Releases: janko/rodauth-rails
1.7.0: Tailwind CSS support
Tailwind CSS view templates have been added to the rodauth:views
generator, which can be imported by passing the --css=tailwind
option to the generator (this is the default when using tailwindcss-rails).
$ rails generate rodauth:views --css=tailwind
Both light mode and dark mode are supported 🌘 Thanks to @benkoshy for the initial work! 🙏🏻
tailwind-light-dark.mov
1.6.4
- The generated logout form no longer logs out all active sessions by default. This was fixed by passing
include_hidden: false
to the global logout checkbox builder. - The generated mailer has been redesigned to expose the Rodauth object, allowing for greater flexibility when wanting to call other Rodauth methods.
- The email configuration for password_reset_notify feature has been added to the install generator, commented out as this feature is not enabled by default.
- The
#rails_account
method can now be called on a Rodauth object that was allocated directly and that has@account
set.
1.6.3
- The generated
app/misc/rodauth_main.rb
now suggests passing an integer toverify_account_grace_period
instead ofActiveSupport::Duration
, which is necessary when using the JWT feature (thanks to @vlado) - The generated
app/misc/rodauth_main.rb
now setspassword_minimum_length 8
as per OWASP recommendation (Rodauth's default is 6 characters), and setspassword_maximum_bytes 72
due to bcrypt truncating inputs longer than 72 bytes (not needed when using argon2). - Use
pass
roda plugin for automatic prefix routing after all, to prevent possible incorrect routing of custom Roda routes after Rodauth, due torequest.remaining_path
not being reset. It is unlikely that anyone has custom Roda routes defined in a Rails app, but it's better to have correct behaviour.
1.6.2
1.6.1
- The argument errors when calling
RodauthMailer
in default generated Rodauth configuration have now been fixed. This was a regression introduced in a previous release, where the default Rodauth configuration wasn't updated after making the configuration name a required argument inRodauthMailer
methods.
1.6.0
-
The
current_account
controller method doesn't redirect to the login page anymore when the current account was not found (not logged in, closed account, or deleted account record), and instead it returnsnil
in this case. This should make the behaviour less surprising, and work better with gems such as Audited, which expects the method for retrieving the current account to returnnil
.Applications that currently rely on
current_account
to redirect when there is no current account will need to be updated. In most cases, replacingrodauth.require_authenication
withrodauth.require_account
should be sufficient, with theactive_sessions
feature being a more robust solution. Given that thecurrent_account
method will clear the session if it contains the account ID of a closed/deleted account, any errors that happen should disappear on next page visit. -
The gem now works without Action Mailer being loaded. In this case, no email configuration is changed, so Rodauth's default behaviour will be called, which is to use the Mail gem directly. Loading the Mail gem can be skipped by setting
require_mail? false
in the Rodauth configuration. -
The Active Record migrations should now generate functional schema when using the
activerecord-sqlserver-adapter
gem, by avoiding creating IDENTITY columns for tables where theid
column is both a primary and foreign key. -
The configuration name in the generated
RodauthMailer
methods is now a required argument, which should avoid Rubocop complaints.
v1.5.5
v1.5.4
-
When using Sequel as the primary database library, the generated migration now stores password hashes in the
accounts
table (instead of in a separate table), and creates an integer status column, which is compatible with the generated configuration and consistent with Active Record. -
The generated
accounts.yml
fixture now uses enum string values forstatus
column, e.g. "verified" instead of2
. -
The fixture is now generated in
test/fixtures
instead ofapp/test/fixtures
, and when using RSpec it's generated inspec/fixtures
(thanks to @benkoshy).
v1.5.3
v1.5.2
-
The list of endpoints in
rodauth:routes
now includes available HTTP verbs, and excludes routes that have been disabled (by setting*_route
configuration tonil
).GET/POST /login rodauth.login_path GET/POST /create-account rodauth.create_account_path GET/POST /verify-account-resend rodauth.verify_account_resend_path GET/POST /verify-account rodauth.verify_account_path POST /email-auth-request rodauth.email_auth_request_path GET/POST /email-auth rodauth.email_auth_path GET/POST /remember rodauth.remember_path GET/POST /logout rodauth.logout_path GET/POST /reset-password-request rodauth.reset_password_request_path GET/POST /reset-password rodauth.reset_password_path GET/POST /change-password rodauth.change_password_path GET/POST /change-login rodauth.change_login_path GET/POST /verify-login-change rodauth.verify_login_change_path GET/POST /confirm-password rodauth.confirm_password_path GET /multifactor-manage rodauth.two_factor_manage_path GET /multifactor-auth rodauth.two_factor_auth_path GET/POST /multifactor-disable rodauth.two_factor_disable_path GET/POST /otp-auth rodauth.otp_auth_path GET/POST /otp-setup rodauth.otp_setup_path GET/POST /otp-disable rodauth.otp_disable_path GET/POST /sms-request rodauth.sms_request_path GET/POST /sms-auth rodauth.sms_auth_path GET/POST /sms-setup rodauth.sms_setup_path GET/POST /sms-confirm rodauth.sms_confirm_path GET/POST /sms-disable rodauth.sms_disable_path GET/POST /recovery-auth rodauth.recovery_auth_path GET/POST /recovery-codes rodauth.recovery_codes_path GET/POST /close-account rodauth.close_account_path POST /unlock-account-request rodauth.unlock_account_request_path GET/POST /unlock-account rodauth.unlock_account_path
-
The
rodauth:install
generator now generates anaccounts.yml
fixture, which contains two verified accounts (thanks to @benkoshy). -
When using
newrelic_rpm
gem instrumentation, the undefined methodcontroller_path
error has now been fixed. -
The Rodauth dependency version has been bumped to 2.25+, since the version 2.25 properly handles disabled routes, by excluding them from
route_hash
.