🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

strapi-plugin-impersonation

Package Overview
Dependencies
Maintainers
2
Versions
3
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

strapi-plugin-impersonation

A plugin to enable impersonation in strapi

0.1.2
latest
Source
npm
Version published
Weekly downloads
0
-100%
Maintainers
2
Weekly downloads
 
Created
Source

Strapi v4 - Impersonation Plugin

Impersonate any user on your site right from strapi

GitHub package.json version Monthly download on NPM

This plugin allows all admin users with sufficient permissions to impersonate any user on your site! So use it with caution!

Use cases

  • development environment where you do not want to save users passwords
  • staging/testing environment with randomly generated user accounts where you do not want to have static passwords
  • production environment when users report some problems on the website and you cannot reproduce the issue in development/staging (use with caution!!)

Requirements

This plugin requires the following, in order to work correctly:

  • Strapi v4 (this plugin is not compatible with v3)
  • The plugin users-permissions installed and enabled (@strapi/plugin-users-permissions [npm])
  • After setup configure your BaseURL on the frontend (see Configuration)

Unless you have the previous set up, the button on the right where you can impersonatethe user will not show up.

Installation

# with npm
$ npm install strapi-plugin-impersonation
# or with yarn
$ yarn add strapi-plugin-impersonation

After successful installation you have to build a fresh package that includes plugin UI:

# with npm
$ npm run build && npm run develop
# or with yarn
$ yarn build && yarn develop

Configuration

To work this plugin needs a Base URL where the token will be inserted.

This URL can be set in Settings > Users & Permissions Plugin > Impersonation Plugin

Settings page

To get it working in your frontend you will need to setup a route that reads the jwt-token from URL parameters. This can be an API, a serverSide page that will set a cookie or alternatively in the case of saving the user authentication in localStorage a page that reads it from the browser query.

Here is an example to get it working in a Next.js Application on the Frontend:

import { useRouter } from 'next/router'
import { useAuth } from 'lib/auth'

function ImpersonationPage() {
  const router = useRouter()
  // Some kind of hook where you can set your jwt token
  const {setToken} = useAuth()

  useEffect(() => {
    const token = router.query['jwt']
    setToken(token)
    router.push('/')
  }, [router])

  return <div>redirecting...</div>
}

Keywords

strapi
plugin
impersonation

FAQs

Package last updated on 14 Aug 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs

Security News

Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs

Open source maintainers are urging GitHub to let them block Copilot from submitting AI-generated issues and pull requests to their repositories.

By Sarah Gooding  -  May 20, 2025