RubyGems - propel_authentication - Versions diffs - 0.1.3 → 0.2.0 - Mend

propel_authentication 0.1.3 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 77ad0bd9c772c1e89c434316b2cc4317e92ab6cfbddcb08af226441e1bcfca27
-  data.tar.gz: b7b09da07c940568f77a4543f03a0b5b2b19f038f889ee6f743ee1d7d1741482
+  metadata.gz: 22860db42c802dc6a34029c311149badcf95f0b9c54a2f83767bf4c2f1c62618
+  data.tar.gz: 30c016587b4500344ad0a6a95feeef37a12cee54a7addd4f912c67fc5b8f4ca3
 SHA512:
-  metadata.gz: c1df8a43f240fe728f7c00fc10cda8c85362ed0919a8ad89c58c62c89bb4d68536c71197f52f2abf334cab960847bf53c5992ec0a4f56d25436dec59b05abca8
-  data.tar.gz: dd94fc927e86f1192f9622c75c6299253eb52d7b48029df725819ff3e5719471f12a50fbe07a9fe30c49373bbebc53455f1845c656cc31e8d5404eb8a85a21ce
+  metadata.gz: 7da4c75f8d12fce6ad7a0686d2ac6fca6146df044e0b8d8bf6f73acb812f851298c270529cb8c9bd6ef10acb992c0a2b62711182ea92caf7deef06bad084d627
+  data.tar.gz: f94d8b1ec7dfaad482db03aff177dee93af78ef132bd89634af780044f5907f0aa95afe96971540af058f364dfaf4b410f1aaca02311b0b51970b0d83ff6fbf6

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,128 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [Unreleased]
+### Planned Features
+- OAuth provider integration (Google, GitHub, etc.)
+- Two-factor authentication (TOTP)
+- Session management and device tracking
+- Advanced password policies
+## [0.2.0] - 2025-09-02
+### BREAKING CHANGES
+- **Configuration ownership**: `agency_tenancy` configuration moved from PropelApi to PropelAuthentication
+  - Update config files: `PropelApi.configuration.agency_tenancy` → `PropelAuthentication.configuration.agency_tenancy`
+  - PropelAuthentication now owns all tenancy model configuration
+- **Frontend URL configuration**: No longer allows nil values
+  - Configuration hierarchy: Rails credentials → ENV variables → explicit fallbacks
+  - `frontend_url` must be configured (no nil defaults)
+### Added
+- **Configurable tenancy requirements**: New fine-grained control over API behavior
+  - `require_organization_id` (default: false) - Controls whether explicit organization_id is required in API requests
+  - `require_user_id` (default: false) - Controls whether explicit user_id is required in API requests
+  - Developer-friendly defaults enable auto-assignment while allowing strict enterprise security
+- **Enhanced User model**: Complete multi-agency support
+  - Added `has_many :agencies, through: :agents` relationship for agency access
+  - Enhanced JSON facets with comprehensive field sets including authentication status
+  - Short facet now includes `:status` field for user state tracking
+  - Details facet includes all authentication fields with proper association includes
+### Fixed
+- **Authentication namespace conflict resolved** - Renamed authentication concern to prevent module name collision
+  - `PropelAuthentication` concern renamed to `PropelAuthenticationConcern`
+  - Eliminates conflict between authentication controller concern and PropelAuthentication configuration module
+  - Updated all controller templates and generated files
+  - Enhanced method visibility for better API design
+- **Email confirmation workflow**: Fixed multipart email handling and token generation timing
+- **Account locking idempotency**: `lock_account!` method now properly handles race conditions
+- **Configuration consistency**: Unified tenancy model ownership under PropelAuthentication
+### Improved
+- **JWT token security**: Removed agency_ids from JWT payload for better security (looked up in real-time)
+- **User facet completeness**: Details facet now includes all relevant authentication and profile fields
+- **Authentication concern API design** - Better method organization and access patterns
+  - `authenticate_user` - Public method for `before_action` callbacks
+  - `current_user` - Public method for accessing authenticated user
+  - `extract_jwt_token` - Public method for custom authentication scenarios (email notifications, audit logging, token refresh)
+  - Clean separation between public API and internal implementation
+## [0.1.4] - 2025-08-15
+### Fixed
+- **Critical generator extraction issue** - Core infrastructure files now properly extracted during installation
+  - Fixed `require_relative 'core/configuration_methods'` LoadError
+  - Enhanced unpack generator to include all necessary infrastructure
+  - Complete "no black box" policy implementation
+- **JWT authentication system** - Comprehensive fixes and improvements
+  - Proper JWT secret configuration using Rails secret_key_base
+  - Fixed token expiration error messages
+  - Improved parameter validation with Rails conventions (before_action)
+  - ActionCable configuration for test environment
+- **Test suite** - All authentication tests now passing (11/11 - 100% success)
+  - Fixed fixture data foreign key constraints
+  - Proper multi-tenant JWT token verification
+  - Real database operations (no mocks) for confidence in production
+### Added
+- **Standalone operation** - Complete extraction of all authentication functionality
+  - All runtime code extracted to host application
+  - Zero gem dependencies after installation
+  - Full customization control for developers
+### Improved
+- **Rails conventions** - Better adherence to Rails patterns
+  - Clean before_action callbacks for parameter validation
+  - Proper error handling and status codes
+  - Enhanced test coverage with behavior-driven assertions
+## [0.1.3] - 2025-07-22
+### Added
+- **Self-extracting generator gem architecture** - Install temporarily, extract code, remove dependency
+- **JWT-based authentication system** with complete feature set:
+  - User registration and login
+  - Password reset with email notifications
+  - Account lockout after failed attempts
+  - Email confirmation system
+  - Multi-tenant organization support
+- **Rails generator system** with install and unpack commands
+- **Complete authentication infrastructure**:
+  - User, Organization, and Agency models
+  - Authentication controllers with full CRUD
+  - Email templates for notifications
+  - Comprehensive test suite
+  - Database migrations and seeds
+### Features
+- **JWT token management** with configurable expiration
+- **Multi-tenant architecture** with organization-based isolation
+- **Email notifications** for password reset and account actions
+- **Account security** with lockout and unlock mechanisms
+- **Flexible configuration** system for all authentication settings
+- **Production-ready** with comprehensive error handling
+### Technical Implementation
+- Clean generator architecture following Rails conventions
+- Template-based code generation for easy customization
+- Proper Ruby module structure with namespace isolation
+- Comprehensive test suite with real database operations
+- Zero runtime dependencies after code extraction
+### Generator Commands
+- `rails generate propel_authentication:install` - Install authentication system
+- `rails generate propel_authentication:unpack` - Extract generator for customization
+- Selective unpacking with component-specific options
+### Self-Extracting Benefits
+- **No runtime gem dependencies** - all code lives in host application
+- **Full customization control** - modify any authentication component
+- **Standard Rails patterns** - follows established conventions
+- **Easy maintenance** - no hidden gem complexity in production