allerta-vvf
/
allerta-vvf
mirror of https://github.com/allerta-vvf/allerta-vvf
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix session handling and token deletion during impersonation

This commit is contained in:
Matteo Gheza 2024-01-10 15:09:31 +01:00
parent 14b8cd7d73
commit 53feb007a1
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
backend/app/Http/Controllers/AuthController.php
View File

@ -118,6 +118,10 @@ class AuthController extends Controller
method_exists($request->user()->currentAccessToken(), 'delete') method_exists($request->user()->currentAccessToken(), 'delete')
) { ) {
$request->user()->currentAccessToken()->delete(); $request->user()->currentAccessToken()->delete();
} else {
auth()->guard('api')->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
} }
$impersonatedUser = User::find($user); $impersonatedUser = User::find($user);
@ -134,18 +138,29 @@ class AuthController extends Controller
{ {
$manager = app('impersonate'); $manager = app('impersonate');
$impersonator = User::find($manager->getImpersonatorId()); $impersonatorId = $manager->getImpersonatorId();
$manager->leave(); $manager->leave();
$manager->clear();
$impersonator = User::find($impersonatorId);
if( if(
method_exists($request->user(), 'currentAccessToken') && method_exists($request->user(), 'currentAccessToken') &&
method_exists($request->user()->currentAccessToken(), 'delete') method_exists($request->user()->currentAccessToken(), 'delete')
) { ) {
$request->user()->currentAccessToken()->delete(); $request->user()->currentAccessToken()->delete();
} else {
auth()->guard('api')->logout();
$request->session()->invalidate();
$request->session()->regenerateToken();
} }
$token = $impersonator->createToken('auth_token')->plainTextToken; if($request->input('use_sessions', false)) {
$request->session()->regenerate();
auth()->guard('api')->login($impersonator);
$token = null;
} else {
$token = $impersonator->createToken('auth_token')->plainTextToken;
}
return response()->json([ return response()->json([
'access_token' => $token, 'access_token' => $token,