RubyGems - authentication-zero - Versions diffs - 2.0.0 → 2.2.1 - Mend

authentication-zero 2.0.0 → 2.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c0359a2a997ced43e3eb97612156d7ffe3206aa8a75ede90ad37dbdf0d0a9269
-  data.tar.gz: 9a50df4bf9804a3da3bb1ee753b7ecd027a336f0624de5a9c5d1cfec1b5354b1
+  metadata.gz: ed9892e61478e60ca189e6e835b59c9fd2ab63e2c342e1d67bbdfb57f60dd9ba
+  data.tar.gz: d890089e13104ec641c5d26ec5541e3ce9a4cb64cbe2d2276347f0c328efc713
 SHA512:
-  metadata.gz: 45b51a6f24b135e1273d076683c1d406755e30ec012c4e5ec632a158ef0bb8432cb9c461254b044ba7c491717eaa95571e1cce85bb6560b19f35cf1ac03a7000
-  data.tar.gz: 2dd271538d229d7a88df027a44f06e59a4f0092cdc6bb8de214596dfde3cb52c2339e5659c6a8331ba69440a25030ec6c2620255f5d483e0f980a042277a28ae
+  metadata.gz: f050cf8b766989090c9a4c415bdc7f91eebb2ff63b3d7632a5bdfa1923d68ebf6f110d8a2eba71af7387c708c6398ea365746d51fdd45903b1362fd5551588b7
+  data.tar.gz: 6ec0286f6ea33a9f95551e8808297ab4ffc4d7e609317e5a90c3442c36d7d4c4845bb9746c0e92bea5383ac0ff92f64f652c9453c5b16311ea1eda17b2b96642

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.0.0)
+    authentication-zero (2.2.1)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -4,14 +4,16 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 ## Features
+- **Simplest code ever**
 - Sign up
 - Email and password validations
 - Reset the user password and send reset instructions
+- Reset the user password only from verified emails
 - Authentication by cookie (html)
 - Authentication by token (api)
-- Manage sessions
-- Send e-mail when email is changed
-- Send e-mail when password is changed
+- Send e-mail verification when change your email
+- Send e-mail when sign-in to your account
+- Manage multiple sessions
 - Cancel my account
 - Log out
@@ -22,7 +24,6 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - [httponly cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): A cookie with the httponly attribute is inaccessible to the JavaScript, this precaution helps mitigate cross-site scripting (XSS) attacks.
 - [signed_id](https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html): Returns a signed id that is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
 - [Current attributes](https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html): Abstract super class that provides a thread-isolated attributes singleton, which resets automatically before and after each request.
-- [Callbacks](https://api.rubyonrails.org/classes/ActiveRecord/Callbacks.html): We use callbacks to send emails after changing an email or password.
 - [Action mailer](https://api.rubyonrails.org/classes/ActionMailer/Base.html): Action Mailer allows you to send email from your application using a mailer model and views.
 - [Log filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
 - [Functional Tests](https://guides.rubyonrails.org/testing.html#functional-tests-for-your-controllers): In Rails, testing the various actions of a controller is a form of writing functional tests.
@@ -56,11 +57,11 @@ Add these lines to your `app/views/home/index.html.erb`:
 <p>Signed as <%= Current.user.email %></p>
 <div>
-  <%= link_to "Change password", edit_passwords_path %>
+  <%= link_to "Change password", edit_password_path %>
 </div>
 <div>
-  <%= link_to "Change email", edit_emails_path %>
+  <%= link_to "Change email", edit_email_path %>
 </div>
 <div>
@@ -68,7 +69,7 @@ Add these lines to your `app/views/home/index.html.erb`:
 </div>
 <div>
-  <%= link_to "Cancel my account & delete my data", new_cancellations_path %>
+  <%= button_to "Cancel my account", registration_path, method: :delete  %>
 </div>
 <%= button_to "Log out", Current.session, method: :delete %>

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.0.0"
+  VERSION = "2.2.1"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -81,8 +81,8 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_views
     if options.api
-      directory "erb/email_mailer", "app/views/email_mailer"
-      directory "erb/password_mailer", "app/views/password_mailer"
+      directory "erb/identity_mailer", "app/views/identity_mailer"
+      directory "erb/session_mailer", "app/views/session_mailer"
     else
       directory "#{template_engine}", "app/views"
     end
@@ -94,10 +94,11 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def add_routes
     unless options.skip_routes
-      route "resource :password_resets, only: [:new, :edit, :create, :update]"
-      route "resource :cancellations, only: [:new, :create]"
-      route "resource :passwords, only: [:edit, :update]"
-      route "resource :emails, only: [:edit, :update]"
+      route "resource :registration, only: :destroy"
+      route "resource :password_reset, only: [:new, :edit, :create, :update]"
+      route "resource :password, only: [:edit, :update]"
+      route "resource :email_verification, only: [:new, :edit, :create, :update]"
+      route "resource :email, only: [:edit, :update]"
       route "resources :sessions, only: [:index, :show, :destroy]"
       route "post 'sign_up', to: 'registrations#create'"
       route "get 'sign_up', to: 'registrations#new'" unless options.api?

data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt ADDED Viewed

@@ -0,0 +1,18 @@
+class EmailVerificationsController < ApplicationController
+  before_action :set_<%= singular_table_name %>, only: :update
+  def create
+    IdentityMailer.with(<%= singular_table_name %>: Current.<%= singular_table_name %>).email_verify_confirmation.deliver_later
+  end
+  def update
+    @<%= singular_table_name %>.update! verified: true
+  end
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      render json: { error: "That email verification link is invalid" }, status: :bad_request
+    end
+end

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,13 +1,13 @@
 class PasswordResetsController < ApplicationController
-  skip_before_action :authenticate
   before_action :set_<%= singular_table_name %>, only: :update
+  skip_before_action :authenticate
   def create
-    if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
-      PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
+    if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
+      IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
     else
-      render json: { error: "Sorry, we didn't recognize that email address" }, status: :not_found
+      render json: { error: "You can't reset your password until you verify your email" }, status: :not_found
     end
   end
@@ -23,7 +23,7 @@ class PasswordResetsController < ApplicationController
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      render json: { error: "Your token has expired, please request a new one" }, status: :bad_request
+      render json: { error: "That password reset link is invalid" }, status: :bad_request
     end
     def <%= "#{singular_table_name}_params" %>

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate
+  skip_before_action :authenticate, only: :create
   def create
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
@@ -11,6 +11,10 @@ class RegistrationsController < ApplicationController
     end
   end
+  def destroy
+    Current.<%= singular_table_name %>.destroy
+  end
   private
     def <%= "#{singular_table_name}_params" %>
       params.permit(:email, :password, :password_confirmation)

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt CHANGED Viewed

@@ -1,8 +1,8 @@
 class SessionsController < ApplicationController
-  skip_before_action :authenticate, only: :create
   before_action :set_session, only: %i[ show destroy ]
+  skip_before_action :authenticate, only: :create
   def index
     render json: Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
   end
@@ -20,7 +20,7 @@ class SessionsController < ApplicationController
       render json: session, status: :created
     else
-      render json: { error: "Invalid email or password" }, status: :unauthorized
+      render json: { error: "That email or password is incorrect" }, status: :unauthorized
     end
   end
@@ -30,7 +30,7 @@ class SessionsController < ApplicationController
   private
     def set_session
-      @session = Current.user.sessions.find(params[:id])
+      @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
     end
     def session_params

data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt ADDED Viewed

@@ -0,0 +1,20 @@
+class EmailVerificationsController < ApplicationController
+  before_action :set_<%= singular_table_name %>, only: :edit
+  def edit
+    @<%= singular_table_name %>.update! verified: true
+    redirect_to root_path, notice: "Thank you for verifying your email address"
+  end
+  def create
+    IdentityMailer.with(<%= singular_table_name %>: Current.<%= singular_table_name %>).email_verify_confirmation.deliver_later
+    redirect_to root_path, notice: "We sent a verification email to your email address"
+  end
+  private
+    def set_<%= singular_table_name %>
+      @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: "verify_#{params[:email]}")
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      redirect_to edit_email_path, alert: "That email verification link is invalid"
+    end
+end

data/lib/generators/authentication/templates/controllers/html/emails_controller.rb.tt CHANGED Viewed

