1.7.0: Tailwind CSS support

Tailwind CSS view templates have been added to the rodauth:views generator, which can be imported by passing the --css=tailwind option to the generator (this is the default when using tailwindcss-rails).

$ rails generate rodauth:views --css=tailwind

Both light mode and dark mode are supported 🌘 Thanks to @benkoshy for the initial work! 🙏🏻

tailwind-light-dark.mov

1.6.4

• The generated logout form no longer logs out all active sessions by default. This was fixed by passing include_hidden: false to the global logout checkbox builder.
• The generated mailer has been redesigned to expose the Rodauth object, allowing for greater flexibility when wanting to call other Rodauth methods.
• The email configuration for password_reset_notify feature has been added to the install generator, commented out as this feature is not enabled by default.
• The #rails_account method can now be called on a Rodauth object that was allocated directly and that has @account set.

1.6.3

• The generated app/misc/rodauth_main.rb now suggests passing an integer to verify_account_grace_period instead of ActiveSupport::Duration, which is necessary when using the JWT feature (thanks to @vlado)
• The generated app/misc/rodauth_main.rb now sets password_minimum_length 8 as per OWASP recommendation (Rodauth's default is 6 characters), and sets password_maximum_bytes 72 due to bcrypt truncating inputs longer than 72 bytes (not needed when using argon2).
• Use pass roda plugin for automatic prefix routing after all, to prevent possible incorrect routing of custom Roda routes after Rodauth, due to request.remaining_path not being reset. It is unlikely that anyone has custom Roda routes defined in a Rails app, but it's better to have correct behaviour.

1.6.2

• The Active Record migrations now match the precision of CURRENT_TIMESTAMP default column values with the column type precision on MySQL and Rails 7.0+ (which is 6). This should avoid statement errors when running the migrations.

1.6.1

• The argument errors when calling RodauthMailer in default generated Rodauth configuration have now been fixed. This was a regression introduced in a previous release, where the default Rodauth configuration wasn't updated after making the configuration name a required argument in RodauthMailer methods.

1.6.0

• The current_account controller method doesn't redirect to the login page anymore when the current account was not found (not logged in, closed account, or deleted account record), and instead it returns nil in this case. This should make the behaviour less surprising, and work better with gems such as Audited, which expects the method for retrieving the current account to return nil.

  Applications that currently rely on current_account to redirect when there is no current account will need to be updated. In most cases, replacing rodauth.require_authenication with rodauth.require_account should be sufficient, with the active_sessions feature being a more robust solution. Given that the current_account method will clear the session if it contains the account ID of a closed/deleted account, any errors that happen should disappear on next page visit.

• The gem now works without Action Mailer being loaded. In this case, no email configuration is changed, so Rodauth's default behaviour will be called, which is to use the Mail gem directly. Loading the Mail gem can be skipped by setting require_mail? false in the Rodauth configuration.

• The Active Record migrations should now generate functional schema when using the activerecord-sqlserver-adapter gem, by avoiding creating IDENTITY columns for tables where the id column is both a primary and foreign key.

• The configuration name in the generated RodauthMailer methods is now a required argument, which should avoid Rubocop complaints.

v1.5.5

• The #current_account method doesn't raise ArgumentError anymore when called without being logged in (thanks to @benkoshy).
• The rodauth:views generator now aborts when unknown feature was specified.
• The rodauth:migration generator now aborts when unknown feature was specified.

v1.5.4

• When using Sequel as the primary database library, the generated migration now stores password hashes in the accounts table (instead of in a separate table), and creates an integer status column, which is compatible with the generated configuration and consistent with Active Record.

• The generated accounts.yml fixture now uses enum string values for status column, e.g. "verified" instead of 2.

• The fixture is now generated in test/fixtures instead of app/test/fixtures, and when using RSpec it's generated in spec/fixtures (thanks to @benkoshy).

v1.5.3

Yanked

v1.5.2

• The list of endpoints in rodauth:routes now includes available HTTP verbs, and excludes routes that have been disabled (by setting *_route configuration to nil).

  GET/POST  /login                   rodauth.login_path
  GET/POST  /create-account          rodauth.create_account_path
  GET/POST  /verify-account-resend   rodauth.verify_account_resend_path
  GET/POST  /verify-account          rodauth.verify_account_path
  POST      /email-auth-request      rodauth.email_auth_request_path
  GET/POST  /email-auth              rodauth.email_auth_path
  GET/POST  /remember                rodauth.remember_path
  GET/POST  /logout                  rodauth.logout_path
  GET/POST  /reset-password-request  rodauth.reset_password_request_path
  GET/POST  /reset-password          rodauth.reset_password_path
  GET/POST  /change-password         rodauth.change_password_path
  GET/POST  /change-login            rodauth.change_login_path
  GET/POST  /verify-login-change     rodauth.verify_login_change_path
  GET/POST  /confirm-password        rodauth.confirm_password_path
  GET       /multifactor-manage      rodauth.two_factor_manage_path
  GET       /multifactor-auth        rodauth.two_factor_auth_path
  GET/POST  /multifactor-disable     rodauth.two_factor_disable_path
  GET/POST  /otp-auth                rodauth.otp_auth_path
  GET/POST  /otp-setup               rodauth.otp_setup_path
  GET/POST  /otp-disable             rodauth.otp_disable_path
  GET/POST  /sms-request             rodauth.sms_request_path
  GET/POST  /sms-auth                rodauth.sms_auth_path
  GET/POST  /sms-setup               rodauth.sms_setup_path
  GET/POST  /sms-confirm             rodauth.sms_confirm_path
  GET/POST  /sms-disable             rodauth.sms_disable_path
  GET/POST  /recovery-auth           rodauth.recovery_auth_path
  GET/POST  /recovery-codes          rodauth.recovery_codes_path
  GET/POST  /close-account           rodauth.close_account_path
  POST      /unlock-account-request  rodauth.unlock_account_request_path
  GET/POST  /unlock-account          rodauth.unlock_account_path
  

• The rodauth:install generator now generates an accounts.yml fixture, which contains two verified accounts (thanks to @benkoshy).

• When using newrelic_rpm gem instrumentation, the undefined method controller_path error has now been fixed.

• The Rodauth dependency version has been bumped to 2.25+, since the version 2.25 properly handles disabled routes, by excluding them from route_hash.