Adding user impersonation to Rails 8 authentication

Published: 22 hours ago (February 4, 2026 at 12:15 PM EST)

1 min read

Source: Dev.to

Introduction

User impersonation is a powerful feature for SaaS support. It lets you see exactly what a user sees, making it easier to debug issues or provide help.

Quick usage

# Impersonate a user
impersonate! User.find(42)

# Check if you're impersonating
impersonating? # => true

# Get the original user
original_user # => #

# Stop impersonating
unimpersonate!

The impersonation automatically expires after 1 hour (adjustable in the concern).

Routes

# config/routes.rb
Rails.application.routes.draw do
  resource :impersonation, only: %w[create destroy]
end

Updating the `Current` model

# app/models/current.rb
class Current
  # Note: Ruby allows logical operators (`&&`, `||`) at the start of a line.
end

Including the concern

Add include Impersonatable to your ApplicationController.

Impersonations controller

# app/controllers/impersonations_controller.rb
class ImpersonationsController
  # controller actions go here
end

Original article on SaaS authentication.

Remember to implement the security measures before deploying to production.

Adding user impersonation to Rails 8 authentication

Introduction

Quick usage

Routes

Updating the `Current` model

Including the concern

Impersonations controller

Related posts

Devise to Custom Auth: It’s Not Just `has_secure_password

SQLite is All You Need: The 'One-Person Stack' for 2026

Catch N+1 Queries in Rails Request Specs with 11 Lines of Ruby

The Real Cost of Building an MVP in 2026 — With Actual Numbers

Introduction

Quick usage

Routes

Updating the Current model

Including the concern

Impersonations controller

Related posts

Devise to Custom Auth: It’s Not Just `has_secure_password

SQLite is All You Need: The 'One-Person Stack' for 2026

Catch N+1 Queries in Rails Request Specs with 11 Lines of Ruby

The Real Cost of Building an MVP in 2026 — With Actual Numbers

Updating the `Current` model