devise_masquerade 0.4.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 417fd89c5319cada031d19c75351278a793d891f
-  data.tar.gz: 2beabc09bbe11a916c7cac22e58577c132feb7be
+  metadata.gz: '08ff9d50cb4dd74d3f209afa2f34a0905058ba5e'
+  data.tar.gz: ce4059a49c9877569b475ea5577627071d1ffb01
 SHA512:
-  metadata.gz: b9aca21064db3b097059eb20a91bb42c2699458eee8f21e88d2ad7db56be5d97dae9a743cfece7fb91f93d829aa2bfac02d881064f53ccd5664e31fea19e1b11
-  data.tar.gz: e010d497e12e9bc3b3c7d875e01c99209f329fbe48fcf3d04dd29b03641b81c17526af8e9d9ec9e8ee8ecfc0d6509652c4a16ec1c319a71e0dd67d333e6547ab
+  metadata.gz: 72638104b38f4f2ca1d594e4aa26534cc236a445c1d3468c832bf1d98c329665013db732f760e1622f59cf43c4e5edf344acabfe7eb3295d8d1d95231a1634da
+  data.tar.gz: f15e6b83c28d33bbb3eea1f6166e81695c1d323afcdc22ba6c94ca067b65f298f6395a7cd5c867bd0a2026708d265ddd096d0c618af9b3fb5b91be9e49e2aa75

data/README.md

@@ -53,28 +53,31 @@ helpers:
 
     class Admin::MasqueradesController < Devise::MasqueradesController
       def show
-        authorize!(:masquerade, User)
-
         super
       end
-    end
 
-## Custom url redirect after masquerade:
+      protected
 
-    class Admin::MasqueradesController < Devise::MasqueradesController
-      def show
+      def masquerade_authorize!
         authorize!(:masquerade, User)
-
-        super
       end
 
+      # or you can define:
+      # def masquerade_authorized?
+      #   <has access to something?> (true/false)
+      # end
+    end
+
+## Custom url redirect after masquerade:
+
+    class Admin::MasqueradesController < Devise::MasqueradesController
       protected
 
       def after_masquerade_path_for(resource)
         "/custom_url"
       end
     end
-    
+
 #### Dont forget to update your Devise routes to point at your Custom Authorization Controller
 in `routes.rb`:
 

data/app/controllers/devise/masquerades_controller.rb

@@ -1,8 +1,8 @@
 class Devise::MasqueradesController < DeviseController
   if respond_to?(:prepend_before_action)
-    prepend_before_action :authenticate_scope!
+    prepend_before_action :authenticate_scope!, :masquerade_authorize!
   else
-    prepend_before_filter :authenticate_scope!
+    prepend_before_filter :authenticate_scope!, :masquerade_authorize!
   end
 
   if respond_to?(:before_action)
@@ -74,6 +74,16 @@ class Devise::MasqueradesController < DeviseController
     end
   end
 
+  protected
+
+  def masquerade_authorize!
+    head(403) unless masquerade_authorized?
+  end
+
+  def masquerade_authorized?
+    true
+  end
+
   private
 
   def authenticate_scope!
@@ -104,4 +114,3 @@ class Devise::MasqueradesController < DeviseController
     "devise_masquerade_#{resource_name}".to_sym
   end
 end
-

data/features/support/env.rb

@@ -1,6 +1,7 @@
 require 'cucumber/rails'
 require 'factory_girl'
 require 'database_cleaner'
+require 'cucumber/rspec/doubles'
 
 Dir[File.join(File.dirname(__FILE__), '..', '..', "spec/support/*.rb")].each {|f| require f}
 
@@ -21,3 +22,7 @@ end
 Cucumber::Rails::Database.javascript_strategy = :truncation
 Capybara.javascript_driver = :webkit
 
+Before do
+  allow_any_instance_of(DeviseController).to receive(:devise_mapping) { Devise.mappings[:user] }
+end
+

data/lib/devise_masquerade/version.rb

@@ -1,3 +1,3 @@
 module DeviseMasquerade
-  VERSION = "0.4.0"
+  VERSION = "0.5.0"
 end

data/spec/controllers/masquerades_controller_spec.rb

@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe MasqueradesController, type: :controller do
+  before { @request.env['devise.mapping'] = Devise.mappings[:user] }
+
+  context 'no access for masquerade' do
+    before do
+      session.clear
+      allow_any_instance_of(MasqueradesController).to receive(:masquerade_authorized?) { false }
+    end
+
+    before { logged_in }
+
+    let(:mask) { create(:user) }
+
+    before { get :show, :id => mask.to_param }
+
+    it { expect(response.status).to eq(403) }
+    it { expect(session.keys).not_to include('devise_masquerade_user') }
+    it { expect(session["warden.user.user.key"].first.first).not_to eq(mask.id) }
+  end
+
+  context 'access for masquerade' do
+    before do
+      session.clear
+      allow_any_instance_of(MasqueradesController).to receive(:masquerade_authorized?) { true }
+    end
+
+    before { logged_in }
+
+    let(:mask) { create(:user) }
+
+    before do
+      expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" }
+      get :show, :id => mask.to_param
+    end
+
+    it { expect(response.status).to eq(302) }
+    it { expect(session.keys).to include('devise_masquerade_user') }
+    it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
+  end
+end

data/spec/dummy/app/controllers/masquerades_controller.rb

@@ -0,0 +1,5 @@
+class MasqueradesController < Devise::MasqueradesController
+  def show
+    super
+  end
+end

data/spec/dummy/app/controllers/users/masquerades_controller.rb

@@ -1,8 +1,6 @@
 class Users::MasqueradesController < Devise::MasqueradesController
   # Just an example showing how you would add authorization to devise_masquerade
-   def show
-    # do authorization stuff here 
-
+  def show
     super
   end
 
@@ -12,4 +10,4 @@ class Users::MasqueradesController < Devise::MasqueradesController
   def after_masquerade_path_for(resource)
     "/"
   end
-end
+end

data/spec/dummy/config/routes.rb

@@ -4,8 +4,9 @@ Dummy::Application.routes.draw do
 
   root :to => 'dashboard#index'
 
+  resources :masquerades
+
   namespace :admin do
     root :to => 'dashboard#index'
   end
 end
-

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_masquerade
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Alexandr Korsak
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-14 00:00:00.000000000 Z
+date: 2017-06-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -87,10 +87,12 @@ files:
 - spec/controllers/admin/dashboard_controller_spec.rb
 - spec/controllers/dashboard_controller_spec.rb
 - spec/controllers/devise/masquerades_controller_spec.rb
+- spec/controllers/masquerades_controller_spec.rb
 - spec/dummy/Rakefile
 - spec/dummy/app/controllers/admin/dashboard_controller.rb
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/controllers/dashboard_controller.rb
+- spec/dummy/app/controllers/masquerades_controller.rb
 - spec/dummy/app/controllers/users/masquerades_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
 - spec/dummy/app/models/admin.rb
@@ -160,10 +162,12 @@ test_files:
 - spec/controllers/admin/dashboard_controller_spec.rb
 - spec/controllers/dashboard_controller_spec.rb
 - spec/controllers/devise/masquerades_controller_spec.rb
+- spec/controllers/masquerades_controller_spec.rb
 - spec/dummy/Rakefile
 - spec/dummy/app/controllers/admin/dashboard_controller.rb
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/controllers/dashboard_controller.rb
+- spec/dummy/app/controllers/masquerades_controller.rb
 - spec/dummy/app/controllers/users/masquerades_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
 - spec/dummy/app/models/admin.rb