Impersonation (#1325)

* Initial impersonation

* Impersonation audit

* Keep super admin separate

* Remove vscode settings

* Comment cleanup

* Comment out impersonation fixtures for now

* Remove unused controlelr

* Add impersonation testing (#1326)

* Add impersonation testing

* Remove unused method

* Update schema.rb

* Update brakeman

---------

Co-authored-by: Zach Gollwitzer <zach@maybe.co>

app/views/impersonation_sessions/_approval_bar.html.erb

@@ -0,0 +1,21 @@
+<% pending_session = Current.true_user.impersonated_support_sessions.pending.first %>
+<% in_progress_session = Current.true_user.impersonated_support_sessions.in_progress.first %>
+
+<div class="sticky top-0 left-0 w-full bg-black flex items-center justify-between font-mono">
+  <div class="flex items-center bg-red-600 px-6 py-4">
+    <%= lucide_icon "alert-triangle", class: "w-6 h-6 text-white mr-2" %>
+    <span class="text-white font-semibold uppercase">Access <%= in_progress_session.present? ? "Session" : "Request" %></span>
+  </div>
+  <div class="flex items-center space-x-2 px-2 py-2 text-white gap-4">
+    <% if pending_session.present? %>
+      <p class="text-xs max-w-3xl text-right">Maybe support staff has requested access to your account (likely to help you with a support request). If you approve the request, all activity they take will be logged for security and audit purposes.</p>
+      <%= button_to "Approve", approve_impersonation_session_path(pending_session), method: :put, class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-green-600 hover:bg-green-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-green-500" %>
+      <%= button_to "Reject", reject_impersonation_session_path(pending_session), method: :put, class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+    <% elsif in_progress_session.present? %>
+      <p class="text-xs max-w-3xl text-right">Someone from the Maybe Finance team is currently viewing your data.  You may end the session at any time.</p>
+      <%= button_to "End Session", complete_impersonation_session_path(in_progress_session), method: :put, class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
+    <% else %>
+      <p class="text-xs max-w-3xl text-right text-red-500">Something went wrong.  Please contact us.</p>
+    <% end %>
+  </div>
+</div>

app/views/impersonation_sessions/_super_admin_bar.html.erb

@@ -0,0 +1,35 @@
+<div class="sticky top-0 left-0 w-full bg-black flex items-center justify-between font-mono">
+  <div class="flex items-center bg-red-600 px-6 py-4">
+    <%= lucide_icon "alert-triangle", class: "w-6 h-6 text-white mr-2" %>
+    <span class="text-white font-semibold uppercase">Super Admin</span>
+  </div>
+  <div class="flex items-center space-x-2 px-2 py-2 text-white">
+    <% if Current.session.active_impersonator_session.present? %>
+      <div class="flex items-center space-x-3 bg-gray-800 border border-gray-700 rounded-md pl-3">
+        <div class="text-sm">
+          Impersonating: <span class="font-semibold text-red-400"><%= Current.impersonated_user.email %></span>
+        </div>
+        <%= button_to "Leave", leave_impersonation_sessions_path, method: :delete, class: "items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+        <%= button_to "Terminate", complete_impersonation_session_path(Current.session.active_impersonator_session), method: :put, class: "items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+      </div>
+    <% else %>
+      <% if Current.true_user.impersonator_support_sessions.in_progress.any? %>
+        <%= form_with url: join_impersonation_sessions_path, class: "flex items-center space-x-2 mr-4" do |f| %>
+          <%= f.select :impersonation_session_id,
+            Current.true_user.impersonator_support_sessions.in_progress.map { |session|
+              ["#{session.impersonated.email} (#{session.status})", session.id]
+            },
+            { prompt: "Join a session" },
+            { class: "rounded-md text-sm border-0 focus:ring-0 ring-0 text-black font-mono" } %>
+          <%= f.submit "Join",
+            class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+        <% end %>
+      <% end %>
+
+      <%= form_with model: ImpersonationSession.new, class: "flex items-center space-x-2" do |f| %>
+        <%= f.text_field :impersonated_id, class: "rounded-md text-sm border-0 focus:ring-0 ring-0 text-black font-mono w-96", placeholder: "UUID", autocomplete: "off" %>
+        <%= f.submit "Request Impersonation", class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+      <% end %>
+    <% end %>
+  </div>
+</div>

app/views/layouts/application.html.erb

@@ -25,6 +25,9 @@
   </head>
 
   <body class="h-full">
+    <%= render "impersonation_sessions/super_admin_bar" if Current.true_user&.super_admin? %>
+    <%= render "impersonation_sessions/approval_bar" if Current.true_user&.impersonated_support_sessions&.initiated&.any? %>
+
     <div class="fixed z-50 space-y-1 top-6 right-10">
       <div id="notification-tray">
         <%= render_flash_notifications %>

app/views/shared/_text_tooltip.erb

@@ -2,4 +2,4 @@
   <div class="text-white font-normal">
     <%= tooltip_text %>
   </div>
-</div>
+</div>