Child pages
  • Change "Login As" functionality to use tokens [5.3.0-B1]
Skip to end of metadata
Go to start of metadata

The "Login As" functionality (introduced in  INP-904 - Getting issue details... STATUS ) allows administrator to login on Front-End as any other user. This is especially useful during debugging processing as well, because developer can't possibly know password of every user in database.

Current implementation works like this:

  1. administrator:
    1. goes to "User Management > Users" section in Admin Console
    2. selects one user in the grid
    3. presses "Login As" button on toolbar
  2. in JavaScript:
    1. link to Front is built in JavaScript, that contains "u:OnLoginAs" event and ID of selected user
    2. new window opens with that link
  3. as permission check for "u:OnLoginAs" event "administrator logged-in into Admin Console" fact is used

Proposing to use one-time login tokens (introduced in [security] One time authentication token system [5.2.2-B1]) instead to have uniformed process with one, that user naturally have on Front-End. This way there won't be need to duplicate part of "u:OnLogin" event inside the "u:OnLoginAs" event.

Solution

  1. add "u:OnGetAutoLoginLink" event, that will:
    1. check, that it's executed in Admin Console
    2. work only from AJAX
    3. accept ID of the user
    4. generate one-time login token
    5. build a link to Front-End containing this token
    6. return that link as part of JSON response
  2. in Admin Console:
    1. call the "u:OnGetAutoLoginLink" event via AJAX
    2. if successful, then open new window using obtained URL

Related Tasks