[Security] Allow configuring a target url when switching user

94noni · chalasr · commit fa1ec72045f3 · 2022-07-20T22:37:46.000+02:00
diff --git a/DependencyInjection/MainConfiguration.php b/DependencyInjection/MainConfiguration.php
@@ -244,6 +244,7 @@ private function addFirewallsSection(ArrayNodeDefinition $rootNode, array $facto
                     ->scalarNode('provider')->end()
                     ->scalarNode('parameter')->defaultValue('_switch_user')->end()
                     ->scalarNode('role')->defaultValue('ROLE_ALLOWED_TO_SWITCH')->end()
+                    ->scalarNode('target_url')->defaultValue(null)->end()
                 ->end()
             ->end()
             ->arrayNode('required_badges')
diff --git a/DependencyInjection/SecurityExtension.php b/DependencyInjection/SecurityExtension.php
@@ -843,6 +843,9 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i
         if (!$userProvider) {
             throw new InvalidConfigurationException(sprintf('Not configuring explicitly the provider for the "switch_user" listener on "%s" firewall is ambiguous as there is more than one registered provider.', $id));
         }
+        if ($stateless && null !== $config['target_url']) {
+            throw new InvalidConfigurationException(sprintf('Cannot set a "target_url" for the "switch_user" listener on the "%s" firewall as it is stateless.', $id));
+        }
 
         $switchUserListenerId = 'security.authentication.switchuser_listener.'.$id;
         $listener = $container->setDefinition($switchUserListenerId, new ChildDefinition('security.authentication.switchuser_listener'));
@@ -852,6 +855,7 @@ private function createSwitchUserListener(ContainerBuilder $container, string $i
         $listener->replaceArgument(6, $config['parameter']);
         $listener->replaceArgument(7, $config['role']);
         $listener->replaceArgument(9, $stateless);
+        $listener->replaceArgument(10, $config['target_url']);
 
         return $switchUserListenerId;
     }
diff --git a/Resources/config/security_listeners.php b/Resources/config/security_listeners.php
@@ -151,6 +151,7 @@
                 'ROLE_ALLOWED_TO_SWITCH',
                 service('event_dispatcher')->nullOnInvalid(),
                 false, // Stateless
+                abstract_arg('Target Url'),
             ])
             ->tag('monolog.logger', ['channel' => 'security'])
 
