devise_masquerade 0.6.4 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devise_masquerade might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.gitignore +1 -2
- data/.ruby-version +1 -1
- data/.travis.yml +2 -4
- data/Gemfile +14 -10
- data/Gemfile.lock +303 -0
- data/Makefile +6 -1
- data/README.md +25 -1
- data/app/controllers/devise/masquerades_controller.rb +70 -54
- data/devise_masquerade.gemspec +4 -4
- data/features/back.feature +0 -1
- data/features/multiple_masquerading_models.feature +17 -0
- data/features/step_definitions/auth_steps.rb +1 -0
- data/features/step_definitions/back_steps.rb +18 -3
- data/features/support/env.rb +23 -4
- data/lib/devise_masquerade/controllers/helpers.rb +26 -7
- data/lib/devise_masquerade/controllers/url_helpers.rb +19 -4
- data/lib/devise_masquerade/models/masqueradable.rb +47 -0
- data/lib/devise_masquerade/models.rb +9 -0
- data/lib/devise_masquerade/rails.rb +14 -4
- data/lib/devise_masquerade/routes.rb +10 -8
- data/lib/devise_masquerade/version.rb +1 -1
- data/lib/devise_masquerade.rb +3 -9
- data/spec/controllers/admin/dashboard_controller_spec.rb +5 -4
- data/spec/controllers/dashboard_controller_spec.rb +4 -4
- data/spec/controllers/devise/masquerades_controller_spec.rb +60 -36
- data/spec/controllers/{masquerades_controller_spec.rb → masquerades_tests_controller_spec.rb} +11 -8
- data/spec/dummy/app/controllers/admin/dashboard_controller.rb +1 -2
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/dashboard_controller.rb +1 -2
- data/spec/dummy/app/controllers/masquerades_tests_controller.rb +7 -0
- data/spec/dummy/app/controllers/students_controller.rb +8 -0
- data/spec/dummy/app/models/admin/user.rb +0 -7
- data/spec/dummy/app/models/student.rb +3 -0
- data/spec/dummy/app/models/user.rb +1 -10
- data/spec/dummy/app/views/admin/dashboard/index.html.erb +0 -2
- data/spec/dummy/app/views/dashboard/index.html.erb +0 -2
- data/spec/dummy/app/views/layouts/application.html.erb +7 -1
- data/spec/dummy/app/views/students/_student.html.erb +6 -0
- data/spec/dummy/app/views/students/index.html.erb +1 -0
- data/spec/dummy/app/views/users/_user.html.erb +1 -1
- data/spec/dummy/config/application.rb +2 -0
- data/spec/dummy/config/environment.rb +1 -0
- data/spec/dummy/config/routes.rb +6 -4
- data/spec/dummy/db/.gitignore +1 -0
- data/spec/dummy/db/migrate/20121119085620_devise_create_users.rb +1 -1
- data/spec/dummy/db/migrate/20140418160449_create_admin_users.rb +1 -1
- data/spec/dummy/db/migrate/20191022100000_create_students.rb +14 -0
- data/spec/dummy/db/schema.rb +37 -31
- data/spec/models/user_spec.rb +1 -1
- data/spec/orm/active_record.rb +5 -2
- data/spec/spec_helper.rb +3 -3
- data/spec/support/factories.rb +13 -9
- metadata +31 -16
- data/lib/devise_masquerade/model.rb +0 -42
- data/spec/dummy/app/controllers/masquerades_controller.rb +0 -5
@@ -0,0 +1,17 @@
|
|
1
|
+
Feature: Use various models for masquerading
|
2
|
+
In order to use various models for masquerading
|
3
|
+
As an masquerade user
|
4
|
+
I want to be able to press press masquerade as link for different models
|
5
|
+
|
6
|
+
Scenario: Use masquerade button on student and user models
|
7
|
+
Given I logged in
|
8
|
+
And I have a user for masquerade
|
9
|
+
And I have a student for masquerade
|
10
|
+
|
11
|
+
When I am on the users page
|
12
|
+
And I login as one user
|
13
|
+
Then I should be login as this user
|
14
|
+
|
15
|
+
When I am on the students page
|
16
|
+
And I login as one student
|
17
|
+
Then I should be login as this student
|
@@ -1,5 +1,5 @@
|
|
1
1
|
Given /^I have a user for masquerade$/ do
|
2
|
-
@
|
2
|
+
@user_mask = create(:user)
|
3
3
|
end
|
4
4
|
|
5
5
|
When /^I am on the users page$/ do
|
@@ -7,11 +7,11 @@ When /^I am on the users page$/ do
|
|
7
7
|
end
|
8
8
|
|
9
9
|
When /^I login as one user$/ do
|
10
|
-
|
10
|
+
find('.login_as').click
|
11
11
|
end
|
12
12
|
|
13
13
|
Then /^I should be login as this user$/ do
|
14
|
-
find('.current_user').should have_content(@
|
14
|
+
find('.current_user').should have_content(@user_mask.email)
|
15
15
|
end
|
16
16
|
|
17
17
|
When /^I press back masquerade button$/ do
|
@@ -22,3 +22,18 @@ Then /^I should be login as owner user$/ do
|
|
22
22
|
find('.current_user').should have_content(@user.email)
|
23
23
|
end
|
24
24
|
|
25
|
+
Given /^I have a student for masquerade$/ do
|
26
|
+
@student_mask = create(:student)
|
27
|
+
end
|
28
|
+
|
29
|
+
When /^I am on the students page$/ do
|
30
|
+
visit '/students'
|
31
|
+
end
|
32
|
+
|
33
|
+
When /^I login as one student$/ do
|
34
|
+
find('.login_as').click
|
35
|
+
end
|
36
|
+
|
37
|
+
Then /^I should be login as this student$/ do
|
38
|
+
find('.current_student').should have_content(@student_mask.email)
|
39
|
+
end
|
data/features/support/env.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
require 'cucumber/rails'
|
2
|
-
require '
|
2
|
+
require 'factory_bot'
|
3
3
|
require 'database_cleaner'
|
4
4
|
require 'cucumber/rspec/doubles'
|
5
5
|
|
@@ -9,9 +9,11 @@ ENV["RAILS_ENV"] = "test"
|
|
9
9
|
|
10
10
|
Capybara.default_selector = :css
|
11
11
|
|
12
|
-
|
12
|
+
ActiveSupport.on_load(:action_controller) do
|
13
|
+
self.allow_rescue = false
|
14
|
+
end
|
13
15
|
|
14
|
-
World(
|
16
|
+
World(FactoryBot::Syntax::Methods)
|
15
17
|
|
16
18
|
begin
|
17
19
|
DatabaseCleaner.strategy = :transaction
|
@@ -20,7 +22,24 @@ rescue NameError
|
|
20
22
|
end
|
21
23
|
|
22
24
|
Cucumber::Rails::Database.javascript_strategy = :truncation
|
23
|
-
|
25
|
+
|
26
|
+
Capybara.register_driver :chrome do |app|
|
27
|
+
Capybara::Selenium::Driver.new(app, browser: :chrome)
|
28
|
+
end
|
29
|
+
|
30
|
+
Capybara.register_driver :headless_chrome do |app|
|
31
|
+
caps = Selenium::WebDriver::Remote::Capabilities.chrome(loggingPrefs: { browser: 'ALL' })
|
32
|
+
opts = Selenium::WebDriver::Chrome::Options.new
|
33
|
+
|
34
|
+
chrome_args = %w[--headless --window-size=1920,1080 --no-sandbox --disable-dev-shm-usage]
|
35
|
+
chrome_args.each { |arg| opts.add_argument(arg) }
|
36
|
+
Capybara::Selenium::Driver.new(app, browser: :chrome, options: opts, desired_capabilities: caps)
|
37
|
+
end
|
38
|
+
|
39
|
+
Capybara.configure do |config|
|
40
|
+
# change this to :chrome to observe tests in a real browser
|
41
|
+
config.javascript_driver = :headless_chrome
|
42
|
+
end
|
24
43
|
|
25
44
|
Before do
|
26
45
|
allow_any_instance_of(DeviseController).to receive(:devise_mapping) { Devise.mappings[:user] }
|
@@ -6,13 +6,34 @@ module DeviseMasquerade
|
|
6
6
|
class_name = mapping.class_name
|
7
7
|
|
8
8
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
9
|
+
def masquerade!
|
10
|
+
return if params["#{Devise.masquerade_param}"].blank?
|
11
|
+
|
12
|
+
klass = unless params[:masqueraded_resource_class].blank?
|
13
|
+
params[:masqueraded_resource_class].constantize
|
14
|
+
else
|
15
|
+
if Devise.masqueraded_resource_class
|
16
|
+
Devise.masqueraded_resource_class
|
17
|
+
elsif defined?(User)
|
18
|
+
User
|
19
|
+
end
|
20
|
+
end
|
21
|
+
return unless klass
|
22
|
+
|
23
|
+
resource = klass.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
|
24
|
+
|
25
|
+
if resource
|
26
|
+
masquerade_sign_in(resource)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
9
30
|
def masquerade_#{name}!
|
10
31
|
return if params["#{Devise.masquerade_param}"].blank?
|
11
32
|
|
12
|
-
|
33
|
+
resource = ::#{class_name}.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
|
13
34
|
|
14
|
-
if
|
15
|
-
masquerade_sign_in(
|
35
|
+
if resource
|
36
|
+
masquerade_sign_in(resource)
|
16
37
|
end
|
17
38
|
end
|
18
39
|
|
@@ -22,7 +43,7 @@ module DeviseMasquerade
|
|
22
43
|
|
23
44
|
def #{name}_masquerade_owner
|
24
45
|
return nil unless send(:#{name}_masquerade?)
|
25
|
-
::#{class_name}.to_adapter.find_first(:
|
46
|
+
::#{class_name}.to_adapter.find_first(id: session[:"devise_masquerade_#{name}"])
|
26
47
|
end
|
27
48
|
|
28
49
|
private
|
@@ -32,7 +53,7 @@ module DeviseMasquerade
|
|
32
53
|
if respond_to?(:bypass_sign_in)
|
33
54
|
bypass_sign_in(resource)
|
34
55
|
else
|
35
|
-
sign_in(resource, :
|
56
|
+
sign_in(resource, bypass: true)
|
36
57
|
end
|
37
58
|
else
|
38
59
|
sign_in(resource)
|
@@ -50,5 +71,3 @@ module DeviseMasquerade
|
|
50
71
|
end
|
51
72
|
end
|
52
73
|
end
|
53
|
-
|
54
|
-
ActionController::Base.send(:include, DeviseMasquerade::Controllers::Helpers)
|
@@ -1,16 +1,31 @@
|
|
1
|
+
require 'securerandom'
|
2
|
+
|
1
3
|
module DeviseMasquerade
|
2
4
|
module Controllers
|
5
|
+
|
3
6
|
module UrlHelpers
|
4
|
-
def masquerade_path(resource)
|
7
|
+
def masquerade_path(resource, *args)
|
5
8
|
scope = Devise::Mapping.find_scope!(resource)
|
6
|
-
|
9
|
+
|
10
|
+
opts = args.first || {}
|
11
|
+
opts.merge!(masqueraded_resource_class: resource.class.name)
|
12
|
+
|
13
|
+
resource.masquerade!
