devise_masquerade 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise_masquerade might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/README.md +12 -9
- data/app/controllers/devise/masquerades_controller.rb +12 -3
- data/features/support/env.rb +5 -0
- data/lib/devise_masquerade/version.rb +1 -1
- data/spec/controllers/masquerades_controller_spec.rb +42 -0
- data/spec/dummy/app/controllers/masquerades_controller.rb +5 -0
- data/spec/dummy/app/controllers/users/masquerades_controller.rb +2 -4
- data/spec/dummy/config/routes.rb +2 -1
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '08ff9d50cb4dd74d3f209afa2f34a0905058ba5e'
|
4
|
+
data.tar.gz: ce4059a49c9877569b475ea5577627071d1ffb01
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 72638104b38f4f2ca1d594e4aa26534cc236a445c1d3468c832bf1d98c329665013db732f760e1622f59cf43c4e5edf344acabfe7eb3295d8d1d95231a1634da
|
7
|
+
data.tar.gz: f15e6b83c28d33bbb3eea1f6166e81695c1d323afcdc22ba6c94ca067b65f298f6395a7cd5c867bd0a2026708d265ddd096d0c618af9b3fb5b91be9e49e2aa75
|
data/README.md
CHANGED
@@ -53,28 +53,31 @@ helpers:
|
|
53
53
|
|
54
54
|
class Admin::MasqueradesController < Devise::MasqueradesController
|
55
55
|
def show
|
56
|
-
authorize!(:masquerade, User)
|
57
|
-
|
58
56
|
super
|
59
57
|
end
|
60
|
-
end
|
61
58
|
|
62
|
-
|
59
|
+
protected
|
63
60
|
|
64
|
-
|
65
|
-
def show
|
61
|
+
def masquerade_authorize!
|
66
62
|
authorize!(:masquerade, User)
|
67
|
-
|
68
|
-
super
|
69
63
|
end
|
70
64
|
|
65
|
+
# or you can define:
|
66
|
+
# def masquerade_authorized?
|
67
|
+
# <has access to something?> (true/false)
|
68
|
+
# end
|
69
|
+
end
|
70
|
+
|
71
|
+
## Custom url redirect after masquerade:
|
72
|
+
|
73
|
+
class Admin::MasqueradesController < Devise::MasqueradesController
|
71
74
|
protected
|
72
75
|
|
73
76
|
def after_masquerade_path_for(resource)
|
74
77
|
"/custom_url"
|
75
78
|
end
|
76
79
|
end
|
77
|
-
|
80
|
+
|
78
81
|
#### Dont forget to update your Devise routes to point at your Custom Authorization Controller
|
79
82
|
in `routes.rb`:
|
80
83
|
|
@@ -1,8 +1,8 @@
|
|
1
1
|
class Devise::MasqueradesController < DeviseController
|
2
2
|
if respond_to?(:prepend_before_action)
|
3
|
-
prepend_before_action :authenticate_scope!
|
3
|
+
prepend_before_action :authenticate_scope!, :masquerade_authorize!
|
4
4
|
else
|
5
|
-
prepend_before_filter :authenticate_scope!
|
5
|
+
prepend_before_filter :authenticate_scope!, :masquerade_authorize!
|
6
6
|
end
|
7
7
|
|
8
8
|
if respond_to?(:before_action)
|
@@ -74,6 +74,16 @@ class Devise::MasqueradesController < DeviseController
|
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
77
|
+
protected
|
78
|
+
|
79
|
+
def masquerade_authorize!
|
80
|
+
head(403) unless masquerade_authorized?
|
81
|
+
end
|
82
|
+
|
83
|
+
def masquerade_authorized?
|
84
|
+
true
|
85
|
+
end
|
86
|
+
|
77
87
|
private
|
78
88
|
|
79
89
|
def authenticate_scope!
