Impersonation (#1325)

* Initial impersonation

* Impersonation audit

* Keep super admin separate

* Remove vscode settings

* Comment cleanup

* Comment out impersonation fixtures for now

* Remove unused controlelr

* Add impersonation testing (#1326)

* Add impersonation testing

* Remove unused method

* Update schema.rb

* Update brakeman

---------

Co-authored-by: Zach Gollwitzer <zach@maybe.co>

app/controllers/concerns/authentication.rb

@@ -14,7 +14,7 @@ module Authentication
 
   private
     def authenticate_user!
-      if session_record = Session.find_by_id(cookies.signed[:session_token])
+      if session_record = find_session_by_cookie
         Current.session = session_record
       else
         if self_hosted_first_login?
@@ -25,6 +25,10 @@ module Authentication
       end
     end
 
+    def find_session_by_cookie
+      Session.find_by(id: cookies.signed[:session_token])
+    end
+
     def create_session_for(user)
       session = user.sessions.create!
       cookies.signed.permanent[:session_token] = { value: session.id, httponly: true }

app/controllers/concerns/impersonatable.rb

@@ -0,0 +1,21 @@
+module Impersonatable
+  extend ActiveSupport::Concern
+
+  included do
+    after_action :create_impersonation_session_log
+  end
+
+  private
+    def create_impersonation_session_log
+      return unless Current.session&.active_impersonator_session.present?
+
+      Current.session.active_impersonator_session.logs.create!(
+        controller: controller_name,
+        action: action_name,
+        path: request.fullpath,
+        method: request.method,
+        ip_address: request.ip,
+        user_agent: request.user_agent
+      )
+    end
+end