devise_masquerade 0.6.4 → 1.3.0

data/Makefile

@@ -1,6 +1,11 @@
+release:
+	bundle exec rake release
+.PHONY: release
+
 setup:
 	cd spec/dummy && \
-	RAILS_ENV=test rake db:setup
+	bundle exec rails db:environment:set RAILS_ENV=test && \
+	RAILS_ENV=test bundle exec rails db:setup
 .PHONY: setup
 
 rspec:

data/README.md

@@ -33,18 +33,30 @@ In the view you can use url helper for defining link:
 
     = link_to "Login As", masquerade_path(user)
 
+`masquerade_path` would create specific `/masquerade` path with query params `masquerade`(key) and `masqueraded_resource_class` to know
+which model to choose to search and sign in by masquerade key.
+
 In the model you'll need to add the parameter :masqueradable to the existing comma separated values in the devise method:
 
 ```ruby
     devise :invitable, :confirmable, :database_authenticatable, :registerable, :masqueradable
 ```
 
-Add into your application_controller.rb:
+Add into your `application_controller.rb` if you want to have custom way on sign in by using masquerade token otherwise you can still
+use only `masquerade_path` in your view to generate temporary token and link to make `Login As`:
 
 ```ruby
     before_action :masquerade_user!
 ```
 
+or
+
+```ruby
+    before_action :masquerade!
+```
+
+`masquerade!` is generic way in case if you want to support multiple models on masquerade.
+
 Instead of user you can use your resource name admin, student or another names.
 
 If you want to back to the owner of masquerade action user you could use
@@ -109,6 +121,18 @@ In your view:
     end
 ```
 
+## Custom url redirect after finishing masquerade:
+
+```ruby
+    class Admin::MasqueradesController < Devise::MasqueradesController
+      protected
+
+      def after_back_masquerade_path_for(resource)
+        "/custom_url"
+      end
+    end
+```
+
 ## Overriding the finder
 
 For example, if you use FriendlyId:
@@ -155,6 +179,14 @@ in `routes.rb`:
 And check http://localhost:3000/, use for login user1@example.com and
 'password'
 
+## Troubleshooting
+
+Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Chances are that you need to enable caching:
+
+    rails dev:cache
+
+This is a one-time operation, so you can set it and forget it. Should you ever need to disable caching in development, you can re-run the command as required.
+
 ## Test project
 
     make test

data/app/controllers/devise/masquerades_controller.rb

@@ -1,68 +1,43 @@
 class Devise::MasqueradesController < DeviseController
-  if respond_to?(:prepend_before_action)
-    prepend_before_action :authenticate_scope!, :masquerade_authorize!
-  else
-    prepend_before_filter :authenticate_scope!, :masquerade_authorize!
+  Devise.mappings.each do |name, _|
+    class_eval <<-METHODS, __FILE__, __LINE__ + 1
+      skip_before_action :masquerade_#{name}!, raise: false
+    METHODS
   end
+  skip_before_action :masquerade!, raise: false
 
-  if respond_to?(:before_action)
-    before_action :save_masquerade_owner_session, :only => :show
-  else
-    before_filter :save_masquerade_owner_session, :only => :show
-  end
+  prepend_before_action :authenticate_scope!, :masquerade_authorize!
 
-  if respond_to?(:after_action)
-    after_action :cleanup_masquerade_owner_session, :only => :back
-  else
-    after_filter :cleanup_masquerade_owner_session, :only => :back
-  end
+  before_action :save_masquerade_owner_session, only: :show
+
+  after_action :cleanup_masquerade_owner_session, only: :back
 
   def show
     self.resource = find_resource
 
-    unless self.resource
+    unless resource
       flash[:error] = "#{masqueraded_resource_class} not found."
       redirect_to(new_user_session_path) and return
     end
 
-    self.resource.masquerade!
-    request.env["devise.skip_trackable"] = "1"
+    request.env['devise.skip_trackable'] = '1'
 
-    masquerade_sign_in(self.resource)
+    masquerade_sign_in(resource)
 
-    if Devise.masquerade_routes_back && Rails::VERSION::MAJOR == 5
-      redirect_back(fallback_location: after_masquerade_full_path_for(resource))
-    elsif Devise.masquerade_routes_back && request.env['HTTP_REFERER'].present?
-      redirect_to :back
-    else
-      redirect_to(after_masquerade_full_path_for(resource))
-    end
+    go_back(resource, path: after_masquerade_full_path_for(resource))
   end
 
   def back
-    user_id = session[session_key]
-
-    owner_user = if user_id.present?
-                   masquerading_resource_class.to_adapter.find_first(:id => user_id)
-                 else
-                   send(:"current_#{masquerading_resource_name}")
-                 end
+    self.resource = find_owner_resource
 
-    if masquerading_resource_class != masqueraded_resource_class
+    if resource.class != masqueraded_resource_class
       sign_out(send("current_#{masqueraded_resource_name}"))
     end
 
-    masquerade_sign_in(owner_user)
-    request.env["devise.skip_trackable"] = nil
+    masquerade_sign_in(resource)
+    request.env['devise.skip_trackable'] = nil
 
-    if Devise.masquerade_routes_back && Rails::VERSION::MAJOR == 5
-      # If using the masquerade_routes_back and Rails 5
-      redirect_back(fallback_location: after_back_masquerade_path_for(owner_user))
-    elsif Devise.masquerade_routes_back && request.env['HTTP_REFERER'].present?
-      redirect_to :back
-    else
-      redirect_to after_back_masquerade_path_for(owner_user)
-    end
+    go_back(resource, path: after_back_masquerade_path_for(resource))
   end
 
   protected
@@ -76,13 +51,35 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def find_resource
-    masqueraded_resource_class.to_adapter.find_first(:id => params[:id])
+    GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
+  end
+
+  def find_owner_resource
+    GlobalID::Locator.locate_signed(Rails.cache.read(session_key), for: 'masquerade')
+  end
+
+  def go_back(user, path:)
+    if Devise.masquerade_routes_back
+      redirect_back(fallback_location: path)
+    else
+      redirect_to path
+    end
   end
 
   private
 
   def masqueraded_resource_class
-    Devise.masqueraded_resource_class || resource_class
+    @masqueraded_resource_class ||= begin
+      unless params[:masqueraded_resource_class].blank?
+        params[:masqueraded_resource_class].constantize
+      else
+        unless session[session_key_masqueraded_resource_class].blank?
+          session[session_key_masquerading_resource_class].constantize
+        else
+          Devise.masqueraded_resource_class || resource_class
+        end
+      end
+    end
   end
 
   def masqueraded_resource_name
@@ -90,7 +87,17 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def masquerading_resource_class
-    Devise.masquerading_resource_class || resource_class
+    @masquerading_resource_class ||= begin
+      unless params[:masquerading_resource_class].blank?
+        params[:masquerading_resource_class].constantize
+      else
+        unless session[session_key_masquerading_resource_class].blank?
+          session[session_key_masquerading_resource_class].constantize
+        else
+          Devise.masquerading_resource_class || resource_class
+        end
+      end
+    end
   end
 
   def masquerading_resource_name
@@ -98,23 +105,15 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def authenticate_scope!
-    send(:"authenticate_#{masquerading_resource_name}!", :force => true)
+    send(:"authenticate_#{masquerading_resource_name}!", force: true)
   end
 
   def after_masquerade_path_for(resource)
-    "/"
+    '/'
   end
 
   def after_masquerade_full_path_for(resource)
-    if after_masquerade_path_for(resource) =~ /\?/
-      "#{after_masquerade_path_for(resource)}&#{after_masquerade_param_for(resource)}"
-    else
-      "#{after_masquerade_path_for(resource)}?#{after_masquerade_param_for(resource)}"
-    end
-  end
-
-  def after_masquerade_param_for(resource)
-    "#{Devise.masquerade_param}=#{resource.masquerade_key}"
+    after_masquerade_path_for(resource)
   end
 
   def after_back_masquerade_path_for(resource)
@@ -122,16 +121,33 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def save_masquerade_owner_session
+    resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
+      expires_in: Devise.masquerade_expires_in, for: 'masquerade')
+    # skip sharing owner id via session
+    Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
+
     unless session.key?(session_key)
-      session[session_key] = send("current_#{masquerading_resource_name}").id
+      session[session_key_masquerading_resource_class] = masquerading_resource_class.name
+      session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
     end
   end
 
   def cleanup_masquerade_owner_session
-    session.delete(session_key)
+    Rails.cache.delete(session_key)
+
+    session.delete(session_key_masqueraded_resource_class)
+    session.delete(session_key_masquerading_resource_class)
   end
 
   def session_key
     "devise_masquerade_#{masqueraded_resource_name}".to_sym
   end
+
+  def session_key_masqueraded_resource_class
+    "devise_masquerade_masqueraded_resource_class"
+  end
+
+  def session_key_masquerading_resource_class
+    "devise_masquerade_masquerading_resource_class"
+  end
 end

data/devise_masquerade.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |gem|
   gem.email         = ['alex.korsak@gmail.com']
   gem.description   = 'devise masquerade library'
   gem.summary       = 'use for login as functionallity on your admin users pages'
-  gem.homepage      = 'http://github.com/oivoodoo/devise_masquerade/'
+  gem.homepage      = 'http://github.com/oivoodoo/devise_masquerade'
 
   gem.files         = `git ls-files`.split($/)
   gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
@@ -20,8 +20,9 @@ Gem::Specification.new do |gem|
 
   gem.license = 'MIT'
 
-  gem.add_development_dependency('bundler', '>= 1.1.0')
+  gem.add_development_dependency('bundler', '>= 2.0.0')
 
-  gem.add_runtime_dependency('railties', '>= 3.0')
-  gem.add_runtime_dependency('devise', '>= 2.1.0')
+  gem.add_runtime_dependency('railties', '>= 5.2.0')
+  gem.add_runtime_dependency('devise', '>= 4.7.0')
+  gem.add_runtime_dependency('globalid', '>= 0.3.6')
 end

data/features/back.feature

@@ -13,4 +13,3 @@ Feature: Use back button for returning to the owner of the masquerade action.
 
     When I press back masquerade button
       Then I should be login as owner user
-

data/features/multiple_masquerading_models.feature

@@ -0,0 +1,17 @@
+Feature: Use various models for masquerading
+  In order to use various models for masquerading
+  As an masquerade user
+  I want to be able to press press masquerade as link for different models
+
+  Scenario: Use masquerade button on student and user models
+    Given I logged in
+    And I have a user for masquerade
+    And I have a student for masquerade
+
+    When I am on the users page
+    And I login as one user
+      Then I should be login as this user
+
+    When I am on the students page
+    And I login as one student
+      Then I should be login as this student

data/features/step_definitions/auth_steps.rb

@@ -8,3 +8,4 @@ Given /^I logged in$/ do
 
   click_on 'Log in'
 end
+

data/features/step_definitions/back_steps.rb

@@ -1,5 +1,5 @@
 Given /^I have a user for masquerade$/ do
-  @mask = create(:user)
+  @user_mask = create(:user)
 end
 
 When /^I am on the users page$/ do
@@ -7,11 +7,11 @@ When /^I am on the users page$/ do
 end
 
 When /^I login as one user$/ do
-  click_on "Login as"
+  find('.login_as').click
 end
 
 Then /^I should be login as this user$/ do
-  find('.current_user').should have_content(@mask.email)
+  find('.current_user').should have_content(@user_mask.email)
 end
 
 When /^I press back masquerade button$/ do
@@ -22,3 +22,18 @@ Then /^I should be login as owner user$/ do
   find('.current_user').should have_content(@user.email)
 end
 
+Given /^I have a student for masquerade$/ do
+  @student_mask = create(:student)
+end
+
+When /^I am on the students page$/ do
+  visit '/students'
+end
+
+When /^I login as one student$/ do
+  find('.login_as').click
+end
+
+Then /^I should be login as this student$/ do
+  find('.current_student').should have_content(@student_mask.email)
+end

data/features/support/env.rb

@@ -1,5 +1,5 @@
 require 'cucumber/rails'
-require 'factory_girl'
+require 'factory_bot'
 require 'database_cleaner'
 require 'cucumber/rspec/doubles'
 
@@ -9,9 +9,11 @@ ENV["RAILS_ENV"] = "test"
 
 Capybara.default_selector = :css
 
-ActionController::Base.allow_rescue = false
+ActiveSupport.on_load(:action_controller) do
+  self.allow_rescue = false
+end
 
-World(FactoryGirl::Syntax::Methods)
+World(FactoryBot::Syntax::Methods)
 
 begin
   DatabaseCleaner.strategy = :transaction
@@ -20,7 +22,24 @@ rescue NameError
 end
 
 Cucumber::Rails::Database.javascript_strategy = :truncation
-Capybara.javascript_driver = :webkit
+
+Capybara.register_driver :chrome do |app|
+  Capybara::Selenium::Driver.new(app, browser: :chrome)
+end
+
+Capybara.register_driver :headless_chrome do |app|
+  caps = Selenium::WebDriver::Remote::Capabilities.chrome(loggingPrefs: { browser: 'ALL' })
+  opts = Selenium::WebDriver::Chrome::Options.new
+
+  chrome_args = %w[--headless --window-size=1920,1080 --no-sandbox --disable-dev-shm-usage]
+  chrome_args.each { |arg| opts.add_argument(arg) }
+  Capybara::Selenium::Driver.new(app, browser: :chrome, options: opts, desired_capabilities: caps)
+end
+
+Capybara.configure do |config|
+  # change this to :chrome to observe tests in a real browser
+  config.javascript_driver = :headless_chrome
+end
 
 Before do
   allow_any_instance_of(DeviseController).to receive(:devise_mapping) { Devise.mappings[:user] }

data/lib/devise_masquerade.rb

@@ -1,22 +1,16 @@
 require 'devise'
-
-require 'action_controller'
-require 'action_controller/base'
 require 'devise_masquerade/version'
 require 'devise_masquerade/routes'
 require 'devise_masquerade/controllers/helpers'
 require 'devise_masquerade/controllers/url_helpers'
 require 'devise_masquerade/rails'
 
-module DeviseMasquerade
-end
-
 module Devise
   mattr_accessor :masquerade_param
   @@masquerade_param = 'masquerade'
 
   mattr_accessor :masquerade_expires_in
-  @@masquerade_expires_in = 10.seconds
+  @@masquerade_expires_in = 1.minute
 
   mattr_accessor :masquerade_key_size
   @@masquerade_key_size = 16
@@ -42,5 +36,5 @@ module Devise
   @@helpers << DeviseMasquerade::Controllers::Helpers
 end
 
-Devise.add_module :masqueradable, :controller => :masquerades,
-  :model => 'devise_masquerade/model', :route => :masquerade
+Devise.add_module :masqueradable, controller: :masquerades,
+  model: 'devise_masquerade/models', route: :masquerade