|
14
|
+
opts.merge!(Devise.masquerade_param => resource.masquerade_key)
|
15
|
+
|
16
|
+
send("#{scope}_masquerade_path", resource, opts, *args)
|
7
17
|
end
|
8
18
|
|
9
|
-
def back_masquerade_path(resource)
|
19
|
+
def back_masquerade_path(resource, *args)
|
10
20
|
scope = Devise::Mapping.find_scope!(resource)
|
11
|
-
|
21
|
+
|
22
|
+
opts = args.first || {}
|
23
|
+
opts.merge!(masqueraded_resource_class: resource.class.name)
|
24
|
+
|
25
|
+
send("back_#{scope}_masquerade_index_path", opts, *args)
|
12
26
|
end
|
13
27
|
end
|
28
|
+
|
14
29
|
end
|
15
30
|
end
|
16
31
|
|
@@ -0,0 +1,47 @@
|
|
1
|
+
module DeviseMasquerade
|
2
|
+
module Models
|
3
|
+
module Masqueradable
|
4
|
+
extend ActiveSupport::Concern
|
5
|
+
|
6
|
+
included do
|
7
|
+
attr_reader :masquerade_key
|
8
|
+
|
9
|
+
def masquerade!
|
10
|
+
@masquerade_key = SecureRandom.urlsafe_base64(
|
11
|
+
Devise.masquerade_key_size)
|
12
|
+
cache_key = self.class.cache_masquerade_key_by(@masquerade_key)
|
13
|
+
::Rails.cache.write(
|
14
|
+
cache_key, id, expires_in: Devise.masquerade_expires_in)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
module ClassMethods
|
19
|
+
def cache_masquerade_key_by(key)
|
20
|
+
"#{self.name.pluralize.underscore}:#{key}:masquerade"
|
21
|
+
end
|
22
|
+
|
23
|
+
def remove_masquerade_key!(key)
|
24
|
+
::Rails.cache.delete(cache_masquerade_key_by(key))
|
25
|
+
end
|
26
|
+
|
27
|
+
def find_by_masquerade_key(key)
|
28
|
+
id = ::Rails.cache.read(cache_masquerade_key_by(key))
|
29
|
+
|
30
|
+
# clean up the cached masquerade key value
|
31
|
+
remove_masquerade_key!(key)
|
32
|
+
|
33
|
+
where(id: id)
|
34
|
+
end
|
35
|
+
|
36
|
+
def find_by_masquerade_key(key)
|
37
|
+
id = ::Rails.cache.read(cache_masquerade_key_by(key))
|
38
|
+
|
39
|
+
# clean up the cached masquerade key value
|
40
|
+
remove_masquerade_key!(key)
|
41
|
+
|
42
|
+
where(id: id)
|
43
|
+
end
|
44
|
+
end # ClassMethods
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -1,7 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module DeviseMasquerade
|
2
|
-
|
3
|
-
|
4
|
-
|
4
|
+
module Rails
|
5
|
+
|
6
|
+
class Engine < ::Rails::Engine
|
7
|
+
initializer "devise.url_helpers" do
|
8
|
+
Devise.include_helpers(DeviseMasquerade::Controllers)
|
9
|
+
end
|
10
|
+
|
11
|
+
ActiveSupport.on_load(:action_controller) do
|
12
|
+
include DeviseMasquerade::Controllers::Helpers
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
5
16
|
end
|
6
17
|
end
|
7
|
-
|
@@ -1,17 +1,19 @@
|
|
1
|
-
module
|
2
|
-
|
3
|
-
|
4
|
-
protected
|
1
|
+
module DeviseMasquerade
|
2
|
+
module Routes
|
5
3
|
|
6
4
|
def devise_masquerade(mapping, controllers)
|
7
5
|
resources :masquerade,
|
8
|
-
:
|
9
|
-
:
|
10
|
-
:
|
6
|
+
only: :show,
|
7
|
+
path: mapping.path_names[:masquerade],
|
8
|
+
controller: controllers[:masquerades] do
|
11
9
|
|
12
|
-
|
10
|
+
collection do
|
11
|
+
get :back
|
12
|
+
end
|
13
13
|
end
|
14
14
|
end
|
15
|
+
|
15
16
|
end
|
16
17
|
end
|
17
18
|
|
19
|
+
ActionDispatch::Routing::Mapper.send :include, DeviseMasquerade::Routes
|
data/lib/devise_masquerade.rb
CHANGED
@@ -1,22 +1,16 @@
|
|
1
1
|
require 'devise'
|
2
|
-
|
3
|
-
require 'action_controller'
|
4
|
-
require 'action_controller/base'
|
5
2
|
require 'devise_masquerade/version'
|
6
3
|
require 'devise_masquerade/routes'
|
7
4
|
require 'devise_masquerade/controllers/helpers'
|
8
5
|
require 'devise_masquerade/controllers/url_helpers'
|
9
6
|
require 'devise_masquerade/rails'
|
10
7
|
|
11
|
-
module DeviseMasquerade
|
12
|
-
end
|
13
|
-
|
14
8
|
module Devise
|
15
9
|
mattr_accessor :masquerade_param
|
16
10
|
@@masquerade_param = 'masquerade'
|
17
11
|
|
18
12
|
mattr_accessor :masquerade_expires_in
|
19
|
-
@@masquerade_expires_in =
|
13
|
+
@@masquerade_expires_in = 1.minute
|
20
14
|
|
21
15
|
mattr_accessor :masquerade_key_size
|
22
16
|
@@masquerade_key_size = 16
|
@@ -42,5 +36,5 @@ module Devise
|
|
42
36
|
@@helpers << DeviseMasquerade::Controllers::Helpers
|
43
37
|
end
|
44
38
|
|
45
|
-
Devise.add_module :masqueradable, :
|
46
|
-
:
|
39
|
+
Devise.add_module :masqueradable, controller: :masquerades,
|
40
|
+
model: 'devise_masquerade/models', route: :masquerade
|
@@ -5,14 +5,15 @@ describe Admin::DashboardController, type: :controller do
|
|
5
5
|
before { admin_logged_in }
|
6
6
|
|
7
7
|
context 'and admin masquerade by user' do
|
8
|
-
let!(:
|
8
|
+
let!(:mask) { create(:admin_user) }
|
9
9
|
|
10
10
|
before do
|
11
|
-
|
12
|
-
|
11
|
+
mask.masquerade!
|
12
|
+
|
13
|
+
get :index, params: { masquerade: mask.masquerade_key, masqueraded_resource_class: 'Admin::User' }
|
13
14
|
end
|
14
15
|
|
15
|
-
it { expect(current_admin_user.reload).to eq(
|
16
|
+
it { expect(current_admin_user.reload).to eq(mask) }
|
16
17
|
end
|
17
18
|
end
|
18
19
|
end
|
@@ -5,15 +5,15 @@ describe DashboardController, type: :controller do
|
|
5
5
|
before { logged_in }
|
6
6
|
|
7
7
|
context 'and admin masquerade by user' do
|
8
|
-
let!(:
|
8
|
+
let!(:mask) { create(:user) }
|
9
9
|
|
10
10
|
before do
|
11
|
-
|
11
|
+
mask.masquerade!
|
12
12
|
|
13
|
-
get :index, :masquerade
|
13
|
+
get :index, params: { masquerade: mask.masquerade_key }
|
14
14
|
end
|
15
15
|
|
16
|
-
it { expect(current_user.reload).to eq(
|
16
|
+
it { expect(current_user.reload).to eq(mask) }
|
17
17
|
end
|
18
18
|
end
|
19
19
|
end
|
@@ -7,17 +7,36 @@ describe Devise::MasqueradesController, type: :controller do
|
|
7
7
|
context 'when logged in' do
|
8
8
|
before { logged_in }
|
9
9
|
|
10
|
+
context 'with masqueradable_class param' do
|
11
|
+
let(:mask) { create(:student) }
|
12
|
+
|
13
|
+
before { mask.masquerade! }
|
14
|
+
|
15
|
+
before do
|
16
|
+
get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
|
17
|
+
end
|
18
|
+
|
19
|
+
it { expect(session.keys).to include('devise_masquerade_student') }
|
20
|
+
|
21
|
+
it 'should have warden keys defined' do
|
22
|
+
expect(session["warden.user.student.key"].first.first).to eq(mask.id)
|
23
|
+
end
|
24
|
+
|
25
|
+
it { should redirect_to('/') }
|
26
|
+
end
|
27
|
+
|
10
28
|
describe '#masquerade user' do
|
11
29
|
let(:mask) { create(:user) }
|
12
30
|
|
31
|
+
before { mask.masquerade! }
|
32
|
+
|
13
33
|
before do
|
14
|
-
|
15
|
-
get :show, :id => mask.to_param
|
34
|
+
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
16
35
|
end
|
17
36
|
|
18
37
|
it { expect(session.keys).to include('devise_masquerade_user') }
|
19
38
|
it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
|
20
|
-
it { should redirect_to(
|
39
|
+
it { should redirect_to('/') }
|
21
40
|
|
22
41
|
context 'and back' do
|
23
42
|
before { get :back }
|
@@ -26,54 +45,59 @@ describe Devise::MasqueradesController, type: :controller do
|
|
26
45
|
it { expect(current_user.reload).to eq(@user) }
|
27
46
|
it { expect(session.keys).not_to include('devise_masquerade_user') }
|
28
47
|
end
|
48
|
+
end
|
29
49
|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
context 'show' do
|
35
|
-
before { expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
|
36
|
-
|
37
|
-
context '< Rails 5 version' do
|
38
|
-
before do
|
39
|
-
@request.env['HTTP_REFERER'] = 'previous_location'
|
40
|
-
get :show, id: mask.to_param
|
41
|
-
end # before
|
50
|
+
# Configure masquerade_routes_back setting
|
51
|
+
describe 'config#masquerade_routes_back' do
|
52
|
+
let(:mask) { create(:user) }
|
42
53
|
|
43
|
-
|
44
|
-
end # context
|
54
|
+
before { Devise.setup { |c| c.masquerade_routes_back = true } }
|
45
55
|
|
46
|
-
|
47
|
-
before do
|
48
|
-
allow_any_instance_of(described_class).to receive(:after_masquerade_path_for).and_return("/dashboard?color=red")
|
49
|
-
end
|
56
|
+
after { Devise.masquerade_routes_back = false }
|
50
57
|
|
51
|
-
|
58
|
+
before { mask.masquerade! }
|
52
59
|
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
60
|
+
context 'show' do
|
61
|
+
context 'with http referrer' do
|
62
|
+
before do
|
63
|
+
@request.env['HTTP_REFERER'] = 'previous_location'
|
64
|
+
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
65
|
+
end # before
|
59
66
|
|
60
|
-
it { should redirect_to(
|
67
|
+
it { should redirect_to('previous_location') }
|
61
68
|
end # context
|
62
69
|
|
63
|
-
context '
|
70
|
+
context 'no http referrer' do
|
64
71
|
before do
|
65
|
-
|
66
|
-
|
72
|
+
allow_any_instance_of(described_class).to(
|
73
|
+
receive(:after_masquerade_path_for).and_return("/dashboard?color=red"))
|
67
74
|
end
|
68
75
|
|
69
|
-
|
76
|
+
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
77
|
+
|
78
|
+
it { should redirect_to("/dashboard?color=red") }
|
70
79
|
end # context
|
71
|
-
end #
|
72
|
-
|
80
|
+
end # context
|
81
|
+
|
82
|
+
context 'and back' do
|
83
|
+
before { get :back }
|
84
|
+
|
85
|
+
it { should redirect_to(masquerade_page) }
|
86
|
+
end # context
|
87
|
+
|
88
|
+
context 'and back fallback if http_referer not present' do
|
89
|
+
before do
|
90
|
+
@request.env['HTTP_REFERER'] = 'previous_location'
|
91
|
+
get :back
|
92
|
+
end
|
93
|
+
|
94
|
+
it { should redirect_to('previous_location') }
|
95
|
+
end # context
|
96
|
+
end # describe
|
73
97
|
end
|
74
98
|
|
75
99
|
context 'when not logged in' do
|
76
|
-
before { get :show, :id
|
100
|
+
before { get :show, params: { id: 'any_id' } }
|
77
101
|
|
78
102
|
it { should redirect_to(new_user_session_path) }
|
79
103
|
end
|
data/spec/controllers/{masquerades_controller_spec.rb → masquerades_tests_controller_spec.rb}
RENAMED
@@ -1,42 +1,45 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
describe
|
3
|
+
describe MasqueradesTestsController, type: :controller do
|
4
4
|
before { @request.env['devise.mapping'] = Devise.mappings[:user] }
|
5
5
|
|
6
6
|
context 'no access for masquerade' do
|
7
7
|
before do
|
8
8
|
session.clear
|
9
|
-
allow_any_instance_of(
|
9
|
+
allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { false }
|
10
10
|
end
|
11
11
|
|
12
12
|
before { logged_in }
|
13
13
|
|
14
14
|
let(:mask) { create(:user) }
|
15
15
|
|
16
|
-
before {
|
16
|
+
before { mask.masquerade! }
|
17
|
+
|
18
|
+
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
17
19
|
|
18
20
|
it { expect(response.status).to eq(403) }
|
19
21
|
it { expect(session.keys).not_to include('devise_masquerade_user') }
|
20
|
-
it { expect(session[
|
22
|
+
it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
|
21
23
|
end
|
22
24
|
|
23
25
|
context 'access for masquerade' do
|
24
26
|
before do
|
25
27
|
session.clear
|
26
|
-
allow_any_instance_of(
|
28
|
+
allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { true }
|
27
29
|
end
|
28
30
|
|
29
31
|
before { logged_in }
|
30
32
|
|
31
33
|
let(:mask) { create(:user) }
|
32
34
|
|
35
|
+
before { mask.masquerade! }
|
36
|
+
|
33
37
|
before do
|
34
|
-
|
35
|
-
get :show, :id => mask.to_param
|
38
|
+
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
36
39
|
end
|
37
40
|
|
38
41
|
it { expect(response.status).to eq(302) }
|
39
42
|
it { expect(session.keys).to include('devise_masquerade_user') }
|
40
|
-
it { expect(session[
|
43
|
+
it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
|
41
44
|
end
|
42
45
|
end
|
@@ -1,6 +1,5 @@
|
|
1
1
|
class Admin::DashboardController < ApplicationController
|
2
|
-
|
3
|
-
before_filter :masquerade_admin_user!
|
2
|
+
before_action :authenticate_admin_user!
|
4
3
|
|
5
4
|
def index
|
6
5
|
@users = Admin::User.where("admin_users.id != ?", current_admin_user.id).all
|
@@ -1,13 +1,6 @@
|
|
1
1
|
class Admin::User < ActiveRecord::Base
|
2
|
-
# Include default devise modules. Others available are:
|
3
|
-
# :token_authenticatable, :confirmable,
|
4
|
-
# :lockable, :timeoutable and :omniauthable
|
5
2
|
devise :database_authenticatable, :registerable,
|
6
3
|
:recoverable, :rememberable, :trackable, :validatable,
|
7
4
|
:masqueradable
|
8
|
-
|
9
|
-
# Setup accessible (or protected) attributes for your model
|
10
|
-
attr_accessible :email, :password, :password_confirmation, :remember_me
|
11
|
-
# attr_accessible :title, :body
|
12
5
|
end
|
13
6
|
|
@@ -1,12 +1,3 @@
|
|
1
1
|
class User < ActiveRecord::Base
|
2
|
-
|
3
|
-
# :token_authenticatable, :confirmable,
|
4
|
-
# :lockable, :timeoutable and :omniauthable
|
5
|
-
devise :database_authenticatable, :registerable,
|
6
|
-
:recoverable, :rememberable, :trackable, :validatable,
|
7
|
-
:masqueradable
|
8
|
-
|
9
|
-
# Setup accessible (or protected) attributes for your model
|
10
|
-
attr_accessible :email, :password, :password_confirmation, :remember_me
|
11
|
-
# attr_accessible :title, :body
|
2
|
+
devise :database_authenticatable, :validatable, :masqueradable
|
12
3
|
end
|