rails_simple_auth 1.0.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 407b27862ed25ee5daa7fff450777ba4cec5f2e91d967df7ecc79f3a8831b285
-  data.tar.gz: 2a687ca739d79dcb1e1c1c9d8b8b7a4dd9aa6b9a31558cda56ea7a1fe3084e50
+  metadata.gz: 6d9299c78e7be2bfe4bc6e338150d03ec03d80e6c624616e09c30b48c5bf16c6
+  data.tar.gz: 145ebfad74f0188f138a9e8e006bfac26a6404b89d3690a0a8484246a5b01d9f
 SHA512:
-  metadata.gz: a0c7a9ae65587337dc327ef68ecd0ae9b2ff84d00a775431f40138e2664fd8ef6c072d18bb7bc5323919adaacc1eeeab76d2960f7d24e8082251f673a020244b
-  data.tar.gz: 8f40cb9b06ac207555fad164f7c6428f1ba26101a9737c7401e8c8a5f42ebed50ec9033c64a6923ff3270b50f9bb220e6149c3edf9bac09ff3ca5c7f65d87b4c
+  metadata.gz: 92302e8e2c6d489ebda9e82b222e0a53f31c52f0b8958bf3af2a4240f654f0de7bd81892e350ee92892df16d747ef88d4b43ae69b6af0e510ee1504925755693
+  data.tar.gz: 07d17cb9ca09fe1f01446cf1faf4cc67fb303d5c0553b6e2c242595054700a88fff187838820aed8639c65b3fd839e3679771acb178700f7966cf17f0f1ce258

data/README.md

@@ -9,6 +9,7 @@ Simple, secure authentication for Rails 8+ applications. Built on Rails primitiv
 - **Email confirmation** with signed tokens
 - **Password reset** with signed tokens
 - **OAuth support** (Google, GitHub, etc.)
+- **Temporary users** (guest mode) with conversion to permanent
 - **Rate limiting** built-in
 - **Session tracking** with IP and user agent
 - **Customizable styling** via CSS variables
@@ -67,7 +68,7 @@ class CreateUsers < ActiveRecord::Migration[8.0]
   def change
     create_table :users do |t|
       # Required by gem
-      t.string :email_address, null: false
+      t.string :email, null: false
       t.string :password_digest, null: false
       t.datetime :confirmed_at  # if using Confirmable
 
@@ -81,7 +82,7 @@ class CreateUsers < ActiveRecord::Migration[8.0]
       t.timestamps
     end
 
-    add_index :users, :email_address, unique: true
+    add_index :users, :email, unique: true
   end
 end
 ```
@@ -203,6 +204,77 @@ class User < ApplicationRecord
 end
 ```
 
+## Temporary Users (Guest Mode)
+
+Allow visitors to try your app without signing up, then convert to permanent accounts later.
+
+### Setup
+
+1. Generate the migration:
+
+```bash
+rails generate rails_simple_auth:temporary_users
+rails db:migrate
+```
+
+2. Include the concern in your User model:
+
+```ruby
+class User < ApplicationRecord
+  include RailsSimpleAuth::Models::Concerns::Authenticatable
+  include RailsSimpleAuth::Models::Concerns::TemporaryUser  # Add this
+end
+```
+
+3. Enable in configuration:
+
+```ruby
+RailsSimpleAuth.configure do |config|
+  config.temporary_users_enabled = true
+  config.temporary_user_cleanup_days = 7  # Auto-cleanup after 7 days
+end
+```
+
+### Creating Temporary Users
+
+```ruby
+# Create a temporary user (no email/password required)
+temp_user = User.create!(
+  email: "temp_#{SecureRandom.hex(8)}@temp.local",
+  password: SecureRandom.hex(16),
+  temporary: true
+)
+```
+
+### Converting to Permanent Account
+
+```ruby
+# When user decides to sign up for real
+temp_user.convert_to_permanent!(
+  email: "real@example.com",
+  password: "secure_password"
+)
+# Sends confirmation email automatically if email confirmation is enabled
+```
+
+### Scopes
+
+```ruby
+User.temporary          # All temporary users
+User.permanent          # All permanent users
+User.temporary_expired  # Temporary users older than cleanup_days
+User.temporary_expired(14)  # Custom days
+```
+
+### Cleanup Task
+
+Add to your scheduler (cron, Sidekiq, etc.):
+
+```ruby
+# Delete expired temporary users
+User.temporary_expired.destroy_all
+```
+
 ## Controller Customization
 
 Subclass controllers for custom behavior:
@@ -266,19 +338,19 @@ class UserMailer < ApplicationMailer
   def confirmation(user, token)
     @user = user
     @confirmation_url = edit_confirmation_url(token: token)
-    mail(to: user.email_address, subject: "Confirm your email")
+    mail(to: user.email, subject: "Confirm your email")
   end
 
   def magic_link(user, token)
     @user = user
     @magic_link_url = magic_link_login_url(token: token)
-    mail(to: user.email_address, subject: "Your sign-in link")
+    mail(to: user.email, subject: "Your sign-in link")
   end
 
   def password_reset(user, token)
     @user = user
     @reset_url = edit_password_url(token: token)
-    mail(to: user.email_address, subject: "Reset your password")
+    mail(to: user.email, subject: "Reset your password")
   end
 end
 ```

data/app/controllers/rails_simple_auth/confirmations_controller.rb

@@ -6,33 +6,35 @@ module RailsSimpleAuth
 
     unless Rails.env.local?
       rate_limit to: 3, within: 1.hour, by: -> { client_ip }, only: :create,
-                 with: -> { redirect_to new_confirmation_path, alert: "Too many confirmation requests. Please try again later." }
+                 with: lambda {
+                   redirect_to new_confirmation_path, alert: 'Too many confirmation requests. Please try again later.'
+                 }
     end
 
-    def new
+    def show
+      user = user_class.find_signed(params[:token], purpose: :confirm_email)
+
+      if user
+        user.confirm! if user.respond_to?(:confirm!)
+        run_after_confirmation_callback(user)
+        redirect_to resolve_path(:after_confirmation_path), notice: 'Email confirmed! You can now sign in.'
+      else
+        redirect_to new_confirmation_path, alert: 'Invalid or expired confirmation link.'
+      end
     end
 
+    def new; end
+
     def create
-      user = user_class.find_by_email(params[:email_address])
+      user = user_class.find_by(email: params[:email])
 
-      if user && user.respond_to?(:unconfirmed?) && user.unconfirmed?
+      if user.respond_to?(:unconfirmed_or_reconfirming?) && user.unconfirmed_or_reconfirming?
         token = user.generate_confirmation_token
         RailsSimpleAuth.configuration.mailer.confirmation(user, token).deliver_later
       end
 
-      redirect_to new_session_path, notice: "If an unconfirmed account exists with that email, confirmation instructions have been sent."
-    end
-
-    def show
-      user = user_class.find_signed(params[:token], purpose: :email_confirmation)
-
-      if user
-        user.confirm! if user.respond_to?(:confirm!)
-        run_after_confirmation_callback(user)
-        redirect_to resolve_path(:after_confirmation_path), notice: "Email confirmed! You can now sign in."
-      else
-        redirect_to new_confirmation_path, alert: "Invalid or expired confirmation link."
-      end
+      redirect_to new_session_path,
+                  notice: 'If an unconfirmed account exists with that email, confirmation instructions have been sent.'
     end
 
     private

data/app/controllers/rails_simple_auth/omniauth_callbacks_controller.rb

@@ -6,27 +6,29 @@ module RailsSimpleAuth
     skip_before_action :verify_authenticity_token, only: :create
 
     def create
-      auth_hash = request.env["omniauth.auth"]
+      auth_hash = request.env['omniauth.auth']
       provider = params[:provider]
 
       unless RailsSimpleAuth.configuration.oauth_provider_enabled?(provider)
-        redirect_to new_session_path, alert: "OAuth provider not enabled."
+        redirect_to new_session_path, alert: 'OAuth provider not enabled.'
         return
       end
 
       user = user_class.from_oauth(auth_hash)
 
       if user&.persisted?
+        destroy_temporary_user_session(user)
         create_session_for(user)
         run_after_sign_in_callback(user)
-        redirect_to resolve_path(:after_sign_in_path), notice: "Signed in successfully with #{provider.to_s.capitalize}."
+        redirect_to resolve_path(:after_sign_in_path),
+                    notice: "Signed in successfully with #{provider.to_s.capitalize}."
       else
         redirect_to new_session_path, alert: "Could not authenticate with #{provider.to_s.capitalize}."
       end
     end
 
     def failure
-      redirect_to new_session_path, alert: "Authentication failed. Please try again."
+      redirect_to new_session_path, alert: 'Authentication failed. Please try again.'
     end
   end
 end

data/app/controllers/rails_simple_auth/passwords_controller.rb

@@ -7,31 +7,32 @@ module RailsSimpleAuth
 
     unless Rails.env.local?
       rate_limit to: 3, within: 1.hour, by: -> { client_ip }, only: :create,
-                 with: -> { redirect_to new_password_path, alert: "Too many password reset requests. Please try again later." }
+                 with: lambda {
+                   redirect_to new_password_path, alert: 'Too many password reset requests. Please try again later.'
+                 }
     end
 
-    def new
-    end
+    def new; end
+
+    def edit; end
 
     def create
-      user = user_class.find_by_email(params[:email_address])
+      user = user_class.find_by(email: params[:email])
 
       if user && can_reset_password?(user)
         token = user.generate_password_reset_token
         RailsSimpleAuth.configuration.mailer.password_reset(user, token).deliver_later
       end
 
-      redirect_to new_session_path, notice: "If an account exists with that email, password reset instructions have been sent."
-    end
-
-    def edit
+      redirect_to new_session_path,
+                  notice: 'If an account exists with that email, password reset instructions have been sent.'
     end
 
     def update
       ActiveRecord::Base.transaction do
         if @user.update(password_params)
           @user.invalidate_all_sessions!
-          redirect_to new_session_path, notice: "Password has been reset. Please sign in with your new password."
+          redirect_to new_session_path, notice: 'Password has been reset. Please sign in with your new password.'
         else
           render :edit, status: :unprocessable_content
           raise ActiveRecord::Rollback
@@ -42,14 +43,14 @@ module RailsSimpleAuth
         "[RailsSimpleAuth] Session invalidation failed after password reset for user #{@user.id}: #{e.message}"
       )
       # Password was rolled back due to transaction, redirect with error
-      redirect_to new_password_path, alert: "Password reset failed. Please try again."
+      redirect_to new_password_path, alert: 'Password reset failed. Please try again.'
     end
 
     private
 
     def set_user_from_token
       @user = user_class.find_signed(params[:token], purpose: :password_reset)
-      redirect_to new_password_path, alert: "Invalid or expired password reset link." unless @user
+      redirect_to new_password_path, alert: 'Invalid or expired password reset link.' unless @user
     end
 
     def can_reset_password?(user)
@@ -60,7 +61,7 @@ module RailsSimpleAuth
     end
 
     def password_params
-      params.require(:user).permit(:password, :password_confirmation)
+      params.expect(user: %i[password password_confirmation])
     end
   end
 end

data/app/controllers/rails_simple_auth/registrations_controller.rb

@@ -6,7 +6,7 @@ module RailsSimpleAuth
 
     unless Rails.env.local?
       rate_limit to: 5, within: 1.hour, by: -> { client_ip }, only: :create,
-                 with: -> { redirect_to sign_up_path, alert: "Too many sign up attempts. Please try again later." }
+                 with: -> { redirect_to sign_up_path, alert: 'Too many sign up attempts. Please try again later.' }
     end
 
     def new
@@ -27,18 +27,20 @@ module RailsSimpleAuth
     private
 
     def registration_params
-      params.require(:user).permit(:email_address, :password)
+      params.expect(user: %i[email password])
     end
 
     def after_successful_registration
+      destroy_temporary_user_session(@user)
+
       if RailsSimpleAuth.configuration.email_confirmation_enabled
         send_confirmation_email(@user)
         run_after_sign_up_callback(@user)
-        redirect_to new_session_path, notice: "Account created! Please check your email to confirm your account."
+        redirect_to new_session_path, notice: 'Account created! Please check your email to confirm your account.'
       else
         create_session_for(@user)
         run_after_sign_up_callback(@user)
-        redirect_to resolve_path(:after_sign_up_path), notice: "Account created successfully!"
+        redirect_to resolve_path(:after_sign_up_path), notice: 'Account created successfully!'
       end
     end
 

data/app/controllers/rails_simple_auth/sessions_controller.rb

@@ -8,13 +8,17 @@ module RailsSimpleAuth
 
     unless Rails.env.local?
       rate_limit to: 5, within: 15.minutes, by: -> { client_ip }, only: :create,
-                 with: -> { redirect_to new_session_path, alert: "Too many login attempts. Please try again later." }
+                 with: -> { redirect_to new_session_path, alert: 'Too many login attempts. Please try again later.' }
 
-      rate_limit to: 3, within: 10.minutes, by: -> { params[:email_address].to_s.downcase }, only: :request_magic_link,
-                 with: -> { redirect_to new_session_path, alert: "Too many magic link requests. Please try again later." }
+      rate_limit to: 3, within: 10.minutes, by: -> { params[:email].to_s.downcase }, only: :request_magic_link,
+                 with: lambda {
+                   redirect_to new_session_path, alert: 'Too many magic link requests. Please try again later.'
+                 }
 
       rate_limit to: 5, within: 15.minutes, by: -> { client_ip }, only: :magic_link_login,
-                 with: -> { redirect_to new_session_path, alert: "Too many magic link attempts. Please try again later." }
+                 with: lambda {
+                   redirect_to new_session_path, alert: 'Too many magic link attempts. Please try again later.'
+                 }
     end
 
     def new
@@ -22,20 +26,20 @@ module RailsSimpleAuth
     end
 
     def create
-      user = user_class.find_by_email(params[:email_address]) || user_class.new(password: SecureRandom.hex(32))
+      user = user_class.find_by(email: params[:email]) || user_class.new(password: SecureRandom.hex(32))
 
       if user.authenticate(params[:password]) && user.persisted?
         if confirmation_required_for?(user)
-          @error_message = "Please confirm your email before signing in."
-          @previous_email = params[:email_address]
+          @error_message = 'Please confirm your email before signing in.'
+          @previous_email = params[:email]
           render :new, status: :unprocessable_content
         else
           sign_in_and_redirect(user)
         end
       else
-        Rails.logger.warn("Failed login attempt for email: #{params[:email_address]} from IP: #{client_ip}")
-        @error_message = "Invalid email or password"
-        @previous_email = params[:email_address]
+        Rails.logger.warn("Failed login attempt for email: #{params[:email]} from IP: #{client_ip}")
+        @error_message = 'Invalid email or password'
+        @previous_email = params[:email]
         render :new, status: :unprocessable_content
       end
     end
@@ -44,7 +48,7 @@ module RailsSimpleAuth
       user = current_user
       destroy_current_session
       run_after_sign_out_callback(user) if user
-      redirect_to resolve_path(:after_sign_out_path), notice: "Signed out successfully."
+      redirect_to resolve_path(:after_sign_out_path), notice: 'Signed out successfully.'
     end
 
     def magic_link_form
@@ -52,14 +56,14 @@ module RailsSimpleAuth
     end
 
     def request_magic_link
-      user = user_class.find_by_email(params[:email_address])
+      user = user_class.find_by(email: params[:email])
 
-      if user && user.respond_to?(:generate_magic_link_token)
+      if user.respond_to?(:generate_magic_link_token)
         token = user.generate_magic_link_token
         RailsSimpleAuth.configuration.mailer.magic_link(user, token).deliver_later
       end
 
-      redirect_to new_session_path, notice: "If an account exists with that email, a magic link has been sent."
+      redirect_to new_session_path, notice: 'If an account exists with that email, a magic link has been sent.'
     end
 
     def magic_link_login
@@ -69,7 +73,7 @@ module RailsSimpleAuth
         user.confirm! if user.respond_to?(:confirm!) && user.respond_to?(:unconfirmed?) && user.unconfirmed?
         sign_in_and_redirect(user)
       else
-        redirect_to new_session_path, alert: "Invalid or expired magic link."
+        redirect_to new_session_path, alert: 'Invalid or expired magic link.'
       end
     end
 
@@ -82,9 +86,10 @@ module RailsSimpleAuth
     end
 
     def sign_in_and_redirect(user)
+      destroy_temporary_user_session(user)
       create_session_for(user)
       run_after_sign_in_callback(user)
-      redirect_to stored_location_or_default, notice: "Signed in successfully."
+      redirect_to stored_location_or_default, notice: 'Signed in successfully.'
     end
   end
 end

data/app/mailers/rails_simple_auth/auth_mailer.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module RailsSimpleAuth
-  class AuthMailer < ActionMailer::Base
+  class AuthMailer < ApplicationMailer
     default from: -> { RailsSimpleAuth.configuration.mailer_sender }
 
     def confirmation(user, token)
@@ -9,9 +9,12 @@ module RailsSimpleAuth
       @token = token
       @confirmation_url = main_app.confirmation_url(token: token)
 
+      # Use confirmable_email for reconfirmation (email change) scenarios
+      recipient = user.respond_to?(:confirmable_email) ? user.confirmable_email : user.email
+
       mail(
-        to: user.email_address,
-        subject: "Confirm your email"
+        to: recipient,
+        subject: 'Confirm your email'
       )
     end
 
@@ -21,8 +24,8 @@ module RailsSimpleAuth
       @magic_link_url = main_app.magic_link_url(token: token)
 
       mail(
-        to: user.email_address,
-        subject: "Sign in to your account"
+        to: user.email,
+        subject: 'Sign in to your account'
       )
     end
 
@@ -32,8 +35,8 @@ module RailsSimpleAuth
       @password_reset_url = main_app.edit_password_url(token: token)
 
       mail(
-        to: user.email_address,
-        subject: "Reset your password"
+        to: user.email,
+        subject: 'Reset your password'
       )
     end
 

data/app/views/rails_simple_auth/confirmations/new.html.erb

@@ -8,8 +8,8 @@
 
     <%= form_with url: main_app.confirmations_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
               class: "rsa-auth-form__input",
               required: true,
               autofocus: true %>

data/app/views/rails_simple_auth/passwords/new.html.erb

@@ -8,8 +8,8 @@
 
     <%= form_with url: main_app.passwords_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
               class: "rsa-auth-form__input",
               required: true,
               autofocus: true %>

data/app/views/rails_simple_auth/registrations/new.html.erb

@@ -4,13 +4,13 @@
 
     <%= form_with model: @user, url: main_app.sign_up_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
-              class: "rsa-auth-form__input #{@user.errors[:email_address].any? ? 'rsa-auth-form__input--error' : ''}",
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
+              class: "rsa-auth-form__input #{@user.errors[:email].any? ? 'rsa-auth-form__input--error' : ''}",
               required: true,
               autofocus: true %>
-        <% if @user.errors[:email_address].any? %>
-          <p class="rsa-auth-form__error"><%= @user.errors[:email_address].first %></p>
+        <% if @user.errors[:email].any? %>
+          <p class="rsa-auth-form__error"><%= @user.errors[:email].first %></p>
         <% end %>
       </div>
 

data/app/views/rails_simple_auth/sessions/magic_link_form.html.erb

@@ -8,8 +8,8 @@
 
     <%= form_with url: main_app.request_magic_link_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
               class: "rsa-auth-form__input",
               required: true,
               autofocus: true %>

data/app/views/rails_simple_auth/sessions/new.html.erb

@@ -4,8 +4,8 @@
 
     <%= form_with url: main_app.session_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
               class: "rsa-auth-form__input #{@error_message.present? ? 'rsa-auth-form__input--error' : ''}",
               required: true,
               autofocus: true,

data/lib/generators/rails_simple_auth/css/css_generator.rb

@@ -1,35 +1,35 @@
 # frozen_string_literal: true
 
-require "rails/generators"
+require 'rails/generators'
 
 module RailsSimpleAuth
   module Generators
     class CssGenerator < Rails::Generators::Base
-      source_root File.expand_path("templates", __dir__)
+      source_root File.expand_path('templates', __dir__)
 
-      class_option :path, type: :string, default: "app/assets/stylesheets",
-                   desc: "Path to copy CSS to"
+      class_option :path, type: :string, default: 'app/assets/stylesheets',
+                          desc: 'Path to copy CSS to'
 
       def copy_css
-        template "rails_simple_auth.css", "#{options[:path]}/rails_simple_auth.css"
+        template 'rails_simple_auth.css', "#{options[:path]}/rails_simple_auth.css"
 
-        say ""
+        say ''
         say "CSS copied to #{options[:path]}/rails_simple_auth.css", :green
-        say ""
-        say "To use this CSS:"
-        say ""
-        say "  1. Include in your application.css or layout:"
+        say ''
+        say 'To use this CSS:'
+        say ''
+        say '  1. Include in your application.css or layout:'
         say "     <%= stylesheet_link_tag 'rails_simple_auth' %>"
-        say ""
-        say "  2. Customize by overriding CSS variables in your own stylesheet:"
-        say ""
-        say "     :root {"
-        say "       --rsa-color-primary: #your-brand-color;"
-        say "       --rsa-color-background-form: #your-form-bg;"
-        say "     }"
-        say ""
-        say "  3. Or edit rails_simple_auth.css directly."
-        say ""
+        say ''
+        say '  2. Customize by overriding CSS variables in your own stylesheet:'
+        say ''
+        say '     :root {'
+        say '       --rsa-color-primary: #your-brand-color;'
+        say '       --rsa-color-background-form: #your-form-bg;'
+        say '     }'
+        say ''
+        say '  3. Or edit rails_simple_auth.css directly.'
+        say ''
       end
     end
   end