Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Symfony impersonation - separate firewalls and separate user providers

Tags:

symfony

impersonation

fosuserbundle

I have a Symfony application with two firewalls, one for admins and one for normal users.

admin:
    provider: admin
    # etc

main_site:
    form_login:
        provider: fos_userbundle
        csrf_provider: form.csrf_provider

I'd like admin users to be able to impersonate normal users. How can I do this, given that they're using separate firewalls and separate user providers?

like image 331
Sam Avatar asked Dec 08 '22 02:12

Sam

1 Answers

There were several things I had to do to get this to work.

Context key: As described here, I had to give both firewalls the same context. Without this, admins were taken to the login page when trying to switch users.

Config on both firewalls: I had to add the basic switch_user configuration keys to both firewalls:

switch_user:
    role: ROLE_ADMIN

If I just put the config on the main_site firewall, admins got an access denied message when exiting impersonation and going to an admin page. (For example, the route /admin/dashboard?_switch_user=_exit would give a 403).

Provider key on the main_site's config:

main_site:
    switch_user:
        role: ROLE_ADMIN
        provider: fos_userbundle

Without this, I got the error "Switch User failed - [email protected] not found". Digging into the code, it turned out that the admin user provider was being used, and of course the normal users couldn't be found when using that provider.

(provider key for switch_user config discussed here.)

Alternatively, I could have added this as a provider key for the firewall itself:

main_site:
    switch_user:
        role: ROLE_ADMIN
    provider: fos_userbundle

You'll see from the config in my question that fos_userbundle was only specified as a provider for form_login, not for main_site as a whole, which is why it wasn't being used until I added it. Adding it in either place (impersonation config or whole firewall) would do the trick.

Here's the full set of relevant config:

admin:
    provider: admin
    # Have to put basic switch_user config on both firewalls
    switch_user:
        role: ROLE_ADMIN
    # Both the admin and main_site firewalls have the same context, to allow
    # cross-firewall impersonation
    # https://stackoverflow.com/a/17991481/328817
    context: boardworks

main_site:
    form_login:
        provider: fos_userbundle
        csrf_provider: form.csrf_provider
    switch_user:
        role: ROLE_ADMIN
        # Have to explicitly set the provider, otherwise the site will use the admin
        # user provider when looking up the users whom admins are trying to impersonate
        provider: fos_userbundle
    # Rather than adding the provider above, I could have added it here:
    #provider: fos_userbundle
like image 111
Sam Avatar answered Dec 10 '22 23:12

Sam
Sign in to Comment

Related questions

How can I pass the entity manager to an embed form in Symfony?
Enabling Doctrine DBAL commands in Symfony app/console
Symfony2/Twig - Need to use |nl2br for spaces and |raw blog body in twig, can this be done?
Change date format in xls export with Sonata Admin Bundle
Is it possible to use PHPUnit assertions without extending PHPUnit_Framework_TestCase?
Sonata admin bundle preview image from some entity in list mapper without sonata media bundle
How to get uploaded file's tmp_name in Laravel 5.0
Running code on Symfony kernel initialisation

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!