[Security] Allow configuring a target url when switching user

94noni · 94noni · commit d014fc46fce3 · 2022-06-30T14:16:37.000+02:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -244,6 +244,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
                     ->scalarNode('provider')->end()
                     ->scalarNode('parameter')->defaultValue('_switch_user')->end()
                     ->scalarNode('role')->defaultValue('ROLE_ALLOWED_TO_SWITCH')->end()
+                    ->scalarNode('target_url')->defaultValue(null)->end()
                 ->end()
             ->end()
             ->arrayNode('required_badges')
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -830,6 +830,7 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i
         $listener->replaceArgument(6, $config['parameter']);
         $listener->replaceArgument(7, $config['role']);
         $listener->replaceArgument(9, $stateless);
+        $listener->replaceArgument(10, $config['target_url']);
 
         return $switchUserListenerId;
     }
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.php
@@ -150,6 +150,7 @@
                 'ROLE_ALLOWED_TO_SWITCH',
                 service('event_dispatcher')->nullOnInvalid(),
                 false, // Stateless
+                abstract_arg('Target Url'),
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
 
diff --git a/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php b/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
@@ -51,8 +51,9 @@ class SwitchUserListener extends AbstractListener
     private ?LoggerInterface $logger;
     private ?EventDispatcherInterface $dispatcher;
     private bool $stateless;
+    private ?string $targetUrl;
 
-    public function __construct(TokenStorageInterface $tokenStorage, UserProviderInterface $provider, UserCheckerInterface $userChecker, string $firewallName, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, string $usernameParameter = '_switch_user', string $role = 'ROLE_ALLOWED_TO_SWITCH', EventDispatcherInterface $dispatcher = null, bool $stateless = false)
+    public function __construct(TokenStorageInterface $tokenStorage, UserProviderInterface $provider, UserCheckerInterface $userChecker, string $firewallName, AccessDecisionManagerInterface $accessDecisionManager, LoggerInterface $logger = null, string $usernameParameter = '_switch_user', string $role = 'ROLE_ALLOWED_TO_SWITCH', EventDispatcherInterface $dispatcher = null, bool $stateless = false, ?string $targetUrl = null)
     {
         if ('' === $firewallName) {
             throw new \InvalidArgumentException('$firewallName must not be empty.');
@@ -68,6 +69,7 @@ public function __construct(TokenStorageInterface $tokenStorage, UserProviderInt
         $this->logger = $logger;
         $this->dispatcher = $dispatcher;
         $this->stateless = $stateless;
+        $this->targetUrl = $targetUrl;
     }
 
     /**
@@ -122,7 +124,7 @@ public function authenticate(RequestEvent $event)
         if (!$this->stateless) {
             $request->query->remove($this->usernameParameter);
             $request->server->set('QUERY_STRING', http_build_query($request->query->all(), '', '&'));
-            $response = new RedirectResponse($request->getUri(), 302);
+            $response = new RedirectResponse($this->targetUrl ?? $request->getUri(), 302);
 
             $event->setResponse($response);
         }

Original file line number	Diff line number	Diff line change
`@@ -830,6 +830,7 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i`
`830`	`830`	`$listener->replaceArgument(6, $config['parameter']);`
`831`	`831`	`$listener->replaceArgument(7, $config['role']);`
`832`	`832`	`$listener->replaceArgument(9, $stateless);`
	`833`	`+ $listener->replaceArgument(10, $config['target_url']);`
`833`	`834`
`834`	`835`	`return $switchUserListenerId;`
`835`	`836`	`}`