PHPackages ukeloop/laravel-impersonatable-guard - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. ukeloop/laravel-impersonatable-guard ActiveLibrary[Authentication & Authorization](/categories/authentication) ukeloop/laravel-impersonatable-guard ==================================== Laravel Impersonatable Guard enables seamless user impersonation with enhanced security features for Laravel applications. v2.0.0(1y ago)21357↓50%3[1 PRs](https://github.com/ukeloop/laravel-impersonatable-guard/pulls)MITPHPPHP ^8.2CI passing Since Mar 23Pushed 2mo ago1 watchersCompare [ Source](https://github.com/ukeloop/laravel-impersonatable-guard)[ Packagist](https://packagist.org/packages/ukeloop/laravel-impersonatable-guard)[ RSS](/packages/ukeloop-laravel-impersonatable-guard/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (3)Dependencies (8)Versions (6)Used By (0) Laravel Impersonatable Guard ============================ [](#laravel-impersonatable-guard) This is a guard implementation in Laravel for handling user impersonation. It extends Laravel's `SessionGuard` and provides additional methods for impersonation-related functionality. User impersonation is a feature that enables an administrator or privileged user to temporarily assume the identity of another user within the application. This capability proves valuable for troubleshooting, testing user-specific features, or providing support. Moreover, It supports multiple authentication guards. For example, admin guard users can also impersonate web guard users. Security Considerations ----------------------- [](#security-considerations) User impersonation should be used with caution, especially in production environments. It's important to properly authenticate and authorize users before allowing them to impersonate others. Additionally, sensitive actions or pages should be protected from access while in impersonation mode to prevent unauthorized use. Installation ------------ [](#installation) You can install this package via Composer: ``` composer require ukeloop/laravel-impersonatable-guard ``` Configuration ------------- [](#configuration) Update your authentication configuration to use the `ImpersonatableSessionGuard` instead of Laravel's default `SessionGuard`. You need to replace the driver from `session` to `impersonatable.session`: ``` // config/auth.php 'guards' => [ 'web' => [ 'driver' => 'impersonatable.session', 'provider' => 'users', ], ], ``` Usage ----- [](#usage) ### Impersonate Users [](#impersonate-users) Start impersonating the specified user. This method takes an instance of `Illuminate\Contracts\Auth\Authenticatable` representing the user to impersonate. ``` Auth::guard('web')->impersonate($user); ``` ### Once Impersonate Users [](#once-impersonate-users) Temporarily impersonate the specified user for a single request. This method is useful for actions that need to be performed as another user without permanently switching the user context. ``` Auth::guard('web')->onceImpersonate($user); ``` ### Exit Impersonation [](#exit-impersonation) Stop impersonating the current user and return to the original user context. ``` Auth::guard('web')->exitImpersonation(); ``` ### Get Original User [](#get-original-user) Get the original user that was being impersonated. ``` $originalUser = Auth::guard('web')->originalUser(); ``` ### Check Currently impersonated state [](#check-currently-impersonated-state) Check if the guard is currently in an impersonated state. ``` $isImpersonated = Auth::guard('web')->impersonated(); ``` Protect Impersonation With Middleware ------------------------------------- [](#protect-impersonation-with-middleware) You can use the middleware `impersonation.protect` to protect your routes against user impersonation. This middleware ensures that users cannot access certain routes while impersonating another user. ``` Route::get('/protect-form-impersonation', 'ExampleController@handleImportantRequest')->middleware('impersonation.protect'); ``` Protect with specified guards: ``` Route::get('/protect-form-impersonation', 'ExampleController@handleImportantRequest')->middleware('impersonation.protect:specified-guard'); ``` Example Impersonation Controller -------------------------------- [](#example-impersonation-controller) Example controller for impersonating users: ``` use App\Models\User; use Illuminate\Http\RedirectResponse; use Illuminate\Support\Facades\Auth; use RuntimeException; use Ukeloop\ImpersonatableGuard\Contracts\ImpersonatableGuard; class ImpersonationController extends Controller { /** * Start impersonating the specified user. */ public function impersonate(User $user): RedirectResponse { $guard = Auth::guard('web'); if (!$guard instanceof ImpersonatableGuard) { throw new RuntimeException('This guard is not allowed to impersonate.'); } $guard->impersonate($user); return redirect('/'); } /** * Stop impersonating the current user and return to the original user context. */ public function exit(): RedirectResponse { $guard = Auth::guard('web'); if (!$guard instanceof ImpersonatableGuard) { throw new RuntimeException('This guard is not allowed to impersonate.'); } $guard->exitImpersonation(); return redirect('/'); } } ``` Custom Impersonate Guard ------------------------ [](#custom-impersonate-guard) You can create custom impersonate guards by implementing `Ukeloop\ImpersonatableGuard\Contracts\ImpersonatableGuard`. ``` use Ukeloop\ImpersonatableGuard\Contracts\ImpersonatableGuard; class CustomImpersonateGuard implements ImpersonatableGuard { // Define your own logic } ``` ### Health Score 43 — FairBetter than 91% of packages Maintenance68 Regular maintenance activity Popularity25 Limited adoption so far Community12 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 52.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~112 days Total 4 Last Release 448d ago Major Versions 1.0.x-dev → v2.0.02025-02-25 PHP version history (2 changes)v1.0.0PHP ^8.1 v2.0.0PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/96333a91e5a8217df403b8e767c2cddc8613a6bcd274ab668ff95f6967db2630?d=identicon)[ukeloop](/maintainers/ukeloop) --- Top Contributors [![ukeloop](https://avatars.githubusercontent.com/u/45733259?v=4)](https://github.com/ukeloop "ukeloop (23 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (13 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (8 commits)") --- Tags laravellaravel ### Code Quality Static AnalysisPHPStan Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/ukeloop-laravel-impersonatable-guard/health.svg) ``` [![Health](https://phpackages.com/badges/ukeloop-laravel-impersonatable-guard/health.svg)](https://phpackages.com/packages/ukeloop-laravel-impersonatable-guard) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[laravel/pulse Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application. 1.7k12.1M99](/packages/laravel-pulse)[roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)