Closed janko closed 2 years ago
This breaks backwards compatibility, because these methods are exposed as auth methods and are overridable in the Rodauth configuration. There would definitely be arity breakage for users passing lambdas to the related configuration methods. I doubt there is much of that. However, there is also semantic breakage. If users are using the configuration methods, and not expecting the key to be passed in, they could generate their own key different from the passed in key.
I realize this could make things easier for rodauth-rails, but I don't think it's worth breaking compatibility for that.
OK, that makes sense, I didn't realize it would break backwards compatibility. Thanks to Rodauth's consistent naming convention, below is what I ended up with, but I'd welcome any suggestions if someone sees area for improvement 🙂
class RodauthMain < Rodauth::Rails::Auth
configure do
create_verify_account_email do
RodauthMailer.verify_account(self.class.configuration_name, account_id, verify_account_key_value)
end
create_reset_password_email do
RodauthMailer.reset_password(self.class.configuration_name, account_id, reset_password_key_value)
end
# ...
end
end
class RodauthMailer < ApplicationMailer
def verify_account(name, account_id, key)
@email_link = email_link(name, :verify_account, account_id, key)
@account = Account.find(account_id)
mail to: @account.email, subject: rodauth(name).verify_account_email_subject
end
def reset_password(name, account_id, key)
@email_link = email_link(name, :reset_password, account_id, key)
@account = Account.find(account_id)
mail to: @account.email, subject: rodauth(name).reset_password_email_subject
end
# ...
private
def email_link(name, action, account_id, key)
instance = rodauth(name)
instance.instance_variable_set(:@account, { id: account_id })
instance.instance_variable_set(:"@#{action}_key_value", key)
instance.public_send(:"#{action}_email_link")
end
def rodauth(name)
RodauthApp.rodauth(name).allocate
end
end
This makes it easier to call the
*_email_link
methods outside of a request, which is fairly common because emails are typically delivered in a background job.Background
In rodauth-rails, the generated Rodauth configuration currently overrides the email methods to call Action Mailer, which also support delaying the email delivery into a background job. Originally, it was passing the email links directly to mailer arguments (which would end up as background job arguments), but that had issues in API + SPA scenario where the SPA lives on a different subdomain, and I also realized it's probably not secure to include tokens in background job arguments.
Then I switched to sending only account ID and raw keys, and generated the email link manually:
Now I would like to update the generated configuration to automatically work for any configuration, because I expect that authentication emails might largely be shared between different configurations, so it could make sense to use the same mailer. This complicates the logic, so I was exploring whether I could simplify email link generation by reusing Rodauth's methods. If these changes are merged, it would allow me to do the following: