authentication-zero 2.16.25 → 2.16.27

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7e2f92cea6894605d40f9db5bad75a4cb227a89043a19f8fe79172b83731b226
-  data.tar.gz: 85801b84481982cabfc5d1bbbbc554893d4597ed70a7550f1f4e299f8b4b81ae
+  metadata.gz: 396a7e8c26e49c9b91d5b349155eb5d2cb4dbbd2012bb2a89977cb66c7446e39
+  data.tar.gz: 11cdeee70ab80f387208315d585ed0dd0f9cee431b5405e67f77d009bdbfe80d
 SHA512:
-  metadata.gz: cc3bddc51a3cbe07dc2dd990ae65b9692699f3dad8d370da99952ee7cedb3c6d31699ee7804e5c0b5b0ff8a8e5b05182a9a1c40d58d04c364d7171f53c193b8d
-  data.tar.gz: 07bccc4f5eb51fac1da60e82bd3f819f2b29aec97085d73fd13d819ed69b81a704b12bd866e2340b6641ee860563d49a67bea43854a2efa0da23004c9501a598
+  metadata.gz: 2be5682d873fdbc960630bc19f5210242813584f1af36667d8737944633436de50c1d72875a493a902dea041c062978805878cf4b4ef5d88b4dd20665d1ad393
+  data.tar.gz: 78d17cb5827821a1a30dff4133325d1fd46eab620c6785dfcae0e58c6ac815ff8d21fd3bfecf9b069ecf70f90e8146d6755d58b59863ad6e01d3f1208eafb5a8

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.16.25)
+    authentication-zero (2.16.27)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -20,19 +20,15 @@ Since Authentication Zero generates this code into your application instead of b
 
 ## Features
 
-- **Simple code**
-- **Inspired by hey.com**
+### Essential
+
 - Sign up
 - Email and password validations
 - Checks if a password has been found in any data breach (--pwned)
 - Authentication by cookie
 - Authentication by token (--api)
-- Passwordless authentication (--passwordless)
 - Two factor authentication + recovery codes (--two-factor)
 - Two factor authentication using a hardware security key (--webauthn)
-- Social Login with OmniAuth (--omniauthable)
-- Send invitations (--invitable)
-- Sign-in as button functionallity (--masqueradable)
 - Verify email using a link with token
 - Ask password before sensitive data changes, aka: sudo (--sudoable)
 - Reset the user password and send reset instructions
@@ -44,6 +40,14 @@ Since Authentication Zero generates this code into your application instead of b
 - Activity log (--trackable)
 - Log out
 
+### More
+
+- Social login with omni auth (--omniauthable)
+- Passwordless authentication (--passwordless)
+- Send invitations (--invitable)
+- "Sign-in as" button functionallity (--masqueradable)
+
+
 ## Generated code
 
 - [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password): Adds methods to set and authenticate against a bcrypt password.

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.16.25"
+  VERSION = "2.16.27"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -26,7 +26,7 @@ class AuthenticationGenerator < Rails::Generators::Base
     end
 
     if redis?
-      gem "redis", ">= 4.0.1", comment: "Use Redis adapter to run additional authentication features"
+      gem "redis", "~> 4.0", comment: "Use Redis adapter to run additional authentication features"
       gem "kredis", comment: "Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]"
     end
 
@@ -62,68 +62,65 @@ class AuthenticationGenerator < Rails::Generators::Base
   end
 
   def create_migrations
-    migration_template "migrations/create_users_migration.rb", "#{db_migrate_path}/create_users.rb"
-    migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
     migration_template "migrations/create_email_verification_tokens_migration.rb", "#{db_migrate_path}/create_email_verification_tokens.rb"
-    migration_template "migrations/create_password_reset_tokens_migration.rb", "#{db_migrate_path}/create_password_reset_tokens.rb"
-    migration_template "migrations/create_sign_in_tokens_migration.rb", "#{db_migrate_path}/create_sign_in_tokens_migration.rb" if passwordless?
     migration_template "migrations/create_events_migration.rb", "#{db_migrate_path}/create_events.rb" if options.trackable?
+    migration_template "migrations/create_password_reset_tokens_migration.rb", "#{db_migrate_path}/create_password_reset_tokens.rb"
     migration_template "migrations/create_recovery_codes_migration.rb", "#{db_migrate_path}/create_recovery_codes.rb" if two_factor?
     migration_template "migrations/create_security_keys_migration.rb", "#{db_migrate_path}/create_security_keys.rb" if webauthn?
+    migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
+    migration_template "migrations/create_sign_in_tokens_migration.rb", "#{db_migrate_path}/create_sign_in_tokens_migration.rb" if passwordless?
+    migration_template "migrations/create_users_migration.rb", "#{db_migrate_path}/create_users.rb"
   end
 
