devise_masquerade 1.3.2 → 1.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/app/controllers/devise/masquerades_controller.rb +33 -31
- data/features/expires_masquerade.feature +18 -0
- data/features/step_definitions/expires_steps.rb +9 -0
- data/lib/devise_masquerade/controllers/helpers.rb +11 -3
- data/lib/devise_masquerade/version.rb +1 -1
- data/spec/controllers/devise/masquerades_controller_spec.rb +3 -3
- data/spec/controllers/masquerades_tests_controller_spec.rb +2 -2
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5c612609f3eeb20d48b13ed9166d5a6e3631cf284bda1aceb67501686bb806ee
|
|
4
|
+
data.tar.gz: 7c1e2356ec14f72af05816534d037b2a1e344a5d482a28156f71053b4d1dab0e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7545f0259d8607d0f06738308704646fccfea3708f33b39408302afc9893ab1203d36a5f3cedebb12ab4fc9b150b198d7dbf6f984655bec3ff02aa4ab2e76c47
|
|
7
|
+
data.tar.gz: 5e0b106db2ce2d05b1bfcbd91c81730ce09560e248bea3b700c6ba9ad822bbad68adf19305763470817b76a0b18775a974ba431334a1c043c9e1abe5345aec96
|
data/Gemfile.lock
CHANGED
|
@@ -9,16 +9,13 @@ class Devise::MasqueradesController < DeviseController
|
|
|
9
9
|
prepend_before_action :authenticate_scope!, only: :show
|
|
10
10
|
prepend_before_action :masquerade_authorize!
|
|
11
11
|
|
|
12
|
-
before_action :save_masquerade_owner_session, only: :show
|
|
13
|
-
|
|
14
|
-
after_action :cleanup_masquerade_owner_session, only: :back
|
|
15
|
-
|
|
16
12
|
def show
|
|
17
|
-
|
|
13
|
+
masqueradable_resource = find_masqueradable_resource
|
|
18
14
|
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
15
|
+
save_masquerade_owner_session(masqueradable_resource)
|
|
16
|
+
|
|
17
|
+
self.resource = masqueradable_resource
|
|
18
|
+
sign_out(send("current_#{masquerading_resource_name}"))
|
|
22
19
|
|
|
23
20
|
unless resource
|
|
24
21
|
flash[:error] = "#{masqueraded_resource_class} not found."
|
|
@@ -33,20 +30,21 @@ class Devise::MasqueradesController < DeviseController
|
|
|
33
30
|
end
|
|
34
31
|
|
|
35
32
|
def back
|
|
33
|
+
masqueradable_resource = send("current_#{masqueraded_resource_name}")
|
|
34
|
+
|
|
36
35
|
unless send("#{masqueraded_resource_name}_signed_in?")
|
|
37
36
|
head(401) and return
|
|
38
37
|
end
|
|
39
38
|
|
|
40
|
-
self.resource = find_owner_resource
|
|
41
|
-
|
|
42
|
-
if resource.class != masqueraded_resource_class
|
|
43
|
-
sign_out(send("current_#{masqueraded_resource_name}"))
|
|
44
|
-
end
|
|
39
|
+
self.resource = find_owner_resource(masqueradable_resource)
|
|
40
|
+
sign_out(send("current_#{masqueraded_resource_name}"))
|
|
45
41
|
|
|
46
42
|
masquerade_sign_in(resource)
|
|
47
43
|
request.env['devise.skip_trackable'] = nil
|
|
48
44
|
|
|
49
45
|
go_back(resource, path: after_back_masquerade_path_for(resource))
|
|
46
|
+
|
|
47
|
+
cleanup_masquerade_owner_session(masqueradable_resource)
|
|
50
48
|
end
|
|
51
49
|
|
|
52
50
|
protected
|
|
@@ -59,12 +57,14 @@ class Devise::MasqueradesController < DeviseController
|
|
|
59
57
|
true
|
|
60
58
|
end
|
|
61
59
|
|
|
62
|
-
def
|
|
63
|
-
GlobalID::Locator.locate_signed
|
|
60
|
+
def find_masqueradable_resource
|
|
61
|
+
GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
|
|
64
62
|
end
|
|
65
63
|
|
|
66
|
-
def find_owner_resource
|
|
67
|
-
|
|
64
|
+
def find_owner_resource(masqueradable_resource)
|
|
65
|
+
skey = session_key(masqueradable_resource)
|
|
66
|
+
|
|
67
|
+
GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
|
|
68
68
|
end
|
|
69
69
|
|
|
70
70
|
def go_back(user, path:)
|
|
@@ -129,27 +129,29 @@ class Devise::MasqueradesController < DeviseController
|
|
|
129
129
|
'/'
|
|
130
130
|
end
|
|
131
131
|
|
|
132
|
-
def save_masquerade_owner_session
|
|
133
|
-
|
|
134
|
-
expires_in: Devise.masquerade_expires_in, for: 'masquerade')
|
|
135
|
-
# skip sharing owner id via session
|
|
136
|
-
Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
|
|
132
|
+
def save_masquerade_owner_session(masqueradable_resource)
|
|
133
|
+
skey = session_key(masqueradable_resource)
|
|
137
134
|
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
135
|
+
resource_gid = send("current_#{masquerading_resource_name}").to_sgid(for: 'masquerade')
|
|
136
|
+
|
|
137
|
+
# skip sharing owner id via session
|
|
138
|
+
Rails.cache.write(skey, resource_gid)
|
|
139
|
+
session[skey] = true
|
|
140
|
+
session[session_key_masquerading_resource_class] = masquerading_resource_class.name
|
|
141
|
+
session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
|
|
142
142
|
end
|
|
143
143
|
|
|
144
|
-
def cleanup_masquerade_owner_session
|
|
145
|
-
|
|
144
|
+
def cleanup_masquerade_owner_session(masqueradable_resource)
|
|
145
|
+
skey = session_key(masqueradable_resource)
|
|
146
146
|
|
|
147
|
+
Rails.cache.delete(skey)
|
|
148
|
+
session.delete(skey)
|
|
147
149
|
session.delete(session_key_masqueraded_resource_class)
|
|
148
150
|
session.delete(session_key_masquerading_resource_class)
|
|
149
151
|
end
|
|
150
152
|
|
|
151
|
-
def session_key
|
|
152
|
-
"devise_masquerade_#{masqueraded_resource_name}".to_sym
|
|
153
|
+
def session_key(masqueradable_resource)
|
|
154
|
+
"devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
|
|
153
155
|
end
|
|
154
156
|
|
|
155
157
|
def session_key_masqueraded_resource_class
|
|
@@ -157,6 +159,6 @@ class Devise::MasqueradesController < DeviseController
|
|
|
157
159
|
end
|
|
158
160
|
|
|
159
161
|
def session_key_masquerading_resource_class
|
|
160
|
-
|
|
162
|
+
"devise_masquerade_masquerading_resource_class"
|
|
161
163
|
end
|
|
162
164
|
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
Feature: Use back button for returning to the owner despite on expiration time.
|
|
2
|
+
In order to back to the owner user
|
|
3
|
+
As an masquerade user
|
|
4
|
+
I want to be able to press a simple button on the page
|
|
5
|
+
|
|
6
|
+
Scenario: Use back button
|
|
7
|
+
Given I logged in
|
|
8
|
+
And I have a user for masquerade
|
|
9
|
+
|
|
10
|
+
When I have devise masquerade expiration time in 1 second
|
|
11
|
+
|
|
12
|
+
When I am on the users page
|
|
13
|
+
And I login as one user
|
|
14
|
+
Then I should be login as this user
|
|
15
|
+
And I waited for 2 seconds
|
|
16
|
+
|
|
17
|
+
When I press back masquerade button
|
|
18
|
+
Then I should be login as owner user
|
|
@@ -38,12 +38,20 @@ module DeviseMasquerade
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
def #{name}_masquerade?
|
|
41
|
-
|
|
41
|
+
return false if current_#{name}.blank?
|
|
42
|
+
|
|
43
|
+
key = "devise_masquerade_#{name}_" + current_#{name}.to_param
|
|
44
|
+
return false if session[key].blank?
|
|
45
|
+
|
|
46
|
+
::Rails.cache.exist?(key.to_sym).present?
|
|
42
47
|
end
|
|
43
48
|
|
|
44
49
|
def #{name}_masquerade_owner
|
|
45
|
-
return
|
|
46
|
-
|
|
50
|
+
return unless send(:#{name}_masquerade?)
|
|
51
|
+
|
|
52
|
+
key = "devise_masquerade_#{name}_" + current_#{name}.to_param
|
|
53
|
+
sgid = ::Rails.cache.read(key.to_sym)
|
|
54
|
+
GlobalID::Locator.locate_signed(sgid, for: 'masquerade')
|
|
47
55
|
end
|
|
48
56
|
|
|
49
57
|
private
|
|
@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
14
14
|
get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
it { expect(Rails.cache.read(
|
|
17
|
+
it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
|
|
18
18
|
|
|
19
19
|
it 'should have warden keys defined' do
|
|
20
20
|
expect(session["warden.user.student.key"].first.first).to eq(mask.id)
|
|
@@ -30,7 +30,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
30
30
|
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
it { expect(Rails.cache.read(
|
|
33
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
|
|
34
34
|
it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
|
|
35
35
|
it { should redirect_to('/') }
|
|
36
36
|
|
|
@@ -39,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
39
39
|
|
|
40
40
|
it { should redirect_to(masquerade_page) }
|
|
41
41
|
it { expect(current_user.reload).to eq(@user) }
|
|
42
|
-
it { expect(Rails.cache.read(
|
|
42
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
|
|
@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
16
16
|
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
|
17
17
|
|
|
18
18
|
it { expect(response.status).to eq(403) }
|
|
19
|
-
it { expect(Rails.cache.read(
|
|
19
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
|
|
20
20
|
it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
|
|
21
21
|
end
|
|
22
22
|
|
|
@@ -35,7 +35,7 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
it { expect(response.status).to eq(302) }
|
|
38
|
-
it { expect(Rails.cache.read(
|
|
38
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
|
|
39
39
|
it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
|
|
40
40
|
end
|
|
41
41
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_masquerade
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandr Korsak
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -92,9 +92,11 @@ files:
|
|
|
92
92
|
- config/environment.rb
|
|
93
93
|
- devise_masquerade.gemspec
|
|
94
94
|
- features/back.feature
|
|
95
|
+
- features/expires_masquerade.feature
|
|
95
96
|
- features/multiple_masquerading_models.feature
|
|
96
97
|
- features/step_definitions/auth_steps.rb
|
|
97
98
|
- features/step_definitions/back_steps.rb
|
|
99
|
+
- features/step_definitions/expires_steps.rb
|
|
98
100
|
- features/step_definitions/url_helpers_steps.rb
|
|
99
101
|
- features/support/env.rb
|
|
100
102
|
- features/url_helpers.feature
|
|
@@ -185,9 +187,11 @@ specification_version: 4
|
|
|
185
187
|
summary: use for login as functionallity on your admin users pages
|
|
186
188
|
test_files:
|
|
187
189
|
- features/back.feature
|
|
190
|
+
- features/expires_masquerade.feature
|
|
188
191
|
- features/multiple_masquerading_models.feature
|
|
189
192
|
- features/step_definitions/auth_steps.rb
|
|
190
193
|
- features/step_definitions/back_steps.rb
|
|
194
|
+
- features/step_definitions/expires_steps.rb
|
|
191
195
|
- features/step_definitions/url_helpers_steps.rb
|
|
192
196
|
- features/support/env.rb
|
|
193
197
|
- features/url_helpers.feature
|