devise_masquerade 1.3.1 → 1.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/app/controllers/devise/masquerades_controller.rb +37 -26
- data/features/expires_masquerade.feature +18 -0
- data/features/step_definitions/expires_steps.rb +9 -0
- data/lib/devise_masquerade/controllers/helpers.rb +10 -3
- data/lib/devise_masquerade/version.rb +1 -1
- data/spec/controllers/devise/masquerades_controller_spec.rb +3 -3
- data/spec/controllers/masquerades_tests_controller_spec.rb +2 -2
- data/spec/dummy/app/views/layouts/application.html.erb +1 -1
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 289316079ab661599906ee251d276b9151b6d7b43a47131ea3683d4305cb198a
|
|
4
|
+
data.tar.gz: fce111853661fbfe07cab2058aefa0ceb2bf1cd15830a3740dc9f293a2126a42
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6d812afb79fc6e55780d5fff58432c6070bd23b5ec57d88d8706b1ee09eaf4a314bb68803a6924e731866594ba8cf4caeade6d6050c7ba888af6bebfc2058cd9
|
|
7
|
+
data.tar.gz: f9002c0ba65f8a347f9ba3b4b2abc7aa363784e60c3b9c7e9d6071ca131fd5484c7aac664e7b5566030792243f093793702e6d26ee620117c8126bb3316f60b0
|
data/Gemfile.lock
CHANGED
|
@@ -6,14 +6,16 @@ class Devise::MasqueradesController < DeviseController
|
|
|
6
6
|
end
|
|
7
7
|
skip_before_action :masquerade!, raise: false
|
|
8
8
|
|
|
9
|
-
prepend_before_action :authenticate_scope!, :
|
|
9
|
+
prepend_before_action :authenticate_scope!, only: :show
|
|
10
|
+
prepend_before_action :masquerade_authorize!
|
|
10
11
|
|
|
11
|
-
|
|
12
|
+
def show
|
|
13
|
+
masqueradable_resource = find_masqueradable_resource
|
|
12
14
|
|
|
13
|
-
|
|
15
|
+
save_masquerade_owner_session(masqueradable_resource)
|
|
14
16
|
|
|
15
|
-
|
|
16
|
-
|
|
17
|
+
self.resource = masqueradable_resource
|
|
18
|
+
sign_out(send("current_#{masquerading_resource_name}"))
|
|
17
19
|
|
|
18
20
|
unless resource
|
|
19
21
|
flash[:error] = "#{masqueraded_resource_class} not found."
|
|
@@ -28,16 +30,21 @@ class Devise::MasqueradesController < DeviseController
|
|
|
28
30
|
end
|
|
29
31
|
|
|
30
32
|
def back
|
|
31
|
-
|
|
33
|
+
masqueradable_resource = send("current_#{masqueraded_resource_name}")
|
|
32
34
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
+
unless send("#{masqueraded_resource_name}_signed_in?")
|
|
36
|
+
head(401) and return
|
|
35
37
|
end
|
|
36
38
|
|
|
39
|
+
self.resource = find_owner_resource(masqueradable_resource)
|
|
40
|
+
sign_out(send("current_#{masqueraded_resource_name}"))
|
|
41
|
+
|
|
37
42
|
masquerade_sign_in(resource)
|
|
38
43
|
request.env['devise.skip_trackable'] = nil
|
|
39
44
|
|
|
40
45
|
go_back(resource, path: after_back_masquerade_path_for(resource))
|
|
46
|
+
|
|
47
|
+
cleanup_masquerade_owner_session(masqueradable_resource)
|
|
41
48
|
end
|
|
42
49
|
|
|
43
50
|
protected
|
|
@@ -50,12 +57,14 @@ class Devise::MasqueradesController < DeviseController
|
|
|
50
57
|
true
|
|
51
58
|
end
|
|
52
59
|
|
|
53
|
-
def
|
|
54
|
-
GlobalID::Locator.locate_signed
|
|
60
|
+
def find_masqueradable_resource
|
|
61
|
+
GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
|
|
55
62
|
end
|
|
56
63
|
|
|
57
|
-
def find_owner_resource
|
|
58
|
-
|
|
64
|
+
def find_owner_resource(masqueradable_resource)
|
|
65
|
+
skey = session_key(masqueradable_resource)
|
|
66
|
+
|
|
67
|
+
GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
|
|
59
68
|
end
|
|
60
69
|
|
|
61
70
|
def go_back(user, path:)
|
|
@@ -120,27 +129,29 @@ class Devise::MasqueradesController < DeviseController
|
|
|
120
129
|
'/'
|
|
121
130
|
end
|
|
122
131
|
|
|
123
|
-
def save_masquerade_owner_session
|
|
124
|
-
|
|
125
|
-
expires_in: Devise.masquerade_expires_in, for: 'masquerade')
|
|
126
|
-
# skip sharing owner id via session
|
|
127
|
-
Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
|
|
132
|
+
def save_masquerade_owner_session(masqueradable_resource)
|
|
133
|
+
skey = session_key(masqueradable_resource)
|
|
128
134
|
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
135
|
+
resource_gid = send("current_#{masquerading_resource_name}").to_sgid(for: 'masquerade')
|
|
136
|
+
|
|
137
|
+
# skip sharing owner id via session
|
|
138
|
+
Rails.cache.write(skey, resource_gid)
|
|
139
|
+
session[skey] = true
|
|
140
|
+
session[session_key_masquerading_resource_class] = masquerading_resource_class.name
|
|
141
|
+
session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
|
|
133
142
|
end
|
|
134
143
|
|
|
135
|
-
def cleanup_masquerade_owner_session
|
|
136
|
-
|
|
144
|
+
def cleanup_masquerade_owner_session(masqueradable_resource)
|
|
145
|
+
skey = session_key(masqueradable_resource)
|
|
137
146
|
|
|
147
|
+
Rails.cache.delete(skey)
|
|
148
|
+
session.delete(skey)
|
|
138
149
|
session.delete(session_key_masqueraded_resource_class)
|
|
139
150
|
session.delete(session_key_masquerading_resource_class)
|
|
140
151
|
end
|
|
141
152
|
|
|
142
|
-
def session_key
|
|
143
|
-
"devise_masquerade_#{masqueraded_resource_name}".to_sym
|
|
153
|
+
def session_key(masqueradable_resource)
|
|
154
|
+
"devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
|
|
144
155
|
end
|
|
145
156
|
|
|
146
157
|
def session_key_masqueraded_resource_class
|
|
@@ -148,6 +159,6 @@ class Devise::MasqueradesController < DeviseController
|
|
|
148
159
|
end
|
|
149
160
|
|
|
150
161
|
def session_key_masquerading_resource_class
|
|
151
|
-
|
|
162
|
+
"devise_masquerade_masquerading_resource_class"
|
|
152
163
|
end
|
|
153
164
|
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
Feature: Use back button for returning to the owner despite on expiration time.
|
|
2
|
+
In order to back to the owner user
|
|
3
|
+
As an masquerade user
|
|
4
|
+
I want to be able to press a simple button on the page
|
|
5
|
+
|
|
6
|
+
Scenario: Use back button
|
|
7
|
+
Given I logged in
|
|
8
|
+
And I have a user for masquerade
|
|
9
|
+
|
|
10
|
+
When I have devise masquerade expiration time in 1 second
|
|
11
|
+
|
|
12
|
+
When I am on the users page
|
|
13
|
+
And I login as one user
|
|
14
|
+
Then I should be login as this user
|
|
15
|
+
And I waited for 2 seconds
|
|
16
|
+
|
|
17
|
+
When I press back masquerade button
|
|
18
|
+
Then I should be login as owner user
|
|
@@ -38,12 +38,19 @@ module DeviseMasquerade
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
def #{name}_masquerade?
|
|
41
|
-
|
|
41
|
+
return false if current_#{name}.blank?
|
|
42
|
+
|
|
43
|
+
key = "devise_masquerade_#{name}_" + current_#{name}.to_param
|
|
44
|
+
return false if session[key].blank?
|
|
45
|
+
|
|
46
|
+
::Rails.cache.exist?(key.to_sym).present?
|
|
42
47
|
end
|
|
43
48
|
|
|
44
49
|
def #{name}_masquerade_owner
|
|
45
|
-
return
|
|
46
|
-
|
|
50
|
+
return unless send(:#{name}_masquerade?)
|
|
51
|
+
|
|
52
|
+
key = "devise_masquerade_#{name}_" + current_#{name}.to_param
|
|
53
|
+
GlobalID::Locator.locate_signed(::Rails.cache.read(key.to_sym, for: 'masquerade'))
|
|
47
54
|
end
|
|
48
55
|
|
|
49
56
|
private
|
|
@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
14
14
|
get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
it { expect(Rails.cache.read(
|
|
17
|
+
it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
|
|
18
18
|
|
|
19
19
|
it 'should have warden keys defined' do
|
|
20
20
|
expect(session["warden.user.student.key"].first.first).to eq(mask.id)
|
|
@@ -30,7 +30,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
30
30
|
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
it { expect(Rails.cache.read(
|
|
33
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
|
|
34
34
|
it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
|
|
35
35
|
it { should redirect_to('/') }
|
|
36
36
|
|
|
@@ -39,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
39
39
|
|
|
40
40
|
it { should redirect_to(masquerade_page) }
|
|
41
41
|
it { expect(current_user.reload).to eq(@user) }
|
|
42
|
-
it { expect(Rails.cache.read(
|
|
42
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
|
|
@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
16
16
|
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
|
17
17
|
|
|
18
18
|
it { expect(response.status).to eq(403) }
|
|
19
|
-
it { expect(Rails.cache.read(
|
|
19
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
|
|
20
20
|
it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
|
|
21
21
|
end
|
|
22
22
|
|
|
@@ -35,7 +35,7 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
it { expect(response.status).to eq(302) }
|
|
38
|
-
it { expect(Rails.cache.read(
|
|
38
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
|
|
39
39
|
it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
|
|
40
40
|
end
|
|
41
41
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_masquerade
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandr Korsak
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-03-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -92,9 +92,11 @@ files:
|
|
|
92
92
|
- config/environment.rb
|
|
93
93
|
- devise_masquerade.gemspec
|
|
94
94
|
- features/back.feature
|
|
95
|
+
- features/expires_masquerade.feature
|
|
95
96
|
- features/multiple_masquerading_models.feature
|
|
96
97
|
- features/step_definitions/auth_steps.rb
|
|
97
98
|
- features/step_definitions/back_steps.rb
|
|
99
|
+
- features/step_definitions/expires_steps.rb
|
|
98
100
|
- features/step_definitions/url_helpers_steps.rb
|
|
99
101
|
- features/support/env.rb
|
|
100
102
|
- features/url_helpers.feature
|
|
@@ -185,9 +187,11 @@ specification_version: 4
|
|
|
185
187
|
summary: use for login as functionallity on your admin users pages
|
|
186
188
|
test_files:
|
|
187
189
|
- features/back.feature
|
|
190
|
+
- features/expires_masquerade.feature
|
|
188
191
|
- features/multiple_masquerading_models.feature
|
|
189
192
|
- features/step_definitions/auth_steps.rb
|
|
190
193
|
- features/step_definitions/back_steps.rb
|
|
194
|
+
- features/step_definitions/expires_steps.rb
|
|
191
195
|
- features/step_definitions/url_helpers_steps.rb
|
|
192
196
|
- features/support/env.rb
|
|
193
197
|
- features/url_helpers.feature
|