/rodauth-become_account

Easily switch between Rodauth accounts

Primary LanguageRuby

Become Account feature for Rodauth

This Rodauth feature allows you to easily switch into another Rodauth account, without requiring that specific accounts password.

A nice bonus is that it remembers your original account, so when you log out of the temporary account, you're logged back in as you.

Installation

Add this line to your application's Gemfile:

gem "rodauth-become_account"

And then execute:

$ bundle

Or install it yourself as:

$ gem install rodauth-become_account

Usage

To use the become account feature requires two steps.

The first is to enable the feature:

class App < Roda
  plugin :rodauth do
    enable :become_account
  end
end

And the second is to setup a route to become an account:

class App < Roda
  plugin :rodauth do
    enable :become_account
  end

  route do |r|
    r.is "become", :id do |id|
      # Authenticate the request to allow this action.
      #
      # Can be done multiple ways. For this example, we're just going to allow
      # all become_account actions if running in development mode.
      #
      # You want to ensure you protect this route somehow.
      if ENV["RACK_ENV"] != "development"
        r.halt([401, { "Content-Type" => "text/html" }, ["Access denied"]])
      end

      # Perform your account lookup.
      account = DB[:accounts][id: id.to_i]

      # Optional.
      flash[:notice] = "You've successfully became #{account[:email]}"

      # Switch accounts using the become_account feature.
      rodauth.become_account(account)
    end
  end
end

Edgecases

It's possible that 2-factor authentication will cause issues becoming users who have that feature enabled. If you experience that issue, open a discussion so we can possibly work around it.

Where's my routes?

Most of Rodauth's features enable routes by default, allowing you to get up and running immediately. I wanted to do that with this feature, but I didn't want to risk exposing a feature to become any-account without any forethought.

So with that said, you need to implement your own route that allows an account to become another account.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/adam12/rodauth-become_account.

I love pull requests! If you fork this project and modify it, please ping me to see if your changes can be incorporated back into this project.

That said, if your feature idea is nontrivial, you should probably open an issue to discuss it before attempting a pull request.

License

The gem is available as open source under the terms of the MIT License.