rodauth-rails 1.10.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: adfcbce27e52d0a53b5cd670489635c841dff9e2809c92be059286943894db6c
-  data.tar.gz: e98584823e926c810bc66366496df5fb3c8eed0f38e291b76b9f132480941a9c
+  metadata.gz: 8f902ae05472454543304221221b9681c7dab3d231d6551c7e82b6c4c1570dc8
+  data.tar.gz: b3a1948fb603be978bddea73a44b8109f4e3c76e132b2da3a8e6aad1b36f3d14
 SHA512:
-  metadata.gz: 845b037926a9372522da9b3507b5fd2959454bc24198f72a7832d9025ccd27f9bac3790823577e1e68c3a1e1a076472e1629825973c37cc932e2b63299e1408b
-  data.tar.gz: af417d7bbe9732c677ca15c6796817554fe68d5f8f3db8001b56a736db33382f3efd8f86952509d038f45f449f76d3c9ea61f1a7f5a29c1cef5f45e72cf1c9ce
+  metadata.gz: 8547335032c3e0851406932463cd62e2377c16db2145e0da6abb8a7f20745c20f9e8d54bd2b57599e335a4f9b37078cf7f1c17caa53b4dab60105c410a401469
+  data.tar.gz: dd84bd6d57a4e8e78a6412a7ac38befa7d75ef693a6788014d383d3800a4535af71fa24239f8b0521cecc7c598766f48b2034a016a2a15235cfa9f9d2dd52761

data/CHANGELOG.md

@@ -1,3 +1,17 @@
+## 1.11.0 (2023-08-21)
+
+* Exclude WebAuthn JS routes in `rodauth:routes`, since those stop being relevant with custom JS (@janko)
+
+* Separate HTTP verbs with `|` symbol in `rodauth:routes` for consistency with `rails routes` (@janko)
+
+* Include two factor manage & auth JSON POST routes in `rodauth:routes` task (@janko)
+
+* Make `rodauth:routes` rake task appear in `rails -T` list (@janko)
+
+* Accept plugin options in `Rodauth::Rails.lib` (@janko)
+
+* Support skipping loading Roda `render` plugin by passing `render: false` (@janko)
+
 ## 1.10.0 (2023-07-26)
 
 * Add `Rodauth::Rails.lib` for easier usage of Rodauth as a library in Rails apps (@janko)

data/README.md

@@ -134,18 +134,18 @@ $ rails rodauth:routes
 ```
 Routes handled by RodauthApp:
 
-  GET/POST  /login                   rodauth.login_path
-  GET/POST  /create-account          rodauth.create_account_path
-  GET/POST  /verify-account-resend   rodauth.verify_account_resend_path
-  GET/POST  /verify-account          rodauth.verify_account_path
-  GET/POST  /change-password         rodauth.change_password_path
-  GET/POST  /change-login            rodauth.change_login_path
-  GET/POST  /logout                  rodauth.logout_path
-  GET/POST  /remember                rodauth.remember_path
-  GET/POST  /reset-password-request  rodauth.reset_password_request_path
-  GET/POST  /reset-password          rodauth.reset_password_path
-  GET/POST  /verify-login-change     rodauth.verify_login_change_path
-  GET/POST  /close-account           rodauth.close_account_path
+  GET|POST  /login                   rodauth.login_path
+  GET|POST  /create-account          rodauth.create_account_path
+  GET|POST  /verify-account-resend   rodauth.verify_account_resend_path
+  GET|POST  /verify-account          rodauth.verify_account_path
+  GET|POST  /change-password         rodauth.change_password_path
+  GET|POST  /change-login            rodauth.change_login_path
+  GET|POST  /logout                  rodauth.logout_path
+  GET|POST  /remember                rodauth.remember_path
+  GET|POST  /reset-password-request  rodauth.reset_password_request_path
+  GET|POST  /reset-password          rodauth.reset_password_path
+  GET|POST  /verify-login-change     rodauth.verify_login_change_path
+  GET|POST  /close-account           rodauth.close_account_path
 ```
 
 Using this information, you can add some basic authentication links to your
@@ -236,7 +236,7 @@ level. You can do this via the built-in `authenticated` routing constraint:
 ```rb
 # config/routes.rb
 Rails.application.routes.draw do
-  constraints Rodauth::Rails.authenticated do
+  constraints Rodauth::Rails.authenticate do
     # ... authenticated routes ...
   end
 end
@@ -249,7 +249,7 @@ called with the Rodauth instance:
 # config/routes.rb
 Rails.application.routes.draw do
   # require multifactor authentication to be setup
-  constraints Rodauth::Rails.authenticated { |rodauth| rodauth.uses_two_factor_authentication? } do
+  constraints Rodauth::Rails.authenticate { |rodauth| rodauth.uses_two_factor_authentication? } do
     # ...
   end
 end
@@ -260,7 +260,7 @@ You can specify a different Rodauth configuration by passing the configuration n
 ```rb
 # config/routes.rb
 Rails.application.routes.draw do
-  constraints Rodauth::Rails.authenticated(:admin) do
+  constraints Rodauth::Rails.authenticate(:admin) do
     # ...
   end
 end
@@ -712,12 +712,22 @@ RodauthMain.login(login: "email@example.com", password: "secret123")
 RodauthMain.close_account(account_login: "email@example.com")
 ```
 
-Note that you'll want to skip requiring `rodauth-rails` on Rails boot, so that it doesn't insert the middleware automatically, and remove the initializer.
+Note that you'll want to skip requiring `rodauth-rails` on Rails boot, to avoid it automatically inserting the Rodauth middleware, and remove some unnecessary files generated by the install generator.
 
 ```rb
 # Gemfile
 gem "rodauth-rails", require: false
 ```
+```sh
+$ rm config/initializers/rodauth.rb app/misc/rodauth_app.rb app/controllers/rodauth_controller.rb
+```
+
+The `Rodauth::Rails.lib` call will forward any Rodauth [plugin options] passed to it:
+
+```rb
+# skips loading Roda render plugin and Tilt gem (used for rendering built-in templates)
+Rodauth::Rails.lib(render: false) { ... }
+```
 
 ## Testing
 
@@ -929,7 +939,7 @@ class RodauthApp < Rodauth::Rails::App
   configure(:admin) { ... }
 
   # plugin options
-  configure(RodauthMain, json: :only)
+  configure(RodauthMain, json: :only, render: false)
 end
 ```
 

data/lib/rodauth/rails/app.rb

@@ -18,16 +18,17 @@ module Rodauth
       end
 
       plugin :hooks
-      plugin :render, layout: false
       plugin :pass
 
       def self.configure(*args, **options, &block)
         auth_class = args.shift if args[0].is_a?(Class)
-        name       = args.shift if args[0].is_a?(Symbol)
+        auth_class ||= Class.new(Rodauth::Rails::Auth)
+        name = args.shift if args[0].is_a?(Symbol)
 
         fail ArgumentError, "need to pass optional Rodauth::Auth subclass and optional configuration name" if args.any?
 
-        auth_class ||= Class.new(Rodauth::Rails::Auth)
+        # we'll render Rodauth's built-in view templates within Rails layouts
+        plugin :render, layout: false unless options[:render] == false
 
         plugin :rodauth, auth_class: auth_class, name: name, csrf: false, flash: false, json: true, **options, &block
 

data/lib/rodauth/rails/tasks/routes.rb

@@ -0,0 +1,70 @@
+module Rodauth
+  module Rails
+    module Tasks
+      class Routes
+        IGNORE = [:webauthn_setup_js, :webauthn_auth_js, :webauthn_autofill_js]
+        JSON_POST = [:two_factor_manage, :two_factor_auth]
+
+        attr_reader :auth_class
+
+        def initialize(auth_class)
+          @auth_class = auth_class
+        end
+
+        def call
+          routes = auth_class.route_hash.map do |path, handle_method|
+            route_name = handle_method.to_s.sub(/\Ahandle_/, "").to_sym
+            next if IGNORE.include?(route_name)
+            verbs = route_verbs(route_name)
+
+            [
+              verbs.join("|"),
+              "#{rodauth.prefix}#{path}",
+              "rodauth#{configuration_name && "(:#{configuration_name})"}.#{route_name}_path",
+            ]
+          end
+
+          routes.compact!
+          padding = routes.transpose.map { |string| string.map(&:length).max }
+
+          output_lines = routes.map do |columns|
+            [columns[0].ljust(padding[0]), columns[1].ljust(padding[1]), columns[2]].join("  ")
+          end
+
+          puts "\n  #{output_lines.join("\n  ")}"
+        end
+
+        private
+
+        def route_verbs(route_name)
+          file_path, start_line = rodauth.method(:"_handle_#{route_name}").source_location
+          lines = File.foreach(file_path).to_a
+          indentation = lines[start_line - 1][/^\s+/]
+          verbs = []
+
+          lines[start_line..-1].each do |code|
+            verbs << :GET if code.include?("r.get") && !rodauth.only_json?
+            verbs << :POST if code.include?("r.post")
+            break if code.start_with?("#{indentation}end")
+          end
+
+          verbs << :POST if rodauth.features.include?(:json) && JSON_POST.include?(route_name)
+          verbs
+        end
+
+        def rodauth
+          auth_class.new(scope)
+        end
+
+        def scope
+          auth_class.roda_class.new({})
+        end
+
+        def configuration_name
+          auth_class.configuration_name
+        end
+      end
+    end
+  end
+end
+

data/lib/rodauth/rails/tasks.rake

@@ -1,42 +1,12 @@
+require "rodauth/rails/tasks/routes"
+
 namespace :rodauth do
+  desc "Lists endpoints that will be routed by your Rodauth app"
   task routes: :environment do
-    app = Rodauth::Rails.app
-
-    puts "Routes handled by #{app}:"
-
-    app.opts[:rodauths].each do |configuration_name, auth_class|
-      rodauth = auth_class.allocate
-      only_json = rodauth.method(:only_json?).owner != Rodauth::Base && rodauth.only_json?
-
-      routes = auth_class.route_hash.map do |path, handle_method|
-        file_path, start_line = rodauth.method(:"_#{handle_method}").source_location
-        lines = File.foreach(file_path).to_a
-        indentation = lines[start_line - 1][/^\s+/]
-        verbs = []
-
-        lines[start_line..-1].each do |code|
-          verbs << :GET if code.include?("r.get") && !only_json
-          verbs << :POST if code.include?("r.post")
-          break if code.start_with?("#{indentation}end")
-        end
-
-        path_method = "#{handle_method.to_s.sub(/\Ahandle_/, "")}_path"
-
-        [
-          verbs.join("/"),
-          "#{rodauth.prefix}#{path}",
-          "rodauth#{configuration_name && "(:#{configuration_name})"}.#{path_method}",
-        ]
-      end
-
-      verbs_padding = routes.map { |verbs, _, _| verbs.length }.max
-      path_padding = routes.map { |_, path, _| path.length }.max
-
-      route_lines = routes.map do |verbs, path, code|
-        "#{verbs.ljust(verbs_padding)}  #{path.ljust(path_padding)}  #{code}"
-      end
+    puts "Routes handled by #{Rodauth::Rails.app}:"
 
-      puts "\n  #{route_lines.join("\n  ")}" unless route_lines.empty?
+    Rodauth::Rails.app.opts[:rodauths].each_value do |auth_class|
+      Rodauth::Rails::Tasks::Routes.new(auth_class).call
     end
   end
 end

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.10.0"
+    VERSION = "1.11.0"
   end
 end

data/lib/rodauth/rails.rb

@@ -16,9 +16,9 @@ module Rodauth
     @middleware = true
 
     class << self
-      def lib(&block)
+      def lib(**options, &block)
         c = Class.new(Rodauth::Rails::App)
-        c.configure(json: false) do
+        c.configure(json: false, **options) do
           enable :internal_request
           instance_exec(&block)
         end
@@ -57,8 +57,17 @@ module Rodauth
         Rodauth::Model.new(app.rodauth!(name), **options)
       end
 
-      # routing constraint that requires authentication
+      # Routing constraint that requires authenticated account.
+      def authenticate(name = nil, &condition)
+        lambda do |request|
+          rodauth = request.env.fetch ["rodauth", *name].join(".")
+          rodauth.require_account
+          condition.nil? || condition.call(rodauth)
+        end
+      end
+
       def authenticated(name = nil, &condition)
+        warn "Rodauth::Rails.authenticated has been deprecated in favor of Rodauth::Rails.authenticate, which additionally requires existence of the account record."
         lambda do |request|
           rodauth = request.env.fetch ["rodauth", *name].join(".")
           rodauth.require_authentication

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.11.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-26 00:00:00.000000000 Z
+date: 2023-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -328,6 +328,7 @@ files:
 - lib/rodauth/rails/model.rb
 - lib/rodauth/rails/railtie.rb
 - lib/rodauth/rails/tasks.rake
+- lib/rodauth/rails/tasks/routes.rb
 - lib/rodauth/rails/test.rb
 - lib/rodauth/rails/test/controller.rb
 - lib/rodauth/rails/version.rb
@@ -351,7 +352,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.12
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Provides Rails integration for Rodauth.