Admin Impersonation Robustness & Safety #324
Description
Admin Impersonation Robustness & Safety
Description:
The Admin Impersonation feature has been implemented to allow admins to log in as users for debugging. However, several safety and auditing features were deferred and need to be implemented to make this feature production-hardened.
Tasks:
- Audit Logging
- Create a Firestore collection
admin_audit_logs. - Log every successful impersonation event (Admin UID, Target UID, Timestamp, Reason).
- Log every failed attempt.
- Create a Firestore collection
- Analytics Guard
- Implement a mechanism to prevent analytics (Google Analytics, Mixpanel, etc.) from tracking events when a user is being impersonated.
- Check for the
impersonatedByclaim in the auth token and disable analytics initialization or sending if present.
- Safety Rules (Firestore Security)
- Update Firestore Security Rules to restrict destructive actions when
request.auth.token.impersonatedByis present. - Prevent
deleteoperations on user data while impersonating to avoid accidental data loss. - Consider creating a "Read-Only" mode for impersonation.
- Update Firestore Security Rules to restrict destructive actions when