Laravel Impersonate is a fantastic package that makes it easy to authenticate as your users. You just need to add a simple trait to your user model and impersonate it as one of your users in one click. This package requires:

• Laravel 6.x to 9.x
• PHP >= 7.2 or >= 8.0

Installation

You can install this package with Composer:

composer require lab404/laravel-impersonate

Add the service provider at the end of your
config/app.php:

'providers' => [
    // ...
    Lab404\Impersonate\ImpersonateServiceProvider::class,
],

Add the trait Lab404\Impersonate\Models\Impersonate to your User model.

Simple usage

Impersonate a user:

Auth::user()->impersonate($other_user);
// You're now logged as the $other_user

Leave impersonation:

Auth::user()->leaveImpersonation();
// You're now logged as your original user.

Using the built-in controller

In your routes file, under web middleware, you must call the impersonate route macro.

Route::impersonate();

Alternatively, you can execute this macro with your RouteServiceProvider.

namespace App\Providers;

class RouteServiceProvider extends ServiceProvider
{
    public function map() {
        Route::middleware('web')->group(function (Router $router) {
            $router->impersonate();
        });
    }
}

// Where $id is the ID of the user you want impersonate
route('impersonate', $id)

// Or in case of multi guards, you should also add `guardName` (defaults to `web`)
route('impersonate', ['id' => $id, 'guardName' => 'admin'])

// Generate an URL to leave current impersonation
route('impersonate.leave')

Middleware

Protect From Impersonation

You can use the middleware impersonate.protect to protect your routes against user impersonation.
This middleware can be useful when you want to protect specific pages like users subscriptions, users credit cards,

Router::get('/my-credit-card', function() {
    echo "Can't be accessed by an impersonator";
})->middleware('impersonate.protect');

Configuration

The package comes with a configuration file.

Publish it with the following command:

php artisan vendor:publish --tag=impersonate

Available options:

    // The session key used to store the original user id.
    'session_key' => 'impersonated_by',
    // Where to redirect after taking an impersonation.
    // Only used in the built-in controller.
    // You can use: an URI, the keyword back (to redirect back) or a route name
    'take_redirect_to' => '/',
    // Where to redirect after leaving an impersonation.
    // Only used in the built-in controller.
    // You can use: an URI, the keyword back (to redirect back) or a route name
    'leave_redirect_to' => '/

This package has a lot of amazing features with code examples, If you want to dig more, Please visit Github for its detailed documentation and source code.