RubyGems - authentication-zero - Versions diffs - 2.2.10 → 2.3.2 - Mend

authentication-zero 2.2.10 → 2.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d86415b86a2afceb0fd9f224ca9edd8f6ee32824d0e3c4bd8bb4ed6b7ac01b29
-  data.tar.gz: 7f16a4f0cd62f7a6ebc201172c8e8f7443af20ebf7f43e2aa2cac76eb26edfd5
+  metadata.gz: d624ca7163c73901295fea611c7dbfaac4cb6a4a07e67fdb73e8902bfb196610
+  data.tar.gz: a5f2a10b0094c6deb84b7802feba74f4ab271f46ae427e15249c0ade995d9b9c
 SHA512:
-  metadata.gz: f17fc115b066489463a3f7ee458f1028a731619508db8b559d58b743686b4e217ba00540e7343e59636519da27409abec73801f33d94282866c156bef14aeaf7
-  data.tar.gz: 346c434a4270e1733363d2d0bab34863d7a000646b1ef8f79c42301b9a11fe191b5c548fcefb9f00f5e967ddedf1fa505febd343ff2608348505c97b1e40f01d
+  metadata.gz: 65745cf79a45d33c105eacea19b7575837597fd86265cc5cf481d1b4262ec7964c7b9f61e0fcf55a443a5009ff1da7341e7c53a994240b1271c8f8aa64a16c22
+  data.tar.gz: ac01c99af8da3c5fd7f0d50ba357fb17cb3e905302a425861ce92b9cb306148d630ac303d95943b175efc5a09ed9f0817eddc8c4229593b08a21f25730623c96

data/CHANGELOG.md CHANGED Viewed

@@ -0,0 +1,5 @@
+## Rails 2.3.0 (February 26, 2022) ##
+* Implemented sudo
+* Destroy sessions after change password
+* On system tests, assert_current_path in sign_in

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.2.10)
+    authentication-zero (2.3.2)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED Viewed

@@ -8,10 +8,11 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - **Inspired by hey.com**
 - Sign up
 - Email and password validations
-- Reset the user password and send reset instructions
-- Reset the user password only from verified emails
 - Authentication by cookie (html)
 - Authentication by token (api)
+- Ask password before sensitive data changes, aka: sudo
+- Reset the user password and send reset instructions
+- Reset the user password only from verified emails
 - Send e-mail verification when your email has been changed
 - Send email when someone has logged into your account
 - Manage multiple sessions & devices

data/lib/authentication_zero/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.2.10"
+  VERSION = "2.3.2"
 end

data/lib/generators/authentication/authentication_generator.rb CHANGED Viewed

@@ -11,8 +11,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   class_option :fixture, type: :boolean, default: true
   class_option :system_tests, type: :string, desc: "Skip system test files"
-  class_option :skip_routes, type: :boolean
-  class_option :template_engine, type: :string, desc: "Template engine to be invoked"
+  class_option :skip_routes, type: :boolean, default: false
   source_root File.expand_path("templates", __dir__)
@@ -47,27 +46,37 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       before_action :authenticate
-      private
-        def authenticate
-          if session = authenticate_with_http_token { |token, _| Session.find_signed(token) }
-            Current.session = session
-          else
-            request_http_token_authentication
-          end
+      def authenticate
+        if session = authenticate_with_http_token { |token, _| Session.find_signed(token) }
+          Current.session = session
+        else
+          request_http_token_authentication
         end
+      end
+      def require_sudo
+        if Time.current > 30.minutes.after(Current.session.sudo_at)
+          render json: { error: "Enter your password to continue" }, status: :forbidden
+        end
+      end
     CODE
     html_code = <<~CODE
       before_action :authenticate
-      private
-        def authenticate
-          if session = Session.find_by_id(cookies.signed[:session_token])
-            Current.session = session
-          else
-            redirect_to sign_in_path
-          end
+      def authenticate
+        if session = Session.find_by_id(cookies.signed[:session_token])
+          Current.session = session
+        else
+          redirect_to sign_in_path
+        end
+      end
+      def require_sudo
+        if Time.current > 30.minutes.after(Current.session.sudo_at)
+          redirect_to new_sudo_path(proceed_to_url: request.url)
         end
+      end
     CODE
     inject_code = options.api? ? api_code : html_code
@@ -83,7 +92,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       directory "erb/identity_mailer", "app/views/identity_mailer"
       directory "erb/session_mailer", "app/views/session_mailer"
     else
-      directory "#{template_engine}", "app/views"
+      directory "erb", "app/views"
     end
   end
@@ -93,6 +102,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def add_routes
     unless options.skip_routes
+      route "resource :sudo, only: [:new, :create]"
       route "resource :registration, only: :destroy"
       route "resource :password_reset, only: [:new, :edit, :create, :update]"
       route "resource :password, only: [:edit, :update]"
@@ -116,10 +126,6 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       options.api ? "api" : "html"
     end
-    def template_engine
-      options.template_engine
-    end
     def test_framework
       options.test_framework
     end

