lasso-media/cake-impersonate

Impersonate plugin for CakePHP 4

Maintainers

Details

github.com/lasso-media/cake-impersonate

Source

Installs: 1

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 3

Type:cakephp-plugin

3.0.0 2019-01-21 21:58 UTC

Requires

Requires (Dev)

MIT a9e2e0110c6dc8f5e8f79e868d1409d506f43bec

This package is auto-updated.

Last update: 2024-04-10 16:18:02 UTC

README

Impersonate Component

A component that stores the current authentication session and creates new session for impersonating Users. User can revert back to original authentication sessions without the need to re-login.

Warning

Always double check that an attacker cannot "spoof" other users in the controller actions. To prevent hijacking of users accounts that the current request User shouldn't/wouldn't have normal access to. You should enable CsfrComponent and SecurityComponent in your Controller when loading this component.

This Plugin does circumvent default authentication mechanisms

Requirement

  1. CakePHP 4.x

Installation/Upgrading

composer require lasso-media/cake-impersonate:"^3.0"

Plugin Load

Open \src\Application.php add

$this->addPlugin('CakeImpersonate');

to your bootstrap() method or call bin/cake plugin load CakeImpersonate

Component Load

Load the component from controller

$this->loadComponent('CakeImpersonate.Impersonate');

Configure Session Key

Open configure\app.php and add

'Impersonate' => [
    'sessionKey' => 'OriginalAuth'
]

to the return []; or use Configure::write('Impersonate.sessionKey', 'OriginalAuth'); when loading the component.

Usage

Impersonate user

This requires the request to be a POST, PUT, DELETE so it can be protected by SecurityComponent and CsrfComponent

$this->Impersonate->login($userIdToImpersonate);

Check current user is impersonated

$this->Impersonate->isImpersonated();

Logout from impersonating

$this->Impersonate->logout();