standard_id 0.5.1 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b1c16f53717e8c9b0d2bcf1095f2387c99b9bfeb9b1327d1b101e2ea140d3eaf
-  data.tar.gz: 59d779aa3fe5a74f639f826505f9d21a845964b6edaedd085397d435241d5fa4
+  metadata.gz: 514c8e8c18bb9bf6d8bd0268cca374d477b2c276a3caf69b0ef58222b5b14b33
+  data.tar.gz: 8e9f2307f6fd2d6a99e78df4604f838c319a61487e0d1549df1712eaf683b639
 SHA512:
-  metadata.gz: 4cef892853b6d5d87fe83919582b122e41d525cd20a938cd40444252a6cbf3470bca8aba08b8a6e7a04ed5b5eadc237410a2f03a475ad8b10941531dd7cbde8f
-  data.tar.gz: 7d1c980a1be28688515573053cd91c28afd03119a8d8db41d72be8859d4472f8a3ccf50c5d005376ba8f5a91a2f5bb9f0fd27fd3ed75611682c68a8600db94fa
+  metadata.gz: 21fcdb6b8caaf652bdbe6cb86c52e7cf66480b5aae7bf9fab210dad86b9cb12626920190cd1743c138d8b3fc1608c2f921a3c18b79f0cdfe20407530fbcee596
+  data.tar.gz: 30dfa2dae9df664b4ff7bfdb972cbc3970bf8ac81fb185e8f6aca0676b4647903f20e60d0eaf5d531b3e3a1e4fcbaf923b1e05ee7f9f8fd6ca93461b0567e999

data/app/controllers/concerns/standard_id/sentry_context.rb

@@ -9,6 +9,19 @@ module StandardId
   # Safe to include even when the Sentry gem is not installed -- the
   # callback is a no-op if `Sentry` is not defined.
   #
+  # Extra fields can be added via the `sentry_context` config option:
+  #
+  #   StandardId.configure do |c|
+  #     c.sentry_context = ->(account, session) {
+  #       { email: account.email, username: account.try(:display_name) }
+  #     }
+  #   end
+  #
+  # The lambda must return a Hash (nil and non-Hash returns are ignored).
+  # Base keys (id, session_id) always take precedence and cannot be
+  # overridden by the lambda. Exceptions raised by the lambda are not
+  # caught — they will propagate to surface misconfiguration immediately.
+  #
   # @example
   #   class ApplicationController < ActionController::Base
   #     include StandardId::WebAuthentication
@@ -27,12 +40,20 @@ module StandardId
       return unless defined?(Sentry)
       return unless respond_to?(:current_account, true) && current_account.present?
 
-      context = { id: current_account.id }
-      if respond_to?(:current_session, true) && current_session.present? && current_session.respond_to?(:id)
-        context[:session_id] = current_session.id
+      session_value = current_session.presence if respond_to?(:current_session, true)
+
+      base = { id: current_account.id }
+      base[:session_id] = session_value.id if session_value&.respond_to?(:id)
+
+      extra = StandardId.config.sentry_context
+      if extra.respond_to?(:call)
+        result = extra.call(current_account, session_value)
+        # Merge lambda result underneath base keys so id/session_id cannot
+        # be accidentally overridden by the host app's lambda.
+        base = result.merge(base) if result.is_a?(Hash)
       end
 
-      Sentry.set_user(context)
+      Sentry.set_user(base)
     end
   end
 end

data/lib/standard_id/authorization_bypass.rb

@@ -146,12 +146,19 @@ module StandardId
       #   framework: for known frameworks)
       def skip_authorization_callback(controller, callback, framework)
         if (class_method = CLASS_METHOD_SKIP[framework])
-          # Engine API controllers inherit from ActionController::API, not the
-          # host app's ApplicationController, so they won't include ActionPolicy.
-          # A controller without ActionPolicy can never have verify_authorized in
-          # its callback chain, so skipping the call is safe — not a silent failure.
-          # This mirrors the `raise: false` intent of the other branches.
-          controller.public_send(class_method) if controller.respond_to?(class_method)
+          # Engine controllers may inherit the skip class method (e.g.
+          # skip_verify_authorized from ActionPolicy) via the host app's
+          # ApplicationController without having called verify_authorized
+          # themselves. Rails raises ArgumentError when trying to skip a
+          # callback that was never registered. We match on the message to
+          # avoid masking unrelated ArgumentErrors.
+          begin
+            controller.public_send(class_method) if controller.respond_to?(class_method)
+          rescue ArgumentError => e
+            raise unless e.message.include?(":#{callback} has not been defined")
+
+            Rails.logger.debug { "[StandardId] Skipped #{class_method} on #{controller.name}: #{e.message}" }
+          end
         elsif AFTER_ACTION_FRAMEWORKS.include?(framework)
           controller.skip_after_action callback, raise: false
         else

data/lib/standard_id/config/schema.rb

@@ -18,6 +18,9 @@ StandardConfig.schema.draw do
     field :use_inertia, type: :boolean, default: false
     field :inertia_component_namespace, type: :string, default: "standard_id"
     field :alias_current_user, type: :boolean, default: false
+    # Callable (lambda/proc) that returns a Hash of extra Sentry user context fields.
+    # Receives (account, session) where session may be nil. Non-callable values are ignored.
+    field :sentry_context, type: :any, default: nil
   end
 
   scope :events do

data/lib/standard_id/version.rb

@@ -1,3 +1,3 @@
 module StandardId
-  VERSION = "0.5.1"
+  VERSION = "0.5.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: standard_id
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.5.2
 platform: ruby
 authors:
 - Jaryl Sim