propel_authentication 0.1.4 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6b1f57ecf3f4af5949e584a1a3999763ba8bbf5b558bfb0bbd8505de249c2603
-  data.tar.gz: d83ba00e83a944dfafac07fadc250cded1c6ba631108d91e5cd46c13c8592703
+  metadata.gz: 22860db42c802dc6a34029c311149badcf95f0b9c54a2f83767bf4c2f1c62618
+  data.tar.gz: 30c016587b4500344ad0a6a95feeef37a12cee54a7addd4f912c67fc5b8f4ca3
 SHA512:
-  metadata.gz: a8fcdcbd5e287c80e989d9c7ebca67ca43b2eb5ee894aa330de5c3bbb1e08c25776837d24345b3c96bd04055cd960a8b433dd79dc912f1b316bec0a0fb45cf1e
-  data.tar.gz: f90e403196ba6e4df6adae2359331fbb82354b890ed8b2594d702d24f19318d65ad0e87d498530bd9848ced16a490fc6f5e006221a08f68539c364e12f17aeef
+  metadata.gz: 7da4c75f8d12fce6ad7a0686d2ac6fca6146df044e0b8d8bf6f73acb812f851298c270529cb8c9bd6ef10acb992c0a2b62711182ea92caf7deef06bad084d627
+  data.tar.gz: f94d8b1ec7dfaad482db03aff177dee93af78ef132bd89634af780044f5907f0aa95afe96971540af058f364dfaf4b410f1aaca02311b0b51970b0d83ff6fbf6

data/CHANGELOG.md

@@ -13,7 +13,47 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Session management and device tracking
 - Advanced password policies
 
-## [0.1.4] - 2025-01-23
+## [0.2.0] - 2025-09-02
+
+### BREAKING CHANGES
+- **Configuration ownership**: `agency_tenancy` configuration moved from PropelApi to PropelAuthentication
+  - Update config files: `PropelApi.configuration.agency_tenancy` → `PropelAuthentication.configuration.agency_tenancy`
+  - PropelAuthentication now owns all tenancy model configuration
+- **Frontend URL configuration**: No longer allows nil values
+  - Configuration hierarchy: Rails credentials → ENV variables → explicit fallbacks
+  - `frontend_url` must be configured (no nil defaults)
+
+### Added
+- **Configurable tenancy requirements**: New fine-grained control over API behavior
+  - `require_organization_id` (default: false) - Controls whether explicit organization_id is required in API requests
+  - `require_user_id` (default: false) - Controls whether explicit user_id is required in API requests
+  - Developer-friendly defaults enable auto-assignment while allowing strict enterprise security
+- **Enhanced User model**: Complete multi-agency support
+  - Added `has_many :agencies, through: :agents` relationship for agency access
+  - Enhanced JSON facets with comprehensive field sets including authentication status
+  - Short facet now includes `:status` field for user state tracking
+  - Details facet includes all authentication fields with proper association includes
+
+### Fixed
+- **Authentication namespace conflict resolved** - Renamed authentication concern to prevent module name collision
+  - `PropelAuthentication` concern renamed to `PropelAuthenticationConcern` 
+  - Eliminates conflict between authentication controller concern and PropelAuthentication configuration module
+  - Updated all controller templates and generated files
+  - Enhanced method visibility for better API design
+- **Email confirmation workflow**: Fixed multipart email handling and token generation timing
+- **Account locking idempotency**: `lock_account!` method now properly handles race conditions
+- **Configuration consistency**: Unified tenancy model ownership under PropelAuthentication
+
+### Improved
+- **JWT token security**: Removed agency_ids from JWT payload for better security (looked up in real-time)
+- **User facet completeness**: Details facet now includes all relevant authentication and profile fields
+- **Authentication concern API design** - Better method organization and access patterns
+  - `authenticate_user` - Public method for `before_action` callbacks
+  - `current_user` - Public method for accessing authenticated user
+  - `extract_jwt_token` - Public method for custom authentication scenarios (email notifications, audit logging, token refresh)
+  - Clean separation between public API and internal implementation
+
+## [0.1.4] - 2025-08-15
 
 ### Fixed
 - **Critical generator extraction issue** - Core infrastructure files now properly extracted during installation
@@ -42,7 +82,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Proper error handling and status codes
   - Enhanced test coverage with behavior-driven assertions
 
-## [0.1.3] - 2025-01-XX
+## [0.1.3] - 2025-07-22
 
 ### Added
 - **Self-extracting generator gem architecture** - Install temporarily, extract code, remove dependency
@@ -85,3 +125,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Full customization control** - modify any authentication component
 - **Standard Rails patterns** - follows established conventions
 - **Easy maintenance** - no hidden gem complexity in production
+

data/README.md

@@ -10,7 +10,7 @@ PropelAuthentication is designed as a **self-extracting generator gem** followin
 
 ```ruby
 # In your Gemfile
-gem 'propel_authentication', '~> 0.1.4'
+gem 'propel_authentication', '~> 0.2.0'
 ```
 
 ### Step 2: Bundle Install
@@ -128,7 +128,7 @@ end
 
 # In your controllers  
 class ApplicationController < ActionController::API
-  include PropelAuthentication     # Authentication helpers
+  include PropelAuthenticationConcernConcern     # Authentication helpers
   include RackSessionDisable       # Disable Rails sessions for API-only apps
 
   # Use authenticate_user to protect endpoints
@@ -258,7 +258,7 @@ After installation, PropelAuthentication creates:
 ### Controllers
 - `app/controllers/auth/tokens_controller.rb` - Login, logout, user info
 - `app/controllers/auth/passwords_controller.rb` - Password reset functionality
-- `app/controllers/concerns/propel_authentication.rb` - Authentication helpers
+- `app/controllers/concerns/propel_authentication_concern.rb` - Authentication helpers
 - `app/controllers/concerns/rack_session_disable.rb` - Session management for APIs
 
 ### Services
@@ -300,7 +300,7 @@ After installation, PropelAuthentication creates:
 
 ```ruby
 class Api::V1::UsersController < ApplicationController
-  include PropelAuthentication
+  include PropelAuthenticationConcern
   before_action :authenticate_user
   
   def index
@@ -374,7 +374,7 @@ PropelAuthentication integrates seamlessly with other PropelRails gems:
 ```ruby
 # Generated API controllers automatically include authentication
 class Api::V1::ApiController < ApplicationController
-  include PropelAuthentication
+  include PropelAuthenticationConcern
   before_action :authenticate_user
   
   # Your API methods here
@@ -412,7 +412,7 @@ bundle exec rake test
 
 ## Version History
 
-### 0.1.4 (Current)
+### 0.2.0 (Current)
 - Fixed generator extraction issues
 - Enhanced JWT authentication with proper secret handling
 - Complete test suite passing

data/lib/generators/propel_authentication/install_generator.rb

@@ -34,7 +34,7 @@ module PropelAuthentication
     desc "Generate JWT-based authentication system with configurable URL architecture"
     
     def copy_jwt_initializer
-      initialize_propel_auth_settings
+      determine_configuration
       
       if behavior == :revoke
         remove_file "config/initializers/propel_authentication.rb"
@@ -46,14 +46,15 @@ module PropelAuthentication
       end
     end
 
-
-
     def copy_authentication_models
-      copy_file "user.rb", "app/models/user.rb"
-      copy_file "organization.rb", "app/models/organization.rb"  
-      copy_file "agency.rb", "app/models/agency.rb"
-      copy_file "agent.rb", "app/models/agent.rb"
-      copy_file "invitation.rb", "app/models/invitation.rb"
+      # Detect rendering engine for conditional facet generation
+      @rendering_engine = detect_rendering_engine
+      
+      template "models/user.rb.tt", "app/models/user.rb"
+      template "models/organization.rb.tt", "app/models/organization.rb"  
+      template "models/agency.rb.tt", "app/models/agency.rb"
+      template "models/agent.rb.tt", "app/models/agent.rb"
+      template "models/invitation.rb.tt", "app/models/invitation.rb"
     end
 
     def copy_authentication_concerns
@@ -61,20 +62,15 @@ module PropelAuthentication
       copy_file "concerns/lockable.rb", "app/models/concerns/lockable.rb"
       copy_file "concerns/recoverable.rb", "app/models/concerns/recoverable.rb"
       copy_file "concerns/confirmable.rb", "app/models/concerns/confirmable.rb"
-      copy_file "concerns/propel_authentication.rb", "app/controllers/concerns/propel_authentication.rb"
+      copy_file "concerns/propel_authentication_concern.rb", "app/controllers/concerns/propel_authentication_concern.rb"
       copy_file "concerns/rack_session_disable.rb", "app/controllers/concerns/rack_session_disable.rb"
     end
 
     def copy_jwt_controllers
-      if auth_namespaced?
-        template "auth/base_tokens_controller.rb.tt", "app/controllers/#{auth_namespace_path}/auth/base_tokens_controller.rb"
-        template "auth/base_passwords_controller.rb.tt", "app/controllers/#{auth_namespace_path}/auth/base_passwords_controller.rb"
-        create_versioned_controller(@auth_version || 'v1', 'tokens', controller_directory)
-        create_versioned_controller(@auth_version || 'v1', 'passwords', controller_directory)
-      else
-        template "tokens_controller.rb.tt", "#{controller_directory}/tokens_controller.rb"
-        template "auth/passwords_controller.rb.tt", "#{controller_directory}/passwords_controller.rb"
-      end
+      # Generate direct controllers with dynamic file paths (no inheritance)
+      template "auth/tokens_controller.rb.tt", controller_file_path('tokens')
+      template "auth/passwords_controller.rb.tt", controller_file_path('passwords')
+      template "auth/signup_controller.rb.tt", controller_file_path('signup')
     end
 
     def copy_email_infrastructure
@@ -89,9 +85,14 @@ module PropelAuthentication
       end
     end
 
+    def copy_documentation
+      copy_file "doc/signup_flow.md", "doc/signup_flow.md"
+    end
+
     def copy_authentication_tests
       template "user_test.rb.tt", "test/models/user_test.rb"
       template "test/controllers/auth/tokens_controller_test.rb.tt", "test/controllers/auth/tokens_controller_test.rb"
+      template "test/controllers/auth/signup_controller_test.rb.tt", "test/controllers/auth/signup_controller_test.rb"
       template "test/mailers/auth_mailer_test.rb.tt", "test/mailers/auth_mailer_test.rb"
       copy_file "test/mailers/previews/auth_mailer_preview.rb", "test/mailers/previews/auth_mailer_preview.rb"
     end
@@ -120,7 +121,19 @@ module PropelAuthentication
     end
 
     def add_authentication_routes
-      route generate_routes_content
+      routes_file = File.join(destination_root, "config/routes.rb")
+      return unless File.exist?(routes_file)
+      
+      routes_content = File.read(routes_file)
+      
+      # Check if authentication routes already exist
+      if authentication_routes_exist?(routes_content)
+        say "Authentication routes already exist, skipping route generation", :yellow
+        return
+      end
+      
+      # Use dedicated routes template for clean separation of concerns
+      route template_file_for_routes
     end
     
     def copy_authentication_migrations
@@ -166,12 +179,12 @@ module PropelAuthentication
       say "• Run: rails test", :blue
       say "• Optional: Remove 'propel_auth' from Gemfile (system is fully extracted)", :cyan
       
-      if auth_namespaced?
+      if @auth_namespace.present? || @auth_version.present? || @auth_scope.present?
         say "• Routes: #{auth_route_prefix}/*", :blue
-        say "• Controllers: #{controller_namespace}::*", :blue
+        say "• Controllers: #{controller_namespace('tokens')}*", :blue
       else
         say "• Routes: /login, /logout, /me", :blue
-        say "• Controllers: Auth::*", :blue
+        say "• Controllers: TokensController, PasswordsController, etc.", :blue
       end
       
       say "\n🎨 Customization:", :bold
@@ -184,75 +197,34 @@ module PropelAuthentication
 
     private
 
-    # Helper methods for authentication URL structure
-    def auth_namespaced?
-      @auth_namespace.present? || @auth_version.present?
-    end
-    
-    def auth_namespace_path
-      return '' unless auth_namespaced?
-      path_parts = []
-      path_parts << @auth_namespace if @auth_namespace.present?
-      path_parts << @auth_version if @auth_version.present?
-      path_parts.join('/')
-    end
-    
-    def controller_namespace
-      auth_controller_namespace
-    end
-    
-    def controller_directory
-      auth_controller_directory
-    end
-
-    def api_only_app?
-      # Check if this is a Rails API-only application
-      Rails.application.config.respond_to?(:api_only) && Rails.application.config.api_only
-    end
-
-    # Path helper methods for tests
-    def login_path_helper
-      if auth_namespaced?
-        "'#{auth_route_prefix}/login'"
+    # Check if authentication routes already exist in routes file
+    def authentication_routes_exist?(routes_content)
+      # Check for key authentication routes based on our configuration
+      if @auth_namespace.present? && @auth_version.present? && @auth_scope.present?
+        # Check for api/v1/auth/login pattern
+        routes_content.match?(/namespace\s+:#{@auth_namespace}\s+do.*?namespace\s+:#{@auth_version}\s+do.*?namespace\s+:#{@auth_scope}\s+do.*?post\s+['"]login['"],?\s+to:\s+['"]tokens#create['"], as: :login/m)
+      elsif @auth_namespace.present? && @auth_version.present?
+        # Check for api/v1/login pattern
+        routes_content.match?(/namespace\s+:#{@auth_namespace}\s+do.*?namespace\s+:#{@auth_version}\s+do.*?post\s+['"]login['"],?\s+to:\s+['"]tokens#create['"], as: :login/m)
+      elsif @auth_namespace.present? && @auth_scope.present?
+        # Check for api/auth/login pattern
+        routes_content.match?(/namespace\s+:#{@auth_namespace}\s+do.*?namespace\s+:#{@auth_scope}\s+do.*?post\s+['"]login['"],?\s+to:\s+['"]tokens#create['"], as: :login/m)
+      elsif @auth_scope.present?
+        # Check for auth/login pattern
+        routes_content.match?(/namespace\s+:#{@auth_scope}\s+do.*?post\s+['"]login['"],?\s+to:\s+['"]tokens#create['"], as: :login/m)
+      elsif @auth_namespace.present?
+        # Check for api/login pattern
+        routes_content.match?(/namespace\s+:#{@auth_namespace}\s+do.*?post\s+['"]login['"],?\s+to:\s+['"]tokens#create['"], as: :login/m)
       else
-        "'/login'"
+        # Check for root-level login route
+        routes_content.match?(/post\s+['"]login['"],?\s+to:\s+['"]tokens#create['"], as: :login/)
       end
     end
 
-    def me_path_helper
-      if auth_namespaced?
-        "'#{auth_route_prefix}/me'"
-      else
-        "'/me'"
-      end
-    end
-
-    def logout_path_helper
-      if auth_namespaced?
-        "'#{auth_route_prefix}/logout'"
-      else
-        "'/logout'"
-      end
-    end
-
-    def unlock_path_helper
-      if auth_namespaced?
-        "'#{auth_route_prefix}/unlock'"
-      else
-        "'/unlock'"
-      end
-    end
-
-    def password_reset_path_helper
-      if auth_namespaced?
-        "'#{auth_route_prefix}/reset'"
-      else
-        "'/reset'"
-      end
-    end
-
-    def reset_path_helper
-      password_reset_path_helper
+    # Render authentication routes template to string
+    def template_file_for_routes
+      source_path = find_in_source_paths("routes/auth_routes.rb.tt")
+      ERB.new(File.read(source_path), trim_mode: '-').result(binding)
     end
 
     def add_gem_if_missing(gem_name, version_requirement = nil, options = {})
@@ -284,71 +256,7 @@ module PropelAuthentication
     def migration_exists?(migration_name)
       Dir.glob("#{destination_root}/db/migrate/*_#{migration_name}.rb").any?
     end
-
-    def generate_routes_content
-      if auth_namespaced?
-        route_lines = ["# JWT Authentication routes for #{auth_route_prefix}"]
-        
-        # Build namespace opening
-        namespace_parts = []
-        namespace_parts << @auth_namespace if @auth_namespace.present?
-        namespace_parts << @auth_version if @auth_version.present?
-        
-        namespace_parts.each_with_index do |part, index|
-          indent = "  " * index
-          route_lines << "#{indent}namespace :#{part} do"
-        end
-        
-        # Add authentication routes directly in namespace (no nested /auth/)
-        route_indent = "  " * namespace_parts.length
-        route_lines << "#{route_indent}post 'login', to: 'auth/tokens#create'"
-        route_lines << "#{route_indent}get 'me', to: 'auth/tokens#me'"
-        route_lines << "#{route_indent}delete 'logout', to: 'auth/tokens#destroy'"
-        route_lines << "#{route_indent}post 'unlock', to: 'auth/tokens#unlock'"
-        route_lines << "#{route_indent}post 'reset', to: 'auth/passwords#create'"
-        route_lines << "#{route_indent}get 'reset', to: 'auth/passwords#show'"
-        route_lines << "#{route_indent}patch 'reset', to: 'auth/passwords#update'"
-        
-        # Build namespace closing
-        namespace_parts.length.times do |index|
-          indent = "  " * (namespace_parts.length - 1 - index)
-          route_lines << "#{indent}end"
-        end
-        
-        route_lines.join("\n")
-      else
-        <<~ROUTES
-          # JWT Authentication routes
-          post 'login', to: 'auth/tokens#create'
-          get 'me', to: 'auth/tokens#me'
-          delete 'logout', to: 'auth/tokens#destroy'
-          post 'unlock', to: 'auth/tokens#unlock'
-          post 'reset', to: 'auth/passwords#create'
-          get 'reset', to: 'auth/passwords#show'
-          patch 'reset', to: 'auth/passwords#update'
-        ROUTES
-      end
-    end
-
-    def create_versioned_controller(version, controller_type, directory)
-      case controller_type
-      when 'tokens'
-        controller_content = <<~RUBY
-          # Generated versioned controller for API #{version}
-          class Api::#{version.camelize}::Auth::TokensController < Api::Auth::BaseTokensController
-          end
-        RUBY
-      when 'passwords'
-        controller_content = <<~RUBY
-          # Generated versioned controller for API #{version}
-          class Api::#{version.camelize}::Auth::PasswordsController < Api::Auth::BasePasswordsController
-          end
-        RUBY
-      end
-      
-      create_file "#{directory}/#{controller_type}_controller.rb", controller_content
-    end
-
+    
     # Fixture content methods
     def organizations_fixture
       <<~FIXTURE
@@ -451,17 +359,70 @@ module PropelAuthentication
           organization: acme_org
           created_at: <%= 10.days.ago %>
           updated_at: <%= 2.days.ago %>
+
+        sales_agency:
+          name: "Sales Department"
+          organization: acme_org
+          created_at: <%= 9.days.ago %>
+          updated_at: <%= 2.days.ago %>
+
+        tech_agency:
+          name: "Tech Solutions"
+          organization: tech_startup
+          created_at: <%= 8.days.ago %>
+          updated_at: <%= 1.day.ago %>
+
+        support_agency:
+          name: "Support Team"
+          organization: tech_startup
+          created_at: <%= 7.days.ago %>
+          updated_at: <%= 1.day.ago %>
       FIXTURE
     end
 
     def agents_fixture
       <<~FIXTURE
-        marketing_agent:
+        john_marketing_agent:
           user: john_user
           agency: marketing_agency
           role: "manager"
           created_at: <%= 8.days.ago %>
           updated_at: <%= 1.day.ago %>
+
+        confirmed_sales_agent:
+          user: confirmed_user
+          agency: sales_agency
+          role: "analyst"
+          created_at: <%= 7.days.ago %>
+          updated_at: <%= 1.day.ago %>
+
+        locked_marketing_agent:
+          user: locked_user
+          agency: marketing_agency
+          role: "coordinator"
+          created_at: <%= 6.days.ago %>
+          updated_at: <%= 1.day.ago %>
+
+        jane_tech_agent:
+          user: jane_user
+          agency: tech_agency
+          role: "developer"
+          created_at: <%= 5.days.ago %>
+          updated_at: <%= 1.day.ago %>
+
+        expired_support_agent:
+          user: expired_confirmation_user
+          agency: support_agency
+          role: "specialist"
+          created_at: <%= 4.days.ago %>
+          updated_at: <%= 1.day.ago %>
+
+        locked_sales_agent:
+          user: locked_user
+          agency: sales_agency
+          role: "trainee"
+          created_at: <%= 3.days.ago %>
+          updated_at: <%= 1.day.ago %>
       FIXTURE
     end
 
@@ -478,5 +439,26 @@ module PropelAuthentication
           updated_at: <%= 3.days.ago %>
       FIXTURE
     end
+
+    def detect_rendering_engine
+      # Check for common rendering engines in order of preference
+      propel_facets_path = File.join(destination_root, 'config/initializers/propel_facets.rb')
+      return 'json_facet' if File.exist?(propel_facets_path)
+      return 'graphiti' if defined?(Graphiti) || gem_present?('graphiti')
+      return 'blueprinter' if defined?(Blueprinter) || gem_present?('blueprinter')
+      
+      # Default to json_facet if no other engine detected
+      'json_facet'
+    end
+
+    def gem_present?(gem_name)
+      # Check if gem is in Gemfile
+      gemfile_path = File.join(destination_root, 'Gemfile')
+      return false unless File.exist?(gemfile_path)
+      
+      File.read(gemfile_path).match?(/gem\s+['"]#{gem_name}['"]/)
+    rescue
+      false
+    end
   end
 end 

data/lib/generators/propel_authentication/templates/application_mailer.rb

@@ -0,0 +1,6 @@
+class ApplicationMailer < ActionMailer::Base
+  default from: "from@example.com"
+  layout "mailer"
+end
+
+