PHPackages                             imanghafoori/laravel-masterpass - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication & Authorization](/categories/authentication)
4. /
5. imanghafoori/laravel-masterpass

ActiveLibrary[Authentication & Authorization](/categories/authentication)

imanghafoori/laravel-masterpass
===============================

A minimal yet powerful package to help you easily impersonate your users.

v2.2.52(1y ago)367244.1k—6.4%26[2 PRs](https://github.com/imanghafoori1/laravel-MasterPass/pulls)MITPHPPHP >=5.6.0

Since May 17Pushed 1y ago11 watchersCompare

[ Source](https://github.com/imanghafoori1/laravel-MasterPass)[ Packagist](https://packagist.org/packages/imanghafoori/laravel-masterpass)[ Docs](https://github.com/imanghafoori1/laravel-masterpass)[ RSS](/packages/imanghafoori-laravel-masterpass/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (9)Dependencies (4)Versions (29)Used By (0)

🔑 Make your login form smart in a minute.
==========================================

[](#key-make-your-login-form-smart-in-a-minute)

 [![](https://user-images.githubusercontent.com/6961695/40175458-6e1cd190-59ed-11e8-92df-a281a5dc55b2.png)](https://user-images.githubusercontent.com/6961695/40175458-6e1cd190-59ed-11e8-92df-a281a5dc55b2.png)

[![Maintainability](https://camo.githubusercontent.com/490b2ff08c6a1cd668b57f0ab40d96c5c642bad9ba62898fd3e99a04b4918489/68747470733a2f2f6170692e636f6465636c696d6174652e636f6d2f76312f6261646765732f39643662653762303537313033636231343431302f6d61696e7461696e6162696c697479)](https://codeclimate.com/github/imanghafoori1/laravel-masterpass/maintainability)[![Imports](https://github.com/imanghafoori1/laravel-masterpass/actions/workflows/imports.yml/badge.svg?branch=master)](https://github.com/imanghafoori1/laravel-masterpass/actions/workflows/imports.yml)[![StyleCI](https://camo.githubusercontent.com/0b907708e7c633d3e04093b8c62df3392febbfa1765b5ad391d36287ca4532cc/68747470733a2f2f6769746875622e7374796c6563692e696f2f7265706f732f3133393730393531382f736869656c643f6272616e63683d6d6173746572)](https://github.styleci.io/repos/139709518)[![Latest Stable Version](https://camo.githubusercontent.com/3095c2a47fe8c8c1088ad390eec57045708190e19c1815854c31bde2f07f8a81/68747470733a2f2f706f7365722e707567782e6f72672f696d616e676861666f6f72692f6c61726176656c2d6d6173746572706173732f762f737461626c65)](https://packagist.org/packages/imanghafoori/laravel-masterpass)[![Daily Downloads](https://camo.githubusercontent.com/c0ac1d16f3847554931a0a4799b02f54825606ea50e006fd7d03623c22d738fd/68747470733a2f2f706f7365722e707567782e6f72672f696d616e676861666f6f72692f6c61726176656c2d6d6173746572706173732f642f6461696c79)](https://packagist.org/packages/imanghafoori/laravel-masterpass)[![Total Downloads](https://camo.githubusercontent.com/39741248e6cfe8fb0965c841cc3a2fd2ce016efbccd5cae30b563059af1458ab/68747470733a2f2f706f7365722e707567782e6f72672f696d616e676861666f6f72692f6c61726176656c2d6d6173746572706173732f646f776e6c6f616473)](https://packagist.org/packages/imanghafoori/laravel-masterpass)[![Software License](https://camo.githubusercontent.com/7b9d0faf11330a88ea80a58ccf5491f699d5edf7ddac76ad40e2a9dc6a77fd76/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e7376673f7374796c653d726f756e642d737175617265)](LICENSE.md)

### Built with ❤️ for every smart Laravel developer

[](#built-with-heart-for-every-smart-laravel-developer)

Helps you set a master password in .env file and login into any account with that, to impersonate your users.

This means that each account will have 2 valid passwords. The original one and the master password.

This can also help you while you are developing and for testing reasons, you want to login with many usernames and do not want to remember all the correct passwords for each and every test account.

- Also works if you use laravel-passport (as of version 2.0.6 and above)

### 🔥 Installation

[](#fire-installation)

```

composer require imanghafoori/laravel-masterpass

```

**Compatible with laravel version 5.5 and above.**

Then run:

```
php artisan vendor:publish --tag=master_password

```

### 🔧 Config

[](#wrench-config)

The only thing you should do is to put your master password in the `.env` file:

```
MASTER_PASSWORD=mySecretMasterPass

```

Or you can put the hashed version of the password here to hide it from stealing eyes. 👀

```
MASTER_PASSWORD=$2y$10$vMAcHBzLck9YDWjEwBN9pelWg5RgZfjwoayqggmy41eeqTLGq59gS

```

Both of the options will work just fine.

- If the master password can't be read from the `config/master_password.php` file, this package will be totally disabled and will do nothing.

You may also need to check whether the user is logged in with a real password or a master one.

```
$bool = Auth::isLoggedInByMasterPass();
```

Or in blade files you can use our directives:

```
@isLoggedInByMasterPass

     Your are here by master password.

@endif
```

### ▶️ Advanced Usage:

[](#arrow_forward-advanced-usage)

**What if I want to put the master password in the database? (not .env)**

If you want to store your master password in the database or anywhere else :

```
\Event::listen('masterPass.whatIsIt?', function ($user, $credentials) {
     $row = DB::table('master_passwords')->first();

     return $row->password;
});
```

#### ▶️ Super admin accounts should not be opened by a master password, right?

[](#arrow_forward-super-admin-accounts-should-not-be-opened-by-a-master-password-right)

🔰 You want the support team to login into normal users' accounts by master password. BUT

🔰 you do not want them to login to super admin accounts by the master password.

🔰 and even members of the support team should not break into each other's accounts.

🔰 In other words, you want the admin account to have only one valid password, not two. a master password is only for normal user accounts.

#### ▶️ So how to exclude admin accounts, in code?

[](#arrow_forward-so-how-to-exclude-admin-accounts-in-code)

In that case, you can listen to the 'masterPass.canBeUsed?' event check your conditions, and return `false` from it.

Sample:

```
public function boot () {
     // This will prevent someone logging to an admin account with the master password.
     \Event::listen('masterPass.canBeUsed?', function ($user, $credentials) {
          if ($user->isAdmin) {
               return false;
          }
     });

}
```

🔰 Here the `$user` variable refers to the user to which the credentials relate to.

### What if an employee leaves my company?!

[](#what-if-an-employee-leaves-my-company)

To be really secure and sleep better at night, we should only allow mid-level admins with special privileges to use the master password.

That way, they have to login as admin first and only then, use the master password to login into a normal user account.

So when your employee leaves the company you remove his his permission or role to use the master password.

```
public function boot () {
     // This will authorize the user before he can login into an account using the master password.
     \Event::listen('masterPass.canBeUsed?', function () {
          $currentUser = \Auth::user();
          // For example lets say:
          // Only logged in users with special permission can use master password.

          if (! $currentUser or $currentUser->canUseMasterPass == false) {
               return false;  //