propel_authentication 0.1.4 → 0.2.1

data/lib/generators/propel_authentication/templates/test/controllers/auth/signup_controller_test.rb.tt

@@ -0,0 +1,201 @@
+require "test_helper"
+
+class <%= controller_namespace('signup') %>SignupControllerTest < ActionDispatch::IntegrationTest
+  
+  def setup
+    @valid_signup_params = {
+      user: {
+        email_address: "newuser@example.com",
+        username: "newuser",
+        password: "password123",
+        password_confirmation: "password123",
+        first_name: "New",
+        last_name: "User"
+      },
+      organization: {
+        name: "New Company Inc",
+        website: "https://newcompany.com",
+        time_zone: "UTC"
+      }
+    }
+    
+    @valid_signup_params_with_agency = @valid_signup_params.merge(
+      agency: {
+        name: "Primary Agency",
+        description: "Main operations agency"
+      },
+      agent: {
+        role: "owner"
+      }
+    )
+  end
+
+  test "should create user and organization successfully" do
+    assert_difference ['User.count', 'Organization.count'], 1 do
+      post '<%= auth_route_prefix %>/signup', 
+           params: @valid_signup_params_with_agency,
+           as: :json
+    end
+    
+    assert_response :created
+    response_body = JSON.parse(response.body)
+    
+    # Verify response structure
+    assert_includes response_body.keys, 'token'
+    assert_includes response_body.keys, 'user'
+    assert_includes response_body.keys, 'organization'
+    assert_includes response_body.keys, 'message'
+    assert_includes response_body.keys, 'next_steps'
+    
+    # Verify user data
+    user_data = response_body['user']
+    assert_equal @valid_signup_params[:user][:email_address], user_data['email_address']
+    assert_equal @valid_signup_params[:user][:username], user_data['username']
+    assert_equal @valid_signup_params[:user][:first_name], user_data['first_name']
+    
+    # Verify organization data
+    org_data = response_body['organization']
+    assert_equal @valid_signup_params[:organization][:name], org_data['name']
+    assert_equal @valid_signup_params[:organization][:website], org_data['website']
+    
+    # Verify JWT token is valid
+    token = response_body['token']
+    assert_not_nil token
+    
+    # Verify the token can be used for authenticated requests
+    get '<%= auth_route_prefix %>/me', 
+        headers: { 'Authorization' => "Bearer #{token}" }
+    assert_response :success
+  end
+
+  test "should create user, organization, agency, and agent when agency tenancy enabled" do
+    skip "Agency tenancy test - enable when PropelApi.configuration.agency_tenancy = true" unless agency_tenancy_enabled?
+    
+    assert_difference ['User.count', 'Organization.count', 'Agency.count', 'Agent.count'], 1 do
+      post '<%= auth_route_prefix %>/signup', 
+           params: @valid_signup_params_with_agency,
+           as: :json
+    end
+    
+    assert_response :created
+    response_body = JSON.parse(response.body)
+    
+    # Verify user, agency, and agent were created
+    assert_includes response_body.keys, 'user'
+    assert_includes response_body.keys, 'agency'
+    assert_includes response_body.keys, 'agent'
+    
+    user_data = response_body['user']
+    agency_data = response_body['agency']
+    assert_equal @valid_signup_params_with_agency[:agency][:name], agency_data['name']
+    
+    agent_data = response_body['agent']
+    assert_equal @valid_signup_params_with_agency[:agent][:role], agent_data['role']
+    
+    # Verify JWT contains minimal secure claims (agency access is now real-time lookup)
+    token = response_body['token']
+    payload = JWT.decode(token, PropelAuthentication.configuration.jwt_secret, true, { algorithm: 'HS256' })[0]
+    assert_includes payload.keys, 'user_id'
+    assert_includes payload.keys, 'organization_id'
+    assert_not_includes payload.keys, 'agency_ids', "agency_ids removed for security - now real-time lookup"
+    
+    # Verify user has real-time agency access via agents association
+    created_user = User.find(user_data['id'])
+    assert_includes created_user.agency_ids, agency_data['id']
+  end
+
+  test "should reject signup with missing user data" do
+    invalid_params = @valid_signup_params.except(:user)
+    
+    post '<%= auth_route_prefix %>/signup', 
+         params: invalid_params,
+         as: :json
+    
+    assert_response :unprocessable_entity
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'error'
+  end
+
+  test "should reject signup with missing organization data" do
+    invalid_params = @valid_signup_params.except(:organization)
+    
+    post '<%= auth_route_prefix %>/signup', 
+         params: invalid_params,
+         as: :json
+    
+    assert_response :unprocessable_entity
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'error'
+  end
+
+  test "should reject signup with invalid email format" do
+    invalid_params = @valid_signup_params_with_agency.dup
+    invalid_params[:user][:email_address] = "invalid-email"
+    
+    post '<%= auth_route_prefix %>/signup', 
+         params: invalid_params,
+         as: :json
+    
+    assert_response :unprocessable_entity
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'details'
+    assert_includes response_body['details'].keys, 'email_address'
+  end
+
+  test "should reject signup with password confirmation mismatch" do
+    invalid_params = @valid_signup_params_with_agency.dup
+    invalid_params[:user][:password_confirmation] = "different_password"
+    
+    post '<%= auth_route_prefix %>/signup', 
+         params: invalid_params,
+         as: :json
+    
+    assert_response :unprocessable_entity
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'details'
+  end
+
+  test "should reject duplicate email address" do
+    # Create first user
+    post '<%= auth_route_prefix %>/signup', 
+         params: @valid_signup_params_with_agency,
+         as: :json
+    assert_response :created
+    
+    # Try to create second user with same email
+    duplicate_params = @valid_signup_params_with_agency.dup
+    duplicate_params[:user][:username] = "different_username"
+    duplicate_params[:organization][:name] = "Different Company"
+    duplicate_params[:agency][:name] = "Different Agency"
+    
+    post '<%= auth_route_prefix %>/signup', 
+         params: duplicate_params,
+         as: :json
+    
+    assert_response :unprocessable_entity
+    response_body = JSON.parse(response.body)
+    assert_includes response_body.keys, 'details'
+    assert_includes response_body['details'].keys, 'email_address'
+  end
+
+  test "should require agency data when agency tenancy is enabled" do
+    skip "Agency tenancy test - enable when PropelApi.configuration.agency_tenancy = true" unless agency_tenancy_enabled?
+    
+    # Try signup without agency data when agency tenancy is enabled
+    post '<%= auth_route_prefix %>/signup', 
+         params: @valid_signup_params,
+         as: :json
+    
+    assert_response :unprocessable_entity
+    response_body = JSON.parse(response.body)
+    assert_equal 'MISSING_AGENCY_DATA', response_body['code']
+  end
+
+  private
+
+  def agency_tenancy_enabled?
+    defined?(PropelApi) && PropelApi.configuration.agency_tenancy
+  rescue
+    false
+  end
+end

data/lib/generators/propel_authentication/templates/test/controllers/auth/tokens_controller_test.rb.tt

@@ -1,6 +1,6 @@
 require 'test_helper'
 
-class TokensControllerTest < ActionDispatch::IntegrationTest
+class <%= controller_namespace('tokens') %>TokensControllerTest < ActionDispatch::IntegrationTest
   # BEHAVIOR-DRIVEN TESTING: NO MOCKS - Test Real Functionality
   # These tests verify actual JWT authentication works with real database operations
   # and HTTP requests to provide 100% confidence in production functionality
@@ -46,11 +46,19 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
       last_name: "User",
       status: 1
     )
+    
+    # Create agencies and agent associations (required for real-time agency lookup)
+    @agency = Agency.create!(name: "Main Agency", organization: @organization)
+    @rival_agency = Agency.create!(name: "Rival Agency", organization: @rival_organization)
+    
+    Agent.create!(user: @valid_user, agency: @agency, role: "member")
+    Agent.create!(user: @other_user, agency: @rival_agency, role: "member")  
+    Agent.create!(user: @inactive_user, agency: @agency, role: "member")
   end
 
-  test "POST <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/login with valid credentials returns JWT token and user data" do
+  test "POST <%= auth_route_prefix %>/login with valid credentials returns JWT token and user data" do
     # BEHAVIOR TEST: Verify login for a user in a different organization to ensure multi-tenancy.
-    post <%= login_path_helper %>, params: {
+    post '<%= auth_route_prefix %>/login', params: {
       user: {
         email_address: @other_user.email_address,
         password: "securepassword123"
@@ -74,9 +82,9 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     assert_not_equal @organization.id, user_data["organization_id"], "Should not return data for the wrong organization"
   end
 
-  test "POST <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/login with invalid credentials returns proper error" do
+  test "POST <%= auth_route_prefix %>/login with invalid credentials returns proper error" do
     # BEHAVIOR TEST: Verify authentication rejection with real database validation
-    post <%= login_path_helper %>, params: {
+    post '<%= auth_route_prefix %>/login', params: {
       user: {
         email_address: @valid_user.email_address,
         password: "wrongpassword"
@@ -92,9 +100,9 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     assert_nil response_json["user"], "Should not return user data on authentication failure"
   end
 
-  test "POST <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/login with nonexistent user returns proper error" do
+  test "POST <%= auth_route_prefix %>/login with nonexistent user returns proper error" do
     # BEHAVIOR TEST: Verify handling of nonexistent users
-    post <%= login_path_helper %>, params: {
+    post '<%= auth_route_prefix %>/login', params: {
       user: {
         email_address: "nonexistent@example.com",
         password: "somepassword"
@@ -107,9 +115,9 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     assert_equal "Invalid credentials", response_json["error"], "Should return generic error message for security"
   end
 
-  test "POST <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/login with inactive user returns proper error" do
+  test "POST <%= auth_route_prefix %>/login with inactive user returns proper error" do
     # BEHAVIOR TEST: Verify inactive user access is properly denied
-    post <%= login_path_helper %>, params: {
+    post '<%= auth_route_prefix %>/login', params: {
       user: {
         email_address: @inactive_user.email_address,
         password: "password123"
@@ -122,10 +130,10 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     assert_equal "Account is inactive", response_json["error"], "Should return appropriate error for inactive account"
   end
 
-  test "GET <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/me with valid JWT token returns current user" do
+  test "GET <%= auth_route_prefix %>/me with valid JWT token returns current user" do
     # BEHAVIOR TEST: Verify JWT authentication for a user from a different organization.
     # First get a valid token by logging in as the user from the rival organization.
-    post <%= login_path_helper %>, params: {
+    post '<%= auth_route_prefix %>/login', params: {
       user: {
         email_address: @other_user.email_address,
         password: "securepassword123"
@@ -135,7 +143,7 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     token = JSON.parse(response.body)["token"]
     
     # Now test the protected endpoint with the real token.
-    get <%= me_path_helper %>, headers: {
+    get '<%= auth_route_prefix %>/me', headers: {
       'Authorization' => "Bearer #{token}"
     }
     
@@ -150,9 +158,9 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     assert_equal @rival_organization.id, user_data["organization_id"], "Should return correct organization relationship"
   end
 
-  test "GET <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/me with invalid JWT token returns error" do
+  test "GET <%= auth_route_prefix %>/me with invalid JWT token returns error" do
     # BEHAVIOR TEST: Verify JWT validation rejects invalid tokens
-    get <%= me_path_helper %>, headers: {
+    get '<%= auth_route_prefix %>/me', headers: {
       'Authorization' => "Bearer invalid.jwt.token"
     }
     
@@ -162,7 +170,7 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     assert_equal "Invalid token", response_json["error"], "Should return proper error message"
   end
 
-  test "GET <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/me with expired JWT token returns error" do
+  test "GET <%= auth_route_prefix %>/me with expired JWT token returns error" do
     # BEHAVIOR TEST: Verify expired tokens are properly rejected
     # Create an expired token for testing
     expired_payload = {
@@ -171,7 +179,7 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     }
     expired_token = JWT.encode(expired_payload, Rails.application.credentials.secret_key_base, 'HS256')
     
-    get <%= me_path_helper %>, headers: {
+    get '<%= auth_route_prefix %>/me', headers: {
       'Authorization' => "Bearer #{expired_token}"
     }
     
@@ -181,9 +189,9 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     assert_equal "Token expired", response_json["error"], "Should return proper expiration error"
   end
 
-  test "GET <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/me without authorization header returns error" do
+  test "GET <%= auth_route_prefix %>/me without authorization header returns error" do
     # BEHAVIOR TEST: Verify endpoint protection when no token provided
-    get <%= me_path_helper %>
+    get '<%= auth_route_prefix %>/me'
     
