User impersonation

src/Database/Models/Domain.php

@@ -10,6 +10,7 @@ use Stancl\Tenancy\Events\DomainSaved;
 use Stancl\Tenancy\Events\DomainUpdated;
 use Stancl\Tenancy\Exceptions\DomainOccupiedByOtherTenantException;
 use Stancl\Tenancy\Contracts;
+use Stancl\Tenancy\Database\Concerns\CentralConnection;
 
 /**
  * @property string $domain
@@ -19,6 +20,8 @@ use Stancl\Tenancy\Contracts;
  */
 class Domain extends Model implements Contracts\Domain
 {
+    use CentralConnection;
+
     public $guarded = [];
     public $casts = [
         'is_primary' => 'bool',

src/Database/Models/ImpersonationToken.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace Stancl\Tenancy\Database\Models;
+
+use Carbon\Carbon;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Str;
+use Stancl\Tenancy\Database\Concerns\CentralConnection;
+
+/**
+ * @param string $token
+ * @param string $tenant_id
+ * @param string $user_id
+ * @param string $auth_guard
+ * @param string $redirect_url
+ * @param Carbon $created_at
+ */
+class ImpersonationToken extends Model
+{
+    use CentralConnection;
+
+    protected $guarded = [];
+    public $timestamps = false;
+    protected $primaryKey = 'token';
+    public $incrementing = false;
+    protected $table = 'tenant_user_impersonation_tokens';
+    protected $dates = [
+        'created_at',
+    ];
+
+    public static function boot()
+    {
+        parent::boot();
+
+        static::creating(function ($model) {
+            $model->created_at = $model->created_at ?? $model->freshTimestamp();
+            $model->token = $model->token ?? Str::random(128);
+            $model->auth_guard = $model->auth_guard ?? config('auth.defaults.guard');
+        });
+    }
+}

src/Features/UserImpersonation.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace Stancl\Tenancy\Features;
+
+use Carbon\Carbon;
+use Illuminate\Http\RedirectResponse;
+use Illuminate\Support\Facades\Auth;
+use Stancl\Tenancy\Contracts\Feature;
+use Stancl\Tenancy\Database\Models\ImpersonationToken;
+use Stancl\Tenancy\Contracts\Tenant;
+use Stancl\Tenancy\Tenancy;
+
+class UserImpersonation implements Feature
+{
+    public static $ttl = 60; // seconds
+
+    public function bootstrap(Tenancy $tenancy): void
+    {
+        $tenancy->macro('impersonate', function (Tenant $tenant, string $userId, string $redirectUrl, string $authGuard = null): ImpersonationToken
+        {
+            return ImpersonationToken::create([
+                'tenant_id' => $tenant->getTenantKey(),
+                'user_id' => $userId,
+                'redirect_url' => $redirectUrl,
+                'auth_guard' => $authGuard,
+            ]);
+        });
+    }
+
+    /**
+     * Impersonate a user and get an HTTP redirect response.
+     *
+     * @param string|ImpersonationToken $token
+     * @return RedirectResponse
+     */
+    public static function makeResponse($token): RedirectResponse
+    {
+        $token = $token instanceof ImpersonationToken ? $token : ImpersonationToken::findOrFail($token);
+
+        if (((string) $token->tenant_id) !== ((string) tenant('id'))) {
+            abort(403);
+        }
+
+        if ($token->created_at->diffInSeconds(Carbon::now()) > static::$ttl) {
+            abort(403);
+        }
+
+        Auth::guard($token->auth_guard)->loginUsingId($token->user_id);
+
+        $token->delete();
+
+        return redirect($token->redirect_url);
+    }
+}

src/Tenancy.php

@@ -4,11 +4,14 @@ namespace Stancl\Tenancy;
 
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Support\Traits\Macroable;
 use Stancl\Tenancy\Contracts\TenancyBootstrapper;
 use Stancl\Tenancy\Contracts\Tenant;
 
 class Tenancy
 {
+    use Macroable;
+
     /** @var Tenant|Model|null */
     public $tenant;