veri 0.4.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 85a6c779bd69de4d11430630c142f8e5e12e3574d7828f740abc19f0e51d291f
-  data.tar.gz: 0def50b534c6d728230ec7543fe6a007a518f9abe47e9c0d93aac45e7eb2f59f
+  metadata.gz: 17672738e498e3328b8b4cf724e3b30e4ee3fb2f7c1d768344cd0c9d29ced1df
+  data.tar.gz: bb8031eb131fce46b349e6881d8b20a18d43c19bf4aba7b41ae1bc6474e5c3cd
 SHA512:
-  metadata.gz: 714985726d7e5d04f55dbb1b94a73110a64ed1cb2853f565ddefda540cb13393969a1c4c3ec91e7de310822224dd844031d7d6b0cf57bd3b537c36da5bb6d55b
-  data.tar.gz: 7f2070d1f1da0260a8061b8abcff5a625245e4388f593d14a6edbdc8c8b496a3b55b5525bfda7a9abaae6bd91ffb218cb0d707d888f14114981c536d99a85e90
+  metadata.gz: a6000202fed29f8e3e303d831727c7199cc073dcec3c592e412b3234b3a55c06b5761f4781f7325d7113a44af2c2f4786fff526b7d9bbd30eaebf599e62987e0
+  data.tar.gz: eaa49fd164b25daefeb97c505d73b11fb148f433f940594a6e6a349eae8a341f3ad8a716eccd5e47204968685602c895185ee255144cf39680eab610d66e83c1

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+## v1.0.1
+
+### Bugs
+
+- Fixed tenant validation blocking Rails console and database commands when orphaned tenant classes exist
+
+## v1.0.0
+
+### Breaking
+
+- Dropped support for Rails 7.1
+
+### Features
+
+- Added support for pbkdf2 password hashing algorithm
+
+### Bugs
+
+- Fixed error raised on Rails console commands when the database was not yet set up
+
 ## v0.4.0
 
 ### Breaking

data/README.md

@@ -1,22 +1,21 @@
-# Veri: Minimal Authentication Framework for Rails
+# Veri: Minimal Authentication for Rails
 
 [![Gem Version](https://badge.fury.io/rb/veri.svg)](http://badge.fury.io/rb/veri)
-[![Github Actions badge](https://github.com/brownboxdev/veri/actions/workflows/ci.yml/badge.svg)](https://github.com/brownboxdev/veri/actions/workflows/ci.yml)
+[![Downloads](https://img.shields.io/gem/dt/veri.svg)](https://rubygems.org/gems/veri)
+[![Github Actions badge](https://github.com/enjaku4/veri/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/veri/actions/workflows/ci.yml)
+[![License](https://img.shields.io/github/license/enjaku4/veri.svg)](LICENSE)
 
-Veri is a cookie-based authentication library for Ruby on Rails that provides essential authentication building blocks without imposing business logic. Unlike full-featured solutions, Veri gives you complete control over your authentication flow while handling the complex underlying mechanics of secure password storage and session management.
+Veri is a cookie-based authentication library for Ruby on Rails. Unlike other solutions, Veri doesn't impose business logic or generate controllers, views, and mailers for you. Instead, it provides essential authentication building blocks giving you complete control over your authentication flow while handling the complex underlying mechanics of secure password storage and session management.
 
 **Key Features:**
 
 - Cookie-based authentication with database-stored sessions
-- Multiple password hashing algorithms (argon2, bcrypt, scrypt)
+- Multiple password hashing algorithms (argon2, bcrypt, pbkdf2, scrypt)
+- Multi-tenancy support
 - Granular session management and control
-- Return path handling
 - User impersonation feature
 - Account lockout functionality
-- Multi-tenancy support
-
-> ⚠️ **Development Notice**<br>
-> Veri is functional but in early development. Breaking changes may occur in minor releases until v1.0!
+- Return path handling
 
 ## Table of Contents
 
@@ -68,12 +67,12 @@ rails db:migrate
 
 ## Configuration
 
-If customization is required, configure Veri in an initializer:
+Configure Veri in an initializer if customization is needed:
 
 ```rb
 # These are the default values; you can change them as needed
 Veri.configure do |config|
-  config.hashing_algorithm = :argon2       # Password hashing algorithm (:argon2, :bcrypt, or :scrypt)
+  config.hashing_algorithm = :argon2       # Password hashing algorithm (:argon2, :bcrypt, :pbkdf2, or :scrypt)
   config.inactive_session_lifetime = nil   # Session inactivity timeout (nil means sessions never expire due to inactivity)
   config.total_session_lifetime = 14.days  # Maximum session duration regardless of activity
   config.user_model_name = "User"          # Your user model name
@@ -115,6 +114,22 @@ end
 This is a simplified example of how to use Veri's authentication methods:
 
 ```rb
+class RegistrationsController < ApplicationController
+  skip_authentication
+
+  def create
+    user = User.new(user_params)
+
+    if user.valid?
+      user.update_password(user_params[:password])
+      log_in(user)
+      redirect_to dashboard_path
+    else
+      render :new, status: :unprocessable_content
+    end
+  end
+end
+
 class SessionsController < ApplicationController
   skip_authentication except: [:destroy]
 
@@ -126,7 +141,7 @@ class SessionsController < ApplicationController
       redirect_to return_path || dashboard_path
     else
       flash.now[:alert] = "Invalid credentials"
-      render :new, status: :unprocessable_entity
+      render :new, status: :unprocessable_content
     end
   end
 
@@ -161,7 +176,7 @@ current_session
 
 ### User Impersonation (Shapeshifting)
 
-Veri provides user impersonation functionality that allows, for example, administrators to temporarily assume another user's identity:
+Veri provides user impersonation functionality that allows administrators to temporarily assume another user's identity:
 
 ```rb
 module Admin
@@ -206,7 +221,7 @@ shapeshifter?
 
 ### When unauthenticated
 
-Override this private method to customize authentication behavior:
+Override this private method to customize unauthenticated user behavior:
 
 ```rb
 class ApplicationController < ActionController::Base
@@ -218,10 +233,8 @@ class ApplicationController < ActionController::Base
 
   private
 
-  # Customize unauthenticated user handling
   def when_unauthenticated
-    # By default redirects back with a fallback to the root path if the request format is HTML,
-    # otherwise responds with 401 Unauthorized
+    # By default, redirects back (HTML) or returns 401 (other formats)
     redirect_to login_path
   end
 end
@@ -288,13 +301,19 @@ session.terminate
 # Terminate all sessions
 Veri::Session.terminate_all
 
-# Clean up expired/inactive sessions
+# Terminate all sessions for a specific user
+user.sessions.terminate_all
+
+# Clean up expired/inactive sessions, and sessions with deleted tenant
 Veri::Session.prune
+
+# Clean up expired/inactive sessions for a specific user
+user.sessions.prune
 ```
 
 ## Account Lockout
 
-Veri provides account lockout functionality to temporarily disable user accounts (for example, after too many failed login attempts or for security reasons).
+Veri provides account lockout functionality to temporarily disable user accounts.
 
 ```rb
 # Lock a user account
@@ -313,11 +332,11 @@ User.locked
 User.unlocked
 ```
 
-When an account is locked, the user cannot log in. If the user is already logged in, their sessions will be terminated, and they will be treated as an unauthenticated user.
+When an account is locked, the user cannot log in. If they're already logged in, their sessions are terminated and they're treated as unauthenticated.
 
 ## Multi-Tenancy
 
-Veri supports multi-tenancy, allowing you to isolate authentication sessions between different tenants (e.g., organizations, clients, or subdomains).
+Veri supports multi-tenancy, allowing you to isolate authentication sessions between different tenants like organizations, clients, or subdomains.
 
 ### Setting Up Multi-Tenancy
 
@@ -381,7 +400,7 @@ Access authentication state in your views:
 
 ## Testing
 
-Veri doesn't provide test helpers, but you can easily create your own:
+Veri doesn't include test helpers, but you can easily create your own:
 
 ### Request Specs (Recommended)
 
@@ -426,13 +445,13 @@ end
 ## Getting Help and Contributing
 
 ### Getting Help
-Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/brownboxdev/veri/discussions) for:
+Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/enjaku4/veri/discussions) for:
 - Usage questions
 - Implementation guidance
 - Feature suggestions
 
 ### Reporting Issues
-Found a bug? Please [create an issue](https://github.com/brownboxdev/veri/issues) with:
+Found a bug? Please [create an issue](https://github.com/enjaku4/veri/issues) with:
 - A clear description of the problem
 - Steps to reproduce the issue
 - Your environment details (Rails version, Ruby version, etc.)
@@ -441,14 +460,14 @@ Found a bug? Please [create an issue](https://github.com/brownboxdev/veri/issues
 Ready to contribute? You can:
 - Fix bugs by submitting pull requests
 - Improve documentation
-- Add new features (please discuss first in our [discussions section](https://github.com/brownboxdev/veri/discussions))
+- Add new features (please discuss first in our [discussions section](https://github.com/enjaku4/veri/discussions))
 
-Before contributing, please read the [contributing guidelines](https://github.com/brownboxdev/veri/blob/main/CONTRIBUTING.md)
+Before contributing, please read the [contributing guidelines](https://github.com/enjaku4/veri/blob/main/CONTRIBUTING.md)
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](https://github.com/brownboxdev/veri/blob/main/LICENSE.txt).
+The gem is available as open source under the terms of the [MIT License](https://github.com/enjaku4/veri/blob/main/LICENSE.txt).
 
 ## Code of Conduct
 
-Everyone interacting in the Veri project is expected to follow the [code of conduct](https://github.com/brownboxdev/veri/blob/main/CODE_OF_CONDUCT.md).
+Everyone interacting in the Veri project is expected to follow the [code of conduct](https://github.com/enjaku4/veri/blob/main/CODE_OF_CONDUCT.md).

data/lib/veri/configuration.rb

@@ -52,6 +52,7 @@ module Veri
     HASHERS = {
       argon2: Veri::Password::Argon2,
       bcrypt: Veri::Password::BCrypt,
+      pbkdf2: Veri::Password::Pbkdf2,
       scrypt: Veri::Password::SCrypt
     }.freeze
 

data/lib/veri/inputs/hashing_algorithm.rb

@@ -3,7 +3,7 @@ module Veri
     class HashingAlgorithm < Veri::Inputs::Base
       private
 
-      def type = -> { self.class::Strict::Symbol.enum(:argon2, :bcrypt, :scrypt) }
+      def type = -> { self.class::Strict::Symbol.enum(:argon2, :bcrypt, :pbkdf2, :scrypt) }
     end
   end
 end

data/lib/veri/models/session.rb

@@ -100,23 +100,15 @@ module Veri
       end
 
       def prune
-        expired_scope = where(expires_at: ...Time.current)
+        expired.or(inactive).delete_all
 
-        if Veri::Configuration.inactive_session_lifetime
-          inactive_cutoff = Time.current - Veri::Configuration.inactive_session_lifetime
-          expired_scope = expired_scope.or(where(last_seen_at: ...inactive_cutoff))
-        end
-
-        expired_scope.delete_all
-
-        ids = where.not(tenant_id: nil).includes(:tenant).filter_map do |session|
-          session.tenant
-          nil
+        orphaned_tenant_sessions = where.not(tenant_id: nil).includes(:tenant).filter_map do |session|
+          !session.tenant
         rescue ActiveRecord::RecordNotFound
           session.id
         end
 
-        where(id: ids).delete_all if ids.any?
+        where(id: orphaned_tenant_sessions).delete_all if orphaned_tenant_sessions.any?
       end
 
       alias terminate_all delete_all

data/lib/veri/password/pbkdf2.rb

@@ -0,0 +1,47 @@
+require "openssl"
+require "base64"
+require "securerandom"
+
+module Veri
+  module Password
+    module Pbkdf2
+      module_function
+
+      ITERATIONS = 210_000
+      SALT_BYTES = 64
+      HASH_BYTES = 64
+      DIGEST = "sha512"
+
+      def create(password)
+        salt = SecureRandom.random_bytes(SALT_BYTES)
+        hash = OpenSSL::KDF.pbkdf2_hmac(
+          password,
+          salt:,
+          iterations: ITERATIONS,
+          length: HASH_BYTES,
+          hash: DIGEST
+        )
+
+        "#{DIGEST}$#{ITERATIONS}$#{HASH_BYTES}$#{Base64.strict_encode64(salt)}$#{Base64.strict_encode64(hash)}"
+      end
+
+      def verify(password, hashed_password)
+        parts = hashed_password.split("$")
+        digest, iterations, hash_bytes, encoded_salt, encoded_hash = parts[0], parts[1], parts[2], parts[3], parts[4]
+
+        salt = Base64.strict_decode64(encoded_salt)
+        hash = Base64.strict_decode64(encoded_hash)
+
+        recalculated_hash = OpenSSL::KDF.pbkdf2_hmac(
+          password,
+          salt:,
+          iterations: iterations.to_i,
+          length: hash_bytes.to_i,
+          hash: digest
+        )
+
+        OpenSSL.fixed_length_secure_compare(recalculated_hash, hash)
+      end
+    end
+  end
+end

data/lib/veri/railtie.rb

@@ -2,9 +2,19 @@ require "rails/railtie"
 
 module Veri
   class Railtie < Rails::Railtie
+    def self.server_running?
+      !!defined?(Rails::Server)
+    end
+
+    def self.table_exists?
+      ActiveRecord::Base.connection.data_source_exists?("veri_sessions")
+    rescue ActiveRecord::NoDatabaseError, ActiveRecord::ConnectionNotEstablished
+      false
+    end
+
     initializer "veri.to_prepare" do |app|
       app.config.to_prepare do
-        if ActiveRecord::Base.connection.data_source_exists?("veri_sessions")
+        if Veri::Railtie.server_running? && Veri::Railtie.table_exists?
           Veri::Session.where.not(tenant_id: nil).distinct.pluck(:tenant_type).each do |tenant_class|
             tenant_class.constantize
           rescue NameError => e

data/lib/veri/version.rb

@@ -1,3 +1,3 @@
 module Veri
-  VERSION = "0.4.0".freeze
+  VERSION = "1.0.1".freeze
 end

data/lib/veri.rb

@@ -5,6 +5,7 @@ require "active_support"
 
 require_relative "veri/password/argon2"
 require_relative "veri/password/bcrypt"
+require_relative "veri/password/pbkdf2"
 require_relative "veri/password/scrypt"
 
 require_relative "veri/inputs/base"

data/veri.gemspec

@@ -4,12 +4,16 @@ Gem::Specification.new do |spec|
   spec.name = "veri"
   spec.version = Veri::VERSION
   spec.authors = ["enjaku4"]
-  spec.homepage = "https://github.com/brownboxdev/veri"
+  spec.email = ["enjaku4@icloud.com"]
+  spec.homepage = "https://github.com/enjaku4/veri"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
   spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
+  spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/issues"
+  spec.metadata["documentation_uri"] = "#{spec.homepage}/blob/main/README.md"
   spec.metadata["rubygems_mfa_required"] = "true"
   spec.summary = "Minimal cookie-based authentication library for Ruby on Rails"
+  spec.description = "Veri provides cookie-based authentication for Ruby on Rails applications with secure password storage, granular session management, multi-tenancy support, and user impersonation feature, without imposing business logic"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 3.2", "< 3.5"
 
@@ -23,7 +27,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "bcrypt", "~> 3.0"
   spec.add_dependency "dry-configurable", "~> 1.1"
   spec.add_dependency "dry-types", "~> 1.7"
-  spec.add_dependency "rails", ">= 7.1", "< 8.1"
+  spec.add_dependency "rails", ">= 7.2", "< 8.1"
   spec.add_dependency "scrypt", "~> 3.0"
   spec.add_dependency "user_agent_parser", "~> 2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: veri
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 1.0.1
 platform: ruby
 authors:
 - enjaku4
@@ -71,7 +71,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.1'
@@ -81,7 +81,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '7.1'
+        version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '8.1'
@@ -113,6 +113,11 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+description: Veri provides cookie-based authentication for Ruby on Rails applications
+  with secure password storage, granular session management, multi-tenancy support,
+  and user impersonation feature, without imposing business logic
+email:
+- enjaku4@icloud.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -137,17 +142,20 @@ files:
 - lib/veri/models/session.rb
 - lib/veri/password/argon2.rb
 - lib/veri/password/bcrypt.rb
+- lib/veri/password/pbkdf2.rb
 - lib/veri/password/scrypt.rb
 - lib/veri/railtie.rb
 - lib/veri/version.rb
 - veri.gemspec
-homepage: https://github.com/brownboxdev/veri
+homepage: https://github.com/enjaku4/veri
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/brownboxdev/veri
-  source_code_uri: https://github.com/brownboxdev/veri
-  changelog_uri: https://github.com/brownboxdev/veri/blob/main/CHANGELOG.md
+  homepage_uri: https://github.com/enjaku4/veri
+  source_code_uri: https://github.com/enjaku4/veri
+  changelog_uri: https://github.com/enjaku4/veri/blob/main/CHANGELOG.md
+  bug_tracker_uri: https://github.com/enjaku4/veri/issues
+  documentation_uri: https://github.com/enjaku4/veri/blob/main/README.md
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -166,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.7
+rubygems_version: 3.7.2
 specification_version: 4
 summary: Minimal cookie-based authentication library for Ruby on Rails
 test_files: []