authentication-zero 2.6.0 → 2.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1ace4c68009deb2e2a34a3320b53ee2c319d795efd0e22256164b27b774c10df
-  data.tar.gz: c54f843f81f32b9ad20876c6bc2a2aa6417cd493dfeeab67f30606d501c5e776
+  metadata.gz: '09e4e9fd6a0cb245624984f07b574c17264d6df4cdedd508372153d1d40a860e'
+  data.tar.gz: 1f86f6ffc7590ec45d3b3e9d64cb4fe8042e763b73024adb396c492a92ba7578
 SHA512:
-  metadata.gz: 51bea8df73af396e6aeff95c9d89649cec269a753b7e025efbde2ec4c1479b5083a275da54e68206b94a6589e9f86577f97a602bda02f424c2d610dc8d00c916
-  data.tar.gz: 7a779d25f193d024d466ced745649968e50b4cd54fd17a85cffa2cc47f3aec61ef46ba245ec1dc8b728a1d1b52713f108586e99779e77f5ecec0c895bddb300f
+  metadata.gz: 30975f47ce22d6d2ff68cfa17f79831295adfb0938eea4af111fa7d3bef0e7a1c2e35ca3918b8feb5ce874267ac8aae9e231fbcb5ca520b8c51f57da72a8ee30
+  data.tar.gz: 8aee14ca37ef8bdc460ddce3c15f4b785f587625655940752ec23844ee44492ca3026f0eb3769a1468d28af9af653eaf1d2754870a54d45a22d6310e9e89ea0e

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## Authentication Zero 2.8.0 (March 2, 2022) ##
+
+* Organize controllers in identity and sessions namespaces
+
+## Authentication Zero 2.7.0 (March 2, 2022) ##
+
+* Implemented omniauth
+
 ## Authentication Zero 2.6.0 (March 1, 2022) ##
 
 * Implemented ratelimit

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.6.0)
+    authentication-zero (2.8.1)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -11,15 +11,15 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Checks if a password has been found in any data breach (--pwned)
 - Authentication by cookie
 - Authentication by token (--api)
+- Social Login with OmniAuth (--omniauth)
 - Ask password before sensitive data changes, aka: sudo
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Lock sending reset password email after many attempts (--lockable)
 - Rate limiting for your app, 1000 reqs/hour (--ratelimit)
-- Send e-mail notification when your email has been changed
+- Send e-mail confirmation when your email has been changed
 - Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices
-- Cancel my account
 - Log out
 
 ## Security and best practices
@@ -62,21 +62,17 @@ Add these lines to your `app/views/home/index.html.erb`:
 <p>Signed as <%= Current.user.email %></p>
 
 <div>
-  <%= link_to "Change password", edit_password_path %>
+  <%= link_to "Change email address", edit_identity_email_path %>
 </div>
 
 <div>
-  <%= link_to "Change email address", edit_email_path %>
+  <%= link_to "Change password", edit_password_path %>
 </div>
 
 <div>
   <%= link_to "Devices & Sessions", sessions_path %>
 </div>
 
-<div>
-  <%= button_to "Cancel my account & delete my data", registration_path, method: :delete  %>
-</div>
-
 <br>
 
 <%= button_to "Log out", Current.session, method: :delete %>

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.6.0"
+  VERSION = "2.8.1"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -7,6 +7,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   class_option :pwned,     type: :boolean, desc: "Add pwned password validation"
   class_option :lockable,  type: :boolean, desc: "Add password reset locking"
   class_option :ratelimit, type: :boolean, desc: "Add request rate limiting"
+  class_option :omniauth,  type: :boolean, desc: "Add social login support"
 
   source_root File.expand_path("templates", __dir__)
 
@@ -14,18 +15,30 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     uncomment_lines "Gemfile", /"bcrypt"/
     uncomment_lines "Gemfile", /"redis"/  if options.lockable?
     uncomment_lines "Gemfile", /"kredis"/ if options.lockable?
-    gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]" if options.pwned?
-    gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests" if options.ratelimit?
+
+    if options.pwned?
+      gem "pwned", comment: "Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]"
+    end
+
+    if options.ratelimit?
+      gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
+    end
+
+    if omniauth?
+      gem "omniauth", comment: "Use OmniAuth to support multi-provider authentication [https://github.com/omniauth/omniauth]"
+      gem "omniauth-rails_csrf_protection", comment: "Provides a mitigation against CVE-2015-9284 [https://github.com/cookpad/omniauth-rails_csrf_protection]"
+    end
   end
 
   def create_configuration_files
      copy_file "config/redis/shared.yml", "config/redis/shared.yml" if options.lockable?
+     copy_file "config/initializers/omniauth.rb", "config/initializers/omniauth.rb" if omniauth?
   end
 
   def add_environment_configurations
      ratelimit_code = <<~CODE
       # Rate limit general requests by IP address in a rate of 1000 requests per hour
-      config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.hour], logger: Rails.logger, redis: Redis.new) { |env| ActionDispatch::Request.new(env).ip }
+      config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.hour], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
     CODE
 
     environment ratelimit_code, env: "production" if options.ratelimit?
@@ -34,6 +47,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_migrations
     migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
     migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
+    migration_template "migrations/add_omniauth_migration.rb", "#{db_migrate_path}/add_omniauth_to_#{table_name}.rb" if omniauth?
   end
 
