[admin] impersonation (@example only)

2025-09-27 15:05:38 -04:00 · 2021-11-28 12:19:37 +01:00 · 2021-11-28 12:19:37 +01:00 · 4431d1d1b7
commit 4431d1d1b7
parent 532a0ee0e2
3 changed files with 32 additions and 0 deletions
--- a/components/Account.vue
+++ b/components/Account.vue
@ -132,6 +132,11 @@
                <Icon v="trash-alt"/>
                <T>user.deleteAccount</T>
            </a>
+
+            <a v-if="impersonationActive" href="#" class="badge bg-light text-dark border border-primary" @click.prevent="stopImpersonation">
+                <Icon v="user-secret"/>
+                Stop impersonation
+            </a>
        </section>

        <div>
@ -177,6 +182,8 @@
                universalDomains: process.env.ALL_LOCALES_URLS.split(',').filter(x => x !== process.env.BASE_URL),

                logoutInProgress: false,
+
+                impersonationActive: !!this.$cookies.get('impersonator')
            }
        },
        async mounted() {
@ -284,6 +291,11 @@
            async uploaded(ids) {
                await this.setAvatar(`${process.env.BUCKET}/images/${ids[0]}-thumb.png`);
            },
+            async stopImpersonation() {
+                this.$cookies.set('token', this.$cookies.get('impersonator'));
+                this.$cookies.remove('impersonator');
+                window.location.reload();
+            },
        },
        computed: {
            ...mapState([
--- a/routes/admin.vue
+++ b/routes/admin.vue
@ -96,6 +96,11 @@
            {{ stats.cardsQueue }}
        </section>

+        <section>
+            <Icon v="user-secret"/>
+            Impersonate <button class="btn btn-primary btn-sm" @click="impersonate('example@pronouns.page')">@example</button>
+        </section>
+
        <section v-if="$isGranted('users')">
            <h3>
                <Icon v="siren-on"/>
@ -237,6 +242,13 @@
                    return r;
                });
            },
+            async impersonate(email) {
+                const { token } = await this.$axios.$get(`/admin/impersonate/${encodeURIComponent(email)}`);
+                this.$cookies.set('impersonator', this.$cookies.get('token'));
+                this.$cookies.set('token', token);
+                this.$router.push('/' + this.config.user.route);
+                setTimeout(() => window.location.reload(), 500);
+            },
        },
        computed: {
            profilesByLocale() {
--- a/server/routes/user.js
+++ b/server/routes/user.js
@ -499,4 +499,12 @@ router.get('/user/logout-universal', handleErrorAsync(async (req, res) => {
    return res.json('Token removed');
 }));

+router.get('/admin/impersonate/:email', handleErrorAsync(async (req, res) => {
+    if (!req.isGranted('users') || !['example@pronouns.page'].includes(req.params.email)) {
+        return res.status(401).json({error: 'Unauthorised'});
+    }
+
+    res.json({token: await issueAuthentication(req.db, {email: req.params.email})});
+}));
+
 export default router;