devise_masquerade 1.3.8 → 1.3.11

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3f3c384ee31658834131c95ec34bc376340a9f7d8b7d237ed97316f6e61eb5ee
4
- data.tar.gz: 78f66fc23c43a3db4eef66c98e15447decfea5627b2900c2ee827785a3b0cdd2
3
+ metadata.gz: 02fcf52821938df133246e4b36ed07ee85ab96c036cd8da0cf35ace09c229491
4
+ data.tar.gz: 3247bf4be6fe21dc5ba5c83d804dab155d92286ef8c8c1625e92b181cb0c01dc
5
5
  SHA512:
6
- metadata.gz: a6b318f8d335a53524a94d24b5c1bc78c41bc308200a0eed543fabdfb891e63a1d119efee269282f9f2e4e1d1a7dd27161076ed9465c3ac55b188f2127dce429
7
- data.tar.gz: 0d39bbd0099a4d70496ece49d3db3e955eadbcb14bc20accfcc9fcc90c070b9e7aa5b697ce91367c7d20590a218d182fe99b7d0c37b220fd4bbb59ee1f6c5bde
6
+ metadata.gz: b6f6902ea81dd6d5ffef2cd48cfa7e5b4521906f912a02b3986117ef933ebea89d7b63f2d5eb43372c1ad76a84d63ae433f236394bd1c16e83891efcaa300760
7
+ data.tar.gz: 40b48f52e4a162e2033c13ccc6a9fabf2b882dcfd64ad236a27f08e20f54862fd3139d07cb8a0c780d50d3f3c6cc06f9e1e9ffaf2dd16ffd3e42a7a67930f144
data/.travis.yml CHANGED
@@ -1,12 +1,8 @@
1
1
  language: ruby
2
2
  rvm:
3
- - 2.5.1
4
3
  - 2.6.0
5
- - 2.7.2
6
- gemfile:
7
- - Gemfile
4
+ - 2.7.3
8
5
  script: time ./script/travis.sh
9
- sudo: false
10
6
  addons:
11
7
  apt:
12
8
  packages:
data/Gemfile.lock CHANGED
@@ -52,7 +52,7 @@ GIT
52
52
  PATH
53
53
  remote: .
54
54
  specs:
55
- devise_masquerade (1.3.8)
55
+ devise_masquerade (1.3.11)
56
56
  devise (>= 4.7.0)
57
57
  globalid (>= 0.3.6)
58
58
  railties (>= 5.2.0)
@@ -93,12 +93,12 @@ GEM
93
93
  minitest (~> 5.1)
94
94
  tzinfo (~> 1.1)
95
95
  zeitwerk (~> 2.1, >= 2.1.8)
96
- addressable (2.7.0)
96
+ addressable (2.8.0)
97
97
  public_suffix (>= 2.0.2, < 5.0)
98
98
  archive-zip (0.12.0)
99
99
  io-like (~> 0.3.0)
100
100
  backports (3.15.0)
101
- bcrypt (3.1.16)
101
+ bcrypt (3.1.17)
102
102
  bson (1.12.5)
103
103
  bson_ext (1.12.5)
104
104
  bson (~> 1.12.5)
@@ -142,7 +142,7 @@ GEM
142
142
  cucumber-tag_expressions (1.1.1)
143
143
  cucumber-wire (0.0.1)
144
144
  database_cleaner (1.0.1)
145
- devise (4.7.3)
145
+ devise (4.8.1)
146
146
  bcrypt (~> 3.0)
147
147
  orm_adapter (~> 0.1)
148
148
  railties (>= 4.1.0)
@@ -201,13 +201,13 @@ GEM
201
201
  mime-types-data (~> 3.2015)
202
202
  mime-types-data (3.2019.1009)
203
203
  mini_mime (1.0.2)
204
- mini_portile2 (2.5.0)
204
+ mini_portile2 (2.8.0)
205
205
  minitest (5.12.2)
206
206
  multi_json (1.14.1)
207
207
  multi_test (0.1.2)
208
208
  nenv (0.3.0)
209
- nokogiri (1.11.1)
210
- mini_portile2 (~> 2.5.0)
209
+ nokogiri (1.13.3)
210
+ mini_portile2 (~> 2.8.0)
211
211
  racc (~> 1.4)
212
212
  notiffany (0.1.3)
213
213
  nenv (~> 0.1)
@@ -220,8 +220,8 @@ GEM
220
220
  pry-byebug (3.7.0)
221
221
  byebug (~> 11.0)
222
222
  pry (~> 0.10)
223
- public_suffix (4.0.1)
224
- racc (1.5.2)
223
+ public_suffix (4.0.6)
224
+ racc (1.6.0)
225
225
  rack (2.2.3)
226
226
  rack-test (1.1.0)
227
227
  rack (>= 1.0, < 3)
data/README.md CHANGED
@@ -1,14 +1,14 @@
1
1
  # Devise Masquerade
2
- [![Gitter](https://badges.gitter.im/Join Chat.svg)](https://gitter.im/oivoodoo/devise_masquerade?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
3
- [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade?ref=badge_shield)
4
2
 
5
- [![Build Status](https://secure.travis-ci.org/oivoodoo/devise_masquerade.png?branch=master)](https://travis-ci.org/oivoodoo/devise_masquerade)
3
+ [![Gitter chat](https://badges.gitter.im/oivoodoo/devise_masquerade.svg)](https://gitter.im/oivoodoo/devise_masquerade?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
4
+
5
+ [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade?ref=badge_shield)
6
6
 
7
- [![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/oivoodoo/devise_masquerade)
7
+ [![Build Status](https://secure.travis-ci.org/oivoodoo/devise_masquerade.svg?branch=master)](https://travis-ci.org/oivoodoo/devise_masquerade)
8
8
 
9
- [![endorse](https://api.coderwall.com/oivoodoo/endorsecount.png)](https://coderwall.com/oivoodoo)
9
+ [![Maintainability](https://api.codeclimate.com/v1/badges/cf63d775dc014a7ebc03/maintainability)](https://codeclimate.com/github/oivoodoo/devise_masquerade/maintainability)
10
10
 
11
- [![Analytics](https://ga-beacon.appspot.com/UA-46818771-1/devise_masquerade/README.md)](https://github.com/oivoodoo/devise_masquerade)
11
+ [Consulting](https://bitscorp.co)
12
12
 
13
13
  It's a utility library for enabling functionallity like login as button for
14
14
  admin.
@@ -31,7 +31,9 @@ And then execute:
31
31
 
32
32
  In the view you can use url helper for defining link:
33
33
 
34
+ ```ruby
34
35
  = link_to "Login As", masquerade_path(user)
36
+ ```
35
37
 
36
38
  `masquerade_path` would create specific `/masquerade` path with query params `masquerade`(key) and `masqueraded_resource_class` to know
37
39
  which model to choose to search and sign in by masquerade key.
@@ -62,9 +64,11 @@ Instead of user you can use your resource name admin, student or another names.
62
64
  If you want to back to the owner of masquerade action user you could use
63
65
  helpers:
64
66
 
67
+ ```ruby
65
68
  user_masquerade? # current user was masqueraded by owner?
66
69
 
67
70
  = link_to "Reverse masquerade", back_masquerade_path(current_user)
71
+ ```
68
72
 
