devise_masquerade 1.3.0 → 1.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +1 -0
- data/Gemfile.lock +6 -4
- data/app/controllers/devise/masquerades_controller.rb +36 -24
- data/features/step_definitions/url_helpers_steps.rb +11 -0
- data/features/url_helpers.feature +14 -0
- data/lib/devise_masquerade/controllers/helpers.rb +10 -3
- data/lib/devise_masquerade/controllers/url_helpers.rb +2 -2
- data/lib/devise_masquerade/routes.rb +3 -2
- data/lib/devise_masquerade/version.rb +1 -1
- data/spec/controllers/devise/masquerades_controller_spec.rb +3 -3
- data/spec/controllers/masquerades_tests_controller_spec.rb +2 -2
- data/spec/dummy/app/controllers/dashboard_controller.rb +4 -0
- data/spec/dummy/app/views/dashboard/extra_params.html.erb +7 -0
- data/spec/dummy/app/views/layouts/application.html.erb +1 -1
- data/spec/dummy/config/routes.rb +3 -1
- metadata +8 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 02e2f123857132cfdeaf49b1dbb8cef1dce29175448f862dba6387e72087ebe2
|
|
4
|
+
data.tar.gz: 451e8c53e1e84d565fd0fcb13439c0f3b75dd27a00fb112e0c2fd8976f67b00b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4f3ea1133abf1ae6126ce12e64fb118fa88e2627587f1e29833fb7805bd230cac706d7e4ab1f12848409cca824e670a131f8b4c3bb1e02e00a45337ab8071de0
|
|
7
|
+
data.tar.gz: a281f8c5bcab7bde06ca043830ed98982e38c7e061a77be364768486caf7a5f10f85b35e5788c6334806a3b98a6010e8f4e1ee170a0baba88d05723429036287
|
data/.travis.yml
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -52,7 +52,7 @@ GIT
|
|
|
52
52
|
PATH
|
|
53
53
|
remote: .
|
|
54
54
|
specs:
|
|
55
|
-
devise_masquerade (1.3.
|
|
55
|
+
devise_masquerade (1.3.5)
|
|
56
56
|
devise (>= 4.7.0)
|
|
57
57
|
globalid (>= 0.3.6)
|
|
58
58
|
railties (>= 5.2.0)
|
|
@@ -201,13 +201,14 @@ GEM
|
|
|
201
201
|
mime-types-data (~> 3.2015)
|
|
202
202
|
mime-types-data (3.2019.1009)
|
|
203
203
|
mini_mime (1.0.2)
|
|
204
|
-
mini_portile2 (2.
|
|
204
|
+
mini_portile2 (2.5.0)
|
|
205
205
|
minitest (5.12.2)
|
|
206
206
|
multi_json (1.14.1)
|
|
207
207
|
multi_test (0.1.2)
|
|
208
208
|
nenv (0.3.0)
|
|
209
|
-
nokogiri (1.
|
|
210
|
-
mini_portile2 (~> 2.
|
|
209
|
+
nokogiri (1.11.1)
|
|
210
|
+
mini_portile2 (~> 2.5.0)
|
|
211
|
+
racc (~> 1.4)
|
|
211
212
|
notiffany (0.1.3)
|
|
212
213
|
nenv (~> 0.1)
|
|
213
214
|
shellany (~> 0.0)
|
|
@@ -220,6 +221,7 @@ GEM
|
|
|
220
221
|
byebug (~> 11.0)
|
|
221
222
|
pry (~> 0.10)
|
|
222
223
|
public_suffix (4.0.1)
|
|
224
|
+
racc (1.5.2)
|
|
223
225
|
rack (2.2.3)
|
|
224
226
|
rack-test (1.1.0)
|
|
225
227
|
rack (>= 1.0, < 3)
|
|
@@ -6,14 +6,16 @@ class Devise::MasqueradesController < DeviseController
|
|
|
6
6
|
end
|
|
7
7
|
skip_before_action :masquerade!, raise: false
|
|
8
8
|
|
|
9
|
-
prepend_before_action :authenticate_scope!, :
|
|
9
|
+
prepend_before_action :authenticate_scope!, only: :show
|
|
10
|
+
prepend_before_action :masquerade_authorize!
|
|
10
11
|
|
|
11
|
-
|
|
12
|
+
def show
|
|
13
|
+
masqueradable_resource = find_masqueradable_resource
|
|
12
14
|
|
|
13
|
-
|
|
15
|
+
save_masquerade_owner_session(masqueradable_resource)
|
|
14
16
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
+
self.resource = masqueradable_resource
|
|
18
|
+
sign_out(send("current_#{masquerading_resource_name}"))
|
|
17
19
|
|
|
18
20
|
unless resource
|
|
19
21
|
flash[:error] = "#{masqueraded_resource_class} not found."
|
|
@@ -28,16 +30,21 @@ class Devise::MasqueradesController < DeviseController
|
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
def back
|
|
31
|
-
|
|
33
|
+
masqueradable_resource = send("current_#{masqueraded_resource_name}")
|
|
32
34
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
+
unless send("#{masqueraded_resource_name}_signed_in?")
|
|
36
|
+
head(401) and return
|
|
35
37
|
end
|
|
36
38
|
|
|
39
|
+
self.resource = find_owner_resource(masqueradable_resource)
|
|
40
|
+
sign_out(send("current_#{masqueraded_resource_name}"))
|
|
41
|
+
|
|
37
42
|
masquerade_sign_in(resource)
|
|
38
43
|
request.env['devise.skip_trackable'] = nil
|
|
39
44
|
|
|
40
45
|
go_back(resource, path: after_back_masquerade_path_for(resource))
|
|
46
|
+
|
|
47
|
+
cleanup_masquerade_owner_session(masqueradable_resource)
|
|
41
48
|
end
|
|
42
49
|
|
|
43
50
|
protected
|
|
@@ -50,12 +57,14 @@ class Devise::MasqueradesController < DeviseController
|
|
|
50
57
|
true
|
|
51
58
|
end
|
|
52
59
|
|
|
53
|
-
def
|
|
54
|
-
GlobalID::Locator.locate_signed
|
|
60
|
+
def find_masqueradable_resource
|
|
61
|
+
GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
|
|
55
62
|
end
|
|
56
63
|
|
|
57
|
-
def find_owner_resource
|
|
58
|
-
|
|
64
|
+
def find_owner_resource(masqueradable_resource)
|
|
65
|
+
skey = session_key(masqueradable_resource)
|
|
66
|
+
|
|
67
|
+
GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
|
|
59
68
|
end
|
|
60
69
|
|
|
61
70
|
def go_back(user, path:)
|
|
@@ -120,27 +129,30 @@ class Devise::MasqueradesController < DeviseController
|
|
|
120
129
|
'/'
|
|
121
130
|
end
|
|
122
131
|
|
|
123
|
-
def save_masquerade_owner_session
|
|
132
|
+
def save_masquerade_owner_session(masqueradable_resource)
|
|
133
|
+
skey = session_key(masqueradable_resource)
|
|
134
|
+
|
|
124
135
|
resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
|
|
125
136
|
expires_in: Devise.masquerade_expires_in, for: 'masquerade')
|
|
126
|
-
# skip sharing owner id via session
|
|
127
|
-
Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
|
|
128
137
|
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
138
|
+
# skip sharing owner id via session
|
|
139
|
+
Rails.cache.write(skey, resource_gid, expires_in: Devise.masquerade_expires_in)
|
|
140
|
+
session[skey] = true
|
|
141
|
+
session[session_key_masquerading_resource_class] = masquerading_resource_class.name
|
|
142
|
+
session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
|
|
133
143
|
end
|
|
134
144
|
|
|
135
|
-
def cleanup_masquerade_owner_session
|
|
136
|
-
|
|
145
|
+
def cleanup_masquerade_owner_session(masqueradable_resource)
|
|
146
|
+
skey = session_key(masqueradable_resource)
|
|
137
147
|
|
|
148
|
+
Rails.cache.delete(skey)
|
|
149
|
+
session.delete(skey)
|
|
138
150
|
session.delete(session_key_masqueraded_resource_class)
|
|
139
151
|
session.delete(session_key_masquerading_resource_class)
|
|
140
152
|
end
|
|
141
153
|
|
|
142
|
-
def session_key
|
|
143
|
-
"devise_masquerade_#{masqueraded_resource_name}".to_sym
|
|
154
|
+
def session_key(masqueradable_resource)
|
|
155
|
+
"devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
|
|
144
156
|
end
|
|
145
157
|
|
|
146
158
|
def session_key_masqueraded_resource_class
|
|
@@ -148,6 +160,6 @@ class Devise::MasqueradesController < DeviseController
