verikloak-rails 0.2.4 → 0.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f102e217c566e0cbe01b75979d16fd5636449c8cc38f58e35d8147be44d05d8
-  data.tar.gz: 1426fccde358d9d5440b99749debff98775cbb8d2e8492be96bf468df2ff259f
+  metadata.gz: a6126b5013614bb5cb7c0594126c21456db9762a9e3d307108e5f8c1ce197155
+  data.tar.gz: e8504432260a732881946e72cb5551e00178108ba641b802b78c4ca42879e664
 SHA512:
-  metadata.gz: c72c02908f4f946f4455b80341858cf329261c7d6da24d6ac6c6ab6ca484e636c45e6bf5e5ed23c29073c327e9338e7c42189e33e942ed5192b4792c44dd7ea4
-  data.tar.gz: 9bae0bcc441bb9544a7365056f3ddf214bfe0ca4c8345c98d78ce6727cfca77ea6ad5a5511c415542f1882af7a996ce999e4e2912fc9c5203018d7d47b8d6007
+  metadata.gz: ecaf3de303c489d429c6157232f3159333ddec36e87ac0499784181e944c9fe25f59aceb72452b69f297bc7ff0761c069df13cf78ab776c5311a04d6d6c0e9be
+  data.tar.gz: e335daefda43368d7c0b58b87372214a8e999bad0424c7e5e2e4e5d5f1ced49b51190e900865ff34d1a277a72eb6fd172b64fc559f0eb246fac4f1d114902bfc

data/CHANGELOG.md

@@ -5,21 +5,42 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+---
+
+## [0.2.6] - 2025-09-23
+
+### Fixed
+- Leave `config.verikloak.rescue_pundit` commented in the installer initializer so `verikloak-pundit` can automatically disable the built-in rescue.
+
+### Documentation
+- Align README compatibility with the current `verikloak` dependency range.
+- Clarify how the Pundit rescue interacts with the optional `verikloak-pundit` gem and adjust examples accordingly.
+
+## [0.2.5] - 2025-09-23
+
+### Added
+- Integration test coverage for missing discovery URL scenarios
+- `reset!` method for configuration cleanup in test environments
+
+### Fixed
+- Graceful handling of missing or blank discovery URLs during middleware configuration
+- Skip middleware insertion and log warning when discovery URL is not configured
+- Only configure BFF header guard when base middleware is successfully inserted
+
+### Changed
+- Improved error handling and validation for discovery URL configuration
+- Enhanced middleware insertion logic with better separation of concerns
 
 ## [0.2.4] - 2025-09-23
 
 ### Fixed
 - Package the installer template so `rails g verikloak:install` works in packaged gems (no more missing `initializer.rb.erb`).
 
----
-
 ## [0.2.3] - 2025-09-22
 
 ### Changed
 - Provide a safe default audience (`'rails-api'`) so fresh installs keep `Verikloak::Middleware` active and remain compatible with the optional `verikloak-audience` gem.
 
----
-
 ## [0.2.2] - 2025-09-21
 
 ### Added
@@ -32,8 +53,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Documentation
 - Note related gems in the installer output and README, including new configuration options for middleware ordering and BFF auto-insertion.
 
----
-
 ## [0.2.1] - 2025-09-21
 
 ### Changed

data/README.md

@@ -21,7 +21,7 @@ Provide drop-in, token-based authentication for Rails APIs via Verikloak (OIDC d
 ## Compatibility
 - Ruby: >= 3.1
 - Rails: 6.1 – 8.x
-- verikloak: >= 0.1.2, < 0.2
+- verikloak: >= 0.2.0, < 1.0.0
 
 ## Quick Start
 ```bash
@@ -114,7 +114,7 @@ Keys under `config.verikloak`:
 | `error_renderer` | Object responding to `render(controller, error)` | Override error rendering | built-in JSON renderer |
 | `auto_include_controller` | Boolean | Auto-include controller concern | `true` |
 | `render_500_json` | Boolean | Rescue `StandardError`, log the exception, and render JSON 500 | `false` |
-| `rescue_pundit` | Boolean | Rescue `Pundit::NotAuthorizedError` to 403 JSON when Pundit is present (auto-disabled when `verikloak-pundit` is loaded) | `true` |
+| `rescue_pundit` | Boolean | Rescue `Pundit::NotAuthorizedError` to 403 JSON when Pundit is present<br/>(auto-disabled when `verikloak-pundit` is loaded and the initializer leaves it unset) | `true` |
 | `middleware_insert_before` | Object/String/Symbol | Insert `Verikloak::Middleware` before this Rack middleware | `nil` |
 | `middleware_insert_after` | Object/String/Symbol | Insert `Verikloak::Middleware` after this Rack middleware (`Rails::Rack::Logger` when `nil`) | `nil` |
 | `auto_insert_bff_header_guard` | Boolean | Auto insert `Verikloak::Bff::HeaderGuard` when the gem is present | `true` |
@@ -157,8 +157,9 @@ Rails.application.configure do
   config.verikloak.logger_tags = %i[request_id sub]
   config.verikloak.render_500_json = ENV.fetch('VERIKLOAK_RENDER_500', 'false') == 'true'
 
-  # Optional Pundit rescue (403 JSON)
-  config.verikloak.rescue_pundit = ENV.fetch('VERIKLOAK_RESCUE_PUNDIT', 'true') == 'true'
+  # Optional Pundit rescue (403 JSON). Leave commented if you use
+  # verikloak-pundit so it can disable the built-in handler automatically.
+  # config.verikloak.rescue_pundit = ENV.fetch('VERIKLOAK_RESCUE_PUNDIT', 'true') == 'true'
 end
 ```
 
@@ -232,10 +233,10 @@ end
 ## Optional Pundit Rescue
 If the `pundit` gem is present, `Pundit::NotAuthorizedError` is rescued to a standardized 403 JSON. This is a lightweight convenience only; deeper Pundit integration (policies, helpers) is out of scope and can live in a separate plugin.
 
-When the optional [`verikloak-pundit`](https://github.com/taiyaky/verikloak-pundit) gem is loaded, the built-in rescue is automatically disabled to avoid double-handling errors. Explicitly set `config.verikloak.rescue_pundit` if you prefer different behavior.
+When the optional [`verikloak-pundit`](https://github.com/taiyaky/verikloak-pundit) gem is loaded, the built-in rescue is automatically disabled to avoid double-handling errors—as long as the initializer leaves `config.verikloak.rescue_pundit` unset. Uncomment the initializer line (or set the value elsewhere) if you prefer different behavior.
 
 ### Toggle
-Toggle with `config.verikloak.rescue_pundit` (default: true unless overridden by `verikloak-pundit`). Environment example:
+Toggle with `config.verikloak.rescue_pundit` (default: true; leave unset to allow `verikloak-pundit` to disable it). Environment example:
 
 ```ruby
 # config/initializers/verikloak.rb

data/lib/generators/verikloak/install/install_generator.rb

@@ -26,7 +26,7 @@ module Verikloak
           ✅ verikloak: initializer created.
 
           Next steps:
-          1) Ensure the base gem is installed:   gem 'verikloak', '>= 0.1.2', '< 0.2'
+          1) Ensure the base gem is installed:   gem 'verikloak', '>= 0.2.0', '< 1.0.0'
           2) Set discovery_url / audience in config/initializers/verikloak.rb
           3) (Optional) If you disable auto-include, add this line to ApplicationController:
                include Verikloak::Rails::Controller

data/lib/generators/verikloak/install/templates/initializer.rb.erb

@@ -10,5 +10,8 @@ Rails.application.configure do
   config.verikloak.logger_tags = %i[request_id sub]
   config.verikloak.auto_include_controller = true
   config.verikloak.render_500_json = ENV.fetch('VERIKLOAK_RENDER_500', 'false') == 'true'
-  config.verikloak.rescue_pundit = ENV.fetch('VERIKLOAK_RESCUE_PUNDIT', 'true') == 'true'
+
+  # Optional Pundit rescue (403 JSON). Leave commented so `verikloak-pundit`
+  # can auto-disable the built-in handler when it is on the load path.
+  # config.verikloak.rescue_pundit = ENV.fetch('VERIKLOAK_RESCUE_PUNDIT', 'true') == 'true'
 end

data/lib/verikloak/rails/railtie.rb

@@ -17,7 +17,7 @@ module Verikloak
       # @return [void]
       initializer 'verikloak.configure' do |app|
         stack = ::Verikloak::Rails::Railtie.send(:configure_middleware, app)
-        ::Verikloak::Rails::Railtie.send(:configure_bff_guard, stack)
+        ::Verikloak::Rails::Railtie.send(:configure_bff_guard, stack) if stack
       end
 
       # Optionally include the controller concern when ActionController loads.
@@ -37,23 +37,13 @@ module Verikloak
         # @return [ActionDispatch::MiddlewareStackProxy] configured middleware stack
         def configure_middleware(app)
           apply_configuration(app)
-          base_options = Verikloak::Rails.config.middleware_options
-          stack = app.middleware
-          if (before = Verikloak::Rails.config.middleware_insert_before)
-            stack.insert_before before,
-                                ::Verikloak::Middleware,
-                                **base_options
-          else
-            after = Verikloak::Rails.config.middleware_insert_after || ::Rails::Rack::Logger
-            if after
-              stack.insert_after after,
-                                 ::Verikloak::Middleware,
-                                 **base_options
-            else
-              stack.use ::Verikloak::Middleware, **base_options
-            end
+
+          unless discovery_url_present?
+            log_missing_discovery_url_warning
+            return
           end
-          stack
+
+          insert_base_middleware(app)
         end
 
         # Insert the optional HeaderGuard middleware when verikloak-bff is present.
@@ -92,6 +82,69 @@ module Verikloak
             c.rescue_pundit = false if !rails_cfg.key?(:rescue_pundit) && defined?(::Verikloak::Pundit)
           end
         end
+
+        # Check if discovery_url is present and valid.
+        #
+        # @return [Boolean] true if discovery_url is configured and not empty
+        def discovery_url_present?
+          discovery_url = Verikloak::Rails.config.discovery_url
+          return false unless discovery_url
+
+          return !discovery_url.blank? if discovery_url.respond_to?(:blank?)
+          return !discovery_url.empty? if discovery_url.respond_to?(:empty?)
+
+          true
+        end
+
+        # Log a warning message when discovery_url is missing.
+        # Uses Rails.logger if available, falls back to warn.
+        #
+        # @return [void]
+        def log_missing_discovery_url_warning
+          message = '[verikloak] discovery_url is not configured; skipping middleware insertion.'
+          if defined?(::Rails) && ::Rails.respond_to?(:logger) && ::Rails.logger
+            ::Rails.logger.warn(message)
+          else
+            warn(message)
+          end
+        end
+
+        # Insert the base Verikloak::Middleware into the application middleware stack.
+        # Respects the configured insertion point (before or after specified middleware).
+        #
+        # @param app [Rails::Application] the Rails application
+        # @return [ActionDispatch::MiddlewareStackProxy] the configured middleware stack
+        def insert_base_middleware(app)
+          stack = app.middleware
+          base_options = Verikloak::Rails.config.middleware_options
+
+          if (before = Verikloak::Rails.config.middleware_insert_before)
+            stack.insert_before before,
+                                ::Verikloak::Middleware,
+                                **base_options
+          else
+            insert_middleware_after(stack, base_options)
+          end
+
+          stack
+        end
+
+        # Insert middleware after a specified middleware or at the default position.
+        # Handles the case where no specific insertion point is configured.
+        #
+        # @param stack [ActionDispatch::MiddlewareStackProxy] the middleware stack
+        # @param base_options [Hash] options to pass to the middleware
+        # @return [void]
+        def insert_middleware_after(stack, base_options)
+          after = Verikloak::Rails.config.middleware_insert_after || ::Rails::Rack::Logger
+          if after
+            stack.insert_after after,
+                               ::Verikloak::Middleware,
+                               **base_options
+          else
+            stack.use ::Verikloak::Middleware, **base_options
+          end
+        end
       end
     end
   end

data/lib/verikloak/rails/version.rb

@@ -2,6 +2,6 @@
 
 module Verikloak
   module Rails
-    VERSION = '0.2.4'
+    VERSION = '0.2.6'
   end
 end

data/lib/verikloak/rails.rb

@@ -35,6 +35,16 @@ module Verikloak
       def configure
         yield(config)
       end
+
+      # Reset configuration to its default state.
+      #
+      # Primarily intended for test environments that need to ensure a clean
+      # configuration between examples.
+      #
+      # @return [void]
+      def reset!
+        @config = nil
+      end
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: verikloak-rails
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.2.6
 platform: ruby
 authors:
 - taiyaky
@@ -94,7 +94,7 @@ metadata:
   source_code_uri: https://github.com/taiyaky/verikloak-rails
   changelog_uri: https://github.com/taiyaky/verikloak-rails/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/taiyaky/verikloak-rails/issues
-  documentation_uri: https://rubydoc.info/gems/verikloak-rails/0.2.4
+  documentation_uri: https://rubydoc.info/gems/verikloak-rails/0.2.6
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths: