[Bug #32446] Assuming identity is very slow

.gitignore

@@ -2,6 +2,8 @@ pkg/*
 *.gem
 .bundle
 .rvmrc
+.ruby-version
+.versions.conf
 Gemfile.lock
 log/*.log
 .DS_Store

.travis.yml

@@ -0,0 +1,8 @@
+language: ruby
+rvm:
+  - 2.3.0
+env:
+  - DB=sqlite
+before_install:
+  - gem update bundler
+script: bundle exec rspec spec

CHANGELOG.md

@@ -0,0 +1,30 @@
+# Next Release
+
+## 1.4.0 (10/21/2016)
+
+* Add ability to `store_sign_in` info with devise provider
+* Respect `relative_url_root`
+* Fix `selected_user_of_helper` bug
+
+## 1.3.0 (07/23/2016)
+
+* Add capybara support
+* Add class and style options to `switch_user_select`
+* Fix `grouped_options_for_select` for rails 3.2
+
+## 1.2.0 (12/01/2015)
+
+* Replace select option to `group_option`
+
+## 1.1.0 (07/01/2015)
+
+* Rails 3.x compatibility
+* Don't attempt to query db if scope str isn't in `scope_id` str
+* Allow custom method as `available_users_names`
+
+## 1.0.0 (06/22/2015)
+
+* Performance improved, only load necessary data.
+* Devise provider- don't store `sign_in` details
+* Security :guardsman:, raise RoutingError in `developer_modes_only`
+* Restore original user after sorcery logout

README.md

@@ -1,5 +1,7 @@
 # switch_user
 
+[![Build Status](https://secure.travis-ci.org/flyerhzm/switch_user.png)](http://travis-ci.org/flyerhzm/switch_user)
+
 Inspired from [hobo][0], switch_user provides a convenient way to switch current user without needing to log out and log in manually.
 
 ## Use Case
@@ -12,7 +14,7 @@ switch_user is very useful in such use cases
 
 ## Example
 
-Visit here: <http://switch-user-example.heroku.com>, switch the current user in the select box.
+Visit here: <http://switch-user-example.heroku.com/admin>, switch the current user in the select box.
 
 And source code here: <https://github.com/flyerhzm/switch_user_example>
 
@@ -22,6 +24,9 @@ Add in Gemfile.
 ```ruby
 gem "switch_user"
 ```
+
+If you get the following error: **undefined method `before_action' for SwitchUserController:Class**, you are probably using an older version of Rails (<4). You can use this gem: https://github.com/pschambacher/rails3-before_action
+
 ## Usage
 
 Add following code into your layout page.
@@ -34,6 +39,12 @@ or haml
 
     = switch_user_select
 
+If you want to add a class or styles
+
+    <%= switch_user_select class: 'special-select', styles: 'width: 220px' %>
+
+    = switch_user_select class: 'special-select', styles: 'width: 220px'
+
 If there are too many users (on production), the switch_user_select is not a good choice, you should call the switch user request by yourself.
 
     <%= link_to user.login, "/switch_user?scope_identifier=user_#{user.id}" %>
@@ -45,7 +56,8 @@ If there are too many users (on production), the switch_user_select is not a goo
 If you have a wildcard route in your project, add a route before the wildcard route.
 ```ruby
 # config/routes.rb
-get 'switch_user' => 'switch_user#set_current_user'
+get 'switch_user', to: 'switch_user#set_current_user'
+get 'switch_user/remember_user', to: 'switch_user#remember_user'
 # wildcard route that will get
 get ':id' => 'pages#show'
 ```
@@ -54,69 +66,69 @@ get ':id' => 'pages#show'
 By default, you can switch between Guest and all users in users table, you don't need to do anything. The following is some of the more commonly used configuration options.
 ```ruby
 SwitchUser.setup do |config|
-  # provider may be :devise, :authlogic, :clearance, :restful_authentication or :sorcery
+  # provider may be :devise, :authlogic, :clearance, :restful_authentication, :sorcery, or {name: :devise, store_sign_in: true}
   config.provider = :devise
 
   # available_users is a hash,
   # key is the model name of user (:user, :admin, or any name you use),
   # value is a block that return the users that can be switched.
-  config.available_users = { :user => lambda { User.all } }
+  config.available_users = { user: -> { User.all } } # use User.scoped instead for rails 3.2
 
   # available_users_identifiers is a hash,
   # keys in this hash should match a key in the available_users hash
   # value is the name of the identifying column to find by,
   # defaults to id
   # this hash is to allow you to specify a different column to
   # expose for instance a username on a User model instead of id
-  config.available_users_identifiers = { :user => :id }
+  config.available_users_identifiers = { user: :id }
 
   # available_users_names is a hash,
   # keys in this hash should match a key in the available_users hash
   # value is the column name which will be displayed in select box
-  config.available_users_names = { :user => :email }
+  config.available_users_names = { user: :email }
 
   # controller_guard is a block,
   # if it returns true, the request will continue,
   # else the request will be refused and returns "Permission Denied"
   # if you switch from "admin" to user, the current_user param is "admin"
-  config.controller_guard = lambda { |current_user, request| Rails.env.development? }
+  config.controller_guard = ->(current_user, request) { Rails.env.development? }
 
   # view_guard is a block,
   # if it returns true, the switch user select box will be shown,
   # else the select box will not be shown
   # if you switch from admin to "user", the current_user param is "user"
-  config.view_guard = lambda { |current_user, request| Rails.env.development? }
+  config.view_guard = ->(current_user, request)  { Rails.env.development? }
 
   # redirect_path is a block, it returns which page will be redirected
   # after switching a user.
-  config.redirect_path = lambda { |request, params| '/' }
+  config.redirect_path = ->(request, params) { '/' }
 end
 ```
 If you need to override the default configuration, run <code>rails g switch_user:install</code> and a copy of the configuration file will be copied to <code>config/initializers/switch_user.rb</code> in your project.
 
 If you want to switch both available users and available admins
 ```ruby
-config.available_users = { :user => lambda { User.available }, :admin => lambda { Admin.available } }
+config.available_users = { :user => -> { User.available }, :admin => -> { Admin.available } }
 ```
 If you want to use name column as the user identifier
 ```ruby
-config.available_users_identifiers => { :user => :name }
+config.available_users_identifiers => { user: :name }
 ```
 If you want to display the login field in switch user select box
 ```ruby
-config.available_users_names = { :user => :login }
+config.available_users_names = { user: :login }
 ```
 If you only allow switching from admin to user in production environment
 ```ruby
-config.controller_guard = lambda { |current_user, request| Rails.env == "production" and current_user.admin? }
+config.controller_guard = ->(current_user, request) { Rails.env.production? && current_user.admin? }
 ```
 If you only want to display switch user select box for admins in production environment
 ```ruby
-config.view_guard = lambda { |current_user, request| Rails.env == "production" and current_user and current_user.admin? }
+config.view_guard = ->(current_user, request) { Rails.env.production? && current_user && current_user.admin? }
 ```
 If you want to redirect user to "/dashboard" page
 ```ruby
-config.redirect_path = lambda { |request, params| "/dashboard" }
+config.redirect_path = ->(request, params) { "/dashboard" }
 ```
 If you want to hide a 'Guest' item in the helper dropdown list
 ```ruby
@@ -128,26 +140,56 @@ Sometimes you'll want to be able to switch to an unprivileged user and then back
 You will need to make the following modifications to your configuration:
 ```ruby
 config.switch_back = true
-config.controller_guard = lambda { |current_user, request, original_user|
-  current_user && current_user.admin? || original_user && original_user.super_admin?
-}
+config.controller_guard = ->(current_user, request, original_user) { current_user && current_user.admin? || original_user && original_user.super_admin? }
 # Do something similar for the view_guard as well.
 ```
 This example would allow an admin user to user switch_user, but would only let you switch back to another user if the original user was a super admin.
 
+## Using SwitchUser with RSpec and Capybara
+
+Add the following code to spec/support/switch_user.rb or spec/spec_helper.rb:
+
+```ruby
+require 'switch_user/rspec'
+```
+
+You can now write your specs like so :
+
+```ruby
+feature "Your feature", type: :feature do
+  background do
+    @user = User.make(email: '[email protected]', password: 'password')
+  end
+
+  scenario "Your scenario" do
+    switch_user @user
+    # or
+    # switch_user :user, @user.id
+
+    visit '/'
+  end
+end
+```
+
 ### How it works
 
 Click the checkbox next to switch_user_select menu to remember that user for this session. Once this
-has been checked, that user is passed in as the 3rd option to the view and controller guards. 
+has been checked, that user is passed in as the 3rd option to the view and controller guards.
 This allows you to check against current_user as well as that original_user to see if the
 switch_user action should be allowed.
 
 ### Warning
 
 This feature should be used with extreme caution because of the security implications. This is especially true in a production environment.
 
+## Contributing
+
+#### Run tests
+
+`bundle exec rspec spec`
+
 ## Credit
 
-Copyright © 2010 - 2012 Richard Huang ([email protected]), released under the MIT license
+Copyright © 2010 - 2017 Richard Huang ([email protected]), released under the MIT license
 
 [0]: https://github.com/tablatom/hobo

app/controllers/switch_user_controller.rb

@@ -1,27 +1,34 @@
 class SwitchUserController < ApplicationController
-  before_filter :developer_modes_only
+  before_action :developer_modes_only, :switch_back
 
   def set_current_user
     handle_request(params)
 
     redirect_to(SwitchUser.redirect_path.call(request, params))
   end
 
+  def remember_user
+    redirect_to(SwitchUser.redirect_path.call(request, params))
+  end
+
   private
 
+  def switch_back
+    if SwitchUser.switch_back
+      provider.remember_current_user(true) if params[:remember] == "true"
+      provider.remember_current_user(false) if params[:remember] == "false"
+    end
+  end
+
   def developer_modes_only
-    render :text => "Permission Denied", :status => 403 unless available?
+    raise ActionController::RoutingError.new('Do not try to hack us.') unless available?
   end
 
   def available?
     SwitchUser.guard_class.new(self, provider).controller_available?
   end
 
   def handle_request(params)
-    if SwitchUser.switch_back
-      provider.remember_current_user(params[:remember] == "true")
-    end
-
     if params[:scope_identifier].blank?
       provider.logout_all
     else
@@ -31,9 +38,9 @@ def handle_request(params)
         return
       end
       if SwitchUser.login_exclusive
-        provider.login_exclusive(record.user, :scope => record.scope)
+        provider.login_exclusive(record.user, scope: record.scope)
       else
-        provider.login_inclusive(record.user, :scope => record.scope)
+        provider.login_inclusive(record.user, scope: record.scope)
       end
     end
   end

app/helpers/switch_user_helper.rb

@@ -1,18 +1,33 @@
 module SwitchUserHelper
   SelectOption = Struct.new(:label, :scope_id)
-  def switch_user_select
+  def switch_user_select(options = {})
     return unless available?
 
-    if provider.current_user
-      selected_user = "user_#{current_user.id}"
-    else
-      selected_user = nil
+    selected_user = nil
+
+    grouped_options_container = {}.tap do |h|
+      SwitchUser.all_users.each do |record|
+        scope = record.is_a?(SwitchUser::GuestRecord) ? :Guest : record.scope.to_s.capitalize
+        h[scope] ||= []
+        h[scope] << [record.label, record.scope_id]
+
+        if selected_user.nil?
+          unless record.is_a?(SwitchUser::GuestRecord)
+            if provider.current_user?(record.user, record.scope)
+              selected_user = record.scope_id
+            end
+          end
+        end
+      end
     end
 
-    render :partial => "switch_user/widget",
-           :locals => {
-             :options => SwitchUser.all_users,
-             :current_scope => selected_user
+    option_tags = grouped_options_for_select(grouped_options_container.to_a, selected_user)
+
+    render partial: "switch_user/widget",
+           locals: {
+             option_tags: option_tags,
+             classes: options[:class],
+             styles: options[:style],
            }
   end
 

app/views/switch_user/_widget.html.erb

@@ -1,4 +1,4 @@
 <% if SwitchUser.switch_back %>
-  <%= check_box_tag "remember_user", "remember_user", provider.original_user.present?, :onchange => "location.href = '/switch_user/remember_user?remember=' + encodeURIComponent(this.checked)" %>
+  <%= check_box_tag "remember_user", "remember_user", provider.original_user.present?, onchange: "location.href = '#{ActionController::Base.relative_url_root || '/'}switch_user/remember_user?remember=' + encodeURIComponent(this.checked)" %>
 <% end %>
-<%= select_tag "switch_user_identifier", options_from_collection_for_select(options, :scope_id, :label, current_scope), :onchange => "location.href = '/switch_user?scope_identifier=' + encodeURIComponent(this.options[this.selectedIndex].value)" %>
+<%= select_tag "switch_user_identifier", option_tags, onchange: "location.href = '#{ActionController::Base.relative_url_root || '/'}switch_user?scope_identifier=' + encodeURIComponent(this.options[this.selectedIndex].value)", class: classes, style: styles %>

config/routes.rb

@@ -1,5 +1,4 @@
-if SwitchUser.generate_routes
-  Rails.application.routes.draw do
-    get :switch_user, :to => 'switch_user#set_current_user'
-  end
+Rails.application.routes.draw do
+  get :switch_user, to: 'switch_user#set_current_user'
+  get 'switch_user/remember_user', to: 'switch_user#remember_user'
 end