Fix session handling and token deletion during impersonation
This commit is contained in:
parent
14b8cd7d73
commit
53feb007a1
|
@ -118,6 +118,10 @@ class AuthController extends Controller
|
||||||
method_exists($request->user()->currentAccessToken(), 'delete')
|
method_exists($request->user()->currentAccessToken(), 'delete')
|
||||||
) {
|
) {
|
||||||
$request->user()->currentAccessToken()->delete();
|
$request->user()->currentAccessToken()->delete();
|
||||||
|
} else {
|
||||||
|
auth()->guard('api')->logout();
|
||||||
|
$request->session()->invalidate();
|
||||||
|
$request->session()->regenerateToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
$impersonatedUser = User::find($user);
|
$impersonatedUser = User::find($user);
|
||||||
|
@ -134,18 +138,29 @@ class AuthController extends Controller
|
||||||
{
|
{
|
||||||
$manager = app('impersonate');
|
$manager = app('impersonate');
|
||||||
|
|
||||||
$impersonator = User::find($manager->getImpersonatorId());
|
$impersonatorId = $manager->getImpersonatorId();
|
||||||
|
|
||||||
$manager->leave();
|
$manager->leave();
|
||||||
|
$manager->clear();
|
||||||
|
$impersonator = User::find($impersonatorId);
|
||||||
|
|
||||||
if(
|
if(
|
||||||
method_exists($request->user(), 'currentAccessToken') &&
|
method_exists($request->user(), 'currentAccessToken') &&
|
||||||
method_exists($request->user()->currentAccessToken(), 'delete')
|
method_exists($request->user()->currentAccessToken(), 'delete')
|
||||||
) {
|
) {
|
||||||
$request->user()->currentAccessToken()->delete();
|
$request->user()->currentAccessToken()->delete();
|
||||||
|
} else {
|
||||||
|
auth()->guard('api')->logout();
|
||||||
|
$request->session()->invalidate();
|
||||||
|
$request->session()->regenerateToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
$token = $impersonator->createToken('auth_token')->plainTextToken;
|
if($request->input('use_sessions', false)) {
|
||||||
|
$request->session()->regenerate();
|
||||||
|
auth()->guard('api')->login($impersonator);
|
||||||
|
$token = null;
|
||||||
|
} else {
|
||||||
|
$token = $impersonator->createToken('auth_token')->plainTextToken;
|
||||||
|
}
|
||||||
|
|
||||||
return response()->json([
|
return response()->json([
|
||||||
'access_token' => $token,
|
'access_token' => $token,
|
||||||
|
|
Loading…
Reference in New Issue