authentication-zero 0.0.21 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e4508d502f129d12c259168c7dc3076ae69adfc30622d512b52069a29bd677d7
-  data.tar.gz: f845c72250632ffaa4253ec6a51efee05ed7df67b6dff9ae153ccfc301a3f701
+  metadata.gz: 30572c49dd754b2b621acf5adad550f2ad179f3bb3af559748e296b16b04c529
+  data.tar.gz: 569ac3a9411562d1a2bf5ee049b3cbf1350fc43cc1a2a5e837ca421f7994ae63
 SHA512:
-  metadata.gz: 07e8a137c6fcb03ce1de75f40a901d9df43038dc15086efc128ec5f727c160b4109e3956232acbd166948dc4ed01b2309aa868758fe578adc33afa706f318a8f
-  data.tar.gz: 0b8c33acc4d57eae5cd0fc4ff9272129f01eee5f42cd0f864d55411111b432ffed69c0693dcce1f5e96f83756b3b752af6366242fe58662ed95fcc7146c3ff16
+  metadata.gz: a78c56a451d289464bb25e4d86f1765a5c74c032f2c19aaa7268cb3653680fdb7bae3242c911f3d7d6402d3cd22d771ab9cef1316866b8fd6d89ecf6991d2772
+  data.tar.gz: 7e245a32b1150f57ceb6941cdffce360cf9ac67d49ef583b4e5e1d6ee0afcb0d593b7c2afb67e66369f77ede9f8c347203d109537e26c184fd25ce1c8ddb0765

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (0.0.21)
+    authentication-zero (1.0.0)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -19,31 +19,26 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 
 - [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password): Adds methods to set and authenticate against a BCrypt password.
 - [has_secure_token](https://api.rubyonrails.org/classes/ActiveRecord/SecureToken/ClassMethods.html#method-i-has_secure_token): Adds methods to generate unique tokens.
-- [encrypts](https://guides.rubyonrails.org/active_record_encryption.html) Encrypts the session_token on database so if an attacker gained access to your database, a snapshot of it, or your application logs, they wouldn't be able to make sense of the encrypted information.
+- [signed cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from the cookie again.
 - [httponly cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): A cookie with the httponly attribute is inaccessible to the JavaScript, this precaution helps mitigate cross-site scripting (XSS) attacks.
 - [signed_id](https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html): Returns a signed id that is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
 - [Current attributes](https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html): Abstract super class that provides a thread-isolated attributes singleton, which resets automatically before and after each request.
 - [Callbacks](https://api.rubyonrails.org/classes/ActiveRecord/Callbacks.html): We use callbacks to send emails after changing an email or password.
 - [Action mailer](https://api.rubyonrails.org/classes/ActionMailer/Base.html): Action Mailer allows you to send email from your application using a mailer model and views.
 - [Log filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
+- [Functional Tests](https://guides.rubyonrails.org/testing.html#functional-tests-for-your-controllers): In Rails, testing the various actions of a controller is a form of writing functional tests.
+- [System Testing](https://guides.rubyonrails.org/testing.html#system-testing): System tests allow you to test user interactions with your application, running tests in either a real or a headless browser.
 
 ## Installation
 
 Add this lines to your application's Gemfile:
 
 ```ruby
-gem "bcrypt"
 gem "authentication-zero"
 ```
 
 Then run `bundle install`
 
-First, you need to [set up active record encryption](https://guides.rubyonrails.org/active_record_encryption.html#setup), you must generate your keys and put them in your credentials:
-```
-$ rails db:encryption:init
-$ rails credentials:edit
-```
-
 You'll need to set the root path in your routes.rb, for this example let's use the following:
 
 ```ruby
@@ -88,6 +83,8 @@ config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
 $ rails generate authentication user
 ```
 
+Then run `bundle install` again!
+
 ## Development
 
 To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "0.0.21"
+  VERSION = "1.0.0"
 end

data/lib/generators/authentication/USAGE

@@ -1,6 +1,11 @@
 Description:
-    The purpose of authentication zero is to generate a pre-built authentication system into a rails application that follows both security and rails best practices.
-    By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
+    The purpose of authentication zero is to generate a pre-built
+    authentication system into a rails application that
+    follows both security and rails best practices.
+
+    By generating code into the user's application
+    instead of using a library, the user has complete freedom
+    to modify the authentication system so it works best with their app.
 
 Example:
     bin/rails generate authentication user

data/lib/generators/authentication/authentication_generator.rb

@@ -1,84 +1,127 @@
 require "rails/generators/active_record"
 
 class AuthenticationGenerator < Rails::Generators::NamedBase
-  include ActiveRecord::Generators::Migration
-
   class_option :api, type: :boolean, desc: "Generates API authentication"
 
+  class_option :migration, type: :boolean
+  class_option :test_framework, type: :string, desc: "Test framework to be invoked"
+
+  class_option :fixture, type: :boolean
+  class_option :system_tests, type: :string, desc: "Skip system test files"
+
+  class_option :skip_routes, type: :boolean
+  class_option :template_engine, type: :string, desc: "Template engine to be invoked"
+
   source_root File.expand_path("templates", __dir__)
 
-  def create_controllers
-    if options.api
-      directory "controllers/api", "app/controllers"
-    else
-      directory "controllers/html", "app/controllers"
+  def add_bcrypt
+    uncomment_lines "Gemfile", /bcrypt/
+  end
+
+  def create_migration
+    if options.migration
+      invoke "migration", ["create_#{table_name}", "email:string:uniq", "password:digest", "session_token:string:uniq"]
     end
   end
 
-  def create_mailers
-    template "mailers/email_mailer.rb", "app/mailers/email_mailer.rb"
-    template "mailers/password_mailer.rb", "app/mailers/password_mailer.rb"
+  def create_models
+    template "models/model.rb", "app/models/#{file_name}.rb"
+    template "models/current.rb", "app/models/current.rb"
+  end
+
+  hook_for :fixture_replacement
+
+  def create_fixture_file
+    if options.fixture
+      template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
+    end
+  end
+
+  def add_application_controller_methods
+    api_code = <<~CODE
+      include ActionController::HttpAuthentication::Token::ControllerMethods
+
+      before_action :authenticate
+
+      private
+        def authenticate
+          authenticate_or_request_with_http_token do |token, _options|
+            Current.#{singular_table_name} = #{class_name}.find_signed_session_token(token)
+          end
+        end
+    CODE
+
+    html_code = <<~CODE
+      before_action :authenticate
+
+      private
+        def authenticate
+          if #{singular_table_name} = #{class_name}.find_by_session_token(cookies.signed[:session_token])
+            Current.#{singular_table_name} = #{singular_table_name}
+          else
+            redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+          end
+        end
+    CODE
+
+    inject_code = options.api? ? api_code : html_code
+    inject_into_class "app/controllers/application_controller.rb", "ApplicationController", optimize_indentation(inject_code, 2), verbose: false
+  end
+
+  def create_controllers
+    directory "controllers/#{format_folder}", "app/controllers"
   end
 
   def create_views
     if options.api
-      directory "views/email_mailer", "app/views/email_mailer"
-      directory "views/password_mailer", "app/views/password_mailer"
+      directory "#{template_engine}/email_mailer", "app/views/email_mailer"
+      directory "#{template_engine}/password_mailer", "app/views/password_mailer"
     else
-      directory "views", "app/views"
+      directory "#{template_engine}", "app/views"
     end
   end
 
-  def create_models
-    template "models/current.rb", "app/models/current.rb"
-    template "models/resource.rb", "app/models/#{singular_table_name}.rb"
+  def create_mailers
+    directory "mailers", "app/mailers"
   end
 
-  def create_migrations
-    migration_template "migration.rb", "#{db_migrate_path}/create_#{file_name}.rb"
+  def add_routes
+    unless options.skip_routes
+      route "resource :password_resets, only: [:new, :edit, :create, :update]"
+      route "resource :cancellations, only: [:new, :create]"
+      route "resource :passwords, only: [:edit, :update]"
+      route "resource :emails, only: [:edit, :update]"
+      route "delete 'sign_out', to: 'sessions#destroy'"
+      route "post 'sign_up', to: 'registrations#create'"
+      route "get 'sign_up', to: 'registrations#new'" unless options.api?
+      route "post 'sign_in', to: 'sessions#create'"
+      route "get 'sign_in', to: 'sessions#new'" unless options.api?
+    end
   end
 
-  def add_routes
-    route "resource :password_resets, only: [:new, :edit, :create, :update]"
-    route "resource :cancellations, only: [:new, :create]"
-    route "resource :passwords, only: [:edit, :update]"
-    route "resource :emails, only: [:edit, :update]"
-    route "delete 'sign_out', to: 'sessions#destroy'"
-    route "post 'sign_up', to: 'registrations#create'"
-    route "get 'sign_up', to: 'registrations#new'" unless options.api?
-    route "post 'sign_in', to: 'sessions#create'"
-    route "get 'sign_in', to: 'sessions#new'" unless options.api?
+  def create_test_files
+    directory "#{test_framework}/controllers/#{format_folder}", "test/controllers"
+    directory "#{system_tests}/system", "test/system" if system_tests?
   end
 
-  def add_application_controller_methods
-    if options.api?
-      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
-        include ActionController::HttpAuthentication::Token::ControllerMethods
+  private
+    def format_folder
+      options.api ? "api" : "html"
+    end
 
-        before_action :authenticate
+    def template_engine
+      options.template_engine
+    end
 
-        private
-          def authenticate
-            authenticate_or_request_with_http_token do |token, _options|
-              Current.#{singular_table_name} = #{class_name}.find_by_session_token(token)
-            end
-          end
-      CODE
-      end
-    else
-      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
-        before_action :authenticate
-
-        private
-          def authenticate
-            if #{singular_table_name} = #{class_name}.find_by_session_token(cookies[:session_token])
-              Current.#{singular_table_name} = #{singular_table_name}
-            else
-              redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
-            end
-          end
-      CODE
-      end
+    def test_framework
+      options.test_framework
+    end
+
+    def system_tests
+      options.system_tests
+    end
+
+    def system_tests?
+      !options.api? && options.system_tests
     end
-  end
 end

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt

@@ -1,5 +1,6 @@
 class PasswordResetsController < ApplicationController
   skip_before_action :authenticate
+
   before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
 
   def edit
@@ -10,7 +11,7 @@ class PasswordResetsController < ApplicationController
     if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
       PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
     else
-      render json: { error: "The email address doesn't exist in our database" }, status: :bad_request
+      render json: { error: "The email address doesn't exist in our database" }, status: :not_found
     end
   end
 
@@ -24,7 +25,7 @@ class PasswordResetsController < ApplicationController
 
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "password_reset")
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
     rescue ActiveSupport::MessageVerifier::InvalidSignature
       render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
     end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt

@@ -5,7 +5,7 @@ class SessionsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
 
     if @<%= singular_table_name %>.try(:authenticate, params[:password])
-      render json: { session_token: @<%= singular_table_name %>.session_token }
+      render json: { session_token: @<%= singular_table_name %>.signed_session_token }, status: :ok
     else
       render json: { error: "Invalid email or password" }, status: :unauthorized
     end

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt

@@ -1,5 +1,6 @@
 class PasswordResetsController < ApplicationController
   skip_before_action :authenticate
+
   before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
 
   def new
@@ -27,7 +28,7 @@ class PasswordResetsController < ApplicationController
 
   private
     def set_<%= singular_table_name %>
-      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "password_reset")
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
     rescue ActiveSupport::MessageVerifier::InvalidSignature
       redirect_to new_password_resets_path, alert: "Your token has expired, please request a new one"
     end

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt

@@ -9,7 +9,7 @@ class RegistrationsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
 
     if @<%= singular_table_name %>.save
-      cookies[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
+      cookies.signed[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
       redirect_to root_path, notice: "Welcome! You have signed up successfully"
     else
       render :new, status: :unprocessable_entity

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt

@@ -10,9 +10,9 @@ class SessionsController < ApplicationController
 
     if @<%= singular_table_name %>.try(:authenticate, params[:password])
       if params[:remember_me] == "1"
-        cookies.permanent[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
+        cookies.signed.permanent[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
       else
-        cookies[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
+        cookies.signed[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
       end
 
       redirect_to root_path, notice: "Signed in successfully"

data/lib/generators/authentication/templates/mailers/password_mailer.rb.tt

@@ -4,7 +4,7 @@ class PasswordMailer < ApplicationMailer
   end
 
   def reset
-    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "password_reset", expires_in: 20.minutes)
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: :password_reset, expires_in: 20.minutes)
     mail to: params[:<%= singular_table_name %>].email
   end
 end

data/lib/generators/authentication/templates/models/{resource.rb.tt → model.rb.tt}

@@ -1,13 +1,11 @@
 class <%= class_name %> < ApplicationRecord
-  has_secure_password :password
   has_secure_token :session_token
+  has_secure_password
 
   validates :email, presence: true, uniqueness: true
   validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
   validates_length_of :password, minimum: 8, allow_blank: true
 
-  encrypts :session_token, deterministic: true
-
   before_validation do
     self.email = email.downcase.strip
   end
@@ -23,4 +21,19 @@ class <%= class_name %> < ApplicationRecord
       PasswordMailer.with(<%= singular_table_name %>: self).changed.deliver_later
     end
   end
+<% if options.api? %>
+  def signed_session_token
+    Rails.application.message_verifier(:session_token).generate(session_token)
+  end
+
+  def self.find_signed_session_token(signed_session_token)
+    if session_token = Rails.application.message_verifier(:session_token).verified(signed_session_token)
+      find_by_session_token(session_token)
+    end
+  end
+
+  def as_json(options = {})
+    super(options.merge(except: [:password_digest, :session_token]))
+  end
+<% end -%>
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/cancellations_controller_test.rb.tt

@@ -0,0 +1,20 @@
+require "test_helper"
+
+class CancellationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should create cancellation" do
+    assert_difference("<%= class_name %>.count", -1) do
+      post cancellations_url, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :no_content
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+  end  
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt

@@ -0,0 +1,29 @@
+require "test_helper"
+
+class EmailsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should update email" do
+    assert_enqueued_email_with EmailMailer, :changed, args: { change: [@<%= singular_table_name %>.email, "new_email@hey.com"] } do
+      patch emails_url, params: { current_password: "secret123", email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :success
+  end
+
+  test "should not update email with wrong current password" do
+    assert_no_enqueued_emails do
+      patch emails_url, params: { current_password: "wrong_password", email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :bad_request
+    assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+  end  
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt

@@ -0,0 +1,46 @@
+require "test_helper"
+
+class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
+  end
+
+  test "should get edit" do
+    get edit_password_resets_url(token: @sid)
+
+    assert_response :not_found
+    assert_equal "Open this link in your device", response.parsed_body["error"]
+  end
+
+  test "should send a password reset email" do
+    assert_enqueued_email_with PasswordMailer, :reset, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      post password_resets_url, params: { email: @<%= singular_table_name %>.email }
+    end
+
+    assert_response :no_content
+  end
+
+  test "should not send a password reset email to a nonexistent email" do
+    assert_no_enqueued_emails do
+      post password_resets_url, params: { email: "invalid_email@hey.com" }
+    end
+
+    assert_response :not_found
+    assert_equal "The email address doesn't exist in our database", response.parsed_body["error"]
+  end
+
+  test "should update password" do
+    patch password_resets_url, params: { token: @sid, password: "new_password", password_confirmation: "new_password" }
+
+    assert_response :success
+  end
+
+  test "should not update password with expired token" do
+    patch password_resets_url, params: { token: @sid_exp, password: "new_password", password_confirmation: "new_password" }
+
+    assert_response :bad_request
+    assert_equal "Your token has expired, please request a new one", response.parsed_body["error"]
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt

@@ -0,0 +1,29 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should update password" do
+    assert_enqueued_email_with PasswordMailer, :changed, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      patch passwords_url, params: { current_password: "secret123", password: "new_password", password_confirmation: "new_password" }, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :success
+  end
+
+  test "should not update password with wrong current password" do
+    assert_no_enqueued_emails do
+      patch passwords_url, params: { current_password: "wrong_password", password: "new_password", password_confirmation: "new_password" }, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :bad_request
+    assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+  end  
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt

@@ -0,0 +1,11 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "should sign up" do
+    assert_difference("<%= class_name %>.count") do
+      post sign_up_url, params: { email: "lazaronixon@hey.com", password: "secret123", password_confirmation: "secret123" }
+    end
+
+    assert_response :created
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt

@@ -0,0 +1,29 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+  end
+
+  test "should sign in" do
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "secret123" }
+    assert_response :success
+  end
+
+  test "should not sign in with wrong credentials" do
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "wrong_password" }
+    assert_response :unauthorized
+  end
+
+  test "should sign out" do
+    <%= singular_table_name %>, token = sign_in_as(@<%= singular_table_name %>)
+
+    delete sign_out_url, headers: { "Authorization" => "Bearer #{token}" }
+    assert_response :no_content
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/cancellations_controller_test.rb.tt

@@ -0,0 +1,24 @@
+require "test_helper"
+
+class CancellationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should get new" do
+    get new_cancellations_url
+    assert_response :success
+  end
+
+  test "should create cancellation" do
+    assert_difference("<%= class_name %>.count", -1) do
+      post cancellations_url
+    end
+
+    assert_redirected_to sign_in_url
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt

@@ -0,0 +1,33 @@
+require "test_helper"
+
+class EmailsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should get edit" do
+    get edit_emails_url
+    assert_response :success
+  end
+
+  test "should update email" do
+    assert_enqueued_email_with EmailMailer, :changed, args: { change: [@<%= singular_table_name %>.email, "new_email@hey.com"] } do
+      patch emails_url, params: { current_password: "secret123", <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    end
+
+    assert_redirected_to root_path
+  end
+
+  test "should not update email with wrong current password" do
+    assert_no_enqueued_emails do
+      patch emails_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { email: @<%= singular_table_name %>.email } }
+    end
+
+    assert_redirected_to edit_emails_path
+    assert_equal "The current password you entered is incorrect", flash[:alert]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt

@@ -0,0 +1,49 @@
+require "test_helper"
+
+class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
+  end
+
+  test "should get new" do
+    get new_password_resets_url
+    assert_response :success
+  end
+
+  test "should get edit" do
+    get edit_password_resets_url(token: @sid)
+    assert_response :success
+  end
+
+  test "should send a password reset email" do
+    assert_enqueued_email_with PasswordMailer, :reset, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      post password_resets_url, params: { email: @<%= singular_table_name %>.email }
+    end
+
+    assert_redirected_to sign_in_path
+  end
+
+  test "should not send a password reset email to a nonexistent email" do
+    assert_no_enqueued_emails do
+      post password_resets_url, params: { email: "invalid_email@hey.com" }
+    end
+
+    assert_redirected_to new_password_resets_url(email_hint: "invalid_email@hey.com")
+    assert_equal "The email address doesn't exist in our database", flash[:alert]
+  end
+
+  test "should update password" do
+    patch password_resets_url, params: { token: @sid, <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
+
+    assert_redirected_to sign_in_path
+  end
+
+  test "should not update password with expired token" do
+    patch password_resets_url, params: { token: @sid_exp, password: "new_password", password_confirmation: "new_password" }
+
+    assert_redirected_to new_password_resets_path
+    assert_equal "Your token has expired, please request a new one", flash[:alert]
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt

@@ -0,0 +1,33 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should get edit" do
+    get edit_passwords_url
+    assert_response :success
+  end
+
+  test "should update password" do
+    assert_enqueued_email_with PasswordMailer, :changed, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      patch passwords_url, params: { current_password: "secret123", <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
+    end
+
+    assert_redirected_to root_path
+  end
+
+  test "should not update password with wrong current password" do
+    assert_no_enqueued_emails do
+      patch passwords_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
+    end
+
+    assert_redirected_to edit_passwords_path
+    assert_equal "The current password you entered is incorrect", flash[:alert]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt

@@ -0,0 +1,18 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "should get new" do
+    get sign_up_url
+    assert_response :success
+  end
+
+  test "should sign up" do
+    assert_difference("<%= class_name %>.count") do
+      post sign_up_url, params: { <%= singular_table_name %>: { email: "lazaronixon@hey.com", password: "secret123", password_confirmation: "secret123" } }
+    end
+    assert_redirected_to root_url
+
+    follow_redirect!
+    assert_response :success
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt

@@ -0,0 +1,45 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+  end
+
+  test "should get new" do
+    get sign_in_url
+    assert_response :success
+  end
+
+  test "should sign in" do
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "secret123" }
+    assert_redirected_to root_url
+
+    get root_url
+    assert_response :success
+  end
+
+  test "should not sign in with wrong credentials" do
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "wrong_password" }
+    assert_redirected_to sign_in_url(email_hint: @<%= singular_table_name %>.email)
+    assert_equal "Invalid email or password", flash[:alert]
+
+    get root_url
+    assert_redirected_to sign_in_path
+    assert_equal "You need to sign in or sign up before continuing", flash[:alert]
+  end
+
+  test "should sign out" do
+    sign_in_as @<%= singular_table_name %>
+
+    delete sign_out_url
+    assert_redirected_to sign_in_path
+
+    get root_path
+    assert_redirected_to sign_in_path
+    assert_equal "You need to sign in or sign up before continuing", flash[:alert]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+  end
+end

data/lib/generators/authentication/templates/test_unit/fixtures.yml.tt

@@ -0,0 +1,6 @@
+# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+lazaro_nixon:
+  email: lazaronixon@hotmail.com
+  password_digest: <%%= BCrypt::Password.create("secret123") %>
+  session_token: <%%= SecureRandom.base58(24) %>

data/lib/generators/authentication/templates/test_unit/system/cancellations_test.rb.tt

@@ -0,0 +1,23 @@
+require "application_system_test_case"
+
+class CancellationsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "cancelling my account" do
+    click_on "Cancel my account & delete my data"
+    click_on "OK, close my account"
+
+    assert_text "Bye! Your account has been successfully cancelled"
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "secret123"
+    click_on "Sign in"
+
+    return <%= singular_table_name %>
+  end  
+end

data/lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt

@@ -0,0 +1,26 @@
+require "application_system_test_case"
+
+class EmailsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "updating the email" do
+    click_on "Change email"
+
+    fill_in "Current password", with: "secret123"
+    fill_in "New email", with: "new_email@hey.com"
+    click_on "Save changes"
+
+    assert_text "Your email has been changed successfully"
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "secret123"
+    click_on "Sign in"
+
+    return <%= singular_table_name %>
+  end  
+end

data/lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt

@@ -0,0 +1,28 @@
+require "application_system_test_case"
+
+class PasswordResetsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
+  end
+
+  test "sending a password reset email" do
+    visit sign_in_url
+    click_on "Forgot your password?"
+
+    fill_in "Email", with: @<%= singular_table_name %>.email
+    click_on "Send password reset email"
+
+    assert_text "You will receive an email with instructions on how to reset your password in a few minutes"
+  end
+
+  test "updating password" do
+    visit edit_password_resets_url(token: @sid)
+
+    fill_in "New password", with: "new_password"
+    fill_in "Confirm new password", with: "new_password"
+    click_on "Save changes"
+
+    assert_text "Your password was reset successfully. Please sign in"
+  end
+end

data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt

@@ -0,0 +1,27 @@
+require "application_system_test_case"
+
+class PasswordsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "updating the password" do
+    click_on "Change password"
+
+    fill_in "Current password", with: "secret123"
+    fill_in "New password", with: "new_password"
+    fill_in "Confirm new password", with: "new_password"
+    click_on "Save changes"
+
+    assert_text "Your password has been changed successfully"
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "secret123"
+    click_on "Sign in"
+
+    return <%= singular_table_name %>
+  end  
+end

data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt

@@ -0,0 +1,15 @@
+require "application_system_test_case"
+
+class RegistrationsTest < ApplicationSystemTestCase
+  test "signing up" do
+    visit sign_in_url
+    click_on "Sign up"
+
+    fill_in "Email", with: "lazaronixon@hey.com"
+    fill_in "Password", with: "new_password"
+    fill_in "Password confirmation", with: "new_password"
+    click_on "Sign up"
+
+    assert_text "Welcome! You have signed up successfully"
+  end
+end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt

@@ -0,0 +1,32 @@
+require "application_system_test_case"
+
+class SessionsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+  end
+
+  test "signing in" do
+    visit sign_in_url
+    fill_in "Email", with: @<%= singular_table_name %>.email
+    fill_in "Password", with: "secret123"
+    click_on "Sign in"
+
+    assert_text "Signed in successfully"
+  end
+
+  test "signing out" do
+    sign_in_as @<%= singular_table_name %>
+
+    click_on "Log out"
+    assert_text "Signed out successfully"
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "secret123"
+    click_on "Sign in"
+
+    return <%= singular_table_name %>
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 0.0.21
+  version: 1.0.0
 platform: ruby
 authors:
 - Nixon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-18 00:00:00.000000000 Z
+date: 2022-02-21 00:00:00.000000000 Z
 dependencies: []
 description: 
 email:
@@ -43,24 +43,42 @@ files:
 - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
+- lib/generators/authentication/templates/erb/cancellations/new.html.erb.tt
+- lib/generators/authentication/templates/erb/email_mailer/changed.html.erb.tt
+- lib/generators/authentication/templates/erb/email_mailer/changed.text.erb.tt
+- lib/generators/authentication/templates/erb/emails/edit.html.erb.tt
+- lib/generators/authentication/templates/erb/password_mailer/changed.html.erb.tt
+- lib/generators/authentication/templates/erb/password_mailer/changed.text.erb.tt
+- lib/generators/authentication/templates/erb/password_mailer/reset.html.erb.tt
+- lib/generators/authentication/templates/erb/password_mailer/reset.text.erb.tt
+- lib/generators/authentication/templates/erb/password_resets/edit.html.erb.tt
+- lib/generators/authentication/templates/erb/password_resets/new.html.erb.tt
+- lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt
+- lib/generators/authentication/templates/erb/registrations/new.html.erb.tt
+- lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
 - lib/generators/authentication/templates/mailers/email_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/password_mailer.rb.tt
-- lib/generators/authentication/templates/migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
-- lib/generators/authentication/templates/models/resource.rb.tt
-- lib/generators/authentication/templates/views/cancellations/new.html.erb.tt
-- lib/generators/authentication/templates/views/email_mailer/changed.html.erb.tt
-- lib/generators/authentication/templates/views/email_mailer/changed.text.erb.tt
-- lib/generators/authentication/templates/views/emails/edit.html.erb.tt
-- lib/generators/authentication/templates/views/password_mailer/changed.html.erb.tt
-- lib/generators/authentication/templates/views/password_mailer/changed.text.erb.tt
-- lib/generators/authentication/templates/views/password_mailer/reset.html.erb.tt
-- lib/generators/authentication/templates/views/password_mailer/reset.text.erb.tt
-- lib/generators/authentication/templates/views/password_resets/edit.html.erb.tt
-- lib/generators/authentication/templates/views/password_resets/new.html.erb.tt
-- lib/generators/authentication/templates/views/passwords/edit.html.erb.tt
-- lib/generators/authentication/templates/views/registrations/new.html.erb.tt
-- lib/generators/authentication/templates/views/sessions/new.html.erb.tt
+- lib/generators/authentication/templates/models/model.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/cancellations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/cancellations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/fixtures.yml.tt
+- lib/generators/authentication/templates/test_unit/system/cancellations_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
 homepage: https://github.com/lazaronixon/authentication-zero
 licenses:
 - MIT

data/lib/generators/authentication/templates/migration.rb.tt

@@ -1,14 +0,0 @@
-class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
-  def change
-    create_table :<%= table_name %> do |t|
-      t.string :email, null: false
-      t.string :password_digest, null: false
-      t.string :session_token, null: false
-
-      t.timestamps
-    end
-
-    add_index :<%= table_name %>, :email, unique: true
-    add_index :<%= table_name %>, :session_token, unique: true
-  end
-end