devise_masquerade 0.5.3 → 1.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: bf92dd8ac9972b55c63ff7b7b45527dc6dbedecc
-  data.tar.gz: c844f06c0b9124705dff331aea2bae877b342587
+SHA256:
+  metadata.gz: 7e8cd4d05e6a1c75e17d26588532e261c01e95689d87d491757132d3242faed7
+  data.tar.gz: a9e581005ebf3f238f39aa83d276cef37716bbc1669462f2a4e80f745e29c70a
 SHA512:
-  metadata.gz: bbc8724e293c172038bd0ef62bcff064b9f206bf65f410f99cf49826a8d99d863c9098d87e1b0d1330a63bfe45ba626fa63fba3e627472e31bd0fd779b6b8a0b
-  data.tar.gz: 002b0d76daac1a263bf64d8d7512059475612e2df0e37e52a29b2a297760a2df62c33c54712289e262edeaebee1664a0d8fab1c4030f263538495284fb2ce776
+  metadata.gz: 27aee8dd6cfd3f270a466bc30c4a4b545c7b4e944c3794567ed6c220b86598ff2e5361cb00a7cb7a49d20fccc6532cbd97cd0e301459c5b980bbe2e6052847d8
+  data.tar.gz: 4df45047b964dd10855dbf563f907bedd5e497130cfab4e5b7d65168d5ca91d47265ea562aea1345563fe15b17f7e944b867dfae3420f4e9cbd030287952bc8f

data/.github/FUNDING.yml

@@ -0,0 +1 @@
+patreon: oivoodoo

data/.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,44 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+# This section configures the trigger for the workflow. Feel free to customize depending on your convention
+on:
+  push:
+    branches: [ "master", "main" ]
+  pull_request:
+    branches: [ "master", "main" ]
+
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

data/.github/workflows/rubocop-analysis.yml

@@ -0,0 +1,39 @@
+name: "Rubocop"
+
+on: push
+
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # If running on a self-hosted runner, check it meets the requirements
+    # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+
+    # This step is not necessary if you add the gem to your Gemfile
+    - name: Install Code Scanning integration
+      run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
+
+    - name: Install dependencies
+      run: bundle install
+
+    - name: Rubocop run
+      run: |
+        bash -c "
+          bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
+          [[ $? -ne 2 ]]
+        "
+
+    - name: Upload Sarif output
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: rubocop.sarif

data/.gitignore

@@ -3,7 +3,6 @@
 .bundle
 .config
 .yardoc
-Gemfile.lock
 InstalledFiles
 _yardoc
 coverage
@@ -19,4 +18,4 @@ spec/dummy/db/*.sqlite3
 tmp
 tags
 .vimrc
-
+vendor/

data/.ruby-version

@@ -1 +1 @@
-2.3.3
+2.7.2

data/.travis.yml

@@ -1,12 +1,11 @@
 language: ruby
 rvm:
-  - 2.2.5
-  - 2.3.1
-  - 2.3.3
+  - 2.5.1
+  - 2.6.0
+  - 2.7.2
 gemfile:
   - Gemfile
 script: time ./script/travis.sh
-cache: bundler
 sudo: false
 addons:
   apt:

data/Gemfile

@@ -4,10 +4,10 @@ source 'https://rubygems.org'
 gemspec
 
 group :test do
-  gem 'activerecord', '~> 3.0'
-  gem 'actionmailer', '~> 3.0'
-  gem "bson_ext", "~> 1.3"
-  gem 'sqlite3'
+  gem 'activerecord', '>= 5.2'
+  gem 'actionmailer', '>= 5.2'
+  gem 'bson_ext', '~> 1.3'
+  gem 'sqlite3', '~> 1.4'
 
   gem 'test-unit'
 
@@ -15,21 +15,27 @@ group :test do
   gem 'pry-byebug'
 
   gem 'guard'
-  gem 'guard-rspec'
+  gem 'guard-rspec', '~> 4.7'
   gem 'guard-bundler'
   gem 'guard-cucumber'
 
