authentication-zero 3.0.2 → 4.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c60a566c4789323eb87ac9f024b732231815e76092b5187d608ddc6a21314427
-  data.tar.gz: fccefad83e73b9fe383949f756cf2ad363372472a7d5a362f5e04a99ea75fefa
+  metadata.gz: a20860b4e4e996ed12ee1f8627c322cee71785051bb58569e8d3694bd8d46860
+  data.tar.gz: da8ceac9a2cd8d53028b446fd988b9604bbc6a72ab8f89dfe4cc0442cd0facd7
 SHA512:
-  metadata.gz: b4a4a9bf9a05f73b0fcc4862d763fb3a4880563fbec72a3f069d7b7e56dbc4dee3c8812823c2569d7e680a4c49b86e61465191cfbd0b24a2a121ba49ab61ec37
-  data.tar.gz: b73ed9438ecbb4a9afa463195ca88d735084853044c8d59b6f649157302aefa171ed0a6d421267c2acbe909cabe0993fdf3b81da3a68e5a654e2e82a99d1549c
+  metadata.gz: 03ba76dae5a7ae6862a45525d43bcbf1ca566b5e5bd1738a743f52a62d5af8c31838381e183d3eb2fd2776a7f909430c6a57746999c9bd4f4ead57bd67ccf6a1
+  data.tar.gz: 1d8aad9fc172635ba87cc4f154a25a1da38470967cd8a8e82f344318bf54e95e5a759f0956b38a48092d08ae29d6a626750d6076c45f40f84d96918db5c54f75

data/.github/workflows/CI.yml

@@ -22,7 +22,7 @@ jobs:
           bundler-cache: true
 
       - name: Install the latest Rails gem
-        run: gem install rails -v "7.1.0"
+        run: gem install rails -v "7.2.1"
 
       - name: Install Rubocop
         run: gem install rubocop rubocop-performance rubocop-minitest rubocop-packaging rubocop-minitest rubocop-rails
@@ -50,7 +50,6 @@ jobs:
         run: |
           cd test-app
           bin/rails test
-          bin/rails test:system
 
   test_api:
     name: 🧪 Run API Tests
@@ -66,7 +65,7 @@ jobs:
           bundler-cache: true
 
       - name: Install the latest Rails gem
-        run: gem install rails -v "7.1.0"
+        run: gem install rails -v "7.2.1"
 
       - name: Install Rubocop
         run: gem install rubocop rubocop-performance rubocop-minitest rubocop-packaging rubocop-minitest rubocop-rails

data/CHANGELOG.md

@@ -1,3 +1,27 @@
+## New version
+
+## Authentication Zero 4.0.3 ##
+
+* We don't need to add `config.action_mailer.default_url_options` anymore
+* Make gem add bcrypt more resilient
+
+## Authentication Zero 4.0.2 ##
+
+* Remove dependency on redis / kredis for sudoable
+* Fix --webauthn option. (add @github/webauthn-json)
+* Update application_controller to rails 8
+* Remove --ratelimit option
+
+## Authentication Zero 4.0.1 ##
+
+* Remove rate limit from api generator
+
+## Authentication Zero 4.0.0 ##
+
+* Remove system tests
+* Use native rate_limit for lockable
+* Copy web_authn_controller.js instead of depend on stimulus-web-authn
+
 ## Authentication Zero 3.0.2 ##
 
 * Fix bug where token is not expired/invalid

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    authentication-zero (3.0.2)
+    authentication-zero (4.0.3)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -8,6 +8,12 @@ The purpose of authentication zero is to generate a pre-built authentication sys
 $ bundle add authentication-zero
 ```
 
+If you are using Rails < 7.2, you must use version 3.
+
+```
+$ bundle add authentication-zero --version "~> 3"
+```
+
 If you are using Rails < 7.1, you must use version 2.
 
 ```
@@ -40,7 +46,6 @@ Since Authentication Zero generates this code into your application instead of b
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
 - Lock mechanism to prevent email bombing (--lockable)
-- Rate limiting for your app, 1000 reqs/minute (--ratelimit)
 - Send e-mail confirmation when your email has been changed
 - Manage multiple sessions & devices
 - Activity log (--trackable)

data/lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "3.0.2"
+  VERSION = "4.0.3"
 end

data/lib/generators/authentication/authentication_generator.rb

@@ -7,8 +7,7 @@ class AuthenticationGenerator < Rails::Generators::Base
   class_option :pwned,         type: :boolean, desc: "Add pwned password validation"
   class_option :sudoable,      type: :boolean, desc: "Add password request before sensitive data changes"
   class_option :lockable,      type: :boolean, desc: "Add password reset locking"
-  class_option :ratelimit,     type: :boolean, desc: "Add request rate limiting"
-  class_option :passwordless,  type: :boolean, desc: "Add passwordless sign"
+  class_option :passwordless,  type: :boolean, desc: "Add passwordless sign in"
   class_option :omniauthable,  type: :boolean, desc: "Add social login support"
   class_option :trackable,     type: :boolean, desc: "Add activity log support"
   class_option :two_factor,    type: :boolean, desc: "Add two factor authentication"
@@ -20,15 +19,10 @@ class AuthenticationGenerator < Rails::Generators::Base
   source_root File.expand_path("templates", __dir__)
 
   def add_gems
-    gem "bcrypt", "~> 3.1.7", comment: "Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]"
-
-    if options.ratelimit?
-      gem "rack-ratelimit", group: :production, comment: "Use Rack::Ratelimit to rate limit requests [https://github.com/jeremy/rack-ratelimit]"
-    end
-
-    if redis?
-      gem "redis", "~> 4.0", comment: "Use Redis adapter to run additional authentication features"
-      gem "kredis", comment: "Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]"
+    if bcrypt_present?
+      uncomment_lines "Gemfile", /gem "bcrypt"/
+    else
+      gem "bcrypt", "~> 3.1.7", comment: "Use Active Model has_secure_password [https://guides.rubyonrails.org/active_model_basics.html#securepassword]"
     end
 
     if options.pwned?
@@ -50,14 +44,7 @@ class AuthenticationGenerator < Rails::Generators::Base
     end
   end
 
-  def add_environment_configurations
-    application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "development"
-    application "config.action_mailer.default_url_options = { host: \"localhost\", port: 3000 }", env: "test"
-    environment ratelimit_block, env: "production" if options.ratelimit?
-  end
-
   def create_configuration_files
-    copy_file "config/redis/shared.yml" if redis?
     copy_file "config/initializers/omniauth.rb" if omniauthable?
     copy_file "config/initializers/webauthn.rb" if webauthn?
   end
@@ -123,9 +110,9 @@ class AuthenticationGenerator < Rails::Generators::Base
 
   def install_javascript
     return unless webauthn?
-    copy_file "javascript/controllers/application.js", "app/javascript/controllers/application.js", force: true
-    run "bin/importmap pin stimulus-web-authn" if importmaps?
-    run "yarn add stimulus-web-authn" if node?
+    copy_file "javascript/controllers/web_authn_controller.js", "app/javascript/controllers/web_authn_controller.js"
+    run "bin/importmap pin @rails/request.js @github/webauthn-json" if importmaps?
+    run "yarn add @rails/request.js @github/webauthn-json" if node?
   end
 
   def create_views
@@ -222,9 +209,7 @@ class AuthenticationGenerator < Rails::Generators::Base
   def create_test_files
     directory "test_unit/controllers/#{format}", "test/controllers"
     directory "test_unit/mailers/", "test/mailers"
-    directory "test_unit/system", "test/system" unless options.api?
     template  "test_unit/test_helper.rb", "test/test_helper.rb", force: true
-    template  "test_unit/application_system_test_case.rb", "test/application_system_test_case.rb", force: true unless options.api?
   end
 
   private
@@ -260,8 +245,8 @@ class AuthenticationGenerator < Rails::Generators::Base
       options.sudoable? && !options.api?
     end
 
-    def redis?
-      options.lockable? || options.ratelimit? || sudoable?
+    def bcrypt_present?
+      File.read("Gemfile").include?('gem "bcrypt"')
     end
 
     def importmaps?
@@ -271,11 +256,4 @@ class AuthenticationGenerator < Rails::Generators::Base
     def node?
       Rails.root.join("package.json").exist?
     end
-
-    def ratelimit_block
-      <<~CODE
-        # Rate limit general requests by IP address in a rate of 1000 requests per minute
-        config.middleware.use(Rack::Ratelimit, name: "General", rate: [1000, 1.minute], redis: Redis.new, logger: Rails.logger) { |env| ActionDispatch::Request.new(env).ip }
-      CODE
-    end
 end

data/lib/generators/authentication/templates/controllers/api/application_controller.rb.tt

@@ -17,14 +17,4 @@ class ApplicationController < ActionController::API
       Current.user_agent = request.user_agent
       Current.ip_address = request.ip
     end
-    <%- if options.lockable? %>
-    def require_lock(wait: 1.hour, attempts: 10)
-      counter = Kredis.counter("require_lock:#{request.remote_ip}:#{controller_path}:#{action_name}", expires_in: wait)
-      counter.increment
-
-      if counter.value > attempts
-        render json: { error: "You've exceeded the maximum number of attempts" }, status: :too_many_requests
-      end
-    end
-    <%- end -%>
 end

data/lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt

@@ -1,9 +1,6 @@
 class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
-  <%- if options.lockable? -%>
-  before_action :require_lock, only: :create
-  <%- end -%>
   before_action :set_user, only: :update
 
   def edit

data/lib/generators/authentication/templates/controllers/html/application_controller.rb.tt

@@ -1,4 +1,7 @@
 class ApplicationController < ActionController::Base
+  # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
+  allow_browser versions: :modern
+
   before_action :set_current_request_details
   before_action :authenticate
 
@@ -15,16 +18,6 @@ class ApplicationController < ActionController::Base
       Current.user_agent = request.user_agent
       Current.ip_address = request.ip
     end
-    <%- if options.lockable? %>
-    def require_lock(wait: 1.hour, attempts: 10)
-      counter = Kredis.counter("require_lock:#{request.remote_ip}:#{controller_path}:#{action_name}", expires_in: wait)
-      counter.increment
-
-      if counter.value > attempts
-        redirect_to root_path, alert: "You've exceeded the maximum number of attempts"
-      end
-    end
-    <%- end -%>
     <%- if sudoable? %>
     def require_sudo
       unless Current.session.sudo?

data/lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt

@@ -2,7 +2,7 @@ class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
 
   <%- if options.lockable? -%>
-  before_action :require_lock, only: :create
+  rate_limit to: 10, within: 1.hour, only: :create, with: -> { redirect_to root_path, alert: "Try again later" }
   <%- end -%>
   before_action :set_user, only: %i[ edit update ]
 

data/lib/generators/authentication/templates/controllers/html/sessions/passwordlesses_controller.rb.tt

@@ -2,7 +2,7 @@ class Sessions::PasswordlessesController < ApplicationController
   skip_before_action :authenticate
 
   <%- if options.lockable? -%>
-  before_action :require_lock, only: :create
+  rate_limit to: 10, within: 1.hour, only: :create, with: -> { redirect_to root_path, alert: "Try again later" }
   <%- end -%>
   before_action :set_user, only: :edit
 

data/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt

@@ -6,7 +6,7 @@ class Sessions::SudosController < ApplicationController
     session_record = Current.session
 
     if session_record.user.authenticate(params[:password])
-      session_record.sudo.mark; redirect_to(params[:proceed_to_url])
+      session_record.touch(:sudo_at); redirect_to(params[:proceed_to_url])
     else
       redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
     end

data/lib/generators/authentication/templates/javascript/controllers/web_authn_controller.js

@@ -0,0 +1,111 @@
+import { Controller } from "@hotwired/stimulus"
+import { create, get, supported } from "@github/webauthn-json"
+import { FetchRequest } from "@rails/request.js"
+
+export default class WebAuthnController extends Controller {
+  static targets = [ "error", "button", "supportText" ]
+  static classes = [ "loading" ]
+  static values = {
+    challengeUrl: String,
+    verificationUrl: String,
+    fallbackUrl: String,
+    retryText: { type: String, default: "Retry" },
+    notAllowedText: { type: String, default: "That didn't work. Either it was cancelled or took too long. Please try again." },
+    invalidStateText: { type: String, default: "We couldn't add that security key. Please confirm you haven't already registered it, then try again." }
+  }
+
+  connect() {
+    if (!supported()) {
+      this.handleUnsupportedBrowser()
+    }
+  }
+
+  getCredential() {
+    this.hideError()
+    this.disableForm()
+    this.requestChallengeAndVerify(get)
+  }
+
+  createCredential() {
+    this.hideError()
+    this.disableForm()
+    this.requestChallengeAndVerify(create)
+  }
+
+  // Private
+
+  handleUnsupportedBrowser() {
+    this.buttonTarget.parentNode.removeChild(this.buttonTarget)
+
+    if (this.fallbackUrlValue) {
+      window.location.replace(this.fallbackUrlValue)
+    } else {
+      this.supportTextTargets.forEach(target => target.hidden = !target.hidden)
+    }
+  }
+
+  async requestChallengeAndVerify(fn) {
+    try {
+      const challengeResponse = await this.requestPublicKeyChallenge()
+      const credentialResponse = await fn({ publicKey: challengeResponse })
+      this.onCompletion(await this.verify(credentialResponse))
+    } catch (error) {
+      this.onError(error)
+    }
+  }
+
+  async requestPublicKeyChallenge() {
+    return await this.request("get", this.challengeUrlValue)
+  }
+
+  async verify(credentialResponse) {
+    return await this.request("post", this.verificationUrlValue, {
+      body: JSON.stringify({ credential: credentialResponse }),
+      contentType: "application/json",
+      responseKind: "json"
+    })
+  }
+
+  onCompletion(response) {
+    window.location.replace(response.location)
+  }
+
+  onError(error) {
+    if (error.code === 0 && error.name === "NotAllowedError") {
+      this.errorTarget.textContent = this.notAllowedTextValue
+    } else if (error.code === 11 && error.name === "InvalidStateError") {
+      this.errorTarget.textContent = this.invalidStateTextValue
+    } else {
+      this.errorTarget.textContent = error.message
+    }
+    this.showError()
+  }
+
+  hideError() {
+    if (this.hasErrorTarget) this.errorTarget.hidden = true
+  }
+
+  showError() {
+    if (this.hasErrorTarget) {
+      this.errorTarget.hidden = false
+      this.buttonTarget.textContent = this.retryTextValue
+      this.enableForm()
+    }
+  }
+
+  enableForm() {
+    this.element.classList.remove(this.loadingClass)
+    this.buttonTarget.disabled = false
+  }
+
+  disableForm() {
+    this.element.classList.add(this.loadingClass)
+    this.buttonTarget.disabled = true
+  }
+
+  async request(method, url, options) {
+    const request = new FetchRequest(method, url, { responseKind: "json", ...options })
+    const response = await request.perform()
+    return response.json
+  }
+}

data/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt

@@ -4,6 +4,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
       t.references :user, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address
+      <%- if sudoable? %>
+      t.datetime :sudo_at, null: false
+      <%- end -%>
 
       t.timestamps
     end

data/lib/generators/authentication/templates/models/session.rb.tt

@@ -1,18 +1,21 @@
 class Session < ApplicationRecord
   belongs_to :user
-  <%- if sudoable? %>
-  kredis_flag :sudo, expires_in: 30.minutes
-  <%- end -%>
 
   before_create do
     self.user_agent = Current.user_agent
     self.ip_address = Current.ip_address
+    <%- if sudoable? %>
+    self.sudo_at = Time.current
+    <%- end -%>
   end
-  <%- if sudoable? %>
-  after_create { sudo.mark }
-  <%- end -%>
   <%- if options.trackable? %>
   after_create  { user.events.create! action: "signed_in" }
   after_destroy { user.events.create! action: "signed_out" }
   <%- end -%>
+  <%- if sudoable? %>
+
+  def sudo?
+    sudo_at > 30.minutes.ago
+  end
+  <%- end -%>
 end

data/lib/generators/authentication/templates/models/user.rb.tt

@@ -4,6 +4,7 @@ class User < ApplicationRecord
   generates_token_for :email_verification, expires_in: 2.days do
     email
   end
+
   generates_token_for :password_reset, expires_in: 20.minutes do
     password_salt.last(10)
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authentication-zero
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 4.0.3
 platform: ruby
 authors:
 - Nixon
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-10-28 00:00:00.000000000 Z
+date: 2024-10-26 00:00:00.000000000 Z
 dependencies: []
 description:
 email:
@@ -37,7 +37,6 @@ files:
 - lib/generators/authentication/authentication_generator.rb
 - lib/generators/authentication/templates/config/initializers/omniauth.rb
 - lib/generators/authentication/templates/config/initializers/webauthn.rb
-- lib/generators/authentication/templates/config/redis/shared.yml
 - lib/generators/authentication/templates/controllers/api/application_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/authentications/events_controller.rb.tt
 - lib/generators/authentication/templates/controllers/api/identity/email_verifications_controller.rb.tt
@@ -94,7 +93,7 @@ files:
 - lib/generators/authentication/templates/erb/user_mailer/invitation_instructions.html.erb.tt
 - lib/generators/authentication/templates/erb/user_mailer/password_reset.html.erb.tt
 - lib/generators/authentication/templates/erb/user_mailer/passwordless.html.erb.tt
-- lib/generators/authentication/templates/javascript/controllers/application.js
+- lib/generators/authentication/templates/javascript/controllers/web_authn_controller.js
 - lib/generators/authentication/templates/lib/account_middleware.rb
 - lib/generators/authentication/templates/mailers/user_mailer.rb.tt
 - lib/generators/authentication/templates/migrations/create_accounts_migration.rb.tt
@@ -113,7 +112,6 @@ files:
 - lib/generators/authentication/templates/models/session.rb.tt
 - lib/generators/authentication/templates/models/sign_in_token.rb.tt
 - lib/generators/authentication/templates/models/user.rb.tt
-- lib/generators/authentication/templates/test_unit/application_system_test_case.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/identity/email_verifications_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/identity/emails_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/api/identity/password_resets_controller_test.rb.tt
@@ -127,11 +125,6 @@ files:
 - lib/generators/authentication/templates/test_unit/controllers/html/registrations_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/controllers/html/sessions_controller_test.rb.tt
 - lib/generators/authentication/templates/test_unit/mailers/user_mailer_test.rb.tt
-- lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt
-- lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt
-- lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt
-- lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt
-- lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt
 - lib/generators/authentication/templates/test_unit/test_helper.rb.tt
 - lib/generators/authentication/templates/test_unit/users.yml
 homepage: https://github.com/lazaronixon/authentication-zero
@@ -156,7 +149,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.20
+rubygems_version: 3.5.5
 signing_key:
 specification_version: 4
 summary: An authentication system generator for Rails applications

data/lib/generators/authentication/templates/config/redis/shared.yml

@@ -1,10 +0,0 @@
-production: &production
-  url: <%= ENV.fetch("REDIS_URL", "redis://127.0.0.1:6379/0") %>
-  timeout: 1
-
-development: &development
-  url: <%= ENV.fetch("REDIS_URL", "redis://127.0.0.1:6379/0") %>
-  timeout: 1
-
-test:
-  <<: *development

data/lib/generators/authentication/templates/javascript/controllers/application.js

@@ -1,11 +0,0 @@
-import { Application } from "@hotwired/stimulus"
-import WebAuthnController from "stimulus-web-authn"
-
-const application = Application.start()
-application.register("web-authn", WebAuthnController)
-
-// Configure Stimulus development experience
-application.debug = false
-window.Stimulus   = application
-
-export { application }

data/lib/generators/authentication/templates/test_unit/application_system_test_case.rb.tt

@@ -1,15 +0,0 @@
-require "test_helper"
-
-class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
-  driven_by :selenium, using: :headless_chrome, screen_size: [1400, 1400]
-
-  def sign_in_as(user)
-    visit sign_in_url
-    fill_in :email, with: user.email
-    fill_in :password, with: "Secret1*3*5*"
-    click_on "Sign in"
-
-    assert_current_path root_url
-    user
-  end
-end

data/lib/generators/authentication/templates/test_unit/system/identity/emails_test.rb.tt

@@ -1,26 +0,0 @@
-require "application_system_test_case"
-
-class Identity::EmailsTest < ApplicationSystemTestCase
-  setup do
-    @user = sign_in_as(users(:lazaro_nixon))
-  end
-
-  test "updating the email" do
-    click_on "Change email address"
-
-    fill_in "New email", with: "new_email@hey.com"
-    fill_in "Password challenge", with: "Secret1*3*5*"
-    click_on "Save changes"
-
-    assert_text "Your email has been changed"
-  end
-
-  test "sending a verification email" do
-    @user.update! verified: false
-
-    click_on "Change email address"
-    click_on "Re-send verification email"
-
-    assert_text "We sent a verification email to your email address"
-  end
-end

data/lib/generators/authentication/templates/test_unit/system/identity/password_resets_test.rb.tt

@@ -1,28 +0,0 @@
-require "application_system_test_case"
-
-class Identity::PasswordResetsTest < ApplicationSystemTestCase
-  setup do
-    @user = users(:lazaro_nixon)
-    @sid = @user.generate_token_for(:password_reset)
-  end
-
-  test "sending a password reset email" do
-    visit sign_in_url
-    click_on "Forgot your password?"
-
-    fill_in "Email", with: @user.email
-    click_on "Send password reset email"
-
-    assert_text "Check your email for reset instructions"
-  end
-
-  test "updating password" do
-    visit edit_identity_password_reset_url(sid: @sid)
-
-    fill_in "New password", with: "Secret6*4*2*"
-    fill_in "Confirm new password", with: "Secret6*4*2*"
-    click_on "Save changes"
-
-    assert_text "Your password was reset successfully. Please sign in"
-  end
-end

data/lib/generators/authentication/templates/test_unit/system/passwords_test.rb.tt

@@ -1,18 +0,0 @@
-require "application_system_test_case"
-
-class PasswordsTest < ApplicationSystemTestCase
-  setup do
-    @user = sign_in_as(users(:lazaro_nixon))
-  end
-
-  test "updating the password" do
-    click_on "Change password"
-
-    fill_in "Password challenge", with: "Secret1*3*5*"
-    fill_in "New password", with: "Secret6*4*2*"
-    fill_in "Confirm new password", with: "Secret6*4*2*"
-    click_on "Save changes"
-
-    assert_text "Your password has been changed"
-  end
-end

data/lib/generators/authentication/templates/test_unit/system/registrations_test.rb.tt

@@ -1,14 +0,0 @@
-require "application_system_test_case"
-
-class RegistrationsTest < ApplicationSystemTestCase
-  test "signing up" do
-    visit sign_up_url
-
-    fill_in "Email", with: "lazaronixon@hey.com"
-    fill_in "Password", with: "Secret6*4*2*"
-    fill_in "Password confirmation", with: "Secret6*4*2*"
-    click_on "Sign up"
-
-    assert_text "Welcome! You have signed up successfully"
-  end
-end

data/lib/generators/authentication/templates/test_unit/system/sessions_test.rb.tt

@@ -1,30 +0,0 @@
-require "application_system_test_case"
-
-class SessionsTest < ApplicationSystemTestCase
-  setup do
-    @user = users(:lazaro_nixon)
-  end
-
-  test "visiting the index" do
-    sign_in_as @user
-
-    click_on "Devices & Sessions"
-    assert_selector "h1", text: "Sessions"
-  end
-
-  test "signing in" do
-    visit sign_in_url
-    fill_in "Email", with: @user.email
-    fill_in "Password", with: "Secret1*3*5*"
-    click_on "Sign in"
-
-    assert_text "Signed in successfully"
-  end
-
-  test "signing out" do
-    sign_in_as @user
-
-    click_on "Log out"
-    assert_text "That session has been logged out"
-  end
-end