invisiblefunnel/basic-auth.diff

## basic-auth.diff
diff --git a/app/controllers/stripe_event/webhook_controller.rb b/app/controllers/stripe_event/webhook_controller.rb
index 79ac7cc..03d5ee0 100644
--- a/app/controllers/stripe_event/webhook_controller.rb
+++ b/app/controllers/stripe_event/webhook_controller.rb
@@ -1,6 +1,10 @@
 module StripeEvent
   class WebhookController < ActionController::Base
     def event
+      if login_procedure = StripeEvent.authenticate_with_http_basic
+        authenticate_with_http_basic(&login_procedure) || raise(StripeEvent::UnauthorizedError)
+      end
+
       StripeEvent.instrument(params)
       head :ok
     rescue StripeEvent::UnauthorizedError
diff --git a/lib/stripe_event.rb b/lib/stripe_event.rb
index 71eb6e6..49e0056 100644
--- a/lib/stripe_event.rb
+++ b/lib/stripe_event.rb
@@ -4,7 +4,7 @@ require "stripe_event/engine" if defined?(Rails)

 module StripeEvent
   class << self
-    attr_accessor :adapter, :backend, :event_retriever, :namespace
+    attr_accessor :adapter, :authenticate_with_http_basic, :backend, :event_retriever, :namespace

     def configure(&block)
       raise ArgumentError, "must provide a block" unless block_given?
diff --git a/spec/controllers/webhook_controller_spec.rb b/spec/controllers/webhook_controller_spec.rb
index cf137a8..6a42fa3 100644
--- a/spec/controllers/webhook_controller_spec.rb
+++ b/spec/controllers/webhook_controller_spec.rb
@@ -51,4 +51,27 @@ describe StripeEvent::WebhookController do

     expect { webhook id: 'evt_charge_succeeded' }.to raise_error(Stripe::StripeError, /testing/)
   end
+
+  it "HTTP basic auth denial" do
+    StripeEvent.authenticate_with_http_basic = lambda { |u, p| false }
+
+    stub_event('evt_charge_succeeded')
+
+    webhook id: 'evt_charge_succeeded'
+
+    expect(response.code).to eq '401'
+  end
+
+  it "HTTP basic auth success" do
+    username = '12345'
+    password = '56789'
+    StripeEvent.authenticate_with_http_basic = lambda { |u,p| u == username && p == password }
+
+    stub_event('evt_charge_succeeded')
+
+    request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(username, password)
+    webhook id: 'evt_charge_succeeded'
+
+    expect(response.code).to eq '200'
+  end
 end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index ea481e8..711afa6 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -14,12 +14,14 @@ RSpec.configure do |config|

   config.before do
     @event_retriever = StripeEvent.event_retriever
+    @authenticate_with_http_basic = StripeEvent.authenticate_with_http_basic
     @notifier = StripeEvent.backend.notifier
     StripeEvent.backend.notifier = @notifier.class.new
   end

   config.after do
     StripeEvent.event_retriever = @event_retriever
+    StripeEvent.authenticate_with_http_basic = @authenticate_with_http_basic
     StripeEvent.backend.notifier = @notifier
   end
 end
	diff --git a/app/controllers/stripe_event/webhook_controller.rb b/app/controllers/stripe_event/webhook_controller.rb
	index 79ac7cc..03d5ee0 100644
	--- a/app/controllers/stripe_event/webhook_controller.rb
	+++ b/app/controllers/stripe_event/webhook_controller.rb
	@@ -1,6 +1,10 @@
	module StripeEvent
	class WebhookController < ActionController::Base
	def event
	+ if login_procedure = StripeEvent.authenticate_with_http_basic
	+ authenticate_with_http_basic(&login_procedure) \|\| raise(StripeEvent::UnauthorizedError)
	+ end
	+
	StripeEvent.instrument(params)
	head :ok
	rescue StripeEvent::UnauthorizedError
	diff --git a/lib/stripe_event.rb b/lib/stripe_event.rb
	index 71eb6e6..49e0056 100644
	--- a/lib/stripe_event.rb
	+++ b/lib/stripe_event.rb
	@@ -4,7 +4,7 @@ require "stripe_event/engine" if defined?(Rails)

	module StripeEvent
	class << self
	- attr_accessor :adapter, :backend, :event_retriever, :namespace
	+ attr_accessor :adapter, :authenticate_with_http_basic, :backend, :event_retriever, :namespace

	def configure(&block)
	raise ArgumentError, "must provide a block" unless block_given?
	diff --git a/spec/controllers/webhook_controller_spec.rb b/spec/controllers/webhook_controller_spec.rb
	index cf137a8..6a42fa3 100644
	--- a/spec/controllers/webhook_controller_spec.rb
	+++ b/spec/controllers/webhook_controller_spec.rb
	@@ -51,4 +51,27 @@ describe StripeEvent::WebhookController do

	expect { webhook id: 'evt_charge_succeeded' }.to raise_error(Stripe::StripeError, /testing/)
	end
	+
	+ it "HTTP basic auth denial" do
	+ StripeEvent.authenticate_with_http_basic = lambda { \|u, p\| false }
	+
	+ stub_event('evt_charge_succeeded')
	+
	+ webhook id: 'evt_charge_succeeded'
	+
	+ expect(response.code).to eq '401'
	+ end
	+
	+ it "HTTP basic auth success" do
	+ username = '12345'
	+ password = '56789'
	+ StripeEvent.authenticate_with_http_basic = lambda { \|u,p\| u == username && p == password }
	+
	+ stub_event('evt_charge_succeeded')
	+
	+ request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials(username, password)
	+ webhook id: 'evt_charge_succeeded'
	+
	+ expect(response.code).to eq '200'
	+ end
	end
	diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
	index ea481e8..711afa6 100644
	--- a/spec/spec_helper.rb
	+++ b/spec/spec_helper.rb
	@@ -14,12 +14,14 @@ RSpec.configure do \|config\|

	config.before do
	@event_retriever = StripeEvent.event_retriever
	+ @authenticate_with_http_basic = StripeEvent.authenticate_with_http_basic
	@notifier = StripeEvent.backend.notifier
	StripeEvent.backend.notifier = @notifier.class.new
	end

	config.after do
	StripeEvent.event_retriever = @event_retriever
	+ StripeEvent.authenticate_with_http_basic = @authenticate_with_http_basic
	StripeEvent.backend.notifier = @notifier
	end
	end