allerta-vvf
/
allerta-vvf
mirror of https://github.com/allerta-vvf/allerta-vvf
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix session handling and token deletion during impersonation

This commit is contained in:
Matteo Gheza 2024-01-10 15:09:31 +01:00
parent 14b8cd7d73
commit 53feb007a1
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
backend/app/Http/Controllers/AuthController.php
View File

@ -118,6 +118,10 @@ class AuthController extends Controller
method_exists($request->user()->currentAccessToken(), 'delete')
) {
$request->user()->currentAccessToken()->delete();
} else {
auth()->guard('api')->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
}
$impersonatedUser = User::find($user);
@ -134,18 +138,29 @@ class AuthController extends Controller
{
$manager = app('impersonate');
$impersonator = User::find($manager->getImpersonatorId());
$impersonatorId = $manager->getImpersonatorId();
$manager->leave();
$manager->clear();
$impersonator = User::find($impersonatorId);
if(
method_exists($request->user(), 'currentAccessToken') &&
method_exists($request->user()->currentAccessToken(), 'delete')
) {
$request->user()->currentAccessToken()->delete();
} else {
auth()->guard('api')->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
}
$token = $impersonator->createToken('auth_token')->plainTextToken;
if($request->input('use_sessions', false)) {
$request->session()->regenerate();
auth()->guard('api')->login($impersonator);
$token = null;
} else {
$token = $impersonator->createToken('auth_token')->plainTextToken;
}
return response()->json([
'access_token' => $token,