ucb_rails_user 2.0.1 → 3.0.0

data/app/assets/javascripts/ucb_rails_user/ucb_rails_user.js

@@ -30,6 +30,20 @@ var addDatatablesToUsersTable = function () {
   $('#DataTables_Table_0_filter').append(addNewHtml)
 }
 
+var resetImpersonateButton = function() {
+  var targetId = $('#ucb_rails_user_impersonation_target_id').val()
+  if (targetId != null && targetId.toString().length > 0) {
+    $('input[data-impersonate-button]').removeAttr('disabled')
+  } else {
+    $('input[data-impersonate-button]').attr('disabled', 'disabled')
+  }
+}
+
+var clearImpersonateSelection = function() {
+  $('#ucb_rails_user_impersonation_target_id').val('')
+  resetImpersonateButton()
+}
+
 $( window ).on("load", function() {
   // the datatable calling was failing intermittently, but adding the timeout
   // seemed to fix it, so ¯\_(ツ)_/¯
@@ -39,5 +53,46 @@ $( window ).on("load", function() {
     $('.search-results').hide()
     $('.ucb-rails-user-loader').show()
   })
+
+  var usersSource = new Bloodhound({
+    datumTokenizer: Bloodhound.tokenizers.obj.whitespace('value'),
+    queryTokenizer: Bloodhound.tokenizers.whitespace,
+    remote: {
+      url: '/admin/users/impersonate_search?q=%QUERY',
+      wildcard: '%QUERY'
+    }
+  });
+
+  $('#ucb_rails_user_impersonation_target').typeahead(null, {
+    name: 'users',
+    source: usersSource,
+    display: 'name',
+    templates: {
+      empty: [
+        '<div class="empty-message">',
+        'No match found',
+        '</div>'
+      ].join('\n'),
+      suggestion: function (data) {
+        return '<div><strong>' + data.name + '</strong></div>'
+      }
+    }
+  });
+
+  $('#ucb_rails_user_impersonation_target').keyup(function(event) {
+    if ($(event.target).val().length == 0) {
+      clearImpersonateSelection()
+    }
+  })
+
+  $('#ucb_rails_user_impersonation_target').bind('typeahead:open', function(event, suggestion) {
+    clearImpersonateSelection()
+  })
+
+  $('#ucb_rails_user_impersonation_target').bind('typeahead:select', function(event, suggestion) {
+    $('#ucb_rails_user_impersonation_target_id').val(suggestion.id)
+    resetImpersonateButton()
+  })
+
 })
 

data/app/assets/stylesheets/ucb_rails_user/components/_impersonations.sass

@@ -0,0 +1,12 @@
+@media screen and (min-width: 768px)
+  .impersonation-form
+    width: 300px
+
+.recent-impersonations
+  margin-top: 24px
+
+  ul
+    padding-left: 0px
+  li
+    list-style-type: none
+    font-size: 110%

data/app/assets/stylesheets/ucb_rails_user/main.sass

@@ -1,2 +1,3 @@
 @import "datatables"
+@import "typeahead_tweaks"
 @import "components/**/*"

data/app/assets/stylesheets/ucb_rails_user/typeahead_tweaks.sass

@@ -0,0 +1,67 @@
+// Ironically, Bootstrap 3.x breaks styles in typeahead.js - these styles provide the needed repair
+// source: https://gist.github.com/AntMooreWebDev/2f7e423a11bc74359323995df4494167
+
+.twitter-typeahead .tt-query,
+.twitter-typeahead .tt-hint
+    margin-bottom: 0
+
+.twitter-typeahead
+    display: block !important
+
+.tt-hint
+    display: block
+    width: 100%
+    height: 38px
+    margin-top: -2px
+    padding: 8px 12px
+    font-size: 14px
+    line-height: 1.428571429
+    color: #999
+    vertical-align: middle
+    background-color: #ffffff
+    border: 1px solid #cccccc
+    border-radius: 4px
+    -webkit-box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075)
+    box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075)
+    -webkit-transition: border-color ease-in-out 0.15s, box-shadow ease-in-out 0.15s
+    transition: border-color ease-in-out 0.15s, box-shadow ease-in-out 0.15s
+
+
+.tt-menu
+    // make this wide enough to accomodate the org unit code and name
+    width: 400px
+    min-width: 160px
+    margin-top: 2px
+    padding: 5px
+    background-color: #ffffff
+    border: 1px solid #cccccc
+    border: 1px solid rgba(0, 0, 0, 0.15)
+    border-radius: 4px
+    -webkit-box-shadow: 0 6px 12px rgba(0, 0, 0, 0.175)
+    box-shadow: 0 6px 12px rgba(0, 0, 0, 0.175)
+    background-clip: padding-box
+
+
+.tt-suggestion
+    display: block
+    padding: 3px 20px
+    width: 100%
+
+
+.tt-suggestion.tt-selectable
+    margin: 5px 0px 5px 0px
+
+
+.tt-suggestion.tt-cursor
+    color: #fff
+    background-color: #428bca
+
+
+.tt-suggestion.tt-cursor a
+    color: #fff
+
+
+.tt-suggestion p
+    margin: 0
+
+

data/app/controllers/ucb_rails_user/concerns/controller_methods.rb

@@ -11,26 +11,30 @@ module UcbRailsUser::Concerns::ControllerMethods
 
     after_action  :remove_user_settings
 
-    helper_method :superuser?, :current_ldap_person, :current_user, :logged_in?
+    helper_method :superuser?, :current_ldap_person, :current_user, :logged_in?, :logged_in_user
   end
 
   def superuser?
     current_user.try(:superuser?)
   end
 
-  def current_user
-    @current_user ||= begin
-      logger.debug 'recalc of current_user'
-      user_session_manager.current_user(session[:uid])
+  def logged_in_user
+    @logged_in_user ||= begin
+      logger.debug 'recalc of logged_in_user'
+      user_session_manager&.current_user(session[:uid])
     end
   end
 
+  def current_user
+    logged_in_user&.impersonation_target || logged_in_user
+  end
+
   # Returns +true+ if there is a logged in user
   #
   # @return [true] if user logged in
   # @return [false] if user not logged in
   def logged_in?
-    current_user.present?
+    logged_in_user.present?
   end
 
   def log_request

data/app/controllers/ucb_rails_user/concerns/impersonations_controller.rb

@@ -0,0 +1,43 @@
+module UcbRailsUser::Concerns::ImpersonationsController
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :check_permissions, except: [:stop_impersonation]
+  end
+
+  def index
+
+  end
+
+  def create
+    target = User.find_by(id: params[:ucb_rails_user_impersonation][:target_id])
+    if logged_in_user.impersonate!(target)
+      flash[:info] = "You are now impersonating #{target.full_name}"
+      return redirect_to "/"
+    else
+      if target&.id == logged_in_user.id
+        flash[:error] = "Sorry - you can't impersonate yourself."
+      else
+        flash[:error] = "Unable to start impersonating - please try again"
+      end
+      return redirect_to action: :index
+    end
+  end
+
+  def stop_impersonation
+    logged_in_user.stop_impersonation!
+    flash[:info] = "You are no longer impersonating."
+    redirect_to request.referer || "/"
+  end
+
+  private
+
+  def check_permissions
+    unless logged_in_user.can_impersonate?
+      # TODO: I'm not crazy about this - should we provide some generic error pages for common situations?
+      return render plain: "Not Authorized"
+    end
+  end
+
+end
+

data/app/controllers/ucb_rails_user/concerns/sessions_controller.rb

@@ -35,7 +35,6 @@ module UcbRailsUser::Concerns::SessionsController
     user_session_manager.logout(current_user)
     provider = session[:omniauth_provider]
     reset_session
-    p "using #{redirect_url(provider)}"
     redirect_to redirect_url(provider)
   end
 

data/app/controllers/ucb_rails_user/concerns/users_controller.rb

@@ -26,6 +26,11 @@ module UcbRailsUser::Concerns::UsersController
     )
   end
 
+  def impersonate_search
+    result = UcbRailsUser::UserSearch.find_users_by_name(params[:q])
+    render json: result.map { |u| { name: u.full_name, id: u.id } }
+  end
+
   def edit
   end
 

data/app/controllers/ucb_rails_user/impersonations_controller.rb

@@ -0,0 +1,8 @@
+class UcbRailsUser::ImpersonationsController < ApplicationController
+  include UcbRailsUser::Concerns::ImpersonationsController
+
+  # Don't add anything more here - any logic for this controller should go into
+  # Concerns::ImpersonationsController. This will make it much easier for host apps to customize
+  # behavior if they need to
+  # http://guides.rubyonrails.org/engines.html#implementing-decorator-pattern-using-activesupport-concern
+end

data/app/models/concerns/user_concerns.rb

@@ -1,6 +1,10 @@
 module UserConcerns
   extend ActiveSupport::Concern
 
+  included do
+    has_many :impersonations, class_name: "::UcbRailsUser::Impersonation"
+  end
+
   # Overridden by application
   def roles
     []
@@ -39,6 +43,74 @@ module UserConcerns
     "#{first_name} #{last_name}".strip
   end
 
+  def can_impersonate?
+    superuser?
+  end
+
+  # target can be a User instance or a user id
+  # return true if Impersonation succeeded; false otherwise
+  def impersonate!(target)
+    target_id =
+      if target.respond_to?(:id)
+        target.id
+      else
+        User.find_by(id: target)&.id
+      end
+    return false unless impersonation_is_valid?(target_id)
+    @current_impersonation = create_impersonation(target_id)
+    @current_impersonation.present?
+  end
+
+  def current_impersonation
+    return @current_impersonation if defined?(@current_impersonation)
+    @current_impersonation = UcbRailsUser::Impersonation.find_by(user_id: self.id, active: true)
+  end
+
+  def impersonation_target
+    current_impersonation&.target
+  end
+
+  def impersonating?
+    current_impersonation.present?
+  end
+
+  def stop_impersonation!
+    impersonations.update_all(active: false)
+    @current_impersonation = nil
+  end
+
+  def recent_impersonations(max=25)
+    @recent_impersonations ||=
+      impersonations
+        .uniq(&:target_id)
+        .reject(&:active)
+        .sort_by(&:created_at)
+        .reverse
+        .take(max)
+  end
+
+  private
+
+  def impersonation_is_valid?(target_id)
+    target_id.present? &&
+      can_impersonate? &&
+      target_id != self.id
+  end
+
+  def create_impersonation(target_id)
+    new_impersonation =
+      UcbRailsUser::Impersonation.transaction do
+        # make sure any other impersonations are cleared out
+        impersonations.update_all(active: false)
+        UcbRailsUser::Impersonation.create!(user_id: self.id, target_id: target_id, active: true)
+      end
+    if new_impersonation.present? && !new_impersonation.new_record?
+      new_impersonation
+    else
+      nil
+    end
+  end
+
   class_methods do
     def active
       where(inactive_flag: false)

data/app/models/ucb_rails_user/concerns/impersonation_concerns.rb

@@ -0,0 +1,10 @@
+module UcbRailsUser::Concerns::ImpersonationConcerns
+  extend ActiveSupport::Concern
+
+  included do
+    belongs_to :user
+    belongs_to :target, class_name: "User"
+  end
+
+end
+

data/app/models/ucb_rails_user/impersonation.rb

@@ -0,0 +1,9 @@
+class UcbRailsUser::Impersonation < ApplicationRecord
+  include UcbRailsUser::Concerns::ImpersonationConcerns
+
+  # Don't add anything more here - any logic for the User class should go into
+  # UserConcerns. This will make it much easier for host apps to customize
+  # behavior if they need to
+  # http://guides.rubyonrails.org/engines.html#implementing-decorator-pattern-using-activesupport-concern
+
+end

data/app/models/ucb_rails_user/user_search.rb

@@ -0,0 +1,22 @@
+module UcbRailsUser::UserSearch
+
+  def self.find_users_by_name(name)
+    return [] unless name.present?
+    (name1, name2) = name.split
+    query = case_insenstive(:first_name, name1)
+      .or(case_insenstive(:last_name, name1))
+    if name2.present?
+      query = query
+        .or(case_insenstive(:first_name, name2))
+        .or(case_insenstive(:last_name, name2))
+    end
+    query.order(:last_name, :first_name)
+  end
+
+  private
+
+  def self.case_insenstive(column, value)
+    User.where("LOWER(#{column}) = ?", value.downcase)
+  end
+
+end

data/app/views/ucb_rails_user/impersonations/index.html.haml

@@ -0,0 +1,20 @@
+%h1 Impersonate user
+
+- if current_user.impersonating?
+  .clear-impersonation
+    = link_to "Stop impersonating #{current_user.impersonation_target.full_name}", admin_stop_impersonation_path(), class: "btn btn-primary"
+- else
+  .impersonation-form
+    = simple_form_for UcbRailsUser::Impersonation.new, url: admin_impersonations_path(), method: :post do |f|
+      = f.input :target, label: "User", input_html: { class: "typeahead" }
+      = f.input :target_id, as: :hidden
+      = f.button :submit, value: "Impersonate", class: "btn btn-primary", disabled: true, data: { impersonate_button: true }
+
+.recent-impersonations
+  - if current_user.recent_impersonations.present?
+    %h3 Recent impersonations
+    %ul
+      - current_user.recent_impersonations.each do |imp|
+        %li= link_to imp.target.full_name, admin_impersonations_path() + "?ucb_rails_user_impersonation[target_id=#{imp.target.id}]", method: :post
+  - else
+    %h4 No recent impersonations

data/config/routes.rb

@@ -15,6 +15,12 @@ Rails.application.routes.draw do
 
   match "/admin/users/search", to: UcbRailsUser::UsersController.action(:search),
     as: "admin_user_search", via: [:get]
+  match "/admin/users/impersonate_search", to: UcbRailsUser::UsersController.action(:impersonate_search),
+    as: "admin_user_impersonate_search", via: [:get]
   resources :users, controller: "ucb_rails_user/users", path: "admin/users", as: :admin_users
 
+  resources :impersonations, controller: "ucb_rails_user/impersonations", path: "admin/impersonations", as: :admin_impersonations
+  match "/admin/stop_impersonation", to: UcbRailsUser::ImpersonationsController.action(:stop_impersonation),
+    as: :admin_stop_impersonation, via: [:get]
+
 end

data/db/migrate/20190807231505_create_impersonations.rb

@@ -0,0 +1,10 @@
+class CreateImpersonations < ActiveRecord::Migration[5.2]
+  def change
+    create_table :impersonations do |t|
+      t.references :user, null: false, foreign_key: true
+      t.references :target, null: false, foreign_key: { to_table: :users }
+      t.boolean :active, null: false, default: false
+      t.timestamps
+    end
+  end
+end

data/lib/ucb_rails_user/engine.rb

@@ -3,6 +3,8 @@ module UcbRailsUser
     config.generators do |g|
       g.test_framework :rspec
       g.integration_tool :rspec
+      g.fixture_replacement :factory_bot
+      g.factory_bot dir: "spec/factories"
     end
   end
 

data/lib/ucb_rails_user/spec_helpers.rb

@@ -9,6 +9,12 @@ module UcbRailsUser
       follow_redirect!
     end
 
+    def system_login_user(user)
+      OmniAuth.config.test_mode = true
+      auth_mock(user.ldap_uid)
+      visit login_path()
+    end
+
     def auth_mock(uid)
       OmniAuth.config.mock_auth[:cas] = OmniAuth::AuthHash.new(
         provider: "cas",

data/lib/ucb_rails_user/version.rb

@@ -1,3 +1,3 @@
 module UcbRailsUser
-  VERSION = '2.0.1'
+  VERSION = '3.0.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ucb_rails_user
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 3.0.0
 platform: ruby
 authors:
 - Steve Downey
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-11 00:00:00.000000000 Z
+date: 2019-08-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -139,6 +139,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: puma
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.11'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -173,6 +187,90 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: factory_bot_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: faker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: capybara
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: capybara-screenshot
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: selenium-webdriver
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: chromedriver-helper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Rails engine for managing user accounts within UC Berkeley's auth system
 email:
 - darinwilson@gmail.com
@@ -186,31 +284,39 @@ files:
 - app/assets/config/ucb_rails_user_manifest.js
 - app/assets/javascripts/ucb_rails_user/datatables.js
 - app/assets/javascripts/ucb_rails_user/scripts.js
+- app/assets/javascripts/ucb_rails_user/typeahead.bundle.js
 - app/assets/javascripts/ucb_rails_user/ucb_rails_user.js
+- app/assets/stylesheets/ucb_rails_user/components/_impersonations.sass
 - app/assets/stylesheets/ucb_rails_user/components/_loader.sass
 - app/assets/stylesheets/ucb_rails_user/components/_users_table.sass
 - app/assets/stylesheets/ucb_rails_user/datatables.css
 - app/assets/stylesheets/ucb_rails_user/main.sass
 - app/assets/stylesheets/ucb_rails_user/styles.css
+- app/assets/stylesheets/ucb_rails_user/typeahead_tweaks.sass
 - app/controllers/ucb_rails_user/concerns/controller_methods.rb
 - app/controllers/ucb_rails_user/concerns/home_controller.rb
+- app/controllers/ucb_rails_user/concerns/impersonations_controller.rb
 - app/controllers/ucb_rails_user/concerns/sessions_controller.rb
 - app/controllers/ucb_rails_user/concerns/users_controller.rb
 - app/controllers/ucb_rails_user/home_controller.rb
+- app/controllers/ucb_rails_user/impersonations_controller.rb
 - app/controllers/ucb_rails_user/sessions_controller.rb
 - app/controllers/ucb_rails_user/users_controller.rb
 - app/helpers/ucb_rails_user/users_helper.rb
 - app/helpers/ucb_rails_user_helper.rb
 - app/models/concerns/user_concerns.rb
+- app/models/ucb_rails_user/concerns/impersonation_concerns.rb
 - app/models/ucb_rails_user/configuration/cas.rb
 - app/models/ucb_rails_user/configuration/configuration.rb
 - app/models/ucb_rails_user/configuration/email.rb
 - app/models/ucb_rails_user/configuration/exception_notification.rb
 - app/models/ucb_rails_user/configuration/ldap.rb
+- app/models/ucb_rails_user/impersonation.rb
 - app/models/ucb_rails_user/ldap_person/entry.rb
 - app/models/ucb_rails_user/ldap_person/finder.rb
 - app/models/ucb_rails_user/ldap_person/test_finder.rb
 - app/models/ucb_rails_user/user_ldap_service.rb
+- app/models/ucb_rails_user/user_search.rb
 - app/models/ucb_rails_user/user_session_manager/active_in_user_table.rb
 - app/models/ucb_rails_user/user_session_manager/admin_in_user_table.rb
 - app/models/ucb_rails_user/user_session_manager/base.rb
@@ -221,6 +327,7 @@ files:
 - app/models/user.rb
 - app/views/ucb_rails_user/home/logged_in.html.haml
 - app/views/ucb_rails_user/home/not_logged_in.html.haml
+- app/views/ucb_rails_user/impersonations/index.html.haml
 - app/views/ucb_rails_user/lps/_form.html.haml
 - app/views/ucb_rails_user/lps/_modal.html.haml
 - app/views/ucb_rails_user/lps/_results.html.haml
@@ -237,6 +344,7 @@ files:
 - config/locales/simple_form.en.yml
 - config/routes.rb
 - db/migrate/20170324221936_create_users.rb
+- db/migrate/20190807231505_create_impersonations.rb
 - lib/tasks/ucb_rails_user_tasks.rake
 - lib/templates/erb/scaffold/_form.html.erb
 - lib/ucb_rails_user.rb
@@ -262,8 +370,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Rails engine for UCB user accounts