first commit

Author: ukeloop

.gitattributes

@@ -0,0 +1,5 @@
+/.gitattributes  export-ignore
+/.gitignore      export-ignore
+/phpunit.xml     export-ignore
+/tests           export-ignore
+/README.md       export-ignore

.gitignore

@@ -0,0 +1,7 @@
+/vendor
+composer.phar
+composer.lock
+.DS_Store
+.idea
+.phpunit.cache
+.phpunit.result.cache

LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 ukeloop
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

README.md

@@ -0,0 +1,150 @@
+# Laravel Impersonate Guard
+
+This is a guard implementation in Laravel for handling user impersonation. It extends Laravel's `SessionGuard` and provides additional methods for impersonation-related functionality.
+
+User impersonation is a feature that enables an administrator or privileged user to temporarily assume the identity of another user within the application. This capability proves valuable for troubleshooting, testing user-specific features, or providing support.
+
+Moreover, It supports multiple authentication guards. For example, admin guard users can also impersonate web guard users.
+
+## Security Considerations
+
+User impersonation should be used with caution, especially in production environments. It's important to properly authenticate and authorize users before allowing them to impersonate others. Additionally, sensitive actions or pages should be protected from access while in impersonation mode to prevent unauthorized use.
+
+## Installation
+
+You can install this package via Composer:
+
+```bash
+composer require ukeloop/laravel-impersonatable-guard
+```
+
+## Configuration
+
+Update your authentication configuration to use the `ImpersonatableSessionGuard` instead of Laravel's default `SessionGuard`. You need to replace the driver from `session` to `impersonatable.session`:
+
+```php
+// config/auth.php
+
+'guards' => [
+    'web' => [
+        'driver' => 'impersonatable.session',
+        'provider' => 'users',
+    ],
+],
+```
+
+## Usage
+
+### Impersonate Users
+
+Start impersonating the specified user. This method takes an instance of `Illuminate\Contracts\Auth\Authenticatable` representing the user to impersonate.
+
+```php
+Auth::guard('web')->impersonate($user);
+```
+
+### Once Impersonate Users
+
+Temporarily impersonate the specified user for a single request. This method is useful for actions that need to be performed as another user without permanently switching the user context.
+
+```php
+Auth::guard('web')->onceImpersonate($user);
+```
+
+### Exit Impersonation
+
+Stop impersonating the current user and return to the original user context.
+
+```php
+Auth::guard('web')->exitImpersonation();
+```
+
+### Get Original User
+
+Get the original user that was being impersonated.
+
+```php
+$originalUser = Auth::guard('web')->originalUser();
+```
+
+### Check Currently impersonated state
+
+Check if the guard is currently in an impersonated state.
+
+```php
+$isImpersonated = Auth::guard('web')->impersonated();
+```
+
+## Protect Impersonation With Middleware
+
+You can use the middleware `impersonation.protect` to protect your routes against user impersonation. This middleware ensures that users cannot access certain routes while impersonating another user.
+
+```php
+Route::get('/protect-form-impersonation', 'ExampleController@handleImportantRequest')->middleware('impersonation.protect');
+```
+
+Protect with specified guards:
+
+```php
+Route::get('/protect-form-impersonation', 'ExampleController@handleImportantRequest')->middleware('impersonation.protect:specified-guard');
+```
+
+## Example Impersonation Controller
+
+Example controller for impersonating users:
+
+```php
+use App\Models\User;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Support\Facades\Auth;
+use RuntimeException;
+use Ukeloop\ImpersonatableGuard\Contracts\ImpersonatableGuard;
+
+class ImpersonationController extends Controller
+{
+    /**
+     * Start impersonating the specified user.
+     */
+    public function impersonate(User $user): RedirectResponse 
+    {
+        $guard = Auth::guard('web');
+
+        if (!$guard instanceof ImpersonatableGuard) {
+            throw new RuntimeException('This guard is not allowed to impersonate.');
+        }
+
+        $guard->impersonate($user);
+
+        return redirect('/');
+    }
+
+    /**
+     * Stop impersonating the current user and return to the original user context.
+     */
+    public function exit(): RedirectResponse 
+    {
+        $guard = Auth::guard('web');
+
+        if (!$guard instanceof ImpersonatableGuard) {
+            throw new RuntimeException('This guard is not allowed to impersonate.');
+        }
+
+        $guard->exitImpersonation();
+
+        return redirect('/');
+    }
+}
+```
+
+## Custom Impersonate Guard
+
+You can create custom impersonate guards by implementing `Ukeloop\ImpersonatableGuard\Contracts\ImpersonatableGuard`.
+
+```php
+use Ukeloop\ImpersonatableGuard\Contracts\ImpersonatableGuard;
+
+class CustomImpersonateGuard implements ImpersonatableGuard 
+{
+    // Define your own logic
+}
+```

composer.json

@@ -0,0 +1,51 @@
+{
+    "name": "ukeloop/laravel-impersonatable-guard",
+    "description": "Laravel Impersonate Guard enables seamless user impersonation with enhanced security features for Laravel applications.",
+    "keywords": [
+        "laravel"
+    ],
+    "type": "library",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "ukeloop"
+        }
+    ],
+    "require": {
+        "php": "^8.1",
+        "illuminate/auth": "^10.0|^11.0",
+        "illuminate/contracts": "^10.0|^11.0",
+        "illuminate/http": "^10.0|^11.0",
+        "illuminate/support": "^10.0|^11.0",
+        "illuminate/queue": "^10.0|^11.0"
+    },
+    "require-dev": {
+        "orchestra/testbench": "^8.8|^9.0",
+        "larastan/larastan": "^2.0",
+        "laravel/pint": "^1.13"
+    },
+    "autoload": {
+        "psr-4": {
+            "Ukeloop\\ImpersonatableGuard\\": "src/"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Ukeloop\\ImpersonatableGuard\\Tests\\": "tests/"
+        }
+    },
+    "extra": {
+        "laravel": {
+            "providers": [
+                "Ukeloop\\ImpersonatableGuard\\ImpersonatableGuardServiceProvider"
+            ]
+        }
+    },
+    "minimum-stability": "dev",
+    "prefer-stable": true,
+    "scripts": {
+        "pint": "./vendor/bin/pint -v",
+        "phpstan": "phpstan analyse --memory-limit=1G",
+        "test": "phpunit"
+    }
+}

phpstan.neon

@@ -0,0 +1,11 @@
+includes:
+    - ./vendor/larastan/larastan/extension.neon
+
+parameters:
+
+    paths:
+        - src
+
+    level: 9
+
+    checkMissingIterableValueType: false

phpunit.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        bootstrap="vendor/autoload.php"
+        backupGlobals="false"
+        colors="true"
+        processIsolation="false"
+        stopOnFailure="false"
+        xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.5/phpunit.xsd"
+        backupStaticProperties="false"
+>
+    <testsuites>
+        <testsuite name="Package Test Suite">
+            <directory>tests</directory>
+        </testsuite>
+    </testsuites>
+    <source>
+        <include>
+            <directory suffix=".php">src/</directory>
+        </include>
+    </source>
+</phpunit>

src/Contracts/ImpersonatableGuard.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace Ukeloop\ImpersonatableGuard\Contracts;
+
+use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
+use Illuminate\Contracts\Auth\StatefulGuard;
+
+interface ImpersonatableGuard extends StatefulGuard
+{
+    public function impersonate(AuthenticatableContract $user): void;
+
+    public function onceImpersonate(AuthenticatableContract $user): void;
+
+    public function exitImpersonation(): void;
+
+    public function originalUser(): ?AuthenticatableContract;
+
+    public function impersonated(): bool;
+}

src/Events/ExitImpersonation.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace Ukeloop\ImpersonatableGuard\Events;
+
+use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
+use Illuminate\Queue\SerializesModels;
+
+class ExitImpersonation
+{
+    use SerializesModels;
+
+    public function __construct(
+        public string $guard,
+        public ?AuthenticatableContract $user,
+        public ?AuthenticatableContract $originalUser,
+    ) {
+    }
+}

src/Events/Impersonate.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace Ukeloop\ImpersonatableGuard\Events;
+
+use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
+use Illuminate\Queue\SerializesModels;
+
+class Impersonate
+{
+    use SerializesModels;
+
+    public function __construct(
+        public string $guard,
+        public AuthenticatableContract $user,
+        public ?AuthenticatableContract $originalUser,
+    ) {
+    }
+}