customizing built-in pages for rodauth / issues with using HAML in Roda

[jf]

1. is there a way to customize the standard HTML that rodauth gives you (e.g. for /login, /logout, etc.)?

2. (resolved, sort of; see follow-up comment below) I'm noticing with HAML (using plugin :render, engine: 'haml' in roda) that instead of getting the actual HTML, I get escaped HTML (so for /login, I get this: <form method="post" class="rodauth" role="form" id="login-form"> ...). I'm still trying to figure this out, and I know this is sort of a HAML thing... but I am also hoping that I can resolve this easily, so that I dont have to switch to using ERB just because rodauth is.

[jf]

2. I'm noticing with HAML (using plugin :render, engine: 'haml' in roda) that instead of getting the actual HTML, I get escaped HTML (so for /login, I get this: <form method="post" class="rodauth" role="form" id="login-form"> ...). I'm still trying to figure this out, and I know this is sort of a HAML thing... but I am also hoping that I can resolve this easily, so that I dont have to switch to using ERB just because rodauth is.

Found a fix for this. So this is an option for HAML (yay): use != to not escape the HTML (but of course, this means u need to trust the source...): https://haml.info/docs/yardoc/file.REFERENCE.html#unescaping_html

Still hoping for a way to customize the rodauth views though, so I can avoid this !=

[jf]

re 1, so my first thought was to customize my own local version of the gem, since it looks like the templates come from the templates/ dir... but that's not exactly the best solution.

And then I see this in the CHANGELOG which gives me some hope:

=== 2.27.0 (2023-01-24)

...

* Allow button template to be overridden just as other templates can be (jeremyevans) (#280)

But I am not seeing any good writeup in the docs for how to go about doing this. And the mentioned #280 doesn't provide much help either.

[jf]

Finally found http://rodauth.jeremyevans.net/rdoc/files/doc/login_rdoc.html (after seeing mention of login_view from #5 (comment)).

I have 2 new questions now:

1. how do I practically do this in a Roda app? do I have to move away from using rodauth.require_authentication, and write more granular code? I'm not sure exactly how at this point in time.
2. what are "Auth Value Methods", vs "Auth Methods"?

[jeremyevans]

rodauth.require_authentication should still be used to enforce the authentication session. All it does is redirect to the login page if not authenticated (or the two-factor auth page if user is logged in and has enabled two factor authentication but is not authenticated by two factors).

In terms of finding the template to render, Rodauth always checks first if you have defined the template in your application, if you have haml as the default render engine in your Roda app, that would be login.haml in the root of your views directory. An alternative approach is overriding login_view, as you mentioned.

The difference between auth methods and auth value methods is that auth value methods also allow specifying a value during configuration, while auth methods require a block. Auth value methods are used for things that may not depend on the currently logged in user. For example, in your rodauth configuration, as base_url is an auth value method, you can do:

base_url "https://something.com"

# or

base_url do
  "https://something.com"
end

However, as logged_in? is an auth method, you can do:

logged_in? do
  true
end

But you cannot do:

logged_in? true

Because the value of logged_in? should always depend on the current session.

[colmexdev]

Hi there!, now messing a bit with this gem.

In terms of finding the template to render, Rodauth always checks first if you have defined the template in your application, if you have haml as the default render engine in your Roda app, that would be login.haml in the root of your views directory. An alternative approach is overriding login_view, as you mentioned.

Is there a way to override the layout taken for login form rendering? I tried overriding login_view method calling view with a layout parameter, but to no avail:

login_view do
  view("custom_login", layout: "custom_layout")
end

And it of course takes custom_login.erb when listed inside views folder, but takes the default layout (which I don't want to use).

Thank you in advance!

[jeremyevans]

Maybe try scope.view("custom_login", layout: "custom_layout")? If you call view, you are calling a Rodauth method that treats the second argument as the page title. If you call scope.view, you are calling a Roda method that should treat the second argument as options for the render.

[jf]

rodauth.require_authentication should still be used to enforce the authentication session. All it does is redirect to the login page if not authenticated (or the two-factor auth page if user is logged in and has enabled two factor authentication but is not authenticated by two factors).

thank you.

In terms of finding the template to render, Rodauth always checks first if you have defined the template in your application, if you have haml as the default render engine in your Roda app, that would be login.haml in the root of your views directory. An alternative approach is overriding login_view, as you mentioned.

this is great, thank you!

It looks to me (at least based on one quick test, overriding login-field.str with a login-field.haml; but I believe I would be correct) that you can pretty much customize each template that you require. Is this correct?

Also for my own curiosity, would the code for checking for templates be in lib/rodauth/features/base.rb, def render?

The difference between auth methods and auth value methods is that auth value methods also allow specifying a value during configuration, while auth methods require a block. Auth value methods are used for things that may not depend on the currently logged in user. For example, in your rodauth configuration, as base_url is an auth value method, you can do:

base_url "https://something.com"

# or

base_url do
  "https://something.com"
end

However, as logged_in? is an auth method, you can do:

logged_in? do
  true
end

But you cannot do:

logged_in? true

Because the value of logged_in? should always depend on the current session.

thank you. Could you help me understand where the code would be for these methods (both auth, and auth value)? as an example, I tried to search for def login_additional_form_tags, and def login_view; but there is no match in the code.

[jeremyevans]

It looks to me (at least based on one quick test, overriding login-field.str with a login-field.haml; but I believe I would be correct) that you can pretty much customize each template that you require. Is this correct?

Correct.

Also for my own curiosity, would the code for checking for templates be in lib/rodauth/features/base.rb, def render?

It's in _template_opts in that file.

thank you. Could you help me understand where the code would be for these methods (both auth, and auth value)? as an example, I tried to search for def login_additional_form_tags, and def login_view; but there is no match in the code.

Rodauth heavily uses metaprogramming internally to reduce duplication as well as provide simple configuration to the user. A brief overview is at https://rodauth.jeremyevans.net/rdoc/files/doc/guides/internals_rdoc.html. For full details, you would want to review lib/rodauth.rb.

[jf]

thank you again, Jeremy! Specifically on customizing the login page, is it possible to only have one password input for the create-account page? My thought is to make the registration process less painful and if a mistake is made on the password entry, the user can always do a reset if they keyed in the password wrongly.

[jeremyevans]

require_password_confirmation? false in the Rodauth configuration will handle that.