Merge branch 'master' into openapi/merge

CONTRIBUTING.md

@@ -1,5 +1,11 @@
 # Contributing
 
+🎉 Thanks for taking the time to contribute! 🎉
+
+We put forward the philosophy put forward by the [react community](https://reactcommunity.org/) about ownership, responsibility and avoiding burnout.
+
+We also strive to achieve [semantic versioning](https://semver.org/) for this repo.
+
 ## Fork, then clone the repo:
 ```
 git clone git@github.com:rswag/rswag.git

README.md

@@ -558,7 +558,7 @@ This is one of the more powerful features of rswag. When rswag runs your integra
 These integration tests are usually written with ```let``` variables for post body parameters, and since its an integration test the service is returning actual values. 
 We might as well re-use these values and embed them into the generated swagger to provide a more real world example for request/response examples.
 
-Add to application.rb:
+Add to config/environments/test.rb:
 ```ruby
 RSpec.configure do |config|
   config.swagger_dry_run = false
@@ -779,6 +779,17 @@ Rswag::Ui.configure do |c|
 end
 ```
 
+### Enable Simple Basic Auth for swagger-ui
+
+You can also update the _rswag-ui.rb_ initializer, installed with rswag-ui to specify a username and password should you want to keep your documentation private.
+
+```ruby
+Rswag::Ui.configure do |c|
+  c.basic_auth_enabled = true
+  c.basic_auth_credentials 'username', 'password'
+end
+```
+
 ### Route Prefix for the swagger-ui ###
 
 Similar to rswag-api, you can customize the swagger-ui path by changing it's mount prefix in _routes.rb_:

rswag-specs/lib/rswag/specs/swagger_formatter.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
 require 'active_support/core_ext/hash/deep_merge'
+require 'rspec/core/formatters/base_text_formatter'
 require 'swagger_helper'
 
 module Rswag
   module Specs
-    class SwaggerFormatter
+    class SwaggerFormatter < ::RSpec::Core::Formatters::BaseTextFormatter
+
       # NOTE: rspec 2.x support
       if RSPEC_VERSION > 2
         ::RSpec::Core::Formatters.register self, :example_group_finished, :stop

rswag-ui/lib/generators/rswag/ui/install/templates/rswag-ui.rb

@@ -7,4 +7,8 @@ Rswag::Ui.configure do |c|
   # then the list below should correspond to the relative paths for those endpoints
 
   c.swagger_endpoint '/api-docs/v1/swagger.yaml', 'API V1 Docs'
+
+  # Add Basic Auth in case your API is private
+  # c.basic_auth_enabled = true
+  # c.basic_auth_credentials 'username', 'password'
 end

rswag-ui/lib/rswag/ui/basic_auth.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'rack/auth/basic'
+
+module Rswag
+  module Ui
+    # Extend Rack HTTP Basic Authentication, as per RFC 2617.
+    # @api private
+    #
+    class BasicAuth < ::Rack::Auth::Basic
+      def call(env)
+        return @app.call(env) unless env_matching_path(env)
+
+        super(env)
+      end
+
+      private
+
+      def env_matching_path(env)
+        path = base_path(env['PATH_INFO'])
+        Rswag::Ui.config.config_object[:urls].find do |endpoint|
+          base_path(endpoint[:url]) == path
+        end
+      end
+
+      def base_path(url)
+        url.downcase.split('/')[1]
+      end
+    end
+  end
+end

rswag-ui/lib/rswag/ui/configuration.rb

@@ -1,9 +1,11 @@
 require 'ostruct'
+require 'rack'
 
 module Rswag
   module Ui
     class Configuration
       attr_reader :template_locations
+      attr_accessor :basic_auth_enabled
       attr_accessor :config_object
       attr_accessor :oauth_config_object
       attr_reader :assets_root
@@ -20,6 +22,7 @@ module Rswag
         @assets_root = File.expand_path('../../../../node_modules/swagger-ui-dist', __FILE__)
         @config_object = {}
         @oauth_config_object = {}
+        @basic_auth_enabled = false
       end
 
       def swagger_endpoint(url, name)
@@ -27,9 +30,15 @@ module Rswag
         @config_object[:urls] << { url: url, name: name }
       end
 
+      def basic_auth_credentials(username, password)
+        @config_object[:basic_auth] = { username: username, password: password }
+      end
+
+      # rubocop:disable Naming/AccessorMethodName
       def get_binding
         binding
       end
+      # rubocop:enable Naming/AccessorMethodName
     end
   end
 end

rswag-ui/lib/rswag/ui/engine.rb

@@ -1,4 +1,5 @@
 require 'rswag/ui/middleware'
+require 'rswag/ui/basic_auth'
 
 module Rswag
   module Ui
@@ -7,6 +8,13 @@ module Rswag
 
       initializer 'rswag-ui.initialize' do |app|
         middleware.use Rswag::Ui::Middleware, Rswag::Ui.config
+
+        if Rswag::Ui.config.basic_auth_enabled
+          c = Rswag::Ui.config
+          app.middleware.use Rswag::Ui::BasicAuth do |username, password|
+            c.config_object[:basic_auth].values == [username, password]
+          end
+        end
       end
 
       rake_tasks do

rswag-ui/spec/rswag/ui/configuration_spec.rb

@@ -0,0 +1,52 @@
+require 'rswag/ui/configuration'
+
+require_relative '../../spec_helper'
+
+RSpec.describe Rswag::Ui::Configuration do
+  describe '#swagger_endpoints'
+
+  describe '#basic_auth_enabled' do
+    context 'when unspecified' do
+      it 'defaults to false' do
+        configuration = described_class.new
+        basic_auth_enabled = configuration.basic_auth_enabled
+
+        expect(basic_auth_enabled).to be(false)
+      end
+    end
+
+    context 'when specified' do
+      context 'when set to true' do
+        it 'returns true' do
+          configuration = described_class.new
+          configuration.basic_auth_enabled = true
+          basic_auth_enabled = configuration.basic_auth_enabled
+
+          expect(basic_auth_enabled).to be(true)
+        end
+      end
+
+      context 'when set to false' do
+        it 'returns false' do
+          configuration = described_class.new
+          configuration.basic_auth_enabled = false
+          basic_auth_enabled = configuration.basic_auth_enabled
+
+          expect(basic_auth_enabled).to be(false)
+        end
+      end
+    end
+  end
+
+  describe '#basic_auth_credentials' do
+    it 'sets the username and password' do
+      configuration = described_class.new
+      configuration.basic_auth_credentials 'foo', 'bar'
+      credentials = configuration.config_object[:basic_auth]
+
+      expect(credentials).to eq(username: 'foo', password: 'bar')
+    end
+  end
+
+  describe '#get_binding'
+end

rswag-ui/spec/spec_helper.rb

@@ -0,0 +1,100 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  # This option will default to `:apply_to_host_groups` in RSpec 4 (and will
+  # have no way to turn it off -- the option exists only for backwards
+  # compatibility in RSpec 3). It causes shared context metadata to be
+  # inherited by the metadata hash of host groups and examples, rather than
+  # triggering implicit auto-inclusion in groups with matching metadata.
+  config.shared_context_metadata_behavior = :apply_to_host_groups
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # This allows you to limit a spec run to individual examples or groups
+  # you care about by tagging them with `:focus` metadata. When nothing
+  # is tagged with `:focus`, all examples get run. RSpec also provides
+  # aliases for `it`, `describe`, and `context` that include `:focus`
+  # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
+  config.filter_run_when_matching :focus
+
+  # Allows RSpec to persist some state between runs in order to support
+  # the `--only-failures` and `--next-failure` CLI options. We recommend
+  # you configure your source control system to ignore this file.
+  config.example_status_persistence_file_path = "spec/examples.txt"
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
+  #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = "doc"
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+=end
+end