Add lockable by default

.github/workflows/CI.yml

@@ -22,7 +22,7 @@ jobs:
           bundler-cache: true
 
       - name: Install the latest Rails gem
-        run: gem install rails -v "7.1.0"
+        run: gem install rails -v "7.2.1"
 
       - name: Install Rubocop
         run: gem install rubocop rubocop-performance rubocop-minitest rubocop-packaging rubocop-minitest rubocop-rails
@@ -65,7 +65,7 @@ jobs:
           bundler-cache: true
 
       - name: Install the latest Rails gem
-        run: gem install rails -v "7.1.0"
+        run: gem install rails -v "7.2.1"
 
       - name: Install Rubocop
         run: gem install rubocop rubocop-performance rubocop-minitest rubocop-packaging rubocop-minitest rubocop-rails

README.md

@@ -45,7 +45,6 @@ Since Authentication Zero generates this code into your application instead of b
 - Ask password before sensitive data changes, aka: sudo (--sudoable)
 - Reset the user password and send reset instructions
 - Reset the user password only from verified emails
-- Lock mechanism to prevent email bombing (--lockable)
 - Rate limiting for your app, 1000 reqs/minute (--ratelimit)
 - Send e-mail confirmation when your email has been changed
 - Manage multiple sessions & devices

lib/authentication_zero/version.rb

@@ -1,3 +1,3 @@
 module AuthenticationZero
-  VERSION = "4.0.0"
+  VERSION = "4.0.1"
 end

lib/generators/authentication/authentication_generator.rb

@@ -6,9 +6,8 @@ class AuthenticationGenerator < Rails::Generators::Base
   class_option :api,           type: :boolean, desc: "Generates API authentication"
   class_option :pwned,         type: :boolean, desc: "Add pwned password validation"
   class_option :sudoable,      type: :boolean, desc: "Add password request before sensitive data changes"
-  class_option :lockable,      type: :boolean, desc: "Add password reset locking"
   class_option :ratelimit,     type: :boolean, desc: "Add request rate limiting"
-  class_option :passwordless,  type: :boolean, desc: "Add passwordless sign"
+  class_option :passwordless,  type: :boolean, desc: "Add passwordless sign in"
   class_option :omniauthable,  type: :boolean, desc: "Add social login support"
   class_option :trackable,     type: :boolean, desc: "Add activity log support"
   class_option :two_factor,    type: :boolean, desc: "Add two factor authentication"

lib/generators/authentication/templates/controllers/api/identity/password_resets_controller.rb.tt

@@ -1,9 +1,7 @@
 class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
-
-  <%- if options.lockable? -%>
   rate_limit to: 10, within: 1.hour, only: :create
-  <%- end -%>
+
   before_action :set_user, only: :update
 
   def edit

lib/generators/authentication/templates/controllers/html/identity/password_resets_controller.rb.tt

@@ -1,9 +1,7 @@
 class Identity::PasswordResetsController < ApplicationController
   skip_before_action :authenticate
-
-  <%- if options.lockable? -%>
   rate_limit to: 10, within: 1.hour, only: :create, with: -> { redirect_to root_path, alert: "Try again later" }
-  <%- end -%>
+
   before_action :set_user, only: %i[ edit update ]
 
   def new

lib/generators/authentication/templates/controllers/html/sessions/passwordlesses_controller.rb.tt

@@ -1,9 +1,7 @@
 class Sessions::PasswordlessesController < ApplicationController
   skip_before_action :authenticate
-
-  <%- if options.lockable? -%>
   rate_limit to: 10, within: 1.hour, only: :create, with: -> { redirect_to root_path, alert: "Try again later" }
-  <%- end -%>
+
   before_action :set_user, only: :edit
 
   def new