rails-auth-eassy 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 022e8a17beff8064ba4e48a9e57291c6380ef6240d753f2aac9b877619ad4525
-  data.tar.gz: f9c078225e321580caaa9d47bddd3905fbd5e6af673f1fd038430189100841e9
+  metadata.gz: 6592b7a6b5fcdaf1119be69d88a0522933d84181fe9acb617946632260603e94
+  data.tar.gz: 856c026d8a9eb2765501ee7258fd04da26c360181110b591f5b803f564049cf0
 SHA512:
-  metadata.gz: 908356f0e6c4d3bb58dfca0f2af495b3837435a6130158f463cb235e682c780ce82183a2f7d18563677d9d94b179b18580c62599849c303e0e486741503c6e12
-  data.tar.gz: 8e42c802b4fa14ad066f7e2258ab9ed4bbaa0ce3f454b13708c33e6ae04e0dfd64a8feff0a71d437734cdd2f8b6f039ea30451bf2b161b7bf34c72d8133cbe43
+  metadata.gz: 36cce21b0bdbf4b612c52750758cd2f8a0a46d583018aa3068e63f18cc753061569f722723729cdfe75b48e958de3892b25020f27c3fa8a017428e339ac8fb7b
+  data.tar.gz: 834e5b65d275f7edf0f8412c0117e8f81a380ec054008a1d32d4eedcbc596d85518c010b8667f5aab8265fb3a16fe5e226d2365de1a7c7599f16bfeb719b7564

data/README.md

@@ -2,7 +2,7 @@
 
 **Rails::Auth** is a high-performance, security-first authentication engine for Ruby on Rails. Designed as a modern, transparent alternative to Devise, it empowers users with deep visibility and control over their account security through database-backed sessions and enterprise-grade protection.
 
-[![Gem Version](https://badge.fury.io/rb/rails-auth.svg)](https://badge.fury.io/rb/rails-auth)
+[![Gem Version](https://badge.fury.io/rb/rails-auth-eassy.svg)](https://badge.fury.io/rb/rails-auth-eassy)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Rails Version](https://img.shields.io/badge/Rails-7.0+-red.svg)](https://rubyonrails.org)
 
@@ -16,7 +16,9 @@
   - [Controller Helpers](#controller-helpers)
   - [Role-Based Access Control (RBAC)](#role-based-access-control-rbac)
   - [Avatar Support](#avatar-support)
+- [🔑 Core Authentication Flows](#-core-authentication-flows)
 - [🛡️ Security Dashboard](#-security-dashboard)
+- [📧 Mailer Setup](#-mailer-setup)
 - [⚙️ Configuration](#-configuration)
 - [🎨 Customization](#-customization)
 - [👥 Authors & Maintainers](#-authors--maintainers)
@@ -54,7 +56,13 @@
 Add this line to your application's Gemfile:
 
 ```ruby
-gem "rails-auth"
+gem "rails-auth-eassy"
+```
+
+Or install it directly via CLI:
+
+```bash
+$ gem install rails-auth-eassy
 ```
 
 Then execute:
@@ -147,9 +155,49 @@ rails_auth.stop_impersonations_path, method: :delete
 
 ---
 
+## 🔑 Core Authentication Flows
+
+Once installed, the engine provides the following core routes for user authentication. You can link to these anywhere in your application layout (e.g., your navigation bar).
+
+### Sign Up (Registration)
+To allow new users to create an account:
+```erb
+<%= link_to "Sign Up", rails_auth.new_registration_path %>
+```
+*Note: If email confirmation is enabled, they will be sent a confirmation link before they can sign in.*
+
+### Sign In (Login)
+To allow existing users to log into their account:
+```erb
+<%= link_to "Sign In", rails_auth.new_session_path %>
+```
+
+### Sign Out (Logout)
+To securely log the user out and destroy their current session:
+```erb
+<%= button_to "Sign Out", rails_auth.session_path, method: :delete %>
+```
+*(We use `button_to` with `method: :delete` for security best practices against CSRF).*
+
+### Putting it together in a Navbar
+```erb
+<nav>
+  <% if user_signed_in? %>
+    <span>Welcome, <%= current_user.email %>!</span>
+    <%= link_to "Security Settings", rails_auth.security_sessions_path %>
+    <%= button_to "Sign Out", rails_auth.session_path, method: :delete %>
+  <% else %>
+    <%= link_to "Sign In", rails_auth.new_session_path %>
+    <%= link_to "Sign Up", rails_auth.new_registration_path %>
+  <% end %>
+</nav>
+```
+
+---
+
 ## 🛡️ Security Dashboard
 
-Users can manage their security settings, view active sessions, and enable MFA at `/auth/security/sessions`.
+Users can manage their security settings, edit their profile/avatar, view active audit logs, and enable MFA at `/auth/security/sessions`.
 
 ### Linking to the Dashboard
 ```erb
@@ -158,6 +206,38 @@ Users can manage their security settings, view active sessions, and enable MFA a
 
 ---
 
+## 📧 Mailer Setup
+
+Rails::Auth sends emails for confirmation instructions, password resets, and account unlock instructions.
+
+### 1. Set Default URL Options
+In your environments (e.g., `config/environments/development.rb`), set the host for the mailer:
+```ruby
+config.action_mailer.default_url_options = { host: "localhost", port: 3000 }
+```
+
+### 2. Configure the Sender & Tokens
+In `config/initializers/rails_auth.rb`, you can customize the sender and confirmation tokens:
+```ruby
+Rails::Auth.setup do |config|
+  config.mailer_sender = "noreply@yourdomain.com"
+  
+  # Optional: Customize confirmation tokens
+  # config.confirmation_token_format = :numeric # default is :hex
+  # config.confirmation_token_length = 6        # default is 20
+end
+```
+
+### 3. Development Tip
+We recommend using [letter_opener](https://github.com/ryanb/letter_opener) to preview emails in your browser instead of sending them.
+```ruby
+# config/environments/development.rb
+config.action_mailer.delivery_method = :letter_opener
+config.action_mailer.perform_deliveries = true
+```
+
+---
+
 ## ⚙️ Configuration
 
 Customize the gem behavior in `config/initializers/rails_auth.rb`:

data/app/controllers/concerns/rails/auth/authenticatable_controller.rb

@@ -39,6 +39,12 @@ module Rails
         authorize_role!(:admin)
       end
 
+      def require_confirmed!
+        unless current_user&.confirmed?
+          redirect_to rails_auth.security_sessions_path, alert: "Please confirm your email address to access this page."
+        end
+      end
+
       def authorize_role!(*roles)
         unless user_signed_in? && roles.any? { |role| current_user.send("#{role}?") }
           if request.format.json?

data/app/controllers/rails/auth/confirmations_controller.rb

@@ -1,18 +1,27 @@
 module Rails
   module Auth
     class ConfirmationsController < ApplicationController
-      skip_before_action :authenticate_user!
+      skip_before_action :authenticate_user!, only: [ :show ]
 
       def show
         user = Rails::Auth.user_class.find_by(confirmation_token: params[:confirmation_token])
         if user
           user.confirm!
-          sign_in(user)
+          sign_in(user) unless user_signed_in?
           redirect_to main_app.root_path, notice: "Your account has been confirmed."
         else
           redirect_to new_session_path, alert: "Invalid confirmation token."
         end
       end
+
+      def create
+        if current_user && !current_user.confirmed?
+          current_user.send_confirmation_instructions
+          redirect_to rails_auth.security_sessions_path, notice: "Confirmation instructions have been resent to your email address."
+        else
+          redirect_to main_app.root_path, alert: "Account already confirmed."
+        end
+      end
     end
   end
 end

data/app/controllers/rails/auth/registrations_controller.rb

@@ -11,7 +11,8 @@ module Rails
         @user = Rails::Auth.user_class.new(user_params)
         if @user.save
           @user.send_confirmation_instructions
-          redirect_to rails_auth.new_session_path, notice: "A confirmation link has been sent to your email address. Please follow the link to activate your account."
+          sign_in(@user)
+          redirect_to rails_auth.security_sessions_path, notice: "Account created successfully. A confirmation link has been sent to your email address. You can now set up your profile and security settings."
         else
           render :new, status: :unprocessable_entity
         end

data/app/controllers/rails/auth/sessions_controller.rb

@@ -18,14 +18,6 @@ module Rails
         end
 
         if user&.authenticate(params[:password])
-          unless user.confirmed?
-            respond_to do |format|
-              format.html { redirect_to new_session_path, alert: "Please confirm your email address before signing in." }
-              format.json { render json: { error: "Email not confirmed" }, status: :unauthorized }
-            end
-            return
-          end
-
           user.update(failed_attempts: 0) # Reset on success
 
           if user.otp_enabled?

data/app/mailers/rails/auth/application_mailer.rb

@@ -1,7 +1,7 @@
 module Rails
   module Auth
     class ApplicationMailer < ActionMailer::Base
-      default from: "from@example.com"
+      default from: -> { Rails::Auth.mailer_sender }
       layout "mailer"
     end
   end

data/app/models/concerns/rails/auth/authenticatable.rb

@@ -27,7 +27,11 @@ def confirmed?
 end
 
 def generate_confirmation_token
-  self.confirmation_token = SecureRandom.hex(20)
+  if Rails::Auth.confirmation_token_format == :numeric
+    self.confirmation_token = Array.new(Rails::Auth.confirmation_token_length) { rand(10) }.join
+  else
+    self.confirmation_token = SecureRandom.hex(Rails::Auth.confirmation_token_length / 2)
+  end
   self.confirmation_sent_at = Time.current
 end
 

data/app/views/rails/auth/security/sessions.html.erb

@@ -1,5 +1,13 @@
 <h2>Account Security</h2>
 
+<% unless current_user.confirmed? %>
+  <div style="background: #fff3cd; padding: 15px; margin-bottom: 20px; border: 1px solid #ffeeba; border-radius: 4px; color: #856404;">
+    <strong>Please confirm your email address.</strong>
+    We sent a confirmation link to <%= current_user.email %>. 
+    <%= button_to "Resend Link", rails_auth.resend_confirmation_path, method: :post, style: "display: inline-block; margin-left: 10px;" %>
+  </div>
+<% end %>
+
 <div style="margin-bottom: 20px;">
   <% if current_user.avatar.attached? %>
     <%= image_tag current_user.avatar.variant(resize_to_limit: [100, 100]), style: "border-radius: 50%;" %>

data/config/routes.rb

@@ -4,6 +4,7 @@ Rails::Auth::Engine.routes.draw do
   resources :password_resets, only: [ :new, :create, :edit, :update ], constraints: { id: /.*/ }
 
   get "confirmation", to: "confirmations#show"
+  post "confirmation/resend", to: "confirmations#create", as: :resend_confirmation
   get "unlock", to: "unlocks#show"
 
   resource :mfa, controller: "mfa", only: [ :show, :create, :destroy ]

data/lib/generators/rails_auth/install/templates/rails_auth.rb

@@ -4,4 +4,13 @@ Rails::Auth.setup do |config|
 
   # The class name of the session model
   # config.session_class_name = "Session"
+
+  # The email address that will be used as the "from" address for all emails
+  # config.mailer_sender = "from@example.com"
+
+  # The format of the confirmation token (:hex or :numeric)
+  # config.confirmation_token_format = :hex
+
+  # The length of the confirmation token
+  # config.confirmation_token_length = 20
 end

data/lib/rails/auth/version.rb

@@ -1,5 +1,5 @@
 module Rails
   module Auth
-    VERSION = "0.1.1"
+    VERSION = "0.1.2"
   end
 end

data/lib/rails/auth.rb

@@ -16,6 +16,15 @@ module Rails
     mattr_accessor :session_class_name
     @@session_class_name = "Session"
 
+    mattr_accessor :mailer_sender
+    @@mailer_sender = "from@example.com"
+
+    mattr_accessor :confirmation_token_format
+    @@confirmation_token_format = :hex # :hex or :numeric
+
+    mattr_accessor :confirmation_token_length
+    @@confirmation_token_length = 20
+
     mattr_writer :jwt_secret
 
     def self.jwt_secret

data/lib/rails-auth-eassy.rb

@@ -0,0 +1 @@
+require "rails/auth"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails-auth-eassy
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Shiboshree Roy
@@ -147,6 +147,7 @@ files:
 - lib/generators/rails_auth/model/templates/session.rb
 - lib/generators/rails_auth/model/templates/user.rb
 - lib/generators/rails_auth/views/views_generator.rb
+- lib/rails-auth-eassy.rb
 - lib/rails/auth.rb
 - lib/rails/auth/engine.rb
 - lib/rails/auth/version.rb