Get it right, or try again and again.

» » Get it right, or try again and again.

Thursday, January 11, 2018

Get it right, or try again and again.

   January 11, 2018      


Following my thoughts from problem to solution, including the steps along the way, and the problems with each of them.

Or: How to login as a user from the Admin panel.

Photo by rawpixel.com on Unsplash
Yesterday I got a phone call from a client, whom I built a Time Tracking system for calculating the salaries of his ~800 employees.
Joe: Hi Shuki.
Me: Hi Joe.
Joe: Remember the app you built me the other day?
Me: Of course.
Joe: Can you build me an option to login as any user from my Admin panel?
Me: Hmm. May I ask why?
Joe: For QA testing, anyways there is no sensitive data.
Me: I dunno.
Joe: Common, you’ll find a way.
Me: I’ll try.
In the following post, I will follow my path to a solution, with the ideas that came to my mind, and the problems with each of them, and in the end I will share the final solution I came up with.

If Stories & pictures aren’t your thing, you can jump to the solution.

Photo by Agence Producteurs Locaux Damien Kühn on Unsplash
My first thought was that on the users page in the Admin panel, clicking any username will open a new window, and login as that user.

The problem:

My site uses cookies to keep the user logged in, so if the Admin logs in as a user, his cookies will be replaced, and he will have to re-login as an Admin.
Photo by Mike Kotsch on Unsplash
Building on my first thought, I can add a link back from the user window, to return to the Admin panel.

The problem:

If any of our users find this link, they will have free access to login as an Admin, that surely is not something we can afford happening.
Photo by Raul Petri on Unsplash
So we need a new window, and we can’t override the cookies, Lets open the user in incognito mode.

The problem:

According to this stack-overflow answer it is impossible to do this via code, And I don’t have the patience to teach him how to do it manually.
Photo by Jason Blackeye on Unsplash
If incognito mode is not an option, we can add parameters to our site like: mysite.com/?user=john&pass=123, and auto login when the page loads.

The problem:

Usernames and passwords in the browser history, doesn’t seem to me like a plan, and if someone overlooks his shoulder…
Photo by rawpixel.com on Unsplash
Now that I knew what I needed, I texted the DevHelps whatsapp group, where I got a quick and efficient solution.
If you want to save parameters on the window, and can’t use cookies because you want each window to have it’s own parameters, just use window.name — Bnaya Peretz.

So My final Solution Has the following steps.

  1. On page loading check for a token saved in the window.name object,
    if it exists, auto-login. Otherwise continue to login page.
  2. After successful login, save the token to window.name for reloading.
  3. When the admin, clicks on a username, open a new window named with that user’s token, which will auto login as the user.
  4. In the Admin panel display a popup to reload the page, and since window.name has the Admin’s token reloading will auto login as Admin.

   / / / / / / / / / /

   No Comments

- January 11, 2018

0 comments :

Post a Comment

Subscribe to: Post Comments ( Atom )