{"id":13415488,"url":"https://github.com/avallbona/Impostor","last_synced_at":"2025-03-14T23:30:41.766Z","repository":{"id":41898269,"uuid":"1386141","full_name":"avallbona/Impostor","owner":"avallbona","description":"Django app that enables staff to log in as other users using their own credentials.","archived":false,"fork":false,"pushed_at":"2025-02-03T18:31:35.000Z","size":94,"stargazers_count":159,"open_issues_count":3,"forks_count":31,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-02-14T23:12:19.059Z","etag":null,"topics":["django","hacktoberfest","impersonation","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/avallbona.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2011-02-19T13:28:41.000Z","updated_at":"2024-09-19T14:17:05.000Z","dependencies_parsed_at":"2023-01-31T01:00:25.308Z","dependency_job_id":"4f591247-cf62-4c93-bdfb-3b9b2227182c","html_url":"https://github.com/avallbona/Impostor","commit_stats":{"total_commits":69,"total_committers":10,"mean_commits":6.9,"dds":0.536231884057971,"last_synced_commit":"8d620eb5138d5624ae75ebb1097ecf71660b05bf"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avallbona%2FImpostor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avallbona%2FImpostor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avallbona%2FImpostor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avallbona%2FImpostor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/avallbona","download_url":"https://codeload.github.com/avallbona/Impostor/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239946877,"owners_count":19723014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["django","hacktoberfest","impersonation","python"],"created_at":"2024-07-30T21:00:49.679Z","updated_at":"2025-03-14T23:30:41.739Z","avatar_url":"https://github.com/avallbona.png","language":"Python","funding_links":[],"categories":["Third-Party Packages"],"sub_categories":["Admin"],"readme":"# Impostor\n\n[![pypi](https://img.shields.io/pypi/v/impostor.svg)](https://pypi.python.org/pypi/impostor/)\n[![codecov](https://codecov.io/gh/avallbona/Impostor/branch/master/graph/badge.svg)](https://codecov.io/gh/avallbona/Impostor)\n[![Downloads](https://pepy.tech/badge/impostor)](https://pepy.tech/project/impostor)\n[![Hit counter](http://hits.dwyl.com/avallbona/impostor.svg)](http://hits.dwyl.com/avallbona/impostor)\n[![Python versions](https://img.shields.io/pypi/pyversions/impostor.svg)](https://pypi.org/project/Impostor/)\n![PyPI - Django Version](https://img.shields.io/pypi/djversions/impostor)\n![Python package](https://github.com/avallbona/Impostor/workflows/python%20package/badge.svg?branch=master)\n![Upload Python Package](https://github.com/avallbona/Impostor/workflows/Upload%20Python%20Package/badge.svg?branch=master)\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/98d1f4b3225046e1aa839813b47bb44f)](https://www.codacy.com/manual/avallbona/Impostor?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=avallbona/Impostor\u0026amp;utm_campaign=Badge_Grade)\n\nImpostor is a Django application which allows staff members to login as\na different user by using their own username and password.\n\n**Login**\n\n![`Login`](https://i.imgur.com/TaoZyOh.png)\n\n**Logged as**\n\n![`Logged as`](https://i.imgur.com/db3fSi8.png)\n\n**Impostor log**\n\n![`Impostor log`](https://i.imgur.com/OQ9IWB7.png)\n\nEvery such authentication is recorded in database and listed in admin\ninterface to everyone with an access to ImpostorLog interface. However it is\nnot possible to delete log entries through admin interface to make covering\ntracks more difficult.\n\nImpostor was tested with Django 1.11 and above. It might work with\nother versions too. It also depends on Django's authentication system and\nassumes you use its usernames for authentication.\n\nImpostor is a [MMM](http://mmm.si) project  developed by Marko Samastur\n(markos@gaivo.net) and maintained by Andreu Vallbona (avallbona@gmail.com)  \nlicensed under MIT license.\n\n## Installation\n\nImpostor won't work, if you are not using Django's auth system. It currently\nuses settings AUTH_USER_MODEL(default: `django.contrib.auth.models.User`)\nUSERNAME_FIELD(default: `username`) or username as authentication parameter\nalong with password and user object _default_manager get_by_natural_key\nfunction for returning user object from USERNAME_FIELD.\n\nFirst install impostor app files as you would any other Django app\n\n```bash\npip install impostor\n```\n\nNext some changes to your Django settings file are inorder.\n\nAdd `impostor.backend.AuthBackend` To **AUTHENTICATION_BACKENDS** :\nThis will add impostor auth backend to other backends. **AUTHENTICATION_BACKENDS**\nis a tuple listing backends and if you don't have it yet, then add following\nlines to your settings:\n\n```python\nAUTHENTICATION_BACKENDS = (\n    'impostor.backend.AuthBackend',\n    'django.contrib.auth.backends.ModelBackend',\n)\n```\n\nAlso add `impostor` app to INSTALLED_APPS.\n\n```python\nINSTALLED_APPS = [\n    '...', \n    'impostor',\n]\n```\n\nIn order to be able to see the `user logged as anotheruser` in the django admin,\nbe sure to include the 'impostor' app before the 'django.contrib.admin' in the **INSTALLED_APPS**.\n\nRun\n\n```bash\npython manage.py migrate\n```\n\nto create needed table and you are set.\n\n## Usage\n\nBy now you should have a working system. This means that your superuser users\n(users with is_superuser flag set to True) can log in as different user by\nusing their password and following concatenation:\n\n```bash\nstaff_username as users_username\n```\n\nExample: Let's say my username is markos and I want to login as user fry.\nThen I would use '**markos as fry**' as my username and my normal password for\npassword.\n\nEvery such log in is logged in **ImpostorLog** table that can be seen through\nDjango admin interface, but for obvious security reasons can't be\nmanipulated there.\n\nYou can widen set of users who can impose as other users by adding a setting\n**IMPOSTOR_GROUP** to settings.py. Users belonging to a group with this name\nwill also be able to pretend to be somebody else (but not superusers).\n\nImpostor also provides a replacement authentication form, because two\nusernames can easily exceed 30 character limit of original form. Its name\nis **BigAuthenticationForm** and you can find it in impostor.forms.\n\nNOTE: Only superuser users can use this (you have to turn on is_superuser\nfor every user that needs this privilege) or those belonging to\nIMPOSTOR_GROUP and every such log in gets recorded.\n\nAlso use IMPOSTOR_GROUP cautiously because it still allows impersonating\nsomebody with different set of permissions (and hence security breach).\n\n## Contributing\n\nContributions are very welcome. Tests can be run with [tox](https://tox.readthedocs.io/en/latest/), please ensure\nthe coverage at least stays the same before you submit a pull request.\n\n## Local development\n\nInstall all the python interpreters you need via [pyenv](https://github.com/pyenv/pyenv). E.g.:\n\n```bash\npyenv install 3.9.2\npyenv install 3.8.8\npyenv install 3.7.7\npyenv install 3.6.13\npyenv install 3.5.3\n```\n\nand then make them global with:\n\n```bash\npyenv global 3.9.2 3.8.8 3.7.7 3.6.13 3.5.3 \n```\n\nRun the tests\n\n```bash\ntox\n```\n\n## Issues\n\nIf you encounter any problems, please [file an issue](https://github.com/avallbona/impostor/issues) along with a detailed description.\n\n## TODO/Wishlist\n\n  * record when impostor logs out\n  * mark \"hijacked\" requests (so impostor can tell when he is using website as\n    somebody else and avoid doing something stupid or that you can limit what is\n    doable in such case)\n  * framework for easy notification of hijacked users (so you can notify them\n    that their account has been accessed if you wish)\n  * add some tests to improve the coverage\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favallbona%2FImpostor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favallbona%2FImpostor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favallbona%2FImpostor/lists"}