Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
Create impersonation_exit_path() and *_url() functions#32841
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
f898bf1 toef15c60Compare| $this->firewallMap =$firewallMap; | ||
| } | ||
| publicfunctiongenerateImpersonateExitUrl(string$exitTo =null,$referenceType = UrlGeneratorInterface::ABSOLUTE_URL):string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I definitely don't like the nameexitTo, any suggestion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
i suggestgenerateExitUrl/Path(string $targetUri = null): string
ef15c60 to16a96f1ComparedFayet commentedAug 8, 2019
ping@Taluu |
Uh oh!
There was an error while loading.Please reload this page.
b13daf3 toe0c8ebbCompare| privatefunctionisImpersonatedUser():bool | ||
| { | ||
| if (null ===$token =$this->tokenStorage->getToken()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
return $this->tokenStorage->getToken() instanceof SwitchUserToken?
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| class SwitchUserTokenextends UsernamePasswordToken | ||
| { | ||
| private$originalToken; | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
newline not needed
| { | ||
| private$originalToken; | ||
| private$impersonatedFromUri; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
what about$originatedFromUri
| * @param mixed $credentials This usually is the password of the user | ||
| * @param string $providerKey The provider key | ||
| * @param string[] $roles An array of roles | ||
| * @param string|null $impersonatedFromUri The Url where was the user at the switch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The URI ...
| $roles[] =newSwitchUserRole('ROLE_PREVIOUS_ADMIN',$this->tokenStorage->getToken(),false); | ||
| $token =newSwitchUserToken($user,$user->getPassword(),$this->providerKey,$roles,$token); | ||
| $token =newSwitchUserToken( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
i still think we prefer one line :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
me too :)
| class ImpersonateUrlGenerator | ||
| { | ||
| private$requestStack; | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
newlines not needed
| publicfunctiongenerateImpersonateExitUrl(string$exitTo =null,$referenceType = UrlGeneratorInterface::ABSOLUTE_URL):string | ||
| { | ||
| $request =$this->requestStack->getCurrentRequest(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
can be moved down the if the below
| useSymfony\Bundle\SecurityBundle\Security\FirewallMap; | ||
| useSymfony\Component\HttpFoundation\RequestStack; | ||
| useSymfony\Component\Routing\Generator\UrlGeneratorInterface; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
this is only a dev-dependency, not sure we should rely on it here (we dont have to)
perhaps create 2 separate methods as done inSecurityExtension, or inline the consts
| thrownew \LogicException('Unable to generate the impersonate exit URL without a firewall configured for the user switch.'); | ||
| } | ||
| if ('_use_impersonated_from_url' ===$exitTo) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
perhaps we should decouple this into its own (twig) method so we can do
{{ impersonation_exit_url(impersonation_start_url()) }}meaning we can implementimpersonation_start_url as a hybrid;
if impersonated: points to "originated from uri"
else: points to "switch user uri"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
and perhaps for completenessis_impersonated()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
and perhaps for completeness
is_impersonated()
I don't think it's worth adding this function, as this information can be simply retrieved by doing{% if is_granted('ROLE_PREVIOUS_ADMIN') %}, your thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
@ro0NL About your idea ofimpersonation_start_url should we also consider to create function to get url/path to start impersonation?
I thing the nameimpersonation_start_url might be misleading as it looks like the*_exit* ones, but does not really generate urls to "start" the impersonation.
I would be more confident with names likeimpersonation_get_start_url orimpersonation_started_url.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I'm not sure I like this_use_impersonated_from_url feature. I would drop it completely (at least at first).
fabpot left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
@dFayet I've just made some comments (mainly because core code has changed), can you take the comments into account and rebase on current master?
Uh oh!
There was an error while loading.Please reload this page.
| <argumenttype="service"id="request_stack" /> | ||
| <argumenttype="service"id="security.firewall.map" /> | ||
| <argumenttype="service"id="security.token_storage" /> | ||
| </service> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Should be moved to the new PHP configuration file
| <serviceid="twig.extension.security"class="Symfony\Bridge\Twig\Extension\SecurityExtension"> | ||
| <tagname="twig.extension" /> | ||
| <argumenttype="service"id="security.authorization_checker"on-invalid="ignore" /> | ||
| <argumenttype="service"id="security.impersonate_url_generator"on-invalid="ignore" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Should be moved to the new PHP configuration file
| "symfony/security-csrf":"^4.2|^5.0", | ||
| "symfony/security-guard":"^4.2|^5.0", | ||
| "symfony/security-http":"^4.3" | ||
| "symfony/security-http":"^4.4" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
5.2
| $roles[] =newSwitchUserRole('ROLE_PREVIOUS_ADMIN',$this->tokenStorage->getToken(),false); | ||
| $token =newSwitchUserToken($user,$user->getPassword(),$this->providerKey,$roles,$token); | ||
| $token =newSwitchUserToken( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
me too :)
| $this->providerKey, | ||
| $roles, | ||
| $token, | ||
| str_replace('/&','/?',preg_replace('#[&?]'.$this->usernameParameter.'=[^&]*#','',$request->getRequestUri())) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
you might want to create a temp var instead
| thrownew \LogicException('Unable to generate the impersonate exit URL without a firewall configured for the user switch.'); | ||
| } | ||
| if ('_use_impersonated_from_url' ===$exitTo) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I'm not sure I like this_use_impersonated_from_url feature. I would drop it completely (at least at first).
fabpot commentedSep 6, 2020
@dFayet Do you have time to finish this PR? |
dFayet commentedSep 6, 2020
@fabpot I will try to finish it today, otherwise, at worst, this week it should be ready |
e0c8ebb to0ac0dc9Compare0ac0dc9 to3894373Compare945d41f to18604f6Compare18604f6 toc1e3703ComparedFayet commentedSep 6, 2020 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
@fabpot This should be ready now. |
fabpot commentedSep 6, 2020
Thank you@dFayet. |
| publicfunction__serialize():array | ||
| { | ||
| return [$this->originalToken,parent::__serialize()]; | ||
| return [$this->originalToken,$this->originatedFromUri,parent::__serialize()]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Don't we need to add at the end to avoid issues with existing data when applications are updated?
This PR was merged into the master branch.Discussion----------Leave impersonation functionsWill solve#14183Documents new Twig functions `impersonation_exit_path` and `impersonation_exit_url` added insymfony/symfony#32841Commits-------b7bd572 Leave impersonation functions
Uh oh!
There was an error while loading.Please reload this page.
This is a relaunch of the PR#24737
It adds more flexibility to the previous try.
You have two twig functions
impersonation_exit_url()andimpersonation_exit_path()You can either leave on the same path, redirect to the path where was the user at the user switch, or to the path you want.
Example:
The following code
will output
Note: If this proposal appears to be better, I'll add tests, update changelog, and prepare the doc.
Bonus:
As the "impersonated from url" is stored in the
SwitchUserTokenit might be possible to display it in the profiler:WDYT?