-  gem 'rspec-rails'
-  gem 'rspec'
-  gem 'rspec-mocks'
+  gem 'rspec', github: 'rspec/rspec'
+  gem 'rspec-core', github: 'rspec/rspec-core'
+  gem 'rspec-expectations', github: 'rspec/rspec-expectations'
+  gem 'rspec-mocks', github: 'rspec/rspec-mocks'
+  gem 'rspec-rails', github: 'rspec/rspec-rails'
+  gem 'rspec-support', github: 'rspec/rspec-support'
 
   gem 'shoulda'
   gem 'rb-fsevent'
-  gem 'factory_girl_rails'
+  gem 'factory_bot_rails'
   gem 'database_cleaner', '< 1.1.0'
   gem 'cucumber'
   gem 'cucumber-rails'
   gem 'capybara'
-  gem 'capybara-webkit'
+  gem 'selenium-webdriver'
+  gem 'chromedriver-helper'
   gem 'launchy'
+
+  gem "nokogiri", ">= 1.10.8"
 end

data/Gemfile.lock

@@ -0,0 +1,307 @@
+GIT
+  remote: https://github.com/rspec/rspec-core.git
+  revision: b7067c5da4fde57cbbff739b168008482e61db44
+  specs:
+    rspec-core (3.10.0.pre)
+      rspec-support (= 3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec-expectations.git
+  revision: 99f9bcaff2a6f3d82f4e350e829eca6ab015694f
+  specs:
+    rspec-expectations (3.10.0.pre)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec-mocks.git
+  revision: 5b897e8f74f3059aef43f1ed5f91719f2267a04e
+  specs:
+    rspec-mocks (3.10.0.pre)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec-rails.git
+  revision: 9b7ab39c027a8cb25e2ebe9e0e985756025b0549
+  specs:
+    rspec-rails (4.0.0.pre)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (= 3.10.0.pre)
+      rspec-expectations (= 3.10.0.pre)
+      rspec-mocks (= 3.10.0.pre)
+      rspec-support (= 3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec-support.git
+  revision: 673133cdd13b17077b3d88ece8d7380821f8d7dc
+  specs:
+    rspec-support (3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec.git
+  revision: e1c2c6bd78c849d7956431331f32ba5092951dab
+  specs:
+    rspec (3.10.0.pre)
+      rspec-core (= 3.10.0.pre)
+      rspec-expectations (= 3.10.0.pre)
+      rspec-mocks (= 3.10.0.pre)
+
+PATH
+  remote: .
+  specs:
+    devise_masquerade (1.3.1)
+      devise (>= 4.7.0)
+      globalid (>= 0.3.6)
+      railties (>= 5.2.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (6.0.0)
+      actionpack (= 6.0.0)
+      actionview (= 6.0.0)
+      activejob (= 6.0.0)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (6.0.0)
+      actionview (= 6.0.0)
+      activesupport (= 6.0.0)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (6.0.0)
+      activesupport (= 6.0.0)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.0)
+      activesupport (= 6.0.0)
+      globalid (>= 0.3.6)
+    activemodel (6.0.0)
+      activesupport (= 6.0.0)
+    activerecord (6.0.0)
+      activemodel (= 6.0.0)
+      activesupport (= 6.0.0)
+    activesupport (6.0.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+      zeitwerk (~> 2.1, >= 2.1.8)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    archive-zip (0.12.0)
+      io-like (~> 0.3.0)
+    backports (3.15.0)
+    bcrypt (3.1.16)
+    bson (1.12.5)
+    bson_ext (1.12.5)
+      bson (~> 1.12.5)
+    builder (3.2.3)
+    byebug (11.0.1)
+    capybara (3.29.0)
+      addressable
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (~> 1.5)
+      xpath (~> 3.2)
+    childprocess (3.0.0)
+    chromedriver-helper (2.1.1)
+      archive-zip (~> 0.10)
+      nokogiri (~> 1.8)
+    coderay (1.1.2)
+    concurrent-ruby (1.1.5)
+    crass (1.0.5)
+    cucumber (3.1.2)
+      builder (>= 2.1.2)
+      cucumber-core (~> 3.2.0)
+      cucumber-expressions (~> 6.0.1)
+      cucumber-wire (~> 0.0.1)
+      diff-lcs (~> 1.3)
+      gherkin (~> 5.1.0)
+      multi_json (>= 1.7.5, < 2.0)
+      multi_test (>= 0.1.2)
+    cucumber-core (3.2.1)
+      backports (>= 3.8.0)
+      cucumber-tag_expressions (~> 1.1.0)
+      gherkin (~> 5.0)
+    cucumber-expressions (6.0.1)
+    cucumber-rails (1.8.0)
+      capybara (>= 2.12, < 4)
+      cucumber (>= 3.0.2, < 4)
+      mime-types (>= 2.0, < 4)
+      nokogiri (~> 1.8)
+      railties (>= 4.2, < 7)
+    cucumber-tag_expressions (1.1.1)
+    cucumber-wire (0.0.1)
+    database_cleaner (1.0.1)
+    devise (4.7.3)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
+    diff-lcs (1.3)
+    erubi (1.9.0)
+    factory_bot (5.1.1)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.1.1)
+      factory_bot (~> 5.1.0)
+      railties (>= 4.2.0)
+    ffi (1.11.1)
+    formatador (0.2.5)
+    gherkin (5.1.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    guard (2.15.1)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-bundler (2.2.1)
+      bundler (>= 1.3.0, < 3)
+      guard (~> 2.2)
+      guard-compat (~> 1.1)
+    guard-compat (1.2.1)
+    guard-cucumber (1.5.4)
+      cucumber (>= 1.3.0)
+      guard-compat (~> 1.0)
+      nenv (~> 0.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    i18n (1.7.0)
+      concurrent-ruby (~> 1.0)
+    io-like (0.3.0)
+    launchy (2.4.3)
+      addressable (~> 2.3)
+    listen (3.2.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    loofah (2.3.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    lumberjack (1.0.13)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    method_source (0.9.2)
+    mime-types (3.3)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2019.1009)
+    mini_mime (1.0.2)
+    mini_portile2 (2.5.0)
+    minitest (5.12.2)
+    multi_json (1.14.1)
+    multi_test (0.1.2)
+    nenv (0.3.0)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    orm_adapter (0.5.0)
+    power_assert (1.1.5)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-byebug (3.7.0)
+      byebug (~> 11.0)
+      pry (~> 0.10)
+    public_suffix (4.0.1)
+    racc (1.5.2)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (6.0.0)
+      actionpack (= 6.0.0)
+      activesupport (= 6.0.0)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.20.3, < 2.0)
+    rake (13.0.0)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.10.0)
+      ffi (~> 1.0)
+    regexp_parser (1.6.0)
+    responders (3.0.1)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
+    rubyzip (2.0.0)
+    selenium-webdriver (3.142.6)
+      childprocess (>= 0.5, < 4.0)
+      rubyzip (>= 1.2.2)
+    shellany (0.0.1)
+    shoulda (3.6.0)
+      shoulda-context (~> 1.0, >= 1.0.1)
+      shoulda-matchers (~> 3.0)
+    shoulda-context (1.2.2)
+    shoulda-matchers (3.1.3)
+      activesupport (>= 4.0.0)
+    sqlite3 (1.4.1)
+    test-unit (3.3.4)
+      power_assert
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    warden (1.2.9)
+      rack (>= 2.0.9)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
+    zeitwerk (2.2.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionmailer (>= 5.2)
+  activerecord (>= 5.2)
+  bson_ext (~> 1.3)
+  bundler (>= 2.0.0)
+  capybara
+  chromedriver-helper
+  cucumber
+  cucumber-rails
+  database_cleaner (< 1.1.0)
+  devise_masquerade!
+  factory_bot_rails
+  guard
+  guard-bundler
+  guard-cucumber
+  guard-rspec (~> 4.7)
+  launchy
+  nokogiri (>= 1.10.8)
+  pry
+  pry-byebug
+  rb-fsevent
+  rspec!
+  rspec-core!
+  rspec-expectations!
+  rspec-mocks!
+  rspec-rails!
+  rspec-support!
+  selenium-webdriver
+  shoulda
+  sqlite3 (~> 1.4)
+  test-unit
+
+BUNDLED WITH
+   2.1.4

data/Makefile

@@ -1,6 +1,11 @@
+release:
+	bundle exec rake release
+.PHONY: release
+
 setup:
 	cd spec/dummy && \
-	RAILS_ENV=test rake db:setup
+	bundle exec rails db:environment:set RAILS_ENV=test && \
+	RAILS_ENV=test bundle exec rails db:setup
 .PHONY: setup
 
 rspec:

data/README.md

@@ -1,5 +1,6 @@
 # Devise Masquerade
 [![Gitter](https://badges.gitter.im/Join Chat.svg)](https://gitter.im/oivoodoo/devise_masquerade?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade?ref=badge_shield)
 
 [![Build Status](https://secure.travis-ci.org/oivoodoo/devise_masquerade.png?branch=master)](https://travis-ci.org/oivoodoo/devise_masquerade)
 
@@ -32,13 +33,29 @@ In the view you can use url helper for defining link:
 
     = link_to "Login As", masquerade_path(user)
 
+`masquerade_path` would create specific `/masquerade` path with query params `masquerade`(key) and `masqueraded_resource_class` to know
+which model to choose to search and sign in by masquerade key.
+
 In the model you'll need to add the parameter :masqueradable to the existing comma separated values in the devise method:
 
+```ruby
     devise :invitable, :confirmable, :database_authenticatable, :registerable, :masqueradable
+```
 
-Add into your application_controller.rb:
+Add into your `application_controller.rb` if you want to have custom way on sign in by using masquerade token otherwise you can still
+use only `masquerade_path` in your view to generate temporary token and link to make `Login As`:
 
+```ruby
     before_action :masquerade_user!
+```
+
+or
+
+```ruby
+    before_action :masquerade!
+```
+
+`masquerade!` is generic way in case if you want to support multiple models on masquerade.
 
 Instead of user you can use your resource name admin, student or another names.
 
@@ -51,6 +68,7 @@ helpers:
 
 ## Custom controller for adding cancan for authorization
 
+```ruby
     class Admin::MasqueradesController < Devise::MasqueradesController
       def show
         super
@@ -67,9 +85,33 @@ helpers:
       #   <has access to something?> (true/false)
       # end
     end
+```
+
+## Alternatively using Pundit
+
+Controller:
+
+```ruby
+    class Admin::MasqueradesController < Devise::MasqueradesController
+      protected
+
+      def masquerade_authorize!
+        authorize(User, :masquerade?) unless params[:action] == 'back'
+      end
+    end
+```
+
+In your view:
+
+```erb
+    <% if policy(@user).masquerade? %>
+      <%= link_to "Login as", masquerade_path(@user) %>
+    <% end %>
+```
 
 ## Custom url redirect after masquerade:
 
+```ruby
     class Admin::MasqueradesController < Devise::MasqueradesController
       protected
 
@@ -77,20 +119,56 @@ helpers:
         "/custom_url"
       end
     end
+```
+
+## Custom url redirect after finishing masquerade:
+
+```ruby
+    class Admin::MasqueradesController < Devise::MasqueradesController
+      protected
+
+      def after_back_masquerade_path_for(resource)
+        "/custom_url"
+      end
+    end
+```
+
+## Overriding the finder
+
+For example, if you use FriendlyId:
+
+```ruby
+    class Admin::MasqueradesController < Devise::MasqueradesController
+      protected
+
+      def find_resource
+        masqueraded_resource_class.friendly.find(params[:id])
+      end
+    end
+```
 
 #### Dont forget to update your Devise routes to point at your Custom Authorization Controller
 in `routes.rb`:
 
+```ruby
     devise_for :users, controllers: { masquerades: "admin/masquerades" }
-
+```
 
 ## You can redefine few options:
 
+```ruby
     Devise.masquerade_param = 'masquerade'
     Devise.masquerade_expires_in = 10.seconds
     Devise.masquerade_key_size = 16 # size of the generate by SecureRandom.urlsafe_base64
     Devise.masquerade_bypass_warden_callback = false
     Devise.masquerade_routes_back = false # if true, route back to the page the user was on via redirect_back
+    Devise.masquerading_resource_class = User
+    # optional, default: masquerading_resource_class.model_name.param_key
+    Devise.masquerading_resource_name = :user
+    Devise.masqueraded_resource_class = AdminUser
+    # optional, default: masqueraded_resource_class.model_name.param_key
+    Devise.masqueraded_resource_name = :admin_user
+```
 
 ## Demo project
 
@@ -101,14 +179,17 @@ in `routes.rb`:
 And check http://localhost:3000/, use for login user1@example.com and
 'password'
 
-## Test project
+## Troubleshooting
 
-    cd spec/dummy
-    RAILS_ENV=test rake db:setup
-    cd -
-    rspec
-    cucumber
+Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Chances are that you need to enable caching:
+
+    rails dev:cache
 
+This is a one-time operation, so you can set it and forget it. Should you ever need to disable caching in development, you can re-run the command as required.
+
+## Test project
+
+    make test
 
 ## Contributing
 
@@ -117,3 +198,7 @@ And check http://localhost:3000/, use for login user1@example.com and
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create new Pull Request
+
+
+## License
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade?ref=badge_large)