merged branch jfsimon/security-redirect-attributes (PR #7325)

fabpot · fabpot · commit e4896da80c38 · 2013-03-13T18:34:16.000+01:00
This PR was squashed before being merged into the 2.1 branch (closes #7325). Commits ------- 6575df6 [Security] use current request attributes to generate redirect url? Discussion ---------- [Security] use current request attributes to generate redirect url? Maybe we should consider to use current request attributes to generate the login/logout redirections URL? | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #5080 --------------------------------------------------------------------------- by Seldaek at 2013-03-11T08:33:37Z Can you explain why? --------------------------------------------------------------------------- by jfsimon at 2013-03-11T09:30:07Z @Seldaek let say I prefixed all my URLs with a `{domain}` var (`_locale` for instance), I'd like it to be passed to my redirected request. I guess it could lead to side effects, that's why I tagged this PR `RFC`. --------------------------------------------------------------------------- by Seldaek at 2013-03-11T09:46:33Z Fair enough. The main issue I see is that you end up with "garbage" query params in the URL. Any params that was needed by the previous page and not needed by the new one ends up as ?foo=bar in the URL. It's usually not harmful, but not very clean either. I'm not sure what it would take to grab all the params that a route can use, and only copy those over. --------------------------------------------------------------------------- by jfsimon at 2013-03-11T10:12:49Z @Seldaek indeed, I didn't think about those query parameters... I'll try to fix this in a simple way this afternoon. --------------------------------------------------------------------------- by jfsimon at 2013-03-11T14:54:31Z @Seldaek tell me if what you think of this, it may look like a hack (which wont be acceptable). --------------------------------------------------------------------------- by Seldaek at 2013-03-11T14:59:39Z Eh I see. I can't say it's the less hacky thing I ever saw, but it might be alright. I don't think I'm the best person to take this call though.. Let's see what @fabpot thinks.
diff --git a/src/Symfony/Component/Security/Http/HttpUtils.php b/src/Symfony/Component/Security/Http/HttpUtils.php
@@ -136,15 +136,25 @@ public function generateUri($request, $path)
             return $request->getUriForPath($path);
         }
 
-        return $this->generateUrl($path, true);
+        return $this->generateUrl($path, $request->attributes->all(), true);
     }
 
-    private function generateUrl($route, $absolute = false)
+    private function generateUrl($route, array $attributes = array(), $absolute = false)
     {
         if (null === $this->urlGenerator) {
             throw new \LogicException('You must provide a UrlGeneratorInterface instance to be able to use routes.');
         }
 
-        return $this->urlGenerator->generate($route, array(), $absolute);
+        $url = $this->urlGenerator->generate($route, $attributes, $absolute);
+
+        // unnecessary query string parameters must be removed from url
+        // (ie. query parameters that are presents in $attributes)
+        // fortunately, they all are, so we have to remove entire query string
+        $position = strpos($url, '?');
+        if (false !== $position) {
+            $url = substr($url, 0, $position);
+        }
+
+        return $url;
     }
 }
diff --git a/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php b/src/Symfony/Component/Security/Tests/Http/HttpUtilsTest.php
@@ -137,13 +137,25 @@ public function testCheckRequestPathWithUrlMatcherLoadingException()
         $utils->checkRequestPath($this->getRequest(), 'foobar');
     }
 
-    private function getUrlGenerator()
+    public function testGenerateUrlRemovesQueryString()
+    {
+        $method = new \ReflectionMethod('Symfony\Component\Security\Http\HttpUtils', 'generateUrl');
+        $method->setAccessible(true);
+
+        $utils = new HttpUtils($this->getUrlGenerator());
+        $this->assertEquals('/foo/bar', $method->invoke($utils, 'route_name'));
+
+        $utils = new HttpUtils($this->getUrlGenerator('/foo/bar?param=value'));
+        $this->assertEquals('/foo/bar', $method->invoke($utils, 'route_name'));
+    }
+
+    private function getUrlGenerator($generatedUrl = '/foo/bar')
     {
         $urlGenerator = $this->getMock('Symfony\Component\Routing\Generator\UrlGeneratorInterface');
         $urlGenerator
             ->expects($this->any())
             ->method('generate')
-            ->will($this->returnValue('/foo/bar'))
+            ->will($this->returnValue($generatedUrl))
         ;
 
         return $urlGenerator;

Original file line number	Diff line number	Diff line change
`@@ -136,15 +136,25 @@ public function generateUri($request, $path)`
`136`	`136`	`return $request->getUriForPath($path);`
`137`	`137`	`}`
`138`	`138`
`139`		`- return $this->generateUrl($path, true);`
	`139`	`+ return $this->generateUrl($path, $request->attributes->all(), true);`
`140`	`140`	`}`
`141`	`141`
`142`		`- private function generateUrl($route, $absolute = false)`
	`142`	`+ private function generateUrl($route, array $attributes = array(), $absolute = false)`
`143`	`143`	`{`
`144`	`144`	`if (null === $this->urlGenerator) {`
`145`	`145`	`throw new \LogicException('You must provide a UrlGeneratorInterface instance to be able to use routes.');`
`146`	`146`	`}`
`147`	`147`
`148`		`- return $this->urlGenerator->generate($route, array(), $absolute);`
	`148`	`+ $url = $this->urlGenerator->generate($route, $attributes, $absolute);`
	`149`	`+`
	`150`	`+ // unnecessary query string parameters must be removed from url`
	`151`	`+ // (ie. query parameters that are presents in $attributes)`
	`152`	`+ // fortunately, they all are, so we have to remove entire query string`
	`153`	`+ $position = strpos($url, '?');`
	`154`	`+ if (false !== $position) {`
	`155`	`+ $url = substr($url, 0, $position);`
	`156`	`+ }`
	`157`	`+`
	`158`	`+ return $url;`
`149`	`159`	`}`
`150`	`160`	`}`