RubyGems - veri - Versions diffs - 0.3.1 → 0.4.0 - Mend

veri 0.3.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +15 -0
data/README.md +118 -24
data/lib/generators/veri/templates/add_veri_authentication.rb.erb +1 -0
data/lib/veri/controllers/concerns/authentication.rb +24 -7
data/lib/veri/helpers/migration_helpers.rb +20 -0
data/lib/veri/inputs/tenant.rb +33 -0
data/lib/veri/models/concerns/authenticatable.rb +4 -1
data/lib/veri/models/session.rb +35 -26
data/lib/veri/railtie.rb +14 -0
data/lib/veri/version.rb +1 -1
data/lib/veri.rb +3 -0
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a4fcb8a0d60277a1b18a9c23114d96c19472794ee47c02d62445248ff30f16f0
-  data.tar.gz: fa8eb3f99daf00c2c7c338350f14d3014ab855923e6977581d60e376c9dc3222
+  metadata.gz: 85a6c779bd69de4d11430630c142f8e5e12e3574d7828f740abc19f0e51d291f
+  data.tar.gz: 0def50b534c6d728230ec7543fe6a007a518f9abe47e9c0d93aac45e7eb2f59f
 SHA512:
-  metadata.gz: d21bba8f857717fd6e9c54b1444c23feb2f5dea73dccda0ca3d661155b6a79d2901b8f4a58717bdb28527d6e1576222688fd802da86c18e86055d301e6c2003f
-  data.tar.gz: a3547cee5d2bf4190fc95f923177da126e4f478ef8dc052d49bbdc524515be211d05ab21a0636fd373edb9b7d24b76049e7ef40bf826d667e85226da0b4ab7b1
+  metadata.gz: 714985726d7e5d04f55dbb1b94a73110a64ed1cb2853f565ddefda540cb13393969a1c4c3ec91e7de310822224dd844031d7d6b0cf57bd3b537c36da5bb6d55b
+  data.tar.gz: 7f2070d1f1da0260a8061b8abcff5a625245e4388f593d14a6edbdc8c8b496a3b55b5525bfda7a9abaae6bd91ffb218cb0d707d888f14114981c536d99a85e90

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,18 @@
+## v0.4.0
+### Breaking
+- Changed `veri_sessions` table to support multi-tenancy
+- Renamed `revert_to_true_identity` session method to `to_true_identity`
+- Session method `prune` no longer accepts a user argument
+- Session method `terminate_all` no longer accepts a user argument
+### Features
+- Added multi-tenancy support
+- Added session scopes to fetch active, expired, and inactive sessions
+- Added user scopes to fetch locked and unlocked users
 ## v0.3.1
 ### Misc

data/README.md CHANGED Viewed

@@ -13,6 +13,7 @@ Veri is a cookie-based authentication library for Ruby on Rails that provides es
 - Return path handling
 - User impersonation feature
 - Account lockout functionality
+- Multi-tenancy support
 > ⚠️ **Development Notice**<br>
 > Veri is functional but in early development. Breaking changes may occur in minor releases until v1.0!
@@ -26,6 +27,7 @@ Veri is a cookie-based authentication library for Ruby on Rails that provides es
   - [Controller Integration](#controller-integration)
   - [Authentication Sessions](#authentication-sessions)
   - [Account Lockout](#account-lockout)
+  - [Multi-Tenancy](#multi-tenancy)
   - [View Helpers](#view-helpers)
   - [Testing](#testing)
@@ -84,10 +86,10 @@ Your user model is automatically extended with password management methods:
 ```rb
 # Set or update a password
-user.update_password("new_password")
+user.update_password("password")
 # Verify a password
-user.verify_password("submitted_password")
+user.verify_password("password")
 ```
 ## Controller Integration
@@ -135,14 +137,27 @@ class SessionsController < ApplicationController
 end
 ```
-Available methods:
+Available controller methods:
-- `current_user` - Returns authenticated user or `nil`
-- `logged_in?` - Returns `true` if user is authenticated
-- `log_in(user)` - Authenticates user and creates session, returns `true` on success or `false` if account is locked
-- `log_out` - Terminates current session
-- `return_path` - Returns path user was accessing before authentication
-- `current_session` - Returns current authentication session
+```rb
+# Returns authenticated user or nil
+current_user
+# Returns true if user is authenticated
+logged_in?
+# Authenticates user and creates session, returns true on success or false if account is locked
+log_in(user)
+# Terminates current session
+log_out
+# Returns path user was trying to access before authentication, if any
+return_path
+# Returns current authentication session
+current_session
+```
 ### User Impersonation (Shapeshifting)
@@ -159,7 +174,7 @@ module Admin
     def destroy
       original_user = current_session.true_identity
-      current_session.revert_to_true_identity
+      current_session.to_true_identity
       redirect_to admin_dashboard_path, notice: "Returned to #{original_user.name}"
     end
   end
@@ -168,14 +183,26 @@ end
 Available session methods:
-- `shapeshift(user)` - Assume another user's identity (maintains original identity)
-- `revert_to_true_identity` - Return to original identity
-- `shapeshifted?` - Returns true if currently shapeshifted
-- `true_identity` - Returns original user when shapeshifted, otherwise current user
+```rb
+# Assume another user's identity (maintains original identity)
+session.shapeshift(user)
+# Return to original identity
+session.to_true_identity
+# Returns true if currently shapeshifted
+session.shapeshifted?
+# Returns original user when shapeshifted, otherwise current user
+session.true_identity
+```
 Controller helper:
-- `shapeshifter?` - Returns true if the current session is shapeshifted
+```rb
+# Returns true if the current session is shapeshifted
+shapeshifter?
+```
 ### When unauthenticated
@@ -208,7 +235,7 @@ Veri stores authentication sessions in the database, providing session managemen
 ```rb
 # Get all sessions for a user
-user.veri_sessions
+user.sessions
 # Get current session in controller
 current_session
@@ -219,6 +246,7 @@ current_session
 ```rb
 session.identity
 # => authenticated user
 session.info
 # => {
 #   device: "Desktop",
@@ -232,9 +260,23 @@ session.info
 ### Session Status
 ```rb
-session.active?     # Session is active (neither expired nor inactive)
-session.inactive?   # Session exceeded inactivity timeout
-session.expired?    # Session exceeded maximum lifetime
+# Session is active (neither expired nor inactive)
+session.active?
+# Session exceeded inactivity timeout
+session.inactive?
+# Session exceeded maximum lifetime
+session.expired?
+# Fetch active sessions
+Veri::Session.active
+# Fetch inactive sessions
+Veri::Session.inactive
+# Fetch expired sessions
+Veri::Session.expired
 ```
 ### Session Management
@@ -243,12 +285,11 @@ session.expired?    # Session exceeded maximum lifetime
 # Terminate a specific session
 session.terminate
-# Terminate all sessions for a user
-Veri::Session.terminate_all(user)
+# Terminate all sessions
+Veri::Session.terminate_all
 # Clean up expired/inactive sessions
-Veri::Session.prune           # All sessions
-Veri::Session.prune(user)     # Specific user's sessions
+Veri::Session.prune
 ```
 ## Account Lockout
@@ -264,9 +305,62 @@ user.unlock!
 # Check if account is locked
 user.locked?
+# Fetch locked users
+User.locked
+# Fetch unlocked users
+User.unlocked
 ```
-When an account is locked, users cannot log in. If they're already logged in, their sessions will be terminated and they'll be treated as unauthenticated users.
+When an account is locked, the user cannot log in. If the user is already logged in, their sessions will be terminated, and they will be treated as an unauthenticated user.
+## Multi-Tenancy
+Veri supports multi-tenancy, allowing you to isolate authentication sessions between different tenants (e.g., organizations, clients, or subdomains).
+### Setting Up Multi-Tenancy
+To enable multi-tenancy, override `current_tenant` method:
+```rb
+class ApplicationController < ActionController::Base
+  include Veri::Authentication
+  with_authentication
+  private
+  def current_tenant
+    # Option 1: String-based tenancy (e.g., subdomain)
+    request.subdomain
+    # Option 2: Model-based tenancy (e.g., organization)
+    # Company.find_by(subdomain: request.subdomain)
+  end
+end
+```
+### Session Tenant Access
+Sessions expose their tenant through `tenant` method:
+```rb
+# Returns the tenant (string, model instance, or nil in single-tenant applications)
+session.tenant
+```
+### Migration Helpers
+Handle tenant changes when models are renamed or removed. These are irreversible data migrations.
+```rb
+# Rename a tenant class (e.g., when you rename your Organization model to Company)
+migrate_authentication_tenant!("Organization", "Company")
+# Remove orphaned tenant data (e.g., when you delete the Organization model entirely)
+delete_authentication_tenant!("Organization")
+```
 ## View Helpers

data/lib/generators/veri/templates/add_veri_authentication.rb.erb CHANGED Viewed

@@ -10,6 +10,7 @@ class AddVeriAuthentication < ActiveRecord::Migration[<%= ActiveRecord::Migratio
       t.datetime :expires_at, null: false
       t.belongs_to :authenticatable, null: false, foreign_key: { to_table: <%= table_name.to_sym.inspect %> }, index: true<%= ", type: :uuid" if options[:uuid] %>
       t.belongs_to :original_authenticatable, foreign_key: { to_table: <%= table_name.to_sym.inspect %> }, index: true<%= ", type: :uuid" if options[:uuid] %>
+      t.belongs_to :tenant, polymorphic: true, index: true<%= ", type: :uuid" if options[:uuid] %>
       t.datetime :shapeshifted_at
       t.datetime :last_seen_at, null: false
       t.string :ip_address

data/lib/veri/controllers/concerns/authentication.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require "digest/sha2"
 module Veri
   module Authentication
     extend ActiveSupport::Concern
@@ -29,8 +31,8 @@ module Veri
     end
     def current_session
-      token = cookies.encrypted[:veri_token]
-      @current_session ||= token ? Session.find_by(hashed_token: Digest::SHA256.hexdigest(token)) : nil
+      token = cookies.encrypted["#{auth_cookie_prefix}_token"]
+      @current_session ||= token ? Session.find_by(hashed_token: Digest::SHA256.hexdigest(token), **resolved_tenant) : nil
     end
     def log_in(authenticatable)
@@ -41,14 +43,15 @@ module Veri
       return false if processed_authenticatable.locked?
-      token = Veri::Session.establish(processed_authenticatable, request)
-      cookies.encrypted.permanent[:veri_token] = { value: token, httponly: true }
+      token = Veri::Session.establish(processed_authenticatable, request, resolved_tenant)
+      cookies.encrypted.permanent["#{auth_cookie_prefix}_token"] = { value: token, httponly: true }
       true
     end
     def log_out
       current_session&.terminate
-      cookies.delete(:veri_token)
+      cookies.delete("#{auth_cookie_prefix}_token")
     end
     def logged_in?
@@ -56,7 +59,7 @@ module Veri
     end
     def return_path
-      cookies.signed[:veri_return_path]
+      cookies.signed["#{auth_cookie_prefix}_return_path"]
     end
     def shapeshifter?
@@ -79,7 +82,7 @@ module Veri
       log_out
-      cookies.signed[:veri_return_path] = { value: request.fullpath, expires: 15.minutes.from_now } if request.get? && request.format.html?
+      cookies.signed["#{auth_cookie_prefix}_return_path"] = { value: request.fullpath, expires: 15.minutes.from_now } if request.get? && request.format.html?
       when_unauthenticated
     end
@@ -87,5 +90,19 @@ module Veri
     def when_unauthenticated
       request.format.html? ? redirect_back(fallback_location: root_path) : head(:unauthorized)
     end
+    def current_tenant = nil
+    def resolved_tenant
+      @resolved_tenant ||= Veri::Inputs::Tenant.new(
+        current_tenant,
+        error: Veri::InvalidTenantError,
+        message: "Expected a string, an ActiveRecord model instance, or nil, got `#{current_tenant.inspect}`"
+      ).resolve
+    end
+    def auth_cookie_prefix
+      @auth_cookie_prefix ||= "auth_#{Digest::SHA2.hexdigest(Marshal.dump(resolved_tenant))[0..7]}"
+    end
   end
 end

data/lib/veri/helpers/migration_helpers.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module Veri
+  module MigrationHelpers
+    def migrate_authentication_tenant!(old_tenant, new_tenant)
+      sessions = Veri::Session.where(tenant_type: old_tenant.to_s)
+      raise Veri::InvalidArgumentError, "No sessions exist in tenant #{old_tenant.inspect}" unless sessions.exists?
+      raise Veri::InvalidArgumentError, "Cannot migrate tenant to #{new_tenant.inspect}: class does not exist" unless new_tenant.to_s.safe_constantize
+      sessions.update_all(tenant_type: new_tenant.to_s)
+    end
+    def delete_authentication_tenant!(tenant)
+      sessions = Veri::Session.where(tenant_type: tenant.to_s)
+      raise Veri::InvalidArgumentError, "No sessions exist in tenant #{tenant.inspect}" unless sessions.exists?
+      sessions.delete_all
+    end
+  end
+end

data/lib/veri/inputs/tenant.rb ADDED Viewed

@@ -0,0 +1,33 @@
+module Veri
+  module Inputs
+    class Tenant < Base
+      def resolve
+        case tenant = process
+        when nil
+          { tenant_type: nil, tenant_id: nil }
+        when String
+          { tenant_type: tenant.to_s, tenant_id: nil }
+        when ActiveRecord::Base
+          raise_error unless tenant.persisted?
+          { tenant_type: tenant.class.to_s, tenant_id: tenant.public_send(tenant.class.primary_key) }
+        else
+          tenant
+        end
+      end
+      private
+      def type
+        -> {
+          self.class::Strict::String.constrained(min_size: 1) |
+            self.class::Instance(ActiveRecord::Base) |
+            self.class::Hash.schema(
+              tenant_type: self.class::Strict::String | self.class::Nil,
+              tenant_id: self.class::Strict::String | self.class::Strict::Integer | self.class::Nil
+            ) |
+            self.class::Nil
+        }
+      end
+    end
+  end
+end

data/lib/veri/models/concerns/authenticatable.rb CHANGED Viewed

@@ -7,7 +7,10 @@ module Veri
       @@included = name
-      has_many :veri_sessions, class_name: "Veri::Session", foreign_key: :authenticatable_id, dependent: :destroy
+      has_many :sessions, class_name: "Veri::Session", foreign_key: :authenticatable_id, dependent: :destroy
+      scope :locked, -> { where(locked: true) }
+      scope :unlocked, -> { where(locked: false) }
     end
     def update_password(password)

data/lib/veri/models/session.rb CHANGED Viewed

@@ -4,10 +4,16 @@ module Veri
   class Session < ActiveRecord::Base
     self.table_name = "veri_sessions"
-    # rubocop:disable Rails/ReflectionClassName
     belongs_to :authenticatable, class_name: Veri::Configuration.user_model_name
     belongs_to :original_authenticatable, class_name: Veri::Configuration.user_model_name, optional: true
-    # rubocop:enable Rails/ReflectionClassName
+    belongs_to :tenant, polymorphic: true, optional: true
+    scope :active, -> { where.not(id: expired.select(:id)).where.not(id: inactive.select(:id)) }
+    scope :expired, -> { where(expires_at: ...Time.current) }
+    scope :inactive, -> do
+      inactive_session_lifetime = Veri::Configuration.inactive_session_lifetime
+      inactive_session_lifetime ? where(last_seen_at: ...(Time.current - inactive_session_lifetime)) : none
+    end
     def active? = !expired? && !inactive?
@@ -60,7 +66,7 @@ module Veri
       )
     end
-    def revert_to_true_identity
+    def to_true_identity
       update!(
         shapeshifted_at: nil,
         authenticatable: original_authenticatable,
@@ -68,49 +74,52 @@ module Veri
       )
     end
+    def tenant
+      return tenant_type if tenant_type.present? && tenant_id.blank?
+      record = super
+      raise ActiveRecord::RecordNotFound.new(nil, tenant_type, nil, tenant_id) if tenant_id.present? && !record
+      record
+    end
     class << self
-      def establish(user, request)
+      def establish(user, request, resolved_tenant)
         token = SecureRandom.hex(32)
         expires_at = Time.current + Veri::Configuration.total_session_lifetime
         new(
           hashed_token: Digest::SHA256.hexdigest(token),
           expires_at:,
-          authenticatable: Veri::Inputs::Authenticatable.new(user, error: Veri::Error).process
+          authenticatable: user,
+          **resolved_tenant
         ).update_info(request)
         token
       end
-      def prune(user = nil)
-        scope = if user
-                  where(
-                    authenticatable: Veri::Inputs::Authenticatable.new(
-                      user,
-                      optional: true,
-                      message: "Expected an instance of #{Veri::Configuration.user_model_name} or nil, got `#{user.inspect}`"
-                    ).process
-                  )
-                else
-                  all
-                end
-        expired_scope = scope.where(expires_at: ...Time.current)
+      def prune
+        expired_scope = where(expires_at: ...Time.current)
         if Veri::Configuration.inactive_session_lifetime
           inactive_cutoff = Time.current - Veri::Configuration.inactive_session_lifetime
-          expired_scope = expired_scope.or(scope.where(last_seen_at: ...inactive_cutoff))
+          expired_scope = expired_scope.or(where(last_seen_at: ...inactive_cutoff))
         end
         expired_scope.delete_all
-      end
-      def terminate_all(user)
-        Veri::Inputs::Authenticatable.new(
-          user,
-          message: "Expected an instance of #{Veri::Configuration.user_model_name}, got `#{user.inspect}`"
-        ).process.veri_sessions.delete_all
+        ids = where.not(tenant_id: nil).includes(:tenant).filter_map do |session|
+          session.tenant
+          nil
+        rescue ActiveRecord::RecordNotFound
+          session.id
+        end
+        where(id: ids).delete_all if ids.any?
       end
+      alias terminate_all delete_all
     end
   end
 end

data/lib/veri/railtie.rb CHANGED Viewed

@@ -4,9 +4,23 @@ module Veri
   class Railtie < Rails::Railtie
     initializer "veri.to_prepare" do |app|
       app.config.to_prepare do
+        if ActiveRecord::Base.connection.data_source_exists?("veri_sessions")
+          Veri::Session.where.not(tenant_id: nil).distinct.pluck(:tenant_type).each do |tenant_class|
+            tenant_class.constantize
+          rescue NameError => e
+            raise Veri::Error, "Tenant not found: class `#{e.name}` may have been renamed or deleted"
+          end
+        end
         user_model = Veri::Configuration.user_model
         user_model.include Veri::Authenticatable unless user_model < Veri::Authenticatable
       end
     end
+    initializer "veri.extend_migration_helpers" do
+      ActiveSupport.on_load :active_record do
+        ActiveRecord::Migration.include Veri::MigrationHelpers
+      end
+    end
   end
 end

data/lib/veri/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Veri
-  VERSION = "0.3.1".freeze
+  VERSION = "0.4.0".freeze
 end

data/lib/veri.rb CHANGED Viewed

@@ -13,12 +13,14 @@ require_relative "veri/inputs/duration"
 require_relative "veri/inputs/hashing_algorithm"
 require_relative "veri/inputs/model"
 require_relative "veri/inputs/non_empty_string"
+require_relative "veri/inputs/tenant"
 require_relative "veri/configuration"
 module Veri
   class Error < StandardError; end
   class InvalidArgumentError < Veri::Error; end
   class ConfigurationError < Veri::InvalidArgumentError; end
+  class InvalidTenantError < Veri::InvalidArgumentError; end
   delegate :configure, to: Veri::Configuration
   module_function :configure
@@ -27,5 +29,6 @@ end
 require_relative "veri/models/session"
 require_relative "veri/controllers/concerns/authentication"
 require_relative "veri/models/concerns/authenticatable"
+require_relative "veri/helpers/migration_helpers"
 require_relative "veri/railtie"

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: veri
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - enjaku4
@@ -125,12 +125,14 @@ files:
 - lib/veri.rb
 - lib/veri/configuration.rb
 - lib/veri/controllers/concerns/authentication.rb
+- lib/veri/helpers/migration_helpers.rb
 - lib/veri/inputs/authenticatable.rb
 - lib/veri/inputs/base.rb
 - lib/veri/inputs/duration.rb
 - lib/veri/inputs/hashing_algorithm.rb
 - lib/veri/inputs/model.rb
 - lib/veri/inputs/non_empty_string.rb
+- lib/veri/inputs/tenant.rb
 - lib/veri/models/concerns/authenticatable.rb
 - lib/veri/models/session.rb
 - lib/veri/password/argon2.rb
@@ -164,7 +166,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.1
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Minimal cookie-based authentication library for Ruby on Rails
 test_files: []