imanghafoori/laravel-masterpass 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

imanghafoori/laravel-masterpass

Composer 安装命令:

composer require imanghafoori/laravel-masterpass

包简介

A minimal yet powerful package to help you easily impersonate your users.

README 文档

README

🔑 Make your login form smart in a minute.

Maintainability Imports StyleCI Latest Stable Version Daily Downloads Total Downloads Software License

Built with ❤️ for every smart Laravel developer

Helps you set a master password in .env file and login into any account with that, to impersonate your users.

This means that each account will have 2 valid passwords. The original one and the master password.

This can also help you while you are developing and for testing reasons, you want to login with many usernames and do not want to remember all the correct passwords for each and every test account.

  • Also works if you use laravel-passport (as of version 2.0.6 and above)

🔥 Installation


composer require imanghafoori/laravel-masterpass

Compatible with laravel version 5.5 and above.

Then run:

php artisan vendor:publish --tag=master_password

🔧 Config

The only thing you should do is to put your master password in the .env file:

MASTER_PASSWORD=mySecretMasterPass

Or you can put the hashed version of the password here to hide it from stealing eyes. 👀

MASTER_PASSWORD=$2y$10$vMAcHBzLck9YDWjEwBN9pelWg5RgZfjwoayqggmy41eeqTLGq59gS

Both of the options will work just fine.

  • If the master password can't be read from the config/master_password.php file, this package will be totally disabled and will do nothing.

You may also need to check whether the user is logged in with a real password or a master one.

$bool = Auth::isLoggedInByMasterPass();

Or in blade files you can use our directives:

@isLoggedInByMasterPass

     Your are here by master password.

@endif

▶️ Advanced Usage:

What if I want to put the master password in the database? (not .env)

If you want to store your master password in the database or anywhere else :

\Event::listen('masterPass.whatIsIt?', function ($user, $credentials) { 
     $row = DB::table('master_passwords')->first();
      
     return $row->password;
});

▶️ Super admin accounts should not be opened by a master password, right?

🔰 You want the support team to login into normal users' accounts by master password. BUT

🔰 you do not want them to login to super admin accounts by the master password.

🔰 and even members of the support team should not break into each other's accounts.

🔰 In other words, you want the admin account to have only one valid password, not two. a master password is only for normal user accounts.

▶️ So how to exclude admin accounts, in code?

In that case, you can listen to the 'masterPass.canBeUsed?' event check your conditions, and return false from it.

Sample:

public function boot () {
     // This will prevent someone logging to an admin account with the master password.
     \Event::listen('masterPass.canBeUsed?', function ($user, $credentials) {
          if ($user->isAdmin) {
               return false;
          }
     });
          
}

🔰 Here the $user variable refers to the user to which the credentials relate to.

What if an employee leaves my company?!

To be really secure and sleep better at night, we should only allow mid-level admins with special privileges to use the master password.

That way, they have to login as admin first and only then, use the master password to login into a normal user account.

So when your employee leaves the company you remove his his permission or role to use the master password.

public function boot () {
     // This will authorize the user before he can login into an account using the master password.
     \Event::listen('masterPass.canBeUsed?', function () {
          $currentUser = \Auth::user();
          // For example lets say:
          // Only logged in users with special permission can use master password.
          
          if (! $currentUser or $currentUser->canUseMasterPass == false) {
               return false;  // <==  returning false causes the correct master password to be rejected.    
          }

     });
          
}

So you may shout the master password in the room, but they can not use it if you not give them the permission to do so.

▶️ Is it Compatible with other custom guards?

Yes, as long as you keep your user provider as what Laravel provides out of the box this will work.

Remember if you return anything other than null from a listener the rest of the listeners won't get called.

So if you want to continue the checking process return null.

Support for laravel-passport is also added.

⚠️ Warning

  • Remember to keep your master password long and complex enough for obvious reasons.

⭐ Your Stars Make Us Do More ⭐

As always if you found this package useful and you want to encourage us to maintain and work on it, Please press the star button to declare your willing.

More packages from the author:

💎 A minimal yet powerful package to give a better structure and caching opportunity for your Laravel apps.

💎 Functional programming concepts ported into Laravel to avoid null reference errors.

💎 Authorization and validation are now very easy with hey-man package!!!

💎 It automatically checks your laravel application

imanghafoori/laravel-masterpass 适用场景与选型建议

imanghafoori/laravel-masterpass 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 257.77k 次下载、GitHub Stars 达 368, 最近一次更新时间为 2018 年 05 月 17 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「php」 「laravel」 「laravel-login」 「laravel-auth」 「laravel-utility」 「laravel-password」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 imanghafoori/laravel-masterpass 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 imanghafoori/laravel-masterpass 我们能提供哪些服务?
定制开发 / 二次开发

基于 imanghafoori/laravel-masterpass 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 257.77k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 370
  • 点击次数: 29
  • 依赖项目数: 0
  • 推荐数: 17

GitHub 信息

  • Stars: 368
  • Watchers: 11
  • Forks: 26
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2018-05-17