propel_authentication 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: feff8cf5d61966deceb32c0466338c47270c96b06d67304aeeab26304402f83f
-  data.tar.gz: 9a5d2b1e807454d4223524dad81b109dd97a655a7ce0512a49c8d22c65c9ddff
+  metadata.gz: 2b951cffb4dd4a53fd4f5b16e3f30f97a4fb4e4dae4999f30aeb6ea3ca44bd1f
+  data.tar.gz: c8077baca253a2a5ab7770f75043a948adb7fa7e922572c4bd898c0c7fcb979a
 SHA512:
-  metadata.gz: 18219d594b8084f6dc283d2e5d034413f69492c3ca9861588c40170659586150f118acf23bc9003356144704a4648c84b8265dafbd81e9bad8fc722779b4fd93
-  data.tar.gz: 2bcf4ca9a1779fb6487d9e31e28e5035cc71771e1f7983501b1697fd94b78441f849776e76dc73f4c895d84ac739e2bc91c6b0624a06d1ea9b163e4b02c653e2
+  metadata.gz: d6996169826450be372a4d8be3c5a5a325bdeb842de547ff8be9a47e3511cec95046a49823964e92b4985da6ef3b0cd1b168dc5c08a9e5865be617168e3f789e
+  data.tar.gz: d4417d0632e329aa1ab1bfbd0d865827af970cf7d3a9b598fbbcb4f52f649fc0a6119c94d7a912482b2b9cb2ddb54bb7606d2ec6a8a242e4c400cb4c3f65fb39

data/CHANGELOG.md

@@ -13,6 +13,55 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Session management and device tracking
 - Advanced password policies
 
+## [0.3.1] - 2025-09-11
+
+### 🔧 Installation & Configuration Improvements
+- **Enhanced Install Generator**: Improved handling of noticed gem installation and environment configuration errors
+  - Better error detection and handling for missing environment variables
+  - Enhanced installation process for the noticed gem integration
+  - More robust handling of gem installation edge cases
+  - **Fixed duplicate gem insert bug**: Generator now properly checks for existing gem entries before insertion
+- **Improved Seed File Generation**: Enhanced PropelSeeds template with better organization and agent relationships
+  - Better seed data structure for multi-tenant scenarios
+  - Enhanced fixture and seed file coordination
+  - Fixed seed file imports to reflect proper organization tenancy structure
+- **Enhanced Tenancy Configuration System**: Comprehensive improvements to configuration methods and templates
+  - Enhanced `PropelAuthentication.configuration` with better tenancy model support
+  - Improved configuration methods in core authentication system
+  - Better migration templates for agencies, agents, organizations, and users
+  - Enhanced model templates with improved association handling
+
+### 🏗️ Relationship Model Enhancements  
+- **Direct Agent-Organization Relationship**: Added direct relationship between Agent and Organization models
+  - Enhanced agency and organization model templates with improved associations
+  - Better support for multi-tenant organizational structures
+  - Improved migration templates to support direct agent-organization relationships
+- **Enhanced User Model Relationships**: Improved user model template with better agency and organization associations
+  - Enhanced model relationships for cleaner multi-tenant access patterns
+  - Better integration with PropelApi polymorphic support
+
+### 🧪 Testing & Fixtures Improvements
+- **Enhanced Fixture Templates**: Improved fixture generation with ERB templates for agencies, agents, organizations, users, and invitations
+  - Better fixture data coordination across authentication models
+  - Enhanced test setup with realistic fixture relationships
+  - Improved fixture template adoption for better integration with PropelApi generators
+- **Test Template Updates**: Enhanced authentication test templates for better integration
+  - Improved lockable integration test templates
+  - Enhanced password reset integration test templates  
+  - Better token controller test templates with improved authentication flows
+
+### 🛠️ Generator & Template System
+- **Controller Template Enhancements**: Comprehensive improvements to authentication controller templates
+  - Enhanced signup controller template with better organization and agency handling
+  - Improved passwords controller template for better error handling
+  - Updated tokens controller template with enhanced authentication flows
+  - Better integration with full-stack and API-only Rails application architectures
+- **Configuration Method Improvements**: Enhanced core configuration methods for better tenancy support
+- **Migration Template Improvements**: Enhanced migration templates for agencies, agents, and users with better relationship support
+  - Improved create_agencies migration template
+  - Enhanced create_agents migration with better relationship handling
+  - Updated create_users migration for improved multi-tenancy support
+
 ## [0.3.0] - 2025-01-15
 
