/CakeImpersonate

CakePHP Impersonate Plugin

Primary LanguagePHPMIT LicenseMIT

CakeImpersonate Plugin

Build Status Coverage Status Latest Stable Version Minimum PHP Version License Total Downloads

Impersonate Component

A component that stores the current authentication session and creates new session for impersonating Users. User can revert back to original authentication sessions without the need to re-login.

Warning

Always double check that an attacker cannot "spoof" other users in the controller actions. To prevent hijacking of users accounts that the current request User shouldn't/wouldn't have normal access to. You should enable CsfrComponent and SecurityComponent in your Controller when loading this component.

This Plugin does circumvent default authentication mechanisms

Requirement

  1. CakePHP 3.7 and above.

Installation/Upgrading

composer require jomweb/cake-impersonate:"^3.0"

Plugin Load

Open \src\Application.php add

$this->addPlugin('CakeImpersonate');

to your bootstrap() method or call bin/cake plugin load CakeImpersonate

Component Load

Load the component from controller

$this->loadComponent('CakeImpersonate.Impersonate'); 

Configure Session Key

Open configure\app.php and add

'Impersonate' => [
    'sessionKey' => 'OriginalAuth'
]

to the return []; or use Configure::write('Impersonate.sessionKey', 'OriginalAuth'); when loading the component.

Usage

Impersonate user

This requires the request to be a POST, PUT, DELETE so it can be protected by SecurityComponent and CsrfComponent

$this->Impersonate->login($userIdToImpersonate);

Check current user is impersonated

$this->Impersonate->isImpersonated();

Logout from impersonating

$this->Impersonate->logout();