propel_authentication 0.1.3 → 0.1.4

data/lib/generators/{propel_auth → propel_authentication}/install_generator.rb

@@ -2,15 +2,15 @@ require 'rails/generators/base'
 require 'rails/generators/active_record'
 require_relative 'unpack_generator'
 ##
-# PropelAuth installer that provides JWT-based authentication for Rails applications
+# PropelAuthentication installer that provides JWT-based authentication for Rails applications
 #
 # This creates a COMPLETELY STANDALONE authentication system with no gem dependencies.
 # Usage:
-#   rails generate propel_auth:install    # Full standalone system (runtime + generators)
+#   rails generate propel_authentication:install    # Full standalone system (runtime + generators)
 #
 # This generator:
 # 1. Installs all runtime code (models, controllers, views, tests, etc.)
-# 2. Automatically extracts generator logic to lib/generators/propel_auth/
+# 2. Automatically extracts generator logic to lib/generators/propel_authentication/
 # 3. Creates a system that requires NO gem dependencies
 # 
 # After installation, you can remove 'propel_auth' from your Gemfile completely.
@@ -19,13 +19,13 @@ require_relative 'unpack_generator'
 # Like Rails' built-in generators (action_text:install, devise:install),
 # this generator is designed to be run once per application.
 #
-require_relative 'core/configuration_methods'
+require_relative 'templates/core/configuration_methods'
 
-module PropelAuth
+module PropelAuthentication
   class InstallGenerator < Rails::Generators::Base
     source_root File.expand_path("templates", __dir__)
     include Rails::Generators::Migration
-    include PropelAuth::ConfigurationMethods
+    include PropelAuthentication::ConfigurationMethods
 
     def self.next_migration_number(dir)
       ActiveRecord::Generators::Base.next_migration_number(dir)
@@ -37,12 +37,12 @@ module PropelAuth
       initialize_propel_auth_settings
       
       if behavior == :revoke
-        remove_file "config/initializers/propel_auth.rb"
-        say "Removed PropelAuth configuration", :red
+        remove_file "config/initializers/propel_authentication.rb"
+        say "Removed PropelAuthentication configuration", :red
       else
         # Convert to ERB template to support configuration
-        template "propel_auth.rb.tt", "config/initializers/propel_auth.rb"
-        say "Created PropelAuth configuration with namespace: #{namespace_display}, version: #{version_display}", :green
+        template "propel_authentication.rb.tt", "config/initializers/propel_authentication.rb"
+        say "Created PropelAuthentication configuration with namespace: #{namespace_display}, version: #{version_display}", :green
       end
     end
 
@@ -136,7 +136,7 @@ module PropelAuth
     end
 
     def extract_generator_for_customization
-      generator_path = "lib/generators/propel_auth"
+      generator_path = "lib/generators/propel_authentication"
       
       if File.exist?(generator_path)
         say ""
@@ -147,13 +147,13 @@ module PropelAuth
         say "📦 Extracting generator logic for full customization...", :blue
         
         # Automatically run the unpack generator to extract generator logic
-        invoke PropelAuth::UnpackGenerator, [], { force: false }
+        invoke PropelAuthentication::UnpackGenerator, [], { force: false }
         
         say ""
-              say "✅ Generator logic extracted to lib/generators/propel_auth/", :green
+              say "✅ Generator logic extracted to lib/generators/propel_authentication/", :green
       say "💡 Your application is now completely standalone - no gem dependency needed!", :cyan
       say "🗑️  You can now remove 'propel_auth' from your Gemfile", :yellow
-      say "📦 All PropelAuth runtime code is now in config/initializers/propel_auth.rb", :blue
+              say "📦 All PropelAuthentication runtime code is now in config/initializers/propel_authentication.rb", :blue
       end
     end
 
@@ -175,11 +175,11 @@ module PropelAuth
       end
       
       say "\n🎨 Customization:", :bold
-      say "• Generator logic: lib/generators/propel_auth/install_generator.rb", :blue
-      say "• Templates: lib/generators/propel_auth/templates/", :blue
+      say "• Generator logic: lib/generators/propel_authentication/install_generator.rb", :blue
+      say "• Templates: lib/generators/propel_authentication/templates/", :blue
       say "• Modify any part of the system - it's all yours now!", :cyan
       
-      say "\n🗑️  To uninstall: rails destroy propel_auth:install", :yellow
+      say "\n🗑️  To uninstall: rails destroy propel_authentication:install", :yellow
     end
 
     private

data/lib/generators/{propel_auth → propel_authentication}/templates/auth_mailer.rb

@@ -167,7 +167,7 @@ class AuthMailer < ApplicationMailer
   # Generate confirmation URL with token
   def confirmation_url(user)
     token = user.confirmation_token
-    base_url = PropelAuth.configuration.frontend_url || "#{request.protocol}#{request.host_with_port}"
+    base_url = PropelAuthentication.configuration.frontend_url || "#{request.protocol}#{request.host_with_port}"
     "#{base_url}/auth/confirm?token=#{token}"
   end
 

data/lib/generators/{propel_auth → propel_authentication}/templates/authenticatable.rb

@@ -14,10 +14,10 @@ module Authenticatable
       email_address: email_address,
       organization_id: organization_id,
       iat: Time.now.to_i,
-      exp: PropelAuth.configuration.jwt_expiration.from_now.to_i
+      exp: PropelAuthentication.configuration.jwt_expiration.from_now.to_i
     }
     
-          JWT.encode(payload, PropelAuth.configuration.jwt_secret, 'HS256')
+          JWT.encode(payload, PropelAuthentication.configuration.jwt_secret, 'HS256')
   end
 
   class_methods do
@@ -25,7 +25,7 @@ module Authenticatable
     def find_by_jwt_token(token)
       return nil unless token
       
-      decoded_token = JWT.decode(token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+      decoded_token = JWT.decode(token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
       payload = decoded_token.first
       
       # Check if token is expired (JWT gem handles this, but double-check)

data/lib/generators/{propel_auth → propel_authentication}/templates/concerns/confirmable.rb

@@ -108,11 +108,11 @@ module Confirmable
   end
 
   def confirmation_period
-    PropelAuth.configuration.confirmation_period || 24.hours
+    PropelAuthentication.configuration.confirmation_period || 24.hours
   end
 
   def confirmation_resend_interval
-    PropelAuth.configuration.confirmation_resend_interval || 1.minute
+    PropelAuthentication.configuration.confirmation_resend_interval || 1.minute
   end
 
   module ClassMethods

data/lib/generators/{propel_auth → propel_authentication}/templates/concerns/lockable.rb

@@ -6,7 +6,7 @@ module Lockable
     return false unless locked_at.present?
     
     # Check if lockout duration has passed (automatic unlock)
-    if locked_at + PropelAuth.configuration.lockout_duration > Time.current
+    if locked_at + PropelAuthentication.configuration.lockout_duration > Time.current
       true # Still within lockout period
     else
       # Lockout period expired, automatically unlock
@@ -26,7 +26,7 @@ module Lockable
     
     self.failed_login_attempts = (failed_login_attempts || 0) + 1
     
-    if failed_login_attempts >= PropelAuth.configuration.max_failed_attempts
+    if failed_login_attempts >= PropelAuthentication.configuration.max_failed_attempts
       lock_account!
     else
       save!
@@ -42,7 +42,7 @@ module Lockable
   def lock_account!
     update!(
       locked_at: Time.current,
-      failed_login_attempts: PropelAuth.configuration.max_failed_attempts
+      failed_login_attempts: PropelAuthentication.configuration.max_failed_attempts
     )
     
     # Send account locked email notification if enabled
@@ -75,7 +75,7 @@ module Lockable
       exp: 1.hour.from_now.to_i # Unlock tokens expire in 1 hour
     }
     
-    JWT.encode(payload, PropelAuth.configuration.jwt_secret, 'HS256')
+    JWT.encode(payload, PropelAuthentication.configuration.jwt_secret, 'HS256')
   end
   
   # Unlock account using a valid unlock token
@@ -83,7 +83,7 @@ module Lockable
     return false unless token.present?
     
     begin
-      decoded_token = JWT.decode(token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+      decoded_token = JWT.decode(token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
       payload = decoded_token.first
       
       # Verify token is for this user and is an unlock token
@@ -104,7 +104,7 @@ module Lockable
       return nil unless token.present?
       
       begin
-        decoded_token = JWT.decode(token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+        decoded_token = JWT.decode(token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
         payload = decoded_token.first
         
         # Check if token is expired (JWT gem handles this, but double-check)

data/lib/generators/{propel_auth → propel_authentication}/templates/concerns/recoverable.rb

@@ -15,12 +15,12 @@ module Recoverable
       email_address: self.email_address,
       type: 'password_reset',
       iat: now.to_f,  # Use float for higher precision
-      exp: PropelAuth.configuration.password_reset_expiration.from_now.to_i,
+      exp: PropelAuthentication.configuration.password_reset_expiration.from_now.to_i,
       password_hash: self.password_digest[0..10],  # Bind token to current password
       nonce: SecureRandom.hex(8)  # Add random nonce for uniqueness
     }
     
-    JWT.encode(payload, PropelAuth.configuration.jwt_secret, 'HS256')
+    JWT.encode(payload, PropelAuthentication.configuration.jwt_secret, 'HS256')
   end
 
   # Validate password reset token
@@ -28,7 +28,7 @@ module Recoverable
     return false if token.blank?
     
     begin
-      decoded = JWT.decode(token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+      decoded = JWT.decode(token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
       payload = decoded.first
       
       # Validate token structure and content
@@ -55,7 +55,7 @@ module Recoverable
     return false if new_password != new_password_confirmation
     
     # Validate password length (configuration is a Range)
-    password_range = PropelAuth.configuration.password_length
+    password_range = PropelAuthentication.configuration.password_length
     return false unless password_range.include?(new_password.length)
     
     begin
@@ -77,7 +77,7 @@ module Recoverable
       return nil if token.blank?
       
       begin
-        decoded = JWT.decode(token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+        decoded = JWT.decode(token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
         payload = decoded.first
         
         # Validate token structure
@@ -102,7 +102,7 @@ module Recoverable
     return nil if token.blank?
     
     begin
-      decoded = JWT.decode(token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+      decoded = JWT.decode(token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
       decoded.first['user_id']
     rescue JWT::DecodeError
       nil

data/lib/generators/{propel_auth → propel_authentication/templates}/core/configuration_methods.rb

@@ -1,33 +1,33 @@
 # frozen_string_literal: true
 
 ##
-# Module providing configuration detection and validation for PropelAuth generators
+# Module providing configuration detection and validation for PropelAuthentication generators
 #
-module PropelAuth
+module PropelAuthentication
   module ConfigurationMethods
     
-    # Shared class options across all PropelAuth generators
+    # Shared class options across all PropelAuthentication generators
     def self.included(base)
       base.class_option :namespace,
-                       type: :string,
-                       default: nil,
-                       desc: "Authentication namespace (e.g., 'api', 'admin_api'). Use 'none' for no namespace. Defaults to PropelAuth configuration."
+                        type: :string,
+                        default: nil,
+                        desc: "Authentication namespace (e.g., 'api', 'admin_api'). Use 'none' for no namespace. Defaults to PropelAuthentication configuration."
       
       base.class_option :version,
-                       type: :string,
-                       default: nil,
-                       desc: "Authentication version (e.g., 'v1', 'v2'). Use 'none' for no versioning. Defaults to PropelAuth configuration."
+                        type: :string,
+                        default: nil,
+                        desc: "Authentication version (e.g., 'v1', 'v2'). Use 'none' for no versioning. Defaults to PropelAuthentication configuration."
 
       # Legacy support for existing --api-version option
       base.class_option :api_version,
-                       type: :string,
-                       default: nil,
-                       desc: "Legacy: Use --version instead. Authentication version (e.g., 'v1', 'v2')."
+                        type: :string,
+                        default: nil,
+                        desc: "Legacy: Use --version instead. Authentication version (e.g., 'v1', 'v2')."
     end
 
     protected
 
-    # Initialize shared PropelAuth settings used across all generators
+          # Initialize shared PropelAuthentication settings used across all generators
     def initialize_propel_auth_settings
       @auth_namespace = determine_auth_namespace
       @auth_version = determine_auth_version
@@ -36,7 +36,7 @@ module PropelAuth
     # Determine the authentication namespace to use
     # Priority order:
     # 1. Command line option (--namespace)
-    # 2. PropelAuth configuration (if exists)
+    # 2. PropelAuthentication configuration (if exists)
     # 3. Default fallback (nil for clean URLs like /login)
     def determine_auth_namespace
       if options[:namespace] == 'none'
@@ -47,10 +47,10 @@ module PropelAuth
         return options[:namespace]
       end
       
-      # Try to read from PropelAuth configuration
+      # Try to read from PropelAuthentication configuration
       begin
-        if defined?(PropelAuth) && PropelAuth.configuration.respond_to?(:namespace)
-          config_namespace = PropelAuth.configuration.namespace
+        if defined?(PropelAuthentication) && PropelAuthentication.configuration.respond_to?(:namespace)
+          config_namespace = PropelAuthentication.configuration.namespace
           return config_namespace if config_namespace.present? && config_namespace != 'none'
         end
       rescue => e
@@ -64,7 +64,7 @@ module PropelAuth
     # Determine the authentication version to use
     # Priority order:
     # 1. Command line option (--version or legacy --api-version)
-    # 2. PropelAuth configuration (if exists)  
+    # 2. PropelAuthentication configuration (if exists)  
     # 3. Default fallback (nil for clean URLs like /login)
     def determine_auth_version
       # Check for 'none' in either option
@@ -82,10 +82,10 @@ module PropelAuth
         return options[:api_version]
       end
       
-      # Try to read from PropelAuth configuration
+      # Try to read from PropelAuthentication configuration
       begin
-        if defined?(PropelAuth) && PropelAuth.configuration.respond_to?(:version)
-          config_version = PropelAuth.configuration.version
+        if defined?(PropelAuthentication) && PropelAuthentication.configuration.respond_to?(:version)
+          config_version = PropelAuthentication.configuration.version
           return config_version if config_version.present? && config_version != 'none'
         end
       rescue => e
@@ -130,5 +130,22 @@ module PropelAuth
       path_parts << 'auth'
       path_parts.join('/')
     end
+
+    # Helper methods for templates
+    def api_versioned?
+      @auth_version.present? && @auth_version != 'none'
+    end
+
+    def api_only_app?
+      defined?(Rails.application.config.api_only) && Rails.application.config.api_only
+    end
+
+    def controller_namespace
+      if api_versioned?
+        auth_controller_namespace
+      else
+        'Auth'
+      end
+    end
   end
 end 

data/lib/generators/{propel_auth → propel_authentication}/templates/invitation.rb

@@ -42,14 +42,14 @@ class Invitation < ApplicationRecord
       invitation_hash: generate_invitation_hash
     }
     
-    JWT.encode(payload, PropelAuth.configuration.jwt_secret, 'HS256')
+    JWT.encode(payload, PropelAuthentication.configuration.jwt_secret, 'HS256')
   end
 
   # Find invitation by JWT token with validation
   def self.find_by_invitation_token(token)
     begin
       # Decode and validate the JWT token
-      payload = JWT.decode(token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })[0]
+      payload = JWT.decode(token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })[0]
       
       # Verify this is an invitation token
       return nil unless payload['type'] == 'invitation'

data/lib/generators/{propel_auth/templates/propel_auth.rb.tt → propel_authentication/templates/propel_authentication.rb.tt}

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
 
-# PropelAuth Runtime and Configuration
+# PropelAuthentication Runtime and Configuration
 # This file was generated by: rails generate propel_auth:install
 # 
-# This contains ALL PropelAuth runtime functionality - no gem dependency required!
+# This contains ALL PropelAuthentication runtime functionality - no gem dependency required!
 # This module provides JWT-based authentication for Rails applications
 # with features like account lockout, password reset, and email confirmation.
 
 require "rails"
 
-module PropelAuth
+module PropelAuthentication
   class Error < StandardError; end
 
   class << self
@@ -88,18 +88,10 @@ module PropelAuth
       @version = nil       # Default to no version for clean URLs like /login
     end
   end
-
-  class Engine < Rails::Engine
-    initializer 'propel_auth.load_generators' do |app|
-      config.generators do |g|
-        g.test_framework :minitest, fixture: true
-      end
-    end
-  end
 end
 
-# Configure PropelAuth with secure defaults
-PropelAuth.configure do |config|
+# Configure PropelAuthentication with secure defaults
+PropelAuthentication.configure do |config|
   # JWT Configuration for API authentication
   config.jwt_secret = Rails.application.credentials.secret_key_base || ENV['SECRET_KEY_BASE'] || 'your-secret-key'
   config.jwt_expiration = 24.hours
@@ -135,7 +127,7 @@ PropelAuth.configure do |config|
   config.version = <%= @auth_version ? "'#{@auth_version}'" : 'nil' %>
 end
 
-# PropelAuth is now fully extracted to your application!
+# PropelAuthentication is now fully extracted to your application!
 # - All runtime code is in this file
 # - Generator logic can be extracted with: rails generate propel_auth:unpack
 # - You can remove 'propel_auth' from your Gemfile after installation 

data/lib/generators/{propel_auth → propel_authentication}/templates/test/concerns/lockable_test.rb.tt

@@ -21,13 +21,13 @@ class LockableTest < ActiveSupport::TestCase
 
   test "should lock account after max failed attempts" do
     # Simulate 10 failed attempts
-    PropelAuth.configuration.max_failed_attempts.times do
+    PropelAuthentication.configuration.max_failed_attempts.times do
       @user.increment_failed_attempts
     end
     
-    assert @user.locked?, "User should be locked after #{PropelAuth.configuration.max_failed_attempts} failed attempts"
+    assert @user.locked?, "User should be locked after #{PropelAuthentication.configuration.max_failed_attempts} failed attempts"
     assert @user.locked_at.present?, "Locked at timestamp should be set"
-    assert_equal PropelAuth.configuration.max_failed_attempts, @user.failed_login_attempts, "Failed attempts should equal max"
+    assert_equal PropelAuthentication.configuration.max_failed_attempts, @user.failed_login_attempts, "Failed attempts should equal max"
   end
 
   test "should reset failed attempts on successful login" do
@@ -54,10 +54,10 @@ class LockableTest < ActiveSupport::TestCase
 
   test "should automatically unlock after lockout duration" do
     # Lock the account with a past timestamp
-    past_time = (PropelAuth.configuration.lockout_duration + 1.minute).ago
+    past_time = (PropelAuthentication.configuration.lockout_duration + 1.minute).ago
     @user.update!(
       locked_at: past_time,
-      failed_login_attempts: PropelAuth.configuration.max_failed_attempts
+      failed_login_attempts: PropelAuthentication.configuration.max_failed_attempts
     )
     
     # Check if automatically unlocked
@@ -69,7 +69,7 @@ class LockableTest < ActiveSupport::TestCase
     recent_time = 5.minutes.ago
     @user.update!(
       locked_at: recent_time,
-      failed_login_attempts: PropelAuth.configuration.max_failed_attempts
+      failed_login_attempts: PropelAuthentication.configuration.max_failed_attempts
     )
     
     # Should still be locked
@@ -130,15 +130,15 @@ class LockableTest < ActiveSupport::TestCase
 
   test "should integrate with failed login attempt configuration" do
     # Test with different configuration
-    original_max = PropelAuth.configuration.max_failed_attempts
-    PropelAuth.configuration.max_failed_attempts = 3
+    original_max = PropelAuthentication.configuration.max_failed_attempts
+    PropelAuthentication.configuration.max_failed_attempts = 3
     
     # Should lock after 3 attempts with new config
     3.times { @user.increment_failed_attempts }
     assert @user.locked?, "Should respect updated configuration"
     
     # Restore original config
-    PropelAuth.configuration.max_failed_attempts = original_max
+    PropelAuthentication.configuration.max_failed_attempts = original_max
   end
 
   # CRITICAL EDGE CASE TESTS - Missing from initial implementation
@@ -164,7 +164,7 @@ class LockableTest < ActiveSupport::TestCase
       iat: Time.now.to_i,
       exp: 1.second.ago.to_i 
     }
-    expired_token = JWT.encode(expired_payload, PropelAuth.configuration.jwt_secret, 'HS256')
+    expired_token = JWT.encode(expired_payload, PropelAuthentication.configuration.jwt_secret, 'HS256')
     
     assert_not @user.unlock_with_token!(expired_token), "Should reject expired unlock token"
     assert @user.locked?, "Should remain locked with expired token"
@@ -256,7 +256,7 @@ class LockableTest < ActiveSupport::TestCase
     @user.lock_account!
     
     unlock_token = @user.generate_unlock_token
-    decoded = JWT.decode(unlock_token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+    decoded = JWT.decode(unlock_token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
     payload = decoded.first
     
     assert_equal @user.id, payload['user_id'], "Token should contain correct user ID"
@@ -272,7 +272,7 @@ class LockableTest < ActiveSupport::TestCase
     @user.lock_account!
     
     unlock_token = @user.generate_unlock_token
-    decoded = JWT.decode(unlock_token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+    decoded = JWT.decode(unlock_token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
     payload = decoded.first
     
     token_lifetime = payload['exp'] - payload['iat']

data/lib/generators/{propel_auth → propel_authentication}/templates/test/concerns/propel_authentication_test.rb.tt

@@ -48,7 +48,7 @@ class PropelAuthenticationTest < ActionDispatch::IntegrationTest
       user_id: @user.id,
       exp: 1.hour.ago.to_i
     }
-    expired_token = JWT.encode(payload, PropelAuth.configuration.jwt_secret, 'HS256')
+    expired_token = JWT.encode(payload, PropelAuthentication.configuration.jwt_secret, 'HS256')
 
     with_test_routes do
       get '/test_auth', headers: { 'Authorization' => "Bearer #{expired_token}" }

data/lib/generators/{propel_auth → propel_authentication}/templates/test/concerns/recoverable_test.rb.tt

@@ -17,7 +17,7 @@ class RecoverableTest < ActiveSupport::TestCase
     assert_equal 3, reset_token.split('.').length, "JWT should have 3 parts separated by dots"
     
     # VERIFY TOKEN CONTENT: Decode and validate payload
-    decoded = JWT.decode(reset_token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+    decoded = JWT.decode(reset_token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
     payload = decoded.first
     
     assert_equal @user.id, payload['user_id'], "Token should contain correct user ID"
@@ -50,7 +50,7 @@ class RecoverableTest < ActiveSupport::TestCase
     assert @user.valid_password_reset_token?(reset_token), "Valid token should pass validation"
     
     # VERIFY TOKEN BINDING: Token should be bound to specific user
-    decoded = JWT.decode(reset_token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+    decoded = JWT.decode(reset_token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
     payload = decoded.first
     assert_equal @user.id, payload['user_id'], "Token should be bound to correct user"
   end
@@ -67,7 +67,7 @@ class RecoverableTest < ActiveSupport::TestCase
       exp: 1.second.ago.to_i,  # Already expired
       password_hash: @user.password_digest[0..10]
     }
-    expired_token = JWT.encode(expired_payload, PropelAuth.configuration.jwt_secret, 'HS256')
+    expired_token = JWT.encode(expired_payload, PropelAuthentication.configuration.jwt_secret, 'HS256')
     
     # VERIFY EXPIRATION: Expired token should be rejected
     assert_not @user.valid_password_reset_token?(expired_token), "Expired token should be rejected"
@@ -264,7 +264,7 @@ class RecoverableTest < ActiveSupport::TestCase
       exp: 1.second.ago.to_i,  # Already expired
       password_hash: @user.password_digest[0..10]
     }
-    expired_token = JWT.encode(expired_payload, PropelAuth.configuration.jwt_secret, 'HS256')
+    expired_token = JWT.encode(expired_payload, PropelAuthentication.configuration.jwt_secret, 'HS256')
     
     # EXECUTE LOOKUP: Try to find user with expired token
     found_user = User.find_user_by_password_reset_token(expired_token)
@@ -277,7 +277,7 @@ class RecoverableTest < ActiveSupport::TestCase
     # SECURITY: Verify token expiration is reasonable (not too long)
     
     reset_token = @user.generate_password_reset_token
-    decoded = JWT.decode(reset_token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+    decoded = JWT.decode(reset_token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
     payload = decoded.first
     
     token_lifetime = payload['exp'] - payload['iat']
@@ -299,7 +299,7 @@ class RecoverableTest < ActiveSupport::TestCase
       exp: 1.hour.from_now.to_i,
       password_hash: @user.password_digest[0..10]
     }
-    unlock_token = JWT.encode(unlock_payload, PropelAuth.configuration.jwt_secret, 'HS256')
+    unlock_token = JWT.encode(unlock_payload, PropelAuthentication.configuration.jwt_secret, 'HS256')
     
     # VERIFY TYPE VALIDATION: Unlock token should not work for password reset
     assert_not @user.valid_password_reset_token?(unlock_token), "Should reject wrong token type"
@@ -313,7 +313,7 @@ class RecoverableTest < ActiveSupport::TestCase
     # SECURITY: Verify token includes password hash binding
     
     reset_token = @user.generate_password_reset_token
-    decoded = JWT.decode(reset_token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })
+    decoded = JWT.decode(reset_token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })
     payload = decoded.first
     
     # VERIFY BINDING: Token should contain password hash fragment

data/lib/generators/{propel_auth → propel_authentication}/templates/user_test.rb.tt

@@ -47,7 +47,7 @@ class UserTest < ActiveSupport::TestCase
     assert_equal 3, token.split('.').length, "JWT should have 3 parts"
     
     # Verify token content
-    payload = JWT.decode(token, PropelAuth.configuration.jwt_secret, true, { algorithm: 'HS256' })[0]
+    payload = JWT.decode(token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })[0]
     assert_equal user.id, payload['user_id'], "Token should include user ID"
     assert_equal user.organization_id, payload['organization_id'], "Token should include organization ID"
     assert payload['exp'].present?, "Token should include expiration"