RubyGems - verikloak-audience - Versions diffs - 0.2.9 → 0.3.0 - Mend

verikloak-audience 0.2.9 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +21 -0
data/lib/generators/verikloak/audience/install/templates/initializer.rb.erb +4 -0
data/lib/verikloak/audience/railtie.rb +70 -7
data/lib/verikloak/audience/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 53894e2af5f290a98ec6f438b9d0271e1f8e86d18c6404c9b0394c5cd5741312
-  data.tar.gz: 0cc799a43b2559f34113e6d738d1e2ee004c1292c86115dc83918ca32aeef04f
+  metadata.gz: d97d79e3f6ccd8f2c920cc7dcb66612e9edbd577ba4be2f5948eddd16145dd9b
+  data.tar.gz: 4517ee945923ec595fa7447f33dd0e9370cc72a2a561bc04d4f910efed018595
 SHA512:
-  metadata.gz: 9536f08a7ce2f5de4113483215386221dec1867c6affbea7a0e3074239017c1d7e0d4135476f72cf45cbda1de2fc17781fdf9662d038eb110afdb336a5ee6bb3
-  data.tar.gz: 5730013314cd5dd393c9936256a5fe31cb3aa13fac4c3dda6dabb7ca308424167235d0482167f2cc92c13e26ee5bdef23eaeddab5f01b7898ea31474aeb3211d
+  metadata.gz: 83c14846297272179ccf6f4480dab677c82be3d21b32a6c374c3b40fc5be04dd0cf9c9c439457e9dd33d4b4a9fca393aca31b7104b4282479b872ad8987c8632
+  data.tar.gz: e2e125eab982f983e6447166bcd6b9d9413f15573301335f15ef53ba0bafb6d07020848ec942e9b532db69b29ab3fc6280ae9fc6f74d12ff9786a39fc64dccde

data/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ---
+## [0.3.0] - 2026-01-01
+### Fixed
+- **Rails 8.x+ middleware insertion**: Fixed automatic middleware insertion not working in Rails 8.x+ due to queued middleware operations not being visible via `include?` checks.
+### Changed
+- Railtie initializer now specifies `before: :build_middleware_stack` to ensure middleware insertion is queued before stack construction.
+- Middleware insertion now uses `app.config.middleware` instead of `app.middleware` for more reliable queuing in Rails 8.x+.
+- Extracted `middleware_not_found_error?` method to handle error detection across Rails versions (Rails 7's `MiddlewareNotFound` and Rails 8+'s `RuntimeError`).
+### Added
+- `@middleware_insertion_attempted` class variable to prevent duplicate middleware insertion when both railtie and generator initializer run.
+- `reset_middleware_insertion_flag!` method for testing purposes.
+- Support for alternative error message patterns (`"does not exist"`, `/middleware.*not found/i`) for future Rails version compatibility.
+- Comprehensive test coverage for:
+  - `include?` early return when middleware is already present
+  - Duplicate insertion prevention via flag
+  - Rails 7 `MiddlewareNotFound` exception handling
+  - Alternative error message patterns
+  - Unexpected exception re-raising
 ## [0.2.9] - 2025-12-31
 ### Added

data/lib/generators/verikloak/audience/install/templates/initializer.rb.erb CHANGED Viewed

@@ -2,6 +2,10 @@
 # Insert the audience middleware after the core Verikloak middleware once it
 # has been loaded into the application.
+#
+# The Railtie's insert_middleware method includes internal guards to prevent
+# duplicate insertion when both the railtie initializer and this generated
+# initializer are loaded. This is safe to call multiple times.
 if defined?(Rails) && Rails.respond_to?(:application)
   Verikloak::Audience::Railtie.insert_middleware(Rails.application)
 end

