RubyGems - devise_masquerade - Versions diffs - 1.3.3 → 1.3.4 - Mend

devise_masquerade 1.3.3 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/app/controllers/devise/masquerades_controller.rb +30 -29
data/lib/devise_masquerade/controllers/helpers.rb +8 -3
data/lib/devise_masquerade/version.rb +1 -1
data/spec/controllers/devise/masquerades_controller_spec.rb +3 -3
data/spec/controllers/masquerades_tests_controller_spec.rb +2 -2
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 23f626ba1c590f1686660a00804eaa5c5139a210fae80e72168a9f0a322e4be8
-  data.tar.gz: ee1641f8fed338ac83be5935b5e374df60fc7eb003919c120b24052528462302
+  metadata.gz: fafd0f91896f4da500abe2c0e913f8638b76572df1ae9e0c944939369ec1e65d
+  data.tar.gz: c2efb46ef9984c8ad297ba674ab143e7993e5a6410abf9d059bbc94dddb809cb
 SHA512:
-  metadata.gz: 49c892cf2302d56d3d3aafb106d4e2eeba92b6c2f256440aa27a428df620bd16f49e89d5666ef6c2083e44fb260c1cb0beef3e575234cf5c6e91bff8f621dc4d
-  data.tar.gz: 357d959e456fa0d10a748f2c15b4cd0f94f8c21e773c970d52715e752dfd29c4d39f1e5f06fb2cbe11c8b4517c9503203954af1674a4a02c89669ffacbacc5c0
+  metadata.gz: 5215584ed67b643b1f61678f0aa7c5108a8146912a0f71e0ad8aaedeb7f87bbf4fb04e8601c6483b77540ab3742ff70c2e5b5fa231cfb2595855e3774809c506
+  data.tar.gz: 4360334b8ad7599544121156479fc8c69eff1e76bf7e8628b3e46ae519b7a7d331a0ca547db1cd2105f4a4de213766569eaba8934c8d1aeec5d18482d304dd72

data/Gemfile.lock CHANGED Viewed

@@ -52,7 +52,7 @@ GIT
 PATH
   remote: .
   specs:
-    devise_masquerade (1.3.3)
+    devise_masquerade (1.3.4)
       devise (>= 4.7.0)
       globalid (>= 0.3.6)
       railties (>= 5.2.0)

data/app/controllers/devise/masquerades_controller.rb CHANGED Viewed

@@ -9,16 +9,13 @@ class Devise::MasqueradesController < DeviseController
   prepend_before_action :authenticate_scope!, only: :show
   prepend_before_action :masquerade_authorize!
-  before_action :save_masquerade_owner_session, only: :show
-  after_action :cleanup_masquerade_owner_session, only: :back
   def show
-    self.resource = find_resource
+    masqueradable_resource = find_masqueradable_resource
-    if resource.class != masquerading_resource_class
-      sign_out(send("current_#{masquerading_resource_name}"))
-    end
+    save_masquerade_owner_session(masqueradable_resource)
+    self.resource = masqueradable_resource
+    sign_out(send("current_#{masquerading_resource_name}"))
     unless resource
       flash[:error] = "#{masqueraded_resource_class} not found."
@@ -33,20 +30,21 @@ class Devise::MasqueradesController < DeviseController
   end
   def back
+    masqueradable_resource = send("current_#{masqueraded_resource_name}")
     unless send("#{masqueraded_resource_name}_signed_in?")
       head(401) and return
     end
-    self.resource = find_owner_resource
-    if resource.class != masqueraded_resource_class
-      sign_out(send("current_#{masqueraded_resource_name}"))
-    end
+    self.resource = find_owner_resource(masqueradable_resource)
+    sign_out(send("current_#{masqueraded_resource_name}"))
     masquerade_sign_in(resource)
     request.env['devise.skip_trackable'] = nil
     go_back(resource, path: after_back_masquerade_path_for(resource))
+    cleanup_masquerade_owner_session(masqueradable_resource)
   end
   protected
@@ -59,12 +57,14 @@ class Devise::MasqueradesController < DeviseController
     true
   end
-  def find_resource
-    GlobalID::Locator.locate_signed params[Devise.masquerade_param], for: 'masquerade'
+  def find_masqueradable_resource
+    GlobalID::Locator.locate_signed(params[Devise.masquerade_param], for: 'masquerade')
   end
-  def find_owner_resource
-    GlobalID::Locator.locate_signed(Rails.cache.read(session_key), for: 'masquerade')
+  def find_owner_resource(masqueradable_resource)
+    skey = session_key(masqueradable_resource)
+    GlobalID::Locator.locate_signed(Rails.cache.read(skey), for: 'masquerade')
   end
   def go_back(user, path:)
@@ -129,27 +129,28 @@ class Devise::MasqueradesController < DeviseController
     '/'
   end
-  def save_masquerade_owner_session
+  def save_masquerade_owner_session(masqueradable_resource)
+    skey = session_key(masqueradable_resource)
     resource_gid = send("current_#{masquerading_resource_name}").to_sgid(
       expires_in: Devise.masquerade_expires_in, for: 'masquerade')
-    # skip sharing owner id via session
-    Rails.cache.write(session_key, resource_gid, expires_in: Devise.masquerade_expires_in)
-    unless session.key?(session_key)
-      session[session_key_masquerading_resource_class] = masquerading_resource_class.name
-      session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
-    end
+    # skip sharing owner id via session
+    Rails.cache.write(skey, resource_gid, expires_in: Devise.masquerade_expires_in)
+    session[session_key_masquerading_resource_class] = masquerading_resource_class.name
+    session[session_key_masqueraded_resource_class] = masqueraded_resource_class.name
   end
-  def cleanup_masquerade_owner_session
-    Rails.cache.delete(session_key)
+  def cleanup_masquerade_owner_session(masqueradable_resource)
+    skey = session_key(masqueradable_resource)
+    Rails.cache.delete(skey)
     session.delete(session_key_masqueraded_resource_class)
     session.delete(session_key_masquerading_resource_class)
   end
-  def session_key
-    "devise_masquerade_#{masqueraded_resource_name}".to_sym
+  def session_key(masqueradable_resource)
+    "devise_masquerade_#{masqueraded_resource_name}_#{masqueradable_resource.to_param}".to_sym
   end
   def session_key_masqueraded_resource_class
@@ -157,6 +158,6 @@ class Devise::MasqueradesController < DeviseController
   end
   def session_key_masquerading_resource_class
-    "devise_masquerade_masquerading_resource_class"
+      "devise_masquerade_masquerading_resource_class"
   end
 end

data/lib/devise_masquerade/controllers/helpers.rb CHANGED Viewed

@@ -38,12 +38,17 @@ module DeviseMasquerade
           end
           def #{name}_masquerade?
-            ::Rails.cache.exist?(:"devise_masquerade_#{name}").present?
+            return false if current_#{name}.blank?
+            key = "devise_masquerade_#{name}_" + current_#{name}.to_param
+            ::Rails.cache.exist?(key.to_sym).present?
           end
           def #{name}_masquerade_owner
-            return nil unless send(:#{name}_masquerade?)
-            GlobalID::Locator.locate_signed(::Rails.cache.read(:"devise_masquerade_#{name}"), for: 'masquerade')
+            return unless send(:#{name}_masquerade?)
+            key = "devise_masquerade_#{name}_" + current_#{name}.to_param
+            GlobalID::Locator.locate_signed(::Rails.cache.read(key.to_sym, for: 'masquerade'))
           end
           private

data/lib/devise_masquerade/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module DeviseMasquerade
-  VERSION = '1.3.3'.freeze
+  VERSION = '1.3.4'.freeze
 end

data/spec/controllers/devise/masquerades_controller_spec.rb CHANGED Viewed

@@ -14,7 +14,7 @@ describe Devise::MasqueradesController, type: :controller do
           get :show, params: { id: mask.to_param, masqueraded_resource_class: mask.class.name, masquerade: mask.masquerade_key }
         end
-        it { expect(Rails.cache.read('devise_masquerade_student')).to be }
+        it { expect(Rails.cache.read("devise_masquerade_student_#{mask.to_param}")).to be }
         it 'should have warden keys defined' do
           expect(session["warden.user.student.key"].first.first).to eq(mask.id)
@@ -30,7 +30,7 @@ describe Devise::MasqueradesController, type: :controller do
           get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key }
         end
-        it { expect(Rails.cache.read('devise_masquerade_user')).to be }
+        it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
         it { expect(session["warden.user.user.key"].first.first).to eq(mask.id) }
         it { should redirect_to('/') }
@@ -39,7 +39,7 @@ describe Devise::MasqueradesController, type: :controller do
           it { should redirect_to(masquerade_page) }
           it { expect(current_user.reload).to eq(@user) }
-          it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
+          it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
         end
       end

data/spec/controllers/masquerades_tests_controller_spec.rb CHANGED Viewed

@@ -16,7 +16,7 @@ describe MasqueradesTestsController, type: :controller do
     before { get :show, params: { id: mask.to_param, masquerade: mask.masquerade_key } }
     it { expect(response.status).to eq(403) }
-    it { expect(Rails.cache.read('devise_masquerade_user')).not_to be }
+    it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).not_to be }
     it { expect(session['warden.user.user.key'].first.first).not_to eq(mask.id) }
   end
@@ -35,7 +35,7 @@ describe MasqueradesTestsController, type: :controller do
     end
     it { expect(response.status).to eq(302) }
-    it { expect(Rails.cache.read('devise_masquerade_user')).to be }
+    it { expect(Rails.cache.read("devise_masquerade_user_#{mask.to_param}")).to be }
     it { expect(session['warden.user.user.key'].first.first).to eq(mask.id) }
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_masquerade
 version: !ruby/object:Gem::Version
-  version: 1.3.3
+  version: 1.3.4
 platform: ruby
 authors:
 - Alexandr Korsak
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-16 00:00:00.000000000 Z
+date: 2021-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler