How to impersonate a user?


#1

I’m scratching my head as to how I could temporarily borrow a user’s identity (I’m the admin) and use the meteor app as if I was logged in as them.

I want to log in as someone else, without having to know their password


#2

You can have a separated login method.

that uses for example an temporary email / hash

you just need to make a route that accepts an email and hash and then find the user with that email / hash and use meteor login with their data.

i think… :stuck_out_tongue:


#3

that feature use is called LoginAs :stuck_out_tongue:


#4

#5

Well, in theory you can copy your current session token to the other user tokens and reconnect DDP.
That way you should be auto-logged as him with your current cookie.

Or make some package which will extend roles and hook into userId() or user() to enable checking if you are admin and you are requesting to act as different user.
I did not look into sources to see if there is entry point for such hook, but accounts core is not something gigantic to look into. As with most of the meteor core code.


#6

This is how I’m doing it https://dweldon.silvrback.com/impersonating-a-user


#7

There is a package gwendall:impersonate


#8

yes we used some code from your package (thanks!)


#9

Unrelated to this question, but if anyone else reading this is looking for a permanent ‘login as’ feature, we’ve created the brewhk:accounts-admin-password package. This will not revert back to the admin user when you refresh.