Ask A Question


You’re not receiving notifications from this thread.

Devise Masquerade + Multitenant with act_as_tenant

David GEISMAR asked in Ruby

I am running a multitenant app with users and administrators scoped to their own account / domain (act_as_tenant).

My use case is the following : I have a superAdmin model who has access to a super admin dashboard where he can see the administrators and users from various accounts/domains and masquerade them. This dashboard is located on the base_domain (on my local machine -> localhost)

1) I cant use masquerade_path because I need to be able to redirect to custom domains and subdomains. Thus in an initializer I created masquerade_url method :

module DeviseMasquerade
  module Controllers
    module UrlHelpers
      def masquerade_url(resource, *args)
        scope = Devise::Mapping.find_scope!(resource)

        opts = args.shift || {}

        opts.merge!(Devise.masquerade_param => resource.masquerade_key)

        send("#{scope}_masquerade_index_url", opts, *args)

This is working fine.
In my application_controller : before_action :masquerade!

In my super admin dashboard I then have :
masquerade_url(user, subdomain: user.account.subdomain, domain: user.account.domain)

However whenever I click on the masquerade_url link I get redirected and in the logs I get :

Started GET "/masquerade?
masquerade=BAh7CEkiCGdpZAY6BkVUSSIyZ2lkOi8vZWNvbW1lcmNlLXByZW1pdW0vVXNlci8xNj9leHBpcmVzX2luPTYwBjsAVEkiDHB1cnBvc2UGOwBUSSIPbWFzcXVlcmFkZQY7AFRJIg9leHBpcmVzX2F0BjsAVEkiHTIwMjEtMDUtMDRUMjA6MDQ6MTIuNjE0WgY7AFQ%3D--771680138b1d2197a849775cbf73393b5c330876&masqueraded_resource_class=User" for at 2021-05-04 22:03:24 +0200
Processing by Devise::MasqueradesController#show as HTML
  Parameters: {"masquerade"=>"BAh7CEkiCGdpZAY6BkVUSSIyZ2lkOi8vZWNvbW1lcmNlLXByZW1pdW0vVXNlci8xNj9leHBpcmVzX2luPTYwBjsAVEkiDHB1cnBvc2UGOwBUSSIPbWFzcXVlcmFkZQY7AFRJIg9leHBpcmVzX2F0BjsAVEkiHTIwMjEtMDUtMDRUMjA6MDQ6MTIuNjE0WgY7AFQ=--771680138b1d2197a849775cbf73393b5c330876", "masqueraded_resource_class"=>"User"}
Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms | Allocations: 524)

So Instead of login me in I always get redirected with a 401 Unauthorized. My guess is it has something to do with cookies and cross domains maybe. Im not sure as actually when I tried hosting the super admin dashboard on the same domain as the target "masquerated" user, I got the same result....


@david Did you get solution for this?

Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 78,890+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more.

    © 2023 GoRails, LLC. All rights reserved.