RubyGems - authentication-zero - Versions diffs - 1.0.1 → 2.1.0 - Mend

authentication-zero 1.0.1 → 2.1.0

Files changed (49) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 421b9ebae03521494dfa8745a2e06f912635d3f09e34466fcdcf52040564cf7d
-  data.tar.gz: 155653fd131eccc9aee0aeffb1b859b2b1f34507db60a17c0b337f865502322b
+  metadata.gz: 759478647a894dc33bcf8611a439a285cbf32d00c713ac2cc87a2cc385125a7b
+  data.tar.gz: eb58361a0c6d3a72e1176e041e13675bd21389ee58a32df12247bcd4bf83b9df
 SHA512:
-  metadata.gz: 3bdd61297018da9d527e5c250c8271511bfefb375d01357d81b968eda239940191412b30ac38d89b493780eccdaddba507ebde9df908f6459f358fac10b05ee9
-  data.tar.gz: 3d916dd8b43f4ecdc7c65660bf5c7f889324672a6d105fe258610b97b64ac1428bc0e8c74d2fa5617161d28b125f73fe156fadfd8fe6ce99136361c3f2ac41b8
+  metadata.gz: c56ce0caad6ea538bb4c0ba8752f35e19ad0562bbb424baa43c20fc2e38f58e008ed5832f9a7730e83df849cd55b4db5f9a61cd60da058448274712159e0257f
+  data.tar.gz: b33dc32e1783d49ee48e09b7ccff9959533f71d661e4aab54b50aa870fac7b674586591e4e00b1a973e846a66483619e96892fd464ed9bca1192e8cd74de4389

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (1.0.1)
+    authentication-zero (2.1.0)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -4,26 +4,24 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 ## Features
+- **Simplest code ever**
 - Sign up
 - Email and password validations
 - Reset the user password and send reset instructions
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Remember me (html)
-- Send e-mail when email is changed
-- Send e-mail when password is changed
+- Send e-mail when sign-in to your account
+- Manage multiple sessions
 - Cancel my account
 - Log out
 ## Security and best practices
 - [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password): Adds methods to set and authenticate against a BCrypt password.
-- [has_secure_token](https://api.rubyonrails.org/classes/ActiveRecord/SecureToken/ClassMethods.html#method-i-has_secure_token): Adds methods to generate unique tokens.
 - [signed cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from the cookie again.
 - [httponly cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): A cookie with the httponly attribute is inaccessible to the JavaScript, this precaution helps mitigate cross-site scripting (XSS) attacks.
 - [signed_id](https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html): Returns a signed id that is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
 - [Current attributes](https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html): Abstract super class that provides a thread-isolated attributes singleton, which resets automatically before and after each request.
-- [Callbacks](https://api.rubyonrails.org/classes/ActiveRecord/Callbacks.html): We use callbacks to send emails after changing an email or password.
 - [Action mailer](https://api.rubyonrails.org/classes/ActionMailer/Base.html): Action Mailer allows you to send email from your application using a mailer model and views.
 - [Log filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
 - [Functional Tests](https://guides.rubyonrails.org/testing.html#functional-tests-for-your-controllers): In Rails, testing the various actions of a controller is a form of writing functional tests.
@@ -56,19 +54,23 @@ Add these lines to your `app/views/home/index.html.erb`:
 <p>Signed as <%= Current.user.email %></p>
+<div>
+  <%= link_to "Change password", edit_passwords_path %>
+</div>
 <div>
   <%= link_to "Change email", edit_emails_path %>
 </div>
 <div>
-  <%= link_to "Change password", edit_passwords_path %>
+  <%= link_to "Manage Sessions", sessions_path %>
 </div>
 <div>
   <%= link_to "Cancel my account & delete my data", new_cancellations_path %>
 </div>
-<%= button_to "Log out", sign_out_path, method: :delete %>
+<%= button_to "Log out", Current.session, method: :delete %>
 ```
 And you'll need to set up the default URL options for the mailer in each environment. Here is a possible configuration for `config/environments/development.rb`:

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "1.0.1"
+  VERSION = "2.1.0"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 require "rails/generators/active_record"
 class AuthenticationGenerator < Rails::Generators::NamedBase
+  include ActiveRecord::Generators::Migration
   class_option :api, type: :boolean, desc: "Generates API authentication"
   class_option :migration, type: :boolean, default: true
@@ -18,14 +20,16 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     uncomment_lines "Gemfile", /bcrypt/
   end
-  def create_migration
+  def create_migrations
     if options.migration
-      invoke "migration", ["create_#{table_name}", "email:string:uniq", "password:digest", "session_token:string:uniq"]
+      migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
+      migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
     end
   end
   def create_models
     template "models/model.rb", "app/models/#{file_name}.rb"
+    template "models/session.rb", "app/models/session.rb"
     template "models/current.rb", "app/models/current.rb"
   end
@@ -34,6 +38,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_fixture_file
     if options.fixture && options.fixture_replacement.nil?
