devise_masquerade 1.3.0 → 1.3.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9b0f25fa4c2e5b41336a6b39bb4eab9dc8cc9a90544de0dffec1cd95d2b8b7f6
4
- data.tar.gz: 96073dd0fb8c13658d7f9b6e156aeb9a9fd90d0aa3e5360fe8416e698b00ceb6
3
+ metadata.gz: 02e2f123857132cfdeaf49b1dbb8cef1dce29175448f862dba6387e72087ebe2
4
+ data.tar.gz: 451e8c53e1e84d565fd0fcb13439c0f3b75dd27a00fb112e0c2fd8976f67b00b
5
5
  SHA512:
6
- metadata.gz: 243f3b4580c80bbf3c281df44bb7fba95d18ac67e0a547e925eb50d784bf05d7364c64ad439c45486473d38481f22b45aa44a9d152eddd67759e6792cf956bb4
7
- data.tar.gz: 3f48a1f7d0a79f2b220380e6aa357ae3a9d937d817b00040b106b7e539d2ed651c61aec2da24626d8a58c9626a30ee958cb752dc779ed3195e09cf1b91177cdd
6
+ metadata.gz: 4f3ea1133abf1ae6126ce12e64fb118fa88e2627587f1e29833fb7805bd230cac706d7e4ab1f12848409cca824e670a131f8b4c3bb1e02e00a45337ab8071de0
7
+ data.tar.gz: a281f8c5bcab7bde06ca043830ed98982e38c7e061a77be364768486caf7a5f10f85b35e5788c6334806a3b98a6010e8f4e1ee170a0baba88d05723429036287
data/.travis.yml CHANGED
@@ -2,6 +2,7 @@ language: ruby
2
2
  rvm:
3
3
  - 2.5.1
4
4
  - 2.6.0
5
+ - 2.7.2
5
6
  gemfile:
6
7
  - Gemfile
7
8
  script: time ./script/travis.sh
data/Gemfile.lock CHANGED
@@ -52,7 +52,7 @@ GIT
52
52
  PATH
53
53
  remote: .
54
54
  specs:
55
- devise_masquerade (1.3.0)
55
+ devise_masquerade (1.3.5)
56
56
  devise (>= 4.7.0)
57
57
  globalid (>= 0.3.6)
58
58
  railties (>= 5.2.0)
@@ -201,13 +201,14 @@ GEM
201
201
  mime-types-data (~> 3.2015)
202
202
  mime-types-data (3.2019.1009)
203
203
  mini_mime (1.0.2)
204
- mini_portile2 (2.4.0)
204
+ mini_portile2 (2.5.0)
205
205
  minitest (5.12.2)
206
206
  multi_json (1.14.1)
207
207
  multi_test (0.1.2)
208
208
  nenv (0.3.0)
209
- nokogiri (1.10.8)
210
- mini_portile2 (~> 2.4.0)
209
+ nokogiri (1.11.1)
210
+ mini_portile2 (~> 2.5.0)
211
+ racc (~> 1.4)
211
212
  notiffany (0.1.3)
212
213
  nenv (~> 0.1)
213
214
  shellany (~> 0.0)
@@ -220,6 +221,7 @@ GEM
220
221
  byebug (~> 11.0)
221
222
  pry (~> 0.10)
222
223
  public_suffix (4.0.1)
224
+ racc (1.5.2)
223
225
  rack (2.2.3)
224
226
  rack-test (1.1.0)
225
227
  rack (>= 1.0, < 3)
@@ -6,14 +6,16 @@ class Devise::MasqueradesController < DeviseController
6
6
  end
7
7
  skip_before_action :masquerade!, raise: false
8
8
 
9
- prepend_before_action :authenticate_scope!, :masquerade_authorize!
9
+ prepend_before_action :authenticate_scope!, only: :show
10
+ prepend_before_action :masquerade_authorize!
10
11
 
11
- before_action :save_masquerade_owner_session, only: :show
12
+ def show
13
+ masqueradable_resource = find_masqueradable_resource
12
14
 
13
- after_action :cleanup_masquerade_owner_session, only: :back
15
+ save_masquerade_owner_session(masqueradable_resource)
14
16
 
15
- def show
16
- self.resource = find_resource
17
+ self.resource = masqueradable_resource
18
+ sign_out(send("current_#{masquerading_resource_name}"))
17
19
 
18
20
  unless resource
19
21
  flash[:error] = "#{masqueraded_resource_class} not found."
@@ -28,16 +30,21 @@ class Devise::MasqueradesController < DeviseController
28
30
  end
29
31
 
30
32
  def back
31
- self.resource = find_owner_resource
33
+ masqueradable_resource = send("current_#{masqueraded_resource_name}")
32
34
 
33
- if resource.class != masqueraded_resource_class
34
- sign_out(send("current_#{masqueraded_resource_name}"))
35
+ unless send("#{masqueraded_resource_name}_signed_in?")
36
+ head(401) and return
35
37
  end
36
38
 
39
+ self.resource = find_owner_resource(masqueradable_resource)
40
+ sign_out(send("current_#{masqueraded_resource_name}"))
41
+
37
42
  masquerade_sign_in(resource)
38
43
  request.env['devise.skip_trackable'] = nil
39
44
 
40
45
  go_back(resource, path: after_back_masquerade_path_for(resource))
46
+
47
+ cleanup_masquerade_owner_session(masqueradable_resource)
41
48
  end
42
49
 
43
50
  protected
@@ -50,12 +57,14 @@ class Devise::MasqueradesController < DeviseController
50
57
  true
51
58
  end
52
59
 
53
- def find_resource
54
- GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
60
+ def find_masqueradable_resource
61
+ GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
55
62
  end
56
63
 
57
- def find_owner_resource
58
- GlobalID::Locator.locate_signed(Rails.cache.read(session_key), for: 'masquerade')
64
+ def find_owner_resource(masqueradable_resource)
65
+ skey = session_key(masqueradable_resource)
66
+
67
+ GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
59
68
  end
60
69
 
61
70
  def go_back(user, path:)
@@ -120,27 +129,30 @@ class Devise::MasqueradesController < DeviseController
120
129
  '/'
121
130
  end
122
131
 
123
- def save_masquerade_owner_session
132
+ def save_masquerade_owner_session(masqueradable_resource)
133
+ skey = session_key(masqueradable_resource)
134
+
124
135
  resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
125
136
  expires_in: Devise.masquerade_expires_in, for: 'masquerade')
126
- # skip sharing owner id via session
127
- Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
128
137
 
129
- unless session.key?(session_key)
130
- session[session_key_masquerading_resource_class] = masquerading_resource_class.name
131
- session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
132
- end
138
+ # skip sharing owner id via session
139
+ Rails.cache.write(skey, resource_gid, expires_in: Devise.masquerade_expires_in)
140
+ session[skey] = true
141
+ session[session_key_masquerading_resource_class] = masquerading_resource_class.name
142
+ session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
133
143
  end
134
144
 
135
- def cleanup_masquerade_owner_session
136
- Rails.cache.delete(session_key)
145
+ def cleanup_masquerade_owner_session(masqueradable_resource)
146
+ skey = session_key(masqueradable_resource)
137
147
 
148
+ Rails.cache.delete(skey)
149
+ session.delete(skey)
138
150
  session.delete(session_key_masqueraded_resource_class)
139
151
  session.delete(session_key_masquerading_resource_class)
140
152
  end
141
153
 
142
- def session_key
143
- "devise_masquerade_#{masqueraded_resource_name}".to_sym
154
+ def session_key(masqueradable_resource)
155
+ "devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
144
156
  end
145
157
 
146
158
  def session_key_masqueraded_resource_class
@@ -148,6 +160,6 @@ class Devise::MasqueradesController < DeviseController
148
160
  end
149
161
 
150
162
  def session_key_masquerading_resource_class
151
- "devise_masquerade_masquerading_resource_class"
163
+ "devise_masquerade_masquerading_resource_class"
152
164
  end
153
165
  end
@@ -0,0 +1,11 @@
1
+ Then("I should see maquerade url") do
2
+ page.html.should include('href="/users/masquerade?masquerade=')
3
+ end
4
+
5
+ When("I am on the users page with extra params") do
6
+ visit '/extra_params'
7
+ end
8
+
9
+ Then("I should see maquerade url with extra params") do
10
+ page.html.should include('href="/users/masquerade?key1=value1&amp;masquerade=')
11
+ end
@@ -0,0 +1,14 @@
1
+ Feature: Use masquerade path to generate routes on page
2
+ In order to have the way to render masquerade path
3
+ As an user
4
+ I want to be able to see the url and use it
5
+
6
+ Scenario: Use masquerade path helper
7
+ Given I logged in
8
+ And I have a user for masquerade
9
+
10
+ When I am on the users page
11
+ Then I should see maquerade url
12
+
13
+ When I am on the users page with extra params
14
+ Then I should see maquerade url with extra params
@@ -38,12 +38,19 @@ module DeviseMasquerade
38
38
  end
39
39
 
40
40
  def #{name}_masquerade?
41
- ::Rails.cache.exist?(:"devise_masquerade_#{name}").present?
41
+ return false if current_#{name}.blank?
42
+
43
+ key = "devise_masquerade_#{name}_" + current_#{name}.to_param
44
+ return false if session[key].blank?
45
+
46
+ ::Rails.cache.exist?(key.to_sym).present?
42
47
  end
43
48
 
44
49
  def #{name}_masquerade_owner
45
- return nil unless send(:#{name}_masquerade?)
46
- GlobalID::Locator.locate_signed(Rails.cache.read(:"devise_masquerade_#{name}"), for: 'masquerade')
50
+ return unless send(:#{name}_masquerade?)
51
+
52
+ key = "devise_masquerade_#{name}_" + current_#{name}.to_param
53
+ GlobalID::Locator.locate_signed(::Rails.cache.read(key.to_sym, for: 'masquerade'))
47
54
  end
48
55
 
49
56
  private
@@ -7,12 +7,12 @@ module DeviseMasquerade
7
7
  def masquerade_path(resource, *args)
8
8
  scope = Devise::Mapping.find_scope!(resource)
9
9
 
10
- opts = args.first || {}
10
+ opts = args.shift || {}
11
11
  opts.merge!(masqueraded_resource_class: resource.class.name)
12
12
 
13
13
  opts.merge!(Devise.masquerade_param => resource.masquerade_key)
14
14
 
15
- send("#{scope}_masquerade_path", resource, opts, *args)
15
+ send("#{scope}_masquerade_index_path", opts, *args)
16
16
  end
17
17
 
18
18
  def back_masquerade_path(resource, *args)
@@ -3,11 +3,12 @@ module DeviseMasquerade
3
3
 
4
4
  def devise_masquerade(mapping, controllers)
5
5
  resources :masquerade,
6
- only: :show,
7
6
  path: mapping.path_names[:masquerade],
8
- controller: controllers[:masquerades] do
7
+ controller: controllers[:masquerades],
8
+ only: [] do
9
9
 
10
10
  collection do
11
+ get :show
11
12
  get :back
12
13
  end
13
14
  end
@@ -1,3 +1,3 @@
1
1
  module DeviseMasquerade
2
- VERSION = '1.3.0'.freeze
2
+ VERSION = '1.3.5'.freeze
3
3
  end
@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
14
14
  get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
15
15
  end
16
16
 
17
- it { expect(Rails.cache.read('devise_masquerade_student')).to be }
17
+ it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
18
18
 
19
19
  it 'should have warden keys defined' do
20
20
  expect(session["warden.user.student.key"].first.first).to eq(mask.id)
@@ -30,7 +30,7 @@ describe Devise::MasqueradesController, type: :controller do
30
30
  get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
31
31
  end
32
32
 
33
- it { expect(Rails.cache.read('devise_masquerade_user')).to be }
33
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
34
34
  it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
35
35
  it { should redirect_to('/') }
36
36
 
@@ -39,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
39
39
 
40
40
  it { should redirect_to(masquerade_page) }
41
41
  it { expect(current_user.reload).to eq(@user) }
42
- it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
42
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
43
43
  end
44
44
  end
45
45
 
@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
16
16
  before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
17
17
 
18
18
  it { expect(response.status).to eq(403) }
19
- it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
19
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
20
20
  it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
21
21
  end
22
22
 
@@ -35,7 +35,7 @@ describe MasqueradesTestsController, type: :controller do
35
35
  end
36
36
 
37
37
  it { expect(response.status).to eq(302) }
38
- it { expect(Rails.cache.read('devise_masquerade_user')).to be }
38
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
39
39
  it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
40
40
  end
41
41
  end
@@ -4,5 +4,9 @@ class DashboardController < ApplicationController
4
4
  def index
5
5
  @users = User.where("users.id != ?", current_user.id).all
6
6
  end
7
+
8
+ def extra_params
9
+ @users = User.where("users.id != ?", current_user.id).all
10
+ end
7
11
  end
8
12
 
@@ -0,0 +1,7 @@
1
+ <% @users.each do |user| %>
2
+ <p>
3
+ <%= user.email %>
4
+
5
+ <%= link_to "Login as", masquerade_path(user, key1: 'value1'), class: 'login_as' %>
6
+ </p>
7
+ <% end %>
@@ -17,7 +17,7 @@
17
17
  <% end %>
18
18
 
19
19
  <% if user_masquerade? %>
20
- <%= link_to "Back masquerade", back_masquerade_path(current_user) %>
20
+ <%= link_to "Back masquerade", back_masquerade_path(User.new) %>
21
21
  <% end %>
22
22
  <% end %>
23
23
 
@@ -1,10 +1,12 @@
1
1
  Dummy::Application.routes.draw do
2
- devise_for :users, controllers: { masquerades: "users/masquerades" }
2
+ devise_for :users, controllers: { masquerades: 'users/masquerades' }
3
3
  devise_for :admin_users, class_name: Admin::User.name
4
4
  devise_for :students, class_name: Student.name
5
5
 
6
6
  root to: 'dashboard#index'
7
7
 
8
+ get '/extra_params', to: 'dashboard#extra_params'
9
+
8
10
  resources :masquerades_tests
9
11
  resources :students, only: :index
10
12
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_masquerade
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alexandr Korsak
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-03 00:00:00.000000000 Z
11
+ date: 2021-02-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -95,7 +95,9 @@ files:
95
95
  - features/multiple_masquerading_models.feature
96
96
  - features/step_definitions/auth_steps.rb
97
97
  - features/step_definitions/back_steps.rb
98
+ - features/step_definitions/url_helpers_steps.rb
98
99
  - features/support/env.rb
100
+ - features/url_helpers.feature
99
101
  - lib/devise_masquerade.rb
100
102
  - lib/devise_masquerade/controllers/helpers.rb
101
103
  - lib/devise_masquerade/controllers/url_helpers.rb
@@ -122,6 +124,7 @@ files:
122
124
  - spec/dummy/app/models/student.rb
123
125
  - spec/dummy/app/models/user.rb
124
126
  - spec/dummy/app/views/admin/dashboard/index.html.erb
127
+ - spec/dummy/app/views/dashboard/extra_params.html.erb
125
128
  - spec/dummy/app/views/dashboard/index.html.erb
126
129
  - spec/dummy/app/views/layouts/application.html.erb
127
130
  - spec/dummy/app/views/students/_student.html.erb
@@ -185,7 +188,9 @@ test_files:
185
188
  - features/multiple_masquerading_models.feature
186
189
  - features/step_definitions/auth_steps.rb
187
190
  - features/step_definitions/back_steps.rb
191
+ - features/step_definitions/url_helpers_steps.rb
188
192
  - features/support/env.rb
193
+ - features/url_helpers.feature
189
194
  - spec/controllers/admin/dashboard_controller_spec.rb
190
195
  - spec/controllers/dashboard_controller_spec.rb
191
196
  - spec/controllers/devise/masquerades_controller_spec.rb
@@ -203,6 +208,7 @@ test_files:
203
208
  - spec/dummy/app/models/student.rb
204
209
  - spec/dummy/app/models/user.rb
205
210
  - spec/dummy/app/views/admin/dashboard/index.html.erb
211
+ - spec/dummy/app/views/dashboard/extra_params.html.erb
206
212
  - spec/dummy/app/views/dashboard/index.html.erb
207
213
  - spec/dummy/app/views/layouts/application.html.erb
208
214
  - spec/dummy/app/views/students/_student.html.erb