veri 0.3.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a4fcb8a0d60277a1b18a9c23114d96c19472794ee47c02d62445248ff30f16f0
-  data.tar.gz: fa8eb3f99daf00c2c7c338350f14d3014ab855923e6977581d60e376c9dc3222
+  metadata.gz: c4434399cb0f0e3081ff2ccb8e72df12623e74f6f2cd43f318d50ae483845be6
+  data.tar.gz: 194dec0866793d8f2bc906d2830f8c9a4fb37e7d8a5c7f5c58bec7d0631abc51
 SHA512:
-  metadata.gz: d21bba8f857717fd6e9c54b1444c23feb2f5dea73dccda0ca3d661155b6a79d2901b8f4a58717bdb28527d6e1576222688fd802da86c18e86055d301e6c2003f
-  data.tar.gz: a3547cee5d2bf4190fc95f923177da126e4f478ef8dc052d49bbdc524515be211d05ab21a0636fd373edb9b7d24b76049e7ef40bf826d667e85226da0b4ab7b1
+  metadata.gz: 2e5dbe8a582d077ef157f8c16d3ec5c21ac24b501e323ed4bf11f577fe436900dffdc1a40814011c78f969962c97ca0b931cd5684253578ecb4804b994016dca
+  data.tar.gz: ba78fb8d71fd4dffdb527add9759f56d84ca9772535897d356f4a4a9f1302f149d3533355e8a86a518b09f179c638313dcdf2b9932c82fd7e8a427457a1b3111

data/CHANGELOG.md

@@ -1,3 +1,32 @@
+## v1.0.0
+
+### Breaking
+
+- Dropped support for Rails 7.1
+
+### Features
+
+- Added support for pbkdf2 password hashing algorithm
+
+### Bugs
+
+- Fixed error raised on Rails console commands when the database was not yet set up
+
+## v0.4.0
+
+### Breaking
+
+- Changed `veri_sessions` table to support multi-tenancy
+- Renamed `revert_to_true_identity` session method to `to_true_identity`
+- Session method `prune` no longer accepts a user argument
+- Session method `terminate_all` no longer accepts a user argument
+
+### Features
+
+- Added multi-tenancy support
+- Added session scopes to fetch active, expired, and inactive sessions
+- Added user scopes to fetch locked and unlocked users
+
 ## v0.3.1
 
 ### Misc

data/README.md

@@ -1,21 +1,19 @@
 # Veri: Minimal Authentication Framework for Rails
 
 [![Gem Version](https://badge.fury.io/rb/veri.svg)](http://badge.fury.io/rb/veri)
-[![Github Actions badge](https://github.com/brownboxdev/veri/actions/workflows/ci.yml/badge.svg)](https://github.com/brownboxdev/veri/actions/workflows/ci.yml)
+[![Github Actions badge](https://github.com/enjaku4/veri/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/veri/actions/workflows/ci.yml)
 
 Veri is a cookie-based authentication library for Ruby on Rails that provides essential authentication building blocks without imposing business logic. Unlike full-featured solutions, Veri gives you complete control over your authentication flow while handling the complex underlying mechanics of secure password storage and session management.
 
 **Key Features:**
 
 - Cookie-based authentication with database-stored sessions
-- Multiple password hashing algorithms (argon2, bcrypt, scrypt)
+- Multiple password hashing algorithms (argon2, bcrypt, pbkdf2, scrypt)
 - Granular session management and control
 - Return path handling
 - User impersonation feature
 - Account lockout functionality
-
-> ⚠️ **Development Notice**<br>
-> Veri is functional but in early development. Breaking changes may occur in minor releases until v1.0!
+- Multi-tenancy support
 
 ## Table of Contents
 
@@ -26,6 +24,7 @@ Veri is a cookie-based authentication library for Ruby on Rails that provides es
   - [Controller Integration](#controller-integration)
   - [Authentication Sessions](#authentication-sessions)
   - [Account Lockout](#account-lockout)
+  - [Multi-Tenancy](#multi-tenancy)
   - [View Helpers](#view-helpers)
   - [Testing](#testing)
 
@@ -71,7 +70,7 @@ If customization is required, configure Veri in an initializer:
 ```rb
 # These are the default values; you can change them as needed
 Veri.configure do |config|
-  config.hashing_algorithm = :argon2       # Password hashing algorithm (:argon2, :bcrypt, or :scrypt)
+  config.hashing_algorithm = :argon2       # Password hashing algorithm (:argon2, :bcrypt, :pbkdf2, or :scrypt)
   config.inactive_session_lifetime = nil   # Session inactivity timeout (nil means sessions never expire due to inactivity)
   config.total_session_lifetime = 14.days  # Maximum session duration regardless of activity
   config.user_model_name = "User"          # Your user model name
@@ -84,10 +83,10 @@ Your user model is automatically extended with password management methods:
 
 ```rb
 # Set or update a password
-user.update_password("new_password")
+user.update_password("password")
 
 # Verify a password
-user.verify_password("submitted_password")
+user.verify_password("password")
 ```
 
 ## Controller Integration
@@ -113,6 +112,22 @@ end
 This is a simplified example of how to use Veri's authentication methods:
 
 ```rb
+class RegistrationsController < ApplicationController
+  skip_authentication
+
+  def create
+    user = User.new(user_params)
+
+    if user.valid?
+      user.update_password(user_params[:password])
+      log_in(user)
+      redirect_to dashboard_path
+    else
+      render :new, status: :unprocessable_content
+    end
+  end
+end
+
 class SessionsController < ApplicationController
   skip_authentication except: [:destroy]
 
@@ -124,7 +139,7 @@ class SessionsController < ApplicationController
       redirect_to return_path || dashboard_path
     else
       flash.now[:alert] = "Invalid credentials"
-      render :new, status: :unprocessable_entity
+      render :new, status: :unprocessable_content
     end
   end
 
@@ -135,14 +150,27 @@ class SessionsController < ApplicationController
 end
 ```
 
-Available methods:
+Available controller methods:
+
+```rb
+# Returns authenticated user or nil
+current_user
+
+# Returns true if user is authenticated
+logged_in?
+
+# Authenticates user and creates session, returns true on success or false if account is locked
+log_in(user)
+
+# Terminates current session
+log_out
+
+# Returns path user was trying to access before authentication, if any
+return_path
 
-- `current_user` - Returns authenticated user or `nil`
-- `logged_in?` - Returns `true` if user is authenticated
-- `log_in(user)` - Authenticates user and creates session, returns `true` on success or `false` if account is locked
-- `log_out` - Terminates current session
-- `return_path` - Returns path user was accessing before authentication
-- `current_session` - Returns current authentication session
+# Returns current authentication session
+current_session
+```
 
 ### User Impersonation (Shapeshifting)
 
@@ -159,7 +187,7 @@ module Admin
 
     def destroy
       original_user = current_session.true_identity
-      current_session.revert_to_true_identity
+      current_session.to_true_identity
       redirect_to admin_dashboard_path, notice: "Returned to #{original_user.name}"
     end
   end
@@ -168,14 +196,26 @@ end
 
 Available session methods:
 
-- `shapeshift(user)` - Assume another user's identity (maintains original identity)
-- `revert_to_true_identity` - Return to original identity
-- `shapeshifted?` - Returns true if currently shapeshifted
-- `true_identity` - Returns original user when shapeshifted, otherwise current user
+```rb
+# Assume another user's identity (maintains original identity)
+session.shapeshift(user)
+
+# Return to original identity
+session.to_true_identity
+
+# Returns true if currently shapeshifted
+session.shapeshifted?
+
+# Returns original user when shapeshifted, otherwise current user
+session.true_identity
+```
 
 Controller helper:
 
-- `shapeshifter?` - Returns true if the current session is shapeshifted
+```rb
+# Returns true if the current session is shapeshifted
+shapeshifter?
+```
 
 ### When unauthenticated
 
@@ -208,7 +248,7 @@ Veri stores authentication sessions in the database, providing session managemen
 
 ```rb
 # Get all sessions for a user
-user.veri_sessions
+user.sessions
 
 # Get current session in controller
 current_session
@@ -219,6 +259,7 @@ current_session
 ```rb
 session.identity
 # => authenticated user
+
 session.info
 # => {
 #   device: "Desktop",
@@ -232,9 +273,23 @@ session.info
 ### Session Status
 
 ```rb
-session.active?     # Session is active (neither expired nor inactive)
-session.inactive?   # Session exceeded inactivity timeout
-session.expired?    # Session exceeded maximum lifetime
+# Session is active (neither expired nor inactive)
+session.active?
+
+# Session exceeded inactivity timeout
+session.inactive?
+
+# Session exceeded maximum lifetime
+session.expired?
+
+# Fetch active sessions
+Veri::Session.active
+
+# Fetch inactive sessions
+Veri::Session.inactive
+
+# Fetch expired sessions
+Veri::Session.expired
 ```
 
 ### Session Management
@@ -243,12 +298,17 @@ session.expired?    # Session exceeded maximum lifetime
 # Terminate a specific session
 session.terminate
 
-# Terminate all sessions for a user
-Veri::Session.terminate_all(user)
+# Terminate all sessions
+Veri::Session.terminate_all
+
+# Terminate all sessions for a specific user
+user.sessions.terminate_all
 
-# Clean up expired/inactive sessions
-Veri::Session.prune           # All sessions
-Veri::Session.prune(user)     # Specific user's sessions
+# Clean up expired/inactive sessions, and sessions with deleted tenant
+Veri::Session.prune
+
+# Clean up expired/inactive sessions for a specific user
+user.sessions.prune
 ```
 
 ## Account Lockout
@@ -264,9 +324,62 @@ user.unlock!
 
 # Check if account is locked
 user.locked?
+
+# Fetch locked users
+User.locked
+
+# Fetch unlocked users
+User.unlocked
 ```
 
-When an account is locked, users cannot log in. If they're already logged in, their sessions will be terminated and they'll be treated as unauthenticated users.
+When an account is locked, the user cannot log in. If the user is already logged in, their sessions will be terminated, and they will be treated as an unauthenticated user.
+
+## Multi-Tenancy
+
+Veri supports multi-tenancy, allowing you to isolate authentication sessions between different tenants (e.g., organizations, clients, or subdomains).
+
+### Setting Up Multi-Tenancy
+
+To enable multi-tenancy, override `current_tenant` method:
+
+```rb
+class ApplicationController < ActionController::Base
+  include Veri::Authentication
+
+  with_authentication
+
+  private
+
+  def current_tenant
+    # Option 1: String-based tenancy (e.g., subdomain)
+    request.subdomain
+
+    # Option 2: Model-based tenancy (e.g., organization)
+    # Company.find_by(subdomain: request.subdomain)
+  end
+end
+```
+
+### Session Tenant Access
+
+Sessions expose their tenant through `tenant` method:
+
+```rb
+# Returns the tenant (string, model instance, or nil in single-tenant applications)
+session.tenant
+```
+
+### Migration Helpers
+
+Handle tenant changes when models are renamed or removed. These are irreversible data migrations.
+
+```rb
+# Rename a tenant class (e.g., when you rename your Organization model to Company)
+migrate_authentication_tenant!("Organization", "Company")
+
+# Remove orphaned tenant data (e.g., when you delete the Organization model entirely)
+delete_authentication_tenant!("Organization")
+```
 
 ## View Helpers
 
@@ -332,13 +445,13 @@ end
 ## Getting Help and Contributing
 
 ### Getting Help
-Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/brownboxdev/veri/discussions) for:
+Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/enjaku4/veri/discussions) for:
 - Usage questions
 - Implementation guidance
 - Feature suggestions
 
 ### Reporting Issues
-Found a bug? Please [create an issue](https://github.com/brownboxdev/veri/issues) with:
+Found a bug? Please [create an issue](https://github.com/enjaku4/veri/issues) with:
 - A clear description of the problem
 - Steps to reproduce the issue
 - Your environment details (Rails version, Ruby version, etc.)
@@ -347,14 +460,14 @@ Found a bug? Please [create an issue](https://github.com/brownboxdev/veri/issues
 Ready to contribute? You can:
 - Fix bugs by submitting pull requests
 - Improve documentation
-- Add new features (please discuss first in our [discussions section](https://github.com/brownboxdev/veri/discussions))
+- Add new features (please discuss first in our [discussions section](https://github.com/enjaku4/veri/discussions))
 
-Before contributing, please read the [contributing guidelines](https://github.com/brownboxdev/veri/blob/main/CONTRIBUTING.md)
+Before contributing, please read the [contributing guidelines](https://github.com/enjaku4/veri/blob/main/CONTRIBUTING.md)
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](https://github.com/brownboxdev/veri/blob/main/LICENSE.txt).
+The gem is available as open source under the terms of the [MIT License](https://github.com/enjaku4/veri/blob/main/LICENSE.txt).
 
 ## Code of Conduct
 
-Everyone interacting in the Veri project is expected to follow the [code of conduct](https://github.com/brownboxdev/veri/blob/main/CODE_OF_CONDUCT.md).
+Everyone interacting in the Veri project is expected to follow the [code of conduct](https://github.com/enjaku4/veri/blob/main/CODE_OF_CONDUCT.md).

data/lib/generators/veri/templates/add_veri_authentication.rb.erb

@@ -10,6 +10,7 @@ class AddVeriAuthentication < ActiveRecord::Migration[<%= ActiveRecord::Migratio
       t.datetime :expires_at, null: false
       t.belongs_to :authenticatable, null: false, foreign_key: { to_table: <%= table_name.to_sym.inspect %> }, index: true<%= ", type: :uuid" if options[:uuid] %>
       t.belongs_to :original_authenticatable, foreign_key: { to_table: <%= table_name.to_sym.inspect %> }, index: true<%= ", type: :uuid" if options[:uuid] %>
+      t.belongs_to :tenant, polymorphic: true, index: true<%= ", type: :uuid" if options[:uuid] %>
       t.datetime :shapeshifted_at
       t.datetime :last_seen_at, null: false
       t.string :ip_address

data/lib/veri/configuration.rb

@@ -52,6 +52,7 @@ module Veri
     HASHERS = {
       argon2: Veri::Password::Argon2,
       bcrypt: Veri::Password::BCrypt,
+      pbkdf2: Veri::Password::Pbkdf2,
       scrypt: Veri::Password::SCrypt
     }.freeze
 

data/lib/veri/controllers/concerns/authentication.rb

@@ -1,3 +1,5 @@
+require "digest/sha2"
