RubyGems - propel_authentication - Versions diffs - 0.1.1 - Mend

propel_authentication 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (102) hide show

data/lib/generators/propel_auth/templates/tokens_controller.rb.tt ADDED Viewed

@@ -0,0 +1,96 @@
+<%- if api_versioned? -%>
+# Dynamic API versioning controller - inherits from base controller
+class <%= controller_namespace %>::TokensController < Api::Auth::BaseTokensController
+end
+<%- else -%>
+class <%= controller_namespace %>::TokensController < ApplicationController
+  <%- unless api_only_app? -%>
+  include RackSessionDisable
+  <%- end -%>
+  include PropelAuthentication
+  # POST <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/login
+  def create
+    user = User.find_by(email_address: params[:user][:email_address])
+    if user&.authenticate(params[:user][:password])
+      if user.status == 1  # inactive
+        render json: { error: 'Account is inactive' }, status: :unauthorized
+        return
+      end
+      # Update last login timestamp
+      user.update(last_login_at: Time.current)
+      # Reset failed login attempts on successful login
+      user.reset_failed_attempts! if user.respond_to?(:reset_failed_attempts!)
+      render json: {
+        token: user.generate_jwt_token,
+        user: user_response(user)
+      }, status: :ok
+    else
+      # Increment failed login attempts if user exists and has lockable functionality
+      if user&.respond_to?(:increment_failed_attempts!)
+        user.increment_failed_attempts!
+      end
+      render json: { error: 'Invalid credentials' }, status: :unauthorized
+    end
+  rescue ActionController::ParameterMissing
+    render json: { error: 'Missing required parameters' }, status: :unprocessable_entity
+  end
+  # DELETE <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/logout
+  def destroy
+    # For JWT, logout is handled client-side by removing the token
+    # Server-side logout would require token blacklisting (future enhancement)
+    render json: { message: 'Logged out successfully' }, status: :ok
+  end
+  # GET <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/me
+  def me
+    return unless authenticate_user
+    render json: { user: user_response(current_user) }, status: :ok
+  end
+  def refresh
+    render json: { token: @current_user.generate_jwt_token }
+  end
+  # POST <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/unlock
+  def unlock
+    token = params[:token]
+    if token.blank?
+      render json: { error: 'Token is required' }, status: :unprocessable_entity
+      return
+    end
+    user = User.find_by_unlock_token(token)
+    if user
+      user.unlock_account!
+      render json: { message: 'Account unlocked successfully' }, status: :ok
+    else
+      render json: { error: 'Invalid or expired unlock token' }, status: :unauthorized
+    end
+  rescue => e
+    render json: { error: 'Invalid unlock token' }, status: :unauthorized
+  end
+  private
+  def user_response(user)
+    {
+      id: user.id,
+      email_address: user.email_address,
+      username: user.username,
+      first_name: user.first_name,
+      last_name: user.last_name,
+      organization_id: user.organization_id,
+      last_login_at: user.last_login_at
+    }
+  end
+end
+<%- end -%>

data/lib/generators/propel_auth/templates/user.rb ADDED Viewed

@@ -0,0 +1,21 @@
+class User < ApplicationRecord
+  # Multi-tenant associations
+  belongs_to :organization
+  has_many :invitations, foreign_key: :inviter_id, dependent: :destroy
+  has_many :agents, dependent: :destroy
+  # Validations
+  validates :email_address, presence: true, uniqueness: true
+  validates :username, presence: true, uniqueness: true
+  validates :organization, presence: true
+  # Authentication and security concerns
+  include Authenticatable
+  include Lockable
+  include Recoverable
+  include Confirmable
+  # Future enhancements (Epic 2)
+  # include Invitable
+  # include Statusable
+end

data/lib/generators/propel_auth/templates/user_test.rb.tt ADDED Viewed

@@ -0,0 +1,81 @@
+require "test_helper"
+class UserTest < ActiveSupport::TestCase
+  def setup
+    @organization = Organization.create!(name: "Test Organization")
+    @user_attributes = {
+      email_address: "test@example.com",
+      username: "testuser",
+      password: "password123",
+      organization: @organization
+    }
+  end
+  test "should be valid with all attributes" do
+    user = User.new(@user_attributes)
+    assert user.valid?, "User should be valid with all required attributes"
+  end
+  test "should authenticate with correct password" do
+    user = User.create!(@user_attributes)
+    assert user.authenticate("password123")
+    assert_not user.authenticate("wrongpassword")
+  end
+  test "should not save user without email_address" do
+    user = User.new(@user_attributes.except(:email_address))
+    assert_not user.save, "Saved the user without an email_address"
+  end
+  test "should not save user without username" do
+    user = User.new(@user_attributes.except(:username))
+    assert_not user.save, "Saved the user without a username"
+  end
+  test "should not save user with short password" do
+    user = User.new(@user_attributes.merge(password: "123"))
+    assert_not user.save, "Saved the user with a password that is too short"
+  end
+  test "should generate valid JWT token" do
+    user = User.create!(@user_attributes)
+    token = user.generate_jwt_token
+    assert token.present?, "Should generate JWT token"
+    # Verify token structure
+    assert_equal 3, token.split('.').length, "JWT should have 3 parts"
+    # Verify token content
+    payload = JWT.decode(token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })[0]
+    assert_equal user.id, payload['user_id'], "Token should include user ID"
+    assert_equal user.organization_id, payload['organization_id'], "Token should include organization ID"
+    assert payload['exp'].present?, "Token should include expiration"
+  end
+  test "should validate JWT token and find user" do
+    user = User.create!(@user_attributes)
+    token = user.generate_jwt_token
+    found_user = User.find_by_jwt_token(token)
+    assert_equal user.id, found_user.id, "Should find user by JWT token"
+    assert_equal user.email_address, found_user.email_address, "Should return correct user"
+  end
+  test "should validate email_address uniqueness" do
+    User.create!(@user_attributes)
+    user2 = User.new(@user_attributes.merge(username: "newuser"))
+    assert_not user2.save, "Should not save user with duplicate email_address"
+    assert user2.errors[:email_address].present?, "Should have email_address validation error"
+  end
+  test "should validate password strength" do
+    user = User.new(@user_attributes.merge(password: "weak"))
+    assert_not user.save, "Should not save user with weak password"
+    assert user.errors[:password].present?, "Should have password validation error"
+  end
+end

data/lib/generators/propel_auth/templates/views/auth_mailer/account_unlock.html.erb ADDED Viewed

