Package Data | |
---|---|
Maintainer Username: | imanghafoori1 |
Maintainer Contact: | imanghafoori1@gmail.com (Iman Ghafoori) |
Package Create Date: | 2018-05-16 |
Package Last Update: | 2024-06-26 |
Home Page: | |
Language: | PHP |
License: | MIT |
Last Refreshed: | 2024-12-15 15:20:09 |
Package Statistics | |
---|---|
Total Downloads: | 170,781 |
Monthly Downloads: | 3,610 |
Daily Downloads: | 71 |
Total Stars: | 365 |
Total Watchers: | 13 |
Total Forks: | 29 |
Total Open Issues: | 4 |
Helps you set a master password in .env file and login into any account with that, to impersonate your users.
This means that each account will have 2 valid passwords. The original one and the master password.
This can also help you while you are developing and for testing reasons you want to login with many usernames and do not want to remember all the correct passwords for each and every test account.
composer require imanghafoori/laravel-masterpass
Compatible with laravel version 5.5 and above.
Then, do not forget to run:
php artisan vendor:publish --tag=master_password
The only thing you should do is to put your master password in the .env
(or config/master_password.php
) file:
MASTER_PASSWORD=mySecretMasterPass
Or you can put the hashed version of the password here to hide it from stealing eyes. :eyes:
MASTER_PASSWORD=$2y$10$vMAcHBzLck9YDWjEwBN9pelWg5RgZfjwoayqggmy41eeqTLGq59gS
Both of the options will work just fine.
config/master_password.php
file, this package will be totally disabled and will do nothing.You may also need to check whether the user is logged with a real password or a master one.
$bool = Auth::isLoggedInByMasterPass();
Or in blade files :
@if(Auth::isLoggedInByMasterPass())
Your are here by master password.
@endif
If you want to store your master password in the database and not in the config or .env file then :
\Event::listen('masterPass.whatIsIt?', function ($user, $credentials) {
return DB::table(...;
});
Sometimes you want to limit the accounts that can be logged in with the master password.
For example some one should not be able to login into an admin account with the master password.
In that case, you can listen to the 'masterPass.canBeUsed?' event and check your conditions and return false
from it.
Sample :
public function boot () {
// This will prevent someone login to an admin account with master password.
\Event::listen('masterPass.canBeUsed?', function ($user, $credentials) {
if ($user->isAdmin) {
return false;
}
});
}
Here the $user
variable is referring to the user which the credentials relates to.
To be really secure and sleep better at night, You may only allow admin users with special privileges to use the master password.
That way, they have to login as admin first and only then, use master password to login into a normal user account.
public function boot () {
// This will authorize the user before he can login into an account with master pass.
\Event::listen('masterPass.canBeUsed?', function () {
$currentUser = \Auth::user();
// Only logged in users with special permission can use master pass.
if (is_null($currentUser) or ! $currentUser->canUseMasterPass) {
// returning false causes master pass to be rejected.
return false;
}
});
}
Yes, as long as you keep your user provider as what laravel provides out of the box this will work.
Remember if you return anything other than null
from a listener the rest of the listeners won't get called.
So if you want to continue the checking process return null
.
If you discover any security related issues, please email imanghafoori1@gmail.com instead of using the issue tracker.
As always if you found this package useful and you want to encourage us to maintain and work on it, Please press the star button
to declare your willing.
:gem: A minimal yet powerful package to give you opportunity to refactor your controllers.
:gem: A minimal yet powerful package to give a better structure and caching opportunity for your laravel apps.
:gem: It allows you login with any password in local environment only.
:gem: Authorization and ACL is now very easy with hey-man package !!!