authentication-zero 2.8.4 → 2.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bfa3da3a6167d405cd7869b9cb90f7c61eee5ef1d03475d079d72362a3bedf04
-  data.tar.gz: 3775ac3bd3fb334134618c9cbc8b32c25a5a3940246a554592e74415383de72b
+  metadata.gz: 1eb8eb320cf8198e9afebf59fd2365b2683e3b52840d8d455876a11b208e243c
+  data.tar.gz: 3bc190759683e6e647a597bdb57e09e69243901a3390c401e09eac72ada96726
 SHA512:
-  metadata.gz: 4b596006ad41a57e3c3e54d21393ae2ceae9b21b36a11666f0988b2d59bda944c499d599074ced369cedbdb5cde98fc831f97691a3274d3467596904a7f2022c
-  data.tar.gz: 7096373b36cf3c9dead056e3d0584f4e44eb97b6efa353e0b3a7f9399620eb59aa3c298e5016aef38138508c9e01d4d1c1e99d4918730e6f9d3eda0b8e035a6a
+  metadata.gz: 0c2996c6cf6779c22442f7155025bb99a470f26a0dc23218aea96f413fd5ae85a1ffdebd796922b77a09f60a833c4a0bb72bc9e964f5c0695066cf4074c3f4e9
+  data.tar.gz: 8cbf3eb8525e08fc10a5c00a88e1a82d928a107c969e7b6f4e65789d0db1d79b3a19369331f914b5baf439230a6b0e246287f6875f1f4ab7d57c4f470e96c0a0

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## Authentication Zero 2.9.0 (March 2, 2022) ##
+
+* Implement trackable
+
 ## Authentication Zero 2.8.0 (March 2, 2022) ##
 
 * Organize controllers in identity and sessions namespaces

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (2.8.4)
+    authentication-zero (2.9.2)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -20,7 +20,9 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 - Send e-mail confirmation when your email has been changed
 - Send e-mail notification when someone has logged into your account
 - Manage multiple sessions & devices
+- Activity log (--trackable)
 - Log out
+- [API documentation](https://github.com/lazaronixon/authentication-zero/blob/master/authentication-zero-api.md)
 
 ## Security and best practices
 
@@ -73,6 +75,10 @@ Add these lines to your `app/views/home/index.html.erb`:
   <%= link_to "Devices & Sessions", sessions_path %>
 </div>
 
+<div>
+  <%# link_to "Activity Log", authentications_events_path %>
+</div>
+
 <br>
 
 <%= button_to "Log out", Current.session, method: :delete %>

data/authentication-zero-api.md

@@ -0,0 +1,210 @@
+# Authentication Zero API
+
+This document describe the api endpoints available in authentication-zero.
+
+## Making a request
+
+To make a sign in request for example, append sign_in to the base URL to form something like http://localhost:3000/sign_in, also notice you have to include the Content-Type header and the JSON data: In cURL, it looks like this:
+
+``` shell
+curl -H "Authorization: Bearer $ACCESS_TOKEN" \
+  -H 'Content-Type: application/json' \
+  -H 'User-Agent: MyApp (yourname@example.com)' \
+  -d '{ "email": "lazaronixon@hotmail.com", "password": "secret", "password_confirmation": "secret" }' \
+  http://localhost:3000/sign_in
+```
+
+## API endpoints
+
+- [Sign up](#sign-up)
+- [Sign in](#sign-in)
+- [Get your sessions](#get-your-sessions)
+- [Get a session](#get-a-session)
+- [Destroy a session](#destroy-a-session)
+- [Execute sudo](#execute-sudo)
+- [Update your password](#update-your-password)
+- [Update your email](#update-your-email)
+- [Send verification email](#send-verification-email)
+- [Verify email](#verify-email)
+- [Send password reset email](#send-password-reset-email)
+- [Reset password](#reset-password)
+
+## Registrations
+
+### Sign up
+
+* `POST /sign_up` creates a user on database.
+
+###### Example JSON Request
+
+``` json
+{
+  "email": "lazaronixon@hotmail.com",
+  "password": "Secret1*2*3*4*5*6",
+  "password_confirmation": "Secret1*2*3*4*5*6"
+}
+```
+
+This endpoint will return `201 Created` with the current JSON representation of the user if the creation was a success.
+
+## Sessions
+
+### Sign in
+
+* `POST /sign_in` creates a session on database.
+
+###### Example JSON Request
+
+``` json
+{
+  "email": "lazaronixon@hotmail.com",
+  "password": "Secret1*2*3*4*5*6"
+}
+```
+
+This endpoint will return `201 Created` with the current JSON representation of the session if the creation was a success, also you will receive a `X-Session-Token` that you will use as your authorization token.
+
+
+### Get your sessions
+
+* `GET /sessions` will return a list of sessions.
+
+###### Example JSON Response
+
+``` json
+[
+  {
+    "id": 2,
+    "user_id": 1,
+    "user_agent": "insomnia/2022.1.0",
+    "ip_address": "127.0.0.1",
+    "sudo_at": "2022-03-04T17:20:33.632Z",
+    "created_at": "2022-03-04T17:20:33.632Z",
+    "updated_at": "2022-03-04T17:20:33.632Z"
+  },
+  {
+    "id": 1,
+    "user_id": 1,
+    "user_agent": "insomnia/2022.1.0",
+    "ip_address": "127.0.0.1",
+    "sudo_at": "2022-03-04T17:14:03.386Z",
+    "created_at": "2022-03-04T17:14:03.386Z",
+    "updated_at": "2022-03-04T17:14:03.386Z"
+  }
+]
+```
+
+### Get a session
+
+* `GET /sessions/1` will return the session with an ID of 1.
+
+###### Example JSON Response
+
+``` json
+{
+  "id": 1,
+  "user_id": 1,
+  "user_agent": "insomnia/2022.1.0",
+  "ip_address": "127.0.0.1",
+  "sudo_at": "2022-03-04T17:14:03.386Z",
+  "created_at": "2022-03-04T17:14:03.386Z",
+  "updated_at": "2022-03-04T17:14:03.386Z"
+}
+```
+
+### Destroy a session
+
+* `DELETE /sessions/1` will destroy the session with an ID of 1.
+
+Returns `204 No Content` if successful.
+
+
+### Execute sudo
+
+* `POST /sessions/sudo` will grant temporary access to sensitive information.
+
+###### Example JSON Request
+
+``` json
+{
+  "password": "Secret1*2*3*4*5*6",
+}
+```
+
+Returns `204 No Content` if successful.
+
+## Password
+
+### Update your password
+
+* `PUT /password` allows changing your password.
+
+###### Example JSON Request
+
+``` json
+{
+  "current_password": "Secret1*2*3*4*5*6",
+  "password": "NewPassword12$34$56$7",
+  "password_confirmation": "NewPassword12$34$56$7"
+}
+```
+
+This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.
+
+## Email
+
+### Update your email
+
+* `PUT /identity/email` allows changing your email. **(requires sudo)**.
+
+###### Example JSON Request
+
+``` json
+{
+  "email": "new_email@hey.com"
+}
+```
+
+This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.
+
+## Email verification
+
+### Send verification email
+
+* `POST /identity/email_verification` sends an email verification with the instructions and link to proceed with the verification.
+
+Returns `204 No Content` if successful.
+
+### Verify email
+
+* `GET /identity/email_verification` verify your email using a temporary token.
+
+**Required parameters:** `email` and `token`.
+
+Example: `/identity/email_verification?email=lazaronixon@hotmail.com&token=eyJfcmFpbHMiOnsibWVzc2FnZSI6Ik1nPT0iLCJleHAiOm51bGwsInB1ciI6InNlc3Npb24ifX0=--1a277b4a5576c6e371144a22476979a18d3e45fb8515a79e815cd4b95eb5fb6b`
+
+Returns `204 No Content` if successful.
+
+## Password reset
+
+### Send password reset email
+
+* `POST /identity/password_reset` sends a password reset email with the instructions and link to proceed reset.
+
+Returns `204 No Content` if successful.
+
+### Reset password
+
+* `PUT /identity/password_reset` allows changing your password through a email token.
+
+##### Example JSON Request
+
+``` json
+{
+  "password": "NewPassword12$34$56$7",
+  "password_confirmation": "NewPassword12$34$56$7",
+  "token": "eyJfcmFpbHMiOnsibWVzc2FnZSI6Ik1nPT0iLCJleHAiOm51bGwsInB1ciI6InNlc3Npb24ifX0=--1a277b4a5576c6e371144a22476979a18d3e45fb8515a79e815cd4b95eb5fb6b",  
+}
+```
+
+This endpoint will return 200 OK with the current JSON representation of the user if the update was a success.

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "2.8.4"
+  VERSION = "2.9.2"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -8,6 +8,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   class_option :lockable,     type: :boolean, desc: "Add password reset locking"
   class_option :ratelimit,    type: :boolean, desc: "Add request rate limiting"
   class_option :omniauthable, type: :boolean, desc: "Add social login support"
+  class_option :trackable,    type: :boolean, desc: "Add activity log support"
 
   source_root File.expand_path("templates", __dir__)
 
@@ -47,6 +48,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   def create_migrations
     migration_template "migrations/create_table_migration.rb", "#{db_migrate_path}/create_#{table_name}.rb"
     migration_template "migrations/create_sessions_migration.rb", "#{db_migrate_path}/create_sessions.rb"
+    migration_template "migrations/create_events_migration.rb", "#{db_migrate_path}/create_events.rb" if options.trackable?
   end
 
   def create_models
@@ -54,6 +56,7 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     template "models/session.rb", "app/models/session.rb"
     template "models/current.rb", "app/models/current.rb"
     template "models/locking.rb", "app/models/locking.rb" if options.lockable?
+    template "models/event.rb", "app/models/event.rb" if options.trackable?
   end
 
   def create_fixture_file
@@ -64,39 +67,53 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
     api_code = <<~CODE
       include ActionController::HttpAuthentication::Token::ControllerMethods
 
+      before_action :set_current_request_details
       before_action :authenticate
 
-      def authenticate
-        if session = authenticate_with_http_token { |token, _| Session.find_signed(token) }
-          Current.session = session
-        else
-          request_http_token_authentication
-        end
-      end
-
       def require_sudo
         if Current.session.sudo_at < 30.minutes.ago
           render json: { error: "Enter your password to continue" }, status: :forbidden
         end
       end
+
+      private
+        def authenticate
+          if session = authenticate_with_http_token { |token, _| Session.find_signed(token) }
+            Current.session = session
+          else
+            request_http_token_authentication
+          end
+        end
+
+        def set_current_request_details
+          Current.user_agent = request.user_agent
+          Current.ip_address = request.ip
+        end
     CODE
 
     html_code = <<~CODE
+      before_action :set_current_request_details
       before_action :authenticate
 
-      def authenticate
-        if session = Session.find_by_id(cookies.signed[:session_token])
-          Current.session = session
-        else
-          redirect_to sign_in_path
-        end
-      end
-
       def require_sudo
         if Current.session.sudo_at < 30.minutes.ago
           redirect_to new_sessions_sudo_path(proceed_to_url: request.url)
         end
       end
+
+      private
+        def authenticate
+          if session = Session.find_by_id(cookies.signed[:session_token])
+            Current.session = session
+          else
+            redirect_to sign_in_path
+          end
+        end
+
+        def set_current_request_details
+          Current.user_agent = request.user_agent
+          Current.ip_address = request.ip
+        end
     CODE
 
     inject_code = options.api? ? api_code : html_code
@@ -104,8 +121,13 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
   end
 
   def create_controllers
-    directory "controllers/#{format_folder}", "app/controllers"
-    template  "controllers/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
+    directory "controllers/#{format_folder}/identity", "app/controllers/identity"
+    template  "controllers/#{format_folder}/passwords_controller.rb", "app/controllers/passwords_controller.rb"
+    template  "controllers/#{format_folder}/registrations_controller.rb", "app/controllers/registrations_controller.rb"
+    template  "controllers/#{format_folder}/sessions_controller.rb", "app/controllers/sessions_controller.rb"
+    template  "controllers/#{format_folder}/sessions/sudos_controller.rb", "app/controllers/sessions/sudos_controller.rb"
+    template  "controllers/#{format_folder}/sessions/omniauth_controller.rb", "app/controllers/sessions/omniauth_controller.rb" if omniauthable?
+    template  "controllers/#{format_folder}/authentications/events_controller.rb", "app/controllers/authentications/events_controller.rb" if options.trackable?
   end
 
   def create_views
@@ -113,7 +135,14 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       directory "erb/identity_mailer", "app/views/identity_mailer"
       directory "erb/session_mailer", "app/views/session_mailer"
     else
-      directory "erb", "app/views"
+      directory "erb/identity_mailer", "app/views/identity_mailer"
+      directory "erb/session_mailer", "app/views/session_mailer"
+
+      directory "erb/identity", "app/views/identity"
+      directory "erb/passwords", "app/views/passwords"
+      directory "erb/registrations", "app/views/registrations"
+      directory "erb/sessions", "app/views/sessions"
+      directory "erb/authentications/events", "app/views/authentications/events" if options.trackable?
     end
   end
 
@@ -128,6 +157,10 @@ class AuthenticationGenerator < Rails::Generators::NamedBase
       route "get '/auth/failure', to: 'sessions/omniauth#failure'"
     end
 
+    if options.trackable?
+      route "resources :events, only: :index", namespace: :authentications
+    end
+
     route "resource :password_reset, only: [:new, :edit, :create, :update]", namespace: :identity
     route "resource :email_verification, only: [:edit, :create]", namespace: :identity
     route "resource :email, only: [:edit, :update]", namespace: :identity

data/lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt

@@ -0,0 +1,5 @@
+class Authentications::EventsController < ApplicationController
+  def index
+    render json: Current.<%= singular_table_name %>.events.order(created_at: :desc)
+  end
+end

data/lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt

@@ -15,7 +15,7 @@ class SessionsController < ApplicationController
     <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email])
 
     if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
-      @session = <%= singular_table_name %>.sessions.create!(session_params)
+      @session = <%= singular_table_name %>.sessions.create!
       response.set_header("X-Session-Token", @session.signed_id)
 
       render json: @session, status: :created
@@ -32,8 +32,4 @@ class SessionsController < ApplicationController
     def set_session
       @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
     end
-
-    def session_params
-      { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
-    end
 end

data/lib/generators/authentication/templates/controllers/html/authentications/events_controller.rb.tt

@@ -0,0 +1,5 @@
+class Authentications::EventsController < ApplicationController
+  def index
+    @events = Current.<%= singular_table_name %>.events.order(created_at: :desc)
+  end
+end

data/lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt

@@ -9,7 +9,7 @@ class RegistrationsController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.new(<%= "#{singular_table_name}_params" %>)
 
     if @<%= singular_table_name %>.save
-      session = @<%= singular_table_name %>.sessions.create!(session_params)
+      session = @<%= singular_table_name %>.sessions.create!
       cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
 
       redirect_to root_path, notice: "Welcome! You have signed up successfully"
@@ -22,8 +22,4 @@ class RegistrationsController < ApplicationController
     def <%= "#{singular_table_name}_params" %>
       params.permit(:email, :password, :password_confirmation)
     end
-
-    def session_params
-      { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
-    end
 end

data/lib/generators/authentication/templates/controllers/{omniauth_controller.rb.tt → html/sessions/omniauth_controller.rb.tt}

@@ -6,7 +6,7 @@ class Sessions::OmniauthController < ApplicationController
     @<%= singular_table_name %> = <%= class_name %>.where(omniauth_params).first_or_initialize(<%= "#{singular_table_name}_params" %>)
 
     if @<%= singular_table_name %>.save
-      session = @<%= singular_table_name %>.sessions.create!(session_params)
+      session = @<%= singular_table_name %>.sessions.create!
       cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }
 
       redirect_to root_path, notice: "Signed in successfully"
@@ -28,10 +28,6 @@ class Sessions::OmniauthController < ApplicationController
       { email: omniauth.info.email, password: SecureRandom::base58, verified: true }
     end
 
-    def session_params
-      { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
-    end
-
     def omniauth
       request.env["omniauth.auth"]
     end

data/lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt

@@ -15,7 +15,7 @@ class SessionsController < ApplicationController
     <%= singular_table_name %> = <%= class_name %>.find_by(email: params[:email])
 
     if <%= singular_table_name %> && <%= singular_table_name %>.authenticate(params[:password])
-      @session = <%= singular_table_name %>.sessions.create!(session_params)
+      @session = <%= singular_table_name %>.sessions.create!
       cookies.signed.permanent[:session_token] = { value: @session.id, httponly: true }
 
       redirect_to root_path, notice: "Signed in successfully"
@@ -32,8 +32,4 @@ class SessionsController < ApplicationController
     def set_session
       @session = Current.<%= singular_table_name %>.sessions.find(params[:id])
     end
-
-    def session_params
-      { user_agent: request.user_agent, ip_address: request.remote_ip, sudo_at: Time.current }
-    end
 end

data/lib/generators/authentication/templates/erb/authentications/events/index.html.erb

@@ -0,0 +1,33 @@
+<h1>Activity Log</h1>
+
+<div id="sessions">
+  <% @events.each do |event| %>
+    <div id="<%= dom_id event %>">
+      <p>
+        <strong>User Agent:</strong>
+        <%= event.user_agent %>
+      </p>
+
+      <p>
+        <strong>Action:</strong>
+        <%= event.action %>
+      </p>
+
+      <p>
+        <strong>Ip Address:</strong>
+        <%= event.ip_address %>
+      </p>
+
+      <p>
+        <strong>Created at:</strong>
+        <%= event.created_at %>
+      </p>
+    </div>
+  <% end %>
+</div>
+
+<br>
+
+<div>
+  <%= link_to "Back", root_path %>
+</div>

data/lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt

@@ -17,13 +17,13 @@
 
   <div>
     <%%= form.label :password, "New password", style: "display: block" %>
-    <%%= form.password_field :password, autofocus: true, autocomplete: "new-password" %>
+    <%%= form.password_field :password, required: true, autofocus: true, autocomplete: "new-password" %>
     <div>12 characters minimum.</div>
   </div>
 
   <div>
     <%%= form.label :password_confirmation, "Confirm new password", style: "display: block" %>
-    <%%= form.password_field :password_confirmation, autocomplete: "new-password" %>
+    <%%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
   </div>
 
   <div>

data/lib/generators/authentication/templates/erb/passwords/edit.html.erb.tt

@@ -17,18 +17,18 @@
 
   <div>
     <%%= label_tag :current_password, nil, style: "display: block" %>
-    <%%= password_field_tag :current_password, nil, autofocus: true, autocomplete: "current-password" %>
+    <%%= password_field_tag :current_password, nil, required: true, autofocus: true, autocomplete: "current-password" %>
   </div>
 
   <div>
     <%%= form.label :password, "New password", style: "display: block" %>
-    <%%= form.password_field :password, autocomplete: "new-password" %>
+    <%%= form.password_field :password, required: true, autocomplete: "new-password" %>
     <div>12 characters minimum.</div>
   </div>
 
   <div>
     <%%= form.label :password_confirmation, "Confirm new password", style: "display: block" %>
-    <%%= form.password_field :password_confirmation, autocomplete: "new-password" %>
+    <%%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
   </div>
 
   <div>

data/lib/generators/authentication/templates/erb/registrations/new.html.erb.tt

@@ -20,13 +20,13 @@
 
   <div>
     <%%= form.label :password, style: "display: block" %>
-    <%%= form.password_field :password, autocomplete: "new-password" %>
+    <%%= form.password_field :password, required: true, autocomplete: "new-password" %>
     <div>12 characters minimum.</div>
   </div>
 
   <div>
     <%%= form.label :password_confirmation, style: "display: block" %>
-    <%%= form.password_field :password_confirmation, autocomplete: "new-password" %>
+    <%%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
   </div>
 
   <div>

data/lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt

@@ -7,7 +7,7 @@
   <%%= hidden_field_tag :proceed_to_url, params[:proceed_to_url] %>
 
