kaze 0.8.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed80aded8509882926dcf8c40613b78779b50a01bf6a00edd3b130769e9020f5
-  data.tar.gz: fedfaa322d578f194d46923d05c33dec0a0638b47653eb77b6a2898c9e1be49b
+  metadata.gz: 27a8de2c9dc1c9297b72ca20e60fc00582579e39cf1372ad019d6ab18c28942f
+  data.tar.gz: fadd95b9700cc5409c2cffcaae03ba3ad68cc79b8331b6a9e27612a47d6e5ce7
 SHA512:
-  metadata.gz: d94bc100f51b08ce70e149c898f7c36422980a0225e37e289146394bb2e216b37bed34be1a4a21c6ebdc091105abfebbe372dfcccf05d23886b348615a151673
-  data.tar.gz: b6cbabd31838a806daeaa3cd719fc5e725242ae56783eb57a1028438e388a7b7f009edb04bb70a642383547c567bc46e7496f69053296d9834a661b0fbbd5e0e
+  metadata.gz: a5bd8c23395b302a93fa836e33c10da76de5681d563f84c1f16ff70317583aa3470e05d03cdfd726257c0ece38ef20c8d72ffe0974e0cbdb14d93a7688a1686c
+  data.tar.gz: 70cd7f58402805e19197e0c9f161ebde8891e5696eafdec0c96dc3017c52fe6f966068329c77f3f55a3e989cc983050694d91a68097502691fed80e4ea4084c0

data/lib/kaze/commands/install_command.rb

@@ -9,6 +9,8 @@ class Kaze::Commands::InstallCommand < Thor
 
   desc 'install [STACK]', 'Install the Kaze controllers and resources. Supported stacks: hotwire, react, vue.'
   def install(stack = 'hotwire')
+    return say 'Kaze must be run in a new Rails application.', :red unless File.exist?("#{Dir.pwd}/bin/rails")
+
     if stack == 'hotwire'
       return install_hotwire_stack
     end
@@ -53,7 +55,7 @@ class Kaze::Commands::InstallCommand < Thor
   def install_migrations
     ensure_directory_exists("#{Dir.pwd}/db/migrate")
     FileUtils.copy_entry("#{File.dirname(__FILE__)}/../../../stubs/default/db/migrate", "#{Dir.pwd}/db/migrate")
-    stdin, _ = Open3.capture3('rails version')
+    stdin, _ = Open3.capture3("#{Dir.pwd}/bin/rails version")
     versions = stdin.gsub!('Rails ', '').split('.')
     railsVersion = [ versions[0], versions[1] ].join('.')
     Dir.children("#{Dir.pwd}/db/migrate").each do |file|

data/lib/kaze/commands/installs_hotwire_stack.rb

@@ -32,7 +32,7 @@ module Kaze::Commands::InstallsHotwireStack
     FileUtils.copy_entry("#{File.dirname(__FILE__)}/../../../stubs/hotwire/app/views", "#{Dir.pwd}/app/views")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/app/views/layouts/mailer.html.erb", "#{Dir.pwd}/app/views/layouts/mailer.html.erb")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/app/views/layouts/mailer.text.erb", "#{Dir.pwd}/app/views/layouts/mailer.text.erb")
-    FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/app/views/user_mailer/reset_password.html.erb", "#{Dir.pwd}/app/views/user_mailer/reset_password.html.erb")
+    FileUtils.copy_entry("#{File.dirname(__FILE__)}/../../../stubs/default/app/views/user_mailer", "#{Dir.pwd}/app/views/user_mailer")
 
     # Components + Pages...
     ensure_directory_exists("#{Dir.pwd}/app/components")
@@ -57,7 +57,7 @@ module Kaze::Commands::InstallsHotwireStack
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/hotwire/config/tailwind.config.js", "#{Dir.pwd}/config/tailwind.config.js")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/bin/dev", "#{Dir.pwd}/bin/dev")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/Procfile.dev", "#{Dir.pwd}/Procfile.dev")
-    run_command('rails tailwindcss:build')
+    run_command("#{Dir.pwd}/bin/rails tailwindcss:build")
 
     say ''
     say 'Kaze scaffolding installed successfully.', :green

data/lib/kaze/commands/installs_inertia_stacks.rb

@@ -34,7 +34,7 @@ module Kaze::Commands::InstallsInertiaStacks
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/inertia-react-ts/app/views/layouts/application.html.erb", "#{Dir.pwd}/app/views/layouts/application.html.erb")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/app/views/layouts/mailer.html.erb", "#{Dir.pwd}/app/views/layouts/mailer.html.erb")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/app/views/layouts/mailer.text.erb", "#{Dir.pwd}/app/views/layouts/mailer.text.erb")
-    FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/app/views/user_mailer/reset_password.html.erb", "#{Dir.pwd}/app/views/user_mailer/reset_password.html.erb")
+    FileUtils.copy_entry("#{File.dirname(__FILE__)}/../../../stubs/default/app/views/user_mailer", "#{Dir.pwd}/app/views/user_mailer")
 
     # Components + Pages...
     ensure_directory_exists("#{Dir.pwd}/app/javascript")
@@ -60,9 +60,9 @@ module Kaze::Commands::InstallsInertiaStacks
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/bin/dev", "#{Dir.pwd}/bin/dev")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/inertia-common/bin/vite", "#{Dir.pwd}/bin/vite")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/Procfile.dev", "#{Dir.pwd}/Procfile.dev")
-    File.write("#{Dir.pwd}/Procfile.dev", "#{File.read("#{Dir.pwd}/Procfile.dev")}\nvite: bin/vite dev\n")
-    run_command('rails generate js_routes:middleware')
-    run_command('rails tailwindcss:build')
+    File.write("#{Dir.pwd}/Procfile.dev", "#{File.read("#{Dir.pwd}/Procfile.dev")}\nvite: bundle exec rake js:routes:typescript && bin/vite dev\n")
+    run_command("#{Dir.pwd}/bin/rails generate js_routes:middleware")
+    run_command("#{Dir.pwd}/bin/rails tailwindcss:build")
 
     say ''
     say 'Installing and building Node dependencies.', :magenta
@@ -140,9 +140,9 @@ module Kaze::Commands::InstallsInertiaStacks
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/bin/dev", "#{Dir.pwd}/bin/dev")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/inertia-common/bin/vite", "#{Dir.pwd}/bin/vite")
     FileUtils.copy_file("#{File.dirname(__FILE__)}/../../../stubs/default/Procfile.dev", "#{Dir.pwd}/Procfile.dev")
-    File.write("#{Dir.pwd}/Procfile.dev", "#{File.read("#{Dir.pwd}/Procfile.dev")}\nvite: bin/vite dev\n")
-    run_command('rails generate js_routes:middleware')
-    run_command('rails tailwindcss:build')
+    File.write("#{Dir.pwd}/Procfile.dev", "#{File.read("#{Dir.pwd}/Procfile.dev")}\nvite: bundle exec rake js:routes:typescript && bin/vite dev\n")
+    run_command("#{Dir.pwd}/bin/rails generate js_routes:middleware")
+    run_command("#{Dir.pwd}/bin/rails tailwindcss:build")
 
     say ''
     say 'Installing and building Node dependencies.', :magenta

data/lib/kaze/version.rb

@@ -1,3 +1,3 @@
 module Kaze
-  VERSION = '0.8.0'
+  VERSION = '0.10.0'
 end

data/stubs/default/app/forms/update_profile_information_form.rb

@@ -3,4 +3,12 @@ class UpdateProfileInformationForm < ApplicationForm
 
   validates :name,  presence: true
   validates :email, presence: true, lowercase: true, email: true, uniqueness: { model: User, attribute: :email, conditions: -> { where.not(id: Current.auth.user.id) } }
+
+  def update
+    Current.auth.user.name = name
+    Current.auth.user.email = email
+    Current.auth.user.email_verified_at = nil if Current.auth.user.changed.include?('email')
+
+    Current.auth.user.save
+  end
 end

data/stubs/default/app/mailers/application_mailer.rb

@@ -6,6 +6,6 @@ class ApplicationMailer < ActionMailer::Base
   layout 'mailer'
 
   def default_url_options
-    { host: ENV.fetch('APP_URL', 'http://localhost') }
+    { host: ENV.fetch('APP_URL', 'http://localhost:3000') }
   end
 end

data/stubs/default/app/mailers/user_mailer.rb

@@ -1,8 +1,23 @@
 class UserMailer < ApplicationMailer
-  def reset_password
+  def reset_password(token)
+    @reset_url = password_reset_url(token: token)
+
     mail(
       to: params[:user].email,
       subject: 'Reset Password Notification'
     )
   end
+
+  def verify_email
+    verifier = ActiveSupport::MessageVerifier.new(ENV.fetch('RAILS_MASTER_KEY', ''))
+
+    signature = verifier.generate(verification_verify_url(id: params[:user].id, hash: Digest::SHA1.hexdigest(params[:user].email)), expires_in: 60.minutes.from_now.to_i)
+
+    @verification_url = verification_verify_url(id: params[:user].id, hash: Digest::SHA1.hexdigest(params[:user].email), signature: signature)
+
+    mail(
+      to: params[:user].email,
+      subject: 'Verify Email Address'
+    )
+  end
 end

data/stubs/default/app/models/concerns/can_reset_password.rb

@@ -1,5 +1,5 @@
 module CanResetPassword
   def send_password_reset_notification(token)
-    UserMailer.with(user: self, token: token).reset_password.deliver_later
+    UserMailer.with(user: self).reset_password(token).deliver_later
   end
 end

data/stubs/default/app/models/concerns/must_verify_email.rb

@@ -0,0 +1,15 @@
+module MustVerifyEmail
+  extend ActiveSupport::Concern
+
+  def has_verified_email?
+    !email_verified_at.nil?
+  end
+
+  def mark_email_as_verified
+    self.update(email_verified_at: Time.now)
+  end
+
+  def send_email_verification_notification
+    UserMailer.with(user: self).verify_email.deliver_later
+  end
+end

data/stubs/default/app/models/user.rb

@@ -1,5 +1,6 @@
 class User < ApplicationRecord
   include CanResetPassword
+  # include MustVerifyEmail
 
   has_secure_password
 

data/stubs/default/app/views/user_mailer/reset_password.html.erb

@@ -12,7 +12,7 @@
             <table border="0" cellpadding="0" cellspacing="0" role="presentation">
               <tr>
                 <td>
-                  <a href="<%= password_reset_url(token: params[:token]) %>" class="button button-primary" target="_blank" rel="noopener">Reset Password</a>
+                  <a href="<%= @reset_url %>" class="button button-primary" target="_blank" rel="noopener">Reset Password</a>
                 </td>
               </tr>
             </table>
@@ -30,5 +30,5 @@
   <%= ENV.fetch("APP_NAME", "Rails") %></p>
 <!-- Subcopy -->
 <% content_for :subcopy do %>
-  <p>If you're having trouble clicking the "Reset Password" button, copy and paste the URL below into your web browser: <span class="break-all"><%= link_to password_reset_url(token: params[:token]), password_reset_url(token: params[:token]) %><span></p>
+  <p>If you're having trouble clicking the "Reset Password" button, copy and paste the URL below into your web browser: <span class="break-all"><%= link_to @reset_url, @reset_url %><span></p>
     <% end %>

data/stubs/default/app/views/user_mailer/verify_email.html.erb

@@ -0,0 +1,33 @@
+<!-- Greeting -->
+<h1>Hello!</h1>
+<!-- Intro Lines -->
+<p>Please click the button below to verify your email address.</p>
+<!-- Action Button -->
+<table class="action" align="center" width="100%" cellpadding="0" cellspacing="0" role="presentation">
+  <tr>
+    <td align="center">
+      <table width="100%" border="0" cellpadding="0" cellspacing="0" role="presentation">
+        <tr>
+          <td align="center">
+            <table border="0" cellpadding="0" cellspacing="0" role="presentation">
+              <tr>
+                <td>
+                  <a href="<%= @verification_url %>" class="button button-primary" target="_blank" rel="noopener">Verify Email Address</a>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<!-- Outro Lines -->
+<p>If you did not create an account, no further action is required.</p>
+<!-- Salutation -->
+<p>Regards,<br>
+  <%= ENV.fetch("APP_NAME", "Rails") %></p>
+<!-- Subcopy -->
+<% content_for :subcopy do %>
+  <p>If you're having trouble clicking the "Verify Email Address" button, copy and paste the URL below into your web browser: <span class="break-all"><%= link_to @verification_url, @verification_url %><span></p>
+    <% end %>

data/stubs/default/config/routes.rb

@@ -15,6 +15,10 @@ Rails.application.routes.draw do
   get 'reset-password/:token', to: 'auth/new_password#new', as: :password_reset
   post 'reset-password', to: 'auth/new_password#create', as: :password_store
 
+  get 'verify-email', to: 'auth/email_verification_notification#new', as: :verification_notice
+  post 'verify-email', to: 'auth/email_verification_notification#create', as: :verification_send
+  get 'verify-email/:id/:hash', to: 'auth/verified_email#create', as: :verification_verify
+
   post 'logout', to: 'auth/authenticated_session#destroy', as: :logout
 
   get 'dashboard', to: 'dashboard#index', as: :dashboard

data/stubs/default/db/migrate/20240101000000_create_users.rb

@@ -3,6 +3,7 @@ class CreateUsers < ActiveRecord::Migration
     create_table :users do |table|
       table.string :name
       table.string :email
+      table.timestamp :email_verified_at, null: true
       table.string :password_digest
       table.string :remember_token, null: true
       table.timestamps

data/stubs/default/test/factories/users.rb

@@ -2,6 +2,11 @@ FactoryBot.define do
   factory :user do
     name { Faker::Name.name }
     email { Faker::Internet.email }
+    email_verified_at { Time.now }
     password { 'password' }
+
+    trait :unverified do
+      email_verified_at { nil }
+    end
   end
 end

data/stubs/default/test/integration/auth/authentication_test.rb

@@ -8,7 +8,7 @@ class Auth::AuthenticationTest < ActionDispatch::IntegrationTest
   end
 
   test 'users can authenticate using the login screen' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     post login_path, params: {
       email: user.email,
@@ -20,7 +20,7 @@ class Auth::AuthenticationTest < ActionDispatch::IntegrationTest
   end
 
   test 'users cannot authenticate with invalid password' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     post login_path, params: {
       email: user.email,
@@ -31,11 +31,9 @@ class Auth::AuthenticationTest < ActionDispatch::IntegrationTest
   end
 
   test 'users can logout' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
-    acting_as user
-
-    post logout_path
+    acting_as(user).post logout_path
 
     assert_guest
     assert_redirected_to '/'

data/stubs/default/test/integration/auth/email_verification_test.rb

@@ -0,0 +1,40 @@
+require 'test_helper'
+
+class EmailVerificationTest < ActionDispatch::IntegrationTest
+  if User.include?(MustVerifyEmail)
+    test 'email verification screen can be rendered' do
+      user = FactoryBot.create(:user, :unverified)
+
+      acting_as(user).get verification_notice_path
+
+      assert_response :success
+    end
+
+    test 'email can be verified' do
+      user = FactoryBot.create(:user, :unverified)
+
+      acting_as(user).get verification_url(id: user.id, hash: Digest::SHA1.hexdigest(user.email))
+
+      assert user.reload.has_verified_email?
+      assert_redirected_to dashboard_path(verified: '1')
+    end
+
+    test 'email is not verified with invalid hash' do
+      user = FactoryBot.create(:user, :unverified)
+
+      acting_as(user).get verification_url(id: user.id, hash: Digest::SHA1.hexdigest('wrong-email'))
+
+      assert_not user.reload.has_verified_email?
+    end
+  end
+
+  private
+
+  def verification_url(params)
+    verifier = ActiveSupport::MessageVerifier.new(ENV.fetch('RAILS_MASTER_KEY', ''))
+
+    signature = verifier.generate(verification_verify_url(params), expires_in: 60.minutes.from_now.to_i)
+
+    verification_verify_url(params.merge(signature: signature))
+  end
+end

data/stubs/default/test/integration/auth/password_reset_test.rb

@@ -8,7 +8,7 @@ class Auth::PasswordResetTest < ActionDispatch::IntegrationTest
   end
 
   test 'reset password link can be requested' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
     token = user.generate_token_for(:password_reset)
     email = UserMailer.with(user: user, token: token).reset_password
 
@@ -20,7 +20,7 @@ class Auth::PasswordResetTest < ActionDispatch::IntegrationTest
   end
 
   test 'reset password screen can be rendered' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     get password_reset_path(token: user.generate_token_for(:password_reset))
 
@@ -28,7 +28,7 @@ class Auth::PasswordResetTest < ActionDispatch::IntegrationTest
   end
 
   test 'password can be reset_with_valid_token' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     post password_store_path, params: {
       token: user.generate_token_for(:password_reset),

data/stubs/default/test/integration/password_update_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 
 class PasswordUpdateTest < ActionDispatch::IntegrationTest
   test 'password can be updated' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     acting_as(user).put password_update_path, params: {
       current_password: 'password',
@@ -15,7 +15,7 @@ class PasswordUpdateTest < ActionDispatch::IntegrationTest
   end
 
   test 'correct password must be provided to update password' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     acting_as(user).put password_update_path, params: {
       current_password: 'wrong-password',

data/stubs/default/test/integration/profile_test.rb

@@ -2,7 +2,7 @@ require 'test_helper'
 
 class ProfileTest < ActionDispatch::IntegrationTest
   test 'profile page is displayed' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     acting_as(user).get profile_edit_path
 
@@ -10,7 +10,7 @@ class ProfileTest < ActionDispatch::IntegrationTest
   end
 
   test 'profile information can be updated' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     acting_as(user).patch profile_edit_path, params: {
       name: 'Test User',
@@ -25,8 +25,20 @@ class ProfileTest < ActionDispatch::IntegrationTest
     assert_equal 'test@example.com', user.email
   end
 
+  test 'email verification status is unchanged when the email address is unchanged' do
+    user = FactoryBot.create(:user)
+
+    acting_as(user).patch profile_edit_path, params: {
+      name: 'Test User',
+      email: user.email
+    }
+
+    assert_redirected_to profile_edit_path
+    assert_not user.reload.email_verified_at.blank?
+  end
+
   test 'user can delete their account' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     acting_as(user).delete profile_destroy_path, params: {
       password: 'password'
@@ -39,7 +51,7 @@ class ProfileTest < ActionDispatch::IntegrationTest
   end
 
   test 'correct password must be provided to delete account' do
-    user = FactoryBot.create :user
+    user = FactoryBot.create(:user)
 
     acting_as(user).delete profile_destroy_path, params: {
       password: 'wrong-password'

data/stubs/hotwire/app/components/modal_component.rb

@@ -3,11 +3,11 @@ class ModalComponent < ViewComponent::Base
     @name = attributes[:name]
     @show = attributes[:show] || false
     @max_width = {
-      :sm => 'sm:max-w-sm',
-      :md => 'sm:max-w-md',
-      :lg => 'sm:max-w-lg',
-      :xl => 'sm:max-w-xl',
-      '2xl' => 'sm:max-w-2xl'
+      sm: 'sm:max-w-sm',
+      md: 'sm:max-w-md',
+      lg: 'sm:max-w-lg',
+      xl: 'sm:max-w-xl',
+      '2xl': 'sm:max-w-2xl'
     }[attributes[:max_width] || '2xl']
     @attributes = attributes.without(:name, :show, :max_width)
   end

data/stubs/hotwire/app/controllers/auth/authenticated_session_controller.rb

@@ -2,7 +2,8 @@ class Auth::AuthenticatedSessionController < ApplicationController
   include RedirectIfAuthenticated
 
   skip_authenticate only: %i[new create]
-  skip_redirect_if_authenticated only: %i[destroy]
+  skip_redirect_if_authenticated only: :destroy
+  skip_ensure_email_is_verified only: :destroy
 
   layout 'guest'
 
@@ -13,7 +14,7 @@ class Auth::AuthenticatedSessionController < ApplicationController
   end
 
   def create
-    @form = Auth::LoginForm.new params.permit(:email, :password, :remember)
+    @form = Auth::LoginForm.new(params.permit(:email, :password, :remember))
 
     @form.authenticate
 

data/stubs/hotwire/app/controllers/auth/email_verification_notification_controller.rb

@@ -0,0 +1,21 @@
+class Auth::EmailVerificationNotificationController < ApplicationController
+  skip_ensure_email_is_verified
+
+  before_action { redirect_to dashboard_path unless User.include?(MustVerifyEmail) }
+
+  layout 'guest'
+
+  def new
+    return redirect_to dashboard_path if Current.auth.user.has_verified_email?
+
+    render 'auth/verify_email'
+  end
+
+  def create
+    return redirect_to dashboard_path if Current.auth.user.has_verified_email?
+
+    Current.auth.user.send_email_verification_notification
+
+    redirect_back_or_to verification_notice_path, flash: { status: 'verification-link-sent' }
+  end
+end

data/stubs/hotwire/app/controllers/auth/new_password_controller.rb

@@ -6,13 +6,13 @@ class Auth::NewPasswordController < ApplicationController
   layout 'guest'
 
   def new
-    @form = Auth::NewPasswordForm.new params.permit(:token)
+    @form = Auth::NewPasswordForm.new(params.permit(:token))
 
     render 'auth/reset_password'
   end
 
   def create
-    @form = Auth::NewPasswordForm.new params.permit(:token, :password, :password_confirmation)
+    @form = Auth::NewPasswordForm.new(params.permit(:token, :password, :password_confirmation))
 
     return redirect_to login_path, flash: { status: 'Your password has been reset.' } if @form.reset?
 

data/stubs/hotwire/app/controllers/auth/password_reset_link_controller.rb

@@ -12,7 +12,7 @@ class Auth::PasswordResetLinkController < ApplicationController
   end
 
   def create
-    @form = Auth::SendPasswordResetLinkForm.new params.permit(:email)
+    @form = Auth::SendPasswordResetLinkForm.new(params.permit(:email))
 
     return redirect_back_or_to password_request_path, flash: { status: 'We have emailed your password reset link.' } if @form.send_reset_link?
 

data/stubs/hotwire/app/controllers/auth/registered_user_controller.rb

@@ -12,13 +12,17 @@ class Auth::RegisteredUserController < ApplicationController
   end
 
   def create
-    @form = Auth::RegisterForm.new params.permit(:name, :email, :password, :password_confirmation)
+    @form = Auth::RegisterForm.new(params.permit(:name, :email, :password, :password_confirmation))
 
     return render 'auth/register', status: :unprocessable_entity if @form.invalid?
 
     user = User.create(name: @form.name, email: @form.email, password: @form.password)
 
-    Current.auth.login user
+    if User.include?(MustVerifyEmail) && !user.has_verified_email?
+      user.send_email_verification_notification
+    end
+
+    Current.auth.login(user)
 
     redirect_to dashboard_path
   end

data/stubs/hotwire/app/controllers/auth/verified_email_controller.rb

@@ -0,0 +1,23 @@
+class Auth::VerifiedEmailController < ApplicationController
+  include ValidateSignature
+
+  skip_ensure_email_is_verified
+
+  before_action { redirect_to dashboard_path unless User.include?(MustVerifyEmail) }
+
+  def create
+    return redirect_to dashboard_path(verified: '1') if Current.auth.user.has_verified_email?
+
+    Current.auth.user.mark_email_as_verified if email_verification_request_is_authorized?
+
+    redirect_to dashboard_path(verified: '1')
+  end
+
+  private
+
+  def email_verification_request_is_authorized?
+    return false if !ActiveSupport::SecurityUtils.secure_compare Current.auth.user.id.to_s, params[:id]
+
+    ActiveSupport::SecurityUtils.secure_compare Digest::SHA1.hexdigest(Current.auth.user.email), params[:hash]
+  end
+end

data/stubs/hotwire/app/controllers/concerns/authenticate.rb

@@ -3,11 +3,17 @@ module Authenticate
 
   included do
     before_action :authenticate!
+    before_action :ensure_email_is_verified! if User.include?(MustVerifyEmail)
   end
 
   class_methods do
     def skip_authenticate(**options)
       skip_before_action :authenticate!, **options
+      skip_ensure_email_is_verified(**options)
+    end
+
+    def skip_ensure_email_is_verified(**options)
+      skip_before_action :ensure_email_is_verified!, **options if User.include?(MustVerifyEmail)
     end
   end
 
@@ -16,4 +22,8 @@ module Authenticate
   def authenticate!
     redirect_to login_path unless Current.auth.check?
   end
+
+  def ensure_email_is_verified!
+    redirect_to verification_notice_path unless Current.auth.user && Current.auth.user.has_verified_email?
+  end
 end

data/stubs/hotwire/app/controllers/concerns/validate_signature.rb

@@ -0,0 +1,17 @@
+module ValidateSignature
+  extend ActiveSupport::Concern
+
+  included do
+    before_action do
+      render file: "#{Rails.root}/public/404.html", layout: false, status: :not_found unless has_valid_signature?
+    end
+  end
+
+  private
+
+  def has_valid_signature?
+    request.original_url.split('?')[0] == ActiveSupport::MessageVerifier.new(ENV.fetch('RAILS_MASTER_KEY', '')).verify(params[:signature])
+  rescue
+    false
+  end
+end

data/stubs/hotwire/app/controllers/password_controller.rb

@@ -1,6 +1,8 @@
 class PasswordController < ApplicationController
+  skip_ensure_email_is_verified
+
   def update
-    @update_password_form = UpdatePasswordForm.new params.permit(:current_password, :password, :password_confirmation)
+    @update_password_form = UpdatePasswordForm.new(params.permit(:current_password, :password, :password_confirmation))
 
     return render partial: 'profile/partials/update_password_form', status: :unprocessable_entity if @update_password_form.invalid?
 

data/stubs/hotwire/app/controllers/profile_controller.rb

@@ -1,4 +1,6 @@
 class ProfileController < ApplicationController
+  skip_ensure_email_is_verified
+
   def edit
     @update_profile_information_form = UpdateProfileInformationForm.new(name: Current.auth.user.name, email: Current.auth.user.email)
     @update_password_form = UpdatePasswordForm.new
@@ -8,17 +10,17 @@ class ProfileController < ApplicationController
   end
 
   def update
-    @update_profile_information_form = UpdateProfileInformationForm.new params.permit(:name, :email)
+    @update_profile_information_form = UpdateProfileInformationForm.new(params.permit(:name, :email))
 
     return render partial: 'profile/partials/update_profile_information_form', status: :unprocessable_entity if @update_profile_information_form.invalid?
 
-    Current.auth.user.update(name: @update_profile_information_form.name, email: @update_profile_information_form.email)
+    @update_profile_information_form.update
 
     redirect_to profile_edit_path, flash: { status: 'profile-updated' }
   end
 
   def destroy
-    @delete_user_form = DeleteUserForm.new params.permit(:password)
+    @delete_user_form = DeleteUserForm.new(params.permit(:password))
 
     return render partial: 'profile/partials/delete_user_form', status: :unprocessable_entity if @delete_user_form.invalid?