devise_masquerade 1.3.8 → 1.3.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +1 -5
- data/Gemfile.lock +5 -5
- data/README.md +16 -10
- data/app/controllers/devise/masquerades_controller.rb +27 -8
- data/lib/devise_masquerade/controllers/helpers.rb +11 -6
- data/lib/devise_masquerade/controllers/url_helpers.rb +3 -3
- data/lib/devise_masquerade/version.rb +1 -1
- data/spec/controllers/devise/masquerades_controller_spec.rb +18 -3
- data/spec/controllers/masquerades_tests_controller_spec.rb +15 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dd8da5271e7816c4823e6208ddb3d164065463a69d0be4d12bc6b6cdd6314102
|
|
4
|
+
data.tar.gz: 55e126ffbe80364b490ed85dd7235ad9de168614d0979d00e84ed0a9f7f31390
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f575ef0026f95fc117daaee22797f2a8495e20a33c2e100c70f40df91eb7c05ad4eb84fe39fd01b0a9b1403c23c0a00a657f0b9475c02ff17e1c89b1c5ffc642
|
|
7
|
+
data.tar.gz: f42b17cc00ff950387b8a44f079a575a4875788e97743e8cb923cf09e73e41da3aa9bff7cc819250d96ed1347fed1258745f8ddeaaa8a0274af651ffcda0ae09
|
data/.travis.yml
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -52,7 +52,7 @@ GIT
|
|
|
52
52
|
PATH
|
|
53
53
|
remote: .
|
|
54
54
|
specs:
|
|
55
|
-
devise_masquerade (1.3.
|
|
55
|
+
devise_masquerade (1.3.9)
|
|
56
56
|
devise (>= 4.7.0)
|
|
57
57
|
globalid (>= 0.3.6)
|
|
58
58
|
railties (>= 5.2.0)
|
|
@@ -93,7 +93,7 @@ GEM
|
|
|
93
93
|
minitest (~> 5.1)
|
|
94
94
|
tzinfo (~> 1.1)
|
|
95
95
|
zeitwerk (~> 2.1, >= 2.1.8)
|
|
96
|
-
addressable (2.
|
|
96
|
+
addressable (2.8.0)
|
|
97
97
|
public_suffix (>= 2.0.2, < 5.0)
|
|
98
98
|
archive-zip (0.12.0)
|
|
99
99
|
io-like (~> 0.3.0)
|
|
@@ -201,12 +201,12 @@ GEM
|
|
|
201
201
|
mime-types-data (~> 3.2015)
|
|
202
202
|
mime-types-data (3.2019.1009)
|
|
203
203
|
mini_mime (1.0.2)
|
|
204
|
-
mini_portile2 (2.5.
|
|
204
|
+
mini_portile2 (2.5.1)
|
|
205
205
|
minitest (5.12.2)
|
|
206
206
|
multi_json (1.14.1)
|
|
207
207
|
multi_test (0.1.2)
|
|
208
208
|
nenv (0.3.0)
|
|
209
|
-
nokogiri (1.11.
|
|
209
|
+
nokogiri (1.11.5)
|
|
210
210
|
mini_portile2 (~> 2.5.0)
|
|
211
211
|
racc (~> 1.4)
|
|
212
212
|
notiffany (0.1.3)
|
|
@@ -220,7 +220,7 @@ GEM
|
|
|
220
220
|
pry-byebug (3.7.0)
|
|
221
221
|
byebug (~> 11.0)
|
|
222
222
|
pry (~> 0.10)
|
|
223
|
-
public_suffix (4.0.
|
|
223
|
+
public_suffix (4.0.6)
|
|
224
224
|
racc (1.5.2)
|
|
225
225
|
rack (2.2.3)
|
|
226
226
|
rack-test (1.1.0)
|
data/README.md
CHANGED
|
@@ -1,15 +1,17 @@
|
|
|
1
1
|
# Devise Masquerade
|
|
2
|
-
[](https://gitter.im/oivoodoo/devise_masquerade?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
|
3
|
-
[](https://app.fossa.io/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade?ref=badge_shield)
|
|
4
2
|
|
|
5
|
-
[](https://gitter.im/oivoodoo/devise_masquerade?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
|
4
|
+
|
|
5
|
+
[](https://app.fossa.io/projects/git%2Bgithub.com%2Foivoodoo%2Fdevise_masquerade?ref=badge_shield)
|
|
6
6
|
|
|
7
|
-
[](https://travis-ci.org/oivoodoo/devise_masquerade)
|
|
8
8
|
|
|
9
|
-
[](https://codeclimate.com/github/oivoodoo/devise_masquerade/maintainability)
|
|
10
10
|
|
|
11
11
|
[](https://github.com/oivoodoo/devise_masquerade)
|
|
12
12
|
|
|
13
|
+
[Consulting](https://bitscorp.co)
|
|
14
|
+
|
|
13
15
|
It's a utility library for enabling functionallity like login as button for
|
|
14
16
|
admin.
|
|
15
17
|
|
|
@@ -31,7 +33,9 @@ And then execute:
|
|
|
31
33
|
|
|
32
34
|
In the view you can use url helper for defining link:
|
|
33
35
|
|
|
36
|
+
```ruby
|
|
34
37
|
= link_to "Login As", masquerade_path(user)
|
|
38
|
+
```
|
|
35
39
|
|
|
36
40
|
`masquerade_path` would create specific `/masquerade` path with query params `masquerade`(key) and `masqueraded_resource_class` to know
|
|
37
41
|
which model to choose to search and sign in by masquerade key.
|
|
@@ -62,9 +66,11 @@ Instead of user you can use your resource name admin, student or another names.
|
|
|
62
66
|
If you want to back to the owner of masquerade action user you could use
|
|
63
67
|
helpers:
|
|
64
68
|
|
|
69
|
+
```ruby
|
|
65
70
|
user_masquerade? # current user was masqueraded by owner?
|
|
66
71
|
|
|
67
72
|
= link_to "Reverse masquerade", back_masquerade_path(current_user)
|
|
73
|
+
```
|
|
68
74
|
|
|
69
75
|
## Custom controller for adding cancan for authorization
|
|
70
76
|
|
|
@@ -162,12 +168,12 @@ in `routes.rb`:
|
|
|
162
168
|
Devise.masquerade_key_size = 16 # size of the generate by SecureRandom.urlsafe_base64
|
|
163
169
|
Devise.masquerade_bypass_warden_callback = false
|
|
164
170
|
Devise.masquerade_routes_back = false # if true, route back to the page the user was on via redirect_back
|
|
165
|
-
Devise.masquerading_resource_class =
|
|
171
|
+
Devise.masquerading_resource_class = AdminUser
|
|
166
172
|
# optional, default: masquerading_resource_class.model_name.param_key
|
|
167
|
-
Devise.masquerading_resource_name = :
|
|
168
|
-
Devise.masqueraded_resource_class =
|
|
173
|
+
Devise.masquerading_resource_name = :admin_user
|
|
174
|
+
Devise.masqueraded_resource_class = User
|
|
169
175
|
# optional, default: masqueraded_resource_class.model_name.param_key
|
|
170
|
-
Devise.masqueraded_resource_name = :
|
|
176
|
+
Devise.masqueraded_resource_name = :user
|
|
171
177
|
```
|
|
172
178
|
|
|
173
179
|
## Demo project
|
|
@@ -181,7 +187,7 @@ And check http://localhost:3000/, use for login user1@example.com and
|
|
|
181
187
|
|
|
182
188
|
## Troubleshooting
|
|
183
189
|
|
|
184
|
-
Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Chances are that you need to enable caching:
|
|
190
|
+
Are you working in development mode and wondering why masquerade attempts result in a [Receiving "You are already signed in" flash[:error]](https://github.com/oivoodoo/devise_masquerade/issues/58) message? `Filter chain halted as :require_no_authentication rendered or redirected` showing up in your logfile? Do you find that your `user_masquerade?` method is always returning false? Chances are that you need to enable caching:
|
|
185
191
|
|
|
186
192
|
rails dev:cache
|
|
187
193
|
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require 'securerandom'
|
|
2
|
+
|
|
1
3
|
class Devise::MasqueradesController < DeviseController
|
|
2
4
|
Devise.mappings.each do |name, _|
|
|
3
5
|
class_eval <<-METHODS, __FILE__, __LINE__ + 1
|
|
@@ -11,7 +13,7 @@ class Devise::MasqueradesController < DeviseController
|
|
|
11
13
|
|
|
12
14
|
def show
|
|
13
15
|
if send("#{masqueraded_resource_name}_masquerade?")
|
|
14
|
-
resource =
|
|
16
|
+
resource = masquerading_current_user
|
|
15
17
|
|
|
16
18
|
go_back(resource, path: after_masquerade_full_path_for(resource))
|
|
17
19
|
else
|
|
@@ -20,7 +22,7 @@ class Devise::MasqueradesController < DeviseController
|
|
|
20
22
|
save_masquerade_owner_session(masqueradable_resource)
|
|
21
23
|
|
|
22
24
|
resource = masqueradable_resource
|
|
23
|
-
sign_out(
|
|
25
|
+
sign_out(masquerading_current_user)
|
|
24
26
|
|
|
25
27
|
unless resource
|
|
26
28
|
flash[:error] = "#{masqueraded_resource_class} not found."
|
|
@@ -73,7 +75,7 @@ class Devise::MasqueradesController < DeviseController
|
|
|
73
75
|
end
|
|
74
76
|
|
|
75
77
|
def find_owner_resource(masqueradable_resource)
|
|
76
|
-
skey = session_key(masqueradable_resource)
|
|
78
|
+
skey = session_key(masqueradable_resource, masquerading_guid)
|
|
77
79
|
|
|
78
80
|
GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
|
|
79
81
|
end
|
|
@@ -141,7 +143,9 @@ class Devise::MasqueradesController < DeviseController
|
|
|
141
143
|
end
|
|
142
144
|
|
|
143
145
|
def save_masquerade_owner_session(masqueradable_resource)
|
|
144
|
-
|
|
146
|
+
guid = SecureRandom.uuid
|
|
147
|
+
|
|
148
|
+
skey = session_key(masqueradable_resource, guid)
|
|
145
149
|
|
|
146
150
|
resource_gid = send("current_#{masquerading_resource_name}").to_sgid(for: 'masquerade')
|
|
147
151
|
|
|
@@ -150,19 +154,21 @@ class Devise::MasqueradesController < DeviseController
|
|
|
150
154
|
session[skey] = true
|
|
151
155
|
session[session_key_masquerading_resource_class] = masquerading_resource_class.name
|
|
152
156
|
session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
|
|
157
|
+
session[session_key_masquerading_resource_guid] = guid
|
|
153
158
|
end
|
|
154
159
|
|
|
155
160
|
def cleanup_masquerade_owner_session(masqueradable_resource)
|
|
156
|
-
skey = session_key(masqueradable_resource)
|
|
161
|
+
skey = session_key(masqueradable_resource, masquerading_guid)
|
|
157
162
|
|
|
158
163
|
Rails.cache.delete(skey)
|
|
159
164
|
session.delete(skey)
|
|
160
165
|
session.delete(session_key_masqueraded_resource_class)
|
|
161
166
|
session.delete(session_key_masquerading_resource_class)
|
|
167
|
+
session.delete(session_key_masquerading_resource_guid)
|
|
162
168
|
end
|
|
163
169
|
|
|
164
|
-
def session_key(masqueradable_resource)
|
|
165
|
-
"devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
|
|
170
|
+
def session_key(masqueradable_resource, guid)
|
|
171
|
+
"devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}_#{guid}".to_sym
|
|
166
172
|
end
|
|
167
173
|
|
|
168
174
|
def session_key_masqueraded_resource_class
|
|
@@ -170,6 +176,19 @@ class Devise::MasqueradesController < DeviseController
|
|
|
170
176
|
end
|
|
171
177
|
|
|
172
178
|
def session_key_masquerading_resource_class
|
|
173
|
-
|
|
179
|
+
"devise_masquerade_masquerading_resource_class"
|
|
180
|
+
end
|
|
181
|
+
|
|
182
|
+
def session_key_masquerading_resource_guid
|
|
183
|
+
"devise_masquerade_masquerading_resource_guid"
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
def masquerading_current_user
|
|
187
|
+
send("current_#{masquerading_resource_name}")
|
|
188
|
+
end
|
|
189
|
+
|
|
190
|
+
def masquerading_guid
|
|
191
|
+
session[session_key_masquerading_resource_guid]
|
|
174
192
|
end
|
|
175
193
|
end
|
|
194
|
+
|
|
@@ -39,23 +39,28 @@ module DeviseMasquerade
|
|
|
39
39
|
|
|
40
40
|
def #{name}_masquerade?
|
|
41
41
|
return false if current_#{name}.blank?
|
|
42
|
+
return false if session[#{name}_helper_session_key].blank?
|
|
42
43
|
|
|
43
|
-
|
|
44
|
-
return false if session[key].blank?
|
|
45
|
-
|
|
46
|
-
::Rails.cache.exist?(key.to_sym).present?
|
|
44
|
+
::Rails.cache.exist?(#{name}_helper_session_key).present?
|
|
47
45
|
end
|
|
48
46
|
|
|
49
47
|
def #{name}_masquerade_owner
|
|
50
48
|
return unless send(:#{name}_masquerade?)
|
|
51
49
|
|
|
52
|
-
|
|
53
|
-
sgid = ::Rails.cache.read(key.to_sym)
|
|
50
|
+
sgid = ::Rails.cache.read(#{name}_helper_session_key)
|
|
54
51
|
GlobalID::Locator.locate_signed(sgid, for: 'masquerade')
|
|
55
52
|
end
|
|
56
53
|
|
|
57
54
|
private
|
|
58
55
|
|
|
56
|
+
def #{name}_helper_session_key
|
|
57
|
+
["devise_masquerade_#{name}", current_#{name}.to_param, #{name}_helper_masquerading_resource_guid].join("_")
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def #{name}_helper_masquerading_resource_guid
|
|
61
|
+
session["devise_masquerade_masquerading_resource_guid"].to_s
|
|
62
|
+
end
|
|
63
|
+
|
|
59
64
|
def masquerade_sign_in(resource)
|
|
60
65
|
if Devise.masquerade_bypass_warden_callback
|
|
61
66
|
if respond_to?(:bypass_sign_in)
|
|
@@ -8,9 +8,9 @@ module DeviseMasquerade
|
|
|
8
8
|
scope = Devise::Mapping.find_scope!(resource)
|
|
9
9
|
|
|
10
10
|
opts = args.shift || {}
|
|
11
|
-
opts
|
|
11
|
+
opts[:masqueraded_resource_class] = resource.class.name
|
|
12
12
|
|
|
13
|
-
opts
|
|
13
|
+
opts[Devise.masquerade_param] = resource.masquerade_key
|
|
14
14
|
|
|
15
15
|
send("#{scope}_masquerade_index_path", opts, *args)
|
|
16
16
|
end
|
|
@@ -19,7 +19,7 @@ module DeviseMasquerade
|
|
|
19
19
|
scope = Devise::Mapping.find_scope!(resource)
|
|
20
20
|
|
|
21
21
|
opts = args.first || {}
|
|
22
|
-
opts
|
|
22
|
+
opts[:masqueraded_resource_class] = resource.class.name
|
|
23
23
|
|
|
24
24
|
send("back_#{scope}_masquerade_index_path", opts, *args)
|
|
25
25
|
end
|
|
@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
14
14
|
get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
it { expect(
|
|
17
|
+
it { expect(cache_read(mask)).to be }
|
|
18
18
|
|
|
19
19
|
it 'should have warden keys defined' do
|
|
20
20
|
expect(session["warden.user.student.key"].first.first).to eq(mask.id)
|
|
@@ -22,6 +22,9 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
22
22
|
|
|
23
23
|
it { should redirect_to('/') }
|
|
24
24
|
end
|
|
25
|
+
end
|
|
26
|
+
context 'when logged in' do
|
|
27
|
+
before { logged_in }
|
|
25
28
|
|
|
26
29
|
describe '#masquerade user' do
|
|
27
30
|
let(:mask) { create(:user) }
|
|
@@ -30,7 +33,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
30
33
|
get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
|
|
31
34
|
end
|
|
32
35
|
|
|
33
|
-
it { expect(
|
|
36
|
+
it { expect(cache_read(mask)).to be }
|
|
34
37
|
it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
|
|
35
38
|
it { should redirect_to('/') }
|
|
36
39
|
|
|
@@ -39,7 +42,7 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
39
42
|
|
|
40
43
|
it { should redirect_to(masquerade_page) }
|
|
41
44
|
it { expect(current_user.reload).to eq(@user) }
|
|
42
|
-
it { expect(
|
|
45
|
+
it { expect(cache_read(mask)).not_to be }
|
|
43
46
|
end
|
|
44
47
|
end
|
|
45
48
|
|
|
@@ -107,4 +110,16 @@ describe Devise::MasqueradesController, type: :controller do
|
|
|
107
110
|
def masquerade_page
|
|
108
111
|
"/"
|
|
109
112
|
end
|
|
113
|
+
|
|
114
|
+
def guid
|
|
115
|
+
session[:devise_masquerade_masquerading_resource_guid]
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def cache_read(user)
|
|
119
|
+
Rails.cache.read(cache_key(user))
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
def cache_key(user)
|
|
123
|
+
"devise_masquerade_#{mask.class.name.downcase}_#{mask.to_param}_#{guid}"
|
|
124
|
+
end
|
|
110
125
|
end
|
|
@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
16
16
|
before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
|
|
17
17
|
|
|
18
18
|
it { expect(response.status).to eq(403) }
|
|
19
|
-
it { expect(
|
|
19
|
+
it { expect(cache_read(mask)).not_to be }
|
|
20
20
|
it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
|
|
21
21
|
end
|
|
22
22
|
|
|
@@ -35,7 +35,20 @@ describe MasqueradesTestsController, type: :controller do
|
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
it { expect(response.status).to eq(302) }
|
|
38
|
-
it { expect(
|
|
38
|
+
it { expect(cache_read(mask)).to be }
|
|
39
39
|
it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
|
|
40
40
|
end
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
def guid
|
|
44
|
+
session[:devise_masquerade_masquerading_resource_guid]
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def cache_read(user)
|
|
48
|
+
Rails.cache.read(cache_key(user))
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def cache_key(user)
|
|
52
|
+
"devise_masquerade_#{mask.class.name.downcase}_#{mask.to_param}_#{guid}"
|
|
53
|
+
end
|
|
41
54
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_masquerade
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandr Korsak
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-09-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|