   <div>
-    <%%= password_field_tag :password, nil, autofocus: true, autocomplete: "current-password" %>
+    <%%= password_field_tag :password, nil, required: true, autofocus: true, autocomplete: "current-password" %>
   </div>
 
   <div>

data/lib/generators/authentication/templates/migrations/create_events_migration.rb.tt

@@ -0,0 +1,12 @@
+class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    create_table :events do |t|
+      t.references :<%= singular_table_name %>, null: false, foreign_key: true
+      t.string :action, null: false
+      t.string :user_agent
+      t.string :ip_address
+
+      t.timestamps
+    end
+  end
+end

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt

@@ -3,8 +3,8 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
 
-      t.string :user_agent, null: false
-      t.string :ip_address, null: false
+      t.string :user_agent
+      t.string :ip_address
 
       t.datetime :sudo_at, null: false
 

data/lib/generators/authentication/templates/migrations/create_table_migration.rb.tt

@@ -6,7 +6,7 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
 
       t.boolean :verified, null: false, default: false
 <% if omniauthable? %>
-      t.string :provide
+      t.string :provider
       t.string :uid
 <% end -%>
 

data/lib/generators/authentication/templates/models/current.rb.tt

@@ -1,5 +1,6 @@
 class Current < ActiveSupport::CurrentAttributes
   attribute :session, :<%= singular_table_name %>
+  attribute :user_agent, :ip_address
 
   def session=(session)
     super; self.<%= singular_table_name %> = session.<%= singular_table_name %>

data/lib/generators/authentication/templates/models/event.rb.tt

@@ -0,0 +1,8 @@
+class Event < ApplicationRecord
+  belongs_to :<%= singular_table_name %>
+
+  before_create do
+    self.user_agent = Current.user_agent
+    self.ip_address = Current.ip_address
+  end
+end

data/lib/generators/authentication/templates/models/model.rb.tt

@@ -2,6 +2,9 @@ class <%= class_name %> < ApplicationRecord
   has_secure_password
 
   has_many :sessions, dependent: :destroy
+<% if options.trackable? -%>
+  has_many :events, dependent: :destroy
+<% end -%>
 
   validates :email, presence: true, uniqueness: true
   validates_format_of :email, with: /\A[^@\s]+@[^@\s]+\z/
@@ -24,11 +27,20 @@ class <%= class_name %> < ApplicationRecord
     sessions.where.not(id: Current.session).destroy_all
   end
 
-  after_create_commit do
-    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
+  after_save_commit if: :email_previously_changed? do
+    IdentityMailer.with(user: self).email_verify_confirmation.deliver_later
+  end
+<% if options.trackable? %>
+  after_save_commit if: :email_previously_changed? do
+    events.create! action: "email_verification_requested"
+  end
+
+  after_update if: :password_digest_previously_changed? do
+    events.create! action: "password_changed"
   end
 
-  after_update_commit if: :email_previously_changed? do
-    IdentityMailer.with(<%= singular_table_name %>: self).email_verify_confirmation.deliver_later
+  after_update if: :verified_previously_changed? do
+    events.create! action: "email_verified" if verified?
   end
+<% end -%>
 end

data/lib/generators/authentication/templates/models/session.rb.tt

@@ -1,7 +1,22 @@
 class Session < ApplicationRecord
   belongs_to :<%= singular_table_name %>
 
+  before_create do
+    self.user_agent = Current.user_agent
+    self.ip_address = Current.ip_address
+    self.sudo_at = Time.current
+  end
+
   after_create_commit do
     SessionMailer.with(session: self).signed_in_notification.deliver_later
   end
+<% if options.trackable? %>
+  after_create do
+    <%= singular_table_name %>.events.create! action: "signed_in"
+  end
+
+  after_destroy do
+    <%= singular_table_name %>.events.create! action: "signed_out"
+  end
+<% end -%>
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt

@@ -39,6 +39,6 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "App iOS" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt

@@ -20,6 +20,6 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "App iOS" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt

@@ -18,6 +18,6 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "App iOS" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/sessions/sudos_controller_test.rb.tt

@@ -19,6 +19,6 @@ class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "App iOS" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt

@@ -16,14 +16,14 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
 
   test "should sign in" do
-    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "App iOS" }
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "Secret1*3*5*" }
 
     assert_enqueued_email_with SessionMailer, :signed_in_notification, args: { session: @<%= singular_table_name %>.sessions.last }
     assert_response :created
   end
 
   test "should not sign in with wrong credentials" do
-    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "SecretWrong1*3" }, headers: { "User-Agent" => "App iOS" }
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "SecretWrong1*3" }
     assert_response :unauthorized
   end
 
@@ -33,6 +33,6 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "App iOS" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt

@@ -39,6 +39,6 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }); <%= singular_table_name %>
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt

@@ -30,6 +30,6 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }); <%= singular_table_name %>
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt

@@ -23,6 +23,6 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }); <%= singular_table_name %>
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt

@@ -8,7 +8,7 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
 
   test "should sign up" do
     assert_difference("<%= class_name %>.count") do
-      post sign_up_url, params: { email: "lazaronixon@hey.com", password: "Secret1*3*5*", password_confirmation: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }
+      post sign_up_url, params: { email: "lazaronixon@hey.com", password: "Secret1*3*5*", password_confirmation: "Secret1*3*5*" }
     end
 
     assert_redirected_to root_url

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions/sudos_controller_test.rb.tt

@@ -21,6 +21,6 @@ class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt

@@ -18,7 +18,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
 
   test "should sign in" do
-    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "Secret1*3*5*" }
     assert_enqueued_email_with SessionMailer, :signed_in_notification, args: { session: @<%= singular_table_name %>.sessions.last }
 
     assert_redirected_to root_url
@@ -28,7 +28,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
 
   test "should not sign in with wrong credentials" do
-    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "SecretWrong1*3" }, headers: { "User-Agent" => "Firefox" }
+    post sign_in_url, params: { email: @<%= singular_table_name %>.email, password: "SecretWrong1*3" }
     assert_redirected_to sign_in_url(email_hint: @<%= singular_table_name %>.email)
     assert_equal "That email or password is incorrect", flash[:alert]
 
@@ -47,6 +47,6 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
 
   def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }, headers: { "User-Agent" => "Firefox" }); <%= singular_table_name %>
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
   end
 end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt

@@ -21,6 +21,13 @@ class SessionsTest < ApplicationSystemTestCase
     assert_text "Signed in successfully"
   end
 
+  test "signing out" do
+    sign_in_as @<%= singular_table_name %>
+
+    click_on "Log out"
+    assert_text "That session has been logged out"
+  end
+
   def sign_in_as(<%= singular_table_name %>)
     visit sign_in_url
     fill_in :email, with: <%= singular_table_name %>.email

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.8.4
+  version: 2.9.2
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-04 00:00:00.000000000 Z
+date: 2022-03-08 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -26,6 +26,7 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- authentication-zero-api.md
 - authentication-zero.gemspec
 - lib/authentication-zero.rb
 - lib/authentication_zero.rb
@@ -34,6 +35,7 @@ files:
 - lib/generators/authentication/authentication_generator.rb
 - lib/generators/authentication/templates/config/initializers/omniauth.rb
 - lib/generators/authentication/templates/config/redis/shared.yml
+- lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt
@@ -41,14 +43,16 @@ files:
 - lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/authentications/events_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/identity/email_verifications_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/passwords_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/registrations_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
-- lib/generators/authentication/templates/controllers/omniauth_controller.rb.tt
+- lib/generators/authentication/templates/erb/authentications/events/index.html.erb
 - lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/identity/password_resets/new.html.erb.tt
@@ -65,9 +69,11 @@ files:
 - lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt
 - lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/session_mailer.rb.tt
+- lib/generators/authentication/templates/migrations/create_events_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
 - lib/generators/authentication/templates/migrations/create_table_migration.rb.tt
 - lib/generators/authentication/templates/models/current.rb.tt
+- lib/generators/authentication/templates/models/event.rb.tt
 - lib/generators/authentication/templates/models/locking.rb.tt
 - lib/generators/authentication/templates/models/model.rb.tt
 - lib/generators/authentication/templates/models/session.rb.tt