devise_masquerade 1.1.0 → 1.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 69a694e1d79273ade4a016a4dfd62ce952373a9d3ae7d0a9c75172d270213f21
4
- data.tar.gz: 6037a5b54a20e17270926a4ba3c75f9cd0b42126afea5ddb5b85463f291fac9a
3
+ metadata.gz: 23f626ba1c590f1686660a00804eaa5c5139a210fae80e72168a9f0a322e4be8
4
+ data.tar.gz: ee1641f8fed338ac83be5935b5e374df60fc7eb003919c120b24052528462302
5
5
  SHA512:
6
- metadata.gz: b252044c3e04dfc33c642e3ac01b6bc534f1edf08a7a45114987f0ad88fcb12fea0fdc4d40571b349e5b7ea8377a4ed7e2b1be77a0d71efa5fd9a8e8d6eee42d
7
- data.tar.gz: 00ddb118dc090eba4faf55c97b7bdc8adede4aaeccc2e8f8ebddc4170afeebdae77f26f15a00393987872e7d2fe099cbdeea276657c1cc9ef12ee8bf167c15a3
6
+ metadata.gz: 49c892cf2302d56d3d3aafb106d4e2eeba92b6c2f256440aa27a428df620bd16f49e89d5666ef6c2083e44fb260c1cb0beef3e575234cf5c6e91bff8f621dc4d
7
+ data.tar.gz: 357d959e456fa0d10a748f2c15b4cd0f94f8c21e773c970d52715e752dfd29c4d39f1e5f06fb2cbe11c8b4517c9503203954af1674a4a02c89669ffacbacc5c0
@@ -0,0 +1 @@
1
+ patreon: oivoodoo
@@ -0,0 +1,44 @@
1
+ # This workflow integrates Brakeman with GitHub's Code Scanning feature
2
+ # Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
3
+
4
+ name: Brakeman Scan
5
+
6
+ # This section configures the trigger for the workflow. Feel free to customize depending on your convention
7
+ on:
8
+ push:
9
+ branches: [ "master", "main" ]
10
+ pull_request:
11
+ branches: [ "master", "main" ]
12
+
13
+ jobs:
14
+ brakeman-scan:
15
+ name: Brakeman Scan
16
+ runs-on: ubuntu-latest
17
+ steps:
18
+ # Checkout the repository to the GitHub Actions runner
19
+ - name: Checkout
20
+ uses: actions/checkout@v2
21
+
22
+ # Customize the ruby version depending on your needs
23
+ - name: Setup Ruby
24
+ uses: actions/setup-ruby@v1
25
+ with:
26
+ ruby-version: '2.7'
27
+
28
+ - name: Setup Brakeman
29
+ env:
30
+ BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
31
+ run: |
32
+ gem install brakeman --version $BRAKEMAN_VERSION
33
+
34
+ # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
35
+ - name: Scan
36
+ continue-on-error: true
37
+ run: |
38
+ brakeman -f sarif -o output.sarif.json .
39
+
40
+ # Upload the SARIF file generated in the previous step
41
+ - name: Upload SARIF
42
+ uses: github/codeql-action/upload-sarif@v1
43
+ with:
44
+ sarif_file: output.sarif.json
@@ -0,0 +1,39 @@
1
+ name: "Rubocop"
2
+
3
+ on: push
4
+
5
+ jobs:
6
+ rubocop:
7
+ runs-on: ubuntu-latest
8
+ strategy:
9
+ fail-fast: false
10
+
11
+ steps:
12
+ - name: Checkout repository
13
+ uses: actions/checkout@v2
14
+
15
+ # If running on a self-hosted runner, check it meets the requirements
16
+ # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
17
+ - name: Set up Ruby
18
+ uses: ruby/setup-ruby@v1
19
+ with:
20
+ ruby-version: 2.6
21
+
22
+ # This step is not necessary if you add the gem to your Gemfile
23
+ - name: Install Code Scanning integration
24
+ run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
25
+
26
+ - name: Install dependencies
27
+ run: bundle install
28
+
29
+ - name: Rubocop run
30
+ run: |
31
+ bash -c "
32
+ bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
33
+ [[ $? -ne 2 ]]
34
+ "
35
+
36
+ - name: Upload Sarif output
37
+ uses: github/codeql-action/upload-sarif@v1
38
+ with:
39
+ sarif_file: rubocop.sarif
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.6.0
1
+ 2.7.2
data/.travis.yml CHANGED
@@ -2,6 +2,7 @@ language: ruby
2
2
  rvm:
3
3
  - 2.5.1
4
4
  - 2.6.0
5
+ - 2.7.2
5
6
  gemfile:
6
7
  - Gemfile
7
8
  script: time ./script/travis.sh
data/Gemfile CHANGED
@@ -36,4 +36,6 @@ group :test do
36
36
  gem 'selenium-webdriver'
37
37
  gem 'chromedriver-helper'
38
38
  gem 'launchy'
39
+
40
+ gem "nokogiri", ">= 1.10.8"
39
41
  end
data/Gemfile.lock CHANGED
@@ -52,8 +52,9 @@ GIT
52
52
  PATH
53
53
  remote: .
54
54
  specs:
55
- devise_masquerade (1.1.0)
55
+ devise_masquerade (1.3.3)
56
56
  devise (>= 4.7.0)
57
+ globalid (>= 0.3.6)
57
58
  railties (>= 5.2.0)
58
59
 
59
60
  GEM
@@ -97,7 +98,7 @@ GEM
97
98
  archive-zip (0.12.0)
98
99
  io-like (~> 0.3.0)
99
100
  backports (3.15.0)
100
- bcrypt (3.1.13)
101
+ bcrypt (3.1.16)
101
102
  bson (1.12.5)
102
103
  bson_ext (1.12.5)
103
104
  bson (~> 1.12.5)
@@ -141,7 +142,7 @@ GEM
141
142
  cucumber-tag_expressions (1.1.1)
142
143
  cucumber-wire (0.0.1)
143
144
  database_cleaner (1.0.1)
144
- devise (4.7.1)
145
+ devise (4.7.3)
145
146
  bcrypt (~> 3.0)
146
147
  orm_adapter (~> 0.1)
147
148
  railties (>= 4.1.0)
@@ -189,7 +190,7 @@ GEM
189
190
  listen (3.2.0)
190
191
  rb-fsevent (~> 0.10, >= 0.10.3)
191
192
  rb-inotify (~> 0.9, >= 0.9.10)
192
- loofah (2.3.0)
193
+ loofah (2.3.1)
193
194
  crass (~> 1.0.2)
194
195
  nokogiri (>= 1.5.9)
195
196
  lumberjack (1.0.13)
@@ -200,13 +201,14 @@ GEM
200
201
  mime-types-data (~> 3.2015)
201
202
  mime-types-data (3.2019.1009)
202
203
  mini_mime (1.0.2)
203
- mini_portile2 (2.4.0)
204
+ mini_portile2 (2.5.0)
204
205
  minitest (5.12.2)
205
206
  multi_json (1.14.1)
206
207
  multi_test (0.1.2)
207
208
  nenv (0.3.0)
208
- nokogiri (1.10.4)
209
- mini_portile2 (~> 2.4.0)
209
+ nokogiri (1.11.1)
210
+ mini_portile2 (~> 2.5.0)
211
+ racc (~> 1.4)
210
212
  notiffany (0.1.3)
211
213
  nenv (~> 0.1)
212
214
  shellany (~> 0.0)
@@ -219,7 +221,8 @@ GEM
219
221
  byebug (~> 11.0)
220
222
  pry (~> 0.10)
221
223
  public_suffix (4.0.1)
222
- rack (2.0.7)
224
+ racc (1.5.2)
225
+ rack (2.2.3)
223
226
  rack-test (1.1.0)
224
227
  rack (>= 1.0, < 3)
225
228
  rails-dom-testing (2.0.3)
@@ -238,7 +241,7 @@ GEM
238
241
  rb-inotify (0.10.0)
239
242
  ffi (~> 1.0)
240
243
  regexp_parser (1.6.0)
241
- responders (3.0.0)
244
+ responders (3.0.1)
242
245
  actionpack (>= 5.0)
243
246
  railties (>= 5.0)
244
247
  rubyzip (2.0.0)
@@ -259,8 +262,8 @@ GEM
259
262
  thread_safe (0.3.6)
260
263
  tzinfo (1.2.5)
261
264
  thread_safe (~> 0.1)
262
- warden (1.2.8)
263
- rack (>= 2.0.6)
265
+ warden (1.2.9)
266
+ rack (>= 2.0.9)
264
267
  xpath (3.2.0)
265
268
  nokogiri (~> 1.8)
266
269
  zeitwerk (2.2.0)
@@ -285,6 +288,7 @@ DEPENDENCIES
285
288
  guard-cucumber
286
289
  guard-rspec (~> 4.7)
287
290
  launchy
291
+ nokogiri (>= 1.10.8)
288
292
  pry
289
293
  pry-byebug
290
294
  rb-fsevent
@@ -300,4 +304,4 @@ DEPENDENCIES
300
304
  test-unit
301
305
 
302
306
  BUNDLED WITH
303
- 2.0.2
307
+ 2.1.4
data/README.md CHANGED
@@ -42,7 +42,8 @@ In the model you'll need to add the parameter :masqueradable to the existing com
42
42
  devise :invitable, :confirmable, :database_authenticatable, :registerable, :masqueradable
43
43
  ```
44
44
 
45
- Add into your application_controller.rb:
45
+ Add into your `application_controller.rb` if you want to have custom way on sign in by using masquerade token otherwise you can still
46
+ use only `masquerade_path` in your view to generate temporary token and link to make `Login As`:
46
47
 
47
48
  ```ruby
48
49
  before_action :masquerade_user!
@@ -178,6 +179,14 @@ in `routes.rb`:
178
179
  And check http://localhost:3000/, use for login user1@example.com and
179
180
  'password'
180
181
 
182
+ ## Troubleshooting
183
+
184
+ Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Chances are that you need to enable caching:
185
+
186
+ rails dev:cache
187
+
188
+ This is a one-time operation, so you can set it and forget it. Should you ever need to disable caching in development, you can re-run the command as required.
189
+
181
190
  ## Test project
182
191
 
183
192
  make test
@@ -1,5 +1,13 @@
1
1
  class Devise::MasqueradesController < DeviseController
2
- prepend_before_action :authenticate_scope!, :masquerade_authorize!
2
+ Devise.mappings.each do |name, _|
3
+ class_eval <<-METHODS, __FILE__, __LINE__ + 1
4
+ skip_before_action :masquerade_#{name}!, raise: false
5
+ METHODS
6
+ end
7
+ skip_before_action :masquerade!, raise: false
8
+
9
+ prepend_before_action :authenticate_scope!, only: :show
10
+ prepend_before_action :masquerade_authorize!
3
11
 
4
12
  before_action :save_masquerade_owner_session, only: :show
5
13
 
@@ -8,13 +16,16 @@ class Devise::MasqueradesController < DeviseController
8
16
  def show
9
17
  self.resource = find_resource
10
18
 
19
+ if resource.class != masquerading_resource_class
20
+ sign_out(send("current_#{masquerading_resource_name}"))
21
+ end
22
+
11
23
  unless resource
12
24
  flash[:error] = "#{masqueraded_resource_class} not found."
13
25
  redirect_to(new_user_session_path) and return
14
26
  end
15
27
 
16
- resource.masquerade!
17
- request.env["devise.skip_trackable"] = "1"
28
+ request.env['devise.skip_trackable'] = '1'
18
29
 
19
30
  masquerade_sign_in(resource)
20
31
 
@@ -22,15 +33,13 @@ class Devise::MasqueradesController < DeviseController
22
33
  end
23
34
 
24
35
  def back
25
- user_id = session[session_key]
26
-
27
- resource = if user_id.present?
28
- masquerading_resource_class.to_adapter.find_first(:id => user_id)
29
- else
30
- send(:"current_#{masquerading_resource_name}")
36
+ unless send("#{masqueraded_resource_name}_signed_in?")
37
+ head(401) and return
31
38
  end
32
39
 
33
- if masquerading_resource_class != masqueraded_resource_class
40
+ self.resource = find_owner_resource
41
+
42
+ if resource.class != masqueraded_resource_class
34
43
  sign_out(send("current_#{masqueraded_resource_name}"))
35
44
  end
36
45
 
@@ -51,7 +60,11 @@ class Devise::MasqueradesController < DeviseController
51
60
  end
52
61
 
53
62
  def find_resource
54
- masqueraded_resource_class.to_adapter.find_first(id: params[:id])
63
+ GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
64
+ end
65
+
66
+ def find_owner_resource
67
+ GlobalID::Locator.locate_signed(Rails.cache.read(session_key), for: 'masquerade')
55
68
  end
56
69
 
57
70
  def go_back(user, path:)
@@ -69,7 +82,11 @@ class Devise::MasqueradesController < DeviseController
69
82
  unless params[:masqueraded_resource_class].blank?
70
83
  params[:masqueraded_resource_class].constantize
71
84
  else
72
- Devise.masqueraded_resource_class || resource_class
85
+ unless session[session_key_masqueraded_resource_class].blank?
86
+ session[session_key_masquerading_resource_class].constantize
87
+ else
88
+ Devise.masqueraded_resource_class || resource_class
89
+ end
73
90
  end
74
91
  end
75
92
  end
@@ -83,7 +100,11 @@ class Devise::MasqueradesController < DeviseController
83
100
  unless params[:masquerading_resource_class].blank?
84
101
  params[:masquerading_resource_class].constantize
85
102
  else
86
- Devise.masquerading_resource_class || resource_class
103
+ unless session[session_key_masquerading_resource_class].blank?
104
+ session[session_key_masquerading_resource_class].constantize
105
+ else
106
+ Devise.masquerading_resource_class || resource_class
107
+ end
87
108
  end
88
109
  end
89
110
  end
@@ -101,19 +122,7 @@ class Devise::MasqueradesController < DeviseController
101
122
  end
102
123
 
103
124
  def after_masquerade_full_path_for(resource)
104
- if after_masquerade_path_for(resource) =~ /\?/
105
- "#{after_masquerade_path_for(resource)}&#{after_masquerade_param_for(resource)}"
106
- else
107
- "#{after_masquerade_path_for(resource)}?#{after_masquerade_param_for(resource)}"
108
- end
109
- end
110
-
111
- def after_masquerade_param_for(resource)
112
- [
113
- "#{Devise.masquerade_param}=#{resource.masquerade_key}",
114
- "masquerading_resource_class=#{masquerading_resource_class}",
115
- "masqueraded_resource_class=#{masqueraded_resource_class}",
116
- ].join('&')
125
+ after_masquerade_path_for(resource)
117
126
  end
118
127
 
119
128
  def after_back_masquerade_path_for(resource)
@@ -121,16 +130,33 @@ class Devise::MasqueradesController < DeviseController
121
130
  end
122
131
 
123
132
  def save_masquerade_owner_session
133
+ resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
134
+ expires_in: Devise.masquerade_expires_in, for: 'masquerade')
135
+ # skip sharing owner id via session
136
+ Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
137
+
124
138
  unless session.key?(session_key)
125
- session[session_key] = send("current_#{masquerading_resource_name}").id
139
+ session[session_key_masquerading_resource_class] = masquerading_resource_class.name
140
+ session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
126
141
  end
127
142
  end
128
143
 
129
144
  def cleanup_masquerade_owner_session
130
- session.delete(session_key)
145
+ Rails.cache.delete(session_key)
146
+
147
+ session.delete(session_key_masqueraded_resource_class)
148
+ session.delete(session_key_masquerading_resource_class)
131
149
  end
132
150
 
133
151
  def session_key
134
152
  "devise_masquerade_#{masqueraded_resource_name}".to_sym
135
153
  end
154
+
155
+ def session_key_masqueraded_resource_class
156
+ "devise_masquerade_masqueraded_resource_class"
157
+ end
158
+
159
+ def session_key_masquerading_resource_class
160
+ "devise_masquerade_masquerading_resource_class"
161
+ end
136
162
  end
@@ -24,4 +24,5 @@ Gem::Specification.new do |gem|
24
24
 
25
25
  gem.add_runtime_dependency('railties', '>= 5.2.0')
26
26
  gem.add_runtime_dependency('devise', '>= 4.7.0')
27
+ gem.add_runtime_dependency('globalid', '>= 0.3.6')
27
28
  end
@@ -0,0 +1,11 @@
1
+ Then("I should see maquerade url") do
2
+ page.html.should include('href="/users/masquerade?masquerade=')
3
+ end
4
+
5
+ When("I am on the users page with extra params") do
6
+ visit '/extra_params'
7
+ end
8
+
9
+ Then("I should see maquerade url with extra params") do
10
+ page.html.should include('href="/users/masquerade?key1=value1&amp;masquerade=')
11
+ end
@@ -0,0 +1,14 @@
1
+ Feature: Use masquerade path to generate routes on page
2
+ In order to have the way to render masquerade path
3
+ As an user
4
+ I want to be able to see the url and use it
5
+
6
+ Scenario: Use masquerade path helper
7
+ Given I logged in
8
+ And I have a user for masquerade
9
+
10
+ When I am on the users page
11
+ Then I should see maquerade url
12
+
13
+ When I am on the users page with extra params
14
+ Then I should see maquerade url with extra params
@@ -10,7 +10,7 @@ module Devise
10
10
  @@masquerade_param = 'masquerade'
11
11
 
12
12
  mattr_accessor :masquerade_expires_in
13
- @@masquerade_expires_in = 10.seconds
13
+ @@masquerade_expires_in = 1.minute
14
14
 
15
15
  mattr_accessor :masquerade_key_size
16
16
  @@masquerade_key_size = 16
@@ -20,7 +20,7 @@ module DeviseMasquerade
20
20
  end
21
21
  return unless klass
22
22
 
23
- resource = klass.find_by_masquerade_key(params["#{Devise.masquerade_param}"])
23
+ resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
24
24
 
25
25
  if resource
26
26
  masquerade_sign_in(resource)
@@ -30,7 +30,7 @@ module DeviseMasquerade
30
30
  def masquerade_#{name}!
31
31
  return if params["#{Devise.masquerade_param}"].blank?
32
32
 
33
- resource = ::#{class_name}.find_by_masquerade_key(params["#{Devise.masquerade_param}"])
33
+ resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
34
34
 
35
35
  if resource
36
36
  masquerade_sign_in(resource)
@@ -38,12 +38,12 @@ module DeviseMasquerade
38
38
  end
39
39
 
40
40
  def #{name}_masquerade?
41
- session[:"devise_masquerade_#{name}"].present?
41
+ ::Rails.cache.exist?(:"devise_masquerade_#{name}").present?
42
42
  end
43
43
 
44
44
  def #{name}_masquerade_owner
45
45
  return nil unless send(:#{name}_masquerade?)
46
- ::#{class_name}.to_adapter.find_first(:id => session[:"devise_masquerade_#{name}"])
46
+ GlobalID::Locator.locate_signed(::Rails.cache.read(:"devise_masquerade_#{name}"), for: 'masquerade')
47
47
  end
48
48
 
49
49
  private
@@ -53,7 +53,7 @@ module DeviseMasquerade
53
53
  if respond_to?(:bypass_sign_in)
54
54
  bypass_sign_in(resource)
55
55
  else
56
- sign_in(resource, :bypass => true)
56
+ sign_in(resource, bypass: true)
57
57
  end
58
58
  else
59
59
  sign_in(resource)
@@ -1,18 +1,26 @@
1
+ require 'securerandom'
2
+
1
3
  module DeviseMasquerade
2
4
  module Controllers
3
5
 
4
6
  module UrlHelpers
5
7
  def masquerade_path(resource, *args)
6
8
  scope = Devise::Mapping.find_scope!(resource)
7
- opts = args.first || {}
9
+
10
+ opts = args.shift || {}
8
11
  opts.merge!(masqueraded_resource_class: resource.class.name)
9
- send("#{scope}_masquerade_path", resource, opts, *args)
12
+
13
+ opts.merge!(Devise.masquerade_param => resource.masquerade_key)
14
+
15
+ send("#{scope}_masquerade_index_path", opts, *args)
10
16
  end
11
17
 
12
18
  def back_masquerade_path(resource, *args)
13
19
  scope = Devise::Mapping.find_scope!(resource)
20
+
14
21
  opts = args.first || {}
15
22
  opts.merge!(masqueraded_resource_class: resource.class.name)
23
+
16
24
  send("back_#{scope}_masquerade_index_path", opts, *args)
17
25
  end
18
26
  end
@@ -4,35 +4,10 @@ module DeviseMasquerade
4
4
  extend ActiveSupport::Concern
5
5
 
6
6
  included do
7
- attr_reader :masquerade_key
8
-
9
- def masquerade!
10
- @masquerade_key = SecureRandom.urlsafe_base64(
11
- Devise.masquerade_key_size)
12
- cache_key = self.class.cache_masquerade_key_by(@masquerade_key)
13
- ::Rails.cache.write(
14
- cache_key, id, expires_in: Devise.masquerade_expires_in)
7
+ def masquerade_key
8
+ to_sgid(expires_in: Devise.masquerade_expires_in, for: 'masquerade')
15
9
  end
16
10
  end
17
-
18
- module ClassMethods
19
- def cache_masquerade_key_by(key)
20
- "#{self.name.pluralize.underscore}:#{key}:masquerade"
21
- end
22
-
23
- def remove_masquerade_key!(key)
24
- ::Rails.cache.delete(cache_masquerade_key_by(key))
25
- end
26
-
27
- def find_by_masquerade_key(key)
28
- id = ::Rails.cache.read(cache_masquerade_key_by(key))
29
-
30
- # clean up the cached masquerade key value
31
- remove_masquerade_key!(key)
32
-
33
- where(id: id).first
34
- end
35
- end # ClassMethods
36
11
  end
37
12
  end
38
13
  end
@@ -3,11 +3,12 @@ module DeviseMasquerade
3
3
 
4
4
  def devise_masquerade(mapping, controllers)
5
5
  resources :masquerade,
6
- only: :show,
7
6
  path: mapping.path_names[:masquerade],
8
- controller: controllers[:masquerades] do
7
+ controller: controllers[:masquerades],
8
+ only: [] do
9
9
 
10
10
  collection do
11
+ get :show
11
12
  get :back
12
13
  end
13
14
  end
@@ -1,3 +1,3 @@
1
1
  module DeviseMasquerade
2
- VERSION = '1.1.0'.freeze
2
+ VERSION = '1.3.3'.freeze
3
3
  end
@@ -8,8 +8,6 @@ describe Admin::DashboardController, type: :controller do
8
8
  let!(:mask) { create(:admin_user) }
9
9
 
10
10
  before do
11
- mask.masquerade!
12
-
13
11
  get :index, params: { masquerade: mask.masquerade_key, masqueraded_resource_class: 'Admin::User' }
14
12
  end
15
13
 
@@ -8,8 +8,6 @@ describe DashboardController, type: :controller do
8
8
  let!(:mask) { create(:user) }
9
9
 
10
10
  before do
11
- mask.masquerade!
12
-
13
11
  get :index, params: { masquerade: mask.masquerade_key }
14
12
  end
15
13
 
@@ -11,85 +11,89 @@ describe Devise::MasqueradesController, type: :controller do
11
11
  let(:mask) { create(:student) }
12
12
 
13
13
  before do
14
- expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" }
15
- get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name }
14
+ get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
16
15
  end
17
16
 
18
- it { expect(session.keys).to include('devise_masquerade_student') }
17
+ it { expect(Rails.cache.read('devise_masquerade_student')).to be }
19
18
 
20
19
  it 'should have warden keys defined' do
21
20
  expect(session["warden.user.student.key"].first.first).to eq(mask.id)
22
21
  end
23
22
 
24
- it { should redirect_to("/?masquerade=secure_key&masquerading_resource_class=User&masqueraded_resource_class=Student") }
23
+ it { should redirect_to('/') }
25
24
  end
26
25
 
27
26
  describe '#masquerade user' do
28
27
  let(:mask) { create(:user) }
29
28
 
30
29
  before do
31
- expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" }
32
- get :show, params: { id: mask.to_param }
30
+ get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
33
31
  end
34
32
 
35
- it { expect(session.keys).to include('devise_masquerade_user') }
33
+ it { expect(Rails.cache.read('devise_masquerade_user')).to be }
36
34
  it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
37
- it { should redirect_to("/?masquerade=secure_key&masquerading_resource_class=User&masqueraded_resource_class=User") }
35
+ it { should redirect_to('/') }
38
36
 
39
37
  context 'and back' do
40
38
  before { get :back }
41
39
 
42
40
  it { should redirect_to(masquerade_page) }
43
41
  it { expect(current_user.reload).to eq(@user) }
44
- it { expect(session.keys).not_to include('devise_masquerade_user') }
42
+ it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
45
43
  end
44
+ end
46
45
 
47
- # Configure masquerade_routes_back setting
48
- describe 'config#masquerade_routes_back' do
49
- before { Devise.setup { |c| c.masquerade_routes_back = true } }
46
+ # Configure masquerade_routes_back setting
47
+ describe 'config#masquerade_routes_back' do
48
+ let(:mask) { create(:user) }
50
49
 
51
- after { Devise.masquerade_routes_back = false }
50
+ before { Devise.setup { |c| c.masquerade_routes_back = true } }
52
51
 
53
- context 'show' do
54
- before { expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
52
+ after { Devise.masquerade_routes_back = false }
55
53
 
56
- context 'with http referrer' do
57
- before do
58
- @request.env['HTTP_REFERER'] = 'previous_location'
59
- get :show, params: { id: mask.to_param }
60
- end # before
54
+ context 'show' do
55
+ context 'with http referrer' do
56
+ before do
57
+ @request.env['HTTP_REFERER'] = 'previous_location'
58
+ get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
59
+ end # before
61
60
 
62
- it { should redirect_to('previous_location') }
63
- end # context
61
+ it { should redirect_to('previous_location') }
62
+ end # context
64
63
 
65
- context 'no http referrer' do
66
- before do
67
- allow_any_instance_of(described_class).to(
68
- receive(:after_masquerade_path_for).and_return("/dashboard?color=red"))
69
- end
64
+ context 'no http referrer' do
65
+ before do
66
+ allow_any_instance_of(described_class).to(
67
+ receive(:after_masquerade_path_for).and_return("/dashboard?color=red"))
68
+ end
70
69
 
71
- before { get :show, params: { id: mask.to_param } }
70
+ before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
72
71
 
73
- it { should redirect_to("/dashboard?color=red&masquerade=secure_key&masquerading_resource_class=User&masqueraded_resource_class=User") }
74
- end # context
72
+ it { should redirect_to("/dashboard?color=red") }
75
73
  end # context
74
+ end # context
76
75
 
77
- context 'and back' do
78
- before { get :back }
76
+ context 'and back' do
77
+ before do
78
+ get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
79
79
 
80
- it { should redirect_to(masquerade_page) }
81
- end # context
80
+ get :back
81
+ end
82
82
 
83
- context 'and back fallback if http_referer not present' do
84
- before do
85
- @request.env['HTTP_REFERER'] = 'previous_location'
86
- get :back
87
- end
83
+ it { should redirect_to(masquerade_page) }
84
+ end # context
88
85
 
89
- it { should redirect_to('previous_location') }
90
- end # context
91
- end # describe
92
- end
86
+ context 'and back fallback if http_referer not present' do
87
+ before do
88
+ get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
89
+
90
+ @request.env['HTTP_REFERER'] = 'previous_location'
91
+ get :back
92
+ end
93
+
94
+ it { should redirect_to('previous_location') }
95
+ end # context
96
+ end # describe
93
97
  end
94
98
 
95
99
  context 'when not logged in' do
@@ -13,11 +13,11 @@ describe MasqueradesTestsController, type: :controller do
13
13
 
14
14
  let(:mask) { create(:user) }
15
15
 
16
- before { get :show, params: { id: mask.to_param } }
16
+ before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
17
17
 
18
18
  it { expect(response.status).to eq(403) }
19
- it { expect(session.keys).not_to include('devise_masquerade_user') }
20
- it { expect(session["warden.user.user.key"].first.first).not_to eq(mask.id) }
19
+ it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
20
+ it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
21
21
  end
22
22
 
23
23
  context 'access for masquerade' do
@@ -31,12 +31,11 @@ describe MasqueradesTestsController, type: :controller do
31
31
  let(:mask) { create(:user) }
32
32
 
33
33
  before do
34
- expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" }
35
- get :show, params: { id: mask.to_param }
34
+ get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
36
35
  end
37
36
 
38
37
  it { expect(response.status).to eq(302) }
39
- it { expect(session.keys).to include('devise_masquerade_user') }
40
- it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
38
+ it { expect(Rails.cache.read('devise_masquerade_user')).to be }
39
+ it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
41
40
  end
42
41
  end
@@ -4,5 +4,9 @@ class DashboardController < ApplicationController
4
4
  def index
5
5
  @users = User.where("users.id != ?", current_user.id).all
6
6
  end
7
+
8
+ def extra_params
9
+ @users = User.where("users.id != ?", current_user.id).all
10
+ end
7
11
  end
8
12
 
@@ -0,0 +1,7 @@
1
+ <% @users.each do |user| %>
2
+ <p>
3
+ <%= user.email %>
4
+
5
+ <%= link_to "Login as", masquerade_path(user, key1: 'value1'), class: 'login_as' %>
6
+ </p>
7
+ <% end %>
@@ -17,7 +17,7 @@
17
17
  <% end %>
18
18
 
19
19
  <% if user_masquerade? %>
20
- <%= link_to "Back masquerade", back_masquerade_path(current_user) %>
20
+ <%= link_to "Back masquerade", back_masquerade_path(User.new) %>
21
21
  <% end %>
22
22
  <% end %>
23
23
 
@@ -1,10 +1,12 @@
1
1
  Dummy::Application.routes.draw do
2
- devise_for :users, controllers: { masquerades: "users/masquerades" }
2
+ devise_for :users, controllers: { masquerades: 'users/masquerades' }
3
3
  devise_for :admin_users, class_name: Admin::User.name
4
4
  devise_for :students, class_name: Student.name
5
5
 
6
6
  root to: 'dashboard#index'
7
7
 
8
+ get '/extra_params', to: 'dashboard#extra_params'
9
+
8
10
  resources :masquerades_tests
9
11
  resources :students, only: :index
10
12
 
@@ -3,37 +3,10 @@ require 'spec_helper'
3
3
  describe User do
4
4
  let!(:user) { create(:user) }
5
5
 
6
- describe '#masquerade!' do
6
+ describe '#masquerade_key' do
7
7
  it 'should cache special key on masquerade' do
8
- expect(SecureRandom).to receive(:urlsafe_base64).with(16) { "secure_key" }
9
- user.masquerade!
10
- end
11
- end
12
-
13
- describe '#remove_masquerade_key' do
14
- before { allow(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
15
-
16
- let(:key) { 'users:secure_key:masquerade' }
17
-
18
- it 'should be possible to remove cached masquerade key' do
19
- user.masquerade!
20
- expect(Rails.cache.exist?(key)).to eq(true)
21
-
22
- User.remove_masquerade_key!('secure_key')
23
- expect(Rails.cache.exist?(key)).to eq(false)
24
- end
25
- end
26
-
27
- describe '#find_by_masquerade_key' do
28
- it 'should be possible to find user by generate masquerade key' do
29
- user.masquerade!
30
-
31
- allow(Rails.cache).to receive(:read).with("users:#{user.masquerade_key}:masquerade") { user.id }
32
- allow(Rails.cache).to receive(:delete).with("users:#{user.masquerade_key}:masquerade")
33
-
34
- new_user = User.find_by_masquerade_key(user.masquerade_key)
35
-
36
- expect(new_user).to eq(user)
8
+ expect(user).to receive(:to_sgid).with(expires_in: 1.minute, for: 'masquerade') { "secure_key" }
9
+ user.masquerade_key
37
10
  end
38
11
  end
39
12
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_masquerade
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alexandr Korsak
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-10-22 00:00:00.000000000 Z
11
+ date: 2021-02-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -52,6 +52,20 @@ dependencies:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: 4.7.0
55
+ - !ruby/object:Gem::Dependency
56
+ name: globalid
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: 0.3.6
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: 0.3.6
55
69
  description: devise masquerade library
56
70
  email:
57
71
  - alex.korsak@gmail.com
@@ -59,6 +73,9 @@ executables: []
59
73
  extensions: []
60
74
  extra_rdoc_files: []
61
75
  files:
76
+ - ".github/FUNDING.yml"
77
+ - ".github/workflows/brakeman-analysis.yml"
78
+ - ".github/workflows/rubocop-analysis.yml"
62
79
  - ".gitignore"
63
80
  - ".rspec"
64
81
  - ".ruby-version"
@@ -78,7 +95,9 @@ files:
78
95
  - features/multiple_masquerading_models.feature
79
96
  - features/step_definitions/auth_steps.rb
80
97
  - features/step_definitions/back_steps.rb
98
+ - features/step_definitions/url_helpers_steps.rb
81
99
  - features/support/env.rb
100
+ - features/url_helpers.feature
82
101
  - lib/devise_masquerade.rb
83
102
  - lib/devise_masquerade/controllers/helpers.rb
84
103
  - lib/devise_masquerade/controllers/url_helpers.rb
@@ -105,6 +124,7 @@ files:
105
124
  - spec/dummy/app/models/student.rb
106
125
  - spec/dummy/app/models/user.rb
107
126
  - spec/dummy/app/views/admin/dashboard/index.html.erb
127
+ - spec/dummy/app/views/dashboard/extra_params.html.erb
108
128
  - spec/dummy/app/views/dashboard/index.html.erb
109
129
  - spec/dummy/app/views/layouts/application.html.erb
110
130
  - spec/dummy/app/views/students/_student.html.erb
@@ -144,7 +164,7 @@ homepage: http://github.com/oivoodoo/devise_masquerade
144
164
  licenses:
145
165
  - MIT
146
166
  metadata: {}
147
- post_install_message:
167
+ post_install_message:
148
168
  rdoc_options: []
149
169
  require_paths:
150
170
  - lib
@@ -159,8 +179,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
159
179
  - !ruby/object:Gem::Version
160
180
  version: '0'
161
181
  requirements: []
162
- rubygems_version: 3.0.1
163
- signing_key:
182
+ rubygems_version: 3.1.4
183
+ signing_key:
164
184
  specification_version: 4
165
185
  summary: use for login as functionallity on your admin users pages
166
186
  test_files:
@@ -168,7 +188,9 @@ test_files:
168
188
  - features/multiple_masquerading_models.feature
169
189
  - features/step_definitions/auth_steps.rb
170
190
  - features/step_definitions/back_steps.rb
191
+ - features/step_definitions/url_helpers_steps.rb
171
192
  - features/support/env.rb
193
+ - features/url_helpers.feature
172
194
  - spec/controllers/admin/dashboard_controller_spec.rb
173
195
  - spec/controllers/dashboard_controller_spec.rb
174
196
  - spec/controllers/devise/masquerades_controller_spec.rb
@@ -186,6 +208,7 @@ test_files:
186
208
  - spec/dummy/app/models/student.rb
187
209
  - spec/dummy/app/models/user.rb
188
210
  - spec/dummy/app/views/admin/dashboard/index.html.erb
211
+ - spec/dummy/app/views/dashboard/extra_params.html.erb
189
212
  - spec/dummy/app/views/dashboard/index.html.erb
190
213
  - spec/dummy/app/views/layouts/application.html.erb
191
214
  - spec/dummy/app/views/students/_student.html.erb