|
@@ -104,4 +114,3 @@ class Devise::MasqueradesController < DeviseController
|
|
104
114
|
"devise_masquerade_#{resource_name}".to_sym
|
105
115
|
end
|
106
116
|
end
|
107
|
-
|
data/features/support/env.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
require 'cucumber/rails'
|
2
2
|
require 'factory_girl'
|
3
3
|
require 'database_cleaner'
|
4
|
+
require 'cucumber/rspec/doubles'
|
4
5
|
|
5
6
|
Dir[File.join(File.dirname(__FILE__), '..', '..', "spec/support/*.rb")].each {|f| require f}
|
6
7
|
|
@@ -21,3 +22,7 @@ end
|
|
21
22
|
Cucumber::Rails::Database.javascript_strategy = :truncation
|
22
23
|
Capybara.javascript_driver = :webkit
|
23
24
|
|
25
|
+
Before do
|
26
|
+
allow_any_instance_of(DeviseController).to receive(:devise_mapping) { Devise.mappings[:user] }
|
27
|
+
end
|
28
|
+
|
@@ -0,0 +1,42 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe MasqueradesController, type: :controller do
|
4
|
+
before { @request.env['devise.mapping'] = Devise.mappings[:user] }
|
5
|
+
|
6
|
+
context 'no access for masquerade' do
|
7
|
+
before do
|
8
|
+
session.clear
|
9
|
+
allow_any_instance_of(MasqueradesController).to receive(:masquerade_authorized?) { false }
|
10
|
+
end
|
11
|
+
|
12
|
+
before { logged_in }
|
13
|
+
|
14
|
+
let(:mask) { create(:user) }
|
15
|
+
|
16
|
+
before { get :show, :id => mask.to_param }
|
17
|
+
|
18
|
+
it { expect(response.status).to eq(403) }
|
19
|
+
it { expect(session.keys).not_to include('devise_masquerade_user') }
|
20
|
+
it { expect(session["warden.user.user.key"].first.first).not_to eq(mask.id) }
|
21
|
+
end
|
22
|
+
|
23
|
+
context 'access for masquerade' do
|
24
|
+
before do
|
25
|
+
session.clear
|
26
|
+
allow_any_instance_of(MasqueradesController).to receive(:masquerade_authorized?) { true }
|
27
|
+
end
|
28
|
+
|
29
|
+
before { logged_in }
|
30
|
+
|
31
|
+
let(:mask) { create(:user) }
|
32
|
+
|
33
|
+
before do
|
34
|
+
expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" }
|
35
|
+
get :show, :id => mask.to_param
|
36
|
+
end
|
37
|
+
|
38
|
+
it { expect(response.status).to eq(302) }
|
39
|
+
it { expect(session.keys).to include('devise_masquerade_user') }
|
40
|
+
it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
|
41
|
+
end
|
42
|
+
end
|
@@ -1,8 +1,6 @@
|
|
1
1
|
class Users::MasqueradesController < Devise::MasqueradesController
|
2
2
|
# Just an example showing how you would add authorization to devise_masquerade
|
3
|
-
|
4
|
-
# do authorization stuff here
|
5
|
-
|
3
|
+
def show
|
6
4
|
super
|
7
5
|
end
|
8
6
|
|
@@ -12,4 +10,4 @@ class Users::MasqueradesController < Devise::MasqueradesController
|
|
12
10
|
def after_masquerade_path_for(resource)
|
13
11
|
"/"
|
14
12
|
end
|
15
|
-
end
|
13
|
+
end
|
data/spec/dummy/config/routes.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_masquerade
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alexandr Korsak
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-06-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -87,10 +87,12 @@ files:
|
|
87
87
|
- spec/controllers/admin/dashboard_controller_spec.rb
|
88
88
|
- spec/controllers/dashboard_controller_spec.rb
|
89
89
|
- spec/controllers/devise/masquerades_controller_spec.rb
|
90
|
+
- spec/controllers/masquerades_controller_spec.rb
|
90
91
|
- spec/dummy/Rakefile
|
91
92
|
- spec/dummy/app/controllers/admin/dashboard_controller.rb
|
92
93
|
- spec/dummy/app/controllers/application_controller.rb
|
93
94
|
- spec/dummy/app/controllers/dashboard_controller.rb
|
95
|
+
- spec/dummy/app/controllers/masquerades_controller.rb
|
94
96
|
- spec/dummy/app/controllers/users/masquerades_controller.rb
|
95
97
|
- spec/dummy/app/helpers/application_helper.rb
|
96
98
|
- spec/dummy/app/models/admin.rb
|
@@ -160,10 +162,12 @@ test_files:
|
|
160
162
|
- spec/controllers/admin/dashboard_controller_spec.rb
|
161
163
|
- spec/controllers/dashboard_controller_spec.rb
|
162
164
|
- spec/controllers/devise/masquerades_controller_spec.rb
|
165
|
+
- spec/controllers/masquerades_controller_spec.rb
|
163
166
|
- spec/dummy/Rakefile
|
164
167
|
- spec/dummy/app/controllers/admin/dashboard_controller.rb
|
165
168
|
- spec/dummy/app/controllers/application_controller.rb
|
166
169
|
- spec/dummy/app/controllers/dashboard_controller.rb
|
170
|
+
- spec/dummy/app/controllers/masquerades_controller.rb
|
167
171
|
- spec/dummy/app/controllers/users/masquerades_controller.rb
|
168
172
|
- spec/dummy/app/helpers/application_helper.rb
|
169
173
|
- spec/dummy/app/models/admin.rb
|