Commit 44c4aad9 authored by Imre Farkas's avatar Imre Farkas

Filter active sessions belonging to an admin impersonating the user

parent 4bb06df7
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
class Profiles::ActiveSessionsController < Profiles::ApplicationController class Profiles::ActiveSessionsController < Profiles::ApplicationController
def index def index
@sessions = ActiveSession.list(current_user) @sessions = ActiveSession.list(current_user).reject(&:is_impersonated)
end end
def destroy def destroy
......
...@@ -5,7 +5,8 @@ class ActiveSession ...@@ -5,7 +5,8 @@ class ActiveSession
attr_accessor :created_at, :updated_at, attr_accessor :created_at, :updated_at,
:session_id, :ip_address, :session_id, :ip_address,
:browser, :os, :device_name, :device_type :browser, :os, :device_name, :device_type,
:is_impersonated
def current?(session) def current?(session)
return false if session_id.nil? || session.id.nil? return false if session_id.nil? || session.id.nil?
...@@ -31,7 +32,8 @@ class ActiveSession ...@@ -31,7 +32,8 @@ class ActiveSession
device_type: client.device_type, device_type: client.device_type,
created_at: user.current_sign_in_at || timestamp, created_at: user.current_sign_in_at || timestamp,
updated_at: timestamp, updated_at: timestamp,
session_id: session_id session_id: session_id,
is_impersonated: request.session[:impersonator_id].present?
) )
redis.pipelined do redis.pipelined do
......
...@@ -7,6 +7,8 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do ...@@ -7,6 +7,8 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
end end
end end
let(:admin) { create(:admin) }
around do |example| around do |example|
Timecop.freeze(Time.zone.parse('2018-03-12 09:06')) do Timecop.freeze(Time.zone.parse('2018-03-12 09:06')) do
example.run example.run
...@@ -16,6 +18,7 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do ...@@ -16,6 +18,7 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
it 'User sees their active sessions' do it 'User sees their active sessions' do
Capybara::Session.new(:session1) Capybara::Session.new(:session1)
Capybara::Session.new(:session2) Capybara::Session.new(:session2)
Capybara::Session.new(:session3)
# note: headers can only be set on the non-js (aka. rack-test) driver # note: headers can only be set on the non-js (aka. rack-test) driver
using_session :session1 do using_session :session1 do
...@@ -37,9 +40,27 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do ...@@ -37,9 +40,27 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
gitlab_sign_in(user) gitlab_sign_in(user)
end end
# set an admin session impersonating the user
using_session :session3 do
Capybara.page.driver.header(
'User-Agent',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'
)
gitlab_sign_in(admin)
visit admin_user_path(user)
click_link 'Impersonate'
end
using_session :session1 do using_session :session1 do
visit profile_active_sessions_path visit profile_active_sessions_path
expect(page).to(
have_selector('ul.list-group li.list-group-item', { text: 'Signed in on',
count: 2 }))
expect(page).to have_content( expect(page).to have_content(
'127.0.0.1 ' \ '127.0.0.1 ' \
'This is your current session ' \ 'This is your current session ' \
...@@ -57,6 +78,8 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do ...@@ -57,6 +78,8 @@ describe 'Profile > Active Sessions', :clean_gitlab_redis_shared_state do
) )
expect(page).to have_selector '[title="Smartphone"]', count: 1 expect(page).to have_selector '[title="Smartphone"]', count: 1
expect(page).not_to have_content('Chrome on Windows')
end end
end end
......
...@@ -7,7 +7,10 @@ RSpec.describe ActiveSession, :clean_gitlab_redis_shared_state do ...@@ -7,7 +7,10 @@ RSpec.describe ActiveSession, :clean_gitlab_redis_shared_state do
end end
end end
let(:session) { double(:session, id: '6919a6f1bb119dd7396fadc38fd18d0d') } let(:session) do
double(:session, { id: '6919a6f1bb119dd7396fadc38fd18d0d',
'[]': {} })
end
let(:request) do let(:request) do
double(:request, { double(:request, {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment