Fix user impersonation

This commit is contained in:
Julien Nahum 2024-01-16 11:23:16 +01:00
parent a6d3dc0c80
commit b19baaf8f3
4 changed files with 32 additions and 24 deletions

View File

@ -16,7 +16,7 @@
</template>
<template v-else>
<div class="px-6">
<Loader class="h-4 w-4 inline" />
<Loader class="h-4 w-4 inline"/>
</div>
</template>
</button>
@ -24,18 +24,18 @@
</template>
<script>
import { computed } from 'vue'
import { useAuthStore } from '../../stores/auth.js';
import { useWorkspacesStore } from '../../stores/workspaces.js';
import {computed} from 'vue'
import {useAuthStore} from '../../stores/auth.js';
import {useWorkspacesStore} from '../../stores/workspaces.js';
export default {
setup () {
setup() {
const authStore = useAuthStore()
const workspacesStore = useWorkspacesStore()
return {
authStore,
workspacesStore,
isImpersonating : computed(() => authStore.isImpersonating),
isImpersonating: computed(() => authStore.isImpersonating),
}
},
@ -45,16 +45,21 @@ export default {
computed: {},
mounted () {},
mounted() {
},
methods: {
reverseImpersonation () {
async reverseImpersonation() {
this.loading = true
this.authStore.stopImpersonating().then(() => {
this.workspacesStore.set([])
this.$router.push({ name: 'settings.admin' })
this.loading = false
})
this.authStore.stopImpersonating()
// Fetch the user.
const userData = await opnFetch('user')
this.authStore.setUser(userData)
const workspaces = await fetchAllWorkspaces()
this.workspacesStore.set(workspaces.data.value)
this.$router.push({name: 'settings-admin'})
this.loading = false
}
}
}

View File

@ -36,6 +36,8 @@
<script setup>
import { useRouter } from 'vue-router';
import {opnFetch} from "~/composables/useOpnApi.js";
import {fetchAllWorkspaces} from "~/stores/workspaces.js";
definePageMeta({
middleware: "admin"
@ -51,30 +53,31 @@ const router = useRouter()
let form = useForm({
identifier: ''
})
let loading = false
const loading = ref(false)
const runtimeConfig = useRuntimeConfig()
const statsUrl = runtimeConfig.public.apiBase + '/stats'
const horizonUrl = runtimeConfig.public.apiBase + '/horizon'
const impersonate = () => {
loading = true
loading.value = true
authStore.startImpersonating()
opnFetch('/admin/impersonate/' + encodeURI(form.identifier)).then(async (data) => {
loading = false
// Save the token.
authStore.saveToken(data.token, false)
authStore.setToken(data.token, false)
// Fetch the user.
await authStore.fetchUser()
const userData = await opnFetch('user')
authStore.setUser(userData)
const workspaces = await fetchAllWorkspaces()
workspacesStore.set(workspaces.data.value)
loading.value = false
// Redirect to the dashboard.
workspacesStore.set([])
router.push({ name: 'home' })
}).catch((error) => {
console.error(error)
useAlert().error(error.response.data.message)
loading = false
loading.value = false
})
}
</script>

View File

@ -3,6 +3,7 @@ export default defineNitroPlugin(nitroApp => {
const routePath = event.node?.req?.url || event.node?.req?.originalUrl
// const routePath= event.context.params._
if (routePath && !routePath.startsWith('/forms/')) {
console.error('Not a form, setting X-Frame-Options', routePath)
// Only allow embedding of forms
response.headers['X-Frame-Options'] = 'sameorigin'
}

View File

@ -19,9 +19,8 @@ export const useAuthStore = defineStore('auth', {
},
// Stop admin impersonation
stopImpersonating() {
this.token = this.admin_token
this.setToken(this.admin_token)
this.admin_token = null
// TODO: re-fetch user
},
setToken(token) {