Filter active sessions belonging to an admin impersonating the user
This commit is contained in:
parent
4bb06df777
commit
44c4aad983
|
@ -2,7 +2,7 @@
|
|||
|
||||
class Profiles::ActiveSessionsController < Profiles::ApplicationController
|
||||
def index
|
||||
@sessions = ActiveSession.list(current_user)
|
||||
@sessions = ActiveSession.list(current_user).reject(&:is_impersonated)
|
||||
end
|
||||
|
||||
def destroy
|
||||
|
|
|
@ -5,7 +5,8 @@ class ActiveSession
|
|||
|
||||
attr_accessor :created_at, :updated_at,
|
||||
:session_id, :ip_address,
|
||||
:browser, :os, :device_name, :device_type
|
||||
:browser, :os, :device_name, :device_type,
|
||||
:is_impersonated
|
||||
|
||||
def current?(session)
|
||||
return false if session_id.nil? || session.id.nil?
|
||||
|
@ -31,7 +32,8 @@ class ActiveSession
|
|||
device_type: client.device_type,
|
||||
created_at: user.current_sign_in_at || timestamp,
|
||||
updated_at: timestamp,
|
||||
session_id: session_id
|
||||
session_id: session_id,
|
||||
is_impersonated: request.session[:impersonator_id].present?
|
||||
)
|
||||
|
||||
redis.pipelined do
|
||||
|
|
|
@ -7,6 +7,8 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
|
|||
end
|
||||
end
|
||||
|
||||
let(:admin) { create(:admin) }
|
||||
|
||||
around do |example|
|
||||
Timecop.freeze(Time.zone.parse('2018-03-12 09:06')) do
|
||||
example.run
|
||||
|
@ -16,6 +18,7 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
|
|||
it 'User sees their active sessions' do
|
||||
Capybara::Session.new(:session1)
|
||||
Capybara::Session.new(:session2)
|
||||
Capybara::Session.new(:session3)
|
||||
|
||||
# note: headers can only be set on the non-js (aka. rack-test) driver
|
||||
using_session :session1 do
|
||||
|
@ -37,9 +40,27 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
|
|||
gitlab_sign_in(user)
|
||||
end
|
||||
|
||||
# set an admin session impersonating the user
|
||||
using_session :session3 do
|
||||
Capybara.page.driver.header(
|
||||
'User-Agent',
|
||||
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
|
||||
)
|
||||
|
||||
gitlab_sign_in(admin)
|
||||
|
||||
visit admin_user_path(user)
|
||||
|
||||
click_link 'Impersonate'
|
||||
end
|
||||
|
||||
using_session :session1 do
|
||||
visit profile_active_sessions_path
|
||||
|
||||
expect(page).to(
|
||||
have_selector('ul.list-group li.list-group-item', { text: 'Signed in on',
|
||||
count: 2 }))
|
||||
|
||||
expect(page).to have_content(
|
||||
'127.0.0.1 ' \
|
||||
'This is your current session ' \
|
||||
|
@ -57,6 +78,8 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
|
|||
)
|
||||
|
||||
expect(page).to have_selector '[title="Smartphone"]', count: 1
|
||||
|
||||
expect(page).not_to have_content('Chrome on Windows')
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -7,7 +7,10 @@ RSpec.describe ActiveSession, :clean_gitlab_redis_shared_state do
|
|||
end
|
||||
end
|
||||
|
||||
let(:session) { double(:session, id: '6919a6f1bb119dd7396fadc38fd18d0d') }
|
||||
let(:session) do
|
||||
double(:session, { id: '6919a6f1bb119dd7396fadc38fd18d0d',
|
||||
'[]': {} })
|
||||
end
|
||||
|
||||
let(:request) do
|
||||
double(:request, {
|
||||
|
|
Loading…
Reference in New Issue