final commit

Author: franbarbalopez

config/mirror.php

@@ -40,4 +40,17 @@
 
     'ttl' => null,
 
+    /*
+    |--------------------------------------------------------------------------
+    | Default Redirect URL
+    |--------------------------------------------------------------------------
+    |
+    | The default URL to redirect to when the TTL middleware expires a session
+    | and no leave redirect URL was specified. This allows you to customize
+    | where users are sent after an automatic session expiration.
+    |
+    */
+
+    'default_redirect_url' => '/',
+
 ];

src/Http/Middleware/CheckImpersonationTtl.php

@@ -31,7 +31,7 @@ public function handle(Request $request, Closure $next): Response
             $ttl = $this->config->get('mirror.ttl');
 
             if ($this->impersonationSession->isExpired($ttl)) {
-                $redirectUrl = Mirror::getLeaveRedirectUrl() ?? '/';
+                $redirectUrl = Mirror::getLeaveRedirectUrl() ?? $this->config->get('mirror.default_redirect_url', '/');
 
                 Mirror::forceStop();
 

src/ImpersonationSession.php

@@ -144,8 +144,8 @@ public function clear(): void
      */
     public function generateIntegrityHash(): self
     {
-        $data = $this->getDataForHash();
-        $hash = hash_hmac('sha256', $data, $this->appKey);
+        $payload = $this->buildIntegrityPayload();
+        $hash = hash_hmac('sha256', $payload, $this->appKey);
 
         $this->session->put(self::INTEGRITY_KEY, $hash);
 
@@ -171,7 +171,7 @@ public function verifyIntegrity(): void
             throw TamperedSessionException::detected();
         }
 
-        $expectedHash = hash_hmac('sha256', $this->getDataForHash(), $this->appKey);
+        $expectedHash = hash_hmac('sha256', $this->buildIntegrityPayload(), $this->appKey);
 
         if (! hash_equals($storedHash, $expectedHash)) {
             $this->clear();
@@ -181,16 +181,16 @@ public function verifyIntegrity(): void
     }
 
     /**
-     * Get the data string used for hash generation.
+     * Build the payload for integrity hash verification.
      */
-    protected function getDataForHash(): string
+    protected function buildIntegrityPayload(): string
     {
-        return implode('|', [
-            $this->getImpersonator() ?? '',
-            $this->getGuardName() ?? '',
-            $this->getStartedAt() ?? '',
-            $this->getLeaveRedirectUrl() ?? '',
-        ]);
+        return json_encode([
+            'impersonator' => $this->getImpersonator(),
+            'guard_name' => $this->getGuardName(),
+            'started_at' => $this->getStartedAt(),
+            'leave_redirect_url' => $this->getLeaveRedirectUrl(),
+        ], JSON_THROW_ON_ERROR);
     }
 
     /**

src/Impersonator.php

@@ -39,9 +39,9 @@ protected function getCurrentGuardName(): string
     }
 
     /**
-     * Get the user model class.
+     * Get the authenticatable class name.
      */
-    protected function getUserModel(): string
+    protected function getAuthenticatableClass(): string
     {
         $defaultGuard = $this->config->get('auth.defaults.guard');
         $guardProvider = $this->config->get(sprintf('auth.guards.%s.provider', $defaultGuard));
@@ -155,9 +155,9 @@ public function getImpersonator(): ?Authenticatable
             return null;
         }
 
-        $model = $this->getUserModel();
+        $class = $this->getAuthenticatableClass();
 
-        return $model::find($impersonatorId);
+        return $class::find($impersonatorId);
     }
 
     /**
@@ -168,8 +168,9 @@ public function getImpersonator(): ?Authenticatable
      */
     public function startByKey(int|string $key, ?string $leaveRedirectUrl = null, ?string $startRedirectUrl = null): ?string
     {
-        $model = $this->getUserModel();
-        $user = $model::find($key);
+        $class = $this->getAuthenticatableClass();
+
+        $user = $class::find($key);
 
         if (! $user) {
             throw new \InvalidArgumentException(sprintf('User with key [%s] not found.', $key));
@@ -186,8 +187,9 @@ public function startByKey(int|string $key, ?string $leaveRedirectUrl = null, ?s
      */
     public function startByEmail(string $email, ?string $leaveRedirectUrl = null, ?string $startRedirectUrl = null): ?string
     {
-        $model = $this->getUserModel();
-        $user = $model::where('email', $email)->first();
+        $class = $this->getAuthenticatableClass();
+
+        $user = $class::query()->where('email', $email)->first();
 
         if (! $user) {
             throw new \InvalidArgumentException(sprintf('User with email [%s] not found.', $email));
@@ -307,7 +309,7 @@ protected function ensureNotExpired(): void
      */
     protected function ensureCanImpersonate(?Authenticatable $impersonator): void
     {
-        if (! $impersonator instanceof \Illuminate\Contracts\Auth\Authenticatable) {
+        if (! $impersonator instanceof Authenticatable) {
             throw ImpersonationException::cannotImpersonate();
         }
 

src/MirrorServiceProvider.php

@@ -65,40 +65,56 @@ protected function registerMiddlewares(): void
      */
     protected function registerBladeDirectives(): void
     {
-        Blade::if('impersonating', function (?string $guard = null): bool {
-            if ($guard !== null) {
-                return session()->has('mirror.impersonating') && session('mirror.guard_name') === $guard;
-            }
+        Blade::if('impersonating', fn (?string $guard = null): bool => $this->checkImpersonating($guard));
+        Blade::if('canImpersonate', fn (?string $guard = null): bool => $this->checkCanImpersonate($guard));
+        Blade::if('canBeImpersonated', fn (?Authenticatable $user = null, ?string $guard = null): bool => $this->checkCanBeImpersonated($user, $guard));
+    }
+
+    /**
+     * Check if the authenticated model is impersonating.
+     */
+    protected function checkImpersonating(?string $guard): bool
+    {
+        if ($guard !== null) {
+            return session()->has('mirror.impersonating') && session('mirror.guard_name') === $guard;
+        }
 
-            return Mirror::isImpersonating();
-        });
+        return Mirror::isImpersonating();
+    }
+
+    /**
+     * Check if the authenticated model can impersonate.
+     */
+    protected function checkCanImpersonate(?string $guard): bool
+    {
+        $user = auth($guard)->user();
 
-        Blade::if('canImpersonate', function (?string $guard = null): bool {
+        if (! $user) {
+            return false;
+        }
+
+        // @phpstan-ignore-next-line function.alreadyNarrowedType
+        return method_exists($user, 'canImpersonate')
+            ? $user->canImpersonate()
+            : true;
+    }
+
+    /**
+     * Check if the authenticated model can be impersonated.
+     */
+    protected function checkCanBeImpersonated(?Authenticatable $user, ?string $guard): bool
+    {
+        if (! $user instanceof Authenticatable) {
             $user = auth($guard)->user();
+        }
+
+        if (! $user) {
+            return false;
+        }
 
-            if (! $user) {
-                return false;
-            }
-
-            // @phpstan-ignore-next-line function.alreadyNarrowedType
-            return method_exists($user, 'canImpersonate')
-                ? $user->canImpersonate()
-                : true;
-        });
-
-        Blade::if('canBeImpersonated', function ($user = null, ?string $guard = null): bool {
-            if ($user === null) {
-                $user = auth($guard)->user();
-            }
-
-            if (! $user instanceof Authenticatable) {
-                return false;
-            }
-
-            // @phpstan-ignore-next-line function.alreadyNarrowedType
-            return method_exists($user, 'canBeImpersonated')
-                ? $user->canBeImpersonated()
-                : true;
-        });
+        // @phpstan-ignore-next-line function.alreadyNarrowedType
+        return method_exists($user, 'canBeImpersonated')
+            ? $user->canBeImpersonated()
+            : true;
     }
 }