propel_authentication 0.1.1

data/lib/generators/propel_auth/pack_generator.rb

@@ -0,0 +1,277 @@
+# frozen_string_literal: true
+
+##
+# PropelAuth packer that bundles customized authentication code back into gem format
+#
+# Usage:
+#   rails generate propel_auth:pack                     # Pack all customized code
+#   rails generate propel_auth:pack --output-dir=../gems # Pack to specific directory
+#   rails generate propel_auth:pack --version=0.2.0     # Pack with custom version
+#
+# This bundles your customized PropelAuth generator and templates back into a
+# distributable gem format for sharing across projects or organizations.
+#
+class PropelAuth::PackGenerator < Rails::Generators::Base
+  desc "Pack customized PropelAuth code back into distributable gem format"
+
+  class_option :output_dir,
+               type: :string,
+               default: "tmp/propel_auth_custom",
+               desc: "Output directory for packed gem"
+
+  class_option :version,
+               type: :string,
+               default: "0.1.0-custom",
+               desc: "Version for the packed gem"
+
+  class_option :gem_name,
+               type: :string,
+               default: "propel_auth_custom",
+               desc: "Name for the packed gem"
+
+  def pack_propel_auth_generator
+    @output_dir = options[:output_dir]
+    @version = options[:version]
+    @gem_name = options[:gem_name]
+    
+    show_welcome_message
+    validate_source_files
+    create_gem_structure
+    copy_generator_logic
+    copy_templates
+    create_gemspec
+    create_readme
+    show_completion_message
+  end
+
+  private
+
+  def show_welcome_message
+    say ""
+    say "╔══════════════════════════════════════╗", :cyan
+    say "║        PACK PROPEL AUTH GENERATOR    ║", :cyan  
+    say "╚══════════════════════════════════════╝", :cyan
+    say ""
+    say "Packing your customized PropelAuth code into distributable gem format", :blue
+    say ""
+    say "📁 FROM: lib/generators/propel_auth/ (customized)", :yellow
+    say "📦 TO:   #{@output_dir}/ (distributable gem)", :green
+    say ""
+  end
+
+  def validate_source_files
+    source_path = "lib/generators/propel_auth"
+    
+    unless File.exist?(source_path)
+      raise Thor::Error, "❌ No customized PropelAuth generator found at #{source_path}. Run 'rails generate propel_auth:unpack' first."
+    end
+    
+    required_files = %w[install_generator.rb]
+    missing_files = required_files.reject { |file| File.exist?(File.join(source_path, file)) }
+    
+    if missing_files.any?
+      raise Thor::Error, "❌ Missing required files: #{missing_files.join(', ')}"
+    end
+    
+    say "✅ Source files validated", :green
+  end
+
+  def create_gem_structure
+    FileUtils.mkdir_p(File.join(@output_dir, "lib", @gem_name))
+    FileUtils.mkdir_p(File.join(@output_dir, "lib", "generators", @gem_name))
+    say "📁 Created gem directory structure", :blue
+  end
+
+  def copy_generator_logic
+    source_path = "lib/generators/propel_auth"
+    dest_path = File.join(@output_dir, "lib", "generators", @gem_name)
+    
+    # Copy install generator
+    if File.exist?(File.join(source_path, "install_generator.rb"))
+      source_content = File.read(File.join(source_path, "install_generator.rb"))
+      
+      # Update module name for custom gem
+      modified_content = source_content.gsub(
+        /^module PropelAuth$/,
+        "module #{@gem_name.camelize}"
+      )
+      
+      File.write(File.join(dest_path, "install_generator.rb"), modified_content)
+      say "   ✅ Install generator packed", :green
+    end
+    
+    # Create unpack generator for the custom gem
+    create_unpack_generator(dest_path)
+  end
+
+  def copy_templates
+    source_templates = "lib/generators/propel_auth/templates"
+    dest_templates = File.join(@output_dir, "lib", "generators", @gem_name, "templates")
+    
+    if Dir.exist?(source_templates)
+      FileUtils.cp_r(source_templates, dest_templates)
+      say "   ✅ Templates packed", :green
+    end
+  end
+
+  def create_gemspec
+    gemspec_content = <<~GEMSPEC
+      # frozen_string_literal: true
+
+      require_relative "lib/#{@gem_name}/version"
+
+      Gem::Specification.new do |spec|
+        spec.name = "#{@gem_name}"
+        spec.version = #{@gem_name.camelize}::VERSION
+        spec.authors = ["#{`git config user.name`.strip}"]
+        spec.email = ["#{`git config user.email`.strip}"]
+
+        spec.summary = "Customized PropelAuth authentication system"
+        spec.description = "Self-extracting authentication gem based on PropelAuth with custom modifications"
+        spec.homepage = "https://github.com/yourorg/#{@gem_name}"
+        spec.license = "MIT"
+
+        spec.metadata["homepage_uri"] = spec.homepage
+        spec.metadata["source_code_uri"] = spec.homepage
+        spec.metadata["changelog_uri"] = "\#{spec.homepage}/blob/main/CHANGELOG.md"
+
+        spec.files = Dir.chdir(__dir__) do
+          `git ls-files -z`.split("\\x0").reject do |f|
+            (File.expand_path(f) == __FILE__) ||
+              f.start_with?(*%w[bin/ test/ spec/ features/ .git .github appveyor Gemfile])
+          end
+        end
+
+        spec.bindir = "exe"
+        spec.executables = spec.files.grep(%r{\\Aexe/}) { |f| File.basename(f) }
+        spec.require_paths = ["lib"]
+
+        spec.add_dependency "rails", ">= 7.0"
+        spec.add_development_dependency "rake", "~> 13.0"
+      end
+    GEMSPEC
+    
+    File.write(File.join(@output_dir, "#{@gem_name}.gemspec"), gemspec_content)
+    
+    # Create version file
+    version_content = <<~VERSION
+      # frozen_string_literal: true
+
+      module #{@gem_name.camelize}
+        VERSION = "#{@version}"
+      end
+    VERSION
+    
+    FileUtils.mkdir_p(File.join(@output_dir, "lib", @gem_name))
+    File.write(File.join(@output_dir, "lib", @gem_name, "version.rb"), version_content)
+    
+    # Create main gem file
+    main_file_content = <<~MAIN
+      # frozen_string_literal: true
+
+      require_relative "#{@gem_name}/version"
+
+      module #{@gem_name.camelize}
+        # Self-extracting gem - no runtime code here
+        # All functionality is copied to host app during installation
+      end
+    MAIN
+    
+    File.write(File.join(@output_dir, "lib", "#{@gem_name}.rb"), main_file_content)
+    
+    say "   ✅ Gemspec and gem files created", :green
+  end
+
+  def create_unpack_generator(dest_path)
+    unpack_content = <<~UNPACK
+      # frozen_string_literal: true
+
+      class #{@gem_name.camelize}::UnpackGenerator < Rails::Generators::Base
+        source_root File.expand_path("templates", __dir__)
+        
+        desc "Extract #{@gem_name} generator to lib/generators/#{@gem_name}/ for customization"
+
+        def unpack_generator
+          destination_path = "lib/generators/#{@gem_name}"
+          
+          if File.exist?(destination_path) && !options[:force]
+            say "⚠️  \#{destination_path} already exists (use --force to overwrite)", :yellow
+            return
+          end
+
+          say "📦 Extracting #{@gem_name} generator...", :green
+          
+          # Copy install generator
+          copy_file "install_generator.rb", "\#{destination_path}/install_generator.rb"
+          
+          # Copy all templates
+          directory ".", "\#{destination_path}/templates"
+          
+          say "✅ #{@gem_name} generator extracted to \#{destination_path}/", :green
+        end
+      end
+    UNPACK
+    
+    File.write(File.join(dest_path, "unpack_generator.rb"), unpack_content)
+  end
+
+  def create_readme
+    readme_content = <<~README
+      # #{@gem_name.humanize}
+
+      Custom authentication gem based on PropelAuth with organization-specific modifications.
+
+      ## Installation
+
+      Add this line to your application's Gemfile:
+
+      ```ruby
+      gem '#{@gem_name}'
+      ```
+
+      ## Usage
+
+      ### Install (One-time setup)
+      ```bash
+      rails generate #{@gem_name}:install
+      ```
+
+      ### Unpack for customization
+      ```bash
+      rails generate #{@gem_name}:unpack
+      ```
+
+      ## Development
+
+      This gem was created by packing a customized PropelAuth installation.
+
+      ## License
+
+      The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+    README
+    
+    File.write(File.join(@output_dir, "README.md"), readme_content)
+    say "   ✅ README created", :green
+  end
+
+  def show_completion_message
+    say ""
+    say "🎉 PropelAuth PACKED successfully!", :green
+    say ""
+    say "📦 Custom gem created at: #{@output_dir}/", :bold
+    say ""
+    
+    say "🚀 Next steps:", :yellow
+    say "  1. cd #{@output_dir}"
+    say "  2. gem build #{@gem_name}.gemspec"
+    say "  3. gem install #{@gem_name}-#{@version}.gem"
+    say "  4. Use in other projects: gem '#{@gem_name}'"
+    say ""
+    
+    say "💡 Your custom gem includes:", :blue
+    say "   • Your customized install generator"
+    say "   • All your modified templates"
+    say "   • Unpack generator for further customization"
+    say "   • Self-extracting architecture (no runtime dependencies)"
+  end
+end 

data/lib/generators/propel_auth/templates/agency.rb

@@ -0,0 +1,7 @@
+class Agency < ApplicationRecord
+  # Multi-tenant associations
+  belongs_to :organization
+  has_many :agents, dependent: :destroy
+
+  validates :name, presence: true
+end 

data/lib/generators/propel_auth/templates/agent.rb

@@ -0,0 +1,7 @@
+class Agent < ApplicationRecord
+  # Multi-tenant associations
+  belongs_to :agency
+  belongs_to :user
+
+  validates :user_id, uniqueness: { scope: :agency_id }
+end 

data/lib/generators/propel_auth/templates/auth/base_passwords_controller.rb.tt

@@ -0,0 +1,99 @@
+class Api::Auth::BasePasswordsController < ApplicationController
+  <%- unless api_only_app? -%>
+  include RackSessionDisable
+  <%- end -%>
+  include PropelAuthentication
+
+  # POST /api/{version}/auth/reset
+  def create
+    user = User.find_by(email_address: params[:email_address])
+    
+    if user
+      # Generate and save reset token
+      user.generate_password_reset_token!
+      
+      # Send password reset email
+      AuthNotificationService.send_password_reset_email(user)
+      
+      render json: { 
+        message: 'Password reset instructions sent to your email' 
+      }, status: :ok
+    else
+      # Don't reveal whether user exists for security
+      render json: { 
+        message: 'Password reset instructions sent to your email' 
+      }, status: :ok
+    end
+  rescue => e
+    render json: { 
+      error: 'Unable to process password reset request' 
+    }, status: :unprocessable_entity
+  end
+
+  # GET /api/{version}/auth/reset?token=xyz
+  def show
+    token = params[:token]
+    
+    if token.blank?
+      render json: { error: 'Reset token is required' }, status: :unprocessable_entity
+      return
+    end
+    
+    user = User.find_by_password_reset_token(token)
+    
+    if user&.password_reset_token_valid?
+      render json: { 
+        message: 'Token is valid',
+        token: token
+      }, status: :ok
+    else
+      render json: { 
+        error: 'Invalid or expired reset token' 
+      }, status: :unauthorized
+    end
+  end
+
+  # PATCH /api/{version}/auth/reset
+  def update
+    token = params[:token]
+    new_password = params[:password]
+    password_confirmation = params[:password_confirmation]
+    
+    if token.blank? || new_password.blank?
+      render json: { 
+        error: 'Token and password are required' 
+      }, status: :unprocessable_entity
+      return
+    end
+    
+    if new_password != password_confirmation
+      render json: { 
+        error: 'Password confirmation does not match' 
+      }, status: :unprocessable_entity
+      return
+    end
+    
+    user = User.find_by_password_reset_token(token)
+    
+    if user&.password_reset_token_valid?
+      if user.reset_password!(new_password)
+        render json: { 
+          message: 'Password successfully reset' 
+        }, status: :ok
+      else
+        render json: { 
+          error: 'Password could not be reset',
+          details: user.errors.full_messages
+        }, status: :unprocessable_entity
+      end
+    else
+      render json: { 
+        error: 'Invalid or expired reset token' 
+      }, status: :unauthorized
+    end
+  rescue => e
+    render json: { 
+      error: 'Unable to reset password' 
+    }, status: :unprocessable_entity
+  end
+end 

data/lib/generators/propel_auth/templates/auth/base_tokens_controller.rb.tt

@@ -0,0 +1,90 @@
+class Api::Auth::BaseTokensController < ApplicationController
+  <%- unless api_only_app? -%>
+  include RackSessionDisable
+  <%- end -%>
+  include PropelAuthentication
+
+  # POST /api/{version}/auth/login
+  def create
+    user = User.find_by(email_address: params[:user][:email_address])
+    
+    if user&.authenticate(params[:user][:password])
+      if user.status == 1  # inactive
+        render json: { error: 'Account is inactive' }, status: :unauthorized
+        return
+      end
+      
+      # Update last login timestamp
+      user.update(last_login_at: Time.current)
+      
+      # Reset failed login attempts on successful login
+      user.reset_failed_attempts! if user.respond_to?(:reset_failed_attempts!)
+      
+      render json: {
+        token: user.generate_jwt_token,
+        user: user_response(user)
+      }, status: :ok
+    else
+      # Increment failed login attempts if user exists and has lockable functionality
+      if user&.respond_to?(:increment_failed_attempts!)
+        user.increment_failed_attempts!
+      end
+      
+      render json: { error: 'Invalid credentials' }, status: :unauthorized
+    end
+  rescue ActionController::ParameterMissing
+    render json: { error: 'Missing required parameters' }, status: :unprocessable_entity
+  end
+
+  # DELETE /api/{version}/auth/logout
+  def destroy
+    # For JWT, logout is handled client-side by removing the token
+    # Server-side logout would require token blacklisting (future enhancement)
+    render json: { message: 'Logged out successfully' }, status: :ok
+  end
+
+  # GET /api/{version}/auth/me
+  def me
+    return unless authenticate_user
+    render json: { user: user_response(current_user) }, status: :ok
+  end
+
+  def refresh
+    render json: { token: @current_user.generate_jwt_token }
+  end
+
+  # POST /api/{version}/auth/unlock
+  def unlock
+    token = params[:token]
+    
+    if token.blank?
+      render json: { error: 'Token is required' }, status: :unprocessable_entity
+      return
+    end
+    
+    user = User.find_by_unlock_token(token)
+    
+    if user
+      user.unlock_account!
+      render json: { message: 'Account unlocked successfully' }, status: :ok
+    else
+      render json: { error: 'Invalid or expired unlock token' }, status: :unauthorized
+    end
+  rescue => e
+    render json: { error: 'Invalid unlock token' }, status: :unauthorized
+  end
+
+  private
+
+  def user_response(user)
+    {
+      id: user.id,
+      email_address: user.email_address,
+      username: user.username,
+      first_name: user.first_name,
+      last_name: user.last_name,
+      organization_id: user.organization_id,
+      last_login_at: user.last_login_at
+    }
+  end
+end 

data/lib/generators/propel_auth/templates/auth/passwords_controller.rb.tt

@@ -0,0 +1,126 @@
+<%- if api_versioned? -%>
+# Dynamic API versioning controller - inherits from base controller
+class <%= controller_namespace %>::PasswordsController < Api::Auth::BasePasswordsController
+end
+<%- else -%>
+class <%= controller_namespace %>::PasswordsController < ApplicationController
+
+  # POST <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/reset - Request password reset
+  def create
+    email_address = params[:email_address]
+    
+    # Validate email_address parameter
+    if email_address.blank?
+      return render json: { error: "Email address is required" }, status: :unprocessable_entity
+    end
+    
+    # Validate email_address format
+    unless email_address.match?(/\A[\w+\-.]+@[a-z\d\-]+(\.[a-z\d\-]+)*\.[a-z]+\z/i)
+      return render json: { error: "Email address format is invalid" }, status: :unprocessable_entity
+    end
+    
+    # For security, always return the same response whether user exists or not
+    # This prevents user enumeration attacks
+    response_message = "If an account with that email address exists, password reset instructions have been sent to your email"
+    
+    # Find user by email_address and send reset email if user exists
+    user = User.find_by(email_address: email_address)
+    
+    if user && PropelAuth.configuration.enable_email_notifications
+      # Send password reset email using the notification service
+      email_result = AuthNotificationService.send_password_reset_email(user)
+      
+      # Log the result but don't expose it to prevent user enumeration
+      if email_result[:success]
+        Rails.logger.info "Password reset email sent successfully to #{email_address}"
+      else
+        Rails.logger.error "Failed to send password reset email to #{email_address}: #{email_result[:error]}"
+      end
+    end
+    
+    # Always return the same response for security
+    render json: { message: response_message }, status: :ok
+  end
+
+  # PUT <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/reset - Confirm password reset with token
+  def update
+    token = params[:token]
+    password = params[:password]
+    password_confirmation = params[:password_confirmation]
+    
+    # Validate required parameters
+    if token.blank?
+      return render json: { error: "Reset token is required" }, status: :unprocessable_entity
+    end
+    
+    if password.blank?
+      return render json: { error: "Password is required" }, status: :unprocessable_entity
+    end
+    
+    if password_confirmation.blank?
+      return render json: { error: "Password confirmation is required" }, status: :unprocessable_entity
+    end
+    
+    # Validate password confirmation
+    if password != password_confirmation
+      return render json: { error: "Password and confirmation do not match" }, status: :unprocessable_entity
+    end
+    
+    # Find user by token
+    user = User.find_user_by_password_reset_token(token)
+    
+    unless user
+      return render json: { error: "Invalid or expired reset token" }, status: :unauthorized
+    end
+    
+    # Attempt password reset
+    if user.reset_password_with_token!(token, password, password_confirmation)
+      render json: {
+        message: "Password has been reset successfully",
+        user: {
+          id: user.id,
+          email_address: user.email_address,
+          username: user.username
+        }
+      }, status: :ok
+    else
+      render json: { error: "Password is too short (minimum is 8 characters)" }, status: :unprocessable_entity
+    end
+  end
+
+  # GET <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/reset - Verify reset token
+  def show
+    token = params[:token]
+    
+    # Validate token parameter
+    if token.blank?
+      return render json: { error: "Token parameter is required" }, status: :unprocessable_entity
+    end
+    
+    # Find user by token
+    user = User.find_user_by_password_reset_token(token)
+    
+    if user
+      render json: {
+        valid: true,
+        user: {
+          id: user.id,
+          email_address: user.email_address,
+          username: user.username
+        }
+      }, status: :ok
+    else
+      render json: {
+        valid: false,
+        error: "Invalid or expired reset token"
+      }, status: :unauthorized
+    end
+  end
+
+  private
+
+  def password_reset_params
+    params.permit(:email_address, :token, :password, :password_confirmation)
+  end
+end
+<%- end -%>