Fix UnknownAuthStrategy raised when custom auth strategy inherits from Grape::Middleware::Auth::Base (#2674)

When a custom auth strategy class inherits from Grape::Middleware::Auth::Base
and is registered via Grape::Middleware::Auth::Strategies.add, it would raise
Grape::Exceptions::UnknownAuthStrategy with a blank strategy name upon being
instantiated by StrategyInfo#create.

The root cause: PR #2563 moved the strategy lookup from request-time (_call)
to initialization-time (initialize). When StrategyInfo#create instantiates
the custom class via auth_class.new(app) (without options), the inherited
initialize tries to look up options[:type] which is nil, causing the error.

The fix: guard the strategy lookup so it only runs when :type is present in
options. This preserves compile-time validation for the outer middleware
wrapper while allowing subclasses to be instantiated as actual strategies.

Fixes #2669.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: dblock

CHANGELOG.md

@@ -16,6 +16,7 @@
 
 #### Fixes
 
+* [#2670](https://github.com/ruby-grape/grape/pull/2670): Fix `UnknownAuthStrategy` raised when custom auth strategy class inherits from `Grape::Middleware::Auth::Base` - [@dblock](https://github.com/dblock).
 * [#2655](https://github.com/ruby-grape/grape/pull/2655): Fix `before_each` method to handle `nil` parameter correctly - [@ericproulx](https://github.com/ericproulx).
 * [#2660](https://github.com/ruby-grape/grape/pull/2660): Fix thread safety: move mutable `ParamsScope` state (`index`, `params_meeting_dependency`) into a per-request `ParamScopeTracker` stored in `Fiber[]` - [@ericproulx](https://github.com/ericproulx).
 * [#2666](https://github.com/ruby-grape/grape/pull/2666): Endpoint cleanup and minor optimizations - [@ericproulx](https://github.com/ericproulx).

lib/grape/middleware/auth/base.rb

@@ -6,6 +6,8 @@ module Auth
       class Base < Grape::Middleware::Base
         def initialize(app, **options)
           super
+          return unless options.key?(:type)
+
           @auth_strategy = Grape::Middleware::Auth::Strategies[options[:type]].tap do |auth_strategy|
             raise Grape::Exceptions::UnknownAuthStrategy.new(strategy: options[:type]) unless auth_strategy
           end

spec/grape/middleware/auth/strategies_spec.rb

@@ -42,4 +42,39 @@
       end
     end
   end
+
+  describe 'Custom Auth strategy inheriting from Grape::Middleware::Auth::Base' do
+    let(:custom_auth_middleware) do
+      Class.new(Grape::Middleware::Auth::Base) do
+        def call(env)
+          if env['HTTP_AUTHORIZATION'] == 'valid-token'
+            @app.call(env)
+          else
+            [401, {}, ['Unauthorized']]
+          end
+        end
+      end
+    end
+
+    let(:app) do
+      middleware = custom_auth_middleware
+
+      Class.new(Grape::API) do
+        Grape::Middleware::Auth::Strategies.add(:custom_token, middleware)
+        auth(:custom_token) {}
+        get('/whatever') { 'Hello there.' }
+      end
+    end
+
+    it 'allows access with valid token' do
+      get '/whatever', {}, 'HTTP_AUTHORIZATION' => 'valid-token'
+      expect(last_response).to be_successful
+      expect(last_response.body).to eq('Hello there.')
+    end
+
+    it 'denies access without valid token' do
+      get '/whatever'
+      expect(last_response).to be_unauthorized
+    end
+  end
 end