devise_masquerade 1.2.0 → 1.3.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a3d9619a76cbee988888a5168f0cf57b74a59fd7b5c3cfbbac3113458c5cb60c
4
- data.tar.gz: 9d04f07b596f095533e4e766f0ed1e0672f0078ae5fcecf696571326ed3d3b8d
3
+ metadata.gz: fafd0f91896f4da500abe2c0e913f8638b76572df1ae9e0c944939369ec1e65d
4
+ data.tar.gz: c2efb46ef9984c8ad297ba674ab143e7993e5a6410abf9d059bbc94dddb809cb
5
5
  SHA512:
6
- metadata.gz: 82d09ecc8063ce935f4125d7c8ecd73772a5d7ad5e5a9e6a909cb18e899793229a473ffdceb6a1c5a1eb36ddd244c2646f248e205f62b4d0c70ad47ef1cadbe9
7
- data.tar.gz: 8c9456b986f8761a5258d1099777d0e8a0d71974de41e1e220c50e6cd7cfec362956d5f41b7ab1466cddbc7d49c350c04febe852f9920bca99a27c1e043ce024
6
+ metadata.gz: 5215584ed67b643b1f61678f0aa7c5108a8146912a0f71e0ad8aaedeb7f87bbf4fb04e8601c6483b77540ab3742ff70c2e5b5fa231cfb2595855e3774809c506
7
+ data.tar.gz: 4360334b8ad7599544121156479fc8c69eff1e76bf7e8628b3e46ae519b7a7d331a0ca547db1cd2105f4a4de213766569eaba8934c8d1aeec5d18482d304dd72
@@ -0,0 +1 @@
1
+ patreon: oivoodoo
@@ -0,0 +1,44 @@
1
+ # This workflow integrates Brakeman with GitHub's Code Scanning feature
2
+ # Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications
3
+
4
+ name: Brakeman Scan
5
+
6
+ # This section configures the trigger for the workflow. Feel free to customize depending on your convention
7
+ on:
8
+ push:
9
+ branches: [ "master", "main" ]
10
+ pull_request:
11
+ branches: [ "master", "main" ]
12
+
13
+ jobs:
14
+ brakeman-scan:
15
+ name: Brakeman Scan
16
+ runs-on: ubuntu-latest
17
+ steps:
18
+ # Checkout the repository to the GitHub Actions runner
19
+ - name: Checkout
20
+ uses: actions/checkout@v2
21
+
22
+ # Customize the ruby version depending on your needs
23
+ - name: Setup Ruby
24
+ uses: actions/setup-ruby@v1
25
+ with:
26
+ ruby-version: '2.7'
27
+
28
+ - name: Setup Brakeman
29
+ env:
30
+ BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
31
+ run: |
32
+ gem install brakeman --version $BRAKEMAN_VERSION
33
+
34
+ # Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
35
+ - name: Scan
36
+ continue-on-error: true
37
+ run: |
38
+ brakeman -f sarif -o output.sarif.json .
39
+
40
+ # Upload the SARIF file generated in the previous step
41
+ - name: Upload SARIF
42
+ uses: github/codeql-action/upload-sarif@v1
43
+ with:
44
+ sarif_file: output.sarif.json
@@ -0,0 +1,39 @@
1
+ name: "Rubocop"
2
+
3
+ on: push
4
+
5
+ jobs:
6
+ rubocop:
7
+ runs-on: ubuntu-latest
8
+ strategy:
9
+ fail-fast: false
10
+
11
+ steps:
12
+ - name: Checkout repository
13
+ uses: actions/checkout@v2
14
+
15
+ # If running on a self-hosted runner, check it meets the requirements
16
+ # listed at https://github.com/ruby/setup-ruby#using-self-hosted-runners
17
+ - name: Set up Ruby
18
+ uses: ruby/setup-ruby@v1
19
+ with:
20
+ ruby-version: 2.6
21
+
22
+ # This step is not necessary if you add the gem to your Gemfile
23
+ - name: Install Code Scanning integration
24
+ run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
25
+
26
+ - name: Install dependencies
27
+ run: bundle install
28
+
29
+ - name: Rubocop run
30
+ run: |
31
+ bash -c "
32
+ bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
33
+ [[ $? -ne 2 ]]
34
+ "
35
+
36
+ - name: Upload Sarif output
37
+ uses: github/codeql-action/upload-sarif@v1
38
+ with:
39
+ sarif_file: rubocop.sarif
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.6.0
1
+ 2.7.2
data/.travis.yml CHANGED
@@ -2,6 +2,7 @@ language: ruby
2
2
  rvm:
3
3
  - 2.5.1
4
4
  - 2.6.0
5
+ - 2.7.2
5
6
  gemfile:
6
7
  - Gemfile
7
8
  script: time ./script/travis.sh
data/Gemfile CHANGED
@@ -36,4 +36,6 @@ group :test do
36
36
  gem 'selenium-webdriver'
37
37
  gem 'chromedriver-helper'
38
38
  gem 'launchy'
39
+
40
+ gem "nokogiri", ">= 1.10.8"
39
41
  end
data/Gemfile.lock CHANGED
@@ -52,8 +52,9 @@ GIT
52
52
  PATH
53
53
  remote: .
54
54
  specs:
55
- devise_masquerade (1.2.0)
55
+ devise_masquerade (1.3.4)
56
56
  devise (>= 4.7.0)
57
+ globalid (>= 0.3.6)
57
58
  railties (>= 5.2.0)
58
59
 
59
60
  GEM
@@ -97,7 +98,7 @@ GEM
97
98
  archive-zip (0.12.0)
98
99
  io-like (~> 0.3.0)
99
100
  backports (3.15.0)
100
- bcrypt (3.1.13)
101
+ bcrypt (3.1.16)
101
102
  bson (1.12.5)
102
103
  bson_ext (1.12.5)
103
104
  bson (~> 1.12.5)
@@ -141,7 +142,7 @@ GEM
141
142
  cucumber-tag_expressions (1.1.1)
142
143
  cucumber-wire (0.0.1)
143
144
  database_cleaner (1.0.1)
144
- devise (4.7.1)
145
+ devise (4.7.3)
145
146
  bcrypt (~> 3.0)
146
147
  orm_adapter (~> 0.1)
147
148
  railties (>= 4.1.0)
@@ -189,7 +190,7 @@ GEM
189
190
  listen (3.2.0)
190
191
  rb-fsevent (~> 0.10, >= 0.10.3)
191
192
  rb-inotify (~> 0.9, >= 0.9.10)
192
- loofah (2.3.0)
193
+ loofah (2.3.1)
193
194
  crass (~> 1.0.2)
194
195
  nokogiri (>= 1.5.9)
195
196
  lumberjack (1.0.13)
@@ -200,13 +201,14 @@ GEM
200
201
  mime-types-data (~> 3.2015)
201
202
  mime-types-data (3.2019.1009)
202
203
  mini_mime (1.0.2)
203
- mini_portile2 (2.4.0)
204
+ mini_portile2 (2.5.0)
204
205
  minitest (5.12.2)
205
206
  multi_json (1.14.1)
206
207
  multi_test (0.1.2)
207
208
  nenv (0.3.0)
208
- nokogiri (1.10.4)
209
- mini_portile2 (~> 2.4.0)
209
+ nokogiri (1.11.1)
210
+ mini_portile2 (~> 2.5.0)
211
+ racc (~> 1.4)
210
212
  notiffany (0.1.3)
211
213
  nenv (~> 0.1)
212
214
  shellany (~> 0.0)
@@ -219,7 +221,8 @@ GEM
219
221
  byebug (~> 11.0)
220
222
  pry (~> 0.10)
221
223
  public_suffix (4.0.1)
222
- rack (2.0.7)
224
+ racc (1.5.2)
225
+ rack (2.2.3)
223
226
  rack-test (1.1.0)
224
227
  rack (>= 1.0, < 3)
225
228
  rails-dom-testing (2.0.3)
@@ -238,7 +241,7 @@ GEM
238
241
  rb-inotify (0.10.0)
239
242
  ffi (~> 1.0)
240
243
  regexp_parser (1.6.0)
241
- responders (3.0.0)
244
+ responders (3.0.1)
242
245
  actionpack (>= 5.0)
243
246
  railties (>= 5.0)
244
247
  rubyzip (2.0.0)
@@ -259,8 +262,8 @@ GEM
259
262
  thread_safe (0.3.6)
260
263
  tzinfo (1.2.5)
261
264
  thread_safe (~> 0.1)
262
- warden (1.2.8)
263
- rack (>= 2.0.6)
265
+ warden (1.2.9)
266
+ rack (>= 2.0.9)
264
267
  xpath (3.2.0)
265
268
  nokogiri (~> 1.8)
266
269
  zeitwerk (2.2.0)
@@ -285,6 +288,7 @@ DEPENDENCIES
285
288
  guard-cucumber
286
289
  guard-rspec (~> 4.7)
287
290
  launchy
291
+ nokogiri (>= 1.10.8)
288
292
  pry
289
293
  pry-byebug
290
294
  rb-fsevent
@@ -300,4 +304,4 @@ DEPENDENCIES
300
304
  test-unit
301
305
 
302
306
  BUNDLED WITH
303
- 2.0.2
307
+ 2.1.4
data/README.md CHANGED
@@ -179,6 +179,14 @@ in `routes.rb`:
179
179
  And check http://localhost:3000/, use for login user1@example.com and
180
180
  'password'
181
181
 
182
+ ## Troubleshooting
183
+
184
+ Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Chances are that you need to enable caching:
185
+
186
+ rails dev:cache
187
+
188
+ This is a one-time operation, so you can set it and forget it. Should you ever need to disable caching in development, you can re-run the command as required.
189
+
182
190
  ## Test project
183
191
 
184
192
  make test
@@ -6,14 +6,16 @@ class Devise::MasqueradesController < DeviseController
6
6
  end
7
7
  skip_before_action :masquerade!, raise: false
8
8
 
9
- prepend_before_action :authenticate_scope!, :masquerade_authorize!
9
+ prepend_before_action :authenticate_scope!, only: :show
10
+ prepend_before_action :masquerade_authorize!
10
11
 
11
- before_action :save_masquerade_owner_session, only: :show
12
+ def show
13
+ masqueradable_resource = find_masqueradable_resource
12
14
 
13
- after_action :cleanup_masquerade_owner_session, only: :back
15
+ save_masquerade_owner_session(masqueradable_resource)
14
16
 
15
- def show
16
- self.resource = find_resource
17
+ self.resource = masqueradable_resource
18
+ sign_out(send("current_#{masquerading_resource_name}"))
17
19
 
18
20
  unless resource
19
21
  flash[:error] = "#{masqueraded_resource_class} not found."
@@ -28,22 +30,21 @@ class Devise::MasqueradesController < DeviseController
28
30
  end
29
31
 
30
32
  def back
31
- user_id = session[session_key]
33
+ masqueradable_resource = send("current_#{masqueraded_resource_name}")
32
34
 
33
- resource = if user_id.present?
34
- masquerading_resource_class.to_adapter.find_first(:id => user_id)
35
- else
36
- send(:"current_#{masquerading_resource_name}")
35
+ unless send("#{masqueraded_resource_name}_signed_in?")
36
+ head(401) and return
37
37
  end
38
38
 
39
- if masquerading_resource_class != masqueraded_resource_class
40
- sign_out(send("current_#{masqueraded_resource_name}"))
41
- end
39
+ self.resource = find_owner_resource(masqueradable_resource)
40
+ sign_out(send("current_#{masqueraded_resource_name}"))
42
41
 
43
42
  masquerade_sign_in(resource)
44
43
  request.env['devise.skip_trackable'] = nil
45
44
 
46
45
  go_back(resource, path: after_back_masquerade_path_for(resource))
46
+
47
+ cleanup_masquerade_owner_session(masqueradable_resource)
47
48
  end
48
49
 
49
50
  protected
@@ -56,11 +57,14 @@ class Devise::MasqueradesController < DeviseController
56
57
  true
57
58
  end
58
59
 
59
- def find_resource
60
- masqueraded_resource_class.
61
- find_by_masquerade_key(params[Devise.masquerade_param]).
62
- where(id: params[:id]).
63
- first
60
+ def find_masqueradable_resource
61
+ GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
62
+ end
63
+
64
+ def find_owner_resource(masqueradable_resource)
65
+ skey = session_key(masqueradable_resource)
66
+
67
+ GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
64
68
  end
65
69
 
66
70
  def go_back(user, path:)
@@ -125,22 +129,28 @@ class Devise::MasqueradesController < DeviseController
125
129
  '/'
126
130
  end
127
131
 
128
- def save_masquerade_owner_session
129
- unless session.key?(session_key)
130
- session[session_key] = send("current_#{masquerading_resource_name}").id
131
- session[session_key_masquerading_resource_class] = masquerading_resource_class.name
132
- session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
133
- end
132
+ def save_masquerade_owner_session(masqueradable_resource)
133
+ skey = session_key(masqueradable_resource)
134
+
135
+ resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
136
+ expires_in: Devise.masquerade_expires_in, for: 'masquerade')
137
+
138
+ # skip sharing owner id via session
139
+ Rails.cache.write(skey, resource_gid, expires_in: Devise.masquerade_expires_in)
140
+ session[session_key_masquerading_resource_class] = masquerading_resource_class.name
141
+ session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
134
142
  end
135
143
 
136
- def cleanup_masquerade_owner_session
137
- session.delete(session_key)
144
+ def cleanup_masquerade_owner_session(masqueradable_resource)
145
+ skey = session_key(masqueradable_resource)
146
+
147
+ Rails.cache.delete(skey)
138
148
  session.delete(session_key_masqueraded_resource_class)
139
149
  session.delete(session_key_masquerading_resource_class)
140
150
  end
141
151
 
142
- def session_key
143
- "devise_masquerade_#{masqueraded_resource_name}".to_sym
152
+ def session_key(masqueradable_resource)
153
+ "devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
144
154
  end
145
155
 
146
156
  def session_key_masqueraded_resource_class
@@ -148,6 +158,6 @@ class Devise::MasqueradesController < DeviseController
148
158
  end
149
159
 
150
160
  def session_key_masquerading_resource_class
151
- "devise_masquerade_masquerading_resource_class"
161
+ "devise_masquerade_masquerading_resource_class"
152
162
  end
153
163
  end
@@ -24,4 +24,5 @@ Gem::Specification.new do |gem|
24
24
 
25
25
  gem.add_runtime_dependency('railties', '>= 5.2.0')
26
26
  gem.add_runtime_dependency('devise', '>= 4.7.0')
27
+ gem.add_runtime_dependency('globalid', '>= 0.3.6')
27
28
  end
@@ -0,0 +1,11 @@
1
+ Then("I should see maquerade url") do
2
+ page.html.should include('href="/users/masquerade?masquerade=')
3
+ end
4
+
5
+ When("I am on the users page with extra params") do
6
+ visit '/extra_params'
7
+ end
8
+
9
+ Then("I should see maquerade url with extra params") do
10
+ page.html.should include('href="/users/masquerade?key1=value1&amp;masquerade=')
11
+ end
@@ -0,0 +1,14 @@
1
+ Feature: Use masquerade path to generate routes on page
2
+ In order to have the way to render masquerade path
3
+ As an user
4
+ I want to be able to see the url and use it
5
+
6
+ Scenario: Use masquerade path helper
7
+ Given I logged in
8
+ And I have a user for masquerade
9
+
10
+ When I am on the users page
11
+ Then I should see maquerade url
12
+
13
+ When I am on the users page with extra params
14
+ Then I should see maquerade url with extra params
@@ -20,7 +20,7 @@ module DeviseMasquerade
20
20
  end
21
21
  return unless klass
22
22
 
23
- resource = klass.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
23
+ resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
24
24
 
25
25
  if resource
26
26
  masquerade_sign_in(resource)
@@ -30,7 +30,7 @@ module DeviseMasquerade
30
30
  def masquerade_#{name}!
31
31
  return if params["#{Devise.masquerade_param}"].blank?
32
32
 
33
- resource = ::#{class_name}.find_by_masquerade_key(params["#{Devise.masquerade_param}"]).first
33
+ resource = GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
34
34
 
35
35
  if resource
36
36
  masquerade_sign_in(resource)
@@ -38,12 +38,17 @@ module DeviseMasquerade
38
38
  end
39
39
 
40
40
  def #{name}_masquerade?
41
- session[:"devise_masquerade_#{name}"].present?
41
+ return false if current_#{name}.blank?
42
+
43
+ key = "devise_masquerade_#{name}_" + current_#{name}.to_param
44
+ ::Rails.cache.exist?(key.to_sym).present?
42
45
  end
43
46
 
44
47
  def #{name}_masquerade_owner
45
- return nil unless send(:#{name}_masquerade?)
46
- ::#{class_name}.to_adapter.find_first(id: session[:"devise_masquerade_#{name}"])
48
+ return unless send(:#{name}_masquerade?)
49
+
50
+ key = "devise_masquerade_#{name}_" + current_#{name}.to_param
51
+ GlobalID::Locator.locate_signed(::Rails.cache.read(key.to_sym, for: 'masquerade'))
47
52
  end
48
53
 
49
54
  private
@@ -7,13 +7,12 @@ module DeviseMasquerade
7
7
  def masquerade_path(resource, *args)
8
8
  scope = Devise::Mapping.find_scope!(resource)
9
9
 
10
- opts = args.first || {}
10
+ opts = args.shift || {}
11
11
  opts.merge!(masqueraded_resource_class: resource.class.name)
12
12
 
13
- resource.masquerade!
14
13
  opts.merge!(Devise.masquerade_param => resource.masquerade_key)
15
14
 
16
- send("#{scope}_masquerade_path", resource, opts, *args)
15
+ send("#{scope}_masquerade_index_path", opts, *args)
17
16
  end
18
17
 
19
18
  def back_masquerade_path(resource, *args)
@@ -4,44 +4,10 @@ module DeviseMasquerade
4
4
  extend ActiveSupport::Concern
5
5
 
6
6
  included do
7
- attr_reader :masquerade_key
8
-
9
- def masquerade!
10
- @masquerade_key = SecureRandom.urlsafe_base64(
11
- Devise.masquerade_key_size)
12
- cache_key = self.class.cache_masquerade_key_by(@masquerade_key)
13
- ::Rails.cache.write(
14
- cache_key, id, expires_in: Devise.masquerade_expires_in)
7
+ def masquerade_key
8
+ to_sgid(expires_in: Devise.masquerade_expires_in, for: 'masquerade')
15
9
  end
16
10
  end
17
-
18
- module ClassMethods
19
- def cache_masquerade_key_by(key)
20
- "#{self.name.pluralize.underscore}:#{key}:masquerade"
21
- end
22
-
23
- def remove_masquerade_key!(key)
24
- ::Rails.cache.delete(cache_masquerade_key_by(key))
25
- end
26
-
27
- def find_by_masquerade_key(key)
28
- id = ::Rails.cache.read(cache_masquerade_key_by(key))
29
-
30
- # clean up the cached masquerade key value
31
- remove_masquerade_key!(key)
32
-
33
- where(id: id)
34
- end
35
-
36
- def find_by_masquerade_key(key)
37
- id = ::Rails.cache.read(cache_masquerade_key_by(key))
38
-
39
- # clean up the cached masquerade key value
40
- remove_masquerade_key!(key)
41
-
42
- where(id: id)
43
- end
44
- end # ClassMethods
45
11
  end
46
12
  end
47
13
  end
@@ -3,11 +3,12 @@ module DeviseMasquerade
3
3
 
4
4
  def devise_masquerade(mapping, controllers)
5
5
  resources :masquerade,
6
- only: :show,
7
6
  path: mapping.path_names[:masquerade],
8
- controller: controllers[:masquerades] do
7
+ controller: controllers[:masquerades],
8
+ only: [] do
9
9
 
10
10
  collection do
11
+ get :show
11
12
  get :back
12
13
  end
13
14
  end
@@ -1,3 +1,3 @@
1
1
  module DeviseMasquerade
2
- VERSION = '1.2.0'.freeze
2
+ VERSION = '1.3.4'.freeze
3
3
  end
@@ -8,8 +8,6 @@ describe Admin::DashboardController, type: :controller do
8
8
  let!(:mask) { create(:admin_user) }
9
9
 
10
10
  before do
11
- mask.masquerade!
12
-
13
11
  get :index, params: { masquerade: mask.masquerade_key, masqueraded_resource_class: 'Admin::User' }
14
12
  end
15
13
 
@@ -8,8 +8,6 @@ describe DashboardController, type: :controller do
8
8
  let!(:mask) { create(:user) }
9
9
 
10
10
  before do
11
- mask.masquerade!
12
-
13
11
  get :index, params: { masquerade: mask.masquerade_key }
14
12
  end
15
13
 
@@ -10,13 +10,11 @@ describe Devise::MasqueradesController, type: :controller do
10
10
  context 'with masqueradable_class param' do
11
11
  let(:mask) { create(:student) }
12
12
 
13
- before { mask.masquerade! }
14
-
15
13
  before do
16
14
  get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
17
15
  end
18
16
 
19
- it { expect(session.keys).to include('devise_masquerade_student') }
17
+ it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
20
18
 
21
19
  it 'should have warden keys defined' do
22
20
  expect(session["warden.user.student.key"].first.first).to eq(mask.id)
@@ -28,13 +26,11 @@ describe Devise::MasqueradesController, type: :controller do
28
26
  describe '#masquerade user' do
29
27
  let(:mask) { create(:user) }
30
28
 
31
- before { mask.masquerade! }
32
-
33
29
  before do
34
30
  get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
35
31
  end
36
32
 
37
- it { expect(session.keys).to include('devise_masquerade_user') }
33
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
38
34
  it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
39
35
  it { should redirect_to('/') }
40
36
 
@@ -43,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
43
39
 
44
40
  it { should redirect_to(masquerade_page) }
45
41
  it { expect(current_user.reload).to eq(@user) }
46
- it { expect(session.keys).not_to include('devise_masquerade_user') }
42
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
47
43
  end
48
44
  end
49
45
 
@@ -55,8 +51,6 @@ describe Devise::MasqueradesController, type: :controller do
55
51
 
56
52
  after { Devise.masquerade_routes_back = false }
57
53
 
58
- before { mask.masquerade! }
59
-
60
54
  context 'show' do
61
55
  context 'with http referrer' do
62
56
  before do
@@ -80,13 +74,19 @@ describe Devise::MasqueradesController, type: :controller do
80
74
  end # context
81
75
 
82
76
  context 'and back' do
83
- before { get :back }
77
+ before do
78
+ get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
79
+
80
+ get :back
81
+ end
84
82
 
85
83
  it { should redirect_to(masquerade_page) }
86
84
  end # context
87
85
 
88
86
  context 'and back fallback if http_referer not present' do
89
87
  before do
88
+ get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
89
+
90
90
  @request.env['HTTP_REFERER'] = 'previous_location'
91
91
  get :back
92
92
  end
@@ -13,12 +13,10 @@ describe MasqueradesTestsController, type: :controller do
13
13
 
14
14
  let(:mask) { create(:user) }
15
15
 
16
- before { mask.masquerade! }
17
-
18
16
  before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
19
17
 
20
18
  it { expect(response.status).to eq(403) }
21
- it { expect(session.keys).not_to include('devise_masquerade_user') }
19
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
22
20
  it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
23
21
  end
24
22
 
@@ -32,14 +30,12 @@ describe MasqueradesTestsController, type: :controller do
32
30
 
33
31
  let(:mask) { create(:user) }
34
32
 
35
- before { mask.masquerade! }
36
-
37
33
  before do
38
34
  get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
39
35
  end
40
36
 
41
37
  it { expect(response.status).to eq(302) }
42
- it { expect(session.keys).to include('devise_masquerade_user') }
38
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
43
39
  it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
44
40
  end
45
41
  end
@@ -4,5 +4,9 @@ class DashboardController < ApplicationController
4
4
  def index
5
5
  @users = User.where("users.id != ?", current_user.id).all
6
6
  end
7
+
8
+ def extra_params
9
+ @users = User.where("users.id != ?", current_user.id).all
10
+ end
7
11
  end
8
12
 
@@ -0,0 +1,7 @@
1
+ <% @users.each do |user| %>
2
+ <p>
3
+ <%= user.email %>
4
+
5
+ <%= link_to "Login as", masquerade_path(user, key1: 'value1'), class: 'login_as' %>
6
+ </p>
7
+ <% end %>
@@ -17,7 +17,7 @@
17
17
  <% end %>
18
18
 
19
19
  <% if user_masquerade? %>
20
- <%= link_to "Back masquerade", back_masquerade_path(current_user) %>
20
+ <%= link_to "Back masquerade", back_masquerade_path(User.new) %>
21
21
  <% end %>
22
22
  <% end %>
23
23
 
@@ -1,10 +1,12 @@
1
1
  Dummy::Application.routes.draw do
2
- devise_for :users, controllers: { masquerades: "users/masquerades" }
2
+ devise_for :users, controllers: { masquerades: 'users/masquerades' }
3
3
  devise_for :admin_users, class_name: Admin::User.name
4
4
  devise_for :students, class_name: Student.name
5
5
 
6
6
  root to: 'dashboard#index'
7
7
 
8
+ get '/extra_params', to: 'dashboard#extra_params'
9
+
8
10
  resources :masquerades_tests
9
11
  resources :students, only: :index
10
12
 
@@ -3,37 +3,10 @@ require 'spec_helper'
3
3
  describe User do
4
4
  let!(:user) { create(:user) }
5
5
 
6
- describe '#masquerade!' do
6
+ describe '#masquerade_key' do
7
7
  it 'should cache special key on masquerade' do
8
- expect(SecureRandom).to receive(:urlsafe_base64).with(16) { "secure_key" }
9
- user.masquerade!
10
- end
11
- end
12
-
13
- describe '#remove_masquerade_key' do
14
- before { allow(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
15
-
16
- let(:key) { 'users:secure_key:masquerade' }
17
-
18
- it 'should be possible to remove cached masquerade key' do
19
- user.masquerade!
20
- expect(Rails.cache.exist?(key)).to eq(true)
21
-
22
- User.remove_masquerade_key!('secure_key')
23
- expect(Rails.cache.exist?(key)).to eq(false)
24
- end
25
- end
26
-
27
- describe '#find_by_masquerade_key' do
28
- it 'should be possible to find user by generate masquerade key' do
29
- user.masquerade!
30
-
31
- allow(Rails.cache).to receive(:read).with("users:#{user.masquerade_key}:masquerade") { user.id }
32
- allow(Rails.cache).to receive(:delete).with("users:#{user.masquerade_key}:masquerade")
33
-
34
- new_user = User.find_by_masquerade_key(user.masquerade_key).first
35
-
36
- expect(new_user).to eq(user)
8
+ expect(user).to receive(:to_sgid).with(expires_in: 1.minute, for: 'masquerade') { "secure_key" }
9
+ user.masquerade_key
37
10
  end
38
11
  end
39
12
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_masquerade
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alexandr Korsak
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-10-23 00:00:00.000000000 Z
11
+ date: 2021-02-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -52,6 +52,20 @@ dependencies:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: 4.7.0
55
+ - !ruby/object:Gem::Dependency
56
+ name: globalid
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: 0.3.6
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: 0.3.6
55
69
  description: devise masquerade library
56
70
  email:
57
71
  - alex.korsak@gmail.com
@@ -59,6 +73,9 @@ executables: []
59
73
  extensions: []
60
74
  extra_rdoc_files: []
61
75
  files:
76
+ - ".github/FUNDING.yml"
77
+ - ".github/workflows/brakeman-analysis.yml"
78
+ - ".github/workflows/rubocop-analysis.yml"
62
79
  - ".gitignore"
63
80
  - ".rspec"
64
81
  - ".ruby-version"
@@ -78,7 +95,9 @@ files:
78
95
  - features/multiple_masquerading_models.feature
79
96
  - features/step_definitions/auth_steps.rb
80
97
  - features/step_definitions/back_steps.rb
98
+ - features/step_definitions/url_helpers_steps.rb
81
99
  - features/support/env.rb
100
+ - features/url_helpers.feature
82
101
  - lib/devise_masquerade.rb
83
102
  - lib/devise_masquerade/controllers/helpers.rb
84
103
  - lib/devise_masquerade/controllers/url_helpers.rb
@@ -105,6 +124,7 @@ files:
105
124
  - spec/dummy/app/models/student.rb
106
125
  - spec/dummy/app/models/user.rb
107
126
  - spec/dummy/app/views/admin/dashboard/index.html.erb
127
+ - spec/dummy/app/views/dashboard/extra_params.html.erb
108
128
  - spec/dummy/app/views/dashboard/index.html.erb
109
129
  - spec/dummy/app/views/layouts/application.html.erb
110
130
  - spec/dummy/app/views/students/_student.html.erb
@@ -144,7 +164,7 @@ homepage: http://github.com/oivoodoo/devise_masquerade
144
164
  licenses:
145
165
  - MIT
146
166
  metadata: {}
147
- post_install_message:
167
+ post_install_message:
148
168
  rdoc_options: []
149
169
  require_paths:
150
170
  - lib
@@ -159,8 +179,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
159
179
  - !ruby/object:Gem::Version
160
180
  version: '0'
161
181
  requirements: []
162
- rubygems_version: 3.0.1
163
- signing_key:
182
+ rubygems_version: 3.1.4
183
+ signing_key:
164
184
  specification_version: 4
165
185
  summary: use for login as functionallity on your admin users pages
166
186
  test_files:
@@ -168,7 +188,9 @@ test_files:
168
188
  - features/multiple_masquerading_models.feature
169
189
  - features/step_definitions/auth_steps.rb
170
190
  - features/step_definitions/back_steps.rb
191
+ - features/step_definitions/url_helpers_steps.rb
171
192
  - features/support/env.rb
193
+ - features/url_helpers.feature
172
194
  - spec/controllers/admin/dashboard_controller_spec.rb
173
195
  - spec/controllers/dashboard_controller_spec.rb
174
196
  - spec/controllers/devise/masquerades_controller_spec.rb
@@ -186,6 +208,7 @@ test_files:
186
208
  - spec/dummy/app/models/student.rb
187
209
  - spec/dummy/app/models/user.rb
188
210
  - spec/dummy/app/views/admin/dashboard/index.html.erb
211
+ - spec/dummy/app/views/dashboard/extra_params.html.erb
189
212
  - spec/dummy/app/views/dashboard/index.html.erb
190
213
  - spec/dummy/app/views/layouts/application.html.erb
191
214
  - spec/dummy/app/views/students/_student.html.erb