nomadicoder/pretender

Log in as another user in Rails

Pretender

As an admin, there are times you want to see exactly what another user sees. Meet Pretender.

• Easily to switch between users
• Minimal code changes
• Plays nicely with auditing tools

💥 Rock on

Pretender is flexible and lightweight - less than 60 lines of code :-)

Works with any authentication system - Devise, Authlogic, and Sorcery to name a few.

🍊 Battle-tested at Instacart

Installation

Add this line to your application’s Gemfile:

gem 'pretender'

And add this to your ApplicationController:

class ApplicationController < ActionController::Base
  impersonates :user
end

How It Works

Sign in as another user with:

impersonate_user(user)

The current_user method now returns the impersonated user.

You can access the true user with:

true_user

And stop impersonating with:

stop_impersonating_user

Sample Implementation

Create a controller

class UsersController < ApplicationController
  before_filter :require_admin!

  def index
    @users = User.order(:id)
  end

  def impersonate
    user = User.find(params[:id])
    impersonate_user(user)
    redirect_to root_path
  end

  def stop_impersonating
    stop_impersonating_user
    redirect_to root_path
  end
end

Add routes

resources :users, only: [:index] do
  post :impersonate, on: :member
  post :stop_impersonating, on: :collection
end

Create an index view

<ul>
  <% @users.each do |user| %>
    <li>Sign in as <%= link_to user.name, impersonate_user_path(user), method: :post %></li>
  <% end %>
</ul>

And show when someone is signed in as another user in your application layout

<% if current_user != true_user %>
  You (<%= true_user.name %>) are signed in as <%= current_user.name %>
  <%= link_to "Back to admin", stop_impersonating_users_path, method: :post %>
<% end %>

Audits

If you keep audit logs with a library like Audited, make sure it uses the true user.

Audited.current_user_method = :true_user

Configuration

Pretender is super flexible. You can change the names of methods and even impersonate multiple roles at the same time. Here’s the default configuration.

impersonates :user,
             method: :current_user,
             with: -> (id) { User.find_by(id: id) }

Mold it to fit your application.

impersonates :account,
             method: :authenticated_account,
             with: -> (id) { EnterpriseAccount.find_by(id: id) }

This creates three methods:

true_account
impersonate_account
stop_impersonating_account

Contributing

Everyone is encouraged to help improve this project. Here are a few ways you can help:

• Report bugs
• Fix bugs and submit pull requests
• Write, clarify, or fix documentation
• Suggest or add new features