authentication-zero 1.0.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 30572c49dd754b2b621acf5adad550f2ad179f3bb3af559748e296b16b04c529
-  data.tar.gz: 569ac3a9411562d1a2bf5ee049b3cbf1350fc43cc1a2a5e837ca421f7994ae63
+  metadata.gz: c0359a2a997ced43e3eb97612156d7ffe3206aa8a75ede90ad37dbdf0d0a9269
+  data.tar.gz: 9a50df4bf9804a3da3bb1ee753b7ecd027a336f0624de5a9c5d1cfec1b5354b1
 SHA512:
-  metadata.gz: a78c56a451d289464bb25e4d86f1765a5c74c032f2c19aaa7268cb3653680fdb7bae3242c911f3d7d6402d3cd22d771ab9cef1316866b8fd6d89ecf6991d2772
-  data.tar.gz: 7e245a32b1150f57ceb6941cdffce360cf9ac67d49ef583b4e5e1d6ee0afcb0d593b7c2afb67e66369f77ede9f8c347203d109537e26c184fd25ce1c8ddb0765
+  metadata.gz: 45b51a6f24b135e1273d076683c1d406755e30ec012c4e5ec632a158ef0bb8432cb9c461254b044ba7c491717eaa95571e1cce85bb6560b19f35cf1ac03a7000
+  data.tar.gz: 2dd271538d229d7a88df027a44f06e59a4f0092cdc6bb8de214596dfde3cb52c2339e5659c6a8331ba69440a25030ec6c2620255f5d483e0f980a042277a28ae

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (1.0.0)
+    authentication-zero (2.0.0)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -9,7 +9,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Reset the user password and send reset instructions
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Remember me (html)
+- Manage sessions
 - Send e-mail when email is changed
 - Send e-mail when password is changed
 - Cancel my account
@@ -18,7 +18,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 ## Security and best practices
 
 - [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password): Adds methods to set and authenticate against a BCrypt password.
-- [has_secure_token](https://api.rubyonrails.org/classes/ActiveRecord/SecureToken/ClassMethods.html#method-i-has_secure_token): Adds methods to generate unique tokens.
 - [signed cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from the cookie again.
 - [httponly cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): A cookie with the httponly attribute is inaccessible to the JavaScript, this precaution helps mitigate cross-site scripting (XSS) attacks.
 - [signed_id](https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html): Returns a signed id that is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
@@ -56,19 +55,23 @@ Add these lines to your `app/views/home/index.html.erb`:
 
 <p>Signed as <%= Current.user.email %></p>
 
+<div>
+  <%= link_to "Change password", edit_passwords_path %>
+</div>
+
 <div>
   <%= link_to "Change email", edit_emails_path %>
 </div>
 
 <div>
-  <%= link_to "Change password", edit_passwords_path %>
+  <%= link_to "Manage Sessions", sessions_path %>
 </div>
 
 <div>
   <%= link_to "Cancel my account & delete my data", new_cancellations_path %>
 </div>
 
-<%= button_to "Log out", sign_out_path, method: :delete %>
+<%= button_to "Log out", Current.session, method: :delete %>
 ```
 
 And you'll need to set up the default URL options for the mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "1.0.0"
+  VERSION = "2.0.0"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -1,12 +1,14 @@
 require "rails/generators/active_record"
 
 class AuthenticationGenerator < Rails::Generators::NamedBase
+  include ActiveRecord::Generators::Migration
+
   class_option :api, type: :boolean, desc: "Generates API authentication"
 
-  class_option :migration, type: :boolean
+  class_option :migration, type: :boolean, default: true
   class_option :test_framework, type: :string, desc: "Test framework to be invoked"
 
-  class_option :fixture, type: :boolean
+  class_option :fixture, type: :boolean, default: true
   class_option :system_tests, type: :string, desc: "Skip system test files"
 
   class_option :skip_routes, type: :boolean
@@ -18,22 +20,25 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     uncomment_lines "Gemfile", /bcrypt/
   end
 
-  def create_migration
+  def create_migrations
     if options.migration
-      invoke "migration", ["create_#{table_name}", "email:string:uniq", "password:digest", "session_token:string:uniq"]
+      migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
+      migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
     end
   end
 
   def create_models
     template "models/model.rb", "app/models/#{file_name}.rb"
+    template "models/session.rb", "app/models/session.rb"
     template "models/current.rb", "app/models/current.rb"
   end
 
   hook_for :fixture_replacement
 
   def create_fixture_file
-    if options.fixture
+    if options.fixture && options.fixture_replacement.nil?
       template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
+      template "#{test_framework}/sessions.yml", "test/fixtures/sessions.yml"
     end
   end
 
@@ -45,8 +50,10 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
 
       private
         def authenticate
-          authenticate_or_request_with_http_token do |token, _options|
-            Current.#{singular_table_name} = #{class_name}.find_signed_session_token(token)
+          if session = authenticate_with_http_token { |token, _| Session.find_signed(token) }
+            Current.session = session
+          else
+            request_http_token_authentication
           end
         end
     CODE
@@ -56,10 +63,10 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
 
       private
         def authenticate
-          if #{singular_table_name} = #{class_name}.find_by_session_token(cookies.signed[:session_token])
-            Current.#{singular_table_name} = #{singular_table_name}
+          if session = Session.find_by_id(cookies.signed[:session_token])
+            Current.session = session
           else
-            redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+            redirect_to sign_in_path
           end
         end
     CODE
@@ -74,8 +81,8 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
 
   def create_views
     if options.api
-      directory "#{template_engine}/email_mailer", "app/views/email_mailer"
-      directory "#{template_engine}/password_mailer", "app/views/password_mailer"
+      directory "erb/email_mailer", "app/views/email_mailer"
+      directory "erb/password_mailer", "app/views/password_mailer"
     else
       directory "#{template_engine}", "app/views"
     end
@@ -91,7 +98,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       route "resource :cancellations, only: [:new, :create]"
       route "resource :passwords, only: [:edit, :update]"
       route "resource :emails, only: [:edit, :update]"
-      route "delete 'sign_out', to: 'sessions#destroy'"
+      route "resources :sessions, only: [:index, :show, :destroy]"
       route "post 'sign_up', to: 'registrations#create'"
       route "get 'sign_up', to: 'registrations#new'" unless options.api?
       route "post 'sign_in', to: 'sessions#create'"

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt

@@ -1,17 +1,13 @@
 class PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
-  before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
-
-  def edit
-    render json: { error: "Open this link in your device" }, status: :not_found
-  end
+  before_action :set_<%= singular_table_name %>, only: :update
 
   def create
     if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
       PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
     else
-      render json: { error: "The email address doesn't exist in our database" }, status: :not_found
+      render json: { error: "Sorry, we didn't recognize that email address" }, status: :not_found
     end
   end
 

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt

@@ -1,17 +1,39 @@
 class SessionsController < ApplicationController
-  skip_before_action :authenticate, except: :destroy
+  skip_before_action :authenticate, only: :create
+
+  before_action :set_session, only: %i[ show destroy ]
+
+  def index
+    render json: Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
+  end
+
+  def show
+    render json: @session
+  end
 
   def create
     @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
 
     if @<%= singular_table_name %>.try(:authenticate, params[:password])
-      render json: { session_token: @<%= singular_table_name %>.signed_session_token }, status: :ok
+      session = @<%= singular_table_name %>.sessions.create!(session_params)
+      response.set_header("X-Session-Token", session.signed_id)
+
+      render json: session, status: :created
     else
       render json: { error: "Invalid email or password" }, status: :unauthorized
     end
   end
 
   def destroy
-    Current.<%= singular_table_name %>.regenerate_session_token
+    @session.destroy
   end
+
+  private
+    def set_session
+      @session = Current.user.sessions.find(params[:id])
+    end
+
+    def session_params
+      { user_agent: request.user_agent, ip_address: request.remote_ip }
+    end
 end

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt

@@ -14,7 +14,7 @@ class PasswordResetsController < ApplicationController
       PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
       redirect_to sign_in_path, notice: "You will receive an email with instructions on how to reset your password in a few minutes"
     else
-      redirect_to new_password_resets_path(email_hint: params[:email]), alert: "The email address doesn't exist in our database"
+      redirect_to new_password_resets_path, alert: "Sorry, we didn't recognize that email address"
     end
   end
 

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt

@@ -9,7 +9,9 @@ class RegistrationsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
 
     if @<%= singular_table_name %>.save
-      cookies.signed[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
+      @session = @user.sessions.create!(session_params)
+      cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
+
       redirect_to root_path, notice: "Welcome! You have signed up successfully"
     else
       render :new, status: :unprocessable_entity
@@ -20,4 +22,8 @@ class RegistrationsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
     end
+
+    def session_params
+      { user_agent: request.user_agent, ip_address: request.remote_ip }
+    end
 end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt

@@ -1,5 +1,11 @@
 class SessionsController < ApplicationController
-  skip_before_action :authenticate, except: :destroy
+  skip_before_action :authenticate, only: %i[ new create ]
+
+  before_action :set_session, only: :destroy
+
+  def index
+    @sessions = Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
+  end
 
   def new
     @<%= singular_table_name %> = <%= class_name %>.new
@@ -9,11 +15,8 @@ class SessionsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
 
     if @<%= singular_table_name %>.try(:authenticate, params[:password])
-      if params[:remember_me] == "1"
-        cookies.signed.permanent[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
-      else
-        cookies.signed[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
-      end
+      @session = @<%= singular_table_name %>.sessions.create!(session_params)
+      cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
 
       redirect_to root_path, notice: "Signed in successfully"
     else
@@ -22,7 +25,16 @@ class SessionsController < ApplicationController
   end
 
   def destroy
-    Current.<%= singular_table_name %>.regenerate_session_token
-    redirect_to sign_in_path, notice: "Signed out successfully"
+    @session.destroy
+    redirect_to sessions_path, notice: "That session has been logged out"
   end
+
+  private
+    def set_session
+      @session = Current.user.sessions.find(params[:id])
+    end
+
+    def session_params
+      { user_agent: request.user_agent, ip_address: request.remote_ip }
+    end
 end

data/lib/generators/authentication/templates/erb/password_resets/new.html.erb.tt

@@ -5,7 +5,7 @@
 <%%= form_with(url: password_resets_path) do |form| %>
   <div>
     <%%= form.label :email, style: "display: block" %>
-    <%%= form.email_field :email, value: params[:email_hint], autofocus: true, required: true %>
+    <%%= form.email_field :email, autofocus: true, required: true %>
   </div>
 
   <div>

data/lib/generators/authentication/templates/erb/sessions/index.html.erb.tt

@@ -0,0 +1,34 @@
+<p style="color: green"><%%= notice %></p>
+
+<h1>Sessions</h1>
+
+<div id="sessions">
+  <%% @sessions.each do |session| %>
+    <div id="<%%= dom_id session %>">
+      <p>
+        <strong>User Agent:</strong>
+        <%%= session.user_agent %>
+      </p>
+
+      <p>
+        <strong>Ip Address:</strong>
+        <%%= session.ip_address %>
+      </p>
+
+      <p>
+        <strong>Created at:</strong>
+        <%%= session.created_at %>
+      </p>
+
+    </div>
+    <p>
+      <%%= button_to "Log out", session, method: :delete %>
+    </p>
+  <%% end %>
+</div>
+
+<br>
+
+<div>
+  <%%= link_to "Back", root_path %>
+</div>

data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt

@@ -14,11 +14,6 @@
     <%%= form.password_field :password, required: true, autocomplete: "current-password" %>
   </div>
 
-  <div>
-    <%%= form.check_box :remember_me %>
-    <%%= form.label :remember_me %>
-  </div>
-
   <div>
     <%%= form.submit "Sign in" %>
   </div>

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt

@@ -0,0 +1,11 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :sessions do |t|
+      t.references :<%= singular_table_name %>, null: false, foreign_key: true
+      t.string :user_agent
+      t.string :ip_address
+
+      t.timestamps
+    end
+  end
+end

data/lib/generators/authentication/templates/migrations/create_table_migration.rb.tt

@@ -0,0 +1,12 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :<%= table_name %> do |t|
+      t.string :email, null: false
+      t.string :password_digest, null: false
+
+      t.timestamps
+    end
+
+    add_index :<%= table_name %>, :email, unique: true
+  end
+end

data/lib/generators/authentication/templates/models/current.rb.tt

@@ -1,3 +1,7 @@
 class Current < ActiveSupport::CurrentAttributes
-  attribute :<%= singular_table_name %>
+  attribute :session, :<%= singular_table_name %>
+
+  def session=(session)
+    super; Current.<%= singular_table_name %> = session.<%= singular_table_name %>
+  end
 end

data/lib/generators/authentication/templates/models/model.rb.tt

@@ -1,7 +1,8 @@
 class <%= class_name %> < ApplicationRecord
-  has_secure_token :session_token
   has_secure_password
 
+  has_many :sessions, dependent: :destroy
+
   validates :email, presence: true, uniqueness: true
   validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
   validates_length_of :password, minimum: 8, allow_blank: true
@@ -21,19 +22,4 @@ class <%= class_name %> < ApplicationRecord
       PasswordMailer.with(<%= singular_table_name %>: self).changed.deliver_later
     end
   end
-<% if options.api? %>
-  def signed_session_token
-    Rails.application.message_verifier(:session_token).generate(session_token)
-  end
-
-  def self.find_signed_session_token(signed_session_token)
-    if session_token = Rails.application.message_verifier(:session_token).verified(signed_session_token)
-      find_by_session_token(session_token)
-    end
-  end
-
-  def as_json(options = {})
-    super(options.merge(except: [:password_digest, :session_token]))
-  end
-<% end -%>
 end

data/lib/generators/authentication/templates/models/session.rb.tt

@@ -0,0 +1,3 @@
+class Session < ApplicationRecord
+  belongs_to :<%= singular_table_name %>
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/cancellations_controller_test.rb.tt

@@ -15,6 +15,6 @@ class CancellationsControllerTest < ActionDispatch::IntegrationTest
 
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
-    [<%= singular_table_name %>, response.parsed_body["session_token"]]
-  end  
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt

@@ -24,6 +24,6 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
 
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
-    [<%= singular_table_name %>, response.parsed_body["session_token"]]
-  end  
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt

@@ -7,13 +7,6 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
 
-  test "should get edit" do
-    get edit_password_resets_url(token: @sid)
-
-    assert_response :not_found
-    assert_equal "Open this link in your device", response.parsed_body["error"]
-  end
-
   test "should send a password reset email" do
     assert_enqueued_email_with PasswordMailer, :reset, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
       post password_resets_url, params: { email: @<%= singular_table_name %>.email }
@@ -28,12 +21,11 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     end
 
     assert_response :not_found
-    assert_equal "The email address doesn't exist in our database", response.parsed_body["error"]
+    assert_equal "Sorry, we didn't recognize that email address", response.parsed_body["error"]
   end
 
   test "should update password" do
     patch password_resets_url, params: { token: @sid, password: "new_password", password_confirmation: "new_password" }
-
     assert_response :success
   end
 

data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt

@@ -24,6 +24,6 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
 
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
-    [<%= singular_table_name %>, response.parsed_body["session_token"]]
-  end  
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt

@@ -2,12 +2,22 @@ require "test_helper"
 
 class SessionsControllerTest < ActionDispatch::IntegrationTest
   setup do
-    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+
+  test "should get index" do
+    get sessions_url, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :success
+  end
+
+  test "should show session" do
+    get session_url(@<%= singular_table_name %>.sessions.last), headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :success
   end
 
   test "should sign in" do
     post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "secret123" }
-    assert_response :success
+    assert_response :created
   end
 
   test "should not sign in with wrong credentials" do
@@ -16,14 +26,12 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
 
   test "should sign out" do
-    <%= singular_table_name %>, token = sign_in_as(@<%= singular_table_name %>)
-
-    delete sign_out_url, headers: { "Authorization" => "Bearer #{token}" }
+    delete session_url(@<%= singular_table_name %>.sessions.last), headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :no_content
   end
 
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
-    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt

@@ -30,13 +30,12 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
       post password_resets_url, params: { email: "invalid_email@hey.com" }
     end
 
-    assert_redirected_to new_password_resets_url(email_hint: "invalid_email@hey.com")
-    assert_equal "The email address doesn't exist in our database", flash[:alert]
+    assert_redirected_to new_password_resets_url
+    assert_equal "Sorry, we didn't recognize that email address", flash[:alert]
   end
 
   test "should update password" do
     patch password_resets_url, params: { token: @sid, <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
-
     assert_redirected_to sign_in_path
   end
 

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt

@@ -5,6 +5,13 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
   end
 
+  test "should get index" do
+    sign_in_as @<%= singular_table_name %>
+
+    get sessions_url
+    assert_response :success
+  end
+
   test "should get new" do
     get sign_in_url
     assert_response :success
@@ -25,18 +32,16 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
 
     get root_url
     assert_redirected_to sign_in_path
-    assert_equal "You need to sign in or sign up before continuing", flash[:alert]
   end
 
   test "should sign out" do
     sign_in_as @<%= singular_table_name %>
 
-    delete sign_out_url
-    assert_redirected_to sign_in_path
+    delete session_url(@<%= singular_table_name %>.sessions.last)
+    assert_redirected_to sessions_path
 
-    get root_path
+    follow_redirect!
     assert_redirected_to sign_in_path
-    assert_equal "You need to sign in or sign up before continuing", flash[:alert]
   end
 
   def sign_in_as(<%= singular_table_name %>)

data/lib/generators/authentication/templates/test_unit/fixtures.yml.tt

@@ -3,4 +3,3 @@
 lazaro_nixon:
   email: lazaronixon@hotmail.com
   password_digest: <%%= BCrypt::Password.create("secret123") %>
-  session_token: <%%= SecureRandom.base58(24) %>

data/lib/generators/authentication/templates/test_unit/sessions.yml.tt

@@ -0,0 +1,6 @@
+# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+lazaro_nixon_ios:
+  user: lazaro_nixon
+  user_agent: Device iOS
+  ip_address: 127.0.0.1

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt

@@ -5,6 +5,13 @@ class SessionsTest < ApplicationSystemTestCase
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
   end
 
+  test "visiting the index" do
+    sign_in_as @<%= singular_table_name %>
+
+    click_on "Manage Sessions"
+    assert_selector "h1", text: "Sessions"
+  end
+
   test "signing in" do
     visit sign_in_url
     fill_in "Email", with: @<%= singular_table_name %>.email
@@ -18,7 +25,7 @@ class SessionsTest < ApplicationSystemTestCase
     sign_in_as @<%= singular_table_name %>
 
     click_on "Log out"
-    assert_text "Signed out successfully"
+    assert_selector "h1", text: "Sign in"
   end
 
   def sign_in_as(<%= singular_table_name %>)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Nixon
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-21 00:00:00.000000000 Z
+date: 2022-02-23 00:00:00.000000000 Z
 dependencies: []
 description: 
 email:
@@ -55,11 +55,15 @@ files:
 - lib/generators/authentication/templates/erb/password_resets/new.html.erb.tt
 - lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/registrations/new.html.erb.tt
+- lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
 - lib/generators/authentication/templates/mailers/email_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/password_mailer.rb.tt
+- lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
+- lib/generators/authentication/templates/migrations/create_table_migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
 - lib/generators/authentication/templates/models/model.rb.tt
+- lib/generators/authentication/templates/models/session.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/cancellations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt
@@ -73,6 +77,7 @@ files:
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/fixtures.yml.tt
+- lib/generators/authentication/templates/test_unit/sessions.yml.tt
 - lib/generators/authentication/templates/test_unit/system/cancellations_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt