beskar 0.0.2 → 0.1.0

data/lib/beskar/models/security_trackable_authenticable.rb

@@ -22,7 +22,7 @@ module Beskar
       def handle_high_risk_lock(security_event, request)
         reason = determine_lock_reason(security_event)
         
-        Rails.logger.warn "[Beskar] Rails auth high-risk lock detected: #{reason}"
+        Beskar::Logger.warn("Rails auth high-risk lock detected: #{reason}")
         
         # Destroy all sessions to immediately lock out attacker
         destroy_all_sessions(except: request.session.id)
@@ -39,18 +39,18 @@ module Beskar
           if except
             # Keep current session but destroy all others
             sessions.where.not(id: except).destroy_all
-            Rails.logger.info "[Beskar] Destroyed #{sessions.count} sessions except current"
+            Beskar::Logger.info("Destroyed #{sessions.count} sessions except current")
           else
             # Destroy ALL sessions including current
             count = sessions.count
             sessions.destroy_all
-            Rails.logger.info "[Beskar] Destroyed all #{count} sessions"
+            Beskar::Logger.info("Destroyed all #{count} sessions")
           end
         else
-          Rails.logger.warn "[Beskar] Model does not have sessions association, cannot destroy sessions"
+          Beskar::Logger.warn("Model does not have sessions association, cannot destroy sessions")
         end
       rescue => e
-        Rails.logger.error "[Beskar] Failed to destroy sessions: #{e.message}"
+        Beskar::Logger.error("Failed to destroy sessions: #{e.message}")
       end
 
       # Determine if emergency password reset is warranted
@@ -125,10 +125,10 @@ module Beskar
             notify_security_team_of_reset(reason, security_event)
           end
           
-          Rails.logger.warn "[Beskar] Emergency password reset performed for user #{id}, reason: #{reason}"
+          Beskar::Logger.warn("Emergency password reset performed for user #{id}, reason: #{reason}")
           
         rescue => e
-          Rails.logger.error "[Beskar] Failed to perform emergency password reset: #{e.message}"
+          Beskar::Logger.error("Failed to perform emergency password reset: #{e.message}")
           
           # Create failed reset event
           security_events.create!(
@@ -149,18 +149,18 @@ module Beskar
       def send_emergency_reset_notification(reason)
         # This should be implemented by the application
         # Example: UserMailer.emergency_password_reset(self, reason).deliver_later
-        Rails.logger.info "[Beskar] Would send emergency reset notification to user #{id}"
+        Beskar::Logger.info("Would send emergency reset notification to user #{id}")
       rescue => e
-        Rails.logger.error "[Beskar] Failed to send emergency reset notification: #{e.message}"
+        Beskar::Logger.error("Failed to send emergency reset notification: #{e.message}")
       end
 
       # Notify security team about emergency password reset
       def notify_security_team_of_reset(reason, security_event)
         # This should be implemented by the application
         # Example: SecurityMailer.emergency_reset_alert(self, reason, security_event).deliver_later
-        Rails.logger.info "[Beskar] Would notify security team about reset for user #{id}"
+        Beskar::Logger.info("Would notify security team about reset for user #{id}")
       rescue => e
-        Rails.logger.error "[Beskar] Failed to notify security team: #{e.message}"
+        Beskar::Logger.error("Failed to notify security team: #{e.message}")
       end
     end
   end

data/lib/beskar/models/security_trackable_devise.rb

@@ -21,7 +21,7 @@ module Beskar
       def track_successful_login
         # Skip tracking if disabled in configuration
         unless Beskar.configuration.track_successful_logins?
-          Rails.logger.debug "[Beskar] Successful login tracking disabled in configuration"
+          Beskar::Logger.debug("Successful login tracking disabled in configuration")
           return
         end
 
@@ -29,7 +29,7 @@ module Beskar
           track_authentication_event(current_request, :success)
         end
       rescue => e
-        Rails.logger.warn "[Beskar] Failed to track successful login: #{e.message}"
+        Beskar::Logger.warn("Failed to track successful login: #{e.message}")
         nil
       end
 
@@ -45,7 +45,7 @@ module Beskar
           .exists?
 
         if recent_lock
-          Rails.logger.warn "[Beskar] High-risk lock detected, signing out user #{id}"
+          Beskar::Logger.warn("High-risk lock detected, signing out user #{id}")
           auth.logout
           throw :warden, message: :account_locked_due_to_high_risk
         end
@@ -66,14 +66,14 @@ module Beskar
           Warden::Manager.current_request
         end
       rescue => e
-        Rails.logger.debug "[Beskar] Could not get request from context: #{e.message}"
+        Beskar::Logger.debug("Could not get request from context: #{e.message}")
         nil
       end
 
       # Devise-specific: Handle high risk lock by creating lock event
       # The actual sign-out is handled by Warden callback in engine.rb
       def handle_high_risk_lock(security_event, request)
-        Rails.logger.debug "[Beskar] Devise account locked - Warden callback will handle sign-out"
+        Beskar::Logger.debug("Devise account locked - Warden callback will handle sign-out")
         # The lock event is already created by AccountLocker service
         # The Warden callback will detect it and perform the actual sign-out
       end

data/lib/beskar/models/security_trackable_generic.rb

@@ -16,7 +16,7 @@ module Beskar
         def track_failed_authentication(request, scope)
           # Skip tracking if disabled in configuration
           unless Beskar.configuration.track_failed_logins?
-            Rails.logger.debug "[Beskar] Failed login tracking disabled in configuration"
+            Beskar::Logger.debug("Failed login tracking disabled in configuration")
             return
           end
 
@@ -77,14 +77,14 @@ module Beskar
           
           if password&.length.to_i > 50
             score += 10
-            Rails.logger.info "[Beskar] Suspicious password length: #{password.length}, adding 10 risk"
+            Beskar::Logger.info("Suspicious password length: #{password.length}, adding 10 risk")
           end
 
           # Use geolocation service for location-based risk
           geolocation_service = Beskar::Services::GeolocationService.new
           geo_score = geolocation_service.calculate_location_risk(request.ip)
           score += geo_score
-          Rails.logger.info "[Beskar] Geolocation risk: #{geo_score}"
+          Beskar::Logger.info("Geolocation risk: #{geo_score}")
 
           [score, 100].min # Cap at 100
         end
@@ -96,10 +96,10 @@ module Beskar
 
         # Check if tracking is enabled for this event type
         if result == :success && !Beskar.configuration.track_successful_logins?
-          Rails.logger.debug "[Beskar] Successful login tracking disabled in configuration"
+          Beskar::Logger.debug("Successful login tracking disabled in configuration")
           return
         elsif result == :failure && !Beskar.configuration.track_failed_logins?
-          Rails.logger.debug "[Beskar] Failed login tracking disabled in configuration"
+          Beskar::Logger.debug("Failed login tracking disabled in configuration")
           return
         end
 
@@ -134,14 +134,14 @@ module Beskar
       def analyze_suspicious_patterns_async
         # Skip analysis if disabled in configuration
         unless Beskar.configuration.auto_analyze_patterns?
-          Rails.logger.debug "[Beskar] Auto pattern analysis disabled in configuration"
+          Beskar::Logger.debug("Auto pattern analysis disabled in configuration")
           return
         end
 
         # Queue background job for detailed analysis
         Beskar::SecurityAnalysisJob.perform_later(self.id, "login_success") if defined?(Beskar::SecurityAnalysisJob)
       rescue => e
-        Rails.logger.warn "[Beskar] Failed to queue security analysis: #{e.message}"
+        Beskar::Logger.warn("Failed to queue security analysis: #{e.message}")
       end
 
       def recent_failed_attempts(within: 1.hour)
@@ -202,18 +202,18 @@ module Beskar
         # Mobile device login during late hours
         if device_detector.mobile?(request.user_agent) && Time.current.hour.between?(22, 6)
           score += 5
-          Rails.logger.info "[Beskar] Mobile device login during late hours, adding 5 risk"
+          Beskar::Logger.info("Mobile device login during late hours, adding 5 risk")
         end
 
         # Account-specific risk factors
         if recent_failed_attempts(within: 10.minutes).count >= 2
           score += 20
-          Rails.logger.info "[Beskar] Recent failed attempts: #{recent_failed_attempts(within: 10.minutes).count}, adding 20 risk"
+          Beskar::Logger.info("Recent failed attempts: #{recent_failed_attempts(within: 10.minutes).count}, adding 20 risk")
         end
 
         # ADAPTIVE LEARNING: Check if this is an established pattern
         if result == :success && established_pattern?(request)
-          Rails.logger.info "[Beskar] Established pattern detected, reducing risk score"
+          Beskar::Logger.info("Established pattern detected, reducing risk score")
           score = [score * 0.3, 25].min.to_i # Reduce to 30% of original, cap at 25
         end
 
@@ -260,7 +260,7 @@ module Beskar
         )
 
         if locker.lock_if_necessary!
-          Rails.logger.warn "[Beskar] Account locked due to high risk score: #{security_event.risk_score}"
+          Beskar::Logger.warn("Account locked due to high risk score: #{security_event.risk_score}")
           
           # Trigger auth-system-specific lock handling
           handle_high_risk_lock(security_event, request)
@@ -294,7 +294,7 @@ module Beskar
 
       # Override this in auth-system-specific modules
       def handle_high_risk_lock(security_event, request)
-        Rails.logger.debug "[Beskar] High risk lock handled - override in specific module"
+        Beskar::Logger.debug("High risk lock handled - override in specific module")
       end
 
       # ADAPTIVE LEARNING: Check if this login pattern is established

data/lib/beskar/services/account_locker.rb

@@ -66,7 +66,7 @@ module Beskar
         when :custom
           lock_with_custom_strategy
         else
-          Rails.logger.warn "[Beskar::AccountLocker] Unknown lock strategy: #{strategy}"
+          Beskar::Logger.warn("Unknown lock strategy: #{strategy}", component: :AccountLocker)
           false
         end
 
@@ -133,7 +133,7 @@ module Beskar
       # Lock account using Devise's lockable module
       def lock_with_devise_lockable
         unless devise_lockable_available?
-          Rails.logger.warn "[Beskar::AccountLocker] Devise lockable not available for #{user.class.name}"
+          Beskar::Logger.warn("Devise lockable not available for #{user.class.name}", component: :AccountLocker)
           return false
         end
 
@@ -146,10 +146,10 @@ module Beskar
             user.update_column(:locked_at, Time.current)
           end
 
-          Rails.logger.info "[Beskar::AccountLocker] Locked account #{user.id} (#{user.class.name}) - Risk: #{risk_score}, Reason: #{reason}"
+          Beskar::Logger.info("Locked account #{user.id} (#{user.class.name}) - Risk: #{risk_score}, Reason: #{reason}", component: :AccountLocker)
           true
         rescue => e
-          Rails.logger.error "[Beskar::AccountLocker] Failed to lock account: #{e.message}"
+          Beskar::Logger.error("Failed to lock account: #{e.message}", component: :AccountLocker)
           false
         end
       end
@@ -157,16 +157,16 @@ module Beskar
       # Unlock account using Devise's lockable module
       def unlock_with_devise_lockable
         unless devise_lockable_available?
-          Rails.logger.warn "[Beskar::AccountLocker] Devise lockable not available for #{user.class.name}"
+          Beskar::Logger.warn("Devise lockable not available for #{user.class.name}", component: :AccountLocker)
           return false
         end
 
         begin
           user.unlock_access!
-          Rails.logger.info "[Beskar::AccountLocker] Unlocked account #{user.id} (#{user.class.name})"
+          Beskar::Logger.info("Unlocked account #{user.id} (#{user.class.name})", component: :AccountLocker)
           true
         rescue => e
-          Rails.logger.error "[Beskar::AccountLocker] Failed to unlock account: #{e.message}"
+          Beskar::Logger.error("Failed to unlock account: #{e.message}", component: :AccountLocker)
           false
         end
       end
@@ -178,13 +178,13 @@ module Beskar
         # 2. Checking this in authentication callbacks
         # 3. Implementing unlock logic
 
-        Rails.logger.warn "[Beskar::AccountLocker] Custom lock strategy not implemented"
+        Beskar::Logger.warn("Custom lock strategy not implemented", component: :AccountLocker)
         false
       end
 
       # Unlock using custom strategy
       def unlock_with_custom_strategy
-        Rails.logger.warn "[Beskar::AccountLocker] Custom unlock strategy not implemented"
+        Beskar::Logger.warn("Custom unlock strategy not implemented", component: :AccountLocker)
         false
       end
 
@@ -220,7 +220,7 @@ module Beskar
             }
           )
         rescue => e
-          Rails.logger.warn "[Beskar::AccountLocker] Failed to log lock event: #{e.message}"
+          Beskar::Logger.warn("Failed to log lock event: #{e.message}", component: :AccountLocker)
         end
       end
 
@@ -243,7 +243,7 @@ module Beskar
             }
           )
         rescue => e
-          Rails.logger.warn "[Beskar::AccountLocker] Failed to log unlock event: #{e.message}"
+          Beskar::Logger.warn("Failed to log unlock event: #{e.message}", component: :AccountLocker)
         end
       end
 
@@ -251,7 +251,7 @@ module Beskar
       def notify_user
         # This would integrate with ActionMailer or notification system
         # For now, just log it
-        Rails.logger.info "[Beskar::AccountLocker] User #{user.id} should be notified of account lock"
+        Beskar::Logger.info("User #{user.id} should be notified of account lock", component: :AccountLocker)
         
         # Future implementation:
         # if defined?(Beskar::AccountLockMailer)

data/lib/beskar/services/geolocation_service.rb

@@ -122,14 +122,14 @@ module Beskar
           db_path = Beskar.configuration.maxmind_city_db_path
           if File.exist?(db_path)
             @city_reader = MaxMindDB.new(db_path)
-            Rails.logger.info "[Beskar::GeolocationService] MaxMind City database loaded from #{db_path}"
+            Beskar::Logger.info("MaxMind City database loaded from #{db_path}", component: :GeolocationService)
           else
-            Rails.logger.warn "[Beskar::GeolocationService] MaxMind City database not found at #{db_path}"
+            Beskar::Logger.warn("MaxMind City database not found at #{db_path}", component: :GeolocationService)
           end
           @city_reader
         end
       rescue => e
-        Rails.logger.error "[Beskar::GeolocationService] Failed to load MaxMind City database: #{e.message}"
+        Beskar::Logger.error("Failed to load MaxMind City database: #{e.message}", component: :GeolocationService)
         nil
       end
 
@@ -178,7 +178,7 @@ module Beskar
 
         result
       rescue => e
-        Rails.logger.warn "[Beskar::GeolocationService] Failed to locate IP #{ip_address}: #{e.message}"
+        Beskar::Logger.warn("Failed to locate IP #{ip_address}: #{e.message}", component: :GeolocationService)
         unknown_location(ip_address)
       end
 
@@ -339,7 +339,7 @@ module Beskar
               result.merge!(unknown_location(ip_address).except(:ip, :provider, :private_ip))
             end
           rescue => e
-            Rails.logger.warn "[Beskar::GeolocationService] MaxMind City lookup failed for #{ip_address}: #{e.message}"
+            Beskar::Logger.warn("MaxMind City lookup failed for #{ip_address}: #{e.message}", component: :GeolocationService)
             result.merge!(unknown_location(ip_address).except(:ip, :provider, :private_ip))
           end
         else
@@ -349,7 +349,7 @@ module Beskar
 
         result
       rescue => e
-        Rails.logger.error "[Beskar::GeolocationService] MaxMind lookup failed for #{ip_address}: #{e.message}"
+        Beskar::Logger.error("MaxMind lookup failed for #{ip_address}: #{e.message}", component: :GeolocationService)
         unknown_location(ip_address)
       end
 
@@ -373,7 +373,7 @@ module Beskar
         cache_key = "#{@cache_key_prefix}:#{ip_address}"
         Rails.cache.read(cache_key)
       rescue => e
-        Rails.logger.debug "[Beskar::GeolocationService] Cache read failed: #{e.message}"
+        Beskar::Logger.debug("Cache read failed: #{e.message}", component: :GeolocationService)
         nil
       end
 
@@ -385,7 +385,7 @@ module Beskar
         cache_key = "#{@cache_key_prefix}:#{ip_address}"
         Rails.cache.write(cache_key, result, expires_in: @cache_ttl)
       rescue => e
-        Rails.logger.debug "[Beskar::GeolocationService] Cache write failed: #{e.message}"
+        Beskar::Logger.debug("Cache write failed: #{e.message}", component: :GeolocationService)
       end
     end
   end

data/lib/beskar/services/ip_whitelist.rb

@@ -16,7 +16,7 @@ module Beskar
             match_entry?(ip, entry)
           end
         rescue IPAddr::InvalidAddressError, ArgumentError => e
-          Rails.logger.warn "[Beskar::IpWhitelist] Invalid IP address: #{ip_address} - #{e.message}"
+          Beskar::Logger.warn("Invalid IP address: #{ip_address} - #{e.message}", component: :IpWhitelist)
           false
         end
 
@@ -98,7 +98,7 @@ module Beskar
               begin
                 entries[entry] = parse_entry(entry)
               rescue IPAddr::InvalidAddressError, ArgumentError => e
-                Rails.logger.warn "[Beskar::IpWhitelist] Skipping invalid entry: #{entry} - #{e.message}"
+                Beskar::Logger.warn("Skipping invalid entry: #{entry} - #{e.message}", component: :IpWhitelist)
               end
             end
             entries