gavin/maybe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 28 Wiki Activity

Impersonation #1325

Merged
Shpigford merged 13 commits from impersonation into main 2024-10-19 00:26:59 +08:00
Conversation 1 Commits 13 Files Changed 29 +477 -16
Shpigford commented 2024-10-18 03:56:51 +08:00 (Migrated from github.com)
Copy Link

This is the first pass at an impersonation feature.

This is very much for the Maybe hosted version and purely to help us provide secure support with an auditable trail of activity.

Flow

  1. User contacts support with an issue.
  2. Support, which has a "super_admin" boolean enable, sends a request to the user to enable "impersonation mode"
  3. User sees a new banner in their account asking them to approve or reject the request
  4. Once User approves, Support now is able to "switch" to that user's account and see what they see.
  5. All Support activity in the account is thoroughly logged (ImpersonationSessionLogs)
  6. Both User and Support can end access at any point and Support will only keep access as long as is necessary to resolve the ticket. Future issues will require re-requesting access.

Things to review

  1. The code feels a bit unnecessarily complex and possibly redundant in places. Especially in the Authentication concern.
  2. I want to be VERY thorough with security on this. Would obviously be a major problem for there to be some sort bug that allowed anyone to impersonate another account. So, need eyes on that.

CleanShot 2024-10-17 at 14 54 01@2x

CleanShot 2024-10-17 at 14 54 55@2x

CleanShot 2024-10-17 at 14 55 22@2x

CleanShot 2024-10-17 at 14 55 40@2x

CleanShot 2024-10-17 at 14 56 01@2x

CleanShot 2024-10-17 at 14 56 24@2x

This is the first pass at an impersonation feature. This is very much for the Maybe hosted version and purely to help us provide _secure_ support with an auditable trail of activity. ## Flow 1. User contacts support with an issue. 2. Support, which has a "super_admin" boolean enable, sends a request to the user to enable "impersonation mode" 3. User sees a new banner in their account asking them to approve or reject the request 4. Once User approves, Support now is able to "switch" to that user's account and see what they see. 5. All Support activity in the account is thoroughly logged (ImpersonationSessionLogs) 6. Both User and Support can end access at any point and Support will only keep access as long as is necessary to resolve the ticket. Future issues will require re-requesting access. ## Things to review 1. The code feels a bit unnecessarily complex and possibly redundant in places. Especially in the Authentication concern. 2. I want to be VERY thorough with security on this. Would obviously be a major problem for there to be some sort bug that allowed anyone to impersonate another account. So, need eyes on that. ![CleanShot 2024-10-17 at 14 54 01@2x](https://github.com/user-attachments/assets/23dc111d-8c9a-40f0-a595-f2bfcaf6eadf) ![CleanShot 2024-10-17 at 14 54 55@2x](https://github.com/user-attachments/assets/6d0c9c31-68b9-466b-a9c5-1e15e32c2469) ![CleanShot 2024-10-17 at 14 55 22@2x](https://github.com/user-attachments/assets/4f73d2f0-f45e-4a27-9f48-59064eb3c498) ![CleanShot 2024-10-17 at 14 55 40@2x](https://github.com/user-attachments/assets/75e56ef4-4039-48a9-b03b-50fb6f45cad3) ![CleanShot 2024-10-17 at 14 56 01@2x](https://github.com/user-attachments/assets/f0a826a2-f5a4-4f17-ad50-9ccde1919e1d) ![CleanShot 2024-10-17 at 14 56 24@2x](https://github.com/user-attachments/assets/fadfb766-7b54-4633-aa83-8c234ce0e10e)
zachgoll (Migrated from github.com) reviewed 2024-10-18 03:56:51 +08:00
Sign in to join this conversation.
Reviewers
No Reviewers
zachgoll
Labels
Clear labels
📆 Planned
Not ready to be worked on yet, but planned for future
 💻 Self Hosted only
Issues pertaining to self-hosted versions of Maybe
 ⚙️ Config
ℹ️ Needs info
Further information is requested
 📱 Mobile
Bugs exclusively happening on mobile devices
 1️⃣ High Priority
High priority issues will be worked on next
 🚨 Urgent
Issues that are urgent for app functionality
 3️⃣ Low priority
Contributions accepted, but Maybe team will not be working on this in the near term
 2️⃣ Medium Priority
Community contributions accepted, Maybe team only works on if there are no high priority items open
 Performance
Performance issues to address
 🎨 UI / UX
Issues related to UI / UX interactions and design.
 💎 Bounty
💰 Rewarded
📊 Data issue
Issues where the app functionally works, but the data is missing or inaccurate.
 🙋 Bounty claim
$1.5K
Community
This is a great issue for community members to work on
 dependencies
Pull requests that update a dependency file
 Design
Hosted only
Hosted app only
 Required self hoster data migration
Self hosters must run data migrations to resolve this issue
 ruby
Pull requests that update Ruby code
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
gavin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: gavin/maybe#1325
Delete Branch "impersonation"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?