rails_simple_auth 1.0.1 → 1.0.3

data/app/controllers/rails_simple_auth/sessions_controller.rb

@@ -8,13 +8,17 @@ module RailsSimpleAuth
 
     unless Rails.env.local?
       rate_limit to: 5, within: 15.minutes, by: -> { client_ip }, only: :create,
-                 with: -> { redirect_to new_session_path, alert: "Too many login attempts. Please try again later." }
+                 with: -> { redirect_to new_session_path, alert: 'Too many login attempts. Please try again later.' }
 
-      rate_limit to: 3, within: 10.minutes, by: -> { params[:email_address].to_s.downcase }, only: :request_magic_link,
-                 with: -> { redirect_to new_session_path, alert: "Too many magic link requests. Please try again later." }
+      rate_limit to: 3, within: 10.minutes, by: -> { params[:email].to_s.downcase }, only: :request_magic_link,
+                 with: lambda {
+                   redirect_to new_session_path, alert: 'Too many magic link requests. Please try again later.'
+                 }
 
       rate_limit to: 5, within: 15.minutes, by: -> { client_ip }, only: :magic_link_login,
-                 with: -> { redirect_to new_session_path, alert: "Too many magic link attempts. Please try again later." }
+                 with: lambda {
+                   redirect_to new_session_path, alert: 'Too many magic link attempts. Please try again later.'
+                 }
     end
 
     def new
@@ -22,20 +26,20 @@ module RailsSimpleAuth
     end
 
     def create
-      user = user_class.find_by_email(params[:email_address]) || user_class.new(password: SecureRandom.hex(32))
+      user = user_class.find_by(email: params[:email]) || user_class.new(password: SecureRandom.hex(32))
 
       if user.authenticate(params[:password]) && user.persisted?
         if confirmation_required_for?(user)
-          @error_message = "Please confirm your email before signing in."
-          @previous_email = params[:email_address]
+          @error_message = 'Please confirm your email before signing in.'
+          @previous_email = params[:email]
           render :new, status: :unprocessable_content
         else
           sign_in_and_redirect(user)
         end
       else
-        Rails.logger.warn("Failed login attempt for email: #{params[:email_address]} from IP: #{client_ip}")
-        @error_message = "Invalid email or password"
-        @previous_email = params[:email_address]
+        Rails.logger.warn("Failed login attempt for email: #{params[:email]} from IP: #{client_ip}")
+        @error_message = 'Invalid email or password'
+        @previous_email = params[:email]
         render :new, status: :unprocessable_content
       end
     end
@@ -44,7 +48,7 @@ module RailsSimpleAuth
       user = current_user
       destroy_current_session
       run_after_sign_out_callback(user) if user
-      redirect_to resolve_path(:after_sign_out_path), notice: "Signed out successfully."
+      redirect_to resolve_path(:after_sign_out_path), notice: 'Signed out successfully.'
     end
 
     def magic_link_form
@@ -52,24 +56,30 @@ module RailsSimpleAuth
     end
 
     def request_magic_link
-      user = user_class.find_by_email(params[:email_address])
+      user = user_class.find_by(email: params[:email])
 
-      if user && user.respond_to?(:generate_magic_link_token)
+      if user.respond_to?(:generate_magic_link_token)
         token = user.generate_magic_link_token
         RailsSimpleAuth.configuration.mailer.magic_link(user, token).deliver_later
       end
 
-      redirect_to new_session_path, notice: "If an account exists with that email, a magic link has been sent."
+      redirect_to new_session_path, notice: 'If an account exists with that email, a magic link has been sent.'
     end
 
     def magic_link_login
       user = user_class.find_signed(params[:token], purpose: :magic_link)
 
       if user
-        user.confirm! if user.respond_to?(:confirm!) && user.respond_to?(:unconfirmed?) && user.unconfirmed?
+        # Auto-confirm unconfirmed users via magic link (email ownership verified)
+        if user.respond_to?(:confirm!) && user.respond_to?(:unconfirmed?) && user.unconfirmed? && !user.confirm!
+          # Confirmation failed (e.g., email already taken during reconfirmation)
+          error_message = user.errors.full_messages.first || 'Could not confirm email.'
+          redirect_to new_session_path, alert: error_message
+          return
+        end
         sign_in_and_redirect(user)
       else
-        redirect_to new_session_path, alert: "Invalid or expired magic link."
+        redirect_to new_session_path, alert: 'Invalid or expired magic link.'
       end
     end
 
@@ -82,9 +92,10 @@ module RailsSimpleAuth
     end
 
     def sign_in_and_redirect(user)
+      destroy_temporary_user_session(user)
       create_session_for(user)
       run_after_sign_in_callback(user)
-      redirect_to stored_location_or_default, notice: "Signed in successfully."
+      redirect_to stored_location_or_default, notice: 'Signed in successfully.'
     end
   end
 end

data/app/mailers/rails_simple_auth/auth_mailer.rb

@@ -1,17 +1,23 @@
 # frozen_string_literal: true
 
 module RailsSimpleAuth
-  class AuthMailer < ActionMailer::Base
+  class AuthMailer < ApplicationMailer
     default from: -> { RailsSimpleAuth.configuration.mailer_sender }
 
+    # Use the mailers folder for templates instead of auth_mailer
+    self.mailer_name = 'rails_simple_auth/mailers'
+
     def confirmation(user, token)
       @user = user
       @token = token
       @confirmation_url = main_app.confirmation_url(token: token)
 
+      # Use confirmable_email for reconfirmation (email change) scenarios
+      recipient = user.respond_to?(:confirmable_email) ? user.confirmable_email : user.email
+
       mail(
-        to: user.email_address,
-        subject: "Confirm your email"
+        to: recipient,
+        subject: 'Confirm your email'
       )
     end
 
@@ -21,8 +27,8 @@ module RailsSimpleAuth
       @magic_link_url = main_app.magic_link_url(token: token)
 
       mail(
-        to: user.email_address,
-        subject: "Sign in to your account"
+        to: user.email,
+        subject: 'Sign in to your account'
       )
     end
 
@@ -32,8 +38,8 @@ module RailsSimpleAuth
       @password_reset_url = main_app.edit_password_url(token: token)
 
       mail(
-        to: user.email_address,
-        subject: "Reset your password"
+        to: user.email,
+        subject: 'Reset your password'
       )
     end
 

data/app/views/rails_simple_auth/confirmations/new.html.erb

@@ -8,8 +8,8 @@
 
     <%= form_with url: main_app.confirmations_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
               class: "rsa-auth-form__input",
               required: true,
               autofocus: true %>

data/app/views/rails_simple_auth/passwords/new.html.erb

@@ -8,8 +8,8 @@
 
     <%= form_with url: main_app.passwords_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
               class: "rsa-auth-form__input",
               required: true,
               autofocus: true %>

data/app/views/rails_simple_auth/registrations/new.html.erb

@@ -4,13 +4,13 @@
 
     <%= form_with model: @user, url: main_app.sign_up_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
-              class: "rsa-auth-form__input #{@user.errors[:email_address].any? ? 'rsa-auth-form__input--error' : ''}",
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
+              class: "rsa-auth-form__input #{@user.errors[:email].any? ? 'rsa-auth-form__input--error' : ''}",
               required: true,
               autofocus: true %>
-        <% if @user.errors[:email_address].any? %>
-          <p class="rsa-auth-form__error"><%= @user.errors[:email_address].first %></p>
+        <% if @user.errors[:email].any? %>
+          <p class="rsa-auth-form__error"><%= @user.errors[:email].first %></p>
         <% end %>
       </div>
 

data/app/views/rails_simple_auth/sessions/magic_link_form.html.erb

@@ -8,8 +8,8 @@
 
     <%= form_with url: main_app.request_magic_link_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
               class: "rsa-auth-form__input",
               required: true,
               autofocus: true %>

data/app/views/rails_simple_auth/sessions/new.html.erb

@@ -4,8 +4,8 @@
 
     <%= form_with url: main_app.session_path, class: "rsa-auth-form__form" do |form| %>
       <div class="rsa-auth-form__group">
-        <%= form.label :email_address, "Email", class: "rsa-auth-form__label" %>
-        <%= form.email_field :email_address,
+        <%= form.label :email, "Email", class: "rsa-auth-form__label" %>
+        <%= form.email_field :email,
               class: "rsa-auth-form__input #{@error_message.present? ? 'rsa-auth-form__input--error' : ''}",
               required: true,
               autofocus: true,

data/lib/generators/rails_simple_auth/css/css_generator.rb

@@ -1,35 +1,35 @@
 # frozen_string_literal: true
 
-require "rails/generators"
+require 'rails/generators'
 
 module RailsSimpleAuth
   module Generators
     class CssGenerator < Rails::Generators::Base
-      source_root File.expand_path("templates", __dir__)
+      source_root File.expand_path('templates', __dir__)
 
-      class_option :path, type: :string, default: "app/assets/stylesheets",
-                   desc: "Path to copy CSS to"
+      class_option :path, type: :string, default: 'app/assets/stylesheets',
+                          desc: 'Path to copy CSS to'
 
       def copy_css
-        template "rails_simple_auth.css", "#{options[:path]}/rails_simple_auth.css"
+        template 'rails_simple_auth.css', "#{options[:path]}/rails_simple_auth.css"
 
-        say ""
+        say ''
         say "CSS copied to #{options[:path]}/rails_simple_auth.css", :green
-        say ""
-        say "To use this CSS:"
-        say ""
-        say "  1. Include in your application.css or layout:"
+        say ''
+        say 'To use this CSS:'
+        say ''
+        say '  1. Include in your application.css or layout:'
         say "     <%= stylesheet_link_tag 'rails_simple_auth' %>"
-        say ""
-        say "  2. Customize by overriding CSS variables in your own stylesheet:"
-        say ""
-        say "     :root {"
-        say "       --rsa-color-primary: #your-brand-color;"
-        say "       --rsa-color-background-form: #your-form-bg;"
-        say "     }"
-        say ""
-        say "  3. Or edit rails_simple_auth.css directly."
-        say ""
+        say ''
+        say '  2. Customize by overriding CSS variables in your own stylesheet:'
+        say ''
+        say '     :root {'
+        say '       --rsa-color-primary: #your-brand-color;'
+        say '       --rsa-color-background-form: #your-form-bg;'
+        say '     }'
+        say ''
+        say '  3. Or edit rails_simple_auth.css directly.'
+        say ''
       end
     end
   end

data/lib/generators/rails_simple_auth/install/install_generator.rb

@@ -1,64 +1,64 @@
 # frozen_string_literal: true
 
-require "rails/generators"
-require "rails/generators/active_record"
+require 'rails/generators'
+require 'rails/generators/active_record'
 
 module RailsSimpleAuth
   module Generators
     class InstallGenerator < Rails::Generators::Base
       include Rails::Generators::Migration
 
-      source_root File.expand_path("templates", __dir__)
+      source_root File.expand_path('templates', __dir__)
 
-      class_option :user_model, type: :string, default: "User",
-                   desc: "Name of your User model"
+      class_option :user_model, type: :string, default: 'User',
+                                desc: 'Name of your User model'
       class_option :skip_migration, type: :boolean, default: false,
-                   desc: "Skip generating migration"
+                                    desc: 'Skip generating migration'
 
       def self.next_migration_number(dirname)
         ActiveRecord::Generators::Base.next_migration_number(dirname)
       end
 
       def create_initializer
-        template "initializer.rb", "config/initializers/rails_simple_auth.rb"
+        template 'initializer.rb', 'config/initializers/rails_simple_auth.rb'
       end
 
       def create_migration
         return if options[:skip_migration]
 
-        migration_template "migration.rb", "db/migrate/add_rails_simple_auth.rb"
+        migration_template 'migration.rb', 'db/migrate/add_rails_simple_auth.rb'
       end
 
       def add_routes
-        route "rails_simple_auth_routes"
+        route 'rails_simple_auth_routes'
       end
 
       def show_instructions
-        say ""
-        say "RailsSimpleAuth installed successfully!", :green
-        say ""
-        say "Next steps:"
-        say "  1. Review and edit the migration: db/migrate/xxx_add_rails_simple_auth.rb"
-        say "  2. Run: rails db:migrate"
+        say ''
+        say 'RailsSimpleAuth installed successfully!', :green
+        say ''
+        say 'Next steps:'
+        say '  1. Review and edit the migration: db/migrate/xxx_add_rails_simple_auth.rb'
+        say '  2. Run: rails db:migrate'
         say "  3. Add concerns to your #{options[:user_model]} model:"
-        say ""
+        say ''
         say "     class #{options[:user_model]} < ApplicationRecord"
-        say "       include RailsSimpleAuth::Models::Concerns::Authenticatable"
-        say "       include RailsSimpleAuth::Models::Concerns::Confirmable      # optional"
-        say "       include RailsSimpleAuth::Models::Concerns::MagicLinkable    # optional"
-        say "       include RailsSimpleAuth::Models::Concerns::OAuthConnectable # optional"
-        say "     end"
-        say ""
-        say "  4. Add before_action to protect routes:"
-        say ""
-        say "     class ApplicationController < ActionController::Base"
-        say "       before_action :require_authentication"
-        say "     end"
-        say ""
-        say "Optional generators:"
-        say "  rails generate rails_simple_auth:views  # Copy views for customization"
-        say "  rails generate rails_simple_auth:css    # Copy CSS for styling"
-        say ""
+        say '       include RailsSimpleAuth::Models::Concerns::Authenticatable'
+        say '       include RailsSimpleAuth::Models::Concerns::Confirmable      # optional'
+        say '       include RailsSimpleAuth::Models::Concerns::MagicLinkable    # optional'
+        say '       include RailsSimpleAuth::Models::Concerns::OAuthConnectable # optional'
+        say '     end'
+        say ''
+        say '  4. Add before_action to protect routes:'
+        say ''
+        say '     class ApplicationController < ActionController::Base'
+        say '       before_action :require_authentication'
+        say '     end'
+        say ''
+        say 'Optional generators:'
+        say '  rails generate rails_simple_auth:views  # Copy views for customization'
+        say '  rails generate rails_simple_auth:css    # Copy CSS for styling'
+        say ''
       end
     end
   end

data/lib/generators/rails_simple_auth/install/templates/initializer.rb

@@ -58,14 +58,14 @@ RailsSimpleAuth.configure do |config|
   # ============================================================================
 
   # Layout to use for auth pages (default: "application")
-  config.layout = "application"
+  config.layout = 'application'
 
   # ============================================================================
   # Mailer
   # ============================================================================
 
   # From address for auth emails
-  config.mailer_sender = ENV.fetch("MAILER_FROM", "noreply@example.com")
+  config.mailer_sender = ENV.fetch('MAILER_FROM', 'noreply@example.com')
 
   # Custom mailer class (must implement confirmation, magic_link, password_reset methods)
   # config.mailer_class = "RailsSimpleAuth::AuthMailer"
@@ -75,7 +75,7 @@ RailsSimpleAuth.configure do |config|
   # ============================================================================
 
   # Your user model class name
-  config.user_class_name = "<%= options[:user_model] %>"
+  config.user_class_name = '<%= options[:user_model] %>'
 
   # Custom session model (if you want to use your own)
   # config.session_class_name = "RailsSimpleAuth::Session"

data/lib/generators/rails_simple_auth/install/templates/migration.rb

@@ -11,7 +11,7 @@ class AddRailsSimpleAuth < ActiveRecord::Migration[8.0]
     # Uncomment and modify as needed:
 
     # Required fields for authentication
-    # add_column :users, :email_address, :string, null: false
+    # add_column :users, :email, :string, null: false
     # add_column :users, :password_digest, :string, null: false
 
     # Email confirmation (optional - if using Confirmable concern)
@@ -22,7 +22,7 @@ class AddRailsSimpleAuth < ActiveRecord::Migration[8.0]
     # add_column :users, :admin, :boolean, default: false
 
     # Indexes
-    # add_index :users, :email_address, unique: true
+    # add_index :users, :email, unique: true
     # add_index :users, :confirmed_at
 
     # ============================================================================

data/lib/generators/rails_simple_auth/temporary_users/USAGE

@@ -0,0 +1,21 @@
+Description:
+    Creates a migration to add temporary user support to your User model.
+    Temporary users allow guest/demo user flows where visitors can try
+    your app without signing up, then convert to permanent accounts.
+
+Example:
+    bin/rails generate rails_simple_auth:temporary_users
+
+    This will create:
+        db/migrate/YYYYMMDDHHMMSS_add_temporary_to_users.rb
+
+    After running the migration, include the concern in your User model:
+        include RailsSimpleAuth::Models::Concerns::TemporaryUser
+
+    And enable in your initializer:
+        config.temporary_users_enabled = true
+
+    The concern provides:
+        - temporary? / permanent? methods
+        - temporary / permanent / temporary_expired scopes
+        - convert_to_permanent!(email:, password:) for account conversion

data/lib/generators/rails_simple_auth/temporary_users/templates/add_temporary_to_users.rb.erb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class AddTemporaryToUsers < ActiveRecord::Migration[<%= Rails::VERSION::MAJOR %>.<%= Rails::VERSION::MINOR %>]
+  def change
+    add_column :users, :temporary, :boolean, default: false, null: false
+    add_index :users, [:temporary, :created_at], name: "index_users_on_temporary_and_created_at"
+  end
+end

data/lib/generators/rails_simple_auth/temporary_users/temporary_users_generator.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'rails/generators'
+require 'rails/generators/active_record'
+
+module RailsSimpleAuth
+  module Generators
+    class TemporaryUsersGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+
+      source_root File.expand_path('templates', __dir__)
+
+      desc 'Creates a migration to add temporary user support to your User model'
+
+      def self.next_migration_number(dirname)
+        ActiveRecord::Generators::Base.next_migration_number(dirname)
+      end
+
+      def create_migration_file
+        migration_template 'add_temporary_to_users.rb.erb',
+                           'db/migrate/add_temporary_to_users.rb'
+      end
+
+      def show_instructions
+        say ''
+        say 'Temporary users migration created!', :green
+        say ''
+        say 'Next steps:', :yellow
+        say '  1. Run: bin/rails db:migrate'
+        say ''
+        say '  2. Include the concern in your User model:'
+        say '     include RailsSimpleAuth::Models::Concerns::TemporaryUser'
+        say ''
+        say '  3. Enable in your initializer:'
+        say '     config.temporary_users_enabled = true'
+        say ''
+      end
+    end
+  end
+end

data/lib/generators/rails_simple_auth/views/views_generator.rb

@@ -1,26 +1,26 @@
 # frozen_string_literal: true
 
-require "rails/generators"
+require 'rails/generators'
 
 module RailsSimpleAuth
   module Generators
     class ViewsGenerator < Rails::Generators::Base
-      source_root File.expand_path("../../../../app/views/rails_simple_auth", __dir__)
+      source_root File.expand_path('../../../../app/views/rails_simple_auth', __dir__)
 
       class_option :only, type: :array, default: [],
-                   desc: "Only copy specific view directories (sessions, registrations, passwords, confirmations, mailers)"
+                          desc: 'Only copy specific view directories (sessions, registrations, passwords, confirmations, mailers)'
 
       def copy_views
         view_directories.each do |dir|
           directory dir, "app/views/rails_simple_auth/#{dir}"
         end
 
-        say ""
-        say "Views copied to app/views/rails_simple_auth/", :green
-        say ""
-        say "You can now customize these views. Rails will use your local copies"
+        say ''
+        say 'Views copied to app/views/rails_simple_auth/', :green
+        say ''
+        say 'You can now customize these views. Rails will use your local copies'
         say "instead of the gem's views."
-        say ""
+        say ''
       end
 
       private

data/lib/rails_simple_auth/configuration.rb

@@ -10,14 +10,17 @@ module RailsSimpleAuth
                   :mailer_sender, :mailer_class,
                   :user_class_name, :session_class_name,
                   :password_minimum_length,
-                  :after_sign_in_callback, :after_sign_out_callback, :after_sign_up_callback, :after_confirmation_callback
+                  :after_sign_in_callback, :after_sign_out_callback, :after_sign_up_callback, :after_confirmation_callback,
+                  :temporary_users_enabled
+
+    attr_reader :temporary_user_cleanup_days
 
     def initialize
       @magic_link_enabled = true
       @email_confirmation_enabled = true
       @oauth_enabled = false
       @oauth_providers = []
-      @oauth_link_existing_accounts = true  # Allow OAuth to link to existing email accounts
+      @oauth_link_existing_accounts = true # Allow OAuth to link to existing email accounts
 
       @magic_link_expiry = 15.minutes
       @password_reset_expiry = 15.minutes
@@ -37,14 +40,14 @@ module RailsSimpleAuth
       @after_sign_up_path = :root_path
       @after_confirmation_path = :new_session_path
 
-      @layout = "rails_simple_auth"
+      @layout = 'rails_simple_auth'
       @app_name = nil
 
-      @mailer_sender = "noreply@example.com"
-      @mailer_class = "RailsSimpleAuth::AuthMailer"
+      @mailer_sender = 'noreply@example.com'
+      @mailer_class = 'RailsSimpleAuth::AuthMailer'
 
-      @user_class_name = "User"
-      @session_class_name = "RailsSimpleAuth::Session"
+      @user_class_name = 'User'
+      @session_class_name = 'RailsSimpleAuth::Session'
 
       @password_minimum_length = 8
 
@@ -52,6 +55,9 @@ module RailsSimpleAuth
       @after_sign_out_callback = nil
       @after_sign_up_callback = nil
       @after_confirmation_callback = nil
+
+      @temporary_users_enabled = false
+      @temporary_user_cleanup_days = 7
     end
 
     def user_class
@@ -93,5 +99,13 @@ module RailsSimpleAuth
     def rate_limit_for(action)
       rate_limits&.dig(action.to_sym)
     end
+
+    def temporary_user_cleanup_days=(value)
+      unless value.is_a?(Integer) && value.positive?
+        raise ConfigurationError, 'temporary_user_cleanup_days must be a positive integer'
+      end
+
+      @temporary_user_cleanup_days = value
+    end
   end
 end