veri 0.2.2 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 33fc3ba81b0ff4f44df7e5bf8e6f6e25c5c318d8b1ca02988f200bf0039d19b9
-  data.tar.gz: 1433809afa4da2090dac9c75d8e1d6a14579c3ad77ff8ae6db49a5291e708b68
+  metadata.gz: a4fcb8a0d60277a1b18a9c23114d96c19472794ee47c02d62445248ff30f16f0
+  data.tar.gz: fa8eb3f99daf00c2c7c338350f14d3014ab855923e6977581d60e376c9dc3222
 SHA512:
-  metadata.gz: 86fcd9a468d1f4fcb0c7fbe820c4e67d40a6c5e96a50bb2804141c4ad9960c5f42e0678bdd6bdf8284e9403c7d77e41fb0f756c78cf4acd019d6094aef95212a
-  data.tar.gz: e50a7bd3673bc9d806e2ed8f3e50820b75373df52720407ccf400073de0ff726ec1e8e89694369878f06b83f8cf8516fdad5ece1645dd62f0afd6ff74e36df95
+  metadata.gz: d21bba8f857717fd6e9c54b1444c23feb2f5dea73dccda0ca3d661155b6a79d2901b8f4a58717bdb28527d6e1576222688fd802da86c18e86055d301e6c2003f
+  data.tar.gz: a3547cee5d2bf4190fc95f923177da126e4f478ef8dc052d49bbdc524515be211d05ab21a0636fd373edb9b7d24b76049e7ef40bf826d667e85226da0b4ab7b1

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+## v0.3.1
+
+### Misc
+
+- Minor improvements and code cleanup
+- Relaxed dependency versions
+
+## v0.3.0
+
+### Breaking
+
+- Added account lockout feature
+
 ## v0.2.2
 
 ### Bugs

data/README.md

@@ -8,10 +8,11 @@ Veri is a cookie-based authentication library for Ruby on Rails that provides es
 **Key Features:**
 
 - Cookie-based authentication with database-stored sessions
-- Supports multiple password hashing algorithms (argon2, bcrypt, scrypt)
+- Multiple password hashing algorithms (argon2, bcrypt, scrypt)
 - Granular session management and control
-- Built-in return path handling
+- Return path handling
 - User impersonation feature
+- Account lockout functionality
 
 > ⚠️ **Development Notice**<br>
 > Veri is functional but in early development. Breaking changes may occur in minor releases until v1.0!
@@ -24,11 +25,12 @@ Veri is a cookie-based authentication library for Ruby on Rails that provides es
   - [Password Management](#password-management)
   - [Controller Integration](#controller-integration)
   - [Authentication Sessions](#authentication-sessions)
+  - [Account Lockout](#account-lockout)
   - [View Helpers](#view-helpers)
   - [Testing](#testing)
 
 **Community Resources:**
-  - [Contributing](#contributing)
+  - [Getting Help and Contributing](#getting-help-and-contributing)
   - [License](#license)
   - [Code of Conduct](#code-of-conduct)
 
@@ -108,7 +110,7 @@ end
 
 ### Authentication Methods
 
-This is a simplified example of how to use Veri's authentication methods in your controllers:
+This is a simplified example of how to use Veri's authentication methods:
 
 ```rb
 class SessionsController < ApplicationController
@@ -137,7 +139,7 @@ Available methods:
 
 - `current_user` - Returns authenticated user or `nil`
 - `logged_in?` - Returns `true` if user is authenticated
-- `log_in(user)` - Authenticates user and creates session
+- `log_in(user)` - Authenticates user and creates session, returns `true` on success or `false` if account is locked
 - `log_out` - Terminates current session
 - `return_path` - Returns path user was accessing before authentication
 - `current_session` - Returns current authentication session
@@ -249,6 +251,23 @@ Veri::Session.prune           # All sessions
 Veri::Session.prune(user)     # Specific user's sessions
 ```
 
+## Account Lockout
+
+Veri provides account lockout functionality to temporarily disable user accounts (for example, after too many failed login attempts or for security reasons).
+
+```rb
+# Lock a user account
+user.lock!
+
+# Unlock a user account
+user.unlock!
+
+# Check if account is locked
+user.locked?
+```
+
+When an account is locked, users cannot log in. If they're already logged in, their sessions will be terminated and they'll be treated as unauthenticated users.
+
 ## View Helpers
 
 Access authentication state in your views:
@@ -310,7 +329,7 @@ RSpec.configure do |config|
 end
 ```
 
-## Contributing
+## Getting Help and Contributing
 
 ### Getting Help
 Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/brownboxdev/veri/discussions) for:
@@ -330,7 +349,7 @@ Ready to contribute? You can:
 - Improve documentation
 - Add new features (please discuss first in our [discussions section](https://github.com/brownboxdev/veri/discussions))
 
-Before contributing, please read the [contributing guidelines](https://github.com/brownboxdev/veri/blob/master/CONTRIBUTING.md)
+Before contributing, please read the [contributing guidelines](https://github.com/brownboxdev/veri/blob/main/CONTRIBUTING.md)
 
 ## License
 

data/lib/generators/veri/templates/add_veri_authentication.rb.erb

@@ -2,6 +2,8 @@ class AddVeriAuthentication < ActiveRecord::Migration[<%= ActiveRecord::Migratio
   def change
     add_column <%= table_name.to_sym.inspect %>, :hashed_password, :text
     add_column <%= table_name.to_sym.inspect %>, :password_updated_at, :datetime
+    add_column <%= table_name.to_sym.inspect %>, :locked, :boolean, default: false, null: false
+    add_column <%= table_name.to_sym.inspect %>, :locked_at, :datetime
 
     create_table :veri_sessions<%= ", id: :uuid" if options[:uuid] %> do |t|
       t.string :hashed_token, null: false, index: { unique: true }

data/lib/veri/configuration.rb

@@ -11,46 +11,42 @@ module Veri
             default: :argon2,
             reader: true,
             constructor: -> (value) do
-              Veri::Inputs.process(
+              Veri::Inputs::HashingAlgorithm.new(
                 value,
-                as: :hashing_algorithm,
                 error: Veri::ConfigurationError,
                 message: "Invalid hashing algorithm `#{value.inspect}`, supported algorithms are: #{Veri::Configuration::HASHERS.keys.join(", ")}"
-              )
+              ).process
             end
     setting :inactive_session_lifetime,
             default: nil,
             reader: true,
             constructor: -> (value) do
-              Veri::Inputs.process(
+              Veri::Inputs::Duration.new(
                 value,
-                as: :duration,
                 optional: true,
                 error: Veri::ConfigurationError,
                 message: "Invalid inactive session lifetime `#{value.inspect}`, expected an instance of ActiveSupport::Duration or nil"
-              )
+              ).process
             end
     setting :total_session_lifetime,
             default: 14.days,
             reader: true,
             constructor: -> (value) do
-              Veri::Inputs.process(
+              Veri::Inputs::Duration.new(
                 value,
-                as: :duration,
                 error: Veri::ConfigurationError,
                 message: "Invalid total session lifetime `#{value.inspect}`, expected an instance of ActiveSupport::Duration"
-              )
+              ).process
             end
     setting :user_model_name,
             default: "User",
             reader: true,
             constructor: -> (value) do
-              Veri::Inputs.process(
+              Veri::Inputs::NonEmptyString.new(
                 value,
-                as: :non_empty_string,
                 error: Veri::ConfigurationError,
                 message: "Invalid user model name `#{value.inspect}`, expected an ActiveRecord model name as a string"
-              )
+              ).process
             end
 
     HASHERS = {
@@ -64,12 +60,11 @@ module Veri
     end
 
     def user_model
-      Veri::Inputs.process(
+      Veri::Inputs::Model.new(
         user_model_name,
-        as: :model,
         error: Veri::ConfigurationError,
         message: "Invalid user model name `#{user_model_name}`, expected an ActiveRecord model name as a string"
-      )
+      ).process
     end
   end
 end

data/lib/veri/controllers/concerns/authentication.rb

@@ -34,13 +34,16 @@ module Veri
     end
 
     def log_in(authenticatable)
-      processed_authenticatable = Veri::Inputs.process(
+      processed_authenticatable = Veri::Inputs::Authenticatable.new(
         authenticatable,
-        as: :authenticatable,
         message: "Expected an instance of #{Veri::Configuration.user_model_name}, got `#{authenticatable.inspect}`"
-      )
+      ).process
+
+      return false if processed_authenticatable.locked?
+
       token = Veri::Session.establish(processed_authenticatable, request)
       cookies.encrypted.permanent[:veri_token] = { value: token, httponly: true }
+      true
     end
 
     def log_out
@@ -63,9 +66,18 @@ module Veri
     private
 
     def with_authentication
-      current_session.update_info(request) and return if logged_in? && current_session.active?
+      if logged_in? && current_session.active?
+        if current_user.locked?
+          log_out
+          when_unauthenticated
+        else
+          current_session.update_info(request)
+        end
+
+        return
+      end
 
-      current_session&.terminate
+      log_out
 
       cookies.signed[:veri_return_path] = { value: request.fullpath, expires: 15.minutes.from_now } if request.get? && request.format.html?
 

data/lib/veri/inputs/authenticatable.rb

@@ -0,0 +1,9 @@
+module Veri
+  module Inputs
+    class Authenticatable < Veri::Inputs::Base
+      private
+
+      def type = -> { self.class::Instance(Veri::Configuration.user_model) }
+    end
+  end
+end

data/lib/veri/inputs/base.rb

@@ -0,0 +1,33 @@
+require "dry-types"
+
+module Veri
+  module Inputs
+    class Base
+      include Dry.Types()
+
+      def initialize(value, optional: false, error: Veri::InvalidArgumentError, message: nil)
+        @value = value
+        @optional = optional
+        @error = error
+        @message = message
+      end
+
+      def process
+        type_checker = @optional ? type.call.optional : type.call
+        type_checker[@value]
+      rescue Dry::Types::CoercionError
+        raise_error
+      end
+
+      private
+
+      def type
+        raise NotImplementedError
+      end
+
+      def raise_error
+        raise @error, @message
+      end
+    end
+  end
+end

data/lib/veri/inputs/duration.rb

@@ -0,0 +1,9 @@
+module Veri
+  module Inputs
+    class Duration < Veri::Inputs::Base
+      private
+
+      def type = -> { self.class::Instance(ActiveSupport::Duration) }
+    end
+  end
+end

data/lib/veri/inputs/hashing_algorithm.rb

@@ -0,0 +1,9 @@
+module Veri
+  module Inputs
+    class HashingAlgorithm < Veri::Inputs::Base
+      private
+
+      def type = -> { self.class::Strict::Symbol.enum(:argon2, :bcrypt, :scrypt) }
+    end
+  end
+end

data/lib/veri/inputs/model.rb

@@ -0,0 +1,9 @@
+module Veri
+  module Inputs
+    class Model < Veri::Inputs::Base
+      private
+
+      def type = -> { self.class::Strict::Class.constructor { _1.try(:safe_constantize) }.constrained(lt: ActiveRecord::Base) }
+    end
+  end
+end

data/lib/veri/inputs/non_empty_string.rb

@@ -0,0 +1,9 @@
+module Veri
+  module Inputs
+    class NonEmptyString < Veri::Inputs::Base
+      private
+
+      def type = -> { self.class::Strict::String.constrained(min_size: 1) }
+    end
+  end
+end

data/lib/veri/models/concerns/authenticatable.rb

@@ -13,11 +13,7 @@ module Veri
     def update_password(password)
       update!(
         hashed_password: hasher.create(
-          Veri::Inputs.process(
-            password,
-            as: :non_empty_string,
-            message: "Expected a non-empty string, got `#{password.inspect}`"
-          )
+          Veri::Inputs::NonEmptyString.new(password, message: "Expected a non-empty string, got `#{password.inspect}`").process
         ),
         password_updated_at: Time.current
       )
@@ -25,15 +21,19 @@ module Veri
 
     def verify_password(password)
       hasher.verify(
-        Veri::Inputs.process(
-          password,
-          as: :non_empty_string,
-          message: "Expected a non-empty string, got `#{password.inspect}`"
-        ),
+        Veri::Inputs::NonEmptyString.new(password, message: "Expected a non-empty string, got `#{password.inspect}`").process,
         hashed_password
       )
     end
 
+    def lock!
+      update!(locked: true, locked_at: Time.current)
+    end
+
+    def unlock!
+      update!(locked: false, locked_at: nil)
+    end
+
     private
 
     def hasher

data/lib/veri/models/session.rb

@@ -26,12 +26,10 @@ module Veri
     alias terminate delete
 
     def update_info(request)
-      processed_request = Veri::Inputs.process(request, as: :request, error: Veri::Error)
-
       update!(
         last_seen_at: Time.current,
-        ip_address: processed_request.remote_ip,
-        user_agent: processed_request.user_agent
+        ip_address: request.remote_ip,
+        user_agent: request.user_agent
       )
     end
 
@@ -55,11 +53,10 @@ module Veri
       update!(
         shapeshifted_at: Time.current,
         original_authenticatable: authenticatable,
-        authenticatable: Veri::Inputs.process(
+        authenticatable: Veri::Inputs::Authenticatable.new(
           user,
-          as: :authenticatable,
           message: "Expected an instance of #{Veri::Configuration.user_model_name}, got `#{user.inspect}`"
-        )
+        ).process
       )
     end
 
@@ -79,10 +76,8 @@ module Veri
         new(
           hashed_token: Digest::SHA256.hexdigest(token),
           expires_at:,
-          authenticatable: Veri::Inputs.process(user, as: :authenticatable, error: Veri::Error)
-        ).update_info(
-          Veri::Inputs.process(request, as: :request, error: Veri::Error)
-        )
+          authenticatable: Veri::Inputs::Authenticatable.new(user, error: Veri::Error).process
+        ).update_info(request)
 
         token
       end
@@ -90,12 +85,11 @@ module Veri
       def prune(user = nil)
         scope = if user
                   where(
-                    authenticatable: Veri::Inputs.process(
+                    authenticatable: Veri::Inputs::Authenticatable.new(
                       user,
-                      as: :authenticatable,
                       optional: true,
                       message: "Expected an instance of #{Veri::Configuration.user_model_name} or nil, got `#{user.inspect}`"
-                    )
+                    ).process
                   )
                 else
                   all
@@ -112,11 +106,10 @@ module Veri
       end
 
       def terminate_all(user)
-        Veri::Inputs.process(
+        Veri::Inputs::Authenticatable.new(
           user,
-          as: :authenticatable,
           message: "Expected an instance of #{Veri::Configuration.user_model_name}, got `#{user.inspect}`"
-        ).veri_sessions.delete_all
+        ).process.veri_sessions.delete_all
       end
     end
   end

data/lib/veri/version.rb

@@ -1,3 +1,3 @@
 module Veri
-  VERSION = "0.2.2".freeze
+  VERSION = "0.3.1".freeze
 end

data/lib/veri.rb

@@ -7,13 +7,18 @@ require_relative "veri/password/argon2"
 require_relative "veri/password/bcrypt"
 require_relative "veri/password/scrypt"
 
-require_relative "veri/inputs"
+require_relative "veri/inputs/base"
+require_relative "veri/inputs/authenticatable"
+require_relative "veri/inputs/duration"
+require_relative "veri/inputs/hashing_algorithm"
+require_relative "veri/inputs/model"
+require_relative "veri/inputs/non_empty_string"
 require_relative "veri/configuration"
 
 module Veri
   class Error < StandardError; end
-  class ConfigurationError < Veri::Error; end
   class InvalidArgumentError < Veri::Error; end
+  class ConfigurationError < Veri::InvalidArgumentError; end
 
   delegate :configure, to: Veri::Configuration
   module_function :configure

data/veri.gemspec

@@ -21,8 +21,8 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "argon2", "~> 2.0"
   spec.add_dependency "bcrypt", "~> 3.0"
-  spec.add_dependency "dry-configurable", "~> 1.3"
-  spec.add_dependency "dry-types", "~> 1.8"
+  spec.add_dependency "dry-configurable", "~> 1.1"
+  spec.add_dependency "dry-types", "~> 1.7"
   spec.add_dependency "rails", ">= 7.1", "< 8.1"
   spec.add_dependency "scrypt", "~> 3.0"
   spec.add_dependency "user_agent_parser", "~> 2.0"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: veri
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.1
 platform: ruby
 authors:
 - enjaku4
@@ -43,28 +43,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.1'
 - !ruby/object:Gem::Dependency
   name: dry-types
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -125,7 +125,12 @@ files:
 - lib/veri.rb
 - lib/veri/configuration.rb
 - lib/veri/controllers/concerns/authentication.rb
-- lib/veri/inputs.rb
+- lib/veri/inputs/authenticatable.rb
+- lib/veri/inputs/base.rb
+- lib/veri/inputs/duration.rb
+- lib/veri/inputs/hashing_algorithm.rb
+- lib/veri/inputs/model.rb
+- lib/veri/inputs/non_empty_string.rb
 - lib/veri/models/concerns/authenticatable.rb
 - lib/veri/models/session.rb
 - lib/veri/password/argon2.rb
@@ -159,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.7.1
 specification_version: 4
 summary: Minimal cookie-based authentication library for Ruby on Rails
 test_files: []

data/lib/veri/inputs.rb

@@ -1,31 +0,0 @@
-require "dry-types"
-
-module Veri
-  module Inputs
-    extend self
-
-    include Dry.Types()
-
-    TYPES = {
-      hashing_algorithm: -> { self::Strict::Symbol.enum(:argon2, :bcrypt, :scrypt) },
-      duration: -> { self::Instance(ActiveSupport::Duration) },
-      non_empty_string: -> { self::Strict::String.constrained(min_size: 1) },
-      model: -> { self::Strict::Class.constructor { _1.try(:safe_constantize) || _1 }.constrained(lt: ActiveRecord::Base) },
-      authenticatable: -> { self::Instance(Veri::Configuration.user_model) },
-      request: -> { self::Instance(ActionDispatch::Request) }
-    }.freeze
-
-    def process(value, as:, optional: false, error: Veri::InvalidArgumentError, message: nil)
-      checker = type_for(as)
-      checker = checker.optional if optional
-
-      checker[value]
-    rescue Dry::Types::CoercionError => e
-      raise error, message || e.message
-    end
-
-    private
-
-    def type_for(name) = Veri::Inputs::TYPES.fetch(name).call
-  end
-end