From b0712418a31f4dab5c115a0f4e21f39ca29e476d Mon Sep 17 00:00:00 2001 From: Austin Kabiru Date: Fri, 30 Nov 2018 12:33:13 +0300 Subject: [PATCH 1/6] feat(auth): Allow Basic auth to be enabled --- .../lib/generators/rswag/ui/install/templates/rswag-ui.rb | 4 ++++ rswag-ui/lib/rswag/ui/configuration.rb | 8 ++++++++ rswag-ui/lib/rswag/ui/engine.rb | 7 +++++++ 3 files changed, 19 insertions(+) diff --git a/rswag-ui/lib/generators/rswag/ui/install/templates/rswag-ui.rb b/rswag-ui/lib/generators/rswag/ui/install/templates/rswag-ui.rb index 084a512..b39e2f9 100644 --- a/rswag-ui/lib/generators/rswag/ui/install/templates/rswag-ui.rb +++ b/rswag-ui/lib/generators/rswag/ui/install/templates/rswag-ui.rb @@ -7,4 +7,8 @@ Rswag::Ui.configure do |c| # then the list below should correspond to the relative paths for those endpoints c.swagger_endpoint '/api-docs/v1/swagger.json', 'API V1 Docs' + + # Add Basic Auth in case your API is private + # c.basic_auth_enabled = true + # c.basic_auth_credentials 'username', 'password' end diff --git a/rswag-ui/lib/rswag/ui/configuration.rb b/rswag-ui/lib/rswag/ui/configuration.rb index 5f33c2c..ae06434 100644 --- a/rswag-ui/lib/rswag/ui/configuration.rb +++ b/rswag-ui/lib/rswag/ui/configuration.rb @@ -4,6 +4,7 @@ module Rswag module Ui class Configuration attr_reader :template_locations + attr_accessor :basic_auth_enabled attr_accessor :config_object attr_accessor :oauth_config_object attr_reader :assets_root @@ -20,6 +21,7 @@ module Rswag @assets_root = File.expand_path('../../../../node_modules/swagger-ui-dist', __FILE__) @config_object = {} @oauth_config_object = {} + @basic_auth_enabled = false end def swagger_endpoint(url, name) @@ -27,9 +29,15 @@ module Rswag @config_object[:urls] << { url: url, name: name } end + def basic_auth_credentials(username, password) + @config_object[:basic_auth] = { username: username, password: password } + end + + # rubocop:disable Naming/AccessorMethodName def get_binding binding end + # rubocop:enable Naming/AccessorMethodName end end end diff --git a/rswag-ui/lib/rswag/ui/engine.rb b/rswag-ui/lib/rswag/ui/engine.rb index 78ee075..2e157e3 100644 --- a/rswag-ui/lib/rswag/ui/engine.rb +++ b/rswag-ui/lib/rswag/ui/engine.rb @@ -7,6 +7,13 @@ module Rswag initializer 'rswag-ui.initialize' do |app| middleware.use Rswag::Ui::Middleware, Rswag::Ui.config + + if Rswag::Ui.config.basic_auth_enabled + c = Rswag::Ui.config + app.middleware.use ::Rack::Auth::Basic do |username, password| + c.config_object[:basic_auth].values == [username, password] + end + end end rake_tasks do From 875bbfa04b70aa5f80eef5cb36a774893d511c7c Mon Sep 17 00:00:00 2001 From: Austin Kabiru Date: Fri, 30 Nov 2018 14:23:11 +0300 Subject: [PATCH 2/6] chore(auth): Add documentation and specs --- README.md | 15 +++++- rswag-ui/spec/rswag/ui/configuration_spec.rb | 50 ++++++++++++++++++++ rswag-ui/spec/spec_helper.rb | 16 +++++++ 3 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 rswag-ui/spec/rswag/ui/configuration_spec.rb diff --git a/README.md b/README.md index 08f0157..80b0d41 100644 --- a/README.md +++ b/README.md @@ -44,9 +44,9 @@ Once you have an API that can describe itself in Swagger, you've opened the trea ```ruby rails g rswag:install ``` - + Or run the install generators for each package separately if you installed Rswag as separate gems, as indicated above: - + ```ruby rails g rswag:api:install rswag:ui:install RAILS_ENV=test rails g rswag:specs:install @@ -477,6 +477,17 @@ Rswag::Ui.configure do |c| end ``` +### Enable Simple Basic Auth for swagger-ui + +You can also update the _rswag-ui.rb_ initializer, installed with rswag-ui to specify a username and password should you want to keep your documentation private. + +```ruby +Rswag::Ui.configure do |c| + c.basic_auth_enabled = true + c.basic_auth_credentials 'username', 'password' +end +``` + ### Route Prefix for the swagger-ui ### Similar to rswag-api, you can customize the swagger-ui path by changing it's mount prefix in _routes.rb_: diff --git a/rswag-ui/spec/rswag/ui/configuration_spec.rb b/rswag-ui/spec/rswag/ui/configuration_spec.rb new file mode 100644 index 0000000..2df2c8d --- /dev/null +++ b/rswag-ui/spec/rswag/ui/configuration_spec.rb @@ -0,0 +1,50 @@ +require 'spec_helper' + +RSpec.describe Rswag::Ui::Configuration do + describe '#swagger_endpoints' + + describe '#basic_auth_enabled' do + context 'when unspecified' do + it 'defaults to false' do + configuration = described_class.new + basic_auth_enabled = configuration.basic_auth_enabled + + expect(basic_auth_enabled).to be(false) + end + end + + context 'when specified' do + context 'when set to true' do + it 'returns true' do + configuration = described_class.new + configuration.basic_auth_enabled = true + basic_auth_enabled = configuration.basic_auth_enabled + + expect(basic_auth_enabled).to be(true) + end + end + + context 'when set to false' do + it 'returns false' do + configuration = described_class.new + configuration.basic_auth_enabled = false + basic_auth_enabled = configuration.basic_auth_enabled + + expect(basic_auth_enabled).to be(false) + end + end + end + end + + describe '#basic_auth_credentials' do + it 'sets the username and password' do + configuration = described_class.new + configuration.basic_auth_credentials 'foo', 'bar' + credentials = configuration.config_object[:basic_aut] + + expect(credentials).to eq(username: 'foo', password: 'bar') + end + end + + describe '#get_binding' +end diff --git a/rswag-ui/spec/spec_helper.rb b/rswag-ui/spec/spec_helper.rb index e69de29..c242286 100644 --- a/rswag-ui/spec/spec_helper.rb +++ b/rswag-ui/spec/spec_helper.rb @@ -0,0 +1,16 @@ +require 'bundler/setup' + +require 'rack' +require 'rswag/ui/configuration' + +RSpec.configure do |config| + # Enable flags like --only-failures and --next-failure + config.example_status_persistence_file_path = ".rspec_status" + + # Disable RSpec exposing methods globally on `Module` and `main` + config.disable_monkey_patching! + + config.expect_with :rspec do |c| + c.syntax = :expect + end +end From 529cfae73e87403110e59a160a93a46d29bbe97f Mon Sep 17 00:00:00 2001 From: Austin Kabiru Date: Mon, 3 Dec 2018 11:02:57 +0300 Subject: [PATCH 3/6] fix: Scope auth to swagger endpoints --- rswag-ui/lib/rswag/ui/configuration.rb | 1 + rswag-ui/lib/rswag/ui/engine.rb | 26 ++++- rswag-ui/spec/rswag/ui/configuration_spec.rb | 6 +- rswag-ui/spec/spec_helper.rb | 104 +++++++++++++++++-- 4 files changed, 124 insertions(+), 13 deletions(-) diff --git a/rswag-ui/lib/rswag/ui/configuration.rb b/rswag-ui/lib/rswag/ui/configuration.rb index ae06434..ad46a49 100644 --- a/rswag-ui/lib/rswag/ui/configuration.rb +++ b/rswag-ui/lib/rswag/ui/configuration.rb @@ -1,4 +1,5 @@ require 'ostruct' +require 'rack' module Rswag module Ui diff --git a/rswag-ui/lib/rswag/ui/engine.rb b/rswag-ui/lib/rswag/ui/engine.rb index 2e157e3..962dc9f 100644 --- a/rswag-ui/lib/rswag/ui/engine.rb +++ b/rswag-ui/lib/rswag/ui/engine.rb @@ -1,5 +1,29 @@ require 'rswag/ui/middleware' +class UiBasicAuth < ::Rack::Auth::Basic + def call(env) + return @app.call(env) unless env_matching_path + + super(env) + end + + private + + def env_matching_path + swagger_endpoints = Rswag::Ui.config.swagger_endpoints[:urls] + swagger_endpoints.find do |endpoint| + base_path = base_path(endpoint[:url]) + env_base_path = base_path(env['PATH_INFO']) + + base_path == env_base_path + end + end + + def base_path(url) + url.downcase.split('/')[1] + end +end + module Rswag module Ui class Engine < ::Rails::Engine @@ -10,7 +34,7 @@ module Rswag if Rswag::Ui.config.basic_auth_enabled c = Rswag::Ui.config - app.middleware.use ::Rack::Auth::Basic do |username, password| + app.middleware.use UiBasicAuth do |username, password| c.config_object[:basic_auth].values == [username, password] end end diff --git a/rswag-ui/spec/rswag/ui/configuration_spec.rb b/rswag-ui/spec/rswag/ui/configuration_spec.rb index 2df2c8d..6e32590 100644 --- a/rswag-ui/spec/rswag/ui/configuration_spec.rb +++ b/rswag-ui/spec/rswag/ui/configuration_spec.rb @@ -1,4 +1,6 @@ -require 'spec_helper' +require 'rswag/ui/configuration' + +require_relative '../../spec_helper' RSpec.describe Rswag::Ui::Configuration do describe '#swagger_endpoints' @@ -40,7 +42,7 @@ RSpec.describe Rswag::Ui::Configuration do it 'sets the username and password' do configuration = described_class.new configuration.basic_auth_credentials 'foo', 'bar' - credentials = configuration.config_object[:basic_aut] + credentials = configuration.config_object[:basic_auth] expect(credentials).to eq(username: 'foo', password: 'bar') end diff --git a/rswag-ui/spec/spec_helper.rb b/rswag-ui/spec/spec_helper.rb index c242286..251aa51 100644 --- a/rswag-ui/spec/spec_helper.rb +++ b/rswag-ui/spec/spec_helper.rb @@ -1,16 +1,100 @@ -require 'bundler/setup' - -require 'rack' -require 'rswag/ui/configuration' - +# This file was generated by the `rspec --init` command. Conventionally, all +# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`. +# The generated `.rspec` file contains `--require spec_helper` which will cause +# this file to always be loaded, without a need to explicitly require it in any +# files. +# +# Given that it is always loaded, you are encouraged to keep this file as +# light-weight as possible. Requiring heavyweight dependencies from this file +# will add to the boot time of your test suite on EVERY test run, even for an +# individual file that may not need all of that loaded. Instead, consider making +# a separate helper file that requires the additional dependencies and performs +# the additional setup, and require it from the spec files that actually need +# it. +# +# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration RSpec.configure do |config| - # Enable flags like --only-failures and --next-failure - config.example_status_persistence_file_path = ".rspec_status" + # rspec-expectations config goes here. You can use an alternate + # assertion/expectation library such as wrong or the stdlib/minitest + # assertions if you prefer. + config.expect_with :rspec do |expectations| + # This option will default to `true` in RSpec 4. It makes the `description` + # and `failure_message` of custom matchers include text for helper methods + # defined using `chain`, e.g.: + # be_bigger_than(2).and_smaller_than(4).description + # # => "be bigger than 2 and smaller than 4" + # ...rather than: + # # => "be bigger than 2" + expectations.include_chain_clauses_in_custom_matcher_descriptions = true + end - # Disable RSpec exposing methods globally on `Module` and `main` + # rspec-mocks config goes here. You can use an alternate test double + # library (such as bogus or mocha) by changing the `mock_with` option here. + config.mock_with :rspec do |mocks| + # Prevents you from mocking or stubbing a method that does not exist on + # a real object. This is generally recommended, and will default to + # `true` in RSpec 4. + mocks.verify_partial_doubles = true + end + + # This option will default to `:apply_to_host_groups` in RSpec 4 (and will + # have no way to turn it off -- the option exists only for backwards + # compatibility in RSpec 3). It causes shared context metadata to be + # inherited by the metadata hash of host groups and examples, rather than + # triggering implicit auto-inclusion in groups with matching metadata. + config.shared_context_metadata_behavior = :apply_to_host_groups + +# The settings below are suggested to provide a good initial experience +# with RSpec, but feel free to customize to your heart's content. +=begin + # This allows you to limit a spec run to individual examples or groups + # you care about by tagging them with `:focus` metadata. When nothing + # is tagged with `:focus`, all examples get run. RSpec also provides + # aliases for `it`, `describe`, and `context` that include `:focus` + # metadata: `fit`, `fdescribe` and `fcontext`, respectively. + config.filter_run_when_matching :focus + + # Allows RSpec to persist some state between runs in order to support + # the `--only-failures` and `--next-failure` CLI options. We recommend + # you configure your source control system to ignore this file. + config.example_status_persistence_file_path = "spec/examples.txt" + + # Limits the available syntax to the non-monkey patched syntax that is + # recommended. For more details, see: + # - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/ + # - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/ + # - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode config.disable_monkey_patching! - config.expect_with :rspec do |c| - c.syntax = :expect + # This setting enables warnings. It's recommended, but in some cases may + # be too noisy due to issues in dependencies. + config.warnings = true + + # Many RSpec users commonly either run the entire suite or an individual + # file, and it's useful to allow more verbose output when running an + # individual spec file. + if config.files_to_run.one? + # Use the documentation formatter for detailed output, + # unless a formatter has already been configured + # (e.g. via a command-line flag). + config.default_formatter = "doc" end + + # Print the 10 slowest examples and example groups at the + # end of the spec run, to help surface which specs are running + # particularly slow. + config.profile_examples = 10 + + # Run specs in random order to surface order dependencies. If you find an + # order dependency and want to debug it, you can fix the order by providing + # the seed, which is printed after each run. + # --seed 1234 + config.order = :random + + # Seed global randomization in this process using the `--seed` CLI option. + # Setting this allows you to use `--seed` to deterministically reproduce + # test failures related to randomization by passing the same `--seed` value + # as the one that triggered the failure. + Kernel.srand config.seed +=end end From 19e985a828011b2b961bc5a9c5e32f2cff51f85e Mon Sep 17 00:00:00 2001 From: Kabiru Mwenja Date: Mon, 6 Jan 2020 09:50:30 +0300 Subject: [PATCH 4/6] chore(rswag-ui): Organise basic auth files --- rswag-ui/lib/rswag/ui/basic_auth.rb | 25 +++++++++++++++++++++++++ rswag-ui/lib/rswag/ui/engine.rb | 25 +------------------------ 2 files changed, 26 insertions(+), 24 deletions(-) create mode 100644 rswag-ui/lib/rswag/ui/basic_auth.rb diff --git a/rswag-ui/lib/rswag/ui/basic_auth.rb b/rswag-ui/lib/rswag/ui/basic_auth.rb new file mode 100644 index 0000000..957ddfb --- /dev/null +++ b/rswag-ui/lib/rswag/ui/basic_auth.rb @@ -0,0 +1,25 @@ +require 'rack/auth/basic' + +class BasicAuth < ::Rack::Auth::Basic + def call(env) + return @app.call(env) unless env_matching_path + + super(env) + end + + private + + def env_matching_path + swagger_endpoints = Rswag::Ui.config.swagger_endpoints[:urls] + swagger_endpoints.find do |endpoint| + base_path = base_path(endpoint[:url]) + env_base_path = base_path(env['PATH_INFO']) + + base_path == env_base_path + end + end + + def base_path(url) + url.downcase.split('/')[1] + end +end diff --git a/rswag-ui/lib/rswag/ui/engine.rb b/rswag-ui/lib/rswag/ui/engine.rb index 962dc9f..c4cffae 100644 --- a/rswag-ui/lib/rswag/ui/engine.rb +++ b/rswag-ui/lib/rswag/ui/engine.rb @@ -1,28 +1,5 @@ require 'rswag/ui/middleware' - -class UiBasicAuth < ::Rack::Auth::Basic - def call(env) - return @app.call(env) unless env_matching_path - - super(env) - end - - private - - def env_matching_path - swagger_endpoints = Rswag::Ui.config.swagger_endpoints[:urls] - swagger_endpoints.find do |endpoint| - base_path = base_path(endpoint[:url]) - env_base_path = base_path(env['PATH_INFO']) - - base_path == env_base_path - end - end - - def base_path(url) - url.downcase.split('/')[1] - end -end +require 'rswag/ui/basic_auth' module Rswag module Ui From a43e6f65469c3220c17e44d93e73908c18f75cdb Mon Sep 17 00:00:00 2001 From: Kabiru Mwenja Date: Mon, 6 Jan 2020 10:55:43 +0300 Subject: [PATCH 5/6] fix(rswag-ui): Define BasicAuth in Rswag::Ui module --- rswag-ui/lib/rswag/ui/basic_auth.rb | 41 ++++++++++++++++++----------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/rswag-ui/lib/rswag/ui/basic_auth.rb b/rswag-ui/lib/rswag/ui/basic_auth.rb index 957ddfb..7bbd85d 100644 --- a/rswag-ui/lib/rswag/ui/basic_auth.rb +++ b/rswag-ui/lib/rswag/ui/basic_auth.rb @@ -1,25 +1,34 @@ +# frozen_string_literal: true + require 'rack/auth/basic' -class BasicAuth < ::Rack::Auth::Basic - def call(env) - return @app.call(env) unless env_matching_path +module Rswag + module Ui + # Extend Rack HTTP Basic Authentication, as per RFC 2617. + # @api private + # + class BasicAuth < ::Rack::Auth::Basic + def call(env) + return @app.call(env) unless env_matching_path - super(env) - end + super(env) + end - private + private - def env_matching_path - swagger_endpoints = Rswag::Ui.config.swagger_endpoints[:urls] - swagger_endpoints.find do |endpoint| - base_path = base_path(endpoint[:url]) - env_base_path = base_path(env['PATH_INFO']) + def env_matching_path + Rswag::Ui.config.swagger_endpoints[:urls].find do |endpoint| + base_path(endpoint[:url]) == env_base_path + end + end - base_path == env_base_path + def env_base_path + base_path(env['PATH_INFO']) + end + + def base_path(url) + url.downcase.split('/')[1] + end end end - - def base_path(url) - url.downcase.split('/')[1] - end end From e21f786926c5261893922001bf2c7c78369675a4 Mon Sep 17 00:00:00 2001 From: Chris Miller Date: Wed, 29 Jan 2020 16:28:06 -0800 Subject: [PATCH 6/6] fix(references): update reference to Rswag::Ui::BasicAuth and env_matching_path environment accessor --- rswag-ui/lib/rswag/ui/basic_auth.rb | 13 +++++-------- rswag-ui/lib/rswag/ui/engine.rb | 2 +- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/rswag-ui/lib/rswag/ui/basic_auth.rb b/rswag-ui/lib/rswag/ui/basic_auth.rb index 7bbd85d..ee42d36 100644 --- a/rswag-ui/lib/rswag/ui/basic_auth.rb +++ b/rswag-ui/lib/rswag/ui/basic_auth.rb @@ -9,23 +9,20 @@ module Rswag # class BasicAuth < ::Rack::Auth::Basic def call(env) - return @app.call(env) unless env_matching_path + return @app.call(env) unless env_matching_path(env) super(env) end private - def env_matching_path - Rswag::Ui.config.swagger_endpoints[:urls].find do |endpoint| - base_path(endpoint[:url]) == env_base_path + def env_matching_path(env) + path = base_path(env['PATH_INFO']) + Rswag::Ui.config.config_object[:urls].find do |endpoint| + base_path(endpoint[:url]) == path end end - def env_base_path - base_path(env['PATH_INFO']) - end - def base_path(url) url.downcase.split('/')[1] end diff --git a/rswag-ui/lib/rswag/ui/engine.rb b/rswag-ui/lib/rswag/ui/engine.rb index c4cffae..e90b4f2 100644 --- a/rswag-ui/lib/rswag/ui/engine.rb +++ b/rswag-ui/lib/rswag/ui/engine.rb @@ -11,7 +11,7 @@ module Rswag if Rswag::Ui.config.basic_auth_enabled c = Rswag::Ui.config - app.middleware.use UiBasicAuth do |username, password| + app.middleware.use Rswag::Ui::BasicAuth do |username, password| c.config_object[:basic_auth].values == [username, password] end end