archtechx/tenancy
1
0
Fork 0
mirror of https://github.com/archtechx/tenancy.git synced 2026-02-04 17:44:05 +00:00
Code Activity

Clean up impersonation tokens before aborting, add tests

Browse source
This commit is contained in:
lukinovec 2025-08-06 12:58:18 +02:00
parent 3984d64cfa
commit 2d5b6aa0c8
2 changed files with 68 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/Features/UserImpersonation.php
View file

@ -44,12 +44,20 @@ class UserImpersonation implements Feature
$tokenExpired = $token->created_at->diffInSeconds(now()) > $ttl;
abort_if($tokenExpired, 403);
if ($tokenExpired) {
$token->delete();
abort(403);
}
$tokenTenantId = (string) $token->getAttribute(Tenancy::tenantKeyColumn());
$currentTenantId = (string) tenant()->getTenantKey();
abort_unless($tokenTenantId === $currentTenantId, 403);
if ($tokenTenantId !== $currentTenantId) {
$token->delete();
abort(403);
}
Auth::guard($token->auth_guard)->loginUsingId($token->user_id, $token->remember);