Test that stopImpersonating() can keep the user authenticated

2026-03-21 23:44:03 +00:00 · 2026-03-03 12:28:42 +01:00 · 2026-03-03 12:28:42 +01:00 · a306f1e972
commit a306f1e972
parent e4f3cedcd5
1 changed files with 41 additions and 0 deletions
--- a/tests/TenantUserImpersonationTest.php
+++ b/tests/TenantUserImpersonationTest.php
@ -148,6 +148,47 @@ test('tenant user can be impersonated on a tenant path', function () {
        ->assertRedirect('/login');
 });

+test('stopImpersonating can keep the user authenticated', function() {
+    makeLoginRoute();
+
+    Route::middleware(InitializeTenancyByPath::class)->prefix('/{tenant}')->group(getRoutes(false));
+
+    $tenant = Tenant::create([
+        'id' => 'acme',
+        'tenancy_db_name' => 'db' . Str::random(16),
+    ]);
+
+    migrateTenants();
+
+    $user = $tenant->run(function () {
+        return ImpersonationUser::create([
+            'name' => 'Joe',
+            'email' => 'joe@local',
+            'password' => bcrypt('secret'),
+        ]);
+    });
+
+    // Impersonate the user
+    $token = tenancy()->impersonate($tenant, $user->id, '/acme/dashboard');
+
+    pest()->get('/acme/impersonate/' . $token->token)
+        ->assertRedirect('/acme/dashboard');
+
+    expect(UserImpersonation::isImpersonating())->toBeTrue();
+
+    // Stop impersonating without logging out
+    UserImpersonation::stopImpersonating(false);
+
+    // The impersonation session key should be cleared
+    expect(UserImpersonation::isImpersonating())->toBeFalse();
+    expect(session('tenancy_impersonation_guard'))->toBeNull();
+
+    // The user should still be authenticated
+    pest()->get('/acme/dashboard')
+        ->assertSuccessful()
+        ->assertSee('You are logged in as Joe');
+});
+
 test('tokens have a limited ttl', function () {
    Route::middleware(InitializeTenancyByDomain::class)->group(getRoutes());