devise_masquerade 1.0.0 → 1.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +1 -0
- data/.github/workflows/brakeman-analysis.yml +44 -0
- data/.github/workflows/rubocop-analysis.yml +39 -0
- data/.ruby-version +1 -1
- data/.travis.yml +1 -0
- data/Gemfile +4 -2
- data/Gemfile.lock +31 -18
- data/README.md +21 -1
- data/app/controllers/devise/masquerades_controller.rb +66 -24
- data/devise_masquerade.gemspec +1 -1
- data/features/back.feature +0 -1
- data/features/multiple_masquerading_models.feature +17 -0
- data/features/step_definitions/auth_steps.rb +1 -0
- data/features/step_definitions/back_steps.rb +18 -3
- data/features/step_definitions/url_helpers_steps.rb +11 -0
- data/features/url_helpers.feature +14 -0
- data/lib/devise_masquerade.rb +5 -5
- data/lib/devise_masquerade/controllers/helpers.rb +27 -6
- data/lib/devise_masquerade/controllers/url_helpers.rb +14 -2
- data/lib/devise_masquerade/models/masqueradable.rb +2 -27
- data/lib/devise_masquerade/rails.rb +5 -7
- data/lib/devise_masquerade/routes.rb +3 -2
- data/lib/devise_masquerade/version.rb +1 -1
- data/spec/controllers/admin/dashboard_controller_spec.rb +3 -4
- data/spec/controllers/dashboard_controller_spec.rb +3 -5
- data/spec/controllers/devise/masquerades_controller_spec.rb +60 -39
- data/spec/controllers/masquerades_tests_controller_spec.rb +41 -0
- data/spec/dummy/app/controllers/admin/dashboard_controller.rb +0 -1
- data/spec/dummy/app/controllers/application_controller.rb +2 -0
- data/spec/dummy/app/controllers/dashboard_controller.rb +4 -1
- data/spec/dummy/app/controllers/masquerades_tests_controller.rb +7 -0
- data/spec/dummy/app/controllers/students_controller.rb +8 -0
- data/spec/dummy/app/models/student.rb +3 -0
- data/spec/dummy/app/views/admin/dashboard/index.html.erb +0 -2
- data/spec/dummy/app/views/dashboard/extra_params.html.erb +7 -0
- data/spec/dummy/app/views/dashboard/index.html.erb +0 -2
- data/spec/dummy/app/views/layouts/application.html.erb +8 -2
- data/spec/dummy/app/views/students/_student.html.erb +6 -0
- data/spec/dummy/app/views/students/index.html.erb +1 -0
- data/spec/dummy/app/views/users/_user.html.erb +1 -1
- data/spec/dummy/config/routes.rb +9 -5
- data/spec/dummy/db/migrate/20191022100000_create_students.rb +14 -0
- data/spec/dummy/db/schema.rb +10 -1
- data/spec/models/user_spec.rb +3 -30
- data/spec/support/factories.rb +8 -4
- metadata +34 -13
- data/spec/controllers/masquerades_controller_spec.rb +0 -42
- data/spec/dummy/app/controllers/masquerades_controller.rb +0 -5
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
describe MasqueradesTestsController, type: :controller do
|
|
4
|
+
before { @request.env['devise.mapping'] = Devise.mappings[:user] }
|
|
5
|
+
|
|
6
|
+
context 'no access for masquerade' do
|
|
7
|
+
before do
|
|
8
|
+
session.clear
|
|
9
|
+
allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { false }
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
before { logged_in }
|
|
13
|
+
|
|
14
|
+
let(:mask) { create(:user) }
|
|
15
|
+
|
|
16
|
+
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
|
17
|
+
|
|
18
|
+
it { expect(response.status).to eq(403) }
|
|
19
|
+
it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
|
|
20
|
+
it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
context 'access for masquerade' do
|
|
24
|
+
before do
|
|
25
|
+
session.clear
|
|
26
|
+
allow_any_instance_of(MasqueradesTestsController).to receive(:masquerade_authorized?) { true }
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
before { logged_in }
|
|
30
|
+
|
|
31
|
+
let(:mask) { create(:user) }
|
|
32
|
+
|
|
33
|
+
before do
|
|
34
|
+
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
it { expect(response.status).to eq(302) }
|
|
38
|
+
it { expect(Rails.cache.read('devise_masquerade_user')).to be }
|
|
39
|
+
it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
|
|
40
|
+
end
|
|
41
|
+
end
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
class DashboardController < ApplicationController
|
|
2
2
|
before_action :authenticate_user!
|
|
3
|
-
before_action :masquerade_user!
|
|
4
3
|
|
|
5
4
|
def index
|
|
6
5
|
@users = User.where("users.id != ?", current_user.id).all
|
|
7
6
|
end
|
|
7
|
+
|
|
8
|
+
def extra_params
|
|
9
|
+
@users = User.where("users.id != ?", current_user.id).all
|
|
10
|
+
end
|
|
8
11
|
end
|
|
9
12
|
|
|
@@ -8,10 +8,16 @@
|
|
|
8
8
|
</head>
|
|
9
9
|
<body>
|
|
10
10
|
<% if signed_in? %>
|
|
11
|
-
|
|
11
|
+
<% if user_signed_in? %>
|
|
12
|
+
<h1 class='current_user'><%= current_user.email %></h1>
|
|
13
|
+
<% end %>
|
|
14
|
+
|
|
15
|
+
<% if student_signed_in? %>
|
|
16
|
+
<h1 class='current_student'><%= current_student.email %></h1>
|
|
17
|
+
<% end %>
|
|
12
18
|
|
|
13
19
|
<% if user_masquerade? %>
|
|
14
|
-
<%= link_to "Back masquerade", back_masquerade_path(
|
|
20
|
+
<%= link_to "Back masquerade", back_masquerade_path(User.new) %>
|
|
15
21
|
<% end %>
|
|
16
22
|
<% end %>
|
|
17
23
|
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<%= render @students %>
|
data/spec/dummy/config/routes.rb
CHANGED
|
@@ -1,12 +1,16 @@
|
|
|
1
1
|
Dummy::Application.routes.draw do
|
|
2
|
-
devise_for :users, controllers: { masquerades:
|
|
3
|
-
devise_for :admin_users, :
|
|
2
|
+
devise_for :users, controllers: { masquerades: 'users/masquerades' }
|
|
3
|
+
devise_for :admin_users, class_name: Admin::User.name
|
|
4
|
+
devise_for :students, class_name: Student.name
|
|
4
5
|
|
|
5
|
-
root :
|
|
6
|
+
root to: 'dashboard#index'
|
|
6
7
|
|
|
7
|
-
|
|
8
|
+
get '/extra_params', to: 'dashboard#extra_params'
|
|
9
|
+
|
|
10
|
+
resources :masquerades_tests
|
|
11
|
+
resources :students, only: :index
|
|
8
12
|
|
|
9
13
|
namespace :admin do
|
|
10
|
-
root :
|
|
14
|
+
root to: 'dashboard#index'
|
|
11
15
|
end
|
|
12
16
|
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
class CreateStudents < ActiveRecord::Migration[5.2]
|
|
2
|
+
def change
|
|
3
|
+
create_table(:students) do |t|
|
|
4
|
+
t.string :email, null: false, default: ''
|
|
5
|
+
t.string :encrypted_password, null: false, default: ''
|
|
6
|
+
|
|
7
|
+
t.timestamps
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
add_index :students, :email, unique: true
|
|
11
|
+
add_index :students, :reset_password_token, unique: true
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
data/spec/dummy/db/schema.rb
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
#
|
|
11
11
|
# It's strongly recommended that you check this file into your version control system.
|
|
12
12
|
|
|
13
|
-
ActiveRecord::Schema.define(version:
|
|
13
|
+
ActiveRecord::Schema.define(version: 2019_10_22_100000) do
|
|
14
14
|
|
|
15
15
|
create_table "admin_users", force: :cascade do |t|
|
|
16
16
|
t.string "email", default: "", null: false
|
|
@@ -29,6 +29,15 @@ ActiveRecord::Schema.define(version: 2014_04_18_160449) do
|
|
|
29
29
|
t.index ["reset_password_token"], name: "index_admin_users_on_reset_password_token", unique: true
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
+
create_table "students", force: :cascade do |t|
|
|
33
|
+
t.string "email", default: "", null: false
|
|
34
|
+
t.string "encrypted_password", default: "", null: false
|
|
35
|
+
t.datetime "created_at", null: false
|
|
36
|
+
t.datetime "updated_at", null: false
|
|
37
|
+
t.index "\"reset_password_token\"", name: "index_students_on_reset_password_token", unique: true
|
|
38
|
+
t.index ["email"], name: "index_students_on_email", unique: true
|
|
39
|
+
end
|
|
40
|
+
|
|
32
41
|
create_table "users", force: :cascade do |t|
|
|
33
42
|
t.string "email", default: "", null: false
|
|
34
43
|
t.string "encrypted_password", default: "", null: false
|
data/spec/models/user_spec.rb
CHANGED
|
@@ -3,37 +3,10 @@ require 'spec_helper'
|
|
|
3
3
|
describe User do
|
|
4
4
|
let!(:user) { create(:user) }
|
|
5
5
|
|
|
6
|
-
describe '#
|
|
6
|
+
describe '#masquerade_key' do
|
|
7
7
|
it 'should cache special key on masquerade' do
|
|
8
|
-
expect(
|
|
9
|
-
user.
|
|
10
|
-
end
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
describe '#remove_masquerade_key' do
|
|
14
|
-
before { allow(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
|
|
15
|
-
|
|
16
|
-
let(:key) { 'users:secure_key:masquerade' }
|
|
17
|
-
|
|
18
|
-
it 'should be possible to remove cached masquerade key' do
|
|
19
|
-
user.masquerade!
|
|
20
|
-
expect(Rails.cache.exist?(key)).to eq(true)
|
|
21
|
-
|
|
22
|
-
User.remove_masquerade_key!('secure_key')
|
|
23
|
-
expect(Rails.cache.exist?(key)).to eq(false)
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
describe '#find_by_masquerade_key' do
|
|
28
|
-
it 'should be possible to find user by generate masquerade key' do
|
|
29
|
-
user.masquerade!
|
|
30
|
-
|
|
31
|
-
allow(Rails.cache).to receive(:read).with("users:#{user.masquerade_key}:masquerade") { user.id }
|
|
32
|
-
allow(Rails.cache).to receive(:delete).with("users:#{user.masquerade_key}:masquerade")
|
|
33
|
-
|
|
34
|
-
new_user = User.find_by_masquerade_key(user.masquerade_key)
|
|
35
|
-
|
|
36
|
-
expect(new_user).to eq(user)
|
|
8
|
+
expect(user).to receive(:to_sgid).with(expires_in: 1.minute, for: 'masquerade') { "secure_key" }
|
|
9
|
+
user.masquerade_key
|
|
37
10
|
end
|
|
38
11
|
end
|
|
39
12
|
end
|
data/spec/support/factories.rb
CHANGED
|
@@ -1,14 +1,18 @@
|
|
|
1
1
|
FactoryBot.define do
|
|
2
|
-
sequence(:email) { |i| "john#{i}@example.com" }
|
|
3
|
-
|
|
4
2
|
factory :user do
|
|
5
|
-
email
|
|
3
|
+
sequence(:email) { |i| "user#{i}@example.com" }
|
|
6
4
|
password { 'password' }
|
|
7
5
|
password_confirmation { 'password' }
|
|
8
6
|
end
|
|
9
7
|
|
|
10
8
|
factory :admin_user, :class => 'Admin::User' do
|
|
11
|
-
email
|
|
9
|
+
sequence(:email) { |i| "admin#{i}@example.com" }
|
|
10
|
+
password { 'password' }
|
|
11
|
+
password_confirmation { 'password' }
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
factory :student do
|
|
15
|
+
sequence(:email) { |i| "student#{i}@example.com" }
|
|
12
16
|
password { 'password' }
|
|
13
17
|
password_confirmation { 'password' }
|
|
14
18
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_masquerade
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandr Korsak
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-02-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -53,19 +53,19 @@ dependencies:
|
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: 4.7.0
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
56
|
+
name: globalid
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
59
|
- - ">="
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 0.3.6
|
|
62
62
|
type: :runtime
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
66
|
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 0.3.6
|
|
69
69
|
description: devise masquerade library
|
|
70
70
|
email:
|
|
71
71
|
- alex.korsak@gmail.com
|
|
@@ -73,6 +73,9 @@ executables: []
|
|
|
73
73
|
extensions: []
|
|
74
74
|
extra_rdoc_files: []
|
|
75
75
|
files:
|
|
76
|
+
- ".github/FUNDING.yml"
|
|
77
|
+
- ".github/workflows/brakeman-analysis.yml"
|
|
78
|
+
- ".github/workflows/rubocop-analysis.yml"
|
|
76
79
|
- ".gitignore"
|
|
77
80
|
- ".rspec"
|
|
78
81
|
- ".ruby-version"
|
|
@@ -89,9 +92,12 @@ files:
|
|
|
89
92
|
- config/environment.rb
|
|
90
93
|
- devise_masquerade.gemspec
|
|
91
94
|
- features/back.feature
|
|
95
|
+
- features/multiple_masquerading_models.feature
|
|
92
96
|
- features/step_definitions/auth_steps.rb
|
|
93
97
|
- features/step_definitions/back_steps.rb
|
|
98
|
+
- features/step_definitions/url_helpers_steps.rb
|
|
94
99
|
- features/support/env.rb
|
|
100
|
+
- features/url_helpers.feature
|
|
95
101
|
- lib/devise_masquerade.rb
|
|
96
102
|
- lib/devise_masquerade/controllers/helpers.rb
|
|
97
103
|
- lib/devise_masquerade/controllers/url_helpers.rb
|
|
@@ -104,20 +110,25 @@ files:
|
|
|
104
110
|
- spec/controllers/admin/dashboard_controller_spec.rb
|
|
105
111
|
- spec/controllers/dashboard_controller_spec.rb
|
|
106
112
|
- spec/controllers/devise/masquerades_controller_spec.rb
|
|
107
|
-
- spec/controllers/
|
|
113
|
+
- spec/controllers/masquerades_tests_controller_spec.rb
|
|
108
114
|
- spec/dummy/Rakefile
|
|
109
115
|
- spec/dummy/app/controllers/admin/dashboard_controller.rb
|
|
110
116
|
- spec/dummy/app/controllers/application_controller.rb
|
|
111
117
|
- spec/dummy/app/controllers/dashboard_controller.rb
|
|
112
|
-
- spec/dummy/app/controllers/
|
|
118
|
+
- spec/dummy/app/controllers/masquerades_tests_controller.rb
|
|
119
|
+
- spec/dummy/app/controllers/students_controller.rb
|
|
113
120
|
- spec/dummy/app/controllers/users/masquerades_controller.rb
|
|
114
121
|
- spec/dummy/app/helpers/application_helper.rb
|
|
115
122
|
- spec/dummy/app/models/admin.rb
|
|
116
123
|
- spec/dummy/app/models/admin/user.rb
|
|
124
|
+
- spec/dummy/app/models/student.rb
|
|
117
125
|
- spec/dummy/app/models/user.rb
|
|
118
126
|
- spec/dummy/app/views/admin/dashboard/index.html.erb
|
|
127
|
+
- spec/dummy/app/views/dashboard/extra_params.html.erb
|
|
119
128
|
- spec/dummy/app/views/dashboard/index.html.erb
|
|
120
129
|
- spec/dummy/app/views/layouts/application.html.erb
|
|
130
|
+
- spec/dummy/app/views/students/_student.html.erb
|
|
131
|
+
- spec/dummy/app/views/students/index.html.erb
|
|
121
132
|
- spec/dummy/app/views/users/_user.html.erb
|
|
122
133
|
- spec/dummy/config.ru
|
|
123
134
|
- spec/dummy/config/application.rb
|
|
@@ -139,6 +150,7 @@ files:
|
|
|
139
150
|
- spec/dummy/db/.gitignore
|
|
140
151
|
- spec/dummy/db/migrate/20121119085620_devise_create_users.rb
|
|
141
152
|
- spec/dummy/db/migrate/20140418160449_create_admin_users.rb
|
|
153
|
+
- spec/dummy/db/migrate/20191022100000_create_students.rb
|
|
142
154
|
- spec/dummy/db/schema.rb
|
|
143
155
|
- spec/dummy/db/seeds.rb
|
|
144
156
|
- spec/dummy/public/.empty
|
|
@@ -152,7 +164,7 @@ homepage: http://github.com/oivoodoo/devise_masquerade
|
|
|
152
164
|
licenses:
|
|
153
165
|
- MIT
|
|
154
166
|
metadata: {}
|
|
155
|
-
post_install_message:
|
|
167
|
+
post_install_message:
|
|
156
168
|
rdoc_options: []
|
|
157
169
|
require_paths:
|
|
158
170
|
- lib
|
|
@@ -167,32 +179,40 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
167
179
|
- !ruby/object:Gem::Version
|
|
168
180
|
version: '0'
|
|
169
181
|
requirements: []
|
|
170
|
-
rubygems_version: 3.
|
|
171
|
-
signing_key:
|
|
182
|
+
rubygems_version: 3.1.4
|
|
183
|
+
signing_key:
|
|
172
184
|
specification_version: 4
|
|
173
185
|
summary: use for login as functionallity on your admin users pages
|
|
174
186
|
test_files:
|
|
175
187
|
- features/back.feature
|
|
188
|
+
- features/multiple_masquerading_models.feature
|
|
176
189
|
- features/step_definitions/auth_steps.rb
|
|
177
190
|
- features/step_definitions/back_steps.rb
|
|
191
|
+
- features/step_definitions/url_helpers_steps.rb
|
|
178
192
|
- features/support/env.rb
|
|
193
|
+
- features/url_helpers.feature
|
|
179
194
|
- spec/controllers/admin/dashboard_controller_spec.rb
|
|
180
195
|
- spec/controllers/dashboard_controller_spec.rb
|
|
181
196
|
- spec/controllers/devise/masquerades_controller_spec.rb
|
|
182
|
-
- spec/controllers/
|
|
197
|
+
- spec/controllers/masquerades_tests_controller_spec.rb
|
|
183
198
|
- spec/dummy/Rakefile
|
|
184
199
|
- spec/dummy/app/controllers/admin/dashboard_controller.rb
|
|
185
200
|
- spec/dummy/app/controllers/application_controller.rb
|
|
186
201
|
- spec/dummy/app/controllers/dashboard_controller.rb
|
|
187
|
-
- spec/dummy/app/controllers/
|
|
202
|
+
- spec/dummy/app/controllers/masquerades_tests_controller.rb
|
|
203
|
+
- spec/dummy/app/controllers/students_controller.rb
|
|
188
204
|
- spec/dummy/app/controllers/users/masquerades_controller.rb
|
|
189
205
|
- spec/dummy/app/helpers/application_helper.rb
|
|
190
206
|
- spec/dummy/app/models/admin.rb
|
|
191
207
|
- spec/dummy/app/models/admin/user.rb
|
|
208
|
+
- spec/dummy/app/models/student.rb
|
|
192
209
|
- spec/dummy/app/models/user.rb
|
|
193
210
|
- spec/dummy/app/views/admin/dashboard/index.html.erb
|
|
211
|
+
- spec/dummy/app/views/dashboard/extra_params.html.erb
|
|
194
212
|
- spec/dummy/app/views/dashboard/index.html.erb
|
|
195
213
|
- spec/dummy/app/views/layouts/application.html.erb
|
|
214
|
+
- spec/dummy/app/views/students/_student.html.erb
|
|
215
|
+
- spec/dummy/app/views/students/index.html.erb
|
|
196
216
|
- spec/dummy/app/views/users/_user.html.erb
|
|
197
217
|
- spec/dummy/config.ru
|
|
198
218
|
- spec/dummy/config/application.rb
|
|
@@ -214,6 +234,7 @@ test_files:
|
|
|
214
234
|
- spec/dummy/db/.gitignore
|
|
215
235
|
- spec/dummy/db/migrate/20121119085620_devise_create_users.rb
|
|
216
236
|
- spec/dummy/db/migrate/20140418160449_create_admin_users.rb
|
|
237
|
+
- spec/dummy/db/migrate/20191022100000_create_students.rb
|
|
217
238
|
- spec/dummy/db/schema.rb
|
|
218
239
|
- spec/dummy/db/seeds.rb
|
|
219
240
|
- spec/dummy/public/.empty
|