Fix session authentication issues #33
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi, I don't think the problem has been resolved. web.php Route::middleware(['auth:web', config('jetstream.auth_session'), 'verified',])->group(function () {
Route::impersonate();
/* other routes */
});Livewire Function public function ImpersonateUser($id = null)
{
if ($id != null) {
session()->put(['impersonate' => $id]);
Auth::user()->impersonate(User::find($id));
$this->redirect(route('dashboard'));
}
}app.php 'providers' => ServiceProvider::defaultProviders()->merge([
/*
* Package Service Providers...
*/
/*
* Application Service Providers...
*/
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
// App\Providers\BroadcastServiceProvider::class,
App\Providers\EventServiceProvider::class,
App\Providers\RouteServiceProvider::class,
App\Providers\FortifyServiceProvider::class,
App\Providers\JetstreamServiceProvider::class,
Lab404\Impersonate\ImpersonateServiceProvider::class,
])->toArray(),composer.json {
"name": "laravel/laravel",
"type": "project",
"description": "The skeleton application for the Laravel framework.",
"keywords": [
"laravel",
"framework"
],
"license": "MIT",
"require": {
"php": "^8.1",
"danielme85/laravel-log-to-db": "^4.0",
"djokicpn/laravel-email-audit-log": "^1.0",
"guzzlehttp/guzzle": "^7.2",
"lab404/laravel-impersonate": "^1.7",
"laravel/framework": "^10.10",
"laravel/jetstream": "^4.0",
"laravel/sanctum": "^3.2",
"laravel/tinker": "^2.8",
"livewire/livewire": "^3.0",
"power-components/livewire-powergrid": "^5.1",
"spatie/laravel-medialibrary": "^10.0.0",
"spatie/laravel-permission": "^5.11",
"wire-elements/modal": "^2.0",
"wireui/wireui": "*"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.9",
"fakerphp/faker": "^1.9.1",
"laravel/pint": "^1.0",
"laravel/sail": "^1.18",
"mockery/mockery": "^1.4.4",
"nunomaduro/collision": "^7.0",
"phpunit/phpunit": "^10.1",
"spatie/laravel-ignition": "^2.0"
},
"autoload": {
"psr-4": {
"App\\": "app/",
"Database\\Factories\\": "database/factories/",
"Database\\Seeders\\": "database/seeders/"
},
"exclude-from-classmap": [
"vendor/livewire/livewire/src/Features/SupportLegacyModels/EloquentModelSynth.php"
],
"files": [
"app/Http/General.php",
"app/Overrides/EloquentModelSynth.php"
]
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"scripts": {
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
"@php artisan package:discover --ansi"
],
"post-update-cmd": [
"@php artisan vendor:publish --tag=laravel-assets --ansi --force"
],
"post-root-package-install": [
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate --ansi"
]
},
"extra": {
"laravel": {
"dont-discover": []
}
},
"config": {
"optimize-autoloader": true,
"preferred-install": "dist",
"sort-packages": true,
"allow-plugins": {
"pestphp/pest-plugin": true,
"php-http/discovery": true
}
},
"minimum-stability": "stable",
"prefer-stable": true
}
Any idea? |
|
@Piket564 This package is a filament plugin, and it doesn't look like you are using filament in your code. Perhaps you meant to open this ticket on |
Yes, misclicked. Sorry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Laravel has a middleware
AuthenticateSessionthat stores the password hash for the currently logged-in user. When impersonating, this hash obviously isn't going to match.This is really something that
404labfr/laravel-impersonateshould handle. There are multiple tickets on this issue:404labfr/laravel-impersonate#134
404labfr/laravel-impersonate#154
404labfr/laravel-impersonate#162
404labfr/laravel-impersonate#156
... and others.
Making this issue trickier it that it seems Jetstream/Sanctum are storing the user and password hash in both the
webandsanctumsession keys. Clearing just thewebhash isn't enough.This PR now ensures the
sanctumkey is cleared, along with any other configured guards. I don't love this fix, and I'm still hoping that404labfr/laravel-impersonateultimately comes up with a better way to do impersonation with authenticated sessions. This isn't a Filament issue, and shouldn't be something this Filament package needs to handle.