   def create_models
-    template "models/user.rb", "app/models/user.rb"
-    template "models/session.rb", "app/models/session.rb"
-    template "models/email_verification_token.rb", "app/models/email_verification_token.rb"
-    template "models/password_reset_token.rb", "app/models/password_reset_token.rb"
-    template "models/sign_in_token.rb", "app/models/sign_in_token.rb" if passwordless?
     template "models/current.rb", "app/models/current.rb"
+    template "models/email_verification_token.rb", "app/models/email_verification_token.rb"
     template "models/event.rb", "app/models/event.rb" if options.trackable?
+    template "models/password_reset_token.rb", "app/models/password_reset_token.rb"
     template "models/recovery_code.rb", "app/models/recovery_code.rb" if two_factor?
     template "models/security_key.rb", "app/models/security_key.rb" if webauthn?
+    template "models/session.rb", "app/models/session.rb"
+    template "models/sign_in_token.rb", "app/models/sign_in_token.rb" if passwordless?
+    template "models/user.rb", "app/models/user.rb"
   end
 
   def create_fixture_file
-    template "test_unit/users.yml", "test/fixtures/users.yml"
+    copy_file "test_unit/users.yml", "test/fixtures/users.yml"
   end
 
   def create_controllers
-    template  "controllers/#{format_folder}/application_controller.rb", "app/controllers/application_controller.rb", force: true
+    template "controllers/#{format}/authentications/events_controller.rb", "app/controllers/authentications/events_controller.rb" if options.trackable?
 
-    directory "controllers/#{format_folder}/identity", "app/controllers/identity"
+    directory "controllers/#{format}/identity", "app/controllers/identity"
 
-    if two_factor?
-      template "controllers/html/two_factor_authentication/profile/totps_controller.rb", "app/controllers/two_factor_authentication/profile/totps_controller.rb"
-      template "controllers/html/two_factor_authentication/profile/recovery_codes_controller.rb", "app/controllers/two_factor_authentication/profile/recovery_codes_controller.rb"
-      template "controllers/html/two_factor_authentication/profile/security_keys_controller.rb", "app/controllers/two_factor_authentication/profile/security_keys_controller.rb" if webauthn?
+    template "controllers/#{format}/sessions/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
+    template "controllers/#{format}/sessions/passwordlesses_controller.rb", "app/controllers/sessions/passwordlesses_controller.rb" if passwordless?
+    template "controllers/#{format}/sessions/sudos_controller.rb", "app/controllers/sessions/sudos_controller.rb" if sudoable?
 
-      template "controllers/html/two_factor_authentication/challenge/totps_controller.rb", "app/controllers/two_factor_authentication/challenge/totps_controller.rb"
+    if two_factor?
       template "controllers/html/two_factor_authentication/challenge/recovery_codes_controller.rb", "app/controllers/two_factor_authentication/challenge/recovery_codes_controller.rb"
       template "controllers/html/two_factor_authentication/challenge/security_keys_controller.rb", "app/controllers/two_factor_authentication/challenge/security_keys_controller.rb" if webauthn?
+      template "controllers/html/two_factor_authentication/challenge/totps_controller.rb", "app/controllers/two_factor_authentication/challenge/totps_controller.rb"
+
+      template "controllers/html/two_factor_authentication/profile/recovery_codes_controller.rb", "app/controllers/two_factor_authentication/profile/recovery_codes_controller.rb"
+      template "controllers/html/two_factor_authentication/profile/security_keys_controller.rb", "app/controllers/two_factor_authentication/profile/security_keys_controller.rb" if webauthn?
+      template "controllers/html/two_factor_authentication/profile/totps_controller.rb", "app/controllers/two_factor_authentication/profile/totps_controller.rb"
     end
 
-    template  "controllers/#{format_folder}/sessions_controller.rb", "app/controllers/sessions_controller.rb"
-    template  "controllers/#{format_folder}/passwords_controller.rb", "app/controllers/passwords_controller.rb"
-    template  "controllers/#{format_folder}/invitations_controller.rb", "app/controllers/invitations_controller.rb" if invitable?
-    template  "controllers/#{format_folder}/masquerades_controller.rb", "app/controllers/masquerades_controller.rb" if masqueradable?
-    template  "controllers/#{format_folder}/registrations_controller.rb", "app/controllers/registrations_controller.rb"
-    template  "controllers/#{format_folder}/home_controller.rb", "app/controllers/home_controller.rb" unless options.api?
-    template  "controllers/#{format_folder}/sessions/sudos_controller.rb", "app/controllers/sessions/sudos_controller.rb" if sudoable?
-    template  "controllers/#{format_folder}/sessions/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
-    template  "controllers/#{format_folder}/sessions/passwordlesses_controller.rb", "app/controllers/sessions/passwordlesses_controller.rb" if passwordless?
-    template  "controllers/#{format_folder}/authentications/events_controller.rb", "app/controllers/authentications/events_controller.rb" if options.trackable?
+    template "controllers/#{format}/application_controller.rb", "app/controllers/application_controller.rb", force: true
+    template "controllers/#{format}/home_controller.rb", "app/controllers/home_controller.rb" unless options.api?
+    template "controllers/#{format}/invitations_controller.rb", "app/controllers/invitations_controller.rb" if invitable?
+    template "controllers/#{format}/masquerades_controller.rb", "app/controllers/masquerades_controller.rb" if masqueradable?
+    template "controllers/#{format}/passwords_controller.rb", "app/controllers/passwords_controller.rb"
+    template "controllers/#{format}/registrations_controller.rb", "app/controllers/registrations_controller.rb"
+    template "controllers/#{format}/sessions_controller.rb", "app/controllers/sessions_controller.rb"
   end
 
-  def install_javascript_dependencies
-    return if options.api?
-
-    template "javascript/controllers/application.js", "app/javascript/controllers/application.js", force: true
-
-    if webauthn?
-      run "bin/importmap pin stimulus-web-authn" if importmaps?
-      run "yarn add stimulus-web-authn" if node?
-    end
+  def install_javascript
+    return unless webauthn?
+    copy_file "javascript/controllers/application.js", "app/javascript/controllers/application.js", force: true
+    run "bin/importmap pin stimulus-web-authn" if importmaps?
+    run "yarn add stimulus-web-authn" if node?
   end
 
   def create_views
@@ -131,37 +128,32 @@ class AuthenticationGenerator < Rails::Generators::Base
       template "erb/user_mailer/email_verification.html.erb", "app/views/user_mailer/email_verification.html.erb"
       template "erb/user_mailer/password_reset.html.erb", "app/views/user_mailer/password_reset.html.erb"
     else
-      template "erb/user_mailer/email_verification.html.erb", "app/views/user_mailer/email_verification.html.erb"
-      template "erb/user_mailer/password_reset.html.erb", "app/views/user_mailer/password_reset.html.erb"
-      template "erb/user_mailer/invitation_instructions.html.erb", "app/views/user_mailer/invitation_instructions.html.erb" if invitable?
-      template "erb/user_mailer/passwordless.html.erb", "app/views/user_mailer/passwordless.html.erb" if passwordless?
-
+      directory "erb/authentications/events", "app/views/authentications/events" if options.trackable?
       directory "erb/home", "app/views/home"
-
       directory "erb/identity", "app/views/identity"
+      directory "erb/invitations", "app/views/invitations" if invitable?
       directory "erb/passwords", "app/views/passwords"
       directory "erb/registrations", "app/views/registrations"
 
-      directory "erb/invitations", "app/views/invitations" if invitable?
-
-      template "erb/sessions/index.html.erb", "app/views/sessions/index.html.erb"
-      template "erb/sessions/new.html.erb", "app/views/sessions/new.html.erb"
-
-      directory "erb/sessions/sudos", "app/views/sessions/sudos" if sudoable?
-
       directory "erb/sessions/passwordlesses", "app/views/sessions/passwordlesses" if passwordless?
-
-      directory "erb/authentications/events", "app/views/authentications/events" if options.trackable?
+      directory "erb/sessions/sudos", "app/views/sessions/sudos" if sudoable?
+      template  "erb/sessions/index.html.erb", "app/views/sessions/index.html.erb"
+      template  "erb/sessions/new.html.erb", "app/views/sessions/new.html.erb"
 
       if two_factor?
-        directory "erb/two_factor_authentication/profile/totps", "app/views/two_factor_authentication/profile/totps"
-        directory "erb/two_factor_authentication/profile/recovery_codes", "app/views/two_factor_authentication/profile/recovery_codes"
-        directory "erb/two_factor_authentication/profile/security_keys", "app/views/two_factor_authentication/profile/security_keys" if webauthn?
-
-        directory "erb/two_factor_authentication/challenge/totps", "app/views/two_factor_authentication/challenge/totps"
         directory "erb/two_factor_authentication/challenge/recovery_codes", "app/views/two_factor_authentication/challenge/recovery_codes"
         directory "erb/two_factor_authentication/challenge/security_keys", "app/views/two_factor_authentication/challenge/security_keys" if webauthn?
+        directory "erb/two_factor_authentication/challenge/totps", "app/views/two_factor_authentication/challenge/totps"
+
+        directory "erb/two_factor_authentication/profile/recovery_codes", "app/views/two_factor_authentication/profile/recovery_codes"
+        directory "erb/two_factor_authentication/profile/security_keys", "app/views/two_factor_authentication/profile/security_keys" if webauthn?
+        directory "erb/two_factor_authentication/profile/totps", "app/views/two_factor_authentication/profile/totps"
       end
+
+      template "erb/user_mailer/email_verification.html.erb", "app/views/user_mailer/email_verification.html.erb"
+      template "erb/user_mailer/invitation_instructions.html.erb", "app/views/user_mailer/invitation_instructions.html.erb" if invitable?
+      template "erb/user_mailer/password_reset.html.erb", "app/views/user_mailer/password_reset.html.erb"
+      template "erb/user_mailer/passwordless.html.erb", "app/views/user_mailer/passwordless.html.erb" if passwordless?
     end
   end
 
@@ -223,7 +215,7 @@ class AuthenticationGenerator < Rails::Generators::Base
   end
 
   def create_test_files
-    directory "test_unit/controllers/#{format_folder}", "test/controllers"
+    directory "test_unit/controllers/#{format}", "test/controllers"
     directory "test_unit/mailers/", "test/mailers"
     directory "test_unit/system", "test/system" unless options.api?
     template "test_unit/test_helper.rb", "test/test_helper.rb", force: true
@@ -231,17 +223,10 @@ class AuthenticationGenerator < Rails::Generators::Base
   end
 
   private
-    def format_folder
+    def format
       options.api? ? "api" : "html"
     end
 
-    def ratelimit_block
-      <<~CODE
-        # Rate limit general requests by IP address in a rate of 1000 requests per minute
-        config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
-      CODE
-    end
-
     def omniauthable?
       options.omniauthable? && !options.api?
     end
@@ -281,4 +266,11 @@ class AuthenticationGenerator < Rails::Generators::Base
     def node?
       Rails.root.join("package.json").exist?
     end
+
+    def ratelimit_block
+      <<~CODE
+        # Rate limit general requests by IP address in a rate of 1000 requests per minute
+        config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
+      CODE
+    end
 end

data/lib/generators/authentication/templates/erb/home/index.html.erb.tt

@@ -29,9 +29,7 @@
 </div>
 <%- end -%>
 <%- if masqueradable? %>
-<div>
-  <%%= button_to "Signin as last user", user_masquerade_path(User.last) %>
-</div>
+<%%= button_to "Signin as last user", user_masquerade_path(User.last) %>
 <%- end -%>
 
 <h2>Access history</h2>
@@ -47,6 +45,4 @@
 
 <br>
 
-<div>
-  <%%= button_to "Log out", Current.session, method: :delete %>
-</div>
+<%%= button_to "Log out", Current.session, method: :delete %>

data/lib/generators/authentication/templates/erb/invitations/new.html.erb.tt

@@ -24,3 +24,9 @@
     <%%= form.submit "Send an invitation" %>
   </div>
 <%% end %>
+
+<br>
+
+<div>
+  <%%= link_to "Back", root_path %>
+</div>

data/lib/generators/authentication/templates/erb/two_factor_authentication/challenge/totps/new.html.erb.tt

@@ -15,9 +15,7 @@
 
 <div>
   <p><strong>Don't have your phone?</strong></p>
-  <div>
-    <%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_recovery_codes_path %>
-  </div>
+  <div><%%= link_to "Use a recovery code to access your account.", new_two_factor_authentication_challenge_recovery_codes_path %></div>
   <%- if webauthn? %>
   <%% if @user.security_keys.exists? %>
     <div><%%= link_to "Use a security key to access your account.", new_two_factor_authentication_challenge_security_keys_path %></div>

data/lib/generators/authentication/templates/erb/two_factor_authentication/profile/recovery_codes/index.html.erb.tt

@@ -5,7 +5,7 @@
 
 <ul><%%= render @recovery_codes %></ul>
 
-<%%= link_to "OK, I'm done", root_path %>
+<div><%%= link_to "OK, I'm done", root_path %></div>
 
 <hr>
 

data/lib/generators/authentication/templates/erb/two_factor_authentication/profile/security_keys/index.html.erb.tt

@@ -7,4 +7,12 @@
 
 <br>
 
-<%%= link_to "Add security key", new_two_factor_authentication_profile_security_key_path %>
+<div>
+  <%%= link_to "Add security key", new_two_factor_authentication_profile_security_key_path %>
+</div>
+
+<br>
+
+<div>
+  <%%= link_to "Back", root_path %>
+</div>

data/lib/generators/authentication/templates/erb/two_factor_authentication/profile/totps/new.html.erb.tt

@@ -36,3 +36,9 @@
     <%%= form.submit "Verify and activate" %>
   </div>
 <%% end %>
+
+<br>
+
+<div>
+  <%%= link_to "Back", root_path %>
+</div>

data/lib/generators/authentication/templates/erb/user_mailer/email_verification.html.erb.tt

@@ -4,7 +4,7 @@
 
 <p><strong>You must hit the link below to confirm that you received this email.</strong></p>
 
-<%%= link_to "Yes, use this email for my account", identity_email_verification_url(sid: @signed_id) %>
+<p><%%= link_to "Yes, use this email for my account", identity_email_verification_url(sid: @signed_id) %></p>
 
 <hr>
 

data/lib/generators/authentication/templates/erb/user_mailer/passwordless.html.erb.tt

@@ -2,7 +2,7 @@
 
 <p>You requested a magic sign-in link. Here you go:</p>
 
-<%%= link_to "Sign in without password", edit_sessions_passwordless_url(sid: @signed_id) %>
+<p><%%= link_to "Sign in without password", edit_sessions_passwordless_url(sid: @signed_id) %></p>
 
 <hr>
 

data/lib/generators/authentication/templates/javascript/controllers/{application.js.tt → application.js}

@@ -1,12 +1,8 @@
 import { Application } from "@hotwired/stimulus"
-<%- if webauthn? -%>
 import WebAuthnController from "stimulus-web-authn"
-<%- end -%>
 
 const application = Application.start()
-<%- if webauthn? -%>
 application.register("web-authn", WebAuthnController)
-<%- end -%>
 
 // Configure Stimulus development experience
 application.debug = false

data/lib/generators/authentication/templates/test_unit/{users.yml.tt → users.yml}

@@ -2,5 +2,5 @@
 
 lazaro_nixon:
   email: lazaronixon@hotmail.com
-  password_digest: <%%= BCrypt::Password.create("Secret1*3*5*") %>
+  password_digest: <%= BCrypt::Password.create("Secret1*3*5*") %>
   verified: true

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.16.25
+  version: 2.16.27
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-13 00:00:00.000000000 Z
+date: 2023-04-19 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -94,7 +94,7 @@ files:
 - lib/generators/authentication/templates/erb/user_mailer/invitation_instructions.html.erb.tt
 - lib/generators/authentication/templates/erb/user_mailer/password_reset.html.erb.tt
 - lib/generators/authentication/templates/erb/user_mailer/passwordless.html.erb.tt
-- lib/generators/authentication/templates/javascript/controllers/application.js.tt
+- lib/generators/authentication/templates/javascript/controllers/application.js
 - lib/generators/authentication/templates/mailers/user_mailer.rb.tt
 - lib/generators/authentication/templates/migrations/create_email_verification_tokens_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_events_migration.rb.tt
@@ -133,7 +133,7 @@ files:
 - lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
 - lib/generators/authentication/templates/test_unit/test_helper.rb.tt
-- lib/generators/authentication/templates/test_unit/users.yml.tt
+- lib/generators/authentication/templates/test_unit/users.yml
 homepage: https://github.com/lazaronixon/authentication-zero
 licenses:
 - MIT