devise_masquerade 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of devise_masquerade might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +1 -0
- data/.github/workflows/brakeman-analysis.yml +44 -0
- data/.github/workflows/rubocop-analysis.yml +39 -0
- data/.ruby-version +1 -1
- data/Gemfile +2 -0
- data/Gemfile.lock +12 -10
- data/README.md +8 -0
- data/app/controllers/devise/masquerades_controller.rb +14 -14
- data/devise_masquerade.gemspec +1 -0
- data/lib/devise_masquerade/controllers/helpers.rb +4 -4
- data/lib/devise_masquerade/controllers/url_helpers.rb +0 -1
- data/lib/devise_masquerade/models/masqueradable.rb +2 -36
- data/lib/devise_masquerade/version.rb +1 -1
- data/spec/controllers/admin/dashboard_controller_spec.rb +0 -2
- data/spec/controllers/dashboard_controller_spec.rb +0 -2
- data/spec/controllers/devise/masquerades_controller_spec.rb +10 -10
- data/spec/controllers/masquerades_tests_controller_spec.rb +2 -6
- data/spec/models/user_spec.rb +3 -30
- metadata +23 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9b0f25fa4c2e5b41336a6b39bb4eab9dc8cc9a90544de0dffec1cd95d2b8b7f6
|
|
4
|
+
data.tar.gz: 96073dd0fb8c13658d7f9b6e156aeb9a9fd90d0aa3e5360fe8416e698b00ceb6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 243f3b4580c80bbf3c281df44bb7fba95d18ac67e0a547e925eb50d784bf05d7364c64ad439c45486473d38481f22b45aa44a9d152eddd67759e6792cf956bb4
|
|
7
|
+
data.tar.gz: 3f48a1f7d0a79f2b220380e6aa357ae3a9d937d817b00040b106b7e539d2ed651c61aec2da24626d8a58c9626a30ee958cb752dc779ed3195e09cf1b91177cdd
|
data/.github/FUNDING.yml
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
patreon: oivoodoo
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
# This workflow integrates Brakeman with GitHub's Code Scanning feature
|
|
2
|
+
# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
|
|
3
|
+
|
|
4
|
+
name: Brakeman Scan
|
|
5
|
+
|
|
6
|
+
# This section configures the trigger for the workflow. Feel free to customize depending on your convention
|
|
7
|
+
on:
|
|
8
|
+
push:
|
|
9
|
+
branches: [ "master", "main" ]
|
|
10
|
+
pull_request:
|
|
11
|
+
branches: [ "master", "main" ]
|
|
12
|
+
|
|
13
|
+
jobs:
|
|
14
|
+
brakeman-scan:
|
|
15
|
+
name: Brakeman Scan
|
|
16
|
+
runs-on: ubuntu-latest
|
|
17
|
+
steps:
|
|
18
|
+
# Checkout the repository to the GitHub Actions runner
|
|
19
|
+
- name: Checkout
|
|
20
|
+
uses: actions/checkout@v2
|
|
21
|
+
|
|
22
|
+
# Customize the ruby version depending on your needs
|
|
23
|
+
- name: Setup Ruby
|
|
24
|
+
uses: actions/setup-ruby@v1
|
|
25
|
+
with:
|
|
26
|
+
ruby-version: '2.7'
|
|
27
|
+
|
|
28
|
+
- name: Setup Brakeman
|
|
29
|
+
env:
|
|
30
|
+
BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
|
|
31
|
+
run: |
|
|
32
|
+
gem install brakeman --version $BRAKEMAN_VERSION
|
|
33
|
+
|
|
34
|
+
# Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
|
|
35
|
+
- name: Scan
|
|
36
|
+
continue-on-error: true
|
|
37
|
+
run: |
|
|
38
|
+
brakeman -f sarif -o output.sarif.json .
|
|
39
|
+
|
|
40
|
+
# Upload the SARIF file generated in the previous step
|
|
41
|
+
- name: Upload SARIF
|
|
42
|
+
uses: github/codeql-action/upload-sarif@v1
|
|
43
|
+
with:
|
|
44
|
+
sarif_file: output.sarif.json
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
name: "Rubocop"
|
|
2
|
+
|
|
3
|
+
on: push
|
|
4
|
+
|
|
5
|
+
jobs:
|
|
6
|
+
rubocop:
|
|
7
|
+
runs-on: ubuntu-latest
|
|
8
|
+
strategy:
|
|
9
|
+
fail-fast: false
|
|
10
|
+
|
|
11
|
+
steps:
|
|
12
|
+
- name: Checkout repository
|
|
13
|
+
uses: actions/checkout@v2
|
|
14
|
+
|
|
15
|
+
# If running on a self-hosted runner, check it meets the requirements
|
|
16
|
+
# listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
|
|
17
|
+
- name: Set up Ruby
|
|
18
|
+
uses: ruby/setup-ruby@v1
|
|
19
|
+
with:
|
|
20
|
+
ruby-version: 2.6
|
|
21
|
+
|
|
22
|
+
# This step is not necessary if you add the gem to your Gemfile
|
|
23
|
+
- name: Install Code Scanning integration
|
|
24
|
+
run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
|
|
25
|
+
|
|
26
|
+
- name: Install dependencies
|
|
27
|
+
run: bundle install
|
|
28
|
+
|
|
29
|
+
- name: Rubocop run
|
|
30
|
+
run: |
|
|
31
|
+
bash -c "
|
|
32
|
+
bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
|
|
33
|
+
[[ $? -ne 2 ]]
|
|
34
|
+
"
|
|
35
|
+
|
|
36
|
+
- name: Upload Sarif output
|
|
37
|
+
uses: github/codeql-action/upload-sarif@v1
|
|
38
|
+
with:
|
|
39
|
+
sarif_file: rubocop.sarif
|
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.
|
|
1
|
+
2.7.2
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -52,8 +52,9 @@ GIT
|
|
|
52
52
|
PATH
|
|
53
53
|
remote: .
|
|
54
54
|
specs:
|
|
55
|
-
devise_masquerade (1.
|
|
55
|
+
devise_masquerade (1.3.0)
|
|
56
56
|
devise (>= 4.7.0)
|
|
57
|
+
globalid (>= 0.3.6)
|
|
57
58
|
railties (>= 5.2.0)
|
|
58
59
|
|
|
59
60
|
GEM
|
|
@@ -97,7 +98,7 @@ GEM
|
|
|
97
98
|
archive-zip (0.12.0)
|
|
98
99
|
io-like (~> 0.3.0)
|
|
99
100
|
backports (3.15.0)
|
|
100
|
-
bcrypt (3.1.
|
|
101
|
+
bcrypt (3.1.16)
|
|
101
102
|
bson (1.12.5)
|
|
102
103
|
bson_ext (1.12.5)
|
|
103
104
|
bson (~> 1.12.5)
|
|
@@ -141,7 +142,7 @@ GEM
|
|
|
141
142
|
cucumber-tag_expressions (1.1.1)
|
|
142
143
|
cucumber-wire (0.0.1)
|
|
143
144
|
database_cleaner (1.0.1)
|
|
144
|
-
devise (4.7.
|
|
145
|
+
devise (4.7.3)
|
|
145
146
|
bcrypt (~> 3.0)
|
|
146
147
|
orm_adapter (~> 0.1)
|
|
147
148
|
railties (>= 4.1.0)
|
|
@@ -189,7 +190,7 @@ GEM
|
|
|
189
190
|
listen (3.2.0)
|
|
190
191
|
rb-fsevent (~> 0.10, >= 0.10.3)
|
|
191
192
|
rb-inotify (~> 0.9, >= 0.9.10)
|
|
192
|
-
loofah (2.3.
|
|
193
|
+
loofah (2.3.1)
|
|
193
194
|
crass (~> 1.0.2)
|
|
194
195
|
nokogiri (>= 1.5.9)
|
|
195
196
|
lumberjack (1.0.13)
|
|
@@ -205,7 +206,7 @@ GEM
|
|
|
205
206
|
multi_json (1.14.1)
|
|
206
207
|
multi_test (0.1.2)
|
|
207
208
|
nenv (0.3.0)
|
|
208
|
-
nokogiri (1.10.
|
|
209
|
+
nokogiri (1.10.8)
|
|
209
210
|
mini_portile2 (~> 2.4.0)
|
|
210
211
|
notiffany (0.1.3)
|
|
211
212
|
nenv (~> 0.1)
|
|
@@ -219,7 +220,7 @@ GEM
|
|
|
219
220
|
byebug (~> 11.0)
|
|
220
221
|
pry (~> 0.10)
|
|
221
222
|
public_suffix (4.0.1)
|
|
222
|
-
rack (2.
|
|
223
|
+
rack (2.2.3)
|
|
223
224
|
rack-test (1.1.0)
|
|
224
225
|
rack (>= 1.0, < 3)
|
|
225
226
|
rails-dom-testing (2.0.3)
|
|
@@ -238,7 +239,7 @@ GEM
|
|
|
238
239
|
rb-inotify (0.10.0)
|
|
239
240
|
ffi (~> 1.0)
|
|
240
241
|
regexp_parser (1.6.0)
|
|
241
|
-
responders (3.0.
|
|
242
|
+
responders (3.0.1)
|
|
242
243
|
actionpack (>= 5.0)
|
|
243
244
|
railties (>= 5.0)
|
|
244
245
|
rubyzip (2.0.0)
|
|
@@ -259,8 +260,8 @@ GEM
|
|
|
259
260
|
thread_safe (0.3.6)
|
|
260
261
|
tzinfo (1.2.5)
|
|
261
262
|
thread_safe (~> 0.1)
|
|
262
|
-
warden (1.2.
|
|
263
|
-
rack (>= 2.0.
|
|
263
|
+
warden (1.2.9)
|
|
264
|
+
rack (>= 2.0.9)
|
|
264
265
|
xpath (3.2.0)
|
|
265
266
|
nokogiri (~> 1.8)
|
|
266
267
|
zeitwerk (2.2.0)
|
|
@@ -285,6 +286,7 @@ DEPENDENCIES
|
|
|
285
286
|
guard-cucumber
|
|
286
287
|
guard-rspec (~> 4.7)
|
|
287
288
|
launchy
|
|
289
|
+
nokogiri (>= 1.10.8)
|
|
288
290
|
pry
|
|
289
291
|
pry-byebug
|
|
290
292
|
rb-fsevent
|
|
@@ -300,4 +302,4 @@ DEPENDENCIES
|
|
|
300
302
|
test-unit
|
|
301
303
|
|
|
302
304
|
BUNDLED WITH
|
|
303
|
-
2.
|
|
305
|
+
2.1.4
|
data/README.md
CHANGED
|
@@ -179,6 +179,14 @@ in `routes.rb`:
|
|
|
179
179
|
And check http://localhost:3000/, use for login user1@example.com and
|
|
180
180
|
'password'
|
|
181
181
|
|
|
182
|
+
## Troubleshooting
|
|
183
|
+
|
|
184
|
+
Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Chances are that you need to enable caching:
|
|
185
|
+
|
|
186
|
+
rails dev:cache
|
|
187
|
+
|
|
188
|
+
This is a one-time operation, so you can set it and forget it. Should you ever need to disable caching in development, you can re-run the command as required.
|
|
189
|
+
|
|
182
190
|
## Test project
|
|
183
191
|
|
|
184
192
|
make test
|
|
@@ -28,15 +28,9 @@ class Devise::MasqueradesController < DeviseController
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def back
|
|
31
|
-
|
|
31
|
+
self.resource = find_owner_resource
|
|
32
32
|
|
|
33
|
-
resource
|
|
34
|
-
masquerading_resource_class.to_adapter.find_first(:id => user_id)
|
|
35
|
-
else
|
|
36
|
-
send(:"current_#{masquerading_resource_name}")
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
if masquerading_resource_class != masqueraded_resource_class
|
|
33
|
+
if resource.class != masqueraded_resource_class
|
|
40
34
|
sign_out(send("current_#{masqueraded_resource_name}"))
|
|
41
35
|
end
|
|
42
36
|
|
|
@@ -57,10 +51,11 @@ class Devise::MasqueradesController < DeviseController
|
|
|
57
51
|
end
|
|
58
52
|
|
|
59
53
|
def find_resource
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
54
|
+
GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
def find_owner_resource
|
|
58
|
+
GlobalID::Locator.locate_signed(Rails.cache.read(session_key), for: 'masquerade')
|
|
64
59
|
end
|
|
65
60
|
|
|
66
61
|
def go_back(user, path:)
|
|
@@ -126,15 +121,20 @@ class Devise::MasqueradesController < DeviseController
|
|
|
126
121
|
end
|
|
127
122
|
|
|
128
123
|
def save_masquerade_owner_session
|
|
124
|
+
resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
|
|
125
|
+
expires_in: Devise.masquerade_expires_in, for: 'masquerade')
|
|
126
|
+
# skip sharing owner id via session
|
|
127
|
+
Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
|
|
128
|
+
|
|
129
129
|
unless session.key?(session_key)
|
|
130
|
-
session[session_key] = send("current_#{masquerading_resource_name}").id
|
|
131
130
|
session[session_key_masquerading_resource_class] = masquerading_resource_class.name
|
|
132
131
|
session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
|
|
133
132
|
end
|
|
134
133
|
end
|
|
135
134
|
|
|
136
135
|
def cleanup_masquerade_owner_session
|
|
137
|
-
|
|
136
|
+
Rails.cache.delete(session_key)
|
|
137
|
+
|
|
138
138
|
session.delete(session_key_masqueraded_resource_class)
|
|
139
139
|
session.delete(session_key_masquerading_resource_class)
|
|
140
140
|
end
|
data/devise_masquerade.gemspec
CHANGED
|
@@ -20,7 +20,7 @@ module DeviseMasquerade
|
|
|
20
20
|
end
|
|
21
21
|
return unless klass
|
|
22
22
|
|
|
23
|
-
resource =
|
|
23
|
+
resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
|
|
24
24
|
|
|
25
25
|
if resource
|
|
26
26
|
masquerade_sign_in(resource)
|
|
@@ -30,7 +30,7 @@ module DeviseMasquerade
|
|
|
30
30
|
def masquerade_#{name}!
|
|
31
31
|
return if params["#{Devise.masquerade_param}"].blank?
|
|
32
32
|
|
|
33
|
-
resource =
|
|
33
|
+
resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
|
|
34
34
|
|
|
35
35
|
if resource
|
|
36
36
|
masquerade_sign_in(resource)
|
|
@@ -38,12 +38,12 @@ module DeviseMasquerade
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
def #{name}_masquerade?
|
|
41
|
-
|
|
41
|
+
::Rails.cache.exist?(:"devise_masquerade_#{name}").present?
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
def #{name}_masquerade_owner
|
|
45
45
|
return nil unless send(:#{name}_masquerade?)
|
|
46
|
-
|
|
46
|
+
GlobalID::Locator.locate_signed(Rails.cache.read(:"devise_masquerade_#{name}"), for: 'masquerade')
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
private
|
|
@@ -10,7 +10,6 @@ module DeviseMasquerade
|
|
|
10
10
|
opts = args.first || {}
|
|
11
11
|
opts.merge!(masqueraded_resource_class: resource.class.name)
|
|
12
12
|
|
|
13
|
-
resource.masquerade!
|
|
14
13
|
opts.merge!(Devise.masquerade_param => resource.masquerade_key)
|
|
15
14
|
|
|
16
15
|
send("#{scope}_masquerade_path", resource, opts, *args)
|
|
@@ -4,44 +4,10 @@ module DeviseMasquerade
|
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
5
|
|
|
6
6
|
included do
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
def masquerade!
|
|
10
|
-
@masquerade_key = SecureRandom.urlsafe_base64(
|
|
11
|
-
Devise.masquerade_key_size)
|
|
12
|
-
cache_key = self.class.cache_masquerade_key_by(@masquerade_key)
|
|
13
|
-
::Rails.cache.write(
|
|
14
|
-
cache_key, id, expires_in: Devise.masquerade_expires_in)
|
|
7
|
+
def masquerade_key
|
|
8
|
+
to_sgid(expires_in: Devise.masquerade_expires_in, for: 'masquerade')
|
|
15
9
|
end
|
|
16
10
|
end
|
|
17
|
-
|
|
18
|
-
module ClassMethods
|
|
19
|
-
def cache_masquerade_key_by(key)
|
|
20
|
-
"#{self.name.pluralize.underscore}:#{key}:masquerade"
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def remove_masquerade_key!(key)
|
|
24
|
-
::Rails.cache.delete(cache_masquerade_key_by(key))
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
def find_by_masquerade_key(key)
|
|
28
|
-
id = ::Rails.cache.read(cache_masquerade_key_by(key))
|
|
29
|
-
|
|
30
|
-
# clean up the cached masquerade key value
|
|
31
|
-
remove_masquerade_key!(key)
|
|
32
|
-
|
|
33
|
-
where(id: id)
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
def find_by_masquerade_key(key)
|
|
37
|
-
id = ::Rails.cache.read(cache_masquerade_key_by(key))
|
|
38
|
-
|
|
39
|
-
# clean up the cached masquerade key value
|
|
40
|
-
remove_masquerade_key!(key)
|
|
41
|
-
|
|
42
|
-
where(id: id)
|
|
43
|
-
end
|
|
44
|
-
end # ClassMethods
|
|
45
11
|
end
|
|
46
12
|
end
|
|
47
13
|
end
|
|
@@ -10,13 +10,11 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
10
10
|
context 'with masqueradable_class param' do
|
|
11
11
|
let(:mask) { create(:student) }
|
|
12
12
|
|
|
13
|
-
before { mask.masquerade! }
|
|
14
|
-
|
|
15
13
|
before do
|
|
16
14
|
get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
|
|
17
15
|
end
|
|
18
16
|
|
|
19
|
-
it { expect(
|
|
17
|
+
it { expect(Rails.cache.read('devise_masquerade_student')).to be }
|
|
20
18
|
|
|
21
19
|
it 'should have warden keys defined' do
|
|
22
20
|
expect(session["warden.user.student.key"].first.first).to eq(mask.id)
|
|
@@ -28,13 +26,11 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
28
26
|
describe '#masquerade user' do
|
|
29
27
|
let(:mask) { create(:user) }
|
|
30
28
|
|
|
31
|
-
before { mask.masquerade! }
|
|
32
|
-
|
|
33
29
|
before do
|
|
34
30
|
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
35
31
|
end
|
|
36
32
|
|
|
37
|
-
it { expect(
|
|
33
|
+
it { expect(Rails.cache.read('devise_masquerade_user')).to be }
|
|
38
34
|
it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
|
|
39
35
|
it { should redirect_to('/') }
|
|
40
36
|
|
|
@@ -43,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
43
39
|
|
|
44
40
|
it { should redirect_to(masquerade_page) }
|
|
45
41
|
it { expect(current_user.reload).to eq(@user) }
|
|
46
|
-
it { expect(
|
|
42
|
+
it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
|
|
47
43
|
end
|
|
48
44
|
end
|
|
49
45
|
|
|
@@ -55,8 +51,6 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
55
51
|
|
|
56
52
|
after { Devise.masquerade_routes_back = false }
|
|
57
53
|
|
|
58
|
-
before { mask.masquerade! }
|
|
59
|
-
|
|
60
54
|
context 'show' do
|
|
61
55
|
context 'with http referrer' do
|
|
62
56
|
before do
|
|
@@ -80,13 +74,19 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
80
74
|
end # context
|
|
81
75
|
|
|
82
76
|
context 'and back' do
|
|
83
|
-
before
|
|
77
|
+
before do
|
|
78
|
+
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
79
|
+
|
|
80
|
+
get :back
|
|
81
|
+
end
|
|
84
82
|
|
|
85
83
|
it { should redirect_to(masquerade_page) }
|
|
86
84
|
end # context
|
|
87
85
|
|
|
88
86
|
context 'and back fallback if http_referer not present' do
|
|
89
87
|
before do
|
|
88
|
+
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
89
|
+
|
|
90
90
|
@request.env['HTTP_REFERER'] = 'previous_location'
|
|
91
91
|
get :back
|
|
92
92
|
end
|
|
@@ -13,12 +13,10 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
13
13
|
|
|
14
14
|
let(:mask) { create(:user) }
|
|
15
15
|
|
|
16
|
-
before { mask.masquerade! }
|
|
17
|
-
|
|
18
16
|
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
|
19
17
|
|
|
20
18
|
it { expect(response.status).to eq(403) }
|
|
21
|
-
it { expect(
|
|
19
|
+
it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
|
|
22
20
|
it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
|
|
23
21
|
end
|
|
24
22
|
|
|
@@ -32,14 +30,12 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
32
30
|
|
|
33
31
|
let(:mask) { create(:user) }
|
|
34
32
|
|
|
35
|
-
before { mask.masquerade! }
|
|
36
|
-
|
|
37
33
|
before do
|
|
38
34
|
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
39
35
|
end
|
|
40
36
|
|
|
41
37
|
it { expect(response.status).to eq(302) }
|
|
42
|
-
it { expect(
|
|
38
|
+
it { expect(Rails.cache.read('devise_masquerade_user')).to be }
|
|
43
39
|
it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
|
|
44
40
|
end
|
|
45
41
|
end
|
data/spec/models/user_spec.rb
CHANGED
|
@@ -3,37 +3,10 @@ require 'spec_helper'
|
|
|
3
3
|
describe User do
|
|
4
4
|
let!(:user) { create(:user) }
|
|
5
5
|
|
|
6
|
-
describe '#
|
|
6
|
+
describe '#masquerade_key' do
|
|
7
7
|
it 'should cache special key on masquerade' do
|
|
8
|
-
expect(
|
|
9
|
-
user.
|
|
10
|
-
end
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
describe '#remove_masquerade_key' do
|
|
14
|
-
before { allow(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
|
|
15
|
-
|
|
16
|
-
let(:key) { 'users:secure_key:masquerade' }
|
|
17
|
-
|
|
18
|
-
it 'should be possible to remove cached masquerade key' do
|
|
19
|
-
user.masquerade!
|
|
20
|
-
expect(Rails.cache.exist?(key)).to eq(true)
|
|
21
|
-
|
|
22
|
-
User.remove_masquerade_key!('secure_key')
|
|
23
|
-
expect(Rails.cache.exist?(key)).to eq(false)
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
describe '#find_by_masquerade_key' do
|
|
28
|
-
it 'should be possible to find user by generate masquerade key' do
|
|
29
|
-
user.masquerade!
|
|
30
|
-
|
|
31
|
-
allow(Rails.cache).to receive(:read).with("users:#{user.masquerade_key}:masquerade") { user.id }
|
|
32
|
-
allow(Rails.cache).to receive(:delete).with("users:#{user.masquerade_key}:masquerade")
|
|
33
|
-
|
|
34
|
-
new_user = User.find_by_masquerade_key(user.masquerade_key).first
|
|
35
|
-
|
|
36
|
-
expect(new_user).to eq(user)
|
|
8
|
+
expect(user).to receive(:to_sgid).with(expires_in: 1.minute, for: 'masquerade') { "secure_key" }
|
|
9
|
+
user.masquerade_key
|
|
37
10
|
end
|
|
38
11
|
end
|
|
39
12
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_masquerade
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandr Korsak
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-02-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -52,6 +52,20 @@ dependencies:
|
|
|
52
52
|
- - ">="
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: 4.7.0
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: globalid
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - ">="
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: 0.3.6
|
|
62
|
+
type: :runtime
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - ">="
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: 0.3.6
|
|
55
69
|
description: devise masquerade library
|
|
56
70
|
email:
|
|
57
71
|
- alex.korsak@gmail.com
|
|
@@ -59,6 +73,9 @@ executables: []
|
|
|
59
73
|
extensions: []
|
|
60
74
|
extra_rdoc_files: []
|
|
61
75
|
files:
|
|
76
|
+
- ".github/FUNDING.yml"
|
|
77
|
+
- ".github/workflows/brakeman-analysis.yml"
|
|
78
|
+
- ".github/workflows/rubocop-analysis.yml"
|
|
62
79
|
- ".gitignore"
|
|
63
80
|
- ".rspec"
|
|
64
81
|
- ".ruby-version"
|
|
@@ -144,7 +161,7 @@ homepage: http://github.com/oivoodoo/devise_masquerade
|
|
|
144
161
|
licenses:
|
|
145
162
|
- MIT
|
|
146
163
|
metadata: {}
|
|
147
|
-
post_install_message:
|
|
164
|
+
post_install_message:
|
|
148
165
|
rdoc_options: []
|
|
149
166
|
require_paths:
|
|
150
167
|
- lib
|
|
@@ -159,8 +176,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
159
176
|
- !ruby/object:Gem::Version
|
|
160
177
|
version: '0'
|
|
161
178
|
requirements: []
|
|
162
|
-
rubygems_version: 3.
|
|
163
|
-
signing_key:
|
|
179
|
+
rubygems_version: 3.1.4
|
|
180
|
+
signing_key:
|
|
164
181
|
specification_version: 4
|
|
165
182
|
summary: use for login as functionallity on your admin users pages
|
|
166
183
|
test_files:
|