Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Profiler] Exit impersonation links #17037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[Profiler] Exit impersonation links #17037

wants to merge 1 commit into from

Conversation

rvanlaak
Copy link
Contributor

Q A
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets -
License MIT
Doc PR -
#14378 did introduce the logout link in the profiler toolbar as I saw in the DX post, and also spoke about user impersonation. This PR adds an "Exit impersionation" link when that specific role is available, and also adds those two links to the actual security panel.

javiereguiluz
javiereguiluz reviewed Dec 16, 2015
View reviewed changes
src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
@@ -37,6 +37,13 @@
<div class="sf-toolbar-info-piece">
<b>Actions</b>
<span><a href="{{ collector.logoutUrl }}">Logout</a></span>
{% if 'ROLE_PREVIOUS_ADMIN' in collector.roles %}
- <span>
<a href="{{ path(profile.getcollector('request').requestattributes.get('_route'), {'_switch_user': '_exit'}) }}">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Beware that the _switch_user query param is configurable for security reasons. See http://symfony.com/doc/current/cookbook/security/impersonating_user.html

impersonate

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're completely right (as usual), so I've been trying to retrieve these parameters but it seems I can't get any further than the firewall key.

$this->tokenStorage->getToken()->getProviderKey()

Seems that problem already was mentioned in http://stackoverflow.com/questions/19610316/how-to-access-firewall-configuration-in-controller

So, how can we "unlock" these configuration parameters for the SecurityDataCollector?

@rvanlaak
Copy link
Contributor Author

When the security.firewall.map.context.main is injected into the SecurityDataCollector here the dump output of the FirewallContext shows that it's listeners contain the SwitchUserListener, but given that $listeners is private, and the listener itself is a private service we can't reach the wanted parameters with the current implementation.

Next to that the main part of the injected firewall context also can be dynamic. Can we rely on the active providerKey in the token for that?

The listener itself also is missing getters on $usernameParameter and $role, so I can't find a way to get the right parameters. Just like #14458 concluded, exiting impersonation still seems to be a no-go.

@rvanlaak rvanlaak closed this Dec 21, 2015
@rvanlaak rvanlaak mentioned this pull request Dec 21, 2015
Closed
@rvanlaak rvanlaak deleted the patch-5 branch March 23, 2016 19:48
@rvanlaak rvanlaak mentioned this pull request Oct 25, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rvanlaak @javiereguiluz @carsonbot