Impersonate a User #190

wants to merge 2 commits into


None yet
8 participants

mtudor commented Nov 29, 2012

I propose the addition of functionality to the User Service to allow the impersonation of other users without the need for authentication.

I have deliberately not added routes to the functionality as, unless properly protected from unauthorized use, this would allow anyone to login to any account without a password. Obviously a security risk.

It is left up to the implementer to provide whatever interface they need to protect and allow impersonation to take place. In my case, I use BjyAuthorize to limit access to an impersonate route (/admin/user/impersonate/) to administrators only. The /admin/user/unimpersonate route is available to all users.

If you don't want to use impersonation in your application then just don't implement any routes, but for those of us that need it I hope that this PR can address that.

Comments welcome!


ClemensSahs commented Nov 29, 2012

Really nice a feature.

So a Admin can really easy control a user problem with only one click.

I'm not sure it will be better contained in a separate module.

mtudor commented Dec 13, 2012

@ClemensSahs Thanks for the support on the idea :-)

With regard to putting it in a separate module, I think it's so tied into zfcUser that it might not make all that much sense? It depends on the consensus as to whether the ability to impersonate is seen as a core feature or not.

Personally, I've had cause to use impersonation in almost every user management based system I've worked with, so I vote core, but I think it will come down to the module maintainers' philosophy on the purpose of the module.


cgmartin commented Jan 9, 2013

Nice feature to help troubleshoot user issues. Wondering if this might be better located in something like since it would typically be used by an admin user. Either way, I like the feature!


akrabat commented Feb 2, 2013

I also like this idea. Will talk to @EvanDotPro about it.

@RWOverdijk RWOverdijk and 1 other commented on an outdated diff Feb 20, 2013

+ public function getUserService()
+ {
+ return $this->userService;
+ }
+ /**
+ * Set userService.
+ *
+ * @param ZfcUser\Service\User $userService
+ */
+ public function setUserService(UserService $userService)
+ {
+ $this->userService = $userService;
+ return $this;
+ }

mtudor Feb 22, 2013

Lol - is there at the end of any of the files? Isn't this message only being shown because I appended stuff to the end of a file? Is a new line in some way critical? Won't it get lonely if I stick it there all on its own? Do we have enough new lines to go around? In this age of austerity shouldn't we be closely monitoring our usage of new lines?

These are just some of the questions I feel need to be considered on this issue ;-)


RWOverdijk Feb 22, 2013

It's a coding standard.

I see where you''re coming from, it's from the previous version. In that case, it might exist. Please verify that it does, and if not add it. :)


mtudor Feb 22, 2013

Lol, not even engaging on one of my flippant tongue-in-cheek remarks - you definitely mean business ;-) I'll check it out!


RWOverdijk Feb 22, 2013

I'm sorry. Frustrating day at work. It did make me giggle. :p


mtudor Feb 22, 2013

Well I'm glad to hear that it gave you a chuckle Wesley! Yikes, frustrating day and it's not even midday yet - hope it looks up in the afternoon!

Newline issue fixed - it didn't exist, you were right, but now it does 💃

Any update on this? I really like this feature!!

mtudor commented Apr 4, 2013

Hi @pietervogelaar,

I'm keeping it updated (with regular rebases against the latest ZfcUser master), but it's waiting for a review / discussion between Rob and Evan before it gets merged.

Please do feel free to download a copy of ZfcUser from my branch if you want to get using this feature early, although I am doing regular rebases so best not to make any alterations to ZfcUser itself from my branch at this stage.

mtudor added some commits Nov 29, 2012

@mtudor @mtudor mtudor Added impersonation functionality to the User Service.
Also added code to the UserController to ensure that a logout ends impersonation.
@mtudor @mtudor mtudor Added view helpers to return the DisplayName or Identity of the curre…
…nt impersonator (or false if not currently impersonating).

lweijl commented Jun 12, 2013

Would a crate of Heinken beer be a good way to speed up the review/discussion?
Am kind of waiting on this feature to get implemented to be honest..

mtudor commented Jun 13, 2013

Hi @lweijl, I'll see if I can get hold of @EvanDotPro or @akrabat on IRC. There might be something I can do to expedite this.

Just so I can get my facts straight - are we talking a 6-pack or a 24-pack... j/k ;-)


spiffyjr commented Jun 21, 2013

This would probably be better suited in an extension module to keep the core code as slim as possible.

See: (criteria 1).

I've added it to the list of TODO's for ZfcUser 2.0. Feel free to reopen if you still have comments.

spiffyjr closed this Jun 21, 2013

lweijl commented Jun 24, 2013

@mtudor would it be too much pain for you to re-shape this into an extension module for ZfcUser?

mtudor commented Jun 24, 2013

@lweijl Yep - it's my intention to try and do this, I'll keep you updated here.

mtudor commented Jul 10, 2013

Hi all,

I've refactored this feature into its own module.

Grab it on Github ( or via composer (mtudor/zfc-user-impersonate).

I'll try and add a "how to" on the Github page soon, as there is a little setup to do to actually use the functionality of the module. Essentially, it's configuring an admin route to actually call "impersonate" and "unimpersonate". You'll also want to use the two view helper functions to offer some feedback to the user on the impersonator user.

Watch the official ZfcUserImpersonate Github space!


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment