devise_masquerade 1.3.11 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +8 -8
- data/README.md +5 -1
- data/app/controllers/devise/masquerades_controller.rb +18 -6
- data/features/back.feature +14 -1
- data/features/expires_masquerade.feature +17 -1
- data/features/step_definitions/auth_steps.rb +7 -0
- data/lib/devise_masquerade/controllers/helpers.rb +11 -2
- data/lib/devise_masquerade/version.rb +1 -1
- data/lib/devise_masquerade.rb +14 -0
- data/spec/controllers/devise/masquerades_controller_spec.rb +3 -0
- data/spec/controllers/masquerades_tests_controller_spec.rb +3 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 99dc9de6d6af53393db0f0f0a8c8b80191bf203bad2ba604eb50dce7708aa314
|
|
4
|
+
data.tar.gz: a8a89851d08443baaf4e7106bec7267d7a0c8209f01da40431874672ff56d1c9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 13133209d039b4f64ff124fc88935198e4cde0ee181abd6ce973b9d31f2618d6ed2512a27adf9c3f5d32be4fff16084f15135a6f95b97ff96b0a430ba4f9819a
|
|
7
|
+
data.tar.gz: 0b4455f0adfd73ea7a49794349d686010c47157e4e30a836ea9a811f05005f8533af55a1945401f2595845ccd82cc2a84f4b6aa392ef0dcc3bea5b423f9ef35a
|
data/Gemfile.lock
CHANGED
|
@@ -52,7 +52,7 @@ GIT
|
|
|
52
52
|
PATH
|
|
53
53
|
remote: .
|
|
54
54
|
specs:
|
|
55
|
-
devise_masquerade (
|
|
55
|
+
devise_masquerade (2.0.0)
|
|
56
56
|
devise (>= 4.7.0)
|
|
57
57
|
globalid (>= 0.3.6)
|
|
58
58
|
railties (>= 5.2.0)
|
|
@@ -98,7 +98,7 @@ GEM
|
|
|
98
98
|
archive-zip (0.12.0)
|
|
99
99
|
io-like (~> 0.3.0)
|
|
100
100
|
backports (3.15.0)
|
|
101
|
-
bcrypt (3.1.
|
|
101
|
+
bcrypt (3.1.18)
|
|
102
102
|
bson (1.12.5)
|
|
103
103
|
bson_ext (1.12.5)
|
|
104
104
|
bson (~> 1.12.5)
|
|
@@ -118,7 +118,7 @@ GEM
|
|
|
118
118
|
nokogiri (~> 1.8)
|
|
119
119
|
coderay (1.1.2)
|
|
120
120
|
concurrent-ruby (1.1.5)
|
|
121
|
-
crass (1.0.
|
|
121
|
+
crass (1.0.6)
|
|
122
122
|
cucumber (3.1.2)
|
|
123
123
|
builder (>= 2.1.2)
|
|
124
124
|
cucumber-core (~> 3.2.0)
|
|
@@ -190,7 +190,7 @@ GEM
|
|
|
190
190
|
listen (3.2.0)
|
|
191
191
|
rb-fsevent (~> 0.10, >= 0.10.3)
|
|
192
192
|
rb-inotify (~> 0.9, >= 0.9.10)
|
|
193
|
-
loofah (2.
|
|
193
|
+
loofah (2.18.0)
|
|
194
194
|
crass (~> 1.0.2)
|
|
195
195
|
nokogiri (>= 1.5.9)
|
|
196
196
|
lumberjack (1.0.13)
|
|
@@ -206,7 +206,7 @@ GEM
|
|
|
206
206
|
multi_json (1.14.1)
|
|
207
207
|
multi_test (0.1.2)
|
|
208
208
|
nenv (0.3.0)
|
|
209
|
-
nokogiri (1.13.
|
|
209
|
+
nokogiri (1.13.6)
|
|
210
210
|
mini_portile2 (~> 2.8.0)
|
|
211
211
|
racc (~> 1.4)
|
|
212
212
|
notiffany (0.1.3)
|
|
@@ -222,13 +222,13 @@ GEM
|
|
|
222
222
|
pry (~> 0.10)
|
|
223
223
|
public_suffix (4.0.6)
|
|
224
224
|
racc (1.6.0)
|
|
225
|
-
rack (2.2.3)
|
|
225
|
+
rack (2.2.3.1)
|
|
226
226
|
rack-test (1.1.0)
|
|
227
227
|
rack (>= 1.0, < 3)
|
|
228
228
|
rails-dom-testing (2.0.3)
|
|
229
229
|
activesupport (>= 4.2.0)
|
|
230
230
|
nokogiri (>= 1.6)
|
|
231
|
-
rails-html-sanitizer (1.3
|
|
231
|
+
rails-html-sanitizer (1.4.3)
|
|
232
232
|
loofah (~> 2.3)
|
|
233
233
|
railties (6.0.0)
|
|
234
234
|
actionpack (= 6.0.0)
|
|
@@ -260,7 +260,7 @@ GEM
|
|
|
260
260
|
power_assert
|
|
261
261
|
thor (0.20.3)
|
|
262
262
|
thread_safe (0.3.6)
|
|
263
|
-
tzinfo (1.2.
|
|
263
|
+
tzinfo (1.2.10)
|
|
264
264
|
thread_safe (~> 0.1)
|
|
265
265
|
warden (1.2.9)
|
|
266
266
|
rack (>= 2.0.9)
|
data/README.md
CHANGED
|
@@ -167,7 +167,7 @@ in `routes.rb`:
|
|
|
167
167
|
Devise.masquerade_bypass_warden_callback = false
|
|
168
168
|
Devise.masquerade_routes_back = false # if true, route back to the page the user was on via redirect_back
|
|
169
169
|
Devise.masquerading_resource_class = AdminUser
|
|
170
|
-
# optional: Devise.
|
|
170
|
+
# optional: Devise.masquerading_resource_class_name = 'AdminUser'
|
|
171
171
|
|
|
172
172
|
# optional, default: masquerading_resource_class.model_name.param_key
|
|
173
173
|
Devise.masquerading_resource_name = :admin_user
|
|
@@ -177,6 +177,10 @@ in `routes.rb`:
|
|
|
177
177
|
|
|
178
178
|
# optional, default: masqueraded_resource_class.model_name.param_key
|
|
179
179
|
Devise.masqueraded_resource_name = :user
|
|
180
|
+
|
|
181
|
+
# optional, default: masquerade_storage_method = :session
|
|
182
|
+
# values: :session, :cache
|
|
183
|
+
Devise.masquerade_storage_method = :session
|
|
180
184
|
```
|
|
181
185
|
|
|
182
186
|
## Demo project
|
|
@@ -77,7 +77,13 @@ class Devise::MasqueradesController < DeviseController
|
|
|
77
77
|
def find_owner_resource(masqueradable_resource)
|
|
78
78
|
skey = session_key(masqueradable_resource, masquerading_guid)
|
|
79
79
|
|
|
80
|
-
|
|
80
|
+
data = if Devise.masquerade_storage_method_session?
|
|
81
|
+
session[skey]
|
|
82
|
+
else
|
|
83
|
+
Rails.cache.read(skey)
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
GlobalID::Locator.locate_signed(data, for: 'masquerade')
|
|
81
87
|
end
|
|
82
88
|
|
|
83
89
|
def go_back(user, path:)
|
|
@@ -157,9 +163,15 @@ class Devise::MasqueradesController < DeviseController
|
|
|
157
163
|
|
|
158
164
|
resource_gid = send("current_#{masquerading_resource_name}").to_sgid(for: 'masquerade')
|
|
159
165
|
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
166
|
+
if Devise.masquerade_storage_method_session?
|
|
167
|
+
session[skey] = resource_gid
|
|
168
|
+
else
|
|
169
|
+
# skip sharing owner id via session
|
|
170
|
+
Rails.cache.write(skey, resource_gid)
|
|
171
|
+
|
|
172
|
+
session[skey] = true
|
|
173
|
+
end
|
|
174
|
+
|
|
163
175
|
session[session_key_masquerading_resource_class] = masquerading_resource_class.name
|
|
164
176
|
session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
|
|
165
177
|
session[session_key_masquerading_resource_guid] = guid
|
|
@@ -168,8 +180,8 @@ class Devise::MasqueradesController < DeviseController
|
|
|
168
180
|
def cleanup_masquerade_owner_session(masqueradable_resource)
|
|
169
181
|
skey = session_key(masqueradable_resource, masquerading_guid)
|
|
170
182
|
|
|
171
|
-
Rails.cache.delete(skey)
|
|
172
|
-
|
|
183
|
+
Rails.cache.delete(skey) if Devise.masquerade_storage_method_cache?
|
|
184
|
+
|
|
173
185
|
session.delete(session_key_masqueraded_resource_class)
|
|
174
186
|
session.delete(session_key_masquerading_resource_class)
|
|
175
187
|
session.delete(session_key_masquerading_resource_guid)
|
data/features/back.feature
CHANGED
|
@@ -3,8 +3,21 @@ Feature: Use back button for returning to the owner of the masquerade action.
|
|
|
3
3
|
As an masquerade user
|
|
4
4
|
I want to be able to press a simple button on the page
|
|
5
5
|
|
|
6
|
-
Scenario: Use back button
|
|
6
|
+
Scenario: Use back button with cache
|
|
7
7
|
Given I logged in
|
|
8
|
+
And devise masquerade configured to use cache
|
|
9
|
+
And I have a user for masquerade
|
|
10
|
+
|
|
11
|
+
When I am on the users page
|
|
12
|
+
And I login as one user
|
|
13
|
+
Then I should be login as this user
|
|
14
|
+
|
|
15
|
+
When I press back masquerade button
|
|
16
|
+
Then I should be login as owner user
|
|
17
|
+
|
|
18
|
+
Scenario: Use back button with session
|
|
19
|
+
Given I logged in
|
|
20
|
+
And devise masquerade configured to use session
|
|
8
21
|
And I have a user for masquerade
|
|
9
22
|
|
|
10
23
|
When I am on the users page
|
|
@@ -3,8 +3,24 @@ Feature: Use back button for returning to the owner despite on expiration time.
|
|
|
3
3
|
As an masquerade user
|
|
4
4
|
I want to be able to press a simple button on the page
|
|
5
5
|
|
|
6
|
-
Scenario: Use back button
|
|
6
|
+
Scenario: Use back button with cache
|
|
7
7
|
Given I logged in
|
|
8
|
+
And devise masquerade configured to use cache
|
|
9
|
+
And I have a user for masquerade
|
|
10
|
+
|
|
11
|
+
When I have devise masquerade expiration time in 1 second
|
|
12
|
+
|
|
13
|
+
When I am on the users page
|
|
14
|
+
And I login as one user
|
|
15
|
+
Then I should be login as this user
|
|
16
|
+
And I waited for 2 seconds
|
|
17
|
+
|
|
18
|
+
When I press back masquerade button
|
|
19
|
+
Then I should be login as owner user
|
|
20
|
+
|
|
21
|
+
Scenario: Use back button with session
|
|
22
|
+
Given I logged in
|
|
23
|
+
And devise masquerade configured to use session
|
|
8
24
|
And I have a user for masquerade
|
|
9
25
|
|
|
10
26
|
When I have devise masquerade expiration time in 1 second
|
|
@@ -9,3 +9,10 @@ Given /^I logged in$/ do
|
|
|
9
9
|
click_on 'Log in'
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
+
Given("devise masquerade configured to use cache") do
|
|
13
|
+
Devise.masquerade_storage_method = :cache
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
Given("devise masquerade configured to use session") do
|
|
17
|
+
Devise.masquerade_storage_method = :session
|
|
18
|
+
end
|
|
@@ -43,13 +43,22 @@ module DeviseMasquerade
|
|
|
43
43
|
return false if current_#{name}.blank?
|
|
44
44
|
return false if session[#{name}_helper_session_key].blank?
|
|
45
45
|
|
|
46
|
-
|
|
46
|
+
if Devise.masquerade_storage_method_session?
|
|
47
|
+
session[#{name}_helper_session_key].present?
|
|
48
|
+
else
|
|
49
|
+
::Rails.cache.exist?(#{name}_helper_session_key).present?
|
|
50
|
+
end
|
|
47
51
|
end
|
|
48
52
|
|
|
49
53
|
def #{name}_masquerade_owner
|
|
50
54
|
return unless send(:#{name}_masquerade?)
|
|
51
55
|
|
|
52
|
-
sgid =
|
|
56
|
+
sgid = if Devise.masquerade_storage_method_session?
|
|
57
|
+
session[#{name}_helper_session_key]
|
|
58
|
+
else
|
|
59
|
+
::Rails.cache.read(#{name}_helper_session_key)
|
|
60
|
+
end
|
|
61
|
+
|
|
53
62
|
GlobalID::Locator.locate_signed(sgid, for: 'masquerade')
|
|
54
63
|
end
|
|
55
64
|
|
data/lib/devise_masquerade.rb
CHANGED
|
@@ -39,6 +39,20 @@ module Devise
|
|
|
39
39
|
# Example: Devise.masquerading_resource_name = :admin_user
|
|
40
40
|
mattr_accessor :masquerading_resource_name
|
|
41
41
|
|
|
42
|
+
# Example: Devise.masquerade_storage_method = :session
|
|
43
|
+
# - session
|
|
44
|
+
# - cache
|
|
45
|
+
mattr_accessor :masquerade_storage_method
|
|
46
|
+
@@masquerade_storage_method = :session
|
|
47
|
+
|
|
48
|
+
def self.masquerade_storage_method_session?
|
|
49
|
+
Devise.masquerade_storage_method == :session
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
def self.masquerade_storage_method_cache?
|
|
53
|
+
Devise.masquerade_storage_method == :cache
|
|
54
|
+
end
|
|
55
|
+
|
|
42
56
|
@@helpers << DeviseMasquerade::Controllers::Helpers
|
|
43
57
|
end
|
|
44
58
|
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe Devise::MasqueradesController, type: :controller do
|
|
4
|
+
before { Devise.masquerade_storage_method = :cache }
|
|
5
|
+
after { Devise.masquerade_storage_method = :session }
|
|
6
|
+
|
|
4
7
|
context 'with configured devise app' do
|
|
5
8
|
before { @request.env['devise.mapping'] = Devise.mappings[:user] }
|
|
6
9
|
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe MasqueradesTestsController, type: :controller do
|
|
4
|
+
before { Devise.masquerade_storage_method = :cache }
|
|
5
|
+
after { Devise.masquerade_storage_method = :session }
|
|
6
|
+
|
|
4
7
|
before { @request.env['devise.mapping'] = Devise.mappings[:user] }
|
|
5
8
|
|
|
6
9
|
context 'no access for masquerade' do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_masquerade
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandr Korsak
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-10-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|