Impersonation (#1325)

* Initial impersonation * Impersonation audit * Keep super admin separate * Remove vscode settings * Comment cleanup * Comment out impersonation fixtures for now * Remove unused controlelr * Add impersonation testing (#1326) * Add impersonation testing * Remove unused method * Update schema.rb * Update brakeman --------- Co-authored-by: Zach Gollwitzer <zach@maybe.co>
2025-08-05 05:25:24 +02:00 · 2024-10-18 11:26:58 -05:00 · 2024-10-18 11:26:58 -05:00 · c7c281073f
commit c7c281073f
parent 4a3685f503
29 changed files with 477 additions and 16 deletions
--- a/app/views/impersonation_sessions/_approval_bar.html.erb
+++ b/app/views/impersonation_sessions/_approval_bar.html.erb
@ -0,0 +1,21 @@
+<% pending_session = Current.true_user.impersonated_support_sessions.pending.first %>
+<% in_progress_session = Current.true_user.impersonated_support_sessions.in_progress.first %>
+
+<div class="sticky top-0 left-0 w-full bg-black flex items-center justify-between font-mono">
+  <div class="flex items-center bg-red-600 px-6 py-4">
+    <%= lucide_icon "alert-triangle", class: "w-6 h-6 text-white mr-2" %>
+    <span class="text-white font-semibold uppercase">Access <%= in_progress_session.present? ? "Session" : "Request" %></span>
+  </div>
+  <div class="flex items-center space-x-2 px-2 py-2 text-white gap-4">
+    <% if pending_session.present? %>
+      <p class="text-xs max-w-3xl text-right">Maybe support staff has requested access to your account (likely to help you with a support request). If you approve the request, all activity they take will be logged for security and audit purposes.</p>
+      <%= button_to "Approve", approve_impersonation_session_path(pending_session), method: :put, class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-green-600 hover:bg-green-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-green-500" %>
+      <%= button_to "Reject", reject_impersonation_session_path(pending_session), method: :put, class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+    <% elsif in_progress_session.present? %>
+      <p class="text-xs max-w-3xl text-right">Someone from the Maybe Finance team is currently viewing your data.  You may end the session at any time.</p>
+      <%= button_to "End Session", complete_impersonation_session_path(in_progress_session), method: :put, class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-blue-600 hover:bg-blue-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-blue-500" %>
+    <% else %>
+      <p class="text-xs max-w-3xl text-right text-red-500">Something went wrong.  Please contact us.</p>
+    <% end %>
+  </div>
+</div>
--- a/app/views/impersonation_sessions/_super_admin_bar.html.erb
+++ b/app/views/impersonation_sessions/_super_admin_bar.html.erb
@ -0,0 +1,35 @@
+<div class="sticky top-0 left-0 w-full bg-black flex items-center justify-between font-mono">
+  <div class="flex items-center bg-red-600 px-6 py-4">
+    <%= lucide_icon "alert-triangle", class: "w-6 h-6 text-white mr-2" %>
+    <span class="text-white font-semibold uppercase">Super Admin</span>
+  </div>
+  <div class="flex items-center space-x-2 px-2 py-2 text-white">
+    <% if Current.session.active_impersonator_session.present? %>
+      <div class="flex items-center space-x-3 bg-gray-800 border border-gray-700 rounded-md pl-3">
+        <div class="text-sm">
+          Impersonating: <span class="font-semibold text-red-400"><%= Current.impersonated_user.email %></span>
+        </div>
+        <%= button_to "Leave", leave_impersonation_sessions_path, method: :delete, class: "items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+        <%= button_to "Terminate", complete_impersonation_session_path(Current.session.active_impersonator_session), method: :put, class: "items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+      </div>
+    <% else %>
+      <% if Current.true_user.impersonator_support_sessions.in_progress.any? %>
+        <%= form_with url: join_impersonation_sessions_path, class: "flex items-center space-x-2 mr-4" do |f| %>
+          <%= f.select :impersonation_session_id,
+            Current.true_user.impersonator_support_sessions.in_progress.map { |session|
+              ["#{session.impersonated.email} (#{session.status})", session.id]
+            },
+            { prompt: "Join a session" },
+            { class: "rounded-md text-sm border-0 focus:ring-0 ring-0 text-black font-mono" } %>
+          <%= f.submit "Join",
+            class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+        <% end %>
+      <% end %>
+
+      <%= form_with model: ImpersonationSession.new, class: "flex items-center space-x-2" do |f| %>
+        <%= f.text_field :impersonated_id, class: "rounded-md text-sm border-0 focus:ring-0 ring-0 text-black font-mono w-96", placeholder: "UUID", autocomplete: "off" %>
+        <%= f.submit "Request Impersonation", class: "inline-flex items-center px-3 py-1.5 border border-transparent text-sm font-medium rounded-md text-white bg-red-600 hover:bg-red-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-red-500" %>
+      <% end %>
+    <% end %>
+  </div>
+</div>