devise_masquerade 0.3.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of devise_masquerade might be problematic. Click here for more details.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 417fd89c5319cada031d19c75351278a793d891f
|
4
|
+
data.tar.gz: 2beabc09bbe11a916c7cac22e58577c132feb7be
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b9aca21064db3b097059eb20a91bb42c2699458eee8f21e88d2ad7db56be5d97dae9a743cfece7fb91f93d829aa2bfac02d881064f53ccd5664e31fea19e1b11
|
7
|
+
data.tar.gz: e010d497e12e9bc3b3c7d875e01c99209f329fbe48fcf3d04dd29b03641b81c17526af8e9d9ec9e8ee8ecfc0d6509652c4a16ec1c319a71e0dd67d333e6547ab
|
data/README.md
CHANGED
@@ -87,6 +87,7 @@ in `routes.rb`:
|
|
87
87
|
Devise.masquerade_expires_in = 10.seconds
|
88
88
|
Devise.masquerade_key_size = 16 # size of the generate by SecureRandom.urlsafe_base64
|
89
89
|
Devise.masquerade_bypass_warden_callback = false
|
90
|
+
Devise.masquerade_routes_back = false # if true, route back to the page the user was on via redirect_back
|
90
91
|
|
91
92
|
## Demo project
|
92
93
|
|
@@ -35,7 +35,13 @@ class Devise::MasqueradesController < DeviseController
|
|
35
35
|
sign_in(self.resource)
|
36
36
|
end
|
37
37
|
|
38
|
-
|
38
|
+
if Devise.masquerade_routes_back && Rails::VERSION::MAJOR == 5
|
39
|
+
redirect_back(fallback_location: "#{after_masquerade_param_for(self.resource)}?#{after_masquerade_param_for(resource)}")
|
40
|
+
elsif Devise.masquerade_routes_back && request.env['HTTP_REFERER'].present?
|
41
|
+
redirect_to :back
|
42
|
+
else
|
43
|
+
redirect_to("#{after_masquerade_path_for(self.resource)}?#{after_masquerade_param_for(resource)}")
|
44
|
+
end
|
39
45
|
end
|
40
46
|
|
41
47
|
def back
|
@@ -58,7 +64,14 @@ class Devise::MasqueradesController < DeviseController
|
|
58
64
|
end
|
59
65
|
request.env["devise.skip_trackable"] = nil
|
60
66
|
|
61
|
-
|
67
|
+
if Devise.masquerade_routes_back && Rails::VERSION::MAJOR == 5
|
68
|
+
# If using the masquerade_routes_back and Rails 5
|
69
|
+
redirect_back(fallback_location: after_back_masquerade_path_for(owner_user))
|
70
|
+
elsif Devise.masquerade_routes_back && request.env['HTTP_REFERER'].present?
|
71
|
+
redirect_to :back
|
72
|
+
else
|
73
|
+
redirect_to after_back_masquerade_path_for(owner_user)
|
74
|
+
end
|
62
75
|
end
|
63
76
|
|
64
77
|
private
|
data/lib/devise_masquerade.rb
CHANGED
@@ -24,6 +24,9 @@ module Devise
|
|
24
24
|
mattr_accessor :masquerade_bypass_warden_callback
|
25
25
|
@@masquerade_bypass_warden_callback = false
|
26
26
|
|
27
|
+
mattr_accessor :masquerade_routes_back
|
28
|
+
@@masquerade_routes_back = false
|
29
|
+
|
27
30
|
@@helpers << DeviseMasquerade::Controllers::Helpers
|
28
31
|
end
|
29
32
|
|
@@ -26,6 +26,45 @@ describe Devise::MasqueradesController, type: :controller do
|
|
26
26
|
it { expect(current_user.reload).to eq(@user) }
|
27
27
|
it { expect(session.keys).not_to include('devise_masquerade_user') }
|
28
28
|
end
|
29
|
+
|
30
|
+
# Configure masquerade_routes_back setting
|
31
|
+
describe 'config#masquerade_routes_back' do
|
32
|
+
before { Devise.setup {|c| c.masquerade_routes_back = true } }
|
33
|
+
|
34
|
+
context 'show' do
|
35
|
+
before { expect(SecureRandom).to receive(:urlsafe_base64) { "secure_key" } }
|
36
|
+
|
37
|
+
context '< Rails 5 version' do
|
38
|
+
before do
|
39
|
+
@request.env['HTTP_REFERER'] = 'previous_location'
|
40
|
+
get :show, id: mask.to_param
|
41
|
+
end # before
|
42
|
+
|
43
|
+
it { should redirect_to('previous_location') }
|
44
|
+
end # context
|
45
|
+
|
46
|
+
context '< Rails 5, fallback if http_referer not present' do
|
47
|
+
before { get :show, id: mask.to_param }
|
48
|
+
|
49
|
+
it { should redirect_to("/?masquerade=secure_key") }
|
50
|
+
end # context
|
51
|
+
end # context
|
52
|
+
|
53
|
+
context '< Rails 5, and back' do
|
54
|
+
before { get :back }
|
55
|
+
|
56
|
+
it { should redirect_to(masquerade_page) }
|
57
|
+
end # context
|
58
|
+
|
59
|
+
context '< Rails 5, and back fallback if http_referer not present' do
|
60
|
+
before do
|
61
|
+
@request.env['HTTP_REFERER'] = 'previous_location'
|
62
|
+
get :back
|
63
|
+
end
|
64
|
+
|
65
|
+
it { should redirect_to('previous_location') }
|
66
|
+
end # context
|
67
|
+
end # describe
|
29
68
|
end
|
30
69
|
end
|
31
70
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_masquerade
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alexandr Korsak
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-02-
|
11
|
+
date: 2017-02-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|