Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[11.x] Auth User Impersonation #51031

Draft
wants to merge 7 commits into
base: 11.x
Choose a base branch
from
+184 −0
Draft

[11.x] Auth User Impersonation #51031

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7bde396
Add ability to impersonate users
stevebauman Apr 11, 2024
b964824
Add tests
stevebauman Apr 11, 2024
5580480
Logout user if impersonator cannot be retrieved
stevebauman Apr 11, 2024
565851b
Add test
stevebauman Apr 11, 2024
a737274
Prevent nested impersonation
stevebauman Apr 12, 2024
44c7c66
Merge condition
stevebauman Apr 12, 2024
388255c
Implement session regeneration
stevebauman Apr 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Prevent nested impersonation
  • Loading branch information
@stevebauman
stevebauman committed Apr 12, 2024
commit a737274f40cb75a0b5cf694c0ae3e5193c59bac2
4 changes: 4 additions & 0 deletions src/Illuminate/Auth/SessionGuard.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,10 @@ protected function userFromRecaller($recaller)
*/
public function impersonate(AuthenticatableContract $user)
{
if ($this->impersonating()) {
throw new AuthenticationException('Cannot impersonate while already impersonating.');
}

if (! $authenticated = $this->user()) {
throw new AuthenticationException('Cannot impersonate without a currently authenticated user.');
stevebauman marked this conversation as resolved.
Show resolved Hide resolved
}
Expand Down
14 changes: 14 additions & 0 deletions tests/Auth/AuthGuardTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -661,6 +661,7 @@ public function testImpersonate()
$impersonated = m::mock(Authenticatable::class);
$impersonated->shouldReceive('getAuthIdentifier')->once()->andReturn('bar');

$mock->getSession()->shouldReceive('has')->with($mock->getImpersonationName())->once()->andReturn(false);
$mock->getSession()->shouldReceive('get')->with($mock->getName())->once()->andReturn('foo');
$mock->getProvider()->shouldReceive('retrieveById')->once()->with('foo')->andReturn($impersonator);
$mock->getSession()->shouldReceive('put')->with($mock->getImpersonationName(), 'foo')->once();
Expand All @@ -670,13 +671,26 @@ public function testImpersonate()
$mock->impersonate($impersonated);
}

public function testImpersonateThrowsWhenAlreadyImpersonating()
{
$this->expectException(AuthenticationException::class);
$this->expectExceptionMessage('Cannot impersonate while already impersonating.');

$mock = $this->getGuard();

$mock->getSession()->shouldReceive('has')->with($mock->getImpersonationName())->once()->andReturn(true);

$mock->impersonate(m::mock(Authenticatable::class));
}

public function testImpersonateThrowsWhenUserIsNotAuthenticated()
{
$this->expectException(AuthenticationException::class);
$this->expectExceptionMessage('Cannot impersonate without a currently authenticated user.');

$mock = $this->getGuard();

$mock->getSession()->shouldReceive('has')->with($mock->getImpersonationName())->once()->andReturn(false);
$mock->getSession()->shouldReceive('get')->with($mock->getName())->once()->andReturn(null);

$mock->impersonate(m::mock(Authenticatable::class));
Expand Down