RubyGems - standard_id - Versions diffs - 0.5.0 → 0.5.2 - Mend

standard_id 0.5.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/app/controllers/concerns/standard_id/sentry_context.rb +26 -3
data/lib/standard_id/authorization_bypass.rb +58 -9
data/lib/standard_id/config/schema.rb +3 -0
data/lib/standard_id/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 956fc621df693ec184f7d65482d96c4f25d99ae55274b68681c9c6b892bde095
-  data.tar.gz: 0d5c39a196c8c9e8c99adb24fa61552698672f3df4a5bcf3d06d03b2b61e6a46
+  metadata.gz: 514c8e8c18bb9bf6d8bd0268cca374d477b2c276a3caf69b0ef58222b5b14b33
+  data.tar.gz: 8e9f2307f6fd2d6a99e78df4604f838c319a61487e0d1549df1712eaf683b639
 SHA512:
-  metadata.gz: 584c37aa6aa46abe4a576297d6d754e5632c4b710c59dd1bd2b6f8d7c5c17ac86a8aef109df15fe3de720a7d1be405af31441f833a914b3bc8bfea264b296da5
-  data.tar.gz: 1733a94c80aba6290cc5eabbe7df67f4ff145c5af18e8cb9202cd3d598b5e5569039fc729cdfed3eacfee55908fe36bf4801e706da7c0e8b544666383b7b6863
+  metadata.gz: 21fcdb6b8caaf652bdbe6cb86c52e7cf66480b5aae7bf9fab210dad86b9cb12626920190cd1743c138d8b3fc1608c2f921a3c18b79f0cdfe20407530fbcee596
+  data.tar.gz: 30dfa2dae9df664b4ff7bfdb972cbc3970bf8ac81fb185e8f6aca0676b4647903f20e60d0eaf5d531b3e3a1e4fcbaf923b1e05ee7f9f8fd6ca93461b0567e999

data/app/controllers/concerns/standard_id/sentry_context.rb CHANGED Viewed

@@ -9,6 +9,19 @@ module StandardId
   # Safe to include even when the Sentry gem is not installed -- the
   # callback is a no-op if `Sentry` is not defined.
   #
+  # Extra fields can be added via the `sentry_context` config option:
+  #
+  #   StandardId.configure do |c|
+  #     c.sentry_context = ->(account, session) {
+  #       { email: account.email, username: account.try(:display_name) }
+  #     }
+  #   end
+  #
+  # The lambda must return a Hash (nil and non-Hash returns are ignored).
+  # Base keys (id, session_id) always take precedence and cannot be
+  # overridden by the lambda. Exceptions raised by the lambda are not
+  # caught — they will propagate to surface misconfiguration immediately.
+  #
   # @example
   #   class ApplicationController < ActionController::Base
   #     include StandardId::WebAuthentication
@@ -27,10 +40,20 @@ module StandardId
       return unless defined?(Sentry)
       return unless respond_to?(:current_account, true) && current_account.present?
-      context = { id: current_account.id }
-      context[:session_id] = current_session.id if respond_to?(:current_session, true) && current_session.present?
+      session_value = current_session.presence if respond_to?(:current_session, true)
+      base = { id: current_account.id }
+      base[:session_id] = session_value.id if session_value&.respond_to?(:id)
+      extra = StandardId.config.sentry_context
+      if extra.respond_to?(:call)
+        result = extra.call(current_account, session_value)
+        # Merge lambda result underneath base keys so id/session_id cannot
+        # be accidentally overridden by the host app's lambda.
+        base = result.merge(base) if result.is_a?(Hash)
+      end
-      Sentry.set_user(context)
+      Sentry.set_user(base)
     end
   end
 end

data/lib/standard_id/authorization_bypass.rb CHANGED Viewed

@@ -6,6 +6,19 @@ module StandardId
       cancancan: :check_authorization
     }.freeze
+    # Frameworks where the skip falls through to skip_after_action.
+    # ActionPolicy is NOT listed here because it is handled first via
+    # CLASS_METHOD_SKIP. Only :pundit reaches this branch.
+    AFTER_ACTION_FRAMEWORKS = %i[pundit].freeze
+    # ActionPolicy provides a dedicated class method to undo
+    # verify_authorized. Using skip_before_action or skip_after_action
+    # would silently do nothing for ActionPolicy because it manages the
+    # callback through its own DSL.
+    CLASS_METHOD_SKIP = {
+      action_policy: :skip_verify_authorized
+    }.freeze
     MUTEX = Mutex.new
     private_constant :MUTEX
@@ -30,11 +43,12 @@ module StandardId
         MUTEX.synchronize do
           # Guard against duplicate to_prepare registrations if called more than
-          # once (e.g. in tests or misconfigured initializers). skip_before_action
-          # is idempotent so duplicates are harmless, but this keeps things tidy.
+          # once (e.g. in tests or misconfigured initializers). The skip methods
+          # are idempotent so duplicates are harmless, but this keeps things tidy.
           return if @callback_name
           @callback_name = resolve_callback(framework, callback)
+          @framework = framework&.to_sym
           # @prepared is intentionally NOT cleared by reset!. This ensures
           # at most one to_prepare block is registered per process lifetime.
           # Trade-off: after reset! + apply (e.g. in tests switching
@@ -64,7 +78,7 @@ module StandardId
       end
       # Whether apply has been called. Used by ControllerPolicy.register to
-      # decide if newly loaded controllers need immediate skip_before_action.
+      # decide if newly loaded controllers need an immediate authorization skip.
       def applied?
         MUTEX.synchronize { !@callback_name.nil? }
       end
@@ -72,10 +86,11 @@ module StandardId
       # Apply skips to a single controller. Called by ControllerPolicy.register
       # when a controller is lazily loaded after apply has already been called.
       def apply_to_controller(controller, policy)
-        callback = MUTEX.synchronize { @callback_name }
+        callback, framework = MUTEX.synchronize { [@callback_name, @framework] }
         return unless callback
-        controller.skip_before_action callback, raise: false
+        skip_authorization_callback(controller, callback, framework)
         if policy == :public
           # authenticate_account! is defined in WebAuthentication, not on API
           # controllers. raise: false ensures this is a safe no-op for API
@@ -94,11 +109,15 @@ module StandardId
       end
       # @api private — intended for test isolation only.
-      # NOTE: This clears @callback_name (so applied? returns false and apply
-      # can be called again with a different framework) but intentionally does
-      # NOT clear @prepared, so no additional to_prepare block is registered.
+      # NOTE: This clears @callback_name and @framework (so applied? returns
+      # false and apply can be called again with a different framework) but
+      # intentionally does NOT clear @prepared, so no additional to_prepare
+      # block is registered.
       def reset!
-        MUTEX.synchronize { @callback_name = nil }
+        MUTEX.synchronize do
+          @callback_name = nil
+          @framework = nil
+        end
       end
       private
@@ -116,6 +135,36 @@ module StandardId
           raise ArgumentError, "Provide either framework: or callback:"
         end
       end
+      # Picks the right skip mechanism based on how the framework registers
+      # its authorization check:
+      #
+      # - ActionPolicy: provides `skip_verify_authorized` class method
+      # - Pundit: uses after_action, so `skip_after_action` is needed
+      # - CanCanCan: uses before_action, so `skip_before_action` works
+      # - Custom callback: assumed to be a before_action (caller can use
+      #   framework: for known frameworks)
+      def skip_authorization_callback(controller, callback, framework)
+        if (class_method = CLASS_METHOD_SKIP[framework])
+          # Engine controllers may inherit the skip class method (e.g.
+          # skip_verify_authorized from ActionPolicy) via the host app's
+          # ApplicationController without having called verify_authorized
+          # themselves. Rails raises ArgumentError when trying to skip a
+          # callback that was never registered. We match on the message to
+          # avoid masking unrelated ArgumentErrors.
+          begin
+            controller.public_send(class_method) if controller.respond_to?(class_method)
+          rescue ArgumentError => e
+            raise unless e.message.include?(":#{callback} has not been defined")
+            Rails.logger.debug { "[StandardId] Skipped #{class_method} on #{controller.name}: #{e.message}" }
+          end
+        elsif AFTER_ACTION_FRAMEWORKS.include?(framework)
+          controller.skip_after_action callback, raise: false
+        else
+          controller.skip_before_action callback, raise: false
+        end
+      end
     end
   end
 end

data/lib/standard_id/config/schema.rb CHANGED Viewed

@@ -18,6 +18,9 @@ StandardConfig.schema.draw do
     field :use_inertia, type: :boolean, default: false
     field :inertia_component_namespace, type: :string, default: "standard_id"
     field :alias_current_user, type: :boolean, default: false
+    # Callable (lambda/proc) that returns a Hash of extra Sentry user context fields.
+    # Receives (account, session) where session may be nil. Non-callable values are ignored.
+    field :sentry_context, type: :any, default: nil
   end
   scope :events do

data/lib/standard_id/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module StandardId
-  VERSION = "0.5.0"
+  VERSION = "0.5.2"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: standard_id
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.2
 platform: ruby
 authors:
 - Jaryl Sim