Impersonation (#1325)

* Initial impersonation * Impersonation audit * Keep super admin separate * Remove vscode settings * Comment cleanup * Comment out impersonation fixtures for now * Remove unused controlelr * Add impersonation testing (#1326) * Add impersonation testing * Remove unused method * Update schema.rb * Update brakeman --------- Co-authored-by: Zach Gollwitzer <zach@maybe.co>
2025-07-24 15:49:39 +02:00 · 2024-10-18 11:26:58 -05:00 · 2024-10-18 11:26:58 -05:00 · c7c281073f
commit c7c281073f
parent 4a3685f503
29 changed files with 477 additions and 16 deletions
--- a/app/controllers/concerns/authentication.rb
+++ b/app/controllers/concerns/authentication.rb
@ -14,7 +14,7 @@ module Authentication

  private
    def authenticate_user!
-      if session_record = Session.find_by_id(cookies.signed[:session_token])
+      if session_record = find_session_by_cookie
        Current.session = session_record
      else
        if self_hosted_first_login?
@ -25,6 +25,10 @@ module Authentication
      end
    end

+    def find_session_by_cookie
+      Session.find_by(id: cookies.signed[:session_token])
+    end
+
    def create_session_for(user)
      session = user.sessions.create!
      cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }