propel_authentication 0.1.1

data/lib/generators/propel_auth/test/generators/authentication/install_generator_test.rb

@@ -0,0 +1,490 @@
+require "test_helper"
+require "rails/generators/test_case"
+require_relative '../../../lib/generators/propel/authentication/install_generator'
+
+class Propel::Authentication::InstallGeneratorTest < Rails::Generators::TestCase
+  tests Propel::Authentication::InstallGenerator
+  
+  setup do
+    self.destination_root = Rails.root.join("tmp/generators", Process.pid.to_s)
+    prepare_destination
+    prepare_rails_app_structure
+    run_generator
+  end
+
+  teardown do
+    FileUtils.rm_rf(destination_root)
+  end
+
+  test "generator creates propel access initializer and configuration file" do
+
+    assert_file "config/initializers/propel_access_configuration.rb" do |content|
+      assert_match(/module PropelAccess/, content)
+      assert_match(/class Configuration/, content)
+      assert_match(/attr_accessor :jwt_secret/, content)
+    end
+
+    assert_file "config/initializers/propel_access.rb" do |content|
+      assert_match(/require_relative 'propel_access_configuration'/, content)
+      assert_match(/PropelAccess\.configure/, content)
+      assert_match(/jwt_secret/, content)
+      assert_match(/jwt_expiration/, content)
+      assert_match(/password_length/, content)
+      assert_match(/24\.hours/, content)
+    end
+  end
+
+  test "generator creates all core models with proper JWT-ready associations" do
+    assert_file "app/models/user.rb" do |content|
+      assert_match(/class User < ApplicationRecord/, content)
+      assert_match(/include Authenticatable/, content)
+      assert_match(/has_many :invitations/, content)
+      assert_match(/belongs_to :organization/, content)
+      # Verify user model is set up for multi-tenant JWT system
+    end
+    
+    assert_file "app/models/organization.rb" do |content|
+      assert_match(/class Organization < ApplicationRecord/, content)
+      assert_match(/has_many :users/, content)
+      assert_match(/has_many :agencies/, content)
+      # Verify organization structure for multi-tenant context
+    end
+    
+    assert_file "app/models/agency.rb" do |content|
+      assert_match(/class Agency < ApplicationRecord/, content)
+      assert_match(/belongs_to :organization/, content)
+      assert_match(/has_many :agents/, content)
+    end
+    
+    assert_file "app/models/agent.rb" do |content|
+      assert_match(/class Agent < ApplicationRecord/, content)
+      assert_match(/belongs_to :agency/, content)
+      assert_match(/belongs_to :user/, content)
+      # Verify agent model connects users to agencies
+    end
+    
+    assert_file "app/models/invitation.rb" do |content|
+      assert_match(/class Invitation < ApplicationRecord/, content)
+      assert_match(/belongs_to :organization/, content)
+      assert_match(/belongs_to :inviter, class_name: 'User'/, content)
+      assert_match(/validates :email_address/, content)
+      # Verify invitation system supports JWT token-based invitations
+    end
+  end
+
+  test "generator creates database seeds file" do
+    assert_file "db/seeds.rb" do |content|
+      assert_match(/# Create test organization and user for authentication testing/, content)
+      assert_match(/organization = Organization\.find_or_create_by!/, content)
+      assert_match(/user = User\.find_or_create_by!/, content)
+    end
+  end
+
+  test "generator creates authenticatable concern with JWT token generation and validation" do
+    assert_file "app/models/concerns/authenticatable.rb" do |content|
+      assert_match(/module Authenticatable/, content)
+      assert_match(/extend ActiveSupport::Concern/, content)
+      assert_match(/has_secure_password/, content)
+      assert_match(/validates :email_address/, content)
+      assert_match(/validates :password/, content)
+      
+      # EPIC 1 REQUIREMENT: JWT token generation functionality
+      assert_match(/def generate_jwt_token/, content)
+      assert_match(/JWT\.encode/, content)
+      
+      # EPIC 1 REQUIREMENT: JWT token validation functionality  
+      assert_match(/class_methods do/, content)
+      assert_match(/def find_by_jwt_token/, content)
+      assert_match(/JWT\.decode/, content)
+    end
+  end
+
+  test "generator creates JWT authentication controller for complete API functionality" do
+    assert_file "app/controllers/auth/tokens_controller.rb" do |content|
+      assert_match(/class Auth::TokensController < ApplicationController/, content)
+      
+      # EPIC 1 REQUIREMENT: Login endpoint
+      assert_match(/def create/, content)
+      assert_match(/POST \/auth\/login/, content)
+      
+      # EPIC 1 REQUIREMENT: Logout endpoint  
+      assert_match(/def destroy/, content)
+      assert_match(/DELETE \/auth\/logout/, content)
+      
+      # EPIC 1 REQUIREMENT: Current user endpoint
+      assert_match(/def me/, content)
+      assert_match(/GET \/auth\/me/, content)
+      
+      # Verify proper JWT authentication middleware
+      assert_match(/include PropelAuthentication/, content)
+      assert_match(/return unless authenticate_user/, content)
+      
+      # Verify proper API response format
+      assert_match(/render json:/, content)
+      assert_match(/status: :unauthorized/, content)
+      assert_match(/status: :unprocessable_entity/, content)
+    end
+  end
+
+  test "generator creates comprehensive migrations with proper database structure for JWT system" do
+    assert_migration "db/migrate/create_users.rb" do |migration|
+      assert_match(/create_table :users/, migration)
+      # Core authentication fields
+      assert_match(/t\.string :email_address, null: false/, migration)
+      assert_match(/t\.string :username, null: false/, migration)
+      assert_match(/t\.string :password_digest, null: false/, migration)
+      assert_match(/t\.string :phone_number/, migration)
+      
+      # User profile fields
+      assert_match(/t\.string :first_name/, migration)
+      assert_match(/t\.string :last_name/, migration)
+      assert_match(/t\.string :time_zone/, migration)
+      
+      # Authentication status fields for JWT system
+      assert_match(/t\.datetime :confirmed_at/, migration)
+      assert_match(/t\.integer :status, default: 0/, migration)
+      assert_match(/t\.datetime :last_login_at/, migration)
+      assert_match(/t\.integer :failed_login_attempts, default: 0/, migration)
+      assert_match(/t\.datetime :locked_at/, migration)
+      
+      # Multi-tenant association
+      assert_match(/t\.references :organization/, migration)
+      
+      # JSON fields for flexible data storage
+      assert_match(/t\.jsonb :meta, default: {}/, migration)
+      assert_match(/t\.jsonb :settings, default: {}/, migration)
+      
+      # Proper indexes for JWT authentication performance
+      assert_match(/add_index :users, :email_address, unique: true/, migration)
+      assert_match(/add_index :users, :username, unique: true/, migration)
+      assert_match(/add_index :users, :phone_number, unique: true/, migration)
+    end
+    
+    assert_migration "db/migrate/create_organizations.rb" do |migration|
+      assert_match(/create_table :organizations/, migration)
+      assert_match(/t\.string :name/, migration)
+      assert_match(/t\.jsonb :settings/, migration)
+      # Verify organization supports multi-tenant JWT context
+    end
+    
+    assert_migration "db/migrate/create_agencies.rb" do |migration|
+      assert_match(/create_table :agencies/, migration)
+      assert_match(/t\.references :organization/, migration)
+      assert_match(/foreign_key: true/, migration)
+      # Verify proper foreign key relationships for multi-tenant system
+    end
+    
+    assert_migration "db/migrate/create_agents.rb" do |migration|
+      assert_match(/create_table :agents/, migration)
+      assert_match(/t\.references :agency/, migration)
+      assert_match(/t\.references :user/, migration)
+      # Verify agent-user relationship for role-based JWT tokens
+    end
+    
+    assert_migration "db/migrate/create_invitations.rb" do |migration|
+      assert_match(/create_table :invitations/, migration)
+      assert_match(/t\.references :organization/, migration)
+      assert_match(/t\.references :inviter/, migration)
+      assert_match(/t\.string :email_address/, migration)
+      assert_match(/t\.integer :status/, migration)
+      # Verify invitation system integrates with JWT authentication
+    end
+  end
+
+  test "generator injects complete JWT authentication routes into routes file" do
+    assert_file "config/routes.rb" do |content|
+      assert_match(/namespace :auth/, content)
+      
+      # EPIC 1 REQUIREMENT: JWT token management routes with explicit declarations
+      assert_match(/post 'login', to: 'tokens#create'/, content)
+      assert_match(/delete 'logout', to: 'tokens#destroy'/, content)
+      assert_match(/get 'me', to: 'tokens#me'/, content)
+      
+      # EPIC 1 REQUIREMENT: Password reset routes
+      assert_match(/post 'reset', to: 'passwords#create'/, content)
+      assert_match(/get 'reset', to: 'passwords#show'/, content)
+      assert_match(/patch 'reset', to: 'passwords#update'/, content)
+      
+      # Verify no session-based routes (JWT-first approach)
+      assert_no_match(/sessions/, content)
+    end
+  end
+  
+  test "generator adds required JWT and authentication gems to Gemfile" do
+    assert_file "Gemfile" do |content|
+      # EPIC 1 REQUIREMENT: Core authentication gems
+      assert_match(/gem ['"]bcrypt['"]/, content)
+      assert_match(/gem ['"]jwt['"]/, content)
+      
+      # Verify gem versions are specified for security
+      assert_match(/bcrypt['"], ['"]~>/, content)
+      assert_match(/jwt['"], ['"]~>/, content)
+    end
+  end
+
+  test "generator creates functional model tests that verify complete JWT authentication workflow" do
+    assert_file "test/models/user_test.rb" do |content|
+      assert_match(/class UserTest < ActiveSupport::TestCase/, content)
+      
+      # EPIC 1 REQUIREMENT: Test JWT token generation
+      assert_match(/test ['"]should generate valid JWT token['"]/, content)
+      assert_match(/user\.generate_jwt_token/, content)
+      assert_match(/JWT\.decode/, content)
+      
+      # EPIC 1 REQUIREMENT: Test JWT token validation  
+      assert_match(/test ['"]should validate JWT token and find user['"]/, content)
+      assert_match(/User\.find_by_jwt_token/, content)
+      
+      # EPIC 1 REQUIREMENT: Test authentication workflow
+      assert_match(/test ['"]should authenticate with correct password['"]/, content)
+      assert_match(/user\.authenticate/, content)
+      
+      # EPIC 1 REQUIREMENT: Test validation rules
+      assert_match(/test ['"]should validate email_address uniqueness['"]/, content)
+      assert_match(/test ['"]should validate password strength['"]/, content)
+      
+      # Verify tests use actual JWT functionality, not mocks
+      assert_no_match(/mock/, content)
+      assert_no_match(/stub/, content)
+    end
+  end
+
+  test "generator creates JWT authentication controller that supports comprehensive testing" do
+    assert_file "app/controllers/auth/tokens_controller.rb" do |content|
+      # EPIC 1 REQUIREMENT: Verify controller supports JWT authentication testing
+      assert_match(/class Auth::TokensController < ApplicationController/, content)
+      
+      # Verify login endpoint structure for testing
+      assert_match(/def create/, content)
+      assert_match(/render json:/, content)
+      
+      # Verify logout endpoint structure for testing
+      assert_match(/def destroy/, content)
+      
+      # Verify current user endpoint structure for testing
+      assert_match(/def me/, content)
+      
+      # Verify JWT authentication support for testing
+      assert_match(/include PropelAuthentication/, content)
+      assert_match(/return unless authenticate_user/, content)
+      
+      # Verify proper error handling for testing
+      assert_match(/status: :unauthorized/, content)
+    end
+  end
+
+  test "generator runs idempotently without creating duplicate content or breaking existing JWT functionality" do
+    # Run generator again
+    run_generator
+    
+    # Should not raise errors and files should still exist with correct content
+    assert_file "app/models/user.rb"
+    assert_file "app/models/concerns/authenticatable.rb"
+    assert_file "app/controllers/auth/tokens_controller.rb"
+    assert_file "config/initializers/propel_access.rb"
+    
+    # Check that no duplicate content was added to routes
+    assert_file "config/routes.rb" do |content|
+      # Should only have one namespace :auth block
+      auth_blocks = content.scan(/namespace :auth/).length
+      assert_equal 1, auth_blocks, "Should have exactly one auth namespace block"
+      
+      # Should only have one set of JWT routes
+      login_routes = content.scan(/post 'login'/).length
+      assert_equal 1, login_routes, "Should have exactly one login route"
+    end
+    
+    # Check that no duplicate gems were added
+    assert_file "Gemfile" do |content|
+      bcrypt_occurrences = content.scan(/gem ['"]bcrypt['"]/).length
+      jwt_occurrences = content.scan(/gem ['"]jwt['"]/).length
+      assert_equal 1, bcrypt_occurrences, "Should have exactly one bcrypt gem entry"
+      assert_equal 1, jwt_occurrences, "Should have exactly one jwt gem entry"
+    end
+  end
+
+  test "generated JWT authentication system has valid syntax and proper structure for real Rails API app" do
+    # Verify all generated Ruby files have valid syntax
+    ruby_files = [
+      "app/models/user.rb",
+      "app/models/organization.rb", 
+      "app/models/agency.rb",
+      "app/models/agent.rb",
+      "app/models/invitation.rb",
+      "app/models/concerns/authenticatable.rb",
+      "app/controllers/auth/tokens_controller.rb",
+      "test/models/user_test.rb",
+      "config/initializers/propel_access.rb"
+    ]
+    
+    ruby_files.each do |file_path|
+      assert_file file_path do |content|
+        # Basic syntax validation - no syntax errors should be present
+        assert_no_match(/syntax error/, content)
+        assert_no_match(/unexpected/, content)
+        
+        # Ensure proper class/module structure
+        if file_path.include?("models/concerns/")
+          assert_match(/^module \w+/, content)
+          assert_match(/extend ActiveSupport::Concern/, content)
+        elsif file_path.include?("controllers/")
+          assert_match(/^class .*Controller < ApplicationController/, content) unless file_path.include?("_test.rb")
+        elsif file_path.include?("models/")
+          assert_match(/^class \w+ < ApplicationRecord/, content) unless file_path.include?("_test.rb")
+        end
+      end
+    end
+  end
+
+  test "generated user model integrates properly with JWT-enabled authenticatable concern" do
+    assert_file "app/models/user.rb" do |user_content|
+      assert_match(/include Authenticatable/, user_content)
+      assert_match(/belongs_to :organization/, user_content)
+    end
+    
+    # Verify the concern provides the expected JWT functionality
+    assert_file "app/models/concerns/authenticatable.rb" do |concern_content|
+      assert_match(/has_secure_password/, concern_content)
+      assert_match(/validates :email_address/, concern_content)
+      assert_match(/validates :password/, concern_content)
+      
+      # EPIC 1 REQUIREMENT: JWT functionality must be present
+      assert_match(/def generate_jwt_token/, concern_content)
+      assert_match(/JWT\.encode/, concern_content)
+      assert_match(/class_methods do/, concern_content)
+      assert_match(/def find_by_jwt_token/, concern_content)
+      assert_match(/JWT\.decode/, concern_content)
+    end
+  end
+
+  test "generated JWT authentication controller provides complete API functionality" do
+    assert_file "app/controllers/auth/tokens_controller.rb" do |content|
+      # Verify all required API endpoints are present
+      assert_match(/def create/, content) # Login
+      assert_match(/def destroy/, content) # Logout  
+      assert_match(/def me/, content) # Current user
+      
+      # Verify proper JSON API responses
+      assert_match(/render json:/, content)
+      assert_match(/status: :ok/, content)
+      assert_match(/status: :unauthorized/, content)
+      
+      # Verify JWT token handling
+      assert_match(/include PropelAuthentication/, content)
+      assert_match(/return unless authenticate_user/, content)
+    end
+  end
+
+  test "generated migrations create proper foreign key relationships for multi-tenant JWT system" do
+    # Verify organizations are the root of the multi-tenant hierarchy
+    assert_migration "db/migrate/create_organizations.rb" do |migration|
+      assert_match(/create_table :organizations/, migration)
+    end
+    
+    # Verify users belong to organizations (for JWT token context)
+    assert_migration "db/migrate/create_users.rb" do |migration|
+      assert_match(/t\.references :organization/, migration)
+    end
+    
+    # Verify agencies reference organizations
+    assert_migration "db/migrate/create_agencies.rb" do |migration|
+      assert_match(/t\.references :organization/, migration)
+      assert_match(/foreign_key: true/, migration)
+    end
+    
+    # Verify agents reference both agencies and users (for role-based JWT claims)
+    assert_migration "db/migrate/create_agents.rb" do |migration|
+      assert_match(/t\.references :agency/, migration)
+      assert_match(/t\.references :user/, migration)
+    end
+    
+    # Verify invitations have polymorphic relationship (for flexible JWT-based invitations)
+    assert_migration "db/migrate/create_invitations.rb" do |migration|
+      assert_match(/t\.references :organization/, migration)
+      assert_match(/t\.references :inviter/, migration)
+      assert_match(/t\.string :email_address/, migration)
+      assert_match(/t\.integer :status/, migration)
+    end
+  end
+
+  test "generated JWT configuration provides secure defaults for production use" do
+    assert_file "config/initializers/propel_access.rb" do |content|
+      # Verify JWT configuration structure exists
+      assert_match(/PropelAccess\.configure/, content)
+      
+      # EPIC 1 REQUIREMENT: Secure JWT configuration
+      assert_match(/jwt_secret/, content)
+      assert_match(/jwt_expiration/, content)
+      
+      # Verify secure defaults
+      assert_match(/24\.hours/, content) # Reasonable token expiration
+      assert_match(/password_length.*8/, content) # Strong password requirement
+      
+      # Verify environment-aware configuration
+      assert_match(/Rails\.env/, content)
+    end
+  end
+
+  test "generator creates complete JWT authentication system that works immediately for JavaScript frontends" do
+    # This is the EPIC 1 GOAL: Complete working system from day one
+    
+    # Verify all components exist
+    assert_file "app/models/user.rb"
+    assert_file "app/models/concerns/authenticatable.rb"
+    assert_file "app/controllers/auth/tokens_controller.rb"
+    assert_file "config/initializers/propel_access.rb"
+    
+    # Verify JWT routes are accessible 
+    assert_file "config/routes.rb" do |content|
+      assert_match(/post 'login'/, content)
+      assert_match(/delete 'logout'/, content)
+      assert_match(/get 'me'/, content)
+    end
+    
+    # Verify required gems are added
+    assert_file "Gemfile" do |content|
+      assert_match(/gem ['"]jwt['"]/, content)
+      assert_match(/gem ['"]bcrypt['"]/, content)
+    end
+    
+    # Verify the system would work for a JavaScript frontend
+    controller_code = File.read(File.join(destination_root, "app/controllers/auth/tokens_controller.rb"))
+    assert_match(/render json:/, controller_code)
+    assert_match(/include PropelAuthentication/, controller_code)
+    
+    # Verify JWT token functionality exists
+    authenticatable_code = File.read(File.join(destination_root, "app/models/concerns/authenticatable.rb"))
+    assert_match(/JWT\.encode/, authenticatable_code)
+    assert_match(/JWT\.decode/, authenticatable_code)
+  end
+
+  # test "generator does not create RackSessionDisable concern or include it in controller for API-only apps" do
+  #   original_api_only = Rails.application.config.api_only
+  #   Rails.application.config.api_only = true
+  #   begin
+  #     run_generator
+
+  #     assert_no_file "app/controllers/concerns/rack_session_disable.rb"
+  #     assert_file "app/controllers/auth/tokens_controller.rb" do |content|
+  #       assert_no_match(/include RackSessionDisable/, content)
+  #     end
+  #   ensure
+  #     Rails.application.config.api_only = original_api_only
+  #   end
+  # end
+
+  # test "generator creates RackSessionDisable concern and includes it in controller for full stack apps" do
+  #   original_api_only = Rails.application.config.api_only
+  #   Rails.application.config.api_only = false
+  #   begin
+  #     run_generator
+
+  #     assert_file "app/controllers/concerns/rack_session_disable.rb"
+  #     assert_file "app/controllers/auth/tokens_controller.rb" do |content|
+  #       assert_match(/include RackSessionDisable/, content)
+  #     end
+  #   ensure
+  #     Rails.application.config.api_only = original_api_only
+  #   end
+  # end
+end