@@ -0,0 +1,213 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Account Locked - Security Notification</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;
+      line-height: 1.6;
+      color: #333;
+      max-width: 600px;
+      margin: 0 auto;
+      padding: 20px;
+      background-color: #f8f9fa;
+    }
+    .container {
+      background-color: #ffffff;
+      padding: 40px;
+      border-radius: 8px;
+      box-shadow: 0 2px 10px rgba(0, 0, 0, 0.1);
+    }
+    .header {
+      text-align: center;
+      margin-bottom: 30px;
+    }
+    .logo {
+      font-size: 24px;
+      font-weight: bold;
+      color: #007bff;
+      margin-bottom: 10px;
+    }
+    h1 {
+      color: #dc3545;
+      font-size: 28px;
+      margin-bottom: 20px;
+      text-align: center;
+    }
+    .greeting {
+      font-size: 18px;
+      margin-bottom: 20px;
+    }
+    .message {
+      margin-bottom: 30px;
+      line-height: 1.8;
+    }
+    .cta-button {
+      display: inline-block;
+      background-color: #28a745;
+      color: white;
+      padding: 15px 30px;
+      text-decoration: none;
+      border-radius: 5px;
+      font-weight: bold;
+      text-align: center;
+      margin: 20px 0;
+    }
+    .cta-button:hover {
+      background-color: #218838;
+    }
+    .security-notice {
+      background-color: #f8d7da;
+      border: 1px solid #f5c6cb;
+      border-radius: 5px;
+      padding: 20px;
+      margin: 20px 0;
+    }
+    .security-notice h3 {
+      color: #721c24;
+      margin-top: 0;
+    }
+    .warning-notice {
+      background-color: #fff3cd;
+      border: 1px solid #ffeaa7;
+      border-radius: 5px;
+      padding: 20px;
+      margin: 20px 0;
+    }
+    .warning-notice h3 {
+      color: #856404;
+      margin-top: 0;
+    }
+    .expiry-notice {
+      background-color: #d1ecf1;
+      border: 1px solid #bee5eb;
+      border-radius: 5px;
+      padding: 15px;
+      margin: 20px 0;
+      text-align: center;
+    }
+    .footer {
+      margin-top: 40px;
+      padding-top: 20px;
+      border-top: 1px solid #eee;
+      font-size: 14px;
+      color: #666;
+    }
+    .token-info {
+      background-color: #f8f9fa;
+      border: 1px solid #dee2e6;
+      border-radius: 5px;
+      padding: 15px;
+      margin: 20px 0;
+      font-family: monospace;
+      word-break: break-all;
+    }
+    .auto-unlock-info {
+      background-color: #d4edda;
+      border: 1px solid #c3e6cb;
+      border-radius: 5px;
+      padding: 15px;
+      margin: 20px 0;
+    }
+    @media (max-width: 600px) {
+      .container {
+        padding: 20px;
+      }
+      .cta-button {
+        display: block;
+        width: 100%;
+        text-align: center;
+      }
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="header">
+      <div class="logo"><%= @organization_name %></div>
+    </div>
+    <h1>🔒 Account Locked - Security Notification</h1>
+    <div class="greeting">
+      Hello <%= @display_name %>,
+    </div>
+    <div class="security-notice">
+      <h3>🚨 Security Alert</h3>
+      <p><strong>Your account has been temporarily locked</strong> due to multiple failed login attempts.</p>
+      <p>This is an automated security measure to protect your account from unauthorized access.</p>
+    </div>
+    <div class="message">
+      <p><strong>Account Details:</strong></p>
+      <ul>
+        <li><strong>Email:</strong> <%= @user.email_address %></li>
+        <li><strong>Organization:</strong> <%= @organization_name %></li>
+        <li><strong>Lock Time:</strong> <%= @user.locked_at&.strftime("%B %d, %Y at %I:%M %p %Z") %></li>
+      </ul>
+    </div>
+    <div class="warning-notice">
+      <h3>⚠️ What happened?</h3>
+      <p>Your account was locked after multiple failed login attempts. This could be due to:</p>
+      <ul>
+        <li>Forgotten password</li>
+        <li>Someone attempting to access your account</li>
+        <li>Browser auto-fill using an old password</li>
+      </ul>
+    </div>
+    <div class="message">
+      <p><strong>To unlock your account immediately, click the button below:</strong></p>
+    </div>
+    <div style="text-align: center;">
+      <a href="<%= @unlock_url %>" class="cta-button">Unlock My Account</a>
+    </div>
+    <div class="expiry-notice">
+      ⏰ <strong>This unlock link will expire in <%= @expiration_hours %> hour<%= @expiration_hours > 1 ? 's' : '' %></strong> for your security.
+    </div>
+    <div class="auto-unlock-info">
+      <h3>🕐 Automatic Unlock</h3>
+      <p><strong>Don't want to use the link?</strong> Your account will automatically unlock after 30 minutes from the lock time.</p>
+      <p>You can try logging in again after: <strong><%= (@user.locked_at + 30.minutes).strftime("%B %d, %Y at %I:%M %p %Z") %></strong></p>
+    </div>
+    <div class="security-notice">
+      <h3>🛡️ Security Recommendations</h3>
+      <ul>
+        <li><strong>Change your password</strong> if you suspect unauthorized access</li>
+        <li><strong>Use a password manager</strong> to avoid repeated failed attempts</li>
+        <li><strong>Contact support</strong> if you continue having issues</li>
+        <li><strong>Review recent activity</strong> in your account settings</li>
+      </ul>
+    </div>
+    <div class="message">
+      <p><strong>If the button doesn't work, copy and paste this link into your browser:</strong></p>
+      <div class="token-info">
+        <%= @unlock_url %>
+      </div>
+    </div>
+    <div class="footer">
+      <p><strong>Need Help?</strong></p>
+      <p>If you didn't attempt to log in or suspect unauthorized access, please contact our support team immediately at <a href="mailto:<%= @support_email %>"><%= @support_email %></a></p>
+      <p>This security notification was sent to <%= @user.email_address %> for your <%= @organization_name %> account.</p>
+      <hr style="margin: 20px 0; border: none; border-top: 1px solid #eee;">
+      <p style="font-size: 12px; color: #999;">
+        <strong><%= @organization_name %></strong><br>
+        This is an automated security notification. Please do not reply directly to this email.
+      </p>
+    </div>
+  </div>
+</body>
+</html>

data/lib/generators/propel_auth/templates/views/auth_mailer/account_unlock.text.erb ADDED Viewed

@@ -0,0 +1,56 @@
+ACCOUNT LOCKED - SECURITY NOTIFICATION - <%= @organization_name %>
+=========================================================
+Hello <%= @display_name %>,
+🚨 SECURITY ALERT
+------------------
+Your account has been temporarily locked due to multiple failed login attempts.
+This is an automated security measure to protect your account from unauthorized access.
+ACCOUNT DETAILS
+---------------
+• Email: <%= @user.email_address %>
+• Organization: <%= @organization_name %>
+• Lock Time: <%= @user.locked_at&.strftime("%B %d, %Y at %I:%M %p %Z") %>
+⚠️ WHAT HAPPENED?
+------------------
+Your account was locked after multiple failed login attempts. This could be due to:
+• Forgotten password
+• Someone attempting to access your account
+• Browser auto-fill using an old password
+UNLOCK YOUR ACCOUNT IMMEDIATELY
+--------------------------------
+To unlock your account right now, visit this link:
+<%= @unlock_url %>
+⏰ IMPORTANT: This unlock link will expire in <%= @expiration_hours %> hour<%= @expiration_hours > 1 ? 's' : '' %> for your security.
+🕐 AUTOMATIC UNLOCK
+-------------------
+Don't want to use the link? Your account will automatically unlock after 30 minutes from the lock time.
+You can try logging in again after: <%= (@user.locked_at + 30.minutes).strftime("%B %d, %Y at %I:%M %p %Z") %>
+🛡️ SECURITY RECOMMENDATIONS
+----------------------------
+• Change your password if you suspect unauthorized access
+• Use a password manager to avoid repeated failed attempts
+• Contact support if you continue having issues
+• Review recent activity in your account settings
+NEED HELP?
+----------
+If you didn't attempt to log in or suspect unauthorized access, please contact our support team immediately at <%= @support_email %>
+For security reasons, this unlock link can only be used once and will expire in <%= @expiration_hours %> hour<%= @expiration_hours > 1 ? 's' : '' %>.
+---
+<%= @organization_name %>
+This is an automated security notification. Please do not reply directly to this email.
+This security notification was sent to <%= @user.email_address %> for your <%= @organization_name %> account.

data/lib/generators/propel_auth/templates/views/auth_mailer/email_confirmation.html.erb ADDED Viewed

@@ -0,0 +1,213 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <style>
+      /* Reset styles */
+      body {
+        margin: 0;
+        padding: 0;
+        font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
+        font-size: 16px;
+        line-height: 1.6;
+        color: #333;
+        background-color: #f8f9fa;
+      }
+      /* Container */
+      .email-container {
+        max-width: 600px;
+        margin: 0 auto;
+        background-color: #ffffff;
+        border-radius: 8px;
+        box-shadow: 0 2px 8px rgba(0, 0, 0, 0.1);
+        overflow: hidden;
+      }
+      /* Header */
+      .header {
+        background-color: #007bff;
+        color: #ffffff;
+        text-align: center;
+        padding: 30px 20px;
+      }
+      .header h1 {
+        margin: 0;
+        font-size: 28px;
+        font-weight: 300;
+      }
+      /* Content */
+      .content {
+        padding: 40px 30px;
+      }
+      .content h2 {
+        color: #333;
+        font-size: 24px;
+        margin-bottom: 20px;
+        font-weight: 400;
+      }
+      .content p {
+        margin-bottom: 20px;
+        line-height: 1.7;
+      }
+      /* Confirmation button */
+      .confirm-button {
+        display: inline-block;
+        background-color: #28a745;
+        color: #ffffff;
+        text-decoration: none;
+        padding: 15px 30px;
+        border-radius: 5px;
+        font-weight: 600;
+        text-align: center;
+        margin: 20px 0;
+        transition: background-color 0.3s ease;
+      }
+      .confirm-button:hover {
+        background-color: #218838;
+      }
+      /* Token section */
+      .token-section {
+        background-color: #f8f9fa;
+        border-left: 4px solid #007bff;
+        padding: 15px 20px;
+        margin: 20px 0;
+        border-radius: 4px;
+      }
+      .token-code {
+        font-family: 'Monaco', 'Menlo', 'Consolas', monospace;
+        font-size: 14px;
+        color: #6c757d;
+        word-break: break-all;
+      }
+      /* Security info */
+      .security-info {
+        background-color: #fff3cd;
+        border: 1px solid #ffeaa7;
+        border-radius: 4px;
+        padding: 15px;
+        margin: 20px 0;
+      }
+      .security-info h3 {
+        color: #856404;
+        margin: 0 0 10px 0;
+        font-size: 16px;
+      }
+      .security-info p {
+        color: #856404;
+        margin: 0;
+        font-size: 14px;
+      }
+      /* Footer */
+      .footer {
+        background-color: #f8f9fa;
+        padding: 20px 30px;
+        text-align: center;
+        border-top: 1px solid #e9ecef;
+      }
+      .footer p {
+        margin: 0;
+        font-size: 14px;
+        color: #6c757d;
+      }
+      .footer a {
+        color: #007bff;
+        text-decoration: none;
+      }
+      /* Responsive */
+      @media only screen and (max-width: 600px) {
+        .email-container {
+          margin: 0;
+          border-radius: 0;
+        }
+        .content {
+          padding: 30px 20px;
+        }
+        .header {
+          padding: 20px;
+        }
+        .header h1 {
+          font-size: 24px;
+        }
+      }
+    </style>
+  </head>
+  <body>
+    <div class="email-container">
+      <!-- Header -->
+      <div class="header">
+        <h1><%= @organization_name %></h1>
+      </div>
+      <!-- Content -->
+      <div class="content">
+        <h2>Welcome <%= @display_name %>! 👋</h2>
+        <p>Thank you for signing up! To get started, please confirm your email address by clicking the button below:</p>
+        <div style="text-align: center;">
+          <a href="<%= confirmation_url(@user) %>" class="confirm-button">
+            Confirm My Email Address
+          </a>
+        </div>
+        <p>This confirmation link will expire in <strong>24 hours</strong> for security reasons.</p>
+        <!-- Alternative method -->
+        <p>If the button above doesn't work, you can copy and paste this link into your browser:</p>
+        <div class="token-section">
+          <p style="margin: 0;"><strong>Confirmation Link:</strong></p>
+          <p class="token-code"><%= confirmation_url(@user) %></p>
+        </div>
+        <!-- Security information -->
+        <div class="security-info">
+          <h3>🔒 Security Notice</h3>
+          <p>If you didn't create an account with us, please ignore this email. Your email address will not be added to our system.</p>
+        </div>
+        <p>Once confirmed, you'll be able to:</p>
+        <ul>
+          <li>Access your account dashboard</li>
+          <li>Update your profile settings</li>
+          <li>Receive important notifications</li>
+          <li>Take advantage of all platform features</li>
+        </ul>
+        <p>Need help? Feel free to contact our support team.</p>
+      </div>
+      <!-- Footer -->
+      <div class="footer">
+        <p>
+          <strong><%= @organization_name %></strong><br>
+          <a href="mailto:<%= @support_email %>">Contact Support</a> |
+          <a href="<%= unsubscribe_url(@user) if respond_to?(:unsubscribe_url) %>">Unsubscribe</a>
+        </p>
+        <p style="margin-top: 10px; font-size: 12px;">
+          This email was sent to <%= @email_address || @user.email_address %>.
+          If you have questions, contact us at <a href="mailto:<%= @support_email %>"><%= @support_email %></a>.
+        </p>
+      </div>
+    </div>
+  </body>
+</html>