Learn how to effortlessly impersonate users in Laravel with our step-by-step guide. Improve your debugging and user management. Perfect for administrators and developers looking to streamline their workflow.
Preview :
We will skip the fundamentals of user management and concentrate solely on the impersonation process.
Step 1 : Add Routes
We assume you have already implemented the basic functionality for the user list.
Now, let's move on to the two routes for the impersonation process. Open your 'web.php' file and add these routes.
use App\Http\Controllers\UserController;
Route::get('impersonate/{id}', [UserController::class, 'impersonate'])->name('user.impersonate');
Route::get('stop-impersonating', [UserController::class, 'stopImpersonate'])->name('stop-impersonating');Step 2 : Add Impersonate Function
Open 'UserController' and begin working on the 'impersonate' function.
use App\Models\User;
use Illuminate\Support\Facades\Crypt;
public function impersonate($id)
{
// Find the user to be impersonated using the provided ID.
$user = User::find($id);
// Get the currently authenticated (logged-in) user.
$authUser = auth()->user();
// Encrypt the ID of the currently authenticated user for security.
$cryptId = Crypt::encrypt($authUser->id);
// Log out the currently authenticated user to start impersonation.
auth()->logout();
// Store the encrypted ID of the original user in the session
// so it can be used to revert back after impersonation.
session()->put('impersonate', $cryptId);
// Log in as the impersonated user.
auth()->login($user);
// Redirect the now impersonating user to the 'home' page.
return redirect('home');
}Step 3 : Add Start Impersonate Button
Open your user list blade file and add an impersonate button to initiate impersonation. Ensure you include a condition to prevent the authenticated user from seeing the impersonate button for their own account.
@if($user->id != auth()->id())
<a href="{{ route('user.impersonate',$user->id) }}" class="btn btn-sm btn-danger">
Impersonate
</a>
@endifStep 4 : Add Stop Impersonate Button
Open your master blade file and add a "Stop Impersonate" button to the top navbar, ensuring it is visible on all pages. A setup similar to this should work well.
My master blade file is named 'app.blade.php', and it might differ from your design. Feel free to copy the code below and adjust it to fit your specific design.
<div class="text-center">
@if(!empty(session()->get('impersonate')))
<span>Impersonating : {{ auth()->user()->name }}</span>
<a href="{{ route('stop-impersonating') }}" class="text-danger">
<i class="far fa-stop-circle"></i>
</a>
@endif
</div>Step 5 : Add Stop Impersonate Function
Open 'UserController' and begin working on the 'stopImpersonate' function.
public function stopImpersonate()
{
// Retrieve the encrypted original user's ID from the session and decrypt it.
$user_id = Crypt::decrypt(session()->get('impersonate'));
// Find the original user in the database using the decrypted ID.
$user = User::find($user_id);
// Log out the currently impersonated user.
auth()->logout();
// Remove the 'impersonate' session data to end impersonation.
session()->forget('impersonate');
// Log back in as the original user.
auth()->login($user);
// Redirect the original user to the specified route, in this case, 'user.index'.
return redirect()->route('user.index');
}