jomweb / cake-impersonate
Impersonate plugin for CakePHP 3
Installs: 3 956
Dependents: 0
Suggesters: 0
Security: 0
Stars: 7
Watchers: 6
Forks: 3
Open Issues: 1
Type:cakephp-plugin
Requires
- php: >=7.2
- cakephp/cakephp: ^4.0.1
Requires (Dev)
This package is auto-updated.
Last update: 2024-04-08 11:02:36 UTC
README
Impersonate Component
A component that stores the current authentication session and creates new session for impersonating Users. User can revert back to original authentication sessions without the need to re-login.
Warning
Always double check that an attacker cannot "spoof" other users in the controller actions. To prevent hijacking of users accounts that the current request User shouldn't/wouldn't have normal access to. You should enable CsfrComponent and SecurityComponent in your Controller when loading this component.
This Plugin does circumvent default authentication mechanisms
Requirement
- CakePHP 3.7 and above.
Installation/Upgrading
composer require jomweb/cake-impersonate:"^3.0"
Plugin Load
Open \src\Application.php add
$this->addPlugin('CakeImpersonate');
to your bootstrap() method or call bin/cake plugin load CakeImpersonate
Component Load
Load the component from controller
$this->loadComponent('CakeImpersonate.Impersonate');
Configure Session Key
Open configure\app.php and add
'Impersonate' => [ 'sessionKey' => 'OriginalAuth' ]
to the return []; or use Configure::write('Impersonate.sessionKey', 'OriginalAuth'); when loading the component.
Usage
Impersonate user
This requires the request to be a POST, PUT, DELETE so it can be protected by SecurityComponent and CsrfComponent
$this->Impersonate->login($userIdToImpersonate);
Check current user is impersonated
$this->Impersonate->isImpersonated();
Logout from impersonating
$this->Impersonate->logout();