veri 2.0.0 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6bd0d2ab55db163c3fe4c23ffde6b23cd161d97c28c3fba95be4f7f88afbd2ea
-  data.tar.gz: b1afab87840a02696726deb462bff8e53c881e27ac78adf2787ba97cc59ae7ab
+  metadata.gz: c9b0db1fbb87c0a3b25d47f2142cab1b9143a0ba7751a05c1676ca6e3b4b6ee3
+  data.tar.gz: 600d600760a3c0af2fddfece43322193be1ae4255eae0dd1c22d4099a083cb7b
 SHA512:
-  metadata.gz: 99b2f7cc063ebffc0fd94b96fcade3ea4d9e911f21a854146b1b09500319a693dc12d44e4bcb8d64a1382d10d33c8bae4df5321bb22fcc074f0afc9c9ca0f6bd
-  data.tar.gz: 2d4cc974fb4dacee177d526099d8524cd24b1b8733115a277b1b172fb84bf3e32b42a56558b57ab4552139f6c5364351708304d806cd6eb4eca22aa5497339c5
+  metadata.gz: aaf5ec5aced9ddec1c42367df39be9e4322d3b1b3946bb473bfaee3f668d6fea55d78b48f3f1f0fa1acb8ee4588de8039d054730d3b913ab8036def74054d858
+  data.tar.gz: b188516f09afc341584f4460d5caa0e552c94e54dfe3a4bc3fe7a4cddb592acbb8c4957092e4763e88bd1be34ebc122934b40876bd2fc23e87d3b207b5fb2479

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+## v2.0.2
+
+### Misc
+
+- Clarified error message for non-existent user model
+
+## v2.0.1
+
+### Misc
+
+- Minor performance improvements and internal refactoring
+
 ## v2.0.0
 
 ### Breaking

data/README.md

@@ -31,6 +31,7 @@ Consider a multi-tenant SaaS application where users need to manage their active
   - [Getting Help and Contributing](#getting-help-and-contributing)
   - [License](#license)
   - [Code of Conduct](#code-of-conduct)
+  - [Old Versions](#old-versions)
 
 ## Installation
 
@@ -69,10 +70,14 @@ Configure Veri in an initializer if customization is needed:
 ```rb
 # These are the default values; you can change them as needed
 Veri.configure do |config|
-  config.hashing_algorithm = :argon2       # Password hashing algorithm (:argon2, :bcrypt, :pbkdf2, or :scrypt)
-  config.inactive_session_lifetime = nil   # Session inactivity timeout (nil means sessions never expire due to inactivity)
-  config.total_session_lifetime = 14.days  # Maximum session duration regardless of activity
-  config.user_model_name = "User"          # Your user model name
+  # Password hashing algorithm (:argon2, :bcrypt, :pbkdf2, or :scrypt)
+  config.hashing_algorithm = :argon2
+  # Session inactivity timeout (nil means sessions never expire due to inactivity)
+  config.inactive_session_lifetime = nil
+  # Maximum session duration regardless of activity
+  config.total_session_lifetime = 14.days
+  # Your user model name
+  config.user_model_name = "User"
 end
 ```
 
@@ -87,6 +92,12 @@ user.update_password("password")
 # Verify a password
 user.verify_password("password")
 ```
+Changing a password does not automatically terminate existing sessions. If you want to invalidate the user's sessions after a password change, do so explicitly:
+
+```rb
+user.update_password(new_password)
+user.sessions.terminate_all
+```
 
 ## Controller Integration
 
@@ -98,11 +109,13 @@ Include the authentication module in your controllers and configure protection:
 class ApplicationController < ActionController::Base
   include Veri::Authentication
 
-  with_authentication # Require authentication by default
+  # Require authentication by default
+  with_authentication
 end
 
 class PicturesController < ApplicationController
-  skip_authentication only: [:index, :show] # Allow public access to index and show actions
+  # Allow public access to index and show actions
+  skip_authentication only: [:index, :show]
 end
 ```
 
@@ -160,7 +173,7 @@ current_user
 # Returns true if user is authenticated
 logged_in?
 
-# Authenticates user and creates session, returns true on success or false if account is locked
+# Authenticates user, returns true on success or false if account is locked
 log_in(user)
 
 # Terminates current session
@@ -407,6 +420,12 @@ To clean up orphaned sessions, use:
 Veri::Session.prune
 ```
 
+Or, for a specific user:
+
+```rb
+user.sessions.prune
+```
+
 ### Tenant Migrations
 
 When you rename or remove models used as tenants, you need to update Veri's stored data accordingly. Use these irreversible data migrations:
@@ -483,7 +502,7 @@ end
 ## Getting Help and Contributing
 
 ### Getting Help
-Have a question or need assistance? Open a discussion in our [discussions section](https://github.com/enjaku4/veri/discussions) for:
+Have a question or need assistance? Open a discussion in the [discussions section](https://github.com/enjaku4/veri/discussions) for:
 - Usage questions
 - Implementation guidance
 - Feature suggestions
@@ -498,7 +517,7 @@ Found a bug? Please [create an issue](https://github.com/enjaku4/veri/issues) wi
 Ready to contribute? You can:
 - Fix bugs by submitting pull requests
 - Improve documentation
-- Add new features (please discuss first in our [discussions section](https://github.com/enjaku4/veri/discussions))
+- Add new features (please discuss first in the [discussions section](https://github.com/enjaku4/veri/discussions))
 
 Before contributing, please read the [contributing guidelines](https://github.com/enjaku4/veri/blob/main/CONTRIBUTING.md)
 
@@ -509,3 +528,9 @@ The gem is available as open source under the terms of the [MIT License](https:/
 ## Code of Conduct
 
 Everyone interacting in the Veri project is expected to follow the [code of conduct](https://github.com/enjaku4/veri/blob/main/CODE_OF_CONDUCT.md).
+
+## Old Versions
+
+Only the latest major version is supported. Older versions are obsolete and not maintained, but their READMEs are available here for reference:
+
+[v1.x.x](https://github.com/enjaku4/veri/blob/9c188e16a703141b7cd89dd31d5cd49a557f143d/README.md)

data/lib/veri/configuration.rb

@@ -17,7 +17,6 @@ module Veri
       pbkdf2: Veri::Password::Pbkdf2,
       scrypt: Veri::Password::SCrypt
     }.freeze
-    private_constant :HASHERS
 
     def hashing_algorithm=(value)
       @hashing_algorithm = Veri::Inputs::HashingAlgorithm.new(
@@ -60,14 +59,14 @@ module Veri
     end
 
     def hasher
-      HASHERS.fetch(hashing_algorithm) { raise Veri::Error, "Invalid hashing algorithm: #{hashing_algorithm}" }
+      HASHERS.fetch(hashing_algorithm)
     end
 
     def user_model
       Veri::Inputs::Model.new(
         user_model_name,
         error: Veri::ConfigurationError,
-        message: "Invalid user model name `#{user_model_name}`, expected an ActiveRecord model name as a string"
+        message: "Invalid user model name `#{user_model_name}`, model does not exist"
       ).process
     end
 

data/lib/veri/controllers/concerns/authentication.rb

@@ -1,4 +1,4 @@
-require "digest/sha2"
+require "zlib"
 
 module Veri
   module Authentication
@@ -25,14 +25,13 @@ module Veri
     end
 
     def current_user
-      user_model = Veri::Configuration.user_model
-      primary_key = user_model.primary_key
-      @current_user ||= current_session ? user_model.find_by(primary_key => current_session.authenticatable_id) : nil
+      @current_user ||= current_session&.authenticatable
     end
 
     def current_session
       token = cookies.encrypted["#{auth_cookie_prefix}_token"]
-      @current_session ||= token ? Session.find_by(hashed_token: Digest::SHA256.hexdigest(token), **resolved_tenant) : nil
+
+      @current_session ||= Session.lookup(token, resolved_tenant)
     end
 
     def log_in(authenticatable)
@@ -102,7 +101,7 @@ module Veri
     end
 
     def auth_cookie_prefix
-      @auth_cookie_prefix ||= "auth_#{Digest::SHA2.hexdigest(Marshal.dump(resolved_tenant))[0..7]}"
+      @auth_cookie_prefix ||= "auth_#{Zlib.crc32(Marshal.dump(resolved_tenant))}"
     end
   end
 end

data/lib/veri/inputs/hashing_algorithm.rb

@@ -1,12 +1,9 @@
 module Veri
   module Inputs
     class HashingAlgorithm < Veri::Inputs::Base
-      HASHING_ALGORITHMS = [:argon2, :bcrypt, :pbkdf2, :scrypt].freeze
-      private_constant :HASHING_ALGORITHMS
-
       private
 
-      def processor = -> { HASHING_ALGORITHMS.include?(@value) ? @value : raise_error }
+      def processor = -> { Veri::Configuration::HASHERS.key?(@value) ? @value : raise_error }
     end
   end
 end

data/lib/veri/models/session.rb

@@ -1,3 +1,4 @@
+require "digest"
 require "user_agent_parser"
 
 module Veri
@@ -106,7 +107,7 @@ module Veri
         expires_at = Time.current + Veri::Configuration.total_session_lifetime
 
         new(
-          hashed_token: Digest::SHA256.hexdigest(token),
+          hashed_token: digest_token(token),
           expires_at:,
           authenticatable: user,
           **resolved_tenant
@@ -126,6 +127,18 @@ module Veri
       end
 
       alias terminate_all delete_all
+
+      def lookup(token, resolved_tenant)
+        return nil if token.blank?
+
+        find_by(hashed_token: digest_token(token), **resolved_tenant)
+      end
+
+      private
+
+      def digest_token(token)
+        Digest::SHA256.hexdigest(token)
+      end
     end
 
     private

data/lib/veri/version.rb

@@ -1,3 +1,3 @@
 module Veri
-  VERSION = "2.0.0".freeze
+  VERSION = "2.0.2".freeze
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: veri
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.2
 platform: ruby
 authors:
 - enjaku4
 bindir: bin
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2026-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: argon2
@@ -147,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.0
+rubygems_version: 4.0.3
 specification_version: 4
 summary: Minimal cookie-based authentication library for Ruby on Rails
 test_files: []