Fix user impersonation

client/components/tools/StopImpersonation.vue

@@ -16,7 +16,7 @@
       </template>
       <template v-else>
         <div class="px-6">
-          <Loader class="h-4 w-4 inline" />
+          <Loader class="h-4 w-4 inline"/>
         </div>
       </template>
     </button>
@@ -24,18 +24,18 @@
 </template>
 
 <script>
-import { computed } from 'vue'
+import {computed} from 'vue'
-import { useAuthStore } from '../../stores/auth.js';
+import {useAuthStore} from '../../stores/auth.js';
-import { useWorkspacesStore } from '../../stores/workspaces.js';
+import {useWorkspacesStore} from '../../stores/workspaces.js';
 
 export default {
-  setup () {
+  setup() {
     const authStore = useAuthStore()
     const workspacesStore = useWorkspacesStore()
     return {
       authStore,
       workspacesStore,
-      isImpersonating : computed(() => authStore.isImpersonating),
+      isImpersonating: computed(() => authStore.isImpersonating),
     }
   },
 
@@ -45,16 +45,21 @@ export default {
 
   computed: {},
 
-  mounted () {},
+  mounted() {
+  },
 
   methods: {
-    reverseImpersonation () {
+    async reverseImpersonation() {
       this.loading = true
-      this.authStore.stopImpersonating().then(() => {
+      this.authStore.stopImpersonating()
-          this.workspacesStore.set([])
+
-          this.$router.push({ name: 'settings.admin' })
+      // Fetch the user.
+      const userData = await opnFetch('user')
+      this.authStore.setUser(userData)
+      const workspaces = await fetchAllWorkspaces()
+      this.workspacesStore.set(workspaces.data.value)
+      this.$router.push({name: 'settings-admin'})
       this.loading = false
-        })
     }
   }
 }

client/pages/settings/admin.vue

@@ -36,6 +36,8 @@
 
 <script setup>
 import { useRouter } from 'vue-router';
+import {opnFetch} from "~/composables/useOpnApi.js";
+import {fetchAllWorkspaces} from "~/stores/workspaces.js";
 
 definePageMeta({
   middleware: "admin"
@@ -51,30 +53,31 @@ const router = useRouter()
 let form = useForm({
   identifier: ''
 })
-let loading = false
+const loading = ref(false)
 
 const runtimeConfig = useRuntimeConfig()
 const statsUrl = runtimeConfig.public.apiBase + '/stats'
 const horizonUrl = runtimeConfig.public.apiBase + '/horizon'
 
 const impersonate = () => {
-  loading = true
+  loading.value = true
   authStore.startImpersonating()
   opnFetch('/admin/impersonate/' + encodeURI(form.identifier)).then(async (data) => {
-    loading = false
-
     // Save the token.
-    authStore.saveToken(data.token, false)
+    authStore.setToken(data.token, false)
 
     // Fetch the user.
-    await authStore.fetchUser()
+    const userData = await opnFetch('user')
+    authStore.setUser(userData)
+    const workspaces = await fetchAllWorkspaces()
+    workspacesStore.set(workspaces.data.value)
+    loading.value = false
 
-    // Redirect to the dashboard.
-    workspacesStore.set([])
     router.push({ name: 'home' })
   }).catch((error) => {
+    console.error(error)
     useAlert().error(error.response.data.message)
-    loading = false
+    loading.value = false
   })
 }
 </script>

client/server/plugins/embeddable.js

@@ -3,6 +3,7 @@ export default defineNitroPlugin(nitroApp => {
     const routePath = event.node?.req?.url || event.node?.req?.originalUrl
     // const routePath= event.context.params._
     if (routePath && !routePath.startsWith('/forms/')) {
+      console.error('Not a form, setting X-Frame-Options', routePath)
       // Only allow embedding of forms
       response.headers['X-Frame-Options'] = 'sameorigin'
     }

client/stores/auth.js

@@ -19,9 +19,8 @@ export const useAuthStore = defineStore('auth', {
     },
     // Stop admin impersonation
     stopImpersonating() {
-      this.token = this.admin_token
+      this.setToken(this.admin_token)
       this.admin_token = null
-        // TODO: re-fetch user
     },
 
     setToken(token) {