devise_masquerade 1.3.3 → 1.3.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 23f626ba1c590f1686660a00804eaa5c5139a210fae80e72168a9f0a322e4be8
4
- data.tar.gz: ee1641f8fed338ac83be5935b5e374df60fc7eb003919c120b24052528462302
3
+ metadata.gz: fafd0f91896f4da500abe2c0e913f8638b76572df1ae9e0c944939369ec1e65d
4
+ data.tar.gz: c2efb46ef9984c8ad297ba674ab143e7993e5a6410abf9d059bbc94dddb809cb
5
5
  SHA512:
6
- metadata.gz: 49c892cf2302d56d3d3aafb106d4e2eeba92b6c2f256440aa27a428df620bd16f49e89d5666ef6c2083e44fb260c1cb0beef3e575234cf5c6e91bff8f621dc4d
7
- data.tar.gz: 357d959e456fa0d10a748f2c15b4cd0f94f8c21e773c970d52715e752dfd29c4d39f1e5f06fb2cbe11c8b4517c9503203954af1674a4a02c89669ffacbacc5c0
6
+ metadata.gz: 5215584ed67b643b1f61678f0aa7c5108a8146912a0f71e0ad8aaedeb7f87bbf4fb04e8601c6483b77540ab3742ff70c2e5b5fa231cfb2595855e3774809c506
7
+ data.tar.gz: 4360334b8ad7599544121156479fc8c69eff1e76bf7e8628b3e46ae519b7a7d331a0ca547db1cd2105f4a4de213766569eaba8934c8d1aeec5d18482d304dd72
data/Gemfile.lock CHANGED
@@ -52,7 +52,7 @@ GIT
52
52
  PATH
53
53
  remote: .
54
54
  specs:
55
- devise_masquerade (1.3.3)
55
+ devise_masquerade (1.3.4)
56
56
  devise (>= 4.7.0)
57
57
  globalid (>= 0.3.6)
58
58
  railties (>= 5.2.0)
@@ -9,16 +9,13 @@ class Devise::MasqueradesController < DeviseController
9
9
  prepend_before_action :authenticate_scope!, only: :show
10
10
  prepend_before_action :masquerade_authorize!
11
11
 
12
- before_action :save_masquerade_owner_session, only: :show
13
-
14
- after_action :cleanup_masquerade_owner_session, only: :back
15
-
16
12
  def show
17
- self.resource = find_resource
13
+ masqueradable_resource = find_masqueradable_resource
18
14
 
19
- if resource.class != masquerading_resource_class
20
- sign_out(send("current_#{masquerading_resource_name}"))
21
- end
15
+ save_masquerade_owner_session(masqueradable_resource)
16
+
17
+ self.resource = masqueradable_resource
18
+ sign_out(send("current_#{masquerading_resource_name}"))
22
19
 
23
20
  unless resource
24
21
  flash[:error] = "#{masqueraded_resource_class} not found."
@@ -33,20 +30,21 @@ class Devise::MasqueradesController < DeviseController
33
30
  end
34
31
 
35
32
  def back
33
+ masqueradable_resource = send("current_#{masqueraded_resource_name}")
34
+
36
35
  unless send("#{masqueraded_resource_name}_signed_in?")
37
36
  head(401) and return
38
37
  end
39
38
 
40
- self.resource = find_owner_resource
41
-
42
- if resource.class != masqueraded_resource_class
43
- sign_out(send("current_#{masqueraded_resource_name}"))
44
- end
39
+ self.resource = find_owner_resource(masqueradable_resource)
40
+ sign_out(send("current_#{masqueraded_resource_name}"))
45
41
 
46
42
  masquerade_sign_in(resource)
47
43
  request.env['devise.skip_trackable'] = nil
48
44
 
49
45
  go_back(resource, path: after_back_masquerade_path_for(resource))
46
+
47
+ cleanup_masquerade_owner_session(masqueradable_resource)
50
48
  end
51
49
 
52
50
  protected
@@ -59,12 +57,14 @@ class Devise::MasqueradesController < DeviseController
59
57
  true
60
58
  end
61
59
 
62
- def find_resource
63
- GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
60
+ def find_masqueradable_resource
61
+ GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
64
62
  end
65
63
 
66
- def find_owner_resource
67
- GlobalID::Locator.locate_signed(Rails.cache.read(session_key), for: 'masquerade')
64
+ def find_owner_resource(masqueradable_resource)
65
+ skey = session_key(masqueradable_resource)
66
+
67
+ GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
68
68
  end
69
69
 
70
70
  def go_back(user, path:)
@@ -129,27 +129,28 @@ class Devise::MasqueradesController < DeviseController
129
129
  '/'
130
130
  end
131
131
 
132
- def save_masquerade_owner_session
132
+ def save_masquerade_owner_session(masqueradable_resource)
133
+ skey = session_key(masqueradable_resource)
134
+
133
135
  resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
134
136
  expires_in: Devise.masquerade_expires_in, for: 'masquerade')
135
- # skip sharing owner id via session
136
- Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
137
137
 
138
- unless session.key?(session_key)
139
- session[session_key_masquerading_resource_class] = masquerading_resource_class.name
140
- session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
141
- end
138
+ # skip sharing owner id via session
139
+ Rails.cache.write(skey, resource_gid, expires_in: Devise.masquerade_expires_in)
140
+ session[session_key_masquerading_resource_class] = masquerading_resource_class.name
141
+ session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
142
142
  end
143
143
 
144
- def cleanup_masquerade_owner_session
145
- Rails.cache.delete(session_key)
144
+ def cleanup_masquerade_owner_session(masqueradable_resource)
145
+ skey = session_key(masqueradable_resource)
146
146
 
147
+ Rails.cache.delete(skey)
147
148
  session.delete(session_key_masqueraded_resource_class)
148
149
  session.delete(session_key_masquerading_resource_class)
149
150
  end
150
151
 
151
- def session_key
152
- "devise_masquerade_#{masqueraded_resource_name}".to_sym
152
+ def session_key(masqueradable_resource)
153
+ "devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
153
154
  end
154
155
 
155
156
  def session_key_masqueraded_resource_class
@@ -157,6 +158,6 @@ class Devise::MasqueradesController < DeviseController
157
158
  end
158
159
 
159
160
  def session_key_masquerading_resource_class
160
- "devise_masquerade_masquerading_resource_class"
161
+ "devise_masquerade_masquerading_resource_class"
161
162
  end
162
163
  end
@@ -38,12 +38,17 @@ module DeviseMasquerade
38
38
  end
39
39
 
40
40
  def #{name}_masquerade?
41
- ::Rails.cache.exist?(:"devise_masquerade_#{name}").present?
41
+ return false if current_#{name}.blank?
42
+
43
+ key = "devise_masquerade_#{name}_" + current_#{name}.to_param
44
+ ::Rails.cache.exist?(key.to_sym).present?
42
45
  end
43
46
 
44
47
  def #{name}_masquerade_owner
45
- return nil unless send(:#{name}_masquerade?)
46
- GlobalID::Locator.locate_signed(::Rails.cache.read(:"devise_masquerade_#{name}"), for: 'masquerade')
48
+ return unless send(:#{name}_masquerade?)
49
+
50
+ key = "devise_masquerade_#{name}_" + current_#{name}.to_param
51
+ GlobalID::Locator.locate_signed(::Rails.cache.read(key.to_sym, for: 'masquerade'))
47
52
  end
48
53
 
49
54
  private
@@ -1,3 +1,3 @@
1
1
  module DeviseMasquerade
2
- VERSION = '1.3.3'.freeze
2
+ VERSION = '1.3.4'.freeze
3
3
  end
@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
14
14
  get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
15
15
  end
16
16
 
17
- it { expect(Rails.cache.read('devise_masquerade_student')).to be }
17
+ it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
18
18
 
19
19
  it 'should have warden keys defined' do
20
20
  expect(session["warden.user.student.key"].first.first).to eq(mask.id)
@@ -30,7 +30,7 @@ describe Devise::MasqueradesController, type: :controller do
30
30
  get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
31
31
  end
32
32
 
33
- it { expect(Rails.cache.read('devise_masquerade_user')).to be }
33
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
34
34
  it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
35
35
  it { should redirect_to('/') }
36
36
 
@@ -39,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
39
39
 
40
40
  it { should redirect_to(masquerade_page) }
41
41
  it { expect(current_user.reload).to eq(@user) }
42
- it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
42
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
43
43
  end
44
44
  end
45
45
 
@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
16
16
  before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
17
17
 
18
18
  it { expect(response.status).to eq(403) }
19
- it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
19
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
20
20
  it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
21
21
  end
22
22
 
@@ -35,7 +35,7 @@ describe MasqueradesTestsController, type: :controller do
35
35
  end
36
36
 
37
37
  it { expect(response.status).to eq(302) }
38
- it { expect(Rails.cache.read('devise_masquerade_user')).to be }
38
+ it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
39
39
  it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
40
40
  end
41
41
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_masquerade
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.3
4
+ version: 1.3.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alexandr Korsak
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-16 00:00:00.000000000 Z
11
+ date: 2021-02-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler