veri 1.0.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 17672738e498e3328b8b4cf724e3b30e4ee3fb2f7c1d768344cd0c9d29ced1df
-  data.tar.gz: bb8031eb131fce46b349e6881d8b20a18d43c19bf4aba7b41ae1bc6474e5c3cd
+  metadata.gz: 6bd0d2ab55db163c3fe4c23ffde6b23cd161d97c28c3fba95be4f7f88afbd2ea
+  data.tar.gz: b1afab87840a02696726deb462bff8e53c881e27ac78adf2787ba97cc59ae7ab
 SHA512:
-  metadata.gz: a6000202fed29f8e3e303d831727c7199cc073dcec3c592e412b3234b3a55c06b5761f4781f7325d7113a44af2c2f4786fff526b7d9bbd30eaebf599e62987e0
-  data.tar.gz: eaa49fd164b25daefeb97c505d73b11fb148f433f940594a6e6a349eae8a341f3ad8a716eccd5e47204968685602c895185ee255144cf39680eab610d66e83c1
+  metadata.gz: 99b2f7cc063ebffc0fd94b96fcade3ea4d9e911f21a854146b1b09500319a693dc12d44e4bcb8d64a1382d10d33c8bae4df5321bb22fcc074f0afc9c9ca0f6bd
+  data.tar.gz: 2d4cc974fb4dacee177d526099d8524cd24b1b8733115a277b1b172fb84bf3e32b42a56558b57ab4552139f6c5364351708304d806cd6eb4eca22aa5497339c5

data/CHANGELOG.md

@@ -1,3 +1,34 @@
+## v2.0.0
+
+### Breaking
+
+- Changed `Veri::Session#shapeshift` method signature to accept an optional `tenant:` keyword argument
+- `Veri::Session.prune` now deletes only sessions with orphaned tenants and no longer removes inactive or expired sessions
+
+### Features
+
+- Added `Veri::Session#true_tenant` method to fetch the original tenant of a session
+
+### Bugs
+
+- Fixed issue with user impersonation across different tenants
+
+### Misc
+
+- Dropped some unnecessary dependencies
+
+To upgrade to v2.0.0, please refer to the [migration guide](https://github.com/enjaku4/veri/discussions/14)
+
+## v1.1.0
+
+### Features
+
+- Added `Veri::Session.in_tenant` method to fetch sessions for a specific tenant
+
+### Misc
+
+- Added support for Rails 8.1
+
 ## v1.0.1
 
 ### Bugs

data/README.md

@@ -5,17 +5,13 @@
 [![Github Actions badge](https://github.com/enjaku4/veri/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/veri/actions/workflows/ci.yml)
 [![License](https://img.shields.io/github/license/enjaku4/veri.svg)](LICENSE)
 
-Veri is a cookie-based authentication library for Ruby on Rails. Unlike other solutions, Veri doesn't impose business logic or generate controllers, views, and mailers for you. Instead, it provides essential authentication building blocks giving you complete control over your authentication flow while handling the complex underlying mechanics of secure password storage and session management.
+Veri is a cookie-based authentication library for Ruby on Rails. It provides only essential building blocks for secure user authentication without cluttering your app with generated controllers, views, and mailers. This makes it ideal for building custom authentication flows.
 
-**Key Features:**
+Veri supports multi-tenancy, granular session management, multiple password hashing algorithms, and provides a user impersonation feature for administration purposes.
 
-- Cookie-based authentication with database-stored sessions
-- Multiple password hashing algorithms (argon2, bcrypt, pbkdf2, scrypt)
-- Multi-tenancy support
-- Granular session management and control
-- User impersonation feature
-- Account lockout functionality
-- Return path handling
+**Example of Usage:**
+
+Consider a multi-tenant SaaS application where users need to manage their active sessions across devices and browsers, terminating specific sessions remotely when needed. Administrators require similar capabilities in their admin panel, with additional powers to lock accounts and temporarily assume user identities for troubleshooting. You can build all this easily with Veri.
 
 ## Table of Contents
 
@@ -26,6 +22,7 @@ Veri is a cookie-based authentication library for Ruby on Rails. Unlike other so
   - [Controller Integration](#controller-integration)
   - [Authentication Sessions](#authentication-sessions)
   - [Account Lockout](#account-lockout)
+  - [User Impersonation](#user-impersonation)
   - [Multi-Tenancy](#multi-tenancy)
   - [View Helpers](#view-helpers)
   - [Testing](#testing)
@@ -45,11 +42,11 @@ gem "veri"
 
 Install the gem:
 
-```bash
+```shell
 bundle install
 ```
 
-Generate the migration for your user model (replace `users` with your user table name if different):
+Generate the migration for your user model (replace `users` with your table name if different):
 
 ```shell
 # For standard integer IDs
@@ -93,9 +90,9 @@ user.verify_password("password")
 
 ## Controller Integration
 
-### Basic Setup
+### Setup
 
-Include the authentication module and configure protection:
+Include the authentication module in your controllers and configure protection:
 
 ```rb
 class ApplicationController < ActionController::Base
@@ -109,6 +106,8 @@ class PicturesController < ApplicationController
 end
 ```
 
+Both `with_authentication` and `skip_authentication` work exactly the same as Rails' `before_action` and `skip_before_action` methods.
+
 ### Authentication Methods
 
 This is a simplified example of how to use Veri's authentication methods:
@@ -174,54 +173,9 @@ return_path
 current_session
 ```
 
-### User Impersonation (Shapeshifting)
+### When Unauthenticated
 
-Veri provides user impersonation functionality that allows administrators to temporarily assume another user's identity:
-
-```rb
-module Admin
-  class ImpersonationController < ApplicationController
-    def create
-      user = User.find(params[:user_id])
-      current_session.shapeshift(user)
-      redirect_to root_path, notice: "Now viewing as #{user.name}"
-    end
-
-    def destroy
-      original_user = current_session.true_identity
-      current_session.to_true_identity
-      redirect_to admin_dashboard_path, notice: "Returned to #{original_user.name}"
-    end
-  end
-end
-```
-
-Available session methods:
-
-```rb
-# Assume another user's identity (maintains original identity)
-session.shapeshift(user)
-
-# Return to original identity
-session.to_true_identity
-
-# Returns true if currently shapeshifted
-session.shapeshifted?
-
-# Returns original user when shapeshifted, otherwise current user
-session.true_identity
-```
-
-Controller helper:
-
-```rb
-# Returns true if the current session is shapeshifted
-shapeshifter?
-```
-
-### When unauthenticated
-
-Override this private method to customize unauthenticated user behavior:
+By default, when unauthenticated, Veri redirects back (HTML) or returns 401 (other formats). Override this private method to customize behavior for unauthenticated users:
 
 ```rb
 class ApplicationController < ActionController::Base
@@ -229,17 +183,16 @@ class ApplicationController < ActionController::Base
 
   with_authentication
 
-  # ...
-
   private
 
   def when_unauthenticated
-    # By default, redirects back (HTML) or returns 401 (other formats)
     redirect_to login_path
   end
 end
 ```
 
+The `when_unauthenticated` method can be overridden in any controller to provide controller-specific handling.
+
 ## Authentication Sessions
 
 Veri stores authentication sessions in the database, providing session management capabilities:
@@ -257,9 +210,10 @@ current_session
 ### Session Information
 
 ```rb
+# Get the authenticated user
 session.identity
-# => authenticated user
 
+# Get session details
 session.info
 # => {
 #   device: "Desktop",
@@ -304,11 +258,11 @@ Veri::Session.terminate_all
 # Terminate all sessions for a specific user
 user.sessions.terminate_all
 
-# Clean up expired/inactive sessions, and sessions with deleted tenant
-Veri::Session.prune
+# Clean up inactive sessions for a specific user
+user.sessions.inactive.terminate_all
 
-# Clean up expired/inactive sessions for a specific user
-user.sessions.prune
+# Clean up expired sessions globally
+Veri::Session.expired.terminate_all
 ```
 
 ## Account Lockout
@@ -332,15 +286,60 @@ User.locked
 User.unlocked
 ```
 
-When an account is locked, the user cannot log in. If they're already logged in, their sessions are terminated and they're treated as unauthenticated.
+When an account is locked, the user cannot log in. If they're already logged in, their sessions are terminated and they are treated as unauthenticated.
+
+## User Impersonation
+
+Veri provides user impersonation functionality that allows administrators to temporarily assume another user's identity:
+
+```rb
+module Admin
+  class ImpersonationController < ApplicationController
+    def create
+      user = User.find(params[:user_id])
+      current_session.shapeshift(user)
+      redirect_to root_path, notice: "Now viewing as #{user.name}"
+    end
+
+    def destroy
+      original_user = current_session.true_identity
+      current_session.to_true_identity
+      redirect_to admin_dashboard_path, notice: "Returned to #{original_user.name}"
+    end
+  end
+end
+```
+
+Available session methods:
+
+```rb
+# Assume another user's identity (in single-tenant applications)
+session.shapeshift(user)
+
+# Return to original identity
+session.to_true_identity
+
+# Returns true if currently shapeshifted
+session.shapeshifted?
+
+# Returns original user when shapeshifted, otherwise current user
+session.true_identity
+```
+
+Controller helper:
+
+```rb
+# Returns true if the current session is shapeshifted
+shapeshifter?
+```
 
 ## Multi-Tenancy
 
-Veri supports multi-tenancy, allowing you to isolate authentication sessions between different tenants like organizations, clients, or subdomains.
+Veri supports multi-tenancy, allowing you to isolate authentication sessions between different tenants such as organizations, clients, or subdomains.
 
-### Setting Up Multi-Tenancy
+### Setup
 
-To enable multi-tenancy, override `current_tenant` method:
+To isolate authentication sessions between different tenants, override the `current_tenant` method:
 
 ```rb
 class ApplicationController < ActionController::Base
@@ -355,29 +354,68 @@ class ApplicationController < ActionController::Base
     request.subdomain
 
     # Option 2: Model-based tenancy (e.g., organization)
-    # Company.find_by(subdomain: request.subdomain)
+    Company.find_by(subdomain: request.subdomain)
   end
 end
 ```
 
+By default, Veri assumes a single-tenant setup where `current_tenant` returns `nil`. Tenants can be represented as either a string or an `ActiveRecord` model instance.
+
 ### Session Tenant Access
 
-Sessions expose their tenant through `tenant` method:
+Sessions expose their tenant through the `tenant` method:
 
 ```rb
 # Returns the tenant (string, model instance, or nil in single-tenant applications)
 session.tenant
 ```
 
-### Migration Helpers
+To manage sessions for a specific tenant:
+
+```rb
+# Fetch all sessions for a given tenant
+Veri::Session.in_tenant(tenant)
+
+# Fetch sessions for a specific user within a tenant
+user.sessions.in_tenant(tenant)
+
+# Terminate all sessions for a specific user within a tenant
+user.sessions.in_tenant(tenant).terminate_all
+```
+
+### User Impersonation with Tenants
+
+When using user impersonation in a multi-tenant setup, Veri allows cross-tenant shapeshifting while preserving the original tenant context:
+
+```rb
+# Assume another user's identity across tenants
+session.shapeshift(user, tenant: company)
+
+# Returns the original tenant when shapeshifted
+session.true_tenant
+```
+
+All other session methods work the same way in multi-tenant applications as in single-tenant applications. However, `to_true_identity` will restore both the original user and tenant.
+
+### Orphaned Sessions
+
+When a tenant object is deleted from your database, its associated sessions become orphaned.
+
+To clean up orphaned sessions, use:
+
+```rb
+Veri::Session.prune
+```
+
+### Tenant Migrations
 
-Handle tenant changes when models are renamed or removed. These are irreversible data migrations.
+When you rename or remove models used as tenants, you need to update Veri's stored data accordingly. Use these irreversible data migrations:
 
 ```rb
 # Rename a tenant class (e.g., when you rename your Organization model to Company)
 migrate_authentication_tenant!("Organization", "Company")
 
-# Remove orphaned tenant data (e.g., when you delete the Organization model entirely)
+# Remove tenant data (e.g., when you delete the Organization model entirely)
 delete_authentication_tenant!("Organization")
 ```
 

data/lib/generators/veri/templates/add_veri_authentication.rb.erb

@@ -11,6 +11,7 @@ class AddVeriAuthentication < ActiveRecord::Migration[<%= ActiveRecord::Migratio
       t.belongs_to :authenticatable, null: false, foreign_key: { to_table: <%= table_name.to_sym.inspect %> }, index: true<%= ", type: :uuid" if options[:uuid] %>
       t.belongs_to :original_authenticatable, foreign_key: { to_table: <%= table_name.to_sym.inspect %> }, index: true<%= ", type: :uuid" if options[:uuid] %>
       t.belongs_to :tenant, polymorphic: true, index: true<%= ", type: :uuid" if options[:uuid] %>
+      t.belongs_to :original_tenant, polymorphic: true, index: true<%= ", type: :uuid" if options[:uuid] %>
       t.datetime :shapeshifted_at
       t.datetime :last_seen_at, null: false
       t.string :ip_address

data/lib/veri/configuration.rb

@@ -1,53 +1,15 @@
 require "active_support/core_ext/numeric/time"
-require "dry-configurable"
+require "singleton"
 
 module Veri
-  module Configuration
-    extend Dry::Configurable
+  class Configuration
+    include Singleton
 
-    module_function
+    attr_reader :hashing_algorithm, :inactive_session_lifetime, :total_session_lifetime, :user_model_name
 
-    setting :hashing_algorithm,
-            default: :argon2,
-            reader: true,
-            constructor: -> (value) do
-              Veri::Inputs::HashingAlgorithm.new(
-                value,
-                error: Veri::ConfigurationError,
-                message: "Invalid hashing algorithm `#{value.inspect}`, supported algorithms are: #{Veri::Configuration::HASHERS.keys.join(", ")}"
-              ).process
-            end
-    setting :inactive_session_lifetime,
-            default: nil,
-            reader: true,
-            constructor: -> (value) do
-              Veri::Inputs::Duration.new(
-                value,
-                optional: true,
-                error: Veri::ConfigurationError,
-                message: "Invalid inactive session lifetime `#{value.inspect}`, expected an instance of ActiveSupport::Duration or nil"
-              ).process
-            end
-    setting :total_session_lifetime,
-            default: 14.days,
-            reader: true,
-            constructor: -> (value) do
-              Veri::Inputs::Duration.new(
-                value,
-                error: Veri::ConfigurationError,
-                message: "Invalid total session lifetime `#{value.inspect}`, expected an instance of ActiveSupport::Duration"
-              ).process
-            end
-    setting :user_model_name,
-            default: "User",
-            reader: true,
-            constructor: -> (value) do
-              Veri::Inputs::NonEmptyString.new(
-                value,
-                error: Veri::ConfigurationError,
-                message: "Invalid user model name `#{value.inspect}`, expected an ActiveRecord model name as a string"
-              ).process
-            end
+    def initialize
+      reset_to_defaults!
+    end
 
     HASHERS = {
       argon2: Veri::Password::Argon2,
@@ -55,6 +17,47 @@ module Veri
       pbkdf2: Veri::Password::Pbkdf2,
       scrypt: Veri::Password::SCrypt
     }.freeze
+    private_constant :HASHERS
+
+    def hashing_algorithm=(value)
+      @hashing_algorithm = Veri::Inputs::HashingAlgorithm.new(
+        value,
+        error: Veri::ConfigurationError,
+        message: "Invalid hashing algorithm `#{value.inspect}`, supported algorithms are: #{HASHERS.keys.join(", ")}"
+      ).process
+    end
+
+    def inactive_session_lifetime=(value)
+      @inactive_session_lifetime = Veri::Inputs::Duration.new(
+        value,
+        optional: true,
+        error: Veri::ConfigurationError,
+        message: "Invalid inactive session lifetime `#{value.inspect}`, expected an instance of ActiveSupport::Duration or nil"
+      ).process
+    end
+
+    def total_session_lifetime=(value)
+      @total_session_lifetime = Veri::Inputs::Duration.new(
+        value,
+        error: Veri::ConfigurationError,
+        message: "Invalid total session lifetime `#{value.inspect}`, expected an instance of ActiveSupport::Duration"
+      ).process
+    end
+
+    def user_model_name=(value)
+      @user_model_name = Veri::Inputs::NonEmptyString.new(
+        value,
+        error: Veri::ConfigurationError,
+        message: "Invalid user model name `#{value.inspect}`, expected an ActiveRecord model name as a string"
+      ).process
+    end
+
+    def reset_to_defaults!
+      self.hashing_algorithm = :argon2
+      self.inactive_session_lifetime = nil
+      self.total_session_lifetime = 14.days
+      self.user_model_name = "User"
+    end
 
     def hasher
       HASHERS.fetch(hashing_algorithm) { raise Veri::Error, "Invalid hashing algorithm: #{hashing_algorithm}" }
@@ -67,5 +70,16 @@ module Veri
         message: "Invalid user model name `#{user_model_name}`, expected an ActiveRecord model name as a string"
       ).process
     end
+
+    def configure
+      yield self
+    end
+
+    class << self
+      delegate :hashing_algorithm, :inactive_session_lifetime, :total_session_lifetime, :user_model_name,
+               :hashing_algorithm=, :inactive_session_lifetime=, :total_session_lifetime=, :user_model_name=,
+               :hasher, :user_model, :reset_to_defaults!, :configure,
+               to: :instance
+    end
   end
 end

data/lib/veri/controllers/concerns/authentication.rb

@@ -88,7 +88,7 @@ module Veri
     end
 
     def when_unauthenticated
-      request.format.html? ? redirect_back(fallback_location: root_path) : head(:unauthorized)
+      request.format.html? ? redirect_back_or_to(root_path) : head(:unauthorized)
     end
 
     def current_tenant = nil

data/lib/veri/inputs/authenticatable.rb

@@ -3,7 +3,7 @@ module Veri
     class Authenticatable < Veri::Inputs::Base
       private
 
-      def type = -> { self.class::Instance(Veri::Configuration.user_model) }
+      def processor = -> { @value.is_a?(Veri::Configuration.user_model) ? @value : raise_error }
     end
   end
 end

data/lib/veri/inputs/base.rb

@@ -1,10 +1,6 @@
-require "dry-types"
-
 module Veri
   module Inputs
     class Base
-      include Dry.Types()
-
       def initialize(value, optional: false, error: Veri::InvalidArgumentError, message: nil)
         @value = value
         @optional = optional
@@ -13,15 +9,14 @@ module Veri
       end
 
       def process
-        type_checker = @optional ? type.call.optional : type.call
-        type_checker[@value]
-      rescue Dry::Types::CoercionError
-        raise_error
+        return @value if @value.nil? && @optional
+
+        processor.call
       end
 
       private
 
-      def type
+      def processor
         raise NotImplementedError
       end
 

data/lib/veri/inputs/duration.rb

@@ -3,7 +3,7 @@ module Veri
     class Duration < Veri::Inputs::Base
       private
 
-      def type = -> { self.class::Instance(ActiveSupport::Duration) }
+      def processor = -> { @value.is_a?(ActiveSupport::Duration) ? @value : raise_error }
     end
   end
 end

data/lib/veri/inputs/hashing_algorithm.rb

@@ -1,9 +1,12 @@
 module Veri
   module Inputs
     class HashingAlgorithm < Veri::Inputs::Base
+      HASHING_ALGORITHMS = [:argon2, :bcrypt, :pbkdf2, :scrypt].freeze
+      private_constant :HASHING_ALGORITHMS
+
       private
 
-      def type = -> { self.class::Strict::Symbol.enum(:argon2, :bcrypt, :pbkdf2, :scrypt) }
+      def processor = -> { HASHING_ALGORITHMS.include?(@value) ? @value : raise_error }
     end
   end
 end

data/lib/veri/inputs/model.rb

@@ -3,7 +3,13 @@ module Veri
     class Model < Veri::Inputs::Base
       private
 
-      def type = -> { self.class::Strict::Class.constructor { _1.try(:safe_constantize) }.constrained(lt: ActiveRecord::Base) }
+      def processor
+        -> {
+          model = @value.try(:safe_constantize) || @value
+          raise_error unless model.is_a?(Class) && model < ActiveRecord::Base
+          model
+        }
+      end
     end
   end
 end

data/lib/veri/inputs/non_empty_string.rb

@@ -3,7 +3,7 @@ module Veri
     class NonEmptyString < Veri::Inputs::Base
       private
 
-      def type = -> { self.class::Strict::String.constrained(min_size: 1) }
+      def processor = -> { @value.is_a?(String) && !@value.empty? ? @value : raise_error }
     end
   end
 end

data/lib/veri/inputs/tenant.rb

@@ -1,12 +1,12 @@
 module Veri
   module Inputs
-    class Tenant < Base
+    class Tenant < Veri::Inputs::Base
       def resolve
         case tenant = process
         when nil
           { tenant_type: nil, tenant_id: nil }
         when String
-          { tenant_type: tenant.to_s, tenant_id: nil }
+          { tenant_type: tenant, tenant_id: nil }
         when ActiveRecord::Base
           raise_error unless tenant.persisted?
           { tenant_type: tenant.class.to_s, tenant_id: tenant.public_send(tenant.class.primary_key) }
@@ -17,15 +17,14 @@ module Veri
 
       private
 
-      def type
+      def processor
         -> {
-          self.class::Strict::String.constrained(min_size: 1) |
-            self.class::Instance(ActiveRecord::Base) |
-            self.class::Hash.schema(
-              tenant_type: self.class::Strict::String | self.class::Nil,
-              tenant_id: self.class::Strict::String | self.class::Strict::Integer | self.class::Nil
-            ) |
-            self.class::Nil
+          return @value if @value.nil?
+          return @value if @value.is_a?(String) && @value.present?
+          return @value if @value.is_a?(ActiveRecord::Base)
+          return @value if @value in { tenant_type: String | nil, tenant_id: String | Integer | nil }
+
+          raise_error
         }
       end
     end

data/lib/veri/models/session.rb

@@ -7,7 +7,9 @@ module Veri
     belongs_to :authenticatable, class_name: Veri::Configuration.user_model_name
     belongs_to :original_authenticatable, class_name: Veri::Configuration.user_model_name, optional: true
     belongs_to :tenant, polymorphic: true, optional: true
+    belongs_to :original_tenant, polymorphic: true, optional: true
 
+    scope :in_tenant, -> (tenant) { where(**Veri::Inputs::Tenant.new(tenant).resolve) }
     scope :active, -> { where.not(id: expired.select(:id)).where.not(id: inactive.select(:id)) }
     scope :expired, -> { where(expires_at: ...Time.current) }
     scope :inactive, -> do
@@ -54,11 +56,23 @@ module Veri
     def identity = authenticatable
     def shapeshifted? = original_authenticatable.present?
     def true_identity = original_authenticatable || authenticatable
+    def true_tenant = original_tenant || tenant
+
+    def shapeshift(user, tenant: nil)
+      raise Veri::Error, "Cannot shapeshift from a shapeshifted session" if shapeshifted?
+
+      resolved_tenant = Veri::Inputs::Tenant.new(
+        tenant,
+        error: Veri::InvalidTenantError,
+        message: "Expected a string, an ActiveRecord model instance, or nil, got `#{tenant.inspect}`"
+      ).resolve
 
-    def shapeshift(user)
       update!(
         shapeshifted_at: Time.current,
         original_authenticatable: authenticatable,
+        original_tenant_type: tenant_type,
+        original_tenant_id: tenant_id,
+        **resolved_tenant,
         authenticatable: Veri::Inputs::Authenticatable.new(
           user,
           message: "Expected an instance of #{Veri::Configuration.user_model_name}, got `#{user.inspect}`"
@@ -70,18 +84,20 @@ module Veri
       update!(
         shapeshifted_at: nil,
         authenticatable: original_authenticatable,
+        tenant_type: original_tenant_type,
+        tenant_id: original_tenant_id,
+        original_tenant_type: nil,
+        original_tenant_id: nil,
         original_authenticatable: nil
       )
     end
 
     def tenant
-      return tenant_type if tenant_type.present? && tenant_id.blank?
-
-      record = super
-
-      raise ActiveRecord::RecordNotFound.new(nil, tenant_type, nil, tenant_id) if tenant_id.present? && !record
+      resolve_tenant(tenant_type, tenant_id) { super }
+    end
 
-      record
+    def original_tenant
+      resolve_tenant(original_tenant_type, original_tenant_id) { super }
     end
 
     class << self
@@ -100,8 +116,6 @@ module Veri
       end
 
       def prune
-        expired.or(inactive).delete_all
-
         orphaned_tenant_sessions = where.not(tenant_id: nil).includes(:tenant).filter_map do |session|
           !session.tenant
         rescue ActiveRecord::RecordNotFound
@@ -113,5 +127,17 @@ module Veri
 
       alias terminate_all delete_all
     end
+
+    private
+
+    def resolve_tenant(type, id)
+      return type if type.present? && id.blank?
+
+      record = yield
+
+      raise ActiveRecord::RecordNotFound.new(nil, type, nil, id) if id.present? && !record
+
+      record
+    end
   end
 end

data/lib/veri/version.rb

@@ -1,3 +1,3 @@
 module Veri
-  VERSION = "1.0.1".freeze
+  VERSION = "2.0.0".freeze
 end

data/veri.gemspec

@@ -4,18 +4,20 @@ Gem::Specification.new do |spec|
   spec.name = "veri"
   spec.version = Veri::VERSION
   spec.authors = ["enjaku4"]
-  spec.email = ["enjaku4@icloud.com"]
+  spec.email = ["contact@brownbox.dev"]
   spec.homepage = "https://github.com/enjaku4/veri"
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
   spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
   spec.metadata["bug_tracker_uri"] = "#{spec.homepage}/issues"
   spec.metadata["documentation_uri"] = "#{spec.homepage}/blob/main/README.md"
+  spec.metadata["mailing_list_uri"] = "#{spec.homepage}/discussions"
+  spec.metadata["funding_uri"] = "https://github.com/sponsors/enjaku4"
   spec.metadata["rubygems_mfa_required"] = "true"
   spec.summary = "Minimal cookie-based authentication library for Ruby on Rails"
-  spec.description = "Veri provides cookie-based authentication for Ruby on Rails applications with secure password storage, granular session management, multi-tenancy support, and user impersonation feature, without imposing business logic"
+  spec.description = "Minimal cookie-based authentication for Rails applications with multi-tenancy support and granular session management"
   spec.license = "MIT"
-  spec.required_ruby_version = ">= 3.2", "< 3.5"
+  spec.required_ruby_version = ">= 3.2", "< 4.1"
 
   spec.files = [
     "veri.gemspec", "README.md", "CHANGELOG.md", "LICENSE.txt"
@@ -25,9 +27,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "argon2", "~> 2.0"
   spec.add_dependency "bcrypt", "~> 3.0"
-  spec.add_dependency "dry-configurable", "~> 1.1"
-  spec.add_dependency "dry-types", "~> 1.7"
-  spec.add_dependency "rails", ">= 7.2", "< 8.1"
+  spec.add_dependency "rails", ">= 7.2", "< 8.2"
   spec.add_dependency "scrypt", "~> 3.0"
   spec.add_dependency "user_agent_parser", "~> 2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: veri
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 2.0.0
 platform: ruby
 authors:
 - enjaku4
@@ -37,34 +37,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: dry-configurable
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.1'
-- !ruby/object:Gem::Dependency
-  name: dry-types
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -74,7 +46,7 @@ dependencies:
         version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8.1'
+        version: '8.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -84,7 +56,7 @@ dependencies:
         version: '7.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8.1'
+        version: '8.2'
 - !ruby/object:Gem::Dependency
   name: scrypt
   requirement: !ruby/object:Gem::Requirement
@@ -113,11 +85,10 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
-description: Veri provides cookie-based authentication for Ruby on Rails applications
-  with secure password storage, granular session management, multi-tenancy support,
-  and user impersonation feature, without imposing business logic
+description: Minimal cookie-based authentication for Rails applications with multi-tenancy
+  support and granular session management
 email:
-- enjaku4@icloud.com
+- contact@brownbox.dev
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -156,6 +127,8 @@ metadata:
   changelog_uri: https://github.com/enjaku4/veri/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/enjaku4/veri/issues
   documentation_uri: https://github.com/enjaku4/veri/blob/main/README.md
+  mailing_list_uri: https://github.com/enjaku4/veri/discussions
+  funding_uri: https://github.com/sponsors/enjaku4
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
@@ -167,14 +140,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '3.2'
   - - "<"
     - !ruby/object:Gem::Version
-      version: '3.5'
+      version: '4.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 4.0.0
 specification_version: 4
 summary: Minimal cookie-based authentication library for Ruby on Rails
 test_files: []