maquina-generators 0.1.0

data/lib/generators/maquina/clave/templates/app/controllers/session/verifications_controller.rb.tt

@@ -0,0 +1,55 @@
+class Session::VerificationsController < ApplicationController
+  allow_unauthenticated_access
+  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_verification_path, alert: t("flash.general.rate_limited") }
+
+  # GET /session/verification/new
+  def new
+    @verification = EmailVerification.find_by(id: session[:pending_verification_id])
+    @email = @verification&.email || session[:pending_login_email]
+    redirect_to new_session_path unless @email
+  end
+
+  # POST /session/verification
+  def create
+    @verification = EmailVerification.find_by(id: session[:pending_verification_id])
+    @email = @verification&.email || session[:pending_login_email]
+
+    # Generic error if no verification (user doesn't exist or blocked)
+    unless @verification
+      flash.now[:alert] = t("flash.sessions.invalid_code")
+      render :new, status: :unprocessable_entity
+      return
+    end
+
+    if @verification.expired?
+      flash.now[:alert] = t("flash.sessions.code_expired")
+      render :new, status: :unprocessable_entity
+      return
+    end
+
+    if @verification.code != params[:code]&.upcase&.strip
+      @verification.increment!(:attempts)
+      Rails.logger.warn "[AUTH] Invalid verification code attempt for #{@email} from #{request.remote_ip} (attempt #{@verification.attempts})"
+      flash.now[:alert] = t("flash.sessions.invalid_code")
+      render :new, status: :unprocessable_entity
+      return
+    end
+
+    user = User.find_by(email_address: @verification.email)
+
+    # Double-check user exists and not blocked
+    if user.nil? || user.blocked?
+      flash.now[:alert] = t("flash.sessions.invalid_code")
+      render :new, status: :unprocessable_entity
+      return
+    end
+
+    @verification.mark_verified!
+    session.delete(:pending_verification_id)
+    session.delete(:pending_login_email)
+
+    Rails.logger.info "[AUTH] Successful login for #{user.email_address} from #{request.remote_ip}"
+    start_new_session_for(user)
+    redirect_to after_authentication_url, notice: t("flash.sessions.create.success")
+  end
+end

data/lib/generators/maquina/clave/templates/app/controllers/sessions_controller.rb.tt

@@ -0,0 +1,56 @@
+class SessionsController < ApplicationController
+  allow_unauthenticated_access only: %i[new create]
+  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: t("flash.general.rate_limited") }
+
+  # GET /session/new
+  def new
+  end
+
+  # POST /session
+  def create
+    email = params[:email_address]&.downcase&.strip
+    user = User.find_by(email_address: email)
+
+    # Check cooldown regardless of user existence
+    recent_verification = EmailVerification.for_email(email).recent.first
+    if recent_verification
+      session[:pending_verification_id] = recent_verification.id
+      session[:pending_login_email] = email
+      redirect_to new_session_verification_path,
+        notice: t("flash.sessions.code_already_sent", minutes: recent_verification.minutes_until_resend)
+      return
+    end
+
+    if user && !user.blocked?
+      # User exists and not blocked - send verification
+      verification = EmailVerification.create!(
+        email: email,
+        code: SecureRandom.hex(3).upcase,
+        verification_type: "login",
+        locale: user.locale || I18n.default_locale.to_s,
+        expires_at: 15.minutes.from_now
+      )
+
+      Rails.logger.info "[AUTH] Verification code sent for login #{email} from #{request.remote_ip}"
+      VerificationMailer.verification_code(verification).deliver_later
+      session[:pending_verification_id] = verification.id
+    else
+      # No user OR blocked - don't send email, but show same UI
+      if user&.blocked?
+        Rails.logger.info "[AUTH] Login attempted for blocked user #{email} from #{request.remote_ip}"
+      else
+        Rails.logger.info "[AUTH] Login attempted for non-existent email #{email} from #{request.remote_ip}"
+      end
+      session[:pending_login_email] = email
+    end
+
+    redirect_to new_session_verification_path
+  end
+
+  # DELETE /session
+  def destroy
+    Rails.logger.info "[AUTH] Logout for user #{Current.session.user.email_address} from #{request.remote_ip}"
+    terminate_session
+    redirect_to new_session_path, notice: t("flash.sessions.destroy.success"), status: :see_other
+  end
+end

data/lib/generators/maquina/clave/templates/app/helpers/authentication_helper.rb.tt

@@ -0,0 +1,20 @@
+module AuthenticationHelper
+  # Masks an email address for privacy display
+  # "mario@example.com" -> "ma***@example.com"
+  # "jo@example.com" -> "j*@example.com"
+  # "a@example.com" -> "a@example.com"
+  def mask_email(email)
+    return "" if email.blank?
+
+    local, domain = email.split("@")
+    return email if local.nil? || domain.nil?
+
+    masked_local = if local.length <= 2
+      local[0] + "*" * (local.length - 1)
+    else
+      local[0..1] + "*" * (local.length - 2)
+    end
+
+    "#{masked_local}@#{domain}"
+  end
+end

data/lib/generators/maquina/clave/templates/app/jobs/authentication_cleanup_job.rb.tt

@@ -0,0 +1,13 @@
+class AuthenticationCleanupJob < ApplicationJob
+  queue_as :default
+
+  def perform
+    # Delete email verifications older than 24 hours
+    old_verifications_count = EmailVerification.where("created_at < ?", 24.hours.ago).delete_all
+    Rails.logger.info "AuthenticationCleanupJob: Deleted #{old_verifications_count} old email verifications"
+
+    # Delete expired sessions
+    expired_sessions_count = Session.cleanup_expired!
+    Rails.logger.info "AuthenticationCleanupJob: Deleted #{expired_sessions_count} expired sessions"
+  end
+end

data/lib/generators/maquina/clave/templates/app/mailers/verification_mailer.rb.tt

@@ -0,0 +1,15 @@
+class VerificationMailer < ApplicationMailer
+  default from: "App <noreply@example.com>"
+
+  def verification_code(email_verification)
+    @verification = email_verification
+    locale = email_verification.locale || I18n.default_locale.to_s
+
+    I18n.with_locale(locale) do
+      mail(
+        to: email_verification.email,
+        subject: I18n.t("verification_mailer.verification_code.subject")
+      )
+    end
+  end
+end

data/lib/generators/maquina/clave/templates/app/models/current.rb.tt

@@ -0,0 +1,4 @@
+class Current < ActiveSupport::CurrentAttributes
+  attribute :session
+  delegate :user, to: :session, allow_nil: true
+end

data/lib/generators/maquina/clave/templates/app/models/email_verification.rb.tt

@@ -0,0 +1,40 @@
+class EmailVerification < ApplicationRecord
+  VERIFICATION_TYPES = %w[signup login].freeze
+  COOLDOWN_MINUTES = 15
+
+  validates :email, presence: true, format: {with: URI::MailTo::EMAIL_REGEXP}
+  validates :code, presence: true
+  validates :verification_type, presence: true, inclusion: {in: VERIFICATION_TYPES}
+  validates :expires_at, presence: true
+
+  normalizes :email, with: ->(email) { email.strip.downcase }
+  normalizes :code, with: ->(code) { code.strip.upcase }
+
+  scope :pending, -> { where(verified_at: nil) }
+  scope :expired, -> { where("expires_at < ?", Time.current) }
+  scope :active, -> { pending.where("expires_at >= ?", Time.current) }
+  scope :for_email, ->(email) { where("LOWER(email) = ?", email.to_s.downcase) }
+  scope :recent, -> { pending.where("created_at > ?", COOLDOWN_MINUTES.minutes.ago) }
+
+  def expired?
+    expires_at < Time.current
+  end
+
+  def verified?
+    verified_at.present?
+  end
+
+  def can_resend?
+    created_at <= COOLDOWN_MINUTES.minutes.ago
+  end
+
+  def minutes_until_resend
+    return 0 if can_resend?
+
+    ((created_at + COOLDOWN_MINUTES.minutes - Time.current) / 60).ceil
+  end
+
+  def mark_verified!
+    update!(verified_at: Time.current)
+  end
+end

data/lib/generators/maquina/clave/templates/app/models/session.rb.tt

@@ -0,0 +1,18 @@
+class Session < ApplicationRecord
+  belongs_to :user
+
+  scope :active, -> { where("expires_at > ? OR expires_at IS NULL", Time.current) }
+  scope :expired, -> { where("expires_at <= ? AND expires_at IS NOT NULL", Time.current) }
+
+  def self.cleanup_expired!
+    expired.delete_all
+  end
+
+  def expired?
+    expires_at.present? && expires_at < Time.current
+  end
+
+  def active?
+    !expired?
+  end
+end

data/lib/generators/maquina/clave/templates/app/models/user.rb.tt

@@ -0,0 +1,38 @@
+class User < ApplicationRecord
+  has_secure_password
+  has_many :sessions, dependent: :destroy
+
+  normalizes :email_address, with: ->(e) { e.strip.downcase }
+
+  validates :email_address, uniqueness: true
+  validate :email_cannot_contain_plus
+
+  scope :active, -> { where(blocked_at: nil) }
+  scope :blocked, -> { where.not(blocked_at: nil) }
+
+  def self.generate_secure_password
+    SecureRandom.hex(10)
+  end
+
+  def blocked?
+    blocked_at.present?
+  end
+
+  def block!(reason: nil)
+    update!(blocked_at: Time.current, blocked_reason: reason)
+  end
+
+  def unblock!
+    update!(blocked_at: nil, blocked_reason: nil)
+  end
+
+  private
+
+  def email_cannot_contain_plus
+    return if email_address.blank?
+
+    if email_address.include?("+")
+      errors.add(:email_address, :plus_not_allowed)
+    end
+  end
+end

data/lib/generators/maquina/clave/templates/app/views/registration/verifications/new.html.erb.tt

@@ -0,0 +1,42 @@
+<div class="flex flex-1 items-center justify-center px-4 py-8">
+  <div class="w-full max-w-md">
+    <div class="bg-white rounded-xl shadow-sm border border-slate-200 p-8">
+      <h1 class="text-2xl font-bold text-slate-800 text-center mb-4">
+        <%%= t(".title") %>
+      </h1>
+
+      <p class="text-center text-slate-600 mb-8">
+        <%%= t(".sent_to", email: mask_email(@email)) %>
+      </p>
+
+      <%%= form_with url: registration_verification_path, method: :post, class: "space-y-6" do |form| %>
+        <div>
+          <%%= form.label :code, t(".enter_code"), class: "block text-sm font-medium text-slate-700 mb-2 text-center" %>
+          <%%= form.text_field :code,
+                              required: true,
+                              autofocus: true,
+                              maxlength: 6,
+                              autocomplete: "one-time-code",
+                              inputmode: "text",
+                              placeholder: "ABC123",
+                              class: "w-full px-4 py-4 text-center text-2xl font-mono tracking-widest uppercase border border-slate-300 rounded-lg focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 transition-colors" %>
+        </div>
+
+        <p class="text-sm text-slate-500 text-center">
+          <%%= t(".check_spam") %>
+        </p>
+
+        <div>
+          <%%= form.submit t(".submit"), class: "w-full px-4 py-3 text-base font-medium text-white bg-indigo-600 hover:bg-indigo-700 rounded-lg transition-colors cursor-pointer" %>
+        </div>
+      <%% end %>
+
+      <div class="mt-6 text-center">
+        <p class="text-sm text-slate-500 mb-2">
+          <%%= t(".didnt_receive") %>
+        </p>
+        <%%= button_to t(".resend"), registration_verification_resend_path, method: :post, class: "text-sm font-medium text-indigo-600 hover:text-indigo-500" %>
+      </div>
+    </div>
+  </div>
+</div>

data/lib/generators/maquina/clave/templates/app/views/registrations/new.html.erb.tt

@@ -0,0 +1,38 @@
+<div class="flex flex-1 items-center justify-center px-4 py-8">
+  <div class="w-full max-w-md">
+    <div class="bg-white rounded-xl shadow-sm border border-slate-200 p-8">
+      <h1 class="text-2xl font-bold text-slate-800 text-center mb-8">
+        <%%= t(".title") %>
+      </h1>
+
+      <%%= form_with url: registration_path, method: :post, class: "space-y-6" do |form| %>
+        <div>
+          <%%= form.label :email_address, t(".email"), class: "block text-sm font-medium text-slate-700 mb-2" %>
+          <%%= form.email_field :email_address,
+                               required: true,
+                               autofocus: true,
+                               autocomplete: "email",
+                               placeholder: t(".email_placeholder"),
+                               class: "w-full px-4 py-3 border border-slate-300 rounded-lg focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 transition-colors" %>
+        </div>
+
+        <p class="text-sm text-slate-600">
+          <%%= t(".email_instructions") %>
+        </p>
+
+        <p class="text-sm text-slate-500">
+          <%%= t(".spam_note") %>
+        </p>
+
+        <div>
+          <%%= form.submit t(".submit"), class: "w-full px-4 py-3 text-base font-medium text-white bg-indigo-600 hover:bg-indigo-700 rounded-lg transition-colors cursor-pointer" %>
+        </div>
+      <%% end %>
+
+      <p class="mt-6 text-center text-sm text-slate-500">
+        <%%= t(".have_account") %>
+        <%%= link_to t(".sign_in"), new_session_path, class: "font-medium text-indigo-600 hover:text-indigo-500" %>
+      </p>
+    </div>
+  </div>
+</div>

data/lib/generators/maquina/clave/templates/app/views/session/verifications/new.html.erb.tt

@@ -0,0 +1,42 @@
+<div class="flex flex-1 items-center justify-center px-4 py-8">
+  <div class="w-full max-w-md">
+    <div class="bg-white rounded-xl shadow-sm border border-slate-200 p-8">
+      <h1 class="text-2xl font-bold text-slate-800 text-center mb-4">
+        <%%= t(".title") %>
+      </h1>
+
+      <p class="text-center text-slate-600 mb-8">
+        <%%= t(".sent_to", email: mask_email(@email)) %>
+      </p>
+
+      <%%= form_with url: session_verification_path, method: :post, class: "space-y-6" do |form| %>
+        <div>
+          <%%= form.label :code, t(".enter_code"), class: "block text-sm font-medium text-slate-700 mb-2 text-center" %>
+          <%%= form.text_field :code,
+                              required: true,
+                              autofocus: true,
+                              maxlength: 6,
+                              autocomplete: "one-time-code",
+                              inputmode: "text",
+                              placeholder: "ABC123",
+                              class: "w-full px-4 py-4 text-center text-2xl font-mono tracking-widest uppercase border border-slate-300 rounded-lg focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 transition-colors" %>
+        </div>
+
+        <p class="text-sm text-slate-500 text-center">
+          <%%= t(".check_spam") %>
+        </p>
+
+        <div>
+          <%%= form.submit t(".submit"), class: "w-full px-4 py-3 text-base font-medium text-white bg-indigo-600 hover:bg-indigo-700 rounded-lg transition-colors cursor-pointer" %>
+        </div>
+      <%% end %>
+
+      <div class="mt-6 text-center">
+        <p class="text-sm text-slate-500 mb-2">
+          <%%= t(".didnt_receive") %>
+        </p>
+        <%%= button_to t(".resend"), session_verification_resend_path, method: :post, class: "text-sm font-medium text-indigo-600 hover:text-indigo-500" %>
+      </div>
+    </div>
+  </div>
+</div>

data/lib/generators/maquina/clave/templates/app/views/sessions/new.html.erb.tt

@@ -0,0 +1,39 @@
+<div class="flex flex-1 items-center justify-center px-4 py-8">
+  <div class="w-full max-w-md">
+    <div class="bg-white rounded-xl shadow-sm border border-slate-200 p-8">
+      <h1 class="text-2xl font-bold text-slate-800 text-center mb-8">
+        <%%= t(".title") %>
+      </h1>
+
+      <%%= form_with url: session_path, method: :post, class: "space-y-6" do |form| %>
+        <div>
+          <%%= form.label :email_address, t(".email"), class: "block text-sm font-medium text-slate-700 mb-2" %>
+          <%%= form.email_field :email_address,
+                               required: true,
+                               autofocus: true,
+                               autocomplete: "email",
+                               placeholder: t(".email_placeholder"),
+                               value: params[:email_address],
+                               class: "w-full px-4 py-3 border border-slate-300 rounded-lg focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 transition-colors" %>
+        </div>
+
+        <p class="text-sm text-slate-600">
+          <%%= t(".email_instructions") %>
+        </p>
+
+        <p class="text-sm text-slate-500">
+          <%%= t(".spam_note") %>
+        </p>
+
+        <div>
+          <%%= form.submit t(".submit"), class: "w-full px-4 py-3 text-base font-medium text-white bg-indigo-600 hover:bg-indigo-700 rounded-lg transition-colors cursor-pointer" %>
+        </div>
+      <%% end %>
+
+      <p class="mt-6 text-center text-sm text-slate-500">
+        <%%= t(".no_account") %>
+        <%%= link_to t(".sign_up"), new_registration_path, class: "font-medium text-indigo-600 hover:text-indigo-500" %>
+      </p>
+    </div>
+  </div>
+</div>

data/lib/generators/maquina/clave/templates/app/views/verification_mailer/verification_code.html.erb.tt

@@ -0,0 +1,37 @@
+<div style="max-width: 600px; margin: 0 auto; padding: 40px 20px; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;">
+  <div style="background-color: #ffffff; border-radius: 8px; padding: 40px; box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);">
+    <!-- Logo -->
+    <div style="text-align: center; margin-bottom: 32px;">
+      <span style="font-size: 28px; font-weight: 700; color: #4F46E5;"><%%= Rails.application.class.module_parent_name %></span>
+    </div>
+
+    <!-- Title -->
+    <h1 style="text-align: center; font-size: 24px; font-weight: 600; color: #1f2937; margin-bottom: 24px;">
+      <%%= t("verification_mailer.verification_code.title") %>
+    </h1>
+
+    <!-- Instructions -->
+    <p style="text-align: center; font-size: 16px; color: #4b5563; margin-bottom: 32px;">
+      <%%= t("verification_mailer.verification_code.instructions") %>
+    </p>
+
+    <!-- Code Display -->
+    <div style="background-color: #f3f4f6; border-radius: 8px; padding: 24px; text-align: center; margin-bottom: 32px;">
+      <span style="font-family: 'Courier New', Courier, monospace; font-size: 36px; font-weight: 700; letter-spacing: 8px; color: #1f2937;">
+        <%%= @verification.code %>
+      </span>
+    </div>
+
+    <!-- Expiry Note -->
+    <p style="text-align: center; font-size: 14px; color: #6b7280; margin-bottom: 32px;">
+      <%%= t("verification_mailer.verification_code.expires_in") %>
+    </p>
+
+    <!-- Ignore Note -->
+    <div style="border-top: 1px solid #e5e7eb; padding-top: 24px;">
+      <p style="text-align: center; font-size: 13px; color: #9ca3af;">
+        <%%= t("verification_mailer.verification_code.ignore_if_not_you") %>
+      </p>
+    </div>
+  </div>
+</div>

data/lib/generators/maquina/clave/templates/app/views/verification_mailer/verification_code.text.erb.tt

@@ -0,0 +1,11 @@
+<%%= t("verification_mailer.verification_code.title") %>
+
+<%%= t("verification_mailer.verification_code.instructions") %>
+
+<%%= @verification.code %>
+
+<%%= t("verification_mailer.verification_code.expires_in") %>
+
+---
+
+<%%= t("verification_mailer.verification_code.ignore_if_not_you") %>

data/lib/generators/maquina/clave/templates/config/locales/clave.en.yml

@@ -0,0 +1,101 @@
+en:
+  flash:
+    sessions:
+      create:
+        success: "You have signed in successfully."
+      destroy:
+        success: "You have signed out successfully."
+      code_sent: "We sent you a verification code."
+      invalid_code: "The code is incorrect. Please try again."
+      code_expired: "The code has expired. Request a new one."
+      code_resent: "We sent you a new code."
+      cooldown: "You must wait %{minutes} minutes before requesting another code."
+      code_already_sent: "We already sent you a code. Check your email (including spam). You can request a new one in %{minutes} minutes."
+    registrations:
+      create:
+        success: "Your account has been created. Welcome!"
+      code_sent: "We sent a verification code to your email."
+      email_plus_not_allowed: "Email addresses with '+' are not allowed. Use your main email without aliases."
+      email_taken: "An account with this email already exists. Would you like to sign in?"
+      invalid_code: "The code is incorrect. Please try again."
+      code_expired: "The code has expired. Request a new one."
+      code_resent: "We sent you a new code."
+      cooldown: "You must wait %{minutes} minutes before requesting another code."
+      code_already_sent: "We already sent you a code. Check your email (including spam). You can request a new one in %{minutes} minutes."
+    general:
+      unauthorized: "You must sign in to access this page."
+      forbidden: "You are not authorized to perform this action."
+      not_found: "The resource you're looking for doesn't exist."
+      rate_limited: "Too many attempts. Please wait a few minutes and try again."
+
+  sessions:
+    new:
+      title: "Sign in"
+      email: "Email address"
+      email_placeholder: "you@example.com"
+      email_instructions: "Enter your email and we'll send you a 6-digit code."
+      spam_note: "Check your spam folder if you don't receive the email."
+      submit: "Send code"
+      no_account: "Don't have an account?"
+      sign_up: "Sign up"
+
+  session:
+    verifications:
+      new:
+        title: "Verify your identity"
+        sent_to: "If you have an account, we sent a code to %{email}"
+        enter_code: "Enter the code"
+        submit: "Sign in"
+        check_spam: "Check your spam folder."
+        didnt_receive: "Didn't receive the code?"
+        resend: "Resend code"
+
+  registrations:
+    new:
+      title: "Create account"
+      email: "Email address"
+      email_placeholder: "you@example.com"
+      email_instructions: "Enter your email address. We'll send you a 6-digit code to verify your account."
+      spam_note: "Check your spam folder if you don't receive the email."
+      submit: "Send code"
+      have_account: "Already have an account?"
+      sign_in: "Sign in"
+
+  registration:
+    verifications:
+      new:
+        title: "Verify your email"
+        sent_to: "We sent a 6-digit code to %{email}"
+        enter_code: "Enter the code"
+        submit: "Verify"
+        check_spam: "Check your spam folder if you don't receive it."
+        didnt_receive: "Didn't receive the code?"
+        resend: "Resend code"
+
+  verification_mailer:
+    verification_code:
+      subject: "Your verification code"
+      title: "Verification code"
+      instructions: "Enter this code to continue:"
+      expires_in: "This code expires in 15 minutes."
+      ignore_if_not_you: "If you didn't request this code, you can ignore this email."
+
+  activerecord:
+    models:
+      user:
+        one: "User"
+        other: "Users"
+    attributes:
+      user:
+        email_address: "Email address"
+        name: "Name"
+        password: "Password"
+        locale: "Language"
+        blocked_at: "Blocked at"
+        blocked_reason: "Blocked reason"
+    errors:
+      models:
+        user:
+          attributes:
+            email_address:
+              plus_not_allowed: "Email addresses with '+' are not allowed. Please use your main email without aliases."