1.6.0

• The current_account controller method doesn't redirect to the login page anymore when the current account was not found (not logged in, closed account, or deleted account record), and instead it returns nil in this case. This should make the behaviour less surprising, and work better with gems such as Audited, which expects the method for retrieving the current account to return nil.

  Applications that currently rely on current_account to redirect when there is no current account will need to be updated. In most cases, replacing rodauth.require_authenication with rodauth.require_account should be sufficient, with the active_sessions feature being a more robust solution. Given that the current_account method will clear the session if it contains the account ID of a closed/deleted account, any errors that happen should disappear on next page visit.

• The gem now works without Action Mailer being loaded. In this case, no email configuration is changed, so Rodauth's default behaviour will be called, which is to use the Mail gem directly. Loading the Mail gem can be skipped by setting require_mail? false in the Rodauth configuration.

• The Active Record migrations should now generate functional schema when using the activerecord-sqlserver-adapter gem, by avoiding creating IDENTITY columns for tables where the id column is both a primary and foreign key.

• The configuration name in the generated RodauthMailer methods is now a required argument, which should avoid Rubocop complaints.

v1.5.5

• The #current_account method doesn't raise ArgumentError anymore when called without being logged in (thanks to @benkoshy).
• The rodauth:views generator now aborts when unknown feature was specified.
• The rodauth:migration generator now aborts when unknown feature was specified.

v1.5.4

• When using Sequel as the primary database library, the generated migration now stores password hashes in the accounts table (instead of in a separate table), and creates an integer status column, which is compatible with the generated configuration and consistent with Active Record.

• The generated accounts.yml fixture now uses enum string values for status column, e.g. "verified" instead of 2.

• The fixture is now generated in test/fixtures instead of app/test/fixtures, and when using RSpec it's generated in spec/fixtures (thanks to @benkoshy).

v1.5.3

Yanked

v1.5.2

• The list of endpoints in rodauth:routes now includes available HTTP verbs, and excludes routes that have been disabled (by setting *_route configuration to nil).

  GET/POST  /login                   rodauth.login_path
  GET/POST  /create-account          rodauth.create_account_path
  GET/POST  /verify-account-resend   rodauth.verify_account_resend_path
  GET/POST  /verify-account          rodauth.verify_account_path
  POST      /email-auth-request      rodauth.email_auth_request_path
  GET/POST  /email-auth              rodauth.email_auth_path
  GET/POST  /remember                rodauth.remember_path
  GET/POST  /logout                  rodauth.logout_path
  GET/POST  /reset-password-request  rodauth.reset_password_request_path
  GET/POST  /reset-password          rodauth.reset_password_path
  GET/POST  /change-password         rodauth.change_password_path
  GET/POST  /change-login            rodauth.change_login_path
  GET/POST  /verify-login-change     rodauth.verify_login_change_path
  GET/POST  /confirm-password        rodauth.confirm_password_path
  GET       /multifactor-manage      rodauth.two_factor_manage_path
  GET       /multifactor-auth        rodauth.two_factor_auth_path
  GET/POST  /multifactor-disable     rodauth.two_factor_disable_path
  GET/POST  /otp-auth                rodauth.otp_auth_path
  GET/POST  /otp-setup               rodauth.otp_setup_path
  GET/POST  /otp-disable             rodauth.otp_disable_path
  GET/POST  /sms-request             rodauth.sms_request_path
  GET/POST  /sms-auth                rodauth.sms_auth_path
  GET/POST  /sms-setup               rodauth.sms_setup_path
  GET/POST  /sms-confirm             rodauth.sms_confirm_path
  GET/POST  /sms-disable             rodauth.sms_disable_path
  GET/POST  /recovery-auth           rodauth.recovery_auth_path
  GET/POST  /recovery-codes          rodauth.recovery_codes_path
  GET/POST  /close-account           rodauth.close_account_path
  POST      /unlock-account-request  rodauth.unlock_account_request_path
  GET/POST  /unlock-account          rodauth.unlock_account_path
  

• The rodauth:install generator now generates an accounts.yml fixture, which contains two verified accounts (thanks to @benkoshy).

• When using newrelic_rpm gem instrumentation, the undefined method controller_path error has now been fixed.

• The Rodauth dependency version has been bumped to 2.25+, since the version 2.25 properly handles disabled routes, by excluding them from route_hash.

v1.5.1

• The Sequel base migration now uses the correct syntax for creating the citext PG extension (thanks to @Empact).

v1.5.0

• When title_instance_variable is set, Rodauth pages set that instance variable on the Rodauth controller with the default title of the page (thanks to @HoneyryderChuck).

  class RodauthMain < Rodauth::Rails::Auth
    configure do
      title_instance_variable :@page_title
    end
  end

  <!-- app/views/layouts/application.html.erb -->
  <html>
    <head>
      <title><%= @page_title || "Default title" %></title>
      <!-- ... -->
    </head>
    <! -- ... -->
  </html>

• The rodauth_main.rb generated on rodauth:install now sets title_instance_variable to @page_title.

• The content_for calls were removed from views generated with rodauth:views, as using title_instance_variable is now encouraged, since it works with built-in templates as well.

v1.4.2

• The generated Action Mailer configuration has received several improvements:

  • configuration name is now passed into the mailer, making it work for secondary configurations
  • finding the account was extracted into a method, to make it easier to change if needed for different Rodauth configurations
  • the old/new email address are not passed into mailer arguments anymore for verifying login change, making it more GDPR-friendly

  # app/misc/rodauth_main.rb
  class RodautMain < Rodauth::Rails::Auth
    configure do
      # ...
      create_reset_password_email do
        RodauthMailer.reset_password(*self.class.configuration_name, account_id, reset_password_key_value)
      end
      create_verify_account_email do
        RodauthMailer.verify_account(*self.class.configuration_name, account_id, verify_account_key_value)
      end
      create_verify_login_change_email do |_login|
        RodauthMailer.verify_login_change(*self.class.configuration_name, account_id, verify_login_change_key_value)
      end
      create_password_changed_email do
        RodauthMailer.password_changed(*self.class.configuration_name, account_id)
      end
      # create_email_auth_email do
      #   RodauthMailer.email_auth(*self.class.configuration_name, account_id, email_auth_key_value)
      # end
      # create_unlock_account_email do
      #   RodauthMailer.unlock_account(*self.class.configuration_name, account_id, unlock_account_key_value)
      # end
      # ...
    end
  end

  # app/mailers/rodauth_mailer.rb
  class RodauthMailer < ApplicationMailer
    def verify_account(name = nil, account_id, key)
      @email_link = email_link(name, :verify_account, account_id, key)
      @account = find_account(name, account_id)
  
      mail to: @account.email, subject: rodauth(name).verify_account_email_subject
    end
  
    def reset_password(name = nil, account_id, key)
      @email_link = email_link(name, :reset_password, account_id, key)
      @account = find_account(name, account_id)
  
      mail to: @account.email, subject: rodauth(name).reset_password_email_subject
    end
  
    def verify_login_change(name = nil, account_id, key)
      @email_link = email_link(name, :verify_login_change, account_id, key)
      @account = find_account(name, account_id)
      @new_email = @account.login_change_key.login
  
      mail to: @new_email, subject: rodauth(name).verify_login_change_email_subject
    end
  
    def password_changed(name = nil, account_id)
      @account = find_account(name, account_id)
  
      mail to: @account.email, subject: rodauth(name).password_changed_email_subject
    end
  
    # def email_auth(name = nil, account_id, key)
    #   @email_link = email_link(name, :email_auth, account_id, key)
    #   @account = find_account(name, account_id)
  
    #   mail to: @account.email, subject: rodauth(name).email_auth_email_subject
    # end
  
    # def unlock_account(name = nil, account_id, key)
    #   @email_link = email_link(name, :unlock_account, account_id, key)
    #   @account = find_account(name, account_id)
  
    #   mail to: @account.email, subject: rodauth(name).unlock_account_email_subject
    # end
  
    private
  
    def find_account(_name, account_id)
      Account.find(account_id)
    end
  
    def email_link(name, action, account_id, key)
      instance = rodauth(name)
      instance.instance_variable_set(:@account, { id: account_id })
      instance.instance_variable_set(:"@#{action}_key_value", key)
      instance.public_send(:"#{action}_email_link")
    end
  
    def rodauth(name)
      RodauthApp.rodauth(name).allocate
    end
  end

  <%# app/views/rodauth_mailer/verify_login_change.text.erb %>
  Someone with an account has requested their login be changed to this email address:
  
  Old email: <%= @account.email %>
  
  New email: <%= @new_email %>
  
  If you did not request this login change, please ignore this message.  If you
  requested this login change, please go to
  <%= @email_link %>
  to verify the login change.

• Now that rodauth-model added support for Sequel models, the generated Sequel account model includes the model mixin automatically (just like the Active Record account model).

  class Account < Sequel::Model
    include Rodauth::Rails.model # <== now supported
    plugin :enum
    enum :status, unverified: 1, verified: 2, closed: 3
  end

v1.4.1

• The model mixin has been extracted into the rodauth-model gem, which is now added as a dependency to rodauth-rails. External features that use separate database tables are encouraged to use its new association registration API.

  # lib/rodauth/features/foo.rb
  module Rodauth
    Feature.define(:foo, :Foo) do
      auth_value_method :foo_table, :account_foos
      auth_value_method :foo_id_column, :id
      # ...
    end
  
    if defined?(Model)
      Model.register_association(:foo) do
        { name: :foo, type: :one, table: foo_table, key: foo_id_column }
      end
    end
  end

• The Rodauth::Rails::Auth#associations method added in the previous feature has been removed in favor of the new association registration API.

• The Rodauth::Rails::Model class has been deprecated. The Rodauth::Rails.model method now returns an instance of Rodauth::Model.

v1.4.0

• Calling the Rodauth app is now skipped for asset requests when using Sprockets or Propshaft. Previously doing this like requiring authentication for all routes inside the Rodauth app's route block would break asset retrieval, as these requests would redirect when the user is not logged in.

• Added Sequel support to generators, which includes database migrations, account model, and mailer. Sequel mode will get activated when active_record/railtie doesn't get loaded.

• Association definitions have been moved from Rodauth::Rails::Model::Associations into #associations method on the Rodauth object. This allows external features to add their own definitions, and the model mixin will automatically define those associations:

  # lib/rodauth/features/foo.rb
  module Rodauth
    Feature.define(:foo, :Foo) do
      auth_value_method :foo_table, :account_foos
      auth_value_method :foo_id_column, :id
  
      def associations
        list = super
        list << {
          name: :foo, # will define `Account::Foo` model
          type: :one, # or :many
          table: foo_table,
          foreign_key: foo_id_column
        }
        list
      end
    end
  end