authentication-zero 0.0.22 → 0.0.23

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f745db607e21f39bb22fec9452b30147cebbf4a41d49150450c14035b00b1d0e
-  data.tar.gz: f412264a06233f8571dad3640bf9b2ee853e289ad168ad5e12f5fa8d3a6bfb04
+  metadata.gz: 78818129456d7a394a2a456605b007a2d0d68203038bb79ac0a8d9b74a9de59d
+  data.tar.gz: 7a7b8485f5c7cb9d3573e1768e25b40ba2de04fcf27d97d2383696ffabdb2249
 SHA512:
-  metadata.gz: d28443fe294ac245251268f5130dc7c4776a793fcff46e89e37fbb34c419455735be7d63ac7a3fa4fbaaac976806e37f8770be6c32a44663cdee4374b2b2ffb3
-  data.tar.gz: 902d2c094e0d7fb1cd5c10a8b81d733fda6cb9580baf2312591cce588fe82b9b4302f80a41c6e75bd8dae037411028968cc82ff2159fb4155891f7ebd66587c1
+  metadata.gz: 23bf695588244691a1a9db956f0f096e785ecd83bba969d05c7ee109b00a3a97c30a6ad13b3f874ac1f783f49181b0bdd92ff7f9cfa31b05ae223af1734ab420
+  data.tar.gz: 0b360acf0cb305053ca5610cb2a7de73ba3a2b2a091090ddd770f7ca99daa0e2ad48e5eebdba9d1e216e13418f4ff6c93802403f5c5f12de0ee7e0c0de42fb01

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (0.0.22)
+    authentication-zero (0.0.23)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -26,13 +26,14 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - [Callbacks](https://api.rubyonrails.org/classes/ActiveRecord/Callbacks.html): We use callbacks to send emails after changing an email or password.
 - [Action mailer](https://api.rubyonrails.org/classes/ActionMailer/Base.html): Action Mailer allows you to send email from your application using a mailer model and views.
 - [Log filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
+- [Functional Tests](https://guides.rubyonrails.org/testing.html#functional-tests-for-your-controllers): In Rails, testing the various actions of a controller is a form of writing functional tests.
+- [System Testing][https://guides.rubyonrails.org/testing.html#system-testing]: System tests allow you to test user interactions with your application, running tests in either a real or a headless browser.
 
 ## Installation
 
 Add this lines to your application's Gemfile:
 
 ```ruby
-gem "bcrypt"
 gem "authentication-zero"
 ```
 

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "0.0.22"
+  VERSION = "0.0.23"
 end

data/lib/generators/authentication/USAGE

@@ -1,6 +1,11 @@
 Description:
-    The purpose of authentication zero is to generate a pre-built authentication system into a rails application that follows both security and rails best practices.
-    By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
+    The purpose of authentication zero is to generate a pre-built
+    authentication system into a rails application that
+    follows both security and rails best practices.
+
+    By generating code into the user's application
+    instead of using a library, the user has complete freedom
+    to modify the authentication system so it works best with their app.
 
 Example:
     bin/rails generate authentication user

data/lib/generators/authentication/authentication_generator.rb

@@ -4,38 +4,74 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   include ActiveRecord::Generators::Migration
 
   class_option :api, type: :boolean, desc: "Generates API authentication"
+  class_option :system_tests, type: :string, desc: "Skip system test files"
 
   source_root File.expand_path("templates", __dir__)
 
-  def create_controllers
-    if options.api
-      directory "controllers/api", "app/controllers"
-    else
-      directory "controllers/html", "app/controllers"
-    end
+  def add_bcrypt
+    uncomment_lines 'Gemfile', /bcrypt/
   end
 
-  def create_mailers
-    template "mailers/email_mailer.rb", "app/mailers/email_mailer.rb"
-    template "mailers/password_mailer.rb", "app/mailers/password_mailer.rb"
+  def create_migrations
+    invoke "migration", ["create_#{table_name}", "email:string:uniq", "password_digest:string", "session_token:string:uniq"]
+  end
+
+  def create_models
+    template "app/models/model.rb", "app/models/#{file_name}.rb"
+    template "app/models/current.rb", "app/models/current.rb"
+  end
+
+  def create_fixture_file
+    template "test_unit/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
+  end
+
+  def add_application_controller_methods
+    api_code = <<~CODE
+      include ActionController::HttpAuthentication::Token::ControllerMethods
+
+      before_action :authenticate
+
+      private
+        def authenticate
+          authenticate_or_request_with_http_token do |token, _options|
+            Current.#{singular_table_name} = #{class_name}.find_signed_session_token(token)
+          end
+        end
+    CODE
+
+    html_code = <<~CODE
+      before_action :authenticate
+
+      private
+        def authenticate
+          if #{singular_table_name} = #{class_name}.find_by_session_token(cookies.signed[:session_token])
+            Current.#{singular_table_name} = #{singular_table_name}
+          else
+            redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+          end
+        end
+    CODE
+
+    inject_code = options.api? ? api_code : html_code
+    inject_into_class "app/controllers/application_controller.rb", "ApplicationController", optimize_indentation(inject_code, 2), verbose: false
+  end
+
+  def create_controllers
+    directory "app/controllers/#{format_folder}", "app/controllers"
   end
 
   def create_views
     if options.api
-      directory "views/email_mailer", "app/views/email_mailer"
-      directory "views/password_mailer", "app/views/password_mailer"
+      directory "app/views/email_mailer", "app/views/email_mailer"
+      directory "app/views/password_mailer", "app/views/password_mailer"
     else
-      directory "views", "app/views"
+      directory "app/views", "app/views"
     end
   end
 
-  def create_models
-    template "models/current.rb", "app/models/current.rb"
-    template "models/resource.rb", "app/models/#{singular_table_name}.rb"
-  end
-
-  def create_migrations
-    migration_template "migration.rb", "#{db_migrate_path}/create_#{file_name}.rb"
+  def create_mailers
+    template "app/mailers/email_mailer.rb", "app/mailers/email_mailer.rb"
+    template "app/mailers/password_mailer.rb", "app/mailers/password_mailer.rb"
   end
 
   def add_routes
@@ -50,35 +86,13 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     route "get 'sign_in', to: 'sessions#new'" unless options.api?
   end
 
-  def add_application_controller_methods
-    if options.api?
-      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
-        include ActionController::HttpAuthentication::Token::ControllerMethods
-
-        before_action :authenticate
+  def create_test_files
+    directory "test_unit/controllers/#{format_folder}", "test/controllers"
+    directory "test_unit/system", "test/system" if !options.api? && options[:system_tests]
+  end
 
-        private
-          def authenticate
-            authenticate_or_request_with_http_token do |token, _options|
-              Current.#{singular_table_name} = #{class_name}.find_signed_session_token(token)
-            end
-          end
-      CODE
-      end
-    else
-      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", verbose: false do <<~CODE
-        before_action :authenticate
-
-        private
-          def authenticate
-            if #{singular_table_name} = #{class_name}.find_by_session_token(cookies.signed[:session_token])
-              Current.#{singular_table_name} = #{singular_table_name}
-            else
-              redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
-            end
-          end
-      CODE
-      end
+  private
+    def format_folder
+      options.api ? "api" : "html"
     end
-  end
 end

data/lib/generators/authentication/templates/{controllers → app/controllers}/api/password_resets_controller.rb.tt

@@ -10,7 +10,7 @@ class PasswordResetsController < ApplicationController
     if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
       PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
     else
-      render json: { error: "The email address doesn't exist in our database" }, status: :bad_request
+      render json: { error: "The email address doesn't exist in our database" }, status: :not_found
     end
   end
 

data/lib/generators/authentication/templates/{controllers → app/controllers}/api/sessions_controller.rb.tt

@@ -5,7 +5,7 @@ class SessionsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
 
     if @<%= singular_table_name %>.try(:authenticate, params[:password])
-      render json: { session_token: @<%= singular_table_name %>.signed_session_token }
+      render json: { session_token: @<%= singular_table_name %>.signed_session_token }, status: :ok
     else
       render json: { error: "Invalid email or password" }, status: :unauthorized
     end

data/lib/generators/authentication/templates/{models/resource.rb.tt → app/models/model.rb.tt}

@@ -1,6 +1,6 @@
 class <%= class_name %> < ApplicationRecord
-  has_secure_password :password
   has_secure_token :session_token
+  has_secure_password
 
   validates :email, presence: true, uniqueness: true
   validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
@@ -21,8 +21,7 @@ class <%= class_name %> < ApplicationRecord
       PasswordMailer.with(<%= singular_table_name %>: self).changed.deliver_later
     end
   end
-
-<% if options.api? -%>
+<% if options.api? %>
   def signed_session_token
     self.class.signed_id_verifier.generate(session_token)
   end
@@ -32,5 +31,9 @@ class <%= class_name %> < ApplicationRecord
       find_by_session_token(session_token)
     end
   end
+
+  def as_json(options = {})
+    super(options.merge(except: [:password_digest, :session_token]))
+  end
 <% end -%>
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/cancellations_controller_test.rb.tt

@@ -0,0 +1,20 @@
+require "test_helper"
+
+class CancellationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should create cancellation" do
+    assert_difference("<%= class_name %>.count", -1) do
+      post cancellations_url, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :no_content
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+  end  
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt

@@ -0,0 +1,29 @@
+require "test_helper"
+
+class EmailsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should update email" do
+    assert_enqueued_email_with EmailMailer, :changed, args: { change: [@<%= singular_table_name %>.email, "new_email@hey.com"] } do
+      patch emails_url, params: { current_password: "secret123", email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :success
+  end
+
+  test "should not update email with wrong current password" do
+    assert_no_enqueued_emails do
+      patch emails_url, params: { current_password: "wrong_password", email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :bad_request
+    assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+  end  
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt

@@ -0,0 +1,46 @@
+require "test_helper"
+
+class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: "password_reset", expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "password_reset", expires_in: 0.minutes)
+  end
+
+  test "should get edit" do
+    get edit_password_resets_url(token: @sid)
+
+    assert_response :not_found
+    assert_equal "Open this link in your device", response.parsed_body["error"]
+  end
+
+  test "should send a password reset email" do
+    assert_enqueued_email_with PasswordMailer, :reset, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      post password_resets_url, params: { email: @<%= singular_table_name %>.email }
+    end
+
+    assert_response :no_content
+  end
+
+  test "should not send a password reset email to a nonexistent email" do
+    assert_no_enqueued_emails do
+      post password_resets_url, params: { email: "invalid_email@hey.com" }
+    end
+
+    assert_response :not_found
+    assert_equal "The email address doesn't exist in our database", response.parsed_body["error"]
+  end
+
+  test "should update password" do
+    patch password_resets_url, params: { token: @sid, password: "new_password", password_confirmation: "new_password" }
+
+    assert_response :success
+  end
+
+  test "should not update password with expired token" do
+    patch password_resets_url, params: { token: @sid_exp, password: "new_password", password_confirmation: "new_password" }
+
+    assert_response :bad_request
+    assert_equal "Your token has expired, please request a new one", response.parsed_body["error"]
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt

@@ -0,0 +1,29 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should update password" do
+    assert_enqueued_email_with PasswordMailer, :changed, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      patch passwords_url, params: { current_password: "secret123", password: "new_password", password_confirmation: "new_password" }, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :success
+  end
+
+  test "should not update password with wrong current password" do
+    assert_no_enqueued_emails do
+      patch passwords_url, params: { current_password: "wrong_password", password: "new_password", password_confirmation: "new_password" }, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+
+    assert_response :bad_request
+    assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+  end  
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt

@@ -0,0 +1,11 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "should sign up" do
+    assert_difference("<%= class_name %>.count") do
+      post sign_up_url, params: { email: "lazaronixon@hey.com", password: "secret123", password_confirmation: "secret123" }
+    end
+
+    assert_response :created
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt

@@ -0,0 +1,29 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+  end
+
+  test "should sign in" do
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "secret123" }
+    assert_response :success
+  end
+
+  test "should not sign in with wrong credentials" do
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "wrong_password" }
+    assert_response :unauthorized
+  end
+
+  test "should sign out" do
+    <%= singular_table_name %>, token = sign_in_as(@<%= singular_table_name %>)
+
+    delete sign_out_url, headers: { "Authorization" => "Bearer #{token}" }
+    assert_response :no_content
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/cancellations_controller_test.rb.tt

@@ -0,0 +1,24 @@
+require "test_helper"
+
+class CancellationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should get new" do
+    get new_cancellations_url
+    assert_response :success
+  end
+
+  test "should create cancellation" do
+    assert_difference("<%= class_name %>.count", -1) do
+      post cancellations_url
+    end
+
+    assert_redirected_to sign_in_url
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt

@@ -0,0 +1,33 @@
+require "test_helper"
+
+class EmailsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should get edit" do
+    get edit_emails_url
+    assert_response :success
+  end
+
+  test "should update email" do
+    assert_enqueued_email_with EmailMailer, :changed, args: { change: [@<%= singular_table_name %>.email, "new_email@hey.com"] } do
+      patch emails_url, params: { current_password: "secret123", <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    end
+
+    assert_redirected_to root_path
+  end
+
+  test "should not update email with wrong current password" do
+    assert_no_enqueued_emails do
+      patch emails_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { email: @<%= singular_table_name %>.email } }
+    end
+
+    assert_redirected_to edit_emails_path
+    assert_equal "The current password you entered is incorrect", flash[:alert]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt

@@ -0,0 +1,49 @@
+require "test_helper"
+
+class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: "password_reset", expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "password_reset", expires_in: 0.minutes)
+  end
+
+  test "should get new" do
+    get new_password_resets_url
+    assert_response :success
+  end
+
+  test "should get edit" do
+    get edit_password_resets_url(token: @sid)
+    assert_response :success
+  end
+
+  test "should send a password reset email" do
+    assert_enqueued_email_with PasswordMailer, :reset, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      post password_resets_url, params: { email: @<%= singular_table_name %>.email }
+    end
+
+    assert_redirected_to sign_in_path
+  end
+
+  test "should not send a password reset email to a nonexistent email" do
+    assert_no_enqueued_emails do
+      post password_resets_url, params: { email: "invalid_email@hey.com" }
+    end
+
+    assert_redirected_to new_password_resets_url(email_hint: "invalid_email@hey.com")
+    assert_equal "The email address doesn't exist in our database", flash[:alert]
+  end
+
+  test "should update password" do
+    patch password_resets_url, params: { token: @sid, <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
+
+    assert_redirected_to sign_in_path
+  end
+
+  test "should not update password with expired token" do
+    patch password_resets_url, params: { token: @sid_exp, password: "new_password", password_confirmation: "new_password" }
+
+    assert_redirected_to new_password_resets_path
+    assert_equal "Your token has expired, please request a new one", flash[:alert]
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt

@@ -0,0 +1,33 @@
+require "test_helper"
+
+class PasswordsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should get edit" do
+    get edit_passwords_url
+    assert_response :success
+  end
+
+  test "should update password" do
+    assert_enqueued_email_with PasswordMailer, :changed, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      patch passwords_url, params: { current_password: "secret123", <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
+    end
+
+    assert_redirected_to root_path
+  end
+
+  test "should not update password with wrong current password" do
+    assert_no_enqueued_emails do
+      patch passwords_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
+    end
+
+    assert_redirected_to edit_passwords_path
+    assert_equal "The current password you entered is incorrect", flash[:alert]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt

@@ -0,0 +1,18 @@
+require "test_helper"
+
+class RegistrationsControllerTest < ActionDispatch::IntegrationTest
+  test "should get new" do
+    get sign_up_url
+    assert_response :success
+  end
+
+  test "should sign up" do
+    assert_difference("<%= class_name %>.count") do
+      post sign_up_url, params: { <%= singular_table_name %>: { email: "lazaronixon@hey.com", password: "secret123", password_confirmation: "secret123" } }
+    end
+    assert_redirected_to root_url
+
+    follow_redirect!
+    assert_response :success
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt

@@ -0,0 +1,45 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+  end
+
+  test "should get new" do
+    get sign_in_url
+    assert_response :success
+  end
+
+  test "should sign in" do
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "secret123" }
+    assert_redirected_to root_url
+
+    get root_url
+    assert_response :success
+  end
+
+  test "should not sign in with wrong credentials" do
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "wrong_password" }
+    assert_redirected_to sign_in_url(email_hint: @<%= singular_table_name %>.email)
+    assert_equal "Invalid email or password", flash[:alert]
+
+    get root_url
+    assert_redirected_to sign_in_path
+    assert_equal "You need to sign in or sign up before continuing", flash[:alert]
+  end
+
+  test "should sign out" do
+    sign_in_as @<%= singular_table_name %>
+
+    delete sign_out_url
+    assert_redirected_to sign_in_path
+
+    get root_path
+    assert_redirected_to sign_in_path
+    assert_equal "You need to sign in or sign up before continuing", flash[:alert]
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+  end
+end

data/lib/generators/authentication/templates/test_unit/fixtures.yml.tt

@@ -0,0 +1,6 @@
+# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+lazaro_nixon:
+  email: lazaronixon@hotmail.com
+  password_digest: <%%= BCrypt::Password.create("secret123") %>
+  session_token: <%%= SecureRandom.base58(24) %>

data/lib/generators/authentication/templates/test_unit/system/cancellations_test.rb.tt

@@ -0,0 +1,23 @@
+require "application_system_test_case"
+
+class CancellationsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "cancelling my account" do
+    click_on "Cancel my account & delete my data"
+    click_on "OK, close my account"
+
+    assert_text "Bye! Your account has been successfully cancelled"
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "secret123"
+    click_on "Sign in"
+
+    return <%= singular_table_name %>
+  end  
+end

data/lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt

@@ -0,0 +1,26 @@
+require "application_system_test_case"
+
+class EmailsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "updating the email" do
+    click_on "Change email"
+
+    fill_in "Current password", with: "secret123"
+    fill_in "New email", with: "new_email@hey.com"
+    click_on "Save changes"
+
+    assert_text "Your email has been changed successfully"
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "secret123"
+    click_on "Sign in"
+
+    return <%= singular_table_name %>
+  end  
+end

data/lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt

@@ -0,0 +1,28 @@
+require "application_system_test_case"
+
+class PasswordResetsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+    @sid = @<%= singular_table_name %>.signed_id(purpose: "password_reset", expires_in: 20.minutes)
+  end
+
+  test "sending a password reset email" do
+    visit sign_in_url
+    click_on "Forgot your password?"
+
+    fill_in "Email", with: @<%= singular_table_name %>.email
+    click_on "Send password reset email"
+
+    assert_text "You will receive an email with instructions on how to reset your password in a few minutes"
+  end
+
+  test "updating password" do
+    visit edit_password_resets_url(token: @sid)
+
+    fill_in "New password", with: "new_password"
+    fill_in "Confirm new password", with: "new_password"
+    click_on "Save changes"
+
+    assert_text "Your password was reset successfully. Please sign in"
+  end
+end

data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt

@@ -0,0 +1,27 @@
+require "application_system_test_case"
+
+class PasswordsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "updating the password" do
+    click_on "Change password"
+
+    fill_in "Current password", with: "secret123"
+    fill_in "New password", with: "new_password"
+    fill_in "Confirm new password", with: "new_password"
+    click_on "Save changes"
+
+    assert_text "Your password has been changed successfully"
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "secret123"
+    click_on "Sign in"
+
+    return <%= singular_table_name %>
+  end  
+end

data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt

@@ -0,0 +1,15 @@
+require "application_system_test_case"
+
+class RegistrationsTest < ApplicationSystemTestCase
+  test "signing up" do
+    visit sign_in_url
+    click_on "Sign up"
+
+    fill_in "Email", with: "lazaronixon@hey.com"
+    fill_in "Password", with: "new_password"
+    fill_in "Password confirmation", with: "new_password"
+    click_on "Sign up"
+
+    assert_text "Welcome! You have signed up successfully"
+  end
+end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt

@@ -0,0 +1,32 @@
+require "application_system_test_case"
+
+class SessionsTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+  end
+
+  test "signing in" do
+    visit sign_in_url
+    fill_in "Email", with: @<%= singular_table_name %>.email
+    fill_in "Password", with: "secret123"
+    click_on "Sign in"
+
+    assert_text "Signed in successfully"
+  end
+
+  test "signing out" do
+    sign_in_as @<%= singular_table_name %>
+
+    click_on "Log out"
+    assert_text "Signed out successfully"
+  end
+
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "secret123"
+    click_on "Sign in"
+
+    return <%= singular_table_name %>
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 0.0.22
+  version: 0.0.23
 platform: ruby
 authors:
 - Nixon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-19 00:00:00.000000000 Z
+date: 2022-02-21 00:00:00.000000000 Z
 dependencies: []
 description: 
 email:
@@ -31,36 +31,54 @@ files:
 - lib/authentication_zero/version.rb
 - lib/generators/authentication/USAGE
 - lib/generators/authentication/authentication_generator.rb
-- lib/generators/authentication/templates/controllers/api/cancellations_controller.rb.tt
-- lib/generators/authentication/templates/controllers/api/emails_controller.rb.tt
-- lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
-- lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
-- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
-- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/emails_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
-- lib/generators/authentication/templates/mailers/email_mailer.rb.tt
-- lib/generators/authentication/templates/mailers/password_mailer.rb.tt
-- lib/generators/authentication/templates/migration.rb.tt
-- lib/generators/authentication/templates/models/current.rb.tt
-- lib/generators/authentication/templates/models/resource.rb.tt
-- lib/generators/authentication/templates/views/cancellations/new.html.erb.tt
-- lib/generators/authentication/templates/views/email_mailer/changed.html.erb.tt
-- lib/generators/authentication/templates/views/email_mailer/changed.text.erb.tt
-- lib/generators/authentication/templates/views/emails/edit.html.erb.tt
-- lib/generators/authentication/templates/views/password_mailer/changed.html.erb.tt
-- lib/generators/authentication/templates/views/password_mailer/changed.text.erb.tt
-- lib/generators/authentication/templates/views/password_mailer/reset.html.erb.tt
-- lib/generators/authentication/templates/views/password_mailer/reset.text.erb.tt
-- lib/generators/authentication/templates/views/password_resets/edit.html.erb.tt
-- lib/generators/authentication/templates/views/password_resets/new.html.erb.tt
-- lib/generators/authentication/templates/views/passwords/edit.html.erb.tt
-- lib/generators/authentication/templates/views/registrations/new.html.erb.tt
-- lib/generators/authentication/templates/views/sessions/new.html.erb.tt
+- lib/generators/authentication/templates/app/controllers/api/cancellations_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/api/emails_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/api/password_resets_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/api/passwords_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/api/registrations_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/api/sessions_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/html/cancellations_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/html/emails_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/html/password_resets_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/html/passwords_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/html/registrations_controller.rb.tt
+- lib/generators/authentication/templates/app/controllers/html/sessions_controller.rb.tt
+- lib/generators/authentication/templates/app/mailers/email_mailer.rb.tt
+- lib/generators/authentication/templates/app/mailers/password_mailer.rb.tt
+- lib/generators/authentication/templates/app/models/current.rb.tt
+- lib/generators/authentication/templates/app/models/model.rb.tt
+- lib/generators/authentication/templates/app/views/cancellations/new.html.erb.tt
+- lib/generators/authentication/templates/app/views/email_mailer/changed.html.erb.tt
+- lib/generators/authentication/templates/app/views/email_mailer/changed.text.erb.tt
+- lib/generators/authentication/templates/app/views/emails/edit.html.erb.tt
+- lib/generators/authentication/templates/app/views/password_mailer/changed.html.erb.tt
+- lib/generators/authentication/templates/app/views/password_mailer/changed.text.erb.tt
+- lib/generators/authentication/templates/app/views/password_mailer/reset.html.erb.tt
+- lib/generators/authentication/templates/app/views/password_mailer/reset.text.erb.tt
+- lib/generators/authentication/templates/app/views/password_resets/edit.html.erb.tt
+- lib/generators/authentication/templates/app/views/password_resets/new.html.erb.tt
+- lib/generators/authentication/templates/app/views/passwords/edit.html.erb.tt
+- lib/generators/authentication/templates/app/views/registrations/new.html.erb.tt
+- lib/generators/authentication/templates/app/views/sessions/new.html.erb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/cancellations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/cancellations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/fixtures.yml.tt
+- lib/generators/authentication/templates/test_unit/system/cancellations_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
 homepage: https://github.com/lazaronixon/authentication-zero
 licenses:
 - MIT

data/lib/generators/authentication/templates/migration.rb.tt

@@ -1,14 +0,0 @@
-class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
-  def change
-    create_table :<%= table_name %> do |t|
-      t.string :email, null: false
-      t.string :password_digest, null: false
-      t.string :session_token, null: false
-
-      t.timestamps
-    end
-
-    add_index :<%= table_name %>, :email, unique: true
-    add_index :<%= table_name %>, :session_token, unique: true
-  end
-end