Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User is logged out when ending impersonation #10772

Closed
duncanmcclean opened this issue Sep 6, 2024 · 2 comments · Fixed by #10780
Closed

User is logged out when ending impersonation #10772

duncanmcclean opened this issue Sep 6, 2024 · 2 comments · Fixed by #10780

Comments

@duncanmcclean
Copy link
Member

Bug description

Recently, I've noticed that when I stop impersonating a user, I'm now logged out, instead of being redirected back to the Control Panel.

If I was to guess, I think #10548 might have caused it. It started happening around that time and the changes in that PR would make sense.

How to reproduce

  1. Login to the Control Panel as a super user
  2. Go to "Users" and impersonate another user
  3. Click on your profile picture on the top right of the CP and click "Stop Impersonation"
  4. You'll end up on the login page, rather than in the CP

Logs

N/A

Environment

Environment
Application Name: xxx
Laravel Version: 11.22.0
PHP Version: 8.3.10
Composer Version: 2.7.7
Environment: local
Debug Mode: ENABLED
URL: xxx.test
Maintenance Mode: OFF
Timezone: Europe/London
Locale: en

Cache
Config: NOT CACHED
Events: NOT CACHED
Routes: NOT CACHED
Views: NOT CACHED

Drivers
Broadcasting: log
Cache: file
Database: mysql
Logs: stack / single
Mail: smtp
Queue: sync
Session: file

Livewire
Livewire: v3.5.6

Statamic
Addons: 4
Sites: 6 (xxx)
Stache Watcher: Enabled
Static Caching: Disabled
Version: 5.24.0 PRO

Statamic Addons
duncanmcclean/static-cache-manager: 4.0.0
edalzell/forma: 3.0.1
jonassiewertsen/statamic-livewire: 3.6.0
silentz/akismet: 5.0

Installation

Fresh statamic/statamic site via CLI

Additional details

No response
@925dk
Copy link
Contributor

925dk commented Sep 7, 2024
edited
Loading

I think this happens because the ImpersonationController which implements stop-impersonate does not include the AuthenticateSession middleware. And so AuthenticateSession::storePasswordHashInSession($request) never get's called (after re-login as self), and so the session pw hash becomes the wrong one and causes logout after redirect.

I don't know enough about Statamic/Laravel to know the best fix. But moving the stop-impersonate route to the statamic.cp.authenticated group, which has the middleware, seems to resolve the issue for me. I guess alternatively have the controller explicitly include it.

@duncanmcclean duncanmcclean mentioned this issue Sep 9, 2024
Merged
@duncanmcclean
Copy link
Member Author

Thanks for looking into it, @925dk!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[5.x] Prevent user from being logged out when ending impersonation statamic/cms
2 participants
@925dk @duncanmcclean