     # VERIFY AUTHORIZATION REQUIREMENT: Check endpoint requires authentication
     assert_response :unauthorized, "Missing authorization should be rejected"
@@ -191,10 +199,10 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     assert_equal "No token provided", response_json["error"], "Should return proper missing token error"
   end
 
-  test "DELETE <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/logout clears authentication state" do
+  test "DELETE <%= auth_route_prefix %>/logout clears authentication state" do
     # BEHAVIOR TEST: Verify logout functionality
     # First login to get a token
-    post <%= login_path_helper %>, params: {
+    post '<%= auth_route_prefix %>/login', params: {
       user: {
         email_address: @valid_user.email_address,
         password: "securepassword123"
@@ -204,7 +212,7 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     token = JSON.parse(response.body)["token"]
     
     # Now logout with the token
-    delete <%= logout_path_helper %>, headers: {
+    delete '<%= auth_route_prefix %>/logout', headers: {
       'Authorization' => "Bearer #{token}"
     }
     
@@ -214,9 +222,9 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
     assert_equal "Logged out successfully", response_json["message"], "Should return logout confirmation"
   end
 
-  test "POST <%= api_versioned? ? "/#{api_namespace}" : "" %>/auth/login validates required parameters" do
+  test "POST <%= auth_route_prefix %>/login validates required parameters" do
     # BEHAVIOR TEST: Verify parameter validation
-    post <%= login_path_helper %>, params: {
+    post '<%= auth_route_prefix %>/login', params: {
       user: {
         email_address: @valid_user.email_address
         # Missing password parameter
@@ -231,7 +239,7 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
 
   test "JWT token contains proper user context for multi-tenant application" do
     # BEHAVIOR TEST: Verify JWT for a different organization contains correct context.
-    post <%= login_path_helper %>, params: {
+    post '<%= auth_route_prefix %>/login', params: {
       user: {
         email_address: @other_user.email_address,
         password: "securepassword123"
@@ -253,7 +261,7 @@ class TokensControllerTest < ActionDispatch::IntegrationTest
 
   # Helper method to create authenticated request headers for testing
   def authenticated_headers_for(user)
-    post <%= login_path_helper %>, params: {
+    post '<%= auth_route_prefix %>/login', params: {
       user: {
         email_address: user.email_address,
         password: 'securepassword123'

data/lib/generators/propel_authentication/templates/test/mailers/auth_mailer_test.rb.tt

@@ -13,11 +13,6 @@ class AuthMailerTest < ActionMailer::TestCase
     )
   end
 
-  def teardown
-    User.destroy_all
-    Organization.destroy_all
-  end
-
   # BEHAVIOR: Test password reset email generation and content
   test "password reset email should contain proper content and structure" do
     # SETUP: Generate reset token
@@ -41,13 +36,12 @@ class AuthMailerTest < ActionMailer::TestCase
     assert_equal ["noreply@#{Rails.application.class.module_parent.name.downcase}.com"], email.from, "Email should have proper from address"
     assert_match(/Reset your password/i, email.subject, "Subject should contain password reset text")
     
-    # VERIFY BUSINESS LOGIC: Email body content validation
-    email_body = email.body.to_s
-    assert_match(@user.first_name, email_body, "Email should contain user's first name for personalization")
-    assert_match(@user.email_address, email_body, "Email should display user's email address for verification")
-    assert_match(reset_url, email_body, "Email should contain the reset URL with token")
-    assert_match(/15 minutes/i, email_body, "Email should specify token expiration time")
-    assert_match(/security/i, email_body, "Email should contain security messaging")
+    # VERIFY BUSINESS LOGIC: Email body content validation (multipart-aware)
+    assert_email_contains_text(email, @user.first_name, "Email should contain user's first name for personalization")
+    assert_email_contains_text(email, @user.email_address, "Email should display user's email address for verification")
+    assert_email_contains_text(email, reset_url, "Email should contain the reset URL with token")
+    assert_email_contains_text(email, /15 minutes/i, "Email should specify token expiration time")
+    assert_email_contains_text(email, /security/i, "Email should contain security messaging")
     
     # VERIFY EDGE CASES: Token format validation
     assert_match(/^[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+$/, reset_token, "Reset token should be valid JWT format")
@@ -79,14 +73,13 @@ class AuthMailerTest < ActionMailer::TestCase
     assert_equal [@user.email_address], email.to, "Email should be sent to user's email address"
     assert_match(/Account locked/i, email.subject, "Subject should indicate account lock status")
     
-    # VERIFY BUSINESS LOGIC: Email body content validation
-    email_body = email.body.to_s
-    assert_match(@user.first_name, email_body, "Email should contain user's first name")
-    assert_match(/multiple failed login attempts/i, email_body, "Email should explain why account was locked")
-    assert_match(unlock_url, email_body, "Email should contain unlock URL with token")
-    assert_match(/1 hour/i, email_body, "Email should specify unlock token expiration")
-    assert_match(/security/i, email_body, "Email should contain security messaging")
-    assert_match(/contact support/i, email_body, "Email should provide support contact information")
+    # VERIFY BUSINESS LOGIC: Email body content validation (multipart-aware)
+    assert_email_contains_text(email, @user.first_name, "Email should contain user's first name")
+    assert_email_contains_text(email, /multiple failed login attempts/i, "Email should explain why account was locked")
+    assert_email_contains_text(email, unlock_url, "Email should contain unlock URL with token")
+    assert_email_contains_text(email, /1 hour/i, "Email should specify unlock token expiration")
+    assert_email_contains_text(email, /security/i, "Email should contain security messaging")
+    assert_email_contains_text(email, /contact support/i, "Email should provide support contact information")
     
     # VERIFY EDGE CASES: Token format validation
     assert_match(/^[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+$/, unlock_token, "Unlock token should be valid JWT format")
@@ -133,14 +126,13 @@ class AuthMailerTest < ActionMailer::TestCase
     assert_match(/invited/i, email.subject, "Subject should indicate invitation")
     assert_match(@organization.name, email.subject, "Subject should contain organization name")
     
-    # VERIFY BUSINESS LOGIC: Email body content validation
-    email_body = email.body.to_s
-    assert_match(invitation.first_name, email_body, "Email should contain invitee's first name")
-    assert_match(inviter.first_name, email_body, "Email should contain inviter's name")
-    assert_match(@organization.name, email_body, "Email should contain organization name")
-    assert_match(invitation_url, email_body, "Email should contain invitation acceptance URL")
-    assert_match(/7 days/i, email_body, "Email should specify invitation expiration")
-    assert_match(/getting started/i, email_body, "Email should contain onboarding information")
+    # VERIFY BUSINESS LOGIC: Email body content validation (multipart-aware)
+    assert_email_contains_text(email, invitation.first_name, "Email should contain invitee's first name")
+    assert_email_contains_text(email, inviter.first_name, "Email should contain inviter's name")
+    assert_email_contains_text(email, @organization.name, "Email should contain organization name")
+    assert_email_contains_text(email, invitation_url, "Email should contain invitation acceptance URL")
+    assert_email_contains_text(email, /7 days/i, "Email should specify invitation expiration")
+    assert_email_contains_text(email, /getting started/i, "Email should contain onboarding information")
     
     # VERIFY EDGE CASES: Token format validation
     assert_match(/^[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+$/, invitation_token, "Invitation token should be valid JWT format")
@@ -172,7 +164,7 @@ class AuthMailerTest < ActionMailer::TestCase
     assert_equal [user_with_invalid_email.email_address], email.to, "Email should contain the provided address"
     
     # VERIFY BUSINESS LOGIC: System should not crash on delivery attempts
-    assert_nothing_raised "Email delivery should not raise exceptions in test environment" do
+    assert_nothing_raised do
       email.deliver_now
     end
   end
@@ -200,17 +192,40 @@ class AuthMailerTest < ActionMailer::TestCase
     # VERIFY FUNCTIONALITY: Email should be generated successfully
     assert_not_nil email, "Email should be generated for user with minimal data"
     
-    # VERIFY BUSINESS LOGIC: Email should handle missing first name gracefully
-    email_body = email.body.to_s
-    assert_match(/Hello/i, email_body, "Email should have fallback greeting")
-    assert_match(minimal_user.email_address, email_body, "Email should display email address when name unavailable")
+    # VERIFY BUSINESS LOGIC: Email should handle missing first name gracefully (multipart-aware)
+    assert_email_contains_text(email, /Hello/i, "Email should have fallback greeting")
+    assert_email_contains_text(email, minimal_user.email_address, "Email should display email address when name unavailable")
   end
 
   private
 
-  # Helper method to extract token from email body
-  def extract_token_from_email_body(email_body)
-    match = email_body.match(/token=([A-Za-z0-9\-_\.]+)/)
+  # Helper method to check content in multipart emails using Rails built-in methods
+  def assert_email_contains_text(email, expected_text, message = nil)
+    # Use Rails' built-in methods for cleaner multipart handling
+    email_content = [
+      email.text_part&.body&.to_s,
+      email.html_part&.body&.to_s&.gsub(/<[^>]*>/, ' ')&.gsub(/\s+/, ' ')&.strip
+    ].compact.join(' ')
+    
+    # Fallback to body for single-part emails
+    email_content = email.body.to_s if email_content.empty?
+    
+    if expected_text.is_a?(Regexp)
+      assert_match expected_text, email_content, message
+    else
+      assert_includes email_content, expected_text.to_s, message
+    end
+  end
+
+  # Helper method to extract token from email body using Rails methods
+  def extract_token_from_email_body(email)
+    email_content = [
+      email.text_part&.body&.to_s,
+      email.html_part&.body&.to_s
+    ].compact.join(' ')
+    
+    email_content = email.body.to_s if email_content.empty?
+    match = email_content.match(/token=([A-Za-z0-9\-_\.]+)/)
     match ? match[1] : nil
   end
 end 

data/lib/generators/propel_authentication/templates/views/auth_mailer/email_confirmation.html.erb

@@ -164,7 +164,7 @@
         <p>Thank you for signing up! To get started, please confirm your email address by clicking the button below:</p>
         
         <div style="text-align: center;">
-          <a href="<%= confirmation_url(@user) %>" class="confirm-button">
+          <a href="<%= @confirmation_url %>" class="confirm-button">
             Confirm My Email Address
           </a>
         </div>
@@ -176,7 +176,7 @@
         
         <div class="token-section">
           <p style="margin: 0;"><strong>Confirmation Link:</strong></p>
-          <p class="token-code"><%= confirmation_url(@user) %></p>
+          <p class="token-code"><%= @confirmation_url %></p>
         </div>
         
         <!-- Security information -->

data/lib/generators/propel_authentication/templates/views/auth_mailer/email_confirmation.text.erb

@@ -7,7 +7,7 @@ Welcome <%= @display_name %>!
 Thank you for signing up! To get started, please confirm your email address.
 
 CONFIRM YOUR EMAIL ADDRESS:
-<%= confirmation_url(@user) %>
+<%= @confirmation_url %>
 
 This confirmation link will expire in 24 hours for security reasons.
 

data/lib/generators/propel_authentication/test/generators/authentication/install_generator_test.rb

@@ -116,7 +116,7 @@ class Propel::Authentication::InstallGeneratorTest < Rails::Generators::TestCase
       assert_match(/GET \/auth\/me/, content)
       
       # Verify proper JWT authentication middleware
-      assert_match(/include PropelAuthentication/, content)
+      assert_match(/include PropelAuthenticationConcern/, content)
       assert_match(/return unless authenticate_user/, content)
       
       # Verify proper API response format
@@ -265,7 +265,7 @@ class Propel::Authentication::InstallGeneratorTest < Rails::Generators::TestCase
       assert_match(/def me/, content)
       
       # Verify JWT authentication support for testing
-      assert_match(/include PropelAuthentication/, content)
+      assert_match(/include PropelAuthenticationConcern/, content)
       assert_match(/return unless authenticate_user/, content)
       
       # Verify proper error handling for testing
@@ -370,7 +370,7 @@ class Propel::Authentication::InstallGeneratorTest < Rails::Generators::TestCase
       assert_match(/status: :unauthorized/, content)
       
       # Verify JWT token handling
-      assert_match(/include PropelAuthentication/, content)
+      assert_match(/include PropelAuthenticationConcern/, content)
       assert_match(/return unless authenticate_user/, content)
     end
   end
@@ -450,7 +450,7 @@ class Propel::Authentication::InstallGeneratorTest < Rails::Generators::TestCase
     # Verify the system would work for a JavaScript frontend
     controller_code = File.read(File.join(destination_root, "app/controllers/auth/tokens_controller.rb"))
     assert_match(/render json:/, controller_code)
-    assert_match(/include PropelAuthentication/, controller_code)
+    assert_match(/include PropelAuthenticationConcern/, controller_code)
     
     # Verify JWT token functionality exists
     authenticatable_code = File.read(File.join(destination_root, "app/models/concerns/authenticatable.rb"))

data/lib/generators/propel_authentication/test/generators/authentication/uninstall_generator_test.rb

@@ -65,7 +65,7 @@ class Propel::Authentication::UninstallGeneratorTest < Rails::Generators::TestCa
     assert_no_file "app/models/concerns/authenticatable.rb"
     assert_no_file "app/models/concerns/lockable.rb"
     assert_no_file "app/controllers/auth/tokens_controller.rb"
-    assert_no_file "app/controllers/concerns/propel_authentication.rb"
+    assert_no_file "app/controllers/concerns/propel_authentication_concern.rb"
     assert_no_file "config/initializers/propel_access.rb"
     assert_no_file "config/initializers/propel_access_configuration.rb"
     assert_no_file "db/seeds.rb"

data/lib/generators/propel_authentication/test/integration/generator_integration_test.rb

@@ -140,7 +140,7 @@ class GeneratorIntegrationTest < ActiveSupport::TestCase
                    "Controller should have destroy action (logout)")
       assert_match(/def me/, controller_content, 
                    "Controller should have me action")
-      assert_match(/include PropelAuthentication/, controller_content, 
+      assert_match(/include PropelAuthenticationConcern/, controller_content, 
                    "Controller should include authentication concern")
       
       # Test routes were generated

data/lib/generators/propel_authentication/test/integration/multi_version_generator_test.rb

@@ -16,31 +16,32 @@ class MultiVersionGeneratorTest < Rails::Generators::TestCase
     super
   end
 
-  test "generator creates dynamic API versioning structure" do
-    run_generator ["--configurable-versioning"]
+  test "generator creates dynamic controller structure with proper namespace configuration" do
+    run_generator ["--namespace=api", "--version=v1"]
     
-    # Verify base controllers are created
-    assert_file "app/controllers/api/auth/base_tokens_controller.rb" do |content|
-      assert_match(/class Api::Auth::BaseTokensController < ApplicationController/, content)
-      assert_match(/POST \/api\/\{version\}\/auth\/login/, content)
+    # Verify direct controllers are created with proper class names (no inheritance)
+    assert_file "app/controllers/api/v1/tokens_controller.rb" do |content|
+      assert_match(/class Api::V1::TokensController < ApplicationController/, content)
+      assert_match(/POST \/api\/v1\/login/, content)
       assert_match(/def create/, content)
       assert_match(/def show/, content)
       assert_match(/def destroy/, content)
       assert_match(/def unlock/, content)
     end
     
-    assert_file "app/controllers/api/auth/base_passwords_controller.rb" do |content|
-      assert_match(/class Api::Auth::BasePasswordsController < ApplicationController/, content)
-      assert_match(/POST \/api\/\{version\}\/auth\/reset/, content)
+    assert_file "app/controllers/api/v1/passwords_controller.rb" do |content|
+      assert_match(/class Api::V1::PasswordsController < ApplicationController/, content)
+      assert_match(/POST \/api\/v1\/reset/, content)
       assert_match(/def create/, content)
       assert_match(/def show/, content)
       assert_match(/def update/, content)
     end
     
-    # Verify runtime configurable routes are created
+    # Verify routes are created with proper namespacing and as: options
     assert_file "config/routes.rb" do |content|
-      assert_match(/# Runtime configurable API versioning routes/, content)
-      assert_match(/api_version = PropelAccess\.configuration\.api_version/, content)
+      assert_match(/namespace :api/, content)
+      assert_match(/namespace :v1/, content)
+      assert_match(/post 'login', to: 'tokens#create', as: :login/, content)
       assert_match(/namespace :api do/, content)
       assert_match(/namespace api_version do/, content)
       assert_match(/namespace :auth do/, content)