 ### 🔧 Compatibility Updates

data/lib/generators/propel_authentication/install_generator.rb

@@ -33,6 +33,30 @@ module PropelAuthentication
 
     desc "Generate JWT-based authentication system with configurable URL architecture"
     
+    class_option :namespace,
+                 type: :string,
+                 desc: "API namespace (e.g., api)"
+    
+    class_option :version,
+                 type: :string,
+                 desc: "API version (e.g., v1)"
+    
+    class_option :auth_scope,
+                 type: :string,
+                 desc: "Authentication scope (e.g., auth for /api/v1/auth/login)"
+    
+    class_option :tenancy_enabled,
+                 type: :boolean,
+                 desc: "Enable multi-tenancy system (master switch)"
+    
+    class_option :organization_required,
+                 type: :boolean,
+                 desc: "Require users to belong to organizations"
+    
+    class_option :agency_required,
+                 type: :boolean,
+                 desc: "Enable agency tenancy within organizations"
+    
     def copy_jwt_initializer
       determine_configuration
       
@@ -43,6 +67,9 @@ module PropelAuthentication
         # Convert to ERB template to support configuration
         template "propel_authentication.rb.tt", "config/initializers/propel_authentication.rb"
         say "Created PropelAuthentication configuration with namespace: #{namespace_display}, version: #{version_display}", :green
+        
+        # Load the configuration immediately so templates can access it
+        load_propel_authentication_configuration
       end
     end
 
@@ -50,11 +77,11 @@ module PropelAuthentication
       # Detect rendering engine for conditional facet generation
       @rendering_engine = detect_rendering_engine
       
-      template "models/user.rb.tt", "app/models/user.rb"
-      template "models/organization.rb.tt", "app/models/organization.rb"  
-      template "models/agency.rb.tt", "app/models/agency.rb"
-      template "models/agent.rb.tt", "app/models/agent.rb"
-      template "models/invitation.rb.tt", "app/models/invitation.rb"
+      copy_users_model
+      copy_invitations_model
+      copy_organizations_model if organization_required?
+      copy_agencies_model if agency_required?
+      copy_agents_model if agency_required?
     end
 
     def copy_authentication_concerns
@@ -106,18 +133,37 @@ module PropelAuthentication
       template "test/controllers/auth/password_reset_integration_test.rb.tt", "test/controllers/auth/password_reset_integration_test.rb"
     end
 
-    def copy_test_fixtures
-      create_file "test/fixtures/organizations.yml", organizations_fixture
-      create_file "test/fixtures/users.yml", users_fixture
-      create_file "test/fixtures/agencies.yml", agencies_fixture
-      create_file "test/fixtures/agents.yml", agents_fixture
-      create_file "test/fixtures/invitations.yml", invitations_fixture
-    end
 
     def add_authentication_gems
       add_gem_if_missing('bcrypt', '~> 3.1.20')
       add_gem_if_missing('jwt', '~> 3.1.2')
+      add_gem_if_missing('noticed', '~> 2.8.1')
       add_gem_if_missing('letter_opener', '~> 1.10', group: :development)
+      
+      say "📦 Installing gems...", :blue
+      run "bundle install"
+      
+      # Require bcrypt so it's available for fixture templates
+      begin
+        require 'bcrypt'
+      rescue LoadError
+        say "⚠️  BCrypt not yet available, fixtures may need manual adjustment", :yellow
+      end
+    end
+
+    def install_noticed_gem
+      say ""
+      say "📦 Setting up Noticed gem for email notifications...", :green
+      
+      begin
+        # Run the noticed install generator
+        rails_command "noticed:install:migrations", capture: true
+        say "✅ Noticed gem configured successfully", :green
+      rescue => e
+        say "⚠️  Warning: Could not run noticed:install:migrations automatically", :yellow
+        say "   Please run manually: rails generate noticed:install", :yellow
+        say "   Error: #{e.message}", :red if options[:verbose]
+      end
     end
 
     def add_authentication_routes
@@ -136,16 +182,25 @@ module PropelAuthentication
       route template_file_for_routes
     end
     
-    def copy_authentication_migrations
-      %w[organizations users agencies agents invitations].each do |table|
-        unless migration_exists?("create_#{table}")
-          migration_template "db/migrate/create_#{table}.rb", "db/migrate/create_#{table}.rb"
-        end
-      end
+    def copy_authentication_migrations_and_fixtures
+      copy_users_migration_and_fixtures
+      copy_invitations_migration_and_fixtures
+      copy_organizations_migration_and_fixtures if organization_required?
+      copy_agencies_migration_and_fixtures if agency_required?
+      copy_agents_migration_and_fixtures if agency_required?
     end
 
     def copy_database_seeds
-      copy_file "db/seeds.rb", "db/seeds.rb"
+      template "db/propel_seeds.rb.tt", "db/propel_seeds.rb"
+      
+      # Add require_relative to main seeds.rb file so propel_seeds is loaded during rails db:seed
+      seeds_file = File.join(destination_root, "db/seeds.rb")
+      if File.exist?(seeds_file)
+        seeds_content = File.read(seeds_file)
+        unless seeds_content.include?("require_relative 'propel_seeds'")
+          append_to_file "db/seeds.rb", "\n# Load Propel Authentication seed data\nrequire_relative 'propel_seeds'\n"
+        end
+      end
     end
 
     def extract_generator_for_customization
@@ -197,6 +252,18 @@ module PropelAuthentication
 
     private
 
+    def load_propel_authentication_configuration
+      # Load the configuration file we just created so templates can access it
+      config_file = File.join(destination_root, "config/initializers/propel_authentication.rb")
+      if File.exist?(config_file)
+        begin
+          load config_file
+        rescue => e
+          say "Warning: Could not load PropelAuthentication configuration: #{e.message}", :yellow
+        end
+      end
+    end
+
     # Check if authentication routes already exist in routes file
     def authentication_routes_exist?(routes_content)
       # Check for key authentication routes based on our configuration
@@ -227,232 +294,11 @@ module PropelAuthentication
       ERB.new(File.read(source_path), trim_mode: '-').result(binding)
     end
 
-    def add_gem_if_missing(gem_name, version_requirement = nil, options = {})
-      gemfile_path = File.join(destination_root, 'Gemfile')
-      return unless File.exist?(gemfile_path)
-      
-      gemfile_content = File.read(gemfile_path)
-      
-      # Check if gem is already present (handles various quote styles and spacing)
-      gem_pattern = /gem\s+['"]#{Regexp.escape(gem_name)}['"](?:\s*,\s*['"][^'"]*['"])?/
-      
-      if gemfile_content.match?(gem_pattern)
-        say_status :exists, "gem '#{gem_name}' already in Gemfile", :blue
-        return
-      end
-      
-      # Add the gem using Rails' built-in method
-      if version_requirement && options.any?
-        gem gem_name, version_requirement, options
-      elsif version_requirement
-        gem gem_name, version_requirement
-      else
-        gem gem_name
-      end
-      
-      say_status :gemfile, "gem '#{gem_name}' #{version_requirement}", :green
-    end
 
     def migration_exists?(migration_name)
       Dir.glob("#{destination_root}/db/migrate/*_#{migration_name}.rb").any?
     end
     
-    # Fixture content methods
-    def organizations_fixture
-      <<~FIXTURE
-        acme_org:
-          name: "Acme Corporation"
-          website: "https://acme-corp.com"
-          time_zone: "UTC"
-          logo: "https://acme-corp.com/logo.png"
-          slug: "acme-corporation"
-          metadata: { org_type: "enterprise", industry: "technology", size: "large" }
-          settings: { theme: "corporate", timezone: "EST", features: "premium" }
-          created_at: <%= 30.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        tech_startup:
-          name: "Tech Startup Inc"
-          website: "https://techstartup.io"
-          time_zone: "America/New_York"
-          logo: "https://techstartup.io/logo.png"
-          slug: "tech-startup-inc"
-          metadata: { org_type: "startup", industry: "software", size: "small" }
-          settings: { theme: "modern", timezone: "PST", features: "basic" }
-          created_at: <%= 15.days.ago %>
-          updated_at: <%= 2.days.ago %>
-      FIXTURE
-    end
-
-    def users_fixture
-      <<~FIXTURE
-        john_user:
-          email_address: "john@example.com"
-          username: "john_doe"
-          first_name: "John"
-          last_name: "Doe"
-          password_digest: "<%= BCrypt::Password.create('password123') %>"
-          organization: acme_org
-          status: "active"
-          confirmed_at: null
-          confirmation_token: "<%= SecureRandom.hex(32) %>"
-          confirmation_sent_at: <%= 1.hour.ago %>
-          metadata: { user_type: "admin", department: "engineering", priority: "high" }
-          settings: { theme: "dark", language: "en", notifications: true }
-          created_at: <%= 7.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        jane_user:
-          email_address: "jane@example.com"
-          username: "jane_smith"
-          first_name: "Jane"
-          last_name: "Smith"
-          password_digest: "<%= BCrypt::Password.create('password123') %>"
-          organization: tech_startup
-          status: "active"
-          confirmed_at: null
-          failed_login_attempts: 0
-          locked_at: null
-          metadata: { user_type: "manager", department: "marketing", priority: "high" }
-          settings: { theme: "light", language: "en", notifications: false }
-          created_at: <%= 5.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        confirmed_user:
-          email_address: "confirmed@example.com"
-          username: "confirmed_user"
-          first_name: "Confirmed"
-          last_name: "User"
-          password_digest: "<%= BCrypt::Password.create('password123') %>"
-          organization: acme_org
-          status: "active"
-          confirmed_at: <%= 7.days.ago %>
-          metadata: { user_type: "employee", department: "sales", priority: "medium" }
-          settings: { theme: "auto", language: "es", notifications: true }
-          created_at: <%= 14.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        locked_user:
-          email_address: "locked@example.com"
-          username: "locked_user"
-          first_name: "Locked"
-          last_name: "User"
-          password_digest: "<%= BCrypt::Password.create('password123') %>"
-          organization: acme_org
-          status: "active"
-          confirmed_at: <%= 10.days.ago %>
-          failed_login_attempts: 5
-          locked_at: <%= 1.hour.ago %>
-          metadata: { user_type: "employee", department: "support", priority: "low" }
-          settings: { theme: "light", language: "en", notifications: false }
-          created_at: <%= 20.days.ago %>
-          updated_at: <%= 1.hour.ago %>
-
-        expired_confirmation_user:
-          email_address: "expired@example.com"
-          username: "expired_user"
-          first_name: "Expired"
-          last_name: "User"
-          password_digest: "<%= BCrypt::Password.create('password123') %>"
-          organization: tech_startup
-          status: "active"
-          confirmed_at: null
-          confirmation_token: "<%= SecureRandom.hex(32) %>"
-          confirmation_sent_at: <%= 25.hours.ago %>
-          metadata: { user_type: "test", department: "qa", priority: "low" }
-          settings: { theme: "dark", language: "fr", notifications: false }
-          created_at: <%= 30.days.ago %>
-          updated_at: <%= 25.hours.ago %>
-      FIXTURE
-    end
-
-    def agencies_fixture
-      <<~FIXTURE
-        marketing_agency:
-          name: "Marketing Solutions"
-          organization: acme_org
-          created_at: <%= 10.days.ago %>
-          updated_at: <%= 2.days.ago %>
-
-        sales_agency:
-          name: "Sales Department"
-          organization: acme_org
-          created_at: <%= 9.days.ago %>
-          updated_at: <%= 2.days.ago %>
-
-        tech_agency:
-          name: "Tech Solutions"
-          organization: tech_startup
-          created_at: <%= 8.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        support_agency:
-          name: "Support Team"
-          organization: tech_startup
-          created_at: <%= 7.days.ago %>
-          updated_at: <%= 1.day.ago %>
-      FIXTURE
-    end
-
-    def agents_fixture
-      <<~FIXTURE
-        john_marketing_agent:
-          user: john_user
-          agency: marketing_agency
-          role: "manager"
-          created_at: <%= 8.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        confirmed_sales_agent:
-          user: confirmed_user
-          agency: sales_agency
-          role: "analyst"
-          created_at: <%= 7.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        locked_marketing_agent:
-          user: locked_user
-          agency: marketing_agency
-          role: "coordinator"
-          created_at: <%= 6.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        jane_tech_agent:
-          user: jane_user
-          agency: tech_agency
-          role: "developer"
-          created_at: <%= 5.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        expired_support_agent:
-          user: expired_confirmation_user
-          agency: support_agency
-          role: "specialist"
-          created_at: <%= 4.days.ago %>
-          updated_at: <%= 1.day.ago %>
-
-        locked_sales_agent:
-          user: locked_user
-          agency: sales_agency
-          role: "trainee"
-          created_at: <%= 3.days.ago %>
-          updated_at: <%= 1.day.ago %>
-      FIXTURE
-    end
-
-    def invitations_fixture
-      <<~FIXTURE
-        pending_invitation:
-          email_address: "newuser@example.com"
-          first_name: "New"
-          last_name: "User"
-          organization: acme_org
-          inviter: john_user
-          status: "pending"
-          created_at: <%= 3.days.ago %>
-          updated_at: <%= 3.days.ago %>
-      FIXTURE
-    end
 
     def detect_rendering_engine
       # Check for common rendering engines in order of preference
@@ -474,5 +320,107 @@ module PropelAuthentication
     rescue
       false
     end
+
+    private
+
+    # Individual model methods
+    def copy_users_model
+      template "models/user.rb.tt", "app/models/user.rb"
+    end
+
+    def copy_organizations_model
+      template "models/organization.rb.tt", "app/models/organization.rb"
+    end
+
+    def copy_agencies_model
+      template "models/agency.rb.tt", "app/models/agency.rb"
+    end
+
+    def copy_agents_model
+      template "models/agent.rb.tt", "app/models/agent.rb"
+    end
+
+    def copy_invitations_model
+      template "models/invitation.rb.tt", "app/models/invitation.rb"
+    end
+
+    # Combined migration and fixture methods
+    def copy_users_migration_and_fixtures
+      migration_template "db/migrate/create_users.rb", "db/migrate/create_users.rb" unless migration_exists?("create_users")
+      template "fixtures/users.yml.erb", "test/fixtures/users.yml"
+    end
+
+    def copy_organizations_migration_and_fixtures
+      migration_template "db/migrate/create_organizations.rb", "db/migrate/create_organizations.rb" unless migration_exists?("create_organizations")
+      template "fixtures/organizations.yml.erb", "test/fixtures/organizations.yml"
+    end
+
+    def copy_agencies_migration_and_fixtures
+      migration_template "db/migrate/create_agencies.rb", "db/migrate/create_agencies.rb" unless migration_exists?("create_agencies")
+      template "fixtures/agencies.yml.erb", "test/fixtures/agencies.yml"
+    end
+
+    def copy_agents_migration_and_fixtures
+      migration_template "db/migrate/create_agents.rb", "db/migrate/create_agents.rb" unless migration_exists?("create_agents")
+      template "fixtures/agents.yml.erb", "test/fixtures/agents.yml"
+    end
+
+    def copy_invitations_migration_and_fixtures
+      migration_template "db/migrate/create_invitations.rb", "db/migrate/create_invitations.rb" unless migration_exists?("create_invitations")
+      template "fixtures/invitations.yml.erb", "test/fixtures/invitations.yml"
+    end
+
+    # Configuration helper methods
+    def organization_required?
+      return true unless configuration_loaded?
+      PropelAuthentication.configuration.organization_required?
+    rescue
+      true  # Default to full tenancy if config unavailable
+    end
+
+    def agency_required?
+      return true unless configuration_loaded?
+      PropelAuthentication.configuration.agency_required?
+    rescue
+      true  # Default to full tenancy if config unavailable
+    end
+
+    def configuration_loaded?
+      defined?(PropelAuthentication) && 
+        PropelAuthentication.respond_to?(:configuration) && 
+        PropelAuthentication.configuration.present?
+    rescue
+      false
+    end
+
+    def add_gem_if_missing(gem_name, version_requirement = nil, options = {})
+      gemfile_path = File.join(destination_root, 'Gemfile')
+      return unless File.exist?(gemfile_path)
+      
+      gemfile_content = File.read(gemfile_path)
+      
+      # Check if gem is already present and not commented out
+      gem_pattern = /^\s*gem\s+['"]#{Regexp.escape(gem_name)}['"](?:\s*,\s*['"][^'"]*['"])?/
+      commented_gem_pattern = /^\s*#.*gem\s+['"]#{Regexp.escape(gem_name)}['"]/ 
+      
+      # Check each line to see if the gem exists and is not commented out
+      gem_exists = gemfile_content.lines.any? do |line|
+        line.match?(gem_pattern) && !line.match?(commented_gem_pattern)
+      end
+      
+      if gem_exists
+        say_status :exists, "gem '#{gem_name}' already in Gemfile", :blue
+        return
+      end
+      
+      # Use Rails built-in gem method to add it
+      if options[:group]
+        gem gem_name, version_requirement, group: options[:group]
+      else
+        gem gem_name, version_requirement
+      end
+      
+      say_status :gemfile, "gem '#{gem_name}' #{version_requirement}", :green
+    end
   end
 end 

data/lib/generators/propel_authentication/templates/auth/passwords_controller.rb.tt

@@ -1,7 +1,4 @@
-class <%= auth_controller_class_name('passwords') %> < ApplicationController
-  <%- unless api_only_app? -%>
-  include RackSessionDisable
-  <%- end -%>
+class <%= auth_controller_class_name('passwords') %> < Api::BaseController
   include PropelAuthenticationConcern
 
   # POST <%= auth_route_prefix %>/reset

data/lib/generators/propel_authentication/templates/auth/signup_controller.rb.tt

@@ -1,8 +1,4 @@
-class <%= auth_controller_class_name('signup') %> < ApplicationController
-  <%- unless api_only_app? -%>
-  include RackSessionDisable
-  <%- end -%>
-
+class <%= auth_controller_class_name('signup') %> < Api::BaseController
   # POST <%= auth_route_prefix %>/signup
   def create
     # Validate agency requirements if agency tenancy is enabled
@@ -19,6 +15,7 @@ class <%= auth_controller_class_name('signup') %> < ApplicationController
         # Create agent relationship so user has immediate agency access
         @user.agents.create!(
           agency: @agency,
+          organization: @organization,
           role: agent_role_param
         )
       end
@@ -187,7 +184,7 @@ class <%= auth_controller_class_name('signup') %> < ApplicationController
   def agency_tenancy_enabled?
     # Check PropelAuthentication configuration (owns tenancy models)
     if defined?(PropelAuthentication) && PropelAuthentication.respond_to?(:configuration)
-      PropelAuthentication.configuration.agency_tenancy
+      PropelAuthentication.configuration.agency_required?
     else
       true  # Safe default - enables agency tenancy when configuration unavailable
     end

data/lib/generators/propel_authentication/templates/auth/tokens_controller.rb.tt

@@ -1,7 +1,4 @@
-class <%= auth_controller_class_name('tokens') %> < ApplicationController
-  <%- unless api_only_app? -%>
-  include RackSessionDisable
-  <%- end -%>
+class <%= auth_controller_class_name('tokens') %> < Api::BaseController
   include PropelAuthenticationConcern
 
   before_action :authenticate_user, only: [:show, :refresh]
@@ -42,7 +39,7 @@ class <%= auth_controller_class_name('tokens') %> < ApplicationController
       render json: { error: 'Invalid credentials' }, status: :unauthorized
     end
   rescue ActionController::ParameterMissing
-    render json: { error: 'Missing required parameters' }, status: :unprocessable_content
+    render json: { error: 'Missing required parameters' }, status: :bad_request
   end
 
   # DELETE <%= auth_route_prefix %>/logout

data/lib/generators/propel_authentication/templates/core/configuration_methods.rb

@@ -50,11 +50,14 @@ module PropelAuthentication
 
 
     # Single method to determine all authentication configuration
-    # Handles namespace, version, and auth_scope with consistent priority logic
+    # Handles namespace, version, auth_scope, and tenancy options with consistent priority logic
     def determine_configuration
       @auth_namespace = determine_config_value(:namespace, nil)
       @auth_version = determine_config_value(:version, nil) 
       @auth_scope = determine_config_value(:auth_scope, nil)
+      @tenancy_enabled = determine_tenancy_enabled
+      @organization_required = determine_organization_required
+      @agency_required = determine_agency_required
     end
 
     # Generic configuration value determination with consistent priority
@@ -187,5 +190,39 @@ module PropelAuthentication
       
       path_parts.join('/')
     end
+
+    # Determine tenancy_enabled configuration
+    # Priority: 1) Command line option, 2) Default (true)
+    def determine_tenancy_enabled
+      return options[:tenancy_enabled] unless options[:tenancy_enabled].nil?
+      true  # Default to enabled
+    end
+
+    # Determine organization_required configuration  
+    # Priority: 1) Command line option, 2) Default (true)
+    def determine_organization_required
+      return options[:organization_required] unless options[:organization_required].nil?
+      true  # Default to required
+    end
+
+    # Determine agency_required configuration  
+    # Priority: 1) Command line option, 2) Default (true)
+    def determine_agency_required
+      return options[:agency_required] unless options[:agency_required].nil?
+      true  # Default to required
+    end
+
+    # Accessor methods for templates
+    def tenancy_enabled?
+      @tenancy_enabled
+    end
+
+    def organization_required?
+      @organization_required
+    end
+
+    def agency_required?
+      @agency_required
+    end
   end
 end 

data/lib/generators/propel_authentication/templates/db/migrate/create_agencies.rb

@@ -2,7 +2,9 @@ class CreateAgencies < ActiveRecord::Migration[8.0]
   def change
     create_table :agencies do |t|
       t.string :name, null: false
+      <% if PropelAuthentication.configuration.organization_required? %>
       t.references :organization, null: false, foreign_key: true
+      <% end %>
       t.string :phone_number
       t.string :address
       t.string :time_zone