Learn how to impersonate users in your Laravel app
Published on by Eric L. Barnes
One of the neat features of Laravel Nova is the ability to impersonate users right from the control panel. This is handy for many reasons, but for me, when you get a bug report or an issue and want to see exactly what the user sees, impersonating them saves lots of time because you can see exactly what they see.
If you'd like to set this up in your Laravel app, the Laravel Impersonate package makes this simple. Here is how to get started.
Step 1. Require and set up the package
Just like all packages, require it with composer:
composer require lab404/laravel-impersonate
Next, open config/app.php
and add it to the providers array:
'providers' => [ // ... Lab404\Impersonate\ImpersonateServiceProvider::class,],
After that, open your Models/User
and add the trait:
use Lab404\Impersonate\Models\Impersonate; class User extends Authenticatable{ use Impersonate;
Step 2. Impersonate Routes
The Laravel Impersonate package includes a few ways to impersonate a user, but I found it easiest to use their routes macro by adding it to your routes/web.php
file.
Route::impersonate();
This gives you a few named routes:
// Where $id is the ID of the user you want to impersonateroute('impersonate', $id) // Or in case of multi guards, you should also add `guardName` (defaults to `web`)route('impersonate', ['id' => $id, 'guardName' => 'admin']) // Generate an URL to leave the current impersonationroute('impersonate.leave')
Step 3. Laravel Blade impersonation usage
With Laravel Impersonate all set up now, you can use a few Blade helpers:
@canImpersonate($guard = null) <a href="{{ route('impersonate', $user->id) }}">Impersonate this user</a>@endCanImpersonate
Then, the reverse:
@impersonating($guard = null) <a href="{{ route('impersonate.leave') }}">Leave impersonation</a>@endImpersonating
Step 4. Advanced set up
One more thing you might want to consider setting up is options to limit who can impersonate other users and which users can be impersonated. On your Models/User
, you can add the following methods:
/** * By default, all users can impersonate anyone * this example limits it so only admins can * impersonate other users */public function canImpersonate(): bool{ return $this->is_admin();} /** * By default, all users can be impersonated, * this limits it to only certain users. */public function canBeImpersonated(): bool{ return ! $this->is_admin();}
Using Impersonate with Laravel Jetstream
While using this package in production with Laravel Jetstream, I had an issue where it would sporadically work, and if you run into issues here, try adding this recommendation to your EventServiceProvider:
public function boot(){ Event::listen(function (TakeImpersonation $event) { session()->put([ 'password_hash_sanctum' => $event->impersonated->getAuthPassword(), ]); }); Event::listen(function (LeaveImpersonation $event) { session()->remove('password_hash_web'); session()->put([ 'password_hash_sanctum' => $event->impersonator->getAuthPassword(), ]); Auth::setUser($event->impersonator); });}
Closing
Overall, the Laravel Impersonate package includes everything you need to easily log in as other users and is a simple way of adding this to your app. If you'd like to learn more about the package and the more advanced features, check out the package, and the read me includes more details.
Eric is the creator of Laravel News and has been covering Laravel since 2012.