Veri is a cookie-based authentication library for Ruby on Rails that provides essential authentication building blocks without imposing business logic. Unlike full-featured solutions, Veri gives you complete control over your authentication flow while handling the complex underlying mechanics of secure password storage and session management.
Key Features:
- Cookie-based authentication with database-stored sessions
- Supports multiple password hashing algorithms (argon2, bcrypt, scrypt)
- Granular session management and control
- Built-in return path handling
- User impersonation feature
⚠️ Development Notice
Veri is functional but in early development. Breaking changes may occur in minor releases until v1.0!
Gem Usage:
- Installation
- Configuration
- Password Management
- Controller Integration
- Authentication Sessions
- View Helpers
- Testing
Community Resources:
Add Veri to your Gemfile:
gem "veri"Install the gem:
bundle installGenerate the migration for your user model (replace users with your user table name if different):
# For standard integer IDs
rails generate veri:authentication users
# For UUID primary keys
rails generate veri:authentication users --uuidRun the migration:
rails db:migrateIf customization is required, configure Veri in an initializer:
# These are the default values; you can change them as needed
Veri.configure do |config|
config.hashing_algorithm = :argon2 # Password hashing algorithm (:argon2, :bcrypt, or :scrypt)
config.inactive_session_lifetime = nil # Session inactivity timeout (nil means sessions never expire due to inactivity)
config.total_session_lifetime = 14.days # Maximum session duration regardless of activity
config.user_model_name = "User" # Your user model name
endYour user model is automatically extended with password management methods:
# Set or update a password
user.update_password("new_password")
# Verify a password
user.verify_password("submitted_password")Include the authentication module and configure protection:
class ApplicationController < ActionController::Base
include Veri::Authentication
with_authentication # Require authentication by default
end
class PicturesController < ApplicationController
skip_authentication only: [:index, :show] # Allow public access to index and show actions
endThis is a simplified example of how to use Veri's authentication methods:
class SessionsController < ApplicationController
skip_authentication except: [:destroy]
def create
user = User.find_by(email: params[:email])
if user&.verify_password(params[:password])
log_in(user)
redirect_to return_path || dashboard_path
else
flash.now[:alert] = "Invalid credentials"
render :new, status: :unprocessable_entity
end
end
def destroy
log_out
redirect_to root_path
end
endAvailable methods:
current_user- Returns authenticated user ornillogged_in?- Returnstrueif user is authenticatedlog_in(user)- Authenticates user and creates sessionlog_out- Terminates current sessionreturn_path- Returns path user was accessing before authenticationcurrent_session- Returns current authentication session
Veri provides user impersonation functionality that allows, for example, administrators to temporarily assume another user's identity:
module Admin
class ImpersonationController < ApplicationController
def create
user = User.find(params[:user_id])
current_session.shapeshift(user)
redirect_to root_path, notice: "Now viewing as #{user.name}"
end
def destroy
original_user = current_session.true_identity
current_session.revert_to_true_identity
redirect_to admin_dashboard_path, notice: "Returned to #{original_user.name}"
end
end
endAvailable session methods:
shapeshift(user)- Assume another user's identity (maintains original identity)revert_to_true_identity- Return to original identityshapeshifted?- Returns true if currently shapeshiftedtrue_identity- Returns original user when shapeshifted, otherwise current user
Controller helper:
shapeshifter?- Returns true if the current session is shapeshifted
Override this private method to customize authentication behavior:
class ApplicationController < ActionController::Base
include Veri::Authentication
with_authentication
# ...
private
# Customize unauthenticated user handling
def when_unauthenticated
# By default redirects back with a fallback to the root path if the request format is HTML,
# otherwise responds with 401 Unauthorized
redirect_to login_path
end
endVeri stores authentication sessions in the database, providing session management capabilities:
# Get all sessions for a user
user.veri_sessions
# Get current session in controller
current_sessionsession.identity
# => authenticated user
session.info
# => {
# device: "Desktop",
# os: "macOS",
# browser: "Chrome",
# ip_address: "1.2.3.4",
# last_seen_at: "2023-10-01 12:00:00"
# }session.active? # Session is active (neither expired nor inactive)
session.inactive? # Session exceeded inactivity timeout
session.expired? # Session exceeded maximum lifetime# Terminate a specific session
session.terminate
# Terminate all sessions for a user
Veri::Session.terminate_all(user)
# Clean up expired/inactive sessions
Veri::Session.prune # All sessions
Veri::Session.prune(user) # Specific user's sessionsAccess authentication state in your views:
<% if logged_in? %>
<p>Welcome, <%= current_user.name %>!</p>
<% if shapeshifter? %>
<p><em>Currently viewing as <%= current_user.name %> (Original: <%= current_session.true_identity.name %>)</em></p>
<%= link_to "Return to Original Identity", revert_path, method: :patch %>
<% end %>
<%= link_to "Logout", logout_path, method: :delete %>
<% else %>
<%= link_to "Login", login_path %>
<% end %>Veri doesn't provide test helpers, but you can easily create your own:
module AuthenticationHelpers
def log_in(user)
password = "test_password"
user.update_password(password)
post login_path, params: { email: user.email, password: }
end
def log_out
delete logout_path
end
end
# In your spec_helper.rb
RSpec.configure do |config|
config.include AuthenticationHelpers, type: :request
endmodule AuthenticationHelpers
def log_in(user)
controller.log_in(user)
end
def log_out
controller.log_out
end
end
# In your spec_helper.rb
RSpec.configure do |config|
config.include AuthenticationHelpers, type: :controller
endHave a question or need assistance? Open a discussion in our discussions section for:
- Usage questions
- Implementation guidance
- Feature suggestions
Found a bug? Please create an issue with:
- A clear description of the problem
- Steps to reproduce the issue
- Your environment details (Rails version, Ruby version, etc.)
Ready to contribute? You can:
- Fix bugs by submitting pull requests
- Improve documentation
- Add new features (please discuss first in our discussions section)
Before contributing, please read the contributing guidelines
The gem is available as open source under the terms of the MIT License.
Everyone interacting in the Veri project is expected to follow the code of conduct.