Need to add the normal disable method for disable "Are you sure you want to impersonate", or remove it completely, 'cause this feature is completely unnecessary, interferes with work.

Apart from the fact that no proper NC19 version is available yet, the current version does not work with NC19.

Steps:

• Enable untested app "impersonate"
• Go to users list, select user to impersonate
• Click on "yes" when asked if you want to impersonate
• You are logged in with your own user again, but in a "nested" impersonate session.

NC19 RC2,

Impersonating a user without data (i.e. if the user has never logged in), results in a OCP\Files\NotFoundException error, which means that Nextcloud only shows an "internal error" page, making it even impossible to log out. The only solution then is to delete the cookies in order to log in to your own account again.

Would like to have group admins have access to the impersonate feature for their groups. Allows down the line managers to assist with issues without access outside their group.

Running impersonate 1.5, Nextcloud 18, I no longer see the option in the three-bullet list next to a user account...

This app is not able to be installed on 13. Please test and publish as new release in the appstore.

cc @daita @schiessle @blizzz

Please make Impersonate compatible to NC18.
Edit: According to nextcloud/server#18146 it is compatible with PHP 7.4.

@MorrisJobke THX!

Impersonating an deactivated user will switch to my self. Result is a "nested" impersonate of the user.

How to reproduce:

• select users menu and then select deactivated users
• impersonate a deactivated user

Expected behaviours:

• impersonate the selected user or
• an error message or
• no "impersonate"-possibility for this users (no entry in menu)

Actual behaviour:

• impersonate will "self-impersonate" the actual user
• logout will switch back from user to the same user

Versions

• NextCloud 13.0.4.0
• Impersonate App 1.0.4

I'm running 1.3.0 on NC 16 but the link next to the user's name does not show up. The app has been working before with NC 15.

Hello.

is it possible to prevent using impersonate from Nextcloud admin accounts?
We have sysadmins with all rights (system, storage, Nextcloud, etc.) and apps admins with Nextcloud admins rights. The apps admins shouldn't see any of users files...

Regards.

Releases

• nextcloud 13.0.0.14
• impersonate 1.0.2

Expected behaviour

• after logout from impersonated user, the session will return to the previous user session

Actual behaviour

• the session closes with completely logout. The main login screen is displayed
• but if the impersonated user also in group 'admin', logout works as expected

Perhaps I can provide some data (NC-log, browser console log, etc.). But I need some guidance what kind of informations are needed and how I can capture it.

Ref owncloud/impersonate#17

1. When impersonating an user, the mail app should not be accessible for the admin. This is a data / privacy issue. The admin should not be able to read the users mails from his connected mail account. Maybe it could be possible to block the IMAP / SMTP server details for the admin user.

2. There should be a possibility for the user to mark files and folders as private. These files and folders should not be accessible by admins when impersonating user's account.

Steps to reproduce

1. create group 2FA
2. enable 2FA for that group with the plugin
3. create user with 2FA allowed
4. in the admin "user" settings, attempt to impersonate that user
5. error returned (some details obfuscated)

Internal Server Error

The server encountered an internal error and was unable to complete your request.

Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.

More details can be found in the server log.

Technical details

    Remote Address: 128.250.0.###
    Request ID: 1ygqvDoj###h2g3Sdudz

Reloading does not help, but using the back operation in the browser it is possible to get to the impersonated user.

The error only occurs with users who have 2FA support enabled (note that in this example, the user has not actually set up 2FA yet).

Server configuration

Operating system: Debian Jessie

Web server: Apache2

Database: Mariadb

PHP version: 7.0.20-2

Nextcloud version: 12.0.3

Impersonating an user gives you access to all of his/her data and communications which is quite a strong security issue. When an admin account issues i.e. an app upgrade etc. Nextcloud asks for the admin password though nothing bad would happen.

Suggestion: Ask for that password before impersonating someone (and file a report into the log)

I tried changing the max version in the info.xml file to 15, but it appears that there is more work needed to make this compatible. It's a great tool and I hope it can be updated!

the impersonate does not display in nexcloud

Steps to reproduce:

• Install NC13b3
• Login as admin user (in my case using TOTP)
• Activate Impersonate App
• Impersonate an existing user
• Log out impersonated user

Expected:

• Be back in main (admin) session

Actual

• Back to Login screen (completely logged out)

Hi.

I'm trying to work around the (much discussed) issue that prevents the creation of App Passwords while impersonating. I'm trying to impersonate all users, one at a time, to export their data for importation into a fresh new Nextcloud instance.

I didn't want this process to require resetting user passwords (LDAP/AD integrated). I'd prefer to have something like rclone setup to copy the data from one WebDAV server to the other in an automated way, rather than needing to download user data using the WebUI.

So, would it be possible to extend the impersonate app to enable impersonation with WebDAV? Maybe by presenting the desired user's name on the WebDAV URL like "https://nextcloud.fqdn/remote.php/webdav?impersonate=some.user".

Thoughts?

Cheers.
Shaun

Running nexcloud 13.0, updated to impersonate 1.0.3.

The impersonate icon no longer appears beside the name you have to click on the 3 dots to find it. If you attempt to Impersonate someone it doesn't work. You clink on the link and it goes no where

App is shown as active in app overview, but no action visible in usermenu.
Neither in 3dot menu nor in user overwiew.
impersionate 1.1.0

Currently using the Imporsonate app on a instance with encryption enabled but can't change stuff or even access files (I understand why) but it would be great if you could access their files etc.

Maybe by entering a master password or something, but it would be really useful else I have to ask for their password everytime I need to fix something which is only fixable through the web interface.

This is only a small optical issue: For some languages the header text of the "Are you sure.."-popup collides with the X-button in the upper left corner.

Releases

• nextcloud 13.0.0.14
• impersonate 1.0.2
• user language setting: German (and possibly also other verbosely languages... ;-)

To reproduce the issue switch the impersonating user language to German. Go to users menue and impersonate another user. You will now see the popup. I suspect the issue is not browser specific.

• Chrome 64.0.3282.186
  

• Firefox 58.0.2
  

• IE 11.786.15063.0
  

1. Login as "user"
2. Impersonate the same user

Not a bug, but the ability to impersonate ourselves should be disable IMHO.

Internal Server Error
The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.

Technical details
Remote Address: 98.26.216.12
Request ID: WS92Q9k95ty9SSUDOqI64wAAAAA

The Log:
Error no app in context Symfony\Component\Routing\Exception\RouteNotFoundException: Unable to generate a URL for the named route "theming.Theming.getLogo" as such route does not exist.
/home/otech/sync/lib/private/Route/Router.php - line 339: Symfony\Component\Routing\Generator\UrlGenerator->generate('theming.Theming...', Array, 1)
/home/otech/sync/lib/private/URLGenerator.php - line 70: OC\Route\Router->generate('theming.Theming...', Array)
/home/otech/sync/apps/theming/lib/ThemingDefaults.php - line 156: OC\URLGenerator->linkToRoute('theming.Theming...')
/home/otech/sync/lib/public/Defaults.php - line 186: OCA\Theming\ThemingDefaults->getLogo(true)
/home/otech/sync/core/templates/layout.guest.php - line 45: OCP\Defaults->getLogo()
/home/otech/sync/lib/private/Template/Base.php - line 176: include('/home/otech/syn...')
/home/otech/sync/lib/private/Template/Base.php - line 151: OC\Template\Base->load('/home/otech/syn...', NULL)
/home/otech/sync/lib/private/legacy/template.php - line 202: OC\Template\Base->fetchPage(NULL)
/home/otech/sync/lib/private/legacy/template.php - line 224: OC_Template->fetchPage()
/home/otech/sync/lib/private/Template/Base.php - line 132: OC_Template->fetchPage()
/home/otech/sync/core/templates/403.php - line 7: OC\Template\Base->printPage()
{main}

I activated the app but when trying to impersonate a user, I was hit with this error.

Some users i try to impersonate in my test instance return this in the browser (Firefox) console, as other works without problems.

TypeError: result.responseJSON is undefined @ impersonate.js:12:5
    impersonate https://example.com/apps/impersonate/js/impersonate.js?v=1504f9c4-9:12
    u https://example.com/core/js/dist/main.js?v=1504f9c4-9:39
    fireWith https://example.com/core/js/dist/main.js?v=1504f9c4-9:39
    k https://example.com/core/js/dist/main.js?v=1504f9c4-9:39
    t https://example.com/core/js/dist/main.js?v=1504f9c4-9:39

The old way to inject the menu item does not work anymore. Now in the new user management, we deal with the popovermenu. At the time of the execution, the menu is not there yet, so injection fails.

The proper way is to offer an API for the user management to register an item for the user row.

discussed with @skjnldsv

So I Enabled impersonate, but doesn't show on nextcloud 13_.x No icon, no nothing! What am I missing?

After impersonating another user, i am starting to get their notifications. So far it has been shared Deck and calendar event notifications, from user that i and other admins have impersonated.

• I think it would be great if a user can opt-in to impersonate being used on their account. Maybe limit the time to five minutes or something similar.
  So in the case of helpdesk wanting to coroborate an issue, or guide the user while on the phone, this would then be possible for that amount of time. If helpdesk didn't need to access the account, impersonate gets deactivated for that user again after the time limit has been reached.

• There also should be a message in the notification area that informs the user about who has used this app on his account for how long. Maybe even an option to send this info via E-Mail to the user, and of course log it in the activity stream of the user.

• Once the impersonation is complete, and the helpdesk has logged out, impersonation gets disabled by that user automatically again.

This would work great with #50

Looks like it hasn’t been updated since 1.0.2. (Current version is 1.5.1.)

I suggest adding to the top of CHANGELOG.md a link to the releases page instead at https://github.com/nextcloud/impersonate/releases

Add a textbox to this dialog, where the admin can type a reason why he impersonate another user.
(eg. "Ticket xxxx, problem with sharing folder...")

The reason should also appear in the Log/Activity...

This is not really an issue of this app. I just need some help.

I would like to create a Public folder for each user and shared it to the Everyone group. I could impersonate each user and click-click-click, but it would be great if this could be done with some automation, e.g., via the command line. In other words, can this app can be used as an nc-sudo command? After nc-sudo, I can then use the ocs API, I suppose.

Or, is there an even better way to do this kind of automation?

Thank you very much!

1. login as an admin user, "adam" for example
2. impersonate a user, "bob" for example
3. Settings > Security
4. Enter an app name, "test" for example
5. click "Create new app password"

Expected result: the displayed credentials have a username of the impersonated user bob
Actual result: the displayed credentials have a username of the original user adam
See the attached screenshot.

More significantly, the new app password does not work for a login as the impersonated user bob.

Maybe it is me, but I cannot find a way to end the impersonation.
Did I misconfigure something?

If i impersonate a user and try to create a new app specific password for that user under:
Personal > security > devices & sessions
I cannot do it because the user name is autofilled with 'admin' (which is the name of the account i am impersonating from) and not the user's name.

Description

The impersonated user should get informed about any performed impersonation.

Details

• who did the imersonation (user name and ideally email address)
• when did the impersonation start and when did it end

Location

• Notification box
• email
• activity stream

Motivation

Even though the impersonation is logged in the Nextcloud log, the impersonated user has no idea someone acted in their name. Too much harm could be done by a bad admin without anyone noticing it for quite some time.

Expected behavior

All kind of text strings should be displayed in the selected language.

Current behavior

The "Impersonate" category header under Settings>Administration>Additional Settings is not translated into German language and should be changed from Impersonate to Impersonate user ("Benutzer nachahmen") although a correct translation exists.

Steps to reproduce

1. open the settings dialog
2. navigate to Administration>Additional Settings

Environment

Server Configuration

OS: Linux 3.16.63
Web server: Apache2 2.4.37
Database: MariaDB 10.2.22
PHP version: 7.2.14
Nextcloud version: 15.0.5
Impersonate app version: 1.2.0

Client Configuration

Browser: Mozilla Firefox 66.0.2
Operating system: Windows 10

Well... Accessing my own account when I am logged in via Impersonate makes zero-sense 😉

nextcloud/server#1234 will introduce this dropdown menu for every user, where you can select to disable or to delete a user. This menu is where the impersonate button should be placed 🙈

@nextcloud/designers

If a Nextcloud instance is using encryption, should it still be possible to see an impersonated users files? I ask because I saw this on the app store page:

This app is not compatible with instances that have encryption enabled.

On my server, I have encryption but impersonate still allows me to see the contents of an impersonated users files. Is this by design?

In the file l10n/de_DE.js ("formal German"), the translation string for "Impersonate" in line 7 should read "Nachahmen" as in de.js.

Current Workaround:

• Disable "Impersonate"-app in apps management

Possible fixes:

• Option to hide it in Settings (like "Show email-adress, last login, ...)
• Implement #4 😉

Running Nextcloud 13

When impersonating a user and trying to create app-token
the token is created but you cant change the username impersonated.

It keeps the impersonators username instead of the user impersonated.

When trying to impersonate another user (it doesn't matter which one) I first get an Internal Server Error (logfile below), then I'm logged in a second time as my original user. If I log out once, I am back at my original user (again) and need to log out a second time to really log out.

I have user_saml as user backend installed, I do not use LDAP nor any other backend. NextCloud 12.0.2, PHP 7.1, Apache 2.4, Linux host.

Doctrine\DBAL\Exception\UniqueConstraintViolationException: An exception occurred while executing 'INSERT INTO `oc_authtoken`(`uid`,`login_name`,`name`,`token`,`type`,`remember`,`last_activity`) VALUES(?,?,?,?,?,?,?)' with params ["USER@DOMAIN", "USER@DOMAIN", "Mozilla\/5.0 (X11; Linux x86_64; rv:54.0) Gecko\/20100101 Firefox\/54.0", "TOKEN_HERE", 0, 0, 1502990275]: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'TOKEN_HERE' for key 'authtoken_token_index'

    /var/www/cloud/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/DBALException.php - line 128: Doctrine\DBAL\Driver\AbstractMySQLDriver->convertException('An exception oc...', Object(Doctrine\DBAL\Driver\PDOException))
    /var/www/cloud/3rdparty/doctrine/dbal/lib/Doctrine/DBAL/Statement.php - line 177: Doctrine\DBAL\DBALException driverExceptionDuringQuery(Object(Doctrine\DBAL\Driver\PDOMySql\Driver), Object(Doctrine\DBAL\Driver\PDOException), 'INSERT INTO `oc...', Array)
    /var/www/cloud/lib/public/AppFramework/Db/Mapper.php - line 247: Doctrine\DBAL\Statement->execute()
    /var/www/cloud/lib/public/AppFramework/Db/Mapper.php - line 125: OCP\AppFramework\Db\Mapper->execute('INSERT INTO `*P...', Array)
    /var/www/cloud/lib/private/Authentication/Token/DefaultTokenProvider.php - line 97: OCP\AppFramework\Db\Mapper->insert(Object(OC\Authentication\Token\DefaultToken))
    /var/www/cloud/lib/private/User/Session.php - line 610: OC\Authentication\Token\DefaultTokenProvider->generateToken(*** sensitive parameters replaced ***)
    /var/www/cloud/lib/private/legacy/user.php - line 205: OC\User\Session->createSessionToken(Object(OC\AppFramework\Http\Request), 'USER@DOMAIN', 'USER@DOMAIN')
    /var/www/cloud/lib/private/legacy/user.php - line 238: OC_User loginWithApache(Object(OCA\User_SAML\UserBackend))
    /var/www/cloud/apps/user_saml/appinfo/app.php - line 50: OC_User handleApacheAuth()
    /var/www/cloud/lib/private/legacy/app.php - line 209: require_once('/var/www/cloud....')
    /var/www/cloud/lib/private/legacy/app.php - line 149: OC_App requireAppFile('user_saml')
    /var/www/cloud/lib/private/legacy/app.php - line 124: OC_App loadApp('user_saml')
    /var/www/cloud/lib/base.php - line 982: OC_App loadApps(Array)
    /var/www/cloud/index.php - line 48: OC handleRequest()
    {main}

Just thought I should let ya'll know.

Steps to reproduce:

1. Log in as admin
2. impersonate a user
3. open settings-security
4. create new app password
5. additional password request pops up, doesn't accept USER's password but ADMIN's password only
6. username of app password shows ADMIN's username

When trying to impersonate a new user directly after its creation (no login ever from this user) the impersonation does not work. Instead, the current user (administrator) is impersonated, i.e. I have a nested login admin -> admin

How to reproduce:

• Enter user name and password, click "create" to get a new user
• Immediately click on "impersonate"

Expected: impersonation of new user
Actual behavior: impersonation of currently logged in user

This is Impersonate 1.0.3 on Nextcloud 13.0.1, running on Debian 9, PHP7.1 and nginx.

Hi,

when i generate an app pin while logged in by impersonating, the generated app pin result shows the name of the admin user and the generated app pin is not valid (either user nor admin).

Greets, ManOki