       template "#{test_framework}/fixtures.yml", "test/fixtures/#{fixture_file_name}.yml"
+      template "#{test_framework}/sessions.yml", "test/fixtures/sessions.yml"
     end
   end
@@ -45,8 +50,10 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       private
         def authenticate
-          authenticate_or_request_with_http_token do |token, _options|
-            Current.#{singular_table_name} = #{class_name}.find_signed_session_token(token)
+          if session = authenticate_with_http_token { |token, _| Session.find_signed(token) }
+            Current.session = session
+          else
+            request_http_token_authentication
           end
         end
     CODE
@@ -56,10 +63,10 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       private
         def authenticate
-          if #{singular_table_name} = #{class_name}.find_by_session_token(cookies.signed[:session_token])
-            Current.#{singular_table_name} = #{singular_table_name}
+          if session = Session.find_by_id(cookies.signed[:session_token])
+            Current.session = session
           else
-            redirect_to sign_in_path, alert: "You need to sign in or sign up before continuing"
+            redirect_to sign_in_path
           end
         end
     CODE
@@ -74,8 +81,8 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_views
     if options.api
-      directory "#{template_engine}/email_mailer", "app/views/email_mailer"
-      directory "#{template_engine}/password_mailer", "app/views/password_mailer"
+      directory "erb/session_mailer", "app/views/session_mailer"
+      directory "erb/password_mailer", "app/views/password_mailer"
     else
       directory "#{template_engine}", "app/views"
     end
@@ -91,7 +98,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       route "resource :cancellations, only: [:new, :create]"
       route "resource :passwords, only: [:edit, :update]"
       route "resource :emails, only: [:edit, :update]"
-      route "delete 'sign_out', to: 'sessions#destroy'"
+      route "resources :sessions, only: [:index, :show, :destroy]"
       route "post 'sign_up', to: 'registrations#create'"
       route "get 'sign_up', to: 'registrations#new'" unless options.api?
       route "post 'sign_in', to: 'sessions#create'"

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,17 +1,13 @@
 class PasswordResetsController < ApplicationController
   skip_before_action :authenticate
-  before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
-  def edit
-    render json: { error: "Open this link in your device" }, status: :not_found
-  end
+  before_action :set_<%= singular_table_name %>, only: :update
   def create
     if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
       PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
     else
-      render json: { error: "The email address doesn't exist in our database" }, status: :not_found
+      render json: { error: "Sorry, we didn't recognize that email address" }, status: :not_found
     end
   end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt CHANGED Viewed

@@ -1,17 +1,39 @@
 class SessionsController < ApplicationController
-  skip_before_action :authenticate, except: :destroy
+  skip_before_action :authenticate, only: :create
+  before_action :set_session, only: %i[ show destroy ]
+  def index
+    render json: Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
+  end
+  def show
+    render json: @session
+  end
   def create
     @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
     if @<%= singular_table_name %>.try(:authenticate, params[:password])
-      render json: { session_token: @<%= singular_table_name %>.signed_session_token }, status: :ok
+      session = @<%= singular_table_name %>.sessions.create!(session_params)
+      response.set_header("X-Session-Token", session.signed_id)
+      render json: session, status: :created
     else
-      render json: { error: "Invalid email or password" }, status: :unauthorized
+      render json: { error: "That email or password is incorrect" }, status: :unauthorized
     end
   end
   def destroy
-    Current.<%= singular_table_name %>.regenerate_session_token
+    @session.destroy
   end
+  private
+    def set_session
+      @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
+    end
+    def session_params
+      { user_agent: request.user_agent, ip_address: request.remote_ip }
+    end
 end

data/lib/generators/authentication/templates/controllers/html/cancellations_controller.rb.tt CHANGED Viewed

@@ -4,6 +4,6 @@ class CancellationsController < ApplicationController
   def create
     Current.<%= singular_table_name %>.destroy
-    redirect_to sign_in_path, notice: "Bye! Your account has been successfully cancelled"
+    redirect_to sign_in_path, notice: "Your account is closed"
   end
 end

data/lib/generators/authentication/templates/controllers/html/emails_controller.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class EmailsController < ApplicationController
     if !@<%= singular_table_name %>.authenticate(params[:current_password])
       redirect_to edit_emails_path, alert: "The current password you entered is incorrect"
     elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
-      redirect_to root_path, notice: "Your email has been changed successfully"
+      redirect_to root_path, notice: "Your email has been changed"
     else
       render :edit, status: :unprocessable_entity
     end

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt CHANGED Viewed

@@ -12,9 +12,9 @@ class PasswordResetsController < ApplicationController
   def create
     if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
       PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
-      redirect_to sign_in_path, notice: "You will receive an email with instructions on how to reset your password in a few minutes"
+      redirect_to sign_in_path, notice: "Check your email for reset instructions"
     else
-      redirect_to new_password_resets_path(email_hint: params[:email]), alert: "The email address doesn't exist in our database"
+      redirect_to new_password_resets_path, alert: "Sorry, we didn't recognize that email address"
     end
   end

data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt CHANGED Viewed

@@ -8,7 +8,7 @@ class PasswordsController < ApplicationController
     if !@<%= singular_table_name %>.authenticate(params[:current_password])
       redirect_to edit_passwords_path, alert: "The current password you entered is incorrect"
     elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
-      redirect_to root_path, notice: "Your password has been changed successfully"
+      redirect_to root_path, notice: "Your password has been changed"
     else
       render :edit, status: :unprocessable_entity
     end

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt CHANGED Viewed

@@ -9,8 +9,7 @@ class RegistrationsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
     if @<%= singular_table_name %>.save
-      cookies.signed[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
-      redirect_to root_path, notice: "Welcome! You have signed up successfully"
+      redirect_to sign_in_path, notice: "Welcome! You have signed up successfully"
     else
       render :new, status: :unprocessable_entity
     end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,11 @@
 class SessionsController < ApplicationController
-  skip_before_action :authenticate, except: :destroy
+  skip_before_action :authenticate, only: %i[ new create ]
+  before_action :set_session, only: :destroy
+  def index
+    @sessions = Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
+  end
   def new
     @<%= singular_table_name %> = <%= class_name %>.new
@@ -9,20 +15,26 @@ class SessionsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
     if @<%= singular_table_name %>.try(:authenticate, params[:password])
-      if params[:remember_me] == "1"
-        cookies.signed.permanent[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
-      else
-        cookies.signed[:session_token] = { value: @<%= singular_table_name %>.session_token, httponly: true }
-      end
+      @session = @<%= singular_table_name %>.sessions.create!(session_params)
+      cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
       redirect_to root_path, notice: "Signed in successfully"
     else
-      redirect_to sign_in_path(email_hint: params[:email]), alert: "Invalid email or password"
+      redirect_to sign_in_path(email_hint: params[:email]), alert: "That email or password is incorrect"
     end
   end
   def destroy
-    Current.<%= singular_table_name %>.regenerate_session_token
-    redirect_to sign_in_path, notice: "Signed out successfully"
+    @session.destroy
+    redirect_to sessions_path, notice: "That session has been logged out"
   end
+  private
+    def set_session
+      @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
+    end
+    def session_params
+      { user_agent: request.user_agent, ip_address: request.remote_ip }
+    end
 end

data/lib/generators/authentication/templates/erb/password_resets/new.html.erb.tt CHANGED Viewed

@@ -5,7 +5,7 @@
 <%%= form_with(url: password_resets_path) do |form| %>
   <div>
     <%%= form.label :email, style: "display: block" %>
-    <%%= form.email_field :email, value: params[:email_hint], autofocus: true, required: true %>
+    <%%= form.email_field :email, autofocus: true, required: true %>
   </div>
   <div>

data/lib/generators/authentication/templates/erb/session_mailer/signed_in.html.erb.tt ADDED Viewed

@@ -0,0 +1,21 @@
+<p>Hey there,</p>
+<p>A new device just signed in to your account (<%%= @session.<%= singular_table_name %>.email %>).</p>
+<p>
+  <strong><%%= @session.user_agent %></strong>
+  <br>
+  <%%= @session.created_at %>
+  <br>
+  IP address: <%%= @session.ip_address %>
+</p>
+<p><strong>If this was you, carry on.</strong> We won't notify you about sign-ins from this device again.</p>
+<p><strong>If you don't recognize this device</strong>, someone else may have accessed your account. You should immediately <%%= link_to "change your password", new_password_resets_url %>.</p>
+<p><strong>Tip:</strong> It's a good idea to periodically review all of the <%%= link_to "devices and sessions", sessions_url %> in your account for suspicious activity.</p>
+<hr>
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>

data/lib/generators/authentication/templates/erb/session_mailer/signed_in.text.erb.tt ADDED Viewed

@@ -0,0 +1,17 @@
+Hey there,
+A new device just signed in to your account (<%%= @session.<%= singular_table_name %>.email %>).
+<%%= @session.user_agent %>
+<%%= @session.created_at %>
+<%%= @session.ip_address %>
+If this was you, carry on. We won't notify you about sign-ins from this device again.
+If you don't recognize this device, someone else may have accessed your account. You should immediately [change your password]<%%= new_password_resets_url %>.
+Tip: It's a good idea to periodically review all of the [devices and sessions]<%%= sessions_url %> in your account for suspicious activity.
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.

data/lib/generators/authentication/templates/erb/sessions/index.html.erb.tt ADDED Viewed

@@ -0,0 +1,34 @@
+<p style="color: green"><%%= notice %></p>
+<h1>Sessions</h1>
+<div id="sessions">
+  <%% @sessions.each do |session| %>
+    <div id="<%%= dom_id session %>">
+      <p>
+        <strong>User Agent:</strong>
+        <%%= session.user_agent %>
+      </p>
+      <p>
+        <strong>Ip Address:</strong>
+        <%%= session.ip_address %>
+      </p>
+      <p>
+        <strong>Created at:</strong>
+        <%%= session.created_at %>
+      </p>
+    </div>
+    <p>
+      <%%= button_to "Log out", session, method: :delete %>
+    </p>
+  <%% end %>
+</div>
+<br>
+<div>
+  <%%= link_to "Back", root_path %>
+</div>

data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt CHANGED Viewed

@@ -14,11 +14,6 @@
     <%%= form.password_field :password, required: true, autocomplete: "current-password" %>
   </div>
-  <div>
-    <%%= form.check_box :remember_me %>
-    <%%= form.label :remember_me %>
-  </div>
   <div>
     <%%= form.submit "Sign in" %>
   </div>

data/lib/generators/authentication/templates/mailers/password_mailer.rb.tt CHANGED Viewed

@@ -1,10 +1,6 @@
 class PasswordMailer < ApplicationMailer
-  def changed
-    mail to: params[:<%= singular_table_name %>].email
-  end
   def reset
     @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: :password_reset, expires_in: 20.minutes)
-    mail to: params[:<%= singular_table_name %>].email
+    mail to: params[:<%= singular_table_name %>].email, subject: "Reset your password"
   end
 end

data/lib/generators/authentication/templates/mailers/session_mailer.rb.tt ADDED Viewed

@@ -0,0 +1,6 @@
+class SessionMailer < ApplicationMailer
+  def signed_in
+    @session = params[:session]
+    mail to: @session.<%= singular_table_name %>.email, subject: "New sign-in to your account"
+  end
+end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt ADDED Viewed

@@ -0,0 +1,11 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :sessions do |t|
+      t.references :<%= singular_table_name %>, null: false, foreign_key: true
+      t.string :user_agent
+      t.string :ip_address
+      t.timestamps
+    end
+  end
+end

data/lib/generators/authentication/templates/migrations/create_table_migration.rb.tt ADDED Viewed

@@ -0,0 +1,12 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :<%= table_name %> do |t|
+      t.string :email, null: false
+      t.string :password_digest, null: false
+      t.timestamps
+    end
+    add_index :<%= table_name %>, :email, unique: true
+  end
+end

data/lib/generators/authentication/templates/models/current.rb.tt CHANGED Viewed

@@ -1,3 +1,7 @@
 class Current < ActiveSupport::CurrentAttributes
-  attribute :<%= singular_table_name %>
+  attribute :session, :<%= singular_table_name %>
+  def session=(session)
+    super; Current.<%= singular_table_name %> = session.<%= singular_table_name %>
+  end
 end

data/lib/generators/authentication/templates/models/model.rb.tt CHANGED Viewed

@@ -1,7 +1,8 @@
 class <%= class_name %> < ApplicationRecord
-  has_secure_token :session_token
   has_secure_password
+  has_many :sessions, dependent: :destroy
   validates :email, presence: true, uniqueness: true
   validates :email, format: { with: /\A[^@\s]+@[^@\s]+\z/ }
   validates_length_of :password, minimum: 8, allow_blank: true
@@ -9,31 +10,4 @@ class <%= class_name %> < ApplicationRecord
   before_validation do
     self.email = email.downcase.strip
   end
-  after_update_commit do
-    if self.email_previously_changed?
-      EmailMailer.with(change: self.email_previous_change).changed.deliver_later
-    end
-  end
-  after_update_commit do
-    if self.password_digest_previously_changed?
-      PasswordMailer.with(<%= singular_table_name %>: self).changed.deliver_later
-    end
-  end
-<% if options.api? %>
-  def signed_session_token
-    Rails.application.message_verifier(:session_token).generate(session_token)
-  end
-  def self.find_signed_session_token(signed_session_token)
-    if session_token = Rails.application.message_verifier(:session_token).verified(signed_session_token)
-      find_by_session_token(session_token)
-    end
-  end
-  def as_json(options = {})
-    super(options.merge(except: [:password_digest, :session_token]))
-  end
-<% end -%>
 end

data/lib/generators/authentication/templates/models/session.rb.tt ADDED Viewed

@@ -0,0 +1,7 @@
+class Session < ApplicationRecord
+  belongs_to :<%= singular_table_name %>
+  after_create_commit do
+    SessionMailer.with(session: self).signed_in.deliver_later
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/cancellations_controller_test.rb.tt CHANGED Viewed

@@ -15,6 +15,6 @@ class CancellationsControllerTest < ActionDispatch::IntegrationTest
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
-    [<%= singular_table_name %>, response.parsed_body["session_token"]]
-  end
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt CHANGED Viewed

@@ -6,17 +6,12 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update email" do
-    assert_enqueued_email_with EmailMailer, :changed, args: { change: [@<%= singular_table_name %>.email, "new_email@hey.com"] } do
-      patch emails_url, params: { current_password: "secret123", email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
-    end
+    patch emails_url, params: { current_password: "secret123", email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :success
   end
   test "should not update email with wrong current password" do
-    assert_no_enqueued_emails do
-      patch emails_url, params: { current_password: "wrong_password", email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
-    end
+    patch emails_url, params: { current_password: "wrong_password", email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :bad_request
     assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
@@ -24,6 +19,6 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
-    [<%= singular_table_name %>, response.parsed_body["session_token"]]
-  end
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -7,13 +7,6 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
-  test "should get edit" do
-    get edit_password_resets_url(token: @sid)
-    assert_response :not_found
-    assert_equal "Open this link in your device", response.parsed_body["error"]
-  end
   test "should send a password reset email" do
     assert_enqueued_email_with PasswordMailer, :reset, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
       post password_resets_url, params: { email: @<%= singular_table_name %>.email }
@@ -28,12 +21,11 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     end
     assert_response :not_found
-    assert_equal "The email address doesn't exist in our database", response.parsed_body["error"]
+    assert_equal "Sorry, we didn't recognize that email address", response.parsed_body["error"]
   end
   test "should update password" do
     patch password_resets_url, params: { token: @sid, password: "new_password", password_confirmation: "new_password" }
     assert_response :success
   end

data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt CHANGED Viewed

@@ -6,17 +6,12 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update password" do
-    assert_enqueued_email_with PasswordMailer, :changed, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
-      patch passwords_url, params: { current_password: "secret123", password: "new_password", password_confirmation: "new_password" }, headers: { "Authorization" => "Bearer #{@token}" }
-    end
+    patch passwords_url, params: { current_password: "secret123", password: "new_password", password_confirmation: "new_password" }, headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :success
   end
   test "should not update password with wrong current password" do
-    assert_no_enqueued_emails do
-      patch passwords_url, params: { current_password: "wrong_password", password: "new_password", password_confirmation: "new_password" }, headers: { "Authorization" => "Bearer #{@token}" }
-    end
+    patch passwords_url, params: { current_password: "wrong_password", password: "new_password", password_confirmation: "new_password" }, headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :bad_request
     assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
@@ -24,6 +19,6 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
-    [<%= singular_table_name %>, response.parsed_body["session_token"]]
-  end
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt CHANGED Viewed

@@ -2,12 +2,24 @@ require "test_helper"
 class SessionsControllerTest < ActionDispatch::IntegrationTest
   setup do
-    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+  test "should get index" do
+    get sessions_url, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :success
+  end
+  test "should show session" do
+    get session_url(@<%= singular_table_name %>.sessions.last), headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :success
   end
   test "should sign in" do
     post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "secret123" }
-    assert_response :success
+    assert_enqueued_email_with SessionMailer, :signed_in, args: { session: @<%= singular_table_name %>.sessions.last }
+    assert_response :created
   end
   test "should not sign in with wrong credentials" do
@@ -16,14 +28,12 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should sign out" do
-    <%= singular_table_name %>, token = sign_in_as(@<%= singular_table_name %>)
-    delete sign_out_url, headers: { "Authorization" => "Bearer #{token}" }
+    delete session_url(@<%= singular_table_name %>.sessions.last), headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :no_content
   end
   def sign_in_as(<%= singular_table_name %>)
     post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
-    [<%= singular_table_name %>, response.parsed_body["session_token"]]
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/cancellations_controller_test.rb.tt CHANGED Viewed

@@ -19,6 +19,6 @@ class CancellationsControllerTest < ActionDispatch::IntegrationTest
   end
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt CHANGED Viewed

@@ -11,23 +11,18 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update email" do
-    assert_enqueued_email_with EmailMailer, :changed, args: { change: [@<%= singular_table_name %>.email, "new_email@hey.com"] } do
-      patch emails_url, params: { current_password: "secret123", <%= singular_table_name %>: { email: "new_email@hey.com" } }
-    end
+    patch emails_url, params: { current_password: "secret123", <%= singular_table_name %>: { email: "new_email@hey.com" } }
     assert_redirected_to root_path
   end
   test "should not update email with wrong current password" do
-    assert_no_enqueued_emails do
-      patch emails_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { email: @<%= singular_table_name %>.email } }
-    end
+    patch emails_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { email: @<%= singular_table_name %>.email } }
     assert_redirected_to edit_emails_path
     assert_equal "The current password you entered is incorrect", flash[:alert]
   end
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt CHANGED Viewed

@@ -30,13 +30,12 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
       post password_resets_url, params: { email: "invalid_email@hey.com" }
     end
-    assert_redirected_to new_password_resets_url(email_hint: "invalid_email@hey.com")
-    assert_equal "The email address doesn't exist in our database", flash[:alert]
+    assert_redirected_to new_password_resets_url
+    assert_equal "Sorry, we didn't recognize that email address", flash[:alert]
   end
   test "should update password" do
     patch password_resets_url, params: { token: @sid, <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
     assert_redirected_to sign_in_path
   end

data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt CHANGED Viewed

@@ -11,23 +11,18 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update password" do
-    assert_enqueued_email_with PasswordMailer, :changed, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
-      patch passwords_url, params: { current_password: "secret123", <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
-    end
+    patch passwords_url, params: { current_password: "secret123", <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
     assert_redirected_to root_path
   end
   test "should not update password with wrong current password" do
-    assert_no_enqueued_emails do
-      patch passwords_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
-    end
+    patch passwords_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { password: "new_password", password_confirmation: "new_password" } }
     assert_redirected_to edit_passwords_path
     assert_equal "The current password you entered is incorrect", flash[:alert]
   end
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt CHANGED Viewed

@@ -10,9 +10,7 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
     assert_difference("<%= class_name %>.count") do
       post sign_up_url, params: { <%= singular_table_name %>: { email: "lazaronixon@hey.com", password: "secret123", password_confirmation: "secret123" } }
     end
-    assert_redirected_to root_url
-    follow_redirect!
-    assert_response :success
+    assert_redirected_to sign_in_url
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt CHANGED Viewed

@@ -5,6 +5,13 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
   end
+  test "should get index" do
+    sign_in_as @<%= singular_table_name %>
+    get sessions_url
+    assert_response :success
+  end
   test "should get new" do
     get sign_in_url
     assert_response :success
@@ -12,6 +19,8 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   test "should sign in" do
     post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "secret123" }
+    assert_enqueued_email_with SessionMailer, :signed_in, args: { session: @<%= singular_table_name %>.sessions.last }
     assert_redirected_to root_url
     get root_url
@@ -21,25 +30,23 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   test "should not sign in with wrong credentials" do
     post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "wrong_password" }
     assert_redirected_to sign_in_url(email_hint: @<%= singular_table_name %>.email)
-    assert_equal "Invalid email or password", flash[:alert]
+    assert_equal "That email or password is incorrect", flash[:alert]
     get root_url
     assert_redirected_to sign_in_path
-    assert_equal "You need to sign in or sign up before continuing", flash[:alert]
   end
   test "should sign out" do
     sign_in_as @<%= singular_table_name %>
-    delete sign_out_url
-    assert_redirected_to sign_in_path
+    delete session_url(@<%= singular_table_name %>.sessions.last)
+    assert_redirected_to sessions_path
-    get root_path
+    follow_redirect!
     assert_redirected_to sign_in_path
-    assert_equal "You need to sign in or sign up before continuing", flash[:alert]
   end
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); user
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" }); <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/fixtures.yml.tt CHANGED Viewed

@@ -3,4 +3,3 @@
 lazaro_nixon:
   email: lazaronixon@hotmail.com
   password_digest: <%%= BCrypt::Password.create("secret123") %>
-  session_token: <%%= SecureRandom.base58(24) %>

data/lib/generators/authentication/templates/test_unit/sessions.yml.tt ADDED Viewed

@@ -0,0 +1,6 @@
+# Read about fixtures at https://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+lazaro_nixon_ios:
+  <%= singular_table_name %>: lazaro_nixon
+  user_agent: Device iOS
+  ip_address: 127.0.0.1

data/lib/generators/authentication/templates/test_unit/system/cancellations_test.rb.tt CHANGED Viewed

@@ -9,7 +9,7 @@ class CancellationsTest < ApplicationSystemTestCase
     click_on "Cancel my account & delete my data"
     click_on "OK, close my account"
-    assert_text "Bye! Your account has been successfully cancelled"
+    assert_text "Your account is closed"
   end
   def sign_in_as(<%= singular_table_name %>)
@@ -19,5 +19,5 @@ class CancellationsTest < ApplicationSystemTestCase
     click_on "Sign in"
     return <%= singular_table_name %>
-  end
+  end
 end

data/lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt CHANGED Viewed

@@ -12,7 +12,7 @@ class EmailsTest < ApplicationSystemTestCase
     fill_in "New email", with: "new_email@hey.com"
     click_on "Save changes"
-    assert_text "Your email has been changed successfully"
+    assert_text "Your email has been changed"
   end
   def sign_in_as(<%= singular_table_name %>)
@@ -22,5 +22,5 @@ class EmailsTest < ApplicationSystemTestCase
     click_on "Sign in"
     return <%= singular_table_name %>
-  end
+  end
 end

data/lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt CHANGED Viewed

@@ -13,7 +13,7 @@ class PasswordResetsTest < ApplicationSystemTestCase
     fill_in "Email", with: @<%= singular_table_name %>.email
     click_on "Send password reset email"
-    assert_text "You will receive an email with instructions on how to reset your password in a few minutes"
+    assert_text "Check your email for reset instructions"
   end
   test "updating password" do

data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt CHANGED Viewed

@@ -13,7 +13,7 @@ class PasswordsTest < ApplicationSystemTestCase
     fill_in "Confirm new password", with: "new_password"
     click_on "Save changes"
-    assert_text "Your password has been changed successfully"
+    assert_text "Your password has been changed"
   end
   def sign_in_as(<%= singular_table_name %>)
@@ -23,5 +23,5 @@ class PasswordsTest < ApplicationSystemTestCase
     click_on "Sign in"
     return <%= singular_table_name %>
-  end
+  end
 end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt CHANGED Viewed

@@ -5,6 +5,13 @@ class SessionsTest < ApplicationSystemTestCase
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
   end
+  test "visiting the index" do
+    sign_in_as @<%= singular_table_name %>
+    click_on "Manage Sessions"
+    assert_selector "h1", text: "Sessions"
+  end
   test "signing in" do
     visit sign_in_url
     fill_in "Email", with: @<%= singular_table_name %>.email
@@ -18,7 +25,7 @@ class SessionsTest < ApplicationSystemTestCase
     sign_in_as @<%= singular_table_name %>
     click_on "Log out"
-    assert_text "Signed out successfully"
+    assert_selector "h1", text: "Sign in"
   end
   def sign_in_as(<%= singular_table_name %>)

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-21 00:00:00.000000000 Z
+date: 2022-02-23 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -44,22 +44,24 @@ files:
 - lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
 - lib/generators/authentication/templates/erb/cancellations/new.html.erb.tt
-- lib/generators/authentication/templates/erb/email_mailer/changed.html.erb.tt
-- lib/generators/authentication/templates/erb/email_mailer/changed.text.erb.tt
 - lib/generators/authentication/templates/erb/emails/edit.html.erb.tt
-- lib/generators/authentication/templates/erb/password_mailer/changed.html.erb.tt
-- lib/generators/authentication/templates/erb/password_mailer/changed.text.erb.tt
 - lib/generators/authentication/templates/erb/password_mailer/reset.html.erb.tt
 - lib/generators/authentication/templates/erb/password_mailer/reset.text.erb.tt
 - lib/generators/authentication/templates/erb/password_resets/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/password_resets/new.html.erb.tt
 - lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/registrations/new.html.erb.tt
+- lib/generators/authentication/templates/erb/session_mailer/signed_in.html.erb.tt
+- lib/generators/authentication/templates/erb/session_mailer/signed_in.text.erb.tt
+- lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
-- lib/generators/authentication/templates/mailers/email_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/password_mailer.rb.tt
+- lib/generators/authentication/templates/mailers/session_mailer.rb.tt
+- lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
+- lib/generators/authentication/templates/migrations/create_table_migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
 - lib/generators/authentication/templates/models/model.rb.tt
+- lib/generators/authentication/templates/models/session.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/cancellations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt
@@ -73,6 +75,7 @@ files:
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/fixtures.yml.tt
+- lib/generators/authentication/templates/test_unit/sessions.yml.tt
 - lib/generators/authentication/templates/test_unit/system/cancellations_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt

data/lib/generators/authentication/templates/erb/email_mailer/changed.html.erb.tt DELETED Viewed

@@ -1,11 +0,0 @@
-<p>Hey there,</p>
-<p>We just wanted to confirm that your email address has been updated.</p>
-<p><strong>Before, it was: <%%= @previous_email %></strong></p>
-<p><strong>Now it is set to: <%%= @current_email %></strong></p>
-<hr>
-<p>If you didn't make this change, someone else may have access to your account. If you think that may be the case, please reply to this email and our support team will help you out.</p>

data/lib/generators/authentication/templates/erb/email_mailer/changed.text.erb.tt DELETED Viewed

@@ -1,9 +0,0 @@
-Hey there,
-We just wanted to confirm that your email address has been updated.
-Before, it was: <%%= @previous_email %>
-Now it is set to: <%%= @current_email %>
-If you didn't make this change, someone else may have access to your account. If you think that may be the case, please reply to this email and our support team will help you out.

data/lib/generators/authentication/templates/erb/password_mailer/changed.html.erb.tt DELETED Viewed

@@ -1,7 +0,0 @@
-<p>Hey there,</p>
-<p>We just wanted to confirm that your password has been updated.</p>
-<hr>
-<p>If you didn't make this change, someone else may have access to your account. If you think that may be the case, please reply to this email and our support team will help you out.</p>

data/lib/generators/authentication/templates/erb/password_mailer/changed.text.erb.tt DELETED Viewed

@@ -1,5 +0,0 @@
-Hey there,
-We just wanted to confirm that your password has been updated.
-If you didn't make this change, someone else may have access to your account. If you think that may be the case, please reply to this email and our support team will help you out.

data/lib/generators/authentication/templates/mailers/email_mailer.rb.tt DELETED Viewed

@@ -1,6 +0,0 @@
-class EmailMailer < ApplicationMailer
-  def changed
-    @previous_email, @current_email = params[:change]
-    mail to: @previous_email
-  end
-end