factory_bot_instrumentation 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed82ce916f1e735296247aa088af8dc8f737824129ca9c45eabd9bd691f073be
-  data.tar.gz: dca8a2b9ca82e6bdc2ac9af520fd61f4b31f7a8d59bb03224b0aac966960ba0f
+  metadata.gz: 98a7a69daca8d49bb11b7145e050b3625c5f5638cc961fc3e91377300890c1db
+  data.tar.gz: ed9d4f5a254eb60cb0241fffbc32a43cfcd6ff2a44ddd476fc299286a37b488b
 SHA512:
-  metadata.gz: 12651f784af98ac806f5a266d921d788f4b45b33ce159592f0ec4b6a0ad6cb850c8341b50236ae6d25348fdb070dcc3f415f311d07e54dd7cdf2c7a92b96c48b
-  data.tar.gz: a5357b66bf2cef3ecf4cd39d47272cfeabfedeea56fd72659ae8ca084895cdd9c0576521979d91ae1fd800cbce5e1bbbcd15cc0785d16ec3a938054c7838bbab
+  metadata.gz: 6df53693fc478ac1ef3895d086efb6b86c7654b16a392fc6c7daa828e36918e1a67706bbc7c00a2f219394b092d9fa8f99bd608c57894e16d81274bb5e5e8bbc
+  data.tar.gz: d12ec3b074a2b0c1f7a33ea9725d13d28a4095d01e36d68727b057869d9904a3ea9052ad7247221197f2c1d5087e27be29509a71443b34d7edd8da0c7d254267

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+### 0.5.0
+
+* Added support for custom before action logics (#7)
+
 ### 0.4.0
 
 * Added support for configurable rendering (#6)

data/Makefile

@@ -93,4 +93,4 @@ shell-irb: install
 
 release:
 	# Release a new gem version
-	@$(RAKE) release
+	@$(BUNDLE) exec $(RAKE) release

data/README.md

@@ -271,8 +271,8 @@ ease the integration. But as you can imagine the Instrumentation engine opens
 up some risky possibilities to your application. This is fine for a canary or
 development environment, but not for a production environment.
 
-There is currently only one way to secure the Instrumentation engine. You can
-completly disable it on your production environment by reconfiguring your
+There are currently multiple ways to secure the Instrumentation engine. You can
+completely disable it on your production environment by reconfiguring your
 routes like this:
 
 ```ruby
@@ -283,8 +283,17 @@ Rails.application.routes.draw do
 end
 ```
 
-Another option would be an HTTP basic authentication on this routes, but this
-is not yet implemented.
+Another option would be an HTTP basic authentication. Just configure the gem
+like this on the initializer:
+
+```ruby
+FactoryBot::Instrumentation.configure do |conf|
+  conf.before_action = proc do |controller|
+    basic_auth(username: ENV.fetch('INSTRUMENTATION_USERNAME'),
+               password: ENV.fetch('INSTRUMENTATION_PASSWORD'))
+  end
+end
+```
 
 #### Global settings
 
@@ -307,6 +316,12 @@ FactoryBot::Instrumentation.configure do |conf|
     controller.render plain: entity.to_json,
                       content_type: 'application/json'
   end
+  # By default we do not perform any custom +before_action+ filters on the
+  # instrumentation controllers, with this option you can implement your
+  # custom logic like authentication
+  conf.before_action = proc do |controller|
+    # do your custom logic here
+  end
 end
 ```
 

data/app/controllers/factory_bot/instrumentation/application_controller.rb

@@ -3,5 +3,33 @@
 module FactoryBot::Instrumentation
   # A base engine application controller.
   class ApplicationController < ActionController::API
+    # Extend our core functionality to support easy authentication logics
+    include ActionController::HttpAuthentication::Basic::ControllerMethods
+    include ActionController::HttpAuthentication::Digest::ControllerMethods
+    include ActionController::HttpAuthentication::Token::ControllerMethods
+
+    # Allow the users to implement additional instrumentation-wide before
+    # action logic, like authentication
+    before_action do |controller|
+      if FactoryBot::Instrumentation.configuration.before_action
+        instance_eval &FactoryBot::Instrumentation.configuration.before_action
+      end
+    end
+
+    protected
+
+    # A simple shortcut for Basic Auth on Rails 4.2+. Just configure the
+    # username and password and you're ready to check the current request.
+    #
+    # @param username [String] the required user name
+    # @param password [String] the required password of the user
+    # @param realm [String] the authentication realm
+    def basic_auth(username:, password:, realm: 'Instrumentation')
+      authenticate_or_request_with_http_basic(realm) \
+        do |given_name, given_password|
+        ActiveSupport::SecurityUtils.secure_compare(given_name, username) &
+          ActiveSupport::SecurityUtils.secure_compare(given_password, password)
+      end
+    end
   end
 end

data/lib/factory_bot/instrumentation/configuration.rb

@@ -24,6 +24,11 @@ module FactoryBot
                             content_type: 'application/json'
         end
       end
+
+      # By default we do not perform any custom +before_action+ filters on the
+      # instrumentation controllers, with this option you can implement your
+      # custom logic like authentication
+      config_accessor(:before_action) { nil }
     end
   end
 end

data/lib/factory_bot/instrumentation/version.rb

@@ -2,6 +2,6 @@
 
 module FactoryBot
   module Instrumentation
-    VERSION = '0.4.0'.freeze
+    VERSION = '0.5.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: factory_bot_instrumentation
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Hermann Mayer
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-12-09 00:00:00.000000000 Z
+date: 2020-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -203,7 +203,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Allow your testers to generate test data on demand