Using Laravel Fortify / Sanctum impersonate returns false

Question

Using Laravel Fortify / Sanctum impersonate returns false

sts-ryan-holton opened this issue a year ago · 5 comments

Hi, I'm using Laravel 10 as a backend to a Nuxt JS front-end. I've installed the package, when I send a request to login to my endpoint's function attached, my $impersonate variable returns false, why aren't I being logged in?

/**
 * Log in as a user
 *
 * @return \Illuminate\Http\Response
 */
public function loginAsUser(User $user, Request $request)
{
    $validator = Validator::make($request->all(), [
        'id' => 'required|numeric|exists:users,id'
    ]);

    if ($validator->fails()) {
        return new ApiValidationErrorResponse($validator->messages());
    }

    $user = User::with('company')->find(Auth::id());

    // must be on the default company
    if (!isset($user->company) || (isset($user->company) && !$user->company->is_system_default)) {
        return new ApiSuccessResponse(null, [
            'message' => "You cannot log in as other users unless on the system default company.",
        ], 400);
    }

    // double check that this user is a super admin
    if (!$user->hasRole('super_admin')) {
        return new ApiSuccessResponse(null, [
            'message' => "You are not allowed to log in as this user.",
        ], 400);
    }

    // get the user to login as
    $newUser = User::find($request->input('id'));

    $impersonate = $user->impersonate($newUser);

    return new ApiSuccessResponse($impersonate, [
        'newuser' => $newUser,
        'newuser2' => Auth::user()
    ]);
}

Answer 1 · 2023-08-15T08:22:10.000Z

I am facing same issue

Answer 2 · 2023-08-15T10:08:04.000Z

@neetu-mittal For me, interestingly, despite having the default_impersonator_guard config set to web, I actually had to override it in the impersonate function itself. After looking through the raw code (can't find it documented) it looks like the impersonate feature does optionally take in a guard param, this is what I did:

$newUser = User::find($request->input('switch_to'));
$impersonate = Auth::user()->impersonate($newUser, 'web');

In this context, switch_to is the ID of the User that I want to impersonate, Auth::user() is the currently authenticated user, so here I pass in the user object and then $impersonate does return true.

Hopefully this helps?

Answer 3 · 2023-12-08T12:43:54.000Z

try this - #141 (comment)