Fix user impersonation

This commit is contained in:
Julien Nahum 2024-01-16 11:23:16 +01:00
parent a6d3dc0c80
commit b19baaf8f3
4 changed files with 32 additions and 24 deletions

View File

@ -45,16 +45,21 @@ export default {
computed: {}, computed: {},
mounted () {}, mounted() {
},
methods: { methods: {
reverseImpersonation () { async reverseImpersonation() {
this.loading = true this.loading = true
this.authStore.stopImpersonating().then(() => { this.authStore.stopImpersonating()
this.workspacesStore.set([])
this.$router.push({ name: 'settings.admin' }) // Fetch the user.
const userData = await opnFetch('user')
this.authStore.setUser(userData)
const workspaces = await fetchAllWorkspaces()
this.workspacesStore.set(workspaces.data.value)
this.$router.push({name: 'settings-admin'})
this.loading = false this.loading = false
})
} }
} }
} }

View File

@ -36,6 +36,8 @@
<script setup> <script setup>
import { useRouter } from 'vue-router'; import { useRouter } from 'vue-router';
import {opnFetch} from "~/composables/useOpnApi.js";
import {fetchAllWorkspaces} from "~/stores/workspaces.js";
definePageMeta({ definePageMeta({
middleware: "admin" middleware: "admin"
@ -51,30 +53,31 @@ const router = useRouter()
let form = useForm({ let form = useForm({
identifier: '' identifier: ''
}) })
let loading = false const loading = ref(false)
const runtimeConfig = useRuntimeConfig() const runtimeConfig = useRuntimeConfig()
const statsUrl = runtimeConfig.public.apiBase + '/stats' const statsUrl = runtimeConfig.public.apiBase + '/stats'
const horizonUrl = runtimeConfig.public.apiBase + '/horizon' const horizonUrl = runtimeConfig.public.apiBase + '/horizon'
const impersonate = () => { const impersonate = () => {
loading = true loading.value = true
authStore.startImpersonating() authStore.startImpersonating()
opnFetch('/admin/impersonate/' + encodeURI(form.identifier)).then(async (data) => { opnFetch('/admin/impersonate/' + encodeURI(form.identifier)).then(async (data) => {
loading = false
// Save the token. // Save the token.
authStore.saveToken(data.token, false) authStore.setToken(data.token, false)
// Fetch the user. // Fetch the user.
await authStore.fetchUser() const userData = await opnFetch('user')
authStore.setUser(userData)
const workspaces = await fetchAllWorkspaces()
workspacesStore.set(workspaces.data.value)
loading.value = false
// Redirect to the dashboard.
workspacesStore.set([])
router.push({ name: 'home' }) router.push({ name: 'home' })
}).catch((error) => { }).catch((error) => {
console.error(error)
useAlert().error(error.response.data.message) useAlert().error(error.response.data.message)
loading = false loading.value = false
}) })
} }
</script> </script>

View File

@ -3,6 +3,7 @@ export default defineNitroPlugin(nitroApp => {
const routePath = event.node?.req?.url || event.node?.req?.originalUrl const routePath = event.node?.req?.url || event.node?.req?.originalUrl
// const routePath= event.context.params._ // const routePath= event.context.params._
if (routePath && !routePath.startsWith('/forms/')) { if (routePath && !routePath.startsWith('/forms/')) {
console.error('Not a form, setting X-Frame-Options', routePath)
// Only allow embedding of forms // Only allow embedding of forms
response.headers['X-Frame-Options'] = 'sameorigin' response.headers['X-Frame-Options'] = 'sameorigin'
} }

View File

@ -19,9 +19,8 @@ export const useAuthStore = defineStore('auth', {
}, },
// Stop admin impersonation // Stop admin impersonation
stopImpersonating() { stopImpersonating() {
this.token = this.admin_token this.setToken(this.admin_token)
this.admin_token = null this.admin_token = null
// TODO: re-fetch user
}, },
setToken(token) { setToken(token) {