FEATURE: rename `whitelist` to `allow_authorized`

FEATURE: rename whitelist to allow_authorized

Whitelist is both a loaded term and confusing in rack-mini-profiler configuration.

We deprecated usage of authorization_mode = :whitelist instead this should be used authorization_mode = :allow_authorized

In 6 months or so we will consider removing the deprecation and forcing usage of the renamed option.

diff --git a/README.md b/README.md
index a5e4053..cb833f3 100644
--- a/README.md
+++ b/README.md
@@ -235,21 +235,21 @@ rack-mini-profiler is designed with production profiling in mind. To enable that
 
 Note:
 
-Out-of-the-box we will initialize the `authorization_mode` to `:whitelist` in production. However, in some cases we may not be able to do it:
+Out-of-the-box we will initialize the `authorization_mode` to `:allow_authorized` in production. However, in some cases we may not be able to do it:
 
-- If you are running in development or test we will not enable whitelist mode
+- If you are running in development or test we will not enable the explicit authorization mode
 - If you use `require: false` on rack_mini_profiler we are unlikely to be able to run the railtie
 - If you are running outside of rails we will not run the railtie
 
 In those cases use:
 
 `‍``ruby
-Rack::MiniProfiler.config.authorization_mode = :whitelist
+Rack::MiniProfiler.config.authorization_mode = :allow_authorized
 `‍``
 
 When deciding to fully profile a page mini profiler consults with the `authorization_mode`
 
-By default in production we attempt to set the authorization mode to `:whitelist` meaning that end user will only be able to see requests where somewhere `Rack::MiniProfiler.authorize_request` is invoked.
+By default in production we attempt to set the authorization mode to `:allow_authorized` meaning that end user will only be able to see requests where somewhere `Rack::MiniProfiler.authorize_request` is invoked.
 
 In development we run in the `:allow_all` authorization mode meaning every request is profiled and displayed to the end user.
 
diff --git a/lib/mini_profiler/client_settings.rb b/lib/mini_profiler/client_settings.rb
index 8de1318..f6a478e 100644
--- a/lib/mini_profiler/client_settings.rb
+++ b/lib/mini_profiler/client_settings.rb
@@ -42,7 +42,7 @@ module Rack
       def handle_cookie(result)
         status, headers, _body = result
 
-        if (MiniProfiler.config.authorization_mode == :whitelist && !MiniProfiler.request_authorized?)
+        if (MiniProfiler.config.authorization_mode == :allow_authorized && !MiniProfiler.request_authorized?)
           # this is non-obvious, don't kill the profiling cookie on errors or short requests
           # this ensures that stuff that never reaches the rails stack does not kill profiling
           if status.to_i >= 200 && status.to_i < 300 && ((Process.clock_gettime(Process::CLOCK_MONOTONIC) - @start) > 0.1)
@@ -59,7 +59,7 @@ module Rack
 
         tokens_changed = false
 
-        if MiniProfiler.request_authorized? && MiniProfiler.config.authorization_mode == :whitelist
+        if MiniProfiler.request_authorized? && MiniProfiler.config.authorization_mode == :allow_authorized
           @allowed_tokens ||= @store.allowed_tokens
           tokens_changed = !@orig_auth_tokens || ((@allowed_tokens - @orig_auth_tokens).length > 0)
         end
@@ -90,7 +90,7 @@ module Rack
       def has_valid_cookie?
         valid_cookie = !@cookie.nil?
 
-        if (MiniProfiler.config.authorization_mode == :whitelist) && valid_cookie
+        if (MiniProfiler.config.authorization_mode == :allow_authorized) && valid_cookie
           begin
             @allowed_tokens ||= @store.allowed_tokens
           rescue => e
diff --git a/lib/mini_profiler/config.rb b/lib/mini_profiler/config.rb
index 6a1898e..6cc865b 100644
--- a/lib/mini_profiler/config.rb
+++ b/lib/mini_profiler/config.rb
@@ -86,6 +86,20 @@ module Rack
 
       attr_reader :assets_url
 
+      def authorization_mode=(mode)
+        if mode == :whitelist
+          warn "[DEPRECATION] `:whitelist` authorization mode is deprecated. Please use `:allow_authorized` instead."
+
+          mode = :allow_authorized
+        end
+
+        warn <<~DEP unless mode == :allow_authorized || mode == :allow_all
+          [DEPRECATION] unknown authorization mode #{mode}. Expected `:allow_all` or `:allow_authorized`.
+        DEP
+
+        @authorization_mode = mode
+      end
+
       def assets_url=(lmbda)
         if defined?(Rack::MiniProfilerRails)
           Rack::MiniProfilerRails.create_engine
diff --git a/lib/mini_profiler/profiler.rb b/lib/mini_profiler/profiler.rb
index 89072d9..3cdbae5 100644
--- a/lib/mini_profiler/profiler.rb
+++ b/lib/mini_profiler/profiler.rb
@@ -213,7 +213,7 @@ module Rack
     def call(env)
       start = Process.clock_gettime(Process::CLOCK_MONOTONIC)
       client_settings = ClientSettings.new(env, @storage, start)
-      MiniProfiler.deauthorize_request if @config.authorization_mode == :whitelist
+      MiniProfiler.deauthorize_request if @config.authorization_mode == :allow_authorized
 
       status = headers = body = nil
       query_string = env['QUERY_STRING']
@@ -239,7 +239,7 @@ module Rack
       skip_it = (@config.pre_authorize_cb && !@config.pre_authorize_cb.call(env))
 
       if skip_it || (
-        @config.authorization_mode == :whitelist &&
+        @config.authorization_mode == :allow_authorized &&
         !client_settings.has_valid_cookie?
       )
         if take_snapshot?(path)
@@ -388,7 +388,7 @@ module Rack
 
       skip_it = current.discard
 
-      if (config.authorization_mode == :whitelist && !MiniProfiler.request_authorized?)
+      if (config.authorization_mode == :allow_authorized && !MiniProfiler.request_authorized?)
         skip_it = true
       end
 
diff --git a/lib/mini_profiler/storage/abstract_store.rb b/lib/mini_profiler/storage/abstract_store.rb
index 0a92446..d61b6b3 100644
--- a/lib/mini_profiler/storage/abstract_store.rb
+++ b/lib/mini_profiler/storage/abstract_store.rb
@@ -36,7 +36,7 @@ module Rack
         ""
       end
 
-      # a list of tokens that are permitted to access profiler in whitelist mode
+      # a list of tokens that are permitted to access profiler in explicit mode
       def allowed_tokens
         raise NotImplementedError.new("allowed_tokens is not implemented")
       end
diff --git a/lib/mini_profiler_rails/railtie.rb b/lib/mini_profiler_rails/railtie.rb
index bf60aaa..5627556 100644
--- a/lib/mini_profiler_rails/railtie.rb
+++ b/lib/mini_profiler_rails/railtie.rb
@@ -35,7 +35,7 @@ module Rack::MiniProfilerRails
     end
 
     unless Rails.env.development? || Rails.env.test?
-      c.authorization_mode = :whitelist
+      c.authorization_mode = :allow_authorized
     end
 
     if Rails.logger
diff --git a/spec/integration/mini_profiler_spec.rb b/spec/integration/mini_profiler_spec.rb
index e67742a..f5d1893 100644
--- a/spec/integration/mini_profiler_spec.rb
+++ b/spec/integration/mini_profiler_spec.rb
@@ -30,7 +30,7 @@ describe Rack::MiniProfiler do
       map '/html' do
         run lambda { |env| [200, { 'Content-Type' => 'text/html' }, +"<html><BODY><h1>Hi</h1></BODY>\n \t</html>"] }
       end
-      map '/whitelisted-html' do
+      map '/explicitly-allowed-html' do
         run lambda { |env|
           Rack::MiniProfiler.authorize_request
           [200, { 'Content-Type' => 'text/html' }, +"<html><BODY><h1>Hi</h1></BODY>\n \t</html>"]
@@ -54,7 +54,7 @@ describe Rack::MiniProfiler do
           [200, { 'Content-Type' => 'text/html' }, +'<h1>Hi</h1>']
         }
       end
-      map '/whitelisted' do
+      map '/explicitly-allowed' do
         run lambda { |env|
           Rack::MiniProfiler.authorize_request
           [200, { 'Content-Type' => 'text/html' }, +'<h1>path1</h1>']
@@ -303,17 +303,17 @@ describe Rack::MiniProfiler do
         expect(last_response.body).to include('/mini-profiler-resources/includes.js')
       end
 
-      it "does not re-enable functionality if not whitelisted" do
-        Rack::MiniProfiler.config.authorization_mode = :whitelist
+      it "does not re-enable functionality if not explicitly allowed" do
+        Rack::MiniProfiler.config.authorization_mode = :allow_authorized
         get '/html?pp=enable'
         get '/html?pp=enable'
         expect(last_response.body).not_to include('/mini-profiler-resources/includes.js')

[... diff too long, it was truncated ...]

GitHub sha: e99b44d3

This commit appears in #491 which was approved by SamSaffron. It was merged by SamSaffron.