authentication-zero 2.2.8 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +3 -2
- data/lib/authentication_zero/version.rb +1 -1
- data/lib/generators/authentication/authentication_generator.rb +26 -15
- data/lib/generators/authentication/templates/controllers/api/emails_controller.rb.tt +1 -7
- data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt +4 -4
- data/lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt +3 -8
- data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt +4 -4
- data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt +6 -6
- data/lib/generators/authentication/templates/controllers/api/sudos_controller.rb.tt +11 -0
- data/lib/generators/authentication/templates/controllers/html/emails_controller.rb.tt +1 -7
- data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt +4 -4
- data/lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt +3 -8
- data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt +5 -6
- data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt +6 -6
- data/lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt +14 -0
- data/lib/generators/authentication/templates/erb/emails/edit.html.erb.tt +0 -5
- data/lib/generators/authentication/templates/erb/password_resets/edit.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/registrations/new.html.erb.tt +1 -1
- data/lib/generators/authentication/templates/erb/sudos/new.html.erb.tt +28 -0
- data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt +2 -0
- data/lib/generators/authentication/templates/models/model.rb.tt +8 -2
- data/lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt +8 -6
- data/lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt +2 -2
- data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/api/sudos_controller_test.rb.tt +24 -0
- data/lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt +13 -6
- data/lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt +2 -2
- data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt +3 -3
- data/lib/generators/authentication/templates/test_unit/controllers/html/sudos_controller_test.rb.tt +26 -0
- data/lib/generators/authentication/templates/test_unit/fixtures.yml.tt +1 -1
- data/lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt +2 -2
- data/lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt +2 -2
- data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt +5 -4
- data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt +6 -6
- data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt +3 -9
- data/lib/generators/authentication/templates/test_unit/system/sudos_test.rb.tt +25 -0
- metadata +13 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ecdb3e457838bc86f570bc73f0d7766cb68743b04fc3eebbecd20c3fce0ed836
|
4
|
+
data.tar.gz: 9581bcee36b253a0f0811df40d226b588d0c2b5535ffd6c1993ce98ef1d64b61
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3acf56145974e3fdcdf9edbc5524be60c2dcccdc44787fe3f97cc77f367fcdb6f40984f6c8a7ecf1e35e2228037813516609326fe0951c74a7f2be2f0dce9969
|
7
|
+
data.tar.gz: 190228711ae47a0960233cb61ceb6273a6698981f379aca58afb79d9aec0182bc9c122606cec2d68c77fd9fad64474ed27d55b894f3306d9f424b31a8f50a2fd
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -8,10 +8,11 @@ The purpose of authentication zero is to generate a pre-built authentication sys
|
|
8
8
|
- **Inspired by hey.com**
|
9
9
|
- Sign up
|
10
10
|
- Email and password validations
|
11
|
-
- Reset the user password and send reset instructions
|
12
|
-
- Reset the user password only from verified emails
|
13
11
|
- Authentication by cookie (html)
|
14
12
|
- Authentication by token (api)
|
13
|
+
- Ask password before sensitive data changes, aka: sudo
|
14
|
+
- Reset the user password and send reset instructions
|
15
|
+
- Reset the user password only from verified emails
|
15
16
|
- Send e-mail verification when your email has been changed
|
16
17
|
- Send email when someone has logged into your account
|
17
18
|
- Manage multiple sessions & devices
|
@@ -11,7 +11,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
11
11
|
class_option :fixture, type: :boolean, default: true
|
12
12
|
class_option :system_tests, type: :string, desc: "Skip system test files"
|
13
13
|
|
14
|
-
class_option :skip_routes, type: :boolean
|
14
|
+
class_option :skip_routes, type: :boolean, default: false
|
15
15
|
class_option :template_engine, type: :string, desc: "Template engine to be invoked"
|
16
16
|
|
17
17
|
source_root File.expand_path("templates", __dir__)
|
@@ -47,27 +47,37 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
47
47
|
|
48
48
|
before_action :authenticate
|
49
49
|
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
request_http_token_authentication
|
56
|
-
end
|
50
|
+
def authenticate
|
51
|
+
if session = authenticate_with_http_token { |token, _| Session.find_signed(token) }
|
52
|
+
Current.session = session
|
53
|
+
else
|
54
|
+
request_http_token_authentication
|
57
55
|
end
|
56
|
+
end
|
57
|
+
|
58
|
+
def require_sudo
|
59
|
+
if Time.current > 30.minutes.after(Current.session.sudo_at)
|
60
|
+
render json: { error: "Enter your password to continue" }, status: :forbidden
|
61
|
+
end
|
62
|
+
end
|
58
63
|
CODE
|
59
64
|
|
60
65
|
html_code = <<~CODE
|
61
66
|
before_action :authenticate
|
62
67
|
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
68
|
+
def authenticate
|
69
|
+
if session = Session.find_by_id(cookies.signed[:session_token])
|
70
|
+
Current.session = session
|
71
|
+
else
|
72
|
+
redirect_to sign_in_path
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def require_sudo
|
77
|
+
if Time.current > 30.minutes.after(Current.session.sudo_at)
|
78
|
+
redirect_to new_sudo_path(proceed_to_url: request.url)
|
70
79
|
end
|
80
|
+
end
|
71
81
|
CODE
|
72
82
|
|
73
83
|
inject_code = options.api? ? api_code : html_code
|
@@ -93,6 +103,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
|
|
93
103
|
|
94
104
|
def add_routes
|
95
105
|
unless options.skip_routes
|
106
|
+
route "resource :sudo, only: [:new, :create]"
|
96
107
|
route "resource :registration, only: :destroy"
|
97
108
|
route "resource :password_reset, only: [:new, :edit, :create, :update]"
|
98
109
|
route "resource :password, only: [:edit, :update]"
|
@@ -1,6 +1,6 @@
|
|
1
1
|
class EmailsController < ApplicationController
|
2
|
+
before_action :require_sudo
|
2
3
|
before_action :set_<%= singular_table_name %>
|
3
|
-
before_action :validate_current_password
|
4
4
|
|
5
5
|
def update
|
6
6
|
if @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
|
@@ -18,10 +18,4 @@ class EmailsController < ApplicationController
|
|
18
18
|
def <%= "#{singular_table_name}_params" %>
|
19
19
|
params.permit(:email)
|
20
20
|
end
|
21
|
-
|
22
|
-
def validate_current_password
|
23
|
-
unless @<%= singular_table_name %>.authenticate(params[:current_password])
|
24
|
-
render json: { error: "The current password you entered is incorrect" }, status: :bad_request
|
25
|
-
end
|
26
|
-
end
|
27
21
|
end
|
data/lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
class PasswordResetsController < ApplicationController
|
2
|
-
before_action :set_<%= singular_table_name %>, only: :update
|
3
|
-
|
4
2
|
skip_before_action :authenticate
|
5
3
|
|
4
|
+
before_action :set_<%= singular_table_name %>, only: :update
|
5
|
+
|
6
6
|
def create
|
7
|
-
if
|
8
|
-
IdentityMailer.with(<%= singular_table_name %>:
|
7
|
+
if <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
|
8
|
+
IdentityMailer.with(<%= singular_table_name %>: <%= singular_table_name %>).password_reset_provision.deliver_later
|
9
9
|
else
|
10
10
|
render json: { error: "You can't reset your password until you verify your email" }, status: :not_found
|
11
11
|
end
|
@@ -1,9 +1,10 @@
|
|
1
1
|
class PasswordsController < ApplicationController
|
2
2
|
before_action :set_<%= singular_table_name %>
|
3
|
-
before_action :validate_current_password
|
4
3
|
|
5
4
|
def update
|
6
|
-
if
|
5
|
+
if !@<%= singular_table_name %>.authenticate(params[:current_password])
|
6
|
+
render json: { error: "The current password you entered is incorrect" }, status: :bad_request
|
7
|
+
elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
|
7
8
|
render json: @<%= singular_table_name %>
|
8
9
|
else
|
9
10
|
render json: @<%= singular_table_name %>.errors, status: :unprocessable_entity
|
@@ -18,10 +19,4 @@ class PasswordsController < ApplicationController
|
|
18
19
|
def <%= "#{singular_table_name}_params" %>
|
19
20
|
params.permit(:password, :password_confirmation)
|
20
21
|
end
|
21
|
-
|
22
|
-
def validate_current_password
|
23
|
-
unless @<%= singular_table_name %>.authenticate(params[:current_password])
|
24
|
-
render json: { error: "The current password you entered is incorrect" }, status: :bad_request
|
25
|
-
end
|
26
|
-
end
|
27
22
|
end
|
@@ -2,12 +2,12 @@ class RegistrationsController < ApplicationController
|
|
2
2
|
skip_before_action :authenticate, only: :create
|
3
3
|
|
4
4
|
def create
|
5
|
-
|
5
|
+
<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
|
6
6
|
|
7
|
-
if
|
8
|
-
render json:
|
7
|
+
if <%= singular_table_name %>.save
|
8
|
+
render json: <%= singular_table_name %>, status: :created
|
9
9
|
else
|
10
|
-
render json:
|
10
|
+
render json: <%= singular_table_name %>.errors, status: :unprocessable_entity
|
11
11
|
end
|
12
12
|
end
|
13
13
|
|
@@ -1,8 +1,8 @@
|
|
1
1
|
class SessionsController < ApplicationController
|
2
|
-
before_action :set_session, only: %i[ show destroy ]
|
3
|
-
|
4
2
|
skip_before_action :authenticate, only: :create
|
5
3
|
|
4
|
+
before_action :set_session, only: %i[ show destroy ]
|
5
|
+
|
6
6
|
def index
|
7
7
|
render json: Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
|
8
8
|
end
|
@@ -12,10 +12,10 @@ class SessionsController < ApplicationController
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def create
|
15
|
-
|
15
|
+
<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
|
16
16
|
|
17
|
-
if
|
18
|
-
session =
|
17
|
+
if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
|
18
|
+
session = <%= singular_table_name %>.sessions.create!(session_params)
|
19
19
|
response.set_header("X-Session-Token", session.signed_id)
|
20
20
|
|
21
21
|
render json: session, status: :created
|
@@ -34,6 +34,6 @@ class SessionsController < ApplicationController
|
|
34
34
|
end
|
35
35
|
|
36
36
|
def session_params
|
37
|
-
{ user_agent: request.user_agent, ip_address: request.remote_ip }
|
37
|
+
{ user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
|
38
38
|
end
|
39
39
|
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class SudosController < ApplicationController
|
2
|
+
def create
|
3
|
+
session = Current.session
|
4
|
+
|
5
|
+
if session.<%= singular_table_name %>.authenticate(params[:password])
|
6
|
+
session.update! sudo_at: Time.current
|
7
|
+
else
|
8
|
+
render json: { error: "The password you entered is incorrect" }, status: :bad_request
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
class EmailsController < ApplicationController
|
2
|
+
before_action :require_sudo
|
2
3
|
before_action :set_<%= singular_table_name %>
|
3
|
-
before_action :validate_current_password, only: :update
|
4
4
|
|
5
5
|
def edit
|
6
6
|
end
|
@@ -21,10 +21,4 @@ class EmailsController < ApplicationController
|
|
21
21
|
def <%= "#{singular_table_name}_params" %>
|
22
22
|
params.require(:<%= singular_table_name %>).permit(:email)
|
23
23
|
end
|
24
|
-
|
25
|
-
def validate_current_password
|
26
|
-
unless @<%= singular_table_name %>.authenticate(params[:current_password])
|
27
|
-
redirect_to edit_email_path, alert: "The current password you entered is incorrect"
|
28
|
-
end
|
29
|
-
end
|
30
24
|
end
|
data/lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
class PasswordResetsController < ApplicationController
|
2
|
-
before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
|
3
|
-
|
4
2
|
skip_before_action :authenticate
|
5
3
|
|
4
|
+
before_action :set_<%= singular_table_name %>, only: %i[ edit update ]
|
5
|
+
|
6
6
|
def new
|
7
7
|
end
|
8
8
|
|
@@ -10,8 +10,8 @@ class PasswordResetsController < ApplicationController
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def create
|
13
|
-
if
|
14
|
-
IdentityMailer.with(<%= singular_table_name %>:
|
13
|
+
if <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email], verified: true)
|
14
|
+
IdentityMailer.with(<%= singular_table_name %>: <%= singular_table_name %>).password_reset_provision.deliver_later
|
15
15
|
redirect_to sign_in_path, notice: "Check your email for reset instructions"
|
16
16
|
else
|
17
17
|
redirect_to new_password_reset_path, alert: "You can't reset your password until you verify your email"
|
@@ -1,12 +1,13 @@
|
|
1
1
|
class PasswordsController < ApplicationController
|
2
2
|
before_action :set_<%= singular_table_name %>
|
3
|
-
before_action :validate_current_password, only: :update
|
4
3
|
|
5
4
|
def edit
|
6
5
|
end
|
7
6
|
|
8
7
|
def update
|
9
|
-
if
|
8
|
+
if !@<%= singular_table_name %>.authenticate(params[:current_password])
|
9
|
+
redirect_to edit_password_path, alert: "The current password you entered is incorrect"
|
10
|
+
elsif @<%= singular_table_name %>.update(<%= "#{singular_table_name}_params" %>)
|
10
11
|
redirect_to root_path, notice: "Your password has been changed"
|
11
12
|
else
|
12
13
|
render :edit, status: :unprocessable_entity
|
@@ -21,10 +22,4 @@ class PasswordsController < ApplicationController
|
|
21
22
|
def <%= "#{singular_table_name}_params" %>
|
22
23
|
params.require(:<%= singular_table_name %>).permit(:password, :password_confirmation)
|
23
24
|
end
|
24
|
-
|
25
|
-
def validate_current_password
|
26
|
-
unless @<%= singular_table_name %>.authenticate(params[:current_password])
|
27
|
-
redirect_to edit_password_path, alert: "The current password you entered is incorrect"
|
28
|
-
end
|
29
|
-
end
|
30
25
|
end
|
data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
CHANGED
@@ -6,10 +6,10 @@ class RegistrationsController < ApplicationController
|
|
6
6
|
end
|
7
7
|
|
8
8
|
def create
|
9
|
-
|
9
|
+
<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
|
10
10
|
|
11
|
-
if
|
12
|
-
session =
|
11
|
+
if <%= singular_table_name %>.save
|
12
|
+
session = <%= singular_table_name %>.sessions.create!(session_params)
|
13
13
|
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
|
14
14
|
|
15
15
|
redirect_to root_path, notice: "Welcome! You have signed up successfully"
|
@@ -19,8 +19,7 @@ class RegistrationsController < ApplicationController
|
|
19
19
|
end
|
20
20
|
|
21
21
|
def destroy
|
22
|
-
Current.<%= singular_table_name %>.destroy
|
23
|
-
redirect_to sign_in_path, notice: "Your account is closed"
|
22
|
+
Current.<%= singular_table_name %>.destroy; redirect_to(sign_in_path, notice: "Your account is closed")
|
24
23
|
end
|
25
24
|
|
26
25
|
private
|
@@ -29,6 +28,6 @@ class RegistrationsController < ApplicationController
|
|
29
28
|
end
|
30
29
|
|
31
30
|
def session_params
|
32
|
-
{ user_agent: request.user_agent, ip_address: request.remote_ip }
|
31
|
+
{ user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
|
33
32
|
end
|
34
33
|
end
|
@@ -1,8 +1,8 @@
|
|
1
1
|
class SessionsController < ApplicationController
|
2
|
-
before_action :set_session, only: :destroy
|
3
|
-
|
4
2
|
skip_before_action :authenticate, only: %i[ new create ]
|
5
3
|
|
4
|
+
before_action :set_session, only: :destroy
|
5
|
+
|
6
6
|
def index
|
7
7
|
@sessions = Current.<%= singular_table_name %>.sessions.order(created_at: :desc)
|
8
8
|
end
|
@@ -12,10 +12,10 @@ class SessionsController < ApplicationController
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def create
|
15
|
-
|
15
|
+
<%= singular_table_name %> = <%= class_name %>.find_by_email(params[:email])
|
16
16
|
|
17
|
-
if
|
18
|
-
session =
|
17
|
+
if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
|
18
|
+
session = <%= singular_table_name %>.sessions.create!(session_params)
|
19
19
|
cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
|
20
20
|
|
21
21
|
redirect_to root_path, notice: "Signed in successfully"
|
@@ -35,6 +35,6 @@ class SessionsController < ApplicationController
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def session_params
|
38
|
-
{ user_agent: request.user_agent, ip_address: request.remote_ip }
|
38
|
+
{ user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
|
39
39
|
end
|
40
40
|
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
class SudosController < ApplicationController
|
2
|
+
def new
|
3
|
+
end
|
4
|
+
|
5
|
+
def create
|
6
|
+
session = Current.session
|
7
|
+
|
8
|
+
if session.<%= singular_table_name %>.authenticate(params[:password])
|
9
|
+
session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
|
10
|
+
else
|
11
|
+
redirect_to new_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -21,11 +21,6 @@
|
|
21
21
|
</div>
|
22
22
|
<%% end %>
|
23
23
|
|
24
|
-
<div>
|
25
|
-
<%%= label_tag :current_password, nil, style: "display: block" %>
|
26
|
-
<%%= password_field_tag :current_password, nil, autofocus: true, autocomplete: "current-password" %>
|
27
|
-
</div>
|
28
|
-
|
29
24
|
<div>
|
30
25
|
<%%= form.label :email, "New email", style: "display: block" %>
|
31
26
|
<%%= form.email_field :email %>
|
@@ -18,7 +18,7 @@
|
|
18
18
|
<div>
|
19
19
|
<%%= form.label :password, "New password", style: "display: block" %>
|
20
20
|
<%%= form.password_field :password, autofocus: true, autocomplete: "new-password" %>
|
21
|
-
<div>
|
21
|
+
<div>12 characters minimum.</div>
|
22
22
|
</div>
|
23
23
|
|
24
24
|
<div>
|
@@ -0,0 +1,28 @@
|
|
1
|
+
<p style="color: red"><%%= alert %></p>
|
2
|
+
|
3
|
+
<h1>Enter your password to continue</h1>
|
4
|
+
|
5
|
+
<%%= form_with(url: sudo_path) do |form| %>
|
6
|
+
|
7
|
+
<%%= hidden_field_tag :proceed_to_url, params[:proceed_to_url] %>
|
8
|
+
|
9
|
+
<div>
|
10
|
+
<%%= password_field_tag :password, nil, autofocus: true, autocomplete: "current-password" %>
|
11
|
+
</div>
|
12
|
+
|
13
|
+
<div>
|
14
|
+
<%%= form.submit "Continue" %>
|
15
|
+
</div>
|
16
|
+
<%% end %>
|
17
|
+
|
18
|
+
<br>
|
19
|
+
|
20
|
+
<p>
|
21
|
+
<strong>Why are you asking me to do this?</strong><br>
|
22
|
+
To better protect your account, we'll occasionally ask you to confirm your password before performing sensitive actions.
|
23
|
+
</p>
|
24
|
+
|
25
|
+
<p>
|
26
|
+
<strong>Forgot your password?</strong><br>
|
27
|
+
We'll help you <%%= link_to "reset it", new_password_reset_path %> so you can continue.
|
28
|
+
</p>
|
@@ -4,8 +4,10 @@ class <%= class_name %> < ApplicationRecord
|
|
4
4
|
has_many :sessions, dependent: :destroy
|
5
5
|
|
6
6
|
validates :email, presence: true, uniqueness: true
|
7
|
-
|
8
|
-
|
7
|
+
validates_format_of :email, with: /\A[^@\s]+@[^@\s]+\z/
|
8
|
+
|
9
|
+
validates_length_of :password, minimum: 12, allow_blank: true
|
10
|
+
validates_format_of :password, with: /(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/, allow_blank: true, message: "might easily be guessed"
|
9
11
|
|
10
12
|
before_validation do
|
11
13
|
self.email = email.downcase.strip
|
@@ -15,6 +17,10 @@ class <%= class_name %> < ApplicationRecord
|
|
15
17
|
self.verified = false
|
16
18
|
end
|
17
19
|
|
20
|
+
after_update if: :password_digest_previously_changed? do
|
21
|
+
sessions.where.not(id: Current.session).destroy_all
|
22
|
+
end
|
23
|
+
|
18
24
|
after_create_commit do
|
19
25
|
IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
|
20
26
|
end
|
@@ -39,6 +39,6 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
|
39
39
|
end
|
40
40
|
|
41
41
|
def sign_in_as(<%= singular_table_name %>)
|
42
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
42
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
43
43
|
end
|
44
44
|
end
|
data/lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt
CHANGED
@@ -6,18 +6,20 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
6
6
|
end
|
7
7
|
|
8
8
|
test "should update email" do
|
9
|
-
patch email_url, params: {
|
9
|
+
patch email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
|
10
10
|
assert_response :success
|
11
11
|
end
|
12
12
|
|
13
|
-
test "should not update email
|
14
|
-
|
13
|
+
test "should not update email without sudo" do
|
14
|
+
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
15
15
|
|
16
|
-
|
17
|
-
|
16
|
+
patch email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
|
17
|
+
|
18
|
+
assert_response :forbidden
|
19
|
+
assert_equal "Enter your password to continue", response.parsed_body["error"]
|
18
20
|
end
|
19
21
|
|
20
22
|
def sign_in_as(<%= singular_table_name %>)
|
21
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
23
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
22
24
|
end
|
23
25
|
end
|
@@ -25,7 +25,7 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
25
25
|
end
|
26
26
|
|
27
27
|
test "should not send a password reset email to a unverified email" do
|
28
|
-
@<%= singular_table_name %>.update!
|
28
|
+
@<%= singular_table_name %>.update! verified: false
|
29
29
|
|
30
30
|
assert_no_enqueued_emails do
|
31
31
|
post password_reset_url, params: { email: @<%= singular_table_name %>.email }
|
@@ -36,12 +36,12 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
36
36
|
end
|
37
37
|
|
38
38
|
test "should update password" do
|
39
|
-
patch password_reset_url, params: { token: @sid, password: "
|
39
|
+
patch password_reset_url, params: { token: @sid, password: "Secret654321", password_confirmation: "Secret654321" }
|
40
40
|
assert_response :success
|
41
41
|
end
|
42
42
|
|
43
43
|
test "should not update password with expired token" do
|
44
|
-
patch password_reset_url, params: { token: @sid_exp, password: "
|
44
|
+
patch password_reset_url, params: { token: @sid_exp, password: "Secret654321", password_confirmation: "Secret654321" }
|
45
45
|
|
46
46
|
assert_response :bad_request
|
47
47
|
assert_equal "That password reset link is invalid", response.parsed_body["error"]
|
@@ -6,18 +6,18 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
6
6
|
end
|
7
7
|
|
8
8
|
test "should update password" do
|
9
|
-
patch password_url, params: { current_password: "
|
9
|
+
patch password_url, params: { current_password: "Secret123456", password: "Secret654321", password_confirmation: "Secret654321" }, headers: { "Authorization" => "Bearer #{@token}" }
|
10
10
|
assert_response :success
|
11
11
|
end
|
12
12
|
|
13
13
|
test "should not update password with wrong current password" do
|
14
|
-
patch password_url, params: { current_password: "
|
14
|
+
patch password_url, params: { current_password: "SecretWrong123", password: "Secret654321", password_confirmation: "Secret654321" }, headers: { "Authorization" => "Bearer #{@token}" }
|
15
15
|
|
16
16
|
assert_response :bad_request
|
17
17
|
assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
|
18
18
|
end
|
19
19
|
|
20
20
|
def sign_in_as(<%= singular_table_name %>)
|
21
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
21
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
22
22
|
end
|
23
23
|
end
|
@@ -3,7 +3,7 @@ require "test_helper"
|
|
3
3
|
class RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
4
4
|
test "should sign up" do
|
5
5
|
assert_difference("<%= class_name %>.count") do
|
6
|
-
post sign_up_url, params: { email: "lazaronixon@hey.com", password: "
|
6
|
+
post sign_up_url, params: { email: "lazaronixon@hey.com", password: "Secret123456", password_confirmation: "Secret123456" }
|
7
7
|
end
|
8
8
|
|
9
9
|
assert_response :created
|
@@ -20,6 +20,6 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
20
20
|
end
|
21
21
|
|
22
22
|
def sign_in_as(<%= singular_table_name %>)
|
23
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
23
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
24
24
|
end
|
25
25
|
end
|
@@ -16,14 +16,14 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
16
16
|
end
|
17
17
|
|
18
18
|
test "should sign in" do
|
19
|
-
post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "
|
19
|
+
post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "Secret123456" }
|
20
20
|
|
21
21
|
assert_enqueued_email_with SessionMailer, :signed_in_notification, args: { session: @<%= singular_table_name %>.sessions.last }
|
22
22
|
assert_response :created
|
23
23
|
end
|
24
24
|
|
25
25
|
test "should not sign in with wrong credentials" do
|
26
|
-
post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "
|
26
|
+
post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "SecretWrong123" }
|
27
27
|
assert_response :unauthorized
|
28
28
|
end
|
29
29
|
|
@@ -33,6 +33,6 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def sign_in_as(<%= singular_table_name %>)
|
36
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
36
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
37
37
|
end
|
38
38
|
end
|
data/lib/generators/authentication/templates/test_unit/controllers/api/sudos_controller_test.rb.tt
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
require "test_helper"
|
2
|
+
|
3
|
+
class SudosControllerTest < ActionDispatch::IntegrationTest
|
4
|
+
setup do
|
5
|
+
@<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
|
+
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
7
|
+
end
|
8
|
+
|
9
|
+
test "should sudo" do
|
10
|
+
post sudo_url, params: { password: "Secret123456" }, headers: { "Authorization" => "Bearer #{@token}" }
|
11
|
+
assert_response :no_content
|
12
|
+
end
|
13
|
+
|
14
|
+
test "should not sudo with wrong password" do
|
15
|
+
post sudo_url, params: { password: "SecretWrong123" }, headers: { "Authorization" => "Bearer #{@token}" }
|
16
|
+
|
17
|
+
assert_response :bad_request
|
18
|
+
assert_equal "The password you entered is incorrect", response.parsed_body["error"]
|
19
|
+
end
|
20
|
+
|
21
|
+
def sign_in_as(<%= singular_table_name %>)
|
22
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
23
|
+
end
|
24
|
+
end
|
@@ -39,6 +39,6 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
|
|
39
39
|
end
|
40
40
|
|
41
41
|
def sign_in_as(<%= singular_table_name %>)
|
42
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
42
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); <%= singular_table_name %>
|
43
43
|
end
|
44
44
|
end
|
data/lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt
CHANGED
@@ -10,19 +10,26 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
|
|
10
10
|
assert_response :success
|
11
11
|
end
|
12
12
|
|
13
|
+
test "should not get edit without sudo" do
|
14
|
+
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
15
|
+
|
16
|
+
get edit_email_url
|
17
|
+
assert_redirected_to new_sudo_path(proceed_to_url: edit_email_url)
|
18
|
+
end
|
19
|
+
|
13
20
|
test "should update email" do
|
14
|
-
patch email_url, params: {
|
21
|
+
patch email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
|
15
22
|
assert_redirected_to root_path
|
16
23
|
end
|
17
24
|
|
18
|
-
test "should not update email
|
19
|
-
|
25
|
+
test "should not update email without sudo" do
|
26
|
+
@<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
|
20
27
|
|
21
|
-
|
22
|
-
|
28
|
+
patch email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
|
29
|
+
assert_redirected_to new_sudo_path(proceed_to_url: email_url)
|
23
30
|
end
|
24
31
|
|
25
32
|
def sign_in_as(<%= singular_table_name %>)
|
26
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
33
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); <%= singular_table_name %>
|
27
34
|
end
|
28
35
|
end
|
@@ -35,7 +35,7 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
35
35
|
end
|
36
36
|
|
37
37
|
test "should not send a password reset email to a unverified email" do
|
38
|
-
@<%= singular_table_name %>.update!
|
38
|
+
@<%= singular_table_name %>.update! verified: false
|
39
39
|
|
40
40
|
assert_no_enqueued_emails do
|
41
41
|
post password_reset_url, params: { email: @<%= singular_table_name %>.email }
|
@@ -46,12 +46,12 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
|
|
46
46
|
end
|
47
47
|
|
48
48
|
test "should update password" do
|
49
|
-
patch password_reset_url, params: { token: @sid, <%= singular_table_name %>: { password: "
|
49
|
+
patch password_reset_url, params: { token: @sid, <%= singular_table_name %>: { password: "Secret654321", password_confirmation: "Secret654321" } }
|
50
50
|
assert_redirected_to sign_in_path
|
51
51
|
end
|
52
52
|
|
53
53
|
test "should not update password with expired token" do
|
54
|
-
patch password_reset_url, params: { token: @sid_exp, password: "
|
54
|
+
patch password_reset_url, params: { token: @sid_exp, password: "Secret654321", password_confirmation: "Secret654321" }
|
55
55
|
|
56
56
|
assert_redirected_to new_password_reset_path
|
57
57
|
assert_equal "That password reset link is invalid", flash[:alert]
|
@@ -11,18 +11,18 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
|
|
11
11
|
end
|
12
12
|
|
13
13
|
test "should update password" do
|
14
|
-
patch password_url, params: { current_password: "
|
14
|
+
patch password_url, params: { current_password: "Secret123456", <%= singular_table_name %>: { password: "Secret654321", password_confirmation: "Secret654321" } }
|
15
15
|
assert_redirected_to root_path
|
16
16
|
end
|
17
17
|
|
18
18
|
test "should not update password with wrong current password" do
|
19
|
-
patch password_url, params: { current_password: "
|
19
|
+
patch password_url, params: { current_password: "SecretWrong123", <%= singular_table_name %>: { password: "Secret654321", password_confirmation: "Secret654321" } }
|
20
20
|
|
21
21
|
assert_redirected_to edit_password_path
|
22
22
|
assert_equal "The current password you entered is incorrect", flash[:alert]
|
23
23
|
end
|
24
24
|
|
25
25
|
def sign_in_as(<%= singular_table_name %>)
|
26
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
26
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); <%= singular_table_name %>
|
27
27
|
end
|
28
28
|
end
|
@@ -8,7 +8,7 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
8
8
|
|
9
9
|
test "should sign up" do
|
10
10
|
assert_difference("<%= class_name %>.count") do
|
11
|
-
post sign_up_url, params: { <%= singular_table_name %>: { email: "lazaronixon@hey.com", password: "
|
11
|
+
post sign_up_url, params: { <%= singular_table_name %>: { email: "lazaronixon@hey.com", password: "Secret123456", password_confirmation: "Secret123456" } }
|
12
12
|
end
|
13
13
|
|
14
14
|
assert_redirected_to root_url
|
@@ -25,6 +25,6 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
|
|
25
25
|
end
|
26
26
|
|
27
27
|
def sign_in_as(<%= singular_table_name %>)
|
28
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
28
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); <%= singular_table_name %>
|
29
29
|
end
|
30
30
|
end
|
@@ -18,7 +18,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
18
18
|
end
|
19
19
|
|
20
20
|
test "should sign in" do
|
21
|
-
post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "
|
21
|
+
post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "Secret123456" }
|
22
22
|
assert_enqueued_email_with SessionMailer, :signed_in_notification, args: { session: @<%= singular_table_name %>.sessions.last }
|
23
23
|
|
24
24
|
assert_redirected_to root_url
|
@@ -28,7 +28,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
28
28
|
end
|
29
29
|
|
30
30
|
test "should not sign in with wrong credentials" do
|
31
|
-
post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "
|
31
|
+
post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "SecretWrong123" }
|
32
32
|
assert_redirected_to sign_in_url(email_hint: @<%= singular_table_name %>.email)
|
33
33
|
assert_equal "That email or password is incorrect", flash[:alert]
|
34
34
|
|
@@ -47,6 +47,6 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
|
|
47
47
|
end
|
48
48
|
|
49
49
|
def sign_in_as(<%= singular_table_name %>)
|
50
|
-
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "
|
50
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); <%= singular_table_name %>
|
51
51
|
end
|
52
52
|
end
|
data/lib/generators/authentication/templates/test_unit/controllers/html/sudos_controller_test.rb.tt
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
require "test_helper"
|
2
|
+
|
3
|
+
class SudosControllerTest < ActionDispatch::IntegrationTest
|
4
|
+
setup do
|
5
|
+
@<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
|
+
end
|
7
|
+
|
8
|
+
test "should get new" do
|
9
|
+
get new_sudo_url(proceed_to_url: edit_password_url)
|
10
|
+
assert_response :success
|
11
|
+
end
|
12
|
+
|
13
|
+
test "should sudo" do
|
14
|
+
post sudo_url, params: { password: "Secret123456", proceed_to_url: edit_password_url }
|
15
|
+
assert_redirected_to edit_password_url
|
16
|
+
end
|
17
|
+
|
18
|
+
test "should not sudo with wrong password" do
|
19
|
+
post sudo_url, params: { password: "SecretWrong123", proceed_to_url: edit_password_url }
|
20
|
+
assert_redirected_to new_sudo_url(proceed_to_url: edit_password_url)
|
21
|
+
end
|
22
|
+
|
23
|
+
def sign_in_as(<%= singular_table_name %>)
|
24
|
+
post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret123456" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
|
25
|
+
end
|
26
|
+
end
|
@@ -8,7 +8,6 @@ class EmailsTest < ApplicationSystemTestCase
|
|
8
8
|
test "updating the email" do
|
9
9
|
click_on "Change email address"
|
10
10
|
|
11
|
-
fill_in "Current password", with: "secret123"
|
12
11
|
fill_in "New email", with: "new_email@hey.com"
|
13
12
|
click_on "Save changes"
|
14
13
|
|
@@ -27,9 +26,10 @@ class EmailsTest < ApplicationSystemTestCase
|
|
27
26
|
def sign_in_as(<%= singular_table_name %>)
|
28
27
|
visit sign_in_url
|
29
28
|
fill_in :email, with: <%= singular_table_name %>.email
|
30
|
-
fill_in :password, with: "
|
29
|
+
fill_in :password, with: "Secret123456"
|
31
30
|
click_on "Sign in"
|
32
31
|
|
32
|
+
assert_current_path root_path
|
33
33
|
return <%= singular_table_name %>
|
34
34
|
end
|
35
35
|
end
|
@@ -19,8 +19,8 @@ class PasswordResetsTest < ApplicationSystemTestCase
|
|
19
19
|
test "updating password" do
|
20
20
|
visit edit_password_reset_url(token: @sid)
|
21
21
|
|
22
|
-
fill_in "New password", with: "
|
23
|
-
fill_in "Confirm new password", with: "
|
22
|
+
fill_in "New password", with: "Secret654321"
|
23
|
+
fill_in "Confirm new password", with: "Secret654321"
|
24
24
|
click_on "Save changes"
|
25
25
|
|
26
26
|
assert_text "Your password was reset successfully. Please sign in"
|
@@ -8,9 +8,9 @@ class PasswordsTest < ApplicationSystemTestCase
|
|
8
8
|
test "updating the password" do
|
9
9
|
click_on "Change password"
|
10
10
|
|
11
|
-
fill_in "Current password", with: "
|
12
|
-
fill_in "New password", with: "
|
13
|
-
fill_in "Confirm new password", with: "
|
11
|
+
fill_in "Current password", with: "Secret123456"
|
12
|
+
fill_in "New password", with: "Secret654321"
|
13
|
+
fill_in "Confirm new password", with: "Secret654321"
|
14
14
|
click_on "Save changes"
|
15
15
|
|
16
16
|
assert_text "Your password has been changed"
|
@@ -19,9 +19,10 @@ class PasswordsTest < ApplicationSystemTestCase
|
|
19
19
|
def sign_in_as(<%= singular_table_name %>)
|
20
20
|
visit sign_in_url
|
21
21
|
fill_in :email, with: <%= singular_table_name %>.email
|
22
|
-
fill_in :password, with: "
|
22
|
+
fill_in :password, with: "Secret123456"
|
23
23
|
click_on "Sign in"
|
24
24
|
|
25
|
+
assert_current_path root_path
|
25
26
|
return <%= singular_table_name %>
|
26
27
|
end
|
27
28
|
end
|
@@ -6,12 +6,11 @@ class RegistrationsTest < ApplicationSystemTestCase
|
|
6
6
|
end
|
7
7
|
|
8
8
|
test "signing up" do
|
9
|
-
visit
|
10
|
-
click_on "Sign up"
|
9
|
+
visit sign_up_url
|
11
10
|
|
12
11
|
fill_in "Email", with: "lazaronixon@hey.com"
|
13
|
-
fill_in "Password", with: "
|
14
|
-
fill_in "Password confirmation", with: "
|
12
|
+
fill_in "Password", with: "Secret654321"
|
13
|
+
fill_in "Password confirmation", with: "Secret654321"
|
15
14
|
click_on "Sign up"
|
16
15
|
|
17
16
|
assert_text "Welcome! You have signed up successfully"
|
@@ -19,17 +18,18 @@ class RegistrationsTest < ApplicationSystemTestCase
|
|
19
18
|
|
20
19
|
test "cancelling my account" do
|
21
20
|
sign_in_as @<%= singular_table_name %>
|
22
|
-
click_on "Cancel my account & delete my data"
|
23
21
|
|
22
|
+
click_on "Cancel my account & delete my data"
|
24
23
|
assert_text "Your account is closed"
|
25
24
|
end
|
26
25
|
|
27
26
|
def sign_in_as(<%= singular_table_name %>)
|
28
27
|
visit sign_in_url
|
29
28
|
fill_in :email, with: <%= singular_table_name %>.email
|
30
|
-
fill_in :password, with: "
|
29
|
+
fill_in :password, with: "Secret123456"
|
31
30
|
click_on "Sign in"
|
32
31
|
|
32
|
+
assert_current_path root_path
|
33
33
|
return <%= singular_table_name %>
|
34
34
|
end
|
35
35
|
end
|
@@ -15,25 +15,19 @@ class SessionsTest < ApplicationSystemTestCase
|
|
15
15
|
test "signing in" do
|
16
16
|
visit sign_in_url
|
17
17
|
fill_in "Email", with: @<%= singular_table_name %>.email
|
18
|
-
fill_in "Password", with: "
|
18
|
+
fill_in "Password", with: "Secret123456"
|
19
19
|
click_on "Sign in"
|
20
20
|
|
21
21
|
assert_text "Signed in successfully"
|
22
22
|
end
|
23
23
|
|
24
|
-
test "signing out" do
|
25
|
-
sign_in_as @<%= singular_table_name %>
|
26
|
-
|
27
|
-
click_on "Log out"
|
28
|
-
assert_selector "h1", text: "Sign in"
|
29
|
-
end
|
30
|
-
|
31
24
|
def sign_in_as(<%= singular_table_name %>)
|
32
25
|
visit sign_in_url
|
33
26
|
fill_in :email, with: <%= singular_table_name %>.email
|
34
|
-
fill_in :password, with: "
|
27
|
+
fill_in :password, with: "Secret123456"
|
35
28
|
click_on "Sign in"
|
36
29
|
|
30
|
+
assert_current_path root_path
|
37
31
|
return <%= singular_table_name %>
|
38
32
|
end
|
39
33
|
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require "application_system_test_case"
|
2
|
+
|
3
|
+
class SudosTest < ApplicationSystemTestCase
|
4
|
+
setup do
|
5
|
+
@<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
|
6
|
+
end
|
7
|
+
|
8
|
+
test "executing sudo" do
|
9
|
+
visit new_sudo_url(proceed_to_url: edit_password_url)
|
10
|
+
fill_in :password, with: "Secret123456"
|
11
|
+
click_on "Continue"
|
12
|
+
|
13
|
+
assert_selector "h1", text: "Enter your password to continue"
|
14
|
+
end
|
15
|
+
|
16
|
+
def sign_in_as(<%= singular_table_name %>)
|
17
|
+
visit sign_in_url
|
18
|
+
fill_in :email, with: <%= singular_table_name %>.email
|
19
|
+
fill_in :password, with: "Secret123456"
|
20
|
+
click_on "Sign in"
|
21
|
+
|
22
|
+
assert_current_path root_path
|
23
|
+
return <%= singular_table_name %>
|
24
|
+
end
|
25
|
+
end
|
metadata
CHANGED
@@ -1,16 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authentication-zero
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nixon
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-02-
|
11
|
+
date: 2022-02-26 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
|
-
description:
|
13
|
+
description:
|
14
14
|
email:
|
15
15
|
- lazaronixon@hotmail.com
|
16
16
|
executables: []
|
@@ -37,12 +37,14 @@ files:
|
|
37
37
|
- lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
|
38
38
|
- lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
|
39
39
|
- lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
|
40
|
+
- lib/generators/authentication/templates/controllers/api/sudos_controller.rb.tt
|
40
41
|
- lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt
|
41
42
|
- lib/generators/authentication/templates/controllers/html/emails_controller.rb.tt
|
42
43
|
- lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
|
43
44
|
- lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
|
44
45
|
- lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
|
45
46
|
- lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
|
47
|
+
- lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt
|
46
48
|
- lib/generators/authentication/templates/erb/emails/edit.html.erb.tt
|
47
49
|
- lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt
|
48
50
|
- lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt
|
@@ -56,6 +58,7 @@ files:
|
|
56
58
|
- lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt
|
57
59
|
- lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
|
58
60
|
- lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
|
61
|
+
- lib/generators/authentication/templates/erb/sudos/new.html.erb.tt
|
59
62
|
- lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
|
60
63
|
- lib/generators/authentication/templates/mailers/session_mailer.rb.tt
|
61
64
|
- lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
|
@@ -69,18 +72,21 @@ files:
|
|
69
72
|
- lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt
|
70
73
|
- lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt
|
71
74
|
- lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt
|
75
|
+
- lib/generators/authentication/templates/test_unit/controllers/api/sudos_controller_test.rb.tt
|
72
76
|
- lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt
|
73
77
|
- lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt
|
74
78
|
- lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt
|
75
79
|
- lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt
|
76
80
|
- lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
|
77
81
|
- lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
|
82
|
+
- lib/generators/authentication/templates/test_unit/controllers/html/sudos_controller_test.rb.tt
|
78
83
|
- lib/generators/authentication/templates/test_unit/fixtures.yml.tt
|
79
84
|
- lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
|
80
85
|
- lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
|
81
86
|
- lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt
|
82
87
|
- lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
|
83
88
|
- lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
|
89
|
+
- lib/generators/authentication/templates/test_unit/system/sudos_test.rb.tt
|
84
90
|
homepage: https://github.com/lazaronixon/authentication-zero
|
85
91
|
licenses:
|
86
92
|
- MIT
|
@@ -88,7 +94,7 @@ metadata:
|
|
88
94
|
homepage_uri: https://github.com/lazaronixon/authentication-zero
|
89
95
|
source_code_uri: https://github.com/lazaronixon/authentication-zero
|
90
96
|
changelog_uri: https://github.com/lazaronixon/authentication-zero/blob/main/CHANGELOG.md
|
91
|
-
post_install_message:
|
97
|
+
post_install_message:
|
92
98
|
rdoc_options: []
|
93
99
|
require_paths:
|
94
100
|
- lib
|
@@ -103,8 +109,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
109
|
- !ruby/object:Gem::Version
|
104
110
|
version: '0'
|
105
111
|
requirements: []
|
106
|
-
rubygems_version: 3.
|
107
|
-
signing_key:
|
112
|
+
rubygems_version: 3.3.7
|
113
|
+
signing_key:
|
108
114
|
specification_version: 4
|
109
115
|
summary: An authentication system generator for Rails applications
|
110
116
|
test_files: []
|