+
 module Veri
   module Authentication
     extend ActiveSupport::Concern
@@ -29,8 +31,8 @@ module Veri
     end
 
     def current_session
-      token = cookies.encrypted[:veri_token]
-      @current_session ||= token ? Session.find_by(hashed_token: Digest::SHA256.hexdigest(token)) : nil
+      token = cookies.encrypted["#{auth_cookie_prefix}_token"]
+      @current_session ||= token ? Session.find_by(hashed_token: Digest::SHA256.hexdigest(token), **resolved_tenant) : nil
     end
 
     def log_in(authenticatable)
@@ -41,14 +43,15 @@ module Veri
 
       return false if processed_authenticatable.locked?
 
-      token = Veri::Session.establish(processed_authenticatable, request)
-      cookies.encrypted.permanent[:veri_token] = { value: token, httponly: true }
+      token = Veri::Session.establish(processed_authenticatable, request, resolved_tenant)
+
+      cookies.encrypted.permanent["#{auth_cookie_prefix}_token"] = { value: token, httponly: true }
       true
     end
 
     def log_out
       current_session&.terminate
-      cookies.delete(:veri_token)
+      cookies.delete("#{auth_cookie_prefix}_token")
     end
 
     def logged_in?
@@ -56,7 +59,7 @@ module Veri
     end
 
     def return_path
-      cookies.signed[:veri_return_path]
+      cookies.signed["#{auth_cookie_prefix}_return_path"]
     end
 
     def shapeshifter?
@@ -79,7 +82,7 @@ module Veri
 
       log_out
 
-      cookies.signed[:veri_return_path] = { value: request.fullpath, expires: 15.minutes.from_now } if request.get? && request.format.html?
+      cookies.signed["#{auth_cookie_prefix}_return_path"] = { value: request.fullpath, expires: 15.minutes.from_now } if request.get? && request.format.html?
 
       when_unauthenticated
     end
@@ -87,5 +90,19 @@ module Veri
     def when_unauthenticated
       request.format.html? ? redirect_back(fallback_location: root_path) : head(:unauthorized)
     end
+
+    def current_tenant = nil
+
+    def resolved_tenant
+      @resolved_tenant ||= Veri::Inputs::Tenant.new(
+        current_tenant,
+        error: Veri::InvalidTenantError,
+        message: "Expected a string, an ActiveRecord model instance, or nil, got `#{current_tenant.inspect}`"
+      ).resolve
+    end
+
+    def auth_cookie_prefix
+      @auth_cookie_prefix ||= "auth_#{Digest::SHA2.hexdigest(Marshal.dump(resolved_tenant))[0..7]}"
+    end
   end
 end

data/lib/veri/helpers/migration_helpers.rb

@@ -0,0 +1,20 @@
+module Veri
+  module MigrationHelpers
+    def migrate_authentication_tenant!(old_tenant, new_tenant)
+      sessions = Veri::Session.where(tenant_type: old_tenant.to_s)
+
+      raise Veri::InvalidArgumentError, "No sessions exist in tenant #{old_tenant.inspect}" unless sessions.exists?
+      raise Veri::InvalidArgumentError, "Cannot migrate tenant to #{new_tenant.inspect}: class does not exist" unless new_tenant.to_s.safe_constantize
+
+      sessions.update_all(tenant_type: new_tenant.to_s)
+    end
+
+    def delete_authentication_tenant!(tenant)
+      sessions = Veri::Session.where(tenant_type: tenant.to_s)
+
+      raise Veri::InvalidArgumentError, "No sessions exist in tenant #{tenant.inspect}" unless sessions.exists?
+
+      sessions.delete_all
+    end
+  end
+end

data/lib/veri/inputs/hashing_algorithm.rb

@@ -3,7 +3,7 @@ module Veri
     class HashingAlgorithm < Veri::Inputs::Base
       private
 
-      def type = -> { self.class::Strict::Symbol.enum(:argon2, :bcrypt, :scrypt) }
+      def type = -> { self.class::Strict::Symbol.enum(:argon2, :bcrypt, :pbkdf2, :scrypt) }
     end
   end
 end

data/lib/veri/inputs/tenant.rb

@@ -0,0 +1,33 @@
+module Veri
+  module Inputs
+    class Tenant < Base
+      def resolve
+        case tenant = process
+        when nil
+          { tenant_type: nil, tenant_id: nil }
+        when String
+          { tenant_type: tenant.to_s, tenant_id: nil }
+        when ActiveRecord::Base
+          raise_error unless tenant.persisted?
+          { tenant_type: tenant.class.to_s, tenant_id: tenant.public_send(tenant.class.primary_key) }
+        else
+          tenant
+        end
+      end
+
+      private
+
+      def type
+        -> {
+          self.class::Strict::String.constrained(min_size: 1) |
+            self.class::Instance(ActiveRecord::Base) |
+            self.class::Hash.schema(
+              tenant_type: self.class::Strict::String | self.class::Nil,
+              tenant_id: self.class::Strict::String | self.class::Strict::Integer | self.class::Nil
+            ) |
+            self.class::Nil
+        }
+      end
+    end
+  end
+end

data/lib/veri/models/concerns/authenticatable.rb

@@ -7,7 +7,10 @@ module Veri
 
       @@included = name
 
-      has_many :veri_sessions, class_name: "Veri::Session", foreign_key: :authenticatable_id, dependent: :destroy
+      has_many :sessions, class_name: "Veri::Session", foreign_key: :authenticatable_id, dependent: :destroy
+
+      scope :locked, -> { where(locked: true) }
+      scope :unlocked, -> { where(locked: false) }
     end
 
     def update_password(password)

data/lib/veri/models/session.rb

@@ -4,10 +4,16 @@ module Veri
   class Session < ActiveRecord::Base
     self.table_name = "veri_sessions"
 
-    # rubocop:disable Rails/ReflectionClassName
     belongs_to :authenticatable, class_name: Veri::Configuration.user_model_name
     belongs_to :original_authenticatable, class_name: Veri::Configuration.user_model_name, optional: true
-    # rubocop:enable Rails/ReflectionClassName
+    belongs_to :tenant, polymorphic: true, optional: true
+
+    scope :active, -> { where.not(id: expired.select(:id)).where.not(id: inactive.select(:id)) }
+    scope :expired, -> { where(expires_at: ...Time.current) }
+    scope :inactive, -> do
+      inactive_session_lifetime = Veri::Configuration.inactive_session_lifetime
+      inactive_session_lifetime ? where(last_seen_at: ...(Time.current - inactive_session_lifetime)) : none
+    end
 
     def active? = !expired? && !inactive?
 
@@ -60,7 +66,7 @@ module Veri
       )
     end
 
-    def revert_to_true_identity
+    def to_true_identity
       update!(
         shapeshifted_at: nil,
         authenticatable: original_authenticatable,
@@ -68,49 +74,44 @@ module Veri
       )
     end
 
+    def tenant
+      return tenant_type if tenant_type.present? && tenant_id.blank?
+
+      record = super
+
+      raise ActiveRecord::RecordNotFound.new(nil, tenant_type, nil, tenant_id) if tenant_id.present? && !record
+
+      record
+    end
+
     class << self
-      def establish(user, request)
+      def establish(user, request, resolved_tenant)
         token = SecureRandom.hex(32)
         expires_at = Time.current + Veri::Configuration.total_session_lifetime
 
         new(
           hashed_token: Digest::SHA256.hexdigest(token),
           expires_at:,
-          authenticatable: Veri::Inputs::Authenticatable.new(user, error: Veri::Error).process
+          authenticatable: user,
+          **resolved_tenant
         ).update_info(request)
 
         token
       end
 
-      def prune(user = nil)
-        scope = if user
-                  where(
-                    authenticatable: Veri::Inputs::Authenticatable.new(
-                      user,
-                      optional: true,
-                      message: "Expected an instance of #{Veri::Configuration.user_model_name} or nil, got `#{user.inspect}`"
-                    ).process
-                  )
-                else
-                  all
-                end
-
-        expired_scope = scope.where(expires_at: ...Time.current)
-
-        if Veri::Configuration.inactive_session_lifetime
-          inactive_cutoff = Time.current - Veri::Configuration.inactive_session_lifetime
-          expired_scope = expired_scope.or(scope.where(last_seen_at: ...inactive_cutoff))
+      def prune
+        expired.or(inactive).delete_all
+
+        orphaned_tenant_sessions = where.not(tenant_id: nil).includes(:tenant).filter_map do |session|
+          !session.tenant
+        rescue ActiveRecord::RecordNotFound
+          session.id
         end
 
-        expired_scope.delete_all
+        where(id: orphaned_tenant_sessions).delete_all if orphaned_tenant_sessions.any?
       end
 
-      def terminate_all(user)
-        Veri::Inputs::Authenticatable.new(
-          user,
-          message: "Expected an instance of #{Veri::Configuration.user_model_name}, got `#{user.inspect}`"
-        ).process.veri_sessions.delete_all
-      end
+      alias terminate_all delete_all
     end
   end
 end

data/lib/veri/password/pbkdf2.rb

@@ -0,0 +1,47 @@
+require "openssl"
+require "base64"
+require "securerandom"
+
+module Veri
+  module Password
+    module Pbkdf2
+      module_function
+
+      ITERATIONS = 210_000
+      SALT_BYTES = 64
+      HASH_BYTES = 64
+      DIGEST = "sha512"
+
+      def create(password)
+        salt = SecureRandom.random_bytes(SALT_BYTES)
+        hash = OpenSSL::KDF.pbkdf2_hmac(
+          password,
+          salt:,
+          iterations: ITERATIONS,
+          length: HASH_BYTES,
+          hash: DIGEST
+        )
+
+        "#{DIGEST}$#{ITERATIONS}$#{HASH_BYTES}$#{Base64.strict_encode64(salt)}$#{Base64.strict_encode64(hash)}"
+      end
+
+      def verify(password, hashed_password)
+        parts = hashed_password.split("$")
+        digest, iterations, hash_bytes, encoded_salt, encoded_hash = parts[0], parts[1], parts[2], parts[3], parts[4]
+
+        salt = Base64.strict_decode64(encoded_salt)
+        hash = Base64.strict_decode64(encoded_hash)
+
+        recalculated_hash = OpenSSL::KDF.pbkdf2_hmac(
+          password,
+          salt:,
+          iterations: iterations.to_i,
+          length: hash_bytes.to_i,
+          hash: digest
+        )
+
+        OpenSSL.fixed_length_secure_compare(recalculated_hash, hash)
+      end
+    end
+  end
+end

data/lib/veri/railtie.rb

@@ -2,11 +2,31 @@ require "rails/railtie"
 
 module Veri
   class Railtie < Rails::Railtie
+    def self.table_exists?
+      ActiveRecord::Base.connection.data_source_exists?("veri_sessions")
+    rescue ActiveRecord::NoDatabaseError, ActiveRecord::ConnectionNotEstablished
+      false
+    end
+
     initializer "veri.to_prepare" do |app|
       app.config.to_prepare do
+        if Veri::Railtie.table_exists?
+          Veri::Session.where.not(tenant_id: nil).distinct.pluck(:tenant_type).each do |tenant_class|
+            tenant_class.constantize
+          rescue NameError => e
+            raise Veri::Error, "Tenant not found: class `#{e.name}` may have been renamed or deleted"
+          end
+        end
+
         user_model = Veri::Configuration.user_model
         user_model.include Veri::Authenticatable unless user_model < Veri::Authenticatable
       end
     end
+
+    initializer "veri.extend_migration_helpers" do
+      ActiveSupport.on_load :active_record do
+        ActiveRecord::Migration.include Veri::MigrationHelpers
+      end
+    end
   end
 end

data/lib/veri/version.rb

@@ -1,3 +1,3 @@
 module Veri
-  VERSION = "0.3.1".freeze
+  VERSION = "1.0.0".freeze
 end

data/lib/veri.rb

@@ -5,6 +5,7 @@ require "active_support"
 
 require_relative "veri/password/argon2"
 require_relative "veri/password/bcrypt"
+require_relative "veri/password/pbkdf2"
 require_relative "veri/password/scrypt"
 
 require_relative "veri/inputs/base"
@@ -13,12 +14,14 @@ require_relative "veri/inputs/duration"
 require_relative "veri/inputs/hashing_algorithm"
 require_relative "veri/inputs/model"
 require_relative "veri/inputs/non_empty_string"
+require_relative "veri/inputs/tenant"
 require_relative "veri/configuration"
 
 module Veri
   class Error < StandardError; end
   class InvalidArgumentError < Veri::Error; end
   class ConfigurationError < Veri::InvalidArgumentError; end
+  class InvalidTenantError < Veri::InvalidArgumentError; end
 
   delegate :configure, to: Veri::Configuration
   module_function :configure
@@ -27,5 +30,6 @@ end
 require_relative "veri/models/session"
 require_relative "veri/controllers/concerns/authentication"
 require_relative "veri/models/concerns/authenticatable"
+require_relative "veri/helpers/migration_helpers"
 
 require_relative "veri/railtie"

data/veri.gemspec

@@ -4,7 +4,7 @@ Gem::Specification.new do |spec|
   spec.name = "veri"
   spec.version = Veri::VERSION
   spec.authors = ["enjaku4"]
-  spec.homepage = "https://github.com/brownboxdev/veri"
+  spec.homepage = "https://github.com/enjaku4/veri"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
   spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "bcrypt", "~> 3.0"
   spec.add_dependency "dry-configurable", "~> 1.1"
   spec.add_dependency "dry-types", "~> 1.7"
-  spec.add_dependency "rails", ">= 7.1", "< 8.1"
+  spec.add_dependency "rails", ">= 7.2", "< 8.1"
   spec.add_dependency "scrypt", "~> 3.0"
   spec.add_dependency "user_agent_parser", "~> 2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: veri
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 1.0.0
 platform: ruby
 authors:
 - enjaku4
@@ -71,7 +71,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.1'
@@ -81,7 +81,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.1'
@@ -125,27 +125,30 @@ files:
 - lib/veri.rb
 - lib/veri/configuration.rb
 - lib/veri/controllers/concerns/authentication.rb
+- lib/veri/helpers/migration_helpers.rb
 - lib/veri/inputs/authenticatable.rb
 - lib/veri/inputs/base.rb
 - lib/veri/inputs/duration.rb
 - lib/veri/inputs/hashing_algorithm.rb
 - lib/veri/inputs/model.rb
 - lib/veri/inputs/non_empty_string.rb
+- lib/veri/inputs/tenant.rb
 - lib/veri/models/concerns/authenticatable.rb
 - lib/veri/models/session.rb
 - lib/veri/password/argon2.rb
 - lib/veri/password/bcrypt.rb
+- lib/veri/password/pbkdf2.rb
 - lib/veri/password/scrypt.rb
 - lib/veri/railtie.rb
 - lib/veri/version.rb
 - veri.gemspec
-homepage: https://github.com/brownboxdev/veri
+homepage: https://github.com/enjaku4/veri
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/brownboxdev/veri
-  source_code_uri: https://github.com/brownboxdev/veri
-  changelog_uri: https://github.com/brownboxdev/veri/blob/main/CHANGELOG.md
+  homepage_uri: https://github.com/enjaku4/veri
+  source_code_uri: https://github.com/enjaku4/veri
+  changelog_uri: https://github.com/enjaku4/veri/blob/main/CHANGELOG.md
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths: