devise_masquerade 1.0.0 → 1.3.2

data/devise_masquerade.gemspec

@@ -24,5 +24,5 @@ Gem::Specification.new do |gem|
 
   gem.add_runtime_dependency('railties', '>= 5.2.0')
   gem.add_runtime_dependency('devise', '>= 4.7.0')
-  gem.add_runtime_dependency('zeitwerk', '>= 2.2.0')
+  gem.add_runtime_dependency('globalid', '>= 0.3.6')
 end

data/features/back.feature

@@ -13,4 +13,3 @@ Feature: Use back button for returning to the owner of the masquerade action.
 
     When I press back masquerade button
       Then I should be login as owner user
-

data/features/multiple_masquerading_models.feature

@@ -0,0 +1,17 @@
+Feature: Use various models for masquerading
+  In order to use various models for masquerading
+  As an masquerade user
+  I want to be able to press press masquerade as link for different models
+
+  Scenario: Use masquerade button on student and user models
+    Given I logged in
+    And I have a user for masquerade
+    And I have a student for masquerade
+
+    When I am on the users page
+    And I login as one user
+      Then I should be login as this user
+
+    When I am on the students page
+    And I login as one student
+      Then I should be login as this student

data/features/step_definitions/auth_steps.rb

@@ -8,3 +8,4 @@ Given /^I logged in$/ do
 
   click_on 'Log in'
 end
+

data/features/step_definitions/back_steps.rb

@@ -1,5 +1,5 @@
 Given /^I have a user for masquerade$/ do
-  @mask = create(:user)
+  @user_mask = create(:user)
 end
 
 When /^I am on the users page$/ do
@@ -7,11 +7,11 @@ When /^I am on the users page$/ do
 end
 
 When /^I login as one user$/ do
-  click_on "Login as"
+  find('.login_as').click
 end
 
 Then /^I should be login as this user$/ do
-  find('.current_user').should have_content(@mask.email)
+  find('.current_user').should have_content(@user_mask.email)
 end
 
 When /^I press back masquerade button$/ do
@@ -22,3 +22,18 @@ Then /^I should be login as owner user$/ do
   find('.current_user').should have_content(@user.email)
 end
 
+Given /^I have a student for masquerade$/ do
+  @student_mask = create(:student)
+end
+
+When /^I am on the students page$/ do
+  visit '/students'
+end
+
+When /^I login as one student$/ do
+  find('.login_as').click
+end
+
+Then /^I should be login as this student$/ do
+  find('.current_student').should have_content(@student_mask.email)
+end

data/features/step_definitions/url_helpers_steps.rb

@@ -0,0 +1,11 @@
+Then("I should see maquerade url") do
+  page.html.should include('href="/users/masquerade?masquerade=')
+end
+
+When("I am on the users page with extra params") do
+  visit '/extra_params'
+end
+
+Then("I should see maquerade url with extra params") do
+  page.html.should include('href="/users/masquerade?key1=value1&masquerade=')
+end

data/features/url_helpers.feature

@@ -0,0 +1,14 @@
+Feature: Use masquerade path to generate routes on page
+  In order to have the way to render masquerade path
+  As an user
+  I want to be able to see the url and use it
+
+  Scenario: Use masquerade path helper
+    Given I logged in
+    And I have a user for masquerade
+
+    When I am on the users page
+      Then I should see maquerade url
+
+    When I am on the users page with extra params
+      Then I should see maquerade url with extra params

data/lib/devise_masquerade.rb

@@ -1,8 +1,8 @@
-require 'zeitwerk'
-loader = Zeitwerk::Loader.for_gem
-loader.setup # ready!
-
 require 'devise'
+require 'devise_masquerade/version'
+require 'devise_masquerade/routes'
+require 'devise_masquerade/controllers/helpers'
+require 'devise_masquerade/controllers/url_helpers'
 require 'devise_masquerade/rails'
 
 module Devise
@@ -10,7 +10,7 @@ module Devise
   @@masquerade_param = 'masquerade'
 
   mattr_accessor :masquerade_expires_in
-  @@masquerade_expires_in = 10.seconds
+  @@masquerade_expires_in = 1.minute
 
   mattr_accessor :masquerade_key_size
   @@masquerade_key_size = 16

data/lib/devise_masquerade/controllers/helpers.rb

@@ -6,23 +6,44 @@ module DeviseMasquerade
         class_name = mapping.class_name
 
         class_eval <<-METHODS, __FILE__, __LINE__ + 1
+          def masquerade!
+            return if params["#{Devise.masquerade_param}"].blank?
+
+            klass = unless params[:masqueraded_resource_class].blank?
+              params[:masqueraded_resource_class].constantize
+            else
+              if Devise.masqueraded_resource_class
+                Devise.masqueraded_resource_class
+              elsif defined?(User)
+                User
+              end
+            end
+            return unless klass
+
+            resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
+
+            if resource
+              masquerade_sign_in(resource)
+            end
+          end
+
           def masquerade_#{name}!
             return if params["#{Devise.masquerade_param}"].blank?
 
-            #{name} = ::#{class_name}.find_by_masquerade_key(params["#{Devise.masquerade_param}"])
+            resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
 
-            if #{name}
-              masquerade_sign_in(#{name})
+            if resource
+              masquerade_sign_in(resource)
             end
           end
 
           def #{name}_masquerade?
-            session[:"devise_masquerade_#{name}"].present?
+            ::Rails.cache.exist?(:"devise_masquerade_#{name}").present?
           end
 
           def #{name}_masquerade_owner
             return nil unless send(:#{name}_masquerade?)
-            ::#{class_name}.to_adapter.find_first(:id => session[:"devise_masquerade_#{name}"])
+            GlobalID::Locator.locate_signed(Rails.cache.read(:"devise_masquerade_#{name}"), for: 'masquerade')
           end
 
           private
@@ -32,7 +53,7 @@ module DeviseMasquerade
               if respond_to?(:bypass_sign_in)
                 bypass_sign_in(resource)
               else
-                sign_in(resource, :bypass => true)
+                sign_in(resource, bypass: true)
               end
             else
               sign_in(resource)

data/lib/devise_masquerade/controllers/url_helpers.rb

@@ -1,15 +1,27 @@
+require 'securerandom'
+
 module DeviseMasquerade
   module Controllers
 
     module UrlHelpers
       def masquerade_path(resource, *args)
         scope = Devise::Mapping.find_scope!(resource)
-        send("#{scope}_masquerade_path", resource, *args)
+
+        opts = args.shift || {}
+        opts.merge!(masqueraded_resource_class: resource.class.name)
+
+        opts.merge!(Devise.masquerade_param => resource.masquerade_key)
+
+        send("#{scope}_masquerade_index_path", opts, *args)
       end
 
       def back_masquerade_path(resource, *args)
         scope = Devise::Mapping.find_scope!(resource)
-        send("back_#{scope}_masquerade_index_path", *args)
+
+        opts = args.first || {}
+        opts.merge!(masqueraded_resource_class: resource.class.name)
+
+        send("back_#{scope}_masquerade_index_path", opts, *args)
       end
     end
 

data/lib/devise_masquerade/models/masqueradable.rb

@@ -4,35 +4,10 @@ module DeviseMasquerade
       extend ActiveSupport::Concern
 
       included do
-        attr_reader :masquerade_key
-
-        def masquerade!
-          @masquerade_key = SecureRandom.urlsafe_base64(
-            Devise.masquerade_key_size)
-          cache_key = self.class.cache_masquerade_key_by(@masquerade_key)
-          ::Rails.cache.write(
-            cache_key, id, expires_in: Devise.masquerade_expires_in)
+        def masquerade_key
+          to_sgid(expires_in: Devise.masquerade_expires_in, for: 'masquerade')
         end
       end
-
-      module ClassMethods
-        def cache_masquerade_key_by(key)
-          "#{self.name.pluralize.underscore}:#{key}:masquerade"
-        end
-
-        def remove_masquerade_key!(key)
-          ::Rails.cache.delete(cache_masquerade_key_by(key))
-        end
-
-        def find_by_masquerade_key(key)
-          id = ::Rails.cache.read(cache_masquerade_key_by(key))
-
-          # clean up the cached masquerade key value
-          remove_masquerade_key!(key)
-
-          where(id: id).first
-        end
-      end # ClassMethods
     end
   end
 end

data/lib/devise_masquerade/rails.rb

@@ -1,17 +1,15 @@
-require 'devise_masquerade/routes'
-require 'devise_masquerade/models'
+# frozen_string_literal: true
 
 module DeviseMasquerade
   module Rails
 
     class Engine < ::Rails::Engine
-      ActiveSupport.on_load(:action_controller) do
-        include DeviseMasquerade::Controllers::Helpers
-        include DeviseMasquerade::Controllers::UrlHelpers
+      initializer "devise.url_helpers" do
+        Devise.include_helpers(DeviseMasquerade::Controllers)
       end
 
-      ActiveSupport.on_load(:action_view) do
-        include DeviseMasquerade::Controllers::UrlHelpers
+      ActiveSupport.on_load(:action_controller) do
+        include DeviseMasquerade::Controllers::Helpers
       end
     end
 

data/lib/devise_masquerade/routes.rb

@@ -3,11 +3,12 @@ module DeviseMasquerade
 
     def devise_masquerade(mapping, controllers)
       resources :masquerade,
-        only: :show,
         path: mapping.path_names[:masquerade],
-        controller: controllers[:masquerades] do
+        controller: controllers[:masquerades],
+        only: [] do
 
         collection do
+          get :show
           get :back
         end
       end

data/lib/devise_masquerade/version.rb

@@ -1,3 +1,3 @@
 module DeviseMasquerade
-  VERSION = '1.0.0'.freeze
+  VERSION = '1.3.2'.freeze
 end

data/spec/controllers/admin/dashboard_controller_spec.rb

@@ -5,14 +5,13 @@ describe Admin::DashboardController, type: :controller do
     before { admin_logged_in }
 
     context 'and admin masquerade by user' do
-      let!(:user) { create(:admin_user) }
+      let!(:mask) { create(:admin_user) }
 
       before do
-        user.masquerade!
-        get :index, params: { masquerade: user.masquerade_key }
+        get :index, params: { masquerade: mask.masquerade_key, masqueraded_resource_class: 'Admin::User' }
       end
 
-      it { expect(current_admin_user.reload).to eq(user) }
+      it { expect(current_admin_user.reload).to eq(mask) }
     end
   end
 end

data/spec/controllers/dashboard_controller_spec.rb

@@ -5,15 +5,13 @@ describe DashboardController, type: :controller do
     before { logged_in }
 
     context 'and admin masquerade by user' do
-      let!(:user) { create(:user) }
+      let!(:mask) { create(:user) }
 
       before do
-        user.masquerade!
-
-        get :index, params: { masquerade: user.masquerade_key }
+        get :index, params: { masquerade: mask.masquerade_key }
       end
 
-      it { expect(current_user.reload).to eq(user) }
+      it { expect(current_user.reload).to eq(mask) }
     end
   end
 end

data/spec/controllers/devise/masquerades_controller_spec.rb

@@ -7,72 +7,93 @@ describe Devise::MasqueradesController, type: :controller do
     context 'when logged in' do
       before { logged_in }
 
+      context 'with masqueradable_class param' do
+        let(:mask) { create(:student) }
+
+        before do
+          get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
+        end
+
+        it { expect(Rails.cache.read('devise_masquerade_student')).to be }
+
+        it 'should have warden keys defined' do
+          expect(session["warden.user.student.key"].first.first).to eq(mask.id)
+        end
+
+        it { should redirect_to('/') }
+      end
+
       describe '#masquerade user' do
         let(:mask) { create(:user) }
 
         before do
-          expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" }
-          get :show, params: { id: mask.to_param }
+          get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
         end
 
-        it { expect(session.keys).to include('devise_masquerade_user') }
+        it { expect(Rails.cache.read('devise_masquerade_user')).to be }
         it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
-        it { should redirect_to("/?masquerade=secure_key") }
+        it { should redirect_to('/') }
 
         context 'and back' do
           before { get :back }
 
           it { should redirect_to(masquerade_page) }
           it { expect(current_user.reload).to eq(@user) }
-          it { expect(session.keys).not_to include('devise_masquerade_user') }
+          it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
         end
+      end
 
-        # Configure masquerade_routes_back setting
-        describe 'config#masquerade_routes_back' do
-          before { Devise.setup { |c| c.masquerade_routes_back = true } }
+      # Configure masquerade_routes_back setting
+      describe 'config#masquerade_routes_back' do
+        let(:mask) { create(:user) }
 
-          after { Devise.masquerade_routes_back = false }
+        before { Devise.setup { |c| c.masquerade_routes_back = true } }
 
-          context 'show' do
-            before { expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
+        after { Devise.masquerade_routes_back = false }
 
-            context 'with http referrer' do
-              before do
-                @request.env['HTTP_REFERER'] = 'previous_location'
-                get :show, params: { id: mask.to_param }
-              end # before
+        context 'show' do
+          context 'with http referrer' do
+            before do
+              @request.env['HTTP_REFERER'] = 'previous_location'
+              get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
+            end # before
 
-              it { should redirect_to('previous_location') }
-            end # context
+            it { should redirect_to('previous_location') }
+          end # context
 
-            context 'no http referrer' do
-              before do
-                allow_any_instance_of(described_class).to(
-                  receive(:after_masquerade_path_for).and_return("/dashboard?color=red"))
-              end
+          context 'no http referrer' do
+            before do
+              allow_any_instance_of(described_class).to(
+                receive(:after_masquerade_path_for).and_return("/dashboard?color=red"))
+            end
 
-              before { get :show, params: { id: mask.to_param } }
+            before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
 
-              it { should redirect_to("/dashboard?color=red&masquerade=secure_key") }
-            end # context
+            it { should redirect_to("/dashboard?color=red") }
           end # context
+        end # context
 
-          context '< Rails 5, and back' do
-            before { get :back }
+        context 'and back' do
+          before do
+            get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
 
-            it { should redirect_to(masquerade_page) }
-          end # context
+            get :back
+          end
 
-          context '< Rails 5, and back fallback if http_referer not present' do
-            before do
-              @request.env['HTTP_REFERER'] = 'previous_location'
-              get :back
-            end
+          it { should redirect_to(masquerade_page) }
+        end # context
 
-            it { should redirect_to('previous_location') }
-          end # context
-        end # describe
-      end
+        context 'and back fallback if http_referer not present' do
+          before do
+            get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
+
+            @request.env['HTTP_REFERER'] = 'previous_location'
+            get :back
+          end
+
+          it { should redirect_to('previous_location') }
+        end # context
+      end # describe
     end
 
     context 'when not logged in' do