[TwigBridge] Create impersonation_exit_path() and *_url() functions

Amrouche Hamza · Amrouche Hamza · commit 02969744dcb5 · 2018-03-26T09:39:07.000+02:00
diff --git a/src/Symfony/Bridge/Twig/Extension/SecurityExtension.php b/src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
@@ -14,21 +14,25 @@
 use Symfony\Component\Security\Acl\Voter\FieldVote;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
+use Symfony\Component\Security\Http\Logout\ImpersonateUrlGenerator;
 use Twig\Extension\AbstractExtension;
 use Twig\TwigFunction;
 
 /**
  * SecurityExtension exposes security context features.
  *
  * @author Fabien Potencier <fabien@symfony.com>
+ * @author Amrouche Hamza <hamza.simperfit@gmail.com>
  */
 class SecurityExtension extends AbstractExtension
 {
     private $securityChecker;
+    private $impersonateUrlGenerator;
 
-    public function __construct(AuthorizationCheckerInterface $securityChecker = null)
+    public function __construct(AuthorizationCheckerInterface $securityChecker = null, ImpersonateUrlGenerator $impersonateUrlGenerator)
     {
         $this->securityChecker = $securityChecker;
+        $this->impersonateUrlGenerator = $impersonateUrlGenerator;
     }
 
     public function isGranted($role, $object = null, $field = null)
@@ -48,13 +52,25 @@ public function isGranted($role, $object = null, $field = null)
         }
     }
 
+    public function getImpersonateExitPath()
+    {
+        return $this->impersonateUrlGenerator->getImpersonateExitPath();
+    }
+
+    public function getImpersonateExitUrl()
+    {
+        return $this->impersonateUrlGenerator->getImpersonateExitUrl();
+    }
+
     /**
      * {@inheritdoc}
      */
     public function getFunctions()
     {
         return array(
             new TwigFunction('is_granted', array($this, 'isGranted')),
+            new TwigFunction('impersonation_exit_path', array($this, 'getImpersonateExitPath')),
+            new TwigFunction('impersonation_exit_url', array($this, 'getImpersonateExitUrl')),
         );
     }
 
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -83,6 +83,10 @@ public function load(array $configs, ContainerBuilder $container)
             $container->removeDefinition('security.access.expression_voter');
         }
 
+        if (!class_exists('Symfony\Component\HttpFoundation\RequestStack') || !class_exists('Symfony\Component\Routing\Generator\UrlGeneratorInterface')) {
+            $container->removeDefinition('security.impersonate_url_generator');
+        }
+
         // set some global scalars
         $container->setParameter('security.access.denied_url', $config['access_denied_url']);
         $container->setParameter('security.authentication.manager.erase_credentials', $config['erase_credentials']);
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
@@ -157,6 +157,12 @@
             <argument />                   <!-- switch_user -->
         </service>
 
+        <service id="security.impersonate_url_generator" class="Symfony\Component\Security\Http\Logout\ImpersonateUrlGenerator">
+            <argument type="service" id="request_stack" />
+            <argument type="service" id="router" />
+            <argument type="service" id="security.token_storage" on-invalid="null" />
+        </service>
+
         <service id="security.logout_url_generator" class="Symfony\Component\Security\Http\Logout\LogoutUrlGenerator">
             <argument type="service" id="request_stack" on-invalid="null" />
             <argument type="service" id="router" on-invalid="null" />
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/templating_twig.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/templating_twig.xml
@@ -15,6 +15,8 @@
         <service id="twig.extension.security" class="Symfony\Bridge\Twig\Extension\SecurityExtension">
             <tag name="twig.extension" />
             <argument type="service" id="security.authorization_checker" on-invalid="ignore" />
+            <argument type="service" id="sec" on-invalid="ignore" />
+
         </service>
     </services>
 </container>
diff --git a/src/Symfony/Component/Security/Http/Impersonate/ImpersonateUrlGenerator.php b/src/Symfony/Component/Security/Http/Impersonate/ImpersonateUrlGenerator.php
@@ -0,0 +1,106 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Http\Logout;
+
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Role\SwitchUserRole;
+use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
+use Symfony\Component\Security\Http\FirewallMapInterface;
+use Symfony\Bundle\SecurityBundle\Security\FirewallMap;
+
+/**
+ * Provides generator functions for the impersonate url exit.
+ *
+ * @author Amrouche Hamza <hamza.simperfit@gmail.com>
+ */
+class ImpersonateUrlGenerator
+{
+    private $requestStack;
+    private $router;
+    private $tokenStorage;
+    private $firewallMap;
+
+    public function __construct(RequestStack $requestStack, UrlGeneratorInterface $router, TokenStorageInterface $tokenStorage = null, FirewallMapInterface $firewallMap)
+    {
+        $this->requestStack = $requestStack;
+        $this->router = $router;
+        $this->tokenStorage = $tokenStorage;
+        $this->firewallMap = $firewallMap;
+    }
+
+    public function getImpersonateExitPath(): string
+    {
+        return $this->generateImpersonateExitUrl(UrlGeneratorInterface::ABSOLUTE_PATH);
+    }
+
+    public function getImpersonateExitUrl(): string
+    {
+        return $this->generateImpersonateExitUrl(UrlGeneratorInterface::ABSOLUTE_URL);
+    }
+
+    private function generateImpersonateExitUrl($referenceType): string
+    {
+        $request = $this->requestStack->getCurrentRequest();
+        $parameters = $request->query;
+        $exitPath = null;
+        if ($this->firewallMap instanceof FirewallMap) {
+            $firewallConfig = $this->firewallMap->getFirewallConfig($request);
+
+            // generate exit impersonation path from current request
+            if ($this->isImpersonatedUser() && null !== $switchUserConfig = $firewallConfig->getSwitchUser()) {
+                $exitPath = $request->getRequestUri();
+                $exitPath .= null === $request->getQueryString() ? '?' : '&';
+                $exitPath .= sprintf('%s=%s', urlencode($switchUserConfig['parameter']), SwitchUserListener::EXIT_VALUE);
+            }
+        }
+        if (null === $exitPath) {
+            throw new \LogicException('Unable to generate the impersonate exit URL without a path.');
+        }
+
+        if ('/' === $exitPath[0]) {
+            if (!$this->requestStack) {
+                throw new \LogicException('Unable to generate the impersonate exit URL without a RequestStack.');
+            }
+
+            $url = UrlGeneratorInterface::ABSOLUTE_URL === $referenceType ? $request->getUriForPath($exitPath) : $request->getBaseUrl().$exitPath;
+
+            if (!empty($parameters)) {
+                $url .= '?'.http_build_query($parameters);
+            }
+        } else {
+            if (!$this->router) {
+                throw new \LogicException('Unable to generate the impersonate exit URL without a Router.');
+            }
+
+            $url = $this->router->generate($exitPath, array(), $referenceType);
+        }
+
+        return $url;
+    }
+
+    private function isImpersonatedUser(): bool
+    {
+        if (null === $token = $this->tokenStorage->getToken()) {
+            return false;
+        }
+
+        $assignedRoles = $token->getRoles();
+
+        foreach ($assignedRoles as $role) {
+            if ($role instanceof SwitchUserRole) {
+                return true;
+            }
+        }
+    }
+}
