Skip to content

[security] Provide authentification token when using an user checker #50650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
fabienlem opened this issue Jun 13, 2023 · 9 comments · Fixed by #57773
Closed

[security] Provide authentification token when using an user checker #50650

fabienlem opened this issue Jun 13, 2023 · 9 comments · Fixed by #57773
Labels
Feature Security

Comments

@fabienlem
Copy link

fabienlem commented Jun 13, 2023
edited
Loading

Description

Hi there,

When using a custom user checker, ie:

security:
    firewalls:
        api:
            user_checker: 'App\Security\UserChecker'

I would like to be able to get the authentication token. My use case is as follows: I want to make checks less stringent when an impersonation is in progress.

Injecting the Security service does not provide a solution.

use Symfony\Bundle\SecurityBundle\Security;

    public function checkPostAuth(UserInterface $user): void
    {
        $this->security->getToken(); // null
    }

I saw that in Symfony\Component\Security\Http\EventListener\UserCheckerListener the token could be provided as second parameter to the checkPostAuth method. So it could be posible to achieve some things like knowing if an impersonation is in progress.

What do you think about this proposal?

Kind regards,

Fabien

Example

No response
@xabbuh xabbuh added the Feature label Jun 13, 2023
@mdeboer
Copy link
Contributor

mdeboer commented Jun 18, 2023

I very much like this idea. Found it odd why it isn't provided in postAuth really.

@dmiedev
Copy link

dmiedev commented Jul 1, 2023

So there is not a single way how to obtain the token?

@dmiedev
Copy link

dmiedev commented Jul 1, 2023

Welp, this is troublesome :/
One could probably use $this->requestStack->getCurrentRequest()->headers->get('authorization') as a temporary (and somewhat ugly) workaround

@carsonbot
Copy link

Thank you for this suggestion.
There has not been a lot of activity here for a while. Would you still like to see this feature?

@dmiedev
Copy link

dmiedev commented Jan 2, 2024

Yes

@carsonbot carsonbot removed the Stalled label Jan 2, 2024
@carsonbot
Copy link

Thank you for this suggestion.
There has not been a lot of activity here for a while. Would you still like to see this feature?

@carsonbot
Copy link

Friendly reminder that this issue exists. If I don't hear anything I'll close this.

@BipFred
Copy link

BipFred commented Jul 17, 2024

Yes

@carsonbot carsonbot removed the Stalled label Jul 17, 2024
@xabbuh xabbuh mentioned this issue Jul 19, 2024
Merged
@xabbuh
Copy link
Member

xabbuh commented Jul 19, 2024

I opened #57773 which would implement this feature request

@fabpot fabpot closed this as completed in 6c7a6ff Jul 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security] pass the current token to the checkPostAuth() method of user checkers xabbuh/symfony
6 participants
@mdeboer @xabbuh @carsonbot @fabienlem @dmiedev @BipFred