bert.hausmans
4df668b5b8
Replaces the insecure token-in-localStorage approach with a header-based impersonation system backed by cache sessions and MFA verification. Key changes: - New impersonation_sessions audit table (immutable, ULID PK) - MFA verification required to start impersonation (TOTP/email/backup) - X-Impersonate-User header + HandleImpersonation middleware - Per-request auth context swap (admin session never modified) - IP pinning, sensitive route blocking, no nesting, sliding 60-min TTL - Activity log auto-tagged with impersonated_by during sessions - Frontend: sessionStorage, BroadcastChannel sync, countdown timer - ImpersonateDialog with reason + MFA verification flow - 26 comprehensive tests covering core, middleware, audit, lifecycle Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
30 lines
939 B
PHP
30 lines
939 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Resources\Admin;
|
|
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Http\Resources\Json\JsonResource;
|
|
|
|
class ImpersonationSessionResource extends JsonResource
|
|
{
|
|
/** @return array<string, mixed> */
|
|
public function toArray(Request $request): array
|
|
{
|
|
return [
|
|
'id' => $this->id,
|
|
'admin_id' => $this->admin_id,
|
|
'target_user_id' => $this->target_user_id,
|
|
'target_user' => new AdminUserResource($this->whenLoaded('targetUser')),
|
|
'reason' => $this->reason,
|
|
'mfa_method' => $this->mfa_method,
|
|
'started_at' => $this->started_at?->toIso8601String(),
|
|
'expires_at' => $this->expires_at?->toIso8601String(),
|
|
'ended_at' => $this->ended_at?->toIso8601String(),
|
|
'end_reason' => $this->end_reason,
|
|
'actions_count' => $this->actions_count,
|
|
];
|
|
}
|
|
}
|