RubyGems - devise_masquerade - Versions diffs - 0.6.5 → 1.3.1 - Mend

devise_masquerade 0.6.5 → 1.3.1

Files changed (63) hide show

checksums.yaml +5 -5
data/.github/FUNDING.yml +1 -0
data/.github/workflows/brakeman-analysis.yml +44 -0
data/.github/workflows/rubocop-analysis.yml +39 -0
data/.gitignore +1 -2
data/.ruby-version +1 -1
data/.travis.yml +3 -4
data/Gemfile +16 -10
data/Gemfile.lock +307 -0
data/Makefile +6 -1
data/README.md +33 -1
data/app/controllers/devise/masquerades_controller.rb +75 -59
data/devise_masquerade.gemspec +5 -4
data/features/back.feature +0 -1
data/features/multiple_masquerading_models.feature +17 -0
data/features/step_definitions/auth_steps.rb +1 -0
data/features/step_definitions/back_steps.rb +18 -3
data/features/step_definitions/url_helpers_steps.rb +11 -0
data/features/support/env.rb +23 -4
data/features/url_helpers.feature +14 -0
data/lib/devise_masquerade.rb +3 -9
data/lib/devise_masquerade/controllers/helpers.rb +27 -8
data/lib/devise_masquerade/controllers/url_helpers.rb +16 -2
data/lib/devise_masquerade/models.rb +9 -0
data/lib/devise_masquerade/models/masqueradable.rb +13 -0
data/lib/devise_masquerade/rails.rb +14 -4
data/lib/devise_masquerade/routes.rb +11 -8
data/lib/devise_masquerade/version.rb +1 -1
data/spec/controllers/admin/dashboard_controller_spec.rb +3 -4
data/spec/controllers/dashboard_controller_spec.rb +3 -5
data/spec/controllers/devise/masquerades_controller_spec.rb +62 -38
data/spec/controllers/masquerades_tests_controller_spec.rb +41 -0
data/spec/dummy/app/controllers/admin/dashboard_controller.rb +1 -2
data/spec/dummy/app/controllers/application_controller.rb +2 -0
data/spec/dummy/app/controllers/dashboard_controller.rb +5 -2
data/spec/dummy/app/controllers/masquerades_tests_controller.rb +7 -0
data/spec/dummy/app/controllers/students_controller.rb +8 -0
data/spec/dummy/app/models/admin/user.rb +0 -7
data/spec/dummy/app/models/student.rb +3 -0
data/spec/dummy/app/models/user.rb +1 -10
data/spec/dummy/app/views/admin/dashboard/index.html.erb +0 -2
data/spec/dummy/app/views/dashboard/extra_params.html.erb +7 -0
data/spec/dummy/app/views/dashboard/index.html.erb +0 -2
data/spec/dummy/app/views/layouts/application.html.erb +7 -1
data/spec/dummy/app/views/students/_student.html.erb +6 -0
data/spec/dummy/app/views/students/index.html.erb +1 -0
data/spec/dummy/app/views/users/_user.html.erb +1 -1
data/spec/dummy/config/application.rb +2 -0
data/spec/dummy/config/environment.rb +1 -0
data/spec/dummy/config/routes.rb +9 -5
data/spec/dummy/db/.gitignore +1 -0
data/spec/dummy/db/migrate/20121119085620_devise_create_users.rb +1 -1
data/spec/dummy/db/migrate/20140418160449_create_admin_users.rb +1 -1
data/spec/dummy/db/migrate/20191022100000_create_students.rb +14 -0
data/spec/dummy/db/schema.rb +37 -31
data/spec/models/user_spec.rb +3 -30
data/spec/orm/active_record.rb +5 -2
data/spec/spec_helper.rb +3 -3
data/spec/support/factories.rb +13 -9
metadata +57 -19
data/lib/devise_masquerade/model.rb +0 -42
data/spec/controllers/masquerades_controller_spec.rb +0 -42
data/spec/dummy/app/controllers/masquerades_controller.rb +0 -5

data/Makefile CHANGED Viewed

@@ -1,6 +1,11 @@
+release:
+	bundle exec rake release
+.PHONY: release
 setup:
 	cd spec/dummy && \
-	RAILS_ENV=test rake db:setup
+	bundle exec rails db:environment:set RAILS_ENV=test && \
+	RAILS_ENV=test bundle exec rails db:setup
 .PHONY: setup
 rspec:

data/README.md CHANGED Viewed

@@ -33,18 +33,30 @@ In the view you can use url helper for defining link:
     = link_to "Login As", masquerade_path(user)
+`masquerade_path` would create specific `/masquerade` path with query params `masquerade`(key) and `masqueraded_resource_class` to know
+which model to choose to search and sign in by masquerade key.
 In the model you'll need to add the parameter :masqueradable to the existing comma separated values in the devise method:
 ```ruby
     devise :invitable, :confirmable, :database_authenticatable, :registerable, :masqueradable
 ```
-Add into your application_controller.rb:
+Add into your `application_controller.rb` if you want to have custom way on sign in by using masquerade token otherwise you can still
+use only `masquerade_path` in your view to generate temporary token and link to make `Login As`:
 ```ruby
     before_action :masquerade_user!
 ```
+or
+```ruby
+    before_action :masquerade!
+```
+`masquerade!` is generic way in case if you want to support multiple models on masquerade.
 Instead of user you can use your resource name admin, student or another names.
 If you want to back to the owner of masquerade action user you could use
@@ -109,6 +121,18 @@ In your view:
     end
 ```
+## Custom url redirect after finishing masquerade:
+```ruby
+    class Admin::MasqueradesController < Devise::MasqueradesController
+      protected
+      def after_back_masquerade_path_for(resource)
+        "/custom_url"
+      end
+    end
+```
 ## Overriding the finder
 For example, if you use FriendlyId:
@@ -155,6 +179,14 @@ in `routes.rb`:
 And check http://localhost:3000/, use for login user1@example.com and
 'password'
+## Troubleshooting
+Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Chances are that you need to enable caching:
+    rails dev:cache
+This is a one-time operation, so you can set it and forget it. Should you ever need to disable caching in development, you can re-run the command as required.
 ## Test project
     make test

data/app/controllers/devise/masquerades_controller.rb CHANGED Viewed

@@ -1,68 +1,43 @@
 class Devise::MasqueradesController < DeviseController
-  if respond_to?(:prepend_before_action)
-    prepend_before_action :authenticate_scope!, :masquerade_authorize!
-  else
-    prepend_before_filter :authenticate_scope!, :masquerade_authorize!
+  Devise.mappings.each do |name, _|
+    class_eval <<-METHODS, __FILE__, __LINE__ + 1
+      skip_before_action :masquerade_#{name}!, raise: false
+    METHODS
   end
+  skip_before_action :masquerade!, raise: false
-  if respond_to?(:before_action)
-    before_action :save_masquerade_owner_session, :only => :show
-  else
-    before_filter :save_masquerade_owner_session, :only => :show
-  end
+  prepend_before_action :authenticate_scope!, :masquerade_authorize!
-  if respond_to?(:after_action)
-    after_action :cleanup_masquerade_owner_session, :only => :back
-  else
-    after_filter :cleanup_masquerade_owner_session, :only => :back
-  end
+  before_action :save_masquerade_owner_session, only: :show
+  after_action :cleanup_masquerade_owner_session, only: :back
   def show
     self.resource = find_resource
-    unless self.resource
+    unless resource
       flash[:error] = "#{masqueraded_resource_class} not found."
       redirect_to(new_user_session_path) and return
     end
-    self.resource.masquerade!
-    request.env["devise.skip_trackable"] = "1"
+    request.env['devise.skip_trackable'] = '1'
-    masquerade_sign_in(self.resource)
+    masquerade_sign_in(resource)
-    if Devise.masquerade_routes_back && Rails::VERSION::MAJOR == 5
-      redirect_back(fallback_location: after_masquerade_full_path_for(resource))
-    elsif Devise.masquerade_routes_back && request.env['HTTP_REFERER'].present?
-      redirect_to :back
-    else
-      redirect_to(after_masquerade_full_path_for(resource))
-    end
+    go_back(resource, path: after_masquerade_full_path_for(resource))
   end
   def back
-    user_id = session[session_key]
-    owner_user = if user_id.present?
-                   masquerading_resource_class.to_adapter.find_first(:id => user_id)
-                 else
-                   send(:"current_#{masquerading_resource_name}")
-                 end
+    self.resource = find_owner_resource
-    if masquerading_resource_class != masqueraded_resource_class
+    if resource.class != masqueraded_resource_class
       sign_out(send("current_#{masqueraded_resource_name}"))
     end
-    masquerade_sign_in(owner_user)
-    request.env["devise.skip_trackable"] = nil
+    masquerade_sign_in(resource)
+    request.env['devise.skip_trackable'] = nil
-    if Devise.masquerade_routes_back && Rails::VERSION::MAJOR == 5
-      # If using the masquerade_routes_back and Rails 5
-      redirect_back(fallback_location: after_back_masquerade_path_for(owner_user))
-    elsif Devise.masquerade_routes_back && request.env['HTTP_REFERER'].present?
-      redirect_to :back
-    else
-      redirect_to after_back_masquerade_path_for(owner_user)
-    end
+    go_back(resource, path: after_back_masquerade_path_for(resource))
   end
   protected
@@ -76,13 +51,35 @@ class Devise::MasqueradesController < DeviseController
   end
   def find_resource
-    masqueraded_resource_class.to_adapter.find_first(:id => params[:id])
+    GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
+  end
+  def find_owner_resource
+    GlobalID::Locator.locate_signed(Rails.cache.read(session_key), for: 'masquerade')
+  end
+  def go_back(user, path:)
+    if Devise.masquerade_routes_back
+      redirect_back(fallback_location: path)
+    else
+      redirect_to path
+    end
   end
   private
   def masqueraded_resource_class
-    Devise.masqueraded_resource_class || resource_class
+    @masqueraded_resource_class ||= begin
+      unless params[:masqueraded_resource_class].blank?
+        params[:masqueraded_resource_class].constantize
+      else
+        unless session[session_key_masqueraded_resource_class].blank?
+          session[session_key_masquerading_resource_class].constantize
+        else
+          Devise.masqueraded_resource_class || resource_class
+        end
+      end
+    end
   end
   def masqueraded_resource_name
@@ -90,7 +87,17 @@ class Devise::MasqueradesController < DeviseController
   end
   def masquerading_resource_class
-    Devise.masquerading_resource_class || resource_class
+    @masquerading_resource_class ||= begin
+      unless params[:masquerading_resource_class].blank?
+        params[:masquerading_resource_class].constantize
+      else
+        unless session[session_key_masquerading_resource_class].blank?
+          session[session_key_masquerading_resource_class].constantize
+        else
+          Devise.masquerading_resource_class || resource_class
+        end
+      end
+    end
   end
   def masquerading_resource_name
@@ -98,23 +105,15 @@ class Devise::MasqueradesController < DeviseController
   end
   def authenticate_scope!
-    send(:"authenticate_#{masquerading_resource_name}!", :force => true)
+    send(:"authenticate_#{masquerading_resource_name}!", force: true)
   end
   def after_masquerade_path_for(resource)
-    "/"
+    '/'
   end
   def after_masquerade_full_path_for(resource)
-    if after_masquerade_path_for(resource) =~ /\?/
-      "#{after_masquerade_path_for(resource)}&#{after_masquerade_param_for(resource)}"
-    else
-      "#{after_masquerade_path_for(resource)}?#{after_masquerade_param_for(resource)}"
-    end
-  end
-  def after_masquerade_param_for(resource)
-    "#{Devise.masquerade_param}=#{resource.masquerade_key}"
+    after_masquerade_path_for(resource)
   end
   def after_back_masquerade_path_for(resource)
@@ -122,16 +121,33 @@ class Devise::MasqueradesController < DeviseController
   end
   def save_masquerade_owner_session
+    resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
+      expires_in: Devise.masquerade_expires_in, for: 'masquerade')
+    # skip sharing owner id via session
+    Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
     unless session.key?(session_key)
-      session[session_key] = send("current_#{masquerading_resource_name}").id
+      session[session_key_masquerading_resource_class] = masquerading_resource_class.name
+      session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
     end
   end
   def cleanup_masquerade_owner_session
-    session.delete(session_key)
+    Rails.cache.delete(session_key)
+    session.delete(session_key_masqueraded_resource_class)
+    session.delete(session_key_masquerading_resource_class)
   end
   def session_key
     "devise_masquerade_#{masqueraded_resource_name}".to_sym
   end
+  def session_key_masqueraded_resource_class
+    "devise_masquerade_masqueraded_resource_class"
+  end
+  def session_key_masquerading_resource_class
+    "devise_masquerade_masquerading_resource_class"
+  end
 end

data/devise_masquerade.gemspec CHANGED Viewed

@@ -11,7 +11,7 @@ Gem::Specification.new do |gem|
   gem.email         = ['alex.korsak@gmail.com']
   gem.description   = 'devise masquerade library'
   gem.summary       = 'use for login as functionallity on your admin users pages'
-  gem.homepage      = 'http://github.com/oivoodoo/devise_masquerade/'
+  gem.homepage      = 'http://github.com/oivoodoo/devise_masquerade'
   gem.files         = `git ls-files`.split($/)
   gem.executables   = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
@@ -20,8 +20,9 @@ Gem::Specification.new do |gem|
   gem.license = 'MIT'
-  gem.add_development_dependency('bundler', '>= 1.1.0')
+  gem.add_development_dependency('bundler', '>= 2.0.0')
-  gem.add_runtime_dependency('railties', '>= 3.0')
-  gem.add_runtime_dependency('devise', '>= 2.1.0')
+  gem.add_runtime_dependency('railties', '>= 5.2.0')
+  gem.add_runtime_dependency('devise', '>= 4.7.0')
+  gem.add_runtime_dependency('globalid', '>= 0.3.6')
 end

data/features/back.feature CHANGED Viewed

@@ -13,4 +13,3 @@ Feature: Use back button for returning to the owner of the masquerade action.
     When I press back masquerade button
       Then I should be login as owner user

data/features/multiple_masquerading_models.feature ADDED Viewed

@@ -0,0 +1,17 @@
+Feature: Use various models for masquerading
+  In order to use various models for masquerading
+  As an masquerade user
+  I want to be able to press press masquerade as link for different models
+  Scenario: Use masquerade button on student and user models
+    Given I logged in
+    And I have a user for masquerade
+    And I have a student for masquerade
+    When I am on the users page
+    And I login as one user
+      Then I should be login as this user
+    When I am on the students page
+    And I login as one student
+      Then I should be login as this student

data/features/step_definitions/auth_steps.rb CHANGED Viewed

@@ -8,3 +8,4 @@ Given /^I logged in$/ do
   click_on 'Log in'
 end

data/features/step_definitions/back_steps.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 Given /^I have a user for masquerade$/ do
-  @mask = create(:user)
+  @user_mask = create(:user)
 end
 When /^I am on the users page$/ do
@@ -7,11 +7,11 @@ When /^I am on the users page$/ do
 end
 When /^I login as one user$/ do
-  click_on "Login as"
+  find('.login_as').click
 end
 Then /^I should be login as this user$/ do
-  find('.current_user').should have_content(@mask.email)
+  find('.current_user').should have_content(@user_mask.email)
 end
 When /^I press back masquerade button$/ do
@@ -22,3 +22,18 @@ Then /^I should be login as owner user$/ do
   find('.current_user').should have_content(@user.email)
 end
+Given /^I have a student for masquerade$/ do
+  @student_mask = create(:student)
+end
+When /^I am on the students page$/ do
+  visit '/students'
+end
+When /^I login as one student$/ do
+  find('.login_as').click
+end
+Then /^I should be login as this student$/ do
+  find('.current_student').should have_content(@student_mask.email)
+end

data/features/step_definitions/url_helpers_steps.rb ADDED Viewed

@@ -0,0 +1,11 @@
+Then("I should see maquerade url") do
+  page.html.should include('href="/users/masquerade?masquerade=')
+end
+When("I am on the users page with extra params") do
+  visit '/extra_params'
+end
+Then("I should see maquerade url with extra params") do
+  page.html.should include('href="/users/masquerade?key1=value1&amp;masquerade=')
+end

data/features/support/env.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 require 'cucumber/rails'
-require 'factory_girl'
+require 'factory_bot'
 require 'database_cleaner'
 require 'cucumber/rspec/doubles'
@@ -9,9 +9,11 @@ ENV["RAILS_ENV"] = "test"
 Capybara.default_selector = :css
-ActionController::Base.allow_rescue = false
+ActiveSupport.on_load(:action_controller) do
+  self.allow_rescue = false
+end
-World(FactoryGirl::Syntax::Methods)
+World(FactoryBot::Syntax::Methods)
 begin
   DatabaseCleaner.strategy = :transaction
@@ -20,7 +22,24 @@ rescue NameError
 end
 Cucumber::Rails::Database.javascript_strategy = :truncation
-Capybara.javascript_driver = :webkit
+Capybara.register_driver :chrome do |app|
+  Capybara::Selenium::Driver.new(app, browser: :chrome)
+end
+Capybara.register_driver :headless_chrome do |app|
+  caps = Selenium::WebDriver::Remote::Capabilities.chrome(loggingPrefs: { browser: 'ALL' })
+  opts = Selenium::WebDriver::Chrome::Options.new
+  chrome_args = %w[--headless --window-size=1920,1080 --no-sandbox --disable-dev-shm-usage]
+  chrome_args.each { |arg| opts.add_argument(arg) }
+  Capybara::Selenium::Driver.new(app, browser: :chrome, options: opts, desired_capabilities: caps)
+end
+Capybara.configure do |config|
+  # change this to :chrome to observe tests in a real browser
+  config.javascript_driver = :headless_chrome
+end
 Before do
   allow_any_instance_of(DeviseController).to receive(:devise_mapping) { Devise.mappings[:user] }

data/features/url_helpers.feature ADDED Viewed

@@ -0,0 +1,14 @@
+Feature: Use masquerade path to generate routes on page
+  In order to have the way to render masquerade path
+  As an user
+  I want to be able to see the url and use it
+  Scenario: Use masquerade path helper
+    Given I logged in
+    And I have a user for masquerade
+    When I am on the users page
+      Then I should see maquerade url
+    When I am on the users page with extra params
+      Then I should see maquerade url with extra params