devise_masquerade 0.6.5 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 205c70db504c2947a36a81c7296d6482b195a2cf
-  data.tar.gz: 50dc3a8fc22efd8f4375a5368039da3533fdd865
+SHA256:
+  metadata.gz: 0d75ba6f4e3241b021e9ef1c838e9baf1322ec0c7731573dc1008dc8931d59e7
+  data.tar.gz: 3bb9c12ca5dbddd8b61f64f0394f659998e6cae2be67790df2224b91c1558862
 SHA512:
-  metadata.gz: 28b8161d8e6c3cf80d0dee9834abe5fc5cafa28b2361d5c331684a209bd68bee3eab26b94ee50cb30d80b6b44927110da396d6852f2aef655fabb451a02c8bf6
-  data.tar.gz: 03c22856e74195605aac5d585be63fa1dbf0cca6ff0fd200ea3f0fe1b9e4ad70b33b4bfd2581809c5966c43f26f7ab85987b4fceab0bc192258e28562578c65e
+  metadata.gz: 8683eca8761589df6e6349a19cddf6de9b6a7c2f90390a6d46701f6c2dd55acc964196406f35a8ad9ba67fa486787284ed62460768fe9feea85dacb612981197
+  data.tar.gz: 87ba78777ff2f926f247776bf14e21114f361711a3df95b42dc76c3352ff32c08822fdb82024179ed8d614fa54b30a6f82e38bc2d1cab6eea3a62db1d206f9ff

data/.github/FUNDING.yml

@@ -0,0 +1 @@
+patreon: oivoodoo

data/.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,44 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+# This section configures the trigger for the workflow. Feel free to customize depending on your convention
+on:
+  push:
+    branches: [ "master", "main" ]
+  pull_request:
+    branches: [ "master", "main" ]
+
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

data/.github/workflows/rubocop-analysis.yml

@@ -0,0 +1,39 @@
+name: "Rubocop"
+
+on: push
+
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # If running on a self-hosted runner, check it meets the requirements
+    # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+
+    # This step is not necessary if you add the gem to your Gemfile
+    - name: Install Code Scanning integration
+      run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
+
+    - name: Install dependencies
+      run: bundle install
+
+    - name: Rubocop run
+      run: |
+        bash -c "
+          bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
+          [[ $? -ne 2 ]]
+        "
+
+    - name: Upload Sarif output
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: rubocop.sarif

data/.gitignore

@@ -3,7 +3,6 @@
 .bundle
 .config
 .yardoc
-Gemfile.lock
 InstalledFiles
 _yardoc
 coverage
@@ -19,4 +18,4 @@ spec/dummy/db/*.sqlite3
 tmp
 tags
 .vimrc
-
+vendor/

data/.ruby-version

@@ -1 +1 @@
-2.3.3
+2.7.2

data/.travis.yml

@@ -1,13 +1,8 @@
 language: ruby
 rvm:
-  - 2.2.5
-  - 2.3.1
-  - 2.3.3
-gemfile:
-  - Gemfile
+  - 2.6.0
+  - 2.7.3
 script: time ./script/travis.sh
-cache: bundler
-sudo: false
 addons:
   apt:
     packages:

data/Gemfile

@@ -4,10 +4,10 @@ source 'https://rubygems.org'
 gemspec
 
 group :test do
-  gem 'activerecord', '~> 3.0'
-  gem 'actionmailer', '~> 3.0'
-  gem "bson_ext", "~> 1.3"
-  gem 'sqlite3'
+  gem 'activerecord', '>= 5.2'
+  gem 'actionmailer', '>= 5.2'
+  gem 'bson_ext', '~> 1.3'
+  gem 'sqlite3', '~> 1.4'
 
   gem 'test-unit'
 
@@ -15,21 +15,27 @@ group :test do
   gem 'pry-byebug'
 
   gem 'guard'
-  gem 'guard-rspec'
+  gem 'guard-rspec', '~> 4.7'
   gem 'guard-bundler'
   gem 'guard-cucumber'
 
-  gem 'rspec-rails'
-  gem 'rspec'
-  gem 'rspec-mocks'
+  gem 'rspec', github: 'rspec/rspec'
+  gem 'rspec-core', github: 'rspec/rspec-core'
+  gem 'rspec-expectations', github: 'rspec/rspec-expectations'
+  gem 'rspec-mocks', github: 'rspec/rspec-mocks'
+  gem 'rspec-rails', github: 'rspec/rspec-rails'
+  gem 'rspec-support', github: 'rspec/rspec-support'
 
   gem 'shoulda'
   gem 'rb-fsevent'
-  gem 'factory_girl_rails'
+  gem 'factory_bot_rails'
   gem 'database_cleaner', '< 1.1.0'
   gem 'cucumber'
   gem 'cucumber-rails'
   gem 'capybara'
-  gem 'capybara-webkit'
+  gem 'selenium-webdriver'
+  gem 'chromedriver-helper'
   gem 'launchy'
+
+  gem "nokogiri", ">= 1.10.8"
 end

data/Gemfile.lock

@@ -0,0 +1,310 @@
+GIT
+  remote: https://github.com/rspec/rspec-core.git
+  revision: b7067c5da4fde57cbbff739b168008482e61db44
+  specs:
+    rspec-core (3.10.0.pre)
+      rspec-support (= 3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec-expectations.git
+  revision: 99f9bcaff2a6f3d82f4e350e829eca6ab015694f
+  specs:
+    rspec-expectations (3.10.0.pre)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec-mocks.git
+  revision: 5b897e8f74f3059aef43f1ed5f91719f2267a04e
+  specs:
+    rspec-mocks (3.10.0.pre)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (= 3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec-rails.git
+  revision: 9b7ab39c027a8cb25e2ebe9e0e985756025b0549
+  specs:
+    rspec-rails (4.0.0.pre)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (= 3.10.0.pre)
+      rspec-expectations (= 3.10.0.pre)
+      rspec-mocks (= 3.10.0.pre)
+      rspec-support (= 3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec-support.git
+  revision: 673133cdd13b17077b3d88ece8d7380821f8d7dc
+  specs:
+    rspec-support (3.10.0.pre)
+
+GIT
+  remote: https://github.com/rspec/rspec.git
+  revision: e1c2c6bd78c849d7956431331f32ba5092951dab
+  specs:
+    rspec (3.10.0.pre)
+      rspec-core (= 3.10.0.pre)
+      rspec-expectations (= 3.10.0.pre)
+      rspec-mocks (= 3.10.0.pre)
+
+PATH
+  remote: .
+  specs:
+    devise_masquerade (2.1.0)
+      devise (>= 4.7.0)
+      globalid (>= 0.3.6)
+      railties (>= 5.2.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (6.0.0)
+      actionpack (= 6.0.0)
+      actionview (= 6.0.0)
+      activejob (= 6.0.0)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (6.0.0)
+      actionview (= 6.0.0)
+      activesupport (= 6.0.0)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (6.0.0)
+      activesupport (= 6.0.0)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.0)
+      activesupport (= 6.0.0)
+      globalid (>= 0.3.6)
+    activemodel (6.0.0)
+      activesupport (= 6.0.0)
+    activerecord (6.0.0)
+      activemodel (= 6.0.0)
+      activesupport (= 6.0.0)
+    activesupport (6.0.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+      zeitwerk (~> 2.1, >= 2.1.8)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    archive-zip (0.12.0)
+      io-like (~> 0.3.0)
+    backports (3.15.0)
+    bcrypt (3.1.18)
+    bson (1.12.5)
+    bson_ext (1.12.5)
+      bson (~> 1.12.5)
+    builder (3.2.3)
+    byebug (11.0.1)
+    capybara (3.37.1)
+      addressable
+      matrix
+      mini_mime (>= 0.1.3)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      regexp_parser (>= 1.5, < 3.0)
+      xpath (~> 3.2)
+    childprocess (3.0.0)
+    chromedriver-helper (2.1.1)
+      archive-zip (~> 0.10)
+      nokogiri (~> 1.8)
+    coderay (1.1.3)
+    concurrent-ruby (1.1.5)
+    crass (1.0.6)
+    cucumber (3.2.0)
+      builder (>= 2.1.2)
+      cucumber-core (~> 3.2.0)
+      cucumber-expressions (~> 6.0.1)
+      cucumber-wire (~> 0.0.1)
+      diff-lcs (~> 1.3)
+      gherkin (~> 5.1.0)
+      multi_json (>= 1.7.5, < 2.0)
+      multi_test (>= 0.1.2)
+    cucumber-core (3.2.1)
+      backports (>= 3.8.0)
+      cucumber-tag_expressions (~> 1.1.0)
+      gherkin (~> 5.0)
+    cucumber-expressions (6.0.1)
+    cucumber-rails (1.8.0)
