devise_masquerade 0.6.4 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise_masquerade might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/.gitignore +1 -2
- data/.ruby-version +1 -1
- data/.travis.yml +2 -4
- data/Gemfile +14 -10
- data/Gemfile.lock +303 -0
- data/Makefile +6 -1
- data/README.md +25 -1
- data/app/controllers/devise/masquerades_controller.rb +70 -54
- data/devise_masquerade.gemspec +4 -4
- data/features/back.feature +0 -1
- data/features/multiple_masquerading_models.feature +17 -0
- data/features/step_definitions/auth_steps.rb +1 -0
- data/features/step_definitions/back_steps.rb +18 -3
- data/features/support/env.rb +23 -4
- data/lib/devise_masquerade/controllers/helpers.rb +26 -7
- data/lib/devise_masquerade/controllers/url_helpers.rb +19 -4
- data/lib/devise_masquerade/models/masqueradable.rb +47 -0
- data/lib/devise_masquerade/models.rb +9 -0
- data/lib/devise_masquerade/rails.rb +14 -4
- data/lib/devise_masquerade/routes.rb +10 -8
- data/lib/devise_masquerade/version.rb +1 -1
- data/lib/devise_masquerade.rb +3 -9
- data/spec/controllers/admin/dashboard_controller_spec.rb +5 -4
- data/spec/controllers/dashboard_controller_spec.rb +4 -4
- data/spec/controllers/devise/masquerades_controller_spec.rb +60 -36
- data/spec/controllers/{masquerades_controller_spec.rb → masquerades_tests_controller_spec.rb} +11 -8
- data/spec/dummy/app/controllers/admin/dashboard_controller.rb +1 -2
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/dashboard_controller.rb +1 -2
- data/spec/dummy/app/controllers/masquerades_tests_controller.rb +7 -0
- data/spec/dummy/app/controllers/students_controller.rb +8 -0
- data/spec/dummy/app/models/admin/user.rb +0 -7
- data/spec/dummy/app/models/student.rb +3 -0
- data/spec/dummy/app/models/user.rb +1 -10
- data/spec/dummy/app/views/admin/dashboard/index.html.erb +0 -2
- data/spec/dummy/app/views/dashboard/index.html.erb +0 -2
- data/spec/dummy/app/views/layouts/application.html.erb +7 -1
- data/spec/dummy/app/views/students/_student.html.erb +6 -0
- data/spec/dummy/app/views/students/index.html.erb +1 -0
- data/spec/dummy/app/views/users/_user.html.erb +1 -1
- data/spec/dummy/config/application.rb +2 -0
- data/spec/dummy/config/environment.rb +1 -0
- data/spec/dummy/config/routes.rb +6 -4
- data/spec/dummy/db/.gitignore +1 -0
- data/spec/dummy/db/migrate/20121119085620_devise_create_users.rb +1 -1
- data/spec/dummy/db/migrate/20140418160449_create_admin_users.rb +1 -1
- data/spec/dummy/db/migrate/20191022100000_create_students.rb +14 -0
- data/spec/dummy/db/schema.rb +37 -31
- data/spec/models/user_spec.rb +1 -1
- data/spec/orm/active_record.rb +5 -2
- data/spec/spec_helper.rb +3 -3
- data/spec/support/factories.rb +13 -9
- metadata +31 -16
- data/lib/devise_masquerade/model.rb +0 -42
- data/spec/dummy/app/controllers/masquerades_controller.rb +0 -5
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
Feature: Use various models for masquerading
|
|
2
|
+
In order to use various models for masquerading
|
|
3
|
+
As an masquerade user
|
|
4
|
+
I want to be able to press press masquerade as link for different models
|
|
5
|
+
|
|
6
|
+
Scenario: Use masquerade button on student and user models
|
|
7
|
+
Given I logged in
|
|
8
|
+
And I have a user for masquerade
|
|
9
|
+
And I have a student for masquerade
|
|
10
|
+
|
|
11
|
+
When I am on the users page
|
|
12
|
+
And I login as one user
|
|
13
|
+
Then I should be login as this user
|
|
14
|
+
|
|
15
|
+
When I am on the students page
|
|
16
|
+
And I login as one student
|
|
17
|
+
Then I should be login as this student
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
Given /^I have a user for masquerade$/ do
|
|
2
|
-
@
|
|
2
|
+
@user_mask = create(:user)
|
|
3
3
|
end
|
|
4
4
|
|
|
5
5
|
When /^I am on the users page$/ do
|
|
@@ -7,11 +7,11 @@ When /^I am on the users page$/ do
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
When /^I login as one user$/ do
|
|
10
|
-
|
|
10
|
+
find('.login_as').click
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
Then /^I should be login as this user$/ do
|
|
14
|
-
find('.current_user').should have_content(@
|
|
14
|
+
find('.current_user').should have_content(@user_mask.email)
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
When /^I press back masquerade button$/ do
|
|
@@ -22,3 +22,18 @@ Then /^I should be login as owner user$/ do
|
|
|
22
22
|
find('.current_user').should have_content(@user.email)
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
Given /^I have a student for masquerade$/ do
|
|
26
|
+
@student_mask = create(:student)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
When /^I am on the students page$/ do
|
|
30
|
+
visit '/students'
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
When /^I login as one student$/ do
|
|
34
|
+
find('.login_as').click
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
Then /^I should be login as this student$/ do
|
|
38
|
+
find('.current_student').should have_content(@student_mask.email)
|
|
39
|
+
end
|
data/features/support/env.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
require 'cucumber/rails'
|
|
2
|
-
require '
|
|
2
|
+
require 'factory_bot'
|
|
3
3
|
require 'database_cleaner'
|
|
4
4
|
require 'cucumber/rspec/doubles'
|
|
5
5
|
|
|
@@ -9,9 +9,11 @@ ENV["RAILS_ENV"] = "test"
|
|
|
9
9
|
|
|
10
10
|
Capybara.default_selector = :css
|
|
11
11
|
|
|
12
|
-
|
|
12
|
+
ActiveSupport.on_load(:action_controller) do
|
|
13
|
+
self.allow_rescue = false
|
|
14
|
+
end
|
|
13
15
|
|
|
14
|
-
World(
|
|
16
|
+
World(FactoryBot::Syntax::Methods)
|
|
15
17
|
|
|
16
18
|
begin
|
|
17
19
|
DatabaseCleaner.strategy = :transaction
|
|
@@ -20,7 +22,24 @@ rescue NameError
|
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
Cucumber::Rails::Database.javascript_strategy = :truncation
|
|
23
|
-
|
|
25
|
+
|
|
26
|
+
Capybara.register_driver :chrome do |app|
|
|
27
|
+
Capybara::Selenium::Driver.new(app, browser: :chrome)
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
Capybara.register_driver :headless_chrome do |app|
|
|
31
|
+
caps = Selenium::WebDriver::Remote::Capabilities.chrome(loggingPrefs: { browser: 'ALL' })
|
|
32
|
+
opts = Selenium::WebDriver::Chrome::Options.new
|
|
33
|
+
|
|
34
|
+
chrome_args = %w[--headless --window-size=1920,1080 --no-sandbox --disable-dev-shm-usage]
|
|
35
|
+
chrome_args.each { |arg| opts.add_argument(arg) }
|
|
36
|
+
Capybara::Selenium::Driver.new(app, browser: :chrome, options: opts, desired_capabilities: caps)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
Capybara.configure do |config|
|
|
40
|
+
# change this to :chrome to observe tests in a real browser
|
|
41
|
+
config.javascript_driver = :headless_chrome
|
|
42
|
+
end
|
|
24
43
|
|
|
25
44
|
Before do
|
|
26
45
|
allow_any_instance_of(DeviseController).to receive(:devise_mapping) { Devise.mappings[:user] }
|
|
@@ -6,13 +6,34 @@ module DeviseMasquerade
|
|
|
6
6
|
class_name = mapping.class_name
|
|
7
7
|
|
|
8
8
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
|
9
|
+
def masquerade!
|
|
10
|
+
return if params["#{Devise.masquerade_param}"].blank?
|
|
11
|
+
|
|
12
|
+
klass = unless params[:masqueraded_resource_class].blank?
|
|
13
|
+
params[:masqueraded_resource_class].constantize
|
|
14
|
+
else
|
|
15
|
+
if Devise.masqueraded_resource_class
|
|
16
|
+
Devise.masqueraded_resource_class
|
|
17
|
+
elsif defined?(User)
|
|
18
|
+
User
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
return unless klass
|
|
22
|
+
|
|
23
|
+
resource = klass.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
|
|
24
|
+
|
|
25
|
+
if resource
|
|
26
|
+
masquerade_sign_in(resource)
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
9
30
|
def masquerade_#{name}!
|
|
10
31
|
return if params["#{Devise.masquerade_param}"].blank?
|
|
11
32
|
|
|
12
|
-
|
|
33
|
+
resource = ::#{class_name}.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
|
|
13
34
|
|
|
14
|
-
if
|
|
15
|
-
masquerade_sign_in(
|
|
35
|
+
if resource
|
|
36
|
+
masquerade_sign_in(resource)
|
|
16
37
|
end
|
|
17
38
|
end
|
|
18
39
|
|
|
@@ -22,7 +43,7 @@ module DeviseMasquerade
|
|
|
22
43
|
|
|
23
44
|
def #{name}_masquerade_owner
|
|
24
45
|
return nil unless send(:#{name}_masquerade?)
|
|
25
|
-
::#{class_name}.to_adapter.find_first(:
|
|
46
|
+
::#{class_name}.to_adapter.find_first(id: session[:"devise_masquerade_#{name}"])
|
|
26
47
|
end
|
|
27
48
|
|
|
28
49
|
private
|
|
@@ -32,7 +53,7 @@ module DeviseMasquerade
|
|
|
32
53
|
if respond_to?(:bypass_sign_in)
|
|
33
54
|
bypass_sign_in(resource)
|
|
34
55
|
else
|
|
35
|
-
sign_in(resource, :
|
|
56
|
+
sign_in(resource, bypass: true)
|
|
36
57
|
end
|
|
37
58
|
else
|
|
38
59
|
sign_in(resource)
|
|
@@ -50,5 +71,3 @@ module DeviseMasquerade
|
|
|
50
71
|
end
|
|
51
72
|
end
|
|
52
73
|
end
|
|
53
|
-
|
|
54
|
-
ActionController::Base.send(:include, DeviseMasquerade::Controllers::Helpers)
|
|
@@ -1,16 +1,31 @@
|
|
|
1
|
+
require 'securerandom'
|
|
2
|
+
|
|
1
3
|
module DeviseMasquerade
|
|
2
4
|
module Controllers
|
|
5
|
+
|
|
3
6
|
module UrlHelpers
|
|
4
|
-
def masquerade_path(resource)
|
|
7
|
+
def masquerade_path(resource, *args)
|
|
5
8
|
scope = Devise::Mapping.find_scope!(resource)
|
|
6
|
-
|
|
9
|
+
|
|
10
|
+
opts = args.first || {}
|
|
11
|
+
opts.merge!(masqueraded_resource_class: resource.class.name)
|
|
12
|
+
|
|
13
|
+
resource.masquerade!
|
|
14
|
+
opts.merge!(Devise.masquerade_param => resource.masquerade_key)
|
|
15
|
+
|
|
16
|
+
send("#{scope}_masquerade_path", resource, opts, *args)
|
|
7
17
|
end
|
|
8
18
|
|
|
9
|
-
def back_masquerade_path(resource)
|
|
19
|
+
def back_masquerade_path(resource, *args)
|
|
10
20
|
scope = Devise::Mapping.find_scope!(resource)
|
|
11
|
-
|
|
21
|
+
|
|
22
|
+
opts = args.first || {}
|
|
23
|
+
opts.merge!(masqueraded_resource_class: resource.class.name)
|
|
24
|
+
|
|
25
|
+
send("back_#{scope}_masquerade_index_path", opts, *args)
|
|
12
26
|
end
|
|
13
27
|
end
|
|
28
|
+
|
|
14
29
|
end
|
|
15
30
|
end
|
|
16
31
|
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
module DeviseMasquerade
|
|
2
|
+
module Models
|
|
3
|
+
module Masqueradable
|
|
4
|
+
extend ActiveSupport::Concern
|
|
5
|
+
|
|
6
|
+
included do
|
|
7
|
+
attr_reader :masquerade_key
|
|
8
|
+
|
|
9
|
+
def masquerade!
|
|
10
|
+
@masquerade_key = SecureRandom.urlsafe_base64(
|
|
11
|
+
Devise.masquerade_key_size)
|
|
12
|
+
cache_key = self.class.cache_masquerade_key_by(@masquerade_key)
|
|
13
|
+
::Rails.cache.write(
|
|
14
|
+
cache_key, id, expires_in: Devise.masquerade_expires_in)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
module ClassMethods
|
|
19
|
+
def cache_masquerade_key_by(key)
|
|
20
|
+
"#{self.name.pluralize.underscore}:#{key}:masquerade"
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def remove_masquerade_key!(key)
|
|
24
|
+
::Rails.cache.delete(cache_masquerade_key_by(key))
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def find_by_masquerade_key(key)
|
|
28
|
+
id = ::Rails.cache.read(cache_masquerade_key_by(key))
|
|
29
|
+
|
|
30
|
+
# clean up the cached masquerade key value
|
|
31
|
+
remove_masquerade_key!(key)
|
|
32
|
+
|
|
33
|
+
where(id: id)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def find_by_masquerade_key(key)
|
|
37
|
+
id = ::Rails.cache.read(cache_masquerade_key_by(key))
|
|
38
|
+
|
|
39
|
+
# clean up the cached masquerade key value
|
|
40
|
+
remove_masquerade_key!(key)
|
|
41
|
+
|
|
42
|
+
where(id: id)
|
|
43
|
+
end
|
|
44
|
+
end # ClassMethods
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
@@ -1,7 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module DeviseMasquerade
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
4
|
+
module Rails
|
|
5
|
+
|
|
6
|
+
class Engine < ::Rails::Engine
|
|
7
|
+
initializer "devise.url_helpers" do
|
|
8
|
+
Devise.include_helpers(DeviseMasquerade::Controllers)
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
ActiveSupport.on_load(:action_controller) do
|
|
12
|
+
include DeviseMasquerade::Controllers::Helpers
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
5
16
|
end
|
|
6
17
|
end
|
|
7
|
-
|
|
@@ -1,17 +1,19 @@
|
|
|
1
|
-
module
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
protected
|
|
1
|
+
module DeviseMasquerade
|
|
2
|
+
module Routes
|
|
5
3
|
|
|
6
4
|
def devise_masquerade(mapping, controllers)
|
|
7
5
|
resources :masquerade,
|
|
8
|
-
:
|
|
9
|
-
:
|
|
10
|
-
:
|
|
6
|
+
only: :show,
|
|
7
|
+
path: mapping.path_names[:masquerade],
|
|
8
|
+
controller: controllers[:masquerades] do
|
|
11
9
|
|
|
12
|
-
|
|
10
|
+
collection do
|
|
11
|
+
get :back
|
|
12
|
+
end
|
|
13
13
|
end
|
|
14
14
|
end
|
|
15
|
+
|
|
15
16
|
end
|
|
16
17
|
end
|
|
17
18
|
|
|
19
|
+
ActionDispatch::Routing::Mapper.send :include, DeviseMasquerade::Routes
|
data/lib/devise_masquerade.rb
CHANGED
|
@@ -1,22 +1,16 @@
|
|
|
1
1
|
require 'devise'
|
|
2
|
-
|
|
3
|
-
require 'action_controller'
|
|
4
|
-
require 'action_controller/base'
|
|
5
2
|
require 'devise_masquerade/version'
|
|
6
3
|
require 'devise_masquerade/routes'
|
|
7
4
|
require 'devise_masquerade/controllers/helpers'
|
|
8
5
|
require 'devise_masquerade/controllers/url_helpers'
|
|
9
6
|
require 'devise_masquerade/rails'
|
|
10
7
|
|
|
11
|
-
module DeviseMasquerade
|
|
12
|
-
end
|
|
13
|
-
|
|
14
8
|
module Devise
|
|
15
9
|
mattr_accessor :masquerade_param
|
|
16
10
|
@@masquerade_param = 'masquerade'
|
|
17
11
|
|
|
18
12
|
mattr_accessor :masquerade_expires_in
|
|
19
|
-
@@masquerade_expires_in =
|
|
13
|
+
@@masquerade_expires_in = 1.minute
|
|
20
14
|
|
|
21
15
|
mattr_accessor :masquerade_key_size
|
|
22
16
|
@@masquerade_key_size = 16
|
|
@@ -42,5 +36,5 @@ module Devise
|
|
|
42
36
|
@@helpers << DeviseMasquerade::Controllers::Helpers
|
|
43
37
|
end
|
|
44
38
|
|
|
45
|
-
Devise.add_module :masqueradable, :
|
|
46
|
-
:
|
|
39
|
+
Devise.add_module :masqueradable, controller: :masquerades,
|
|
40
|
+
model: 'devise_masquerade/models', route: :masquerade
|
|
@@ -5,14 +5,15 @@ describe Admin::DashboardController, type: :controller do
|
|
|
5
5
|
before { admin_logged_in }
|
|
6
6
|
|
|
7
7
|
context 'and admin masquerade by user' do
|
|
8
|
-
let!(:
|
|
8
|
+
let!(:mask) { create(:admin_user) }
|
|
9
9
|
|
|
10
10
|
before do
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
mask.masquerade!
|
|
12
|
+
|
|
13
|
+
get :index, params: { masquerade: mask.masquerade_key, masqueraded_resource_class: 'Admin::User' }
|
|
13
14
|
end
|
|
14
15
|
|
|
15
|
-
it { expect(current_admin_user.reload).to eq(
|
|
16
|
+
it { expect(current_admin_user.reload).to eq(mask) }
|
|
16
17
|
end
|
|
17
18
|
end
|
|
18
19
|
end
|
|
@@ -5,15 +5,15 @@ describe DashboardController, type: :controller do
|
|
|
5
5
|
before { logged_in }
|
|
6
6
|
|
|
7
7
|
context 'and admin masquerade by user' do
|
|
8
|
-
let!(:
|
|
8
|
+
let!(:mask) { create(:user) }
|
|
9
9
|
|
|
10
10
|
before do
|
|
11
|
-
|
|
11
|
+
mask.masquerade!
|
|
12
12
|
|
|
13
|
-
get :index, :masquerade
|
|
13
|
+
get :index, params: { masquerade: mask.masquerade_key }
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
-
it { expect(current_user.reload).to eq(
|
|
16
|
+
it { expect(current_user.reload).to eq(mask) }
|
|
17
17
|
end
|
|
18
18
|
end
|
|
19
19
|
end
|
|
@@ -7,17 +7,36 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
7
7
|
context 'when logged in' do
|
|
8
8
|
before { logged_in }
|
|
9
9
|
|
|
10
|
+
context 'with masqueradable_class param' do
|
|
11
|
+
let(:mask) { create(:student) }
|
|
12
|
+
|
|
13
|
+
before { mask.masquerade! }
|
|
14
|
+
|
|
15
|
+
before do
|
|
16
|
+
get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
it { expect(session.keys).to include('devise_masquerade_student') }
|
|
20
|
+
|
|
21
|
+
it 'should have warden keys defined' do
|
|
22
|
+
expect(session["warden.user.student.key"].first.first).to eq(mask.id)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
it { should redirect_to('/') }
|
|
26
|
+
end
|
|
27
|
+
|
|
10
28
|
describe '#masquerade user' do
|
|
11
29
|
let(:mask) { create(:user) }
|
|
12
30
|
|
|
31
|
+
before { mask.masquerade! }
|
|
32
|
+
|
|
13
33
|
before do
|
|
14
|
-
|
|
15
|
-
get :show, :id => mask.to_param
|
|
34
|
+
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
16
35
|
end
|
|
17
36
|
|
|
18
37
|
it { expect(session.keys).to include('devise_masquerade_user') }
|
|
19
38
|
it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
|
|
20
|
-
it { should redirect_to(
|
|
39
|
+
it { should redirect_to('/') }
|
|
21
40
|
|
|
22
41
|
context 'and back' do
|
|
23
42
|
before { get :back }
|
|
@@ -26,54 +45,59 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
26
45
|
it { expect(current_user.reload).to eq(@user) }
|
|
27
46
|
it { expect(session.keys).not_to include('devise_masquerade_user') }
|
|
28
47
|
end
|
|
48
|
+
end
|
|
29
49
|
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
context 'show' do
|
|
35
|
-
before { expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
|
|
36
|
-
|
|
37
|
-
context '< Rails 5 version' do
|
|
38
|
-
before do
|
|
39
|
-
@request.env['HTTP_REFERER'] = 'previous_location'
|
|
40
|
-
get :show, id: mask.to_param
|
|
41
|
-
end # before
|
|
50
|
+
# Configure masquerade_routes_back setting
|
|
51
|
+
describe 'config#masquerade_routes_back' do
|
|
52
|
+
let(:mask) { create(:user) }
|
|
42
53
|
|
|
43
|
-
|
|
44
|
-
end # context
|
|
54
|
+
before { Devise.setup { |c| c.masquerade_routes_back = true } }
|
|
45
55
|
|
|
46
|
-
|
|
47
|
-
before do
|
|
48
|
-
allow_any_instance_of(described_class).to receive(:after_masquerade_path_for).and_return("/dashboard?color=red")
|
|
49
|
-
end
|
|
56
|
+
after { Devise.masquerade_routes_back = false }
|
|
50
57
|
|
|
51
|
-
|
|
58
|
+
before { mask.masquerade! }
|
|
52
59
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
60
|
+
context 'show' do
|
|
61
|
+
context 'with http referrer' do
|
|
62
|
+
before do
|
|
63
|
+
@request.env['HTTP_REFERER'] = 'previous_location'
|
|
64
|
+
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
65
|
+
end # before
|
|
59
66
|
|
|
60
|
-
it { should redirect_to(
|
|
67
|
+
it { should redirect_to('previous_location') }
|
|
61
68
|
end # context
|
|
62
69
|
|
|
63
|
-
context '
|
|
70
|
+
context 'no http referrer' do
|
|
64
71
|
before do
|
|
65
|
-
|
|
66
|
-
|
|
72
|
+
allow_any_instance_of(described_class).to(
|
|
73
|
+
receive(:after_masquerade_path_for).and_return("/dashboard?color=red"))
|
|
67
74
|
end
|
|
68
75
|
|
|
69
|
-
|
|
76
|
+
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
|
77
|
+
|
|
78
|
+
it { should redirect_to("/dashboard?color=red") }
|
|
70
79
|
end # context
|
|
71
|
-
end #
|
|
72
|
-
|
|
80
|
+
end # context
|
|
81
|
+
|
|
82
|
+
context 'and back' do
|
|
83
|
+
before { get :back }
|
|
84
|
+
|
|
85
|
+
it { should redirect_to(masquerade_page) }
|
|
86
|
+
end # context
|
|
87
|
+
|
|
88
|
+
context 'and back fallback if http_referer not present' do
|
|
89
|
+
before do
|
|
90
|
+
@request.env['HTTP_REFERER'] = 'previous_location'
|
|
91
|
+
get :back
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
it { should redirect_to('previous_location') }
|
|
95
|
+
end # context
|
|
96
|
+
end # describe
|
|
73
97
|
end
|
|
74
98
|
|
|
75
99
|
context 'when not logged in' do
|
|
76
|
-
before { get :show, :id
|
|
100
|
+
before { get :show, params: { id: 'any_id' } }
|
|
77
101
|
|
|
78
102
|
it { should redirect_to(new_user_session_path) }
|
|
79
103
|
end
|
data/spec/controllers/{masquerades_controller_spec.rb → masquerades_tests_controller_spec.rb}
RENAMED
|
@@ -1,42 +1,45 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
|
-
describe
|
|
3
|
+
describe MasqueradesTestsController, type: :controller do
|
|
4
4
|
before { @request.env['devise.mapping'] = Devise.mappings[:user] }
|
|
5
5
|
|
|
6
6
|
context 'no access for masquerade' do
|
|
7
7
|
before do
|
|
8
8
|
session.clear
|
|
9
|
-
allow_any_instance_of(
|
|
9
|
+
allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { false }
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
before { logged_in }
|
|
13
13
|
|
|
14
14
|
let(:mask) { create(:user) }
|
|
15
15
|
|
|
16
|
-
before {
|
|
16
|
+
before { mask.masquerade! }
|
|
17
|
+
|
|
18
|
+
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
|
17
19
|
|
|
18
20
|
it { expect(response.status).to eq(403) }
|
|
19
21
|
it { expect(session.keys).not_to include('devise_masquerade_user') }
|
|
20
|
-
it { expect(session[
|
|
22
|
+
it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
|
|
21
23
|
end
|
|
22
24
|
|
|
23
25
|
context 'access for masquerade' do
|
|
24
26
|
before do
|
|
25
27
|
session.clear
|
|
26
|
-
allow_any_instance_of(
|
|
28
|
+
allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { true }
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
before { logged_in }
|
|
30
32
|
|
|
31
33
|
let(:mask) { create(:user) }
|
|
32
34
|
|
|
35
|
+
before { mask.masquerade! }
|
|
36
|
+
|
|
33
37
|
before do
|
|
34
|
-
|
|
35
|
-
get :show, :id => mask.to_param
|
|
38
|
+
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
36
39
|
end
|
|
37
40
|
|
|
38
41
|
it { expect(response.status).to eq(302) }
|
|
39
42
|
it { expect(session.keys).to include('devise_masquerade_user') }
|
|
40
|
-
it { expect(session[
|
|
43
|
+
it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
|
|
41
44
|
end
|
|
42
45
|
end
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
class Admin::DashboardController < ApplicationController
|
|
2
|
-
|
|
3
|
-
before_filter :masquerade_admin_user!
|
|
2
|
+
before_action :authenticate_admin_user!
|
|
4
3
|
|
|
5
4
|
def index
|
|
6
5
|
@users = Admin::User.where("admin_users.id != ?", current_admin_user.id).all
|
|
@@ -1,13 +1,6 @@
|
|
|
1
1
|
class Admin::User < ActiveRecord::Base
|
|
2
|
-
# Include default devise modules. Others available are:
|
|
3
|
-
# :token_authenticatable, :confirmable,
|
|
4
|
-
# :lockable, :timeoutable and :omniauthable
|
|
5
2
|
devise :database_authenticatable, :registerable,
|
|
6
3
|
:recoverable, :rememberable, :trackable, :validatable,
|
|
7
4
|
:masqueradable
|
|
8
|
-
|
|
9
|
-
# Setup accessible (or protected) attributes for your model
|
|
10
|
-
attr_accessible :email, :password, :password_confirmation, :remember_me
|
|
11
|
-
# attr_accessible :title, :body
|
|
12
5
|
end
|
|
13
6
|
|
|
@@ -1,12 +1,3 @@
|
|
|
1
1
|
class User < ActiveRecord::Base
|
|
2
|
-
|
|
3
|
-
# :token_authenticatable, :confirmable,
|
|
4
|
-
# :lockable, :timeoutable and :omniauthable
|
|
5
|
-
devise :database_authenticatable, :registerable,
|
|
6
|
-
:recoverable, :rememberable, :trackable, :validatable,
|
|
7
|
-
:masqueradable
|
|
8
|
-
|
|
9
|
-
# Setup accessible (or protected) attributes for your model
|
|
10
|
-
attr_accessible :email, :password, :password_confirmation, :remember_me
|
|
11
|
-
# attr_accessible :title, :body
|
|
2
|
+
devise :database_authenticatable, :validatable, :masqueradable
|
|
12
3
|
end
|