devise_masquerade 0.6.4 → 1.3.1

data/app/controllers/devise/masquerades_controller.rb

@@ -1,68 +1,43 @@
 class Devise::MasqueradesController < DeviseController
-  if respond_to?(:prepend_before_action)
-    prepend_before_action :authenticate_scope!, :masquerade_authorize!
-  else
-    prepend_before_filter :authenticate_scope!, :masquerade_authorize!
+  Devise.mappings.each do |name, _|
+    class_eval <<-METHODS, __FILE__, __LINE__ + 1
+      skip_before_action :masquerade_#{name}!, raise: false
+    METHODS
   end
+  skip_before_action :masquerade!, raise: false
 
-  if respond_to?(:before_action)
-    before_action :save_masquerade_owner_session, :only => :show
-  else
-    before_filter :save_masquerade_owner_session, :only => :show
-  end
+  prepend_before_action :authenticate_scope!, :masquerade_authorize!
 
-  if respond_to?(:after_action)
-    after_action :cleanup_masquerade_owner_session, :only => :back
-  else
-    after_filter :cleanup_masquerade_owner_session, :only => :back
-  end
+  before_action :save_masquerade_owner_session, only: :show
+
+  after_action :cleanup_masquerade_owner_session, only: :back
 
   def show
     self.resource = find_resource
 
-    unless self.resource
+    unless resource
       flash[:error] = "#{masqueraded_resource_class} not found."
       redirect_to(new_user_session_path) and return
     end
 
-    self.resource.masquerade!
-    request.env["devise.skip_trackable"] = "1"
+    request.env['devise.skip_trackable'] = '1'
 
-    masquerade_sign_in(self.resource)
+    masquerade_sign_in(resource)
 
-    if Devise.masquerade_routes_back && Rails::VERSION::MAJOR == 5
-      redirect_back(fallback_location: after_masquerade_full_path_for(resource))
-    elsif Devise.masquerade_routes_back && request.env['HTTP_REFERER'].present?
-      redirect_to :back
-    else
-      redirect_to(after_masquerade_full_path_for(resource))
-    end
+    go_back(resource, path: after_masquerade_full_path_for(resource))
   end
 
   def back
-    user_id = session[session_key]
-
-    owner_user = if user_id.present?
-                   masquerading_resource_class.to_adapter.find_first(:id => user_id)
-                 else
-                   send(:"current_#{masquerading_resource_name}")
-                 end
+    self.resource = find_owner_resource
 
-    if masquerading_resource_class != masqueraded_resource_class
+    if resource.class != masqueraded_resource_class
       sign_out(send("current_#{masqueraded_resource_name}"))
     end
 
-    masquerade_sign_in(owner_user)
-    request.env["devise.skip_trackable"] = nil
+    masquerade_sign_in(resource)
+    request.env['devise.skip_trackable'] = nil
 
-    if Devise.masquerade_routes_back && Rails::VERSION::MAJOR == 5
-      # If using the masquerade_routes_back and Rails 5
-      redirect_back(fallback_location: after_back_masquerade_path_for(owner_user))
-    elsif Devise.masquerade_routes_back && request.env['HTTP_REFERER'].present?
-      redirect_to :back
-    else
-      redirect_to after_back_masquerade_path_for(owner_user)
-    end
+    go_back(resource, path: after_back_masquerade_path_for(resource))
   end
 
   protected
@@ -76,13 +51,35 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def find_resource
-    masqueraded_resource_class.to_adapter.find_first(:id => params[:id])
+    GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
+  end
+
+  def find_owner_resource
+    GlobalID::Locator.locate_signed(Rails.cache.read(session_key), for: 'masquerade')
+  end
+
+  def go_back(user, path:)
+    if Devise.masquerade_routes_back
+      redirect_back(fallback_location: path)
+    else
+      redirect_to path
+    end
   end
 
   private
 
   def masqueraded_resource_class
-    Devise.masqueraded_resource_class || resource_class
+    @masqueraded_resource_class ||= begin
+      unless params[:masqueraded_resource_class].blank?
+        params[:masqueraded_resource_class].constantize
+      else
+        unless session[session_key_masqueraded_resource_class].blank?
+          session[session_key_masquerading_resource_class].constantize
+        else
+          Devise.masqueraded_resource_class || resource_class
+        end
+      end
+    end
   end
 
   def masqueraded_resource_name
@@ -90,7 +87,17 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def masquerading_resource_class
-    Devise.masquerading_resource_class || resource_class
+    @masquerading_resource_class ||= begin
+      unless params[:masquerading_resource_class].blank?
+        params[:masquerading_resource_class].constantize
+      else
+        unless session[session_key_masquerading_resource_class].blank?
+          session[session_key_masquerading_resource_class].constantize
+        else
+          Devise.masquerading_resource_class || resource_class
+        end
+      end
+    end
   end
 
   def masquerading_resource_name
@@ -98,23 +105,15 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def authenticate_scope!
-    send(:"authenticate_#{masquerading_resource_name}!", :force => true)
+    send(:"authenticate_#{masquerading_resource_name}!", force: true)
   end
 
   def after_masquerade_path_for(resource)
-    "/"
+    '/'
   end
 
   def after_masquerade_full_path_for(resource)
-    if after_masquerade_path_for(resource) =~ /\?/
-      "#{after_masquerade_path_for(resource)}&#{after_masquerade_param_for(resource)}"
-    else
-      "#{after_masquerade_path_for(resource)}?#{after_masquerade_param_for(resource)}"
-    end
-  end
-
-  def after_masquerade_param_for(resource)
-    "#{Devise.masquerade_param}=#{resource.masquerade_key}"
+    after_masquerade_path_for(resource)
   end
 
   def after_back_masquerade_path_for(resource)
@@ -122,16 +121,33 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def save_masquerade_owner_session
+    resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
+      expires_in: Devise.masquerade_expires_in, for: 'masquerade')
+    # skip sharing owner id via session
+    Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
+
     unless session.key?(session_key)
-      session[session_key] = send("current_#{masquerading_resource_name}").id
+      session[session_key_masquerading_resource_class] = masquerading_resource_class.name
+      session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
     end
   end
 
   def cleanup_masquerade_owner_session
-    session.delete(session_key)
+    Rails.cache.delete(session_key)
+
+    session.delete(session_key_masqueraded_resource_class)
+    session.delete(session_key_masquerading_resource_class)
   end
 
   def session_key
     "devise_masquerade_#{masqueraded_resource_name}".to_sym
   end
+
+  def session_key_masqueraded_resource_class
+    "devise_masquerade_masqueraded_resource_class"
+  end
+
+  def session_key_masquerading_resource_class
+    "devise_masquerade_masquerading_resource_class"
+  end
 end

data/devise_masquerade.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |gem|
   gem.email         = ['alex.korsak@gmail.com']
   gem.description   = 'devise masquerade library'
   gem.summary       = 'use for login as functionallity on your admin users pages'
-  gem.homepage      = 'http://github.com/oivoodoo/devise_masquerade/'
+  gem.homepage      = 'http://github.com/oivoodoo/devise_masquerade'
 
   gem.files         = `git ls-files`.split($/)
   gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
@@ -20,8 +20,9 @@ Gem::Specification.new do |gem|
 
   gem.license = 'MIT'
 
-  gem.add_development_dependency('bundler', '>= 1.1.0')
+  gem.add_development_dependency('bundler', '>= 2.0.0')
 
-  gem.add_runtime_dependency('railties', '>= 3.0')
-  gem.add_runtime_dependency('devise', '>= 2.1.0')
+  gem.add_runtime_dependency('railties', '>= 5.2.0')
+  gem.add_runtime_dependency('devise', '>= 4.7.0')
+  gem.add_runtime_dependency('globalid', '>= 0.3.6')
 end

data/features/back.feature

@@ -13,4 +13,3 @@ Feature: Use back button for returning to the owner of the masquerade action.
 
     When I press back masquerade button
       Then I should be login as owner user
-

data/features/multiple_masquerading_models.feature

@@ -0,0 +1,17 @@
+Feature: Use various models for masquerading
+  In order to use various models for masquerading
+  As an masquerade user
+  I want to be able to press press masquerade as link for different models
+
+  Scenario: Use masquerade button on student and user models
+    Given I logged in
+    And I have a user for masquerade
+    And I have a student for masquerade
+
+    When I am on the users page
+    And I login as one user
+      Then I should be login as this user
+
+    When I am on the students page
+    And I login as one student
+      Then I should be login as this student

data/features/step_definitions/auth_steps.rb

@@ -8,3 +8,4 @@ Given /^I logged in$/ do
 
   click_on 'Log in'
 end
+

data/features/step_definitions/back_steps.rb

@@ -1,5 +1,5 @@
 Given /^I have a user for masquerade$/ do
-  @mask = create(:user)
+  @user_mask = create(:user)
 end
 
 When /^I am on the users page$/ do
@@ -7,11 +7,11 @@ When /^I am on the users page$/ do
 end
 
 When /^I login as one user$/ do
-  click_on "Login as"
+  find('.login_as').click
 end
 
 Then /^I should be login as this user$/ do
-  find('.current_user').should have_content(@mask.email)
+  find('.current_user').should have_content(@user_mask.email)
 end
 
 When /^I press back masquerade button$/ do
@@ -22,3 +22,18 @@ Then /^I should be login as owner user$/ do
   find('.current_user').should have_content(@user.email)
 end
 
+Given /^I have a student for masquerade$/ do
+  @student_mask = create(:student)
+end
+
+When /^I am on the students page$/ do
+  visit '/students'
+end
+
+When /^I login as one student$/ do
+  find('.login_as').click
+end
+
+Then /^I should be login as this student$/ do
+  find('.current_student').should have_content(@student_mask.email)
+end

data/features/step_definitions/url_helpers_steps.rb

@@ -0,0 +1,11 @@
+Then("I should see maquerade url") do
+  page.html.should include('href="/users/masquerade?masquerade=')
+end
+
+When("I am on the users page with extra params") do
+  visit '/extra_params'
+end
+
+Then("I should see maquerade url with extra params") do
+  page.html.should include('href="/users/masquerade?key1=value1&masquerade=')
+end

data/features/support/env.rb

@@ -1,5 +1,5 @@
 require 'cucumber/rails'
-require 'factory_girl'
+require 'factory_bot'
 require 'database_cleaner'
 require 'cucumber/rspec/doubles'
 
@@ -9,9 +9,11 @@ ENV["RAILS_ENV"] = "test"
 
 Capybara.default_selector = :css
 
-ActionController::Base.allow_rescue = false
+ActiveSupport.on_load(:action_controller) do
+  self.allow_rescue = false
+end
 
-World(FactoryGirl::Syntax::Methods)
+World(FactoryBot::Syntax::Methods)
 
 begin
   DatabaseCleaner.strategy = :transaction
@@ -20,7 +22,24 @@ rescue NameError
 end
 
 Cucumber::Rails::Database.javascript_strategy = :truncation
-Capybara.javascript_driver = :webkit
+
+Capybara.register_driver :chrome do |app|
+  Capybara::Selenium::Driver.new(app, browser: :chrome)
+end
+
+Capybara.register_driver :headless_chrome do |app|
+  caps = Selenium::WebDriver::Remote::Capabilities.chrome(loggingPrefs: { browser: 'ALL' })
+  opts = Selenium::WebDriver::Chrome::Options.new
+
+  chrome_args = %w[--headless --window-size=1920,1080 --no-sandbox --disable-dev-shm-usage]
+  chrome_args.each { |arg| opts.add_argument(arg) }
+  Capybara::Selenium::Driver.new(app, browser: :chrome, options: opts, desired_capabilities: caps)
+end
+
+Capybara.configure do |config|
+  # change this to :chrome to observe tests in a real browser
+  config.javascript_driver = :headless_chrome
+end
 
 Before do
   allow_any_instance_of(DeviseController).to receive(:devise_mapping) { Devise.mappings[:user] }

data/features/url_helpers.feature

@@ -0,0 +1,14 @@
+Feature: Use masquerade path to generate routes on page
+  In order to have the way to render masquerade path
+  As an user
+  I want to be able to see the url and use it
+
+  Scenario: Use masquerade path helper
+    Given I logged in
+    And I have a user for masquerade
+
+    When I am on the users page
+      Then I should see maquerade url
+
+    When I am on the users page with extra params
+      Then I should see maquerade url with extra params

data/lib/devise_masquerade/controllers/helpers.rb

@@ -6,23 +6,44 @@ module DeviseMasquerade
         class_name = mapping.class_name
 
         class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def masquerade!
+            return if params["#{Devise.masquerade_param}"].blank?
+
+            klass = unless params[:masqueraded_resource_class].blank?
+              params[:masqueraded_resource_class].constantize
+            else
+              if Devise.masqueraded_resource_class
+                Devise.masqueraded_resource_class
+              elsif defined?(User)
+                User
+              end
+            end
+            return unless klass
+
+            resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
+
+            if resource
+              masquerade_sign_in(resource)
+            end
+          end
+
           def masquerade_#{name}!
             return if params["#{Devise.masquerade_param}"].blank?
 
-            #{name} = ::#{class_name}.find_by_masquerade_key(params["#{Devise.masquerade_param}"])
+            resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
 
-            if #{name}
-              masquerade_sign_in(#{name})
+            if resource
+              masquerade_sign_in(resource)
             end
           end
 
           def #{name}_masquerade?
-            session[:"devise_masquerade_#{name}"].present?
+            ::Rails.cache.exist?(:"devise_masquerade_#{name}").present?
           end
 
           def #{name}_masquerade_owner
             return nil unless send(:#{name}_masquerade?)
-            ::#{class_name}.to_adapter.find_first(:id => session[:"devise_masquerade_#{name}"])
+            GlobalID::Locator.locate_signed(Rails.cache.read(:"devise_masquerade_#{name}"), for: 'masquerade')
           end
 
           private
@@ -32,7 +53,7 @@ module DeviseMasquerade
               if respond_to?(:bypass_sign_in)
                 bypass_sign_in(resource)
               else
-                sign_in(resource, :bypass => true)
+                sign_in(resource, bypass: true)
               end
             else
               sign_in(resource)
@@ -50,5 +71,3 @@ module DeviseMasquerade
     end
   end
 end
-
-ActionController::Base.send(:include, DeviseMasquerade::Controllers::Helpers)

data/lib/devise_masquerade/controllers/url_helpers.rb

@@ -1,16 +1,30 @@
+require 'securerandom'
+
 module DeviseMasquerade
   module Controllers
+
     module UrlHelpers
-      def masquerade_path(resource)
+      def masquerade_path(resource, *args)
         scope = Devise::Mapping.find_scope!(resource)
-        send("#{scope}_masquerade_path", resource)
+
+        opts = args.shift || {}
+        opts.merge!(masqueraded_resource_class: resource.class.name)
+
+        opts.merge!(Devise.masquerade_param => resource.masquerade_key)
+
+        send("#{scope}_masquerade_index_path", opts, *args)
       end
 
-      def back_masquerade_path(resource)
+      def back_masquerade_path(resource, *args)
         scope = Devise::Mapping.find_scope!(resource)
-        send("back_#{scope}_masquerade_index_path")
+
+        opts = args.first || {}
+        opts.merge!(masqueraded_resource_class: resource.class.name)
+
+        send("back_#{scope}_masquerade_index_path", opts, *args)
       end
     end
+
   end
 end
 

data/lib/devise_masquerade/models/masqueradable.rb

@@ -0,0 +1,13 @@
+module DeviseMasquerade
+  module Models
+    module Masqueradable
+      extend ActiveSupport::Concern
+
+      included do
+        def masquerade_key
+          to_sgid(expires_in: Devise.masquerade_expires_in, for: 'masquerade')
+        end
+      end
+    end
+  end
+end

data/lib/devise_masquerade/models.rb

@@ -0,0 +1,9 @@
+require 'devise_masquerade/models/masqueradable'
+
+module DeviseMasquerade
+  module Models
+
+  end
+end
+
+Devise::Models.send :include, DeviseMasquerade::Models

data/lib/devise_masquerade/rails.rb

@@ -1,7 +1,17 @@
+# frozen_string_literal: true
+
 module DeviseMasquerade
-  class Engine < ::Rails::Engine
-    ActiveSupport.on_load(:action_controller) { include DeviseMasquerade::Controllers::UrlHelpers }
-    ActiveSupport.on_load(:action_view)       { include DeviseMasquerade::Controllers::UrlHelpers }
+  module Rails
+
+    class Engine < ::Rails::Engine
+      initializer "devise.url_helpers" do
+        Devise.include_helpers(DeviseMasquerade::Controllers)
+      end
+
+      ActiveSupport.on_load(:action_controller) do
+        include DeviseMasquerade::Controllers::Helpers
+      end
+    end
+
   end
 end
-

data/lib/devise_masquerade/routes.rb

@@ -1,17 +1,20 @@
-module ActionDispatch::Routing
-  class Mapper
-
-    protected
+module DeviseMasquerade
+  module Routes
 
     def devise_masquerade(mapping, controllers)
       resources :masquerade,
-        :only => :show,
-        :path => mapping.path_names[:masquerade],
-        :controller => controllers[:masquerades] do
+        path: mapping.path_names[:masquerade],
+        controller: controllers[:masquerades],
+        only: [] do
 
-        get :back, :on => :collection
+        collection do
+          get :show
+          get :back
+        end
       end
     end
+
   end
 end
 
+ActionDispatch::Routing::Mapper.send :include, DeviseMasquerade::Routes

data/lib/devise_masquerade/version.rb

@@ -1,3 +1,3 @@
 module DeviseMasquerade
-  VERSION = '0.6.4'.freeze
+  VERSION = '1.3.1'.freeze
 end

data/lib/devise_masquerade.rb

@@ -1,22 +1,16 @@
 require 'devise'
-
-require 'action_controller'
-require 'action_controller/base'
 require 'devise_masquerade/version'
 require 'devise_masquerade/routes'
 require 'devise_masquerade/controllers/helpers'
 require 'devise_masquerade/controllers/url_helpers'
 require 'devise_masquerade/rails'
 
-module DeviseMasquerade
-end
-
 module Devise
   mattr_accessor :masquerade_param
   @@masquerade_param = 'masquerade'
 
   mattr_accessor :masquerade_expires_in
-  @@masquerade_expires_in = 10.seconds
+  @@masquerade_expires_in = 1.minute
 
   mattr_accessor :masquerade_key_size
   @@masquerade_key_size = 16
@@ -42,5 +36,5 @@ module Devise
   @@helpers << DeviseMasquerade::Controllers::Helpers
 end
 
-Devise.add_module :masqueradable, :controller => :masquerades,
-  :model => 'devise_masquerade/model', :route => :masquerade
+Devise.add_module :masqueradable, controller: :masquerades,
+  model: 'devise_masquerade/models', route: :masquerade

data/spec/controllers/admin/dashboard_controller_spec.rb

@@ -5,14 +5,13 @@ describe Admin::DashboardController, type: :controller do
     before { admin_logged_in }
 
     context 'and admin masquerade by user' do
-      let!(:user) { create(:admin_user) }
+      let!(:mask) { create(:admin_user) }
 
       before do
-        user.masquerade!
-        get :index, :masquerade => user.masquerade_key
+        get :index, params: { masquerade: mask.masquerade_key, masqueraded_resource_class: 'Admin::User' }
       end
 
-      it { expect(current_admin_user.reload).to eq(user) }
+      it { expect(current_admin_user.reload).to eq(mask) }
     end
   end
 end

data/spec/controllers/dashboard_controller_spec.rb

@@ -5,15 +5,13 @@ describe DashboardController, type: :controller do
     before { logged_in }
 
     context 'and admin masquerade by user' do
-      let!(:user) { create(:user) }
+      let!(:mask) { create(:user) }
 
       before do
-        user.masquerade!
-
-        get :index, :masquerade => user.masquerade_key
+        get :index, params: { masquerade: mask.masquerade_key }
       end
 
-      it { expect(current_user.reload).to eq(user) }
+      it { expect(current_user.reload).to eq(mask) }
     end
   end
 end