How to impersonate a user in Laravel?

|
| By Webner

Steps to impersonate a user in Laravel (Login As another user)

Impersonate functionality allows you to impersonate other users, in order to see the application from their point of perspective, without having to log out and log in again. For instance, as an Super Admin, you want to recreate a bug encountered by one of your users, without knowing their password.

To implement it in your laravel web-service, follow the below steps one by one:

Step 1: Laravel provide a package to achieve this functionality.

a) Run the following command to install the package:

composer require lab404/laravel-impersonate

b) Add the service provider in your config/app.php:

'providers' => [
    // ...
    Lab404\Impersonate\ImpersonateServiceProvider::class,
],

c) Add “Impersonate” trait to your User model.

use Lab404\Impersonate\Models\Impersonate;
class User extends Authenticatable{
    use Impersonate;

d) This package comes with a configuration file. To publish that configuration file execute the following command:

php artisan vendor:publish --tag=impersonate

This config file contains information related to redirecting route at the time of login and logout, along with the session key which stores the original user id while impersonating other user.

Step 2: Create two routes in your web.php file.

Route::get ( 'impersonate/{user_id}', '<ControllerName>@<FunctionName>’ );
Route::get ( 'impersonate_leave', '<ControllerName>@<FunctionName>’ );

Step 3: Open your controller file and add below two functions in it.

public function impersonate( $user_id ){  
        if( $user_id != ' '){
            $user = User::find($user_id);
            Auth::user()->impersonate($user);
            return redirect('/');
        }
        return redirect()->back();
 }
public function impersonate_leave(){
        Auth::user()->leaveImpersonation();
        return redirect('/');
}

Step 4: Create an impersonate button which allows user to log into other user’s panel. For this, create a table view on front end where all the users will be listed with impersonate button against each. To show this button add following code in listing loop:

<a href=".route('impersonate',<Add_User_Id>)." data-toggle='tooltip' data-placement='top' title='Impersonate' class='icon-style'><i class='fa fa-user-secret fa-lg'></i></a>

When user will click on it, he will logged in as the user whose “ID” is passed to the “impersonate” function. Additionally, to show a revert link to log in as a original user back, add the below html code in your header file.

@if(session('impersonated_by') )
                                <li><a href="{{ route('impersonate_leave') }}">Back to my
                                        account</a></li> 
                      @else
                                <li><a href="{{ route('logout') }}">Logout</a></li> 
@endif

This shows “Back to my account” link instead of “Logout”.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *