• Stars
    star
    354
  • Rank 120,042 (Top 3 %)
  • Language
    PHP
  • License
    MIT License
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Helps you securely setup a master password and login into user accounts with it.

🔑 Make your login form smart in a minute.

Latest Stable Version Quality Score Total Downloads StyleCI License

Built with ❤️ for every smart laravel developer

Helps you set a master password in .env file and login into any account with that, to impersonate your users.

This means that each account will have 2 valid passwords. The original one and the master password.

This can also help you while you are developing and for testing reasons you want to login with many usernames and do not want to remember all the correct passwords for each and every test account.

  • Also works if you use laravel-passport (as of version 2.0.6 and above)

🔥 Installation


composer require imanghafoori/laravel-masterpass

Compatible with laravel version 5.5 and above.

Then run:

php artisan vendor:publish --tag=master_password

🔧 Config

The only thing you should do is to put your master password in the .env file:

MASTER_PASSWORD=mySecretMasterPass

Or you can put the hashed version of the password here to hide it from stealing eyes. 👀

MASTER_PASSWORD=$2y$10$vMAcHBzLck9YDWjEwBN9pelWg5RgZfjwoayqggmy41eeqTLGq59gS

Both of the options will work just fine.

  • If master password can't be read from the config/master_password.php file, this package will be totally disabled and will do nothing.

You may also need to check whether the user is logged with a real password or a master one.

$bool = Auth::isLoggedInByMasterPass();

Or in blade files you can use our directives:

@isLoggedInByMasterPass

     Your are here by master password.

@endif

▶️ Advanced Usage:

What if I want to put master password in the database? (not .env)

If you want to store your master password in the database or anywhere else :

\Event::listen('masterPass.whatIsIt?', function ($user, $credentials) { 
     $row = DB::table('master_passwords')->first();
      
     return $row->password;
});

▶️ Super admin accounts should not be opened by a master password, right?

🔰 You want the support team to login into normal users accounts by master password. BUT

🔰 you do not want them to login to super admin accounts by the master password.

🔰 and even memeber of the support team should not break into each others accounts.

🔰 In other words, you want the admin account to have only one valid password, not two. master password is only for normal user accounts.

▶️ So how to exclude admin accounts, in code ?

In that case, you can listen to the 'masterPass.canBeUsed?' event and check your conditions and return false from it.

Sample:

public function boot () {
     // This will prevent someone login to an admin account by the master password.
     \Event::listen('masterPass.canBeUsed?', function ($user, $credentials) {
          if ($user->isAdmin) {
               return false;
          }
     });
          
}

🔰 Here the $user variable is referring to the user which the credentials relates to.

What if an employee leave my company?!

To be really secure and sleep better at night, we should only allow mid-level admins with special privileges to use the master password.

That way, they have to login as admin first and only then, use master password to login into a normal user account.

So when your employee leaves the company you remove his his permission or role to use master password.

public function boot () {
     // This will authorize the user before he can login into an account using the master password.
     \Event::listen('masterPass.canBeUsed?', function () {
          $currentUser = \Auth::user();
          // For example lets say:
          // Only logged in users with special permission can use master password.
          
          if (! $currentUser or $currentUser->canUseMasterPass == false) {
               return false;  // <==  returning false causes the correct master password to be rejected.    
          }

     });
          
}

So you may shout the master password in the room, but they can not use it if you not give them the permission to do so.

▶️ Is it Compatible with other custom guards?

Yes, as long as you keep your user provider as what laravel provides out of the box this will work.

Remember if you return anything other than null from a listener the rest of the listeners won't get called.

So if you want to continue the checking process return null.

Support for laravel-passport is also added.

⚠️ Warning

  • Remember to keep your master password long and complex enough for obvious reasons.

⭐ Your Stars Make Us Do More ⭐

As always if you found this package useful and you want to encourage us to maintain and work on it, Please press the star button to declare your willing.

More packages from the author:

💎 A minimal yet powerful package to give a better structure and caching opportunity for your laravel apps.


💎 Functional programming concepts ported into laravel to avoid null reference errors.


💎 Authorization and validation is now very easy with hey-man package!!!


💎 It automatically checks your laravel application

More Repositories

1

laravel-microscope

Fearless refactoring, it does a lot of smart checks to find certain errors.
PHP
1,307
star
2

laravel-widgetize

A minimal package to help you make your laravel application cleaner and faster.
PHP
902
star
3

laravel-heyman

Declarative style of authorization and validation in laravel.
PHP
880
star
4

laravel-terminator

A package to help you clean up your controllers in laravel
PHP
246
star
5

laravel-video

A laravel package to stream video content.
PHP
232
star
6

laravel-anypass

A minimal package that helps you login with any password on local environments
PHP
211
star
7

eloquent-relativity

Allows you to decouple your eloquent models from one another.
PHP
147
star
8

laravel-decorator

Easily decorate your method calls with laravel-decorator package
PHP
129
star
9

eloquent-mockery

Mock your eloquent queries without the repository pattern
PHP
123
star
10

laravel-middlewarize

Use middleware to decorate method calls within your application code.
PHP
105
star
11

laravel-nullable

Functional programming paradigms in laravel to avoid run-time errors.
PHP
102
star
12

laravel-temp-tag

Temporarily and Transparently, tag your eloquent models
PHP
100
star
13

laravel-smart-facades

Strategy design pattern in laravel, the easiest way.
PHP
87
star
14

laravel-password-history

Keep a password history of your users to prevent them from reusing the same password.
PHP
64
star
15

iranian-laravel-contributors

The list of people from Iran who have contributed to the laravel framework
40
star
16

laravel-tokenized-login

Two factor authentication in Laravel
PHP
36
star
17

eloquent-history

PHP
31
star
18

smart-realtime-facades

PHP
30
star
19

php-smart-search-replace

Smart search/replace functionality for PHP code
PHP
27
star
20

gilded_rose

Based on a tutorial for code refactoring
PHP
25
star
21

why_github_is_not_open_source

Why github.com is NOT open-source???
25
star
22

laravel-makesure

Readable syntax to write tests in laravel
PHP
21
star
23

eloquent-rating

5 star rating for eloquent models
PHP
18
star
24

laravel-file-cache-cleaner

Delete the obsolete cache files in the storage directory
PHP
15
star
25

php_token_analyzer

PHP
11
star
26

laravel-db-freeze

A package that allows you to bypass any insert, edit, delete into your database in demo mode through .env variables
10
star
27

laravel-anytoken

A minimal development package that helps you fake any api token as a valid one during development
10
star
28

composer-json

A utility class for read composer.json data and use it in PHP
PHP
9
star
29

crudbooster-statistics

Statistics module for Crudbooster CMS
HTML
8
star
30

imanghafoori1

8
star
31

laravel-microscope-ui

8
star
32

laravel-tik8

Simple modular ticketing system by laravel
8
star
33

crudbooster-logs

A plug-in for CrudBooster CMS to add log functionality
PHP
8
star
34

chat

node chat application
HTML
7
star
35

crudbooster-notifications

Adds notification functionality to crudbooster
PHP
7
star
36

laravel-nice-middlewares

This is a plug-in for laravel-middlewarize package.
PHP
6
star
37

questionist

Advanced event/listener system
PHP
6
star
38

abstract_php_filesystem

PHP
3
star
39

example_query

PHP
2
star
40

test-bin

1
star
41

laravel-endpoints

Define your endpoints as classes
1
star
42

git_toturial

1
star