   def create_models
@@ -81,7 +95,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
 
       def require_sudo
         if Current.session.sudo_at < 30.minutes.ago
-          redirect_to new_sudo_path(proceed_to_url: request.url)
+          redirect_to new_sessions_sudo_path(proceed_to_url: request.url)
         end
       end
     CODE
@@ -92,6 +106,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
 
   def create_controllers
     directory "controllers/#{format_folder}", "app/controllers"
+    template  "controllers/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauth?
   end
 
   def create_views
@@ -108,13 +123,18 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
 
   def add_routes
-    route "resource :sudo, only: [:new, :create]"
-    route "resource :registration, only: :destroy"
-    route "resource :password_reset, only: [:new, :edit, :create, :update]"
-    route "resource :password, only: [:edit, :update]"
-    route "resource :email_verification, only: [:edit, :create]"
-    route "resource :email, only: [:edit, :update]"
+    if omniauth?
+      route "post '/auth/:provider/callback', to: 'sessions/omniauth#create'"
+      route "get '/auth/:provider/callback', to: 'sessions/omniauth#create'"
+      route "get '/auth/failure', to: 'sessions/omniauth#failure'"
+    end
+
+    route "resource :password_reset, only: [:new, :edit, :create, :update]", namespace: :identity
+    route "resource :email_verification, only: [:edit, :create]", namespace: :identity
+    route "resource :email, only: [:edit, :update]", namespace: :identity
+    route "resource :sudo, only: [:new, :create]", namespace: :sessions
     route "resources :sessions, only: [:index, :show, :destroy]"
+    route "resource :password, only: [:edit, :update]"
     route "post 'sign_up', to: 'registrations#create'"
     route "get 'sign_up', to: 'registrations#new'" unless options.api?
     route "post 'sign_in', to: 'sessions#create'"
@@ -130,4 +150,8 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     def format_folder
       options.api? ? "api" : "html"
     end
+
+    def omniauth?
+      options.omniauth? && !options.api?
+    end
 end

data/lib/generators/authentication/templates/config/initializers/omniauth.rb

@@ -0,0 +1,3 @@
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :developer unless Rails.env.production? # You should replace it with your provider
+end

data/lib/generators/authentication/templates/controllers/api/{email_verifications_controller.rb.tt → identity/email_verifications_controller.rb.tt}

@@ -1,4 +1,4 @@
-class EmailVerificationsController < ApplicationController
+class Identity::EmailVerificationsController < ApplicationController
   skip_before_action :authenticate, only: :edit
 
   before_action :set_<%= singular_table_name %>, only: :edit

data/lib/generators/authentication/templates/controllers/api/{emails_controller.rb.tt → identity/emails_controller.rb.tt}

@@ -1,4 +1,4 @@
-class EmailsController < ApplicationController
+class Identity::EmailsController < ApplicationController
   before_action :require_sudo
   before_action :set_<%= singular_table_name %>
 

data/lib/generators/authentication/templates/controllers/api/{password_resets_controller.rb.tt → identity/password_resets_controller.rb.tt}

@@ -1,4 +1,4 @@
-class PasswordResetsController < ApplicationController
+class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
 <% if options.lockable? -%>

data/lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate, only: :create
+  skip_before_action :authenticate
 
   def create
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
@@ -11,10 +11,6 @@ class RegistrationsController < ApplicationController
     end
   end
 
-  def destroy
-    Current.<%= singular_table_name %>.destroy
-  end
-
   private
     def <%= "#{singular_table_name}_params" %>
       params.permit(:email, :password, :password_confirmation)

data/lib/generators/authentication/templates/controllers/api/{sudos_controller.rb.tt → sessions/sudos_controller.rb.tt}

@@ -1,4 +1,4 @@
-class SudosController < ApplicationController
+class Sessions::SudosController < ApplicationController
   def create
     session = Current.session
 

data/lib/generators/authentication/templates/controllers/html/{email_verifications_controller.rb.tt → identity/email_verifications_controller.rb.tt}

@@ -1,6 +1,6 @@
-class EmailVerificationsController < ApplicationController
+class Identity::EmailVerificationsController < ApplicationController
   skip_before_action :authenticate, only: :edit
-  
+
   before_action :set_<%= singular_table_name %>, only: :edit
 
   def edit
@@ -17,6 +17,6 @@ class EmailVerificationsController < ApplicationController
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.where(email: params[:email]).find_signed!(params[:token], purpose: params[:email])
     rescue
-      redirect_to edit_email_path, alert: "That email verification link is invalid"
+      redirect_to edit_identity_email_path, alert: "That email verification link is invalid"
     end
 end

data/lib/generators/authentication/templates/controllers/html/{emails_controller.rb.tt → identity/emails_controller.rb.tt}

@@ -1,4 +1,4 @@
-class EmailsController < ApplicationController
+class Identity::EmailsController < ApplicationController
   before_action :require_sudo
   before_action :set_<%= singular_table_name %>
 

data/lib/generators/authentication/templates/controllers/html/{password_resets_controller.rb.tt → identity/password_resets_controller.rb.tt}