69
73
  ## Custom controller for adding cancan for authorization
70
74
 
@@ -162,12 +166,17 @@ in `routes.rb`:
162
166
  Devise.masquerade_key_size = 16 # size of the generate by SecureRandom.urlsafe_base64
163
167
  Devise.masquerade_bypass_warden_callback = false
164
168
  Devise.masquerade_routes_back = false # if true, route back to the page the user was on via redirect_back
165
- Devise.masquerading_resource_class = User
169
+ Devise.masquerading_resource_class = AdminUser
170
+ # optional: Devise.masquerading_resource_class = 'AdminUser'
171
+
166
172
  # optional, default: masquerading_resource_class.model_name.param_key
167
- Devise.masquerading_resource_name = :user
168
- Devise.masqueraded_resource_class = AdminUser
173
+ Devise.masquerading_resource_name = :admin_user
174
+
175
+ Devise.masqueraded_resource_class = User
176
+ # optional: Devise.masqueraded_resource_class_name = 'User'
177
+
169
178
  # optional, default: masqueraded_resource_class.model_name.param_key
170
- Devise.masqueraded_resource_name = :admin_user
179
+ Devise.masqueraded_resource_name = :user
171
180
  ```
172
181
 
173
182
  ## Demo project
@@ -181,7 +190,7 @@ And check http://localhost:3000/, use for login user1@example.com and
181
190
 
182
191
  ## Troubleshooting
183
192
 
184
- Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Chances are that you need to enable caching:
193
+ Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Do you find that your `user_masquerade?` method is always returning false? Chances are that you need to enable caching:
185
194
 
186
195
  rails dev:cache
187
196
 
@@ -1,3 +1,5 @@
1
+ require 'securerandom'
2
+
1
3
  class Devise::MasqueradesController < DeviseController
2
4
  Devise.mappings.each do |name, _|
3
5
  class_eval <<-METHODS, __FILE__, __LINE__ + 1
@@ -11,7 +13,7 @@ class Devise::MasqueradesController < DeviseController
11
13
 
12
14
  def show
13
15
  if send("#{masqueraded_resource_name}_masquerade?")
14
- resource = send("current_#{masquerading_resource_name}")
16
+ resource = masquerading_current_user
15
17
 
16
18
  go_back(resource, path: after_masquerade_full_path_for(resource))
17
19
  else
@@ -20,11 +22,11 @@ class Devise::MasqueradesController < DeviseController
20
22
  save_masquerade_owner_session(masqueradable_resource)
21
23
 
22
24
  resource = masqueradable_resource
23
- sign_out(send("current_#{masquerading_resource_name}"))
25
+ sign_out(masquerading_current_user)
24
26
 
25
27
  unless resource
26
28
  flash[:error] = "#{masqueraded_resource_class} not found."
27
- redirect_to(new_user_session_path) and return
29
+ redirect_to(send("new_#{masqueraded_resource_name}_session_path")) and return
28
30
  end
29
31
 
30
32
  request.env['devise.skip_trackable'] = '1'
@@ -73,7 +75,7 @@ class Devise::MasqueradesController < DeviseController
73
75
  end
74
76
 
75
77
  def find_owner_resource(masqueradable_resource)
76
- skey = session_key(masqueradable_resource)
78
+ skey = session_key(masqueradable_resource, masquerading_guid)
77
79
 
78
80
  GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
79
81
  end
@@ -96,7 +98,11 @@ class Devise::MasqueradesController < DeviseController
96
98
  unless session[session_key_masqueraded_resource_class].blank?
97
99
  session[session_key_masquerading_resource_class].constantize
98
100
  else
99
- Devise.masqueraded_resource_class || resource_class
101
+ if Devise.masqueraded_resource_class_name.present?
102
+ Devise.masqueraded_resource_class_name.constantize
103
+ else
104
+ Devise.masqueraded_resource_class || resource_class
105
+ end
100
106
  end
101
107
  end
102
108
  end
@@ -114,7 +120,11 @@ class Devise::MasqueradesController < DeviseController
114
120
  unless session[session_key_masquerading_resource_class].blank?
115
121
  session[session_key_masquerading_resource_class].constantize
116
122
  else
117
- Devise.masquerading_resource_class || resource_class
123
+ if Devise.masquerading_resource_class_name.present?
124
+ Devise.masquerading_resource_class_name.constantize
125
+ else
126
+ Devise.masquerading_resource_class || resource_class
127
+ end
118
128
  end
119
129
  end
120
130
  end
@@ -141,7 +151,9 @@ class Devise::MasqueradesController < DeviseController
141
151
  end
142
152
 
143
153
  def save_masquerade_owner_session(masqueradable_resource)
144
- skey = session_key(masqueradable_resource)
154
+ guid = SecureRandom.uuid
155
+
156
+ skey = session_key(masqueradable_resource, guid)
145
157
 
146
158
  resource_gid = send("current_#{masquerading_resource_name}").to_sgid(for: 'masquerade')
147
159
 
@@ -150,19 +162,21 @@ class Devise::MasqueradesController < DeviseController
150
162
  session[skey] = true
151
163
  session[session_key_masquerading_resource_class] = masquerading_resource_class.name
152
164
  session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
165
+ session[session_key_masquerading_resource_guid] = guid
153
166
  end
154
167
 
155
168
  def cleanup_masquerade_owner_session(masqueradable_resource)
156
- skey = session_key(masqueradable_resource)
169
+ skey = session_key(masqueradable_resource, masquerading_guid)
157
170
 
158
171
  Rails.cache.delete(skey)
159
172
  session.delete(skey)
160
173
  session.delete(session_key_masqueraded_resource_class)
161
174
  session.delete(session_key_masquerading_resource_class)
175
+ session.delete(session_key_masquerading_resource_guid)
162
176
  end
163
177
 
164
- def session_key(masqueradable_resource)
165
- "devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
178
+ def session_key(masqueradable_resource, guid)
179
+ "devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}_#{guid}".to_sym
166
180
  end
167
181
 
168
182
  def session_key_masqueraded_resource_class
@@ -170,6 +184,19 @@ class Devise::MasqueradesController < DeviseController
170
184
  end
171
185
 
172
186
  def session_key_masquerading_resource_class
173
- "devise_masquerade_masquerading_resource_class"
187
+ "devise_masquerade_masquerading_resource_class"
188
+ end
189
+
190
+ def session_key_masquerading_resource_guid
191
+ "devise_masquerade_masquerading_resource_guid"
192
+ end
193
+
194
+ def masquerading_current_user
195
+ send("current_#{masquerading_resource_name}")
196
+ end
197
+
198
+ def masquerading_guid
199
+ session[session_key_masquerading_resource_guid]
174
200
  end
175
201
  end
202
+
@@ -12,7 +12,9 @@ module DeviseMasquerade
12
12
  klass = unless params[:masqueraded_resource_class].blank?
13
13
  params[:masqueraded_resource_class].constantize
14
14
  else
15
- if Devise.masqueraded_resource_class
15
+ if Devise.masqueraded_resource_class_name.present?
16
+ Devise.masqueraded_resource_class_name.constantize
17
+ elsif Devise.masqueraded_resource_class
16
18
  Devise.masqueraded_resource_class
17
19
  elsif defined?(User)
18
20
  User
@@ -39,23 +41,28 @@ module DeviseMasquerade
39
41
 
40
42
  def #{name}_masquerade?
41
43
  return false if current_#{name}.blank?
44
+ return false if session[#{name}_helper_session_key].blank?
42
45
 
43
- key = "devise_masquerade_#{name}_" + current_#{name}.to_param
44
- return false if session[key].blank?
45
-
46
- ::Rails.cache.exist?(key.to_sym).present?
46
+ ::Rails.cache.exist?(#{name}_helper_session_key).present?
47
47
  end
48
48
 
49
49
  def #{name}_masquerade_owner
50
50
  return unless send(:#{name}_masquerade?)
51
51
 
52
- key = "devise_masquerade_#{name}_" + current_#{name}.to_param
53
- sgid = ::Rails.cache.read(key.to_sym)
52
+ sgid = ::Rails.cache.read(#{name}_helper_session_key)
54
53
  GlobalID::Locator.locate_signed(sgid, for: 'masquerade')
55
54
  end
56
55
 
57
56
  private
58
57
 
58
+ def #{name}_helper_session_key
59
+ ["devise_masquerade_#{name}", current_#{name}.to_param, #{name}_helper_masquerading_resource_guid].join("_")
60
+ end
61
+
62
+ def #{name}_helper_masquerading_resource_guid
63
+ session["devise_masquerade_masquerading_resource_guid"].to_s
64
+ end
65
+
59
66
  def masquerade_sign_in(resource)
60
67
  if Devise.masquerade_bypass_warden_callback
61
68
  if respond_to?(:bypass_sign_in)
@@ -8,9 +8,9 @@ module DeviseMasquerade
8
8
  scope = Devise::Mapping.find_scope!(resource)
9
9
 
10
10
  opts = args.shift || {}
11
- opts.merge!(masqueraded_resource_class: resource.class.name)
11
+ opts[:masqueraded_resource_class] = resource.class.name
12
12
 
13
- opts.merge!(Devise.masquerade_param => resource.masquerade_key)
13
+ opts[Devise.masquerade_param] = resource.masquerade_key
14
14
 
15
15
  send("#{scope}_masquerade_index_path", opts, *args)
16
16
  end
@@ -19,7 +19,7 @@ module DeviseMasquerade
19
19
  scope = Devise::Mapping.find_scope!(resource)
20
20
 
21
21
  opts = args.first || {}
22
- opts.merge!(masqueraded_resource_class: resource.class.name)
22
+ opts[:masqueraded_resource_class] = resource.class.name
23
23
 
24
24
  send("back_#{scope}_masquerade_index_path", opts, *args)
25
25
  end
@@ -1,3 +1,3 @@
1
1
  module DeviseMasquerade
2
- VERSION = '1.3.8'.freeze
2
+ VERSION = '1.3.11'.freeze
3
3
  end
@@ -24,12 +24,18 @@ module Devise
24
24
  # Example: Devise.masqueraded_resource_class = User
25
25
  mattr_accessor :masqueraded_resource_class
26
26
 
27
+ # Example: Devise.masqueraded_resource_class_name = 'User'
28
+ mattr_accessor :masqueraded_resource_class_name
29
+
27
30
  # Example: Devise.masqueraded_resource_name = :user
28
31
  mattr_accessor :masqueraded_resource_name
29
32
 
30
33
  # Example: Devise.masquerading_resource_class = AdminUser
31
34
  mattr_accessor :masquerading_resource_class
32
35
 
36
+ # Example: Devise.masquerading_resource_class_name = 'AdminUser'
37
+ mattr_accessor :masquerading_resource_class_name
38
+
33
39
  # Example: Devise.masquerading_resource_name = :admin_user
34
40
  mattr_accessor :masquerading_resource_name
35
41
 
@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
14
14
  get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
15
15
  end
16
16
 
17
- it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
17
+ it { expect(cache_read(mask)).to be }
18
18
 
19
19
  it 'should have warden keys defined' do
20
20
  expect(session["warden.user.student.key"].first.first).to eq(mask.id)
@@ -22,6 +22,9 @@ describe Devise::MasqueradesController, type: :controller do
22
22
 
23
23
  it { should redirect_to('/') }
24
24
  end
25
+ end
26
+ context 'when logged in' do
27
+ before { logged_in }
25
28
 
26
29
  describe '#masquerade user' do
27
30
  let(:mask) { create(:user) }
@@ -30,7 +33,7 @@ describe Devise::MasqueradesController, type: :controller do
30
33
  get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
31
34
  end
32
35
 
33
- it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
36
+ it { expect(cache_read(mask)).to be }
34
37
  it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
35
38
  it { should redirect_to('/') }
36
39
 
@@ -39,7 +42,7 @@ describe Devise::MasqueradesController, type: :controller do
39
42
 
40
43
  it { should redirect_to(masquerade_page) }
41
44
  it { expect(current_user.reload).to eq(@user) }
42
- it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
45
+ it { expect(cache_read(mask)).not_to be }
43
46
  end
44
47
  end
45
48
 
@@ -107,4 +110,16 @@ describe Devise::MasqueradesController, type: :controller do
107
110
  def masquerade_page
108
111
  "/"
109
112
  end
113
+
114
+ def guid
115
+ session[:devise_masquerade_masquerading_resource_guid]
116
+ end
117
+
118
+ def cache_read(user)
119
+ Rails.cache.read(cache_key(user))
120
+ end
121
+
122
+ def cache_key(user)
123
+ "devise_masquerade_#{mask.class.name.downcase}_#{mask.to_param}_#{guid}"
124
+ end
110
125
  end
@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
16
16
  before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
17
17
 
18
18
  it { expect(response.status).to eq(403) }
19
- it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
19
+ it { expect(cache_read(mask)).not_to be }
20
20
  it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
21
21
  end
22
22
 
@@ -35,7 +35,20 @@ describe MasqueradesTestsController, type: :controller do
35
35
  end
36
36
 
37
37
  it { expect(response.status).to eq(302) }
38
- it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
38
+ it { expect(cache_read(mask)).to be }
39
39
  it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
40
40
  end
41
+
42
+
43
+ def guid
44
+ session[:devise_masquerade_masquerading_resource_guid]
45
+ end
46
+
47
+ def cache_read(user)
48
+ Rails.cache.read(cache_key(user))
49
+ end
50
+
51
+ def cache_key(user)
52
+ "devise_masquerade_#{mask.class.name.downcase}_#{mask.to_param}_#{guid}"
53
+ end
41
54
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_masquerade
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.8
4
+ version: 1.3.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alexandr Korsak
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-04-28 00:00:00.000000000 Z
11
+ date: 2022-03-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler