devise_masquerade 1.2.0 → 1.3.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a3d9619a76cbee988888a5168f0cf57b74a59fd7b5c3cfbbac3113458c5cb60c
-  data.tar.gz: 9d04f07b596f095533e4e766f0ed1e0672f0078ae5fcecf696571326ed3d3b8d
+  metadata.gz: fafd0f91896f4da500abe2c0e913f8638b76572df1ae9e0c944939369ec1e65d
+  data.tar.gz: c2efb46ef9984c8ad297ba674ab143e7993e5a6410abf9d059bbc94dddb809cb
 SHA512:
-  metadata.gz: 82d09ecc8063ce935f4125d7c8ecd73772a5d7ad5e5a9e6a909cb18e899793229a473ffdceb6a1c5a1eb36ddd244c2646f248e205f62b4d0c70ad47ef1cadbe9
-  data.tar.gz: 8c9456b986f8761a5258d1099777d0e8a0d71974de41e1e220c50e6cd7cfec362956d5f41b7ab1466cddbc7d49c350c04febe852f9920bca99a27c1e043ce024
+  metadata.gz: 5215584ed67b643b1f61678f0aa7c5108a8146912a0f71e0ad8aaedeb7f87bbf4fb04e8601c6483b77540ab3742ff70c2e5b5fa231cfb2595855e3774809c506
+  data.tar.gz: 4360334b8ad7599544121156479fc8c69eff1e76bf7e8628b3e46ae519b7a7d331a0ca547db1cd2105f4a4de213766569eaba8934c8d1aeec5d18482d304dd72

data/.github/FUNDING.yml

@@ -0,0 +1 @@
+patreon: oivoodoo

data/.github/workflows/brakeman-analysis.yml

@@ -0,0 +1,44 @@
+# This workflow integrates Brakeman with GitHub's Code Scanning feature
+# Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
+
+name: Brakeman Scan
+
+# This section configures the trigger for the workflow. Feel free to customize depending on your convention
+on:
+  push:
+    branches: [ "master", "main" ]
+  pull_request:
+    branches: [ "master", "main" ]
+
+jobs:
+  brakeman-scan:
+    name: Brakeman Scan
+    runs-on: ubuntu-latest
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    # Customize the ruby version depending on your needs
+    - name: Setup Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: '2.7'
+
+    - name: Setup Brakeman
+      env:
+        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+      run: |
+        gem install brakeman --version $BRAKEMAN_VERSION
+
+    # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
+    - name: Scan
+      continue-on-error: true
+      run: |
+        brakeman -f sarif -o output.sarif.json .
+
+    # Upload the SARIF file generated in the previous step
+    - name: Upload SARIF
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: output.sarif.json

data/.github/workflows/rubocop-analysis.yml

@@ -0,0 +1,39 @@
+name: "Rubocop"
+
+on: push
+
+jobs:
+  rubocop:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # If running on a self-hosted runner, check it meets the requirements
+    # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+
+    # This step is not necessary if you add the gem to your Gemfile
+    - name: Install Code Scanning integration
+      run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
+
+    - name: Install dependencies
+      run: bundle install
+
+    - name: Rubocop run
+      run: |
+        bash -c "
+          bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
+          [[ $? -ne 2 ]]
+        "
+
+    - name: Upload Sarif output
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: rubocop.sarif

data/.ruby-version

@@ -1 +1 @@
-2.6.0
+2.7.2

data/.travis.yml

@@ -2,6 +2,7 @@ language: ruby
 rvm:
   - 2.5.1
   - 2.6.0
+  - 2.7.2
 gemfile:
   - Gemfile
 script: time ./script/travis.sh

data/Gemfile

@@ -36,4 +36,6 @@ group :test do
   gem 'selenium-webdriver'
   gem 'chromedriver-helper'
   gem 'launchy'
+
+  gem "nokogiri", ">= 1.10.8"
 end

data/Gemfile.lock

@@ -52,8 +52,9 @@ GIT
 PATH
   remote: .
   specs:
-    devise_masquerade (1.2.0)
+    devise_masquerade (1.3.4)
       devise (>= 4.7.0)
+      globalid (>= 0.3.6)
       railties (>= 5.2.0)
 
 GEM
@@ -97,7 +98,7 @@ GEM
     archive-zip (0.12.0)
       io-like (~> 0.3.0)
     backports (3.15.0)
-    bcrypt (3.1.13)
+    bcrypt (3.1.16)
     bson (1.12.5)
     bson_ext (1.12.5)
       bson (~> 1.12.5)
@@ -141,7 +142,7 @@ GEM
     cucumber-tag_expressions (1.1.1)
     cucumber-wire (0.0.1)
     database_cleaner (1.0.1)
-    devise (4.7.1)
+    devise (4.7.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -189,7 +190,7 @@ GEM
     listen (3.2.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.3.0)
+    loofah (2.3.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lumberjack (1.0.13)
@@ -200,13 +201,14 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2019.1009)
     mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
+    mini_portile2 (2.5.0)
     minitest (5.12.2)
     multi_json (1.14.1)
     multi_test (0.1.2)
     nenv (0.3.0)
-    nokogiri (1.10.4)
-      mini_portile2 (~> 2.4.0)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
     notiffany (0.1.3)
       nenv (~> 0.1)
       shellany (~> 0.0)
@@ -219,7 +221,8 @@ GEM
       byebug (~> 11.0)
       pry (~> 0.10)
     public_suffix (4.0.1)
-    rack (2.0.7)
+    racc (1.5.2)
+    rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails-dom-testing (2.0.3)
@@ -238,7 +241,7 @@ GEM
     rb-inotify (0.10.0)
       ffi (~> 1.0)
     regexp_parser (1.6.0)
-    responders (3.0.0)
+    responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
     rubyzip (2.0.0)
@@ -259,8 +262,8 @@ GEM
     thread_safe (0.3.6)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    warden (1.2.8)
-      rack (>= 2.0.6)
+    warden (1.2.9)
+      rack (>= 2.0.9)
     xpath (3.2.0)
       nokogiri (~> 1.8)
     zeitwerk (2.2.0)
@@ -285,6 +288,7 @@ DEPENDENCIES
   guard-cucumber
   guard-rspec (~> 4.7)
   launchy
+  nokogiri (>= 1.10.8)
   pry
   pry-byebug
   rb-fsevent
@@ -300,4 +304,4 @@ DEPENDENCIES
   test-unit
 
 BUNDLED WITH
-   2.0.2
+   2.1.4

data/README.md

@@ -179,6 +179,14 @@ in `routes.rb`:
 And check http://localhost:3000/, use for login user1@example.com and
 'password'
 
+## Troubleshooting
+
+Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Chances are that you need to enable caching:
+
+    rails dev:cache
+
+This is a one-time operation, so you can set it and forget it. Should you ever need to disable caching in development, you can re-run the command as required.
+
 ## Test project
 
     make test

data/app/controllers/devise/masquerades_controller.rb

@@ -6,14 +6,16 @@ class Devise::MasqueradesController < DeviseController
   end
   skip_before_action :masquerade!, raise: false
 
-  prepend_before_action :authenticate_scope!, :masquerade_authorize!
+  prepend_before_action :authenticate_scope!, only: :show
+  prepend_before_action :masquerade_authorize!
 
-  before_action :save_masquerade_owner_session, only: :show
+  def show
+    masqueradable_resource = find_masqueradable_resource
 
-  after_action :cleanup_masquerade_owner_session, only: :back
+    save_masquerade_owner_session(masqueradable_resource)
 
-  def show
-    self.resource = find_resource
+    self.resource = masqueradable_resource
+    sign_out(send("current_#{masquerading_resource_name}"))
 
     unless resource
       flash[:error] = "#{masqueraded_resource_class} not found."
@@ -28,22 +30,21 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def back
-    user_id = session[session_key]
+    masqueradable_resource = send("current_#{masqueraded_resource_name}")
 
-    resource = if user_id.present?
-      masquerading_resource_class.to_adapter.find_first(:id => user_id)
-    else
-      send(:"current_#{masquerading_resource_name}")
+    unless send("#{masqueraded_resource_name}_signed_in?")
+      head(401) and return
     end
 
-    if masquerading_resource_class != masqueraded_resource_class
-      sign_out(send("current_#{masqueraded_resource_name}"))
-    end
+    self.resource = find_owner_resource(masqueradable_resource)
+    sign_out(send("current_#{masqueraded_resource_name}"))
 
     masquerade_sign_in(resource)
     request.env['devise.skip_trackable'] = nil
 
     go_back(resource, path: after_back_masquerade_path_for(resource))
+
+    cleanup_masquerade_owner_session(masqueradable_resource)
   end
 
   protected
@@ -56,11 +57,14 @@ class Devise::MasqueradesController < DeviseController
     true
   end
 
-  def find_resource
-    masqueraded_resource_class.
-      find_by_masquerade_key(params[Devise.masquerade_param]).
-      where(id: params[:id]).
-      first
+  def find_masqueradable_resource
+    GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
+  end
+
+  def find_owner_resource(masqueradable_resource)
+    skey = session_key(masqueradable_resource)
+
+    GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
   end
 
   def go_back(user, path:)
@@ -125,22 +129,28 @@ class Devise::MasqueradesController < DeviseController
     '/'
   end
 
-  def save_masquerade_owner_session
-    unless session.key?(session_key)
-      session[session_key] = send("current_#{masquerading_resource_name}").id
-      session[session_key_masquerading_resource_class] = masquerading_resource_class.name
-      session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
-    end
+  def save_masquerade_owner_session(masqueradable_resource)
+    skey = session_key(masqueradable_resource)
+
+    resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
+      expires_in: Devise.masquerade_expires_in, for: 'masquerade')
+
+    # skip sharing owner id via session
+    Rails.cache.write(skey, resource_gid, expires_in: Devise.masquerade_expires_in)
+    session[session_key_masquerading_resource_class] = masquerading_resource_class.name
+    session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
   end
 
-  def cleanup_masquerade_owner_session
-    session.delete(session_key)
+  def cleanup_masquerade_owner_session(masqueradable_resource)
+    skey = session_key(masqueradable_resource)
+
+    Rails.cache.delete(skey)
     session.delete(session_key_masqueraded_resource_class)
     session.delete(session_key_masquerading_resource_class)
   end
 
-  def session_key
-    "devise_masquerade_#{masqueraded_resource_name}".to_sym
+  def session_key(masqueradable_resource)
+    "devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
   end
 
   def session_key_masqueraded_resource_class
@@ -148,6 +158,6 @@ class Devise::MasqueradesController < DeviseController
   end
 
   def session_key_masquerading_resource_class
-    "devise_masquerade_masquerading_resource_class"
+      "devise_masquerade_masquerading_resource_class"
   end
 end

data/devise_masquerade.gemspec

@@ -24,4 +24,5 @@ Gem::Specification.new do |gem|
 
   gem.add_runtime_dependency('railties', '>= 5.2.0')
   gem.add_runtime_dependency('devise', '>= 4.7.0')
+  gem.add_runtime_dependency('globalid', '>= 0.3.6')
 end

data/features/step_definitions/url_helpers_steps.rb

@@ -0,0 +1,11 @@
+Then("I should see maquerade url") do
+  page.html.should include('href="/users/masquerade?masquerade=')
+end
+
+When("I am on the users page with extra params") do
+  visit '/extra_params'
+end
+
+Then("I should see maquerade url with extra params") do
+  page.html.should include('href="/users/masquerade?key1=value1&masquerade=')
+end

data/features/url_helpers.feature

@@ -0,0 +1,14 @@
+Feature: Use masquerade path to generate routes on page
+  In order to have the way to render masquerade path
+  As an user
+  I want to be able to see the url and use it
+
+  Scenario: Use masquerade path helper
+    Given I logged in
+    And I have a user for masquerade
+
+    When I am on the users page
+      Then I should see maquerade url
+
+    When I am on the users page with extra params
+      Then I should see maquerade url with extra params

data/lib/devise_masquerade/controllers/helpers.rb

@@ -20,7 +20,7 @@ module DeviseMasquerade
             end
             return unless klass
 
-            resource = klass.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
+            resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
 
             if resource
               masquerade_sign_in(resource)
@@ -30,7 +30,7 @@ module DeviseMasquerade
           def masquerade_#{name}!
             return if params["#{Devise.masquerade_param}"].blank?
 
-            resource = ::#{class_name}.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
+            resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
 
             if resource
               masquerade_sign_in(resource)
@@ -38,12 +38,17 @@ module DeviseMasquerade
           end
 
           def #{name}_masquerade?
-            session[:"devise_masquerade_#{name}"].present?
+            return false if current_#{name}.blank?
+
+            key = "devise_masquerade_#{name}_" + current_#{name}.to_param
+            ::Rails.cache.exist?(key.to_sym).present?
           end
 
           def #{name}_masquerade_owner
-            return nil unless send(:#{name}_masquerade?)
-            ::#{class_name}.to_adapter.find_first(id: session[:"devise_masquerade_#{name}"])
+            return unless send(:#{name}_masquerade?)
+
+            key = "devise_masquerade_#{name}_" + current_#{name}.to_param
+            GlobalID::Locator.locate_signed(::Rails.cache.read(key.to_sym, for: 'masquerade'))
           end
 
           private

data/lib/devise_masquerade/controllers/url_helpers.rb

@@ -7,13 +7,12 @@ module DeviseMasquerade
       def masquerade_path(resource, *args)
         scope = Devise::Mapping.find_scope!(resource)
 
-        opts = args.first || {}
+        opts = args.shift || {}
         opts.merge!(masqueraded_resource_class: resource.class.name)
 
-        resource.masquerade!
         opts.merge!(Devise.masquerade_param => resource.masquerade_key)
 
-        send("#{scope}_masquerade_path", resource, opts, *args)
+        send("#{scope}_masquerade_index_path", opts, *args)
       end
 
       def back_masquerade_path(resource, *args)

data/lib/devise_masquerade/models/masqueradable.rb

@@ -4,44 +4,10 @@ module DeviseMasquerade
       extend ActiveSupport::Concern
 
       included do
-        attr_reader :masquerade_key
-
-        def masquerade!
-          @masquerade_key = SecureRandom.urlsafe_base64(
-            Devise.masquerade_key_size)
-          cache_key = self.class.cache_masquerade_key_by(@masquerade_key)
-          ::Rails.cache.write(
-            cache_key, id, expires_in: Devise.masquerade_expires_in)
+        def masquerade_key
+          to_sgid(expires_in: Devise.masquerade_expires_in, for: 'masquerade')
         end
       end
-
-      module ClassMethods
-        def cache_masquerade_key_by(key)
-          "#{self.name.pluralize.underscore}:#{key}:masquerade"
-        end
-
-        def remove_masquerade_key!(key)
-          ::Rails.cache.delete(cache_masquerade_key_by(key))
-        end
-
-        def find_by_masquerade_key(key)
-          id = ::Rails.cache.read(cache_masquerade_key_by(key))
-
-          # clean up the cached masquerade key value
-          remove_masquerade_key!(key)
-
-          where(id: id)
-        end
-
-        def find_by_masquerade_key(key)
-          id = ::Rails.cache.read(cache_masquerade_key_by(key))
-
-          # clean up the cached masquerade key value
-          remove_masquerade_key!(key)
-
-          where(id: id)
-        end
-      end # ClassMethods
     end
   end
 end

data/lib/devise_masquerade/routes.rb

@@ -3,11 +3,12 @@ module DeviseMasquerade
 
     def devise_masquerade(mapping, controllers)
       resources :masquerade,
-        only: :show,
         path: mapping.path_names[:masquerade],
-        controller: controllers[:masquerades] do
+        controller: controllers[:masquerades],
+        only: [] do
 
         collection do
+          get :show
           get :back
         end
       end

data/lib/devise_masquerade/version.rb

@@ -1,3 +1,3 @@
 module DeviseMasquerade
-  VERSION = '1.2.0'.freeze
+  VERSION = '1.3.4'.freeze
 end

data/spec/controllers/admin/dashboard_controller_spec.rb

@@ -8,8 +8,6 @@ describe Admin::DashboardController, type: :controller do
       let!(:mask) { create(:admin_user) }
 
       before do
-        mask.masquerade!
-
         get :index, params: { masquerade: mask.masquerade_key, masqueraded_resource_class: 'Admin::User' }
       end
 

data/spec/controllers/dashboard_controller_spec.rb

@@ -8,8 +8,6 @@ describe DashboardController, type: :controller do
       let!(:mask) { create(:user) }
 
       before do
-        mask.masquerade!
-
         get :index, params: { masquerade: mask.masquerade_key }
       end
 

data/spec/controllers/devise/masquerades_controller_spec.rb

@@ -10,13 +10,11 @@ describe Devise::MasqueradesController, type: :controller do
       context 'with masqueradable_class param' do
         let(:mask) { create(:student) }
 
-        before { mask.masquerade! }
-
         before do
           get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
         end
 
-        it { expect(session.keys).to include('devise_masquerade_student') }
+        it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
 
         it 'should have warden keys defined' do
           expect(session["warden.user.student.key"].first.first).to eq(mask.id)
@@ -28,13 +26,11 @@ describe Devise::MasqueradesController, type: :controller do
       describe '#masquerade user' do
         let(:mask) { create(:user) }
 
-        before { mask.masquerade! }
-
         before do
           get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
         end
 
-        it { expect(session.keys).to include('devise_masquerade_user') }
+        it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
         it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
         it { should redirect_to('/') }
 
@@ -43,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
 
           it { should redirect_to(masquerade_page) }
           it { expect(current_user.reload).to eq(@user) }
-          it { expect(session.keys).not_to include('devise_masquerade_user') }
+          it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
         end
       end
 
@@ -55,8 +51,6 @@ describe Devise::MasqueradesController, type: :controller do
 
         after { Devise.masquerade_routes_back = false }
 
-        before { mask.masquerade! }
-
         context 'show' do
           context 'with http referrer' do
             before do
@@ -80,13 +74,19 @@ describe Devise::MasqueradesController, type: :controller do
         end # context
 
         context 'and back' do
-          before { get :back }
+          before do
+            get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
+
+            get :back
+          end
 
           it { should redirect_to(masquerade_page) }
         end # context
 
         context 'and back fallback if http_referer not present' do
           before do
+            get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
+
             @request.env['HTTP_REFERER'] = 'previous_location'
             get :back
           end

data/spec/controllers/masquerades_tests_controller_spec.rb

@@ -13,12 +13,10 @@ describe MasqueradesTestsController, type: :controller do
 
     let(:mask) { create(:user) }
 
-    before { mask.masquerade! }
-
     before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
 
     it { expect(response.status).to eq(403) }
-    it { expect(session.keys).not_to include('devise_masquerade_user') }
+    it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
     it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
   end
 
@@ -32,14 +30,12 @@ describe MasqueradesTestsController, type: :controller do
 
     let(:mask) { create(:user) }
 
-    before { mask.masquerade! }
-
     before do
       get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
     end
 
     it { expect(response.status).to eq(302) }
-    it { expect(session.keys).to include('devise_masquerade_user') }
+    it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
     it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
   end
 end

data/spec/dummy/app/controllers/dashboard_controller.rb

@@ -4,5 +4,9 @@ class DashboardController < ApplicationController
   def index
     @users = User.where("users.id != ?", current_user.id).all
   end
+
+  def extra_params
+    @users = User.where("users.id != ?", current_user.id).all
+  end
 end
 

data/spec/dummy/app/views/dashboard/extra_params.html.erb

@@ -0,0 +1,7 @@
+<% @users.each do |user| %>
+  <p>
+    <%= user.email %>
+
+    <%= link_to "Login as", masquerade_path(user, key1: 'value1'), class: 'login_as' %>
+  </p>
+<% end %>

data/spec/dummy/app/views/layouts/application.html.erb

@@ -17,7 +17,7 @@
       <% end %>
 
       <% if user_masquerade? %>
-        <%= link_to "Back masquerade", back_masquerade_path(current_user) %>
+        <%= link_to "Back masquerade", back_masquerade_path(User.new) %>
       <% end %>
     <% end %>
 

data/spec/dummy/config/routes.rb

@@ -1,10 +1,12 @@
 Dummy::Application.routes.draw do
-  devise_for :users, controllers: { masquerades: "users/masquerades" }
+  devise_for :users, controllers: { masquerades: 'users/masquerades' }
   devise_for :admin_users, class_name: Admin::User.name
   devise_for :students, class_name: Student.name
 
   root to: 'dashboard#index'
 
+  get '/extra_params', to: 'dashboard#extra_params'
+
   resources :masquerades_tests
   resources :students, only: :index
 

data/spec/models/user_spec.rb

@@ -3,37 +3,10 @@ require 'spec_helper'
 describe User do
   let!(:user) { create(:user) }
 
-  describe '#masquerade!' do
+  describe '#masquerade_key' do
     it 'should cache special key on masquerade' do
-      expect(SecureRandom).to receive(:urlsafe_base64).with(16) { "secure_key" }
-      user.masquerade!
-    end
-  end
-
-  describe '#remove_masquerade_key' do
-    before { allow(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
-
-    let(:key) { 'users:secure_key:masquerade' }
-
-    it 'should be possible to remove cached masquerade key' do
-      user.masquerade!
-      expect(Rails.cache.exist?(key)).to eq(true)
-
-      User.remove_masquerade_key!('secure_key')
-      expect(Rails.cache.exist?(key)).to eq(false)
-    end
-  end
-
-  describe '#find_by_masquerade_key' do
-    it 'should be possible to find user by generate masquerade key' do
-      user.masquerade!
-
-      allow(Rails.cache).to receive(:read).with("users:#{user.masquerade_key}:masquerade") { user.id }
-      allow(Rails.cache).to receive(:delete).with("users:#{user.masquerade_key}:masquerade")
-
-      new_user = User.find_by_masquerade_key(user.masquerade_key).first
-
-      expect(new_user).to eq(user)
+      expect(user).to receive(:to_sgid).with(expires_in: 1.minute, for: 'masquerade') { "secure_key" }
+      user.masquerade_key
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_masquerade
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.4
 platform: ruby
 authors:
 - Alexandr Korsak
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-10-23 00:00:00.000000000 Z
+date: 2021-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 4.7.0
+- !ruby/object:Gem::Dependency
+  name: globalid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.6
 description: devise masquerade library
 email:
 - alex.korsak@gmail.com
@@ -59,6 +73,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
+- ".github/workflows/brakeman-analysis.yml"
+- ".github/workflows/rubocop-analysis.yml"
 - ".gitignore"
 - ".rspec"
 - ".ruby-version"
@@ -78,7 +95,9 @@ files:
 - features/multiple_masquerading_models.feature
 - features/step_definitions/auth_steps.rb
 - features/step_definitions/back_steps.rb
+- features/step_definitions/url_helpers_steps.rb
 - features/support/env.rb
+- features/url_helpers.feature
 - lib/devise_masquerade.rb
 - lib/devise_masquerade/controllers/helpers.rb
 - lib/devise_masquerade/controllers/url_helpers.rb
@@ -105,6 +124,7 @@ files:
 - spec/dummy/app/models/student.rb
 - spec/dummy/app/models/user.rb
 - spec/dummy/app/views/admin/dashboard/index.html.erb
+- spec/dummy/app/views/dashboard/extra_params.html.erb
 - spec/dummy/app/views/dashboard/index.html.erb
 - spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/views/students/_student.html.erb
@@ -144,7 +164,7 @@ homepage: http://github.com/oivoodoo/devise_masquerade
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -159,8 +179,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: use for login as functionallity on your admin users pages
 test_files:
@@ -168,7 +188,9 @@ test_files:
 - features/multiple_masquerading_models.feature
 - features/step_definitions/auth_steps.rb
 - features/step_definitions/back_steps.rb
+- features/step_definitions/url_helpers_steps.rb
 - features/support/env.rb
+- features/url_helpers.feature
 - spec/controllers/admin/dashboard_controller_spec.rb
 - spec/controllers/dashboard_controller_spec.rb
 - spec/controllers/devise/masquerades_controller_spec.rb
@@ -186,6 +208,7 @@ test_files:
 - spec/dummy/app/models/student.rb
 - spec/dummy/app/models/user.rb
 - spec/dummy/app/views/admin/dashboard/index.html.erb
+- spec/dummy/app/views/dashboard/extra_params.html.erb
 - spec/dummy/app/views/dashboard/index.html.erb
 - spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/views/students/_student.html.erb