@@ -6,9 +6,9 @@ class EmailsController < ApplicationController
   def update
     if !@<%= singular_table_name %>.authenticate(params[:current_password])
-      redirect_to edit_emails_path, alert: "The current password you entered is incorrect"
+      redirect_to edit_email_path, alert: "The current password you entered is incorrect"
     elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
-      redirect_to root_path, notice: "Your email has been changed successfully"
+      redirect_to root_path, notice: "Your email has been changed"
     else
       render :edit, status: :unprocessable_entity
     end

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt CHANGED Viewed

@@ -1,8 +1,8 @@
 class PasswordResetsController < ApplicationController
-  skip_before_action :authenticate
   before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
+  skip_before_action :authenticate
   def new
   end
@@ -10,11 +10,11 @@ class PasswordResetsController < ApplicationController
   end
   def create
-    if @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
-      PasswordMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).reset.deliver_later
-      redirect_to sign_in_path, notice: "You will receive an email with instructions on how to reset your password in a few minutes"
+    if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
+      IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
+      redirect_to sign_in_path, notice: "Check your email for reset instructions"
     else
-      redirect_to new_password_resets_path, alert: "Sorry, we didn't recognize that email address"
+      redirect_to new_password_reset_path, alert: "You can't reset your password until you verify your email"
     end
   end
@@ -30,7 +30,7 @@ class PasswordResetsController < ApplicationController
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
     rescue ActiveSupport::MessageVerifier::InvalidSignature
-      redirect_to new_password_resets_path, alert: "Your token has expired, please request a new one"
+      redirect_to new_password_reset_path, alert: "That password reset link is invalid"
     end
     def <%= "#{singular_table_name}_params" %>

data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt CHANGED Viewed

@@ -6,9 +6,9 @@ class PasswordsController < ApplicationController
   def update
     if !@<%= singular_table_name %>.authenticate(params[:current_password])
-      redirect_to edit_passwords_path, alert: "The current password you entered is incorrect"
+      redirect_to edit_password_path, alert: "The current password you entered is incorrect"
     elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
-      redirect_to root_path, notice: "Your password has been changed successfully"
+      redirect_to root_path, notice: "Your password has been changed"
     else
       render :edit, status: :unprocessable_entity
     end

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt CHANGED Viewed

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate
+  skip_before_action :authenticate, only: %i[ new create ]
   def new
     @<%= singular_table_name %> = <%= class_name %>.new
@@ -9,21 +9,19 @@ class RegistrationsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
     if @<%= singular_table_name %>.save
-      @session = @user.sessions.create!(session_params)
-      cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
-      redirect_to root_path, notice: "Welcome! You have signed up successfully"
+      redirect_to sign_in_path, notice: "Welcome! You have signed up successfully"
     else
       render :new, status: :unprocessable_entity
     end
   end
+  def destroy
+    Current.<%= singular_table_name %>.destroy
+    redirect_to sign_in_path, notice: "Your account is closed"
+  end
   private
     def <%= "#{singular_table_name}_params" %>
       params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)
     end
-    def session_params
-      { user_agent: request.user_agent, ip_address: request.remote_ip }
-    end
 end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt CHANGED Viewed

@@ -1,8 +1,8 @@
 class SessionsController < ApplicationController
-  skip_before_action :authenticate, only: %i[ new create ]
   before_action :set_session, only: :destroy
+  skip_before_action :authenticate, only: %i[ new create ]
   def index
     @sessions = Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
   end
@@ -20,7 +20,7 @@ class SessionsController < ApplicationController
       redirect_to root_path, notice: "Signed in successfully"
     else
-      redirect_to sign_in_path(email_hint: params[:email]), alert: "Invalid email or password"
+      redirect_to sign_in_path(email_hint: params[:email]), alert: "That email or password is incorrect"
     end
   end
@@ -31,7 +31,7 @@ class SessionsController < ApplicationController
   private
     def set_session
-      @session = Current.user.sessions.find(params[:id])
+      @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
     end
     def session_params

data/lib/generators/authentication/templates/erb/emails/edit.html.erb.tt CHANGED Viewed

@@ -1,8 +1,14 @@
 <p style="color: red"><%%= alert %></p>
-<h1>Change your email</h1>
+<%% if Current.<%= singular_table_name %>.verified? %>
+  <h1>Change your email</h1>
+<%% else %>
+  <h1>Verify your email </h1>
+  <p>We sent a verification email to the address below. Check that email and follow those instructions to confirm it's your email address.</p>
+  <p><%%= button_to "Re-send verification email", email_verification_path %></p>
+<%% end %>
-<%%= form_with(model: @<%= model_resource_name %>, url: emails_path) do |form| %>
+<%%= form_with(model: @<%= model_resource_name %>, url: email_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt ADDED Viewed

@@ -0,0 +1,11 @@
+<p>Hey there,</p>
+<p>This is to confirm that <%%= @<%= singular_table_name %>.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.</p>
+<p><strong>You must hit the link below to confirm that you received this email.</strong></p>
+<%%= link_to "Yes, use this email for my account", edit_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
+<hr>
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>

data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt ADDED Viewed

@@ -0,0 +1,9 @@
+Hey there,
+This is to confirm that <%%= @<%= singular_table_name %>.email %> is the email you want to use on your account. If you ever lose your password, that's where we'll email a reset link.
+You must hit the link below to confirm that you received this email.
+[Yes, use this email for my account]<%%= edit_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
+Have questions or need help? Just reply to this email and our support team will help you sort it out.

data/lib/generators/authentication/templates/erb/{password_mailer/reset.html.erb.tt → identity_mailer/password_reset_provision.html.erb.tt} RENAMED Viewed

@@ -1,8 +1,8 @@
 <p>Hey there,</p>
-<p>Can't remember your password for <strong><%%= params[:<%= singular_table_name %>].email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
+<p>Can't remember your password for <strong><%%= @session.<%= singular_table_name %>.email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
-<p><%%= link_to "Reset my password", edit_password_resets_url(token: @signed_id) %></p>
+<p><%%= link_to "Reset my password", edit_password_reset_url(token: @signed_id) %></p>
 <p>If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.</p>

data/lib/generators/authentication/templates/erb/{password_mailer/reset.text.erb.tt → identity_mailer/password_reset_provision.text.erb.tt} RENAMED Viewed

@@ -1,8 +1,8 @@
 Hey there,
-Can't remember your password for <%%= params[:<%= singular_table_name %>].email %>? That's OK, it happens. Just hit the link below to set a new one.
+Can't remember your password for <%%= @session.<%= singular_table_name %>.email %>? That's OK, it happens. Just hit the link below to set a new one.
-[Reset my password]<%%= edit_password_resets_url(token: @signed_id) %>
+[Reset my password]<%%= edit_password_reset_url(token: @signed_id) %>
 If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.

data/lib/generators/authentication/templates/erb/password_resets/edit.html.erb.tt CHANGED Viewed

@@ -1,6 +1,6 @@
 <h1>Reset your password</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: password_resets_path) do |form| %>
+<%%= form_with(model: @<%= model_resource_name %>, url: password_reset_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/password_resets/new.html.erb.tt CHANGED Viewed

@@ -2,7 +2,7 @@
 <h1>Forgot your password?</h1>
-<%%= form_with(url: password_resets_path) do |form| %>
+<%%= form_with(url: password_reset_path) do |form| %>
   <div>
     <%%= form.label :email, style: "display: block" %>
     <%%= form.email_field :email, autofocus: true, required: true %>

data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt CHANGED Viewed

@@ -2,7 +2,7 @@
 <h1>Change your password</h1>
-<%%= form_with(model: @<%= model_resource_name %>, url: passwords_path) do |form| %>
+<%%= form_with(model: @<%= model_resource_name %>, url: password_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt ADDED Viewed

@@ -0,0 +1,21 @@
+<p>Hey there,</p>
+<p>A new device just signed in to your account (<%%= @session.<%= singular_table_name %>.email %>).</p>
+<p>
+  <strong><%%= @session.user_agent %></strong>
+  <br>
+  <%%= @session.created_at %>
+  <br>
+  IP address: <%%= @session.ip_address %>
+</p>
+<p><strong>If this was you, carry on.</strong> We could notify you about sign-ins from this device again.</p>
+<p><strong>If you don't recognize this device</strong>, someone else may have accessed your account. You should immediately <%%= link_to "change your password", new_password_reset_url %>.</p>
+<p><strong>Tip:</strong> It's a good idea to periodically review all of the <%%= link_to "devices and sessions", sessions_url %> in your account for suspicious activity.</p>
+<hr>
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>

data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt ADDED Viewed

@@ -0,0 +1,17 @@
+Hey there,
+A new device just signed in to your account (<%%= @session.<%= singular_table_name %>.email %>).
+<%%= @session.user_agent %>
+<%%= @session.created_at %>
+<%%= @session.ip_address %>
+If this was you, carry on. We could notify you about sign-ins from this device again.
+If you don't recognize this device, someone else may have accessed your account. You should immediately [change your password]<%%= new_password_reset_url %>.
+Tip: It's a good idea to periodically review all of the [devices and sessions]<%%= sessions_url %> in your account for suspicious activity.
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.

data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt CHANGED Viewed

@@ -23,5 +23,5 @@
 <div>
   <%%= link_to "Sign up", sign_up_path %> |
-  <%%= link_to "Forgot your password?", new_password_resets_path %>
+  <%%= link_to "Forgot your password?", new_password_reset_path %>
 </div>

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt ADDED Viewed

@@ -0,0 +1,15 @@
+class IdentityMailer < ApplicationMailer
+  def password_reset_provision
+    @<%= singular_table_name %> = params[:<%= singular_table_name %>]
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: :password_reset, expires_in: 20.minutes)
+    mail to: @<%= singular_table_name %>.email, subject: "Reset your password"
+  end
+  def email_verify_confirmation
+    @<%= singular_table_name %> = params[:<%= singular_table_name %>]
+    @signed_id = params[:<%= singular_table_name %>].signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
+  end
+end

data/lib/generators/authentication/templates/mailers/session_mailer.rb.tt ADDED Viewed

@@ -0,0 +1,6 @@
+class SessionMailer < ApplicationMailer
+  def signed_in_notification
+    @session = params[:session]
+    mail to: @session.<%= singular_table_name %>.email, subject: "New sign-in to your account"
+  end
+end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -2,6 +2,7 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
   def change
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address

data/lib/generators/authentication/templates/migrations/create_table_migration.rb.tt CHANGED Viewed

@@ -4,6 +4,8 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
       t.string :email, null: false
       t.string :password_digest, null: false
+      t.boolean :verified, default: false
       t.timestamps
     end

data/lib/generators/authentication/templates/models/current.rb.tt CHANGED Viewed

@@ -2,6 +2,6 @@ class Current < ActiveSupport::CurrentAttributes
   attribute :session, :<%= singular_table_name %>
   def session=(session)
-    super; Current.<%= singular_table_name %> = session.<%= singular_table_name %>
+    super; self.<%= singular_table_name %> = session.<%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/models/model.rb.tt CHANGED Viewed

@@ -11,15 +11,15 @@ class <%= class_name %> < ApplicationRecord
     self.email = email.downcase.strip
   end
-  after_update_commit do
-    if self.email_previously_changed?
-      EmailMailer.with(change: self.email_previous_change).changed.deliver_later
-    end
+  after_create_commit do
+    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
   end
-  after_update_commit do
-    if self.password_digest_previously_changed?
-      PasswordMailer.with(<%= singular_table_name %>: self).changed.deliver_later
-    end
+  after_update_commit if: :email_previously_changed? do
+    update_columns verified: false
+  end
+  after_update_commit if: :email_previously_changed? do
+    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
   end
 end

data/lib/generators/authentication/templates/models/session.rb.tt CHANGED Viewed

@@ -1,3 +1,7 @@
 class Session < ApplicationRecord
   belongs_to :<%= singular_table_name %>
+  after_create_commit do
+    SessionMailer.with(session: self).signed_in_notification.deliver_later
+  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt ADDED Viewed

@@ -0,0 +1,36 @@
+require "test_helper"
+class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+    @sid = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 20.minutes)
+    @sid_exp = @<%= singular_table_name %>.signed_id(purpose: "verify_#{@<%= singular_table_name %>.email}", expires_in: 0.minutes)
+    @<%= singular_table_name %>.update! verified: false
+  end
+  test "should send a verification email" do
+    assert_enqueued_email_with IdentityMailer, :email_verify_confirmation, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
+      post email_verification_url, headers: { "Authorization" => "Bearer #{@token}" }
+    end
+    assert_response :no_content
+  end
+  test "should verify email" do
+    patch email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :no_content
+  end
+  test "should not verify email with expired token" do
+    patch email_verification_url, params: { token: @sid_exp, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :bad_request
+    assert_equal "That email verification link is invalid", response.parsed_body["error"]
+  end
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "secret123" })
+    [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
+end