+      capybara (>= 2.12, < 4)
+      cucumber (>= 3.0.2, < 4)
+      mime-types (>= 2.0, < 4)
+      nokogiri (~> 1.8)
+      railties (>= 4.2, < 7)
+    cucumber-tag_expressions (1.1.1)
+    cucumber-wire (0.0.1)
+    database_cleaner (1.0.1)
+    devise (4.8.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 4.1.0)
+      responders
+      warden (~> 1.2.3)
+    diff-lcs (1.5.0)
+    erubi (1.9.0)
+    factory_bot (5.1.1)
+      activesupport (>= 4.2.0)
+    factory_bot_rails (5.1.1)
+      factory_bot (~> 5.1.0)
+      railties (>= 4.2.0)
+    ffi (1.11.1)
+    formatador (0.2.5)
+    gherkin (5.1.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    guard (2.17.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-bundler (3.0.0)
+      bundler (>= 2.1, < 3)
+      guard (~> 2.2)
+      guard-compat (~> 1.1)
+    guard-compat (1.2.1)
+    guard-cucumber (1.5.4)
+      cucumber (>= 1.3.0)
+      guard-compat (~> 1.0)
+      nenv (~> 0.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    i18n (1.7.0)
+      concurrent-ruby (~> 1.0)
+    io-like (0.3.1)
+    launchy (2.4.3)
+      addressable (~> 2.3)
+    listen (3.7.1)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    loofah (2.19.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    lumberjack (1.0.13)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    matrix (0.4.2)
+    method_source (0.9.2)
+    mime-types (3.3)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2019.1009)
+    mini_mime (1.0.2)
+    mini_portile2 (2.8.0)
+    minitest (5.16.3)
+    multi_json (1.14.1)
+    multi_test (0.1.2)
+    nenv (0.3.0)
+    nokogiri (1.13.10)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    orm_adapter (0.5.0)
+    power_assert (1.1.5)
+    pry (0.12.2)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-byebug (3.8.0)
+      byebug (~> 11.0)
+      pry (~> 0.10)
+    public_suffix (4.0.6)
+    racc (1.6.1)
+    rack (2.2.3.1)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.4.4)
+      loofah (~> 2.19, >= 2.19.1)
+    railties (6.0.0)
+      actionpack (= 6.0.0)
+      activesupport (= 6.0.0)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.20.3, < 2.0)
+    rake (13.0.0)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.10.0)
+      ffi (~> 1.0)
+    regexp_parser (2.6.0)
+    responders (3.0.1)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
+    rubyzip (2.0.0)
+    selenium-webdriver (3.142.6)
+      childprocess (>= 0.5, < 4.0)
+      rubyzip (>= 1.2.2)
+    shellany (0.0.1)
+    shoulda (3.6.0)
+      shoulda-context (~> 1.0, >= 1.0.1)
+      shoulda-matchers (~> 3.0)
+    shoulda-context (1.2.2)
+    shoulda-matchers (3.1.3)
+      activesupport (>= 4.0.0)
+    sqlite3 (1.5.3)
+      mini_portile2 (~> 2.8.0)
+    test-unit (3.3.4)
+      power_assert
+    thor (0.20.3)
+    thread_safe (0.3.6)
+    tzinfo (1.2.10)
+      thread_safe (~> 0.1)
+    warden (1.2.9)
+      rack (>= 2.0.9)
+    xpath (3.2.0)
+      nokogiri (~> 1.8)
+    zeitwerk (2.6.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionmailer (>= 5.2)
+  activerecord (>= 5.2)
+  bson_ext (~> 1.3)
+  bundler (>= 2.0.0)
+  capybara
+  chromedriver-helper
+  cucumber
+  cucumber-rails
+  database_cleaner (< 1.1.0)
+  devise_masquerade!
+  factory_bot_rails
+  guard
+  guard-bundler
+  guard-cucumber
+  guard-rspec (~> 4.7)
+  launchy
+  nokogiri (>= 1.10.8)
+  pry
+  pry-byebug
+  rb-fsevent
+  rspec!
+  rspec-core!
+  rspec-expectations!
+  rspec-mocks!
+  rspec-rails!
+  rspec-support!
+  selenium-webdriver
+  shoulda
+  sqlite3 (~> 1.4)
+  test-unit
+
+BUNDLED WITH
+   2.1.4

data/Makefile

@@ -1,6 +1,11 @@
+release:
+	bundle exec rake release
+.PHONY: release
+
 setup:
 	cd spec/dummy && \
-	RAILS_ENV=test rake db:setup
+	bundle exec rails db:environment:set RAILS_ENV=test && \
+	RAILS_ENV=test bundle exec rails db:setup
 .PHONY: setup
 
 rspec:

data/README.md

@@ -1,14 +1,14 @@
 # Devise Masquerade
-[![Gitter](https://badges.gitter.im/Join Chat.svg)](https://gitter.im/oivoodoo/devise_masquerade?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade?ref=badge_shield)
 
-[![Build Status](https://secure.travis-ci.org/oivoodoo/devise_masquerade.png?branch=master)](https://travis-ci.org/oivoodoo/devise_masquerade)
+ [![Gitter chat](https://badges.gitter.im/oivoodoo/devise_masquerade.svg)](https://gitter.im/oivoodoo/devise_masquerade?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade?ref=badge_shield)
 
-[![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/oivoodoo/devise_masquerade)
+[![Build Status](https://secure.travis-ci.org/oivoodoo/devise_masquerade.svg?branch=master)](https://travis-ci.org/oivoodoo/devise_masquerade)
 
-[![endorse](https://api.coderwall.com/oivoodoo/endorsecount.png)](https://coderwall.com/oivoodoo)
+[![Maintainability](https://api.codeclimate.com/v1/badges/cf63d775dc014a7ebc03/maintainability)](https://codeclimate.com/github/oivoodoo/devise_masquerade/maintainability)
 
-[![Analytics](https://ga-beacon.appspot.com/UA-46818771-1/devise_masquerade/README.md)](https://github.com/oivoodoo/devise_masquerade)
+[Consulting](https://bitscorp.co)
 
 It's a utility library for enabling functionallity like login as button for
 admin.
@@ -31,7 +31,12 @@ And then execute:
 
 In the view you can use url helper for defining link:
 
+```ruby
     = link_to "Login As", masquerade_path(user)
+```
+
+`masquerade_path` would create specific `/masquerade` path with query params `masquerade`(key) and `masqueraded_resource_class` to know
+which model to choose to search and sign in by masquerade key.
 
 In the model you'll need to add the parameter :masqueradable to the existing comma separated values in the devise method:
 
@@ -39,20 +44,31 @@ In the model you'll need to add the parameter :masqueradable to the existing com
     devise :invitable, :confirmable, :database_authenticatable, :registerable, :masqueradable
 ```
 
-Add into your application_controller.rb:
+Add into your `application_controller.rb` if you want to have custom way on sign in by using masquerade token otherwise you can still
+use only `masquerade_path` in your view to generate temporary token and link to make `Login As`:
 
 ```ruby
     before_action :masquerade_user!
 ```
 
+or
+
+```ruby
+    before_action :masquerade!
+```
+
+`masquerade!` is generic way in case if you want to support multiple models on masquerade.
+
 Instead of user you can use your resource name admin, student or another names.
 
 If you want to back to the owner of masquerade action user you could use
 helpers:
 
+```ruby
     user_masquerade? # current user was masqueraded by owner?
 
     = link_to "Reverse masquerade", back_masquerade_path(current_user)
+```
 
 ## Custom controller for adding cancan for authorization
 
@@ -109,6 +125,18 @@ In your view:
     end
 ```
 
+## Custom url redirect after finishing masquerade:
+
+```ruby
+    class Admin::MasqueradesController < Devise::MasqueradesController
+      protected
+
+      def after_back_masquerade_path_for(resource)
+        "/custom_url"
+      end
+    end
+```
+
 ## Overriding the finder
 
 For example, if you use FriendlyId:
@@ -117,7 +145,7 @@ For example, if you use FriendlyId:
     class Admin::MasqueradesController < Devise::MasqueradesController
       protected
 
-      def find_resource
+      def find_masqueradable_resource
         masqueraded_resource_class.friendly.find(params[:id])
       end
     end
@@ -138,12 +166,21 @@ in `routes.rb`:
     Devise.masquerade_key_size = 16 # size of the generate by SecureRandom.urlsafe_base64
     Devise.masquerade_bypass_warden_callback = false
     Devise.masquerade_routes_back = false # if true, route back to the page the user was on via redirect_back
-    Devise.masquerading_resource_class = User
+    Devise.masquerading_resource_class = AdminUser
+    # optional: Devise.masquerading_resource_class_name = 'AdminUser'
+
     # optional, default: masquerading_resource_class.model_name.param_key
-    Devise.masquerading_resource_name = :user
-    Devise.masqueraded_resource_class = AdminUser
+    Devise.masquerading_resource_name = :admin_user
+
+    Devise.masqueraded_resource_class = User
+    # optional: Devise.masqueraded_resource_class_name = 'User'
+
     # optional, default: masqueraded_resource_class.model_name.param_key
-    Devise.masqueraded_resource_name = :admin_user
+    Devise.masqueraded_resource_name = :user
+
+    # optional, default: masquerade_storage_method = :session
+    # values: :session, :cache
+    Devise.masquerade_storage_method = :session
 ```
 
 ## Demo project
@@ -155,6 +192,14 @@ in `routes.rb`:
 And check http://localhost:3000/, use for login user1@example.com and
 'password'
 
+## Troubleshooting
+
+Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Do you find that your `user_masquerade?` method is always returning false? Chances are that you need to enable caching:
+
+    rails dev:cache
+
+This is a one-time operation, so you can set it and forget it. Should you ever need to disable caching in development, you can re-run the command as required.
+
 ## Test project
 
     make test