
+    def rails_controller_eval(&block)
+      rails_controller_instance.instance_exec(&block)
+    end
+
     private
 
     # Runs controller callbacks and rescue handlers around Rodauth actions.

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "0.6.1"
+    VERSION = "0.7.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-25 00:00:00.000000000 Z
+date: 2020-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties