hharnisc
commented
10 years ago Security checks is a definite yes!
Impersonation seems like a very useful feature. I can think back to so many times that this would have been a useful feature. I've got a couple of questions.
1.) Do you think this is something that 80% of apps would want to use?
2.) What are the risks to allowing admins to impersonate a user.
- I can see data getting changed by an admin for testing/debugging reasons and possible privacy issues.
3.) Once I impersonate a user, what do I do?
- My guess is that you'll want to bring them into the home/default page of your app and boot them out of the admin page.
My goal is to keep this tool as simple as possible so it's useful for everyone. I'd also like to make the tool easy to extend, since it's difficult to cover every use case. My gut is telling me that the impersonation feature would be a great extension but not necessarily a base feature.
Hi,
I've implemented the basic security checks on input sanitization so that it will run in meteor projects that use their audit-argument-checks package for extra security.
Also I added an impersonation feature where the admin can impersonate (meaning log in as a user, but without having their password) and user. It's really handy for me to help debug my users' data without having to ask for their password or implement some kind of hacky magic login as anyone password.
I haven't submitted a PR directly though because I'm a bit unsure the best way to have developers configure what they want to do on successful impersonation, for me I goto a specific Iron Router route (which I'm guessing is the standard case?). It seems like a broader question on how configuration should work in this package. I'd be happy to talk about it.
Anyway, it's here: https://github.com/andylash/meteor-accounts-admin-ui-bootstrap-3
-=- andy