devise_masquerade 0.6.4 → 1.2.0

data/features/multiple_masquerading_models.feature

@@ -0,0 +1,17 @@
+Feature: Use various models for masquerading
+  In order to use various models for masquerading
+  As an masquerade user
+  I want to be able to press press masquerade as link for different models
+
+  Scenario: Use masquerade button on student and user models
+    Given I logged in
+    And I have a user for masquerade
+    And I have a student for masquerade
+
+    When I am on the users page
+    And I login as one user
+      Then I should be login as this user
+
+    When I am on the students page
+    And I login as one student
+      Then I should be login as this student

data/features/step_definitions/auth_steps.rb

@@ -8,3 +8,4 @@ Given /^I logged in$/ do
 
   click_on 'Log in'
 end
+

data/features/step_definitions/back_steps.rb

@@ -1,5 +1,5 @@
 Given /^I have a user for masquerade$/ do
-  @mask = create(:user)
+  @user_mask = create(:user)
 end
 
 When /^I am on the users page$/ do
@@ -7,11 +7,11 @@ When /^I am on the users page$/ do
 end
 
 When /^I login as one user$/ do
-  click_on "Login as"
+  find('.login_as').click
 end
 
 Then /^I should be login as this user$/ do
-  find('.current_user').should have_content(@mask.email)
+  find('.current_user').should have_content(@user_mask.email)
 end
 
 When /^I press back masquerade button$/ do
@@ -22,3 +22,18 @@ Then /^I should be login as owner user$/ do
   find('.current_user').should have_content(@user.email)
 end
 
+Given /^I have a student for masquerade$/ do
+  @student_mask = create(:student)
+end
+
+When /^I am on the students page$/ do
+  visit '/students'
+end
+
+When /^I login as one student$/ do
+  find('.login_as').click
+end
+
+Then /^I should be login as this student$/ do
+  find('.current_student').should have_content(@student_mask.email)
+end

data/features/support/env.rb

@@ -1,5 +1,5 @@
 require 'cucumber/rails'
-require 'factory_girl'
+require 'factory_bot'
 require 'database_cleaner'
 require 'cucumber/rspec/doubles'
 
@@ -9,9 +9,11 @@ ENV["RAILS_ENV"] = "test"
 
 Capybara.default_selector = :css
 
-ActionController::Base.allow_rescue = false
+ActiveSupport.on_load(:action_controller) do
+  self.allow_rescue = false
+end
 
-World(FactoryGirl::Syntax::Methods)
+World(FactoryBot::Syntax::Methods)
 
 begin
   DatabaseCleaner.strategy = :transaction
@@ -20,7 +22,24 @@ rescue NameError
 end
 
 Cucumber::Rails::Database.javascript_strategy = :truncation
-Capybara.javascript_driver = :webkit
+
+Capybara.register_driver :chrome do |app|
+  Capybara::Selenium::Driver.new(app, browser: :chrome)
+end
+
+Capybara.register_driver :headless_chrome do |app|
+  caps = Selenium::WebDriver::Remote::Capabilities.chrome(loggingPrefs: { browser: 'ALL' })
+  opts = Selenium::WebDriver::Chrome::Options.new
+
+  chrome_args = %w[--headless --window-size=1920,1080 --no-sandbox --disable-dev-shm-usage]
+  chrome_args.each { |arg| opts.add_argument(arg) }
+  Capybara::Selenium::Driver.new(app, browser: :chrome, options: opts, desired_capabilities: caps)
+end
+
+Capybara.configure do |config|
+  # change this to :chrome to observe tests in a real browser
+  config.javascript_driver = :headless_chrome
+end
 
 Before do
   allow_any_instance_of(DeviseController).to receive(:devise_mapping) { Devise.mappings[:user] }

data/lib/devise_masquerade/controllers/helpers.rb

@@ -6,13 +6,34 @@ module DeviseMasquerade
         class_name = mapping.class_name
 
         class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def masquerade!
+            return if params["#{Devise.masquerade_param}"].blank?
+
+            klass = unless params[:masqueraded_resource_class].blank?
+              params[:masqueraded_resource_class].constantize
+            else
+              if Devise.masqueraded_resource_class
+                Devise.masqueraded_resource_class
+              elsif defined?(User)
+                User
+              end
+            end
+            return unless klass
+
+            resource = klass.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
+
+            if resource
+              masquerade_sign_in(resource)
+            end
+          end
+
           def masquerade_#{name}!
             return if params["#{Devise.masquerade_param}"].blank?
 
-            #{name} = ::#{class_name}.find_by_masquerade_key(params["#{Devise.masquerade_param}"])
+            resource = ::#{class_name}.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
 
-            if #{name}
-              masquerade_sign_in(#{name})
+            if resource
+              masquerade_sign_in(resource)
             end
           end
 
@@ -22,7 +43,7 @@ module DeviseMasquerade
 
           def #{name}_masquerade_owner
             return nil unless send(:#{name}_masquerade?)
-            ::#{class_name}.to_adapter.find_first(:id => session[:"devise_masquerade_#{name}"])
+            ::#{class_name}.to_adapter.find_first(id: session[:"devise_masquerade_#{name}"])
           end
 
           private
@@ -32,7 +53,7 @@ module DeviseMasquerade
               if respond_to?(:bypass_sign_in)
                 bypass_sign_in(resource)
               else
-                sign_in(resource, :bypass => true)
+                sign_in(resource, bypass: true)
               end
             else
               sign_in(resource)
@@ -50,5 +71,3 @@ module DeviseMasquerade
     end
   end
 end
-
-ActionController::Base.send(:include, DeviseMasquerade::Controllers::Helpers)

data/lib/devise_masquerade/controllers/url_helpers.rb

@@ -1,16 +1,31 @@
+require 'securerandom'
+
 module DeviseMasquerade
   module Controllers
+
     module UrlHelpers
-      def masquerade_path(resource)
+      def masquerade_path(resource, *args)
         scope = Devise::Mapping.find_scope!(resource)
-        send("#{scope}_masquerade_path", resource)
+
+        opts = args.first || {}
+        opts.merge!(masqueraded_resource_class: resource.class.name)
+
+        resource.masquerade!
+        opts.merge!(Devise.masquerade_param => resource.masquerade_key)
+
+        send("#{scope}_masquerade_path", resource, opts, *args)
       end
 
-      def back_masquerade_path(resource)
+      def back_masquerade_path(resource, *args)
         scope = Devise::Mapping.find_scope!(resource)
-        send("back_#{scope}_masquerade_index_path")
+
+        opts = args.first || {}
+        opts.merge!(masqueraded_resource_class: resource.class.name)
+
+        send("back_#{scope}_masquerade_index_path", opts, *args)
       end
     end
+
   end
 end
 

data/lib/devise_masquerade/models/masqueradable.rb

@@ -0,0 +1,47 @@
+module DeviseMasquerade
+  module Models
+    module Masqueradable
+      extend ActiveSupport::Concern
+
+      included do
+        attr_reader :masquerade_key
+
+        def masquerade!
+          @masquerade_key = SecureRandom.urlsafe_base64(
+            Devise.masquerade_key_size)
+          cache_key = self.class.cache_masquerade_key_by(@masquerade_key)
+          ::Rails.cache.write(
+            cache_key, id, expires_in: Devise.masquerade_expires_in)
+        end
+      end
+
+      module ClassMethods
+        def cache_masquerade_key_by(key)
+          "#{self.name.pluralize.underscore}:#{key}:masquerade"
+        end
+
+        def remove_masquerade_key!(key)
+          ::Rails.cache.delete(cache_masquerade_key_by(key))
+        end
+
+        def find_by_masquerade_key(key)
+          id = ::Rails.cache.read(cache_masquerade_key_by(key))
+
+          # clean up the cached masquerade key value
+          remove_masquerade_key!(key)
+
+          where(id: id)
+        end
+
+        def find_by_masquerade_key(key)
+          id = ::Rails.cache.read(cache_masquerade_key_by(key))
+
+          # clean up the cached masquerade key value
+          remove_masquerade_key!(key)
+
+          where(id: id)
+        end
+      end # ClassMethods
+    end
+  end
+end

data/lib/devise_masquerade/models.rb

@@ -0,0 +1,9 @@
+require 'devise_masquerade/models/masqueradable'
+
+module DeviseMasquerade
+  module Models
+
+  end
+end
+
+Devise::Models.send :include, DeviseMasquerade::Models

data/lib/devise_masquerade/rails.rb

@@ -1,7 +1,17 @@
+# frozen_string_literal: true
+
 module DeviseMasquerade
-  class Engine < ::Rails::Engine
-    ActiveSupport.on_load(:action_controller) { include DeviseMasquerade::Controllers::UrlHelpers }
-    ActiveSupport.on_load(:action_view)       { include DeviseMasquerade::Controllers::UrlHelpers }
+  module Rails
+
+    class Engine < ::Rails::Engine
+      initializer "devise.url_helpers" do
+        Devise.include_helpers(DeviseMasquerade::Controllers)
+      end
+
+      ActiveSupport.on_load(:action_controller) do
+        include DeviseMasquerade::Controllers::Helpers
+      end
+    end
+
   end
 end
-

data/lib/devise_masquerade/routes.rb

@@ -1,17 +1,19 @@
-module ActionDispatch::Routing
-  class Mapper
-
-    protected
+module DeviseMasquerade
+  module Routes
 
     def devise_masquerade(mapping, controllers)
       resources :masquerade,
-        :only => :show,
-        :path => mapping.path_names[:masquerade],
-        :controller => controllers[:masquerades] do
+        only: :show,
+        path: mapping.path_names[:masquerade],
+        controller: controllers[:masquerades] do
 
-        get :back, :on => :collection
+        collection do
+          get :back
+        end
       end
     end
+
   end
 end
 
+ActionDispatch::Routing::Mapper.send :include, DeviseMasquerade::Routes

data/lib/devise_masquerade/version.rb

@@ -1,3 +1,3 @@
 module DeviseMasquerade
-  VERSION = '0.6.4'.freeze
+  VERSION = '1.2.0'.freeze
 end

data/lib/devise_masquerade.rb

@@ -1,22 +1,16 @@
 require 'devise'
-
-require 'action_controller'
-require 'action_controller/base'
 require 'devise_masquerade/version'
 require 'devise_masquerade/routes'
 require 'devise_masquerade/controllers/helpers'
 require 'devise_masquerade/controllers/url_helpers'
 require 'devise_masquerade/rails'
 
-module DeviseMasquerade
-end
-
 module Devise
   mattr_accessor :masquerade_param
   @@masquerade_param = 'masquerade'
 
   mattr_accessor :masquerade_expires_in
-  @@masquerade_expires_in = 10.seconds
+  @@masquerade_expires_in = 1.minute
 
   mattr_accessor :masquerade_key_size
   @@masquerade_key_size = 16
@@ -42,5 +36,5 @@ module Devise
   @@helpers << DeviseMasquerade::Controllers::Helpers
 end
 
-Devise.add_module :masqueradable, :controller => :masquerades,
-  :model => 'devise_masquerade/model', :route => :masquerade
+Devise.add_module :masqueradable, controller: :masquerades,
+  model: 'devise_masquerade/models', route: :masquerade

data/spec/controllers/admin/dashboard_controller_spec.rb

@@ -5,14 +5,15 @@ describe Admin::DashboardController, type: :controller do
     before { admin_logged_in }
 
     context 'and admin masquerade by user' do
-      let!(:user) { create(:admin_user) }
+      let!(:mask) { create(:admin_user) }
 
       before do
-        user.masquerade!
-        get :index, :masquerade => user.masquerade_key
+        mask.masquerade!
+
+        get :index, params: { masquerade: mask.masquerade_key, masqueraded_resource_class: 'Admin::User' }
       end
 
-      it { expect(current_admin_user.reload).to eq(user) }
+      it { expect(current_admin_user.reload).to eq(mask) }
     end
   end
 end

data/spec/controllers/dashboard_controller_spec.rb

@@ -5,15 +5,15 @@ describe DashboardController, type: :controller do
     before { logged_in }
 
     context 'and admin masquerade by user' do
-      let!(:user) { create(:user) }
+      let!(:mask) { create(:user) }
 
       before do
-        user.masquerade!
+        mask.masquerade!
 
-        get :index, :masquerade => user.masquerade_key
+        get :index, params: { masquerade: mask.masquerade_key }
       end
 
-      it { expect(current_user.reload).to eq(user) }
+      it { expect(current_user.reload).to eq(mask) }
     end
   end
 end

data/spec/controllers/devise/masquerades_controller_spec.rb

@@ -7,17 +7,36 @@ describe Devise::MasqueradesController, type: :controller do
     context 'when logged in' do
       before { logged_in }
 
+      context 'with masqueradable_class param' do
+        let(:mask) { create(:student) }
+
+        before { mask.masquerade! }
+
+        before do
+          get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
+        end
+
+        it { expect(session.keys).to include('devise_masquerade_student') }
+
+        it 'should have warden keys defined' do
+          expect(session["warden.user.student.key"].first.first).to eq(mask.id)
+        end
+
+        it { should redirect_to('/') }
+      end
+
       describe '#masquerade user' do
         let(:mask) { create(:user) }
 
+        before { mask.masquerade! }
+
         before do
-          expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" }
-          get :show, :id => mask.to_param
+          get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
         end
 
         it { expect(session.keys).to include('devise_masquerade_user') }
         it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
-        it { should redirect_to("/?masquerade=secure_key") }
+        it { should redirect_to('/') }
 
         context 'and back' do
           before { get :back }
@@ -26,54 +45,59 @@ describe Devise::MasqueradesController, type: :controller do
           it { expect(current_user.reload).to eq(@user) }
           it { expect(session.keys).not_to include('devise_masquerade_user') }
         end
+      end
 
-        # Configure masquerade_routes_back setting
-        describe 'config#masquerade_routes_back' do
-          before { Devise.setup {|c| c.masquerade_routes_back = true } }
-
-          context 'show' do
-            before { expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
-
-            context '< Rails 5 version' do
-              before do
-                @request.env['HTTP_REFERER'] = 'previous_location'
-                get :show, id: mask.to_param
-              end # before
+      # Configure masquerade_routes_back setting
+      describe 'config#masquerade_routes_back' do
+        let(:mask) { create(:user) }
 
-              it { should redirect_to('previous_location') }
-            end # context
+        before { Devise.setup { |c| c.masquerade_routes_back = true } }
 
-            context '< Rails 5, fallback if http_referer not present' do
-              before do
-                allow_any_instance_of(described_class).to receive(:after_masquerade_path_for).and_return("/dashboard?color=red")
-              end
+        after { Devise.masquerade_routes_back = false }
 
-              before { get :show, id: mask.to_param }
+        before { mask.masquerade! }
 
-              it { should redirect_to("/dashboard?color=red&masquerade=secure_key") }
-            end # context
-          end # context
-
-          context '< Rails 5, and back' do
-            before { get :back }
+        context 'show' do
+          context 'with http referrer' do
+            before do
+              @request.env['HTTP_REFERER'] = 'previous_location'
+              get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
+            end # before
 
-            it { should redirect_to(masquerade_page) }
+            it { should redirect_to('previous_location') }
           end # context
 
-          context '< Rails 5, and back fallback if http_referer not present' do
+          context 'no http referrer' do
             before do
-              @request.env['HTTP_REFERER'] = 'previous_location'
-              get :back
+              allow_any_instance_of(described_class).to(
+                receive(:after_masquerade_path_for).and_return("/dashboard?color=red"))
             end
 
-            it { should redirect_to('previous_location') }
+            before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
+
+            it { should redirect_to("/dashboard?color=red") }
           end # context
-        end # describe
-      end
+        end # context
+
+        context 'and back' do
+          before { get :back }
+
+          it { should redirect_to(masquerade_page) }
+        end # context
+
+        context 'and back fallback if http_referer not present' do
+          before do
+            @request.env['HTTP_REFERER'] = 'previous_location'
+            get :back
+          end
+
+          it { should redirect_to('previous_location') }
+        end # context
+      end # describe
     end
 
     context 'when not logged in' do
-      before { get :show, :id => 'any_id' }
+      before { get :show, params: { id: 'any_id' } }
 
       it { should redirect_to(new_user_session_path) }
     end

data/spec/controllers/{masquerades_controller_spec.rb → masquerades_tests_controller_spec.rb}

@@ -1,42 +1,45 @@
 require 'spec_helper'
 
-describe MasqueradesController, type: :controller do
+describe MasqueradesTestsController, type: :controller do
   before { @request.env['devise.mapping'] = Devise.mappings[:user] }
 
   context 'no access for masquerade' do
     before do
       session.clear
-      allow_any_instance_of(MasqueradesController).to receive(:masquerade_authorized?) { false }
+      allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { false }
     end
 
     before { logged_in }
 
     let(:mask) { create(:user) }
 
-    before { get :show, :id => mask.to_param }
+    before { mask.masquerade! }
+
+    before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
 
     it { expect(response.status).to eq(403) }
     it { expect(session.keys).not_to include('devise_masquerade_user') }
-    it { expect(session["warden.user.user.key"].first.first).not_to eq(mask.id) }
+    it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
   end
 
   context 'access for masquerade' do
     before do
       session.clear
-      allow_any_instance_of(MasqueradesController).to receive(:masquerade_authorized?) { true }
+      allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { true }
     end
 
     before { logged_in }
 
     let(:mask) { create(:user) }
 
+    before { mask.masquerade! }
+
     before do
-      expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" }
-      get :show, :id => mask.to_param
+      get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
     end
 
     it { expect(response.status).to eq(302) }
     it { expect(session.keys).to include('devise_masquerade_user') }
-    it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
+    it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
   end
 end

data/spec/dummy/app/controllers/admin/dashboard_controller.rb

@@ -1,6 +1,5 @@
 class Admin::DashboardController < ApplicationController
-  before_filter :authenticate_admin_user!
-  before_filter :masquerade_admin_user!
+  before_action :authenticate_admin_user!
 
   def index
     @users = Admin::User.where("admin_users.id != ?", current_admin_user.id).all

data/spec/dummy/app/controllers/application_controller.rb

@@ -1,4 +1,6 @@
 class ApplicationController < ActionController::Base
+  before_action :masquerade!
+
   protect_from_forgery
 end
 

data/spec/dummy/app/controllers/dashboard_controller.rb

@@ -1,6 +1,5 @@
 class DashboardController < ApplicationController
-  before_filter :authenticate_user!
-  before_filter :masquerade_user!
+  before_action :authenticate_user!
 
   def index
     @users = User.where("users.id != ?", current_user.id).all

data/spec/dummy/app/controllers/masquerades_tests_controller.rb

@@ -0,0 +1,7 @@
+class MasqueradesTestsController < Devise::MasqueradesController
+  before_action :authenticate_user!
+
+  def show
+    super
+  end
+end

data/spec/dummy/app/controllers/students_controller.rb

@@ -0,0 +1,8 @@
+class StudentsController < ApplicationController
+  before_action :authenticate_user!
+
+  def index
+    @students = Student.all
+  end
+end
+

data/spec/dummy/app/models/admin/user.rb

@@ -1,13 +1,6 @@
 class Admin::User < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :token_authenticatable, :confirmable,
-  # :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :masqueradable
-
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
-  # attr_accessible :title, :body
 end
 

data/spec/dummy/app/models/student.rb

@@ -0,0 +1,3 @@
+class Student < ActiveRecord::Base
+  devise :database_authenticatable, :validatable, :masqueradable
+end

data/spec/dummy/app/models/user.rb

@@ -1,12 +1,3 @@
 class User < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :token_authenticatable, :confirmable,
-  # :lockable, :timeoutable and :omniauthable
-  devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable,
-         :masqueradable
-
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
-  # attr_accessible :title, :body
+  devise :database_authenticatable, :validatable, :masqueradable
 end