@@ -1,4 +1,4 @@
-class PasswordResetsController < ApplicationController
+class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
 <% if options.lockable? -%>
@@ -17,7 +17,7 @@ class PasswordResetsController < ApplicationController
       IdentityMailer.with(<%= singular_table_name %>: @<%= singular_table_name %>).password_reset_provision.deliver_later
       redirect_to sign_in_path, notice: "Check your email for reset instructions"
     else
-      redirect_to new_password_reset_path, alert: "You can't reset your password until you verify your email"
+      redirect_to new_identity_password_reset_path, alert: "You can't reset your password until you verify your email"
     end
   end
 
@@ -33,7 +33,7 @@ class PasswordResetsController < ApplicationController
     def set_<%= singular_table_name %>
       @<%= singular_table_name %> = <%= class_name %>.find_signed!(params[:token], purpose: :password_reset)
     rescue
-      redirect_to new_password_reset_path, alert: "That password reset link is invalid"
+      redirect_to new_identity_password_reset_path, alert: "That password reset link is invalid"
     end
 
     def <%= "#{singular_table_name}_params" %>
@@ -42,7 +42,7 @@ class PasswordResetsController < ApplicationController
 <% if options.lockable? %>
     def require_locking
       Locking.lock_on("password_reset_lock:#{request.remote_ip}", wait: 1.hour, attempts: 10) do
-        redirect_to new_password_reset_path, alert: "You've exceeded the maximum number of attempts"
+        redirect_to new_identity_password_reset_path, alert: "You've exceeded the maximum number of attempts"
       end
     end
 <% end -%>

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt

@@ -1,5 +1,5 @@
 class RegistrationsController < ApplicationController
-  skip_before_action :authenticate, only: %i[ new create ]
+  skip_before_action :authenticate
 
   def new
     @<%= singular_table_name %> = <%= class_name %>.new
@@ -18,10 +18,6 @@ class RegistrationsController < ApplicationController
     end
   end
 
-  def destroy
-    Current.<%= singular_table_name %>.destroy; redirect_to(sign_in_path, notice: "Your account is closed")
-  end
-
   private
     def <%= "#{singular_table_name}_params" %>
       params.require(:<%= singular_table_name %>).permit(:email, :password, :password_confirmation)

data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt

@@ -0,0 +1,18 @@
+class Sessions::SudosController < ApplicationController
+  def new
+  end
+
+  def create
+    session = Current.session
+
+<% if options.omniauth? -%>
+    if session.<%= singular_table_name %>.authenticate(params[:password]) || session.<%= singular_table_name %>.provider
+<% else -%>
+    if session.<%= singular_table_name %>.authenticate(params[:password])
+<% end -%>
+      session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
+    else
+      redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
+    end
+  end
+end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt

@@ -25,8 +25,7 @@ class SessionsController < ApplicationController
   end
 
   def destroy
-    @session.destroy
-    redirect_to sessions_path, notice: "That session has been logged out"
+    @session.destroy; redirect_to(sessions_path, notice: "That session has been logged out")
   end
 
   private

data/lib/generators/authentication/templates/controllers/omniauth_controller.rb.tt

@@ -0,0 +1,38 @@
+class Sessions::OmniauthController < ApplicationController
+  skip_before_action :verify_authenticity_token
+  skip_before_action :authenticate
+
+  def create
+    @<%= singular_table_name %> = <%= class_name %>.where(omniauth_params).first_or_initialize(<%= "#{singular_table_name}_params" %>)
+
+    if @<%= singular_table_name %>.save
+      session = @<%= singular_table_name %>.sessions.create!(session_params)
+      cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
+
+      redirect_to root_path, notice: "Signed in successfully"
+    else
+      redirect_to sign_in_path, alert: "Authentication failed"
+    end
+  end
+
+  def failure
+    redirect_to sign_in_path, alert: params[:message]
+  end
+
+  private
+    def omniauth_params
+      { provider: omniauth.provider, uid: omniauth.uid }
+    end
+
+    def <%= "#{singular_table_name}_params" %>
+      { email: omniauth.info.email, password: SecureRandom::base58, verified: true }
+    end
+
+    def session_params
+      { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
+    end
+
+    def omniauth
+      request.env["omniauth.auth"]
+    end
+end

data/lib/generators/authentication/templates/erb/{emails → identity/emails}/edit.html.erb.tt

@@ -5,10 +5,10 @@
 <%% else %>
   <h1>Verify your email</h1>
   <p>We sent a verification email to the address below. Check that email and follow those instructions to confirm it's your email address.</p>
-  <p><%%= button_to "Re-send verification email", email_verification_path %></p>
+  <p><%%= button_to "Re-send verification email", identity_email_verification_path %></p>
 <%% end %>
 
-<%%= form_with(model: @<%= model_resource_name %>, url: email_path) do |form| %>
+<%%= form_with(model: @<%= model_resource_name %>, url: identity_email_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/{password_resets → identity/password_resets}/edit.html.erb.tt

@@ -1,6 +1,6 @@
 <h1>Reset your password</h1>
 
-<%%= form_with(model: @<%= model_resource_name %>, url: password_reset_path) do |form| %>
+<%%= form_with(model: @<%= model_resource_name %>, url: identity_password_reset_path) do |form| %>
   <%% if @<%= singular_table_name %>.errors.any? %>
     <div style="color: red">
       <h2><%%= pluralize(@<%= singular_table_name %>.errors.count, "error") %> prohibited this <%= singular_table_name %> from being saved:</h2>

data/lib/generators/authentication/templates/erb/{password_resets → identity/password_resets}/new.html.erb.tt

@@ -2,7 +2,7 @@
 
 <h1>Forgot your password?</h1>
 
-<%%= form_with(url: password_reset_path) do |form| %>
+<%%= form_with(url: identity_password_reset_path) do |form| %>
   <div>
     <%%= form.label :email, style: "display: block" %>
     <%%= form.email_field :email, autofocus: true, required: true %>

data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt

@@ -4,7 +4,7 @@
 
 <p><strong>You must hit the link below to confirm that you received this email.</strong></p>
 
-<%%= link_to "Yes, use this email for my account", edit_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
+<%%= link_to "Yes, use this email for my account", edit_identity_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
 
 <hr>
 

data/lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt

@@ -4,6 +4,6 @@ This is to confirm that <%%= @<%= singular_table_name %>.email %> is the email y
 
 You must hit the link below to confirm that you received this email.
 
-[Yes, use this email for my account]<%%= edit_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
+[Yes, use this email for my account]<%%= edit_identity_email_verification_url(token: @signed_id, email: @<%= singular_table_name %>.email) %>
 
 Have questions or need help? Just reply to this email and our support team will help you sort it out.

data/lib/generators/authentication/templates/erb/identity_mailer/password_reset_provision.html.erb.tt

@@ -2,7 +2,7 @@
 
 <p>Can't remember your password for <strong><%%= @<%= singular_table_name %>.email %></strong>? That's OK, it happens. Just hit the link below to set a new one.</p>
 
-<p><%%= link_to "Reset my password", edit_password_reset_url(token: @signed_id) %></p>
+<p><%%= link_to "Reset my password", edit_identity_password_reset_url(token: @signed_id) %></p>
 
 <p>If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.</p>
 

data/lib/generators/authentication/templates/erb/identity_mailer/password_reset_provision.text.erb.tt

@@ -2,7 +2,7 @@ Hey there,
 
 Can't remember your password for <%%= @<%= singular_table_name %>.email %>? That's OK, it happens. Just hit the link below to set a new one.
 
-[Reset my password]<%%= edit_password_reset_url(token: @signed_id) %>
+[Reset my password]<%%= edit_identity_password_reset_url(token: @signed_id) %>
 
 If you did not request a password reset you can safely ignore this email, it expires in 20 minutes. Only someone with access to this email account can reset your password.
 

data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt

@@ -12,7 +12,7 @@
 
 <p><strong>If this was you, carry on.</strong> We could notify you about sign-ins from this device again.</p>
 
-<p><strong>If you don't recognize this device</strong>, someone else may have accessed your account. You should immediately <%%= link_to "change your password", new_password_reset_url %>.</p>
+<p><strong>If you don't recognize this device</strong>, someone else may have accessed your account. You should immediately <%%= link_to "change your password", new_identity_password_reset_url %>.</p>
 
 <p><strong>Tip:</strong> It's a good idea to periodically review all of the <%%= link_to "devices and sessions", sessions_url %> in your account for suspicious activity.</p>
 

data/lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt

@@ -10,7 +10,7 @@ A new device just signed in to your account (<%%= @session.<%= singular_table_na
 
 If this was you, carry on. We could notify you about sign-ins from this device again.
 
-If you don't recognize this device, someone else may have accessed your account. You should immediately [change your password]<%%= new_password_reset_url %>.
+If you don't recognize this device, someone else may have accessed your account. You should immediately [change your password]<%%= new_identity_password_reset_url %>.
 
 Tip: It's a good idea to periodically review all of the [devices and sessions]<%%= sessions_url %> in your account for suspicious activity.
 

data/lib/generators/authentication/templates/erb/sessions/new.html.erb.tt

@@ -18,10 +18,15 @@
     <%%= form.submit "Sign in" %>
   </div>
 <%% end %>
+<% if options.omniauth? %>
+<div>
+  <%%= button_to "Sign in with OmniAuth", "/auth/developer", "data-turbo" => false %>
+</div>
+<% end -%>
 
 <br>
 
 <div>
   <%%= link_to "Sign up", sign_up_path %> |
-  <%%= link_to "Forgot your password?", new_password_reset_path %>
+  <%%= link_to "Forgot your password?", new_identity_password_reset_path %>
 </div>

data/lib/generators/authentication/templates/erb/{sudos → sessions/sudos}/new.html.erb.tt

@@ -2,7 +2,7 @@
 
 <h1>Enter your password to continue</h1>
 
-<%%= form_with(url: sudo_path) do |form| %>
+<%%= form_with(url: sessions_sudo_path) do |form| %>
 
   <%%= hidden_field_tag :proceed_to_url, params[:proceed_to_url] %>
 
@@ -24,5 +24,5 @@
 
 <p>
   <strong>Forgot your password?</strong><br>
-  We'll help you <%%= link_to "reset it", new_password_reset_path %> so you can continue.
+  We'll help you <%%= link_to "reset it", new_identity_password_reset_path %> so you can continue.
 </p>

data/lib/generators/authentication/templates/mailers/identity_mailer.rb.tt

@@ -8,7 +8,7 @@ class IdentityMailer < ApplicationMailer
 
   def email_verify_confirmation
     @<%= singular_table_name %> = params[:<%= singular_table_name %>]
-    @signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 3.days)
+    @signed_id = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 2.days)
 
     mail to: @<%= singular_table_name %>.email, subject: "Verify your email"
   end

data/lib/generators/authentication/templates/migrations/add_omniauth_migration.rb.tt

@@ -0,0 +1,8 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    add_column :<%= table_name %>, :provider, :string
+    add_column :<%= table_name %>, :uid, :string
+  end
+
+  add_index :<%= table_name %>, [:provider, :uid], unique: true
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/{email_verifications_controller_test.rb.tt → identity/email_verifications_controller_test.rb.tt}

@@ -1,6 +1,6 @@
 require "test_helper"
 
-class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
+class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
     @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
@@ -11,19 +11,19 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
 
   test "should send a verification email" do
     assert_enqueued_email_with IdentityMailer, :email_verify_confirmation, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
-      post email_verification_url, headers: { "Authorization" => "Bearer #{@token}" }
+      post identity_email_verification_url, headers: { "Authorization" => "Bearer #{@token}" }
     end
 
     assert_response :no_content
   end
 
   test "should verify email" do
-    get edit_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :no_content
   end
 
   test "should not verify email with expired token" do
-    get edit_email_verification_url, params: { token: @sid_exp, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    get edit_identity_email_verification_url, params: { token: @sid_exp, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
 
     assert_response :bad_request
     assert_equal "That email verification link is invalid", response.parsed_body["error"]
@@ -32,7 +32,7 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   test "should not verify email with previous token" do
     @<%= singular_table_name %>.update! email: "other_email@hey.com"
 
-    get edit_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
+    get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
 
     assert_response :bad_request
     assert_equal "That email verification link is invalid", response.parsed_body["error"]

data/lib/generators/authentication/templates/test_unit/controllers/api/{emails_controller_test.rb.tt → identity/emails_controller_test.rb.tt}

@@ -1,19 +1,19 @@
 require "test_helper"
 
-class EmailsControllerTest < ActionDispatch::IntegrationTest
+class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
   end
 
   test "should update email" do
-    patch email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
+    patch identity_email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :success
   end
 
   test "should not update email without sudo" do
     @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
 
-    patch email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
+    patch identity_email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
 
     assert_response :forbidden
     assert_equal "Enter your password to continue", response.parsed_body["error"]

data/lib/generators/authentication/templates/test_unit/controllers/api/{password_resets_controller_test.rb.tt → identity/password_resets_controller_test.rb.tt}

@@ -1,6 +1,6 @@
 require "test_helper"
 
-class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
+class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
@@ -12,7 +12,7 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
 
   test "should send a password reset email" do
     assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
-      post password_reset_url, params: { email: @<%= singular_table_name %>.email }
+      post identity_password_reset_url, params: { email: @<%= singular_table_name %>.email }
     end
 
     assert_response :no_content
@@ -20,7 +20,7 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
 
   test "should not send a password reset email to a nonexistent email" do
     assert_no_enqueued_emails do
-      post password_reset_url, params: { email: "invalid_email@hey.com" }
+      post identity_password_reset_url, params: { email: "invalid_email@hey.com" }
     end
 
     assert_response :not_found
@@ -31,7 +31,7 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @<%= singular_table_name %>.update! verified: false
 
     assert_no_enqueued_emails do
-      post password_reset_url, params: { email: @<%= singular_table_name %>.email }
+      post identity_password_reset_url, params: { email: @<%= singular_table_name %>.email }
     end
 
     assert_response :not_found
@@ -39,12 +39,12 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
   end
 
   test "should update password" do
-    patch password_reset_url, params: { token: @sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
+    patch identity_password_reset_url, params: { token: @sid, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
     assert_response :success
   end
 
   test "should not update password with expired token" do
-    patch password_reset_url, params: { token: @sid_exp, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
+    patch identity_password_reset_url, params: { token: @sid_exp, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
 
     assert_response :bad_request
     assert_equal "That password reset link is invalid", response.parsed_body["error"]

data/lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt

@@ -8,18 +8,4 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
 
     assert_response :created
   end
-
-  test "should destroy account" do
-    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-
-    assert_difference("<%= class_name %>.count", -1) do
-      delete registration_url, headers: { "Authorization" => "Bearer #{@token}" }
-    end
-
-    assert_response :no_content
-  end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "App iOS" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/{sudos_controller_test.rb.tt → sessions/sudos_controller_test.rb.tt}

@@ -1,18 +1,18 @@
 require "test_helper"
 
-class SudosControllerTest < ActionDispatch::IntegrationTest
+class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
     @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
   end
 
   test "should sudo" do
-    post sudo_url, params: { password: "Secret1*3*5*" }, headers: { "Authorization" => "Bearer #{@token}" }
+    post sessions_sudo_url, params: { password: "Secret1*3*5*" }, headers: { "Authorization" => "Bearer #{@token}" }
     assert_response :no_content
   end
 
   test "should not sudo with wrong password" do
-    post sudo_url, params: { password: "SecretWrong1*3" }, headers: { "Authorization" => "Bearer #{@token}" }
+    post sessions_sudo_url, params: { password: "SecretWrong1*3" }, headers: { "Authorization" => "Bearer #{@token}" }
 
     assert_response :bad_request
     assert_equal "The password you entered is incorrect", response.parsed_body["error"]

data/lib/generators/authentication/templates/test_unit/controllers/html/{email_verifications_controller_test.rb.tt → identity/email_verifications_controller_test.rb.tt}

@@ -1,6 +1,6 @@
 require "test_helper"
 
-class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
+class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
     @sid = @<%= singular_table_name %>.signed_id(purpose: @<%= singular_table_name %>.email, expires_in: 20.minutes)
@@ -11,30 +11,30 @@ class EmailVerificationsControllerTest < ActionDispatch::IntegrationTest
 
   test "should send a verification email" do
     assert_enqueued_email_with IdentityMailer, :email_verify_confirmation, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
-      post email_verification_url
+      post identity_email_verification_url
     end
 
-    assert_redirected_to root_path
+    assert_redirected_to root_url
   end
 
   test "should verify email" do
-    get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email)
-    assert_redirected_to root_path
+    get edit_identity_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email)
+    assert_redirected_to root_url
   end
 
   test "should not verify email with expired token" do
-    get edit_email_verification_url(token: @sid_exp, email: @<%= singular_table_name %>.email)
+    get edit_identity_email_verification_url(token: @sid_exp, email: @<%= singular_table_name %>.email)
 
-    assert_redirected_to edit_email_path
+    assert_redirected_to edit_identity_email_url
     assert_equal "That email verification link is invalid", flash[:alert]
   end
 
   test "should not verify email with previous token" do
     @<%= singular_table_name %>.update! email: "other_email@hey.com"
 
-    get edit_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
+    get edit_identity_email_verification_url(token: @sid, email: @<%= singular_table_name %>.email_previously_was)
 
-    assert_redirected_to edit_email_path
+    assert_redirected_to edit_identity_email_url
     assert_equal "That email verification link is invalid", flash[:alert]
   end
 

data/lib/generators/authentication/templates/test_unit/controllers/html/{emails_controller_test.rb.tt → identity/emails_controller_test.rb.tt}

@@ -1,32 +1,32 @@
 require "test_helper"
 
-class EmailsControllerTest < ActionDispatch::IntegrationTest
+class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
   end
 
   test "should get edit" do
-    get edit_email_url
+    get edit_identity_email_url
     assert_response :success
   end
 
   test "should not get edit without sudo" do
     @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
 
-    get edit_email_url
-    assert_redirected_to new_sudo_path(proceed_to_url: edit_email_url)
+    get edit_identity_email_url
+    assert_redirected_to new_sessions_sudo_url(proceed_to_url: edit_identity_email_url)
   end
 
   test "should update email" do
-    patch email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
-    assert_redirected_to root_path
+    patch identity_email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    assert_redirected_to root_url
   end
 
   test "should not update email without sudo" do
     @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
 
-    patch email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
-    assert_redirected_to new_sudo_path(proceed_to_url: email_url)
+    patch identity_email_url, params: { <%= singular_table_name %>: { email: "new_email@hey.com" } }
+    assert_redirected_to new_sessions_sudo_url(proceed_to_url: identity_email_url)
   end
 
   def sign_in_as(<%= singular_table_name %>)

data/lib/generators/authentication/templates/test_unit/controllers/html/{password_resets_controller_test.rb.tt → identity/password_resets_controller_test.rb.tt}

@@ -1,6 +1,6 @@
 require "test_helper"
 
-class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
+class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
@@ -11,29 +11,29 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
 <% end -%>
 
   test "should get new" do
-    get new_password_reset_url
+    get new_identity_password_reset_url
     assert_response :success
   end
 
   test "should get edit" do
-    get edit_password_reset_url(token: @sid)
+    get edit_identity_password_reset_url(token: @sid)
     assert_response :success
   end
 
   test "should send a password reset email" do
     assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
-      post password_reset_url, params: { email: @<%= singular_table_name %>.email }
+      post identity_password_reset_url, params: { email: @<%= singular_table_name %>.email }
     end
 
-    assert_redirected_to sign_in_path
+    assert_redirected_to sign_in_url
   end
 
   test "should not send a password reset email to a nonexistent email" do
     assert_no_enqueued_emails do
-      post password_reset_url, params: { email: "invalid_email@hey.com" }
+      post identity_password_reset_url, params: { email: "invalid_email@hey.com" }
     end
 
-    assert_redirected_to new_password_reset_url
+    assert_redirected_to new_identity_password_reset_url
     assert_equal "You can't reset your password until you verify your email", flash[:alert]
   end
 
@@ -41,22 +41,22 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @<%= singular_table_name %>.update! verified: false
 
     assert_no_enqueued_emails do
-      post password_reset_url, params: { email: @<%= singular_table_name %>.email }
+      post identity_password_reset_url, params: { email: @<%= singular_table_name %>.email }
     end
 
-    assert_redirected_to new_password_reset_url
+    assert_redirected_to new_identity_password_reset_url
     assert_equal "You can't reset your password until you verify your email", flash[:alert]
   end
 
   test "should update password" do
-    patch password_reset_url, params: { token: @sid, <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
-    assert_redirected_to sign_in_path
+    patch identity_password_reset_url, params: { token: @sid, <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
+    assert_redirected_to sign_in_url
   end
 
   test "should not update password with expired token" do
-    patch password_reset_url, params: { token: @sid_exp, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
+    patch identity_password_reset_url, params: { token: @sid_exp, password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }
 
-    assert_redirected_to new_password_reset_path
+    assert_redirected_to new_identity_password_reset_url
     assert_equal "That password reset link is invalid", flash[:alert]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt

@@ -12,13 +12,13 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
 
   test "should update password" do
     patch password_url, params: { current_password: "Secret1*3*5*", <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
-    assert_redirected_to root_path
+    assert_redirected_to root_url
   end
 
   test "should not update password with wrong current password" do
     patch password_url, params: { current_password: "SecretWrong1*3", <%= singular_table_name %>: { password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" } }
 
-    assert_redirected_to edit_password_path
+    assert_redirected_to edit_password_url
     assert_equal "The current password you entered is incorrect", flash[:alert]
   end
 

data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt

@@ -13,18 +13,4 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
 
     assert_redirected_to root_url
   end
-
-  test "should destroy account" do
-    sign_in_as <%= table_name %>(:lazaro_nixon)
-
-    assert_difference("<%= class_name %>.count", -1) do
-      delete registration_path
-    end
-
-    assert_redirected_to sign_in_url
-  end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }); <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/{sudos_controller_test.rb.tt → sessions/sudos_controller_test.rb.tt}

@@ -1,23 +1,23 @@
 require "test_helper"
 
-class SudosControllerTest < ActionDispatch::IntegrationTest
+class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
   end
 
   test "should get new" do
-    get new_sudo_url(proceed_to_url: edit_password_url)
+    get new_sessions_sudo_url(proceed_to_url: edit_password_url)
     assert_response :success
   end
 
   test "should sudo" do
-    post sudo_url, params: { password: "Secret1*3*5*", proceed_to_url: edit_password_url }
+    post sessions_sudo_url, params: { password: "Secret1*3*5*", proceed_to_url: edit_password_url }
     assert_redirected_to edit_password_url
   end
 
   test "should not sudo with wrong password" do
-    post sudo_url, params: { password: "SecretWrong1*3", proceed_to_url: edit_password_url }
-    assert_redirected_to new_sudo_url(proceed_to_url: edit_password_url)
+    post sessions_sudo_url, params: { password: "SecretWrong1*3", proceed_to_url: edit_password_url }
+    assert_redirected_to new_sessions_sudo_url(proceed_to_url: edit_password_url)
   end
 
   def sign_in_as(<%= singular_table_name %>)

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt

@@ -33,17 +33,17 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
     assert_equal "That email or password is incorrect", flash[:alert]
 
     get root_url
-    assert_redirected_to sign_in_path
+    assert_redirected_to sign_in_url
   end
 
   test "should sign out" do
     sign_in_as @<%= singular_table_name %>
 
     delete session_url(@<%= singular_table_name %>.sessions.last)
-    assert_redirected_to sessions_path
+    assert_redirected_to sessions_url
 
     follow_redirect!
-    assert_redirected_to sign_in_path
+    assert_redirected_to sign_in_url
   end
 
   def sign_in_as(<%= singular_table_name %>)

data/lib/generators/authentication/templates/test_unit/system/{emails_test.rb.tt → identity/emails_test.rb.tt}

@@ -1,6 +1,6 @@
 require "application_system_test_case"
 
-class EmailsTest < ApplicationSystemTestCase
+class Identity::EmailsTest < ApplicationSystemTestCase
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
   end
@@ -29,7 +29,7 @@ class EmailsTest < ApplicationSystemTestCase
     fill_in :password, with: "Secret1*3*5*"
     click_on "Sign in"
 
-    assert_current_path root_path
+    assert_current_path root_url
     return <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/system/{password_resets_test.rb.tt → identity/password_resets_test.rb.tt}

@@ -1,6 +1,6 @@
 require "application_system_test_case"
 
-class PasswordResetsTest < ApplicationSystemTestCase
+class Identity::PasswordResetsTest < ApplicationSystemTestCase
   setup do
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
@@ -20,7 +20,7 @@ class PasswordResetsTest < ApplicationSystemTestCase
   end
 
   test "updating password" do
-    visit edit_password_reset_url(token: @sid)
+    visit edit_identity_password_reset_url(token: @sid)
 
     fill_in "New password", with: "Secret6*4*2*"
     fill_in "Confirm new password", with: "Secret6*4*2*"

data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt

@@ -22,7 +22,7 @@ class PasswordsTest < ApplicationSystemTestCase
     fill_in :password, with: "Secret1*3*5*"
     click_on "Sign in"
 
-    assert_current_path root_path
+    assert_current_path root_url
     return <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt

@@ -1,10 +1,6 @@
 require "application_system_test_case"
 
 class RegistrationsTest < ApplicationSystemTestCase
-  setup do
-    @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
-  end
-
   test "signing up" do
     visit sign_up_url
 
