Skip to content

v5.0.0

Latest

Choose a tag to compare

@SupianIDz SupianIDz released this 02 Jul 23:03

Release v5.0.0 πŸš€

This is a major release featuring a completely revamped modern UI, improved security, better performance, and support for the latest Laravel ecosystem!


✨ New Features & Improvements

1. Zero Dependencies (Vanilla JS & CSS)

We've completely dropped heavy frontend dependencies (jQuery, Select2) and the entire Node.js build ecosystem (Webpack, package.json, .nvmrc). The frontend is now 100% Vanilla JS and Vanilla CSS, drastically reducing the footprint!

2. Revamped UI

The impersonation widget has been rebuilt using modern Flexbox (replacing legacy <table> layouts). It now provides a cleaner, more responsive, and easily maintainable design.

3. Database Scoping Support (scopeImpersonatable)

Easily apply database-level filtering for who can be searched/impersonated. This dramatically improves performance and pagination accuracy.
Full support for traditional scopeMethod() conventions as well as Laravel 11+ #[Scope] attributes!

4. Plug-and-Play Trait Defaults

The HasImpersonation trait now comes with sensible defaults:

  • getImpersonateDisplayText() returns $this->name
  • getImpersonateSearchField() returns ['name']

Meaning: Zero initial configuration is required for basic usage.

5. Fluent Backend Impersonation

Introduced a fluent shortcut to perform manual backend impersonation without passing the impersonator explicitly:

Impersonate::loginAs($user);

6. Codebase Purity

Removed all PHPStan baseline suppressions. The codebase now natively passes PHPStan Level 9 strict typing analysis with zero errors.


πŸ”’ Security & Bug Fixes

  • [HIGH] Information Disclosure Fixed
    Added proper authorization guards (403 Forbidden) to the API endpoints (/_impersonate/users and /_impersonate/login). Unauthenticated or unauthorized users can no longer enumerate the user list.

  • Pagination Accuracy
    Applying the impersonation filter directly via query scope (rather than in-memory PHP filtering) fixes inaccurate .total() records returned by pagination queries.

  • Robust Error Handling
    Internal repository queries now catch structural exceptions and throw a clean ImpersonateException instead of leaking database/system errors to API consumers.


⚠ Breaking Changes

  • Minimum Requirements Bumped:
    Now requires PHP 8.2+ and Laravel 12.x / 13.x

  • In-Memory Filtering Removed:
    ImpersonateCollection no longer filters impersonatable users in-memory after queries are executed. Database-level scoping via scopeImpersonatable is now the required approach.

  • Config Keys Renamed:
    The configuration for UI state is now properly grouped under the interface key.

    • impersonate.enabled β†’ impersonate.interface.enabled
  • ENV Variables Renamed:
    All interface-related env keys are now consistently prefixed with IMPERSONATE_UI_.

    • IMPERSONATE_ENABLED β†’ IMPERSONATE_UI_ENABLED
    • IMPERSONATE_WIDTH β†’ IMPERSONATE_UI_WIDTH
    • IMPERSONATE_DELAY β†’ IMPERSONATE_UI_DEBOUNCE

πŸ“ Upgrade Guide

Upgrading from v4.x? Please follow these 3 quick steps:

  1. Update .env Variables
    Rename your existing keys to match the new prefix:

    • IMPERSONATE_ENABLED β†’ IMPERSONATE_UI_ENABLED
    • IMPERSONATE_WIDTH β†’ IMPERSONATE_UI_WIDTH
    • IMPERSONATE_DELAY β†’ IMPERSONATE_UI_DEBOUNCE
  2. Update Config References
    If you published the config, move enabled inside the interface array.

  3. Implement Database Scoping
    Add scopeImpersonatable() (or use #[Scope]) on your User model to handle impersonation limits at the database query level. This fixes pagination and speeds up searches.


Full Changelog: v4.3.1...v5.0.0