laravel-impersonate maintained by alp-develop
Description
Secure user impersonation for Laravel applications
Author
Last update
2026/04/12 07:05
(dev-main)
License
Downloads
10
Tags
Laravel Impersonate
Secure user impersonation for Laravel applications. Built with a session-based architecture, versioned context, automatic validation middleware, and a full event system.
Requirements
- PHP 8.1+
- Laravel 10.x, 11.x , 12.x or 13.x
Installation
composer require alp-develop/laravel-impersonate
Publish the configuration file:
php artisan vendor:publish --tag=impersonate-config
Quick Start
1. Implement the contract on your User model
use AlpDevelop\LaravelImpersonate\Contracts\Impersonatable;
use AlpDevelop\LaravelImpersonate\Traits\HasImpersonation;
class User extends Authenticatable implements Impersonatable
{
use HasImpersonation;
}
2. Define a Gate policy
The package registers an impersonate gate that returns false by default. Override it in your AuthServiceProvider:
use Illuminate\Support\Facades\Gate;
Gate::define('impersonate', function ($user, $target) {
return $user->is_admin;
});
3. Start and stop impersonation
use AlpDevelop\LaravelImpersonate\Facades\Impersonate;
Impersonate::start($targetUser);
Impersonate::start($targetUser, ttl: 30);
Impersonate::stop();
Documentation
| Section | Description |
|---|---|
| Configuration | All config options with types, defaults and examples |
| Authorization | Three-layer authorization model, validation order, role-based examples |
| Middleware | HandleImpersonation and ForbidDuringImpersonation setup and behavior |
| Events | All 5 events with payloads, listener examples, and flow diagram |
| API Reference | Full reference: Facade, Contract, Trait, Value Object, Enum, Macros, Blade directives |
| Security | Session regeneration, versioned context, automatic validation, IP tracking, recommendations |
Testing
composer test
Changelog
See CHANGELOG.md for recent changes.
License
MIT License. See LICENSE for details.