2.0.2

• Add back Rodauth::Rails::Feature::Email::Mailer as a deprecated alias for Rodauth::Rails::Mailer, so that previously enqueued email deliveries with built-in mailer still get processed in newer gem versions.

2.0.1

• The built-in mailer class now resolves correctly when email deliveries are processed by a separate background job process in development. This should fix the NameError: uninitialized constant Rodauth::Rails::Feature errors.

  The mailer class was renamed from Rodauth::Rails::Feature::Email::Mailer to Rodauth::Rails::Mailer, so any previously enqueued email deliveries will fail. However, the built-in mailer shouldn't be used in production anyway.

2.0.0

Breaking changes

• The sequel-activerecord_connection, bcrypt and tilt gems are now optional dependencies. For new projects, rodauth:install will automatically add them to your Gemfile.

  For existing projects, you should add them back as needed:

  $ bundle add sequel-activerecord_connection # unless you're using Sequel as your primary ORM
  $ bundle add after_commit_everywhere # not needed on Rails 7.2+
  $ bundle add bcrypt # unless you're using argon2
  $ bundle add tilt # not needed if you're not rendering any built-in view/email templates and have Roda rendering disabled, see https://github.com/janko/rodauth-rails/wiki/Skip-Tilt 

• The built-in #current_account controller method has been removed. It has been soft-deprecated for a while now, but it's not ergonomic enough for secondary Rodauth configurations.

  Existing applications should define their own that delegate to rodauth.rails_account, for example:

  class ApplicationController < ActionController::Base
    private
    # primary configuration
    def current_account
      rodauth.rails_account
    end
  end

  class Admin::ApplicationController < ActionController::Base
    private
    # secondary configuration
    def current_admin
      rodauth(:admin).rails_account
    end
  end

• Removed deprecated Rodauth::Rails::Model class. This shouldn't affect you if you've been using Rodauth::Rails.model.

• Removed deprecated Rodauth::Rails.authenticated routing constraint. You should be using Rodauth::Rails.authenticate instead.

• Support for Rails 5.0 has been dropped.

• Support for Ruby 2.5 has been dropped.

Other improvements

• The --jwt option for the rodauth:install generator automatically adds the jwt gem to the Gemfile.

• The --argon2 option for the rodauth:install generator automatically adds the argon2 gem to the Gemfile.

• Added check constraint to generated Active Record migration on Postgres for the accounts table that verifies basic email format. This makes it consistent with the Sequel migration.

• Install instructions are now skipped if --json or --jwt flag was specified, as those are mostly specific to HTML mode anyway.

1.15.2

• Allow Rails 8.0 (thanks to @phlipper)

1.15.1

• Don't pass keyword arguments to enum on generated account model for Rails 8.0 compatibility.
• Show configuration suggestion for otp_unlock feature if generating its migration with a table prefix.
• Remove require_login_redirect { login_path } from generated configuration, as that's now the default in Rodauth.
• Simplify installation instructions, cutting the number of lines by 50%.

1.15.0

New features

• Migrations and view/email templates have been added for the new otp_unlock, otp_lockout_email, otp_modify_email and webauthn_modify_email features added in Rodauth 2.36.

• New rodauth:mailer generator has been added to accommodate for the increased number of possible emails. Mailer integration isn't generated by rodauth:install generator anymore.

• The rodauth.rails_url_options hash can now be overridden at runtime. This is useful when different mailers have different URL options (e.g. subdomains).

  class RodauthMailer < ApplicationMailer
    # ...
    def rodauth(name, account_id, &block)
      instance = RodauthApp.rodauth(name).allocate
      instance.account_from_id(account_id)
      instance.rails_url_options.merge!(default_url_options) # merge current default URL options
      instance.instance_eval(&block) if block
      instance
    end
  end

Bug fixes

• The model instance returned by rodauth.rails_account is now refreshed when rodauth.account changes. This fixes integration with rodauth-become_account gem.

• Fixed error on Rails 7.2 when Rodauth attempts to redirect to a URLs with query parameters.

Other improvements

• The generated mailer now uses rodauth.account_from_id added in Rodauth 2.36 for setting the current account.

• Explicit index names have been removed from generated migrations in favor of default index names.

• Added missing email template for the reset_password_notify feature.

• The generated Rodauth configuration no longer enables the change_password_notify feature.

• The generated webauthn_remove view template now uses rodauth.strftime_format for displaying last use.

• The convert_token_id_to_integer? configuration is now skipped on install when Sequel is used as primary ORM.

1.14.1

• Fixed matching on account status when passing Active Record object to Rodauth::Rails.account (@dush)

1.14.0

• Controller callbacks can now specify :only and :except to apply just to specific Rodauth routes. For example, the following will execute before the login POST request:

  class RodauthController < ApplicationController
    before_action :verify_captcha, only: :login, if: -> { request.post? }
  end

• The Rodauth controller and route name are now being instrumented instead of RodauthApp#call. This should improve integration with APM agents, which might rely on :controller referencing and actual controller class name, and also better differentiate between Rodauth routes in APM dashboard.

• The URL format for Rails routes is now being correctly applied when http_basic_auth is called in the Rodauth middleware.

• Fixed data-turbo="false" being added in the wrong place in reset password request form on login validation errors.

• The Rodauth app middleware subclass now uses Module#set_temporary_name on Ruby 3.3+ instead of custom #inspect output.

• The generated fixtures now retrieve the auth class though the Rodauth app (RodauthApp.rodauth instead of RodauthMain), to avoid errors with BCrypt gem not being loaded.

• The account model is generated with include Rodauth::Rails.model again, to avoid errors with BCrypt gem not being loaded.

• Make generated convert_token_id_to_integer? configuration also work when switching to UUID primary key, while still avoiding DB queries at boot time.

• Custom column attributes can now be referenced on rails_account before the account is persisted (e.g. in a before_create_account callback).

• Dropped support for Ruby 2.3 and 2.4.

1.13.0 🎄

• The convert_token_id_to_integer? configuration is now set to avoid DB queries at boot time. The value will be set to true unless :primary_key_type has been set in generator options.
• The login_confirm_param configuration is now set to "email-confirm" for consistency with the existing login_param override. This param is only used when require_login_confirmation? is true, which is the case when create_account feature is loaded without verify_account.
• When the session middleware is missing in API-only Rails apps, and a request to Rodauth requires sessions, the raised error will now point to Rails docs instead of suggesting to load the Roda sessions plugin (which won't work in Rails apps).
• A #rodauth method has been added to helpers for controller tests. See the wiki for up-to-date controller test guidelines.

1.12.0

• The #rails_cookies shorthand was added on Rodauth::Rails::App and Rodauth::Rails::Auth for accessing the Rails request's cookie jar (the same as #cookies in controllers).

• The #turbo_stream method is now exposed on Rodauth::Rails::Auth when using the turbo-rails gem, for easier generation of turbo stream responses.

• When running rodauth:install with --jwt or --argon2 options, the generated jwt_secret and argon2_secret now default to hmac_secret (which in turn defaults to Rails secret key base), instead of having a hardcoded secret.

• The rodauth:install generator now includes Rodauth::Model(RodauthMain) into the account model, which is essentially what Rodauth::Rails.model did. This makes Rodauth::Rails.model soft-deprecated.

• The Rodauth app now forwards all unhandled requests to the Rails router, even those that partially matched a Roda matcher.

• The rodauth:views generator can now generate the view template for the confirm_password feature as well (thanks to @igor-alexandrov).