veri 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c4434399cb0f0e3081ff2ccb8e72df12623e74f6f2cd43f318d50ae483845be6
-  data.tar.gz: 194dec0866793d8f2bc906d2830f8c9a4fb37e7d8a5c7f5c58bec7d0631abc51
+  metadata.gz: 5059569cdd9359f72eb4852779102dca282a75176073020888ecfffb6ac716c0
+  data.tar.gz: ee0b24a4e5a9f105f10c6cb7cb550f90449a87031622577cc89211edac5bb06d
 SHA512:
-  metadata.gz: 2e5dbe8a582d077ef157f8c16d3ec5c21ac24b501e323ed4bf11f577fe436900dffdc1a40814011c78f969962c97ca0b931cd5684253578ecb4804b994016dca
-  data.tar.gz: ba78fb8d71fd4dffdb527add9759f56d84ca9772535897d356f4a4a9f1302f149d3533355e8a86a518b09f179c638313dcdf2b9932c82fd7e8a427457a1b3111
+  metadata.gz: '0910cd4e2a58796521a755ed2e6414d647270ce94582c2247574f2189e2949d5cb9297f0cbda06414586f845bb00a484974a2752e079de7906c770cd153afd20'
+  data.tar.gz: 6bf989a229323abf6160b91bded464993f8606810d5883a40d32eb7e6e66c0bb4742cae90cf5246b1848f2b20a9014d66cf0867dea20de1dc10dbe297f1e1c5e

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+## v1.1.0
+
+### Features
+
+- Added `Veri::Session.in_tenant` method to fetch sessions for a specific tenant
+
+### Misc
+
+- Added support for Rails 8.1
+
+## v1.0.1
+
+### Bugs
+
+- Fixed tenant validation blocking Rails console and database commands when orphaned tenant classes exist
+
 ## v1.0.0
 
 ### Breaking

data/README.md

@@ -1,19 +1,15 @@
-# Veri: Minimal Authentication Framework for Rails
+# Veri: Minimal Authentication for Rails
 
 [![Gem Version](https://badge.fury.io/rb/veri.svg)](http://badge.fury.io/rb/veri)
+[![Downloads](https://img.shields.io/gem/dt/veri.svg)](https://rubygems.org/gems/veri)
 [![Github Actions badge](https://github.com/enjaku4/veri/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/veri/actions/workflows/ci.yml)
+[![License](https://img.shields.io/github/license/enjaku4/veri.svg)](LICENSE)
 
-Veri is a cookie-based authentication library for Ruby on Rails that provides essential authentication building blocks without imposing business logic. Unlike full-featured solutions, Veri gives you complete control over your authentication flow while handling the complex underlying mechanics of secure password storage and session management.
+Veri is a cookie-based authentication library for Ruby on Rails. Unlike other solutions that generate controllers, views, and mailers for you, Veri provides only essential building blocks. It's ideal for applications that require custom authentication experiences: you design your own interfaces and flows, while Veri handles the complex underlying mechanics of secure password storage and session verification. On top of that, Veri supports multi-tenancy, granular session management, multiple password hashing algorithms, and includes a user impersonation feature.
 
-**Key Features:**
+**Example of Usage:**
 
-- Cookie-based authentication with database-stored sessions
-- Multiple password hashing algorithms (argon2, bcrypt, pbkdf2, scrypt)
-- Granular session management and control
-- Return path handling
-- User impersonation feature
-- Account lockout functionality
-- Multi-tenancy support
+Consider a multi-tenant SaaS application where users can view all their active sessions across devices and browsers and terminate specific sessions remotely. Administrators have the same interface in their admin panel, giving them visibility into user activity and the ability to end sessions or lock accounts for security. Additionally, administrators can temporarily assume a user’s identity for troubleshooting. All of this is easily handled with Veri.
 
 ## Table of Contents
 
@@ -65,7 +61,7 @@ rails db:migrate
 
 ## Configuration
 
-If customization is required, configure Veri in an initializer:
+Configure Veri in an initializer if customization is needed:
 
 ```rb
 # These are the default values; you can change them as needed
@@ -174,7 +170,7 @@ current_session
 
 ### User Impersonation (Shapeshifting)
 
-Veri provides user impersonation functionality that allows, for example, administrators to temporarily assume another user's identity:
+Veri provides user impersonation functionality that allows administrators to temporarily assume another user's identity:
 
 ```rb
 module Admin
@@ -217,9 +213,9 @@ Controller helper:
 shapeshifter?
 ```
 
-### When unauthenticated
+### When Unauthenticated
 
-Override this private method to customize authentication behavior:
+Override this private method to customize behavior for unauthenticated users:
 
 ```rb
 class ApplicationController < ActionController::Base
@@ -231,10 +227,8 @@ class ApplicationController < ActionController::Base
 
   private
 
-  # Customize unauthenticated user handling
   def when_unauthenticated
-    # By default redirects back with a fallback to the root path if the request format is HTML,
-    # otherwise responds with 401 Unauthorized
+    # By default, redirects back (HTML) or returns 401 (other formats)
     redirect_to login_path
   end
 end
@@ -313,7 +307,7 @@ user.sessions.prune
 
 ## Account Lockout
 
-Veri provides account lockout functionality to temporarily disable user accounts (for example, after too many failed login attempts or for security reasons).
+Veri provides account lockout functionality to temporarily disable user accounts.
 
 ```rb
 # Lock a user account
@@ -332,11 +326,11 @@ User.locked
 User.unlocked
 ```
 
-When an account is locked, the user cannot log in. If the user is already logged in, their sessions will be terminated, and they will be treated as an unauthenticated user.
+When an account is locked, the user cannot log in. If they're already logged in, their sessions are terminated and they are treated as unauthenticated.
 
 ## Multi-Tenancy
 
-Veri supports multi-tenancy, allowing you to isolate authentication sessions between different tenants (e.g., organizations, clients, or subdomains).
+Veri supports multi-tenancy, allowing you to isolate authentication sessions between different tenants such as organizations, clients, or subdomains.
 
 ### Setting Up Multi-Tenancy
 
@@ -369,6 +363,19 @@ Sessions expose their tenant through `tenant` method:
 session.tenant
 ```
 
+To manage sessions for a specific tenant:
+
+```rb
+# Fetch all sessions for a given tenant
+Veri::Session.in_tenant(tenant)
+
+# Fetch sessions for a specific user within a tenant
+user.sessions.in_tenant(tenant)
+
+# Terminate all sessions for a specific user within a tenant
+user.sessions.in_tenant(tenant).terminate_all
+```
+
 ### Migration Helpers
 
 Handle tenant changes when models are renamed or removed. These are irreversible data migrations.
@@ -400,7 +407,7 @@ Access authentication state in your views:
 
 ## Testing
 
-Veri doesn't provide test helpers, but you can easily create your own:
+Veri doesn't include test helpers, but you can easily create your own:
 
 ### Request Specs (Recommended)
 

data/lib/veri/models/session.rb

@@ -8,6 +8,7 @@ module Veri
     belongs_to :original_authenticatable, class_name: Veri::Configuration.user_model_name, optional: true
     belongs_to :tenant, polymorphic: true, optional: true
 
+    scope :in_tenant, -> (tenant) { where(**Veri::Inputs::Tenant.new(tenant).resolve) }
     scope :active, -> { where.not(id: expired.select(:id)).where.not(id: inactive.select(:id)) }
     scope :expired, -> { where(expires_at: ...Time.current) }
     scope :inactive, -> do

data/lib/veri/railtie.rb

@@ -2,6 +2,10 @@ require "rails/railtie"
 
 module Veri
   class Railtie < Rails::Railtie
+    def self.server_running?
+      !!defined?(Rails::Server)
+    end
+
     def self.table_exists?
       ActiveRecord::Base.connection.data_source_exists?("veri_sessions")
     rescue ActiveRecord::NoDatabaseError, ActiveRecord::ConnectionNotEstablished
@@ -10,7 +14,7 @@ module Veri
 
     initializer "veri.to_prepare" do |app|
       app.config.to_prepare do
-        if Veri::Railtie.table_exists?
+        if Veri::Railtie.server_running? && Veri::Railtie.table_exists?
           Veri::Session.where.not(tenant_id: nil).distinct.pluck(:tenant_type).each do |tenant_class|
             tenant_class.constantize
           rescue NameError => e

data/lib/veri/version.rb

@@ -1,3 +1,3 @@
 module Veri
-  VERSION = "1.0.0".freeze
+  VERSION = "1.1.0".freeze
 end

data/veri.gemspec

@@ -4,12 +4,16 @@ Gem::Specification.new do |spec|
   spec.name = "veri"
   spec.version = Veri::VERSION
   spec.authors = ["enjaku4"]
+  spec.email = ["enjaku4@icloud.com"]
   spec.homepage = "https://github.com/enjaku4/veri"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
   spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
+  spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/issues"
+  spec.metadata["documentation_uri"] = "#{spec.homepage}/blob/main/README.md"
   spec.metadata["rubygems_mfa_required"] = "true"
   spec.summary = "Minimal cookie-based authentication library for Ruby on Rails"
+  spec.description = "Veri provides cookie-based authentication for Ruby on Rails applications with secure password storage, granular session management, multi-tenancy support, and user impersonation feature, without imposing business logic"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 3.2", "< 3.5"
 
@@ -23,7 +27,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "bcrypt", "~> 3.0"
   spec.add_dependency "dry-configurable", "~> 1.1"
   spec.add_dependency "dry-types", "~> 1.7"
-  spec.add_dependency "rails", ">= 7.2", "< 8.1"
+  spec.add_dependency "rails", ">= 7.2", "< 8.2"
   spec.add_dependency "scrypt", "~> 3.0"
   spec.add_dependency "user_agent_parser", "~> 2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: veri
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - enjaku4
@@ -74,7 +74,7 @@ dependencies:
         version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8.1'
+        version: '8.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -84,7 +84,7 @@ dependencies:
         version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8.1'
+        version: '8.2'
 - !ruby/object:Gem::Dependency
   name: scrypt
   requirement: !ruby/object:Gem::Requirement
@@ -113,6 +113,11 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+description: Veri provides cookie-based authentication for Ruby on Rails applications
+  with secure password storage, granular session management, multi-tenancy support,
+  and user impersonation feature, without imposing business logic
+email:
+- enjaku4@icloud.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -149,6 +154,8 @@ metadata:
   homepage_uri: https://github.com/enjaku4/veri
   source_code_uri: https://github.com/enjaku4/veri
   changelog_uri: https://github.com/enjaku4/veri/blob/main/CHANGELOG.md
+  bug_tracker_uri: https://github.com/enjaku4/veri/issues
+  documentation_uri: https://github.com/enjaku4/veri/blob/main/README.md
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -167,7 +174,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.1
+rubygems_version: 3.7.2
 specification_version: 4
 summary: Minimal cookie-based authentication library for Ruby on Rails
 test_files: []