Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid sessions when impersonate a user for the second time using Laravel Jetstream and Laravel Nova with custom auth providers #6082

Closed
michaelbeers opened this issue Dec 1, 2023 · 4 comments
Closed

Invalid sessions when impersonate a user for the second time using Laravel Jetstream and Laravel Nova with custom auth providers #6082

michaelbeers opened this issue Dec 1, 2023 · 4 comments
Labels
needs more info More information is required

Comments

@michaelbeers
Copy link

  • Laravel Version: 10.33.0
  • Nova Version: 4.32.2
  • PHP Version: 8.1 or higher

Description:

When trying to impersonate a user within Jetstream for the second time, all sessions will be deleted.

A quick fix is by deleting the password_hash_sactum session manually on the StoppedImpersonating event:

Event::listen(StoppedImpersonating::class, function ($event) {
    Session::forget('password_hash_sanctum');

    logger("User {$event->impersonator->name} stopped impersonating {$event->impersonated->name}");
});

Detailed steps to reproduce the issue on a fresh Nova installation:

  • Create a clean installation of Laravel Jetstream + Laravel Nova
  • Create a custom provider for nova within the auth.php config file
'guards' => [
    ...,
    'nova' => [
        'driver' => 'session',
        'provider' => 'administrators',
    ],
],
'providers' => [
    ...,
    'administrators' => [
        'driver' => 'eloquent',
        'model' => Administrator::class,
    ],
],
  • Use and configure the Impersonatable trait for the Authenticatable models
  • Impersonate to a Authenticatable
    • Because Jetstream is using Laravel Sanctum the password_hash_sanctum session will be created
  • Navigate to any page where the auth:sanctum middleware is set
  • Everything is OK
  • Stop Impersonate to the Authenticatable
    • The password_hash_sanctum will not be deleted automatically now
  • Navigate to any page where the auth:sanctum middleware is set
  • Because Jetstream is using sanctum under the hood the password_hash_sanctum is invalid and all session keys will be deleted and you are not able to impersonate and you will be logged out from Nova aswel
@crynobone
Copy link
Member

Unable to reproduce the issue, please provide full reproducing repository based on fresh installation as suggested in the bug report template (or you can refer to https://github.com/nova-issues for example)

@crynobone crynobone added the needs more info More information is required label Dec 1, 2023
@benmag
Copy link

benmag commented Dec 8, 2023
edited
Loading

I was running into the same/similar issue.

This solution worked for me:
#3894 (comment)

@SimeonDominiq
Copy link

I was running into the same/similar issue.

This solution worked for me: #3894 (comment)

Thank you @benmag

@crynobone
Copy link
Member

Hi there, this issue has been marked as fixed and done based on above description, reproducing code and test done on our side. If you still have a problem please create a New Issue with full description on how to reproduce the issue based on your use case.

@crynobone crynobone closed this as not planned Won't fix, can't repro, duplicate, stale Dec 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs more info More information is required
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@crynobone @michaelbeers @benmag @SimeonDominiq