diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create impersonation_exit_path() and *_url() functions

Browse Source
This commit is contained in:
dFayet 2019-07-31 20:42:22 +02:00 committed by Damien Fayet
parent 4ab612cad9
commit c1e3703efd
8 changed files with 138 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Symfony/Bridge/Twig/CHANGELOG.md
View File

@ -4,6 +4,7 @@ CHANGELOG
5.2.0 5.2.0
----- -----
* added the `impersonation_exit_url()` and `impersonation_exit_path()` functions. They return a URL that allows to switch back to the original user.
* added the `workflow_transition()` function to easily retrieve a specific transition object * added the `workflow_transition()` function to easily retrieve a specific transition object
* added support for translating `Translatable` objects * added support for translating `Translatable` objects
* added the `t()` function to easily create `Translatable` objects * added the `t()` function to easily create `Translatable` objects

26
src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
View File

@ -14,6 +14,7 @@ namespace Symfony\Bridge\Twig\Extension;
use Symfony\Component\Security\Acl\Voter\FieldVote; use Symfony\Component\Security\Acl\Voter\FieldVote;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException; use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
use Symfony\Component\Security\Http\Impersonate\ImpersonateUrlGenerator;
use Twig\Extension\AbstractExtension; use Twig\Extension\AbstractExtension;
use Twig\TwigFunction; use Twig\TwigFunction;
@ -26,9 +27,12 @@ final class SecurityExtension extends AbstractExtension
{ {
private $securityChecker; private $securityChecker;
public function __construct(AuthorizationCheckerInterface $securityChecker = null) private $impersonateUrlGenerator;
public function __construct(AuthorizationCheckerInterface $securityChecker = null, ImpersonateUrlGenerator $impersonateUrlGenerator = null)
{ {
$this->securityChecker = $securityChecker; $this->securityChecker = $securityChecker;
$this->impersonateUrlGenerator = $impersonateUrlGenerator;
} }
/** /**
@ -51,6 +55,24 @@ final class SecurityExtension extends AbstractExtension
} }
} }
public function getImpersonateExitUrl(string $exitTo = null): string
{
if (null === $this->impersonateUrlGenerator) {
return '';
}
return $this->impersonateUrlGenerator->generateExitUrl($exitTo);
}
public function getImpersonateExitPath(string $exitTo = null): string
{
if (null === $this->impersonateUrlGenerator) {
return '';
}
return $this->impersonateUrlGenerator->generateExitPath($exitTo);
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
@ -58,6 +80,8 @@ final class SecurityExtension extends AbstractExtension
{ {
return [ return [
new TwigFunction('is_granted', [$this, 'isGranted']), new TwigFunction('is_granted', [$this, 'isGranted']),
new TwigFunction('impersonation_exit_url', [$this, 'getImpersonateExitUrl']),
new TwigFunction('impersonation_exit_path', [$this, 'getImpersonateExitPath']),
]; ];
} }
} }

8
src/Symfony/Bundle/SecurityBundle/Resources/config/security.php
View File

@ -48,6 +48,7 @@ use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
use Symfony\Component\Security\Http\Controller\UserValueResolver; use Symfony\Component\Security\Http\Controller\UserValueResolver;
use Symfony\Component\Security\Http\Firewall; use Symfony\Component\Security\Http\Firewall;
use Symfony\Component\Security\Http\HttpUtils; use Symfony\Component\Security\Http\HttpUtils;
use Symfony\Component\Security\Http\Impersonate\ImpersonateUrlGenerator;
use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator; use Symfony\Component\Security\Http\Logout\LogoutUrlGenerator;
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategy;
use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface; use Symfony\Component\Security\Http\Session\SessionAuthenticationStrategyInterface;
@ -160,6 +161,13 @@ return static function (ContainerConfigurator $container) {
]) ])
->tag('security.voter', ['priority' => 245]) ->tag('security.voter', ['priority' => 245])
->set('security.impersonate_url_generator', ImpersonateUrlGenerator::class)
->args([
service('request_stack'),
service('security.firewall.map'),
service('security.token_storage'),
])
// Firewall related services // Firewall related services
->set('security.firewall', FirewallListener::class) ->set('security.firewall', FirewallListener::class)
->args([ ->args([

1
src/Symfony/Bundle/SecurityBundle/Resources/config/templating_twig.php
View File

@ -25,6 +25,7 @@ return static function (ContainerConfigurator $container) {
->set('twig.extension.security', SecurityExtension::class) ->set('twig.extension.security', SecurityExtension::class)
->args([ ->args([
service('security.authorization_checker')->ignoreOnInvalid(), service('security.authorization_checker')->ignoreOnInvalid(),
service('security.impersonate_url_generator')->ignoreOnInvalid(),
]) ])
->tag('twig.extension') ->tag('twig.extension')
; ;

18
src/Symfony/Component/Security/Core/Authentication/Token/SwitchUserToken.php
View File

@ -19,18 +19,21 @@ namespace Symfony\Component\Security\Core\Authentication\Token;
class SwitchUserToken extends UsernamePasswordToken class SwitchUserToken extends UsernamePasswordToken
{ {
private $originalToken; private $originalToken;
private $originatedFromUri;
/** /**
* @param string|object $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method * @param string|object $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method
* @param mixed $credentials This usually is the password of the user * @param mixed $credentials This usually is the password of the user
* @param string|null $originatedFromUri The URI where was the user at the switch
* *
* @throws \InvalidArgumentException * @throws \InvalidArgumentException
*/ */
public function __construct($user, $credentials, string $firewallName, array $roles, TokenInterface $originalToken) public function __construct($user, $credentials, string $firewallName, array $roles, TokenInterface $originalToken, string $originatedFromUri = null)
{ {
parent::__construct($user, $credentials, $firewallName, $roles); parent::__construct($user, $credentials, $firewallName, $roles);
$this->originalToken = $originalToken; $this->originalToken = $originalToken;
$this->originatedFromUri = $originatedFromUri;
} }
public function getOriginalToken(): TokenInterface public function getOriginalToken(): TokenInterface
@ -38,12 +41,17 @@ class SwitchUserToken extends UsernamePasswordToken
return $this->originalToken; return $this->originalToken;
} }
public function getOriginatedFromUri(): ?string
{
return $this->originatedFromUri;
}
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
public function __serialize(): array public function __serialize(): array
{ {
return [$this->originalToken, parent::__serialize()]; return [$this->originalToken, $this->originatedFromUri, parent::__serialize()];
} }
/** /**
@ -51,7 +59,7 @@ class SwitchUserToken extends UsernamePasswordToken
*/ */
public function __unserialize(array $data): void public function __unserialize(array $data): void
{ {
[$this->originalToken, $parentData] = $data; [$this->originalToken, $this->originatedFromUri, $parentData] = $data;
$parentData = \is_array($parentData) ? $parentData : unserialize($parentData); $parentData = \is_array($parentData) ? $parentData : unserialize($parentData);
parent::__unserialize($parentData); parent::__unserialize($parentData);
} }

13
src/Symfony/Component/Security/Core/Tests/Authentication/Token/SwitchUserTokenTest.php
View File

@ -21,7 +21,7 @@ class SwitchUserTokenTest extends TestCase
public function testSerialize() public function testSerialize()
{ {
$originalToken = new UsernamePasswordToken('user', 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']); $originalToken = new UsernamePasswordToken('user', 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
$token = new SwitchUserToken('admin', 'bar', 'provider-key', ['ROLE_USER'], $originalToken); $token = new SwitchUserToken('admin', 'bar', 'provider-key', ['ROLE_USER'], $originalToken, 'https://symfony.com/blog');
$unserializedToken = unserialize(serialize($token)); $unserializedToken = unserialize(serialize($token));
@ -30,6 +30,7 @@ class SwitchUserTokenTest extends TestCase
$this->assertSame('bar', $unserializedToken->getCredentials()); $this->assertSame('bar', $unserializedToken->getCredentials());
$this->assertSame('provider-key', $unserializedToken->getFirewallName()); $this->assertSame('provider-key', $unserializedToken->getFirewallName());
$this->assertEquals(['ROLE_USER'], $unserializedToken->getRoleNames()); $this->assertEquals(['ROLE_USER'], $unserializedToken->getRoleNames());
$this->assertSame('https://symfony.com/blog', $unserializedToken->getOriginatedFromUri());
$unserializedOriginalToken = $unserializedToken->getOriginalToken(); $unserializedOriginalToken = $unserializedToken->getOriginalToken();
@ -73,4 +74,14 @@ class SwitchUserTokenTest extends TestCase
$token->setUser($impersonated); $token->setUser($impersonated);
$this->assertTrue($token->isAuthenticated()); $this->assertTrue($token->isAuthenticated());
} }
public function testSerializeNullImpersonateUrl()
{
$originalToken = new UsernamePasswordToken('user', 'foo', 'provider-key', ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH']);
$token = new SwitchUserToken('admin', 'bar', 'provider-key', ['ROLE_USER'], $originalToken);
$unserializedToken = unserialize(serialize($token));
$this->assertNull($unserializedToken->getOriginatedFromUri());
}
} }

3
src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
View File

@ -181,7 +181,8 @@ class SwitchUserListener extends AbstractListener
$roles = $user->getRoles(); $roles = $user->getRoles();
$roles[] = 'ROLE_PREVIOUS_ADMIN'; $roles[] = 'ROLE_PREVIOUS_ADMIN';
$token = new SwitchUserToken($user, $user->getPassword(), $this->firewallName, $roles, $token); $originatedFromUri = str_replace('/&', '/?', preg_replace('#[&?]'.$this->usernameParameter.'=[^&]*#', '', $request->getRequestUri()));
$token = new SwitchUserToken($user, $user->getPassword(), $this->firewallName, $roles, $token, $originatedFromUri);
if (null !== $this->dispatcher) { if (null !== $this->dispatcher) {
$switchEvent = new SwitchUserEvent($request, $token->getUser(), $token); $switchEvent = new SwitchUserEvent($request, $token->getUser(), $token);

76
src/Symfony/Component/Security/Http/Impersonate/ImpersonateUrlGenerator.php Normal file
View File

@ -0,0 +1,76 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Http\Impersonate;
use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
/**
* Provides generator functions for the impersonate url exit.
*
* @author Amrouche Hamza <hamza.simperfit@gmail.com>
* @author Damien Fayet <damienf1521@gmail.com>
*/
class ImpersonateUrlGenerator
{
private $requestStack;
private $tokenStorage;
private $firewallMap;
public function __construct(RequestStack $requestStack, FirewallMap $firewallMap, TokenStorageInterface $tokenStorage)
{
$this->requestStack = $requestStack;
$this->tokenStorage = $tokenStorage;
$this->firewallMap = $firewallMap;
}
public function generateExitPath(string $targetUri = null): string
{
return $this->buildExitPath($targetUri);
}
public function generateExitUrl(string $targetUri = null): string
{
if (null === $request = $this->requestStack->getCurrentRequest()) {
return '';
}
return $request->getUriForPath($this->buildExitPath($targetUri));
}
private function isImpersonatedUser(): bool
{
return $this->tokenStorage->getToken() instanceof SwitchUserToken;
}
private function buildExitPath(string $targetUri = null): string
{
if (null === ($request = $this->requestStack->getCurrentRequest()) || !$this->isImpersonatedUser()) {
return '';
}
if (null === $switchUserConfig = $this->firewallMap->getFirewallConfig($request)->getSwitchUser()) {
throw new \LogicException('Unable to generate the impersonate exit URL without a firewall configured for the user switch.');
}
if (null === $targetUri) {
$targetUri = $request->getRequestUri();
}
$targetUri .= (parse_url($targetUri, \PHP_URL_QUERY) ? '&' : '?').http_build_query([$switchUserConfig['parameter'] => SwitchUserListener::EXIT_VALUE]);
return $targetUri;
}
}