I have a D8.6.1 site with Masquerade enabled. I recently upgraded to 8.6.1 and the masquerade functionality started failing. Here's what happens:

1. I am logged in as admin, go to People and choose "Masquerade as" for a user (have tried several, admin and non-admin)
2a. If the user I'm masq'ing is an admin, I am redirected to the same People screen I was on, receive an "Access denied" message, and appear to be completely logged out.
2b. If the user I'm masq'ing is a non-admin, I am redirected to the front page and I am completely logged out.
3. When I try to log in again as the admin user, I am redirected to "user/1" and receive an Access Denied message and remain logged out
4. If I try once more to log in as the admin user, it succeeds and I am redirected to "user/1" which loads successfully.

It seems that the attempt to masq is causing some sort of authentication confusion that lasts through the next login attempt at which point it is somehow reset and works normally.

Issue fork masquerade-3019665

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jptillman created an issue. See original summary.

trickfun’s picture

trickfun CreditAttribution: trickfun commented

I have the same problem.
when i try to masquerade i get Access Denied message and remain logged out

drupal 8.6.4 and masquerade 2 beta-2

thanks in advance

tstermitz’s picture

tstermitz
Location Colorado
CreditAttribution: tstermitz commented
Priority: Normal » Critical

I can confirm the same behavior.

As this makes masquerade non-functional, I'm marking it as critical.

gandel’s picture

gandel CreditAttribution: gandel commented

Thank you for this great module but it didn't work.
Anytime I'm masq'ing, it's logged me out.
I have a drupal 7.67 installed

Denisev’s picture

Denisev CreditAttribution: Denisev commented

Might be a different reason for the others here, but in our install it was the case when the user had not yet confirmed Terms & Conditions by the Legal module.

brussam’s picture

brussam CreditAttribution: brussam commented

I have the same problem as the initial issue.
I am running Drupal 9.0.2 and Masquerade 2.0@beta
Related logs entries
Path: /history/1052/read. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\history\Controller\HistoryController->readNode() (line 48 of /home/ftpuser/RetamaD9/web/core/modules/history/src/Controller/HistoryController.php).

Path: /history/1051/read. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\history\Controller\HistoryController->readNode() (line 48 of /home/ftpuser/RetamaD9/web/core/modules/history/src/Controller/HistoryController.php).

Path: /quickedit/attachments?_wrapper_format=drupal_ajax. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: The 'access in-place editing' permission is required. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 120 of /home/ftpuser/RetamaD9/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

All errors say
Anonymous (not verified)

rasikap’s picture

rasikap CreditAttribution: rasikap at Axelerant commented

I tried replicating issue as mentioned in comment#6, but couldn't replicate.

I was able to masquerade and navigate as both admin and non admin users.

Thanks!

brussam’s picture

brussam CreditAttribution: brussam commented

rasikap, were you on Drupal 9? Lots of things have ceased to work on Drupal 9 that were fine on Drupal 8.

Tim Corkerton’s picture

Tim Corkerton CreditAttribution: Tim Corkerton as a volunteer commented

This situation occurs for me too (as per https://www.drupal.org/project/masquerade/issues/3019665#comment-13622945) when I have the Legal module installed on latest Drupal 8 and when users have not accepted the Legal T&C's

brussam’s picture

brussam CreditAttribution: brussam commented

In my circumstance, Drupal 9.0.2, there is no Legal Module for Drupal 9 and has never been used.

As a diagnostic, I just did a clean new install of Drupal 9.0.2 and a Composer required drupal/masquerade ^2.0@beta install. Added a user and masquerade worked. So something must be stepping on the masquerade module. Time for a binary search of which module is doing it.

Didn't take long to find drupal/redirect_after_login:^2.6 causes drupal/masquerade to crash. Now it is time for someone with coding skills to fix this.

My solution was to use a patched version of login_direction:2.0.0-alpha1 instead of redirect_after_login.

sgroundwater’s picture

sgroundwater CreditAttribution: sgroundwater as a volunteer commented

I had hit a few minor snags with Masquerade 8.x-2.0-beta4 on Drupal 9.3.7. In the end, the issues were on my side.
Here are a few things to watch out for:
1.) Make sure the user is not set as "blocked". This will do strange things, with no clear info in the activity log. Basically you will redirect to the frontpage, where you'll see both a login and unmasquerade option. Clicking the unmasquerade link will show that the Anonymous account logged out.
2.) If you use a special login module like SimpleSAML / Shibboleth, ensure that the user account can log in locally.

jnicola’s picture

jnicola CreditAttribution: jnicola at Oregon Health & Science University (OHSU) commented

Tried to update to latest RC1 release to see if it fixed this issue. It did not and I still have it.

I'm not sure this needs to be considered critical though. It's more annoying than anything as it can be worked around.

frob’s picture

frob
Primary language English
CreditAttribution: frob at Clarity Innovations, Inc. commented

I think this is more of a Legal module issue. Here is a link to the issue in the legal module https://www.drupal.org/project/legal/issues/2638224

Raveen Thakur made their first commit to this issue’s fork.

solideogloria’s picture

solideogloria CreditAttribution: solideogloria commented

This can't be a bug with Masquerade on its own, as it's working fine.