data/lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt CHANGED Viewed

@@ -1,4 +1,6 @@
 class EmailVerificationsController < ApplicationController
+  skip_before_action :authenticate, only: :edit
   before_action :set_<%= singular_table_name %>, only: :edit
   def edit

data/lib/generators/authentication/templates/controllers/api/emails_controller.rb.tt CHANGED Viewed

@@ -1,10 +1,9 @@
 class EmailsController < ApplicationController
+  before_action :require_sudo
   before_action :set_<%= singular_table_name %>
   def update
-    if !@<%= singular_table_name %>.authenticate(params[:current_password])
-      render json: { error: "The current password you entered is incorrect" }, status: :bad_request
-    elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
+    if @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
       render json: @<%= singular_table_name %>
     else
       render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity

data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt CHANGED Viewed

@@ -4,8 +4,8 @@ class PasswordResetsController < ApplicationController
   before_action :set_<%= singular_table_name %>, only: :update
   def create
-    if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
-      IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
+    if <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
+      IdentityMailer.with(<%= singular_table_name %>: <%= singular_table_name %>).password_reset_provision.deliver_later
     else
       render json: { error: "You can't reset your password until you verify your email" }, status: :not_found
     end

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt CHANGED Viewed

@@ -2,12 +2,12 @@ class RegistrationsController < ApplicationController
   skip_before_action :authenticate, only: :create
   def create
-    @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
+    <%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
-    if @<%= singular_table_name %>.save
-      render json: @<%= singular_table_name %>, status: :created
+    if <%= singular_table_name %>.save
+      render json: <%= singular_table_name %>, status: :created
     else
-      render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
+      render json: <%= singular_table_name %>.errors, status: :unprocessable_entity
     end
   end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt CHANGED Viewed

@@ -12,10 +12,10 @@ class SessionsController < ApplicationController
   end
   def create
-    @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+    <%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
-    if @<%= singular_table_name %> && @<%= singular_table_name %>.authenticate(params[:password])
-      session = @<%= singular_table_name %>.sessions.create!(session_params)
+    if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
+      session = <%= singular_table_name %>.sessions.create!(session_params)
       response.set_header("X-Session-Token", session.signed_id)
       render json: session, status: :created
@@ -34,6 +34,6 @@ class SessionsController < ApplicationController
     end
     def session_params
-      { user_agent: request.user_agent, ip_address: request.remote_ip }
+      { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
     end
 end

data/lib/generators/authentication/templates/controllers/api/sudos_controller.rb.tt ADDED Viewed

@@ -0,0 +1,11 @@
+class SudosController < ApplicationController
+  def create
+    session = Current.session
+    if session.<%= singular_table_name %>.authenticate(params[:password])
+      session.update! sudo_at: Time.current
+    else
+      render json: { error: "The password you entered is incorrect" }, status: :bad_request
+    end
+  end
+end

data/lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt CHANGED Viewed

@@ -1,4 +1,6 @@
 class EmailVerificationsController < ApplicationController
+  skip_before_action :authenticate, only: :edit
   before_action :set_<%= singular_table_name %>, only: :edit
   def edit

data/lib/generators/authentication/templates/controllers/html/emails_controller.rb.tt CHANGED Viewed

@@ -1,13 +1,12 @@
 class EmailsController < ApplicationController
+  before_action :require_sudo
   before_action :set_<%= singular_table_name %>
   def edit
   end
   def update
-    if !@<%= singular_table_name %>.authenticate(params[:current_password])
-      redirect_to edit_email_path, alert: "The current password you entered is incorrect"
-    elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
+    if @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
       redirect_to root_path, notice: "Your email has been changed"
     else
       render :edit, status: :unprocessable_entity

data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt CHANGED Viewed

@@ -10,8 +10,8 @@ class PasswordResetsController < ApplicationController
   end
   def create
-    if @<%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
-      IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
+    if <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
+      IdentityMailer.with(<%= singular_table_name %>: <%= singular_table_name %>).password_reset_provision.deliver_later
       redirect_to sign_in_path, notice: "Check your email for reset instructions"
     else
       redirect_to new_password_reset_path, alert: "You can't reset your password until you verify your email"

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt CHANGED Viewed

@@ -6,10 +6,10 @@ class RegistrationsController < ApplicationController
   end
   def create
-    @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
+    <%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
-    if @<%= singular_table_name %>.save
-      session = @<%= singular_table_name %>.sessions.create!(session_params)
+    if <%= singular_table_name %>.save
+      session = <%= singular_table_name %>.sessions.create!(session_params)
       cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
       redirect_to root_path, notice: "Welcome! You have signed up successfully"
@@ -19,8 +19,7 @@ class RegistrationsController < ApplicationController
   end
   def destroy
-    Current.<%= singular_table_name %>.destroy
-    redirect_to sign_in_path, notice: "Your account is closed"
+    Current.<%= singular_table_name %>.destroy; redirect_to(sign_in_path, notice: "Your account is closed")
   end
   private
@@ -29,6 +28,6 @@ class RegistrationsController < ApplicationController
     end
     def session_params
-      { user_agent: request.user_agent, ip_address: request.remote_ip }
+      { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
     end
 end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt CHANGED Viewed

@@ -12,10 +12,10 @@ class SessionsController < ApplicationController
   end
   def create
-    @<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
+    <%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
-    if @<%= singular_table_name %> && @<%= singular_table_name %>.authenticate(params[:password])
-      session = @<%= singular_table_name %>.sessions.create!(session_params)
+    if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
+      session = <%= singular_table_name %>.sessions.create!(session_params)
       cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
       redirect_to root_path, notice: "Signed in successfully"
@@ -35,6 +35,6 @@ class SessionsController < ApplicationController
     end
     def session_params
-      { user_agent: request.user_agent, ip_address: request.remote_ip }
+      { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
     end
 end

data/lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt ADDED Viewed

@@ -0,0 +1,14 @@
+class SudosController < ApplicationController
+  def new
+  end
+  def create
+    session = Current.session
+    if session.<%= singular_table_name %>.authenticate(params[:password])
+      session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
+    else
+      redirect_to new_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
+    end
+  end
+end

data/lib/generators/authentication/templates/erb/emails/edit.html.erb.tt CHANGED Viewed

@@ -21,11 +21,6 @@
     </div>
   <%% end %>
-  <div>
-    <%%= label_tag :current_password, nil, style: "display: block" %>
-    <%%= password_field_tag :current_password, nil, autofocus: true, autocomplete: "current-password" %>
-  </div>
   <div>
     <%%= form.label :email, "New email", style: "display: block" %>
     <%%= form.email_field :email %>

data/lib/generators/authentication/templates/erb/sudos/new.html.erb.tt ADDED Viewed

@@ -0,0 +1,28 @@
+<p style="color: red"><%%= alert %></p>
+<h1>Enter your password to continue</h1>
+<%%= form_with(url: sudo_path) do |form| %>
+  <%%= hidden_field_tag :proceed_to_url, params[:proceed_to_url] %>
+  <div>
+    <%%= password_field_tag :password, nil, autofocus: true, autocomplete: "current-password" %>
+  </div>
+  <div>
+    <%%= form.submit "Continue" %>
+  </div>
+<%% end %>
+<br>
+<p>
+  <strong>Why are you asking me to do this?</strong><br>
+  To better protect your account, we'll occasionally ask you to confirm your password before performing sensitive actions.
+</p>
+<p>
+  <strong>Forgot your password?</strong><br>
+  We'll help you <%%= link_to "reset it", new_password_reset_path %> so you can continue.
+</p>

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt CHANGED Viewed

@@ -5,6 +5,8 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
       t.string :user_agent
       t.string :ip_address
+      t.datetime :sudo_at, null: false
       t.timestamps
     end
   end

data/lib/generators/authentication/templates/models/model.rb.tt CHANGED Viewed

@@ -17,6 +17,10 @@ class <%= class_name %> < ApplicationRecord
     self.verified = false
   end
+  after_update if: :password_digest_previously_changed? do
+    sessions.where.not(id: Current.session).destroy_all
+  end
   after_create_commit do
     IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
   end

data/lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt CHANGED Viewed

@@ -6,15 +6,17 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should update email" do
-    patch email_url, params: { current_password: "Secret123456", email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
+    patch email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :success
   end
-  test "should not update email with wrong current password" do
-    patch email_url, params: { current_password: "wrong_password", email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+  test "should not update email without sudo" do
+    @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
-    assert_response :bad_request
-    assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
+    patch email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :forbidden
+    assert_equal "Enter your password to continue", response.parsed_body["error"]
   end
   def sign_in_as(<%= singular_table_name %>)

data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt CHANGED Viewed

@@ -11,7 +11,7 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should not update password with wrong current password" do
-    patch password_url, params: { current_password: "wrong_password", password: "Secret654321", password_confirmation: "Secret654321" }, headers: { "Authorization" => "Bearer #{@token}" }
+    patch password_url, params: { current_password: "SecretWrong123", password: "Secret654321", password_confirmation: "Secret654321" }, headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :bad_request
     assert_equal "The current password you entered is incorrect", response.parsed_body["error"]

data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt CHANGED Viewed

@@ -23,7 +23,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should not sign in with wrong credentials" do
-    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "wrong_password" }
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "SecretWrong123" }
     assert_response :unauthorized
   end

data/lib/generators/authentication/templates/test_unit/controllers/api/sudos_controller_test.rb.tt ADDED Viewed

@@ -0,0 +1,24 @@
+require "test_helper"
+class SudosControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
+    @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
+  end
+  test "should sudo" do
+    post sudo_url, params: { password: "Secret123456" }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :no_content
+  end
+  test "should not sudo with wrong password" do
+    post sudo_url, params: { password: "SecretWrong123" }, headers: { "Authorization" => "Bearer #{@token}" }
+    assert_response :bad_request
+    assert_equal "The password you entered is incorrect", response.parsed_body["error"]
+  end
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt CHANGED Viewed

@@ -10,16 +10,23 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
   end
+  test "should not get edit without sudo" do
+    @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
+    get edit_email_url
+    assert_redirected_to new_sudo_path(proceed_to_url: edit_email_url)
+  end
   test "should update email" do
-    patch email_url, params: { current_password: "Secret123456", <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    patch email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
     assert_redirected_to root_path
   end
-  test "should not update email with wrong current password" do
-    patch email_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { email: @<%= singular_table_name %>.email } }
+  test "should not update email without sudo" do
+    @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
-    assert_redirected_to edit_email_path
-    assert_equal "The current password you entered is incorrect", flash[:alert]
+    patch email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    assert_redirected_to new_sudo_path(proceed_to_url: email_url)
   end
   def sign_in_as(<%= singular_table_name %>)

data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt CHANGED Viewed

@@ -16,7 +16,7 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should not update password with wrong current password" do
-    patch password_url, params: { current_password: "wrong_password", <%= singular_table_name %>: { password: "Secret654321", password_confirmation: "Secret654321" } }
+    patch password_url, params: { current_password: "SecretWrong123", <%= singular_table_name %>: { password: "Secret654321", password_confirmation: "Secret654321" } }
     assert_redirected_to edit_password_path
     assert_equal "The current password you entered is incorrect", flash[:alert]

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt CHANGED Viewed

@@ -28,7 +28,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
   test "should not sign in with wrong credentials" do
-    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "wrong_password" }
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "SecretWrong123" }
     assert_redirected_to sign_in_url(email_hint: @<%= singular_table_name %>.email)
     assert_equal "That email or password is incorrect", flash[:alert]

data/lib/generators/authentication/templates/test_unit/controllers/html/sudos_controller_test.rb.tt ADDED Viewed

@@ -0,0 +1,26 @@
+require "test_helper"
+class SudosControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+  test "should get new" do
+    get new_sudo_url(proceed_to_url: edit_password_url)
+    assert_response :success
+  end
+  test "should sudo" do
+    post sudo_url, params: { password: "Secret123456", proceed_to_url: edit_password_url }
+    assert_redirected_to edit_password_url
+  end
+  test "should not sudo with wrong password" do
+    post sudo_url, params: { password: "SecretWrong123", proceed_to_url: edit_password_url }
+    assert_redirected_to new_sudo_url(proceed_to_url: edit_password_url)
+  end
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
+end

data/lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt CHANGED Viewed

@@ -8,7 +8,6 @@ class EmailsTest < ApplicationSystemTestCase
   test "updating the email" do
     click_on "Change email address"
-    fill_in "Current password", with: "Secret123456"
     fill_in "New email", with: "new_email@hey.com"
     click_on "Save changes"
@@ -30,6 +29,7 @@ class EmailsTest < ApplicationSystemTestCase
     fill_in :password, with: "Secret123456"
     click_on "Sign in"
+    assert_current_path root_path
     return <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt CHANGED Viewed

@@ -22,6 +22,7 @@ class PasswordsTest < ApplicationSystemTestCase
     fill_in :password, with: "Secret123456"
     click_on "Sign in"
+    assert_current_path root_path
     return <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt CHANGED Viewed

@@ -6,8 +6,7 @@ class RegistrationsTest < ApplicationSystemTestCase
   end
   test "signing up" do
-    visit sign_in_url
-    click_on "Sign up"
+    visit sign_up_url
     fill_in "Email", with: "lazaronixon@hey.com"
     fill_in "Password", with: "Secret654321"
@@ -19,8 +18,8 @@ class RegistrationsTest < ApplicationSystemTestCase
   test "cancelling my account" do
     sign_in_as @<%= singular_table_name %>
-    click_on "Cancel my account & delete my data"
+    click_on "Cancel my account & delete my data"
     assert_text "Your account is closed"
   end
@@ -30,6 +29,7 @@ class RegistrationsTest < ApplicationSystemTestCase
     fill_in :password, with: "Secret123456"
     click_on "Sign in"
+    assert_current_path root_path
     return <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt CHANGED Viewed

@@ -21,19 +21,13 @@ class SessionsTest < ApplicationSystemTestCase
     assert_text "Signed in successfully"
   end
-  test "signing out" do
-    sign_in_as @<%= singular_table_name %>
-    click_on "Log out"
-    assert_selector "h1", text: "Sign in"
-  end
   def sign_in_as(<%= singular_table_name %>)
     visit sign_in_url
     fill_in :email, with: <%= singular_table_name %>.email
     fill_in :password, with: "Secret123456"
     click_on "Sign in"
+    assert_current_path root_path
     return <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/system/sudos_test.rb.tt ADDED Viewed

@@ -0,0 +1,25 @@
+require "application_system_test_case"
+class SudosTest < ApplicationSystemTestCase
+  setup do
+    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
+  end
+  test "executing sudo" do
+    visit new_sudo_url(proceed_to_url: edit_password_url)
+    fill_in :password, with: "Secret123456"
+    click_on "Continue"
+    assert_selector "h1", text: "Change your password"
+  end
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "Secret123456"
+    click_on "Sign in"
+    assert_current_path root_path
+    return <%= singular_table_name %>
+  end
+end

metadata CHANGED Viewed

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.2.10
+  version: 2.3.2
 platform: ruby
 authors:
 - Nixon
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-25 00:00:00.000000000 Z
+date: 2022-02-26 00:00:00.000000000 Z
 dependencies: []
-description:
+description:
 email:
 - lazaronixon@hotmail.com
 executables: []
@@ -37,12 +37,14 @@ files:
 - lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/emails_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt
 - lib/generators/authentication/templates/erb/emails/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt
 - lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt
@@ -56,6 +58,7 @@ files:
 - lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt
 - lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
+- lib/generators/authentication/templates/erb/sudos/new.html.erb.tt
 - lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/session_mailer.rb.tt
 - lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
@@ -69,18 +72,21 @@ files:
 - lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/sudos_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/sudos_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/fixtures.yml.tt
 - lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/sudos_test.rb.tt
 homepage: https://github.com/lazaronixon/authentication-zero
 licenses:
 - MIT
@@ -88,7 +94,7 @@ metadata:
   homepage_uri: https://github.com/lazaronixon/authentication-zero
   source_code_uri: https://github.com/lazaronixon/authentication-zero
   changelog_uri: https://github.com/lazaronixon/authentication-zero/blob/main/CHANGELOG.md
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -103,8 +109,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: An authentication system generator for Rails applications
 test_files: []