|
|
|
148
160
|
end
|
|
149
161
|
|
|
150
162
|
def session_key_masquerading_resource_class
|
|
151
|
-
|
|
163
|
+
"devise_masquerade_masquerading_resource_class"
|
|
152
164
|
end
|
|
153
165
|
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
Then("I should see maquerade url") do
|
|
2
|
+
page.html.should include('href="/users/masquerade?masquerade=')
|
|
3
|
+
end
|
|
4
|
+
|
|
5
|
+
When("I am on the users page with extra params") do
|
|
6
|
+
visit '/extra_params'
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
Then("I should see maquerade url with extra params") do
|
|
10
|
+
page.html.should include('href="/users/masquerade?key1=value1&masquerade=')
|
|
11
|
+
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
Feature: Use masquerade path to generate routes on page
|
|
2
|
+
In order to have the way to render masquerade path
|
|
3
|
+
As an user
|
|
4
|
+
I want to be able to see the url and use it
|
|
5
|
+
|
|
6
|
+
Scenario: Use masquerade path helper
|
|
7
|
+
Given I logged in
|
|
8
|
+
And I have a user for masquerade
|
|
9
|
+
|
|
10
|
+
When I am on the users page
|
|
11
|
+
Then I should see maquerade url
|
|
12
|
+
|
|
13
|
+
When I am on the users page with extra params
|
|
14
|
+
Then I should see maquerade url with extra params
|
|
@@ -38,12 +38,19 @@ module DeviseMasquerade
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
def #{name}_masquerade?
|
|
41
|
-
|
|
41
|
+
return false if current_#{name}.blank?
|
|
42
|
+
|
|
43
|
+
key = "devise_masquerade_#{name}_" + current_#{name}.to_param
|
|
44
|
+
return false if session[key].blank?
|
|
45
|
+
|
|
46
|
+
::Rails.cache.exist?(key.to_sym).present?
|
|
42
47
|
end
|
|
43
48
|
|
|
44
49
|
def #{name}_masquerade_owner
|
|
45
|
-
return
|
|
46
|
-
|
|
50
|
+
return unless send(:#{name}_masquerade?)
|
|
51
|
+
|
|
52
|
+
key = "devise_masquerade_#{name}_" + current_#{name}.to_param
|
|
53
|
+
GlobalID::Locator.locate_signed(::Rails.cache.read(key.to_sym, for: 'masquerade'))
|
|
47
54
|
end
|
|
48
55
|
|
|
49
56
|
private
|
|
@@ -7,12 +7,12 @@ module DeviseMasquerade
|
|
|
7
7
|
def masquerade_path(resource, *args)
|
|
8
8
|
scope = Devise::Mapping.find_scope!(resource)
|
|
9
9
|
|
|
10
|
-
opts = args.
|
|
10
|
+
opts = args.shift || {}
|
|
11
11
|
opts.merge!(masqueraded_resource_class: resource.class.name)
|
|
12
12
|
|
|
13
13
|
opts.merge!(Devise.masquerade_param => resource.masquerade_key)
|
|
14
14
|
|
|
15
|
-
send("#{scope}
|
|
15
|
+
send("#{scope}_masquerade_index_path", opts, *args)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
def back_masquerade_path(resource, *args)
|
|
@@ -3,11 +3,12 @@ module DeviseMasquerade
|
|
|
3
3
|
|
|
4
4
|
def devise_masquerade(mapping, controllers)
|
|
5
5
|
resources :masquerade,
|
|
6
|
-
only: :show,
|
|
7
6
|
path: mapping.path_names[:masquerade],
|
|
8
|
-
controller: controllers[:masquerades]
|
|
7
|
+
controller: controllers[:masquerades],
|
|
8
|
+
only: [] do
|
|
9
9
|
|
|
10
10
|
collection do
|
|
11
|
+
get :show
|
|
11
12
|
get :back
|
|
12
13
|
end
|
|
13
14
|
end
|
|
@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
14
14
|
get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
it { expect(Rails.cache.read(
|
|
17
|
+
it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
|
|
18
18
|
|
|
19
19
|
it 'should have warden keys defined' do
|
|
20
20
|
expect(session["warden.user.student.key"].first.first).to eq(mask.id)
|
|
@@ -30,7 +30,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
30
30
|
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
it { expect(Rails.cache.read(
|
|
33
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
|
|
34
34
|
it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
|
|
35
35
|
it { should redirect_to('/') }
|
|
36
36
|
|
|
@@ -39,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
39
39
|
|
|
40
40
|
it { should redirect_to(masquerade_page) }
|
|
41
41
|
it { expect(current_user.reload).to eq(@user) }
|
|
42
|
-
it { expect(Rails.cache.read(
|
|
42
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
|
|
@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
16
16
|
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
|
17
17
|
|
|
18
18
|
it { expect(response.status).to eq(403) }
|
|
19
|
-
it { expect(Rails.cache.read(
|
|
19
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
|
|
20
20
|
it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
|
|
21
21
|
end
|
|
22
22
|
|
|
@@ -35,7 +35,7 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
it { expect(response.status).to eq(302) }
|
|
38
|
-
it { expect(Rails.cache.read(
|
|
38
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
|
|
39
39
|
it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
|
|
40
40
|
end
|
|
41
41
|
end
|
data/spec/dummy/config/routes.rb
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
Dummy::Application.routes.draw do
|
|
2
|
-
devise_for :users, controllers: { masquerades:
|
|
2
|
+
devise_for :users, controllers: { masquerades: 'users/masquerades' }
|
|
3
3
|
devise_for :admin_users, class_name: Admin::User.name
|
|
4
4
|
devise_for :students, class_name: Student.name
|
|
5
5
|
|
|
6
6
|
root to: 'dashboard#index'
|
|
7
7
|
|
|
8
|
+
get '/extra_params', to: 'dashboard#extra_params'
|
|
9
|
+
|
|
8
10
|
resources :masquerades_tests
|
|
9
11
|
resources :students, only: :index
|
|
10
12
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_masquerade
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandr Korsak
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-02-
|
|
11
|
+
date: 2021-02-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -95,7 +95,9 @@ files:
|
|
|
95
95
|
- features/multiple_masquerading_models.feature
|
|
96
96
|
- features/step_definitions/auth_steps.rb
|
|
97
97
|
- features/step_definitions/back_steps.rb
|
|
98
|
+
- features/step_definitions/url_helpers_steps.rb
|
|
98
99
|
- features/support/env.rb
|
|
100
|
+
- features/url_helpers.feature
|
|
99
101
|
- lib/devise_masquerade.rb
|
|
100
102
|
- lib/devise_masquerade/controllers/helpers.rb
|
|
101
103
|
- lib/devise_masquerade/controllers/url_helpers.rb
|
|
@@ -122,6 +124,7 @@ files:
|
|
|
122
124
|
- spec/dummy/app/models/student.rb
|
|
123
125
|
- spec/dummy/app/models/user.rb
|
|
124
126
|
- spec/dummy/app/views/admin/dashboard/index.html.erb
|
|
127
|
+
- spec/dummy/app/views/dashboard/extra_params.html.erb
|
|
125
128
|
- spec/dummy/app/views/dashboard/index.html.erb
|
|
126
129
|
- spec/dummy/app/views/layouts/application.html.erb
|
|
127
130
|
- spec/dummy/app/views/students/_student.html.erb
|
|
@@ -185,7 +188,9 @@ test_files:
|
|
|
185
188
|
- features/multiple_masquerading_models.feature
|
|
186
189
|
- features/step_definitions/auth_steps.rb
|
|
187
190
|
- features/step_definitions/back_steps.rb
|
|
191
|
+
- features/step_definitions/url_helpers_steps.rb
|
|
188
192
|
- features/support/env.rb
|
|
193
|
+
- features/url_helpers.feature
|
|
189
194
|
- spec/controllers/admin/dashboard_controller_spec.rb
|
|
190
195
|
- spec/controllers/dashboard_controller_spec.rb
|
|
191
196
|
- spec/controllers/devise/masquerades_controller_spec.rb
|
|
@@ -203,6 +208,7 @@ test_files:
|
|
|
203
208
|
- spec/dummy/app/models/student.rb
|
|
204
209
|
- spec/dummy/app/models/user.rb
|
|
205
210
|
- spec/dummy/app/views/admin/dashboard/index.html.erb
|
|
211
|
+
- spec/dummy/app/views/dashboard/extra_params.html.erb
|
|
206
212
|
- spec/dummy/app/views/dashboard/index.html.erb
|
|
207
213
|
- spec/dummy/app/views/layouts/application.html.erb
|
|
208
214
|
- spec/dummy/app/views/students/_student.html.erb
|