rodauth-rails 1.2.2 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 402cbf2f62d93eae97353a3aed436ce742b41421e880176649a7271c5516b39c
-  data.tar.gz: ca035e7a60c54b4e1b6f2a42ea6405f43811146141c30c5a6d14fd7c0600669e
+  metadata.gz: b1f519c5d15eb6c70585c8cfa625106dec267b4e7f666daeeb9499ef61c656e7
+  data.tar.gz: 1bc84d1dba6ab9ab884a56f47419e207655c90f1d71d32b009575ab169fc0b3d
 SHA512:
-  metadata.gz: 888fd37f380d6f4896b544374c6681445dbb0e90d692dd7c0239aa043c9d6c0cb2aaafa9b47f271cd6cc70ad3a6c88693c988901aed1e5bc0f77ed5c92cb4ab1
-  data.tar.gz: 48fe23bfbd3d78c3378ab47ecf92ffd7f87fe768f996764a71b8534a2cab8731ebc080998b03ea9a78f1fecd949548782ca8e38dc17c56fa2606ea11f7a7fbe9
+  metadata.gz: 88ccdb974fe6b6dd0e797cf5307656c80d7038c820eab897b277b6c22bd1bc61cc00e7e39295d2a98fc313530ad658c6be80e043dde595d3514c3a51fa0572a4
+  data.tar.gz: d17fc8142a16f18ff485446d94e68ed4672faa64edfa8aaac3b400e9060f9638575a577ff232b83a1360a58e8655199c1ab88972f77a3af0f45d76f3514b7df5

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## 1.3.0 (2022-04-01)
+
+* Store password hash on the `accounts` table in generated Rodauth migration and configuration (@janko)
+
+* Add support for controller testing with Minitest or RSpec (@janko)
+
+* Fix `enum` declaration in generated `Account` model for Active Record < 7.0 (@janko)
+
+* Ensure `require_login_redirect` points to the login page even if the login route changes (@janko)
+
 ## 1.2.2 (2022-02-22)
 
 * Fix flash messages not being preserved through consecutive redirects (@janko)

data/README.md

@@ -10,7 +10,6 @@ Provides Rails integration for the [Rodauth] authentication framework.
 * [Rails demo](https://github.com/janko/rodauth-demo-rails)
 * [JSON API guide](https://github.com/janko/rodauth-rails/wiki/JSON-API)
 * [OmniAuth guide](https://github.com/janko/rodauth-rails/wiki/OmniAuth)
-* [Testing guide](https://github.com/janko/rodauth-rails/wiki/Testing)
 
 🎥 Screencasts:
 
@@ -40,7 +39,7 @@ of the advantages that stand out for me:
 * consistent before/after hooks around everything
 * dedicated object encapsulating all authentication logic
 
-One commmon concern is the fact that, unlike most other authentication
+One common concern is the fact that, unlike most other authentication
 frameworks for Rails, Rodauth uses [Sequel] for database interaction instead of
 Active Record. There are good reasons for this, and to make Rodauth work
 smoothly alongside Active Record, rodauth-rails configures Sequel to [reuse
@@ -783,6 +782,86 @@ Rodauth::Rails.rodauth(session: { two_factor_auth_setup: true })
 Rodauth::Rails.rodauth(:admin, params: { "param" => "value" })
 ```
 
+## Testing
+
+For system and integration tests, which run the whole middleware stack,
+authentication can be exercised normally via HTTP endpoints. See [this wiki
+page](https://github.com/janko/rodauth-rails/wiki/Testing) for some examples.
+
+For controller tests, you can log in accounts by modifying the session:
+
+```rb
+# app/controllers/articles_controller.rb
+class ArticlesController < ApplicationController
+  before_action -> { rodauth.require_authentication }
+
+  def index
+    # ...
+  end
+end
+```
+```rb
+# test/controllers/articles_controller_test.rb
+class ArticlesControllerTest < ActionController::TestCase
+  test "required authentication" do
+    get :index
+
+    assert_response 302
+    assert_redirected_to "/login"
+    assert_equal "Please login to continue", flash[:alert]
+
+    account = Account.create!(email: "user@example.com", password: "secret", status: "verified")
+    login(account)
+
+    get :index
+    assert_response 200
+
+    logout
+
+    get :index
+    assert_response 302
+    assert_equal "Please login to continue", flash[:alert]
+  end
+
+  private
+
+  # Manually modify the session into what Rodauth expects.
+  def login(account)
+    session[:account_id] = account.id
+    session[:authenticated_by] = ["password"] # or ["password", "totp"] for MFA
+  end
+
+  def logout
+    session.clear
+  end
+end
+```
+
+If you're using multiple configurations with different session prefixes, you'll need
+to make sure to use those in controller tests as well:
+
+```rb
+class RodauthAdmin < Rodauth::Rails::Auth
+  configure do
+    session_key_prefix "admin_"
+  end
+end
+```
+```rb
+# in a controller test:
+session[:admin_account_id] = account.id
+session[:admin_authenticated_by] = ["password"]
+```
+
+If you want to access the Rodauth instance in controller tests, you can do so
+through the controller instance:
+
+```rb
+# in a controller test:
+@controller.rodauth         #=> #<RodauthMain ...>
+@controller.rodauth(:admin) #=> #<RodauthAdmin ...>
+```
+
 ## Configuring
 
 ### Configuration methods

data/lib/generators/rodauth/migration/base.erb

@@ -3,23 +3,18 @@ enable_extension "citext"
 
 <% end -%>
 create_table :accounts<%= primary_key_type %> do |t|
+  t.integer :status, null: false, default: 1
 <% case activerecord_adapter -%>
 <% when "postgresql" -%>
   t.citext :email, null: false
 <% else -%>
   t.string :email, null: false
 <% end -%>
-  t.integer :status, null: false, default: 1
 <% case activerecord_adapter -%>
 <% when "postgresql", "sqlite3" -%>
   t.index :email, unique: true, where: "status IN (1, 2)"
 <% else -%>
   t.index :email, unique: true
 <% end -%>
-end
-
-# Used if storing password hashes in a separate table (default)
-create_table :account_password_hashes<%= primary_key_type %> do |t|
-  t.foreign_key :accounts, column: :id
-  t.string :password_hash, null: false
+  t.string :password_hash
 end

data/lib/generators/rodauth/templates/app/misc/rodauth_main.rb

@@ -35,7 +35,7 @@ class RodauthMain < Rodauth::Rails::Auth
     account_status_column :status
 
     # Store password hash in a column instead of a separate table.
-    # account_password_hash_column :password_digest
+    account_password_hash_column :password_hash
 
     # Set password when creating account instead of when verifying.
     verify_account_set_password? false
@@ -138,6 +138,9 @@ class RodauthMain < Rodauth::Rails::Auth
 
     # Redirect to login page after password reset.
     reset_password_redirect { login_path }
+
+    # Ensure requiring login follows login route changes.
+    require_login_redirect { login_path }
 <% end -%>
 
     # ==> Deadlines

data/lib/generators/rodauth/templates/app/models/account.rb

@@ -1,4 +1,8 @@
 class Account < ApplicationRecord
   include Rodauth::Rails.model
+<% if ActiveRecord.version >= Gem::Version.new("7.0") -%>
   enum :status, unverified: 1, verified: 2, closed: 3
+<% else -%>
+  enum status: { unverified: 1, verified: 2, closed: 3 }
+<% end -%>
 end

data/lib/rodauth/rails/railtie.rb

@@ -1,5 +1,6 @@
 require "rodauth/rails/middleware"
 require "rodauth/rails/controller_methods"
+require "rodauth/rails/test"
 
 require "rails"
 
@@ -21,6 +22,14 @@ module Rodauth
       initializer "rodauth.test" do
         # Rodauth uses RACK_ENV to set the default bcrypt hash cost
         ENV["RACK_ENV"] = "test" if ::Rails.env.test?
+
+        if ActionPack.version >= Gem::Version.new("5.0")
+          ActiveSupport.on_load(:action_controller_test_case) do
+            include Rodauth::Rails::Test::Controller
+          end
+        else
+          ActionController::TestCase.include Rodauth::Rails::Test::Controller
+        end
       end
 
       rake_tasks do

data/lib/rodauth/rails/test/controller.rb

@@ -0,0 +1,41 @@
+require "active_support/concern"
+
+module Rodauth
+  module Rails
+    module Test
+      module Controller
+        extend ActiveSupport::Concern
+
+        included do
+          setup :setup_rodauth
+        end
+
+        def process(*)
+          catch_rodauth { super }
+        end
+        ruby2_keywords(:process) if respond_to?(:ruby2_keywords, true)
+
+        private
+
+        def setup_rodauth
+          Rodauth::Rails.app.opts[:rodauths].each do |name, auth_class|
+            scope = auth_class.roda_class.new(request.env)
+            request.env[["rodauth", *name].join(".")] = auth_class.new(scope)
+          end
+        end
+
+        def catch_rodauth(&block)
+          result = catch(:halt, &block)
+
+          if result.is_a?(Array) # rodauth response
+            response.status = result[0]
+            response.headers.merge! result[1]
+            response.body = result[2]
+          end
+
+          response
+        end
+      end
+    end
+  end
+end

data/lib/rodauth/rails/test.rb

@@ -0,0 +1,7 @@
+module Rodauth
+  module Rails
+    module Test
+      autoload :Controller, "rodauth/rails/test/controller"
+    end
+  end
+end

data/lib/rodauth/rails/version.rb

@@ -1,5 +1,5 @@
 module Rodauth
   module Rails
-    VERSION = "1.2.2"
+    VERSION = "1.3.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-rails
 version: !ruby/object:Gem::Version
-  version: 1.2.2
+  version: 1.3.0
 platform: ruby
 authors:
 - Janko Marohnić
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-22 00:00:00.000000000 Z
+date: 2022-04-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -247,6 +247,8 @@ files:
 - lib/rodauth/rails/model/associations.rb
 - lib/rodauth/rails/railtie.rb
 - lib/rodauth/rails/tasks.rake
+- lib/rodauth/rails/test.rb
+- lib/rodauth/rails/test/controller.rb
 - lib/rodauth/rails/version.rb
 - rodauth-rails.gemspec
 homepage: https://github.com/janko/rodauth-rails