authentication-zero 2.16.3 → 2.16.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4a9f5862b8b603990471ab970d13cf934f73252c55a734a39a90198406066a75
-  data.tar.gz: d6bf9bda2ef8d19df6da9207e40e5621eb1157b2073921ff5dbee6ce00ff22a2
+  metadata.gz: 02c890d34404e8613c543d9597e31f5a3cd3b7c14ea066f2096d1fbcb57ef372
+  data.tar.gz: 93cb08256ae2817af9ebf3a5f4a4391c6012ee27854a8437a2cba47166521b7c
 SHA512:
-  metadata.gz: 8ccdcba2c6dd5edf45b60acd1462ef02eb46bf4e4f9a9a0a7860a2e840ff18f58a1d655b2f9e7f3c45cc497aac04fc269ae86186df6cbdbfb70f46e51bc49db0
-  data.tar.gz: e70d3a8012378093f060dc5084089ed77c87d6cc271db810b624c588324797e7c1748bd1bc345a5d5dce2ff0f3e6cabab7ba1f20e3abc8d3e7e590c43a799844
+  metadata.gz: 5af869dca3d8bc1b6ff2321687e6e241adb4f278910697b588421722f0cb92346fcb214042ccb7fe1acf510fc66bc35d473edc4d7152054bdcd3f9d52f1def8f
+  data.tar.gz: 360a9e95c2794105966c7b76720a4ac123bcb7558389e27fa3aa87e8b71d995e5fd33e2ee066551f48c82b8c0c9734b9eae1b6a72bafc14486f645e07694544d

data/CHANGELOG.md

@@ -1,3 +1,29 @@
+## Authentication Zero 2.16.5 ##
+
+* Revoke all password reset tokens (security enhancement)
+* Sign in without password (new feature)
+
+## Authentication Zero 2.16.4 (February 11, 2023) ##
+
+* Increase attemps for lockable sign-in
+
+## Authentication Zero 2.16.3 (December 30, 2022) ##
+
+* Require lock for sign in when lockable
+
+## Authentication Zero 2.16.2 (December 21, 2022) ##
+
+* Remove api documentation and reference for api docs from README
+* Remove bundle install instruction
+* Dont require sudo for omniauth users
+* Add gems instead of uncomment gemfile lines
+* Fix home view
+
+## Authentication Zero 2.16.1 (December 20, 2022) ##
+
+* Safe navigation for email normalization
+* Fix omniauth not verifying user
+
 ## Authentication Zero 2.16.0 (May 2, 2022) ##
 
 * Generate home controller

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.16.3)
+    authentication-zero (2.16.5)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -2,6 +2,22 @@
 
 The purpose of authentication zero is to generate a pre-built authentication system into a rails application (web or api-only) that follows both security and rails best practices. By generating code into the user's application instead of using a library, the user has complete freedom to modify the authentication system so it works best with their app.
 
+## Installation
+
+```
+$ bundle add authentication-zero
+```
+
+## Usage
+
+```
+$ rails generate authentication
+```
+
+## Developer responsibilities
+
+Since Authentication Zero generates this code into your application instead of building these modules into the gem itself, you now have complete freedom to modify the authentication system, so it works best with your use case. The one caveat with using a generated authentication system is it will not be updated after it's been generated. Therefore, as improvements are made to the output of `rails generate authentication`, it becomes your responsibility to determine if these changes need to be ported into your application. Security-related and other important improvements will be explicitly and clearly marked in the `CHANGELOG.md` file and upgrade notes.
+
 ## Features
 
 - **Simplest code ever (~200 lines of code)**
@@ -11,6 +27,7 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Checks if a password has been found in any data breach (--pwned)
 - Authentication by cookie
 - Authentication by token (--api)
+- Passwordless authentication (--passwordless)
 - Two factor authentication (--two-factor)
 - Social Login with OmniAuth (--omniauthable)
 - Verify email using a link with token
@@ -25,29 +42,17 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Activity log (--trackable)
 - Log out
 
-## Security and best practices
+## Generated code
 
-- [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password): Adds methods to set and authenticate against a BCrypt password.
+- [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password): Adds methods to set and authenticate against a bcrypt password.
 - [signed cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): Returns a jar that'll automatically generate a signed representation of cookie value and verify it when reading from the cookie again.
 - [httponly cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html): A cookie with the httponly attribute is inaccessible to the JavaScript, this precaution helps mitigate cross-site scripting (XSS) attacks.
 - [signed_id](https://api.rubyonrails.org/classes/ActiveRecord/SignedId.html): Returns a signed id that is tamper proof, so it's safe to send in an email or otherwise share with the outside world.
-- [Current attributes](https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html): Abstract super class that provides a thread-isolated attributes singleton, which resets automatically before and after each request.
-- [Action mailer](https://api.rubyonrails.org/classes/ActionMailer/Base.html): Action Mailer allows you to send email from your application using a mailer model and views.
-- [Log filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
-- [Functional Tests](https://guides.rubyonrails.org/testing.html#functional-tests-for-your-controllers): In Rails, testing the various actions of a controller is a form of writing functional tests.
-- [System Testing](https://guides.rubyonrails.org/testing.html#system-testing): System tests allow you to test user interactions with your application, running tests in either a real or a headless browser.
-
-## Installation
-
-```
-$ bundle add authentication-zero
-```
-
-## Usage
-
-```
-$ rails generate authentication
-```
+- [current attributes](https://api.rubyonrails.org/classes/ActiveSupport/CurrentAttributes.html): Abstract super class that provides a thread-isolated attributes singleton, which resets automatically before and after each request.
+- [action mailer](https://api.rubyonrails.org/classes/ActionMailer/Base.html): Action Mailer allows you to send email from your application using a mailer model and views.
+- [log filtering](https://guides.rubyonrails.org/action_controller_overview.html#log-filtering): Parameters 'token' and 'password' are marked [FILTERED] in the log.
+- [functional tests](https://guides.rubyonrails.org/testing.html#functional-tests-for-your-controllers): In Rails, testing the various actions of a controller is a form of writing functional tests.
+- [system testing](https://guides.rubyonrails.org/testing.html#system-testing): System tests allow you to test user interactions with your application, running tests in either a real or a headless browser.
 
 ## Development
 

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.16.3"
+  VERSION = "2.16.5"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -8,6 +8,7 @@ class AuthenticationGenerator < Rails::Generators::Base
   class_option :code_verifiable, type: :boolean, desc: "Add email verification using a code for api"
   class_option :sudoable,        type: :boolean, desc: "Add password request before sensitive data changes"
   class_option :lockable,        type: :boolean, desc: "Add password reset locking"
+  class_option :passwordless,    type: :boolean, desc: "Add passwordless sign"
   class_option :omniauthable,    type: :boolean, desc: "Add social login support"
   class_option :trackable,       type: :boolean, desc: "Add activity log support"
   class_option :two_factor,      type: :boolean, desc: "Add two factor authentication"
@@ -52,6 +53,7 @@ class AuthenticationGenerator < Rails::Generators::Base
     migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
     migration_template "migrations/create_email_verification_tokens_migration.rb", "#{db_migrate_path}/create_email_verification_tokens.rb"
     migration_template "migrations/create_password_reset_tokens_migration.rb", "#{db_migrate_path}/create_password_reset_tokens.rb"
+    migration_template "migrations/create_sign_in_tokens_migration.rb", "#{db_migrate_path}/create_sign_in_tokens_migration.rb" if options.passwordless?
     migration_template "migrations/create_events_migration.rb", "#{db_migrate_path}/create_events.rb" if options.trackable?
   end
 
@@ -60,6 +62,7 @@ class AuthenticationGenerator < Rails::Generators::Base
     template "models/session.rb", "app/models/session.rb"
     template "models/email_verification_token.rb", "app/models/email_verification_token.rb"
     template "models/password_reset_token.rb", "app/models/password_reset_token.rb"
+    template "models/sign_in_token.rb", "app/models/sign_in_token.rb" if options.passwordless?
     template "models/current.rb", "app/models/current.rb"
     template "models/event.rb", "app/models/event.rb" if options.trackable?
   end
@@ -79,6 +82,7 @@ class AuthenticationGenerator < Rails::Generators::Base
     template  "controllers/#{format_folder}/home_controller.rb", "app/controllers/home_controller.rb" unless options.api?
     template  "controllers/#{format_folder}/sessions/sudos_controller.rb", "app/controllers/sessions/sudos_controller.rb" if options.sudoable?
     template  "controllers/#{format_folder}/sessions/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
+    template  "controllers/#{format_folder}/sessions/passwordlesses_controller.rb", "app/controllers/sessions/passwordlesses_controller.rb" if options.passwordless?
     template  "controllers/#{format_folder}/authentications/events_controller.rb", "app/controllers/authentications/events_controller.rb" if options.trackable?
   end
 
@@ -96,10 +100,11 @@ class AuthenticationGenerator < Rails::Generators::Base
       directory "erb/passwords", "app/views/passwords"
       directory "erb/registrations", "app/views/registrations"
 
-      template  "erb/sessions/index.html.erb", "app/views/sessions/index.html.erb"
-      template  "erb/sessions/new.html.erb", "app/views/sessions/new.html.erb"
+      template "erb/sessions/index.html.erb", "app/views/sessions/index.html.erb"
+      template "erb/sessions/new.html.erb", "app/views/sessions/new.html.erb"
 
       directory "erb/sessions/sudos", "app/views/sessions/sudos" if options.sudoable?
+      directory "erb/sessions/passwordlesses", "app/views/sessions/passwordlesses" if options.passwordless?
 
       directory "erb/two_factor_authentication", "app/views/two_factor_authentication" if two_factor?
       directory "erb/authentications/events", "app/views/authentications/events" if options.trackable?
@@ -113,6 +118,10 @@ class AuthenticationGenerator < Rails::Generators::Base
   def add_routes
     route "root 'home#index'" unless options.api?
 
+    if options.passwordless?
+      route "resource :passwordless, only: [:new, :edit, :create]", namespace: :sessions
+    end
+
     if omniauthable?
       route "post '/auth/:provider/callback', to: 'sessions/omniauth#create'"
       route "get  '/auth/:provider/callback', to: 'sessions/omniauth#create'"

data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt

@@ -1,10 +1,10 @@
 class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
-  before_action :set_user, only: :update
   <%- if options.lockable? -%>
   before_action :require_lock, only: :create
   <%- end -%>
+  before_action :set_user, only: :update
 
   def create
     if @user = User.find_by(email: params[:email], verified: true)
@@ -16,7 +16,7 @@ class Identity::PasswordResetsController < ApplicationController
 
   def update
     if @user.update(user_params)
-      @token.destroy; render json: @user
+      revoke_tokens; render(json: @user)
     else
       render json: @user.errors, status: :unprocessable_entity
     end
@@ -32,4 +32,8 @@ class Identity::PasswordResetsController < ApplicationController
     def user_params
       params.permit(:password, :password_confirmation)
     end
+
+    def revoke_tokens
+      @user.password_reset_tokens.delete_all
+    end
 end

data/lib/generators/authentication/templates/controllers/api/sessions/passwordlesses_controller.rb.tt

@@ -0,0 +1,34 @@
+class Sessions::PasswordlessesController < ApplicationController
+  skip_before_action :authenticate
+
+  <%- if options.lockable? -%>
+  before_action :require_lock, only: :create
+  <%- end -%>
+  before_action :set_user, only: :edit
+
+  def edit
+    @session = @user.sessions.create!
+    response.set_header "X-Session-Token", @session.signed_id
+
+    revoke_tokens; render(json: @session, status: :created)
+  end
+
+  def create
+    if @user = User.find_by(email: params[:email], verified: true)
+      UserMailer.with(user: @user).passwordless.deliver_later
+    else
+      render json: { error: "You can't sign in until you verify your email" }, status: :bad_request
+    end
+  end
+
+  private
+    def set_user
+      @token = SignInToken.find_signed!(params[:sid]); @user = @token.user
+    rescue
+      render json: { error: "That sign in link is invalid" }, status: :bad_request
+    end
+
+    def revoke_tokens
+      @user.sign_in_tokens.delete_all
+    end
+end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt

@@ -2,7 +2,7 @@ class SessionsController < ApplicationController
   skip_before_action :authenticate, only: :create
 
   <%- if options.lockable? -%>
-  before_action :require_lock, only: :create
+  before_action :require_lock, attempts: 20, only: :create
   <%- end -%>
   before_action :set_session, only: %i[ show destroy ]
 

data/lib/generators/authentication/templates/controllers/html/identity/email_verifications_controller.rb.tt

@@ -9,7 +9,7 @@ class Identity::EmailVerificationsController < ApplicationController
   end
 
   def create
-    UserMailer.with(user: Current.user).email_verification.deliver_later
+    send_email_verification
     redirect_to root_path, notice: "We sent a verification email to your email address"
   end
 
@@ -19,4 +19,8 @@ class Identity::EmailVerificationsController < ApplicationController
     rescue
       redirect_to edit_identity_email_path, alert: "That email verification link is invalid"
     end
+
+    def send_email_verification
+      UserMailer.with(user: Current.user).email_verification.deliver_later
+    end
 end

data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt

@@ -1,10 +1,10 @@
 class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
-  before_action :set_user, only: %i[ edit update ]
   <%- if options.lockable? -%>
   before_action :require_lock, only: :create
   <%- end -%>
+  before_action :set_user, only: %i[ edit update ]
 
   def new
   end
@@ -14,7 +14,7 @@ class Identity::PasswordResetsController < ApplicationController
 
   def create
     if @user = User.find_by(email: params[:email], verified: true)
-      UserMailer.with(user: @user).password_reset.deliver_later
+      send_password_reset_email
       redirect_to sign_in_path, notice: "Check your email for reset instructions"
     else
       redirect_to new_identity_password_reset_path, alert: "You can't reset your password until you verify your email"
@@ -23,7 +23,7 @@ class Identity::PasswordResetsController < ApplicationController
 
   def update
     if @user.update(user_params)
-      @token.destroy; redirect_to(sign_in_path, notice: "Your password was reset successfully. Please sign in")
+      revoke_tokens; redirect_to(sign_in_path, notice: "Your password was reset successfully. Please sign in")
     else
       render :edit, status: :unprocessable_entity
     end
@@ -39,4 +39,12 @@ class Identity::PasswordResetsController < ApplicationController
     def user_params
       params.permit(:password, :password_confirmation)
     end
+
+    def send_password_reset_email
+      UserMailer.with(user: @user).password_reset.deliver_later
+    end
+
+    def revoke_tokens
+      @user.password_reset_tokens.delete_all
+    end
 end

data/lib/generators/authentication/templates/controllers/html/sessions/passwordlesses_controller.rb.tt

@@ -0,0 +1,42 @@
+class Sessions::PasswordlessesController < ApplicationController
+  skip_before_action :authenticate
+
+  <%- if options.lockable? -%>
+  before_action :require_lock, only: :create
+  <%- end -%>
+  before_action :set_user, only: :edit
+
+  def new
+  end
+
+  def edit
+    @session = @user.sessions.create!
+    cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
+
+    revoke_tokens; redirect_to(root_path, notice: "Signed in successfully")
+  end
+
+  def create
+    if @user = User.find_by(email: params[:email], verified: true)
+      send_passwordless_email
+      redirect_to sign_in_path, notice: "Check your email for sign in instructions"
+    else
+      redirect_to new_sessions_passwordless_path, alert: "You can't sign in until you verify your email"
+    end
+  end
+
+  private
+    def set_user
+      @token = SignInToken.find_signed!(params[:sid]); @user = @token.user
+    rescue
+      redirect_to new_sessions_passwordless_path, alert: "That sign in link is invalid"
+    end
+
+    def send_passwordless_email
+      UserMailer.with(user: @user).passwordless.deliver_later
+    end
+
+    def revoke_tokens
+      @user.sign_in_tokens.delete_all
+    end
+end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt

@@ -2,7 +2,7 @@ class SessionsController < ApplicationController
   skip_before_action :authenticate, only: %i[ new create ]
 
   <%- if options.lockable? -%>
-  before_action :require_lock, only: :create
+  before_action :require_lock, attempts: 20, only: :create
   <%- end -%>
   before_action :set_session, only: :destroy
 
@@ -21,7 +21,6 @@ class SessionsController < ApplicationController
       <%- if two_factor? -%>
       if user.otp_secret
         signed_id = user.signed_id(purpose: :authentication_challenge, expires_in: 20.minutes)
-
         redirect_to new_two_factor_authentication_challenge_path(token: signed_id)
       else
         @session = user.sessions.create!

data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt

@@ -18,6 +18,14 @@
     <%%= form.submit "Sign in" %>
   </div>
 <%% end %>
+
+<br>
+
+<%- if options.passwordless? %>
+<div>
+  <%%= link_to "Sign in without password", new_sessions_passwordless_path %>
+</div>
+<%- end -%>
 <%- if omniauthable? %>
 <div>
   <%%= button_to "Sign in with OmniAuth", "/auth/developer", "data-turbo" => false %>

data/lib/generators/authentication/templates/erb/sessions/passwordlesses/new.html.erb.tt

@@ -0,0 +1,14 @@
+<p style="color: red"><%%= alert %></p>
+
+<h1>Sign in without password</h1>
+
+<%%= form_with(url: sessions_passwordless_path) do |form| %>
+  <div>
+    <%%= form.label :email, style: "display: block" %>
+    <%%= form.email_field :email, autofocus: true, required: true %>
+  </div>
+
+  <div>
+    <%%= form.submit "Sign in" %>
+  </div>
+<%% end %>

data/lib/generators/authentication/templates/erb/user_mailer/passwordless.html.erb.tt

@@ -0,0 +1,9 @@
+<p>Hey there,</p>
+
+<p>You requested a magic sign-in link. Here you go:</p>
+
+<%%= link_to "Sign in without password", edit_sessions_passwordless_url(sid: @signed_id) %>
+
+<hr>
+
+<p>Have questions or need help? Just reply to this email and our support team will help you sort it out.</p>

data/lib/generators/authentication/templates/mailers/user_mailer.rb.tt

@@ -16,4 +16,12 @@ class UserMailer < ApplicationMailer
 
     mail to: @user.email, subject: "Verify your email"
   end
+  <%- if options.passwordless? %>
+  def passwordless
+    @user = params[:user]
+    @signed_id = @user.sign_in_tokens.create.signed_id(expires_in: 1.day)
+
+    mail to: @user.email, subject: "Your sign in link"
+  end
+  <%- end -%>
 end

data/lib/generators/authentication/templates/migrations/create_sign_in_tokens_migration.rb.tt

@@ -0,0 +1,7 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :sign_in_tokens do |t|
+      t.references :user, null: false, foreign_key: true
+    end
+  end
+end

data/lib/generators/authentication/templates/models/sign_in_token.rb.tt

@@ -0,0 +1,3 @@
+class SignInToken < ApplicationRecord
+  belongs_to :user
+end

data/lib/generators/authentication/templates/models/user.rb.tt

@@ -3,6 +3,9 @@ class User < ApplicationRecord
 
   has_many :email_verification_tokens, dependent: :destroy
   has_many :password_reset_tokens, dependent: :destroy
+  <%- if options.passwordless? -%>
+  has_many :sign_in_tokens, dependent: :destroy
+  <%- end -%>
 
   has_many :sessions, dependent: :destroy
   <%- if options.trackable? -%>
@@ -22,7 +25,7 @@ class User < ApplicationRecord
     self.email = email.downcase.strip
   end
 
-  before_validation if: :email_changed?, unless: :new_record? do
+  before_validation if: :email_changed?, on: :update do
     self.verified = false
   end
 
@@ -38,8 +41,8 @@ class User < ApplicationRecord
     events.create! action: "password_changed"
   end
 
-  after_update if: :verified_previously_changed? do
-    events.create! action: "email_verified" if verified?
+  after_update if: [:verified_previously_changed?, :verified?] do
+    events.create! action: "email_verified"
   end
   <%- end -%>
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.16.3
+  version: 2.16.5
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-05 00:00:00.000000000 Z
+date: 2023-02-13 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -44,6 +44,7 @@ files:
 - lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/sessions/passwordlesses_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/application_controller.rb.tt
@@ -55,6 +56,7 @@ files:
 - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/sessions/passwordlesses_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt
@@ -69,23 +71,27 @@ files:
 - lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
+- lib/generators/authentication/templates/erb/sessions/passwordlesses/new.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt
 - lib/generators/authentication/templates/erb/two_factor_authentication/challenges/new.html.erb.tt
 - lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
 - lib/generators/authentication/templates/erb/user_mailer/email_verification.html.erb.tt
 - lib/generators/authentication/templates/erb/user_mailer/password_reset.html.erb.tt
+- lib/generators/authentication/templates/erb/user_mailer/passwordless.html.erb.tt
 - lib/generators/authentication/templates/mailers/session_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/user_mailer.rb.tt
 - lib/generators/authentication/templates/migrations/create_email_verification_tokens_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_events_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_password_reset_tokens_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
+- lib/generators/authentication/templates/migrations/create_sign_in_tokens_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_users_migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
 - lib/generators/authentication/templates/models/email_verification_token.rb.tt
 - lib/generators/authentication/templates/models/event.rb.tt
 - lib/generators/authentication/templates/models/password_reset_token.rb.tt
 - lib/generators/authentication/templates/models/session.rb.tt
+- lib/generators/authentication/templates/models/sign_in_token.rb.tt
 - lib/generators/authentication/templates/models/user.rb.tt
 - lib/generators/authentication/templates/test_unit/application_system_test_case.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt