[Security] Allow configuring a redirect url via route name when switching user

Author: 94noni

CHANGELOG.md

@@ -11,6 +11,7 @@ CHANGELOG
  * Add `Security::logout()` to logout programmatically
  * Add `security.firewalls.logout.enable_csrf` to enable CSRF protection using the default CSRF token generator
  * Add RFC6750 Access Token support to allow token-based authentication
+ * Add `security.firewalls.switch_user.target_route` option to configure redirect target route on switch user
 
 6.1
 ---

DependencyInjection/MainConfiguration.php

@@ -257,7 +257,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
                     ->scalarNode('provider')->end()
                     ->scalarNode('parameter')->defaultValue('_switch_user')->end()
                     ->scalarNode('role')->defaultValue('ROLE_ALLOWED_TO_SWITCH')->end()
-                    ->scalarNode('target_url')->defaultValue(null)->end()
+                    ->scalarNode('target_route')->defaultValue(null)->end()
                 ->end()
             ->end()
             ->arrayNode('required_badges')

DependencyInjection/SecurityExtension.php

@@ -845,8 +845,8 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i
         if (!$userProvider) {
             throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "switch_user" listener on "%s" firewall is ambiguous as there is more than one registered provider.', $id));
         }
-        if ($stateless && null !== $config['target_url']) {
-            throw new InvalidConfigurationException(sprintf('Cannot set a "target_url" for the "switch_user" listener on the "%s" firewall as it is stateless.', $id));
+        if ($stateless && null !== $config['target_route']) {
+            throw new InvalidConfigurationException(sprintf('Cannot set a "target_route" for the "switch_user" listener on the "%s" firewall as it is stateless.', $id));
         }
 
         $switchUserListenerId = 'security.authentication.switchuser_listener.'.$id;
@@ -857,7 +857,7 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i
         $listener->replaceArgument(6, $config['parameter']);
         $listener->replaceArgument(7, $config['role']);
         $listener->replaceArgument(9, $stateless);
-        $listener->replaceArgument(10, $config['target_url']);
+        $listener->replaceArgument(11, $config['target_route']);
 
         return $switchUserListenerId;
     }

Resources/config/security_listeners.php

@@ -151,7 +151,8 @@
                 'ROLE_ALLOWED_TO_SWITCH',
                 service('event_dispatcher')->nullOnInvalid(),
                 false, // Stateless
-                abstract_arg('Target Url'),
+                service('router')->nullOnInvalid(),
+                abstract_arg('Target Route'),
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
 

Tests/DependencyInjection/CompleteConfigurationTest.php

@@ -165,7 +165,7 @@ public function testFirewalls()
                 [
                     'parameter' => '_switch_user',
                     'role' => 'ROLE_ALLOWED_TO_SWITCH',
-                    'target_url' => null,
+                    'target_route' => null,
                 ],
                 [
                     'csrf_parameter' => '_csrf_token',