data/lib/verikloak/audience/railtie.rb CHANGED Viewed

@@ -28,7 +28,9 @@ module Verikloak
       # when available.
       #
       # @param app [Rails::Application] the Rails application instance
-      initializer 'verikloak_audience.middleware' do |app|
+      initializer 'verikloak_audience.middleware',
+                  after: 'verikloak.configure',
+                  before: :build_middleware_stack do |app|
         # Insert automatically after core verikloak if present
         self.class.insert_middleware(app)
       end
@@ -42,6 +44,17 @@ module Verikloak
         end
       end
+      # Tracks whether middleware insertion has been attempted to prevent
+      # duplicate insertions when both railtie and generator initializer run.
+      # In Rails 8.x+, middleware operations may be queued and `include?` may
+      # not reflect pending insertions, so we use this flag as an additional
+      # safeguard.
+      @middleware_insertion_attempted = false
+      class << self
+        attr_accessor :middleware_insertion_attempted
+      end
       # Performs the insertion into the middleware stack when the core
       # Verikloak middleware is available and already present. Extracted for
       # testability without requiring a full Rails boot process.
@@ -49,22 +62,72 @@ module Verikloak
       # Insert the audience middleware after the base Verikloak middleware when
       # both are available on the stack.
       #
+      # In Rails 8.x+, middleware stack operations may be queued rather than
+      # immediately applied, so `include?` checks may return false even when
+      # the middleware will be inserted. We use `insert_after` with exception
+      # handling to gracefully handle this case.
+      #
       # @param app [#middleware] An object exposing a Rack middleware stack via `#middleware`.
       # @return [void]
       def self.insert_middleware(app)
         return unless defined?(::Verikloak::Middleware)
-        middleware_stack = app.middleware
-        return unless middleware_stack.respond_to?(:include?)
+        # Skip if we have already attempted insertion (handles Rails 8+ queued operations)
+        return if middleware_insertion_attempted
-        return if middleware_stack.include?(::Verikloak::Audience::Middleware)
+        # Use app.config.middleware for queued operations in Rails 8.x+
+        # This ensures the insert_after operation is queued and applied during
+        # build_middleware_stack, maintaining proper ordering with verikloak-rails
+        middleware_stack = app.respond_to?(:config) ? app.config.middleware : app.middleware
-        unless middleware_stack.include?(::Verikloak::Middleware)
-          warn_missing_core_middleware
+        # Skip if already present (avoid duplicate insertion)
+        if middleware_stack.respond_to?(:include?) &&
+           middleware_stack.include?(::Verikloak::Audience::Middleware)
           return
         end
-        middleware_stack.insert_after ::Verikloak::Middleware, ::Verikloak::Audience::Middleware
+        # Mark as attempted before insertion to prevent concurrent/subsequent calls
+        self.middleware_insertion_attempted = true
+        # Attempt to insert after the core Verikloak middleware.
+        # In Rails 8.x+, the middleware may be queued but not yet visible via include?,
+        # so we try the insertion and handle any exceptions gracefully.
+        begin
+          middleware_stack.insert_after ::Verikloak::Middleware, ::Verikloak::Audience::Middleware
+        rescue StandardError => e
+          # Handle middleware not found errors (varies by Rails version):
+          # - Rails 8+: RuntimeError with "No such middleware" message
+          # - Earlier: ActionDispatch::MiddlewareStack::MiddlewareNotFound
+          raise unless middleware_not_found_error?(e)
+          warn_missing_core_middleware
+        end
+      end
+      # Determines if the given exception indicates a middleware not found error.
+      # This handles variations across Rails versions:
+      # - Rails 8+: RuntimeError with "No such middleware" message
+      # - Rails 7 and earlier: ActionDispatch::MiddlewareStack::MiddlewareNotFound
+      #
+      # @param error [StandardError] the exception to check
+      # @return [Boolean] true if the error indicates missing middleware
+      def self.middleware_not_found_error?(error)
+        # Check exception class name (works for Rails 7's MiddlewareNotFound)
+        return true if error.class.name.to_s.include?('MiddlewareNotFound')
+        # Check message patterns for Rails 8+ RuntimeError
+        message = error.message.to_s
+        message.include?('No such middleware') ||
+          message.include?('does not exist') ||
+          message.match?(/middleware.*not found/i)
+      end
+      # Resets the insertion flag. Primarily used for testing to allow
+      # multiple insertion attempts within the same process.
+      #
+      # @return [void]
+      def self.reset_middleware_insertion_flag!
+        self.middleware_insertion_attempted = false
       end
       WARNING_MESSAGE = <<~MSG

data/lib/verikloak/audience/version.rb CHANGED Viewed

@@ -4,6 +4,6 @@ module Verikloak
   module Audience
     # Current gem version.
     # @return [String]
-    VERSION = '0.2.9'
+    VERSION = '0.3.0'
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: verikloak-audience
 version: !ruby/object:Gem::Version
-  version: 0.2.9
+  version: 0.3.0
 platform: ruby
 authors:
 - taiyaky
@@ -76,7 +76,7 @@ metadata:
   source_code_uri: https://github.com/taiyaky/verikloak-audience
   changelog_uri: https://github.com/taiyaky/verikloak-audience/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/taiyaky/verikloak-audience/issues
-  documentation_uri: https://rubydoc.info/gems/verikloak-audience/0.2.9
+  documentation_uri: https://rubydoc.info/gems/verikloak-audience/0.3.0
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths: