https://github.com/jomweb/CakeImpersonate

CakePHP Impersonate Plugin
https://github.com/jomweb/CakeImpersonate

authentication cakephp-plugin cakephp3 cakephp3x impersonating-users

Last synced: 7 days ago
JSON representation

CakePHP Impersonate Plugin

• Host: GitHub
• URL: https://github.com/jomweb/CakeImpersonate
• Owner: jomweb
• License: mit
• Created: 2017-10-28T14:17:28.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2020-01-08T00:56:15.000Z (over 5 years ago)
• Last Synced: 2025-04-22T12:11:56.049Z (15 days ago)
• Topics: authentication, cakephp-plugin, cakephp3, cakephp3x, impersonating-users
• Language: PHP
• Homepage:
• Size: 76.2 KB
• Stars: 7
• Watchers: 5
• Forks: 3
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-cakephp - CakeImpersonate plugin - A component that stores the current authentication session and creates new session for impersonating Users. User can revert back to original authentication sessions without the need to re-login. (Miscellaneous)

README

        
# CakeImpersonate Plugin

[![Build Status](https://travis-ci.org/jomweb/CakeImpersonate.svg?branch=master)](https://travis-ci.org/jomweb/CakeImpersonate)

[![Coverage Status](https://codecov.io/gh/jomweb/CakeImpersonate/branch/master/graph/badge.svg)](https://codecov.io/gh/jomweb/CakeImpersonate)

[![Latest Stable Version](https://poser.pugx.org/jomweb/cake-impersonate/v/stable.svg)](https://packagist.org/packages/jomweb/cake-impersonate)

[![Minimum PHP Version](http://img.shields.io/badge/php-%3E%3D%205.6-8892BF.svg)](https://php.net/)

[![License](https://poser.pugx.org/jomweb/cake-impersonate/license.svg)](https://packagist.org/packages/jomweb/cake-impersonate)

[![Total Downloads](https://poser.pugx.org/jomweb/cake-impersonate/d/total.svg)](https://packagist.org/packages/jomweb/cake-impersonate)

# Impersonate Component

A component that stores the current authentication session and creates new session for impersonating Users. User can revert back to original authentication sessions without the need to re-login.

## Warning

Always double check that an attacker cannot "spoof" other users in the controller actions. To prevent hijacking of users accounts that the current request User shouldn't/wouldn't have normal access to. You should enable [CsfrComponent](https://book.cakephp.org/3.0/en/controllers/components/csrf.html) and [SecurityComponent](https://book.cakephp.org/3.0/en/controllers/components/security.html) in your Controller when loading this component.

***This Plugin does circumvent default authentication mechanisms***

## Requirement

1. CakePHP 3.7 and above.

## Installation/Upgrading

`

composer require jomweb/cake-impersonate:"^3.0"

`

### Plugin Load

Open \src\Application.php add

```php

$this->addPlugin('CakeImpersonate');

```

to your bootstrap() method or call `bin/cake plugin load CakeImpersonate`

### Component Load

Load the component from controller

```php

$this->loadComponent('CakeImpersonate.Impersonate'); 

```

### Configure Session Key

Open `configure\app.php` and add

```php

'Impersonate' => [

    'sessionKey' => 'OriginalAuth'

]

```

to the `return [];` or use `Configure::write('Impersonate.sessionKey', 'OriginalAuth');` when loading the component.

## Usage

### Impersonate user

This requires the request to be a `POST`, `PUT`, `DELETE` so it can be protected by `SecurityComponent` and `CsrfComponent`

```php

$this->Impersonate->login($userIdToImpersonate);

```

### Check current user is impersonated

```php

$this->Impersonate->isImpersonated();

```

### Logout from impersonating

```php

$this->Impersonate->logout();

```