Laravel package to easily login as other users during development.

Related tags

Authentication and Authorization debugging laravel authentication laravel-5-package
Overview

Demonstration

Licence: MIT

A Laravel 5.4 utility package to enable developers to log in as other users during development.

Installation

To install the package, simply follow the steps below.

Install the package using Composer:

$ composer require viacreative/sudo-su

Add the package's service provider to your app in your project's AppServiceProvider:

class AppServiceProvider extends ServiceProvider
{
    public function register()
    {
        if (config('app.debug')) {
            $this->app->register('VIACreative\SudoSu\ServiceProvider');
        }
    }
}

⚠️ Warning: You should not register the provider globally like usual in the config/app.php file. View the disclaimer here for more information.

Include the partial in your layout file.

@if (config('app.debug'))
    @include('sudosu::user-selector')
@endif

Finally, publish the package's assets (the package won't work without this):

$ php artisan vendor:publish

Config

After running vendor:publish, a config file called sudosu.php should appear in your project. Within here, there are two configuration values:

sudosu.allowed_tlds array

By default, the package will disable itself on any domains that don't have a TLD of .dev or .local. This is a security measure to reduce the risk of accidentally enabling the package in production. If you have a different TLD in development, you can edit the config option sudosu.allowed_tlds.

sudosu.user_model string

The path to the application User model. This will be used to retrieve the users displayed in the select dropdown. This must be an Eloquent Model instance. This is set to App\User by default.

Disclaimer - DANGER!

This package can pose a serious security issue if used incorrectly, as anybody will be able to take control of any user's account. Please ensure that the service provider is only registered when the app is in a debug/local environment.

By default, the package will disable itself on any domains that don't have a TLD of .dev or .local. This is a security measure to reduce the risk of accidentally enabling the package in production. If you have a different TLD in development, you can edit the config option sudosu.allowed_tlds.

By using this package, you agree that VIA Creative and the contributors of this package cannot be held responsible for any damages caused by using this package.

Comments
  • Undefined variable: hasSudoed

    Undefined variable: hasSudoed

    Problem

    I just installed this in my Laravel project & I get Undefined variable: hasSudoed the button seems to be down on the right & is working.

    Versions

    Laravel 5.4 viacreative/sudo-su 1.0

    opened by dragonfire1119 6
  • Custom Display Attributes

    Custom Display Attributes

    It was for me not clear which role a user has. This PR makes it possible to overwrite the default name that's display in the select-form. In my case I created an attribute in my User model and referred to that one instead of the name.

    public function getSudosuAttribute()
    {
        return implode(' ', [$this->name, $this->role->group]);
    }
    opened by Jaspur 4
  • Can I only enable the package for admins?

    Can I only enable the package for admins?

    how register Provider for only one user without APP_DEBUG?

    class AppServiceProvider extends ServiceProvider
{
    public function register()
    {
        if (env('APP_DEBUG')) {
            $this->app->register('VIACreative\SudoSu\ServiceProvider');
        }
    }
}

    @if (Auth::check() && Auth::user()->id == 1)
    @include('sudosu::user-selector')
@endif
    question 
    opened by Barmunksu 4
  • Content being injected outside of <html> tag

    Content being injected outside of tag

    The content is being injected outside of the html tag.

    I think it might be better to simply let the user include a partial in their layout file, instead of automatically injecting the HTML into the response. This would also fix the issue of the partial being injected into api requests. So for example:

    @include('sudosu::selector')

    This way you can decide what pages you want it to display on, and all it requires is a little extra setup. (Adding one line to your layout file)

    opened by krve 4
  • Fix html being injected into all responses

    Fix html being injected into all responses

    This caused API calls to have the html returned after the json. Example:

    1. I make an ajax request to /api/user
    2. It returns the user, directly followed by the html for the user-selector.

    image

    This should fix the issue by checking if the request expects json.

    opened by krve 4
  • Cache route will cause

    Cache route will cause "Route [sudosu.login_as_user] not defined."

    Dear author @mrterryh,

    As the title mentioned, if I cached the route, it showed "Route [sudosu.login_as_user] not defined." If I use php artisan route:clear to clear the route cache, it can work functionally.

    I search for the related issue in this repository with no result, so I open this issue to look for the answer. Please give me some hints if I didn't set my environment correctly.

    opened by TingSyuanWang 1
  • Bump elliptic from 6.4.0 to 6.5.3

    Bump elliptic from 6.4.0 to 6.5.3

    Bumps elliptic from 6.4.0 to 6.5.3.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • css class 'hidden' conflicts with tailwindcss

    css class 'hidden' conflicts with tailwindcss

    the hidden class defined in sudosu classes makes the following div stay hidden nomatter what screen sizes you are on:

    <div class="hidden sm:block">Hide me on small screens only</div>
    opened by michaelgatuma 0
  • Bump marked from 0.3.6 to 0.3.19

    Bump marked from 0.3.6 to 0.3.19

    Bumps marked from 0.3.6 to 0.3.19.

    Release notes

    Sourced from marked's releases.

    0.3.18 minified required new release

    0.3.18 did not have changes to min.

    Minor fixes and updated docs

    • Supported Markdown flavors: CommonMark 0.28 and GitHub Flavored Markdown 0.28
    • Updates to our CI pipeline; we're all green! #1098 with the caveat that there is a test that needs to get sorted (help us out #1092)
    • Start ordered lists using the initial numbers from markdown lists (#1144)
    • Added GitHub Pages site for documentation https://marked.js.org/ (#1138)

    Processes and tools

    • The elephant in the room: A security vulnerability was discovered and fixed. Please note, if something breaks due to these changes, it was not our intent, and please let us know by submitting a PR or issue to course correct (the nature of the zero-major release and having security as a number one priority) #1083
    • The other elephant in the room: We missed publishing a 0.3.16 release to GitHub; so, trying to make up for that a bit.
    • Updates to the project documentation and operations, you should check it out, just start with the README and you should be good.
    • New release PR template available #1076
    • Updates to default PR and Issue templates #1076
    • Lint checks + tests + continuous integration using Travis #1020
    • Updated testing output #1085 & #1087

    Fix capturing parens

    Fixes unintended breaking change from v0.3.14

    New year, new home

    • Marked has a new home under the MarkedJS org! Other advances soon to come.
    • Updated minifier.
    • Various parser fixes

    New Year, new Marked!

    • Addresses issue where some users might not have been able to update due to missing use strict #991
    • Parser fix #977
    • New way to perform tests with options and running individual tests #1002
    • Improved test cases
    • Improved links

    Merry XSSmas

    We think with this version we have addressed most, if not all, known security vulnerabilities. If you find more, please let us know.

    XSS

    Should fix XSS issue discovered.

    Commits
    Maintainer changes

    This version was pushed to npm by amidknight, a new releaser for marked since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump hosted-git-info from 2.2.0 to 2.8.9

    Bump hosted-git-info from 2.2.0 to 2.8.9

    Bumps hosted-git-info from 2.2.0 to 2.8.9.

    Changelog

    Sourced from hosted-git-info's changelog.

    2.8.9 (2021-04-07)

    Bug Fixes

    2.8.8 (2020-02-29)

    Bug Fixes

    • #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

    2.8.7 (2020-02-26)

    Bug Fixes

    • Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
    • Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

    2.8.6 (2020-02-25)

    2.8.5 (2019-10-07)

    Bug Fixes

    • updated pathmatch for gitlab (e8325b5), closes #51
    • updated pathmatch for gitlab (ffe056f)

    2.8.4 (2019-08-12)

    ... (truncated)

    Commits
    • 8d4b369 chore(release): 2.8.9
    • 29adfe5 fix: backport regex fix from #76
    • afeaefd chore(release): 2.8.8
    • 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
    • 7440afa chore(release): 2.8.7
    • 2d0bb66 fix: Do not attempt to use url.URL when unavailable
    • f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
    • e1b83df chore(release): 2.8.6
    • ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
    • 624fd6f chore(release): 2.8.5
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump y18n from 3.2.1 to 3.2.2

    Bump y18n from 3.2.1 to 3.2.2

    Bumps y18n from 3.2.1 to 3.2.2.

    Commits
    Maintainer changes

    This version was pushed to npm by oss-bot, a new releaser for y18n since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump elliptic from 6.4.0 to 6.5.4

    Bump elliptic from 6.4.0 to 6.5.4

    Bumps elliptic from 6.4.0 to 6.5.4.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump ini from 1.3.4 to 1.3.7

    Bump ini from 1.3.4 to 1.3.7

    Bumps ini from 1.3.4 to 1.3.7.

    Commits
    Maintainer changes

    This version was pushed to npm by isaacs, a new releaser for ini since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Releases(1.1.0)

  • 1.1.0(Mar 23, 2017)

    This release removes alters the behaviour of the package to no longer inject the Sudo Su mark-up and assets into every request.

    Instead, a partial should be included into your application's layout:

    @if (env('APP_DEBUG'))
    @include('sudosu::user-selector')
@endif
    Source code(tar.gz)
    Source code(zip)

  • 1.0.0(Mar 14, 2017)

Owner
VIA Creative
Digital agency based in the UK
VIA Creative
GitHub
PermissionsMakr is a Laravel package that will help any developer to easily manage the system's users permissions

PermissionsMakr is a Laravel package that will help any developer to easily manage the system's users permissions

Alvarium Digital 3 Nov 30, 2021
It's authorization form, login button handler and login to your personal account, logout button

Authorization-form It's authorization form, login button handler and login to your personal account, logout button Each file is: header.php - html-fil

Galina 2 Nov 2, 2021
A Laravel 5 package for OAuth Social Login/Register implementation using Laravel socialite and (optionally) AdminLTE Laravel package

laravel-social A Laravel 5 package for OAuth Social Login/Register implementation using Laravel socialite and (optionally) AdminLTE Laravel package. I

Sergi Tur Badenas 42 Nov 29, 2022
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

Apereo Foundation 780 Dec 24, 2022
A minimal package that helps you login with any password on local environments

Laravel Anypass Built with ❤️ for every "lazy" laravel developer ;) It is always painful to remember and type in the correct password in the login for

Iman 208 Jan 1, 2023
This package helps you to associate users with permissions and permission groups with laravel framework

Laravel ACL This package allows you to manage user permissions and groups in a database, and is compatible with Laravel v5.8 or higher. Please check t

Mateus Junges 537 Dec 28, 2022
PHP package built for Laravel 5.* to easily handle a user email verification and validate the email

jrean/laravel-user-verification is a PHP package built for Laravel 5.* & 6.* & 7.* & 8.* to easily handle a user verification and validate the e-mail.

Jean Ragouin 802 Dec 29, 2022
Braindead simple social login with Laravel and Eloquent.

Important: This package is not actively maintained. For bug fixes and new features, please fork. Eloquent OAuth Use the Laravel 4 wrapper for easy int

Adam Wathan 374 Dec 21, 2022
Login Using Laravel UI

Projeto Laravel utilizando a biblioteca Laravel UI para autenticação de usuários com Username e Senha.

AlexLeonel 2 Oct 27, 2021
Login & Register using laravel 8

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Georgy Octavianus Fernando 1 Nov 16, 2021
A simple, safe magic login link generator for Laravel

Laravel Passwordless Login A simple, safe magic login link generator for Laravel This package provides a temporary signed route that logs in a user. W

gro.sv 689 Dec 25, 2022
Login SV Authentication for Laravel.

Autenticación LoginSV para Laravel. Instalación Instalar el paquete usando el siguiente comando, composer require leolopez/loginsv Registrar el prove

null 2 Apr 16, 2022
Instantly login as user via a single button tap on dev environments.

Getting tired of always entering login details in local dev environments? This package adds a button to instantly login a user! Installation You can i

Quinten Buis 3 Feb 18, 2022
A whitelabeled and modernized wp-login.php

Modern Login Here lives a simple mu-plugin to whitelabel and modernize wp-login.php. No admin panels, no bloat – just a simple filter to optionally cu

Brandon 65 Dec 22, 2022
Un proyecto que crea una API de usuarios para registro, login y luego acceder a su información mediante autenticación con JSON Web Token

JSON WEB TOKEN CON LARAVEL 8 Prueba de autenticación de usuarios con una API creada en Laravel 8 Simple, fast routing engine. License The Laravel fram

Yesser Miranda 2 Oct 10, 2021
User registration and login form with validations and escapes for total security made with PHP.

Login and Sign Up with PHP User registration and login form with validations and escapes for total security made with PHP. Validations Required fields

Alexander Pérez 2 Jan 26, 2022
Register ,Login , Logout , having access control

Helo what's up dude read by the name of creator lov3yp :D This script is inspired by Lov3yp#2018 And Burak karahan Installation steps: !- Import the s

Lov3yp 2 Nov 1, 2021
A complete Login and Register page using a Mysql Database and php

Login With Mysql A complete Login and Register page using a Mysql Database ?? Built with ⚙️ ?? Description A login with Frontend, Backend and Database

Marc Medrano 1 Nov 5, 2021
PHP Login and Registration Script

dj_login PHP Login and Registration Script To function this script requires you put your MySQL info into both login.php and register.php, and have the

djsland.com 1 Nov 16, 2021