authentication-zero 2.9.2 → 2.11.0

data/lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt

@@ -0,0 +1,33 @@
+<p style="color: red"><%%= alert %></p>
+
+<h1>Upgrade your security with 2FA</h1>
+
+<h2>Step 1: Get an Authenticator App</h2>
+<p>First, you'll need a 2FA authenticator app on your phone. <strong>If you already have one, skip to step 2.</strong></p>
+<p><strong>If you don't have one, or you aren't sure, we recommend Microsoft Authenticator</strong>. You can download it free on the Apple App Store for iPhone, or Google Play Store for Android. Please grab your phone, search the store, and install it now.</p>
+
+<h2>Step 2: Scan + Enter the Code</h2>
+<p>Next, open the authenticator app, tap "Scan QR code" or "+", and, when it asks, point your phone's camera at this QR code picture below.</p>
+
+<figure>
+    <%%= image_tag @qr_code.as_png(resize_exactly_to: 200).to_data_url%>
+    <figcaption>Point your camera here</figcaption>
+</figure>
+
+<%%= form_with(url: two_factor_authentication_totp_path) do |form| %>
+  <%%= form.hidden_field :secret, value: @totp.secret %>
+
+  <div>
+    <%%= form.label :current_password, style: "display: block" %>
+    <%%= form.password_field :current_password, required: true, autofocus: true, autocomplete: "current-password" %>
+  </div>
+
+  <div>
+    <%%= form.label :code, "After scanning with your camera, the app will generate a six-digit code. Enter it here:", style: "display: block" %>
+    <%%= form.text_field :code, autofocus: true, required: true, autocomplete: :off %>
+  </div>
+
+  <div>
+    <%%= form.submit "Verify and active" %>
+  </div>
+<%% end %>

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt

@@ -2,12 +2,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
   def change
     create_table :sessions do |t|
       t.references :<%= singular_table_name %>, null: false, foreign_key: true
-
       t.string :user_agent
       t.string :ip_address
 
-      t.datetime :sudo_at, null: false
-
       t.timestamps
     end
   end

data/lib/generators/authentication/templates/migrations/create_table_migration.rb.tt

@@ -5,17 +5,20 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
       t.string :password_digest, null: false
 
       t.boolean :verified, null: false, default: false
-<% if omniauthable? %>
+      <%- if two_factor? %>
+      t.string :otp_secret
+      <%- end -%>
+      <%- if omniauthable? %>
       t.string :provider
       t.string :uid
-<% end -%>
+      <%- end -%>
 
       t.timestamps
     end
 
     add_index :<%= table_name %>, :email, unique: true
-<% if omniauthable? -%>
+    <%- if omniauthable? -%>
     add_index :<%= table_name %>, [:provider, :uid], unique: true
-<% end -%>
+    <%- end -%>
   end
 end

data/lib/generators/authentication/templates/models/model.rb.tt

@@ -2,18 +2,18 @@ class <%= class_name %> < ApplicationRecord
   has_secure_password
 
   has_many :sessions, dependent: :destroy
-<% if options.trackable? -%>
+  <%- if options.trackable? -%>
   has_many :events, dependent: :destroy
-<% end -%>
+  <%- end -%>
 
   validates :email, presence: true, uniqueness: true
   validates_format_of :email, with: /\A[^@\s]+@[^@\s]+\z/
 
-  validates_length_of :password, minimum: 12, allow_blank: true
-  validates_format_of :password, with: /(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/, allow_blank: true, message: "might easily be guessed"
-<% if options.pwned? -%>
+  validates_length_of :password, minimum: 12, allow_nil: true
+  validates_format_of :password, with: /(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])/, allow_nil: true, message: "might easily be guessed"
+  <%- if options.pwned? -%>
   validates :password, not_pwned: { message: "might easily be guessed" }
-<% end -%>
+  <%- end -%>
 
   before_validation do
     self.email = email.downcase.strip
@@ -30,7 +30,7 @@ class <%= class_name %> < ApplicationRecord
   after_save_commit if: :email_previously_changed? do
     IdentityMailer.with(user: self).email_verify_confirmation.deliver_later
   end
-<% if options.trackable? %>
+  <%- if options.trackable? %>
   after_save_commit if: :email_previously_changed? do
     events.create! action: "email_verification_requested"
   end
@@ -42,5 +42,5 @@ class <%= class_name %> < ApplicationRecord
   after_update if: :verified_previously_changed? do
     events.create! action: "email_verified" if verified?
   end
-<% end -%>
+  <%- end -%>
 end

data/lib/generators/authentication/templates/models/session.rb.tt

@@ -1,16 +1,23 @@
 class Session < ApplicationRecord
   belongs_to :<%= singular_table_name %>
+  <%- if options.sudoable? %>
+  kredis_flag :sudo
+  <%- end -%>
 
   before_create do
     self.user_agent = Current.user_agent
     self.ip_address = Current.ip_address
-    self.sudo_at = Time.current
   end
+  <%- if options.sudoable? %>
+  after_create_commit do
+    self.sudo.mark expires_in: 30.minutes
+  end
+  <%- end -%>
 
   after_create_commit do
     SessionMailer.with(session: self).signed_in_notification.deliver_later
   end
-<% if options.trackable? %>
+  <%- if options.trackable? %>
   after_create do
     <%= singular_table_name %>.events.create! action: "signed_in"
   end
@@ -18,5 +25,5 @@ class Session < ApplicationRecord
   after_destroy do
     <%= singular_table_name %>.events.create! action: "signed_out"
   end
-<% end -%>
+  <%- end -%>
 end

data/lib/generators/authentication/templates/test_unit/application_system_test_case.rb.tt

@@ -0,0 +1,15 @@
+require "test_helper"
+
+class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
+  driven_by :selenium, using: :chrome, screen_size: [1400, 1400]
+
+  def sign_in_as(<%= singular_table_name %>)
+    visit sign_in_url
+    fill_in :email, with: <%= singular_table_name %>.email
+    fill_in :password, with: "Secret1*3*5*"
+    click_on "Sign in"
+
+    assert_current_path root_url
+    <%= singular_table_name %>
+  end
+end

data/lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt

@@ -9,21 +9,25 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
     @<%= singular_table_name %>.update! verified: false
   end
 
+  def default_headers
+    { "Authorization" => "Bearer #{@token}" }
+  end
+
   test "should send a verification email" do
     assert_enqueued_email_with IdentityMailer, :email_verify_confirmation, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do
-      post identity_email_verification_url, headers: { "Authorization" => "Bearer #{@token}" }
+      post identity_email_verification_url, headers: default_headers
     end
 
     assert_response :no_content
   end
 
   test "should verify email" do
-    get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email }, headers: default_headers
     assert_response :no_content
   end
 
   test "should not verify email with expired token" do
-    get edit_identity_email_verification_url, params: { token: @sid_exp, email: @<%= singular_table_name %>.email }, headers: { "Authorization" => "Bearer #{@token}" }
+    get edit_identity_email_verification_url, params: { token: @sid_exp, email: @<%= singular_table_name %>.email }, headers: default_headers
 
     assert_response :bad_request
     assert_equal "That email verification link is invalid", response.parsed_body["error"]
@@ -32,13 +36,9 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
   test "should not verify email with previous token" do
     @<%= singular_table_name %>.update! email: "other_email@hey.com"
 
-    get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: { "Authorization" => "Bearer #{@token}" }
+    get edit_identity_email_verification_url, params: { token: @sid, email: @<%= singular_table_name %>.email_previously_was }, headers: default_headers
 
     assert_response :bad_request
     assert_equal "That email verification link is invalid", response.parsed_body["error"]
   end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt

@@ -5,21 +5,19 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
   end
 
+  def default_headers
+    { "Authorization" => "Bearer #{@token}" }
+  end
+
   test "should update email" do
-    patch identity_email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
+    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }, headers: default_headers
     assert_response :success
   end
 
-  test "should not update email without sudo" do
-    @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
-
-    patch identity_email_url, params: { email: "new_email@hey.com" }, headers: { "Authorization" => "Bearer #{@token}" }
-
-    assert_response :forbidden
-    assert_equal "Enter your password to continue", response.parsed_body["error"]
-  end
+  test "should not update email with wrong current password" do
+    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }, headers: default_headers
 
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+    assert_response :bad_request
+    assert_equal "The password you entered is incorrect", response.parsed_body["error"]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt

@@ -6,9 +6,6 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
-<% if options.lockable? %>
-  teardown { Kredis.clear_all }
-<% end -%>
 
   test "should send a password reset email" do
     assert_enqueued_email_with IdentityMailer, :password_reset_provision, args: { <%= singular_table_name %>: @<%= singular_table_name %> } do

data/lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt

@@ -5,19 +5,19 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
   end
 
+  def default_headers
+    { "Authorization" => "Bearer #{@token}" }
+  end
+
   test "should update password" do
-    patch password_url, params: { current_password: "Secret1*3*5*", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers: { "Authorization" => "Bearer #{@token}" }
+    patch password_url, params: { current_password: "Secret1*3*5*", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers: default_headers
     assert_response :success
   end
 
   test "should not update password with wrong current password" do
-    patch password_url, params: { current_password: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers: { "Authorization" => "Bearer #{@token}" }
+    patch password_url, params: { current_password: "SecretWrong1*3", password: "Secret6*4*2*", password_confirmation: "Secret6*4*2*" }, headers: default_headers
 
     assert_response :bad_request
     assert_equal "The current password you entered is incorrect", response.parsed_body["error"]
   end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt

@@ -5,13 +5,17 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
     @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
   end
 
+  def default_headers
+    { "Authorization" => "Bearer #{@token}" }
+  end
+
   test "should get index" do
-    get sessions_url, headers: { "Authorization" => "Bearer #{@token}" }
+    get sessions_url, headers: default_headers
     assert_response :success
   end
 
   test "should show session" do
-    get session_url(@<%= singular_table_name %>.sessions.last), headers: { "Authorization" => "Bearer #{@token}" }
+    get session_url(@<%= singular_table_name %>.sessions.last), headers: default_headers
     assert_response :success
   end
 
@@ -28,11 +32,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
   end
 
   test "should sign out" do
-    delete session_url(@<%= singular_table_name %>.sessions.last), headers: { "Authorization" => "Bearer #{@token}" }
+    delete session_url(@<%= singular_table_name %>.sessions.last), headers: default_headers
     assert_response :no_content
   end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt

@@ -37,8 +37,4 @@ class Identity::EmailVerificationsControllerTest < ActionDispatch::IntegrationTe
     assert_redirected_to edit_identity_email_url
     assert_equal "That email verification link is invalid", flash[:alert]
   end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt

@@ -10,26 +10,15 @@ class Identity::EmailsControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
   end
 
-  test "should not get edit without sudo" do
-    @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
-
-    get edit_identity_email_url
-    assert_redirected_to new_sessions_sudo_url(proceed_to_url: edit_identity_email_url)
-  end
-
   test "should update email" do
-    patch identity_email_url, params: { email: "new_email@hey.com" }
+    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "Secret1*3*5*" }
     assert_redirected_to root_url
   end
 
-  test "should not update email without sudo" do
-    @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
-
-    patch identity_email_url, params: { email: "new_email@hey.com" }
-    assert_redirected_to new_sessions_sudo_url(proceed_to_url: identity_email_url)
-  end
+  test "should not update email with wrong current password" do
+    patch identity_email_url, params: { email: "new_email@hey.com", current_password: "SecretWrong1*3" }
 
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
+    assert_redirected_to edit_identity_email_url
+    assert_equal "The password you entered is incorrect", flash[:alert]
   end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt

@@ -6,9 +6,6 @@ class Identity::PasswordResetsControllerTest < ActionDispatch::IntegrationTest
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
     @sid_exp = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 0.minutes)
   end
-<% if options.lockable? %>
-  teardown { Kredis.clear_all }
-<% end -%>
 
   test "should get new" do
     get new_identity_password_reset_url

data/lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt

@@ -21,8 +21,4 @@ class PasswordsControllerTest < ActionDispatch::IntegrationTest
     assert_redirected_to edit_password_url
     assert_equal "The current password you entered is incorrect", flash[:alert]
   end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt

@@ -45,8 +45,4 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
     follow_redirect!
     assert_redirected_to sign_in_url
   end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt

@@ -8,6 +8,7 @@ class Identity::EmailsTest < ApplicationSystemTestCase
   test "updating the email" do
     click_on "Change email address"
 
+    fill_in "Current password", with: "Secret1*3*5*"
     fill_in "New email", with: "new_email@hey.com"
     click_on "Save changes"
 
@@ -22,14 +23,4 @@ class Identity::EmailsTest < ApplicationSystemTestCase
 
     assert_text "We sent a verification email to your email address"
   end
-
-  def sign_in_as(<%= singular_table_name %>)
-    visit sign_in_url
-    fill_in :email, with: <%= singular_table_name %>.email
-    fill_in :password, with: "Secret1*3*5*"
-    click_on "Sign in"
-
-    assert_current_path root_url
-    return <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt

@@ -5,9 +5,6 @@ class Identity::PasswordResetsTest < ApplicationSystemTestCase
     @<%= singular_table_name %> = <%= table_name %>(:lazaro_nixon)
     @sid = @<%= singular_table_name %>.signed_id(purpose: :password_reset, expires_in: 20.minutes)
   end
-<% if options.lockable? %>
-  teardown { Kredis.clear_all }
-<% end -%>
 
   test "sending a password reset email" do
     visit sign_in_url

data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt

@@ -15,14 +15,4 @@ class PasswordsTest < ApplicationSystemTestCase
 
     assert_text "Your password has been changed"
   end
-
-  def sign_in_as(<%= singular_table_name %>)
-    visit sign_in_url
-    fill_in :email, with: <%= singular_table_name %>.email
-    fill_in :password, with: "Secret1*3*5*"
-    click_on "Sign in"
-
-    assert_current_path root_url
-    return <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt

@@ -27,14 +27,4 @@ class SessionsTest < ApplicationSystemTestCase
     click_on "Log out"
     assert_text "That session has been logged out"
   end
-
-  def sign_in_as(<%= singular_table_name %>)
-    visit sign_in_url
-    fill_in :email, with: <%= singular_table_name %>.email
-    fill_in :password, with: "Secret1*3*5*"
-    click_on "Sign in"
-
-    assert_current_path root_url
-    return <%= singular_table_name %>
-  end
 end

data/lib/generators/authentication/templates/test_unit/test_helper.rb.tt

@@ -0,0 +1,22 @@
+ENV["RAILS_ENV"] ||= "test"
+require_relative "../config/environment"
+require "rails/test_help"
+
+class ActiveSupport::TestCase
+  # Run tests in parallel with specified workers
+  parallelize(workers: :number_of_processors)
+
+  # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
+  fixtures :all
+
+  # Add more helper methods to be used by all tests here...
+  <%- if options.api? -%>
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
+  end
+  <%- else -%>
+  def sign_in_as(<%= singular_table_name %>)
+    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); <%= singular_table_name %>
+  end
+  <%- end -%>
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 2.9.2
+  version: 2.11.0
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-08 00:00:00.000000000 Z
+date: 2022-03-27 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -19,6 +19,7 @@ extra_rdoc_files: []
 files:
 - ".github/FUNDING.yml"
 - ".gitignore"
+- ".rubocop.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -35,6 +36,7 @@ files:
 - lib/generators/authentication/authentication_generator.rb
 - lib/generators/authentication/templates/config/initializers/omniauth.rb
 - lib/generators/authentication/templates/config/redis/shared.yml
+- lib/generators/authentication/templates/controllers/api/application_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/identity/emails_controller.rb.tt
@@ -43,6 +45,7 @@ files:
 - lib/generators/authentication/templates/controllers/api/registrations_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/sessions_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/application_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/authentications/events_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/identity/email_verifications_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/identity/emails_controller.rb.tt
@@ -52,6 +55,8 @@ files:
 - lib/generators/authentication/templates/controllers/html/sessions/omniauth_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
 - lib/generators/authentication/templates/controllers/html/sessions_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/two_factor_authentication/challenges_controller.rb.tt
+- lib/generators/authentication/templates/controllers/html/two_factor_authentication/totps_controller.rb.tt
 - lib/generators/authentication/templates/erb/authentications/events/index.html.erb
 - lib/generators/authentication/templates/erb/identity/emails/edit.html.erb.tt
 - lib/generators/authentication/templates/erb/identity/password_resets/edit.html.erb.tt
@@ -67,6 +72,8 @@ files:
 - lib/generators/authentication/templates/erb/sessions/index.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/new.html.erb.tt
 - lib/generators/authentication/templates/erb/sessions/sudos/new.html.erb.tt
+- lib/generators/authentication/templates/erb/two_factor_authentication/challenges/new.html.erb.tt
+- lib/generators/authentication/templates/erb/two_factor_authentication/totps/new.html.erb.tt
 - lib/generators/authentication/templates/mailers/identity_mailer.rb.tt
 - lib/generators/authentication/templates/mailers/session_mailer.rb.tt
 - lib/generators/authentication/templates/migrations/create_events_migration.rb.tt
@@ -77,27 +84,26 @@ files:
 - lib/generators/authentication/templates/models/locking.rb.tt
 - lib/generators/authentication/templates/models/model.rb.tt
 - lib/generators/authentication/templates/models/session.rb.tt
+- lib/generators/authentication/templates/test_unit/application_system_test_case.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/passwords_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/registrations_controller_test.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/api/sessions/sudos_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/sessions_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/identity/email_verifications_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/identity/emails_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/identity/password_resets_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/passwords_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
-- lib/generators/authentication/templates/test_unit/controllers/html/sessions/sudos_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/fixtures.yml.tt
 - lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
-- lib/generators/authentication/templates/test_unit/system/sessions/sudos_test.rb.tt
 - lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
+- lib/generators/authentication/templates/test_unit/test_helper.rb.tt
 homepage: https://github.com/lazaronixon/authentication-zero
 licenses:
 - MIT

data/lib/generators/authentication/templates/test_unit/controllers/api/sessions/sudos_controller_test.rb.tt

@@ -1,24 +0,0 @@
-require "test_helper"
-
-class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
-  setup do
-    @<%= singular_table_name %>, @token = sign_in_as(<%= table_name %>(:lazaro_nixon))
-    @<%= singular_table_name %>.sessions.last.update! sudo_at: 1.day.ago
-  end
-
-  test "should sudo" do
-    post sessions_sudo_url, params: { password: "Secret1*3*5*" }, headers: { "Authorization" => "Bearer #{@token}" }
-    assert_response :no_content
-  end
-
-  test "should not sudo with wrong password" do
-    post sessions_sudo_url, params: { password: "SecretWrong1*3" }, headers: { "Authorization" => "Bearer #{@token}" }
-
-    assert_response :bad_request
-    assert_equal "The password you entered is incorrect", response.parsed_body["error"]
-  end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
-  end
-end

data/lib/generators/authentication/templates/test_unit/controllers/html/sessions/sudos_controller_test.rb.tt

@@ -1,26 +0,0 @@
-require "test_helper"
-
-class Sessions::SudosControllerTest < ActionDispatch::IntegrationTest
-  setup do
-    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
-  end
-
-  test "should get new" do
-    get new_sessions_sudo_url(proceed_to_url: edit_password_url)
-    assert_response :success
-  end
-
-  test "should sudo" do
-    post sessions_sudo_url, params: { password: "Secret1*3*5*", proceed_to_url: edit_password_url }
-    assert_redirected_to edit_password_url
-  end
-
-  test "should not sudo with wrong password" do
-    post sessions_sudo_url, params: { password: "SecretWrong1*3", proceed_to_url: edit_password_url }
-    assert_redirected_to new_sessions_sudo_url(proceed_to_url: edit_password_url)
-  end
-
-  def sign_in_as(<%= singular_table_name %>)
-    post(sign_in_url, params: { email: <%= singular_table_name %>.email, password: "Secret1*3*5*" }); [<%= singular_table_name %>, response.headers["X-Session-Token"]]
-  end
-end

data/lib/generators/authentication/templates/test_unit/system/sessions/sudos_test.rb.tt

@@ -1,25 +0,0 @@
-require "application_system_test_case"
-
-class Sessions::SudosTest < ApplicationSystemTestCase
-  setup do
-    @<%= singular_table_name %> = sign_in_as(<%= table_name %>(:lazaro_nixon))
-  end
-
-  test "executing sudo" do
-    visit new_sessions_sudo_url(proceed_to_url: edit_password_url)
-    fill_in :password, with: "Secret1*3*5*"
-    click_on "Continue"
-
-    assert_selector "h1", text: "Change your password"
-  end
-
-  def sign_in_as(<%= singular_table_name %>)
-    visit sign_in_url
-    fill_in :email, with: <%= singular_table_name %>.email
-    fill_in :password, with: "Secret1*3*5*"
-    click_on "Sign in"
-
-    assert_current_path root_url
-    return <%= singular_table_name %>
-  end
-end