devise_masquerade 0.6.4 → 1.3.1

data/spec/controllers/devise/masquerades_controller_spec.rb

@@ -7,73 +7,97 @@ describe Devise::MasqueradesController, type: :controller do
     context 'when logged in' do
       before { logged_in }
 
+      context 'with masqueradable_class param' do
+        let(:mask) { create(:student) }
+
+        before do
+          get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
+        end
+
+        it { expect(Rails.cache.read('devise_masquerade_student')).to be }
+
+        it 'should have warden keys defined' do
+          expect(session["warden.user.student.key"].first.first).to eq(mask.id)
+        end
+
+        it { should redirect_to('/') }
+      end
+
       describe '#masquerade user' do
         let(:mask) { create(:user) }
 
         before do
-          expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" }
-          get :show, :id => mask.to_param
+          get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
         end
 
-        it { expect(session.keys).to include('devise_masquerade_user') }
+        it { expect(Rails.cache.read('devise_masquerade_user')).to be }
         it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
-        it { should redirect_to("/?masquerade=secure_key") }
+        it { should redirect_to('/') }
 
         context 'and back' do
           before { get :back }
 
           it { should redirect_to(masquerade_page) }
           it { expect(current_user.reload).to eq(@user) }
-          it { expect(session.keys).not_to include('devise_masquerade_user') }
+          it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
         end
+      end
 
-        # Configure masquerade_routes_back setting
-        describe 'config#masquerade_routes_back' do
-          before { Devise.setup {|c| c.masquerade_routes_back = true } }
+      # Configure masquerade_routes_back setting
+      describe 'config#masquerade_routes_back' do
+        let(:mask) { create(:user) }
 
-          context 'show' do
-            before { expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
+        before { Devise.setup { |c| c.masquerade_routes_back = true } }
 
-            context '< Rails 5 version' do
-              before do
-                @request.env['HTTP_REFERER'] = 'previous_location'
-                get :show, id: mask.to_param
-              end # before
+        after { Devise.masquerade_routes_back = false }
 
-              it { should redirect_to('previous_location') }
-            end # context
+        context 'show' do
+          context 'with http referrer' do
+            before do
+              @request.env['HTTP_REFERER'] = 'previous_location'
+              get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
+            end # before
 
-            context '< Rails 5, fallback if http_referer not present' do
-              before do
-                allow_any_instance_of(described_class).to receive(:after_masquerade_path_for).and_return("/dashboard?color=red")
-              end
+            it { should redirect_to('previous_location') }
+          end # context
 
-              before { get :show, id: mask.to_param }
+          context 'no http referrer' do
+            before do
+              allow_any_instance_of(described_class).to(
+                receive(:after_masquerade_path_for).and_return("/dashboard?color=red"))
+            end
 
-              it { should redirect_to("/dashboard?color=red&masquerade=secure_key") }
-            end # context
+            before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
+
+            it { should redirect_to("/dashboard?color=red") }
           end # context
+        end # context
 
-          context '< Rails 5, and back' do
-            before { get :back }
+        context 'and back' do
+          before do
+            get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
 
-            it { should redirect_to(masquerade_page) }
-          end # context
+            get :back
+          end
 
-          context '< Rails 5, and back fallback if http_referer not present' do
-            before do
-              @request.env['HTTP_REFERER'] = 'previous_location'
-              get :back
-            end
+          it { should redirect_to(masquerade_page) }
+        end # context
 
-            it { should redirect_to('previous_location') }
-          end # context
-        end # describe
-      end
+        context 'and back fallback if http_referer not present' do
+          before do
+            get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
+
+            @request.env['HTTP_REFERER'] = 'previous_location'
+            get :back
+          end
+
+          it { should redirect_to('previous_location') }
+        end # context
+      end # describe
     end
 
     context 'when not logged in' do
-      before { get :show, :id => 'any_id' }
+      before { get :show, params: { id: 'any_id' } }
 
       it { should redirect_to(new_user_session_path) }
     end

data/spec/controllers/masquerades_tests_controller_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+describe MasqueradesTestsController, type: :controller do
+  before { @request.env['devise.mapping'] = Devise.mappings[:user] }
+
+  context 'no access for masquerade' do
+    before do
+      session.clear
+      allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { false }
+    end
+
+    before { logged_in }
+
+    let(:mask) { create(:user) }
+
+    before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
+
+    it { expect(response.status).to eq(403) }
+    it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
+    it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
+  end
+
+  context 'access for masquerade' do
+    before do
+      session.clear
+      allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { true }
+    end
+
+    before { logged_in }
+
+    let(:mask) { create(:user) }
+
+    before do
+      get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
+    end
+
+    it { expect(response.status).to eq(302) }
+    it { expect(Rails.cache.read('devise_masquerade_user')).to be }
+    it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
+  end
+end

data/spec/dummy/app/controllers/admin/dashboard_controller.rb

@@ -1,6 +1,5 @@
 class Admin::DashboardController < ApplicationController
-  before_filter :authenticate_admin_user!
-  before_filter :masquerade_admin_user!
+  before_action :authenticate_admin_user!
 
   def index
     @users = Admin::User.where("admin_users.id != ?", current_admin_user.id).all

data/spec/dummy/app/controllers/application_controller.rb

@@ -1,4 +1,6 @@
 class ApplicationController < ActionController::Base
+  before_action :masquerade!
+
   protect_from_forgery
 end
 

data/spec/dummy/app/controllers/dashboard_controller.rb

@@ -1,9 +1,12 @@
 class DashboardController < ApplicationController
-  before_filter :authenticate_user!
-  before_filter :masquerade_user!
+  before_action :authenticate_user!
 
   def index
     @users = User.where("users.id != ?", current_user.id).all
   end
+
+  def extra_params
+    @users = User.where("users.id != ?", current_user.id).all
+  end
 end
 

data/spec/dummy/app/controllers/masquerades_tests_controller.rb

@@ -0,0 +1,7 @@
+class MasqueradesTestsController < Devise::MasqueradesController
+  before_action :authenticate_user!
+
+  def show
+    super
+  end
+end

data/spec/dummy/app/controllers/students_controller.rb

@@ -0,0 +1,8 @@
+class StudentsController < ApplicationController
+  before_action :authenticate_user!
+
+  def index
+    @students = Student.all
+  end
+end
+

data/spec/dummy/app/models/admin/user.rb

@@ -1,13 +1,6 @@
 class Admin::User < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :token_authenticatable, :confirmable,
-  # :lockable, :timeoutable and :omniauthable
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable,
          :masqueradable
-
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
-  # attr_accessible :title, :body
 end
 

data/spec/dummy/app/models/student.rb

@@ -0,0 +1,3 @@
+class Student < ActiveRecord::Base
+  devise :database_authenticatable, :validatable, :masqueradable
+end

data/spec/dummy/app/models/user.rb

@@ -1,12 +1,3 @@
 class User < ActiveRecord::Base
-  # Include default devise modules. Others available are:
-  # :token_authenticatable, :confirmable,
-  # :lockable, :timeoutable and :omniauthable
-  devise :database_authenticatable, :registerable,
-         :recoverable, :rememberable, :trackable, :validatable,
-         :masqueradable
-
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
-  # attr_accessible :title, :body
+  devise :database_authenticatable, :validatable, :masqueradable
 end

data/spec/dummy/app/views/admin/dashboard/index.html.erb

@@ -1,3 +1 @@
-<h1>Users</h1>
-
 <%= render @users %>

data/spec/dummy/app/views/dashboard/extra_params.html.erb

@@ -0,0 +1,7 @@
+<% @users.each do |user| %>
+  <p>
+    <%= user.email %>
+
+    <%= link_to "Login as", masquerade_path(user, key1: 'value1'), class: 'login_as' %>
+  </p>
+<% end %>

data/spec/dummy/app/views/dashboard/index.html.erb

@@ -1,3 +1 @@
-<h1>Users</h1>
-
 <%= render @users %>

data/spec/dummy/app/views/layouts/application.html.erb

@@ -8,7 +8,13 @@
   </head>
   <body>
     <% if signed_in? %>
-      <h1 class='current_user'><%= current_user.email %></h1>
+      <% if user_signed_in? %>
+        <h1 class='current_user'><%= current_user.email %></h1>
+      <% end %>
+
+      <% if student_signed_in? %>
+        <h1 class='current_student'><%= current_student.email %></h1>
+      <% end %>
 
       <% if user_masquerade? %>
         <%= link_to "Back masquerade", back_masquerade_path(current_user) %>

data/spec/dummy/app/views/students/_student.html.erb

@@ -0,0 +1,6 @@
+<p>
+  <%= student.email %>
+
+  <%= link_to "Login as", masquerade_path(student), class: 'login_as' %>
+</p>
+

data/spec/dummy/app/views/students/index.html.erb

@@ -0,0 +1 @@
+<%= render @students %>

data/spec/dummy/app/views/users/_user.html.erb

@@ -1,6 +1,6 @@
 <p>
   <%= user.email %>
 
-  <%= link_to "Login as", masquerade_path(user) %>
+  <%= link_to "Login as", masquerade_path(user), class: 'login_as' %>
 </p>
 

data/spec/dummy/config/application.rb

@@ -16,6 +16,8 @@ module Dummy
     config.encoding = "utf-8"
 
     config.filter_parameters += [:password]
+
+    config.eager_load = false
   end
 end
 

data/spec/dummy/config/environment.rb

@@ -2,4 +2,5 @@
 require File.expand_path('../application', __FILE__)
 
 # Initialize the rails application
+#
 Dummy::Application.initialize!

data/spec/dummy/config/routes.rb

@@ -1,12 +1,16 @@
 Dummy::Application.routes.draw do
-  devise_for :users, controllers: { masquerades: "users/masquerades" }
-  devise_for :admin_users, :class_name => 'Admin::User'
+  devise_for :users, controllers: { masquerades: 'users/masquerades' }
+  devise_for :admin_users, class_name: Admin::User.name
+  devise_for :students, class_name: Student.name
 
-  root :to => 'dashboard#index'
+  root to: 'dashboard#index'
 
-  resources :masquerades
+  get '/extra_params', to: 'dashboard#extra_params'
+
+  resources :masquerades_tests
+  resources :students, only: :index
 
   namespace :admin do
-    root :to => 'dashboard#index'
+    root to: 'dashboard#index'
   end
 end

data/spec/dummy/db/.gitignore

@@ -0,0 +1 @@
+test.sqlite3*

data/spec/dummy/db/migrate/20121119085620_devise_create_users.rb

@@ -1,4 +1,4 @@
-class DeviseCreateUsers < ActiveRecord::Migration
+class DeviseCreateUsers < ActiveRecord::Migration[5.2]
   def change
     create_table(:users) do |t|
       ## Database authenticatable

data/spec/dummy/db/migrate/20140418160449_create_admin_users.rb

@@ -1,4 +1,4 @@
-class CreateAdminUsers < ActiveRecord::Migration
+class CreateAdminUsers < ActiveRecord::Migration[5.2]
   def change
     create_table(:admin_users) do |t|
       ## Database authenticatable

data/spec/dummy/db/migrate/20191022100000_create_students.rb

@@ -0,0 +1,14 @@
+class CreateStudents < ActiveRecord::Migration[5.2]
+  def change
+    create_table(:students) do |t|
+      t.string :email,              null: false, default: ''
+      t.string :encrypted_password, null: false, default: ''
+
+      t.timestamps
+    end
+
+    add_index :students, :email,                unique: true
+    add_index :students, :reset_password_token, unique: true
+  end
+end
+

data/spec/dummy/db/schema.rb

@@ -1,52 +1,58 @@
-# encoding: UTF-8
 # This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
 #
-# Note that this schema.rb definition is the authoritative source for your
-# database schema. If you need to create the application database on another
-# system, you should be using db:schema:load, not running all the migrations
-# from scratch. The latter is a flawed and unsustainable approach (the more migrations
-# you'll amass, the slower it'll run and the greater likelihood for issues).
+# This file is the source Rails uses to define your schema when running `rails
+# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
+# be faster and is potentially less error prone than running all of your
+# migrations from scratch. Old migrations may fail to apply correctly if those
+# migrations use external dependencies or application code.
 #
-# It's strongly recommended to check this file into your version control system.
+# It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20140418160449) do
+ActiveRecord::Schema.define(version: 2019_10_22_100000) do
 
-  create_table "admin_users", :force => true do |t|
-    t.string   "email",                  :default => "", :null => false
-    t.string   "encrypted_password",     :default => "", :null => false
-    t.string   "reset_password_token"
+  create_table "admin_users", force: :cascade do |t|
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
-    t.integer  "sign_in_count",          :default => 0
+    t.integer "sign_in_count", default: 0
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
-    t.string   "current_sign_in_ip"
-    t.string   "last_sign_in_ip"
-    t.datetime "created_at",                             :null => false
-    t.datetime "updated_at",                             :null => false
+    t.string "current_sign_in_ip"
+    t.string "last_sign_in_ip"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["email"], name: "index_admin_users_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_admin_users_on_reset_password_token", unique: true
   end
 
-  add_index "admin_users", ["email"], :name => "index_admin_users_on_email", :unique => true
-  add_index "admin_users", ["reset_password_token"], :name => "index_admin_users_on_reset_password_token", :unique => true
+  create_table "students", force: :cascade do |t|
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index "\"reset_password_token\"", name: "index_students_on_reset_password_token", unique: true
+    t.index ["email"], name: "index_students_on_email", unique: true
+  end
 
-  create_table "users", :force => true do |t|
-    t.string   "email",                  :default => "", :null => false
-    t.string   "encrypted_password",     :default => "", :null => false
-    t.string   "reset_password_token"
+  create_table "users", force: :cascade do |t|
+    t.string "email", default: "", null: false
+    t.string "encrypted_password", default: "", null: false
+    t.string "reset_password_token"
     t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
-    t.integer  "sign_in_count",          :default => 0
+    t.integer "sign_in_count", default: 0
     t.datetime "current_sign_in_at"
     t.datetime "last_sign_in_at"
-    t.string   "current_sign_in_ip"
-    t.string   "last_sign_in_ip"
-    t.datetime "created_at",                             :null => false
-    t.datetime "updated_at",                             :null => false
+    t.string "current_sign_in_ip"
+    t.string "last_sign_in_ip"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["email"], name: "index_users_on_email", unique: true
+    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end
 
-  add_index "users", ["email"], :name => "index_users_on_email", :unique => true
-  add_index "users", ["reset_password_token"], :name => "index_users_on_reset_password_token", :unique => true
-
 end

data/spec/models/user_spec.rb

@@ -3,37 +3,10 @@ require 'spec_helper'
 describe User do
   let!(:user) { create(:user) }
 
-  describe '#masquerade!' do
+  describe '#masquerade_key' do
     it 'should cache special key on masquerade' do
-      expect(SecureRandom).to receive(:urlsafe_base64).with(16) { "secure_key" }
-      user.masquerade!
-    end
-  end
-
-  describe '#remove_masquerade_key' do
-    before { allow(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
-
-    let(:key) { 'users:secure_key:masquerade' }
-
-    it 'should be possible to remove cached masquerade key' do
-      user.masquerade!
-      expect(Rails.cache.exist?(key)).to eq(true)
-
-      User.remove_masquerade_key!('secure_key')
-      expect(Rails.cache.exist?(key)).to eq(false)
-    end
-  end
-
-  describe '#find_by_masquerade_key' do
-    it 'should be possible to find user by generate masquerade key' do
-      user.masquerade!
-
-      allow(Rails.cache).to receive(:read).with("users:#{user.masquerade_key}:masquerade") { user.id }
-      allow(Rails.cache).to receive(:delete).with("users:#{user.masquerade_key}:masquerade")
-
-      new_user = User.find_by_masquerade_key(user.masquerade_key)
-
-      expect(new_user).to eq(user)
+      expect(user).to receive(:to_sgid).with(expires_in: 1.minute, for: 'masquerade') { "secure_key" }
+      user.masquerade_key
     end
   end
 end

data/spec/orm/active_record.rb

@@ -1,5 +1,8 @@
 ActiveRecord::Migration.verbose = false
 ActiveRecord::Base.logger = Logger.new(nil)
 
-ActiveRecord::Migrator.migrate(File.expand_path("../dummy/db/migrate/", __FILE__))
-
+ActiveRecord::MigrationContext.
+  new(
+    File.expand_path("../../dummy/db/migrate/", __FILE__),
+    ActiveRecord::Base.connection.schema_migration
+  ).migrate

data/spec/spec_helper.rb

@@ -6,7 +6,7 @@ require 'devise_masquerade'
 require File.expand_path("../dummy/config/environment.rb",  __FILE__)
 require 'rails/test_help'
 require 'rspec/rails'
-require 'factory_girl'
+require 'factory_bot'
 require 'database_cleaner'
 
 Rails.backtrace_cleaner.remove_silencers!
@@ -18,9 +18,9 @@ RSpec.configure do |config|
   require 'rspec/expectations'
   config.include RSpec::Matchers
 
-  config.include Devise::TestHelpers, :type => :controller
+  config.include Devise::Test::ControllerHelpers, :type => :controller
   config.include Warden::Test::Helpers
-  config.include FactoryGirl::Syntax::Methods
+  config.include FactoryBot::Syntax::Methods
   config.include Authentication
 
   config.raise_errors_for_deprecations!

data/spec/support/factories.rb

@@ -1,16 +1,20 @@
-FactoryGirl.define do
-  sequence(:email) { |i| "john#{i}@example.com" }
-
+FactoryBot.define do
   factory :user do
-    email
-    password 'password'
-    password_confirmation 'password'
+    sequence(:email) { |i| "user#{i}@example.com" }
+    password  { 'password' }
+    password_confirmation { 'password' }
   end
 
   factory :admin_user, :class => 'Admin::User' do
-    email
-    password 'password'
-    password_confirmation 'password'
+    sequence(:email) { |i| "admin#{i}@example.com" }
+    password  { 'password' }
+    password_confirmation { 'password' }
+  end
+
+  factory :student do
+    sequence(:email) { |i| "student#{i}@example.com" }
+    password  { 'password' }
+    password_confirmation { 'password' }
   end
 end