While the goal of restricting default access is admirable, the current implementation is technically a gaping hole for possible problems. First, .dev is a registered top-level domain. .local could be used in the future as a generic TLD. It is not reserved.

It would be best to have the default allowed TLD's those defined in RFC 2606 as reserved. Meaning they can't be registered for public use on the web. Further extended that list, to still allow functionality on the localhost{?:port} origin as well since localhost itself is also reserved for non-web-routable work as well.

Thank you for your time,
-Garbee

FatalErrorException in
SudoSu.php line 34
:
syntax error, unexpected 'return' (T_RETURN), expecting identifier (T_STRING)

EDIT: This was a php 5.6 error .. 7 is needed.
getting following now

Trying to get property of non-object (View: /var/www/clients/client0/web232/web/vendor/viacreative/sudo-su/resources/views/user-selector.blade.php) (View: /var/www/clients/client0/web232/web/vendor/viacreative/sudo-su/resources/views/user-selector.blade.php) (View: /var/www/clients/client0/web232/web/vendor/viacreative/sudo-su/resources/views/user-selector.blade.php) (View: /var/www/clients/client0/web232/web/vendor/viacreative/sudo-su/resources/views/user-selector.blade.php)

how register Provider for only one user without APP_DEBUG?

class AppServiceProvider extends ServiceProvider
{
    public function register()
    {
        if (env('APP_DEBUG')) {
            $this->app->register('VIACreative\SudoSu\ServiceProvider');
        }
    }
}

@if (Auth::check() && Auth::user()->id == 1)
    @include('sudosu::user-selector')
@endif

I had a users table with about 500 users. Currently this package shows all of them!

Is there a way we could paginate the shown number of users. or even better prompt for a users email and automatically login the user?

Hello.

On user-selector.blade.php you use the 'name' attribute to show available users.

In my system it comes blank, because I don't save names in User model.

I would like to suggest a change, we could be able to specify what user attribute we want to display in selector, for example on my case I would like to show 'username' other people could prefer 'email' etc.

It would be nice to have this option in configuration file.

Thank you.

Robson

If already has a fontAwesome of the other version in project, there will be no problems?

The content is being injected outside of the html tag.

I think it might be better to simply let the user include a partial in their layout file, instead of automatically injecting the HTML into the response. This would also fix the issue of the partial being injected into api requests. So for example:

@include('sudosu::selector')

This way you can decide what pages you want it to display on, and all it requires is a little extra setup.
(Adding one line to your layout file)

I would prefer to be able to configure the user-selector blade to show the username vs name or even better the user->person-fullName() (a relationship / method I have created). Of course I can do that in the vendor/ viacreative / sudo-su /resource / views / user-selector-blade.php but it would be nice to have this available in the config.

I rewrote this library with new features. Because this library has no updates.

https://github.com/SupianIDz/LaraPersonate

I had the same problem #21 ，and try to modify allowed_tlds array, but no resolve.
So I found the following code：

protected function getRequestTld()
    {
        $requestHost = parse_url(Request::url())['host'];
        $exploded = explode('.', $requestHost);
        $requestTld = end($exploded);

        return $requestTld;
    }

protected function tldIsAllowed()
    {
        $requestTld = $this->getRequestTld();
        $allowedTlds = Config::get('sudosu.allowed_tlds');

        return in_array($requestTld, $allowedTlds);
    }

that line code return in_array($requestTld, $allowedTlds); show to use the domain name suffix.
/(ㄒoㄒ)/~~
So I would suggest using the APP_ENV variable.

(The end, Please excuse my poor English expression)

For a dev-only package it's not desireable to have files added to the actual project. There's already a fix for the fontawesome dependency. What's the problem with the rest, why the need for vendor:publish?

Dear author @mrterryh,

As the title mentioned, if I cached the route, it showed "Route [sudosu.login_as_user] not defined."
If I use php artisan route:clear to clear the route cache, it can work functionally.

I search for the related issue in this repository with no result, so I open this issue to look for the answer.
Please give me some hints if I didn't set my environment correctly.

http://prntscr.com/fen37q

Problem

I just installed this in my Laravel project & I get Undefined variable: hasSudoed the button seems to be down on the right & is working.

Versions

Laravel 5.4
viacreative/sudo-su 1.0

$ composer require viacreative/sudo-su
Using version ^1.1 for viacreative/sudo-su
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)

Nothing to install or update
Generating autoload files

Illuminate\Foundation\ComposerScripts::postUpdate
Script Illuminate\Foundation\ComposerScripts::postUpdate handling the post-update-cmd event terminated with an exception

Installation failed, reverting ./composer.json to its original content.

[ErrorException]
The use statement with non-compound name 'Auth' has no effect

It seems that the plugin appends itself to every response, including a json response. This breaks a lot of things.

(Laravel 5.3)

Hello,

In my system, I have 'environment' and I use Global Scopes, so sudo-su does not return all available users in the database.

We could be able to choose if we want to ignore Global Scopes in config file so on SudoSu.php > getUsers() method, based on configuration, you could run $user->withoutGlobalScopes()->get() instead of only $user->get()

Hope it is a nice idea and is implemented.

Thank you,

Robson

Hey, great package. I have tried it today and I feel like there are few issues that need to be addressed.

Firstly, sudo-su should fail more gracefully. More specifically, I think lines like this don't make any sense.

For example, if you install sudo-su and don't add your virtual host to the list of allowed_tlds, you will get this Exception:

ErrorException in FileViewFinder.php line 112:
No hint path defined for [sudosu]. (View: /opt/project/resources/views/layouts/app.blade.php) (View: /opt/project/resources/views/layouts/app.blade.php)

When it would be much better if only sudo-su didn't work (silently failed).

On a side note:

• it would be great (and I strongly suggest this) if I could publish user-selector view
• there are only 60 lines of css in the package so for now it may be better to just have inline style tag in a partial instead of publishing /public/sudo-su/css/app.css
• why not add localhost to the list of allowed tlds?

Don't use a keyword as the return method.

SudoSuController
public function return(Request $request)

SudoSu
public function return()

the hidden class defined in sudosu classes makes the following div stay hidden nomatter what screen sizes you are on:

<div class="hidden sm:block">Hide me on small screens only</div>

Hello,

I think very important the TLD security implementation, however in my case I use PREFIX, on my local/dev environment I have http://dev.domain and on my production I have http://www.domain I would like to be able to allow/block usage by PREFIX so I could set 'dev' in config file and it would work only in my development environment.

Hope this is interesting and implemented.

Thank you,

Robson