Allow admin user to login as other users

Question

Is there any way to login other users account for admin user ?

Currently authentication based on Meteor Accounts

I saw this post but didn't working at all now.

The feature is important for us because when user have problem in system then admin need to see it this by simulating user account.

Thanks in advance.

Answer 1

As @Jankpunkt has already mentioned alanning-roles I can add something you can use without installing any external package.
Just keep a type key in the profile object of the users collection. Then define some types like 1 for super-admin, 2 for admin, 3 for general etc. Then check the authorisation of particular action by checking the value of user.profile.type key.

Caveats: Make sure you are checking the type in server side. By default profile field is writable from the client end, so if you are putting type field in the profile object make sure that you are not allowing users to modify users collection in the client end. Here is how to restrict client end update in users collection:

Meteor.users.deny({
  update() { return true; }
});

Read more on roles and permissions here: https://guide.meteor.com/accounts.html#roles-and-permissions

Answer 2

It seems you want to impersonate a user. This means that you want to have Meteor.userId (or this.userId depending on context) reflect the _id of a specific user both on the client and the server.

afaict the only way to do this is to login as the user. Presumably you don't want to ask the user for their password so you have a couple of choices:

1. Save their existing password, replace it (temporarily) with a password of your choosing, then after you're done impersonating their account, restore their existing password.

You probably don't want to ask the user for their password and you don't need to. All you need to do is set aside Meteor.user.findOne(userId).services.password.bcrypt, then reset the password to your temporary value, then restore the original bcrypt value later.

The downside is that the original user would not be able to login while you are logged-in. Plus it's really hacky.

2. Extend Meteor's Accounts package to provide impersonation capability in a more elegant manner.

3. You might also look at validateLoginAttempt. The docs are unclear as to whether a failed login attempt could be overridden with a successful one but if it could then that would provide another pathway to solve your problem.

Answer 3

Instead of logging in as the users, which requires their password and which is a total no-no, you may use rather alanning:roles and allow the admin to assign the role of any user in order to draw views based the user's role.

This requires a well designed role system.

As a plus you could then at least load the documents associated with the user who you want to support.

This requires a well designed document and data model.

But generally spoken you should rather focus on writing good tests (test driven development) for components as unit tests, integration tests and UI tests.

This will reduce the need to manually view the app as an end user a lot.

The most common end user problems can be reduced by creating a good knowledge base like a wiki or video tutorials.

Even if then an error occurs in the end user side, I would rather try to implement a well designed error log that allows users automatically create tickets on error which also include the error stack.

All the above methods are to be favored before logging in AS THE USER.