devise_masquerade 1.3.3 → 1.3.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/app/controllers/devise/masquerades_controller.rb +53 -40
- data/features/expires_masquerade.feature +18 -0
- data/features/step_definitions/expires_steps.rb +9 -0
- data/lib/devise_masquerade/controllers/helpers.rb +11 -3
- data/lib/devise_masquerade/version.rb +1 -1
- data/spec/controllers/devise/masquerades_controller_spec.rb +3 -3
- data/spec/controllers/masquerades_tests_controller_spec.rb +2 -2
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f3c384ee31658834131c95ec34bc376340a9f7d8b7d237ed97316f6e61eb5ee
|
|
4
|
+
data.tar.gz: 78f66fc23c43a3db4eef66c98e15447decfea5627b2900c2ee827785a3b0cdd2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a6b318f8d335a53524a94d24b5c1bc78c41bc308200a0eed543fabdfb891e63a1d119efee269282f9f2e4e1d1a7dd27161076ed9465c3ac55b188f2127dce429
|
|
7
|
+
data.tar.gz: 0d39bbd0099a4d70496ece49d3db3e955eadbcb14bc20accfcc9fcc90c070b9e7aa5b697ce91367c7d20590a218d182fe99b7d0c37b220fd4bbb59ee1f6c5bde
|
data/Gemfile.lock
CHANGED
|
@@ -9,44 +9,53 @@ class Devise::MasqueradesController < DeviseController
|
|
|
9
9
|
prepend_before_action :authenticate_scope!, only: :show
|
|
10
10
|
prepend_before_action :masquerade_authorize!
|
|
11
11
|
|
|
12
|
-
|
|
12
|
+
def show
|
|
13
|
+
if send("#{masqueraded_resource_name}_masquerade?")
|
|
14
|
+
resource = send("current_#{masquerading_resource_name}")
|
|
13
15
|
|
|
14
|
-
|
|
16
|
+
go_back(resource, path: after_masquerade_full_path_for(resource))
|
|
17
|
+
else
|
|
18
|
+
masqueradable_resource = find_masqueradable_resource
|
|
15
19
|
|
|
16
|
-
|
|
17
|
-
self.resource = find_resource
|
|
20
|
+
save_masquerade_owner_session(masqueradable_resource)
|
|
18
21
|
|
|
19
|
-
|
|
22
|
+
resource = masqueradable_resource
|
|
20
23
|
sign_out(send("current_#{masquerading_resource_name}"))
|
|
21
|
-
end
|
|
22
24
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
25
|
+
unless resource
|
|
26
|
+
flash[:error] = "#{masqueraded_resource_class} not found."
|
|
27
|
+
redirect_to(new_user_session_path) and return
|
|
28
|
+
end
|
|
27
29
|
|
|
28
|
-
|
|
30
|
+
request.env['devise.skip_trackable'] = '1'
|
|
29
31
|
|
|
30
|
-
|
|
32
|
+
masquerade_sign_in(resource)
|
|
31
33
|
|
|
32
|
-
|
|
34
|
+
go_back(resource, path: after_masquerade_full_path_for(resource))
|
|
35
|
+
end
|
|
33
36
|
end
|
|
34
37
|
|
|
35
38
|
def back
|
|
36
|
-
unless send("#{masqueraded_resource_name}
|
|
37
|
-
|
|
38
|
-
|
|
39
|
+
unless send("#{masqueraded_resource_name}_masquerade?")
|
|
40
|
+
resource = send("current_#{masqueraded_resource_name}")
|
|
41
|
+
go_back(resource, path: after_back_masquerade_path_for(resource))
|
|
42
|
+
else
|
|
43
|
+
masqueradable_resource = send("current_#{masqueraded_resource_name}")
|
|
39
44
|
|
|
40
|
-
|
|
45
|
+
unless send("#{masqueraded_resource_name}_signed_in?")
|
|
46
|
+
head(401) and return
|
|
47
|
+
end
|
|
41
48
|
|
|
42
|
-
|
|
49
|
+
resource = find_owner_resource(masqueradable_resource)
|
|
43
50
|
sign_out(send("current_#{masqueraded_resource_name}"))
|
|
44
|
-
end
|
|
45
51
|
|
|
46
|
-
|
|
47
|
-
|
|
52
|
+
sign_in(resource)
|
|
53
|
+
request.env['devise.skip_trackable'] = nil
|
|
54
|
+
|
|
55
|
+
go_back(resource, path: after_back_masquerade_path_for(resource))
|
|
48
56
|
|
|
49
|
-
|
|
57
|
+
cleanup_masquerade_owner_session(masqueradable_resource)
|
|
58
|
+
end
|
|
50
59
|
end
|
|
51
60
|
|
|
52
61
|
protected
|
|
@@ -59,12 +68,14 @@ class Devise::MasqueradesController < DeviseController
|
|
|
59
68
|
true
|
|
60
69
|
end
|
|
61
70
|
|
|
62
|
-
def
|
|
63
|
-
GlobalID::Locator.locate_signed
|
|
71
|
+
def find_masqueradable_resource
|
|
72
|
+
GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
|
|
64
73
|
end
|
|
65
74
|
|
|
66
|
-
def find_owner_resource
|
|
67
|
-
|
|
75
|
+
def find_owner_resource(masqueradable_resource)
|
|
76
|
+
skey = session_key(masqueradable_resource)
|
|
77
|
+
|
|
78
|
+
GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
|
|
68
79
|
end
|
|
69
80
|
|
|
70
81
|
def go_back(user, path:)
|
|
@@ -129,27 +140,29 @@ class Devise::MasqueradesController < DeviseController
|
|
|
129
140
|
'/'
|
|
130
141
|
end
|
|
131
142
|
|
|
132
|
-
def save_masquerade_owner_session
|
|
133
|
-
|
|
134
|
-
expires_in: Devise.masquerade_expires_in, for: 'masquerade')
|
|
135
|
-
# skip sharing owner id via session
|
|
136
|
-
Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
|
|
143
|
+
def save_masquerade_owner_session(masqueradable_resource)
|
|
144
|
+
skey = session_key(masqueradable_resource)
|
|
137
145
|
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
146
|
+
resource_gid = send("current_#{masquerading_resource_name}").to_sgid(for: 'masquerade')
|
|
147
|
+
|
|
148
|
+
# skip sharing owner id via session
|
|
149
|
+
Rails.cache.write(skey, resource_gid)
|
|
150
|
+
session[skey] = true
|
|
151
|
+
session[session_key_masquerading_resource_class] = masquerading_resource_class.name
|
|
152
|
+
session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
|
|
142
153
|
end
|
|
143
154
|
|
|
144
|
-
def cleanup_masquerade_owner_session
|
|
145
|
-
|
|
155
|
+
def cleanup_masquerade_owner_session(masqueradable_resource)
|
|
156
|
+
skey = session_key(masqueradable_resource)
|
|
146
157
|
|
|
158
|
+
Rails.cache.delete(skey)
|
|
159
|
+
session.delete(skey)
|
|
147
160
|
session.delete(session_key_masqueraded_resource_class)
|
|
148
161
|
session.delete(session_key_masquerading_resource_class)
|
|
149
162
|
end
|
|
150
163
|
|
|
151
|
-
def session_key
|
|
152
|
-
"devise_masquerade_#{masqueraded_resource_name}".to_sym
|
|
164
|
+
def session_key(masqueradable_resource)
|
|
165
|
+
"devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
|
|
153
166
|
end
|
|
154
167
|
|
|
155
168
|
def session_key_masqueraded_resource_class
|
|
@@ -157,6 +170,6 @@ class Devise::MasqueradesController < DeviseController
|
|
|
157
170
|
end
|
|
158
171
|
|
|
159
172
|
def session_key_masquerading_resource_class
|
|
160
|
-
|
|
173
|
+
"devise_masquerade_masquerading_resource_class"
|
|
161
174
|
end
|
|
162
175
|
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
Feature: Use back button for returning to the owner despite on expiration time.
|
|
2
|
+
In order to back to the owner user
|
|
3
|
+
As an masquerade user
|
|
4
|
+
I want to be able to press a simple button on the page
|
|
5
|
+
|
|
6
|
+
Scenario: Use back button
|
|
7
|
+
Given I logged in
|
|
8
|
+
And I have a user for masquerade
|
|
9
|
+
|
|
10
|
+
When I have devise masquerade expiration time in 1 second
|
|
11
|
+
|
|
12
|
+
When I am on the users page
|
|
13
|
+
And I login as one user
|
|
14
|
+
Then I should be login as this user
|
|
15
|
+
And I waited for 2 seconds
|
|
16
|
+
|
|
17
|
+
When I press back masquerade button
|
|
18
|
+
Then I should be login as owner user
|
|
@@ -38,12 +38,20 @@ module DeviseMasquerade
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
def #{name}_masquerade?
|
|
41
|
-
|
|
41
|
+
return false if current_#{name}.blank?
|
|
42
|
+
|
|
43
|
+
key = "devise_masquerade_#{name}_" + current_#{name}.to_param
|
|
44
|
+
return false if session[key].blank?
|
|
45
|
+
|
|
46
|
+
::Rails.cache.exist?(key.to_sym).present?
|
|
42
47
|
end
|
|
43
48
|
|
|
44
49
|
def #{name}_masquerade_owner
|
|
45
|
-
return
|
|
46
|
-
|
|
50
|
+
return unless send(:#{name}_masquerade?)
|
|
51
|
+
|
|
52
|
+
key = "devise_masquerade_#{name}_" + current_#{name}.to_param
|
|
53
|
+
sgid = ::Rails.cache.read(key.to_sym)
|
|
54
|
+
GlobalID::Locator.locate_signed(sgid, for: 'masquerade')
|
|
47
55
|
end
|
|
48
56
|
|
|
49
57
|
private
|
|
@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
14
14
|
get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
it { expect(Rails.cache.read(
|
|
17
|
+
it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
|
|
18
18
|
|
|
19
19
|
it 'should have warden keys defined' do
|
|
20
20
|
expect(session["warden.user.student.key"].first.first).to eq(mask.id)
|
|
@@ -30,7 +30,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
30
30
|
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
it { expect(Rails.cache.read(
|
|
33
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
|
|
34
34
|
it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
|
|
35
35
|
it { should redirect_to('/') }
|
|
36
36
|
|
|
@@ -39,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
39
39
|
|
|
40
40
|
it { should redirect_to(masquerade_page) }
|
|
41
41
|
it { expect(current_user.reload).to eq(@user) }
|
|
42
|
-
it { expect(Rails.cache.read(
|
|
42
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
|
|
@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
16
16
|
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
|
17
17
|
|
|
18
18
|
it { expect(response.status).to eq(403) }
|
|
19
|
-
it { expect(Rails.cache.read(
|
|
19
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
|
|
20
20
|
it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
|
|
21
21
|
end
|
|
22
22
|
|
|
@@ -35,7 +35,7 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
it { expect(response.status).to eq(302) }
|
|
38
|
-
it { expect(Rails.cache.read(
|
|
38
|
+
it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
|
|
39
39
|
it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
|
|
40
40
|
end
|
|
41
41
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_masquerade
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandr Korsak
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -92,9 +92,11 @@ files:
|
|
|
92
92
|
- config/environment.rb
|
|
93
93
|
- devise_masquerade.gemspec
|
|
94
94
|
- features/back.feature
|
|
95
|
+
- features/expires_masquerade.feature
|
|
95
96
|
- features/multiple_masquerading_models.feature
|
|
96
97
|
- features/step_definitions/auth_steps.rb
|
|
97
98
|
- features/step_definitions/back_steps.rb
|
|
99
|
+
- features/step_definitions/expires_steps.rb
|
|
98
100
|
- features/step_definitions/url_helpers_steps.rb
|
|
99
101
|
- features/support/env.rb
|
|
100
102
|
- features/url_helpers.feature
|
|
@@ -185,9 +187,11 @@ specification_version: 4
|
|
|
185
187
|
summary: use for login as functionallity on your admin users pages
|
|
186
188
|
test_files:
|
|
187
189
|
- features/back.feature
|
|
190
|
+
- features/expires_masquerade.feature
|
|
188
191
|
- features/multiple_masquerading_models.feature
|
|
189
192
|
- features/step_definitions/auth_steps.rb
|
|
190
193
|
- features/step_definitions/back_steps.rb
|
|
194
|
+
- features/step_definitions/expires_steps.rb
|
|
191
195
|
- features/step_definitions/url_helpers_steps.rb
|
|
192
196
|
- features/support/env.rb
|
|
193
197
|
- features/url_helpers.feature
|