From 83347954fc3c0c317c77f0528cdbaa456093771a Mon Sep 17 00:00:00 2001 From: Pavel Forkert Date: Thu, 24 Sep 2015 16:14:16 +0300 Subject: Add option to admin area to sign in as a specific user Closes #2291 --- app/controllers/admin/users_controller.rb | 6 ++++++ app/views/admin/users/index.html.haml | 3 ++- config/routes.rb | 1 + spec/controllers/admin/users_controller_spec.rb | 15 +++++++++++++++ spec/features/admin/admin_users_spec.rb | 16 ++++++++++++++++ 5 files changed, 40 insertions(+), 1 deletion(-) diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb index a19b1abee27..00f41a10dd1 100644 --- a/app/controllers/admin/users_controller.rb +++ b/app/controllers/admin/users_controller.rb @@ -63,6 +63,12 @@ class Admin::UsersController < Admin::ApplicationController end end + def login_as + sign_in(user) + flash[:alert] = "Logged in as #{user.username}" + redirect_to root_path + end + def disable_two_factor user.disable_two_factor! redirect_to admin_user_path(user), diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml index e3698ac1c46..8dbce7a4a15 100644 --- a/app/views/admin/users/index.html.haml +++ b/app/views/admin/users/index.html.haml @@ -72,7 +72,7 @@ = link_to 'New User', new_admin_user_path, class: "btn btn-new btn-sm" %ul.well-list - @users.each do |user| - %li + %li{ class: "user-#{user.id}" } .list-item-name - if user.blocked? %i.fa.fa-lock.cred @@ -90,6 +90,7 @@   = link_to 'Edit', edit_admin_user_path(user), id: "edit_#{dom_id(user)}", class: "btn btn-xs" - unless user == current_user + = link_to 'Log in', login_as_admin_user_path(user), method: :put, class: "btn btn-xs btn-primary" - if user.blocked? = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success" - else diff --git a/config/routes.rb b/config/routes.rb index 4a07c449b4e..5f7d06a620e 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -262,6 +262,7 @@ Gitlab::Application.routes.draw do put :unblock put :unlock put :confirm + put :login_as patch :disable_two_factor delete 'remove/:email_id', action: 'remove_email', as: 'remove_email' end diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb index c40b2c2a583..e4c32cd2a14 100644 --- a/spec/controllers/admin/users_controller_spec.rb +++ b/spec/controllers/admin/users_controller_spec.rb @@ -7,6 +7,21 @@ describe Admin::UsersController do sign_in(admin) end + describe 'PUT login_as' do + let(:user) { create(:user) } + + it 'logs admin as another user' do + expect(warden.authenticate(scope: :user)).not_to eq(user) + put :login_as, id: user.username + expect(warden.authenticate(scope: :user)).to eq(user) + end + + it 'redirects user to homepage' do + put :login_as, id: user.username + expect(response).to redirect_to(root_path) + end + end + describe 'DELETE #user with projects' do let(:user) { create(:user) } let(:project) { create(:project, namespace: user.namespace) } diff --git a/spec/features/admin/admin_users_spec.rb b/spec/features/admin/admin_users_spec.rb index 86717761582..870a82d0ee0 100644 --- a/spec/features/admin/admin_users_spec.rb +++ b/spec/features/admin/admin_users_spec.rb @@ -166,4 +166,20 @@ describe "Admin::Users", feature: true do end end end + + it 'should be able to log in as another user' do + another_user = create(:user) + + visit admin_users_path + + page.within ".user-#{another_user.id}" do + click_link 'Log in' + end + + expect(page).to have_content("Logged in as #{another_user.username}") + + page.within '.sidebar-user .username' do + expect(page).to have_content(another_user.username) + end + end end -- cgit v1.2.1 From eb9528b8b964c78ef3d33818286c529b83c35a5e Mon Sep 17 00:00:00 2001 From: Pavel Forkert Date: Thu, 24 Sep 2015 16:34:04 +0300 Subject: Move login button to user page, switched to POST method --- app/views/admin/users/_head.html.haml | 2 ++ app/views/admin/users/index.html.haml | 1 - config/routes.rb | 2 +- spec/controllers/admin/users_controller_spec.rb | 6 ++-- spec/features/admin/admin_users_spec.rb | 37 ++++++++++++++----------- 5 files changed, 27 insertions(+), 21 deletions(-) diff --git a/app/views/admin/users/_head.html.haml b/app/views/admin/users/_head.html.haml index 9d5e934c8ba..4245d0f1eda 100644 --- a/app/views/admin/users/_head.html.haml +++ b/app/views/admin/users/_head.html.haml @@ -6,6 +6,8 @@ %span.cred (Admin) .pull-right + - unless @user == current_user + = link_to 'Log in as this user', login_as_admin_user_path(@user), method: :post, class: "btn btn-grouped btn-info" = link_to edit_admin_user_path(@user), class: "btn btn-grouped" do %i.fa.fa-pencil-square-o Edit diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml index 8dbce7a4a15..82a88863eb7 100644 --- a/app/views/admin/users/index.html.haml +++ b/app/views/admin/users/index.html.haml @@ -90,7 +90,6 @@   = link_to 'Edit', edit_admin_user_path(user), id: "edit_#{dom_id(user)}", class: "btn btn-xs" - unless user == current_user - = link_to 'Log in', login_as_admin_user_path(user), method: :put, class: "btn btn-xs btn-primary" - if user.blocked? = link_to 'Unblock', unblock_admin_user_path(user), method: :put, class: "btn btn-xs btn-success" - else diff --git a/config/routes.rb b/config/routes.rb index 5f7d06a620e..0792cb559e5 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -262,7 +262,7 @@ Gitlab::Application.routes.draw do put :unblock put :unlock put :confirm - put :login_as + post :login_as patch :disable_two_factor delete 'remove/:email_id', action: 'remove_email', as: 'remove_email' end diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb index e4c32cd2a14..7168db117d6 100644 --- a/spec/controllers/admin/users_controller_spec.rb +++ b/spec/controllers/admin/users_controller_spec.rb @@ -7,17 +7,17 @@ describe Admin::UsersController do sign_in(admin) end - describe 'PUT login_as' do + describe 'POST login_as' do let(:user) { create(:user) } it 'logs admin as another user' do expect(warden.authenticate(scope: :user)).not_to eq(user) - put :login_as, id: user.username + post :login_as, id: user.username expect(warden.authenticate(scope: :user)).to eq(user) end it 'redirects user to homepage' do - put :login_as, id: user.username + post :login_as, id: user.username expect(response).to redirect_to(root_path) end end diff --git a/spec/features/admin/admin_users_spec.rb b/spec/features/admin/admin_users_spec.rb index 870a82d0ee0..67da3c199ad 100644 --- a/spec/features/admin/admin_users_spec.rb +++ b/spec/features/admin/admin_users_spec.rb @@ -111,6 +111,27 @@ describe "Admin::Users", feature: true do expect(page).to have_content(@user.name) end + describe 'Login as another user' do + it 'should show login button for other users' do + another_user = create(:user) + + visit admin_user_path(another_user) + + click_link 'Log in as this user' + + expect(page).to have_content("Logged in as #{another_user.username}") + + page.within '.sidebar-user .username' do + expect(page).to have_content(another_user.username) + end + end + + it 'should not show login button for admin itself' do + visit admin_user_path(@user) + expect(page).not_to have_content('Log in as this user') + end + end + describe 'Two-factor Authentication status' do it 'shows when enabled' do @user.update_attribute(:two_factor_enabled, true) @@ -166,20 +187,4 @@ describe "Admin::Users", feature: true do end end end - - it 'should be able to log in as another user' do - another_user = create(:user) - - visit admin_users_path - - page.within ".user-#{another_user.id}" do - click_link 'Log in' - end - - expect(page).to have_content("Logged in as #{another_user.username}") - - page.within '.sidebar-user .username' do - expect(page).to have_content(another_user.username) - end - end end -- cgit v1.2.1 From 82eeb5e284bd22bc04c82def521cc3d65eb2bcd1 Mon Sep 17 00:00:00 2001 From: Pavel Forkert Date: Thu, 24 Sep 2015 16:38:52 +0300 Subject: Remove stuff from previous UI --- app/views/admin/users/index.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml index 82a88863eb7..e3698ac1c46 100644 --- a/app/views/admin/users/index.html.haml +++ b/app/views/admin/users/index.html.haml @@ -72,7 +72,7 @@ = link_to 'New User', new_admin_user_path, class: "btn btn-new btn-sm" %ul.well-list - @users.each do |user| - %li{ class: "user-#{user.id}" } + %li .list-item-name - if user.blocked? %i.fa.fa-lock.cred -- cgit v1.2.1 From 3dec9dc4a36db340a61fc2a0fbdc056957b0279f Mon Sep 17 00:00:00 2001 From: Pavel Forkert Date: Thu, 24 Sep 2015 16:40:21 +0300 Subject: Clarify spec title explanation --- spec/features/admin/admin_users_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/features/admin/admin_users_spec.rb b/spec/features/admin/admin_users_spec.rb index 67da3c199ad..c2c7364f6c5 100644 --- a/spec/features/admin/admin_users_spec.rb +++ b/spec/features/admin/admin_users_spec.rb @@ -112,7 +112,7 @@ describe "Admin::Users", feature: true do end describe 'Login as another user' do - it 'should show login button for other users' do + it 'should show login button for other users and check that it works' do another_user = create(:user) visit admin_user_path(another_user) -- cgit v1.2.1 From 0c877875ea3e7ccbdf48b7736f8c35e2a179ab45 Mon Sep 17 00:00:00 2001 From: Pavel Forkert Date: Thu, 24 Sep 2015 16:42:27 +0300 Subject: Add entry to changelog --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index 4a34a3835a7..c19e36ed47a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.1.0 (unreleased) + - Add option to admin area to sign in as a specific user (Pavel Forkert) - Show CI status on all pages where commits list is rendered - Automatically enable CI when push .gitlab-ci.yml file to repository - Move CI charts to project graphs area -- cgit v1.2.1