verify_it 0.2.0 → 0.4.0.beta

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +26 -0
  3. data/README.md +260 -261
  4. data/app/controllers/verify_it/application_controller.rb +9 -0
  5. data/app/controllers/verify_it/verifications_controller.rb +71 -0
  6. data/config/locales/en.yml +16 -0
  7. data/config/routes.rb +6 -0
  8. data/lib/generators/verify_it/install/install_generator.rb +46 -0
  9. data/lib/{verify_it/templates/migration.rb.erb → generators/verify_it/install/templates/create_verify_it_tables.rb} +1 -3
  10. data/lib/{verify_it → generators/verify_it/install}/templates/initializer.rb.erb +20 -6
  11. data/lib/verify_it/code_generator.rb +3 -3
  12. data/lib/verify_it/code_hasher.rb +25 -0
  13. data/lib/verify_it/configuration.rb +17 -1
  14. data/lib/verify_it/engine.rb +19 -0
  15. data/lib/verify_it/storage/database_storage.rb +7 -6
  16. data/lib/verify_it/storage/memory_storage.rb +3 -3
  17. data/lib/verify_it/storage/models/attempt.rb +2 -2
  18. data/lib/verify_it/storage/models/code.rb +2 -2
  19. data/lib/verify_it/storage/models/identifier_change.rb +2 -2
  20. data/lib/verify_it/verifiable.rb +1 -3
  21. data/lib/verify_it/verifier.rb +171 -121
  22. data/lib/verify_it/version.rb +1 -1
  23. data/lib/verify_it.rb +4 -1
  24. data/verify_it-0.1.0.gem +0 -0
  25. data/verify_it-0.1.1.gem +0 -0
  26. data/verify_it-0.2.0.gem +0 -0
  27. data/verify_it-0.3.0.gem +0 -0
  28. metadata +57 -36
  29. data/exe/verify_it +0 -7
  30. data/lib/verify_it/cli.rb +0 -141
  31. data/lib/verify_it/railtie.rb +0 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ede88092d9b66d9853d5f03713b719f1bc664eefdfe0cc245140494110bda8a8
4
- data.tar.gz: 1da02a88fc2c6262c6386eaac4f63184dad9bfebbd9bb694762a0e050f416aa3
3
+ metadata.gz: ccaee3a9738dcd530a9afc7015401a5e13151f19b6e26e76dbf02d88b38294bd
4
+ data.tar.gz: 423c5f4b1354fd994be521a72303c6f61435263b5f71477177b0bbd68c9a89a4
5
5
  SHA512:
6
- metadata.gz: 584f310188b429e0e6d77b9ca6c89cd0042b97bae8809b4ae8fad8699863666184fbbdf059c77eaabc5610d37d9355fffbbf9cd238056a06acc83626955f955e
7
- data.tar.gz: 41394cf8edff07829dab5beecd3a4d723e8aaa1b89a6e8910095a77f1af3335a1f9988a56c92d5d77585aec2f23e4d683ca1f9ded3e494a2a0f938fc18417e41
6
+ metadata.gz: 14e0947db04ce6fab19be9a0b1a475d99d6e16a6967ec079488fa162fecf45c37abdf37b7ad4e763d96a8110b1447dbca1a13923d3e0a5377d7f7e2bad5fe147
7
+ data.tar.gz: 3e5a97c488b04b36487c1ee8bb6591c2eb2c2987dd79dc62dbfe5b610ee1dac7813a5fd63927db745354f8ee54abd224fd67f587acbb273283731794c2f42904
data/CHANGELOG.md CHANGED
@@ -1,5 +1,31 @@
1
1
  ## [Unreleased]
2
2
 
3
+ ## [0.4.0] - 2026-03-07
4
+
5
+ ### Added
6
+ - **Rails Engine** (`VerifyIt::Engine`) — replaces the minimal Railtie with a full mountable engine
7
+ - **HTTP endpoints** — `POST /verify/send` and `POST /verify/confirm` served by `VerifyIt::VerificationsController`
8
+ - **I18n locale file** (`config/locales/en.yml`) — all response/error messages and SMS/email message templates are now translatable and overridable by host apps
9
+ - `config.current_record_resolver` — lambda `(request) { ... }` to resolve the authenticated record from a request; required when mounting the engine
10
+ - `config.identifier_resolver` — lambda `(record, channel) { ... }` to derive the delivery identifier (phone/email) from the record; required when mounting the engine
11
+ - `rescue_from VerifyIt::ConfigurationError` in `ApplicationController` returns a JSON 500 when resolvers are not configured
12
+ - Dummy Rails app (`spec/dummy/`) and `spec/rails_helper.rb` for request-level integration specs
13
+ - 10 new request specs covering auth, rate-limiting, locking, and error scenarios
14
+
15
+ ### Notes
16
+ - Backward compatible: standalone Ruby usage, the `verifies` DSL, and all existing sender lambdas are unchanged
17
+ - Non-mounting apps are completely unaffected by the new engine and resolver options
18
+
19
+ ## [0.3.0] - 2026-03-03
20
+
21
+ ### Security
22
+ - Verification codes are now hashed with HMAC-SHA256 before storage; a compromised storage backend no longer exposes usable codes
23
+ - New required configuration: `secret_key_base` — must be set to a random secret in your initializer
24
+
25
+ ### Added
26
+ - `VerifyIt::CodeHasher` module for HMAC-SHA256 code digesting (stdlib `openssl` only — no new dependencies)
27
+ - `config.secret_key_base` configuration option
28
+
3
29
  ## [0.1.1] - 2026-03-02
4
30
 
5
31
  ### Fixed