← Back to list
Basic Account (
Admin Account (
Customer Account (
plutonium-rodauth
by radioactive-labs
Build production-ready Rails apps in minutes, not days. Convention-driven, fully customizable, AI-ready.
⭐ 52🍴 7📅 Jan 23, 2026
Run in ManusSKILL.md
name: plutonium-rodauth description: Plutonium Rodauth integration - authentication setup, account types, and configuration
Plutonium Rodauth Authentication
Plutonium integrates with Rodauth via rodauth-rails for authentication. This provides a full-featured, secure authentication system.
Installation
Step 1: Install Rodauth Base
rails generate pu:rodauth:install
This installs:
- Required gems (
rodauth-rails,bcrypt,sequel-activerecord_connection) app/rodauth/rodauth_app.rb- Main Roda appapp/rodauth/rodauth_plugin.rb- Base pluginapp/controllers/rodauth_controller.rb- Base controllerconfig/initializers/rodauth.rb- Configurationapp/views/layouts/rodauth.html.erb- Auth layout- PostgreSQL extension migration (if using PostgreSQL)
Step 2: Create Account Type
Choose the appropriate generator for your use case:
# Basic user account
rails generate pu:rodauth:account user
# Admin with 2FA and security features
rails generate pu:rodauth:admin admin
# Customer with entity association
rails generate pu:rodauth:customer customer
Account Generators
Basic Account (pu:rodauth:account)
Creates a standard user account with configurable features:
rails generate pu:rodauth:account user [options]
Options:
| Option | Description |
|---|---|
--defaults | Enable default features (login, logout, remember, password reset) |
--kitchen_sink | Enable ALL available features |
--primary | Mark as primary account (no URL prefix) |
--no-mails | Skip mailer setup |
--argon2 | Use Argon2 instead of bcrypt for password hashing |
--api_only | Configure for JSON API only (no sessions) |
Feature Options:
| Option | Default | Description |
|---|---|---|
--login | ✓ | Login functionality |
--logout | ✓ | Logout functionality |
--remember | ✓ | "Remember me" cookies |
--create_account | ✓ | User registration |
--verify_account | ✓ | Email verification |
--reset_password | ✓ | Password reset via email |
--change_password | ✓ | Change password |
--change_login | ✓ | Change email |
--verify_login_change | ✓ | Verify email change |
--otp | TOTP two-factor auth | |
--webauthn | WebAuthn/passkeys | |
--recovery_codes | Recovery codes for 2FA | |
--lockout | Account lockout after failed attempts | |
--active_sessions | Track active sessions | |
--audit_logging | Audit authentication events | |
--close_account | Allow account deletion | |
--email_auth | Passwordless login via email | |
--sms_codes | SMS-based 2FA | |
--jwt | JWT token authentication | |
--jwt_refresh | JWT refresh tokens |
Admin Account (pu:rodauth:admin)
Creates a secure admin account with:
- Multi-phase login (email first, then password)
- TOTP two-factor authentication (required)
- Recovery codes
- Account lockout
- Active sessions tracking
- Audit logging
- No public signup (accounts created via rake task)
rails generate pu:rodauth:admin admin
Creates rake task:
# Create admin account
rails rodauth_admin:create[admin@example.com,password123]
Customer Account (pu:rodauth:customer)
Creates a customer account with an associated entity (organization/company):
rails generate pu:rodauth:customer customer
rails generate pu:rodauth:customer customer --entity=Organization
rails generate pu:rodauth:customer customer --no-allow_signup
Options:
| Option | Description |
|---|---|
--entity=NAME | Entity model name (default: "Entity") |
--no-allow_signup | Disable public registration |
This creates:
- Customer account model
- Entity model (Organization, Company, etc.)
- Membership join model
- Has-many-through associations
Connecting Auth to Controllers
Include in Resource Controller
# app/controllers/resource_controller.rb
class ResourceController < PlutoniumController
include Plutonium::Resource::Controller
include Plutonium::Auth::Rodauth(:user) # Use :user account
end
Multiple Account Types
# app/controllers/admin_controller.rb
class AdminController < PlutoniumController
include Plutonium::Resource::Controller
include Plutonium::Auth::Rodauth(:admin)
end
# app/controllers/customer_controller.rb
class CustomerController < PlutoniumController
include Plutonium::Resource::Controller
include Plutonium::Auth::Rodauth(:customer)
end
What It Provides
Including Plutonium::Auth::Rodauth(:name) adds:
| Method | Description |
|---|---|
current_user | The authenticated account |
logout_url | URL to logout |
plutonium-rodauth | Access to Rodauth instance |
Generated Files
Account Structure
app/
├── controllers/
│ └── rodauth/
│ └── user_controller.rb # Account-specific controller
├── mailers/
│ └── rodauth/
│ └── user_mailer.rb # Account-specific mailer
├── models/
│ └── user.rb # Account model
├── rodauth/
│ ├── rodauth_app.rb # Main Roda app
│ ├── rodauth_plugin.rb # Base plugin
│ └── user_rodauth_plugin.rb # Account-specific config
├── policies/
│ └── user_policy.rb # Account policy
├── definitions/
│ └── user_definition.rb # Account definition
└── views/
├── layouts/
│ └── rodauth.html.erb # Auth layout
└── rodauth/
└── user_mailer/ # Email templates
├── reset_password.text.erb
├── verify_account.text.erb
└── ...
Plugin Configuration
# app/rodauth/user_rodauth_plugin.rb
class UserRodauthPlugin < RodauthPlugin
configure do
# Features enabled for this account
enable :login, :logout, :remember, :create_account, ...
# URL prefix (non-primary accounts)
prefix "/users"
# Password storage
account_password_hash_column :password_hash
# Controller for views
rails_controller { Rodauth::UserController }
# Model
rails_account_model { User }
# Redirects
login_redirect "/"
logout_redirect "/"
# Session configuration
session_key "_user_session"
remember_cookie_key "_user_remember"
end
end
Customization
Custom Login Redirect
# app/rodauth/user_rodauth_plugin.rb
configure do
login_redirect { "/dashboard" }
# Or dynamically based on user
login_redirect do
if rails_account.admin?
"/admin"
else
"/dashboard"
end
end
end
Custom Validation
configure do
# Add custom field validation
before_create_account do
throw_error_status(422, "name", "must be present") if param("name").empty?
end
# After account creation
after_create_account do
Profile.create!(account_id: account_id, name: param("name"))
end
end
Password Requirements
configure do
# Minimum length
password_minimum_length 12
# Custom complexity
password_meets_requirements? do |password|
super(password) && password.match?(/\d/) && password.match?(/[^a-zA-Z\d]/)
end
end
Multi-Phase Login
configure do
# Ask for email first, then password
use_multi_phase_login? true
end
Prevent Public Signup
configure do
before_create_account_route do
request.halt unless internal_request?
end
end
Email Configuration
Emails are sent via Action Mailer. Configure delivery in your environment:
# config/environments/production.rb
config.action_mailer.delivery_method = :smtp
config.action_mailer.smtp_settings = {
address: "smtp.example.com",
port: 587,
user_name: ENV["SMTP_USER"],
password: ENV["SMTP_PASSWORD"]
}
Custom Email Templates
Override templates in app/views/rodauth/user_mailer/:
<%# app/views/rodauth/user_mailer/reset_password.text.erb %>
Hi <%= @account.email %>,
Someone requested a password reset for your account.
Reset your password: <%= @reset_password_url %>
If you didn't request this, ignore this email.
Portal Integration
Selecting Auth for Portal
When generating a portal, select the Rodauth account:
rails generate pu:pkg:portal admin
# Select "Rodauth account" when prompted
# Choose "admin" account
Manual Portal Auth Setup
# packages/admin_portal/lib/engine.rb
module AdminPortal
class Engine < Rails::Engine
include Plutonium::Portal::Engine
# Require authentication
config.before_initialize do
config.to_prepare do
AdminPortal::ResourceController.class_eval do
include Plutonium::Auth::Rodauth(:admin)
before_action :require_authenticated
private
def require_authenticated
redirect_to rodauth.login_path unless current_user
end
end
end
end
end
end
API Authentication
For JSON API authentication:
rails generate pu:rodauth:account api_user --api_only --jwt --jwt_refresh
This enables:
- JWT token authentication
- Refresh tokens
- No session/cookie handling
Using JWT
# Login
POST /api_users/login
Content-Type: application/json
{"login": "user@example.com", "password": "secret"}
# Response includes JWT
{"access_token": "...", "refresh_token": "..."}
# Authenticated requests
GET /api/posts
Authorization: Bearer <access_token>
Internal Requests
Create accounts programmatically:
# Using internal request
Rodauth::Rails.app(:user).rodauth(:user).create_account(
login: "user@example.com",
password: "secure_password"
)
# Or via model (if allowed)
User.create!(
email: "user@example.com",
password_hash: BCrypt::Password.create("secure_password"),
status: 2 # verified
)
Feature Reference
| Feature | Description |
|---|---|
login | Basic login/logout |
create_account | User registration |
verify_account | Email verification |
reset_password | Password reset via email |
change_password | Change password when logged in |
change_login | Change email address |
verify_login_change | Verify email change |
remember | "Remember me" functionality |
otp | TOTP two-factor authentication |
sms_codes | SMS-based 2FA |
recovery_codes | Backup codes for 2FA |
webauthn | WebAuthn/passkey authentication |
lockout | Lock account after failed attempts |
active_sessions | Track/manage active sessions |
audit_logging | Log authentication events |
email_auth | Passwordless email login |
jwt | JWT token authentication |
jwt_refresh | JWT refresh tokens |
close_account | Allow account deletion |
password_expiration | Force password changes |
disallow_password_reuse | Prevent password reuse |
Related Skills
plutonium-installation- Initial Plutonium setupplutonium-portal- Portal configurationplutonium-policy- Authorization after authentication
Score
Total Score
75/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
✓LICENSE
ライセンスが設定されている
+10
✓説明文
100文字以上の説明がある
+10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
