rails_simple_auth 1.0.1 → 1.0.2

data/lib/rails_simple_auth/models/concerns/temporary_user.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+module RailsSimpleAuth
+  module Models
+    module Concerns
+      module TemporaryUser
+        extend ActiveSupport::Concern
+
+        included do
+          scope :temporary, -> { where(temporary: true) }
+          scope :permanent, -> { where(temporary: false) }
+          scope :temporary_expired, lambda { |days = nil|
+            cleanup_days = days || RailsSimpleAuth.configuration.temporary_user_cleanup_days
+            raise ConfigurationError, 'temporary_user_cleanup_days must be configured' unless cleanup_days&.positive?
+
+            temporary.where(created_at: ...cleanup_days.days.ago)
+          }
+        end
+
+        def temporary?
+          temporary == true
+        end
+
+        def permanent?
+          !temporary?
+        end
+
+        # Convert a temporary user to a permanent user with email and password
+        # Returns self on success, false on failure (with errors populated)
+        def convert_to_permanent!(email:, password:)
+          # Validate email uniqueness upfront (better UX than failing inside transaction)
+          if self.class.where.not(id: id).exists?(email: email)
+            errors.add(:email, 'has already been taken')
+            return false
+          end
+
+          transaction do
+            # Reload to discard any unpersisted changes from callbacks before locking
+            reload
+            lock!
+
+            unless temporary?
+              errors.add(:base, 'User is already permanent')
+              raise ActiveRecord::Rollback
+            end
+
+            attrs = {
+              email: email,
+              password: password,
+              temporary: false
+            }
+            # Reset confirmation so new email requires verification
+            attrs[:confirmed_at] = nil if respond_to?(:confirmed_at)
+
+            raise ActiveRecord::Rollback unless update(attrs)
+          end
+
+          # Check if transaction was rolled back
+          return false if errors.any? || temporary?
+
+          invalidate_all_sessions!
+          send_conversion_confirmation_email
+          Rails.logger.info("[RailsSimpleAuth] Converted temporary user #{id} to permanent")
+          self
+        rescue ActiveRecord::RecordNotUnique
+          errors.add(:email, 'has already been taken')
+          false
+        end
+
+        class_methods do
+          # Cleanup expired temporary users in batches
+          # @param days [Integer, nil] Override for cleanup_days config
+          # @param batch_size [Integer] Number of users to process per batch
+          # @return [Integer] Number of users destroyed
+          def cleanup_expired_temporary!(days: nil, batch_size: 100)
+            count = 0
+            temporary_expired(days).find_each(batch_size: batch_size) do |user|
+              user.destroy
+              count += 1
+            end
+            Rails.logger.info("[RailsSimpleAuth] Cleaned up #{count} expired temporary users")
+            count
+          end
+        end
+
+        private
+
+        def send_conversion_confirmation_email
+          return unless RailsSimpleAuth.configuration.email_confirmation_enabled
+          return unless respond_to?(:generate_confirmation_token)
+
+          token = generate_confirmation_token
+          RailsSimpleAuth.configuration.mailer.confirmation(self, token).deliver_later
+
+          Rails.logger.info("[RailsSimpleAuth] Queued confirmation email for converted user #{id}")
+        rescue ArgumentError, NoMethodError, RailsSimpleAuth::ConfigurationError => e
+          # Configuration or method errors - log but don't fail conversion
+          Rails.logger.error(
+            "[RailsSimpleAuth] Failed to send confirmation email for user #{id}: #{e.class}: #{e.message}"
+          )
+        end
+      end
+    end
+  end
+end

data/lib/rails_simple_auth/models/session.rb

@@ -1,14 +1,12 @@
 # frozen_string_literal: true
 
 module RailsSimpleAuth
-  class Session < ActiveRecord::Base
-    self.table_name = "sessions"
+  class Session < ::ApplicationRecord
+    self.table_name = 'sessions'
 
     # Use lambda to defer class resolution until runtime
     belongs_to :user, class_name: -> { RailsSimpleAuth.configuration.user_class_name }
 
-    validates :user_id, presence: true
-
     scope :recent, -> { order(created_at: :desc) }
     scope :active, -> { where(created_at: RailsSimpleAuth.configuration.session_expiry.ago..) }
     scope :expired, -> { where(created_at: ...RailsSimpleAuth.configuration.session_expiry.ago) }

data/lib/rails_simple_auth/routes.rb

@@ -4,11 +4,11 @@ module RailsSimpleAuth
   module Routes
     def rails_simple_auth_routes(options = {})
       controllers = {
-        sessions: options.fetch(:sessions_controller, "rails_simple_auth/sessions"),
-        registrations: options.fetch(:registrations_controller, "rails_simple_auth/registrations"),
-        passwords: options.fetch(:passwords_controller, "rails_simple_auth/passwords"),
-        confirmations: options.fetch(:confirmations_controller, "rails_simple_auth/confirmations"),
-        omniauth: options.fetch(:omniauth_controller, "rails_simple_auth/omniauth_callbacks")
+        sessions: options.fetch(:sessions_controller, 'rails_simple_auth/sessions'),
+        registrations: options.fetch(:registrations_controller, 'rails_simple_auth/registrations'),
+        passwords: options.fetch(:passwords_controller, 'rails_simple_auth/passwords'),
+        confirmations: options.fetch(:confirmations_controller, 'rails_simple_auth/confirmations'),
+        omniauth: options.fetch(:omniauth_controller, 'rails_simple_auth/omniauth_callbacks')
       }
 
       config = RailsSimpleAuth.configuration
@@ -16,29 +16,29 @@ module RailsSimpleAuth
       # Core authentication routes (always registered)
       resource :session, only: %i[new create destroy], controller: controllers[:sessions]
 
-      get "sign_up", to: "#{controllers[:registrations]}#new", as: :sign_up
-      post "sign_up", to: "#{controllers[:registrations]}#create"
+      get 'sign_up', to: "#{controllers[:registrations]}#new", as: :sign_up
+      post 'sign_up', to: "#{controllers[:registrations]}#create"
 
       resources :passwords, param: :token, only: %i[new create edit update], controller: controllers[:passwords]
 
       # Email confirmation routes (only when enabled)
       if config.email_confirmation_enabled
         resources :confirmations, only: %i[new create], controller: controllers[:confirmations]
-        get "confirmations/:token", to: "#{controllers[:confirmations]}#show", as: :confirmation
+        get 'confirmations/:token', to: "#{controllers[:confirmations]}#show", as: :confirmation
       end
 
       # Magic link routes (only when enabled)
       if config.magic_link_enabled
-        get "magic_link_form", to: "#{controllers[:sessions]}#magic_link_form", as: :magic_link_form
-        post "request_magic_link", to: "#{controllers[:sessions]}#request_magic_link", as: :request_magic_link
-        get "magic_link", to: "#{controllers[:sessions]}#magic_link_login", as: :magic_link
+        get 'magic_link_form', to: "#{controllers[:sessions]}#magic_link_form", as: :magic_link_form
+        post 'request_magic_link', to: "#{controllers[:sessions]}#request_magic_link", as: :request_magic_link
+        get 'magic_link', to: "#{controllers[:sessions]}#magic_link_login", as: :magic_link
       end
 
       # OAuth routes (only when enabled)
-      if config.oauth_enabled
-        get "/auth/:provider/callback", to: "#{controllers[:omniauth]}#create", as: :omniauth_callback
-        get "/auth/failure", to: "#{controllers[:omniauth]}#failure", as: :omniauth_failure
-      end
+      return unless config.oauth_enabled
+
+      get '/auth/:provider/callback', to: "#{controllers[:omniauth]}#create", as: :omniauth_callback
+      get '/auth/failure', to: "#{controllers[:omniauth]}#failure", as: :omniauth_failure
     end
   end
 end

data/lib/rails_simple_auth/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module RailsSimpleAuth
-  VERSION = "1.0.1"
+  VERSION = '1.0.2'
 end

data/lib/rails_simple_auth.rb

@@ -1,23 +1,25 @@
 # frozen_string_literal: true
 
-require "rails_simple_auth/version"
-require "rails_simple_auth/configuration"
-require "rails_simple_auth/engine"
+require 'rails_simple_auth/version'
+require 'rails_simple_auth/configuration'
+require 'rails_simple_auth/engine'
 
 # Model concerns
-require "rails_simple_auth/models/concerns/authenticatable"
-require "rails_simple_auth/models/concerns/confirmable"
-require "rails_simple_auth/models/concerns/magic_linkable"
-require "rails_simple_auth/models/concerns/oauth_connectable"
-require "rails_simple_auth/models/current"
-require "rails_simple_auth/models/session"
+require 'rails_simple_auth/models/concerns/authenticatable'
+require 'rails_simple_auth/models/concerns/confirmable'
+require 'rails_simple_auth/models/concerns/magic_linkable'
+require 'rails_simple_auth/models/concerns/oauth_connectable'
+require 'rails_simple_auth/models/concerns/temporary_user'
+require 'rails_simple_auth/models/current'
+# Session is NOT required here - it depends on ApplicationRecord which isn't available at gem load time
+# It will be autoloaded by the engine when Rails is ready
 
 # Controller concerns
-require "rails_simple_auth/controllers/concerns/authentication"
-require "rails_simple_auth/controllers/concerns/session_management"
+require 'rails_simple_auth/controllers/concerns/authentication'
+require 'rails_simple_auth/controllers/concerns/session_management'
 
 # Routes
-require "rails_simple_auth/routes"
+require 'rails_simple_auth/routes'
 
 module RailsSimpleAuth
   class Error < StandardError; end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_simple_auth
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Ivan Kuznetsov
@@ -10,33 +10,33 @@ cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rails
+  name: bcrypt
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '3.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '8.0'
+        version: '3.1'
 - !ruby/object:Gem::Dependency
-  name: bcrypt
+  name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '8.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '8.0'
 description: 'A lightweight authentication gem built on Rails primitives: has_secure_password,
   signed cookies, rate limiting. Supports email/password, magic links, email confirmation,
   and OAuth.'
@@ -72,6 +72,9 @@ files:
 - lib/generators/rails_simple_auth/install/install_generator.rb
 - lib/generators/rails_simple_auth/install/templates/initializer.rb
 - lib/generators/rails_simple_auth/install/templates/migration.rb
+- lib/generators/rails_simple_auth/temporary_users/USAGE
+- lib/generators/rails_simple_auth/temporary_users/templates/add_temporary_to_users.rb.erb
+- lib/generators/rails_simple_auth/temporary_users/temporary_users_generator.rb
 - lib/generators/rails_simple_auth/views/views_generator.rb
 - lib/rails_simple_auth.rb
 - lib/rails_simple_auth/configuration.rb
@@ -82,6 +85,7 @@ files:
 - lib/rails_simple_auth/models/concerns/confirmable.rb
 - lib/rails_simple_auth/models/concerns/magic_linkable.rb
 - lib/rails_simple_auth/models/concerns/oauth_connectable.rb
+- lib/rails_simple_auth/models/concerns/temporary_user.rb
 - lib/rails_simple_auth/models/current.rb
 - lib/rails_simple_auth/models/session.rb
 - lib/rails_simple_auth/routes.rb