Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] getDefaultSuccessRedirectUrl should have access to the token #18027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
billsworld opened this issue Mar 6, 2016 · 3 comments
Closed

[Security] getDefaultSuccessRedirectUrl should have access to the token #18027

billsworld opened this issue Mar 6, 2016 · 3 comments
Labels
Feature Security

Comments

@billsworld
Copy link

Using the new Guard component I am redirecting the user to a page like /user/{username}. The problem is I cannot access the user token in getDefaultSuccessRedirectUrl. I am proposing that the $request and $token get passed to getDefaultSuccessRedirectUrl

Without the token I have to adjust my authenticator like this

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
    {
        // if the user hit a secure page and start() was called, this was
        // the URL they were on, and probably where you want to redirect to
        $targetPath = $request->getSession()->get('_security.'.$providerKey.'.target_path');

        if (!$targetPath) {
            $targetPath = $this->container->get('router')
            ->generate('app_user_index', ['username' => $token->getUsername()]);
        }

        return new RedirectResponse($targetPath);
    }

    protected function getDefaultSuccessRedirectUrl()
    {
         // nothing
    }

This is not so good b/c I have to define getDefaultSuccessRedirectUrl which will never be used. Perhaps it would be better if the definition was more like this protected function getDefaultSuccessRedirectUrl(Request $request, TokenInterface $token) Or maybe getDefaultSuccessRedirectUrl should not be defined as an abstract method.
@weaverryan
Copy link
Member

@billsworld Hmm, yes I see! The whole point of implementing onAuthenticationSuccess for you was to alleviate the annoying code for getting the target path from the session. However, we just introduced a new trait (https://github.com/symfony/symfony/pull/17714/files#diff-81156d593cb42fd30da1fc35a7a4d056R43) that makes this very easy. I propose that we deprecate getDefaultSuccessRedirectUrl() - and have users implement onAuthenticationSuccess themselves. Then you would have:

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
    {
        $targetPath = $this->getTargetPath($request->getSession(), $providerKey);

        if (!$targetPath) {
            $targetPath = $this->container->get('router')
            ->generate('app_user_index', ['username' => $token->getUsername()]);
        }

        return new RedirectResponse($targetPath);
    }

@billsworld
Copy link
Author

@weaverryan I actually implemented onAuthenticationSuccess more to have access to the TokenInterface. I agree onAuthenticationSuccess could be deprecated but it definitely should not be required by making it abstract in the base class

weaverryan added a commit to weaverryan/symfony that referenced this issue Mar 12, 2016
@weaverryan
[symfony#18027] Deprecate onAuthenticationSuccess() - it's simple eno…
0db1655 
…ugh to implement
@weaverryan weaverryan mentioned this issue Mar 12, 2016
Closed
weaverryan added a commit to weaverryan/symfony that referenced this issue Mar 12, 2016
@weaverryan
[symfony#18027] Deprecate onAuthenticationSuccess() - it's simple eno…
20f7447 
…ugh to implement
@weaverryan
Copy link
Member

I opened a PR to deprecate the function (would also makes the getDefaultSuccessRedirectUrl not abstract anymore): #18135

weaverryan added a commit to weaverryan/symfony that referenced this issue Mar 12, 2016
@weaverryan
[symfony#18027] Deprecate onAuthenticationSuccess() - it's simple eno…
009c6a6 
…ugh to implement
weaverryan added a commit to weaverryan/symfony that referenced this issue Mar 24, 2016
@weaverryan
[symfony#18027] Deprecate onAuthenticationSuccess() - it's simple eno…
537a101 
…ugh to implement
weaverryan added a commit to weaverryan/symfony that referenced this issue Mar 29, 2016
@weaverryan
[symfony#18027] Deprecate onAuthenticationSuccess() - it's simple eno…
b1e75f7 
…ugh to implement
@fabpot fabpot closed this as completed in 93e09fe Mar 31, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Security] Deprecate onAuthenticationSuccess() weaverryan/symfony
3 participants
@javiereguiluz @weaverryan @billsworld