jomweb/cake-impersonate

Impersonate plugin for CakePHP 3

CakeImpersonate Plugin

, _(*1)

Impersonate Component

A component that stores the current authentication session and creates new session for impersonating Users. User can revert back to original authentication sessions without the need to re-login., _(*2)

Warning

Always double check that an attacker cannot "spoof" other users in the controller actions. To prevent hijacking of users accounts that the current request User shouldn't/wouldn't have normal access to. You should enable CsfrComponent and SecurityComponent in your Controller when loading this component., _(*3)

This Plugin does circumvent default authentication mechanisms, _(*4)

Requirement

1. CakePHP 3.7 and above.

Installation/Upgrading

composer require jomweb/cake-impersonate:"^3.0", _(*5)

Plugin Load

Open \src\Application.php add, _(*6)

$this->addPlugin('CakeImpersonate');

to your bootstrap() method or call bin/cake plugin load CakeImpersonate, _(*7)

Component Load

Load the component from controller, _(*8)

$this->loadComponent('CakeImpersonate.Impersonate'); 

Configure Session Key

Open configure\app.php and add, _(*9)

'Impersonate' => [
    'sessionKey' => 'OriginalAuth'
]

to the return []; or use Configure::write('Impersonate.sessionKey', 'OriginalAuth'); when loading the component., _(*10)

Usage

Impersonate user

This requires the request to be a POST, PUT, DELETE so it can be protected by SecurityComponent and CsrfComponent, _(*11)

$this->Impersonate->login($userIdToImpersonate);

Check current user is impersonated

$this->Impersonate->isImpersonated();

Logout from impersonating

$this->Impersonate->logout();