RubyGems - devise_masquerade - Versions diffs - 1.3.2 → 1.3.7 - Mend

devise_masquerade 1.3.2 → 1.3.7

Files changed (10) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/app/controllers/devise/masquerades_controller.rb +33 -31
data/features/expires_masquerade.feature +18 -0
data/features/step_definitions/expires_steps.rb +9 -0
data/lib/devise_masquerade/controllers/helpers.rb +11 -3
data/lib/devise_masquerade/version.rb +1 -1
data/spec/controllers/devise/masquerades_controller_spec.rb +3 -3
data/spec/controllers/masquerades_tests_controller_spec.rb +2 -2
metadata +6 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7b817222d25ead9ef77e2075ab3d2f86693659fea00373b9cd998c8dfc81becb
-  data.tar.gz: 7d95e96a4ed3f3c6addcb54fcab39fe0df54d6eeaf513e0d363035b61d1da46e
+  metadata.gz: 5c612609f3eeb20d48b13ed9166d5a6e3631cf284bda1aceb67501686bb806ee
+  data.tar.gz: 7c1e2356ec14f72af05816534d037b2a1e344a5d482a28156f71053b4d1dab0e
 SHA512:
-  metadata.gz: dcec6dae97ed366a03553c6762f4d042a256aed0765aec2fe39c64ea93ecf1f4593eb60e7d57555fc399b0f4ae818f6883e80b11974b0a88c17bdfb18831cc0d
-  data.tar.gz: 6814d659d4cb22cb9b88aacd55d0ca3a54c208248919b389174cb220d4bf856682fe6cfd3ce287ec03bdc9554baec3e3556d7b44c92139138daaf3467b44b682
+  metadata.gz: 7545f0259d8607d0f06738308704646fccfea3708f33b39408302afc9893ab1203d36a5f3cedebb12ab4fc9b150b198d7dbf6f984655bec3ff02aa4ab2e76c47
+  data.tar.gz: 5e0b106db2ce2d05b1bfcbd91c81730ce09560e248bea3b700c6ba9ad822bbad68adf19305763470817b76a0b18775a974ba431334a1c043c9e1abe5345aec96

data/Gemfile.lock CHANGED Viewed

@@ -52,7 +52,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise_masquerade (1.3.2)
+    devise_masquerade (1.3.7)
       devise (>= 4.7.0)
       globalid (>= 0.3.6)
       railties (>= 5.2.0)

data/app/controllers/devise/masquerades_controller.rb CHANGED Viewed

@@ -9,16 +9,13 @@ class Devise::MasqueradesController < DeviseController
   prepend_before_action :authenticate_scope!, only: :show
   prepend_before_action :masquerade_authorize!
-  before_action :save_masquerade_owner_session, only: :show
-  after_action :cleanup_masquerade_owner_session, only: :back
   def show
-    self.resource = find_resource
+    masqueradable_resource = find_masqueradable_resource
-    if resource.class != masquerading_resource_class
-      sign_out(send("current_#{masquerading_resource_name}"))
-    end
+    save_masquerade_owner_session(masqueradable_resource)
+    self.resource = masqueradable_resource
+    sign_out(send("current_#{masquerading_resource_name}"))
     unless resource
       flash[:error] = "#{masqueraded_resource_class} not found."
@@ -33,20 +30,21 @@ class Devise::MasqueradesController < DeviseController
   end
   def back
+    masqueradable_resource = send("current_#{masqueraded_resource_name}")
     unless send("#{masqueraded_resource_name}_signed_in?")
       head(401) and return
     end
-    self.resource = find_owner_resource
-    if resource.class != masqueraded_resource_class
-      sign_out(send("current_#{masqueraded_resource_name}"))
-    end
+    self.resource = find_owner_resource(masqueradable_resource)
+    sign_out(send("current_#{masqueraded_resource_name}"))
     masquerade_sign_in(resource)
     request.env['devise.skip_trackable'] = nil
     go_back(resource, path: after_back_masquerade_path_for(resource))
+    cleanup_masquerade_owner_session(masqueradable_resource)
   end
   protected
@@ -59,12 +57,14 @@ class Devise::MasqueradesController < DeviseController
     true
   end
-  def find_resource
-    GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
+  def find_masqueradable_resource
+    GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
   end
-  def find_owner_resource
-    GlobalID::Locator.locate_signed(Rails.cache.read(session_key), for: 'masquerade')
+  def find_owner_resource(masqueradable_resource)
+    skey = session_key(masqueradable_resource)
+    GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
   end
   def go_back(user, path:)
@@ -129,27 +129,29 @@ class Devise::MasqueradesController < DeviseController
     '/'
   end
-  def save_masquerade_owner_session
-    resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
-      expires_in: Devise.masquerade_expires_in, for: 'masquerade')
-    # skip sharing owner id via session
-    Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
+  def save_masquerade_owner_session(masqueradable_resource)
+    skey = session_key(masqueradable_resource)
-    unless session.key?(session_key)
-      session[session_key_masquerading_resource_class] = masquerading_resource_class.name
-      session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
-    end
+    resource_gid = send("current_#{masquerading_resource_name}").to_sgid(for: 'masquerade')
+    # skip sharing owner id via session
+    Rails.cache.write(skey, resource_gid)
+    session[skey] = true
+    session[session_key_masquerading_resource_class] = masquerading_resource_class.name
+    session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
   end
-  def cleanup_masquerade_owner_session
-    Rails.cache.delete(session_key)
+  def cleanup_masquerade_owner_session(masqueradable_resource)
+    skey = session_key(masqueradable_resource)
+    Rails.cache.delete(skey)
+    session.delete(skey)
     session.delete(session_key_masqueraded_resource_class)
     session.delete(session_key_masquerading_resource_class)
   end
-  def session_key
-    "devise_masquerade_#{masqueraded_resource_name}".to_sym
+  def session_key(masqueradable_resource)
+    "devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
   end
   def session_key_masqueraded_resource_class
@@ -157,6 +159,6 @@ class Devise::MasqueradesController < DeviseController
   end
   def session_key_masquerading_resource_class
-    "devise_masquerade_masquerading_resource_class"
+      "devise_masquerade_masquerading_resource_class"
   end
 end

data/features/expires_masquerade.feature ADDED Viewed

@@ -0,0 +1,18 @@
+Feature: Use back button for returning to the owner despite on expiration time.
+  In order to back to the owner user
+  As an masquerade user
+  I want to be able to press a simple button on the page
+  Scenario: Use back button
+    Given I logged in
+    And I have a user for masquerade
+    When I have devise masquerade expiration time in 1 second
+    When I am on the users page
+    And I login as one user
+      Then I should be login as this user
+      And I waited for 2 seconds
+    When I press back masquerade button
+      Then I should be login as owner user

data/features/step_definitions/expires_steps.rb ADDED Viewed

@@ -0,0 +1,9 @@
+When("I have devise masquerade expiration time in {int} second") do |seconds|
+  Devise.masquerade_expires_in = seconds.second
+end
+Then("I waited for {int} seconds") do |seconds|
+  sleep(seconds)
+  Devise.masquerade_expires_in = 5.minutes
+end

data/lib/devise_masquerade/controllers/helpers.rb CHANGED Viewed

@@ -38,12 +38,20 @@ module DeviseMasquerade
           end
           def #{name}_masquerade?
-            ::Rails.cache.exist?(:"devise_masquerade_#{name}").present?
+            return false if current_#{name}.blank?
+            key = "devise_masquerade_#{name}_" + current_#{name}.to_param
+            return false if session[key].blank?
+            ::Rails.cache.exist?(key.to_sym).present?
           end
           def #{name}_masquerade_owner
-            return nil unless send(:#{name}_masquerade?)
-            GlobalID::Locator.locate_signed(Rails.cache.read(:"devise_masquerade_#{name}"), for: 'masquerade')
+            return unless send(:#{name}_masquerade?)
+            key = "devise_masquerade_#{name}_" + current_#{name}.to_param
+            sgid = ::Rails.cache.read(key.to_sym)
+            GlobalID::Locator.locate_signed(sgid, for: 'masquerade')
           end
           private

data/lib/devise_masquerade/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module DeviseMasquerade
-  VERSION = '1.3.2'.freeze
+  VERSION = '1.3.7'.freeze
 end

data/spec/controllers/devise/masquerades_controller_spec.rb CHANGED Viewed

@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
           get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
         end
-        it { expect(Rails.cache.read('devise_masquerade_student')).to be }
+        it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
         it 'should have warden keys defined' do
           expect(session["warden.user.student.key"].first.first).to eq(mask.id)
@@ -30,7 +30,7 @@ describe Devise::MasqueradesController, type: :controller do
           get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
         end
-        it { expect(Rails.cache.read('devise_masquerade_user')).to be }
+        it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
         it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
         it { should redirect_to('/') }
@@ -39,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
           it { should redirect_to(masquerade_page) }
           it { expect(current_user.reload).to eq(@user) }
-          it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
+          it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
         end
       end

data/spec/controllers/masquerades_tests_controller_spec.rb CHANGED Viewed

@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
     before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
     it { expect(response.status).to eq(403) }
-    it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
+    it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
     it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
   end
@@ -35,7 +35,7 @@ describe MasqueradesTestsController, type: :controller do
     end
     it { expect(response.status).to eq(302) }
-    it { expect(Rails.cache.read('devise_masquerade_user')).to be }
+    it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
     it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_masquerade
 version: !ruby/object:Gem::Version
-  version: 1.3.2
+  version: 1.3.7
 platform: ruby
 authors:
 - Alexandr Korsak
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-10 00:00:00.000000000 Z
+date: 2021-04-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -92,9 +92,11 @@ files:
 - config/environment.rb
 - devise_masquerade.gemspec
 - features/back.feature
+- features/expires_masquerade.feature
 - features/multiple_masquerading_models.feature
 - features/step_definitions/auth_steps.rb
 - features/step_definitions/back_steps.rb
+- features/step_definitions/expires_steps.rb
 - features/step_definitions/url_helpers_steps.rb
 - features/support/env.rb
 - features/url_helpers.feature
@@ -185,9 +187,11 @@ specification_version: 4
 summary: use for login as functionallity on your admin users pages
 test_files:
 - features/back.feature
+- features/expires_masquerade.feature
 - features/multiple_masquerading_models.feature
 - features/step_definitions/auth_steps.rb
 - features/step_definitions/back_steps.rb
+- features/step_definitions/expires_steps.rb
 - features/step_definitions/url_helpers_steps.rb
 - features/support/env.rb
 - features/url_helpers.feature