[4.x] UserImpersonation: store auth guard in session, add $logout param to stopImpersonating()

[lukinovec]

Potentially breaking change: session('tenancy_impersonating') doesn't work anymore. We're using session('tenancy_impersonation_guard') instead.

The 'tenancy_impersonating' session variable got replaced by 'tenancy_impersonation_guard'. UserImpersonation::stopImpersonating() now calls logout() on the guard retrieved by session()->get('tenancy_impersonation_guard') instead of calling logout() on the current auth guard. Now. if you create the impersonation token with guard 'web', and call UserImpersonation::stopImpersonating(), for example in a route that has the auth:sanctum middleware (= the current guard in that route would be RequestGuard which doesn't even have the logout() method -- not the guard for which the impersonation token was created), the method will correctly log the user out of the 'web' guard using which he was actually authenticated instead of the current guard.

Also, UserImpersonation::stopImpersonating() now accepts the $logout parameter, which is true by default. If false is passed, the method doesn't perform the logout.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.93%. Comparing base (37b2a91) to head (20044a8).

Additional details and impacted files

@@            Coverage Diff            @@
##             master    #1437   +/-   ##
=========================================
  Coverage     85.92%   85.93%           
- Complexity     1147     1148    +1     
=========================================
  Files           184      184           
  Lines          3360     3362    +2     
=========================================
+ Hits           2887     2889    +2     
  Misses          473      473           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.