@@ -15,21 +11,4 @@ class RegistrationsTest < ApplicationSystemTestCase
 
     assert_text "Welcome! You have signed up successfully"
   end
-
-  test "cancelling my account" do
-    sign_in_as @<%= singular_table_name %>
-
-    click_on "Cancel my account & delete my data"
-    assert_text "Your account is closed"
-  end
-
-  def sign_in_as(<%= singular_table_name %>)
-    visit sign_in_url
-    fill_in :email, with: <%= singular_table_name %>.email
-    fill_in :password, with: "Secret1*3*5*"
-    click_on "Sign in"
-
-    assert_current_path root_path
-    return <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/system/{sudos_test.rb.tt → sessions/sudos_test.rb.tt}

@@ -1,12 +1,12 @@
 require "application_system_test_case"
 
-class SudosTest < ApplicationSystemTestCase
+class Sessions::SudosTest < ApplicationSystemTestCase
   setup do
     @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
   end
 
   test "executing sudo" do
-    visit new_sudo_url(proceed_to_url: edit_password_url)
+    visit new_sessions_sudo_url(proceed_to_url: edit_password_url)
     fill_in :password, with: "Secret1*3*5*"
     click_on "Continue"
 
@@ -19,7 +19,7 @@ class SudosTest < ApplicationSystemTestCase
     fill_in :password, with: "Secret1*3*5*"
     click_on "Sign in"
 
-    assert_current_path root_path
+    assert_current_path root_url
     return <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt

@@ -27,7 +27,7 @@ class SessionsTest < ApplicationSystemTestCase
     fill_in :password, with: "Secret1*3*5*"
     click_on "Sign in"
 
-    assert_current_path root_path
+    assert_current_path root_url
     return <%= singular_table_name %>
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.6.0
+  version: 2.8.1
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-01 00:00:00.000000000 Z
+date: 2022-03-03 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -32,64 +32,67 @@ files:
 - lib/authentication_zero/version.rb
 - lib/generators/authentication/USAGE
 - lib/generators/authentication/authentication_generator.rb
+- lib/generators/authentication/templates/config/initializers/omniauth.rb
 - lib/generators/authentication/templates/config/redis/shared.yml
-- lib/generators/authentication/templates/controllers/api/email_verifications_controller.rb.tt
-- lib/generators/authentication/templates/controllers/api/emails_controller.rb.tt
-- lib/generators/authentication/templates/controllers/api/password_resets_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/passwords_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
-- lib/generators/authentication/templates/controllers/api/sudos_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/email_verifications_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/emails_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/password_resets_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/identity/email_verifications_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
-- lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt
-- lib/generators/authentication/templates/erb/emails/edit.html.erb.tt
+- lib/generators/authentication/templates/controllers/omniauth_controller.rb.tt
+- lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt
+- lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt
+- lib/generators/authentication/templates/erb/identity/password_resets/new.html.erb.tt
 - lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.html.erb.tt
 - lib/generators/authentication/templates/erb/identity_mailer/email_verify_confirmation.text.erb.tt
 - lib/generators/authentication/templates/erb/identity_mailer/password_reset_provision.html.erb.tt
 - lib/generators/authentication/templates/erb/identity_mailer/password_reset_provision.text.erb.tt
-- lib/generators/authentication/templates/erb/password_resets/edit.html.erb.tt
-- lib/generators/authentication/templates/erb/password_resets/new.html.erb.tt
 - lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/registrations/new.html.erb.tt
 - lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.html.erb.tt
 - lib/generators/authentication/templates/erb/session_mailer/signed_in_notification.text.erb.tt
 - lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
-- lib/generators/authentication/templates/erb/sudos/new.html.erb.tt
+- lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt
 - lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/session_mailer.rb.tt
+- lib/generators/authentication/templates/migrations/add_omniauth_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_table_migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
 - lib/generators/authentication/templates/models/locking.rb.tt
 - lib/generators/authentication/templates/models/model.rb.tt
 - lib/generators/authentication/templates/models/session.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/api/email_verifications_controller_test.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/api/emails_controller_test.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/api/password_resets_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/api/sessions/sudos_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/api/sudos_controller_test.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/html/email_verifications_controller_test.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/html/emails_controller_test.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/html/password_resets_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
+- lib/generators/authentication/templates/test_unit/controllers/html/sessions/sudos_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/html/sudos_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/fixtures.yml.tt
-- lib/generators/authentication/templates/test_unit/system/emails_test.rb.tt
-- lib/generators/authentication/templates/test_unit/system/password_resets_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
+- lib/generators/authentication/templates/test_unit/system/sessions/sudos_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
-- lib/generators/authentication/templates/test_unit/system/sudos_test.rb.tt
 homepage: https://github.com/lazaronixon/authentication-zero
 licenses:
 - MIT

data/lib/generators/authentication/templates/controllers/html/sudos_controller.rb.tt

@@ -1,14 +0,0 @@
-class SudosController < ApplicationController
-  def new
-  end
-
-  def create
-    session = Current.session
-
-    if session.<%= singular_table_name %>.authenticate(params[:password])
-      session.update!(sudo_at: Time.current); redirect_to(params[:proceed_to_url])
-    else
-      redirect_to new_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
-    end
-  end
-end