How to impersonate a user?

pcuci · September 13, 2015, 2:34am

I’m scratching my head as to how I could temporarily borrow a user’s identity (I’m the admin) and use the meteor app as if I was logged in as them.

I want to log in as someone else, without having to know their password

narven · September 13, 2015, 2:45am

You can have a separated login method.

that uses for example an temporary email / hash

you just need to make a route that accepts an email and hash and then find the user with that email / hash and use meteor login with their data.

i think…

narven · September 13, 2015, 2:46am

that feature use is called LoginAs

Steve · September 13, 2015, 9:20am

shock · September 13, 2015, 10:06am

Well, in theory you can copy your current session token to the other user tokens and reconnect DDP.
That way you should be auto-logged as him with your current cookie.

Or make some package which will extend roles and hook into userId() or user() to enable checking if you are admin and you are requesting to act as different user.
I did not look into sources to see if there is entry point for such hook, but accounts core is not something gigantic to look into. As with most of the meteor core code.

nottheaveragecoder · September 13, 2015, 12:23pm

This is how I’m doing it https://dweldon.silvrback.com/impersonating-a-user

jamgold · September 13, 2015, 6:33pm

There is a package gwendall:impersonate

maxhodges · September 14, 2015, 3:28am

yes we used some code from your package (thanks!)

brewhk · February 10, 2016, 2:59pm

Unrelated to this question, but if anyone else reading this is looking for a permanent ‘login as’ feature, we’ve created the brewhk:accounts-admin-password package. This will not revert back to the admin user when you refresh.