RubyGems - authentication-zero - Versions diffs - 2.0.0 → 2.2.1 - Mend

authentication-zero 2.0.0 → 2.2.1

Files changed (64) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c0359a2a997ced43e3eb97612156d7ffe3206aa8a75ede90ad37dbdf0d0a9269
-  data.tar.gz: 9a50df4bf9804a3da3bb1ee753b7ecd027a336f0624de5a9c5d1cfec1b5354b1
+  metadata.gz: ed9892e61478e60ca189e6e835b59c9fd2ab63e2c342e1d67bbdfb57f60dd9ba
+  data.tar.gz: d890089e13104ec641c5d26ec5541e3ce9a4cb64cbe2d2276347f0c328efc713
 SHA512:
-  metadata.gz: 45b51a6f24b135e1273d076683c1d406755e30ec012c4e5ec632a158ef0bb8432cb9c461254b044ba7c491717eaa95571e1cce85bb6560b19f35cf1ac03a7000
-  data.tar.gz: 2dd271538d229d7a88df027a44f06e59a4f0092cdc6bb8de214596dfde3cb52c2339e5659c6a8331ba69440a25030ec6c2620255f5d483e0f980a042277a28ae
+  metadata.gz: f050cf8b766989090c9a4c415bdc7f91eebb2ff63b3d7632a5bdfa1923d68ebf6f110d8a2eba71af7387c708c6398ea365746d51fdd45903b1362fd5551588b7
+  data.tar.gz: 6ec0286f6ea33a9f95551e8808297ab4ffc4d7e609317e5a90c3442c36d7d4c4845bb9746c0e92bea5383ac0ff92f64f652c9453c5b16311ea1eda17b2b96642

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.0.0)
+    authentication-zero (2.2.1)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -4,14 +4,16 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 ## Features
+- **Simplest code ever**
 - Sign up
 - Email and password validations
 - Reset the user password and send reset instructions
+- Reset the user password only from verified emails
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Manage sessions
-- Send e-mail when email is changed
-- Send e-mail when password is changed
+- Send e-mail verification when change your email
+- Send e-mail when sign-in to your account
+- Manage multiple sessions
 - Cancel my account
 - Log out
@@ -22,7 +24,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - [httponly cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): A cookie with the httponly attribute is inaccessible to the JavaScript, this precaution helps mitigate cross-site scripting (XSS) attacks.
 - [signed_id](https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html): Returns a signed id that is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
 - [Current attributes](https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html): Abstract super class that provides a thread-isolated attributes singleton, which resets automatically before and after each request.
-- [Callbacks](https://api.rubyonrails.org/classes/ActiveRecord/Callbacks.html): We use callbacks to send emails after changing an email or password.
 - [Action mailer](https://api.rubyonrails.org/classes/ActionMailer/Base.html): Action Mailer allows you to send email from your application using a mailer model and views.
 - [Log filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
 - [Functional Tests](https://guides.rubyonrails.org/testing.html#functional-tests-for-your-controllers): In Rails, testing the various actions of a controller is a form of writing functional tests.
@@ -56,11 +57,11 @@ Add these lines to your `app/views/home/index.html.erb`:
 <p>Signed as <%= Current.user.email %></p>
 <div>
-  <%= link_to "Change password", edit_passwords_path %>
+  <%= link_to "Change password", edit_password_path %>
 </div>
 <div>
-  <%= link_to "Change email", edit_emails_path %>
+  <%= link_to "Change email", edit_email_path %>
 </div>
 <div>
@@ -68,7 +69,7 @@ Add these lines to your `app/views/home/index.html.erb`:
 </div>
 <div>
-  <%= link_to "Cancel my account & delete my data", new_cancellations_path %>
+  <%= button_to "Cancel my account", registration_path, method: :delete  %>
 </div>
 <%= button_to "Log out", Current.session, method: :delete %>

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.0.0"
+  VERSION = "2.2.1"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -81,8 +81,8 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_views
     if options.api
-      directory "erb/email_mailer", "app/views/email_mailer"
-      directory "erb/password_mailer", "app/views/password_mailer"
+      directory "erb/identity_mailer", "app/views/identity_mailer"
+      directory "erb/session_mailer", "app/views/session_mailer"
     else
       directory "#{template_engine}", "app/views"
     end
@@ -94,10 +94,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def add_routes
     unless options.skip_routes
-      route "resource :password_resets, only: [:new, :edit, :create, :update]"
-      route "resource :cancellations, only: [:new, :create]"
-      route "resource :passwords, only: [:edit, :update]"
-      route "resource :emails, only: [:edit, :update]"
+      route "resource :registration, only: :destroy"
+      route "resource :password_reset, only: [:new, :edit, :create, :update]"
+      route "resource :password, only: [:edit, :update]"
+      route "resource :email_verification, only: [:new, :edit, :create, :update]"
+      route "resource :email, only: [:edit, :update]"
       route "resources :sessions, only: [:index, :show, :destroy]"
       route "post 'sign_up', to: 'registrations#create'"
       route "get 'sign_up', to: 'registrations#new'" unless options.api?

data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt ADDED Viewed

@@ -0,0 +1,18 @@
+class EmailVerificationsController < ApplicationController
+  before_action :set_<%= singular_table_name %>, only: :update
+  def create
+    IdentityMailer.with(<%= singular_table_name %>: Current.<%= singular_table_name %>).email_verify_confirmation.deliver_later
+  end
+  def update
+    @<%= singular_table_name %>.update! verified: true
+  end
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      render json: { error: "That email verification link is invalid" }, status: :bad_request
+    end
+end

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,13 +1,13 @@
 class PasswordResetsController < ApplicationController
-  skip_before_action :authenticate
   before_action :set_<%= singular_table_name %>, only: :update
+  skip_before_action :authenticate
   def create
-    if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
-      PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
+    if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
+      IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
     else
-      render json: { error: "Sorry, we didn't recognize that email address" }, status: :not_found
+      render json: { error: "You can't reset your password until you verify your email" }, status: :not_found
     end
   end
@@ -23,7 +23,7 @@ class PasswordResetsController < ApplicationController
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
+      render json: { error: "That password reset link is invalid" }, status: :bad_request
     end
     def <%= "#{singular_table_name}_params" %>

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate
+  skip_before_action :authenticate, only: :create
   def create
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
@@ -11,6 +11,10 @@ class RegistrationsController < ApplicationController
     end
   end
+  def destroy
+    Current.<%= singular_table_name %>.destroy
+  end
   private
     def <%= "#{singular_table_name}_params" %>
       params.permit(:email, :password, :password_confirmation)

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt CHANGED Viewed

@@ -1,8 +1,8 @@
 class SessionsController < ApplicationController
-  skip_before_action :authenticate, only: :create
   before_action :set_session, only: %i[ show destroy ]
+  skip_before_action :authenticate, only: :create
   def index
     render json: Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
   end
@@ -20,7 +20,7 @@ class SessionsController < ApplicationController
       render json: session, status: :created
     else
-      render json: { error: "Invalid email or password" }, status: :unauthorized
+      render json: { error: "That email or password is incorrect" }, status: :unauthorized
     end
   end
@@ -30,7 +30,7 @@ class SessionsController < ApplicationController
   private
     def set_session
-      @session = Current.user.sessions.find(params[:id])
+      @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
     end
     def session_params

data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt ADDED Viewed

@@ -0,0 +1,20 @@
+class EmailVerificationsController < ApplicationController
+  before_action :set_<%= singular_table_name %>, only: :edit
+  def edit
+    @<%= singular_table_name %>.update! verified: true
+    redirect_to root_path, notice: "Thank you for verifying your email address"
+  end
+  def create
+    IdentityMailer.with(<%= singular_table_name %>: Current.<%= singular_table_name %>).email_verify_confirmation.deliver_later
+    redirect_to root_path, notice: "We sent a verification email to your email address"
+  end
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      redirect_to edit_email_path, alert: "That email verification link is invalid"
+    end
+end

data/lib/generators/authentication/templates/controllers/html/emails_controller.rb.tt CHANGED Viewed

@@ -6,9 +6,9 @@ class EmailsController < ApplicationController
   def update
     if !@<%= singular_table_name %>.authenticate(params[:current_password])
-      redirect_to edit_emails_path, alert: "The current password you entered is incorrect"
+      redirect_to edit_email_path, alert: "The current password you entered is incorrect"
     elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
-      redirect_to root_path, notice: "Your email has been changed successfully"
+      redirect_to root_path, notice: "Your email has been changed"
     else
       render :edit, status: :unprocessable_entity
     end

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,8 +1,8 @@
 class PasswordResetsController < ApplicationController
-  skip_before_action :authenticate
   before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
+  skip_before_action :authenticate
   def new
   end
@@ -10,11 +10,11 @@ class PasswordResetsController < ApplicationController
   end
   def create
-    if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
-      PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
-      redirect_to sign_in_path, notice: "You will receive an email with instructions on how to reset your password in a few minutes"
+    if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
+      IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
+      redirect_to sign_in_path, notice: "Check your email for reset instructions"
     else
-      redirect_to new_password_resets_path, alert: "Sorry, we didn't recognize that email address"
+      redirect_to new_password_reset_path, alert: "You can't reset your password until you verify your email"
     end
   end
@@ -30,7 +30,7 @@ class PasswordResetsController < ApplicationController
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      redirect_to new_password_resets_path, alert: "Your token has expired, please request a new one"
+      redirect_to new_password_reset_path, alert: "That password reset link is invalid"
     end
     def <%= "#{singular_table_name}_params" %>

data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt CHANGED Viewed

@@ -6,9 +6,9 @@ class PasswordsController < ApplicationController
   def update
     if !@<%= singular_table_name %>.authenticate(params[:current_password])
-      redirect_to edit_passwords_path, alert: "The current password you entered is incorrect"
+      redirect_to edit_password_path, alert: "The current password you entered is incorrect"
     elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
-      redirect_to root_path, notice: "Your password has been changed successfully"
+      redirect_to root_path, notice: "Your password has been changed"
     else
       render :edit, status: :unprocessable_entity
     end

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate
+  skip_before_action :authenticate, only: %i[ new create ]
   def new
     @<%= singular_table_name %> = <%= class_name %>.new
@@ -9,21 +9,19 @@ class RegistrationsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
     if @<%= singular_table_name %>.save
-      @session = @user.sessions.create!(session_params)
-      cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
-      redirect_to root_path, notice: "Welcome! You have signed up successfully"
+      redirect_to sign_in_path, notice: "Welcome! You have signed up successfully"
     else
       render :new, status: :unprocessable_entity
     end
   end
+  def destroy
+    Current.<%= singular_table_name %>.destroy
+    redirect_to sign_in_path, notice: "Your account is closed"
+  end
   private
     def <%= "#{singular_table_name}_params" %>
       params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
     end
-    def session_params
-      { user_agent: request.user_agent, ip_address: request.remote_ip }
-    end
 end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt CHANGED Viewed

@@ -1,8 +1,8 @@
 class SessionsController < ApplicationController
-  skip_before_action :authenticate, only: %i[ new create ]
   before_action :set_session, only: :destroy
+  skip_before_action :authenticate, only: %i[ new create ]
   def index
     @sessions = Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
   end
@@ -20,7 +20,7 @@ class SessionsController < ApplicationController
       redirect_to root_path, notice: "Signed in successfully"
     else
-      redirect_to sign_in_path(email_hint: params[:email]), alert: "Invalid email or password"
+      redirect_to sign_in_path(email_hint: params[:email]), alert: "That email or password is incorrect"
     end
   end
@@ -31,7 +31,7 @@ class SessionsController < ApplicationController
   private
     def set_session
-      @session = Current.user.sessions.find(params[:id])
+      @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
     end
     def session_params

data/lib/generators/authentication/templates/erb/emails/edit.html.erb.tt CHANGED Viewed

@@ -1,8 +1,14 @@
 <p style="color: red"><%%= alert %></p>
-<h1>Change your email</h1>
+<%% if Current.<%= singular_table_name %>.verified? %>
+  <h1>Change your email</h1>
+<%% else %>
+  <h1>Verify your email </h1>
+  <p>We sent a verification email to the address below. Check that email and follow those instructions to confirm it's your email address.</p>
+  <p><%%= button_to "Re-send verification email", email_verification_path %></p>
+<%% end %>
-<%%= form_with(model: @<%= model_resource_name %>, url: emails_path) do |form| %>
+<%%= form_with(model: @<%= model_resource_name %>, url: email_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt ADDED Viewed

@@ -0,0 +1,11 @@
+<p>Hey there,</p>
+<p>This is to confirm that <%%= @<%= singular_table_name %>.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.</p>
+<p><strong>You must hit the link below to confirm that you received this email.</strong></p>
+<%%= link_to "Yes, use this email for my account", edit_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
+<hr>
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>

data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt ADDED Viewed

@@ -0,0 +1,9 @@
+Hey there,
+This is to confirm that <%%= @<%= singular_table_name %>.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.
+You must hit the link below to confirm that you received this email.
+[Yes, use this email for my account]<%%= edit_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
+Have questions or need help? Just reply to this email and our support team will help you sort it out.

data/lib/generators/authentication/templates/erb/{password_mailer/reset.html.erb.tt → identity_mailer/password_reset_provision.html.erb.tt} RENAMED Viewed

@@ -1,8 +1,8 @@
 <p>Hey there,</p>
-<p>Can't remember your password for <strong><%%= params[:<%= singular_table_name %>].email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
+<p>Can't remember your password for <strong><%%= @session.<%= singular_table_name %>.email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
-<p><%%= link_to "Reset my password", edit_password_resets_url(token: @signed_id) %></p>
+<p><%%= link_to "Reset my password", edit_password_reset_url(token: @signed_id) %></p>
 <p>If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.</p>

data/lib/generators/authentication/templates/erb/{password_mailer/reset.text.erb.tt → identity_mailer/password_reset_provision.text.erb.tt} RENAMED Viewed

@@ -1,8 +1,8 @@
 Hey there,
-Can't remember your password for <%%= params[:<%= singular_table_name %>].email %>? That's OK, it happens. Just hit the link below to set a new one.
+Can't remember your password for <%%= @session.<%= singular_table_name %>.email %>? That's OK, it happens. Just hit the link below to set a new one.
-[Reset my password]<%%= edit_password_resets_url(token: @signed_id) %>
+[Reset my password]<%%= edit_password_reset_url(token: @signed_id) %>
 If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.

data/lib/generators/authentication/templates/erb/password_resets/edit.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <h1>Reset your password</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: password_resets_path) do |form| %>
+<%%= form_with(model: @<%= model_resource_name %>, url: password_reset_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/password_resets/new.html.erb.tt CHANGED Viewed

@@ -2,7 +2,7 @@
 <h1>Forgot your password?</h1>
-<%%= form_with(url: password_resets_path) do |form| %>
+<%%= form_with(url: password_reset_path) do |form| %>
   <div>
     <%%= form.label :email, style: "display: block" %>
     <%%= form.email_field :email, autofocus: true, required: true %>

data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt CHANGED Viewed

@@ -2,7 +2,7 @@
 <h1>Change your password</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: passwords_path) do |form| %>
+<%%= form_with(model: @<%= model_resource_name %>, url: password_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt ADDED Viewed

@@ -0,0 +1,21 @@
+<p>Hey there,</p>
+<p>A new device just signed in to your account (<%%= @session.<%= singular_table_name %>.email %>).</p>
+<p>
+  <strong><%%= @session.user_agent %></strong>
+  <br>
+  <%%= @session.created_at %>
+  <br>
+  IP address: <%%= @session.ip_address %>
+</p>
+<p><strong>If this was you, carry on.</strong> We could notify you about sign-ins from this device again.</p>
+<p><strong>If you don't recognize this device</strong>, someone else may have accessed your account. You should immediately <%%= link_to "change your password", new_password_reset_url %>.</p>
+<p><strong>Tip:</strong> It's a good idea to periodically review all of the <%%= link_to "devices and sessions", sessions_url %> in your account for suspicious activity.</p>
+<hr>
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>

data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt ADDED Viewed

@@ -0,0 +1,17 @@
+Hey there,
+A new device just signed in to your account (<%%= @session.<%= singular_table_name %>.email %>).
+<%%= @session.user_agent %>
+<%%= @session.created_at %>
+<%%= @session.ip_address %>
+If this was you, carry on. We could notify you about sign-ins from this device again.
+If you don't recognize this device, someone else may have accessed your account. You should immediately [change your password]<%%= new_password_reset_url %>.
+Tip: It's a good idea to periodically review all of the [devices and sessions]<%%= sessions_url %> in your account for suspicious activity.
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.

data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt CHANGED Viewed

@@ -23,5 +23,5 @@
 <div>
   <%%= link_to "Sign up", sign_up_path %> |
-  <%%= link_to "Forgot your password?", new_password_resets_path %>
+  <%%= link_to "Forgot your password?", new_password_reset_path %>
 </div>

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt ADDED Viewed

@@ -0,0 +1,15 @@
+class IdentityMailer < ApplicationMailer
+  def password_reset_provision
+    @<%= singular_table_name %> = params[:<%= singular_table_name %>]
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: :password_reset, expires_in: 20.minutes)
+    mail to: @<%= singular_table_name %>.email, subject: "Reset your password"
+  end
+  def email_verify_confirmation
+    @<%= singular_table_name %> = params[:<%= singular_table_name %>]
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
+  end
+end

data/lib/generators/authentication/templates/mailers/session_mailer.rb.tt ADDED Viewed

@@ -0,0 +1,6 @@
+class SessionMailer < ApplicationMailer
+  def signed_in_notification
+    @session = params[:session]
+    mail to: @session.<%= singular_table_name %>.email, subject: "New sign-in to your account"
+  end
+end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -2,6 +2,7 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
   def change
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address

data/lib/generators/authentication/templates/migrations/create_table_migration.rb.tt CHANGED Viewed

@@ -4,6 +4,8 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
       t.string :email, null: false
       t.string :password_digest, null: false
+      t.boolean :verified, default: false
       t.timestamps
     end

data/lib/generators/authentication/templates/models/current.rb.tt CHANGED Viewed

@@ -2,6 +2,6 @@ class Current < ActiveSupport::CurrentAttributes
   attribute :session, :<%= singular_table_name %>
   def session=(session)
-    super; Current.<%= singular_table_name %> = session.<%= singular_table_name %>
+    super; self.<%= singular_table_name %> = session.<%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/models/model.rb.tt CHANGED Viewed

@@ -11,15 +11,15 @@ class <%= class_name %> < ApplicationRecord
     self.email = email.downcase.strip
   end
-  after_update_commit do
-    if self.email_previously_changed?
-      EmailMailer.with(change: self.email_previous_change).changed.deliver_later
-    end
+  after_create_commit do
+    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
   end
-  after_update_commit do
-    if self.password_digest_previously_changed?
-      PasswordMailer.with(<%= singular_table_name %>: self).changed.deliver_later
-    end
+  after_update_commit if: :email_previously_changed? do
+    update_columns verified: false
+  end
+  after_update_commit if: :email_previously_changed? do
+    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
   end
 end

data/lib/generators/authentication/templates/models/session.rb.tt CHANGED Viewed

@@ -1,3 +1,7 @@
 class Session < ApplicationRecord
   belongs_to :<%= singular_table_name %>
+  after_create_commit do
+    SessionMailer.with(session: self).signed_in_notification.deliver_later
+  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt ADDED Viewed

@@ -0,0 +1,36 @@
+require "test_helper"
+class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @<%= singular_table_name %>.update! verified: false
+  end
+  test "should send a verification email" do
+    assert_enqueued_email_with IdentityMailer, :email_verify_confirmation, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      post email_verification_url, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+    assert_response :no_content
+  end
+  test "should verify email" do
+    patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :no_content
+  end
+  test "should not verify email with expired token" do
+    patch email_verification_url, params: { token: @sid_exp, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :bad_request
+    assert_equal "That email verification link is invalid", response.parsed_body["error"]
+  end
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
+end