-
Notifications
You must be signed in to change notification settings - Fork 213
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After Auth::user()->impersonate($otherUser) I'm getting logged out #154
Comments
Ah. And I'm using Jetsream |
I'm experiencing the same issue after updating composer:
It was working fine with Laravel 9.3.1, and breaks after upgrading to 9.4.x Here is the Laravel changelog: https://github.com/laravel/framework/blob/9.x/CHANGELOG.md#v940---2022-03-08 |
Quick fix is to comment out the following line in
|
I do not have anything like \Illuminate\Contracts\Session\Middleware\AuthenticatesSessions::class, in Illuminate\Foundation\Http\Kernel.php I tried to comment out this line instead: but it did not help. I'm still getting log out. |
And I'd like to comment one important thing to the maintainer of this package. |
This should now be fixed if you upgrade to Laravel Framework 9.5.1: laravel/framework#41491 Update: after checking, it didn't resolve it for me, still experiencing the same issue. |
@core45 I fixed this one by updating the middleware of the routes generated by jetstream -Route::group(['middleware' => ['auth:sanctum', 'verified']], function (): void {
+Route::group(['middleware' => ['auth:web', 'verified']], function (): void {
//
}); Im using laravel nova to impersonate and nova is using a This package when impersonating is logging in the user using the current guard which is |
So, either removing |
@seabasss
So basically if you do not need sanctum in your web routes, use But nevertheless it would be interesting to know why impersonation with |
Thanks for the info! It actually worked in 9 for me up until v9.4. And it works with sanctum for me after updating some files to reflec latest jetstream, however it doesn’t work if I add the new jetstream config parameter in the route middleware. |
A simple solution to get the impersonating working for a Jetstream/Sanctum setup is to use the event TakeImpersonation and add the missing session key required for Sanctum authentification
still working on the LeaveImpersonation. |
Facing the same issue any luck? |
Where do you put that? Thx |
You put it in the boot method of your EventServiceProvider
|
I am using latest L9, without Jetstream, and impersonating gets me to login page. If I comment AuthenticateSession middleware, it works. Did anyone face this issue too ? How did you solve it ? |
All cool and beans mate, thanks a lot, I think this is the cleanest of the options. Were you able to get the LeaveImpersonation working too? |
Sadly not, Its not currently a problem, as when logging in as an admin user, i just redirect to the admin area instead. |
I was able to get leave working thanks to @matt127127 @m7vm7v looks like there is an impersonator object on the event, for anyone else just throw this in a listener or right on the web.php Event::listen(\Lab404\Impersonate\Events\TakeImpersonation::class,
function(\Lab404\Impersonate\Events\TakeImpersonation $event) {
session()->put('password_hash_sanctum', $event->impersonated->getAuthPassword());
});
Event::listen(\Lab404\Impersonate\Events\LeaveImpersonation::class,
function(\Lab404\Impersonate\Events\LeaveImpersonation $event) {
session()->put('password_hash_sanctum', $event->impersonator->getAuthPassword());
});
``` |
@illusive-ch I have tried using the LeaveImpersonation::class but to no avail, If you manage to get it working i would love to see how you did it. |
@matt127127 thats exactly what I put in my routes file to get it to stop from logging out when u leave impersonation. |
@illusive-ch What version of Laravel are you using, i'm using 9.17 and it just doesn't want to play ball for me. |
@matt127127
When I set this up I setup my own routes as well let me get the code for you: Event::listen(\Lab404\Impersonate\Events\TakeImpersonation::class,
function(\Lab404\Impersonate\Events\TakeImpersonation $event) {
session()->put('password_hash_sanctum', $event->impersonated->getAuthPassword());
});
Event::listen(\Lab404\Impersonate\Events\LeaveImpersonation::class,
function(\Lab404\Impersonate\Events\LeaveImpersonation $event) {
session()->put('password_hash_sanctum', $event->impersonator->getAuthPassword());
});
Route::middleware([
'superadmin'])
->name('admin.')
->prefix('admin')
->group(function () {
Route::resource('user', \App\Http\Controllers\Admin\UserController::class);
Route::get('user/{user}/impersonate', '\App\Http\Controllers\Admin\UserController@impersonate')->name('user.impersonate');
Route::get('user/{user}/leave-impersonate', '\App\Http\Controllers\Admin\UserController@leaveImpersonate')->name('user.leave-impersonate');
}); Usercontroller.php public function impersonate(User $user)
{
auth()->user()->impersonate($user);
return redirect()->route('dashboard');
}
public function leaveImpersonate()
{
auth()->user()->leaveImpersonation();
return redirect()->route('dashboard');
} Let me know if that works for you |
@illusive-ch Sadly that didn't work, it seemed to make it worse for me, i couldn't even impersonate. |
For me it is working with default setup of this module without any events on local valet setup but not on production server (forge). I am using spatie/laravel-permissons and sanctum with Jetstream |
Still facing this issue with Jetstream.. |
@arumcomputer Only trying to assist .... What do you have in your LaravelProject/config/jetstream.php file? |
I am very very thankful for your assist. Waited so long... 'stack' => 'livewire', But I do find "jetstream.guard" in the vendor folder. Maybe I can just add that directive to my config file? |
@arumcomputer, No problem, let's see if we can get it sorted.
|
ok, just added 'guard' => 'web' and it does not work for me. But what is that... Which class do you use here? |
Yeah its |
@apydevs does not fix it. I can't believe it's to hard. |
In your web route, files are you is auth: sanctum. anywhere. ? |
Yes, I am using auth:sanctum in a route group. |
Out of interest does change this to auth:web make a difference? |
with auth:web instead of auth:sanctum the impersonation works as expected. But I don't know if any other authentication does throw an unexpected exception now. |
Well that's the first step getting it working as expected , i know sanctum is built more for SPA & mobile applications, and simple, token based APIs. From what i can tell your using the livewire stack, so shouldn't affect it. if you planning on using the user API feature within jetstream it may be worth going through and checking that & accessing from postman just to be sure. |
I am using auth:sanctum in api route and my app is working. I tested the frontend as well and it seems to work. I ask myself why I was using auth:sanctum in web route. |
I think you will find when you did the php artisan jetstream:install livewire --teams it changes all the auth:web to auth:sanctum |
I'm using this:
|
oh yes, I am using team feature. Does it need to be auth:sanctum for that or will it be fine with auth:web? Do you have another solution to use impersonation with auth:sanctum? |
@arumcomputer Not with auth: sanctum as of yet, I'm using teams with Auth: web and it's been fine. |
@seabasss does this log you out when impersonating a user? |
ok i will continue using auth:web |
Only sometimes if I visit their profile page. |
|
Good call. It hasn't been too much of an issue for me and I think it was some weird thing that if I impersonated one user it worked, but if I switched and visited the profile page I got logged out. |
Thanks a lot |
Hi, I don't think the problem has been resolved. web.php Route::middleware(['auth:web', config('jetstream.auth_session'), 'verified',])->group(function () {
Route::impersonate();
/* other routes */
}); Livewire Function public function ImpersonateUser($id = null)
{
if ($id != null) {
session()->put(['impersonate' => $id]);
Auth::user()->impersonate(User::find($id));
$this->redirect(route('dashboard'));
}
}
app.php
```php
'providers' => ServiceProvider::defaultProviders()->merge([
/*
* Package Service Providers...
*/
/*
* Application Service Providers...
*/
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
// App\Providers\BroadcastServiceProvider::class,
App\Providers\EventServiceProvider::class,
App\Providers\RouteServiceProvider::class,
App\Providers\FortifyServiceProvider::class,
App\Providers\JetstreamServiceProvider::class,
Lab404\Impersonate\ImpersonateServiceProvider::class,
])->toArray(), composer.json {
"name": "laravel/laravel",
"type": "project",
"description": "The skeleton application for the Laravel framework.",
"keywords": [
"laravel",
"framework"
],
"license": "MIT",
"require": {
"php": "^8.1",
"danielme85/laravel-log-to-db": "^4.0",
"djokicpn/laravel-email-audit-log": "^1.0",
"guzzlehttp/guzzle": "^7.2",
"lab404/laravel-impersonate": "^1.7",
"laravel/framework": "^10.10",
"laravel/jetstream": "^4.0",
"laravel/sanctum": "^3.2",
"laravel/tinker": "^2.8",
"livewire/livewire": "^3.0",
"power-components/livewire-powergrid": "^5.1",
"spatie/laravel-medialibrary": "^10.0.0",
"spatie/laravel-permission": "^5.11",
"wire-elements/modal": "^2.0",
"wireui/wireui": "*"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.9",
"fakerphp/faker": "^1.9.1",
"laravel/pint": "^1.0",
"laravel/sail": "^1.18",
"mockery/mockery": "^1.4.4",
"nunomaduro/collision": "^7.0",
"phpunit/phpunit": "^10.1",
"spatie/laravel-ignition": "^2.0"
},
"autoload": {
"psr-4": {
"App\\": "app/",
"Database\\Factories\\": "database/factories/",
"Database\\Seeders\\": "database/seeders/"
},
"exclude-from-classmap": [
"vendor/livewire/livewire/src/Features/SupportLegacyModels/EloquentModelSynth.php"
],
"files": [
"app/Http/General.php",
"app/Overrides/EloquentModelSynth.php"
]
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"scripts": {
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
"@php artisan package:discover --ansi"
],
"post-update-cmd": [
"@php artisan vendor:publish --tag=laravel-assets --ansi --force"
],
"post-root-package-install": [
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate --ansi"
]
},
"extra": {
"laravel": {
"dont-discover": []
}
},
"config": {
"optimize-autoloader": true,
"preferred-install": "dist",
"sort-packages": true,
"allow-plugins": {
"pestphp/pest-plugin": true,
"php-http/discovery": true
}
},
"minimum-stability": "stable",
"prefer-stable": true
} Any idea? |
What I had to do to get things working on a Laravel 10.42.0 Jetstream/Inertia app: In the boot method of Event::listen(function (\Lab404\Impersonate\Events\TakeImpersonation $event) {
session()->put('password_hash_sanctum', $event->impersonated->getAuthPassword());
});
Event::listen(\Lab404\Impersonate\Events\LeaveImpersonation::class, function(\Lab404\Impersonate\Events\LeaveImpersonation $event) {
session()->put('password_hash_sanctum', $event->impersonator->getAuthPassword());
}); And also ensuring that the Impersonation routes explicitly had Route::controller(ImpersonateUserController::class)
->middleware(['auth:web']) // this is the important part
->prefix('/impersonate')
->as('impersonate.')
->group(function () {
Route::post('/{user}', 'store')
->name('store');
Route::delete('/', 'destroy')
->name('destroy');
}); |
For anyone dealing with this still and not using the Event::listen(function (\Laravel\Nova\Events\StartedImpersonating $event) {
session()->put('password_hash_sanctum', $event->impersonated->getAuthPassword());
});
Event::listen(\Laravel\Nova\Events\StoppedImpersonating::class, function(\Laravel\Nova\Events\StoppedImpersonating $event) {
session()->put('password_hash_sanctum', $event->impersonator->getAuthPassword());
}); Works. |
Spoke maybe too soon. Once I'm impersonating, I can't get back to Nova. I just need to log out of the impersonated user and then log back in as myself. Not sure if this is intended behavior? |
Doesn't Nova come with impersonation built-in now?
|
It does but it keeps logging me out. Also using Jetstream. Honestly didn't realize I was posting in a different package's issues. I think I need to go to bed 🫤 |
I've installed the package as described and tried to impersonate other user.
But I'm always getting logged out.
Here is my code:
$anotherUser = User::find(9);
Auth::user()->impersonate($anotherUser);
return redirect()->route('dashboard');
The text was updated successfully, but these errors were encountered: