From 4c509fdafd50c19c81148442df025d0412d51fc1 Mon Sep 17 00:00:00 2001
From: Ian Morland <ianm@giffgaff.co.uk>
Date: Fri, 8 May 2020 23:08:43 +0100
Subject: [PATCH] Raise Impersonated event (#9)

---
 composer.json                       |  3 +++
 src/Controllers/LoginController.php | 11 ++++++++--
 src/Events/Impersonated.php         | 33 +++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 src/Events/Impersonated.php

diff --git a/composer.json b/composer.json
index e014856..61cdcbf 100644
--- a/composer.json
+++ b/composer.json
@@ -42,6 +42,9 @@
     "replace": {
         "flagrow/impersonate": "*"
     },
+    "suggest": {
+        "fof/moderator-notes": "Allows audit logging when users are impersonated"
+    },
     "autoload": {
         "psr-4": {
             "FoF\\Impersonate\\": "src/"
diff --git a/src/Controllers/LoginController.php b/src/Controllers/LoginController.php
index 8b7cc1f..7e15b44 100644
--- a/src/Controllers/LoginController.php
+++ b/src/Controllers/LoginController.php
@@ -16,6 +16,8 @@
 use Flarum\Http\SessionAuthenticator;
 use Flarum\User\AssertPermissionTrait;
 use Flarum\User\User;
+use FoF\Impersonate\Events\Impersonated;
+use Illuminate\Events\Dispatcher;
 use Illuminate\Contracts\Session\Session;
 use Laminas\Diactoros\Response\JsonResponse;
 use Psr\Http\Message\ResponseInterface;
@@ -28,13 +30,15 @@ class LoginController implements RequestHandlerInterface
 
     protected $authenticator;
     protected $rememberer;
+    protected $bus;
 
     public $serializer = UserSerializer::class;
 
-    public function __construct(SessionAuthenticator $authenticator, Rememberer $rememberer)
+    public function __construct(SessionAuthenticator $authenticator, Rememberer $rememberer, Dispatcher $bus)
     {
         $this->authenticator = $authenticator;
         $this->rememberer = $rememberer;
+        $this->bus = $bus;
     }
 
     /**
@@ -45,6 +49,7 @@ public function __construct(SessionAuthenticator $authenticator, Rememberer $rem
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
+        $actor = $request->getAttribute('actor');
         $id = array_get($request->getQueryParams(), 'id');
 
         /**
@@ -52,7 +57,7 @@ public function handle(ServerRequestInterface $request): ResponseInterface
          */
         $user = User::findOrFail($id);
 
-        $this->assertCan($request->getAttribute('actor'), 'fofCanImpersonate', $user);
+        $this->assertCan($actor, 'fofCanImpersonate', $user);
 
         /**
          * @var $session Session
@@ -60,6 +65,8 @@ public function handle(ServerRequestInterface $request): ResponseInterface
         $session = $request->getAttribute('session');
         $this->authenticator->logIn($session, $user->id);
 
+        $this->bus->dispatch(new Impersonated($actor, $user));
+
         return $this->rememberer->forget(new JsonResponse(true));
     }
 }
diff --git a/src/Events/Impersonated.php b/src/Events/Impersonated.php
new file mode 100644
index 0000000..b20e6f3
--- /dev/null
+++ b/src/Events/Impersonated.php
@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file is part of fof/impersonate.
+ *
+ * Copyright (c) 2020 FriendsOfFlarum.
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace FoF\Impersonate\Events;
+
+use Flarum\User\User;
+
+class Impersonated
+{
+    /**
+     * @var User
+     */
+    public $actor;
+
+    /**
+     * @var User
+     */
+    public $user;
+
+    public function __construct(User $actor, User $user)
+    {
+        $this->actor = $actor;
+        $this->user = $user;
+    }
+}