Fix user impersonation
This commit is contained in:
parent
a6d3dc0c80
commit
b19baaf8f3
|
@ -16,7 +16,7 @@
|
|||
</template>
|
||||
<template v-else>
|
||||
<div class="px-6">
|
||||
<Loader class="h-4 w-4 inline" />
|
||||
<Loader class="h-4 w-4 inline"/>
|
||||
</div>
|
||||
</template>
|
||||
</button>
|
||||
|
@ -24,18 +24,18 @@
|
|||
</template>
|
||||
|
||||
<script>
|
||||
import { computed } from 'vue'
|
||||
import { useAuthStore } from '../../stores/auth.js';
|
||||
import { useWorkspacesStore } from '../../stores/workspaces.js';
|
||||
import {computed} from 'vue'
|
||||
import {useAuthStore} from '../../stores/auth.js';
|
||||
import {useWorkspacesStore} from '../../stores/workspaces.js';
|
||||
|
||||
export default {
|
||||
setup () {
|
||||
setup() {
|
||||
const authStore = useAuthStore()
|
||||
const workspacesStore = useWorkspacesStore()
|
||||
return {
|
||||
authStore,
|
||||
workspacesStore,
|
||||
isImpersonating : computed(() => authStore.isImpersonating),
|
||||
isImpersonating: computed(() => authStore.isImpersonating),
|
||||
}
|
||||
},
|
||||
|
||||
|
@ -45,16 +45,21 @@ export default {
|
|||
|
||||
computed: {},
|
||||
|
||||
mounted () {},
|
||||
mounted() {
|
||||
},
|
||||
|
||||
methods: {
|
||||
reverseImpersonation () {
|
||||
async reverseImpersonation() {
|
||||
this.loading = true
|
||||
this.authStore.stopImpersonating().then(() => {
|
||||
this.workspacesStore.set([])
|
||||
this.$router.push({ name: 'settings.admin' })
|
||||
this.loading = false
|
||||
})
|
||||
this.authStore.stopImpersonating()
|
||||
|
||||
// Fetch the user.
|
||||
const userData = await opnFetch('user')
|
||||
this.authStore.setUser(userData)
|
||||
const workspaces = await fetchAllWorkspaces()
|
||||
this.workspacesStore.set(workspaces.data.value)
|
||||
this.$router.push({name: 'settings-admin'})
|
||||
this.loading = false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,6 +36,8 @@
|
|||
|
||||
<script setup>
|
||||
import { useRouter } from 'vue-router';
|
||||
import {opnFetch} from "~/composables/useOpnApi.js";
|
||||
import {fetchAllWorkspaces} from "~/stores/workspaces.js";
|
||||
|
||||
definePageMeta({
|
||||
middleware: "admin"
|
||||
|
@ -51,30 +53,31 @@ const router = useRouter()
|
|||
let form = useForm({
|
||||
identifier: ''
|
||||
})
|
||||
let loading = false
|
||||
const loading = ref(false)
|
||||
|
||||
const runtimeConfig = useRuntimeConfig()
|
||||
const statsUrl = runtimeConfig.public.apiBase + '/stats'
|
||||
const horizonUrl = runtimeConfig.public.apiBase + '/horizon'
|
||||
|
||||
const impersonate = () => {
|
||||
loading = true
|
||||
loading.value = true
|
||||
authStore.startImpersonating()
|
||||
opnFetch('/admin/impersonate/' + encodeURI(form.identifier)).then(async (data) => {
|
||||
loading = false
|
||||
|
||||
// Save the token.
|
||||
authStore.saveToken(data.token, false)
|
||||
authStore.setToken(data.token, false)
|
||||
|
||||
// Fetch the user.
|
||||
await authStore.fetchUser()
|
||||
const userData = await opnFetch('user')
|
||||
authStore.setUser(userData)
|
||||
const workspaces = await fetchAllWorkspaces()
|
||||
workspacesStore.set(workspaces.data.value)
|
||||
loading.value = false
|
||||
|
||||
// Redirect to the dashboard.
|
||||
workspacesStore.set([])
|
||||
router.push({ name: 'home' })
|
||||
}).catch((error) => {
|
||||
console.error(error)
|
||||
useAlert().error(error.response.data.message)
|
||||
loading = false
|
||||
loading.value = false
|
||||
})
|
||||
}
|
||||
</script>
|
||||
|
|
|
@ -3,6 +3,7 @@ export default defineNitroPlugin(nitroApp => {
|
|||
const routePath = event.node?.req?.url || event.node?.req?.originalUrl
|
||||
// const routePath= event.context.params._
|
||||
if (routePath && !routePath.startsWith('/forms/')) {
|
||||
console.error('Not a form, setting X-Frame-Options', routePath)
|
||||
// Only allow embedding of forms
|
||||
response.headers['X-Frame-Options'] = 'sameorigin'
|
||||
}
|
||||
|
|
|
@ -19,9 +19,8 @@ export const useAuthStore = defineStore('auth', {
|
|||
},
|
||||
// Stop admin impersonation
|
||||
stopImpersonating() {
|
||||
this.token = this.admin_token
|
||||
this.setToken(this.admin_token)
|
||||
this.admin_token = null
|
||||
// TODO: re-fetch user
|
||||
},
|
||||
|
||||
setToken(token) {
|
||||
|
|
Loading…
Reference in New Issue