Releases: janko/rodauth-rails
2.0.2
2.0.1
-
The built-in mailer class now resolves correctly when email deliveries are processed by a separate background job process in development. This should fix the
NameError: uninitialized constant Rodauth::Rails::Feature
errors.The mailer class was renamed from
Rodauth::Rails::Feature::Email::Mailer
toRodauth::Rails::Mailer
, so any previously enqueued email deliveries will fail. However, the built-in mailer shouldn't be used in production anyway.
2.0.0
Breaking changes
-
The
sequel-activerecord_connection
,bcrypt
andtilt
gems are now optional dependencies. For new projects,rodauth:install
will automatically add them to yourGemfile
.For existing projects, you should add them back as needed:
$ bundle add sequel-activerecord_connection --require false # unless you're using Sequel as your primary ORM $ bundle add after_commit_everywhere --require false # not needed on Rails 7.2+ $ bundle add bcrypt --require false # unless you're using argon2 $ bundle add tilt --require false # not needed if you're not rendering any built-in view/email templates and have Roda rendering disabled, see https://github.com/janko/rodauth-rails/wiki/Skip-Tilt
-
The built-in
#current_account
controller method has been removed. It has been soft-deprecated for a while now, but it's not ergonomic enough for secondary Rodauth configurations.Existing applications should define their own that delegate to
rodauth.rails_account
, for example:class ApplicationController < ActionController::Base private # primary configuration def current_account rodauth.rails_account end end
class Admin::ApplicationController < ActionController::Base private # secondary configuration def current_admin rodauth(:admin).rails_account end end
-
Removed deprecated
Rodauth::Rails::Model
class. This shouldn't affect you if you've been usingRodauth::Rails.model
. -
Removed deprecated
Rodauth::Rails.authenticated
routing constraint. You should be usingRodauth::Rails.authenticate
instead. -
Support for Rails 5.0 has been dropped.
-
Support for Ruby 2.5 has been dropped.
Other improvements
-
The
--jwt
option for therodauth:install
generator automatically adds thejwt
gem to the Gemfile. -
The
--argon2
option for therodauth:install
generator automatically adds theargon2
gem to the Gemfile. -
Added check constraint to generated Active Record migration on Postgres for the accounts table that verifies basic email format. This makes it consistent with the Sequel migration.
-
Install instructions are now skipped if
--json
or--jwt
flag was specified, as those are mostly specific to HTML mode anyway.
1.15.2
1.15.1
- Don't pass keyword arguments to
enum
on generated account model for Rails 8.0 compatibility. - Show configuration suggestion for
otp_unlock
feature if generating its migration with a table prefix. - Remove
require_login_redirect { login_path }
from generated configuration, as that's now the default in Rodauth. - Simplify installation instructions, cutting the number of lines by 50%.
1.15.0
New features
-
Migrations and view/email templates have been added for the new otp_unlock, otp_lockout_email, otp_modify_email and webauthn_modify_email features added in Rodauth 2.36.
-
New
rodauth:mailer
generator has been added to accommodate for the increased number of possible emails. Mailer integration isn't generated byrodauth:install
generator anymore. -
The
rodauth.rails_url_options
hash can now be overridden at runtime. This is useful when different mailers have different URL options (e.g. subdomains).class RodauthMailer < ApplicationMailer # ... def rodauth(name, account_id, &block) instance = RodauthApp.rodauth(name).allocate instance.account_from_id(account_id) instance.rails_url_options.merge!(default_url_options) # merge current default URL options instance.instance_eval(&block) if block instance end end
Bug fixes
-
The model instance returned by
rodauth.rails_account
is now refreshed whenrodauth.account
changes. This fixes integration with rodauth-become_account gem. -
Fixed error on Rails 7.2 when Rodauth attempts to redirect to a URLs with query parameters.
Other improvements
-
The generated mailer now uses
rodauth.account_from_id
added in Rodauth 2.36 for setting the current account. -
Explicit index names have been removed from generated migrations in favor of default index names.
-
Added missing email template for the reset_password_notify feature.
-
The generated Rodauth configuration no longer enables the change_password_notify feature.
-
The generated
webauthn_remove
view template now usesrodauth.strftime_format
for displaying last use. -
The
convert_token_id_to_integer?
configuration is now skipped on install when Sequel is used as primary ORM.
1.14.1
1.14.0
-
Controller callbacks can now specify
:only
and:except
to apply just to specific Rodauth routes. For example, the following will execute before the login POST request:class RodauthController < ApplicationController before_action :verify_captcha, only: :login, if: -> { request.post? } end
-
The Rodauth controller and route name are now being instrumented instead of
RodauthApp#call
. This should improve integration with APM agents, which might rely on:controller
referencing and actual controller class name, and also better differentiate between Rodauth routes in APM dashboard. -
The URL format for Rails routes is now being correctly applied when
http_basic_auth
is called in the Rodauth middleware. -
Fixed
data-turbo="false"
being added in the wrong place in reset password request form on login validation errors. -
The Rodauth app middleware subclass now uses
Module#set_temporary_name
on Ruby 3.3+ instead of custom#inspect
output. -
The generated fixtures now retrieve the auth class though the Rodauth app (
RodauthApp.rodauth
instead ofRodauthMain
), to avoid errors with BCrypt gem not being loaded. -
The account model is generated with
include Rodauth::Rails.model
again, to avoid errors with BCrypt gem not being loaded. -
Make generated
convert_token_id_to_integer?
configuration also work when switching to UUID primary key, while still avoiding DB queries at boot time. -
Custom column attributes can now be referenced on
rails_account
before the account is persisted (e.g. in abefore_create_account
callback). -
Dropped support for Ruby 2.3 and 2.4.
1.13.0 🎄
- The
convert_token_id_to_integer?
configuration is now set to avoid DB queries at boot time. The value will be set totrue
unless:primary_key_type
has been set in generator options. - The
login_confirm_param
configuration is now set to"email-confirm"
for consistency with the existinglogin_param
override. This param is only used whenrequire_login_confirmation?
istrue
, which is the case whencreate_account
feature is loaded withoutverify_account
. - When the session middleware is missing in API-only Rails apps, and a request to Rodauth requires sessions, the raised error will now point to Rails docs instead of suggesting to load the Roda
sessions
plugin (which won't work in Rails apps). - A
#rodauth
method has been added to helpers for controller tests. See the wiki for up-to-date controller test guidelines.
1.12.0
-
The
#rails_cookies
shorthand was added onRodauth::Rails::App
andRodauth::Rails::Auth
for accessing the Rails request's cookie jar (the same as#cookies
in controllers). -
The
#turbo_stream
method is now exposed onRodauth::Rails::Auth
when using the turbo-rails gem, for easier generation of turbo stream responses. -
When running
rodauth:install
with--jwt
or--argon2
options, the generatedjwt_secret
andargon2_secret
now default tohmac_secret
(which in turn defaults to Rails secret key base), instead of having a hardcoded secret. -
The
rodauth:install
generator now includesRodauth::Model(RodauthMain)
into the account model, which is essentially whatRodauth::Rails.model
did. This makesRodauth::Rails.model
soft-deprecated. -
The Rodauth app now forwards all unhandled requests to the Rails router, even those that partially matched a Roda matcher.
-
The
rodauth:views
generator can now generate the view template for theconfirm_password
feature as well (thanks to @igor-alexandrov).